From b91bcf373ffda8abaa322b1c04b1caaa2825bd19 Mon Sep 17 00:00:00 2001
From: Tom Whitwell <tom@whi.tw>
Date: Tue, 20 Jun 2023 16:45:16 +0100
Subject: [PATCH 001/438] Add Shell Completion script generation

`dnsutils shell-completion <shell>` will generate a shell completion
script for the specified shell (bash or zsh). If no shell is specified,
the script will be generated for the current shell, using `$SHELL`.
---
 .editorconfig                                 |   2 +-
 .../completion-scripts/completion.bash.gotmpl |  34 +++
 .../completion-scripts/completion.zsh.gotmpl  |  20 ++
 commands/completion.go                        |  91 +++++++
 commands/completion_test.go                   | 249 ++++++++++++++++++
 documentation/getting-started.md              |  17 ++
 go.mod                                        |   1 +
 7 files changed, 413 insertions(+), 1 deletion(-)
 create mode 100644 commands/completion-scripts/completion.bash.gotmpl
 create mode 100644 commands/completion-scripts/completion.zsh.gotmpl
 create mode 100644 commands/completion.go
 create mode 100644 commands/completion_test.go

diff --git a/.editorconfig b/.editorconfig
index fc14c62c6d..3deaa8a71d 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -109,7 +109,7 @@ indent_style = space
 
 # Shell
 # https://google.github.io/styleguide/shell.xml#Indentation
-[*.{bash,sh,zsh}]
+[*.{bash,sh,zsh,*sh.gotmpl}]
 indent_size = 2
 indent_style = space
 
diff --git a/commands/completion-scripts/completion.bash.gotmpl b/commands/completion-scripts/completion.bash.gotmpl
new file mode 100644
index 0000000000..1f04ec5978
--- /dev/null
+++ b/commands/completion-scripts/completion.bash.gotmpl
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+: "{{.App.Name}}"
+
+# Macs have bash3 for which the bash-completion package doesn't include
+# _init_completion. This is a minimal version of that function.
+_dnscontrol_init_completion() {
+  COMPREPLY=()
+  _get_comp_words_by_ref "$@" cur prev words cword
+}
+
+_dnscontrol() {
+  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
+    local cur opts base words
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    if declare -F _init_completion >/dev/null 2>&1; then
+      _init_completion -n "=:" || return
+    else
+      _dnscontrol_init_completion -n "=:" || return
+    fi
+    words=("${words[@]:0:$cword}")
+    if [[ "$cur" == "-"* ]]; then
+      requestComp="${words[*]} ${cur} --generate-bash-completion"
+    else
+      requestComp="${words[*]} --generate-bash-completion"
+    fi
+    opts=$(eval "${requestComp}" 2>/dev/null)
+    COMPREPLY=($(compgen -W "${opts}" -- ${cur}))
+    return 0
+  fi
+}
+
+complete -o bashdefault -o default -o nospace -F "_dnscontrol" "{{.App.Name}}"
diff --git a/commands/completion-scripts/completion.zsh.gotmpl b/commands/completion-scripts/completion.zsh.gotmpl
new file mode 100644
index 0000000000..665a361ecb
--- /dev/null
+++ b/commands/completion-scripts/completion.zsh.gotmpl
@@ -0,0 +1,20 @@
+#compdef "{{.App.Name}}"
+
+_dnscontrol() {
+  local -a opts
+  local cur
+  cur=${words[-1]}
+  if [[ "$cur" == "-"* ]]; then
+    opts=("${(@f)$(${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
+  else
+    opts=("${(@f)$(${words[@]:0:#words[@]-1} --generate-bash-completion)}")
+  fi
+
+  if [[ "${opts[1]}" != "" ]]; then
+    _describe 'values' opts
+  else
+    _files
+  fi
+}
+
+compdef "_dnscontrol" "{{.App.Name}}"
diff --git a/commands/completion.go b/commands/completion.go
new file mode 100644
index 0000000000..47d00cacf7
--- /dev/null
+++ b/commands/completion.go
@@ -0,0 +1,91 @@
+package commands
+
+import (
+	"embed"
+	"errors"
+	"fmt"
+	"github.com/urfave/cli/v2"
+	"os"
+	"path"
+	"strings"
+	"text/template"
+)
+
+//go:embed completion-scripts/completion.*.gotmpl
+var completionScripts embed.FS
+
+func shellCompletionCommand() *cli.Command {
+	supportedShells, templates, err := getCompletionSupportedShells()
+	if err != nil {
+		panic(err)
+	}
+	return &cli.Command{
+		Name:        "shell-completion",
+		Usage:       "generate shell completion scripts",
+		Hidden:      true,
+		ArgsUsage:   fmt.Sprintf("[ %s ]", strings.Join(supportedShells, " | ")),
+		Description: fmt.Sprintf("Generate shell completion script for [ %s ]", strings.Join(supportedShells, " | ")),
+		BashComplete: func(ctx *cli.Context) {
+			for _, shell := range supportedShells {
+				if strings.HasPrefix(shell, ctx.Args().First()) {
+					ctx.App.Writer.Write([]byte(shell + "\n"))
+				}
+			}
+		},
+		Action: func(ctx *cli.Context) error {
+			var inputShell string
+			if inputShell = ctx.Args().First(); inputShell == "" {
+				if inputShell = os.Getenv("SHELL"); inputShell == "" {
+					return cli.Exit(errors.New("shell not specified"), 1)
+				}
+			}
+			shellName := path.Base(inputShell) // necessary if using $SHELL, noop otherwise
+
+			template := templates[shellName]
+			if template == nil {
+				return cli.Exit(fmt.Errorf("unknown shell: %s", inputShell), 1)
+			}
+
+			err = template.Execute(ctx.App.Writer, struct {
+				App *cli.App
+			}{ctx.App})
+			if err != nil {
+				return cli.Exit(fmt.Errorf("failed to print completion script: %w", err), 1)
+			}
+			return nil
+		},
+	}
+}
+
+var _ = cmd(catUtils, shellCompletionCommand())
+
+// getCompletionSupportedShells returns a list of shells with available completions.
+// The list is generated from the embedded completion scripts.
+func getCompletionSupportedShells() (shells []string, shellCompletionScripts map[string]*template.Template, err error) {
+	scripts, err := completionScripts.ReadDir("completion-scripts")
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to read completion scripts: %w", err)
+	}
+
+	shellCompletionScripts = make(map[string]*template.Template)
+
+	for _, f := range scripts {
+		fNameWithoutExtension := strings.TrimSuffix(f.Name(), ".gotmpl")
+		shellName := strings.TrimPrefix(path.Ext(fNameWithoutExtension), ".")
+
+		content, err := completionScripts.ReadFile(path.Join("completion-scripts", f.Name()))
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to read completion script %s", f.Name())
+		}
+
+		t := template.New(shellName)
+		t, err = t.Parse(string(content))
+		if err != nil {
+			return nil, nil, fmt.Errorf("failed to parse template %s", f.Name())
+		}
+
+		shells = append(shells, shellName)
+		shellCompletionScripts[shellName] = t
+	}
+	return shells, shellCompletionScripts, nil
+}
diff --git a/commands/completion_test.go b/commands/completion_test.go
new file mode 100644
index 0000000000..d786ed4c97
--- /dev/null
+++ b/commands/completion_test.go
@@ -0,0 +1,249 @@
+package commands
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/google/go-cmp/cmp"
+	"strings"
+	"testing"
+	"text/template"
+
+	"github.com/urfave/cli/v2"
+	"golang.org/x/exp/slices"
+)
+
+type shellTestDataItem struct {
+	shellName                string
+	shellPath                string
+	completionScriptTemplate *template.Template
+}
+
+// setupTestShellCompletionCommand resets the buffers used to capture output and errors from the app.
+func setupTestShellCompletionCommand(t *testing.T, app *cli.App) func(t *testing.T) {
+	return func(t *testing.T) {
+		app.Writer.(*bytes.Buffer).Reset()
+		cli.ErrWriter.(*bytes.Buffer).Reset()
+	}
+}
+
+func TestShellCompletionCommand(t *testing.T) {
+	app := cli.NewApp()
+	app.Name = "testing"
+
+	var appWriterBuffer bytes.Buffer
+	app.Writer = &appWriterBuffer // capture output from app
+
+	var appErrWriterBuffer bytes.Buffer
+	cli.ErrWriter = &appErrWriterBuffer // capture errors from app (apparently, HandleExitCoder doesn't use app.ErrWriter!?)
+
+	cli.OsExiter = func(int) {} // disable os.Exit call
+
+	app.Commands = []*cli.Command{
+		shellCompletionCommand(),
+	}
+
+	shellsAndCompletionScripts, err := testHelperGetShellsAndCompletionScripts()
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(shellsAndCompletionScripts) == 0 {
+		t.Fatal("no shells found")
+	}
+
+	invalidShellTestDataItem := shellTestDataItem{
+		shellName: "invalid",
+		shellPath: "/bin/invalid",
+	}
+	for _, tt := range shellsAndCompletionScripts {
+		if tt.shellName == invalidShellTestDataItem.shellName {
+			t.Fatalf("invalidShellTestDataItem.shellName (%s) is actually a valid shell name", invalidShellTestDataItem.shellName)
+		}
+	}
+
+	// Test shell argument
+	t.Run("shellArg", func(t *testing.T) {
+		for _, tt := range shellsAndCompletionScripts {
+			t.Run(tt.shellName, func(t *testing.T) {
+				tearDownTest := setupTestShellCompletionCommand(t, app)
+				defer tearDownTest(t)
+
+				err := app.Run([]string{app.Name, "shell-completion", tt.shellName})
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+
+				got := appWriterBuffer.String()
+				want, err := testHelperRenderTemplateFromApp(app, tt.completionScriptTemplate)
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if diff := cmp.Diff(got, want); diff != "" {
+					t.Errorf("mismatch (-want +got):\n%s", diff)
+				}
+
+				stderr := appErrWriterBuffer.String()
+				if stderr != "" {
+					t.Errorf("want no stderr, got %q", stderr)
+				}
+			})
+		}
+
+		t.Run(invalidShellTestDataItem.shellName, func(t *testing.T) {
+			tearDownTest := setupTestShellCompletionCommand(t, app)
+			defer tearDownTest(t)
+
+			err := app.Run([]string{app.Name, "shell-completion", "invalid"})
+
+			if err == nil {
+				t.Fatal("expected error, but didn't get one")
+			}
+
+			want := fmt.Sprintf("unknown shell: %s", invalidShellTestDataItem.shellName)
+			got := strings.TrimSpace(appErrWriterBuffer.String())
+			if diff := cmp.Diff(got, want); diff != "" {
+				t.Errorf("mismatch (-want +got):\n%s", diff)
+			}
+
+			stdout := appWriterBuffer.String()
+			if stdout != "" {
+				t.Errorf("want no stdout, got %q", stdout)
+			}
+		})
+	})
+
+	// Test $SHELL envar
+	t.Run("$SHELL", func(t *testing.T) {
+		for _, tt := range shellsAndCompletionScripts {
+			t.Run(tt.shellName, func(t *testing.T) {
+				tearDownTest := setupTestShellCompletionCommand(t, app)
+				defer tearDownTest(t)
+
+				t.Setenv("SHELL", tt.shellPath)
+
+				err := app.Run([]string{app.Name, "shell-completion"})
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+
+				got := appWriterBuffer.String()
+				want, err := testHelperRenderTemplateFromApp(app, tt.completionScriptTemplate)
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+				if diff := cmp.Diff(got, want); diff != "" {
+					t.Errorf("mismatch (-want +got):\n%s", diff)
+				}
+
+				stderr := appErrWriterBuffer.String()
+				if stderr != "" {
+					t.Errorf("want no stderr, got %q", stderr)
+				}
+			})
+		}
+
+		t.Run(invalidShellTestDataItem.shellName, func(t *testing.T) {
+			tearDownTest := setupTestShellCompletionCommand(t, app)
+			defer tearDownTest(t)
+
+			t.Setenv("SHELL", invalidShellTestDataItem.shellPath)
+
+			err := app.Run([]string{app.Name, "shell-completion"})
+			if err == nil {
+				t.Fatal("expected error, but didn't get one")
+			}
+
+			want := fmt.Sprintf("unknown shell: %s", invalidShellTestDataItem.shellPath)
+			got := strings.TrimSpace(appErrWriterBuffer.String())
+			if diff := cmp.Diff(got, want); diff != "" {
+				t.Errorf("mismatch (-want +got):\n%s", diff)
+			}
+
+			stdout := appWriterBuffer.String()
+			if stdout != "" {
+				t.Errorf("want no stdout, got %q", stdout)
+			}
+		})
+	})
+
+	// Test shell argument completion (meta)
+	t.Run("shell-name-completion", func(t *testing.T) {
+		type testCase struct {
+			shellArg string
+			expected []string
+		}
+		testCases := []testCase{
+			{shellArg: ""}, // empty 'shell' argument, returns all known shells (expected is filled later)
+			{shellArg: "invalid", expected: []string{""}}, // invalid shell, returns none
+		}
+
+		for _, tt := range shellsAndCompletionScripts {
+			testCases[0].expected = append(testCases[0].expected, tt.shellName)
+			for i, _ := range tt.shellName {
+				testCases = append(testCases, testCase{
+					shellArg: tt.shellName[:i+1],
+					expected: []string{tt.shellName},
+				})
+			}
+		}
+
+		for _, tC := range testCases {
+			t.Run(tC.shellArg, func(t *testing.T) {
+				tearDownTest := setupTestShellCompletionCommand(t, app)
+				defer tearDownTest(t)
+				app.EnableBashCompletion = true
+				defer func() {
+					app.EnableBashCompletion = false
+				}()
+
+				err := app.Run([]string{app.Name, "shell-completion", tC.shellArg, "--generate-bash-completion"})
+				if err != nil {
+					t.Fatalf("unexpected error: %v", err)
+				}
+
+				for _, line := range strings.Split(strings.TrimSpace(appWriterBuffer.String()), "\n") {
+					if !slices.Contains(tC.expected, line) {
+						t.Errorf("%q found, but not expected", line)
+					}
+				}
+			})
+		}
+	})
+}
+
+// testHelperGetShellsAndCompletionScripts collects all supported shells and their completion scripts and returns them
+// as a slice of shellTestDataItem.
+// The completion scripts are sourced with getCompletionSupportedShells
+func testHelperGetShellsAndCompletionScripts() ([]shellTestDataItem, error) {
+	shells, templates, err := getCompletionSupportedShells()
+	if err != nil {
+		return nil, err
+	}
+
+	var shellsAndValues []shellTestDataItem
+	for shellName, t := range templates {
+		if !slices.Contains(shells, shellName) {
+			return nil, fmt.Errorf(
+				`"%s" is not present in slice of shells from getCompletionSupportedShells`, shellName)
+		}
+		shellsAndValues = append(
+			shellsAndValues,
+			shellTestDataItem{
+				shellName:                shellName,
+				shellPath:                fmt.Sprintf("/bin/%s", shellName),
+				completionScriptTemplate: t,
+			},
+		)
+	}
+	return shellsAndValues, nil
+}
+
+// testHelperRenderTemplateFromApp renders a given template with a given app.
+// This is used to test the output of the CLI command against a 'known good' value.
+func testHelperRenderTemplateFromApp(app *cli.App, scriptTemplate *template.Template) (string, error) {
+	var scriptBytes bytes.Buffer
+	err := scriptTemplate.Execute(&scriptBytes, struct {
+		App *cli.App
+	}{app})
+
+	return scriptBytes.String(), err
+}
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 9235b3c537..357e5826d2 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -54,6 +54,23 @@ git clone https://github.com/StackExchange/dnscontrol
 
 If these don't work, more info is in [#805](https://github.com/StackExchange/dnscontrol/issues/805).
 
+## 1.1. Shell Completion
+
+Shell completion is available for `zsh` and `bash`.
+
+### zsh
+
+Add `eval "$(dnscontrol shell-completion zsh)"` to your `~/.zshrc` file.
+
+This requires completion to be enabled in zsh. A good tutorial for this is available at
+[The Valuable Dev](https://thevaluable.dev/zsh-completion-guide-examples/) <sup>[[archived](https://web.archive.org/web/20231015083946/https://thevaluable.dev/zsh-completion-guide-examples/)]</sup>.
+
+### bash
+
+Add `eval "$(dnscontrol shell-completion bash)"` to your `~/.bashrc` file.
+
+This requires the `bash-completion` package to be installed. See [scop/bash-completion](https://github.com/scop/bash-completion/) for instructions.
+
 ## 2. Create a place for the config files
 
 Create a directory where you'll store your configuration files.
diff --git a/go.mod b/go.mod
index 8b4b320501..97404706b4 100644
--- a/go.mod
+++ b/go.mod
@@ -61,6 +61,7 @@ require (
 	github.com/G-Core/gcore-dns-sdk-go v0.2.6
 	github.com/fatih/color v1.15.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
+	github.com/google/go-cmp v0.5.9
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.19

From b147fbf5571759031ed05fa50e0535ac141842f3 Mon Sep 17 00:00:00 2001
From: Tom Whitwell <tom@whi.tw>
Date: Sun, 15 Oct 2023 11:13:06 +0100
Subject: [PATCH 002/438] wip: complete subcommands after bare flags

---
 commands/commands.go   | 18 ++++++++++
 commands/completion.go | 81 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 98 insertions(+), 1 deletion(-)

diff --git a/commands/commands.go b/commands/commands.go
index ac858550bf..e5b07faff3 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -85,6 +85,24 @@ func Run(v string) int {
 	sort.Sort(cli.CommandsByName(commands))
 	app.Commands = commands
 	app.EnableBashCompletion = true
+	app.BashComplete = func(cCtx *cli.Context) {
+		// ripped from cli.DefaultCompleteWithFlags
+		var lastArg string
+
+		if len(os.Args) > 2 {
+			lastArg = os.Args[len(os.Args)-2]
+		}
+
+		if lastArg != "" {
+			if strings.HasPrefix(lastArg, "-") {
+				if !islastFlagComplete(lastArg, app.Flags) {
+					dnscontrolPrintFlagSuggestions(lastArg, app.Flags, cCtx.App.Writer)
+					return
+				}
+			}
+		}
+		dnscontrolPrintCommandSuggestions(app.Commands, cCtx.App.Writer)
+	}
 	if err := app.Run(os.Args); err != nil {
 		return 1
 	}
diff --git a/commands/completion.go b/commands/completion.go
index 47d00cacf7..448004555c 100644
--- a/commands/completion.go
+++ b/commands/completion.go
@@ -4,11 +4,14 @@ import (
 	"embed"
 	"errors"
 	"fmt"
-	"github.com/urfave/cli/v2"
+	"io"
 	"os"
 	"path"
 	"strings"
 	"text/template"
+	"unicode/utf8"
+
+	"github.com/urfave/cli/v2"
 )
 
 //go:embed completion-scripts/completion.*.gotmpl
@@ -89,3 +92,79 @@ func getCompletionSupportedShells() (shells []string, shellCompletionScripts map
 	}
 	return shells, shellCompletionScripts, nil
 }
+
+func dnscontrolPrintCommandSuggestions(commands []*cli.Command, writer io.Writer) {
+	for _, command := range commands {
+		if command.Hidden {
+			continue
+		}
+		if strings.HasSuffix(os.Getenv("SHELL"), "zsh") {
+			for _, name := range command.Names() {
+				_, _ = fmt.Fprintf(writer, "%s:%s\n", name, command.Usage)
+			}
+		} else {
+			for _, name := range command.Names() {
+				_, _ = fmt.Fprintf(writer, "%s\n", name)
+			}
+		}
+	}
+}
+
+func dnscontrolCliArgContains(flagName string) bool {
+	for _, name := range strings.Split(flagName, ",") {
+		name = strings.TrimSpace(name)
+		count := utf8.RuneCountInString(name)
+		if count > 2 {
+			count = 2
+		}
+		flag := fmt.Sprintf("%s%s", strings.Repeat("-", count), name)
+		for _, a := range os.Args {
+			if a == flag {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func dnscontrolPrintFlagSuggestions(lastArg string, flags []cli.Flag, writer io.Writer) {
+	cur := strings.TrimPrefix(lastArg, "-")
+	cur = strings.TrimPrefix(cur, "-")
+	for _, flag := range flags {
+		if bflag, ok := flag.(*cli.BoolFlag); ok && bflag.Hidden {
+			continue
+		}
+		for _, name := range flag.Names() {
+			name = strings.TrimSpace(name)
+			// this will get total count utf8 letters in flag name
+			count := utf8.RuneCountInString(name)
+			if count > 2 {
+				count = 2 // reuse this count to generate single - or -- in flag completion
+			}
+			// if flag name has more than one utf8 letter and last argument in cli has -- prefix then
+			// skip flag completion for short flags example -v or -x
+			if strings.HasPrefix(lastArg, "--") && count == 1 {
+				continue
+			}
+			// match if last argument matches this flag and it is not repeated
+			if strings.HasPrefix(name, cur) && cur != name && !dnscontrolCliArgContains(name) {
+				flagCompletion := fmt.Sprintf("%s%s", strings.Repeat("-", count), name)
+				_, _ = fmt.Fprintln(writer, flagCompletion)
+			}
+		}
+	}
+}
+
+func islastFlagComplete(lastArg string, flags []cli.Flag) bool {
+	cur := strings.TrimPrefix(lastArg, "-")
+	cur = strings.TrimPrefix(cur, "-")
+	for _, flag := range flags {
+		for _, name := range flag.Names() {
+			name = strings.TrimSpace(name)
+			if strings.HasPrefix(name, cur) && cur != name && !dnscontrolCliArgContains(name) {
+				return false
+			}
+		}
+	}
+	return true
+}

From b1b41c5fbae5ff3440238a96e7d8402b146ceaf8 Mon Sep 17 00:00:00 2001
From: tomf <tomfitzhenry@google.com>
Date: Wed, 25 Oct 2023 05:30:13 +1100
Subject: [PATCH 003/438] Change "push -i" prompt text from "Y/n" to "y/N" to
 match reality (#2605)

---
 pkg/printer/printer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index f23fd91005..da839ab669 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -97,7 +97,7 @@ func (c ConsolePrinter) PrintReport(i int, correction *models.Correction) {
 
 // PromptToRun prompts the user to see if they want to execute a correction.
 func (c ConsolePrinter) PromptToRun() bool {
-	fmt.Fprint(c.Writer, "Run? (Y/n): ")
+	fmt.Fprint(c.Writer, "Run? (y/N): ")
 	txt, err := c.Reader.ReadString('\n')
 	run := true
 	if err != nil {

From 793c3b11c5701215ba7eb4a2fd9481b8687c7283 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <github@bip.filippo.io>
Date: Tue, 31 Oct 2023 09:22:05 -0400
Subject: [PATCH 004/438] dnscontrol.d.ts: fix DOMAIN_ELSEWHERE_AUTO signature
 (#2606)

---
 commands/types/dnscontrol.d.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 0fac62a7f9..376d8c2bd3 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -822,7 +822,7 @@ declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_na
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
  */
-declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
+declare function DOMAIN_ELSEWHERE_AUTO(name: string, registrar: string, dnsProvider: string): void;
 
 /**
  * DS adds a DS record to the domain.

From cb9491dbe9805a224c99881c5d36f77c52ad5a85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=B8?= <37530178+riku22@users.noreply.github.com>
Date: Tue, 31 Oct 2023 22:22:44 +0900
Subject: [PATCH 005/438] DNSMADEEASY: DOCS: Fix provider name from DNS Made
 Simple to DNS Made Easy (#2607)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/SUMMARY.md         | 2 +-
 providers/dnsmadeeasy/restApi.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index fd4ee01242..b8e9f87910 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -106,7 +106,7 @@
     * [CSC Global](providers/cscglobal.md)
     * [deSEC](providers/desec.md)
     * [DigitalOcean](providers/digitalocean.md)
-    * [DNS Made Simple](providers/dnsmadeeasy.md)
+    * [DNS Made Easy](providers/dnsmadeeasy.md)
     * [DNSimple](providers/dnsimple.md)
     * [DNS-over-HTTPS](providers/dnsoverhttps.md)
     * [DOMAINNAMESHOP](providers/domainnameshop.md)
diff --git a/providers/dnsmadeeasy/restApi.go b/providers/dnsmadeeasy/restApi.go
index 02b570c57d..ac87e29f0b 100644
--- a/providers/dnsmadeeasy/restApi.go
+++ b/providers/dnsmadeeasy/restApi.go
@@ -207,7 +207,7 @@ func (restApi *dnsMadeEasyRestAPI) createRequest(request *apiRequest) (*http.Req
 	return req, nil
 }
 
-// DNS Made Simple only allows 150 request / 5 minutes
+// DNS Made Easy only allows 150 request / 5 minutes
 // backoff is the amount of time to sleep if a "Rate limit exceeded" error is received
 // It is increased up to maxBackoff after each use
 // It is reset after successful request

From 486f461d19ae305e720960ab6df0c8b3e780c8a9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 31 Oct 2023 09:26:37 -0400
Subject: [PATCH 006/438] update go.mod

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index f6378d0e36..1da27cb144 100644
--- a/go.mod
+++ b/go.mod
@@ -62,7 +62,7 @@ require (
 	github.com/G-Core/gcore-dns-sdk-go v0.2.6
 	github.com/fatih/color v1.15.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
-	github.com/google/go-cmp v0.5.9
+	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20

From 60dfbad2036081715737b309823b3184e1a15b97 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 31 Oct 2023 09:55:13 -0400
Subject: [PATCH 007/438] CHORE: Verify CI/CD process (#2608)


From a864d0da47375b02c223a6435e75d73c83a9915e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 1 Nov 2023 13:20:22 -0400
Subject: [PATCH 008/438] CHORE: Update dependencies (#2617)

---
 go.mod |  46 +++++++++++++-------------
 go.sum | 101 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 73 insertions(+), 74 deletions(-)

diff --git a/go.mod b/go.mod
index 1da27cb144..42ab484b53 100644
--- a/go.mod
+++ b/go.mod
@@ -13,16 +13,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.21.2
-	github.com/aws/aws-sdk-go-v2/config v1.19.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.43
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5
+	github.com/aws/aws-sdk-go-v2 v1.22.0
+	github.com/aws/aws-sdk-go-v2/config v1.20.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.14.0
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.79.0
+	github.com/cloudflare/cloudflare-go v0.80.0
 	github.com/digitalocean/godo v1.105.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
@@ -38,7 +38,7 @@ require (
 	github.com/miekg/dns v1.1.56
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
-	github.com/nrdcg/goinwx v0.9.0
+	github.com/nrdcg/goinwx v0.10.0
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
 	github.com/ovh/go-ovh v1.1.0
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
@@ -48,12 +48,12 @@ require (
 	github.com/robertkrimen/otto v0.2.1
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
-	github.com/transip/gotransip/v6 v6.22.0
+	github.com/transip/gotransip/v6 v6.22.1
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.17.0
 	golang.org/x/oauth2 v0.13.0
-	google.golang.org/api v0.148.0
+	google.golang.org/api v0.149.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.13
 )
 
@@ -73,21 +73,21 @@ require (
 )
 
 require (
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go/compute v1.23.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
-	github.com/aws/smithy-go v1.15.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.24.0 // indirect
+	github.com/aws/smithy-go v1.16.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -104,8 +104,8 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.3.1 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
+	github.com/google/uuid v1.4.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -143,8 +143,8 @@ require (
 	golang.org/x/time v0.3.0 // indirect
 	golang.org/x/tools v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a // indirect
-	google.golang.org/grpc v1.58.3 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.66.6 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index a90b47734f..0a5407ca43 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY=
-cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM=
+cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
+cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
@@ -33,34 +33,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
-github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
-github.com/aws/aws-sdk-go-v2/config v1.19.0 h1:AdzDvwH6dWuVARCl3RTLGRc4Ogy+N7yLFxVxXe1ClQ0=
-github.com/aws/aws-sdk-go-v2/config v1.19.0/go.mod h1:ZwDUgFnQgsazQTnWfeLWk5GjeqTQTL8lMkoE1UXzxdE=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.43 h1:LU8vo40zBlo3R7bAvBVy/ku4nxGEyZe9N8MqAeFTzF8=
-github.com/aws/aws-sdk-go-v2/credentials v1.13.43/go.mod h1:zWJBz1Yf1ZtX5NGax9ZdNjhhI4rgjfgsyk6vTY1yfVg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 h1:PIktER+hwIG286DqXyvVENjgLTAwGgoeriLDD5C+YlQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13/go.mod h1:f/Ib/qYjhV2/qdsf79H3QP/eRE4AkVyEf6sk7XfZ1tg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 h1:nFBQlGtkbPzp/NjZLuFxRqmT91rLJkgvsEQs68h962Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43/go.mod h1:auo+PiyLl0n1l8A0e8RIeR8tOzYPfZZH/JNlrJ8igTQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 h1:JRVhO25+r3ar2mKGP7E0LDl8K9/G36gjlqca5iQbaqc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37/go.mod h1:Qe+2KtKml+FEsQF/DHmDV+xjtche/hwoF75EG4UlHW8=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 h1:hze8YsjSh8Wl1rYa1CJpRmXP21BvOBuc76YhW0HsuQ4=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45/go.mod h1:lD5M20o09/LCuQ2mE62Mb/iSdSlCNuj6H5ci7tW7OsE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 h1:WWZA/I2K4ptBS1kg0kV1JbBtG/umed0vwHRrmcr9z7k=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37/go.mod h1:vBmDnwWXWxNPFRMmG2m/3MKOe+xEcMDo1tanpaWCcck=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2 h1:/RPQNjh1sDIezpXaFIkZb7MlXnSyAqjVdAwcJuGYTqg=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.30.2/go.mod h1:TQZBt/WaQy+zTHoW++rnl8JBrmZ0VO6EUbVua1+foCA=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5 h1:18p6+HD6xj5oOtDNi1XvW0PkZw/xticjOvSbIWFyw6I=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.17.5/go.mod h1:BhMj1pZPuQfzuS96s4ScniYr9qhPwDMA19N4eWPM1Lg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 h1:JuPGc7IkOP4AaqcZSIcyqLpFSqBWK32rM9+a1g6u73k=
-github.com/aws/aws-sdk-go-v2/service/sso v1.15.2/go.mod h1:gsL4keucRCgW+xA85ALBpRFfdSLH4kHOVSnLMSuBECo=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 h1:HFiiRkf1SdaAmV3/BHOFZ9DjFynPHj8G/UIO1lQS+fk=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3/go.mod h1:a7bHA82fyUXOm+ZSWKU6PIoBxrjSprdLoM8xPYvzYVg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 h1:0BkLfgeDjfZnZ+MhB3ONb01u9pwFYTCZVhlsSSBvlbU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.23.2/go.mod h1:Eows6e1uQEsc4ZaHANmsPRzAKcVDrcmjjWiih2+HUUQ=
-github.com/aws/smithy-go v1.15.0 h1:PS/durmlzvAFpQHDs4wi4sNNP9ExsqZh6IlfdHXgKK8=
-github.com/aws/smithy-go v1.15.0/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA=
+github.com/aws/aws-sdk-go-v2 v1.22.0 h1:CpTS3XO3MWNel8ohoazkLZC6scvkYL2k+m0yzFJ17Hg=
+github.com/aws/aws-sdk-go-v2 v1.22.0/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
+github.com/aws/aws-sdk-go-v2/config v1.20.0 h1:q2+/mqFhY0J9m3Tb5RGFE3R4sdaUkIe4k2EuDfE3c08=
+github.com/aws/aws-sdk-go-v2/config v1.20.0/go.mod h1:7+1riCZXyT+sAGvneR5j+Zl1GyfbBUNQurpQTE6FP6k=
+github.com/aws/aws-sdk-go-v2/credentials v1.14.0 h1:LQquqPE7cL55RQmA/UBoBKehDlEtMnQKm3B0Q672ePE=
+github.com/aws/aws-sdk-go-v2/credentials v1.14.0/go.mod h1:q/3oaTPlamrQWHPwJe56Mjq9g1TYDgddvgTgWJtHTmE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0 h1:lF/cVllNAPKgjDwN2RsQUX9g/f6hXer9f10ubLFSoug=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0/go.mod h1:c28nJNzMVVb9TQpZ5q4tzZvwEJwf/7So7Ie2s90l1Fw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0 h1:tN6dNNE4SzMuyMnVtQJXGVKX177/d5Zy4MuA1HA4KUc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0/go.mod h1:F6MXWETIeetAHwFHyoHEqrcB3NpijFv9nLP5h9CXtT0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0 h1:bfdsbTARDjaC/dSYGMO+E0psxFU4hTvCLnqYAfZ3D38=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0/go.mod h1:Jg8XVv5M2V2wiAMvBFx+O59jg6Yr8vhP0bgNF/IuquM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0 h1:21tlTXq3ev10yLMAjXZzpkZbrl49h3ElSjmxD57tD/E=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0/go.mod h1:d9YrBHJhyzDCv5UsEVRizHlFV6Q0sLemFq6uxuqWfUw=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0 h1:dJnwy5Awv+uvfk73aRENVbv1cSQQ60ydCkPaun097KM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0/go.mod h1:RsPWWy7u/hwmFX57sQ7MLvrvJeYyNkiMm5BaavpoU18=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0 h1:TC7uLTp9vemCykin+hJnURU3BPitLh3JMOIZsF/4Mus=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0/go.mod h1:NIbTGg7AEJXUJz9ghYwsPWystZomU+GjQ7bx4Zx4UyM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0 h1:1C2plijzIYGfNNaosOsCkizOdN2lkG3z9XSkgHSP8GI=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0/go.mod h1:phiukOXz4eEcmoQlPHxV2iE7lz8daPaNILhJuOtcEQo=
+github.com/aws/aws-sdk-go-v2/service/sso v1.16.0 h1:ZIlR6Wr/EgYwBdEz1NWBqdUsTh0mV7A68pId3YZl6H0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.16.0/go.mod h1:O7B5cpuhhJKefAKkM7onb0McmpHyKnsH4RrHJhOyq7M=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0 h1:3BZyJei4k1SHdSAFhg9Qg15NnG3v5zosZyFWPm7df/A=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0/go.mod h1:Td8EvzggonY02wLaqSpwybI3GbmA0PWoprKGil2uwJg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.24.0 h1:f/V5Y9OaHuNRrA9MntNQNAtMFXqhKj8HTEPnH81eXMI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.24.0/go.mod h1:HnCUMNz2XqwnEEk5X6oeDYB2HgOLFpJ/LyfilN8WErs=
+github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
+github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -81,8 +81,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.79.0 h1:ErwCYDjFCYppDJlDJ/5WhsSmzegAUe2+K9qgFyQDg3M=
-github.com/cloudflare/cloudflare-go v0.79.0/go.mod h1:gkHQf9xEubaQPEuerBuoinR9P8bf8a05Lq0X6WKy1Oc=
+github.com/cloudflare/cloudflare-go v0.80.0 h1:BfCFK9gy+2H/R3yjZWzFvWsVXwr2zICCfmAW3brbHpE=
+github.com/cloudflare/cloudflare-go v0.80.0/go.mod h1:gkHQf9xEubaQPEuerBuoinR9P8bf8a05Lq0X6WKy1Oc=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -178,7 +178,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
@@ -193,10 +192,10 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
+github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
+github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -336,8 +335,8 @@ github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAA
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nrdcg/goinwx v0.9.0 h1:oh+yPdRDwc1IWsAU2nfsNorI/fkR+Gxm4O7yS+0NnjM=
-github.com/nrdcg/goinwx v0.9.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
+github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
+github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
@@ -404,8 +403,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/transip/gotransip/v6 v6.22.0 h1:22nRVa0wQwCakRB4zlCVBgexEACBnvLjYuvDRm31q3w=
-github.com/transip/gotransip/v6 v6.22.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
+github.com/transip/gotransip/v6 v6.22.1 h1:xM/UV++Em9CBRXsi+WQo7bBCIEylyE72XVB5ktmCvlM=
+github.com/transip/gotransip/v6 v6.22.1/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@@ -538,8 +537,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.148.0 h1:HBq4TZlN4/1pNcu0geJZ/Q50vIwIXT532UIMYoo0vOs=
-google.golang.org/api v0.148.0/go.mod h1:8/TBgwaKjfqTdacOJrOv2+2Q6fBDU1uHKK06oGSkxzU=
+google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
+google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -547,19 +546,19 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97 h1:SeZZZx0cP0fqUyA+oRzP9k7cSwJlvDFiROO72uwD6i0=
-google.golang.org/genproto v0.0.0-20231002182017-d307bd883b97/go.mod h1:t1VqOqqvce95G3hIDCT5FeO3YUc6Q4Oe24L/+rNMxRk=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU=
-google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a h1:a2MQQVoTo96JC9PMGtGBymLp7+/RzpFc2yX/9WfFg1c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
+google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
+google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ=
-google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 65c47cbfe848f24f75557d679ec6b8e4873fd70d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 1 Nov 2023 13:20:42 -0400
Subject: [PATCH 009/438] GCLOUD: Remove extra newline (#2611)

---
 providers/gcloud/gcloudProvider.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 8fd387ee20..d0c9e47dfa 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -352,14 +352,14 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 	chgSet := []correctionValues{}
 	for len(chg.Change.Deletions) > 0 {
 		b := setBatchLen(len(chg.Change.Deletions))
-		chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Deletions: chg.Change.Deletions[:b:b], Kind: "dns#change"}, Msgs: "\n" + strings.Join(chg.Msgs.Deletions[:b:b], "")})
+		chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Deletions: chg.Change.Deletions[:b:b], Kind: "dns#change"}, Msgs: strings.Join(chg.Msgs.Deletions[:b:b], "")})
 		chg.Change.Deletions = chg.Change.Deletions[b:]
 		chg.Msgs.Deletions = chg.Msgs.Deletions[b:]
 	}
 	for i := 0; len(chg.Change.Additions) > 0; i++ {
 		b := setBatchLen(len(chg.Change.Additions))
 		if len(chgSet) == i {
-			chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Additions: chg.Change.Additions[:b:b], Kind: "dns#change"}, Msgs: "\n" + strings.Join(chg.Msgs.Additions[:b:b], "")})
+			chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Additions: chg.Change.Additions[:b:b], Kind: "dns#change"}, Msgs: strings.Join(chg.Msgs.Additions[:b:b], "")})
 		} else {
 			chgSet[i].Change.Additions = chg.Change.Additions[:b:b]
 			chgSet[i].Msgs += strings.Join(chg.Msgs.Additions[:b:b], "")

From bf4118a0414ba8856d654335842ba57b1a432b38 Mon Sep 17 00:00:00 2001
From: Joachim Schwarm <joachim@schwarm.co>
Date: Wed, 1 Nov 2023 18:34:34 +0100
Subject: [PATCH 010/438] INWX: Paginate through Nameserver Records (#2609)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/inwx.md |  6 ------
 providers/inwx/inwxProvider.go  | 26 ++++++++++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/documentation/providers/inwx.md b/documentation/providers/inwx.md
index 036a77edea..ceb29671a7 100644
--- a/documentation/providers/inwx.md
+++ b/documentation/providers/inwx.md
@@ -109,9 +109,3 @@ D("example.com", REG_INWX, DnsProvider(DSP_CF),
 );
 ```
 {% endcode %}
-
-{% hint style="info" %}
-**NOTE**: The INWX provider implementation currently only supports up to 2,147,483,647 domains. If you exceed
-this limit, it is expected that DNSControl will fail to recognize some domains. Should you exceed this
-limit, please [open an issue on GitHub](https://github.com/StackExchange/dnscontrol/issues/new/choose).
-{% endhint %}
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index a00a60b03f..0c4cfdaf83 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -395,18 +395,24 @@ func (api *inwxAPI) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.
 
 // fetchNameserverDomains returns the domains configured in INWX nameservers
 func (api *inwxAPI) fetchNameserverDomains() error {
+	zones := map[string]int{}
 	request := &goinwx.NameserverListRequest{}
-	request.PageLimit = 2147483647 // int32 max value, highest number API accepts
-	info, err := api.client.Nameservers.ListWithParams(request)
-	if err != nil {
-		return err
-	}
-
-	api.domainIndex = map[string]int{}
-	for _, domain := range info.Domains {
-		api.domainIndex[domain.Domain] = domain.RoID
+	page := 1
+	for {
+		request.Page = page
+		info, err := api.client.Nameservers.ListWithParams(request)
+		if err != nil {
+			return err
+		}
+		for _, domain := range info.Domains {
+			zones[domain.Domain] = domain.RoID
+		}
+		if len(zones) >= info.Count {
+			break
+		}
+		page++
 	}
-
+	api.domainIndex = zones
 	return nil
 }
 

From f2420e5fd408a3802dae49fb24cccda0bc20eef7 Mon Sep 17 00:00:00 2001
From: Amelia Aronsohn <squirrel@wearing.black>
Date: Thu, 2 Nov 2023 07:22:27 -0700
Subject: [PATCH 011/438] [DNSimple] Update DNSimple's Default name servers
 (#2618)

Signed-off-by: Amelia Aronsohn <squirrel@wearing.black>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/dnsimple/dnsimpleProvider.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index e1fc4277eb..b3d2b195fa 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -48,7 +48,7 @@ const stateRegistered = "registered"
 
 var defaultNameServerNames = []string{
 	"ns1.dnsimple.com",
-	"ns2.dnsimple.com",
+	"ns2.dnsimple-edge.net",
 	"ns3.dnsimple.com",
 	"ns4.dnsimple-edge.org",
 }
@@ -533,7 +533,6 @@ func (c *dnsimpleProvider) deleteRecordFunc(recordID int64, domainName string) f
 		}
 
 		return nil
-
 	}
 }
 

From 7a1effb1d2eae1764004eb62b9e4baccb9ac0fb2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 12 Nov 2023 16:36:46 -0500
Subject: [PATCH 012/438] CHORE: lint (#2619)

---
 commands/completion_test.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/commands/completion_test.go b/commands/completion_test.go
index d786ed4c97..9cbe77467f 100644
--- a/commands/completion_test.go
+++ b/commands/completion_test.go
@@ -3,11 +3,12 @@ package commands
 import (
 	"bytes"
 	"fmt"
-	"github.com/google/go-cmp/cmp"
 	"strings"
 	"testing"
 	"text/template"
 
+	"github.com/google/go-cmp/cmp"
+
 	"github.com/urfave/cli/v2"
 	"golang.org/x/exp/slices"
 )
@@ -178,7 +179,7 @@ func TestShellCompletionCommand(t *testing.T) {
 
 		for _, tt := range shellsAndCompletionScripts {
 			testCases[0].expected = append(testCases[0].expected, tt.shellName)
-			for i, _ := range tt.shellName {
+			for i := range tt.shellName {
 				testCases = append(testCases, testCase{
 					shellArg: tt.shellName[:i+1],
 					expected: []string{tt.shellName},

From b5ce16590329cdb0aa2d9a83134da87cc079f925 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 12 Nov 2023 17:01:50 -0500
Subject: [PATCH 013/438] CHORE: update deps (#2620)

---
 commands/types/dnscontrol.d.ts       |   2 +-
 documentation/providers/azure_dns.md |   2 +
 go.mod                               |  67 +++++++------
 go.sum                               | 139 ++++++++++++++-------------
 4 files changed, 106 insertions(+), 104 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 376d8c2bd3..0fac62a7f9 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -822,7 +822,7 @@ declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_na
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
  */
-declare function DOMAIN_ELSEWHERE_AUTO(name: string, registrar: string, dnsProvider: string): void;
+declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
 
 /**
  * DS adds a DS record to the domain.
diff --git a/documentation/providers/azure_dns.md b/documentation/providers/azure_dns.md
index 241bc4f6d6..a9eac9cfb3 100644
--- a/documentation/providers/azure_dns.md
+++ b/documentation/providers/azure_dns.md
@@ -68,4 +68,6 @@ DNSControl depends on a standard [Client credentials Authentication](https://doc
 ## New domains
 If a domain does not exist in your Azure account, DNSControl will *not* automatically add it with the `push` command. You can do that either manually via the control panel, or via the command `dnscontrol create-domains` command.
 
+## Caveats
 
+The ResourceGroup is case sensitive.
diff --git a/go.mod b/go.mod
index 42ab484b53..bfa26ffb6c 100644
--- a/go.mod
+++ b/go.mod
@@ -13,17 +13,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.22.0
-	github.com/aws/aws-sdk-go-v2/config v1.20.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.14.0
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0
+	github.com/aws/aws-sdk-go-v2 v1.22.2
+	github.com/aws/aws-sdk-go-v2/config v1.23.0
+	github.com/aws/aws-sdk-go-v2/credentials v1.15.2
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
-	github.com/cloudflare/cloudflare-go v0.80.0
-	github.com/digitalocean/godo v1.105.0
+	github.com/cloudflare/cloudflare-go v0.81.0
+	github.com/digitalocean/godo v1.105.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -33,14 +33,13 @@ require (
 	github.com/google/go-github/v35 v35.3.0
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.10.0
-	github.com/jarcoal/httpmock v1.0.8 // indirect
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.56
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
-	github.com/ovh/go-ovh v1.1.0
+	github.com/ovh/go-ovh v1.4.3
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
@@ -48,45 +47,45 @@ require (
 	github.com/robertkrimen/otto v0.2.1
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
-	github.com/transip/gotransip/v6 v6.22.1
+	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.17.0
-	golang.org/x/oauth2 v0.13.0
-	google.golang.org/api v0.149.0
+	golang.org/x/net v0.18.0
+	golang.org/x/oauth2 v0.14.0
+	google.golang.org/api v0.150.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.13
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.6
-	github.com/fatih/color v1.15.0
+	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
-	golang.org/x/text v0.13.0
+	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
+	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	cloud.google.com/go/compute v1.23.1 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.16.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.24.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.17.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.25.1 // indirect
 	github.com/aws/smithy-go v1.16.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -136,17 +135,17 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
-	golang.org/x/mod v0.13.0 // indirect
-	golang.org/x/sync v0.4.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.14.0 // indirect
+	golang.org/x/crypto v0.15.0 // indirect
+	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sys v0.14.0 // indirect
+	golang.org/x/time v0.4.0 // indirect
+	golang.org/x/tools v0.15.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
 	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
-	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 	moul.io/http2curl v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index 0a5407ca43..8da2cf52f3 100644
--- a/go.sum
+++ b/go.sum
@@ -3,12 +3,12 @@ cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3h
 cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 h1:9kDVnTz3vbfweTqAUmk/a/pH5pWFCHtvRpHYC0G/dcA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 h1:sXr+ck84g/ZlZUOZiNELInmMgOsuGwdjjVkEIde0OtY=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0/go.mod h1:copqlcjMWc/wgQ1N2fzsJFQxDdqKGg1EQt8T5wJMOGE=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -33,32 +33,32 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.22.0 h1:CpTS3XO3MWNel8ohoazkLZC6scvkYL2k+m0yzFJ17Hg=
-github.com/aws/aws-sdk-go-v2 v1.22.0/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
-github.com/aws/aws-sdk-go-v2/config v1.20.0 h1:q2+/mqFhY0J9m3Tb5RGFE3R4sdaUkIe4k2EuDfE3c08=
-github.com/aws/aws-sdk-go-v2/config v1.20.0/go.mod h1:7+1riCZXyT+sAGvneR5j+Zl1GyfbBUNQurpQTE6FP6k=
-github.com/aws/aws-sdk-go-v2/credentials v1.14.0 h1:LQquqPE7cL55RQmA/UBoBKehDlEtMnQKm3B0Q672ePE=
-github.com/aws/aws-sdk-go-v2/credentials v1.14.0/go.mod h1:q/3oaTPlamrQWHPwJe56Mjq9g1TYDgddvgTgWJtHTmE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0 h1:lF/cVllNAPKgjDwN2RsQUX9g/f6hXer9f10ubLFSoug=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.0/go.mod h1:c28nJNzMVVb9TQpZ5q4tzZvwEJwf/7So7Ie2s90l1Fw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0 h1:tN6dNNE4SzMuyMnVtQJXGVKX177/d5Zy4MuA1HA4KUc=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.0/go.mod h1:F6MXWETIeetAHwFHyoHEqrcB3NpijFv9nLP5h9CXtT0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0 h1:bfdsbTARDjaC/dSYGMO+E0psxFU4hTvCLnqYAfZ3D38=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.0/go.mod h1:Jg8XVv5M2V2wiAMvBFx+O59jg6Yr8vhP0bgNF/IuquM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0 h1:21tlTXq3ev10yLMAjXZzpkZbrl49h3ElSjmxD57tD/E=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.4.0/go.mod h1:d9YrBHJhyzDCv5UsEVRizHlFV6Q0sLemFq6uxuqWfUw=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0 h1:dJnwy5Awv+uvfk73aRENVbv1cSQQ60ydCkPaun097KM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.0/go.mod h1:RsPWWy7u/hwmFX57sQ7MLvrvJeYyNkiMm5BaavpoU18=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0 h1:TC7uLTp9vemCykin+hJnURU3BPitLh3JMOIZsF/4Mus=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.32.0/go.mod h1:NIbTGg7AEJXUJz9ghYwsPWystZomU+GjQ7bx4Zx4UyM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0 h1:1C2plijzIYGfNNaosOsCkizOdN2lkG3z9XSkgHSP8GI=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.18.0/go.mod h1:phiukOXz4eEcmoQlPHxV2iE7lz8daPaNILhJuOtcEQo=
-github.com/aws/aws-sdk-go-v2/service/sso v1.16.0 h1:ZIlR6Wr/EgYwBdEz1NWBqdUsTh0mV7A68pId3YZl6H0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.16.0/go.mod h1:O7B5cpuhhJKefAKkM7onb0McmpHyKnsH4RrHJhOyq7M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0 h1:3BZyJei4k1SHdSAFhg9Qg15NnG3v5zosZyFWPm7df/A=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.18.0/go.mod h1:Td8EvzggonY02wLaqSpwybI3GbmA0PWoprKGil2uwJg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.24.0 h1:f/V5Y9OaHuNRrA9MntNQNAtMFXqhKj8HTEPnH81eXMI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.24.0/go.mod h1:HnCUMNz2XqwnEEk5X6oeDYB2HgOLFpJ/LyfilN8WErs=
+github.com/aws/aws-sdk-go-v2 v1.22.2 h1:lV0U8fnhAnPz8YcdmZVV60+tr6CakHzqA6P8T46ExJI=
+github.com/aws/aws-sdk-go-v2 v1.22.2/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
+github.com/aws/aws-sdk-go-v2/config v1.23.0 h1:kqzEfGGDIrRJpfJckgwuZfFTbU9NB1jZnRcaO9MpOqE=
+github.com/aws/aws-sdk-go-v2/config v1.23.0/go.mod h1:p7wbxKXXjS1GGQOss7VXOazVMFF9bjUGq85/4wR/fSw=
+github.com/aws/aws-sdk-go-v2/credentials v1.15.2 h1:rKH7khRMxPdD0u3dHecd0Q7NOVw3EUe7AqdkUOkiOGI=
+github.com/aws/aws-sdk-go-v2/credentials v1.15.2/go.mod h1:tXM8wmaeAhfC7nZoCxb0FzM/aRaB1m1WQ7x0qlBLq80=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3 h1:G5KawTAkyHH6WyKQCdHiW4h3PmAXNJpOgwKg3H7sDRE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3/go.mod h1:hugKmSFnZB+HgNI1sYGT14BUPZkO6alC/e0AWu+0IAQ=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 h1:AaQsr5vvGR7rmeSWBtTCcw16tT9r51mWijuCQhzLnq8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2/go.mod h1:o1IiRn7CWocIFTXJjGKJDOwxv1ibL53NpcvcqGWyRBA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 h1:UZx8SXZ0YtzRiALzYAWcjb9Y9hZUR7MBKaBQ5ouOjPs=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2/go.mod h1:ipuRpcSaklmxR6C39G187TpBAO132gUfleTGccUPs8c=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0 h1:hwZB07/beLiCopuRKF0t+dEHmP39iN4YtDh3X5d3hrg=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0/go.mod h1:rdAuXeHWhI/zkpYcO5n8WCpaIgY9MUxFyBsuqq3kjyA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 h1:h7j73yuAVVjic8pqswh+L/7r2IHP43QwRyOu6zcCDDE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2/go.mod h1:H07AHdK5LSy8F7EJUQhoxyiCNkePoHj2D8P2yGTWafo=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1 h1:HzAQvhCCrfAtl1uc2w27CJicm0HxdLs6HI2ZTMAZObQ=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1/go.mod h1:kEKnDzZL0k1f2sE1utJ/ljZDF17aChgH9j+jUv+jr38=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1 h1:jZSQwl1JAX9GRew86efQecc+pDiAu/WwnefnrUhpNxk=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1/go.mod h1:5uJ+xB76ttmfE0FD6f07TiF3BmwKevmfK7ixkV7mjVA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.1 h1:km+ZNjtLtpXYf42RdaDZnNHm9s7SYAuDGTafy6nd89A=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.1/go.mod h1:aHBr3pvBSD5MbzOvQtYutyPLLRPbl/y9x86XyJJnUXQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1 h1:iRFNqZH4a67IqPvK8xxtyQYnyrlsvwmpHOe9r55ggBA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1/go.mod h1:pTy5WM+6sNv2tB24JNKFtn6EvciQ5k40ZJ0pq/Iaxj0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.1 h1:txgVXIXWPXyqdiVn92BV6a/rgtpX31HYdsOYj0sVQQQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.1/go.mod h1:VAiJiNaoP1L89STFlEMgmHX1bKixY+FaP+TpRFrmyZ4=
 github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
 github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -81,8 +81,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.80.0 h1:BfCFK9gy+2H/R3yjZWzFvWsVXwr2zICCfmAW3brbHpE=
-github.com/cloudflare/cloudflare-go v0.80.0/go.mod h1:gkHQf9xEubaQPEuerBuoinR9P8bf8a05Lq0X6WKy1Oc=
+github.com/cloudflare/cloudflare-go v0.81.0 h1:NSLpR2cBn5K1cFXkYsZ7skVNFN+AAJBKdUWAj8v1PGA=
+github.com/cloudflare/cloudflare-go v0.81.0/go.mod h1:TIT8ltdOkZthsC+6owWe0ODSgl84sq3f8iAsja8E1KQ=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -95,8 +95,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.105.0 h1:bUfWVsyQCYZ7OQLK+p2EBFYWD5BoOgpyq/PMSQHEeMg=
-github.com/digitalocean/godo v1.105.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.105.1 h1:3FjFDurw7po27Y0uHhdR+EvwNil06KCeu1Nx/0jZbmI=
+github.com/digitalocean/godo v1.105.1/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -110,8 +110,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
 github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
@@ -232,8 +232,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
 github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
-github.com/jarcoal/httpmock v1.0.8 h1:8kI16SoO6LQKgPE7PvQuV+YuD/inwHd7fOOe2zMbo4k=
-github.com/jarcoal/httpmock v1.0.8/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik=
+github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
+github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
@@ -316,6 +316,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
+github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
 github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
 github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -340,8 +342,8 @@ github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDh
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
-github.com/ovh/go-ovh v1.1.0 h1:bHXZmw8nTgZin4Nv7JuaLs0KG5x54EQR7migYTd1zrk=
-github.com/ovh/go-ovh v1.1.0/go.mod h1:AxitLZ5HBRPyUd+Zl60Ajaag+rNTdVXWIkzfrVuTXWA=
+github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
+github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/peterhellberg/link v1.1.0 h1:s2+RH8EGuI/mI4QwrWGSYQCRz7uNgip9BaM04HKu5kc=
@@ -403,8 +405,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/transip/gotransip/v6 v6.22.1 h1:xM/UV++Em9CBRXsi+WQo7bBCIEylyE72XVB5ktmCvlM=
-github.com/transip/gotransip/v6 v6.22.1/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
+github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA=
+github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@@ -436,19 +438,19 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
+golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
+golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY=
-golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
+golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -466,19 +468,19 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
+golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
+golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
+golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
+golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -502,8 +504,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
+golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -515,12 +517,12 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
+golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -531,14 +533,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
+golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
+golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.149.0 h1:b2CqT6kG+zqJIVKRQ3ELJVLN1PwHZ6DJ3dW8yl82rgY=
-google.golang.org/api v0.149.0/go.mod h1:Mwn1B7JTXrzXtnvmzQE2BD6bYZQ8DShKZDZbeN9I7qI=
+google.golang.org/api v0.150.0 h1:Z9k22qD289SZ8gCJrk4DrWXkNjtfvKAUo/l1ma8eBYE=
+google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -550,8 +552,8 @@ google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5
 google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
 google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
 google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -587,9 +589,8 @@ gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
 gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
 gopkg.in/httprequest.v1 v1.1.1/go.mod h1:/CkavNL+g3qLOrpFHVrEx4NKepeqR4XTZWNj4sGGjz0=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
-gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=

From b8096b7b8a90e45b876f3373723fe9cac04dc46c Mon Sep 17 00:00:00 2001
From: Stefan <stefan@syntaxhelden.de>
Date: Wed, 15 Nov 2023 16:28:41 +0100
Subject: [PATCH 014/438] PORKBUN: implement ListZones() (#2622)

---
 providers/porkbun/api.go       | 35 ++++++++++++++++++++++++++++++++++
 providers/porkbun/listzones.go |  9 +++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 providers/porkbun/listzones.go

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 3145319af8..698f14c8d7 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -41,6 +41,23 @@ type recordResponse struct {
 	Records []domainRecord `json:"records"`
 }
 
+type domainListRecord struct {
+	Domain       string `json:"domain"`
+	Status       string `json:"status"`
+	TLD          string `json:"tld"`
+	CreateDate   string `json:"createDate"`
+	ExpireDate   string `json:"expireDate"`
+	SecurityLock string `json:"securityLock"`
+	WhoisPrivacy string `json:"whoisPrivacy"`
+	AutoRenew    string `json:"autoRenew"`
+	NotLocal     string `json:"notLocal"`
+}
+
+type domainListResponse struct {
+	Status  string             `json:"status"`
+	Domains []domainListRecord `json:"domains"`
+}
+
 type nsResponse struct {
 	Status      string   `json:"status"`
 	Nameservers []string `json:"ns"`
@@ -150,3 +167,21 @@ func (c *porkbunProvider) updateNameservers(ns []string, domain string) error {
 	}
 	return nil
 }
+
+func (c *porkbunProvider) listAllDomains() ([]string, error) {
+	params := requestParams{}
+	var bodyString, err = c.post("/domain/listAll", params)
+	if err != nil {
+		return nil, fmt.Errorf("failed listing all domains from porkbun: %w", err)
+	}
+
+	var dlr domainListResponse
+	json.Unmarshal(bodyString, &dlr)
+
+	var domains []string
+	for _, domain := range dlr.Domains {
+		domains = append(domains, domain.Domain)
+	}
+	sort.Strings(domains)
+	return domains, nil
+}
diff --git a/providers/porkbun/listzones.go b/providers/porkbun/listzones.go
new file mode 100644
index 0000000000..a5f9f89c15
--- /dev/null
+++ b/providers/porkbun/listzones.go
@@ -0,0 +1,9 @@
+package porkbun
+
+func (client *porkbunProvider) ListZones() ([]string, error) {
+	zones, err := client.listAllDomains()
+	if err != nil {
+		return nil, err
+	}
+	return zones, err
+}

From 32fe2753d81a681156dae5453f3b3724f30d70aa Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Thu, 16 Nov 2023 23:56:31 +0800
Subject: [PATCH 015/438] PORKBUN: Improve non .DE domain delegation processing
 (remove the trailing dot in NS) (#2624)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/porkbun/api.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 698f14c8d7..066cf50855 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 	"sort"
+	"strings"
 	"time"
 )
 
@@ -156,7 +157,15 @@ func (c *porkbunProvider) getNameservers(domain string) ([]string, error) {
 	json.Unmarshal(bodyString, &ns)
 
 	sort.Strings(ns.Nameservers)
-	return ns.Nameservers, nil
+
+	var nameservers []string
+	for _, nameserver := range ns.Nameservers {
+		// Remove the trailing dot only if it exists.
+		// This provider seems to add the trailing dot to some domains but not others.
+		// The .DE domains seem to always include the dot, others don't.
+		nameservers = append(nameservers, strings.TrimSuffix(nameserver, "."))
+	}
+	return nameservers, nil
 }
 
 func (c *porkbunProvider) updateNameservers(ns []string, domain string) error {

From 8040e7bba269b605dd0f796e004acb835a0b2c12 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sat, 18 Nov 2023 10:37:46 -0500
Subject: [PATCH 016/438] REFACTOR: Add Joined and Segmented accessors to TXT,
 and other cleanups (#2628)

---
 models/dns.go                 | 16 ----------------
 models/dnsrr.go               | 24 ------------------------
 models/quotes_test.go         |  4 ++--
 models/record.go              | 31 -------------------------------
 models/t_txt.go               | 20 +++++++++++++++++++-
 models/target.go              |  3 ++-
 pkg/diff/diff.go              | 31 -------------------------------
 pkg/diff/diff2compat.go       |  9 ++-------
 pkg/txtutil/txtutil.go        |  5 +++++
 providers/powerdns/convert.go |  2 +-
 10 files changed, 31 insertions(+), 114 deletions(-)

diff --git a/models/dns.go b/models/dns.go
index 7b73eb895c..a2ed16f626 100644
--- a/models/dns.go
+++ b/models/dns.go
@@ -118,19 +118,3 @@ func (config *DNSConfig) DomainContainingFQDN(fqdn string) *DomainConfig {
 	}
 	return d
 }
-
-//// IgnoreName describes an IGNORE_NAME rule.
-//type IgnoreName struct {
-//	Pattern string `json:"pattern"` // Glob pattern.
-//	Types   string `json:"types"`   // All caps rtype names, comma separated.
-//}
-//
-//// IgnoreTarget describes an IGNORE_TARGET rule.
-//type IgnoreTarget struct {
-//	Pattern string `json:"pattern"` // Glob pattern.
-//	Type    string `json:"type"`    // All caps rtype name.
-//}
-//
-//func (i *IgnoreTarget) String() string {
-//	return i.Pattern
-//}
diff --git a/models/dnsrr.go b/models/dnsrr.go
index 1ef0f82120..c4d357649e 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -9,35 +9,11 @@ import (
 	"github.com/miekg/dns"
 )
 
-//// Header Header returns the header of an resource record.
-//func (rc *RecordConfig) Header() *dns.RR_Header {
-//	log.Fatal("Header not implemented")
-//	return nil
-//}
-
 // String returns the text representation of the resource record.
 func (rc *RecordConfig) String() string {
 	return rc.GetTargetCombined()
 }
 
-//// copy returns a copy of the RR
-//func (rc *RecordConfig) copy() dns.RR {
-//	log.Fatal("Copy not implemented")
-//	return dns.TypeToRR[dns.TypeA]()
-//}
-//
-//// len returns the length (in octets) of the uncompressed RR in wire format.
-//func (rc *RecordConfig) len() int {
-//	log.Fatal("len not implemented")
-//	return 0
-//}
-//
-//// pack packs an RR into wire format.
-//func (rc *RecordConfig) pack([]byte, int, map[string]int, bool) (int, error) {
-//	log.Fatal("pack not implemented")
-//	return 0, nil
-//}
-
 // Conversions
 
 // RRstoRCs converts []dns.RR to []RecordConfigs.
diff --git a/models/quotes_test.go b/models/quotes_test.go
index 86cc80f730..9ca3214015 100644
--- a/models/quotes_test.go
+++ b/models/quotes_test.go
@@ -63,11 +63,11 @@ func TestParseQuotedTxt(t *testing.T) {
 	for i, test := range tests {
 		ls := ParseQuotedTxt(test.d1)
 		if len(ls) != len(test.e2) {
-			t.Errorf("%v: expected TxtStrings=(%v) got (%v)", i, test.e2, ls)
+			t.Errorf("%v: expected LEN TxtStrings=q(%q) got q(%q)", i, test.e2, ls)
 		}
 		for i := range ls {
 			if ls[i] != test.e2[i] {
-				t.Errorf("%v: expected TxtStrings=(%v) got (%v)", i, test.e2, ls)
+				t.Errorf("%v: expected TxtStrings=q(%q) got q(%q)", i, test.e2, ls)
 			}
 		}
 	}
diff --git a/models/record.go b/models/record.go
index 894c49dace..8c95c3894c 100644
--- a/models/record.go
+++ b/models/record.go
@@ -269,14 +269,6 @@ func (rc *RecordConfig) SetLabel(short, origin string) {
 	}
 }
 
-// UnsafeSetLabelNull sets the label to "". Normally the FQDN is denoted by .Name being
-// "@" however this can be used to violate that assertion. It should only be used
-// on copies of a RecordConfig that is being used for non-standard things like
-// Marshalling yaml.
-func (rc *RecordConfig) UnsafeSetLabelNull() {
-	rc.Name = ""
-}
-
 // SetLabelFromFQDN sets the .Name/.NameFQDN fields given a FQDN and origin.
 // fqdn may have a trailing "." but it is not required.
 // origin may not have a trailing dot.
@@ -512,16 +504,6 @@ func (recs Records) HasRecordTypeName(rtype, name string) bool {
 	return false
 }
 
-// FQDNMap returns a map of all LabelFQDNs. Useful for making a
-// truthtable of labels that exist in Records.
-func (recs Records) FQDNMap() (m map[string]bool) {
-	m = map[string]bool{}
-	for _, rec := range recs {
-		m[rec.GetLabelFQDN()] = true
-	}
-	return m
-}
-
 // GetByType returns the records that match rtype typeName.
 func (recs Records) GetByType(typeName string) Records {
 	results := Records{}
@@ -542,19 +524,6 @@ func (recs Records) GroupedByKey() map[RecordKey]Records {
 	return groups
 }
 
-// GroupedByLabel returns a map of keys to records, and their original key order.
-func (recs Records) GroupedByLabel() ([]string, map[string]Records) {
-	order := []string{}
-	groups := map[string]Records{}
-	for _, rec := range recs {
-		if _, found := groups[rec.Name]; !found {
-			order = append(order, rec.Name)
-		}
-		groups[rec.Name] = append(groups[rec.Name], rec)
-	}
-	return order, groups
-}
-
 // GroupedByFQDN returns a map of keys to records, grouped by FQDN.
 func (recs Records) GroupedByFQDN() ([]string, map[string]Records) {
 	order := []string{}
diff --git a/models/t_txt.go b/models/t_txt.go
index 4a39c06c44..87b7470dec 100644
--- a/models/t_txt.go
+++ b/models/t_txt.go
@@ -147,11 +147,29 @@ func (rc *RecordConfig) SetTargetTXTs(s []string) error {
 	return nil
 }
 
-// GetTargetTXTJoined returns the TXT target as one string. If it was stored as multiple strings, concatenate them.
+// GetTargetTXTJoined returns the TXT target as one string.
 func (rc *RecordConfig) GetTargetTXTJoined() string {
 	return strings.Join(rc.TxtStrings, "")
 }
 
+// GetTargetTXTSegmented returns the TXT target as 255-octet segments, with the remainder in the last segment.
+func (rc *RecordConfig) GetTargetTXTSegmented() []string {
+	return splitChunks(strings.Join(rc.TxtStrings, ""), 255)
+}
+
+func splitChunks(buf string, lim int) []string {
+	var chunk string
+	chunks := make([]string, 0, len(buf)/lim+1)
+	for len(buf) >= lim {
+		chunk, buf = buf[:lim], buf[lim:]
+		chunks = append(chunks, chunk)
+	}
+	if len(buf) > 0 {
+		chunks = append(chunks, buf[:])
+	}
+	return chunks
+}
+
 // SetTargetTXTfromRFC1035Quoted parses a series of quoted strings
 // and sets .TxtStrings based on the result.
 // Note: Most APIs do notThis is rarely used. Try using SetTargetTXT() first.
diff --git a/models/target.go b/models/target.go
index 9a189d8ffa..5602c3a71e 100644
--- a/models/target.go
+++ b/models/target.go
@@ -3,6 +3,7 @@ package models
 import (
 	"fmt"
 	"net"
+	"runtime/debug"
 	"strings"
 
 	"github.com/miekg/dns"
@@ -26,7 +27,7 @@ func (rc *RecordConfig) GetTargetField() string {
 	if debugWarnTxtField {
 		if rc.Type == "TXT" {
 			fmt.Printf("DEBUG: WARNING: GetTargetField called on TXT record is frequently wrong: %q\n", rc.target)
-			//debug.PrintStack()
+			debug.PrintStack()
 		}
 	}
 	return rc.target
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 16412ae2f7..031b9a720f 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -32,37 +32,6 @@ func (d *differ) content(r *models.RecordConfig) string {
 	return r.ToDiffable()
 }
 
-// ChangesetLess returns true if c[i] < c[j].
-func ChangesetLess(c Changeset, i, j int) bool {
-	var a, b string
-	// Which fields are we comparing?
-	// Usually only Desired OR Existing content exists (we're either
-	// adding or deleting records).  In those cases, just use whichever
-	// isn't nil.
-	// In the case where both Desired AND Existing exist, it doesn't
-	// matter which we use as long as we are consistent.  I flipped a
-	// coin and picked to use Desired in that case.
-
-	if c[i].Desired != nil {
-		a = c[i].Desired.NameFQDN
-	} else {
-		a = c[i].Existing.NameFQDN
-	}
-
-	if c[j].Desired != nil {
-		b = c[j].Desired.NameFQDN
-	} else {
-		b = c[j].Existing.NameFQDN
-	}
-
-	return a < b
-
-	// TODO(tlim): This won't correctly sort:
-	// []string{"example.com", "foo.example.com", "bar.example.com"}
-	// A simple way to do that correctly is to split on ".", reverse the
-	// elements, and sort on the result.
-}
-
 // CorrectionLess returns true when comparing corrections.
 func CorrectionLess(c []*models.Correction, i, j int) bool {
 	return c[i].Msg < c[j].Msg
diff --git a/pkg/diff/diff2compat.go b/pkg/diff/diff2compat.go
index b9f617da30..fb726d617d 100644
--- a/pkg/diff/diff2compat.go
+++ b/pkg/diff/diff2compat.go
@@ -10,15 +10,10 @@ import (
 // NewCompat is a constructor that uses the new pkg/diff2 system
 // instead of pkg/diff.
 //
-// It is for backwards compatibility only. New providers should use
-// pkg/diff2.  Older providers should use this to reduce their
-// dependency on pkg/diff2 until they can move to the pkg/diff2/By*()
-// functions.
+// It is for backwards compatibility only. New providers should use pkg/diff2.
 //
 // To use this simply change New() to NewCompat(). If that doesn't
-// work please report a bug. The only exception is if you depend on
-// the extraValues feature, which will not be supported. That
-// parameter must be set to nil.
+// work please report a bug. The extraValues feature is not supported.
 func NewCompat(dc *models.DomainConfig, extraValues ...func(*models.RecordConfig) map[string]string) Differ {
 	if len(extraValues) != 0 {
 		panic("extraValues not supported")
diff --git a/pkg/txtutil/txtutil.go b/pkg/txtutil/txtutil.go
index 5aa6b1d4ba..a37948c741 100644
--- a/pkg/txtutil/txtutil.go
+++ b/pkg/txtutil/txtutil.go
@@ -17,6 +17,11 @@ func SplitSingleLongTxt(records []*models.RecordConfig) {
 	}
 }
 
+// Segment returns the string as 255-octet segments, the last being the remainder.
+func Segment(s string) []string {
+	return splitChunks(s, 255)
+}
+
 func splitChunks(buf string, lim int) []string {
 	var chunk string
 	chunks := make([]string, 0, len(buf)/lim+1)
diff --git a/providers/powerdns/convert.go b/providers/powerdns/convert.go
index 307955552f..591cb1882c 100644
--- a/providers/powerdns/convert.go
+++ b/providers/powerdns/convert.go
@@ -22,7 +22,7 @@ func toRecordConfig(domain string, r zones.Record, ttl int, name string, rtype s
 
 	switch rtype {
 	case "TXT":
-		// PowerDNS API accepts long TXTs without requiring to split them
+		// PowerDNS API accepts long TXTs without requiring to split them.
 		// The API then returns them as they initially came in, e.g. "averylooooooo[...]oooooongstring" or "string" "string"
 		// So we need to strip away " and split into multiple string
 		// We can't use SetTargetRFC1035Quoted, it would split the long strings into multiple parts

From 159fdf07adc0335fa4aea2c3ea5d4c05664de17b Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sat, 18 Nov 2023 15:06:20 -0500
Subject: [PATCH 017/438] REFACTOR: providers should not directly access
 .TxtStrings (#2629)

---
 models/t_txt.go                          | 13 +++++++++++++
 providers/axfrddns/axfrddnsProvider.go   |  4 ++--
 providers/azuredns/azureDnsProvider.go   |  4 ++--
 providers/cscglobal/dns.go               | 10 +++++-----
 providers/digitalocean/auditrecords.go   |  3 +--
 providers/domainnameshop/dns.go          |  2 +-
 providers/gcore/convert.go               |  2 +-
 providers/hetzner/types.go               |  4 ++--
 providers/hexonet/records.go             |  4 ++--
 providers/hostingde/types.go             |  5 +++--
 providers/inwx/inwxProvider.go           |  3 ++-
 providers/loopia/auditrecords.go         |  3 ++-
 providers/msdns/powershell.go            |  2 +-
 providers/namedotcom/auditrecords.go     |  7 ++++---
 providers/namedotcom/records.go          |  2 +-
 providers/ns1/ns1Provider.go             |  2 +-
 providers/softlayer/softlayerProvider.go |  5 ++++-
 providers/vultr/vultrProvider.go         |  2 +-
 18 files changed, 48 insertions(+), 29 deletions(-)

diff --git a/models/t_txt.go b/models/t_txt.go
index 87b7470dec..7b7b78a4d3 100644
--- a/models/t_txt.go
+++ b/models/t_txt.go
@@ -157,6 +157,19 @@ func (rc *RecordConfig) GetTargetTXTSegmented() []string {
 	return splitChunks(strings.Join(rc.TxtStrings, ""), 255)
 }
 
+// GetTargetTXTSegmentCount returns the number of 255-octet segments required to store TXT target.
+func (rc *RecordConfig) GetTargetTXTSegmentCount() int {
+	var total int
+	for i := range rc.TxtStrings {
+		total = len(rc.TxtStrings[i])
+	}
+	segs := total / 255 // integer division, decimals are truncated
+	if (total % 255) > 0 {
+		return segs + 1
+	}
+	return segs
+}
+
 func splitChunks(buf string, lim int) []string {
 	var chunk string
 	chunks := make([]string, 0, len(buf)/lim+1)
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index b7a1f17cef..f283ee9418 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -327,8 +327,8 @@ func (c *axfrddnsProvider) GetZoneRecords(domain string, meta map[string]string)
 		last := foundRecords[len(foundRecords)-1]
 		if last.Type == "TXT" &&
 			last.Name == dnssecDummyLabel &&
-			len(last.TxtStrings) == 1 &&
-			last.TxtStrings[0] == dnssecDummyTxt {
+			last.GetTargetTXTSegmentCount() == 1 &&
+			last.GetTargetTXTSegmented()[0] == dnssecDummyTxt {
 			c.hasDnssecRecords = true
 			foundRecords = foundRecords[0:(len(foundRecords) - 1)]
 		}
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index cb2230132b..105e46e6e5 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -525,9 +525,9 @@ func (a *azurednsProvider) recordToNativeDiff2(recordKey models.RecordKey, recor
 				recordSet.Properties.TxtRecords = []*adns.TxtRecord{}
 			}
 			// Empty TXT record needs to have no value set in it's properties
-			if !(len(rec.TxtStrings) == 1 && rec.TxtStrings[0] == "") {
+			if !(rec.GetTargetTXTSegmentCount() == 1 && rec.GetTargetTXTSegmented()[0] == "") {
 				var txts []*string
-				for _, txt := range rec.TxtStrings {
+				for _, txt := range rec.GetTargetTXTSegmented() {
 					txts = append(txts, to.StringPtr(txt))
 				}
 				recordSet.Properties.TxtRecords = append(recordSet.Properties.TxtRecords, &adns.TxtRecord{Value: txts})
diff --git a/providers/cscglobal/dns.go b/providers/cscglobal/dns.go
index 4cf3cb5175..e78432a3bb 100644
--- a/providers/cscglobal/dns.go
+++ b/providers/cscglobal/dns.go
@@ -132,7 +132,7 @@ func makePurge(domainname string, cor diff.Correlation) zoneResourceRecordEdit {
 
 	switch cor.Existing.Type {
 	case "TXT":
-		existingTarget = strings.Join(cor.Existing.TxtStrings, "")
+		existingTarget = cor.Existing.GetTargetTXTJoined()
 	default:
 		existingTarget = cor.Existing.GetTargetField()
 	}
@@ -159,7 +159,7 @@ func makeAdd(domainname string, cre diff.Correlation) zoneResourceRecordEdit {
 	var recTarget string
 	switch rec.Type {
 	case "TXT":
-		recTarget = strings.Join(rec.TxtStrings, "")
+		recTarget = rec.GetTargetTXTJoined()
 	default:
 		recTarget = rec.GetTargetField()
 	}
@@ -185,7 +185,7 @@ func makeAdd(domainname string, cre diff.Correlation) zoneResourceRecordEdit {
 		zer.NewWeight = rec.SrvWeight
 		zer.NewPort = rec.SrvPort
 	case "TXT":
-		zer.NewValue = strings.Join(rec.TxtStrings, "")
+		zer.NewValue = rec.GetTargetTXTJoined()
 	default: // "A", "CNAME", "NS"
 		// Nothing to do.
 	}
@@ -201,8 +201,8 @@ func makeEdit(domainname string, m diff.Correlation) zoneResourceRecordEdit {
 	var oldTarget, recTarget string
 	switch old.Type {
 	case "TXT":
-		oldTarget = strings.Join(old.TxtStrings, "")
-		recTarget = strings.Join(rec.TxtStrings, "")
+		oldTarget = old.GetTargetTXTJoined()
+		recTarget = rec.GetTargetTXTJoined()
 	default:
 		oldTarget = old.GetTargetField()
 		recTarget = rec.GetTargetField()
diff --git a/providers/digitalocean/auditrecords.go b/providers/digitalocean/auditrecords.go
index 49263f45cd..95382cc924 100644
--- a/providers/digitalocean/auditrecords.go
+++ b/providers/digitalocean/auditrecords.go
@@ -44,10 +44,9 @@ func MaxLengthDO(rc *models.RecordConfig) error {
 	// In other words, they're doing the checking on the API protocol
 	// encoded data instead of on on the resulting TXT record.  Sigh.
 
-	if len(rc.GetTargetField()) > 509 {
+	if len(rc.GetTargetRFC1035Quoted()) > 509 {
 		return fmt.Errorf("encoded txt too long")
 	}
-	// FIXME(tlim): Try replacing GetTargetField() with (2 + (3*len(rc.TxtStrings) - 1))
 
 	return nil
 }
diff --git a/providers/domainnameshop/dns.go b/providers/domainnameshop/dns.go
index e7619c11d8..320506b6f6 100644
--- a/providers/domainnameshop/dns.go
+++ b/providers/domainnameshop/dns.go
@@ -30,7 +30,7 @@ func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainCo
 	// Merge TXT strings to one string
 	for _, rc := range dc.Records {
 		if rc.HasFormatIdenticalToTXT() {
-			rc.SetTargetTXT(strings.Join(rc.TxtStrings, ""))
+			rc.SetTargetTXT(rc.GetTargetTXTJoined())
 		}
 	}
 
diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index f3e4ebb5a3..b5c1cc6bff 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -86,7 +86,7 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 			}
 		case "TXT": // Avoid double quoting for TXT records
 			rr = dnssdk.ResourceRecord{
-				Content: convertTxtSliceToSdkAnySlice(r.TxtStrings),
+				Content: convertTxtSliceToSdkAnySlice(r.GetTargetTXTSegmented()),
 				Meta:    nil,
 				Enabled: true,
 			}
diff --git a/providers/hetzner/types.go b/providers/hetzner/types.go
index 80ad3c8e7f..20dacdfb1e 100644
--- a/providers/hetzner/types.go
+++ b/providers/hetzner/types.go
@@ -63,7 +63,7 @@ func fromRecordConfig(in *models.RecordConfig, zone *zone) record {
 		ZoneID: zone.ID,
 	}
 
-	if r.Type == "TXT" && len(in.TxtStrings) == 1 {
+	if r.Type == "TXT" && (in.GetTargetTXTSegmentCount() == 1) {
 		// HACK: HETZNER rejects values that fit into 255 bytes w/o quotes,
 		//  but do not fit w/ added quotes (via GetTargetCombined()).
 		// Sending the raw, non-quoted value works for the comprehensive
@@ -71,7 +71,7 @@ func fromRecordConfig(in *models.RecordConfig, zone *zone) record {
 		// The HETZNER validation does not provide helpful error messages.
 		// {"error":{"message":"422 Unprocessable Entity: missing: ; ","code":422}}
 		// Last checked: 2023-04-01
-		valueNotQuoted := in.TxtStrings[0]
+		valueNotQuoted := in.GetTargetTXTSegmented()[0]
 		if len(valueNotQuoted) == 254 || len(valueNotQuoted) == 255 {
 			r.Value = valueNotQuoted
 		}
diff --git a/providers/hexonet/records.go b/providers/hexonet/records.go
index 3cb1846db7..ac313f714f 100644
--- a/providers/hexonet/records.go
+++ b/providers/hexonet/records.go
@@ -242,7 +242,7 @@ func (n *HXClient) createRecordString(rc *models.RecordConfig, domain string) (s
 	case "CAA":
 		record.Answer = fmt.Sprintf(`%v %s "%s"`, rc.CaaFlag, rc.CaaTag, record.Answer)
 	case "TXT":
-		record.Answer = encodeTxt(rc.TxtStrings)
+		record.Answer = encodeTxt(rc.GetTargetTXTSegmented())
 	case "SRV":
 		if rc.GetTargetField() == "." {
 			return "", fmt.Errorf("SRV records with empty targets are not supported (as of 2020-02-27, the API returns 'Invalid attribute value syntax')")
@@ -267,7 +267,7 @@ func (n *HXClient) deleteRecordString(record *HXRecord, domain string) string {
 	return record.Raw
 }
 
-// encodeTxt encodes TxtStrings for sending in the CREATE/MODIFY API:
+// encodeTxt encodes []string for sending in the CREATE/MODIFY API:
 func encodeTxt(txts []string) string {
 	var r []string
 	for _, txt := range txts {
diff --git a/providers/hostingde/types.go b/providers/hostingde/types.go
index 0a1f924a5b..4f789ba2a9 100644
--- a/providers/hostingde/types.go
+++ b/providers/hostingde/types.go
@@ -193,8 +193,9 @@ func recordToNative(rc *models.RecordConfig) *record {
 	case "A", "AAAA", "ALIAS", "CAA", "CNAME", "DNSKEY", "DS", "NS", "NSEC", "NSEC3", "NSEC3PARAM", "PTR", "RRSIG", "SSHFP", "TSLA":
 		// Nothing special.
 	case "TXT":
-		txtStrings := make([]string, len(rc.TxtStrings))
-		copy(txtStrings, rc.TxtStrings)
+		// TODO(tlim): Move this to a function with unit tests.
+		txtStrings := make([]string, rc.GetTargetTXTSegmentCount())
+		copy(txtStrings, rc.GetTargetTXTSegmented())
 
 		// Escape quotes
 		for i := range txtStrings {
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 0c4cfdaf83..a2de4cb037 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -213,9 +213,10 @@ func (api *inwxAPI) deleteRecord(RecordID int) error {
 
 // checkRecords ensures that there is no single-quote inside TXT records which would be ignored by INWX.
 func checkRecords(records models.Records) error {
+	// TODO(tlim) Remove this function.  auditrecords.go takes care of this now.
 	for _, r := range records {
 		if r.Type == "TXT" {
-			for _, target := range r.TxtStrings {
+			for _, target := range r.GetTargetTXTSegmented() {
 				if strings.ContainsAny(target, "`") {
 					return fmt.Errorf("INWX TXT records do not support single-quotes in their target")
 				}
diff --git a/providers/loopia/auditrecords.go b/providers/loopia/auditrecords.go
index 0accc622c4..d9d8cb2d5f 100644
--- a/providers/loopia/auditrecords.go
+++ b/providers/loopia/auditrecords.go
@@ -2,6 +2,7 @@ package loopia
 
 import (
 	"fmt"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
 )
@@ -24,7 +25,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 // TxtHasSegmentLen450orLonger audits TXT records for strings that are >450 octets.
 func TxtHasSegmentLen450orLonger(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
+	for _, txt := range rc.GetTargetTXTSegmented() {
 		if len(txt) > 450 {
 			return fmt.Errorf("%q txtstring length > 450", rc.GetLabel())
 		}
diff --git a/providers/msdns/powershell.go b/providers/msdns/powershell.go
index 367deb5a51..75fef9d45d 100644
--- a/providers/msdns/powershell.go
+++ b/providers/msdns/powershell.go
@@ -316,7 +316,7 @@ func generatePSCreate(dnsserver, domain string, rec *models.RecordConfig) string
 	//case "WKS":
 	//	fmt.Fprintf(&b, ` -Wks -InternetAddress <IPAddress> -InternetProtocol {UDP | TCP} -Service <String[]>`, rec.GetTargetField())
 	case "TXT":
-		//printer.Printf("DEBUG TXT len = %v\n", rec.TxtStrings)
+		//printer.Printf("DEBUG TXT len = %v\n", rec.GetTargetTXTSegmentCount())
 		//printer.Printf("DEBUG TXT target = %q\n", rec.GetTargetField())
 		fmt.Fprintf(&b, ` -Txt -DescriptiveText %q`, rec.GetTargetTXTJoined())
 	//case "RT":
diff --git a/providers/namedotcom/auditrecords.go b/providers/namedotcom/auditrecords.go
index 7db65ad504..2d9a64c847 100644
--- a/providers/namedotcom/auditrecords.go
+++ b/providers/namedotcom/auditrecords.go
@@ -29,18 +29,19 @@ func AuditRecords(records []*models.RecordConfig) []error {
 // are longer than permitted by NDC. Sadly their
 // length limit is undocumented. This seems to work.
 func MaxLengthNDC(rc *models.RecordConfig) error {
-	if len(rc.TxtStrings) == 0 {
+	txtStrings := rc.GetTargetTXTSegmented()
+	if len(txtStrings) == 0 {
 		return nil
 	}
 
 	sum := 2 // Count the start and end quote.
 	// Add the length of each segment.
-	for _, segment := range rc.TxtStrings {
+	for _, segment := range txtStrings {
 		sum += len(segment)                // The length of each segment
 		sum += strings.Count(segment, `"`) // Add 1 for any char to be escaped
 	}
 	// Add 3 (quote space quote) for each interior join.
-	sum += 3 * (len(rc.TxtStrings) - 1)
+	sum += 3 * (len(txtStrings) - 1)
 
 	if sum > 512 {
 		return fmt.Errorf("encoded txt too long")
diff --git a/providers/namedotcom/records.go b/providers/namedotcom/records.go
index b9edb4ef8e..af58fde7b1 100644
--- a/providers/namedotcom/records.go
+++ b/providers/namedotcom/records.go
@@ -154,7 +154,7 @@ func (n *namedotcomProvider) createRecord(rc *models.RecordConfig, domain string
 	case "A", "AAAA", "ANAME", "CNAME", "MX", "NS":
 	// nothing
 	case "TXT":
-	// 	record.Answer = encodeTxt(rc.TxtStrings)
+	// nothing
 	case "SRV":
 		if rc.GetTargetField() == "." {
 			return errors.New("SRV records with empty targets are not supported (as of 2019-11-05, the API returns 'Parameter Value Error - Invalid Srv Format')")
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 59a048cc35..a92db2860d 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -302,7 +302,7 @@ func buildRecord(recs models.Records, domain string, id string) *dns.Record {
 		if r.Type == "MX" {
 			rec.AddAnswer(&dns.Answer{Rdata: strings.Fields(fmt.Sprintf("%d %v", r.MxPreference, r.GetTargetField()))})
 		} else if r.Type == "TXT" {
-			rec.AddAnswer(&dns.Answer{Rdata: r.TxtStrings})
+			rec.AddAnswer(&dns.Answer{Rdata: r.GetTargetTXTSegmented()})
 		} else if r.Type == "CAA" {
 			rec.AddAnswer(&dns.Answer{
 				Rdata: []string{
diff --git a/providers/softlayer/softlayerProvider.go b/providers/softlayer/softlayerProvider.go
index 4238302b89..a47d432a6f 100644
--- a/providers/softlayer/softlayerProvider.go
+++ b/providers/softlayer/softlayerProvider.go
@@ -173,7 +173,10 @@ func (s *softlayerProvider) getExistingRecords(domain *datatypes.Dns_Domain) (mo
 			}
 			recConfig.SetLabel(fmt.Sprintf("%s.%s", service, strings.ToLower(protocol)), *domain.Name)
 		case "TXT":
-			recConfig.TxtStrings = append(recConfig.TxtStrings, *record.Data)
+			// OLD: recConfig.TxtStrings = append(recConfig.TxtStrings, *record.Data)
+			recConfig.SetTargetTXTs(append(recConfig.GetTargetTXTSegmented(), *record.Data))
+			// NB(tlim) The above code seems too complex.  Can it be simplied to this?
+			// recConfig.SetTargetTXT(*record.Data)
 			fallthrough
 		case "MX":
 			if record.MxPriority != nil {
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index 1a5b5b5772..c09ec349d5 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -314,7 +314,7 @@ func toVultrRecord(dc *models.DomainConfig, rc *models.RecordConfig, vultrID str
 		// Vultr doesn't permit TXT strings to include double-quotes
 		// therefore, we don't have to escape interior double-quotes.
 		// Vultr's API requires the string to begin and end with double-quotes.
-		r.Data = `"` + strings.Join(rc.TxtStrings, "") + `"`
+		r.Data = `"` + strings.Join(rc.GetTargetTXTSegmented(), "") + `"`
 	default:
 	}
 

From 3dab594757ef2fde461b71e3c4882c2e90cb5333 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 19 Nov 2023 13:44:49 -0500
Subject: [PATCH 018/438] CHORE: More cleanups (#2632)

---
 commands/gz_test.go                  | 11 +++++------
 documentation/providers/azure_dns.md |  2 ++
 pkg/diff/diff2compat.go              |  2 +-
 pkg/diff2/compareconfig.go           |  1 +
 pkg/normalize/validate_test.go       |  2 +-
 pkg/rejectif/txt.go                  | 10 ++++++++++
 providers/desec/desecProvider.go     |  3 +--
 providers/powerdns/auditrecords.go   | 12 ++++++++++--
 providers/transip/auditrecords.go    | 10 +++++++---
 9 files changed, 38 insertions(+), 15 deletions(-)

diff --git a/commands/gz_test.go b/commands/gz_test.go
index c7c56bece7..594debb839 100644
--- a/commands/gz_test.go
+++ b/commands/gz_test.go
@@ -66,13 +66,12 @@ func testFormat(t *testing.T, domain, format string) {
 		log.Fatal(fmt.Errorf("can't read expected %q: %w", outfile.Name(), err))
 	}
 
-	//	// Update got -> want
-	//	err = os.WriteFile(expectedFilename, got, 0644)
-	//	if err != nil {
-	//		log.Fatal(err)
-	//	}
-
 	if w, g := string(want), string(got); w != g {
+		// If the test fails, output a file showing "got"
+		err = os.WriteFile(expectedFilename+".ACTUAL", got, 0644)
+		if err != nil {
+			log.Fatal(err)
+		}
 		t.Errorf("testFormat mismatch (-got +want):\n%s", diff.LineDiff(g, w))
 	}
 }
diff --git a/documentation/providers/azure_dns.md b/documentation/providers/azure_dns.md
index a9eac9cfb3..2d1070917a 100644
--- a/documentation/providers/azure_dns.md
+++ b/documentation/providers/azure_dns.md
@@ -45,6 +45,8 @@ export AZURE_CLIENT_SECRET=BBBBBBBBB
 ```
 {% endcode %}
 
+NOTE: The ResourceGroup is case sensitive.
+
 ## Metadata
 This provider does not recognize any special metadata fields unique to Azure DNS.
 
diff --git a/pkg/diff/diff2compat.go b/pkg/diff/diff2compat.go
index fb726d617d..78cb75a684 100644
--- a/pkg/diff/diff2compat.go
+++ b/pkg/diff/diff2compat.go
@@ -13,7 +13,7 @@ import (
 // It is for backwards compatibility only. New providers should use pkg/diff2.
 //
 // To use this simply change New() to NewCompat(). If that doesn't
-// work please report a bug. The extraValues feature is not supported.
+// work please report a bug. The extraValues parameter is not supported.
 func NewCompat(dc *models.DomainConfig, extraValues ...func(*models.RecordConfig) map[string]string) Differ {
 	if len(extraValues) != 0 {
 		panic("extraValues not supported")
diff --git a/pkg/diff2/compareconfig.go b/pkg/diff2/compareconfig.go
index 0b75d32a22..0ec0320dac 100644
--- a/pkg/diff2/compareconfig.go
+++ b/pkg/diff2/compareconfig.go
@@ -215,6 +215,7 @@ func mkCompareBlobs(rc *models.RecordConfig, f func(*models.RecordConfig) string
 		}
 	}
 
+	// We do this to save memory. This assures the first return value uses the same memory as the second.
 	lenWithoutTTL := len(comp)
 	compFull := comp + fmt.Sprintf(" ttl=%d", rc.TTL)
 
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index 0bd8420140..5a6d3dc7f3 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -324,7 +324,7 @@ func TestCheckDuplicates(t *testing.T) {
 	}
 	errs := checkDuplicates(records)
 	if len(errs) != 0 {
-		t.Errorf("Expect duplicate NOT found but found %q", errs)
+		t.Errorf("Expected duplicate NOT found but found %q", errs)
 	}
 }
 
diff --git a/pkg/rejectif/txt.go b/pkg/rejectif/txt.go
index 8a0883b8ce..b1d63c0ba2 100644
--- a/pkg/rejectif/txt.go
+++ b/pkg/rejectif/txt.go
@@ -9,6 +9,16 @@ import (
 
 // Keep these in alphabetical order.
 
+// TxtHasBackslash audits TXT records for strings that contains one or more backslashes.
+func TxtHasBackslash(rc *models.RecordConfig) error {
+	for _, txt := range rc.TxtStrings {
+		if strings.Contains(txt, `\`) {
+			return fmt.Errorf("txtstring contains backslash")
+		}
+	}
+	return nil
+}
+
 // TxtHasBackticks audits TXT records for strings that contain backticks.
 func TxtHasBackticks(rc *models.RecordConfig) error {
 	for _, txt := range rc.TxtStrings {
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index d67fa73cb4..34201f0130 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"sort"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
@@ -237,7 +236,7 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 	// However the code doesn't seem to have such situation.  All tests
 	// pass.  That said, if this breaks anything, the easiest fix might
 	// be to just remove the sort.
-	sort.Slice(corrections, func(i, j int) bool { return diff.CorrectionLess(corrections, i, j) })
+	//sort.Slice(corrections, func(i, j int) bool { return diff.CorrectionLess(corrections, i, j) })
 
 	return corrections, nil
 }
diff --git a/providers/powerdns/auditrecords.go b/providers/powerdns/auditrecords.go
index 7b22a7d176..1903c5d22e 100644
--- a/providers/powerdns/auditrecords.go
+++ b/providers/powerdns/auditrecords.go
@@ -1,10 +1,18 @@
 package powerdns
 
-import "github.com/StackExchange/dnscontrol/v4/models"
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
 
 // AuditRecords returns a list of errors corresponding to the records
 // that aren't supported by this provider.  If all records are
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
+	a := rejectif.Auditor{}
+
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-11-11
+	a.Add("TXT", rejectif.TxtHasBackslash)    // Last verified 2023-11-11
+
+	return a.Audit(records)
 }
diff --git a/providers/transip/auditrecords.go b/providers/transip/auditrecords.go
index 814e1c7923..fd6729c449 100644
--- a/providers/transip/auditrecords.go
+++ b/providers/transip/auditrecords.go
@@ -10,10 +10,14 @@ import (
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
-	a.Add("MX", rejectif.MxNull)               // Last verified 2023-01-28
-	a.Add("TXT", rejectif.TxtHasBackticks)     // Last verified 2023-01-28
+
+	a.Add("MX", rejectif.MxNull) // Last verified 2023-01-28
+
+	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2023-01-28
+
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-01-28
-	a.Add("TXT", rejectif.TxtIsEmpty)          // Last verified 2023-01-28
+
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-01-28
 
 	return a.Audit(records)
 }

From bfa9da98c8642073dffc7c7013bcd151b2d061ae Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 19 Nov 2023 13:52:28 -0500
Subject: [PATCH 019/438] CHORE update deps (#2633)

---
 go.mod | 35 +++++++++++++++--------------
 go.sum | 70 ++++++++++++++++++++++++++++++----------------------------
 2 files changed, 54 insertions(+), 51 deletions(-)

diff --git a/go.mod b/go.mod
index bfa26ffb6c..b5c5bb2bf8 100644
--- a/go.mod
+++ b/go.mod
@@ -13,17 +13,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.22.2
-	github.com/aws/aws-sdk-go-v2/config v1.23.0
-	github.com/aws/aws-sdk-go-v2/credentials v1.15.2
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1
+	github.com/aws/aws-sdk-go-v2 v1.23.0
+	github.com/aws/aws-sdk-go-v2/config v1.25.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.2
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
 	github.com/cloudflare/cloudflare-go v0.81.0
-	github.com/digitalocean/godo v1.105.1
+	github.com/digitalocean/godo v1.106.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -34,7 +34,7 @@ require (
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.56
+	github.com/miekg/dns v1.1.57
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
@@ -52,7 +52,7 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.18.0
 	golang.org/x/oauth2 v0.14.0
-	google.golang.org/api v0.150.0
+	google.golang.org/api v0.151.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.13
 )
 
@@ -78,15 +78,16 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.17.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.25.1 // indirect
-	github.com/aws/smithy-go v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 // indirect
+	github.com/aws/smithy-go v1.17.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
diff --git a/go.sum b/go.sum
index 8da2cf52f3..7c36af7024 100644
--- a/go.sum
+++ b/go.sum
@@ -33,34 +33,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.22.2 h1:lV0U8fnhAnPz8YcdmZVV60+tr6CakHzqA6P8T46ExJI=
-github.com/aws/aws-sdk-go-v2 v1.22.2/go.mod h1:Kd0OJtkW3Q0M0lUWGszapWjEvrXDzRW+D21JNsroB+c=
-github.com/aws/aws-sdk-go-v2/config v1.23.0 h1:kqzEfGGDIrRJpfJckgwuZfFTbU9NB1jZnRcaO9MpOqE=
-github.com/aws/aws-sdk-go-v2/config v1.23.0/go.mod h1:p7wbxKXXjS1GGQOss7VXOazVMFF9bjUGq85/4wR/fSw=
-github.com/aws/aws-sdk-go-v2/credentials v1.15.2 h1:rKH7khRMxPdD0u3dHecd0Q7NOVw3EUe7AqdkUOkiOGI=
-github.com/aws/aws-sdk-go-v2/credentials v1.15.2/go.mod h1:tXM8wmaeAhfC7nZoCxb0FzM/aRaB1m1WQ7x0qlBLq80=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3 h1:G5KawTAkyHH6WyKQCdHiW4h3PmAXNJpOgwKg3H7sDRE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.3/go.mod h1:hugKmSFnZB+HgNI1sYGT14BUPZkO6alC/e0AWu+0IAQ=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2 h1:AaQsr5vvGR7rmeSWBtTCcw16tT9r51mWijuCQhzLnq8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.2/go.mod h1:o1IiRn7CWocIFTXJjGKJDOwxv1ibL53NpcvcqGWyRBA=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2 h1:UZx8SXZ0YtzRiALzYAWcjb9Y9hZUR7MBKaBQ5ouOjPs=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.2/go.mod h1:ipuRpcSaklmxR6C39G187TpBAO132gUfleTGccUPs8c=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0 h1:hwZB07/beLiCopuRKF0t+dEHmP39iN4YtDh3X5d3hrg=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.6.0/go.mod h1:rdAuXeHWhI/zkpYcO5n8WCpaIgY9MUxFyBsuqq3kjyA=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2 h1:h7j73yuAVVjic8pqswh+L/7r2IHP43QwRyOu6zcCDDE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.2/go.mod h1:H07AHdK5LSy8F7EJUQhoxyiCNkePoHj2D8P2yGTWafo=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1 h1:HzAQvhCCrfAtl1uc2w27CJicm0HxdLs6HI2ZTMAZObQ=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.34.1/go.mod h1:kEKnDzZL0k1f2sE1utJ/ljZDF17aChgH9j+jUv+jr38=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1 h1:jZSQwl1JAX9GRew86efQecc+pDiAu/WwnefnrUhpNxk=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.1/go.mod h1:5uJ+xB76ttmfE0FD6f07TiF3BmwKevmfK7ixkV7mjVA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.1 h1:km+ZNjtLtpXYf42RdaDZnNHm9s7SYAuDGTafy6nd89A=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.1/go.mod h1:aHBr3pvBSD5MbzOvQtYutyPLLRPbl/y9x86XyJJnUXQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1 h1:iRFNqZH4a67IqPvK8xxtyQYnyrlsvwmpHOe9r55ggBA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.19.1/go.mod h1:pTy5WM+6sNv2tB24JNKFtn6EvciQ5k40ZJ0pq/Iaxj0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.1 h1:txgVXIXWPXyqdiVn92BV6a/rgtpX31HYdsOYj0sVQQQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.1/go.mod h1:VAiJiNaoP1L89STFlEMgmHX1bKixY+FaP+TpRFrmyZ4=
-github.com/aws/smithy-go v1.16.0 h1:gJZEH/Fqh+RsvlJ1Zt4tVAtV6bKkp3cC+R6FCZMNzik=
-github.com/aws/smithy-go v1.16.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2 v1.23.0 h1:PiHAzmiQQr6JULBUdvR8fKlA+UPKLT/8KbiqpFBWiAo=
+github.com/aws/aws-sdk-go-v2 v1.23.0/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA=
+github.com/aws/aws-sdk-go-v2/config v1.25.3 h1:E4m9LbwJOoncDNt3e9MPLbz/saxWcGUlZVBydydD6+8=
+github.com/aws/aws-sdk-go-v2/config v1.25.3/go.mod h1:tAByZy03nH5jcq0vZmkcVoo6tRzRHEwSFx3QW4NmDw8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.2 h1:0sdZ5cwfOAipTzZ7eOL0gw4LAhk/RZnTa16cDqIt8tg=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.2/go.mod h1:sDdvGhXrSVT5yzBDR7qXz+rhbpiMpUYfF3vJ01QSdrc=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 h1:DUwbD79T8gyQ23qVXFUthjzVMTviSHi3y4z58KvghhM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3/go.mod h1:7sGSz1JCKHWWBHq98m6sMtWQikmYPpxjqOydDemiVoM=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 h1:AplLJCtIaUZDCbr6+gLYdsYNxne4iuaboJhVt9d+WXI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3/go.mod h1:ify42Rb7nKeDDPkFjKn7q1bPscVPu/+gmHH8d2c+anU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 h1:rpkF4n0CyFcrJUG/rNNohoTmhtWlFTRI4BsZOh9PvLs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:l9ymW25HOqymeU2m1gbUQ3rUIsTwKs8gYHXkqDQUhiI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2 h1:h9I/GZ7POL9EOyFouZi7P3v0G8Sr/nMIo9uHIyk+NSU=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2/go.mod h1:adrwIPgzeyWkAyIlnH7SkTU/UTATCXncCR4fbxwYLhA=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2 h1:k2Swg+KnFtyS3GYy4sUXFUaULpiyrZJsW/8ehoT9/BA=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2/go.mod h1:mSL5mozBzBnMfrmjBe8eASqtOKeYZ4rFiSYAwN5PAGs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 h1:/XiEU7VIFcVWRDQLabyrSjBoKIm8UkYgsvWDuFW8Img=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 h1:M2w4kiMGJCCM6Ljmmx/l6mmpfa3gPJVpBencfnsgvqs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.25.3/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ=
+github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI=
+github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -95,8 +97,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.105.1 h1:3FjFDurw7po27Y0uHhdR+EvwNil06KCeu1Nx/0jZbmI=
-github.com/digitalocean/godo v1.105.1/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.106.0 h1:m5iErwl3xHovGFlawd50n54ntgXHt1BLsvU6BXsVxEU=
+github.com/digitalocean/godo v1.106.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -318,8 +320,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
-github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
+github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
+github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -539,8 +541,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.150.0 h1:Z9k22qD289SZ8gCJrk4DrWXkNjtfvKAUo/l1ma8eBYE=
-google.golang.org/api v0.150.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
+google.golang.org/api v0.151.0 h1:FhfXLO/NFdJIzQtCqjpysWwqKk8AzGWBUhMIx67cVDU=
+google.golang.org/api v0.151.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=

From 2ca9c84dbea8069829191d82f2e5218863fd07c4 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 22 Nov 2023 08:53:04 -0500
Subject: [PATCH 020/438] Unhide shell-completion flag (#2640)

---
 commands/completion.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/commands/completion.go b/commands/completion.go
index 448004555c..7f94348b40 100644
--- a/commands/completion.go
+++ b/commands/completion.go
@@ -25,7 +25,6 @@ func shellCompletionCommand() *cli.Command {
 	return &cli.Command{
 		Name:        "shell-completion",
 		Usage:       "generate shell completion scripts",
-		Hidden:      true,
 		ArgsUsage:   fmt.Sprintf("[ %s ]", strings.Join(supportedShells, " | ")),
 		Description: fmt.Sprintf("Generate shell completion script for [ %s ]", strings.Join(supportedShells, " | ")),
 		BashComplete: func(ctx *cli.Context) {

From 1470144c29140cc5e930735c4bc642a5889a8e33 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Wed, 22 Nov 2023 14:53:54 +0100
Subject: [PATCH 021/438] NS1: Downgrade ns1-go to 2.7.11 (#2642)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b5c5bb2bf8..649b1ba6d7 100644
--- a/go.mod
+++ b/go.mod
@@ -53,7 +53,7 @@ require (
 	golang.org/x/net v0.18.0
 	golang.org/x/oauth2 v0.14.0
 	google.golang.org/api v0.151.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.13
+	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
diff --git a/go.sum b/go.sum
index 7c36af7024..46812e5ec5 100644
--- a/go.sum
+++ b/go.sum
@@ -595,8 +595,8 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=
-gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
+gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From c7065e67943e00ac412cc9adb6cc21fe7b1c9a60 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 22 Nov 2023 09:30:24 -0500
Subject: [PATCH 022/438] DOCS: Expand integration tests explanation (#2645)

---
 documentation/integration-tests.md | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/documentation/integration-tests.md b/documentation/integration-tests.md
index dd068edaaf..f47327205b 100644
--- a/documentation/integration-tests.md
+++ b/documentation/integration-tests.md
@@ -12,8 +12,9 @@ For each step, it will run the config once and expect changes. It will run it ag
 
 ## Running a test
 
-1. Define all environment variables expected for the provider you wish to run. I setup a local `.env` file with the appropriate values and use [zoo](https://github.com/jsonmaur/zoo) to run my commands.
-2. run `go test -v -provider $NAME` where $NAME is the name of the provider you wish to run.
+1. The integration tests need a test domain to run on. All the records of this domain will be deleted!
+2. Define all environment variables expected for the provider you wish to run. I setup a local `.env` file with the appropriate values and use [zoo](https://github.com/jsonmaur/zoo) to run my commands.
+3. run `go test -v -provider $NAME` where $NAME is the name of the provider you wish to run.
 
 Example:
 
@@ -37,8 +38,22 @@ export ROUTE53_DOMAIN="testdomain.tld"
 go test -v -verbose -provider ROUTE53
 ```
 
+The `-start` and `-end` flags allow you to run just a portion of the tests.
+
+```shell
+go test -v -verbose -provider ROUTE53 -start 16
+go test -v -verbose -provider ROUTE53 -end 5
+go test -v -verbose -provider ROUTE53 -start 16 -end 20
+```
+
+The actual tests are in the file `integrationTest/integration_test.go`.  The
+tests are in a little language which can be used to describe just about any
+interaction with the API.  Look for the comment `START HERE` or the line
+`func makeTests` for instructions.
+
+
 {% hint style="warning" %}
-**WARNING**: The records in the test domain will be deleted.  Only use
+**WARNING**: THE RECORDS IN THE TEST DOMAIN WILL BE DELETED.  Only use
 a domain that is not used in production. Some providers have a way
 to run tests on domains that aren't registered (often a test
 environment or a side-effect of the company not being a registrar).

From 4fc88aa2dcd55bdc7f93d08b917bcd7810fe259e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 22 Nov 2023 09:38:58 -0500
Subject: [PATCH 023/438] RType AAAA: Add integration test for AAAA. (#2647)

---
 integrationTest/integration_test.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 046aa6926d..2fcba9d361 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -464,6 +464,10 @@ func a(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "A")
 }
 
+func aaaa(name, target string) *models.RecordConfig {
+	return makeRec(name, target, "AAAA")
+}
+
 func alias(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "ALIAS")
 }
@@ -873,7 +877,10 @@ func makeTests(t *testing.T) []*TestGroup {
 		// Narrative: That wasn't as hard as expected, eh?  Let's test the
 		// other basic record types like AAAA, CNAME, MX and TXT.
 
-		// AAAA: TODO(tlim) Add AAAA test.
+		testgroup("AAAA",
+			tc("Create AAAA", aaaa("testaaaa", "2607:f8b0:4006:820::2006")),
+			tc("Change AAAA target", aaaa("testaaaa", "2607:f8b0:4006:820::2013")),
+		),
 
 		// CNAME
 

From 919b19eac3cb7a4554ce6655bf06c99da105f08e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 22 Nov 2023 09:48:37 -0500
Subject: [PATCH 024/438] Build(deps): Bump github.com/go-jose/go-jose/v3 from
 3.0.0 to 3.0.1 (#2646)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 649b1ba6d7..14b6f7689e 100644
--- a/go.mod
+++ b/go.mod
@@ -95,7 +95,7 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
diff --git a/go.sum b/go.sum
index 46812e5ec5..cb9d22efdd 100644
--- a/go.sum
+++ b/go.sum
@@ -127,8 +127,8 @@ github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.6.0 h1:RgFoevggRRp7hF9XsOmWmtwbUg2axhe2ygEdd6Mtstc=
 github.com/go-gandi/go-gandi v0.6.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
-github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo=
-github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
+github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=

From bf9e48d06f522dfa8cd3449d71499f369a39838a Mon Sep 17 00:00:00 2001
From: Steven Hodges <127215833+shodges-vermeer@users.noreply.github.com>
Date: Fri, 24 Nov 2023 10:48:29 -0600
Subject: [PATCH 025/438] CLOUDFLARE: Update docs WRT domain creation (#2648)

---
 documentation/providers/cloudflareapi.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/documentation/providers/cloudflareapi.md b/documentation/providers/cloudflareapi.md
index 05001abcc2..aa32be0d9e 100644
--- a/documentation/providers/cloudflareapi.md
+++ b/documentation/providers/cloudflareapi.md
@@ -197,8 +197,7 @@ D("example2.tld", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
 
 ## New domains
 If a domain does not exist in your Cloudflare account, DNSControl
-will *not* automatically add it. You'll need to do that via the
-control panel manually or via the `dnscontrol create-domains` command.
+will automatically add it when `dnscontrol push` is executed.
 
 
 ## Redirects

From e783d7024cd62e29c46f4019e26d793e24c79e84 Mon Sep 17 00:00:00 2001
From: Jonathan Bouvier <jonathan.bouvier@gmail.com>
Date: Mon, 27 Nov 2023 17:50:21 -0500
Subject: [PATCH 026/438] ROUTE53: Allow R53_ALIAS records to enable target
 health evaluation (#2649)

---
 commands/getZones.go                          |  3 +
 commands/r53_test.go                          | 66 +++++++++++++++++++
 commands/types/dnscontrol.d.ts                | 13 +++-
 documentation/functions/domain/R53_ALIAS.md   |  6 +-
 .../record/R53_EVALUATE_TARGET_HEALTH.md      | 11 ++++
 integrationTest/integration_test.go           | 35 ++++++----
 models/target.go                              |  4 +-
 pkg/js/helpers.js                             | 19 +++++-
 pkg/js/parse_tests/019-r53-alias.js           |  1 +
 pkg/js/parse_tests/019-r53-alias.json         | 45 +++++++++----
 pkg/js/parse_tests/040-r53-zone.json          |  3 +-
 pkg/prettyzone/prettyzone_test.go             |  6 +-
 providers/route53/route53Provider.go          | 12 +++-
 13 files changed, 188 insertions(+), 36 deletions(-)
 create mode 100644 documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md

diff --git a/commands/getZones.go b/commands/getZones.go
index abc8349b81..97bba18168 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -395,6 +395,9 @@ func makeR53alias(rec *models.RecordConfig, ttl uint32) string {
 	if z, ok := rec.R53Alias["zone_id"]; ok {
 		items = append(items, `R53_ZONE("`+z+`")`)
 	}
+	if e, ok := rec.R53Alias["evaluate_target_health"]; ok && e == "true" {
+		items = append(items, "R53_EVALUATE_TARGET_HEALTH(true)")
+	}
 	if ttl != 0 {
 		items = append(items, fmt.Sprintf("TTL(%d)", ttl))
 	}
diff --git a/commands/r53_test.go b/commands/r53_test.go
index 46e281e6d7..27772bc3c9 100644
--- a/commands/r53_test.go
+++ b/commands/r53_test.go
@@ -68,3 +68,69 @@ func TestR53Test_2ttl(t *testing.T) {
 		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
 	}
 }
+
+func TestR53Test_3(t *testing.T) {
+	rec := models.RecordConfig{
+		Type:     "R53_ALIAS",
+		Name:     "foo",
+		NameFQDN: "foo.domain.tld",
+	}
+	rec.SetTarget("bar")
+	rec.R53Alias = make(map[string]string)
+	rec.R53Alias["type"] = "A"
+	rec.R53Alias["evaluate_target_health"] = "true"
+	w := `R53_ALIAS("foo", "A", "bar", R53_EVALUATE_TARGET_HEALTH(true))`
+	if g := makeR53alias(&rec, 0); g != w {
+		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
+	}
+}
+
+func TestR53Test_3ttl(t *testing.T) {
+	rec := models.RecordConfig{
+		Type:     "R53_ALIAS",
+		Name:     "foo",
+		NameFQDN: "foo.domain.tld",
+	}
+	rec.SetTarget("bar")
+	rec.R53Alias = make(map[string]string)
+	rec.R53Alias["type"] = "A"
+	rec.R53Alias["evaluate_target_health"] = "true"
+	w := `R53_ALIAS("foo", "A", "bar", R53_EVALUATE_TARGET_HEALTH(true), TTL(123))`
+	if g := makeR53alias(&rec, 123); g != w {
+		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
+	}
+}
+
+func TestR53Test_4(t *testing.T) {
+	rec := models.RecordConfig{
+		Type:     "R53_ALIAS",
+		Name:     "foo",
+		NameFQDN: "foo.domain.tld",
+	}
+	rec.SetTarget("bar")
+	rec.R53Alias = make(map[string]string)
+	rec.R53Alias["type"] = "A"
+	rec.R53Alias["zone_id"] = "blarg"
+	rec.R53Alias["evaluate_target_health"] = "true"
+	w := `R53_ALIAS("foo", "A", "bar", R53_ZONE("blarg"), R53_EVALUATE_TARGET_HEALTH(true))`
+	if g := makeR53alias(&rec, 0); g != w {
+		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
+	}
+}
+
+func TestR53Test_4ttl(t *testing.T) {
+	rec := models.RecordConfig{
+		Type:     "R53_ALIAS",
+		Name:     "foo",
+		NameFQDN: "foo.domain.tld",
+	}
+	rec.SetTarget("bar")
+	rec.R53Alias = make(map[string]string)
+	rec.R53Alias["type"] = "A"
+	rec.R53Alias["zone_id"] = "blarg"
+	rec.R53Alias["evaluate_target_health"] = "true"
+	w := `R53_ALIAS("foo", "A", "bar", R53_ZONE("blarg"), R53_EVALUATE_TARGET_HEALTH(true), TTL(123))`
+	if g := makeR53alias(&rec, 123); g != w {
+		t.Errorf("makeR53alias failure: got `%s` want `%s`", g, w)
+	}
+}
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 0fac62a7f9..58c9d8ad2a 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2279,11 +2279,13 @@ declare const PURGE: DomainModifier;
  * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
  * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
  *
+ * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53_EVALUATE_TARGET_HEALTH.md) record modifier.
+ *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
  *   R53_ALIAS("foo", "A", "bar"),                              // record in same zone
  *   R53_ALIAS("foo", "A", "bar", R53_ZONE("Z35SXDOTRQ7X7K")),  // record in same zone, zone specified
- *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0")),     // a classic ELB in us-west-1
+ *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
  *   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
  *   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
  * );
@@ -2291,7 +2293,14 @@ declare const PURGE: DomainModifier;
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/amazon-route-53/r53_alias
  */
-declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier): DomainModifier;
+declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier, evaluatetargethealthModifier: RecordModifier): DomainModifier;
+
+/**
+ * `R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_evaluate_target_health
+ */
+declare function R53_EVALUATE_TARGET_HEALTH(enabled: bool): RecordModifier;
 
 /**
  * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
diff --git a/documentation/functions/domain/R53_ALIAS.md b/documentation/functions/domain/R53_ALIAS.md
index 3754a22c39..cd0e3737f5 100644
--- a/documentation/functions/domain/R53_ALIAS.md
+++ b/documentation/functions/domain/R53_ALIAS.md
@@ -4,10 +4,12 @@ parameters:
   - name
   - target
   - ZONE_ID modifier
+  - EvaluateTargetHealth modifier
 parameter_types:
   name: string
   target: string
   ZONE_ID modifier: DomainModifier & RecordModifier
+  EvaluateTargetHealth modifier: RecordModifier
 provider: ROUTE53
 ---
 
@@ -37,12 +39,14 @@ The zone id can be found depending on the target type:
 * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
 * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
 
+Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53_EVALUATE_TARGET_HEALTH.md) record modifier.
+
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
   R53_ALIAS("foo", "A", "bar"),                              // record in same zone
   R53_ALIAS("foo", "A", "bar", R53_ZONE("Z35SXDOTRQ7X7K")),  // record in same zone, zone specified
-  R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0")),     // a classic ELB in us-west-1
+  R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
 );
diff --git a/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md b/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
new file mode 100644
index 0000000000..7ed12b3853
--- /dev/null
+++ b/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
@@ -0,0 +1,11 @@
+---
+name: R53_EVALUATE_TARGET_HEALTH
+parameters:
+  - enabled
+parameter_types:
+  enabled: bool
+ts_return: RecordModifier
+provider: ROUTE53
+---
+
+`R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 2fcba9d361..821d1f09e5 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -597,10 +597,11 @@ func ptr(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "PTR")
 }
 
-func r53alias(name, aliasType, target string) *models.RecordConfig {
+func r53alias(name, aliasType, target, evalTargetHealth string) *models.RecordConfig {
 	r := makeRec(name, target, "R53_ALIAS")
 	r.R53Alias = map[string]string{
-		"type": aliasType,
+		"type":                   aliasType,
+		"evaluate_target_health": evalTargetHealth,
 	}
 	return r
 }
@@ -1581,12 +1582,12 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("ALIAS to A record in same zone",
 				a("kyle", "1.2.3.4"),
 				a("cartman", "2.3.4.5"),
-				r53alias("kenny", "A", "kyle.**current-domain**"),
+				r53alias("kenny", "A", "kyle.**current-domain**", "false"),
 			),
 			tc("modify an r53 alias",
 				a("kyle", "1.2.3.4"),
 				a("cartman", "2.3.4.5"),
-				r53alias("kenny", "A", "cartman.**current-domain**"),
+				r53alias("kenny", "A", "cartman.**current-domain**", "false"),
 			),
 		),
 
@@ -1599,12 +1600,12 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("add an alias to 18",
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
 				cname("dev-system19", "ec2-54-91-99-999.compute-1.amazonaws.com."),
-				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**", "false"),
 			),
 			tc("modify alias to 19",
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
 				cname("dev-system19", "ec2-54-91-99-999.compute-1.amazonaws.com."),
-				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**", "false"),
 			),
 			tc("remove alias",
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
@@ -1613,17 +1614,17 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("add an alias back",
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
 				cname("dev-system19", "ec2-54-91-99-999.compute-1.amazonaws.com."),
-				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**", "false"),
 			),
 			tc("remove cnames",
-				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system19.**current-domain**", "false"),
 			),
 		),
 
 		testgroup("R53_ALIAS_CNAME",
 			requires(providers.CanUseRoute53Alias),
 			tc("create alias+cname in one step",
-				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**", "false"),
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
 			),
 		),
@@ -1634,7 +1635,7 @@ func makeTests(t *testing.T) []*TestGroup {
 			// See https://github.com/StackExchange/dnscontrol/issues/2107
 			requires(providers.CanUseRoute53Alias),
 			tc("loop should fail",
-				r53alias("test-islandora", "CNAME", "test-islandora.**current-domain**"),
+				r53alias("test-islandora", "CNAME", "test-islandora.**current-domain**", "false"),
 			),
 		),
 
@@ -1642,7 +1643,7 @@ func makeTests(t *testing.T) []*TestGroup {
 		testgroup("R53_alias pre-existing",
 			requires(providers.CanUseRoute53Alias),
 			tc("Create some records",
-				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**"),
+				r53alias("dev-system", "CNAME", "dev-system18.**current-domain**", "false"),
 				cname("dev-system18", "ec2-54-91-33-155.compute-1.amazonaws.com."),
 			),
 			tc("Add a new record - ignoring foo",
@@ -1651,6 +1652,18 @@ func makeTests(t *testing.T) []*TestGroup {
 			),
 		),
 
+		testgroup("R53_alias evaluate_target_health",
+			requires(providers.CanUseRoute53Alias),
+			tc("Create alias and cname",
+				r53alias("test-record", "CNAME", "test-record-1.**current-domain**", "false"),
+				cname("test-record-1", "ec2-54-91-33-155.compute-1.amazonaws.com."),
+			),
+			tc("modify evaluate target health",
+				r53alias("test-record", "CNAME", "test-record-1.**current-domain**", "true"),
+				cname("test-record-1", "ec2-54-91-33-155.compute-1.amazonaws.com."),
+			),
+		),
+
 		// CLOUDFLAREAPI features
 
 		testgroup("CF_REDIRECT",
diff --git a/models/target.go b/models/target.go
index 5602c3a71e..55a843c937 100644
--- a/models/target.go
+++ b/models/target.go
@@ -49,7 +49,7 @@ func (rc *RecordConfig) GetTargetCombined() string {
 		switch rc.Type { // #rtype_variations
 		case "R53_ALIAS":
 			// Differentiate between multiple R53_ALIASs on the same label.
-			return fmt.Sprintf("%s atype=%s zone_id=%s", rc.target, rc.R53Alias["type"], rc.R53Alias["zone_id"])
+			return fmt.Sprintf("%s atype=%s zone_id=%s evaluate_target_health=%s", rc.target, rc.R53Alias["type"], rc.R53Alias["zone_id"], rc.R53Alias["evaluate_target_health"])
 		case "AZURE_ALIAS":
 			// Differentiate between multiple AZURE_ALIASs on the same label.
 			return fmt.Sprintf("%s atype=%s", rc.target, rc.AzureAlias["type"])
@@ -115,7 +115,7 @@ func (rc *RecordConfig) GetTargetDebug() string {
 	case "NAPTR":
 		content += fmt.Sprintf(" naptrorder=%d naptrpreference=%d naptrflags=%s naptrservice=%s naptrregexp=%s", rc.NaptrOrder, rc.NaptrPreference, rc.NaptrFlags, rc.NaptrService, rc.NaptrRegexp)
 	case "R53_ALIAS":
-		content += fmt.Sprintf(" type=%s zone_id=%s", rc.R53Alias["type"], rc.R53Alias["zone_id"])
+		content += fmt.Sprintf(" type=%s zone_id=%s evaluate_target_health=%s", rc.R53Alias["type"], rc.R53Alias["zone_id"], rc.R53Alias["evaluate_target_health"])
 	case "SOA":
 		content = fmt.Sprintf("%s ns=%v mbox=%v serial=%v refresh=%v retry=%v expire=%v minttl=%v", rc.Type, rc.target, rc.SoaMbox, rc.SoaSerial, rc.SoaRefresh, rc.SoaRetry, rc.SoaExpire, rc.SoaMinttl)
 	case "SRV":
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index df15af2ca2..ac817adc53 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -328,8 +328,14 @@ var R53_ALIAS = recordBuilder('R53_ALIAS', {
         record.target = args.target;
         if (_.isObject(record.r53_alias)) {
             record.r53_alias['type'] = args.type;
+            if (!_.isString(record.r53_alias['evaluate_target_health'])) {
+                record.r53_alias['evaluate_target_health'] = 'false';
+            }
         } else {
-            record.r53_alias = { type: args.type };
+            record.r53_alias = {
+                type: args.type,
+                evaluate_target_health: 'false',
+            };
         }
     },
 });
@@ -347,6 +353,17 @@ function R53_ZONE(zone_id) {
     };
 }
 
+// R53_EVALUATE_TARGET_HEALTH(enabled)
+function R53_EVALUATE_TARGET_HEALTH(enabled) {
+    return function (r) {
+        if (_.isObject(r.r53_alias)) {
+            r.r53_alias['evaluate_target_health'] = enabled.toString();
+        } else {
+            r.r53_alias = { evaluate_target_health: enabled.toString() };
+        }
+    };
+}
+
 function validateR53AliasType(value) {
     if (!_.isString(value)) {
         return false;
diff --git a/pkg/js/parse_tests/019-r53-alias.js b/pkg/js/parse_tests/019-r53-alias.js
index 9fae124639..6c3f55a5e1 100644
--- a/pkg/js/parse_tests/019-r53-alias.js
+++ b/pkg/js/parse_tests/019-r53-alias.js
@@ -2,6 +2,7 @@ D("foo.com", "none",
   R53_ALIAS("mxtest", "MX", "foo.com."),
   R53_ALIAS("atest", "A", "foo.com."),
   R53_ALIAS("atest", "A", "foo.com.", R53_ZONE("Z2FTEDLFRTF")),
+  R53_ALIAS("aevaltargethealthtest", "A", "foo.com.", R53_EVALUATE_TARGET_HEALTH(true)),
   R53_ALIAS("aaaatest", "AAAA", "foo.com."),
   R53_ALIAS("aaaatest", "AAAA", "foo.com.", R53_ZONE("ERERTFGFGF")),
   R53_ALIAS("cnametest", "CNAME", "foo.com."),
diff --git a/pkg/js/parse_tests/019-r53-alias.json b/pkg/js/parse_tests/019-r53-alias.json
index 8e91cec69b..40136a072c 100644
--- a/pkg/js/parse_tests/019-r53-alias.json
+++ b/pkg/js/parse_tests/019-r53-alias.json
@@ -12,7 +12,8 @@
           "name": "mxtest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "MX"
+            "type": "MX",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -20,7 +21,8 @@
           "name": "atest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "A"
+            "type": "A",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -29,7 +31,17 @@
           "target": "foo.com.",
           "r53_alias": {
             "type": "A",
-            "zone_id": "Z2FTEDLFRTF"
+            "zone_id": "Z2FTEDLFRTF",
+            "evaluate_target_health": "false"
+          }
+        },
+        {
+          "type": "R53_ALIAS",
+          "name": "aevaltargethealthtest",
+          "target": "foo.com.",
+          "r53_alias": {
+            "type": "A",
+            "evaluate_target_health": "true"
           }
         },
         {
@@ -37,7 +49,8 @@
           "name": "aaaatest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "AAAA"
+            "type": "AAAA",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -46,7 +59,8 @@
           "target": "foo.com.",
           "r53_alias": {
             "type": "AAAA",
-            "zone_id": "ERERTFGFGF"
+            "zone_id": "ERERTFGFGF",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -54,7 +68,8 @@
           "name": "cnametest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "CNAME"
+            "type": "CNAME",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -62,7 +77,8 @@
           "name": "ptrtest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "PTR"
+            "type": "PTR",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -70,7 +86,8 @@
           "name": "txttest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "TXT"
+            "type": "TXT",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -78,7 +95,8 @@
           "name": "srvtest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "SRV"
+            "type": "SRV",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -86,7 +104,8 @@
           "name": "spftest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "SPF"
+            "type": "SPF",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -94,7 +113,8 @@
           "name": "caatest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "CAA"
+            "type": "CAA",
+            "evaluate_target_health": "false"
           }
         },
         {
@@ -102,7 +122,8 @@
           "name": "naptrtest",
           "target": "foo.com.",
           "r53_alias": {
-            "type": "NAPTR"
+            "type": "NAPTR",
+            "evaluate_target_health": "false"
           }
         }
       ]
diff --git a/pkg/js/parse_tests/040-r53-zone.json b/pkg/js/parse_tests/040-r53-zone.json
index 08ab64f213..96f2fae7c1 100644
--- a/pkg/js/parse_tests/040-r53-zone.json
+++ b/pkg/js/parse_tests/040-r53-zone.json
@@ -21,7 +21,8 @@
           "name": "atest",
           "r53_alias": {
             "type": "A",
-            "zone_id": "Z2FTEDLFRTZ"
+            "zone_id": "Z2FTEDLFRTZ",
+            "evaluate_target_health": "false"
           },
           "target": "foo.com."
         }
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 88f93454dd..38070d9e34 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -323,10 +323,10 @@ func TestWriteZoneFileSynth(t *testing.T) {
 ; c4
 @                IN A     192.30.252.153
                  IN A     192.30.252.154
-;myalias          IN R53_ALIAS  atype= zone_id=
-;myalias          IN R53_ALIAS  atype= zone_id=
+;myalias          IN R53_ALIAS  atype= zone_id= evaluate_target_health=
+;myalias          IN R53_ALIAS  atype= zone_id= evaluate_target_health=
 www              IN CNAME bosun.org.
-;zalias           IN R53_ALIAS  atype= zone_id=
+;zalias           IN R53_ALIAS  atype= zone_id= evaluate_target_health=
 `
 	if buf.String() != expected {
 		t.Log(buf.String())
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index fd3e7dd1f9..b1458d370c 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"log"
 	"sort"
+	"strconv"
 	"strings"
 	"time"
 	"unicode/utf8"
@@ -435,8 +436,9 @@ func nativeToRecords(set r53Types.ResourceRecordSet, origin string) ([]*models.R
 			Type: "R53_ALIAS",
 			TTL:  300,
 			R53Alias: map[string]string{
-				"type":    string(set.Type),
-				"zone_id": aws.ToString(set.AliasTarget.HostedZoneId),
+				"type":                   string(set.Type),
+				"zone_id":                aws.ToString(set.AliasTarget.HostedZoneId),
+				"evaluate_target_health": strconv.FormatBool(set.AliasTarget.EvaluateTargetHealth),
 			},
 		}
 		rc.SetLabelFromFQDN(unescape(set.Name), origin)
@@ -510,12 +512,16 @@ func nativeToRecords(set r53Types.ResourceRecordSet, origin string) ([]*models.R
 func aliasToRRSet(zone r53Types.HostedZone, r *models.RecordConfig) *r53Types.ResourceRecordSet {
 	target := r.GetTargetField()
 	zoneID := getZoneID(zone, r)
+	evalTargetHealth, err := strconv.ParseBool(r.R53Alias["evaluate_target_health"])
+	if err != nil {
+		evalTargetHealth = false
+	}
 	rrset := &r53Types.ResourceRecordSet{
 		Type: r53Types.RRType(r.R53Alias["type"]),
 		AliasTarget: &r53Types.AliasTarget{
 			DNSName:              &target,
 			HostedZoneId:         aws.String(zoneID),
-			EvaluateTargetHealth: false,
+			EvaluateTargetHealth: evalTargetHealth,
 		},
 	}
 	return rrset

From b5010e7d9ca060029c4c5235a3476fcfc6e29e17 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 27 Nov 2023 18:04:48 -0500
Subject: [PATCH 027/438] DOCS: Warn against common integration test mistake
 (#2653)

---
 documentation/adding-new-rtypes.md       | 3 ++-
 documentation/integration-tests.md       | 3 ++-
 documentation/providers/cloudflareapi.md | 1 +
 documentation/providers/hexonet.md       | 2 +-
 documentation/writing-providers.md       | 3 ++-
 5 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index 264bef43cc..02f486c092 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -252,7 +252,7 @@ in the source code.
 To run the integration test with the BIND provider:
 
 ```shell
-cd integrationTest/
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider BIND
 ```
 
@@ -275,6 +275,7 @@ For example, this will run the tests on Amazon AWS Route53:
 export R53_DOMAIN=dnscontroltest-r53.com  # Use a test domain.
 export R53_KEY_ID=CHANGE_TO_THE_ID
 export R53_KEY='CHANGE_TO_THE_KEY'
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider ROUTE53
 ```
 
diff --git a/documentation/integration-tests.md b/documentation/integration-tests.md
index f47327205b..af81388071 100644
--- a/documentation/integration-tests.md
+++ b/documentation/integration-tests.md
@@ -14,7 +14,7 @@ For each step, it will run the config once and expect changes. It will run it ag
 
 1. The integration tests need a test domain to run on. All the records of this domain will be deleted!
 2. Define all environment variables expected for the provider you wish to run. I setup a local `.env` file with the appropriate values and use [zoo](https://github.com/jsonmaur/zoo) to run my commands.
-3. run `go test -v -provider $NAME` where $NAME is the name of the provider you wish to run.
+3. run `cd integrationTest && go test -v -provider $NAME` where $NAME is the name of the provider you wish to run.
 
 Example:
 
@@ -35,6 +35,7 @@ export ROUTE53_DOMAIN="testdomain.tld"
 ```
 
 ```shell
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider ROUTE53
 ```
 
diff --git a/documentation/providers/cloudflareapi.md b/documentation/providers/cloudflareapi.md
index aa32be0d9e..2a181fcb0b 100644
--- a/documentation/providers/cloudflareapi.md
+++ b/documentation/providers/cloudflareapi.md
@@ -265,6 +265,7 @@ This flag is intended for use with legacy domains where the integration test cre
 have access to read/edit Workers. This flag will eventually go away.
 
 ```shell
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider CLOUDFLAREAPI -cfworkers=false
 ```
 
diff --git a/documentation/providers/hexonet.md b/documentation/providers/hexonet.md
index 5fc8539fbe..5a2dbcbec1 100644
--- a/documentation/providers/hexonet.md
+++ b/documentation/providers/hexonet.md
@@ -57,11 +57,11 @@ dnscontrol get-zones --format=nameonly hexonet HEXONET  all
 ```
 ```shell
 # Review the output.  Pick one domain and set HEXONET_DOMAIN.
-cd integrationTest/
 export HEXONET_DOMAIN=yodream.com            # Pick a domain name.
 export HEXONET_ENTITY=OTE
 export HEXONET_UID=test.user
 export HEXONET_PW=test.passw0rd
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider HEXONET
 ```
 
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index b83e83f962..2f1435366a 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -181,7 +181,7 @@ Integration tests use a test account and a real domain.
 For example, this will run the tests using BIND:
 
 ```shell
-cd integrationTest/
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider BIND
 ```
 
@@ -193,6 +193,7 @@ This will run the tests on Amazon AWS Route53:
 export R53_DOMAIN=dnscontroltest-r53.com  # Use a test domain.
 export R53_KEY_ID='CHANGE_TO_THE_ID'
 export R53_KEY='CHANGE_TO_THE_KEY'
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
 go test -v -verbose -provider ROUTE53
 ```
 

From 69fb3b26d3f53bd1ebc9cc3034337f04c7c27c6b Mon Sep 17 00:00:00 2001
From: Brice Figureau <brice+github@figureau.eu>
Date: Tue, 28 Nov 2023 00:18:24 +0100
Subject: [PATCH 028/438] OVH: Allow ovh provider to connect to other endpoints
 than EU (#2625) (#2651)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/ovh.md    | 21 +++++++++++--
 integrationTest/providers.json    |  3 +-
 providers/ovh/ovhProvider.go      | 29 ++++++++++++++++--
 providers/ovh/ovhProvider_test.go | 51 +++++++++++++++++++++++++++++++
 4 files changed, 98 insertions(+), 6 deletions(-)
 create mode 100644 providers/ovh/ovhProvider_test.go

diff --git a/documentation/providers/ovh.md b/documentation/providers/ovh.md
index 70d0153ede..dd19ccd7c6 100644
--- a/documentation/providers/ovh.md
+++ b/documentation/providers/ovh.md
@@ -1,7 +1,7 @@
 ## Configuration
 
 To use this provider, add an entry to `creds.json` with `TYPE` set to `OVH`
-along with a OVH app-key, app-secret-key and consumer-key.
+along with a OVH app-key, app-secret-key, consumer-key and optionally endpoint.
 
 Example:
 
@@ -12,7 +12,8 @@ Example:
     "TYPE": "OVH",
     "app-key": "your app key",
     "app-secret-key": "your app secret key",
-    "consumer-key": "your consumer key"
+    "consumer-key": "your consumer key",
+    "endpoint": "eu"
   }
 }
 ```
@@ -20,6 +21,13 @@ Example:
 
 See [the Activation section](#activation) for details on obtaining these credentials.
 
+`endpoint` can take the following values:
+
+* `eu` (the default), for connecting to the OVH European endpoint
+* `ca` for connecting to OVH Canada API endpoint
+* `us` for connecting to the OVH USA API endpoint
+* an url for connecting to a different endpoint than the ones above
+
 ## Metadata
 
 This provider does not recognize any special metadata fields unique to OVH.
@@ -58,7 +66,7 @@ To obtain the OVH keys, one need to register an app at OVH by following the
 [OVH API Getting Started](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/)
 
 It consist in declaring the app at https://eu.api.ovh.com/createApp/
-which gives the `app-key` and `app-secret-key`.
+which gives the `app-key` and `app-secret-key`. If your domains and zones are located in another region, see below for the correct url to use.
 
 Once done, to obtain the `consumer-key` it is necessary to authorize the just created app
 to access the data in a specific account:
@@ -115,6 +123,13 @@ authorizing it to access your zones and domains.
 
 Do not forget to fill the `consumer-key` of your `creds.json`.
 
+For accessing the other international endpoints such as US and CA, change the `https://eu.api.ovh.com` used above to one of the following:
+
+* Canada endpoint: `https://ca.api.ovh.com`
+* US endpoint: `https://api.us.ovhcloud.com`
+
+Do not forget to fill the `endpoint` of your `creds.json` if you use an endpoint different than the EU one.
+
 ## New domains
 
 If a domain does not exist in your OVH account, DNSControl
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index 019876b8d5..ac55cbe51c 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -232,7 +232,8 @@
     "app-key": "$OVH_APP_KEY",
     "app-secret-key": "$OVH_APP_SECRET_KEY",
     "consumer-key": "$OVH_CONSUMER_KEY",
-    "domain": "$OVH_DOMAIN"
+    "domain": "$OVH_DOMAIN",
+    "endpoint": "$OVH_ENDPOINT"
   },
   "PACKETFRAME": {
     "TYPE": "PACKETFRAME",
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index d3db32430b..c10f00e818 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -34,7 +34,7 @@ var features = providers.DocumentationNotes{
 func newOVH(m map[string]string, metadata json.RawMessage) (*ovhProvider, error) {
 	appKey, appSecretKey, consumerKey := m["app-key"], m["app-secret-key"], m["consumer-key"]
 
-	c, err := ovh.NewClient(ovh.OvhEU, appKey, appSecretKey, consumerKey)
+	c, err := ovh.NewClient(getOVHEndpoint(m), appKey, appSecretKey, consumerKey)
 	if c == nil {
 		return nil, err
 	}
@@ -46,6 +46,22 @@ func newOVH(m map[string]string, metadata json.RawMessage) (*ovhProvider, error)
 	return ovh, nil
 }
 
+func getOVHEndpoint(params map[string]string) string {
+	if ep, ok := params["endpoint"]; ok && ep != "" {
+		switch strings.ToLower(ep) {
+		case "eu":
+			return ovh.OvhEU
+		case "ca":
+			return ovh.OvhCA
+		case "us":
+			return ovh.OvhUS
+		default:
+			return ep
+		}
+	}
+	return ovh.OvhEU
+}
+
 func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	return newOVH(conf, metadata)
 }
@@ -126,7 +142,16 @@ func (c *ovhProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual
 		return nil, err
 	}
 
-	if len(corrections) > 0 {
+	// Only refresh zone if there's a real modification
+	reportOnlyCorrections := true
+	for _, c := range corrections {
+		if c.F != nil {
+			reportOnlyCorrections = false
+			break
+		}
+	}
+
+	if !reportOnlyCorrections {
 		corrections = append(corrections, &models.Correction{
 			Msg: "REFRESH zone " + dc.Name,
 			F: func() error {
diff --git a/providers/ovh/ovhProvider_test.go b/providers/ovh/ovhProvider_test.go
new file mode 100644
index 0000000000..b5a07cea88
--- /dev/null
+++ b/providers/ovh/ovhProvider_test.go
@@ -0,0 +1,51 @@
+package ovh
+
+import (
+	"testing"
+
+	"github.com/ovh/go-ovh/ovh"
+)
+
+func Test_getOVHEndpoint(t *testing.T) {
+	tests := []struct {
+		name     string
+		endpoint string
+		want     string
+	}{
+		{
+			"default to EU", "", ovh.OvhEU,
+		},
+		{
+			"default to EU if omitted", "omitted", ovh.OvhEU,
+		},
+		{
+			"set to EU", "eu", ovh.OvhEU,
+		},
+		{
+			"set to CA", "ca", ovh.OvhCA,
+		},
+		{
+			"set to US", "us", ovh.OvhUS,
+		},
+		{
+			"case insensitive", "Eu", ovh.OvhEU,
+		},
+		{
+			"case insensitive ca", "CA", ovh.OvhCA,
+		},
+		{
+			"arbitratry", "https://blah", "https://blah",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			params := make(map[string]string)
+			if tt.endpoint != "" && tt.endpoint != "omitted" {
+				params["endpoint"] = tt.endpoint
+			}
+			if got := getOVHEndpoint(params); got != tt.want {
+				t.Errorf("getOVHEndpoint() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

From 51104ce775913aed6f9c8e69fd1973f7fe145c42 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 28 Nov 2023 07:06:14 -0500
Subject: [PATCH 029/438] CICD: Use GHA concurrency groups to prevent tests
 from clobbering each other (#2654)

---
 .github/workflows/pr_test.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index ec3601f0c4..8727f721c1 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -171,7 +171,8 @@ jobs:
       TRANSIP_ACCOUNT_NAME: ${{ secrets.TRANSIP_ACCOUNT_NAME }}
       TRANSIP_PRIVATE_KEY: ${{ secrets.TRANSIP_PRIVATE_KEY }}
 
-    concurrency: ${{ matrix.provider }}
+    concurrency:
+      group: ${{ github.workflow }}-${{ matrix.provider }}
     strategy:
       fail-fast: false
       matrix:

From 37e21030a21089b8989786caa0792fb7f349582a Mon Sep 17 00:00:00 2001
From: Matthew Gamble <mgamble@mgamble.ca>
Date: Tue, 28 Nov 2023 16:26:08 -0500
Subject: [PATCH 030/438] NEW PROVIDER: Azure Private DNS Zones (#2626)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 OWNERS                                        |   1 +
 README.md                                     |   1 +
 documentation/SUMMARY.md                      |   1 +
 documentation/providers.md                    |   1 +
 documentation/providers/azure_private_dns.md  |  74 +++
 go.mod                                        |   1 +
 go.sum                                        |   6 +
 providers/azure_private_dns/auditrecords.go   |  17 +
 .../azurePrivateDnsProvider.go                | 534 ++++++++++++++++++
 9 files changed, 636 insertions(+)
 create mode 100644 documentation/providers/azure_private_dns.md
 create mode 100644 providers/azure_private_dns/auditrecords.go
 create mode 100644 providers/azure_private_dns/azurePrivateDnsProvider.go

diff --git a/OWNERS b/OWNERS
index b1b524718e..7c34732a41 100644
--- a/OWNERS
+++ b/OWNERS
@@ -2,6 +2,7 @@ providers/akamaiedgedns @svernick
 providers/autodns @arnoschoon
 providers/axfrddns @hnrgrgr
 providers/azuredns @vatsalyagoel
+providers/azure_private_dns @matthewmgamble
 providers/bind @tlimoncelli
 providers/cloudflare @tresni
 providers/cloudns @pragmaton
diff --git a/README.md b/README.md
index 1b658f66b0..bacfcf734a 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ Currently supported DNS providers:
 - AWS Route 53
 - AXFR+DDNS
 - Azure DNS
+- Azure Private DNS
 - BIND
 - Cloudflare
 - ClouDNS
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index b8e9f87910..b26e56638b 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -100,6 +100,7 @@
     * [AutoDNS](providers/autodns.md)
     * [AXFR+DDNS](providers/axfrddns.md)
     * [Azure DNS](providers/azure_dns.md)
+    * [Azure Private DNS](providers/azure_private_dns.md)
     * [BIND](providers/bind.md)
     * [Cloudflare](providers/cloudflareapi.md)
     * [ClouDNS](providers/cloudns.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 4f2c37a2ab..798450a838 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -76,6 +76,7 @@ Providers in this category and their maintainers are:
 |Name|Maintainer|
 |---|---|
 |[`AZURE_DNS`](providers/azure_dns.md)|@vatsalyagoel|
+[[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble]
 |[`BIND`](providers/bind.md)|@tlimoncelli|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
 |[`CSCGLOBAL`](providers/cscglobal.md)|@mikenz|
diff --git a/documentation/providers/azure_private_dns.md b/documentation/providers/azure_private_dns.md
new file mode 100644
index 0000000000..b55feccd7e
--- /dev/null
+++ b/documentation/providers/azure_private_dns.md
@@ -0,0 +1,74 @@
+## Configuration
+
+This provider is for the [Azure Private DNS Service](https://learn.microsoft.com/en-us/azure/dns/private-dns-overview).  This provider can only manage Azure Private DNS zones and will not manage public Azure DNS zones. To use this provider, add an entry to `creds.json` with `TYPE` set to `AZURE_PRIVATE_DNS`
+along with the API credentials.
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "azure_private_dns_main": {
+    "TYPE": "AZURE_PRIVATE_DNS",
+    "SubscriptionID": "AZURE_PRIVATE_SUBSCRIPTION_ID",
+    "ResourceGroup": "AZURE_PRIVATE_RESOURCE_GROUP",
+    "TenantID": "AZURE_PRIVATE_TENANT_ID",
+    "ClientID": "AZURE_PRIVATE_CLIENT_ID",
+    "ClientSecret": "AZURE_PRIVATE_CLIENT_SECRET"
+  }
+}
+```
+{% endcode %}
+
+You can also use environment variables:
+
+```shell
+export AZURE_SUBSCRIPTION_ID=XXXXXXXXX
+export AZURE_RESOURCE_GROUP=YYYYYYYYY
+export AZURE_TENANT_ID=ZZZZZZZZ
+export AZURE_CLIENT_ID=AAAAAAAAA
+export AZURE_CLIENT_SECRET=BBBBBBBBB
+```
+
+{% code title="creds.json" %}
+```json
+{
+  "azure_private_dns_main": {
+    "TYPE": "AZURE_PRIVATE_DNS",
+    "SubscriptionID": "$AZURE_PRIVATE_SUBSCRIPTION_ID",
+    "ResourceGroup": "$AZURE_PRIVATE_RESOURCE_GROUP",
+    "ClientID": "$AZURE_PRIVATE_CLIENT_ID",
+    "TenantID": "$AZURE_PRIVATE_TENANT_ID",
+    "ClientSecret": "$AZURE_PRIVATE_CLIENT_SECRET"
+  }
+}
+```
+{% endcode %}
+
+## Metadata
+This provider does not recognize any special metadata fields unique to Azure Private DNS.
+
+## Usage
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_AZURE_PRIVATE_MAIN = NewDnsProvider("azure_private_dns_main");
+
+D("example.com", REG_NONE, DnsProvider(DSP_AZURE_PRIVATE_MAIN),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}
+
+## Activation
+DNSControl depends on a standard [Client credentials Authentication](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) with permission to list, create and update private zones.  
+
+## New domains
+
+If a domain does not exist in your Azure account, DNSControl will *not* automatically add it with the `push` command. You can do that manually via the control panel.
+
+## Caveats
+
+The ResourceGroup is case sensitive.
diff --git a/go.mod b/go.mod
index 14b6f7689e..38f253058a 100644
--- a/go.mod
+++ b/go.mod
@@ -7,6 +7,7 @@ toolchain go1.21.1
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
 	github.com/PuerkitoBio/goquery v1.8.1
diff --git a/go.sum b/go.sum
index cb9d22efdd..885ea93a7f 100644
--- a/go.sum
+++ b/go.sum
@@ -11,6 +11,12 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EX
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0/go.mod h1:copqlcjMWc/wgQ1N2fzsJFQxDdqKGg1EQt8T5wJMOGE=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 h1:rR8ZW79lE/ppfXTfiYSnMFv5EzmVuY4pfZWIkscIJ64=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0/go.mod h1:y2zXtLSMM/X5Mfawq0lOftpWn3f4V6OCsRdINsvWBPI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0/go.mod h1:s1tW/At+xHqjNFvWU4G0c0Qv33KOhvbGNj0RCTQDV8s=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
diff --git a/providers/azure_private_dns/auditrecords.go b/providers/azure_private_dns/auditrecords.go
new file mode 100644
index 0000000000..6c478a955d
--- /dev/null
+++ b/providers/azure_private_dns/auditrecords.go
@@ -0,0 +1,17 @@
+package azure_private_dns
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+
+	a.Add("MX", rejectif.MxNull) // Last verified 2020-12-28
+
+	return a.Audit(records)
+}
diff --git a/providers/azure_private_dns/azurePrivateDnsProvider.go b/providers/azure_private_dns/azurePrivateDnsProvider.go
new file mode 100644
index 0000000000..7ba34adc03
--- /dev/null
+++ b/providers/azure_private_dns/azurePrivateDnsProvider.go
@@ -0,0 +1,534 @@
+package azure_private_dns
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	aauth "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	adns "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns"
+	"github.com/Azure/go-autorest/autorest/to"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+)
+
+type azurednsProvider struct {
+	zonesClient    *adns.PrivateZonesClient
+	recordsClient  *adns.RecordSetsClient
+	zones          map[string]*adns.PrivateZone
+	resourceGroup  *string
+	subscriptionID *string
+	rawRecords     map[string][]*adns.RecordSet
+	zoneName       map[string]string
+}
+
+func newAzureDNSDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	return newAzureDNS(conf, metadata)
+}
+
+func newAzureDNS(m map[string]string, metadata json.RawMessage) (*azurednsProvider, error) {
+	subID, rg := m["SubscriptionID"], m["ResourceGroup"]
+	clientID, clientSecret, tenantID := m["ClientID"], m["ClientSecret"], m["TenantID"]
+	credential, authErr := aauth.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
+	if authErr != nil {
+		return nil, authErr
+	}
+	zonesClient, zoneErr := adns.NewPrivateZonesClient(subID, credential, nil)
+	if zoneErr != nil {
+		return nil, zoneErr
+	}
+	recordsClient, recordErr := adns.NewRecordSetsClient(subID, credential, nil)
+	if recordErr != nil {
+		return nil, recordErr
+	}
+
+	api := &azurednsProvider{
+		zonesClient:    zonesClient,
+		recordsClient:  recordsClient,
+		resourceGroup:  to.StringPtr(rg),
+		subscriptionID: to.StringPtr(subID),
+		rawRecords:     map[string][]*adns.RecordSet{},
+		zoneName:       map[string]string{},
+	}
+	err := api.getZones()
+	if err != nil {
+		return nil, err
+	}
+	return api, nil
+}
+
+var features = providers.DocumentationNotes{
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
+	providers.CanUseAzureAlias:       providers.Can(),
+	providers.CanUseCAA:              providers.Cannot("Azure Private DNS does not support CAA records"),
+	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseNAPTR:            providers.Cannot(),
+	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Cannot(),
+	providers.CanUseTLSA:             providers.Cannot(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Can("Azure does not permit modifying the existing NS records, only adding/removing additional records."),
+	providers.DocOfficiallySupported: providers.Can(),
+}
+
+func init() {
+	fns := providers.DspFuncs{
+		Initializer:   newAzureDNSDsp,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType("AZURE_PRIVATE_DNS", fns, features)
+	providers.RegisterCustomRecordType("AZURE_ALIAS", "AZURE_PRIVATE_DNS", "")
+}
+
+func (a *azurednsProvider) getExistingZones() ([]*adns.PrivateZone, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 6000*time.Second)
+	defer cancel()
+	zonesPager := a.zonesClient.NewListByResourceGroupPager(*a.resourceGroup, nil)
+	var zones []*adns.PrivateZone
+	for zonesPager.More() {
+		nextResult, zonesErr := zonesPager.NextPage(ctx)
+		if zonesErr != nil {
+			return nil, zonesErr
+		}
+		zones = append(zones, nextResult.Value...)
+	}
+	return zones, nil
+}
+
+func (a *azurednsProvider) getZones() error {
+	a.zones = make(map[string]*adns.PrivateZone)
+
+	zones, err := a.getExistingZones()
+	if err != nil {
+		return err
+	}
+
+	for _, z := range zones {
+		zone := z
+		domain := strings.TrimSuffix(*z.Name, ".")
+		a.zones[domain] = zone
+	}
+
+	return nil
+}
+
+type errNoExist struct {
+	domain string
+}
+
+func (e errNoExist) Error() string {
+	return fmt.Sprintf("Private 	Domain %s not found in you Azure account", e.domain)
+}
+
+func (a *azurednsProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	// Azure Private DNS does not have the concept of "Name Servers" since these are local, private views of zones unique to the Azure environment
+	var nss []string
+	return models.ToNameserversStripTD(nss)
+}
+
+func (a *azurednsProvider) ListZones() ([]string, error) {
+	zonesResult, err := a.getExistingZones()
+	if err != nil {
+		return nil, err
+	}
+	var zones []string
+
+	for _, z := range zonesResult {
+		domain := strings.TrimSuffix(*z.Name, ".")
+		zones = append(zones, domain)
+	}
+
+	return zones, nil
+}
+
+// GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
+func (a *azurednsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	existingRecords, _, _, err := a.getExistingRecords(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	return existingRecords, nil
+}
+
+func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []*adns.RecordSet, string, error) {
+	zone, ok := a.zones[domain]
+	if !ok {
+		return nil, nil, "", errNoExist{domain}
+	}
+	zoneName := *zone.Name
+	rawRecords, err := a.fetchRecordSets(zoneName)
+	if err != nil {
+		return nil, nil, "", err
+	}
+
+	var existingRecords models.Records
+	for _, set := range rawRecords {
+		existingRecords = append(existingRecords, nativeToRecords(set, zoneName)...)
+	}
+
+	a.rawRecords[domain] = rawRecords
+	a.zoneName[domain] = zoneName
+
+	return existingRecords, rawRecords, zoneName, nil
+}
+
+// GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
+func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+	txtutil.SplitSingleLongTxt(existingRecords) // Autosplit long TXT records
+
+	var corrections []*models.Correction
+
+	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, change := range changes {
+
+		// Copy all param values to local variables to avoid overwrites
+		msgs := change.MsgsJoined
+		dcn := dc.Name
+		chaKey := change.Key
+
+		switch change.Type {
+		case diff2.REPORT:
+			corrections = append(corrections, &models.Correction{Msg: change.MsgsJoined})
+		case diff2.CHANGE, diff2.CREATE:
+			changeNew := change.New
+			corrections = append(corrections, &models.Correction{
+				Msg: msgs,
+				F: func() error {
+					return a.recordCreate(dcn, chaKey, changeNew)
+				},
+			})
+		case diff2.DELETE:
+			corrections = append(corrections, &models.Correction{
+				Msg: msgs,
+				F: func() error {
+					return a.recordDelete(dcn, chaKey, change.Old)
+				},
+			})
+		default:
+			panic(fmt.Sprintf("unhandled change.Type %s", change.Type))
+		}
+	}
+
+	return corrections, nil
+}
+
+func (a *azurednsProvider) recordCreate(zoneName string, reckey models.RecordKey, recs models.Records) error {
+
+	rrset, azRecType, err := a.recordToNativeDiff2(reckey, recs)
+	if err != nil {
+		return err
+	}
+
+	var recordName string
+	var i int64
+	for _, r := range recs {
+		i = int64(r.TTL)
+		recordName = r.Name
+	}
+	rrset.Properties.TTL = &i
+
+	waitTime := 1
+retry:
+
+	ctx, cancel := context.WithTimeout(context.Background(), 6000*time.Second)
+	defer cancel()
+	_, err = a.recordsClient.CreateOrUpdate(ctx, *a.resourceGroup, zoneName, azRecType, recordName, *rrset, nil)
+
+	if e, ok := err.(*azcore.ResponseError); ok {
+		if e.StatusCode == 429 {
+			waitTime = waitTime * 2
+			if waitTime > 300 {
+				return err
+			}
+			printer.Printf("AZURE_PRIVATE_DNS: rate-limit paused for %v.\n", waitTime)
+			time.Sleep(time.Duration(waitTime+1) * time.Second)
+			goto retry
+		}
+	}
+
+	return err
+}
+
+func (a *azurednsProvider) recordDelete(zoneName string, reckey models.RecordKey, recs models.Records) error {
+
+	shortName := strings.TrimSuffix(reckey.NameFQDN, "."+zoneName)
+	if shortName == zoneName {
+		shortName = "@"
+	}
+
+	azRecType, err := nativeToRecordTypeDiff(to.StringPtr(reckey.Type))
+	if err != nil {
+		return nil
+	}
+
+	waitTime := 1
+retry:
+
+	ctx, cancel := context.WithTimeout(context.Background(), 6000*time.Second)
+	defer cancel()
+	_, err = a.recordsClient.Delete(ctx, *a.resourceGroup, zoneName, azRecType, shortName, nil)
+
+	if e, ok := err.(*azcore.ResponseError); ok {
+		if e.StatusCode == 429 {
+			waitTime = waitTime * 2
+			if waitTime > 300 {
+				return err
+			}
+			printer.Printf("AZURE_PRIVATE_DNS: rate-limit paused for %v.\n", waitTime)
+			time.Sleep(time.Duration(waitTime+1) * time.Second)
+			goto retry
+		}
+	}
+
+	return err
+}
+
+func nativeToRecordTypeDiff(recordType *string) (adns.RecordType, error) {
+	recordTypeStripped := strings.TrimPrefix(*recordType, "Microsoft.Network/dnszones/")
+	switch recordTypeStripped {
+	case "A", "AZURE_ALIAS_A":
+		return adns.RecordTypeA, nil
+	case "AAAA", "AZURE_ALIAS_AAAA":
+		return adns.RecordTypeAAAA, nil
+	case "CAA":
+		// CAA doesn't make any senese in a private dns zone in azure
+		return adns.RecordTypeA, fmt.Errorf("nativeToRecordTypeDiff RTYPE %v UNIMPLEMENTED", *recordType)
+	case "CNAME", "AZURE_ALIAS_CNAME":
+		return adns.RecordTypeCNAME, nil
+	case "MX":
+		return adns.RecordTypeMX, nil
+	case "NS":
+		// NS record types don't make any sense in a private azure dns zone
+		return adns.RecordTypeA, fmt.Errorf("nativeToRecordTypeDiff RTYPE %v UNIMPLEMENTED", *recordType)
+	case "PTR":
+		return adns.RecordTypePTR, nil
+	case "SRV":
+		return adns.RecordTypeSRV, nil
+	case "TXT":
+		return adns.RecordTypeTXT, nil
+	case "SOA":
+		return adns.RecordTypeSOA, nil
+	default:
+		// Unimplemented type. Return adns.A as a decoy, but send an error.
+		return adns.RecordTypeA, fmt.Errorf("nativeToRecordTypeDiff RTYPE %v UNIMPLEMENTED", *recordType)
+	}
+}
+
+func nativeToRecords(set *adns.RecordSet, origin string) []*models.RecordConfig {
+	var results []*models.RecordConfig
+	switch rtype := *set.Type; rtype {
+	case "Microsoft.Network/privateDnsZones/A":
+		if set.Properties.ARecords != nil {
+			// This is an A recordset. Process all the targets there.
+			for _, rec := range set.Properties.ARecords {
+				rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+				rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+				rc.Type = "A"
+				_ = rc.SetTarget(*rec.IPv4Address)
+				results = append(results, rc)
+			}
+		} else {
+			panic(fmt.Errorf("nativeToRecords rtype %v unimplemented", *set.Type))
+
+		}
+	case "Microsoft.Network/privateDnsZones/AAAA":
+		if set.Properties.AaaaRecords != nil {
+			// This is an AAAA recordset. Process all the targets there.
+			for _, rec := range set.Properties.AaaaRecords {
+				rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+				rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+				rc.Type = "AAAA"
+				_ = rc.SetTarget(*rec.IPv6Address)
+				results = append(results, rc)
+			}
+		} else {
+			panic(fmt.Errorf("nativeToRecords rtype %v unimplemented", *set.Type))
+		}
+	case "Microsoft.Network/privateDnsZones/CNAME":
+		if set.Properties.CnameRecord != nil {
+			// This is a CNAME recordset. Process the targets. (there can only be one)
+			rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+			rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+			rc.Type = "CNAME"
+			_ = rc.SetTarget(*set.Properties.CnameRecord.Cname)
+			results = append(results, rc)
+		} else {
+			panic(fmt.Errorf("nativeToRecords rtype %v unimplemented", *set.Type))
+		}
+	case "Microsoft.Network/privateDnsZones/PTR":
+		for _, rec := range set.Properties.PtrRecords {
+			rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+			rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+			rc.Type = "PTR"
+			_ = rc.SetTarget(*rec.Ptrdname)
+			results = append(results, rc)
+		}
+	case "Microsoft.Network/privateDnsZones/TXT":
+		if len(set.Properties.TxtRecords) == 0 { // Empty String Record Parsing
+			// This is a null TXT record.
+			rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+			rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+			rc.Type = "TXT"
+			_ = rc.SetTargetTXT("")
+			results = append(results, rc)
+		} else {
+			// This is a normal TXT record. Collect all its segments.
+			for _, rec := range set.Properties.TxtRecords {
+				rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+				rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+				rc.Type = "TXT"
+				var txts []string
+				for _, txt := range rec.Value {
+					txts = append(txts, *txt)
+				}
+				_ = rc.SetTargetTXTs(txts)
+				results = append(results, rc)
+			}
+		}
+	case "Microsoft.Network/privateDnsZones/MX":
+		for _, rec := range set.Properties.MxRecords {
+			rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+			rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+			rc.Type = "MX"
+			_ = rc.SetTargetMX(uint16(*rec.Preference), *rec.Exchange)
+			results = append(results, rc)
+		}
+	case "Microsoft.Network/privateDnsZones/SRV":
+		for _, rec := range set.Properties.SrvRecords {
+			rc := &models.RecordConfig{TTL: uint32(*set.Properties.TTL), Original: set}
+			rc.SetLabelFromFQDN(*set.Properties.Fqdn, origin)
+			rc.Type = "SRV"
+			_ = rc.SetTargetSRV(uint16(*rec.Priority), uint16(*rec.Weight), uint16(*rec.Port), *rec.Target)
+			results = append(results, rc)
+		}
+	case "Microsoft.Network/privateDnsZones/SOA":
+	default:
+		panic(fmt.Errorf("nativeToRecords rtype %v unimplemented", *set.Type))
+	}
+	return results
+}
+
+// NOTE recordToNativeDiff2 is really "convert []RecordConfig to rrset".
+
+func (a *azurednsProvider) recordToNativeDiff2(recordKey models.RecordKey, recordConfig []*models.RecordConfig) (*adns.RecordSet, adns.RecordType, error) {
+
+	recordKeyType := recordKey.Type
+	//	if recordKeyType == "AZURE_ALIAS" {
+	//		fmt.Fprintf(os.Stderr, "DEBUG: XXXXXXXXXXXXXXXXXXXXXXX %v\n", recordKeyType)
+	//	}
+
+	recordSet := &adns.RecordSet{Type: to.StringPtr(recordKeyType), Properties: &adns.RecordSetProperties{}}
+	for _, rec := range recordConfig {
+		switch recordKeyType {
+		case "A":
+			if recordSet.Properties.ARecords == nil {
+				recordSet.Properties.ARecords = []*adns.ARecord{}
+			}
+			recordSet.Properties.ARecords = append(recordSet.Properties.ARecords, &adns.ARecord{IPv4Address: to.StringPtr(rec.GetTargetField())})
+		case "AAAA":
+			if recordSet.Properties.AaaaRecords == nil {
+				recordSet.Properties.AaaaRecords = []*adns.AaaaRecord{}
+			}
+			recordSet.Properties.AaaaRecords = append(recordSet.Properties.AaaaRecords, &adns.AaaaRecord{IPv6Address: to.StringPtr(rec.GetTargetField())})
+		case "CNAME":
+			recordSet.Properties.CnameRecord = &adns.CnameRecord{Cname: to.StringPtr(rec.GetTargetField())}
+		case "PTR":
+			if recordSet.Properties.PtrRecords == nil {
+				recordSet.Properties.PtrRecords = []*adns.PtrRecord{}
+			}
+			recordSet.Properties.PtrRecords = append(recordSet.Properties.PtrRecords, &adns.PtrRecord{Ptrdname: to.StringPtr(rec.GetTargetField())})
+		case "TXT":
+			if recordSet.Properties.TxtRecords == nil {
+				recordSet.Properties.TxtRecords = []*adns.TxtRecord{}
+			}
+			// Empty TXT record needs to have no value set in it's properties
+			if rec.GetTargetTXTJoined() == "" {
+				var txts []*string
+				for _, txt := range rec.GetTargetTXTSegmented() {
+					txts = append(txts, to.StringPtr(txt))
+				}
+				recordSet.Properties.TxtRecords = append(recordSet.Properties.TxtRecords, &adns.TxtRecord{Value: txts})
+			}
+		case "MX":
+			if recordSet.Properties.MxRecords == nil {
+				recordSet.Properties.MxRecords = []*adns.MxRecord{}
+			}
+			recordSet.Properties.MxRecords = append(recordSet.Properties.MxRecords, &adns.MxRecord{Exchange: to.StringPtr(rec.GetTargetField()), Preference: to.Int32Ptr(int32(rec.MxPreference))})
+		case "SRV":
+			if recordSet.Properties.SrvRecords == nil {
+				recordSet.Properties.SrvRecords = []*adns.SrvRecord{}
+			}
+			recordSet.Properties.SrvRecords = append(recordSet.Properties.SrvRecords, &adns.SrvRecord{Target: to.StringPtr(rec.GetTargetField()), Port: to.Int32Ptr(int32(rec.SrvPort)), Weight: to.Int32Ptr(int32(rec.SrvWeight)), Priority: to.Int32Ptr(int32(rec.SrvPriority))})
+			/* CAA records don't work in a private zone */
+		case "AZURE_ALIAS_A", "AZURE_ALIAS_AAAA", "AZURE_ALIAS_CNAME":
+			return nil, adns.RecordTypeA, fmt.Errorf("recordToNativeDiff2 RTYPE %v UNIMPLEMENTED", recordKeyType) // ands.A is a placeholder
+		default:
+			return nil, adns.RecordTypeA, fmt.Errorf("recordToNativeDiff2 RTYPE %v UNIMPLEMENTED", recordKeyType) // ands.A is a placeholder
+		}
+	}
+
+	rt, err := nativeToRecordTypeDiff(to.StringPtr(*recordSet.Type))
+	if err != nil {
+		return nil, adns.RecordTypeA, err // adns.A is a placeholder
+	}
+	return recordSet, rt, nil
+}
+
+func (a *azurednsProvider) fetchRecordSets(zoneName string) ([]*adns.RecordSet, error) {
+	if zoneName == "" {
+		return nil, nil
+	}
+	var records []*adns.RecordSet
+	ctx, cancel := context.WithTimeout(context.Background(), 6000*time.Second)
+	defer cancel()
+
+	recordsPager := a.recordsClient.NewListPager(*a.resourceGroup, zoneName, nil)
+
+	for recordsPager.More() {
+
+		waitTime := 1
+	retry:
+
+		nextResult, recordsErr := recordsPager.NextPage(ctx)
+
+		if recordsErr != nil {
+			err := recordsErr
+			if e, ok := err.(*azcore.ResponseError); ok {
+
+				if e.StatusCode == 429 {
+					waitTime = waitTime * 2
+					if waitTime > 300 {
+						return nil, err
+					}
+					printer.Printf("AZURE_PRIVATE_DNS: rate-limit paused for %v.\n", waitTime)
+					time.Sleep(time.Duration(waitTime+1) * time.Second)
+					goto retry
+				}
+			}
+		}
+
+		records = append(records, nextResult.Value...)
+	}
+
+	return records, nil
+}
+
+func (a *azurednsProvider) EnsureZoneExists(domain string) error {
+	if _, ok := a.zones[domain]; ok {
+		return nil
+	}
+	return nil
+}

From 5b93f94ad64c88b4e53e2e31da05fab7826f00ff Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 28 Nov 2023 16:28:37 -0500
Subject: [PATCH 031/438] Update docs and move Azure Private DNS to the
 "community support" list (#2657)

Co-authored-by: Matthew Gamble <mgamble@mgamble.ca>
---
 documentation/providers.md         | 7 ++++---
 documentation/writing-providers.md | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 798450a838..16c803cc40 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -76,7 +76,6 @@ Providers in this category and their maintainers are:
 |Name|Maintainer|
 |---|---|
 |[`AZURE_DNS`](providers/azure_dns.md)|@vatsalyagoel|
-[[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble]
 |[`BIND`](providers/bind.md)|@tlimoncelli|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
 |[`CSCGLOBAL`](providers/cscglobal.md)|@mikenz|
@@ -95,16 +94,18 @@ provided to help community members support their code independently.
 
 Expectations of maintainers:
 
-* Maintainers are expected to support their provider and/or find a new maintainer.
+* Maintainers are expected to support their provider and/or help find a new maintainer.
 * Maintainers should set up test accounts and periodically verify that all tests pass (`pkg/js/parse_tests` and `integrationTest`).
 * Contributors are encouraged to add new tests and refine old ones. (Test-driven development is encouraged.)
 * Bugs will be referred to the maintainer or their designate.
-* Maintainers must be responsible to bug reports and PRs.  If a maintainer is unresponsive for more than 2 months, we will consider disabling the provider.  First we will put out a call for new maintainer. If noboby volunteers, the provider will be disabled.
+* Maintainers must be responsible to bug reports and PRs.  If a maintainer is unresponsive for more than 2 months, we will consider disabling the provider.  First we will put out a call for new maintainer. If nobody volunteers, the provider may be disabled.
+* Tom needs to know your real email address.  Please email tlimoncelli at stack over flow dot com so he has it.
 
 Providers in this category and their maintainers are:
 
 |Name|Maintainer|
 |---|---|
+[[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble]
 |[`AKAMAIEDGEDNS`](providers/akamaiedgedns.md)|@svernick|
 |[`AXFRDDNS`](providers/axfrddns.md)|@hnrgrgr|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 2f1435366a..791a2bc6dd 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -316,7 +316,7 @@ Here are some last-minute things to check before you submit your PR.
 2. Make sure all appropriate documentation is current. (See [Step 8](#step-8-manual-tests))
 3. Check that dependencies are current (See [Step 13](#step-13-dependencies))
 4. Re-run the integration test one last time (See [Step 7](#step-7-integration-test))
-5. Re-read the [maintainer's responsibilities](providers.md) bullet list.  By submitting a provider you agree to maintain it, respond to bugs, perioidically re-run the integration test to verify nothing has broken, and if we don't hear from you for 2 months we may disable the provider.
+5. Re-read the [maintainer's responsibilities](providers.md) bullet list.  By submitting a provider you agree to maintain it, respond to bugs, periodically re-run the integration test to verify nothing has broken, and if we don't hear from you for 2 months we may disable the provider.
 
 ## Step 16: After the PR is merged
 

From 88f007cd1dca4587e8fffefc1c4e53da948a5bd8 Mon Sep 17 00:00:00 2001
From: Jonathan Bouvier <jonathan.bouvier@gmail.com>
Date: Wed, 29 Nov 2023 11:34:27 -0500
Subject: [PATCH 032/438] ROUTE53: fix parameter type for
 R53_EVALUATE_TARGET_HEALTH (#2658)

---
 commands/types/dnscontrol.d.ts                               | 2 +-
 documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 58c9d8ad2a..8715383ccb 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2300,7 +2300,7 @@ declare function R53_ALIAS(name: string, target: string, zone_idModifier: Domain
  *
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_evaluate_target_health
  */
-declare function R53_EVALUATE_TARGET_HEALTH(enabled: bool): RecordModifier;
+declare function R53_EVALUATE_TARGET_HEALTH(enabled: boolean): RecordModifier;
 
 /**
  * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
diff --git a/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md b/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
index 7ed12b3853..72f3ffedc9 100644
--- a/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
+++ b/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
@@ -3,7 +3,7 @@ name: R53_EVALUATE_TARGET_HEALTH
 parameters:
   - enabled
 parameter_types:
-  enabled: bool
+  enabled: boolean
 ts_return: RecordModifier
 provider: ROUTE53
 ---

From 74a9e5e8706085d810886033431405611361181d Mon Sep 17 00:00:00 2001
From: Jonathan Bouvier <jonathan.bouvier@gmail.com>
Date: Wed, 29 Nov 2023 13:25:20 -0500
Subject: [PATCH 033/438] ROUTE53: add R53_EVALUATE_TARGET_HEALTH to
 documentation summary (#2659)

---
 documentation/SUMMARY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index b26e56638b..44034380e0 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -90,6 +90,7 @@
     * Service Provider specific
         * Amazon Route 53
             * [R53_ZONE](functions/record/R53_ZONE.md)
+            * [R53_EVALUATE_TARGET_HEALTH](functions/record/R53_EVALUATE_TARGET_HEALTH.md)
 * [Why CNAME/MX/NS targets require a "dot"](why-the-dot.md)
 
 ## Service Providers

From bc22690fc1514f89edf1ba15019a982e18d73fe8 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 29 Nov 2023 20:24:22 +0100
Subject: [PATCH 034/438] DOCS: Fixed providers with "contributor support"
 table. (#2660)

---
 documentation/providers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 16c803cc40..18a94ab7c3 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -105,7 +105,7 @@ Providers in this category and their maintainers are:
 
 |Name|Maintainer|
 |---|---|
-[[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble]
+|[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble|
 |[`AKAMAIEDGEDNS`](providers/akamaiedgedns.md)|@svernick|
 |[`AXFRDDNS`](providers/axfrddns.md)|@hnrgrgr|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|

From fd413a9b08e578b7c8749e3b8895d162d5cf4f7d Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 29 Nov 2023 21:18:14 +0100
Subject: [PATCH 035/438] AZURE_PRIVATE_DNS: GoReleaser provider-specific
 changelog regexp (#2661)

---
 .goreleaser.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index ac5568685d..a181427b63 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -33,7 +33,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Deprecation warnings:'
       regexp: "(?i)^.*Deprecate[(\\w)]*:+.*$"

From 31cd4e10a8903d3fc261f98cf41bf44955bdd914 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 29 Nov 2023 21:22:01 +0100
Subject: [PATCH 036/438] DOCS: Fixed the broken provider `ClouDNS` link in the
 providers table (#2663)

---
 documentation/providers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 18a94ab7c3..b7812f6b4c 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -109,7 +109,7 @@ Providers in this category and their maintainers are:
 |[`AKAMAIEDGEDNS`](providers/akamaiedgedns.md)|@svernick|
 |[`AXFRDDNS`](providers/axfrddns.md)|@hnrgrgr|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
-|[`CLOUDNS`](providers/CLOUDNS.md)|@pragmaton|
+|[`CLOUDNS`](providers/cloudns.md)|@pragmaton|
 |[`CSCGLOBAL`](providers/cscglobal.md)|@Air-New-Zealand|
 |[`DESEC`](providers/desec.md)|@D3luxee|
 |[`DIGITALOCEAN`](providers/digitalocean.md)|@Deraen|

From 9397eed84b1e66fc2f35c5ce38d5979a770417ee Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 29 Nov 2023 21:22:24 +0100
Subject: [PATCH 037/438] DOCS: Fixed the maintainer of provider `OPENSRS`
 (#2662)

---
 documentation/providers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index b7812f6b4c..1ab8aac789 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -134,7 +134,7 @@ Providers in this category and their maintainers are:
 |[`NETCUP`](providers/netcup.md)|@kordianbruck|
 |[`NETLIFY`](providers/netlify.md)|@SphericalKat|
 |[`NS1`](providers/ns1.md)|@costasd|
-|[`OPENSRS`](providers/opensrs.md)|@pierre-emmanuelJ|
+|[`OPENSRS`](providers/opensrs.md)|@philhug|
 |[`ORACLE`](providers/oracle.md)|@kallsyms|
 |[`OVH`](providers/ovh.md)|@masterzen|
 |[`PACKETFRAME`](providers/packetframe.md)|@hamptonmoore|

From d3112f53df84eb360539bf3c1cf0e272bfedbf01 Mon Sep 17 00:00:00 2001
From: Asif Nawaz <107853964+AsifNawaz-cnic@users.noreply.github.com>
Date: Thu, 30 Nov 2023 16:33:02 +0000
Subject: [PATCH 038/438] HEXONET: Update GO-SDK dependency version from 3.5.5
 to 3.5.6 (#2667)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 38f253058a..5c773a7c44 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
 	github.com/cloudflare/cloudflare-go v0.81.0
 	github.com/digitalocean/godo v1.106.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
diff --git a/go.sum b/go.sum
index 885ea93a7f..75ee55f5b6 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5 h1:awE2kiwdJa409MC5i3OH9fJHCr2yE75yHuWWoA5zx8Q=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.5/go.mod h1:1usm1EQvugrIio3ODIAMrDG9NzA86AHIqhZCxJgNdxY=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6 h1:NwzyMBDEihBaPYlsguXbiraAofgFL0dIokr7haRptng=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod h1:AuVFPx7rRMTT6MstyP2eWwinthewLFWv+zbaoQ3A+fY=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=

From a653499655fe27d04e87782ffb40c5d565fa90d7 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 30 Nov 2023 13:51:54 -0500
Subject: [PATCH 039/438] CHORE: Update deps (#2668)

---
 go.mod |  58 ++++++++++++-------------
 go.sum | 132 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 95 insertions(+), 95 deletions(-)

diff --git a/go.mod b/go.mod
index 5c773a7c44..a3fe3d97f4 100644
--- a/go.mod
+++ b/go.mod
@@ -6,30 +6,30 @@ toolchain go1.21.1
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.23.0
-	github.com/aws/aws-sdk-go-v2/config v1.25.3
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.2
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2
+	github.com/aws/aws-sdk-go-v2 v1.23.4
+	github.com/aws/aws-sdk-go-v2/config v1.25.10
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.8
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.81.0
+	github.com/cloudflare/cloudflare-go v0.82.0
 	github.com/digitalocean/godo v1.106.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
 	github.com/go-acme/lego v2.7.2+incompatible
-	github.com/go-gandi/go-gandi v0.6.0
+	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/google/go-github/v35 v35.3.0
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
@@ -51,9 +51,9 @@ require (
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.25.7
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/net v0.18.0
-	golang.org/x/oauth2 v0.14.0
-	google.golang.org/api v0.151.0
+	golang.org/x/net v0.19.0
+	golang.org/x/oauth2 v0.15.0
+	google.golang.org/api v0.152.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -67,28 +67,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
+	golang.org/x/exp v0.0.0-20231127185646-65229373498e
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/compute v1.23.1 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 // indirect
-	github.com/aws/smithy-go v1.17.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 // indirect
+	github.com/aws/smithy-go v1.18.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -112,7 +112,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
@@ -137,14 +137,14 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.15.0 // indirect
+	golang.org/x/crypto v0.16.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.14.0 // indirect
-	golang.org/x/time v0.4.0 // indirect
-	golang.org/x/tools v0.15.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.16.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
 	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 75ee55f5b6..2ee0953521 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
-cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
+cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
+cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
@@ -9,14 +9,14 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZM
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0 h1:8iR6OLffWWorFdzL2JFCab5xpD8VKEE2DUBBl+HNTDY=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.1.0/go.mod h1:copqlcjMWc/wgQ1N2fzsJFQxDdqKGg1EQt8T5wJMOGE=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2/go.mod h1:FbdwsQ2EzwvXxOPcMFYO8ogEc9uMMIj3YkmCdXdAFmk=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0 h1:rR8ZW79lE/ppfXTfiYSnMFv5EzmVuY4pfZWIkscIJ64=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.1.0/go.mod h1:y2zXtLSMM/X5Mfawq0lOftpWn3f4V6OCsRdINsvWBPI=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0 h1:ECsQtyERDVz3NP3kvDOTLvbQhqWp/x9EsGKtb4ogUr8=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.0.0/go.mod h1:s1tW/At+xHqjNFvWU4G0c0Qv33KOhvbGNj0RCTQDV8s=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1/go.mod h1:c/wcGeGx5FUPbM/JltUYHZcKmigwyVLJlDq+4HdtXaw=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
@@ -39,36 +39,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.23.0 h1:PiHAzmiQQr6JULBUdvR8fKlA+UPKLT/8KbiqpFBWiAo=
-github.com/aws/aws-sdk-go-v2 v1.23.0/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA=
-github.com/aws/aws-sdk-go-v2/config v1.25.3 h1:E4m9LbwJOoncDNt3e9MPLbz/saxWcGUlZVBydydD6+8=
-github.com/aws/aws-sdk-go-v2/config v1.25.3/go.mod h1:tAByZy03nH5jcq0vZmkcVoo6tRzRHEwSFx3QW4NmDw8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.2 h1:0sdZ5cwfOAipTzZ7eOL0gw4LAhk/RZnTa16cDqIt8tg=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.2/go.mod h1:sDdvGhXrSVT5yzBDR7qXz+rhbpiMpUYfF3vJ01QSdrc=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 h1:9wKDWEjwSnXZre0/O3+ZwbBl1SmlgWYBbrTV10X/H1s=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4/go.mod h1:t4i+yGHMCcUNIX1x7YVYa6bH/Do7civ5I6cG/6PMfyA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3 h1:DUwbD79T8gyQ23qVXFUthjzVMTviSHi3y4z58KvghhM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.3/go.mod h1:7sGSz1JCKHWWBHq98m6sMtWQikmYPpxjqOydDemiVoM=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3 h1:AplLJCtIaUZDCbr6+gLYdsYNxne4iuaboJhVt9d+WXI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.3/go.mod h1:ify42Rb7nKeDDPkFjKn7q1bPscVPu/+gmHH8d2c+anU=
+github.com/aws/aws-sdk-go-v2 v1.23.4 h1:2P20ZjH0ouSAu/6yZep8oCmTReathLuEu6dwoqEgjts=
+github.com/aws/aws-sdk-go-v2 v1.23.4/go.mod h1:t3szzKfP0NeRU27uBFczDivYJjsmSnqI8kIvKyWb9ds=
+github.com/aws/aws-sdk-go-v2/config v1.25.10 h1:qw/e8emDtNufTkrAU86DlQ18DruMyyM7ttW6Lgwp4v0=
+github.com/aws/aws-sdk-go-v2/config v1.25.10/go.mod h1:203YiAtb6XyoGxXMPsUVwEcuxCiTQY/r8P27IDjfvMc=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.8 h1:phw9nRLy/77bPk6Mfu2SHCOnHwfVB7WWrOa5rZIY2Fc=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.8/go.mod h1:MrS4SOin6adbO6wgWhdifyPiq+TX7fPPwyA/ZLC1F5M=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 h1:tQZLSPC2Zj2CqZHonLmWEvCsbpMX5tQvaYJWHadcPek=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8/go.mod h1:5+YpvTHDFffykWr5qAGjqwoh8oVYZOddL3sSrEN7lws=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7 h1:eMqD7ku6WGdmcWWXPYun9m6yk6feSULLhJlAtN6rYG4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7/go.mod h1:0oBIfcDV6LScxEW0VgOqxT3e4aqKRp+SYhB9wAd5E3Q=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7 h1:+XYhWhgWs5F3Zx8oa49CXzNvfXrItaDjZB/M172fcHQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7/go.mod h1:L6tcSRyCGxcKfDWUrmv2jv8G1cLDU7d0FUpEFpG9bVE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1 h1:rpkF4n0CyFcrJUG/rNNohoTmhtWlFTRI4BsZOh9PvLs=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.1/go.mod h1:l9ymW25HOqymeU2m1gbUQ3rUIsTwKs8gYHXkqDQUhiI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3 h1:kJOolE8xBAD13xTCgOakByZkyP4D/owNmvEiioeUNAg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.3/go.mod h1:Owv1I59vaghv1Ax8zz8ELY8DN7/Y0rGS+WWAmjgi950=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2 h1:h9I/GZ7POL9EOyFouZi7P3v0G8Sr/nMIo9uHIyk+NSU=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.34.2/go.mod h1:adrwIPgzeyWkAyIlnH7SkTU/UTATCXncCR4fbxwYLhA=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2 h1:k2Swg+KnFtyS3GYy4sUXFUaULpiyrZJsW/8ehoT9/BA=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.19.2/go.mod h1:mSL5mozBzBnMfrmjBe8eASqtOKeYZ4rFiSYAwN5PAGs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 h1:V47N5eKgVZoRSvx2+RQ0EpAEit/pqOhqeSQFiS4OFEQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.17.2/go.mod h1:/pE21vno3q1h4bbhUOEi+6Zu/aT26UK2WKkDXd+TssQ=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 h1:/XiEU7VIFcVWRDQLabyrSjBoKIm8UkYgsvWDuFW8Img=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0/go.mod h1:dWqm5G767qwKPuayKfzm4rjzFmVjiBFbOJrpSPnAMDs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.3 h1:M2w4kiMGJCCM6Ljmmx/l6mmpfa3gPJVpBencfnsgvqs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.25.3/go.mod h1:4EqRHDCKP78hq3zOnmFXu5k0j4bXbRFfCh/zQ6KnEfQ=
-github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI=
-github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 h1:e3PCNeEaev/ZF01cQyNZgmYE9oYYePIMJs2mWSKG514=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3/go.mod h1:gIeeNyaL8tIEqZrzAnTeyhHcE0yysCtcaP+N9kxLZ+E=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7 h1:dU+ZyhvqMB/T/TxjGagHMCdyUiqaThRIaMu3YvKiSQI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7/go.mod h1:SGORuNqoXyWfTvTp/gBGJfv8jRvW/+nha0XhnIXVI+o=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1 h1:v/3D+QsF91AdkF6REEPq6RePxy0vJiHv70CzzLdHrqs=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1/go.mod h1:KvdP5Uk34wpr49287kAZJOUJtJXqVZmUTVAbYfknrnM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1 h1:5T+BONhULX+UXFTSoebZ+wX0QGfO8lZMj6E+OwGS44A=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1/go.mod h1:KFZcLBA2BplaxYAOM806i6F5A7EMJDYDR1FnAR3VHkI=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 h1:V40g2daNO3l1J94JYwqfkyvQMYXi5I25fs3fNQW8iDs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.1/go.mod h1:0ZWQJP/mBOUxkCvZKybZNz1XmdUKSBxoF0dzgfxtvDs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 h1:uQrj7SpUNC3r55vc1CDh3qV9wJC66lz546xM9dhSo5s=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1/go.mod h1:oyaTk5xEAOuPXX1kCD7HmIeuLqdj3Bk5yGkqGXtGi14=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 h1:K33V7L0XDdb23FMOZySr8bon1jou5SHn1fiv7NJ1SUg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.1/go.mod h1:YtXUl/sfnS06VksYhr855hTQf2HphfT1Xv/EwuzbPjg=
+github.com/aws/smithy-go v1.18.1 h1:pOdBTUfXNazOlxLrgeYalVnuTpKreACHtc62xLwIB3c=
+github.com/aws/smithy-go v1.18.1/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.81.0 h1:NSLpR2cBn5K1cFXkYsZ7skVNFN+AAJBKdUWAj8v1PGA=
-github.com/cloudflare/cloudflare-go v0.81.0/go.mod h1:TIT8ltdOkZthsC+6owWe0ODSgl84sq3f8iAsja8E1KQ=
+github.com/cloudflare/cloudflare-go v0.82.0 h1:t4G5BcutMcd+3U1FJHifo7Gv3m3LCzhARKZDinSi9Qs=
+github.com/cloudflare/cloudflare-go v0.82.0/go.mod h1:W9Tg8ntSvkoWs/YpwuucBf6ZaG5wTcUSLhyg6GH/zBg=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -131,8 +131,8 @@ github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjX
 github.com/go-acme/lego v2.7.2+incompatible h1:ThhpPBgf6oa9X/vRd0kEmWOsX7+vmYdckmGZSb+FEp0=
 github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M=
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
-github.com/go-gandi/go-gandi v0.6.0 h1:RgFoevggRRp7hF9XsOmWmtwbUg2axhe2ygEdd6Mtstc=
-github.com/go-gandi/go-gandi v0.6.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
+github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
+github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
 github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -225,8 +225,8 @@ github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39E
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
-github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
+github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
@@ -446,11 +446,11 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
+golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No=
+golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -476,11 +476,11 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
-golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
-golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
+golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
+golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -512,8 +512,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -529,8 +529,8 @@ golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
-golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -541,14 +541,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
-golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
+golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
+golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.151.0 h1:FhfXLO/NFdJIzQtCqjpysWwqKk8AzGWBUhMIx67cVDU=
-google.golang.org/api v0.151.0/go.mod h1:ccy+MJ6nrYFgE3WgRx/AMXOxOmU8Q4hSa+jjibzhxcg=
+google.golang.org/api v0.152.0 h1:t0r1vPnfMc260S2Ci+en7kfCZaLOPs5KI0sVV/6jZrY=
+google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -556,12 +556,12 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 h1:AB/lmRny7e2pLhFEYIbl5qkDAUt2h0ZRO4wGPhZf+ik=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
+google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo=
+google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From a1e70c93b9e995e27261812df251ba10b160201f Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 30 Nov 2023 19:53:35 +0100
Subject: [PATCH 040/438] DOCS: Fix `R53_` broken links (#2669)

---
 documentation/SUMMARY.md                    | 2 +-
 documentation/functions/domain/R53_ALIAS.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 44034380e0..5893be97fe 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -90,7 +90,7 @@
     * Service Provider specific
         * Amazon Route 53
             * [R53_ZONE](functions/record/R53_ZONE.md)
-            * [R53_EVALUATE_TARGET_HEALTH](functions/record/R53_EVALUATE_TARGET_HEALTH.md)
+            * [R53_EVALUATE_TARGET_HEALTH](functions/record/R53\_EVALUATE\_TARGET\_HEALTH.md)
 * [Why CNAME/MX/NS targets require a "dot"](why-the-dot.md)
 
 ## Service Providers
diff --git a/documentation/functions/domain/R53_ALIAS.md b/documentation/functions/domain/R53_ALIAS.md
index cd0e3737f5..d247f4e8b0 100644
--- a/documentation/functions/domain/R53_ALIAS.md
+++ b/documentation/functions/domain/R53_ALIAS.md
@@ -39,7 +39,7 @@ The zone id can be found depending on the target type:
 * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
 * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
 
-Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53_EVALUATE_TARGET_HEALTH.md) record modifier.
+Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
 
 {% code title="dnsconfig.js" %}
 ```javascript

From 811fa5477fe304a83c303c47bb74bdf2cff8d96b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:04:31 -0500
Subject: [PATCH 041/438] Build(deps): Bump alpine from 3.18.4 to 3.18.5
 (#2671)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f392fc6ff1..7d9c386e67 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978 as RUN
+FROM alpine:3.18.5@sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0 as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From 609de61669fde1784f5997022f25298e0ea8bd92 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 4 Dec 2023 16:04:55 +0100
Subject: [PATCH 042/438] DOCS: Added the missing provider `OpenSRS` page
 (#2665)

---
 documentation/SUMMARY.md           |  1 +
 documentation/providers/opensrs.md | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 documentation/providers/opensrs.md

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 5893be97fe..810851643b 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -132,6 +132,7 @@
     * [Netcup](providers/netcup.md)
     * [Netlify](providers/netlify.md)
     * [NS1](providers/ns1.md)
+    * [OpenSRS](providers/opensrs.md)
     * [Oracle Cloud](providers/oracle.md)
     * [OVH](providers/ovh.md)
     * [Packetframe](providers/packetframe.md)
diff --git a/documentation/providers/opensrs.md b/documentation/providers/opensrs.md
new file mode 100644
index 0000000000..e3d43eedb4
--- /dev/null
+++ b/documentation/providers/opensrs.md
@@ -0,0 +1,19 @@
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `OpenSRS`
+along with your OpenSRS credentials.
+
+## Usage
+
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_OPENSRS = NewDnsProvider("opensrs");
+
+D("example.com", REG_NONE, DnsProvider(DSP_OPENSRS),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}

From c1f5a8c41839d6b665e9068fe74816bf44383b42 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 4 Dec 2023 16:30:30 +0100
Subject: [PATCH 043/438] DOCS: Added the missing provider `Exoscale` page
 (#2664)

---
 documentation/SUMMARY.md            |  1 +
 documentation/providers/exoscale.md | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 documentation/providers/exoscale.md

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 810851643b..78d2fa779c 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -113,6 +113,7 @@
     * [DNS-over-HTTPS](providers/dnsoverhttps.md)
     * [DOMAINNAMESHOP](providers/domainnameshop.md)
     * [easyname](providers/easyname.md)
+    * [Exoscale](providers/exoscale.md)
     * [Gandi_v5](providers/gandi_v5.md)
     * [Gcore](providers/gcore.md)
     * [Google Cloud DNS](providers/gcloud.md)
diff --git a/documentation/providers/exoscale.md b/documentation/providers/exoscale.md
new file mode 100644
index 0000000000..e245bdd476
--- /dev/null
+++ b/documentation/providers/exoscale.md
@@ -0,0 +1,19 @@
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `EXOSCALE`
+along with your Exoscale credentials.
+
+## Usage
+
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_EXOSCALE = NewDnsProvider("exoscale");
+
+D("example.com", REG_NONE, DnsProvider(DSP_EXOSCALE),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}

From a366e4bc4d9348866b9cd836d5cabd9749fea491 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 4 Dec 2023 16:35:29 +0100
Subject: [PATCH 044/438] CI/CD: Release changelog sections (#2674)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/pull_request_template.md | 16 ++++++++++++++--
 .goreleaser.yml                  | 13 +++++++++++--
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 0789ab8253..f82f3e27fd 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,21 @@
 <!--
-Before you submit a pull request, please make sure you've run the following commands from the root directory.
+## Before submiting a pull request
+
+Please make sure you've run the following commands from the root directory.
 
 go vet ./...
 go fmt ./...
 go generate ./...
 go mod tidy
-!-->
 
+## Release changelog section
+
+Help keep the release changelog clear by pre-naming the proper section in the GitHub pull request title.
+
+Some examples:
+* CICD: Add required GHA permissions for goreleaser
+* DOCS: Fixed providers with "contributor support" table
+* ROUTE53: Allow R53_ALIAS records to enable target health evaluation
+
+More examples/context can be found in the file .goreleaser.yml under the 'build' > 'changelog' key.
+!-->
diff --git a/.goreleaser.yml b/.goreleaser.yml
index a181427b63..f92d6db0d8 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -35,11 +35,20 @@ changelog:
     - title: 'Provider-specific changes:'
       regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
+    - title: 'Documentation:'
+      regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
+      order: 3
+    - title: 'CI/CD:'
+      regexp: "(?i)^.*(build|ci|cicd)[(\\w)]*:+.*$"
+      order: 4
+    - title: 'Dependencies:'
+      regexp: "(?i)^.*Build\(deps\)*:+.*$|(?i)^.*update deps+.*$"
+      order: 5
+    - title: 'Other changes and improvements:'
+      order: 9
     - title: 'Deprecation warnings:'
       regexp: "(?i)^.*Deprecate[(\\w)]*:+.*$"
       order: 10
-    - title: 'Other changes and improvements:'
-      order: 9
   filters:
     exclude:
     - '^test:'

From ef081da1a6c8327ac1b27672f21a23c836b6ca7d Mon Sep 17 00:00:00 2001
From: Vincent Hagen <blackshadev@users.noreply.github.com>
Date: Mon, 4 Dec 2023 17:54:03 +0100
Subject: [PATCH 045/438] TRANSIP: Fixed integration tests: Edge cases and TXT
 records fixed (#2673)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 integrationTest/integration_test.go  | 18 ++++++++--
 providers/transip/slashes.go         | 11 ++++++
 providers/transip/slashes_test.go    | 25 +++++++++++++
 providers/transip/transipProvider.go | 53 ++++++++++++++++++++--------
 4 files changed, 90 insertions(+), 17 deletions(-)
 create mode 100644 providers/transip/slashes.go
 create mode 100644 providers/transip/slashes_test.go

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 821d1f09e5..52398cb184 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1035,11 +1035,17 @@ func makeTests(t *testing.T) []*TestGroup {
 		// that.
 
 		testgroup("CNAME",
-			tc("Record pointing to @", cname("foo", "**current-domain**")),
+			tc("Record pointing to @",
+				cname("foo", "**current-domain**"),
+				a("@", "1.2.3.4"),
+			),
 		),
 
 		testgroup("MX",
-			tc("Record pointing to @", mx("foo", 8, "**current-domain**")),
+			tc("Record pointing to @",
+				mx("foo", 8, "**current-domain**"),
+				a("@", "1.2.3.4"),
+			),
 			tc("Null MX", mx("@", 0, ".")), // RFC 7505
 		),
 
@@ -1246,6 +1252,7 @@ func makeTests(t *testing.T) []*TestGroup {
 				"NAMEDOTCOM",    // Their API is so damn slow. We'll add it back as needed.
 				"NS1",           // Free acct only allows 50 records, therefore we skip
 				//"ROUTE53",       // Batches up changes in pages.
+				"TRANSIP", // Doesn't page. Works fine.  Due to the slow API we skip.
 			),
 			tc("99 records", manyA("rec%04d", "1.2.3.4", 99)...),
 			tc("100 records", manyA("rec%04d", "1.2.3.4", 100)...),
@@ -1515,10 +1522,15 @@ func makeTests(t *testing.T) []*TestGroup {
 		// them here. If you are writing a new provider, I have some good
 		// news: These don't apply to you!
 
-		testgroup("ALIAS",
+		testgroup("ALIAS on apex",
 			requires(providers.CanUseAlias),
 			tc("ALIAS at root", alias("@", "foo.com.")),
 			tc("change it", alias("@", "foo2.com.")),
+		),
+
+		testgroup("ALIAS on subdomain",
+			requires(providers.CanUseAlias),
+			not("TRANSIP"), // TransIP does support ALIAS records, but only for apex records (@)
 			tc("ALIAS at subdomain", alias("test", "foo.com.")),
 			tc("change it", alias("test", "foo2.com.")),
 		),
diff --git a/providers/transip/slashes.go b/providers/transip/slashes.go
new file mode 100644
index 0000000000..1f322da32c
--- /dev/null
+++ b/providers/transip/slashes.go
@@ -0,0 +1,11 @@
+package transip
+
+import (
+	"regexp"
+)
+
+var removeSlashesRegexp = regexp.MustCompile(`(?:\\(\\)+)|(?:\\)`)
+
+func removeSlashes(s string) string {
+	return removeSlashesRegexp.ReplaceAllString(s, "$1")
+}
diff --git a/providers/transip/slashes_test.go b/providers/transip/slashes_test.go
new file mode 100644
index 0000000000..e17778032b
--- /dev/null
+++ b/providers/transip/slashes_test.go
@@ -0,0 +1,25 @@
+package transip
+
+import (
+	"testing"
+)
+
+func TestRemoveSlashes(t *testing.T) {
+
+	data := [][]string{
+		{
+			`quote"d`, `quote"d`,
+			`quote\"d`, `quote"d`,
+			`quote\\"d`, `quote\"d`,
+			`m\o\\r\\\\e`, `mo\r\\e`,
+		},
+	}
+
+	for _, testCase := range data {
+		result := removeSlashes(testCase[0])
+		if result != testCase[1] {
+			t.Fatalf(`Failed on "%s". Expected "%s"; got "%s".`, testCase[0], testCase[1], result)
+		}
+	}
+
+}
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index aadb707824..f273c9241b 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -156,22 +156,9 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 				)
 				corrections = append(corrections, correction)
 			} else {
-
-				oldEntries, err := recordsToNative(change.Old, true)
-				if err != nil {
-					return corrections, err
-				}
-				newEntries, err := recordsToNative(change.New, false)
-				if err != nil {
-					return corrections, err
-				}
-
-				deleteCorrection := wrapChangeFunction(oldEntries, func(rec domain.DNSEntry) error { return n.domains.RemoveDNSEntry(dc.Name, rec) })
-				createCorrection := wrapChangeFunction(newEntries, func(rec domain.DNSEntry) error { return n.domains.AddDNSEntry(dc.Name, rec) })
 				corrections = append(
 					corrections,
-					change.CreateCorrectionWithMessage("[1/2] delete", deleteCorrection),
-					change.CreateCorrectionWithMessage("[2/2] create", createCorrection),
+					n.recreateRecordSet(dc, change)...,
 				)
 			}
 		case diff2.REPORT:
@@ -183,6 +170,42 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 	return corrections, nil
 }
 
+func (n *transipProvider) recreateRecordSet(dc *models.DomainConfig, change diff2.Change) []*models.Correction {
+	var corrections []*models.Correction
+
+	for _, rec := range change.Old {
+		if existsInRecords(rec, change.New) {
+			continue
+		}
+
+		nativeRec, _ := recordToNative(rec, true)
+		createCorrection := change.CreateCorrectionWithMessage("[2/2] delete", func() error { return n.domains.RemoveDNSEntry(dc.Name, nativeRec) })
+		corrections = append(corrections, createCorrection)
+	}
+
+	for _, rec := range change.New {
+		if existsInRecords(rec, change.Old) {
+			continue
+		}
+
+		nativeRec, _ := recordToNative(rec, false)
+		createCorrection := change.CreateCorrectionWithMessage("[1/2] create", func() error { return n.domains.AddDNSEntry(dc.Name, nativeRec) })
+		corrections = append(corrections, createCorrection)
+	}
+
+	return corrections
+}
+
+func existsInRecords(rec *models.RecordConfig, set models.Records) bool {
+	for _, existing := range set {
+		if rec.ToComparableNoTTL() == existing.ToComparableNoTTL() && rec.TTL == existing.TTL {
+			return true
+		}
+	}
+
+	return false
+}
+
 func recordsToNative(records models.Records, useOriginal bool) ([]domain.DNSEntry, error) {
 	entries := make([]domain.DNSEntry, len(records))
 
@@ -324,6 +347,8 @@ func getTargetRecordContent(rc *models.RecordConfig) string {
 		return fmt.Sprintf("%d %d %d %s", rc.DsKeyTag, rc.DsAlgorithm, rc.DsDigestType, rc.DsDigest)
 	case "SRV":
 		return fmt.Sprintf("%d %d %d %s", rc.SrvPriority, rc.SrvWeight, rc.SrvPort, rc.GetTargetField())
+	case "TXT":
+		return removeSlashes(models.StripQuotes(rc.GetTargetCombined()))
 	default:
 		return models.StripQuotes(rc.GetTargetCombined())
 	}

From c29a6486be9aac049f4d44ad96eb5910b939663f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 30 Nov 2023 14:38:01 -0500
Subject: [PATCH 046/438] Update generated files for v4.6.2

---
 commands/types/dnscontrol.d.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 8715383ccb..a850f30275 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2279,7 +2279,7 @@ declare const PURGE: DomainModifier;
  * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
  * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
  *
- * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53_EVALUATE_TARGET_HEALTH.md) record modifier.
+ * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),

From e364d046290c542652d372e8d8bdbb32e4f3cc3e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Dec 2023 12:31:07 -0500
Subject: [PATCH 047/438] CICD: Fix YAML (#2677)

---
 .goreleaser.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index f92d6db0d8..dc77e4f7da 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -42,7 +42,7 @@ changelog:
       regexp: "(?i)^.*(build|ci|cicd)[(\\w)]*:+.*$"
       order: 4
     - title: 'Dependencies:'
-      regexp: "(?i)^.*Build\(deps\)*:+.*$|(?i)^.*update deps+.*$"
+      regexp: "(?i)^.*Build\\(deps\\)*:+.*$|(?i)^.*update deps+.*$"
       order: 5
     - title: 'Other changes and improvements:'
       order: 9

From 88d26c3ea2458d01c0b680013bf050068b0c123d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Dec 2023 13:10:30 -0500
Subject: [PATCH 048/438] CHORE: Update deps (#2678)

---
 go.mod | 26 +++++++++++++-------------
 go.sum | 52 ++++++++++++++++++++++++++--------------------------
 2 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/go.mod b/go.mod
index a3fe3d97f4..64c2bc5965 100644
--- a/go.mod
+++ b/go.mod
@@ -14,11 +14,11 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.23.4
-	github.com/aws/aws-sdk-go-v2/config v1.25.10
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.8
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1
+	github.com/aws/aws-sdk-go-v2 v1.23.5
+	github.com/aws/aws-sdk-go-v2/config v1.25.11
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.9
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
@@ -49,7 +49,7 @@ require (
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
 	github.com/transip/gotransip/v6 v6.23.0
-	github.com/urfave/cli/v2 v2.25.7
+	github.com/urfave/cli/v2 v2.26.0
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.19.0
 	golang.org/x/oauth2 v0.15.0
@@ -79,15 +79,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.2 // indirect
 	github.com/aws/smithy-go v1.18.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 2ee0953521..a973a1a689 100644
--- a/go.sum
+++ b/go.sum
@@ -39,34 +39,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.23.4 h1:2P20ZjH0ouSAu/6yZep8oCmTReathLuEu6dwoqEgjts=
-github.com/aws/aws-sdk-go-v2 v1.23.4/go.mod h1:t3szzKfP0NeRU27uBFczDivYJjsmSnqI8kIvKyWb9ds=
-github.com/aws/aws-sdk-go-v2/config v1.25.10 h1:qw/e8emDtNufTkrAU86DlQ18DruMyyM7ttW6Lgwp4v0=
-github.com/aws/aws-sdk-go-v2/config v1.25.10/go.mod h1:203YiAtb6XyoGxXMPsUVwEcuxCiTQY/r8P27IDjfvMc=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.8 h1:phw9nRLy/77bPk6Mfu2SHCOnHwfVB7WWrOa5rZIY2Fc=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.8/go.mod h1:MrS4SOin6adbO6wgWhdifyPiq+TX7fPPwyA/ZLC1F5M=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8 h1:tQZLSPC2Zj2CqZHonLmWEvCsbpMX5tQvaYJWHadcPek=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.8/go.mod h1:5+YpvTHDFffykWr5qAGjqwoh8oVYZOddL3sSrEN7lws=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7 h1:eMqD7ku6WGdmcWWXPYun9m6yk6feSULLhJlAtN6rYG4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.7/go.mod h1:0oBIfcDV6LScxEW0VgOqxT3e4aqKRp+SYhB9wAd5E3Q=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7 h1:+XYhWhgWs5F3Zx8oa49CXzNvfXrItaDjZB/M172fcHQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.7/go.mod h1:L6tcSRyCGxcKfDWUrmv2jv8G1cLDU7d0FUpEFpG9bVE=
+github.com/aws/aws-sdk-go-v2 v1.23.5 h1:xK6C4udTyDMd82RFvNkDQxtAd00xlzFUtX4fF2nMZyg=
+github.com/aws/aws-sdk-go-v2 v1.23.5/go.mod h1:t3szzKfP0NeRU27uBFczDivYJjsmSnqI8kIvKyWb9ds=
+github.com/aws/aws-sdk-go-v2/config v1.25.11 h1:RWzp7jhPRliIcACefGkKp03L0Yofmd2p8M25kbiyvno=
+github.com/aws/aws-sdk-go-v2/config v1.25.11/go.mod h1:BVUs0chMdygHsQtvaMyEOpW2GIW+ubrxJLgIz/JU29s=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.9 h1:LQo3MUIOzod9JdUK+wxmSdgzLVYUbII3jXn3S/HJZU0=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.9/go.mod h1:R7mDuIJoCjH6TxGUc/cylE7Lp/o0bhKVoxdBThsjqCM=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9 h1:FZVFahMyZle6WcogZCOxo6D/lkDA2lqKIn4/ueUmVXw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9/go.mod h1:kjq7REMIkxdtcEC9/4BVXjOsNY5isz6jQbEgk6osRTU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8 h1:8GVZIR0y6JRIUNSYI1xAMF4HDfV8H/bOsZ/8AD/uY5Q=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8/go.mod h1:rwBfu0SoUkBUZndVgPZKAD9Y2JigaZtRP68unRiYToQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8 h1:ZE2ds/qeBkhk3yqYvS3CDCFNvd9ir5hMjlVStLZWrvM=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8/go.mod h1:/lAPPymDYL023+TS6DJmjuL42nxix2AvEvfjqOBRODk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 h1:e3PCNeEaev/ZF01cQyNZgmYE9oYYePIMJs2mWSKG514=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3/go.mod h1:gIeeNyaL8tIEqZrzAnTeyhHcE0yysCtcaP+N9kxLZ+E=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7 h1:dU+ZyhvqMB/T/TxjGagHMCdyUiqaThRIaMu3YvKiSQI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.7/go.mod h1:SGORuNqoXyWfTvTp/gBGJfv8jRvW/+nha0XhnIXVI+o=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1 h1:v/3D+QsF91AdkF6REEPq6RePxy0vJiHv70CzzLdHrqs=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.1/go.mod h1:KvdP5Uk34wpr49287kAZJOUJtJXqVZmUTVAbYfknrnM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1 h1:5T+BONhULX+UXFTSoebZ+wX0QGfO8lZMj6E+OwGS44A=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.1/go.mod h1:KFZcLBA2BplaxYAOM806i6F5A7EMJDYDR1FnAR3VHkI=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.1 h1:V40g2daNO3l1J94JYwqfkyvQMYXi5I25fs3fNQW8iDs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.1/go.mod h1:0ZWQJP/mBOUxkCvZKybZNz1XmdUKSBxoF0dzgfxtvDs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1 h1:uQrj7SpUNC3r55vc1CDh3qV9wJC66lz546xM9dhSo5s=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.1/go.mod h1:oyaTk5xEAOuPXX1kCD7HmIeuLqdj3Bk5yGkqGXtGi14=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.1 h1:K33V7L0XDdb23FMOZySr8bon1jou5SHn1fiv7NJ1SUg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.1/go.mod h1:YtXUl/sfnS06VksYhr855hTQf2HphfT1Xv/EwuzbPjg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8 h1:EamsKe+ZjkOQjDdHd86/JCEucjFKQ9T0atWKO4s2Lgs=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8/go.mod h1:Q0vV3/csTpbkfKLI5Sb56cJQTCTtJ0ixdb7P+Wedqiw=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2 h1:Dd8CLHufmDFPt+ccGpJx4S0/tS9MnUGPZ9PqU9k6z08=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2/go.mod h1:D58n83ihSAC0wtkcvU6PavqmO839sqYQ+HvpqbD7tKE=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2 h1:dYbN6BSr4hZdgPQp+tZbGtmt8mr7Uqxl3T1nqc9Vw6Y=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2/go.mod h1:jASD8WWGPoh1gFNwhYOlCQhO+zD+bbq1Hy2Ms/1qe5c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.2 h1:xJPydhNm0Hiqct5TVKEuHG7weC0+sOs4MUnd7A5n5F4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.2/go.mod h1:zxk6y1X2KXThESWMS5CrKRvISD8mbIMab6nZrCGxDG0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2 h1:8dU9zqA77C5egbU6yd4hFLaiIdPv3rU+6cp7sz5FjCU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2/go.mod h1:7Lt5mjQ8x5rVdKqg+sKKDeuwoszDJIIPmkd8BVsEdS0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.2 h1:fFrLsy08wEbAisqW3KDl/cPHrF43GmV79zXB9EwJiZw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.2/go.mod h1:7Ld9eTqocTvJqqJ5K/orbSDwmGcpRdlDiLjz2DO+SL8=
 github.com/aws/smithy-go v1.18.1 h1:pOdBTUfXNazOlxLrgeYalVnuTpKreACHtc62xLwIB3c=
 github.com/aws/smithy-go v1.18.1/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -419,8 +419,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
-github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.26.0 h1:3f3AMg3HpThFNT4I++TKOejZO8yU55t3JnnSr4S4QEI=
+github.com/urfave/cli/v2 v2.26.0/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=

From cbccbbeb8d981bcd688de1ee6ef8efe8df8a56d9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Dec 2023 17:45:25 -0500
Subject: [PATCH 049/438] REFACTOR: Opinion: TXT records are one long string
 (#2631)

Co-authored-by: Costas Drogos <costas.drogos@gmail.com>
Co-authored-by: imlonghao <git@imlonghao.com>
Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
Co-authored-by: Vincent Hagen <blackshadev@users.noreply.github.com>
---
 commands/getZones.go                          |   8 +-
 commands/previewPush.go                       |   1 +
 commands/test_data/example.org.zone.djs       |  14 +-
 commands/test_data/example.org.zone.js        |  14 +-
 commands/test_data/example.org.zone.tsv       |  90 +++++-----
 commands/test_data/example.org.zone.zone      |  14 +-
 commands/test_data/simple.com.zone.tsv        |   8 +-
 documentation/opinions.md                     |  32 +++-
 integrationTest/integration_test.go           |  97 ++++++----
 models/dnsrr.go                               |  20 ++-
 models/quotes.go                              |  12 +-
 models/quotes_test.go                         |  29 ++-
 models/record.go                              |  54 ++----
 models/record_test.go                         |   4 -
 models/t_parse.go                             | 148 ++++++++++++---
 models/t_txt.go                               | 169 +++---------------
 models/target.go                              |  49 ++---
 pkg/diff/diff.go                              |   9 +-
 pkg/diff/diff2compat.go                       |   2 +
 pkg/diff2/handsoff_test.go                    |   2 +-
 pkg/js/helpers.js                             |   6 +-
 pkg/js/parse_tests/016-backslash.js           |  13 --
 pkg/js/parse_tests/016-backslash.json         |  22 ---
 pkg/js/parse_tests/016-backslash/foo.com.zone |   2 -
 pkg/js/parse_tests/017-txt.json               |  28 +--
 pkg/js/parse_tests/017-txt/foo.com.zone       |   4 +-
 pkg/js/parse_tests/018-dkim.json              |   5 +-
 pkg/js/parse_tests/018-dkim/foo.com.zone      |   2 +-
 pkg/normalize/flatten.go                      |   2 +-
 pkg/normalize/validate.go                     |   2 +-
 pkg/normalize/validate_test.go                |   4 +-
 pkg/prettyzone/prettyzone.go                  |   3 +-
 pkg/prettyzone/prettyzone_test.go             |  41 +++++
 pkg/rejectif/txt.go                           |  89 +++------
 pkg/txtutil/txtcode.go                        | 155 ++++++++++++++++
 pkg/txtutil/txtcode_test.go                   |  97 ++++++++++
 pkg/txtutil/txtcombined.go                    |  53 ++++++
 pkg/txtutil/txtutil.go                        |  21 +--
 providers/azuredns/auditrecords.go            |   2 +
 providers/bind/bindProvider.go                |   2 +-
 providers/cloudflare/auditrecords.go          |   2 -
 providers/cloudns/auditrecords.go             |   2 -
 providers/cscglobal/api.go                    |  12 +-
 providers/cscglobal/auditrecords.go           |   6 +-
 providers/cscglobal/convert.go                |   2 +
 providers/cscglobal/dns.go                    |   1 -
 providers/digitalocean/auditrecords.go        |   4 +
 providers/dnsimple/auditrecords.go            |   2 +-
 providers/gandiv5/convert.go                  |   9 +-
 providers/gandiv5/gandi_v5Provider.go         |   5 +-
 providers/gcloud/gcloudProvider.go            |  10 +-
 providers/hedns/hednsProvider.go              |   6 +-
 providers/hetzner/types.go                    |  13 +-
 providers/hexonet/auditrecords.go             |   2 +
 providers/hexonet/records.go                  |  37 +---
 providers/hexonet/records_test.go             |  51 ------
 providers/inwx/inwxProvider.go                |   6 +-
 providers/msdns/auditrecords.go               |   8 +-
 providers/namedotcom/auditrecords.go          |   6 +-
 providers/namedotcom/records.go               |   4 +-
 providers/namedotcom/records_test.go          |  14 +-
 providers/ns1/auditrecords.go                 |   2 +-
 providers/ns1/ns1Provider.go                  |   2 +-
 providers/powerdns/convert_test.go            |   3 +-
 providers/route53/route53Provider.go          |  11 +-
 providers/rwth/auditrecords.go                |   2 -
 providers/transip/auditrecords.go             |   8 +-
 providers/transip/slashes.go                  |  11 --
 providers/transip/slashes_test.go             |  25 ---
 providers/transip/transipProvider.go          |  22 +--
 providers/vultr/auditrecords.go               |   2 -
 71 files changed, 877 insertions(+), 742 deletions(-)
 delete mode 100644 pkg/js/parse_tests/016-backslash.js
 delete mode 100644 pkg/js/parse_tests/016-backslash.json
 delete mode 100644 pkg/js/parse_tests/016-backslash/foo.com.zone
 create mode 100644 pkg/txtutil/txtcode.go
 create mode 100644 pkg/txtutil/txtcode_test.go
 create mode 100644 pkg/txtutil/txtcombined.go
 delete mode 100644 providers/hexonet/records_test.go
 delete mode 100644 providers/transip/slashes.go
 delete mode 100644 providers/transip/slashes_test.go

diff --git a/commands/getZones.go b/commands/getZones.go
index 97bba18168..1d6a0e8ec2 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -287,7 +287,7 @@ func GetZone(args GetZoneArgs) error {
 				}
 
 				fmt.Fprintf(w, "%s\t%s\t%d\tIN\t%s\t%s%s\n",
-					rec.NameFQDN, rec.Name, rec.TTL, rec.Type, rec.GetTargetCombined(), cfproxy)
+					rec.NameFQDN, rec.Name, rec.TTL, rec.Type, rec.GetTargetCombinedFunc(nil), cfproxy)
 			}
 
 		default:
@@ -351,11 +351,7 @@ func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) str
 	case "TLSA":
 		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.TlsaUsage, rec.TlsaSelector, rec.TlsaMatchingType, rec.GetTargetField())
 	case "TXT":
-		if len(rec.TxtStrings) == 1 {
-			target = `"` + rec.TxtStrings[0] + `"`
-		} else {
-			target = `["` + strings.Join(rec.TxtStrings, `", "`) + `"]`
-		}
+		target = jsonQuoted(rec.GetTargetTXTJoined())
 		// TODO(tlim): If this is an SPF record, generate a SPF_BUILDER().
 	case "NS":
 		// NS records at the apex should be NAMESERVER() records.
diff --git a/commands/previewPush.go b/commands/previewPush.go
index dfb1592ab9..7ac4cce809 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -45,6 +45,7 @@ type PreviewArgs struct {
 	Full        bool
 }
 
+// ReportItem is a record of corrections for a particular domain/provider/registrar.
 type ReportItem struct {
 	Domain      string `json:"domain"`
 	Corrections int    `json:"corrections"`
diff --git a/commands/test_data/example.org.zone.djs b/commands/test_data/example.org.zone.djs
index e4b695a3ff..1464580fa7 100644
--- a/commands/test_data/example.org.zone.djs
+++ b/commands/test_data/example.org.zone.djs
@@ -37,7 +37,7 @@ D("example.org", REG_CHANGEME
 	, SRV("_pop3._tcp", 0, 0, 0, ".")
 	, SRV("_pop3s._tcp", 0, 0, 0, ".")
 	, SRV("_sieve._tcp", 10, 10, 4190, "imap.example.org.")
-	, TXT("dns-moreinfo", ["Fred Bloggs, TZ=America/New_York", "Chat-Service-X: @handle1", "Chat-Service-Y: federated-handle@example.org"])
+	, TXT("dns-moreinfo", "Fred Bloggs, TZ=America/New_YorkChat-Service-X: @handle1Chat-Service-Y: federated-handle@example.org")
 	, SRV("_pgpkey-http._tcp", 0, 0, 0, ".")
 	, SRV("_pgpkey-https._tcp", 0, 0, 0, ".")
 	, SRV("_hkp._tcp", 0, 0, 0, ".")
@@ -48,9 +48,9 @@ D("example.org", REG_CHANGEME
 	, AAAA("@", "2001:db8::1:1")
 	, TXT("_adsp._domainkey", "dkim=all")
 	, TXT("_dmarc", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
-	, TXT("d201911._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks", "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"])
+	, TXT("d201911._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB")
 	, TXT("d201911e2._domainkey", "v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo=")
-	, TXT("d202003._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo", "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"])
+	, TXT("d202003._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jopv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB")
 	, TXT("d202003e2._domainkey", "v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg=")
 	, TXT("_report", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;")
 	, TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
@@ -311,9 +311,9 @@ D("example.org", REG_CHANGEME
 	, A("fred", "192.0.2.93")
 	, AAAA("fred", "2001:db8::48:4558:5345:5256")
 	, TXT("fred", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all")
-	, TXT("d201911._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz", "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"])
+	, TXT("d201911._domainkey.fred", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/TlzP2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB")
 	, TXT("d201911e2._domainkey.fred", "v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A=")
-	, TXT("d202003._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj", "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"])
+	, TXT("d202003._domainkey.fred", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYjc0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB")
 	, TXT("d202003e2._domainkey.fred", "v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw=")
 	, TXT("_adsp._domainkey.fred", "dkim=all")
 	, TXT("_dmarc.fred", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
@@ -321,9 +321,9 @@ D("example.org", REG_CHANGEME
 	, TXT("_smtp._tls.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
 	, TXT("_smtp-tlsrpt.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org")
 	, MX("mailtest", 10, "mx.example.org.")
-	, TXT("d201911._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn", "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"])
+	, TXT("d201911._domainkey.mailtest", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB")
 	, TXT("d201911e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y=")
-	, TXT("d202003._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN", "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"])
+	, TXT("d202003._domainkey.mailtest", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KNaS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB")
 	, TXT("d202003e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc=")
 	, TXT("_adsp._domainkey.mailtest", "dkim=all")
 	, TXT("_dmarc.mailtest", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s")
diff --git a/commands/test_data/example.org.zone.js b/commands/test_data/example.org.zone.js
index 70f253630d..95f7d4a46a 100644
--- a/commands/test_data/example.org.zone.js
+++ b/commands/test_data/example.org.zone.js
@@ -37,7 +37,7 @@ D("example.org", REG_CHANGEME,
 	SRV("_pop3._tcp", 0, 0, 0, "."),
 	SRV("_pop3s._tcp", 0, 0, 0, "."),
 	SRV("_sieve._tcp", 10, 10, 4190, "imap.example.org."),
-	TXT("dns-moreinfo", ["Fred Bloggs, TZ=America/New_York", "Chat-Service-X: @handle1", "Chat-Service-Y: federated-handle@example.org"]),
+	TXT("dns-moreinfo", "Fred Bloggs, TZ=America/New_YorkChat-Service-X: @handle1Chat-Service-Y: federated-handle@example.org"),
 	SRV("_pgpkey-http._tcp", 0, 0, 0, "."),
 	SRV("_pgpkey-https._tcp", 0, 0, 0, "."),
 	SRV("_hkp._tcp", 0, 0, 0, "."),
@@ -48,9 +48,9 @@ D("example.org", REG_CHANGEME,
 	AAAA("@", "2001:db8::1:1"),
 	TXT("_adsp._domainkey", "dkim=all"),
 	TXT("_dmarc", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
-	TXT("d201911._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks", "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"]),
+	TXT("d201911._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"),
 	TXT("d201911e2._domainkey", "v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo="),
-	TXT("d202003._domainkey", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo", "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"]),
+	TXT("d202003._domainkey", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jopv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"),
 	TXT("d202003e2._domainkey", "v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg="),
 	TXT("_report", "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"),
 	TXT("_smtp._tls", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
@@ -311,9 +311,9 @@ D("example.org", REG_CHANGEME,
 	A("fred", "192.0.2.93"),
 	AAAA("fred", "2001:db8::48:4558:5345:5256"),
 	TXT("fred", "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"),
-	TXT("d201911._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz", "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"]),
+	TXT("d201911._domainkey.fred", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/TlzP2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"),
 	TXT("d201911e2._domainkey.fred", "v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A="),
-	TXT("d202003._domainkey.fred", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj", "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"]),
+	TXT("d202003._domainkey.fred", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYjc0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"),
 	TXT("d202003e2._domainkey.fred", "v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw="),
 	TXT("_adsp._domainkey.fred", "dkim=all"),
 	TXT("_dmarc.fred", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
@@ -321,9 +321,9 @@ D("example.org", REG_CHANGEME,
 	TXT("_smtp._tls.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
 	TXT("_smtp-tlsrpt.fred", "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"),
 	MX("mailtest", 10, "mx.example.org."),
-	TXT("d201911._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn", "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"]),
+	TXT("d201911._domainkey.mailtest", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"),
 	TXT("d201911e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y="),
-	TXT("d202003._domainkey.mailtest", ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN", "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"]),
+	TXT("d202003._domainkey.mailtest", "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KNaS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"),
 	TXT("d202003e2._domainkey.mailtest", "v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc="),
 	TXT("_adsp._domainkey.mailtest", "dkim=all"),
 	TXT("_dmarc.mailtest", "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"),
diff --git a/commands/test_data/example.org.zone.tsv b/commands/test_data/example.org.zone.tsv
index ca15d2fc8a..abae4c9693 100644
--- a/commands/test_data/example.org.zone.tsv
+++ b/commands/test_data/example.org.zone.tsv
@@ -4,7 +4,7 @@ example.org	@	7200	IN	NS	ns2.example.org.
 example.org	@	7200	IN	NS	ns-a.example.net.
 example.org	@	7200	IN	NS	friend-dns.example.com.
 example.org	@	7200	IN	MX	10 mx.example.org.
-example.org	@	7200	IN	TXT	"v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"
+example.org	@	7200	IN	TXT	v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all
 _client._smtp.example.org	_client._smtp	7200	IN	SRV	1 1 1 example.org.
 _client._smtp.mx.example.org	_client._smtp.mx	7200	IN	SRV	1 2 1 mx.example.org.
 _client._smtp.foo.example.org	_client._smtp.foo	7200	IN	SRV	1 2 1 foo.example.org.
@@ -12,7 +12,7 @@ _kerberos._tcp.example.org	_kerberos._tcp	7200	IN	SRV	10 1 88 kerb-service.examp
 _kerberos._udp.example.org	_kerberos._udp	7200	IN	SRV	10 1 88 kerb-service.example.org.
 _kpasswd._udp.example.org	_kpasswd._udp	7200	IN	SRV	10 1 464 kerb-service.example.org.
 _kerberos-adm._tcp.example.org	_kerberos-adm._tcp	7200	IN	SRV	10 1 749 kerb-service.example.org.
-_kerberos.example.org	_kerberos	7200	IN	TXT	"EXAMPLE.ORG"
+_kerberos.example.org	_kerberos	7200	IN	TXT	EXAMPLE.ORG
 _ldap._tcp.example.org	_ldap._tcp	7200	IN	SRV	0 0 0 .
 _ldap._udp.example.org	_ldap._udp	7200	IN	SRV	0 0 0 .
 _jabber._tcp.example.org	_jabber._tcp	7200	IN	SRV	10 2 5269 xmpp-s2s.example.org.
@@ -32,7 +32,7 @@ _imaps._tcp.example.org	_imaps._tcp	7200	IN	SRV	10 10 993 imap.example.org.
 _pop3._tcp.example.org	_pop3._tcp	7200	IN	SRV	0 0 0 .
 _pop3s._tcp.example.org	_pop3s._tcp	7200	IN	SRV	0 0 0 .
 _sieve._tcp.example.org	_sieve._tcp	7200	IN	SRV	10 10 4190 imap.example.org.
-dns-moreinfo.example.org	dns-moreinfo	7200	IN	TXT	"Fred Bloggs, TZ=America/New_York" "Chat-Service-X: @handle1" "Chat-Service-Y: federated-handle@example.org"
+dns-moreinfo.example.org	dns-moreinfo	7200	IN	TXT	Fred Bloggs, TZ=America/New_YorkChat-Service-X: @handle1Chat-Service-Y: federated-handle@example.org
 _pgpkey-http._tcp.example.org	_pgpkey-http._tcp	7200	IN	SRV	0 0 0 .
 _pgpkey-https._tcp.example.org	_pgpkey-https._tcp	7200	IN	SRV	0 0 0 .
 _hkp._tcp.example.org	_hkp._tcp	7200	IN	SRV	0 0 0 .
@@ -41,20 +41,20 @@ _finger._tcp.example.org	_finger._tcp	7200	IN	SRV	10 10 79 barbican.example.org.
 _avatars-sec._tcp.example.org	_avatars-sec._tcp	7200	IN	SRV	10 10 443 avatars.example.org.
 example.org	@	7200	IN	A	192.0.2.1
 example.org	@	7200	IN	AAAA	2001:db8::1:1
-_adsp._domainkey.example.org	_adsp._domainkey	7200	IN	TXT	"dkim=all"
-_dmarc.example.org	_dmarc	7200	IN	TXT	"v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
-d201911._domainkey.example.org	d201911._domainkey	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks" "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"
-d201911e2._domainkey.example.org	d201911e2._domainkey	7200	IN	TXT	"v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo="
-d202003._domainkey.example.org	d202003._domainkey	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo" "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"
-d202003e2._domainkey.example.org	d202003e2._domainkey	7200	IN	TXT	"v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg="
-_report.example.org	_report	7200	IN	TXT	"r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
-_smtp._tls.example.org	_smtp._tls	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
-_smtp-tlsrpt.example.org	_smtp-tlsrpt	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
-example.net._report._dmarc.example.org	example.net._report._dmarc	7200	IN	TXT	"v=DMARC1"
-example.com._report._dmarc.example.org	example.com._report._dmarc	7200	IN	TXT	"v=DMARC1"
-xn--2j5b.xn--9t4b11yi5a._report._dmarc.example.org	xn--2j5b.xn--9t4b11yi5a._report._dmarc	7200	IN	TXT	"v=DMARC1"
-special.test._report._dmarc.example.org	special.test._report._dmarc	7200	IN	TXT	"v=DMARC1"
-xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc.example.org	xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc	7200	IN	TXT	"v=DMARC1"
+_adsp._domainkey.example.org	_adsp._domainkey	7200	IN	TXT	dkim=all
+_dmarc.example.org	_dmarc	7200	IN	TXT	v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s
+d201911._domainkey.example.org	d201911._domainkey	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB
+d201911e2._domainkey.example.org	d201911e2._domainkey	7200	IN	TXT	v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo=
+d202003._domainkey.example.org	d202003._domainkey	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jopv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB
+d202003e2._domainkey.example.org	d202003e2._domainkey	7200	IN	TXT	v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg=
+_report.example.org	_report	7200	IN	TXT	r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;
+_smtp._tls.example.org	_smtp._tls	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
+_smtp-tlsrpt.example.org	_smtp-tlsrpt	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
+example.net._report._dmarc.example.org	example.net._report._dmarc	7200	IN	TXT	v=DMARC1
+example.com._report._dmarc.example.org	example.com._report._dmarc	7200	IN	TXT	v=DMARC1
+xn--2j5b.xn--9t4b11yi5a._report._dmarc.example.org	xn--2j5b.xn--9t4b11yi5a._report._dmarc	7200	IN	TXT	v=DMARC1
+special.test._report._dmarc.example.org	special.test._report._dmarc	7200	IN	TXT	v=DMARC1
+xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc.example.org	xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc	7200	IN	TXT	v=DMARC1
 *._smimecert.example.org	*._smimecert	7200	IN	CNAME	_ourca-smimea.example.org.
 b._dns-sd._udp.example.org	b._dns-sd._udp	7200	IN	PTR	field.example.org.
 lb._dns-sd._udp.example.org	lb._dns-sd._udp	7200	IN	PTR	field.example.org.
@@ -265,9 +265,9 @@ mx.example.org	mx	7200	IN	A	192.0.2.25
 mx.example.org	mx	7200	IN	AAAA	2001:db8::48:4558:736d:7470
 mx.ipv4.example.org	mx.ipv4	7200	IN	A	192.0.2.25
 mx.ipv6.example.org	mx.ipv6	7200	IN	AAAA	2001:db8::48:4558:736d:7470
-mx.example.org	mx	7200	IN	TXT	"v=spf1 a include:_spflarge.example.net -all"
-_mta-sts.example.org	_mta-sts	7200	IN	TXT	"v=STSv1; id=20191231r1;"
-mta-sts.example.org	mta-sts	7200	IN	TXT	"v=STSv1; id=20191231r1;"
+mx.example.org	mx	7200	IN	TXT	v=spf1 a include:_spflarge.example.net -all
+_mta-sts.example.org	_mta-sts	7200	IN	TXT	v=STSv1; id=20191231r1;
+mta-sts.example.org	mta-sts	7200	IN	TXT	v=STSv1; id=20191231r1;
 mta-sts.example.org	mta-sts	7200	IN	A	192.0.2.93
 mta-sts.example.org	mta-sts	7200	IN	AAAA	2001:db8::48:4558:5345:5256
 xmpp.ipv6.example.org	xmpp.ipv6	7200	IN	AAAA	2001:db8::f0ab:cdef:1234:f00f
@@ -297,34 +297,34 @@ news-feed.example.org	news-feed	7200	IN	AAAA	2001:db8::48:4558:6e6e:7470
 go.example.org	go	7200	IN	CNAME	abcdefghijklmn.cloudfront.net.
 foo.example.org	foo	7200	IN	A	192.0.2.200
 gladys.example.org	gladys	7200	IN	MX	10 mx.example.org.
-_adsp._domainkey.gladys.example.org	_adsp._domainkey.gladys	7200	IN	TXT	"dkim=all"
-_dmarc.gladys.example.org	_dmarc.gladys	7200	IN	TXT	"v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
-_report.gladys.example.org	_report.gladys	7200	IN	TXT	"r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
-_smtp._tls.gladys.example.org	_smtp._tls.gladys	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
-_smtp-tlsrpt.gladys.example.org	_smtp-tlsrpt.gladys	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
+_adsp._domainkey.gladys.example.org	_adsp._domainkey.gladys	7200	IN	TXT	dkim=all
+_dmarc.gladys.example.org	_dmarc.gladys	7200	IN	TXT	v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s
+_report.gladys.example.org	_report.gladys	7200	IN	TXT	r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;
+_smtp._tls.gladys.example.org	_smtp._tls.gladys	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
+_smtp-tlsrpt.gladys.example.org	_smtp-tlsrpt.gladys	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
 fred.example.org	fred	7200	IN	MX	10 mx.example.org.
 fred.example.org	fred	7200	IN	A	192.0.2.93
 fred.example.org	fred	7200	IN	AAAA	2001:db8::48:4558:5345:5256
-fred.example.org	fred	7200	IN	TXT	"v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"
-d201911._domainkey.fred.example.org	d201911._domainkey.fred	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz" "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"
-d201911e2._domainkey.fred.example.org	d201911e2._domainkey.fred	7200	IN	TXT	"v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A="
-d202003._domainkey.fred.example.org	d202003._domainkey.fred	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj" "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"
-d202003e2._domainkey.fred.example.org	d202003e2._domainkey.fred	7200	IN	TXT	"v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw="
-_adsp._domainkey.fred.example.org	_adsp._domainkey.fred	7200	IN	TXT	"dkim=all"
-_dmarc.fred.example.org	_dmarc.fred	7200	IN	TXT	"v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
-_report.fred.example.org	_report.fred	7200	IN	TXT	"r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
-_smtp._tls.fred.example.org	_smtp._tls.fred	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
-_smtp-tlsrpt.fred.example.org	_smtp-tlsrpt.fred	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
+fred.example.org	fred	7200	IN	TXT	v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all
+d201911._domainkey.fred.example.org	d201911._domainkey.fred	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/TlzP2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB
+d201911e2._domainkey.fred.example.org	d201911e2._domainkey.fred	7200	IN	TXT	v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A=
+d202003._domainkey.fred.example.org	d202003._domainkey.fred	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYjc0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB
+d202003e2._domainkey.fred.example.org	d202003e2._domainkey.fred	7200	IN	TXT	v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw=
+_adsp._domainkey.fred.example.org	_adsp._domainkey.fred	7200	IN	TXT	dkim=all
+_dmarc.fred.example.org	_dmarc.fred	7200	IN	TXT	v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s
+_report.fred.example.org	_report.fred	7200	IN	TXT	r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;
+_smtp._tls.fred.example.org	_smtp._tls.fred	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
+_smtp-tlsrpt.fred.example.org	_smtp-tlsrpt.fred	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
 mailtest.example.org	mailtest	7200	IN	MX	10 mx.example.org.
-d201911._domainkey.mailtest.example.org	d201911._domainkey.mailtest	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn" "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"
-d201911e2._domainkey.mailtest.example.org	d201911e2._domainkey.mailtest	7200	IN	TXT	"v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y="
-d202003._domainkey.mailtest.example.org	d202003._domainkey.mailtest	7200	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN" "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"
-d202003e2._domainkey.mailtest.example.org	d202003e2._domainkey.mailtest	7200	IN	TXT	"v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc="
-_adsp._domainkey.mailtest.example.org	_adsp._domainkey.mailtest	7200	IN	TXT	"dkim=all"
-_dmarc.mailtest.example.org	_dmarc.mailtest	7200	IN	TXT	"v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
-_report.mailtest.example.org	_report.mailtest	7200	IN	TXT	"r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
-_smtp._tls.mailtest.example.org	_smtp._tls.mailtest	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
-_smtp-tlsrpt.mailtest.example.org	_smtp-tlsrpt.mailtest	7200	IN	TXT	"v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
+d201911._domainkey.mailtest.example.org	d201911._domainkey.mailtest	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB
+d201911e2._domainkey.mailtest.example.org	d201911e2._domainkey.mailtest	7200	IN	TXT	v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y=
+d202003._domainkey.mailtest.example.org	d202003._domainkey.mailtest	7200	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KNaS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB
+d202003e2._domainkey.mailtest.example.org	d202003e2._domainkey.mailtest	7200	IN	TXT	v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc=
+_adsp._domainkey.mailtest.example.org	_adsp._domainkey.mailtest	7200	IN	TXT	dkim=all
+_dmarc.mailtest.example.org	_dmarc.mailtest	7200	IN	TXT	v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s
+_report.mailtest.example.org	_report.mailtest	7200	IN	TXT	r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;
+_smtp._tls.mailtest.example.org	_smtp._tls.mailtest	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
+_smtp-tlsrpt.mailtest.example.org	_smtp-tlsrpt.mailtest	7200	IN	TXT	v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org
 _pgpkey-http._tcp.sks.example.org	_pgpkey-http._tcp.sks	7200	IN	SRV	0 0 0 .
 _pgpkey-https._tcp.sks.example.org	_pgpkey-https._tcp.sks	7200	IN	SRV	0 0 0 .
 _hkp._tcp.sks.example.org	_hkp._tcp.sks	7200	IN	SRV	0 0 0 .
@@ -341,7 +341,7 @@ khard.example.org	khard	7200	IN	NS	ns-cloud-d2.googledomains.com.
 khard.example.org	khard	7200	IN	NS	ns-cloud-d3.googledomains.com.
 khard.example.org	khard	7200	IN	NS	ns-cloud-d4.googledomains.com.
 realhost.example.org	realhost	7200	IN	MX	0 .
-realhost.example.org	realhost	7200	IN	TXT	"v=spf1 -all"
+realhost.example.org	realhost	7200	IN	TXT	v=spf1 -all
 _25._tcp.realhost.example.org	_25._tcp.realhost	7200	IN	TLSA	3 0 0 0000000000000000000000000000000000000000000000000000000000000000
 _fedcba9876543210fedcba9876543210.go.example.org	_fedcba9876543210fedcba9876543210.go	7200	IN	CNAME	_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws.
 opqrstuvwxyz.example.org	opqrstuvwxyz	7200	IN	CNAME	gv-abcdefghijklmn.dv.googlehosted.com.
diff --git a/commands/test_data/example.org.zone.zone b/commands/test_data/example.org.zone.zone
index 0c48481199..384b8979d6 100644
--- a/commands/test_data/example.org.zone.zone
+++ b/commands/test_data/example.org.zone.zone
@@ -32,9 +32,9 @@ special.test._report._dmarc IN TXT "v=DMARC1"
 xn--2j5b.xn--9t4b11yi5a._report._dmarc IN TXT "v=DMARC1"
 xn--qck5b9a5eml3bze.xn--zckzah._report._dmarc IN TXT "v=DMARC1"
 _adsp._domainkey IN TXT   "dkim=all"
-d201911._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks" "6cVGxXBZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"
+d201911._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SmyE5Tz5/wPL8cb2AKuHnlFeLMOhAl1UX/NYaeDCKMWoBPTgZRT0jonKLmV2UscHdodXu5ZsLr/NAuLCp7HmPLReLz7kxKncP6ppveKxc1aq5SPTKeWe77p6BptlahHc35eiXsZRpTsEzrbEOainy1IWEd+w9p1gWbrSutwE22z0i4V88nQ9UBa1ks6cVGxX" "BZFovWC+i28aGs6Lc7cSfHG5+Mrg3ud5X4evYXTGFMPpunMcCsXrqmS5a+5gRSEMZhngha/cHjLwaJnWzKaywNWF5XOsCjL94QkS0joB7lnGOHMNSZBCcu542Y3Ht3SgHhlpkF9mIbIRfpzA9IoSQIDAQAB"
 d201911e2._domainkey IN TXT "v=DKIM1; k=ed25519; p=GBt2k2L39KUb39fg5brOppXDHXvISy0+ECGgPld/bIo="
-d202003._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jo" "pv0d4dR6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"
+d202003._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/1tQvOEs7xtKNm7PbPgY4hQjwHVvqqkDb0+TeqZHYRSczQ3c0LFJrIDFiPIdwQe/7AuKrxvATSh/uXKZ3EP4ouMgROPZnUxVXENeetJj+pc3nfGwTKUBTTTth+SO74gdIWsntjvAfduzosC4ZkxbDwZ9c253qXARGvGu+LB/iAeq0ngEbm5fU13+Jopv0d4d" "R6oGe9GvMEnGGLZzNrxWl1BPe2x5JZ5/X/3fW8vJx3OgRB5N6fqbAJ6HZ9kcbikDH4lPPl9RIoprFk7mmwno/nXLQYGhPobmqq8wLkDiXEkWtYa5lzujz3XI3Zkk8ZIOGvdbVVfAttT0IVPnYkOhQIDAQAB"
 d202003e2._domainkey IN TXT "v=DKIM1; k=ed25519; p=DQI5d9sNMrr0SLDoAi071IFOyKnlbR29hAQdqVQecQg="
 _kerberos        IN TXT   "EXAMPLE.ORG"
 _le-amazon-tlsa  IN TLSA  2 0 1 18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4
@@ -124,7 +124,7 @@ _acme-challenge.conference 15 IN CNAME _acme-challenge.conference.chat-acme.d.ex
 _xmpp-server._tcp.conference IN SRV 10 2 5269 chat.example.org.
                  IN SRV   10 2 5269 xmpp-s2s.example.org.
 dict             IN CNAME services.example.org.
-dns-moreinfo     IN TXT   "Fred Bloggs, TZ=America/New_York" "Chat-Service-X: @handle1" "Chat-Service-Y: federated-handle@example.org"
+dns-moreinfo     IN TXT   "Fred Bloggs, TZ=America/New_YorkChat-Service-X: @handle1Chat-Service-Y: federated-handle@example.org"
 field            IN NS    ns1.example.org.
                  IN NS    ns2.example.org.
 finger           IN CNAME barbican.example.org.
@@ -136,9 +136,9 @@ fred             IN A     192.0.2.93
                  IN TXT   "v=spf1 ip4:192.0.2.25 ip6:2001:db8::1:25 mx include:_spf.example.com ~all"
 _dmarc.fred      IN TXT   "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
 _adsp._domainkey.fred IN TXT "dkim=all"
-d201911._domainkey.fred IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/Tlz" "P2eenyiFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"
+d201911._domainkey.fred IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/OMUa3PnWh9LqXFVwlAgYDdTtbq3zTtTOSBmJq5yWauzXYcUuSmhW7CsV0QQlacCsQgJlwg9Nl1vO1TosAj5EKUCLTeSqjlWrM7KXKPx8FT71Q9H9wXX4MHUyGrqHFo0OPzcmtHwqcd8AD6MIvJHSRoAfiPPBp8Euc0wGnJZdGS75Hk+wA3MQ2/TlzP2eeny" "iFyqmUTAGOYsGC/tREsWPiegR/OVxNGlzTY6quHsuVK7UYtIyFnYx9PGWdl3b3p7VjQ5V0Rp+2CLtVrCuS6Zs+/3NhZdM7mdD0a9Jgxakwa1le5YmB5lHTGF7T8quy6TlKe9lMUIRNjqTHfSFz/MwIDAQAB"
 d201911e2._domainkey.fred IN TXT "v=DKIM1; k=ed25519; p=rQNsV9YcPJn/WYI1EDLjNbN/VuX1Hqq/oe4htbnhv+A="
-d202003._domainkey.fred IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYj" "c0h+FMDpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"
+d202003._domainkey.fred IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpnx7tnRxAnE/poIRbVb2i+f1uQCXWnBHzHurgEyZX0CmGaiJuCbr8SWOW2PoXq9YX8gIv2TS3uzwGv/4yA2yX9Z9zar1LeWUfGgMWLdCol9xfmWrI+6MUzxuwhw/mXwzigbI4bHoakh3ez/i3J9KPS85GfrOODqA1emR13f2pG8EzAcje+rwW2PtYjc0h+FM" "DpeLuPYyYszFbNlrkVUneesxnoz+o4x/s6P14ZoRqz5CR7u6G02HwnNaHads5Eto6FYYErUUTtFmgWuYabHxgLVGRdRQs6B5OBYT/3L2q/lAgmEgdy/QL+c0Psfj99/XQmO8fcM0scBzw2ukQzcUwIDAQAB"
 d202003e2._domainkey.fred IN TXT "v=DKIM1; k=ed25519; p=0DAPp/IRLYFI/Z4YSgJRi4gr7xcu1/EfJ5mjVn10aAw="
 _report.fred     IN TXT   "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
 _smtp-tlsrpt.fred IN TXT  "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
@@ -247,9 +247,9 @@ kpeople          IN AAAA  2001:db8::48:4558:6b70:706c
 mailtest         IN MX    10 mx.example.org.
 _dmarc.mailtest  IN TXT   "v=DMARC1; p=none; sp=none; rua=mailto:dmarc-notify@example.org; ruf=mailto:dmarc-notify@example.org; adkim=s"
 _adsp._domainkey.mailtest IN TXT "dkim=all"
-d201911._domainkey.mailtest IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn" "0XTY6XYgug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"
+d201911._domainkey.mailtest IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9xHnjHyhm1weA6FjOqM8LKVsklFt26HXWoe/0XCdmBG4i/UzQ7RiSgWO4kv7anPK6qf6rtL1xYsHufaRXG8yLsZxz+BbUP99eZvxZX78tMg4cGf+yU6uFxulCbOzsMy+8Cc3bbQTtIWYjyWBwnHdRRrCkQxjZ5KAd+x7ZB5qzqg2/eLJ7fCuNsr/xn0XTY6X" "Ygug95e3h4CEW3Y+bkG81AMeJmT/hoVTcXvT/Gm6ZOUmx6faQWIHSW7qOR3VS6S75HOuclEUk0gt9r7OQHKl01sXh8g02SHRk8SUMEoNVayqplYZTFFF01Z192m7enmpp+St+HHUIT6jW/CAMCO3wIDAQAB"
 d201911e2._domainkey.mailtest IN TXT "v=DKIM1; k=ed25519; p=afulDDnhaTzdqKQN0jtWV04eOhAcyBk3NCyVheOf53Y="
-d202003._domainkey.mailtest IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KN" "aS1okNRRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"
+d202003._domainkey.mailtest IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2BTVZaVLvL3qZBPaF7tRR0SdOKe+hjcpQ5fqO48lEuYiyTb6lkn8DPjDK11gTN3au0Bm+y8KC7ITKSJosuJXytxt3wqc61Pwtmb/Cy7GzmOF1AuegydB3/88VbgHT5DZucHrh6+ValZk4Trkx+/1K26Uo+h2KL2n/Ldb1y91ATHujp8DqxAOhiZ7KNaS1okN" "RRB4/14jPufAbeiN8/iBPiY5Hl80KHmpjM+7vvjb5jiecZ1ZrVDj7eTES4pmVh2v1c106mZLieoqDPYaf/HVbCM4E4n1B6kjbboSOpANADIcqXxGJQ7Be7/Sk9f7KwRusrsMHXmBHgm4wPmwGVZ3QIDAQAB"
 d202003e2._domainkey.mailtest IN TXT "v=DKIM1; k=ed25519; p=iqwH/hhozFdeo1xnuldr8KUi7O7g+DzmC+f0SYMKVDc="
 _report.mailtest IN TXT   "r=abuse-reports@example.org; rf=ARF; re=postmaster@example.org;"
 _smtp-tlsrpt.mailtest IN TXT "v=TLSRPTv1; rua=mailto:smtp-tls-reports@example.org"
diff --git a/commands/test_data/simple.com.zone.tsv b/commands/test_data/simple.com.zone.tsv
index 7e478f4342..b9e95d03d8 100644
--- a/commands/test_data/simple.com.zone.tsv
+++ b/commands/test_data/simple.com.zone.tsv
@@ -8,12 +8,12 @@ simple.com	@	300	IN	MX	5 alt1.aspmx.l.google.com.
 simple.com	@	300	IN	MX	5 alt2.aspmx.l.google.com.
 simple.com	@	300	IN	MX	10 alt3.aspmx.l.google.com.
 simple.com	@	300	IN	MX	10 alt4.aspmx.l.google.com.
-simple.com	@	300	IN	TXT	"google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI"
-simple.com	@	300	IN	TXT	"v=spf1 mx include:mktomail.com ~all"
-m1._domainkey.simple.com	m1._domainkey	300	IN	TXT	"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB"
+simple.com	@	300	IN	TXT	google-site-verification=O54a_pYHGr4EB8iLoGFgX8OTZ1DkP1KWnOLpx0YCazI
+simple.com	@	300	IN	TXT	v=spf1 mx include:mktomail.com ~all
+m1._domainkey.simple.com	m1._domainkey	300	IN	TXT	v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZfEV2C82eJ4OA3Mslz4C6msjYYalg1eUcHeJQ//QM1hOZSvn4qz+hSKGi7jwNDqsZNzM8vCt2+XzdDYL3JddwUEhoDsIsZsJW0qzIVVLLWCg6TLNS3FpVyjc171o94dpoHFekfswWDoEwFQ03Woq2jchYWBrbUf7MMcdEj/EQqwIDAQAB
 dev.simple.com	dev	300	IN	CNAME	stackoverflowsandbox2.mktoweb.com.
 dev-email.simple.com	dev-email	300	IN	CNAME	mkto-sj310056.com.
-m1._domainkey.dev-email.simple.com	m1._domainkey.dev-email	300	IN	TXT	"v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB"
+m1._domainkey.dev-email.simple.com	m1._domainkey.dev-email	300	IN	TXT	v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB
 email.simple.com	email	300	IN	CNAME	mkto-sj280138.com.
 info.simple.com	info	300	IN	CNAME	stackoverflow.mktoweb.com.
 _sip._tcp.simple.com	_sip._tcp	300	IN	SRV	10 60 5060 bigbox.example.com.
diff --git a/documentation/opinions.md b/documentation/opinions.md
index 71256a2ef8..1d7e6f47d8 100644
--- a/documentation/opinions.md
+++ b/documentation/opinions.md
@@ -127,7 +127,7 @@ else is ambiguous and therefore an error.
 # Opinion #7 Hostnames don't have underscores
 
 DNSControl prints warnings if a hostname includes an underscore
-(`_`) because underscores are not permitted in hostnames.  
+(`_`) because underscores are not permitted in hostnames.
 
 We want to prevent a naive user from including an underscore
 when they meant to use a hyphen (`-`).
@@ -150,3 +150,33 @@ Therefore we print a warning if a label has an underscore in it,
 unless the rtype is SRV, TLSA, TXT, or if the name starts with
 certain prefixes such as `_dmarc`.  We're always willing to
 [add more exceptions](https://github.com/StackExchange/dnscontrol/pull/453/files).
+
+# Opinion #8 TXT Records are one long string
+
+* TXT records are a single string with a length of 0 to 65,280 bytes
+  (the maximum possible TXT record size).
+
+It is the provider's responsibility to split, join, quote, parse,
+encode, or decoded the string as needed by the provider's API.  This
+should be invisible to the user.
+
+The user may represent the string any way that JavaScript permits
+strings to be represented (usually double-quotes).  For backwards
+compatibility they may also provide a list of strings which will be
+concatenated.
+
+You may be wondering: Isn't a TXT record really a series of 255-octet
+segments?  Yes, TXT record's wire-format is a series of strings, each
+no longer than 255-octets. However that kind of detail should be
+hidden from users. The user should represent the string they want and
+DNSControl should magically do the right thing behind the scenes. The
+same with quoting and escaping required by APIs.
+
+You may be wondering: Are there any higher-level applications which
+ascribe semantic value to the TXT string boundaries?  I believe that
+the answer is "no".  My proof is not based on reading RFCs, but
+instead based on (a) observing that I've never seen a DNS provider's
+control panel let you specify the boundaries, (b) I've never seen a
+FAQ or reddit post asking how to specify those boundaries. Therefore,
+there is no need for this. I also assert that there will be no such
+need in the future.
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 52398cb184..2c1725c270 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -640,7 +640,6 @@ func makeOvhNativeRecord(name, target, rType string) *models.RecordConfig {
 	r := makeRec(name, "", "TXT")
 	r.Metadata = make(map[string]string)
 	r.Metadata["create_ovh_native_record"] = rType
-	r.TxtStrings = []string{target}
 	r.SetTarget(target)
 	return r
 }
@@ -1085,39 +1084,69 @@ func makeTests(t *testing.T) []*TestGroup {
 			// Do not use only()/not()/requires() in this section.
 			// If your provider needs to skip one of these tests, update
 			// "provider/*/recordaudit.AuditRecords()" to reject that kind
-			// of record. When the provider fixes the bug or changes behavior,
-			// update the AuditRecords().
-
-			//clear(),
-			//tc("a 255-byte TXT", txt("foo255", strings.Repeat("C", 255))),
-			//clear(),
-			//tc("a 256-byte TXT", txt("foo256", strings.Repeat("D", 256))),
-			//clear(),
-			//tc("a 512-byte TXT", txt("foo512", strings.Repeat("C", 512))),
-			//clear(),
-			//tc("a 513-byte TXT", txt("foo513", strings.Repeat("D", 513))),
+			// of record.
+
+			// Some of these test cases are commented out because they test
+			// something that isn't widely used or supported.  For example
+			// many APIs don't support a backslack (`\`) in a TXT record;
+			// luckily we've never seen a need for that "in the wild".  If
+			// you want to future-proof your provider, temporarily remove
+			// the comments and get those tests working, or reject it using
+			// auditrecords.go.
+
+			// ProTip: Unsure how a provider's API escapes something? Try
+			// adding the TXT record via the Web UI and watch how the string
+			// is escaped when you download the records.
+
+			// Nobody needs this and many APIs don't allow it.
+			tc("a 0-byte TXT", txt("foo0", "")),
+
+			// Test edge cases around 255, 255*2, 255*3:
+			tc("a 254-byte TXT", txt("foo254", strings.Repeat("A", 254))), // 255-1
+			tc("a 255-byte TXT", txt("foo255", strings.Repeat("B", 255))), // 255
+			tc("a 256-byte TXT", txt("foo256", strings.Repeat("C", 256))), // 255+1
+			tc("a 509-byte TXT", txt("foo509", strings.Repeat("D", 509))), // 255*2-1
+			tc("a 510-byte TXT", txt("foo510", strings.Repeat("E", 510))), // 255*2
+			tc("a 511-byte TXT", txt("foo511", strings.Repeat("F", 511))), // 255*2+1
+			tc("a 764-byte TXT", txt("foo764", strings.Repeat("G", 764))), // 255*3-1
+			tc("a 765-byte TXT", txt("foo765", strings.Repeat("H", 765))), // 255*3
+			tc("a 766-byte TXT", txt("foo766", strings.Repeat("J", 766))), // 255*3+1
 			//clear(),
 
 			tc("TXT with 1 single-quote", txt("foosq", "quo'te")),
-			//clear(),
 			tc("TXT with 1 backtick", txt("foobt", "blah`blah")),
-			//clear(),
-			tc("TXT with 1 double-quotes", txt("foodq", `quo"te`)),
-			//clear(),
-			tc("TXT with 2 double-quotes", txt("foodqs", `q"uo"te`)),
-			//clear(),
+			tc("TXT with 1 dq-1interior", txt("foodq", `in"side`)),
+			tc("TXT with 2 dq-2interior", txt("foodqs", `in"ter"ior`)),
+			tc("TXT with 1 dq-left", txt("foodqs", `"left`)),
+			tc("TXT with 1 dq-right", txt("foodqs", `right"`)),
 
-			tc("a TXT with interior ws", txt("foosp", "with spaces")),
-			//clear(),
-			tc("TXT with ws at end", txt("foows1", "with space at end ")),
-			//clear(),
+			// Semicolons don't need special treatment.
+			// https://serverfault.com/questions/743789
+			tc("TXT with semicolon", txt("foosc1", `semi;colon`)),
+			tc("TXT with semicolon ws", txt("foosc2", `wssemi ; colon`)),
 
-			//tc("Create a TXT/SPF", txt("foo", "v=spf1 ip4:99.99.99.99 -all")),
-			// This was added because Vultr syntax-checks TXT records with SPF contents.
-			//clear(),
+			tc("TXT interior ws", txt("foosp", "with spaces")),
+			tc("TXT trailing ws", txt("foows1", "with space at end ")),
+
+			// Vultr syntax-checks TXT records with SPF contents.
+			tc("Create a TXT/SPF", txt("foo", "v=spf1 ip4:99.99.99.99 -all")),
 
-			// TODO(tlim): Re-add this when we fix the RFC1035 escaped-quotes issue.
-			//tc("Create TXT with frequently escaped characters", txt("fooex", `!^.*$@#%^&()([][{}{<></:;-_=+\`)),
+			// Nobody needs this and many APIs don't allow it.
+			tc("TXT with 1 backslash", txt("fooosbs1", `1back\slash`)),
+			tc("TXT with 2 backslash", txt("fooosbs2", `2back\\slash`)),
+			tc("TXT with 3 backslash", txt("fooosbs3", `3back\\\slash`)),
+			tc("TXT with 4 backslash", txt("fooosbs4", `4back\\\\slash`)),
+
+			// Nobody needs this and many APIs don't allow it.
+			//tc("Create TXT with frequently difficult characters", txt("fooex", `!^.*$@#%^&()([][{}{<></:;-_=+\`)),
+		),
+
+		testgroup("TXT backslashes",
+			tc("TXT with backslashs",
+				txt("fooosbs1", `1back\slash`),
+				txt("fooosbs2", `2back\\slash`),
+				txt("fooosbs3", `3back\\\slash`),
+				txt("fooosbs4", `4back\\\\slash`)),
 		),
 
 		//
@@ -1244,13 +1273,13 @@ func makeTests(t *testing.T) []*TestGroup {
 				"AZURE_DNS",     // Removed because it is too slow
 				"CLOUDFLAREAPI", // Infinite pagesize but due to slow speed, skipping.
 				"DIGITALOCEAN",  // No paging. Why bother?
-				"CSCGLOBAL",     // Doesn't page. Works fine.  Due to the slow API we skip.
-				"GANDI_V5",      // Their API is so damn slow. We'll add it back as needed.
-				"HEDNS",         // Doesn't page. Works fine.  Due to the slow API we skip.
-				"LOOPIA",        // Their API is so damn slow. Plus, no paging.
-				"MSDNS",         // No paging done. No need to test.
-				"NAMEDOTCOM",    // Their API is so damn slow. We'll add it back as needed.
-				"NS1",           // Free acct only allows 50 records, therefore we skip
+				//"CSCGLOBAL",     // Doesn't page. Works fine.  Due to the slow API we skip.
+				"GANDI_V5",   // Their API is so damn slow. We'll add it back as needed.
+				"HEDNS",      // Doesn't page. Works fine.  Due to the slow API we skip.
+				"LOOPIA",     // Their API is so damn slow. Plus, no paging.
+				"MSDNS",      // No paging done. No need to test.
+				"NAMEDOTCOM", // Their API is so damn slow. We'll add it back as needed.
+				"NS1",        // Free acct only allows 50 records, therefore we skip
 				//"ROUTE53",       // Batches up changes in pages.
 				"TRANSIP", // Doesn't page. Works fine.  Due to the slow API we skip.
 			),
diff --git a/models/dnsrr.go b/models/dnsrr.go
index c4d357649e..222c975c34 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -32,6 +32,16 @@ func RRstoRCs(rrs []dns.RR, origin string) (Records, error) {
 
 // RRtoRC converts dns.RR to RecordConfig
 func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
+	return helperRRtoRC(rr, origin, false)
+}
+
+// RRtoRCTxtBug converts dns.RR to RecordConfig. Compensates for the backslash bug in github.com/miekg/dns/issues/1384.
+func RRtoRCTxtBug(rr dns.RR, origin string) (RecordConfig, error) {
+	return helperRRtoRC(rr, origin, true)
+}
+
+// helperRRtoRC converts dns.RR to RecordConfig. If fixBug is true, replaces `\\` to `\` in TXT records to compensate for github.com/miekg/dns/issues/1384.
+func helperRRtoRC(rr dns.RR, origin string, fixBug bool) (RecordConfig, error) {
 	// Convert's dns.RR into our native data type (RecordConfig).
 	// Records are translated directly with no changes.
 	header := rr.Header()
@@ -73,7 +83,15 @@ func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
 	case *dns.TLSA:
 		err = rc.SetTargetTLSA(v.Usage, v.Selector, v.MatchingType, v.Certificate)
 	case *dns.TXT:
-		err = rc.SetTargetTXTs(v.Txt)
+		if fixBug {
+			t := strings.Join(v.Txt, "")
+			te := t
+			te = strings.ReplaceAll(te, `\\`, `\`)
+			te = strings.ReplaceAll(te, `\"`, `"`)
+			err = rc.SetTargetTXT(te)
+		} else {
+			err = rc.SetTargetTXTs(v.Txt)
+		}
 	default:
 		return *rc, fmt.Errorf("rrToRecord: Unimplemented zone record type=%s (%v)", rc.Type, rr)
 	}
diff --git a/models/quotes.go b/models/quotes.go
index 62c68d1ed9..b7736c89b5 100644
--- a/models/quotes.go
+++ b/models/quotes.go
@@ -7,8 +7,12 @@ import (
 	"github.com/miekg/dns"
 )
 
-// IsQuoted returns true if the string starts and ends with a double quote.
-func IsQuoted(s string) bool {
+/*
+TODO(tlim): Move this file to pkgs/txtutil. It doesn't need to be part
+*/
+
+// isQuoted returns true if the string starts and ends with a double quote.
+func isQuoted(s string) bool {
 	if s == "" {
 		return false
 	}
@@ -24,7 +28,7 @@ func IsQuoted(s string) bool {
 // StripQuotes returns the string with the starting and ending quotes removed.
 // If it is not quoted, the original string is returned.
 func StripQuotes(s string) string {
-	if IsQuoted(s) {
+	if isQuoted(s) {
 		return s[1 : len(s)-1]
 	}
 	return s
@@ -41,7 +45,7 @@ func StripQuotes(s string) string {
 // NOTE: This doesn't handle escaped quotes.
 // NOTE: You probably want to use ParseQuotedFields() for RFC 1035-compliant quoting.
 func ParseQuotedTxt(s string) []string {
-	if !IsQuoted(s) {
+	if !isQuoted(s) {
 		return []string{s}
 	}
 	return strings.Split(StripQuotes(s), `" "`)
diff --git a/models/quotes_test.go b/models/quotes_test.go
index 9ca3214015..595bdb124a 100644
--- a/models/quotes_test.go
+++ b/models/quotes_test.go
@@ -1,6 +1,9 @@
 package models
 
-import "testing"
+import (
+	"strings"
+	"testing"
+)
 
 func TestIsQuoted(t *testing.T) {
 	tests := []struct {
@@ -16,7 +19,7 @@ func TestIsQuoted(t *testing.T) {
 		{`"aaa" "bbb"`, true},
 	}
 	for i, test := range tests {
-		r := IsQuoted(test.d1)
+		r := isQuoted(test.d1)
 		if r != test.e1 {
 			t.Errorf("%v: expected (%v) got (%v)", i, test.e1, r)
 		}
@@ -48,6 +51,8 @@ func TestStripQuotes(t *testing.T) {
 	}
 }
 
+func r(s string, c int) string { return strings.Repeat(s, c) }
+
 func TestParseQuotedTxt(t *testing.T) {
 	tests := []struct {
 		d1 string
@@ -59,6 +64,26 @@ func TestParseQuotedTxt(t *testing.T) {
 		{`foo bar`, []string{`foo bar`}},
 		{`"aaa" "bbb"`, []string{`aaa`, `bbb`}},
 		{`"a"a" "bbb"`, []string{`a"a`, `bbb`}},
+		// Seen in live traffic:
+		{"\"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\"",
+			[]string{r("B", 254)}},
+		{"\"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\"",
+			[]string{r("C", 255)}},
+		{"\"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD\" \"D\"",
+			[]string{r("D", 255), "D"}},
+		{"\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\" \"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\"",
+			[]string{r("E", 255), r("E", 255)}},
+		{"\"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\" \"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\" \"F\"",
+			[]string{r("F", 255), r("F", 255), "F"}},
+		{"\"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\" \"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\" \"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\"",
+			[]string{r("G", 255), r("G", 255), r("G", 255)}},
+		{"\"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"H\"",
+			[]string{r("H", 255), r("H", 255), r("H", 255), "H"}},
+		{"\"quo'te\"", []string{`quo'te`}},
+		{"\"blah`blah\"", []string{"blah`blah"}},
+		//{"\"quo\\\"te\"", []string{`quo"te`}},
+		//{"\"q\\\"uo\\\"te\"", []string{`q"uo"te`}},
+		//{"\"backs\\\\lash\"", []string{`back\slash`}},
 	}
 	for i, test := range tests {
 		ls := ParseQuotedTxt(test.d1)
diff --git a/models/record.go b/models/record.go
index 8c95c3894c..c165981c6e 100644
--- a/models/record.go
+++ b/models/record.go
@@ -4,9 +4,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
-	"sort"
 	"strings"
 
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/jinzhu/copier"
 	"github.com/miekg/dns"
 	"github.com/miekg/dns/dnsutil"
@@ -127,7 +127,6 @@ type RecordConfig struct {
 	TlsaUsage        uint8             `json:"tlsausage,omitempty"`
 	TlsaSelector     uint8             `json:"tlsaselector,omitempty"`
 	TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
-	TxtStrings       []string          `json:"txtstrings,omitempty"` // TxtStrings stores all strings (including the first). Target stores all the strings joined.
 	R53Alias         map[string]string `json:"r53_alias,omitempty"`
 	AzureAlias       map[string]string `json:"azure_alias,omitempty"`
 }
@@ -195,7 +194,6 @@ func (rc *RecordConfig) UnmarshalJSON(b []byte) error {
 		TlsaUsage        uint8             `json:"tlsausage,omitempty"`
 		TlsaSelector     uint8             `json:"tlsaselector,omitempty"`
 		TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
-		TxtStrings       []string          `json:"txtstrings,omitempty"` // TxtStrings stores all strings (including the first). Target stores only the first one.
 		R53Alias         map[string]string `json:"r53_alias,omitempty"`
 		AzureAlias       map[string]string `json:"azure_alias,omitempty"`
 
@@ -305,47 +303,22 @@ func (rc *RecordConfig) GetLabelFQDN() string {
 	return rc.NameFQDN
 }
 
-// ToDiffable returns a string that is comparable by a differ.
-// extraMaps: a list of maps that should be included in the comparison.
-// NB(tlim): This will be deprecated when pkg/diff is replaced by pkg/diff2.
-// Use // ToComparableNoTTL() instead.
-func (rc *RecordConfig) ToDiffable(extraMaps ...map[string]string) string {
-	var content string
-	switch rc.Type {
-	case "SOA":
-		content = fmt.Sprintf("%s %v %d %d %d %d ttl=%d", rc.target, rc.SoaMbox, rc.SoaRefresh, rc.SoaRetry, rc.SoaExpire, rc.SoaMinttl, rc.TTL)
-		// SoaSerial is not used in comparison
-	default:
-		content = fmt.Sprintf("%v ttl=%d", rc.GetTargetCombined(), rc.TTL)
-	}
-	for _, valueMap := range extraMaps {
-		// sort the extra values map keys to perform a deterministic
-		// comparison since Golang maps iteration order is not guaranteed
-
-		// FIXME(tlim) The keys of each map is sorted per-map, not across
-		// all maps. This may be intentional since we'd have no way to
-		// deal with duplicates.
-
-		keys := make([]string, 0)
-		for k := range valueMap {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-		for _, k := range keys {
-			v := valueMap[k]
-			content += fmt.Sprintf(" %s=%s", k, v)
-		}
-	}
-	return content
-}
-
 // ToComparableNoTTL returns a comparison string. If you need to compare two
 // RecordConfigs, you can simply compare the string returned by this function.
 // The comparison includes all fields except TTL and any provider-specific
 // metafields.  Provider-specific metafields like CF_PROXY are not the same as
 // pseudo-records like ANAME or R53_ALIAS
-// This replaces ToDiff()
 func (rc *RecordConfig) ToComparableNoTTL() string {
+	switch rc.Type {
+	case "SOA":
+		return fmt.Sprintf("%s %v %d %d %d %d", rc.target, rc.SoaMbox, rc.SoaRefresh, rc.SoaRetry, rc.SoaExpire, rc.SoaMinttl)
+		// SoaSerial is not included because it isn't used in comparisons.
+	case "TXT":
+		//fmt.Fprintf(os.Stdout, "DEBUG: ToComNoTTL raw txts=%s q=%q\n", rc.target, rc.target)
+		r := txtutil.EncodeQuoted(rc.target)
+		//fmt.Fprintf(os.Stdout, "DEBUG: ToComNoTTL cmp txts=%s q=%q\n", r, r)
+		return r
+	}
 	return rc.GetTargetCombined()
 }
 
@@ -390,7 +363,6 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.DS).Digest = rc.DsDigest
 		rr.(*dns.DS).KeyTag = rc.DsKeyTag
 	case dns.TypeLOC:
-		//this is for records from .js files and read from API
 		// fmt.Printf("ToRR long: %d, lat:%d, sz: %d, hz:%d, vt:%d\n", rc.LocLongitude, rc.LocLatitude, rc.LocSize, rc.LocHorizPre, rc.LocVertPre)
 		// fmt.Printf("ToRR rc: %+v\n", *rc)
 		rr.(*dns.LOC).Version = rc.LocVersion
@@ -423,7 +395,7 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.SOA).Expire = rc.SoaExpire
 		rr.(*dns.SOA).Minttl = rc.SoaMinttl
 	case dns.TypeSPF:
-		rr.(*dns.SPF).Txt = rc.TxtStrings
+		rr.(*dns.SPF).Txt = rc.GetTargetTXTSegmented()
 	case dns.TypeSRV:
 		rr.(*dns.SRV).Priority = rc.SrvPriority
 		rr.(*dns.SRV).Weight = rc.SrvWeight
@@ -439,7 +411,7 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.TLSA).Selector = rc.TlsaSelector
 		rr.(*dns.TLSA).Certificate = rc.GetTargetField()
 	case dns.TypeTXT:
-		rr.(*dns.TXT).Txt = rc.TxtStrings
+		rr.(*dns.TXT).Txt = rc.GetTargetTXTSegmented()
 	default:
 		panic(fmt.Sprintf("ToRR: Unimplemented rtype %v", rc.Type))
 		// We panic so that we quickly find any switch statements
diff --git a/models/record_test.go b/models/record_test.go
index f4015197ec..e654bd33ad 100644
--- a/models/record_test.go
+++ b/models/record_test.go
@@ -88,7 +88,6 @@ func TestRecordConfig_Copy(t *testing.T) {
 		TlsaUsage        uint8
 		TlsaSelector     uint8
 		TlsaMatchingType uint8
-		TxtStrings       []string
 		R53Alias         map[string]string
 		AzureAlias       map[string]string
 		Original         interface{}
@@ -135,7 +134,6 @@ func TestRecordConfig_Copy(t *testing.T) {
 				TlsaUsage:        1,
 				TlsaSelector:     2,
 				TlsaMatchingType: 3,
-				TxtStrings:       []string{"one", "two", "three"},
 				R53Alias:         map[string]string{"a": "eh", "b": "bee"},
 				AzureAlias:       map[string]string{"az": "az", "ure": "your"},
 				//Original         interface{},
@@ -174,7 +172,6 @@ func TestRecordConfig_Copy(t *testing.T) {
 				TlsaUsage:        1,
 				TlsaSelector:     2,
 				TlsaMatchingType: 3,
-				TxtStrings:       []string{"one", "two", "three"},
 				R53Alias:         map[string]string{"a": "eh", "b": "bee"},
 				AzureAlias:       map[string]string{"az": "az", "ure": "your"},
 				//Original         interface{},
@@ -217,7 +214,6 @@ func TestRecordConfig_Copy(t *testing.T) {
 				TlsaUsage:        tt.fields.TlsaUsage,
 				TlsaSelector:     tt.fields.TlsaSelector,
 				TlsaMatchingType: tt.fields.TlsaMatchingType,
-				TxtStrings:       tt.fields.TxtStrings,
 				R53Alias:         tt.fields.R53Alias,
 				AzureAlias:       tt.fields.AzureAlias,
 				Original:         tt.fields.Original,
diff --git a/models/t_parse.go b/models/t_parse.go
index 1cbfeea630..10d9c94dff 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -5,6 +5,110 @@ import (
 	"net"
 )
 
+// PopulateFromStringFunc populates a RecordConfig by parsing a common RFC1035-like format.
+//
+//	rtype: the resource record type (rtype)
+//	contents: a string that contains all parameters of the record's rdata (see below)
+//	txtFn: If rtype == "TXT", this function is used to parse contents, or nil if no parsing is needed.
+//
+// The "contents" field is the format used in RFC1035 zonefiles. It is the text
+// after the rtype.  For example, in the line: foo IN MX 10 mx.example.com.
+// contents stores everything after the "MX" (not including the space).
+//
+// Typical values for txtFn include:
+//
+//	nil:  no parsing required.
+//	txtutil.ParseQuoted: Parse via Tom's interpretation of RFC1035.
+//	txtutil.ParseCombined: Backwards compatible with Parse via miekg's interpretation of RFC1035.
+//
+// Many providers deliver record data in this format or something close to it.
+// This function is provided to reduce the amount of duplicate code across
+// providers.  If a particular rtype is not handled as a particular provider
+// expects, simply handle it beforehand as a special case.
+//
+// Example 1: Normal use.
+//
+//	rtype := FILL_IN_RTYPE
+//	rc := &models.RecordConfig{Type: rtype, TTL: FILL_IN_TTL}
+//	rc.SetLabelFromFQDN(FILL_IN_NAME, origin)
+//	rc.Original = FILL_IN_ORIGINAL // The raw data received from provider (if needed later)
+//	if err = rc.PopulateFromStringFunc(rtype, target, origin, nil); err != nil {
+//		return nil, fmt.Errorf("unparsable record type=%q received from PROVDER_NAME: %w", rtype, err)
+//	}
+//	return rc, nil
+//
+// Example 2: Use your own MX parser.
+//
+//	rtype := FILL_IN_RTYPE
+//	rc := &models.RecordConfig{Type: rtype, TTL: FILL_IN_TTL}
+//	rc.SetLabelFromFQDN(FILL_IN_NAME, origin)
+//	rc.Original = FILL_IN_ORIGINAL // The raw data received from provider (if needed later)
+//	switch rtype {
+//	case "MX":
+//		// MX priority in a separate field.
+//		err = rc.SetTargetMX(cr.Priority, target)
+//	default:
+//		err = rc.PopulateFromString(rtype, target, origin)
+//	}
+//	if err != nil {
+//		return nil, fmt.Errorf("unparsable record type=%q received from PROVDER_NAME: %w", rtype, err)
+//	}
+//	return rc, nil
+func (rc *RecordConfig) PopulateFromStringFunc(rtype, contents, origin string, txtFn func(s string) (string, error)) error {
+	if rc.Type != "" && rc.Type != rtype {
+		return fmt.Errorf("assertion failed: rtype already set (%s) (%s)", rtype, rc.Type)
+	}
+
+	switch rc.Type = rtype; rtype { // #rtype_variations
+	case "A":
+		ip := net.ParseIP(contents)
+		if ip == nil || ip.To4() == nil {
+			return fmt.Errorf("invalid IP in A record: %s", contents)
+		}
+		return rc.SetTargetIP(ip) // Reformat to canonical form.
+	case "AAAA":
+		ip := net.ParseIP(contents)
+		if ip == nil || ip.To16() == nil {
+			return fmt.Errorf("invalid IP in AAAA record: %s", contents)
+		}
+		return rc.SetTargetIP(ip) // Reformat to canonical form.
+	case "AKAMAICDN", "ALIAS", "ANAME", "CNAME", "NS", "PTR":
+		return rc.SetTarget(contents)
+	case "CAA":
+		return rc.SetTargetCAAString(contents)
+	case "DS":
+		return rc.SetTargetDSString(contents)
+	case "DHCID":
+		return rc.SetTarget(contents)
+	case "LOC":
+		return rc.SetTargetLOCString(origin, contents)
+	case "MX":
+		return rc.SetTargetMXString(contents)
+	case "NAPTR":
+		return rc.SetTargetNAPTRString(contents)
+	case "SOA":
+		return rc.SetTargetSOAString(contents)
+	case "SPF", "TXT":
+		if txtFn == nil {
+			return rc.SetTargetTXT(contents)
+		}
+		t, err := txtFn(contents)
+		if err != nil {
+			return fmt.Errorf("invalid TXT record: %s", contents)
+		}
+		return rc.SetTargetTXT(t)
+	case "SRV":
+		return rc.SetTargetSRVString(contents)
+	case "SSHFP":
+		return rc.SetTargetSSHFPString(contents)
+	case "TLSA":
+		return rc.SetTargetTLSAString(contents)
+	default:
+		return fmt.Errorf("unknown rtype (%s) when parsing (%s) domain=(%s)",
+			rtype, contents, origin)
+	}
+}
+
 // PopulateFromString populates a RecordConfig given a type and string.  Many
 // providers give all the parameters of a resource record in one big string.
 // This helper function lets you not re-invent the wheel.
@@ -15,27 +119,26 @@ import (
 // Recommended calling convention:  Process the exceptions first, then use the
 // PopulateFromString function for everything else.
 //
-//      rtype := FILL_IN_TYPE
-//     	var err error
-//      rc := &models.RecordConfig{Type: rtype}
-//      rc.SetLabelFromFQDN(FILL_IN_NAME, origin)
-//      rc.TTL = uint32(FILL_IN_TTL)
-//      rc.Original = FILL_IN_ORIGINAL // The raw data received from provider (if needed later)
-//     	switch rtype {
-//     	case "MX":
-//     		// MX priority in a separate field.
-//     		err = rc.SetTargetMX(cr.Priority, target)
-//     	case "TXT":
-//     		// TXT records are stored verbatim; no quoting/escaping to parse.
-//     		err = rc.SetTargetTXT(target)
-//     	default:
-//     		err = rc.PopulateFromString(rtype, target, origin)
-//     	}
-//     	if err != nil {
-//     		return nil, fmt.Errorf("unparsable record type=%q received from PROVDER_NAME: %w", rtype, err)
-//     	}
-//     	return rc, nil
-
+//	 rtype := FILL_IN_TYPE
+//		var err error
+//	 rc := &models.RecordConfig{Type: rtype}
+//	 rc.SetLabelFromFQDN(FILL_IN_NAME, origin)
+//	 rc.TTL = uint32(FILL_IN_TTL)
+//	 rc.Original = FILL_IN_ORIGINAL // The raw data received from provider (if needed later)
+//		switch rtype {
+//		case "MX":
+//			// MX priority in a separate field.
+//			err = rc.SetTargetMX(cr.Priority, target)
+//		case "TXT":
+//			// TXT records are stored verbatim; no quoting/escaping to parse.
+//			err = rc.SetTargetTXT(target)
+//		default:
+//			err = rc.PopulateFromString(rtype, target, origin)
+//		}
+//		if err != nil {
+//			return nil, fmt.Errorf("unparsable record type=%q received from PROVDER_NAME: %w", rtype, err)
+//		}
+//		return rc, nil
 func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error {
 	if rc.Type != "" && rc.Type != rtype {
 		panic(fmt.Errorf("assertion failed: rtype already set (%s) (%s)", rtype, rc.Type))
@@ -70,9 +173,6 @@ func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error
 	case "SOA":
 		return rc.SetTargetSOAString(contents)
 	case "SPF", "TXT":
-		// Parsing the contents may be unexpected. If your provider gives you a
-		// string that needs no further parsing, special case TXT and use
-		// rc.SetTargetTXT(target) like in the example above.
 		return rc.SetTargetTXTs(ParseQuotedTxt(contents))
 	case "SRV":
 		return rc.SetTargetSRVString(contents)
diff --git a/models/t_txt.go b/models/t_txt.go
index 7b7b78a4d3..c8937121e7 100644
--- a/models/t_txt.go
+++ b/models/t_txt.go
@@ -1,113 +1,34 @@
 package models
 
 import (
-	"fmt"
 	"strings"
 )
 
 /*
-Sadly many providers handle TXT records in strange and non-compliant
+Sadly many providers handle TXT records in strange and unexpeected
 ways.  DNSControl has to handle all of them.  Over the years we've
 tried many things.  This explain the current state of the code.
 
-What are some of these variations?
+DNSControl stores the TXT record target as a single string of any length.
+Providers take care of any splitting, excaping, or quoting.
 
-* The RFCs say that a TXT record is a series of strings, each 255-octets
-  or fewer.  Yet, most provider APIs only support a single string which
-  is split into 255-octetl chunks behind the scenes.  Some only support
-  a single string that is 255-octets or less.
+NOTE: Older versions of DNSControl stored the TXT record as
+represented by the provider, which could be a single string, a series
+of smaller strings, or a single string that is quoted/escaped.  This
+created tons of edge-cases and other distractions.
 
-* The RFCs don't say much about the content of the strings.  Some
-  providers accept any octet, some only accept ASCII-printable chars,
-  some get confused by TXT records that include backticks, quotes, or
-  whitespace at the end of the string.
+If a provider doesn't support certain charactors in a TXT record, use
+the providers/$PROVIDER/auditrecords.go file to indicate this.
+DNSControl uses this information to warn users of unsupporrted input,
+and to skip related integration tests.
 
-DNSControl has tried many different ways to handle all these
-variations over the years. This is what we found works best:
+There are 2 ways to create a TXT record:
+	SetTargetTXT():  Create from a string.
+	SetTargetTXTs(): Create from an array of strings that need to be joined.
 
-Principle 1. Store the string as the user input it.
-
-DNSControl stores the string as the user specified in dnsconfig.js.
-The user can specify a string of any length, or many individual
-strings of any length.
-
-No matter how the user presented the data in dnsconfig.js, the data is
-stored as a list of strings (RecordConfig.TxtStrings []string).  If
-they input 1 string, the list has one element. If the user input many
-individual strings, the list is copied into .TxtStrings.
-
-When we store the data in .TxtStrings there is no length checking. The data is not manipulated.
-
-Principle 2. When downloading zone records, receive the data as appropriate.
-
-When the API returns a TXT record, the provider's code must properly
-store it in the .TxtStrings field of RecordConfig.
-
-We've found most APIs return TXT strings in one of three ways:
-
-  * The API returns a single string: use RecordConfig.SetTargetTXT().
-  * The API returns multiple strings: use RecordConfig.SetTargetTXTs().
-	* (THIS IS RARE) The API returns a single string that must be parsed
-		into multiple strings: The provider is responsible for the
-		parsing.  However, usually the format is "quoted like in RFC 1035"
-		which is vague, but we've implemented it as
-		RecordConfig.SetTargetTXTfromRFC1035Quoted().
-
-If the format is something else, please write the parser as a separate
-function and write unit tests based on actual data received from the
-API.
-
-Principle 3. When sending TXT records to the API, send what the API expects.
-
-The provider's code must decide how to take the list of strings in
-.TxtStrings and present them to the API.
-
-Most providers fall into one of these categories:
-
-	* If the API expects one long string, the provider code joins all
-	  the smaller strings and sends one big string.  Use the helper
-	  function RecordConfig.GetTargetTXTJoined()
-  * If the API expects many strings of any size, the provider code
-	  sends the individual strings. Those strings are accessed as
-	  the array RecordConfig.TxtStrings
-	* (THIS IS RARE) If the API expects multiple strings to be sent as
-	  one long string, quoted RFC 1025-style, call
-	  RecordConfig.GetTargetRFC1035Quoted() and send that string.
-
-Note: If the API expects many strings, each 255-octets or smaller, the
-provider code must split the longer strings into smaller strings.  The
-helper function txtutil.SplitSingleLongTxt(dc.Records) will iterate
-over all TXT records and split out any strings longer than 255 octets.
-Call this once in GetDomainCorrections().  (Yes, this violates
-Principle 1, but we decided it is best to do it once, than provide a
-getter that would re-split the strings on every call.)
-
-Principle 4. Providers can communicate back to DNSControl strings they can't handle.
-
-As mentioned before, some APIs reject TXT records for various reasons:
-Illegal chars, whitespace at the end, etc.  We can't make a flag for
-every variation.  Instead we call the provider's AuditRecords()
-function and it reports if there are any records that it can't
-process.
-
-We've provided many helper functions to make this easier.  Look at any
-of the providers/.../auditrecord.go` files for examples.
-
-The integration tests call AuditRecords() to skip any tests that we
-know will fail.  If one of the integration tests is failing, it is
-often better to update AuditRecords() than to try to figure out why,
-for example, the provider doesn't support backticks in strings.  Don't
-spend a lot of effort trying to fix situations that are rare or will
-not appear in real-world situations.
-
-Companies do update their APIs occasionally. You might want to try
-eliminating the checks one at a time to see if the API has improved.
-Don't feel obligated to do this more than once a year.
-
-Conclusion:
-
-When we follow these 4 principles, and stick with the helper functions
-provided, we're able to handle all the variations.
+There are 2 ways to get the value (target) of a TXT record:
+	GetTargetTXTJoined(): Returns one big string
+	GetTargetTXTSegmented(): Returns an array 255-octet segments.
 
 */
 
@@ -119,8 +40,6 @@ func (rc *RecordConfig) HasFormatIdenticalToTXT() bool {
 }
 
 // SetTargetTXT sets the TXT fields when there is 1 string.
-// The string is stored in .Target, and split into 255-octet chunks
-// for .TxtStrings.
 func (rc *RecordConfig) SetTargetTXT(s string) error {
 	if rc.Type == "" {
 		rc.Type = "TXT"
@@ -128,41 +47,27 @@ func (rc *RecordConfig) SetTargetTXT(s string) error {
 		panic("assertion failed: SetTargetTXT called when .Type is not TXT or compatible type")
 	}
 
-	rc.TxtStrings = []string{s}
-	rc.SetTarget(rc.zoneFileQuoted())
-	return nil
+	return rc.SetTarget(s)
 }
 
-// SetTargetTXTs sets the TXT fields when there are many strings.
-// The individual strings are stored in .TxtStrings, and joined to make .Target.
+// SetTargetTXTs sets the TXT fields when there are many strings. They are stored concatenated.
 func (rc *RecordConfig) SetTargetTXTs(s []string) error {
-	if rc.Type == "" {
-		rc.Type = "TXT"
-	} else if !rc.HasFormatIdenticalToTXT() {
-		panic("assertion failed: SetTargetTXTs called when .Type is not TXT or compatible type")
-	}
-
-	rc.TxtStrings = s
-	rc.SetTarget(rc.zoneFileQuoted())
-	return nil
+	return rc.SetTargetTXT(strings.Join(s, ""))
 }
 
 // GetTargetTXTJoined returns the TXT target as one string.
 func (rc *RecordConfig) GetTargetTXTJoined() string {
-	return strings.Join(rc.TxtStrings, "")
+	return rc.target
 }
 
 // GetTargetTXTSegmented returns the TXT target as 255-octet segments, with the remainder in the last segment.
 func (rc *RecordConfig) GetTargetTXTSegmented() []string {
-	return splitChunks(strings.Join(rc.TxtStrings, ""), 255)
+	return splitChunks(rc.target, 255)
 }
 
 // GetTargetTXTSegmentCount returns the number of 255-octet segments required to store TXT target.
 func (rc *RecordConfig) GetTargetTXTSegmentCount() int {
-	var total int
-	for i := range rc.TxtStrings {
-		total = len(rc.TxtStrings[i])
-	}
+	total := len(rc.target)
 	segs := total / 255 // integer division, decimals are truncated
 	if (total % 255) > 0 {
 		return segs + 1
@@ -171,6 +76,10 @@ func (rc *RecordConfig) GetTargetTXTSegmentCount() int {
 }
 
 func splitChunks(buf string, lim int) []string {
+	if len(buf) == 0 {
+		return nil
+	}
+
 	var chunk string
 	chunks := make([]string, 0, len(buf)/lim+1)
 	for len(buf) >= lim {
@@ -182,27 +91,3 @@ func splitChunks(buf string, lim int) []string {
 	}
 	return chunks
 }
-
-// SetTargetTXTfromRFC1035Quoted parses a series of quoted strings
-// and sets .TxtStrings based on the result.
-// Note: Most APIs do notThis is rarely used. Try using SetTargetTXT() first.
-// Ex:
-//
-//	"foo"        << 1 string
-//	"foo bar"    << 1 string
-//	"foo" "bar"  << 2 strings
-//	foo          << error. No quotes! Did you intend to use SetTargetTXT?
-func (rc *RecordConfig) SetTargetTXTfromRFC1035Quoted(s string) error {
-	if s != "" && s[0] != '"' {
-		// If you get this error, it is likely that you should use
-		// SetTargetTXT() instead of SetTargetTXTfromRFC1035Quoted().
-		return fmt.Errorf("non-quoted string used with SetTargetTXTfromRFC1035Quoted: (%s)", s)
-	}
-	many, err := ParseQuotedFields(s)
-	if err != nil {
-		return err
-	}
-	return rc.SetTargetTXTs(many)
-}
-
-// There is no GetTargetTXTfromRFC1025Quoted(). Use GetTargetRFC1035Quoted()
diff --git a/models/target.go b/models/target.go
index 55a843c937..d59c598ac2 100644
--- a/models/target.go
+++ b/models/target.go
@@ -3,7 +3,6 @@ package models
 import (
 	"fmt"
 	"net"
-	"runtime/debug"
 	"strings"
 
 	"github.com/miekg/dns"
@@ -14,22 +13,9 @@ If an rType has more than one field, one field goes in .target and the remaining
 Not the best design, but we're stuck with it until we re-do RecordConfig, possibly using generics.
 */
 
-// Set debugWarnTxtField to true if you want a warning when
-// GetTargetField is called on a TXT record.
-// GetTargetField works fine on TXT records for casual output but it
-// is often better to access .TxtStrings directly or call
-// GetTargetRFC1035Quoted() for nicely quoted text.
-var debugWarnTxtField = false
-
-// GetTargetField returns the target. There may be other fields (for example
-// an MX record also has a .MxPreference field.
+// GetTargetField returns the target. There may be other fields, but they are
+// not included. For example, the .MxPreference field of an MX record isn't included.
 func (rc *RecordConfig) GetTargetField() string {
-	if debugWarnTxtField {
-		if rc.Type == "TXT" {
-			fmt.Printf("DEBUG: WARNING: GetTargetField called on TXT record is frequently wrong: %q\n", rc.target)
-			debug.PrintStack()
-		}
-	}
 	return rc.target
 }
 
@@ -41,8 +27,23 @@ func (rc *RecordConfig) GetTargetIP() net.IP {
 	return net.ParseIP(rc.target)
 }
 
+// GetTargetCombinedFunc returns all the rdata fields of a RecordConfig as one
+// string. How TXT records are encoded is defined by encodeFn.  If encodeFn is
+// nil the TXT data is returned unaltered.
+func (rc *RecordConfig) GetTargetCombinedFunc(encodeFn func(s string) string) string {
+	if rc.Type == "TXT" {
+		if encodeFn == nil {
+			return rc.target
+		}
+		return encodeFn(rc.target)
+	}
+	return rc.GetTargetCombined()
+}
+
 // GetTargetCombined returns a string with the various fields combined.
 // For example, an MX record might output `10 mx10.example.tld`.
+// WARNING: How TXT records are handled is buggy but we can't change it because
+// code depends on the bugs. Use Get GetTargetCombinedFunc() instead.
 func (rc *RecordConfig) GetTargetCombined() string {
 	// Pseudo records:
 	if _, ok := dns.StringToType[rc.Type]; !ok {
@@ -59,7 +60,10 @@ func (rc *RecordConfig) GetTargetCombined() string {
 		}
 	}
 
-	if rc.Type == "SOA" {
+	switch rc.Type {
+	case "TXT":
+		return rc.zoneFileQuoted()
+	case "SOA":
 		return fmt.Sprintf("%s %v %d %d %d %d %d", rc.target, rc.SoaMbox, rc.SoaSerial, rc.SoaRefresh, rc.SoaRetry, rc.SoaExpire, rc.SoaMinttl)
 	}
 
@@ -93,14 +97,13 @@ func (rc *RecordConfig) GetTargetRFC1035Quoted() string {
 	return rc.zoneFileQuoted()
 }
 
-// GetTargetSortable returns a string that is sortable.
-func (rc *RecordConfig) GetTargetSortable() string {
-	return rc.GetTargetDebug()
-}
-
 // GetTargetDebug returns a string with the various fields spelled out.
 func (rc *RecordConfig) GetTargetDebug() string {
-	content := fmt.Sprintf("%s %s %s %d", rc.Type, rc.NameFQDN, rc.target, rc.TTL)
+	target := rc.target
+	if rc.Type == "TXT" {
+		target = fmt.Sprintf("%q", target)
+	}
+	content := fmt.Sprintf("%s %s %s %d", rc.Type, rc.NameFQDN, target, rc.TTL)
 	switch rc.Type { // #rtype_variations
 	case "A", "AAAA", "AKAMAICDN", "CNAME", "DHCID", "NS", "PTR", "TXT":
 		// Nothing special.
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index 031b9a720f..f2b18b8b1e 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -1,6 +1,8 @@
 package diff
 
 import (
+	"fmt"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/fatih/color"
 )
@@ -29,12 +31,7 @@ type differ struct {
 
 // get normalized content for record. target, ttl, mxprio, and specified metadata
 func (d *differ) content(r *models.RecordConfig) string {
-	return r.ToDiffable()
-}
-
-// CorrectionLess returns true when comparing corrections.
-func CorrectionLess(c []*models.Correction, i, j int) bool {
-	return c[i].Msg < c[j].Msg
+	return fmt.Sprintf("%s ttl=%d", r.ToComparableNoTTL(), r.TTL)
 }
 
 func (c Correlation) String() string {
diff --git a/pkg/diff/diff2compat.go b/pkg/diff/diff2compat.go
index 78cb75a684..02ccae5dfb 100644
--- a/pkg/diff/diff2compat.go
+++ b/pkg/diff/diff2compat.go
@@ -61,6 +61,8 @@ func (d *differCompat) IncrementalDiff(existing []*models.RecordConfig) (reportM
 	return
 }
 
+// GenerateMessageCorrections turns a list of strings into a list of corrections
+// that output those messages (and are otherwise a no-op).
 func GenerateMessageCorrections(msgs []string) (corrections []*models.Correction) {
 	for _, msg := range msgs {
 		corrections = append(corrections, &models.Correction{Msg: msg})
diff --git a/pkg/diff2/handsoff_test.go b/pkg/diff2/handsoff_test.go
index 7f89fb82a3..4b28637397 100644
--- a/pkg/diff2/handsoff_test.go
+++ b/pkg/diff2/handsoff_test.go
@@ -18,7 +18,7 @@ func parseZoneContents(content string, zoneName string, zonefileName string) (mo
 
 	foundRecords := models.Records{}
 	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
-		rec, err := models.RRtoRC(rr, zoneName)
+		rec, err := models.RRtoRCTxtBug(rr, zoneName)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index ac817adc53..f52cea0a1d 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -543,11 +543,9 @@ var TXT = recordBuilder('TXT', {
         record.name = args.name;
         // Store the strings from the user verbatim.
         if (_.isString(args.target)) {
-            record.txtstrings = [args.target];
-            record.target = args.target; // Overwritten by the Go code
+            record.target = args.target;
         } else {
-            record.txtstrings = args.target;
-            record.target = args.target.join(''); // Overwritten by the Go code
+            record.target = args.target.join('');
         }
     },
 });
diff --git a/pkg/js/parse_tests/016-backslash.js b/pkg/js/parse_tests/016-backslash.js
deleted file mode 100644
index 4e88f7167c..0000000000
--- a/pkg/js/parse_tests/016-backslash.js
+++ /dev/null
@@ -1,13 +0,0 @@
-dmarc = [
-    "v=DMARC1\\;",
-    'p=reject\\;',
-    'sp=reject\\;',
-    'pct=100\\;',
-    'rua=mailto:xx...@yyyy.com\\;',
-    'ruf=mailto:xx...@yyyy.com\\;',
-    'fo=1'
-  ].join(' ');
-
-D("foo.com","none",
-    TXT('_dmarc', dmarc, TTL(300))
-);
diff --git a/pkg/js/parse_tests/016-backslash.json b/pkg/js/parse_tests/016-backslash.json
deleted file mode 100644
index 2b90a7ae30..0000000000
--- a/pkg/js/parse_tests/016-backslash.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-  "registrars": [],
-  "dns_providers": [],
-  "domains": [
-    {
-      "name": "foo.com",
-      "registrar": "none",
-      "dnsProviders": {},
-      "records": [
-        {
-          "type": "TXT",
-          "name": "_dmarc",
-          "target": "v=DMARC1\\; p=reject\\; sp=reject\\; pct=100\\; rua=mailto:xx...@yyyy.com\\; ruf=mailto:xx...@yyyy.com\\; fo=1",
-          "ttl": 300,
-          "txtstrings": [
-            "v=DMARC1\\; p=reject\\; sp=reject\\; pct=100\\; rua=mailto:xx...@yyyy.com\\; ruf=mailto:xx...@yyyy.com\\; fo=1"
-          ]
-        }
-      ]
-    }
-  ]
-}
diff --git a/pkg/js/parse_tests/016-backslash/foo.com.zone b/pkg/js/parse_tests/016-backslash/foo.com.zone
deleted file mode 100644
index 3271869c3e..0000000000
--- a/pkg/js/parse_tests/016-backslash/foo.com.zone
+++ /dev/null
@@ -1,2 +0,0 @@
-$TTL 300
-_dmarc           IN TXT   "v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:xx...@yyyy.com; ruf=mailto:xx...@yyyy.com; fo=1"
diff --git a/pkg/js/parse_tests/017-txt.json b/pkg/js/parse_tests/017-txt.json
index fd509360cb..1a14e45786 100644
--- a/pkg/js/parse_tests/017-txt.json
+++ b/pkg/js/parse_tests/017-txt.json
@@ -10,45 +10,27 @@
         {
           "type": "TXT",
           "name": "a",
-          "target": "simple",
-          "txtstrings": [
-            "simple"
-          ]
+          "target": "simple"
         },
         {
           "type": "TXT",
           "name": "b",
-          "target": "ws at end ",
-          "txtstrings": [
-            "ws at end "
-          ]
+          "target": "ws at end "
         },
         {
           "type": "TXT",
           "name": "c",
-          "target": "one",
-          "txtstrings": [
-            "one"
-          ]
+          "target": "one"
         },
         {
           "type": "TXT",
           "name": "d",
-          "target": "bonieclyde",
-          "txtstrings": [
-            "bonie",
-            "clyde"
-          ]
+          "target": "bonieclyde"
         },
         {
           "type": "TXT",
           "name": "e",
-          "target": "strawwoodbrick",
-          "txtstrings": [
-            "straw",
-            "wood",
-            "brick"
-          ]
+          "target": "strawwoodbrick"
         }
       ]
     }
diff --git a/pkg/js/parse_tests/017-txt/foo.com.zone b/pkg/js/parse_tests/017-txt/foo.com.zone
index 9fe37d9887..a31a9e3ce4 100644
--- a/pkg/js/parse_tests/017-txt/foo.com.zone
+++ b/pkg/js/parse_tests/017-txt/foo.com.zone
@@ -2,5 +2,5 @@ $TTL 300
 a                IN TXT   "simple"
 b                IN TXT   "ws at end "
 c                IN TXT   "one"
-d                IN TXT   "bonie" "clyde"
-e                IN TXT   "straw" "wood" "brick"
+d                IN TXT   "bonieclyde"
+e                IN TXT   "strawwoodbrick"
diff --git a/pkg/js/parse_tests/018-dkim.json b/pkg/js/parse_tests/018-dkim.json
index c7bd2aff82..3f7dd6a126 100644
--- a/pkg/js/parse_tests/018-dkim.json
+++ b/pkg/js/parse_tests/018-dkim.json
@@ -10,10 +10,7 @@
         {
           "type": "TXT",
           "name": "dkimtest2",
-          "target": "this string is 255 bytes long.hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKZogtjOlHoeY8iZ5o5brlPOsj/a2Q9Bopu1kHxlxrdw7tZVL9FzUMngiIYGrl8dbP7Rvk7TLMoxHxVkRZPBtIpsKIab/gOUoPLQVYbrAmzyguHYBwAApi3H/pvjUsK8+XF0dKY17AR96lokAPqvfBaUb+DSx8zNw2hrYWYVqvCtnxHUGEUhT1bTlEZBptH3jthis is the remainder. it is 156 bytes long.mOhl2JmbsFKy+RoMTwbkk0/meRvcEFWLHkr4MSgbnie6OpQvM4Y51+kO6DUVr3rwjrdVO9wpFt+n/hdQ92TNif17RMJtE5AGaQ6BN3yJQIDAQAB;",
-          "txtstrings": [
-            "this string is 255 bytes long.hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKZogtjOlHoeY8iZ5o5brlPOsj/a2Q9Bopu1kHxlxrdw7tZVL9FzUMngiIYGrl8dbP7Rvk7TLMoxHxVkRZPBtIpsKIab/gOUoPLQVYbrAmzyguHYBwAApi3H/pvjUsK8+XF0dKY17AR96lokAPqvfBaUb+DSx8zNw2hrYWYVqvCtnxHUGEUhT1bTlEZBptH3jthis is the remainder. it is 156 bytes long.mOhl2JmbsFKy+RoMTwbkk0/meRvcEFWLHkr4MSgbnie6OpQvM4Y51+kO6DUVr3rwjrdVO9wpFt+n/hdQ92TNif17RMJtE5AGaQ6BN3yJQIDAQAB;"
-          ]
+          "target": "this string is 255 bytes long.hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKZogtjOlHoeY8iZ5o5brlPOsj/a2Q9Bopu1kHxlxrdw7tZVL9FzUMngiIYGrl8dbP7Rvk7TLMoxHxVkRZPBtIpsKIab/gOUoPLQVYbrAmzyguHYBwAApi3H/pvjUsK8+XF0dKY17AR96lokAPqvfBaUb+DSx8zNw2hrYWYVqvCtnxHUGEUhT1bTlEZBptH3jthis is the remainder. it is 156 bytes long.mOhl2JmbsFKy+RoMTwbkk0/meRvcEFWLHkr4MSgbnie6OpQvM4Y51+kO6DUVr3rwjrdVO9wpFt+n/hdQ92TNif17RMJtE5AGaQ6BN3yJQIDAQAB;"
         }
       ]
     }
diff --git a/pkg/js/parse_tests/018-dkim/foo.com.zone b/pkg/js/parse_tests/018-dkim/foo.com.zone
index fb1f901012..f8df5c84f5 100644
--- a/pkg/js/parse_tests/018-dkim/foo.com.zone
+++ b/pkg/js/parse_tests/018-dkim/foo.com.zone
@@ -1,2 +1,2 @@
 $TTL 300
-dkimtest2        IN TXT   "this string is 255 bytes long.hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKZogtjOlHoeY8iZ5o5brlPOsj/a2Q9Bopu1kHxlxrdw7tZVL9FzUMngiIYGrl8dbP7Rvk7TLMoxHxVkRZPBtIpsKIab/gOUoPLQVYbrAmzyguHYBwAApi3H/pvjUsK8+XF0dKY17AR96lokAPqvfBaUb+DSx8zNw2hrYWYVqvCtnxHUGEUhT1bTlEZBptH3jthis is the remainder. it is 156 bytes long.mOhl2JmbsFKy+RoMTwbkk0/meRvcEFWLHkr4MSgbnie6OpQvM4Y51+kO6DUVr3rwjrdVO9wpFt+n/hdQ92TNif17RMJtE5AGaQ6BN3yJQIDAQAB;"
+dkimtest2        IN TXT   "this string is 255 bytes long.hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKZogtjOlHoeY8iZ5o5brlPOsj/a2Q9Bopu1kHxlxrdw7tZVL9FzUMngiIYGrl8dbP7Rvk7TLMoxHxVkRZPBtIpsKIab/gOUoPLQVYbrAmzyguHYBwAApi3H/pvjUsK8+XF0dKY17AR96lokAPqvfBaUb+DSx8zNw2hrYWYVqvCtnxHUGEUhT1bTlEZBptH3j" "this is the remainder. it is 156 bytes long.mOhl2JmbsFKy+RoMTwbkk0/meRvcEFWLHkr4MSgbnie6OpQvM4Y51+kO6DUVr3rwjrdVO9wpFt+n/hdQ92TNif17RMJtE5AGaQ6BN3yJQIDAQAB;"
diff --git a/pkg/normalize/flatten.go b/pkg/normalize/flatten.go
index eef90aacb5..48d848e215 100644
--- a/pkg/normalize/flatten.go
+++ b/pkg/normalize/flatten.go
@@ -32,7 +32,7 @@ func flattenSPFs(cfg *models.DNSConfig) []error {
 		// flatten all spf records that have the "flatten" metadata
 		for _, txt := range txtRecords {
 			var rec *spflib.SPFRecord
-			txtTarget := strings.Join(txt.TxtStrings, "")
+			txtTarget := txt.GetTargetTXTJoined()
 			if txt.Metadata["flatten"] != "" || txt.Metadata["split"] != "" {
 				if cache == nil {
 					cache, err = spflib.NewCache("spfcache.json")
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 243b8efc3a..057fe6f659 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -569,7 +569,7 @@ func checkCNAMEs(dc *models.DomainConfig) (errs []error) {
 func checkDuplicates(records []*models.RecordConfig) (errs []error) {
 	seen := map[string]*models.RecordConfig{}
 	for _, r := range records {
-		diffable := fmt.Sprintf("%s %s %s", r.GetLabelFQDN(), r.Type, r.ToDiffable())
+		diffable := fmt.Sprintf("%s %s %s", r.GetLabelFQDN(), r.Type, r.ToComparableNoTTL())
 		if seen[diffable] != nil {
 			errs = append(errs, fmt.Errorf("exact duplicate record found: %s", diffable))
 		}
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index 5a6d3dc7f3..dd6a51a0e8 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -314,13 +314,11 @@ func TestCheckDuplicates(t *testing.T) {
 		// The only difference is the rType:
 		makeRC("aaa", "example.com", "uniquestring.com.", models.RecordConfig{Type: "NS"}),
 		makeRC("aaa", "example.com", "uniquestring.com.", models.RecordConfig{Type: "PTR"}),
-		// The only difference is the TTL.
-		makeRC("zzz", "example.com", "4.4.4.4", models.RecordConfig{Type: "A", TTL: 111}),
-		makeRC("zzz", "example.com", "4.4.4.4", models.RecordConfig{Type: "A", TTL: 222}),
 		// Three records each with a different target.
 		makeRC("@", "example.com", "ns1.foo.com.", models.RecordConfig{Type: "NS"}),
 		makeRC("@", "example.com", "ns2.foo.com.", models.RecordConfig{Type: "NS"}),
 		makeRC("@", "example.com", "ns3.foo.com.", models.RecordConfig{Type: "NS"}),
+		// NOTE: The comparison ignores ttl. Therefore we don't test that.
 	}
 	errs := checkDuplicates(records)
 	if len(errs) != 0 {
diff --git a/pkg/prettyzone/prettyzone.go b/pkg/prettyzone/prettyzone.go
index ae8a485b4c..481fb8ae79 100644
--- a/pkg/prettyzone/prettyzone.go
+++ b/pkg/prettyzone/prettyzone.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/miekg/dns"
 )
 
@@ -138,7 +139,7 @@ func (z *ZoneGenData) generateZoneFileHelper(w io.Writer) error {
 		typeStr := rr.Type
 
 		// the remaining line
-		target := rr.GetTargetCombined()
+		target := rr.GetTargetCombinedFunc(txtutil.EncodeQuoted)
 
 		// comment
 		comment := ""
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 38070d9e34..ee24e551d0 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"log"
 	"math/rand"
+	"strings"
 	"testing"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
@@ -247,6 +248,46 @@ var testdataZFCAA = `$TTL 300
                  IN CAA   0 issuewild ";"
 `
 
+// r is shorthand for strings.Repeat()
+func r(s string, c int) string { return strings.Repeat(s, c) }
+
+func TestWriteZoneFileTxt(t *testing.T) {
+	// Do round-trip tests on various length TXT records.
+	t10 := `t10              IN TXT   "ten4567890"`
+	t254 := `t254             IN TXT   "` + r("a", 254) + `"`
+	t255 := `t255             IN TXT   "` + r("b", 255) + `"`
+	t256 := `t256             IN TXT   "` + r("c", 255) + `" "` + r("D", 1) + `"`
+	t509 := `t509             IN TXT   "` + r("e", 255) + `" "` + r("F", 254) + `"`
+	t510 := `t510             IN TXT   "` + r("g", 255) + `" "` + r("H", 255) + `"`
+	t511 := `t511             IN TXT   "` + r("i", 255) + `" "` + r("J", 255) + `" "` + r("k", 1) + `"`
+	t512 := `t511             IN TXT   "` + r("L", 255) + `" "` + r("M", 255) + `" "` + r("n", 2) + `"`
+	t513 := `t511             IN TXT   "` + r("o", 255) + `" "` + r("P", 255) + `" "` + r("q", 3) + `"`
+	for i, d := range []string{t10, t254, t255, t256, t509, t510, t511, t512, t513} {
+		// Make the rr:
+		rr, err := dns.NewRR(d)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// Make the expected zonefile:
+		ez := "$TTL 3600\n" + d + "\n"
+
+		// Generate the zonefile:
+		buf := &bytes.Buffer{}
+		WriteZoneFileRR(buf, []dns.RR{rr}, "bosun.org")
+		gz := buf.String()
+		if gz != ez {
+			t.Log("got: " + gz)
+			t.Log("wnt: " + ez)
+			t.Fatalf("Zone file %d does not match.", i)
+		}
+
+		// Reverse the process. Turn the zonefile into a list of records
+		parseAndRegen(t, buf, ez)
+	}
+
+}
+
 // Test 1 of each record type
 
 func mustNewRR(s string) dns.RR {
diff --git a/pkg/rejectif/txt.go b/pkg/rejectif/txt.go
index b1d63c0ba2..f9b8427e94 100644
--- a/pkg/rejectif/txt.go
+++ b/pkg/rejectif/txt.go
@@ -11,104 +11,65 @@ import (
 
 // TxtHasBackslash audits TXT records for strings that contains one or more backslashes.
 func TxtHasBackslash(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if strings.Contains(txt, `\`) {
-			return fmt.Errorf("txtstring contains backslash")
-		}
+	if strings.Contains(rc.GetTargetTXTJoined(), `\`) {
+		return fmt.Errorf("txtstring contains backslashes")
 	}
 	return nil
 }
 
 // TxtHasBackticks audits TXT records for strings that contain backticks.
 func TxtHasBackticks(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if strings.Contains(txt, "`") {
-			return fmt.Errorf("txtstring contains backtick")
-		}
-	}
-	return nil
-}
-
-// TxtHasSingleQuotes audits TXT records for strings that contain single-quotes.
-func TxtHasSingleQuotes(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if strings.Contains(txt, "'") {
-			return fmt.Errorf("txtstring contains single-quotes")
-		}
+	if strings.Contains(rc.GetTargetTXTJoined(), "`") {
+		return fmt.Errorf("txtstring contains backtick")
 	}
 	return nil
 }
 
 // TxtHasDoubleQuotes audits TXT records for strings that contain doublequotes.
 func TxtHasDoubleQuotes(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if strings.Contains(txt, `"`) {
-			return fmt.Errorf("txtstring contains doublequotes")
-		}
+	if strings.Contains(rc.GetTargetTXTJoined(), `"`) {
+		return fmt.Errorf("txtstring contains doublequotes")
 	}
 	return nil
 }
 
-// TxtIsExactlyLen255 audits TXT records for strings exactly 255 octets long.
-// This is rare; you probably want to use TxtNoStringsLen256orLonger() instead.
-func TxtIsExactlyLen255(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if len(txt) == 255 {
-			return fmt.Errorf("txtstring length is 255")
-		}
-	}
-	return nil
-}
-
-// TxtHasSegmentLen256orLonger audits TXT records for strings that are >255 octets.
-func TxtHasSegmentLen256orLonger(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if len(txt) > 255 {
-			return fmt.Errorf("%q txtstring length > 255", rc.GetLabel())
-		}
+// TxtHasSingleQuotes audits TXT records for strings that contain single-quotes.
+func TxtHasSingleQuotes(rc *models.RecordConfig) error {
+	if strings.Contains(rc.GetTargetTXTJoined(), "'") {
+		return fmt.Errorf("txtstring contains single-quotes")
 	}
 	return nil
 }
 
-// TxtHasMultipleSegments audits TXT records for multiple strings
-func TxtHasMultipleSegments(rc *models.RecordConfig) error {
-	if len(rc.TxtStrings) > 1 {
-		return fmt.Errorf("multiple strings in one txt")
+// TxtHasTrailingSpace audits TXT records for strings that end with space.
+func TxtHasTrailingSpace(rc *models.RecordConfig) error {
+	txt := rc.GetTargetTXTJoined()
+	if txt != "" && txt[ultimate(txt)] == ' ' {
+		return fmt.Errorf("txtstring ends with space")
 	}
 	return nil
 }
 
-// TxtHasTrailingSpace audits TXT records for strings that end with space.
-func TxtHasTrailingSpace(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if txt != "" && txt[ultimate(txt)] == ' ' {
-			return fmt.Errorf("txtstring ends with space")
-		}
+// TxtHasUnpairedDoubleQuotes audits TXT records for strings that contain unpaired doublequotes.
+func TxtHasUnpairedDoubleQuotes(rc *models.RecordConfig) error {
+	if strings.Count(rc.GetTargetTXTJoined(), `"`)%2 == 1 {
+		return fmt.Errorf("txtstring contains unpaired doublequotes")
 	}
 	return nil
 }
 
 // TxtIsEmpty audits TXT records for empty strings.
 func TxtIsEmpty(rc *models.RecordConfig) error {
-	// There must be strings.
-	if len(rc.TxtStrings) == 0 {
-		return fmt.Errorf("txt with no strings")
-	}
-	// Each string must be non-empty.
-	for _, txt := range rc.TxtStrings {
-		if len(txt) == 0 {
-			return fmt.Errorf("txtstring is empty")
-		}
+	if len(rc.GetTargetTXTJoined()) == 0 {
+		return fmt.Errorf("txtstring is empty")
 	}
 	return nil
 }
 
-// TxtHasUnpairedDoubleQuotes audits TXT records for strings that contain unpaired doublequotes.
-func TxtHasUnpairedDoubleQuotes(rc *models.RecordConfig) error {
-	for _, txt := range rc.TxtStrings {
-		if strings.Count(txt, `"`)%2 == 1 {
-			return fmt.Errorf("txtstring contains unpaired doublequotes")
-		}
+// TxtLongerThan255 audits TXT records for multiple strings
+func TxtLongerThan255(rc *models.RecordConfig) error {
+	if len(rc.GetTargetTXTJoined()) > 255 {
+		return fmt.Errorf("TXT records longer than 255 octets (chars)")
 	}
 	return nil
 }
diff --git a/pkg/txtutil/txtcode.go b/pkg/txtutil/txtcode.go
new file mode 100644
index 0000000000..6a50bdb605
--- /dev/null
+++ b/pkg/txtutil/txtcode.go
@@ -0,0 +1,155 @@
+//go:generate stringer -type=State
+
+package txtutil
+
+import (
+	"bytes"
+	"fmt"
+	"strings"
+)
+
+// ParseQuoted parses a string of RFC1035-style quoted items. The resulting
+// items are then joined into one string. This is useful for parsing TXT
+// records.
+// Examples:
+// `foo` => foo
+// `"foo"` => foo
+// `"f\"oo"` => f"oo
+// `"f\\oo"` => f\oo
+// `"foo" "bar"` => foobar
+// `"foo" bar` => foobar
+func ParseQuoted(s string) (string, error) {
+	return txtDecode(s)
+}
+
+// EncodeQuoted encodes a string into a series of quoted 255-octet chunks. That
+// is, when decoded each chunk would be 255-octets with the remainder in the
+// last chunk.
+//
+// The output looks like:
+//
+//	`""`                                      empty
+//	`"255\"octets"`                           quotes are escaped
+//	`"255\\octets"`                           backslashes are escaped
+//	`"255octets" "255octets" "remainder"`     long strings are chunked
+func EncodeQuoted(t string) string {
+	return txtEncode(ToChunks(t))
+}
+
+type State int
+
+const (
+	StateStart     State = iota // Looking for a non-space
+	StateUnquoted               // A run of unquoted text
+	StateQuoted                 // Quoted text
+	StateBackslash              // last char was backlash in a quoted string
+	StateWantSpace              // expect space after closing quote
+)
+
+func isRemaining(s string, i, r int) bool {
+	return (len(s) - 1 - i) > r
+}
+
+// txtDecode decodes TXT strings quoted/escaped as Tom interprets RFC10225.
+func txtDecode(s string) (string, error) {
+	// Parse according to RFC1035 zonefile specifications.
+	// "foo"  -> one string: `foo``
+	// "foo" "bar"  -> two strings: `foo` and `bar`
+	// quotes and backslashes are escaped using \
+
+	/*
+
+		BNF:
+			txttarget := `""`` | item | item ` ` item*
+			item := quoteditem | unquoteditem
+			quoteditem := quote innertxt quote
+			quote := `"`
+			innertxt := (escaped | printable )*
+			escaped := `\\` | `\"`
+			printable := (printable ASCII chars)
+			unquoteditem := (printable ASCII chars but not `"` nor ' ')
+
+	*/
+
+	//printer.Printf("DEBUG: txtDecode txt inboundv=%v\n", s)
+
+	b := &bytes.Buffer{}
+	state := StateStart
+	for i, c := range s {
+
+		//printer.Printf("DEBUG: state=%v rune=%v\n", state, string(c))
+
+		switch state {
+
+		case StateStart:
+			if c == ' ' {
+				// skip whitespace
+			} else if c == '"' {
+				state = StateQuoted
+			} else {
+				state = StateUnquoted
+				b.WriteRune(c)
+			}
+
+		case StateUnquoted:
+
+			if c == ' ' {
+				state = StateStart
+			} else {
+				b.WriteRune(c)
+			}
+
+		case StateQuoted:
+
+			if c == '\\' {
+				if isRemaining(s, i, 1) {
+					state = StateBackslash
+				} else {
+					return "", fmt.Errorf("txtDecode quoted string ends with backslash q(%q)", s)
+				}
+			} else if c == '"' {
+				state = StateWantSpace
+			} else {
+				b.WriteRune(c)
+			}
+
+		case StateBackslash:
+			b.WriteRune(c)
+			state = StateQuoted
+
+		case StateWantSpace:
+			if c == ' ' {
+				state = StateStart
+			} else {
+				return "", fmt.Errorf("txtDecode expected whitespace after close quote q(%q)", s)
+			}
+
+		}
+	}
+
+	r := b.String()
+	//printer.Printf("DEBUG: txtDecode txt decodedv=%v\n", r)
+	return r, nil
+}
+
+// txtEncode encodes TXT strings in RFC1035 format as interpreted by Tom.
+func txtEncode(ts []string) string {
+	//printer.Printf("DEBUG: txtEncode txt outboundv=%v\n", ts)
+	if (len(ts) == 0) || (strings.Join(ts, "") == "") {
+		return `""`
+	}
+
+	var r []string
+
+	for i := range ts {
+		tx := ts[i]
+		tx = strings.ReplaceAll(tx, `\`, `\\`)
+		tx = strings.ReplaceAll(tx, `"`, `\"`)
+		tx = `"` + tx + `"`
+		r = append(r, tx)
+	}
+	t := strings.Join(r, ` `)
+
+	//printer.Printf("DEBUG: txtEncode txt  encodedv=%v\n", t)
+	return t
+}
diff --git a/pkg/txtutil/txtcode_test.go b/pkg/txtutil/txtcode_test.go
new file mode 100644
index 0000000000..d8375ba40d
--- /dev/null
+++ b/pkg/txtutil/txtcode_test.go
@@ -0,0 +1,97 @@
+package txtutil
+
+import (
+	"strings"
+	"testing"
+)
+
+func r(s string, c int) string { return strings.Repeat(s, c) }
+
+func TestTxtDecode(t *testing.T) {
+	tests := []struct {
+		data     string
+		expected []string
+	}{
+		{``, []string{``}},
+		{`""`, []string{``}},
+		{`foo`, []string{`foo`}},
+		{`"foo"`, []string{`foo`}},
+		{`"foo bar"`, []string{`foo bar`}},
+		{`foo bar`, []string{`foo`, `bar`}},
+		{`"aaa" "bbb"`, []string{`aaa`, `bbb`}},
+		{`"a\"a" "bbb"`, []string{`a"a`, `bbb`}},
+		// Seen in live traffic:
+		{"\"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\"",
+			[]string{r("B", 254)}},
+		{"\"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\"",
+			[]string{r("C", 255)}},
+		{"\"DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD\" \"D\"",
+			[]string{r("D", 255), "D"}},
+		{"\"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\" \"EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE\"",
+			[]string{r("E", 255), r("E", 255)}},
+		{"\"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\" \"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF\" \"F\"",
+			[]string{r("F", 255), r("F", 255), "F"}},
+		{"\"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\" \"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\" \"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\"",
+			[]string{r("G", 255), r("G", 255), r("G", 255)}},
+		{"\"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\" \"H\"",
+			[]string{r("H", 255), r("H", 255), r("H", 255), "H"}},
+		{"\"quo'te\"", []string{`quo'te`}},
+		{"\"blah`blah\"", []string{"blah`blah"}},
+		{"\"quo\\\"te\"", []string{`quo"te`}},
+		{"\"q\\\"uo\\\"te\"", []string{`q"uo"te`}},
+		/// Backslashes are meaningless in unquoted strings. Unquoted strings run until they hit a space.
+		{`1backs\lash`, []string{`1backs\lash`}},
+		{`2backs\\lash`, []string{`2backs\\lash`}},
+		{`3backs\\\lash`, []string{`3backs\\\lash`}},
+		{`4backs\\\\lash`, []string{`4backs\\\\lash`}},
+		/// Inside quotes, a backlash means take the next byte literally.
+		{`"q1backs\lash"`, []string{`q1backslash`}},
+		{`"q2backs\\lash"`, []string{`q2backs\lash`}},
+		{`"q3backs\\\lash"`, []string{`q3backs\lash`}},
+		{`"q4backs\\\\lash"`, []string{`q4backs\\lash`}},
+		// HETZNER includes a space after the last quote. Make sure we handle that.
+		{`"one" "more" `, []string{`one`, `more`}},
+	}
+	for i, test := range tests {
+		got, err := txtDecode(test.data)
+		if err != nil {
+			t.Error(err)
+		}
+
+		want := strings.Join(test.expected, "")
+		if got != want {
+			t.Errorf("%v: expected TxtStrings=(%q) got (%q)", i, want, got)
+		}
+	}
+}
+
+func TestTxtEncode(t *testing.T) {
+	tests := []struct {
+		data     []string
+		expected string
+	}{
+		{[]string{}, `""`},
+		{[]string{``}, `""`},
+		{[]string{`foo`}, `"foo"`},
+		{[]string{`aaa`, `bbb`}, `"aaa" "bbb"`},
+		{[]string{`ccc`, `ddd`, `eee`}, `"ccc" "ddd" "eee"`},
+		{[]string{`a"a`, `bbb`}, `"a\"a" "bbb"`},
+		{[]string{`quo'te`}, "\"quo'te\""},
+		{[]string{"blah`blah"}, "\"blah`blah\""},
+		{[]string{`quo"te`}, "\"quo\\\"te\""},
+		{[]string{`quo"te`}, `"quo\"te"`},
+		{[]string{`q"uo"te`}, "\"q\\\"uo\\\"te\""},
+		{[]string{`1backs\lash`}, `"1backs\\lash"`},
+		{[]string{`2backs\\lash`}, `"2backs\\\\lash"`},
+		{[]string{`3backs\\\lash`}, `"3backs\\\\\\lash"`},
+		{[]string{strings.Repeat("M", 26), `quo"te`}, `"MMMMMMMMMMMMMMMMMMMMMMMMMM" "quo\"te"`},
+	}
+	for i, test := range tests {
+		got := txtEncode(test.data)
+
+		want := test.expected
+		if got != want {
+			t.Errorf("%v: expected TxtStrings=v(%v) got (%v)", i, want, got)
+		}
+	}
+}
diff --git a/pkg/txtutil/txtcombined.go b/pkg/txtutil/txtcombined.go
new file mode 100644
index 0000000000..8fa415a169
--- /dev/null
+++ b/pkg/txtutil/txtcombined.go
@@ -0,0 +1,53 @@
+//go:generate stringer -type=State
+
+package txtutil
+
+// func ParseCombined(s string) (string, error) {
+// 	return txtDecodeCombined(s)
+// }
+
+// // // txtDecode decodes TXT strings received from ROUTE53 and GCLOUD.
+// func txtDecodeCombined(s string) (string, error) {
+
+// 	// The dns package doesn't expose the quote parser. Therefore we create a TXT record and extract the strings.
+// 	rr, err := dns.NewRR("example.com. IN TXT " + s)
+// 	if err != nil {
+// 		return "", fmt.Errorf("could not parse %q TXT: %w", s, err)
+// 	}
+
+// 	return strings.Join(rr.(*dns.TXT).Txt, ""), nil
+// }
+
+// func EncodeCombined(t string) string {
+// 	return txtEncodeCombined(ToChunks(t))
+// }
+
+// // txtEncode encodes TXT strings as the old GetTargetCombined() function did.
+// func txtEncodeCombined(ts []string) string {
+// 	//printer.Printf("DEBUG: route53 txt outboundv=%v\n", ts)
+
+// 	// Don't call this on fake types.
+// 	rdtype := dns.StringToType["TXT"]
+
+// 	// Magically create an RR of the correct type.
+// 	rr := dns.TypeToRR[rdtype]()
+
+// 	// Fill in the header.
+// 	rr.Header().Name = "example.com."
+// 	rr.Header().Rrtype = rdtype
+// 	rr.Header().Class = dns.ClassINET
+// 	rr.Header().Ttl = 300
+
+// 	// Fill in the TXT data.
+// 	rr.(*dns.TXT).Txt = ts
+
+// 	// Generate the quoted string:
+// 	header := rr.Header().String()
+// 	full := rr.String()
+// 	if !strings.HasPrefix(full, header) {
+// 		panic("assertion failed. dns.Hdr.String() behavior has changed in an incompatible way")
+// 	}
+
+// 	//printer.Printf("DEBUG: route53 txt  encodedv=%v\n", t)
+// 	return full[len(header):]
+// }
diff --git a/pkg/txtutil/txtutil.go b/pkg/txtutil/txtutil.go
index a37948c741..55045b8c29 100644
--- a/pkg/txtutil/txtutil.go
+++ b/pkg/txtutil/txtutil.go
@@ -1,20 +1,13 @@
 package txtutil
 
-import "github.com/StackExchange/dnscontrol/v4/models"
+// SplitSingleLongTxt does nothing.
+// Deprecated: This is a no-op for backwards compatibility.
+func SplitSingleLongTxt(records any) {
+}
 
-// SplitSingleLongTxt finds TXT records with a single long string and splits it
-// into 255-octet chunks. This is used by providers that, when a user specifies
-// one long TXT string, split it into smaller strings behind the scenes.
-// This should be called from GetZoneRecordsCorrections().
-func SplitSingleLongTxt(records []*models.RecordConfig) {
-	for _, rc := range records {
-		if rc.HasFormatIdenticalToTXT() {
-			s := rc.TxtStrings[0]
-			if len(rc.TxtStrings) == 1 && len(s) > 255 {
-				rc.SetTargetTXTs(splitChunks(s, 255))
-			}
-		}
-	}
+// ToChunks returns the string as chunks of 255-octet strings (the last string being the remainder).
+func ToChunks(s string) []string {
+	return splitChunks(s, 255)
 }
 
 // Segment returns the string as 255-octet segments, the last being the remainder.
diff --git a/providers/azuredns/auditrecords.go b/providers/azuredns/auditrecords.go
index 13d73026d4..6c46e4357b 100644
--- a/providers/azuredns/auditrecords.go
+++ b/providers/azuredns/auditrecords.go
@@ -13,5 +13,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("MX", rejectif.MxNull) // Last verified 2020-12-28
 
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-11-11
+
 	return a.Audit(records)
 }
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 91fbff0629..16a502553a 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -195,7 +195,7 @@ func ParseZoneContents(content string, zoneName string, zonefileName string) (mo
 
 	foundRecords := models.Records{}
 	for rr, ok := zp.Next(); ok; rr, ok = zp.Next() {
-		rec, err := models.RRtoRC(rr, zoneName)
+		rec, err := models.RRtoRCTxtBug(rr, zoneName)
 		if err != nil {
 			return nil, err
 		}
diff --git a/providers/cloudflare/auditrecords.go b/providers/cloudflare/auditrecords.go
index 71a66a06ed..66cf53d9d0 100644
--- a/providers/cloudflare/auditrecords.go
+++ b/providers/cloudflare/auditrecords.go
@@ -11,8 +11,6 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments) // Last verified 2022-06-18
-
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2022-06-18
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2022-06-18
diff --git a/providers/cloudns/auditrecords.go b/providers/cloudns/auditrecords.go
index 20d7b1d1d9..3c285db8e1 100644
--- a/providers/cloudns/auditrecords.go
+++ b/providers/cloudns/auditrecords.go
@@ -19,8 +19,6 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2021-03-01
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments) // Last verified 2021-03-01
-
 	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2023-03-30
 
 	return a.Audit(records)
diff --git a/providers/cscglobal/api.go b/providers/cscglobal/api.go
index dd8224013b..6ae57f5c61 100644
--- a/providers/cscglobal/api.go
+++ b/providers/cscglobal/api.go
@@ -478,7 +478,7 @@ func (client *providerClient) clearRequests(domain string) error {
 	if cscDebug {
 		printer.Printf("DEBUG: Clearing requests for %q\n", domain)
 	}
-	var bodyString, err = client.get("/zones/edits?filter=zoneName==" + domain)
+	var bodyString, err = client.get(`/zones/edits?size=99999&filter=zoneName==` + domain)
 	if err != nil {
 		return err
 	}
@@ -486,10 +486,12 @@ func (client *providerClient) clearRequests(domain string) error {
 	var dr pagedZoneEditResponsePagedZoneEditResponse
 	json.Unmarshal(bodyString, &dr)
 
-	// TODO(tlim): Properly handle paganation.
-	if dr.Meta.Pages > 1 {
-		return fmt.Errorf("cancelPendingEdits failed: Pages=%d", dr.Meta.Pages)
-	}
+	// TODO(tlim): Ignore what's beyond the first page.
+	// It is unlikely that there are active jobs beyond the first page.
+	// If there are, the next edit will just wait.
+	//if dr.Meta.Pages > 1 {
+	//	return fmt.Errorf("cancelPendingEdits failed: Pages=%d", dr.Meta.Pages)
+	//}
 
 	for i, ze := range dr.ZoneEdits {
 		if cscDebug {
diff --git a/providers/cscglobal/auditrecords.go b/providers/cscglobal/auditrecords.go
index 1ee9faf8c6..87ad6f3380 100644
--- a/providers/cscglobal/auditrecords.go
+++ b/providers/cscglobal/auditrecords.go
@@ -17,11 +17,11 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2022-08-08
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments) // Last verified 2022-06-10
-
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2022-06-10
 
-	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2022-06-10
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-12-03
+
+	//a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2022-06-10
 
 	return a.Audit(records)
 }
diff --git a/providers/cscglobal/convert.go b/providers/cscglobal/convert.go
index 4ffab7c17e..6050cd8ec2 100644
--- a/providers/cscglobal/convert.go
+++ b/providers/cscglobal/convert.go
@@ -6,6 +6,7 @@ import (
 	"net"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 )
 
 // nativeToRecordA takes an A record from DNS and returns a native RecordConfig struct.
@@ -64,6 +65,7 @@ func nativeToRecordTXT(nr nativeRecordTXT, origin string, defaultTTL uint32) *mo
 		TTL:  ttl,
 	}
 	rc.SetLabel(nr.Key, origin)
+	printer.Printf("DEBUG: inbound raw s=%s\n", nr.Value)
 	rc.SetTargetTXT(nr.Value)
 	return rc
 }
diff --git a/providers/cscglobal/dns.go b/providers/cscglobal/dns.go
index e78432a3bb..a9724f66d6 100644
--- a/providers/cscglobal/dns.go
+++ b/providers/cscglobal/dns.go
@@ -76,7 +76,6 @@ func (client *providerClient) GetNameservers(domain string) ([]*models.Nameserve
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
-	//txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 
 	toReport, creates, dels, modifications, err := diff.NewCompat(dc).IncrementalDiff(foundRecords)
 	if err != nil {
diff --git a/providers/digitalocean/auditrecords.go b/providers/digitalocean/auditrecords.go
index 95382cc924..a6e9eff829 100644
--- a/providers/digitalocean/auditrecords.go
+++ b/providers/digitalocean/auditrecords.go
@@ -19,10 +19,14 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", MaxLengthDO) // Last verified 2021-03-01
 
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-11-11
+
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2021-03-01
 	// Double-quotes not permitted in TXT strings. I have a hunch that
 	// this is due to a broken parser on the DO side.
 
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-11-11
+
 	return a.Audit(records)
 }
 
diff --git a/providers/dnsimple/auditrecords.go b/providers/dnsimple/auditrecords.go
index 0354a63eb1..3e8df5b634 100644
--- a/providers/dnsimple/auditrecords.go
+++ b/providers/dnsimple/auditrecords.go
@@ -13,7 +13,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("MX", rejectif.MxNull) // Last verified 2023-03
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments) // Last verified 2023-03
+	a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2023-03
 
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-03
 
diff --git a/providers/gandiv5/convert.go b/providers/gandiv5/convert.go
index 229ac0c3f1..46e3259325 100644
--- a/providers/gandiv5/convert.go
+++ b/providers/gandiv5/convert.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/go-gandi/go-gandi/livedns"
 )
 
@@ -29,10 +30,8 @@ func nativeToRecords(n livedns.DomainRecord, origin string) (rcs []*models.Recor
 		case "ALIAS":
 			rc.Type = "ALIAS"
 			err = rc.SetTarget(value)
-		case "TXT":
-			err = rc.SetTargetTXTfromRFC1035Quoted(value)
 		default:
-			err = rc.PopulateFromString(rtype, value, origin)
+			err = rc.PopulateFromStringFunc(rtype, value, origin, txtutil.ParseQuoted)
 		}
 		if err != nil {
 			return nil, fmt.Errorf("unparsable record received from gandi: %w", err)
@@ -65,11 +64,11 @@ func recordsToNative(rcs []*models.RecordConfig, origin string) []livedns.Domain
 				RrsetType:   r.Type,
 				RrsetTTL:    int(r.TTL),
 				RrsetName:   label,
-				RrsetValues: []string{r.GetTargetCombined()},
+				RrsetValues: []string{r.GetTargetCombinedFunc(txtutil.EncodeQuoted)},
 			}
 			keys[key] = &zr
 		} else {
-			zr.RrsetValues = append(zr.RrsetValues, r.GetTargetCombined())
+			zr.RrsetValues = append(zr.RrsetValues, r.GetTargetCombinedFunc(txtutil.EncodeQuoted))
 
 			if r.TTL != uint32(zr.RrsetTTL) {
 				printer.Warnf("All TTLs for a rrset (%v) must be the same. Using smaller of %v and %v.\n", key, r.TTL, zr.RrsetTTL)
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index d6fb5409fa..0aedb7aed3 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -176,9 +176,6 @@ func PrepDesiredRecords(dc *models.DomainConfig) {
 			printer.Warnf("Gandi does not support ttls > 30 days. Setting %s from %d to 2592000\n", rec.GetLabelFQDN(), rec.TTL)
 			rec.TTL = 2592000
 		}
-		if rec.Type == "TXT" {
-			rec.SetTarget("\"" + rec.GetTargetField() + "\"") // FIXME(tlim): Should do proper quoting.
-		}
 		if rec.Type == "NS" && rec.GetLabel() == "@" {
 			if !strings.HasSuffix(rec.GetTargetField(), ".gandi.net.") {
 				printer.Warnf("Gandi does not support changing apex NS records. Ignoring %s\n", rec.GetTargetField())
@@ -293,7 +290,7 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 func debugRecords(note string, recs []*models.RecordConfig) {
 	printer.Debugf(note)
 	for k, v := range recs {
-		printer.Printf("   %v: %v %v %v %v\n", k, v.GetLabel(), v.Type, v.TTL, v.GetTargetCombined())
+		printer.Printf("   %v: %v %v %v %v\n", k, v.GetLabel(), v.Type, v.TTL, v.GetTargetDebug())
 	}
 }
 
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index d0c9e47dfa..6652c2691c 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -306,7 +306,7 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		}
 		for _, r := range dc.Records {
 			if keyForRec(r) == ck {
-				newRRs.Rrdatas = append(newRRs.Rrdatas, r.GetTargetCombined())
+				newRRs.Rrdatas = append(newRRs.Rrdatas, r.GetTargetCombinedFunc(txtutil.EncodeQuoted))
 				newRRs.Ttl = int64(r.TTL)
 			}
 		}
@@ -403,13 +403,7 @@ func nativeToRecord(set *gdns.ResourceRecordSet, rec, origin string) (*models.Re
 	r.SetLabelFromFQDN(set.Name, origin)
 	r.TTL = uint32(set.Ttl)
 	rtype := set.Type
-	var err error
-	switch rtype {
-	case "TXT":
-		err = r.SetTargetTXTs(models.ParseQuotedTxt(rec))
-	default:
-		err = r.PopulateFromString(rtype, rec, origin)
-	}
+	err := r.PopulateFromStringFunc(rtype, rec, origin, txtutil.ParseQuoted)
 	if err != nil {
 		return nil, fmt.Errorf("unparsable record %q received from GCLOUD: %w", rtype, err)
 	}
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index 0ee6d14855..d7d70fd97c 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -325,10 +325,8 @@ func (c *hednsProvider) GetZoneRecords(domain string, meta map[string]string) (m
 			// Convert to TXT record as SPF is deprecated
 			rc.Type = "TXT"
 			fallthrough
-		case "TXT":
-			err = rc.SetTargetTXTs(models.ParseQuotedTxt(data))
 		default:
-			err = rc.PopulateFromString(rc.Type, data, domain)
+			err = rc.PopulateFromStringFunc(rc.Type, data, domain, txtutil.ParseQuoted)
 		}
 
 		if err != nil {
@@ -563,7 +561,7 @@ func (c *hednsProvider) editZoneRecord(zoneID uint64, recordID uint64, rc *model
 		values.Set("Weight", strconv.FormatUint(uint64(rc.SrvWeight), 10))
 		values.Set("Port", strconv.FormatUint(uint64(rc.SrvPort), 10))
 	default:
-		values.Set("Content", rc.GetTargetCombined())
+		values.Set("Content", rc.GetTargetCombinedFunc(txtutil.EncodeQuoted))
 	}
 
 	response, err := c.httpClient.PostForm(apiEndpoint, values)
diff --git a/providers/hetzner/types.go b/providers/hetzner/types.go
index 20dacdfb1e..61125a5d99 100644
--- a/providers/hetzner/types.go
+++ b/providers/hetzner/types.go
@@ -1,9 +1,8 @@
 package hetzner
 
 import (
-	"strings"
-
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 )
 
 type bulkCreateRecordsRequest struct {
@@ -58,7 +57,7 @@ func fromRecordConfig(in *models.RecordConfig, zone *zone) record {
 	r := record{
 		Name:   in.GetLabel(),
 		Type:   in.Type,
-		Value:  in.GetTargetCombined(),
+		Value:  in.GetTargetCombinedFunc(txtutil.EncodeQuoted),
 		TTL:    &in.TTL,
 		ZoneID: zone.ID,
 	}
@@ -88,13 +87,9 @@ func toRecordConfig(domain string, r *record) (*models.RecordConfig, error) {
 	}
 	rc.SetLabel(r.Name, domain)
 
-	value := r.Value
 	// HACK: Hetzner is inserting a trailing space after multiple, quoted values.
 	// NOTE: The actual DNS answer does not contain the space.
+	// NOTE: The txtutil.ParseQuoted parser handles this just fine.
 	// Last checked: 2023-04-01
-	if r.Type == "TXT" && len(value) > 0 && value[len(value)-1] == ' ' {
-		// Per RFC 1035 spaces outside quoted values are irrelevant.
-		value = strings.TrimRight(value, " ")
-	}
-	return &rc, rc.PopulateFromString(r.Type, value, domain)
+	return &rc, rc.PopulateFromStringFunc(r.Type, r.Value, domain, txtutil.ParseQuoted)
 }
diff --git a/providers/hexonet/auditrecords.go b/providers/hexonet/auditrecords.go
index 371bd49373..8a7f7021b8 100644
--- a/providers/hexonet/auditrecords.go
+++ b/providers/hexonet/auditrecords.go
@@ -13,6 +13,8 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2021-10-01
 
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-11-30
+
 	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2020-12-28
 
 	return a.Audit(records)
diff --git a/providers/hexonet/records.go b/providers/hexonet/records.go
index ac313f714f..2ef35aaf70 100644
--- a/providers/hexonet/records.go
+++ b/providers/hexonet/records.go
@@ -3,7 +3,6 @@ package hexonet
 import (
 	"bytes"
 	"fmt"
-	"regexp"
 	"strconv"
 	"strings"
 
@@ -129,10 +128,6 @@ func toRecord(r *HXRecord, origin string) *models.RecordConfig {
 	rc.SetLabelFromFQDN(fqdn, origin)
 
 	switch rtype := r.Type; rtype {
-	case "TXT":
-		if err := rc.SetTargetTXTs(decodeTxt(r.Answer)); err != nil {
-			panic(fmt.Errorf("unparsable TXT record received from hexonet api: %w", err))
-		}
 	case "MX":
 		if err := rc.SetTargetMX(uint16(r.Priority), r.Answer); err != nil {
 			panic(fmt.Errorf("unparsable MX record received from hexonet api: %w", err))
@@ -142,7 +137,7 @@ func toRecord(r *HXRecord, origin string) *models.RecordConfig {
 			panic(fmt.Errorf("unparsable SRV record received from hexonet api: %w", err))
 		}
 	default: // "A", "AAAA", "ANAME", "CNAME", "NS"
-		if err := rc.PopulateFromString(rtype, r.Answer, r.Fqdn); err != nil {
+		if err := rc.PopulateFromStringFunc(rtype, r.Answer, r.Fqdn, txtutil.ParseQuoted); err != nil {
 			panic(fmt.Errorf("unparsable record received from hexonet api: %w", err))
 		}
 	}
@@ -242,7 +237,7 @@ func (n *HXClient) createRecordString(rc *models.RecordConfig, domain string) (s
 	case "CAA":
 		record.Answer = fmt.Sprintf(`%v %s "%s"`, rc.CaaFlag, rc.CaaTag, record.Answer)
 	case "TXT":
-		record.Answer = encodeTxt(rc.GetTargetTXTSegmented())
+		record.Answer = txtutil.EncodeQuoted(rc.GetTargetTXTJoined())
 	case "SRV":
 		if rc.GetTargetField() == "." {
 			return "", fmt.Errorf("SRV records with empty targets are not supported (as of 2020-02-27, the API returns 'Invalid attribute value syntax')")
@@ -266,31 +261,3 @@ func (n *HXClient) createRecordString(rc *models.RecordConfig, domain string) (s
 func (n *HXClient) deleteRecordString(record *HXRecord, domain string) string {
 	return record.Raw
 }
-
-// encodeTxt encodes []string for sending in the CREATE/MODIFY API:
-func encodeTxt(txts []string) string {
-	var r []string
-	for _, txt := range txts {
-		n := `"` + strings.Replace(txt, `"`, `\"`, -1) + `"`
-		r = append(r, n)
-	}
-	return strings.Join(r, " ")
-}
-
-// finds a string surrounded by quotes that might contain an escaped quote character.
-var quotedStringRegexp = regexp.MustCompile(`"((?:[^"\\]|\\.)*)"`)
-
-// decodeTxt decodes the TXT record as received from hexonet api and
-// returns the list of strings.
-func decodeTxt(s string) []string {
-
-	if len(s) >= 2 && s[0] == '"' && s[len(s)-1] == '"' {
-		txtStrings := []string{}
-		for _, t := range quotedStringRegexp.FindAllStringSubmatch(s, -1) {
-			txtString := strings.Replace(t[1], `\"`, `"`, -1)
-			txtStrings = append(txtStrings, txtString)
-		}
-		return txtStrings
-	}
-	return []string{s}
-}
diff --git a/providers/hexonet/records_test.go b/providers/hexonet/records_test.go
deleted file mode 100644
index 8b242931a3..0000000000
--- a/providers/hexonet/records_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package hexonet
-
-import (
-	"strings"
-	"testing"
-)
-
-var txtData = []struct {
-	decoded []string
-	encoded string
-}{
-	{[]string{`simple`}, `"simple"`},
-	{[]string{`changed`}, `"changed"`},
-	{[]string{`with spaces`}, `"with spaces"`},
-	{[]string{`with  whitespace`}, `"with  whitespace"`},
-	{[]string{"one", "two"}, `"one" "two"`},
-	{[]string{"eh", "bee", "cee"}, `"eh" "bee" "cee"`},
-	{[]string{"o\"ne", "tw\"o"}, `"o\"ne" "tw\"o"`},
-	{[]string{"dimple"}, `"dimple"`},
-	{[]string{"fun", "two"}, `"fun" "two"`},
-	{[]string{"eh", "bzz", "cee"}, `"eh" "bzz" "cee"`},
-}
-
-func TestEncodeTxt(t *testing.T) {
-	// Test encoded the lists of strings into a string:
-	for i, test := range txtData {
-		enc := encodeTxt(test.decoded)
-		if enc != test.encoded {
-			t.Errorf("%v: txt\n    data: []string{%v}\nexpected: %q\n     got: %q",
-				i, "`"+strings.Join(test.decoded, "`, `")+"`", test.encoded, enc)
-		}
-	}
-}
-
-func TestDecodeTxt(t *testing.T) {
-	// Test decoded a string into the list of strings:
-	for i, test := range txtData {
-		data := test.encoded
-		got := decodeTxt(data)
-		wanted := test.decoded
-		if len(got) != len(wanted) {
-			t.Errorf("%v: txt\n  decode: %v\nexpected: %q\n     got: %q\n", i, data, strings.Join(wanted, "`, `"), strings.Join(got, "`, `"))
-		} else {
-			for j := range got {
-				if got[j] != wanted[j] {
-					t.Errorf("%v: txt\n  decode: %v\nexpected: %q\n     got: %q\n", i, data, strings.Join(wanted, "`, `"), strings.Join(got, "`, `"))
-				}
-			}
-		}
-	}
-}
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index a2de4cb037..3ac148aedb 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -216,10 +216,8 @@ func checkRecords(records models.Records) error {
 	// TODO(tlim) Remove this function.  auditrecords.go takes care of this now.
 	for _, r := range records {
 		if r.Type == "TXT" {
-			for _, target := range r.GetTargetTXTSegmented() {
-				if strings.ContainsAny(target, "`") {
-					return fmt.Errorf("INWX TXT records do not support single-quotes in their target")
-				}
+			if strings.ContainsAny(r.GetTargetTXTJoined(), "`") {
+				return fmt.Errorf("INWX TXT records do not support single-quotes in their target")
 			}
 		}
 	}
diff --git a/providers/msdns/auditrecords.go b/providers/msdns/auditrecords.go
index f031369f66..8694ffcae9 100644
--- a/providers/msdns/auditrecords.go
+++ b/providers/msdns/auditrecords.go
@@ -19,17 +19,11 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-02-02
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments) // Last verified 2023-02-02
-
-	a.Add("TXT", rejectif.TxtHasSegmentLen256orLonger) // Last verified 2023-02-02
+	a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2023-02-02
 
 	a.Add("TXT", rejectif.TxtHasSingleQuotes) // Last verified 2023-02-02
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-02-02
 
-	a.Add("TXT", rejectif.TxtIsExactlyLen255) // Last verified 2023-02-02
-
-	a.Add("TXT", rejectif.TxtIsExactlyLen255) // Last verified 2023-02-02
-
 	return a.Audit(records)
 }
diff --git a/providers/namedotcom/auditrecords.go b/providers/namedotcom/auditrecords.go
index 2d9a64c847..8e7d0f329d 100644
--- a/providers/namedotcom/auditrecords.go
+++ b/providers/namedotcom/auditrecords.go
@@ -20,7 +20,11 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", MaxLengthNDC) // Last verified 2021-03-01
 
-	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2021-03-01
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-11-18
+
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-11-18
+	// Backslashes may be allowed in the API but the current
+	// encodeTxt/decodeTxt functions don't support backslashes.
 
 	return a.Audit(records)
 }
diff --git a/providers/namedotcom/records.go b/providers/namedotcom/records.go
index af58fde7b1..241d023b6f 100644
--- a/providers/namedotcom/records.go
+++ b/providers/namedotcom/records.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/namedotcom/go/namecom"
 )
 
@@ -154,7 +155,7 @@ func (n *namedotcomProvider) createRecord(rc *models.RecordConfig, domain string
 	case "A", "AAAA", "ANAME", "CNAME", "MX", "NS":
 	// nothing
 	case "TXT":
-	// nothing
+		record.Answer = txtutil.EncodeQuoted(rc.GetTargetTXTJoined())
 	case "SRV":
 		if rc.GetTargetField() == "." {
 			return errors.New("SRV records with empty targets are not supported (as of 2019-11-05, the API returns 'Parameter Value Error - Invalid Srv Format')")
@@ -175,6 +176,7 @@ var quotedStringRegexp = regexp.MustCompile(`"((?:[^"\\]|\\.)*)"`)
 
 // decodeTxt decodes the TXT record as received from name.com and
 // returns the list of strings.
+// NB(tlim): This is very similar to txtutil.ParseQuoted. Maybe replace it some day?
 func decodeTxt(s string) []string {
 
 	if len(s) >= 2 && s[0] == '"' && s[len(s)-1] == '"' {
diff --git a/providers/namedotcom/records_test.go b/providers/namedotcom/records_test.go
index 0424178fd8..033d1f5435 100644
--- a/providers/namedotcom/records_test.go
+++ b/providers/namedotcom/records_test.go
@@ -17,21 +17,13 @@ var txtData = []struct {
 	{[]string{"eh", "bee", "cee"}, `"eh""bee""cee"`},
 	{[]string{"o\"ne", "tw\"o"}, `"o\"ne""tw\"o"`},
 	{[]string{"dimple"}, `dimple`},
+	//{[]string{`back\slash`}, `"back\\slash"`}, // Not yet supported
+	//{[]string{`back\\slash`}, `"back\\\\slash"`}, // Not yet supported
+	//{[]string{`back\\\slash`}, `"back\\\\\\slash"`}, // Not yet supported
 	{[]string{"fun", "two"}, `"fun""two"`},
 	{[]string{"eh", "bzz", "cee"}, `"eh""bzz""cee"`},
 }
 
-// func TestEncodeTxt(t *testing.T) {
-// 	// Test encoded the lists of strings into a string:
-// 	for i, test := range txtData {
-// 		enc := encodeTxt(test.decoded)
-// 		if enc != test.encoded {
-// 			t.Errorf("%v: txt\n    data: []string{%v}\nexpected: %s\n     got: %s",
-// 				i, "`"+strings.Join(test.decoded, "`, `")+"`", test.encoded, enc)
-// 		}
-// 	}
-//}
-
 func TestDecodeTxt(t *testing.T) {
 	// Test decoded a string into the list of strings:
 	for i, test := range txtData {
diff --git a/providers/ns1/auditrecords.go b/providers/ns1/auditrecords.go
index d30fc86109..60a0827930 100644
--- a/providers/ns1/auditrecords.go
+++ b/providers/ns1/auditrecords.go
@@ -11,7 +11,7 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments)
+	a.Add("TXT", rejectif.TxtIsEmpty)
 
 	return a.Audit(records)
 }
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index a92db2860d..78c466252e 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -302,7 +302,7 @@ func buildRecord(recs models.Records, domain string, id string) *dns.Record {
 		if r.Type == "MX" {
 			rec.AddAnswer(&dns.Answer{Rdata: strings.Fields(fmt.Sprintf("%d %v", r.MxPreference, r.GetTargetField()))})
 		} else if r.Type == "TXT" {
-			rec.AddAnswer(&dns.Answer{Rdata: r.GetTargetTXTSegmented()})
+			rec.AddAnswer(&dns.Answer{Rdata: []string{r.GetTargetTXTJoined()}})
 		} else if r.Type == "CAA" {
 			rec.AddAnswer(&dns.Answer{
 				Rdata: []string{
diff --git a/providers/powerdns/convert_test.go b/providers/powerdns/convert_test.go
index a88fd29109..49779a933c 100644
--- a/providers/powerdns/convert_test.go
+++ b/providers/powerdns/convert_test.go
@@ -29,7 +29,8 @@ func TestToRecordConfig(t *testing.T) {
 
 	assert.NoError(t, err)
 	assert.Equal(t, "large.example.com", recordConfig.NameFQDN)
-	assert.Equal(t, largeContent, recordConfig.String())
+	assert.Equal(t, `"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"`,
+		recordConfig.String())
 	assert.Equal(t, uint32(5), recordConfig.TTL)
 	assert.Equal(t, "TXT", recordConfig.Type)
 }
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index b1458d370c..b9af6c1289 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -345,7 +345,7 @@ func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 
 				for _, r := range inst.New {
 					rr := r53Types.ResourceRecord{
-						Value: aws.String(r.GetTargetCombined()),
+						Value: aws.String(r.GetTargetCombinedFunc(txtutil.EncodeQuoted)),
 					}
 					rrset.ResourceRecords = append(rrset.ResourceRecords, rr)
 					i := int64(r.TTL)
@@ -488,17 +488,10 @@ func nativeToRecords(set r53Types.ResourceRecordSet, origin string) ([]*models.R
 					}
 				}
 
-				var err error
 				rc := &models.RecordConfig{TTL: uint32(aws.ToInt64(set.TTL))}
 				rc.SetLabelFromFQDN(unescape(set.Name), origin)
 				rc.Original = set
-				switch rtypeString {
-				case "TXT":
-					err = rc.SetTargetTXTs(models.ParseQuotedTxt(val))
-				default:
-					err = rc.PopulateFromString(rtypeString, val, origin)
-				}
-				if err != nil {
+				if err := rc.PopulateFromStringFunc(rtypeString, val, origin, txtutil.ParseQuoted); err != nil {
 					return nil, fmt.Errorf("unparsable record type=%q received from ROUTE53: %w", rtypeString, err)
 				}
 
diff --git a/providers/rwth/auditrecords.go b/providers/rwth/auditrecords.go
index fee9c390cc..15d5116775 100644
--- a/providers/rwth/auditrecords.go
+++ b/providers/rwth/auditrecords.go
@@ -11,8 +11,6 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments)
-
 	a.Add("TXT", rejectif.TxtHasTrailingSpace)
 
 	a.Add("TXT", rejectif.TxtIsEmpty)
diff --git a/providers/transip/auditrecords.go b/providers/transip/auditrecords.go
index fd6729c449..8004671b14 100644
--- a/providers/transip/auditrecords.go
+++ b/providers/transip/auditrecords.go
@@ -11,13 +11,13 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("MX", rejectif.MxNull) // Last verified 2023-01-28
+	a.Add("MX", rejectif.MxNull) // Last verified 2023-12-04
 
-	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2023-01-28
+	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2023-12-04
 
-	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-01-28
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-12-04
 
-	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-01-28
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-12-04
 
 	return a.Audit(records)
 }
diff --git a/providers/transip/slashes.go b/providers/transip/slashes.go
deleted file mode 100644
index 1f322da32c..0000000000
--- a/providers/transip/slashes.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package transip
-
-import (
-	"regexp"
-)
-
-var removeSlashesRegexp = regexp.MustCompile(`(?:\\(\\)+)|(?:\\)`)
-
-func removeSlashes(s string) string {
-	return removeSlashesRegexp.ReplaceAllString(s, "$1")
-}
diff --git a/providers/transip/slashes_test.go b/providers/transip/slashes_test.go
deleted file mode 100644
index e17778032b..0000000000
--- a/providers/transip/slashes_test.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package transip
-
-import (
-	"testing"
-)
-
-func TestRemoveSlashes(t *testing.T) {
-
-	data := [][]string{
-		{
-			`quote"d`, `quote"d`,
-			`quote\"d`, `quote"d`,
-			`quote\\"d`, `quote\"d`,
-			`m\o\\r\\\\e`, `mo\r\\e`,
-		},
-	}
-
-	for _, testCase := range data {
-		result := removeSlashes(testCase[0])
-		if result != testCase[1] {
-			t.Fatalf(`Failed on "%s". Expected "%s"; got "%s".`, testCase[0], testCase[1], result)
-		}
-	}
-
-}
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index f273c9241b..021d0eb8f1 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/transip/gotransip/v6"
 	"github.com/transip/gotransip/v6/domain"
@@ -299,6 +300,7 @@ func (n *transipProvider) GetNameservers(domainName string) ([]*models.Nameserve
 	return models.ToNameservers(nss)
 }
 
+// recordToNative convrts RecordConfig TO Native.
 func recordToNative(config *models.RecordConfig, useOriginal bool) (domain.DNSEntry, error) {
 	if useOriginal && config.Original != nil {
 		return config.Original.(domain.DNSEntry), nil
@@ -308,10 +310,11 @@ func recordToNative(config *models.RecordConfig, useOriginal bool) (domain.DNSEn
 		Name:    config.Name,
 		Expire:  int(config.TTL),
 		Type:    config.Type,
-		Content: getTargetRecordContent(config),
+		Content: config.GetTargetCombinedFunc(txtutil.EncodeQuoted),
 	}, nil
 }
 
+// nativeToRecord converts native to RecordConfig.
 func nativeToRecord(entry domain.DNSEntry, origin string) (*models.RecordConfig, error) {
 	rc := &models.RecordConfig{
 		TTL:      uint32(entry.Expire),
@@ -319,7 +322,7 @@ func nativeToRecord(entry domain.DNSEntry, origin string) (*models.RecordConfig,
 		Original: entry,
 	}
 	rc.SetLabel(entry.Name, origin)
-	if err := rc.PopulateFromString(entry.Type, entry.Content, origin); err != nil {
+	if err := rc.PopulateFromStringFunc(entry.Type, entry.Content, origin, txtutil.ParseQuoted); err != nil {
 		return nil, fmt.Errorf("unparsable record received from TransIP: %w", err)
 	}
 
@@ -338,18 +341,3 @@ func removeOtherNS(dc *models.DomainConfig) {
 	}
 	dc.Records = newList
 }
-
-func getTargetRecordContent(rc *models.RecordConfig) string {
-	switch rtype := rc.Type; rtype {
-	case "SSHFP":
-		return fmt.Sprintf("%d %d %s", rc.SshfpAlgorithm, rc.SshfpFingerprint, rc.GetTargetField())
-	case "DS":
-		return fmt.Sprintf("%d %d %d %s", rc.DsKeyTag, rc.DsAlgorithm, rc.DsDigestType, rc.DsDigest)
-	case "SRV":
-		return fmt.Sprintf("%d %d %d %s", rc.SrvPriority, rc.SrvWeight, rc.SrvPort, rc.GetTargetField())
-	case "TXT":
-		return removeSlashes(models.StripQuotes(rc.GetTargetCombined()))
-	default:
-		return models.StripQuotes(rc.GetTargetCombined())
-	}
-}
diff --git a/providers/vultr/auditrecords.go b/providers/vultr/auditrecords.go
index e6aed47590..72653d0e59 100644
--- a/providers/vultr/auditrecords.go
+++ b/providers/vultr/auditrecords.go
@@ -17,8 +17,6 @@ func AuditRecords(records []*models.RecordConfig) []error {
 	// Needs investigation. Could be a dnscontrol issue or
 	// the provider doesn't support double quotes.
 
-	a.Add("TXT", rejectif.TxtHasMultipleSegments)
-
 	a.Add("CAA", rejectif.CaaTargetContainsWhitespace) // Last verified 2023-01-19
 
 	return a.Audit(records)

From 3ed24a9af6b042114eff0a87bd352912ad753e92 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 5 Dec 2023 14:46:51 +0100
Subject: [PATCH 050/438] DOCS: Rename build filenames (#2681)

---
 README.md                            |  2 +-
 documentation/byo-secrets.md         | 10 +++++-----
 documentation/release-engineering.md |  4 ++--
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index bacfcf734a..15a0b989c3 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # DNSControl
 
-[![StackExchange/dnscontrol/build](https://github.com/StackExchange/dnscontrol/actions/workflows/build.yml/badge.svg)](https://github.com/StackExchange/dnscontrol/actions/workflows/build.yml)
+[![StackExchange/dnscontrol/build](https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml/badge.svg)](https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml)
 [![Gitter chat](https://badges.gitter.im/dnscontrol/Lobby.png)](https://gitter.im/dnscontrol/Lobby)
 [![Google Group](https://img.shields.io/badge/google%20group-chat-green.svg)](https://groups.google.com/forum/#!forum/dnscontrol-discuss)
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/StackExchange/dnscontrol)](https://pkg.go.dev/github.com/StackExchange/dnscontrol/v4)
diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
index 7b2e41ed57..20450d561e 100644
--- a/documentation/byo-secrets.md
+++ b/documentation/byo-secrets.md
@@ -62,16 +62,16 @@ Step 1: Create a branch
 
 Create a branch as you normally would to submit a PR to the project.
 
-Step 2: Update `build.yml`
+Step 2: Update `pr_test.yml`
 
-In this branch, edit `.github/workflows/build.yml`:
+In this branch, edit `.github/workflows/pr_test.yml`:
 
 1. In the `integration-test-providers` section, the name of the provider.
 
 Add your provider's name (alphabetically).
 The line looks something like:
 
-{% code title=".github/workflows/build.yml" %}
+{% code title=".github/workflows/pr_test.yml" %}
 ```
         PROVIDERS: "['BIND','HEXONET','AZURE_DNS','CLOUDFLAREAPI','GCLOUD','NAMEDOTCOM','ROUTE53','CLOUDNS','DIGITALOCEAN','GANDI_V5','HEDNS','INWX','NS1','POWERDNS','TRANSIP']"
 ```
@@ -83,7 +83,7 @@ Add it to the `env` section of `integrtests-diff2`.
 
 For example, the entry for BIND looks like:
 
-{% code title=".github/workflows/build.yml" %}
+{% code title=".github/workflows/pr_test.yml" %}
 ```
         BIND_DOMAIN: ${{ vars.BIND_DOMAIN }}
 ```
@@ -95,7 +95,7 @@ If there are other env variables (for example, for an API key), add that as a "s
 
 For example, the entry for CLOUDFLAREAPI looks like this:
 
-{% code title=".github/workflows/build.yml" %}
+{% code title=".github/workflows/pr_test.yml" %}
 ```
         CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
         CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index 17e21f07d6..1c66739ab4 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -130,7 +130,7 @@ find * -name \*.bak -delete
 GHA is configured to run an integration test for any provider listed in the "provider" list. However the test is skipped if the `*_DOMAIN` variable is not set. For example, the Google Cloud provider integration test is only run if `GCLOUD_DOMAIN` is set.
 
 * Q: Where is the list of providers to run integration tests on?
-* A: In `.github/workflows/build.yml`: (1) the "PROVIDERS" list, (2) the `integrtests-diff2` section.
+* A: In `.github/workflows/pr_test.yml`: (1) the "PROVIDERS" list, (2) the `integrtests-diff2` section.
 
 * Q: Where are non-secret environment variables stored?
 * A: GHA calls them "Variables". Update them here: https://github.com/StackExchange/dnscontrol/settings/variables/actions
@@ -140,7 +140,7 @@ GHA is configured to run an integration test for any provider listed in the "pro
 
 ### How do I add a single new integration test?
 
-1. Edit `.github/workflows/build.yml`
+1. Edit `.github/workflows/pr_test.yml`
 2. Add the `FOO_DOMAIN` variable name of the provider to the "PROVIDERS" list.
 3. Set the `FOO_DOMAIN` variables in GHA via https://github.com/StackExchange/dnscontrol/settings/variables/actions
 4. All other variables should be stored as secrets (for consistency).  Add them to the `integrtests-diff2` section.

From 76d93acaf5ea098eb68b0ad103a43288c8d169b5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 5 Dec 2023 09:47:52 -0500
Subject: [PATCH 051/438] CHORE: Remove dead code: txtutil.SplitSingleLongTxt()
 and txtutil.Segment() (#2685)

---
 pkg/txtutil/txtutil.go                                 | 10 ----------
 providers/akamaiedgedns/akamaiEdgeDnsProvider.go       |  3 ---
 providers/autodns/autoDnsProvider.go                   |  2 --
 providers/axfrddns/axfrddnsProvider.go                 |  3 ---
 providers/azure_private_dns/azurePrivateDnsProvider.go |  3 ---
 providers/azuredns/azureDnsProvider.go                 |  3 ---
 providers/bind/bindProvider.go                         |  2 --
 providers/cscglobal/convert.go                         |  2 --
 providers/desec/desecProvider.go                       |  3 ---
 providers/digitalocean/digitaloceanProvider.go         |  3 ---
 providers/dnsmadeeasy/dnsMadeEasyProvider.go           |  3 ---
 providers/gandiv5/gandi_v5Provider.go                  |  2 --
 providers/gcloud/gcloudProvider.go                     |  2 --
 providers/hedns/hednsProvider.go                       |  3 ---
 providers/hetzner/hetznerProvider.go                   |  3 ---
 providers/hexonet/records.go                           |  2 --
 providers/inwx/inwxProvider.go                         |  4 ----
 providers/loopia/loopiaProvider.go                     |  3 ---
 providers/msdns/corrections.go                         |  3 ---
 providers/netcup/netcupProvider.go                     |  3 ---
 providers/oracle/oracleProvider.go                     |  2 --
 providers/route53/route53Provider.go                   |  2 --
 providers/rwth/dns.go                                  |  2 --
 23 files changed, 68 deletions(-)

diff --git a/pkg/txtutil/txtutil.go b/pkg/txtutil/txtutil.go
index 55045b8c29..a6caf5e05e 100644
--- a/pkg/txtutil/txtutil.go
+++ b/pkg/txtutil/txtutil.go
@@ -1,20 +1,10 @@
 package txtutil
 
-// SplitSingleLongTxt does nothing.
-// Deprecated: This is a no-op for backwards compatibility.
-func SplitSingleLongTxt(records any) {
-}
-
 // ToChunks returns the string as chunks of 255-octet strings (the last string being the remainder).
 func ToChunks(s string) []string {
 	return splitChunks(s, 255)
 }
 
-// Segment returns the string as 255-octet segments, the last being the remainder.
-func Segment(s string) []string {
-	return splitChunks(s, 255)
-}
-
 func splitChunks(buf string, lim int) []string {
 	var chunk string
 	chunks := make([]string, 0, len(buf)/lim+1)
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index a42fe4b523..7d1fabda16 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -17,7 +17,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -106,8 +105,6 @@ func (a *edgeDNSProvider) EnsureZoneExists(domain string) error {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (a *edgeDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(existingRecords)
-
 	keysToUpdate, toReport, err := diff.NewCompat(dc).ChangedGroups(existingRecords)
 	if err != nil {
 		return nil, err
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 6da132afe9..91d6f65f86 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -11,7 +11,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -68,7 +67,6 @@ func New(settings map[string]string, _ json.RawMessage) (providers.DNSServicePro
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 	domain := dc.Name
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 
 	var corrections []*models.Correction
 
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index f283ee9418..3fba136889 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -25,7 +25,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/fatih/color"
 	"github.com/miekg/dns"
@@ -410,8 +409,6 @@ func hasNSDeletion(changes diff2.ChangeList) bool {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *axfrddnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(foundRecords) // Autosplit long TXT records
-
 	// Ignoring the SOA, others providers don't manage it either.
 	if len(foundRecords) >= 1 && foundRecords[0].Type == "SOA" {
 		foundRecords = foundRecords[1:]
diff --git a/providers/azure_private_dns/azurePrivateDnsProvider.go b/providers/azure_private_dns/azurePrivateDnsProvider.go
index 7ba34adc03..c798532dae 100644
--- a/providers/azure_private_dns/azurePrivateDnsProvider.go
+++ b/providers/azure_private_dns/azurePrivateDnsProvider.go
@@ -14,7 +14,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -183,8 +182,6 @@ func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(existingRecords) // Autosplit long TXT records
-
 	var corrections []*models.Correction
 
 	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 105e46e6e5..abe8c46dda 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -14,7 +14,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -193,8 +192,6 @@ func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(existingRecords) // Autosplit long TXT records
-
 	var corrections []*models.Correction
 
 	// Azure is a "ByRecordSet" API.
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 16a502553a..46f22f2091 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -25,7 +25,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/prettyzone"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns"
 )
@@ -210,7 +209,6 @@ func ParseZoneContents(content string, zoneName string, zonefileName string) (mo
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records)
 	var corrections []*models.Correction
 
 	changes := false
diff --git a/providers/cscglobal/convert.go b/providers/cscglobal/convert.go
index 6050cd8ec2..4ffab7c17e 100644
--- a/providers/cscglobal/convert.go
+++ b/providers/cscglobal/convert.go
@@ -6,7 +6,6 @@ import (
 	"net"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
-	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 )
 
 // nativeToRecordA takes an A record from DNS and returns a native RecordConfig struct.
@@ -65,7 +64,6 @@ func nativeToRecordTXT(nr nativeRecordTXT, origin string, defaultTTL uint32) *mo
 		TTL:  ttl,
 	}
 	rc.SetLabel(nr.Key, origin)
-	printer.Printf("DEBUG: inbound raw s=%s\n", nr.Value)
 	rc.SetTargetTXT(nr.Value)
 	return rc
 }
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 34201f0130..4142e463fd 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -8,7 +8,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns/dnsutil"
 )
@@ -150,8 +149,6 @@ func PrepDesiredRecords(dc *models.DomainConfig, minTTL uint32) {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records)
-
 	var minTTL uint32
 	c.mutex.Lock()
 	if ttl, ok := c.domainIndex[dc.Name]; !ok {
diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 62ec0d7dd9..7ae78e34a9 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -10,7 +10,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/digitalocean/godo"
 	"github.com/miekg/dns/dnsutil"
@@ -168,8 +167,6 @@ func (api *digitaloceanProvider) GetZoneRecords(domain string, meta map[string]s
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	ctx := context.Background()
 
 	toReport, toCreate, toDelete, toModify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
diff --git a/providers/dnsmadeeasy/dnsMadeEasyProvider.go b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
index 3e6f1eb31e..2917ad82e1 100644
--- a/providers/dnsmadeeasy/dnsMadeEasyProvider.go
+++ b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -99,8 +98,6 @@ func New(settings map[string]string, _ json.RawMessage) (providers.DNSServicePro
 // }
 
 func (api *dnsMadeEasyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	domainName := dc.Name
 	domain, err := api.findDomain(domainName)
 	if err != nil {
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 0aedb7aed3..5d661763ac 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -24,7 +24,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/go-gandi/go-gandi"
 	"github.com/go-gandi/go-gandi/config"
@@ -195,7 +194,6 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 	}
 
 	PrepDesiredRecords(dc)
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 
 	g := gandi.NewLiveDNSClient(config.Config{
 		APIKey:    client.apikey,
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 6652c2691c..31f6e7f4d2 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -259,8 +259,6 @@ type correctionValues struct {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	oldRRs, ok := g.oldRRsMap[dc.Name]
 	if !ok {
 		return nil, fmt.Errorf("oldRRsMap: no zone named %q", dc.Name)
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index d7d70fd97c..da506439b4 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -191,9 +191,6 @@ func (c *hednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, recor
 		}
 	}
 
-	// Normalize
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	return c.getDiff2DomainCorrections(dc, zoneID, prunedRecords)
 }
 
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index 0c373c94cb..fb638f39e4 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -7,7 +7,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
 
@@ -72,8 +71,6 @@ func (api *hetznerProvider) EnsureZoneExists(domain string) error {
 func (api *hetznerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 	domain := dc.Name
 
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
 		return nil, err
diff --git a/providers/hexonet/records.go b/providers/hexonet/records.go
index 2ef35aaf70..2408b2456b 100644
--- a/providers/hexonet/records.go
+++ b/providers/hexonet/records.go
@@ -57,8 +57,6 @@ func (n *HXClient) GetZoneRecords(domain string, meta map[string]string) (models
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records)
-
 	toReport, create, del, mod, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
 		return nil, err
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 3ac148aedb..c511d85b6a 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -10,7 +10,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/nrdcg/goinwx"
 	"github.com/pquerna/otp/totp"
@@ -226,9 +225,6 @@ func checkRecords(records models.Records) error {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (api *inwxAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
-
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	err := checkRecords(dc.Records)
 	if err != nil {
 		return nil, err
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index 96815a9b52..896d123078 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -25,7 +25,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns/dnsutil"
 )
@@ -271,8 +270,6 @@ func (c *APIClient) GetZoneRecordsCorrections(dc *models.DomainConfig, existingR
 		debugRecords("GenerateZoneRecordsCorrections input:\n", existingRecords)
 	}
 
-	// Normalize
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 	PrepDesiredRecords(dc)
 
 	var keysToUpdate map[models.RecordKey][]string
diff --git a/providers/msdns/corrections.go b/providers/msdns/corrections.go
index f58e2ba20c..32cd6197aa 100644
--- a/providers/msdns/corrections.go
+++ b/providers/msdns/corrections.go
@@ -5,16 +5,13 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 )
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (client *msdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
 	var corrections []*models.Correction
 
-	// Normalize
 	models.PostProcessRecords(foundRecords)
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 
 	changes, err := diff2.ByRecord(foundRecords, dc, nil)
 	if err != nil {
diff --git a/providers/netcup/netcupProvider.go b/providers/netcup/netcupProvider.go
index e55901772d..2fa866b319 100644
--- a/providers/netcup/netcupProvider.go
+++ b/providers/netcup/netcupProvider.go
@@ -71,9 +71,6 @@ func (api *netcupProvider) GetNameservers(domain string) ([]*models.Nameserver,
 func (api *netcupProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 	domain := dc.Name
 
-	// no need for txtutil.SplitSingleLongTxt in function GetDomainCorrections
-	// txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	// Setting the TTL is not supported for netcup
 	for _, r := range dc.Records {
 		r.TTL = 0
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 892e6cee8a..aac6204fc5 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -9,7 +9,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/oracle/oci-go-sdk/v32/common"
 	"github.com/oracle/oci-go-sdk/v32/dns"
@@ -204,7 +203,6 @@ func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (mo
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 	var err error
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 
 	// Ensure we don't emit changes for attempted modification of built-in apex NSs
 	for _, rec := range dc.Records {
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index b9af6c1289..fb0568e87a 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -279,8 +279,6 @@ func (r *route53Provider) getZoneRecords(zone r53Types.HostedZone) (models.Recor
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
-
 	zone, err := r.getZone(dc)
 	if err != nil {
 		return nil, err
diff --git a/providers/rwth/dns.go b/providers/rwth/dns.go
index 88b31e6e7e..5ab10d9fc7 100644
--- a/providers/rwth/dns.go
+++ b/providers/rwth/dns.go
@@ -5,7 +5,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 )
 
 // RWTHDefaultNs is the default DNS NS for this provider.
@@ -31,7 +30,6 @@ func (api *rwthProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (api *rwthProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	txtutil.SplitSingleLongTxt(dc.Records) // Autosplit long TXT records
 	domain := dc.Name
 
 	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)

From 57216f07f1d59d1453752344f1f88084b7853b21 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 5 Dec 2023 10:01:55 -0500
Subject: [PATCH 052/438] DOCS: Update docs related to diff2 and clean up
 useless mentions of diff2 (#2683)

Co-authored-by: Costas Drogos <costas.drogos@gmail.com>
Co-authored-by: imlonghao <git@imlonghao.com>
Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
Co-authored-by: Vincent Hagen <blackshadev@users.noreply.github.com>
---
 .github/workflows/pr_test.yml        |  2 +-
 documentation/byo-secrets.md         |  2 +-
 documentation/release-engineering.md |  2 +-
 documentation/writing-providers.md   | 67 ++++++++++------------------
 4 files changed, 27 insertions(+), 46 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 8727f721c1..7520eb7d0d 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -91,7 +91,7 @@ jobs:
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
-  integrtests-diff2:
+  integration-tests:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     container:
diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
index 20450d561e..d4d650bd18 100644
--- a/documentation/byo-secrets.md
+++ b/documentation/byo-secrets.md
@@ -79,7 +79,7 @@ The line looks something like:
 
 2. Add your providers `_DOMAIN` env variable:
 
-Add it to the `env` section of `integrtests-diff2`.
+Add it to the `env` section of `integration-tests`.
 
 For example, the entry for BIND looks like:
 
diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index 1c66739ab4..8f1302fc68 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -143,7 +143,7 @@ GHA is configured to run an integration test for any provider listed in the "pro
 1. Edit `.github/workflows/pr_test.yml`
 2. Add the `FOO_DOMAIN` variable name of the provider to the "PROVIDERS" list.
 3. Set the `FOO_DOMAIN` variables in GHA via https://github.com/StackExchange/dnscontrol/settings/variables/actions
-4. All other variables should be stored as secrets (for consistency).  Add them to the `integrtests-diff2` section.
+4. All other variables should be stored as secrets (for consistency).  Add them to the `integration-tests` section.
 Set them in GHA via https://github.com/StackExchange/dnscontrol/settings/secrets/actions
 
 ### How do I add a "bring your own keys" integration test?
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 791a2bc6dd..1e44de3630 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -67,62 +67,42 @@ was confusing so we can update this document with advice for future
 authors (or even better, update [this document](https://github.com/StackExchange/dnscontrol/blob/master/documentation/writing-providers.md)
 yourself.)
 
-## NOTE: diff2
-
-We are in the process of changing how providers work. Sadly this document
-hasn't been fully updated yet.
-
-We are in the process of changing all providers from using `pkg/diff` to
-`pkg/diff2`.  diff2 is much easier to use as it does all the hard work for you.
-Providers are easier to write, there's less code for you to write, and fewer
-chances to make mistakes.
+## Step 2: Pick a base provider
 
-New providers only need to implement diff2.  Older providers are implemented
-both ways, with a flag (`--diff2`) enabling the newer code.  Soon the new code
-will become the default, then the old code will be removed.
+It's a good idea to start by copying a similar provider.
 
-The file `pkg/diff2/diff2.go` has instructions about how to use the new diff2 system.
-You can also do `grep diff2.By providers/*/*.go` to find providers that use
-the new system.
+How can you tell a provider is similar?
 
-Each DNS provider's API is different.  Some update one DNS record at a time.
+Each DNS provider's API falls into one of 4 category. Some update one DNS record at a time.
 Others, the only change they permit is to upload the entire zone even if only one record changed!
 Others are somewhere in between: all records at a label must be updated at once, or all records
-in a RecordSet (the label + rType).  diff2 provides functions for all of these situations:
+in a RecordSet (the label + rType).
 
-diff2.ByRecord() -- Updates are done one DNS record at a time. New records are added. Changes and deletes refer to an ID assigned to the record by the provider.
-diff2.ByLabel() -- Updates are done for an entire label. Adds and changes are done by sending one or more records that will appear at that label (i.e. www.example.com). Deletes delete all records at that label.
-diff2.ByRecordSet() -- Similar to ByLabel() but updates are done on the label+type level. If www.example.com has 2 A records and 2 MX records, 
+In summary, provider APIs basically fall into four general categories:
 
+* Updates are done one record at a time (Record)
+* Updates are done one label at a time (Label)
+* Updates are done one label+type at a time (RecordSet)
+* Updates require the entire zone to be uploaded (Zone).
 
+To determine your provider's category, review your API documentation.
 
+To determine an existing provider's category, see which `diff2.By*()` function is used.
 
-## Step 2: Pick a base provider
-
-Pick a similar provider as your base.  Providers basically fall
-into three general categories:
-
-NOTE: diff2 changes this.  For now, you can simply run `grep diff2.By providers/*/*.go` to see which
-providers use ByZone, ByLabel, ByRecord, ByRecordSet and pick a similar provider to copy from.
+DNSControl provides 4 helper functions that do all the hard work for
+you.  As input, they take the existing zone (what was downloaded via
+the API) and the desired zone (what is in `dnsconfig.js`).  They
+return a list of instructions. Implement handlers for the instructions
+and DNSControl is able to perform `dnscontrol push`.
 
-* **zone:** The API requires you to upload the entire zone every time. (BIND, NAMECHEAP).
-* **incremental-record:** The API lets you add/change/delete individual DNS records. (CLOUDFLARE, DNSIMPLE, NAMEDOTCOM, GCLOUD, HEXONET)
-* **incremental-label:** Like incremental-record, but if there are
-  multiple records on a label (for example, example www.example.com
-has A and MX records), you have to replace all the records at that
-label. (GANDI_V5)
-* **incremental-label-type:** Like incremental-record, but updates to any records at a label have to be done by type.  For example, if a label (www.example.com) has many A and MX records, even the smallest change to one of the A records requires replacing all the A records. Any changes to the MX records requires replacing all the MX records.  If an A record is converted to a CNAME, one must remove all the A records in one call, and add the CNAME record with another call.  This is deceptively difficult to get right; if you have the choice between incremental-label-type and incremental-label, pick incremental-label. (DESEC, ROUTE53)
-* **registrar only:** These providers are registrars but do not provide DNS service. (EASYNAME, INTERNETBS, OPENSRS)
+The functions are:
 
-All DNS providers use the "diff" module to detect differences. It takes
-two zones and returns records that are unchanged, created, deleted,
-and modified.
-The zone providers use the
-information to print a human-readable list of what is being changed,
-but upload the entire new zone.
-The incremental providers use the differences to
-update individual records or recordsets.
+* diff2.ByRecord() -- Updates are done one DNS record at a time. New records are added. Changes and deletes refer to an ID assigned to the record by the provider.
+* diff2.ByLabel() -- Updates are done for an entire label. Adds and changes are done by sending one or more records that will appear at that label (i.e. www.example.com). Deletes delete all records at that label.
+* diff2.ByRecordSet() -- Similar to ByLabel() but updates are done on the label+type level. If www.example.com has 2 A records and 2 MX records, updates must replace all the A records, or all the MX records, or add records of a different type.
+* diff2.ByZone() -- Updates are done by uploading the entire zone every time.
 
+The file `pkg/diff2/diff2.go` has instructions about how to use the diff2 system.
 
 ## Step 3: Create the driver skeleton
 
@@ -134,6 +114,7 @@ The main driver should be called `providers/name/nameProvider.go`.
 The API abstraction is usually in a separate file (often called
 `api.go`).
 
+Directory names should be consitent.  It should be all lowercase and match the ALLCAPS provider name.
 
 ## Step 4: Activate the driver
 

From 4e8fb894ef66528b4a9d53a877d25ed341ac55ba Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 5 Dec 2023 10:02:55 -0500
Subject: [PATCH 053/438] CSCGLOBAL: Be less noisy about rate limit delays
 (#2686)

---
 providers/cscglobal/api.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/cscglobal/api.go b/providers/cscglobal/api.go
index 6ae57f5c61..161acccc46 100644
--- a/providers/cscglobal/api.go
+++ b/providers/cscglobal/api.go
@@ -647,7 +647,7 @@ func (client *providerClient) geturl(url string) ([]byte, error) {
 	// Default CSCGlobal rate limit is twenty requests per second
 	var backoff = time.Second
 
-	const maxBackoff = time.Second * 15
+	const maxBackoff = time.Second * 25
 
 retry:
 	resp, err := hclient.Do(req)
@@ -666,9 +666,9 @@ retry:
 
 		if string(bodyString) == "Requests exceeded API Rate limit." {
 			// a simple exponential back-off with a 3-minute max.
-			if backoff > 10 {
+			if backoff > (time.Second * 10) {
 				// With this provider backups seem to be pretty common. Only
-				// announce it when the problem gets really bad.
+				// announce it for long delays.
 				printer.Printf("Delaying %v due to ratelimit (CSCGLOBAL)\n", backoff)
 			}
 			time.Sleep(backoff)

From dbb724b911477a0a696d5a4aa18fe31d1c0c4ecf Mon Sep 17 00:00:00 2001
From: Jan-Philipp Benecke <jan-philipp@bnck.me>
Date: Tue, 5 Dec 2023 22:50:25 +0100
Subject: [PATCH 054/438] CLOUDFLARE: Fixed bug: Zone not populated with
 records if domain was created in the same run (#2690)

Signed-off-by: Jan-Philipp Benecke <jan-philipp@bnck.me>
---
 providers/cloudflare/cloudflareProvider.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 432de0cf97..8a502810b2 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -823,6 +823,7 @@ func (c *cloudflareProvider) EnsureZoneExists(domain string) error {
 	var id string
 	id, err := c.createZone(domain)
 	printer.Printf("Added zone for %s to Cloudflare account: %s\n", domain, id)
+	c.domainIndex = nil // clear the index to let the following functions get a fresh list with nameservers etc..
 	return err
 }
 

From 8541fb8510543ad77b780012123107561439126f Mon Sep 17 00:00:00 2001
From: Matthew Gamble <mgamble@mgamble.ca>
Date: Tue, 5 Dec 2023 16:59:32 -0500
Subject: [PATCH 055/438] AZURE_PRIVATE_DNS: Enable building this provider by
 default (#2688)

---
 providers/_all/all.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/providers/_all/all.go b/providers/_all/all.go
index 9f6ab843b6..e1b450afa9 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -6,6 +6,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/akamaiedgedns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/autodns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/axfrddns"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/azure_private_dns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/azuredns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/bind"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudflare"

From 742eaaf75fa0ad196aa1171de4e583122fa3467c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 6 Dec 2023 14:45:51 -0500
Subject: [PATCH 056/438] MSDNS: Remove pssession from docs (it doesn't work)
 (#2689)

---
 documentation/providers/msdns.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/documentation/providers/msdns.md b/documentation/providers/msdns.md
index 31eb419dd2..d3991d3457 100644
--- a/documentation/providers/msdns.md
+++ b/documentation/providers/msdns.md
@@ -13,8 +13,6 @@ DNSControl will use `New-PSSession` to execute the commands remotely if
   DNS and DNSControl are both updating a zone, there will be
   unhappiness.  DNSControl will blindly remove the dynamic records
   unless precautions such as `IGNORE*` and `NO_PURGE` are in use.
-* This is a new provider and has not been tested extensively,
-  especially the `pssession` feature.
 
 # Running on Non-Windows systems
 
@@ -30,7 +28,6 @@ To use this provider, add an entry to `creds.json` with `TYPE` set to `MSDNS`
 along with other settings:
 
 * `dnsserver`: (optional) the name of the Microsoft DNS Server to communicate with.
-* `pssession`: (optional) the name of the PowerShell PSSession host to run commands on.
 * `psusername`: (optional) the username to connect to the PowerShell PSSession host.
 * `pspassword`: (optional) the password to connect to the PowerShell PSSession host.
 
@@ -42,7 +39,6 @@ Example:
   "msdns": {
     "TYPE": "MSDNS",
     "dnsserver": "ny-dc01",
-    "pssession": "mywindowshost",
     "psusername": "mywindowsusername",
     "pspassword": "mysupersecurepassword"
   }

From 7e5d0881b19629025ff2ab6e8f36300cd72fcf05 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 6 Dec 2023 22:19:51 +0100
Subject: [PATCH 057/438] DOCS: Providers: Fixed the broken absolute link
 (#2696)

---
 documentation/providers.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 1ab8aac789..e65109c0c8 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -168,7 +168,7 @@ code to support this provider, we'd be glad to help in any way.
 
 #### Q: Why are the above GitHub issues marked "closed"?
 
-A: Following [the bug triage process](/developer-info/bug-triage), the request
+A: Following [the bug triage process](bug-triage.md), the request
 is closed once it is added to this list. If someone chooses to implement the
 provider, they re-open the issue.
 

From 9fd65daf5cbab4d5223862ccf195dfda3003724d Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 6 Dec 2023 22:20:59 +0100
Subject: [PATCH 058/438] DOCS: Removed the (by GitBook) broken GitHub links
 (#2694)

---
 documentation/writing-providers.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 1e44de3630..a9f422ab7b 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -203,11 +203,11 @@ an automated way to test for this bug.  The manual steps are here in
 
 ## Step 9: Update docs
 
-* Edit [README.md](https://github.com/StackExchange/dnscontrol): Add the provider to the bullet list.
-* Edit [documentation/providers.md](https://github.com/StackExchange/dnscontrol/blob/master/documentation/providers.md): Add the provider to the provider list.
-* Edit [documentation/SUMMARY.md](https://github.com/StackExchange/dnscontrol/blob/master/documentation/SUMMARY.md): Add the provider to the provider list.
+* Edit `README.md`: Add the provider to the bullet list.
+* Edit `documentation/providers.md`: Add the provider to the provider list.
+* Edit `documentation/SUMMARY.md`: Add the provider to the provider list.
 * Create `documentation/providers/PROVIDERNAME.md`: Use one of the other files in that directory as a base.
-* Edit [OWNERS](https://github.com/StackExchange/dnscontrol/blob/master/OWNERS): Add the directory name and your GitHub username.
+* Edit `OWNERS`: Add the directory name and your GitHub username.
 
 ## Step 10: Submit a PR
 

From 0c7004825329e47221d5ec9e3020c06e1bacc46a Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 6 Dec 2023 22:22:02 +0100
Subject: [PATCH 059/438] DOCS: Removed the Zoo cross-platform environment
 variables package (#2693)

---
 documentation/integration-tests.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/integration-tests.md b/documentation/integration-tests.md
index af81388071..a0c7baee98 100644
--- a/documentation/integration-tests.md
+++ b/documentation/integration-tests.md
@@ -13,7 +13,7 @@ For each step, it will run the config once and expect changes. It will run it ag
 ## Running a test
 
 1. The integration tests need a test domain to run on. All the records of this domain will be deleted!
-2. Define all environment variables expected for the provider you wish to run. I setup a local `.env` file with the appropriate values and use [zoo](https://github.com/jsonmaur/zoo) to run my commands.
+2. Define all environment variables expected for the provider you wish to run.
 3. run `cd integrationTest && go test -v -provider $NAME` where $NAME is the name of the provider you wish to run.
 
 Example:

From 377193926c293fa7b95dfd56dc83aebf641b1a1e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 6 Dec 2023 16:23:18 -0500
Subject: [PATCH 060/438] CHORE: Clarify TXT string limits (#2691)

---
 pkg/rejectif/txt.go                    | 12 ++++++++++++
 providers/cscglobal/auditrecords.go    |  2 --
 providers/digitalocean/auditrecords.go |  4 ----
 providers/loopia/auditrecords.go       | 16 ++--------------
 providers/msdns/auditrecords.go        |  2 +-
 5 files changed, 15 insertions(+), 21 deletions(-)

diff --git a/pkg/rejectif/txt.go b/pkg/rejectif/txt.go
index f9b8427e94..2503f158fc 100644
--- a/pkg/rejectif/txt.go
+++ b/pkg/rejectif/txt.go
@@ -73,3 +73,15 @@ func TxtLongerThan255(rc *models.RecordConfig) error {
 	}
 	return nil
 }
+
+// TxtLongerThan returns a function that audits TXT records for length
+// greater than maxLength.
+func TxtLongerThan(maxLength int) func(rc *models.RecordConfig) error {
+	return func(rc *models.RecordConfig) error {
+		m := maxLength
+		if len(rc.GetTargetTXTJoined()) > m {
+			return fmt.Errorf("TXT records longer than %d octets (chars)", m)
+		}
+		return nil
+	}
+}
diff --git a/providers/cscglobal/auditrecords.go b/providers/cscglobal/auditrecords.go
index 87ad6f3380..5cfee5a280 100644
--- a/providers/cscglobal/auditrecords.go
+++ b/providers/cscglobal/auditrecords.go
@@ -21,8 +21,6 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-12-03
 
-	//a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2022-06-10
-
 	return a.Audit(records)
 }
 
diff --git a/providers/digitalocean/auditrecords.go b/providers/digitalocean/auditrecords.go
index a6e9eff829..01e7f50013 100644
--- a/providers/digitalocean/auditrecords.go
+++ b/providers/digitalocean/auditrecords.go
@@ -21,10 +21,6 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-11-11
 
-	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2021-03-01
-	// Double-quotes not permitted in TXT strings. I have a hunch that
-	// this is due to a broken parser on the DO side.
-
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-11-11
 
 	return a.Audit(records)
diff --git a/providers/loopia/auditrecords.go b/providers/loopia/auditrecords.go
index d9d8cb2d5f..e8137f0637 100644
--- a/providers/loopia/auditrecords.go
+++ b/providers/loopia/auditrecords.go
@@ -1,8 +1,6 @@
 package loopia
 
 import (
-	"fmt"
-
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
 )
@@ -15,20 +13,10 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-03-10: Loopia returns 404
 
-	//Loopias TXT length limit appears to be 450 octets
-	a.Add("TXT", TxtHasSegmentLen450orLonger)
+	// Loopias TXT length limit appears to be 450 octets
+	a.Add("TXT", rejectif.TxtLongerThan(450)) // Last verified 2023-03-10
 
 	a.Add("MX", rejectif.MxNull) // Last verified 2023-03-23
 
 	return a.Audit(records)
 }
-
-// TxtHasSegmentLen450orLonger audits TXT records for strings that are >450 octets.
-func TxtHasSegmentLen450orLonger(rc *models.RecordConfig) error {
-	for _, txt := range rc.GetTargetTXTSegmented() {
-		if len(txt) > 450 {
-			return fmt.Errorf("%q txtstring length > 450", rc.GetLabel())
-		}
-	}
-	return nil
-}
diff --git a/providers/msdns/auditrecords.go b/providers/msdns/auditrecords.go
index 8694ffcae9..f3fe4fa3dd 100644
--- a/providers/msdns/auditrecords.go
+++ b/providers/msdns/auditrecords.go
@@ -19,7 +19,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-02-02
 
-	a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2023-02-02
+	a.Add("TXT", rejectif.TxtLongerThan(255)) // Last verified 2023-02-02
 
 	a.Add("TXT", rejectif.TxtHasSingleQuotes) // Last verified 2023-02-02
 

From 3b6643b12d0172d959a2cb4899778c02494044e5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 6 Dec 2023 17:29:55 -0500
Subject: [PATCH 061/438] AZURE_PRIVATE_DNS: Rename module to conform to Go
 styleguide (#2697)

---
 OWNERS                                                          | 2 +-
 documentation/providers.md                                      | 1 +
 providers/_all/all.go                                           | 2 +-
 .../{azure_private_dns => azureprivatedns}/auditrecords.go      | 2 +-
 .../azurePrivateDnsProvider.go                                  | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)
 rename providers/{azure_private_dns => azureprivatedns}/auditrecords.go (94%)
 rename providers/{azure_private_dns => azureprivatedns}/azurePrivateDnsProvider.go (99%)

diff --git a/OWNERS b/OWNERS
index 7c34732a41..a436984258 100644
--- a/OWNERS
+++ b/OWNERS
@@ -2,7 +2,7 @@ providers/akamaiedgedns @svernick
 providers/autodns @arnoschoon
 providers/axfrddns @hnrgrgr
 providers/azuredns @vatsalyagoel
-providers/azure_private_dns @matthewmgamble
+providers/azureprivatedns @matthewmgamble
 providers/bind @tlimoncelli
 providers/cloudflare @tresni
 providers/cloudns @pragmaton
diff --git a/documentation/providers.md b/documentation/providers.md
index e65109c0c8..917baab155 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -18,6 +18,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
 | [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ✅ |
 | [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/_all/all.go b/providers/_all/all.go
index e1b450afa9..48be689e94 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -6,8 +6,8 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/akamaiedgedns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/autodns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/axfrddns"
-	_ "github.com/StackExchange/dnscontrol/v4/providers/azure_private_dns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/azuredns"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/azureprivatedns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/bind"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudflare"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudns"
diff --git a/providers/azure_private_dns/auditrecords.go b/providers/azureprivatedns/auditrecords.go
similarity index 94%
rename from providers/azure_private_dns/auditrecords.go
rename to providers/azureprivatedns/auditrecords.go
index 6c478a955d..cea8335b2a 100644
--- a/providers/azure_private_dns/auditrecords.go
+++ b/providers/azureprivatedns/auditrecords.go
@@ -1,4 +1,4 @@
-package azure_private_dns
+package azureprivatedns
 
 import (
 	"github.com/StackExchange/dnscontrol/v4/models"
diff --git a/providers/azure_private_dns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
similarity index 99%
rename from providers/azure_private_dns/azurePrivateDnsProvider.go
rename to providers/azureprivatedns/azurePrivateDnsProvider.go
index c798532dae..a6484a4405 100644
--- a/providers/azure_private_dns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -1,4 +1,4 @@
-package azure_private_dns
+package azureprivatedns
 
 import (
 	"context"

From cd371c114924377e13a7a0d809ce7459eafca4f7 Mon Sep 17 00:00:00 2001
From: Gert Van Gool <gertvangool@gmail.com>
Date: Fri, 8 Dec 2023 08:58:24 -0800
Subject: [PATCH 062/438] INWX: support MxNull records (#2700)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/inwx/auditrecords.go |  2 --
 providers/inwx/inwxProvider.go | 12 ++++++++++--
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/providers/inwx/auditrecords.go b/providers/inwx/auditrecords.go
index fb15d2e71b..64dff42e24 100644
--- a/providers/inwx/auditrecords.go
+++ b/providers/inwx/auditrecords.go
@@ -11,8 +11,6 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("MX", rejectif.MxNull) // Last verified 2020-12-28
-
 	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2020-12-28
 
 	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2021-03-01
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index c511d85b6a..f615d80829 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -180,7 +180,11 @@ func makeNameserverRecordRequest(domain string, rec *models.RecordConfig) *goinw
 		req.Content = content[:len(content)-1]
 	case "MX":
 		req.Priority = int(rec.MxPreference)
-		req.Content = content[:len(content)-1]
+		if content == "." {
+			req.Content = content
+		} else {
+			req.Content = content[:len(content)-1]
+		}
 	case "SRV":
 		req.Priority = int(rec.SrvPriority)
 		req.Content = fmt.Sprintf("%d %d %v", rec.SrvWeight, rec.SrvPort, content[:len(content)-1])
@@ -305,7 +309,11 @@ func (api *inwxAPI) GetZoneRecords(domain string, meta map[string]string) (model
 			"PTR":   true,
 		}
 		if rtypeAddDot[record.Type] {
-			record.Content = record.Content + "."
+			if record.Type == "MX" && record.Content == "." {
+				// null records don't need to be modified
+			} else {
+				record.Content = record.Content + "."
+			}
 		}
 
 		rc := &models.RecordConfig{

From e917568addf8ca64b55e439f90717d9bf8a56a3d Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 10 Dec 2023 16:26:41 +0100
Subject: [PATCH 063/438] CICD: Removed the old Travis configurations (#2707)

---
 .travis.yml                |  21 ------
 build/validate/validate.go | 130 -------------------------------------
 2 files changed, 151 deletions(-)
 delete mode 100644 .travis.yml
 delete mode 100644 build/validate/validate.go

diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index ec3b1fec7c..0000000000
--- a/.travis.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-language: go
-
-go:
-  - 1.14.x
-
-install: pwd
-
-script: 
-  - go run -mod=readonly build/validate/validate.go
-  - go test -mod=readonly ./...
-
-notifications:
-  email:
-    on_success: never # default: change
-    on_failure: always # default: always
-  webhooks:
-    urls:
-      - https://webhooks.gitter.im/e/4f27a4a85d6f4475be19
-    on_success: always  
-    on_failure: always
-    on_start: always     
diff --git a/build/validate/validate.go b/build/validate/validate.go
deleted file mode 100644
index de90ef68ac..0000000000
--- a/build/validate/validate.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package main
-
-import (
-	"context"
-	"crypto/aes"
-	"crypto/cipher"
-	"encoding/base64"
-	"fmt"
-	"os"
-	"os/exec"
-	"strings"
-
-	"github.com/google/go-github/v35/github"
-	"golang.org/x/oauth2"
-)
-
-func main() {
-	failed := false
-
-	run := func(ctx string, preStatus string, goodStatus string, f func() error) {
-		setStatus(stPending, preStatus, ctx)
-		if err := f(); err != nil {
-			fmt.Println(err)
-			setStatus(stError, err.Error(), ctx)
-			failed = true
-		} else {
-			setStatus(stSuccess, goodStatus, ctx)
-		}
-	}
-
-	run("gofmt", "Checking gofmt", "gofmt ok", checkGoFmt)
-	run("gogen", "Checking go generate", "go generate ok", checkGoGenerate)
-	if failed {
-		os.Exit(1)
-	}
-}
-
-func checkGoFmt() error {
-	cmd := exec.Command("gofmt", "-s", "-l", ".")
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return err
-	}
-	if len(out) == 0 {
-		return nil
-	}
-	files := strings.Split(string(out), "\n")
-	fList := ""
-	for _, f := range files {
-		if strings.HasPrefix(f, "vendor") {
-			continue
-		}
-		if fList != "" {
-			fList += "\n"
-		}
-		fList += f
-	}
-	if fList == "" {
-		return nil
-	}
-	return fmt.Errorf("the following files need to have gofmt run on them:\n%s", fList)
-}
-
-func checkGoGenerate() error {
-	cmd := exec.Command("go", "generate")
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	err := cmd.Run()
-	if err != nil {
-		return err
-	}
-	modified, err := getModifiedFiles()
-	if err != nil {
-		return err
-	}
-	if len(modified) != 0 {
-		return fmt.Errorf("ERROR: The following files are modified after go generate:\n%s", strings.Join(modified, "\n"))
-	}
-	return nil
-}
-
-func getModifiedFiles() ([]string, error) {
-	cmd := exec.Command("git", strings.Split("diff --name-only", " ")...)
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return nil, err
-	}
-	if len(out) == 0 {
-		return nil, nil
-	}
-	return strings.Split(string(out), "\n"), nil
-}
-
-const (
-	stPending = "pending"
-	stSuccess = "success"
-	stError   = "error"
-)
-
-func setStatus(status string, desc string, ctx string) {
-	if commitish == "" || ctx == "" {
-		return
-	}
-	client.Repositories.CreateStatus(context.Background(), "StackExchange", "dnscontrol", commitish, &github.RepoStatus{
-		Context:     &ctx,
-		Description: &desc,
-		State:       &status,
-	})
-}
-
-var client *github.Client
-var commitish string
-
-func init() {
-	// not intended for security, just minimal obfuscation.
-	key, _ := base64.StdEncoding.DecodeString("qIOy76aRcXcxm3vb82tvZqW6JoYnpncgVKx7qej1y+4=")
-	iv, _ := base64.StdEncoding.DecodeString("okRtW8z6Mx04Y9yMk1cb5w==")
-	garb, _ := base64.StdEncoding.DecodeString("ut8AtS6re1g7m/onk0ciIq7OxNOdZ/tsQ5ay6OfxKcARnBGY0bQ+pA==")
-	c, _ := aes.NewCipher(key)
-	d := cipher.NewCFBDecrypter(c, iv)
-	t := make([]byte, len(garb))
-	d.XORKeyStream(t, garb)
-	hc := oauth2.NewClient(context.Background(), oauth2.StaticTokenSource(&oauth2.Token{AccessToken: string(t)}))
-	client = github.NewClient(hc)
-
-	// get current version if in travis build
-	if tc := os.Getenv("TRAVIS_COMMIT"); tc != "" {
-		commitish = tc
-	}
-}

From 11f072b887ba67a73fcd33e360422e3d6fbc3bad Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 10 Dec 2023 16:27:24 +0100
Subject: [PATCH 064/438] CICD: Removed the old Chocolatey configuration
 (#2706)

---
 dnscontrol.nuspec | 23 -----------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 dnscontrol.nuspec

diff --git a/dnscontrol.nuspec b/dnscontrol.nuspec
deleted file mode 100644
index 015533866c..0000000000
--- a/dnscontrol.nuspec
+++ /dev/null
@@ -1,23 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-
-<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
-  <metadata>
-    <id>dnscontrol</id>
-    <version>0.0.0</version>
-    <title>DnsControl</title>
-    <authors>Stack Overflow</authors>
-    <projectUrl>https://github.com/stackexchange/dnscontrol</projectUrl>
-    <copyright>2020</copyright>
-    <licenseUrl>https://github.com/StackExchange/dnscontrol/blob/master/LICENSE</licenseUrl>
-    <requireLicenseAcceptance>true</requireLicenseAcceptance>
-    <projectSourceUrl>https://github.com/stackexchange/dnscontrol</projectSourceUrl>
-    <docsUrl>https://docs.dnscontrol.org/</docsUrl>
-    <tags>dns</tags>
-    <summary>Synchronize your DNS to multiple providers from a simple DSL</summary>
-    <description>This package simply installs the dnscontrol tool on your system</description>
-  </metadata>
-  <files>
-    <file src="dnscontrol.exe" target="tools" />
-    <!--Building from Linux? You may need this instead: <file src="tools/**" target="tools" />-->
-  </files>
-</package>

From 99e3f9f0468cd81280f22f42adc4a7816b5e48d9 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 10 Dec 2023 16:27:57 +0100
Subject: [PATCH 065/438] CICD: Removed the old Azure Pipelines configurations
 (#2705)

---
 azure-pipelines.yml                   |  70 ---------------
 build/azure-pipelines/choco.yaml      |  19 ----
 build/azure-pipelines/go-env.yaml     |   6 --
 build/azure-pipelines/integration.yml | 121 --------------------------
 4 files changed, 216 deletions(-)
 delete mode 100644 azure-pipelines.yml
 delete mode 100644 build/azure-pipelines/choco.yaml
 delete mode 100644 build/azure-pipelines/go-env.yaml
 delete mode 100644 build/azure-pipelines/integration.yml

diff --git a/azure-pipelines.yml b/azure-pipelines.yml
deleted file mode 100644
index 9ca9132c8b..0000000000
--- a/azure-pipelines.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-trigger:
-  batch: "true"
-  branches:
-    include:
-    - master
-
-jobs:
-
-- job: Compile
-  strategy:
-    maxParallel: 3
-    matrix: 
-      Windows:
-        OS: windows
-      OSX:
-        OS: darwin
-      Linux:
-        OS: linux
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: "go run -mod=readonly build/build.go -os $(OS)"
-
-- job: "unittests"
-  displayName: "Run Unit Tests"
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: "go test -mod=readonly ./..."
-
-- job: "modtidy"
-  displayName: "Check Go Modules"
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: |
-      set -e
-      go mod tidy
-      git status --porcelain
-      git diff
-      [ ! -n "$(git status --porcelain go.mod go.sum)" ] || { echo "Error: go.mod/go.sum outdated, please run go mod tidy."; false; }
-
-- job: "modvendor"
-  displayName: "Check Go Vendor"
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: |
-      set -e
-      go mod vendor
-      git status --porcelain
-      [ ! -n "$(git status --porcelain vendor)" ] || { echo "Error: Vendor does not match go.mod/go.sum, please run go mod vendor."; false; }
-
-- job: "GoFmt"
-  displayName: "Check Go Formatting"
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: |
-      set -e
-      go fmt ./...
-      git status --porcelain
-      git diff
-      [ ! -n "$(git status --porcelain)" ] || { echo "Error: Go files not formatted, please run go fmt ./... ."; false; }
-
-- job: "GoGen"
-  displayName: "Check Go Generate"
-  steps:
-  - template: build/azure-pipelines/go-env.yaml
-  - script: |
-      set -e
-      go generate .
-      git status --porcelain
-      git diff
-      [ ! -n "$(git status --porcelain)" ] || { echo "Error: Generated files not up to date, please run go generate . ."; false; }
diff --git a/build/azure-pipelines/choco.yaml b/build/azure-pipelines/choco.yaml
deleted file mode 100644
index aa912913de..0000000000
--- a/build/azure-pipelines/choco.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Starter pipeline
-# Start with a minimal pipeline that you can customize to build and deploy your code.
-# Add steps that build, run tests, deploy, and more:
-# https://aka.ms/yaml
-
-trigger:
-- master
-
-pool:
-  vmImage: 'ubuntu-latest'
-
-steps:
-- script: echo Hello, world!
-  displayName: 'Run a one-line script'
-
-- script: |
-    echo Add other tasks to build, test, and deploy your project.
-    echo See https://aka.ms/yaml
-  displayName: 'Run a multi-line script'
diff --git a/build/azure-pipelines/go-env.yaml b/build/azure-pipelines/go-env.yaml
deleted file mode 100644
index 9d2f56c441..0000000000
--- a/build/azure-pipelines/go-env.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
-# shared step for setting up go env
-# see https://docs.microsoft.com/en-us/azure/devops/pipelines/languages/go?view=azure-devops#build-a-container-image
-steps:
-- task: GoTool@0
-  inputs:
-    version: '1.16'
diff --git a/build/azure-pipelines/integration.yml b/build/azure-pipelines/integration.yml
deleted file mode 100644
index c75efe39c9..0000000000
--- a/build/azure-pipelines/integration.yml
+++ /dev/null
@@ -1,121 +0,0 @@
-variables:
-  wd: '$(System.DefaultWorkingDirectory)/integrationTest'
-
-trigger:
-  batch: "true"
-  branches:
-    include:
-    - pipeline
-
-# Each provider gets its' own job. These will run in parallel.
-# each job gets setup with only the env vars it needs for that run.
-# these are defined in azure pipelines web ui as secret variables.
-
-jobs:
-
-- job: Route53
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider ROUTE53
-    workingDirectory: $(wd)
-    env:
-      R53_DOMAIN: $(R53_DOMAIN)
-      R53_KEY_ID: $(R53_KEY_ID)
-      R53_KEY: $(R53_KEY)
-
-- job: GCloud
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider GCLOUD
-    workingDirectory: $(wd)
-    env:
-      GCLOUD_DOMAIN: $(GCLOUD_DOMAIN)
-      GCLOUD_TYPE: $(GCLOUD_TYPE)
-      GCLOUD_EMAIL: $(GCLOUD_EMAIL)
-      GCLOUD_PROJECT: $(GCLOUD_PROJECT)
-      GCLOUD_PRIVATEKEY: $(GCLOUD_PRIVATEKEY)
-
-- job: NameDotCom
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider NAMEDOTCOM
-    workingDirectory: $(wd)
-    env:
-      NAMEDOTCOM_DOMAIN: $(NAMEDOTCOM_DOMAIN)
-      NAMEDOTCOM_KEY: $(NAMEDOTCOM_KEY)
-      NAMEDOTCOM_USER: $(NAMEDOTCOM_USER)
-
-- job: Cloudflare
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -timeout 30m -verbose -provider CLOUDFLAREAPI
-    workingDirectory: $(wd)
-    env:
-      CF_TOKEN: $(CF_TOKEN)
-
-- job: DigitalOcean
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider DIGITALOCEAN
-    workingDirectory: $(wd)
-    env:
-      DO_DOMAIN: $(DO_DOMAIN)
-      DO_TOKEN: $(DO_TOKEN)
-
-- job: GandiV5
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider GANDI_V5
-    workingDirectory: $(wd)
-    env:
-      GANDI_KEY: $(GANDI_V5_APIKEY)
-      GANDI_DOMAIN: $(GANDI_V5_DOMAIN)
-
-# - job: GandiLive
-#   steps:
-#   - template: go-env.yaml
-#   - script: go test -v -verbose -provider GANDI-LIVEDNS
-#     workingDirectory: $(wd)
-#     env:
-#       GANDILIVE_KEY: $(GANDILIVE_KEY)
-#       GANDILIVE_DOMAIN: $(GANDILIVE_DOMAIN)
-
-# - job: NS1
-#   steps:
-#   - template: go-env.yaml
-#   - script: go test -v -verbose -provider NS1
-#     workingDirectory: $(wd)
-#     env:
-#       NS1_TOKEN: $(NS1_TOKEN)
-#       NS1_DOMAIN: $(NS1_DOMAIN)
-
-- job: DNSIMPLE
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider DNSIMPLE
-    workingDirectory: $(wd)
-    env:
-      DNSIMPLE_TOKEN: $(DNSIMPLE_TOKEN)
-      DNSIMPLE_DOMAIN: $(DNSIMPLE_DOMAIN)
-
-- job: Vultr
-  steps:
-  - template: go-env.yaml
-  - script: go test -v -verbose -provider VULTR
-    workingDirectory: $(wd)
-    env:
-      VULTR_DOMAIN: $(VULTR_DOMAIN)
-      VULTR_TOKEN: $(VULTR_TOKEN)
-
-- job: Azure
-  steps:
-    - template: go-env.yaml
-    - script: go test -v -verbose -provider AZURE_DNS
-      workingDirectory: $(wd)
-      env:
-        AZURE_CLIENT_ID: $(AZ_CLIENTID)
-        AZURE_CLIENT_SECRET: $(AZ_CLIENTSECRET)
-        AZURE_DOMAIN: $(AZ_DOMAIN)
-        AZURE_RESOURCE_GROUP: $(AZ_RSGNAME)
-        AZURE_SUBSCRIPTION_ID: $(AZ_SUBSCRIPTIONID)
-        AZURE_TENANT_ID: $(AZ_TENANTID)

From a6091f2ed4aa73bec6608dbb0174d06ff70083a4 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Sun, 10 Dec 2023 16:29:09 +0100
Subject: [PATCH 066/438] BUG: Register an error if EnzureZoneExists fails
 (#2703)

---
 commands/previewPush.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/commands/previewPush.go b/commands/previewPush.go
index 7ac4cce809..ebeff28cdc 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -211,6 +211,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 						// this is the actual push, ensure domain exists at DSP
 						if err := creator.EnsureZoneExists(domain.Name); err != nil {
 							out.Warnf("Error creating domain: %s\n", err)
+							anyErrors = true
 							continue // continue with next provider, as we couldn't create this one
 						}
 					}

From 8f1b33ae17a6f1f776a1e3213f4f691445345fcf Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 10 Dec 2023 16:34:24 +0100
Subject: [PATCH 067/438] CICD: GoReleaser generates TypeScript file (#2704)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .gitignore                     |    1 +
 .goreleaser.yml                |    4 +-
 commands/types/dnscontrol.d.ts | 2991 --------------------------------
 3 files changed, 4 insertions(+), 2992 deletions(-)
 delete mode 100644 commands/types/dnscontrol.d.ts

diff --git a/.gitignore b/.gitignore
index 84b1e05b47..70089b4c2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 /tmp
+/commands/types/dnscontrol.d.ts
 dnscontrol-Darwin
 dnscontrol-Linux
 dnscontrol.exe
diff --git a/.goreleaser.yml b/.goreleaser.yml
index dc77e4f7da..ca667aa4ba 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -21,7 +21,9 @@ builds:
       - -linkmode=internal -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
 before:
   hooks:
-  - go mod tidy
+    - go fmt ./...
+    - go mod tidy
+    - go generate ./...
 changelog:
   sort: asc
   use: github
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
deleted file mode 100644
index a850f30275..0000000000
--- a/commands/types/dnscontrol.d.ts
+++ /dev/null
@@ -1,2991 +0,0 @@
-// WARNING: These type definitions are experimental and subject to change in future releases.
-
-interface Domain {
-    name: string;
-    subdomain: string;
-    registrar: unknown;
-    meta: Record<string, unknown>;
-    records: DNSRecord[];
-    dnsProviders: Record<string, unknown>;
-    defaultTTL: number;
-    nameservers: unknown[];
-    ignored_names: unknown[];
-    ignored_targets: unknown[];
-    [key: string]: unknown;
-}
-
-interface DNSRecord {
-    type: string;
-    meta: Record<string, unknown>;
-    ttl: number;
-}
-
-type DomainModifier =
-    | ((domain: Domain) => void)
-    | Partial<Domain>
-    | DomainModifier[];
-
-type RecordModifier =
-    | ((record: DNSRecord) => void)
-    | Partial<DNSRecord['meta']>;
-
-type Duration =
-    | `${number}${'s' | 'm' | 'h' | 'd' | 'w' | 'n' | 'y' | ''}`
-    | number /* seconds */;
-
-
-/**
- * `FETCH` is a wrapper for the [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API). This allows dynamically setting DNS records based on an external data source, e.g. the API of your cloud provider.
- *
- * Compared to `fetch` from Fetch API, `FETCH` will call [PANIC](PANIC.md) to terminate the execution of the script, and therefore DNSControl, if a network error occurs.
- *
- * Otherwise the syntax of `FETCH` is the same as `fetch`.
- *
- * `FETCH` is not enabled by default. Please read the warnings below.
- *
- * > WARNING:
- * >
- * > 1. Relying on external sources adds a point of failure. If the external source doesn't work, your script won't either. Please make sure you are aware of the consequences.
- * > 2. Make sure DNSControl only uses verified configuration if you want to use `FETCH`. For example, an attacker can send Pull Requests to your config repo, and have your CI test malicious configurations and make arbitrary HTTP requests. Therefore, `FETCH` must be explicitly enabled with flag `--allow-fetch` on DNSControl invocation.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), [
- *   A("@", "1.2.3.4"),
- * ]);
- *
- * FETCH("https://example.com", {
- *   // All three options below are optional
- *   headers: {"X-Authentication": "barfoo"},
- *   method: "POST",
- *   body: "Hello World",
- * }).then(function(r) {
- *   return r.text();
- * }).then(function(t) {
- *   // Example of generating record based on response
- *   D_EXTEND("example.com", [
- *     TXT("@", t.slice(0, 100)),
- *   ]);
- * });
- * ```
- */
-declare function FETCH(
-    url: string,
-    init?: {
-        method?:
-            | 'GET'
-            | 'POST'
-            | 'PUT'
-            | 'PATCH'
-            | 'DELETE'
-            | 'HEAD'
-            | 'OPTIONS';
-        headers?: { [key: string]: string | string[] };
-        // Ignored by the underlying code
-        // redirect: 'follow' | 'error' | 'manual';
-        body?: string;
-    }
-): Promise<FetchResponse>;
-
-interface FetchResponse {
-    readonly bodyUsed: boolean;
-    readonly headers: ResponseHeaders;
-    readonly ok: boolean;
-    readonly status: number;
-    readonly statusText: string;
-    readonly type: string;
-
-    text(): Promise<string>;
-    json(): Promise<any>;
-}
-
-interface ResponseHeaders {
-    get(name: string): string | undefined;
-    getAll(name: string): string[];
-    has(name: string): boolean;
-
-    append(name: string, value: string): void;
-    delete(name: string): void;
-    set(name: string, value: string): void;
-}
-
-
-declare function require(name: `${string}.json`): any;
-declare function require(name: string): true;
-
-/**
- * Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
- *
- * CAA record is supported only by BIND, Google Cloud DNS, Amazon Route 53 and OVH. Some certificate authorities may not support this record until the mandatory date of September 2017.
- */
-declare const CAA_CRITICAL: RecordModifier;
-
-/**
- * @deprecated
- * This disables a safety check intended to prevent:
- * 1. Two owners toggling a record between two settings.
- * 2. The other owner wiping all records at this label, which won't
- * be noticed until the next time dnscontrol is run.
- * See https://github.com/StackExchange/dnscontrol/issues/1106
- */
-declare const IGNORE_NAME_DISABLE_SAFETY_CHECK: RecordModifier;
-
-// Cloudflare aliases:
-
-/** Proxy disabled. */
-declare const CF_PROXY_OFF: RecordModifier;
-/** Proxy enabled. */
-declare const CF_PROXY_ON: RecordModifier;
-/** Proxy+Railgun enabled. */
-declare const CF_PROXY_FULL: RecordModifier;
-
-/** Proxy default off for entire domain (the default) */
-declare const CF_PROXY_DEFAULT_OFF: DomainModifier;
-/** Proxy default on for entire domain */
-declare const CF_PROXY_DEFAULT_ON: DomainModifier;
-/** UniversalSSL off for entire domain */
-declare const CF_UNIVERSALSSL_OFF: DomainModifier;
-/** UniversalSSL on for entire domain */
-declare const CF_UNIVERSALSSL_ON: DomainModifier;
-
-/**
- * Set default values for CLI variables. See: https://dnscontrol.org/cli-variables
- */
-declare function CLI_DEFAULTS(vars: Record<string, unknown>): void;
-
-/**
- * `END` permits the last item to include a comma.
- *
- * ```js
- * D("foo.com", ...
- *    A(...),
- *    A(...),
- *    A(...),
- * END)
- * ```
- */
-declare const END: DomainModifier & RecordModifier;
-
-/**
- * Permit labels like `"foo.bar.com.bar.com"` (normally an error)
- *
- * ```js
- * D("bar.com", ...
- *     A("foo.bar.com", "10.1.1.1", DISABLE_REPEATED_DOMAIN_CHECK),
- * )
- * ```
- */
-declare const DISABLE_REPEATED_DOMAIN_CHECK: RecordModifier;
-
-
-/**
- * A adds an A record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
- *
- * The address should be an ip address, either a string, or a numeric value obtained via [IP](../global/IP.md).
- *
- * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@", "1.2.3.4"),
- *   A("foo", "2.3.4.5"),
- *   A("test.foo", IP("1.2.3.4"), TTL(5000)),
- *   A("*", "1.2.3.4", {foo: 42})
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/a
- */
-declare function A(name: string, address: string | number, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * AAAA adds an AAAA record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
- *
- * The address should be an IPv6 address as a string.
- *
- * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
- *
- * ```javascript
- * var addrV6 = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   AAAA("@", addrV6),
- *   AAAA("foo", addrV6),
- *   AAAA("test.foo", addrV6, TTL(5000)),
- *   AAAA("*", addrV6, {foo: 42})
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/aaaa
- */
-declare function AAAA(name: string, address: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * AKAMAICDN is a proprietary record type that is used to configure [Zone Apex Mapping](https://blogs.akamai.com/2019/08/fast-dns-zone-apex-mapping-dnssec.html).
- * The AKAMAICDN target must be preconfigured in the Akamai network.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/akamai-edge-dns/akamaicdn
- */
-declare function AKAMAICDN(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * ALIAS is a virtual record type that points a record at another record. It is analogous to a CNAME, but is usually resolved at request-time and served as an A record. Unlike CNAMEs, ALIAS records can be used at the zone apex (`@`)
- *
- * Different providers handle ALIAS records differently, and many do not support it at all. Attempting to use ALIAS records with a DNS provider type that does not support them will result in an error.
- *
- * The name should be the relative label for the domain.
- *
- * Target should be a string representing the target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   ALIAS("@", "google.com."), // example.com -> google.com
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/alias
- */
-declare function ALIAS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC. It takes no
- * parameters.
- *
- * See `AUTODNSSEC_ON` for further details.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/autodnssec_off
- */
-declare const AUTODNSSEC_OFF: DomainModifier;
-
-/**
- * AUTODNSSEC_ON tells the provider to enable AutoDNSSEC.
- *
- * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC.
- *
- * AutoDNSSEC is a feature where a DNS provider can automatically manage
- * DNSSEC for a domain. Not all providers support this.
- *
- * At this time, AUTODNSSEC_ON takes no parameters.  There is no ability
- * to tune what the DNS provider sets, no algorithm choice.  We simply
- * ask that they follow their defaults when enabling a no-fuss DNSSEC
- * data model.
- *
- * NOTE: No parenthesis should follow these keywords.  That is, the
- * correct syntax is `AUTODNSSEC_ON` not `AUTODNSSEC_ON()`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
- *   A("@", "10.1.1.1")
- * );
- *
- * D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
- *   A("@", "10.2.2.2")
- * );
- * ```
- *
- * If neither `AUTODNSSEC_ON` or `AUTODNSSEC_OFF` is specified for a
- * domain no changes will be requested.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/autodnssec_on
- */
-declare const AUTODNSSEC_ON: DomainModifier;
-
-/**
- * AZURE_ALIAS is a Azure specific virtual record type that points a record at either another record or an Azure entity.
- * It is analogous to a CNAME, but is usually resolved at request-time and served as an A record.
- * Unlike CNAMEs, ALIAS records can be used at the zone apex (`@`)
- *
- * Unlike the regular ALIAS directive, AZURE_ALIAS is only supported on AZURE.
- * Attempting to use AZURE_ALIAS on another provider than Azure will result in an error.
- *
- * The name should be the relative label for the domain.
- *
- * The type can be any of the following:
- * * A
- * * AAAA
- * * CNAME
- *
- * Target should be the Azure Id representing the target. It starts `/subscription/`. The resource id can be found in https://resources.azure.com/.
- *
- * The Target can :
- *
- * * Point to a public IP resource from a DNS `A/AAAA` record set.
- * You can create an A/AAAA record set and make it an alias record set to point to a public IP resource (standard or basic).
- * The DNS record set changes automatically if the public IP address changes or is deleted.
- * Dangling DNS records that point to incorrect IP addresses are avoided.
- * There is a current limit of 20 alias records sets per resource.
- * * Point to a Traffic Manager profile from a DNS `A/AAAA/CNAME` record set.
- * You can create an A/AAAA or CNAME record set and use alias records to point it to a Traffic Manager profile.
- * It's especially useful when you need to route traffic at a zone apex, as traditional CNAME records aren't supported for a zone apex.
- * For example, say your Traffic Manager profile is myprofile.trafficmanager.net and your business DNS zone is contoso.com.
- * You can create an alias record set of type A/AAAA for contoso.com (the zone apex) and point to myprofile.trafficmanager.net.
- * * Point to an Azure Content Delivery Network (CDN) endpoint.
- * This is useful when you create static websites using Azure storage and Azure CDN.
- * * Point to another DNS record set within the same zone.
- * Alias records can reference other record sets of the same type.
- * For example, a DNS CNAME record set can be an alias to another CNAME record set.
- * This arrangement is useful if you want some record sets to be aliases and some non-aliases.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
- *   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
- *   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/azure-dns/azure_alias
- */
-declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `CAA()` adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
- *
- * Tag can be one of
- * 1. `"issue"`
- * 2. `"issuewild"`
- * 3. `"iodef"`
- *
- * Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`.
- *
- * Flags are controlled by modifier:
- * - `CAA_CRITICAL`: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Allow letsencrypt to issue certificate for this domain
- *   CAA("@", "issue", "letsencrypt.org"),
- *   // Allow no CA to issue wildcard certificate for this domain
- *   CAA("@", "issuewild", ";"),
- *   // Report all violation to test@example.com. If CA does not support
- *   // this record then refuse to issue any certificate
- *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * );
- * ```
- *
- * DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa
- */
-declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * DNSControl contains a `CAA_BUILDER` which can be used to simply create
- * [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
- * individually, you can simply configure your report mail address, the
- * authorized certificate authorities and the builder cares about the rest.
- *
- * ## Example
- *
- * For example you can use:
- *
- * ```javascript
- * CAA_BUILDER({
- *   label: "@",
- *   iodef: "mailto:test@example.com",
- *   iodef_critical: true,
- *   issue: [
- *     "letsencrypt.org",
- *     "comodoca.com",
- *   ],
- *   issuewild: "none",
- * })
- * ```
- *
- * The parameters are:
- *
- * * `label:` The label of the CAA record. (Optional. Default: `"@"`)
- * * `iodef:` Report all violation to configured mail address.
- * * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
- * * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
- * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
- *
- * `CAA_BUILDER()` returns multiple records (when configured as example above):
- *
- * ```javascript
- * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * CAA("@", "issue", "letsencrypt.org")
- * CAA("@", "issue", "comodoca.com")
- * CAA("@", "issuewild", ";")
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
- */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): DomainModifier;
-
-/**
- * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
- * generate a HTTP 301 permanent redirect.
- *
- * If _any_ `CF_REDIRECT` or [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) functions are used then
- * `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
- * Page Rule types other than "Forwarding URL” will be left alone.
- *
- * WARNING: Cloudflare does not currently fully document the Page Rules API and
- * this interface is not extensively tested. Take precautions such as making
- * backups and manually verifying `dnscontrol preview` output before running
- * `dnscontrol push`. This is especially true when mixing Page Rules that are
- * managed by DNSControl and those that aren't.
- *
- * HTTP 301 redirects are cached by browsers forever, usually ignoring any TTLs or
- * other cache invalidation techniques. It should be used with great care. We
- * suggest using a `CF_TEMP_REDIRECT` initially, then changing to a `CF_REDIRECT`
- * only after sufficient time has elapsed to prove this is what you really want.
- *
- * This example redirects the bare (aka apex, or naked) domain to www:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_redirect
- */
-declare function CF_REDIRECT(source: string, destination: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
- * Rules) to generate a HTTP 302 temporary redirect.
- *
- * If _any_ [`CF_REDIRECT`](CF_REDIRECT.md) or `CF_TEMP_REDIRECT` functions are used then
- * `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
- * Page Rule types other than "Forwarding URL” will be left alone.
- *
- * WARNING: Cloudflare does not currently fully document the Page Rules API and
- * this interface is not extensively tested. Take precautions such as making
- * backups and manually verifying `dnscontrol preview` output before running
- * `dnscontrol push`. This is especially true when mixing Page Rules that are
- * managed by DNSControl and those that aren't.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_temp_redirect
- */
-declare function CF_TEMP_REDIRECT(source: string, destination: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `CF_WORKER_ROUTE` uses the [Cloudflare Workers](https://developers.cloudflare.com/workers/)
- * API to manage [worker routes](https://developers.cloudflare.com/workers/platform/routes)
- * for a given domain.
- *
- * If _any_ `CF_WORKER_ROUTE` function is used then `dnscontrol` will manage _all_
- * Worker Routes for the domain. To be clear: this means it will delete existing routes that
- * were created outside of DNSControl.
- *
- * WARNING: This interface is not extensively tested. Take precautions such as making
- * backups and manually verifying `dnscontrol preview` output before running
- * `dnscontrol push`.
- *
- * This example assigns the patterns `api.example.com/*` and `example.com/api/*` to a `my-worker` script:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
- *     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_worker_route
- */
-declare function CF_WORKER_ROUTE(pattern: string, script: string): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudns/cloudns_wr
- */
-declare function CLOUDNS_WR(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * CNAME adds a CNAME record to the domain. The name should be the relative label for the domain.
- * Using `@` or `*` for CNAME records is not recommended, as different providers support them differently.
- *
- * Target should be a string representing the CNAME target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   CNAME("foo", "google.com."), // foo.example.com -> google.com
- *   CNAME("abc", "@"), // abc.example.com -> example.com
- *   CNAME("def", "test"), // def.example.com -> test.example.com
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/cname
- */
-declare function CNAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
- * name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
- * add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
- *
- * Modifier arguments are processed according to type as follows:
- *
- * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
- * - An object argument will be merged into the domain's metadata collection.
- * - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
- *    be used like a macro in multiple domains.
- *
- * ```javascript
- * // simple domain
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4"),
- *   CNAME("test", "foo.example2.com.")
- * );
- *
- * // "macro" for records that can be mixed into any zone
- * var GOOGLE_APPS_DOMAIN_MX = [
- *     MX("@", 1, "aspmx.l.google.com."),
- *     MX("@", 5, "alt1.aspmx.l.google.com."),
- *     MX("@", 5, "alt2.aspmx.l.google.com."),
- *     MX("@", 10, "alt3.aspmx.l.google.com."),
- *     MX("@", 10, "alt4.aspmx.l.google.com."),
- * ]
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4"),
- *   CNAME("test", "foo.example2.com."),
- *   GOOGLE_APPS_DOMAIN_MX
- * );
- * ```
- *
- * # Split Horizon DNS
- *
- * DNSControl supports Split Horizon DNS. Simply
- * define the domain two or more times, each with
- * their own unique parameters.
- *
- * To differentiate the different domains, specify the domains as
- * `domain.tld!tag`, such as `example.com!inside` and
- * `example.com!outside`.
- *
- * ```javascript
- * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
- * var DNS_INSIDE = NewDnsProvider("Cloudflare");
- * var DNS_OUTSIDE = NewDnsProvider("bind");
- *
- * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
- *   A("www", "10.10.10.10")
- * );
- *
- * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
- *   A("www", "20.20.20.20")
- * );
- *
- * D_EXTEND("example.com!inside",
- *   A("internal", "10.99.99.99")
- * );
- * ```
- *
- * A domain name without a `!` is assigned a tag that is the empty
- * string. For example, `example.com` and `example.com!` are equivalent.
- * However, we strongly recommend against using the empty tag, as it
- * risks creating confusion.  In other words, if you have `domain.tld`
- * and `domain.tld!external` you now require humans to remember that
- * `domain.tld` is the external one.  I mean... the internal one.  You
- * may have noticed this mistake, but will your coworkers?  Will you in
- * six months? You get the idea.
- *
- * DNSControl command line flag `--domains` matches the full name (with the "!").  If you
- * define domains `example.com!george` and `example.com!john` then:
- *
- * * `--domains=example.com` will not match either domain.
- * * `--domains='example.com!george'` will match only match the first.
- * * `--domains='example.com!george",example.com!john` will match both.
- *
- * NOTE: The quotes are required if your shell treats `!` as a special
- * character, which is probably does.  If you see an error that mentions
- * `event not found` you probably forgot the quotes.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d
- */
-declare function D(name: string, registrar: string, ...modifiers: DomainModifier[]): void;
-
-/**
- * `DEFAULTS` allows you to declare a set of default arguments to apply to all subsequent domains. Subsequent calls to [`D`](D.md) will have these
- * arguments passed as if they were the first modifiers in the argument list.
- *
- * ## Example
- *
- * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
- * The domain `example.com` will have the defaults set.
- *
- * ```javascript
- * var COMMON = NewDnsProvider("foo");
- * DEFAULTS(
- *   DnsProvider(COMMON, 0),
- *   DefaultTTL("1d")
- * );
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * If you want to clear the defaults, you can do the following.
- * The domain `example2.com` will **not** have the defaults set.
- *
- * ```javascript
- * DEFAULTS();
- *
- * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
- */
-declare function DEFAULTS(...modifiers: DomainModifier[]): void;
-
-/**
- * `DISABLE_IGNORE_SAFETY_CHECK()` disables the safety check. Normally it is an
- * error to insert records that match an `IGNORE()` pattern. This disables that
- * safety check for the entire domain.
- *
- * It replaces the per-record `IGNORE_NAME_DISABLE_SAFETY_CHECK()` which is
- * deprecated as of DNSControl v4.0.0.0.
- *
- * See [`IGNORE()`](../domain/IGNORE.md) for more information.
- *
- * ## Syntax
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     DISABLE_IGNORE_SAFETY_CHECK,
- *     ...
- *     TXT("myhost", "mytext"),
- *     IGNORE("myhost", "*", "*"),
- *     ...
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/disable_ignore_safety_check
- */
-declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
-
-/**
- * DNSControl contains a `DMARC_BUILDER` which can be used to simply create
- * DMARC policies for your domains.
- *
- * ## Example
- *
- * ### Simple example
- *
- * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- * })
- * ```
- *
- * This yield the following record:
- *
- * ```text
- * @   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
- * ```
- *
- * ### Advanced example
- *
- * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   subdomainPolicy: "quarantine",
- *   percent: 50,
- *   alignmentSPF: "r",
- *   alignmentDKIM: "strict",
- *   rua: [
- *     "mailto:mailauth-reports@example.com",
- *     "https://dmarc.example.com/submit",
- *   ],
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: "1",
- *   reportInterval: "1h",
- * });
- * ```
- *
- * ```javascript
- * DMARC_BUILDER({
- *   label: "insecure",
- *   policy: "none",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: {
- *       SPF: false,
- *       DKIM: true,
- *   },
- * });
- * ```
- *
- * This yields the following records:
- *
- * ```text
- * @           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
- * insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
- * ```
- *
- * ### Parameters
- *
- * * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
- * * `version:` The DMARC version to be used (default: `DMARC1`)
- * * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"`
- * * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional)
- * * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`)
- * * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`)
- * * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
- * * `rua:` Array of aggregate report targets (optional)
- * * `ruf:` Array of failure report targets (optional)
- * * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`)
- * * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`)
- * * `reportInterval:` Interval in which reports are requested (`ri=`)
- * * `ttl:` Input for `TTL` method (optional)
- *
- * ### Caveats
- *
- * * TXT records are automatically split using `AUTOSPLIT`.
- * * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dmarc_builder
- */
-declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): DomainModifier;
-
-/**
- * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
- * a domain's zones are managed elsewhere. That is, it permits you easily delegate
- * a domain to a hard-coded list of DNS servers.
- *
- * `DOMAIN_ELSEWHERE` is useful when you control a domain's registrar but not the
- * DNS servers. For example, suppose you own a domain but the DNS servers are run
- * by someone else, perhaps a SaaS product you've subscribed to or a DNS server
- * that is run by your brother-in-law who doesn't trust you with the API keys that
- * would let you maintain the domain using DNSControl. You need an easy way to
- * point (delegate) the domain at a specific list of DNS servers.
- *
- * For example these two statements are equivalent:
- *
- * ```javascript
- * DOMAIN_ELSEWHERE("example.com", REG_MY_PROVIDER, ["ns1.foo.com", "ns2.foo.com"]);
- * ```
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     NO_PURGE,
- *     NAMESERVER("ns1.foo.com"),
- *     NAMESERVER("ns2.foo.com")
- * );
- * ```
- *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
- * `DnsProvider()` statements exist, no updates would be performed.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere
- */
-declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_names: string[]): void;
-
-/**
- * `DOMAIN_ELSEWHERE_AUTO()` is similar to `DOMAIN_ELSEWHERE()` but instead of
- * a hardcoded list of nameservers, a DnsProvider() is queried.
- *
- * `DOMAIN_ELSEWHERE_AUTO` is useful when you control a domain's registrar but the
- * DNS zones are managed by another system. Luckily you have enough access to that
- * other system that you can query it to determine the zone's nameservers.
- *
- * For example, suppose you own a domain but the DNS servers for it are in Azure.
- * Further suppose that something in Azure maintains the zones (automatic or
- * human). Azure picks the nameservers for the domains automatically, and that
- * list may change occasionally.  `DOMAIN_ELSEWHERE_AUTO` allows you to easily
- * query Azure to determine the domain's delegations so that you do not need to
- * hard-code them in your dnsconfig.js file.
- *
- * For example these two statements are equivalent:
- *
- * ```javascript
- * DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
- * ```
- *
- * ```javascript
- * D("example.com", REG_NAMEDOTCOM,
- *     NO_PURGE,
- *     DnsProvider(DSP_AZURE)
- * );
- * ```
- *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
- */
-declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
-
-/**
- * DS adds a DS record to the domain.
- *
- * Key Tag should be a number.
- *
- * Algorithm should be a number.
- *
- * Digest Type must be a number.
- *
- * Digest must be a string.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DS("example.com", 2371, 13, 2, "ABCDEF")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ds
- */
-declare function DS(name: string, keytag: number, algorithm: number, digesttype: number, digest: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `D_EXTEND` adds records (and metadata) to a domain previously defined
- * by [`D()`](D.md). It can also be used to add subdomain records (and metadata)
- * to a previously defined domain.
- *
- * The first argument is a domain name. If it exactly matches a
- * previously defined domain, `D_EXTEND()` behaves the same as [`D()`](D.md),
- * simply adding records as if they had been specified in the original
- * [`D()`](D.md).
- *
- * If the domain name does not match an existing domain, but could be a
- * (non-delegated) subdomain of an existing domain, the new records (and
- * metadata) are added with the subdomain part appended to all record
- * names (labels), and targets (as appropriate). See the examples below.
- *
- * Matching the domain name to previously-defined domains is done using a
- * `longest match` algorithm.  If `domain.tld` and `sub.domain.tld` are
- * defined as separate domains via separate [`D()`](D.md) statements, then
- * `D_EXTEND("sub.sub.domain.tld", ...)` would match `sub.domain.tld`,
- * not `domain.tld`.
- *
- * Some operators only act on an apex domain (e.g.
- * [`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
- * in a `D_EXTEND` subdomain may not be what you expect.
- *
- * ```javascript
- * D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
- *   A("@", "127.0.0.1"), // domain.tld
- *   A("www", "127.0.0.2"), // www.domain.tld
- *   CNAME("a", "b") // a.domain.tld -> b.domain.tld
- * );
- * D_EXTEND("domain.tld",
- *   A("aaa", "127.0.0.3"), // aaa.domain.tld
- *   CNAME("c", "d") // c.domain.tld -> d.domain.tld
- * );
- * D_EXTEND("sub.domain.tld",
- *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
- *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
- *   CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
- * );
- * D_EXTEND("sub.sub.domain.tld",
- *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
- *   CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
- * );
- * D_EXTEND("sub.domain.tld",
- *   A("@", "127.0.0.7"), // sub.domain.tld
- *   CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
- * );
- * ```
- *
- * This will end up in the following modifications: (This output assumes the `--full` flag)
- *
- * ```text
- * ******************** Domain: domain.tld
- * ----- Getting nameservers from: cloudflare
- * ----- DNS Provider: cloudflare...7 corrections
- * #1: CREATE A aaa.domain.tld 127.0.0.3
- * #2: CREATE A bbb.sub.domain.tld 127.0.0.4
- * #3: CREATE A ccc.sub.domain.tld 127.0.0.5
- * #4: CREATE A ddd.sub.sub.domain.tld 127.0.0.6
- * #5: CREATE A sub.domain.tld 127.0.0.7
- * #6: CREATE A www.domain.tld 127.0.0.2
- * #7: CREATE A domain.tld 127.0.0.1
- * #8: CREATE CNAME a.domain.tld b.domain.tld.
- * #9: CREATE CNAME c.domain.tld d.domain.tld.
- * #10: CREATE CNAME e.sub.domain.tld f.sub.domain.tld.
- * #11: CREATE CNAME g.sub.sub.domain.tld h.sub.sub.domain.tld.
- * #12: CREATE CNAME i.sub.domain.tld j.sub.domain.tld.
- * ```
- *
- * ProTips: `D_EXTEND()` permits you to create very complex and
- * sophisticated configurations, but you shouldn't. Be nice to the next
- * person that edits the file, who may not be as expert as yourself.
- * Enhance readability by putting any `D_EXTEND()` statements immediately
- * after the original [`D()`](D.md), like in above example.  Avoid the temptation
- * to obscure the addition of records to existing domains with randomly
- * placed `D_EXTEND()` statements. Don't build up a domain using loops of
- * `D_EXTEND()` statements. You'll be glad you didn't.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d_extend
- */
-declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
-
-/**
- * DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
- * the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../global/DEFAULTS.md) to override the internal defaults.
- *
- * NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain/NAMESERVER_TTL.md) to set a default TTL for all NS records.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DefaultTTL("4h"),
- *   A("@","1.2.3.4"), // uses default
- *   A("foo", "2.3.4.5", TTL(600)) // overrides default
- * );
- * ```
- *
- * The DefaultTTL duration is the same format as [`TTL`](../record/TTL.md), an integer number of seconds
- * or a string with a unit such as `"4d"`.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/defaultttl
- */
-declare function DefaultTTL(ttl: Duration): DomainModifier;
-
-/**
- * DnsProvider indicates that the specified provider should be used to manage
- * records for this domain. The name must match the name used with [NewDnsProvider](../global/NewDnsProvider.md).
- *
- * The nsCount parameter determines how the nameservers will be managed from this provider.
- *
- * Leaving the parameter out means "fetch and use all nameservers from this provider as authoritative". ie: `DnsProvider("name")`
- *
- * Using `0` for nsCount means "do not fetch nameservers from this domain, or give them to the registrar".
- *
- * Using a different number, ie: `DnsProvider("name",2)`, means "fetch all nameservers from this provider,
- * but limit it to this many.
- *
- * See [this page](../../nameservers.md) for a detailed explanation of how DNSControl handles nameservers and NS records.
- *
- * If a domain (`D()`) does not include any `DnsProvider()` functions,
- * the DNS records will not be modified. In fact, if you want to control
- * the Registrar for a domain but not the DNS records themselves, simply
- * do not include a `DnsProvider()` function for that `D()`.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dnsprovider
- */
-declare function DnsProvider(name: string, nsCount?: number): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/frame
- */
-declare function FRAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `IGNORE()` makes it possible for DNSControl to share management of a domain
- * with an external system.  The parameters of `IGNORE()` indicate which records
- * are managed elsewhere and should not be modified or deleted.
- *
- * Use case: Suppose a domain is managed by both DNSControl and a third-party
- * system. This creates a problem because DNSControl will try to delete records
- * inserted by the other system.  The other system may get confused and re-insert
- * those records.  The two systems will get into an endless update cycle where
- * each will revert changes made by the other in an endless loop.
- *
- * To solve this problem simply include `IGNORE()` statements that identify which
- * records are managed elsewhere.  DNSControl will not modify or delete those
- * records.
- *
- * Technically `IGNORE_NAME` is a promise that DNSControl will not modify or
- * delete existing records that match particular patterns. It is like
- * [`NO_PURGE`](../domain/NO_PURGE.md) that matches only specific records.
- *
- * Including a record that is ignored is considered an error and may have
- * undefined behavior. This safety check can be disabled using the
- * [`DISABLE_IGNORE_SAFETY_CHECK`](../domain/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
- *
- * ## Syntax
- *
- * The `IGNORE()` function can be used with up to 3 parameters:
- *
- * ```javascript
- * IGNORE(labelSpec, typeSpec, targetSpec):
- * IGNORE(labelSpec, typeSpec):
- * IGNORE(labelSpec):
- * ```
- *
- * * `labelSpec` is a glob that matches the DNS label. For example `"foo"` or `"foo*"`.  `"*"` matches all labels, as does the empty string (`""`).
- * * `typeSpec` is a comma-separated list of DNS types.  For example `"A"` matches DNS A records, `"A,CNAME"` matches both A and CNAME records. `"*"` matches any DNS type, as does the empty string (`""`).
- * * `targetSpec` is a glob that matches the DNS target. For example `"foo"` or `"foo*"`.  `"*"` matches all targets, as does the empty string (`""`).
- *
- * `typeSpec` and `targetSpec` default to `"*"` if they are omitted.
- *
- * ## Globs
- *
- * The `labelSpec` and `targetSpec` parameters supports glob patterns in the style
- * of the [gobwas/glob](https://github.com/gobwas/glob) library.  All of the
- * following patterns will work:
- *
- * * `IGNORE("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double subdomain, such as `foo.bar.foo`.
- * * `IGNORE("**.foo")` will ignore all subdomains of `foo`, including double subdomains.
- * * `IGNORE("?oo")` will ignore all records of three symbols ending in `oo`, for example `foo` and `zoo`. It will not match `.`
- * * `IGNORE("[abc]oo")` will ignore records `aoo`, `boo` and `coo`. `IGNORE("[a-c]oo")` is equivalent.
- * * `IGNORE("[!abc]oo")` will ignore all three symbol records ending in `oo`, except for `aoo`, `boo`, `coo`.        `IGNORE("[!a-c]oo")` is equivalent.
- * * `IGNORE("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`.
- * * `IGNORE("\\*.foo")` will ignore the literal record `*.foo`.
- *
- * ## Typical Usage
- *
- * General examples:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   IGNORE("foo"), // matches any records on foo.example.com
- *   IGNORE("baz", "A"), // matches any A records on label baz.example.com
- *   IGNORE("*", "MX", "*"), // matches all MX records
- *   IGNORE("*", "CNAME", "dev-*"), // matches CNAMEs with targets prefixed `dev-*`
- *   IGNORE("bar", "A,MX"), // ignore only A and MX records for name bar
- *   IGNORE("*", "*", "dev-*"), // Ignore targets with a `dev-` prefix
- *   IGNORE("*", "A", "1\.2\.3\."), // Ignore targets in the 1.2.3.0/24 CIDR block
- * END);
- * ```
- *
- * Ignore Let's Encrypt (ACME) validation records:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   IGNORE("_acme-challenge", "TXT"),
- *   IGNORE("_acme-challenge.**", "TXT"),
- * END);
- * ```
- *
- * Ignore DNS records typically inserted by Microsoft ActiveDirectory:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   IGNORE("_gc", "SRV"), // General Catalog
- *   IGNORE("_gc.**", "SRV"), // General Catalog
- *   IGNORE("_kerberos", "SRV"), // Kerb5 server
- *   IGNORE("_kerberos.**", "SRV"), // Kerb5 server
- *   IGNORE("_kpasswd", "SRV"), // Kpassword
- *   IGNORE("_kpasswd.**", "SRV"), // Kpassword
- *   IGNORE("_ldap", "SRV"), // LDAP
- *   IGNORE("_ldap.**", "SRV"), // LDAP
- *   IGNORE("_msdcs", "NS"), // Microsoft Domain Controller Service
- *   IGNORE("_msdcs.**", "NS"), // Microsoft Domain Controller Service
- *   IGNORE("_vlmcs", "SRV"), // FQDN of the KMS host
- *   IGNORE("_vlmcs.**", "SRV"), // FQDN of the KMS host
- *   IGNORE("domaindnszones", "A"),
- *   IGNORE("domaindnszones.**", "A"),
- *   IGNORE("forestdnszones", "A"),
- *   IGNORE("forestdnszones.**", "A"),
- * END);
- * ```
- *
- * ## Detailed examples
- *
- * Here are some examples that illustrate how matching works.
- *
- * All the examples assume the following DNS records are the "existing" records
- * that a third-party is maintaining. (Don't be confused by the fact that we're
- * using DNSControl notation for the records. Pretend some other system inserted them.)
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     A("@", "151.101.1.69"),
- *     A("www", "151.101.1.69"),
- *     A("foo", "1.1.1.1"),
- *     A("bar", "2.2.2.2"),
- *     CNAME("cshort", "www"),
- *     CNAME("cfull", "www.plts.org."),
- *     CNAME("cfull2", "www.bar.plts.org."),
- *     CNAME("cfull3", "bar.www.plts.org."),
- * END);
- *
- * D_EXTEND("more.example.com",
- *     A("foo", "1.1.1.1"),
- *     A("bar", "2.2.2.2"),
- *     CNAME("mshort", "www"),
- *     CNAME("mfull", "www.plts.org."),
- *     CNAME("mfull2", "www.bar.plts.org."),
- *     CNAME("mfull3", "bar.www.plts.org."),
- * END);
- * ```
- *
- * ```javascript
- *     IGNORE("@", "", ""),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
- *     //    foo.more.example.com. A 1.1.1.1
- * ```
- *
- * ```javascript
- *     IGNORE("example.com.", "", ""),
- *     // Would match:
- *     //    nothing
- * ```
- *
- * ```javascript
- *     IGNORE("foo", "", ""),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
- * ```
- *
- * ```javascript
- *     IGNORE("foo.**", "", ""),
- *     // Would match:
- *     //    foo.more.example.com. A 1.1.1.1
- * ```
- *
- * ```javascript
- *     IGNORE("www", "", ""),
- *     // Would match:
- *     //    www.example.com. A 174.136.107.196
- * ```
- *
- * ```javascript
- *     IGNORE("www.*", "", ""),
- *     // Would match:
- *     //    nothing
- * ```
- *
- * ```javascript
- *     IGNORE("www.example.com", "", ""),
- *     // Would match:
- *     //    nothing
- * ```
- *
- * ```javascript
- *     IGNORE("www.example.com.", "", ""),
- *     // Would match:
- *     //    none
- * ```
- *
- * ```javascript
- *     //IGNORE("", "", "1.1.1.*"),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
- *     //    foo.more.example.com. A 1.1.1.1
- * ```
- *
- * ```javascript
- *     //IGNORE("", "", "www"),
- *     // Would match:
- *     //    none
- * ```
- *
- * ```javascript
- *     IGNORE("", "", "*bar*"),
- *     // Would match:
- *     //    cfull2.example.com. CNAME www.bar.plts.org.
- *     //    cfull3.example.com. CNAME bar.www.plts.org.
- *     //    mfull2.more.example.com. CNAME www.bar.plts.org.
- *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
- * ```
- *
- * ```javascript
- *     IGNORE("", "", "bar.**"),
- *     // Would match:
- *     //    cfull3.example.com. CNAME bar.www.plts.org.
- *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
- * ```
- *
- * ## Conflict handling
- *
- * It is considered as an error for a `dnsconfig.js` to both ignore and insert the
- * same record in a domain. This is done as a safety mechanism.
- *
- * This will generate an error:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     ...
- *     TXT("myhost", "mytext"),
- *     IGNORE("myhost", "*", "*"),  // Error!  Ignoring an item we inserted
- *     ...
- * ```
- *
- * To disable this safety check, add the `DISABLE_IGNORE_SAFETY_CHECK` statement
- * to the `D()`.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     DISABLE_IGNORE_SAFETY_CHECK,
- *     ...
- *     TXT("myhost", "mytext"),
- *     IGNORE("myhost", "*", "*"),
- *     ...
- * ```
- *
- * FYI: Previously DNSControl permitted disabling this check on
- * a per-record basis using `IGNORE_NAME_DISABLE_SAFETY_CHECK`:
- *
- * The `IGNORE_NAME_DISABLE_SAFETY_CHECK` feature does not exist in the diff2
- * world and its use will result in a validation error. Use the above example
- * instead.
- *
- * ```javascript
- *     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
- *     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
- * ```
- *
- * ## Caveats
- *
- * WARNING: Two systems updating the same domain is complex.  Complex things are risky. Use `IGNORE()`
- * as a last resort. Even then, test extensively.
- *
- * * There is no locking.  If the external system and DNSControl make updates at the exact same time, the results are undefined.
- * * IGNORE` works fine with records inserted into a `D()` via `D_EXTEND()`. The matching is done on the resulting FQDN of the label or target.
- * * `targetSpec` does not match fields other than the primary target.  For example, `MX` records have a target hostname plus a priority. There is no way to match the priority.
- * * The BIND provider can not ignore records it doesn't know about.  If it does not have access to an existing zonefile, it will create a zonefile from scratch. That new zonefile will not have any external records.  It will seem like they were not ignored, but in reality BIND didn't have visibility to them so that they could be ignored.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore
- */
-declare function IGNORE(labelSpec: string, typeSpec?: string, targetSpec?: string): DomainModifier;
-
-/**
- * `IGNORE_NAME(a)` is the same as `IGNORE(a, "*", "*")`.
- *
- * `IGNORE_NAME(a, b)` is the same as `IGNORE(a, b, "*")`.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_name
- */
-declare function IGNORE_NAME(pattern: string, rTypes?: string): DomainModifier;
-
-/**
- * `IGNORE_TARGET_NAME(target)` is the same as `IGNORE("*", "*", target)`.
- *
- * `IGNORE_TARGET_NAME(target, rtype)` is the same as `IGNORE("*", rtype, target)`.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_target
- */
-declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;
-
-/**
- * Includes all records from a given domain
- *
- * ```javascript
- * D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("test", "8.8.8.8")
- * );
- *
- * D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   INCLUDE("example.com!external"),
- *   A("home", "127.0.0.1")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/include
- */
-declare function INCLUDE(domain: string): DomainModifier;
-
-/**
- * Converts an IPv4 address from string to an integer. This allows performing mathematical operations with the IP address.
- *
- * ```javascript
- * var addrA = IP("1.2.3.4")
- * var addrB = addrA + 1
- * // addrB = 1.2.3.5
- * ```
- *
- * NOTE: `IP()` does not accept IPv6 addresses (PRs gladly accepted!). IPv6 addresses are simply strings:
- *
- * ```javascript
- * // IPv4 Var
- * var addrA1 = IP("1.2.3.4");
- * var addrA2 = "1.2.3.4";
- *
- * // IPv6 Var
- * var addrAAAA = "0:0:0:0:0:0:0:0";
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/ip
- */
-declare function IP(ip: string): number;
-
-/**
- * The parameter number types are as follows:
- *
- * ```
- * name: string
- * target: string
- * deg1: uint32
- * min1: uint32
- * sec1: float32
- * deg2: uint32
- * min2: uint32
- * sec2: float32
- * altitude: uint32
- * size: float32
- * horizontal_precision: float32
- * vertical_precision: float32
- * ```
- *
- * ## Description ##
- *
- * Strictly follows [RFC 1876](https://datatracker.ietf.org/doc/html/rfc1876).
- *
- * A LOC record holds a geographical position. In the zone file, it may look like:
- *
- * ```text
- * ;
- * pipex.net.                    LOC   52 14 05 N 00 08 50 E 10m
- * ```
- *
- * On the wire, it is in a binary format.
- *
- * A use case for LOC is suggested in the RFC:
- *
- * > Some uses for the LOC RR have already been suggested, including the
- *    USENET backbone flow maps, a "visual traceroute" application showing
- *    the geographical path of an IP packet, and network management
- *    applications that could use LOC RRs to generate a map of hosts and
- *    routers being managed.
- *
- * There is the UK based [https://find.me.uk](https://find.me.uk/) whereby you can do:
- *
- * ```sh
- * dig loc <uk-postcode>.find.me.uk
- * ```
- *
- * There are some behaviours that you should be aware of, however:
- *
- * > If omitted, minutes and seconds default to zero, size defaults to 1m,
- *    horizontal precision defaults to 10000m, and vertical precision
- *    defaults to 10m.  These defaults are chosen to represent typical
- *    ZIP/postal code area sizes, since it is often easy to find
- *    approximate geographical location by ZIP/postal code.
- *
- * Alas, the world does not revolve around US ZIP codes, but here we are. Internally,
- * the LOC record type will supply defaults where values were absent on DNS import.
- * One must supply the `LOC()` js helper all parameters. If that seems like too
- * much work, see also helper functions:
- *
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * ## Format ##
- *
- * The coordinate format for `LOC()` is:
- *
- * `degrees,minutes,seconds,[NnSs],deg,min,sec,[EeWw],altitude,size,horizontal_precision,vertical_precision`
- *
- * ## Examples ##
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
- *   //42 21 54     N  71 06  18     W -24m 30m
- *   , LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0)
- *   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
- *   , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10)
- *   //52 14 05     N  00 08  50     E 10m
- *   , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0)
- *   //32  7 19     S 116  2  25     E 10m
- *   , LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0)
- *   //42 21 28.764 N  71 00  51.617 W -44m 2000m
- *   , LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0)
- * );
- *
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc
- */
-declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min2: number, sec2: number, altitude: number, size: number, horizontal_precision: number, vertical_precision: number): DomainModifier;
-
-/**
- * `LOC_BUILDER_DD({})` actually takes an object with the following properties:
- *
- *   - label (optional, defaults to `@`)
- *   - x (float32)
- *   - y (float32)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
- *
- * Examples.
- *
- * Big Ben:
- * `51.50084265331501, -0.12462541415599787`
- *
- * The White House:
- * `38.89775977858357, -77.03655125982903`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     LOC_BUILDER_DD({
- *     label: "big-ben",
- *     x: 51.50084265331501,
- *     y: -0.12462541415599787,
- *     alt: 6,
- *   })
- *   , LOC_BUILDER_DD({
- *     label: "white-house",
- *     x: 38.89775977858357,
- *     y: -77.03655125982903,
- *     alt: 19,
- *   })
- *   , LOC_BUILDER_DD({
- *     label: "white-house-ttl",
- *     x: 38.89775977858357,
- *     y: -77.03655125982903,
- *     alt: 19,
- *     ttl: "5m",
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dd
- */
-declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): DomainModifier;
-
-/**
- * `LOC_BUILDER_DMM({})` actually takes an object with the following properties:
- *
- *   - label (string, optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
- *
- * Note that the following are acceptable forms (symbols differ):
- * * `25.24°S 153.15°E`
- * * `25.24 S 153.15 E`
- * * `25.24° S 153.15° E`
- * * `25.24S 153.15E`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   LOC_BUILDER_STR({
- *     label: "tasmania",
- *     str: "42°S 147°E",
- *     alt: 3,
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dmm_str
- */
-declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
-
-/**
- * `LOC_BUILDER_DMS_STR({})` actually takes an object with the following properties:
- *
- *   - label (string, optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
- *
- * Note that the following are acceptable forms (symbols differ):
- * * `33°51′31″S 151°12′51″E`
- * * `33°51'31"S 151°12'51"E`
- * * `33d51m31sS 151d12m51sE`
- * * `33d51m31s S 151d12m51s E`
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   LOC_BUILDER_DMS_STR({
- *     label: "sydney-opera-house",
- *     str: "33°51′31″S 151°12′51″E",
- *     alt: 4,
- *     ttl: "5m",
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dms_str
- */
-declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
-
-/**
- * `LOC_BUILDER_STR({})` actually takes an object with the following: properties.
- *
- *   - label (optional, defaults to `@`)
- *   - str (string)
- *   - alt (float32, optional)
- *   - ttl (optional)
- *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
- *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
- *
- * Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   , LOC_BUILDER_STR({
- *     label: "old-faithful",
- *     str: "44.46046°N 110.82815°W",
- *     alt: 2240,
- *   })
- *   , LOC_BUILDER_STR({
- *     label: "ribblehead-viaduct",
- *     str: "54.210436°N 2.370231°W",
- *     alt: 300,
- *   })
- *   , LOC_BUILDER_STR({
- *     label: "guinness-brewery",
- *     str: "53°20′40″N 6°17′20″W",
- *     alt: 300,
- *   })
- * );
- *
- * ```
- *
- * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_str
- */
-declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
-
-/**
- * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
- *
- * It defaults to a setup without support for legacy Skype for Business applications.
- * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
- *
- * ## Example
- *
- * ### Simple example
- *
- * ```javascript
- * M365_BUILDER({
- *     initialDomain: "example.onmicrosoft.com",
- * });
- * ```
- *
- * This sets up `MX` records, Autodiscover, and DKIM.
- *
- * ### Advanced example
- *
- * ```javascript
- * M365_BUILDER({
- *     label: "test",
- *     mx: false,
- *     autodiscover: false,
- *     dkim: false,
- *     mdm: true,
- *     domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
- *     initialDomain: "example.onmicrosoft.com",
- * });
- * ```
- *
- * This sets up Mobile Device Management only.
- *
- * ### Parameters
- *
- * * `label` The label of the Microsoft 365 domain, useful if it is a subdomain (default: `"@"`)
- * * `mx` Set an `MX` record? (default: `true`)
- * * `autodiscover` Set Autodiscover `CNAME` record? (default: `true`)
- * * `dkim` Set DKIM `CNAME` records? (default: `true`)
- * * `skypeForBusiness` Set Skype for Business/Microsoft Teams records? (default: `false`)
- * * `mdm` Set Mobile Device Management records? (default: `false`)
- * * `domainGUID` The GUID of _this_ Microsoft 365 domain (default: `<label>.<context>` with `.` replaced by `-`, no default if domain contains dashes)
- * * `initialDomain` The initial domain of your Microsoft 365 tenant/account, ends in `onmicrosoft.com`
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/m365_builder
- */
-declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): DomainModifier;
-
-/**
- * MX adds an MX record to the domain.
- *
- * Priority should be a number.
- *
- * Target should be a string representing the MX target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   MX("@", 5, "mail"), // mx example.com -> mail.example.com
- *   MX("sub", 10, "mail.foo.com.")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/mx
- */
-declare function MX(name: string, priority: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `NAMESERVER()` instructs DNSControl to inform the domain"s registrar where to find this zone.
- * For some registrars this will also add NS records to the zone itself.
- *
- * This takes exactly one argument: the name of the nameserver. It must end with
- * a "." if it is a FQDN, just like all targets.
- *
- * This is different than the [`NS()`](NS.md) function, which inserts NS records
- * in the current zone and accepts a label. [`NS()`](NS.md) is useful for downward
- * delegations. `NAMESERVER()` is for informing upstream delegations.
- *
- * For more information, refer to [this page](../../nameservers.md).
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DnsProvider(route53, 0),
- *   // Replace the nameservers:
- *   NAMESERVER("ns1.myserver.com."),
- *   NAMESERVER("ns2.myserver.com."),
- * );
- *
- * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Add these two additional nameservers to the existing list of nameservers.
- *   NAMESERVER("ns1.myserver.com."),
- *   NAMESERVER("ns2.myserver.com."),
- * );
- * ```
- *
- * # The difference between NS() and NAMESERVER()
- *
- * Nameservers are one of the least
- * understood parts of DNS, so a little extra explanation is required.
- *
- * * [`NS()`](NS.md) lets you add an NS record to a zone, just like [`A()`](A.md) adds an A
- *   record to the zone. This is generally used to delegate a subzone.
- *
- * * The `NAMESERVER()` directive speaks to the Registrar about how the parent should delegate the zone.
- *
- * Since the parent zone could be completely unrelated to the current
- * zone, changes made by `NAMESERVER()` have to be done by an API call to
- * the registrar, who then figures out what to do. For example, if I
- * use `NAMESERVER()` in the zone `stackoverflow.com`, DNSControl talks to
- * the registrar who does the hard work of talking to the people that
- * control `.com`.  If the domain was `gmeet.io`, the registrar does
- * the right thing to talk to the people that control `.io`.
- *
- * (A better name might have been `PARENTNAMESERVER()` but we didn"t
- * think of that at the time.)
- *
- * Each registrar handles delegations differently.  Most use
- * the `NAMESERVER()` targets to update the delegation, adding
- * `NS` records to the parent zone as required.
- * Some providers restrict the names to hosts they control.
- * Others may require you to add the `NS` records to the parent domain
- * manually.
- *
- * # How to prevent changing the parent NS records?
- *
- * If dnsconfig.js has zero `NAMESERVER()` commands for a domain, it will
- * use the API to remove all non-default nameservers.
- *
- * If dnsconfig.js has 1 or more `NAMESERVER()` commands for a domain, it
- * will use the API to add those nameservers (unless, of course,
- * they already exist).
- *
- * So how do you tell DNSControl not to make any changes at all?  Use the
- * special Registrar called "NONE". It makes no changes.
- *
- * It looks like this:
- *
- * ```javascript
- * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
- * D("example.com", REG_THIRDPARTY,
- *   ...
- * )
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver
- */
-declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * NAMESERVER_TTL sets the TTL on the domain apex NS RRs defined by [`NAMESERVER`](NAMESERVER.md).
- *
- * The value can be an integer or a string. See [`TTL`](../record/TTL.md) for examples.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   NAMESERVER_TTL("2d"),
- *   NAMESERVER("ns")
- * );
- * ```
- *
- * Use `NAMESERVER_TTL("3600"),` or `NAMESERVER_TTL("1h"),` for a 1h default TTL for all subsequent `NS` entries:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DefaultTTL("4h"),
- *   NAMESERVER_TTL("3600"),
- *   NAMESERVER("ns1.provider.com."), //inherits NAMESERVER_TTL
- *   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
- *   A("@","1.2.3.4"), // inherits DefaultTTL
- *   A("foo", "2.3.4.5", TTL(600)) // overrides DefaultTTL for this record only
- * );
- * ```
- *
- * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain/DefaultTTL.md)
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver_ttl
- */
-declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
-
-/**
- * ## Introduction
- *
- * NAPTR adds a NAPTR record to the domain. Various formats exist. NAPTR is a part of DDDS such as ENUM (defined by [RFC 6116](https://www.rfc-editor.org/rfc/rfc6116)), SIP ([RFC 3263](https://www.rfc-editor.org/rfc/rfc3263)), S-NAPTR ([RFC 3958](https://www.rfc-editor.org/rfc/rfc3958)) or U-NAPTR ([RFC 4848](https://www.rfc-editor.org/rfc/rfc4848)).
- *
- * ## Parameters
- *
- * ### `subdomain`
- *
- * Subdomain of the domain (e.g. `example.com`) this entry represents.
- *
- * #### E164
- * In the case of E164 (e.g. `3.2.1.5.5.5.0.0.8.1.e164.arpa.`) - where [`terminalflag`](#terminalflag) is `u` - the final digit of the zone it represents, or the zone apex record `@`. For example, the ARPA zone `3.2.1.5.5.5.0.0.8.1.e164.arpa.` represents the phone number block 001800555123*X* (or the synonymous +1800555123*X*), where *X* is the final digit of the phone number string, i.e. the [`subdomain`](#subdomain).
- *
- * ### `order`
- *
- * ordinal (1st, 2nd, 3rd, ...) 16 bit number (2^16 i.e. <= 65535) which determines lower entries are sent first (`1`), and  higher, last (`65535`).
- *
- * ### `preference`
- *
- * 16 bit number (2^16 i.e. <= 65535). At the DNS server, this entry is summed with other entries of identical [`order`](#order) value and normalised to a fraction of 100 percent, determining the likelihood that this record is returned by the DNS system. Effective for load balancing services.
- *
- * ### `terminalflag`
- * (case insensitive)
- *
- * One of [AaSsUuPp], where:
- *  * `a` (terminal lookup) means that the output of the [`target`](#target) rewrite will be a domain-name for which an [`A`](A.md) or [`AAAA`](AAAA.md) record should be queried
- *  * `p` Protocol specific
- *  * `s` (terminal lookup) indicates that [`target`](#target) points to a [`SRV`](SRV.md) record
- *  * `u` (terminal lookup) indicates that [`target`](#target) is a (SIP) URN or URI
- *  * "" (empty string) - a non-terminal condition defined by the ENUM application ([RFC 6116](https://www.rfc-editor.org/rfc/rfc6116)) to indicate that regexp is empty and the replace field contains the FQDN of another NAPTR RR
- *
- * Mutually exclusive; more than one cannot be combined in the same record. Since there is no place for a port specification in the NAPTR record, when the `a` [`terminalflag`](#terminalflag) is used, the specified protocol must be running on its default port (Note that at least SIP URI forms allow ports to be specified).
- *
- * Flags called 'terminal' halt the looping rewrite algorithm of DNS.
- *
- * ### `service`
- * (case insensitive)
- *
- * *`protocol+rs`* where *`protocol`* defines the protocol used by the DDDS application. *`rs`* is the resolution service. There may be 0 or more resolution services each separated by `+`. ENUM further defines this to be a type field and allows a subtype separated by a colon (`:`).
- *
- * For E164, typically one of `E2U+SIP` (or `E2U+sip`) or `E2U+email`. For SIP, typically `SIPS+D2T` for TCP/TLS `sips:` URIs, or TLS `sip:` URIs, or `SIP+D2T` for TCP based SIP, or `SIP+D2U` for UDP based SIP. Note that SCTP, WS and WSS are also available.
- *
- * Valid [IANA registered services for ENUM](https://www.iana.org/assignments/enum-services/enum-services.xhtml#enum-services-1):
- * ```text
- * E2U+pres
- * E2U+voice:tel+sms:tel (compound form)
- * E2U+web:http
- * E2U+sms:mailto
- * E2U+sms:tel
- * E2U+sip
- * E2U+pstn
- * E2U+tel
- * ```
- *
- * Valid [IANA registered SIP services](https://www.iana.org/assignments/sip-table/sip-table.xhtml#sip-table-1):
- *
- * ```text
- * SIP+D2T
- * SIPS+D2T
- * SIP+D2U
- * SIP+D2S
- * SIPS+D2S
- * SIP+D2W
- * SIPS+D2W
- * ```
- *
- * ### `regexp`
- *
- * [Syntax: `delimit ere delimit substitution delimit flag`] an ERE or extended regular expression which captures any address string `.*` found between the line start `^` and finish `$` anchors (i.e. `!^.*$!`), and redirects it to the stated `sip:`, `sips:`, `tel:` or `mailto:` URI. Other URI forms may be possible. Other delimiter (`!`) forms are possible. The final `flag`, if any, shall be `i`, i.e. case **i**nsensitive.
- *
- * Examples (taken from [Zytrax](https://www.zytrax.com/books/dns/ch8/naptr.html#regex-examples)):
- * ```text
- * # AUS = Application User String
- * # all examples use ! as the delimiter for consistency
- * # and simplicity
- * # AUS = +441115551234 in all cases
- *
- * !(\\+441115551234)!tel:\\1!
- * # explicit check of all characters in string
- * # the +441115551234 because of () creates a group
- * # which is referenced by \1 in substitution
- * # result = tel:+441115551234
- *
- * !^(\\+441115551234)$!tel:\\1!
- * # this is functionally identical to the expression
- * # above but uses ^ and $ to anchor both ends of
- * # the expression, there is no technical reason to do this
- * # within an ere and the RFCs are silent on the topic
- * # result = tel:+441115551234
- *
- * !(.+)!tel:\\1!
- * # given the AUS of +441115551234
- * # the expression (.+) sets back ref 1 = +441115551234
- * # . = any character, + = 0 or more times
- * # result = tel:+441115551212
- *
- * !\\+44111(.+)!sip:775\\1@some.example.com!
- * # given the AUS of +441115551234 provides partial replacement
- * # removes the 44111 part and substitutes 775
- * # result = sip:7755551234@some.example.com
- *
- * !.*!sip:james@sip.example.com!
- * # reads and ignores AUS using .*
- * # and is called a simple replacement expression
- * # result = sip:james@sip.example.com
- * ```
- *
- * U-NAPTR supported regexp fields must be of the form (from the RFC):
- *
- * ```text
- * "!.*!<URI>!"
- * # the .* (any character 1 or more times)
- * # is fixed by the RFC and essentially ignores
- * # the AUS data. The result will always be URI
- * ```
- *
- * ### `target`
- *
- * A (replacement) record for the target - format depends on [`terminalflag`](#terminalflag).
- *  * A [`SRV`](SRV.md), if the [`terminalflag`](#terminalflag) is `s` (syntax: *`_Service._Proto.Name`*)
- *  * An [`A`](A.md) or [`AAAA`](AAAA.md) if the [`terminalflag`](#terminalflag) is `a`
- *  * URI if the [`terminalflag`](#terminalflag) is `u`
- *
- * Not all examples are guaranteed to be standards compliant, or correct.
- *
- * ## Examples
- *
- * ### Examples for e164 ARPA:
- *
- * Individual e164 records
- *
- * ```javascript
- * D("3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
- *   NAPTR("1",  10, 10, "u", "E2U+SIP", "!^.*$!sip:bob@example.com!", "."),
- *   NAPTR("2",  10, 10, "u", "E2U+SIP", "!^.*$!sip:alice@example.com!", "."),
- *   NAPTR("4",  10, 10, "u", "E2U+SIP", "!^.*$!sip:kate@example.com!", "."),
- *   NAPTR("5",  10, 10, "u", "E2U+SIP", "!^.*$!sip:steve@example.com!", "."),
- *   NAPTR("6",  10, 10, "u", "E2U+SIP", "!^.*$!sip:joe@example.com!", "."),
- *   NAPTR("7",  10, 10, "u", "E2U+SIP", "!^.*$!sip:jane@example.com!", "."),
- *   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
- *   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
- *   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", ".")
- * );
- * ```
- *
- * Single e164 zone
- * ```javascript
- * D("4.3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
- *   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
- *   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
- *   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", ".")
- * );
- * ```
- *
- * ### Examples for SIP:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   NAPTR("@", 20, 50, "s", "SIPS+D2T", "", "_sips._tcp.example.com."),
- *   NAPTR("@", 20, 50, "s", "SIP+D2T", "", "_sip._tcp.example.com."),
- *   NAPTR("@", 30, 50, "s", "SIP+D2U", "", "_sip._udp.example.com."),
- *   NAPTR("help", 100, 50, "s", "SIP+D2U", "!^.*$!sip:customer-service@example.com!", "_sip._udp.example.com."),
- *   NAPTR("help", 101, 50, "s", "SIP+D2T", "!^.*$!sip:customer-service@example.com!", "_sip._tcp.example.com."),
- *   SRV("_sip._udp", 100, 0, 5060, "sip.example.com."),
- *   SRV("_sip._tcp", 100, 0, 5060, "sip.example.com."),
- *   SRV("_sips._tcp", 100, 0, 5061, "sip.example.com."),
- *   A("sip", "192.0.2.2"),
- *   AAAA("sip", "2001:db8::85a3"),
- *   // and so on
- * );
- * ```
- *
- * ### Other RFC based examples:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   NAPTR("@",100, 50, "a", "z3950+N2L+N2C", "", "cidserver.example.com."),
- *   NAPTR("@", 50, 50, "a", "rcds+N2C", "", "cidserver.example.com."),
- *   NAPTR("@", 30, 50, "s", "http+N2L+N2C+N2R", "", "www.example.com."),
- *   NAPTR("www",100,100, "s", "http+I2R", "", "_http._tcp.example.com."),
- *   NAPTR("www",100,100, "s", "ftp+I2R", "", "_ftp._tcp.example.com."),
- *   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
- *   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
- *   // and so on
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/naptr
- */
-declare function NAPTR(subdomain: string, order: number, preference: number, terminalflag: string, service: string, regexp: string, target: string): DomainModifier;
-
-/**
- * `NO_PURGE` indicates that existing records should not be deleted from a domain.
- * Records will be added and updated, but not removed.
- *
- * Suppose a domain is managed by both DNSControl and a third-party system. This
- * creates a problem because DNSControl will try to delete records inserted by the
- * other system.
- *
- * By setting `NO_PURGE` on a domain, this tells DNSControl not to delete the
- * records found in the domain.
- *
- * It is similar to [`IGNORE`](domain/IGNORE.md) but more general.
- *
- * The original reason for `NO_PURGE` was that a legacy system was adopting
- * DNSControl. Previously the domain was managed via Microsoft DNS Server's GUI.
- * ActiveDirectory was in use, so various records were being inserted behind the
- * scenes.  It was decided to use DNSControl to simply insert a few records.  The
- * `NO_PURGE` setting instructed DNSControl not to delete the existing records.
- *
- * In this example DNSControl will insert "foo.example.com" into the zone, but
- * otherwise leave the zone alone.  Changes to "foo"'s IP address will update the
- * record. Removing the A("foo", ...) record from DNSControl will leave the record
- * in place.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
- *   A("foo","1.2.3.4")
- * );
- * ```
- *
- * The main caveat of `NO_PURGE` is that intentionally deleting records becomes
- * more difficult. Suppose a `NO_PURGE` zone has an record such as A("ken",
- * "1.2.3.4"). Removing the record from dnsconfig.js will not delete "ken" from
- * the domain. DNSControl has no way of knowing the record was deleted from the
- * file  The DNS record must be removed manually.  Users of `NO_PURGE` are prone
- * to finding themselves with an accumulation of orphaned DNS records. That's easy
- * to fix for a small zone but can be a big mess for large zones.
- *
- * ## Support
- *
- * Prior to DNSControl v4.0.0, not all providers supported `NO_PURGE`.
- *
- * With introduction of `diff2` algorithm (enabled by default in v4.0.0),
- * `NO_PURGE` works with all providers.
- *
- * ## See also
- *
- * * [`PURGE`](domain/PURGE.md) is the default, thus this command is a no-op
- * * [`IGNORE`](domain/IGNORE.md) is similar to `NO_PURGE` but is more selective
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/no_purge
- */
-declare const NO_PURGE: DomainModifier;
-
-/**
- * NS adds a NS record to the domain. The name should be the relative label for the domain.
- *
- * The name may not be `@` (the bare domain), as that is controlled via [`NAMESERVER()`](NAMESERVER.md).
- * The difference between `NS()` and [`NAMESERVER()`](NAMESERVER.md) is explained in the [`NAMESERVER()` description](NAMESERVER.md).
- *
- * Target should be a string representing the NS target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   NS("foo", "ns1.example2.com."), // Delegate ".foo.example.com" zone to another server.
- *   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
- *   A("ns1.example2.com", "10.10.10.10"), // Glue records
- *   A("ns2.example2.com", "10.10.10.20"), // Glue records
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ns
- */
-declare function NS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/ns1/ns1_urlfwd
- */
-declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * NewDnsProvider activates a DNS Service Provider (DSP) specified in `creds.json`.
- * A DSP stores a DNS zone's records and provides DNS service for the zone (i.e.
- * answers on port 53 to queries related to the zone).
- *
- * * `name` must match the name of an entry in `creds.json`.
- * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
- *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
- *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
- * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
- *
- * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
- *
- * Prior to [v3.16](../../v316.md):
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
- * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * In [v3.16](../../v316.md) and later:
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom");
- * var DNS_MYAWS = NewDnsProvider("myaws");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
- */
-declare function NewDnsProvider(name: string, type?: string, meta?: object): string;
-
-/**
- * NewRegistrar activates a Registrar Provider specified in `creds.json`.
- * A registrar maintains the domain's registration and delegation (i.e. the
- * nameservers for the domain).  DNSControl only manages the delegation.
- *
- * * `name` must match the name of an entry in `creds.json`.
- * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
- *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
- *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
- * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
- *
- * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
- *
- * Prior to [v3.16](../../v316.md):
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
- * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * In [v3.16](../../v316.md) and later:
- *
- * ```javascript
- * var REG_MYNDC = NewRegistrar("mynamedotcom");
- * var DNS_MYAWS = NewDnsProvider("myaws");
- *
- * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
- */
-declare function NewRegistrar(name: string, type?: string, meta?: object): string;
-
-/**
- * `PANIC` terminates the script and therefore DNSControl with an exit code of 1. This should be used if your script cannot gather enough information to generate records, for example when a HTTP request failed.
- *
- * ```javascript
- * PANIC("Something really bad has happened");
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/panic
- */
-declare function PANIC(message: string): never;
-
-/**
- * PTR adds a PTR record to the domain.
- *
- * The name is normally a relative label for the domain, or a FQDN that ends with `.`.  If magic mode is enabled (see below) it can also be an IP address, which will be replaced by the proper string automatically, thus
- * saving the user from having to reverse the IP address manually.
- *
- * Target should be a string representing the FQDN of a host.  Like all FQDNs in DNSControl, it must end with a `.`.
- *
- * **Magic Mode:**
- *
- * PTR records are complex and typos are common. Therefore DNSControl
- * enables features to save labor and
- * prevent typos.  This magic is only
- * enabled when the domain ends with `in-addr.arpa.` or `ipv6.arpa.`.
- *
- * *Automatic IP-to-reverse:* If the name is a valid IP address, DNSControl will replace it with
- * a string that is appropriate for the domain. That is, if the domain
- * ends with `in-addr.arpa` (no `.`) and name is a valid IPv4 address, the name
- * will be replaced with the correct string to make a reverse lookup for that address.
- * IPv6 is properly handled too.
- *
- * *Extra Validation:* DNSControl considers it an error to include a name that
- * is inappropriate for the domain.  For example
- * `PTR("1.2.3.4", "f.co.")` is valid for the domain `D("3.2.1.in-addr.arpa",`
- *  but DNSControl will generate an error if the domain is `D("9.9.9.in-addr.arpa",`.
- * This is because `1.2.3.4` is contained in `1.2.3.0/24` but not `9.9.9.0/24`.
- * This validation works for IPv6, IPv4, and
- * RFC2317 "Classless in-addr.arpa delegation" domains.
- *
- * *Automatic truncation:* DNSControl will automatically truncate FQDNs
- * as needed.
- * If the name is a FQDN ending with `.`, DNSControl will verify that the
- * name is contained within the CIDR block implied by domain.  For example
- * if name is `4.3.2.1.in-addr.arpa.` (note the trailing `.`)
- * and the domain is `2.1.in-addr.arpa` (no trailing `.`)
- * then the name will be replaced with `4.3`.  Note that the output
- * of `REV("1.2.3.4")` is `4.3.2.1.in-addr.arpa.`, which means the following
- * are all equivalent:
- *
- * * `PTR(REV("1.2.3.4"), `
- * * `PTR("4.3.2.1.in-addr.arpa."), `
- * * `PTR("4.3",`    // Assuming the domain is `2.1.in-addr.arpa`
- *
- * All magic is RFC2317-aware. We use the first format listed in the
- * RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
- * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
- * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
- * and A, B, C are the first 3 octets of the IP address. For example
- * `172.20.18.130/27` is located in a zone named
- * `128/27.18.20.172.in-addr.arpa`
- *
- * ```javascript
- * D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
- *   PTR("1", "foo.example.com."),
- *   PTR("2", "bar.example.com."),
- *   PTR("3", "baz.example.com."),
- *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
- *   PTR("1.2.3.10", "ten.example.com."),    // "10"
- * );
- * ```
- *
- * ```javascript
- * D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
- *   PTR("9.9.9.129", "first.example.com."),
- * );
- * ```
- *
- * ```javascript
- * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
- *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
- *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
- *   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
- *   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
- * );
- * ```
- *
- * In the future we plan on adding a flag to [`A()`](A.md) which will insert
- * the correct PTR() record if the appropriate `.arpa` domain has been
- * defined.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ptr
- */
-declare function PTR(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `PURGE` is the default setting for all domains.  Therefore `PURGE` is
- * a no-op. It is included for completeness only.
- *
- * A domain with a mixture of `NO_PURGE` and `PURGE` parameters will abide
- * by the last one.
- *
- * These three examples all are equivalent.
- *
- * `PURGE` is the default:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- * );
- * ```
- *
- * Purge is the default, but we set it anyway:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   PURGE,
- * );
- * ```
- *
- * Since the "last command wins", this is the same as `PURGE`:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   PURGE,
- *   NO_PURGE,
- *   PURGE,
- *   NO_PURGE,
- *   PURGE,
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/purge
- */
-declare const PURGE: DomainModifier;
-
-/**
- * `R53_ALIAS` is a Route53 specific virtual record type that points a record at either another record or an AWS entity (like a Cloudfront distribution, an ELB, etc...). It is analogous to a `CNAME`, but is usually resolved at request-time and served as an `A` record. Unlike `CNAME` records, `ALIAS` records can be used at the zone apex (`@`)
- *
- * Unlike the regular [`ALIAS`](ALIAS.md) directive, `R53_ALIAS` is only supported on Route53. Attempting to use `R53_ALIAS` on another provider than Route53 will result in an error.
- *
- * The name should be the relative label for the domain.
- *
- * Target should be a string representing the target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
- *
- * The Target can be any of:
- *
- * * _CloudFront distribution_: in this case specify the domain name that CloudFront assigned when you created your distribution (note that your CloudFront distribution must include an alternate domain name that matches the record you're adding)
- * * _Elastic Beanstalk environment_: specify the `CNAME` attribute for the environment. The environment must have a regionalized domain name. To get the `CNAME`, you can use either the [AWS Console](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html), [AWS Elastic Beanstalk API](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html), or the [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html).
- * * _ELB load balancer_: specify the DNS name that is associated with the load balancer. To get the DNS name you can use either the AWS Console (on the EC2 page, choose Load Balancers, select the right one, choose the description tab), [ELB API](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html), the [AWS ELB CLI](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html), or the [AWS ELBv2 CLI](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html).
- * * _S3 bucket_ (configured as website): specify the domain name of the Amazon S3 website endpoint in which you configured the bucket (for instance s3-website-us-east-2.amazonaws.com). For the available values refer to the [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
- * * _Another Route53 record_: specify the value of the name of another record in the same hosted zone.
- *
- * For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record/R53_ZONE.md) record modifier.
- *
- * The zone id can be found depending on the target type:
- *
- * * _CloudFront distribution_: specify `Z2FDTNDATAQYW2`
- * * _Elastic Beanstalk environment_: specify the hosted zone ID for the region in which the environment has been created. Refer to the [List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region).
- * * _ELB load balancer_: specify the value of the hosted zone ID for the load balancer. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region)
- * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
- * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
- *
- * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
- *   R53_ALIAS("foo", "A", "bar"),                              // record in same zone
- *   R53_ALIAS("foo", "A", "bar", R53_ZONE("Z35SXDOTRQ7X7K")),  // record in same zone, zone specified
- *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
- *   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
- *   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/amazon-route-53/r53_alias
- */
-declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier, evaluatetargethealthModifier: RecordModifier): DomainModifier;
-
-/**
- * `R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_evaluate_target_health
- */
-declare function R53_EVALUATE_TARGET_HEALTH(enabled: boolean): RecordModifier;
-
-/**
- * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
- *
- * When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
- *
- * When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_zone
- */
-declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
-
-/**
- * `REV` returns the reverse lookup domain for an IP network. For
- * example `REV("1.2.3.0/24")` returns `3.2.1.in-addr.arpa.` and
- * `REV("2001:db8:302::/48")` returns `2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.`.
- * This is used in [`D()`](D.md) functions to create reverse DNS lookup zones.
- *
- * This is a convenience function. You could specify `D("3.2.1.in-addr.arpa",
- * ...` if you like to do things manually but why would you risk making
- * typos?
- *
- * `REV` complies with RFC2317, "Classless in-addr.arpa delegation"
- * for netmasks of size /25 through /31.
- * While the RFC permits any format, we abide by the recommended format:
- * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
- * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
- * and A, B, C are the first 3 octets of the IP address. For example
- * `172.20.18.130/27` is located in a zone named
- * `128/27.18.20.172.in-addr.arpa`
- *
- * If the address does not include a "/" then `REV` assumes /32 for IPv4 addresses
- * and /128 for IPv6 addresses.
- *
- * Note that the lower bits (the ones outside the netmask) must be zeros. They are not
- * zeroed out automatically. Thus, `REV("1.2.3.4/24")` is an error.  This is done
- * to catch typos.
- *
- * ```javascript
- * D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
- *   PTR("1", "foo.example.com."),
- *   PTR("2", "bar.example.com."),
- *   PTR("3", "baz.example.com."),
- *   // These take advantage of DNSControl's ability to generate the right name:
- *   PTR("1.2.3.10", "ten.example.com."),
- * );
- *
- * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
- *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
- *   // These take advantage of DNSControl's ability to generate the right name:
- *   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
- *   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
- * );
- * ```
- *
- * In the future we plan on adding a flag to [`A()`](../domain/A.md)which will insert
- * the correct PTR() record in the appropriate `D(REV())` domain (i.e. `.arpa` domain) has been
- * defined.
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/rev
- */
-declare function REV(address: string): string;
-
-/**
- * `SOA` adds an `SOA` record to a domain. The name should be `@`.  ns and mbox are strings. The other fields are unsigned 32-bit ints.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
- * );
- * ```
- *
- * If you accidentally include an `@` in the email field DNSControl will quietly
- * change it to a `.`. This way you can specify a human-readable email address
- * when you are making it easier for spammers how to find you.
- *
- * ## Notes
- * * The serial number is managed automatically.  It isn't even a field in `SOA()`.
- * * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
- * * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
- *
- * There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/soa
- */
-declare function SOA(name: string, ns: string, mbox: string, refresh: number, retry: number, expire: number, minttl: number, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * DNSControl can optimize the SPF settings on a domain by flattening
- * (inlining) includes and removing duplicates. DNSControl also makes
- * it easier to document your SPF configuration.
- *
- * WARNING: Flattening SPF includes is risky.  Only flatten an SPF
- * setting if it is absolutely needed to bring the number of "lookups"
- * to be less than 10. In fact, it is debatable whether or not ISPs
- * enforce the "10 lookup rule".
- *
- * ## The old way
- *
- * Here is an example of how SPF settings are normally done:
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all")
- * )
- * ```
- *
- * This has a few problems:
- *
- * * No comments. It is difficult to add a comment. In particular, we want to be able to list which ticket requested each item in the SPF setting so that history is retained.
- * * Ugly diffs.  If you add an element to the SPF setting, the diff will show the entire line changed, which is difficult to read.
- * * Too many lookups. The SPF RFC says that SPF settings should not require more than 10 DNS lookups. If we manually flatten (i.e. "inline") an include, we have to remember to check back to see if the settings have changed. Humans are not good at that kind of thing.
- *
- * ## The DNSControl way
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@", "10.2.2.2"),
- *   MX("@", "example.com."),
- *   SPF_BUILDER({
- *     label: "@",
- *     overflow: "_spf%d",
- *     raw: "_rawspf",
- *     ttl: "5m",
- *     parts: [
- *       "v=spf1",
- *       "ip4:198.252.206.0/24", // ny-mail*
- *       "ip4:192.111.0.0/24", // co-mail*
- *       "include:_spf.google.com", // GSuite
- *       "include:mailgun.org", // Greenhouse.io
- *       "include:spf-basic.fogcreek.com", // Fogbugz
- *       "include:mail.zendesk.com", // Zenddesk
- *       "include:servers.mcsv.net", // MailChimp
- *       "include:sendgrid.net", // SendGrid
- *       "include:450622.spf05.hubspotemail.net", // Hubspot (Ticket# SREREQ-107)
- *       "~all"
- *     ],
- *     flatten: [
- *       "spf-basic.fogcreek.com", // Rationale: Being deprecated. Low risk if it breaks.
- *       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
- *     ]
- *   }),
- * );
- * ```
- *
- * By using the `SPF_BUILDER()` we gain many benefits:
- *
- * * Comments can appear next to the element they refer to.
- * * Diffs will be shorter and more specific; therefore easier to read.
- * * Automatic flattening.  We can specify which includes should be flattened and DNSControl will do the work. It will even warn us if the includes change.
- *
- * ## Syntax
- *
- * When you want to specify SPF settings for a domain, use the
- * `SPF_BUILDER()` function.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   ...
- *   ...
- *   ...
- *   SPF_BUILDER({
- *     label: "@",
- *     overflow: "_spf%d",  // Delete this line if you don't want big strings split.
- *     overhead1: "20",  // There are 20 bytes of other TXT records on this domain.  Compensate for this.
- *     raw: "_rawspf",  // Delete this line if the default is sufficient.
- *     parts: [
- *       "v=spf1",
- *       // fill in your SPF items here
- *       "~all"
- *     ],
- *     flatten: [
- *       // fill in any domains to inline.
- *     ]
- *   }),
- *   ...
- *   ...
- * );
- * ```
- *
- * The parameters are:
- *
- * * `label:` The label of the first TXT record. (Optional. Default: `"@"`)
- * * `overflow:` If set, SPF strings longer than 255 chars will be split into multiple TXT records. The value of this setting determines the template for what the additional labels will be named. If not set, no splitting will occur and DNSControl may generate TXT strings that are too long.
- * * `overhead1:` "Overhead for the 1st TXT record".  When calculating the max length of each TXT record, reduce the maximum for the first TXT record in the chain by this amount.
- * * `raw:` The label of the unaltered SPF settings. Setting to an empty string `''` will disable this. (Optional. Default: `"_rawspf"`)
- * * `ttl:` This allows setting a specific TTL on this SPF record. (Optional. Default: using default record TTL)
- * * `txtMaxSize` The maximum size for each TXT record. Values over 255 will result in [multiple strings][multi-string]. General recommendation is to [not go higher than 450][record-size] so that DNS responses will still fit in a UDP packet. (Optional. Default: `"255"`)
- * * `parts:` The individual parts of the SPF settings.
- * * `flatten:` Which includes should be inlined. For safety purposes the flattening is done on an opt-in basis. If `"*"` is listed, all includes will be flattened... this might create more problems than is solves due to length limitations.
- *
- * [multi-string]: https://tools.ietf.org/html/rfc4408#section-3.1.3
- * [record-size]: https://tools.ietf.org/html/rfc4408#section-3.1.4
- *
- * `SPF_BUILDER()` returns multiple `TXT()` records:
- *
- *   * `TXT("@", "v=spf1 .... ~all")`
- *     *  This is the optimized configuration.
- *   * `TXT("_spf1", "...")`
- *     * If the optimizer needs to split a long string across multiple TXT records, the additional TXT records will have labels `_spf1`, `_spf2`, `_spf3`, etc.
- *   * `TXT("_rawspf", "v=spf1 .... ~all")`
- *     * This is the unaltered SPF configuration. This is purely for debugging purposes and is not used by any email or anti-spam system.  It is only generated if flattening is requested.
- *
- * We recommend first using this without any flattening. Make sure
- * `dnscontrol preview` works as expected. Once that is done, add the
- * flattening required to reduce the number of lookups to 10 or less.
- *
- * To count the number of lookups, you can use our interactive SPF
- * debugger at [https://stackexchange.github.io/dnscontrol/flattener/index.html](https://stackexchange.github.io/dnscontrol/flattener/index.html)
- *
- * # The first in a chain is special
- *
- * When generating the chain of SPF
- * records, each one is max length 255.  For the first item in
- * the chain, the max is 255 - "overhead1".  Setting this to 255 or
- * higher has undefined behavior.
- *
- * Why is this useful?
- *
- * Some sites desire having all DNS queries fit in a single packet so
- * that UDP, not TCP, can be used to satisfy all requests. That means all
- * responses have to be relatively small.
- *
- * When an SPF system does a "TXT" lookup, it gets SPF and non-SPF
- * records.  This makes the first link in the chain extra large.
- *
- * The bottom line is that if you want the TXT records to fit in a UDP
- * packet, keep increasing the value of `overhead1` until the packet
- * is no longer truncated.
- *
- * Example:
- *
- * ```shell
- * dig +short whatexit.org txt | wc -c
- *    118
- * ```
- *
- * Setting `overhead1` to 118 should be sufficient.
- *
- * ```shell
- * dig +short stackoverflow.com txt | wc -c
- *      582
- * ```
- *
- * Since 582 is bigger than 255, it might not be possible to achieve the
- * goal.  Any value larger than 255 will disable all flattening.  Try
- * 170, then 180, 190 until you get the desired results.
- *
- * A validator such as
- * [https://www.kitterman.com/spf/validate.html](https://www.kitterman.com/spf/validate.html)
- * will tell you if the queries are being truncated and TCP was required
- * to get the entire record. (Sadly it caches heavily.)
- *
- * ## Notes about the `spfcache.json`
- *
- * DNSControl keeps a cache of the DNS lookups performed during
- * optimization.  The cache is maintained so that the optimizer does
- * not produce different results depending on the ups and downs of
- * other people's DNS servers. This makes it possible to do `dnscontrol
- * push` even if your or third-party DNS servers are down.
- *
- * The DNS cache is kept in a file called `spfcache.json`. If it needs
- * to be updated, the proper data will be written to a file called
- * `spfcache.updated.json` and instructions such as the ones below
- * will be output telling you exactly what to do:
- *
- * ```shell
- * dnscontrol preview
- * 1 Validation errors:
- * WARNING: 2 spf record lookups are out of date with cache (_spf.google.com,_netblocks3.google.com).
- * Wrote changes to spfcache.updated.json. Please rename and commit:
- *     $ mv spfcache.updated.json spfcache.json
- *     $ git commit spfcache.json
- * ```
- *
- * In this case, you are being asked to replace `spfcache.json` with
- * the newly generated data in `spfcache.updated.json`.
- *
- * Needing to do this kind of update is considered a validation error
- * and will block `dnscontrol push` from running.
- *
- * Note: The instructions are hardcoded strings. The filenames will
- * not change.
- *
- * Note: The instructions assume you use git. If you use something
- * else, please do the appropriate equivalent command.
- *
- * ## Caveats
- *
- * 1. DNSControl 'gives up' if it sees SPF records it can't understand.
- * This includes: syntax errors, features that our spflib doesn't know
- * about, overly complex SPF settings, and anything else that we we
- * didn't feel like implementing.
- *
- * 2. The TXT record that is generated may exceed DNS limits.  dnscontrol
- * will not generate a single TXT record that exceeds DNS limits, but
- * it ignores the fact that there may be other TXT records on the same
- * label.  For example, suppose it generates a TXT record on the bare
- * domain (stackoverflow.com) that is 250 bytes long. That's fine and
- * doesn't require a continuation record.  However if there is another
- * TXT record (not an SPF record, perhaps a TXT record used to verify
- * domain ownership), the total packet size of all the TXT records
- * could exceed 512 bytes, and will require EDNS or a TCP request.
- *
- * 3. DNSControl does not warn if the number of lookups exceeds 10.
- * We hope to implement this some day.
- *
- * 4. The `redirect=` directive is only partially implemented.  We only
- * handle the case where redirect is the last item in the SPF record.
- * In which case, it is equivalent to `include:`.
- *
- * ## Advanced Technique: Interactive SPF Debugger
- *
- * DNSControl includes an experimental system for viewing
- * SPF settings:
- *
- * [https://stackexchange.github.io/dnscontrol/flattener/index.html](https://stackexchange.github.io/dnscontrol/flattener/index.html)
- *
- * You can also run this locally (it is self-contained) by opening
- * `dnscontrol/docs/flattener/index.html` in your browser.
- *
- * You can use this to determine the minimal number of domains you
- * need to flatten to have fewer than 10 lookups.
- *
- * The output is as follows:
- *
- * 1. The top part lists the domain as it current is configured, how
- * many lookups it requires, and includes a checkbox for each item
- * that could be flattened.
- *
- * 2. Fully flattened: This section shows the SPF configuration if you
- * fully flatten it. i.e. This is what it would look like if all the
- * checkboxes were checked. Note that this result is likely to be
- * longer than 255 bytes, the limit for a single TXT string.
- *
- * 3. Fully flattened split: This takes the "fully flattened" result
- * and splits it into multiple DNS records.  To continue to the next
- * record an include is added.
- *
- * ## Advanced Technique: Define once, use many
- *
- * In some situations we define an SPF setting once and want to re-use
- * it on many domains. Here's how to do this:
- *
- * ```javascript
- * var SPF_MYSETTINGS = SPF_BUILDER({
- *   label: "@",
- *   overflow: "_spf%d",
- *   raw: "_rawspf",
- *   parts: [
- *     "v=spf1",
- *     ...
- *     "~all"
- *   ],
- *   flatten: [
- *     ...
- *   ]
- * });
- *
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     SPF_MYSETTINGS
- * );
- *
- * D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *      SPF_MYSETTINGS
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder
- */
-declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead1?: string; raw?: string; ttl?: Duration; txtMaxSize?: number; parts: string[]; flatten?: string[] }): DomainModifier;
-
-/**
- * `SRV` adds a `SRV` record to a domain. The name should be the relative label for the record.
- *
- * Priority, weight, and port are ints.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Create SRV records for a a SIP service:
- *   //               pr  w   port, target
- *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
- *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
- */
-declare function SRV(name: string, priority: number, weight: number, port: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `SSHFP` contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
- *
- * **Algorithm** (type of the key)
- *
- * | ID | Algorithm |
- * |----|-----------|
- * | 0  | reserved  |
- * | 1  | RSA       |
- * | 2  | DSA       |
- * | 3  | ECDSA     |
- * | 4  | ED25519   |
- *
- * **Type** (fingerprint format)
- *
- * | ID | Algorithm |
- * |----|-----------|
- * | 0  | reserved  |
- * | 1  | SHA-1     |
- * | 2  | SHA-256   |
- *
- * `value` is the fingerprint as a string.
- *
- * ```javascript
- * SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
- */
-declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 | 2, value: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
- *
- * Usage, selector, and type are ints.
- *
- * Certificate is a hex string.
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   // Create TLSA record for certificate used on TCP port 443
- *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
- */
-declare function TLSA(name: string, usage: number, selector: number, type: number, certificate: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * TTL sets the TTL for a single record only. This will take precedence
- * over the domain's [DefaultTTL](../domain/DefaultTTL.md) if supplied.
- *
- * The value can be:
- *
- *   * An integer (number of seconds). Example: `600`
- *   * A string: Integer with single-letter unit: Example: `5m`
- *   * The unit denotes:
- *     * s (seconds)
- *     * m (minutes)
- *     * h (hours)
- *     * d (days)
- *     * w (weeks)
- *     * n (nonths) (30 days in a nonth)
- *     * y (years) (If you set a TTL to a year, we assume you also do crossword puzzles in pen. Show off!)
- *     * If no unit is specified, the default is seconds.
- *   * We highly recommend using units instead of the number of seconds. Would your coworkers understand your intention better if you wrote `14400` or `'4h'`?
- *
- * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DefaultTTL(2000),
- *   A("@","1.2.3.4"), // uses default
- *   A("foo", "2.3.4.5", TTL(500)), // overrides default
- *   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
- *   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
- * );
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/record-modifiers/ttl
- */
-declare function TTL(ttl: Duration): RecordModifier;
-
-/**
- * `TXT` adds an `TXT` record To a domain. The name should be the relative
- * label for the record. Use `@` for the domain apex.
- *
- * The contents is either a single or multiple strings.  To
- * specify multiple strings, specify them as an array.
- *
- * Each string is a JavaScript string (quoted using single or double
- * quotes).  The (somewhat complex) quoting rules of the DNS protocol
- * will be done for you.
- *
- * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
- *
- * ```javascript
- *     D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *       TXT("@", "598611146-3338560"),
- *       TXT("listserve", "google-site-verification=12345"),
- *       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
- *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
- *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
- *       TXT("long", "X".repeat(300)) // Long strings are split automatically.
- *     );
- * ```
- *
- * NOTE: In the past, long strings had to be annotated with the keyword
- * `AUTOSPLIT`. This is no longer required. The keyword is now a no-op.
- *
- * ### Long strings
- *
- * Strings that are longer than 255 octets (bytes) will be quietly
- * split into 255-octets chunks or the provider may report an error
- * if it does not handle multiple strings.
- *
- * ### TXT record edge cases
- *
- * Most providers do not support the full possibilities of what a `TXT`
- * record can store.  DNSControl can not handle all the edge cases
- * and incompatibles that providers have introduced.  Instead, it
- * stores the string(s) that you provide and passes them to the provider
- * verbatim. The provider may opt to accept the data, fix it, or
- * reject it. This happens early in the processing, long before
- * the DNSControl talks to the provider's API.
- *
- * The RFCs specify that a `TXT` record stores one or more strings,
- * each is up to 255 octets (bytes) long. We call these individual
- * strings *chunks*.  Each chunk may be zero to 255 octets long.
- * There is no limit to the number of chunks in a `TXT` record,
- * other than IP packet length restrictions.  The contents of each chunk
- * may be octets of value from 0x00 to 0xff.
- *
- * In reality DNS Service Providers (DSPs) place many restrictions on `TXT`
- * records.
- *
- * Some DSPs only support a single string of 255 octets or fewer.
- * Multiple strings, or any one string being longer than 255 octets will
- * result in an error. One provider limits the string to 254 octets,
- * which makes me think they're code has an off-by-one error.
- *
- * Some DSPs only support one string, but it may be of any length.
- * Behind the scenes the provider splits it into 255-octet chunks
- * (except the last one, of course).
- *
- * Some DSPs support multiple strings, but API requests must be 512-bytes
- * or fewer, and with quoting, escaping, and other encoding mishegoss
- * you can't be sure what will be permitted until you actually try it.
- *
- * Regardless of the quantity and length of strings, some providers ban
- * double quotes, back-ticks, or other chars.
- *
- * ### Testing the support of a provider
- *
- * #### How can you tell if a provider will support a particular `TXT()` record?
- *
- * Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
- * with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
- * see if any errors are produced.  The check command does not talk to
- * the provider's API, thus permitting you to do this without having an
- * account at that provider.
- *
- * #### What if the provider rejects a string that is supported?
- *
- * Suppose I can create the TXT record using the DSP's web portal but
- * DNSControl rejects the string?
- *
- * It is possible that the provider code in DNSControl rejects strings
- * that the DSP accepts.  This is because the test is done in code, not
- * by querying the provider's API.  It is possible that the code was
- * written to work around a bug (such as rejecting a string with a
- * back-tick) but now that bug has been fixed.
- *
- * All such checks are in `providers/${providername}/auditrecords.go`.
- * You can try removing the check that you feel is in error and see if
- * the provider's API accepts the record.  You can do this by running the
- * integration tests, or by simply adding that record to an existing
- * `dnsconfig.js` and seeing if `dnscontrol push` is able to push that
- * record into production. (Be careful if you are testing this on a
- * domain used in production.)
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/txt
- */
-declare function TXT(name: string, contents: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url
- */
-declare function URL(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * Documentation needed.
- *
- * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url301
- */
-declare function URL301(name: string, ...modifiers: RecordModifier[]): DomainModifier;
-
-/**
- * `getConfiguredDomains` getConfiguredDomains is a helper function that returns the domain names
- * configured at the time the function is called. Calling this function early or later in
- * `dnsconfig.js` may return different results. Typical usage is to iterate over all
- * domains at the end of your configuration file.
- *
- * Example for adding records to all configured domains:
- * ```javascript
- * var domains = getConfiguredDomains();
- * for(i = 0; i < domains.length; i++) {
- *   D_EXTEND(domains[i],
- *     TXT("_important", "BLA") // I know, not really creative.
- *   )
- * }
- * ```
- *
- * This will end up in following modifications: (All output assumes the `--full` flag)
- *
- * ```text
- * ******************** Domain: domain1.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...2 corrections
- * #1: CREATE TXT _important.domain1.tld "BLA" ttl=43200
- * #2: REFRESH zone domain1.tld
- *
- * ******************** Domain: domain2.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...2 corrections
- * #1: CREATE TXT _important.domain2.tld "BLA" ttl=43200
- * #2: REFRESH zone domain2.tld
- * ```
- *
- * Example for adding DMARC report records:
- *
- * This example might be more useful, specially for configuring the DMARC report records. According to DMARC RFC you need to specify `domain2.tld._report.dmarc.domain1.tld` to allow `domain2.tld` to send aggregate/forensic email reports to `domain1.tld`. This can be used to do this in an easy way, without using the wildcard from the RFC.
- *
- * ```javascript
- * var domains = getConfiguredDomains();
- * for(i = 0; i < domains.length; i++) {
- *     D_EXTEND("domain1.tld",
- *         TXT(domains[i] + "._report._dmarc", "v=DMARC1")
- *     );
- * }
- * ```
- *
- * This will end up in following modifications:
- *
- * ```text
- * ******************** Domain: domain2.tld
- * ----- Getting nameservers from: registrar
- * ----- DNS Provider: registrar...4 corrections
- * #1: CREATE TXT domain1.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #2: CREATE TXT domain3.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #3: CREATE TXT domain4.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
- * #4: REFRESH zone domain2.tld
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/getconfigureddomains
- */
-declare function getConfiguredDomains(): string[];
-
-/**
- * `require_glob()` recursively loads `.js` files that match a glob (wildcard). The recursion can be disabled.
- *
- * Possible parameters are:
- *
- * - Path as string, where you would like to start including files. Mandatory. Pattern matching possible, see [GoLand path/filepath/#Match docs](https://golang.org/pkg/path/filepath/#Match).
- * - If being recursive. This is a boolean if the search should be recursive or not. Define either `true` or `false`. Default is `true`.
- *
- * Example to load `.js` files recursively:
- *
- * ```javascript
- * require_glob("./domains/");
- * ```
- *
- * Example to load `.js` files only in `domains/`:
- *
- * ```javascript
- * require_glob("./domains/", false);
- * ```
- *
- * # Comparison to require()
- *
- * `require_glob()` and `require()` both use the same rules for determining which directory path is
- * relative to.
- *
- * This will load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
- * is called in the subfolder `domains/`.
- *
- * ```javascript
- * require("domains/index.js");
- * ```
- *
- * ```javascript
- * require_glob("./user1/");
- * ```
- *
- * @see https://docs.dnscontrol.org/language-reference/top-level-functions/require_glob
- */
-declare function require_glob(path: string, recursive: boolean): void;

From a7e764391ce4e520c9f48eaa20ab002244473911 Mon Sep 17 00:00:00 2001
From: Vincent Hagen <blackshadev@users.noreply.github.com>
Date: Mon, 11 Dec 2023 02:47:44 +0100
Subject: [PATCH 068/438] TRANSIP: Fix TXT quoting (#2708)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 integrationTest/integration_test.go  | 3 ++-
 pkg/rejectif/txt.go                  | 9 +++++++++
 providers/transip/auditrecords.go    | 4 ++++
 providers/transip/transipProvider.go | 5 ++---
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 2c1725c270..fc69712c6e 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1126,7 +1126,8 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("TXT with semicolon ws", txt("foosc2", `wssemi ; colon`)),
 
 			tc("TXT interior ws", txt("foosp", "with spaces")),
-			tc("TXT trailing ws", txt("foows1", "with space at end ")),
+			tc("TXT leading ws", txt("foowsb", " leadingspace")),
+			tc("TXT trailing ws", txt("foows1", "trailingws ")),
 
 			// Vultr syntax-checks TXT records with SPF contents.
 			tc("Create a TXT/SPF", txt("foo", "v=spf1 ip4:99.99.99.99 -all")),
diff --git a/pkg/rejectif/txt.go b/pkg/rejectif/txt.go
index 2503f158fc..9e4bf161fd 100644
--- a/pkg/rejectif/txt.go
+++ b/pkg/rejectif/txt.go
@@ -17,6 +17,15 @@ func TxtHasBackslash(rc *models.RecordConfig) error {
 	return nil
 }
 
+// TxtStartsOrEndsWithSpaces audits TXT records that starts or ends with spaces
+func TxtStartsOrEndsWithSpaces(rc *models.RecordConfig) error {
+	txt := rc.GetTargetTXTJoined()
+	if len(txt) > 0 && (txt[0] == ' ' || txt[len(txt)-1] == ' ') {
+		return fmt.Errorf("txtstring starts or ends with spaces")
+	}
+	return nil
+}
+
 // TxtHasBackticks audits TXT records for strings that contain backticks.
 func TxtHasBackticks(rc *models.RecordConfig) error {
 	if strings.Contains(rc.GetTargetTXTJoined(), "`") {
diff --git a/providers/transip/auditrecords.go b/providers/transip/auditrecords.go
index 8004671b14..4836b70af7 100644
--- a/providers/transip/auditrecords.go
+++ b/providers/transip/auditrecords.go
@@ -19,5 +19,9 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-12-04
 
+	a.Add("TXT", rejectif.TxtStartsOrEndsWithSpaces) // Last verified 2023-12-10
+
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-12-10
+
 	return a.Audit(records)
 }
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index 021d0eb8f1..51b4706780 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -8,7 +8,6 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/transip/gotransip/v6"
 	"github.com/transip/gotransip/v6/domain"
@@ -310,7 +309,7 @@ func recordToNative(config *models.RecordConfig, useOriginal bool) (domain.DNSEn
 		Name:    config.Name,
 		Expire:  int(config.TTL),
 		Type:    config.Type,
-		Content: config.GetTargetCombinedFunc(txtutil.EncodeQuoted),
+		Content: config.GetTargetCombinedFunc(nil),
 	}, nil
 }
 
@@ -322,7 +321,7 @@ func nativeToRecord(entry domain.DNSEntry, origin string) (*models.RecordConfig,
 		Original: entry,
 	}
 	rc.SetLabel(entry.Name, origin)
-	if err := rc.PopulateFromStringFunc(entry.Type, entry.Content, origin, txtutil.ParseQuoted); err != nil {
+	if err := rc.PopulateFromStringFunc(entry.Type, entry.Content, origin, nil); err != nil {
 		return nil, fmt.Errorf("unparsable record received from TransIP: %w", err)
 	}
 

From c29efea2f1dce87ce020a49eed99d54295c5caa9 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 11 Dec 2023 02:48:52 +0100
Subject: [PATCH 069/438] CICD: Clean-up of Travis Go package dependency
 (#2711)

---
 go.mod | 1 -
 go.sum | 3 ---
 2 files changed, 4 deletions(-)

diff --git a/go.mod b/go.mod
index 64c2bc5965..d9efc2a213 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,6 @@ require (
 	github.com/go-acme/lego v2.7.2+incompatible
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
-	github.com/google/go-github/v35 v35.3.0
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/jinzhu/copier v0.4.0
diff --git a/go.sum b/go.sum
index a973a1a689..2e6bdb7901 100644
--- a/go.sum
+++ b/go.sum
@@ -185,11 +185,8 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-github/v35 v35.3.0 h1:fU+WBzuukn0VssbayTT+Zo3/ESKX9JYWjbZTLOTEyho=
-github.com/google/go-github/v35 v35.3.0/go.mod h1:yWB7uCcVWaUbUP74Aq3whuMySRMatyRmq5U9FTNlbio=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=

From 3ad9560b3ae71e2b37a70f43bf1ae66268433bc0 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 11 Dec 2023 02:50:21 +0100
Subject: [PATCH 070/438] CICD: Fixed `go install` command (#2712)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts | 2991 ++++++++++++++++++++++++++++++++
 1 file changed, 2991 insertions(+)
 create mode 100644 commands/types/dnscontrol.d.ts

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
new file mode 100644
index 0000000000..a850f30275
--- /dev/null
+++ b/commands/types/dnscontrol.d.ts
@@ -0,0 +1,2991 @@
+// WARNING: These type definitions are experimental and subject to change in future releases.
+
+interface Domain {
+    name: string;
+    subdomain: string;
+    registrar: unknown;
+    meta: Record<string, unknown>;
+    records: DNSRecord[];
+    dnsProviders: Record<string, unknown>;
+    defaultTTL: number;
+    nameservers: unknown[];
+    ignored_names: unknown[];
+    ignored_targets: unknown[];
+    [key: string]: unknown;
+}
+
+interface DNSRecord {
+    type: string;
+    meta: Record<string, unknown>;
+    ttl: number;
+}
+
+type DomainModifier =
+    | ((domain: Domain) => void)
+    | Partial<Domain>
+    | DomainModifier[];
+
+type RecordModifier =
+    | ((record: DNSRecord) => void)
+    | Partial<DNSRecord['meta']>;
+
+type Duration =
+    | `${number}${'s' | 'm' | 'h' | 'd' | 'w' | 'n' | 'y' | ''}`
+    | number /* seconds */;
+
+
+/**
+ * `FETCH` is a wrapper for the [Fetch API](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API). This allows dynamically setting DNS records based on an external data source, e.g. the API of your cloud provider.
+ *
+ * Compared to `fetch` from Fetch API, `FETCH` will call [PANIC](PANIC.md) to terminate the execution of the script, and therefore DNSControl, if a network error occurs.
+ *
+ * Otherwise the syntax of `FETCH` is the same as `fetch`.
+ *
+ * `FETCH` is not enabled by default. Please read the warnings below.
+ *
+ * > WARNING:
+ * >
+ * > 1. Relying on external sources adds a point of failure. If the external source doesn't work, your script won't either. Please make sure you are aware of the consequences.
+ * > 2. Make sure DNSControl only uses verified configuration if you want to use `FETCH`. For example, an attacker can send Pull Requests to your config repo, and have your CI test malicious configurations and make arbitrary HTTP requests. Therefore, `FETCH` must be explicitly enabled with flag `--allow-fetch` on DNSControl invocation.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), [
+ *   A("@", "1.2.3.4"),
+ * ]);
+ *
+ * FETCH("https://example.com", {
+ *   // All three options below are optional
+ *   headers: {"X-Authentication": "barfoo"},
+ *   method: "POST",
+ *   body: "Hello World",
+ * }).then(function(r) {
+ *   return r.text();
+ * }).then(function(t) {
+ *   // Example of generating record based on response
+ *   D_EXTEND("example.com", [
+ *     TXT("@", t.slice(0, 100)),
+ *   ]);
+ * });
+ * ```
+ */
+declare function FETCH(
+    url: string,
+    init?: {
+        method?:
+            | 'GET'
+            | 'POST'
+            | 'PUT'
+            | 'PATCH'
+            | 'DELETE'
+            | 'HEAD'
+            | 'OPTIONS';
+        headers?: { [key: string]: string | string[] };
+        // Ignored by the underlying code
+        // redirect: 'follow' | 'error' | 'manual';
+        body?: string;
+    }
+): Promise<FetchResponse>;
+
+interface FetchResponse {
+    readonly bodyUsed: boolean;
+    readonly headers: ResponseHeaders;
+    readonly ok: boolean;
+    readonly status: number;
+    readonly statusText: string;
+    readonly type: string;
+
+    text(): Promise<string>;
+    json(): Promise<any>;
+}
+
+interface ResponseHeaders {
+    get(name: string): string | undefined;
+    getAll(name: string): string[];
+    has(name: string): boolean;
+
+    append(name: string, value: string): void;
+    delete(name: string): void;
+    set(name: string, value: string): void;
+}
+
+
+declare function require(name: `${string}.json`): any;
+declare function require(name: string): true;
+
+/**
+ * Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
+ *
+ * CAA record is supported only by BIND, Google Cloud DNS, Amazon Route 53 and OVH. Some certificate authorities may not support this record until the mandatory date of September 2017.
+ */
+declare const CAA_CRITICAL: RecordModifier;
+
+/**
+ * @deprecated
+ * This disables a safety check intended to prevent:
+ * 1. Two owners toggling a record between two settings.
+ * 2. The other owner wiping all records at this label, which won't
+ * be noticed until the next time dnscontrol is run.
+ * See https://github.com/StackExchange/dnscontrol/issues/1106
+ */
+declare const IGNORE_NAME_DISABLE_SAFETY_CHECK: RecordModifier;
+
+// Cloudflare aliases:
+
+/** Proxy disabled. */
+declare const CF_PROXY_OFF: RecordModifier;
+/** Proxy enabled. */
+declare const CF_PROXY_ON: RecordModifier;
+/** Proxy+Railgun enabled. */
+declare const CF_PROXY_FULL: RecordModifier;
+
+/** Proxy default off for entire domain (the default) */
+declare const CF_PROXY_DEFAULT_OFF: DomainModifier;
+/** Proxy default on for entire domain */
+declare const CF_PROXY_DEFAULT_ON: DomainModifier;
+/** UniversalSSL off for entire domain */
+declare const CF_UNIVERSALSSL_OFF: DomainModifier;
+/** UniversalSSL on for entire domain */
+declare const CF_UNIVERSALSSL_ON: DomainModifier;
+
+/**
+ * Set default values for CLI variables. See: https://dnscontrol.org/cli-variables
+ */
+declare function CLI_DEFAULTS(vars: Record<string, unknown>): void;
+
+/**
+ * `END` permits the last item to include a comma.
+ *
+ * ```js
+ * D("foo.com", ...
+ *    A(...),
+ *    A(...),
+ *    A(...),
+ * END)
+ * ```
+ */
+declare const END: DomainModifier & RecordModifier;
+
+/**
+ * Permit labels like `"foo.bar.com.bar.com"` (normally an error)
+ *
+ * ```js
+ * D("bar.com", ...
+ *     A("foo.bar.com", "10.1.1.1", DISABLE_REPEATED_DOMAIN_CHECK),
+ * )
+ * ```
+ */
+declare const DISABLE_REPEATED_DOMAIN_CHECK: RecordModifier;
+
+
+/**
+ * A adds an A record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
+ *
+ * The address should be an ip address, either a string, or a numeric value obtained via [IP](../global/IP.md).
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@", "1.2.3.4"),
+ *   A("foo", "2.3.4.5"),
+ *   A("test.foo", IP("1.2.3.4"), TTL(5000)),
+ *   A("*", "1.2.3.4", {foo: 42})
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/a
+ */
+declare function A(name: string, address: string | number, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * AAAA adds an AAAA record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
+ *
+ * The address should be an IPv6 address as a string.
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ * var addrV6 = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   AAAA("@", addrV6),
+ *   AAAA("foo", addrV6),
+ *   AAAA("test.foo", addrV6, TTL(5000)),
+ *   AAAA("*", addrV6, {foo: 42})
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/aaaa
+ */
+declare function AAAA(name: string, address: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * AKAMAICDN is a proprietary record type that is used to configure [Zone Apex Mapping](https://blogs.akamai.com/2019/08/fast-dns-zone-apex-mapping-dnssec.html).
+ * The AKAMAICDN target must be preconfigured in the Akamai network.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/akamai-edge-dns/akamaicdn
+ */
+declare function AKAMAICDN(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * ALIAS is a virtual record type that points a record at another record. It is analogous to a CNAME, but is usually resolved at request-time and served as an A record. Unlike CNAMEs, ALIAS records can be used at the zone apex (`@`)
+ *
+ * Different providers handle ALIAS records differently, and many do not support it at all. Attempting to use ALIAS records with a DNS provider type that does not support them will result in an error.
+ *
+ * The name should be the relative label for the domain.
+ *
+ * Target should be a string representing the target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   ALIAS("@", "google.com."), // example.com -> google.com
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/alias
+ */
+declare function ALIAS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC. It takes no
+ * parameters.
+ *
+ * See `AUTODNSSEC_ON` for further details.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/autodnssec_off
+ */
+declare const AUTODNSSEC_OFF: DomainModifier;
+
+/**
+ * AUTODNSSEC_ON tells the provider to enable AutoDNSSEC.
+ *
+ * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC.
+ *
+ * AutoDNSSEC is a feature where a DNS provider can automatically manage
+ * DNSSEC for a domain. Not all providers support this.
+ *
+ * At this time, AUTODNSSEC_ON takes no parameters.  There is no ability
+ * to tune what the DNS provider sets, no algorithm choice.  We simply
+ * ask that they follow their defaults when enabling a no-fuss DNSSEC
+ * data model.
+ *
+ * NOTE: No parenthesis should follow these keywords.  That is, the
+ * correct syntax is `AUTODNSSEC_ON` not `AUTODNSSEC_ON()`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
+ *   A("@", "10.1.1.1")
+ * );
+ *
+ * D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
+ *   A("@", "10.2.2.2")
+ * );
+ * ```
+ *
+ * If neither `AUTODNSSEC_ON` or `AUTODNSSEC_OFF` is specified for a
+ * domain no changes will be requested.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/autodnssec_on
+ */
+declare const AUTODNSSEC_ON: DomainModifier;
+
+/**
+ * AZURE_ALIAS is a Azure specific virtual record type that points a record at either another record or an Azure entity.
+ * It is analogous to a CNAME, but is usually resolved at request-time and served as an A record.
+ * Unlike CNAMEs, ALIAS records can be used at the zone apex (`@`)
+ *
+ * Unlike the regular ALIAS directive, AZURE_ALIAS is only supported on AZURE.
+ * Attempting to use AZURE_ALIAS on another provider than Azure will result in an error.
+ *
+ * The name should be the relative label for the domain.
+ *
+ * The type can be any of the following:
+ * * A
+ * * AAAA
+ * * CNAME
+ *
+ * Target should be the Azure Id representing the target. It starts `/subscription/`. The resource id can be found in https://resources.azure.com/.
+ *
+ * The Target can :
+ *
+ * * Point to a public IP resource from a DNS `A/AAAA` record set.
+ * You can create an A/AAAA record set and make it an alias record set to point to a public IP resource (standard or basic).
+ * The DNS record set changes automatically if the public IP address changes or is deleted.
+ * Dangling DNS records that point to incorrect IP addresses are avoided.
+ * There is a current limit of 20 alias records sets per resource.
+ * * Point to a Traffic Manager profile from a DNS `A/AAAA/CNAME` record set.
+ * You can create an A/AAAA or CNAME record set and use alias records to point it to a Traffic Manager profile.
+ * It's especially useful when you need to route traffic at a zone apex, as traditional CNAME records aren't supported for a zone apex.
+ * For example, say your Traffic Manager profile is myprofile.trafficmanager.net and your business DNS zone is contoso.com.
+ * You can create an alias record set of type A/AAAA for contoso.com (the zone apex) and point to myprofile.trafficmanager.net.
+ * * Point to an Azure Content Delivery Network (CDN) endpoint.
+ * This is useful when you create static websites using Azure storage and Azure CDN.
+ * * Point to another DNS record set within the same zone.
+ * Alias records can reference other record sets of the same type.
+ * For example, a DNS CNAME record set can be an alias to another CNAME record set.
+ * This arrangement is useful if you want some record sets to be aliases and some non-aliases.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
+ *   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
+ *   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/azure-dns/azure_alias
+ */
+declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `CAA()` adds a CAA record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
+ *
+ * Tag can be one of
+ * 1. `"issue"`
+ * 2. `"issuewild"`
+ * 3. `"iodef"`
+ *
+ * Value is a string. The format of the contents is different depending on the tag. DNSControl will handle any escaping or quoting required, similar to TXT records. For example use `CAA("@", "issue", "letsencrypt.org")` rather than `CAA("@", "issue", "\"letsencrypt.org\"")`.
+ *
+ * Flags are controlled by modifier:
+ * - `CAA_CRITICAL`: Issuer critical flag. CA that does not understand this tag will refuse to issue certificate for this domain.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Allow letsencrypt to issue certificate for this domain
+ *   CAA("@", "issue", "letsencrypt.org"),
+ *   // Allow no CA to issue wildcard certificate for this domain
+ *   CAA("@", "issuewild", ";"),
+ *   // Report all violation to test@example.com. If CA does not support
+ *   // this record then refuse to issue any certificate
+ *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+ * );
+ * ```
+ *
+ * DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa
+ */
+declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * DNSControl contains a `CAA_BUILDER` which can be used to simply create
+ * [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
+ * individually, you can simply configure your report mail address, the
+ * authorized certificate authorities and the builder cares about the rest.
+ *
+ * ## Example
+ *
+ * For example you can use:
+ *
+ * ```javascript
+ * CAA_BUILDER({
+ *   label: "@",
+ *   iodef: "mailto:test@example.com",
+ *   iodef_critical: true,
+ *   issue: [
+ *     "letsencrypt.org",
+ *     "comodoca.com",
+ *   ],
+ *   issuewild: "none",
+ * })
+ * ```
+ *
+ * The parameters are:
+ *
+ * * `label:` The label of the CAA record. (Optional. Default: `"@"`)
+ * * `iodef:` Report all violation to configured mail address.
+ * * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+ * * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
+ * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
+ *
+ * `CAA_BUILDER()` returns multiple records (when configured as example above):
+ *
+ * ```javascript
+ * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+ * CAA("@", "issue", "letsencrypt.org")
+ * CAA("@", "issue", "comodoca.com")
+ * CAA("@", "issuewild", ";")
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
+ */
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): DomainModifier;
+
+/**
+ * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
+ * generate a HTTP 301 permanent redirect.
+ *
+ * If _any_ `CF_REDIRECT` or [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) functions are used then
+ * `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
+ * Page Rule types other than "Forwarding URL” will be left alone.
+ *
+ * WARNING: Cloudflare does not currently fully document the Page Rules API and
+ * this interface is not extensively tested. Take precautions such as making
+ * backups and manually verifying `dnscontrol preview` output before running
+ * `dnscontrol push`. This is especially true when mixing Page Rules that are
+ * managed by DNSControl and those that aren't.
+ *
+ * HTTP 301 redirects are cached by browsers forever, usually ignoring any TTLs or
+ * other cache invalidation techniques. It should be used with great care. We
+ * suggest using a `CF_TEMP_REDIRECT` initially, then changing to a `CF_REDIRECT`
+ * only after sufficient time has elapsed to prove this is what you really want.
+ *
+ * This example redirects the bare (aka apex, or naked) domain to www:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_redirect
+ */
+declare function CF_REDIRECT(source: string, destination: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
+ * Rules) to generate a HTTP 302 temporary redirect.
+ *
+ * If _any_ [`CF_REDIRECT`](CF_REDIRECT.md) or `CF_TEMP_REDIRECT` functions are used then
+ * `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
+ * Page Rule types other than "Forwarding URL” will be left alone.
+ *
+ * WARNING: Cloudflare does not currently fully document the Page Rules API and
+ * this interface is not extensively tested. Take precautions such as making
+ * backups and manually verifying `dnscontrol preview` output before running
+ * `dnscontrol push`. This is especially true when mixing Page Rules that are
+ * managed by DNSControl and those that aren't.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_temp_redirect
+ */
+declare function CF_TEMP_REDIRECT(source: string, destination: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `CF_WORKER_ROUTE` uses the [Cloudflare Workers](https://developers.cloudflare.com/workers/)
+ * API to manage [worker routes](https://developers.cloudflare.com/workers/platform/routes)
+ * for a given domain.
+ *
+ * If _any_ `CF_WORKER_ROUTE` function is used then `dnscontrol` will manage _all_
+ * Worker Routes for the domain. To be clear: this means it will delete existing routes that
+ * were created outside of DNSControl.
+ *
+ * WARNING: This interface is not extensively tested. Take precautions such as making
+ * backups and manually verifying `dnscontrol preview` output before running
+ * `dnscontrol push`.
+ *
+ * This example assigns the patterns `api.example.com/*` and `example.com/api/*` to a `my-worker` script:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
+ *     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_worker_route
+ */
+declare function CF_WORKER_ROUTE(pattern: string, script: string): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudns/cloudns_wr
+ */
+declare function CLOUDNS_WR(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * CNAME adds a CNAME record to the domain. The name should be the relative label for the domain.
+ * Using `@` or `*` for CNAME records is not recommended, as different providers support them differently.
+ *
+ * Target should be a string representing the CNAME target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CNAME("foo", "google.com."), // foo.example.com -> google.com
+ *   CNAME("abc", "@"), // abc.example.com -> example.com
+ *   CNAME("def", "test"), // def.example.com -> test.example.com
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/cname
+ */
+declare function CNAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
+ * name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
+ * add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
+ *
+ * Modifier arguments are processed according to type as follows:
+ *
+ * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
+ * - An object argument will be merged into the domain's metadata collection.
+ * - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
+ *    be used like a macro in multiple domains.
+ *
+ * ```javascript
+ * // simple domain
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4"),
+ *   CNAME("test", "foo.example2.com.")
+ * );
+ *
+ * // "macro" for records that can be mixed into any zone
+ * var GOOGLE_APPS_DOMAIN_MX = [
+ *     MX("@", 1, "aspmx.l.google.com."),
+ *     MX("@", 5, "alt1.aspmx.l.google.com."),
+ *     MX("@", 5, "alt2.aspmx.l.google.com."),
+ *     MX("@", 10, "alt3.aspmx.l.google.com."),
+ *     MX("@", 10, "alt4.aspmx.l.google.com."),
+ * ]
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4"),
+ *   CNAME("test", "foo.example2.com."),
+ *   GOOGLE_APPS_DOMAIN_MX
+ * );
+ * ```
+ *
+ * # Split Horizon DNS
+ *
+ * DNSControl supports Split Horizon DNS. Simply
+ * define the domain two or more times, each with
+ * their own unique parameters.
+ *
+ * To differentiate the different domains, specify the domains as
+ * `domain.tld!tag`, such as `example.com!inside` and
+ * `example.com!outside`.
+ *
+ * ```javascript
+ * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
+ * var DNS_INSIDE = NewDnsProvider("Cloudflare");
+ * var DNS_OUTSIDE = NewDnsProvider("bind");
+ *
+ * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
+ *   A("www", "10.10.10.10")
+ * );
+ *
+ * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
+ *   A("www", "20.20.20.20")
+ * );
+ *
+ * D_EXTEND("example.com!inside",
+ *   A("internal", "10.99.99.99")
+ * );
+ * ```
+ *
+ * A domain name without a `!` is assigned a tag that is the empty
+ * string. For example, `example.com` and `example.com!` are equivalent.
+ * However, we strongly recommend against using the empty tag, as it
+ * risks creating confusion.  In other words, if you have `domain.tld`
+ * and `domain.tld!external` you now require humans to remember that
+ * `domain.tld` is the external one.  I mean... the internal one.  You
+ * may have noticed this mistake, but will your coworkers?  Will you in
+ * six months? You get the idea.
+ *
+ * DNSControl command line flag `--domains` matches the full name (with the "!").  If you
+ * define domains `example.com!george` and `example.com!john` then:
+ *
+ * * `--domains=example.com` will not match either domain.
+ * * `--domains='example.com!george'` will match only match the first.
+ * * `--domains='example.com!george",example.com!john` will match both.
+ *
+ * NOTE: The quotes are required if your shell treats `!` as a special
+ * character, which is probably does.  If you see an error that mentions
+ * `event not found` you probably forgot the quotes.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d
+ */
+declare function D(name: string, registrar: string, ...modifiers: DomainModifier[]): void;
+
+/**
+ * `DEFAULTS` allows you to declare a set of default arguments to apply to all subsequent domains. Subsequent calls to [`D`](D.md) will have these
+ * arguments passed as if they were the first modifiers in the argument list.
+ *
+ * ## Example
+ *
+ * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
+ * The domain `example.com` will have the defaults set.
+ *
+ * ```javascript
+ * var COMMON = NewDnsProvider("foo");
+ * DEFAULTS(
+ *   DnsProvider(COMMON, 0),
+ *   DefaultTTL("1d")
+ * );
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * If you want to clear the defaults, you can do the following.
+ * The domain `example2.com` will **not** have the defaults set.
+ *
+ * ```javascript
+ * DEFAULTS();
+ *
+ * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
+ */
+declare function DEFAULTS(...modifiers: DomainModifier[]): void;
+
+/**
+ * `DISABLE_IGNORE_SAFETY_CHECK()` disables the safety check. Normally it is an
+ * error to insert records that match an `IGNORE()` pattern. This disables that
+ * safety check for the entire domain.
+ *
+ * It replaces the per-record `IGNORE_NAME_DISABLE_SAFETY_CHECK()` which is
+ * deprecated as of DNSControl v4.0.0.0.
+ *
+ * See [`IGNORE()`](../domain/IGNORE.md) for more information.
+ *
+ * ## Syntax
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     DISABLE_IGNORE_SAFETY_CHECK,
+ *     ...
+ *     TXT("myhost", "mytext"),
+ *     IGNORE("myhost", "*", "*"),
+ *     ...
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/disable_ignore_safety_check
+ */
+declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
+
+/**
+ * DNSControl contains a `DMARC_BUILDER` which can be used to simply create
+ * DMARC policies for your domains.
+ *
+ * ## Example
+ *
+ * ### Simple example
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   policy: "reject",
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ * })
+ * ```
+ *
+ * This yield the following record:
+ *
+ * ```text
+ * @   IN  TXT "v=DMARC1; p=reject; ruf=mailto:mailauth-reports@example.com"
+ * ```
+ *
+ * ### Advanced example
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   policy: "reject",
+ *   subdomainPolicy: "quarantine",
+ *   percent: 50,
+ *   alignmentSPF: "r",
+ *   alignmentDKIM: "strict",
+ *   rua: [
+ *     "mailto:mailauth-reports@example.com",
+ *     "https://dmarc.example.com/submit",
+ *   ],
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ *   failureOptions: "1",
+ *   reportInterval: "1h",
+ * });
+ * ```
+ *
+ * ```javascript
+ * DMARC_BUILDER({
+ *   label: "insecure",
+ *   policy: "none",
+ *   ruf: [
+ *     "mailto:mailauth-reports@example.com",
+ *   ],
+ *   failureOptions: {
+ *       SPF: false,
+ *       DKIM: true,
+ *   },
+ * });
+ * ```
+ *
+ * This yields the following records:
+ *
+ * ```text
+ * @           IN  TXT "v=DMARC1; p=reject; sp=quarantine; adkim=s; aspf=r; pct=50; rua=mailto:mailauth-reports@example.com,https://dmarc.example.com/submit; ruf=mailto:mailauth-reports@example.com; fo=1; ri=3600"
+ * insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
+ * ```
+ *
+ * ### Parameters
+ *
+ * * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
+ * * `version:` The DMARC version to be used (default: `DMARC1`)
+ * * `policy:` The DMARC policy (`p=`), must be one of `"none"`, `"quarantine"`, `"reject"`
+ * * `subdomainPolicy:` The DMARC policy for subdomains (`sp=`), must be one of `"none"`, `"quarantine"`, `"reject"` (optional)
+ * * `alignmentSPF:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for SPF (`aspf=`, default: `"r"`)
+ * * `alignmentDKIM:` `"strict"`/`"s"` or `"relaxed"`/`"r"` alignment for DKIM (`adkim=`, default: `"r"`)
+ * * `percent:` Number between `0` and `100`, percentage for which policies are applied (`pct=`, default: `100`)
+ * * `rua:` Array of aggregate report targets (optional)
+ * * `ruf:` Array of failure report targets (optional)
+ * * `failureOptions:` Object or string; Object containing booleans `SPF` and `DKIM`, string is passed raw (`fo=`, default: `"0"`)
+ * * `failureFormat:` Format in which failure reports are requested (`rf=`, default: `"afrf"`)
+ * * `reportInterval:` Interval in which reports are requested (`ri=`)
+ * * `ttl:` Input for `TTL` method (optional)
+ *
+ * ### Caveats
+ *
+ * * TXT records are automatically split using `AUTOSPLIT`.
+ * * URIs in the `rua` and `ruf` arrays are passed raw. You must percent-encode all commas and exclamation points in the URI itself.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dmarc_builder
+ */
+declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): DomainModifier;
+
+/**
+ * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
+ * a domain's zones are managed elsewhere. That is, it permits you easily delegate
+ * a domain to a hard-coded list of DNS servers.
+ *
+ * `DOMAIN_ELSEWHERE` is useful when you control a domain's registrar but not the
+ * DNS servers. For example, suppose you own a domain but the DNS servers are run
+ * by someone else, perhaps a SaaS product you've subscribed to or a DNS server
+ * that is run by your brother-in-law who doesn't trust you with the API keys that
+ * would let you maintain the domain using DNSControl. You need an easy way to
+ * point (delegate) the domain at a specific list of DNS servers.
+ *
+ * For example these two statements are equivalent:
+ *
+ * ```javascript
+ * DOMAIN_ELSEWHERE("example.com", REG_MY_PROVIDER, ["ns1.foo.com", "ns2.foo.com"]);
+ * ```
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     NO_PURGE,
+ *     NAMESERVER("ns1.foo.com"),
+ *     NAMESERVER("ns2.foo.com")
+ * );
+ * ```
+ *
+ * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
+ * `DnsProvider()` statements exist, no updates would be performed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere
+ */
+declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_names: string[]): void;
+
+/**
+ * `DOMAIN_ELSEWHERE_AUTO()` is similar to `DOMAIN_ELSEWHERE()` but instead of
+ * a hardcoded list of nameservers, a DnsProvider() is queried.
+ *
+ * `DOMAIN_ELSEWHERE_AUTO` is useful when you control a domain's registrar but the
+ * DNS zones are managed by another system. Luckily you have enough access to that
+ * other system that you can query it to determine the zone's nameservers.
+ *
+ * For example, suppose you own a domain but the DNS servers for it are in Azure.
+ * Further suppose that something in Azure maintains the zones (automatic or
+ * human). Azure picks the nameservers for the domains automatically, and that
+ * list may change occasionally.  `DOMAIN_ELSEWHERE_AUTO` allows you to easily
+ * query Azure to determine the domain's delegations so that you do not need to
+ * hard-code them in your dnsconfig.js file.
+ *
+ * For example these two statements are equivalent:
+ *
+ * ```javascript
+ * DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
+ * ```
+ *
+ * ```javascript
+ * D("example.com", REG_NAMEDOTCOM,
+ *     NO_PURGE,
+ *     DnsProvider(DSP_AZURE)
+ * );
+ * ```
+ *
+ * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
+ */
+declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar: string, dnsProvider: string): void;
+
+/**
+ * DS adds a DS record to the domain.
+ *
+ * Key Tag should be a number.
+ *
+ * Algorithm should be a number.
+ *
+ * Digest Type must be a number.
+ *
+ * Digest must be a string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DS("example.com", 2371, 13, 2, "ABCDEF")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ds
+ */
+declare function DS(name: string, keytag: number, algorithm: number, digesttype: number, digest: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `D_EXTEND` adds records (and metadata) to a domain previously defined
+ * by [`D()`](D.md). It can also be used to add subdomain records (and metadata)
+ * to a previously defined domain.
+ *
+ * The first argument is a domain name. If it exactly matches a
+ * previously defined domain, `D_EXTEND()` behaves the same as [`D()`](D.md),
+ * simply adding records as if they had been specified in the original
+ * [`D()`](D.md).
+ *
+ * If the domain name does not match an existing domain, but could be a
+ * (non-delegated) subdomain of an existing domain, the new records (and
+ * metadata) are added with the subdomain part appended to all record
+ * names (labels), and targets (as appropriate). See the examples below.
+ *
+ * Matching the domain name to previously-defined domains is done using a
+ * `longest match` algorithm.  If `domain.tld` and `sub.domain.tld` are
+ * defined as separate domains via separate [`D()`](D.md) statements, then
+ * `D_EXTEND("sub.sub.domain.tld", ...)` would match `sub.domain.tld`,
+ * not `domain.tld`.
+ *
+ * Some operators only act on an apex domain (e.g.
+ * [`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
+ * in a `D_EXTEND` subdomain may not be what you expect.
+ *
+ * ```javascript
+ * D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
+ *   A("@", "127.0.0.1"), // domain.tld
+ *   A("www", "127.0.0.2"), // www.domain.tld
+ *   CNAME("a", "b") // a.domain.tld -> b.domain.tld
+ * );
+ * D_EXTEND("domain.tld",
+ *   A("aaa", "127.0.0.3"), // aaa.domain.tld
+ *   CNAME("c", "d") // c.domain.tld -> d.domain.tld
+ * );
+ * D_EXTEND("sub.domain.tld",
+ *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
+ *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
+ *   CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
+ * );
+ * D_EXTEND("sub.sub.domain.tld",
+ *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
+ *   CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
+ * );
+ * D_EXTEND("sub.domain.tld",
+ *   A("@", "127.0.0.7"), // sub.domain.tld
+ *   CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
+ * );
+ * ```
+ *
+ * This will end up in the following modifications: (This output assumes the `--full` flag)
+ *
+ * ```text
+ * ******************** Domain: domain.tld
+ * ----- Getting nameservers from: cloudflare
+ * ----- DNS Provider: cloudflare...7 corrections
+ * #1: CREATE A aaa.domain.tld 127.0.0.3
+ * #2: CREATE A bbb.sub.domain.tld 127.0.0.4
+ * #3: CREATE A ccc.sub.domain.tld 127.0.0.5
+ * #4: CREATE A ddd.sub.sub.domain.tld 127.0.0.6
+ * #5: CREATE A sub.domain.tld 127.0.0.7
+ * #6: CREATE A www.domain.tld 127.0.0.2
+ * #7: CREATE A domain.tld 127.0.0.1
+ * #8: CREATE CNAME a.domain.tld b.domain.tld.
+ * #9: CREATE CNAME c.domain.tld d.domain.tld.
+ * #10: CREATE CNAME e.sub.domain.tld f.sub.domain.tld.
+ * #11: CREATE CNAME g.sub.sub.domain.tld h.sub.sub.domain.tld.
+ * #12: CREATE CNAME i.sub.domain.tld j.sub.domain.tld.
+ * ```
+ *
+ * ProTips: `D_EXTEND()` permits you to create very complex and
+ * sophisticated configurations, but you shouldn't. Be nice to the next
+ * person that edits the file, who may not be as expert as yourself.
+ * Enhance readability by putting any `D_EXTEND()` statements immediately
+ * after the original [`D()`](D.md), like in above example.  Avoid the temptation
+ * to obscure the addition of records to existing domains with randomly
+ * placed `D_EXTEND()` statements. Don't build up a domain using loops of
+ * `D_EXTEND()` statements. You'll be glad you didn't.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/d_extend
+ */
+declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
+
+/**
+ * DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
+ * the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../global/DEFAULTS.md) to override the internal defaults.
+ *
+ * NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain/NAMESERVER_TTL.md) to set a default TTL for all NS records.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DefaultTTL("4h"),
+ *   A("@","1.2.3.4"), // uses default
+ *   A("foo", "2.3.4.5", TTL(600)) // overrides default
+ * );
+ * ```
+ *
+ * The DefaultTTL duration is the same format as [`TTL`](../record/TTL.md), an integer number of seconds
+ * or a string with a unit such as `"4d"`.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/defaultttl
+ */
+declare function DefaultTTL(ttl: Duration): DomainModifier;
+
+/**
+ * DnsProvider indicates that the specified provider should be used to manage
+ * records for this domain. The name must match the name used with [NewDnsProvider](../global/NewDnsProvider.md).
+ *
+ * The nsCount parameter determines how the nameservers will be managed from this provider.
+ *
+ * Leaving the parameter out means "fetch and use all nameservers from this provider as authoritative". ie: `DnsProvider("name")`
+ *
+ * Using `0` for nsCount means "do not fetch nameservers from this domain, or give them to the registrar".
+ *
+ * Using a different number, ie: `DnsProvider("name",2)`, means "fetch all nameservers from this provider,
+ * but limit it to this many.
+ *
+ * See [this page](../../nameservers.md) for a detailed explanation of how DNSControl handles nameservers and NS records.
+ *
+ * If a domain (`D()`) does not include any `DnsProvider()` functions,
+ * the DNS records will not be modified. In fact, if you want to control
+ * the Registrar for a domain but not the DNS records themselves, simply
+ * do not include a `DnsProvider()` function for that `D()`.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dnsprovider
+ */
+declare function DnsProvider(name: string, nsCount?: number): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/frame
+ */
+declare function FRAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `IGNORE()` makes it possible for DNSControl to share management of a domain
+ * with an external system.  The parameters of `IGNORE()` indicate which records
+ * are managed elsewhere and should not be modified or deleted.
+ *
+ * Use case: Suppose a domain is managed by both DNSControl and a third-party
+ * system. This creates a problem because DNSControl will try to delete records
+ * inserted by the other system.  The other system may get confused and re-insert
+ * those records.  The two systems will get into an endless update cycle where
+ * each will revert changes made by the other in an endless loop.
+ *
+ * To solve this problem simply include `IGNORE()` statements that identify which
+ * records are managed elsewhere.  DNSControl will not modify or delete those
+ * records.
+ *
+ * Technically `IGNORE_NAME` is a promise that DNSControl will not modify or
+ * delete existing records that match particular patterns. It is like
+ * [`NO_PURGE`](../domain/NO_PURGE.md) that matches only specific records.
+ *
+ * Including a record that is ignored is considered an error and may have
+ * undefined behavior. This safety check can be disabled using the
+ * [`DISABLE_IGNORE_SAFETY_CHECK`](../domain/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
+ *
+ * ## Syntax
+ *
+ * The `IGNORE()` function can be used with up to 3 parameters:
+ *
+ * ```javascript
+ * IGNORE(labelSpec, typeSpec, targetSpec):
+ * IGNORE(labelSpec, typeSpec):
+ * IGNORE(labelSpec):
+ * ```
+ *
+ * * `labelSpec` is a glob that matches the DNS label. For example `"foo"` or `"foo*"`.  `"*"` matches all labels, as does the empty string (`""`).
+ * * `typeSpec` is a comma-separated list of DNS types.  For example `"A"` matches DNS A records, `"A,CNAME"` matches both A and CNAME records. `"*"` matches any DNS type, as does the empty string (`""`).
+ * * `targetSpec` is a glob that matches the DNS target. For example `"foo"` or `"foo*"`.  `"*"` matches all targets, as does the empty string (`""`).
+ *
+ * `typeSpec` and `targetSpec` default to `"*"` if they are omitted.
+ *
+ * ## Globs
+ *
+ * The `labelSpec` and `targetSpec` parameters supports glob patterns in the style
+ * of the [gobwas/glob](https://github.com/gobwas/glob) library.  All of the
+ * following patterns will work:
+ *
+ * * `IGNORE("*.foo")` will ignore all records in the style of `bar.foo`, but will not ignore records using a double subdomain, such as `foo.bar.foo`.
+ * * `IGNORE("**.foo")` will ignore all subdomains of `foo`, including double subdomains.
+ * * `IGNORE("?oo")` will ignore all records of three symbols ending in `oo`, for example `foo` and `zoo`. It will not match `.`
+ * * `IGNORE("[abc]oo")` will ignore records `aoo`, `boo` and `coo`. `IGNORE("[a-c]oo")` is equivalent.
+ * * `IGNORE("[!abc]oo")` will ignore all three symbol records ending in `oo`, except for `aoo`, `boo`, `coo`.        `IGNORE("[!a-c]oo")` is equivalent.
+ * * `IGNORE("{bar,[fz]oo}")` will ignore `bar`, `foo` and `zoo`.
+ * * `IGNORE("\\*.foo")` will ignore the literal record `*.foo`.
+ *
+ * ## Typical Usage
+ *
+ * General examples:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   IGNORE("foo"), // matches any records on foo.example.com
+ *   IGNORE("baz", "A"), // matches any A records on label baz.example.com
+ *   IGNORE("*", "MX", "*"), // matches all MX records
+ *   IGNORE("*", "CNAME", "dev-*"), // matches CNAMEs with targets prefixed `dev-*`
+ *   IGNORE("bar", "A,MX"), // ignore only A and MX records for name bar
+ *   IGNORE("*", "*", "dev-*"), // Ignore targets with a `dev-` prefix
+ *   IGNORE("*", "A", "1\.2\.3\."), // Ignore targets in the 1.2.3.0/24 CIDR block
+ * END);
+ * ```
+ *
+ * Ignore Let's Encrypt (ACME) validation records:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   IGNORE("_acme-challenge", "TXT"),
+ *   IGNORE("_acme-challenge.**", "TXT"),
+ * END);
+ * ```
+ *
+ * Ignore DNS records typically inserted by Microsoft ActiveDirectory:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   IGNORE("_gc", "SRV"), // General Catalog
+ *   IGNORE("_gc.**", "SRV"), // General Catalog
+ *   IGNORE("_kerberos", "SRV"), // Kerb5 server
+ *   IGNORE("_kerberos.**", "SRV"), // Kerb5 server
+ *   IGNORE("_kpasswd", "SRV"), // Kpassword
+ *   IGNORE("_kpasswd.**", "SRV"), // Kpassword
+ *   IGNORE("_ldap", "SRV"), // LDAP
+ *   IGNORE("_ldap.**", "SRV"), // LDAP
+ *   IGNORE("_msdcs", "NS"), // Microsoft Domain Controller Service
+ *   IGNORE("_msdcs.**", "NS"), // Microsoft Domain Controller Service
+ *   IGNORE("_vlmcs", "SRV"), // FQDN of the KMS host
+ *   IGNORE("_vlmcs.**", "SRV"), // FQDN of the KMS host
+ *   IGNORE("domaindnszones", "A"),
+ *   IGNORE("domaindnszones.**", "A"),
+ *   IGNORE("forestdnszones", "A"),
+ *   IGNORE("forestdnszones.**", "A"),
+ * END);
+ * ```
+ *
+ * ## Detailed examples
+ *
+ * Here are some examples that illustrate how matching works.
+ *
+ * All the examples assume the following DNS records are the "existing" records
+ * that a third-party is maintaining. (Don't be confused by the fact that we're
+ * using DNSControl notation for the records. Pretend some other system inserted them.)
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     A("@", "151.101.1.69"),
+ *     A("www", "151.101.1.69"),
+ *     A("foo", "1.1.1.1"),
+ *     A("bar", "2.2.2.2"),
+ *     CNAME("cshort", "www"),
+ *     CNAME("cfull", "www.plts.org."),
+ *     CNAME("cfull2", "www.bar.plts.org."),
+ *     CNAME("cfull3", "bar.www.plts.org."),
+ * END);
+ *
+ * D_EXTEND("more.example.com",
+ *     A("foo", "1.1.1.1"),
+ *     A("bar", "2.2.2.2"),
+ *     CNAME("mshort", "www"),
+ *     CNAME("mfull", "www.plts.org."),
+ *     CNAME("mfull2", "www.bar.plts.org."),
+ *     CNAME("mfull3", "bar.www.plts.org."),
+ * END);
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("@", "", ""),
+ *     // Would match:
+ *     //    foo.example.com. A 1.1.1.1
+ *     //    foo.more.example.com. A 1.1.1.1
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("example.com.", "", ""),
+ *     // Would match:
+ *     //    nothing
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("foo", "", ""),
+ *     // Would match:
+ *     //    foo.example.com. A 1.1.1.1
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("foo.**", "", ""),
+ *     // Would match:
+ *     //    foo.more.example.com. A 1.1.1.1
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("www", "", ""),
+ *     // Would match:
+ *     //    www.example.com. A 174.136.107.196
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("www.*", "", ""),
+ *     // Would match:
+ *     //    nothing
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("www.example.com", "", ""),
+ *     // Would match:
+ *     //    nothing
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("www.example.com.", "", ""),
+ *     // Would match:
+ *     //    none
+ * ```
+ *
+ * ```javascript
+ *     //IGNORE("", "", "1.1.1.*"),
+ *     // Would match:
+ *     //    foo.example.com. A 1.1.1.1
+ *     //    foo.more.example.com. A 1.1.1.1
+ * ```
+ *
+ * ```javascript
+ *     //IGNORE("", "", "www"),
+ *     // Would match:
+ *     //    none
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("", "", "*bar*"),
+ *     // Would match:
+ *     //    cfull2.example.com. CNAME www.bar.plts.org.
+ *     //    cfull3.example.com. CNAME bar.www.plts.org.
+ *     //    mfull2.more.example.com. CNAME www.bar.plts.org.
+ *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
+ * ```
+ *
+ * ```javascript
+ *     IGNORE("", "", "bar.**"),
+ *     // Would match:
+ *     //    cfull3.example.com. CNAME bar.www.plts.org.
+ *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
+ * ```
+ *
+ * ## Conflict handling
+ *
+ * It is considered as an error for a `dnsconfig.js` to both ignore and insert the
+ * same record in a domain. This is done as a safety mechanism.
+ *
+ * This will generate an error:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     ...
+ *     TXT("myhost", "mytext"),
+ *     IGNORE("myhost", "*", "*"),  // Error!  Ignoring an item we inserted
+ *     ...
+ * ```
+ *
+ * To disable this safety check, add the `DISABLE_IGNORE_SAFETY_CHECK` statement
+ * to the `D()`.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     DISABLE_IGNORE_SAFETY_CHECK,
+ *     ...
+ *     TXT("myhost", "mytext"),
+ *     IGNORE("myhost", "*", "*"),
+ *     ...
+ * ```
+ *
+ * FYI: Previously DNSControl permitted disabling this check on
+ * a per-record basis using `IGNORE_NAME_DISABLE_SAFETY_CHECK`:
+ *
+ * The `IGNORE_NAME_DISABLE_SAFETY_CHECK` feature does not exist in the diff2
+ * world and its use will result in a validation error. Use the above example
+ * instead.
+ *
+ * ```javascript
+ *     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
+ *     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
+ * ```
+ *
+ * ## Caveats
+ *
+ * WARNING: Two systems updating the same domain is complex.  Complex things are risky. Use `IGNORE()`
+ * as a last resort. Even then, test extensively.
+ *
+ * * There is no locking.  If the external system and DNSControl make updates at the exact same time, the results are undefined.
+ * * IGNORE` works fine with records inserted into a `D()` via `D_EXTEND()`. The matching is done on the resulting FQDN of the label or target.
+ * * `targetSpec` does not match fields other than the primary target.  For example, `MX` records have a target hostname plus a priority. There is no way to match the priority.
+ * * The BIND provider can not ignore records it doesn't know about.  If it does not have access to an existing zonefile, it will create a zonefile from scratch. That new zonefile will not have any external records.  It will seem like they were not ignored, but in reality BIND didn't have visibility to them so that they could be ignored.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore
+ */
+declare function IGNORE(labelSpec: string, typeSpec?: string, targetSpec?: string): DomainModifier;
+
+/**
+ * `IGNORE_NAME(a)` is the same as `IGNORE(a, "*", "*")`.
+ *
+ * `IGNORE_NAME(a, b)` is the same as `IGNORE(a, b, "*")`.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_name
+ */
+declare function IGNORE_NAME(pattern: string, rTypes?: string): DomainModifier;
+
+/**
+ * `IGNORE_TARGET_NAME(target)` is the same as `IGNORE("*", "*", target)`.
+ *
+ * `IGNORE_TARGET_NAME(target, rtype)` is the same as `IGNORE("*", rtype, target)`.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ignore_target
+ */
+declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;
+
+/**
+ * Includes all records from a given domain
+ *
+ * ```javascript
+ * D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("test", "8.8.8.8")
+ * );
+ *
+ * D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   INCLUDE("example.com!external"),
+ *   A("home", "127.0.0.1")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/include
+ */
+declare function INCLUDE(domain: string): DomainModifier;
+
+/**
+ * Converts an IPv4 address from string to an integer. This allows performing mathematical operations with the IP address.
+ *
+ * ```javascript
+ * var addrA = IP("1.2.3.4")
+ * var addrB = addrA + 1
+ * // addrB = 1.2.3.5
+ * ```
+ *
+ * NOTE: `IP()` does not accept IPv6 addresses (PRs gladly accepted!). IPv6 addresses are simply strings:
+ *
+ * ```javascript
+ * // IPv4 Var
+ * var addrA1 = IP("1.2.3.4");
+ * var addrA2 = "1.2.3.4";
+ *
+ * // IPv6 Var
+ * var addrAAAA = "0:0:0:0:0:0:0:0";
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/ip
+ */
+declare function IP(ip: string): number;
+
+/**
+ * The parameter number types are as follows:
+ *
+ * ```
+ * name: string
+ * target: string
+ * deg1: uint32
+ * min1: uint32
+ * sec1: float32
+ * deg2: uint32
+ * min2: uint32
+ * sec2: float32
+ * altitude: uint32
+ * size: float32
+ * horizontal_precision: float32
+ * vertical_precision: float32
+ * ```
+ *
+ * ## Description ##
+ *
+ * Strictly follows [RFC 1876](https://datatracker.ietf.org/doc/html/rfc1876).
+ *
+ * A LOC record holds a geographical position. In the zone file, it may look like:
+ *
+ * ```text
+ * ;
+ * pipex.net.                    LOC   52 14 05 N 00 08 50 E 10m
+ * ```
+ *
+ * On the wire, it is in a binary format.
+ *
+ * A use case for LOC is suggested in the RFC:
+ *
+ * > Some uses for the LOC RR have already been suggested, including the
+ *    USENET backbone flow maps, a "visual traceroute" application showing
+ *    the geographical path of an IP packet, and network management
+ *    applications that could use LOC RRs to generate a map of hosts and
+ *    routers being managed.
+ *
+ * There is the UK based [https://find.me.uk](https://find.me.uk/) whereby you can do:
+ *
+ * ```sh
+ * dig loc <uk-postcode>.find.me.uk
+ * ```
+ *
+ * There are some behaviours that you should be aware of, however:
+ *
+ * > If omitted, minutes and seconds default to zero, size defaults to 1m,
+ *    horizontal precision defaults to 10000m, and vertical precision
+ *    defaults to 10m.  These defaults are chosen to represent typical
+ *    ZIP/postal code area sizes, since it is often easy to find
+ *    approximate geographical location by ZIP/postal code.
+ *
+ * Alas, the world does not revolve around US ZIP codes, but here we are. Internally,
+ * the LOC record type will supply defaults where values were absent on DNS import.
+ * One must supply the `LOC()` js helper all parameters. If that seems like too
+ * much work, see also helper functions:
+ *
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * ## Format ##
+ *
+ * The coordinate format for `LOC()` is:
+ *
+ * `degrees,minutes,seconds,[NnSs],deg,min,sec,[EeWw],altitude,size,horizontal_precision,vertical_precision`
+ *
+ * ## Examples ##
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
+ *   //42 21 54     N  71 06  18     W -24m 30m
+ *   , LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0)
+ *   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
+ *   , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10)
+ *   //52 14 05     N  00 08  50     E 10m
+ *   , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0)
+ *   //32  7 19     S 116  2  25     E 10m
+ *   , LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0)
+ *   //42 21 28.764 N  71 00  51.617 W -44m 2000m
+ *   , LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0)
+ * );
+ *
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc
+ */
+declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min2: number, sec2: number, altitude: number, size: number, horizontal_precision: number, vertical_precision: number): DomainModifier;
+
+/**
+ * `LOC_BUILDER_DD({})` actually takes an object with the following properties:
+ *
+ *   - label (optional, defaults to `@`)
+ *   - x (float32)
+ *   - y (float32)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
+ *
+ * Examples.
+ *
+ * Big Ben:
+ * `51.50084265331501, -0.12462541415599787`
+ *
+ * The White House:
+ * `38.89775977858357, -77.03655125982903`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     LOC_BUILDER_DD({
+ *     label: "big-ben",
+ *     x: 51.50084265331501,
+ *     y: -0.12462541415599787,
+ *     alt: 6,
+ *   })
+ *   , LOC_BUILDER_DD({
+ *     label: "white-house",
+ *     x: 38.89775977858357,
+ *     y: -77.03655125982903,
+ *     alt: 19,
+ *   })
+ *   , LOC_BUILDER_DD({
+ *     label: "white-house-ttl",
+ *     x: 38.89775977858357,
+ *     y: -77.03655125982903,
+ *     alt: 19,
+ *     ttl: "5m",
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dd
+ */
+declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; alt?: number; ttl?: Duration }): DomainModifier;
+
+/**
+ * `LOC_BUILDER_DMM({})` actually takes an object with the following properties:
+ *
+ *   - label (string, optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
+ *
+ * Note that the following are acceptable forms (symbols differ):
+ * * `25.24°S 153.15°E`
+ * * `25.24 S 153.15 E`
+ * * `25.24° S 153.15° E`
+ * * `25.24S 153.15E`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   LOC_BUILDER_STR({
+ *     label: "tasmania",
+ *     str: "42°S 147°E",
+ *     alt: 3,
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dmm_str
+ */
+declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
+
+/**
+ * `LOC_BUILDER_DMS_STR({})` actually takes an object with the following properties:
+ *
+ *   - label (string, optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
+ *
+ * Note that the following are acceptable forms (symbols differ):
+ * * `33°51′31″S 151°12′51″E`
+ * * `33°51'31"S 151°12'51"E`
+ * * `33d51m31sS 151d12m51sE`
+ * * `33d51m31s S 151d12m51s E`
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   LOC_BUILDER_DMS_STR({
+ *     label: "sydney-opera-house",
+ *     str: "33°51′31″S 151°12′51″E",
+ *     alt: 4,
+ *     ttl: "5m",
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dms_str
+ */
+declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
+
+/**
+ * `LOC_BUILDER_STR({})` actually takes an object with the following: properties.
+ *
+ *   - label (optional, defaults to `@`)
+ *   - str (string)
+ *   - alt (float32, optional)
+ *   - ttl (optional)
+ *
+ * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ *
+ * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ *
+ * Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   , LOC_BUILDER_STR({
+ *     label: "old-faithful",
+ *     str: "44.46046°N 110.82815°W",
+ *     alt: 2240,
+ *   })
+ *   , LOC_BUILDER_STR({
+ *     label: "ribblehead-viaduct",
+ *     str: "54.210436°N 2.370231°W",
+ *     alt: 300,
+ *   })
+ *   , LOC_BUILDER_STR({
+ *     label: "guinness-brewery",
+ *     str: "53°20′40″N 6°17′20″W",
+ *     alt: 300,
+ *   })
+ * );
+ *
+ * ```
+ *
+ * Part of the series:
+ *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_str
+ */
+declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: number; ttl?: Duration }): DomainModifier;
+
+/**
+ * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
+ *
+ * It defaults to a setup without support for legacy Skype for Business applications.
+ * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
+ *
+ * ## Example
+ *
+ * ### Simple example
+ *
+ * ```javascript
+ * M365_BUILDER({
+ *     initialDomain: "example.onmicrosoft.com",
+ * });
+ * ```
+ *
+ * This sets up `MX` records, Autodiscover, and DKIM.
+ *
+ * ### Advanced example
+ *
+ * ```javascript
+ * M365_BUILDER({
+ *     label: "test",
+ *     mx: false,
+ *     autodiscover: false,
+ *     dkim: false,
+ *     mdm: true,
+ *     domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
+ *     initialDomain: "example.onmicrosoft.com",
+ * });
+ * ```
+ *
+ * This sets up Mobile Device Management only.
+ *
+ * ### Parameters
+ *
+ * * `label` The label of the Microsoft 365 domain, useful if it is a subdomain (default: `"@"`)
+ * * `mx` Set an `MX` record? (default: `true`)
+ * * `autodiscover` Set Autodiscover `CNAME` record? (default: `true`)
+ * * `dkim` Set DKIM `CNAME` records? (default: `true`)
+ * * `skypeForBusiness` Set Skype for Business/Microsoft Teams records? (default: `false`)
+ * * `mdm` Set Mobile Device Management records? (default: `false`)
+ * * `domainGUID` The GUID of _this_ Microsoft 365 domain (default: `<label>.<context>` with `.` replaced by `-`, no default if domain contains dashes)
+ * * `initialDomain` The initial domain of your Microsoft 365 tenant/account, ends in `onmicrosoft.com`
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/m365_builder
+ */
+declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover?: boolean; dkim?: boolean; skypeForBusiness?: boolean; mdm?: boolean; domainGUID?: string; initialDomain?: string }): DomainModifier;
+
+/**
+ * MX adds an MX record to the domain.
+ *
+ * Priority should be a number.
+ *
+ * Target should be a string representing the MX target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   MX("@", 5, "mail"), // mx example.com -> mail.example.com
+ *   MX("sub", 10, "mail.foo.com.")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/mx
+ */
+declare function MX(name: string, priority: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `NAMESERVER()` instructs DNSControl to inform the domain"s registrar where to find this zone.
+ * For some registrars this will also add NS records to the zone itself.
+ *
+ * This takes exactly one argument: the name of the nameserver. It must end with
+ * a "." if it is a FQDN, just like all targets.
+ *
+ * This is different than the [`NS()`](NS.md) function, which inserts NS records
+ * in the current zone and accepts a label. [`NS()`](NS.md) is useful for downward
+ * delegations. `NAMESERVER()` is for informing upstream delegations.
+ *
+ * For more information, refer to [this page](../../nameservers.md).
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DnsProvider(route53, 0),
+ *   // Replace the nameservers:
+ *   NAMESERVER("ns1.myserver.com."),
+ *   NAMESERVER("ns2.myserver.com."),
+ * );
+ *
+ * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Add these two additional nameservers to the existing list of nameservers.
+ *   NAMESERVER("ns1.myserver.com."),
+ *   NAMESERVER("ns2.myserver.com."),
+ * );
+ * ```
+ *
+ * # The difference between NS() and NAMESERVER()
+ *
+ * Nameservers are one of the least
+ * understood parts of DNS, so a little extra explanation is required.
+ *
+ * * [`NS()`](NS.md) lets you add an NS record to a zone, just like [`A()`](A.md) adds an A
+ *   record to the zone. This is generally used to delegate a subzone.
+ *
+ * * The `NAMESERVER()` directive speaks to the Registrar about how the parent should delegate the zone.
+ *
+ * Since the parent zone could be completely unrelated to the current
+ * zone, changes made by `NAMESERVER()` have to be done by an API call to
+ * the registrar, who then figures out what to do. For example, if I
+ * use `NAMESERVER()` in the zone `stackoverflow.com`, DNSControl talks to
+ * the registrar who does the hard work of talking to the people that
+ * control `.com`.  If the domain was `gmeet.io`, the registrar does
+ * the right thing to talk to the people that control `.io`.
+ *
+ * (A better name might have been `PARENTNAMESERVER()` but we didn"t
+ * think of that at the time.)
+ *
+ * Each registrar handles delegations differently.  Most use
+ * the `NAMESERVER()` targets to update the delegation, adding
+ * `NS` records to the parent zone as required.
+ * Some providers restrict the names to hosts they control.
+ * Others may require you to add the `NS` records to the parent domain
+ * manually.
+ *
+ * # How to prevent changing the parent NS records?
+ *
+ * If dnsconfig.js has zero `NAMESERVER()` commands for a domain, it will
+ * use the API to remove all non-default nameservers.
+ *
+ * If dnsconfig.js has 1 or more `NAMESERVER()` commands for a domain, it
+ * will use the API to add those nameservers (unless, of course,
+ * they already exist).
+ *
+ * So how do you tell DNSControl not to make any changes at all?  Use the
+ * special Registrar called "NONE". It makes no changes.
+ *
+ * It looks like this:
+ *
+ * ```javascript
+ * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
+ * D("example.com", REG_THIRDPARTY,
+ *   ...
+ * )
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver
+ */
+declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * NAMESERVER_TTL sets the TTL on the domain apex NS RRs defined by [`NAMESERVER`](NAMESERVER.md).
+ *
+ * The value can be an integer or a string. See [`TTL`](../record/TTL.md) for examples.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   NAMESERVER_TTL("2d"),
+ *   NAMESERVER("ns")
+ * );
+ * ```
+ *
+ * Use `NAMESERVER_TTL("3600"),` or `NAMESERVER_TTL("1h"),` for a 1h default TTL for all subsequent `NS` entries:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DefaultTTL("4h"),
+ *   NAMESERVER_TTL("3600"),
+ *   NAMESERVER("ns1.provider.com."), //inherits NAMESERVER_TTL
+ *   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
+ *   A("@","1.2.3.4"), // inherits DefaultTTL
+ *   A("foo", "2.3.4.5", TTL(600)) // overrides DefaultTTL for this record only
+ * );
+ * ```
+ *
+ * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain/DefaultTTL.md)
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver_ttl
+ */
+declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
+
+/**
+ * ## Introduction
+ *
+ * NAPTR adds a NAPTR record to the domain. Various formats exist. NAPTR is a part of DDDS such as ENUM (defined by [RFC 6116](https://www.rfc-editor.org/rfc/rfc6116)), SIP ([RFC 3263](https://www.rfc-editor.org/rfc/rfc3263)), S-NAPTR ([RFC 3958](https://www.rfc-editor.org/rfc/rfc3958)) or U-NAPTR ([RFC 4848](https://www.rfc-editor.org/rfc/rfc4848)).
+ *
+ * ## Parameters
+ *
+ * ### `subdomain`
+ *
+ * Subdomain of the domain (e.g. `example.com`) this entry represents.
+ *
+ * #### E164
+ * In the case of E164 (e.g. `3.2.1.5.5.5.0.0.8.1.e164.arpa.`) - where [`terminalflag`](#terminalflag) is `u` - the final digit of the zone it represents, or the zone apex record `@`. For example, the ARPA zone `3.2.1.5.5.5.0.0.8.1.e164.arpa.` represents the phone number block 001800555123*X* (or the synonymous +1800555123*X*), where *X* is the final digit of the phone number string, i.e. the [`subdomain`](#subdomain).
+ *
+ * ### `order`
+ *
+ * ordinal (1st, 2nd, 3rd, ...) 16 bit number (2^16 i.e. <= 65535) which determines lower entries are sent first (`1`), and  higher, last (`65535`).
+ *
+ * ### `preference`
+ *
+ * 16 bit number (2^16 i.e. <= 65535). At the DNS server, this entry is summed with other entries of identical [`order`](#order) value and normalised to a fraction of 100 percent, determining the likelihood that this record is returned by the DNS system. Effective for load balancing services.
+ *
+ * ### `terminalflag`
+ * (case insensitive)
+ *
+ * One of [AaSsUuPp], where:
+ *  * `a` (terminal lookup) means that the output of the [`target`](#target) rewrite will be a domain-name for which an [`A`](A.md) or [`AAAA`](AAAA.md) record should be queried
+ *  * `p` Protocol specific
+ *  * `s` (terminal lookup) indicates that [`target`](#target) points to a [`SRV`](SRV.md) record
+ *  * `u` (terminal lookup) indicates that [`target`](#target) is a (SIP) URN or URI
+ *  * "" (empty string) - a non-terminal condition defined by the ENUM application ([RFC 6116](https://www.rfc-editor.org/rfc/rfc6116)) to indicate that regexp is empty and the replace field contains the FQDN of another NAPTR RR
+ *
+ * Mutually exclusive; more than one cannot be combined in the same record. Since there is no place for a port specification in the NAPTR record, when the `a` [`terminalflag`](#terminalflag) is used, the specified protocol must be running on its default port (Note that at least SIP URI forms allow ports to be specified).
+ *
+ * Flags called 'terminal' halt the looping rewrite algorithm of DNS.
+ *
+ * ### `service`
+ * (case insensitive)
+ *
+ * *`protocol+rs`* where *`protocol`* defines the protocol used by the DDDS application. *`rs`* is the resolution service. There may be 0 or more resolution services each separated by `+`. ENUM further defines this to be a type field and allows a subtype separated by a colon (`:`).
+ *
+ * For E164, typically one of `E2U+SIP` (or `E2U+sip`) or `E2U+email`. For SIP, typically `SIPS+D2T` for TCP/TLS `sips:` URIs, or TLS `sip:` URIs, or `SIP+D2T` for TCP based SIP, or `SIP+D2U` for UDP based SIP. Note that SCTP, WS and WSS are also available.
+ *
+ * Valid [IANA registered services for ENUM](https://www.iana.org/assignments/enum-services/enum-services.xhtml#enum-services-1):
+ * ```text
+ * E2U+pres
+ * E2U+voice:tel+sms:tel (compound form)
+ * E2U+web:http
+ * E2U+sms:mailto
+ * E2U+sms:tel
+ * E2U+sip
+ * E2U+pstn
+ * E2U+tel
+ * ```
+ *
+ * Valid [IANA registered SIP services](https://www.iana.org/assignments/sip-table/sip-table.xhtml#sip-table-1):
+ *
+ * ```text
+ * SIP+D2T
+ * SIPS+D2T
+ * SIP+D2U
+ * SIP+D2S
+ * SIPS+D2S
+ * SIP+D2W
+ * SIPS+D2W
+ * ```
+ *
+ * ### `regexp`
+ *
+ * [Syntax: `delimit ere delimit substitution delimit flag`] an ERE or extended regular expression which captures any address string `.*` found between the line start `^` and finish `$` anchors (i.e. `!^.*$!`), and redirects it to the stated `sip:`, `sips:`, `tel:` or `mailto:` URI. Other URI forms may be possible. Other delimiter (`!`) forms are possible. The final `flag`, if any, shall be `i`, i.e. case **i**nsensitive.
+ *
+ * Examples (taken from [Zytrax](https://www.zytrax.com/books/dns/ch8/naptr.html#regex-examples)):
+ * ```text
+ * # AUS = Application User String
+ * # all examples use ! as the delimiter for consistency
+ * # and simplicity
+ * # AUS = +441115551234 in all cases
+ *
+ * !(\\+441115551234)!tel:\\1!
+ * # explicit check of all characters in string
+ * # the +441115551234 because of () creates a group
+ * # which is referenced by \1 in substitution
+ * # result = tel:+441115551234
+ *
+ * !^(\\+441115551234)$!tel:\\1!
+ * # this is functionally identical to the expression
+ * # above but uses ^ and $ to anchor both ends of
+ * # the expression, there is no technical reason to do this
+ * # within an ere and the RFCs are silent on the topic
+ * # result = tel:+441115551234
+ *
+ * !(.+)!tel:\\1!
+ * # given the AUS of +441115551234
+ * # the expression (.+) sets back ref 1 = +441115551234
+ * # . = any character, + = 0 or more times
+ * # result = tel:+441115551212
+ *
+ * !\\+44111(.+)!sip:775\\1@some.example.com!
+ * # given the AUS of +441115551234 provides partial replacement
+ * # removes the 44111 part and substitutes 775
+ * # result = sip:7755551234@some.example.com
+ *
+ * !.*!sip:james@sip.example.com!
+ * # reads and ignores AUS using .*
+ * # and is called a simple replacement expression
+ * # result = sip:james@sip.example.com
+ * ```
+ *
+ * U-NAPTR supported regexp fields must be of the form (from the RFC):
+ *
+ * ```text
+ * "!.*!<URI>!"
+ * # the .* (any character 1 or more times)
+ * # is fixed by the RFC and essentially ignores
+ * # the AUS data. The result will always be URI
+ * ```
+ *
+ * ### `target`
+ *
+ * A (replacement) record for the target - format depends on [`terminalflag`](#terminalflag).
+ *  * A [`SRV`](SRV.md), if the [`terminalflag`](#terminalflag) is `s` (syntax: *`_Service._Proto.Name`*)
+ *  * An [`A`](A.md) or [`AAAA`](AAAA.md) if the [`terminalflag`](#terminalflag) is `a`
+ *  * URI if the [`terminalflag`](#terminalflag) is `u`
+ *
+ * Not all examples are guaranteed to be standards compliant, or correct.
+ *
+ * ## Examples
+ *
+ * ### Examples for e164 ARPA:
+ *
+ * Individual e164 records
+ *
+ * ```javascript
+ * D("3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
+ *   NAPTR("1",  10, 10, "u", "E2U+SIP", "!^.*$!sip:bob@example.com!", "."),
+ *   NAPTR("2",  10, 10, "u", "E2U+SIP", "!^.*$!sip:alice@example.com!", "."),
+ *   NAPTR("4",  10, 10, "u", "E2U+SIP", "!^.*$!sip:kate@example.com!", "."),
+ *   NAPTR("5",  10, 10, "u", "E2U+SIP", "!^.*$!sip:steve@example.com!", "."),
+ *   NAPTR("6",  10, 10, "u", "E2U+SIP", "!^.*$!sip:joe@example.com!", "."),
+ *   NAPTR("7",  10, 10, "u", "E2U+SIP", "!^.*$!sip:jane@example.com!", "."),
+ *   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
+ *   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
+ *   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", ".")
+ * );
+ * ```
+ *
+ * Single e164 zone
+ * ```javascript
+ * D("4.3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
+ *   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
+ *   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
+ *   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", ".")
+ * );
+ * ```
+ *
+ * ### Examples for SIP:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   NAPTR("@", 20, 50, "s", "SIPS+D2T", "", "_sips._tcp.example.com."),
+ *   NAPTR("@", 20, 50, "s", "SIP+D2T", "", "_sip._tcp.example.com."),
+ *   NAPTR("@", 30, 50, "s", "SIP+D2U", "", "_sip._udp.example.com."),
+ *   NAPTR("help", 100, 50, "s", "SIP+D2U", "!^.*$!sip:customer-service@example.com!", "_sip._udp.example.com."),
+ *   NAPTR("help", 101, 50, "s", "SIP+D2T", "!^.*$!sip:customer-service@example.com!", "_sip._tcp.example.com."),
+ *   SRV("_sip._udp", 100, 0, 5060, "sip.example.com."),
+ *   SRV("_sip._tcp", 100, 0, 5060, "sip.example.com."),
+ *   SRV("_sips._tcp", 100, 0, 5061, "sip.example.com."),
+ *   A("sip", "192.0.2.2"),
+ *   AAAA("sip", "2001:db8::85a3"),
+ *   // and so on
+ * );
+ * ```
+ *
+ * ### Other RFC based examples:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   NAPTR("@",100, 50, "a", "z3950+N2L+N2C", "", "cidserver.example.com."),
+ *   NAPTR("@", 50, 50, "a", "rcds+N2C", "", "cidserver.example.com."),
+ *   NAPTR("@", 30, 50, "s", "http+N2L+N2C+N2R", "", "www.example.com."),
+ *   NAPTR("www",100,100, "s", "http+I2R", "", "_http._tcp.example.com."),
+ *   NAPTR("www",100,100, "s", "ftp+I2R", "", "_ftp._tcp.example.com."),
+ *   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
+ *   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
+ *   // and so on
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/naptr
+ */
+declare function NAPTR(subdomain: string, order: number, preference: number, terminalflag: string, service: string, regexp: string, target: string): DomainModifier;
+
+/**
+ * `NO_PURGE` indicates that existing records should not be deleted from a domain.
+ * Records will be added and updated, but not removed.
+ *
+ * Suppose a domain is managed by both DNSControl and a third-party system. This
+ * creates a problem because DNSControl will try to delete records inserted by the
+ * other system.
+ *
+ * By setting `NO_PURGE` on a domain, this tells DNSControl not to delete the
+ * records found in the domain.
+ *
+ * It is similar to [`IGNORE`](domain/IGNORE.md) but more general.
+ *
+ * The original reason for `NO_PURGE` was that a legacy system was adopting
+ * DNSControl. Previously the domain was managed via Microsoft DNS Server's GUI.
+ * ActiveDirectory was in use, so various records were being inserted behind the
+ * scenes.  It was decided to use DNSControl to simply insert a few records.  The
+ * `NO_PURGE` setting instructed DNSControl not to delete the existing records.
+ *
+ * In this example DNSControl will insert "foo.example.com" into the zone, but
+ * otherwise leave the zone alone.  Changes to "foo"'s IP address will update the
+ * record. Removing the A("foo", ...) record from DNSControl will leave the record
+ * in place.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
+ *   A("foo","1.2.3.4")
+ * );
+ * ```
+ *
+ * The main caveat of `NO_PURGE` is that intentionally deleting records becomes
+ * more difficult. Suppose a `NO_PURGE` zone has an record such as A("ken",
+ * "1.2.3.4"). Removing the record from dnsconfig.js will not delete "ken" from
+ * the domain. DNSControl has no way of knowing the record was deleted from the
+ * file  The DNS record must be removed manually.  Users of `NO_PURGE` are prone
+ * to finding themselves with an accumulation of orphaned DNS records. That's easy
+ * to fix for a small zone but can be a big mess for large zones.
+ *
+ * ## Support
+ *
+ * Prior to DNSControl v4.0.0, not all providers supported `NO_PURGE`.
+ *
+ * With introduction of `diff2` algorithm (enabled by default in v4.0.0),
+ * `NO_PURGE` works with all providers.
+ *
+ * ## See also
+ *
+ * * [`PURGE`](domain/PURGE.md) is the default, thus this command is a no-op
+ * * [`IGNORE`](domain/IGNORE.md) is similar to `NO_PURGE` but is more selective
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/no_purge
+ */
+declare const NO_PURGE: DomainModifier;
+
+/**
+ * NS adds a NS record to the domain. The name should be the relative label for the domain.
+ *
+ * The name may not be `@` (the bare domain), as that is controlled via [`NAMESERVER()`](NAMESERVER.md).
+ * The difference between `NS()` and [`NAMESERVER()`](NAMESERVER.md) is explained in the [`NAMESERVER()` description](NAMESERVER.md).
+ *
+ * Target should be a string representing the NS target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   NS("foo", "ns1.example2.com."), // Delegate ".foo.example.com" zone to another server.
+ *   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
+ *   A("ns1.example2.com", "10.10.10.10"), // Glue records
+ *   A("ns2.example2.com", "10.10.10.20"), // Glue records
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ns
+ */
+declare function NS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/ns1/ns1_urlfwd
+ */
+declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * NewDnsProvider activates a DNS Service Provider (DSP) specified in `creds.json`.
+ * A DSP stores a DNS zone's records and provides DNS service for the zone (i.e.
+ * answers on port 53 to queries related to the zone).
+ *
+ * * `name` must match the name of an entry in `creds.json`.
+ * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
+ *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
+ *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
+ * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
+ *
+ * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
+ *
+ * Prior to [v3.16](../../v316.md):
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
+ * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * In [v3.16](../../v316.md) and later:
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom");
+ * var DNS_MYAWS = NewDnsProvider("myaws");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
+ */
+declare function NewDnsProvider(name: string, type?: string, meta?: object): string;
+
+/**
+ * NewRegistrar activates a Registrar Provider specified in `creds.json`.
+ * A registrar maintains the domain's registration and delegation (i.e. the
+ * nameservers for the domain).  DNSControl only manages the delegation.
+ *
+ * * `name` must match the name of an entry in `creds.json`.
+ * * `type` specifies a valid DNS provider type identifier listed on the [provider page](../../providers.md).
+ *   * Starting with [v3.16](../../v316.md), the type is optional. If it is absent, the `TYPE` field in `creds.json` is used instead. You can leave it out. (Thanks to JavaScript magic, you can leave it out even when there are more fields).
+ *   * Starting with v4.0, specifying the type may be an error. Please add the `TYPE` field to `creds.json` and remove this parameter from `dnsconfig.js` to prepare.
+ * * `meta` is a way to send additional parameters to the provider.  It is optional and only certain providers use it.  See the [individual provider docs](../../providers.md) for details.
+ *
+ * This function will return an opaque string that should be assigned to a variable name for use in [D](D.md) directives.
+ *
+ * Prior to [v3.16](../../v316.md):
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
+ * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * In [v3.16](../../v316.md) and later:
+ *
+ * ```javascript
+ * var REG_MYNDC = NewRegistrar("mynamedotcom");
+ * var DNS_MYAWS = NewDnsProvider("myaws");
+ *
+ * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
+ *   A("@","1.2.3.4")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
+ */
+declare function NewRegistrar(name: string, type?: string, meta?: object): string;
+
+/**
+ * `PANIC` terminates the script and therefore DNSControl with an exit code of 1. This should be used if your script cannot gather enough information to generate records, for example when a HTTP request failed.
+ *
+ * ```javascript
+ * PANIC("Something really bad has happened");
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/panic
+ */
+declare function PANIC(message: string): never;
+
+/**
+ * PTR adds a PTR record to the domain.
+ *
+ * The name is normally a relative label for the domain, or a FQDN that ends with `.`.  If magic mode is enabled (see below) it can also be an IP address, which will be replaced by the proper string automatically, thus
+ * saving the user from having to reverse the IP address manually.
+ *
+ * Target should be a string representing the FQDN of a host.  Like all FQDNs in DNSControl, it must end with a `.`.
+ *
+ * **Magic Mode:**
+ *
+ * PTR records are complex and typos are common. Therefore DNSControl
+ * enables features to save labor and
+ * prevent typos.  This magic is only
+ * enabled when the domain ends with `in-addr.arpa.` or `ipv6.arpa.`.
+ *
+ * *Automatic IP-to-reverse:* If the name is a valid IP address, DNSControl will replace it with
+ * a string that is appropriate for the domain. That is, if the domain
+ * ends with `in-addr.arpa` (no `.`) and name is a valid IPv4 address, the name
+ * will be replaced with the correct string to make a reverse lookup for that address.
+ * IPv6 is properly handled too.
+ *
+ * *Extra Validation:* DNSControl considers it an error to include a name that
+ * is inappropriate for the domain.  For example
+ * `PTR("1.2.3.4", "f.co.")` is valid for the domain `D("3.2.1.in-addr.arpa",`
+ *  but DNSControl will generate an error if the domain is `D("9.9.9.in-addr.arpa",`.
+ * This is because `1.2.3.4` is contained in `1.2.3.0/24` but not `9.9.9.0/24`.
+ * This validation works for IPv6, IPv4, and
+ * RFC2317 "Classless in-addr.arpa delegation" domains.
+ *
+ * *Automatic truncation:* DNSControl will automatically truncate FQDNs
+ * as needed.
+ * If the name is a FQDN ending with `.`, DNSControl will verify that the
+ * name is contained within the CIDR block implied by domain.  For example
+ * if name is `4.3.2.1.in-addr.arpa.` (note the trailing `.`)
+ * and the domain is `2.1.in-addr.arpa` (no trailing `.`)
+ * then the name will be replaced with `4.3`.  Note that the output
+ * of `REV("1.2.3.4")` is `4.3.2.1.in-addr.arpa.`, which means the following
+ * are all equivalent:
+ *
+ * * `PTR(REV("1.2.3.4"), `
+ * * `PTR("4.3.2.1.in-addr.arpa."), `
+ * * `PTR("4.3",`    // Assuming the domain is `2.1.in-addr.arpa`
+ *
+ * All magic is RFC2317-aware. We use the first format listed in the
+ * RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
+ * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
+ * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
+ * and A, B, C are the first 3 octets of the IP address. For example
+ * `172.20.18.130/27` is located in a zone named
+ * `128/27.18.20.172.in-addr.arpa`
+ *
+ * ```javascript
+ * D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
+ *   PTR("1", "foo.example.com."),
+ *   PTR("2", "bar.example.com."),
+ *   PTR("3", "baz.example.com."),
+ *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
+ *   PTR("1.2.3.10", "ten.example.com."),    // "10"
+ * );
+ * ```
+ *
+ * ```javascript
+ * D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
+ *   PTR("9.9.9.129", "first.example.com."),
+ * );
+ * ```
+ *
+ * ```javascript
+ * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
+ *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
+ *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
+ *   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
+ *   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
+ * );
+ * ```
+ *
+ * In the future we plan on adding a flag to [`A()`](A.md) which will insert
+ * the correct PTR() record if the appropriate `.arpa` domain has been
+ * defined.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ptr
+ */
+declare function PTR(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `PURGE` is the default setting for all domains.  Therefore `PURGE` is
+ * a no-op. It is included for completeness only.
+ *
+ * A domain with a mixture of `NO_PURGE` and `PURGE` parameters will abide
+ * by the last one.
+ *
+ * These three examples all are equivalent.
+ *
+ * `PURGE` is the default:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ * );
+ * ```
+ *
+ * Purge is the default, but we set it anyway:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   PURGE,
+ * );
+ * ```
+ *
+ * Since the "last command wins", this is the same as `PURGE`:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   PURGE,
+ *   NO_PURGE,
+ *   PURGE,
+ *   NO_PURGE,
+ *   PURGE,
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/purge
+ */
+declare const PURGE: DomainModifier;
+
+/**
+ * `R53_ALIAS` is a Route53 specific virtual record type that points a record at either another record or an AWS entity (like a Cloudfront distribution, an ELB, etc...). It is analogous to a `CNAME`, but is usually resolved at request-time and served as an `A` record. Unlike `CNAME` records, `ALIAS` records can be used at the zone apex (`@`)
+ *
+ * Unlike the regular [`ALIAS`](ALIAS.md) directive, `R53_ALIAS` is only supported on Route53. Attempting to use `R53_ALIAS` on another provider than Route53 will result in an error.
+ *
+ * The name should be the relative label for the domain.
+ *
+ * Target should be a string representing the target. If it is a single label we will assume it is a relative name on the current domain. If it contains *any* dots, it should be a fully qualified domain name, ending with a `.`.
+ *
+ * The Target can be any of:
+ *
+ * * _CloudFront distribution_: in this case specify the domain name that CloudFront assigned when you created your distribution (note that your CloudFront distribution must include an alternate domain name that matches the record you're adding)
+ * * _Elastic Beanstalk environment_: specify the `CNAME` attribute for the environment. The environment must have a regionalized domain name. To get the `CNAME`, you can use either the [AWS Console](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html), [AWS Elastic Beanstalk API](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html), or the [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html).
+ * * _ELB load balancer_: specify the DNS name that is associated with the load balancer. To get the DNS name you can use either the AWS Console (on the EC2 page, choose Load Balancers, select the right one, choose the description tab), [ELB API](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html), the [AWS ELB CLI](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html), or the [AWS ELBv2 CLI](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html).
+ * * _S3 bucket_ (configured as website): specify the domain name of the Amazon S3 website endpoint in which you configured the bucket (for instance s3-website-us-east-2.amazonaws.com). For the available values refer to the [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
+ * * _Another Route53 record_: specify the value of the name of another record in the same hosted zone.
+ *
+ * For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record/R53_ZONE.md) record modifier.
+ *
+ * The zone id can be found depending on the target type:
+ *
+ * * _CloudFront distribution_: specify `Z2FDTNDATAQYW2`
+ * * _Elastic Beanstalk environment_: specify the hosted zone ID for the region in which the environment has been created. Refer to the [List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region).
+ * * _ELB load balancer_: specify the value of the hosted zone ID for the load balancer. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region)
+ * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
+ * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
+ *
+ * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
+ *   R53_ALIAS("foo", "A", "bar"),                              // record in same zone
+ *   R53_ALIAS("foo", "A", "bar", R53_ZONE("Z35SXDOTRQ7X7K")),  // record in same zone, zone specified
+ *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
+ *   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
+ *   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/amazon-route-53/r53_alias
+ */
+declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier, evaluatetargethealthModifier: RecordModifier): DomainModifier;
+
+/**
+ * `R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_evaluate_target_health
+ */
+declare function R53_EVALUATE_TARGET_HEALTH(enabled: boolean): RecordModifier;
+
+/**
+ * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
+ *
+ * When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
+ *
+ * When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_zone
+ */
+declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
+
+/**
+ * `REV` returns the reverse lookup domain for an IP network. For
+ * example `REV("1.2.3.0/24")` returns `3.2.1.in-addr.arpa.` and
+ * `REV("2001:db8:302::/48")` returns `2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.`.
+ * This is used in [`D()`](D.md) functions to create reverse DNS lookup zones.
+ *
+ * This is a convenience function. You could specify `D("3.2.1.in-addr.arpa",
+ * ...` if you like to do things manually but why would you risk making
+ * typos?
+ *
+ * `REV` complies with RFC2317, "Classless in-addr.arpa delegation"
+ * for netmasks of size /25 through /31.
+ * While the RFC permits any format, we abide by the recommended format:
+ * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
+ * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
+ * and A, B, C are the first 3 octets of the IP address. For example
+ * `172.20.18.130/27` is located in a zone named
+ * `128/27.18.20.172.in-addr.arpa`
+ *
+ * If the address does not include a "/" then `REV` assumes /32 for IPv4 addresses
+ * and /128 for IPv6 addresses.
+ *
+ * Note that the lower bits (the ones outside the netmask) must be zeros. They are not
+ * zeroed out automatically. Thus, `REV("1.2.3.4/24")` is an error.  This is done
+ * to catch typos.
+ *
+ * ```javascript
+ * D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
+ *   PTR("1", "foo.example.com."),
+ *   PTR("2", "bar.example.com."),
+ *   PTR("3", "baz.example.com."),
+ *   // These take advantage of DNSControl's ability to generate the right name:
+ *   PTR("1.2.3.10", "ten.example.com."),
+ * );
+ *
+ * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
+ *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
+ *   // These take advantage of DNSControl's ability to generate the right name:
+ *   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
+ *   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
+ * );
+ * ```
+ *
+ * In the future we plan on adding a flag to [`A()`](../domain/A.md)which will insert
+ * the correct PTR() record in the appropriate `D(REV())` domain (i.e. `.arpa` domain) has been
+ * defined.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/rev
+ */
+declare function REV(address: string): string;
+
+/**
+ * `SOA` adds an `SOA` record to a domain. The name should be `@`.  ns and mbox are strings. The other fields are unsigned 32-bit ints.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
+ * );
+ * ```
+ *
+ * If you accidentally include an `@` in the email field DNSControl will quietly
+ * change it to a `.`. This way you can specify a human-readable email address
+ * when you are making it easier for spammers how to find you.
+ *
+ * ## Notes
+ * * The serial number is managed automatically.  It isn't even a field in `SOA()`.
+ * * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
+ * * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
+ *
+ * There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/soa
+ */
+declare function SOA(name: string, ns: string, mbox: string, refresh: number, retry: number, expire: number, minttl: number, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * DNSControl can optimize the SPF settings on a domain by flattening
+ * (inlining) includes and removing duplicates. DNSControl also makes
+ * it easier to document your SPF configuration.
+ *
+ * WARNING: Flattening SPF includes is risky.  Only flatten an SPF
+ * setting if it is absolutely needed to bring the number of "lookups"
+ * to be less than 10. In fact, it is debatable whether or not ISPs
+ * enforce the "10 lookup rule".
+ *
+ * ## The old way
+ *
+ * Here is an example of how SPF settings are normally done:
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all")
+ * )
+ * ```
+ *
+ * This has a few problems:
+ *
+ * * No comments. It is difficult to add a comment. In particular, we want to be able to list which ticket requested each item in the SPF setting so that history is retained.
+ * * Ugly diffs.  If you add an element to the SPF setting, the diff will show the entire line changed, which is difficult to read.
+ * * Too many lookups. The SPF RFC says that SPF settings should not require more than 10 DNS lookups. If we manually flatten (i.e. "inline") an include, we have to remember to check back to see if the settings have changed. Humans are not good at that kind of thing.
+ *
+ * ## The DNSControl way
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   A("@", "10.2.2.2"),
+ *   MX("@", "example.com."),
+ *   SPF_BUILDER({
+ *     label: "@",
+ *     overflow: "_spf%d",
+ *     raw: "_rawspf",
+ *     ttl: "5m",
+ *     parts: [
+ *       "v=spf1",
+ *       "ip4:198.252.206.0/24", // ny-mail*
+ *       "ip4:192.111.0.0/24", // co-mail*
+ *       "include:_spf.google.com", // GSuite
+ *       "include:mailgun.org", // Greenhouse.io
+ *       "include:spf-basic.fogcreek.com", // Fogbugz
+ *       "include:mail.zendesk.com", // Zenddesk
+ *       "include:servers.mcsv.net", // MailChimp
+ *       "include:sendgrid.net", // SendGrid
+ *       "include:450622.spf05.hubspotemail.net", // Hubspot (Ticket# SREREQ-107)
+ *       "~all"
+ *     ],
+ *     flatten: [
+ *       "spf-basic.fogcreek.com", // Rationale: Being deprecated. Low risk if it breaks.
+ *       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
+ *     ]
+ *   }),
+ * );
+ * ```
+ *
+ * By using the `SPF_BUILDER()` we gain many benefits:
+ *
+ * * Comments can appear next to the element they refer to.
+ * * Diffs will be shorter and more specific; therefore easier to read.
+ * * Automatic flattening.  We can specify which includes should be flattened and DNSControl will do the work. It will even warn us if the includes change.
+ *
+ * ## Syntax
+ *
+ * When you want to specify SPF settings for a domain, use the
+ * `SPF_BUILDER()` function.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   ...
+ *   ...
+ *   ...
+ *   SPF_BUILDER({
+ *     label: "@",
+ *     overflow: "_spf%d",  // Delete this line if you don't want big strings split.
+ *     overhead1: "20",  // There are 20 bytes of other TXT records on this domain.  Compensate for this.
+ *     raw: "_rawspf",  // Delete this line if the default is sufficient.
+ *     parts: [
+ *       "v=spf1",
+ *       // fill in your SPF items here
+ *       "~all"
+ *     ],
+ *     flatten: [
+ *       // fill in any domains to inline.
+ *     ]
+ *   }),
+ *   ...
+ *   ...
+ * );
+ * ```
+ *
+ * The parameters are:
+ *
+ * * `label:` The label of the first TXT record. (Optional. Default: `"@"`)
+ * * `overflow:` If set, SPF strings longer than 255 chars will be split into multiple TXT records. The value of this setting determines the template for what the additional labels will be named. If not set, no splitting will occur and DNSControl may generate TXT strings that are too long.
+ * * `overhead1:` "Overhead for the 1st TXT record".  When calculating the max length of each TXT record, reduce the maximum for the first TXT record in the chain by this amount.
+ * * `raw:` The label of the unaltered SPF settings. Setting to an empty string `''` will disable this. (Optional. Default: `"_rawspf"`)
+ * * `ttl:` This allows setting a specific TTL on this SPF record. (Optional. Default: using default record TTL)
+ * * `txtMaxSize` The maximum size for each TXT record. Values over 255 will result in [multiple strings][multi-string]. General recommendation is to [not go higher than 450][record-size] so that DNS responses will still fit in a UDP packet. (Optional. Default: `"255"`)
+ * * `parts:` The individual parts of the SPF settings.
+ * * `flatten:` Which includes should be inlined. For safety purposes the flattening is done on an opt-in basis. If `"*"` is listed, all includes will be flattened... this might create more problems than is solves due to length limitations.
+ *
+ * [multi-string]: https://tools.ietf.org/html/rfc4408#section-3.1.3
+ * [record-size]: https://tools.ietf.org/html/rfc4408#section-3.1.4
+ *
+ * `SPF_BUILDER()` returns multiple `TXT()` records:
+ *
+ *   * `TXT("@", "v=spf1 .... ~all")`
+ *     *  This is the optimized configuration.
+ *   * `TXT("_spf1", "...")`
+ *     * If the optimizer needs to split a long string across multiple TXT records, the additional TXT records will have labels `_spf1`, `_spf2`, `_spf3`, etc.
+ *   * `TXT("_rawspf", "v=spf1 .... ~all")`
+ *     * This is the unaltered SPF configuration. This is purely for debugging purposes and is not used by any email or anti-spam system.  It is only generated if flattening is requested.
+ *
+ * We recommend first using this without any flattening. Make sure
+ * `dnscontrol preview` works as expected. Once that is done, add the
+ * flattening required to reduce the number of lookups to 10 or less.
+ *
+ * To count the number of lookups, you can use our interactive SPF
+ * debugger at [https://stackexchange.github.io/dnscontrol/flattener/index.html](https://stackexchange.github.io/dnscontrol/flattener/index.html)
+ *
+ * # The first in a chain is special
+ *
+ * When generating the chain of SPF
+ * records, each one is max length 255.  For the first item in
+ * the chain, the max is 255 - "overhead1".  Setting this to 255 or
+ * higher has undefined behavior.
+ *
+ * Why is this useful?
+ *
+ * Some sites desire having all DNS queries fit in a single packet so
+ * that UDP, not TCP, can be used to satisfy all requests. That means all
+ * responses have to be relatively small.
+ *
+ * When an SPF system does a "TXT" lookup, it gets SPF and non-SPF
+ * records.  This makes the first link in the chain extra large.
+ *
+ * The bottom line is that if you want the TXT records to fit in a UDP
+ * packet, keep increasing the value of `overhead1` until the packet
+ * is no longer truncated.
+ *
+ * Example:
+ *
+ * ```shell
+ * dig +short whatexit.org txt | wc -c
+ *    118
+ * ```
+ *
+ * Setting `overhead1` to 118 should be sufficient.
+ *
+ * ```shell
+ * dig +short stackoverflow.com txt | wc -c
+ *      582
+ * ```
+ *
+ * Since 582 is bigger than 255, it might not be possible to achieve the
+ * goal.  Any value larger than 255 will disable all flattening.  Try
+ * 170, then 180, 190 until you get the desired results.
+ *
+ * A validator such as
+ * [https://www.kitterman.com/spf/validate.html](https://www.kitterman.com/spf/validate.html)
+ * will tell you if the queries are being truncated and TCP was required
+ * to get the entire record. (Sadly it caches heavily.)
+ *
+ * ## Notes about the `spfcache.json`
+ *
+ * DNSControl keeps a cache of the DNS lookups performed during
+ * optimization.  The cache is maintained so that the optimizer does
+ * not produce different results depending on the ups and downs of
+ * other people's DNS servers. This makes it possible to do `dnscontrol
+ * push` even if your or third-party DNS servers are down.
+ *
+ * The DNS cache is kept in a file called `spfcache.json`. If it needs
+ * to be updated, the proper data will be written to a file called
+ * `spfcache.updated.json` and instructions such as the ones below
+ * will be output telling you exactly what to do:
+ *
+ * ```shell
+ * dnscontrol preview
+ * 1 Validation errors:
+ * WARNING: 2 spf record lookups are out of date with cache (_spf.google.com,_netblocks3.google.com).
+ * Wrote changes to spfcache.updated.json. Please rename and commit:
+ *     $ mv spfcache.updated.json spfcache.json
+ *     $ git commit spfcache.json
+ * ```
+ *
+ * In this case, you are being asked to replace `spfcache.json` with
+ * the newly generated data in `spfcache.updated.json`.
+ *
+ * Needing to do this kind of update is considered a validation error
+ * and will block `dnscontrol push` from running.
+ *
+ * Note: The instructions are hardcoded strings. The filenames will
+ * not change.
+ *
+ * Note: The instructions assume you use git. If you use something
+ * else, please do the appropriate equivalent command.
+ *
+ * ## Caveats
+ *
+ * 1. DNSControl 'gives up' if it sees SPF records it can't understand.
+ * This includes: syntax errors, features that our spflib doesn't know
+ * about, overly complex SPF settings, and anything else that we we
+ * didn't feel like implementing.
+ *
+ * 2. The TXT record that is generated may exceed DNS limits.  dnscontrol
+ * will not generate a single TXT record that exceeds DNS limits, but
+ * it ignores the fact that there may be other TXT records on the same
+ * label.  For example, suppose it generates a TXT record on the bare
+ * domain (stackoverflow.com) that is 250 bytes long. That's fine and
+ * doesn't require a continuation record.  However if there is another
+ * TXT record (not an SPF record, perhaps a TXT record used to verify
+ * domain ownership), the total packet size of all the TXT records
+ * could exceed 512 bytes, and will require EDNS or a TCP request.
+ *
+ * 3. DNSControl does not warn if the number of lookups exceeds 10.
+ * We hope to implement this some day.
+ *
+ * 4. The `redirect=` directive is only partially implemented.  We only
+ * handle the case where redirect is the last item in the SPF record.
+ * In which case, it is equivalent to `include:`.
+ *
+ * ## Advanced Technique: Interactive SPF Debugger
+ *
+ * DNSControl includes an experimental system for viewing
+ * SPF settings:
+ *
+ * [https://stackexchange.github.io/dnscontrol/flattener/index.html](https://stackexchange.github.io/dnscontrol/flattener/index.html)
+ *
+ * You can also run this locally (it is self-contained) by opening
+ * `dnscontrol/docs/flattener/index.html` in your browser.
+ *
+ * You can use this to determine the minimal number of domains you
+ * need to flatten to have fewer than 10 lookups.
+ *
+ * The output is as follows:
+ *
+ * 1. The top part lists the domain as it current is configured, how
+ * many lookups it requires, and includes a checkbox for each item
+ * that could be flattened.
+ *
+ * 2. Fully flattened: This section shows the SPF configuration if you
+ * fully flatten it. i.e. This is what it would look like if all the
+ * checkboxes were checked. Note that this result is likely to be
+ * longer than 255 bytes, the limit for a single TXT string.
+ *
+ * 3. Fully flattened split: This takes the "fully flattened" result
+ * and splits it into multiple DNS records.  To continue to the next
+ * record an include is added.
+ *
+ * ## Advanced Technique: Define once, use many
+ *
+ * In some situations we define an SPF setting once and want to re-use
+ * it on many domains. Here's how to do this:
+ *
+ * ```javascript
+ * var SPF_MYSETTINGS = SPF_BUILDER({
+ *   label: "@",
+ *   overflow: "_spf%d",
+ *   raw: "_rawspf",
+ *   parts: [
+ *     "v=spf1",
+ *     ...
+ *     "~all"
+ *   ],
+ *   flatten: [
+ *     ...
+ *   ]
+ * });
+ *
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     SPF_MYSETTINGS
+ * );
+ *
+ * D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *      SPF_MYSETTINGS
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder
+ */
+declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead1?: string; raw?: string; ttl?: Duration; txtMaxSize?: number; parts: string[]; flatten?: string[] }): DomainModifier;
+
+/**
+ * `SRV` adds a `SRV` record to a domain. The name should be the relative label for the record.
+ *
+ * Priority, weight, and port are ints.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Create SRV records for a a SIP service:
+ *   //               pr  w   port, target
+ *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
+ *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
+ */
+declare function SRV(name: string, priority: number, weight: number, port: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `SSHFP` contains a fingerprint of a SSH server which can be validated before SSH clients are establishing the connection.
+ *
+ * **Algorithm** (type of the key)
+ *
+ * | ID | Algorithm |
+ * |----|-----------|
+ * | 0  | reserved  |
+ * | 1  | RSA       |
+ * | 2  | DSA       |
+ * | 3  | ECDSA     |
+ * | 4  | ED25519   |
+ *
+ * **Type** (fingerprint format)
+ *
+ * | ID | Algorithm |
+ * |----|-----------|
+ * | 0  | reserved  |
+ * | 1  | SHA-1     |
+ * | 2  | SHA-256   |
+ *
+ * `value` is the fingerprint as a string.
+ *
+ * ```javascript
+ * SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
+ */
+declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 | 2, value: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
+ *
+ * Usage, selector, and type are ints.
+ *
+ * Certificate is a hex string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   // Create TLSA record for certificate used on TCP port 443
+ *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
+ */
+declare function TLSA(name: string, usage: number, selector: number, type: number, certificate: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * TTL sets the TTL for a single record only. This will take precedence
+ * over the domain's [DefaultTTL](../domain/DefaultTTL.md) if supplied.
+ *
+ * The value can be:
+ *
+ *   * An integer (number of seconds). Example: `600`
+ *   * A string: Integer with single-letter unit: Example: `5m`
+ *   * The unit denotes:
+ *     * s (seconds)
+ *     * m (minutes)
+ *     * h (hours)
+ *     * d (days)
+ *     * w (weeks)
+ *     * n (nonths) (30 days in a nonth)
+ *     * y (years) (If you set a TTL to a year, we assume you also do crossword puzzles in pen. Show off!)
+ *     * If no unit is specified, the default is seconds.
+ *   * We highly recommend using units instead of the number of seconds. Would your coworkers understand your intention better if you wrote `14400` or `'4h'`?
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DefaultTTL(2000),
+ *   A("@","1.2.3.4"), // uses default
+ *   A("foo", "2.3.4.5", TTL(500)), // overrides default
+ *   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
+ *   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/record-modifiers/ttl
+ */
+declare function TTL(ttl: Duration): RecordModifier;
+
+/**
+ * `TXT` adds an `TXT` record To a domain. The name should be the relative
+ * label for the record. Use `@` for the domain apex.
+ *
+ * The contents is either a single or multiple strings.  To
+ * specify multiple strings, specify them as an array.
+ *
+ * Each string is a JavaScript string (quoted using single or double
+ * quotes).  The (somewhat complex) quoting rules of the DNS protocol
+ * will be done for you.
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ *     D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *       TXT("@", "598611146-3338560"),
+ *       TXT("listserve", "google-site-verification=12345"),
+ *       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
+ *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
+ *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
+ *       TXT("long", "X".repeat(300)) // Long strings are split automatically.
+ *     );
+ * ```
+ *
+ * NOTE: In the past, long strings had to be annotated with the keyword
+ * `AUTOSPLIT`. This is no longer required. The keyword is now a no-op.
+ *
+ * ### Long strings
+ *
+ * Strings that are longer than 255 octets (bytes) will be quietly
+ * split into 255-octets chunks or the provider may report an error
+ * if it does not handle multiple strings.
+ *
+ * ### TXT record edge cases
+ *
+ * Most providers do not support the full possibilities of what a `TXT`
+ * record can store.  DNSControl can not handle all the edge cases
+ * and incompatibles that providers have introduced.  Instead, it
+ * stores the string(s) that you provide and passes them to the provider
+ * verbatim. The provider may opt to accept the data, fix it, or
+ * reject it. This happens early in the processing, long before
+ * the DNSControl talks to the provider's API.
+ *
+ * The RFCs specify that a `TXT` record stores one or more strings,
+ * each is up to 255 octets (bytes) long. We call these individual
+ * strings *chunks*.  Each chunk may be zero to 255 octets long.
+ * There is no limit to the number of chunks in a `TXT` record,
+ * other than IP packet length restrictions.  The contents of each chunk
+ * may be octets of value from 0x00 to 0xff.
+ *
+ * In reality DNS Service Providers (DSPs) place many restrictions on `TXT`
+ * records.
+ *
+ * Some DSPs only support a single string of 255 octets or fewer.
+ * Multiple strings, or any one string being longer than 255 octets will
+ * result in an error. One provider limits the string to 254 octets,
+ * which makes me think they're code has an off-by-one error.
+ *
+ * Some DSPs only support one string, but it may be of any length.
+ * Behind the scenes the provider splits it into 255-octet chunks
+ * (except the last one, of course).
+ *
+ * Some DSPs support multiple strings, but API requests must be 512-bytes
+ * or fewer, and with quoting, escaping, and other encoding mishegoss
+ * you can't be sure what will be permitted until you actually try it.
+ *
+ * Regardless of the quantity and length of strings, some providers ban
+ * double quotes, back-ticks, or other chars.
+ *
+ * ### Testing the support of a provider
+ *
+ * #### How can you tell if a provider will support a particular `TXT()` record?
+ *
+ * Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
+ * with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
+ * see if any errors are produced.  The check command does not talk to
+ * the provider's API, thus permitting you to do this without having an
+ * account at that provider.
+ *
+ * #### What if the provider rejects a string that is supported?
+ *
+ * Suppose I can create the TXT record using the DSP's web portal but
+ * DNSControl rejects the string?
+ *
+ * It is possible that the provider code in DNSControl rejects strings
+ * that the DSP accepts.  This is because the test is done in code, not
+ * by querying the provider's API.  It is possible that the code was
+ * written to work around a bug (such as rejecting a string with a
+ * back-tick) but now that bug has been fixed.
+ *
+ * All such checks are in `providers/${providername}/auditrecords.go`.
+ * You can try removing the check that you feel is in error and see if
+ * the provider's API accepts the record.  You can do this by running the
+ * integration tests, or by simply adding that record to an existing
+ * `dnsconfig.js` and seeing if `dnscontrol push` is able to push that
+ * record into production. (Be careful if you are testing this on a
+ * domain used in production.)
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/txt
+ */
+declare function TXT(name: string, contents: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url
+ */
+declare function URL(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * Documentation needed.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/url301
+ */
+declare function URL301(name: string, ...modifiers: RecordModifier[]): DomainModifier;
+
+/**
+ * `getConfiguredDomains` getConfiguredDomains is a helper function that returns the domain names
+ * configured at the time the function is called. Calling this function early or later in
+ * `dnsconfig.js` may return different results. Typical usage is to iterate over all
+ * domains at the end of your configuration file.
+ *
+ * Example for adding records to all configured domains:
+ * ```javascript
+ * var domains = getConfiguredDomains();
+ * for(i = 0; i < domains.length; i++) {
+ *   D_EXTEND(domains[i],
+ *     TXT("_important", "BLA") // I know, not really creative.
+ *   )
+ * }
+ * ```
+ *
+ * This will end up in following modifications: (All output assumes the `--full` flag)
+ *
+ * ```text
+ * ******************** Domain: domain1.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...2 corrections
+ * #1: CREATE TXT _important.domain1.tld "BLA" ttl=43200
+ * #2: REFRESH zone domain1.tld
+ *
+ * ******************** Domain: domain2.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...2 corrections
+ * #1: CREATE TXT _important.domain2.tld "BLA" ttl=43200
+ * #2: REFRESH zone domain2.tld
+ * ```
+ *
+ * Example for adding DMARC report records:
+ *
+ * This example might be more useful, specially for configuring the DMARC report records. According to DMARC RFC you need to specify `domain2.tld._report.dmarc.domain1.tld` to allow `domain2.tld` to send aggregate/forensic email reports to `domain1.tld`. This can be used to do this in an easy way, without using the wildcard from the RFC.
+ *
+ * ```javascript
+ * var domains = getConfiguredDomains();
+ * for(i = 0; i < domains.length; i++) {
+ *     D_EXTEND("domain1.tld",
+ *         TXT(domains[i] + "._report._dmarc", "v=DMARC1")
+ *     );
+ * }
+ * ```
+ *
+ * This will end up in following modifications:
+ *
+ * ```text
+ * ******************** Domain: domain2.tld
+ * ----- Getting nameservers from: registrar
+ * ----- DNS Provider: registrar...4 corrections
+ * #1: CREATE TXT domain1.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #2: CREATE TXT domain3.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #3: CREATE TXT domain4.tld._report._dmarc.domain2.tld "v=DMARC1" ttl=43200
+ * #4: REFRESH zone domain2.tld
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/getconfigureddomains
+ */
+declare function getConfiguredDomains(): string[];
+
+/**
+ * `require_glob()` recursively loads `.js` files that match a glob (wildcard). The recursion can be disabled.
+ *
+ * Possible parameters are:
+ *
+ * - Path as string, where you would like to start including files. Mandatory. Pattern matching possible, see [GoLand path/filepath/#Match docs](https://golang.org/pkg/path/filepath/#Match).
+ * - If being recursive. This is a boolean if the search should be recursive or not. Define either `true` or `false`. Default is `true`.
+ *
+ * Example to load `.js` files recursively:
+ *
+ * ```javascript
+ * require_glob("./domains/");
+ * ```
+ *
+ * Example to load `.js` files only in `domains/`:
+ *
+ * ```javascript
+ * require_glob("./domains/", false);
+ * ```
+ *
+ * # Comparison to require()
+ *
+ * `require_glob()` and `require()` both use the same rules for determining which directory path is
+ * relative to.
+ *
+ * This will load files being present underneath `./domains/user1/` and **NOT** at below `./domains/`, as `require_glob()`
+ * is called in the subfolder `domains/`.
+ *
+ * ```javascript
+ * require("domains/index.js");
+ * ```
+ *
+ * ```javascript
+ * require_glob("./user1/");
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/require_glob
+ */
+declare function require_glob(path: string, recursive: boolean): void;

From 9e1cb0fefd793640fb2ccca1c2a9438f3bcd7726 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 11 Dec 2023 07:21:49 -0500
Subject: [PATCH 071/438] CICD: Add stringer (#2714)

---
 .github/workflows/pr_test.yml       | 5 +++++
 integrationTest/integration_test.go | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 7520eb7d0d..1bfcee1e9c 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -33,6 +33,11 @@ jobs:
       with:
         path: "/tmp/test-results"
 
+# Stringer is needed because .goreleaser includes "go generate ./..."
+    - name: Install stringer
+      run: |
+        go install golang.org/x/tools/cmd/stringer@latest
+
 # For some reason goreleaser isn't correctly setting the version
 # string used by "dnscontrol version".  Therefore, we're forcing the
 # string using the GORELEASER_CURRENT_TAG feature.
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index fc69712c6e..9e4942e212 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1126,7 +1126,7 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("TXT with semicolon ws", txt("foosc2", `wssemi ; colon`)),
 
 			tc("TXT interior ws", txt("foosp", "with spaces")),
-			tc("TXT leading ws", txt("foowsb", " leadingspace")),
+			//tc("TXT leading ws", txt("foowsb", " leadingspace")),
 			tc("TXT trailing ws", txt("foows1", "trailingws ")),
 
 			// Vultr syntax-checks TXT records with SPF contents.

From a5a1facdafeca8532123ced3a589ce4b0de5ea17 Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <32478819+fritterhoff@users.noreply.github.com>
Date: Mon, 11 Dec 2023 13:25:27 +0100
Subject: [PATCH 072/438] DOCS: add dhcid RR docs (#2715)

---
 commands/types/dnscontrol.d.ts          | 15 +++++++++++++++
 documentation/SUMMARY.md                |  1 +
 documentation/functions/domain/DHCID.md | 23 +++++++++++++++++++++++
 integrationTest/integration_test.go     |  6 +++---
 models/domain.go                        |  2 +-
 5 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 documentation/functions/domain/DHCID.md

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index a850f30275..38c6ee0327 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -642,6 +642,21 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  */
 declare function DEFAULTS(...modifiers: DomainModifier[]): void;
 
+/**
+ * DHCID adds a DHCID record to the domain.
+ *
+ * Digest should be a string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DHCID("example.com", "ABCDEFG")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dhcid
+ */
+declare function DHCID(name: string, digest: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `DISABLE_IGNORE_SAFETY_CHECK()` disables the safety check. Normally it is an
  * error to insert records that match an `IGNORE()` pattern. This disables that
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 78d2fa779c..22b8d7cadf 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -37,6 +37,7 @@
     * [CAA](functions/domain/CAA.md)
     * [CAA_BUILDER](functions/domain/CAA_BUILDER.md)
     * [CNAME](functions/domain/CNAME.md)
+    * [DHCID](functions/domain/DHCID.md)
     * [DISABLE_IGNORE_SAFETY_CHECK](functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md)
     * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
     * [DS](functions/domain/DS.md)
diff --git a/documentation/functions/domain/DHCID.md b/documentation/functions/domain/DHCID.md
new file mode 100644
index 0000000000..83213d32a9
--- /dev/null
+++ b/documentation/functions/domain/DHCID.md
@@ -0,0 +1,23 @@
+---
+name: DHCID
+parameters:
+  - name
+  - digest
+  - modifiers...
+parameter_types:
+  name: string
+  digest: string
+  "modifiers...": RecordModifier[]
+---
+
+DHCID adds a DHCID record to the domain.
+
+Digest should be a string.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DHCID("example.com", "ABCDEFG")
+);
+```
+{% endcode %}
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 9e4942e212..6a8cfccce8 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1539,10 +1539,10 @@ func makeTests(t *testing.T) []*TestGroup {
 			//	ns("another-child", "ns101.cloudns.net."),
 			//),
 		),
-		testgroup("DHCPID",
+		testgroup("DHCID",
 			requires(providers.CanUseDHCID),
-			tc("Create DHCPID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
-			tc("Modify DHCPID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+			tc("Create DHCID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+			tc("Modify DHCID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 		),
 
 		//// Vendor-specific record types
diff --git a/models/domain.go b/models/domain.go
index c25d9f7514..65118e00a6 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -133,7 +133,7 @@ func (dc *DomainConfig) Punycode() error {
 			rec.SetTarget(t)
 		case "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
 			rec.SetTarget(rec.GetTargetField())
-		case "A", "AAAA", "CAA", "DHCPID", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
+		case "A", "AAAA", "CAA", "DHCID", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
 			// Nothing to do.
 		default:
 			return fmt.Errorf("Punycode rtype %v unimplemented", rec.Type)

From 724ce29fa2a712647f16c4d657949334137d873b Mon Sep 17 00:00:00 2001
From: marte26 <me@cetinmartino.com>
Date: Mon, 11 Dec 2023 12:26:34 +0000
Subject: [PATCH 073/438] DOCS: Fix CAA_BUILDER  parameter types (issuewild
 type should be string[]) (#2709)

---
 commands/types/dnscontrol.d.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 38c6ee0327..9cacc652d5 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -411,7 +411,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
  */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string }): DomainModifier;
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string[] }): DomainModifier;
 
 /**
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to

From 6e90946b158e4fd1d07d3cf3ee4d699520ad0960 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 11 Dec 2023 15:23:00 -0500
Subject: [PATCH 074/438] Build(deps): Bump actions/setup-go from 4 to 5
 (#2716)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/release_draft.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index b2bd1223f8..fcef66d609 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -40,7 +40,7 @@ jobs:
         password: ${{ secrets.GITHUB_TOKEN }}
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: ^1.21
 

From 790513a17063dc82f88c30a0c46052542e3f0a41 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 11 Dec 2023 16:24:11 -0500
Subject: [PATCH 075/438] CHORE: Fix golint and staticcheck errors/warnings
 (#2717)

---
 pkg/diff2/diff2.go                            |  3 +++
 pkg/dnsgraph/dependencies.go                  |  1 +
 pkg/dnsgraph/dnsgraph.go                      | 13 ++++++++++++
 pkg/dnsgraph/graphable.go                     |  9 +++++++++
 pkg/dnsgraph/testutils/stubrecords.go         |  5 +++++
 pkg/dnssort/result.go                         |  5 ++++-
 pkg/txtutil/txtcode.go                        | 20 ++++++++++++++-----
 providers/gcore/gcoreExtend.go                |  4 ++--
 .../mythicbeasts/mythicbeastsProvider.go      |  5 ++---
 providers/porkbun/listzones.go                |  4 ++--
 10 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index f8e11404a9..0d1da39bc5 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -53,6 +53,7 @@ type Change struct {
 	HintRecordSetLen1 bool
 }
 
+// GetType returns the type of a change.
 func (c Change) GetType() dnsgraph.NodeType {
 	if c.Type == REPORT {
 		return dnsgraph.Report
@@ -61,10 +62,12 @@ func (c Change) GetType() dnsgraph.NodeType {
 	return dnsgraph.Change
 }
 
+// GetName returns the FQDN of the host being changed.
 func (c Change) GetName() string {
 	return c.Key.NameFQDN
 }
 
+// GetDependencies returns the depenencies of a change.
 func (c Change) GetDependencies() []dnsgraph.Dependency {
 	var dependencies []dnsgraph.Dependency
 
diff --git a/pkg/dnsgraph/dependencies.go b/pkg/dnsgraph/dependencies.go
index e2acfc8ea0..fb5794e7d2 100644
--- a/pkg/dnsgraph/dependencies.go
+++ b/pkg/dnsgraph/dependencies.go
@@ -1,5 +1,6 @@
 package dnsgraph
 
+// CreateDependencies creates a dependency list from a list of FQDNs and a DepenendyType.
 func CreateDependencies(dependencyFQDNs []string, dependencyType DependencyType) []Dependency {
 	var dependencies []Dependency
 
diff --git a/pkg/dnsgraph/dnsgraph.go b/pkg/dnsgraph/dnsgraph.go
index 24df8f2a8a..c764918b91 100644
--- a/pkg/dnsgraph/dnsgraph.go
+++ b/pkg/dnsgraph/dnsgraph.go
@@ -5,18 +5,23 @@ import "github.com/StackExchange/dnscontrol/v4/pkg/dnstree"
 type edgeDirection uint8
 
 const (
+	// IncomingEdge is an edge inbound.
 	IncomingEdge edgeDirection = iota
+	// OutgoingEdge is an edge outbound.
 	OutgoingEdge
 )
 
+// DNSGraphEdge an edge on the graph.
 type DNSGraphEdge[T Graphable] struct {
 	Dependency Dependency
 	Node       *DNSGraphNode[T]
 	Direction  edgeDirection
 }
 
+// DNSGraphEdges a list of edges.
 type DNSGraphEdges[T Graphable] []DNSGraphEdge[T]
 
+// DNSGraphNode a node in the graph.
 type DNSGraphNode[T Graphable] struct {
 	Data  T
 	Edges DNSGraphEdges[T]
@@ -24,11 +29,13 @@ type DNSGraphNode[T Graphable] struct {
 
 type dnsGraphNodes[T Graphable] []*DNSGraphNode[T]
 
+// DNSGraph a graph.
 type DNSGraph[T Graphable] struct {
 	All  dnsGraphNodes[T]
 	Tree *dnstree.DomainTree[dnsGraphNodes[T]]
 }
 
+// CreateGraph returns a graph.
 func CreateGraph[T Graphable](entries []T) *DNSGraph[T] {
 	graph := &DNSGraph[T]{
 		All:  dnsGraphNodes[T]{},
@@ -48,6 +55,7 @@ func CreateGraph[T Graphable](entries []T) *DNSGraph[T] {
 	return graph
 }
 
+// RemoveNode removes a node from a graph.
 func (graph *DNSGraph[T]) RemoveNode(toRemove *DNSGraphNode[T]) {
 	for _, edge := range toRemove.Edges {
 		edge.Node.Edges = edge.Node.Edges.RemoveNode(toRemove)
@@ -62,6 +70,7 @@ func (graph *DNSGraph[T]) RemoveNode(toRemove *DNSGraphNode[T]) {
 	}
 }
 
+// AddNode adds a node to a graph.
 func (graph *DNSGraph[T]) AddNode(data T) {
 	nodes := graph.Tree.Get(data.GetName())
 	node := &DNSGraphNode[T]{
@@ -77,6 +86,7 @@ func (graph *DNSGraph[T]) AddNode(data T) {
 	graph.Tree.Set(data.GetName(), nodes)
 }
 
+// AddEdge adds an edge to a graph.
 func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Dependency) {
 	destinationNodes := graph.Tree.Get(dependency.NameFQDN)
 
@@ -107,6 +117,7 @@ func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Depend
 	}
 }
 
+// RemoveNode removes a node from a graph.
 func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *DNSGraphNode[T]) dnsGraphNodes[T] {
 	var newNodes dnsGraphNodes[T]
 
@@ -119,6 +130,7 @@ func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *DNSGraphNode[T]) dnsGraphNode
 	return newNodes
 }
 
+// RemoveNode removes a node from a graph.
 func (edges DNSGraphEdges[T]) RemoveNode(toRemove *DNSGraphNode[T]) DNSGraphEdges[T] {
 	var newEdges DNSGraphEdges[T]
 
@@ -131,6 +143,7 @@ func (edges DNSGraphEdges[T]) RemoveNode(toRemove *DNSGraphNode[T]) DNSGraphEdge
 	return newEdges
 }
 
+// Contains returns true if a node is in the graph AND is in that direction.
 func (edges DNSGraphEdges[T]) Contains(toFind *DNSGraphNode[T], direction edgeDirection) bool {
 
 	for _, edge := range edges {
diff --git a/pkg/dnsgraph/graphable.go b/pkg/dnsgraph/graphable.go
index 13dd2fb53f..280b86c0ab 100644
--- a/pkg/dnsgraph/graphable.go
+++ b/pkg/dnsgraph/graphable.go
@@ -1,30 +1,39 @@
 package dnsgraph
 
+// NodeType enumerates the node types.
 type NodeType uint8
 
 const (
+	// Change is the type of change.
 	Change NodeType = iota
+	// Report is a Report.
 	Report
 )
 
+// DependencyType enumerates the dependency types.
 type DependencyType uint8
 
 const (
+	// ForwardDependency is a forward dependency.
 	ForwardDependency DependencyType = iota
+	// BackwardDependency is a backwards dependency.
 	BackwardDependency
 )
 
+// Dependency is a dependency.
 type Dependency struct {
 	NameFQDN string
 	Type     DependencyType
 }
 
+// Graphable is an interface for things that can be in a graph.
 type Graphable interface {
 	GetType() NodeType
 	GetName() string
 	GetDependencies() []Dependency
 }
 
+// GetRecordsNamesForGraphables returns names in a graph.
 func GetRecordsNamesForGraphables[T Graphable](graphables []T) []string {
 	var names []string
 
diff --git a/pkg/dnsgraph/testutils/stubrecords.go b/pkg/dnsgraph/testutils/stubrecords.go
index e4627ffeca..bf600febe0 100644
--- a/pkg/dnsgraph/testutils/stubrecords.go
+++ b/pkg/dnsgraph/testutils/stubrecords.go
@@ -2,24 +2,29 @@ package testutils
 
 import "github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
 
+// StubRecord stub
 type StubRecord struct {
 	NameFQDN     string
 	Dependencies []dnsgraph.Dependency
 	Type         dnsgraph.NodeType
 }
 
+// GetType stub
 func (record StubRecord) GetType() dnsgraph.NodeType {
 	return record.Type
 }
 
+// GetName stub
 func (record StubRecord) GetName() string {
 	return record.NameFQDN
 }
 
+// GetDependencies stub
 func (record StubRecord) GetDependencies() []dnsgraph.Dependency {
 	return record.Dependencies
 }
 
+// StubRecordsAsGraphable stub
 func StubRecordsAsGraphable(records []StubRecord) []dnsgraph.Graphable {
 	sortableRecords := make([]dnsgraph.Graphable, len(records))
 
diff --git a/pkg/dnssort/result.go b/pkg/dnssort/result.go
index 5f90ecdb31..d75f76dd81 100644
--- a/pkg/dnssort/result.go
+++ b/pkg/dnssort/result.go
@@ -2,7 +2,10 @@ package dnssort
 
 import "github.com/StackExchange/dnscontrol/v4/pkg/dnsgraph"
 
+// SortResult is the result of a sort function.
 type SortResult[T dnsgraph.Graphable] struct {
-	SortedRecords     []T
+	// SortedRecords is the sorted records.
+	SortedRecords []T
+	// UnresolvedRecords is the records that could not be resolved.
 	UnresolvedRecords []T
 }
diff --git a/pkg/txtutil/txtcode.go b/pkg/txtutil/txtcode.go
index 6a50bdb605..b125cac4fa 100644
--- a/pkg/txtutil/txtcode.go
+++ b/pkg/txtutil/txtcode.go
@@ -36,14 +36,24 @@ func EncodeQuoted(t string) string {
 	return txtEncode(ToChunks(t))
 }
 
+// State denotes the parser state.
 type State int
 
 const (
-	StateStart     State = iota // Looking for a non-space
-	StateUnquoted               // A run of unquoted text
-	StateQuoted                 // Quoted text
-	StateBackslash              // last char was backlash in a quoted string
-	StateWantSpace              // expect space after closing quote
+	// StateStart indicates parser is looking for a non-space
+	StateStart State = iota
+
+	// StateUnquoted indicates parser is in a run of unquoted text
+	StateUnquoted
+
+	// StateQuoted indicates parser is in quoted text
+	StateQuoted
+
+	// StateBackslash indicates the last char was backlash in a quoted string
+	StateBackslash
+
+	// StateWantSpace indicates parser expects a space (the previous token was a closing quote)
+	StateWantSpace
 )
 
 func isRemaining(s string, i, r int) bool {
diff --git a/providers/gcore/gcoreExtend.go b/providers/gcore/gcoreExtend.go
index b0bfa43d7e..a07cb65774 100644
--- a/providers/gcore/gcoreExtend.go
+++ b/providers/gcore/gcoreExtend.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"path"
@@ -69,7 +69,7 @@ func dnssdkDo(ctx context.Context, c *dnssdk.Client, apiKey string, method, uri
 	defer func() { _ = resp.Body.Close() }()
 
 	if resp.StatusCode >= http.StatusMultipleChoices {
-		all, _ := ioutil.ReadAll(resp.Body)
+		all, _ := io.ReadAll(resp.Body)
 		e := dnssdk.APIError{
 			StatusCode: resp.StatusCode,
 		}
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index f5798c0123..7a8c0e4b1e 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"strings"
 
@@ -85,7 +84,7 @@ func (n *mythicBeastsProvider) GetZoneRecords(domain string, meta map[string]str
 		return nil, err
 	}
 	if got, want := resp.StatusCode, 200; got != want {
-		body, _ := ioutil.ReadAll(resp.Body)
+		body, _ := io.ReadAll(resp.Body)
 		return nil, fmt.Errorf("got HTTP %v, want %v: %v", got, want, string(body))
 	}
 	return zoneFileToRecords(resp.Body, domain)
@@ -138,7 +137,7 @@ func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig
 						return err
 					}
 					if got, want := resp.StatusCode, 200; got != want {
-						body, _ := ioutil.ReadAll(resp.Body)
+						body, _ := io.ReadAll(resp.Body)
 						return fmt.Errorf("got HTTP %v, want %v: %v", got, want, string(body))
 					}
 					return nil
diff --git a/providers/porkbun/listzones.go b/providers/porkbun/listzones.go
index a5f9f89c15..95842b14f0 100644
--- a/providers/porkbun/listzones.go
+++ b/providers/porkbun/listzones.go
@@ -1,7 +1,7 @@
 package porkbun
 
-func (client *porkbunProvider) ListZones() ([]string, error) {
-	zones, err := client.listAllDomains()
+func (c *porkbunProvider) ListZones() ([]string, error) {
+	zones, err := c.listAllDomains()
 	if err != nil {
 		return nil, err
 	}

From 2e4aa7a4c889ab2d17d8499c7acf2f75aa474bfa Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 12 Dec 2023 10:36:39 -0500
Subject: [PATCH 076/438] CHORE: Fix golint warnings about stuttering (#2718)

---
 pkg/dnsgraph/dnsgraph.go | 48 ++++++++++++++++++++--------------------
 pkg/dnssort/graphsort.go |  4 ++--
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/pkg/dnsgraph/dnsgraph.go b/pkg/dnsgraph/dnsgraph.go
index c764918b91..ef69b22f0d 100644
--- a/pkg/dnsgraph/dnsgraph.go
+++ b/pkg/dnsgraph/dnsgraph.go
@@ -11,33 +11,33 @@ const (
 	OutgoingEdge
 )
 
-// DNSGraphEdge an edge on the graph.
-type DNSGraphEdge[T Graphable] struct {
+// Edge an edge on the graph.
+type Edge[T Graphable] struct {
 	Dependency Dependency
-	Node       *DNSGraphNode[T]
+	Node       *Node[T]
 	Direction  edgeDirection
 }
 
-// DNSGraphEdges a list of edges.
-type DNSGraphEdges[T Graphable] []DNSGraphEdge[T]
+// Edges a list of edges.
+type Edges[T Graphable] []Edge[T]
 
-// DNSGraphNode a node in the graph.
-type DNSGraphNode[T Graphable] struct {
+// Node a node in the graph.
+type Node[T Graphable] struct {
 	Data  T
-	Edges DNSGraphEdges[T]
+	Edges Edges[T]
 }
 
-type dnsGraphNodes[T Graphable] []*DNSGraphNode[T]
+type dnsGraphNodes[T Graphable] []*Node[T]
 
-// DNSGraph a graph.
-type DNSGraph[T Graphable] struct {
+// Graph a graph.
+type Graph[T Graphable] struct {
 	All  dnsGraphNodes[T]
 	Tree *dnstree.DomainTree[dnsGraphNodes[T]]
 }
 
 // CreateGraph returns a graph.
-func CreateGraph[T Graphable](entries []T) *DNSGraph[T] {
-	graph := &DNSGraph[T]{
+func CreateGraph[T Graphable](entries []T) *Graph[T] {
+	graph := &Graph[T]{
 		All:  dnsGraphNodes[T]{},
 		Tree: dnstree.Create[dnsGraphNodes[T]](),
 	}
@@ -56,7 +56,7 @@ func CreateGraph[T Graphable](entries []T) *DNSGraph[T] {
 }
 
 // RemoveNode removes a node from a graph.
-func (graph *DNSGraph[T]) RemoveNode(toRemove *DNSGraphNode[T]) {
+func (graph *Graph[T]) RemoveNode(toRemove *Node[T]) {
 	for _, edge := range toRemove.Edges {
 		edge.Node.Edges = edge.Node.Edges.RemoveNode(toRemove)
 	}
@@ -71,11 +71,11 @@ func (graph *DNSGraph[T]) RemoveNode(toRemove *DNSGraphNode[T]) {
 }
 
 // AddNode adds a node to a graph.
-func (graph *DNSGraph[T]) AddNode(data T) {
+func (graph *Graph[T]) AddNode(data T) {
 	nodes := graph.Tree.Get(data.GetName())
-	node := &DNSGraphNode[T]{
+	node := &Node[T]{
 		Data:  data,
-		Edges: DNSGraphEdges[T]{},
+		Edges: Edges[T]{},
 	}
 	if nodes == nil {
 		nodes = dnsGraphNodes[T]{}
@@ -87,7 +87,7 @@ func (graph *DNSGraph[T]) AddNode(data T) {
 }
 
 // AddEdge adds an edge to a graph.
-func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Dependency) {
+func (graph *Graph[T]) AddEdge(sourceNode *Node[T], dependency Dependency) {
 	destinationNodes := graph.Tree.Get(dependency.NameFQDN)
 
 	if destinationNodes == nil {
@@ -103,13 +103,13 @@ func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Depend
 			continue
 		}
 
-		sourceNode.Edges = append(sourceNode.Edges, DNSGraphEdge[T]{
+		sourceNode.Edges = append(sourceNode.Edges, Edge[T]{
 			Dependency: dependency,
 			Node:       destinationNode,
 			Direction:  OutgoingEdge,
 		})
 
-		destinationNode.Edges = append(destinationNode.Edges, DNSGraphEdge[T]{
+		destinationNode.Edges = append(destinationNode.Edges, Edge[T]{
 			Dependency: dependency,
 			Node:       sourceNode,
 			Direction:  IncomingEdge,
@@ -118,7 +118,7 @@ func (graph *DNSGraph[T]) AddEdge(sourceNode *DNSGraphNode[T], dependency Depend
 }
 
 // RemoveNode removes a node from a graph.
-func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *DNSGraphNode[T]) dnsGraphNodes[T] {
+func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *Node[T]) dnsGraphNodes[T] {
 	var newNodes dnsGraphNodes[T]
 
 	for _, node := range nodes {
@@ -131,8 +131,8 @@ func (nodes dnsGraphNodes[T]) RemoveNode(toRemove *DNSGraphNode[T]) dnsGraphNode
 }
 
 // RemoveNode removes a node from a graph.
-func (edges DNSGraphEdges[T]) RemoveNode(toRemove *DNSGraphNode[T]) DNSGraphEdges[T] {
-	var newEdges DNSGraphEdges[T]
+func (edges Edges[T]) RemoveNode(toRemove *Node[T]) Edges[T] {
+	var newEdges Edges[T]
 
 	for _, edge := range edges {
 		if edge.Node != toRemove {
@@ -144,7 +144,7 @@ func (edges DNSGraphEdges[T]) RemoveNode(toRemove *DNSGraphNode[T]) DNSGraphEdge
 }
 
 // Contains returns true if a node is in the graph AND is in that direction.
-func (edges DNSGraphEdges[T]) Contains(toFind *DNSGraphNode[T], direction edgeDirection) bool {
+func (edges Edges[T]) Contains(toFind *Node[T], direction edgeDirection) bool {
 
 	for _, edge := range edges {
 		if edge.Node == toFind && edge.Direction == direction {
diff --git a/pkg/dnssort/graphsort.go b/pkg/dnssort/graphsort.go
index b9476e44c9..3c8c1a37c6 100644
--- a/pkg/dnssort/graphsort.go
+++ b/pkg/dnssort/graphsort.go
@@ -49,7 +49,7 @@ func SortUsingGraph[T dnsgraph.Graphable](records []T) SortResult[T] {
 }
 
 type directedSortState[T dnsgraph.Graphable] struct {
-	graph                *dnsgraph.DNSGraph[T]
+	graph                *dnsgraph.Graph[T]
 	sortedRecords        []T
 	unresolvedRecords    []T
 	hasResolvedLastRound bool
@@ -106,7 +106,7 @@ func (sortState *directedSortState[T]) finalize() {
 	}
 }
 
-func hasUnmetDependencies[T dnsgraph.Graphable](node *dnsgraph.DNSGraphNode[T]) bool {
+func hasUnmetDependencies[T dnsgraph.Graphable](node *dnsgraph.Node[T]) bool {
 	for _, edge := range node.Edges {
 		if edge.Dependency.Type == dnsgraph.BackwardDependency && edge.Direction == dnsgraph.IncomingEdge {
 			return true

From 0b8bb1d1ba1dbe3a18b6e57b1a3d276c5da469b9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 13 Dec 2023 12:32:39 -0500
Subject: [PATCH 077/438] FEATURE: Add experimental --reportmax flag (#2719)

---
 commands/previewPush.go |  9 +++++++++
 pkg/diff2/handsoff.go   | 23 ++++++++++++++---------
 pkg/printer/printer.go  |  3 +++
 3 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/commands/previewPush.go b/commands/previewPush.go
index ebeff28cdc..594383224d 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -77,6 +77,15 @@ func (args *PreviewArgs) flags() []cli.Flag {
 		Destination: &args.Full,
 		Usage:       `Add headings, providers names, notifications of no changes, etc`,
 	})
+	flags = append(flags, &cli.IntFlag{
+		Name:   "reportmax",
+		Hidden: true,
+		Usage:  `Limit the IGNORE/NO_PURGE report to this many lines (Expermental. Will change in the future.)`,
+		Action: func(ctx *cli.Context, max int) error {
+			printer.MaxReport = max
+			return nil
+		},
+	})
 	flags = append(flags, &cli.Int64Flag{
 		Name:        "bindserial",
 		Destination: &bindserial.ForcedValue,
diff --git a/pkg/diff2/handsoff.go b/pkg/diff2/handsoff.go
index 917c33af7b..7e2b4f6493 100644
--- a/pkg/diff2/handsoff.go
+++ b/pkg/diff2/handsoff.go
@@ -98,8 +98,6 @@ The actual implementation combines this all into one loop:
     Append "foreign list" to "desired".
 */
 
-const maxReport = 5
-
 // handsoff processes the IGNORE*()//NO_PURGE/ENSURE_ABSENT features.
 func handsoff(
 	domain string,
@@ -116,14 +114,19 @@ func handsoff(
 		return nil, nil, err
 	}
 
+	var punct = ":"
+	if printer.MaxReport == 0 {
+		punct = "."
+	}
+
 	// Process IGNORE*() and NO_PURGE features:
 	ignorable, foreign := processIgnoreAndNoPurge(domain, existing, desired, absences, unmanagedConfigs, noPurge)
 	if len(foreign) != 0 {
-		msgs = append(msgs, fmt.Sprintf("%d records not being deleted because of NO_PURGE:", len(foreign)))
+		msgs = append(msgs, fmt.Sprintf("%d records not being deleted because of NO_PURGE%s", len(foreign), punct))
 		msgs = append(msgs, reportSkips(foreign, !printer.SkinnyReport)...)
 	}
 	if len(ignorable) != 0 {
-		msgs = append(msgs, fmt.Sprintf("%d records not being deleted because of IGNORE*():", len(ignorable)))
+		msgs = append(msgs, fmt.Sprintf("%d records not being deleted because of IGNORE*()%s", len(ignorable), punct))
 		msgs = append(msgs, reportSkips(ignorable, !printer.SkinnyReport)...)
 	}
 
@@ -146,21 +149,23 @@ func handsoff(
 	return desired, msgs, nil
 }
 
-// reportSkips reports records being skipped, if !full only the first maxReport are output.
+// reportSkips reports records being skipped, if !full only the first
+// printer.MaxReport are output.
 func reportSkips(recs models.Records, full bool) []string {
 	var msgs []string
 
-	shorten := (!full) && (len(recs) > maxReport)
+	shorten := (!full) && (len(recs) > printer.MaxReport)
+
 	last := len(recs)
 	if shorten {
-		last = maxReport
+		last = printer.MaxReport
 	}
 
 	for _, r := range recs[:last] {
 		msgs = append(msgs, fmt.Sprintf("    %s. %s %s", r.GetLabelFQDN(), r.Type, r.GetTargetCombined()))
 	}
-	if shorten {
-		msgs = append(msgs, fmt.Sprintf("    ...and %d more... (use --full to show all)", len(recs)-maxReport))
+	if shorten && printer.MaxReport != 0 {
+		msgs = append(msgs, fmt.Sprintf("    ...and %d more... (use --full to show all)", len(recs)-printer.MaxReport))
 	}
 
 	return msgs
diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index da839ab669..ec8b2a8de5 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -72,6 +72,9 @@ var (
 // variable name is easy to grep for when we make the conversion.
 var SkinnyReport = true
 
+// MaxReport represents how many records to show if SkinnyReport == true
+var MaxReport = 5
+
 // ConsolePrinter is a handle for the console printer.
 type ConsolePrinter struct {
 	Reader *bufio.Reader

From 8b1739e632d1fda2ea8178c24085982751ef132c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 13 Dec 2023 13:51:23 -0500
Subject: [PATCH 078/438] CHORE: Update deps and gogenerate (#2720)

---
 documentation/functions/domain/CAA_BUILDER.md |   2 +-
 go.mod                                        |  51 ++++----
 go.sum                                        | 111 ++++++++++--------
 pkg/txtutil/state_string.go                   |  27 +++++
 4 files changed, 120 insertions(+), 71 deletions(-)
 create mode 100644 pkg/txtutil/state_string.go

diff --git a/documentation/functions/domain/CAA_BUILDER.md b/documentation/functions/domain/CAA_BUILDER.md
index 920910e06e..8e7c445e35 100644
--- a/documentation/functions/domain/CAA_BUILDER.md
+++ b/documentation/functions/domain/CAA_BUILDER.md
@@ -12,7 +12,7 @@ parameter_types:
   iodef: string
   iodef_critical: boolean?
   issue: string[]
-  issuewild: string
+  issuewild: string[]
 ---
 
 DNSControl contains a `CAA_BUILDER` which can be used to simply create
diff --git a/go.mod b/go.mod
index d9efc2a213..652aebb51c 100644
--- a/go.mod
+++ b/go.mod
@@ -14,17 +14,17 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.23.5
-	github.com/aws/aws-sdk-go-v2/config v1.25.11
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.9
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2
+	github.com/aws/aws-sdk-go-v2 v1.24.0
+	github.com/aws/aws-sdk-go-v2/config v1.26.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.82.0
-	github.com/digitalocean/godo v1.106.0
+	github.com/cloudflare/cloudflare-go v0.83.0
+	github.com/digitalocean/godo v1.107.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
 	github.com/exoscale/egoscale v0.90.2
@@ -52,12 +52,12 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/net v0.19.0
 	golang.org/x/oauth2 v0.15.0
-	google.golang.org/api v0.152.0
+	google.golang.org/api v0.154.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
 	github.com/G-Core/gcore-dns-sdk-go v0.2.6
 	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
@@ -66,7 +66,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231127185646-65229373498e
+	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -74,20 +74,20 @@ require (
 require (
 	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.2 // indirect
-	github.com/aws/smithy-go v1.18.1 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect
+	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -95,7 +95,10 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
@@ -136,6 +139,10 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
+	go.opentelemetry.io/otel v1.21.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
+	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	golang.org/x/crypto v0.16.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
@@ -143,7 +150,7 @@ require (
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 // indirect
 	google.golang.org/grpc v1.59.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 2e6bdb7901..8f88ecd409 100644
--- a/go.sum
+++ b/go.sum
@@ -3,12 +3,12 @@ cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiV
 cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0 h1:fb8kj/Dh4CSwgsOzHeZY4Xh68cFVbzXx+ONXGMY//4w=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0/go.mod h1:uReU2sSxZExRPBAg3qKzmAucSi51+SP1OhohieR821Q=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
@@ -39,36 +39,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.23.5 h1:xK6C4udTyDMd82RFvNkDQxtAd00xlzFUtX4fF2nMZyg=
-github.com/aws/aws-sdk-go-v2 v1.23.5/go.mod h1:t3szzKfP0NeRU27uBFczDivYJjsmSnqI8kIvKyWb9ds=
-github.com/aws/aws-sdk-go-v2/config v1.25.11 h1:RWzp7jhPRliIcACefGkKp03L0Yofmd2p8M25kbiyvno=
-github.com/aws/aws-sdk-go-v2/config v1.25.11/go.mod h1:BVUs0chMdygHsQtvaMyEOpW2GIW+ubrxJLgIz/JU29s=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.9 h1:LQo3MUIOzod9JdUK+wxmSdgzLVYUbII3jXn3S/HJZU0=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.9/go.mod h1:R7mDuIJoCjH6TxGUc/cylE7Lp/o0bhKVoxdBThsjqCM=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9 h1:FZVFahMyZle6WcogZCOxo6D/lkDA2lqKIn4/ueUmVXw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.9/go.mod h1:kjq7REMIkxdtcEC9/4BVXjOsNY5isz6jQbEgk6osRTU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8 h1:8GVZIR0y6JRIUNSYI1xAMF4HDfV8H/bOsZ/8AD/uY5Q=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.8/go.mod h1:rwBfu0SoUkBUZndVgPZKAD9Y2JigaZtRP68unRiYToQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8 h1:ZE2ds/qeBkhk3yqYvS3CDCFNvd9ir5hMjlVStLZWrvM=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.8/go.mod h1:/lAPPymDYL023+TS6DJmjuL42nxix2AvEvfjqOBRODk=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3 h1:e3PCNeEaev/ZF01cQyNZgmYE9oYYePIMJs2mWSKG514=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.3/go.mod h1:gIeeNyaL8tIEqZrzAnTeyhHcE0yysCtcaP+N9kxLZ+E=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8 h1:EamsKe+ZjkOQjDdHd86/JCEucjFKQ9T0atWKO4s2Lgs=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.8/go.mod h1:Q0vV3/csTpbkfKLI5Sb56cJQTCTtJ0ixdb7P+Wedqiw=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2 h1:Dd8CLHufmDFPt+ccGpJx4S0/tS9MnUGPZ9PqU9k6z08=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.2/go.mod h1:D58n83ihSAC0wtkcvU6PavqmO839sqYQ+HvpqbD7tKE=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2 h1:dYbN6BSr4hZdgPQp+tZbGtmt8mr7Uqxl3T1nqc9Vw6Y=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.2/go.mod h1:jASD8WWGPoh1gFNwhYOlCQhO+zD+bbq1Hy2Ms/1qe5c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.2 h1:xJPydhNm0Hiqct5TVKEuHG7weC0+sOs4MUnd7A5n5F4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.2/go.mod h1:zxk6y1X2KXThESWMS5CrKRvISD8mbIMab6nZrCGxDG0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2 h1:8dU9zqA77C5egbU6yd4hFLaiIdPv3rU+6cp7sz5FjCU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.2/go.mod h1:7Lt5mjQ8x5rVdKqg+sKKDeuwoszDJIIPmkd8BVsEdS0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.2 h1:fFrLsy08wEbAisqW3KDl/cPHrF43GmV79zXB9EwJiZw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.2/go.mod h1:7Ld9eTqocTvJqqJ5K/orbSDwmGcpRdlDiLjz2DO+SL8=
-github.com/aws/smithy-go v1.18.1 h1:pOdBTUfXNazOlxLrgeYalVnuTpKreACHtc62xLwIB3c=
-github.com/aws/smithy-go v1.18.1/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
+github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
+github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5 h1:WVQIKVwv56JY+I0b2fFeRGCTSi/Xupa87z7y8HZ6l5g=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5/go.mod h1:F9El48+5Tf+TkYJB/6M9H7oqXw9Mr9eVetwJ6SUql7g=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5 h1:WDr8iQXuDzL6ERqRvpdIy1ZdOjg6lXlEHSo8wOJiOyI=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5/go.mod h1:7fnaaVoKfZaWJ8RuNYTYV3SkqD6BkFYlRuFDEkHajpc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
+github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.82.0 h1:t4G5BcutMcd+3U1FJHifo7Gv3m3LCzhARKZDinSi9Qs=
-github.com/cloudflare/cloudflare-go v0.82.0/go.mod h1:W9Tg8ntSvkoWs/YpwuucBf6ZaG5wTcUSLhyg6GH/zBg=
+github.com/cloudflare/cloudflare-go v0.83.0 h1:aq85Hbr5W6KfXZV7v3lx6fhBkiu0FYqY+3+xzG14mdY=
+github.com/cloudflare/cloudflare-go v0.83.0/go.mod h1:5pkAzpoWJYI5NekLZoRryQAcghYDhdbUxdcal1f7lu4=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.106.0 h1:m5iErwl3xHovGFlawd50n54ntgXHt1BLsvU6BXsVxEU=
-github.com/digitalocean/godo v1.106.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.107.0 h1:P72IbmGFQvKOvyjVLyT59bmHxilA4E5hWi40rF4zNQc=
+github.com/digitalocean/godo v1.107.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -124,6 +124,8 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
 github.com/fbiville/markdown-table-formatter v0.3.0/go.mod h1:q89TDtSEVDdTaufgSbfHpNVdPU/bmfvqNkrC5HagmLY=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
@@ -135,6 +137,11 @@ github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhS
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
 github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -433,6 +440,14 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
 golang.org/x/crypto v0.0.0-20180214000028-650f4a345ab4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -446,8 +461,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
 golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231127185646-65229373498e h1:Gvh4YaCaXNs6dKTlfgismwWZKyjVZXwOPfIyUaqU3No=
-golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
+golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -544,8 +559,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.152.0 h1:t0r1vPnfMc260S2Ci+en7kfCZaLOPs5KI0sVV/6jZrY=
-google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY=
+google.golang.org/api v0.154.0 h1:X7QkVKZBskztmpPKWQXgjJRPA2dJYrL6r+sYPRLj050=
+google.golang.org/api v0.154.0/go.mod h1:qhSMkM85hgqiokIYsrRyKxrjfBeIhgl4Z2JmeRkYylc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
@@ -553,12 +568,12 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc=
+google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f h1:Vn+VyHU5guc9KjB5KrjI2q0wCOWEOIh0OEsleqakHJg=
+google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f/go.mod h1:nWSwAFPb+qfNJXsoeO3Io7zf4tMSfN8EA8RlDA04GhY=
+google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f h1:2yNACc1O40tTnrsbk9Cv6oxiW8pxI/pXj0wRtdlYmgY=
+google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 h1:DC7wcm+i+P1rN3Ff07vL+OndGg5OhNddHyTA+ocPqYE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
diff --git a/pkg/txtutil/state_string.go b/pkg/txtutil/state_string.go
new file mode 100644
index 0000000000..13d1b27c18
--- /dev/null
+++ b/pkg/txtutil/state_string.go
@@ -0,0 +1,27 @@
+// Code generated by "stringer -type=State"; DO NOT EDIT.
+
+package txtutil
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[StateStart-0]
+	_ = x[StateUnquoted-1]
+	_ = x[StateQuoted-2]
+	_ = x[StateBackslash-3]
+	_ = x[StateWantSpace-4]
+}
+
+const _State_name = "StateStartStateUnquotedStateQuotedStateBackslashStateWantSpace"
+
+var _State_index = [...]uint8{0, 10, 23, 34, 48, 62}
+
+func (i State) String() string {
+	if i < 0 || i >= State(len(_State_index)-1) {
+		return "State(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _State_name[_State_index[i]:_State_index[i+1]]
+}

From 0da3f7572978913ca90aa6aeeddeb9f11b80508d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 13 Dec 2023 14:15:35 -0500
Subject: [PATCH 079/438] CICD: release needs stringer (#2721)

---
 .github/workflows/release_draft.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index fcef66d609..d87e0cdc26 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -44,6 +44,11 @@ jobs:
       with:
         go-version: ^1.21
 
+# Stringer is needed because .goreleaser includes "go generate ./..."
+    - name: Install stringer
+      run: |
+        go install golang.org/x/tools/cmd/stringer@latest
+
 # For some reason goreleaser isn't correctly setting the version
 # string used by "dnscontrol version".  Therefore, we're forcing the
 # string using the GORELEASER_CURRENT_TAG feature.

From 7ce2eb4e7efeca76130cac942dcd83a0b1db168f Mon Sep 17 00:00:00 2001
From: svernick <108954676+svernick@users.noreply.github.com>
Date: Wed, 13 Dec 2023 16:31:40 -0500
Subject: [PATCH 080/438] AKAMAIEDGEDNS: Fix AKAMAICDN add/modify.  Fix
 integrationTest. (#2722)

---
 models/record.go                                 |  4 ++--
 providers/akamaiedgedns/akamaiEdgeDnsProvider.go |  2 +-
 providers/akamaiedgedns/auditrecords.go          | 11 +++++++++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/models/record.go b/models/record.go
index c165981c6e..d49078b12c 100644
--- a/models/record.go
+++ b/models/record.go
@@ -557,10 +557,10 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 
 	for _, r := range recs {
 		switch r.Type { // #rtype_variations
-		case "AKAMAICDN", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
+		case "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
-		case "A", "ALIAS", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
+		case "A", "AKAMAICDN", "ALIAS", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index 7d1fabda16..ce3e6df741 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -22,7 +22,7 @@ import (
 
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
-	// See providers/capabilities.go for the entire list of capabilties.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAKAMAICDN:        providers.Can(),
diff --git a/providers/akamaiedgedns/auditrecords.go b/providers/akamaiedgedns/auditrecords.go
index 255dafd559..a866503f06 100644
--- a/providers/akamaiedgedns/auditrecords.go
+++ b/providers/akamaiedgedns/auditrecords.go
@@ -1,10 +1,17 @@
 package akamaiedgedns
 
-import "github.com/StackExchange/dnscontrol/v4/models"
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
 
 // AuditRecords returns a list of errors corresponding to the records
 // that aren't supported by this provider.  If all records are
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
+	a := rejectif.Auditor{}
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-12-12
+	a.Add("TXT", rejectif.TxtHasBackslash)    // Last verified 2023-12-12
+
+	return a.Audit(records)
 }

From e146fc5c07e8984df06d4d4dac9901807f546c09 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 14 Dec 2023 15:24:58 -0500
Subject: [PATCH 081/438] BUG: Fix M365 Builder indexOf error (#2724)

---
 pkg/js/helpers.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index f52cea0a1d..e289579627 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1683,7 +1683,7 @@ function M365_BUILDER(name, value) {
         );
     }
 
-    r = [];
+    var r = [];
 
     // MX (default: true)
     if (value.mx) {

From c0dc049755da786cf550bfabbe56fb9958bf830e Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Fri, 15 Dec 2023 21:03:07 +0100
Subject: [PATCH 082/438] TRANSIP: Added audit record for a maximum of 1024
 TXT-record characters (#2725)

---
 providers/transip/auditrecords.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/providers/transip/auditrecords.go b/providers/transip/auditrecords.go
index 4836b70af7..d90663b352 100644
--- a/providers/transip/auditrecords.go
+++ b/providers/transip/auditrecords.go
@@ -23,5 +23,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-12-10
 
+	a.Add("TXT", rejectif.TxtLongerThan(1024)) // Last verified 2023-12-15
+
 	return a.Audit(records)
 }

From d1a75e9348d07404fbb43d9848e6de350732a166 Mon Sep 17 00:00:00 2001
From: llange <llange@users.noreply.github.com>
Date: Mon, 18 Dec 2023 15:14:01 +0100
Subject: [PATCH 083/438] DOCS: Updates to `ovh` provider page (#2727)

---
 documentation/providers/ovh.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/documentation/providers/ovh.md b/documentation/providers/ovh.md
index dd19ccd7c6..e2bf162e28 100644
--- a/documentation/providers/ovh.md
+++ b/documentation/providers/ovh.md
@@ -146,8 +146,10 @@ OVH now allows to host DNS zone for a domain that is not registered in their reg
 |  OVH      | OVH + other |    √     |
 |  other    | OVH         |    √     |
 
-## Caveat
+## Caveats
 
-OVH doesn't allow resetting the zone to the OVH DNS through the API. If for any reasons OVH NS entries were
+* OVH doesn't allow resetting the zone to the OVH DNS through the API. If for any reasons OVH NS entries were
 removed the only way to add them back is by using the OVH Control Panel (in the DNS Servers tab, click on the "Reset the
 DNS servers" button.
+* There may be a slight delay (1-10 minutes) before your modifications appear in the OVH Control Panel. However it seems that it's only cosmetic - the changes are indeed available at the DNS servers. You can confirm that the changes are taken into account by OVH by choosing "Change in text format", and see in the BIND compatible format that your changes are indeed there. And you can confirm by directly asking the DNS servers (e.g. with `dig`).
+* OVH enforces the [Restrictions on valid hostnames](https://en.wikipedia.org/wiki/Hostname#Syntax). A hostname with an underscore ("_") will cause the following error `FAILURE! OVHcloud API error (status code 400): Client::BadRequest: "Invalid domain name, underscore not allowed"`

From 36f6b19943aef70f930a99ea673d4b5ca1d8e4be Mon Sep 17 00:00:00 2001
From: Midnight Veil <midnightveil@fea.st>
Date: Tue, 19 Dec 2023 01:34:40 +1100
Subject: [PATCH 084/438] AXFRDDNS: Support separate servers for AXFR and DDNS
 (#2723)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/axfrddns.md    | 22 ++++++++++++++++++++--
 providers/axfrddns/axfrddnsProvider.go | 16 +++++++++++++---
 2 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/documentation/providers/axfrddns.md b/documentation/providers/axfrddns.md
index ea78fbeb2e..ca182e276f 100644
--- a/documentation/providers/axfrddns.md
+++ b/documentation/providers/axfrddns.md
@@ -98,7 +98,7 @@ var DSP_AXFRDDNS = NewDnsProvider("axfrddns", {
             "ns4.example.com."
         ]
     }
-}
+)
 ```
 {% endcode %}
 
@@ -107,7 +107,7 @@ var DSP_AXFRDDNS = NewDnsProvider("axfrddns", {
 {
   "axfrddns": {
     "TYPE": "AXFRDDNS",
-    "nameservers": "ns1.example.com.,ns2.example.com.,ns3.example.com.,ns4.example.com."
+    "nameservers": "ns1.example.com,ns2.example.com,ns3.example.com,ns4.example.com"
   }
 }
 ```
@@ -144,6 +144,24 @@ the following error message:
 Please consider adding default `nameservers` or an explicit `master` in `creds.json`.
 ```
 
+### Transfer/AXFR server
+
+As mentioned above, the AXFR+DDNS provider will send AXFR requests to the
+primary master for the zone. On some networks, the AXFR requests are handled
+by a separate server to DDNS requests. Use the `transfer-server` option in
+`creds.json`. If not specified, it falls back to the primary master.
+
+{% code title="creds.json" %}
+```json
+{
+  "axfrddns": {
+    "TYPE": "AXFRDDNS",
+    "transfer-server": "233.252.0.0"
+  }
+}
+```
+{% endcode %}
+
 ### Buggy DNS servers regarding CNAME updates
 
 When modifying a CNAME record, or when replacing an A record by a
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 3fba136889..fabeb6a4d7 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -58,6 +58,7 @@ type axfrddnsProvider struct {
 	rand                *rand.Rand
 	master              string
 	updateMode          string
+	transferServer      string
 	transferMode        string
 	nameservers         []*models.Nameserver
 	transferKey         *Key
@@ -125,6 +126,14 @@ func initAxfrDdns(config map[string]string, providermeta json.RawMessage) (provi
 	} else {
 		return nil, fmt.Errorf("nameservers list is empty: creds.json needs a default `nameservers` or an explicit `master`")
 	}
+	if config["transfer-server"] != "" {
+		api.transferServer = config["transfer-server"]
+		if !strings.Contains(api.transferServer, ":") {
+			api.transferServer = api.transferServer + ":53"
+		}
+	} else {
+		api.transferServer = api.master
+	}
 	api.updateKey, err = readKey(config["update-key"], "update-key")
 	if err != nil {
 		return nil, err
@@ -145,6 +154,7 @@ func initAxfrDdns(config map[string]string, providermeta json.RawMessage) (provi
 			"nameservers",
 			"update-key",
 			"transfer-key",
+			"transfer-server",
 			"update-mode",
 			"transfer-mode",
 			"domain",
@@ -214,9 +224,9 @@ func (c *axfrddnsProvider) getAxfrConnection() (*dns.Transfer, error) {
 	var con net.Conn = nil
 	var err error = nil
 	if c.transferMode == "tcp-tls" {
-		con, err = tls.Dial("tcp", c.master, &tls.Config{})
+		con, err = tls.Dial("tcp", c.transferServer, &tls.Config{})
 	} else {
-		con, err = net.Dial("tcp", c.master)
+		con, err = net.Dial("tcp", c.transferServer)
 	}
 	if err != nil {
 		return nil, err
@@ -247,7 +257,7 @@ func (c *axfrddnsProvider) FetchZoneRecords(domain string) ([]dns.RR, error) {
 		}
 	}
 
-	envelope, err := transfer.In(request, c.master)
+	envelope, err := transfer.In(request, c.transferServer)
 	if err != nil {
 		return nil, err
 	}

From edf047102b109ca520e8d3697d84b8c27135fba4 Mon Sep 17 00:00:00 2001
From: llange <llange@users.noreply.github.com>
Date: Mon, 18 Dec 2023 15:35:10 +0100
Subject: [PATCH 085/438] FEATURE: CAA_BUILDER: add `issue_critical` and
 `issuewild_critical` (#2728)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts                |  4 +-
 documentation/functions/domain/CAA_BUILDER.md | 77 ++++++++++++++++---
 pkg/js/helpers.js                             | 18 ++++-
 3 files changed, 84 insertions(+), 15 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 9cacc652d5..6c0f86a394 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -398,7 +398,9 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * * `iodef:` Report all violation to configured mail address.
  * * `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
  * * `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
+ * * `issue_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
  * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
+ * * `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
  *
  * `CAA_BUILDER()` returns multiple records (when configured as example above):
  *
@@ -411,7 +413,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
  */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issuewild: string[] }): DomainModifier;
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issue_critical?: boolean; issuewild: string[]; issuewild_critical?: boolean }): DomainModifier;
 
 /**
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
diff --git a/documentation/functions/domain/CAA_BUILDER.md b/documentation/functions/domain/CAA_BUILDER.md
index 8e7c445e35..d3f9280389 100644
--- a/documentation/functions/domain/CAA_BUILDER.md
+++ b/documentation/functions/domain/CAA_BUILDER.md
@@ -5,14 +5,18 @@ parameters:
   - iodef
   - iodef_critical
   - issue
+  - issue_critical
   - issuewild
+  - issuewild_critical
 parameters_object: true
 parameter_types:
   label: string?
   iodef: string
   iodef_critical: boolean?
   issue: string[]
+  issue_critical: boolean?
   issuewild: string[]
+  issuewild_critical: boolean?
 ---
 
 DNSControl contains a `CAA_BUILDER` which can be used to simply create
@@ -22,7 +26,7 @@ authorized certificate authorities and the builder cares about the rest.
 
 ## Example
 
-For example you can use:
+### Simple example
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -39,15 +43,7 @@ CAA_BUILDER({
 ```
 {% endcode %}
 
-The parameters are:
-
-* `label:` The label of the CAA record. (Optional. Default: `"@"`)
-* `iodef:` Report all violation to configured mail address.
-* `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
-* `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
-* `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
-
-`CAA_BUILDER()` returns multiple records (when configured as example above):
+`CAA_BUILDER()` builds multiple records:
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -57,3 +53,64 @@ CAA("@", "issue", "comodoca.com")
 CAA("@", "issuewild", ";")
 ```
 {% endcode %}
+
+which in turns yield the following records:
+
+```text
+@ 300 IN CAA 128 iodef "mailto:test@example.com"
+@ 300 IN CAA 0 issue "letsencrypt.org"
+@ 300 IN CAA 0 issue "comodoca.com"
+@ 300 IN CAA 0 issuewild ";"
+```
+
+### Example with CAA_CRITICAL flag on all records
+
+The same example can be enriched with CAA_CRITICAL on all records:
+
+{% code title="dnsconfig.js" %}
+```javascript
+CAA_BUILDER({
+  label: "@",
+  iodef: "mailto:test@example.com",
+  iodef_critical: true,
+  issue: [
+    "letsencrypt.org",
+    "comodoca.com",
+  ],
+  issue_critical: true,
+  issuewild: "none",
+  issuewild_critical: true,
+})
+```
+{% endcode %}
+
+`CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set:
+
+{% code title="dnsconfig.js" %}
+```javascript
+CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL)
+CAA("@", "issue", "comodoca.com", CAA_CRITICAL)
+CAA("@", "issuewild", ";", CAA_CRITICAL)
+```
+{% endcode %}
+
+which in turns yield the following records:
+
+```text
+@ 300 IN CAA 128 iodef "mailto:test@example.com"
+@ 300 IN CAA 128 issue "letsencrypt.org"
+@ 300 IN CAA 128 issue "comodoca.com"
+@ 300 IN CAA 128 issuewild ";"
+```
+
+
+### Parameters
+
+* `label:` The label of the CAA record. (Optional. Default: `"@"`)
+* `iodef:` Report all violation to configured mail address.
+* `iodef_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+* `issue:` An array of CAs which are allowed to issue certificates. (Use `"none"` to refuse all CAs)
+* `issue_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+* `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
+* `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index e289579627..05dcef9eec 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1478,13 +1478,23 @@ function CAA_BUILDER(value) {
         }
     }
 
-    if (value.issue)
+    if (value.issue) {
+        var flag = function() {};
+        if (value.issue_critical) {
+          flag = CAA_CRITICAL;
+        }
         for (var i = 0, len = value.issue.length; i < len; i++)
-            r.push(CAA(value.label, 'issue', value.issue[i]));
+            r.push(CAA(value.label, 'issue', value.issue[i], flag));
+    }
 
-    if (value.issuewild)
+    if (value.issuewild) {
+        var flag = function() {};
+        if (value.issuewild_critical) {
+          flag = CAA_CRITICAL;
+        }
         for (var i = 0, len = value.issuewild.length; i < len; i++)
-            r.push(CAA(value.label, 'issuewild', value.issuewild[i]));
+            r.push(CAA(value.label, 'issuewild', value.issuewild[i], flag));
+    }
 
     return r;
 }

From b5d6b066a94e028568067c95d70144c6c34a3b22 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 11:33:15 -0500
Subject: [PATCH 086/438] Build(deps): Bump github/codeql-action from 2 to 3
 (#2732)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e9429297d8..289478b912 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -44,7 +44,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,6 +71,6 @@ jobs:
     #     ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

From 0ca55815f8fa0359b429a31bebbcc29c069a7595 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 18 Dec 2023 11:33:32 -0500
Subject: [PATCH 087/438] Build(deps): Bump actions/upload-artifact from 3.1.3
 to 4.0.0 (#2731)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 1bfcee1e9c..25d049eec0 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -29,7 +29,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v3.1.3
+    - uses: actions/upload-artifact@v4.0.0
       with:
         path: "/tmp/test-results"
 
@@ -200,7 +200,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v3.1.3
+    - uses: actions/upload-artifact@v4.0.0
       with:
         path: "/tmp/test-results"
 #  release:
@@ -229,10 +229,10 @@ jobs:
 #    - name: Install goreleaser
 #      run: go install github.com/goreleaser/goreleaser@latest
 #    - run: goreleaser release
-#    - uses: actions/upload-artifact@v3.1.3
+#    - uses: actions/upload-artifact@v4.0.0
 #      with:
 #        path: dist
-#    - uses: actions/upload-artifact@v3.1.3
+#    - uses: actions/upload-artifact@v4.0.0
 #      with:
 #        path: |-
 #          dist/*.rpm

From 258654532a2b4fb14a29d1b2c09b4e92352ee34e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 18 Dec 2023 12:39:48 -0500
Subject: [PATCH 088/438] MSDNS: Fix failing DNS integration tests (#2734)

---
 commands/types/dnscontrol.d.ts     | 68 +++++++++++++++++++++++++-----
 pkg/rejectif/txt.go                | 34 +++++++--------
 providers/dnsimple/auditrecords.go |  2 +-
 providers/msdns/auditrecords.go    |  6 ++-
 4 files changed, 80 insertions(+), 30 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 6c0f86a394..76a8a10af1 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -377,7 +377,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *
  * ## Example
  *
- * For example you can use:
+ * ### Simple example
  *
  * ```javascript
  * CAA_BUILDER({
@@ -392,7 +392,62 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * })
  * ```
  *
- * The parameters are:
+ * `CAA_BUILDER()` builds multiple records:
+ *
+ * ```javascript
+ * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+ * CAA("@", "issue", "letsencrypt.org")
+ * CAA("@", "issue", "comodoca.com")
+ * CAA("@", "issuewild", ";")
+ * ```
+ *
+ * which in turns yield the following records:
+ *
+ * ```text
+ * @ 300 IN CAA 128 iodef "mailto:test@example.com"
+ * @ 300 IN CAA 0 issue "letsencrypt.org"
+ * @ 300 IN CAA 0 issue "comodoca.com"
+ * @ 300 IN CAA 0 issuewild ";"
+ * ```
+ *
+ * ### Example with CAA_CRITICAL flag on all records
+ *
+ * The same example can be enriched with CAA_CRITICAL on all records:
+ *
+ * ```javascript
+ * CAA_BUILDER({
+ *   label: "@",
+ *   iodef: "mailto:test@example.com",
+ *   iodef_critical: true,
+ *   issue: [
+ *     "letsencrypt.org",
+ *     "comodoca.com",
+ *   ],
+ *   issue_critical: true,
+ *   issuewild: "none",
+ *   issuewild_critical: true,
+ * })
+ * ```
+ *
+ * `CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set:
+ *
+ * ```javascript
+ * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
+ * CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL)
+ * CAA("@", "issue", "comodoca.com", CAA_CRITICAL)
+ * CAA("@", "issuewild", ";", CAA_CRITICAL)
+ * ```
+ *
+ * which in turns yield the following records:
+ *
+ * ```text
+ * @ 300 IN CAA 128 iodef "mailto:test@example.com"
+ * @ 300 IN CAA 128 issue "letsencrypt.org"
+ * @ 300 IN CAA 128 issue "comodoca.com"
+ * @ 300 IN CAA 128 issuewild ";"
+ * ```
+ *
+ * ### Parameters
  *
  * * `label:` The label of the CAA record. (Optional. Default: `"@"`)
  * * `iodef:` Report all violation to configured mail address.
@@ -402,15 +457,6 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
  * * `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
  *
- * `CAA_BUILDER()` returns multiple records (when configured as example above):
- *
- * ```javascript
- * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * CAA("@", "issue", "letsencrypt.org")
- * CAA("@", "issue", "comodoca.com")
- * CAA("@", "issuewild", ";")
- * ```
- *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
  */
 declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issue_critical?: boolean; issuewild: string[]; issuewild_critical?: boolean }): DomainModifier;
diff --git a/pkg/rejectif/txt.go b/pkg/rejectif/txt.go
index 9e4bf161fd..0df3be1962 100644
--- a/pkg/rejectif/txt.go
+++ b/pkg/rejectif/txt.go
@@ -17,15 +17,6 @@ func TxtHasBackslash(rc *models.RecordConfig) error {
 	return nil
 }
 
-// TxtStartsOrEndsWithSpaces audits TXT records that starts or ends with spaces
-func TxtStartsOrEndsWithSpaces(rc *models.RecordConfig) error {
-	txt := rc.GetTargetTXTJoined()
-	if len(txt) > 0 && (txt[0] == ' ' || txt[len(txt)-1] == ' ') {
-		return fmt.Errorf("txtstring starts or ends with spaces")
-	}
-	return nil
-}
-
 // TxtHasBackticks audits TXT records for strings that contain backticks.
 func TxtHasBackticks(rc *models.RecordConfig) error {
 	if strings.Contains(rc.GetTargetTXTJoined(), "`") {
@@ -42,6 +33,14 @@ func TxtHasDoubleQuotes(rc *models.RecordConfig) error {
 	return nil
 }
 
+// TxtHasSemicolon audits TXT records for strings that contain backticks.
+func TxtHasSemicolon(rc *models.RecordConfig) error {
+	if strings.Contains(rc.GetTargetTXTJoined(), ";") {
+		return fmt.Errorf("txtstring contains semicolon")
+	}
+	return nil
+}
+
 // TxtHasSingleQuotes audits TXT records for strings that contain single-quotes.
 func TxtHasSingleQuotes(rc *models.RecordConfig) error {
 	if strings.Contains(rc.GetTargetTXTJoined(), "'") {
@@ -75,14 +74,6 @@ func TxtIsEmpty(rc *models.RecordConfig) error {
 	return nil
 }
 
-// TxtLongerThan255 audits TXT records for multiple strings
-func TxtLongerThan255(rc *models.RecordConfig) error {
-	if len(rc.GetTargetTXTJoined()) > 255 {
-		return fmt.Errorf("TXT records longer than 255 octets (chars)")
-	}
-	return nil
-}
-
 // TxtLongerThan returns a function that audits TXT records for length
 // greater than maxLength.
 func TxtLongerThan(maxLength int) func(rc *models.RecordConfig) error {
@@ -94,3 +85,12 @@ func TxtLongerThan(maxLength int) func(rc *models.RecordConfig) error {
 		return nil
 	}
 }
+
+// TxtStartsOrEndsWithSpaces audits TXT records that starts or ends with spaces
+func TxtStartsOrEndsWithSpaces(rc *models.RecordConfig) error {
+	txt := rc.GetTargetTXTJoined()
+	if len(txt) > 0 && (txt[0] == ' ' || txt[len(txt)-1] == ' ') {
+		return fmt.Errorf("txtstring starts or ends with spaces")
+	}
+	return nil
+}
diff --git a/providers/dnsimple/auditrecords.go b/providers/dnsimple/auditrecords.go
index 3e8df5b634..ab4e4038f8 100644
--- a/providers/dnsimple/auditrecords.go
+++ b/providers/dnsimple/auditrecords.go
@@ -13,7 +13,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("MX", rejectif.MxNull) // Last verified 2023-03
 
-	a.Add("TXT", rejectif.TxtLongerThan255) // Last verified 2023-03
+	a.Add("TXT", rejectif.TxtLongerThan(255)) // Last verified 2023-03
 
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-03
 
diff --git a/providers/msdns/auditrecords.go b/providers/msdns/auditrecords.go
index f3fe4fa3dd..86e9169006 100644
--- a/providers/msdns/auditrecords.go
+++ b/providers/msdns/auditrecords.go
@@ -15,15 +15,19 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 20-0212-28
 
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-12-18
+
 	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2023-02-02
 
 	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-02-02
 
-	a.Add("TXT", rejectif.TxtLongerThan(255)) // Last verified 2023-02-02
+	a.Add("TXT", rejectif.TxtHasSemicolon) // Last verified 2023-12-18
 
 	a.Add("TXT", rejectif.TxtHasSingleQuotes) // Last verified 2023-02-02
 
 	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-02-02
 
+	a.Add("TXT", rejectif.TxtLongerThan(254)) // Last verified 2023-12-18
+
 	return a.Audit(records)
 }

From 1ebe4404d1dfd63c3f5fca3da4883f141a33bc8a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 18 Dec 2023 12:55:49 -0500
Subject: [PATCH 089/438] BUG: --full outputs an extra newline when skipping
 providers (#2730)

---
 pkg/printer/printer.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index ec8b2a8de5..6ebe635466 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -129,7 +129,7 @@ func (c ConsolePrinter) EndCorrection(err error) {
 func (c ConsolePrinter) StartDNSProvider(provider string, skip bool) {
 	lbl := ""
 	if skip {
-		lbl = " (skipping)\n"
+		lbl = " (skipping)"
 	}
 	if !SkinnyReport {
 		fmt.Fprintf(c.Writer, "----- DNS Provider: %s...%s\n", provider, lbl)
@@ -140,7 +140,7 @@ func (c ConsolePrinter) StartDNSProvider(provider string, skip bool) {
 func (c ConsolePrinter) StartRegistrar(provider string, skip bool) {
 	lbl := ""
 	if skip {
-		lbl = " (skipping)\n"
+		lbl = " (skipping)"
 	}
 	if !SkinnyReport {
 		fmt.Fprintf(c.Writer, "----- Registrar: %s...%s\n", provider, lbl)

From 1bbf9c4293f6cd5127bf190ead5ed738dd11c437 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 18 Dec 2023 15:25:04 -0500
Subject: [PATCH 090/438] CICD: Revert actions/upload-artifact to 3.1.3 (from
 4.0.0) (#2736)

---
 .github/workflows/pr_test.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 25d049eec0..1bfcee1e9c 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -29,7 +29,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.0.0
+    - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
 
@@ -200,7 +200,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.0.0
+    - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
 #  release:
@@ -229,10 +229,10 @@ jobs:
 #    - name: Install goreleaser
 #      run: go install github.com/goreleaser/goreleaser@latest
 #    - run: goreleaser release
-#    - uses: actions/upload-artifact@v4.0.0
+#    - uses: actions/upload-artifact@v3.1.3
 #      with:
 #        path: dist
-#    - uses: actions/upload-artifact@v4.0.0
+#    - uses: actions/upload-artifact@v3.1.3
 #      with:
 #        path: |-
 #          dist/*.rpm

From d5eedab66e1e9c3f71b68b8f3fd5e144723f7f61 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 19 Dec 2023 11:16:32 -0500
Subject: [PATCH 091/438] CICD: clean slate at the start, not end, of each
 testgroup (#2738)

---
 integrationTest/integration_test.go | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 6a8cfccce8..da4622292a 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -288,12 +288,8 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 		lastGroup = len(testGroups)
 	}
 
-	// Start the zone with a clean slate.
-	makeChanges(t, prv, dc, tc("Empty"), "Clean Slate", false, nil)
-
 	curGroup := -1
 	for gIdx, group := range testGroups {
-		start := time.Now()
 
 		// Abide by -start -end flags
 		curGroup++
@@ -308,7 +304,11 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 			continue
 		}
 
+		// Start the testgroup with a clean slate.
+		makeChanges(t, prv, dc, tc("Empty"), "Clean Slate", false, nil)
+
 		// Run the tests.
+		start := time.Now()
 
 		for _, tst := range group.tests {
 
@@ -326,9 +326,6 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 
 		}
 
-		// Remove all records so next group starts with a clean slate.
-		makeChanges(t, prv, dc, tc("Empty"), "Post cleanup", true, nil)
-
 		elapsed := time.Since(start)
 		if *printElapsed {
 			fmt.Printf("ELAPSED %02d %7.2f %q\n", gIdx, elapsed.Seconds(), group.Desc)
@@ -800,11 +797,9 @@ func makeTests(t *testing.T) []*TestGroup {
 	// whether or not a certain kind of record can be created and
 	// deleted.
 
-	// clear() is the same as tc("Empty").  It removes all records.  You
-	// can use this to verify a provider can delete all the records in
-	// the last tc(), or to provide a clean slate for the next tc().
-	// Each testgroup() begins and ends with clear(), so you don't have
-	// to list the clear() yourself.
+	// clear() is the same as tc("Empty").  It removes all records.
+	// Each testgroup() begins with clear() automagically. You do not
+	// have to include the clear() in teach testgroup().
 
 	tests := []*TestGroup{
 
@@ -2080,6 +2075,11 @@ func makeTests(t *testing.T) []*TestGroup {
 				ovhdmarc("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@example.com")),
 		),
 
+		// This MUST be the last test.
+		testgroup("final",
+			tc("final", txt("final", `TestDNSProviders was successful!`)),
+		),
+
 		// Narrative: Congrats! You're done!  If you've made it this far
 		// you're very close to being able to submit your PR.  Here's
 		// some tips:

From 8f18f6e7a1942fcf25bb2169eba05ea6df0a29f6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 19 Dec 2023 11:50:49 -0500
Subject: [PATCH 092/438] CHORE: Bump golang.org/x/crypto from 0.16.0 to 0.17.0
 (#2740)

---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 652aebb51c..00aacd0274 100644
--- a/go.mod
+++ b/go.mod
@@ -50,6 +50,7 @@ require (
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.26.0
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
+	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/net v0.19.0
 	golang.org/x/oauth2 v0.15.0
 	google.golang.org/api v0.154.0
@@ -66,7 +67,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb
+	golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -143,7 +144,6 @@ require (
 	go.opentelemetry.io/otel v1.21.0 // indirect
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
-	golang.org/x/crypto v0.16.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
 	golang.org/x/sys v0.15.0 // indirect
diff --git a/go.sum b/go.sum
index 8f88ecd409..160652ead9 100644
--- a/go.sum
+++ b/go.sum
@@ -458,11 +458,11 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
-golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8=
-golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca h1:+xQfFu/HO/82Wwg4zuJ5xiLp0yaOLJjBGnuafXp85YQ=
+golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=

From 9e4969cb3cf35acce3c15f11bb6074a4da51543b Mon Sep 17 00:00:00 2001
From: Eric Case <case@users.noreply.github.com>
Date: Fri, 29 Dec 2023 13:23:16 -0800
Subject: [PATCH 093/438] Docs: Use bullet list in opinion 2 (#2746)

---
 documentation/opinions.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/documentation/opinions.md b/documentation/opinions.md
index 1d7e6f47d8..ffa5d626ad 100644
--- a/documentation/opinions.md
+++ b/documentation/opinions.md
@@ -37,17 +37,17 @@ coworkers who aren't DNS experts.
 
 Things your coworkers should not have to know:
 
-Your coworkers should not have to know obscure DNS technical
+- Your coworkers should not have to know obscure DNS technical
 knowledge.  That's your job.
 
-Your coworkers should not have to know what happens in ambiguous
+- Your coworkers should not have to know what happens in ambiguous
 situations.  That's your job.
 
-Your coworkers should be able to submit PRs to `dnsconfig.js` for you
+- Your coworkers should be able to submit PRs to `dnsconfig.js` for you
 to approve; preferably via a CI system that does rudimentary checks
 before you even have to see the PR.
 
-Your coworkers should be able to figure out the language without
+- Your coworkers should be able to figure out the language without
 much training. The system should block them from doing dangerous
 things (even if they are technically legal).
 

From 3f273886de45a6bb86d385abc5234b30b7ba17da Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Jan 2024 10:41:35 -0500
Subject: [PATCH 094/438] CHORE: Upgrade aws/aws-sdk-go-v2 urfave/cli/v2
 gopkg.in/ns1/ns1-go.v2 golang.org/x/exp

---
 go.mod | 14 +++++++-------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/go.mod b/go.mod
index 00aacd0274..c12ac4417e 100644
--- a/go.mod
+++ b/go.mod
@@ -15,9 +15,9 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.24.0
-	github.com/aws/aws-sdk-go-v2/config v1.26.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.12
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5
+	github.com/aws/aws-sdk-go-v2/config v1.26.2
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.13
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
@@ -48,13 +48,13 @@ require (
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
 	github.com/transip/gotransip/v6 v6.23.0
-	github.com/urfave/cli/v2 v2.26.0
+	github.com/urfave/cli/v2 v2.27.1
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.17.0 // indirect
 	golang.org/x/net v0.19.0
 	golang.org/x/oauth2 v0.15.0
 	google.golang.org/api v0.154.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.11
+	gopkg.in/ns1/ns1-go.v2 v2.7.13
 )
 
 require (
@@ -67,7 +67,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca
+	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -87,7 +87,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 160652ead9..9df23c13ea 100644
--- a/go.sum
+++ b/go.sum
@@ -41,10 +41,10 @@ github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEq
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
 github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
-github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
+github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
+github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
@@ -57,16 +57,16 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5 h1:WVQIKVwv56JY+I0b2fFeRGCTSi/Xupa87z7y8HZ6l5g=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.35.5/go.mod h1:F9El48+5Tf+TkYJB/6M9H7oqXw9Mr9eVetwJ6SUql7g=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0 h1:7wh6KdJnej4T7sE/xfnZf5T+GQzp6GfoZi+5r6ZPlW8=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0/go.mod h1:F9El48+5Tf+TkYJB/6M9H7oqXw9Mr9eVetwJ6SUql7g=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5 h1:WDr8iQXuDzL6ERqRvpdIy1ZdOjg6lXlEHSo8wOJiOyI=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5/go.mod h1:7fnaaVoKfZaWJ8RuNYTYV3SkqD6BkFYlRuFDEkHajpc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -423,8 +423,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.26.0 h1:3f3AMg3HpThFNT4I++TKOejZO8yU55t3JnnSr4S4QEI=
-github.com/urfave/cli/v2 v2.26.0/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
+github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -461,8 +461,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca h1:+xQfFu/HO/82Wwg4zuJ5xiLp0yaOLJjBGnuafXp85YQ=
-golang.org/x/exp v0.0.0-20231219160207-73b9e39aefca/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4=
+golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -613,8 +613,8 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
-gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=
+gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From fe4e07b3bb25db509467a33149da44c2d4e7250a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Jan 2024 12:44:19 -0500
Subject: [PATCH 095/438] CHORE: Upgrade deps (#2754)

---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index c12ac4417e..d20eeb8987 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.83.0
+	github.com/cloudflare/cloudflare-go v0.84.0
 	github.com/digitalocean/godo v1.107.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.2.0
@@ -44,7 +44,7 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
-	github.com/robertkrimen/otto v0.2.1
+	github.com/robertkrimen/otto v0.3.0
 	github.com/softlayer/softlayer-go v1.1.2
 	github.com/stretchr/testify v1.8.4
 	github.com/transip/gotransip/v6 v6.23.0
@@ -54,7 +54,7 @@ require (
 	golang.org/x/net v0.19.0
 	golang.org/x/oauth2 v0.15.0
 	google.golang.org/api v0.154.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.13
+	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
diff --git a/go.sum b/go.sum
index 9df23c13ea..cda8b0476a 100644
--- a/go.sum
+++ b/go.sum
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.83.0 h1:aq85Hbr5W6KfXZV7v3lx6fhBkiu0FYqY+3+xzG14mdY=
-github.com/cloudflare/cloudflare-go v0.83.0/go.mod h1:5pkAzpoWJYI5NekLZoRryQAcghYDhdbUxdcal1f7lu4=
+github.com/cloudflare/cloudflare-go v0.84.0 h1:1jQPJfq3nPdjKF+oqjTOSRAWcTCA6u5fcCVx7xGhLpg=
+github.com/cloudflare/cloudflare-go v0.84.0/go.mod h1:5pkAzpoWJYI5NekLZoRryQAcghYDhdbUxdcal1f7lu4=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -376,8 +376,8 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494 h1:wSmWgpuccqS2IOfmYrbRiUgv+g37W5suLLLxwwniTSc=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08eQ6XwDm1fEwKPdF/xdbkiHtrU+1Hg+vc4=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
-github.com/robertkrimen/otto v0.2.1 h1:FVP0PJ0AHIjC+N4pKCG9yCDz6LHNPCwi/GKID5pGGF0=
-github.com/robertkrimen/otto v0.2.1/go.mod h1:UPwtJ1Xu7JrLcZjNWN8orJaM5n5YEtqL//farB5FlRY=
+github.com/robertkrimen/otto v0.3.0 h1:5RI+8860NSxvXywDY9ddF5HcPw0puRsd8EgbXV0oqRE=
+github.com/robertkrimen/otto v0.3.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
@@ -613,8 +613,8 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/ns1/ns1-go.v2 v2.7.13 h1:r07CLALg18f/L1KIK1ZJdbirBV349UtYT1rDWGjnaTk=
-gopkg.in/ns1/ns1-go.v2 v2.7.13/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
+gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From 8ed137aff5f131a24ae613abf1263ce72e32a3be Mon Sep 17 00:00:00 2001
From: Yuhui Xu <xuyh0120@outlook.com>
Date: Tue, 2 Jan 2024 11:15:46 -0800
Subject: [PATCH 096/438] GCORE: Fix handling very long TXT records (#2744)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/gcore/convert.go | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index b5c1cc6bff..b57b956410 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -86,7 +86,7 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 			}
 		case "TXT": // Avoid double quoting for TXT records
 			rr = dnssdk.ResourceRecord{
-				Content: convertTxtSliceToSdkAnySlice(r.GetTargetTXTSegmented()),
+				Content: convertTxtSliceToSdkAnySlice(r.GetTargetTXTJoined()),
 				Meta:    nil,
 				Enabled: true,
 			}
@@ -119,11 +119,8 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 	return result
 }
 
-func convertTxtSliceToSdkAnySlice(records []string) []any {
-	result := []any{}
-	for _, record := range records {
-		result = append(result, record)
-	}
+func convertTxtSliceToSdkAnySlice(record string) []any {
+	result := []any{record}
 	return result
 }
 

From 17da0bc69f7ccdcc8e9ae5dd5fd5884d614a3d7c Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 2 Jan 2024 21:14:35 +0100
Subject: [PATCH 097/438] CICD: GoReleaser version (#2737)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml        | 14 ---------
 .github/workflows/release_draft.yml  | 13 --------
 .goreleaser.yml                      |  3 +-
 build/build.go                       |  3 +-
 commands/commands.go                 |  7 +----
 commands/writeTypes.go               |  8 +++--
 main.go                              | 13 ++------
 pkg/version/version.go               | 44 ----------------------------
 providers/hexonet/hexonetProvider.go |  8 +++--
 9 files changed, 19 insertions(+), 94 deletions(-)
 delete mode 100644 pkg/version/version.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 1bfcee1e9c..aaf13a3498 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -38,16 +38,6 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
-# For some reason goreleaser isn't correctly setting the version
-# string used by "dnscontrol version".  Therefore, we're forcing the
-# string using the GORELEASER_CURRENT_TAG feature.
-# TODO(tlim): Use the native gorelease version mechanism.
-    - name: Retrieve version
-      id: version
-      run: |
-        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe)" >> $GITHUB_OUTPUT
-    - name: Reveal version
-      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_tagged
       name: Build binaries (if tagged)
@@ -57,8 +47,6 @@ jobs:
         distribution: goreleaser
         version: latest
         args: build
-      env:
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_not_tagged
       name: Build binaries (not tagged)
@@ -68,8 +56,6 @@ jobs:
         distribution: goreleaser
         version: latest
         args: build --snapshot
-      env:
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
   integration-test-providers:
     needs: build
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index d87e0cdc26..30f5d50076 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -49,18 +49,6 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
-# For some reason goreleaser isn't correctly setting the version
-# string used by "dnscontrol version".  Therefore, we're forcing the
-# string using the GORELEASER_CURRENT_TAG feature.
-# TODO(tlim): Use the native gorelease version mechanism.
-
-    - name: Retrieve version
-      id: version
-      run: |
-        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe --tags)" >> $GITHUB_OUTPUT
-
-    - name: Reveal version
-      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: release
       name: Goreleaser release
@@ -71,4 +59,3 @@ jobs:
         args: release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index ca667aa4ba..fada195f66 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -18,7 +18,8 @@ builds:
       - goos: freebsd
         goarch: "386"
     ldflags:
-      - -linkmode=internal -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
+      - -linkmode=internal -s -w
+      - -X main.version={{ .Version }}
 before:
   hooks:
     - go fmt ./...
diff --git a/build/build.go b/build/build.go
index 736618f3c3..6a5af6a10b 100644
--- a/build/build.go
+++ b/build/build.go
@@ -7,7 +7,6 @@ import (
 	"os"
 	"os/exec"
 	"strings"
-	"time"
 )
 
 var sha = flag.String("sha", "", "SHA of current commit")
@@ -16,7 +15,7 @@ var goos = flag.String("os", "", "OS to build (linux, windows, or darwin) Defaul
 
 func main() {
 	flag.Parse()
-	flags := fmt.Sprintf(`-s -w -X "main.SHA=%s" -X main.BuildTime=%d`, getVersion(), time.Now().Unix())
+	flags := fmt.Sprintf(`-s -w -X "main.version=%s"`, getVersion())
 	pkg := "github.com/StackExchange/dnscontrol/v4"
 
 	build := func(out, goos string) {
diff --git a/commands/commands.go b/commands/commands.go
index 1375917237..b46355b4f9 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -25,11 +25,6 @@ const (
 
 var commands = []*cli.Command{}
 
-// These are set by/for goreleaser
-var (
-	version = "dev"
-)
-
 func cmd(cat string, c *cli.Command) bool {
 	c.Category = cat
 	commands = append(commands, c)
@@ -52,7 +47,7 @@ func Run(v string) int {
 	app.Version = version
 	app.Name = "dnscontrol"
 	app.HideVersion = true
-	app.Usage = "dnscontrol is a compiler and DSL for managing dns zones"
+	app.Usage = "DNSControl is a compiler and DSL for managing dns zones"
 	app.Flags = []cli.Flag{
 		&cli.BoolFlag{
 			Name:        "v",
diff --git a/commands/writeTypes.go b/commands/writeTypes.go
index 3a8adedcd1..165952783e 100644
--- a/commands/writeTypes.go
+++ b/commands/writeTypes.go
@@ -4,10 +4,14 @@ import (
 	_ "embed" // Required by go:embed
 	"os"
 
-	versionInfo "github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/urfave/cli/v2"
 )
 
+// GoReleaser: version
+var (
+	version = "dev"
+)
+
 var _ = cmd(catUtils, func() *cli.Command {
 	var args TypesArgs
 	return &cli.Command{
@@ -50,7 +54,7 @@ func WriteTypes(args TypesArgs) error {
 
 	file.WriteString("// This file was automatically generated by DNSControl. Do not edit it directly.\n")
 	file.WriteString("// To update it, run `dnscontrol write-types`.\n\n")
-	file.WriteString("// DNSControl version: " + versionInfo.Banner() + "\n")
+	file.WriteString("// " + version + "\n")
 	file.WriteString(dtsContent)
 	if err != nil {
 		return err
diff --git a/main.go b/main.go
index c86971cb88..9feb5b327e 100644
--- a/main.go
+++ b/main.go
@@ -2,12 +2,10 @@ package main
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"runtime/debug"
 
 	"github.com/StackExchange/dnscontrol/v4/commands"
-	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/_all"
 	"github.com/fatih/color"
 )
@@ -17,22 +15,17 @@ import (
 // Version management. Goals:
 // 1. Someone who just does "go get" has at least some information.
 // 2. If built with build/build.go, more specific build information gets put in.
+// GoReleaser: version
 var (
-	SHA       = ""
-	Version   = ""
-	BuildTime = ""
+	version = "dev"
 )
 
 func main() {
-	version.SHA = SHA
-	version.Semver = Version
-	version.BuildTime = BuildTime
 	if os.Getenv("CI") == "true" {
 		color.NoColor = false
 	}
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
 	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
 		fmt.Fprint(os.Stderr, "Warning: dnscontrol was built without Go modules. See https://docs.dnscontrol.org/getting-started/getting-started#source for more information on how to build dnscontrol correctly.\n\n")
 	}
-	os.Exit(commands.Run("dnscontrol " + version.Banner()))
+	os.Exit(commands.Run("DNSControl " + version))
 }
diff --git a/pkg/version/version.go b/pkg/version/version.go
deleted file mode 100644
index 2bba701a01..0000000000
--- a/pkg/version/version.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package version
-
-import (
-	"fmt"
-	"runtime/debug"
-	"strconv"
-	"time"
-)
-
-// NOTE: main() updates these.
-var (
-	BuildTime = ""
-	SHA       = ""
-	Semver    = ""
-)
-
-var versionCache string
-
-// Banner returns the version banner.
-func Banner() string {
-	if versionCache != "" {
-		return versionCache
-	}
-
-	var version string
-	if SHA != "" {
-		version = fmt.Sprintf("%s (%s)", Semver, SHA)
-	} else {
-		version = fmt.Sprintf("%s-dev", Semver) // no SHA. '0.x.y-dev' indicates it is run from source without build script.
-	}
-	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
-		version += " (non-modules)"
-	}
-	if BuildTime != "" {
-		i, err := strconv.ParseInt(BuildTime, 10, 64)
-		if err == nil {
-			tm := time.Unix(i, 0)
-			version += fmt.Sprintf(" built %s", tm.Format(time.RFC822))
-		}
-	}
-
-	versionCache = version
-	return version
-}
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index 1784f11909..a45c2e39cb 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -5,11 +5,15 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	hxcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3/apiclient"
 )
 
+// GoReleaser: version
+var (
+	version = "dev"
+)
+
 // HXClient describes a connection to the hexonet API.
 type HXClient struct {
 	APILogin    string
@@ -36,7 +40,7 @@ func newProvider(conf map[string]string) (*HXClient, error) {
 	api := &HXClient{
 		client: hxcl.NewAPIClient(),
 	}
-	api.client.SetUserAgent("DNSControl", version.Banner())
+	api.client.SetUserAgent("DNSControl", version)
 	api.APILogin, api.APIPassword, api.APIEntity = conf["apilogin"], conf["apipassword"], conf["apientity"]
 	if conf["debugmode"] == "1" {
 		api.client.EnableDebugMode()

From 9221a0638ca9ddb8c13d74905ac18369ab552551 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Jan 2024 15:20:01 -0500
Subject: [PATCH 098/438] Revert "CICD: GoReleaser version" (#2756)

---
 .github/workflows/pr_test.yml        | 14 +++++++++
 .github/workflows/release_draft.yml  | 13 ++++++++
 .goreleaser.yml                      |  3 +-
 build/build.go                       |  3 +-
 commands/commands.go                 |  7 ++++-
 commands/writeTypes.go               |  8 ++---
 main.go                              | 13 ++++++--
 pkg/version/version.go               | 44 ++++++++++++++++++++++++++++
 providers/hexonet/hexonetProvider.go |  8 ++---
 9 files changed, 94 insertions(+), 19 deletions(-)
 create mode 100644 pkg/version/version.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index aaf13a3498..1bfcee1e9c 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -38,6 +38,16 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
+# For some reason goreleaser isn't correctly setting the version
+# string used by "dnscontrol version".  Therefore, we're forcing the
+# string using the GORELEASER_CURRENT_TAG feature.
+# TODO(tlim): Use the native gorelease version mechanism.
+    - name: Retrieve version
+      id: version
+      run: |
+        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe)" >> $GITHUB_OUTPUT
+    - name: Reveal version
+      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_tagged
       name: Build binaries (if tagged)
@@ -47,6 +57,8 @@ jobs:
         distribution: goreleaser
         version: latest
         args: build
+      env:
+        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_not_tagged
       name: Build binaries (not tagged)
@@ -56,6 +68,8 @@ jobs:
         distribution: goreleaser
         version: latest
         args: build --snapshot
+      env:
+        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
   integration-test-providers:
     needs: build
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index 30f5d50076..d87e0cdc26 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -49,6 +49,18 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
+# For some reason goreleaser isn't correctly setting the version
+# string used by "dnscontrol version".  Therefore, we're forcing the
+# string using the GORELEASER_CURRENT_TAG feature.
+# TODO(tlim): Use the native gorelease version mechanism.
+
+    - name: Retrieve version
+      id: version
+      run: |
+        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe --tags)" >> $GITHUB_OUTPUT
+
+    - name: Reveal version
+      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: release
       name: Goreleaser release
@@ -59,3 +71,4 @@ jobs:
         args: release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index fada195f66..ca667aa4ba 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -18,8 +18,7 @@ builds:
       - goos: freebsd
         goarch: "386"
     ldflags:
-      - -linkmode=internal -s -w
-      - -X main.version={{ .Version }}
+      - -linkmode=internal -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
 before:
   hooks:
     - go fmt ./...
diff --git a/build/build.go b/build/build.go
index 6a5af6a10b..736618f3c3 100644
--- a/build/build.go
+++ b/build/build.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"os/exec"
 	"strings"
+	"time"
 )
 
 var sha = flag.String("sha", "", "SHA of current commit")
@@ -15,7 +16,7 @@ var goos = flag.String("os", "", "OS to build (linux, windows, or darwin) Defaul
 
 func main() {
 	flag.Parse()
-	flags := fmt.Sprintf(`-s -w -X "main.version=%s"`, getVersion())
+	flags := fmt.Sprintf(`-s -w -X "main.SHA=%s" -X main.BuildTime=%d`, getVersion(), time.Now().Unix())
 	pkg := "github.com/StackExchange/dnscontrol/v4"
 
 	build := func(out, goos string) {
diff --git a/commands/commands.go b/commands/commands.go
index b46355b4f9..1375917237 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -25,6 +25,11 @@ const (
 
 var commands = []*cli.Command{}
 
+// These are set by/for goreleaser
+var (
+	version = "dev"
+)
+
 func cmd(cat string, c *cli.Command) bool {
 	c.Category = cat
 	commands = append(commands, c)
@@ -47,7 +52,7 @@ func Run(v string) int {
 	app.Version = version
 	app.Name = "dnscontrol"
 	app.HideVersion = true
-	app.Usage = "DNSControl is a compiler and DSL for managing dns zones"
+	app.Usage = "dnscontrol is a compiler and DSL for managing dns zones"
 	app.Flags = []cli.Flag{
 		&cli.BoolFlag{
 			Name:        "v",
diff --git a/commands/writeTypes.go b/commands/writeTypes.go
index 165952783e..3a8adedcd1 100644
--- a/commands/writeTypes.go
+++ b/commands/writeTypes.go
@@ -4,14 +4,10 @@ import (
 	_ "embed" // Required by go:embed
 	"os"
 
+	versionInfo "github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/urfave/cli/v2"
 )
 
-// GoReleaser: version
-var (
-	version = "dev"
-)
-
 var _ = cmd(catUtils, func() *cli.Command {
 	var args TypesArgs
 	return &cli.Command{
@@ -54,7 +50,7 @@ func WriteTypes(args TypesArgs) error {
 
 	file.WriteString("// This file was automatically generated by DNSControl. Do not edit it directly.\n")
 	file.WriteString("// To update it, run `dnscontrol write-types`.\n\n")
-	file.WriteString("// " + version + "\n")
+	file.WriteString("// DNSControl version: " + versionInfo.Banner() + "\n")
 	file.WriteString(dtsContent)
 	if err != nil {
 		return err
diff --git a/main.go b/main.go
index 9feb5b327e..c86971cb88 100644
--- a/main.go
+++ b/main.go
@@ -2,10 +2,12 @@ package main
 
 import (
 	"fmt"
+	"log"
 	"os"
 	"runtime/debug"
 
 	"github.com/StackExchange/dnscontrol/v4/commands"
+	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/_all"
 	"github.com/fatih/color"
 )
@@ -15,17 +17,22 @@ import (
 // Version management. Goals:
 // 1. Someone who just does "go get" has at least some information.
 // 2. If built with build/build.go, more specific build information gets put in.
-// GoReleaser: version
 var (
-	version = "dev"
+	SHA       = ""
+	Version   = ""
+	BuildTime = ""
 )
 
 func main() {
+	version.SHA = SHA
+	version.Semver = Version
+	version.BuildTime = BuildTime
 	if os.Getenv("CI") == "true" {
 		color.NoColor = false
 	}
+	log.SetFlags(log.LstdFlags | log.Lshortfile)
 	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
 		fmt.Fprint(os.Stderr, "Warning: dnscontrol was built without Go modules. See https://docs.dnscontrol.org/getting-started/getting-started#source for more information on how to build dnscontrol correctly.\n\n")
 	}
-	os.Exit(commands.Run("DNSControl " + version))
+	os.Exit(commands.Run("dnscontrol " + version.Banner()))
 }
diff --git a/pkg/version/version.go b/pkg/version/version.go
new file mode 100644
index 0000000000..2bba701a01
--- /dev/null
+++ b/pkg/version/version.go
@@ -0,0 +1,44 @@
+package version
+
+import (
+	"fmt"
+	"runtime/debug"
+	"strconv"
+	"time"
+)
+
+// NOTE: main() updates these.
+var (
+	BuildTime = ""
+	SHA       = ""
+	Semver    = ""
+)
+
+var versionCache string
+
+// Banner returns the version banner.
+func Banner() string {
+	if versionCache != "" {
+		return versionCache
+	}
+
+	var version string
+	if SHA != "" {
+		version = fmt.Sprintf("%s (%s)", Semver, SHA)
+	} else {
+		version = fmt.Sprintf("%s-dev", Semver) // no SHA. '0.x.y-dev' indicates it is run from source without build script.
+	}
+	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
+		version += " (non-modules)"
+	}
+	if BuildTime != "" {
+		i, err := strconv.ParseInt(BuildTime, 10, 64)
+		if err == nil {
+			tm := time.Unix(i, 0)
+			version += fmt.Sprintf(" built %s", tm.Format(time.RFC822))
+		}
+	}
+
+	versionCache = version
+	return version
+}
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index a45c2e39cb..1784f11909 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -5,15 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	hxcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3/apiclient"
 )
 
-// GoReleaser: version
-var (
-	version = "dev"
-)
-
 // HXClient describes a connection to the hexonet API.
 type HXClient struct {
 	APILogin    string
@@ -40,7 +36,7 @@ func newProvider(conf map[string]string) (*HXClient, error) {
 	api := &HXClient{
 		client: hxcl.NewAPIClient(),
 	}
-	api.client.SetUserAgent("DNSControl", version)
+	api.client.SetUserAgent("DNSControl", version.Banner())
 	api.APILogin, api.APIPassword, api.APIEntity = conf["apilogin"], conf["apipassword"], conf["apientity"]
 	if conf["debugmode"] == "1" {
 		api.client.EnableDebugMode()

From 4cd3c78059654a3988d4a620993e847007d596ef Mon Sep 17 00:00:00 2001
From: Simone Carletti <weppos@weppos.net>
Date: Tue, 2 Jan 2024 21:54:13 +0100
Subject: [PATCH 099/438] DNSIMPLE: Add compatibility with TXT changes (#2745)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/dnsimple.md    | 16 ++++++++-
 go.mod                                 |  3 +-
 go.sum                                 |  6 ++--
 providers/dnsimple/auditrecords.go     |  2 +-
 providers/dnsimple/dnsimpleProvider.go | 45 ++++++++++++++++++++++----
 5 files changed, 60 insertions(+), 12 deletions(-)

diff --git a/documentation/providers/dnsimple.md b/documentation/providers/dnsimple.md
index 6582d0139b..a096f9551d 100644
--- a/documentation/providers/dnsimple.md
+++ b/documentation/providers/dnsimple.md
@@ -24,9 +24,11 @@ Examples:
 {% endcode %}
 
 ## Metadata
+
 This provider does not recognize any special metadata fields unique to DNSimple.
 
 ## Usage
+
 An example configuration:
 
 {% code title="dnsconfig.js" %}
@@ -41,8 +43,20 @@ D("example.com", REG_DNSIMPLE, DnsProvider(DSP_DNSIMPLE),
 {% endcode %}
 
 ## Activation
+
 DNSControl depends on a DNSimple account access token.
 
 ## Caveats
 
-None at this time
+### TXT record length
+
+The DNSimple API supports TXT records of up to 1000 "characters" (assumed to
+be octets, per DNS norms, not Unicode characters in an encoding).
+
+See https://support.dnsimple.com/articles/txt-record/
+
+## Development
+
+### Debugging
+
+Set `DNSIMPLE_DEBUG_HTTP` environment variable to `1` to dump all API calls made by this provider.
diff --git a/go.mod b/go.mod
index d20eeb8987..2ece4b113d 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/cloudflare/cloudflare-go v0.84.0
 	github.com/digitalocean/godo v1.107.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
-	github.com/dnsimple/dnsimple-go v1.2.0
+	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
 	github.com/go-acme/lego v2.7.2+incompatible
 	github.com/go-gandi/go-gandi v0.7.0
@@ -135,6 +135,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/stretchr/objx v0.5.0 // indirect
diff --git a/go.sum b/go.sum
index cda8b0476a..23502d2c52 100644
--- a/go.sum
+++ b/go.sum
@@ -109,8 +109,8 @@ github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
-github.com/dnsimple/dnsimple-go v1.2.0 h1:ddTGyLVKly5HKb5L65AkLqFqwZlWo3WnR0BlFZlIddM=
-github.com/dnsimple/dnsimple-go v1.2.0/go.mod h1:z/cs26v/eiRvUyXsHQBLd8lWF8+cD6GbmkPH84plM4U=
+github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
+github.com/dnsimple/dnsimple-go v1.5.1/go.mod h1:QWFwNXg2hV2PrGQE9b69Ig6UwHyIOxQRrECmVvaugss=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -389,6 +389,8 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
diff --git a/providers/dnsimple/auditrecords.go b/providers/dnsimple/auditrecords.go
index ab4e4038f8..1812c0ae5e 100644
--- a/providers/dnsimple/auditrecords.go
+++ b/providers/dnsimple/auditrecords.go
@@ -13,7 +13,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("MX", rejectif.MxNull) // Last verified 2023-03
 
-	a.Add("TXT", rejectif.TxtLongerThan(255)) // Last verified 2023-03
+	a.Add("TXT", rejectif.TxtLongerThan(1000)) // Last verified 2023-12
 
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-03
 
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index b3d2b195fa..7cade69185 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
 	"sort"
 	"strconv"
 	"strings"
@@ -12,6 +13,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	dnsimpleapi "github.com/dnsimple/dnsimple-go/dnsimple"
 	"golang.org/x/oauth2"
@@ -96,7 +98,14 @@ func (c *dnsimpleProvider) GetZoneRecords(domain string, meta map[string]string)
 
 		// DNSimple adds TXT records that mirror the alias records.
 		// They manage them on ALIAS updates, so pretend they don't exist
-		if r.Type == "TXT" && strings.HasPrefix(r.Content, "ALIAS for ") {
+		if r.Type == "TXT" && strings.HasPrefix(r.Content, `"ALIAS for `) {
+			continue
+		}
+		// This second check is the same of before, but it exists for compatibility purpose.
+		// Until Nov 2023 DNSimple did not normalize TXT records, and they used to store TXT records without quotes.
+		//
+		// This is a backward-compatible function to facilitate the TXT transition.
+		if r.Type == "TXT" && strings.HasPrefix(r.Content, `ALIAS for `) {
 			continue
 		}
 
@@ -120,7 +129,12 @@ func (c *dnsimpleProvider) GetZoneRecords(domain string, meta map[string]string)
 		case "SRV":
 			err = rec.SetTargetSRVPriorityString(uint16(r.Priority), r.Content)
 		case "TXT":
-			err = rec.SetTargetTXT(r.Content)
+			// This is a backward-compatible function to facilitate the TXT transition.
+			if isQuotedTXT(r.Content) {
+				err = rec.PopulateFromStringFunc(r.Type, r.Content, domain, txtutil.ParseQuoted)
+			} else {
+				err = rec.SetTargetTXT(fmt.Sprintf("legacy: %s", r.Content))
+			}
 		default:
 			err = rec.PopulateFromString(r.Type, r.Content, domain)
 		}
@@ -255,6 +269,10 @@ func (c *dnsimpleProvider) getDNSSECCorrections(dc *models.DomainConfig) ([]*mod
 
 // DNSimple calls
 
+// Initializes a new DNSimple API client.
+//
+// - if BaseURL is present, the provided BaseURL is used. Useful to switch to DNSimple sandbox site. It defaults to production otherwise.
+// - if "DNSIMPLE_DEBUG_HTTP" is set to "1", it enables the API client logging.
 func (c *dnsimpleProvider) getClient() *dnsimpleapi.Client {
 	ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: c.AccountToken})
 	tc := oauth2.NewClient(context.Background(), ts)
@@ -266,6 +284,9 @@ func (c *dnsimpleProvider) getClient() *dnsimpleapi.Client {
 	if c.BaseURL != "" {
 		client.BaseURL = c.BaseURL
 	}
+	if os.Getenv("DNSIMPLE_DEBUG_HTTP") == "1" {
+		client.Debug = true
+	}
 	return client
 }
 
@@ -632,8 +653,10 @@ func newProvider(m map[string]string, _ json.RawMessage) (*dnsimpleProvider, err
 	return api, nil
 }
 
-// remove all non-dnsimple NS records from our desired state.
-// if any are found, print a warning
+// utilities
+
+// Removes all non-dnsimple NS records from our desired state.
+// If any are found, print a warning.
 func removeOtherApexNS(dc *models.DomainConfig) {
 	newList := make([]*models.RecordConfig, 0, len(dc.Records))
 	for _, rec := range dc.Records {
@@ -653,7 +676,7 @@ func removeOtherApexNS(dc *models.DomainConfig) {
 	dc.Records = newList
 }
 
-// Return the correct combined content for all special record types, Target for everything else
+// Returns the correct combined content for all special record types, Target for everything else
 // Using RecordConfig.GetTargetCombined returns priority in the string, which we do not allow
 func getTargetRecordContent(rc *models.RecordConfig) string {
 	switch rtype := rc.Type; rtype {
@@ -670,13 +693,13 @@ func getTargetRecordContent(rc *models.RecordConfig) string {
 	case "SRV":
 		return fmt.Sprintf("%d %d %s", rc.SrvWeight, rc.SrvPort, rc.GetTargetField())
 	case "TXT":
-		return rc.GetTargetTXTJoined()
+		return rc.GetTargetCombinedFunc(txtutil.EncodeQuoted)
 	default:
 		return rc.GetTargetField()
 	}
 }
 
-// Return the correct priority for the record type, 0 for records without priority
+// Returns the correct priority for the record type, 0 for records without priority
 func getTargetRecordPriority(rc *models.RecordConfig) int {
 	switch rtype := rc.Type; rtype {
 	case "MX":
@@ -711,3 +734,11 @@ func isDnsimpleNameServerDomain(name string) bool {
 	}
 	return false
 }
+
+// Tests if the content is encoded, performing a naive check on the presence of quotes
+// at the beginning and end of the string.
+//
+// This is a backward-compatible function to facilitate the TXT transition.
+func isQuotedTXT(content string) bool {
+	return content[0:1] == `"` && content[len(content)-1:] == `"`
+}

From 94cdbc0290311718b0710860614f87cfc16efbdd Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Jan 2024 16:27:21 -0500
Subject: [PATCH 100/438] CICD: External PRs should not fail (#2757)

---
 .github/workflows/pr_test.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 1bfcee1e9c..f2b8924f0f 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -6,6 +6,7 @@ on:
 env:
   cache-key: 1639697695 #Change to force cache reset `pwsh > Get-Date -UFormat %s`
   go-mod-path: /go/pkg/mod
+  BIND_DOMAIN: example.com
 
 jobs:
   build:

From afd0d76e7b86e912bf1e634908a0a9d6fb03663d Mon Sep 17 00:00:00 2001
From: evan <evanmccarthy@outlook.com>
Date: Tue, 2 Jan 2024 15:40:40 -0600
Subject: [PATCH 101/438] NEW REGISTRAR: Dynadot (DYNADOT) (#2753)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .goreleaser.yml                      |   2 +-
 OWNERS                               |   1 +
 README.md                            |   1 +
 documentation/SUMMARY.md             |   1 +
 documentation/providers.md           |   1 +
 documentation/providers/dynadot.md   |  41 ++++++++
 providers/_all/all.go                |   1 +
 providers/dynadot/api.go             | 135 +++++++++++++++++++++++++++
 providers/dynadot/dynadotProvider.go |  62 ++++++++++++
 9 files changed, 244 insertions(+), 1 deletion(-)
 create mode 100644 documentation/providers/dynadot.md
 create mode 100644 providers/dynadot/api.go
 create mode 100644 providers/dynadot/dynadotProvider.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index ca667aa4ba..d1b1ffd2e0 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -35,7 +35,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index a436984258..973c35f90b 100644
--- a/OWNERS
+++ b/OWNERS
@@ -13,6 +13,7 @@ providers/dnsimple @onlyhavecans
 providers/dnsmadeeasy @vojtad
 providers/doh @mikenz
 providers/domainnameshop @SimenBai
+providers/dynadot @e-im
 providers/easyname @tresni
 providers/exoscale @pierre-emmanuelJ
 providers/gandiv5 @TomOnTime
diff --git a/README.md b/README.md
index 15a0b989c3..071347b6dc 100644
--- a/README.md
+++ b/README.md
@@ -64,6 +64,7 @@ Currently supported Domain Registrars:
 - AWS Route 53
 - CSC Global
 - DNSOVERHTTPS
+- Dynadot
 - easyname
 - Gandi
 - HEXONET
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 22b8d7cadf..52e0ea22e4 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -113,6 +113,7 @@
     * [DNSimple](providers/dnsimple.md)
     * [DNS-over-HTTPS](providers/dnsoverhttps.md)
     * [DOMAINNAMESHOP](providers/domainnameshop.md)
+    * [Dynadot](providers/dynadot.md)
     * [easyname](providers/easyname.md)
     * [Exoscale](providers/exoscale.md)
     * [Gandi_v5](providers/gandi_v5.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 917baab155..603efcacf3 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -29,6 +29,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
 | [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ |
+| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
 | [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
diff --git a/documentation/providers/dynadot.md b/documentation/providers/dynadot.md
new file mode 100644
index 0000000000..19a88970eb
--- /dev/null
+++ b/documentation/providers/dynadot.md
@@ -0,0 +1,41 @@
+DNSControl's Dynadot provider supports being a Registrar. Support for being a DNS Provider is not included, but could be added in the future.
+
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `DYNADOT`
+along with `key` from the [Dynadot API](https://www.dynadot.com/account/domain/setting/api.html).
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "easyname": {
+    "TYPE": "DYNADOT",
+    "key": "API Key",
+  }
+}
+```
+{% endcode %}
+
+## Metadata
+This provider does not recognize any special metadata fields unique to Dynadot.
+
+## Usage
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_DYNADOT = NewRegistrar("dynadot");
+
+DOMAIN_ELSEWHERE("example.com", REG_DYNADOT, [
+    "ns1.example.net.",
+    "ns2.example.net.",
+    "ns3.example.net.",
+]);
+```
+{% endcode %}
+
+## Activation
+
+You must [enable the Dynadot API](https://www.dynadot.com/account/domain/setting/api.html) for your account and whitelist the IP address of the machine that will run DNSControl.
\ No newline at end of file
diff --git a/providers/_all/all.go b/providers/_all/all.go
index 48be689e94..2a04d320c0 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -18,6 +18,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/dnsmadeeasy"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/doh"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/domainnameshop"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/dynadot"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/easyname"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/exoscale"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/gandiv5"
diff --git a/providers/dynadot/api.go b/providers/dynadot/api.go
new file mode 100644
index 0000000000..232fa2f3e1
--- /dev/null
+++ b/providers/dynadot/api.go
@@ -0,0 +1,135 @@
+package dynadot
+
+import (
+	"encoding/xml"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+)
+
+// API layer for Dynadot
+
+type dynadotProvider struct {
+	key string
+}
+
+type requestParams map[string]string
+
+type header struct {
+	SuccessCode int    `xml:"SuccessCode"`
+	Status      string `xml:"Status"`
+	Error       string `xml:"Error,omitempty"`
+}
+
+type addNsResponse struct {
+	XMLName     xml.Name `xml:"AddNsResponse"`
+	AddNsHeader header   `xml:"AddNsHeader"`
+}
+
+type setNsResponse struct {
+	XMLName     xml.Name `xml:"SetNsResponse"`
+	SetNsHeader header   `xml:"SetNsHeader"`
+}
+
+type getNsResponse struct {
+	XMLName     xml.Name  `xml:"GetNsResponse"`
+	NsContent   nsContent `xml:"NsContent"`
+	GetNsHeader header    `xml:"GetNsHeader"`
+}
+
+type nsContent struct {
+	Host   []string `xml:"Host"`
+	NsName string   `xml:"NsName"`
+}
+
+func (c *dynadotProvider) getNameservers(domain string) ([]string, error) {
+	var bodyString, err = c.get("get_ns", requestParams{"domain": domain})
+	if err != nil {
+		return []string{}, fmt.Errorf("failed NS list (Dynadot): %s", err)
+	}
+	var ns getNsResponse
+	xml.Unmarshal(bodyString, &ns)
+
+	if ns.GetNsHeader.SuccessCode != 0 {
+		return []string{}, fmt.Errorf("failed NS list (Dynadot): %s", ns.GetNsHeader.Error)
+	}
+
+	hosts := []string{}
+	hosts = append(hosts, ns.NsContent.Host...)
+	return hosts, nil
+}
+
+func (c *dynadotProvider) updateNameservers(ns []string, domain string) error {
+	if len(ns) > 13 {
+		return fmt.Errorf("failed NS update (Dynadot): only up to 13 nameservers are supported")
+	}
+
+	// Nameservers must first be added to the Dynadot account
+	for _, host := range ns {
+		b, err := c.get("add_ns", requestParams{"host": host})
+		if err != nil {
+			return fmt.Errorf("failed NS add (Dynadot): %s", err)
+		}
+		var resp addNsResponse
+		err = xml.Unmarshal(b, &resp)
+		if err != nil {
+			return fmt.Errorf("failed NS add (Dynadot): %s", err)
+		}
+
+		if resp.AddNsHeader.SuccessCode != 0 {
+			// No apparent way to get all existing entries on an account, so filter
+			if strings.Contains(resp.AddNsHeader.Error, "already exists") {
+				continue
+			}
+			return fmt.Errorf("failed NS add (Dynadot): %s", resp.AddNsHeader.Error)
+
+		}
+	}
+
+	rec := requestParams{}
+	rec["domain"] = domain
+	// supported prams: ns0 - ns12
+	for i, h := range ns {
+		rec[fmt.Sprintf("%s%d", "ns", i)] = h
+	}
+
+	b, err := c.get("set_ns", rec)
+	if err != nil {
+		return fmt.Errorf("failed NS set (Dynadot): %s", err)
+	}
+
+	var resp setNsResponse
+	err = xml.Unmarshal(b, &resp)
+	if err != nil {
+		return fmt.Errorf("failed NS add (Dynadot): %s", err)
+	}
+
+	if resp.SetNsHeader.SuccessCode != 0 {
+		return fmt.Errorf("failed NS add (Dynadot): %s", resp.SetNsHeader.Error)
+	}
+
+	return nil
+}
+
+func (c *dynadotProvider) get(command string, params requestParams) ([]byte, error) {
+	client := &http.Client{}
+	req, _ := http.NewRequest("GET", "https://api.dynadot.com/api3.xml", nil)
+	q := req.URL.Query()
+
+	q.Add("key", c.key)
+	q.Add("command", command)
+
+	for pName, pValue := range params {
+		q.Add(pName, pValue)
+	}
+
+	req.URL.RawQuery = q.Encode()
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return []byte{}, err
+	}
+
+	return io.ReadAll(resp.Body)
+}
diff --git a/providers/dynadot/dynadotProvider.go b/providers/dynadot/dynadotProvider.go
new file mode 100644
index 0000000000..48d0c622f0
--- /dev/null
+++ b/providers/dynadot/dynadotProvider.go
@@ -0,0 +1,62 @@
+package dynadot
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+)
+
+/*
+
+Dynadot Registrator:
+
+Info required in `creds.json`:
+   - key API Key
+
+*/
+
+func init() {
+	providers.RegisterRegistrarType("DYNADOT", newDynadot)
+}
+
+func newDynadot(m map[string]string) (providers.Registrar, error) {
+	d := &dynadotProvider{}
+
+	d.key = m["key"]
+	if d.key == "" {
+		return nil, fmt.Errorf("missing Dynadot key")
+	}
+
+	return d, nil
+}
+
+func (c *dynadotProvider) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
+	nss, err := c.getNameservers(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+	foundNameservers := strings.Join(nss, ",")
+
+	expected := []string{}
+	for _, ns := range dc.Nameservers {
+		name := strings.TrimRight(ns.Name, ".")
+		expected = append(expected, name)
+	}
+	sort.Strings(expected)
+	expectedNameservers := strings.Join(expected, ",")
+
+	if foundNameservers != expectedNameservers {
+		return []*models.Correction{
+			{
+				Msg: fmt.Sprintf("Update nameservers (%s) -> (%s)", foundNameservers, expectedNameservers),
+				F: func() error {
+					return c.updateNameservers(expected, dc.Name)
+				},
+			},
+		}, nil
+	}
+	return nil, nil
+}

From d4545c1f4a0e54c4e1faa84438162e0f09948c0b Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 2 Jan 2024 23:11:44 +0100
Subject: [PATCH 102/438] DOCS: Added GoDaddy as requested provider (#2729)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/documentation/providers.md b/documentation/providers.md
index 603efcacf3..8d91d042b8 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -159,6 +159,7 @@ code to support this provider, we'd be glad to help in any way.
 * [CoreDNS](https://github.com/StackExchange/dnscontrol/issues/1284) (#1284)
 * [EU.ORG](https://github.com/StackExchange/dnscontrol/issues/1176) (#1176)
 * [EnCirca](https://github.com/StackExchange/dnscontrol/issues/1048) (#1048)
+* [GoDaddy](https://github.com/StackExchange/dnscontrol/issues/2596) (#2596)
 * [Imperva](https://github.com/StackExchange/dnscontrol/issues/1484) (#1484)
 * [Infoblox DNS](https://github.com/StackExchange/dnscontrol/issues/1077) (#1077)
 * [Joker.com](https://github.com/StackExchange/dnscontrol/issues/854) (#854)

From 427025997ce0ca6089569e98e445d61f50c5f8e5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 2 Jan 2024 19:54:52 -0500
Subject: [PATCH 103/438] Build(deps): Bump alpine from 3.18.5 to 3.19.0
 (#2752)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 7d9c386e67..52a8ff8f88 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.18.5@sha256:34871e7290500828b39e22294660bee86d966bc0017544e848dd9a255cdf59e0 as RUN
+FROM alpine:3.19.0@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48 as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From b71fd634b9b3d39285c8e244e23108c2ba4b7313 Mon Sep 17 00:00:00 2001
From: asn-iac <134323752+asn-iac@users.noreply.github.com>
Date: Wed, 3 Jan 2024 11:14:38 -0800
Subject: [PATCH 104/438] GCLOUD: display all correction messages affecting
 same label + type in a zone (#2759)

---
 providers/gcloud/gcloudProvider.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 31f6e7f4d2..1eba0fff03 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -280,13 +280,25 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 
 	changedKeys := map[key]string{}
 	for _, c := range create {
-		changedKeys[keyForRec(c.Desired)] = fmt.Sprintln(c)
+		msg := fmt.Sprintln(c)
+		if k, ok := changedKeys[keyForRec(c.Desired)]; ok {
+			msg = strings.Join([]string{k, msg}, "")
+		}
+		changedKeys[keyForRec(c.Desired)] = msg
 	}
 	for _, d := range toDelete {
-		changedKeys[keyForRec(d.Existing)] = fmt.Sprintln(d)
+		msg := fmt.Sprintln(d)
+		if k, ok := changedKeys[keyForRec(d.Existing)]; ok {
+			msg = strings.Join([]string{k, msg}, "")
+		}
+		changedKeys[keyForRec(d.Existing)] = msg
 	}
 	for _, m := range modify {
-		changedKeys[keyForRec(m.Existing)] = fmt.Sprintln(m)
+		msg := fmt.Sprintln(m)
+		if k, ok := changedKeys[keyForRec(m.Existing)]; ok {
+			msg = strings.Join([]string{k, msg}, "")
+		}
+		changedKeys[keyForRec(m.Existing)] = msg
 	}
 	if len(changedKeys) == 0 {
 		return nil, nil

From 9873f9f4b2fece7a46053eaa375fe24070971e09 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 4 Jan 2024 16:46:36 +0100
Subject: [PATCH 105/438] CICD: GoReleaser version #2 (#2761)

---
 .github/workflows/pr_test.yml        | 24 ++++-----------
 .github/workflows/release_draft.yml  | 13 --------
 .goreleaser.yml                      |  3 +-
 build/build.go                       |  3 +-
 commands/commands.go                 |  7 +----
 commands/writeTypes.go               |  8 +++--
 main.go                              | 13 ++------
 pkg/version/version.go               | 44 ----------------------------
 providers/hexonet/hexonetProvider.go |  8 +++--
 9 files changed, 25 insertions(+), 98 deletions(-)
 delete mode 100644 pkg/version/version.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index f2b8924f0f..90416eaefb 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -11,12 +11,16 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
-    container:
-      image: golang:1.21
     env:
       TEST_RESULTS: "/tmp/test-results"
     steps:
     - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set up Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: stable
     - name: restore_cache
       uses: actions/cache@v3.3.2
       with:
@@ -39,16 +43,6 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
-# For some reason goreleaser isn't correctly setting the version
-# string used by "dnscontrol version".  Therefore, we're forcing the
-# string using the GORELEASER_CURRENT_TAG feature.
-# TODO(tlim): Use the native gorelease version mechanism.
-    - name: Retrieve version
-      id: version
-      run: |
-        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe)" >> $GITHUB_OUTPUT
-    - name: Reveal version
-      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_tagged
       name: Build binaries (if tagged)
@@ -58,19 +52,13 @@ jobs:
         distribution: goreleaser
         version: latest
         args: build
-      env:
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
     -
       id: build_binaries_not_tagged
       name: Build binaries (not tagged)
       if: github.ref_type != 'tag'
       uses: goreleaser/goreleaser-action@v5
       with:
-        distribution: goreleaser
-        version: latest
         args: build --snapshot
-      env:
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
   integration-test-providers:
     needs: build
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index d87e0cdc26..30f5d50076 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -49,18 +49,6 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
-# For some reason goreleaser isn't correctly setting the version
-# string used by "dnscontrol version".  Therefore, we're forcing the
-# string using the GORELEASER_CURRENT_TAG feature.
-# TODO(tlim): Use the native gorelease version mechanism.
-
-    - name: Retrieve version
-      id: version
-      run: |
-        echo "TAG_NAME=$(git config --global --add safe.directory /__w/dnscontrol/dnscontrol ; git describe --tags)" >> $GITHUB_OUTPUT
-
-    - name: Reveal version
-      run: echo ${{ steps.version.outputs.TAG_NAME }}
     -
       id: release
       name: Goreleaser release
@@ -71,4 +59,3 @@ jobs:
         args: release
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        GORELEASER_CURRENT_TAG: ${{ steps.version.outputs.TAG_NAME }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index d1b1ffd2e0..51a961c844 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -18,7 +18,8 @@ builds:
       - goos: freebsd
         goarch: "386"
     ldflags:
-      - -linkmode=internal -s -w -X main.Version="{{ .Version }}" -X main.SHA="{{ .FullCommit }}" -X main.BuildTime={{ .Timestamp }}
+      - -linkmode=internal -s -w
+      - -X main.version={{ .Version }}
 before:
   hooks:
     - go fmt ./...
diff --git a/build/build.go b/build/build.go
index 736618f3c3..6a5af6a10b 100644
--- a/build/build.go
+++ b/build/build.go
@@ -7,7 +7,6 @@ import (
 	"os"
 	"os/exec"
 	"strings"
-	"time"
 )
 
 var sha = flag.String("sha", "", "SHA of current commit")
@@ -16,7 +15,7 @@ var goos = flag.String("os", "", "OS to build (linux, windows, or darwin) Defaul
 
 func main() {
 	flag.Parse()
-	flags := fmt.Sprintf(`-s -w -X "main.SHA=%s" -X main.BuildTime=%d`, getVersion(), time.Now().Unix())
+	flags := fmt.Sprintf(`-s -w -X "main.version=%s"`, getVersion())
 	pkg := "github.com/StackExchange/dnscontrol/v4"
 
 	build := func(out, goos string) {
diff --git a/commands/commands.go b/commands/commands.go
index 1375917237..b46355b4f9 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -25,11 +25,6 @@ const (
 
 var commands = []*cli.Command{}
 
-// These are set by/for goreleaser
-var (
-	version = "dev"
-)
-
 func cmd(cat string, c *cli.Command) bool {
 	c.Category = cat
 	commands = append(commands, c)
@@ -52,7 +47,7 @@ func Run(v string) int {
 	app.Version = version
 	app.Name = "dnscontrol"
 	app.HideVersion = true
-	app.Usage = "dnscontrol is a compiler and DSL for managing dns zones"
+	app.Usage = "DNSControl is a compiler and DSL for managing dns zones"
 	app.Flags = []cli.Flag{
 		&cli.BoolFlag{
 			Name:        "v",
diff --git a/commands/writeTypes.go b/commands/writeTypes.go
index 3a8adedcd1..165952783e 100644
--- a/commands/writeTypes.go
+++ b/commands/writeTypes.go
@@ -4,10 +4,14 @@ import (
 	_ "embed" // Required by go:embed
 	"os"
 
-	versionInfo "github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/urfave/cli/v2"
 )
 
+// GoReleaser: version
+var (
+	version = "dev"
+)
+
 var _ = cmd(catUtils, func() *cli.Command {
 	var args TypesArgs
 	return &cli.Command{
@@ -50,7 +54,7 @@ func WriteTypes(args TypesArgs) error {
 
 	file.WriteString("// This file was automatically generated by DNSControl. Do not edit it directly.\n")
 	file.WriteString("// To update it, run `dnscontrol write-types`.\n\n")
-	file.WriteString("// DNSControl version: " + versionInfo.Banner() + "\n")
+	file.WriteString("// " + version + "\n")
 	file.WriteString(dtsContent)
 	if err != nil {
 		return err
diff --git a/main.go b/main.go
index c86971cb88..9feb5b327e 100644
--- a/main.go
+++ b/main.go
@@ -2,12 +2,10 @@ package main
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"runtime/debug"
 
 	"github.com/StackExchange/dnscontrol/v4/commands"
-	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/_all"
 	"github.com/fatih/color"
 )
@@ -17,22 +15,17 @@ import (
 // Version management. Goals:
 // 1. Someone who just does "go get" has at least some information.
 // 2. If built with build/build.go, more specific build information gets put in.
+// GoReleaser: version
 var (
-	SHA       = ""
-	Version   = ""
-	BuildTime = ""
+	version = "dev"
 )
 
 func main() {
-	version.SHA = SHA
-	version.Semver = Version
-	version.BuildTime = BuildTime
 	if os.Getenv("CI") == "true" {
 		color.NoColor = false
 	}
-	log.SetFlags(log.LstdFlags | log.Lshortfile)
 	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
 		fmt.Fprint(os.Stderr, "Warning: dnscontrol was built without Go modules. See https://docs.dnscontrol.org/getting-started/getting-started#source for more information on how to build dnscontrol correctly.\n\n")
 	}
-	os.Exit(commands.Run("dnscontrol " + version.Banner()))
+	os.Exit(commands.Run("DNSControl " + version))
 }
diff --git a/pkg/version/version.go b/pkg/version/version.go
deleted file mode 100644
index 2bba701a01..0000000000
--- a/pkg/version/version.go
+++ /dev/null
@@ -1,44 +0,0 @@
-package version
-
-import (
-	"fmt"
-	"runtime/debug"
-	"strconv"
-	"time"
-)
-
-// NOTE: main() updates these.
-var (
-	BuildTime = ""
-	SHA       = ""
-	Semver    = ""
-)
-
-var versionCache string
-
-// Banner returns the version banner.
-func Banner() string {
-	if versionCache != "" {
-		return versionCache
-	}
-
-	var version string
-	if SHA != "" {
-		version = fmt.Sprintf("%s (%s)", Semver, SHA)
-	} else {
-		version = fmt.Sprintf("%s-dev", Semver) // no SHA. '0.x.y-dev' indicates it is run from source without build script.
-	}
-	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
-		version += " (non-modules)"
-	}
-	if BuildTime != "" {
-		i, err := strconv.ParseInt(BuildTime, 10, 64)
-		if err == nil {
-			tm := time.Unix(i, 0)
-			version += fmt.Sprintf(" built %s", tm.Format(time.RFC822))
-		}
-	}
-
-	versionCache = version
-	return version
-}
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index 1784f11909..a45c2e39cb 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -5,11 +5,15 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/StackExchange/dnscontrol/v4/pkg/version"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	hxcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3/apiclient"
 )
 
+// GoReleaser: version
+var (
+	version = "dev"
+)
+
 // HXClient describes a connection to the hexonet API.
 type HXClient struct {
 	APILogin    string
@@ -36,7 +40,7 @@ func newProvider(conf map[string]string) (*HXClient, error) {
 	api := &HXClient{
 		client: hxcl.NewAPIClient(),
 	}
-	api.client.SetUserAgent("DNSControl", version.Banner())
+	api.client.SetUserAgent("DNSControl", version)
 	api.APILogin, api.APIPassword, api.APIEntity = conf["apilogin"], conf["apipassword"], conf["apientity"]
 	if conf["debugmode"] == "1" {
 		api.client.EnableDebugMode()

From db75e84e0375af233330f79d936993959c181c14 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 5 Jan 2024 07:49:36 -0500
Subject: [PATCH 106/438] GCLOUD: Re-implement GetZoneRecordsCorrections using
 ByRecordSet (#2762)

---
 integrationTest/integration_test.go |  17 ++
 providers/gcloud/gcloudProvider.go  | 307 +++++++++++++---------------
 2 files changed, 163 insertions(+), 161 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index da4622292a..d186c63287 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1317,6 +1317,23 @@ func makeTests(t *testing.T) []*TestGroup {
 			tc("Update 1200 records", manyA("rec%04d", "1.2.3.5", 1200)...),
 		),
 
+		// Test the boundaries of Google' batch system.
+		// 1200 is used because it is larger than batchMax.
+		// https://github.com/StackExchange/dnscontrol/pull/2762#issuecomment-1877825559
+		testgroup("batchRecordswithOthers",
+			only(
+				"GCLOUD",
+			),
+			tc("1200 records",
+				manyA("rec%04d", "1.2.3.4", 1200)...),
+			tc("Update 1200 records and Create others", append(
+				manyA("arec%04d", "1.2.3.4", 1200),
+				manyA("rec%04d", "1.2.3.5", 1200)...)...),
+			tc("Update 1200 records and Create and Delete others", append(
+				manyA("rec%04d", "1.2.3.4", 1200),
+				manyA("zrec%04d", "1.2.3.4", 1200)...)...),
+		),
+
 		//// CanUse* types:
 
 		// Narrative: Many DNS record types are optional.  If the provider
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 1eba0fff03..c1f4b590c5 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -10,7 +10,7 @@ import (
 	"time"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
-	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/StackExchange/dnscontrol/v4/providers"
@@ -60,9 +60,6 @@ type gcloudProvider struct {
 	project       string
 	nameServerSet *string
 	zones         map[string]*gdns.ManagedZone
-	// For use with diff / NewComnpat()
-	oldRRsMap   map[string]map[key]*gdns.ResourceRecordSet
-	zoneNameMap map[string]string
 	// provider metadata fields
 	Visibility string   `json:"visibility"`
 	Networks   []string `json:"networks"`
@@ -112,8 +109,6 @@ func New(cfg map[string]string, metadata json.RawMessage) (providers.DNSServiceP
 		client:        dcli,
 		nameServerSet: nss,
 		project:       cfg["project_id"],
-		oldRRsMap:     map[string]map[key]*gdns.ResourceRecordSet{},
-		zoneNameMap:   map[string]string{},
 	}
 	if len(metadata) != 0 {
 		err := json.Unmarshal(metadata, g)
@@ -207,9 +202,6 @@ type key struct {
 func keyFor(r *gdns.ResourceRecordSet) key {
 	return key{Type: r.Type, Name: r.Name}
 }
-func keyForRec(r *models.RecordConfig) key {
-	return key{Type: r.Type, Name: r.GetLabelFQDN() + "."}
-}
 
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (g *gcloudProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
@@ -218,7 +210,7 @@ func (g *gcloudProvider) GetZoneRecords(domain string, meta map[string]string) (
 }
 
 func (g *gcloudProvider) getZoneSets(domain string) (models.Records, error) {
-	rrs, zoneName, err := g.getRecords(domain)
+	rrs, err := g.getRecords(domain)
 	if err != nil {
 		return nil, err
 	}
@@ -237,175 +229,168 @@ func (g *gcloudProvider) getZoneSets(domain string) (models.Records, error) {
 		}
 	}
 
-	g.oldRRsMap[domain] = oldRRs
-	g.zoneNameMap[domain] = zoneName
-
 	return existingRecords, err
 }
 
-type msgs struct {
-	Additions, Deletions []string
-}
+// GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
+func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 
-type orderedChanges struct {
-	Change *gdns.Change
-	Msgs   msgs
-}
+	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+	if len(changes) == 0 {
+		return nil, nil
+	}
+
+	var corrections []*models.Correction
+	batch := &gdns.Change{Kind: "dns#change"}
+	var accumlatedMsgs []string
+	var newMsgs []string
+	var newAdds, newDels *gdns.ResourceRecordSet
+
+	for _, change := range changes {
+
+		// Determine the work to be done.
+		n := change.Key.NameFQDN + "."
+		ty := change.Key.Type
+		switch change.Type {
+		case diff2.REPORT:
+			newMsgs = change.Msgs
+			newAdds = nil
+			newDels = nil
+		case diff2.CREATE:
+			newMsgs = change.Msgs
+			newAdds = mkRRSs(n, ty, change.New)
+			newDels = nil
+		case diff2.CHANGE:
+			newMsgs = change.Msgs
+			newAdds = mkRRSs(n, ty, change.New)
+			newDels = mkRRSs(n, ty, change.Old)
+		case diff2.DELETE:
+			newMsgs = change.Msgs
+			newAdds = nil
+			newDels = mkRRSs(n, ty, change.Old)
+		default:
+			return nil, fmt.Errorf("GCLOUD unhandled change.TYPE %s", change.Type)
+		}
+
+		// If the work would overflow the current batch, process what we have so far and start a new batch.
+		if wouldOverfill(batch, newAdds, newDels) {
+			// Process what we have.
+			corrections = g.mkCorrection(corrections, accumlatedMsgs, batch, dc.Name)
+
+			// Start a new batch.
+			batch = &gdns.Change{Kind: "dns#change"}
+			accumlatedMsgs = nil
+		}
+
+		// Add the new work to the batch.
+		if newAdds != nil {
+			batch.Additions = append(batch.Additions, newAdds)
+		}
+		if newDels != nil {
+			batch.Deletions = append(batch.Deletions, newDels)
+		}
+		if len(newMsgs) != 0 {
+			accumlatedMsgs = append(accumlatedMsgs, newMsgs...)
+		}
+
+	}
 
-type correctionValues struct {
-	Change *gdns.Change
-	Msgs   string
+	// Process the remaining work.
+	corrections = g.mkCorrection(corrections, accumlatedMsgs, batch, dc.Name)
+	return corrections, nil
 }
 
-// GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	oldRRs, ok := g.oldRRsMap[dc.Name]
-	if !ok {
-		return nil, fmt.Errorf("oldRRsMap: no zone named %q", dc.Name)
+// mkRRSs returns a gdns.ResourceRecordSet using the name, rType, and recs
+func mkRRSs(name, rType string, recs models.Records) *gdns.ResourceRecordSet {
+	if len(recs) == 0 { // NB(tlim): This is defensive. mkRRSs is never called with an empty list.
+		return nil
 	}
-	zoneName, ok := g.zoneNameMap[dc.Name]
-	if !ok {
-		return nil, fmt.Errorf("zoneNameMap: no zone named %q", dc.Name)
+
+	newRRS := &gdns.ResourceRecordSet{
+		Name: name,
+		Type: rType,
+		Kind: "dns#resourceRecordSet",
+		Ttl:  int64(recs[0].TTL), // diff2 assures all TTLs in a ReceordSet are the same.
 	}
 
-	// first collect keys that have changed
-	toReport, create, toDelete, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
-	if err != nil {
-		return nil, fmt.Errorf("incdiff error: %w", err)
+	for _, r := range recs {
+		newRRS.Rrdatas = append(newRRS.Rrdatas, r.GetTargetCombinedFunc(txtutil.EncodeQuoted))
 	}
-	// Start corrections with the reports
-	corrections := diff.GenerateMessageCorrections(toReport)
 
-	// Now generate all other corrections
+	return newRRS
+}
 
-	changedKeys := map[key]string{}
-	for _, c := range create {
-		msg := fmt.Sprintln(c)
-		if k, ok := changedKeys[keyForRec(c.Desired)]; ok {
-			msg = strings.Join([]string{k, msg}, "")
-		}
-		changedKeys[keyForRec(c.Desired)] = msg
+// wouldOverfill returns true if adding this work would overflow the batch.
+func wouldOverfill(batch *gdns.Change, adds, dels *gdns.ResourceRecordSet) bool {
+	const batchMax = 1000
+	// Google used to document batchMax = 1000.  As of 2024-01 the max isn't
+	// documented but testing shows it rejects if either Additions or Deletions
+	// are >3000.  Setting this to 3001 makes the batchRecordswithOthers
+	// integration test fail.
+	// It is currently set to 1000 because (1) its the last documented max,
+	// (2) changes of more than 1000 RSets is rare; we'd rather be correct and
+	// working than broken and efficient.
+
+	addCount := 0
+	if adds != nil {
+		addCount = len(adds.Rrdatas)
 	}
-	for _, d := range toDelete {
-		msg := fmt.Sprintln(d)
-		if k, ok := changedKeys[keyForRec(d.Existing)]; ok {
-			msg = strings.Join([]string{k, msg}, "")
-		}
-		changedKeys[keyForRec(d.Existing)] = msg
+	delCount := 0
+	if dels != nil {
+		delCount = len(dels.Rrdatas)
 	}
-	for _, m := range modify {
-		msg := fmt.Sprintln(m)
-		if k, ok := changedKeys[keyForRec(m.Existing)]; ok {
-			msg = strings.Join([]string{k, msg}, "")
-		}
-		changedKeys[keyForRec(m.Existing)] = msg
+
+	if (len(batch.Additions) + addCount) > batchMax { // Would additions push us over the limit?
+		return true
 	}
-	if len(changedKeys) == 0 {
-		return nil, nil
+	if (len(batch.Deletions) + delCount) > batchMax { // Would deletions push us over the limit?
+		return true
 	}
-	chg := orderedChanges{Change: &gdns.Change{}, Msgs: msgs{}}
-	// create slices of Deletions and Additions
-	// that can be split into properly ordered batches
-	// if necessary.  Retain the string messages from
-	// differ in the same order
-	for ck, msg := range changedKeys {
-		newRRs := &gdns.ResourceRecordSet{
-			Name: ck.Name,
-			Type: ck.Type,
-			Kind: "dns#resourceRecordSet",
-		}
-		for _, r := range dc.Records {
-			if keyForRec(r) == ck {
-				newRRs.Rrdatas = append(newRRs.Rrdatas, r.GetTargetCombinedFunc(txtutil.EncodeQuoted))
-				newRRs.Ttl = int64(r.TTL)
-			}
-		}
-		if len(newRRs.Rrdatas) > 0 {
-			// if we have Rrdatas because the key from differ
-			// exists in normalized config,
-			// check whether the key also has data in oldRRs.
-			// if so, this is actually a modify operation, insert
-			// the Addition and Deletion at the beginning of the slices
-			// to ensure they are executed in the same batch
-			if old, ok := oldRRs[ck]; ok {
-				chg.Change.Additions = append([]*gdns.ResourceRecordSet{newRRs}, chg.Change.Additions...)
-				chg.Change.Deletions = append([]*gdns.ResourceRecordSet{old}, chg.Change.Deletions...)
-				chg.Msgs.Additions = append([]string{msg}, chg.Msgs.Additions...)
-				chg.Msgs.Deletions = append([]string{""}, chg.Msgs.Deletions...)
-			} else {
-				// otherwise this is a pure Addition
-				chg.Change.Additions = append(chg.Change.Additions, newRRs)
-				chg.Msgs.Additions = append(chg.Msgs.Additions, msg)
-			}
-		} else {
-			// there is no Rrdatas from normalized config for this key.
-			// it must be a Deletion, use the ResourceRecordSet from
-			// oldRRs
-			if old, ok := oldRRs[ck]; ok {
-				chg.Change.Deletions = append(chg.Change.Deletions, old)
-				chg.Msgs.Deletions = append(chg.Msgs.Deletions, msg)
-			}
-		}
+	return false
+}
+
+func (g *gcloudProvider) mkCorrection(corrections []*models.Correction, accumulatedMsgs []string, batch *gdns.Change, origin string) []*models.Correction {
+	if len(accumulatedMsgs) == 0 && len(batch.Additions) == 0 && len(batch.Deletions) == 0 {
+		// Nothing to do!
+		return corrections
 	}
 
-	// create a slice of Changes in batches of at most
-	// 1000 Deletions and 1000 Additions per Change.
-	// create a slice of strings that aligns with the batch
-	// to output with each correction/Change
-	const batchMax = 1000
-	setBatchLen := func(len int) int {
-		if len > batchMax {
-			return batchMax
-		}
-		return len
-	}
-	chgSet := []correctionValues{}
-	for len(chg.Change.Deletions) > 0 {
-		b := setBatchLen(len(chg.Change.Deletions))
-		chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Deletions: chg.Change.Deletions[:b:b], Kind: "dns#change"}, Msgs: strings.Join(chg.Msgs.Deletions[:b:b], "")})
-		chg.Change.Deletions = chg.Change.Deletions[b:]
-		chg.Msgs.Deletions = chg.Msgs.Deletions[b:]
-	}
-	for i := 0; len(chg.Change.Additions) > 0; i++ {
-		b := setBatchLen(len(chg.Change.Additions))
-		if len(chgSet) == i {
-			chgSet = append(chgSet, correctionValues{Change: &gdns.Change{Additions: chg.Change.Additions[:b:b], Kind: "dns#change"}, Msgs: strings.Join(chg.Msgs.Additions[:b:b], "")})
-		} else {
-			chgSet[i].Change.Additions = chg.Change.Additions[:b:b]
-			chgSet[i].Msgs += strings.Join(chg.Msgs.Additions[:b:b], "")
-		}
-		chg.Change.Additions = chg.Change.Additions[b:]
-		chg.Msgs.Additions = chg.Msgs.Additions[b:]
-	}
-	// create a Correction for each gdns.Change
-	// that needs to be executed
-	makeCorrection := func(chg *gdns.Change, msgs string) {
-		runChange := func() error {
-		retry:
-			resp, err := g.client.Changes.Create(g.project, zoneName, chg).Do()
-			var check *googleapi.ServerResponse
-			if resp != nil {
-				check = &resp.ServerResponse
-			}
-			if retryNeeded(check, err) {
-				goto retry
-			}
-			if err != nil {
-				return fmt.Errorf("runChange error: %w", err)
-			}
-			return nil
-		}
-		corrections = append(corrections,
-			&models.Correction{
-				Msg: strings.TrimSuffix(msgs, "\n"),
-				F:   runChange,
-			})
+	corr := &models.Correction{}
+	if len(accumulatedMsgs) != 0 {
+		corr.Msg = strings.Join(accumulatedMsgs, "\n")
 	}
-	for _, v := range chgSet {
-		makeCorrection(v.Change, v.Msgs)
+	if (len(batch.Additions) + len(batch.Deletions)) != 0 {
+		corr.F = func() error { return g.process(origin, batch) }
 	}
 
-	return corrections, nil
+	corrections = append(corrections, corr)
+	return corrections
+}
+
+// process calls the Google DNS API to process a Change and re-tries if needed.
+func (g *gcloudProvider) process(origin string, batch *gdns.Change) error {
+
+	zoneName, err := g.getZone(origin)
+	if err != nil || zoneName == nil {
+		return fmt.Errorf("zoneNameMap: no zone named %q", origin)
+	}
+
+retry:
+	resp, err := g.client.Changes.Create(g.project, zoneName.Name, batch).Do()
+	var check *googleapi.ServerResponse
+	if resp != nil {
+		check = &resp.ServerResponse
+	}
+	if retryNeeded(check, err) {
+		goto retry
+	}
+	if err != nil {
+		return fmt.Errorf("runChange error: %w", err)
+	}
+	return nil
 }
 
 func nativeToRecord(set *gdns.ResourceRecordSet, rec, origin string) (*models.RecordConfig, error) {
@@ -420,10 +405,10 @@ func nativeToRecord(set *gdns.ResourceRecordSet, rec, origin string) (*models.Re
 	return r, nil
 }
 
-func (g *gcloudProvider) getRecords(domain string) ([]*gdns.ResourceRecordSet, string, error) {
+func (g *gcloudProvider) getRecords(domain string) ([]*gdns.ResourceRecordSet, error) {
 	zone, err := g.getZone(domain)
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}
 	pageToken := ""
 	sets := []*gdns.ResourceRecordSet{}
@@ -442,7 +427,7 @@ func (g *gcloudProvider) getRecords(domain string) ([]*gdns.ResourceRecordSet, s
 			goto retry
 		}
 		if err != nil {
-			return nil, "", err
+			return nil, err
 		}
 		for _, rrs := range resp.Rrsets {
 			if rrs.Type == "SOA" {
@@ -454,7 +439,7 @@ func (g *gcloudProvider) getRecords(domain string) ([]*gdns.ResourceRecordSet, s
 			break
 		}
 	}
-	return sets, zone.Name, nil
+	return sets, nil
 }
 
 func (g *gcloudProvider) EnsureZoneExists(domain string) error {

From 393efcf3c23f298be3c1531fd558ae67ee5b9fc3 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Fri, 5 Jan 2024 13:53:07 +0100
Subject: [PATCH 107/438] CICD: Add GHA trigger for PR workflow of master
 branch (#2764)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 90416eaefb..c6d800ca9f 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -1,5 +1,11 @@
 name: "PR: Run all tests"
 on:
+  # git push origin master:tlim_testpr --force
+  # will trigger a full PR test on the master branch:
+  # https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
+  push:
+    branches:
+      - 'tlim_testpr'
   pull_request:
   workflow_dispatch:
 

From 5daeafc73acc8aaaec5da87265805c6c67fa7a73 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 5 Jan 2024 15:40:35 -0500
Subject: [PATCH 108/438] CICD: Retract v4.8.0 (#2768)

---
 go.mod | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/go.mod b/go.mod
index 2ece4b113d..3baf463bee 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,8 @@ go 1.21
 
 toolchain go1.21.1
 
+retract v4.8.0
+
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0

From 961eaa7862984683d652d03047074f95355b43c9 Mon Sep 17 00:00:00 2001
From: Pascal Mathis <dev@ppmathis.com>
Date: Sat, 6 Jan 2024 15:19:40 +0100
Subject: [PATCH 109/438] NEW PROVIDER: Bunny DNS (#2265) (#2760)

---
 .github/workflows/pr_test.yml          |   5 +-
 .goreleaser.yml                        |   2 +-
 OWNERS                                 |   1 +
 README.md                              |   1 +
 documentation/SUMMARY.md               |   1 +
 documentation/providers.md             |   3 +-
 documentation/providers/bunny_dns.md   |  69 ++++++++
 integrationTest/providers.json         |   5 +
 providers/_all/all.go                  |   1 +
 providers/bunnydns/api.go              | 227 +++++++++++++++++++++++++
 providers/bunnydns/auditrecords.go     |  17 ++
 providers/bunnydns/bunnydnsProvider.go |  61 +++++++
 providers/bunnydns/convert.go          | 161 ++++++++++++++++++
 providers/bunnydns/listzones.go        |  32 ++++
 providers/bunnydns/records.go          | 147 ++++++++++++++++
 15 files changed, 730 insertions(+), 3 deletions(-)
 create mode 100644 documentation/providers/bunny_dns.md
 create mode 100644 providers/bunnydns/api.go
 create mode 100644 providers/bunnydns/auditrecords.go
 create mode 100644 providers/bunnydns/bunnydnsProvider.go
 create mode 100644 providers/bunnydns/convert.go
 create mode 100644 providers/bunnydns/listzones.go
 create mode 100644 providers/bunnydns/records.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index c6d800ca9f..757162cd9c 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -87,7 +87,7 @@ jobs:
         Write-Host "Integration test providers: $Providers"
         echo "integration_test_providers=$(ConvertTo-Json -InputObject $Providers -Compress)" >> $env:GITHUB_OUTPUT
       env:
-        PROVIDERS: "['AZURE_DNS','BIND','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
@@ -106,6 +106,7 @@ jobs:
       # Set it to the domain name to use during the test.
       AZURE_DNS_DOMAIN: ${{ vars.AZURE_DNS_DOMAIN }}
       BIND_DOMAIN: ${{ vars.BIND_DOMAIN }}
+      BUNNY_DNS_DOMAIN: ${{ vars.BUNNY_DNS_DOMAIN }}
       CLOUDFLAREAPI_DOMAIN: ${{ vars.CLOUDFLAREAPI_DOMAIN }}
       CLOUDNS_DOMAIN: ${{ vars.CLOUDNS_DOMAIN }}
       CSCGLOBAL_DOMAIN: ${{ vars.CSCGLOBAL_DOMAIN }}
@@ -129,6 +130,8 @@ jobs:
       AZURE_DNS_SUBSCRIPTION_ID: ${{ secrets.AZURE_DNS_SUBSCRIPTION_ID }}
       AZURE_DNS_TENANT_ID: ${{ secrets.AZURE_DNS_TENANT_ID }}
 
+      BUNNY_DNS_API_KEY: ${{ secrets.BUNNY_DNS_API_KEY }}
+
       CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
       CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
 
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 51a961c844..4761bf861d 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -36,7 +36,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index 973c35f90b..647b0b6e15 100644
--- a/OWNERS
+++ b/OWNERS
@@ -4,6 +4,7 @@ providers/axfrddns @hnrgrgr
 providers/azuredns @vatsalyagoel
 providers/azureprivatedns @matthewmgamble
 providers/bind @tlimoncelli
+providers/bunnydns @ppmathis
 providers/cloudflare @tresni
 providers/cloudns @pragmaton
 providers/cscglobal @mikenz
diff --git a/README.md b/README.md
index 071347b6dc..29a2a46feb 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Currently supported DNS providers:
 - Azure DNS
 - Azure Private DNS
 - BIND
+- Bunny DNS
 - Cloudflare
 - ClouDNS
 - deSEC
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 52e0ea22e4..88dc473889 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -104,6 +104,7 @@
     * [Azure DNS](providers/azure_dns.md)
     * [Azure Private DNS](providers/azure_private_dns.md)
     * [BIND](providers/bind.md)
+    * [Bunny DNS](providers/bunny_dns.md)
     * [Cloudflare](providers/cloudflareapi.md)
     * [ClouDNS](providers/cloudns.md)
     * [CSC Global](providers/cscglobal.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 8d91d042b8..74a8a17d9a 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -20,6 +20,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
+| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ✅ |
 | [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
@@ -110,6 +111,7 @@ Providers in this category and their maintainers are:
 |[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble|
 |[`AKAMAIEDGEDNS`](providers/akamaiedgedns.md)|@svernick|
 |[`AXFRDDNS`](providers/axfrddns.md)|@hnrgrgr|
+|[`BUNNY_DNS`](providers/bunny_dns.md)|@ppmathis|
 |[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
 |[`CLOUDNS`](providers/cloudns.md)|@pragmaton|
 |[`CSCGLOBAL`](providers/cscglobal.md)|@Air-New-Zealand|
@@ -154,7 +156,6 @@ code to support this provider, we'd be glad to help in any way.
 
 * [1984 Hosting](https://github.com/StackExchange/dnscontrol/issues/1251) (#1251)
 * [Alibaba Cloud DNS](https://github.com/StackExchange/dnscontrol/issues/420)(#420)
-* [BunnyDNS](https://github.com/StackExchange/dnscontrol/issues/2265)(#2265)
 * [Constellix (DNSMadeEasy)](https://github.com/StackExchange/dnscontrol/issues/842) (#842)
 * [CoreDNS](https://github.com/StackExchange/dnscontrol/issues/1284) (#1284)
 * [EU.ORG](https://github.com/StackExchange/dnscontrol/issues/1176) (#1176)
diff --git a/documentation/providers/bunny_dns.md b/documentation/providers/bunny_dns.md
new file mode 100644
index 0000000000..65507803f0
--- /dev/null
+++ b/documentation/providers/bunny_dns.md
@@ -0,0 +1,69 @@
+# Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `BUNNY_DNS` along with
+your [Bunny API Key](https://dash.bunny.net/account/settings).
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "bunny_dns": {
+    "TYPE": "BUNNY_DNS",
+    "api_key": "your-bunny-api-key"
+  }
+}
+```
+{% endcode %}
+
+You can also use environment variables:
+
+```shell
+export BUNNY_API_KEY=XXXXXXXXX
+```
+
+{% code title="creds.json" %}
+```json
+{
+  "bunny_dns": {
+    "TYPE": "BUNNY_DNS",
+    "api_key": "$BUNNY_API_KEY"
+  }
+}
+```
+{% endcode %}
+
+## Metadata
+
+This provider does not recognize any special metadata fields unique to Bunny DNS.
+
+## Usage
+
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_BUNNY_DNS = NewDnsProvider("bunny_dns");
+
+D("example.com", REG_NONE, DnsProvider(DSP_BUNNY_DNS),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}
+
+# Activation
+
+DNSControl depends on the [Bunny API](https://docs.bunny.net/reference/bunnynet-api-overview) to manage your DNS
+records. You will need to generate an [API key](https://dash.bunny.net/account/settings) to use this provider.
+
+## New domains
+
+If a domain does not exist in your Bunny account, DNSControl will automatically add it with the `push` command.
+
+## Caveats
+
+- Bunny DNS does not support dual-hosting or configuring custom TTLs for NS records on the zone apex.
+- While custom nameservers are properly recognized by this provider, it is currently not possible to configure them.
+- Any custom record types like Script, Redirect, Flatten or Pull Zone are currently not supported by this provider. Such
+  records will be completely ignored by DNSControl and left as-is.
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index ac55cbe51c..c8b9eed3f7 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -38,6 +38,11 @@
     "TYPE": "BIND",
     "domain": "$BIND_DOMAIN"
   },
+  "BUNNY_DNS": {
+    "TYPE": "BUNNY_DNS",
+    "domain": "$BUNNY_DNS_DOMAIN",
+    "api_key": "$BUNNY_DNS_API_KEY"
+  },
   "CLOUDFLAREAPI": {
     "TYPE": "CLOUDFLAREAPI",
     "accountid": "$CLOUDFLAREAPI_ACCOUNTID",
diff --git a/providers/_all/all.go b/providers/_all/all.go
index 2a04d320c0..73013d339d 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -9,6 +9,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/azuredns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/azureprivatedns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/bind"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/bunnydns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudflare"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cscglobal"
diff --git a/providers/bunnydns/api.go b/providers/bunnydns/api.go
new file mode 100644
index 0000000000..f7c2629887
--- /dev/null
+++ b/providers/bunnydns/api.go
@@ -0,0 +1,227 @@
+package bunnydns
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"golang.org/x/exp/slices"
+	"io"
+	"net/http"
+	"strconv"
+)
+
+const (
+	baseURL  = "https://api.bunny.net"
+	pageSize = 100
+)
+
+type zone struct {
+	ID          int64  `json:"Id"`
+	Domain      string `json:"Domain"`
+	Nameserver1 string `json:"Nameserver1"`
+	Nameserver2 string `json:"Nameserver2"`
+}
+
+func (zone *zone) Nameservers() []string {
+	return []string{zone.Nameserver1, zone.Nameserver2}
+}
+
+type record struct {
+	ID       int64      `json:"Id,omitempty"`
+	Type     recordType `json:"Type"`
+	Name     string     `json:"Name"`
+	Value    string     `json:"Value"`
+	Disabled bool       `json:"Disabled"`
+	TTL      uint32     `json:"Ttl"`
+	Flags    uint8      `json:"Flags"`
+	Priority uint16     `json:"Priority"`
+	Weight   uint16     `json:"Weight"`
+	Port     uint16     `json:"Port"`
+	Tag      string     `json:"Tag"`
+}
+
+type listZonesResponse struct {
+	Items        []zone `json:"Items"`
+	TotalItems   int32  `json:"TotalItems"`
+	HasMoreItems bool   `json:"HasMoreItems"`
+}
+
+type getZoneResponse struct {
+	zone
+	Records []record `json:"Records"`
+}
+
+type queryParams map[string]string
+
+func (b *bunnydnsProvider) getImplicitRecordConfigs(zone *zone) (models.Records, error) {
+	nameservers := zone.Nameservers()
+	records := make(models.Records, 0, len(nameservers))
+
+	// NS records on the zone apex must be implicitly added, as Bunny DNS does not expose them via API
+	for _, ns := range nameservers {
+		rc := &models.RecordConfig{
+			Type:     "NS",
+			Original: &record{},
+		}
+		rc.SetLabelFromFQDN(zone.Domain, zone.Domain)
+		if err := rc.SetTarget(ns + "."); err != nil {
+			return nil, err
+		}
+
+		records = append(records, rc)
+	}
+
+	return records, nil
+}
+
+func (b *bunnydnsProvider) findZoneByDomain(domain string) (*zone, error) {
+	if b.zones == nil {
+		zones, err := b.getAllZones()
+		if err != nil {
+			return nil, err
+		}
+
+		b.zones = make(map[string]*zone, len(zones))
+		for _, zone := range zones {
+			b.zones[zone.Domain] = zone
+		}
+	}
+
+	zone, ok := b.zones[domain]
+	if !ok {
+		return nil, fmt.Errorf("%q is not a zone in this BUNNY_DNS account", domain)
+	}
+
+	return zone, nil
+}
+
+func (b *bunnydnsProvider) getAllZones() ([]*zone, error) {
+	var zones []*zone
+	page := 1
+
+	for {
+		res := listZonesResponse{}
+		query := queryParams{"page": strconv.Itoa(page), "perPage": strconv.Itoa(pageSize)}
+		if err := b.request("GET", "/dnszone", query, nil, &res, nil); err != nil {
+			return nil, fmt.Errorf("could not fetch zones: %w", err)
+		}
+
+		if zones == nil {
+			zones = make([]*zone, 0, res.TotalItems)
+		}
+		for i := range res.Items {
+			zones = append(zones, &res.Items[i])
+		}
+
+		if !res.HasMoreItems {
+			break
+		}
+		page++
+	}
+
+	return zones, nil
+}
+
+func (b *bunnydnsProvider) createZone(domain string) (*zone, error) {
+	zone := &zone{}
+	body := map[string]string{"domain": domain}
+	err := b.request("POST", "/dnszone", nil, body, &zone, []int{http.StatusCreated})
+
+	if err != nil {
+		return nil, err
+	}
+
+	b.zones[domain] = zone
+	return zone, nil
+}
+
+func (b *bunnydnsProvider) getAllRecords(zoneID int64) ([]*record, error) {
+	zone := &getZoneResponse{}
+	err := b.request("GET", fmt.Sprintf("/dnszone/%d", zoneID), nil, nil, zone, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	records := make([]*record, 0, len(zone.Records))
+	for i := range zone.Records {
+		records = append(records, &zone.Records[i])
+	}
+
+	return records, nil
+}
+
+func (b *bunnydnsProvider) createRecord(zoneID int64, r *record) error {
+	url := fmt.Sprintf("/dnszone/%d/records", zoneID)
+	return b.request("PUT", url, nil, r, nil, []int{http.StatusCreated})
+}
+
+func (b *bunnydnsProvider) modifyRecord(zoneID int64, recordID int64, r *record) error {
+	url := fmt.Sprintf("/dnszone/%d/records/%d", zoneID, recordID)
+	return b.request("POST", url, nil, r, nil, []int{http.StatusNoContent})
+}
+
+func (b *bunnydnsProvider) deleteRecord(zoneID, recordID int64) error {
+	url := fmt.Sprintf("/dnszone/%d/records/%d", zoneID, recordID)
+	return b.request("DELETE", url, nil, nil, nil, []int{http.StatusNoContent})
+}
+
+func (b *bunnydnsProvider) request(method, endpoint string, query queryParams, body, target any, validStatus []int) error {
+	if validStatus == nil {
+		validStatus = []int{http.StatusOK}
+	}
+
+	var requestBody io.Reader
+	if body != nil {
+		requestBodyJSON, err := json.Marshal(body)
+		if err != nil {
+			return err
+		}
+		requestBody = bytes.NewBuffer(requestBodyJSON)
+	}
+
+	req, err := http.NewRequest(method, baseURL+endpoint, requestBody)
+	if err != nil {
+		return err
+	}
+
+	req.Header.Add("AccessKey", b.apiKey)
+	if requestBody != nil {
+		req.Header.Add("Content-Type", "application/json")
+	}
+
+	if query != nil {
+		q := req.URL.Query()
+		for k, v := range query {
+			q.Add(k, v)
+		}
+		req.URL.RawQuery = q.Encode()
+	}
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return err
+	}
+	cleanup := func() {
+		if err := resp.Body.Close(); err != nil {
+			printer.Printf("BUNNY_DNS: Could not close response body after API call: %q\n", err)
+		}
+	}
+
+	if !slices.Contains(validStatus, resp.StatusCode) {
+		data, _ := io.ReadAll(resp.Body)
+		printer.Println(fmt.Sprintf("BUNNY_DNS: Bad API response for %s %s: %s", method, endpoint, string(data)))
+		cleanup()
+		return fmt.Errorf("bad status code from BUNNY_DNS: %d not in %v", resp.StatusCode, validStatus)
+	}
+
+	if target == nil {
+		cleanup()
+		return nil
+	}
+
+	err = json.NewDecoder(resp.Body).Decode(target)
+	cleanup()
+	return err
+}
diff --git a/providers/bunnydns/auditrecords.go b/providers/bunnydns/auditrecords.go
new file mode 100644
index 0000000000..de810830b3
--- /dev/null
+++ b/providers/bunnydns/auditrecords.go
@@ -0,0 +1,17 @@
+package bunnydns
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+	a.Add("TXT", rejectif.TxtIsEmpty)       // Last verified 2024-01-02
+	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2024-01-02
+
+	return a.Audit(records)
+}
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
new file mode 100644
index 0000000000..407d9b0e35
--- /dev/null
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -0,0 +1,61 @@
+package bunnydns
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+)
+
+var features = providers.DocumentationNotes{
+	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Cannot(),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Cannot(),
+	providers.CanUseDS:               providers.Cannot(),
+	providers.CanUseDSForChildren:    providers.Cannot(),
+	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseNAPTR:            providers.Cannot(),
+	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSOA:              providers.Cannot(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Cannot(),
+	providers.CanUseTLSA:             providers.Cannot(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Cannot(),
+	providers.DocOfficiallySupported: providers.Cannot(),
+}
+
+type bunnydnsProvider struct {
+	apiKey string
+	zones  map[string]*zone
+}
+
+func init() {
+	fns := providers.DspFuncs{
+		Initializer:   newBunnydns,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType("BUNNY_DNS", fns, features)
+}
+
+func newBunnydns(settings map[string]string, _ json.RawMessage) (providers.DNSServiceProvider, error) {
+	apiKey := settings["api_key"]
+	if apiKey == "" {
+		return nil, fmt.Errorf("missing BUNNY_DNS api_key")
+	}
+
+	return &bunnydnsProvider{
+		apiKey: apiKey,
+	}, nil
+}
+
+func (b *bunnydnsProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	zone, err := b.findZoneByDomain(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	return models.ToNameservers(zone.Nameservers())
+}
diff --git a/providers/bunnydns/convert.go b/providers/bunnydns/convert.go
new file mode 100644
index 0000000000..617e9a2808
--- /dev/null
+++ b/providers/bunnydns/convert.go
@@ -0,0 +1,161 @@
+package bunnydns
+
+import (
+	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/miekg/dns/dnsutil"
+	"golang.org/x/exp/slices"
+	"strings"
+)
+
+var fqdnTypes = []recordType{recordTypeCNAME, recordTypeMX, recordTypeNS, recordTypePTR, recordTypeSRV}
+
+func fromRecordConfig(rc *models.RecordConfig) (*record, error) {
+	r := record{
+		Type:  recordTypeFromString(rc.Type),
+		Name:  rc.GetLabel(),
+		Value: rc.GetTargetField(),
+		TTL:   rc.TTL,
+	}
+
+	// While Bunny DNS does not use trailing dots, it still accepts and even preserves them for certain record types.
+	// To avoid confusion, any trailing dots are removed from the record value.
+	if slices.Contains(fqdnTypes, r.Type) && strings.HasSuffix(r.Value, ".") {
+		r.Value = strings.TrimSuffix(r.Value, ".")
+	}
+
+	switch r.Type {
+	case recordTypeNS:
+		if r.Name == "" {
+			r.TTL = 0
+		}
+	case recordTypeSRV:
+		r.Priority = rc.SrvPriority
+		r.Weight = rc.SrvWeight
+		r.Port = rc.SrvPort
+	case recordTypeCAA:
+		r.Flags = rc.CaaFlag
+		r.Tag = rc.CaaTag
+	case recordTypeMX:
+		r.Priority = rc.MxPreference
+	}
+
+	return &r, nil
+}
+
+func toRecordConfig(domain string, r *record) (*models.RecordConfig, error) {
+	rc := models.RecordConfig{
+		Type:     recordTypeToString(r.Type),
+		TTL:      r.TTL,
+		Original: r,
+	}
+	rc.SetLabel(r.Name, domain)
+
+	// Bunny DNS always operates with fully-qualified names and does not use any trailing dots.
+	// If a record already contains a trailing dot, which the provider UI also accepts, the record value is left as-is.
+	recordValue := r.Value
+	if slices.Contains(fqdnTypes, r.Type) && !strings.HasSuffix(r.Value, ".") {
+		recordValue = dnsutil.AddOrigin(r.Value+".", domain)
+	}
+
+	var err error
+	switch rc.Type {
+	case "CAA":
+		err = rc.SetTargetCAA(r.Flags, r.Tag, recordValue)
+	case "MX":
+		err = rc.SetTargetMX(r.Priority, recordValue)
+	case "SRV":
+		err = rc.SetTargetSRV(r.Priority, r.Weight, r.Port, recordValue)
+	default:
+		err = rc.PopulateFromStringFunc(rc.Type, recordValue, domain, nil)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &rc, nil
+}
+
+type recordType int
+
+const (
+	recordTypeA        recordType = 0
+	recordTypeAAAA     recordType = 1
+	recordTypeCNAME    recordType = 2
+	recordTypeTXT      recordType = 3
+	recordTypeMX       recordType = 4
+	recordTypeRedirect recordType = 5
+	recordTypeFlatten  recordType = 6
+	recordTypePullZone recordType = 7
+	recordTypeSRV      recordType = 8
+	recordTypeCAA      recordType = 9
+	recordTypePTR      recordType = 10
+	recordTypeScript   recordType = 11
+	recordTypeNS       recordType = 12
+)
+
+func recordTypeFromString(t string) recordType {
+	switch t {
+	case "A":
+		return recordTypeA
+	case "AAAA":
+		return recordTypeAAAA
+	case "CNAME":
+		return recordTypeCNAME
+	case "TXT":
+		return recordTypeTXT
+	case "MX":
+		return recordTypeMX
+	case "REDIRECT":
+		return recordTypeRedirect
+	case "FLATTEN":
+		return recordTypeFlatten
+	case "PULL_ZONE":
+		return recordTypePullZone
+	case "SRV":
+		return recordTypeSRV
+	case "CAA":
+		return recordTypeCAA
+	case "PTR":
+		return recordTypePTR
+	case "SCRIPT":
+		return recordTypeScript
+	case "NS":
+		return recordTypeNS
+	default:
+		panic(fmt.Errorf("BUNNY_DNS: rtype %v unimplemented", t))
+	}
+}
+
+func recordTypeToString(t recordType) string {
+	switch t {
+	case recordTypeA:
+		return "A"
+	case recordTypeAAAA:
+		return "AAAA"
+	case recordTypeCNAME:
+		return "CNAME"
+	case recordTypeTXT:
+		return "TXT"
+	case recordTypeMX:
+		return "MX"
+	case recordTypeRedirect:
+		return "REDIRECT"
+	case recordTypeFlatten:
+		return "FLATTEN"
+	case recordTypePullZone:
+		return "PULL_ZONE"
+	case recordTypeSRV:
+		return "SRV"
+	case recordTypeCAA:
+		return "CAA"
+	case recordTypePTR:
+		return "PTR"
+	case recordTypeScript:
+		return "SCRIPT"
+	case recordTypeNS:
+		return "NS"
+	default:
+		panic(fmt.Errorf("BUNNY_DNS: native rtype %v unimplemented", t))
+	}
+}
diff --git a/providers/bunnydns/listzones.go b/providers/bunnydns/listzones.go
new file mode 100644
index 0000000000..f73fe74c68
--- /dev/null
+++ b/providers/bunnydns/listzones.go
@@ -0,0 +1,32 @@
+package bunnydns
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/printer"
+
+func (b *bunnydnsProvider) ListZones() ([]string, error) {
+	zones, err := b.getAllZones()
+	if err != nil {
+		return nil, err
+	}
+
+	zoneNames := make([]string, 0, len(zones))
+	for _, zone := range zones {
+		zoneNames = append(zoneNames, zone.Domain)
+	}
+
+	return zoneNames, nil
+}
+
+func (b *bunnydnsProvider) EnsureZoneExists(domain string) error {
+	_, err := b.findZoneByDomain(domain)
+	if err == nil {
+		return nil
+	}
+
+	zone, err := b.createZone(domain)
+	if err != nil {
+		return err
+	}
+
+	printer.Warnf("BUNNY_DNS: Added zone %s with ID %d", domain, zone.ID)
+	return nil
+}
diff --git a/providers/bunnydns/records.go b/providers/bunnydns/records.go
new file mode 100644
index 0000000000..5a6a934463
--- /dev/null
+++ b/providers/bunnydns/records.go
@@ -0,0 +1,147 @@
+package bunnydns
+
+import (
+	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"golang.org/x/exp/slices"
+)
+
+func (b *bunnydnsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	zone, err := b.findZoneByDomain(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	nativeRecs, err := b.getAllRecords(zone.ID)
+	if err != nil {
+		return nil, err
+	}
+
+	implicitRecs, err := b.getImplicitRecordConfigs(zone)
+	if err != nil {
+		return nil, err
+	}
+
+	recs := make(models.Records, 0, len(nativeRecs)+len(implicitRecs))
+	recs = append(recs, implicitRecs...)
+
+	// Define a list of record types that are currently not supported by this provider.
+	unsupportedTypes := []recordType{
+		recordTypeRedirect,
+		recordTypeFlatten,
+		recordTypePullZone,
+		recordTypeScript,
+	}
+
+	// Loop through all native records and convert them to standardized RecordConfigs
+	// Unsupported record types are ignored with a warning and will remain untouched in the zone.
+	for _, nativeRec := range nativeRecs {
+		if slices.Contains(unsupportedTypes, nativeRec.Type) {
+			printer.Warnf("BUNNY_DNS: ignoring unsupported record type %s\n", recordTypeToString(nativeRec.Type))
+			continue
+		}
+
+		rc, err := toRecordConfig(zone.Domain, nativeRec)
+		if err != nil {
+			return nil, err
+		}
+		recs = append(recs, rc)
+	}
+
+	return recs, nil
+}
+
+func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+	// Bunny DNS never returns NS records for the apex domain, so these are artificially added when retrieving records.
+	// As no TTL can be configured or retrieved for these NS records, we set it to 0 to avoid unnecessary updates.
+	for _, rc := range dc.Records {
+		if rc.Name == "@" && rc.Type == "NS" {
+			rc.TTL = 0
+		}
+	}
+
+	zone, err := b.findZoneByDomain(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	instructions, err := diff2.ByRecord(existing, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var corrections []*models.Correction
+	for _, inst := range instructions {
+		switch inst.Type {
+		case diff2.REPORT:
+			corrections = append(corrections, &models.Correction{
+				Msg: inst.MsgsJoined,
+			})
+		case diff2.CREATE:
+			corrections = append(corrections, b.mkCreateCorrection(
+				zone.ID, inst.New[0], inst.Msgs[0],
+			))
+		case diff2.CHANGE:
+			corrections = append(corrections, b.mkChangeCorrection(
+				zone.ID, inst.Old[0], inst.New[0], inst.Msgs[0],
+			))
+		case diff2.DELETE:
+			corrections = append(corrections, b.mkDeleteCorrection(
+				zone.ID, inst.Old[0], inst.Msgs[0],
+			))
+		default:
+			panic(fmt.Sprintf("unhandled inst.Type %s", inst.Type))
+		}
+	}
+
+	return corrections, nil
+}
+
+func (b *bunnydnsProvider) mkCreateCorrection(zoneID int64, newRec *models.RecordConfig, msg string) *models.Correction {
+	return &models.Correction{
+		Msg: msg,
+		F: func() error {
+			desired, err := fromRecordConfig(newRec)
+			if err != nil {
+				return err
+			}
+
+			return b.createRecord(zoneID, desired)
+		},
+	}
+}
+
+func (b *bunnydnsProvider) mkChangeCorrection(zoneID int64, oldRec, newRec *models.RecordConfig, msg string) *models.Correction {
+	return &models.Correction{
+		Msg: msg,
+		F: func() error {
+			existingID := oldRec.Original.(*record).ID
+			if existingID == 0 {
+				return fmt.Errorf("BUNNY_DNS: cannot change implicit records")
+			}
+
+			desired, err := fromRecordConfig(newRec)
+			if err != nil {
+				return err
+			}
+
+			return b.modifyRecord(zoneID, existingID, desired)
+		},
+	}
+}
+
+func (b *bunnydnsProvider) mkDeleteCorrection(zoneID int64, oldRec *models.RecordConfig, msg string) *models.Correction {
+	return &models.Correction{
+		Msg: msg,
+		F: func() error {
+			existingID := oldRec.Original.(*record).ID
+			if existingID == 0 {
+				return fmt.Errorf("BUNNY_DNS: cannot delete implicit records")
+			}
+
+			return b.deleteRecord(zoneID, existingID)
+		},
+	}
+}

From 742610c33786dffd262214d72328c4d40964c2c8 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 7 Jan 2024 15:39:53 +0100
Subject: [PATCH 110/438] CICD: GoReleaser version - part 3 (#2769)

---
 main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 9feb5b327e..b0737bc5ab 100644
--- a/main.go
+++ b/main.go
@@ -27,5 +27,5 @@ func main() {
 	if info, ok := debug.ReadBuildInfo(); !ok && info == nil {
 		fmt.Fprint(os.Stderr, "Warning: dnscontrol was built without Go modules. See https://docs.dnscontrol.org/getting-started/getting-started#source for more information on how to build dnscontrol correctly.\n\n")
 	}
-	os.Exit(commands.Run("DNSControl " + version))
+	os.Exit(commands.Run("DNSControl version " + version))
 }

From 38fa1762a1e99840ba582c989537baf923134e92 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 7 Jan 2024 15:41:49 +0100
Subject: [PATCH 111/438] CICD: Clean-up old release strategy (#2773)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml          |  96 -----------------------
 .github/workflows/release.yml.DISABLED | 103 -------------------------
 2 files changed, 199 deletions(-)
 delete mode 100644 .github/workflows/release.yml.DISABLED

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 757162cd9c..4a136c9110 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -201,99 +201,3 @@ jobs:
     - uses: actions/upload-artifact@v3.1.3
       with:
         path: "/tmp/test-results"
-#  release:
-#    if: # GitHub does not currently support regular expressions inside if conditions
-##         (github.ref == 'refs/tags//v[0-9]+(\.[0-9]+)*(-.*)*/') && (github.ref != 'refs/heads//.*/')
-#    runs-on: ubuntu-latest
-#    container:
-#      image: golang:${{ env.gover }}
-#    needs:
-#    - build
-#    env:
-#      DOCKERHUB_ACCESS_TOKEN:
-#      DOCKERHUB_USERNAME:
-#    steps:
-#    - uses: actions/checkout@v4
-##     # 'setup_remote_docker' was not transformed because there is no suitable equivalent in GitHub Actions
-#    - uses: "./.github/actions/docker_check"
-#      with:
-#        docker-password: "${{ secrets.DOCKER_PASSWORD }}"
-#        docker-username: "${{ env.DOCKER_LOGIN }}"
-#    - name: restore_cache
-#      uses: actions/cache@v3.3.2
-#      with:
-#        key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-#        restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-#    - name: Install goreleaser
-#      run: go install github.com/goreleaser/goreleaser@latest
-#    - run: goreleaser release
-#    - uses: actions/upload-artifact@v3.1.3
-#      with:
-#        path: dist
-#    - uses: actions/upload-artifact@v3.1.3
-#      with:
-#        path: |-
-#          dist/*.rpm
-#          dist/*.deb
-#  upload:
-#    if: # GitHub does not currently support regular expressions inside if conditions
-##         (github.ref == 'refs/tags//v[0-9]+(\.[0-9]+)*(-.*)*/') && (github.ref != 'refs/heads//.*/')
-#    runs-on: ubuntu-latest
-#    container:
-#      image: python:3.10
-#    needs:
-#    - release
-#    env:
-#      CLOUDSMITH_API_KEY:
-#      CLOUDSMITH_USERNAME:
-#      DOCKER_LOGIN:
-#      DOCKER_PASSWORD:
-#    strategy:
-#      matrix:
-#        arch:
-#        - i386
-#        - x86_64
-#        - arm64
-#        format:
-#        distro:
-#    steps:
-#    - uses: actions/download-artifact@v3.0.1
-#      with:
-#        path: "."
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_ensure_api_key:
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_install_cli:
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_publish:
-#  upload_1:
-#    if: # GitHub does not currently support regular expressions inside if conditions
-##         (github.ref == 'refs/tags//v[0-9]+(\.[0-9]+)*(-.*)*/') && (github.ref != 'refs/heads//.*/')
-#    runs-on: ubuntu-latest
-#    container:
-#      image: python:3.10
-#    needs:
-#    - release
-#    env:
-#      CLOUDSMITH_API_KEY:
-#      CLOUDSMITH_USERNAME:
-#      DOCKER_LOGIN:
-#      DOCKER_PASSWORD:
-#    strategy:
-#      matrix:
-#        arch:
-#        - i386
-#        - amd64
-#        - arm64
-#        format:
-#        distro:
-#    steps:
-#    - uses: actions/download-artifact@v3.0.1
-#      with:
-#        path: "."
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_ensure_api_key:
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_install_cli:
-##     # This item has no matching transformer
-##     - cloudsmith_cloudsmith_publish:
diff --git a/.github/workflows/release.yml.DISABLED b/.github/workflows/release.yml.DISABLED
deleted file mode 100644
index bb14282e33..0000000000
--- a/.github/workflows/release.yml.DISABLED
+++ /dev/null
@@ -1,103 +0,0 @@
-on:
-  release:
-    types: [published]
-
-name: release
-jobs:
-  release:
-    name: release
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Get release
-      id: get_release
-      uses: bruceadams/get-release@v1.3.2
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-
-    - name: Checkout repo
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-
-    - name: Set up Go
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.21
-
-    - name: Build binaries
-      run: go run build/build.go
-      env:
-        CGO_ENABLED: 0
-
-    - name: Get release from tag
-      run: echo ::set-output name=RELEASE_VERSION::$(echo ${GITHUB_REF:11})
-      id: versioner
-
-    - name: Create target directory
-      run: mkdir -p usr/bin
-
-    - name: Copy Linux version to dnscontrol
-      run: cp dnscontrol-Linux usr/bin/dnscontrol
-
-    - name: Bundle RPM
-      uses: bpicode/github-action-fpm@master
-      with:
-        fpm_args: 'usr/'
-        fpm_opts: '-n dnscontrol -t rpm -s dir -v ${{ steps.versioner.outputs.RELEASE_VERSION }} --license "The MIT License (MIT)" --url "https://dnscontrol.org/" --description "DNSControl: Infrastructure as Code for DNS Zones"'
-
-    - name: Bundle DEB
-      uses: bpicode/github-action-fpm@master
-      with:
-        fpm_args: 'usr/'
-        fpm_opts: '-n dnscontrol -t deb -s dir -v ${{ steps.versioner.outputs.RELEASE_VERSION }} --license "The MIT License (MIT)" --url "https://dnscontrol.org/" --description "DNSControl: Infrastructure as Code for DNS Zones"'
-
-    - name: Upload dnscontrol-Darwin
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: ./dnscontrol-Darwin
-        asset_name: dnscontrol-Darwin
-        asset_content_type: application/octet-stream
-
-    - name: Upload dnscontrol-Linux
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: ./dnscontrol-Linux
-        asset_name: dnscontrol-Linux
-        asset_content_type: application/octet-stream
-
-    - name: Upload dnscontrol.exe
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: ./dnscontrol.exe
-        asset_name: dnscontrol.exe
-        asset_content_type: application/octet-stream
-
-    - name: Upload RPM
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: dnscontrol-${{ steps.versioner.outputs.RELEASE_VERSION }}-1.x86_64.rpm
-        asset_name: dnscontrol-${{ steps.versioner.outputs.RELEASE_VERSION }}-1.x86_64.rpm
-        asset_content_type: application/x-rpm
-
-    - name: Upload DEB
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ steps.get_release.outputs.upload_url }}
-        asset_path: dnscontrol_${{ steps.versioner.outputs.RELEASE_VERSION }}_amd64.deb
-        asset_name: dnscontrol_${{ steps.versioner.outputs.RELEASE_VERSION }}_amd64.deb
-        asset_content_type: application/vnd.debian.binary-package

From 14c5a724b7410a68445499340cc03ab72ea9bc99 Mon Sep 17 00:00:00 2001
From: evan <evanmccarthy@outlook.com>
Date: Mon, 8 Jan 2024 09:49:02 -0500
Subject: [PATCH 112/438] DYNADOT: correct example in docs (#2776)

---
 documentation/providers/dynadot.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/providers/dynadot.md b/documentation/providers/dynadot.md
index 19a88970eb..615f238c6b 100644
--- a/documentation/providers/dynadot.md
+++ b/documentation/providers/dynadot.md
@@ -10,7 +10,7 @@ Example:
 {% code title="creds.json" %}
 ```json
 {
-  "easyname": {
+  "dynadot": {
     "TYPE": "DYNADOT",
     "key": "API Key",
   }

From 6a8561fbe7f76877fc7e04c50a2890ac54a74eac Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 11:54:17 -0500
Subject: [PATCH 113/438] Build(deps): Bump actions/setup-go from 4 to 5
 (#2777)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 4a136c9110..be69881d24 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -24,7 +24,7 @@ jobs:
       with:
         fetch-depth: 0
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: stable
     - name: restore_cache

From ce454c3e5135402756b211baa14485b5dc0f0ad7 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 8 Jan 2024 11:58:21 -0500
Subject: [PATCH 114/438] Unknown rtypes should not result in panic (#2775)

---
 commands/getZones.go         | 12 +++++++++++-
 models/record.go             |  6 +++++-
 models/t_parse.go            |  4 ++--
 models/target.go             |  4 ++++
 models/unknown.go            |  9 +++++++++
 pkg/prettyzone/prettyzone.go |  3 +++
 6 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 models/unknown.go

diff --git a/commands/getZones.go b/commands/getZones.go
index 1d6a0e8ec2..aad4394147 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -286,8 +286,12 @@ func GetZone(args GetZoneArgs) error {
 					}
 				}
 
+				ty := rec.Type
+				if rec.Type == "UNKNOWN" {
+					ty = rec.UnknownTypeName
+				}
 				fmt.Fprintf(w, "%s\t%s\t%d\tIN\t%s\t%s%s\n",
-					rec.NameFQDN, rec.Name, rec.TTL, rec.Type, rec.GetTargetCombinedFunc(nil), cfproxy)
+					rec.NameFQDN, rec.Name, rec.TTL, ty, rec.GetTargetCombinedFunc(nil), cfproxy)
 			}
 
 		default:
@@ -363,6 +367,8 @@ func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) str
 		target = `"` + target + `"`
 	case "R53_ALIAS":
 		return makeR53alias(rec, ttl)
+	case "UNKNOWN":
+		return makeUknown(rec, ttl)
 	default:
 		target = `"` + target + `"`
 	}
@@ -399,3 +405,7 @@ func makeR53alias(rec *models.RecordConfig, ttl uint32) string {
 	}
 	return rec.Type + "(" + strings.Join(items, ", ") + ")"
 }
+
+func makeUknown(rc *models.RecordConfig, ttl uint32) string {
+	return fmt.Sprintf(`// %s("%s")`, rc.UnknownTypeName, rc.GetTargetField())
+}
diff --git a/models/record.go b/models/record.go
index d49078b12c..4bc008c9d5 100644
--- a/models/record.go
+++ b/models/record.go
@@ -93,7 +93,7 @@ type RecordConfig struct {
 	Metadata  map[string]string `json:"meta,omitempty"`
 	Original  interface{}       `json:"-"` // Store pointer to provider-specific record object. Used in diffing.
 
-	// If you add a field to this struct, also add it to the list on MarshalJSON.
+	// If you add a field to this struct, also add it to the list in the UnmarshalJSON function.
 	MxPreference     uint16            `json:"mxpreference,omitempty"`
 	SrvPriority      uint16            `json:"srvpriority,omitempty"`
 	SrvWeight        uint16            `json:"srvweight,omitempty"`
@@ -129,6 +129,7 @@ type RecordConfig struct {
 	TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
 	R53Alias         map[string]string `json:"r53_alias,omitempty"`
 	AzureAlias       map[string]string `json:"azure_alias,omitempty"`
+	UnknownTypeName  string            `json:"unknown_type_name,omitempty"`
 }
 
 // MarshalJSON marshals RecordConfig.
@@ -196,6 +197,7 @@ func (rc *RecordConfig) UnmarshalJSON(b []byte) error {
 		TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
 		R53Alias         map[string]string `json:"r53_alias,omitempty"`
 		AzureAlias       map[string]string `json:"azure_alias,omitempty"`
+		UnknownTypeName  string            `json:"unknown_type_name,omitempty"`
 
 		EnsureAbsent bool `json:"ensure_absent,omitempty"` // Override NO_PURGE and delete this record
 
@@ -318,6 +320,8 @@ func (rc *RecordConfig) ToComparableNoTTL() string {
 		r := txtutil.EncodeQuoted(rc.target)
 		//fmt.Fprintf(os.Stdout, "DEBUG: ToComNoTTL cmp txts=%s q=%q\n", r, r)
 		return r
+	case "UNKNOWN":
+		return fmt.Sprintf("rtype=%s rdata=%s", rc.UnknownTypeName, rc.target)
 	}
 	return rc.GetTargetCombined()
 }
diff --git a/models/t_parse.go b/models/t_parse.go
index 10d9c94dff..22f99fe064 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -104,8 +104,8 @@ func (rc *RecordConfig) PopulateFromStringFunc(rtype, contents, origin string, t
 	case "TLSA":
 		return rc.SetTargetTLSAString(contents)
 	default:
-		return fmt.Errorf("unknown rtype (%s) when parsing (%s) domain=(%s)",
-			rtype, contents, origin)
+		//return fmt.Errorf("unknown rtype (%s) when parsing (%s) domain=(%s)", rtype, contents, origin)
+		return MakeUnknown(rc, rtype, contents, origin)
 	}
 }
 
diff --git a/models/target.go b/models/target.go
index d59c598ac2..4194b03342 100644
--- a/models/target.go
+++ b/models/target.go
@@ -45,6 +45,7 @@ func (rc *RecordConfig) GetTargetCombinedFunc(encodeFn func(s string) string) st
 // WARNING: How TXT records are handled is buggy but we can't change it because
 // code depends on the bugs. Use Get GetTargetCombinedFunc() instead.
 func (rc *RecordConfig) GetTargetCombined() string {
+
 	// Pseudo records:
 	if _, ok := dns.StringToType[rc.Type]; !ok {
 		switch rc.Type { // #rtype_variations
@@ -60,7 +61,10 @@ func (rc *RecordConfig) GetTargetCombined() string {
 		}
 	}
 
+	// Everything else
 	switch rc.Type {
+	case "UNKNOWN":
+		return fmt.Sprintf("rtype=%s rdata=%s", rc.UnknownTypeName, rc.target)
 	case "TXT":
 		return rc.zoneFileQuoted()
 	case "SOA":
diff --git a/models/unknown.go b/models/unknown.go
new file mode 100644
index 0000000000..71dfb696ac
--- /dev/null
+++ b/models/unknown.go
@@ -0,0 +1,9 @@
+package models
+
+func MakeUnknown(rc *RecordConfig, rtype string, contents string, origin string) error {
+	rc.Type = "UNKNOWN"
+	rc.UnknownTypeName = rtype
+	rc.target = contents
+
+	return nil
+}
diff --git a/pkg/prettyzone/prettyzone.go b/pkg/prettyzone/prettyzone.go
index 481fb8ae79..901b6a1c81 100644
--- a/pkg/prettyzone/prettyzone.go
+++ b/pkg/prettyzone/prettyzone.go
@@ -137,6 +137,9 @@ func (z *ZoneGenData) generateZoneFileHelper(w io.Writer) error {
 
 		// type
 		typeStr := rr.Type
+		if rr.Type == "UNKNOWN" {
+			typeStr = rr.UnknownTypeName
+		}
 
 		// the remaining line
 		target := rr.GetTargetCombinedFunc(txtutil.EncodeQuoted)

From f46004eff9b203df929492b6f160ef23cb629246 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 8 Jan 2024 16:01:08 -0500
Subject: [PATCH 115/438] DOCS: Update how to submit BYO credentials (#2767)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
Co-authored-by: Pascal Mathis <dev@ppmathis.com>
---
 .github/workflows/pr_test.yml      |   2 +
 documentation/byo-secrets.md       | 120 ++++++++++++++++++-------
 documentation/styleguide-doc.md    |   9 +-
 documentation/writing-providers.md | 137 +++++++++++++++++------------
 4 files changed, 180 insertions(+), 88 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index be69881d24..226111f31a 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -102,6 +102,7 @@ jobs:
       TEST_RESULTS: "/tmp/test-results"
       GOTESTSUM_FORMAT: testname
 
+      # PROVIDER DOMAIN LIST
       # These providers will be tested if the env variable is set.
       # Set it to the domain name to use during the test.
       AZURE_DNS_DOMAIN: ${{ vars.AZURE_DNS_DOMAIN }}
@@ -121,6 +122,7 @@ jobs:
       ROUTE53_DOMAIN: ${{ vars.ROUTE53_DOMAIN }}
       TRANSIP_DOMAIN: ${{ vars.TRANSIP_DOMAIN }}
 
+      # PROVIDER SECRET LIST
       # The above providers have additional env variables they
       # need for credentials and such.
 
diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
index d4d650bd18..ce7b9fae66 100644
--- a/documentation/byo-secrets.md
+++ b/documentation/byo-secrets.md
@@ -1,23 +1,17 @@
 # Bring-Your-Own-Secrets for automated testing
 
 Goal: Enable automated integration testing without accidentally
-leaking our API keys and other secrets; at the same time permit anyone
-to automate their own tests without having to share their API keys and
-secrets.
+leaking credentials (API keys and other secrets); at the same time permit everyone
+to automate their own tests without having to share their credentials.
+
+The instructions in this document will enable automated tests to run in these situations:
 
 * PR from a project member:
-  * Automated tests run for a long list of providers. All officially supported
-    providers have automated tests, plus a few others too.
-* PR from an external person
-  * Automated tests run for a short list of providers. Any test that
-    requires secrets are skipped in the fork. They will run after the fact though
-    once the PR has been merged to into the `master` branch of StackExchange/dnscontrol.
-* PR from an external person that wants automated tests for their
-  provider.
-  * They can set up secrets in their own GitHub account for any tests
-    they'd like to automate without sharing their secrets.
-  * Note: These tests can always be run outside of GitHub at the
-    command line.
+  * All officially supported providers plus many others too.
+* PR from an external people:
+  * Automated tests run for providers that don't require secrets, which is currently only `BIND`.
+* PR on a fork of DNSControl:
+  * The forker can set up secrets in their fork and only those providers with secrets will be tested. They can "set it and forget it" and all their future PRs will receive all the benefits of automated testing.
 
 # Background: How GitHub Actions protects secrets
 
@@ -47,16 +41,16 @@ gets its secrets from TomOnTime's secrets.
 Our automated integration tests leverages this info to have tests
 only run if they have access to the secrets they will need.
 
-# How it works
+# Which providers are selected for testing?
 
-Tests are executed if `*_DOMAIN` exists where `*` is the name of the provider.  If the value is empty or
+Tests are executed if the env variable`*_DOMAIN` exists where `*` is the name of the provider.  If the value is empty or
 unset, the test is skipped.
 For example, if a provider is called `FANCYDNS`, there must
-be a secret called `FANCYDNS_DOMAIN`.
+be a variable called `FANCYDNS_DOMAIN`.
 
 # Bring your own secrets
 
-This section describes how to add a provider to the testing system.
+This section describes how to add a provider to the "Actions" part of GitHub.
 
 Step 1: Create a branch
 
@@ -64,22 +58,27 @@ Create a branch as you normally would to submit a PR to the project.
 
 Step 2: Update `pr_test.yml`
 
-In this branch, edit `.github/workflows/pr_test.yml`:
+Edit `.github/workflows/pr_test.yml`
+
+1. Add the provider to the `PROVIDERS` list.
 
-1. In the `integration-test-providers` section, the name of the provider.
+* Add the name of the provider to the PROVIDERS list.
+* Please keep this list sorted alphabetically.
 
-Add your provider's name (alphabetically).
 The line looks something like:
 
 {% code title=".github/workflows/pr_test.yml" %}
 ```
-        PROVIDERS: "['BIND','HEXONET','AZURE_DNS','CLOUDFLAREAPI','GCLOUD','NAMEDOTCOM','ROUTE53','CLOUDNS','DIGITALOCEAN','GANDI_V5','HEDNS','INWX','NS1','POWERDNS','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
 ```
 {% endcode %}
 
 2. Add your providers `_DOMAIN` env variable:
 
-Add it to the `env` section of `integration-tests`.
+* Add it to the `env` section of `integration-tests`.
+* Please keep this list sorted alphabetically.
+
+To find this section, search for `PROVIDER SECRET LIST`.
 
 For example, the entry for BIND looks like:
 
@@ -91,7 +90,11 @@ For example, the entry for BIND looks like:
 
 3. Add your providers other ENV variables:
 
-If there are other env variables (for example, for an API key), add that as a "secret".
+Every provider requires different variables set to perform the integration tests.  The list of such variables is in `integrationTest/providers.json`.
+
+You've already added `*_DOMAIN` to `pr_test.yml`. Now we're going to add the remaining ones.
+
+To find this section, search for `PROVIDER SECRET LIST`.
 
 For example, the entry for CLOUDFLAREAPI looks like this:
 
@@ -102,15 +105,66 @@ For example, the entry for CLOUDFLAREAPI looks like this:
 ```
 {% endcode %}
 
-Step 3. Submit this PR like any other.
+Step 3. Add the secrets to the repo.
+
+The `*_DOMAIN` variable is stored as a "variable" while the others are stored as "secrets".
+
+1. Go to Settings -> Secrets and variables -> Actions.
+
+2. On the "Variables" tab, add `*_DOMAIN` with the name of a test domain. This domain must already exist in the account. The DNS records of the domain will be deleted, so please use a test domain or other disposable domain.
+
+{% hint style="info" %}
+For the main project, **variables** are added here: [https://github.com/StackExchange/dnscontrol/settings/variables/actions](https://github.com/StackExchange/dnscontrol/settings/variables/actions)
+{% endhint %}
+
+3. On the "Secrets" tab, add the other env variables.
+
+{% hint style="info" %}
+For the main project, **secrets** are added here: [https://github.com/StackExchange/dnscontrol/settings/secrets/actions](https://github.com/StackExchange/dnscontrol/settings/secrets/actions)
+{% endhint %}
+
+If you have forked the project, add these to the settings of that fork.
+
+Step 4. Submit this PR like any other.
+
+GitHub Actions should kick and and run the tests.
+
+The tests will fail if a secret is wrong or missing.  It may take a few iterations to get everything working because... computers.
+
+# Donate secrets to the project
+
+The DNSControl project would like to have all providers automatically tested.
+However, we can't fund purchasing domains or maintaining credentials at every
+provider. Instead we depend on volunteers to maintain (and pay for) such
+accounts.
+
+We recommend the domain be named `dnscontroltest-PROVIDER.com` (or similar)
+where PROVIDER is replaced by the name of your provider or an abbreviation. For
+example `dnscontroltest-r53.com` and `dnscontroltest-gcloud.com`.
+
+When possible, use an OTE or free domain. Don't spend money if you don't have
+to. This isn't just to be thrifty! It avoids renewals and other hassles too.
+You'd be surprised at how many providers (such as Google and Azure) permit DNS
+zones to be created in your account without registering them.
+
+For actual DNS domains, please select the "private registration" option if it
+is available. Otherwise you will get spam phones calls and emails. The phone
+calls will make you wish you didn't own a phone.
+
+{% hint style="danger" %}
+Some rules:
+
+* The account/credentials should only access the test domain. Don't send your company's actual credentials and trust us to only touch the test domain. (this hasn't happened yet, thankfully!)
+* Renew the domain in a timely manner. This may be monitoring an email inbox you don't normally monitor.
+* Don't do anything that will get you in trouble with your employer, like charging it to your employer without permission. (this hasn't happend yet either, thankfully!)
+{% endhint %}
+
+Now that we've covered all that...
 
+Create a new Github issue with a subject "Add PROVIDER to automated tests" where "PROVIDER" is the name of the provider. DO NOT SEND THE CREDENTIALS IN THE GITHUB ISSUE.  Write that you understand the above rules and would like to volunteer to maintain the credentials and account.
 
-# Caveats
+To securely send the credentials to the project, use this link: [https://transfer.secretoverflow.com/u/tlimoncelli](https://transfer.secretoverflow.com/u/tlimoncelli)
 
-Sadly there is no locking to prevent two PRs from running the same
-test on the same domain at the same time.  When that happens, both PRs
-running the tests fail. In the future we hope to add some locking.
+You'll hear back within a week.
 
-Also, maintaining a fork requires keeping it up to date. That's a bit
-more Git knowledge than I can describe here.  (I'm not a Git expert by
-any stretch of the imagination!)
+Thank you for contributing credentials. The more providers we can test automatically with each PR, the better. It "shifts left" finding bugs and API changes and makes less work for everyone.
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index cf0c551d4d..80bf387118 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -70,7 +70,7 @@ Break lines every 80 chars.
 
 Include a blank line between paragraphs.
 
-Leave one blank line before and after a heading.
+Leave exactly one blank line before and after a heading.
 
 JavaScript code should use double quotes (`"`) for strings, not single quotes
 (`'`).  They are equivalent but consistency is good.
@@ -218,6 +218,13 @@ Blah blah blah <https://www.google.com> blah blah.
 Blah blah blah [a search engine](https://www.google.com) blah blah.
 ```
 
+## Capitalization matters
+
+Please capitalize these terms as you see them here:
+
+  * DNSControl
+  * GitHub
+
 ## Proofreading
 
 Please spellcheck documents before submitting a PR.
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index a9f422ab7b..a4cd00a8b0 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -10,6 +10,8 @@ assigned bugs related to the provider in the future (unless
 you designate someone else as the maintainer). More details
 [here](providers.md).
 
+Please follow the [DNSControl Code Style Guide](https://docs.dnscontrol.org/developer-info/styleguide-code) and the [DNSControl Documentation Style Guide](https://docs.dnscontrol.org/developer-info/styleguide-doc).
+
 ## Overview
 
 I'll ignore all the small stuff and get to the point.
@@ -62,10 +64,11 @@ you write the DnsProvider first, release it, and then write the
 Registrar if needed.
 
 If you have any questions, please discuss them in the GitHub issue
-related to the request for this provider. Please let us know what
+related to the request for this provider.
+
+This document is constantly being updated.  Please let us know what
 was confusing so we can update this document with advice for future
-authors (or even better, update [this document](https://github.com/StackExchange/dnscontrol/blob/master/documentation/writing-providers.md)
-yourself.)
+authors (or even better send a PR!).
 
 ## Step 2: Pick a base provider
 
@@ -114,7 +117,7 @@ The main driver should be called `providers/name/nameProvider.go`.
 The API abstraction is usually in a separate file (often called
 `api.go`).
 
-Directory names should be consitent.  It should be all lowercase and match the ALLCAPS provider name.
+Directory names should be consitent.  It should be all lowercase and match the ALLCAPS provider name. Avoid `_`s.
 
 ## Step 4: Activate the driver
 
@@ -151,39 +154,42 @@ Run the unit tests with this command:
 
     go test ./...
 
-
 ## Step 7: Integration Test
 
 This is the most important kind of testing when adding a new provider.
-Integration tests use a test account and a real domain.
+Integration tests use a test account and a test domain.
+
+{% hint style="danger" %}
+All records will be deleted from the test domain!  Use a OTE domain or a real domain that isn't otherwise in use and can be destroyed.
+{% endhint %}
+
+* Edit [integrationTest/providers.json](https://github.com/StackExchange/dnscontrol/blob/master/integrationTest/providers.json):
+  * Add the `creds.json` info required for this provider in the form of environment variables.
 
-* Edit [integrationTest/providers.json](https://github.com/StackExchange/dnscontrol/blob/master/integrationTest/providers.json): Add the `creds.json` info required for this provider.
+Now you can run the integration tests.
 
-For example, this will run the tests using BIND:
+For example, test BIND:
 
 ```shell
-cd integrationTest              # NOTE: Not needed if already in that subdirectory
+cd integrationTest              # NOTE: Not needed if already there
+export BIND_DOMAIN='example.com'
 go test -v -verbose -provider BIND
 ```
 
-(BIND is a good place to  start since it doesn't require any API keys.)
+(BIND is a good place to start since it doesn't require API keys.)
 
 This will run the tests on Amazon AWS Route53:
 
 ```shell
-export R53_DOMAIN=dnscontroltest-r53.com  # Use a test domain.
+export R53_DOMAIN='dnscontroltest-r53.com'    # Use a test domain.
 export R53_KEY_ID='CHANGE_TO_THE_ID'
 export R53_KEY='CHANGE_TO_THE_KEY'
-cd integrationTest              # NOTE: Not needed if already in that subdirectory
+cd integrationTest              # NOTE: Not needed if already there
 go test -v -verbose -provider ROUTE53
 ```
 
 Some useful `go test` flags:
 
-* Slow tests? Add `-timeout n` to increase the timeout for tests
-  * `go test` kills the tests after 10 minutes by default.  Some providers need more time.
-  * This flag must be *before* the `-verbose` flag.  Usually it is the first flag after `go test`.
-  * Example:  `go test -timeout 20m -v -verbose -provider CLOUDFLAREAPI`
 * Run only certain tests using the `-start` and `-end` flags.
   * Rather than running all the tests, run just the tests you want.
   * These flags must be *after* the `-provider FOO` flag.
@@ -191,34 +197,42 @@ Some useful `go test` flags:
   * Example: `go test -v -verbose -provider ROUTE53 -start 5 -end 5` runs only test 5.
   * Example: `go test -v -verbose -provider ROUTE53 -start 20` skip the first 19 tests.
   * Example: `go test -v -verbose -provider ROUTE53 -end 20` only run the first 20 tests.
+* Slow tests? Add `-timeout n` to increase the timeout for tests
+  * `go test` kills the tests after 10 minutes by default.  Some providers need more time.
+  * This flag must be *before* the `-verbose` flag.  Usually it is the first flag after `go test`.
+  * Example:  `go test -timeout 20m -v -verbose -provider CLOUDFLAREAPI`
 * If a test will always fail because the provider doesn't support the feature, you can opt out of the test.  Look at `func makeTests()` in [integrationTest/integration_test.go](https://github.com/StackExchange/dnscontrol/blob/2f65533e1b92c2967229a92a304fff7c14f7f4b6/integrationTest/integration_test.go#L675) for more details.
 
-
 ## Step 8: Manual tests
 
+This is optional.
+
 There is a potential bug in how TXT records are handled. Sadly we haven't found
 an automated way to test for this bug.  The manual steps are here in
 [documentation/testing-txt-records.md](testing-txt-records.md)
 
-
-## Step 9: Update docs
-
-* Edit `README.md`: Add the provider to the bullet list.
-* Edit `documentation/providers.md`: Add the provider to the provider list.
-* Edit `documentation/SUMMARY.md`: Add the provider to the provider list.
-* Create `documentation/providers/PROVIDERNAME.md`: Use one of the other files in that directory as a base.
-* Edit `OWNERS`: Add the directory name and your GitHub username.
-
-## Step 10: Submit a PR
-
-At this point you can submit a PR.
-
-Actually you can submit the PR even earlier if you just want feedback,
-input, or have questions.  This is just a good stopping place to
-submit a PR if you haven't already.
-
-
-## Step 11: Capabilities
+## Step 9: Update docs, CICD and other files
+
+* Edit `README.md`:
+  * Add the provider to the bullet list.
+* Edit `.github/workflows/pr_test.yml`
+  * Add the name of the provider to the PROVIDERS list.
+* Edit `documentation/providers.md`:
+  * Remove the provider from the `Requested providers` list (near the end of the doc) (if needed).
+  * Add the new provider to the [Providers with "contributor support"](providers.md#providers-with-contributor-support) section.
+* Edit `documentation/SUMMARY.md`:
+  * Add the provider to the "Providers" list.
+* Create `documentation/providers/PROVIDERNAME.md`:
+  * Use one of the other files in that directory as a base.
+* Edit `OWNERS`:
+  * Add the directory name and your GitHub username.
+
+{% hint style="success" %}
+**Need feedback?** Submit a draft PR!  It's a great way to get early feedback, ask about fixing
+a particular integration test, or request feedback.
+{% endhint %}
+
+## Step 9: Capabilities
 
 Some DNS providers have features that others do not.  For example some
 support the SRV record.  A provider announces what it can do using
@@ -251,10 +265,9 @@ you want to implement.
 FYI: If a provider's capabilities changes, run `go generate` to update
 the documentation.
 
+## Step 10: Automated code tests
 
-## Step 12: Clean up
-
-Run "go vet" and ["staticcheck"](https://staticcheck.io/) and clean up any errors found.
+Run `go vet` and [`staticcheck`](https://staticcheck.io/) and clean up any errors found.
 
 ```shell
 go vet ./...
@@ -276,30 +289,46 @@ go install golang.org/x/lint/golint
 golint ./...
 ```
 
-
-## Step 13: Dependencies
+## Step 11: Dependencies
 
 See [documentation/release-engineering.md](release-engineering.md)
 for tips about managing modules and checking for outdated
 dependencies.
 
-
-## Step 14: Modify the release regexp
+## Step 12: Modify the release regexp
 
 In the repo root, open `.goreleaser.yml` and add the provider to `Provider-specific changes` regexp.
 
+## Step 13: Check your work
+
+These are the things we'll be checking when you submit the PR.  Please try to complete all or as many of these as possible.
+
+1. Run `go generate ./...` to make sure all generated files are fresh.
+2. Make sure the following files were created and/or updated:
+  * `OWNERS`
+  * `README.md`
+  * `.github/workflows/pr_test.yml` (The PROVIDERS list)
+  * `.goreleaser.yml` (Search for `Provider-specific changes`)
+  * `documentation/SUMMARY.md`
+  * `documentation/providers.md` (the autogenerated table + the second one; make sure it is removed from the `requested` list)
+  * `documentation/providers/`PROVIDERNAME`.md`
+  * `integrationTest/providers.json`
+    * `providers/_all/all.go`
+3. Review the code for style issues, remove debug statements, make sure all exported functions have a comment, and generally tighten up the code.
+4. Verify you're using the most recent version of anything you import.  (See [Step 13](#step-11-dependencies))
+5. Re-run the [integration test](#step-7-integration-test) one last time.
+  * Post the results as a comment to your PR.
+6. Re-read the [maintainer's responsibilities](providers.md#providers-with-contributor-support) bullet list.  By submitting a provider you agree to maintain it, respond to bugs, periodically re-run the integration test to verify nothing has broken, and if we don't hear from you for 2 months we may disable the provider.
+
+## Step 14: Submit a PR
 
-## Step 15: Check your work
-
-Here are some last-minute things to check before you submit your PR.
+At this point you can submit a PR.
 
-1. Run `go generate` to make sure all generated files are fresh.
-2. Make sure all appropriate documentation is current. (See [Step 8](#step-8-manual-tests))
-3. Check that dependencies are current (See [Step 13](#step-13-dependencies))
-4. Re-run the integration test one last time (See [Step 7](#step-7-integration-test))
-5. Re-read the [maintainer's responsibilities](providers.md) bullet list.  By submitting a provider you agree to maintain it, respond to bugs, periodically re-run the integration test to verify nothing has broken, and if we don't hear from you for 2 months we may disable the provider.
+Actually you can submit the PR even earlier if you just want feedback,
+input, or have questions.  This is just a good stopping place to
+submit a PR if you haven't already.
 
-## Step 16: After the PR is merged
+## Step 15: After the PR is merged
 
-1. Remove the "provider-request" label from the PR.
-2. Verify that [documentation/providers.md](providers.md) no longer shows the provider as "requested"
+1. Close any related GitHub issues.
+3. Would you like your provider to be tested automatically as part of every PR?  Sure you would!  Follow the instructions in [Bring-Your-Own-Secrets for automated testing](byo-secrets.md)

From 3d570ead31e177562150dc3a17c534af1f8abc82 Mon Sep 17 00:00:00 2001
From: PJEilers <pieterjaneilers@gmail.com>
Date: Tue, 9 Jan 2024 16:45:59 +0100
Subject: [PATCH 116/438] NEW DNS PROVIDER: Realtime Register
 (REALTIMEREGISTER) (#2741)

Co-authored-by: pieterjan.eilers <pieterjan.eilers@realtimeregister.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .goreleaser.yml                               |   2 +-
 OWNERS                                        |   1 +
 README.md                                     |   2 +
 documentation/SUMMARY.md                      |   1 +
 documentation/providers.md                    |   2 +
 documentation/providers/realtimeregister.md   |  46 +++
 integrationTest/providers.json                |   7 +
 providers/_all/all.go                         |   1 +
 providers/realtimeregister/api.go             | 221 ++++++++++++
 providers/realtimeregister/auditrecords.go    |  19 +
 .../realtimeregisterProvider.go               | 335 ++++++++++++++++++
 .../realtimeregisterProvider_test.go          |  16 +
 12 files changed, 652 insertions(+), 1 deletion(-)
 create mode 100644 documentation/providers/realtimeregister.md
 create mode 100644 providers/realtimeregister/api.go
 create mode 100644 providers/realtimeregister/auditrecords.go
 create mode 100644 providers/realtimeregister/realtimeregisterProvider.go
 create mode 100644 providers/realtimeregister/realtimeregisterProvider_test.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 4761bf861d..c596a98d8d 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -36,7 +36,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index 647b0b6e15..dd5797989f 100644
--- a/OWNERS
+++ b/OWNERS
@@ -42,6 +42,7 @@ providers/ovh @masterzen
 providers/packetframe @hamptonmoore
 providers/porkbun @imlonghao
 providers/powerdns @jpbede
+providers/realtimeregister @PJEilers
 providers/route53 @tresni
 providers/rwth @mistererwin
 # providers/softlayer NEEDS VOLUNTEER
diff --git a/README.md b/README.md
index 29a2a46feb..794c68c8cf 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,7 @@ Currently supported DNS providers:
 - Packetframe
 - Porkbun
 - PowerDNS
+- Realtime Register
 - RWTH DNS-Admin
 - SoftLayer
 - TransIP
@@ -76,6 +77,7 @@ Currently supported Domain Registrars:
 - Name.com
 - OpenSRS
 - OVH
+- Realtime Register
 
 At Stack Overflow, we use this system to manage hundreds of domains
 and subdomains across multiple registrars and DNS providers.
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 88dc473889..0329d777a6 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -142,6 +142,7 @@
     * [Packetframe](providers/packetframe.md)
     * [Porkbun](providers/porkbun.md)
     * [PowerDNS](providers/powerdns.md)
+    * [Realtime Register](providers/realtimeregister.md)
     * [RWTH DNS-Admin](providers/rwth.md)
     * [SoftLayer DNS](providers/softlayer.md)
     * [TransIP](providers/transip.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 74a8a17d9a..9efd84de74 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -58,6 +58,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
 | [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
 | [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
@@ -143,6 +144,7 @@ Providers in this category and their maintainers are:
 |[`OVH`](providers/ovh.md)|@masterzen|
 |[`PACKETFRAME`](providers/packetframe.md)|@hamptonmoore|
 |[`POWERDNS`](providers/powerdns.md)|@jpbede|
+|[`REALTIMEREGISTER`](providers/realtimeregister.md)|@PJEilers|
 |[`ROUTE53`](providers/route53.md)|@tresni|
 |[`RWTH`](providers/rwth.md)|@MisterErwin|
 |[`SOFTLAYER`](providers/softlayer.md)|@jamielennox|
diff --git a/documentation/providers/realtimeregister.md b/documentation/providers/realtimeregister.md
new file mode 100644
index 0000000000..12d27dbb9d
--- /dev/null
+++ b/documentation/providers/realtimeregister.md
@@ -0,0 +1,46 @@
+[realtimeregister.com](https://realtimeregister.com) is a domain registrar based in the Netherlands.
+
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `REALTIMEREGISTER`
+along with your API-key. Further configuration includes a flag indicating BASIC or PREMIUM DNS-service and a flag
+indicating the use of the sandbox environment
+
+**Example:**
+
+{% code title="creds.json" %}
+```json
+{
+  "realtimeregister": {
+    "TYPE": "REALTIMEREGISTER",
+    "apikey": "abcdefghijklmnopqrstuvwxyz1234567890",
+    "sandbox" : "0",
+    "premium" : "0"
+  }
+}
+```
+{% endcode %}
+
+If sandbox is omitted or set to any other value than "1" the production API will be used.
+If premium is set to "1", you will only be able to update zones using Premium DNS. If it is omitted or set to any other value, you
+will only be able to update zones using Basic DNS.
+
+**Important Notes**:
+* Anyone with access to this `creds.json` file will have *full* access to your RTR account and will be able to transfer or delete your domains
+
+## Metadata
+This provider does not recognize any special metadata fields unique to Realtime Register.
+
+## Usage
+An example `dnsconfig.js` configuration file
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_RTR = NewRegistrar("realtimeregister");
+var DSP_RTR = NewDnsProvider("realtimeregister");
+
+D("example.com", REG_RTR, DnsProvider(DSP_RTR),
+    A("test", "1.2.3.4")
+);
+```
+{% endcode %}
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index c8b9eed3f7..e931b29f9f 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -258,6 +258,13 @@
     "domain": "$POWERDNS_DOMAIN",
     "serverName": "$POWERDNS_SERVERNAME"
   },
+  "REALTIMEREGISTER": {
+    "TYPE": "REALTIMEREGISTER",
+    "apikey": "$REALTIMEREGISTER_APIKEY",
+    "sandbox" : "$REALTIMEREGISTER_SANDBOX",
+    "domain": "$REALTIMEREGISTER_DOMAIN",
+    "premium": "$REALTIMEREGISTER_PREMIUM"
+  },
   "ROUTE53": {
     "KeyId": "$ROUTE53_KEY_ID",
     "SecretKey": "$ROUTE53_KEY",
diff --git a/providers/_all/all.go b/providers/_all/all.go
index 73013d339d..c7689b6ae8 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -47,6 +47,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/packetframe"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/porkbun"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/powerdns"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/realtimeregister"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/route53"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/rwth"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/softlayer"
diff --git a/providers/realtimeregister/api.go b/providers/realtimeregister/api.go
new file mode 100644
index 0000000000..38a7f9f369
--- /dev/null
+++ b/providers/realtimeregister/api.go
@@ -0,0 +1,221 @@
+package realtimeregister
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+)
+
+type realtimeregisterAPI struct {
+	apikey      string
+	endpoint    string
+	Zones       map[string]*Zone //cache
+	ServiceType string
+}
+
+type Zones struct {
+	Entities []Zone `json:"entities"`
+}
+
+type Domain struct {
+	Nameservers []string `json:"ns"`
+}
+
+type Zone struct {
+	Name    string   `json:"name,omitempty"`
+	Service string   `json:"service,omitempty"`
+	ID      int      `json:"id,omitempty"`
+	Records []Record `json:"records"`
+	Dnssec  bool     `json:"dnssec"`
+}
+
+type Record struct {
+	Name     string `json:"name"`
+	Type     string `json:"type"`
+	Content  string `json:"content"`
+	Priority int    `json:"prio,omitempty"`
+	TTL      int    `json:"ttl"`
+}
+
+const (
+	endpoint        = "https://api.yoursrs.com/v2"
+	endpointSandbox = "https://api.yoursrs-ote.com/v2"
+)
+
+func (api *realtimeregisterAPI) request(method string, url string, body io.Reader) ([]byte, error) {
+	client := &http.Client{}
+	req, _ := http.NewRequest(
+		method,
+		url,
+		body,
+	)
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Authorization", "ApiKey "+api.apikey)
+
+	resp, err := client.Do(req)
+
+	if err != nil {
+		return nil, err
+	}
+
+	bodyString, _ := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		return nil, fmt.Errorf("realtime Register API error on request to %s: %d, %s", url, resp.StatusCode,
+			string(bodyString))
+	}
+
+	return bodyString, nil
+}
+
+func (api *realtimeregisterAPI) getZone(domain string) (*Zone, error) {
+	zones, err := api.getDomainZones(domain)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(zones.Entities) == 0 {
+		return nil, fmt.Errorf("zone %s does not exist", domain)
+	}
+
+	api.Zones[domain] = &zones.Entities[0]
+
+	return &zones.Entities[0], nil
+}
+
+func (api *realtimeregisterAPI) getDomainZones(domain string) (*Zones, error) {
+
+	url := fmt.Sprintf(api.endpoint+"/dns/zones?name=%s&service=%s", domain, api.ServiceType)
+
+	return api.getZones(url)
+}
+
+func (api *realtimeregisterAPI) getAllZones() ([]string, error) {
+	url := fmt.Sprintf(api.endpoint+"/dns/zones?service=%s&export=true&fields=id,name", api.ServiceType)
+
+	zones, err := api.getZones(url)
+	if err != nil {
+		return nil, err
+	}
+
+	zoneNames := make([]string, len(zones.Entities))
+
+	for i, zone := range zones.Entities {
+		zoneNames[i] = zone.Name
+	}
+
+	return zoneNames, nil
+}
+
+func (api *realtimeregisterAPI) getZones(url string) (*Zones, error) {
+	bodyBytes, err := api.request(
+		"GET",
+		url,
+		nil,
+	)
+
+	if err != nil {
+		return nil, err
+	}
+
+	respData := &Zones{}
+	err = json.Unmarshal(bodyBytes, &respData)
+	if err != nil {
+		return nil, err
+	}
+
+	return respData, nil
+}
+
+func (api *realtimeregisterAPI) createZone(domain string) error {
+	zone := &Zone{
+		Records: []Record{},
+		Name:    domain,
+		Service: api.ServiceType,
+	}
+
+	err := api.createOrUpdateZone(zone, api.endpoint+"/dns/zones")
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (api *realtimeregisterAPI) zoneExists(domain string) (bool, error) {
+	if api.Zones[domain] != nil {
+		return true, nil
+	}
+	zones, err := api.getDomainZones(domain)
+	if err != nil {
+		return false, err
+	}
+	return len(zones.Entities) > 0, nil
+}
+
+func (api *realtimeregisterAPI) getDomainNameservers(domainName string) ([]string, error) {
+	respData, err := api.request(
+		"GET",
+		fmt.Sprintf(api.endpoint+"/domains/%s", domainName),
+		nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+	domain := &Domain{}
+	err = json.Unmarshal(respData, &domain)
+	if err != nil {
+		return nil, err
+	}
+	return domain.Nameservers, nil
+}
+
+func (api *realtimeregisterAPI) updateZone(domain string, body *Zone) error {
+	return api.createOrUpdateZone(
+		body,
+		fmt.Sprintf(api.endpoint+"/dns/zones/%d/update", api.Zones[domain].ID),
+	)
+}
+
+func (api *realtimeregisterAPI) updateNameservers(domainName string, nameservers []string) error {
+	domain := &Domain{
+		Nameservers: nameservers,
+	}
+
+	bodyBytes, err := json.Marshal(domain)
+	if err != nil {
+		return err
+	}
+
+	_, err = api.request(
+		"POST",
+		fmt.Sprintf(api.endpoint+"/domains/%s/update", domainName),
+		bytes.NewReader(bodyBytes),
+	)
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (api *realtimeregisterAPI) createOrUpdateZone(body *Zone, url string) error {
+	bodyBytes, err := json.Marshal(body)
+
+	if err != nil {
+		return err
+	}
+
+	//Ugly hack for MX records with null target
+	requestBody := strings.Replace(string(bodyBytes), "\"prio\":-1", "\"prio\":0", -1)
+
+	_, err = api.request("POST", url, strings.NewReader(requestBody))
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/providers/realtimeregister/auditrecords.go b/providers/realtimeregister/auditrecords.go
new file mode 100644
index 0000000000..e8f681ff90
--- /dev/null
+++ b/providers/realtimeregister/auditrecords.go
@@ -0,0 +1,19 @@
+package realtimeregister
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	auditor := rejectif.Auditor{}
+
+	auditor.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2024-01-03
+
+	auditor.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2024-01-03
+
+	return auditor.Audit(records)
+}
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
new file mode 100644
index 0000000000..dd49c2c088
--- /dev/null
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -0,0 +1,335 @@
+package realtimeregister
+
+import (
+	"encoding/json"
+	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	"github.com/miekg/dns/dnsutil"
+	"golang.org/x/exp/slices"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+/*
+Realtime Register DNS provider
+
+Info required in `creds.json`:
+  - apikey
+  - premium: (0 for BASIC or 1 for PREMIUM)
+
+Additional settings available in `creds.json`:
+  - sandbox (set to 1 to use the sandbox API from realtime register)
+*/
+
+var features = providers.DocumentationNotes{
+	providers.CanAutoDNSSEC:          providers.Can(),
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Can(),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Cannot(),
+	providers.CanUseDS:               providers.Cannot("Only for subdomains"),
+	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseLOC:              providers.Can(),
+	providers.CanUseNAPTR:            providers.Can(),
+	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSOA:              providers.Cannot(),
+	providers.CanUseTLSA:             providers.Can(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Cannot(),
+	providers.DocOfficiallySupported: providers.Cannot(),
+}
+
+// init registers the domain service provider with dnscontrol.
+func init() {
+	fns := providers.DspFuncs{
+		Initializer:   newRtrDsp,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType("REALTIMEREGISTER", fns, features)
+	providers.RegisterRegistrarType("REALTIMEREGISTER", newRtrReg)
+}
+
+func newRtr(config map[string]string, metadata json.RawMessage) (*realtimeregisterAPI, error) {
+	apikey := config["apikey"]
+	sandbox := config["sandbox"] == "1"
+
+	if apikey == "" {
+		return nil, fmt.Errorf("realtime register: apikey must be provided")
+	}
+
+	api := &realtimeregisterAPI{
+		apikey:      apikey,
+		endpoint:    getEndpoint(sandbox),
+		Zones:       make(map[string]*Zone),
+		ServiceType: getServiceType(config["premium"] == "1"),
+	}
+
+	return api, nil
+}
+
+func newRtrDsp(config map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	return newRtr(config, metadata)
+}
+
+func newRtrReg(config map[string]string) (providers.Registrar, error) {
+	return newRtr(config, nil)
+}
+
+// GetNameservers Default name servers should not be included in the update
+func (api *realtimeregisterAPI) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	return []*models.Nameserver{}, nil
+}
+
+func (api *realtimeregisterAPI) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	response, err := api.getZone(domain)
+	if err != nil {
+		return nil, err
+	}
+	records := response.Records
+	recordConfigs := make([]*models.RecordConfig, len(records))
+	for i := range records {
+		recordConfigs[i] = toRecordConfig(domain, &records[i])
+	}
+
+	return recordConfigs, nil
+}
+
+func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+	msgs, changes, err := diff2.ByZone(existing, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var corrections []*models.Correction
+
+	if !changes {
+		return corrections, nil
+	}
+
+	dnssec := api.Zones[dc.Name].Dnssec
+
+	if api.Zones[dc.Name].Dnssec && dc.AutoDNSSEC == "off" {
+		dnssec = false
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: "Update DNSSEC on -> off",
+				F: func() error {
+					return nil
+				},
+			})
+	}
+
+	if !api.Zones[dc.Name].Dnssec && dc.AutoDNSSEC == "on" {
+		dnssec = true
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: "Update DNSSEC off -> on",
+				F: func() error {
+					return nil
+				},
+			})
+	}
+
+	if changes {
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: strings.Join(msgs, "\n"),
+				F: func() error {
+					records := make([]Record, len(dc.Records))
+					for i, r := range dc.Records {
+						records[i] = toRecord(r)
+					}
+					zone := &Zone{Records: records, Dnssec: dnssec}
+
+					err := api.updateZone(dc.Name, zone)
+					if err != nil {
+						return err
+					}
+					return nil
+				},
+			})
+	}
+
+	return corrections, nil
+}
+
+func (api *realtimeregisterAPI) ListZones() ([]string, error) {
+	zones, err := api.getAllZones()
+	if err != nil {
+		return nil, err
+	}
+	return zones, nil
+}
+
+func (api *realtimeregisterAPI) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
+	nameservers, err := api.getDomainNameservers(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	expected := make([]string, len(dc.Nameservers))
+	for i, ns := range dc.Nameservers {
+		expected[i] = removeTrailingDot(ns.Name)
+	}
+
+	sort.Strings(nameservers)
+	sort.Strings(expected)
+
+	if !slices.Equal(nameservers, expected) {
+		return []*models.Correction{
+			{
+				Msg: fmt.Sprintf("Update nameservers %s -> %s",
+					strings.Join(nameservers, ","), strings.Join(expected, ",")),
+				F: func() error { return api.updateNameservers(dc.Name, expected) },
+			},
+		}, nil
+	}
+
+	return nil, nil
+}
+
+func toRecordConfig(domain string, record *Record) *models.RecordConfig {
+
+	recordConfig := &models.RecordConfig{
+		Type:         record.Type,
+		TTL:          uint32(record.TTL),
+		MxPreference: uint16(record.Priority),
+		SrvWeight:    uint16(0),
+		SrvPort:      uint16(0),
+		Original:     record,
+	}
+
+	recordConfig.SetLabelFromFQDN(record.Name, domain)
+
+	switch rtype := record.Type; rtype { // #rtype_variations
+	case "TXT":
+		_ = recordConfig.SetTargetTXT(removeEscapeChars(record.Content))
+	case "NS", "ALIAS", "CNAME":
+		_ = recordConfig.SetTarget(dnsutil.AddOrigin(addTrailingDot(record.Content), domain))
+	case "MX":
+		content := record.Content
+		if content != "." {
+			content = addTrailingDot(content)
+		}
+		_ = recordConfig.SetTarget(dnsutil.AddOrigin(content, domain))
+	case "NAPTR":
+		_ = recordConfig.SetTargetNAPTRString(record.Content)
+	case "SRV":
+		parts := strings.Fields(record.Content)
+		weight, _ := strconv.ParseUint(parts[0], 10, 16)
+		port, _ := strconv.ParseUint(parts[1], 10, 16)
+		content := parts[2]
+		if content != "." {
+			content = addTrailingDot(content)
+		}
+		_ = recordConfig.SetTargetSRV(uint16(record.Priority), uint16(weight), uint16(port), content)
+	case "CAA":
+		_ = recordConfig.SetTargetCAAString(record.Content)
+	case "SSHFP":
+		_ = recordConfig.SetTargetSSHFPString(record.Content)
+	case "TLSA":
+		_ = recordConfig.SetTargetTLSAString(record.Content)
+	case "DS":
+		_ = recordConfig.SetTargetDSString(record.Content)
+	case "LOC":
+		_ = recordConfig.SetTargetLOCString(domain, record.Content)
+	default:
+		_ = recordConfig.SetTarget(record.Content)
+	}
+	return recordConfig
+}
+
+func toRecord(recordConfig *models.RecordConfig) Record {
+	record := &Record{
+		Type:    recordConfig.Type,
+		Name:    recordConfig.NameFQDN,
+		Content: removeTrailingDot(recordConfig.GetTargetField()),
+		TTL:     int(recordConfig.TTL),
+	}
+
+	switch rtype := recordConfig.Type; rtype {
+	case "SRV":
+		if record.Content == "" {
+			record.Content = "."
+		}
+		record.Priority = int(recordConfig.SrvPriority)
+		record.Content = fmt.Sprintf("%d %d %s", recordConfig.SrvWeight, recordConfig.SrvPort, record.Content)
+	case "NAPTR", "SSHFP", "TLSA", "CAA":
+		record.Content = recordConfig.GetTargetCombined()
+	case "TXT":
+		record.Content = addEscapeChars(record.Content)
+	case "DS":
+		record.Content = fmt.Sprintf("%d %d %d %s", recordConfig.DsKeyTag, recordConfig.DsAlgorithm,
+			recordConfig.DsDigestType, strings.ToUpper(recordConfig.DsDigest))
+	case "MX":
+		if record.Content == "" {
+			record.Content = "."
+			record.Priority = -1
+		} else {
+			record.Priority = int(recordConfig.MxPreference)
+		}
+	case "LOC":
+		parts := strings.Fields(recordConfig.GetTargetCombined())
+		degrees1, _ := strconv.ParseUint(parts[0], 10, 32)
+		minutes1, _ := strconv.ParseUint(parts[1], 10, 32)
+		degrees2, _ := strconv.ParseUint(parts[4], 10, 32)
+		minutes2, _ := strconv.ParseUint(parts[5], 10, 32)
+		altitude, _ := strconv.ParseFloat(strings.Split(parts[8], "m")[0], 64)
+		size, _ := strconv.ParseFloat(strings.Split(parts[9], "m")[0], 64)
+		hp, _ := strconv.ParseFloat(strings.Split(parts[10], "m")[0], 64)
+		vp, _ := strconv.ParseFloat(strings.Split(parts[11], "m")[0], 64)
+		record.Content = fmt.Sprintf("%d %d %s %s %d %d %s %s %.2fm %.2fm %.2fm %.2fm",
+			degrees1, minutes1, parts[2], parts[3], degrees2, minutes2,
+			parts[6], parts[7], altitude, size, hp, vp,
+		)
+	}
+
+	return *record
+}
+
+func (api *realtimeregisterAPI) EnsureZoneExists(domain string) error {
+	exists, err := api.zoneExists(domain)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return nil
+	}
+
+	return api.createZone(domain)
+}
+
+func removeTrailingDot(record string) string {
+	return strings.TrimSuffix(record, ".")
+}
+
+func addTrailingDot(record string) string {
+	return record + "."
+}
+
+func removeEscapeChars(name string) string {
+	return strings.Replace(strings.Replace(name, "\\\"", "\"", -1), "\\\\", "\\", -1)
+}
+
+func addEscapeChars(name string) string {
+	return strings.Replace(strings.Replace(name, "\\", "\\\\", -1), "\"", "\\\"", -1)
+}
+
+func getEndpoint(sandbox bool) string {
+	if sandbox {
+		return endpointSandbox
+	}
+	return endpoint
+}
+
+func getServiceType(premium bool) string {
+	if premium {
+		return "PREMIUM"
+	}
+	return "BASIC"
+}
diff --git a/providers/realtimeregister/realtimeregisterProvider_test.go b/providers/realtimeregister/realtimeregisterProvider_test.go
new file mode 100644
index 0000000000..9fe6dc09dc
--- /dev/null
+++ b/providers/realtimeregister/realtimeregisterProvider_test.go
@@ -0,0 +1,16 @@
+package realtimeregister
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestRemoveEscapeChars(t *testing.T) {
+	cleanedString := removeEscapeChars("\\\\\\\"")
+	assert.Equal(t, "\\\"", cleanedString)
+}
+
+func TestAddEscapeChars(t *testing.T) {
+	addedString := addEscapeChars("\\\"")
+	assert.Equal(t, "\\\\\\\"", addedString)
+}

From 1106e4462033b367df8dc1061859d5aab174f0cf Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 9 Jan 2024 16:54:05 +0100
Subject: [PATCH 117/438] DOCS: Bunny DNS - GitBook escape the underscore
 (#2771)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/SUMMARY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 0329d777a6..5fc70355cc 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -104,7 +104,7 @@
     * [Azure DNS](providers/azure_dns.md)
     * [Azure Private DNS](providers/azure_private_dns.md)
     * [BIND](providers/bind.md)
-    * [Bunny DNS](providers/bunny_dns.md)
+    * [Bunny DNS](providers/bunny\_dns.md)
     * [Cloudflare](providers/cloudflareapi.md)
     * [ClouDNS](providers/cloudns.md)
     * [CSC Global](providers/cscglobal.md)

From e82a95b0d900e018f886387bd8fb3d2b7e5521a5 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 9 Jan 2024 17:01:32 +0100
Subject: [PATCH 118/438] DOCS: Bunny DNS - Be more consistent in ENV variable
 example (#2772)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/bunny_dns.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers/bunny_dns.md b/documentation/providers/bunny_dns.md
index 65507803f0..1d5e9f0043 100644
--- a/documentation/providers/bunny_dns.md
+++ b/documentation/providers/bunny_dns.md
@@ -19,7 +19,7 @@ Example:
 You can also use environment variables:
 
 ```shell
-export BUNNY_API_KEY=XXXXXXXXX
+export BUNNY_DNS_API_KEY=XXXXXXXXX
 ```
 
 {% code title="creds.json" %}
@@ -27,7 +27,7 @@ export BUNNY_API_KEY=XXXXXXXXX
 {
   "bunny_dns": {
     "TYPE": "BUNNY_DNS",
-    "api_key": "$BUNNY_API_KEY"
+    "api_key": "$BUNNY_DNS_API_KEY"
   }
 }
 ```

From 3f6b93e435ff7b00f1a1c940a008ee9f5ad4745b Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 9 Jan 2024 22:22:03 +0100
Subject: [PATCH 119/438] DOCS: Starcharts (over time) (#2781)

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 794c68c8cf..2e6461297f 100644
--- a/README.md
+++ b/README.md
@@ -170,3 +170,7 @@ See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/i
 The website: [https://docs.dnscontrol.org/](https://docs.dnscontrol.org/)
 
 The getting started guide: [https://docs.dnscontrol.org/getting-started/getting-started](https://docs.dnscontrol.org/getting-started/getting-started)
+
+## Stargazers over time
+
+[![Stargazers over time](https://starchart.cc/StackExchange/dnscontrol.svg?variant=adaptive)](https://starchart.cc/StackExchange/dnscontrol)

From 858c902101cc6624b8116d4289ec4366b0f72c86 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 10 Jan 2024 16:35:23 +0100
Subject: [PATCH 120/438] DOCS: Document how to view the GitBook previews
 created for each PR (#2780)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .../styleguide-doc/pull-request-preview.webp   | Bin 0 -> 108270 bytes
 documentation/styleguide-doc.md                |  14 ++++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)
 create mode 100644 documentation/assets/styleguide-doc/pull-request-preview.webp

diff --git a/documentation/assets/styleguide-doc/pull-request-preview.webp b/documentation/assets/styleguide-doc/pull-request-preview.webp
new file mode 100644
index 0000000000000000000000000000000000000000..587fe889c4d9158ce02d79d49b5846b6d310d714
GIT binary patch
literal 108270
zcmV(rK<>X%Nk&HIrU3v~MM6+kP&iE5rU3viPKB2c%{Xc!Ns<)N@yq2;cxLuO5Yhh$
zK#q9|%~NQeLh}@wqEJ+vpyC7-C!jb1b?R{VPoex9&FuwjgMDRJJ)oO={>3vtxmDxx
zdSlx+woS7e2C$7UZyrH)?&{`lKVqsk>|MS)t<)F4pWV6J7rLpNZgcv^0pA&WWMj8)
zXsCPo;WT{v7bq0}c@hGH6BwMp-~<LIumeHym*EDEBuR=SUyzRf|2n>FtK;EmYa3~q
zWT>`nt8P}9K`}F^$fWK6%Su#7JUHWyz?S6!H<BdTN=5zqi}eqwKj6Prh!}tY{ht7E
zY3Id^X7FXOG8=>8lbyZipMw|Fh4SpH%(kk`w(RYu{*@P-CJ=-O0uTZ_d96N!f`Wp;
zrX-Uokt-4$;>7iVOeimR09+JgGPzuly9laO{Fg7+bw0VvKY?ceP=@IyS6K#g7mw{K
z_4OM&t^>_((`X_Hz;S^?5QGZ^K@cu%vE}R2%1n`5ks>8>MKVQl2>=MN$Dw=#`_CNL
z0i$<btlQ0K!)ncLX8+A$zy;uqVs)V|6g(?cERGKnHJ6H2sY+F9&4&0j+Rt%U?JYa|
zIqv;5v%hqj5de52s8V0Q1yw2tcq1rf`}%z*O4)q0UAGz7yU|Zxe672f)#D%l+qSVR
zOXiQcUmJjkn1GJ0Zc;DKWvk91@i>FT5lK08PBznuI|gmyPxw!5lE1SL3;_Vj_MYRz
zU5h7?LsA+fj(F7dD|IS~WOZn<ARC}0OS1g6??guR&VAMA@n<TIrV4+i_V>pKf54`S
z2w0FLDXNyIcSubQ(YV78-e}vNIhIqkRIb)q<R8^)ZBmQxeco>lwfLQzDw2tyQ(yqc
z8jp2Wz(B1@l>%%SuqOcK02B6@JTYvo-9=NueFLCP`<RmyK^0I_m|JZ#h~o}jn6Qur
zYE2m94pN{v<`xVXb6i*qU{mM_5D)^`Y6Di+hQNY-iXN!kH;pZrps+gyiZPGX)Ed^B
zlSD@V6Twi8OD#|v0;??;oxp(`K_F@KuYcx^79`tp+XmhuQc~ueJHP`WO4;+_Ew*jl
zw%urx@feRyM>3sEJc&mUXSUwwx<@}(epH^5fJr5jiDRH@NG^d(EHN0{fFc?qkiQQS
z5g7dcEhr7mCN)WIbOTicfuzm1{+T~tkR(}lB-z%=oSXz|0T2~agvAQ1L_Mg#IK}^O
z+mhr+0;$3yJS7rhmS(Yk|8-o6;ET`+Yyua6xb(xVm~0%2Lm;>$egGVU2n2yf(Kv*`
zsayoXVL?eAKJT$3xdb+Wpw|fMIg7c>9D>aDyh;4fTsVioB5(jSkjty*%d8+cf}Hg$
zrV#{^Hv9T#-l@^HlDD?JZK4RcF>g?xjpn00{ed^uwnviXEN3F8;1U&K15{=Ptbz;^
z5YPYzIOiM?IdEA-<(Dmkl<-&qKgxwN;7V%&NXsdd3oR`ZFE;=_Pz#`z4P!t?8_?=&
zMHz&ELG8&H&`1Nu1VsA)@k;9e4Cnw^PA_d2N=Uhc(V(p~29yhB7pOLI$w(DxLPg3K
z(AI*_j}~D;x{yLih?d%dmPRZgT_^((D^9?ht3u8w6Ea#_QqdaNs1Z!`|IgvSwlr08
z1Jy0uV2ws2YSy&Tw9N%PP9SP87kH<RByFxBS#2BKR1g8|!M0kuKKwTSKTFmmNtwOm
zp!aq5t(IP6$Y5uQS*T$L+4A&AF!ZQUfuWijE))ndW41)1H>zfz?0rkX&+k}dM(;0r
z`7o(M=@I0xE`TX;xLIBpX@n`!xB^_lPy)O%RBuxFMT%e&93_4NIMs`jsX!?ZbfM^!
zqe!2Ha#apS0286$F3MFP1SlBc0=y{TmB9!j4KIHbFacbJRG=jo6;cA9#W_Qfy&Mq?
z?rbBJ`07#o<y(bAI5qey@K@kZI&oAe{_-VK^6oGZ4r<tfad#GHBjnV!Hf_y4*TDbx
zj0zAiDi{>dQ_)gk0|%6Jbcu>cNE8GE_ei6yElVu#o$>>i=Y8I1z(~=`_@O7-wo8&U
zssDrhBkt)hODnTEPfM-tVp*(9;(Tan&QoS(Wz~C<=G5J58}3o_SI$J#FSu}13JQrK
z5TuZ@?}0){b4c-*f=P?bp=>ey@`u3H7e&eoF_}1mPaX_w$)UxOibfzvp_B>=dvH00
zL=YH~Lg1<)5JF0Uq3z>P2p$?^jlwB}5C{T+BS;}AxV!+0PI36GF@%&t64+8BU`3K7
zDyka)pP&E<IKTo1?j&HKixzBKbsOmjAzfZ`B~8&PM_dq~`{9rM|M$1sM*5ZWJHK;&
zr}uK}x%b@O3we2Y8#~3O-mK!L5_dbjSNGl`H}yu5Vy|LvxA)%8z2}~D&$;K^b5F0o
z^E>C)0G{vfcgm$i&%O7L*SG+_L6qGQkOCe<*XdP(Zwdh^7%7NmWABK;QoA@Q#!{JZ
z$^oM6Sb?GJO&|s<E?`e3y}2pE!p2&LM>~!o-r#BgYbvjIbkjK{<vT@Q>kOpydb|+5
zwze3f3@!&NC(a-ozzWtv<RAq0YE~(i0k07%ohb_T3QNsOyRfHtA!f-GP0GfeE-%c1
zFEQx}Z!p)G@wja23Dz8p2bOj%rTUivJ#Z=z4fdv7r(h$mBOne$V<=-afKzA;IU8!H
ziBq&#dSxx5U{e>v40yH}BL|~kH$}$kE=*(MNx@uub+;(6jEpcxgOwLjCK_xw8wa`e
znp3!|oub9%l#8JkQ5I=3AOeyW(oVe`gi{1qK?EZVaE%oMQ@dkh#{=GAjt6P-CJMqS
z4$J|p^u{9$wHT)Xs{n_9X-tZgVoWqE3QG>Wa%3QKayh`sL<X#EdUi>`48m!~TxZ2a
zTvND-0@DK$Ff)COWw5+PVk0)zO_ObH%l1anIoJLEB3rV9DVaG(P+b}d4yS4?)vp$|
zlQ}b>(jb|o|9$Sub8TzOwryKA#@x>vcXz6koB#-bTu6yfh=J;IclY()$2LM1WZPC6
zwVL>fv+spLyn+&qeEbReAAf~E1##r<gd|E*K0slx@C1ad^3=EMIT}_9vE=j_D+RHD
z#5HGmyNXZT{E7lMNGMBu64Er79ebtXU+~R=)oS>kIK02~<8}vB8Bd7+WtAq9%IEaG
z#WI41Jr2ZH*doP}Pl)JJVucAdAyh1^zs6NfDECuZ3Pwq(xPuCwCK(QOh}$XQ3@#B8
zXmb!7Ho$R9V#oGx_pTVNJ-Y}}Fu%XNt5*cWDR~RxUw2CeT{}X5U+(&qzlPJ}lvs%B
zI@no+>j2%@%?WcvbNXy`bR|-)4P}01w4rKFig}sjfI2!MEkdGXFIaTS+o_ycDM}>Q
z85zB0Mz~UMTfHlPH6~qmwWZ>Jigy?B8nM_-b_6zge|g7^6l;{C%QWVN@;B!$$!qsN
zznw0;64&ZEP4qZLbA7uCuGVQ{CUqu`>--w5WE+IX=-#axNQk15jN9?0FB7SO<B}U!
zJCdlGGfq<mbGGHqyvJ<PSY_iRTV(x2?<w=zYF+ccm%Qgy@6l+6;`fEK_(J;oa<|MJ
zzwomPC{rhrK1~33BC$A*APHyFq^3NTL&q{iq}>rBDXrqIDF@lr#Lxj*YPbb$6Wk~S
z6@b}538wF9yO~>xLWN_ixI1wfdbQ!CrL+@L(MlD}?cixFFNL4r9Th)}Mewx32~Bt>
zdH0Ln;}j7Y-4VJy?~eANzbkj^bljl6a7T69#dDNAIPOM-{LUu}Mlc$f6u!DXtTw1v
zjE1-@<7v-88Iz6#)Dt&#NVqNrc291zQ-_BxEu{#aAQLU67*UCqm$rnE!HCaW=4Fqv
zjeW8naTyZ)X79Bz%rarsS+?f(`^$TyLSjXJC0h`KNtQ=Ce?ND{g#be8J!A%DS~_aC
zW1vU@Z;G*$eN+V^A=$V;&9=DpzU?TIp}d`h-MdIop99p|!Mbs%KDt)IXeL|d-<h2@
zDauA{2Qw6GY+=q6Jw`^bAvIY9C1R}jJIDnhVtr7m6BL``UB|UW=b3lx5zMY~==8s(
zymR7RgKrn{`t>m8E@o}sd^dN|Sb|}fX(g$XsK%j0sSJ&(6y?g1X23~Nbela}33NZU
zWkODUjF6nTw_V~JHqj9ZgNu4bnfNWBH^7V;(XA{|8jW_gqDw)PdNz&Jux0E`1LI<q
zK~$F3yXf^$nqX$sNURE9@jl$|SOu5Vr`|EVrM$D_UA>nhpNd!Iv71PNU&H3^of9Fs
zp1YhMcMr<4EaUTgH_&lqsFG=>k)($zh;h#wH@_K0fsLgdE)J5L`=(uo#ts{BMN2sq
z2bb`bVH&402%dJ(PQ_tIGjzooR3TE#UD$RcyG37pDK?T%nY86DU8E#+KdC)m@Lo<y
zHVPnu-(TKm)wLtUCyS-?uG}v<`3QRhoS)||XUE+%-Z7#62HanKX#opmOKV47pWr6W
zaJLcqLCPN6HBrrOU3&_f63!A|W}aQ<#Rye*2;Kq!6m5fzTJSbFs$hr6MV=^S<Ti@q
zY-4S$1hfVz1>#myJ<bg56k4$)Q91Sg!d^6U!xkksC1LQ;t1s^??{2)`oScbsOk_*G
zIHUA)Kdan*bFSvD&yKsk%Me^t-{PY`xR+#wB?Tve+)ksU=uI<<sM}FCOc`&$b>G~3
zw@z-CSt$!L>Fh{X>S`&SX-0>e%jsckCi9rAx4?y(#Tn+_I#?w5ZG#k7SoRiG6OuFr
zvJW00O**NE?DTna6J*Y%e9c3Yyy88Et@6rzcYq>7-tH~sy@0Csdq^h95o%aZj=M_e
z^6T&K<!)X$?#c)Qiq-6}n3CkjO<5=~I-XJvIsQA@CHDFA$0~Z}n8VG*59x<3X@208
zk!*!jdv}5}n#r22TE<Q`1K&d<c+`Du%&^QtE7L9J*@!gyU?yrX#iAvEkzO|g!&XZk
zjY3Ov8?R%-PF<?K`@8ebE#8?0KV{PgMxir#Q+Zc$>fM&02{1@^eU@Q$zuYqn)Z{Mw
zgySyOUu`VBGL7yW8%`!;M3T-wg{RKlaTC9|JEqRvWK`gE=3&;ijgLOaUz!rdJ94B?
z?yyC29lI?CgqcFr*4CS{cVX8yW^7AFAs;eTGNWlyMo^5F$6(2UUxFH%g}W^!*joEN
z3YS6Qf?x73aQjB&x#%#agnu`Ax8dA77FUL$fJtN#ksJE!%)qM#+;JxT8OPn?Pj#IB
z0RmI$%X<<;F-rz6)2bcFn9gurhbJFMP#St?atpCR{SB2r#dWV?SO&LCgSM36zIS)k
zY3oV$rd$rn0m5))X<P@W{jsu)8{Aw#CkJ(5qxR));L8NXS&Z787KJyFQ-<n&_e-|*
zZbwPjw*(2>jb*=+yt6myloju|90|<;56bb=Lvd(a_KFbB&vUoTQ-3;2l1ktD2Vrw%
zXooowsfpr*!>&8fU2*T>2AQ%y2A1TSf0s}j>}o&UgBuE;b)^ySei79yLn35~M9Wo|
zvo=sv!EQP!s+#c}w?duhdZr_HitwgNmL8=sGjIgyF5a6tb<^0#>m4O^5np5!|8FMm
z190PR?&_PmY?|oXpt=s4fS0a~>NgyBZvx`87#4!&z7ZT$RVZ^H=>{tlQy&dr6;mhI
zSUEZTbKeqFLsI}HmD=BXLNi?f2qxS~BG;POmc-$}$H&m?9>hXAbl=^<nK;6w0k<gA
z)T1_8=+$Xrt%FNV07|1Xg;DbsCh0Q_w$aGV)MTJ%+L1^(Y|PHP*aHnW@u~N`cf8-l
zJBRnG+$u6cal44L>=CuqXoBiN{CS+~H*y#Ct=?2U-LYGf7C5;LVK4h|kNzm_UCx7R
z0#fpCb5qXO1!LGyyHRl5KJ;M=)ux8nwwXfAECbVEfJSoziC8LH$BhMK2Wj#h1x2F|
zDKE9dO1y)k4eLB-ACT%|)HyXOV@+H}#61MX<#x-&oB~oYH^f$Q3#K9BeOK>(BY7_@
zg1Qm$Wi5FpFn2`oGIv$d{REb|+hldh`FAvBk}AO^0WKlbmo+b%0pXhhPIOJq61a}8
z-s1k^ZNz#RAs&$3qU|z;{{PB;9`W8zhNKPIn@z;V)>=3^p6HB%^bqWrZnigUp+Pnp
zG$!#3v8{wOiz+aLQ-wIf;z-~vkZBfZEf*0A7nK^_4yB_<{*k=}D|H$!kVQz|JKj^g
z6I-JUU>1{N;vg*uwivh{jag0HGjq4;b9USf;w#)P1SUZSr?G@N)kV(`FekeZmjPNv
zH=4`bnmc;&rrh>)EQFd+)Z==@m$=RLPQBE!w@{TU5u$CBW#Cvd@8dSB3fa6<*0*S-
zc|0Sj*vGAKYy?tubL&Vfq}kynu#10h?U&w&$e9s(ECH<4(6r~abg@+6Km1FMlR)WI
zV^`v!!Op$&p7GAPck4?@F>ad!Ejk68h-Tn31_0rp6=zmXc5~bnVtxI_j+~xLh?+G%
z|L%hA2Pj`lgQ%k8w`e(h@`g~qtmul6VI?-y(S=*Y3!iUtXS#wxU0@O~lFTV-|6&=r
ziGC9a9mpNPqi}l99jPmH3uDw&8NT=Uqs|{=nUY6TbD4iFg<yx$-Pnv$0V!BAbz`fI
zzi^cbE6N-?N~~kk=T6KBhjem=ymP$Mdr$FB^&XO>L>eG+N+K$THQt-S@<chFVdA-+
zgsI|O9OEq^B-JED9my<CeyU)47;8zCB$jjiDfC3dY_J};87^%Ig<Hv@Nj5qbMa!`K
zh)^1%=t5ppcT3Y;8dNfs%t3gQs!X^C0z7dMZx`Ijfa{iA8#mWlL|3!_U3`^Mxq!PF
zoJ@AZw3fA;4$OfglWu3Gfh<e3%)3ODNTczdH;nhZ<b4<KHsU=BY6*}ZcDy6b!R=*E
zQ!5{Vu{k{2<L)uA5K*sJOd7(J`&9vDbcQBTP;%jkyUDm%AL){`ybWc_91ST?9*9cS
z0o*$~(wsOu@m}Rm+9A9IQV<+mJtecTw)vx77=_Jo7$iqt$yzT0*$hozaY!{~YP3>r
zO_JzJh7y0kL2vROgqMG~%(C#NDcf$7{r^lF@4T73lME6AyQYuGGGn{JW*j#v?s-$<
z&X#otW`;^M0$;{6z#daM8YCdqkdI8a6{O@UaK%i0yBi{DP5mh@L<#bGDsn=iDeDE9
z3RLs2>NH%%#a@2|pg?KU1a4*l45lWVT%Dbi!Dpr+p|C)$h^^KO_@wNY%DD={qT{)W
zz!jVcH!|%Dr_N>l=}Q3$O5A=%5Imq62O4I)oxJ<hdx#r%nyA?jhV1kqvRWE(sYIH=
zZ?OHsaX09w?CQ%h6(<s+vVb{%Qh-KklW-5!=6fqqX7hfxjM2ifMf2H4h{d%H8(E0R
z99EgcEcd&9X^)i3#k>qqNnltoN*+i%pD_#Nl9%S9%(^_4j)SWVcnn6V#0@2?#J@-_
zT?w(cAQ_r>)C%7NaJ_2PFw9{zaoWLlo#GYm>)qo$D$q5ZmmbPigr0O)Rs!3~Jfe53
zj_7$7O#BwW63@hJ)eRODiEMX6iVL$IWy_4c#mwyp^xSsUamz)UntmT6iwnNqM)T~3
zkb^9^tlWfk_GdpXU9=u)D#Ks9W`H$WfASWd*}Xn>uKfo{&_7zjXlinS|J+=Z{G|db
zB(uTJ0%>$uxY;HvureDHe;L0J@+R#Z(%oR3uERL%THga-P24r($sZ-_%igcdw~qG;
z@b`_Y^$gor@veq2k=Hi4tLM`<mm?5{!>zD4LEf$$cMsiRLlU(NaXEOu^4<zkx!;z<
zfA-kJ=mq5bV89GFcpHalHpnel_kk9tE~;Ggi+ABAJTSX~M7Nm)GvOIr9?Y_bN4f64
zfOUqv#PIzXX6<6wV?d-Puvb`I&h&0;<O>!P9<KQZj0KGGNW3wplsJ$-11X;{9~Dqi
zJ3JSlFlBxY#Pb)CQ<bvP(VSDfLr&xk^?ne%S-ewFCigPj$`eG=x|-wd(kmq=N7_jN
z^3{wbom-Vo*W)e`!t!M+LlM;kDfk3QRF1wb*KZRn%fPc<y<l=+hy*h9{R+h##nnAb
zx{f4dx4LIRxRP9fApA2m)y$QZO-L}7NiRLK*KsN~>tGyAf>-8Kkrsmt4H3AO5&r4R
zxfXoNbKGVc8Ix;`sU2J45}428TM8{ajz0ql@iA*G=6;^fwiGMRW5{!{t~t=%8FcrB
zYkp}}rN3h6(UX?fytBfa#rpv&-mTsh?xRw_i{Zcpm%MXZNkSPDDhx_9E=M5er=}iv
zH|*d|x}$asWqj>YAj8~U3gxn~H|06V;!udjUD&pS&{Ax@1)A6VQT;Fqb_UXxOiwA&
zl#YEdK9k8nzf^XSnDu#B5I%635UJ-{2d@lzI}98yj}J?P&TA59F__lTZOHt}#C*%b
z4Ks&=Co2(YU*xFT6*8}nIAZXf@g#xo0M8nk*OB=P9-hz0hmnVGjw0@((ky8<tP392
za$+?)<)saQOrDp#Z?bpZG~W3r<8^ok77U4459$jWmjh!0I;EQkL7KUqGb}Bjo826D
zh0(Wfj6r!qLd0)*NkRl@Lja%`dV{%><|_Mi_Sx6SqI#U7NzRgg35uiFY<7t?GVx$D
z36{&bc}Tq&j~eI6;`#bMkjzNt%)`Tz@O=UM!F(v^?#z6xYqAdduMj`Uh_jMB!C#LD
z$&Qq1e%Vtid_81No{P_fL>5VT687AD@_C*Qj8E3Qu6Sqgh13jP|Kk0*7JQ32IWL%B
z7r^sOJQ-^~8OVc(gXO?~8t=(N_Q=q3IBy*9S!0S8xI%NzADCPu&E*!b92yyU$qD`(
zQjOg=I-75-jhJyP^bQ{FKcp0np}wBrE<?JHG7Ng{0`NxTupM^`puL9U=rDy`psw*T
z$bp+@gN}yJ!1?l&>lgyLz{!*FJl7R2)J0$@*dqa!bSGa6o`>aZu4iqYdBJzt9nV3}
z=V9`w8$bVUGM=v|+3<YxQK0>GWc~UY4<GVz2G9D0ug@Ng=h-uS@qEpEw49R4DVhc4
zDdq9H@;n0fExOiD9;BDVEUsf>_LdRk%a4tvku2%tTgLm~dgkGMAaN5ti(Sm@UrJ4w
zYn*?{3;;}mhK6}=ts=G@cipiXQjWiFSWccQ;mAuZNiquGhHZtvArg7x5;{$;Iou?j
z#;b-KnJZ&{!Z%9~=uXDW;>liXvgNCX|AS*t@YsG<{!P3#b3Lrm7M|<LCwo9XA3qmd
zPfDvEKkSLtKv;O#{_GSF>-q1=0#~FT5jNZA2>Si_ISL`w+CjPJBfH8RS{}@Jz5-Kj
z&u4?<`SsMYJ&)%uMSs56cz7b|y&pJYWj#-jMMa)Z4zg#h#r{FT`Y+xl-oLANUsoQS
zBbz@A@eY1qFSr;V|DEWej&YqGy3MXcnvNV*jx&S<uz>+K32Zh5QjXB!<fAmSXpUIU
zc<<pExaCiB#al0@+AyMs@|xDmx{8<Be_V)O<`fa%OvaPpXHI`bpyroV`Smp&asL3H
z=ZRL~KgltU=i!2|c|HVx!SBz*LGOPfz&aqc&HV1K$M6_QvBu{C&k-K}3C}+xk$4v3
zKgzqGJkRrA2jf2h@_ax0`yY6HmRFt2vG5K5I5J)9fzKi3Ddz<L{MQZ=Mq>Z|-@c#l
zc|Ol^3*SEow$|&B+zUScDBd5YX}mx05%0Tr|2=_~=TU!Cyb~UWYb6tw<H?9wiJnFF
zcl7{I-slDq0(bo>baLDUdlI``g^eBZ!avALxS<Z@#n6Wp$a2%^r<f^Ag4_8{;a4EZ
zIL?UbeH14K<_AumW$-*dt8nMy+f$xDBL!g1X^fB)#u@{~05RgTRC@gN_`nF(890q1
zIiy5g5I>Bv($)x329KU2=sC}H{rkbFEe_;88q@u~=TKN%o=5TO;u%FthLxU(r(`x3
z#*z=joE<zciqX(Yfli+dx}VMH;n^B9*iM&gJ>s(t-VLzz$bedp1|WB>jV*B#yfcV*
zFZ9QFHoW6P5fwa~=s60V<g!QC$NUpt0LAs$(u*K)Ty`KB*sHudH4Fj;Xq=b;C}>HA
zh$hEvA_c_q2RQnQNx+Jkph3WDs102JAH_$m>Ox-li5^rxP#AYRiV!6kALShL@N8Xa
zO4b3|`gRnFBWj4oTNx~%j)|WxP_V8e>jC<R%ABeU+p}2#;47O843yCb{Ml&!-{Ijy
zWPn2Q?8|K-Z+Ungk%J%%+GmIsf!2!1NZj0hSlf&xT1ySii&5TYOXqroiI*cmVU&9$
z^H~M&HHERz2k~Y|GV6K&)PVO`M}B=E@5=LjqF;xId+jH}9k{ANM97ewz<b1;!AX*&
zCoHKi2PhR{Yy^*+Ubmnt_%yHS+8gK_vXU+boDzm*Xjyl72}SPK7~rblUn~YJKY8Gp
z=R#abHF$ic<|={)IE>S1L?n;3$GXTXAjTYH(LJh;mZ@07fI_f{E~3)N*BaFWwBi|N
zkE6_hlp(2=^2FxUNt6-k8XrU>Ik8@h<m8a#1SyOz+=7cjF|!ax2Ag|khqYxCKbX}5
zJHIeS859|(U{aD>dFFUukJcmcSq1OaS5doM88&NCeht|F_ue5Y#lgJiP<i|#ks4Dt
zT`7v(b63yts&@QJS66;@Ra+{1cBxe3s&6UGhTV$;(|r&OfnHHr5y#6ZRdqve+}Mr^
z8j)=b`VwroRI|GnY%<vKE3R~+liVf*&jx(WS~f-a2+{DKIVad+(5NhL{`xcy;KYdq
zPKY2~7y&DCVTx%2qL4?)z!*u!!RsuZE3-5J%E^&v(E3HKx*mZkLh{aWSdWa7!^q%R
zucIjNc*=z}#Xfr=aSDnfMmhH=3XFZV;gbxatf&OeI#I;+$kJ&QDg2kiyNqK$Yv3KZ
zU0bAva7r{Btw;Y9gLh=?jac4)-SEy@JV!t_qj!If5-0xQS<lY}oY)|BFMJ~`$S_`k
zrThA0vA)cLwKg;Z6KITSbJ=t;XidkfF@T`EISX}MYZEDE^kPHMbB-XCTZ_-(IJq)D
z%`MA$mSiY?Ks*!I)^*lPS;dTf{BV&xSM#7CNkj=<NaErGLaHNjUy~px#u0uR3q>d*
zYva5~)F{Ke_7sdY@+iD;4X_3Z6i#dNC?{}Qd(5D%8OgC_bX~})Q5}_}Q>kWsp+X@u
zS6m?0(pt(ml)G3H6r%Ec21c?zMsB9U(Lhl{W@~a(M7fdj0N%gT??^CAeI~$r0zB40
z1|dMo05~$am}@t@N5i`e?~IVL00rv^?}@;J%b=2EQ8026_@y}F?h|7ZtWethvK_|A
z#<xKv%LD=>1zQwy9IUfg73d{)I4+$I4L;!LI0fEUFko(Rf=8|->BBQIeys5UKjxv~
z#d;l|*C8W3p@Jym8TmS4%EE8)t<@N96_7j>zK#^`$?-%A{y(ND;@a0@U8qRZwfQ5j
zU4%Mnw7y_1>B5COX-#58kvY7Gx=>Jt#N88I6gAn@#fWt(E{sITNw260Bq=BW!95b3
zl)NrZM+Fx!S_fs^aY|vlFFdAt<Vl4x%WFbrjmrfgv&tiJ{rVsF2r?;*Fx=J{bIEuo
z<atkgM!<XR>+E5;iik4&;Rx=x`rB|ZTBj`Q-3;$CyvGZZPlM!6Tq`mn5_ouc&<90o
zBA)TchpWze%(;WSw4K@cWi)mk2mm7}j?kLI`v6DXcGFkKx8C9kID$)nt=c(TfuY+3
zg$8~lhxZ8S3Xr+aMfnH?&lxNtf^|eOl13vKjWjZnK}Bs0Q5a=qBkMF>6j=e8xwS^4
zT1nw25`P*U4T<lpt{LeRQq2WG5Tn9{r>P3Prtli@w1%~H#2WpCM6By+B28h6WaLR2
z#Cs;^_3LlPbt1s)0#^v5qua=-BnwectJcVaQUVXP!%wJ1T6-ahV6Xw48dryr6>(8d
z7jB)UB3j3;NuJ|fd>`HwJ|p1WB7*R`fa!wF0!I{4MI92`;eC|xelaR8B5ta$L8s2z
zxghcU{2U@N^9P^^AJ3%#Ffev=eiJ*Bf$bPmQs7P?%^e9O5QP?k<F@D;ZWa)yYXKi}
zYQROE;5}a8xSw!^UwL6SZ+(Dg(1Rj{VvX0?Jh#%S6;%l9U@$2Sz`*o2$@Q}uC^97)
z-{uxrIFJnTi#0VVgBn7H9@T<%SWt5di&r8Ej!=;ZNk#&KMFu|wD~N)kE^07B0tTDD
z$ck~+h}sm~Isb(VTW4k91zFyUg%yG>Ov$tk29y<Z@drI4XJb4b3{$w|M_AH8Lyv%c
zR>AwmO@3ujxbjdlI^my!@V;Jn4P2xPqLQfN+N0t~>k$qx%I3%TN04Iiz{S8BPzLkv
z=fc&!#t}^{H#=raXD&u(M}@{rDFt$h&vsiqq>ql9IB5Cw$bPm6KhXpKB4FLk)w9HN
zjK7{Y>yLSaY<_gSUZW93Bv6MMO&59JnFkP%2a(s5U|L&fLMQ-AFiivkV#6i@$wEpg
zFQHp%Bx8u!1QvmiK`S6kt$CZ`BFVv;p4XLdrVFc_uwetn${g9$A>;&{7oCQ|l+Ayd
z*F0A#gee=#-}FzetwjUFks-;3>EdWA=kL!dcpq-Qm5hW8fafwoc?Q^k-v#fU=iQHZ
z7tZ>W+?u&z-%aHUQ4t=<Mk7GH`oMCi=WH@?soYVzP%WAqMMDBP1fv49ER*WJQyvsx
zj&JPddi3U`1i0bkTiwFSW?Vh%3L-`QLC?Smk&)R>4K%X#;lXm3GB6jll92<(opR${
zc@BxeFl7NuJq>TQAq3wH<$(;ZgB9oo@PM40lp!z$(ndyqLqwvQI)S8D5}}5)z@YPb
zx&W)ITxpyE8Ca%Gkq8jLSeHY%aXiWVVTg?<HVUv{5is^9B^F^AFmNqcYmqJ9!v+r-
zJRiV&-qf5>KSSVsLBOC)Sw<G}maAH1fVaUrdERAs7pW%UP#8F2?F2@;AQGP;j&hm&
z$;75JPN4G(20=g|q|R7vW3r+WAoe2A1cF_hdJI~9p}B6!HI+;4h7xlGtVMhB;LkM=
zKzzWV7WG4n^%^3mj%z9X>9y7hAqHzsO2%P>3QGt^A=B?9M?ub)Mv!dqO~otI&8sN^
z7Dos|H8rJkg_!0_t<9#)3Rtfk1>a1K7;lZbe39WofoTZ0l0;QPR^IBXDW!1+Svd@%
zTFBiirBVrFs?sKD8m#w*uVR?kxLit=Z@yUqyl#dL%H$k2n@v@E*tqaaauwx~O}8l|
zzWA=WQdd4*d_Ugt&lY%J02*${;G=3WT};dBmV}&XIotv7K8SZ~NJ@rxrnmxiFubGs
z6fw#Gph%4Iqp|D^IoF<WGKpeWUp=5>tsEfO4mm;un@$brMngCx0y3D|JA2^LdE25i
ze0>1P!k~aHG4MgQ5yr?LLr@nKAHYu|F~~7%!HYx+@cuQhF-{8`szr{x>B5w9uId;0
z?(|K5Y;yS5DPMdcstnL8k|`xi$_>K5;Fj0hTPK-6b}gn<?(zzRHY&w%BTArLWSM{@
zRk#OU-@|6ZkcyIO5nfB5mTq`F!T|b~x36Wz?Pf{^yjOZfM!uA<`pTeL_$EygLo^S#
z?!;`G6iR=U#AfJ2a1BYSN*7ctkgK|V{SI47x%qo32k@SmzhMCHGyjZ$cerEb)5Uww
zGPfLfOwP*}KMtG!w)c3x);m6cceBVd79eE^LlOyCq=eT33fv<XKzue84gh09!&e8$
zVLE`d4Qoi@E27#-5C|Mvak!a|q3T;!pTBV38S6%8E(Q1Kw&8(~ic;Z`Xj)G+wF({;
z<663?*D)0Wl3D!?iOmogG9>|oSK~i7t3ax56YsZ+_eVNfy#Gp+<?MG2l>!+tl;s!F
zu;SIH)9>c}E9L9Pknn|YEhzPVIECRnQF)G^A$rdgzL+zFQeV8!%q(AljU2fZbBUR+
zEmn1Ry;qB}oWizJiEqR(!|N)&oNnIBaG~i2e(T$<#LO#7`9{;sf{M-iO{y|`s@u(Q
zlXrAQS(U@r+cYibGmKV$p+62k@`1cd+ftty@NQRHbD50YkAFVX&+fIX7E=yvH^I9G
z@b0A)!YiRl3K-s<kXzsW(}4ojtQ9$xNzXQ}wb*<lFr2?+06le5fJkkr0o9+^qFVmi
z5g1xMO)U!Yr*M4G=}a%{R*%9~Q*|PjiL5$481rIAPAv*!=PA@?UEhppleBRbXrqP5
zR)018k$X1d$iJKUUt(Du_+~zpGOD1QQ~iiJa~!?^=GBbtua>?Lx4tc_c{#77OcRLr
zRW<Yt@H*2R4d=X~`G(3>0yBOjtOFKvP$eHGWY`q&8$a?Rg}rjXtI}{?F|5iv=0jEP
zKcW&EB1*ja4MBzL0DAQUFfE71ujL#aO4#y#TQdAnGeg^hHKR0!S4ZT!9F)g2+{lm6
zl=DxA?LRs5zPG)R-hWwf+&S~v5ybgy-hU<Ly)*w*Qr*oQRkxdJ7raAR8QwLmhMr#G
zwbcBTFm)vJY$*wD6E!#>V&FniTsGn-ldR#!n_F}sj*Y`<7dQm7Agej7fMSg$#8DKj
z{@I~WKp7&NM>PQwKwm!m3dNHvaYf{VbY-6Uin$7r5#cA~D`Wy}+*J`?v!K-!fzN;Z
z-ZRh08NM2CXP#wyFxFMQ?!21GsBX5U`c$I3p7)xUKdMSC`gwn#I`X!F=1~4fI+WF&
z=Ce|-GacsJ8Dz?;=;t{n3D=Ag4kio9l#?kJd6gl6Og9ZP@uP!g`t&1Zm^cVtCFW4R
z>QEh2N;Fw9Ub!ljdPQMdRiD_pq=Ov8XimA!%&vEo6$f0+rvsLE$c%KeDkA@Ef%lAv
z46d5~2tt<AQIdg>&u7|hgLh5mrQv;EmK({e%U3^M=yjn@HC#ZNLNGO)xCA(6gZuw>
z1|}EatCy`}I2jB=NF1`$Y$N9|3^>5*(GLf*wostAo4)`ks32i<8W>F)5hsdg_m6sp
zXCjgHzf&KLc$S)HGv9A+!Q3Y{q)LIZdR-t@cczT2DCaX{#<rv?=gcf!^B&v<+g=A{
zXi9X*3Tg2PHOAX&-qX|gq1PQ$^vq$4=$WbF&e$Vq4t|)!oUNqZg(TdR$~2$udPi)b
z)Ru#TTr@omh|-zQjq_E}z)YwFqd^+cyOS|<V4ltY(cw@YbeQLu6x&RRR0muco7qFC
zyIBT-EFN=a19?9*^!`t(yrW;{=pAiMCW`^B4BLE`GiBcYQvu#--ZT5YylW_KOG*XE
z^B!(tGZleCkQ^k(=POL!=0uO$f*B+1bb71NYla%2YAqFD3#PH?iVZtW_Z^GGFzIgS
zKIje#U*VMsjT!ywU%ZOQHDH}PMn)lkL<-2R)h99tKjMqPRJX%~mj_i&ITOvy6mpOw
z%6Pl!frcLDSpj*#p%Hwe4II>0TMjg+&kz}{F^8sabf*mMHz*q~LCsy};-)_|G<|Q(
z>3cWw6Y~b<S-ET_W9Bz~27i0k8#LDXM$q@$CL8YPw-TaqXqanWWnx1rE$yF<@byh&
zIP9BTVVC1jzWk5ukh99)yA>zROvb=G#_eYfyf?kU=N8=ZFR(Y*I9OQ!lz?}7qsR)j
zdEV7*8a6=n%EGIv+*Dqr4O9z~35APwf!3cPobu+9=URmI=0Wq{8Ju7{NOcDF+AADD
zv=mccY6xBf$AYSm*fNXS@`7Z_R%smR>$*BQ`QXO97=ftB1xh19L6M9Bn!+?~hT3ZO
zBg$%n=F`eKXl^QD`n)|>MV}7a-`nq*FI$>r-x!xEo8R!ZU;1*%oe}1DX^hI63~t|R
z34JD1oQeAPBIn{B_<NxTqmC`_Y1I5{4Sf$RnHX_28D?v`iI=<O)6S6clU~5=U`c51
zj$r2i9x$|P-T;jbcVH~imThmzTTYIqj4g)BSyu9YI#{D~mJZ-u-}JKv-mfPaE;FCq
z{s{W=d;8azSXQ*}cftD%`U8#SeI{q7nFN%~Z3%NnDOV`*fCz*?9eh;dyx#Had}98@
z%5vtU!;rc>!RDJ_V5K&B&A|xRf~fKZDA0oDeZUF)5EnYQL3cR!bBCOq=qic_Vm2b8
z$Cz-$+U}h-#e?4xO0m%awpGRaSLZ!<b2Xk7ky|T-eUJZZIrn`dZ+n)R|F&YXyk1&Y
z_q}J{oMh-M5=Y{i>%KA6WtuR+=V}_91|zmcJxl~k?SMbdzR7^}AeP^YgOP~KbApm*
zx7M^jZnF?)5BzJ|ZDB{>zuhfa_Vh>pl)>B6IDLb9-}V-L;|C5{{pKDg3Ae;tGuhtJ
zFDF)}dEQxm2EqGJ_WcqpHVi`<+#^i%886KSc*pQQ2SI;l%o20vjqr+!@)K1yGJ6kG
zHb}1wrwJBG!g&OllJ;bZ?-bmNIP4HYecKE-nzCiiRU|9M2W2Xj6n()}6fepYR%I`O
z!>iyI=qU^fKS(jd^v3|Kk+p)zZG9Ec;tOrU#y1uCwt>4tdFW?sVYcjL#gcziBi|kx
zdh1o~xt{!FzgxbYOmq!P&=T$Xrc=ibl&KH;P7`)$-;lw$2I#r&)o90#=2{@@fVYO%
ziTcc_WwT_zYbVH;oiE?^YB>sL5a9A9bbHs1BZ%ylXwvQv%@Q^AK4C&5)JSbFxYo50
zayV!ywA2o%*^wF5?A%DSxi;$u$Qw8sayDzv&U&1E|5*d?+V8SFO|1c}b|Splfy)5v
zcfh;yy#ICs`P{zGrWzeMsJa`#doJHykQNGrB2aLbIk%=?C)<H~9Of`cai`V=9%wQq
zs<xT|+`<uWL9mqlT)T;=XhMqyM<3;-bD|TAERKj^_P!z%gtgz=T{3{*f(`GhyGrlN
zey*N5%=^Pn&|A5=-Cs{K4_T|)&Sk>2UE7IW+g&$0LZG+HhK_cxUAuRA=BjI2ci~I5
zOLj)EyNMA|i(1^9Bb2aX??SZKmbT2W-EOk$5c{3e^i~>phPETKnIp3&+WWGn6P<iH
z*{R3(*G;3Pq#bInjc_tUCv;pNX%4j9(>DGV8aKx5t?aII24&0|EPG=u!2UWjlg}i0
zH#pk2N91Sd-e$StQMmSPZ?lW#MtI*ZIb4(R-U~G}(0l?@yYHoM4eu2oSqLemI`Lq~
zPm|9Rp5_YSZ9{gl-gYU@G>&c+vC%r`N`jBZDWn{x*rb~eTI!l*#Zgm+|F?IqdX{c6
zV>vh?K>6z8I30;~s!2%+Hex8B{-~;`{LmlB8P+$=CsT&?2z)s)-o?5y?_W2yGzJdF
zjqJJ|t-2liZYQK=yX=}SlWfyD9XSTnYR{go?XIQWj+PAbvK8uRP?Kq%$sT!5BNj7%
z4L@%?5io#+)+p3q`fJMXYh9hLu_X8&x{eO(G&fUSf7VHDx1-x>=j_a1$?|)AL%RJg
z_ZPJ6aF%bmwzdKpl<&iPJNYbu_Z_s*SzLKej1dOVPI$lW&|4u#d+kkSM1Kc|0}YZ6
z^G0yE8^Vxk3Jbee!Fhk>%j*fiD;INz(-ZHM^U6S~b@0mpEf0;Qx?LPJw7MK5h(oVH
z<JPcNX}30x+Hd4Bx*|1|v_#JWtp!>rD2c=uNVo}KW@O%3`w=uWJ%^q4%OxF-jAA;#
z$f*4X_!%>=x7``%>^M7n1KiMNkdT3Q-R{Mi5z;j`dc$t7uHEOI3*YU{t}~VhV^Z6m
zaRX;`nGQ3&@AbbdQl?!4Ovk*v?)?2RbVe*ToK=^%+?;m;y0`2*V7bF(t!!J}z_K%X
z*Ey{^)Nuwf*m4dVC`5ak5zLo24&-^)amQy4yu%rMNhfb_oVJs}32*<XpPje=q|W=V
z;Ct^N&-*oE3D>^c^*s|A-c9{()6l!mnZ3eBi_*m_g2x|ua1VK%pXVayoD-h}&!QB}
zFPPo+Ny|BhBgK6m01a1tLw^MFp=g(EiPA(?O0H!QtP4exI%_{QmIXWj(_R(4XD*t#
z;qqUDr5*1ZxEAa>Yfs)}<C!D({bl?Ae3^Oq##`gE^YiXauH3!By1nC%I_K)nTF_sU
z<8z(u5Ib(ppv&MLJ2J)TG2Gnf><#BP&e_igI+Q_bkJ~SW8|@rTot=XQx(DHg2F`fj
zja{6zwCr{}IO7fN`<#Y5x|`PFO$#|;dy6qKL*m(=$(u2&bJ;03LgvWO0X}CC@8i{x
zsb^ol`RsuAj@BT|=C@s*lMK#{gM1UbpS7LZ9j1KBxW+s7jvBmQ?xEkYguX}f9!i9!
zOsjA!&sX5VE1c&H$k3-uyzy~vLHC&2S+;B@E%lHdf<=tBa2;GWSKvct3y2#|{-(2q
z@wSh?spB~cL}q(ZO;{@nwyC7@E708Sjvw$zOd2MzY#MZZ-E_)%#5h!*dAz;B<+N|k
zt->;K+~{1=_^j1Ut25WxneqkGnKQmoN9MhAw7NON&xKmKK;DsQ7#+iS+~ML&=d6{t
zywRHsl50h#GZ?cPA9r$P>XqyG#*IqG9Lt5yk8ozPg)!syjUUr?I=bx)J&5xgy38nU
zj?iTA9P-jVJJ0OM=EK>SaI^Z78$;gNn3drjSXtij&k}fFec1^&puW7}_$IT1vCZD#
z?0gfvJ6-D;j2klstq_v;K(|AUGwFLAKEb@wR~3lc&BozV9VnW68FS^Cz!j#__5hT+
zF^)|K6WaT_N<}#;*9vh3K(FUwMQCV=WrYhCMFT8^wZk+em!=HM;hZn#<rX!F`3`<!
ziY;l`?by-1-L=POm<JZd+nB;xE?4H;%z;@-<2Pr<>J_}n+>d;G?q_dwc5^0yFi?2I
z@2D92Sezm7vsI_nnb6tsij|R!bcT-5j&FVk%7BcGidLD8;}zp$3_7b7fE8oTRyQ|@
z<CVtpo3l4Jt&lV3Mx9YN=nVWzt<KI|tj;r-XS6r%8E0o*`zAAq)z}3&J&v)GUVZsy
zZ0rQX`%MN3;IjqZS#d6M)EF*IM$34WF}B(O?-=gKywRC-?l;gPpgr5snoS$_E&H9p
z!W<3_ec8M(9WTM}U;lsy5AJ;4MRUfShDGLB^fQ9EMphLx4sJp^5-N~5^fG-_pm_$<
zK$G$p7af?5Yv!6QKo_KxgchL6%j!qfX2$H({Ln*>dT$yeeA%`gM+5B+x^v?xtY5n`
z<C{T#8y^EkOI&7t8w2ApXZ(S)@t85=)e4C*Xr=SjpQoW{r7>_LejXix^*_M)&C?$k
zb2)(TF~@ukM?iDB9Uu~UR`jm^A^yU>`SN>ptF5tv{VQ0VWrk;x6PPKjSSd4oEcAx)
z_*@wVqqWt|>L#OxCufyeL}ro^9pjv-cFMT$_z!3Ba<`2641xEX9MsFd)eI#$#FwAv
zu=8K{9(m2)4ej2l!|5_OXLSDi=&rkEHmLy{Z*9S)#heX1vjraaFK3dud(AInUf@j#
z*zHk*ttpEQx1K1T0!0C&H;{#*HUcrU@NIhHbIMs@<aQd!h%mS+q-voGM-tf&{Zf0_
zU9)E?x(-_Q+@KrU8?4)(JWoO9aO-*ChD&%FkNI13$<vBePKcjBSrW28W#{r}81n}#
z7RE+h#(;NYoqY~p`#X4dDP;z(jzHb;wN|b%Ic?<2=C9uYhJw{tM!-gt8Nl(=SON*&
zuriRoX6#Qs9>4dMG1q{)L`I%p4)*ZnyOpu=_z(XzW(*q$H#telGu|&>T;QKE@Lrh>
z1pSV@)8jZ#lK~I%E$|MPhQG5hIMU6rTD3T|=N-%crvn{KTGX&>nug{e)VOB&ONg$3
z{mTsV^M9Lbqb*?2KAj!{sQ?bfYBiRNYqr!yz%5pnDpdFu9O2vnwM;@9HmvcVpg=NS
zE+rk_>rm=o>}^1F><q>o9i7<orv3kbe8pHkpkN*|phPsDT8%F+jsCdQiqFMZPrA$j
zTS=GP8!0ODFnZx@A&DnFJw9c?pIG_VPlo*rCH{0NzJAI;zVjz8B^UQEk6(ZO^}C#8
z(Bs!H_ZU5Y{etxM*VZqWe!p75_>#-<F&gs@8Gq^0`5IO{$t7Ndo}{N6o+RW}k;2jA
z6UK*rd~^9Z8J^5Ex7v6-k}~&Zbw`h%A@I&S$nd;8W>mW1-cT~mjJSVyxe4B}tIP(n
zE&FedZ`9uS4K3^p7FdGsmT=u~d+5DqjtHN)f4ctxoKLU7xxe!IhRJoVtc-KVz=>3H
zOVCy8u>=uiCo2b2>UzQG?Ne5bGgQzip_6i^7+VrT3hRYP0{M_(we>B{_Fsd>Od$hQ
zqT@_0^0PnMp6AOCGst!SVo8x9%ec;U&x=<2-0xrRpZNM7IsOhwPpcy!ygP!Y%crmJ
zb)O0J-d~OoU~kbFarw1ib<d@9|MKGEg(v(;av6O*KHY!*bk7T(f%y9KCo&KmNg04g
zc+sU_Ug||JV4!}kKdj6mJ@Tk~iTjt!%XiX~9QhHL$9sR|{xKs0BR~fIJ0kF1#_IjM
zBL(M+Lc_n|T^J94roekfO_symzhLN*L6>93|4E*A#bfpK^`%xvyz7#2R^Df~mq3TI
z0os-`vl)tujvfvG@@mEleEN+)p5YVue4m)lJk5DR-_7Oee)B9Q#PF6lqz|l)9jzFe
zd~`wDdJTxfwjN$o{H<}dQL^jk3PXf`^#1j()WQ2hhuv=37E5Y%G)L!jW&^ex-GIo7
zJ>9>%{5&g)U+yz+k;y3&ly#Hy#FJhgU*P2hgfao$^91*n&leNUq;zS1!HeGU^5p0q
zGCA<X3zwduzBkH}-*ag|8e;)#?-SU;;4!z4ywm3|WQKkX?|90K^8RZd^UfIm!iy2&
zy+BX;`s)`x`ODJ_eE#GzCK;>l^ET!zd@=TA$nIev@Anwq;WGi=@82nhdSF(VnScSg
z1>R*49vSN90Rm4NYpi!SNGs^xoMl;D_vINKsBQ6PBAV>h?E3or>+`eu^cBv}XEMLM
zCUR0iXXYAx>>`*GPGjtZ5L{k=4zPQm{7(X*8Tp`zR&P<qavbI?P-`e4K=8zrs&X$8
zh^4c<UM>yb7W|E$`wdz##>`nExgJfSJjmA!kP?u2_VV5!c;Y_qMmWNngZcvhDSp$4
zAcx}KAh^s#l{3MHdwG!o@Iq#$jB>1$1|hJ28iW5m-AhmR86I+f1&=ucUnJwum(RI3
z*bRNgY^$yu9E>UX`Q%a>#P0py%J0zfJ`mJB|E_;lz`L>d`(Vl$Xw12P*#PhFa=c%<
zA>nH-A3<FDYJ~&Gm}-bl-MOHp>rl_0zJXr+-}#Z3PxoiI=Y%^vFzl0U+0(}gC&s(f
zWs0}8qcCje0K=hC8xoT&!LdkSK^e(f0gSF^=+4``=mD6gaU65~`tcR+yYhGZ<vDl*
z;CBtZs!Thy!LE&}JjiQ{OwN!9u6gGVBjwobhhJG2FETiU?H89!oCt@5klFh=X9z`Q
z#=RCml?5S%-itRG1lRtiv1BUwiKEqHRz=R}6@rY6!;4<ajZK`<_r&&af;Z9yc3_7W
zwTBleaQT@&L<*^}YZ!r(DwEJOEmZ0TrFVF2y~opBK#<reqBbZFf{j!!N09N~|9k*1
z%gy`?y;j*AodWA91Vq+PDB#gsm`A^{5v8ijNUH*^>FBMpn8emC(uB*opU5kOp5fcy
zat!y~cb)sTxq{0t0ohf`rndq@?I_0GH}4Kc{r$d+Gz!wnO>WNNg`a|(>;RZtkRf9x
zWz5^H91k&o*+JO2Qicu5xK$XE=ncoS1IEK3K@`k!LAkJr3wf`Vkp(X@YW=4cizt{A
z@hr!bbRrmWO~SO)&Yj-ucF9}_w})d|Ic_D9053q$zmek>St^hWiE)Up+bzpJ1SSI{
z{zTXY07@H)@4eC;jYsbxbtM*!LC9gOwq_j8Mx=HV1jsdrtlq=g&*iGK--2=zpr~Q}
z3KZF(QDZAroM~-~flFAUY`>)N^|H;5GE)oKBsZM@$-9(#t!rr_z;*ueFX1nRIf5=^
zV)n08na@H?Io1F$RWjUWfD6wz7s0YUd(msjz{}`;N4=Kmd1!`U3wq`~=nZ52Qyl=~
zAs_dbWiBL)KmQ-la6Clk@^SP93SpbbCQy;nek4q`hhX`b3<^)Au`z@R128=b;Mmk0
zGwTwLhejrpB_!uV$uux<so5nBaZm;^eVNz5ku#F#&anc)sG=vCxi}n@C?Dd*bA5r7
z26T4gCZ%_1^?dJ@!+VB1MJzw}T@YA0NNv{x4^^yYWrfHZ<_)N-*l6KZVp<0{U0keV
z%myfDAiRq;gI-)e#Y4uouP9jSZV=MC{@o@hEO@dh8a-TZ?{8wGaOyh893Su9hwdYQ
z#?i|4PO%yoNd{4vc_*)#kId<cP4fW3-qG2Gvu@m4kBsp!Lww0kY{>Y<4;XI|YE*{K
zJkm|RpeKbdKW@A*D3HSD{$#kPFAT(G!^pX<dkOd{WK3VSFt+~m9Kki6^4_{-6<?KW
zENR<a4K!x<v*}ytmd-;=KgL{49hDVjtjGNfONASF#<X8(y7!*z8~nenxBG^b0vqdd
zTXVw_^<SHq-dky;A*b_`K~Q^ha{BxIbRi@6Jd#n(hFxg&Jv4{AszSO|Sdj3#7>&R#
zgAK=)KKB;Mx9?{scr|ytG6Oe!I*Y&x_R%qMgwEB+!e<$Sbvix<u3y>SK4u%x9?D>q
z^)hC=rJx*>M&NlJ%1p@#r?a^_39)|fa4?4BzDygDsoj@BmZ>vWbSg963MXF@jJM3e
zjHFF}+HH41Zto{XoH0G$lG!OiLfhcNY!sTDvz%guZ6y|wf;GkX3I~KK-gOYb+|X>A
zb}^?V_gMNcBI!c}wo?_cZio@PxM-lU#Fe+p_W2M<!EXcBJJGcC9#iXG`}XJ4VAq`o
z;cf_*2F)WdR?z6Zd)GUAt_Fc~ci6&)L=fvxOZ6JnX2HfWO4HV2bN~ep<VG=CHAI%=
zsBjchyi5?}=k(~1i?=<B{Pkh3A0zI(>6d`LbG)H>=gbINmG~G!&C*&ltTMxTb$fGD
zX1+zcKW_Do`{UuX+@2W6F@3G8O&0*?sZGpK=C<r5%t~;Qw!4NU@)~0#go@NI;fQQ&
zmN~ZOB;NU!fJ;mPhkokrAg;<_gwrC$cuSxex<O96u8p~4*^!*>(g23xDf+35+Ebwf
z5M0_=?`9%h^_2#t_hGu;r8>o*8$v+s+O*AW*j#|zIG~H^m#`Jk^h>9o&ptJGsvra$
z5(E%MF1KdBORuUaK*Xe2Q-`4iMSZ=&SqO|(TFt-`eY<YWT%8kmU#~pPNpQsGJFmcB
z>}70|0ra$*v0_zOb^*7wEKGRqCa=gav`#cVA0}@bWK7kc7;pL6xrMYk$adGiU8J+t
z%@#i9uL#;QUC$^lAy|&As@TqpLa80&&OzA<wBXHsE;HdwP1;}ZnR*U5-`Ziu?><1u
zT1^P(E+!3BN{}LvpcOn<jB!2&_i>Fj8NK(@^)AbaTPo!29FU6+y;e>};mQsHB{}oR
zItLF0Q5tFjpaVD>ZZ;dH8;WW2>^B+S^%^ZadaOR!8T9hNAZDsy2nYp_;`JRLD8x9>
z+Fs}TDurycisrih&i(uX4p}e{8_F4fRt_Y0?Qfc<6t=NPsL*m^^Mvdzil2`YvNAj}
z-1r5=*#z3#$Lyf%)=bCf7%~h#KQ6T(DF8b&hTYYz?gKy}bj;lyuWN=${jw7^KJR`_
z!uHL`@E*SynW`&6BjyHOl-29j#uZYSJ^V&j`?UsydFK_2CZ>0Pl1<k=4$!O48JtZu
z3F<P0qU1(Hw#xydwk4uBrrh}kd04n=3JT;zQC`iiE`GNQ2tk~RoO-4{5-J{3u$7)%
zQ%r3h;4g5kSfBfs$Nd5BSA<+r(=<RYNMEY@YVz~+mzvwgJDxj!+Lfl~sN473rdx)u
z@4o8Y1<)R#pD_crUu=YjMXfqyA<!@<9?R5NjIgHAiEjuOXKf!G7Am;#7g8LthslZI
z^+`bO$>O<ll??acJ7MfU<bFy1lJbT0dERqu+MK3a#P<}RzYf%~lW3S5DCH*~O0R(s
zQVc|sxq8ky9pBm!>uBIuo4|60lZ1r0cGQ|OpFjXgA{Hr^_t@r~!MQ)kUplbOUIypP
zhEi2A&^M6RB`=Ksowlgy7XAg<aof`FK|AIW97qgFq(prhqe&yMiGWMFhTuXCZX7|i
z=r=52aj>Z$2{>^hi!hm(^HjX|NAdA+CzrMn8LNsR5b>Ghc>!%x(;eI2a?#zi-L-am
zU-piwt={`9k_e$j>vG2CQ2cIDQ=ByfM6XG0H=AI?D1EfHN9~BPvW^~)<;||moB-T^
zGl466|Lx6QMmA&E!x1kbv{OyL^Y{Pw>iC99>uAE9?V+51H7ysz${`U0PYUl^CF9&1
z&q6InPH7N=TW9WT#dT1R9H9HS_CZg%NXys9{o%l!2kh-_Z%gMbYEsY3F7VSIZB_8o
z7k|~)f9LX8f?c~@emBjXYo>CpL?8*J?6p)02inQ{-f@721Sz^{xNS|D29!-OEu`l(
zxf&Dy2baqT{KUU(!=97jj#E{X{#^>%tmeP|*MIBibaJ}MvhQ)6nM5LZ!0nU$4?EZ5
z24nL!rF6a1Q#1>bd?3-LvMd`}!6}1UUms$ET<n!X77dakC`rHcy}hIDYW}ajOR(%*
z6VSglpTd>}A(6=9xn!u{-E{!L7RHC&<F2^y4S{M*uZ}x762=1H^*=P;X6{<*W@9#O
zK$aN}@2b!baN4h?Klk;&cfnaU0yMmxm8gXGDG<<To~9+T7YQ(J(qSqk;3Qs<$}X@J
z6WZ5%sv+5@km1wU@bXu?15Kk0m=W=L`)#5P3;5lyu!0V$r<dfa^p!Rtfq?r{8Voc<
z&Tl7<EQu+kGCQ^LfhkbLt;1-Yj_-V5WgOQ0vdP?kv)K5nGPs)gtc23>?$@QXW5J*Q
z{NFu{$2YXNi)Pz6+k>W+Z>9w9550`)zin~#VDz^C)Kwfr-7u+6yTWQrARv4l=s1l@
z0vzUyUwJh8acQ#bd?u>Emr~7tA#BTn|JQ&130xfw4nOIcAKWQbElB$K6tLcQ3df`0
zQsB7s8#L4yI4GXE2q*%O=y+2jUY~g7VRGm3>F@dN<vG64pwQE?>}tRl%eE{({Q38+
z1ndMmpl{H@D<t{-aeoqLi=zhwFqN^rkAP_$r%Lq_H*SePEhR#Dlfkk?4A{@oyw2~>
z$uOK7)^~|s5Zy7gXThI$#n@L;i?nx%*&L@_FmwPszdX&^dh088N*20^(#kr-5wU(W
zoqR|=If}^y=INhuv`F)p?>~zrnIIIy^ZY+-&w~Gr5Gy)bu9v<=y(51QxqYPYD^I|j
z<)$S8Cg-=thyWw%>LMn=SWq|u$j~8zh2q{{Mf;~`{OOr||L=I?P=V$1xel~vMPw6W
z;D)YK{w1(%eWUNcJ(kbudZQFg(SV`cV0wZ@wGD1Iq6eX&@8rwpFHakXd9B)ij@Tkt
zF&GQFo<A42Wq~<&mHS*n*1q2(8s_t=%;&o16@K!&A2#_)w75}L7-)F?k`dC2ht72?
zLF9e_@aee}V%ph0gm-y!>-E;OZGm_Pm<89nr8m%1BAk4DsOl#gldlxz+6J!8VAd$@
z<o3&h1xVx0&KMXy=#g52YX0>6@(fX+tFo%3F;OJ7ZvhDK8=Q^_yKA80H!8_+f7C~r
zd<B{-h;lUWr<k!gmZ-LZ1ZqO!GX+atz6QD4Rs5YjC>>IF+PdHoq2n`X9ee^Dv?(jE
z!}twzsxLNB1goCq5;3@Z!XE>hw9bXvZC)MN`uYHoa)MK?%o3>^<pSEd;7RwF+>9lp
z1{!9*g@r!;@l^sQ``ieev-stld)?#pXzluHlX4l;xVv;khzKxv+vCjBI_Jv%<*}{9
z?|+5w|J_wq_?XQU2R;Y4Yr#GD_k1o`9d|fVk5tb20^jw{EA8TU!Q*Yu+%=RXF$X0a
zIjm|S?de%ML@;L4!#pb@A^-aGuRr2=MF~VO2kN%1)r*-4j5}b5tD&hrRWqmxJkR2&
zT|}fPc?y`rB@VF?OcpkFDyHDToUflb@1IZZkNY3bjpJ9bqUu5yH?Q=Qwk^2l<>kfZ
zz|gd?-!;2C4$212xPRu{nap{;?Lb8oEu(R75TO=8K^;T|Kn+eD#o9-8Ad$-Iy#?9m
zYxv0lS2;X~$UM_!xswuXD-CCAR?YTRS!hnaaxKHHeO_&+aXr!@N)S{B#0VQc8@GNs
zMwuwzsz^Z+<rcQE+^xjdS5Vpd4B#6eyX6Q(sWrg85*l6FhL>mf__(u?Ko6+e$_u6Y
zV7O#N&;*Jc0E&$r#Dn{@#l0phgf<K%4(JYbTU(`$UpFzqBC~~w*W`E_`JfB#y`jSe
zM}PTW(cN7iX3nD6pxSP|!vzFm5nYmXEK-}w`GtW$f2eC7;)PHWQ-Z^0i_m_z1h!rG
z=A_uoY^|F%F!KHA%>!0=PdJ(R)V^N$`^SFXACAmvb#+proV#$w#EXVgk7Y{Mt|AuC
zZ(t{PZfWt~VT2%yu@Q6K0ZmVbz;cvg{}<CJtA(R!==JWZPZTi&hs^(*3*eY7;TVua
z=6>!~OMTzVtc8vG>;<+WvOvo(fynC`;38-p2veJ1&u88@TJ{6#Cf3XYcF|6=T1e1z
zQUjzZ-4fTzvv>MGyW<zW!v25!#K5_K(X&yxI!Gv<I^;O;2$8hJ)J12ZyBpMdtC~MO
z^&%xsO9FRnXA;>s=^USnFjxlhjmv6b%UuNo5evo@8opD_U8^PwUGV~UHsNdil$x@;
ztBKHyB6m_i8X6;Bu{NiB08eT=2a#&vCtm$RnQ^BEXnB8NqB6zEZfW(xXSHy+h2x+F
z0-TBfk^gqTJX3FWq=DC`$qvY#TEojO{+xkr+V5I9L{(KVe~A>)q`1yk`|2<=VEYDj
z?N*%SB1jQQ*{xKIB?w&mkkW--B^u88{n?+s%9yFI_b1J1^xlfLAO&U#mI(Z%96|+B
z=!1AfQHrD_6v!6%Txvdv9h|MGo)bc}9heyzF5~zFymlTMj7z-q&>KYm7WLTnJohP=
zJaO)^|6-ie!~{HO^hbb&qXR1z=3?H1q9X1hKytv#YTh^WKVgZ0{NOCcK%8f~EIC>V
zkYF6Caw_5HnfciLUY;!p@SNL|*_eDq+tRGkkq}G*;c&WYPvb^<iEEEUfh&R7sGL&v
z&Giy^gSK$>d`(2y&XL&)vc?@c;GP5SU2s=sKB_YVuFgJY?&N|p`AWPDE*FMk1xSnq
zgdJNUpA4P>h_1MvhN*@i%DG_D0be32xPY*$_17M<TM5Nmg&P+7UFfD2C99!bV&VCN
z|Le<RpRqHiM{n&uKmt@UOT%IjLY&k)K#M!#fhfNiEz-hYMFTUM-eA6g932IgQSAbJ
zmdgXjA@{MT<A_1U?A4m{tIrUBeAH8<Voro@^u_>GV{d8?7dLITfDlta>@ae2qS|Ei
z>!73nUzC96qF<_QX)CHT@(6Q7Mz(7af*KT|au;}n;W>Q&8O$fXZiF)VO7j%{;zJ-D
zZn<>=4HN+)NIJXBH0TrxHt=bV`fN-cH=S;j69f$O%}5z8#80eYl0%M@;*|qEdSG6@
ze)<Z#<~FVtZMi(?0P#(yYw5(b%DOR&KopUSwY-K}Xi8rJOF*m?g5q-sCR<F&a3NVg
z-?$e{sL7p;46l1z^CIzwa5JyoN(=(YVeF+y8%~>ag4;gc&0IzVk&Jcaq50!TT?fbQ
z`1x~7j(aH(WV*}|kNb4fb7~^MDN8a`-{|`E_m75epX@=_q#J@A#TNmiV3)BgK45Hu
z!eeyeX)-OZWNFY(Xx%x}P1h|#yKUth*{y^e;28<khL5g8RSn<i*$?mw&%X1U%wAo_
zxKbDl;;h#Q>!<|CQbLgkobdLZ=NjI}DAn~8Qt89KF%y%eI3GX(H6!m`b}QNmaiS-}
zZ%H4<s2r$b)$sj?W5@96@1KaT_4;=`qR7N1x&oJDq<Y26CJWr^vDg{!{UOE&10$f@
z4RZY|{BfWY607tYjJh_wl-0sDh~3xkaHvD3w|Zy@<^$sW{TYXk$}iI8@F>d+Qach#
z%1ME86d&I@GWA+|jyy+!6a3YMFcV00?ot5eQEDaj%x?Mr82AH8IMX$ErKEwEssWsD
zpPmhO9(U1xP8<`16H+er6iCrw7Ex4ASpy9Ob@mZ8Z8q?}s<H*<=U9>;5C*hAoigH4
zmfd>PRj|bqtX<T(KSY#Lm4E>QFJFn-&z&z%bKjnP3z*ZvWSIkFQya++tN7s*eW3=3
zYkaY$LZwso^d>#sa7=R8OXl^`F?D3O2=@aHS@L|tWKPW(9&#$=eE$J_|G%Hj{ZS@g
z!9kgD*l~y*e6-9!7O)%zxnUYii|Zn>CTZbwI8-z^?b#Xd_moI94R(0ACA(!EoFo9=
zVRMn^bBA#X3~lEt=H*$ZuJ-H0a*9+gldoWiRp+`fctB!x<`qIG<1K|ENTWasn)5|Z
z#UZ<+J0Ck#mI{3#*P(UqvRlr$$MK<DHFb?h(}<G0hBI-)u|GZY@v(h?UY@60eGgz<
z8^R{7$ybcRN$Dy$3Fv3cvBqTzg_&kv9axgx!Ajhu9=O%fXz`h7@_5;;fTt))aNHdh
zo<@-dW1rn6zVq|8j&D!CLd#E=USFa*lN)b(6%aeu>``&FHgl#^UR6=e?_i>(+D>{}
z*&4!}<y78fxrDF03J`J32IW@~X&FhYciK<c{|A=ISMEOv&o7@R_}rVfUN!(3)DorC
zz|ppCK;N$-ky9^x&26b$4#0II=+16TDmRfxYX)Aon=IG!u9p*FJvqyBAjQ1>zFCj&
zKluLhHu=i^v7hV{CK?&brR#uR`e~IItT+-c90(}7=mRlQ>nCeS@G93I2M}jtN1TN@
zIvTu4oN1c9vRe2Aej0;6!KmJ#^Oeel`}>dYKMcSA-+%uA_S3w6=DpLrExj=ja!GT0
z|5lm^qs{skuSifLCOfW?#z>DxaR3)G^HUi#SuOmO0VSYyfhmJpIC2<nP|Wo~ldrfS
z>L$02cIpONABAcHS^p)QBac9FyP1Q8nb&db&ZXZNSPd;q*kreew+km>{RBs<nIomf
z$?*UD*PnwP<e%SOz5?8zXidHnyV0irf%2AE5%)3?6h6o0r_)$JxT`MU4<=?6IDNYW
z)JeQcac*de8|#tTE#mye#vFKTkwin};^bt-mN{EW5jM%cGYIbXbbkB<IDtZmm0t9&
zMQ^a$D%Q#L_|di%P!p>6u98NLx(--rC0RfS8*vM-G|O%Y25d+o>ID$GvgZ60Ry~L<
z8<*BoMgkK>11b~_FU5Jd<|ZE1xjQ5!XF(LtP8|R?_|#F)wLz>W#!h4hx~n;y@WSqq
z)k0~<8sp6wrid)n5C5wz=zvNw#nVD-)<mL5&ku5NoMA{eA;hJvyqttaPQN@O2;nK9
z%%+3XEXC5Gd6a}Mc8nHs&NJKxA7SOGpc4ciL9NtC7kVJQgHm{bUj&Xql|rC))Zu_q
z=%Z)$PATClfuK~qf7^rrxk@yZCnXT|h2oWj<OqF$5*^d=!4g(m)4`lsr|qs-zFw24
zv_;VL9o_d3%0}1NVA)Q&^d6e>F;590x^$&8r=82(XY&zMWuTmt>r>+x!Ry??{>C0T
z%J(R>QV2AX?vqoyMSwn}I8JwcqO?GerazSJ%9JH8%>jn2h2kmk8RRZ7KODUrKs8v`
z8KfAHGKk>a?5E(=;7Lqb%*!ocPImg36)Wck=2n{y!J(&JdCYuYsbC3i$a4}OK~Wk?
ziNY>waPH(%N3RhUCn@s=ZqZ&f2f2HDsT9Ig?q~)SDY>$DLh+&PX6SK@4B8l2-zde-
z_J1*<!e@(0;G-#po$Y?5E3OdjIHX7!%4PUj#mVAN&-(?g+Tfdt>3jG^paIYgW1d6^
z191oFcJj2RO4yn23W#;^sVgb?31AkRP$<M;i3nce?-<NPV@<r%6be!$v{DGOxiiPf
zR1DA{x*mP(!2)!Nn+h9{8d!yjwD6T|fpj3eYJJO3SOe60Cc6c&@GiG+KvKQ8@*znt
zV++nsXG9%51D{Hjcu!BWYYo^H+(T502WQQv2TvD-two~MFt?9(1a37cC50!edj)?r
z`#iZ_s`}IjrQD)Y2&aHw92Rx3IFvy_^%12SuDu6I8gN6EV<%gEy@zdsSDS@W;+8Dc
zhZy6a_Nh||HwIpblW&0o#tx%?UK3d>fhzOycM3t*>C9JS3D}|0W#VvNKHchXxNk>3
zy8~Q<$*$b~ghG05Je&OqZc|4$4W&GaN+mWe5xXq)!|ZfCpV=lsT-R-Gz;acqQ|#L%
zf4tZHP6DP!Gl@JylvJbKeW*DGLE|kUrNk+gtqj(O$VlsyiV&tOW_$vgcGpUb&z^t?
zwN0-b4j%J#&Mv!QcRYm;^K%Lo!mAANoV(cf{}3sv6;R%ZN+>om7U@bL<&c+rLeVXJ
z#kDpM5mlCdtXBNb<pg?M!)aha5=1^mA_ZLW{r@i)9Hlj!PJPB+(?p^|f_n41aEUv1
zT+?<Am*YnXF75<g<IM)1%8c)1KHmxW;#j{KJa-zGAxb@bC@Q7UQmHD4L;Yqxvj36L
zINxd15A#7J03=DhLNxuHO}QzjKrQr~yXX;4u5y#3V}k2C4c~2Wc>>H+KwTsVI8zB`
z?A3K|&UDE;Jy{6#Tf<|MS@V>qii_?SJ}<)E_>)%#?R=Bp36*mHP)Wr`S{PIHseESs
z0Wj}aP#?_+(Q<V~qo>~rss$l9wZmzQs%t(VD6*vhpcC7ThmQi_B4$R26tx#@nBE@d
zz<XT-<1wFS0prr@E>4fjr^9jP27LVBae}=-7$_?pDTYcbPy>C9@b`(s#W8>f`0JX8
zl8Az>q;1*AZ>7W<6M#r86mt_8fRr1EYDU^^VHXS?pG?n!$LOj9DmU~d<?gJ-E{d2;
zsdJ#~;^{!?Mkt+Syq2gWWiu=U4umbbSjn-KzJ<g5=w<^UB^JWeyHY<mC%K;wFhW#E
zA6W!*LU?D!EAyM8V8eVa2O3(9Z-7gQIjvj*XSZayme~{TV_!fBYt8_$uXE=kU9ka8
zr;3W%@GL=YkhAZP52v9#*sS0o>#&mx`9uz%A(GvL_n(;4vjd0sCY3?g(Oi0+Q)ag?
z9CEC&!`uji8=hBG+OD{6I6w&jUn~^CHok)L@vRV!iozjILF9}Gp5Zl^msu<UN$-(8
z81?e3eRBpbJ%R?jb+|*_-=-|IkD#miPUC`B9hohSFR4VxJ!YSq623ChqP|lE1bNjp
zgvb)+9<QkZ>WhbmD;qjACSNJ551M?1L67@neE`-tVHyHHR|ELI`+0B1V`FR34yN9D
zG@cdM{(%wW?DVTl<m*%}TJX$#szhj8kOZ7C1s<*?CQjJt312TI8elpd1_-Pr;_un>
z^E26?fwSY9p8-BbY5oo}x|#4^K%Od+*t}LgTlP&O?aqL2s7vmnT?oT-X%j2=lhoP8
z5A_X#E2wml$9PxScTQ6!LSLZRY=Bh!0Fk^BfVcFjM44U{@X^$5wX5V;8XWO3h&Z@F
zh)uBl2JB}#z=cpvE!|e!NwDhy1b>(ppl(}%Ys?FZ{X=9Y6%2PJu6UgyCPmdzIhb0d
zLSL+Gc<7~bf<XlG#GFFMk^=`(!s~jy&_x6a9(3Z*;BosNcXmPm3M7^n$xbqMcm?W_
zN3(wIoAS`lnc!+UgB3gy=DR_S!<#Ox*v}x!>F~DThH#AbVOiM#pC;&NS9A!hG-Z#V
zOZW<C9zj(OCup*TZ6m79BBdNcJv_%6yY3r9CA2yn%z}28t2=Z2SBNpLRi~iMP^h6-
zV=Nh;^ADl>r&urNjKE#esN7F;GJ5#lz%9z|Pr%rnPg}_DV`4u3SQnI!s$^veRGuJw
z#RlCiP&q|+4R^f+3U(~t_zGO1T)utuQM|fAMaSZxeKwTLmC2f@5rH(UnBzTLzgEl5
z3h`nm`Am;zLs{%6VYqgB5l`YVj*E)gVC`(156_;(Rikgv%sO8wib_<RUz<6PNpqgi
z0u`-x*ULV)b~_Ez<mSIgkP{d<n?rdGUIE)hUnC4L6CXtik;H5H`ePyPG~plMY;}&f
zCm7%zx;{KUAMWQ_GnHazF=O%zDdaP|UD1^teAXf#S{qZYm8k4gmTDyLygC&D%wz1z
zpKZ$o)Er<_vIw}>=Kq=+@T*)>4#VkA%{oePxC(VRi&Ix!2%nbK-ITf0`;zl9e?a%j
z3~pO+HhyuvxkdX2UMLoHcluYtoq1=lmK)%sIB5AfYP;l<5A6JSx&v2n1NXqMyn$Av
zs#IK2mdOBZn7tAS218_cT+N^kgf1V{K#wZ<W}4RPwTCD;Eu!jL9}q4X5^)-nui$FZ
zSrb#_)<nWjJm^0xcb^W+9!c40rj1{Cxd*H35uVAgxh?d1AJ1H^GS}JIah%2aijO|Y
z-?dtQIxUyT^MTzCY}J0xUhTnkag99UCn~PatTHGc)vMB_+RB_Njo722m~Bj5(pTC@
zv>d8a*oh_EviWBH77{V7-3BTO3cv)EvmTFnV5m~j&qO-F4wD!)TGt^h^g7(oA2ewU
z!qpi$xJmH=X*^Sb?eoc_spYEBXDt#R<W{ZTpc3Oi0OiYn+S`MAyTyDdlODSkPsBVC
zD^qV-Lv=(mF{M%nuS<qAO>iI>C?McetZ4oMIn4V{O8OrYQcaRwqO01ZWR**Cxi)m=
zZA`v$s<_~YCitlcf?s70E}#X|^vXR*ts6}yX2TMS{l&5>55x=wkWHfgwn(tliZ)_#
z&vt6<ja|7fQSVF8=BD`n_U=CR(G-pN>=PF~xnek)l*))M(-YOHMWqjlf~FjL0Q3SQ
zz*)*`cTLkfnhwiNm=aJ_gm_ZaS6rEi8;#c#$BZr4F6|0xpIk0)o~iat8giIbK*RNW
zIOA!oclQ!jzx`%BMz=*-?)TY~uA{5rK}EERTVjz+I0b(fRH&LoiC4K-^RHCBU*hZh
zy?fkLc2MG2#$!*jdEsHeS6As0gea+YB@ibjf5X4jt-~0l`FLJ&z!rfHe%Jtu`~_DQ
zqq3MMHm+mI7)76=NxfdQYS_EifRBK?LAznALr>Gw9cQ1sslz3^RH8pSlbutr&qly3
zah8<M0(Rqy+*BQS1<^bG;lXn6b7YO<KV1BftIsxh)oLmwWeBBwF1&~9$}L5<a@QvS
zFD8;_@txiz(^`6)gmBwHLV7V13HU^8Z$;YfBLP`KP%xj-Bk6(fW}|1MtGYN=V`W73
zot*+mqt_>9cZR=BR(9YLrB$}H^n}2<6sfFLM=z_+MzGHRlg>ASPy*L#KB#%fNLEV`
zjF()k02**XHgcLIQ%~?Q8$nn|h9X`B2|fhGFa|Rq?h`&xYb}I^l}c~E0Xsnl<CTOh
zp~X)zC@J3WFL+w2REsUgO)D<d1vrBQbk!<{FVvMzty`7tRHM=aui}Y}^19Ky+tZY8
zMT*sYeqPSR3bD_Nb-^NUZ;jhR@}ve;CblY#RY94&pllgi7SyD@cL$qnD2ua2B3VZz
zuL*Q2d!oU`$K7tz?qmX05)G;lxaTCM57-wK1yI@4mEB_(R#v(U!IH}?D-x7r1LaTZ
z9=yyl47$cbSdSU2T1*4*gku?6LsMn&vNdxB`-gue-7o&T5z5T1_ppbzF-@o)*p3)}
z(drMxwkJD*)Cf@cIdETJ0MB@o9iWjoj6(!hnS6z=y$Yk#Cm{lIPa!xY8i~mgI1}iJ
zd%FG^*ptmYuhD)7JfnH{)AiglDg-7_6F^c&r|O;}(9EvVA;imKf@xM_QvE08by@GA
zEC<T&Srb3O%Ua%Yf~c3gcJYocDfXLxonIi)r)c8A7GJ`_ve!wr@t{flFTHKbZo{by
z@tiaCv1D)Yv>Zk!ZxWOn-P(==FLdzgwM?xcYo9xomR{l}a=T0^eDV8ukZI}3#;5?O
z$VIm6+ra$?0QjtE$;vJ_puTHXKTu>G!*H=-Ugum5YuNy|)daOA!qbV|f0#D$7q4q}
zOzS8AmRtVm5zM@;qPd)aeCH>CPX(U8{8cJ=={p*FrwX1D>vc-e#EdR{;Iepot{CEi
zL;#c%OC3GTJwP<?(;U1<WskW!UD~ssm(}V%`{ZJQPMcCWRKslFqXAsGR9;kIERi+p
z05Ce8LFu51GQ}+_bjrwKZ02Q57sD|ZBXBe!^UkF?VbRV?Dtl)dSeLgL{v8Q^Pu@Xl
z=9Q7zBJJ81<890yYz0{Y5LSFC4MxR{P|laHQy1&%mGRmyw^GW$F7d^iD))bQXlJw|
zFAw3(%SuXM?||(x|5W~t3uavyDgauDt?r|T05@^gKq|z{Hb{y=IsgHI6roqqr}N~a
zRG|iO1TjzwycC=-!E_}>{$oq%*pk?)aGX_$<8rg{W7}mt9X<%Nkn-t+3hbVTpX=Qy
zC440i&pNH^S+T|GmsC~m(wa%m&q4eu)=>}CK+4hz-*LF%e%A)2ey0Xl$2B8Ag@jY#
z-sBQu%sYR_0BbSNrBT>D(7vBOe-2s+0D!J~nwX*v@v>uUuHR)(j_73+W#R9_(A8Yc
z8@N1!GqdEK9UxrnKG*0UP5Os;sXtq_)M86P4{h3FtGDY$=uk0e<0{XptJDe?G%l|*
zR3j2Dwt1OquAHJcTIo8oi~RpLEY{H-a@WW~3tD=HyOtWtv8K5+s%n;HfvHW^F1U5d
zH2UPg=&N0dzbFUWpt`n1#K$v3w<0|n;pb~hz=tPvz(_$8IWYIZS{Bjhg(c;;Zm#tx
z-cBE;<nEO4TpVoSuW7Sn0{kN8o$Lleipb>8bpiPW2{j`n7PBg@f^0I1Bh&Osk}#KA
z8uWN~ezuam)D)ze`{HnR4?TwcEIt6~m0A24m9DM*K)_dvg8?r}h~drJz^WEkHh3ea
zOcsqd{dpb1&&zCf#yRiKCChIXA7%Cnc#lXu%nQv2MXD1>V@Heny2HY~MzX@;+_aTE
zF@XdK{oT?N%BviO5Uza3o`AB)%#<mFAj}Tk3xim0T2f5Zoz;SjV-nfi1zihRDhE;|
zR(0pb#`X$ADBV<SaDnmOr#vwMz845<BC7z7)K1cB3^LFO*=-5gCNE7y&EXEzGEU%0
zxzOZZf(U)-d}rl3*&-*>Kmw4|IvfX>x_220@<=m5yFgiz2L=#xo|K2ora;pZitmoj
zWlcs?)(Vm=;fr=|oq@Y#mCP=D3_(;q0az&CGVILN<cgcqY8gTxVM?F*GSxis#B^b2
z8cX*f*b`jMjKg(%kS^}}3#FYF0#Elis8;vo#6Mu{iTGt$$mOHSD!#{ktHMeN#@aV>
zDl_aRI1Nn=0KWO%;6)dDOiqx6<-@NP>>n3wikh}8k7p70b4-y%mJl&IFO9M~-%XmM
z<EoUsvim8RG-K}NN`oUD9uRfjqOW{SS|effEq(QfjWyu7`;-|?X3w(K`OoJO@j~iQ
ze1{mT*yl5+gt0Mlqz|z=!(i;WqewG=%V;1<JGHAOuFT@-Gz5ER>R8$A=L)`)8eZj&
zdHNgzrFxT}`)%2u&++R?8hGk_r3#rk&$ODgqTRl{Hr(^g-DO-1@kQRAE>=h{`VtO+
z(n@#RI27n}qRkysbE#%)15P;9lA|*RVY|w+PDA&mM1aH;2V9F*M^I?jdg?6eOx7k6
zfHB)jpJ`E2vvL|+=zlr71+H?9hZNFnXeEXt4SYC&wQv3b`_h^^0ZZpuvJ}&W<F4vf
z-`1V9_1OmKcALWH8yCJq)a-2b9{d6?ka7J9=H-Q-x4Ztj^rl550SEdzdt0jT(8ar~
z>)5Ixz1Ib|1~B2UEX(0iFY5Mm+uC)Lrl%2jrDz$3pV6K*T*cYx(@0XID}4K0i_~LE
zc9%eU42lGBOMV=>E56iH(FEKP^ngwXELVo?Zt2C`sKCITe5qh)38R{427srQYXq?7
zz8VD>Z@JfT(iHVzREFsQ>~^mw?izHoc+G*iu=_}ew{Xe0VoGIM9xdFJp;bLm6o#tG
zkak$77|ULBuImlpi=#_H$;5X6-kEJ`aPgSOweLFZy&x8Hg)l>LfI&MBh8*`C!@8`q
z{mSd`#VY6qKy~Omg?^?yStROS=F6@}u#9mC<;nX_@qrI|)Og%=Kifi(DkIhH5<7Ak
zZ(!l;Bs`lF<CTB_g=(Oxl@E!(SfLE(js_pW8c<oO>hW)cu3NQ?bF0rgTIW4r!;*cB
zHcls<#&v?lZKpJsB7OBjDl*&-b{DIuSn+mLl7X>1Sze*yjsae4s<1^X;&tAC2m!m#
zwEEdka7(}ROjwD<h~(U*W&N&$9g2fFdg)jf9CF#huJj(&1y!d@e9E?TE-L{yy0x`5
zy7u@?Kv8Mft(y=&)3x9B#oFB>jV6?)Ydl`waJs<U%jVXH3#UV6ehJ;yVdLXWgsj%M
zmD7OTs2k#x<a}3qHx!TBsz_X$0&Z^K<)mpv%h&g==+;88$9IS9XW6*1wCXmNUU$<l
z9QZw&FM}27#w}G}VccL<q6r-9P~G4=4Rd1-u&r+EyJ_gIjeDEqn$IpH7sm+O)8xXT
zcPf&A@|J_2cvY3KQEtL9>~ZtE_vldSfJY49mEOM4>taB=o4&4HiBg9FZtaXQ=`sd3
zxUy{=x88B-(eN;T+g07XfD3hM(tr1bOO=o|tIm3*$16&|DEZ~CwZB0ZP6@9U8YfmT
z#P6~`jIjU^jIPy}_&>j-<6L&%QVBKiG)^kO(E3Zdgb$ohrE3a|-ahHY2<BhE-q9if
z$+1tgiS9wXK!frgzEq+ztBdAEc4>*W(OPPKcnntuVoSRQBPNVprr3<SbRq**6LpGK
zagV=z7j&4p*Du9Rv=wk0^Tr~$&W3_!X_>uqTNQz2ve>h*s}i1~JpSP4-ZK%}j~gL-
z5FhrNSol@CvSjb^3ZxWRCw!eHd_{qi&)|Vn$|`rWJ6@s*nxz0ykQDH$^t%Qoz&S7m
zh@GUSjFMOA*CQ$Sk%+!e_qsB>0@0;xKcOAsCs__YTG`TL{KA}9Xs~a=Ug}@|DQEG4
z%&zY+|Nn8`2G7{noZE!@E-_0NmNzK{(bo%Y=YfUGw$}4blq5t)3&>OR*4}q7b`Fq~
zDH_s=9p#vJVvIj-Pr5Ydv3H)3VnJsnqxqKnI8fKydikEM+wz*LW3<F$JZM*FIl^_V
zXQ}J4v%%|F`&yNCBewCR1lv9h#$@->%ra!>9(F6ihCLlsUqraL0*9N3F6Fi}+m`<O
zjtrx1;G<wKk)*Vc;`ROJSTf><t^Z9?%523Du%sJmnwX2lm$Pr%`wkSFOCHqZfggCV
z-4I8oasrX4hs;&ucsKJ&^6(s%!Pf(<`nfVzLHUP&DY`4L6*=8#=G`W9zs5kdNI6Q+
zA*tl;G8G$mb=I{g_PfV#Dd|t-x=dY>E#I1d={n@ETU$z&#@z<>ti-uz%Cl|zIE{j4
zI(+3|P5tjFld;ROHm^{Krb(74X8`z8kR5@bwS8oP&PWXi&x(Lsou-iiYzLNYRu=8U
zp$QHnY(>Lb^PR<?9|FW<Ge>;?QD9a~0$|~`yH@}}EgpvxT%wJfvT&6a+_iPalzrJs
z<-0fxW(DA=u&BejOI)#O0uWiEb2-@7`(l80hzblL%a_-1{kTn%)A|Rr1h}DV_PT%?
zp;ANlkW847L&SN`{SXikJrrr-IOI`q!C+l08$967l+vrdhwK;t`d(Hm%Rn&9Pw#VW
z49n~NJaL-lu1{l4FbkGrl%jCq!_`fl=`W16bZ`={aPOQepLx-wER|WEznc3yM8Da+
znd{d-PY2beP#9^L$~V1PQBkv6bXiaZJU3s#a$W|cpKaDJni|*lnC;N++yJVtFKocm
z)?(#FoL8bQ?9lFc@Xo#I>85k9MY<KOFZ|5Jm!(=_iBbXs6U?4}N+k0Q()E2h_Z|Vj
zl0E3ar$yJrt<UCkLu;H&E=v`=HktP5?~n#nAVR8TNSn&(#ZS7qWstQ@nMoom-H&yW
zaEU|6eZ7#KMKRgJ6BPAg1P?4g8Wr#Cs??TrpkmJDLu=7Sr*-A(ta%M*d1@whM2KK$
zN^i5%kGF@--LHSPaG|>3j5qA+I^hxpN#^Am_mwII3K}_7XuB@Msn*Wi?Q(}p4ZF<8
zbjhu&q@)HVTi<N*q1K(7@FeRGmpLwG#I|@hDEp_Z&<+kT+37YBdkBZj57&15pcM**
zC&0wF0BQ^j%Mzyw2%Mc(0WbnkxhXHs;*85)<a^KX`3QNAJTxwTeX@b)qzWJ&KOB;5
z>k%p-2+M}hD{x|9Dt@W#n4KRNnZNo{yP+-g2q0KkX9XymN^|V;s1qs(=I?4Kw3gPq
zO6m>iN<jJAzK2KBxYRENQ+^WymJ9`geFV7o-njegl;lN9z}nZGT-BbhH83gX>UUJ;
zXl@mNb5})?7*jTpT`+wmI83tppU?PrU`Ar<V7wQzVpi;91nJN~7=X!mwK8S(>H3zw
zrt9pQrFdn5RIK~%n;*SMewXMxxls5oR_<d&L%6)d_KlvYU$9v;6{qJOjD?A1ptVRf
ztjTpIPraW{IzhwVF^Y!V%#q7fdQ(<_yxs4mqe17tvhxO9?6;e=E2R+F?@$YTQS;2J
zm9BP(43b1bl&Cu^Ugp!|JPdd;Ew1jTY-H3GNKqtZ>eBbIr8TB%b5pJ(dKgtwhv+dp
zvTfrGZe?GRsJir8jx|TOv(Lpxp3ez*Ep~_%?xXN&aYgRq*n)CQXVhj;Cu?a{huD!5
zNDFpp!Dd^QNTK&r5_;jtvtIFe&QM0Dh)q3@`*kc?7mhR7I1LsRGDTCvP1@F%Z5)1V
zw0>%tayy-t&S+hR>f6%pK6K=#sOz*grF3~e2pPU6nv;(1X>7OSA)da?U6aY^PrQm_
zg~<yEKf%tdRRFbp4-Jf=80BiBl*n$8uQ%CTD|ndj{+}vMOME$o+1kJJ%=O8u%V-`0
z$oi$DJDgQalvc_hhsTN<NS^)!Csq&p=xDKUl>tIDSIepwMuFOxu9cDeER#;bimu8k
zX~BK8k~~nLo10r#1j^r;@Apug-It^bQ6oB2-Wm1iqz&oKw%63=yS2%)M;gINQC~Tb
z7Q0=5beHe%ahx00ZJ~~V6gJ4S>mx&rFTwe1a<mqHpWVuYb8e4`v9GcM>=*rERJo34
z8u|+f)>q)uNU6w=&AmW~$9C<!cy1XN+v#1HcW#eBl;B|Z8qa)^e5Hd*mg%VDcsdP!
zSdq?+WWiJQ{{cy>i-#jT2BkN^5rBylTo8h0M40ccnoEwiwPO%qRdM^DYwSy4$02|U
zePEzDfZP?*pn&Q`BBWF6nj5UkvuypKMrv+rhi)u&6vZfOwMA7q1p@t!ooUTl$}CPU
zj6=4C(u75_a(|1&!dJXRk)zjt3wObGFZdoV)oUlyAejR0x^(MsqDk~pIG`P_=>8Qe
z|3IU5S(bNev~iHvb3z9|AXH`OC9V`-2Jf3TQco)maO@%pF|qa9x0Pej^1oAwYAvSA
z+I8*C=Tv}guVVqu$Str!M_(<>uU<$nA)27Vq-B?zE`Lcc4_l@bL4X0;SoK+-S|?hw
zy$EaC;Nc?tg4zm;V=#&?>X|w@SMDJj?r};(&5Q@^sfuySx}|xcb;;Yh^}O{2X;n*9
zrb1a!upJ$jEcMhI7$<^!)l=!PEzDLQnBPk33NJrVh`OlMPbVaypgf)+KXG13Q+|v9
z(XcH>=ilY%4Vo;6B|r#L^a!q+f-A>_1aRAms@tWF4CM>rjbJ^3<Ulo>Io}OkORJv`
zm*bZlYV**H1;sv^*E~(6Ax+?$eEb8AZtaE<L=WQc&fEoF(SW5feR|GzEnXbHn7ANL
zUp&v4)WS=3`*kpm-btEc`vo^!j6|OIa#wo>LA!)sN6{ETv=(1bt)54F0ZB$`oe#7M
zoR;QOqNtRs0=F+V>hx&z=N%v{9NNyPJX7ATV6|z5o3zuHg6!`U6T2Qz4*-T)ul=}R
zMT(*S*6rV)Qvr~a<YD^-mO@LJLZ|e8A@oKsILdv_jGC<j<XcoOM6@RP1;B2a2Zivr
zVf(hS?0=#0zU+ee@f<+aXFTt#%TbJ$(!RT!vP&~5(e%T<=qdjpPghRgo0RV^hFIgq
ztGfZ&Sx^F?8F{81(+KcABLLqDji{wAfNIqc6BAAaZu`>fa~4JfC^A9(DHrR{CuhfY
z(qzC2gi~}>9$)S@w9x{gbpeV3Eg>?A)lDP|1#sJ)T(GZAqv0C2j+VqIbd58_XvMX+
zOm1<A0_r?e`GsEb0KVV*8C=D2O`KD!Cqhe7U5jDA$1JWF`;4}6aHk1#-}~o_Je#3>
zv3r2Yd&eEMLDDRLNzz9E-ptSj<RK-eCPr!^^~s6A#1<L-ru7B`3Si5197O405q<3=
z6B{Tc0dyQ)#~r*}!V8~Di||Yg_O*^GYs<UFi~EoY+-iI*tUMh-pwy|4>Lt_1>5Dl{
zkf+!N;UbRf*Lo&jD@%v@-Yb)6^ux@%4`6mK#mrMo90_bN$1wOF*{IfuOX6>~EE>`=
zvRsC#Dj+BlD$3F%bVZ3yLc$IUR#&+3XdHkIgh{q?GOh!x<KH;i#1vnb>P-Js@5h{I
zu;kk=BY2@I9{IU7<K=o?1!?-|S9IQa0cgj~o|mr{sv5elIQmn;loxwH=)+~@bj_nI
zq30(>IMwmP!f~l`t&KwS&9arMs`}#dovLa9cJ;?%6(9qXNOMlLcLT2do{pK5cVx+0
zd}1TJ6=%Q9Q<f^jZj7SfQ1vprXc;io>|nuJs=@*%2I`xv6$<Sz0VwV~w0%tppTJ5`
zDG4U^)KOWwpqKlhDOo~@4O!g*v4&IqHb>`(D#grR<2Zz&GZ(uH`GKuk6a&kNTGm!B
zB=mL-`7ri4bVsnpN&jY(D3EBD81!iddx^!ppPc~J6Gqj#tdclLwqxliEV}fPKk;H6
z8}(>~#cjR4Nb*&rBL@%b49p8!iDO^NKpbPd<p<<ad)!HqmNe)B4a*lL_n-Gnnr`mz
z+bYG%&DuWdz_u+*`nfyEl>i*FnGcFJkl<i&DCoL5EHQ#9B*8~yM6}PO;o3UTw2o(K
znfsb#eo^3)E&EAG%q>$<>=-$>vBQb{Mi7MB`jFztRQ|y02-6&}@Hf}La#??4>mWX!
z`#DcE-_F9r-~0v5pM(Oiq0h4|E~Z;<e_@`Q_L+C@0QYglgJU`77S0B%F}SN7AlAy4
zcW+On@CG^Xx1DmEoneV48?)H@W%oE#%~9itd+Dd|e(Xx2t)~DWjU|<<+}}XwUfs5L
z2fff2F1AI{9zrxqM?KqBuP*3N;02~2`Qnj5mfF28n~iWQDi!y%xlyhi`xjLMT<GTx
zFOHAlisRbi>&UfT&Dp<E%#01M<Ne0xoY>ZPj;IR9mCCO1u92*ZDop)M#g^X&z}&yv
zf~n;jUhf9{u6f^p3#Yl1{tj7vs=ap+k4t4Y_@a+z=3rn9lU3L9udQ|bo5|SS3WY9z
zc9dAXA$ZgMiqE!2p>B|_LZPG!@sj8Q0D6Jg8n{qBDP0x-d0S|<5JN;7)W|yEW7sF5
zfk;?26cc+1Kkn!&U4sDSLP((-0FMX@HDy*>08j<K&BEyl5E=*DicIrP4OPqQLs>nh
z+&o_6fQLN@LBwwOn62pO)bygl<(LohC`MZ^>rnutAwaf(k?{jJ7!~0~gcu-s80x21
zsxg<TU#kJgc4jGtZDac^X4RjQEUz2k^e+@^*+87mGeIbREH_LA$i{emF@iNKda#TT
zkIFo8{f5*rT6p<;2SO8=mMc|;TkH$fd8SS>OGO9BQeVPZbTecnD~*!RqQq)qk?R?*
z<>p*l+FkW|7kbvbtZpy4DPwSH$AL~q|M{-$Z0W_%9ZhbSkVy%ipWlny<zEKv20HW{
zq}p(7wiK2qL)N89!(^FPbQZUHC|#~|y_TIN<~wnSP=sf^cxf!>ZZ2t@87xQ@E_$O|
z*xyy%Ps@9jT?wJboQ#N~wr9KY$3+Tdt4X8iZKlaxZ*)~4)BUdE_FB)%mf~z|03k=r
zd{{Yk+{V!eGnb%P8a+HpfrAx&q~!ElWb4ixm?$b}fv%HYc7MHhS9;#{n)!A+P0AQJ
z(a`LwAG7dnWp~^cysyN<ZKMPhD$gS>f+ur89?**^y*6Xj0-^!v>Xqg3MR|UxfZ}sS
zhcIN8s>#$4$;1_LpEXbthENmMCMO0=FtCf`JvdU*aZ43P=cn(0e7SZ>gLrh*{B_`e
zjQ>>e*~A^XZ|)fId)O_NqW5H$(CW?qJE(nhq$wZ8%@p^VURois)~Td5{=OKK11qxL
zJ6}D)xPIczGStCW9^>~tK7gQT@uLjB7Of@>^*~Y(b%`yrKv2w>cj<L~xSJBTHYzSP
z_XA{U?1pFvpdkse9^Pu-hra6<x>?|MGuZ!+rIMp>ts8DFQ3qTpZrsGWi9rKq3k9m-
z>4)hycQ9c6F3<m3y4alzQ*Y20$Je9v&5{X0=$2Q21W*@<2rXPvNr9S^QCj2VDPJvD
zLnD9~a;3*X*4ZLUbZUd}q}+z`{YFJ`J5|y~wWJx=pVUc|nxsizJxh0DDT>dn&o7RJ
zbe&R%>}y6AbfL37;ZaFw)4I8B_Z7mMm5@_*E*rdjoEz@vu&wSRZ(#*P=kF!-<dJdh
z)O~ch%b*)D(JgK)1crA?>!00+X?bhpL+Z<~vTD7GE(`M`cpUe;OsaxT4O9n$4*~mK
z*@60os=|O7eLL`TczlRBj-3p;=*rN2;I^v56XvvyuY6|!3!F-zuGQ`zV1<O=N5jm)
zqqG+keA%0z7z3quu0f1~-OE300#^*2U5q~cH1X@T3{$}qtmla5_f;={-Xxv*2qV*4
z^!pU5kcUY&KG<VSE)e&8`NO#Jl^BZ&DZ<ge(F3}}%8@CFJUtDXbQeCbE@>#R)JOZk
zQ$}`>r}cyvJpNTyRU+47#T0V8AdhQN@~~o+12S-w*Lcy8+QnGrZI<YQ@PEnWhPw(<
zY)@}hKH5=F8nS3yxn~v-$FJ}91Iy4K2#^WJZ-AIYp6wv{>p>;&?6=NYZBS3g1)hAP
zDQAb@J&KUPIETBExjWns4;17V`fnU7T-3Nd*fO_zN+n3<CAK=a=x58jJzMy3Pjgr0
zP?tlK^y5Ju+M-UO0P`oNbbNJ=a%p46?E&pE^g>V3sqG$3o^cPaY!A)a>(DRyv%{fC
z8@9Y<ucws5-+FgL_4#(nSEZuMlT<Mj{=4BjX$=T`KUC$g+TzQmq38DYHQ_`YMm0YT
z^`Hj+9Uww3t>xAi7Xt)~6%a9w%;v5sB}p8X(9*$p{0$xS5@;olV{+Re`J|@-Sw7VD
zDIJ?gJBZ<s3PXH%Ge4Bm=?*tpcvm(|1<xqFL_BeWxh6ja05+ZgAeo8F#ekPD;b53-
zlTwdd-Fn2~@gGiXNkW)g5xB(|B@{r&VI^FsRkaBT05w3$ztG@oZYB^~bP35KD||Vn
zc9S5{{GA43rN7q8&v_K#RFeAj>WFlJ7GgTcIN;-rOjd<S;-`jC<KhNxX;ft_kEmaB
zV`=nyt%zw@a9}jzAgg)gB}dw!0M;gng`4BYO4!J6O#O_Z0D?3`(uiNGgjbw-j;eBI
z08Udx3^%F5rrOdrlfL&xo6SOq`ddYIR=mnpu9DKX5JHOH51M>s>7EFH^11!D!o-^n
zyj}4<bpHa8BN@r;OL^Q(1y4nEJjHB2E|lt9)~9}jRwiptF-j*Y_^}N%z8sd3TzB8v
zDtdM*Ky}I=<l~dp$`V?5aWZH*1wutz?-jsn$>=bucM7wZ7vr><WNL4;PLXSiZ%iIZ
zv@U{JAg(aeDyo>8XtI1on<xDnGLgq)!aByNL`7;cB_iD9&mQ=bgb~>fC#u0gMGyLx
zc5_V>MSJoUuaWx*f;-ACr@o$V+R}|z+5Q8L_*83g&OgeGr<4^S$K=m^ewinw>dB<f
ze8{96rZP(HcoAZ@c3e)->lA$@i{0df26fdB)cP*lJ7-%td_udpj8=Sm!aruZ-K01e
z?V$7U={o;lsRs6R2zvPxAO&fp7>U_Uf#<?kf1bE)j2Bh<+#x^_U2EI;ihuP@N}9%Z
z+35Mt=(e~xVoHb9p5iG5SuHuYsY!eqLsbXH;8Ou-P^ynGpZH%P%}{1=i}2h%s(v`;
zQ@3Z5mX|Yj6D_Ie#?0*c&;j;<WgrkQK2WE^j@}n^r@^y`ct{?i#|RW))3G7I2z1|=
ze1$@!HGY5yBcI~VR5P~ywZ)e^getadUGli=1he7mr$UudHK%dFhs~~9C-<=@k`A}s
zr?{_N5<gqpemDv*V7*Z1`$#{yJyXaV1uDXQmo!ci0$38)AzGz_6<klC_c`taC6A*E
z03Y-XX^0ROHW|>Gd_`GPO`D?i0*G<J8cL)C6N`QYTp9*a114kRM@Ua8dZn#yh>mx~
z4L(ag#JGAtJ{R$}G^GVsy&X;Mm8#zwHAAHgn-aS}a7oOTox)8-RNJeSLA9-BOd%mf
zMj-p;70Dl@sw7BvP1KQCjvEg{7)7XSl)?t^ra?<uF=oZf{e8e%fjXjB%Hh)%$70%D
z7K~-e$PypiFFz)NQ;y<uX0T+cJj)d9Jrt3B@*@9Gxfe93l)>u)Jv_-fH&vZj1S~(5
zZGF<f;Q;m$<7T~v=(RWj3NRKG<?joz$S>uEvT(+l6JQ-x5O9(^KJR<HqdV40Pu#z}
z#9eBb4$WVGZZSh&@Kh0nHA!3eP1&u^7vuQ|Qko|Zw;N^9EcD=$-9eSb3<Zl*@E)nW
zNI#tR50JV<r3?xfVutsQ7BeiabtXW|o`wdraUhKH7no!%a}zj-sOg2HrL-~mN<)BA
z^b1mczk^vWpYMF^F763Y-^)gT=WoEC>UmdSR)67fm+X~22*^iJk+GAxPOdTo37;fo
zQ8k(?WZrU*Y9AWoS75yWl{#!@L%4K!tJ?sA_4CU3maYM20vC`ZL^d;eezN0WJb>WF
z<STBRoPSF#)Jg<k3b?l5v@HVp%M0-d!dIH{e&o)yVT9WeT7t{6ou5f=Ka}ca=TQH^
z#J{iB52CqB9+b`I@-S7nwT^(@<mBRO*r{jk!X%Y%e8q8zB7zZWV|<iTWnDUIWj(sG
zK6r3O0Tw>2@B{XM*T-OP(0#$WnhtE`5AEU0uz>ZxqMhl)MX#bdwU>+i+td1fl{)N7
zD41Qt!Wjkxts%w1-uE!8oP~#gM~XEOUCCWU$Z+h&z6Ati4L~G0I*vk$|4m3jX{r$T
zMG*88=;&DCydZlkrRa?nDth`-oIKue?`EmK*Dj1UQ-8I1zoYICq0dl>gF<C0?{s^&
zxJ%ugreD)cB6rOqmvchEAc@&xfA%Y!ue?2I-}JQp`a|LZXF0{kZx1|}@x*2};5^n^
z@%73=e~_7Q&?Kkgt6m0m5NN_+(wV9qE#bLPxo2vA=f(PUw0^*(l|(E>dRq937TPJY
z*7r+i#D9UEST<tjiIfD<;JktlHPjNwnn+?{3p7d1_r*dal130<WAOA#)Y8Gb@rwKV
z^f9C)0}d(qvZpV_>_TztY`W5+Z0C|BlZl^-LHenxuNM8sYJCs+S9p2HuTwXn;s}Jq
z87&sa8YfL8h65|NDQ22nkSFYFxlYUW;dL(6Y*jIJTehN~ckiy*Gzhp$+MdEqxJh%g
zW6xv;6(j^+XG!slV&QOw@|s{q@z+9;tO&R8<yyQ#y+-7-cW;=`c5u8}X$&t?_g~~T
zw?(0zwtxmQBEY0-TTAb=o@00J!+0WS?v1IPr~4x{zl-Ag&@R0^te!Z_zTWO%hV;#5
z8eurlQ0L`8RlAHQNJvqZ+d#K@4;dyFc*3;n_tCDd;B|}lvwu?hH|>0==;u3q(u`(f
z6Fdt8u-_!04@te`#BPaD{uEQzjEE5);sYA6)WP}FY?UpMn7A%rET0n`cS!OI+k$I0
z(%y{6_bXluCd1+Wrb#;A(|W#v1`zI2j1FO9Yv!~%M>pjYH8MK6PA;lMO?=t%FQkrM
zAMrKcH`Ffg{T$V%j)oBgUz1b5b2E05+Xo3z9Q0$?so)9MV%_b`8@PCp&m^fhc%mBN
zFka9GWY4RQ_N!2xVsmvbu@O`582!)1Ne$#+;e4>qZA`vW)XH4Cogp|SLwVC@5x<wt
z;a%ST7LR8_3F`feu@_)Gz7tgbAY6rvq-gC?=tv6yyuRDq<FC5Bh4_kIV_kydqx7V3
z0VzNjzes5aQ0wrMlaQ>yYjj<m0W$%TTjmkPF&a}zKr#z=Z)JuuDFl$X1GiQmW1o$I
zsdiSac6bx8i=~gl5)7SQlOsuesn(c8^;%<972Ep2frUuv=1~*~pgy;CWYh&nAaG|~
zN84mVI0*>Rjha&m-7OX*5^#m^vB-*f9(#{O_R1c3Cz;hTaK^841*af?i>s=jRKT{p
zVv?fB<<2pLqv>?lt<GQx6C20E5uTXJd2P&<;-1Un^^~iXsGWm{jyKovx{qEt3t9C0
zQrb51g9tm#?)7RvN+}l1i`!eQm=vKqc@Q9n9Me*ks$5!f$8x=GfDR?hmOB(myKH0=
zwn@7vrnlC_-%fH#spzhK%#xkI@!VLraNbl(Z@+hmt1db%UkYk|ao)e%WKkq}Pu({_
zo}s#6KI|QPq$3RmO6IEL!b*qA;!(0D?s>S%xM8!owy&Wj^bl1c$ZYb4$d1>mPgm@+
z?+C8!Kc{XD!w1tOdUg`llruASlD=GAdXRBE2=q-2mPPB=xs#QOd_O3u@%VHLRF=dl
z-Om&I7J$R8ZG449j9K$3k_2FCySXB0eD3CHs3a%*%$Y>Ea1_!l(~7@DM+Z$T+(#Gp
z7`m_bxQ_P>-uF>NmW}MEB}GKc5~>eu1+z#%*HZKYjWy1GCN5XjBLFC>r8q|rhzSj(
zWkjV#WS>2}X}{?1!TS{pnldPl$Yq8)zjZcL%xe?Lsv*~ZENO9|#&GhSCugCt4sOrz
zr46&byzsRgWLQX)=PK@5EkO)(6L+bfci!%rD+%s9J9XnADxy?2U@^}$!0!)LK_iOk
zuuLIZf~7V(6l8*)XeJ{aIM0@pvTDP*L}cYOX@!BcXg1@xC8S^N4gjFWoeTmFd9vAx
zsHmr;G@HQ4(-PPb^5+#N>Y6#nY||%`6c8B!jz9Q7;73||jsJvKI$(&wJ7apcpk9ka
zVzDR>f@Y6e7mRu2C4?Od=kPEbmZkMkXoA=b4wO4P`zCs=ipq_hRu~7(E^-lK5+}$S
zO{BB^I)lo&!-rYg5i({^*xg=Aptu5b_wR%&r7TAltJh6W86ToQxmRa8_7lp;#<r7B
zoZY5wU66Z}ULZZaq};-G%{O@de&(UG&f)v+;iQDX;v0co*atMo)&ogMAbIohL-G8Y
zf~RuO6WoP~ub+@7zCoFm&z05gdP!i-!R5U?WkhMsG4K5A>WylwLux+O4B*F-H1zx&
zU<2h;Ar<#7t0)WYITjBbwY4IV=c;l}4WFoQ<Oh|c?8}7$>--T^PvrT#5xPkNh`g75
z>xh8;$|(reBMJfpgQDqsvb0vLF2~uYh_)PoPjT9b*srf*5L~Ea)Nha56Unq7(IAxO
zq_?8hOG!FP+Da+W=(&>dev_nA6@WdhRwbew@wh0;a#Js-ME7N_@<hQgirY;3y`G^e
z4Qq~8R?Kz#BlB8wFqGDo^4i1pv+a1F@Q)nV-@X{l<a+di!`|9Qr0bf!QL#KbSl--e
z_H=v^v=Y6LWqm6cLe<V_r&z{Fopm%+HZGibVco+;Ln;FPCjH;d4C-l10I<AcAt}2u
z@#j=dz=1e2gC4xDMU4}YDc9Qvt|?agEv&2yS){dTe8rRFPM@o+7&CskgimEx0}g1e
z4fSa#>UJcH^kb|{cfZ8?xZ)aHUBH<lJEc4lQwpfInOeoO&j~0gpE|merMkFbWm*Wc
za{XqsjrTMhmpKj^+p9q`Oh`29#6|KIp)Jp@4W1$uH1_(!^Ejf5Jp8yIm9^>78fVu-
zsX}8gX?nh_=_EEZMjsOL9JL(95ymJxKNZvhfC;ghFiI70p?Drw;<`gr?AxWv<UiDj
zJ?}oKW*GvK@(Q|zuXrg>xoH8;GewcBQ6Me|EbGF@z$hX``Xy3WQX(J;<m?@%T{%3y
z@OL`U1xZZVhM8o28X?`_M>Y~;EuQrjH_}?8W=#OqKv5|Q5^(-NPzwZw-xmNXv;b&5
z1uprXdLFPi3!=cG((8HlZ`>=G*Z1tNX&r^E<akf@sea3tcpkL|;!pWYfMypFr$b$?
z0U#OB7$AcHP|&YtUAmk<A+&&yYAz*jedh7WA3$S-8s-V?;(n#~Z$?E$KA)6&7|KuF
zqxlvQBT1H=1MK8IJyou{z-61TiY^evz6Ws9*oz<y03D%Np-i^Bl91b-D+L^?t>|h0
znyN!96HQj55p4Kw_k`E<X*lSksO)v!xKaR~{V8j(`ZaKLQ+IH3w(|oirz$-&xs}+x
z%71C$OuOHst+C*F)}i)nvi!1qvfj{{P_;C5PfDBq^@4dC`?<=aC`e%I54zR7XSws{
z%Oui}hwU#b3YPF7#1}2_YVvb}mHb<qwq{~Sw$-p?W*3wo!b*$a8IqEiD06Byx4ihO
z)2rv$9P`F)rMKTnO9LOMx>Ek;l-KPZrhnH7bUQeBemOKbgjd{~)|FwB6_35B+e83>
zS*40oXq_!Miweh!0*}Ns1^klAt?eS&N(%1DVRE2I9AG586J{jh=6|IMei0W;&YiK3
z{ZZBmH-&4B&r9gnu%xZVhkskLoRv0HZDVPJES2EPr%M)=vV8JAOr1%Fp&_{ZO5HC@
z_EhVl@ADu7#9l2QNl~s@k$!1h_&v*87RwPziWN8Lyx(oZ?L+q)x14p`Pf>4_&rLn%
z5V2^#p)C$Mq09Co&p-^{UWaz}g&xiZzJD!oCK_^ngZ27gomz07c|}||`_&ag9-_J1
z9;SV$@Vr_i%h2P4o?~W%xbC%>mTn(^@==U^<V{8alV0!h=T9$;i6p3Eo-d18M|6~t
z8Ucjloubat_o%EowRetCSt)RFfgp}hLDu*R*fB|K2A0@DHsueg-5BfF{GJ`CWp+d;
zSyW~AW$S2!%l{h0_#QOpZUOiSf-m~4Lx>D@B#I)vWkspa8KZZ>^XogQ_DG4c+}Qvk
z)056ramPX9c2bgHp0S_U!L9wf9%Ol^UP^p~|3VN~WBF1Q2E@Shl+g|7<ir)mN#5pM
zW(dtHeP^=$+_GIH?kV@)b^kDws3=zik`(9akeQg&0YK;QCuhx5=!MGZsH=cZOr>kx
zH2}=f+5YWBbGyEk>cSHAd#=VeU!^gCkS0M)`SbpOyxEdc?)GE0c*4-ugKDPy?r<Is
z%(X5Iq4#83V|t5)J@mGfmnF{@)~cB2t4@B~pb6ZURO?eBYhG5c#ozX#G5Kx^qtW2T
zS55#9L>&i^!^qtK36#SEI0?($Ycd117rp?z5}IcbzmaU|*wMR33|q(?dMFgoXCv;g
zC%z~^ye@0CzP-Q9R$42{ZSIZ%HM?tH!=W*_XnJh6?2WvT4V4I18nS52vJ3J^j!;1C
zTgTJr@29Dd6*jGZuZ)h&l202&!Y9cfhV+PBkdLR2(hI+*Qk+qC>=m`((=H~Id+W~W
zH2`sX8!hK*uBr{opk5Di8GyR0LMV@FTX*|HO9y>=y`lkR<g7^V!vRPn-AhCA?7m;d
zPN}%oA=C*W8O*?$VZ>>_*)Iwe><%Yy5gw6A>8&E)31z7bjA8NiXZcx`626ie;b>4#
zLyzzwXbmy0A=)_(!|B+;zzDa;xrPE_0#j?JUOP-x0(~~s@r|52tRD50U8Bw|UH>J@
zH}qGmBPPKTXdMww0-^A4O@;sf7RA){!U5m}HJegg2LM<eJQY}Y5CG-&rTHr0T2KK9
zx@Z4p^i~@PilT(13`Oh89Y_FbEj18|Lnua5(j)w-J|qCd0RTZ-0Iq;A`|BjhT2o02
z(xc2CaneIYz{{Fp6C6xyGq5BfUVa2E^bPX45|G>@BOW3+SBOCe7iWE7khLjLmPrZo
znzI-IX$=c^%3KbgjjR}t@9%k#jFH^}o1qo`{5pzGAVr3Yi87Yxz*yWQ0-^!hFjOSv
zShYO~Kb9xOAzX@AiYO*Z_)--SA7-@#JC+A{g$M!2tB?BFZ975qjq}|B36}t#xvIrU
z4RjkH1-?tRb6|xM6v6OZ8>`LUMVMNw4YV!Y7_zG#omO?NM<F#FgUD(v1;>0hOSYdW
zLF_!rUy)zI#9pcxNY&Kl)Mg<kMZWPBk`))18;HfZgJIQJ=uE)GRKnqaBRD!Ys>uzo
zLOelj!f<BRFf21$t0)RJ;Jp^D0Yq{t3{5<j<=&P!l4)l(g06Da2iE=u5r|H>O1xIe
z-UULuNF)Pd?j@yeeM$qOmjh$`9)J-_b>9@l?6KLc@i{Gl4LGdDc0iEG5v^!U%qmr^
z2_Pc4I1vuuxQ-DpxcY88Z~zI=F;@w0Du1<5xiy)*T4-_XNm|Tllg>qJ1m)|$Yi7%O
z4`n0gFI6ASW6H9W)j?11qSV6fL*)=r%#GK`u@)Q$pnwj9wf$1jCo>9U%7P(K&gS_q
z3kq84J{zg)8fel#ef--pTb5BK{f5dRTp$5!?6lHJ3#gIFcSTBTfoZoI9;kDeV`AGS
z&*7kP!qY$tL3AJmAM$OK2i2J=#-6=Ev}K!E*aVdYud`duW!LYewA2`^bEKE{a^m29
z<6AcQIt3ygffE~KKvZ|h48~xgDOfCMm_%fgsvPF@z}~@EtK9V=U+Ww2jKwu%x11?J
zo69M#Cgqb?f<KV0mH_=6Dnua3iOBuxYQRRA2_ac7K0DOpB5`r;gCZ6RQerW!nE4ji
zsXb$i;Kcy+I2>j(D6(4?Y^*tix2j{CifL7fr3oyz%u18*CJIN9SZnZEQUJzw^FAYW
z6GamufEGoN+Tggo1Kl;*U3V@YKk|4FDL2opA<7?`;fhuk4HIB$=s^K=Moun#Dc&9&
zT({tucVYG+M&~3S*J+$*+7Z-i+baf?H2}_aK@_Jh!j#Pnnol$HDt|c6ze7IMtpg4n
zLy9+KwydH+8!zWZv@MaqbHTv@>Hs%852OWz(}?o{zml$`IyWlIL-pY!P#k-}v0|HR
zi4C;^=@zGAb}(1NsJMYK{_+y6t-U!I(?D5fxWbg&V%~q#Ns2%Oqq@2RcX~Bm-U30X
z&K-#A+5H3x3=Z0f;L@GoQTra;RywE9gOdUv4nW(uI%fquUfvVM-AEpe6QX#Z)xwuh
zaE`!_KrzrY-{sUUwKPFq5eX+0PIQk_z7}B!$ivNptE^DsMBV%VPp%l(BLnj_w>j6O
z7Y^qfuby6Belt)nYJl?%fMvDtl}d&vm36l4h$Nxyl>gpM+KGX7=T82l`jI03fT&Au
z``s{t&9Sg)<aY=x7_9|~1yh5h!CS!@H~2k2O!4ZtbeqPYREDegfZa~)8jL}V0^L+d
zd<~N&&@<E2AdIli?+5TevEvvH*s>uhqTN}7B8|j`IYJSFgG!&{PQ!$~#_+@oMAXW2
z?XQoIDT*(%TRw$~vBsdOgh4Q<>_oogZPPRkluQMfc2<evgcHC-B+^>2AP&YZ#lgsX
z=Hx=DCVi_0?+jIakJ!1p!FS)qyk~rVUcy&duIF8iR8k{aU>$*%Iz15D_1SE9XW_Z`
zQTBPjb6bW+;#dNtmf;PGuG3&1x%-GkKvY0U1Af*@myq2DYB_*o74LXWrfb=FoU0jx
zz>TFiS#9YYX3Q!{f&A{N>)QMZ<;sA=n3NW9=p6WH%~~z%?&Y7t8c9r(hJbHH-_V?Q
zzIq4u+$(mXfn!s^o3hAq2?pG72;KuRiB{!YS*o{XkbGV;1Sp`69>2YUSb&?KVS0e7
z1s@HMUIp_;9A-R??u9Rczfv+Ufu0>=40_?k=J3q|Pm}H=<g6Cn6)*!}Bosn4rQ68g
zF?;tdeZ{LMLPQ>kl1JsHJ-{}(VTrCq065v17~(}OYLO_ZGy`b7#dXZ;-tVEt`_vK4
z3MeyM_)bt-D%GjA7U7KNdD^fO2T@WgkR-FvT@TI`wSv<-C3aA5)?DKzq%7P#?`a{g
z-6pcw+NAUr{O>8_&jEH=%4cF$X1f9vB9(uthDbEX?SvH*_lBd3`?zva06fA+!3Q{@
z5Qbp~mvICE18a1sZ;f>YH1`uwQn*O3a+RW?$FG5R@O2h48ViHVu_$_j5C(U2W0hKP
z3qImKWjSoda@eRP%z4t2s#!#u*Ah7i0uesg<ZAfJV9kpv+d^CvvKkznT&sTiXNg5+
z0Q6g-t_63!yM*OjNbd3wM2UI;!Oml?N-eO#N4%y;oXw+eYApxA8hFXJwb}E5vJyaw
zf*6HEk<0Cq42(Heoi3m&fKUo3s~IUA5+N*{p|*bT>piq*(&Op{Y_P*Q4rN2@k&xv5
zvY=86ET7MuTB_g}0UnGH$RXM5*yHNG8kSC=@aRN%s0Z)KHAe3MxM|BW4N07Gn<s==
zLjv&&rBp-L)7_l28jrcZ4~p{MLz>B6Kuf8mL8TVX<U^;wHXhFmY?R_78fOMu98lvN
zUXh^Iniz@C1y_Jw8uxA=3v%;$&?)Qly~p8~7Cj{3H8?Yu&z3fqXUyvU<t4UrONC@+
z@cMOjt29<2d$A|DyD0_{adeXM+wa)V1XS(`>^s-zNGIZo0lNu|N)?GU+=#|eCFh**
zj79;tO%hcjbq!fktChwtz|m1E;#jYsB)e67KqXk?Sa{pb5kQ`wuv)Q$evX_4A_OT#
zympUQKHzlIL<|^*dhN1fmTxqZgEv(;BR4R<f*#nh>}bbhhkN+_TOyx2l4FX@)(TdT
ziXrrySIYth<SB25-g8f9k#Hh)!Bz2W=Zrvz;kZfc>d;HP+^xB_kQ8`zRF#0Y{uVle
z_yxXKig|}NMYgLFfOn-fIGouC0}xcY>KFmc4H8q^O5~$-l0z4|i%NV1f*=817w%#S
zapX9jSOho-XrM=&!6gm@OgJ1(Sr#a}g*SyY=ABnt3u34Ya*Vb!ux6AMWV0#Y8K`9g
z7bkthBg?|C_ZF=|#u;5!Ju#AvqA9@Ep`R>;pPjRMdDJ~~3714R3JS|~)lmiVSd9VP
zRA2`%X?+QjDs$)Lng+Zo{A%Evj$%64F7ovb%SVief*GBx;nW@X@^v`$1D>;bEXF+D
zzc4W2U5eSV%x+nN;@B<?#Lfsra+HKv!dnOTlHriefPD2iTc}(}4pkB;VHpZlGGYdA
zlRpBr<f1BHU)ds12ko(g-@gDYhL?k)C^B0sMrr42NRo<#$QoGx=}Jt{PB@yEuP}6(
z1s)&V2co72BJ6Q>-^8or3*0!=2IU$SlqF@=fID<IT8Ve}pgP6sIDJ4_F5;MU5BYd0
ziabD`Z;d5@&*8_EiL?#^P<+n6<46KSNEn){6dY-wnNx?whD4A7RbE501pIjHWdE&|
zks_?54-*1#8@Qphki>|P+8F$pD-A2s|1?Fh*-RegaRwNQ6>uWD4rku8eeVFHS0_f?
zdB~miw7{|B#nIZ0fW{-5gt4v#4+R?GI8;azxPI%v4Xh-@bOc@-Pyw&|D<om;a%=(J
zBPq-imxR(9P*HAwvb$H%pd$S_XGxDqIZwL_gkZl42fPIKd+6~y#{+1Qe?sd-vSDMV
zM6J(F|Ir<nbrF?!&z_?SP(of-Cat$SVd8%6yfC+Ei?eIPK=1o28aV-_C^T9A32D|A
z;<R3wJ+UwBuTTC=rmrIW_A81KaCoC$LOfE%725;a-Hyi546zA7bRt3n_G^u<++e#Q
zw_GBPUly0*!l16EegJxU+P$-KW5JG=DO{!)|Do1rS7#VSi59y@PolJySyk?zYtG@y
z`AXsZ_E}N>EXB|!{t^j`>GwqeZRuKX$mhEopeC|@aK9Ru$L0`?nyl_SruBiJ9KHT!
zoj_vhPKmZ|L3TSB!#f`DW1Sjz^Ft5Vo3g*AF@-?XjY*{EX&T7(=Qh|~pVPysJ^p5|
z7=N_Q1lQmYaIq$bgA`MrdT&g=%Mfs2^ejEY3Asgfcj3M%Qh1^Q!dSzC_x3O?bD(7p
zD+BK-yZc~oK}@83_Sp(lxp4a@@Ys1_yHCY?)=zVt<jyL-A4o+@oOz1@F&A*Pf^K<`
zW-|G1B7oLBxX14kOg(k0b3w2#jF#2<>x(ov3m6WE6?ngG^gVUma&AU=0W^gPW3z&?
zuaayCSwq~;p98M^WVpkLG}W^Dvv~Tk=UR(4<a+XJUoL1|$Bi!GKGlA)v_y%d!3X%0
z<(2;&e3OUTp5W54=NYR8o126I6fLjqE)V*UK|Z7D3Nli)0wJz&*cdakW>;y))bhWm
zX`M}y>3Yx9qzD*Pwl(}MzJ=}9<h!X@GvdRQB3A|*4Zm%i!*MKOfr$c3<Ax(e#h@C}
z>&75D^sw(b#28=Q6PC0Fo((GdZ25s&(~9}!`S>u6!J*{m&-pDXPtCQ)xKQOaAncVt
zv$_7Zh8V(P4SBTGvbMTJ!}#3ENqm%R=@#3Przy=Fh13ax4a?Gu@UNBQ$h}21jlvKw
zDv4X)@q1TbQG<6aQ$md$JCmhj#VE({>Pbx_!h^i1hS2H|lfJ<rgEOwHX@V!A4X)qN
zeBG3oki+tZ_m>zu`22r`gWUat^D`xg%so*!B8CWsu0NYNcdUq}WL5C>TNli4v9&So
z2{qgFUi5os%+f-FR^dy4asAK$y-GhkjYTb+o)k;iczNhRbz*Q!5jyh^O@a^GU-=ZB
z>ImT(RAJB5PpD32fgm`@wR*8vzvLheYyeRwi1FD69ezs0%)z3S1G+l8tdyKNqsL^-
zEA3HQ8k}9*f?uL1%sVrgw3kBHP|$yzmpBdMg05c2uTmC79KCeIQ<g2c-u^6K>;CS6
zGLwBs^;;Hyoa%)_n7#oZ%`5Zd9}(il6HBt|T8fleq?(jgeG41NJ#IJ)B9}HzB&BeG
zI%*f*QZQ*-ttM<2Ogj9sTD|p!S1U_i<Al3$FRlV_Vq@;vdnCsSAfvi}n_lyp2%}gk
z8+SP`$`>x2YHv#7IB+dD;|d_2W3N<rg936FPPQhs2cO2%@BD5p^4fHuV4HuklcoWc
zUGum-e!zlxB8w9H#^qZ{9X$TXNhl<M4vAd4astvz9J5mK4p8BXq|lm+CljO*plj4D
zW$#0Yz4hms71@@EH&aA$Hw|lz9Ck>z`h+$G<z4ZH;RiiJayXwF{(~5lw51O_iao*I
zy`-E10k^FMWV2*I`+(%Iuo`H5oD#vMK&U8V&>B>ERWb+Ec-OVGf9rBPw;H~N$*nrR
zeaD%nui2K*_6s#$;&rWwzx6p+t$l{yWcW4ZzW#CFjZy&0$@Q&fzp(FLO#9_Ue_rYC
zj#?qa-(QU4_3C#wrr*9-<BMfv1J`TbU1>U2XY>Md3|*s^0d8~cgswP+g>b>e-EEp)
zB)RWG^*e2|zQB}>00|o!g^wOW==C_rX|<;n(+<(xmyTn383%re-!hVZ>5IB*5zQ%Y
zXfr3-3;<68mm)=aOuhsK0nLmxtM=50mD8YwNT7hl2?<_`mAy4$4t4Avo2oVvh=>Rg
zJDg=|r_G5JGx673LgHpY9mHx*wh+C38!bdsiTLhZ*>{M8vSb&(%}}$n=Wh=%{m*Of
zbQ)~3?>{L=;O8sLrD=B|$R7M8-@icYtS|tOG$k7oOBXS9NC#9f+qg$5N$%;YZ@WF_
zqJh|Y;yx(~2(=mEz2>TQ5&?1wAr-%bHU_FBoVRXwR?)NZu^!Ep=gD37*qDJg9%R6C
zI{>!eM>lgx71crk9Q!=hRROqAPmSrtsh4=VKuAf9PUaq9R1mUGwV|xQVc*Mq7Ckb{
zyLjdHQNzcH@^ybfgVH#RQL`?8UGGNY^;w0|-^}F8nSG<{JB3Unh48lQ>mTE(nlDQJ
zUR)Ia3-9`8$5S6;BPqSeQ@bI%EggPXk<yKsLq4dpF3Y%PJir|LtEoa-4p618EvbxL
zxL)mQg>PI!x|dAs0&_51G)NnELBbgdVv*%yZ6j0qKz!>BefOWUj{S9$nwJ|~t+OI|
zkJa6#2O;QsZ{V!3mKgs!e<v-OXGvU9q@C_r3Yz{+mRu~Kp*fXv>urz3fSmEvE>cLJ
zCskR@1#ih*Pb;T!nzoWt7zY0;zxV=5602##eHSBZ&Pj5_)9d3%0H*%Mr~dTg?$4M^
zbj|M*#YNw1A*Mh_H`5qB1;{b`$@c`DHdj(~ZCX5HNjs@j7O8ie(-MW1i%(_i&ZH@~
zc?{AK3+Ubi(F`iD^HLR+SOtHBgX_Fyz+(VCp0Ce&=JO7s3uQAaN`eQ;Cks4y7Clrn
z0@LYX{D%D%a0A81T(ddelwovq_4XF0C<=*@&t;N1VFxXZzej9%h$yS2-ISk}2^F@s
zOT{R$22{4kLAE2jl=L$e2H2DmFgD$3i(V$%w*TQ@FJ;RG6V|20OPQh*P(eP6k7xCB
zDGTc$WdVSIs)of5q3ZPX3?0iCb^LE<A6zG}AqAkSu8fluPm_l2*6}iUZWmREeu7M}
z+J*-UxkQ?iuTTLv6HrZhC5e(=&;xuUz9Rb`UEc@V6xWR!`cA8-n|}7pVkMmvjaPV2
zb(?Sg)#9K1M~0tc`?YTGepA&H`_d!Q6K(M1U6irEzQV=5eTQ$T2$-@v@AA@xmp}>Z
zy<?SY$mQ021vZeeb``h)j3Nz_OInS>f{`%CkjoakUt`?*b$a$T5;SOz%<DGl@#dL@
z*18=w+KXZUgm}C@YQ`mApc}j@;&!YoMjL(yWz0}Y&6E_*noBazgLGR-3wkKgi*J5=
z<lD26>c`j6^`4?pQTOxLdSyR+<mUg_PvB{|OBT7efz$0eO15YfWkJYs#Q_pgS1hnt
zv<}?7;<FEz0RX_AyX}?Mdv2{iYdGU*9k#5pZg|OJt{zIpZ1#5aw_H)0Hg#@!Sj7L;
zmu_mt4R!s>aN$#jX4w0cWrYyQG#fISOPyv-Q())&siM6MlBr~eJvOK3me+Z&yGj^k
zZ&8v?l?0RsfST*2S;x^)kn-hS&Yqpz;7ZbaMda@gDaJ=<<jo`1{B5Pbd1WJ$rV`p0
z>#_#&#V~tCmX2k$D6Z@Cr6}_N@O`Rb^Q@(d5>Nr`>@-w`w0V8C)$C6?GdmrWN*`FW
zsYAL5f8D(n%N$GaH`kBNoMwZcEN0S--&`^2*j1D+7t98o#Kh5q^OB_$>gI8eH4>K8
zs2a<c<avOkgM17zVo5OIMWP=9!09>sB9!mhkbs(O;0gyE4}%wOQyasvlsOU{0USua
z2r#TF=esrt-*c9&h<|OPrMNUif%Oyk9`6U6jVbR-nz5ebJ(l16>skKczc%{#zjXTw
zKe0I|gUZV<!Fw;}b2Ly2#j|;eJ@EBYToS-S-6Y>|_;TQ6bm@+UTYJNO_TZ)HwFm6W
z5D?k9l{|Rvb*1=38rI&rg}b!h%mjw2{dRY?VLJ4HWsiw99p|F`E`zKC*G+f;YHVjW
z#QO9bum|xni9>IU$Ql9wI@(za5s0Zi#FDA&LzWz~XPL5|_FE`yy3=;MwJH?z<@XF-
zVYe-t6v#R)342R^(41lN)I|wO&a#E9v$x~Fh<z_v`C>H45=x3G#V_5KKF70ly+v=z
zg)oTaSq=WYMRLRz>)O-Or^+e?<3=_yC-P{`X5&9!{%D*RzZcQYU36VU9(&4vcWiRz
z{e!P`J&jQMs@bJPmb@k2&o%D}pR;K8cSzi=ETu1T!Iri&FKga(BLTn{Tt*dDfCLbJ
zO23ZaW{vzmTo>D5Szy;CIsz}d7<>+1W~U!bsTaGAU+aHyOMh&Fw#41%$}2!=(H_75
z!=`9)du$yh?{)NC{s6$wCJZ%NxXxI-CPNj(E?PCJsI6m14(2~+uq3}07ajNVXx7@3
z&fm3UuKbdE78#i{<2~Cf-WKb6T*y=koh+Bg8Q;}tO$cY|@-tmYKf193s|nt^zLvLh
z8GNn~_Zg|i_)YYy<d})%E8%VEJ^RwJ4Tk|ng)`uV_SGn57Ap{fbK`T73!voD+YRK9
z7;eg6M6Mohwd4F}1ie5aXmyl650sq_qwFIP;)fo_GoK|orE~Lmvyt8W<Nw%g{(l*M
z=fBPO6}GS8?H|!S)RFa!xZnL7@8ORT4E@E^dH4>k>=Vmnt``1bg#GA2>PrIyzDkb)
zKzMSCAE3si@g6k<uw(=EF@YzpB@*1Ff*?B>V=TH{Z?1{2Z8u2y&UUqUDZrxY#{7~(
zz_#k<x;*rz0B#s;8KRzi6Y2cngaPh+0uhIzvgDCP5D(`&Cm{w6s$!X&_I*zY_G9P-
z1I|iGSr@B8n02|tfS{z?l4S$m4y>G4b#GA=C9dBJ=~?2&XkDIf3)c)hmwte{>&*Sa
z=xlG>*E`q&bxE!_y$&@NGteH{RSxxk(}iDhQ_IbI_HrufH+ny#(A35KNop8pZ(_rl
zUhi-G*gU-6p=S^7PXe%t#_<cJ?Y+;4boeh@?cjjkUZ*`R<UpK$+2#*%ITFTx4#kYs
zfK2l&n=nAyC2HRf2pUJLFiBpQQ=sN>(f>!2%4;*Y&R8Jq=A9=x>;C?$l=*klwmk1V
zqgzHx`Qy`p5(urQavh=6*bKP!L9%0}!IVu-Q9(@AyY;Q%6b;yEGAOIZ&5MT_%a=<R
zb)0PDyXn;<729tl%Fk;efCSqRJf}=dI5uz(%DSkG>o&T=&dS??@?A;69`_sh2hth@
ztIpEduFSdiWR0&>n*^>}M4mqu*-&6-n(_y3cmTvoU#-=@Q6QYtWCu`n5+vvwW7+re
zO>NUFe~s?{DF|ZfAYFLilRlvjAnzuX>5D7?h*&T)*=Vv;irF~u9!llk{|xK-|0&_O
z|NF~)r2$v?i=XKi&+XlW73fHRn9_R}=M@Q_sDZ`v75OCThf00*$N23(5h#e_$n76y
zg)=}1PG$d}#IA6)2NMuHwo(FGTO}O8?XJ5QH`F(vfp>5FGOd?f$=XOCqY761@$GkO
zM>efpOp2i_!S|vx+s;O5h%^2l<>@;l;)qilT=-8m%f#8|ul|!31IWYDi%Szt($1o(
zw*yNnWaSsGF)>#V6btKN`L*4BltOW|9_o={|A<wV%|0RUp{bdpR-x0)DenbAK95|J
zuOvl5ZQ}0oS~77NZ2T;d+bLuA#v(nbPQ9LPG4A(>r!Cztl|Lo<v&v=Cy?zoy{f~d%
zM`^b_z!&?{=;2jrP`LJ<7CiVP06KZ9jFfUJjO1hl3fY;sz*E4QN{p2qn|rq2J>nG&
zNrsZZv|ZMB276pBmkcy-UE55SS*Lp{4$$0G$jI&8N;xpUN+WSmC9_m_f*>0zAXRw>
z3W^G2D&OnujLNysQJk>9bHMN6l3BaTbA^&rM@5|FQmc*4Z40k0D1M@%X1`drviV~q
z-Lw8oM*Yi|$G(9fkMIu;l5va=QNL;wBvJkXk7m1i_tHs0fa(Z(M!yuOF$v@+LD5nc
z7QW?_H4HRbFd`sueq#o(_a0hSD|Gqi86v6Itk`UzPq=Mf8vV+N;`F5C$is<^C0%~q
z8A)#<8BhKnj-UUBc5nYRjS!c0`%;6o*k{;%CFhJ(eqOW>jQhe!IJ;{pb2GK<Gx^{A
z$eIvG`B8;Lqx={~ht%mx{pQ$4_tIsH42WbAY5)KzbKfg@Aa`{?y?6Q0hLO}F6bUJz
zNIgFYT|J3_00~B`3slntcKhiiOD7WILAo8nHi~^Tf_+O70CJ*v%rnBc>e|kE%qGkP
zkpw_?l<+fPu6jT{iW6<v<tx2WU0ooOQ{BIN7!8xw^J2xNrj4}M_B-V9BDyPS8w~)l
z7ap@;=Ijw|g`JnE2Z7<S{2M}^V(w|UNdaJ9(3GkG#npSP=MWO;g#<zyg5aJRY8Rad
z=(4-7rdcKDye1;S{Qy8F@B77V5Q?q*vL<8|D%bQV^F`+3+h`5^JQ8)JIzPbgj`vyG
z8Dt5t!q{P)*B+U|%y=rqxky0ia0u;qNMN+l5b%d)s?=D0r}NNefT%^g9gCC_UFpJe
zktN+2t(>F0{Si16G{ZeGN7r+aW*_z;d<<~C&%P`YHa{-xL8?6R;ejg$id{W2V~p+^
zr@?aQ<SX%DIsa~d8!^ft4Y_uz8hWyKx|8vE3@?#gYdnxgabBPw`eh$L-jY2CBzb+V
z#m@KL>@{&O6_bnJUyzluZ~qlm{*mdY|5coesF#Y=>0mb+K5F=NiZRZsML)E4QFAnW
zi`jk3GtTFKRGy^%aFdFq@^1Q#0YlV6EG{?aaxbMsVTf+5O3)A-<Q6fb)vF8Dt?}rQ
zW++wmdqO8LukNUB6R8SQpL=0pX<e+6GgiNE$o4jx%em&p0oUg@{nTXv$Y<RbFO)cB
z@{j%)*7E6qk^ixRzBK(}7xj`a3la+1==IK^MB(CsRU2(yFjTdv=%XgtuOsY<3x|9}
zv5{Lxh{KgRVr`dECN3Z^V>o;Mr%}bLqvubU6_5K>g*hP)Dx_1^w<wAK+D^)%#Q=oN
z81mrl`~yaLy&5D>9XzRmB`<Ew4CbXOvZTbpS`Rj(8WPmQyaA$D6K7d!YCb54Qf4I_
zm>#1z<?XwD=u!tcS$j<E(v)IVP+S-1RCOR3M%G>RfvgZ_^n82vEq<mPIVzh)i5tD1
zG=ftWkjX;exAJUo+X}Pkd&pvDWajoah!HTl6ze>1R<rU-i|qE8npG)ZUkadU9NyJk
zccT@#=|jI|(!1*yfvGT`EXUeomgtF}a00mTDW18T*75zJsN>wh5mijURlGuy{O+4H
z%#gjZrH>IWM`yXVoVLz6HCV};H+=vnD~h>{7m}Zp;oFpniCc<1HS&Rsnos{PrN8(O
zi~j3>k@sDyPXC$HsjjUp2N_g3<Ha&!@HHk(VM+epKdG7HpC>!2gb1<dzSN@IzT9;!
zX-z{MmSOS8Q9^PLARKIBQ68`hi%o!I&0X~azZlB{(p%(kjHI-;<MrB?h<j7H>axk~
zY<hG9#&zJeGjqX#mT^Dv=}I~%>mS`q+Txnc4YqD5DT0^B$8YYPWziw$r72pyMGPd9
zv(HmUDb)n7<ejD6J532G8kMv$4aBG?Ma>qr$0e2%U?Eyi-F=Wufq_3S#F1(%nax%j
zS2W;#4>>a7dR0+d<+#>Co|USaE)|j1Nm@9RohB=t6$^1tQXpF`Y58I#0M&M<Mp{r4
z0VjSiyO}mj>uDXNu6@KD^FHTT<J-}%SaM!MXiU6{39$>07-Or4(@tzd!mQoXe9$SU
zRMbd&hLUUEUHX2Tv2SzyUr3Q|urTPmcHg;nl>J(O)>D-D`~A{c^0G<~MO`a!ZTao!
zR_N>OO7CUsra#oou0?0BxXa&SWx>UYaY;N&pdcNgT;_^=4G7><yYm=eGchEk<Vj*l
zJf}WRR-0bS_w!UGRhfwUh6w4dMaxr@o>N=!5}a=l@?X<H=?b#p-<xvJP|cwA)HC}D
zup7eJ6PRYCsJ~+fxT@KA(=VlcHuBfNKfvl9;)AdUelPEt=$-}igCLaRHm{iExZq}V
zbsCetGx?%YI(pZgX{JE%k^T6`?5kJ&HMxKK)ZU}`=i~F0`spZ=?=|*cX7(oP!=L!y
zR__%L?1gtmYQAC0{gg%)wCB(Sk!h2md#}~2zGfy@wlKGgqU9PogDN9$=W^x><BRRH
z-ju1;5*%QZBxw`&gX;HLdt2^xq@B4*54KU#vvvd5UROJumaEPs9c_I0uinztc8#va
zFOu}W>tmtC%kz3RuiyJtwj1m`gZ@-VmE4?V2~StP9(k~vDr(D*bDrtD+LG=G<QI9u
zYkCP#R{FS}bZ?V;(|^kTL%WCHWZ}}_<DV5Mm&Yb2%s@;41&ITH63`dlA@Y*!-_+<a
zyscIZc>h8!PwXvIprg0@Nz;pr&H^MT4j45?86>ud<*0yTq}&@i4wBue|HSJk2nhfe
zO2rMC-;eurT(f8K&n4!hh4`LbRukm}Sq{4rfNEsyIfFGm(%Xy^$li{5PgnfFt{uvN
zhy2UQ)6P2a8}cw<Ut~_6!11~D#{VBA>!j%;Z*#_mqX^_+`n|5ZHJbj4Lk&V&naf%0
zAN&7W=g;ajt%v<TZET2H5lPj$SmdNamWY1OvZI!);p>iLC`!s%3O$U#nZW>ya}4#f
z&UB%hsH^vyam!ugT|7xUX4?KZC0N<DJi|dZ7QcQ01+{pfRoS}WQ2exj5^cKE-!DCs
zFGiVa8n1I6y^X1NLCulb$1Im{_)8R3CDMP`guYeyC8KzND{54~MI&aF)^H~wI?swJ
z%)Ac^2<j;P9Q<rH8!XNV?RVR@XWwJI8b7_*l&480RaW$k9!GN3XUYC#_G5x~q+R6^
z@Cg7Po$o9^ulQ##>%Zvy1&sMv*UR)*Q+fYle0$Nq{YU-byf)+i&i0zKEW9+!A}vXW
zBwQ;L!_13R*a$GGU6Fc$U!zU8>6pV7`vPF<`Qw+!7J`X0*Y`HTiculG?HM?A{#s<Q
zQ94DH_ortxFe#t%@p|S$5Bk%rioV=1yuSTy3Y}NF&y{3hAF=r2U<*XpSdq-4-}g}D
z^e}#7C|3%LDfNQDeg9eEDO<?FfAq(pP!HQu2PrCLsfJ99(h|4vr%lmTWI8~(_kDHR
zVUYxSRJ)!s3kQHI32`d<CM*9611Xz#+I#yV356v1sog9eij0owdb+(3Fd&Y5R2oFz
z1H$9Ny2@v>&!jqaio>Tvgj7-#zt>~`8s!~?)@?sQKdpsSlJunCzcXQ`Puta=QW2>E
zb}4=S8v4hIx$obJv^2q>2^~=IoT-00&nc6yc`d%!yEtAvG1z_-0Gd<sBI|OC!QUVn
z*d5T?I)8vJ0%IEnqxjNhJ@D&M0hnoiNz^Zji+IE$94+rc3Q!@7f1z?@pe19QQBT#f
zrGPO@K}mFOblrVyjU*V;su>m=)yPt!lNN_Fj;WUIqb&ZPHS|p-OFBwJrOON#(F;YR
zjNL#fyaT$VAiZJww&lw`QWW?kr>%)t_<j{8=o&Q#<_9<$2);n(0zdq~bN)mqDUsr_
z|Aay*LQw#I>kP65E}X>X=!%-C%#|yt2G362kFow!kmB9p_DnHe0R3Rsecp#Ybxe0j
z()-FZwWKTn+9+KL_PYE@CBA%_{u0XjZz0xGI{WoSc>*JfMin3_KD2}b^-mkpq<s(&
z7A8bl^7uL5p!Smb4FCj%gp&Zc;8wzDQm0N3APM6ZcOmOE34#EcOX>tk+>uW~t>BF<
z7u{)=w#*`B;e;7lYqaiAH5~pCO`CY65YkdW(`t{kHo%qrNoXov=n6&s8_@w!#{cU~
zAyA;S`|*_CmhvD?e}I2m{I#9o{v?x1wH6@Im9AT3=rz91M1s`rrEkKl1Ar#6A#CJj
z!|RAt;)-#o`Z8pTLyZC@>URHez#xR^_v^lY#msf)+q^lKF=_iNk{G_eZgD0^c#VfM
zR1M=d0HHyIdY%0l77yM2Qb8ELV)n<Qpji(^LZDm=4}pI(fz_$7b$}Q66#x}SA<kA^
zd7)-hcasOK4M=#-mxe2XU)&;A4{27l_7bUNcK=IuNoN8R^-}twDS4Lg^7fOEl=9!B
z%a}k%pPF=rm-sI1XnHSUIu#0d_D**`M>&FeK!$xdE#K{Q1FJEc6?rFb#jO_!DExm6
z)j^-$^Y_B_(e#SdN_-wH&3iLJ)@K{#Zy~IrmJ0#^S{@cE^oe=@9ttJ+rD8mT6qD#i
zLV~u}R1ryh$bmxvK-IOyztB|S?Zu@F8XpKDWD61*LI+g=#O7kiIK;$EA*2`s6^1uU
z0T>^E|BB`Lp;vzBCq3?-P1=VS25<ye%D-=vZFI1x2uZQ#B1V46y7nuI+?wwq&A$mw
zyBzD^UZnWt&U~M*HqW5d0d&EEvS|+ARFk%&8>2Dz#GkdreJ?y?O!QZ|)pqcsv~32F
z*S#y@x3T^TYW}D`{fD@n#HBD?2r9O3^rlo{dpL0X;w%Ib#p6(MassVDb8U2+HUSF$
za}wi8EcjqU43V?D>k~!Nn9wQ(%i5n(D~UBp@G4MGvqPPvZ;1Kid+G=AuxVExr1aTK
zSIds}p=c1<>byXFAQzlau~mF$6qu6wsA0JyvJM8n%4rVtY5<a|#6>NlqL7NKs~T`O
zZK(x8vlHW_+O|)C=pocV5T!W4^)<jT{ym;v_!^t<?)$U3u33Lt^i>2d*z_64AiXq!
z-6Mp{I#hJ`PL#0cCEkmRW#A%;yz2hhKyx%K#YSG&Aqu#9J}D3iQD{KuHBRZGh@pY%
zynwY%Q%I1!0>0%pU@`&DZdPaD_tM~EG4;-x+hGCfua#7NK~lxW@Vs?avV#47f~rVC
z72mxviq6~iB{lw;YKtMJ(l|K)uKRsI=i9{@x+sVa{v366m0zQFqBnV>#KH<J5>XKs
zd~*SDL?mT*?+=2zzrbd>JQ{!}ak;a!LR{dOhElKl>&2VUNqpsOT2I<%1KnE_cEOUZ
zD%LM9h2$ZX?-JJnINhSI>FI?u-5}}|W7g$V6%QXyFeq#8(G3m9-UAC;IDP>byeqIM
z#B@r+oreB;*8yWLzrKeU1_J!$`5|TBZ3m?!%mrK<#aDI<68kJ9d|$P@W1*Z2uQ<QE
zE&;)UoovpHQSpNW^cL9s&H=cnBO~gQf~&d)B@PaU1y_y)vZ1he_yl$_>0DzAYXl)I
zZiA>QU<qx9R$qVq0>t?TYZ<}j63X(6{@XUH749pnx)>DK_GIltP;q|u#SD982JPJv
z4M3v0N@y(sK7CRcLO5j|*D==8$;XdS12HMrczztV9nneqZg_z^SHH-Dts$hu>joX}
zfUbixWs~<WL4y}lrW_tNDvEym9{tl+D)5_2rm9fAcffQZ5TqJMwOysSYB=1nNr6-Y
zr%{nuKc7HRJ2)}vm~IGhG|w?PTqAR3Ir|Sz61vm8p>KKtH%Aj>_pNMXD4qWM%vLW?
zs3;3`4sbVW%?J_lD{bjSuk5S1tPNA9sE#gTM7rW5R}f6_0ymbpa405GV$UnJgGlQT
z2=w$ouh!o4ghIVjeaD0eR$^~5TyNIP2E&1$)*>7kK(%5I-ixZL-roQ@K*qmnkqEV%
zNQ7rTXh3G|(wiVi5?E1CtCCFSng*GNkY3a96?b};%l#Y9SFBbq083i$yc?r}Qdup0
z3Cs{4Guv5+7YHNYt}sjP?#gX4hp2K`^MHG#xO#>`pxz-=LSVUGy>vY&z)-=-PK;!&
zVQnbGrmQM8+3ejIWi46xZ${f$jmIM>zp$(p-arWxIVXrAh9em#RBUO0p6Z|tu#T)p
z@i|IS;P{7byG#ry*^LQUb66*23G@JOKxDrjmy0ySL3f7+M5~pYu~1+sIh@;=!Cz&z
zEZ~~Wt$Bd?MTmK*0HmF0n!bc;Lr8T<>j>GTPC$jh7BGh)Bf$``MQ2*Q4?DXj$ZU^*
zlD^p=&9^<dp1oy^R+s!{RQprIc|V&73bI-#OJ*g94o}O`AaWLO$T_tGX9t2Z*N<zZ
zI!1^eL4em}*Z>{C*sxHhQ4tu-d5ydmU=a&dGq{7@uI;)T0b}m5!4mIruWpkyvlZ<N
zh7^sv1vhP(C!y9<)rz0UcQhc^`$b4;8tN?02_So;vBW7Iv{<OHy6B6YLB_t;Tp#Kf
ziwg)-uPA}u05y;=FNNl6(=D`WC?T^I?M*Sm7&mU@VL2d#cvI#1)#~eJzoeO?YAaxo
zf>6wsySTdIiY!tDhdAwEN-5RJyYsCB6D}fkojfF1RGK?1Tb4Ixo=v}CT_38g1IT!F
zLW)RIW>mL8Tw4xowX<8LmhcJzJbGNmNbQ391cm@^@VSt2a7dyef$M@8PpM%lC<BLP
zrX5{J$M}r#3sAE#4?gklk)1#RR%+p~e8fA-a=4k8Mog&*ksILP0AmSAcibX43axrX
zq!64G)X<GXs|lQP|GJM3#5BIs$GnxZ{u6|SUZ=y295s8LNoUUZQvMPw<?7vpa#)n_
zdjP_^H2YAg1t;*S*$1wfjj^dS+Ib8C!Jh(LgP6@Xst6<nk69|jEPU~Oo2w>?!CuA#
zhH)B#EFl?aiD6m(LYY^6X4$zPkIxLarCRU~Ki-@-^n~P<W#x$#DzzZb`G~Ke;r`4y
z=YatcGZ|OFvT@XllEjqPe4ny-rK=P2b+ZQF7?$M&Ix(q32LfCt#EV!Ivge*M?DgpY
zeMie1p19<GXM?-MO`B$;vL`}P3o|f6r51eVsVz;VX19#JM|X7yP|3u>30=Qr+c0ON
z=^`xZNH+Kf2MyR90TPkx6^yCgy~Ch0VXiVUU`<F<x!EJ(4oR(UH0Dt+fEGB6h8bUw
z>FVVPYc9=!TkN<X-UP_EFU4f}d)xDA&b(wJYDFQTXE|5o+p7|Hy%Yp#ShJwMDYmOb
zT*p(KIsx*nXnM8K`3hZ*??Ekh9ww0KDvTwt<4waY&bN`Hqzk*DVtcTJW_jqDF~teg
z0XL&HCp9(BSZV5R#-e&y%l2UGg7`GnNqKaKX4%trt<D7gBJ&C-0C&6DSXsQzbftCP
zY&Zm0vy1^dqsn1Bd3!wpq0$2hSSv<<&_~q;1xgW=w2$DpP=+RhpkswVj6{ks9op?(
zn|>lXx;)mnW3gc54-XFkzRYUjHIy48^?GP`GGf&8Do3J!OVdy_^J#(rr%vRVXP_Qf
zJKNBk(v53jB)Eajb6$`|qE3rV(EB_3>xR9A&c=MLdsred1-;-p!{z$E<h;2&1P==o
zU`-Cy!M8hrLq98}ka(@Nj*3807c#R$(&(dgLp2;D#w%{3`x`&3W2}*b*wFO&+rGJ$
z>v)W~e+g-(-6f_O#hVOQNP%-WrtQuy;07@G57%5@gA4gaECMN-L=~_6gj|MQXH<2w
z%VIUYld^{yK7q{rZyUwa3w&Ly33-G)yUxYmQ!aUV!LSzRn+-!CyA_ZUH4h!*J>UHP
zF$e^NIuX0BS<2_zsaGNqluPPa_4lb%U;zGrj$oH7Lgjq#L?B1L(?v*x*V4dl%=!GZ
z+=%;kS_YVoyf|c54zcW3v;sCsyHd^k0wVEjjlrL~@7`{|(VkLNK!OMlC_Y4TwXu#J
z3^~vOv`{Y-<mu$<<*s?;vVQsW;8cfZ2hiTEcyj%xFm~b_CU$AVVwT++I~jWi##r7<
z7+s18Oq`smp)V(tP%eU?08Ho;GyIE=(?EYCbGZ;hoigxR5F<jl?(}iqL$h-sxO~Ai
zkI~FC2F)mozshXUZ-8bp8R14FWbm9E>?Q2>2*lh&au2mxuf-!p4Sw=V?OTW}iEB(T
z9NhuRZSI`Je8*QbU8pLxJ!sz>yH?{Y$e{aHy8()_$Z{1Qfbn>W|E8Yr0-UAz*{)je
zY4B||n<fIILI5tfDv<n})oHJeS5I)<Fl2#`?$#}xxqiBi+)hxHg5^=PKf3zz#@p}J
zFJE9TrOFR%NSVwQ!Mo!PHUSoQ#0W=FvEnBk(4(@XR7g@CvY5Xf0pW;*BVdEwO{{?W
zz-xH16#$SDkL%<L2~?E`Xs##A?re<idEp3Kj8YK|$ZT2fc*AUS>E+Pkn>nPvog+@Z
zMhy*4<?bl}De^IXdmp_%F^Eqamv(S)TqR0jhhgbYXN%#asAHrq>KstO2Gr`wAie-i
zJ12mdN=jw8d<ttCH(5Bhd$=PJ!r29EPggC#R#hoMGO^-w)HB5u06t<E#ECg5+JQys
zZP1K)^-Qvx+67r?fH~L!ve^t;;2OiM$Z!b@C;>z#re~>WiRbgmw1R!#^d%*g3viFQ
zSKOl$H(>jqjJOgK3dYd*@=7*-I-ss~J)_*1Bjoc>hbH^q-k6A>j&V2)%Hmx?mTMW}
zz&r>7N8~!#((TkE=9F>}Ya$W(11L8tDO6v|11}+Hu?0$Coq*yei|oHZ+q>&Y9+&Q4
z9@(j8;gL3+{|Tu;HJkGZ^Q0zid}IDHbwg?pQ)zA4wjj36tOCSWIwi)4>)G)Wa99CA
zWZg;=x(VPC<^-_Q1UAll7aZNl1uLHJVVS-?w@ssC`b5m??DL!_Hr6Oq3a<;uFxjBk
z$IMkaaY01^$Co-xNCgE<a3bi~JBOaK8p@H^v5pY|=6KYqaSu31FmalHsMZA|^pp3M
zMHJbvVYoqHc5S^m?%JDd0k#7-g2Q9$5599d2Fv?pyJtJ+9{9V~bGM|9QadSQu|oIL
zp5viVDv@|#z!HuhcW8j^cF`hd>k6tBHXy);00PXc2d+*|Y_M$luxMzci3^icnVGwZ
z9xoCgc~#27q`i^LFJI6_N{3-MonvLs@A&hJT`h2C2+r3REG|gy>#xk3^``V0yH*mh
z=L_H(;Xr>$NcD#oRi2Vt4K!O(x+n4<_DKPH21J6f#9%-SOJYF<9jD>kYap)E^joV#
z;=NY~wBH$YXXd1*v8jxy^ML4eQn=oCiTh`iY$ty4<RUp@^zh~OD`;Q2ekBo0p8_+a
zx7bfd5JYOvw$?T@aA<~}ji&&LAb<9UE3QtkY3z(eU&M{9Lm|oH+{c>ii4nPixdGv7
zcDZx%AM5@FWOgSYJyhI1-K8^>&P|NhXL+3?dp-&*T%4r@<=C&-;<5{_^x^0-715^X
zV!Djc2zf<yg4p#tjuPIm0VjFxn-=SwoNxjOacLl9H#8^#0P1^WV=1?bDJA|>g$8!!
zcjnRAT|%eShgq-p8!9)L?kmRGrK!A>$JZekaK$~BwUP&4QexKN+^Du)NGpjAasY6c
zF`rrxF@lo|3~mpF)`12;hp1i3Ruk6()~9y&0g@ow+|^7UcVd-IhPSCh8XM~I!mV=~
zKfe9g&3Sp`mpvM`!r;846mM!|Tsf*l`>sR8flM{~+PS3`8TFK8x3(bPbhTA^S@ez4
zOX%tLR$DAKl&vnLfYGS-b_dA>mU}jis-IQ~-W%Vk!u%nHS-(qS&EQopFD&aeb`Ee0
zaV11VSn*BhYHBpERhd1OEj&HpQE1?0)9iM%6D}I$(~Qf~ZS}eF%ZIR%*hsDHnyheh
z0BsnP?8Xoz0Y3;jmJKex>+KMe`$i<t1Bl$g`~s8-0aQCK9I7G~r2U*T#@Z3&vUfE-
zEW4IBjN$U-o;YZY)JZ7mX=i^MR)id`yxx@H#}1{*sJK<n<@nS3_zw{_gzLn&;OwsK
z?gc&4)ofGgC`5+K)(!=0a`z%HVvwhrT-W-hlLs>vlPe!`*DF2B!zNSDQT*V)RK3>2
zUcbPL8kgLzAb=9s_f6Jn=dSGbcZ{Xae}C21XLAH?{ccbe2Z}DKLirfLaUoCH+G2~F
z_STjI5yiJF*(c?;vur3#;w3qkm$*Lhrib--4Dhl{-L>t4HkMnP1wQRsce$1ra-|c>
z2b1!G&K%gfEv#yV86`z|44CJ>)@gi746Ld6Q&zt3dIZ}1NDk@eQ1nQQAI$Ml0pUzw
z3?MDRWk_MJX_2nM6*idn9{GS=S*z9K%Xe}`bObmi%{65YJNw)1%X_q+^Hwa^p+v59
z;8sud{cpSS|Jd-GEB(*?Pe>9-5?}DB(4N)WarP4wk-xRmb6oSW4zpKRPdqi6!)8<L
zP|!O@`M@g|d;FaV%RFLn(ZShZhd^vsaD_n++v+fS`xdapYE33%085zAhUQ35#vd~s
z*qF{s7JVXo`_H%v10^tC2CfuL5|XPd!FTb)&NtbN;yrZcwRxv@+OZI3TR4v0{Jj3h
zKvK)DO}aCmZ!%xO+Gp$Ix$-livo&)p_A04xGy6bMsBwTtf|$^qYWO~8xidZZmHW5i
z5X7lNK|%aL4dilZyS4iOsC2m<UX5=~@8E6DC^v0c5t67dd$!t$98EwFzkh(=W4xIS
zi_&@)ocrZZ7CCr}-%2Hx&*kr#NWU=N-|V5|{f*imN$q$Si|QzS4|=du@q;*h`j~mx
z^*;TGL7(YVidNr~U*6P3XmTO|7}ccaSe`zqc{0E=Shm_X%?p{}1FEJBFKD`<PGl0C
zcT4@vb!p*7yq2qQ-Rk0w|B!$x6u)JMMLGOn+`5rr?G7+e{b{9D2YurWHme?Tv6ik-
z^em{wr=D9LrY(rzspn8N=iFnD7f5ag0{OgeuHUk2J0Y^G3d`_`oK<L;m8e%i*%{ei
z$|r9I6Ovu7tZ+NeZ0LWy7xUlV2YS)}{nx|)e5`liD{av32=i!)O$83=MklfaDQc{$
zQUEAZ8a|ej0JRP@(;Sn8DoIswR|VDAvZ}65PIPG!z!{I|J13((=D8#5y<h@+v~Nun
zK&9=z4Y*)kR*(@j`Ze~_=w5EO6$wn{qL#%8>&>ZbGZUIB59tg$pJrMOC;r#<b*J4P
zXtZ_IgaIVbXqvm)K2w!o7wrLrIpM_?TxCXWYC?*9@HyTay=kj!v0yhcvlB=FNZLJM
z{`yRhZi!<5mK<j(jRk6+u4J`=<{l=S;!-mO&8)7MY=c$L$AQtSkA1O6Qx&ZytAVy?
zSU)<cq;)>Jx)4%ISbFYp0|CruvFDH{QKCClRI<5gDOUuWWO1Xar1ugO_R&k0yjziK
zRxS`s<WP)@A+7*$i+L?o%9Y_$9;Xx@p_Z^ji~O?F@ojNWfekLUhkbh#fzsx9z-bt&
zMKcmRMy=ymS3Wd2&eQDe9svlnoeAz`vCy?h0H=A@F*ztJC)|bDdOqY?=eVno#;Oz!
zpt*gWX<t&RLTfbv;Om5+>)nLRd5`T$K(e!P?m&|%1nn}8xU4lN`z|Z9nLMqfM8E~C
z9IwfvqFB@g)$~~8+UKyxMl1-u#}HiNh%T=EF6P?PLieI2gwTiE(@eoF7acd8kat2y
zcaAzM&KO?7#a~et%?o>!pNgOLGnb^rRwqeiAErdF?<y||q~u2pR~H|CNfS^|*Kxf!
z$P13d!J!+ds!C*&et(X&O}Y9H`wQi}lQ{ax#+<V!7XbD!2Zwu@Q9QP1Ew-4|vHiW9
zthEJ9Bk_dxM~nA&e!Fj{^U<V^sQYiJL(DPuP+hUQ^HrXH$hFH*=cD(w*53AEW3y-6
zOXe<nEmK>Z?dfkil~pH2xR>c}s0cgU)!ZhP9)`!ELGjw>YFkn#YPtCZb1Yq@T@JYx
zU}Ij{{pO5h`IbbfjxF}JuW;GcZNhP=<*2UiD1CQ5dUH}BtQc<NtN`w*o>tlNS$DbE
z5&}pr)mL{7hr2$(we8mBCDAsbR?XTCw;Z&tmJYIZ6Ig(A=U|zZtGapCtGLzHWYTrm
z9XVkkH`sCKi%acY-SLm^IzAF%ShmnZT+OXC<y(iY2Do&~Z5~V4sW91Y``caP?kbM|
z{;RmTrri*WEs9i~-{%@+x%%UkpIzB{RflUj4p&zIR(OS(mwe2oktg56F+)f!i>=+y
zak|(R-4#Z|t;5xvrR7#u(ogxI$CKR9mUq$U*(UMO=s7=x9^G{e5kMK-&YE}mRVANZ
zpUY8`%LH3r@^>o<+z`vvpFP%kO>(Q(xn9-TmG*ZPXIH<k&pwMLA@pdEejU4;&$R&-
zuGi(N&)e2+V(@XG?#JD{Z9VUG+}Zj51M~g{58+Ofl5P1!Psc`Js`vJT3$QYUNyo^(
zbP}6*uq@l^%ebr{Il$HJ-cwbercLdqyV~P^CXWQgSu8FD3l71%ma|fY4G*Q~(pcIs
zt(faStI}WJbXR^aJbLJw>omy&!rto*nr;&_-0AvWZ&(>9x<ZjM_@R`)y^OWuN9fWX
zCn#{2L-GEo$K%mM#fkaxwbl_8b~{@-7OGW8+Tu;m!$Ss^#4X<(^T7Rg8Q1*`zHBu8
z8bd9)y5l^IBAjy2HG_@%-X8Sk^(;jkb~9!Zp0Ky|2WTk5_Hf(zI!hO**{<u*g(Qki
zfB<_OtnZp{zT8-G<kh9H3NII_!m#Ai3pJ}BW^;%n=Hw%~W!HdQ^KbDw1${daY*JT1
zVFNhAv8<{>)qx0`0GxHMfc3Xszb+66w%nOdPG+2|+YQ#HHFlp=V(Qft&AM~&#rxUL
zy`$>hi^b~|V!iEl>5Gu~l)wIFXDztpVmEOkPB>(@&BdsjXy!k!dQ2&}c5ZYfl9;wW
zjyoS4nDU7)JGYb--v3b_k`2$+>eQ~V#p5u2yQ&l5-pJH;J4vivk>x|^kbEq*0ML<)
zT`wNq(pL8kvyM#z__Cx&ZnsegV3&8Y_^xI{cz4mfMNv^l-qOLK0yysNr;N3-cU#&O
zEACFN-3Z_JdEdi^6AO0m(zA6DM>(slPnp&e_OdAPWu44e!?(QT=xPD~_g`-gEZ*<w
z_ZqxTxBtAg|K&Okw><?>qyE-c_MHlql3P|@KkGvbyZ8p(&K7sM%l3yaq^$mChVX;J
z_IjhcmMy#G0LXW}*<k{+E#Kmc#q*Wr9Gy-hl%hoUsS-p-#EG`C46xcF)zO>pVsW5I
z(S@SB5=_`AZ4a_gs<s$;8|(AjDz_eFuw_f@pna~z13B9h93bNkD6<XM-RRKE<6-RF
z?8Y8?5?jo*nERGrp$IElCZoWu{tBH(cLZuZ#tK%AhX_wC0SV26tNZ!(;0x2*Hef=4
z>wffJP6S}{hyU5rH+qt->~=6&`v;29)huf_InnDsj^5xGJV$lRnwWBTKZF5=ySH86
zw@w%rbh1t5Udv8z>Ddn!IJuK^C@a5-7m|~w$J_SqC;T?8XnMG(-pbi#a`8oU?_7`k
zh+_loZ{cD}aIxHY^hio=roNgd+J3)lZ+&IUShrY<+~*6+hYJ*5GFA=M;)-^@AXVW7
zT!e)jy4SwDx5dW|X(a7Z@fBDaPymw^T>e`}_eHDsbZC94kfQ7URh!M^nuXeSmzrxx
zM&6kSQ;G1Ep2m;Px@WOi05)@mniH1|?G;$%nAAXggOY*<3oT2^fSdk@{Wimm0JYuO
zc=d$q{v}abhzlHQ?s<>LmGr8`iw9x{c%S=JF0Ji7d@Q$jPtSjlcYU7<)YY<dgml4U
zK1r$Wup1AttT5~QU|ybu?Up1Gz++lqxAw^`Yk%EZx1I6O%Lw3Up8m4N$&-arB^z?-
z3#>Osm(0gOyMiT49|r-HE4uN8=3~k*yZc}Hz0R@fu)8eP8UEbvg95kLA-Z8$rsMkN
zfLaz?r&+qtXe)<<PWJ>7QbgG;y1d9h=l;s)+<!hMInYNlZCbj|xSUBh$f*zx+gU8<
ze2g1xvhL8u=)U*FdCRjD>BNi}8h3xu37%xoW$|xd*#ZlfKKc$C2`=BR{PMC>s1f$D
zE4mRCb%UNt`Sf5@;Y!0MO;ua`D;JldLAES~yY~&(J9FPJqkpoUaxZW03O%6%%CSAa
zEM0xL!Mc^RANJL~yzt>~H{IgJ9_@X{B5^f4#oseT->(r<e}r<D|MXr9;@f}0>8~2@
z*iRpu`vISDeoD)-eQQ?Rbb4|5-rX<1v#g6H5TfbnTtR0Jl&rQgZ1K>6R>gj!z(33q
z00`Ywx|MC-P&A!o@bvOjI3TQCO%}W2LVu(8Rs<iNP=}G)<#=D_H6Ob>yM^;B$xthJ
z#e7K-(us3>GiQ00LKyg62iTP;(%YsUh+S@V;O)r0ZWA3=^!IBoQ(|kE9$mjd{!+Z%
z{lY5_y{)`r59uSV`esVjAr8y$?gsPK*)KhpMn~y?&2`Fh&J5p0j@tL)gbBj>Jq;ah
z9k4stA8L;m65)Wx^(KBPt2*F%#QPuYZvB^lq+HW*mu@=T%fH||+<rpY;HU(7w?Vou
zH*jAdfQudN3ew4c^dEZaLGLD3fGo>raH8M2XWRYj?!A7a;n;zIz>|KTe<=Kk-@|k-
z9Ti%9bq~s>@ndAu`ZrAlQ9`6flymtld-dNH9ld!|1&VbfdW^Mj`%8k|U?zyn=x+G)
zXxj1l@i}WLzz*Muw&k22LHiGI-ri(EVlBWs<NRDj&pNwx_R`d=6#G*Y85A?-Y>h5F
z?-9D_d7HY{sW9kAzreFb2b~50Mss#odv``9N^BQ(f<5d?8O6M6z4E2U;WA8BrrJ{9
z=I{G11&Un(@V;Nb@PD9Fhz7o}K-ZY0V>tc`?jOUYba5!I0x+^G$z{mZdxzJsyB)J_
z8mIc<Z84f$X6`*n(f&7oo<TY4@PqeRJI{WzbK+0G)}vE<Hdh>1ggm@}u``=38@q;M
z$#O0ZtWjb;b<Kxt;!6L%w_T=Z?)ZB3J2&^Ces&T{FE4CbEks|%RK@znP5LqQX*Rc$
zYAtSZ>~C-!wcdx^_|QGyWry`z`0Kr~MgZXZrcE5BZ6s}W>}kB*X?+$~XfTmG=IA?;
zUVI@#9Ig2Z|NflYYq#^=3!u_o)|}I>_7Wa_&a!yQc)@5>DiNBRHtLz!meT`eWqVrZ
zil>_hKhB%T**R{mC7J#z(ni6!+C?Hy@<+KlDNP{B!sEWMi>scyj6q2W=D%?%XVp&R
zjE1b;$&X!>jc#6c6?C7Z2bM8l$d#r+Q8oR%3k3lof63)~@nX=2xPsd$%*qrq17N8T
zp192&-FR1_6$#KNiTvG>xv+lwKJ^@5Yr!Wlg0>sI*o3mU18sHfjTP+jFo+Pq&%T0-
zWPCI%vR%!tV9nc|EP478S21_VQ?*}VD}C2?x64)I2fOC3hlwR`A;PSgFac@yB8KYh
z@o_er>s*>V-qox_tj~1Ngq#Rz*S&XH;pDzs+x=cA&F;^t0MO7EIi%#1){vl*o1=T*
z(I{m9S8-mpTB121fa;eS)|X@Gu|G<lTE@B5@JwvtyWR9<YFf;OUEATI&+PyJ4dRB&
zO$VlxjSN?QoaP8T>`;Nly-5Dt)S;1K762;XSNn*!uD8F4UHQFDTo9r|)W=vnfSeGU
zG|qh5g(bb=)g=X)8-<!&vw$Ky*!9sNRPD~Kxd}|I;a%tJk14@=G-Vfaf~mZQit=Np
z`{z|^@x-Ly*b%))x_4{(G%ob$SjLsTNBBajwn!w~Zs$duUCZ%)$GaDK6&;t2P?ywl
zai9x6Ew@Yax-@{Kn#{%pbfwW=tn1Lb2~4E&Xl@&i07T~!`7MS>+_9t<j(cnywPcib
zYjJvu;RarC{;u6bk$_JYCq||w*m3(+CpeO_h&X3_u8EA6#H+pua@vlhsEGp`tl2j@
z^|=ckrdoApLioFwJ)8ElFXEU&-@+GBpb$}HSAL^HOMm@Y+i_*WN0&s(d!xG#SJBrp
zZrG6z=fN2)ifchvv*zK|H#J=IbXC)>z4f;%=}aDHEQWS?+NWOYL&qZ^ihKbjf>wzd
z(2kRlbR|Ky2@(Gi)>v-b7Q;HF_L$45oRX@lD#V~_=okXIvYdii;g#-t@n>J=?hc$%
zL|!M#RGe(j4PWn3UzM8cM#86CYqtwNd~79zsTL&FA`sLj2mn)K+s(AX{4+N?9I@jB
zwE@Twk3d!9nJ!lqG313ka?*1<*K^rd0hx4t9?)R7^lib?ov%o#t0s`R{T9U+`1S9{
zyzIAX(r}Xwt<YkND6&z2r?q7DiDlhdFY)${`dv<ykQ62Ss27yDx}3+}&%i<3Dw)W7
zuZti;k^7JD8t5jyfOp)V_2vge-1rY+60nQkdTGBiI?`?}n#8?M2td0f8|KHZui*?o
zildZLs?yqV<5F{IaxW+?DD9>+E(nUUovq1I#WxBFmD3)Gr4?EZ6u^I?Q!=X+1Ymim
zX;k`{zn3L_k9{}1fRI4=(MNWu6B`95#bb}A-woZtM1MKZVj6!DBDO<Sn?h-DFS{%$
zLDo-cYWK6g>iijwhwjllu6K)KQC8Egofki|vhrQhKCNU}#Jy~Me)i3KXg<YWRX_^s
zj3yz*xcG&)d3f}N|4+4-yM@BbC$CC0SM>`4P;xKuMgSbw^vQsIFcH9leI4IzX-1b-
z>ameVgkTEN1gL#Y=TW7mK+NE(?#F2ACZj-*nh@ehseCUSV7NW-o6rS7#MFBLwm*K*
zAtgu3gT0@!?b=Ca^ulvB0o>=t$2&XD&}-N}U))W1;}4lrL{)hQNYO0<n5Pz=oYeqQ
z4&@bh?Cw0c)%t$WBmkGxRULimcguIs5Ge<+p!!TWT51F2fz^wlpt}E|S0^H!1@cu+
zfFO?%;QGWUcU`=6$LYew-u??eyX><UzstO>KnxNmsba0~WQ?XIDt*;^DOc7kv$?P*
ziWEGLPH%FqDnQi@KeBXy=Yb~OJ*_Yl%(fIH4GzbJRWlWt0@Ng@tQiQRR%*HwFxK`b
zWtT=_rRvwnx46Vdo0QiBF!S^Fz;^(99g^oOugSRqx~{qT8sQxM*0#WCO0)-wgd}32
zb^-AIHLeM9kwpM%3!DSMzW&M|Q=-l~7PZu>NysH5qXTCO0Y-Con|Y+RQhT%=gCtIe
zOEPD&1ni;0%O}hwJ;vq3@mM5DeQHZsBVcQE6NiRhr1a@@$|!j}igZ<=e5HaQ2m#+J
z5I6)yD!h0TS(5<a_Ugpge>aVZ_}7qqN>bQwS_>TZ2=?gVl34DED_+u3sf)W$r!y%A
z#g)VbVc+x7qEzj~jy_$HTC7@>FW39}`?(fHC6c&04g%mc4p3a1qXB5xunGk5akj8>
zeD5Q^DtYt0b_W0;?&XiGC)GOe<9vMcnfawk;nsIMP}Td5ObjeuhUNj#R;!wGE5?km
zG?;Ba?rGoQ^Ln0dl^}4*<KN<HBi!O#9@>Oc6zodOM5FMAIDP|Q)kZb(8NFLfMr(up
z9Z6O_iPGjfn&ba|eUh4Q&!6e$H-C0UqABBsu(Lcttw)NiQFY?HP{t>0r%|Hv(F;WU
zPlIGMeVQK-6x99$#LN`i?(jDN0bJn3wQH~ZwKG<A$sl*J*mRjY0Oz#W?!HJV$#%Kh
z;ks)*yPA9&S`T}kcK7fLl(0a|-Gt+{1JInkp+j4dAilY9>)oe{$(NK=+-cwIp*<@o
zy;n!#hRsj`Xj5?gNRp`}-;vAr{puKR)+TcJh-|FM&eE6f<S2+-iZMRd4p#&AA0V!J
zOD;6B7BJ|*c$>)M#Rx&x-8DhhGlKB<GHG@)_yIFH{3W(&pjVwKl^eLxOZ!#3I6fU_
zkt<XjCWylxe3HbWSYy3ZQKs3{SJua_1m2WALd0>3ZEP4_a{ZQdpX=;hB+0%W&fY!F
zrY`S!pG8p?J#E^UvgKqZi}{)~(O_4@?vAO?rAgisR*D@2&wH23&ZT|fh5(+XQQU0f
z!zD~z|92n8WXr$7bMqV)Wtj<tVeR6ZQwh>CSx1-~pe0?Ar!0g<!>-qP_|uQM3zkEn
zVqbJsV$qDYOH8Qad6$w-8Dx$JnQA5%%z7$`XXshR2L$dj1qRJguGIh7o1R|O@OP&P
zWFg#nAi-ghip02PUr7C|W@65@eYR3%)Gx~f5upw5?t(n@nraB#m&6lwv^Y88)Ocm1
zscqofotNjLa6uy0F1ejgLLO(j=IbaoBbK*RO--A=*xSCgvI3}ORp*E$mp)!#wSJE`
zZBcUL225L@VD!{6sm&g^vJJ8{8j+&Yf8?!GOcGe6>@w(OD@mC`bb&QbcHB*buB^_{
z|Md}`xraz{t7Xu<e$x<F9A<gKv!}5NJMS>xyGI)4ud%chZm>j>)yGK7>)v4dCJG@4
zzsP;K(I@0mX24Ngc4L26<*3|+p$Lx58#v|Rf6RfV-`@3R&gv+UtXC4n-r}xNqaL;n
zFEDX*I_`L}sQ@%kVsUs;s)ZE>`y9mLnUBsUdGtp<QLl#$gqX45s*nc(iFw<P_VPXY
zTVs<o`+XNwf|!{qCmPNj>++m$*ur0aSDu+^cjv77mfn85HL`baVlNxd$3t&kSMZ2W
z<W#<{<<;e85&*wJA-3<4zgNOuR6;1%c|rU8r0dFqoU$!9G{pLqS5VhaOt?c%1`?TK
z!&^SU4u<KrSpWXtm%BZAOd6&>aPR#U!y|q6J3r%1XgKd$^gq<fwDi_Juo4wow#qBH
zms0D|=ul@m@hi)-{O0z!&E36U+s<rz*B9M04FnMAM=;hM$?7hP*U@A4Tk;`WwJ<H}
z6r+WU-b9dYj_!7HZ-0rVdPOUG3(H?F{E2rV*7^1Ibj7<N>#d&c978O5`X2W(FT~Vu
zq3+$@2~CGN=B#|5KIvxWTXQm$U+(2~Uq1lb+V}FnZ>+@fb0yL(A49OJtX}8YmRA#e
z?lOy}9QilAoqi90k?2gtPHup{{tmI?T)p=>)R1#(HV_4DzOMldg?I^Txc}uT%`;0}
z+ig{Y`e8ou5>Id)XQsY?O`{4rU*3O`-4i*SXp=WaIa({}zbSnL?e{WSdQ+j^A$iD-
zQpGdqiYwfVw5L?Xk~vzc0OXJ9X3cUEl|_xJ^5`8#fA0u8wSqA+SJGgO?`-Jd0g$9f
zD3t|^k$iT>Vv9*G7?8{2vq(I1eMHX&u$0j!wUNua)<c21_Dk5k;4{m1bSX-pDk_3}
z>IdHZdRwlW8Ik&y&ih$|cSK9-Q5(zcKl38bbA^*}z%vxwN2c|h#qs8^YJW7dTr41Z
zOBt5*W<$oY_EwM$zWf`gWxtO{1&;$4>~O7jFXC3923=63)>+RB4t1ZY#rGku?)YN&
zUGwg%Pne!dXd#3ozi6j%{5!v<!;8Q97hbSUxAt5e`ro}wGwgGD3Fn=7|L0z(+jK9^
z=uJze_r6tu?Z;i^aeC|RpzWVmUWM?oC&x-xw;N!2Eg`KR>Z*4yc;71>v^Gc-_FS77
z?v!e+d9BD4$%U+;4P11`Csz-o2vunKU^jN{>ld)EUZKm$`+RTg8jk<T4Gv<3e9aX4
zJjKhu=SA*Zw^GFk?^jR6WSM%9zLA37_`_)QIt$udR4%g1v)$;G@0hJD?gxM@30*Pf
zTCQQ$g%^2qmgZ~yvrW1T&zJW!=<*WIlytvu9HZ_7A`WR)o_$7kv2asI(eAl<GFOq$
z_}Jt8tmAC$pq;t5g{OgMMo&M)wi|n>|NQ9X%9~Q}b!rWtrh?83j#Q@lc*6UxeD&sH
zO_g%{3v?#mN`FuTuiq9%9;1Q!z|~1^`>T2+e;<})`>W9%RIrg<<5>{X#S~@{n;s!I
z`wwKZm%o@Cu+gwMFTd>3uke6z9=$(aPK<KASRp}{AIjzqFUw29JO4=vrUff|f_dgO
z^#~|>`Humi07+Jhs1^|#T8-A$x~Hw4a;*8b2wG9ey6m^HQ2|7DL4VDG@4w`UuWf$o
z?|Z5?^?(QfQd*Y%im%IXBQ-4bP<XkamZ4|~YHJBJtcSV{pD0xrX6g03B3Q80YZ0$)
zDu0vO@C89cC{Wj<l~-8_>Q<}PP*G8>8XAUt$HCXFogO3S(mpA7$w#gmiXOw(&Iaxt
zV~M&|o^eCg>5Nz%bBViJ2#TqjNnOM-OZajxWs55H5;hq$6a-qjS?h^A+ClPF^SvoI
zJa6M^T(Y~|!29~ze&F>tl!AA$!SI#BK_WB)KtqHAp)dSAGz1X3?t2)%9_xW5gObOO
ze64+Xm%Y{vj{@rpy$obf9NX&IAd5wLOp~ev>kqw*^7PQRoqfB&7r4A!WC77pP6JZU
zGz4=+(n-k#Rvn0_<{?__efOvBykuv{8h~0+FBBNQ9HfZ9WL;t4^=BBcQpiO@7?Da<
z(K7X4eA6ZOgh(p3G;+Cv4vBQIYD=aS$C4XeQKFgkoO<>Y$}g66`R#tj7h-Ds_ALji
zfRY|_OS?boF{@FCg(>2O{1RLE8@;UD6JNN1kJckK-G}>cDuQUwaP}{iZ8Pk+AYD$r
z*>oyesoRjC!<V?9{+6A$QNXuw*AG@VwB6O-fNZ!^Vma${D#LYKJr*hNq+y#l@cVQ-
zh7TXHF0of4Lo2{Mk`)`-7-ypg)&>?6F{>ZL79{T2{?vZgoP}7gu|LkUiRe@&Ll*=#
z2_A7N?sN!Y@HzrPHbYe@nw=lb?)KN6Tv<eHw=_sz4xlO3t2I&!Sm`cT|FDx7OcodJ
z(rGHVKPQccdh^#}fBB;g0iKY5{yay;RQof^=cci@5D!}Ih260;oubl!b#l#|Osy`3
z;$l6!Q#IBk<z|@~C3DU`fBr2|P_K+c5;WP=v1}aaKFiGv#7We)M5u!yNK#7JYt!GO
zD*&C|i+gcJ;uDZjTTEt{+1u^ioKQD=W))P5903~T(hrtFMpK+H?z&bpXE2<r-oEwg
zatuJS<!axfO^l@pkP!0)-;XN~@bG-aW{z~H(*sKt%dC^`(q0kPy%<KrFp8Eh&N+dV
z9E0L6A)oy655=RISjVa-jJ+&J5->}*U5OZ^+<+!MRb%Bz^bJ8N7aKi5nZO3cEJ}%6
z&IXY|qdvN5?qC|Za;K4cv3T+XRNvsKtP~u}QG{msN28Y}nD%lGW~$M&8z9p*bh^g(
zmDd>OKA~E90gu_mKjyiBV_fxnbo{uJkQ-e~%aYLm;mPZb7O-+-WvyO}8l@=!pjtM2
zFr_lFY2;q>IL%o~W+vgUpIOJnEYB4rBIrsEr7{}D+?K={N=CB~kg&8zP@+;aK6aeF
z4v>RQo=nv^xa!R*sEg#C3GFSk2dZD$i*wh=O|euVzK(<L@^EJ0UN0U`9HCg{lRiY2
zAUKr*%oQS2Oj-(av^K!Q&AjK6t4EUPxl68s@Nw%rhIyGGYVTVq5r86f=MH7gI3|=5
zl__z1+JZTDU|MY}ljc9?uN@8uz!FC`TbinZuKgf60a3wvOr>7zXuTB2xfJ8qjAr3N
zSiH3h>^K<#z~TO>oeRnzc=CmJ^wg<)m0OoXrS?-<fH40f*Gb7K2zWSA@p8sMt$2dp
zU0QI*xv-HImq>!ZhKyaChmUO`6<ECQbYb`BmYs+8y)dQpzlwkrC+vXU%Wrl=07%L{
zve;kpffEM@mw{J`e-t}hKmkTb#;iP9SOU2$faRpQ?(D3ra}s6Qw%)nU9tDMZ6GAL|
z{)t>_Ct|desd4&Z1=r3!s7cv<h4*K3eZihKMJT??3xT8cb#eX)(R*$>?*IT*Q*Qw9
z7Z5UN_EIfE;Y$c9ra|EM0}yZPW$`Br9e(w6RV0lnLLdl2r+Wa9bRz^AUu0moXVJel
zJXItHIa`+p(E=Q!v-5R#0)Y0(HbQCQ7Jq?+j4IOpnWTvPt>O{TG{)Bb2>?RASJx*1
zAk_h_BZ9;anWp_0wXWQTIP4uODhyvpLJd_-xDmp(0PqPhbIJvT0(Nx*fVdkW5ccig
z8X|Q$Nn8W~%=}*`ynPemHnA2$!m9BKh?D)M*@(3sqX5A7Ce#7ePTz^W$Ls&=#ryUo
z^itc?D83M>HA!HQn2sqCl$If4f(3??o<$9m1bHEemj}*aWDr@QXHnCV+t0_19gJ#h
z&XFttAIquZj*~UMk_5^9BAyl}CvX(A2FVO@xf|#aK0S0Q90a`Q9DuKKeG|E@W~*NW
zddSjhZ&r39($<~k1A5sx2G*msQ`v^R=b!kJVu#tXET+UknVfll_wA58PxsVn-_FO2
zLxy{vBnVze;`PvD`B>RP#Fx`s0YkhHL~O~%DxXyeGQ1+e!u%9G9(#E9oVIlOCE+3@
zGqA%xN-Sv_vd=T>rzQ=jA)rx==t?!VX+R~|!R7X&#7-KQh8D-{qG(M(ZdzGoT7p>!
z=EnTboy?EB+`vYtM=fy9p8{bAO~wCVA4g$|eMVwq@SMW?D8El74Npj2mWc0$dz96(
zWr*<tSZxpJ*!2zl)_<xMX<?>$z)w700U*5PL*ix;KqAA6AWj9d*jbNagjn0^-k;sK
zYY(bIdjqQ{7lAM}@0)9Az<RaHKRz?;%bz^?0EbF3y1GlS=V+tGcVs@LQisL)k;ZiD
zR8gm^IU~dhuC%4~Ju|XB`b(r!3hH>&k15vT<VxT!ov+s3h^jQ)ypf0_T-Be4(>iRb
z(x;`!ZhC<*=b9F|FmU(t_YN`SeUE}tZT3$NXPNVUHs%vFzK!$~DrNA75{Ae*43-cK
zae(OPQ3I7%_^>8=5pg1}6TdQXx8-mst>jh#F8X{zw-;EshOB&TPUdG0uruvgc`j&8
z3!du@_Q>9?R7KDg+CK%a<8|Jq`>kny8(OHe;rkZ=6Yo2_HDMmfjVmx{mh=Z-3`;^H
ztk-;uzrM~wi4&C440e%CE6Y_bn30&795fsF=y23P(+dV11i+vkdDP5M*~2xc+VAhb
zQ)UuY?`a_SY>|J0+<T$YhRt`vZq0+WsrT<$Q;`m+-2|NJ#yw3#N~8FJ(I4@XE9LUt
zqJTgnf(xKS%G^W09CmV(3Btx;+#U@6_J-qs0MqyiXbRXXqbQ1=1wWYH|5X0Ye*St(
zOX<rfKk|2`MO5N&^f~8%>+EA;aHE^VY{4Cvt7Iw`38HEcSI^*Ph{n7W24+Fs8K6^g
zMjz8-Mq&5HGEkY%gxTB`en;O46Hwr=7h>4cO{3!OuNbd@@XR};M(yty{g;q=4k~R>
zax4H3EvY~3uk)&6wL%ijYzw6W!LtQ|6ORMdf?KETw~~-SR&UTWr)Ry7wJW#UJiXn3
zPw!@0PL|#Ny9Ki^7A!HtyGuh&Z(oQT%h`Xz%&Xyb-$nJ+V*VPcA9fa?QipH0QOXS1
zb&5qj&&gSB|C_n%Rn99U0<g|qpj`!5`FvWKl+TW6;($a|y_0aw1!v5^J~S#0xSE{{
z(CR#&!PDa4kPXKa?|S(<*z^_c&qTQ5<(>Km#`*PhzN^$lB@g>Lo2HYaI;R%~pp+tQ
z;eP=QpuVgsltycfh&(GI+)lfEKvIoQNy?E(>=gmVG)(tN1O!EG7pUnQb~!trfRypz
zHn+*Sc+<-eboOiqMm#t1B8?AB@&{^s7~>&S;-E|%xU@uN3cZ>y2O${bY*zq1uyq!<
zI3m}QRUyCn=>noI!VyK0#?3-LFvep6bjT!{@c{Nr)3B#T)tP}O2s`T982jejD0+O3
zV)(o6&wPKSqSbu-eM0o~pQMiR&tB9Yp#SSBysW%lf`3>Gvb-U_Kau63psnHKVVhD=
zibfzJBEr2`4>Sn!UxL<XT4CE4NtSusTz)1jG-!#RdZt`xi<=n@)leJfC?XL>z`+Lq
zZwzI%0ul%XL<~C&PJ05Z6RwctvN=A`!VO&VbzIU)&XnS(=ZEZ&&m8(QVF$GfO~(`K
zEUag0eaq-SLGwG^N=tZ&ongk+3EaUYkKU8h5O1(@g{X|%b9rRuGw-LLpIXnyH8lfM
zC*|Vxl*ES>1Aa`<T8tp@)!3D#ntLO?zy(XHeAI6)T0#}Mrr{N|y-7vh9Hxi*WFU?r
zl~u6S1RDCX1jr(a=#hAJr4yhAs(f3~;qv-$lvDZ}9X*3|R78P}LYLWeFKkkm?-1Co
z29Fs=9~e;1@oL!dO#Aa=3kP{~!hM2?QmRpr#-ka7$unip{od5S9qR?u=+%sUiy#`C
zeg^>lMf3Wgqb$P$Z;YcBlR@W~9wLIupMsE0UQ=T5@%^Rp`g0EO&U$L_VS~)C&ZhR@
zWjr;d$u*jf4C0%bG=}PG$Y~2;cKJ{H!wYQmTf{c(cW{l<&s|2Z(0x>4G{D_mFm^;+
z=j5;=zv{Zd0|bJE6Hn~2Vs{zV+PFkXmyQQ*C>t=)@t+`jT|3C6g_>D)bm}R~iD1Bs
z>m>@D6M|v!MIX2x{QjIf2WM}4ciUeW@A?`@^(UQVNP#V?koyqc2$*-OpBZY@0pNsr
zvTXD8d(FI4j$<Y5Mc=P{9^l9VHQ>{@U;t$(4W($x;?o{mroijiFrcVv&pr5rIR?pN
zNiCL6S_o3~)bqSl#Z6s$t_)45;J9Epsh}<S%l#hdE=XBK6fq^Oo;J37oSrR!($r7G
zh~NTFytrae^C~D~&0%#|ZB!Wx0xD{9ae$_`vvoAbO<MuN@O~nLncnn;YZA;2ypG2U
ztV}gpfAl29q>>bRD<0XjRI-4m0{E9vBPDbW-;+5j4Hbk*B${)jMc5b&m~sg>+ZRQT
zA<X#n)MG98|GznMe<RC4qcNx|PoFUqXzGm1gv)DF`kr(q@<txlV8fcS#MH$A|3)Wc
zD@#Y0A`*M26}qx<8796;F}KJC<|0j~WunEX3Pdz=!jH~!^1a$3aRv0$%Qyi8rmji?
z{;oPj#HcI^LhD+SO4yOI9myVTq7uah9juB7S6m58PEG>|V40wK$M92y{ROsgYtDJi
z7m46N6KS0~9KgtP9J~FfV*%Ko6Yj6o)P4{V!BJNUd^A=JLDL#iR0kNjS)JC7Y9-3#
zpv%-DBizUd1lhDK34u^tsdmGM;muP7Y2vCg`M%2WhmX;8%?VbNrB-Cq1uS)X2W-?L
zmbx?*M-HF;tP!%=xFLWqC*w3;wj@);w7yW<nqh0#2G-<)tkS7M^>)^Iw#p~X^pz<H
z@+z0uxf(clC19cYRE{F3MkfF!DwmRzVB=wdP`V2kUXv+F%uAfma3eCKdNa=jWbZE;
zwo8Wk1Z|+dPSh?cGQ^=fa?{mOYv(6zQ5RUGV3yhKm!ezM?t9S@1@p3Me?A*IPtw-9
zGz_Pu^Mv%ww^1@LA0&km^9I9ov2}jfYy8ZlefDc}d;X9>(;Sp3zd2fL2VB*@&2lV)
zs#&uKb!}2vZ&`Pw+x$<GJuB)susMC^G_boR{?~T!|GBB@WN8RZ)059gg1}O)4_*3b
zcacH;$=3VN28Q!^cAfLOy#KKb6Fk(&Lj`pRF~u_3Sbb$(G;JXLmma2Pl2>_4E)ACm
zs+{N9w;d~Ahr3fV?F*J}+K=iv8&!qkkjecFOj*Dsrl4}!;MoG-#4t~{p99OUA9PSC
zInTZ*=jF_sD`&PNx(+_S4EuL^IO#B0IGb<WVJH<SDrybma_h)T4x=}7TOzwtXU+R^
z0&bq6=cU`PikTZ+o-eI3i7Rg|PhRTg9Dj@RG~TMajkF*u`yV`gXn%!lIOzoCX_2jG
zy~;d$yf%tVUE-7G3{5qlNH0Mav_MYo@3Y63m>sxl+;a&SQZ2HOEzFAtwyv-i0Mjhy
z`Gm2A%PJpFK>w;vpi^X$yB5m({jF69Dwxfs?2RwFz(koSzv}@2<j~)?i2eZ;qP^+N
z?v_#*xVANRkx+3{aX^drG|X?EAv)R>Agr^bA_a~a;>Ipn00mBkvVQt7B_fGGeYakM
z&w#G>^u1SQZf`7^L5Q7x^B#sh3TsLz`YGsDr=y~AK37x_+|_ET&2=6{5n)8n&PM(H
z>z4QC2F$a`UjBjxuF)>^+d8uhB}MXd;dI3sTSF(P9Auo??^oI0mC}LR?Y6nU99dR8
zD=YhI&(6zYx6nM-&#BR!I}xI<nJXJo=7}bjdAVf(+*qS&HXY8zfH{}Gja%@Yx14@}
zQNILU-{9HCdaa3jT{Nf8`Hp6J?E`Bq8MV%aj79as9j;*S#}vgR)DeJytYRTY%hQAy
zJ!8F(Og<-2)Cu~bGQQJKZUFt}ZK7hC58pv4i`FkPx8%*J_MGyfK$PCNAFtp1Y`It}
z#FGpNrAXh^GHqq!Br*1G@*=nK!x^9lI{KZz1|!pKF<qfHG;EA2^DMIto2SHmKU4T+
z-hsO^D0|*eb{4(nh=aJh((8$|t`4Hc?$eHMsN2cg#QBH6Gb@Ak8u$SI0mpl`JH43}
zN)The=aM1|=}!zLuFCfBlMXz;=T6yfe>KORhDM8Jdb#5^G8$dnu@$00=edb=%P9kA
zO1<4XK%Tt8z#6AsLz<*Zo25F~s&O8>_Z$ZsQ0^?cPqE+Y8#J#dyvB140`?Ho*R%v>
z)b)YCh}EUC)k+Fis`4eTn)l?bLiLF%aFER2Yf_V@H)nmyHqBGt{3RYO`F3z$d$KL1
zGBD2$jsr&nOB$uv^4Gn+i6v}`Vs1?HnN3P9-Cx7c_zy5%J%PogrBX3bl=Rn5^H_A$
zmr~aJC3p7mlCgFi!U{vqJMDT~5~9JNzCp*~V0{e&iv=5iFXA4C^Zf#yLAOmw46|)#
zyAtz>4&Df;kcDn5Kf`E|`45u0=WV=S5(#_{{bmxO65RSfuki*;Bn=zT6`fZ!kK4xY
ziITV_4t6biXA1z_tSjttzeztwKY4$%@Aw4sF12BN{FC;p+44@}u5a$Wbg`E~<)xt8
zI%Led^d7MszR~yAO?UAFdv}?{AP<Av7wus$y)r3Be*MY-2F!c9^-x?_M~duSf8|!Y
zgcyyg|65!6{ArQu3iP%%e}>A70M4=@?!QQ<T9`C_ugfNw-_UVzNDe*I*~;pb&!5-K
zl`oUo#q9OWo$yWdmG@9K91VvSR^Hn@23Lp71`^Tx{?EStmaL5R&ilv;W0;sv1H$*~
zZtt3+Mt<F98cis_r=hJ|JEu8*!+uhq;j!VbqCH_^j;~ibE1PZT{3D$@!S9)We$Fsb
z>(rFI=z`ETKR=`FVDZ()r`D$Ju_?s;4eTJyFj$^xUKgy(JvlMS+qUFWS8&Vp=@7A8
z!)!XF8snOxRiAP@!{21%wCVn=C0_PJD@-4gYKN4ElzTGoPa|i@1j>#B&>uv0!QhB*
z)nvuLq=^V9>Z);R4VS#_a4HqWDWP{RY``3y24xo5HTZ>}gYI7lPdF2X6};)I2+{Q|
zQ9{<_%1IRU3k;V5C;M{By&6vndA`b~>W|f9>46y%@JU)Ff_3nYhRQO6s07k7T(N2Q
zGssRh^6TAw0%E}UcB+R*7FoVLd+e?~1z6&!=UenA?{6i0RtiQ@%uaT2V7%D9Du_&~
z<O2K*1WZW2-x}fT6jHgYwBx|JSRkimd%FqKcDp`0(FGE6XK%5;`}j>Aaq9bHHD-1$
z(EH6}0{&<dDT|snE<kHk0ljtP%bop`aeY<r$HeYuFE0uBz&~jYP~4z;x6z$!-e^(!
zDN1BLK@<Py_xT?u<&o_?Zf_*}VhEK-`l9x}(I!rm#c3oQi+rAl(=TJ^&clHfC}j+e
zimBRA0FOX$zejgX9JTkj>#*T<s#6kfTHIP3H!QiJJV#Si7fHs)f7{r_a8)PjU+DXH
z&G7}&p@S*Mang+^4;s*h;!v9gbpZ(E<Ei(O^ix(yUS23mgWB0;w=$o*qc~^af+#uJ
zW|rS)mW}-DG>^lvq(ZbL$1Iil49!L+hyi$>^AVP+M0G~P7JLC|fnpZ>=rC0-FzF>B
zsV!k|+)JLxtsS=nvw-lr5L5@BV_wdbaDJ-yFA$*xoUutAO@F<3`;Nl$rkU>i60h+n
z01n=+tQ!tzz|@P-uqnoBMIz8GGNle6MY64~=z;;UTo5`+X<h$X0#oP(0ps_YMG(Ck
zdQnmUBRwh({y7WznluoIMNcOW!1A&jaF#PY)@Vc>So1mn?OFR>co}=<B)PNph`8X4
zBNH*(jC94(MwRW2eFrXi51KP$73{~Cna35-+fK#Yx75TvQ^=DcVEnB)6P;i#Ogk$8
z)S0}VKMf~kC>24@HQJgBaI)9;FCekH^nOBP!<t7T0r~hMKAQ-uERR0rRODl?c@cjC
zKQR+qIRZ!D*r>p)L&e6UMD9oH$@c32giG}<j(Xt~hx@w!@Bg(P$j{sfGqF=;-Pi3a
z$nwKiGaxA!|G0DAEMICZ5+E*9^1Xk4DcO<f-XY_*3e=}U^3~efo_ywgEr{O)>*DAe
zX+iz0xkDo0Ay5;Au#rrxqE`4TF^%uY)WS9V>17Wt*PvXTX6ISN8(59e{oe|*TJR7i
z4H)!SET12Sut&F*i^OE@0gNS`scqjuAwy+8DPs`O5NNy|SjkS7Xmjw}*^ijX4@8o_
zn9pCiY$d>srV$d6Oq`bu0BX#!SZN)!C*wZZkpgcX0O~b>*!Ro0vO5OS6hDe9veaSM
z3UE)m3-#kixwb>1_q#}7m3edN&DLR3)g`~*TJYx~T|Ak8p-#vm`vdlOUo94M2hk<2
zswQ@9{*+Z;>ND4dZ%8EFe+Rey>rZ0Mk51(GivG)b^7huSr9Ty+W*F-04}oyepExN1
z#^`X`WdH%^#?8*!zn;~*y?f-cl%nZoO!!qw<UyRqSD)2i2JoMvGEIl3>=ajHpsXA*
zlR_NLtXDkpf7x8Vm<m+5p1bvtf(Gx2UD;=4SI~7JG@AkWi=TZRBXC6l5Yg_SiwwJ*
zI7M;p!8$Ww8dk3PAM+pf^*gEVdh8qIli%9aASd<B+CCJ9lzkTTPOpxd#irZat@#6J
ze@SXy<m}T1IYFNJ!_SC=(>vND`Ob|@6F*pCXzgjz@TVxqzPY6v?RA+)S|w7{vlz`r
zQEm|h;5(<p1s(FzxsNsK!G4riipCWqS^&Pq@^jIBFaIsVlp$$r(fs#!jS?jxxc-~I
ze#}>z)jEbesfz(?oUDa#;O}!)PfUI_x+ALwEd0u}b<Xp7sk)Z>QzmCpLSX@4jpTQj
zU5T5~!d+MuA`0mHA)2>WrAVUo^~hXO8AqF=>aXgS2ba8lgr`7V(!E~|oMDUcPE2}<
zHRu$ky%s0%gue^-I(OKaMy6)ho&g~1vGa(FmsRz2#ni-cVJRp43{&2>Wj1SP7@L;(
z91kScv`>*8@@5<t3-5@cCl#ua1yykNLGOR)IVKDn?Ic2{d(M-5Rp5?$Q_ZV6!>Kg#
zs4ODNVOF?@l;lJFc5gIjlLV*ExN1~H1c3yEAKAWEjE-z{!29C+jeC^#Q2DvM@3*^=
zTwj(s3GANcd{_WghSl46xtUQm=7iE9^5Hm{VZWWUJi4X%!{VAVGO6Nu(k{-|*SsO-
z-K{?vP9q|f-rFn${bYCP&|dW%Q?sN=DK3A0A8c5kl}63HfDacK2)_9pX17Ta<kg9_
zpL}@0RPM`vwSp8|{}Uq5NdLnJ&M!AT>F0<6=Oa_KZMlKw4W;W8*XKTjXK~Zy^$UZ{
zZ#YNZ2OAS-vIH*)I(^LjR_m7+pUUYw*J$ezE$uVQt9{44I<;K$4lXk0u0p=WvOF?M
z4qX6X>72&BVd&mIXTdxf0A%Ir%}g`O9(CoH?kDt@-PDcbrxNq~TTj4N@#@K_BHsa?
zEI$<Xm6Wpp-$z=HH&jcRY4iY4@at_MZ)i#3vS$TLVd)WM_U`umzVm|aT(9}8VlhC!
zNoNN7NA8ZQ2j6n`Uo*off(p;uPZEX$edcf4S`y?a2Mqh3OV93De0QFH+kv0MZNveO
zd{bM$SlQh&N7y-`!<YexQDy-Wo@;z%zz^1r@E&`F6-A#VDN+qhI;k_r_YwjLkXXC3
z{dSRc{`3~9j@JIoi4@i9hK7RFP;1StCMb+gw9KCdkPRsghyYNHB&*@x)?4n+iCW!d
z-g%`<J%Tg*umQ4H6;N-&ZrZ-TRww&qnm^mnRdixB5$2&<wQ2xDLmP?=Dc62e2D2kR
zkXq}`srASwf8@ckeqk&!c1zu+B|1SQJlp~eci08)4G;3QujfD7AmpWHaKo23f)Kf1
zH+-@2Hiwq~Z0|xw{9lspAv7Yi8qhEzl&}DObsI7isD{1m|C?l<(aI8MPa${Ps%z+7
zZ@${(kE;SCQ4)=%1#zpoe2k*lt6OiK0x+Ns>Lynu-QI$AF-M9v$n4Ez=*NM?)C~?G
zeT2EB=<TJ~r5u1zFZDcfMxf!|vgmeXAZ?+%7n>Pb-G)pZJZ}gYYL*f{4eB+-?mzSY
za$q3o_`Vb8y?i55+si~%Sny5F^6DX!lGXDlED)llJCtfMRW72@EON3;1?i&=*%<J8
z5J`2^7oDeFE1;tR^?!-qte}Q<G~+R!6b2XMwP9OadkBhVSHCc475p}y-yus5YCCj%
zgL%V|2DL`O9w`RZPx0bj{V!-D%Ww<_Ioi}%$3=K554bI^E-({~6i|uN>fw4{1k4eR
z*5^CdOV!q(gAbiI$7w=-dp2VzgVNEl<sb-hx=f>aP&{wqZuc9Bngt7b@}$Cu9VUv5
zY>&=3?la5`6&E&veI`xHjjrxGEe$SngRB4#Kf%2133`J0+PlYxrIsnz2*T*^&lPO*
zxcyEeuXTcmrcWdPBik|jFZ>iF7|<omXB&Md8fiuB*$EF-4Zuhn?$wwUn6?KP`&lJN
zx?3f}p69DKDlpH;t(%ZRuhj)7uLE4=hj%C$!s$73S5Ck}CBD%+;=q^Nv&r7ik_ys@
zlD8zGFw51r@a@ZGleoc(GUZSykPRp0$0^Umv-YcmcBd<~dw?a$)@*sqri%T0q&nmY
z7HlC)z-4c4ZV@ox$Dd5O)JsoO*a}pL>Gs}gF?8FT!o@N6+d+-@bJm%vKF%EW_<ozO
zJQluqyOZu+wXyQJLW9Mca@xFz(OyumV|xf>e^sMu?8XF~U;%RG3eewEKac8u4xEvi
zdSV^xWAiS-fZp((%shaTYO=Ayxw6Aq^tmxNKtI47<=ZP7CBuN7U-ED2DE~^O-yfZk
ze~&r5e=h64x1WjJDEZ=-d1Xd_-4Gg2m2heRlfdK5-%+oLTOJ?s=zl7o5=C_^li!U-
z6J0(jf-(V3jsak%wU+>lbr9VBYrT)RRchY9T**Z5tU4h804)FjO9JB%0*oUXYf2y*
zi8Kw2>Pe~n6(XHP@`z*%nNnn-euybn7D+QT0FX@pAe>NBDvc2CqWX=PtI7R7h4^Ls
z(;`BBc0|2304zc%)<_;%LKGkxM=T_vaPt7b+5kvGnLR3%oCv^TO3@?QL;%F31Hga@
zMLsp8U+rz(f3mXc5CjEQu>Ra}-IKA0pBV}elyd-EebY9#o{Khtb(XWPAtG{(uXx8q
zvKu`MA)!k=c4^!8lM^BrW@O`<&k)&ZrM8_3!qHu%rG{xT3v%=f832T!XpmlVxV(9*
zNafwzzgZPM4fGCDNlD7+YFC}|7Rq<AXfCtvO{Pa~5AGP5z$z~HbaH?S)<0R6sct@U
z?l;AN2)e55L+!iJE}^Hwc_ra-olVNF<zD5VxAN8qj$%-UZj8zV3(WV@Ghy0TJ&I%V
zclpuKc4y<ucLqk?3b^j57NloNcX&1Lygj&Otgj3js7xWATIb+qV6RYZjSpPDjg^p2
zs!iLAeFuKF!;8*Tq1t<Z21vSPk|^lBTW`flo+LG)fs#N8s7?S6#FMK*jjtGN(s19{
z2$n=~$$A2E5Ft%(Uk_UjH2so+Z3P4j7`d_1+Og-E0k1EYC^_vjk1$5MPYBf89xN$V
z(0&b4o=}&*AOs`CPRacrly|Y!)95HILV$u8vs4P5*c9y8xHOa{BFCm)q<HO|z{p-u
zNjPD#DSdG?qt~Rf6&cxe(;H1kBc>iY4~!LLwmQ1A01V^+mdlRt70cK8)q!>WRm;En
zw4J5oqf~hG7$XdRe#)Y!L*Y`VuEZGoT_hXde)bTQHbV3F92z0IV>pKUmmro?aJI+B
zM5b#g1?HV0vqbocZmilui__3lIvgCPP@81~N8*4P3L{phUgRk4-43v0J`QLG%PY1$
zuwyTAgWiajXf0-VHI0C;vRiu;sdt?4YDWU%8K#t8==%%YXA_^`tFHoKAt&;X+mHa+
zs1C|Rnyww3BNYnevqN}hy;hN4#rp$yOB$Tru?syu{U%acQ!5!*mdo`WpzDcw+>};p
zhz6V_+Z|2A_5f%DQ=-FjbhE6^2fxuHkl68By`XXk43DXa5#bNAK#uxJvy;wvBeFz)
zXvpxS86NVQ?3PCfUf`)~yGij<@se!^-uG-vUw}Jl5o|Sq2JB}QN5xmL>NE>%gDaGA
zuCai)Mx4G@npT=O_M`4;&pBUlIaYpM*y;EZZp-&sEqnz<*~q|+*ac*3RTo0S_e=0k
zcNJl%5O6@T@Zv#NfWeN*alo*8_ed-N$s*<i-uW8^^GK+MVOjd8o<?}vNsM_Xy3PI0
zAGyhNji!Vkm5^IZSw`&a!t$f)sxo)=6Pyx;DfwwK6Gb67@e?y%X0vKcV~u5%=KY%r
zdj|b_GLvhArQCq-Xs&%Cv_f2pfM~&cD`!?@w}$_qcnyfeGo2a7qY7Ty%kGGvPh|ow
zJY4YYIf@cBSeC>b#sxhp<dEvxVd_s#VT=w;r%n#!t`odryh1Pc5$@`Q&^bcNY;|FG
zQG$VRdessjzv*g|Ka&Q>=ku>_9RqGO0^x-_1%#tG?q1wCEHLW`PK^%OFCd~?8c~))
za~gn__h(<i7=AOTUErK&Li*o_3|ByOEW@Lt`7)q2xgCIaPLF2vGf?oUPEB4MKMGtX
zqUy3r0p%586c9_$bix~vr~rrxN<IntW!tqrzR^kot9N(aJI2Q*l-V){4DCA2z;a*_
za?p0Aqgxu>VT+QZTemNeH`+iuILqLp?(dpFh|`zR)q#-mPE;frgr!Ry=o=<o`{oS!
z*AT^WF~X-#L}_KVtIwqmEg?Y=Okk_+-=B9(=n>As!4soM5g&MPyv~;bh8$bO1~4(!
zY=b2}&b;#s$O8(~`S1(2j@T{V^XB{s^f}lLz5%y6*KNTUSuMO*+4U{2v)ExFMAjUf
zT&=#|;oyz?@QW%;JpjbDpm+wp0vnUmLV=}Wu>?jSoPw7(gQHNwUl+4Y?{}ibJ3kxa
zf+tv_@719jmFHQm!mUPOLg2I{#As(ZS1;MFOzynZO#b@gMOpwJV3bWeP(uJ@MQ<E2
zH3lK3i0m-?6f)FIr<Ct2_(pp`OBk<o`RMmS?H#p;ja>^eT+Ux~J-F%<kFL&+|5H2J
zb}Vs9pKmD%Fiql=h!<D+=ePzA5f~<de>L}Xl~A%KxpIJ8H1q?!U80WeOpJMX(vkrq
zfJ5C5GhK45K3Qp8PS6P0K?FGE6x`p^IQ*`mzj-A5HaOX0aYC-u>JE;3`%5t}@PY#e
zaMP(rs6~JT8=;1-0nR|;p0?GZ7S3envn&^i<7=tmk|}pw0H`bHZJ~!bzJVHuqz9n>
z=m@kW4Uq^43O7)9Qf)W~C&7kGuR$sewtm-MBaO%Kc=<9Ia0mGGfoHnREw30~<5*A&
z!_F!t{&ax%RPrn$9#fI+^Ix1u?(nTW`3gb#uvx}lu6X9#IVX~@0~EKLifTTf%PCyB
zbIH>Sun^!jlqF=g5>k5pj2L(`%!1%~Uj1p8`mJc3pWSbj6(K+nUXO?l54q>Nuo+`x
zZ186RZVFf@U#X+J(g^<GW)5ZV+rDia&d$%oJD`hQf4wP+lA;G7h*P*Om0GxdpL)%u
z3p)o7?F&T2&dyRZ5~bU_)6ZbDsURgUQh2~U7FXmpX+2%NuW$eEo`y8?-!oYcMT~$5
zn9nuZbtkR`V<G7`kpT|IjZySQC_WQ}N-glw$3Aiw;yC$<U}}bd=SL?1`?hbup+dI{
z$AzC}6H$ogD}s${Fis*!8sA5p05GzcljlfW1H4uSoWQ%zpc}ixPRMz5KZ&v@R#KKH
zgOyrn??X>WT@=Q(fvlD7y1swA(=F^KWFvB_ukufD#Zj&)K&Pj1nSF2&iUe6W!HXI-
zw#An;MP&(^&zHKE`T52qNf$f01#U97p%rF5(Ub`aR%)Svk3CkvCKV0pR!78O`9T*?
zf}Z(TCf_B*wE)is0i32l7+?!gefD6v*(FSe)PS$o_+m;W4$x1$lK_3MJYp<I9_Rgp
zCe!utFfydE4cE9GH8*f1u0XUn-Zc1Z>J=nT<H#dO4(@~<oZAPff`DN;0nE@t{(+E4
z1QsfN4!cH6oU_%+;cIHEP2Mp!k>NsF&VXw?EbrPKa1($NTk+Nan|b96EqsdCk%;r~
zaFwfatukqjAMlbGc1q7eAB-;)iVmbHoAAD2-qWz7lNgVmfMC!9+Bgc{Syl^0LTtu>
zH(vwm@SKX5C))`-&xSc=P{nlNk(!8jJ~<&*tq><6c4$n#;?h1&VLVyzL>*uaEX1q#
z91T4!I4igpQFEro+sWboFv>TO;WD!Z0WXZGa1%Mpx%yj!rga*e8ICXb&OAmh+}$7Y
z88yM!j-^bKxZN9EK<r#|tr^hoo>ttcp;;n2&RC7n%Og8*cTBy`j}0udMI`PU3^0L3
z*41-3_zy?x{bWh+P*uDVJg$MLnyVAQvFeBX6ik5Fgm7b;)Qn{9aYW?Q1A*I;-|}9(
zy>5Z=*%RV7Sx)6~V4RCmSuWu#=YVtWZiEQj<WyXp(spWi>su;r7yP!5;PfH_#nm%V
zBhm)qz6F!gn04Ys?RbD?BZxJ%UIT2TU#Q^vnzx|Ku?s@$059AGisCgHE~jIVhefSc
zDNgdP?0DbPb64GZ5=gq>^rO4iC!RadG<f9@AxSs%U|OoeB~NN37O$_u=|Pi@|Bu8w
ziF*c%G{57qfFjEk<Q&X-)V``MrrB8mKJnf}2H`|^A4NVO3dm*Lfa$G%S~n0Jh5C&E
z>%S0@Jm7@e!yF-H3vR}&!0(A*=E1=*%k@EsyaQ-(9;meg*2uWx#4g(63~x6TAgu*4
z>LLG2TwJzJz7o+%74MDsJTG$^>*y#2v`O@H$GvM?+!-TfKT_hvrs)uwE%Szw4VKWr
zGVOa(9gwrsRwWv4HY`MNANjAa-#rb+Yc)>Q*UQDY$vQofp@yVt{@&@;u%x>|TImv)
zBkTz(r|^AdYoo&0IDw$;%8v6K4m!U>TYdzDijhQwhy+(Ajp3zPhbt}F(6}*&K(;U#
z%o#;=)dBGGlh1)3kjr`U7Z|)4Auhd&Ojp~eN-H&EY?olF1wreIgDasO9PkR#LTdt%
z=+QwZ{!DJaR%a*@qF&oLX04ujvu8pNCW4TYrV={POU+WWF5c@=0E}>lOzv;SkSteB
zXeK(u$yy5>aRXNewsioNFcnEj%JsXa2;`_dK#2wyJqFvIGPu=eC_g!c;#-|+;nn*F
z;rm>_dy4Z!kkwP?xg3v;S@|ZjwO7IrZzS$Vzy;)IT&)mGkmh$;U<C&CyQjEvHxMf=
z6$tTaOcxljZS10!Q-R+ue9EGkHA1`0vSU_ULd5RO!=bT(BFoj(w6d{F9O!O2Cq#@R
zv+YU~HS+$)m3Z|urBIC`&V#Nn(Ooqhh5#;QS#fx1G&=c;t9E#w>vvCe?d$<@!xJyC
z3k%EvsS2qr!_`^}ba|ahXko-7I3w4JpDgJS?+*%Sddp8d;862yZU?4Ch8rl3g)u83
zq_4jKo^|pS&mwI~m3Z$Hn%&tO99D1-OImyq@%$E*WVQlQa6L{|lWJ~QKZk0oulMrp
z5^pvO%ET=Rd%YmJ;{(FFNH#(w8yesYgFQO=3TthEdA{F0z2^K}XRMwO*zPmsF7c=+
zUuU*fQNnoR0L%z*qpCW^zHRk;J7JFA<4j-Q2d#-Zjgo4V%b<hitYKWxbjPUD6x-Gr
z2K2k9!|(;OKG*M_cCEyC^+a}mvA|znrhMLi(aUh__WRi%<%~iZvBg+b&(HW5|0nj_
z|G%W-(1C)kvEOlb%-ba?;VX&WJ#8n@1E$|S^~5RBKSr`!t_J<5ez+$_395IcH=YQj
zNK{Cu-n{-8!5usPKb&<Amrsw##2s*`W;pEarlvW=-J9=o?NK-CaYW#6>^ZDXkdG2P
zBpfsT+5aH>U;R(5KK;K7_bL*7zD}Uoc%0|19wbSb!FFYcrf+^Z{qCv5$pa2JqvO_u
zR*>90{1t*FfdT#QX$4FHdRm>|aHdOMvZQu3;ANB94C~<@MYGhOZo0^RmGnDl3%2(Y
zv=g;j)<+2jP(S;Bl=`RtRi?lAADMjge-XBdLE93bad`ayZxtdp0#Zrk``y#>2i5PM
zE-&oXb3_4L#t<PAYA-0MILvbyJdDS%a(3}ASr{O!?B&pwAtzXz6yNk+Bz_|TE<%$N
z`*7t^gmM1LzWx8(ef)pU{Ad58a-aS`Dh54PKv5#hV^~V>o`O|?ZIPNoBW_V*t*Pvh
z`(jk&YVdk*%u#&$Xn<KjFFw69GaX_b6Z(Szm1Vx)Jzcd9yn9mY`pv@d>gC5>d3b2+
z8<{VmuEH|n+ye^tX#2_Be_g)#e-!<f|1JMq#h@<*h65Q3Ov3n8;6y9vn|{kigiZ1V
ztlcBT2j}Gb)FMDboegUNgsc#ALKu^H1rQ5x+wY$0??txXJr!IE=G>)^|I)yEmUILQ
zqC7^wp|la}9<V0;{FOeR*+>6p=db_26@e5_$c9s*_;;KMcxhXj9>kW7qv@29)<k%g
zAU7ONcQ#GlLPQ*UBMf8E>8+i&5Bl9b^@;Cz;~?|`1N&a-hFUc$=v~s$oFn}a>N4Wp
z2l{QF^Y{;^Z~ng(fi9>l>GYY01LrV~BG1>V5})g(e!%_iY4O?su^0VN6hq*=|ML6Y
zQ_jG}BWM7Q$>T8`mc2{5qu{pQh<QIqKOgV@%e}vfLMy`}&cQnt{!U9kSYFw7)#aX~
z+JNLW2}FGne?|T7>5a)(aK{XR@rF*mA_&tk#pg0h2KKwBbM1up&ZF6^fL_IM1Q#bC
zF;`Qle69GSAPG3ZBNlC1XDW%)6H*WMH*%(542KX*9vpwq;;*RRJ;jL?M*<vM%A96Q
z1$jzAVne>)J!N;MT)%rdunWxaT-wk|UT3$;wo+_{0A|oaJh}<#OuD6~60;v%zk3=5
zUs}r!$k728BnvdC-#wk@`rXr=0Xv}IJ-xdVxW*b~xM~3?pj+>riot*ja-LT_QSYAW
z2iNbOMoT^1Iy}|N&R+)8uRt8s@1D+b{q89(E3&D3!hE+_;P9pmMQLQWmTtX!YM}W5
z=+e8V-4?bDKe&GPG+024&a!&>06;${Pru@R_w*&!%a+lt-2bDY%x+crr$0jPp3<#%
zPft$a2j1_Vf(gnn)TBmN?wscjs^2|5G=H7eyQh5yBz2@zp%LHjqm~^zQdWVZQ2ED-
z8l5ndD=$Z-C<(jVdeiHE;bj4ysT}Mb0Rr&b9wAV&-9$(N@w&<sM{DIrz?cEoy?W@C
zwB9|v^q4faROk;O&wm8Hdz$+X)SL`L-69E!t}5)31o8QX@7M31&V;yA$D6a&7-bW5
z>)q4l_`F1Y21*y5zYiBp&=8w??38LeRSg#X6{Qu*Kh=^XH+SaqT&|)@EIo3*z*)+-
zjtroW{K93yBTOqCVgFnJ5NJ{iYG8RK8LG=Em%;73eDmk4KVXS{)mOg|L7Anu^>^hv
z@sI5An)+FW19#^6;Oe|ZaTu1BnHCofz(PgK)_G=m0hF?GFyL0q7wbY8B2DbF>I`%g
zwVR=?EznbAg1EmymBrZ=9hs4pCs$gKUb40OVqGs~R+UhTO9Yf3=H=R!t#&6JVOu79
zvxoF~it3?2-ST2f?3S7J>F>F{S~<2bEIf7BPFB1?5Yd42PG1w~heie3w$@T5;JRV!
z-P6OT)Vrszi{L+ie)rU%?Pb;tCl5U{fHbh*J)JXmdT%-Z`D7jOr(U9U>)lgbZ~D*G
zp$3fy{CBFLb~YX$h1&a~GTEWb{%CB3u)x)f>Q9NF2S$)ew1V<YHYVp69ZQyc`OB#z
zOb%tsyDMDtFd(pCebIf_wXRxzm7#nG4xoIqS_WT@5a7^m%PnIPtm&}awV;S4%!JM!
zU20QLM?s5}&F^|YW?6<}TVPv07ApZA-DE)rkUZv)>l5-F97}I?00aP@W|`%gcln&^
zov5koW0_eP#9+G*Ygiw^@1vh7hNOCUv0PiPD52#VWg}b*Shh?jqqanO;p)n<^F7Q6
ze589~%dHvlG1v^5Q=U*A(dGPgcM>n+&2vI2edF-lL<aPj37sl=T@3>qtZ)zk=XJ1S
z3-r2o>)lg+1igD&{($=3)5hd0#wGkxj60b?T>HR&_q5OVyQj+cyQe%^@1FLbggQEP
zD$dvr4=_OOA(=pk(csL|brs(1mMf2kwo+m4_ba`w&T&mUN-=4q<lLBmF-kS}aW-^p
z%ft{Ko@fb?yfe^{7sq2N{XDm;FoF1iSt-g5lL0N-R_EnBD-&H;AC2o6)M8|=R-=o|
z+IH15^1^sPgPnYAnyy@f(ap;1__BIqA)awO&>~|E;7Tw$?u5D0yC3|ExArIveULtH
zcK2a_b3^8gA+yqh%y~QEmk}fl>mo_Rzy}wQ*p^|+EZv1eNmd=bRv;j$9wq@KydwHY
z3ceGr?GXgN+|thD9|-iV%7yAQ3a5c+s!Ie&Q3xqAobe3{4<`YH@f*dhK9fk8n!)@k
z+^E?BJ0h6B&^dumaEhR1bORs>bMuWyD9MQh#A~MstVtZlwaKy;)524sdW4_Iqr{P8
zPccPcL<H}KTNfe@)oJbPcQ2ic?E`i*RrQI&#uV}M56&M>OCL8X8wqKHvku-jO=ErE
z|2RgWqKz+0H7UGJ{LKbGe(<YJ1q2g5`fc;_s$e|YPDqhJ8nW)|RktJKR?;_6x85OU
z0Rnb2Ch^k);yV@SnMg$jhb=LlO<o>nT<Qk^CvLWoM@<AQA)p2eO>|;0*I2%zkM1k+
zsJy__jPC0pEDV68x$oI8D{M?O0Pqb9_UI742!Ui(It7V)*HDFf{Iw}9?xY@o*2487
zqtGiw5a3Iz5`H||472f~A6;i90|esN^6=yyf?HRfYcC`ayqo{hTy)nF0kefl_>Q*C
zdJX`);b&xJu}vx0*J<eXnl1%37%w91G=wqu%DgrUp`!s%-MXGfhbjGhsSZn^aS)+O
zLqpC%uDNrAvhLXuvj<CN-;FQ}7`~E$*?c`}bk&JgoeBY`F@(&%v3Dbl31iRMZMKD<
z?<E!r^c%j)dD&FWW?9vvoPn2cFTTOojau)X=6@V|_Y{%_ZxP=i0P{cXclUIagKtmN
zyQlpqrd-fM>27UMQL)qMI(n$R-^fl4q}?r>B#W#TrRt(KJND?Ra=gO9KB@0pPRWEj
zYv&@WSnWw2Q*D(_JFIj3J1-{}<Orn$fL76}JhR`?9!{&1Vh+)woQIc~HNK-AN?%%g
z!0GpExtL#gb`7Du(@EUmP_<NgS2AZQi$tAN_fH+R?8zj!h4H9Sp+1^g-wcj&L?vI7
zbCor1H^)i_x$02EsFlq#0**&#>V29s^+M-4g>q(2?rE}7G?~Vr)cLz?meumQ@#6SX
ztyIy#1T(|MA~%9WhfcZwTz<&XIbkl$SyOpQjSEK@dg-I|SM$~dQL9*alqrB?4qcy{
zIMi~0>~-6$*E-m8<UrVC7S=cZhX>nA7GIb`o-P6RV7B<l5{H=WfCSc9r0hIUyTv!+
zJ9E5r@nTZ#MWYuh9^z0E%a#uV7%m#T9Ti6suphN}gT-gL-O4?i&MP9lI@&zTFEIHy
z`Db$PtiP1v(|%d3?+NgW3CmH2TXMNFWg#@n>kM2W%;d{l3Oi@?82&Wde~D$HQtr$T
z3%JT>%C!81;*MQV-^w{NG%KsQyT3P6Ero7-9{f0&ZRP}6FefYN&U}C@&ZxO7aa1nP
z;?#SoHyk7CYg$Mp)%P#ZwJr1b*}{d(EH`v!I}8vzs#hum+*_T>WrwosIpquZYNB>o
z{c&O*RDq^Ma`WP3@U4{*v(`-aZ8D<?4=uo?u~8vL$}~$A*tf@Yaa2`@=uTcK3V_E<
zHK)(y+{Y`vxS)~Cv&ROwY6+IJW@5RS#rb$Gz<%!|AK{KOZJD8jn^0uF6HCa{^}TJo
zWM)<+5au}ec83o=K)F`{YiFt1+1h|@8NAFLX0cgAAet2Fl|)}%h(}uPIr1UBm&pCs
z%po6()i1X5H3IXJ+{u#%*T<FqIEycS{JV=p{xI!V?F80l3JdzFy68ndE^7;hdkX4^
zE+jKP(Hne{%C{G7b_V<H70eK3SDs97=KGpX$;$Lyg#W=Uibap3d(hQrP73$68bc1g
zmpa;6G+!Njq#|%v(p5Q3C(OiH!ll_D*YVxYnHS$u7GI`Pcyk6|A=8#MFJpO>vgAvA
zS%fb(yPvZbX&<1L{kd~!g{bpb1vcfGoNyGi?ej^;J)LWU0_PHD(RE=9QFJz~g$wTW
z;dTQ&RYB+6(CmykA!Ex{O2%5Xp41ElC6B)8)7<qDIT->hX9Y?o%__yzNd*}no+@uE
z-g4mIo4x!VLPWbAWrgA3q0HP{yzbL__mn>ty?g3(#j+MG>*OooGYRtt-|wFG9ZW6Q
zsYOM!6wp;OW2KP~XtqDJl;b7PXd|WLV-@yVgjdq0R=<dS#XmoR$cRgo1@*I}q9fol
zeyGoq{bl4)qjHIt+v&0+OD9e#?C%KmJ;<;q(+*wsNnJ6zQ6~G_^DX6c^*CN|ZUqo2
z9;@hi2lVWnl2^w#X*QQZv2*F<m_lEI_*pCSgu&dU(5@u7PqKabE{+^#)l<0aq=&=g
z1*pk<4*O=Pk2Ay`9lI>6!+iUQKOUA+n;qH-|0?6$H`CPQ{FLW7=Zz*C?)-4(7NtsG
z*Rfe-RUAg36|D%}dB02FC0}{#YjnjO<%YI?e9rR>S+AoTdR?ed796Cru7GLTdi`t!
z6AXo0szYwsw*TOk55~38d)eB#!PXqz)_BkP!%(_j`yu7vS{hlGsPPKDsN{i-gDis~
z3w+1!gf^ZC(}m<JeRUEhT{s$SobR5`*XvTK$>hiHoj6V2dR3V`@Ry=LE9>7YD9p+A
zQI!{T`8$j9;aR-C!T%iD2jm_SFo&;^zUclB<{M!qKP|JbRC~%nyHXnA-m)zN^X{bN
zme;qPQgj|+q|#o^F=Fx3#YF*QmYY|K<z$1dB`|EM&-qV{X}M*r+1;P?qXu4z`l@>z
za4uO&QMSLm47wWv^BfG9tji#MrG1qFpsJ-)&}8#i86X=^&~?&iWB#zuX<6-I1-{QR
z&&2IZ?C9HcdFPG1?vn~h%-BEOQ@`j7T$U{JxEZgo-9MUv)HiXrPFUJW7D<k5FDm6+
z!?jiAfujnLHq%!w{<Pw#q|Mgu6jEHT6~L2&X4FC(C(i{;@np7Y!ec`~LH8@>V8u_F
zPTRrKOkxMa@&@a&@H60L@4KJBtOkMg`!_(>YsrW|dP{2`%nEQrzwArwe#Jc1h5-;j
zzS`SzP@p(m$6B`9)PZp5ZC^ahQTo`X7@gybt(#P3_*~X_c~OT7)N4Oqw{$u48Vy&A
zlot^IfO}K;r)K<{@mIO0x_oomADHg9`KV(L+l+g%Y_wTEeV5mhLx(nSQ;$roWdpIK
zJ{KHI)AZNt%<XDenoUJrf-O$301wL*M~q87<;RFdCDXQuj8>H^J<p4pXB|(%!<mI*
zJ-;(`JBtQ?N-liAGKHDdbkQ@2(Y!D|<;8fEw+zIx)Z)u`+78QK5qPe*o~sz-_lScY
zACPb@#=%^bp&M2Q$XGwgqs{IJwYwVQW5;Y{;N+`YbStSe#k_K8w>2_%mPO!<WXOYN
zsHQF*axZz$xksR6$-D*4cB$d^GL>SO4F_2t+`U-sow}J3&clgDFl;T0*wrxGP_Ae#
zxD38zMc2AS?H@Bty&VG_sy<i;ekoBhE`{8o-^p<2D<{{TTkoDue-QodX*`NYCs;u>
zrds{M_q(V42L9~FxvnbX?G_2Vy8LouIHOtx7^{AWbZK9V)+rQNk|8eS6=M&OzB1jJ
z$}CPU5jJ$yLOfSgUZTy>)t!O0@7^L$4nqmHYmF4k;*{_7R8tWm&n_#5edU6@=*jIJ
zBb#`uSUYh(FB{`DJ4vvMGFB~8mr-?kA)d>t#+>G$7so8oS>))QK95<b-E3mB$@7k(
z6JM_p@%HJCJB<_agJp=yPkA!0hO40JUTI;&(7b*zuP3bgDVePH`Jhv%p7)Q)4a5ht
zcI}MMvkTt8i5LYg4a$~(^>e@3n1bGSCeVvrN$v{hLa+LUg89-+0xaR4Cm;`!XC2_6
z3s*3{pm=G~Oh1D=@N2rfD+pH-zR6w-6dnXV9&1@olA)XJzZkX*LIVI(NNM+$Qn+nU
zUOr|}QyT!clC?~6St%O#fQFTewQg$YcG-Df-?a^infDAJC3z$(`^KFA0P~`Y-&X!9
zrmxBV_vZf>y8hiw#p@U;*{{4vug>us2Kh6y{7s8Hl-$*R`%1lx-Nbv%Q*2#L$;9cd
z*Yjm}X&l2c9e@_GDS42lpP6B%)ekjmrjI?3U4`l;89NhXg4vkOO!ACs?AVj8`&x|V
z>VgU19?Rb^*q_hR&FlGLX~P_b8_y9MNS&E#Q&8}WgR{aKTEd#=7tHqwHM)DN+fN|h
zM?0ftDC_HU0l*Jt4iH9R39bqF3&sFHG}5AkCA>hEFDn75h*rhbwW3Cj+3In$G5<16
z7ozKSHAKmSJ;=R&faoy|?xuu>t_rwkZ!7nKDP34h)5|(dN)lgQ&&qZ!^CAn++sp8J
ztmaQ<7(2kXS*Kplmpyxpb1+L60Dw0X_|ZS!dQ!T4c>$ptzG3T^3>1=!D#7LIW@2ms
zAPtFRt{*6oyebtJkDHxOJd{|#Hmh3MaF{uF=?{l2mnP9%zwIPb6zkEUIPRBRK#e2Z
z0cZO9W&b-BpD+Dyo!k?QKBCA^E%mQ<_Ujbx72fMCi#MAspPl<)De^Aj7WS4ZW5gl$
zib`5cG#k60t=L}kfC#zT$xI19L$2P#be9F>XeII-qAClEB6@kZRc`AKieNXcW;5x$
zR5SIwrE{n;q;e*5e=mC%vp#Fi%2zQ01aaPZF)y#hv7YRAlGArMuY=xFjV`aZ9<LYA
zI?ILJ^LZFekOjamV4hwwRWPSvJHyi-#4g3*iIQiJSG!qws(Hh0`+uo7E-e8|XqJ?D
z@-z7?AQ-^B0+n!L{;h0&U*%Zy%ZWjDqQvtalA*6>cXb|X-eBb3ikHN=&mQAWUzri1
zvM}3ox4Irp7z!`e_}Yr;5?#lhXI(mFUG=(I>)q4qf&K33;s?<0p2o#>H_m`MwL5Ev
z{NVfD(|!ZL2`yYKZx#7{4yLV&+2Rg6y#bJ$>2|d9E3+%zaibL4={gPRJV4O(dvFnd
zRi_f^Qlh^ST~irJ(8Zp=pyGc&lC?EGf1al4ICf4$RFsAy@9?p8*pa<3*>{Xjszv4)
z;T>xmV3{C9Ii@}|$@BQfq>TCBx7$T}NDHKx@_BM-))fVNLt*PO3On&l5lX0~4UCVa
zh1!)mrkFj)4M^`h{%j|Hi<Z|{P?%MKuH}O4)qh_W2Uqby4Os5R;}B~i+>>O$D~9aq
z19#J<u$TJMW5LH_LGzrdXI-SXlPL8NRxg2`gyMr)v2p1n8J(?LxdJY!%0O44J3HhB
z<nwm(x!eoTbxLHCWIa~>ZNlmRP-@+KM{=z7$8{xJSO@@3sAa7pB`w93Ix=+5g1AnX
zszL(zcW$8=qB|}I!2C@PZ(o{UKmG5IO7VZ_M=kS7F7E)ti}r03{aBd?51;TS%lx;q
zl`+hH%*cQ#{Fk@Hw+rY>T+^1QQ9C+eeE_5!C^wo@Aobpp0gn_z=D$r{byD{VfTXuE
zZI^O|+A>^AJfmmgYT-NTN1YZcJA)nLHxI&A`Dc;%_daQ_>$cY3x|hp!0NN{Qkirrw
zt##pw9^<Kkz;>S0-Ss6}qBrt=_clM1dHjW;Vw+ZEn-CZ2a4wmQt}YlHdMP`UkumK`
zS=EdwVt9K5n=cvb=$+4EXcbvf$)wz<>m2G<7SNY?a@a&6#(rkb84(mC#u?8ZJ0$OC
z+wAs)JpkOn<Xg9Pmy$ppwTn1eF*X6D%3DohF-VaBgdBJN;)RVDyQO5ZdjPP2Vs+hF
zTUVa~N?{IUK=iztWt$b2^rgtlx3_=Awv*1K6#&6j?#(&9wVU5h|9ep>*)L=DInvh{
zo-xV9lu^|QHNkG2k_O1uBSx96qNi=+T)#V-S5=+G7i}ZQn3)WmUK+IZb^1ORIY#4H
zdG5pkHVTopSOdR+A<-p9-aY7N^4g((xoVG{=S9(g1oP8Dj(FP3$hu@vHy&44*uvdh
z!HCtN?>7Z0-^`uMJaLKs(r0cFJ=?L}Ja-s{QeRTJ-s7fHnzpDuQTQPhGl13N#&c4X
ziK5X~`f}Bi&wJMo*#mwRc~r!EsI3ahLPG$4-(0P{y~rBfC787^Du6u1%5MLnanyC*
z^@9czn1Pdvk)^xd#~!hnx%E%F-aY*b{6Y7-r;344CSR$y27NFVe)~tE-#zU&3x79_
z)2O_vUYVU~pV5l#nM(j5zmpYuiW*W6<3Vwy2AS^o0K3n5@P|TWO0X^P0_xisZ&!sP
z$6vl<)O_EPLbECuy%xn~iH_rdY=e8S*~gBIK|U_%9j?VvBzSV^4w0@)lYth_K<oYl
z8B=iru@NT?hOKa;)GB_WhBqb?Xf;-JtDwbaptHgpue?F3XwRjXIpQ>iJ*TVS@^DAq
z@(I{~N-6<047<HLGoQ#jd9o0h5}1~dj>TQn<0XN!%Qe&DiG?hDGiw43&^}QXi$aRy
zHLovrxw7@wv2}p~fTn?D2%QM`kKllL>UL_m=86k;3>*zW`0sR`T_2kUi)^p9YrPSR
z7TL)Xf>c!j%I@(1fS@?M{Yjbn%SR<JFO;5Z_x9&@1A6><m=D7!kw27oe~x+1dD9uY
zftS9zU(dL;yWnF%jY!aY3=;Mv;$JUNxr~aSXUt515&%`BYdp??^}qJP%Tzgz6z3Q;
z2Prox9|<j&QuCA6`GB)Tp2e9(iycl%*~I3K?5*z_fK@Y(#eCxZEEOQ3yvQv!z*F(}
zu%DOKcIq_G9yzd`rM6!!`s@x)Rc+X1pyfi^*L$ft2wrBct0WW!om3>6rE8;_(GaU^
zd9J+=fJt|}80u)KTb`q@Isnc?R_}f5C=m&TqLMi`$A&7eh8U1s=k#Tq738mBNhI9E
zF4-_xQ6X@eEzTLHxu2%53^T&&Z?f;jXj6AW7uiPxkHd~{M{$ups2*gWEb6xb#b;Gj
z;cJ0Z9OcAr^@nt9Pg_uhuF?WpSw#XY+kOFrH@*jQ_V5M*rJyzCJeAF+YvhcTp96HK
zxJfbWW%bIfk2tAf26ARau|ZF@Vn*!cP?SA>oX(|JGQR<MeRX~DGt1o2sd*5&cv=Lb
zwh%zD3Z{rdvp1xonv^E*U5liVnkUc1z8<44WdfzbQgqab(Nx^u$dY@!1Jx*-q2uGr
z>(7q{(u}DjmZy};lP6KR@+6=6RTtexZ2tbW`;Fc`Rnn@Hudtj=@SyYNoImh>_p}cM
z+?Dy7NOk+PG0Ny9rm7eKNTu&W3CCk0z-GaZJsR+GC>5Xx#e`u}08}Pqn5{PTiWb;A
zmH=*@ExPudgGdN3=Qs$i(X^p#0YCzww8cw4y4wQ){emu#<%Iz?><U|GRdxvGCcXeu
zaZ$GO&=P1#+X1LO`&k^i<pFlRm}?(@$j2ql(=Ly%Gbh#8x`^Ci`KZ2Du|m8~cFwi#
z=r40)J`#~+^%%&+AS@!ixGpOIGqF`&>d_WK<14T>@h96TbB*3jAOf9%gT>(geZ=+Y
zRSeJHP6z<202IV%gsL8fU2C_`O^dD+fId26{=~Mqd<#Fx-?RC;G0ng!x$|-xB(7xz
zH4X8oM49~M^|9YVX%T|Lc^B&eM!;m8Tfw%IV27`w<;iZ$p7h=~-FUk6+-2l8Gi);V
z&vk^<27r=@yWtD~)Fx(a;wQ{hwU>wA6<zc)YR$6b^~ZAoaj5en#YB*UW9+G1p_K3a
zAL%~Em7_hwp$Yt+!w-P8deqFzVHIH6j`PlofT=z3*0lj%br*$cb#VeLig8&!QnYX~
z^E9^3N0tK*X`(V)y$gLI4=W8t*;78x21zp`m(re<V!4+2fNGSUzdz)A4cHKX0EhhO
z^B9JjXZ3}IV^VFgAOO;5if=au+XuKgm%@bQK`tv=1;4s&%eB4rs3p}Np-z<DjGN9&
z#X-W|Puf*g)@WJj{hM)5W535uCYdm{%0N^{0+1SIpRAt!*8+>WA1OZB>t=j6zCf)S
z%Qrw>LejdTUB50`68cxbMfzzRO$z#qd}08!jp|5`WE7_$zU~ER<T?{%p6W<Q-hfFm
zSrTufxu5wnH#=<H-kR8ECgLT{)p_>(N8@wF^qcq9HWLBjC*F?|fsUd4jPDT8EEvp8
zI&+Qu25`6f!Uo_u007chg$?f);FkJI9B_(`00}=j>do8Cleg(>$<($ETJniMMpXU~
z%${+2_q6|jZ?>J&q+@zYpEKHLJr{!k;4p5br;=z<TSHo;y7@Rr4CTyRJ6fkvWUvNn
z({R#Zs^{QE?y`d-w`MReMWt10=VbgsRGS6TE9k3&yFRzUVT6E<GD;|=98Y@ma=|#~
z_i|8-SsJBM86&sHgS#fXE@nQ3^Jnxwje_?eQve9}QFe5pccAw%(<m5^-|;$bm#4Em
zKS7Shq$a8T<7m|nQ=%|<N>y3Uua;u=os27}MoAR$@ooH|N2dG=2^)Pf=jhSIu$Jgz
zd%~J~cX&N%D^HGM3GF7!U)&o(h>kEyLEMpYDWm-y<4jt`w=>CLQgrHeo@Mp5ZYS=R
zOBEcOb!kM<u2AJkoVJ0K2d{JYWHg_?8@80dxWt8>*|*3|ngBrU<sVus^~tmQ3f9wS
z_4!$RrpEiRo(}KF;`5omPUGd+_bc*?DLg$TWQvlpy9TP_Z(Q$HpKj8#sn^JrIF4za
z6sj!lX}JWh`E?##79R6rHOb*;9kMS6FLhCv;iQGTRe#+E9w;hM=Te^)#pb$6nPA2)
zJe{-b!GlXY!uxMwFn+B_cl1ca&n_E;(H-|SEEL%~e|SCWp0-m2t}D=*M`=dNc8|KU
z5iF&Nj$!Cx!Zs*T;*0*T|4kC;G|MdI%8lJqD_XsXOLfVPv2Q6cW!5;g6Ep9dQ+BXF
zPG-`TTQ$|Wz7v*A`CR}=pP%Lz|AG}7lr*;bz1!3b>5^hwX`+}m4CBhRqp$)YgAS>e
z)Y)Zna?TM86(*#WT7zx_v&voSrsL4OE$mI1kS<$P8~_yf=LY`^^uJ4n-+3|*v;6D|
z|MXN}kocGX=z4k2GcKQ%+RAhe?%(09UZ9!%8f!?ADLRvKRB=J1nkJjR7$whYmyxpW
z`n-IzMg!`fTO9>rFk50aFC?1S(9_|?%e($T_ivfVj&f^*BTW%TtoT(Hvvc-E(>c}O
zraJDSv5l5;QM6gMGF7KeHU?3vL*p`H^L=SFsrtG^Y3I_SWMXnp_u+%~oPH|68@hAb
z6E?ReGyO2R$LW3s6-JCEczq`6-P8WF*d&`SCPbR!?0d^|1At?=u#PDqB_AiX)lykz
zQAJu+@7$^{cKUM@Ri{z0F4v-w-)B0QR(J;C=o)0IMz=;82qhx5O61I9VY!=GWKS+y
z(*;#z_bPQiTKy?^US^kbWOEz$J%)QeCR0-dR#r^SmIR%)o!??d%VIKGe2ai{h>#U6
zJmMvFv@L{vj$&`BNr?&OIP=Nx(_%9F$Heckqw-^+<(zFbfmqqAkxq0K8b1fQpqOm;
z$2A|WzrAaSEu0rVq#Bi|1wb$PwsHRSUZYd<!q{!TXtY>#sor-NuXm&ZU2EbX>JUHa
znYPlYw-Rbu9%&t|mbu(Kt@j(d77_JY5>ve+RsHh4RZhu`I|CY`8l}AYT-(FwQkgn)
zOjUq!H@|GH#3xrQhJV+M(;LMBi2kjM`-2RAeuMqFs_$9$P0sf(-ESQ0AyAsdXJq^v
z)!xJQ>y`PmRKLcKsS<z6z8iw~cXH(mU0e`=mSV>W_c2M4zDJ2C;?xa=4SYLgi6jE#
z>2j@zIS@+BDAJWf5{Fk)q#KY$9;Z5qr7!M9oD3iVrp{c#<;Y7cLaj#B5_M%!JKS-`
zU9{)~X5CKE610-Pi!5!8oSMWQgNUplxjv8+*{^T>uw98p=2r4(&P_o_b=OxGMbauq
zf1XA33pXo$P#U|=Q<uLiMeIKBB*V1K`?~a!nS5ZaCHk_h>2exlJUhVuMhR_-dq|!X
z4iLuAHSA97@*EZ{UeZV;0D51XkN&;W_t(7-mOhxSr8DvG_}sB#$<~evAuS)F10oXL
z!ta_?HF_5`r|#UZEr9%ZZChEqVwu(uuX0;_Q(O;uO!8p=wVD1FgP#}qgHw9%XZ8m6
zJ5&Gam+&XQ1fU#-;l+Tu52)oONI*+5SInemj{iR|SI@(emm^@Jv08!}BVWXU>`dR7
z&g$kfsq5W|>n?TciixYJ@s?b(x1qDRMMHLoYJ{>Avl5SYk9jLoBKi1aU-zw0Ix2y0
z4oQ_g5wQ{L)eN$J4XyE{WtmjKJ$(I4Y}hq&aB&|#uE|2U(lzNg%r5Z|FM4?Q17z<t
zHXhZa=*){55J41Ct<2+JgX^D+#b25ES#B)1*6hW<$2I+%(*FG}{r@4o8*%!fXOG@J
z?L%<Ka-A!aOMl*e2@yEe2$FP>r=*G9wTOZ)k_Ux}h%2S!Lr2Qur>WeOBh3)t99K&O
zkuOJLFS421jI*1eC6N$ivP7G0l$og(-fCVhv258IZ-~lEo*yqLS7{CNDz22;CCf$0
zrMSL!GVJ7G`OXu_;?_=!;-f>L#gp@uwhyo`D_rux_H;NEYyf{dD-H33-jr;(WjR#|
z&Rq*ZQl2jcbHdLx=AyG(x|8vkOP|0rSQ37P;oXd2YkHkzq$vQ>(xvBb_WnK<lTtx9
zxpi<y|FMse*QvB_Ju_4n03cUfPZ+WmUTSF2Cag0HU#|_z3V?F!%rnKP)b@5yH94Rl
zUwS#3ct|Mgw=5-h*>_rQVQrz8sG3q(w8$+CT@4Es>d{M~<Nlz_j6;+nh2eX;G#bef
zh6O(+?Qfd@AOD)ZUg?ihct+}9ySP6bJwobQ)DJ$^vuFA#LSKqsvGZS7R`3UOHhnhZ
zm3|q$m*7IVxYZc84$xxXdNc-sGNty6cI8&~DjQ;mcA^8qb!JYr%JQ*hE7DcZCD&45
zc%Ws8$Ddnz2B7Y~zS(!7#>0K93js{MffjTI02rtH%iPB@_^F^!Qc&~Br&57fVG{g>
z0Lwr$zv%|U&KjMIvg#-K=7F~8EOAmeRpMBxe5GAUcA?~+%S-`AiEN1{H8JTps7^^N
z(m=c&9c{2E0IkSL<SbUE3cv)#pcFcu=rdh?7;P1}Vv=vEHM=?_(GS&lTT6_X!UdHm
z`P3F$&Y9vmgVnye>W<UfEt#_)Hf|@}X{90s8b?jbmaakZaw&tN006Cv^RNHT#?ntS
zESLD=Uo{?Kos_05qNE|Ebd%P(IKYCJJWicSHtY?B1<|o7xTMsryAZ6}8`{xE^e&vC
z&vK5QvQJDL+S+_+u75bwH-7}@<ewJvdoRI{C;y~Bq3gLq?j#L#LV~0bFiEVWR7ixz
z$yEWOnX9y2BSugkNW8_5Jts(2_G;vO<98YIgH_#$R{W`2GK#E59aS|5O#FvuW}s@#
zAepLVWq^+BL`Pwa0Dwi~flQUcx%7ZlX)JQFb;H-;Q^%IJhe=#IJ6AF@LfX8SpLjjK
z2k9EUgi|B)n!aec24Kh=y?#cJFDb{un-R6ujft}=!7*LRtgN1cA2jrrm#Y90YBI5i
zM%~_CGDT#xah%wBxZ`hqnB<Unl!=u36rc4D&AO(G>IWr6w6QxZ9L=P0w2;s=dxA_O
z#^7Z009h9=C}r&vJp2kQ=Kh5Hv94dI{EZqSWbX7noyJ#=czu7?=-tyk13_KW?MjdY
zViSH9HWp+Y1P?jlZovXD$4?b!{;KU0&IQ};46e*=ykFd{<5mC^b4Z2vX-4_=IQDp$
zxTDk-9QMPCb+J^<3Cl$sYsq>(VI^9^qGNE{O3?{TV(G9%OJg$wO{a;x!HQXzH^#^D
znz{uDG?=%~4VDS;;KvPaw5A_`GU?+a%&B+&elAo}%w=vn`R4KGly)ofoH^6#WK0-v
z-g{4gEYTSpU0K_)dy1%0+6?+fU(|!JFW8n!o<HSs?xAQ&w12ebbYt*nrSS;uB<9Wh
z{83LT!>Aa+y3Gye<ST$yAJL(67OA2jiU24>_w=yt!~zAF;*ugGz8moDtAIvV18G5;
zbh){Y#41WM1rz4br_1+L0cgCTG)D*kDA2$3bL~uy#$m(E3#72u{}&<-ZQP!$*67MI
zI>MiBQ{vR<_}^csDzQ*1&q?(gf7tKf-p9OPJ$=kMU?-72B<ZjGoZmevC;tTbX96-I
zF}VsmYs(^5T=o%OEmeU-$5WmxLTsbyRGsh-RcLfgn`0<FLzTqnp2=%)SFR4Jn2j`r
zds$09-ZBY*qEmJr!|6pGyUS)KvG-1cpL8P@NTsDQ7oUrxG*%{0GK$)fw97CFm@#>9
zu2@KlrN5wW9vc5pj<$!2bUGY-)p?}LER#rS5@|I3W6vU6<N~otqgCp}+W?9SZ-1Cj
zz;8_sxMJ=0axMrw=KzmK+dk8@ZSk0l@RxRU&$`dejmZ-ympZQ^KrwVaIfqpbGwzcG
zW7*|mU$9qNl?_u9OUvjl0k<*F5d}>#Dm6MFx@^*$SxkqE&0ThGm46aYl^z3~WCfbi
z&c3mIvOOg?2?^hsxJ}6?L%uU{K?xTF0cDT<sMA|{{A4a>XI_C;Vn{b$J1UMleOv6f
zD`JI?IAXUZAAtk%;$bu(9an`Kp*?mJ7Q?cq|F@r#t}#P*$c}U-Yy3I`qpH^%UTi0j
z*G{sdwIa1<-CVe`Q_M^ueq=2KdP@%ng}QqDg{y0{O}3m7Xq=$9GX}#Ndv;OxO3h|w
z)ld%)(CN%?2IbO49urA0H7WDmd+h|Q$861IWgBY*RX+Ld+A&6EjlsHP@&Uk;r61Xj
zugf28%+XOLzV;A4)ePfYA1I>6(q7ERIPP5!N0l$2Va%~Rcx|-(=GiIDNq(%GPo98J
zzb?O1HrACt-bMI@nXSPj#Q0>J{a?zzQ>q)W^32h@r+o&_Iwa$Q8=`8ieA3Jbs>8w_
zf-A0ul}qO`?~}*l)pxj#ZL7k_ZiA-)X#GX%Q|cxxIJ?9tV&a*2>;u3pma;4&zZ}nH
ze71e<$B!t$u9(m}rZbmIM>uLQ>?u$COPT&S$*H{EW!cco>LTkQz{%z|v|)OjS_=T?
zHui=EPVi9OL^1}2$3IJP%sDs4GN^72S$8MfBRjdLF3=;){)bgr9xXWX_V)laoadv|
z`X&72`&jV{y3FT-u9cU@vxVIGzLxC%q0G0lmFfrMVRPp1JaqX^BV4U^2moXq4Fd=P
z#<>d#DJE1K6^L#iJ;LdbgoGvlbuJDdT$4m2M<!xK1<(b621*n~h#|uFCcad%5B%$D
zMi2t*MDc0CAUreJBPc~bv;=}q0Dxqfm~}0v+5lim0OUNx0OVqe`h|*ws;!s-;i>?j
z;|atRXdZP52I&!OMHK<a<Ex3tE9nok^axH)0>73Zz6$@hCyb)?NEM~xNsap<)RT@N
zQgSBTqeny;xjkZV&_r>egt}rH1VZKn0HD1VK#V$s4i~OQ07yXM_3_8xdW3kFBo>FR
z$_Aj7N&qkpuoETmh_7M*9soew2NEiwTT6*YB?K+xQ3=X89>f&AifRS+4nR%;VgRzq
zKL?0*Aq51&r}T*G5$iCjj?jrQ`>5i6qw!}z0I_BkP-DaZK^`N^Po`1;FhD^GfjWLI
z0BE6-0YRgJ(AP*GbUtIm>j$4XdiS)?z}Ff8RCi>A*8jx;jOQk{xdt7Bg8?{qgk0ZM
z8)KwZOK0qrIj&K~5*<hQx$D8mQwU42xX=QzkG>SF8314^N9{-qiw|HE0XPXnhVyJ@
zB_c=JuEXaNve5vzi=8#-7%>mAZNpkRwxp~=fk$E2ww|wJM`7oYJJ?A<4WR5i!Ze+r
zCAAZV?WzYz^jZkgTM@k(jj+>tzvMspbUu){4**)0_t#k+AP#Q48>^+50A%^9{+0li
zy@6Nq*HQx6a)i}YeWVbiSHg~<3Q2moKk-IiGom(g>$67hp7y_GJcxh5ytxb8o-Z1!
zMF?#cqna~o4!{rM9&M>ISGfycAZC~z?CmK8g9F7EtHvycCxj7K*vAkP;W5Ny@gHw{
ze2=gDp<Vyp+g@E?<jK46@N;lC&m6sb+GiIR$epy0lfPYVVWUl~<$0iX#Zjg@G~e=7
z7G5n_TG&cOy(j&9*67{SzPn6Udgw^QdA+n0K#j_l^7&{lCR%atN&lWbdiS*dF2SuU
zGA~5>vqtZp_AEhC>qSP)`#}kLw2BE&`S;AxyQjShx>7F#M$GZYQ_#kW2B$oO^zLcT
zLeBk@yeD3y?ua*mFrO&*)QSWLetgusr-1T}65~I&Hb%5ncAqJ|O7S^f`CduKdiNCg
z*oH4;&D_2|nJ>D#5$n_4E~TDN|HorI;H3i<i`ToSy$brKeG^kklKWRN-bH^jbj0^u
z!bIslI`={Pix=f5M*eO=o?U9i<@N4quP*ZMaCl+7S&7a0NPUEU8WG@I`!u8Yr~v+x
ze+aJ0zcT7ii1B?C9`s~-*NV*R-P4{0ttfqs(+kX=yC<u9=iC&$J)ck{KD>x5bfzGh
z-%;ngXnmOC7+z6(y?ffbM)524zJUGAiS{EIZN#?kYuQ$IcGpivgNoYg-P0akNZEI)
zevalB@S|YFh^+?nT}Vj9?)C0zPwy~pyuH}dm13=TPy1ZEQY*<?@1FLxMx<Awwcb7L
zV@su5>)q47_0lMnXsvfo`<P25TI=1@KIU4<)_V7}Z<$K9*1M-a#`P{*r3>rb(;wGR
z>CSrh^qDmWK`ZT9@1ABY@ZBe0!T-N|N)0Er9)7iU6kbbLb=Tw7Vc8)U!u5~Ce)p8x
zM@fE_TJRr@$|$zox86NP{)*!QEDbq@kPzc~ghC3N3Mg$Upln!;|8d#xp3;SRe*8|b
zqYaf*Xv^FE=F&V`x81ScJ#FhXxJQbsCzra9?A`^{IzcY?1{!*`od8x(^q$^5m2&bK
zySgS+QeixH_atg%58EZ{-BU;cMAUWcEvzg8)CH_ZD(a9l+#qsqaSB?ES6{!=KMwod
z(-rqtLhK$l8#Swxg8Qy)s{UOVWxH&>dx~pnkyiKZ#<oL@3L`s;KqwCZ-M{>1@9Evs
zj%<8<BQCywDy8_O+z6XRG4FJX8lJ)@4*v*x_mn5;-P6fGdj0O{VGK0-a{tEJ02Pvj
z;MyMKYTulT)e}63p3}Rh*B2d&Vd2H(pgA#pr>Hc7aN(%gYBs4#G_2zz`=6|LPa#HR
zMh^H+{6PEN(;5sUlB~Y{#ImbwtjYdwTvQx@<(qSISLQvU=k)IBtW({oK{5aqE3qBA
zS|t#uiytSR+6AMOm^e;LA7AgD+LQI}=`!E%o(_Lt{q8B91h4YR93NuU*yxjNPi*vQ
zSslId^Vxg1zsa+ke|+}4r!*BZPO((e&hTszL9P-A)#|bis-X9XYG6tOpIq;r+8?QR
zPkEx=J>66a@B`>~Pn}Yd6%HMP*I>MXW$vd75I!vtG&}sgpFKI3FKBMPr*}`OA{$ZZ
z$>uAt208dy-ab+9p6ZX*yQgs^lZwMtF6TZFbsRt)-`YiXi4?4axKj?RLd@MQriZ4d
z>6aa6V?e%oGU(R3r&idHcZ1W>6#jqrwB|?FyQe<5-#t~da~y`#v4epTsPBsrEHM|Y
zFsZ``g^`$+uIc~)xocyHCzub^8jx~7ev|F`Dp;RN@1DB+oBcucyQc>FIxuPIPqFSQ
zKjNQ++ztfqJrApWGlolE1~OW1fz2kvwGSn*>DIfaJW21K{<n65=;uG+e)klcqoN>`
zRp!!MUnhBZEs@LTJxe;9-9J8c>)lgml8DM|q2SoA4F`xP>fKXKmH?lShCjG|_f*)5
zM-LcBK%I?UxNK7Rd&pnX$6AdIpn-|x_|3))OUQ1SbB)1!)vcv=$f+<i!QsGHu)vYb
zJbP>^l#5^nB9O8Qtc{Kfkl}<0rWLGpf{;v*ndIanUB1&3^zNyHVpe3i2zBe-)9=R)
zSPOD^g5EvVFa_2GM?8b`%kFniv80XNSp&!l(BTTrs2o*yGm*Qx#9fGc=+e8VV?kMd
zncdnN$BmqKbWL5!8=!(G>D|+f5-9)<5!Jtfe)p8d`&!1P3Ga<b1cij$?%q1@VL34o
zSL4eU2!ncn(HL-De3jkWXn1bs@o)ivt<6pkv}yr!!w@kV-0z<HFTdYCrIR>Nc?yDa
z&O#uv##dyZG(8%)rhLzGZgUgnU^wG-mWxDUWVF-?s$3Gr#375eWn(jG7ZHy@F312O
z5fTbGp&roSK;1vNq)7H_Y?=#_PwEA$m2w_K)@zy#7!y~k9USchAuYy=ts1ib6;wbV
z$$9W!VZVEt2A?B^S#VsO69#>a!={u_9RRha@s%7_tIgpI8pv=3gtXoQLCd(qQZe<X
z7(FywFH067ki2ksRvh?7A{O<nD?z1uOL!?9Rw=1xS}_jzz8n5RXa2sS7yDdNtFN;K
zsqHPGELTEhdES@<YK#~#Dsnp&z7!k)7q7T3BC<)H<l{Px^GrJuh^A9o!!ZuTj0=#*
zXeJTNKb0u=y%AWAxddVu2@ai2tSK^Fbb*}5xt1^|CVQZ752Oiva(+eq?x{g^=ZI19
z1!0)Rx3?*PPu8*+!boA`xvvGQe9-lQ$eMYazH-J`W0Bq32sU;L-a|ZMt(#N=|M<3m
zbI?5B@1Blo*$nsD{lqD7qm#B<o{)xXSFaw2${LC5kqF7`jOEBoI?Eea@%77%nEzB>
zYz#Y|Wwti2v4%sy>K3>O2s#Nt+o-|&xr0a!Av)1LO8F9Cu!Tb$cIm|Jhd?TgU<yR$
z^~`z%%J#*wA%wwYB8vN9gF1q7=-@iTMYCZ74mg?<h*)K?<=aW$_73RPO-eqB;8J0$
zX=^aX&3D6e<zs<Bb?P(C<56Rp29#F^lTh1bLB<wQ%bjx`GF|g!=9XIrm|YBF1jtVi
zd@Ux8<TDlo5JZTA+JP&IZ^FqTlmn8YZkdIwQoQ>qm}A5umrqNW(?he9BM=dGs(I^i
z8_s8$EobbU#^de9i#p9m1yro?2DVKFkUZcJiT>aw;t4jJ&cfjU6E+r2**E%y#|$yn
zWXqEaBsWn8ROy<C7bd27f4G6nmUCB5>SV8Wgk-$|y=1%MTK$2;+$>GVHaz`2xLTo=
zSP*O0GB(7i*}3{`SQ!!;Zd}-}4<otbs=%6B&H%^ZG1)EBQmd!Ee^D_6<*!ogthP)X
zpZP4;bqjeU0x|b1a+L>%abj6G;85NeqYIpZVOvCzjS@D)WD;$5`<<)p#A<xW4ejo&
zoH;KQ!&zo)-M|EIRzIAK7}uyewJY1M)PO`)5&-3zN-a)276U2|Om9v4?<(YGbGz&r
z8y-w+RxuZ`DwT&OTmS(s2DXrQ6RfeU7LI4&0TF-@Zh)0cZ1*(y*2~KC{q8A|C=mtV
zNU^p_v&*8ONC2C4;(b6E@Kt1Dz*j<~>6;$4-5KM{cNVGZ6kmRfZOCvD8yteA&51{L
zMt*ew&|mN1@Sajx#3VuV=+1)!wP^qDp00y(v*v{L_B}`${bc0We)klmA;1<s0dI5;
zpGyI24dGII%5Viag)M~WKtvx@QBvkV+rQc$UtZwpj%4Q@cmvqM@nQAXhyN_UyQk7f
z;Ua;vK@|tM6MpW%*h7Q?nDfx6$#NARIEj-(mXPPn_czRLh5X>xKc0a+Kv>=a6Hah2
zuw^a7pW}D;)S^nHfWQx1KGC-lXuN_LK)SnI05-{VO+6eQ02Mejq0v@MeiyxeRbbD2
z{RF@{Q;sSPd&AWa43KW(CV)^2z}Y}YqC=u65<X<;=G~cm+qQ6gJO<*Lwtd^x0+s9*
zPT$0D$OKaZq0v@Mv(kU?-S9IX?_XhO_cRypS3@f%gN|?8vZ|mZc8b$?5Nr4P0_l|v
zbNZgX>u7H}R;x8P3<h=gQCN1%oDk3g<sgV)U~qtxZx9-Mk@Q@wRkb>f3Fhb~H=hR`
zBa1-?^biRn34;3qn9Xxpbw|4zkMj_aj24fv*<`vxvWE4<b`$_m$|ZjP;qN~Kf843R
zwqjrsV1V9LB%}Ak=l1XJsiKHeC3%L?+JS^rRj99^!P}ObajxGz-HEAy4VkTg;sBH^
z^<SL;(E)a=A;Temg`ZytfB%5o^&U-l*dEX|ZHNI536VS;)1pA|=n-IqLFs;bkaM8v
zz3Fb;S;57Pu{6wZ93GP0S`u&y$Ej;qihxRY^}Y+Yi{Jfx#-5y=LD%%?4jOZN^gthG
z8Jfdg7sT9A{{RTd9U4ACZ!8<<vU^&k>m<l<;c`sO8M(+2fJ5msetaj8PyPckryVBm
zp%;%`DaxaGyP@sTO=XWAY(i}0u*DBZOE|+J0?dy_cz2oMiiUn8A<=YMdtL)kS_&$}
z_aB(}nXh*^15DfrBMhvJ;G_GX^wGBNEn0J)EDc2@0!{!i1j^YQyzOYukF`n{t{uby
z#-U}mj37qPLAB*%T!K~vt6y=*CxCqm^NbnYbO&fH3I>e~3uk@$FCHCgAU7I@z7gbO
z({ZyhyMYns=`-Oh%Oz$tiM2Eg%tcB>1z7{%F&O)q`|h)`SJrCy=im%i{TiD5ZY{=g
z0g(Y`>RUNTnRR;yj>o_n7-$aOdu6z+Scw;)JdZrxr3;kr%$%Re5909h8((slu*c&9
z+}z()-|z~JhOi;@qM=dFl?~~PNQp(LaChi;YN1;JHwLmgeL5_|<-HaxbCWu9V^OPK
zBYp+ollkh$6Hjv@`qttkoD@P;Lu-}Mahr*A@*IJf6l8FwJG`0$zMlZ+D_9G5Dc&6@
z%hiyd<?^gklS>YGR3ab3j~|$q=iCD^^9wG2>&rX%n`2UQ55=H9z1+DefCjafpKu}k
z)I~s=p}S8G?8M%nyIDh2i^;<ztA%UCIxMD;*S<eb>87fbaToCW@9-64xCfpH@2+K>
zLDFsgVbg!~Mh|XjI18ru{G9!e0Zsw;icg0e>}%IKm32(8Ba<2UtQH<1Spzw>)Q_Ng
z$X7m7lkxqpf8_=E4gA;x6IPPqpsg-AZnE8wTk6<TP(_=NoUrx{qNJqRqQ(NPy57Sl
z#keEO737I6oz)ZEAxcdzRyYkmzWap~zk3qqw!91!f^egEtJ}mavOp+>2GCC2k1-44
z2@TzqP0bGY4(~WV&hwl=97F>aqs$g!5(<Y+$bpBTq=z!$|C_&m_KVE}b{h<PFW%n>
zu@OJoYMXyq!KA2Ce0YYDBoawkn1;$&DCn>XJA%~Vx9v2ug#@k96!IWIZ>Fkn(Oe>b
zefbT(lJLmPgiH@Oo87V0Z*J2Ktt?!n8l3nCJVFtQ0G@^wGqF`q15T%OqJfCj87?x8
zc>+XTvjC6WaFfvpgYR(vD1LWdlRfqC=fYZq>d{tk97|Z}v$*@Rcu<UrqNWCiREq7P
zbm;M>)j>{WvdG-jP8VdlmI(lJM3)jNYsmcfJiqW;^57I$Ym#d<?rCRvQX;G7C`RPa
zRnet{XJQ0*Poy9e_=>Wb3zjYuf&6SOI7+O$>=y9^XX-#s9x<R&RXPp8vtORE<domu
z3cFu}a6*7ObM<gTH+ACbRZu|9#!cfZQt*%n;2JXPw=@&H?F{aiC#2?PKD!ldX+J3s
z=tCr+rwq8D`1vKDAb0LhnLq}84YM08LXl*7zpJsEYgY(D*KqD}R6Gzf%qbY$RRTZI
zOLW$b6yI?-fS->3<1d?qT`$n6hT5=E0-5c1#T~wW{QLXe_%Z#(Fgv&dG1`Bi=~&3%
z8$z(GSuq39^F_R1WFmq}kQ#5?mwWarDj|qOXqWW|f7vYDu?cN3q%@{flmeW_uLAk)
zkH;T8!pRdbNocfxBQ)O{Jb(<x0#{$(QeJyx#K<HPAPrsk_R}1gT+_o#=;pFEKK*91
zaO)g4!=82nzbbDUB-rMK7k}mJ9rk^~ya*m+l<y-#DF#f77U)}K2v^Ajh&~zsF;dhC
zU?VConE{%hEnBOwRH$I{_V+&7Ed1gySx&qrpZ{_6t%wx7R5k<;U7rT-5B50$7F_f$
z$=wb3g{v~ejm`yE_>2xvL?=S@{Ngfzdf4MFD=Du)gb=CgfAr2~dHhS!L38S8j1=Kz
zYgGYPQU0E<AK^jcTPF!?G&&TH?!egOh7ilbkcwj|JC5TYq6$R>P$UFH-@ulwedqeO
zKz=~_?{UUI{C)b$V&N9KTIL-Vc@8N9Aq2`YwuS$A;lUlsxlUj%cLtb{Uj6j}xRqVv
zDWhA_aPGPH&<l^ig+uT}MOkv_dw<()?cl(;N`gd~xBQD|77O3VC~BbJ?-I410RY|Q
zwkekX&YgVy8UgnTegjT-px0KfTe-^|TWA-gfG8cg48Zkp0nyl!jlrS<w)QRb{qVL|
ztLmV#=VpPyp#2B`fB48=;TP*K+av&d3^;?~OrrU3P;=A4?0>*hfY-?$0CWL9dii2u
z!QsZU@wpwcjPC1-3J4ya&CvuDMk!4ph;mptO#|Ma1LrqSD_!b^--O?D`12nBnO4Kk
zJp8v00QbmOtZ<#f68ODE@=||)2ln$nw(poZpXMtbfGev7LN_@q>E#2FO<{w|=)iN7
zJ`n2~{1jO5#kX5c=bJ-yGz%o~8{uQ#anBF$fB3tO|4gglKYE1wd-Jj;R^#*5xuKJI
z+cXZofyYPqqJ9^QpEwtc;DED=C^m#R&<LyS?JA9D0Q3w_Bo;xD3lRvvYhIQ!IIt7|
zt&Ud~{0scM|NdWf_-9rP|7+dD{R{W7QU?y0d15Yr-vAz*`<-bdz8gBgu<hmytJdK3
z#;AhYJ`U#&$o(M#4_urUwNBwxY=-kW^DVq>0iAWL8xZ0i;eX=q|NqaV+7Ii0`txUB
z;A?o{>oF1n5C^vE=K$FEhwa^8KF^u=@Md6~#?dkp==zAcF|<{4O8R7{_A8$AXY><`
zA_f-2M4F))4LuF*ubpem7<3Q(ncvi(`LF%^hra(AQ>lFo`wvYo{E!zeU&LyKx9qiF
z(jRcDYVN%F&O;SFF|Vs%*$24qF_^=m$NiRON?X~$GD32|HnJK89{|-C>x7a}MI(T&
zr~5AW3RZsqVjB(kTl>TR{>Q)l&wv`9qkggd=ITFg1Lp<cojc=mLA&GnEo>Xj?hZc|
zcfP`%M<@;&meV2j2&kV{*_7)=DN55gE;YntbioqivzZ`@2(L&^g_nKLT~D)L?pt*B
zC6{Afa%~3qzyDwV`?tLPFJJ!cU;6W}{xg`CUA|@c)35EnQlSZgd%qMbSe<p9X#u4<
zfM))Mv*F?U{Q>?{Fky$cQ9E|iod7s|zyN|Mr9LY@ulX2bgcBl8Hl1)y%W7&{%7*^v
z2Imd$%wiDYPy7e}ji0~q^JiZEoa>)Hf!Dyb2RJ!(`Na?V#ov8!2mia9e|HmJ4j;F0
za;C4BM0vXp`|C>S#cdznYk&WB1G}9M{p(HO{^IK+K9m=^cmH+&u-<Te5AL(L_BR3K
z5C7*`!u_?q`^s@I@BfYV`o!8Bgg@^kTz@Sg!6FNfg^V;%33q=b@4q35!VpRR8EbpN
zUq5^OC;sdW!uJNa{slbiGX2@w9&!5(8J4Jk-KW3`1%Pm_tOq>tpL-aAq*`2iL-OJ7
zSz}K;3z1T)ac5w0|N2=fy-OJlNbew}l*Z38I5~Lr<v<o0c4Q0WdiKGci#r#0K)}HR
z3aLfw8yy^8E?=B6?fH3&w{+?;5c_F0#QwzR$NgdPyD+Br4h&Fq3$}bW`)T7ftd!w8
zF<|pMh;u?T<F(|RhA?%8I0tF|i3amJ(9h1!$17Iu@3@!$DPzt5#aean0D6aTxVRG%
z^pzHWr1xI?#K-@QgIoSCZm*qT-$S5p+x%cfmlP2+^17)i$9t7(?>@yQt}m`|vS%8s
z-%IYZl7-UnZm-;aLl|RZkfz=Jl@s=eBr;AG-yrk8y@I8bbSsdSk3?vVC=$!43k!>D
zi*G2%D^ko_i6)2=_6>!X(twmk00<NkJFFWB$orW06k2ODB%29u9i&3u{+nnxdcVGB
zU0h$3-Z|q$ULukcUK>lS!v6B3k3IV_z=pVV`SipL%a2BU<)gv`yM)z^)S+(a4l^q7
zlH{2CSEe5>eFElPG>9D`wp4^U+9xuVKHOC4C7Zo*Lw&@0?GfCIqs1xR!iMSH7G`(s
zEWE5x8LyBodHGZP2Y(9VJ2MPwhJ<+gj&T?~BmBjmLbAG-ZiS0@qT|R&L<r}h9p;td
z4UrTP_q3n_wPJ5amcgE!r3kX3kYsVY&~SFLhnNav7_ExzV)?*}D~W?qNKGPHEUfq>
ziaK9TC<ggT1l52zQ}DFjGV;2_mb^;4hp;Augg{edG&H>zpju1X;KI_XcDck+XZa#Q
zdhzxTLP-8N**Z!P^0PVz^bR;)A&CyQs40PJ5fH!wlKZPCHdi`yQI!GKZ57J?tN~1l
zg$qZ`4GcwA+k{8IXIBuTE<8X;P-Sx*!JdXQTG}_O)zi~GpL75DJwMD@6eo5kT|VXD
zR<sj9iwrvf`k%|$U$oXY%{QF}Iu0tc^S=YiO6&vz&JbC^&Cd~4xdGjj5|_*&6y&|@
z0E=sq$kTJCN(oCH^dsYzJ%o`cF8!IxYd_y!a{-mZl2+?;#d+ezwc2BWJD2soZ?7~c
zy=#(s?~x_M$-yd-5M-d+wNLOtM+dZ088g_TQ}`Ce8QfpqUkcuwuiV{Ha|b<=%IT|y
z0C!{WyZGHPz-KuG0QOJ{h7ppuKq6u{t%+9zT)3jBUG;PH56@8JkP=J<x8-~`$9MGX
zIPY%MG5*s1g(qHK{@p*NKa2mVVx3rF;!m8)fwzCqTYBBG*$vMARgjTHZgRkCnkWl-
z=ax>;YXfjCNh2$QR1G~bi@39zktW`yc!K#SepQ|D?0}$_e6e|r9YEAA#12?J@#H6{
zlna{$rcQguo#98GoVh%J>RJh8S63ENac<SR<3M&4iP^mLz5rQX|5ofTXL%{G_s25u
zCitjMIBlURPA>lj1m+MBz{|^vug2r{{0#qn&aMZ9GcU^u0^I$0b>`gsuEixYskX;;
z^V!CRI4*e$V3hW8*&1+yFwk|uI#S1xfK5p-S@0*cM{;uY7jM8#Vt?j`f9g;FSvhiI
zlC4|NZ@2<fY<U>Kvk%_<JFX<%qt&IOOk!y@W9f2X6F7^sOAwnZWRO~Vp1>K!Q!>~*
z6R}JjlOb%3mu61Drb+1(iS!!9=E1E3aIm_x>dwO>%|tIwnEnT>k_MkTAz@1=CSEZx
z8y75`l_i8hnzlkHfpF5fT`DM*lCqZ(X)T-_*d`q=Bv`1XrFZNSC3d)q+<dL&NG2zS
zbe8G3Q$=A6>j8-?zH!Lb(f?1+rYwuIQ3trk1OlBK<Cfd4<Dc+yLjsh~69VT&A3d(Y
zg2u245^ns9m8amtrTXGkj65)6bm7zl0^qM3-hZ-y_r7$FfiYi#c!B#De)z*bA;;qc
z<BJnNIeq&F1B8>0Lg-ERcjPxIH$?6)!YcVu{??sU4etaE*gQDOrCWDa?IQ2yLfR63
z=aQev%_60-2@J4=QB=CK5hJ(b-cz0|uvA2j^{BL+f#*vi?|nEQ;1!5POGhchaO)p_
zOMH_kB_y%AAVrwROS)$Sq*R8kNVvELqi7483zWArsQoLYx<zOm67O<BdcPG7Nbj)(
zM?AuMkI1D}0qk%koPG`B<P;7P0OCXr@sDX=7R!!diWkO=bJw?+(=a(4B)=OP=pnG%
zhNmfhcV~Yy-DUtj)U*Jju?eAZwiF+7YSr*B3V4Vo6b~P4ArXoQ>09_Pl+ctM8sM6V
z=vujR!zyROz3}jH;zs1y{Lwk&;9T6XARicebOeu%%3Y6+I#=v3=h6}D_i}&n)*V*u
z!fx2{KJ5x`lxx0M#QHy68HIVaxlnKu^<uxQ0sG6WM}enE9vPZGvgmU}XOY!NFx36R
z0PzTw6@rY;)&AA~vi80t9*4QIDw#<(KR_0b>^xozfr50kWLcv0Mq2a;tHFsH+B+G!
ze-)V#iSr#pf&Jz0b#_|_*L!Aj(t8Q5M=!9m!}9ibNji6v&b3pyfDpt_uspg^7*6t<
z`REex<1^@xdT@NJPn%(`GWCKl0Q>9Q{H`&R6NU|@!{Kn$!>JG`M#hrr)vXgNsFU2A
zI}@*-V~mPUs$+shNE@G*v&y}vXCl#_b&lLMc1sg~hN%%MeqzlNPD}!R5M1tmB5;0U
zr}CUFePF;cDVaOVi4!bv5O%Qdz!gR%6DK;boJeP#MOh?|$o*wo6EGEw5hE}VWT{wN
zE{I3DZ@kJGB!#v3i#$TPT3TC{_jE)D!Ct!(1v?bMl~cmUBN0d?m6pKGO_Ezn!n7oD
z>2O8lz9Yb5S{(vjIP1M%(TMaO_}&3|GJS`;i5}B~(M+P)nmXbHK`Z@cO-^mhqFAlq
z=3M4}%XThG;57&WA^GS133z>f62Ch}_{L6p7EXM0ap}gb8<2vvCUL1lbYpZt7DGIF
zuyA4lcu)W~pij<0bGFSAr{%mwNWQwf#Iz9OXH%oQg5{xc#h<vA*!|`l{HM^!or7x}
z(QOK1VPMKtkMbVt%9Z1{&axYx=-OEpxj?WxdR1I;B}RuU#n@jKas(B}4ifRvkrvT$
zTnK-m&|Iz`&#ZAAkL*%Hk^73NJIS)jre!O1rM@PoccqH?Wn!fNEt!o@N2dT`=Zn7)
zn-CDoLX)E>WB`~i=3~xQEil>Zt~vC3Au2W=j^5Ue6jbNjr2Nz;2714$E4E`Z&<ZHp
zBepiZ_cB#9ZuLjFPN=gxKyiIaf>2RWelhed9CrVap?1=pfv<q^JK%Hs>q3IBZyXwJ
z#w2lwEHK&)*tnGEP|!KRelK^^Yl*tS!EUGG5`O(OPIv9MLb!Nj93IlKtDs5=)B<qh
z5|+ha@8FHy8gDRPVE}~BPUXG%h@ObrF7BfbP~KCdqx9Gg)8kfvD)C*9mq;TGOz)Az
z{K4*x%e!pcjCMDPoztM5U@e{2iCXEy1~v~?g6`@|x?|eq&Vgozwxt<OT9Dj>O>wrn
z&vh9Lg)eZJ6sLXwZg(e;PMtYm>C+CJ<S@tl=Wrh4s76l8-XbrbZ7BPO{Xuj~zU<m|
zz>DyEdRznwn<AKS`1mtV;2Y$h7=bsqIht7y7%`Lcccp_HrwLvtY7ZGyFwBC&#9ecY
z7+o$$+B_q%72pP!cQZ!25UK9n%>sM_!?vZfgTxaF#DTIMu<LEN6ZByI;B=m%#cowZ
zb+!T$8S^ZM6r3Gx!QRu2OWUHLd?ZIVcGd0x>t}vB+>o=Qa8ie}HRkWS!f94|XE!LX
z8;~)Y$qk<RJ!p5U*J(X&h0vK4Xi_L2b&TZNf0-V`IbGYaZ~7kQ@Qc8(QlbikbxiRI
zT;2AVya7v4gPR_m&;^2{I0WA?q&vDS_%J5a9#z0;1UQwPuhs#|N<kHKX7o#7Lbva3
zj#rqaFW+Ztg-HR+qeO1CY`PH`9bC?2kfT#cI=U2h-uqOMZ*-bL%7+B!@1hSLE)ksh
z<-i=cl+nvX12&$LXDiIJOxXf(s{$hR=rlu+=Pg>H0rzkuor~PS#12zV7LyX5OU&yL
zy9ShnMotz)ViD?eR5F;K;+y5%75-2-l8^$h_M|FgrHZryItQ0`(^*YMDVAmJefdW7
z(K{pQoe_FXVdHWJc23KCs&24Vuq>R%^BPS0$xHOY&;ilXc68Ys`kw7?QNET=xJ{g<
znhTh^K2I*X{Z8@5#(}YZlBov*2#CY}0L2ZgL2id<C>|7nxF*&Ch4pJX8p`TN+p+@D
zyfv<9ces5K)Bfn-R)(|bSv{dx7B1I1**e@v)49=Y+t0|OgP`p%<r3@nc23PmJIaqv
z8J%JX?8x)HFf%qT?QA+l(h-~z?VF?B5GLWwK<gD96jn&^9`A;O$PkVh3i^zoSe}iW
z5GDR;?Cjo{DUnSjvFGwGjAYw*>i5zu%`U9lMFO91_q{irZy5$*e32l4_Om|4nP6wP
zA?ZERAgp)8v354F*PVMY8(oNOcbOY*q<1Ermd^zA0WbixD2L*(0hpQ!)CeSMzD(xa
zea$kJYG(ipi8TfUM7L7Icc&P&Fzt&%cT05*UR?1U3nFnuBo&?#z=DMzMePClebb_@
zZSiBAv54^8keDx+6hWZNq6?3KZkw(fS_V5a8SXg;=yWbQjrL6lDM!a8*JE~cb|H8O
z(P$<k?e*GS6ek2W(%WQ2JDhHCvjjST%Ts~cDI{DTbW@ZqZx=}*>k3%V(M-EQbuCoh
zlO$|($@#k)P1+Et3_eOSiSC@+jVQsyTiH88K8u3jqd0)m5yFyymPXR7^v;fkkSEjw
z?S3-1<vxow71n!b$_<q{=BwubIy#(&rrFN7(y&wskc4{?oqc|0HvFz`yAGyfL!<zU
z-2#N*;N_#6(x+?crS>m`8H)UOC0;QS#oCE$XAyAu6c~E51@-*|=x$nd$a!R8Mc=QP
zFTm~YSW@6yM>h&5##?RVhRSJjn{JLc6+2>Q#;-K(n|7GrIWPxo$TJ2i2mT$ghBU|w
zGEiC(qD{Ab6Qj<+*fZn|e50$KZ(wM4@t8>CZ(q7EcC&LJ5H5$dvtvvq(F_t!&FLC_
z!L(RpK#oo;djbiPM-T$szwEvnpwK%9O-}EwdpU5|uhjM(?N)I%DwYMxr-H!t$<-Zq
z-yEg8ZccCQlIv{wrvv^YZDIOK2uRU{XX*u@2Iz2tGw@+Jz<2>#n~*eKGD7#^R&+VI
zfvVu@<oSc*gN^7hMHfOTV33us%nr+)HyEUTv%*(r$8R3>tx$R2$){&9>g1zBIn!kU
zCO3sS?70RprR%i-KxNcnoo{6bP=%y2`gYgj0C01IuA@>FcV<LJsLVP8_q+|2Je)jY
zs+U8QcJfvdirI9Luob$hPZg7#`DkK?RysL9?zXiUSFuLknb9hDW*VE`BMThI&~2X&
z88ehEp1IMPbTFk}FpnIuUkg&AZe>StnWpQ-q1<lSZh;a~3ZT)2vf-WB>|C9blU+SD
z9pjL~t6d4WK~nd-e7Jo6=8R2~u5u%M;34wy1TUgTpjIFR=M{8N1)4K)U@vf1=V$GB
zEGKk#5UR5~>3}PrE<3n!Fs7CIDF#_4kg5lA#bw%66KzsDJ5`Ts2o_lxuHc++Q3V0!
zI5unRD`(B2nxy^2f8DUQPv$s`Nun3_APeJE!K4U>yCq>N`4pa7G-32=s`-w`M{jg`
z55^WZ#xVP{Au!{XJDScJjXEZu6M67xVh{=M_Pk>U4)epIT9gX}gpjhkQHblv{Iaeq
zr{QfA{AO$n2t=w{;+FGn9b82o0;xMD_|=KQRzu9~P#{HWMG6umSWJa`sYBC)dGpa6
z-ZN(0WqdjFhsGY9jq-YfeQGjt85Qx|3)@=(V_*nr%5>+3<71sEgxp@WGBR>*n8CDb
zbCwUN>4G0j&xeL{e7<E9Z}&;migpDp+xpx$b8hY!b1qWDi7F*E$K8tO!4v}&Z7b>L
zwve|AgCgooVz}mrv?}^ZyYyf^S&S5*k~`93$MpPIXhCY0-rM~~rFRN|BPqSNa@;!H
zo*gi;12_0tZ7a8eSzy1f!LAvr^jN(U-#g$vUaF#U2biWr&?t@~cz$Ma?I)h;<_w8L
zsg8s6#_?1dqCjxtiYF{W0lVb2BPhThM6`zlpm2p4I8A}Tf*}Yq0R57^JKnmwV>zK|
zpE^V@Y|vfSbHaEShxYYlU`)9MS%d>IA?LPKh_0=CCI-k86Vza%YIlh;c|(YN+qSLZ
zQY3nDcvx5k*IrN7ba4P+yhV(~<SG3u{%n=oX9uc>ou(gie%#N%$1aK6lAvqC8mF8x
z%neD~LJBK9L(Elcg;W=r;u@Rk9u`SRD;W}~l-j`b-Y+OZCcs03nXs*2S;hVJ^Lbut
zzfa2tX#|k&QdVWp5g-~v!5l57+(No72+1*l<~-lAd*>Z&zzmFsGZ?^d<8FC?R8@hI
zZfIhvyUIQn%HudO%>@)D3Z6)z79laMUMsf#i7igw@K!xe+reOWfYseXW=K{uxFI}a
z(+3kdrrQ&HDJ1LnG^O|OxT}L6Qo(UEn+%BcK%2{mjKhoP`p6eo7|SX4PzNp=VL;ut
zU1aoH2^uAmsjcD!DTw3aJ{c1(dUD}>J>1ow40*b)s5ox*w#tHRfW|t<kSXU33y*a{
z^vp<?d-|_Ei*hg3)M0_jz+JBvBTI%zqPG>&rgYe(^j;~Iz+J;UgbR0cliN2itm&xV
z9gDKEd}cF*H+_SgAD2uQO5v4Mb6OAqin#MW*9@sANO2Nu0b)_uwK5{xzfoxwK)PGC
zxTRzms&TlYzA6elDuQ1i$4~K;3Koln`A83&I|M!Wk|rC<%2kd7-{7G?kvT89+@7v%
zX9DsGu$sF%s9uY-u~XJ)ATrVr#v%($F4CBW!QlV|jLBe3nQakg7)57~!&q#NG)fYK
zw#8$+#o@r<w?g8X0=?O7h7jvwt=Ki3Y?qggU$A;Cm^1*g@MEz9eZ4Fj%w8k`y;e^?
z)JLyng;>;{6&O}ikfp*%t*@10wbL=&#Hat-ob-N?NR*H+4+mp=-#zyW!t=hRn?{B`
z+|V!Sk<FSO@Hwig#nj<81gN8Gkhwi4lj}N-dfvWc798$n)@nq~t8C~kR63zcX+uDC
z51_Z;UxW`7AFlKOW)1vQg-~r!fXD_u8LJw0jj3H`H3OqKCyiQbA{YC0XrFog{8$;N
zUfFdYFS|gG@)<HDgpuu*T%njSU`(;bxN>q~Fe+9O5~4R0k6gR@$!$HcH79NXb+>2q
zOv8yTF7##@gvHE2;)v)4G)2$JU@{QB!UeiG+@7^MP^!pr%NaiL?H;1gWCd1sfJUZw
zq^q28kz*?Zs1z8_Jk;LP2=@DFM0XrkPx<CuG^9e1HBG;zrz%Tjv62BFofsX~@d0!7
zo!)l_IqAa~jMWN~H2V;IV_H>5UpG*#hhqk}i%z(T;^RsDAb5yCQ5OP-uokfJayGl`
zX&{@1_AQMaB~~aaJS8HS=TREDsV;#Pepnp~MFnxirYVc7m{5D%AQByV_YS#$>eOZE
zI$V+ST51T8f~p>#09^7zc}awpZF?3fbUw&oB@-2U7(^v}C96c~)f7E+d&S|v?`_)T
zAbjt=*=DDAM;6a~Yd+Y15}tX8OfId;z=g`nyH)7C<H{N|;{YtcQwRYd6md-y@a<iE
zh|IAsaB1M~xI;n!aDy)xH=Z|2)EA&K0#^Pn;_^H$oD&t%;cqIDIu;QM1ri>Nee-ID
zK5ZS*w@oK6@0zXNNd<U!+-00b@*wGc-vb>#v;E{V+cI_;@a#hwC0t`ZWK<y@JVfSb
zf>aa{6n(qH+0R1NL2dHpJ$UFf+iq1ntQ&xfFV}uN&V!$8#nZFfwS<uXlA3s0@<=v8
z7Xvxu$pmXrUhly+PV5JspNpPmHxeFW?-`9r@A0(j{mJCP!}2rRPd@!5Xhi`=6<i71
zyjuPGE~|I;VAzA~zw>$TR4FB;M7mgyJo*|miUs?6f5W4B?vrtB!y!%G*err01a4GS
za2?gE7vnbs$1l6nfH!*iS%4F+XbnFk^)dd)&(FWYU;i5Z75;}GG}j$%XOh8gWd;l|
z<MN%MMUEbya_)em;q#|V9q)9HDKY;He$Tx{<xlVqc>FuZJ97$yxb-_3hIhcr*FVHS
zF+y?Ozti_AJFOCUd3<89I(W)p%hGa>CE@9Z_bZ-0H#Qk4m+%PppYxJeE163D#o&45
zhc6kx7a5w2dHm)Na~9se00Ve;WPwCR%I;R{or~tA_s0z6Bk;~&R`)*kuYJr5?^Xa>
zjq#hd8w+&?$j{H)exfatrZGEU6}y2uk2_EG6=MqX+=<8APWzt)TbxlkY6nImK@ce}
z76m~A50YxUHc5!d+)pOFvV-iYb@#^p5`O*o^7HThZmo^Jxt_=X-|t#F<Y(s~R%1UK
z8(Z$*<w*HMH>|Sq&bj2pvBrLm?#U#hm&~(PTaNBwEcEh@`<E9k?_YAo+dE`bkZGHH
zjMDDk<!H=`U~uJR<AO(?1{J6SH0Cl;OsW0y^o}Rz<;5StA7AcyGMc@AG*W&19PZ!U
z`w@birH_v<kA9!qnByfIT#%{q^D*+Qyw(xa+($}>+s7gwd}|(FG%UTl;r;2wFYlk+
z9m6{&>?5W^(~np9n*m$=x2>3fAE1ZQ(Z5T+J_ye*U*Y~}dFe8N)tp=%8rws*o**06
zO=+AQj=-_a%?zh;<B=ku9SP@d6v0^fAHwUCST?8ql*j#%#~r@@wEFECUVen%e|#_A
zzv*dq`(F66+wbIXmaY1W6^wHqBf@d^^Ekfz{K-L&V{7=>{T)v{;<+Xc{E>G$n*X`4
z9v#2u<(=R2&JO<gZsq>?__@D(_ozoVYIuCg(~pZs%yWxb-3C_Fc&;E^ef@9Utc*M`
zQ}Wf*m`52&-Seff`<<H-n0HV2Ry5<W^G+|TcN(wY-6QWZBu6kfk~4CHe{47<v*hs!
zhszf-9NFr>>@n`4Q|X<H2BmlK#~knPEOn3Lm9tvm<MU&VeeCDxFB@Qou0u@&G&FcM
zZ`j~OLBYPA>Lg#DwB7-a9(}|OzpGn>vMXzG-^=mhkg96@TUKzf=*9#Wqf%ZN;%ybU
zdYF@^Vv7O*9>0CW{1yM6XMVu;AVbr#%Vu^how20t4BFMX{A|499AV@&&J%I@`50@H
zyN`Y4aLJ>1x?DYuoiXFDad^i)@Q6_t864TOvb-Go80Yd`rWwzK@qIYX8+iF{aLrJL
z<C4$Ey0>tQiI47o=yTrK>K~r|ka2*2?y!1C4z{~t$>AweGf(h{vH$o+xHa@hr0-U_
zKa=Ad@@7Btt<rHuBh$N|a}S@d;5f(oxj5$>KkK~1S?!<|us7`37FB&Vn;-fa;7?!M
z-3RgO(}c<Ee+}T19Y)8YRBMDDT(*-91(Tt^CKh+E)wbNqwt`Nz^xPqn=}pDNGkGP<
zI|A(!_q_ZDe0zTR7xJB%a`sx|Xy5K~TW!(4Ik)+F7Vl<tes<2;*meB(^c}0QwRC0Z
zSplZV#T1X@vGK_2odLF5{jGz4>wLvItd27v{uP<t-dVL8ZQ$=6jHcXm`7V!$%g+re
zU4EWny#fCn{XD~Qd}Ht)3&zfk5hQTK;~O5edSrZz6}ly7wF2Dmkb4r-sQHm|<rQM7
zfBf<$Gv7iUTl?khtoJmCrlohCWxRiRzM{id$G-9wKN?!j0lswFu62Cp?qZ8@=2Gul
zd4+!c-yfg8#(esF9-cGi_4CBJHm`cEYZ=-}hG7j1i_uM14j=;>$4;R*>vD$v1-eEX
zHy^P<07gIec;gupf6nd`gL(S;c=(x*A@H-m_uD%&0w$C<^h+R1_UxQoww~KR;%tnc
zec5UC<qfNIkWtENW#ajH&Vj3UtK;L<inH-*wc>cp_*~8#ja{t9H=M8F%;Aj#1`BT1
zyffk5tj3vOgoEJ7LN}exQdWQ*zp*k}8R=zsR*aovt#DTOn3ena*vEh9NHqS&IWinS
zKF7c0*vDTwWVpsh$UIj>`zo^r0meRK;u&y$#&~4_eKYUEb<@Q3e*ArS=LmVH^A=hV
zIo@Gn#+Ur|7WT}+F@Z{|-+FNW&37K$A3HPmr}&j8fNODSY3J_XVoKb);2teNqY5WC
zGQ@00XI$+q&~e(YY>r_pfif57i_h?Q^*w}p<D4!2K5?i@*|B~($>ZMlmXsx(zyGzJ
zHQRJU6XzJkb)22IH#mNN&KUpl3|A&2hx4u*f64jr5g@nq+bj9`vCI8@#W6>aXx-1x
z+|&ynXQI$5b9N?b&t#IRB!iMk*M%Wc9MiRLzU<7NV{aHcoE>+^=f^Eyx*V%VxG|4n
zju{)}bhzGd12<<JOZdu#I(PUIx!oTPv!&hHxdCEeSl-VpjFl6QsrMiH*5;%4n>_FM
z`L8)}zT($-(;d^|lclrwjs}_@_)ZTcebakC-?|A}m7DO#Mg>a7)BN(ctvQ+RZ%o7a
z?({~&0Y{eVK5M5e1y$XGZt#o(p&(s`3cKCbRvdFD5atuuCZCaWuD;vw5&tiS;g7Ni
z+XKiApUa66)V^PKHuKKS$%PZn*_U|~-a_lg+>Bdnwa~fK;$7R`WDqzzKRy#2iw;-Y
zo_nV+Vf==cb7dGiBb3$oV0zEag=gE1*=@)6J41yVf#s2%ozv0+H-3Y+4vu5~PJqrG
zwK)eIpS$D!rQ_am-X6Q7z59*B{*OBC&9D7YN3P>8v&dr2{#?lT{da}P{;p_ldT-&&
z7Iwf9@AP~L9qj3Z?}1&zq;Ui@m(NOOm5W8?Ebfo}gpKZCU~V+n1a}5>Mt59Ywbpap
zNRY;{{a}IHKD%t@Ws1ZGrGjp}CNR1xpL^7#eTs#zV#ezOc-%jI;y3aQG5_(jwEfCP
zZuJ<Nta!?OKuFeGGH%;*-2t9!ekFs{S*dsi;484YGCDeL*#l#`bLY#>)xuX@hSNCu
zOFHBO3y8MMZrSgQv|XTIyY2=<%Sl*nFyxSQ&H!<XFW+`;3$((IEtoIKgk%)=#@`x<
zZ*SW6%y-}}&i=2t9n$jQGKM-!xa5oKP<d1U4NULnbRAAcljD;~>%ji4zoiH7dm8Tz
z^2Qrg&d{mAoduh~L+bthFy-g_ORYTT)rlEPYoOtGsV|11IB&dM*j+FY3O2{IyM2#N
zJ-mt)Ra$=kS{IW{Pi7`OczXSUggpNK>&K5Di-WExVcuKNO`n?&y}apV%jFzd__E9W
z0`k7!ckpX%#}f7v_N_yvgRafM`d4kPl=caT{o59pbaddp-(h95zc#w`BP;Xf8AKiA
zZFH7QmYok?{Wmu4-_U{^vFw?EXI6G(I%=Ww2_0>Q>U?=^Ea-j0dAo1(RN9JZM~2DV
ze2n(K0p=tb+cOoU!Rg&wu(cW)?`qyI@wa_X@4%KGr-2If+=)$~Tu5Syr^KhPCT4zl
z0(kwrpJie7$Y;scO7ZQ{VF%5_`d74Z$+{)fXe0+Kj1&t6(cq_NX9~JGeZH~-j~&Au
ze!Ktn_-#J(ut9E;Y(5>f<^0p3>HQm>xN?N#8oM?q8rV6RBXgkIiTh-?haNKF^h>|)
z+IEi{zqf6RmPSJ?LGG~YJ8!$jTX&WdmYrviI*fkpR6AL|g&ldB>~d0eK?b9pAS-&<
zvpZ+vZG$`gZlZQ?sAmt?``+5GuBBUQkJIe|HK^NneRqU?*%_-QBHPcmU%u@P8#xzJ
z?>*n&u=M_xz2SXA>+VYccklZNP2bRfi6OTyZD;Gf=blU&dN55^vEcsDb*x2-{<%Y#
z`;7ruQN9dQv~^=#st6w>f>7kTf!h<UvZ@8Bjnv2J#G`YO*9-W9A9FIF{Dr{dBOfsY
zb5a%LgNrR38jRPr2a}A;n6{iWy)m)5w&LRm0n6o5hKb1@eA2*#Zqn~@Zzuc7+qZ9>
zN$V4w$<kZ1CLnn0J(IjZfm~^oTOZ#YDfMlSjHryycfRbbqYNi%-?B6F*}J<;f!jFX
zox!$uCO$D$CD8u1+;N|@J<Y_gjhObn$DyImk!THK51G+&lvSDW``-x(RC>?%Hz&RK
z`<^4-{fO{MhHPmTne;x<Gjnq<X0y`0H0U*S9NFY3xbu{KPENl*0pLN8b3q?;ZV$z>
zY`vow)}#F=ZikD{mf+&I8wj<4Sb<e~<fT>djMZ~?_`5aXiRlSvUZ2eUzHvS7*=l@X
zGu!~=qR#v6-KV2?SzPPh?ZL1xr_a`$GkIwby_~m`$z)IOE_z(-CM;oVO1-z*HS`%C
z-ezc=2@|w!@cpu<u_cAP=`rD!ObmofBBuNx@0SJx!_3#79wVX7o4)TG*f*Kwy^)~z
zPVarw3xUDw{`Mz(n9wl6do>fMY3SAWnYEMV(@%c;06@OFy5Z9yzk!9VTJQeV5T@p(
z_ulf3<sHL2+a{ZTVCyIgM+Ksi&*wheNW79D5vX&?u`?-yS>Y;;-qCMRitZbkhh?+T
zeFPK5)z%Wg%Qw`n#;1cKs7SrJQ|mI!m^UU{EnH&t<25`U@UeWrQq@8XH@N`D(yFWu
zZi>KWCbkFHwv^BN?ZLR2tgyx?frd}eu$RLgr}-D$ff+r&?etA^GzEQ=(?qlV%1Fk#
z+my8J_a-A*jEJ#n^?4?zp6vjEAwL3fRKnbmQ#5#!Nd}f%8fQlXY>j%o`E4USWC8X#
zP2X4y4eWZ@gR!g`U`K;By_wB(9Q^!u3X|l2Pm|O8Y!L5WW=Ln=z_4M<VeVcn;K#FR
za-4++5{?G~o>T0P5j`Gn?{I6-fa71j0h|U!SsZ)g=u`s>_=>6ktQKTA#gv5`&E`~!
zQ(iZE*hq7~U^01wYoGgP?go9)39k!)X*t|fi?G2}mBZIk&iqp;@cB$&_uJau^%&a*
z3G5SxCD89J7`Vd^81oN&>Y4RT-;;UM41IqPrYvv%&ol0NvU1j_mc~qBLAWeTE1}Fr
z1Ik$IGJqO-IP~<qJum~O$KAkn`a7ey9=tIEggL!FIoqb$exmsb$jtNVuD6zCdd?YW
z_{A6o?`d#)*8twP^L~rFH~s7&&C2bas@X!X3!K10Ug5Ve1Uw6`5s4A;+$Uw86`y;A
zpl^DOK6-22^1G0F(o=`=f-DXPvNRBIePz6*vp~w|G%zZdsEONp+3#8Un7sa5&pD?b
zuV9KAc}UnP<mR_fu~6pVnQ)&{ni*Mes&dW@VY7F4KWzCI=)pX=q2$x7flM_`2H@b0
zFdJd?fN#C`2DTW1tD><w&Pm2d(+Cy0453YCWb<i2eR8QS2SdJ$^l_Lu^TzUDWk_an
zX3%4VgZJ*AI6&`>A7~DJUmob^ICi77?SYKZ18$5t!eT^gd6)Mjy+dQu`;5lRo;#>~
z=5yya#O=&Wf)AOcDxfligkBYb3X)+JJUY@<yJeYhL8sAG+laaNU8--6(?Bs6-GIRj
zIH@zPs8DwU@<A`?Vue>MQzH(h08%r}HF?_aV*g_Y8OhjRCZFD>kb<G{y$?5L%eLu4
zROKLos)NnX<z}V1awy#$uiR-WFV$=N8>KtdjIzWy(WzkDH?n$d%EmKfTS`}zN%PRm
z<jiMzhJpE~1I?$*z#O6~!{=&d6@~{Zyk-mZv#lv~?`~&X;TSr$RH~|KW_T|hclfkz
zm~9)wcfZBuxa3qEJY({(Ev;3`G>c4D*_VKX#-?{H@3RI}WxQ{;p1><`ZgC%`SM=4Q
zN-1AcVAENDo&flqvbbb7{?UGvu~@pb;^y<P!Y~FmeLh|T#TFM5!?`*6ipfpm23_<e
zoRXdShI2kaCi}DjI$dN_A%$!a!7L)lb>t{#T3T*^s`U5U+Z29vmM>eXJF6NKPMO%|
zUo}nn>J^_B+CsIZ%2Y5bO?lmvn(-Agek?gy%~WMhC{+o=O(vD?9X~cqe!)zcn2#th
zg~@z|i>l0S=d+66I)FQeQs6({%uA=DVZQZ+<7^j;oC_<XY?XX+l{1{*;5V#LnfE@Q
z8CwjMi?Er0y4`>p-fBr@I<A*|H}81<oBp3@RC?e3*z$hMtSVXX6+iZc<jx|PWA!J2
zi$wq;c%ityi1;Y-x~XC3WNuQK`z>Bl{cf#_8y6}mH5P@?fJMdFF0~-4fYjgDSB1Jy
zZ6|~H;_~|(uyf5B8>VMYSSOD$)<vB&Cjh)=jJ__iy#2KtCWO2y@o8!J(fqeI*-l&w
z4a?th=9S~HDE-Hj)hC$E7gH#Mmlbg5ceBcHGK1=qyECP#<UVD%G3pth5;;_hDW$e0
zkh2tQNnI_hL%w?NdC|YRSHM?nK~rW!D1Ej#(!4Uol;z@mDB(94I^_^8d{~w^d{ud3
zlNshA1-nUwGD>dY^^V!_m2y7gaqB(ZNkV+rTbq;K!}sC6oH~LZzxwdjZF_nF_dr+>
zK)x7|oz?^{LQJOv)`kHlQc$~-wygy*%WcOT-7UZZ#xjh+X*7jfUYg*ADJP>MP!5H^
z#HN}>F?M#$n<?gcNtL|n%TJVNBeg3eXN~<G5Kb>h(*>w1T|+jG0X{T!5Q5>x18jKZ
z_O}+4Q}?O6=3bWi<TEYGip{WEl=xz%nU~@>D!lYtgnZ$YR+~mBn;gg0LV1T&nVc43
zlV266Zj&l*lc@=jQTXkz&W5hiE1yzUP*&BZs?d-H3l=^UK1ADu^O_L^?(z*4Zj2Vg
zjnU?C;~Br^*}!RuXU0J?5Z?Yh(hZ@#|MKGvN$=_V^Ue|Pj>)c_jQ518%}n9dg8{>c
z;P^<R5njg_AEG|4IRTk$rE|V_;QV$L_bpRZ<M`+_+%p0}#NF0(LuU*$_H$JgzS%$q
z8eo)iRs<RQhVELY&Agb?e+N@7iZ!^33q~Th_X9<prBwVuYxMASF-T(51tQDbt4x0j
z*o5G>QW>VhnY<b<7!G0KzF7o@hUrSf%>95i_DRGFs$2KK27AN=xqM*5HKqt5!?LmU
z9>O3}Md@TLRAsebn9)$Wm-uk8@C8031P?A#<i9Fe=BkC4&M-~g84hnVrpP$4mO;j?
z`STbiGUX08rpVev0{GsOhNgG-iebp{o)Rb!Ae`di)a2|$2SzdEGER@g=g6~1b|Dz8
ztCWh*z1fdyN($Xx4PHIB$u<xmad4<6#C$+WqnmnAmgR=J2!I{%uE5Rea}VcS>@y2y
zJVv6OZ>*886HbJSG{CfwTUXZ5U>Q`qOB&*vA+Nl8=CzIcbddxbTrixH!X{`)SUAab
z>$tmy8Is$@Z~<~#%)2TUU`k5+ESxdbVhC*9O51MrFkM*dRo&`VwoIKe4NwAPns<hf
z>DrOsf|<|8tmucdAte%?#4zP-voz<;#c&6>oU$9`+uwoI-@Np$Jnx1g0)O)`re08I
zG!@ih9f%`}IN&0{c>rYy-uqcb=(l8V<bqp%w;UzK#XXnqf(o<c@*`EC7}jt@oj@-b
z7B%2BOa#p6Il&uqc9^_!>tBpH`$8(}q7EY&XC_>PL?8|D@#}5MkfbS#1QoBhVSzyz
zSQtx(Avn`?n-ZtK@mJ53GA$fI!11&(LL%j*%aJiKUHCeurwoKVi-%P;rxytg87Ogb
zFIJc#DWkwir>7xhP?G0VNf?scQiro3D9IDk@5}o@9oyT1Vt)R8`8e;B9q4PfdQbmT
z-jm^7hIicHqfVp5$WI*~5!{PYqA=$${Y;F2sSAy4sxCGLylxG@ia?N8!VKR!ABt22
zAt~<rC`bhA2Tc*6JaL^P5Y(pTi-ju&IQ=eQE_`DBokb{<vRouzj}%6B>oU8VyiOLe
zD`%5Txoli~`jguPMNNRPV3Cr27ZZKJfv^&=$ix!3pb874lG{kKGE81L1b2ng+DMk$
zoH8wW!^{#=USLL6E`Ax(3nQkdB%`i^g1Sz5L4gNCNElWiIN%wWuQCXsv`9kobyijN
zooTutlc}qS>jA3?RdX7g-lqe34`PH{-V0zI>k-5Ya2Q1*1D^AGc(4Xv3pWo$1%=YQ
zspo0>U1YL=0_ix6okqnG#Y|;gWv-T^o7Q}*G~Il|CWtHrHGR@E2z}4Il4;%(Bl#n{
zKAV&<MAqSy8ke(9gptM0^iRgx*bsm6CxwHoOn^ivl7a%6=Tc!C%$nkh4A*T21VUQl
zMy*&&MshJgy||1tPHT^KNJikUK=OEDEK5ZcU{@T9IztdyTm-9}3+lo{0f`jwf;jR-
z%9#YCq(oRlN;0zhic^J*R<qh))UIs4uQ{a-*gr3xZ-{yy<#><o$z6q92#<`S3&qhW
z+RXa_;sgE>;s?W*yzjMTEX#(W%C#JK+tG5k;d>FNEr0BaHO>}V2%8SRV>sw8P=Y{I
z1VAw(16+15$ndqU$vOMghioJZE^8AE$l2GY7b8$nV_aQC711zebQBn^6QdM@v8+fJ
z!IKmGPbT+^zy)h9GE4y{IZR=M0Su=eLL>w^nRU?!7DBS~rwdmw8#=6$#bTskM2x8b
zF(^;#OhyU32#oN0oojLNG*J^J%X@J5Q-!d0JdBcy;6*9|>k#8b3Rn#fe6&^6#=PuN
zT~vC1{w;>k(Da@!yGGO^NZ_%EZq^!$hfqYo49~zb`ePLE><?}Zwx>f`^R3iO!=(-{
z?Y}ieki(U$*{%%&NzA2S3cY9v;N=gPA~4+z?7;%IjjIcw9XP$lntf+~|6u3hiXWd1
zlV*y1a_f<mj)7-4j4g;Dk8y2^vNVbzc!*8{rIA!<eLC{wBQH)*k&loUip6h(+zTb}
zD3ZeIh;=d#m5hO|VB!_gpjZz&lJ|PFHl=hyO>uDwwSgy+yZbsr5!PWeBDxpW(_{z&
zMW!C13q~nZf65?wigk!1MyJ#elFL<4yPSym1<I(7wQKKs%Fwj*J{rh7WW1k(A!Fq3
zQAE~6zjz+i^%~ZO)kp+>zt<k&13D>wdvq#AR5>^%+?c`Nq=_R82SNd7H*v)+zV=>O
zg`-*&+yHlYQLwmS-bCu_!td4Bo0p+p$m?i(_fIqD;W-!8csQ;{$Su%}?HKchdLX8e
zl8%r?Oqm>g1Tut2;@Y*w*R>IwJH)~ZB7W*&6f>JxkE~Qx7&k^EpF9}I5kRgj@L0R$
zBgf+Ulo6iNNI0^pa}l{PQi>xH9UmD^2oA+a1%67Nch;$hU^JQ;Z6HLs5o^jHYV4iw
zi^ipQu)N2NcVdqB-1?y+UqKwj^zcw*$&c_T!|y|UzKTSz3!K6K>aMPqsv@ob-|tNr
zabr+xx-p6o9JHbffM!UAtYsEs#w}IFRx|J~6)Nly!s=xn!K)KXxuY0!Bwam6v%c&#
zF>gjRPmB=<XeyHB`izLK!i!P#=(QV9l4~}>*F;VYwvjV3tO;uBB4RPe7zY&=D5UH#
zi4k(bcDX5hFGhKLGuzjv2Eavf>GZ+@_qE3u-D76ZgDW$N9DMf+0~eQFMTj!^u(k~F
zWQ;k-9uW!|h=@nYZ)sk7C&xR{Gk){D8|Lc&cjU?#@mv!X9mNO3>hs6={6IAD>ueB?
z(s>drz=y@Z9vyJg?_v;azVYVWt&Rd01Ozdon*)QCE1Muz5D>*<Qb7ZK<Xeifmee;q
zt`mmtnF~2kGRM-AXT{^yhv;Y!6ETv*rhF0ZipHnWvA+PvK*_l~`RT|24iwQmkcev)
z9w`VwPLnZOnZ}r_mWhS(rW#}Fg4$V+a-Z5fF>e<toDplcYO=<E{KzwIpy|QdHd@Eb
zepz)r6!EKgG^`<#Gn)aDAH_l$n4-3SIoKBKQR^KVnBLa|c#pZ7gzy1Q3=JOnSjV-W
z;2DOK=pO(9#T8JcWW-fmAl+!J9!}ZipX!65;dt3_#RY4@-sG!H6=@wrpawL_0?H(~
zbE4KK<Ya@=C+1|(xm0CkoN2|dj(+u=lT##fR#96`S)Z%m;~)F|&p2Ag=#j_~5`zpJ
z);zdDSXiGHa7tu^T|uxoN6|>l6?0<BmHXMP1rl?1uSeu;dUzh75KDrw?vLnWG!nrn
z{P{UYe8f*EFjir0DgbIem~uGAkz>wpu(tlnnSs}lhdl4^<SoAUcm7}#)O!wP#(Uu?
zdPdB15r4m~$OgZ9pty25gWCT)cU&641nV<`t>v=Q@VhtO@uyzZ6hL7NxDm;R-1rH3
z$rxVv7N7zZTwcnoAj}R9XNh0sf<BxW!)&39c=!-8x%<awuQLcP9-i}J%h~c##<M)b
z1D3kecp@SnDI!KlKU*hXa+)eDBc>Py#E0j>1#=F7*GA4cAknHVx>;Q}7F!~7PXnAp
z;vb0=pgQ^kfKiLgZT!fC5p%9UesGTlvPaLER>)YDGurTui%5=l{!)8~Ca3p@9Pi2y
zh}s{nz(4Y_@GFOtXjwXuP7L@Hei`)y+S(M`B*Y*ErTE?UZUHeYgMd*am_bzr{{$MS
z16J_UFpmDY39g|elZ6%^w|O1V1HORa@{MAq6%YJ%oFxa(A2)a$<jZ8hhmD!=CB<A1
zdI1NX@5%+pCICm~|Ihyy9M6Nrq_)<quE#ivBoX+!)cCQH`5rNI<KO@9Ksq&k|4+K!
zKN95g#q(jr0(sQXOTNBW{-)rf!O_zZ@!_TM=g4RC83$%0OyiwLz4N?pyi5Eu?*c>B
zdoI502lE>Kj-d__V?~32I99o<)43P-Da9wMC#$q~utIpl6|A%0Pnz$^8fOxmq*)4h
z)c*?Um$0s}2!@L#p!3qJ4LHvQ$PM@mDTB-fkik3x^d<ZI;^2&l>{uE6^Be<y9+x70
zwxA3q2P&78r!-2&eIk3xKf=q!9OO7l@X=6k@4dA1Di2Q<96CI|^zqJvay`xu1)ss;
z^x)t)+2ERAQpfV?aP<E(@@c#Wzi+$`0oDiCqK6>45AQrL^Q5CsDa(Dr-h#zPZt#If
z)3-pd-Uom?!xr2EmyxM4LdZ)L(KL2(^sHiRCNS_VuXh_xRoE8ingN3L;1?{`#8Rdb
z==w|#Z`Su%M|r|Ag(BcEzOK1F;pl_ltP2@>*}q$wxcDA(L!G)d0FH_vUuYZAtHeS6
z$+6<emJMrUO*3G!CB)Ii=Q_sE_dp8pJRj+hG~)}dSpN1k0-i$aI)F%e`2a->a;mW4
zd+TT0B?e(~2s;8Eaj$ogcjQ7Qk@s5;-5`~^doP`lxe&?<!SND@egv?cX2Usej?3N8
zdKuB`I*33Ui^>-O%SHnWR^pTI$Z~RKohd;R+N&X+6p8T5*C2f0TKEg)TbT9K>__#~
zyiU4&yRLX{A;ar?<TGL^0s3~qvhO}+ogV|N)04K8EG0lu7z|Qx$+y1QrU8@+2#<7i
zj-&9;b&!a=qYfpU>N)zYCjn4F`Oz9pP{t-Y51OOefJRvl_*L)gdc%0X@``s1N187F
zd2S1~gqX^kfGbdSc6{zaUd)3+6VOclFQs!GX-r=G8>Ef`Z7Y!ck%W@6+<}lF@#VM1
zAOIO4l)#?}^$>r-W%YYCizQ6x?31VbhEeJ@2XQ+9?O?pP=GKlOk2ju6aAdDH1V<S@
zBc0xS_|jtf$L*?-=9X4y0&A5-Y1wsi<6=eHb)<om{z_rQph7e`@;pU#cTzwF(WbnK
zyvzHk>0bGQz02mAqf(n5t`)~ZJ8BmRa7ONef}fZgDyaXLL4-Th5(Vn04sLTzg7(xi
zTnn&|D1|_H0ORR^f+s0gF|Z*E@X3fw2xThs>stopy{@BAj^McbYgL3&E0a$tM?0d5
zQ2H|z!#V$I;rg}CaC-3AHw<Y&30eBwv#+ZUf+{%U|CP8nh%4N>1Y}(e%tXWGSH$~~
za5`Ua9q*m|bMK)OB^^YcL6zyS2@;Y5xGN63RNc9pyC=d{A<o*8p`-=^FjMp&Gu6i(
zZqUCypeCvUz<67+U6w@iC*hzbDY1iMJb%}b{~~oHzPG!fIAuI%W709V6?)A2waz-G
zBJXiB@wm{h>$J_^KW@JwL~STXQVBp@)Z|#iQmM1nI9+v4x}<BWo8(7~N}|blLwR?4
z?}|bPsVPcvDm@7(kG9aE*nif!ODarntYlcM1O^@M0ihDJZQ$&P-XJKbC20tCmJSgR
zd1a;zjj%Ye3piXgmr8F(WrX^;0If7qubgxe=VbXiZJGLkztG$cF;<G6D_*}~y?6!z
zwHE1}H8m^!ykul2X{1y6bz-F*uK)h)o#Wm4jovdVa)6;T2wA}_d*EWSb_@iLTPB>D
zyNw*h>Wo4JBs8`klo+vgjc*r*!dX!zF6ae=hRxWPw@d8uKg^jF#9IZ?e7lzE-N<iS
z(zoZ=Dx)G5&^ejn9K28}r`Ar9%bq=*bQh$w?j;ybFpGgRs6tY?+NPu{=2@*Fop*Rk
zd7tCNyWfl4R0fUSR)uk>zcm$=`M|I(6I~rBjc1Db!FiF=9m;&9((f)9mp?9B&$=ns
zhV{Y+n?7or(D;V_zu?EjCd8t=ZCgL^624`z^5lhyRqmd_<R!MUBpsT_PJMk7Rj51K
zd%V=Mqg-c6Pm*`S^q;M0&EW{O1aV3C7V}OGRI2AKt^7xGLTy&&#;&euHd23<yDWNU
z{x8YVJ}qiUD1)GZ6Bfmb?uZgO!5G{~y`gd8qG!NJ9h1aFUy~9$O-0W7zzLURD;$Ot
zs;uj5vo@ldBu#`ut~>L5o1R?VF;QyW-GzIOnz#`KG>L?fU17*csw%Da%!U8W<lQ;(
zZb3{50XdrB*yVrP6W2|49D!mP1LsVL>1-l}CQYGda52!z!hqI4T!S<a4dNz~o3vyy
z{A3rp%y>%#QwEkYk3iW{butyHQw1WW2x<n~5S6CQp(xX^3lPoN8btHQFP4>Aww>j{
zhmzMx&r#E3N_v>1@#4~l;z0f+@yTaG|7kEszwBMe8;kR;<-M}o{iPq*gXqK18|}^k
zi#V&!-M@Tr7<jY?brrl5!BwDSTCQ1LjZpE@P|LfigaAkmn~5!6OC}>2=NE91IMcZN
zKL?)}LhIEHRpWQ#t12>wLQo2&k9eqrPJ`9FKGu<!1huwRHYKt^>##+Xvex|Nxp1yL
zm5E~JBtgkb5s-4mpwxvCQqsPEytArz=fpdJ5-zIgqi8PRvN4Vg+Yl^1mfOHx?&2mG
z0RMhE8Z;Yd?p<mWz37m<&1_Qf;MQ~WU5?oI0d*50o#i<T2uC|iLqRQlDB<t=pVAxJ
zAry*QxNgY(s6the=5Hwz>h!ya6+*Byh|*3N5?U{B50kFYrCl<~iqS+?3ulc1>sLcX
z6Eq^b*o{PZ6L~icT=7mQ5iWQK^?0+$R?|7g0oXKfxm2I6y|cL(h{Qb|H7bx8#h$`I
z6<e=7RZD~4oAg(Uz%s<iun<jlu`^>2Bz)pDeotyp=1McYVqseMl-5ZY=tmfuUgD~b
z3X+1N%&$E~q%F?b!265lCuviAtpf+4J(*%?Cf|IQu}*dT?(y!T>(qOFz3h=$*Aw2g
z_eyMcV}@IKomeZlQSY2(?h;*{G?dk&Zi6)f#>53ClQA2JxcHX*&hGzGv6C46mE4+I
zaV;+$s;j##m(E{VECILK=Qt@VnMQEC=5(B$B3<q;ceu?uIl<aGh9Kn`==H6FSO`m!
z_&5LW_Mv<xof(1qo#s8L_jBiD`dWwJM0=f&98whm$!LfbF$6e*j0zyB^)^=|PZCai
zAhNdGcmr+?9RZj(^`gVAC(n_9xIQU2L}B7Gnli5VWWs5W^IIk{hwroYfId3W9SFar
zQaWjTG7j0bB9zW}&t5Bob|EKK>&VLO7J$Zx_~33Hu?a)wC=lVz=KYDls(YhG{Ug0p
zg>6cu9F3Zr8n5K8qs?kpP*`@xx`;YDse?!*E_)M4*sb^`QyD9W9^3(rImlgXn!C6Z
zYI?h^L>U*At^oENu?|sp^e&!NxuFrR1Pa=qu(3ko-LxpqH09xm`oKs19H5S%xZmzu
zTq3<#A_gi-B%GqXlf0W(ydSK0p13MrqM_6?2-xBy{ULt0S>*0Oi^vLR$2tuNBCHHa
zHM~hnSry$!$lUChS)_xj>3d6(_y!M~lwe{dM5IPK1a#>*ZmmVCla^`Yj-f*+)66Vr
zFa9_RSpD6d_g#XADFii-goq`EDjQ8*hIIY3S!WMzB4j~cQuapA+sJ!+<W`E8y?3xq
zAY=4h{0*lGS;S5uoS)>bQe@?~h14@;F}(rDUQI!IHxB4|c|#%|%YSq)%dP7P#s<9~
zZrU=j)}-lJ^Ho6;st84rJWUV8f2xn|y5pI{H*TPZP`5RMGWP9`=05RWZ@2pqWi*y0
zWZ^!WV$k)k!L_X~ohuaI?<4OSE-Lafz0;J7sj7ni9DWxPci4@rEf$ylM@KYIHCm85
z2{yWZ`t#t!BDZe4=KI2!`zG@1z1xgo%H}IQlCfIGG!gmIO}XW`#b<>ne%skY1hpZH
zn}28EG7lPzeodd9IW!}9#ry7h*%5cW&2+|e#py;~1mDA&r1c)&aNa*7!5pPpV8ajK
z<j>@H!<X;B*BYf+3o6)t>5w0j8libRSw-D9UoE)h{oCbPu&OdIRHea?Yu)0$K<SuN
zjdY=%%Q542*zFS^8kx0Gp=`)uLF#H!!knmm%{$OoXp9JINmd~G^N02mC$*X);hp6@
ze%bp(Q`s=oCu_|FXm-T@8U3!3R!5E0Te8G-2~s)E<d)<&B*;Bn0&TG9(Kt7wP!1a`
zP%x&;#4MIuQw5meSDrmm0*ZpBHgWR-TBePmsn{@?!*@YzA~CTP;)TX;$ITMmO!3}Y
zYS!)6p*1|FesYxS^s}(Hx$gIy_rSaGZrJLC0L~Ty73!bE?}l&+ZvAMzY~GK~<)NCk
z%YrJI9eryZ<9*BTLX1<!n0l9)n_Iqcw=+%MP#`T+bbNYkh)mE5#C0ePCN2{jR+{r7
zG()4bPTo#wMI#nGx<;f_@D=m-nfFmC%UMPzM9IsT#&m@Z4%9yJw(~yp3PFM(v$}O-
zB^~@H`Q1qX=<T&+)KU}$Wufr6IkXZ_xJf9-Xf&907J_n2Tz^Ffun%vM4?x*8WspUK
z&U02%%|i&Cgy6{7k$MP=LaF4}?Mr<E?a))(TN2$y+a~p>#iSY43s<V*$Yz(;o{#fn
zR6RlJ6yHML3+>PL9zl_d<10*;dWURQB{XYLz!nl0g0<fyuN9k;C2gCa!|GFd5<Nzb
z5?jxFjrcw&679lPf7neR_M~jcv+Wg;cQXDO_0-1+4zY%zJlc3+xN(!IR=PB{@!l@c
z(zLtre#$Dns0v-+tFdNUMb&5u`S$WoevWr-N-F+Re<RI(@z?cfTP{_RP=&ePWa8cr
z=FCa+Ee19CU99V`P<0EK9@(39EAPDBegO&Ggx_tFxRt5do4qX8e##UiL96VA>hy((
zdFj%A=Fjq8cDaS1`84SB7Vx6Y4bU$2djonG2n|3Mx<QKxe<r_MIqW`$P+4@~Dug1m
z!W<yIikdmT3#C<YAq>Kb%8k#W1^3=gCKB&iO}3l)Zu-(sr4`;=J(&kZpMw7lyqDMa
zRQ+SKF?~WG(SMTfo#j1lyf>G<7t;td4@)Hojo~ZaqXrHv>cU8#?6i7)8YgHCa2m~b
zo2R`T5<=0~+9|`vY8=0KrKOCmz-f%rL7z%Kvw!A}&L+)}|CZieP}8;U)Eg(v>C+9r
zpS;IE+dD2Goq)AE)RqALp7+Q6!7{&%P;oRtQnHhl#4Q*U6~IZdaF_WhU9HSZ+2d~1
zUG^dnXt1a#enDDrH_u*X{2RV21@O1=-WH=leTA!$S+Y}<;`g8TiXu^T!P3O8h=1<g
zl^FS@@MXMAkrn$T*)MEjkx2X1L5-->RU}J#4qNsKw{Q)=^rVm|Zcaqt2Dh~D)J!2u
uaozPJZVFeS!GAOFF-@jM$9aQl8GFeF-hbX9Wdi@^sCz>So^N=M#Pb3^GXEC<

literal 0
HcmV?d00001

diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index 80bf387118..a8c620ff00 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -58,9 +58,19 @@ parameter_types:
 * `parameter_types`: The typescript type for each parameter. This is used when generating `types-dnscontrol.d.ts`
 * `provider`: If a feature is only available for one provider
 
-## Documentation previews
+## GitHub pull request preview
 
-> "Preview links are only accessible by GitBook users. We're working on a feature that will allow preview links to be viewable by anyone who accesses the PR." — _[GitBook](https://docs.gitbook.com/product-tour/git-sync/github-pull-request-preview#how-to-access-preview-links)_
+When you submit a GitHub pull request, you can view the result in advance. This allows you to check the impact of changes.
+
+![](assets/styleguide-doc/pull-request-preview.webp)
+
+### How to access preview links
+
+For every pull request, you’ll see a status added to the GitHub pull request with a unique preview URL. Clicking the **Details** link on the status will take you to the preview URL for your content. You can then make sure the content is as expected.
+
+{% hint style="info" %}
+**NOTE**: A new preview URL is created for every git update. Please check the GitHub status for the most up to date URL.
+{% endhint %}
 
 ## Formatting tips
 

From 355c0fe6a1edb2c04fe56f2fc482bb6f90fabebc Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 10 Jan 2024 21:50:12 +0100
Subject: [PATCH 121/438] CICD: Rename the master branch to main (#2774)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .editorconfig                        |  2 +-
 .github/workflows/codeql.yml         |  4 ++--
 .github/workflows/pr_test.yml        |  4 ++--
 documentation/creds-json.md          |  2 +-
 documentation/getting-started.md     |  4 ++--
 documentation/notifications.md       |  2 +-
 documentation/release-engineering.md |  6 +++---
 documentation/styleguide-doc.md      | 14 +++++++-------
 documentation/writing-providers.md   |  4 ++--
 providers/desec/protocol.go          |  2 +-
 10 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/.editorconfig b/.editorconfig
index 3deaa8a71d..6fa964d7e3 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -114,7 +114,7 @@ indent_size = 2
 indent_style = space
 
 # Svelte
-# https://github.com/sveltejs/svelte/blob/master/.editorconfig
+# https://github.com/sveltejs/svelte/blob/main/.editorconfig
 [*.svelte]
 indent_size = 2
 indent_style = tab
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 289478b912..dc724f155f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,10 +13,10 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ "master" ]
+    branches: [ "main" ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "master" ]
+    branches: [ "main" ]
   schedule:
     - cron: '32 19 * * 0'
 
diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 226111f31a..7af78c99ff 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -1,7 +1,7 @@
 name: "PR: Run all tests"
 on:
-  # git push origin master:tlim_testpr --force
-  # will trigger a full PR test on the master branch:
+  # git push origin main:tlim_testpr --force
+  # will trigger a full PR test on the main branch:
   # https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
   push:
     branches:
diff --git a/documentation/creds-json.md b/documentation/creds-json.md
index 19f6e6ef7b..8b57e1c00c 100644
--- a/documentation/creds-json.md
+++ b/documentation/creds-json.md
@@ -205,7 +205,7 @@ This example requires the [1Password command-line tool](https://developer.1passw
 but works with any shell command that returns a properly formatted `creds.json`.
 In this case, the 1Password CLI is used to inject the secrets from
 a 1Password vault, rather than storing them in environment variables.
-An example of a template file containing Linode and Cloudflare API credentials is available here: [creds.json](https://github.com/StackExchange/dnscontrol/blob/master/documentation/assets/1password/creds.json).
+An example of a template file containing Linode and Cloudflare API credentials is available here: [creds.json](https://github.com/StackExchange/dnscontrol/blob/main/documentation/assets/1password/creds.json).
 
 {% code title="creds.json" %}
 ```json
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 357e5826d2..49df0f5b20 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -89,7 +89,7 @@ use BIND for DNS service, it is useful for testing.
 domains, and so on.
 
 Start your `dnsconfig.js` file by downloading
-[dnsconfig.js](https://github.com/StackExchange/dnscontrol/blob/master/documentation/assets/getting-started/dnsconfig.js)
+[dnsconfig.js](https://github.com/StackExchange/dnscontrol/blob/main/documentation/assets/getting-started/dnsconfig.js)
 and renaming it.
 
 The file looks like:
@@ -155,7 +155,7 @@ It is only needed if any providers require credentials (API keys,
 usernames, passwords, etc.).
 
 Start your `creds.json` file by downloading
-[creds.json](https://github.com/StackExchange/dnscontrol/blob/master/documentation/assets/getting-started/creds.json)
+[creds.json](https://github.com/StackExchange/dnscontrol/blob/main/documentation/assets/getting-started/creds.json)
 and renaming it.
 
 The file looks like:
diff --git a/documentation/notifications.md b/documentation/notifications.md
index 081e1dc3a4..efd2743695 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -2,7 +2,7 @@
 
 DNSControl has build in support for notifications when changes are made. This allows you to post messages in team chat, or send emails when dns changes are made.
 
-Notifications are written in the [notifications package](https://github.com/StackExchange/dnscontrol/tree/master/pkg/notifications), and is a really simple interface to implement if you want to add
+Notifications are written in the [notifications package](https://github.com/StackExchange/dnscontrol/tree/main/pkg/notifications), and is a really simple interface to implement if you want to add
 new types or destinations.
 
 ## Configuration
diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index 8f1302fc68..dd0cb8173d 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -11,7 +11,7 @@ Please change the version number as appropriate.  Substitute (for example)
 
 ```shell
 export VERSION=v4.2.0
-git checkout master
+git checkout main
 git pull
 go fmt ./...
 go generate ./...
@@ -19,7 +19,7 @@ go mod tidy
 git commit -a -m "Update generated files for $VERSION"
 ```
 
-## Step 2. Tag the commit in master that you want to release
+## Step 2. Tag the commit in main that you want to release
 
 ```shell
 export VERSION=v4.2.0
@@ -152,7 +152,7 @@ Overview: You will fork the repo and add any secrets to your fork.  For security
 
 1. [Fork StackExchange/dnscontrol](https://github.com/StackExchange/dnscontrol/fork) in GitHub.
 
-    If you already have a fork, be sure to use the "sync fork" button on the main page to sync with master.
+    If you already have a fork, be sure to use the "sync fork" button on the main page to sync with the upstream.
 
 2. In your fork, set the `${DOMAIN}_DOMAIN` variable in GHA via Settings :: Secrets and variables :: Actions :: Variables.
 
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index a8c620ff00..523b39c675 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -2,18 +2,18 @@
 
 ## Where are the docs?
 
-TL;DR version: [`docs`](https://github.com/StackExchange/dnscontrol/tree/master/docs) is the [marketing website](https://dnscontrol.org). [`documentation`](https://github.com/StackExchange/dnscontrol/tree/master/documentation) is the [docs.dnscontrol.org](https://docs.dnscontrol.org/) website. (Yes, the names are backwards!)
+TL;DR version: [`docs`](https://github.com/StackExchange/dnscontrol/tree/main/docs) is the [marketing website](https://dnscontrol.org). [`documentation`](https://github.com/StackExchange/dnscontrol/tree/main/documentation) is the [docs.dnscontrol.org](https://docs.dnscontrol.org/) website. (Yes, the names are backwards!)
 
 **The two websites**
 
 1. <https://dnscontrol.org/>
    * The main website
-   * Source code: [`docs`](https://github.com/StackExchange/dnscontrol/tree/master/docs)
+   * Source code: [`docs`](https://github.com/StackExchange/dnscontrol/tree/main/docs)
    * Mostly "marketing" for the project.
    * Rarely changes.  Updated via GitHub "pages" feature.
 2. <https://docs.dnscontrol.org/>
    * Project documentation
-   * Source code: [`documentation`](https://github.com/StackExchange/dnscontrol/tree/master/documentation)
+   * Source code: [`documentation`](https://github.com/StackExchange/dnscontrol/tree/main/documentation)
    * Users and developer documentation
    * Changes frequently.  Updated via [GitBook](https://www.gitbook.com/)
 
@@ -21,10 +21,10 @@ TL;DR version: [`docs`](https://github.com/StackExchange/dnscontrol/tree/master/
 
 Within the git repo, docs are grouped:
 
-* [`documentation/`](https://github.com/StackExchange/dnscontrol/tree/master/documentation): general docs
-* [`documentation/providers/`](https://github.com/StackExchange/dnscontrol/tree/master/documentation/providers/): One file per provider
-* [`documentation/functions/`](https://github.com/StackExchange/dnscontrol/tree/master/documentation/functions/): One file per `dnsconfig.js` language feature
-* [`documentation/assets/FOO/`](https://github.com/StackExchange/dnscontrol/tree/master/documentation/assets/): Images for page FOO(PNGs only, please!)
+* [`documentation/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation): general docs
+* [`documentation/providers/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/providers/): One file per provider
+* [`documentation/functions/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/functions/): One file per `dnsconfig.js` language feature
+* [`documentation/assets/FOO/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/assets/): Images for page FOO(PNGs only, please!)
 
 ## How to add a new page?
 
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index a4cd00a8b0..42f1b58317 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -122,7 +122,7 @@ Directory names should be consitent.  It should be all lowercase and match the A
 ## Step 4: Activate the driver
 
 Edit
-[providers/\_all/all.go](https://github.com/StackExchange/dnscontrol/blob/master/providers/_all/all.go).
+[providers/\_all/all.go](https://github.com/StackExchange/dnscontrol/blob/main/providers/_all/all.go).
 Add the provider list so DNSControl knows it exists.
 
 ## Step 5: Implement
@@ -163,7 +163,7 @@ Integration tests use a test account and a test domain.
 All records will be deleted from the test domain!  Use a OTE domain or a real domain that isn't otherwise in use and can be destroyed.
 {% endhint %}
 
-* Edit [integrationTest/providers.json](https://github.com/StackExchange/dnscontrol/blob/master/integrationTest/providers.json):
+* Edit [integrationTest/providers.json](https://github.com/StackExchange/dnscontrol/blob/main/integrationTest/providers.json):
   * Add the `creds.json` info required for this provider in the form of environment variables.
 
 Now you can run the integration tests.
diff --git a/providers/desec/protocol.go b/providers/desec/protocol.go
index c7c1c4aa2d..f056352b57 100644
--- a/providers/desec/protocol.go
+++ b/providers/desec/protocol.go
@@ -144,7 +144,7 @@ func (c *desecProvider) buildIndexFromResponse(bodyString []byte) error {
 	return nil
 }
 
-// Parses the Link Header into a map (https://github.com/desec-io/desec-tools/blob/master/fetch_zone.py#L13)
+// Parses the Link Header into a map (https://github.com/desec-io/desec-tools/blob/main/fetch_zone.py#L13)
 func (c *desecProvider) convertLinks(links string) map[string]string {
 	mapping := make(map[string]string)
 	printer.Debugf("Header: %s\n", links)

From c1c59f703b0e80e3102e9f00fa0feebc1fa42b3c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 10 Jan 2024 19:49:36 -0500
Subject: [PATCH 122/438] CHORE: Update deps (#2787)

---
 go.mod |  46 +++++++++++++-------------
 go.sum | 102 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 73 insertions(+), 75 deletions(-)

diff --git a/go.mod b/go.mod
index 3baf463bee..7269ad2314 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.24.0
-	github.com/aws/aws-sdk-go-v2/config v1.26.2
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.13
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5
+	github.com/aws/aws-sdk-go-v2 v1.24.1
+	github.com/aws/aws-sdk-go-v2/config v1.26.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.14
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.84.0
+	github.com/cloudflare/cloudflare-go v0.85.0
 	github.com/digitalocean/godo v1.107.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -52,10 +52,10 @@ require (
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.27.1
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/net v0.19.0
-	golang.org/x/oauth2 v0.15.0
-	google.golang.org/api v0.154.0
+	golang.org/x/crypto v0.18.0 // indirect
+	golang.org/x/net v0.20.0
+	golang.org/x/oauth2 v0.16.0
+	google.golang.org/api v0.155.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -69,7 +69,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20231226003508-02704c960a9b
+	golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -81,15 +81,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -110,7 +110,7 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.4.0 // indirect
+	github.com/google/uuid v1.5.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
@@ -149,12 +149,12 @@ require (
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.16.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 // indirect
-	google.golang.org/grpc v1.59.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/grpc v1.60.1 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 23502d2c52..f8703c84de 100644
--- a/go.sum
+++ b/go.sum
@@ -39,34 +39,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
 github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.24.0 h1:890+mqQ+hTpNuw0gGP6/4akolQkSToDJgHfQE7AwGuk=
-github.com/aws/aws-sdk-go-v2 v1.24.0/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.2 h1:+RWLEIWQIGgrz2pBPAUoGgNGs1TOyF4Hml7hCnYj2jc=
-github.com/aws/aws-sdk-go-v2/config v1.26.2/go.mod h1:l6xqvUxt0Oj7PI/SUXYLNyZ9T/yBPn3YTQcJLLOdtR8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.13 h1:WLABQ4Cp4vXtXfOWOS3MEZKr6AAYUpMczLhgKtAjQ/8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.13/go.mod h1:Qg6x82FXwW0sJHzYruxGiuApNo31UEtJvXVSZAXeWiw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9 h1:v+HbZaCGmOwnTTVS86Fleq0vPzOd7tnJGbFhP0stNLs=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.9/go.mod h1:Xjqy+Nyj7VDLBtCMkQYOw1QYfAEZCVLrfI0ezve8wd4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9 h1:N94sVhRACtXyVcjXxrwK1SKFIJrA9pOJ5yu2eSHnmls=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.9/go.mod h1:hqamLz7g1/4EJP+GH5NBhcUMLjW+gKLQabgyz6/7WAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
+github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
+github.com/aws/aws-sdk-go-v2/config v1.26.3 h1:dKuc2jdp10y13dEEvPqWxqLoc0vF3Z9FC45MvuQSxOA=
+github.com/aws/aws-sdk-go-v2/config v1.26.3/go.mod h1:Bxgi+DeeswYofcYO0XyGClwlrq3DZEXli0kLf4hkGA0=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.14 h1:mMDTwwYO9A0/JbOCOG7EOZHtYM+o7OfGWfu0toa23VE=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.14/go.mod h1:cniAUh3ErQPHtCQGPT5ouvSAQ0od8caTO9OOuufZOAE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0 h1:7wh6KdJnej4T7sE/xfnZf5T+GQzp6GfoZi+5r6ZPlW8=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.36.0/go.mod h1:F9El48+5Tf+TkYJB/6M9H7oqXw9Mr9eVetwJ6SUql7g=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5 h1:WDr8iQXuDzL6ERqRvpdIy1ZdOjg6lXlEHSo8wOJiOyI=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.5/go.mod h1:7fnaaVoKfZaWJ8RuNYTYV3SkqD6BkFYlRuFDEkHajpc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.6 h1:HJeiuZ2fldpd0WqngyMR6KW7ofkXNLyOaHwEIGm39Cs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.6/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6 h1:CmFf5vN81i7l11gIw05mhkInK5+HByctL12Yr+0I+Og=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6/go.mod h1:26un6U1jrFWKQEYHzLur07aRQ6wsJcY6O30DmDkIjuY=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 h1:Yf2MIo9x+0tyv76GljxzqA3WtC5mw7NmazD2chwjxE4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
 github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.84.0 h1:1jQPJfq3nPdjKF+oqjTOSRAWcTCA6u5fcCVx7xGhLpg=
-github.com/cloudflare/cloudflare-go v0.84.0/go.mod h1:5pkAzpoWJYI5NekLZoRryQAcghYDhdbUxdcal1f7lu4=
+github.com/cloudflare/cloudflare-go v0.85.0 h1:GO5Alu5ldNdPyh5i9VSSM5ZdjL57u76Y4HNmwKKyHmA=
+github.com/cloudflare/cloudflare-go v0.85.0/go.mod h1:Cj+RG+ceGsRexXYLRydfTB7pjODi3YO5KeG6vnLV2cA=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -169,7 +169,6 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
@@ -204,8 +203,8 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
@@ -460,11 +459,11 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4=
-golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e h1:723BNChdd0c2Wk6WOE320qGBiPtYx0F0Bbm1kriShfE=
+golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -479,7 +478,6 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -490,11 +488,11 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
-golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -526,8 +524,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -561,28 +559,28 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.154.0 h1:X7QkVKZBskztmpPKWQXgjJRPA2dJYrL6r+sYPRLj050=
-google.golang.org/api v0.154.0/go.mod h1:qhSMkM85hgqiokIYsrRyKxrjfBeIhgl4Z2JmeRkYylc=
+google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
+google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
+google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f h1:Vn+VyHU5guc9KjB5KrjI2q0wCOWEOIh0OEsleqakHJg=
-google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f/go.mod h1:nWSwAFPb+qfNJXsoeO3Io7zf4tMSfN8EA8RlDA04GhY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f h1:2yNACc1O40tTnrsbk9Cv6oxiW8pxI/pXj0wRtdlYmgY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4 h1:DC7wcm+i+P1rN3Ff07vL+OndGg5OhNddHyTA+ocPqYE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231127180814-3a041ad873d4/go.mod h1:eJVxU6o+4G1PSczBr85xmyvSNYAKvAYgkub40YGomFM=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
+google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
+google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
+google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
+google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 5d57677c05ffa0d8385b0d72e1dec9834855744a Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 11 Jan 2024 20:34:12 +0100
Subject: [PATCH 123/438] DOCS: TransIP - Described API limitations (#2789)

---
 documentation/providers/transip.md | 36 ++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/documentation/providers/transip.md b/documentation/providers/transip.md
index 94af314d81..2cae3c7f27 100644
--- a/documentation/providers/transip.md
+++ b/documentation/providers/transip.md
@@ -59,3 +59,39 @@ D("example.com", REG_NONE, DnsProvider(DSP_TRANSIP),
 ## Activation
 
 TransIP depends on a TransIP personal access token.
+
+## Limitations
+
+> "When multiple or none of the current DNS entries matches, the response will be an error with http status code 406." — _[TransIP - REST API - Update single DNS entry](https://api.transip.nl/rest/docs.html#domains-dns-patch)_
+
+This makes it not possible, for example, to update a [`CAA()`](../functions/domain/CAA.md) record in one update. Instead, the old DNS entry is deleted and the replacement is added. You'll see `[1/2]` and `[2/2]` in the DNSControl output whenever this happens.
+
+### Example with a `CAA_BUILDER()`
+
+{% code title="dnsconfig.js" %}
+```diff
+CAA_BUILDER({
+    label: '@',
+    iodef: 'mailto:info@cafferata.dev',
++   iodef_critical: true,
+    issue: [
+        'letsencrypt.org',
+    ],
+    issuewild: 'none',
+}),
+```
+{% endcode %}
+
+```shell
+dnscontrol push --domains cafferata.dev
+```
+
+```shell
+******************** Domain: cafferata.dev
+2 corrections (transip)
+#1: [2/2] delete: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
+SUCCESS!
+#2: [1/2] create: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
+SUCCESS!
+Done. 2 corrections.
+```

From 82d6a9b124dc81f584f909464c70a564582884c9 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 11 Jan 2024 20:34:54 +0100
Subject: [PATCH 124/438] DOCS: Fixed the broken `CAA_BUILDER()` link (#2790)

---
 documentation/functions/domain/CAA.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/functions/domain/CAA.md b/documentation/functions/domain/CAA.md
index bcea062022..d7864cea79 100644
--- a/documentation/functions/domain/CAA.md
+++ b/documentation/functions/domain/CAA.md
@@ -38,4 +38,4 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 ```
 {% endcode %}
 
-DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
+DNSControl contains a [`CAA_BUILDER`](CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.

From 057c921ebf40c4d3734167ebf52642d8180c1cbb Mon Sep 17 00:00:00 2001
From: Vincent Hagen <blackshadev@users.noreply.github.com>
Date: Thu, 11 Jan 2024 20:35:16 +0100
Subject: [PATCH 125/438] TRANSIP: Fix description of multirecord updates to be
 increasing (#2791)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/transip/transipProvider.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index 51b4706780..ed2e6e6a77 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -179,7 +179,7 @@ func (n *transipProvider) recreateRecordSet(dc *models.DomainConfig, change diff
 		}
 
 		nativeRec, _ := recordToNative(rec, true)
-		createCorrection := change.CreateCorrectionWithMessage("[2/2] delete", func() error { return n.domains.RemoveDNSEntry(dc.Name, nativeRec) })
+		createCorrection := change.CreateCorrectionWithMessage("[1/2] delete", func() error { return n.domains.RemoveDNSEntry(dc.Name, nativeRec) })
 		corrections = append(corrections, createCorrection)
 	}
 
@@ -189,7 +189,7 @@ func (n *transipProvider) recreateRecordSet(dc *models.DomainConfig, change diff
 		}
 
 		nativeRec, _ := recordToNative(rec, false)
-		createCorrection := change.CreateCorrectionWithMessage("[1/2] create", func() error { return n.domains.AddDNSEntry(dc.Name, nativeRec) })
+		createCorrection := change.CreateCorrectionWithMessage("[2/2] create", func() error { return n.domains.AddDNSEntry(dc.Name, nativeRec) })
 		corrections = append(corrections, createCorrection)
 	}
 

From 1db0ae2dc8dac99cc7de4fdb7abf636ce57471fc Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 11 Jan 2024 23:24:09 +0100
Subject: [PATCH 126/438] TRANSIP: Audit records verified (#2794)

---
 providers/transip/auditrecords.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/providers/transip/auditrecords.go b/providers/transip/auditrecords.go
index d90663b352..281058d85a 100644
--- a/providers/transip/auditrecords.go
+++ b/providers/transip/auditrecords.go
@@ -11,19 +11,21 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
+	a.Add("ALIAS", rejectif.LabelNotApex) // Last verified 2024-01-11
+
 	a.Add("MX", rejectif.MxNull) // Last verified 2023-12-04
 
-	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2023-12-04
+	a.Add("TXT", rejectif.TxtHasBackticks) // Last verified 2024-01-11
 
-	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-12-04
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2024-01-11
 
-	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-12-04
+	a.Add("TXT", rejectif.TxtStartsOrEndsWithSpaces) // Last verified 2024-01-11
 
-	a.Add("TXT", rejectif.TxtStartsOrEndsWithSpaces) // Last verified 2023-12-10
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2024-01-11
 
-	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-12-10
+	a.Add("TXT", rejectif.TxtLongerThan(1024)) // Last verified 2024-01-11
 
-	a.Add("TXT", rejectif.TxtLongerThan(1024)) // Last verified 2023-12-15
+	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2024-01-11
 
 	return a.Audit(records)
 }

From 447db0e68cc3ef98d6b6dcec16a805a7d7782ac3 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 11 Jan 2024 23:25:16 +0100
Subject: [PATCH 127/438] DOCS: TransIP - Updated console output (#2793)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers/transip.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers/transip.md b/documentation/providers/transip.md
index 2cae3c7f27..a05e10e9c6 100644
--- a/documentation/providers/transip.md
+++ b/documentation/providers/transip.md
@@ -89,9 +89,9 @@ dnscontrol push --domains cafferata.dev
 ```shell
 ******************** Domain: cafferata.dev
 2 corrections (transip)
-#1: [2/2] delete: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
+#1: [1/2] delete: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
 SUCCESS!
-#2: [1/2] create: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
+#2: [2/2] create: ± MODIFY cafferata.dev CAA (0 iodef "mailto:info@cafferata.dev" ttl=86400) -> (128 iodef "mailto:info@cafferata.dev" ttl=86400)
 SUCCESS!
 Done. 2 corrections.
 ```

From 56220fba5f94b13c935dea782682f4fd45d6d0a1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 11 Jan 2024 17:25:31 -0500
Subject: [PATCH 128/438] DOCS: Clarify PTR example (#2792)

---
 documentation/functions/domain/PTR.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/documentation/functions/domain/PTR.md b/documentation/functions/domain/PTR.md
index 889920310f..a0f140008a 100644
--- a/documentation/functions/domain/PTR.md
+++ b/documentation/functions/domain/PTR.md
@@ -48,9 +48,9 @@ then the name will be replaced with `4.3`.  Note that the output
 of `REV("1.2.3.4")` is `4.3.2.1.in-addr.arpa.`, which means the following
 are all equivalent:
 
-* `PTR(REV("1.2.3.4"), `
-* `PTR("4.3.2.1.in-addr.arpa."), `
-* `PTR("4.3",`    // Assuming the domain is `2.1.in-addr.arpa`
+* `PTR(REV("1.2.3.4", ...`
+* `PTR("4.3.2.1.in-addr.arpa.", ...`
+* `PTR("4.3", ...`    // Assuming the domain is `2.1.in-addr.arpa`
 
 All magic is RFC2317-aware. We use the first format listed in the
 RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is

From fbd436f607b5bc0d781093dbd5df245dbd622d9a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Jan 2024 06:08:40 -0500
Subject: [PATCH 129/438] Build(deps): Bump actions/cache from 3.3.2 to 3.3.3
 (#2796)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 7af78c99ff..ec5e69d619 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v3.3.2
+      uses: actions/cache@v3.3.3
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -186,7 +186,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v3.3.2
+      uses: actions/cache@v3.3.3
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From 5dfc8ca935d86cf6d80863ab307d83d1fa320b3b Mon Sep 17 00:00:00 2001
From: Yuhui Xu <xuyh0120@outlook.com>
Date: Thu, 18 Jan 2024 06:06:36 -0800
Subject: [PATCH 130/438] GCORE: enable ALIAS records (#2802)

---
 providers/gcore/gcoreProvider.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index 81d2fceb8e..357c7c4b0b 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -43,7 +43,7 @@ func NewGCore(m map[string]string, metadata json.RawMessage) (providers.DNSServi
 var features = providers.DocumentationNotes{
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanUseAlias:            providers.Cannot(),
+	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUseLOC:              providers.Cannot(),
@@ -136,6 +136,13 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 	var deletions []*models.Correction
 	var reports []*models.Correction
 
+	// Gcore auto uses ALIAS for apex zone CNAME records, just like CloudFlare
+	for _, rec := range dc.Records {
+		if rec.Type == "ALIAS" {
+			rec.Type = "CNAME"
+		}
+	}
+
 	changes, err := diff2.ByRecordSet(existing, dc, nil)
 	if err != nil {
 		return nil, err

From 513caa5af1ece816d6dbd06da75ead6243c24d6a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 18 Jan 2024 14:45:30 -0500
Subject: [PATCH 131/438] CICD: Add nullMX tests (#2801)

---
 integrationTest/integration_test.go | 49 +++++++++++++++++++++++++++--
 1 file changed, 47 insertions(+), 2 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index d186c63287..8af42e0b99 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1035,12 +1035,57 @@ func makeTests(t *testing.T) []*TestGroup {
 			),
 		),
 
-		testgroup("MX",
+		testgroup("ApexMX",
 			tc("Record pointing to @",
 				mx("foo", 8, "**current-domain**"),
 				a("@", "1.2.3.4"),
 			),
-			tc("Null MX", mx("@", 0, ".")), // RFC 7505
+		),
+
+		// RFC 7505 NullMX
+		testgroup("NullMX",
+			not(
+				"TRANSIP", // TRANSIP is slow and doesn't support NullMX. Skip to save time.
+			),
+			tc("create", // Install a Null MX.
+				a("nmx", "1.2.3.3"), // Install this so it is ready for the next tc()
+				a("www", "1.2.3.9"), // Install this so it is ready for the next tc()
+				mx("nmx", 0, "."),
+			),
+			tc("unnull", // Change to regular MX.
+				a("nmx", "1.2.3.3"),
+				a("www", "1.2.3.9"),
+				mx("nmx", 3, "nmx.**current-domain**"),
+				mx("nmx", 9, "www.**current-domain**"),
+			),
+			tc("renull", // Change back to Null MX.
+				a("nmx", "1.2.3.3"),
+				a("www", "1.2.3.9"),
+				mx("nmx", 0, "."),
+			),
+		),
+
+		// RFC 7505 NullMX at Apex
+		testgroup("NullMXApex",
+			not(
+				"TRANSIP", // TRANSIP is slow and doesn't support NullMX. Skip to save time.
+			),
+			tc("create", // Install a Null MX.
+				a("@", "1.2.3.2"),   // Install this so it is ready for the next tc()
+				a("www", "1.2.3.8"), // Install this so it is ready for the next tc()
+				mx("@", 0, "."),
+			),
+			tc("unnull", // Change to regular MX.
+				a("@", "1.2.3.2"),
+				a("www", "1.2.3.8"),
+				mx("@", 2, "**current-domain**"),
+				mx("@", 8, "www.**current-domain**"),
+			),
+			tc("renull", // Change back to Null MX.
+				a("@", "1.2.3.2"),
+				a("www", "1.2.3.8"),
+				mx("@", 0, "."),
+			),
 		),
 
 		testgroup("NS",

From f5575bba4fbfffd0f5bb28e3c3c18162cd3077d9 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 18 Jan 2024 20:45:48 +0100
Subject: [PATCH 132/438] CHORE: Missed generated content (#2803)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts | 8 ++++----
 documentation/providers.md     | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 76a8a10af1..5df946bfb5 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -363,7 +363,7 @@ declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target:
  * );
  * ```
  *
- * DNSControl contains a [`CAA_BUILDER`](../record/CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
+ * DNSControl contains a [`CAA_BUILDER`](CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa
  */
@@ -2230,9 +2230,9 @@ declare function PANIC(message: string): never;
  * of `REV("1.2.3.4")` is `4.3.2.1.in-addr.arpa.`, which means the following
  * are all equivalent:
  *
- * * `PTR(REV("1.2.3.4"), `
- * * `PTR("4.3.2.1.in-addr.arpa."), `
- * * `PTR("4.3",`    // Assuming the domain is `2.1.in-addr.arpa`
+ * * `PTR(REV("1.2.3.4", ...`
+ * * `PTR("4.3.2.1.in-addr.arpa.", ...`
+ * * `PTR("4.3", ...`    // Assuming the domain is `2.1.in-addr.arpa`
  *
  * All magic is RFC2317-aware. We use the first format listed in the
  * RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
diff --git a/documentation/providers.md b/documentation/providers.md
index 9efd84de74..b199925c35 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -35,7 +35,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
 | [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❔ |

From da0f97d37af90db42300f9fec5c0899b8735a7ad Mon Sep 17 00:00:00 2001
From: PJEilers <pieterjaneilers@gmail.com>
Date: Thu, 18 Jan 2024 20:47:04 +0100
Subject: [PATCH 133/438] DOCS: realtimeregister: Add security advice about
 creds (#2795)

Co-authored-by: pieterjan.eilers <pieterjan.eilers@realtimeregister.com>
---
 documentation/providers/realtimeregister.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/documentation/providers/realtimeregister.md b/documentation/providers/realtimeregister.md
index 12d27dbb9d..1471faa730 100644
--- a/documentation/providers/realtimeregister.md
+++ b/documentation/providers/realtimeregister.md
@@ -26,7 +26,9 @@ If premium is set to "1", you will only be able to update zones using Premium DN
 will only be able to update zones using Basic DNS.
 
 **Important Notes**:
-* Anyone with access to this `creds.json` file will have *full* access to your RTR account and will be able to transfer or delete your domains
+* It is recommended to create a 'DNSControl' user in your account settings with limited permissions
+(i.e. VIEW_DNS_ZONE, CREATE_DNS_ZONE, UPDATE_DNS_ZONE, VIEW_DOMAIN, UPDATE_DOMAIN), otherwise anyone with
+access to this `creds.json` file might have *full* access to your RTR account and will be able to transfer or delete your domains.
 
 ## Metadata
 This provider does not recognize any special metadata fields unique to Realtime Register.

From d926e454d08eb642d99c8710c63cab749d55ff87 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 18 Jan 2024 15:54:24 -0500
Subject: [PATCH 134/438] CHORE: Update deps (#2804)

---
 go.mod | 32 ++++++++++++-------------
 go.sum | 74 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/go.mod b/go.mod
index 7269ad2314..6380ffe92e 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.21.1
 retract v4.8.0
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
@@ -17,8 +17,8 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.3
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.14
+	github.com/aws/aws-sdk-go-v2/config v1.26.5
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
@@ -26,7 +26,7 @@ require (
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
 	github.com/cloudflare/cloudflare-go v0.85.0
-	github.com/digitalocean/godo v1.107.0
+	github.com/digitalocean/godo v1.108.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -36,7 +36,7 @@ require (
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.10.0
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.57
+	github.com/miekg/dns v1.1.58
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
@@ -55,7 +55,7 @@ require (
 	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/net v0.20.0
 	golang.org/x/oauth2 v0.16.0
-	google.golang.org/api v0.155.0
+	google.golang.org/api v0.156.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -69,7 +69,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e
+	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -79,7 +79,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/andybalholm/cascadia v1.3.1 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
@@ -87,8 +87,8 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
 	github.com/aws/smithy-go v1.19.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
@@ -105,7 +105,7 @@ require (
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
-	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -132,7 +132,7 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/peterhellberg/link v1.1.0 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -148,14 +148,14 @@ require (
 	go.opentelemetry.io/otel/metric v1.21.0 // indirect
 	go.opentelemetry.io/otel/trace v1.21.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.16.0 // indirect
+	golang.org/x/tools v0.17.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
 	google.golang.org/grpc v1.60.1 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index f8703c84de..e25cb3bfb5 100644
--- a/go.sum
+++ b/go.sum
@@ -5,8 +5,8 @@ cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGB
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
@@ -21,8 +21,8 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
@@ -41,10 +41,10 @@ github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEq
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
 github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.3 h1:dKuc2jdp10y13dEEvPqWxqLoc0vF3Z9FC45MvuQSxOA=
-github.com/aws/aws-sdk-go-v2/config v1.26.3/go.mod h1:Bxgi+DeeswYofcYO0XyGClwlrq3DZEXli0kLf4hkGA0=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.14 h1:mMDTwwYO9A0/JbOCOG7EOZHtYM+o7OfGWfu0toa23VE=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.14/go.mod h1:cniAUh3ErQPHtCQGPT5ouvSAQ0od8caTO9OOuufZOAE=
+github.com/aws/aws-sdk-go-v2/config v1.26.5 h1:lodGSevz7d+kkFJodfauThRxK9mdJbyutUxGq1NNhvw=
+github.com/aws/aws-sdk-go-v2/config v1.26.5/go.mod h1:DxHrz6diQJOc9EwDslVRh84VjjrE17g+pVZXUeSxaDU=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
+github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
@@ -61,10 +61,10 @@ github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec
 github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6 h1:CmFf5vN81i7l11gIw05mhkInK5+HByctL12Yr+0I+Og=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6/go.mod h1:26un6U1jrFWKQEYHzLur07aRQ6wsJcY6O30DmDkIjuY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.6 h1:dGrs+Q/WzhsiUKh82SfTVN66QzyulXuMDTV/G8ZxOac=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.6/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6 h1:Yf2MIo9x+0tyv76GljxzqA3WtC5mw7NmazD2chwjxE4=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.6/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
+github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
 github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
 github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.107.0 h1:P72IbmGFQvKOvyjVLyT59bmHxilA4E5hWi40rF4zNQc=
-github.com/digitalocean/godo v1.107.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.108.0 h1:fWyMENvtxpCpva1UbKzOFnyAS04N1FNuBWWfPeTGquQ=
+github.com/digitalocean/godo v1.108.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -161,8 +161,8 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
+github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -329,8 +329,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM=
-github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk=
+github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
+github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -361,8 +361,8 @@ github.com/peterhellberg/link v1.1.0 h1:s2+RH8EGuI/mI4QwrWGSYQCRz7uNgip9BaM04HKu
 github.com/peterhellberg/link v1.1.0/go.mod h1:gtSlOT4jmkY8P47hbTc8PTgiDDWpdPbFYl75keYyBB8=
 github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d h1:nf4+lHs8TQeIGFYZMcNg4iQOnZndLfYxnQaKEdqHVA4=
 github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d/go.mod h1:VDIGNBy0tHXMDAu4gxHFQJDq3NuwqUxw2Kok7wi+6ck=
-github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
-github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -462,8 +462,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e h1:723BNChdd0c2Wk6WOE320qGBiPtYx0F0Bbm1kriShfE=
-golang.org/x/exp v0.0.0-20240110193028-0dcbfd608b1e/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o=
+golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -499,8 +499,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -513,7 +513,6 @@ golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -522,6 +521,7 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
@@ -553,14 +553,14 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
-golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
+golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
-google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
+google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ=
+google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -568,12 +568,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg=
-google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 h1:EWIeHfGuUf00zrVZGEgYFxok7plSAXBGcH7NNdMAWvA=
-google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3/go.mod h1:k2dtGpRrbsSyKcNPKKI5sstZkrNCZwpU/ns96JoHbGg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos=
+google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o=
+google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -593,8 +593,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20160105164936-4f90aeace3a2/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From 5a90eae11533baf74488e8138f411729d333f220 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 22 Jan 2024 21:22:52 +0100
Subject: [PATCH 135/438] DOCS: [GitBook] Remove configuration file (#2807)

---
 .gitbook.yaml | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 .gitbook.yaml

diff --git a/.gitbook.yaml b/.gitbook.yaml
deleted file mode 100644
index b346c76c61..0000000000
--- a/.gitbook.yaml
+++ /dev/null
@@ -1 +0,0 @@
-root: ./documentation/

From ba87993278054762b3827ddda77d9212a929e9b2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jan 2024 09:47:16 -0500
Subject: [PATCH 136/438] Build(deps): Bump actions/cache from 3.3.3 to 4.0.0
 (#2806)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index ec5e69d619..a187cb8840 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v3.3.3
+      uses: actions/cache@v4.0.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -186,7 +186,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v3.3.3
+      uses: actions/cache@v4.0.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From 881a641f0de289b1625076f47cd4ffec78147b39 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 24 Jan 2024 12:07:53 -0500
Subject: [PATCH 137/438] CHORE: Update deps (#2811)

---
 go.mod | 12 ++++++------
 go.sum | 30 ++++++++++++++++--------------
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index 6380ffe92e..6ab5dce408 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.5
+	github.com/aws/aws-sdk-go-v2/config v1.26.6
 	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
@@ -25,7 +25,7 @@ require (
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.85.0
+	github.com/cloudflare/cloudflare-go v0.86.0
 	github.com/digitalocean/godo v1.108.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -55,7 +55,7 @@ require (
 	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/net v0.20.0
 	golang.org/x/oauth2 v0.16.0
-	google.golang.org/api v0.156.0
+	google.golang.org/api v0.157.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -69,7 +69,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3
+	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -84,7 +84,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
@@ -153,7 +153,7 @@ require (
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.17.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
 	google.golang.org/grpc v1.60.1 // indirect
 	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index e25cb3bfb5..3f7acbaba1 100644
--- a/go.sum
+++ b/go.sum
@@ -41,8 +41,8 @@ github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEq
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
 github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.5 h1:lodGSevz7d+kkFJodfauThRxK9mdJbyutUxGq1NNhvw=
-github.com/aws/aws-sdk-go-v2/config v1.26.5/go.mod h1:DxHrz6diQJOc9EwDslVRh84VjjrE17g+pVZXUeSxaDU=
+github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
+github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
 github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
@@ -51,8 +51,8 @@ github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5B
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
@@ -91,6 +91,8 @@ github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cloudflare/cloudflare-go v0.85.0 h1:GO5Alu5ldNdPyh5i9VSSM5ZdjL57u76Y4HNmwKKyHmA=
 github.com/cloudflare/cloudflare-go v0.85.0/go.mod h1:Cj+RG+ceGsRexXYLRydfTB7pjODi3YO5KeG6vnLV2cA=
+github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI=
+github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -462,8 +464,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o=
-golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -559,8 +561,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.156.0 h1:yloYcGbBtVYjLKQe4enCunxvwn3s2w/XPrrhVf6MsvQ=
-google.golang.org/api v0.156.0/go.mod h1:bUSmn4KFO0Q+69zo9CNIDp4Psi6BqM0np0CbzKRSiSY=
+google.golang.org/api v0.157.0 h1:ORAeqmbrrozeyw5NjnMxh7peHO0UzV4wWYSwZeCUb20=
+google.golang.org/api v0.157.0/go.mod h1:+z4v4ufbZ1WEpld6yMGHyggs+PmAHiaLNj5ytP3N01g=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -568,12 +570,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 h1:YJ5pD9rF8o9Qtta0Cmy9rdBwkSjrTCT6XTiUQVOtIos=
-google.golang.org/genproto v0.0.0-20231212172506-995d672761c0/go.mod h1:l/k7rMz0vFTBPy+tFSGvXEd3z+BcoG1k7EHbqm+YBsY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0 h1:s1w3X6gQxwrLEpxnLd/qXTVLgQE2yXwaOaoa6IlY/+o=
-google.golang.org/genproto/googleapis/api v0.0.0-20231212172506-995d672761c0/go.mod h1:CAny0tYF+0/9rmDB9fahA9YLzX3+AEVl1qXbv5hhj6c=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU=
+google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg=
+google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM=
+google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From eb451020294a88576dd77f42c4ecf4bed0a62837 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 24 Jan 2024 12:08:10 -0500
Subject: [PATCH 138/438] DOCS: Clarify Windows use of --creds filename (#2812)

---
 documentation/creds-json.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/documentation/creds-json.md b/documentation/creds-json.md
index 8b57e1c00c..8c2f1eff38 100644
--- a/documentation/creds-json.md
+++ b/documentation/creds-json.md
@@ -178,9 +178,8 @@ The `--creds` flag allows you to specify a different file name.
 * Do not end the filename with `.yaml` or `.yml` as some day we hope to support YAML.
 * Rather than specifying a file, you can specify a program or shell command to be run. The output of the program/command must be valid JSON and will be read the same way.
   * If the name begins with `!`, the remainder of the name is taken to be a shell command or program to be run.
-  * If the name is a file that is executable (chmod `+x` bit), it is taken as the command to be run.
+  * If the name is a file that is executable (chmod `+x` bit), it is taken as the command to be run (Linux/MacOS only).
   * Exceptions: The `x` bit is not checked if the filename ends with `.yaml`, `.yml` or `.json`.
-  * Windows: Executing an external script isn't supported. There's no code that prevents it from trying, but it isn't supported.
 
 ### Example commands
 
@@ -198,7 +197,7 @@ dnscontrol preview --creds /some/absolute/path/creds.sh
 Following commands would execute a shell command:
 
 ```shell
-dnscontrol preview --creds "!op inject -i creds.json.tpl"
+dnscontrol preview --creds '!op inject -i creds.json.tpl'
 ```
 
 This example requires the [1Password command-line tool](https://developer.1password.com/docs/cli/)

From 916e9418e7cafbbb7f9d264853f8e9f5617e216a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 24 Jan 2024 12:09:09 -0500
Subject: [PATCH 139/438] Update generated files for v4.8.2

---
 go.sum | 2 --
 1 file changed, 2 deletions(-)

diff --git a/go.sum b/go.sum
index 3f7acbaba1..6588c5aa66 100644
--- a/go.sum
+++ b/go.sum
@@ -89,8 +89,6 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.85.0 h1:GO5Alu5ldNdPyh5i9VSSM5ZdjL57u76Y4HNmwKKyHmA=
-github.com/cloudflare/cloudflare-go v0.85.0/go.mod h1:Cj+RG+ceGsRexXYLRydfTB7pjODi3YO5KeG6vnLV2cA=
 github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI=
 github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=

From f010c1b62644d0b0d7de9aedd1ca55803ff9fc01 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Fri, 26 Jan 2024 20:14:23 +0100
Subject: [PATCH 140/438] CICD: GoReleaser JSON Schema (#2816)

---
 .goreleaser.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index c596a98d8d..e7bcd2309d 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,3 +1,4 @@
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
 builds:
   -
     id: build

From c9e9e21b303578fe01cdc14ab05694786f887cb7 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 28 Jan 2024 09:38:58 -0500
Subject: [PATCH 141/438] CICD: Bugfix: Changes introduced while tagging new
 releases cause git problems (#2818)

---
 documentation/release-engineering.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index dd0cb8173d..a6b961d5d6 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -24,7 +24,7 @@ git commit -a -m "Update generated files for $VERSION"
 ```shell
 export VERSION=v4.2.0
 git tag -m "Release $VERSION" -a $VERSION
-git push origin --tags
+git push origin HEAD --tags
 ```
 
 Soon after

From d1b599b7954ec17957da48a84642d1ad32c62eeb Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sun, 28 Jan 2024 15:40:29 +0100
Subject: [PATCH 142/438] CICD: GitHub Action check git status (#2817)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_check_git_status.yml | 26 +++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/pr_check_git_status.yml

diff --git a/.github/workflows/pr_check_git_status.yml b/.github/workflows/pr_check_git_status.yml
new file mode 100644
index 0000000000..4991fe5ccb
--- /dev/null
+++ b/.github/workflows/pr_check_git_status.yml
@@ -0,0 +1,26 @@
+name: "PR: Check git status"
+on:
+  push:
+    branches:
+      - 'tlim_testpr'
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  check-git-status:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ github.event.pull_request.head.repo.full_name }}
+        ref: ${{ github.event.pull_request.head.ref }}
+    - uses: actions/setup-go@v5
+      with:
+        go-version: stable
+    - run: go install golang.org/x/tools/cmd/stringer@latest
+    - run: go fmt ./...
+    - run: go mod tidy
+    - run: go generate ./...
+    - uses: CatChen/check-git-status-action@v1
+      with:
+        fail-if-not-clean: true

From e3ea652af3496c9acc95a3102f95aa3f71a73526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=B8?= <37530178+riku22@users.noreply.github.com>
Date: Mon, 29 Jan 2024 20:35:12 +0900
Subject: [PATCH 143/438] Docs: Fixed step number in `writing-providers`
 (#2820)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/writing-providers.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 42f1b58317..c273cc8fed 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -232,7 +232,7 @@ an automated way to test for this bug.  The manual steps are here in
 a particular integration test, or request feedback.
 {% endhint %}
 
-## Step 9: Capabilities
+## Step 10: Capabilities
 
 Some DNS providers have features that others do not.  For example some
 support the SRV record.  A provider announces what it can do using
@@ -265,7 +265,7 @@ you want to implement.
 FYI: If a provider's capabilities changes, run `go generate` to update
 the documentation.
 
-## Step 10: Automated code tests
+## Step 11: Automated code tests
 
 Run `go vet` and [`staticcheck`](https://staticcheck.io/) and clean up any errors found.
 
@@ -289,17 +289,17 @@ go install golang.org/x/lint/golint
 golint ./...
 ```
 
-## Step 11: Dependencies
+## Step 12: Dependencies
 
 See [documentation/release-engineering.md](release-engineering.md)
 for tips about managing modules and checking for outdated
 dependencies.
 
-## Step 12: Modify the release regexp
+## Step 13: Modify the release regexp
 
 In the repo root, open `.goreleaser.yml` and add the provider to `Provider-specific changes` regexp.
 
-## Step 13: Check your work
+## Step 14: Check your work
 
 These are the things we'll be checking when you submit the PR.  Please try to complete all or as many of these as possible.
 
@@ -315,12 +315,12 @@ These are the things we'll be checking when you submit the PR.  Please try to co
   * `integrationTest/providers.json`
     * `providers/_all/all.go`
 3. Review the code for style issues, remove debug statements, make sure all exported functions have a comment, and generally tighten up the code.
-4. Verify you're using the most recent version of anything you import.  (See [Step 13](#step-11-dependencies))
+4. Verify you're using the most recent version of anything you import.  (See [Step 12](#step-12-dependencies))
 5. Re-run the [integration test](#step-7-integration-test) one last time.
   * Post the results as a comment to your PR.
 6. Re-read the [maintainer's responsibilities](providers.md#providers-with-contributor-support) bullet list.  By submitting a provider you agree to maintain it, respond to bugs, periodically re-run the integration test to verify nothing has broken, and if we don't hear from you for 2 months we may disable the provider.
 
-## Step 14: Submit a PR
+## Step 15: Submit a PR
 
 At this point you can submit a PR.
 
@@ -328,7 +328,7 @@ Actually you can submit the PR even earlier if you just want feedback,
 input, or have questions.  This is just a good stopping place to
 submit a PR if you haven't already.
 
-## Step 15: After the PR is merged
+## Step 16: After the PR is merged
 
 1. Close any related GitHub issues.
 3. Would you like your provider to be tested automatically as part of every PR?  Sure you would!  Follow the instructions in [Bring-Your-Own-Secrets for automated testing](byo-secrets.md)

From 0f4ca76ad43e6b10114ca0480836fdf26a714536 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 14:35:30 -0500
Subject: [PATCH 144/438] Build(deps): Bump alpine from 3.19.0 to 3.19.1
 (#2823)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 52a8ff8f88..d97597c985 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.19.0@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48 as RUN
+FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From 3beb49f267e26dd35a07b5cdeda8a9c65ed54992 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 1 Feb 2024 14:36:05 -0500
Subject: [PATCH 145/438] Build(deps): Bump github.com/softlayer/softlayer-go
 from 1.1.2 to 1.1.3 (#2827)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6ab5dce408..8fcff20ad3 100644
--- a/go.mod
+++ b/go.mod
@@ -47,7 +47,7 @@ require (
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
 	github.com/robertkrimen/otto v0.3.0
-	github.com/softlayer/softlayer-go v1.1.2
+	github.com/softlayer/softlayer-go v1.1.3
 	github.com/stretchr/testify v1.8.4
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.27.1
diff --git a/go.sum b/go.sum
index 6588c5aa66..a49d763ed5 100644
--- a/go.sum
+++ b/go.sum
@@ -398,8 +398,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
-github.com/softlayer/softlayer-go v1.1.2 h1:rUSSGCyaxymvTOsaFjwr+cGxA8muw3xg2LSrIMNcN/c=
-github.com/softlayer/softlayer-go v1.1.2/go.mod h1:hvAbzGH4LRXA6yXY8BNx99yoqZ7urfDdtl9mvBf0G+g=
+github.com/softlayer/softlayer-go v1.1.3 h1:dfFzt5eOKIAyB/b78fHMyDu5ICx0ZtxL9NRhBlf831A=
+github.com/softlayer/softlayer-go v1.1.3/go.mod h1:Pc7F57OgUKaAam7TtpqkUeqL7QyKknfiUI4R49h41/U=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 139cc2826fe2dc27df28c5f32c3aa827fa121d8c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 1 Feb 2024 15:13:48 -0500
Subject: [PATCH 146/438] CHORE: Upgrade deps (#2829)

---
 go.mod | 18 +++++++++---------
 go.sum | 36 ++++++++++++++++++------------------
 2 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/go.mod b/go.mod
index 8fcff20ad3..d9191ce3f7 100644
--- a/go.mod
+++ b/go.mod
@@ -19,13 +19,13 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.24.1
 	github.com/aws/aws-sdk-go-v2/config v1.26.6
 	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.86.0
+	github.com/cloudflare/cloudflare-go v0.87.0
 	github.com/digitalocean/godo v1.108.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -34,7 +34,7 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.10.0
+	github.com/hashicorp/vault/api v1.11.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.58
 	github.com/mittwald/go-powerdns v0.6.2
@@ -55,7 +55,7 @@ require (
 	golang.org/x/crypto v0.18.0 // indirect
 	golang.org/x/net v0.20.0
 	golang.org/x/oauth2 v0.16.0
-	google.golang.org/api v0.157.0
+	google.golang.org/api v0.161.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -100,7 +100,7 @@ require (
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
@@ -143,10 +143,10 @@ require (
 	github.com/stretchr/objx v0.5.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
-	go.opentelemetry.io/otel v1.21.0 // indirect
-	go.opentelemetry.io/otel/metric v1.21.0 // indirect
-	go.opentelemetry.io/otel/trace v1.21.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
+	go.opentelemetry.io/otel v1.22.0 // indirect
+	go.opentelemetry.io/otel/metric v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	golang.org/x/mod v0.14.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.16.0 // indirect
diff --git a/go.sum b/go.sum
index a49d763ed5..b3f00e0601 100644
--- a/go.sum
+++ b/go.sum
@@ -57,8 +57,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0 h1:f3hBZWtpn9clZGXJoqahQeec9ZPZnu22g8pg+zNyif0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.37.0/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1 h1:U7OksynDSIFScG+7sGqOuJh+fP1USMkNtjxzGFZYG34=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6 h1:CmFf5vN81i7l11gIw05mhkInK5+HByctL12Yr+0I+Og=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6/go.mod h1:26un6U1jrFWKQEYHzLur07aRQ6wsJcY6O30DmDkIjuY=
 github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.86.0 h1:jEKN5VHNYNYtfDL2lUFLTRo+nOVNPFxpXTstVx0rqHI=
-github.com/cloudflare/cloudflare-go v0.86.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
+github.com/cloudflare/cloudflare-go v0.87.0 h1:hLuXnDneECNpen4YwfA4+kcjyv8gsj30kOJsHPyw9pI=
+github.com/cloudflare/cloudflare-go v0.87.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -138,8 +138,8 @@ github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
 github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -241,8 +241,8 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.10.0 h1:/US7sIjWN6Imp4o/Rj1Ce2Nr5bki/AXi9vAW3p2tOJQ=
-github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
+github.com/hashicorp/vault/api v1.11.0 h1:AChWByeHf4/P9sX3Y1B7vFsQhZO2BgQiCMQ2SA1P1UY=
+github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -441,14 +441,14 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
+go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
+go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
+go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
+go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
+go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
+go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
 golang.org/x/crypto v0.0.0-20180214000028-650f4a345ab4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -559,8 +559,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.157.0 h1:ORAeqmbrrozeyw5NjnMxh7peHO0UzV4wWYSwZeCUb20=
-google.golang.org/api v0.157.0/go.mod h1:+z4v4ufbZ1WEpld6yMGHyggs+PmAHiaLNj5ytP3N01g=
+google.golang.org/api v0.161.0 h1:oYzk/bs26WN10AV7iU7MVJVXBH8oCPS2hHyBiEeFoSU=
+google.golang.org/api v0.161.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=

From 2cb4dcfc5a44966aa993cbc3bb510dc6b7b6572f Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 5 Feb 2024 13:48:26 +0100
Subject: [PATCH 147/438] CICD: Bumps actions/upload-artifact from 3.1.3 to
 4.3.0 (#2831)

---
 .github/workflows/pr_test.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index a187cb8840..317334697b 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,9 +40,10 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v3.1.3
+    - uses: actions/upload-artifact@v4.3.0
       with:
-        path: "/tmp/test-results"
+        name: unit-tests
+        path: $TEST_RESULTS
 
 # Stringer is needed because .goreleaser includes "go generate ./..."
     - name: Install stringer
@@ -200,6 +201,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v3.1.3
+    - uses: actions/upload-artifact@v4.3.0
       with:
-        path: "/tmp/test-results"
+        name: integration-tests-${{ matrix.provider }}
+        path: $TEST_RESULTS

From fab3172fee1880b7df316706fb76eacd669a60e8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 8 Feb 2024 16:39:30 -0500
Subject: [PATCH 148/438] CHORE: Refactor integration tests to support multiple
 tests

---
 integrationTest/integration_test.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 8af42e0b99..ae060425b0 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -276,8 +276,12 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 }
 
 func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string, knownFailures map[int]bool, origConfig map[string]string) {
-	dc := getDomainConfigWithNameservers(t, prv, domainName)
 	testGroups := makeTests(t)
+	runTestsHelper(t, prv, domainName, testGroups, origConfig)
+}
+
+func runTestsHelper(t *testing.T, prv providers.DNSServiceProvider, domainName string, testGroups []*TestGroup, origConfig map[string]string) {
+	dc := getDomainConfigWithNameservers(t, prv, domainName)
 
 	firstGroup := *startIdx
 	if firstGroup == -1 {

From f5bb6e658b3917d5052e6c96aea11a9cdfa2d5b2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 8 Feb 2024 16:40:19 -0500
Subject: [PATCH 149/438] Revert "CHORE: Refactor integration tests to support
 multiple tests"

This reverts commit fab3172fee1880b7df316706fb76eacd669a60e8.
---
 integrationTest/integration_test.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index ae060425b0..8af42e0b99 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -276,12 +276,8 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 }
 
 func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string, knownFailures map[int]bool, origConfig map[string]string) {
-	testGroups := makeTests(t)
-	runTestsHelper(t, prv, domainName, testGroups, origConfig)
-}
-
-func runTestsHelper(t *testing.T, prv providers.DNSServiceProvider, domainName string, testGroups []*TestGroup, origConfig map[string]string) {
 	dc := getDomainConfigWithNameservers(t, prv, domainName)
+	testGroups := makeTests(t)
 
 	firstGroup := *startIdx
 	if firstGroup == -1 {

From 22d96f2c269dfd36e7171f4a8396061b30bb9981 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 9 Feb 2024 15:55:13 -0500
Subject: [PATCH 150/438] deSEC: API rejects empty updates caused by IGNORE()
 of all records (#2830)

---
 integrationTest/integration_test.go | 22 +++++++++++++++++++++
 providers/desec/desecProvider.go    | 30 ++++++++++++++++-------------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 8af42e0b99..2e42524ed6 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -2113,6 +2113,28 @@ func makeTests(t *testing.T) []*TestGroup {
 			).ExpectNoChanges(),
 		),
 
+		// https://github.com/StackExchange/dnscontrol/issues/2822
+		// Don't send empty updates.
+		// A carefully constructed IGNORE() can ignore all the
+		// changes. This resulted in the deSEC provider generating an
+		// empty upsert, which the API rejected.
+		testgroup("IGNORE everything b2822",
+			tc("Create some records",
+				a("dyndns-city1", "91.42.1.1"),
+				a("dyndns-city2", "91.42.1.2"),
+				aaaa("dyndns-city1", "2003:dd:d7ff::fe71:ce77"),
+				aaaa("dyndns-city2", "2003:dd:d7ff::fe71:ce78"),
+			),
+			tc("ignore them all",
+				a("dyndns-city1", "91.42.1.1"),
+				a("dyndns-city2", "91.42.1.2"),
+				aaaa("dyndns-city1", "2003:dd:d7ff::fe71:ce77"),
+				aaaa("dyndns-city2", "2003:dd:d7ff::fe71:ce78"),
+				ignore("dyndns-city1", "A,AAAA", ""),
+				ignore("dyndns-city2", "A,AAAA", ""),
+			).ExpectNoChanges().UnsafeIgnore(),
+		),
+
 		testgroup("structured TXT",
 			only("OVH"),
 			tc("Create TXT",
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 4142e463fd..4269e3dde8 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -213,19 +213,23 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 			}
 		}
 	}
-	msg := fmt.Sprintf("Changes:\n%s", buf)
-	corrections = append(corrections,
-		&models.Correction{
-			Msg: msg,
-			F: func() error {
-				rc := rrs
-				err := c.upsertRR(rc, dc.Name)
-				if err != nil {
-					return err
-				}
-				return nil
-			},
-		})
+
+	// If there are changes, upsert them.
+	if len(rrs) > 0 {
+		msg := fmt.Sprintf("Changes:\n%s", buf)
+		corrections = append(corrections,
+			&models.Correction{
+				Msg: msg,
+				F: func() error {
+					rc := rrs
+					err := c.upsertRR(rc, dc.Name)
+					if err != nil {
+						return err
+					}
+					return nil
+				},
+			})
+	}
 
 	// NB(tlim): This sort is just to make updates look pretty. It is
 	// cosmetic.  The risk here is that there may be some updates that

From 3918c755faad5dd92e243a9793f7883c43e4d07e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 12 Feb 2024 13:42:37 -0500
Subject: [PATCH 151/438] DOCS: Document daily update limits (#2835)

---
 documentation/providers/desec.md    | 8 ++++++++
 integrationTest/integration_test.go | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/documentation/providers/desec.md b/documentation/providers/desec.md
index fcd1b5c5a5..8b21439359 100644
--- a/documentation/providers/desec.md
+++ b/documentation/providers/desec.md
@@ -36,3 +36,11 @@ D("example.com", REG_NONE, DnsProvider(DSP_DESEC),
 ## Activation
 DNSControl depends on a deSEC account auth token.
 This token can be obtained by [logging in via the deSEC API](https://desec.readthedocs.io/en/latest/auth/account.html#log-in).
+
+{% hint style="warning" %}
+deSEC enforces a daily limit of 300 RRset creation/deletion/modification per
+domain. Large changes may have to be done over the course of a few days.  The
+integration test suite can not be run in a single session. See
+[https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling](https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling)
+{% endhint %} 
+
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 2e42524ed6..2350ab5563 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1314,6 +1314,7 @@ func makeTests(t *testing.T) []*TestGroup {
 				"AZURE_DNS",     // Removed because it is too slow
 				"CLOUDFLAREAPI", // Infinite pagesize but due to slow speed, skipping.
 				"DIGITALOCEAN",  // No paging. Why bother?
+				"DESEC",         // Skip due to daily update limits.
 				//"CSCGLOBAL",     // Doesn't page. Works fine.  Due to the slow API we skip.
 				"GANDI_V5",   // Their API is so damn slow. We'll add it back as needed.
 				"HEDNS",      // Doesn't page. Works fine.  Due to the slow API we skip.
@@ -1334,6 +1335,7 @@ func makeTests(t *testing.T) []*TestGroup {
 				//"AZURE_DNS",     // Removed because it is too slow
 				//"CLOUDFLAREAPI", // Infinite pagesize but due to slow speed, skipping.
 				//"CSCGLOBAL",     // Doesn't page. Works fine.  Due to the slow API we skip.
+				//"DESEC",         // Skip due to daily update limits.
 				//"GANDI_V5",      // Their API is so damn slow. We'll add it back as needed.
 				//"MSDNS",         // No paging done. No need to test.
 				"GCLOUD",
@@ -1350,6 +1352,7 @@ func makeTests(t *testing.T) []*TestGroup {
 				//"AZURE_DNS",     // Currently failing. See https://github.com/StackExchange/dnscontrol/issues/770
 				//"CLOUDFLAREAPI", // Fails with >1000 corrections. See https://github.com/StackExchange/dnscontrol/issues/1440
 				//"CSCGLOBAL",     // Doesn't page. Works fine.  Due to the slow API we skip.
+				//"DESEC",         // Skip due to daily update limits.
 				//"GANDI_V5",      // Their API is so damn slow. We'll add it back as needed.
 				//"HEDNS",         // No paging done. No need to test.
 				//"MSDNS",         // No paging done. No need to test.

From 17115b6b59d84dd3f8aa2cf46e1f53033a7421e8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 12 Feb 2024 13:43:14 -0500
Subject: [PATCH 152/438] Build(deps): Bump actions/upload-artifact from 4.3.0
 to 4.3.1 (#2836)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 317334697b..a2d2f3bd94 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.0
+    - uses: actions/upload-artifact@v4.3.1
       with:
         name: unit-tests
         path: $TEST_RESULTS
@@ -201,7 +201,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.0
+    - uses: actions/upload-artifact@v4.3.1
       with:
         name: integration-tests-${{ matrix.provider }}
         path: $TEST_RESULTS

From 998c32ec5c9604101c635e7a63269da4e724c4ec Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 15 Feb 2024 14:53:46 +0100
Subject: [PATCH 153/438] DOCS: Broken documentation URL's (#2839)

---
 commands/types/dnscontrol.d.ts                | 76 +++++++++----------
 documentation/adding-new-rtypes.md            | 10 +--
 documentation/code-tricks.md                  | 10 +--
 documentation/functions/domain/LOC.md         | 10 +--
 .../functions/domain/LOC_BUILDER_DD.md        | 14 ++--
 .../functions/domain/LOC_BUILDER_DMM_STR.md   | 14 ++--
 .../functions/domain/LOC_BUILDER_DMS_STR.md   | 14 ++--
 .../functions/domain/LOC_BUILDER_STR.md       | 18 ++---
 .../functions/domain/M365_BUILDER.md          |  2 +-
 documentation/functions/domain/NO_PURGE.md    |  6 +-
 documentation/index.md                        |  2 +-
 documentation/providers.md                    |  2 +-
 documentation/styleguide-doc.md               |  2 +-
 13 files changed, 90 insertions(+), 90 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 5df946bfb5..2da2d9594e 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1423,10 +1423,10 @@ declare function IP(ip: string): number;
  * One must supply the `LOC()` js helper all parameters. If that seems like too
  * much work, see also helper functions:
  *
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * ## Format ##
  *
@@ -1466,9 +1466,9 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  *   - alt (float32, optional)
  *   - ttl (optional)
  *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
+ * A helper to build [`LOC`](LOC.md) records. Supply four parameters instead of 12.
  *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ * Internally assumes some defaults for [`LOC`](LOC.md) records.
  *
  * The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
  *
@@ -1506,11 +1506,11 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  * ```
  *
  * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dd
  */
@@ -1524,9 +1524,9 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  *   - alt (float32, optional)
  *   - ttl (optional)
  *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ * A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
  *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ * Internally assumes some defaults for [`LOC`](LOC.md) records.
  *
  * Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
  *
@@ -1548,11 +1548,11 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  * ```
  *
  * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dmm_str
  */
@@ -1566,9 +1566,9 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  *   - alt (float32, optional)
  *   - ttl (optional)
  *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ * A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
  *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ * Internally assumes some defaults for [`LOC`](LOC.md) records.
  *
  * Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
  *
@@ -1591,11 +1591,11 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  * ```
  *
  * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dms_str
  */
@@ -1609,13 +1609,13 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  *   - alt (float32, optional)
  *   - ttl (optional)
  *
- * A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+ * A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
  *
- * Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+ * Internally assumes some defaults for [`LOC`](LOC.md) records.
  *
  * Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
@@ -1639,11 +1639,11 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  * ```
  *
  * Part of the series:
- *  * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- *  * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- *  * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- *  * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_str
  */
@@ -1653,7 +1653,7 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  * DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
  *
  * It defaults to a setup without support for legacy Skype for Business applications.
- * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
+ * It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](SPF_BUILDER.md) and [`DMARC_BUILDER`](DMARC_BUILDER.md).
  *
  * ## Example
  *
@@ -2031,7 +2031,7 @@ declare function NAPTR(subdomain: string, order: number, preference: number, ter
  * By setting `NO_PURGE` on a domain, this tells DNSControl not to delete the
  * records found in the domain.
  *
- * It is similar to [`IGNORE`](domain/IGNORE.md) but more general.
+ * It is similar to [`IGNORE`](IGNORE.md) but more general.
  *
  * The original reason for `NO_PURGE` was that a legacy system was adopting
  * DNSControl. Previously the domain was managed via Microsoft DNS Server's GUI.
@@ -2067,8 +2067,8 @@ declare function NAPTR(subdomain: string, order: number, preference: number, ter
  *
  * ## See also
  *
- * * [`PURGE`](domain/PURGE.md) is the default, thus this command is a no-op
- * * [`IGNORE`](domain/IGNORE.md) is similar to `NO_PURGE` but is more selective
+ * * [`PURGE`](PURGE.md) is the default, thus this command is a no-op
+ * * [`IGNORE`](IGNORE.md) is similar to `NO_PURGE` but is more selective
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/no_purge
  */
diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index 02f486c092..c55730bb3d 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -16,7 +16,7 @@ Our general philosophy is:
 -   Anywhere we have a special case for a particular Rtype, we use a `switch` statement and have a `case` for every single record type, usually with a `default:` case that calls `panic()`. This way developers adding a new record type will quickly find where they need to add code (the panic will tell them where). Before we did this, missing implementation code would go unnoticed for months.
 -   Keep things alphabetical. If you are adding your record type to a case statement, function library, or whatever, please list it alphabetically along with the others when possible.
 
-Step 2 requires `stringer`. 
+Step 2 requires `stringer`.
 ```shell
 go install golang.org/x/tools/cmd/stringer@latest
 ```
@@ -73,7 +73,7 @@ popd
 ```
 
 -   Add this feature to the feature matrix in `dnscontrol/build/generate/featureMatrix.go`. Add it to the variable `matrix` maintaining alphabetical ordering, which should look like this:
-    
+
     {% code title="dnscontrol/build/generate/featureMatrix.go" %}
     ```diff
     func matrixData() *FeatureMatrix {
@@ -98,7 +98,7 @@ popd
     {% endcode %}
 
     then add it later in the file with a `setCapability()` statement, which should look like this:
-    
+
     {% code title="dnscontrol/build/generate/featureMatrix.go" %}
     ```diff
     ...
@@ -322,9 +322,9 @@ Add the new file `FOO.md` to the documentation table of contents [`documentation
 ...
 * Record Modifiers
 ...
-    * [DMARC_BUILDER](functions/record/DMARC_BUILDER.md)
+    * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
 +   * [FOO_HELPER](functions/record/FOO_HELPER.md)
-    * [SPF_BUILDER](functions/record/SPF_BUILDER.md)
+    * [SPF_BUILDER](functions/domain/SPF_BUILDER.md)
 ...
 ```
 {% endcode %}
diff --git a/documentation/code-tricks.md b/documentation/code-tricks.md
index ac383943fe..aad1a72291 100644
--- a/documentation/code-tricks.md
+++ b/documentation/code-tricks.md
@@ -4,10 +4,10 @@ Problem: It is difficult to get CAA and other records exactly right.
 
 Solution: Use a "builder" to construct it for you.
 
-* [CAA Builder](functions/record/CAA_BUILDER.md)
-* [DMARC Builder](functions/record/DMARC_BUILDER.md)
-* [M365_BUILDER](functions/record/M365_BUILDER.md)
-* [SPF Optimizer](functions/record/SPF_BUILDER.md)
+* [CAA Builder](functions/domain/CAA_BUILDER.md)
+* [DMARC Builder](functions/domain/DMARC_BUILDER.md)
+* [M365_BUILDER](functions/domain/M365_BUILDER.md)
+* [SPF Optimizer](functions/domain/SPF_BUILDER.md)
 
 # Repeat records in many domains (macros)
 
@@ -157,5 +157,5 @@ domain exists, who requested it, any associated ticket numbers, and so
 on.
 
 We also comment the individual parts of a record. Look at the [SPF
-Optimizer](functions/record/SPF_BUILDER.md) example.  Each part of
+Optimizer](functions/domain/SPF_BUILDER.md) example.  Each part of
 the SPF record has a comment.
diff --git a/documentation/functions/domain/LOC.md b/documentation/functions/domain/LOC.md
index 829eb127f2..efaa4130aa 100644
--- a/documentation/functions/domain/LOC.md
+++ b/documentation/functions/domain/LOC.md
@@ -86,14 +86,14 @@ the LOC record type will supply defaults where values were absent on DNS import.
 One must supply the `LOC()` js helper all parameters. If that seems like too
 much work, see also helper functions:
 
- * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
 
 ## Format ##
 
-The coordinate format for `LOC()` is: 
+The coordinate format for `LOC()` is:
 
 `degrees,minutes,seconds,[NnSs],deg,min,sec,[EeWw],altitude,size,horizontal_precision,vertical_precision`
 
diff --git a/documentation/functions/domain/LOC_BUILDER_DD.md b/documentation/functions/domain/LOC_BUILDER_DD.md
index 619ba675e9..2756a4f70c 100644
--- a/documentation/functions/domain/LOC_BUILDER_DD.md
+++ b/documentation/functions/domain/LOC_BUILDER_DD.md
@@ -23,9 +23,9 @@ parameter_types:
   - alt (float32, optional)
   - ttl (optional)
 
-A helper to build [`LOC`](../domain/LOC.md) records. Supply four parameters instead of 12.
+A helper to build [`LOC`](LOC.md) records. Supply four parameters instead of 12.
 
-Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+Internally assumes some defaults for [`LOC`](LOC.md) records.
 
 
 The cartesian coordinates are decimal degrees, like you typically find in e.g. Google Maps.
@@ -68,8 +68,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 
 
 Part of the series:
- * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/functions/domain/LOC_BUILDER_DMM_STR.md b/documentation/functions/domain/LOC_BUILDER_DMM_STR.md
index 99e71bcd68..adf5037351 100644
--- a/documentation/functions/domain/LOC_BUILDER_DMM_STR.md
+++ b/documentation/functions/domain/LOC_BUILDER_DMM_STR.md
@@ -20,9 +20,9 @@ parameter_types:
   - alt (float32, optional)
   - ttl (optional)
 
-A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
 
-Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+Internally assumes some defaults for [`LOC`](LOC.md) records.
 
 
 Accepts a string with decimal minutes (DMM) coordinates in the form: 25.24°S 153.15°E
@@ -48,8 +48,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 
 
 Part of the series:
- * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/functions/domain/LOC_BUILDER_DMS_STR.md b/documentation/functions/domain/LOC_BUILDER_DMS_STR.md
index 8a772bc5f3..894ddd71fc 100644
--- a/documentation/functions/domain/LOC_BUILDER_DMS_STR.md
+++ b/documentation/functions/domain/LOC_BUILDER_DMS_STR.md
@@ -20,9 +20,9 @@ parameter_types:
   - alt (float32, optional)
   - ttl (optional)
 
-A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
 
-Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+Internally assumes some defaults for [`LOC`](LOC.md) records.
 
 
 Accepts a string with degrees, minutes, and seconds (DMS) coordinates in the form: 41°24'12.2"N 2°10'26.5"E
@@ -49,8 +49,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 
 
 Part of the series:
- * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/functions/domain/LOC_BUILDER_STR.md b/documentation/functions/domain/LOC_BUILDER_STR.md
index 368f2bc906..74cab9f7b4 100644
--- a/documentation/functions/domain/LOC_BUILDER_STR.md
+++ b/documentation/functions/domain/LOC_BUILDER_STR.md
@@ -20,14 +20,14 @@ parameter_types:
   - alt (float32, optional)
   - ttl (optional)
 
-A helper to build [`LOC`](../domain/LOC.md) records. Supply three parameters instead of 12.
+A helper to build [`LOC`](LOC.md) records. Supply three parameters instead of 12.
 
-Internally assumes some defaults for [`LOC`](../domain/LOC.md) records.
+Internally assumes some defaults for [`LOC`](LOC.md) records.
 
 
 Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
 
 
 {% code title="dnsconfig.js" %}
@@ -55,8 +55,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 
 
 Part of the series:
- * [`LOC()`](../domain/LOC.md) - build a `LOC` by supplying all 12 parameters
- * [`LOC_BUILDER_DD({})`](../record/LOC_BUILDER_DD.md) - accepts cartesian x, y
- * [`LOC_BUILDER_DMS_STR({})`](../record/LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
- * [`LOC_BUILDER_DMM_STR({})`](../record/LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](../record/LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
+ * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
+ * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
+ * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/functions/domain/M365_BUILDER.md b/documentation/functions/domain/M365_BUILDER.md
index dd58e48ab0..6661a71ea7 100644
--- a/documentation/functions/domain/M365_BUILDER.md
+++ b/documentation/functions/domain/M365_BUILDER.md
@@ -24,7 +24,7 @@ parameter_types:
 DNSControl offers a `M365_BUILDER` which can be used to simply set up Microsoft 365 for a domain in an opinionated way.
 
 It defaults to a setup without support for legacy Skype for Business applications.
-It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](/language-reference/record-modifiers/dmarc_builder) and [`DMARC_BUILDER`](/language-reference/record-modifiers/spf_builder).
+It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](SPF_BUILDER.md) and [`DMARC_BUILDER`](DMARC_BUILDER.md).
 
 ## Example
 
diff --git a/documentation/functions/domain/NO_PURGE.md b/documentation/functions/domain/NO_PURGE.md
index b4b2a1795f..9d511b5a78 100644
--- a/documentation/functions/domain/NO_PURGE.md
+++ b/documentation/functions/domain/NO_PURGE.md
@@ -12,7 +12,7 @@ other system.
 By setting `NO_PURGE` on a domain, this tells DNSControl not to delete the
 records found in the domain.
 
-It is similar to [`IGNORE`](domain/IGNORE.md) but more general.
+It is similar to [`IGNORE`](IGNORE.md) but more general.
 
 The original reason for `NO_PURGE` was that a legacy system was adopting
 DNSControl. Previously the domain was managed via Microsoft DNS Server's GUI.
@@ -50,5 +50,5 @@ With introduction of `diff2` algorithm (enabled by default in v4.0.0),
 
 ## See also
 
-* [`PURGE`](domain/PURGE.md) is the default, thus this command is a no-op
-* [`IGNORE`](domain/IGNORE.md) is similar to `NO_PURGE` but is more selective
+* [`PURGE`](PURGE.md) is the default, thus this command is a no-op
+* [`IGNORE`](IGNORE.md) is similar to `NO_PURGE` but is more selective
diff --git a/documentation/index.md b/documentation/index.md
index 58b4a8ad79..4f785a531e 100644
--- a/documentation/index.md
+++ b/documentation/index.md
@@ -18,7 +18,7 @@ Take advantage of the advanced features. Use macros and variables for easier upd
 * Supports 35+ [DNS Providers](providers.md) including [BIND](providers/bind.md), [AWS Route 53](providers/route53.md), [Google DNS](providers/gcloud.md), and [name.com](providers/namedotcom.md).
 * [Apply CI/CD principles](ci-cd-gitlab.md) to DNS: Unit-tests, system-tests, automated deployment.
 * All the benefits of Git (or any VCS) for your DNS zone data. View history. Accept PRs.
-* Optimize DNS with [SPF optimizer](functions/record/SPF_BUILDER.md). Detect too many lookups. Flatten includes.
+* Optimize DNS with [SPF optimizer](functions/domain/SPF_BUILDER.md). Detect too many lookups. Flatten includes.
 * Runs on Linux, Windows, Mac, or any operating system supported by Go.
 * Enable/disable Cloudflare proxying (the "orange cloud" button) directly from your DNSControl files.
 * [Assign an IP address to a constant](examples.md#variables-for-common-ip-addresses) and use the variable name throughout the configuration. Need to change the IP address globally? Just change the variable and "recompile".
diff --git a/documentation/providers.md b/documentation/providers.md
index b199925c35..c925152b4f 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -187,5 +187,5 @@ DNSControl tries to make writing a provider as easy as possible.  DNSControl
 does most of the work for you, you only have to write code to authenticate,
 download DNS records, and perform create/modify/delete operations on those
 records. Please read the directions for [Writing new DNS
-providers](/developer-info/writing-providers).  The DNS maintainers will gladly
+providers](writing-providers.md).  The DNS maintainers will gladly
 coach you through the process.
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index 523b39c675..aff60131f0 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -207,7 +207,7 @@ The function `GetRegistrarCorrections()` returns...
 #### Internal links
 
 ```markdown
-Blah blah blah [M365_BUILDER](functions/record/M365_BUILDER.md)
+Blah blah blah [M365_BUILDER](functions/domain/M365_BUILDER.md)
 ```
 
 {% hint style="info" %}

From dbbc9e52a9b1cf35e390882a3f5dd37e755f3f64 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 15 Feb 2024 16:52:09 +0100
Subject: [PATCH 154/438] CICD: Provide the correct GitHub action contexts
 (#2842)

---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index a2d2f3bd94..22422ff0d2 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -43,7 +43,7 @@ jobs:
     - uses: actions/upload-artifact@v4.3.1
       with:
         name: unit-tests
-        path: $TEST_RESULTS
+        path: ${{ env.TEST_RESULTS }}
 
 # Stringer is needed because .goreleaser includes "go generate ./..."
     - name: Install stringer
@@ -204,4 +204,4 @@ jobs:
     - uses: actions/upload-artifact@v4.3.1
       with:
         name: integration-tests-${{ matrix.provider }}
-        path: $TEST_RESULTS
+        path: ${{ env.TEST_RESULTS }}

From bb3d191efb616b799037828c86c7a2da23772c6f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 15 Feb 2024 13:46:32 -0500
Subject: [PATCH 155/438] CHORE: Vendor go-powershell (#2837)

---
 go.mod                                      |   3 +-
 go.sum                                      |   2 -
 pkg/powershell/LICENSE                      |  21 ++++
 pkg/powershell/README.md                    | 110 ++++++++++++++++++
 pkg/powershell/backend/local.go             |  38 +++++++
 pkg/powershell/backend/ssh.go               |  69 +++++++++++
 pkg/powershell/backend/types.go             |  13 +++
 pkg/powershell/middleware/session.go        |  47 ++++++++
 pkg/powershell/middleware/session_config.go |  95 ++++++++++++++++
 pkg/powershell/middleware/types.go          |   8 ++
 pkg/powershell/middleware/utf8.go           |  49 ++++++++
 pkg/powershell/shell.go                     | 120 ++++++++++++++++++++
 pkg/powershell/utils/quote.go               |   9 ++
 pkg/powershell/utils/quote_test.go          |  28 +++++
 pkg/powershell/utils/rand.go                |  20 ++++
 pkg/powershell/utils/rand_test.go           |  16 +++
 providers/msdns/powershell.go               |   6 +-
 17 files changed, 647 insertions(+), 7 deletions(-)
 create mode 100644 pkg/powershell/LICENSE
 create mode 100644 pkg/powershell/README.md
 create mode 100644 pkg/powershell/backend/local.go
 create mode 100644 pkg/powershell/backend/ssh.go
 create mode 100644 pkg/powershell/backend/types.go
 create mode 100644 pkg/powershell/middleware/session.go
 create mode 100644 pkg/powershell/middleware/session_config.go
 create mode 100644 pkg/powershell/middleware/types.go
 create mode 100644 pkg/powershell/middleware/utf8.go
 create mode 100644 pkg/powershell/shell.go
 create mode 100644 pkg/powershell/utils/quote.go
 create mode 100644 pkg/powershell/utils/quote_test.go
 create mode 100644 pkg/powershell/utils/rand.go
 create mode 100644 pkg/powershell/utils/rand_test.go

diff --git a/go.mod b/go.mod
index d9191ce3f7..9f41274b83 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
-	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
 	github.com/cloudflare/cloudflare-go v0.87.0
@@ -66,6 +65,7 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	github.com/juju/errors v0.0.0-20200330140219-3fe23663418f
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
@@ -124,7 +124,6 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/juju/errors v0.0.0-20200330140219-3fe23663418f // indirect
 	github.com/juju/testing v0.0.0-20210324180055-18c50b0c2098 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
diff --git a/go.sum b/go.sum
index b3f00e0601..712f8c01ba 100644
--- a/go.sum
+++ b/go.sum
@@ -72,8 +72,6 @@ github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e h1:KCjb01YiNoRaJ5c+SbnPLWjVzU9vqRYHg3e5JcN50nM=
-github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e/go.mod h1:f7vw6ObmmNcyFQLhZX9eUGBJGpnwTJFDvVjqZxIxHWY=
 github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9 h1:2vQTbEJvFsyd1VefzZ34GUkUD6TkJleYYJh9/25WBE4=
 github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9/go.mod h1:bqqNsI2akL+lLWyApkYY0cxquWPKwEBU0Wd3chi3TEg=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
diff --git a/pkg/powershell/LICENSE b/pkg/powershell/LICENSE
new file mode 100644
index 0000000000..0e06ff19df
--- /dev/null
+++ b/pkg/powershell/LICENSE
@@ -0,0 +1,21 @@
+Copyright (c) 2017, Gorillalabs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+http://www.opensource.org/licenses/MIT
diff --git a/pkg/powershell/README.md b/pkg/powershell/README.md
new file mode 100644
index 0000000000..10c3723fbc
--- /dev/null
+++ b/pkg/powershell/README.md
@@ -0,0 +1,110 @@
+# go-powershell
+
+This package is inspired by [jPowerShell](https://github.com/profesorfalken/jPowerShell)
+and allows one to run and remote-control a PowerShell session. Use this if you
+don't have a static script that you want to execute, bur rather run dynamic
+commands.
+
+## Installation
+
+    go get github.com/bhendo/go-powershell
+
+## Usage
+
+To start a PowerShell shell, you need a backend. Backends take care of starting
+and controlling the actual powershell.exe process. In most cases, you will want
+to use the Local backend, which just uses ``os/exec`` to start the process.
+
+```go
+package main
+
+import (
+	"fmt"
+
+	ps "github.com/bhendo/go-powershell"
+	"github.com/bhendo/go-powershell/backend"
+)
+
+func main() {
+	// choose a backend
+	back := &backend.Local{}
+
+	// start a local powershell process
+	shell, err := ps.New(back)
+	if err != nil {
+		panic(err)
+	}
+	defer shell.Exit()
+
+	// ... and interact with it
+	stdout, stderr, err := shell.Execute("Get-WmiObject -Class Win32_Processor")
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(stdout)
+}
+```
+
+## Remote Sessions
+
+You can use an existing PS shell to use PSSession cmdlets to connect to remote
+computers. Instead of manually handling that, you can use the Session middleware,
+which takes care of authentication. Note that you can still use the "raw" shell
+to execute commands on the computer where the powershell host process is running.
+
+```go
+package main
+
+import (
+	"fmt"
+
+	ps "github.com/bhendo/go-powershell"
+	"github.com/bhendo/go-powershell/backend"
+	"github.com/bhendo/go-powershell/middleware"
+)
+
+func main() {
+	// choose a backend
+	back := &backend.Local{}
+
+	// start a local powershell process
+	shell, err := ps.New(back)
+	if err != nil {
+		panic(err)
+	}
+
+	// prepare remote session configuration
+	config := middleware.NewSessionConfig()
+	config.ComputerName = "remote-pc-1"
+
+	// create a new shell by wrapping the existing one in the session middleware
+	session, err := middleware.NewSession(shell, config)
+	if err != nil {
+		panic(err)
+	}
+	defer session.Exit() // will also close the underlying ps shell!
+
+	// everything run via the session is run on the remote machine
+	stdout, stderr, err = session.Execute("Get-WmiObject -Class Win32_Processor")
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(stdout)
+}
+```
+
+Note that a single shell instance is not safe for concurrent use, as are remote
+sessions. You can have as many remote sessions using the same shell as you like,
+but you must execute commands serially. If you need concurrency, you can just
+spawn multiple PowerShell processes (i.e. call ``.New()`` multiple times).
+
+Also, note that all commands that you execute are wrapped in special echo
+statements to delimit the stdout/stderr streams. After ``.Execute()``ing a command,
+you can therefore not access ``$LastExitCode`` anymore and expect meaningful
+results.
+
+## License
+
+MIT, see LICENSE file.
diff --git a/pkg/powershell/backend/local.go b/pkg/powershell/backend/local.go
new file mode 100644
index 0000000000..429b1fe245
--- /dev/null
+++ b/pkg/powershell/backend/local.go
@@ -0,0 +1,38 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package backend
+
+import (
+	"io"
+	"os/exec"
+
+	"github.com/juju/errors"
+)
+
+type Local struct{}
+
+func (b *Local) StartProcess(cmd string, args ...string) (Waiter, io.Writer, io.Reader, io.Reader, error) {
+	command := exec.Command(cmd, args...)
+
+	stdin, err := command.StdinPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the PowerShell's stdin stream")
+	}
+
+	stdout, err := command.StdoutPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the PowerShell's stdout stream")
+	}
+
+	stderr, err := command.StderrPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the PowerShell's stderr stream")
+	}
+
+	err = command.Start()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not spawn PowerShell process")
+	}
+
+	return command, stdin, stdout, stderr, nil
+}
diff --git a/pkg/powershell/backend/ssh.go b/pkg/powershell/backend/ssh.go
new file mode 100644
index 0000000000..68c918280d
--- /dev/null
+++ b/pkg/powershell/backend/ssh.go
@@ -0,0 +1,69 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package backend
+
+import (
+	"fmt"
+	"io"
+	"regexp"
+	"strings"
+
+	"github.com/juju/errors"
+)
+
+// sshSession exists so we don't create a hard dependency on crypto/ssh.
+type sshSession interface {
+	Waiter
+
+	StdinPipe() (io.WriteCloser, error)
+	StdoutPipe() (io.Reader, error)
+	StderrPipe() (io.Reader, error)
+	Start(string) error
+}
+
+type SSH struct {
+	Session sshSession
+}
+
+func (b *SSH) StartProcess(cmd string, args ...string) (Waiter, io.Writer, io.Reader, io.Reader, error) {
+	stdin, err := b.Session.StdinPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdin stream")
+	}
+
+	stdout, err := b.Session.StdoutPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdout stream")
+	}
+
+	stderr, err := b.Session.StderrPipe()
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stderr stream")
+	}
+
+	err = b.Session.Start(b.createCmd(cmd, args))
+	if err != nil {
+		return nil, nil, nil, nil, errors.Annotate(err, "Could not spawn process via SSH")
+	}
+
+	return b.Session, stdin, stdout, stderr, nil
+}
+
+func (b *SSH) createCmd(cmd string, args []string) string {
+	parts := []string{cmd}
+	simple := regexp.MustCompile(`^[a-z0-9_/.~+-]+$`)
+
+	for _, arg := range args {
+		if !simple.MatchString(arg) {
+			arg = b.quote(arg)
+		}
+
+		parts = append(parts, arg)
+	}
+
+	return strings.Join(parts, " ")
+}
+
+func (b *SSH) quote(s string) string {
+	return fmt.Sprintf(`"%s"`, s)
+}
diff --git a/pkg/powershell/backend/types.go b/pkg/powershell/backend/types.go
new file mode 100644
index 0000000000..505471c128
--- /dev/null
+++ b/pkg/powershell/backend/types.go
@@ -0,0 +1,13 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package backend
+
+import "io"
+
+type Waiter interface {
+	Wait() error
+}
+
+type Starter interface {
+	StartProcess(cmd string, args ...string) (Waiter, io.Writer, io.Reader, io.Reader, error)
+}
diff --git a/pkg/powershell/middleware/session.go b/pkg/powershell/middleware/session.go
new file mode 100644
index 0000000000..d96a2e0cb6
--- /dev/null
+++ b/pkg/powershell/middleware/session.go
@@ -0,0 +1,47 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package middleware
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/utils"
+	"github.com/juju/errors"
+)
+
+type session struct {
+	upstream Middleware
+	name     string
+}
+
+func NewSession(upstream Middleware, config *SessionConfig) (Middleware, error) {
+	asserted, ok := config.Credential.(credential)
+	if ok {
+		credentialParamValue, err := asserted.prepare(upstream)
+		if err != nil {
+			return nil, errors.Annotate(err, "Could not setup credentials")
+		}
+
+		config.Credential = credentialParamValue
+	}
+
+	name := "goSess" + utils.CreateRandomString(8)
+	args := strings.Join(config.ToArgs(), " ")
+
+	_, _, err := upstream.Execute(fmt.Sprintf("$%s = New-PSSession %s", name, args))
+	if err != nil {
+		return nil, errors.Annotate(err, "Could not create new PSSession")
+	}
+
+	return &session{upstream, name}, nil
+}
+
+func (s *session) Execute(cmd string) (string, string, error) {
+	return s.upstream.Execute(fmt.Sprintf("Invoke-Command -Session $%s -Script {%s}", s.name, cmd))
+}
+
+func (s *session) Exit() {
+	s.upstream.Execute(fmt.Sprintf("Disconnect-PSSession -Session $%s", s.name))
+	s.upstream.Exit()
+}
diff --git a/pkg/powershell/middleware/session_config.go b/pkg/powershell/middleware/session_config.go
new file mode 100644
index 0000000000..f9f47421b0
--- /dev/null
+++ b/pkg/powershell/middleware/session_config.go
@@ -0,0 +1,95 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package middleware
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/utils"
+	"github.com/juju/errors"
+)
+
+const (
+	HTTPPort  = 5985
+	HTTPSPort = 5986
+)
+
+type SessionConfig struct {
+	ComputerName          string
+	AllowRedirection      bool
+	Authentication        string
+	CertificateThumbprint string
+	Credential            interface{}
+	Port                  int
+	UseSSL                bool
+}
+
+func NewSessionConfig() *SessionConfig {
+	return &SessionConfig{}
+}
+
+func (c *SessionConfig) ToArgs() []string {
+	args := make([]string, 0)
+
+	if c.ComputerName != "" {
+		args = append(args, "-ComputerName")
+		args = append(args, utils.QuoteArg(c.ComputerName))
+	}
+
+	if c.AllowRedirection {
+		args = append(args, "-AllowRedirection")
+	}
+
+	if c.Authentication != "" {
+		args = append(args, "-Authentication")
+		args = append(args, utils.QuoteArg(c.Authentication))
+	}
+
+	if c.CertificateThumbprint != "" {
+		args = append(args, "-CertificateThumbprint")
+		args = append(args, utils.QuoteArg(c.CertificateThumbprint))
+	}
+
+	if c.Port > 0 {
+		args = append(args, "-Port")
+		args = append(args, strconv.Itoa(c.Port))
+	}
+
+	if asserted, ok := c.Credential.(string); ok {
+		args = append(args, "-Credential")
+		args = append(args, asserted) // do not quote, as it contains a variable name when using password auth
+	}
+
+	if c.UseSSL {
+		args = append(args, "-UseSSL")
+	}
+
+	return args
+}
+
+type credential interface {
+	prepare(Middleware) (interface{}, error)
+}
+
+type UserPasswordCredential struct {
+	Username string
+	Password string
+}
+
+func (c *UserPasswordCredential) prepare(s Middleware) (interface{}, error) {
+	name := "goCred" + utils.CreateRandomString(8)
+	pwname := "goPass" + utils.CreateRandomString(8)
+
+	_, _, err := s.Execute(fmt.Sprintf("$%s = ConvertTo-SecureString -String %s -AsPlainText -Force", pwname, utils.QuoteArg(c.Password)))
+	if err != nil {
+		return nil, errors.Annotate(err, "Could not convert password to secure string")
+	}
+
+	_, _, err = s.Execute(fmt.Sprintf("$%s = New-Object -TypeName 'System.Management.Automation.PSCredential' -ArgumentList %s, $%s", name, utils.QuoteArg(c.Username), pwname))
+	if err != nil {
+		return nil, errors.Annotate(err, "Could not create PSCredential object")
+	}
+
+	return fmt.Sprintf("$%s", name), nil
+}
diff --git a/pkg/powershell/middleware/types.go b/pkg/powershell/middleware/types.go
new file mode 100644
index 0000000000..ce35ffa867
--- /dev/null
+++ b/pkg/powershell/middleware/types.go
@@ -0,0 +1,8 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package middleware
+
+type Middleware interface {
+	Execute(cmd string) (string, string, error)
+	Exit()
+}
diff --git a/pkg/powershell/middleware/utf8.go b/pkg/powershell/middleware/utf8.go
new file mode 100644
index 0000000000..3ef940570a
--- /dev/null
+++ b/pkg/powershell/middleware/utf8.go
@@ -0,0 +1,49 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package middleware
+
+import (
+	"encoding/base64"
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/utils"
+)
+
+// utf8 implements a primitive middleware that encodes all outputs
+// as base64 to prevent encoding issues between remote PowerShell
+// shells and the receiver. Just setting $OutputEncoding does not
+// work reliably enough, sadly.
+type utf8 struct {
+	upstream Middleware
+	wrapper  string
+}
+
+func NewUTF8(upstream Middleware) (Middleware, error) {
+	wrapper := "goUTF8" + utils.CreateRandomString(8)
+
+	_, _, err := upstream.Execute(fmt.Sprintf(`function %s { process { if ($_) { [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($_)) } else { '' } } }`, wrapper))
+
+	return &utf8{upstream, wrapper}, err
+}
+
+func (u *utf8) Execute(cmd string) (string, string, error) {
+	// Out-String to concat all lines into a single line,
+	// Write-Host to prevent line breaks at the "window width"
+	cmd = fmt.Sprintf(`%s | Out-String | %s | Write-Host`, cmd, u.wrapper)
+
+	stdout, stderr, err := u.upstream.Execute(cmd)
+	if err != nil {
+		return stdout, stderr, err
+	}
+
+	decoded, err := base64.StdEncoding.DecodeString(stdout)
+	if err != nil {
+		return stdout, stderr, err
+	}
+
+	return string(decoded), stderr, nil
+}
+
+func (u *utf8) Exit() {
+	u.upstream.Exit()
+}
diff --git a/pkg/powershell/shell.go b/pkg/powershell/shell.go
new file mode 100644
index 0000000000..2215f596c1
--- /dev/null
+++ b/pkg/powershell/shell.go
@@ -0,0 +1,120 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package powershell
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/backend"
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/utils"
+	"github.com/juju/errors"
+)
+
+const newline = "\r\n"
+
+type Shell interface {
+	Execute(cmd string) (string, string, error)
+	Exit()
+}
+
+type shell struct {
+	handle backend.Waiter
+	stdin  io.Writer
+	stdout io.Reader
+	stderr io.Reader
+}
+
+func New(backend backend.Starter) (Shell, error) {
+	handle, stdin, stdout, stderr, err := backend.StartProcess("powershell.exe", "-NoExit", "-Command", "-")
+	if err != nil {
+		return nil, err
+	}
+
+	return &shell{handle, stdin, stdout, stderr}, nil
+}
+
+func (s *shell) Execute(cmd string) (string, string, error) {
+	if s.handle == nil {
+		return "", "", errors.Annotate(errors.New(cmd), "Cannot execute commands on closed shells.")
+	}
+
+	outBoundary := createBoundary()
+	errBoundary := createBoundary()
+
+	// wrap the command in special markers so we know when to stop reading from the pipes
+	full := fmt.Sprintf("%s; echo '%s'; [Console]::Error.WriteLine('%s')%s", cmd, outBoundary, errBoundary, newline)
+
+	_, err := s.stdin.Write([]byte(full))
+	if err != nil {
+		return "", "", errors.Annotate(errors.Annotate(err, cmd), "Could not send PowerShell command")
+	}
+
+	// read stdout and stderr
+	sout := ""
+	serr := ""
+
+	waiter := &sync.WaitGroup{}
+	waiter.Add(2)
+
+	go streamReader(s.stdout, outBoundary, &sout, waiter)
+	go streamReader(s.stderr, errBoundary, &serr, waiter)
+
+	waiter.Wait()
+
+	if len(serr) > 0 {
+		return sout, serr, errors.Annotate(errors.New(cmd), serr)
+	}
+
+	return sout, serr, nil
+}
+
+func (s *shell) Exit() {
+	s.stdin.Write([]byte("exit" + newline))
+
+	// if it's possible to close stdin, do so (some backends, like the local one,
+	// do support it)
+	closer, ok := s.stdin.(io.Closer)
+	if ok {
+		closer.Close()
+	}
+
+	s.handle.Wait()
+
+	s.handle = nil
+	s.stdin = nil
+	s.stdout = nil
+	s.stderr = nil
+}
+
+func streamReader(stream io.Reader, boundary string, buffer *string, signal *sync.WaitGroup) error {
+	// read all output until we have found our boundary token
+	output := ""
+	bufsize := 64
+	marker := boundary + newline
+
+	for {
+		buf := make([]byte, bufsize)
+		read, err := stream.Read(buf)
+		if err != nil {
+			return err
+		}
+
+		output = output + string(buf[:read])
+
+		if strings.HasSuffix(output, marker) {
+			break
+		}
+	}
+
+	*buffer = strings.TrimSuffix(output, marker)
+	signal.Done()
+
+	return nil
+}
+
+func createBoundary() string {
+	return "$gorilla" + utils.CreateRandomString(12) + "$"
+}
diff --git a/pkg/powershell/utils/quote.go b/pkg/powershell/utils/quote.go
new file mode 100644
index 0000000000..84dd1d38c1
--- /dev/null
+++ b/pkg/powershell/utils/quote.go
@@ -0,0 +1,9 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package utils
+
+import "strings"
+
+func QuoteArg(s string) string {
+	return "'" + strings.Replace(s, "'", "\"", -1) + "'"
+}
diff --git a/pkg/powershell/utils/quote_test.go b/pkg/powershell/utils/quote_test.go
new file mode 100644
index 0000000000..f1c91fba2c
--- /dev/null
+++ b/pkg/powershell/utils/quote_test.go
@@ -0,0 +1,28 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package utils
+
+import "testing"
+
+func TestQuotingArguments(t *testing.T) {
+	testcases := [][]string{
+		{"", "''"},
+		{"test", "'test'"},
+		{"two words", "'two words'"},
+		{"quo\"ted", "'quo\"ted'"},
+		{"quo'ted", "'quo\"ted'"},
+		{"quo\\'ted", "'quo\\\"ted'"},
+		{"quo\"t'ed", "'quo\"t\"ed'"},
+		{"es\\caped", "'es\\caped'"},
+		{"es`caped", "'es`caped'"},
+		{"es\\`caped", "'es\\`caped'"},
+	}
+
+	for i, testcase := range testcases {
+		quoted := QuoteArg(testcase[0])
+
+		if quoted != testcase[1] {
+			t.Errorf("test %02d failed: input '%s', expected %s, actual %s", i+1, testcase[0], testcase[1], quoted)
+		}
+	}
+}
diff --git a/pkg/powershell/utils/rand.go b/pkg/powershell/utils/rand.go
new file mode 100644
index 0000000000..245243e5a3
--- /dev/null
+++ b/pkg/powershell/utils/rand.go
@@ -0,0 +1,20 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package utils
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+)
+
+func CreateRandomString(bytes int) string {
+	c := bytes
+	b := make([]byte, c)
+
+	_, err := rand.Read(b)
+	if err != nil {
+		panic(err)
+	}
+
+	return hex.EncodeToString(b)
+}
diff --git a/pkg/powershell/utils/rand_test.go b/pkg/powershell/utils/rand_test.go
new file mode 100644
index 0000000000..8000a9b84a
--- /dev/null
+++ b/pkg/powershell/utils/rand_test.go
@@ -0,0 +1,16 @@
+// Copyright (c) 2017 Gorillalabs. All rights reserved.
+
+package utils
+
+import "testing"
+
+func TestRandomStrings(t *testing.T) {
+	r1 := CreateRandomString(8)
+	r2 := CreateRandomString(8)
+
+	if r1 == r2 {
+		t.Error("Failed to create random strings: The two generated strings are identical.")
+	} else if len(r1) != 16 {
+		t.Errorf("Expected the random string to contain 16 characters, but got %d.", len(r1))
+	}
+}
diff --git a/providers/msdns/powershell.go b/providers/msdns/powershell.go
index 75fef9d45d..3666a34248 100644
--- a/providers/msdns/powershell.go
+++ b/providers/msdns/powershell.go
@@ -8,11 +8,11 @@ import (
 	"os"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	ps "github.com/StackExchange/dnscontrol/v4/pkg/powershell"
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/backend"
+	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/middleware"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/TomOnTime/utfutil"
-	ps "github.com/bhendo/go-powershell"
-	"github.com/bhendo/go-powershell/backend"
-	"github.com/bhendo/go-powershell/middleware"
 )
 
 type psHandle struct {

From 27fecedfe42d3793a3f8c2de55733f6c952e46a1 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 26 Feb 2024 18:28:22 +0100
Subject: [PATCH 156/438] GitHub: Added contact links (#2852)

---
 .github/ISSUE_TEMPLATE/bug_report.md      | 2 +-
 .github/ISSUE_TEMPLATE/config.yml         | 8 ++++++++
 .github/ISSUE_TEMPLATE/feature_request.md | 2 +-
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 .github/ISSUE_TEMPLATE/config.yml

diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 1bd257fea2..1d62754cdb 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,6 +1,6 @@
 ---
 name: Bug report
-about: Create a report to help us improve
+about: Create a report to help us improve.
 title: ''
 labels: ''
 assignees: ''
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000000..8f3a9f3b50
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: I have a question or need support
+    url: https://docs.dnscontrol.org/
+    about: We use GitHub for tracking bugs, check our website for resources on getting help.
+  - name: I'm unsure where to go
+    url: https://groups.google.com/g/dnscontrol-discuss
+    about: If you are unsure where to go, then joining our mailing list is recommended; Just ask!
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
index bbcbbe7d61..396a28d2b5 100644
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,6 +1,6 @@
 ---
 name: Feature request
-about: Suggest an idea for this project
+about: Suggest an idea for this project.
 title: ''
 labels: ''
 assignees: ''

From 558d2e8c9ce35d354799f37f752651a38528b9bc Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 26 Feb 2024 20:07:39 +0100
Subject: [PATCH 157/438] CICD: GoReleaser release footer (#2853)

---
 .goreleaser.yml | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
 README.md       |  3 +--
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index e7bcd2309d..b0d183176e 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,4 +1,5 @@
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+project_name: dnscontrol
 builds:
   -
     id: build
@@ -154,3 +155,62 @@ release:
   draft: true
   prerelease: auto
   mode: append
+  footer: |
+    ## Deprecation warnings
+
+    > [!WARNING]
+    > - **32-bit binaries will no longer be distributed after September 10, 2023.** There is a proposal to stop shipping 32-bit binaries (packages and containers).  If no objections are raised by Sept 10, 2023, new releases will not include them. See https://github.com/StackExchange/dnscontrol/issues/2461 for details.
+    > - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
+    > - **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+
+    ## Install
+
+    #### macOS and Linux
+
+    ##### Install with [Homebrew](https://brew.sh) (recommended)
+
+    ```shell
+    brew install dnscontrol
+    ```
+
+    ##### Install with [MacPorts](https://www.macports.org)
+
+    ```shell
+    sudo port install dnscontrol
+    ```
+
+    ##### Using with [Docker](https://www.docker.com)
+
+    You can use the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/) or [GitHub Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol).
+
+    ```shell
+    docker run --rm -it -v "$(pwd):/dns" ghcr.io/stackexchange/dnscontrol preview
+    ```
+
+    #### Anywhere else
+
+    Alternatively, you can install the latest binary (or the apt/rpm/deb/archlinux package) from this page.
+
+    Or, if you have Go installed, you can install the latest version of DNSControl with the following command:
+
+    ```shell
+    go install github.com/StackExchange/dnscontrol/v4@main
+    ```
+
+    ## Update
+
+    Update to the latest version depends on how you choose to install `dnscontrol` on your machine.
+
+    #### Update with [Homebrew](https://brew.sh)
+
+    ```shell
+    brew upgrade dnscontrol
+    ```
+
+    ##### Install with [MacPorts](https://www.macports.org)
+
+    ```shell
+    sudo port upgrade dnscontrol
+    ```
+
+    Alternatively, you can grab the latest binary (or the apt/rpm/deb package) from this page.
diff --git a/README.md b/README.md
index 2e6461297f..ca8c92c00d 100644
--- a/README.md
+++ b/README.md
@@ -158,12 +158,11 @@ DNSControl can be installed via packages for macOS, Linux and Windows, or from s
 
 See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/install-dnscontrol](https://github.com/gacts/install-dnscontrol).
 
-## Deprecation warnings (updated 2023-02-18)
+## Deprecation warnings (updated 2024-02-24)
 
 - **32-bit binaries will no longer be distributed after September 10, 2023.** There is a proposal to stop shipping 32-bit binaries (packages and containers).  If no objections are raised by Sept 10, 2023, new releases will not include them. See https://github.com/StackExchange/dnscontrol/issues/2461 for details.
 - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
 - **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
-- **get-zones syntax changes in v3.16** Starting in [v3.16](documentation/v316.md), the command line arguments for `dnscontrol get-zones` changes. For backwards compatibility change `provider` to `-`. See documentation for details.
 
 ## More info at our website
 

From 11d8e08ca0978782c7e5527cad00c4501fc8f3ee Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 26 Feb 2024 21:46:11 +0100
Subject: [PATCH 158/438] DOCS: Trailing commas (#2851)

---
 documentation/code-tricks.md | 64 ++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/documentation/code-tricks.md b/documentation/code-tricks.md
index aad1a72291..c77a4ab5f5 100644
--- a/documentation/code-tricks.md
+++ b/documentation/code-tricks.md
@@ -9,6 +9,70 @@ Solution: Use a "builder" to construct it for you.
 * [M365_BUILDER](functions/domain/M365_BUILDER.md)
 * [SPF Optimizer](functions/domain/SPF_BUILDER.md)
 
+# Trailing commas
+
+**Trailing commas** (sometimes called "final commas") can be useful when adding new Domain Modifiers to your DNSControl code. If you want to add a Domain Modifier, you can add a new line without modifying the previously last line if that line already uses a trailing comma. This makes version-control diffs cleaner and editing code might be less troublesome.
+
+Because the DNSControl JavaScript DSL has no trailing commas, you can use the `END` constant within `D()`.
+
+## Version-control diffs example
+
+{% hint style="info" %}
+**NOTE**: `END` is just an alias for `{}`, which is ignored by DNSControl.
+{% endhint %}
+
+Let's take an example with domain: `example.com`. We have recorded the [A-record](functions/domain/A.md) 'foo' configured.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  A("foo", "1.2.3.4")
+);
+```
+{% endcode %}
+
+Let's say we want to add an [A record](functions/domain/A.md) 'bar' to this domain.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  A("foo", "1.2.3.4"),
+  A("bar", "4.3.2.1")
+);
+```
+{% endcode %}
+
+This will generate the version-control diff below:
+
+{% code title="dnsconfig.js" %}
+```diff
+-  A("foo", "1.2.3.4"),
++  A("foo", "1.2.3.4"),
++  A("bar", "4.3.2.1")
+);
+```
+{% endcode %}
+
+Let's apply the same A-record 'foo' to the domain using the `END` constant.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  A("foo", "1.2.3.4"),
+END);
+```
+{% endcode %}
+
+This will generate the cleaner version-control diff below:
+
+{% code title="dnsconfig.js" %}
+```diff
+   A("foo", "1.2.3.4"),
++  A("bar", "4.3.2.1"),
+END);
+```
+{% endcode %}
+
 # Repeat records in many domains (macros)
 
 Problem: I have a set of records I'd like to include in many domains.

From 544d731decfb2c4e10a8d3550648d8a0f2dd3414 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 27 Feb 2024 15:11:13 -0500
Subject: [PATCH 159/438] get-zones now outputs `END);` notation and prettier
 whitespace (#2849)

---
 commands/getZones.go                    | 9 ++++++---
 commands/test_data/apex.com.zone.djs    | 2 ++
 commands/test_data/apex.com.zone.js     | 6 ++++--
 commands/test_data/ds.com.zone.djs      | 2 ++
 commands/test_data/ds.com.zone.js       | 6 ++++--
 commands/test_data/example.org.zone.djs | 2 ++
 commands/test_data/example.org.zone.js  | 6 ++++--
 commands/test_data/simple.com.zone.djs  | 2 ++
 commands/test_data/simple.com.zone.js   | 6 ++++--
 9 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/commands/getZones.go b/commands/getZones.go
index aad4394147..a9b726f85a 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -220,7 +220,7 @@ func GetZone(args GetZoneArgs) error {
 			fmt.Fprintf(w, `var %s = NewDnsProvider("%s", "%s");`+"\n",
 				dspVariableName, args.CredName, args.ProviderName)
 		}
-		fmt.Fprintf(w, `var REG_CHANGEME = NewRegistrar("none");`+"\n")
+		fmt.Fprintf(w, `var REG_CHANGEME = NewRegistrar("none");`+"\n\n")
 	}
 
 	// print each zone
@@ -267,14 +267,17 @@ func GetZone(args GetZoneArgs) error {
 					"//,  NOTE: CNAME at apex may require manual editing.",
 					"// NOTE: CNAME at apex may require manual editing.",
 				)
+				fmt.Fprint(w, out)
+				fmt.Fprint(w, "\n)\n\n")
 			} else {
+				out = out + ","
 				out = strings.ReplaceAll(out,
 					"// NOTE: CNAME at apex may require manual editing.,",
 					"// NOTE: CNAME at apex may require manual editing.",
 				)
+				fmt.Fprint(w, out)
+				fmt.Fprint(w, "\nEND);\n\n")
 			}
-			fmt.Fprint(w, out)
-			fmt.Fprint(w, "\n)\n")
 
 		case "tsv":
 			for _, rec := range recs {
diff --git a/commands/test_data/apex.com.zone.djs b/commands/test_data/apex.com.zone.djs
index 24fe6ccd30..a24b5c718e 100644
--- a/commands/test_data/apex.com.zone.djs
+++ b/commands/test_data/apex.com.zone.djs
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("apex.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
 	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
@@ -11,3 +12,4 @@ D("apex.com", REG_CHANGEME
 	, CNAME("@", "cnametest1.example.com.")
 	, CNAME("www", "cnametest2.example.com.")
 )
+
diff --git a/commands/test_data/apex.com.zone.js b/commands/test_data/apex.com.zone.js
index 2e19a309db..30e3604784 100644
--- a/commands/test_data/apex.com.zone.js
+++ b/commands/test_data/apex.com.zone.js
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("apex.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
@@ -9,5 +10,6 @@ D("apex.com", REG_CHANGEME,
 	//NAMESERVER("ns-cloud-c2.googledomains.com."),
 	// NOTE: CNAME at apex may require manual editing.
 	CNAME("@", "cnametest1.example.com."),
-	CNAME("www", "cnametest2.example.com.")
-)
+	CNAME("www", "cnametest2.example.com."),
+END);
+
diff --git a/commands/test_data/ds.com.zone.djs b/commands/test_data/ds.com.zone.djs
index a6fd23a01d..9283527e4f 100644
--- a/commands/test_data/ds.com.zone.djs
+++ b/commands/test_data/ds.com.zone.djs
@@ -1,7 +1,9 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("ds.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
 	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
 	, DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B")
 )
+
diff --git a/commands/test_data/ds.com.zone.js b/commands/test_data/ds.com.zone.js
index 2a1b010810..91a93a22c1 100644
--- a/commands/test_data/ds.com.zone.js
+++ b/commands/test_data/ds.com.zone.js
@@ -1,7 +1,9 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("ds.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
-	DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B")
-)
+	DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B"),
+END);
+
diff --git a/commands/test_data/example.org.zone.djs b/commands/test_data/example.org.zone.djs
index 1464580fa7..c4ef92e60f 100644
--- a/commands/test_data/example.org.zone.djs
+++ b/commands/test_data/example.org.zone.djs
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("example.org", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
 	, DefaultTTL(7200)
@@ -353,3 +354,4 @@ D("example.org", REG_CHANGEME
 	, CNAME("zyxwvutsrqpo", "gv-nmlkjihgfedcba.dv.googlehosted.com.")
 	, CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com.")
 )
+
diff --git a/commands/test_data/example.org.zone.js b/commands/test_data/example.org.zone.js
index 95f7d4a46a..6972c95bb5 100644
--- a/commands/test_data/example.org.zone.js
+++ b/commands/test_data/example.org.zone.js
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("example.org", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	DefaultTTL(7200),
@@ -351,5 +352,6 @@ D("example.org", REG_CHANGEME,
 	CNAME("_fedcba9876543210fedcba9876543210.go", "_45678901234abcdef45678901234abcd.ggedgsdned.acm-validations.aws."),
 	CNAME("opqrstuvwxyz", "gv-abcdefghijklmn.dv.googlehosted.com."),
 	CNAME("zyxwvutsrqpo", "gv-nmlkjihgfedcba.dv.googlehosted.com."),
-	CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com.")
-)
+	CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com."),
+END);
+
diff --git a/commands/test_data/simple.com.zone.djs b/commands/test_data/simple.com.zone.djs
index f230f45ab8..ada1d4f7cb 100644
--- a/commands/test_data/simple.com.zone.djs
+++ b/commands/test_data/simple.com.zone.djs
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("simple.com", REG_CHANGEME
 	, DnsProvider(DSP_BIND)
 	//, SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440)
@@ -22,3 +23,4 @@ D("simple.com", REG_CHANGEME
 	, CNAME("info", "stackoverflow.mktoweb.com.")
 	, SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com.")
 )
+
diff --git a/commands/test_data/simple.com.zone.js b/commands/test_data/simple.com.zone.js
index 9f17b4545e..51d3d23d11 100644
--- a/commands/test_data/simple.com.zone.js
+++ b/commands/test_data/simple.com.zone.js
@@ -1,5 +1,6 @@
 var DSP_BIND = NewDnsProvider("bind", "BIND");
 var REG_CHANGEME = NewRegistrar("none");
+
 D("simple.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
@@ -20,5 +21,6 @@ D("simple.com", REG_CHANGEME,
 	TXT("m1._domainkey.dev-email", "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCIBezZ2Gc+/3PghWk+YOE6T9HdwgUTMTR0Fne2i51MNN9Qs7AqDitVdG/949iDbI2fPNZSnKtOcnlLYwvve9MhMAMI1nZ26ILhgaBJi2BMZQpGFlO4ucuo/Uj4DPZ5Ge/NZHCX0CRhAhR5sRmL2OffNcFXFrymzUuz4KzI/NyUiwIDAQAB"),
 	CNAME("email", "mkto-sj280138.com."),
 	CNAME("info", "stackoverflow.mktoweb.com."),
-	SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com.")
-)
+	SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
+END);
+

From 32b8863a93225a3c773011b6a8c4bdca271b8e35 Mon Sep 17 00:00:00 2001
From: halochou <halo.chou@gmail.com>
Date: Tue, 27 Feb 2024 16:59:37 -0500
Subject: [PATCH 160/438] AXFRDDNS: Avoid appending dot if TSIG key ID already
 has a dot suffix (#2855)

Co-authored-by: Yang Zhou <yangz@fortinet.com>
---
 providers/axfrddns/axfrddnsProvider.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index fabeb6a4d7..e05bd4415f 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -212,7 +212,11 @@ func readKey(raw string, kind string) (*Key, error) {
 	if err != nil {
 		return nil, fmt.Errorf("cannot decode Base64 secret (%s) in AXFRDDNS.TSIG", kind)
 	}
-	return &Key{algo: algo, id: arr[1] + ".", secret: arr[2]}, nil
+	id := arr[1]
+	if !strings.HasSuffix(id, ".") {
+		id += "."
+	}
+	return &Key{algo: algo, id: id, secret: arr[2]}, nil
 }
 
 // GetNameservers returns the nameservers for a domain.

From 73c303bf7686c0dd432c26668b6c58156f5538e3 Mon Sep 17 00:00:00 2001
From: xtex <xtexchooser@duck.com>
Date: Sun, 3 Mar 2024 23:12:13 +0800
Subject: [PATCH 161/438] CLOUDFLAREAPI: Permit adding NS records to apex
 domain (#2864)

---
 providers/cloudflare/cloudflareProvider.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 8a502810b2..6f74d8a82e 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -397,10 +397,9 @@ func checkNSModifications(dc *models.DomainConfig) {
 
 	for _, rec := range dc.Records {
 		if rec.Type == "NS" && rec.GetLabelFQDN() == punyRoot {
-			if !strings.HasSuffix(rec.GetTargetField(), ".ns.cloudflare.com.") {
-				printer.Warnf("cloudflare does not support modifying NS records on base domain. %s will not be added.\n", rec.GetTargetField())
+			if strings.HasSuffix(rec.GetTargetField(), ".ns.cloudflare.com.") {
+				continue
 			}
-			continue
 		}
 		newList = append(newList, rec)
 	}

From 68314ee034f4bb6cac1c47015a87b0e847fd3a69 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 12:17:12 -0500
Subject: [PATCH 162/438] TESTING: Bug: integration tests ignore 'type' in
 ignoreTarget (#2867)

---
 integrationTest/integration_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 2350ab5563..4863a50ef7 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -534,7 +534,7 @@ func ignoreName(labelSpec string) *models.RecordConfig {
 }
 
 func ignoreTarget(targetSpec string, typeSpec string) *models.RecordConfig {
-	return ignore("*", "*", targetSpec)
+	return ignore("*", typeSpec, targetSpec)
 }
 
 func ignore(labelSpec string, typeSpec string, targetSpec string) *models.RecordConfig {
@@ -723,7 +723,7 @@ func ns1Urlfwd(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "NS1_URLFWD")
 }
 
-func clear(items ...interface{}) *TestCase {
+func clear() *TestCase {
 	return tc("Empty")
 }
 

From dfda97b593df6b97b7fdfc063795a992fa9be009 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:25:27 -0500
Subject: [PATCH 163/438] Remove dead code in WriteTypes

---
 commands/writeTypes.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/commands/writeTypes.go b/commands/writeTypes.go
index 165952783e..ef0a6100fb 100644
--- a/commands/writeTypes.go
+++ b/commands/writeTypes.go
@@ -56,9 +56,6 @@ func WriteTypes(args TypesArgs) error {
 	file.WriteString("// To update it, run `dnscontrol write-types`.\n\n")
 	file.WriteString("// " + version + "\n")
 	file.WriteString(dtsContent)
-	if err != nil {
-		return err
-	}
 
 	print("Successfully wrote " + args.DTSFile + "\n")
 	return nil

From 18f7208044d6062d2c573fde0c64383117f488b9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:25:45 -0500
Subject: [PATCH 164/438] Remove unused t parameter in
 setupTestShellCompletionCommand

---
 commands/completion_test.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/commands/completion_test.go b/commands/completion_test.go
index 9cbe77467f..07ba8436cb 100644
--- a/commands/completion_test.go
+++ b/commands/completion_test.go
@@ -20,7 +20,7 @@ type shellTestDataItem struct {
 }
 
 // setupTestShellCompletionCommand resets the buffers used to capture output and errors from the app.
-func setupTestShellCompletionCommand(t *testing.T, app *cli.App) func(t *testing.T) {
+func setupTestShellCompletionCommand(app *cli.App) func(t *testing.T) {
 	return func(t *testing.T) {
 		app.Writer.(*bytes.Buffer).Reset()
 		cli.ErrWriter.(*bytes.Buffer).Reset()
@@ -65,7 +65,7 @@ func TestShellCompletionCommand(t *testing.T) {
 	t.Run("shellArg", func(t *testing.T) {
 		for _, tt := range shellsAndCompletionScripts {
 			t.Run(tt.shellName, func(t *testing.T) {
-				tearDownTest := setupTestShellCompletionCommand(t, app)
+				tearDownTest := setupTestShellCompletionCommand(app)
 				defer tearDownTest(t)
 
 				err := app.Run([]string{app.Name, "shell-completion", tt.shellName})
@@ -90,7 +90,7 @@ func TestShellCompletionCommand(t *testing.T) {
 		}
 
 		t.Run(invalidShellTestDataItem.shellName, func(t *testing.T) {
-			tearDownTest := setupTestShellCompletionCommand(t, app)
+			tearDownTest := setupTestShellCompletionCommand(app)
 			defer tearDownTest(t)
 
 			err := app.Run([]string{app.Name, "shell-completion", "invalid"})
@@ -116,7 +116,7 @@ func TestShellCompletionCommand(t *testing.T) {
 	t.Run("$SHELL", func(t *testing.T) {
 		for _, tt := range shellsAndCompletionScripts {
 			t.Run(tt.shellName, func(t *testing.T) {
-				tearDownTest := setupTestShellCompletionCommand(t, app)
+				tearDownTest := setupTestShellCompletionCommand(app)
 				defer tearDownTest(t)
 
 				t.Setenv("SHELL", tt.shellPath)
@@ -143,7 +143,7 @@ func TestShellCompletionCommand(t *testing.T) {
 		}
 
 		t.Run(invalidShellTestDataItem.shellName, func(t *testing.T) {
-			tearDownTest := setupTestShellCompletionCommand(t, app)
+			tearDownTest := setupTestShellCompletionCommand(app)
 			defer tearDownTest(t)
 
 			t.Setenv("SHELL", invalidShellTestDataItem.shellPath)
@@ -189,7 +189,7 @@ func TestShellCompletionCommand(t *testing.T) {
 
 		for _, tC := range testCases {
 			t.Run(tC.shellArg, func(t *testing.T) {
-				tearDownTest := setupTestShellCompletionCommand(t, app)
+				tearDownTest := setupTestShellCompletionCommand(app)
 				defer tearDownTest(t)
 				app.EnableBashCompletion = true
 				defer func() {

From e4dc7aaf386eb8c1c4d7294a18b1303f268180c1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:29:32 -0500
Subject: [PATCH 165/438] deadcode: quotedList() keysWithColons()

---
 pkg/credsfile/providerConfig.go      | 17 ----------
 pkg/credsfile/providerConfig_test.go | 51 ----------------------------
 2 files changed, 68 deletions(-)
 delete mode 100644 pkg/credsfile/providerConfig_test.go

diff --git a/pkg/credsfile/providerConfig.go b/pkg/credsfile/providerConfig.go
index 95bfe5836c..34c7510657 100644
--- a/pkg/credsfile/providerConfig.go
+++ b/pkg/credsfile/providerConfig.go
@@ -19,23 +19,6 @@ import (
 	"github.com/google/shlex"
 )
 
-func quotedList(l []string) string {
-	if len(l) == 0 {
-		return ""
-	}
-	return `"` + strings.Join(l, `", "`) + `"`
-}
-
-func keysWithColons(list []string) []string {
-	var r []string
-	for _, k := range list {
-		if strings.Contains(k, ":") {
-			r = append(r, k)
-		}
-	}
-	return r
-}
-
 // LoadProviderConfigs will open or execute the specified file name, and parse its contents. It will replace environment variables it finds if any value matches $[A-Za-z_-0-9]+
 func LoadProviderConfigs(fname string) (map[string]map[string]string, error) {
 	var results = map[string]map[string]string{}
diff --git a/pkg/credsfile/providerConfig_test.go b/pkg/credsfile/providerConfig_test.go
deleted file mode 100644
index 67af7541bb..0000000000
--- a/pkg/credsfile/providerConfig_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package credsfile
-
-import (
-	"reflect"
-	"testing"
-)
-
-func Test_keysWithColons(t *testing.T) {
-	type args struct {
-		list []string
-	}
-	tests := []struct {
-		name string
-		args args
-		want []string
-	}{
-		{"0", args{list: []string{""}}, nil},
-		{"1", args{list: []string{"none"}}, nil},
-		{"2", args{list: []string{"a:b"}}, []string{"a:b"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := keysWithColons(tt.args.list); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("keysWithColons() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
-
-func Test_quotedList(t *testing.T) {
-	type args struct {
-		l []string
-	}
-	tests := []struct {
-		name string
-		args args
-		want string
-	}{
-		{"none", args{}, ""},
-		{"single", args{l: []string{"one"}}, `"one"`},
-		{"two", args{l: []string{"ricky", "lucy"}}, `"ricky", "lucy"`},
-		{"three", args{l: []string{"manny", "moe", "jack"}}, `"manny", "moe", "jack"`},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := quotedList(tt.args.l); got != tt.want {
-				t.Errorf("quotedList() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}

From ed999b99bd59b06cae1b660f50fc71cd2147c69d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:32:10 -0500
Subject: [PATCH 166/438] deadcode: justMsgString (move to test)

---
 pkg/diff2/analyze.go      | 5 -----
 pkg/diff2/analyze_test.go | 5 +++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/diff2/analyze.go b/pkg/diff2/analyze.go
index e0ebf81147..3f8d3ffdf7 100644
--- a/pkg/diff2/analyze.go
+++ b/pkg/diff2/analyze.go
@@ -314,8 +314,3 @@ func justMsgs(cl ChangeList) []string {
 	}
 	return msgs
 }
-
-func justMsgString(cl ChangeList) string {
-	msgs := justMsgs(cl)
-	return strings.Join(msgs, "\n")
-}
diff --git a/pkg/diff2/analyze_test.go b/pkg/diff2/analyze_test.go
index 898735b3e0..1962adbecd 100644
--- a/pkg/diff2/analyze_test.go
+++ b/pkg/diff2/analyze_test.go
@@ -52,6 +52,11 @@ var d12 = makeRec("labh", "A", "1.2.3.4")                 // [12']
 var d13 = makeRec("labc", "CNAME", "labe")                // [13']
 var testDataApexMX22bbb = makeRec("", "MX", "22 bbb")
 
+func justMsgString(cl ChangeList) string {
+	msgs := justMsgs(cl)
+	return strings.Join(msgs, "\n")
+}
+
 func compareMsgs(t *testing.T, fnname, testname, testpart string, gotcc ChangeList, wantstring string, wantstringdefault string) {
 	wantstring = coalesce(wantstring, wantstringdefault)
 	t.Helper()

From 34d6e079b2031ddbde035bb820ebb76f194fabf7 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:37:37 -0500
Subject: [PATCH 167/438] deadcode: groupbyRSet

---
 pkg/diff2/analyze_test.go   | 13 ++++++
 pkg/diff2/groupsort.go      | 81 +++++++++++++++++--------------------
 pkg/diff2/groupsort_test.go | 73 +++++++++++++--------------------
 3 files changed, 78 insertions(+), 89 deletions(-)

diff --git a/pkg/diff2/analyze_test.go b/pkg/diff2/analyze_test.go
index 1962adbecd..38a3972ddb 100644
--- a/pkg/diff2/analyze_test.go
+++ b/pkg/diff2/analyze_test.go
@@ -18,6 +18,19 @@ func init() {
 	color.NoColor = true
 }
 
+func makeRec(label, rtype, content string) *models.RecordConfig {
+	origin := "f.com"
+	r := models.RecordConfig{TTL: 300}
+	r.SetLabel(label, origin)
+	r.PopulateFromString(rtype, content, origin)
+	return &r
+}
+func makeRecTTL(label, rtype, content string, ttl uint32) *models.RecordConfig {
+	r := makeRec(label, rtype, content)
+	r.TTL = ttl
+	return r
+}
+
 var testDataAA1234 = makeRec("laba", "A", "1.2.3.4")               // [ 0]
 var testDataAA5678 = makeRec("laba", "A", "5.6.7.8")               //
 var testDataAA1234ttl700 = makeRecTTL("laba", "A", "1.2.3.4", 700) //
diff --git a/pkg/diff2/groupsort.go b/pkg/diff2/groupsort.go
index ea282ef7a8..872c3c2ffb 100644
--- a/pkg/diff2/groupsort.go
+++ b/pkg/diff2/groupsort.go
@@ -1,45 +1,40 @@
 package diff2
 
-import (
-	"github.com/StackExchange/dnscontrol/v4/models"
-	"github.com/StackExchange/dnscontrol/v4/pkg/prettyzone"
-)
-
-type recset struct {
-	Key  models.RecordKey
-	Recs []*models.RecordConfig
-}
-
-func groupbyRSet(recs models.Records, origin string) []recset {
-
-	if len(recs) == 0 {
-		return nil
-	}
-
-	// Sort the NameFQDN to a consistent order. The actual sort methodology
-	// doesn't matter as long as equal values are adjacent.
-	// Use the PrettySort ordering so that the records are extra pretty.
-	pretty := prettyzone.PrettySort(recs, origin, 0, nil)
-	recs = pretty.Records
-
-	var result []recset
-	var acc []*models.RecordConfig
-
-	// Do the first element
-	prevkey := recs[0].Key()
-	acc = append(acc, recs[0])
-
-	for i := 1; i < len(recs); i++ {
-		curkey := recs[i].Key()
-		if prevkey == curkey { // A run of equal keys.
-			acc = append(acc, recs[i])
-		} else { // New key. Append old data to result and start new acc.
-			result = append(result, recset{Key: prevkey, Recs: acc})
-			acc = []*models.RecordConfig{recs[i]}
-		}
-		prevkey = curkey
-	}
-	result = append(result, recset{Key: prevkey, Recs: acc}) // The remainder
-
-	return result
-}
+// type recset struct {
+// 	Key  models.RecordKey
+// 	Recs []*models.RecordConfig
+// }
+
+// func groupbyRSet(recs models.Records, origin string) []recset {
+
+// 	if len(recs) == 0 {
+// 		return nil
+// 	}
+
+// 	// Sort the NameFQDN to a consistent order. The actual sort methodology
+// 	// doesn't matter as long as equal values are adjacent.
+// 	// Use the PrettySort ordering so that the records are extra pretty.
+// 	pretty := prettyzone.PrettySort(recs, origin, 0, nil)
+// 	recs = pretty.Records
+
+// 	var result []recset
+// 	var acc []*models.RecordConfig
+
+// 	// Do the first element
+// 	prevkey := recs[0].Key()
+// 	acc = append(acc, recs[0])
+
+// 	for i := 1; i < len(recs); i++ {
+// 		curkey := recs[i].Key()
+// 		if prevkey == curkey { // A run of equal keys.
+// 			acc = append(acc, recs[i])
+// 		} else { // New key. Append old data to result and start new acc.
+// 			result = append(result, recset{Key: prevkey, Recs: acc})
+// 			acc = []*models.RecordConfig{recs[i]}
+// 		}
+// 		prevkey = curkey
+// 	}
+// 	result = append(result, recset{Key: prevkey, Recs: acc}) // The remainder
+
+// 	return result
+// }
diff --git a/pkg/diff2/groupsort_test.go b/pkg/diff2/groupsort_test.go
index cca1e416c3..50d486106e 100644
--- a/pkg/diff2/groupsort_test.go
+++ b/pkg/diff2/groupsort_test.go
@@ -1,51 +1,32 @@
 package diff2
 
-import (
-	"reflect"
-	"testing"
+// func makeRecSet(recs ...*models.RecordConfig) *recset {
+// 	result := recset{}
+// 	result.Key = recs[0].Key()
+// 	result.Recs = append(result.Recs, recs...)
+// 	return &result
+// }
 
-	"github.com/StackExchange/dnscontrol/v4/models"
-)
+// func Test_groupbyRSet(t *testing.T) {
 
-func makeRec(label, rtype, content string) *models.RecordConfig {
-	origin := "f.com"
-	r := models.RecordConfig{TTL: 300}
-	r.SetLabel(label, origin)
-	r.PopulateFromString(rtype, content, origin)
-	return &r
-}
-func makeRecTTL(label, rtype, content string, ttl uint32) *models.RecordConfig {
-	r := makeRec(label, rtype, content)
-	r.TTL = ttl
-	return r
-}
-func makeRecSet(recs ...*models.RecordConfig) *recset {
-	result := recset{}
-	result.Key = recs[0].Key()
-	result.Recs = append(result.Recs, recs...)
-	return &result
-}
+// 	wwwa1 := makeRec("www", "A", "1.1.1.1")
+// 	wwwa2 := makeRec("www", "A", "2.2.2.2")
+// 	zzza1 := makeRec("zzz", "A", "1.1.0.0")
+// 	zzza2 := makeRec("zzz", "A", "2.2.0.0")
+// 	wwwmx1 := makeRec("www", "MX", "1 mx1.foo.com.")
+// 	wwwmx2 := makeRec("www", "MX", "2 mx2.foo.com.")
+// 	zzzmx1 := makeRec("zzz", "MX", "1 mx.foo.com.")
+// 	orig := models.Records{wwwa1, wwwa2, zzza1, zzza2, wwwmx1, wwwmx2, zzzmx1}
+// 	wantResult := []recset{
+// 		*makeRecSet(wwwa1, wwwa2),
+// 		*makeRecSet(wwwmx1, wwwmx2),
+// 		*makeRecSet(zzza1, zzza2),
+// 		*makeRecSet(zzzmx1),
+// 	}
 
-func Test_groupbyRSet(t *testing.T) {
-
-	wwwa1 := makeRec("www", "A", "1.1.1.1")
-	wwwa2 := makeRec("www", "A", "2.2.2.2")
-	zzza1 := makeRec("zzz", "A", "1.1.0.0")
-	zzza2 := makeRec("zzz", "A", "2.2.0.0")
-	wwwmx1 := makeRec("www", "MX", "1 mx1.foo.com.")
-	wwwmx2 := makeRec("www", "MX", "2 mx2.foo.com.")
-	zzzmx1 := makeRec("zzz", "MX", "1 mx.foo.com.")
-	orig := models.Records{wwwa1, wwwa2, zzza1, zzza2, wwwmx1, wwwmx2, zzzmx1}
-	wantResult := []recset{
-		*makeRecSet(wwwa1, wwwa2),
-		*makeRecSet(wwwmx1, wwwmx2),
-		*makeRecSet(zzza1, zzza2),
-		*makeRecSet(zzzmx1),
-	}
-
-	t.Run("afew", func(t *testing.T) {
-		if gotResult := groupbyRSet(orig, "f.com"); !reflect.DeepEqual(gotResult, wantResult) {
-			t.Errorf("groupbyRSet() = %v, want %v", gotResult, wantResult)
-		}
-	})
-}
+// 	t.Run("afew", func(t *testing.T) {
+// 		if gotResult := groupbyRSet(orig, "f.com"); !reflect.DeepEqual(gotResult, wantResult) {
+// 			t.Errorf("groupbyRSet() = %v, want %v", gotResult, wantResult)
+// 		}
+// 	})
+// }

From 80ff81498823d993b07b8b188f56dc9cbfbd40ce Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:37:57 -0500
Subject: [PATCH 168/438] deadcode: groupbyRSet

---
 pkg/diff2/groupsort_test.go | 32 --------------------------------
 1 file changed, 32 deletions(-)
 delete mode 100644 pkg/diff2/groupsort_test.go

diff --git a/pkg/diff2/groupsort_test.go b/pkg/diff2/groupsort_test.go
deleted file mode 100644
index 50d486106e..0000000000
--- a/pkg/diff2/groupsort_test.go
+++ /dev/null
@@ -1,32 +0,0 @@
-package diff2
-
-// func makeRecSet(recs ...*models.RecordConfig) *recset {
-// 	result := recset{}
-// 	result.Key = recs[0].Key()
-// 	result.Recs = append(result.Recs, recs...)
-// 	return &result
-// }
-
-// func Test_groupbyRSet(t *testing.T) {
-
-// 	wwwa1 := makeRec("www", "A", "1.1.1.1")
-// 	wwwa2 := makeRec("www", "A", "2.2.2.2")
-// 	zzza1 := makeRec("zzz", "A", "1.1.0.0")
-// 	zzza2 := makeRec("zzz", "A", "2.2.0.0")
-// 	wwwmx1 := makeRec("www", "MX", "1 mx1.foo.com.")
-// 	wwwmx2 := makeRec("www", "MX", "2 mx2.foo.com.")
-// 	zzzmx1 := makeRec("zzz", "MX", "1 mx.foo.com.")
-// 	orig := models.Records{wwwa1, wwwa2, zzza1, zzza2, wwwmx1, wwwmx2, zzzmx1}
-// 	wantResult := []recset{
-// 		*makeRecSet(wwwa1, wwwa2),
-// 		*makeRecSet(wwwmx1, wwwmx2),
-// 		*makeRecSet(zzza1, zzza2),
-// 		*makeRecSet(zzzmx1),
-// 	}
-
-// 	t.Run("afew", func(t *testing.T) {
-// 		if gotResult := groupbyRSet(orig, "f.com"); !reflect.DeepEqual(gotResult, wantResult) {
-// 			t.Errorf("groupbyRSet() = %v, want %v", gotResult, wantResult)
-// 		}
-// 	})
-// }

From 951b47d58383874a093018de8d38daf0628a3278 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:41:42 -0500
Subject: [PATCH 169/438] deadcode: SSH.StartProcess, SSH.createCmd, SSH.quote

---
 pkg/powershell/backend/ssh.go | 71 ++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 38 deletions(-)

diff --git a/pkg/powershell/backend/ssh.go b/pkg/powershell/backend/ssh.go
index 68c918280d..bdaa6fdd7e 100644
--- a/pkg/powershell/backend/ssh.go
+++ b/pkg/powershell/backend/ssh.go
@@ -3,12 +3,7 @@
 package backend
 
 import (
-	"fmt"
 	"io"
-	"regexp"
-	"strings"
-
-	"github.com/juju/errors"
 )
 
 // sshSession exists so we don't create a hard dependency on crypto/ssh.
@@ -25,45 +20,45 @@ type SSH struct {
 	Session sshSession
 }
 
-func (b *SSH) StartProcess(cmd string, args ...string) (Waiter, io.Writer, io.Reader, io.Reader, error) {
-	stdin, err := b.Session.StdinPipe()
-	if err != nil {
-		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdin stream")
-	}
+// func (b *SSH) StartProcess(cmd string, args ...string) (Waiter, io.Writer, io.Reader, io.Reader, error) {
+// 	stdin, err := b.Session.StdinPipe()
+// 	if err != nil {
+// 		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdin stream")
+// 	}
 
-	stdout, err := b.Session.StdoutPipe()
-	if err != nil {
-		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdout stream")
-	}
+// 	stdout, err := b.Session.StdoutPipe()
+// 	if err != nil {
+// 		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stdout stream")
+// 	}
 
-	stderr, err := b.Session.StderrPipe()
-	if err != nil {
-		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stderr stream")
-	}
+// 	stderr, err := b.Session.StderrPipe()
+// 	if err != nil {
+// 		return nil, nil, nil, nil, errors.Annotate(err, "Could not get hold of the SSH session's stderr stream")
+// 	}
 
-	err = b.Session.Start(b.createCmd(cmd, args))
-	if err != nil {
-		return nil, nil, nil, nil, errors.Annotate(err, "Could not spawn process via SSH")
-	}
+// 	err = b.Session.Start(b.createCmd(cmd, args))
+// 	if err != nil {
+// 		return nil, nil, nil, nil, errors.Annotate(err, "Could not spawn process via SSH")
+// 	}
 
-	return b.Session, stdin, stdout, stderr, nil
-}
+// 	return b.Session, stdin, stdout, stderr, nil
+// }
 
-func (b *SSH) createCmd(cmd string, args []string) string {
-	parts := []string{cmd}
-	simple := regexp.MustCompile(`^[a-z0-9_/.~+-]+$`)
+// func (b *SSH) createCmd(cmd string, args []string) string {
+// 	parts := []string{cmd}
+// 	simple := regexp.MustCompile(`^[a-z0-9_/.~+-]+$`)
 
-	for _, arg := range args {
-		if !simple.MatchString(arg) {
-			arg = b.quote(arg)
-		}
+// 	for _, arg := range args {
+// 		if !simple.MatchString(arg) {
+// 			arg = b.quote(arg)
+// 		}
 
-		parts = append(parts, arg)
-	}
+// 		parts = append(parts, arg)
+// 	}
 
-	return strings.Join(parts, " ")
-}
+// 	return strings.Join(parts, " ")
+// }
 
-func (b *SSH) quote(s string) string {
-	return fmt.Sprintf(`"%s"`, s)
-}
+// func (b *SSH) quote(s string) string {
+// 	return fmt.Sprintf(`"%s"`, s)
+// }

From 4d13c0251a5468342079c6a089d4e81c7dcb55b5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:43:47 -0500
Subject: [PATCH 170/438] deadcode: NewUTF8, utf8.Execute, utf8.Exit

---
 pkg/powershell/middleware/utf8.go | 59 ++++++++++++++-----------------
 1 file changed, 26 insertions(+), 33 deletions(-)

diff --git a/pkg/powershell/middleware/utf8.go b/pkg/powershell/middleware/utf8.go
index 3ef940570a..292e76d4ff 100644
--- a/pkg/powershell/middleware/utf8.go
+++ b/pkg/powershell/middleware/utf8.go
@@ -2,48 +2,41 @@
 
 package middleware
 
-import (
-	"encoding/base64"
-	"fmt"
-
-	"github.com/StackExchange/dnscontrol/v4/pkg/powershell/utils"
-)
-
 // utf8 implements a primitive middleware that encodes all outputs
 // as base64 to prevent encoding issues between remote PowerShell
 // shells and the receiver. Just setting $OutputEncoding does not
 // work reliably enough, sadly.
-type utf8 struct {
-	upstream Middleware
-	wrapper  string
-}
+// type utf8 struct {
+// 	upstream Middleware
+// 	wrapper  string
+// }
 
-func NewUTF8(upstream Middleware) (Middleware, error) {
-	wrapper := "goUTF8" + utils.CreateRandomString(8)
+// func NewUTF8(upstream Middleware) (Middleware, error) {
+// 	wrapper := "goUTF8" + utils.CreateRandomString(8)
 
-	_, _, err := upstream.Execute(fmt.Sprintf(`function %s { process { if ($_) { [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($_)) } else { '' } } }`, wrapper))
+// 	_, _, err := upstream.Execute(fmt.Sprintf(`function %s { process { if ($_) { [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes($_)) } else { '' } } }`, wrapper))
 
-	return &utf8{upstream, wrapper}, err
-}
+// 	return &utf8{upstream, wrapper}, err
+// }
 
-func (u *utf8) Execute(cmd string) (string, string, error) {
-	// Out-String to concat all lines into a single line,
-	// Write-Host to prevent line breaks at the "window width"
-	cmd = fmt.Sprintf(`%s | Out-String | %s | Write-Host`, cmd, u.wrapper)
+// func (u *utf8) Execute(cmd string) (string, string, error) {
+// 	// Out-String to concat all lines into a single line,
+// 	// Write-Host to prevent line breaks at the "window width"
+// 	cmd = fmt.Sprintf(`%s | Out-String | %s | Write-Host`, cmd, u.wrapper)
 
-	stdout, stderr, err := u.upstream.Execute(cmd)
-	if err != nil {
-		return stdout, stderr, err
-	}
+// 	stdout, stderr, err := u.upstream.Execute(cmd)
+// 	if err != nil {
+// 		return stdout, stderr, err
+// 	}
 
-	decoded, err := base64.StdEncoding.DecodeString(stdout)
-	if err != nil {
-		return stdout, stderr, err
-	}
+// 	decoded, err := base64.StdEncoding.DecodeString(stdout)
+// 	if err != nil {
+// 		return stdout, stderr, err
+// 	}
 
-	return string(decoded), stderr, nil
-}
+// 	return string(decoded), stderr, nil
+// }
 
-func (u *utf8) Exit() {
-	u.upstream.Exit()
-}
+// func (u *utf8) Exit() {
+// 	u.upstream.Exit()
+// }

From 28ca119b184bce93785328d37d7720f2b3ccb5e1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:49:25 -0500
Subject: [PATCH 171/438] deadcode: WriteZoneFileRR

---
 pkg/prettyzone/prettyzone.go      | 10 ----------
 pkg/prettyzone/prettyzone_test.go | 32 ++++++++++++++++++++-----------
 2 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/pkg/prettyzone/prettyzone.go b/pkg/prettyzone/prettyzone.go
index 901b6a1c81..cb91babf20 100644
--- a/pkg/prettyzone/prettyzone.go
+++ b/pkg/prettyzone/prettyzone.go
@@ -44,16 +44,6 @@ func MostCommonTTL(records models.Records) uint32 {
 	return mk
 }
 
-// WriteZoneFileRR is a helper for when you have []dns.RR instead of models.Records
-func WriteZoneFileRR(w io.Writer, records []dns.RR, origin string) error {
-	rcs, err := models.RRstoRCs(records, origin)
-	if err != nil {
-		return err
-	}
-
-	return WriteZoneFileRC(w, rcs, origin, 0, nil)
-}
-
 // WriteZoneFileRC writes a beautifully formatted zone file.
 func WriteZoneFileRC(w io.Writer, records models.Records, origin string, defaultTTL uint32, comments []string) error {
 	// This function prioritizes beauty over output size.
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index ee24e551d0..8c3bb302db 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -3,6 +3,7 @@ package prettyzone
 import (
 	"bytes"
 	"fmt"
+	"io"
 	"log"
 	"math/rand"
 	"strings"
@@ -29,7 +30,7 @@ func parseAndRegen(t *testing.T, buf *bytes.Buffer, expected string) {
 
 	// Generate it back:
 	buf2 := &bytes.Buffer{}
-	WriteZoneFileRR(buf2, parsed, "bosun.org")
+	writeZoneFileRR(buf2, parsed, "bosun.org")
 
 	// Compare:
 	if buf2.String() != expected {
@@ -37,6 +38,15 @@ func parseAndRegen(t *testing.T, buf *bytes.Buffer, expected string) {
 	}
 }
 
+// writeZoneFileRR is a helper for when you have []dns.RR instead of models.Records
+func writeZoneFileRR(w io.Writer, records []dns.RR, origin string) error {
+	rcs, err := models.RRstoRCs(records, origin)
+	if err != nil {
+		return err
+	}
+
+	return WriteZoneFileRC(w, rcs, origin, 0, nil)
+}
 func TestMostCommonTtl(t *testing.T) {
 	var records []dns.RR
 	var g, e uint32
@@ -103,7 +113,7 @@ func TestWriteZoneFileSimple(t *testing.T) {
 	r2, _ := dns.NewRR("bosun.org. 300 IN A 192.30.252.154")
 	r3, _ := dns.NewRR("www.bosun.org. 300 IN CNAME bosun.org.")
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3}, "bosun.org")
 	expected := `$TTL 300
 @                IN A     192.30.252.153
                  IN A     192.30.252.154
@@ -124,7 +134,7 @@ func TestWriteZoneFileSimpleTtl(t *testing.T) {
 	r3, _ := dns.NewRR("bosun.org. 100 IN A 192.30.252.155")
 	r4, _ := dns.NewRR("www.bosun.org. 300 IN CNAME bosun.org.")
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3, r4}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3, r4}, "bosun.org")
 	expected := `$TTL 100
 @                IN A     192.30.252.153
                  IN A     192.30.252.154
@@ -154,7 +164,7 @@ func TestWriteZoneFileMx(t *testing.T) {
 	r8, _ := dns.NewRR("ccc.bosun.org. IN MX 40 aaa.example.com.")
 	r9, _ := dns.NewRR("ccc.bosun.org. IN MX 1 ttt.example.com.")
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5, r6, r7, r8, r9}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5, r6, r7, r8, r9}, "bosun.org")
 	if buf.String() != testdataZFMX {
 		t.Log(buf.String())
 		t.Log(testdataZFMX)
@@ -183,7 +193,7 @@ func TestWriteZoneFileSrv(t *testing.T) {
 	r4, _ := dns.NewRR(`bosun.org. 300 IN SRV 20 10 5050 foo.com.`)
 	r5, _ := dns.NewRR(`bosun.org. 300 IN SRV 10 10 5050 foo.com.`)
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5}, "bosun.org")
 	if buf.String() != testdataZFSRV {
 		t.Log(buf.String())
 		t.Log(testdataZFSRV)
@@ -206,7 +216,7 @@ func TestWriteZoneFilePtr(t *testing.T) {
 	r2, _ := dns.NewRR(`bosun.org. 300 IN PTR barney.bosun.org.`)
 	r3, _ := dns.NewRR(`bosun.org. 300 IN PTR alex.bosun.org.`)
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3}, "bosun.org")
 	if buf.String() != testdataZFPTR {
 		t.Log(buf.String())
 		t.Log(testdataZFPTR)
@@ -230,7 +240,7 @@ func TestWriteZoneFileCaa(t *testing.T) {
 	r5, _ := dns.NewRR(`bosun.org. 300 IN CAA 0 iodef "https://example.net"`)
 	r6, _ := dns.NewRR(`bosun.org. 300 IN CAA 1 iodef "mailto:example.com"`)
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5, r6}, "bosun.org")
+	writeZoneFileRR(buf, []dns.RR{r1, r2, r3, r4, r5, r6}, "bosun.org")
 	if buf.String() != testdataZFCAA {
 		t.Log(buf.String())
 		t.Log(testdataZFCAA)
@@ -274,7 +284,7 @@ func TestWriteZoneFileTxt(t *testing.T) {
 
 		// Generate the zonefile:
 		buf := &bytes.Buffer{}
-		WriteZoneFileRR(buf, []dns.RR{rr}, "bosun.org")
+		writeZoneFileRR(buf, []dns.RR{rr}, "bosun.org")
 		gz := buf.String()
 		if gz != ez {
 			t.Log("got: " + gz)
@@ -315,7 +325,7 @@ func TestWriteZoneFileEach(t *testing.T) {
 	d = append(d, mustNewRR(`x.bosun.org.         300 IN CNAME bosun.org.`))    // Must be a label with no other records.
 	d = append(d, mustNewRR(`bosun.org.           300 IN DHCID   AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=`))
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, d, "bosun.org")
+	writeZoneFileRR(buf, d, "bosun.org")
 	if buf.String() != testdataZFEach {
 		t.Log(buf.String())
 		t.Log(testdataZFEach)
@@ -404,7 +414,7 @@ func TestWriteZoneFileOrder(t *testing.T) {
 	}
 
 	buf := &bytes.Buffer{}
-	WriteZoneFileRR(buf, records, "stackoverflow.com")
+	writeZoneFileRR(buf, records, "stackoverflow.com")
 	// Compare
 	if buf.String() != testdataOrder {
 		t.Log("Found:")
@@ -424,7 +434,7 @@ func TestWriteZoneFileOrder(t *testing.T) {
 		}
 		// Generate
 		buf := &bytes.Buffer{}
-		WriteZoneFileRR(buf, records, "stackoverflow.com")
+		writeZoneFileRR(buf, records, "stackoverflow.com")
 		// Compare
 		if buf.String() != testdataOrder {
 			t.Log(buf.String())

From ea71a9c3c97c86f0a79ea4bcdfc8e06cf19f62dc Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 10:52:24 -0500
Subject: [PATCH 172/438] deadcode: CaaTargetHasSemicolon

---
 pkg/rejectif/caa.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/pkg/rejectif/caa.go b/pkg/rejectif/caa.go
index c538e48bc1..f11d6a2715 100644
--- a/pkg/rejectif/caa.go
+++ b/pkg/rejectif/caa.go
@@ -27,10 +27,10 @@ func CaaTargetContainsWhitespace(rc *models.RecordConfig) error {
 	return nil
 }
 
-// CaaTargetHasSemicolon identifies CAA records that contain semicolons.
-func CaaTargetHasSemicolon(rc *models.RecordConfig) error {
-	if strings.Contains(rc.GetTargetField(), ";") {
-		return fmt.Errorf("caa target contains semicolon")
-	}
-	return nil
-}
+// // CaaTargetHasSemicolon identifies CAA records that contain semicolons.
+// func CaaTargetHasSemicolon(rc *models.RecordConfig) error {
+// 	if strings.Contains(rc.GetTargetField(), ";") {
+// 		return fmt.Errorf("caa target contains semicolon")
+// 	}
+// 	return nil
+// }

From c0d8ca7a1840d1d853412cec7dffb00fc36593ff Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:01:21 -0500
Subject: [PATCH 173/438] deadcode: move createTestWorker

---
 providers/cloudflare/cloudflareProvider.go | 18 +++++++++++++++++-
 providers/cloudflare/rest.go               | 15 ---------------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 6f74d8a82e..73613dd5aa 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -1,6 +1,7 @@
 package cloudflare
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"net"
@@ -826,7 +827,7 @@ func (c *cloudflareProvider) EnsureZoneExists(domain string) error {
 	return err
 }
 
-// PrepareCloudflareTestWorkers creates Cloudflare Workers required for CF_WORKER_ROUTE tests.
+// PrepareCloudflareTestWorkers creates Cloudflare Workers required for CF_WORKER_ROUTE integration tests.
 func PrepareCloudflareTestWorkers(prv providers.DNSServiceProvider) error {
 	cf, ok := prv.(*cloudflareProvider)
 	if ok {
@@ -842,3 +843,18 @@ func PrepareCloudflareTestWorkers(prv providers.DNSServiceProvider) error {
 	}
 	return nil
 }
+
+func (c *cloudflareProvider) createTestWorker(workerName string) error {
+	wp := cloudflare.CreateWorkerParams{
+		ScriptName: workerName,
+		Script: `
+			addEventListener("fetch", (event) => {
+				event.respondWith(
+					new Response("Ok.", { status: 200 })
+				);
+			});`,
+	}
+
+	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.accountID), wp)
+	return err
+}
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 8b8c708459..67876e6b38 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -358,21 +358,6 @@ func (c *cloudflareProvider) createWorkerRoute(domainID string, target string) e
 	return err
 }
 
-func (c *cloudflareProvider) createTestWorker(workerName string) error {
-	wp := cloudflare.CreateWorkerParams{
-		ScriptName: workerName,
-		Script: `
-			addEventListener("fetch", (event) => {
-				event.respondWith(
-					new Response("Ok.", { status: 200 })
-				);
-			});`,
-	}
-
-	_, err := c.cfClient.UploadWorker(context.Background(), cloudflare.AccountIdentifier(c.accountID), wp)
-	return err
-}
-
 // https://github.com/dominikh/go-tools/issues/1137 which is a dup of
 // https://github.com/dominikh/go-tools/issues/810
 //

From 1b16cf455f53e3aaa46dc41892101c037a09b19b Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:05:16 -0500
Subject: [PATCH 174/438] deadcode: providers/doh/auditrecords.go (not a DSP)

---
 providers/doh/auditrecords.go | 10 ----------
 1 file changed, 10 deletions(-)
 delete mode 100644 providers/doh/auditrecords.go

diff --git a/providers/doh/auditrecords.go b/providers/doh/auditrecords.go
deleted file mode 100644
index 5901140530..0000000000
--- a/providers/doh/auditrecords.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package doh
-
-import "github.com/StackExchange/dnscontrol/v4/models"
-
-// AuditRecords returns a list of errors corresponding to the records
-// that aren't supported by this provider.  If all records are
-// supported, an empty list is returned.
-func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
-}

From bdad44f2e8ffd856337aaf4450faa4e6b769835c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:06:07 -0500
Subject: [PATCH 175/438] deadcode: providers/internetbs/auditrecords.go (not a
 DSP)

---
 providers/internetbs/auditrecords.go | 10 ----------
 1 file changed, 10 deletions(-)
 delete mode 100644 providers/internetbs/auditrecords.go

diff --git a/providers/internetbs/auditrecords.go b/providers/internetbs/auditrecords.go
deleted file mode 100644
index b9376c58c0..0000000000
--- a/providers/internetbs/auditrecords.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package internetbs
-
-import "github.com/StackExchange/dnscontrol/v4/models"
-
-// AuditRecords returns a list of errors corresponding to the records
-// that aren't supported by this provider.  If all records are
-// supported, an empty list is returned.
-func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
-}

From 15f773701719584c6469f6abcc798a18c12f2982 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:07:02 -0500
Subject: [PATCH 176/438] deadcode: providers/opensrs/auditrecords.go (not a
 DSP)

---
 providers/opensrs/auditrecords.go | 10 ----------
 1 file changed, 10 deletions(-)
 delete mode 100644 providers/opensrs/auditrecords.go

diff --git a/providers/opensrs/auditrecords.go b/providers/opensrs/auditrecords.go
deleted file mode 100644
index 792b39a771..0000000000
--- a/providers/opensrs/auditrecords.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package opensrs
-
-import "github.com/StackExchange/dnscontrol/v4/models"
-
-// AuditRecords returns a list of errors corresponding to the records
-// that aren't supported by this provider.  If all records are
-// supported, an empty list is returned.
-func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
-}

From a3dad4d382bc12c64d818f2f8bb861d5d9721f76 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:12:37 -0500
Subject: [PATCH 177/438] deadcode: RRstoRCs (moved)

---
 models/dnsrr.go                   | 13 -------------
 pkg/prettyzone/prettyzone_test.go | 26 ++++++++++++++++++++------
 2 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/models/dnsrr.go b/models/dnsrr.go
index 222c975c34..eaac4e8548 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -16,19 +16,6 @@ func (rc *RecordConfig) String() string {
 
 // Conversions
 
-// RRstoRCs converts []dns.RR to []RecordConfigs.
-func RRstoRCs(rrs []dns.RR, origin string) (Records, error) {
-	rcs := make(Records, 0, len(rrs))
-	for _, r := range rrs {
-		rc, err := RRtoRC(r, origin)
-		if err != nil {
-			return nil, err
-		}
-
-		rcs = append(rcs, &rc)
-	}
-	return rcs, nil
-}
 
 // RRtoRC converts dns.RR to RecordConfig
 func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 8c3bb302db..8c83fc7d22 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -38,9 +38,23 @@ func parseAndRegen(t *testing.T, buf *bytes.Buffer, expected string) {
 	}
 }
 
+// rrstoRCs converts []dns.RR to []RecordConfigs.
+func rrstoRCs(rrs []dns.RR, origin string) (models.Records, error) {
+	rcs := make(models.Records, 0, len(rrs))
+	for _, r := range rrs {
+		rc, err := models.RRtoRC(r, origin)
+		if err != nil {
+			return nil, err
+		}
+
+		rcs = append(rcs, &rc)
+	}
+	return rcs, nil
+}
+
 // writeZoneFileRR is a helper for when you have []dns.RR instead of models.Records
 func writeZoneFileRR(w io.Writer, records []dns.RR, origin string) error {
-	rcs, err := models.RRstoRCs(records, origin)
+	rcs, err := rrstoRCs(records, origin)
 	if err != nil {
 		return err
 	}
@@ -59,7 +73,7 @@ func TestMostCommonTtl(t *testing.T) {
 	// All records are TTL=100
 	records = nil
 	records, e = append(records, r1, r1, r1), 100
-	x, err := models.RRstoRCs(records, "bosun.org")
+	x, err := rrstoRCs(records, "bosun.org")
 	if err != nil {
 		panic(err)
 	}
@@ -71,7 +85,7 @@ func TestMostCommonTtl(t *testing.T) {
 	// Mixture of TTLs with an obvious winner.
 	records = nil
 	records, e = append(records, r1, r2, r2), 200
-	rcs, err := models.RRstoRCs(records, "bosun.org")
+	rcs, err := rrstoRCs(records, "bosun.org")
 	if err != nil {
 		panic(err)
 	}
@@ -83,7 +97,7 @@ func TestMostCommonTtl(t *testing.T) {
 	// 3-way tie. Largest TTL should be used.
 	records = nil
 	records, e = append(records, r1, r2, r3), 300
-	rcs, err = models.RRstoRCs(records, "bosun.org")
+	rcs, err = rrstoRCs(records, "bosun.org")
 	if err != nil {
 		panic(err)
 	}
@@ -95,7 +109,7 @@ func TestMostCommonTtl(t *testing.T) {
 	// NS records are ignored.
 	records = nil
 	records, e = append(records, r1, r4, r5), 100
-	rcs, err = models.RRstoRCs(records, "bosun.org")
+	rcs, err = rrstoRCs(records, "bosun.org")
 	if err != nil {
 		panic(err)
 	}
@@ -357,7 +371,7 @@ func TestWriteZoneFileSynth(t *testing.T) {
 	rsynz := &models.RecordConfig{Type: "R53_ALIAS", TTL: 300}
 	rsynz.SetLabel("zalias", "bosun.org")
 
-	recs, err := models.RRstoRCs([]dns.RR{r1, r2, r3}, "bosun.org")
+	recs, err := rrstoRCs([]dns.RR{r1, r2, r3}, "bosun.org")
 	if err != nil {
 		panic(err)
 	}

From 822a40c4e4b84cd267fceb08690c6fa4cb654fcd Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:20:18 -0500
Subject: [PATCH 178/438] unused params in makeUknown() and formatDsl()

---
 commands/getZones.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/commands/getZones.go b/commands/getZones.go
index a9b726f85a..0bec3cbb68 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -254,7 +254,7 @@ func GetZone(args GetZoneArgs) error {
 				if (rec.Type == "CNAME") && (rec.Name == "@") {
 					o = append(o, "// NOTE: CNAME at apex may require manual editing.")
 				}
-				o = append(o, formatDsl(zoneName, rec, defaultTTL))
+				o = append(o, formatDsl(rec, defaultTTL))
 			}
 			out := strings.Join(o, sep)
 
@@ -314,7 +314,7 @@ func jsonQuoted(i string) string {
 	return string(b)
 }
 
-func formatDsl(zonename string, rec *models.RecordConfig, defaultTTL uint32) string {
+func formatDsl(rec *models.RecordConfig, defaultTTL uint32) string {
 
 	target := rec.GetTargetCombined()
 
@@ -410,5 +410,5 @@ func makeR53alias(rec *models.RecordConfig, ttl uint32) string {
 }
 
 func makeUknown(rc *models.RecordConfig, ttl uint32) string {
-	return fmt.Sprintf(`// %s("%s")`, rc.UnknownTypeName, rc.GetTargetField())
+	return fmt.Sprintf(`// %s("%s", TTL(%d))`, rc.UnknownTypeName, rc.GetTargetField(), ttl)
 }

From 3b01dc8b3f4f1e7dd488eb01058fff97194d87d0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:21:50 -0500
Subject: [PATCH 179/438] unused param t in testPermitted()

---
 integrationTest/integration_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 4863a50ef7..e90e306520 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -135,7 +135,7 @@ func getDomainConfigWithNameservers(t *testing.T, prv providers.DNSServiceProvid
 
 // testPermitted returns nil if the test is permitted, otherwise an
 // error explaining why it is not.
-func testPermitted(t *testing.T, p string, f TestGroup) error {
+func testPermitted(p string, f TestGroup) error {
 
 	// not() and only() can't be mixed.
 	if len(f.only) != 0 && len(f.not) != 0 {
@@ -298,7 +298,7 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 		}
 
 		// Abide by filter
-		if err := testPermitted(t, *providerToRun, *group); err != nil {
+		if err := testPermitted(*providerToRun, *group); err != nil {
 			//t.Logf("%s: ***SKIPPED(%v)***", group.Desc, err)
 			makeChanges(t, prv, dc, tc("Empty"), fmt.Sprintf("%02d:%s ***SKIPPED(%v)***", gIdx, group.Desc, err), false, origConfig)
 			continue

From c3580b1d1297fa7141c4ff1b25e87e594bdc8b64 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:27:29 -0500
Subject: [PATCH 180/438] unused parameter knownFailures in cfg[], getProvider,
 runTests

---
 integrationTest/integration_test.go | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index e90e306520..8d837b59d4 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -5,7 +5,6 @@ import (
 	"flag"
 	"fmt"
 	"os"
-	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -45,16 +44,15 @@ func CfCProxyFull() *TestCase { return tc("cproxyf", cfProxyCNAME("cproxy", "exa
 
 // ---
 
-func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[int]bool, map[string]string) {
+func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[string]string) {
 	if *providerToRun == "" {
 		t.Log("No provider specified with -provider")
-		return nil, "", nil, nil
+		return nil, "", nil
 	}
 	jsons, err := credsfile.LoadProviderConfigs("providers.json")
 	if err != nil {
 		t.Fatalf("Error loading provider configs: %s", err)
 	}
-	fails := map[int]bool{}
 	for name, cfg := range jsons {
 		if *providerToRun != name {
 			continue
@@ -78,15 +76,6 @@ func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[int]bo
 		if err != nil {
 			t.Fatal(err)
 		}
-		if f := cfg["knownFailures"]; f != "" {
-			for _, s := range strings.Split(f, ",") {
-				i, err := strconv.Atoi(s)
-				if err != nil {
-					t.Fatal(err)
-				}
-				fails[i] = true
-			}
-		}
 
 		if name == "CLOUDFLAREAPI" && *enableCFWorkers {
 			// Cloudflare only. Will do nothing if provider != *cloudflareProvider.
@@ -95,15 +84,15 @@ func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[int]bo
 			}
 		}
 
-		return provider, cfg["domain"], fails, cfg
+		return provider, cfg["domain"], cfg
 	}
 
 	t.Fatalf("Provider %s not found", *providerToRun)
-	return nil, "", nil, nil
+	return nil, "", nil
 }
 
 func TestDNSProviders(t *testing.T) {
-	provider, domain, fails, cfg := getProvider(t)
+	provider, domain, cfg := getProvider(t)
 	if provider == nil {
 		return
 	}
@@ -112,7 +101,7 @@ func TestDNSProviders(t *testing.T) {
 	}
 
 	t.Run(domain, func(t *testing.T) {
-		runTests(t, provider, domain, fails, cfg)
+		runTests(t, provider, domain, cfg)
 	})
 
 }
@@ -275,7 +264,7 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 	})
 }
 
-func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string, knownFailures map[int]bool, origConfig map[string]string) {
+func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string, origConfig map[string]string) {
 	dc := getDomainConfigWithNameservers(t, prv, domainName)
 	testGroups := makeTests(t)
 
@@ -336,7 +325,7 @@ func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string,
 }
 
 func TestDualProviders(t *testing.T) {
-	p, domain, _, _ := getProvider(t)
+	p, domain, _ := getProvider(t)
 	if p == nil {
 		return
 	}
@@ -400,7 +389,7 @@ func TestNameserverDots(t *testing.T) {
 	// or vise-versa.
 
 	// Setup:
-	p, domain, _, _ := getProvider(t)
+	p, domain, _ := getProvider(t)
 	if p == nil {
 		return
 	}

From 2ff585d4c5a969178f963b68578171302d79f091 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:47:12 -0500
Subject: [PATCH 181/438] deadcode: dump Print

---
 pkg/spflib/parse.go      | 28 ----------------------------
 pkg/spflib/parse_test.go | 29 +++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 28 deletions(-)

diff --git a/pkg/spflib/parse.go b/pkg/spflib/parse.go
index 3dbbf75ab9..bfa549427a 100644
--- a/pkg/spflib/parse.go
+++ b/pkg/spflib/parse.go
@@ -1,9 +1,7 @@
 package spflib
 
 import (
-	"bytes"
 	"fmt"
-	"io"
 	"strings"
 )
 
@@ -101,29 +99,3 @@ func Parse(text string, dnsres Resolver) (*SPFRecord, error) {
 	}
 	return rec, nil
 }
-
-func dump(rec *SPFRecord, indent string, w io.Writer) {
-
-	fmt.Fprintf(w, "%sTotal Lookups: %d\n", indent, rec.Lookups())
-	fmt.Fprint(w, indent+"v=spf1")
-	for _, p := range rec.Parts {
-		fmt.Fprint(w, " "+p.Text)
-	}
-	fmt.Fprintln(w)
-	indent += "\t"
-	for _, p := range rec.Parts {
-		if p.IsLookup {
-			fmt.Fprintln(w, indent+p.Text)
-		}
-		if p.IncludeRecord != nil {
-			dump(p.IncludeRecord, indent+"\t", w)
-		}
-	}
-}
-
-// Print prints an SPFRecord.
-func (s *SPFRecord) Print() string {
-	w := &bytes.Buffer{}
-	dump(s, "", w)
-	return w.String()
-}
diff --git a/pkg/spflib/parse_test.go b/pkg/spflib/parse_test.go
index 8faedb5409..186d097be9 100644
--- a/pkg/spflib/parse_test.go
+++ b/pkg/spflib/parse_test.go
@@ -1,10 +1,39 @@
 package spflib
 
 import (
+	"bytes"
+	"fmt"
+	"io"
 	"strings"
 	"testing"
 )
 
+func dump(rec *SPFRecord, indent string, w io.Writer) {
+
+	fmt.Fprintf(w, "%sTotal Lookups: %d\n", indent, rec.Lookups())
+	fmt.Fprint(w, indent+"v=spf1")
+	for _, p := range rec.Parts {
+		fmt.Fprint(w, " "+p.Text)
+	}
+	fmt.Fprintln(w)
+	indent += "\t"
+	for _, p := range rec.Parts {
+		if p.IsLookup {
+			fmt.Fprintln(w, indent+p.Text)
+		}
+		if p.IncludeRecord != nil {
+			dump(p.IncludeRecord, indent+"\t", w)
+		}
+	}
+}
+
+// Print prints an SPFRecord.
+func (s *SPFRecord) Print() string {
+	w := &bytes.Buffer{}
+	dump(s, "", w)
+	return w.String()
+}
+
 func TestParse(t *testing.T) {
 	dnsres, err := NewCache("testdata-dns1.json")
 	if err != nil {

From 4f32ddf132829b58b7cd020fc73b07ea8cc981f8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:48:12 -0500
Subject: [PATCH 182/438] deadcode: DebugUnmanagedConfig

---
 models/unmanaged.go | 48 ++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 25 deletions(-)

diff --git a/models/unmanaged.go b/models/unmanaged.go
index e1f7f5d7e7..57e8fe0f7f 100644
--- a/models/unmanaged.go
+++ b/models/unmanaged.go
@@ -1,9 +1,6 @@
 package models
 
 import (
-	"bytes"
-	"fmt"
-
 	"github.com/gobwas/glob"
 )
 
@@ -28,25 +25,26 @@ type UnmanagedConfig struct {
 	TargetGlob    glob.Glob `json:"-"` // Compiled version
 }
 
-// DebugUnmanagedConfig returns a string version of an []*UnmanagedConfig for debugging purposes.
-func DebugUnmanagedConfig(uc []*UnmanagedConfig) string {
-	if len(uc) == 0 {
-		return "UnmanagedConfig{}"
-	}
-
-	var buf bytes.Buffer
-	b := &buf
-
-	fmt.Fprint(b, "UnmanagedConfig{\n")
-	for i, c := range uc {
-		fmt.Fprintf(b, "%00d: (%v, %+v, %v)\n",
-			i,
-			c.LabelGlob,
-			c.RTypeMap,
-			c.TargetGlob,
-		)
-	}
-	fmt.Fprint(b, "}")
-
-	return b.String()
-}
+// Uncomment to use:
+// // DebugUnmanagedConfig returns a string version of an []*UnmanagedConfig for debugging purposes.
+// func DebugUnmanagedConfig(uc []*UnmanagedConfig) string {
+// 	if len(uc) == 0 {
+// 		return "UnmanagedConfig{}"
+// 	}
+
+// 	var buf bytes.Buffer
+// 	b := &buf
+
+// 	fmt.Fprint(b, "UnmanagedConfig{\n")
+// 	for i, c := range uc {
+// 		fmt.Fprintf(b, "%00d: (%v, %+v, %v)\n",
+// 			i,
+// 			c.LabelGlob,
+// 			c.RTypeMap,
+// 			c.TargetGlob,
+// 		)
+// 	}
+// 	fmt.Fprint(b, "}")
+
+// 	return b.String()
+// }

From 0576cec7d83a9ec1c5787beafb98ee8fa1d396c6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:48:54 -0500
Subject: [PATCH 183/438] deadcode: Errorf

---
 pkg/printer/printer.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index 6ebe635466..9cc6d26ce3 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -54,9 +54,9 @@ func Warnf(fmt string, args ...interface{}) {
 }
 
 // Errorf is called to print/format an error.
-func Errorf(fmt string, args ...interface{}) {
-	DefaultPrinter.Errorf(fmt, args...)
-}
+// func Errorf(fmt string, args ...interface{}) {
+// 	DefaultPrinter.Errorf(fmt, args...)
+// }
 
 var (
 	// DefaultPrinter is the default Printer, used by Debugf, Printf, and Warnf.

From 798c0d6b9e04079f6e24cfccc3a6524641b106b6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:49:34 -0500
Subject: [PATCH 184/438] deadcode: Change/ChangeList.String

---
 pkg/diff2/analyze_test.go       | 38 +++++++++++++++++++++++++++++++++
 pkg/diff2/compareconfig.go      | 30 --------------------------
 pkg/diff2/compareconfig_test.go | 31 +++++++++++++++++++++++++++
 pkg/diff2/diff2.go              | 35 ------------------------------
 4 files changed, 69 insertions(+), 65 deletions(-)

diff --git a/pkg/diff2/analyze_test.go b/pkg/diff2/analyze_test.go
index 38a3972ddb..a220ffac55 100644
--- a/pkg/diff2/analyze_test.go
+++ b/pkg/diff2/analyze_test.go
@@ -1,6 +1,8 @@
 package diff2
 
 import (
+	"bytes"
+	"fmt"
 	"reflect"
 	"strings"
 	"testing"
@@ -18,6 +20,42 @@ func init() {
 	color.NoColor = true
 }
 
+// Stringify the datastructures (for debugging)
+
+func (c Change) String() string {
+	var buf bytes.Buffer
+	b := &buf
+
+	fmt.Fprintf(b, "Change: verb=%v\n", c.Type)
+	fmt.Fprintf(b, "    key=%v\n", c.Key)
+	if c.HintOnlyTTL {
+		fmt.Fprint(b, "    Hints=OnlyTTL\n", c.Key)
+	}
+	if len(c.Old) != 0 {
+		fmt.Fprintf(b, "    old=%v\n", c.Old)
+	}
+	if len(c.New) != 0 {
+		fmt.Fprintf(b, "    new=%v\n", c.New)
+	}
+	fmt.Fprintf(b, "    msg=%q\n", c.Msgs)
+
+	return b.String()
+}
+
+func (cl ChangeList) String() string {
+	var buf bytes.Buffer
+	b := &buf
+
+	fmt.Fprintf(b, "ChangeList: len=%d\n", len(cl))
+	for i, j := range cl {
+		fmt.Fprintf(b, "%02d: %s", i, j)
+	}
+
+	return b.String()
+}
+
+// Make sample data
+
 func makeRec(label, rtype, content string) *models.RecordConfig {
 	origin := "f.com"
 	r := models.RecordConfig{TTL: 300}
diff --git a/pkg/diff2/compareconfig.go b/pkg/diff2/compareconfig.go
index 0ec0320dac..91d6c86f79 100644
--- a/pkg/diff2/compareconfig.go
+++ b/pkg/diff2/compareconfig.go
@@ -1,7 +1,6 @@
 package diff2
 
 import (
-	"bytes"
 	"fmt"
 	"sort"
 
@@ -171,35 +170,6 @@ func (cc *CompareConfig) verifyCNAMEAssertions() {
 
 }
 
-// String returns cc represented as a string. This is used for
-// debugging and unit tests, as the structure may otherwise be
-// difficult to compare.
-func (cc *CompareConfig) String() string {
-	var buf bytes.Buffer
-	b := &buf
-
-	fmt.Fprintf(b, "ldata:\n")
-	for i, ld := range cc.ldata {
-		fmt.Fprintf(b, "  ldata[%02d]: %s\n", i, ld.label)
-		for j, t := range ld.tdata {
-			fmt.Fprintf(b, "             tdata[%d]: %q e(%d, %d) d(%d, %d)\n", j, t.rType,
-				len(t.existingTargets),
-				len(t.existingRecs),
-				len(t.desiredTargets),
-				len(t.desiredRecs),
-			)
-		}
-	}
-	fmt.Fprintf(b, "labelMap: len=%d %v\n", len(cc.labelMap), cc.labelMap)
-	fmt.Fprintf(b, "keyMap:   len=%d %v\n", len(cc.keyMap), cc.keyMap)
-	fmt.Fprintf(b, "existing: %q\n", cc.existing)
-	fmt.Fprintf(b, "desired: %q\n", cc.desired)
-	fmt.Fprintf(b, "origin: %v\n", cc.origin)
-	fmt.Fprintf(b, "compFn: %v\n", cc.compareableFunc)
-
-	return b.String()
-}
-
 // Generate a string that can be used to compare this record to others
 // for equality.
 func mkCompareBlobs(rc *models.RecordConfig, f func(*models.RecordConfig) string) (string, string) {
diff --git a/pkg/diff2/compareconfig_test.go b/pkg/diff2/compareconfig_test.go
index 51a15df154..de7fc0912b 100644
--- a/pkg/diff2/compareconfig_test.go
+++ b/pkg/diff2/compareconfig_test.go
@@ -1,6 +1,8 @@
 package diff2
 
 import (
+	"bytes"
+	"fmt"
 	"strings"
 	"testing"
 
@@ -8,6 +10,35 @@ import (
 	"github.com/kylelemons/godebug/diff"
 )
 
+// String returns cc represented as a string. This is used for
+// debugging and unit tests, as the structure may otherwise be
+// difficult to compare.
+func (cc *CompareConfig) String() string {
+	var buf bytes.Buffer
+	b := &buf
+
+	fmt.Fprintf(b, "ldata:\n")
+	for i, ld := range cc.ldata {
+		fmt.Fprintf(b, "  ldata[%02d]: %s\n", i, ld.label)
+		for j, t := range ld.tdata {
+			fmt.Fprintf(b, "             tdata[%d]: %q e(%d, %d) d(%d, %d)\n", j, t.rType,
+				len(t.existingTargets),
+				len(t.existingRecs),
+				len(t.desiredTargets),
+				len(t.desiredRecs),
+			)
+		}
+	}
+	fmt.Fprintf(b, "labelMap: len=%d %v\n", len(cc.labelMap), cc.labelMap)
+	fmt.Fprintf(b, "keyMap:   len=%d %v\n", len(cc.keyMap), cc.keyMap)
+	fmt.Fprintf(b, "existing: %q\n", cc.existing)
+	fmt.Fprintf(b, "desired: %q\n", cc.desired)
+	fmt.Fprintf(b, "origin: %v\n", cc.origin)
+	fmt.Fprintf(b, "compFn: %v\n", cc.compareableFunc)
+
+	return b.String()
+}
+
 func TestNewCompareConfig(t *testing.T) {
 	type args struct {
 		origin   string
diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index 0d1da39bc5..f8f27f7e7a 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -6,7 +6,6 @@ package diff2
 // against the desired records.
 
 import (
-	"bytes"
 	"fmt"
 	"strings"
 
@@ -255,37 +254,3 @@ func byHelper(fn func(cc *CompareConfig) ChangeList, existing models.Records, dc
 
 	return instructions, nil
 }
-
-// Stringify the datastructures (for debugging)
-
-func (c Change) String() string {
-	var buf bytes.Buffer
-	b := &buf
-
-	fmt.Fprintf(b, "Change: verb=%v\n", c.Type)
-	fmt.Fprintf(b, "    key=%v\n", c.Key)
-	if c.HintOnlyTTL {
-		fmt.Fprint(b, "    Hints=OnlyTTL\n", c.Key)
-	}
-	if len(c.Old) != 0 {
-		fmt.Fprintf(b, "    old=%v\n", c.Old)
-	}
-	if len(c.New) != 0 {
-		fmt.Fprintf(b, "    new=%v\n", c.New)
-	}
-	fmt.Fprintf(b, "    msg=%q\n", c.Msgs)
-
-	return b.String()
-}
-
-func (cl ChangeList) String() string {
-	var buf bytes.Buffer
-	b := &buf
-
-	fmt.Fprintf(b, "ChangeList: len=%d\n", len(cl))
-	for i, j := range cl {
-		fmt.Fprintf(b, "%02d: %s", i, j)
-	}
-
-	return b.String()
-}

From e6c03c098a3a257760232d111316848360ec9764 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:50:24 -0500
Subject: [PATCH 185/438] cleanup: Remove dead code and unused params

---
 integrationTest/integration_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 8d837b59d4..b12d19c2ce 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -266,7 +266,7 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 
 func runTests(t *testing.T, prv providers.DNSServiceProvider, domainName string, origConfig map[string]string) {
 	dc := getDomainConfigWithNameservers(t, prv, domainName)
-	testGroups := makeTests(t)
+	testGroups := makeTests()
 
 	firstGroup := *startIdx
 	if firstGroup == -1 {
@@ -750,7 +750,7 @@ func alltrue(f ...bool) alltrueFilter {
 
 //
 
-func makeTests(t *testing.T) []*TestGroup {
+func makeTests() []*TestGroup {
 
 	sha256hash := strings.Repeat("0123456789abcdef", 4)
 	sha512hash := strings.Repeat("0123456789abcdef", 8)

From dd87f01560d3e7b78fe9b37f779157157d0073bd Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 11:57:32 -0500
Subject: [PATCH 186/438] gofmt

---
 models/dnsrr.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/models/dnsrr.go b/models/dnsrr.go
index eaac4e8548..3ce6543d3a 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -16,7 +16,6 @@ func (rc *RecordConfig) String() string {
 
 // Conversions
 
-
 // RRtoRC converts dns.RR to RecordConfig
 func RRtoRC(rr dns.RR, origin string) (RecordConfig, error) {
 	return helperRRtoRC(rr, origin, false)

From 3057a0b6c498090869dfdaae8013a0f7100cfeba Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 3 Mar 2024 15:49:42 -0500
Subject: [PATCH 187/438] CHORE: Update deps

---
 go.mod |  87 +++++++++++----------
 go.sum | 237 ++++++++++++++++++++++++---------------------------------
 2 files changed, 141 insertions(+), 183 deletions(-)

diff --git a/go.mod b/go.mod
index 9f41274b83..ba57c8d5ee 100644
--- a/go.mod
+++ b/go.mod
@@ -12,20 +12,20 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
-	github.com/PuerkitoBio/goquery v1.8.1
+	github.com/PuerkitoBio/goquery v1.9.1
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.24.1
-	github.com/aws/aws-sdk-go-v2/config v1.26.6
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6
+	github.com/aws/aws-sdk-go-v2 v1.25.2
+	github.com/aws/aws-sdk-go-v2/config v1.27.4
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.4
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.87.0
-	github.com/digitalocean/godo v1.108.0
+	github.com/cloudflare/cloudflare-go v0.89.0
+	github.com/digitalocean/godo v1.109.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -47,50 +47,50 @@ require (
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
 	github.com/robertkrimen/otto v0.3.0
 	github.com/softlayer/softlayer-go v1.1.3
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.27.1
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/net v0.20.0
-	golang.org/x/oauth2 v0.16.0
-	google.golang.org/api v0.161.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.11
+	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/net v0.21.0
+	golang.org/x/oauth2 v0.17.0
+	google.golang.org/api v0.167.0
+	gopkg.in/ns1/ns1-go.v2 v2.8.0
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
-	github.com/G-Core/gcore-dns-sdk-go v0.2.6
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
+	github.com/G-Core/gcore-dns-sdk-go v0.2.8
 	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/juju/errors v0.0.0-20200330140219-3fe23663418f
+	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240119083558-1b970713d09a
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go/compute v1.23.4 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
-	github.com/andybalholm/cascadia v1.3.1 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/andybalholm/cascadia v1.3.2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 // indirect
+	github.com/aws/smithy-go v1.20.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -110,9 +110,9 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.5.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.1 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -124,7 +124,6 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/juju/testing v0.0.0-20210324180055-18c50b0c2098 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -139,21 +138,21 @@ require (
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
-	go.opentelemetry.io/otel v1.22.0 // indirect
-	go.opentelemetry.io/otel/metric v1.22.0 // indirect
-	go.opentelemetry.io/otel/trace v1.22.0 // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
+	go.opentelemetry.io/otel v1.23.0 // indirect
+	go.opentelemetry.io/otel/metric v1.23.0 // indirect
+	go.opentelemetry.io/otel/trace v1.23.0 // indirect
+	golang.org/x/mod v0.15.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.17.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
-	google.golang.org/grpc v1.60.1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect
+	google.golang.org/grpc v1.61.1 // indirect
 	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 712f8c01ba..084233c532 100644
--- a/go.sum
+++ b/go.sum
@@ -1,14 +1,14 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk=
-cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI=
+cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw=
+cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 h1:n1DH8TPV4qqPTje2RcUBYwtrTWlabVp4n46+74X2pn4=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0/go.mod h1:HDcZnuGbiyppErN6lB+idp4CKhjbc8gwjto6OPpyggM=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
@@ -26,49 +26,49 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
-github.com/G-Core/gcore-dns-sdk-go v0.2.6 h1:R82ANd7BnhIe2mV/12Ebdx9QYVl2++E4kfDIu97JEOk=
-github.com/G-Core/gcore-dns-sdk-go v0.2.6/go.mod h1:KliUjfPonDvXyAGNiuO+MYVG/7lmWHZ+4Hi0sPxgOjg=
-github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM=
-github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ=
+github.com/G-Core/gcore-dns-sdk-go v0.2.8 h1:jblomjYiCzOgPGy9WwibmtGYJJzU9Jeebv9kwSaUsbA=
+github.com/G-Core/gcore-dns-sdk-go v0.2.8/go.mod h1:ky5q2+je2gyVpM2eGdlXbv/KRmD9nimtNQkjzDbXVys=
+github.com/PuerkitoBio/goquery v1.9.1 h1:mTL6XjbJTZdpfL+Gwl5U2h1l9yEkJjhmlTeV9VPW7UI=
+github.com/PuerkitoBio/goquery v1.9.1/go.mod h1:cW1n6TmIMDoORQU5IU/P1T3tGFunOeXEpGP2WHRwkbY=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 h1:vfVc5pSCq58ljNpXXwUcLnHATYi/x+YUdqFc9uBhLbM=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36/go.mod h1:MwE/QxFCN65F0hKGWFHUh2U2o1p2tMPNR1zHkX6vEh8=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
-github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c=
-github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA=
+github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
+github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
-github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
-github.com/aws/aws-sdk-go-v2/config v1.26.6 h1:Z/7w9bUqlRI0FFQpetVuFYEsjzE3h7fpU6HuGmfPL/o=
-github.com/aws/aws-sdk-go-v2/config v1.26.6/go.mod h1:uKU6cnDmYCvJ+pxO9S4cWDb2yWWIH5hra+32hVh1MI4=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16 h1:8q6Rliyv0aUFAVtzaldUEcS+T5gbadPbWdV1WcAddK8=
-github.com/aws/aws-sdk-go-v2/credentials v1.16.16/go.mod h1:UHVZrdUsv63hPXFo1H7c5fEneoVo9UXiz36QG1GEPi0=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 h1:c5I5iH+DZcH3xOIMlz3/tCKJDaHFwYEmxvlh2fAcFo8=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11/go.mod h1:cRrYDYAMUohBJUtUnOhydaMHtiK/1NZ0Otc9lIb6O0Y=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 h1:n3GDfwqF2tzEkXlv5cuy4iy7LpKDtqDMcNLfZDu9rls=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 h1:DBYTXwIGQSGs9w4jKm60F5dmCQ3EEruxdc0MFh+3EY4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10/go.mod h1:wohMUQiFdzo0NtxbBg0mSRGZ4vL3n0dKjLTINdcIino=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1 h1:U7OksynDSIFScG+7sGqOuJh+fP1USMkNtjxzGFZYG34=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.37.1/go.mod h1:8qqfpG4mug2JLlEyWPSFhEGvJiaZ9iPmMDDMYc5Xtas=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6 h1:CmFf5vN81i7l11gIw05mhkInK5+HByctL12Yr+0I+Og=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.20.6/go.mod h1:26un6U1jrFWKQEYHzLur07aRQ6wsJcY6O30DmDkIjuY=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 h1:eajuO3nykDPdYicLlP3AGgOyVN3MOlFmZv7WGTuJPow=
-github.com/aws/aws-sdk-go-v2/service/sso v1.18.7/go.mod h1:+mJNDdF+qiUlNKNC3fxn74WWNN+sOiGOEImje+3ScPM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 h1:QPMJf+Jw8E1l7zqhZmMlFw6w1NmfkfiSK8mS4zOx3BA=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7/go.mod h1:ykf3COxYI0UJmxcfcxcVuz7b6uADi1FkiUz6Eb7AgM8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 h1:NzO4Vrau795RkUdSHKEwiR01FaGzGOH1EETJ+5QHnm0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.26.7/go.mod h1:6h2YuIoxaMSCFf5fi1EgZAwdfkGMgDY+DVfa61uLe4U=
-github.com/aws/smithy-go v1.19.0 h1:KWFKQV80DpP3vJrrA9sVAHQ5gc2z8i4EzrLhLlWXcBM=
-github.com/aws/smithy-go v1.19.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
+github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
+github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
+github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M=
+github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1 h1:NRKxGOS+FKUA84EfbgkLCleBnfar+eXh5npW/3VgMQk=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1/go.mod h1:7Wa9sIDxey/5b2FK5r1Z6ryVfojt4Nl+VzzpK8q1L+M=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1 h1:XdHygs2iC+GYyM1ItNUzyLSzHH/ixL3xhG+6heaz58o=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1/go.mod h1:/5s6ahOjV5dZcCofvphLSvbMSvv2vBXHB99G6IDPY9Q=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
+github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
+github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -87,8 +87,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.87.0 h1:hLuXnDneECNpen4YwfA4+kcjyv8gsj30kOJsHPyw9pI=
-github.com/cloudflare/cloudflare-go v0.87.0/go.mod h1:wYW/5UP02TUfBToa/yKbQHV+r6h1NnJ1Je7XjuGM4Jw=
+github.com/cloudflare/cloudflare-go v0.89.0 h1:3zoVntC8xmUR/weFEcNE1RizdW4LRZdQnJ/AN8DDa1U=
+github.com/cloudflare/cloudflare-go v0.89.0/go.mod h1:eyuehb1i6BNRc+ZwaTZAiRHeE+4jbKvHAns19oGeakg=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -101,8 +101,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.108.0 h1:fWyMENvtxpCpva1UbKzOFnyAS04N1FNuBWWfPeTGquQ=
-github.com/digitalocean/godo v1.108.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.109.0 h1:4W97RJLJSUQ3veRZDNbp1Ol3Rbn6Lmt9bKGvfqYI5SU=
+github.com/digitalocean/godo v1.109.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -201,12 +201,12 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaU
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
-github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
-github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
+github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM=
+github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -253,34 +253,8 @@ github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/juju/ansiterm v0.0.0-20160907234532-b99631de12cf/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
-github.com/juju/clock v0.0.0-20190205081909-9c5c9712527c/go.mod h1:nD0vlnrUjcjJhqN5WuCWZyzfd5AHZAC9/ajvbSx69xA=
-github.com/juju/cmd v0.0.0-20171107070456-e74f39857ca0/go.mod h1:yWJQHl73rdSX4DHVKGqkAip+huBslxRwS8m9CrOLq18=
-github.com/juju/collections v0.0.0-20200605021417-0d0ec82b7271/go.mod h1:5XgO71dV1JClcOJE+4dzdn4HrI5LiyKd7PlVG6eZYhY=
-github.com/juju/errors v0.0.0-20150916125642-1b5e39b83d18/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
-github.com/juju/errors v0.0.0-20200330140219-3fe23663418f h1:MCOvExGLpaSIzLYB4iQXEHP4jYVU6vmzLNQPdMVrxnM=
-github.com/juju/errors v0.0.0-20200330140219-3fe23663418f/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
-github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
-github.com/juju/httpprof v0.0.0-20141217160036-14bf14c30767/go.mod h1:+MaLYz4PumRkkyHYeXJ2G5g5cIW0sli2bOfpmbaMV/g=
-github.com/juju/loggo v0.0.0-20170605014607-8232ab8918d9/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
-github.com/juju/loggo v0.0.0-20200526014432-9ce3a2e09b5e h1:FdDd7bdI6cjq5vaoYlK1mfQYfF9sF2VZw8VEZMsl5t8=
-github.com/juju/loggo v0.0.0-20200526014432-9ce3a2e09b5e/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
-github.com/juju/mgo/v2 v2.0.0-20210302023703-70d5d206e208 h1:/WiCm+Vpj87e4QWuWwPD/bNE9kDrWCLvPBHOQNcG2+A=
-github.com/juju/mgo/v2 v2.0.0-20210302023703-70d5d206e208/go.mod h1:0OChplkvPTZ174D2FYZXg4IB9hbEwyHkD+zT+/eK+Fg=
-github.com/juju/mutex v0.0.0-20171110020013-1fe2a4bf0a3a/go.mod h1:Y3oOzHH8CQ0Ppt0oCKJ2JFO81/EsWenH5AEqigLH+yY=
-github.com/juju/retry v0.0.0-20151029024821-62c620325291/go.mod h1:OohPQGsr4pnxwD5YljhQ+TZnuVRYpa5irjugL1Yuif4=
-github.com/juju/retry v0.0.0-20180821225755-9058e192b216/go.mod h1:OohPQGsr4pnxwD5YljhQ+TZnuVRYpa5irjugL1Yuif4=
-github.com/juju/testing v0.0.0-20180402130637-44801989f0f7/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
-github.com/juju/testing v0.0.0-20190723135506-ce30eb24acd2/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
-github.com/juju/testing v0.0.0-20210324180055-18c50b0c2098 h1:yrhek184cGp0IRyHg0uV1khLaorNg6GtDLkry4oNNjE=
-github.com/juju/testing v0.0.0-20210324180055-18c50b0c2098/go.mod h1:7lxZW0B50+xdGFkvhAb8bwAGt6IU87JB1H9w4t8MNVM=
-github.com/juju/utils v0.0.0-20180424094159-2000ea4ff043/go.mod h1:6/KLg8Wz/y2KVGWEpkK9vMNGkOnu4k/cqs8Z1fKjTOk=
-github.com/juju/utils v0.0.0-20200116185830-d40c2fe10647/go.mod h1:6/KLg8Wz/y2KVGWEpkK9vMNGkOnu4k/cqs8Z1fKjTOk=
-github.com/juju/utils/v2 v2.0.0-20200923005554-4646bfea2ef1/go.mod h1:fdlDtQlzundleLLz/ggoYinEt/LmnrpNKcNTABQATNI=
-github.com/juju/version v0.0.0-20161031051906-1f41e27e54f2/go.mod h1:kE8gK5X0CImdr7qpSKl3xB2PmpySSmfj7zVbkZFs81U=
-github.com/juju/version v0.0.0-20180108022336-b64dbd566305/go.mod h1:kE8gK5X0CImdr7qpSKl3xB2PmpySSmfj7zVbkZFs81U=
-github.com/juju/version v0.0.0-20191219164919-81c1be00b9a6/go.mod h1:kE8gK5X0CImdr7qpSKl3xB2PmpySSmfj7zVbkZFs81U=
-github.com/julienschmidt/httprouter v1.1.1-0.20151013225520-77a895ad01eb/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/juju/errors v1.0.0 h1:yiq7kjCLll1BiaRuNY53MGI0+EQ3rF6GB+wvboZDefM=
+github.com/juju/errors v1.0.0/go.mod h1:B5x9thDqx0wIMH3+aLIMP9HjItInYWObRovoCFM5Qe8=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -305,20 +279,13 @@ github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++
 github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
 github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7kd09ZGA=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/lunixbochs/vtclean v0.0.0-20160125035106-4fbf7632a2c6/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/masterzen/azure-sdk-for-go v3.2.0-beta.0.20161014135628-ee4f0065d00c+incompatible/go.mod h1:mf8fjOu33zCqxUjuiU3I8S1lJMyEAlH+0F2+M5xl3hE=
-github.com/masterzen/simplexml v0.0.0-20160608183007-4572e39b1ab9/go.mod h1:kCEbxUJlNDEBNbdQMkPSp6yaKcRXVI6f4ddk8Riv4bc=
-github.com/masterzen/winrm v0.0.0-20161014151040-7a535cd943fc/go.mod h1:CfZSN7zwz5gJiFhZJz49Uzk7mEBHIceWmbFmYx7Hf7E=
-github.com/masterzen/xmlpath v0.0.0-20140218185901-13f4951698ad/go.mod h1:A0zPC53iKKKcXYxr4ROjpQRQ5FgJXtelNdSmHHuq/tY=
 github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
-github.com/mattn/go-colorable v0.0.6/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.0-20160806122752-66b8e73f3f5c/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
@@ -348,7 +315,6 @@ github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uY
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
 github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
-github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
@@ -403,8 +369,9 @@ github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVd
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -414,8 +381,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA=
 github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
@@ -439,38 +406,36 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw=
-go.opentelemetry.io/otel v1.22.0 h1:xS7Ku+7yTFvDfDraDIJVpw7XPyuHlB9MCiqqX5mcJ6Y=
-go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI=
-go.opentelemetry.io/otel/metric v1.22.0 h1:lypMQnGyJYeuYPhOM/bgjbFM6WE44W1/T45er4d8Hhg=
-go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY=
-go.opentelemetry.io/otel/trace v1.22.0 h1:Hg6pPujv0XG9QaVbGOBVHunyuLcCC3jN7WEhPx83XD0=
-go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo=
-golang.org/x/crypto v0.0.0-20180214000028-650f4a345ab4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
+go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E=
+go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0=
+go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo=
+go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo=
+go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI=
+go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
-golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
-golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20180406214816-61147c48b25b/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
+golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -478,25 +443,25 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
-golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
-golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
+golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
+golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -522,12 +487,14 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
-golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -535,6 +502,7 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -551,14 +519,15 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
-golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
+golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.161.0 h1:oYzk/bs26WN10AV7iU7MVJVXBH8oCPS2hHyBiEeFoSU=
-google.golang.org/api v0.161.0/go.mod h1:0mu0TpK33qnydLvWqbImq2b1eQ5FHRSDCBzAxX9ZHyw=
+google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE=
+google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -566,19 +535,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg=
-google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM=
-google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac h1:nUQEQmH/csSvFECKYRv6HWEyypysidKl2I6Qpsglq/0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac/go.mod h1:daQN87bsDqDoe316QbbvX60nMoJQa4r6Ds0ZuoAe5yA=
+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU=
+google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M=
+google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A=
+google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU=
-google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
+google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY=
+google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -594,33 +563,25 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
 google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20160105164936-4f90aeace3a2/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v1 v1.0.0-20161222125816-442357a80af5/go.mod h1:u0ALmqvLRxLI95fkdCEWrE6mhWYZW1aMOJHp5YXLHTg=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
 gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY=
 gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0=
-gopkg.in/httprequest.v1 v1.1.1/go.mod h1:/CkavNL+g3qLOrpFHVrEx4NKepeqR4XTZWNj4sGGjz0=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/mgo.v2 v2.0.0-20160818015218-f2b6f6c918c4/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
-gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
-gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.8.0 h1:oX8QEHCCvnbTSqnSZRRHiGJsgke8eluTtQhNlPpFZBc=
+gopkg.in/ns1/ns1-go.v2 v2.8.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
 gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637/go.mod h1:BHsqpu/nsuzkT5BpiH1EMZPLyqSMM8JbIavyFACoFNk=
-gopkg.in/yaml.v2 v2.0.0-20170712054546-1be3d31502d6/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -633,7 +594,5 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80Vse0e+BUHsHMTEhd0O4cpUHr/e/BUM=
-launchpad.net/xmlpath v0.0.0-20130614043138-000000000004/go.mod h1:vqyExLOM3qBx7mvYRkoxjSCF945s0mbe7YynlKYXtsA=
 moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8=
 moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE=

From b1477d35e4c86dbb907416f4c1b262f74546f18e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:24:21 -0500
Subject: [PATCH 188/438] fix unused params in: pkg/normalize

---
 pkg/normalize/validate.go      |  8 ++++----
 pkg/normalize/validate_test.go | 35 +++++++++++++++++-----------------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 057fe6f659..d7f66bd6b6 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -103,7 +103,7 @@ func errorRepeat(label, domain string) string {
 	)
 }
 
-func checkLabel(label string, rType string, target, domain string, meta map[string]string) error {
+func checkLabel(label string, rType string, domain string, meta map[string]string) error {
 	if label == "@" {
 		return nil
 	}
@@ -142,7 +142,7 @@ func checkLabel(label string, rType string, target, domain string, meta map[stri
 	return nil
 }
 
-func checkSoa(expire uint32, minttl uint32, refresh uint32, retry uint32, serial uint32, mbox string) error {
+func checkSoa(expire uint32, minttl uint32, refresh uint32, retry uint32, mbox string) error {
 	if expire <= 0 {
 		return fmt.Errorf("SOA Expire must be > 0")
 	}
@@ -213,7 +213,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 	case "PTR":
 		check(checkTarget(target))
 	case "SOA":
-		check(checkSoa(rec.SoaExpire, rec.SoaMinttl, rec.SoaRefresh, rec.SoaRetry, rec.SoaSerial, rec.SoaMbox))
+		check(checkSoa(rec.SoaExpire, rec.SoaMinttl, rec.SoaRefresh, rec.SoaRetry, rec.SoaMbox))
 		check(checkTarget(target))
 		if label != "@" {
 			check(fmt.Errorf("SOA record is only valid for bare domain"))
@@ -373,7 +373,7 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 			if err := validateRecordTypes(rec, domain.Name, pTypes); err != nil {
 				errs = append(errs, err)
 			}
-			if err := checkLabel(rec.GetLabel(), rec.Type, rec.GetTargetField(), domain.Name, rec.Metadata); err != nil {
+			if err := checkLabel(rec.GetLabel(), rec.Type, domain.Name, rec.Metadata); err != nil {
 				errs = append(errs, err)
 			}
 
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index dd6a51a0e8..2de0f773e0 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -41,35 +41,34 @@ func TestCheckSoa(t *testing.T) {
 		minttl  uint32
 		refresh uint32
 		retry   uint32
-		serial  uint32
 		mbox    string
 	}{
 		// Expire
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
-		{true, 0, 123, 123, 123, 123, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
+		{true, 0, 123, 123, 123, "foo.bar.com."},
 		// MinTTL
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
-		{true, 123, 0, 123, 123, 123, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
+		{true, 123, 0, 123, 123, "foo.bar.com."},
 		// Refresh
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
-		{true, 123, 123, 0, 123, 123, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
+		{true, 123, 123, 0, 123, "foo.bar.com."},
 		// Retry
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
-		{true, 123, 123, 123, 0, 123, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
+		{true, 123, 123, 123, 0, "foo.bar.com."},
 		// Serial
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
-		{false, 123, 123, 123, 123, 0, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
 		// MBox
-		{true, 123, 123, 123, 123, 123, ""},
-		{true, 123, 123, 123, 123, 123, "foo@bar.com."},
-		{false, 123, 123, 123, 123, 123, "foo.bar.com."},
+		{true, 123, 123, 123, 123, ""},
+		{true, 123, 123, 123, 123, "foo@bar.com."},
+		{false, 123, 123, 123, 123, "foo.bar.com."},
 	}
 
 	for _, test := range tests {
-		experiment := fmt.Sprintf("%d %d %d %d %d %s", test.expire, test.minttl, test.refresh,
-			test.retry, test.serial, test.mbox)
+		experiment := fmt.Sprintf("%d %d %d %d %s", test.expire, test.minttl, test.refresh,
+			test.retry, test.mbox)
 		t.Run(experiment, func(t *testing.T) {
-			err := checkSoa(test.expire, test.minttl, test.refresh, test.retry, test.serial, test.mbox)
+			err := checkSoa(test.expire, test.minttl, test.refresh, test.retry, test.mbox)
 			checkError(t, err, test.isError, experiment)
 		})
 	}
@@ -102,7 +101,7 @@ func TestCheckLabel(t *testing.T) {
 			if test.hasSkipMeta {
 				meta["skip_fqdn_check"] = "true"
 			}
-			err := checkLabel(test.label, test.rType, test.target, "foo.tld", meta)
+			err := checkLabel(test.label, test.rType, "foo.tld", meta)
 			if err != nil && !test.isError {
 				t.Errorf("%02d: Expected no error but got %s", i, err)
 			}

From 30942acee27abdca3315be05d501b7e0798fd6e6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:24:39 -0500
Subject: [PATCH 189/438] fix unused params in: providers/akamaiedgedns

---
 providers/akamaiedgedns/akamaiEdgeDnsService.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/providers/akamaiedgedns/akamaiEdgeDnsService.go b/providers/akamaiedgedns/akamaiEdgeDnsService.go
index b62c898acf..e47b1c20fe 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsService.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsService.go
@@ -186,7 +186,7 @@ func getAuthorities(contractID string) ([]string, error) {
 }
 
 // rcToRs converts DNSControl RecordConfig records to an AkamaiEdgeDNS recordset.
-func rcToRs(records []*models.RecordConfig, zonename string) (*dnsv2.RecordBody, error) {
+func rcToRs(records []*models.RecordConfig) (*dnsv2.RecordBody, error) {
 	if len(records) == 0 {
 		return nil, fmt.Errorf("no records to replace")
 	}
@@ -206,7 +206,7 @@ func rcToRs(records []*models.RecordConfig, zonename string) (*dnsv2.RecordBody,
 
 // createRecordset creates a new AkamaiEdgeDNS recordset in the zone.
 func createRecordset(records []*models.RecordConfig, zonename string) error {
-	akaRecord, err := rcToRs(records, zonename)
+	akaRecord, err := rcToRs(records)
 	if err != nil {
 		return err
 	}
@@ -220,7 +220,7 @@ func createRecordset(records []*models.RecordConfig, zonename string) error {
 
 // replaceRecordset replaces an existing AkamaiEdgeDNS recordset in the zone.
 func replaceRecordset(records []*models.RecordConfig, zonename string) error {
-	akaRecord, err := rcToRs(records, zonename)
+	akaRecord, err := rcToRs(records)
 	if err != nil {
 		return err
 	}
@@ -234,7 +234,7 @@ func replaceRecordset(records []*models.RecordConfig, zonename string) error {
 
 // deleteRecordset deletes an existing AkamaiEdgeDNS recordset in the zone.
 func deleteRecordset(records []*models.RecordConfig, zonename string) error {
-	akaRecord, err := rcToRs(records, zonename)
+	akaRecord, err := rcToRs(records)
 	if err != nil {
 		return err
 	}

From b1c6ddc5baad5cc7eaed9c386d7bdbf20a841189 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:24:50 -0500
Subject: [PATCH 190/438] fix unused params in: providers/azuredns

---
 providers/azuredns/azureDnsProvider.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index abe8c46dda..4d4e033087 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -223,7 +223,7 @@ func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 			corrections = append(corrections, &models.Correction{
 				Msg: msgs,
 				F: func() error {
-					return a.recordDelete(dcn, chaKey, change.Old)
+					return a.recordDelete(dcn, chaKey)
 				},
 			})
 		default:
@@ -271,7 +271,7 @@ retry:
 	return err
 }
 
-func (a *azurednsProvider) recordDelete(zoneName string, reckey models.RecordKey, recs models.Records) error {
+func (a *azurednsProvider) recordDelete(zoneName string, reckey models.RecordKey) error {
 
 	shortName := strings.TrimSuffix(reckey.NameFQDN, "."+zoneName)
 	if shortName == zoneName {

From e9f119df6e1f69118da602a737ceda76727d0a52 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:03 -0500
Subject: [PATCH 191/438] fix unused params in: providers/cscglobal

---
 providers/cscglobal/dns.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/providers/cscglobal/dns.go b/providers/cscglobal/dns.go
index a9724f66d6..41063a8532 100644
--- a/providers/cscglobal/dns.go
+++ b/providers/cscglobal/dns.go
@@ -92,15 +92,15 @@ func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	var edits []zoneResourceRecordEdit
 	var descriptions []string
 	for _, del := range dels {
-		edits = append(edits, makePurge(dc.Name, del))
+		edits = append(edits, makePurge(del))
 		descriptions = append(descriptions, del.String())
 	}
 	for _, cre := range creates {
-		edits = append(edits, makeAdd(dc.Name, cre))
+		edits = append(edits, makeAdd(cre))
 		descriptions = append(descriptions, cre.String())
 	}
 	for _, m := range modifications {
-		edits = append(edits, makeEdit(dc.Name, m))
+		edits = append(edits, makeEdit(m))
 		descriptions = append(descriptions, m.String())
 	}
 	if len(edits) > 0 {
@@ -126,7 +126,7 @@ func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	return corrections, nil
 }
 
-func makePurge(domainname string, cor diff.Correlation) zoneResourceRecordEdit {
+func makePurge(cor diff.Correlation) zoneResourceRecordEdit {
 	var existingTarget string
 
 	switch cor.Existing.Type {
@@ -152,7 +152,7 @@ func makePurge(domainname string, cor diff.Correlation) zoneResourceRecordEdit {
 	return zer
 }
 
-func makeAdd(domainname string, cre diff.Correlation) zoneResourceRecordEdit {
+func makeAdd(cre diff.Correlation) zoneResourceRecordEdit {
 	rec := cre.Desired
 
 	var recTarget string
@@ -192,7 +192,7 @@ func makeAdd(domainname string, cre diff.Correlation) zoneResourceRecordEdit {
 	return zer
 }
 
-func makeEdit(domainname string, m diff.Correlation) zoneResourceRecordEdit {
+func makeEdit(m diff.Correlation) zoneResourceRecordEdit {
 	old, rec := m.Existing, m.Desired
 	// TODO: Assert that old.Type == rec.Type
 	// TODO: Assert that old.Name == rec.Name

From e98187e4d74cfc4c65367f30db1e113f4d3db704 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:12 -0500
Subject: [PATCH 192/438] fix unused params in: providers/azureprivatedns

---
 providers/azureprivatedns/azurePrivateDnsProvider.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index a6484a4405..3d7a293cf6 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -211,7 +211,7 @@ func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 			corrections = append(corrections, &models.Correction{
 				Msg: msgs,
 				F: func() error {
-					return a.recordDelete(dcn, chaKey, change.Old)
+					return a.recordDelete(dcn, chaKey)
 				},
 			})
 		default:
@@ -259,7 +259,7 @@ retry:
 	return err
 }
 
-func (a *azurednsProvider) recordDelete(zoneName string, reckey models.RecordKey, recs models.Records) error {
+func (a *azurednsProvider) recordDelete(zoneName string, reckey models.RecordKey) error {
 
 	shortName := strings.TrimSuffix(reckey.NameFQDN, "."+zoneName)
 	if shortName == zoneName {

From ad2fb7eb1175edcda868ea3fab7e6ba68563f72e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:19 -0500
Subject: [PATCH 193/438] fix unused params in: providers/desec

---
 providers/desec/convert.go       | 2 +-
 providers/desec/desecProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/desec/convert.go b/providers/desec/convert.go
index 3b71b7316e..4d67c3e57d 100644
--- a/providers/desec/convert.go
+++ b/providers/desec/convert.go
@@ -35,7 +35,7 @@ func nativeToRecords(n resourceRecord, origin string) (rcs []*models.RecordConfi
 	return rcs
 }
 
-func recordsToNative(rcs []*models.RecordConfig, origin string) []resourceRecord {
+func recordsToNative(rcs []*models.RecordConfig) []resourceRecord {
 	// Take a list of RecordConfig and return an equivalent list of resourceRecord.
 	// deSEC requires one resourceRecord for each label:key tuple, therefore we
 	// might collapse many RecordConfig into one resourceRecord.
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 4269e3dde8..f813dd634c 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -198,7 +198,7 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 			}
 		} else {
 			//it must be an update or create, both can be done with the same api call.
-			ns := recordsToNative(desiredRecords[label], dc.Name)
+			ns := recordsToNative(desiredRecords[label])
 			if len(ns) > 1 {
 				panic("we got more than one resource record to create / modify")
 			}

From 9d9219ea1475bef0b9555031b910cb0327f4bd70 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:25 -0500
Subject: [PATCH 194/438] fix unused params in: providers/digitalocean

---
 providers/digitalocean/digitaloceanProvider.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 7ae78e34a9..17df1ba8fc 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -195,7 +195,7 @@ func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConf
 		corrections = append(corrections, corr)
 	}
 	for _, m := range toCreate {
-		req := toReq(dc, m.Desired)
+		req := toReq(m.Desired)
 		corr := &models.Correction{
 			Msg: m.String(),
 			F: func() error {
@@ -213,7 +213,7 @@ func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConf
 	}
 	for _, m := range toModify {
 		id := m.Existing.Original.(*godo.DomainRecord).ID
-		req := toReq(dc, m.Desired)
+		req := toReq(m.Desired)
 		corr := &models.Correction{
 			Msg: fmt.Sprintf("%s, DO ID: %d", m.String(), id),
 			F: func() error {
@@ -304,7 +304,7 @@ func toRc(domain string, r *godo.DomainRecord) *models.RecordConfig {
 	return t
 }
 
-func toReq(dc *models.DomainConfig, rc *models.RecordConfig) *godo.DomainRecordEditRequest {
+func toReq(rc *models.RecordConfig) *godo.DomainRecordEditRequest {
 	name := rc.GetLabel()         // DO wants the short name or "@" for apex.
 	target := rc.GetTargetField() // DO uses the target field only for a single value
 	priority := 0                 // DO uses the same property for MX and SRV priority

From e589a8e1fc19a701c36e296a618afa3c18b68f1f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:32 -0500
Subject: [PATCH 195/438] fix unused params in: providers/vultr

---
 providers/vultr/convert_test.go  | 2 +-
 providers/vultr/vultrProvider.go | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/providers/vultr/convert_test.go b/providers/vultr/convert_test.go
index f4d1802c6f..aca7fd9a90 100644
--- a/providers/vultr/convert_test.go
+++ b/providers/vultr/convert_test.go
@@ -65,7 +65,7 @@ func TestConversion(t *testing.T) {
 			t.Error("Error converting Vultr record", record)
 		}
 
-		converted := toVultrRecord(dc, rc, "0")
+		converted := toVultrRecord(rc, "0")
 
 		if converted.Type != record.Type || converted.Name != record.Name || converted.Data != record.Data || (converted.Priority != record.Priority) || converted.TTL != record.TTL {
 			t.Error("Vultr record conversion mismatch", record, rc, converted)
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index c09ec349d5..6ced54dd75 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -137,7 +137,7 @@ func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, cur
 		case diff2.REPORT:
 			corrections = append(corrections, &models.Correction{Msg: change.MsgsJoined})
 		case diff2.CREATE:
-			r := toVultrRecord(dc, change.New[0], "0")
+			r := toVultrRecord(change.New[0], "0")
 			corrections = append(corrections, &models.Correction{
 				Msg: change.Msgs[0],
 				F: func() error {
@@ -146,7 +146,7 @@ func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, cur
 				},
 			})
 		case diff2.CHANGE:
-			r := toVultrRecord(dc, change.New[0], change.Old[0].Original.(govultr.DomainRecord).ID)
+			r := toVultrRecord(change.New[0], change.Old[0].Original.(govultr.DomainRecord).ID)
 			corrections = append(corrections, &models.Correction{
 				Msg: fmt.Sprintf("%s; Vultr RecordID: %v", change.Msgs[0], r.ID),
 				F: func() error {
@@ -271,7 +271,7 @@ func toRecordConfig(domain string, r govultr.DomainRecord) (*models.RecordConfig
 }
 
 // toVultrRecord converts a RecordConfig converted by toRecordConfig back to a Vultr DomainRecordReq. #rtype_variations
-func toVultrRecord(dc *models.DomainConfig, rc *models.RecordConfig, vultrID string) *govultr.DomainRecord {
+func toVultrRecord(rc *models.RecordConfig, vultrID string) *govultr.DomainRecord {
 	name := rc.GetLabel()
 	// Vultr uses a blank string to represent the apex domain.
 	if name == "@" {

From 454f59f3d6b597d5e457d87e2830741242638bc1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:38 -0500
Subject: [PATCH 196/438] fix unused params in: providers/rwth

---
 providers/rwth/api.go | 2 +-
 providers/rwth/dns.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/rwth/api.go b/providers/rwth/api.go
index 34230c2978..643854109d 100644
--- a/providers/rwth/api.go
+++ b/providers/rwth/api.go
@@ -66,7 +66,7 @@ func checkIsLockedSystemRecord(record *models.RecordConfig) error {
 	return nil
 }
 
-func (api *rwthProvider) createRecord(domain string, record *models.RecordConfig) error {
+func (api *rwthProvider) createRecord(record *models.RecordConfig) error {
 	if err := checkIsLockedSystemRecord(record); err != nil {
 		return err
 	}
diff --git a/providers/rwth/dns.go b/providers/rwth/dns.go
index 5ab10d9fc7..cec9189b00 100644
--- a/providers/rwth/dns.go
+++ b/providers/rwth/dns.go
@@ -43,7 +43,7 @@ func (api *rwthProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		des := d.Desired
 		corrections = append(corrections, &models.Correction{
 			Msg: d.String(),
-			F:   func() error { return api.createRecord(dc.Name, des) },
+			F:   func() error { return api.createRecord(des) },
 		})
 	}
 	for _, d := range del {

From 4059ef1572fb79328a63b8da2a0baa710e21cd37 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:48 -0500
Subject: [PATCH 197/438] fix unused params in: providers/dnsmadeeasy

---
 providers/dnsmadeeasy/types.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/dnsmadeeasy/types.go b/providers/dnsmadeeasy/types.go
index 1a4010d3a2..fcd7b767dc 100644
--- a/providers/dnsmadeeasy/types.go
+++ b/providers/dnsmadeeasy/types.go
@@ -140,7 +140,7 @@ func toRecordConfig(domain string, record *recordResponseDataEntry) *models.Reco
 	} else if record.Type == "CAA" {
 		value, unquoteErr := strconv.Unquote(record.Value)
 		if unquoteErr != nil {
-			panic(err)
+			panic(unquoteErr)
 		}
 		err = rc.SetTargetCAA(uint8(record.IssuerCritical), record.CaaType, value)
 	} else {

From a2b0970dee6968f82bd64f57e080434d37fd8b14 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:25:55 -0500
Subject: [PATCH 198/438] fix unused params in: providers/doh

---
 providers/doh/api.go         | 2 +-
 providers/doh/dohProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/doh/api.go b/providers/doh/api.go
index f2d6d69217..25699f2453 100644
--- a/providers/doh/api.go
+++ b/providers/doh/api.go
@@ -31,6 +31,6 @@ func (c *dohProvider) getNameservers(domain string) ([]string, error) {
 	return ns, nil
 }
 
-func (c *dohProvider) updateNameservers(ns []string, domain string) error {
+func (c *dohProvider) updateNameservers(domain string) error {
 	return fmt.Errorf("DNS-over-HTTPS 'Registrar' is read only, changes must be applied to %s manually", domain)
 }
diff --git a/providers/doh/dohProvider.go b/providers/doh/dohProvider.go
index ad9ccd518d..8298145228 100644
--- a/providers/doh/dohProvider.go
+++ b/providers/doh/dohProvider.go
@@ -54,7 +54,7 @@ func (c *dohProvider) GetRegistrarCorrections(dc *models.DomainConfig) ([]*model
 		{
 			Msg: fmt.Sprintf("Update nameservers %s -> %s", foundNameservers, expectedNameservers),
 			F: func() error {
-				return c.updateNameservers(expected, dc.Name)
+				return c.updateNameservers(dc.Name)
 			},
 		},
 	}, nil

From 4a1340b97c9296d4fa05f0d395db666f74dc511d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:26:01 -0500
Subject: [PATCH 199/438] fix unused params in: providers/hexonet

---
 providers/hexonet/records.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/hexonet/records.go b/providers/hexonet/records.go
index 2408b2456b..43dd6d2c0a 100644
--- a/providers/hexonet/records.go
+++ b/providers/hexonet/records.go
@@ -85,7 +85,7 @@ func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual mod
 		changes = true
 		fmt.Fprintln(buf, d)
 		rec := d.Existing.Original.(*HXRecord)
-		params[fmt.Sprintf("DELRR%d", delrridx)] = n.deleteRecordString(rec, dc.Name)
+		params[fmt.Sprintf("DELRR%d", delrridx)] = n.deleteRecordString(rec)
 		delrridx++
 	}
 	for _, chng := range mod {
@@ -93,7 +93,7 @@ func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual mod
 		fmt.Fprintln(buf, chng)
 		old := chng.Existing.Original.(*HXRecord)
 		new := chng.Desired
-		params[fmt.Sprintf("DELRR%d", delrridx)] = n.deleteRecordString(old, dc.Name)
+		params[fmt.Sprintf("DELRR%d", delrridx)] = n.deleteRecordString(old)
 		newRecordString, err := n.createRecordString(new, dc.Name)
 		if err != nil {
 			return corrections, err
@@ -256,6 +256,6 @@ func (n *HXClient) createRecordString(rc *models.RecordConfig, domain string) (s
 	return str, nil
 }
 
-func (n *HXClient) deleteRecordString(record *HXRecord, domain string) string {
+func (n *HXClient) deleteRecordString(record *HXRecord) string {
 	return record.Raw
 }

From 004dc4d15a177a7d414b71f13b3c8d2200f8c4a5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:26:10 -0500
Subject: [PATCH 200/438] fix unused params in: providers/hostingde

---
 providers/hostingde/hostingdeProvider.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index 9410ee4b41..502987c83e 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -178,9 +178,10 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	}
 
 	defaultSoa := &hp.defaultSoa
-	if defaultSoa == nil {
-		defaultSoa = &soaValues{}
-	}
+	// Commented out because this can not happen:
+	// if defaultSoa == nil {
+	// 	defaultSoa = &soaValues{}
+	// }
 
 	newSOA := soaValues{
 		Refresh:     firstNonZero(desiredSoa.SoaRefresh, defaultSoa.Refresh, 86400),

From a51a9f907655d46a4c7fe8bb04034eb7c19d1d57 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:26:20 -0500
Subject: [PATCH 201/438] fix unused params in: providers/oracle

---
 providers/oracle/oracleProvider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index aac6204fc5..48aa9fa008 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -95,7 +95,7 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 	if err == nil {
 		return nil
 	}
-	if err != nil && getResp.RawResponse.StatusCode != 404 {
+	if getResp.RawResponse.StatusCode != 404 {
 		return err
 	}
 

From 570ce5e3c07d7e997b35a19eff7f8b7e74dd8164 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:26:25 -0500
Subject: [PATCH 202/438] fix unused params in: providers/packetframe

---
 providers/packetframe/packetframeProvider.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/packetframe/packetframeProvider.go b/providers/packetframe/packetframeProvider.go
index 82e5565c25..ac8d677425 100644
--- a/providers/packetframe/packetframeProvider.go
+++ b/providers/packetframe/packetframeProvider.go
@@ -114,7 +114,7 @@ func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 	corrections := diff.GenerateMessageCorrections(toReport)
 
 	for _, m := range create {
-		req, err := toReq(zone.ID, dc, m.Desired)
+		req, err := toReq(zone.ID, m.Desired)
 		if err != nil {
 			return nil, err
 		}
@@ -150,7 +150,7 @@ func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 			continue
 		}
 
-		req, _ := toReq(zone.ID, dc, m.Desired)
+		req, _ := toReq(zone.ID, m.Desired)
 		req.ID = original.ID
 		corr := &models.Correction{
 			Msg: m.String(),
@@ -165,7 +165,7 @@ func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 	return corrections, nil
 }
 
-func toReq(zoneID string, dc *models.DomainConfig, rc *models.RecordConfig) (*domainRecord, error) {
+func toReq(zoneID string, rc *models.RecordConfig) (*domainRecord, error) {
 	req := &domainRecord{
 		Type:  rc.Type,
 		TTL:   int(rc.TTL),

From c35e0627557bf8b92ac14ad174a9500e914fc05d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 10:58:38 -0500
Subject: [PATCH 203/438] Revert NS1

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ba57c8d5ee..95df1a8147 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	golang.org/x/net v0.21.0
 	golang.org/x/oauth2 v0.17.0
 	google.golang.org/api v0.167.0
-	gopkg.in/ns1/ns1-go.v2 v2.8.0
+	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
diff --git a/go.sum b/go.sum
index 084233c532..c67d628522 100644
--- a/go.sum
+++ b/go.sum
@@ -575,8 +575,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.8.0 h1:oX8QEHCCvnbTSqnSZRRHiGJsgke8eluTtQhNlPpFZBc=
-gopkg.in/ns1/ns1-go.v2 v2.8.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
+gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From 3920d19ad4a5364324bce0355c72291feeb82af1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Mar 2024 13:03:35 -0500
Subject: [PATCH 204/438] Build(deps): Bump actions/cache from 4.0.0 to 4.0.1
 (#2869)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 22422ff0d2..420ee64990 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v4.0.0
+      uses: actions/cache@v4.0.1
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -187,7 +187,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v4.0.0
+      uses: actions/cache@v4.0.1
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From ce12d892dfeebb8fd7479cbe06ac93edc56c22f8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 20:22:01 -0500
Subject: [PATCH 205/438] deadcode: move sfplib.Lookups to parse_test.go

---
 pkg/spflib/parse.go      | 14 --------------
 pkg/spflib/parse_test.go | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/pkg/spflib/parse.go b/pkg/spflib/parse.go
index bfa549427a..b48f9d6b31 100644
--- a/pkg/spflib/parse.go
+++ b/pkg/spflib/parse.go
@@ -10,20 +10,6 @@ type SPFRecord struct {
 	Parts []*SPFPart
 }
 
-// Lookups returns the number of DNS lookups required by s.
-func (s *SPFRecord) Lookups() int {
-	count := 0
-	for _, p := range s.Parts {
-		if p.IsLookup {
-			count++
-		}
-		if p.IncludeRecord != nil {
-			count += p.IncludeRecord.Lookups()
-		}
-	}
-	return count
-}
-
 // SPFPart stores a part of an SPF record, with attributes.
 type SPFPart struct {
 	Text          string
diff --git a/pkg/spflib/parse_test.go b/pkg/spflib/parse_test.go
index 186d097be9..098e4f7794 100644
--- a/pkg/spflib/parse_test.go
+++ b/pkg/spflib/parse_test.go
@@ -27,6 +27,20 @@ func dump(rec *SPFRecord, indent string, w io.Writer) {
 	}
 }
 
+// Lookups returns the number of DNS lookups required by s.
+func (s *SPFRecord) Lookups() int {
+	count := 0
+	for _, p := range s.Parts {
+		if p.IsLookup {
+			count++
+		}
+		if p.IncludeRecord != nil {
+			count += p.IncludeRecord.Lookups()
+		}
+	}
+	return count
+}
+
 // Print prints an SPFRecord.
 func (s *SPFRecord) Print() string {
 	w := &bytes.Buffer{}

From 51d1c57a8d7397cbc2e6e59793035069fc83f421 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Mar 2024 20:35:10 -0500
Subject: [PATCH 206/438] remove unused parameters

---
 pkg/acme/registration.go                               | 3 ++-
 providers/azureprivatedns/azurePrivateDnsProvider.go   | 2 +-
 providers/bunnydns/bunnydnsProvider.go                 | 1 +
 providers/gandiv5/gandi_v5Provider.go                  | 2 +-
 providers/loopia/loopiaProvider.go                     | 2 +-
 providers/ovh/ovhProvider.go                           | 2 +-
 providers/porkbun/porkbunProvider.go                   | 2 +-
 providers/realtimeregister/realtimeregisterProvider.go | 9 +++++----
 providers/route53/route53Provider.go                   | 2 +-
 9 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/pkg/acme/registration.go b/pkg/acme/registration.go
index 017ca497f5..a6d052a440 100644
--- a/pkg/acme/registration.go
+++ b/pkg/acme/registration.go
@@ -28,7 +28,8 @@ func (c *certManager) getOrCreateAccount() (*Account, error) {
 	return account, err
 }
 
-func (c *certManager) createAccount(email string) (*Account, error) {
+// func (c *certManager) createAccount(email string) (*Account, error) {
+func (c *certManager) createAccount(_ string) (*Account, error) {
 	privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
 	if err != nil {
 		return nil, err
diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index 3d7a293cf6..fdb40e874e 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -31,7 +31,7 @@ func newAzureDNSDsp(conf map[string]string, metadata json.RawMessage) (providers
 	return newAzureDNS(conf, metadata)
 }
 
-func newAzureDNS(m map[string]string, metadata json.RawMessage) (*azurednsProvider, error) {
+func newAzureDNS(m map[string]string, _ json.RawMessage) (*azurednsProvider, error) {
 	subID, rg := m["SubscriptionID"], m["ResourceGroup"]
 	clientID, clientSecret, tenantID := m["ClientID"], m["ClientSecret"], m["TenantID"]
 	credential, authErr := aauth.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
index 407d9b0e35..0b869001a5 100644
--- a/providers/bunnydns/bunnydnsProvider.go
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -3,6 +3,7 @@ package bunnydns
 import (
 	"encoding/json"
 	"fmt"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 )
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 5d661763ac..d2eff6ed16 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -82,7 +82,7 @@ func newReg(conf map[string]string) (providers.Registrar, error) {
 }
 
 // newHelper generates a handle.
-func newHelper(m map[string]string, metadata json.RawMessage) (*gandiv5Provider, error) {
+func newHelper(m map[string]string, _ json.RawMessage) (*gandiv5Provider, error) {
 	api := &gandiv5Provider{}
 	api.apikey = m["apikey"]
 	if api.apikey == "" {
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index 896d123078..edb88d4695 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -78,7 +78,7 @@ func newReg(conf map[string]string) (providers.Registrar, error) {
 }
 
 // newHelper generates a handle.
-func newHelper(m map[string]string, metadata json.RawMessage) (*APIClient, error) {
+func newHelper(m map[string]string, _ json.RawMessage) (*APIClient, error) {
 	if m["username"] == "" {
 		return nil, fmt.Errorf("missing Loopia API username")
 	}
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index c10f00e818..d4c6093a7e 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -31,7 +31,7 @@ var features = providers.DocumentationNotes{
 	providers.DocOfficiallySupported: providers.Cannot(),
 }
 
-func newOVH(m map[string]string, metadata json.RawMessage) (*ovhProvider, error) {
+func newOVH(m map[string]string, _ json.RawMessage) (*ovhProvider, error) {
 	appKey, appSecretKey, consumerKey := m["app-key"], m["app-secret-key"], m["consumer-key"]
 
 	c, err := ovh.NewClient(getOVHEndpoint(m), appKey, appSecretKey, consumerKey)
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 18eec418e7..d0959c67bd 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -34,7 +34,7 @@ func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServ
 }
 
 // newPorkbun creates the provider.
-func newPorkbun(m map[string]string, metadata json.RawMessage) (*porkbunProvider, error) {
+func newPorkbun(m map[string]string, _ json.RawMessage) (*porkbunProvider, error) {
 	c := &porkbunProvider{}
 
 	c.apiKey, c.secretKey = m["api_key"], m["secret_key"]
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index dd49c2c088..070996901a 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -3,14 +3,15 @@ package realtimeregister
 import (
 	"encoding/json"
 	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns/dnsutil"
 	"golang.org/x/exp/slices"
-	"sort"
-	"strconv"
-	"strings"
 )
 
 /*
@@ -54,7 +55,7 @@ func init() {
 	providers.RegisterRegistrarType("REALTIMEREGISTER", newRtrReg)
 }
 
-func newRtr(config map[string]string, metadata json.RawMessage) (*realtimeregisterAPI, error) {
+func newRtr(config map[string]string, _ json.RawMessage) (*realtimeregisterAPI, error) {
 	apikey := config["apikey"]
 	sandbox := config["sandbox"] == "1"
 
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index fb0568e87a..581514b9dd 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -43,7 +43,7 @@ func newRoute53Dsp(conf map[string]string, metadata json.RawMessage) (providers.
 	return newRoute53(conf, metadata)
 }
 
-func newRoute53(m map[string]string, metadata json.RawMessage) (*route53Provider, error) {
+func newRoute53(m map[string]string, _ json.RawMessage) (*route53Provider, error) {
 	optFns := []func(*config.LoadOptions) error{
 		// Route53 uses a global endpoint and route53domains
 		// currently only has a single regional endpoint in us-east-1

From 060e50de4d73f29da308f5ccdc58fe717c9051c8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 12 Mar 2024 12:33:54 -0400
Subject: [PATCH 207/438] CHORE: Update dependencies

---
 go.mod | 50 +++++++++++++++++++++++++-------------------------
 go.sum | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 25 deletions(-)

diff --git a/go.mod b/go.mod
index 95df1a8147..ebb2074a64 100644
--- a/go.mod
+++ b/go.mod
@@ -16,11 +16,11 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.25.2
-	github.com/aws/aws-sdk-go-v2/config v1.27.4
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.4
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1
+	github.com/aws/aws-sdk-go-v2 v1.25.3
+	github.com/aws/aws-sdk-go-v2/config v1.27.7
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.7
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
@@ -33,7 +33,7 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.11.0
+	github.com/hashicorp/vault/api v1.12.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.58
 	github.com/mittwald/go-powerdns v0.6.2
@@ -51,10 +51,10 @@ require (
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.27.1
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.19.0 // indirect
-	golang.org/x/net v0.21.0
-	golang.org/x/oauth2 v0.17.0
-	google.golang.org/api v0.167.0
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.22.0
+	golang.org/x/oauth2 v0.18.0
+	google.golang.org/api v0.169.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -81,15 +81,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 // indirect
 	github.com/aws/smithy-go v1.20.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -112,7 +112,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.1 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -141,18 +141,18 @@ require (
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect
-	go.opentelemetry.io/otel v1.23.0 // indirect
-	go.opentelemetry.io/otel/metric v1.23.0 // indirect
-	go.opentelemetry.io/otel/trace v1.23.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/mod v0.15.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.18.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/grpc v1.61.1 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 // indirect
+	google.golang.org/grpc v1.62.0 // indirect
 	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index c67d628522..c4d8d74e14 100644
--- a/go.sum
+++ b/go.sum
@@ -41,32 +41,56 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
 github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
+github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
+github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
 github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M=
 github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g=
+github.com/aws/aws-sdk-go-v2/config v1.27.7 h1:JSfb5nOQF01iOgxFI5OIKWwDiEXWTyTgg1Mm1mHi0A4=
+github.com/aws/aws-sdk-go-v2/config v1.27.7/go.mod h1:PH0/cNpoMO+B04qET699o5W92Ca79fVtbUnvMIZro4I=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.7 h1:WJd+ubWKoBeRh7A5iNMnxEOs982SyVKOJD+K8HIezu4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.7/go.mod h1:UQi7LMR0Vhvs+44w5ec8Q+VS+cd10cjwgHwiVkE0YGU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 h1:p+y7FvkK2dxS+FEwRIDHDe//ZX+jDhP8HHE50ppj4iI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3/go.mod h1:/fYB+FZbDlwlAiynK9KDXlzZl3ANI9JkD0Uhz5FjNT4=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1 h1:NRKxGOS+FKUA84EfbgkLCleBnfar+eXh5npW/3VgMQk=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1/go.mod h1:7Wa9sIDxey/5b2FK5r1Z6ryVfojt4Nl+VzzpK8q1L+M=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2 h1:YXQQJm3KnxabBHGNU8iC0GSvKRLtUSNUfP2R7L+Z/Tg=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2/go.mod h1:ORinaAeDvAI7L7zPyE2RmG0RpwHKZDaQ7ALO8/dXFtY=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1 h1:XdHygs2iC+GYyM1ItNUzyLSzHH/ixL3xhG+6heaz58o=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1/go.mod h1:/5s6ahOjV5dZcCofvphLSvbMSvv2vBXHB99G6IDPY9Q=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2 h1:TypWfzHKes0zADvTyJEwGsb0BAscUE8Ty0xs/jQM4Dk=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2/go.mod h1:jVbk98+jKo/JiX+qt028oGR6yApccx4ij5FaFUjiIAg=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 h1:XOPfar83RIRPEzfihnp+U6udOveKZJvPQ76SKWrLRHc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.2/go.mod h1:Vv9Xyk1KMHXrR3vNQe8W5LMFdTjSeWk0gBZBzvf3Qa0=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 h1:pi0Skl6mNl2w8qWZXcdOyg197Zsf4G97U7Sso9JXGZE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2/go.mod h1:JYzLoEVeLXk+L4tn1+rrkfhkxl6mLDEVaDSvGq9og90=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 h1:Ppup1nVNAOWbBOrcoOxaxPeEnSFB2RnnQdguhXpmeQk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.4/go.mod h1:+K1rNPVyGxkRuv9NNiaZ4YhBFuyw2MMA9SlIJ1Zlpz8=
 github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
 github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -207,6 +231,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
 github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM=
 github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
+github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA=
+github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -241,6 +267,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.11.0 h1:AChWByeHf4/P9sX3Y1B7vFsQhZO2BgQiCMQ2SA1P1UY=
 github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
+github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4=
+github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -408,12 +436,20 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
 go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E=
 go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0=
+go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
+go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
 go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo=
 go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo=
+go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
+go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
 go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI=
 go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk=
+go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
+go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -424,6 +460,8 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
 golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
@@ -452,9 +490,13 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
+golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
 golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
+golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
+golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -490,6 +532,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -528,6 +572,8 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE=
 google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA=
+google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY=
+google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -541,6 +587,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:
 google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -548,6 +596,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY=
 google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 46ca50ed16defd1e72b2e5b523dd5d4acf31de63 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 12 Mar 2024 12:34:58 -0400
Subject: [PATCH 208/438] CHORE: Update dependencies

---
 go.mod |  3 ++-
 go.sum | 58 +++++++---------------------------------------------------
 2 files changed, 9 insertions(+), 52 deletions(-)

diff --git a/go.mod b/go.mod
index ebb2074a64..46318b9bc3 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,8 @@ toolchain go1.21.1
 
 retract v4.8.0
 
+require github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
@@ -99,7 +101,6 @@ require (
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
diff --git a/go.sum b/go.sum
index c4d8d74e14..a1d734ae15 100644
--- a/go.sum
+++ b/go.sum
@@ -39,56 +39,32 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.25.2 h1:/uiG1avJRgLGiQM9X3qJM8+Qa6KRGK5rRPuXE0HUM+w=
-github.com/aws/aws-sdk-go-v2 v1.25.2/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
 github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
 github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
-github.com/aws/aws-sdk-go-v2/config v1.27.4 h1:AhfWb5ZwimdsYTgP7Od8E9L1u4sKmDW2ZVeLcf2O42M=
-github.com/aws/aws-sdk-go-v2/config v1.27.4/go.mod h1:zq2FFXK3A416kiukwpsd+rD4ny6JC7QSkp4QdN1Mp2g=
 github.com/aws/aws-sdk-go-v2/config v1.27.7 h1:JSfb5nOQF01iOgxFI5OIKWwDiEXWTyTgg1Mm1mHi0A4=
 github.com/aws/aws-sdk-go-v2/config v1.27.7/go.mod h1:PH0/cNpoMO+B04qET699o5W92Ca79fVtbUnvMIZro4I=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.4 h1:h5Vztbd8qLppiPwX+y0Q6WiwMZgpd9keKe2EAENgAuI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.4/go.mod h1:+30tpwrkOgvkJL1rUZuRLoxcJwtI/OkeBLYnHxJtVe0=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.7 h1:WJd+ubWKoBeRh7A5iNMnxEOs982SyVKOJD+K8HIezu4=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.7/go.mod h1:UQi7LMR0Vhvs+44w5ec8Q+VS+cd10cjwgHwiVkE0YGU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2 h1:AK0J8iYBFeUk2Ax7O8YpLtFsfhdOByh2QIkHmigpRYk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.2/go.mod h1:iRlGzMix0SExQEviAyptRWRGdYNo3+ufW/lCzvKVTUc=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 h1:p+y7FvkK2dxS+FEwRIDHDe//ZX+jDhP8HHE50ppj4iI=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3/go.mod h1:/fYB+FZbDlwlAiynK9KDXlzZl3ANI9JkD0Uhz5FjNT4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2 h1:bNo4LagzUKbjdxE0tIcR9pMzLR2U/Tgie1Hq1HQ3iH8=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.2/go.mod h1:wRQv0nN6v9wDXuWThpovGQjqF1HFdcgWjporw14lS8k=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2 h1:EtOU5jsPdIQNP+6Q2C5e3d65NKT1PeCiQk+9OdzO12Q=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.2/go.mod h1:tyF5sKccmDz0Bv4NrstEr+/9YkSPJHrcO7UsUKf7pWM=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2 h1:5ffmXjPtwRExp1zc7gENLgCPyHFbhEPwVTkTiH9niSk=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.2/go.mod h1:Ru7vg1iQ7cR4i7SZ/JTLYN9kaXtbL69UdgG0OQWQxW0=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1 h1:NRKxGOS+FKUA84EfbgkLCleBnfar+eXh5npW/3VgMQk=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.1/go.mod h1:7Wa9sIDxey/5b2FK5r1Z6ryVfojt4Nl+VzzpK8q1L+M=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2 h1:YXQQJm3KnxabBHGNU8iC0GSvKRLtUSNUfP2R7L+Z/Tg=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2/go.mod h1:ORinaAeDvAI7L7zPyE2RmG0RpwHKZDaQ7ALO8/dXFtY=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1 h1:XdHygs2iC+GYyM1ItNUzyLSzHH/ixL3xhG+6heaz58o=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.1/go.mod h1:/5s6ahOjV5dZcCofvphLSvbMSvv2vBXHB99G6IDPY9Q=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2 h1:TypWfzHKes0zADvTyJEwGsb0BAscUE8Ty0xs/jQM4Dk=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2/go.mod h1:jVbk98+jKo/JiX+qt028oGR6yApccx4ij5FaFUjiIAg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.1 h1:utEGkfdQ4L6YW/ietH7111ZYglLJvS+sLriHJ1NBJEQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.1/go.mod h1:RsYqzYr2F2oPDdpy+PdhephuZxTfjHQe7SOBcZGoAU8=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 h1:XOPfar83RIRPEzfihnp+U6udOveKZJvPQ76SKWrLRHc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.2/go.mod h1:Vv9Xyk1KMHXrR3vNQe8W5LMFdTjSeWk0gBZBzvf3Qa0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1 h1:9/GylMS45hGGFCcMrUZDVayQE1jYSIN6da9jo7RAYIw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.1/go.mod h1:YjAPFn4kGFqKC54VsHs5fn5B6d+PCY2tziEa3U/GB5Y=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 h1:pi0Skl6mNl2w8qWZXcdOyg197Zsf4G97U7Sso9JXGZE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2/go.mod h1:JYzLoEVeLXk+L4tn1+rrkfhkxl6mLDEVaDSvGq9og90=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.1 h1:3I2cBEYgKhrWlwyZgfpSO2BpaMY1LHPqXYk/QGlu2ew=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.1/go.mod h1:uQ7YYKZt3adCRrdCBREm1CD3efFLOUNH77MrUCvx5oA=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 h1:Ppup1nVNAOWbBOrcoOxaxPeEnSFB2RnnQdguhXpmeQk=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.4/go.mod h1:+K1rNPVyGxkRuv9NNiaZ4YhBFuyw2MMA9SlIJ1Zlpz8=
 github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
@@ -157,8 +133,8 @@ github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
-github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
-github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
+github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
+github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -213,6 +189,7 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -229,8 +206,6 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM=
-github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
 github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA=
 github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -265,8 +240,6 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.11.0 h1:AChWByeHf4/P9sX3Y1B7vFsQhZO2BgQiCMQ2SA1P1UY=
-github.com/hashicorp/vault/api v1.11.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
 github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4=
 github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
@@ -434,31 +407,21 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E=
-go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0=
 go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
 go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
-go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo=
-go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo=
 go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
 go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI=
-go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk=
 go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
@@ -488,13 +451,10 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
 golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ=
-golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA=
 golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
 golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -530,7 +490,7 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
@@ -539,6 +499,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -570,8 +532,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.167.0 h1:CKHrQD1BLRii6xdkatBDXyKzM0mkawt2QP+H3LtPmSE=
-google.golang.org/api v0.167.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA=
 google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY=
 google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -585,8 +545,6 @@ google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUb
 google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M=
 google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A=
 google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -594,8 +552,6 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY=
-google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs=
 google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
 google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=

From 2e5d01e66fc14b5ea85121782b0b7be056a5fd82 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 18 Mar 2024 07:43:16 -0400
Subject: [PATCH 209/438] SECURITY: Fix protobuf security issue (#2875)

---
 go.mod | 3 ++-
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 46318b9bc3..5148af07fb 100644
--- a/go.mod
+++ b/go.mod
@@ -8,6 +8,8 @@ retract v4.8.0
 
 require github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 
+require google.golang.org/protobuf v1.33.0 // indirect
+
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
@@ -154,7 +156,6 @@ require (
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 // indirect
 	google.golang.org/grpc v1.62.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index a1d734ae15..eb4cf77d0a 100644
--- a/go.sum
+++ b/go.sum
@@ -566,8 +566,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
-google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From e52ec54453dd2e1689fe0036cfc3feac703503a9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 18 Mar 2024 18:30:09 -0400
Subject: [PATCH 210/438] Remove unused CantUseNOPURGE capability (#2877)

---
 build/generate/featureMatrix.go               |  25 ++---
 documentation/providers.md                    | 104 +++++++++---------
 pkg/normalize/validate.go                     |   8 +-
 .../akamaiedgedns/akamaiEdgeDnsProvider.go    |   1 -
 providers/autodns/autoDnsProvider.go          |   2 +
 providers/axfrddns/axfrddnsProvider.go        |   5 +-
 providers/azuredns/azureDnsProvider.go        |   2 +
 .../azurePrivateDnsProvider.go                |   2 +
 providers/bind/bindProvider.go                |   3 +-
 providers/bunnydns/bunnydnsProvider.go        |   2 +
 providers/capabilities.go                     |   6 -
 providers/capability_string.go                |  11 +-
 providers/cloudflare/cloudflareProvider.go    |   2 +
 providers/cloudns/cloudnsProvider.go          |   3 +-
 providers/cscglobal/cscglobalProvider.go      |   2 +
 providers/desec/desecProvider.go              |   2 +
 .../digitalocean/digitaloceanProvider.go      |   2 +
 providers/dnsimple/dnsimpleProvider.go        |   2 +
 providers/dnsmadeeasy/dnsMadeEasyProvider.go  |   2 +
 .../domainnameshop/domainnameshopProvider.go  |   2 +
 providers/exoscale/exoscaleProvider.go        |   2 +
 providers/gandiv5/gandi_v5Provider.go         |   3 +-
 providers/gcloud/gcloudProvider.go            |   2 +
 providers/gcore/gcoreProvider.go              |   2 +
 providers/hedns/hednsProvider.go              |   2 +
 providers/hetzner/hetznerProvider.go          |   2 +
 providers/hexonet/hexonetProvider.go          |   3 +-
 providers/hostingde/hostingdeProvider.go      |   2 +
 providers/inwx/inwxProvider.go                |   2 +
 providers/linode/linodeProvider.go            |   2 +
 providers/loopia/loopiaProvider.go            |   2 +
 providers/luadns/luadnsProvider.go            |   2 +
 providers/msdns/msdnsProvider.go              |   2 +
 .../mythicbeasts/mythicbeastsProvider.go      |   4 +-
 providers/namecheap/namecheapProvider.go      |   3 +-
 providers/namedotcom/namedotcomProvider.go    |   2 +
 providers/netcup/netcupProvider.go            |   2 +
 providers/netlify/netlifyProvider.go          |   2 +
 providers/ns1/ns1Provider.go                  |   2 +
 providers/oracle/oracleProvider.go            |   2 +
 providers/ovh/ovhProvider.go                  |   2 +
 providers/packetframe/packetframeProvider.go  |   2 +
 providers/porkbun/porkbunProvider.go          |   2 +
 providers/powerdns/powerdnsProvider.go        |   2 +
 .../realtimeregisterProvider.go               |   4 +-
 providers/route53/route53Provider.go          |   2 +
 providers/rwth/rwthProvider.go                |   2 +
 providers/softlayer/softlayerProvider.go      |   2 +
 providers/transip/transipProvider.go          |   2 +
 providers/vultr/vultrProvider.go              |   2 +
 50 files changed, 164 insertions(+), 91 deletions(-)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index e204728e04..5ffa07a125 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -90,7 +90,6 @@ func matrixData() *FeatureMatrix {
 		DomainModifierDhcid  = "[`DHCID`](functions/domain/DHCID.md)"
 		DualHost             = "dual host"
 		CreateDomains        = "create-domains"
-		NoPurge              = "[`NO_PURGE`](functions/domain/NO_PURGE.md)"
 		GetZones             = "get-zones"
 	)
 
@@ -114,7 +113,7 @@ func matrixData() *FeatureMatrix {
 			DomainModifierDhcid,
 			DualHost,
 			CreateDomains,
-			NoPurge,
+			//NoPurge,
 			GetZones,
 		},
 	}
@@ -233,17 +232,17 @@ func matrixData() *FeatureMatrix {
 			false,
 		)
 
-		// no purge is a freaky double negative
-		cantUseNOPURGE := providers.CantUseNOPURGE
-		if providerNotes[cantUseNOPURGE] != nil {
-			featureMap[NoPurge] = providerNotes[cantUseNOPURGE]
-		} else {
-			featureMap.SetSimple(
-				NoPurge,
-				false,
-				func() bool { return !providers.ProviderHasCapability(providerName, cantUseNOPURGE) },
-			)
-		}
+		//		// no purge is a freaky double negative
+		//		cantUseNOPURGE := providers.CantUseNOPURGE
+		//		if providerNotes[cantUseNOPURGE] != nil {
+		//			featureMap[NoPurge] = providerNotes[cantUseNOPURGE]
+		//		} else {
+		//			featureMap.SetSimple(
+		//				NoPurge,
+		//				false,
+		//				func() bool { return !providers.ProviderHasCapability(providerName, cantUseNOPURGE) },
+		//			)
+		//		}
 		matrix.Providers[providerName] = featureMap
 	}
 	return matrix
diff --git a/documentation/providers.md b/documentation/providers.md
index c925152b4f..5793739ca3 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,58 +12,58 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | [`NO_PURGE`](functions/domain/NO_PURGE.md) | get-zones |
-| ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | ------------------------------------------ | --------- |
-| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ❌ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ |
-| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ✅ |
-| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ |
-| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
-| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❌ |
-| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
-| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ | ✅ |
-| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ❔ |
-| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
+| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index d7f66bd6b6..96095ddee4 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -321,10 +321,10 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 				// be performed.
 				continue
 			}
-			// If NO_PURGE is in use, make sure this *isn't* a provider that *doesn't* support NO_PURGE.
-			if domain.KeepUnknown && providers.ProviderHasCapability(pType, providers.CantUseNOPURGE) {
-				errs = append(errs, fmt.Errorf("%s uses NO_PURGE which is not supported by %s(%s)", domain.Name, provider.Name, pType))
-			}
+			//			// If NO_PURGE is in use, make sure this *isn't* a provider that *doesn't* support NO_PURGE.
+			//			if domain.KeepUnknown && providers.ProviderHasCapability(pType, providers.CantUseNOPURGE) {
+			//				errs = append(errs, fmt.Errorf("%s uses NO_PURGE which is not supported by %s(%s)", domain.Name, provider.Name, pType))
+			//			}
 		}
 
 		// Normalize Nameservers.
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index ce3e6df741..63336ce483 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -37,7 +37,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Cannot(),
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 91d6f65f86..d29154fa6c 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -15,6 +15,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index e05bd4415f..c81311eff2 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -37,17 +37,18 @@ const (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("Just warn when DNSSEC is requested but no RRSIG is found in the AXFR or warn when DNSSEC is not requested but RRSIG are found in the AXFR."),
 	providers.CanGetZones:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CanUseDHCID:            providers.Can(),
-	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot(),
 	providers.DocDualHost:            providers.Cannot(),
 	providers.DocOfficiallySupported: providers.Cannot(),
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 4d4e033087..92094e9af5 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -63,6 +63,8 @@ func newAzureDNS(m map[string]string, metadata json.RawMessage) (*azurednsProvid
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
 	providers.CanUseAzureAlias:       providers.Can(),
diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index fdb40e874e..72325fb012 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -63,6 +63,8 @@ func newAzureDNS(m map[string]string, _ json.RawMessage) (*azurednsProvider, err
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
 	providers.CanUseAzureAlias:       providers.Can(),
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 46f22f2091..125eec4d21 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -30,6 +30,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("Just writes out a comment indicating DNSSEC was requested"),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
@@ -42,7 +44,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Can("Driver just maintains list of zone files. It should automatically add missing ones."),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Can(),
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
index 0b869001a5..038a13adbb 100644
--- a/providers/bunnydns/bunnydnsProvider.go
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -9,6 +9,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 5af2817ca5..9d122a7e0d 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -67,12 +67,6 @@ const (
 	// CanUseTLSA indicates the provider can handle TLSA records
 	CanUseTLSA
 
-	// CantUseNOPURGE indicates NO_PURGE is broken for this provider. To make it
-	// work would require complex emulation of an incremental update mechanism,
-	// so it is easier to simply mark this feature as not working for this
-	// provider.
-	CantUseNOPURGE
-
 	// DocCreateDomains means provider can add domains with the `dnscontrol create-domains` command
 	DocCreateDomains
 
diff --git a/providers/capability_string.go b/providers/capability_string.go
index 1363be8dd6..83872aef61 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -25,15 +25,14 @@ func _() {
 	_ = x[CanUseSRV-14]
 	_ = x[CanUseSSHFP-15]
 	_ = x[CanUseTLSA-16]
-	_ = x[CantUseNOPURGE-17]
-	_ = x[DocCreateDomains-18]
-	_ = x[DocDualHost-19]
-	_ = x[DocOfficiallySupported-20]
+	_ = x[DocCreateDomains-17]
+	_ = x[DocDualHost-18]
+	_ = x[DocOfficiallySupported-19]
 }
 
-const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACantUseNOPURGEDocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint16{0, 13, 24, 39, 50, 66, 75, 86, 94, 113, 122, 133, 142, 160, 169, 178, 189, 199, 213, 229, 240, 262}
+var _Capability_index = [...]uint8{0, 13, 24, 39, 50, 66, 75, 86, 94, 113, 122, 133, 142, 160, 169, 178, 189, 199, 215, 226, 248}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 73613dd5aa..cab71764e9 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -40,6 +40,8 @@ Domain level metadata available:
 */
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index ab79ef1cb4..2e95e8f3fa 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -38,7 +38,8 @@ func NewCloudns(m map[string]string, metadata json.RawMessage) (providers.DNSSer
 }
 
 var features = providers.DocumentationNotes{
-	//providers.CanUseDS:               providers.Can(), // in ClouDNS we can add  DS record just for a subdomain(child)
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/cscglobal/cscglobalProvider.go b/providers/cscglobal/cscglobalProvider.go
index 4515a84cde..0387de2bd4 100644
--- a/providers/cscglobal/cscglobalProvider.go
+++ b/providers/cscglobal/cscglobalProvider.go
@@ -25,6 +25,8 @@ type providerClient struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index f813dd634c..56e9ba3643 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -37,6 +37,8 @@ func NewDeSec(m map[string]string, metadata json.RawMessage) (providers.DNSServi
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("deSEC always signs all records. When trying to disable, a notice is printed."),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Unimplemented("Apex aliasing is supported via new SVCB and HTTPS record types. For details, check the deSEC docs."),
diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 17df1ba8fc..1e30197bdb 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -70,6 +70,8 @@ retry:
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index 7cade69185..6599f511b7 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -20,6 +20,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/dnsmadeeasy/dnsMadeEasyProvider.go b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
index 2917ad82e1..38d165a9f8 100644
--- a/providers/dnsmadeeasy/dnsMadeEasyProvider.go
+++ b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
@@ -12,6 +12,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/domainnameshop/domainnameshopProvider.go b/providers/domainnameshop/domainnameshopProvider.go
index a3b9e1677b..2086867238 100644
--- a/providers/domainnameshop/domainnameshopProvider.go
+++ b/providers/domainnameshop/domainnameshopProvider.go
@@ -23,6 +23,8 @@ type domainNameShopProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),                                     // Maybe there is support for it
 	providers.CanGetZones:            providers.Unimplemented(),                              //
 	providers.CanUseAlias:            providers.Unimplemented("Needs custom implementation"), // Can possibly be implemented, needs further research
diff --git a/providers/exoscale/exoscaleProvider.go b/providers/exoscale/exoscaleProvider.go
index 491e3e7be3..dab9dde02f 100644
--- a/providers/exoscale/exoscaleProvider.go
+++ b/providers/exoscale/exoscaleProvider.go
@@ -54,6 +54,8 @@ func NewExoscale(m map[string]string, metadata json.RawMessage) (providers.DNSSe
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index d2eff6ed16..6129953cd2 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -44,6 +44,8 @@ func init() {
 
 // features declares which features and options are available.
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can("Only on the bare domain. Otherwise CNAME will be substituted"),
 	providers.CanUseCAA:              providers.Can(),
@@ -54,7 +56,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot("Can only manage domains registered through their service"),
 	providers.DocOfficiallySupported: providers.Cannot(),
 }
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index c1f4b590c5..bd5d281173 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -23,6 +23,8 @@ import (
 const selfLinkBasePath = "https://www.googleapis.com/compute/v1/projects/"
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index 357c7c4b0b..fdde7a4e63 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -41,6 +41,8 @@ func NewGCore(m map[string]string, metadata json.RawMessage) (providers.DNSServi
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index da506439b4..4f9fa0ac66 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -42,6 +42,8 @@ Additionally
 */
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index fb638f39e4..7efce1b379 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -11,6 +11,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index a45c2e39cb..bc4730ab98 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -23,6 +23,8 @@ type HXClient struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
 	providers.CanUseAlias:            providers.Cannot("Using ALIAS is possible through our extended DNS (X-DNS) service. Feel free to get in touch with us."),
 	providers.CanUseCAA:              providers.Can(),
@@ -30,7 +32,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can("SRV records with empty targets are not supported"),
 	providers.CanUseTLSA:             providers.Can(),
-	providers.CantUseNOPURGE:         providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Cannot("Actively maintained provider module."),
diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index 502987c83e..a9d671b57b 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -16,6 +16,8 @@ import (
 var defaultNameservers = []string{"ns1.hosting.de", "ns2.hosting.de", "ns3.hosting.de"}
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index f615d80829..c006277268 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -41,6 +41,8 @@ var InwxSandboxDefaultNs = []string{"ns.ote.inwx.de", "ns2.ote.inwx.de"}
 
 // features is used to let dnscontrol know which features are supported by INWX.
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Unimplemented("Supported by INWX but not implemented yet."),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("INWX does not support the ALIAS or ANAME record type."),
diff --git a/providers/linode/linodeProvider.go b/providers/linode/linodeProvider.go
index de3b4cd523..fb18da6acc 100644
--- a/providers/linode/linodeProvider.go
+++ b/providers/linode/linodeProvider.go
@@ -88,6 +88,8 @@ func NewLinode(m map[string]string, metadata json.RawMessage) (providers.DNSServ
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseCAA:              providers.Can("Linode doesn't support changing the CAA flag"),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index edb88d4695..2846bf045a 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -43,6 +43,8 @@ func init() {
 
 // features declares which features and options are available.
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAKAMAICDN:        providers.Cannot(),
diff --git a/providers/luadns/luadnsProvider.go b/providers/luadns/luadnsProvider.go
index 2359175052..1f8f4d21e4 100644
--- a/providers/luadns/luadnsProvider.go
+++ b/providers/luadns/luadnsProvider.go
@@ -19,6 +19,8 @@ Info required in `creds.json`:
 */
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/msdns/msdnsProvider.go b/providers/msdns/msdnsProvider.go
index b8fffc5784..c62f83d290 100644
--- a/providers/msdns/msdnsProvider.go
+++ b/providers/msdns/msdnsProvider.go
@@ -19,6 +19,8 @@ type msdnsProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Cannot(),
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index 7a8c0e4b1e..f19ebc4f8a 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -30,13 +30,15 @@ type mythicBeastsProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Can(),
-	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Cannot("Requires domain registered through Web UI"),
 	providers.DocDualHost:            providers.Can(),
diff --git a/providers/namecheap/namecheapProvider.go b/providers/namecheap/namecheapProvider.go
index ddbc2a0273..66f3faa322 100644
--- a/providers/namecheap/namecheapProvider.go
+++ b/providers/namecheap/namecheapProvider.go
@@ -26,6 +26,8 @@ type namecheapProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
@@ -33,7 +35,6 @@ var features = providers.DocumentationNotes{
 	providers.CanUsePTR:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Cannot("The namecheap web console allows you to make SRV records, but their api does not let you read or set them"),
 	providers.CanUseTLSA:             providers.Cannot(),
-	providers.CantUseNOPURGE:         providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot("Requires domain registered through their service"),
 	providers.DocDualHost:            providers.Cannot("Doesn't allow control of apex NS records"),
 	providers.DocOfficiallySupported: providers.Cannot(),
diff --git a/providers/namedotcom/namedotcomProvider.go b/providers/namedotcom/namedotcomProvider.go
index 9e10f5e137..a56195eff1 100644
--- a/providers/namedotcom/namedotcomProvider.go
+++ b/providers/namedotcom/namedotcomProvider.go
@@ -21,6 +21,8 @@ type namedotcomProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/netcup/netcupProvider.go b/providers/netcup/netcupProvider.go
index 2fa866b319..31c1972060 100644
--- a/providers/netcup/netcupProvider.go
+++ b/providers/netcup/netcupProvider.go
@@ -10,6 +10,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index 2bdb1c1e8e..f00f44884c 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -12,6 +12,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 78c466252e..b29eb0c107 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -16,6 +16,8 @@ import (
 )
 
 var docNotes = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 48aa9fa008..8486c7142b 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -16,6 +16,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index d4c6093a7e..93c65a3e30 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -18,6 +18,8 @@ type ovhProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/packetframe/packetframeProvider.go b/providers/packetframe/packetframeProvider.go
index ac8d677425..a3f321712a 100644
--- a/providers/packetframe/packetframeProvider.go
+++ b/providers/packetframe/packetframeProvider.go
@@ -39,6 +39,8 @@ func newPacketframe(m map[string]string, metadata json.RawMessage) (providers.DN
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index d0959c67bd..5576b57955 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -52,6 +52,8 @@ func newPorkbun(m map[string]string, _ json.RawMessage) (*porkbunProvider, error
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/powerdns/powerdnsProvider.go b/providers/powerdns/powerdnsProvider.go
index 7fbbe3c859..48fcef0919 100644
--- a/providers/powerdns/powerdnsProvider.go
+++ b/providers/powerdns/powerdnsProvider.go
@@ -12,6 +12,8 @@ import (
 )
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can("Needs to be enabled in PowerDNS first", "https://doc.powerdns.com/authoritative/guides/alias.html"),
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index 070996901a..c476e09e05 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -26,6 +26,8 @@ Additional settings available in `creds.json`:
 */
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
@@ -36,9 +38,9 @@ var features = providers.DocumentationNotes{
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUseSOA:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
-	providers.CanUseSOA:              providers.Cannot(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Cannot(),
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index 581514b9dd..a51e775d60 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -76,6 +76,8 @@ func newRoute53(m map[string]string, _ json.RawMessage) (*route53Provider, error
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("R53 does not provide a generic ALIAS functionality. Use R53_ALIAS instead."),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/rwth/rwthProvider.go b/providers/rwth/rwthProvider.go
index 9ba1a4f638..aa46365045 100644
--- a/providers/rwth/rwthProvider.go
+++ b/providers/rwth/rwthProvider.go
@@ -14,6 +14,8 @@ type rwthProvider struct {
 
 // features is used to let dnscontrol know which features are supported by the RWTH DNS Admin.
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Unimplemented("Supported by RWTH but not implemented yet."),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
diff --git a/providers/softlayer/softlayerProvider.go b/providers/softlayer/softlayerProvider.go
index a47d432a6f..f647f78301 100644
--- a/providers/softlayer/softlayerProvider.go
+++ b/providers/softlayer/softlayerProvider.go
@@ -22,6 +22,8 @@ type softlayerProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones: providers.Unimplemented(),
 	providers.CanUseLOC:   providers.Cannot(),
 	providers.CanUseSRV:   providers.Can(),
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index ed2e6e6a77..dbbb58021c 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -29,6 +29,8 @@ type transipProvider struct {
 }
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index 6ced54dd75..a63cdad6ea 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -26,6 +26,8 @@ Info required in `creds.json`:
 */
 
 var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),

From 4765f402bd368d71f1db7c43b44b5ed67ff975e8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 20 Mar 2024 12:36:54 -0400
Subject: [PATCH 211/438] FEATURE: New capability: Can provider run
 concurrently (#2876)

---
 build/generate/featureMatrix.go               |   6 +
 documentation/providers.md                    | 104 +++++++++---------
 .../akamaiedgedns/akamaiEdgeDnsProvider.go    |   1 +
 providers/autodns/autoDnsProvider.go          |   1 +
 providers/axfrddns/axfrddnsProvider.go        |   1 +
 providers/azuredns/azureDnsProvider.go        |   1 +
 .../azurePrivateDnsProvider.go                |   1 +
 providers/bind/bindProvider.go                |   1 +
 providers/bunnydns/bunnydnsProvider.go        |   1 +
 providers/capabilities.go                     |   6 +
 providers/capability_string.go                |  43 ++++----
 providers/cloudflare/cloudflareProvider.go    |   1 +
 providers/cloudns/cloudnsProvider.go          |   1 +
 providers/cscglobal/cscglobalProvider.go      |   1 +
 providers/desec/desecProvider.go              |   1 +
 .../digitalocean/digitaloceanProvider.go      |   1 +
 providers/dnsimple/dnsimpleProvider.go        |   1 +
 providers/dnsmadeeasy/dnsMadeEasyProvider.go  |   1 +
 providers/doh/dohProvider.go                  |   8 +-
 .../domainnameshop/domainnameshopProvider.go  |   5 +-
 providers/dynadot/dynadotProvider.go          |   8 +-
 providers/easyname/easynameProvider.go        |   8 +-
 providers/exoscale/exoscaleProvider.go        |   1 +
 providers/gandiv5/gandi_v5Provider.go         |   1 +
 providers/gcloud/gcloudProvider.go            |   1 +
 providers/gcore/gcoreProvider.go              |   1 +
 providers/hedns/hednsProvider.go              |   1 +
 providers/hetzner/hetznerProvider.go          |   1 +
 providers/hexonet/hexonetProvider.go          |   1 +
 providers/hostingde/hostingdeProvider.go      |   1 +
 providers/internetbs/internetbsProvider.go    |   8 +-
 providers/inwx/inwxProvider.go                |   1 +
 providers/linode/linodeProvider.go            |   1 +
 providers/loopia/loopiaProvider.go            |   1 +
 providers/luadns/luadnsProvider.go            |   1 +
 providers/msdns/msdnsProvider.go              |   1 +
 .../mythicbeasts/mythicbeastsProvider.go      |   1 +
 providers/namecheap/namecheapProvider.go      |   1 +
 providers/namedotcom/namedotcomProvider.go    |   1 +
 providers/netcup/netcupProvider.go            |   1 +
 providers/netlify/netlifyProvider.go          |   1 +
 providers/ns1/ns1Provider.go                  |   1 +
 providers/opensrs/opensrsProvider.go          |   8 +-
 providers/oracle/oracleProvider.go            |   1 +
 providers/ovh/ovhProvider.go                  |   1 +
 providers/packetframe/packetframeProvider.go  |   1 +
 providers/porkbun/porkbunProvider.go          |   1 +
 providers/powerdns/powerdnsProvider.go        |   1 +
 .../realtimeregisterProvider.go               |   1 +
 providers/route53/route53Provider.go          |   1 +
 providers/rwth/rwthProvider.go                |   1 +
 providers/softlayer/softlayerProvider.go      |   1 +
 providers/transip/transipProvider.go          |   1 +
 providers/vultr/vultrProvider.go              |   1 +
 54 files changed, 168 insertions(+), 80 deletions(-)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index 5ffa07a125..ed83c375ce 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -76,6 +76,7 @@ func matrixData() *FeatureMatrix {
 		OfficialSupport      = "Official Support" // vs. community supported
 		ProviderDNSProvider  = "DNS Provider"
 		ProviderRegistrar    = "Registrar"
+		ProviderThreadSafe   = "Concurrency Verified"
 		DomainModifierAlias  = "[`ALIAS`](functions/domain/ALIAS.md)"
 		DomainModifierCaa    = "[`CAA`](functions/domain/CAA.md)"
 		DomainModifierDnssec = "[`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md)"
@@ -99,6 +100,7 @@ func matrixData() *FeatureMatrix {
 			OfficialSupport,
 			ProviderDNSProvider,
 			ProviderRegistrar,
+			ProviderThreadSafe,
 			DomainModifierAlias,
 			DomainModifierCaa,
 			DomainModifierDnssec,
@@ -169,6 +171,10 @@ func matrixData() *FeatureMatrix {
 			false,
 			func() bool { return providers.RegistrarTypes[providerName] != nil },
 		)
+		setCapability(
+			ProviderThreadSafe,
+			providers.CanConcur,
+		)
 		setCapability(
 			DomainModifierAlias,
 			providers.CanUseAlias,
diff --git a/documentation/providers.md b/documentation/providers.md
index 5793739ca3..5626be138c 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,58 +12,58 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | get-zones |
-| ------------- | ---------------- | ------------ | --------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
-| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
-| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ |
-| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
-| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
+| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index 63336ce483..59da28e5ec 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -25,6 +25,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAKAMAICDN:        providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index d29154fa6c..6dfb1d341e 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -18,6 +18,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index c81311eff2..7ba2839768 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -41,6 +41,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("Just warn when DNSSEC is requested but no RRSIG is found in the AXFR or warn when DNSSEC is not requested but RRSIG are found in the AXFR."),
 	providers.CanGetZones:            providers.Cannot(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 92094e9af5..849f8f5b0a 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -66,6 +66,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
 	providers.CanUseAzureAlias:       providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index 72325fb012..6e72bec7b2 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -66,6 +66,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
 	providers.CanUseAzureAlias:       providers.Can(),
 	providers.CanUseCAA:              providers.Cannot("Azure Private DNS does not support CAA records"),
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 125eec4d21..d4bc591dc1 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -34,6 +34,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("Just writes out a comment indicating DNSSEC was requested"),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
index 038a13adbb..de9d899bbf 100644
--- a/providers/bunnydns/bunnydnsProvider.go
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -13,6 +13,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Cannot(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 9d122a7e0d..f0baa2d3ed 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -17,6 +17,12 @@ const (
 	// so folks can ask for that.
 	CanAutoDNSSEC Capability = iota
 
+	// CanConcur indicates the provider can be used concurrently.  Can()
+	// indicates that it has been tested and shown to work concurrently.
+	// Cannot() indicates it has not been tested OR it has been shown to not
+	// work when used concurrently.  The default is Cannot().
+	CanConcur
+
 	// CanGetZones indicates the provider supports the get-zones subcommand.
 	CanGetZones
 
diff --git a/providers/capability_string.go b/providers/capability_string.go
index 83872aef61..d14c8ae87e 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -9,30 +9,31 @@ func _() {
 	// Re-run the stringer command to generate them again.
 	var x [1]struct{}
 	_ = x[CanAutoDNSSEC-0]
-	_ = x[CanGetZones-1]
-	_ = x[CanUseAKAMAICDN-2]
-	_ = x[CanUseAlias-3]
-	_ = x[CanUseAzureAlias-4]
-	_ = x[CanUseCAA-5]
-	_ = x[CanUseDHCID-6]
-	_ = x[CanUseDS-7]
-	_ = x[CanUseDSForChildren-8]
-	_ = x[CanUseLOC-9]
-	_ = x[CanUseNAPTR-10]
-	_ = x[CanUsePTR-11]
-	_ = x[CanUseRoute53Alias-12]
-	_ = x[CanUseSOA-13]
-	_ = x[CanUseSRV-14]
-	_ = x[CanUseSSHFP-15]
-	_ = x[CanUseTLSA-16]
-	_ = x[DocCreateDomains-17]
-	_ = x[DocDualHost-18]
-	_ = x[DocOfficiallySupported-19]
+	_ = x[CanConcur-1]
+	_ = x[CanGetZones-2]
+	_ = x[CanUseAKAMAICDN-3]
+	_ = x[CanUseAlias-4]
+	_ = x[CanUseAzureAlias-5]
+	_ = x[CanUseCAA-6]
+	_ = x[CanUseDHCID-7]
+	_ = x[CanUseDS-8]
+	_ = x[CanUseDSForChildren-9]
+	_ = x[CanUseLOC-10]
+	_ = x[CanUseNAPTR-11]
+	_ = x[CanUsePTR-12]
+	_ = x[CanUseRoute53Alias-13]
+	_ = x[CanUseSOA-14]
+	_ = x[CanUseSRV-15]
+	_ = x[CanUseSSHFP-16]
+	_ = x[CanUseTLSA-17]
+	_ = x[DocCreateDomains-18]
+	_ = x[DocDualHost-19]
+	_ = x[DocOfficiallySupported-20]
 }
 
-const _Capability_name = "CanAutoDNSSECCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint8{0, 13, 24, 39, 50, 66, 75, 86, 94, 113, 122, 133, 142, 160, 169, 178, 189, 199, 215, 226, 248}
+var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 103, 122, 131, 142, 151, 169, 178, 187, 198, 208, 224, 235, 257}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index cab71764e9..0a4b759318 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -43,6 +43,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 2e95e8f3fa..7bd9135425 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -41,6 +41,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
diff --git a/providers/cscglobal/cscglobalProvider.go b/providers/cscglobal/cscglobalProvider.go
index 0387de2bd4..2cfb866359 100644
--- a/providers/cscglobal/cscglobalProvider.go
+++ b/providers/cscglobal/cscglobalProvider.go
@@ -28,6 +28,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.DocOfficiallySupported: providers.Can(),
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 56e9ba3643..d9aae6fdeb 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -41,6 +41,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("deSEC always signs all records. When trying to disable, a notice is printed."),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Unimplemented("Apex aliasing is supported via new SVCB and HTTPS record types. For details, check the deSEC docs."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 1e30197bdb..409776b450 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -73,6 +73,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index 6599f511b7..50d669e1df 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -24,6 +24,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/dnsmadeeasy/dnsMadeEasyProvider.go b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
index 38d165a9f8..1b1a96bcd1 100644
--- a/providers/dnsmadeeasy/dnsMadeEasyProvider.go
+++ b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
@@ -15,6 +15,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/doh/dohProvider.go b/providers/doh/dohProvider.go
index 8298145228..c8e4d62b1a 100644
--- a/providers/doh/dohProvider.go
+++ b/providers/doh/dohProvider.go
@@ -17,8 +17,14 @@ Info required in `creds.json`:
    - host                DNS over HTTPS host (eg 9.9.9.9)
 */
 
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanConcur: providers.Cannot(),
+}
+
 func init() {
-	providers.RegisterRegistrarType("DNSOVERHTTPS", newDNSOverHTTPS)
+	providers.RegisterRegistrarType("DNSOVERHTTPS", newDNSOverHTTPS, features)
 }
 
 func newDNSOverHTTPS(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/domainnameshop/domainnameshopProvider.go b/providers/domainnameshop/domainnameshopProvider.go
index 2086867238..af8fed0a7a 100644
--- a/providers/domainnameshop/domainnameshopProvider.go
+++ b/providers/domainnameshop/domainnameshopProvider.go
@@ -25,8 +25,9 @@ type domainNameShopProvider struct {
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
-	providers.CanAutoDNSSEC:          providers.Cannot(),                                     // Maybe there is support for it
-	providers.CanGetZones:            providers.Unimplemented(),                              //
+	providers.CanAutoDNSSEC:          providers.Cannot(),        // Maybe there is support for it
+	providers.CanGetZones:            providers.Unimplemented(), //
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Unimplemented("Needs custom implementation"), // Can possibly be implemented, needs further research
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Unimplemented(), // Seems to support but needs to be implemented
diff --git a/providers/dynadot/dynadotProvider.go b/providers/dynadot/dynadotProvider.go
index 48d0c622f0..46d6885732 100644
--- a/providers/dynadot/dynadotProvider.go
+++ b/providers/dynadot/dynadotProvider.go
@@ -18,8 +18,14 @@ Info required in `creds.json`:
 
 */
 
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanConcur: providers.Cannot(),
+}
+
 func init() {
-	providers.RegisterRegistrarType("DYNADOT", newDynadot)
+	providers.RegisterRegistrarType("DYNADOT", newDynadot, features)
 }
 
 func newDynadot(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/easyname/easynameProvider.go b/providers/easyname/easynameProvider.go
index 4fc9b848b6..d6625bc24c 100644
--- a/providers/easyname/easynameProvider.go
+++ b/providers/easyname/easynameProvider.go
@@ -16,8 +16,14 @@ type easynameProvider struct {
 	domains  map[string]easynameDomain
 }
 
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanConcur: providers.Cannot(),
+}
+
 func init() {
-	providers.RegisterRegistrarType("EASYNAME", newEasyname)
+	providers.RegisterRegistrarType("EASYNAME", newEasyname, features)
 }
 
 func newEasyname(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/exoscale/exoscaleProvider.go b/providers/exoscale/exoscaleProvider.go
index dab9dde02f..ff726bee90 100644
--- a/providers/exoscale/exoscaleProvider.go
+++ b/providers/exoscale/exoscaleProvider.go
@@ -57,6 +57,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 6129953cd2..4495239486 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -47,6 +47,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can("Only on the bare domain. Otherwise CNAME will be substituted"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot("Only supports DS records at the apex"),
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index bd5d281173..c62ea9e4a6 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -26,6 +26,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index fdde7a4e63..de6e36f251 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -45,6 +45,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index 4f9fa0ac66..ba923dbf15 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -46,6 +46,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index 7efce1b379..3ccea1787a 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -15,6 +15,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index bc4730ab98..5efc33c61b 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -26,6 +26,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot("Using ALIAS is possible through our extended DNS (X-DNS) service. Feel free to get in touch with us."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index a9d671b57b..38ee265b8b 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -20,6 +20,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/internetbs/internetbsProvider.go b/providers/internetbs/internetbsProvider.go
index 84ba433539..df7641bf50 100644
--- a/providers/internetbs/internetbsProvider.go
+++ b/providers/internetbs/internetbsProvider.go
@@ -19,8 +19,14 @@ Info required in `creds.json`:
 
 */
 
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanConcur: providers.Cannot(),
+}
+
 func init() {
-	providers.RegisterRegistrarType("INTERNETBS", newInternetBs)
+	providers.RegisterRegistrarType("INTERNETBS", newInternetBs, features)
 }
 
 func newInternetBs(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index c006277268..56e8961623 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -45,6 +45,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Unimplemented("Supported by INWX but not implemented yet."),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot("INWX does not support the ALIAS or ANAME record type."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Unimplemented("DS records are only supported at the apex and require a different API call that hasn't been implemented yet."),
diff --git a/providers/linode/linodeProvider.go b/providers/linode/linodeProvider.go
index fb18da6acc..9e25e82fef 100644
--- a/providers/linode/linodeProvider.go
+++ b/providers/linode/linodeProvider.go
@@ -91,6 +91,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can("Linode doesn't support changing the CAA flag"),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.DocDualHost:            providers.Cannot(),
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index 2846bf045a..3862bfaa70 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -47,6 +47,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAKAMAICDN:        providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseAzureAlias:       providers.Cannot(),
diff --git a/providers/luadns/luadnsProvider.go b/providers/luadns/luadnsProvider.go
index 1f8f4d21e4..4086f8ab28 100644
--- a/providers/luadns/luadnsProvider.go
+++ b/providers/luadns/luadnsProvider.go
@@ -22,6 +22,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/msdns/msdnsProvider.go b/providers/msdns/msdnsProvider.go
index c62f83d290..65880b214a 100644
--- a/providers/msdns/msdnsProvider.go
+++ b/providers/msdns/msdnsProvider.go
@@ -22,6 +22,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Cannot(),
 	providers.CanUseDS:               providers.Unimplemented(),
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index f19ebc4f8a..e55470d915 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -33,6 +33,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/namecheap/namecheapProvider.go b/providers/namecheap/namecheapProvider.go
index 66f3faa322..7171789805 100644
--- a/providers/namecheap/namecheapProvider.go
+++ b/providers/namecheap/namecheapProvider.go
@@ -29,6 +29,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/namedotcom/namedotcomProvider.go b/providers/namedotcom/namedotcomProvider.go
index a56195eff1..b7b820b983 100644
--- a/providers/namedotcom/namedotcomProvider.go
+++ b/providers/namedotcom/namedotcomProvider.go
@@ -24,6 +24,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Cannot("PTR records are not supported (See Link)", "https://www.name.com/support/articles/205188508-Reverse-DNS-records"),
diff --git a/providers/netcup/netcupProvider.go b/providers/netcup/netcupProvider.go
index 31c1972060..846dd154d1 100644
--- a/providers/netcup/netcupProvider.go
+++ b/providers/netcup/netcupProvider.go
@@ -13,6 +13,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Cannot(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Cannot(),
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index f00f44884c..02af5e517d 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -16,6 +16,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index b29eb0c107..af6addd445 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -20,6 +20,7 @@ var docNotes = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/opensrs/opensrsProvider.go b/providers/opensrs/opensrsProvider.go
index 08aebf76c5..a74d676193 100644
--- a/providers/opensrs/opensrsProvider.go
+++ b/providers/opensrs/opensrsProvider.go
@@ -12,8 +12,14 @@ import (
 	opensrs "github.com/philhug/opensrs-go/opensrs"
 )
 
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanConcur: providers.Cannot(),
+}
+
 func init() {
-	providers.RegisterRegistrarType("OPENSRS", newReg)
+	providers.RegisterRegistrarType("OPENSRS", newReg, features)
 }
 
 var defaultNameServerNames = []string{
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 8486c7142b..0a560919a3 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -19,6 +19,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(), // should be supported, but getting 500s in tests
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index 93c65a3e30..5722508062 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -21,6 +21,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
diff --git a/providers/packetframe/packetframeProvider.go b/providers/packetframe/packetframeProvider.go
index a3f321712a..b0aae570c2 100644
--- a/providers/packetframe/packetframeProvider.go
+++ b/providers/packetframe/packetframeProvider.go
@@ -42,6 +42,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Unimplemented(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.DocDualHost:            providers.Cannot(),
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 5576b57955..b85e2de410 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -56,6 +56,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Unimplemented(), // CAA record for base domain is pinning to a fixed set once configure
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/powerdns/powerdnsProvider.go b/providers/powerdns/powerdnsProvider.go
index 48fcef0919..52c0f205cd 100644
--- a/providers/powerdns/powerdnsProvider.go
+++ b/providers/powerdns/powerdnsProvider.go
@@ -16,6 +16,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can("Needs to be enabled in PowerDNS first", "https://doc.powerdns.com/authoritative/guides/alias.html"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index c476e09e05..4cb3a3b336 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -30,6 +30,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Cannot(),
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index a51e775d60..03a7de4e1e 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -79,6 +79,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot("R53 does not provide a generic ALIAS functionality. Use R53_ALIAS instead."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
diff --git a/providers/rwth/rwthProvider.go b/providers/rwth/rwthProvider.go
index aa46365045..3a6a56bf26 100644
--- a/providers/rwth/rwthProvider.go
+++ b/providers/rwth/rwthProvider.go
@@ -18,6 +18,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Unimplemented("Supported by RWTH but not implemented yet."),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Unimplemented("DS records are only supported at the apex and require a different API call that hasn't been implemented yet."),
diff --git a/providers/softlayer/softlayerProvider.go b/providers/softlayer/softlayerProvider.go
index f647f78301..41775f09f3 100644
--- a/providers/softlayer/softlayerProvider.go
+++ b/providers/softlayer/softlayerProvider.go
@@ -25,6 +25,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones: providers.Unimplemented(),
+	providers.CanConcur:   providers.Cannot(),
 	providers.CanUseLOC:   providers.Cannot(),
 	providers.CanUseSRV:   providers.Can(),
 }
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index dbbb58021c..7e47a3d628 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -33,6 +33,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index a63cdad6ea..2d75d092b0 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -29,6 +29,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),

From 3a84f6cde397f141bdf2b846cd94843a2644a8ff Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 25 Mar 2024 10:06:07 -0400
Subject: [PATCH 212/438] upgrade deps (#2881)

---
 go.mod | 44 +++++++++++++--------------
 go.sum | 95 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 69 insertions(+), 70 deletions(-)

diff --git a/go.mod b/go.mod
index 5148af07fb..d04d11593f 100644
--- a/go.mod
+++ b/go.mod
@@ -20,16 +20,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.25.3
-	github.com/aws/aws-sdk-go-v2/config v1.27.7
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.7
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2
+	github.com/aws/aws-sdk-go-v2 v1.26.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.9
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.9
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.89.0
-	github.com/digitalocean/godo v1.109.0
+	github.com/cloudflare/cloudflare-go v0.91.0
+	github.com/digitalocean/godo v1.110.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -37,7 +37,7 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.12.0
+	github.com/hashicorp/vault/api v1.12.2
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.58
 	github.com/mittwald/go-powerdns v0.6.2
@@ -58,7 +58,7 @@ require (
 	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/net v0.22.0
 	golang.org/x/oauth2 v0.18.0
-	google.golang.org/api v0.169.0
+	google.golang.org/api v0.171.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
@@ -73,7 +73,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -85,15 +85,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 // indirect
 	github.com/aws/smithy-go v1.20.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -115,7 +115,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -148,14 +148,14 @@ require (
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.15.0 // indirect
+	golang.org/x/mod v0.16.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/tools v0.19.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 // indirect
-	google.golang.org/grpc v1.62.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index eb4cf77d0a..092e3e9dec 100644
--- a/go.sum
+++ b/go.sum
@@ -39,34 +39,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
-github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
-github.com/aws/aws-sdk-go-v2/config v1.27.7 h1:JSfb5nOQF01iOgxFI5OIKWwDiEXWTyTgg1Mm1mHi0A4=
-github.com/aws/aws-sdk-go-v2/config v1.27.7/go.mod h1:PH0/cNpoMO+B04qET699o5W92Ca79fVtbUnvMIZro4I=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.7 h1:WJd+ubWKoBeRh7A5iNMnxEOs982SyVKOJD+K8HIezu4=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.7/go.mod h1:UQi7LMR0Vhvs+44w5ec8Q+VS+cd10cjwgHwiVkE0YGU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 h1:p+y7FvkK2dxS+FEwRIDHDe//ZX+jDhP8HHE50ppj4iI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3/go.mod h1:/fYB+FZbDlwlAiynK9KDXlzZl3ANI9JkD0Uhz5FjNT4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw=
+github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=
+github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
+github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=
+github.com/aws/aws-sdk-go-v2/config v1.27.9/go.mod h1:dK1FQfpwpql83kbD873E9vz4FyAxuJtR22wzoXn3qq0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.9/go.mod h1:446YhIdmSV0Jf/SLafGZalQo+xr2iw7/fzXGDPTU1yQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4/go.mod h1:WjpDrhWisWOIoS9n3nk67A3Ll1vfULJ9Kq6h29HTD48=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2 h1:YXQQJm3KnxabBHGNU8iC0GSvKRLtUSNUfP2R7L+Z/Tg=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.2/go.mod h1:ORinaAeDvAI7L7zPyE2RmG0RpwHKZDaQ7ALO8/dXFtY=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2 h1:TypWfzHKes0zADvTyJEwGsb0BAscUE8Ty0xs/jQM4Dk=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.2/go.mod h1:jVbk98+jKo/JiX+qt028oGR6yApccx4ij5FaFUjiIAg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 h1:XOPfar83RIRPEzfihnp+U6udOveKZJvPQ76SKWrLRHc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.2/go.mod h1:Vv9Xyk1KMHXrR3vNQe8W5LMFdTjSeWk0gBZBzvf3Qa0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 h1:pi0Skl6mNl2w8qWZXcdOyg197Zsf4G97U7Sso9JXGZE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2/go.mod h1:JYzLoEVeLXk+L4tn1+rrkfhkxl6mLDEVaDSvGq9og90=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 h1:Ppup1nVNAOWbBOrcoOxaxPeEnSFB2RnnQdguhXpmeQk=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.4/go.mod h1:+K1rNPVyGxkRuv9NNiaZ4YhBFuyw2MMA9SlIJ1Zlpz8=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3 h1:wr5gulbwbb8PSRMWjCROoP0TIMccpF8x5A7hEk2SjpA=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3/go.mod h1:/Gyl9xjGcjIVe80ar75YlmA8m6oFh0A4XfLciBmdS8s=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3 h1:iuBYHWv0+2pF2qbM+UmnSwvcdOknXRi4yE9KBHhAItQ=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3/go.mod h1:Ijqatnvuyx5IE/FmFJWJyWTcUY5XrlXgc6G7z1Fqk6o=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.3/go.mod h1:5HFu51Elk+4oRBZVxmHrSds5jFXmFj8C3w7DVF2gnrs=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3/go.mod h1:b+qdhjnxj8GSR6t5YfphOffeoQSQ1KmpoVVuBn+PWxs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0=
 github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
 github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -87,8 +87,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.89.0 h1:3zoVntC8xmUR/weFEcNE1RizdW4LRZdQnJ/AN8DDa1U=
-github.com/cloudflare/cloudflare-go v0.89.0/go.mod h1:eyuehb1i6BNRc+ZwaTZAiRHeE+4jbKvHAns19oGeakg=
+github.com/cloudflare/cloudflare-go v0.91.0 h1:L7IR+86qrZuEMSjGFg4cwRwtHqC8uCPmMUkP7BD4CPw=
+github.com/cloudflare/cloudflare-go v0.91.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -101,8 +101,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.109.0 h1:4W97RJLJSUQ3veRZDNbp1Ol3Rbn6Lmt9bKGvfqYI5SU=
-github.com/digitalocean/godo v1.109.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.110.0 h1:EY+rewWCYrUNOPbk9wI2Ytf0TBSRTJcZ6BINCb5dfmQ=
+github.com/digitalocean/godo v1.110.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -206,8 +206,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.2 h1:mhN09QQW1jEWeMF74zGR81R30z4VJzjZsfkUhuHF+DA=
-github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc=
+github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
+github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -240,8 +240,8 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4=
-github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck=
+github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=
+github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -426,8 +426,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -435,8 +435,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8=
-golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
+golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -526,14 +526,14 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=
-golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
+golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
+golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.169.0 h1:QwWPy71FgMWqJN/l6jVlFHUa29a7dcUy02I8o799nPY=
-google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg=
+google.golang.org/api v0.171.0 h1:w174hnBPqut76FzW5Qaupt7zY8Kql6fiVjgys4f58sU=
+google.golang.org/api v0.171.0/go.mod h1:Hnq5AHm4OTMt2BUVjael2CWZFD6vksJdWCWiUAmjC9o=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -541,19 +541,18 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU=
-google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M=
-google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A=
-google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78 h1:Xs9lu+tLXxLIfuci70nG4cpwaRC+mRQPUL7LoIeDJC4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240304161311-37d4d3c04a78/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
-google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
+google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 02b0bedb853de6834420f304a1cefe2e707f4f56 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 25 Mar 2024 11:40:58 -0400
Subject: [PATCH 213/438] DEV: Upgrade to go 1.22.x (#2882)

---
 .github/workflows/pr_test.yml       | 2 +-
 .github/workflows/release_draft.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 420ee64990..00ca59f633 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -96,7 +96,7 @@ jobs:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     container:
-      image: golang:1.21
+      image: golang:1.22
     needs:
     - integration-test-providers
     env:
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index 30f5d50076..cc918ce3a5 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -42,7 +42,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: ^1.21
+        go-version: ^1.22
 
 # Stringer is needed because .goreleaser includes "go generate ./..."
     - name: Install stringer

From 408a70ec76274e6e69c9e7112ef0d4688aa50a5c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 27 Mar 2024 09:32:22 -0400
Subject: [PATCH 214/438] DEV: Adopt go 1.22.1 as minimum compiler version
 (#2885)

---
 go.mod |  6 +++---
 go.sum | 10 ++++++----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index d04d11593f..581caa294d 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
 module github.com/StackExchange/dnscontrol/v4
 
-go 1.21
-
-toolchain go1.21.1
+go 1.22.1
 
 retract v4.8.0
 
@@ -128,6 +126,7 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
+	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -140,6 +139,7 @@ require (
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
 	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
diff --git a/go.sum b/go.sum
index 092e3e9dec..8ea0d45c5d 100644
--- a/go.sum
+++ b/go.sum
@@ -261,8 +261,9 @@ github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZ
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -344,8 +345,8 @@ github.com/robertkrimen/otto v0.3.0 h1:5RI+8860NSxvXywDY9ddF5HcPw0puRsd8EgbXV0oq
 github.com/robertkrimen/otto v0.3.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
+github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -358,8 +359,9 @@ github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFR
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
 github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
+github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=

From 68c5e87c8908c5bee27ec4fe068ebc1cc69c5c13 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 27 Mar 2024 13:54:36 -0400
Subject: [PATCH 215/438] NEW FEATURE: Gather data for providers concurrently
 (#2873)

---
 .goreleaser.yml                            |   4 +-
 README.md                                  |   6 +-
 commands/ppreviewPush.go                   | 783 +++++++++++++++++++++
 commands/previewPush.go                    |   2 +-
 commands/zonecache.go                      |  27 +
 documentation/providers.md                 |  10 +-
 models/domain.go                           |  49 +-
 pkg/nameservers/nameservers.go             |  12 +-
 pkg/printer/printer.go                     |  13 +
 providers/azuredns/azureDnsProvider.go     |  11 +-
 providers/capabilities.go                  |   4 +-
 providers/cloudflare/cloudflareProvider.go |  48 +-
 providers/cloudflare/rest.go               |   5 +-
 providers/cscglobal/cscglobalProvider.go   |   2 +-
 providers/gcloud/gcloudProvider.go         |   2 +-
 providers/providers.go                     |   8 +-
 providers/route53/route53Provider.go       |  14 +-
 17 files changed, 933 insertions(+), 67 deletions(-)
 create mode 100644 commands/ppreviewPush.go
 create mode 100644 commands/zonecache.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index b0d183176e..abec1e0931 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -159,9 +159,9 @@ release:
     ## Deprecation warnings
 
     > [!WARNING]
-    > - **32-bit binaries will no longer be distributed after September 10, 2023.** There is a proposal to stop shipping 32-bit binaries (packages and containers).  If no objections are raised by Sept 10, 2023, new releases will not include them. See https://github.com/StackExchange/dnscontrol/issues/2461 for details.
+    > - **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
     > - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
-    > - **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+    > - **ACME/Let's Encrypt support is frozen and will be removed without notice between now and April 2025.**  It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
     ## Install
 
diff --git a/README.md b/README.md
index ca8c92c00d..4992f9e9ae 100644
--- a/README.md
+++ b/README.md
@@ -158,11 +158,11 @@ DNSControl can be installed via packages for macOS, Linux and Windows, or from s
 
 See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/install-dnscontrol](https://github.com/gacts/install-dnscontrol).
 
-## Deprecation warnings (updated 2024-02-24)
+## Deprecation warnings (updated 2024-03-25)
 
-- **32-bit binaries will no longer be distributed after September 10, 2023.** There is a proposal to stop shipping 32-bit binaries (packages and containers).  If no objections are raised by Sept 10, 2023, new releases will not include them. See https://github.com/StackExchange/dnscontrol/issues/2461 for details.
+- **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
 - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
-- **ACME/Let's Encrypt support is frozen and will be removed after December 31, 2022.**  The `get-certs` command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+- **ACME/Let's Encrypt support is frozen and will be removed without notice between now and April 2025.**  It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
 ## More info at our website
 
diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
new file mode 100644
index 0000000000..f04bee6d1a
--- /dev/null
+++ b/commands/ppreviewPush.go
@@ -0,0 +1,783 @@
+package commands
+
+import (
+	"cmp"
+	"encoding/json"
+	"fmt"
+	"os"
+	"strings"
+	"sync"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/bindserial"
+	"github.com/StackExchange/dnscontrol/v4/pkg/credsfile"
+	"github.com/StackExchange/dnscontrol/v4/pkg/nameservers"
+	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
+	"github.com/StackExchange/dnscontrol/v4/pkg/notifications"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/zonerecs"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	"github.com/urfave/cli/v2"
+	"golang.org/x/exp/slices"
+	"golang.org/x/net/idna"
+)
+
+type zoneCache struct {
+	cache map[string]*[]string
+	sync.Mutex
+}
+
+var _ = cmd(catMain, func() *cli.Command {
+	var args PPreviewArgs
+	return &cli.Command{
+		Name:  "ppreview",
+		Usage: "read live configuration and identify changes to be made, without applying them",
+		Action: func(ctx *cli.Context) error {
+			return exit(PPreview(args))
+		},
+		Flags: args.flags(),
+	}
+}())
+
+// PPreviewArgs contains all data/flags needed to run preview, independently of CLI
+type PPreviewArgs struct {
+	GetDNSConfigArgs
+	GetCredentialsArgs
+	FilterArgs
+	Notify      bool
+	WarnChanges bool
+	ConcurMode  string
+	NoPopulate  bool
+	DePopulate  bool
+	Full        bool
+}
+
+// ReportItem is a record of corrections for a particular domain/provider/registrar.
+//type ReportItem struct {
+//	Domain      string `json:"domain"`
+//	Corrections int    `json:"corrections"`
+//	Provider    string `json:"provider,omitempty"`
+//	Registrar   string `json:"registrar,omitempty"`
+//}
+
+func (args *PPreviewArgs) flags() []cli.Flag {
+	flags := args.GetDNSConfigArgs.flags()
+	flags = append(flags, args.GetCredentialsArgs.flags()...)
+	flags = append(flags, args.FilterArgs.flags()...)
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "notify",
+		Destination: &args.Notify,
+		Usage:       `set to true to send notifications to configured destinations`,
+	})
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "expect-no-changes",
+		Destination: &args.WarnChanges,
+		Usage:       `set to true for non-zero return code if there are changes`,
+	})
+	flags = append(flags, &cli.StringFlag{
+		Name:        "cmode",
+		Destination: &args.ConcurMode,
+		Value:       "default",
+		Usage:       `Which providers to run concurrently: all, default, none`,
+		Action: func(c *cli.Context, s string) error {
+			if !slices.Contains([]string{"all", "default", "none"}, s) {
+				fmt.Printf("%q is not a valid option for --cmode.  Valie are: all, default, none", s)
+			}
+			return nil
+		},
+	})
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "no-populate",
+		Destination: &args.NoPopulate,
+		Usage:       `Do not auto-create zones at the provider`,
+	})
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "depopulate",
+		Destination: &args.NoPopulate,
+		Usage:       `Delete unknown zones at provider (dangerous!)`,
+	})
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "full",
+		Destination: &args.Full,
+		Usage:       `Add headings, providers names, notifications of no changes, etc`,
+	})
+	flags = append(flags, &cli.IntFlag{
+		Name:   "reportmax",
+		Hidden: true,
+		Usage:  `Limit the IGNORE/NO_PURGE report to this many lines (Expermental. Will change in the future.)`,
+		Action: func(ctx *cli.Context, max int) error {
+			printer.MaxReport = max
+			return nil
+		},
+	})
+	flags = append(flags, &cli.Int64Flag{
+		Name:        "bindserial",
+		Destination: &bindserial.ForcedValue,
+		Usage:       `Force BIND serial numbers to this value (for reproducibility)`,
+	})
+	return flags
+}
+
+var _ = cmd(catMain, func() *cli.Command {
+	var args PPushArgs
+	return &cli.Command{
+		Name:  "ppush",
+		Usage: "identify changes to be made, and perform them",
+		Action: func(ctx *cli.Context) error {
+			return exit(PPush(args))
+		},
+		Flags: args.flags(),
+	}
+}())
+
+// PPushArgs contains all data/flags needed to run push, independently of CLI
+type PPushArgs struct {
+	PPreviewArgs
+	Interactive bool
+	Report      string
+}
+
+func (args *PPushArgs) flags() []cli.Flag {
+	flags := args.PPreviewArgs.flags()
+	flags = append(flags, &cli.BoolFlag{
+		Name:        "i",
+		Destination: &args.Interactive,
+		Usage:       "Interactive. Confirm or Exclude each correction before they run",
+	})
+	flags = append(flags, &cli.StringFlag{
+		Name:        "report",
+		Destination: &args.Report,
+		Usage:       `Generate a machine-parseable report of performed corrections.`,
+	})
+	return flags
+}
+
+// PPreview implements the preview subcommand.
+func PPreview(args PPreviewArgs) error {
+	return prun(args, false, false, printer.DefaultPrinter, "")
+}
+
+// PPush implements the push subcommand.
+func PPush(args PPushArgs) error {
+	return prun(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, args.Report)
+}
+
+var pobsoleteDiff2FlagUsed = false
+
+// run is the main routine common to preview/push
+func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, report string) error {
+
+	// This is a hack until we have the new printer replacement.
+	printer.SkinnyReport = !args.Full
+	fullMode := args.Full
+
+	if pobsoleteDiff2FlagUsed {
+		printer.Println("WARNING: Please remove obsolete --diff2 flag. This will be an error in v5 or later. See https://github.com/StackExchange/dnscontrol/issues/2262")
+	}
+
+	out.PrintfIf(fullMode, "Reading dnsconfig.js or equiv.\n")
+	cfg, err := GetDNSConfig(args.GetDNSConfigArgs)
+	if err != nil {
+		return err
+	}
+
+	out.PrintfIf(fullMode, "Reading creds.json or equiv.\n")
+	providerConfigs, err := credsfile.LoadProviderConfigs(args.CredsFile)
+	if err != nil {
+		return err
+	}
+
+	out.PrintfIf(fullMode, "Creating an in-memory model of 'desired'...\n")
+	notifier, err := PInitializeProviders(cfg, providerConfigs, args.Notify)
+	if err != nil {
+		return err
+	}
+
+	out.PrintfIf(fullMode, "Normalizing and validating 'desired'..\n")
+	errs := normalize.ValidateAndNormalizeConfig(cfg)
+	if PrintValidationErrors(errs) {
+		return fmt.Errorf("exiting due to validation errors")
+	}
+
+	zcache := NewZoneCache()
+
+	// Loop over all (or some) zones:
+	zonesToProcess := whichZonesToProcess(cfg.Domains, args.Domains)
+	zonesSerial, zonesConcurrent := splitConcurrent(zonesToProcess, args.ConcurMode)
+	out.PrintfIf(fullMode, "PHASE 1: GATHERING data\n")
+	var wg sync.WaitGroup
+	wg.Add(len(zonesConcurrent))
+	out.Printf("CONCURRENTLY gathering %d zone(s)\n", len(zonesConcurrent))
+	for _, zone := range optimizeOrder(zonesConcurrent) {
+		out.PrintfIf(fullMode, "Concurrently gathering: %q\n", zone.Name)
+		go func(zone *models.DomainConfig, args PPreviewArgs, zcache *zoneCache) {
+			defer wg.Done()
+			oneZone(zone, args, zcache)
+		}(zone, args, zcache)
+	}
+	out.Printf("SERIALLY gathering %d zone(s)\n", len(zonesSerial))
+	for _, zone := range zonesSerial {
+		out.Printf("Serially Gathering: %q\n", zone.Name)
+		oneZone(zone, args, zcache)
+	}
+	out.PrintfIf(len(zonesConcurrent) > 0, "Waiting for concurrent gathering(s) to complete...")
+	wg.Wait()
+	out.PrintfIf(len(zonesConcurrent) > 0, "DONE\n")
+
+	// Now we know what to do, print or do the tasks.
+	out.PrintfIf(fullMode, "PHASE 2: CORRECTIONS\n")
+	var totalCorrections int
+	var reportItems []*ReportItem
+	var anyErrors bool
+	for _, zone := range zonesToProcess {
+		out.StartDomain(zone.GetUniqueName())
+		providersToProcess := whichProvidersToProcess(zone.DNSProviderInstances, args.Providers)
+		for _, provider := range zone.DNSProviderInstances {
+			skip := skipProvider(provider.Name, providersToProcess)
+			out.StartDNSProvider(provider.Name, skip)
+			if !skip {
+				corrections := zone.GetCorrections(provider.Name)
+				totalCorrections += len(corrections)
+				reportItems = append(reportItems, genReportItem(zone.Name, corrections, provider.Name))
+				anyErrors = cmp.Or(anyErrors, pprintOrRunCorrections(zone.Name, provider.Name, corrections, out, push, interactive, notifier, report))
+				out.EndProvider(provider.Name, len(corrections), nil)
+			}
+		}
+		skip := skipProvider(zone.RegistrarInstance.Name, providersToProcess)
+		out.StartRegistrar(zone.RegistrarName, !skip)
+		if skip {
+			corrections := zone.GetCorrections(zone.RegistrarInstance.Name)
+			totalCorrections += len(corrections)
+			reportItems = append(reportItems, genReportItem(zone.Name, corrections, zone.RegistrarName))
+			anyErrors = cmp.Or(anyErrors, pprintOrRunCorrections(zone.Name, zone.RegistrarInstance.Name, corrections, out, push, interactive, notifier, report))
+			out.EndProvider(zone.RegistrarName, len(corrections), nil)
+		}
+	}
+
+	if os.Getenv("TEAMCITY_VERSION") != "" {
+		fmt.Fprintf(os.Stderr, "##teamcity[buildStatus status='SUCCESS' text='%d corrections']", totalCorrections)
+	}
+	notifier.Done()
+	out.Printf("Done. %d corrections.\n", totalCorrections)
+	err = writeReport(report, reportItems)
+	if err != nil {
+		return fmt.Errorf("could not write report")
+	}
+	if anyErrors {
+		return fmt.Errorf("completed with errors")
+	}
+	if totalCorrections != 0 && args.WarnChanges {
+		return fmt.Errorf("there are pending changes")
+	}
+	return nil
+}
+
+func whichZonesToProcess(domains []*models.DomainConfig, filter string) []*models.DomainConfig {
+	if filter == "" || filter == "all" {
+		return domains
+	}
+
+	permitList := strings.Split(filter, ",")
+	var picked []*models.DomainConfig
+	for _, domain := range domains {
+		if domainInList(domain.Name, permitList) {
+			picked = append(picked, domain)
+		}
+	}
+	return picked
+}
+
+// splitConcurrent takes a list of DomainConfigs and returns two lists. The
+// first list is the items that do NOT support concurrency.  The second is list
+// the items that DO support concurrency.
+func splitConcurrent(domains []*models.DomainConfig, filter string) (serial []*models.DomainConfig, concurrent []*models.DomainConfig) {
+	if filter == "none" {
+		return domains, nil
+	} else if filter == "all" {
+		return nil, domains
+	}
+	for _, dc := range domains {
+		if allConcur(dc) {
+			concurrent = append(concurrent, dc)
+		} else {
+			serial = append(serial, dc)
+		}
+	}
+	return
+}
+
+// allConcur returns true if its registrar and all DNS providers support
+// concurrency.  Otherwise false is returned.
+func allConcur(dc *models.DomainConfig) bool {
+	if !providers.ProviderHasCapability(dc.RegistrarInstance.ProviderType, providers.CanConcur) {
+		//fmt.Printf("WHY? %q: %+v\n", dc.Name, dc.RegistrarInstance)
+		return false
+	}
+	for _, p := range dc.DNSProviderInstances {
+		if !providers.ProviderHasCapability(p.ProviderType, providers.CanConcur) {
+			//fmt.Printf("WHY? %q: %+v\n", dc.Name, p)
+			return false
+		}
+	}
+	return true
+}
+
+// optimizeOrder returns a list of DomainConfigs so that they gather fastest.
+//
+// The current algorithm is based on the heuistic that larger zones (zones with
+// the most records) need the most time to be processed.  Therefore, the largest
+// zones are moved to the front of the list.
+// This isn't perfect but it is good enough.
+func optimizeOrder(zones []*models.DomainConfig) []*models.DomainConfig {
+	slices.SortFunc(zones, func(a, b *models.DomainConfig) int {
+		return len(b.Records) - len(a.Records) // Biggest to smallest.
+	})
+
+	// // For benchmarking. Randomize the list. If you aren't better
+	// // than random, you might as well not play.
+	// rand.Shuffle(len(zones), func(i, j int) {
+	// 	zones[i], zones[j] = zones[j], zones[i]
+	// })
+
+	return zones
+}
+
+func oneZone(zone *models.DomainConfig, args PPreviewArgs, zc *zoneCache) {
+	// Fix the parent zone's delegation: (if able/needed)
+	//zone.NameserversMutex.Lock()
+	delegationCorrections := generateDelegationCorrections(zone, zone.DNSProviderInstances, zone.RegistrarInstance)
+	//zone.NameserversMutex.Unlock()
+
+	// Loop over the (selected) providers configured for that zone:
+	providersToProcess := whichProvidersToProcess(zone.DNSProviderInstances, args.Providers)
+	for _, provider := range providersToProcess {
+
+		// Populate the zones at the provider (if desired/needed/able):
+		if !args.NoPopulate {
+			populateCorrections := generatePopulateCorrections(provider, zone.Name, zc)
+			zone.StoreCorrections(provider.Name, populateCorrections)
+		}
+
+		// Update the zone's records at the provider:
+		zoneCor, rep := generateZoneCorrections(zone, provider)
+		zone.StoreCorrections(provider.Name, rep)
+		zone.StoreCorrections(provider.Name, zoneCor)
+	}
+
+	// Do the delegation corrections after the zones are updated.
+	zone.StoreCorrections(zone.RegistrarInstance.Name, delegationCorrections)
+}
+
+func whichProvidersToProcess(providers []*models.DNSProviderInstance, filter string) []*models.DNSProviderInstance {
+
+	if filter == "all" { // all
+		return providers
+	}
+
+	permitList := strings.Split(filter, ",")
+	var picked []*models.DNSProviderInstance
+
+	// Just the default providers:
+	if filter == "" {
+		for _, provider := range providers {
+			if provider.IsDefault {
+				picked = append(picked, provider)
+			}
+		}
+		return picked
+	}
+
+	// Just the exact matches:
+	for _, provider := range providers {
+		for _, filterItem := range permitList {
+			if provider.Name == filterItem {
+				picked = append(picked, provider)
+			}
+		}
+	}
+	return picked
+}
+
+func skipProvider(name string, providers []*models.DNSProviderInstance) bool {
+	return !slices.ContainsFunc(providers, func(p *models.DNSProviderInstance) bool {
+		return p.Name == name
+	})
+}
+
+func genReportItem(zname string, corrections []*models.Correction, pname string) *ReportItem {
+
+	// Only count the actions, not the messages.
+	cnt := 0
+	for _, cor := range corrections {
+		if cor.F != nil {
+			cnt++
+		}
+	}
+
+	r := ReportItem{
+		Domain:      zname,
+		Corrections: cnt,
+		Provider:    pname,
+	}
+	return &r
+}
+
+func pprintOrRunCorrections(zoneName string, providerName string, corrections []*models.Correction, out printer.CLI, push bool, interactive bool, notifier notifications.Notifier, report string) bool {
+	if len(corrections) == 0 {
+		return false
+	}
+	var anyErrors bool
+	for i, correction := range corrections {
+		out.PrintCorrection(i, correction)
+		var err error
+		if push {
+			if interactive && !out.PromptToRun() {
+				continue
+			}
+			if correction.F != nil {
+				err = correction.F()
+				if err != nil {
+					anyErrors = true
+				}
+			}
+			out.EndCorrection(err)
+		}
+		notifier.Notify(zoneName, providerName, correction.Msg, err, !push)
+	}
+
+	_ = report // File name to write report to.
+	return anyErrors
+}
+
+func writeReport(report string, reportItems []*ReportItem) error {
+	// No filename? No report.
+	if report == "" {
+		return nil
+	}
+
+	f, err := os.OpenFile(report, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	b, err := json.MarshalIndent(reportItems, "", "  ")
+	if err != nil {
+		return err
+	}
+	if _, err := f.Write(b); err != nil {
+		return err
+	}
+	return nil
+}
+
+func generatePopulateCorrections(provider *models.DNSProviderInstance, zoneName string, zcache *zoneCache) []*models.Correction {
+
+	lister, ok := provider.Driver.(providers.ZoneLister)
+	if !ok {
+		return nil // We can't generate a list. No corrections are possible.
+	}
+
+	z, err := zcache.zoneList(provider.Name, lister)
+	if err != nil {
+		return []*models.Correction{{Msg: fmt.Sprintf("zoneList failed for %q: %s", provider.Name, err)}}
+	}
+	zones := *z
+
+	aceZoneName, _ := idna.ToASCII(zoneName)
+	if slices.Contains(zones, aceZoneName) {
+		return nil // zone exists. Nothing to do.
+	}
+
+	creator, ok := provider.Driver.(providers.ZoneCreator)
+	if !ok {
+		return []*models.Correction{{Msg: fmt.Sprintf("Zone %q does not exist. Can not create because %q does not implement ZoneCreator", aceZoneName, provider.Name)}}
+	}
+
+	return []*models.Correction{{
+		Msg: fmt.Sprintf("Create zone '%s' in the '%s' profile", aceZoneName, provider.Name),
+		F:   func() error { return creator.EnsureZoneExists(aceZoneName) },
+	}}
+}
+
+func generateZoneCorrections(zone *models.DomainConfig, provider *models.DNSProviderInstance) ([]*models.Correction, []*models.Correction) {
+	reports, zoneCorrections, err := zonerecs.CorrectZoneRecords(provider.Driver, zone)
+	if err != nil {
+		return []*models.Correction{{Msg: fmt.Sprintf("Domain %q provider %s Error: %s", zone.Name, provider.Name, err)}}, nil
+	}
+	return zoneCorrections, reports
+}
+
+func generateDelegationCorrections(zone *models.DomainConfig, providers []*models.DNSProviderInstance, _ *models.RegistrarInstance) []*models.Correction {
+	//fmt.Printf("DEBUG: generateDelegationCorrections start zone=%q nsList = %v\n", zone.Name, zone.Nameservers)
+	nsList, err := nameservers.DetermineNameserversForProviders(zone, providers, true)
+	if err != nil {
+		return msg(fmt.Sprintf("DtermineNS: zone %q; Error: %s", zone.Name, err))
+	}
+	zone.Nameservers = nsList
+	nameservers.AddNSRecords(zone)
+
+	if len(zone.Nameservers) == 0 && zone.Metadata["no_ns"] != "true" {
+		return []*models.Correction{{Msg: fmt.Sprintf("No nameservers declared for domain %q; skipping registrar. Add {no_ns:'true'} to force", zone.Name)}}
+	}
+
+	corrections, err := zone.RegistrarInstance.Driver.GetRegistrarCorrections(zone)
+	if err != nil {
+		return msg(fmt.Sprintf("zone %q; Rprovider %q; Error: %s", zone.Name, zone.RegistrarInstance.Name, err))
+	}
+	return corrections
+}
+
+func msg(s string) []*models.Correction {
+	return []*models.Correction{{Msg: s}}
+}
+
+// PInitializeProviders takes (fully processed) configuration and instantiates all providers and returns them.
+func PInitializeProviders(cfg *models.DNSConfig, providerConfigs map[string]map[string]string, notifyFlag bool) (notify notifications.Notifier, err error) {
+	var notificationCfg map[string]string
+	defer func() {
+		notify = notifications.Init(notificationCfg)
+	}()
+	if notifyFlag {
+		notificationCfg = providerConfigs["notifications"]
+	}
+	isNonDefault := map[string]bool{}
+	for name, vals := range providerConfigs {
+		// add "_exclude_from_defaults":"true" to a provider to exclude it from being run unless
+		// -providers=all or -providers=name
+		if vals["_exclude_from_defaults"] == "true" {
+			isNonDefault[name] = true
+		}
+	}
+
+	// Populate provider type ids based on values from creds.json:
+	msgs, err := ppopulateProviderTypes(cfg, providerConfigs)
+	if len(msgs) != 0 {
+		fmt.Fprintln(os.Stderr, strings.Join(msgs, "\n"))
+	}
+	if err != nil {
+		return
+	}
+
+	registrars := map[string]providers.Registrar{}
+	dnsProviders := map[string]providers.DNSServiceProvider{}
+	for _, d := range cfg.Domains {
+		if registrars[d.RegistrarName] == nil {
+			rCfg := cfg.RegistrarsByName[d.RegistrarName]
+			r, err := providers.CreateRegistrar(rCfg.Type, providerConfigs[d.RegistrarName])
+			if err != nil {
+				return nil, err
+			}
+			registrars[d.RegistrarName] = r
+		}
+		d.RegistrarInstance.Driver = registrars[d.RegistrarName]
+		d.RegistrarInstance.IsDefault = !isNonDefault[d.RegistrarName]
+		for _, pInst := range d.DNSProviderInstances {
+			if dnsProviders[pInst.Name] == nil {
+				dCfg := cfg.DNSProvidersByName[pInst.Name]
+				prov, err := providers.CreateDNSProvider(dCfg.Type, providerConfigs[dCfg.Name], dCfg.Metadata)
+				if err != nil {
+					return nil, err
+				}
+				dnsProviders[pInst.Name] = prov
+			}
+			pInst.Driver = dnsProviders[pInst.Name]
+			pInst.IsDefault = !isNonDefault[pInst.Name]
+		}
+	}
+	return
+}
+
+// pproviderTypeFieldName is the name of the field in creds.json that specifies the provider type id.
+const pproviderTypeFieldName = "TYPE"
+
+// ppurl is the documentation URL to list in the warnings related to missing provider type ids.
+const purl = "https://docs.dnscontrol.org/commands/creds-json"
+
+// ppopulateProviderTypes scans a DNSConfig for blank provider types and fills them in based on providerConfigs.
+// That is, if the provider type is "-" or "", we take that as an flag
+// that means this value should be replaced by the type found in creds.json.
+func ppopulateProviderTypes(cfg *models.DNSConfig, providerConfigs map[string]map[string]string) ([]string, error) {
+	var msgs []string
+
+	for i := range cfg.Registrars {
+		pType := cfg.Registrars[i].Type
+		pName := cfg.Registrars[i].Name
+		nt, warnMsg, err := prefineProviderType(pName, pType, providerConfigs[pName], "NewRegistrar")
+		cfg.Registrars[i].Type = nt
+		if warnMsg != "" {
+			msgs = append(msgs, warnMsg)
+		}
+		if err != nil {
+			return msgs, err
+		}
+	}
+
+	for i := range cfg.DNSProviders {
+		pName := cfg.DNSProviders[i].Name
+		pType := cfg.DNSProviders[i].Type
+		nt, warnMsg, err := prefineProviderType(pName, pType, providerConfigs[pName], "NewDnsProvider")
+		cfg.DNSProviders[i].Type = nt
+		if warnMsg != "" {
+			msgs = append(msgs, warnMsg)
+		}
+		if err != nil {
+			return msgs, err
+		}
+	}
+
+	// Update these fields set by
+	// commands/commands.go:preloadProviders().
+	// This is probably a layering violation.  That said, the
+	// fundamental problem here is that we're storing the provider
+	// instances by string name, not by a pointer to a struct.  We
+	// should clean that up someday.
+	for _, domain := range cfg.Domains { // For each domain..
+		for _, provider := range domain.DNSProviderInstances { // For each provider...
+			pName := provider.ProviderBase.Name
+			pType := provider.ProviderBase.ProviderType
+			nt, warnMsg, err := prefineProviderType(pName, pType, providerConfigs[pName], "NewDnsProvider")
+			provider.ProviderBase.ProviderType = nt
+			if warnMsg != "" {
+				msgs = append(msgs, warnMsg)
+			}
+			if err != nil {
+				return msgs, err
+			}
+		}
+		p := domain.RegistrarInstance
+		pName := p.Name
+		pType := p.ProviderType
+		nt, warnMsg, err := prefineProviderType(pName, pType, providerConfigs[pName], "NewRegistrar")
+		p.ProviderType = nt
+		if warnMsg != "" {
+			msgs = append(msgs, warnMsg)
+		}
+		if err != nil {
+			return msgs, err
+		}
+	}
+
+	return puniqueStrings(msgs), nil
+}
+
+// puniqueStrings takes an unsorted slice of strings and returns the
+// unique strings, in the order they first appeared in the list.
+func puniqueStrings(stringSlice []string) []string {
+	keys := make(map[string]bool)
+	list := []string{}
+	for _, entry := range stringSlice {
+		if _, ok := keys[entry]; !ok {
+			keys[entry] = true
+			list = append(list, entry)
+		}
+	}
+	return list
+}
+
+func prefineProviderType(credEntryName string, t string, credFields map[string]string, source string) (replacementType string, warnMsg string, err error) {
+
+	// t="" and t="-" are processed the same. Standardize on "-" to reduce the number of cases to check.
+	if t == "" {
+		t = "-"
+	}
+
+	// Use cases:
+	//
+	// type     credsType
+	// ----     ---------
+	// - or ""  GANDI        lookup worked. Nothing to say.
+	// - or ""  - or ""      ERROR "creds.json has invalid or missing data"
+	// GANDI    ""           WARNING "Working but.... Please fix as follows..."
+	// GANDI    GANDI        INFO "working but unneeded: clean up as follows..."
+	// GANDI    NAMEDOT      ERROR "error mismatched: please fix as follows..."
+
+	// ERROR: Invalid.
+	// WARNING: Required change to remain compatible with 4.0
+	// INFO: Post-4.0 cleanups or other non-required changes.
+
+	if t != "-" {
+		// Old-style, dnsconfig.js specifies the type explicitly.
+		// This is supported but we suggest updates for future compatibility.
+
+		// If credFields is nil, that means there was no entry in creds.json:
+		if credFields == nil {
+			// Warn the user to update creds.json in preparation for 4.0:
+			// In 4.0 this should be an error.  We could default to a
+			// provider such as "NONE" but I suspect it would be confusing
+			// to users to see references to a provider name that they did
+			// not specify.
+			return t, fmt.Sprintf(`WARNING: For future compatibility, add this entry creds.json: %q: { %q: %q }, (See %s#missing)`,
+				credEntryName, pproviderTypeFieldName, t,
+				purl,
+			), nil
+		}
+
+		switch ct := credFields[pproviderTypeFieldName]; ct {
+		case "":
+			// Warn the user to update creds.json in preparation for 4.0:
+			// In 4.0 this should be an error.
+			return t, fmt.Sprintf(`WARNING: For future compatibility, update the %q entry in creds.json by adding: %q: %q, (See %s#missing)`,
+				credEntryName,
+				pproviderTypeFieldName, t,
+				purl,
+			), nil
+		case "-":
+			// This should never happen. The user is specifying "-" in a place that it shouldn't be used.
+			return "-", "", fmt.Errorf(`ERROR: creds.json entry %q has invalid %q value %q (See %s#hyphen)`,
+				credEntryName, pproviderTypeFieldName, ct,
+				purl,
+			)
+		case t:
+			// creds.json file is compatible with and dnsconfig.js can be updated.
+			return ct, fmt.Sprintf(`INFO: In dnsconfig.js %s(%q, %q) can be simplified to %s(%q) (See %s#cleanup)`,
+				source, credEntryName, t,
+				source, credEntryName,
+				purl,
+			), nil
+		default:
+			// creds.json lists a TYPE but it doesn't match what's in dnsconfig.js!
+			return t, "", fmt.Errorf(`ERROR: Mismatch found! creds.json entry %q has %q set to %q but dnsconfig.js specifies %s(%q, %q) (See %s#mismatch)`,
+				credEntryName,
+				pproviderTypeFieldName, ct,
+				source, credEntryName, t,
+				purl,
+			)
+		}
+	}
+
+	// t == "-"
+	// New-style, dnsconfig.js does not specify the type (t == "") or a
+	// command line tool accepted "-" as a positional argument for
+	// backwards compatibility.
+
+	// If credFields is nil, that means there was no entry in creds.json:
+	if credFields == nil {
+		return "", "", fmt.Errorf(`ERROR: creds.json is missing an entry called %q. Suggestion: %q: { %q: %q }, (See %s#missing)`,
+			credEntryName,
+			credEntryName, pproviderTypeFieldName, "FILL_IN_PROVIDER_TYPE",
+			purl,
+		)
+	}
+
+	// New-style, dnsconfig.js doesn't specifies the type. It will be
+	// looked up in creds.json.
+	switch ct := credFields[pproviderTypeFieldName]; ct {
+	case "":
+		return ct, "", fmt.Errorf(`ERROR: creds.json entry %q is missing: %q: %q, (See %s#fixcreds)`,
+			credEntryName,
+			pproviderTypeFieldName, "FILL_IN_PROVIDER_TYPE",
+			purl,
+		)
+	case "-":
+		// This should never happen. The user is confused and specified "-" in the wrong place!
+		return "-", "", fmt.Errorf(`ERROR: creds.json entry %q has invalid %q value %q (See %s#hyphen)`,
+			credEntryName,
+			pproviderTypeFieldName, ct,
+			purl,
+		)
+	default:
+		// use the value in creds.json (this should be the normal case)
+		return ct, "", nil
+	}
+
+}
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 594383224d..8872c1eb1a 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -230,7 +230,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 
 			// Correct the registrar...
 
-			nsList, err := nameservers.DetermineNameserversForProviders(domain, providersWithExistingZone)
+			nsList, err := nameservers.DetermineNameserversForProviders(domain, providersWithExistingZone, false)
 			if err != nil {
 				out.Errorf("ERROR: %s\n", err.Error())
 				return
diff --git a/commands/zonecache.go b/commands/zonecache.go
new file mode 100644
index 0000000000..32aa4a8e15
--- /dev/null
+++ b/commands/zonecache.go
@@ -0,0 +1,27 @@
+package commands
+
+import "github.com/StackExchange/dnscontrol/v4/providers"
+
+func NewZoneCache() *zoneCache {
+	return &zoneCache{}
+}
+
+func (zc *zoneCache) zoneList(name string, lister providers.ZoneLister) (*[]string, error) {
+	zc.Lock()
+	defer zc.Unlock()
+
+	if zc.cache == nil {
+		zc.cache = map[string]*[]string{}
+	}
+
+	if v, ok := zc.cache[name]; ok {
+		return v, nil
+	}
+
+	zones, err := lister.ListZones()
+	if err != nil {
+		return nil, err
+	}
+	zc.cache[name] = &zones
+	return &zones, nil
+}
diff --git a/documentation/providers.md b/documentation/providers.md
index 5626be138c..f1adf61b0f 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -17,13 +17,13 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
 | [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 | [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
@@ -34,7 +34,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
@@ -59,7 +59,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
 | [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
diff --git a/models/domain.go b/models/domain.go
index 65118e00a6..8666be9248 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -3,6 +3,7 @@ package models
 import (
 	"fmt"
 	"strings"
+	"sync"
 
 	"github.com/qdm12/reprint"
 	"golang.org/x/net/idna"
@@ -23,9 +24,10 @@ type DomainConfig struct {
 
 	// Metadata[DomainUniqueName] // .Name + "!" + .Tag
 	// Metadata[DomainTag] // split horizon tag
-	Metadata    map[string]string `json:"meta,omitempty"`
-	Records     Records           `json:"records"`
-	Nameservers []*Nameserver     `json:"nameservers,omitempty"`
+	Metadata         map[string]string `json:"meta,omitempty"`
+	Records          Records           `json:"records"`
+	Nameservers      []*Nameserver     `json:"nameservers,omitempty"`
+	NameserversMutex sync.Mutex        `json:"-"`
 
 	EnsureAbsent Records `json:"recordsabsent,omitempty"` // ENSURE_ABSENT
 	KeepUnknown  bool    `json:"keepunknown,omitempty"`   // NO_PURGE
@@ -42,6 +44,12 @@ type DomainConfig struct {
 	// 2. Final driver instances are loaded after we load credentials. Any actual provider interaction requires that.
 	RegistrarInstance    *RegistrarInstance     `json:"-"`
 	DNSProviderInstances []*DNSProviderInstance `json:"-"`
+
+	// Pending work to do for each provider.  Provider may be a registrar or DSP.
+	// pendingCorrectionsMutex sync.Mutex
+	pendingCorrections      map[string]([]*Correction) // Work to be done for each provider
+	pendingCorrectionsOrder []string                   // Call the providers in this order
+	pendingCorrectionsMutex sync.Mutex                 // Protect pendingCorrections*
 }
 
 // GetSplitHorizonNames returns the domain's name, uniquename, and tag.
@@ -141,3 +149,38 @@ func (dc *DomainConfig) Punycode() error {
 	}
 	return nil
 }
+
+func (dc *DomainConfig) StoreCorrections(providerName string, corrections []*Correction) {
+	dc.pendingCorrectionsMutex.Lock()
+	defer dc.pendingCorrectionsMutex.Unlock()
+
+	if dc.pendingCorrections == nil {
+		// First time storing anything.
+		dc.pendingCorrections = make(map[string]([]*Correction))
+		dc.pendingCorrections[providerName] = corrections
+		dc.pendingCorrectionsOrder = []string{providerName}
+	} else if c, ok := dc.pendingCorrections[providerName]; !ok {
+		// First time key used
+		dc.pendingCorrections[providerName] = corrections
+		dc.pendingCorrectionsOrder = []string{providerName}
+	} else {
+		// Add to existing.
+		dc.pendingCorrections[providerName] = append(c, corrections...)
+		dc.pendingCorrectionsOrder = append(dc.pendingCorrectionsOrder, providerName)
+
+	}
+}
+
+func (dc *DomainConfig) GetCorrections(providerName string) []*Correction {
+	dc.pendingCorrectionsMutex.Lock()
+	defer dc.pendingCorrectionsMutex.Unlock()
+
+	if dc.pendingCorrections == nil {
+		// First time storing anything.
+		return nil
+	}
+	if c, ok := dc.pendingCorrections[providerName]; ok {
+		return c
+	}
+	return nil
+}
diff --git a/pkg/nameservers/nameservers.go b/pkg/nameservers/nameservers.go
index 6df91f8e6f..56faabd72f 100644
--- a/pkg/nameservers/nameservers.go
+++ b/pkg/nameservers/nameservers.go
@@ -14,24 +14,26 @@ import (
 // 1. All explicitly defined NAMESERVER records will be used.
 // 2. Each DSP declares how many nameservers to use. Default is all. 0 indicates to use none.
 func DetermineNameservers(dc *models.DomainConfig) ([]*models.Nameserver, error) {
-	return DetermineNameserversForProviders(dc, dc.DNSProviderInstances)
+	return DetermineNameserversForProviders(dc, dc.DNSProviderInstances, false)
 }
 
 // DetermineNameserversForProviders is like DetermineNameservers, for a subset of providers.
-func DetermineNameserversForProviders(dc *models.DomainConfig, providers []*models.DNSProviderInstance) ([]*models.Nameserver, error) {
-	// always take explicit
+func DetermineNameserversForProviders(dc *models.DomainConfig, providers []*models.DNSProviderInstance, silent bool) ([]*models.Nameserver, error) {
+	// start with the nameservers that have been explicitly added:
 	ns := dc.Nameservers
+
 	for _, dnsProvider := range providers {
 		n := dnsProvider.NumberOfNameservers
 		if n == 0 {
 			continue
 		}
-		if !printer.SkinnyReport {
+		if !silent && !printer.SkinnyReport {
 			fmt.Printf("----- Getting nameservers from: %s\n", dnsProvider.Name)
 		}
+
 		nss, err := dnsProvider.Driver.GetNameservers(dc.Name)
 		if err != nil {
-			return nil, err
+			return nil, fmt.Errorf("error while getting Nameservers for zone=%q with provider=%q: %w", dc.Name, dnsProvider.Name, err)
 		}
 		// Clean up the nameservers due to
 		// https://github.com/StackExchange/dnscontrol/issues/491
diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index 9cc6d26ce3..e5717145dd 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -31,6 +31,7 @@ type Printer interface {
 	Println(lines ...string)
 	Warnf(fmt string, args ...interface{})
 	Errorf(fmt string, args ...interface{})
+	PrintfIf(print bool, fmt string, args ...interface{})
 }
 
 // Debugf is called to print/format debug information.
@@ -58,6 +59,11 @@ func Warnf(fmt string, args ...interface{}) {
 // 	DefaultPrinter.Errorf(fmt, args...)
 // }
 
+// PrintfIf is called to optionally print something.
+func PrintfIf(print bool, fmt string, args ...interface{}) {
+	DefaultPrinter.PrintfIf(print, fmt, args...)
+}
+
 var (
 	// DefaultPrinter is the default Printer, used by Debugf, Printf, and Warnf.
 	DefaultPrinter = &ConsolePrinter{
@@ -190,3 +196,10 @@ func (c ConsolePrinter) Warnf(format string, args ...interface{}) {
 func (c ConsolePrinter) Errorf(format string, args ...interface{}) {
 	fmt.Fprintf(c.Writer, "ERROR: "+format, args...)
 }
+
+// Errorf is called to optionally print/format a message.
+func (c ConsolePrinter) PrintfIf(print bool, format string, args ...interface{}) {
+	if print {
+		fmt.Fprintf(c.Writer, format, args...)
+	}
+}
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 849f8f5b0a..916cc56b67 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -23,15 +23,13 @@ type azurednsProvider struct {
 	zones          map[string]*adns.Zone
 	resourceGroup  *string
 	subscriptionID *string
-	rawRecords     map[string][]*adns.RecordSet
-	zoneName       map[string]string
 }
 
 func newAzureDNSDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	return newAzureDNS(conf, metadata)
 }
 
-func newAzureDNS(m map[string]string, metadata json.RawMessage) (*azurednsProvider, error) {
+func newAzureDNS(m map[string]string, _ json.RawMessage) (*azurednsProvider, error) {
 	subID, rg := m["SubscriptionID"], m["ResourceGroup"]
 	clientID, clientSecret, tenantID := m["ClientID"], m["ClientSecret"], m["TenantID"]
 	credential, authErr := aauth.NewClientSecretCredential(tenantID, clientID, clientSecret, nil)
@@ -52,8 +50,6 @@ func newAzureDNS(m map[string]string, metadata json.RawMessage) (*azurednsProvid
 		recordsClient:  recordsClient,
 		resourceGroup:  to.StringPtr(rg),
 		subscriptionID: to.StringPtr(subID),
-		rawRecords:     map[string][]*adns.RecordSet{},
-		zoneName:       map[string]string{},
 	}
 	err := api.getZones()
 	if err != nil {
@@ -66,7 +62,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("Azure DNS does not provide a generic ALIAS functionality. Use AZURE_ALIAS instead."),
 	providers.CanUseAzureAlias:       providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
@@ -187,9 +183,6 @@ func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []
 		existingRecords = append(existingRecords, nativeToRecords(set, zoneName)...)
 	}
 
-	a.rawRecords[domain] = rawRecords
-	a.zoneName[domain] = zoneName
-
 	return existingRecords, rawRecords, zoneName, nil
 }
 
diff --git a/providers/capabilities.go b/providers/capabilities.go
index f0baa2d3ed..6691c5699d 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -2,7 +2,9 @@
 
 package providers
 
-import "log"
+import (
+	"log"
+)
 
 // Capability is a bitmasked set of "features" that a provider supports. Only use constants from this package.
 type Capability uint32
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 0a4b759318..13cc08a057 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"strconv"
 	"strings"
+	"sync"
 
 	"golang.org/x/net/idna"
 
@@ -43,7 +44,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
@@ -79,6 +80,7 @@ type cloudflareProvider struct {
 	manageWorkers   bool
 	accountID       string
 	cfClient        *cloudflare.API
+	sync.Mutex
 }
 
 // TODO(dlemenkov): remove this function after deleting all commented code referecing it
@@ -94,27 +96,29 @@ type cloudflareProvider struct {
 
 // GetNameservers returns the nameservers for a domain.
 func (c *cloudflareProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
-	if c.domainIndex == nil {
-		if err := c.fetchDomainList(); err != nil {
-			return nil, err
-		}
+	if err := c.cacheDomainList(); err != nil {
+		return nil, err
 	}
+	c.Lock()
 	ns, ok := c.nameservers[domain]
+	c.Unlock()
 	if !ok {
-		return nil, fmt.Errorf("nameservers for %s not found in cloudflare account", domain)
+		return nil, fmt.Errorf("nameservers for %s not found in cloudflare cache(%q)", domain, c.accountID)
 	}
 	return models.ToNameservers(ns)
 }
 
 // ListZones returns a list of the DNS zones.
 func (c *cloudflareProvider) ListZones() ([]string, error) {
-	if err := c.fetchDomainList(); err != nil {
+	if err := c.cacheDomainList(); err != nil {
 		return nil, err
 	}
+	c.Lock()
 	zones := make([]string, 0, len(c.domainIndex))
 	for d := range c.domainIndex {
 		zones = append(zones, d)
 	}
+	c.Unlock()
 	return zones, nil
 }
 
@@ -178,12 +182,12 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 }
 
 func (c *cloudflareProvider) getDomainID(name string) (string, error) {
-	if c.domainIndex == nil {
-		if err := c.fetchDomainList(); err != nil {
-			return "", err
-		}
+	if err := c.cacheDomainList(); err != nil {
+		return "", err
 	}
+	c.Lock()
 	id, ok := c.domainIndex[name]
+	c.Unlock()
 	if !ok {
 		return "", fmt.Errorf("'%s' not a zone in cloudflare account", name)
 	}
@@ -196,14 +200,6 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	if err := c.preprocessConfig(dc); err != nil {
 		return nil, err
 	}
-	//	for i := len(records) - 1; i >= 0; i-- {
-	//		rec := records[i]
-	//		// Delete ignore labels
-	//		if labelMatches(dnsutil.TrimDomainName(rec.Original.(cloudflare.DNSRecord).Name, dc.Name), c.ignoredLabels) {
-	//			printer.Debugf("ignored_label: %s\n", rec.Original.(cloudflare.DNSRecord).Name)
-	//			records = append(records[:i], records[i+1:]...)
-	//		}
-	//	}
 
 	checkNSModifications(dc)
 
@@ -222,9 +218,6 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		if rec.Metadata[metaProxy] != "off" {
 			rec.TTL = 1
 		}
-		//		if labelMatches(rec.GetLabel(), c.ignoredLabels) {
-		//			log.Fatalf("FATAL: dnsconfig contains label that matches ignored_labels: %#v is in %v)\n", rec.GetLabel(), c.ignoredLabels)
-		//		}
 	}
 
 	checkNSModifications(dc)
@@ -815,11 +808,14 @@ func getProxyMetadata(r *models.RecordConfig) map[string]string {
 
 // EnsureZoneExists creates a zone if it does not exist
 func (c *cloudflareProvider) EnsureZoneExists(domain string) error {
-	if c.domainIndex == nil {
-		if err := c.fetchDomainList(); err != nil {
-			return err
-		}
+	if err := c.cacheDomainList(); err != nil {
+		return err
 	}
+	// if c.domainIndex == nil {
+	// 	if err := c.fetchDomainList(); err != nil {
+	// 		return err
+	// 	}
+	// }
 	if _, ok := c.domainIndex[domain]; ok {
 		return nil
 	}
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 67876e6b38..a223f1e30c 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -13,7 +13,10 @@ import (
 )
 
 // get list of domains for account. Cache so the ids can be looked up from domain name
-func (c *cloudflareProvider) fetchDomainList() error {
+func (c *cloudflareProvider) cacheDomainList() error {
+	c.Lock()
+	defer c.Unlock()
+
 	c.domainIndex = map[string]string{}
 	c.nameservers = map[string][]string{}
 	zones, err := c.cfClient.ListZones(context.Background())
diff --git a/providers/cscglobal/cscglobalProvider.go b/providers/cscglobal/cscglobalProvider.go
index 2cfb866359..e52c2a5265 100644
--- a/providers/cscglobal/cscglobalProvider.go
+++ b/providers/cscglobal/cscglobalProvider.go
@@ -28,7 +28,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.DocOfficiallySupported: providers.Can(),
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index c62ea9e4a6..b9500a6afa 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -26,7 +26,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
diff --git a/providers/providers.go b/providers/providers.go
index e04ab35c4c..79f86523b5 100644
--- a/providers/providers.go
+++ b/providers/providers.go
@@ -171,10 +171,16 @@ func (n None) GetDomainCorrections(dc *models.DomainConfig) ([]*models.Correctio
 	return nil, nil
 }
 
+var featuresNone = DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	CanConcur: Can(),
+}
+
 func init() {
 	RegisterRegistrarType("NONE", func(map[string]string) (Registrar, error) {
 		return None{}, nil
-	})
+	}, featuresNone)
 }
 
 // CustomRType stores an rtype that is only valid for this DSP.
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index 03a7de4e1e..d88658f170 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -27,12 +27,11 @@ import (
 )
 
 type route53Provider struct {
-	client          *r53.Client
-	registrar       *r53d.Client
-	delegationSet   *string
-	zonesByID       map[string]r53Types.HostedZone
-	zonesByDomain   map[string]r53Types.HostedZone
-	originalRecords []r53Types.ResourceRecordSet
+	client        *r53.Client
+	registrar     *r53d.Client
+	delegationSet *string
+	zonesByID     map[string]r53Types.HostedZone
+	zonesByDomain map[string]r53Types.HostedZone
 }
 
 func newRoute53Reg(conf map[string]string) (providers.Registrar, error) {
@@ -79,7 +78,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Cannot("R53 does not provide a generic ALIAS functionality. Use R53_ALIAS instead."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
@@ -267,7 +266,6 @@ func (r *route53Provider) getZoneRecords(zone r53Types.HostedZone) (models.Recor
 	if err != nil {
 		return nil, err
 	}
-	r.originalRecords = records
 
 	var existingRecords = []*models.RecordConfig{}
 	for _, set := range records {

From 1ae265e5f6a87931434e099ac81b4f27ed78caae Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 27 Mar 2024 13:57:21 -0400
Subject: [PATCH 216/438] Add documentation for preview/push (#2884)

---
 documentation/SUMMARY.md      |   9 ++-
 documentation/preview-push.md | 102 ++++++++++++++++++++++++++++++++++
 2 files changed, 108 insertions(+), 3 deletions(-)
 create mode 100644 documentation/preview-push.md

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 5fc70355cc..8202c7b661 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -8,7 +8,6 @@
 * [Examples](examples.md)
 * [Migrating zones to DNSControl](migrating.md)
 * [TypeScript autocomplete and type checking](typescript.md)
-* [Disabling Colors](colors.md)
 
 ## Language Reference
 
@@ -150,10 +149,14 @@
 
 ## Commands
 
-* [creds.json](creds-json.md)
+* [preview/push](preview-push.md)
 * [check-creds](check-creds.md)
-* [get-certs](get-certs.md)
 * [get-zones](get-zones.md)
+* [get-certs](get-certs.md)
+* [fmt](fmt.md)
+* [creds.json](creds-json.md)
+* [Global Flag](globalflags.md)
+* [Disabling Colors](colors.md)
 
 ## Advanced features
 
diff --git a/documentation/preview-push.md b/documentation/preview-push.md
new file mode 100644
index 0000000000..5423169aa8
--- /dev/null
+++ b/documentation/preview-push.md
@@ -0,0 +1,102 @@
+# preview/push
+
+`preview` reads the dnsconfig.js file (or equivalent), determines what changes are to be made, and
+prints them.  `push` is the same but executes the changes.
+
+```text
+Syntax:
+
+NAME:
+   dnscontrol preview - read live configuration and identify changes to be made, without applying them
+
+USAGE:
+   dnscontrol preview [command options] [arguments...]
+
+CATEGORY:
+   main
+
+OPTIONS:
+   --config value                                             File containing dns config in javascript DSL (default: "dnsconfig.js")
+   --dev                                                      Use helpers.js from disk instead of embedded copy (default: false)
+   --variable value, -v value [ --variable value, -v value ]  Add variable that is passed to JS
+   --ir value                                                 Read IR (json) directly from this file. Do not process DSL at all
+   --creds value                                              Provider credentials JSON file (or !program to execute program that outputs json) (default: "creds.json")
+   --providers value                                          Providers to enable (comma separated list); default is all. Can exclude individual providers from default by adding '"_exclude_from_defaults": "true"' to the credentials file for a provider
+   --domains value                                            Comma separated list of domain names to include
+   --notify                                                   set to true to send notifications to configured destinations (default: false)
+   --expect-no-changes                                        set to true for non-zero return code if there are changes (default: false)
+   --no-populate                                              Use this flag to not auto-create non-existing zones at the provider (default: false)
+   --full                                                     Add headings, providers names, notifications of no changes, etc (default: false)
+   --bindserial value                                         Force BIND serial numbers to this value (for reproducibility) (default: 0)
+   --report value                                             (push) Generate a JSON-formatted report of the number of changes made.
+   --help, -h                                                 show help
+```
+
+`--config name` -- Specifies the name of the main configuration file, normally
+`dnsconfig.js`.
+
+`--dev` -- Developer mode.  Normally `helpers.js` is embedded in the dnscontrol
+executable.  With this flag, the local file `helpers.js` is read instead.
+
+`--v foo=bar` -- Sets the variable `foo` to the value `bar` prior to
+interpreting the configuration file.  Multiple `-v` options can be used.
+
+`--creds name` -- Specifies the name of the credentials file, normally
+`creds.json`. Typically the file is read.  If the executable bit is set, the
+file is executed and the output is used as the configuration. (That feature may
+or may not work on Windows.)   If the filename begins with a `|` (for example:
+`|runme.sh`) the `|` is removed and the remaining string is used as the name of
+the program.
+
+`--providers name,name2` -- Specifies a comma-separated list of providers to
+enable.  The default is all providers.  A provider can opt out of being in the
+default list by `"_exclude_from_defaults": "true"` to the credentials entry for
+that provider. In that case, the provider will only be activated if it is
+included in `--providers`.
+
+`--domains value` -- Specifies a comma-separated list of domains to include.
+Typically all domains are included in `preview`/`push`.  Wildcards are not
+permitted except `*` at the start of the entry. For example, `--domains
+example.com,*.in-addr.arpa` would include `example.com` plus all reverse lookup
+domains.
+
+`--notify` -- Enables sending notifications to the destinations configured in
+`creds.json`.
+
+`--expect-no-changes` -- If set, a non-zero exit code is returned if there are
+changes.  Normally DNSControl sets the exit code based on whether or not there
+were protocol errors or other reasons the program can not continue. With this
+flag set, the exit code indicates if any changes were required.  This is
+typically used with `preview` to allow scripts to determine if changes would
+happen if `push` was used. For example, one might want to run `dnscontrol
+preview --expect-no-changes` daily to determine if changes have been made to
+a domain outside of DNSControl.
+
+`--no-populate` -- Do not auto-create non-existing zones at the provider.
+Normally non-existent zones are automatically created at a provider (unless the
+provider does not implement zone creation). This flag disables that feature.
+
+`--full` -- Add headings, providers names, notifications of no changes, etc. to
+the output.  Normally the output of `preview`/`push` is extremely brief. This
+makes the output more verbose. Useful for debugging.
+
+`--bindserial value` -- Force BIND serial numbers to this value. Normally the
+BIND provider generates SOA serial numbers automatically. This flag forces the
+serial number generator to output the value specified for all domains.  This is
+generally used for reproducibility in testing pipelines.
+
+`--report name` -- (`push` only!)  Generate a machine-parseable report of
+performed corrections in the file named `name`.  If no name is specified, no
+report is generated.
+
+## Experimental
+
+The `ppreview`/`ppush` subcommands are a preview of a future feature where zone
+data is gathered concurrently.  The commands will go away when
+they replace the existing `preview`/`push` commands.
+
+`--cmode value` -- Concurrency mode.  Specifies what kind of providers should be run concurrently. This flag onl
+
+* `default` -- Providers are run sequentially or concurrently depending on whether the provider is marked as having been tested to run concurrently.
+* `none` -- All providers are run sequentially. This is the safest mode. It can be used if a concurrency bug is discovered.
+* `all` -- This is unsafe. It runs all providers concurrently, even the ones that have not be validated to run concurrently. It is generally only used for demonstrating bugs.

From c112e91ed8797a9ca82c0ebf16c8df3ef5971419 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 28 Mar 2024 12:48:30 +0100
Subject: [PATCH 217/438] DOCS: Commands preview/push (#2888)

---
 documentation/preview-push.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/documentation/preview-push.md b/documentation/preview-push.md
index 5423169aa8..2390f35318 100644
--- a/documentation/preview-push.md
+++ b/documentation/preview-push.md
@@ -3,9 +3,7 @@
 `preview` reads the dnsconfig.js file (or equivalent), determines what changes are to be made, and
 prints them.  `push` is the same but executes the changes.
 
-```text
-Syntax:
-
+```shell
 NAME:
    dnscontrol preview - read live configuration and identify changes to be made, without applying them
 

From eb19b31371f845ffac9a90ec534435164ee310ac Mon Sep 17 00:00:00 2001
From: xtex <xtexchooser@duck.com>
Date: Tue, 2 Apr 2024 03:45:13 +0800
Subject: [PATCH 218/438] GCORE: Allow PTR records (#2890)

---
 documentation/providers.md       | 2 +-
 providers/gcore/gcoreProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index f1adf61b0f..7abd41e16a 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -35,7 +35,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
 | [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ |
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index de6e36f251..dcc223e10d 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -51,7 +51,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Cannot(),
-	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUsePTR:              providers.Can("G-Core supports PTR records only in rDNS zones"),
 	providers.CanUseSRV:              providers.Can("G-Core doesn't support SRV records with empty targets"),
 	providers.CanUseSSHFP:            providers.Cannot(),
 	providers.CanUseTLSA:             providers.Cannot(),

From a9a4725356e5dde69e3080ab00bf6ada95834b54 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 1 Apr 2024 16:47:11 -0400
Subject: [PATCH 219/438] BUG: ALIAS target not properly canonicalized (#2899)

---
 integrationTest/integration_test.go        | 15 +++++++++++++++
 models/record.go                           | 11 ++++++-----
 pkg/normalize/validate.go                  |  2 +-
 providers/cloudflare/cloudflareProvider.go | 11 +++++++----
 4 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index b12d19c2ce..5acba293c5 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -873,6 +873,13 @@ func makeTests() []*TestGroup {
 			tc("Change CNAME target", cname("testcname", "www.yahoo.com.")),
 		),
 
+		testgroup("CNAME-short",
+			tc("Create a CNAME",
+				a("foo", "1.2.3.4"),
+				cname("testcname", "foo"),
+			),
+		),
+
 		// MX
 
 		// Narrative: MX is the first record we're going to test with
@@ -1607,6 +1614,14 @@ func makeTests() []*TestGroup {
 			tc("change it", alias("@", "foo2.com.")),
 		),
 
+		testgroup("ALIAS to nonfqdn",
+			requires(providers.CanUseAlias),
+			tc("ALIAS at root",
+				a("foo", "1.2.3.4"),
+				alias("@", "foo"),
+			),
+		),
+
 		testgroup("ALIAS on subdomain",
 			requires(providers.CanUseAlias),
 			not("TRANSIP"), // TransIP does support ALIAS records, but only for apex records (@)
diff --git a/models/record.go b/models/record.go
index 4bc008c9d5..1c91a82f5c 100644
--- a/models/record.go
+++ b/models/record.go
@@ -429,7 +429,8 @@ func (rc *RecordConfig) ToRR() dns.RR {
 func (rc *RecordConfig) GetDependencies() []string {
 
 	switch rc.Type {
-	case "NS", "SRV", "CNAME", "MX", "ALIAS", "AZURE_ALIAS", "R53_ALIAS":
+	// #rtype_variations
+	case "NS", "SRV", "CNAME", "DNAME", "MX", "ALIAS", "AZURE_ALIAS", "R53_ALIAS":
 		return []string{
 			rc.target,
 		}
@@ -536,11 +537,11 @@ func Downcase(recs []*RecordConfig) {
 		r.Name = strings.ToLower(r.Name)
 		r.NameFQDN = strings.ToLower(r.NameFQDN)
 		switch r.Type { // #rtype_variations
-		case "AKAMAICDN", "AAAA", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
+		case "AKAMAICDN", "ALIAS", "AAAA", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
 			// Target is case insensitive. Downcase it.
 			r.target = strings.ToLower(r.target)
 			// BUGFIX(tlim): isn't ALIAS in the wrong case statement?
-		case "A", "ALIAS", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "DHCID", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
+		case "A", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "DHCID", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
 			// Do nothing. (IP address or case sensitive target)
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
@@ -561,10 +562,10 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 
 	for _, r := range recs {
 		switch r.Type { // #rtype_variations
-		case "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
+		case "ALIAS", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
-		case "A", "AKAMAICDN", "ALIAS", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
+		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 96095ddee4..1a7f735afe 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -382,7 +382,7 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 			}
 
 			// Canonicalize Targets.
-			if rec.Type == "CNAME" || rec.Type == "MX" || rec.Type == "NS" || rec.Type == "SRV" {
+			if rec.Type == "ALIAS" || rec.Type == "CNAME" || rec.Type == "MX" || rec.Type == "NS" || rec.Type == "SRV" {
 				// #rtype_variations
 				// These record types have a target that is a hostname.
 				// We normalize them to a FQDN so there is less variation to handle.  If a
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 13cc08a057..53134000b3 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -197,6 +197,12 @@ func (c *cloudflareProvider) getDomainID(name string) (string, error) {
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
 
+	for _, rec := range dc.Records {
+		if rec.Type == "ALIAS" {
+			rec.Type = "CNAME"
+		}
+	}
+
 	if err := c.preprocessConfig(dc); err != nil {
 		return nil, err
 	}
@@ -209,9 +215,6 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	}
 
 	for _, rec := range dc.Records {
-		if rec.Type == "ALIAS" {
-			rec.Type = "CNAME"
-		}
 		// As per CF-API documentation proxied records are always forced to have a TTL of 1.
 		// When not forcing this property change here, dnscontrol tries each time to update
 		// the TTL of a record which simply cannot be changed anyway.
@@ -735,7 +738,7 @@ func stringDefault(value interface{}, def string) string {
 func (c *cloudflareProvider) nativeToRecord(domain string, cr cloudflare.DNSRecord) (*models.RecordConfig, error) {
 
 	// normalize cname,mx,ns records with dots to be consistent with our config format.
-	if cr.Type == "CNAME" || cr.Type == "MX" || cr.Type == "NS" || cr.Type == "PTR" {
+	if cr.Type == "ALIAS" || cr.Type == "CNAME" || cr.Type == "MX" || cr.Type == "NS" || cr.Type == "PTR" {
 		if cr.Content != "." {
 			cr.Content = cr.Content + "."
 		}

From 5e211fcade10d9ecae5013b3545c23396b06f34c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 1 Apr 2024 17:49:40 -0400
Subject: [PATCH 220/438] CHORE: Update deps (#2900)

---
 go.mod | 38 ++++++++++++++---------------
 go.sum | 76 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 57 insertions(+), 57 deletions(-)

diff --git a/go.mod b/go.mod
index 581caa294d..3f57fffbe6 100644
--- a/go.mod
+++ b/go.mod
@@ -18,15 +18,15 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.26.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.9
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.9
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3
+	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.10
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.10
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.91.0
+	github.com/cloudflare/cloudflare-go v0.92.0
 	github.com/digitalocean/godo v1.110.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -56,12 +56,12 @@ require (
 	golang.org/x/crypto v0.21.0 // indirect
 	golang.org/x/net v0.22.0
 	golang.org/x/oauth2 v0.18.0
-	google.golang.org/api v0.171.0
+	google.golang.org/api v0.172.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.8
 	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
@@ -71,7 +71,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81
+	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -83,16 +83,16 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 // indirect
-	github.com/aws/smithy-go v1.20.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
+	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -154,7 +154,7 @@ require (
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.19.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
 	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 8ea0d45c5d..e919c5cd3f 100644
--- a/go.sum
+++ b/go.sum
@@ -3,8 +3,8 @@ cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wv
 cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 h1:n1DH8TPV4qqPTje2RcUBYwtrTWlabVp4n46+74X2pn4=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0/go.mod h1:HDcZnuGbiyppErN6lB+idp4CKhjbc8gwjto6OPpyggM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 h1:U/kwEXj0Y+1REAkV4kV8VO1CsEp8tSaQDG/7qC5XuqQ=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
@@ -39,36 +39,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA=
-github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
-github.com/aws/aws-sdk-go-v2/config v1.27.9 h1:gRx/NwpNEFSk+yQlgmk1bmxxvQ5TyJ76CWXs9XScTqg=
-github.com/aws/aws-sdk-go-v2/config v1.27.9/go.mod h1:dK1FQfpwpql83kbD873E9vz4FyAxuJtR22wzoXn3qq0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.9 h1:N8s0/7yW+h8qR8WaRlPQeJ6czVMNQVNtNdUqf6cItao=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.9/go.mod h1:446YhIdmSV0Jf/SLafGZalQo+xr2iw7/fzXGDPTU1yQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 h1:af5YzcLf80tv4Em4jWVD75lpnOHSBkPUZxZfGkrI3HI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0/go.mod h1:nQ3how7DMnFMWiU1SpECohgC82fpn4cKZ875NDMmwtA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 h1:0ScVK/4qZ8CIW0k8jOeFVsyS/sAiXpYxRBLolMkuLQM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4/go.mod h1:84KyjNZdHC6QZW08nfHI6yZgPd+qRgaWcYsyLUo3QY8=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 h1:sHmMWWX5E7guWEFQ9SVo6A3S4xpPrWnd77a6y4WM6PU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4/go.mod h1:WjpDrhWisWOIoS9n3nk67A3Ll1vfULJ9Kq6h29HTD48=
+github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
+github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro=
+github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 h1:b+E7zIUHMmcB4Dckjpkapoy47W6C9QBv/zoUP+Hn8Kc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6/go.mod h1:S2fNV0rxrP78NhPbCZeQgY8H9jdDMeGtwcfZIRxzBqU=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3 h1:wr5gulbwbb8PSRMWjCROoP0TIMccpF8x5A7hEk2SjpA=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.3/go.mod h1:/Gyl9xjGcjIVe80ar75YlmA8m6oFh0A4XfLciBmdS8s=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3 h1:iuBYHWv0+2pF2qbM+UmnSwvcdOknXRi4yE9KBHhAItQ=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.3/go.mod h1:Ijqatnvuyx5IE/FmFJWJyWTcUY5XrlXgc6G7z1Fqk6o=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 h1:mnbuWHOcM70/OFUlZZ5rcdfA8PflGXXiefU/O+1S3+8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.3/go.mod h1:5HFu51Elk+4oRBZVxmHrSds5jFXmFj8C3w7DVF2gnrs=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 h1:uLq0BKatTmDzWa/Nu4WO0M1AaQDaPpwTKAeByEc6WFM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3/go.mod h1:b+qdhjnxj8GSR6t5YfphOffeoQSQ1KmpoVVuBn+PWxs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 h1:J/PpTf/hllOjx8Xu9DMflff3FajfLxqM5+tepvVXmxg=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.5/go.mod h1:0ih0Z83YDH/QeQ6Ori2yGE2XvWYv/Xm+cZc01LC6oK0=
-github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
-github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4 h1:ZZKiHm4cN8IDDZ2kh8DTk+YnYBjVsiFdwf5FwVs//IQ=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4 h1:Qb7EiHvGJZGU43aCMahEJrP5sJjV62gGXm4y9x/syRQ=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4/go.mod h1:8wjITSWOCR+G7DhS2WraZnZ/geFYxXLLP0KKTfZtRGQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -87,8 +87,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.91.0 h1:L7IR+86qrZuEMSjGFg4cwRwtHqC8uCPmMUkP7BD4CPw=
-github.com/cloudflare/cloudflare-go v0.91.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
+github.com/cloudflare/cloudflare-go v0.92.0 h1:ltJvGvqZ4G6Fm2hHOYZ5RWpJQcrM0oDrsjjZydZhFJQ=
+github.com/cloudflare/cloudflare-go v0.92.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -428,8 +428,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
-golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
+golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
+golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -534,8 +534,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.171.0 h1:w174hnBPqut76FzW5Qaupt7zY8Kql6fiVjgys4f58sU=
-google.golang.org/api v0.171.0/go.mod h1:Hnq5AHm4OTMt2BUVjael2CWZFD6vksJdWCWiUAmjC9o=
+google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk=
+google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
@@ -546,8 +546,8 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
 google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ=
 google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From 293d5cb54754d9d2303a420e7c9215f44b81a00e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 1 Apr 2024 20:44:26 -0400
Subject: [PATCH 221/438] DOCS: Add missing docs for fmt, global flags,
 preview-push (#2886)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 commands/commands.go          |   5 +-
 documentation/creds-json.md   |  15 ++--
 documentation/fmt.md          |  50 +++++++++++++
 documentation/globalflags.md  |  42 +++++++++++
 documentation/preview-push.md | 137 +++++++++++++++++++---------------
 5 files changed, 178 insertions(+), 71 deletions(-)
 create mode 100644 documentation/fmt.md
 create mode 100644 documentation/globalflags.md

diff --git a/commands/commands.go b/commands/commands.go
index b46355b4f9..23e46d0a7d 100644
--- a/commands/commands.go
+++ b/commands/commands.go
@@ -50,8 +50,9 @@ func Run(v string) int {
 	app.Usage = "DNSControl is a compiler and DSL for managing dns zones"
 	app.Flags = []cli.Flag{
 		&cli.BoolFlag{
-			Name:        "v",
-			Usage:       "Enable detailed logging",
+			Name:        "debug",
+			Aliases:     []string{"v"},
+			Usage:       "Enable debug logging",
 			Destination: &printer.DefaultPrinter.Verbose,
 		},
 		&cli.BoolFlag{
diff --git a/documentation/creds-json.md b/documentation/creds-json.md
index 8c2f1eff38..318fe9213a 100644
--- a/documentation/creds-json.md
+++ b/documentation/creds-json.md
@@ -225,13 +225,14 @@ An example of a template file containing Linode and Cloudflare API credentials i
 ```
 {% endcode %}
 
-## Don't store secrets in a Git repo!
+## Don't store creds.json in a Git repo!
 
-Do NOT store secrets in a Git repository. That is not secure. For example,
-storing the example `cloudflare_tal` is insecure because anyone with access to
-your Git repository or the history will know your apiuser is `REDACTED`.
-Removing secrets accidentally stored in Git is very difficult. You'll probably
-give up and re-create the repo and lose all history.
+Do NOT store `creds.json` (or any secrets!) in a Git repository. That is not secure.
 
-Instead, use environment variables as in the `hexonet` example above.  Use
+For example, storing the creds.json at the top of this document would be horribly insecure.
+Anyone with access to your Git repository *or the history* will know your apiuser is `REDACTED`.
+Removing secrets accidentally stored in Git is very difficult because you'll need to rewrite
+the repo history.
+
+A better way is to use environment variables as in the `hexonet` example above.  Use
 secure means to distribute the names and values of the environment variables.
diff --git a/documentation/fmt.md b/documentation/fmt.md
new file mode 100644
index 0000000000..1c7f5dcdc2
--- /dev/null
+++ b/documentation/fmt.md
@@ -0,0 +1,50 @@
+# fmt
+
+This is a stand-alone utility to pretty-format your `dnsconfig.js` configuration file.
+
+```shell
+NAME:
+   dnscontrol fmt - [BETA] Format and prettify a given file
+
+USAGE:
+   dnscontrol fmt [command options] [arguments...]
+
+CATEGORY:
+   utility
+
+OPTIONS:
+   --input value, -i value   Input file (default: "dnsconfig.js")
+   --output value, -o value  Output file
+   --help, -h                show help
+```
+
+## Examples
+
+By default the output goes to stdout:
+
+```shell
+dnscontrol fmt >new-dnsconfig.js
+```
+
+You can also redirect the output via the `-o` option:
+
+```shell
+dnscontrol fmt -o new-dnsconfig.js
+```
+
+The **safest** method involves making a backup first:
+
+```shell
+cp dnsconfig.js dnsconfig.js.BACKUP
+dnscontrol fmt -i dnsconfig.js.BACKUP -o dnsconfig.js
+```
+
+The **riskiest** method depends on the fact that DNSControl currently processes
+the `-o` file after the input file is completely read. It makes no backups.
+This is useful if Git is your backup mechanism.
+
+```shell
+git commit -m'backup dnsconfig.js' dnsconfig.js
+dnscontrol fmt -o dnsconfig.js
+git diff -- dnsconfig.js
+```
diff --git a/documentation/globalflags.md b/documentation/globalflags.md
new file mode 100644
index 0000000000..67831fa579
--- /dev/null
+++ b/documentation/globalflags.md
@@ -0,0 +1,42 @@
+# Global Flags
+
+These flags are global. They affect all subcommands.
+
+```text
+   --debug, -v        Enable detailed logging (default: false)
+   --allow-fetch      Enable JS fetch(), dangerous on untrusted code! (default: false)
+   --disableordering  Disables update reordering (default: false)
+   --no-colors        Disable colors (default: false)
+   --help, -h         show help
+```
+
+They must appear before the subcommand.
+
+**Right**
+
+{% hint style="success" %}
+```shell
+dnscontrol --no-colors preview
+```
+{% endhint %}
+
+**Wrong**
+
+{% hint style="danger" %}
+```shell
+dnscontrol preview --no-colors
+```
+{% endhint %}
+
+* `-debug`
+  * Enable debug output.  (The `-v` alias is the original name for this flag. That alias will go away eventually.)
+
+
+* `--allow-fetch`
+  * Enable the `fetch()` function in `dnsconfig.js` (or equivalent). It is disabled by default because it can be used for nefarious purposes. It is dangerous on untrusted code!  Enable it only if you trust all the people editing dnsconfig.js.
+
+* `--disableordering`
+  * Disables update reordering. Normally DNSControl re-orders the updates done by `push`. This is usually only used to work around bugs in the reordering code.
+
+* `--no-colors`
+  * Disable colors. See [Disabling Colors](colors.md) for details.
diff --git a/documentation/preview-push.md b/documentation/preview-push.md
index 2390f35318..84968a0fd4 100644
--- a/documentation/preview-push.md
+++ b/documentation/preview-push.md
@@ -30,71 +30,84 @@ OPTIONS:
    --help, -h                                                 show help
 ```
 
-`--config name` -- Specifies the name of the main configuration file, normally
+* `--config name`
+  * Specifies the name of the main configuration file, normally
 `dnsconfig.js`.
 
-`--dev` -- Developer mode.  Normally `helpers.js` is embedded in the dnscontrol
-executable.  With this flag, the local file `helpers.js` is read instead.
-
-`--v foo=bar` -- Sets the variable `foo` to the value `bar` prior to
-interpreting the configuration file.  Multiple `-v` options can be used.
-
-`--creds name` -- Specifies the name of the credentials file, normally
-`creds.json`. Typically the file is read.  If the executable bit is set, the
-file is executed and the output is used as the configuration. (That feature may
-or may not work on Windows.)   If the filename begins with a `|` (for example:
-`|runme.sh`) the `|` is removed and the remaining string is used as the name of
-the program.
-
-`--providers name,name2` -- Specifies a comma-separated list of providers to
-enable.  The default is all providers.  A provider can opt out of being in the
-default list by `"_exclude_from_defaults": "true"` to the credentials entry for
-that provider. In that case, the provider will only be activated if it is
-included in `--providers`.
-
-`--domains value` -- Specifies a comma-separated list of domains to include.
-Typically all domains are included in `preview`/`push`.  Wildcards are not
-permitted except `*` at the start of the entry. For example, `--domains
-example.com,*.in-addr.arpa` would include `example.com` plus all reverse lookup
-domains.
-
-`--notify` -- Enables sending notifications to the destinations configured in
-`creds.json`.
-
-`--expect-no-changes` -- If set, a non-zero exit code is returned if there are
-changes.  Normally DNSControl sets the exit code based on whether or not there
-were protocol errors or other reasons the program can not continue. With this
-flag set, the exit code indicates if any changes were required.  This is
-typically used with `preview` to allow scripts to determine if changes would
-happen if `push` was used. For example, one might want to run `dnscontrol
-preview --expect-no-changes` daily to determine if changes have been made to
-a domain outside of DNSControl.
-
-`--no-populate` -- Do not auto-create non-existing zones at the provider.
-Normally non-existent zones are automatically created at a provider (unless the
-provider does not implement zone creation). This flag disables that feature.
-
-`--full` -- Add headings, providers names, notifications of no changes, etc. to
-the output.  Normally the output of `preview`/`push` is extremely brief. This
-makes the output more verbose. Useful for debugging.
-
-`--bindserial value` -- Force BIND serial numbers to this value. Normally the
-BIND provider generates SOA serial numbers automatically. This flag forces the
-serial number generator to output the value specified for all domains.  This is
-generally used for reproducibility in testing pipelines.
-
-`--report name` -- (`push` only!)  Generate a machine-parseable report of
-performed corrections in the file named `name`.  If no name is specified, no
-report is generated.
-
-## Experimental
+* `--creds name`
+  * Specifies the name of the credentials file, normally `creds.json`.
+    Typically the file is read. If the executable bit is set, the file is
+    executed and the output is used as the configuration. See
+    [creds.json][creds-json.md] for details.
+
+* `--providers name,name2`
+  * Specifies a comma-separated list of providers to
+    enable. The default is all providers. A provider can opt out of being in the
+    default list by `"_exclude_from_defaults": "true"` to the credentials entry for
+    that provider. In that case, the provider will only be activated if it is
+    included in `--providers`.
+
+* `--domains value`
+  * Specifies a comma-separated list of domains to include.
+    Typically all domains are included in `preview`/`push`. Wildcards are not
+    permitted except `*` at the start of the entry. For example, `--domains
+    example.com,*.in-addr.arpa` would include `example.com` plus all reverse lookup
+    domains.
+
+* `--v foo=bar`
+  * Sets the variable `foo` to the value `bar` prior to
+    interpreting the configuration file. Multiple `-v` options can be used.
+
+* `--notify`
+  * Enables sending notifications to the destinations configured in `creds.json`.
+
+* `--dev`
+  * Developer mode. Normally `helpers.js` is embedded in the dnscontrol
+    executable. With this flag, the local file `helpers.js` is read instead.
+
+* `--expect-no-changes`
+  * If set, a non-zero exit code is returned if there are
+    changes. Normally DNSControl sets the exit code based on whether or not there
+    were protocol errors or other reasons the program can not continue. With this
+    flag set, the exit code indicates if any changes were required. This is
+    typically used with `preview` to allow scripts to determine if changes would
+    happen if `push` was used. For example, one might want to run `dnscontrol
+    preview --expect-no-changes` daily to determine if changes have been made to
+    a domain outside of DNSControl.
+
+* `--no-populate`
+  * Do not auto-create non-existing zones at the provider.
+    Normally non-existent zones are automatically created at a provider (unless the
+    provider does not implement zone creation). This flag disables that feature.
+
+* `--full`
+  * Add headings, providers names, notifications of no changes, etc. to
+    the output. Normally the output of `preview`/`push` is extremely brief. This
+    makes the output more verbose. Useful for debugging.
+
+* `--bindserial value`
+  * Force BIND serial numbers to this value. Normally the
+    BIND provider generates SOA serial numbers automatically. This flag forces the
+    serial number generator to output the value specified for all domains. This is
+    generally used for reproducibility in testing pipelines.
+
+* `--report name`
+  * (`push` only!)  Generate a machine-parseable report of
+    performed corrections in the file named `name`. If no name is specified, no
+    report is generated.
+
+## ppreview/ppush
+
+{% hint style="info" %}
+Starting in v4.9
+{% endhint %}
 
 The `ppreview`/`ppush` subcommands are a preview of a future feature where zone
-data is gathered concurrently.  The commands will go away when
+data is gathered concurrently. The commands will go away when
 they replace the existing `preview`/`push` commands.
 
-`--cmode value` -- Concurrency mode.  Specifies what kind of providers should be run concurrently. This flag onl
-
-* `default` -- Providers are run sequentially or concurrently depending on whether the provider is marked as having been tested to run concurrently.
-* `none` -- All providers are run sequentially. This is the safest mode. It can be used if a concurrency bug is discovered.
-* `all` -- This is unsafe. It runs all providers concurrently, even the ones that have not be validated to run concurrently. It is generally only used for demonstrating bugs.
+* `--cmode value`
+  * Concurrency mode. Specifies what kind of providers should be run concurrently.
+    * `default` -- Providers are run sequentially or concurrently depending on whether the provider is marked as having been tested to run concurrently.
+    * `none` -- All providers are run sequentially. This is the safest mode. It can be used if a concurrency bug is discovered.
+    * `all` -- This is unsafe. It runs all providers concurrently, even the ones that have not be validated to run concurrently. It is generally only used for demonstrating bugs.

From 42125b5248bad9d580c7c8e1540938c07bb87075 Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Wed, 3 Apr 2024 02:28:57 +0800
Subject: [PATCH 222/438] NEW RECORD TYPE: DNAME (#2893)

---
 build/generate/featureMatrix.go         |   6 ++
 commands/types/dnscontrol.d.ts          |  15 ++++
 documentation/SUMMARY.md                |   1 +
 documentation/functions/domain/DNAME.md |  23 ++++++
 documentation/providers.md              | 104 ++++++++++++------------
 integrationTest/integration_test.go     |  11 +++
 models/dnsrr.go                         |   2 +
 models/domain.go                        |   2 +-
 models/record.go                        |   6 +-
 models/t_parse.go                       |   4 +
 pkg/js/helpers.js                       |   3 +
 pkg/js/parse_tests/047-DNAME.js         |   3 +
 pkg/js/parse_tests/047-DNAME.json       |  18 ++++
 pkg/normalize/validate.go               |   4 +
 pkg/prettyzone/prettyzone_test.go       |   2 +
 providers/bind/bindProvider.go          |   1 +
 providers/capabilities.go               |   3 +
 providers/capability_string.go          |  31 +++----
 providers/cloudns/cloudnsProvider.go    |   5 +-
 19 files changed, 172 insertions(+), 72 deletions(-)
 create mode 100644 documentation/functions/domain/DNAME.md
 create mode 100644 pkg/js/parse_tests/047-DNAME.js
 create mode 100644 pkg/js/parse_tests/047-DNAME.json

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index ed83c375ce..730fe7a44c 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -89,6 +89,7 @@ func matrixData() *FeatureMatrix {
 		DomainModifierTlsa   = "[`TLSA`](functions/domain/TLSA.md)"
 		DomainModifierDs     = "[`DS`](functions/domain/DS.md)"
 		DomainModifierDhcid  = "[`DHCID`](functions/domain/DHCID.md)"
+		DomainModifierDname  = "[`DNAME`](functions/domain/DNAME.md)"
 		DualHost             = "dual host"
 		CreateDomains        = "create-domains"
 		GetZones             = "get-zones"
@@ -113,6 +114,7 @@ func matrixData() *FeatureMatrix {
 			DomainModifierTlsa,
 			DomainModifierDs,
 			DomainModifierDhcid,
+			DomainModifierDname,
 			DualHost,
 			CreateDomains,
 			//NoPurge,
@@ -191,6 +193,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierDhcid,
 			providers.CanUseDHCID,
 		)
+		setCapability(
+			DomainModifierDname,
+			providers.CanUseDNAME,
+		)
 		setCapability(
 			DomainModifierDs,
 			providers.CanUseDS,
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 2da2d9594e..80b2519d2d 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -820,6 +820,21 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  */
 declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy: 'none' | 'quarantine' | 'reject'; subdomainPolicy?: 'none' | 'quarantine' | 'reject'; alignmentSPF?: 'strict' | 's' | 'relaxed' | 'r'; alignmentDKIM?: 'strict' | 's' | 'relaxed' | 'r'; percent?: number; rua?: string[]; ruf?: string[]; failureOptions?: { SPF: boolean, DKIM: boolean } | string; failureFormat?: string; reportInterval?: Duration; ttl?: Duration }): DomainModifier;
 
+/**
+ * DNAME adds a DNAME record to the domain.
+ *
+ * Target should be a string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DNAME("sub", "example.net.")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dname
+ */
+declare function DNAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
  * a domain's zones are managed elsewhere. That is, it permits you easily delegate
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 8202c7b661..43af1509e8 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -37,6 +37,7 @@
     * [CAA_BUILDER](functions/domain/CAA_BUILDER.md)
     * [CNAME](functions/domain/CNAME.md)
     * [DHCID](functions/domain/DHCID.md)
+    * [DNAME](functions/domain/DNAME.md)
     * [DISABLE_IGNORE_SAFETY_CHECK](functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md)
     * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
     * [DS](functions/domain/DS.md)
diff --git a/documentation/functions/domain/DNAME.md b/documentation/functions/domain/DNAME.md
new file mode 100644
index 0000000000..3d02fcf6b2
--- /dev/null
+++ b/documentation/functions/domain/DNAME.md
@@ -0,0 +1,23 @@
+---
+name: DNAME
+parameters:
+  - name
+  - target
+  - modifiers...
+parameter_types:
+  name: string
+  target: string
+  "modifiers...": RecordModifier[]
+---
+
+DNAME adds a DNAME record to the domain.
+
+Target should be a string.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DNAME("sub", "example.net.")
+);
+```
+{% endcode %}
diff --git a/documentation/providers.md b/documentation/providers.md
index 7abd41e16a..72c99e725b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,58 +12,58 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | dual host | create-domains | get-zones |
-| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
-| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
-| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ❌ | ✅ |
-| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ✅ | ✅ | ✅ |
-| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❌ | ✅ |
-| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | [`DNAME`](functions/domain/DNAME.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
+| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 5acba293c5..54389591af 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -512,6 +512,10 @@ func dhcid(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "DHCID")
 }
 
+func dname(name, target string) *models.RecordConfig {
+	return makeRec(name, target, "DNAME")
+}
+
 func ds(name string, keyTag uint16, algorithm, digestType uint8, digest string) *models.RecordConfig {
 	r := makeRec(name, "", "DS")
 	r.SetTargetDS(keyTag, algorithm, digestType, digest)
@@ -1601,6 +1605,13 @@ func makeTests() []*TestGroup {
 			tc("Modify DHCID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 		),
 
+		testgroup("DNAME",
+			requires(providers.CanUseDNAME),
+			tc("Create DNAME record", dname("test", "example.com.")),
+			tc("Modify DNAME record", dname("test", "example.net.")),
+			tc("Create DNAME record in non-FQDN", dname("a", "b")),
+		),
+
 		//// Vendor-specific record types
 
 		// Narrative: DNSControl supports DNS records that don't exist!
diff --git a/models/dnsrr.go b/models/dnsrr.go
index 3ce6543d3a..e142fad08a 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -48,6 +48,8 @@ func helperRRtoRC(rr dns.RR, origin string, fixBug bool) (RecordConfig, error) {
 		err = rc.SetTarget(v.Target)
 	case *dns.DHCID:
 		err = rc.SetTarget(v.Digest)
+	case *dns.DNAME:
+		err = rc.SetTarget(v.Target)
 	case *dns.DS:
 		err = rc.SetTargetDS(v.KeyTag, v.Algorithm, v.DigestType, v.Digest)
 	case *dns.LOC:
diff --git a/models/domain.go b/models/domain.go
index 8666be9248..4a8fb4f4b2 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -132,7 +132,7 @@ func (dc *DomainConfig) Punycode() error {
 
 		// Set the target:
 		switch rec.Type { // #rtype_variations
-		case "ALIAS", "MX", "NS", "CNAME", "PTR", "SRV", "URL", "URL301", "FRAME", "R53_ALIAS", "NS1_URLFWD", "AKAMAICDN", "CLOUDNS_WR":
+		case "ALIAS", "MX", "NS", "CNAME", "DNAME", "PTR", "SRV", "URL", "URL301", "FRAME", "R53_ALIAS", "NS1_URLFWD", "AKAMAICDN", "CLOUDNS_WR":
 			// These rtypes are hostnames, therefore need to be converted (unlike, for example, an AAAA record)
 			t, err := idna.ToASCII(rec.GetTargetField())
 			if err != nil {
diff --git a/models/record.go b/models/record.go
index 1c91a82f5c..47809f001e 100644
--- a/models/record.go
+++ b/models/record.go
@@ -361,6 +361,8 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.CNAME).Target = rc.GetTargetField()
 	case dns.TypeDHCID:
 		rr.(*dns.DHCID).Digest = rc.GetTargetField()
+	case dns.TypeDNAME:
+		rr.(*dns.DNAME).Target = rc.GetTargetField()
 	case dns.TypeDS:
 		rr.(*dns.DS).Algorithm = rc.DsAlgorithm
 		rr.(*dns.DS).DigestType = rc.DsDigestType
@@ -537,7 +539,7 @@ func Downcase(recs []*RecordConfig) {
 		r.Name = strings.ToLower(r.Name)
 		r.NameFQDN = strings.ToLower(r.NameFQDN)
 		switch r.Type { // #rtype_variations
-		case "AKAMAICDN", "ALIAS", "AAAA", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
+		case "AKAMAICDN", "ALIAS", "AAAA", "ANAME", "CNAME", "DNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
 			// Target is case insensitive. Downcase it.
 			r.target = strings.ToLower(r.target)
 			// BUGFIX(tlim): isn't ALIAS in the wrong case statement?
@@ -562,7 +564,7 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 
 	for _, r := range recs {
 		switch r.Type { // #rtype_variations
-		case "ALIAS", "ANAME", "CNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
+		case "ALIAS", "ANAME", "CNAME", "DNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
 		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
diff --git a/models/t_parse.go b/models/t_parse.go
index 22f99fe064..a0aa4f3741 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -80,6 +80,8 @@ func (rc *RecordConfig) PopulateFromStringFunc(rtype, contents, origin string, t
 		return rc.SetTargetDSString(contents)
 	case "DHCID":
 		return rc.SetTarget(contents)
+	case "DNAME":
+		return rc.SetTarget(contents)
 	case "LOC":
 		return rc.SetTargetLOCString(origin, contents)
 	case "MX":
@@ -164,6 +166,8 @@ func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error
 		return rc.SetTargetDSString(contents)
 	case "DHCID":
 		return rc.SetTarget(contents)
+	case "DNAME":
+		return rc.SetTarget(contents)
 	case "LOC":
 		return rc.SetTargetLOCString(origin, contents)
 	case "MX":
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 05dcef9eec..c4b8ed2d25 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -427,6 +427,9 @@ var DS = recordBuilder('DS', {
 // DHCID(name,target, recordModifiers...)
 var DHCID = recordBuilder('DHCID');
 
+// DNAME(name,target, recordModifiers...)
+var DNAME = recordBuilder('DNAME');
+
 // PTR(name,target, recordModifiers...)
 var PTR = recordBuilder('PTR');
 
diff --git a/pkg/js/parse_tests/047-DNAME.js b/pkg/js/parse_tests/047-DNAME.js
new file mode 100644
index 0000000000..d7d3841908
--- /dev/null
+++ b/pkg/js/parse_tests/047-DNAME.js
@@ -0,0 +1,3 @@
+D("foo.com","none",
+    DNAME("@", "bar.com.")
+);
diff --git a/pkg/js/parse_tests/047-DNAME.json b/pkg/js/parse_tests/047-DNAME.json
new file mode 100644
index 0000000000..4e58bf294d
--- /dev/null
+++ b/pkg/js/parse_tests/047-DNAME.json
@@ -0,0 +1,18 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "DNAME",
+          "name": "@",
+          "target": "bar.com."
+        }
+      ]
+    }
+  ]
+}
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 1a7f735afe..6cc9cf7bd7 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -60,6 +60,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"CAA":              true,
 		"CNAME":            true,
 		"DHCID":            true,
+		"DNAME":            true,
 		"DS":               true,
 		"IMPORT_TRANSFORM": false,
 		"LOC":              true,
@@ -194,6 +195,8 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		if labelFQDN == targetFQDN {
 			check(fmt.Errorf("CNAME loop (target points at itself)"))
 		}
+	case "DNAME":
+		check(checkTarget(target))
 	case "LOC":
 	case "MX":
 		check(checkTarget(target))
@@ -679,6 +682,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("AZURE_ALIAS", providers.CanUseAzureAlias),
 	capabilityCheck("CAA", providers.CanUseCAA),
 	capabilityCheck("DHCID", providers.CanUseDHCID),
+	capabilityCheck("DNAME", providers.CanUseDNAME),
 	capabilityCheck("LOC", providers.CanUseLOC),
 	capabilityCheck("NAPTR", providers.CanUseNAPTR),
 	capabilityCheck("PTR", providers.CanUsePTR),
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 8c83fc7d22..2973570dc4 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -338,6 +338,7 @@ func TestWriteZoneFileEach(t *testing.T) {
 	d = append(d, mustNewRR(`sub.bosun.org.       300 IN NS    bosun.org.`))    // Must be a label with no other records.
 	d = append(d, mustNewRR(`x.bosun.org.         300 IN CNAME bosun.org.`))    // Must be a label with no other records.
 	d = append(d, mustNewRR(`bosun.org.           300 IN DHCID   AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=`))
+	d = append(d, mustNewRR(`dname.bosun.org.     300 IN DNAME   example.com.`))
 	buf := &bytes.Buffer{}
 	writeZoneFileRR(buf, d, "bosun.org")
 	if buf.String() != testdataZFEach {
@@ -360,6 +361,7 @@ var testdataZFEach = `$TTL 300
 _443._tcp        IN TLSA  3 1 1 abcdef0
 sub              IN NS    bosun.org.
 x                IN CNAME bosun.org.
+dname            IN DNAME example.com.
 `
 
 func TestWriteZoneFileSynth(t *testing.T) {
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index d4bc591dc1..763c58d4d8 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -37,6 +37,7 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
+	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 6691c5699d..a15fcba16d 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -43,6 +43,9 @@ const (
 	// CanUseDHCID indicates the provider can handle DHCID records
 	CanUseDHCID
 
+	// CanUseDNAME indicates the provider can handle DNAME records
+	CanUseDNAME
+
 	// CanUseDS indicates that the provider can handle DS record types. This
 	// implies CanUseDSForChildren without specifying the latter explicitly.
 	CanUseDS
diff --git a/providers/capability_string.go b/providers/capability_string.go
index d14c8ae87e..6e458e6258 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -16,24 +16,25 @@ func _() {
 	_ = x[CanUseAzureAlias-5]
 	_ = x[CanUseCAA-6]
 	_ = x[CanUseDHCID-7]
-	_ = x[CanUseDS-8]
-	_ = x[CanUseDSForChildren-9]
-	_ = x[CanUseLOC-10]
-	_ = x[CanUseNAPTR-11]
-	_ = x[CanUsePTR-12]
-	_ = x[CanUseRoute53Alias-13]
-	_ = x[CanUseSOA-14]
-	_ = x[CanUseSRV-15]
-	_ = x[CanUseSSHFP-16]
-	_ = x[CanUseTLSA-17]
-	_ = x[DocCreateDomains-18]
-	_ = x[DocDualHost-19]
-	_ = x[DocOfficiallySupported-20]
+	_ = x[CanUseDNAME-8]
+	_ = x[CanUseDS-9]
+	_ = x[CanUseDSForChildren-10]
+	_ = x[CanUseLOC-11]
+	_ = x[CanUseNAPTR-12]
+	_ = x[CanUsePTR-13]
+	_ = x[CanUseRoute53Alias-14]
+	_ = x[CanUseSOA-15]
+	_ = x[CanUseSRV-16]
+	_ = x[CanUseSSHFP-17]
+	_ = x[CanUseTLSA-18]
+	_ = x[DocCreateDomains-19]
+	_ = x[DocDualHost-20]
+	_ = x[DocOfficiallySupported-21]
 }
 
-const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDNAMECanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 103, 122, 131, 142, 151, 169, 178, 187, 198, 208, 224, 235, 257}
+var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 106, 114, 133, 142, 153, 162, 180, 189, 198, 209, 219, 235, 246, 268}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 7bd9135425..2e71a3ec37 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -44,6 +44,7 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Can(),
@@ -268,7 +269,7 @@ func toRc(domain string, r *domainRecord) *models.RecordConfig {
 	switch rtype := r.Type; rtype { // #rtype_variations
 	case "TXT":
 		rc.SetTargetTXT(r.Target)
-	case "CNAME", "MX", "NS", "SRV", "ALIAS", "PTR":
+	case "CNAME", "DNAME", "MX", "NS", "SRV", "ALIAS", "PTR":
 		rc.SetTarget(dnsutil.AddOrigin(r.Target+".", domain))
 	case "CAA":
 		caaFlag, _ := strconv.ParseUint(r.CaaFlag, 10, 8)
@@ -323,7 +324,7 @@ func toReq(rc *models.RecordConfig) (requestParams, error) {
 	}
 
 	switch rc.Type { // #rtype_variations
-	case "A", "AAAA", "NS", "PTR", "TXT", "SOA", "ALIAS", "CNAME", "WR":
+	case "A", "AAAA", "NS", "PTR", "TXT", "SOA", "ALIAS", "CNAME", "WR", "DNAME":
 		// Nothing special.
 	case "CLOUDNS_WR":
 		req["record-type"] = "WR"

From 68a00bbc2bdba88b1f407cd0a44c0f884fdd2195 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Apr 2024 15:45:00 -0400
Subject: [PATCH 223/438] DEV: Fix broken DNAME test (#2903)

---
 pkg/prettyzone/prettyzone_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 2973570dc4..c3283e29c5 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -359,9 +359,9 @@ var testdataZFEach = `$TTL 300
                  IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
 4.5              IN PTR   y.bosun.org.
 _443._tcp        IN TLSA  3 1 1 abcdef0
+dname            IN DNAME example.com.
 sub              IN NS    bosun.org.
 x                IN CNAME bosun.org.
-dname            IN DNAME example.com.
 `
 
 func TestWriteZoneFileSynth(t *testing.T) {

From 4f23b2aff5e867c22adba2c9593db64564ca0e3d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Apr 2024 16:16:39 -0400
Subject: [PATCH 224/438] DOCS: Warn that get-certs will be removed without
 notice (#2902)

---
 .goreleaser.yml            | 2 +-
 README.md                  | 2 +-
 commands/getCerts.go       | 2 ++
 documentation/get-certs.md | 7 +++++--
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index abec1e0931..7d2419ce04 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -161,7 +161,7 @@ release:
     > [!WARNING]
     > - **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
     > - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
-    > - **ACME/Let's Encrypt support is frozen and will be removed without notice between now and April 2025.**  It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+    > - **get-certs/ACME support is frozen and will be removed without notice between now and July 2025.** It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
     ## Install
 
diff --git a/README.md b/README.md
index 4992f9e9ae..73e8327ee1 100644
--- a/README.md
+++ b/README.md
@@ -162,7 +162,7 @@ See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/i
 
 - **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
 - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
-- **ACME/Let's Encrypt support is frozen and will be removed without notice between now and April 2025.**  It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+- **get-certs/ACME support is frozen and will be removed without notice between now and July 2025.** It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
 ## More info at our website
 
diff --git a/commands/getCerts.go b/commands/getCerts.go
index 16bd4420be..2e63b14790 100644
--- a/commands/getCerts.go
+++ b/commands/getCerts.go
@@ -24,6 +24,8 @@ var _ = cmd(catUtils, func() *cli.Command {
 			return exit(GetCerts(args))
 		},
 		Flags: args.flags(),
+
+		Hidden: true,
 	}
 }())
 
diff --git a/documentation/get-certs.md b/documentation/get-certs.md
index 774b574b88..f6696cb287 100644
--- a/documentation/get-certs.md
+++ b/documentation/get-certs.md
@@ -1,8 +1,11 @@
 # *Let's Encrypt* Certificate generation
 
 {% hint style="warning" %}
-**WARNING**: This feature
-is frozen and will be removed in early 2023. The "get-certs" command (renews certs via Let's Encrypt) has no maintainer. There are other projects that do a better job. If you don't use this feature, please do not start. If you do use this feature, please plan on migrating to something else. See discussion in [#1400](https://github.com/StackExchange/dnscontrol/issues/1400)
+**WARNING**: This feature is frozen and will be removed without notice between now and July 2025.
+It has been unsupported since December 2022.
+This feature has no maintainer. There are other projects that do a better job. 
+If you do use this feature, please migrate to something else ASAP.
+See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 {% endhint %}
 
 DNSControl will generate/renew Let's Encrypt certificates using DNS

From f9cff3d5e65bb6e0dd5f8aa5141dce3b80aebb7d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Apr 2024 17:03:30 -0400
Subject: [PATCH 225/438] TEST GCORE: add DNSSEC support (#2904)

Co-authored-by: Lan Tian <xuyh0120@outlook.com>
---
 documentation/providers.md       |  2 +-
 providers/gcore/gcoreExtend.go   | 34 ++++++++++++++++++++++++++++++++
 providers/gcore/gcoreProvider.go | 27 ++++++++++++++++++++++++-
 3 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 72c99e725b..b3ef72fff8 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -35,7 +35,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
diff --git a/providers/gcore/gcoreExtend.go b/providers/gcore/gcoreExtend.go
index a07cb65774..1cd4a4e3ee 100644
--- a/providers/gcore/gcoreExtend.go
+++ b/providers/gcore/gcoreExtend.go
@@ -13,6 +13,14 @@ import (
 	dnssdk "github.com/G-Core/gcore-dns-sdk-go"
 )
 
+type gcoreZone struct {
+	DNSSECEnabled bool `json:"dnssec_enabled"`
+}
+
+type gcoreDNSSECRequest struct {
+	Enabled bool `json:"enabled"`
+}
+
 type gcoreRRSets struct {
 	RRSets []gcoreRRSetExtended `json:"rrsets"`
 }
@@ -103,3 +111,29 @@ func (c *gcoreProvider) dnssdkRRSets(domain string) (gcoreRRSets, error) {
 
 	return result, nil
 }
+
+func (c *gcoreProvider) dnssdkGetDNSSEC(domain string) (bool, error) {
+	var result gcoreZone
+	url := fmt.Sprintf("/v2/zones/%s", domain)
+
+	err := dnssdkDo(c.ctx, c.provider, c.apiKey, http.MethodGet, url, nil, &result)
+	if err != nil {
+		return false, err
+	}
+
+	return result.DNSSECEnabled, nil
+}
+
+func (c *gcoreProvider) dnssdkSetDNSSEC(domain string, enabled bool) error {
+	var request gcoreDNSSECRequest
+	request.Enabled = enabled
+
+	url := fmt.Sprintf("/v2/zones/%s/dnssec", domain)
+
+	err := dnssdkDo(c.ctx, c.provider, c.apiKey, http.MethodPatch, url, request, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index dcc223e10d..9ea285558b 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -43,7 +43,7 @@ func NewGCore(m map[string]string, metadata json.RawMessage) (providers.DNSServi
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
-	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
@@ -189,6 +189,31 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 		}
 	}
 
+	dnssecEnabled, err := c.dnssdkGetDNSSEC(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	if !dnssecEnabled && dc.AutoDNSSEC == "on" {
+		// Copy all params to avoid overwrites
+		zone := dc.Name
+		corrections = append(corrections, &models.Correction{
+			Msg: "Enable DNSSEC",
+			F: func() error {
+				return c.dnssdkSetDNSSEC(zone, true)
+			},
+		})
+	} else if dnssecEnabled && dc.AutoDNSSEC == "off" {
+		// Copy all params to avoid overwrites
+		zone := dc.Name
+		corrections = append(corrections, &models.Correction{
+			Msg: "Disable DNSSEC",
+			F: func() error {
+				return c.dnssdkSetDNSSEC(zone, false)
+			},
+		})
+	}
+
 	result := append(reports, deletions...)
 	result = append(result, corrections...)
 	return result, nil

From 1d96981e117e23419b04d5a15d3aa7da733d51ce Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 3 Apr 2024 16:01:55 -0400
Subject: [PATCH 226/438] NEW FEATURE: Add RFC4183 support to REV() (#2879)

Co-authored-by: Thomas Misilo <tmisilo@ksu.edu>
Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 .goreleaser.yml                             |   3 +-
 README.md                                   |   3 +-
 commands/ppreviewPush.go                    |   2 +
 commands/previewPush.go                     |   2 +
 commands/printIR.go                         |   2 +
 commands/types/dnscontrol.d.ts              | 136 ++++++++++++++++----
 documentation/SUMMARY.md                    |   1 +
 documentation/functions/domain/PTR.md       |  34 ++++-
 documentation/functions/global/REV.md       |  73 +++++++----
 documentation/functions/global/REVCOMPAT.md |  47 +++++++
 documentation/opinions.md                   |  28 +++-
 pkg/js/js.go                                |  15 +++
 pkg/rfc4183/ipv6.go                         |  26 ++++
 pkg/rfc4183/mode.go                         |  47 +++++++
 pkg/rfc4183/reverse.go                      |  79 ++++++++++++
 pkg/rfc4183/reverse_test.go                 | 125 ++++++++++++++++++
 pkg/transform/arpa.go                       | 125 +++++-------------
 pkg/transform/arpa_test.go                  |   4 +
 18 files changed, 604 insertions(+), 148 deletions(-)
 create mode 100644 documentation/functions/global/REVCOMPAT.md
 create mode 100644 pkg/rfc4183/ipv6.go
 create mode 100644 pkg/rfc4183/mode.go
 create mode 100644 pkg/rfc4183/reverse.go
 create mode 100644 pkg/rfc4183/reverse_test.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 7d2419ce04..5db6fa997b 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -159,8 +159,9 @@ release:
     ## Deprecation warnings
 
     > [!WARNING]
+    > - **REV() will switch from RFC2317 to RFC4183 in v5.0.**  This is a breaking change. Warnings are output if your configuration is affected. No date has been announced for v5.0. See https://docs.dnscontrol.org/language-reference/top-level-functions/revcompat
     > - **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
-    > - **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
+    > - **NAMEDOTCOM and SOFTLAYER need maintainers!** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
     > - **get-certs/ACME support is frozen and will be removed without notice between now and July 2025.** It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
     ## Install
diff --git a/README.md b/README.md
index 73e8327ee1..f2ea460562 100644
--- a/README.md
+++ b/README.md
@@ -160,8 +160,9 @@ See [dnscontrol-action](https://github.com/koenrh/dnscontrol-action) or [gacts/i
 
 ## Deprecation warnings (updated 2024-03-25)
 
+- **REV() will switch from RFC2317 to RFC4183 in v5.0.**  This is a breaking change. Warnings are output if your configuration is affected. No date has been announced for v5.0. See https://docs.dnscontrol.org/language-reference/top-level-functions/revcompat
 - **MSDNS maintainer needed!** Without a new volunteer, this DNS provider will lose support after April 2025. See https://github.com/StackExchange/dnscontrol/issues/2878
-- **Call for new volunteer maintainers for NAMEDOTCOM and SOFTLAYER.** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
+- **NAMEDOTCOM and SOFTLAYER need maintainers!** These providers have no maintainer. Maintainers respond to PRs and fix bugs in a timely manner, and try to stay on top of protocol changes.
 - **get-certs/ACME support is frozen and will be removed without notice between now and July 2025.** It has been unsupported since December 2022.  If you don't use this feature, do not start. If you do use this feature, migrate ASAP.  See discussion in [issues/1400](https://github.com/StackExchange/dnscontrol/issues/1400)
 
 ## More info at our website
diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index f04bee6d1a..a92e1f2133 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -15,6 +15,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
 	"github.com/StackExchange/dnscontrol/v4/pkg/notifications"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 	"github.com/StackExchange/dnscontrol/v4/pkg/zonerecs"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/urfave/cli/v2"
@@ -257,6 +258,7 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 	if os.Getenv("TEAMCITY_VERSION") != "" {
 		fmt.Fprintf(os.Stderr, "##teamcity[buildStatus status='SUCCESS' text='%d corrections']", totalCorrections)
 	}
+	rfc4183.PrintWarning()
 	notifier.Done()
 	out.Printf("Done. %d corrections.\n", totalCorrections)
 	err = writeReport(report, reportItems)
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 8872c1eb1a..528fe4307a 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -16,6 +16,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
 	"github.com/StackExchange/dnscontrol/v4/pkg/notifications"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 	"github.com/StackExchange/dnscontrol/v4/pkg/zonerecs"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/urfave/cli/v2"
@@ -293,6 +294,7 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 	if os.Getenv("TEAMCITY_VERSION") != "" {
 		fmt.Fprintf(os.Stderr, "##teamcity[buildStatus status='SUCCESS' text='%d corrections']", totalCorrections)
 	}
+	rfc4183.PrintWarning()
 	notifier.Done()
 	out.Printf("Done. %d corrections.\n", totalCorrections)
 	if anyErrors {
diff --git a/commands/printIR.go b/commands/printIR.go
index 82dc48efdf..fce7530a87 100644
--- a/commands/printIR.go
+++ b/commands/printIR.go
@@ -10,6 +10,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/js"
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 	"github.com/urfave/cli/v2"
 )
 
@@ -58,6 +59,7 @@ var _ = cmd(catDebug, func() *cli.Command {
 			log.SetOutput(os.Stdout)
 
 			err := exit(PrintIR(pargs))
+			rfc4183.PrintWarning()
 			if err == nil {
 				fmt.Fprintf(os.Stdout, "No errors.\n")
 			}
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 80b2519d2d..e8ed36bbd4 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2214,7 +2214,7 @@ declare function PANIC(message: string): never;
  *
  * Target should be a string representing the FQDN of a host.  Like all FQDNs in DNSControl, it must end with a `.`.
  *
- * **Magic Mode:**
+ * # Magic Mode
  *
  * PTR records are complex and typos are common. Therefore DNSControl
  * enables features to save labor and
@@ -2282,9 +2282,33 @@ declare function PANIC(message: string): never;
  * );
  * ```
  *
- * In the future we plan on adding a flag to [`A()`](A.md) which will insert
- * the correct PTR() record if the appropriate `.arpa` domain has been
- * defined.
+ * # Automatic forward and reverse lookups
+ *
+ * DNSControl does not automatically generate forward and reverse lookups. However
+ * it is possible to write a macro that does this by using the
+ * [`D_EXTEND()`](../global/D_EXTEND.md)
+ * function to insert `A` and `PTR` records into previously-defined domains.
+ *
+ * ```javascript
+ * function FORWARD_AND_REVERSE(ipaddr, fqdn) {
+ *     D_EXTEND(dom,
+ *         A(fqdn, ipaddr)
+ *     );
+ *     D_EXTEND(REV(ipaddr),
+ *         PTR(ipaddr, fqdn)
+ *     );
+ * }
+ *
+ * D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
+ *     ...,
+ *     END);
+ * D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
+ *     ...,
+ *     END);
+ *
+ * FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
+ * FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
+ * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ptr
  */
@@ -2395,53 +2419,115 @@ declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
  * `REV` returns the reverse lookup domain for an IP network. For
  * example `REV("1.2.3.0/24")` returns `3.2.1.in-addr.arpa.` and
  * `REV("2001:db8:302::/48")` returns `2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.`.
- * This is used in [`D()`](D.md) functions to create reverse DNS lookup zones.
  *
- * This is a convenience function. You could specify `D("3.2.1.in-addr.arpa",
- * ...` if you like to do things manually but why would you risk making
- * typos?
+ * `REV()` is commonly used with the [`D()`](D.md) functions to create reverse DNS lookup zones.
  *
- * `REV` complies with RFC2317, "Classless in-addr.arpa delegation"
- * for netmasks of size /25 through /31.
- * While the RFC permits any format, we abide by the recommended format:
- * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
- * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
- * and A, B, C are the first 3 octets of the IP address. For example
- * `172.20.18.130/27` is located in a zone named
- * `128/27.18.20.172.in-addr.arpa`
+ * These two are equivalent:
+ *
+ * ```javascript
+ * D("3.2.1.in-addr.arpa", ...
+ * ```
+ *
+ * ```javascript
+ * D(REV("1.2.3.0/24", ...
+ * ```
+ *
+ * The latter is easier to type and less error-prone.
  *
- * If the address does not include a "/" then `REV` assumes /32 for IPv4 addresses
+ * If the address does not include a "/" then `REV()` assumes /32 for IPv4 addresses
  * and /128 for IPv6 addresses.
  *
- * Note that the lower bits (the ones outside the netmask) must be zeros. They are not
- * zeroed out automatically. Thus, `REV("1.2.3.4/24")` is an error.  This is done
- * to catch typos.
+ * # RFC compliance
+ *
+ * `REV()` implements both RFC 2317 and the newer RFC 4183. The `REVCOMPAT()`
+ * function selects which mode is used. If `REVCOMPAT()` is not called, a default
+ * is selected for you.  The default will change to RFC 4183 in DNSControl v5.0.
+ *
+ * See [`REVCOMPAT()`](REVCOMPAT.md) for details.
+ *
+ * # Host bits
+ *
+ * v4.x:
+ * The host bits (the ones outside the netmask) must be zeros. They are not zeroed
+ * out automatically. Thus, `REV("1.2.3.4/24")` is an error.
+ *
+ * v5.0 and later:
+ * The host bits (the ones outside the netmask) are ignored.  Thus
+ * `REV("1.2.3.4/24")` and `REV("1.2.3.0/24")` are equivalent.
+ *
+ * # Examples
+ *
+ * Here's an example reverse lookup domain:
  *
  * ```javascript
  * D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
  *   PTR("1", "foo.example.com."),
  *   PTR("2", "bar.example.com."),
  *   PTR("3", "baz.example.com."),
- *   // These take advantage of DNSControl's ability to generate the right name:
+ *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("1.2.3.10", "ten.example.com."),
  * );
  *
  * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
  *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
- *   // These take advantage of DNSControl's ability to generate the right name:
+ *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
  *   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
  * );
  * ```
  *
- * In the future we plan on adding a flag to [`A()`](../domain/A.md)which will insert
- * the correct PTR() record in the appropriate `D(REV())` domain (i.e. `.arpa` domain) has been
- * defined.
+ * # Automatic forward and reverse record generation
+ *
+ * DNSControl does not automatically generate forward and reverse lookups. However
+ * it is possible to write a macro that does this.  See
+ * [`PTR()`](../domain/PTR.md)   for an example.
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/rev
  */
 declare function REV(address: string): string;
 
+/**
+ * `REVCOMPAT()` controls which RFC the [`REV()`](REV.md) function adheres to.
+ *
+ * Include one of these two commands near the top `dnsconfig.js` (at the global level):
+ *
+ * ```javascript
+ * REVCOMPAT("rfc2317");  // RFC 2117: Compatible with old files.
+ * REVCOMPAT("rfc4183");  // RFC 4183: Adopt the newer standard.
+ * ```
+ *
+ * `REVCOMPAT()` is global for all of `dnsconfig.js`. It must appear before any
+ * use of `REV()`; If not, behavior is undefined.
+ *
+ * # RFC 4183 vs RFC 2317
+ *
+ * RFC 2317 and RFC 4183 are two different ways to implement reverse lookups for
+ * CIDR blocks that are not on 8-bit boundaries (/24, /16, /8).
+ *
+ * Originally DNSControl implemented the older standard, which only specifies what
+ * to do for /8, /16, /24 - /32.  Using `REV()` for /9-17 and /17-23 CIDRs was an
+ * error.
+ *
+ * v4 defaults to RFC 2317.  In v5.0 the default will change to RFC 4183.
+ * `REVCOMPAT()` is provided for those that wish to retain the old behavior.
+ *
+ * For more information, see [Opinion #9](../../opinions.md#opinion-9-rfc-4183-is-better-than-rfc-2317).
+ *
+ * # Transition plan
+ *
+ * What's the default behavior if `REVCOMPAT()` is not used?
+ *
+ * | Version | /9 to /15 and /17 to /23 | /25 to 32 | Warnings                   |
+ * |---------|--------------------------|-----------|----------------------------|
+ * | v4      | RFC 4183                 | RFC 2317  | Only if /25 - /32 are used |
+ * | v5      | RFC 4183                 | RFC 4183  | none                       |
+ *
+ * No warnings are generated if the `REVCOMPAT()` function is used.
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/revcompat
+ */
+declare function REVCOMPAT(rfc: string): string;
+
 /**
  * `SOA` adds an `SOA` record to a domain. The name should be `@`.  ns and mbox are strings. The other fields are unsigned 32-bit ints.
  *
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 43af1509e8..abb634f693 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -24,6 +24,7 @@
   * [NewRegistrar](functions/global/NewRegistrar.md)
   * [PANIC](functions/global/PANIC.md)
   * [REV](functions/global/REV.md)
+  * [REVCOMPAT](functions/global/REVCOMPAT.md)
   * [getConfiguredDomains](functions/global/getConfiguredDomains.md)
   * [require](functions/global/require.md)
   * [require_glob](functions/global/require_glob.md)
diff --git a/documentation/functions/domain/PTR.md b/documentation/functions/domain/PTR.md
index a0f140008a..b6c8862f3d 100644
--- a/documentation/functions/domain/PTR.md
+++ b/documentation/functions/domain/PTR.md
@@ -17,7 +17,7 @@ saving the user from having to reverse the IP address manually.
 
 Target should be a string representing the FQDN of a host.  Like all FQDNs in DNSControl, it must end with a `.`.
 
-**Magic Mode:**
+# Magic Mode
 
 PTR records are complex and typos are common. Therefore DNSControl
 enables features to save labor and
@@ -91,6 +91,32 @@ D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
 ```
 {% endcode %}
 
-In the future we plan on adding a flag to [`A()`](A.md) which will insert
-the correct PTR() record if the appropriate `.arpa` domain has been
-defined.
+# Automatic forward and reverse lookups
+
+DNSControl does not automatically generate forward and reverse lookups. However
+it is possible to write a macro that does this by using the 
+[`D_EXTEND()`](../global/D_EXTEND.md)
+function to insert `A` and `PTR` records into previously-defined domains.
+
+{% code title="dnsconfig.js" %}
+```javascript
+function FORWARD_AND_REVERSE(ipaddr, fqdn) {
+    D_EXTEND(dom,
+        A(fqdn, ipaddr)
+    );
+    D_EXTEND(REV(ipaddr),
+        PTR(ipaddr, fqdn)
+    );
+}
+
+D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
+    ...,
+    END);
+D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
+    ...,
+    END);
+
+FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
+FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
+```
+{% endcode %}
diff --git a/documentation/functions/global/REV.md b/documentation/functions/global/REV.md
index 5bc12c201a..a8a77dd44a 100644
--- a/documentation/functions/global/REV.md
+++ b/documentation/functions/global/REV.md
@@ -10,27 +10,50 @@ ts_return: string
 `REV` returns the reverse lookup domain for an IP network. For
 example `REV("1.2.3.0/24")` returns `3.2.1.in-addr.arpa.` and
 `REV("2001:db8:302::/48")` returns `2.0.3.0.8.b.d.0.1.0.0.2.ip6.arpa.`.
-This is used in [`D()`](D.md) functions to create reverse DNS lookup zones.
-
-This is a convenience function. You could specify `D("3.2.1.in-addr.arpa",
-...` if you like to do things manually but why would you risk making
-typos?
-
-`REV` complies with RFC2317, "Classless in-addr.arpa delegation"
-for netmasks of size /25 through /31.
-While the RFC permits any format, we abide by the recommended format:
-`FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
-of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
-and A, B, C are the first 3 octets of the IP address. For example
-`172.20.18.130/27` is located in a zone named
-`128/27.18.20.172.in-addr.arpa`
-
-If the address does not include a "/" then `REV` assumes /32 for IPv4 addresses
+
+`REV()` is commonly used with the [`D()`](D.md) functions to create reverse DNS lookup zones.
+
+These two are equivalent:
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("3.2.1.in-addr.arpa", ...
+```
+{% endcode %}
+
+{% code title="dnsconfig.js" %}
+```javascript
+D(REV("1.2.3.0/24", ...
+```
+{% endcode %}
+
+The latter is easier to type and less error-prone.
+
+If the address does not include a "/" then `REV()` assumes /32 for IPv4 addresses
 and /128 for IPv6 addresses.
 
-Note that the lower bits (the ones outside the netmask) must be zeros. They are not
-zeroed out automatically. Thus, `REV("1.2.3.4/24")` is an error.  This is done
-to catch typos.
+# RFC compliance
+
+`REV()` implements both RFC 2317 and the newer RFC 4183. The `REVCOMPAT()`
+function selects which mode is used. If `REVCOMPAT()` is not called, a default
+is selected for you.  The default will change to RFC 4183 in DNSControl v5.0.
+
+See [`REVCOMPAT()`](REVCOMPAT.md) for details.
+
+
+# Host bits
+
+v4.x:
+The host bits (the ones outside the netmask) must be zeros. They are not zeroed
+out automatically. Thus, `REV("1.2.3.4/24")` is an error.
+
+v5.0 and later:
+The host bits (the ones outside the netmask) are ignored.  Thus
+`REV("1.2.3.4/24")` and `REV("1.2.3.0/24")` are equivalent.
+
+# Examples
+
+Here's an example reverse lookup domain:
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -38,19 +61,21 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
   PTR("1", "foo.example.com."),
   PTR("2", "bar.example.com."),
   PTR("3", "baz.example.com."),
-  // These take advantage of DNSControl's ability to generate the right name:
+  // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("1.2.3.10", "ten.example.com."),
 );
 
 D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
-  // These take advantage of DNSControl's ability to generate the right name:
+  // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
 );
 ```
 {% endcode %}
 
-In the future we plan on adding a flag to [`A()`](../domain/A.md)which will insert
-the correct PTR() record in the appropriate `D(REV())` domain (i.e. `.arpa` domain) has been
-defined.
+# Automatic forward and reverse record generation
+
+DNSControl does not automatically generate forward and reverse lookups. However
+it is possible to write a macro that does this.  See
+[`PTR()`](../domain/PTR.md)   for an example.
diff --git a/documentation/functions/global/REVCOMPAT.md b/documentation/functions/global/REVCOMPAT.md
new file mode 100644
index 0000000000..69a32404cf
--- /dev/null
+++ b/documentation/functions/global/REVCOMPAT.md
@@ -0,0 +1,47 @@
+---
+name: REVCOMPAT
+parameters:
+  - rfc
+parameter_types:
+  rfc: string
+ts_return: string
+---
+
+`REVCOMPAT()` controls which RFC the [`REV()`](REV.md) function adheres to.
+
+Include one of these two commands near the top `dnsconfig.js` (at the global level):
+
+{% code title="dnsconfig.js" %}
+```javascript
+REVCOMPAT("rfc2317");  // RFC 2117: Compatible with old files.
+REVCOMPAT("rfc4183");  // RFC 4183: Adopt the newer standard.
+```
+{% endcode %}
+
+`REVCOMPAT()` is global for all of `dnsconfig.js`. It must appear before any
+use of `REV()`; If not, behavior is undefined.
+
+# RFC 4183 vs RFC 2317
+
+RFC 2317 and RFC 4183 are two different ways to implement reverse lookups for
+CIDR blocks that are not on 8-bit boundaries (/24, /16, /8).
+
+Originally DNSControl implemented the older standard, which only specifies what
+to do for /8, /16, /24 - /32.  Using `REV()` for /9-17 and /17-23 CIDRs was an
+error.
+
+v4 defaults to RFC 2317.  In v5.0 the default will change to RFC 4183.
+`REVCOMPAT()` is provided for those that wish to retain the old behavior.
+
+For more information, see [Opinion #9](../../opinions.md#opinion-9-rfc-4183-is-better-than-rfc-2317).
+
+# Transition plan
+
+What's the default behavior if `REVCOMPAT()` is not used?
+
+| Version | /9 to /15 and /17 to /23 | /25 to 32 | Warnings                   |
+|---------|--------------------------|-----------|----------------------------|
+| v4      | RFC 4183                 | RFC 2317  | Only if /25 - /32 are used |
+| v5      | RFC 4183                 | RFC 4183  | none                       |
+
+No warnings are generated if the `REVCOMPAT()` function is used.
diff --git a/documentation/opinions.md b/documentation/opinions.md
index ffa5d626ad..2ee44a9abf 100644
--- a/documentation/opinions.md
+++ b/documentation/opinions.md
@@ -90,7 +90,7 @@ Some examples:
 * SPF records are stated in the most verbose way; DNSControl optimizes it for you in a safe, opt-in way.
 
 
-# Opinion #6 If it is ambiguous in DNS, it is forbidden in DNSControl
+# Opinion #6: If it is ambiguous in DNS, it is forbidden in DNSControl
 
 When there is ambiguity an expert knows what the system will do.
 Your coworkers should not be expected to be experts. (See [Opinion #2](#opinion-2-non-experts-should-be-able-to-safely-make-dns-changes)).
@@ -124,7 +124,7 @@ Therefore, we require all CNAME, MX, and NS targets to be FQDNs (they must
 end with a "."), or to be a shortname (no dots at all).  Everything
 else is ambiguous and therefore an error.
 
-# Opinion #7 Hostnames don't have underscores
+# Opinion #7: Hostnames don't have underscores
 
 DNSControl prints warnings if a hostname includes an underscore
 (`_`) because underscores are not permitted in hostnames.
@@ -151,7 +151,7 @@ unless the rtype is SRV, TLSA, TXT, or if the name starts with
 certain prefixes such as `_dmarc`.  We're always willing to
 [add more exceptions](https://github.com/StackExchange/dnscontrol/pull/453/files).
 
-# Opinion #8 TXT Records are one long string
+# Opinion #8: TXT Records are one long string
 
 * TXT records are a single string with a length of 0 to 65,280 bytes
   (the maximum possible TXT record size).
@@ -180,3 +180,25 @@ control panel let you specify the boundaries, (b) I've never seen a
 FAQ or reddit post asking how to specify those boundaries. Therefore,
 there is no need for this. I also assert that there will be no such
 need in the future.
+
+
+# Opinion #9: RFC 4183 is better than RFC 2317
+
+There is no standard for how to do reverse lookup zones (in-addr.arpa)
+for CIDR blocks that are not /8, /16, or /24. There are only
+recommendations.
+
+RFC 2317 is a good recommendation, but it only covers /25 to /32.
+It also uses `/` in zone names, which many DNS providers do not
+support.
+
+RFC 4183 covers /8 through /32 and uses hyphens, which are supported
+universally.
+
+Originally DNSControl implemented RFC 2317.
+
+In v5.0 we will adopt RFC 4183 as the default.  A new function,
+[REVCOMPAT()](functions/global/REVCOMPAT.md), will be provided to enable backwards compatibility.
+v4.x users can use the function to adopt the new behavior early.
+
+See [REVCOMPAT()](functions/global/REVCOMPAT.md) for details.
diff --git a/pkg/js/js.go b/pkg/js/js.go
index c2e5f49ab4..dc054918d1 100644
--- a/pkg/js/js.go
+++ b/pkg/js/js.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 	"github.com/StackExchange/dnscontrol/v4/pkg/transform"
 	"github.com/robertkrimen/otto"              // load underscore js into vm by default
 	_ "github.com/robertkrimen/otto/underscore" // required by otto
@@ -70,6 +71,7 @@ func ExecuteJavascriptString(script []byte, devMode bool, variables map[string]s
 
 	vm.Set("require", require)
 	vm.Set("REV", reverse)
+	vm.Set("REVCOMPAT", reverseCompat)
 	vm.Set("glob", listFiles) // used for require_glob()
 	vm.Set("PANIC", jsPanic)
 
@@ -290,3 +292,16 @@ func reverse(call otto.FunctionCall) otto.Value {
 	v, _ := otto.ToValue(rev)
 	return v
 }
+
+func reverseCompat(call otto.FunctionCall) otto.Value {
+	if len(call.ArgumentList) != 1 {
+		throw(call.Otto, "REVCOMPAT takes exactly one argument")
+	}
+	dom := call.Argument(0).String()
+	err := rfc4183.SetCompatibilityMode(dom)
+	if err != nil {
+		throw(call.Otto, err.Error())
+	}
+	v, _ := otto.ToValue(nil)
+	return v
+}
diff --git a/pkg/rfc4183/ipv6.go b/pkg/rfc4183/ipv6.go
new file mode 100644
index 0000000000..d6595413e7
--- /dev/null
+++ b/pkg/rfc4183/ipv6.go
@@ -0,0 +1,26 @@
+package rfc4183
+
+import (
+	"fmt"
+)
+
+// reverseIPv6 returns the ipv6.arpa string suitable for reverse DNS lookups.
+func reverseIPv6(ip []byte, maskbits int) (arpa string, err error) {
+	// Must be IPv6
+	if len(ip) != 16 {
+		return "", fmt.Errorf("not IPv6")
+	}
+
+	buf := []byte("x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.x.ip6.arpa")
+	// Poke hex digits into the template
+	pos := 128/4*2 - 2 // Position of the last "x"
+	for _, v := range ip {
+		buf[pos] = hexDigit[v>>4]
+		buf[pos-2] = hexDigit[v&0xF]
+		pos = pos - 4
+	}
+	// Return only the parts without x's
+	return string(buf[(128-maskbits)/4*2:]), nil
+}
+
+const hexDigit = "0123456789abcdef"
diff --git a/pkg/rfc4183/mode.go b/pkg/rfc4183/mode.go
new file mode 100644
index 0000000000..02ef96ad32
--- /dev/null
+++ b/pkg/rfc4183/mode.go
@@ -0,0 +1,47 @@
+package rfc4183
+
+import (
+	"fmt"
+	"strings"
+)
+
+var newmode bool
+var modeset bool
+
+func SetCompatibilityMode(m string) error {
+	if modeset {
+		return fmt.Errorf("ERROR: REVCOMPAT() already set")
+	}
+	modeset = true
+
+	switch strings.ToLower(m) {
+	case "rfc2317", "2317", "2", "old":
+		newmode = false
+	case "rfc4183", "4183", "4":
+		newmode = true
+	default:
+		return fmt.Errorf("invalid value %q, must be rfc2317 or rfc4182", m)
+	}
+	return nil
+}
+
+func IsRFC4183Mode() bool {
+	return newmode
+}
+
+var warningNeeded bool = false
+
+func NeedsWarning() {
+	warningNeeded = true
+}
+
+func PrintWarning() {
+	if modeset {
+		// No warnings if REVCOMPAT() was used.
+		return
+	}
+	if !warningNeeded {
+		return
+	}
+	fmt.Printf("WARNING: REV() breaking change coming in v5.0. See https://docs.dnscontrol.org/functions/REVCOMPAT\n")
+}
diff --git a/pkg/rfc4183/reverse.go b/pkg/rfc4183/reverse.go
new file mode 100644
index 0000000000..25b2c9587d
--- /dev/null
+++ b/pkg/rfc4183/reverse.go
@@ -0,0 +1,79 @@
+package rfc4183
+
+import (
+	"fmt"
+	"net/netip"
+	"strings"
+)
+
+// ReverseDomainName implements RFC4183 for turning a CIDR block into
+// a in-addr name.  IP addresses are assumed to be /32 or /128 CIDR blocks.
+// CIDR host bits are changed to 0s.
+func ReverseDomainName(cidr string) (string, error) {
+
+	// Mask missing? Add it.
+	if !strings.Contains(cidr, "/") {
+		a, err := netip.ParseAddr(cidr)
+		if err != nil {
+			return "", fmt.Errorf("not an IP address: %w", err)
+		}
+		if a.Is4() {
+			cidr = cidr + "/32"
+		} else {
+			cidr = cidr + "/128"
+		}
+	}
+
+	// Parse the CIDR.
+	p, err := netip.ParsePrefix(cidr)
+	if err != nil {
+		return "", fmt.Errorf("not a CIDR block: %w", err)
+	}
+
+	// RFC4183 4.1 step 4: The notion of fewer than 8 mask bits is not reasonable.
+	if p.Bits() < 8 {
+		return "", fmt.Errorf("mask fewer than 8 bits is unreasonable: %s", cidr)
+	}
+
+	// Handle IPv6 separately:
+	if p.Addr().Is6() {
+		return reverseIPv6(p.Addr().AsSlice(), p.Bits())
+	}
+
+	// Zero out any host bits.
+	p = p.Masked()
+
+	// IPv4: Implement the RFC4183 process:
+
+	// 4.p Step 1
+	b := p.Addr().AsSlice()
+	x, y, z, w := b[0], b[1], b[2], b[3]
+	m := p.Bits()
+
+	if m == 8 {
+		return fmt.Sprintf("%d.in-addr.arpa", x), nil
+	}
+	if m == 16 {
+		return fmt.Sprintf("%d.%d.in-addr.arpa", y, x), nil
+	}
+	if m == 24 {
+		return fmt.Sprintf("%d.%d.%d.in-addr.arpa", z, y, x), nil
+	}
+	if m == 32 {
+		return fmt.Sprintf("%d.%d.%d.%d.in-addr.arpa", w, z, y, x), nil
+	}
+
+	// 4.1 Step 2
+	n := w // I don't understand why the RFC changes variable names at this point, but it does.
+	if m >= 24 && m <= 32 {
+		return fmt.Sprintf("%d-%d.%d.%d.%d.in-addr.arpa", n, m, z, y, x), nil
+	}
+	if m >= 16 && m < 24 {
+		return fmt.Sprintf("%d-%d.%d.%d.in-addr.arpa", z, m, y, x), nil
+	}
+	if m >= 8 && m < 16 {
+		return fmt.Sprintf("%d-%d.%d.in-addr.arpa", y, m, x), nil
+	}
+	return "", fmt.Errorf("fewer than 8 mask bits is not reasonable: %v", cidr)
+
+}
diff --git a/pkg/rfc4183/reverse_test.go b/pkg/rfc4183/reverse_test.go
new file mode 100644
index 0000000000..4c53bced32
--- /dev/null
+++ b/pkg/rfc4183/reverse_test.go
@@ -0,0 +1,125 @@
+package rfc4183
+
+import (
+	"fmt"
+	"testing"
+)
+
+func TestReverse(t *testing.T) {
+	var tests = []struct {
+		in  string
+		out string
+	}{
+		// IPv4 "Classless in-addr.arpa delegation" RFC4183.
+		// Examples in the RFC:
+		{"10.100.2.0/26", "0-26.2.100.10.in-addr.arpa"},
+		{"10.192.0.0/13", "192-13.10.in-addr.arpa"},
+		{"10.20.128.0/23", "128-23.20.10.in-addr.arpa"},
+		{"10.20.129.0/23", "128-23.20.10.in-addr.arpa"}, // Not in the RFC but should be!
+
+		// IPv6
+		{"2001::/16", "1.0.0.2.ip6.arpa"},
+		{"2001:0db8:0123:4567:89ab:cdef:1234:5670/64", "7.6.5.4.3.2.1.0.8.b.d.0.1.0.0.2.ip6.arpa"},
+		{"2001:0db8:0123:4567:89ab:cdef:1234:5670/68", "8.7.6.5.4.3.2.1.0.8.b.d.0.1.0.0.2.ip6.arpa"},
+		{"2001:0db8:0123:4567:89ab:cdef:1234:5670/124", "7.6.5.4.3.2.1.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.8.b.d.0.1.0.0.2.ip6.arpa"},
+		{"2001:0db8:0123:4567:89ab:cdef:1234:5678/128", "8.7.6.5.4.3.2.1.f.e.d.c.b.a.9.8.7.6.5.4.3.2.1.0.8.b.d.0.1.0.0.2.ip6.arpa"},
+
+		// 8-bit boundaries
+		{"174.0.0.0/8", "174.in-addr.arpa"},
+		{"174.136.43.0/8", "174.in-addr.arpa"},
+		{"174.136.0.44/8", "174.in-addr.arpa"},
+		{"174.136.45.45/8", "174.in-addr.arpa"},
+		{"174.136.0.0/16", "136.174.in-addr.arpa"},
+		{"174.136.43.0/16", "136.174.in-addr.arpa"},
+		{"174.136.44.255/16", "136.174.in-addr.arpa"},
+		{"174.136.107.0/24", "107.136.174.in-addr.arpa"},
+		{"174.136.107.1/24", "107.136.174.in-addr.arpa"},
+		{"174.136.107.14/32", "14.107.136.174.in-addr.arpa"},
+
+		// /25 (all cases)
+		{"174.1.0.0/25", "0-25.0.1.174.in-addr.arpa"},
+		{"174.1.0.128/25", "128-25.0.1.174.in-addr.arpa"},
+		{"174.1.0.129/25", "128-25.0.1.174.in-addr.arpa"}, // host bits
+		// /26 (all cases)
+		{"174.1.0.0/26", "0-26.0.1.174.in-addr.arpa"},
+		{"174.1.0.0/26", "0-26.0.1.174.in-addr.arpa"},
+		{"174.1.0.64/26", "64-26.0.1.174.in-addr.arpa"},
+		{"174.1.0.128/26", "128-26.0.1.174.in-addr.arpa"},
+		{"174.1.0.192/26", "192-26.0.1.174.in-addr.arpa"},
+		{"174.1.0.194/26", "192-26.0.1.174.in-addr.arpa"}, // host bits
+		// /27 (all cases)
+		{"174.1.0.0/27", "0-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.32/27", "32-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.64/27", "64-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.96/27", "96-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.128/27", "128-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.160/27", "160-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.192/27", "192-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.224/27", "224-27.0.1.174.in-addr.arpa"},
+		{"174.1.0.225/27", "224-27.0.1.174.in-addr.arpa"}, // host bits
+		// /28 (first 2, last 2)
+		{"174.1.0.0/28", "0-28.0.1.174.in-addr.arpa"},
+		{"174.1.0.16/28", "16-28.0.1.174.in-addr.arpa"},
+		{"174.1.0.224/28", "224-28.0.1.174.in-addr.arpa"},
+		{"174.1.0.240/28", "240-28.0.1.174.in-addr.arpa"},
+		{"174.1.0.241/28", "240-28.0.1.174.in-addr.arpa"}, // host bits
+		// /29 (first 2 cases)
+		{"174.1.0.0/29", "0-29.0.1.174.in-addr.arpa"},
+		{"174.1.0.8/29", "8-29.0.1.174.in-addr.arpa"},
+		{"174.1.0.9/29", "8-29.0.1.174.in-addr.arpa"}, // host bits
+		// /30 (first 2 cases)
+		{"174.1.0.0/30", "0-30.0.1.174.in-addr.arpa"},
+		{"174.1.0.4/30", "4-30.0.1.174.in-addr.arpa"},
+		{"174.1.0.5/30", "4-30.0.1.174.in-addr.arpa"}, // host bits
+		// /31 (first 2 cases)
+		{"174.1.0.0/31", "0-31.0.1.174.in-addr.arpa"},
+		{"174.1.0.2/31", "2-31.0.1.174.in-addr.arpa"},
+		{"174.1.0.3/31", "2-31.0.1.174.in-addr.arpa"}, // host bits
+
+		// Other tests:
+		{"10.100.2.255/23", "2-23.100.10.in-addr.arpa"},
+		{"10.100.2.255/22", "0-22.100.10.in-addr.arpa"},
+		{"10.100.2.255/21", "0-21.100.10.in-addr.arpa"},
+		{"10.100.2.255/20", "0-20.100.10.in-addr.arpa"},
+		{"10.100.2.255/19", "0-19.100.10.in-addr.arpa"},
+		{"10.100.2.255/18", "0-18.100.10.in-addr.arpa"},
+		{"10.100.2.255/17", "0-17.100.10.in-addr.arpa"},
+		//
+		{"10.100.2.255/15", "100-15.10.in-addr.arpa"},
+		{"10.100.2.255/14", "100-14.10.in-addr.arpa"},
+		{"10.100.2.255/13", "96-13.10.in-addr.arpa"},
+		{"10.100.2.255/12", "96-12.10.in-addr.arpa"},
+		{"10.100.2.255/11", "96-11.10.in-addr.arpa"},
+		{"10.100.2.255/10", "64-10.10.in-addr.arpa"},
+		{"10.100.2.255/9", "0-9.10.in-addr.arpa"},
+	}
+	for i, tst := range tests {
+		t.Run(fmt.Sprintf("%d--%s", i, tst.in), func(t *testing.T) {
+			d, err := ReverseDomainName(tst.in)
+			if err != nil {
+				t.Errorf("Should not have errored: %v", err)
+			} else if d != tst.out {
+				t.Errorf("Expected '%s' but got '%s'", tst.out, d)
+			}
+		})
+	}
+}
+
+func TestReverseErrors(t *testing.T) {
+	var tests = []struct {
+		in string
+	}{
+		{"0.0.0.0/0"},
+		{"2001::/0"},
+		{"4.5/16"},
+		{"foo.com"},
+	}
+	for i, tst := range tests {
+		t.Run(fmt.Sprintf("%d--%s", i, tst.in), func(t *testing.T) {
+			d, err := ReverseDomainName(tst.in)
+			if err == nil {
+				t.Errorf("Should have errored, but didn't. Got %s", d)
+			}
+		})
+	}
+}
diff --git a/pkg/transform/arpa.go b/pkg/transform/arpa.go
index 12a8370d72..704222bbe4 100644
--- a/pkg/transform/arpa.go
+++ b/pkg/transform/arpa.go
@@ -2,115 +2,60 @@ package transform
 
 import (
 	"fmt"
-	"net"
+	"net/netip"
 	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 )
 
 // ReverseDomainName turns a CIDR block into a reversed (in-addr) name.
+// For cases not covered by RFC2317, implement RFC4183
+// The host bits must all be zeros.
 func ReverseDomainName(cidr string) (string, error) {
 
-	// If it is an IP address, add the /32 or /128
-	ip := net.ParseIP(cidr)
-	if ip != nil {
-		if ip.To4() != nil {
+	if rfc4183.IsRFC4183Mode() {
+		return rfc4183.ReverseDomainName(cidr)
+	}
+
+	// Mask missing? Add it.
+	if !strings.Contains(cidr, "/") {
+		a, err := netip.ParseAddr(cidr)
+		if err != nil {
+			return "", fmt.Errorf("not an IP address: %w", err)
+		}
+		if a.Is4() {
 			cidr = cidr + "/32"
 		} else {
 			cidr = cidr + "/128"
 		}
 	}
 
-	a, c, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return "", err
-	}
-	base, err := reverseaddr(a.String())
+	// Parse the CIDR.
+	p, err := netip.ParsePrefix(cidr)
 	if err != nil {
-		return "", err
-	}
-	base = strings.TrimRight(base, ".")
-	if !a.Equal(c.IP) {
-		return "", fmt.Errorf("CIDR %v has 1 bits beyond the mask", cidr)
-	}
-
-	bits, total := c.Mask.Size()
-	var toTrim int
-	if bits == 0 {
-		return "", fmt.Errorf("cannot use /0 in reverse CIDR")
+		return "", fmt.Errorf("not a CIDR block: %w", err)
 	}
+	bits := p.Bits()
 
-	// Handle IPv4 "Classless in-addr.arpa delegation" RFC2317:
-	if total == 32 && bits >= 25 && bits < 32 {
-		// first address / netmask . Class-b-arpa.
-		fparts := strings.Split(c.IP.String(), ".")
-		first := fparts[3]
-		bparts := strings.SplitN(base, ".", 2)
-		return fmt.Sprintf("%s/%d.%s", first, bits, bparts[1]), nil
+	if p.Masked() != p {
+		return "", fmt.Errorf("CIDR %v has 1 bits beyond the mask", cidr)
 	}
 
-	// Handle IPv4 Class-full and IPv6:
-	if total == 32 {
-		if bits%8 != 0 {
-			return "", fmt.Errorf("IPv4 mask must be multiple of 8 bits")
-		}
-		toTrim = (total - bits) / 8
-	} else if total == 128 {
-		if bits%4 != 0 {
-			return "", fmt.Errorf("IPv6 mask must be multiple of 4 bits")
-		}
-		toTrim = (total - bits) / 4
-	} else {
-		return "", fmt.Errorf("invalid address (not IPv4 or IPv6): %v", cidr)
+	// Cases where RFC4183 is the same as RFC2317:
+	// IPV6, /0 - /24, /32
+	if strings.Contains(cidr, ":") || bits <= 24 || bits == 32 {
+		// There is no p.Is6() so we test for ":" as a workaround.
+		return rfc4183.ReverseDomainName(cidr)
 	}
 
-	parts := strings.SplitN(base, ".", toTrim+1)
-	return parts[len(parts)-1], nil
-}
-
-// copied from go source.
-// https://github.com/golang/go/blob/bfc164c64d33edfaf774b5c29b9bf5648a6447fb/src/net/dnsclient.go#L15
+	// Record that the change to --revmode default will affect this configuration
+	rfc4183.NeedsWarning()
 
-// reverseaddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
-// address addr suitable for rDNS (PTR) record lookup or an error if it fails
-// to parse the IP address.
-func reverseaddr(addr string) (arpa string, err error) {
-	ip := net.ParseIP(addr)
-	if ip == nil {
-		return "", &net.DNSError{Err: "unrecognized address", Name: addr}
-	}
-	if ip.To4() != nil {
-		return uitoa(uint(ip[15])) + "." + uitoa(uint(ip[14])) + "." + uitoa(uint(ip[13])) + "." + uitoa(uint(ip[12])) + ".in-addr.arpa.", nil
-	}
-	// Must be IPv6
-	buf := make([]byte, 0, len(ip)*4+len("ip6.arpa."))
-	// Add it, in reverse, to the buffer
-	for i := len(ip) - 1; i >= 0; i-- {
-		v := ip[i]
-		buf = append(buf, hexDigit[v&0xF])
-		buf = append(buf, '.')
-		buf = append(buf, hexDigit[v>>4])
-		buf = append(buf, '.')
-	}
-	// Append "ip6.arpa." and return (buf already has the final .)
-	buf = append(buf, "ip6.arpa."...)
-	return string(buf), nil
-}
+	// Handle IPv4 "Classless in-addr.arpa delegation" RFC2317:
+	// if bits >= 25 && bits < 32 {
+	// first address / netmask . Class-b-arpa.
 
-// Convert unsigned integer to decimal string.
-func uitoa(val uint) string {
-	if val == 0 { // avoid string allocation
-		return "0"
-	}
-	var buf [20]byte // big enough for 64bit value base 10
-	i := len(buf) - 1
-	for val >= 10 {
-		q := val / 10
-		buf[i] = byte('0' + val - q*10)
-		i--
-		val = q
-	}
-	// val < 10
-	buf[i] = byte('0' + val)
-	return string(buf[i:])
+	ip := p.Addr().AsSlice()
+	return fmt.Sprintf("%d/%d.%d.%d.%d.in-addr.arpa",
+		ip[3], bits, ip[2], ip[1], ip[0]), nil
 }
-
-const hexDigit = "0123456789abcdef"
diff --git a/pkg/transform/arpa_test.go b/pkg/transform/arpa_test.go
index 67646e0376..a1486a9369 100644
--- a/pkg/transform/arpa_test.go
+++ b/pkg/transform/arpa_test.go
@@ -73,6 +73,10 @@ func TestReverse(t *testing.T) {
 		{"174.1.0.0/31", false, "0/31.0.1.174.in-addr.arpa"},
 		{"174.1.0.2/31", false, "2/31.0.1.174.in-addr.arpa"},
 
+		// Use RFC4183 for cases not covered by RFC2317:
+		{"10.20.128.0/23", false, "128-23.20.10.in-addr.arpa"},
+		{"10.192.0.0/13", false, "192-13.10.in-addr.arpa"},
+
 		// Error Cases:
 		{"0.0.0.0/0", true, ""},
 		{"2001::/0", true, ""},

From 17d644cfc626f9cb4706f877064e673c0c759cef Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 7 Apr 2024 14:30:30 -0400
Subject: [PATCH 227/438] CHORE: update deps (#2906)

---
 go.mod | 27 +++++++++++++--------------
 go.sum | 54 ++++++++++++++++++++++++++----------------------------
 2 files changed, 39 insertions(+), 42 deletions(-)

diff --git a/go.mod b/go.mod
index 3f57fffbe6..41806e6d23 100644
--- a/go.mod
+++ b/go.mod
@@ -19,15 +19,15 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.26.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.10
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.10
+	github.com/aws/aws-sdk-go-v2/config v1.27.11
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
 	github.com/cloudflare/cloudflare-go v0.92.0
-	github.com/digitalocean/godo v1.110.0
+	github.com/digitalocean/godo v1.111.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -53,15 +53,15 @@ require (
 	github.com/transip/gotransip/v6 v6.23.0
 	github.com/urfave/cli/v2 v2.27.1
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.22.0
-	golang.org/x/oauth2 v0.18.0
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/net v0.24.0
+	golang.org/x/oauth2 v0.19.0
 	google.golang.org/api v0.172.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
 	github.com/G-Core/gcore-dns-sdk-go v0.2.8
 	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
@@ -71,7 +71,7 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8
+	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -89,7 +89,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
@@ -148,12 +148,11 @@ require (
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.16.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.19.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
+	golang.org/x/tools v0.20.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
 	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index e919c5cd3f..56083f9588 100644
--- a/go.sum
+++ b/go.sum
@@ -3,8 +3,8 @@ cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wv
 cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0 h1:U/kwEXj0Y+1REAkV4kV8VO1CsEp8tSaQDG/7qC5XuqQ=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.0/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
@@ -41,10 +41,10 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
 github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.10 h1:PS+65jThT0T/snC5WjyfHHyUgG+eBoupSDV+f838cro=
-github.com/aws/aws-sdk-go-v2/config v1.27.10/go.mod h1:BePM7Vo4OBpHreKRUMuDXX+/+JWP38FLkzl5m27/Jjs=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.10 h1:qDZ3EA2lv1KangvQB6y258OssCHD0xvaGiEDkG4X/10=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.10/go.mod h1:6t3sucOaYDwDssHQa0ojH1RpmVmF5/jArkye1b2FKMI=
+github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
+github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
@@ -61,8 +61,8 @@ github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4 h1:ZZKiHm4cN8IDDZ2kh8DTk+Yn
 github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4 h1:Qb7EiHvGJZGU43aCMahEJrP5sJjV62gGXm4y9x/syRQ=
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4/go.mod h1:8wjITSWOCR+G7DhS2WraZnZ/geFYxXLLP0KKTfZtRGQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4 h1:WzFol5Cd+yDxPAdnzTA5LmpHYSWinhmSj4rQChV0ee8=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.4/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
@@ -101,8 +101,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.110.0 h1:EY+rewWCYrUNOPbk9wI2Ytf0TBSRTJcZ6BINCb5dfmQ=
-github.com/digitalocean/godo v1.110.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.111.0 h1:nBXi9LtykvQiwZjMbljrwr17HwABSBY8ZE872dm2DzI=
+github.com/digitalocean/godo v1.111.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -425,11 +425,11 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw=
-golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
+golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 h1:985EYyeCOxTpcgOTJpflJUwOeEz0CQOdPt73OzpE9F8=
+golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -437,8 +437,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
-golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -454,11 +454,11 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
-golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
+golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -466,8 +466,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -494,8 +494,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
+golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -528,8 +528,8 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw=
-golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc=
+golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -538,8 +538,6 @@ google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk=
 google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=

From c31064781f3a7af9e0aac0f66fe38428d67acde8 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 9 Apr 2024 20:26:45 +0200
Subject: [PATCH 228/438] DOCS: Documentation directory structure (#2905)

---
 build/generate/featureMatrix.go               |  26 ++--
 build/generate/functionTypes.go               |  14 +-
 commands/types/dnscontrol.d.ts                |  54 +++----
 commands/types/fetch.d.ts                     |   2 +-
 documentation/SUMMARY.md                      | 137 +++++++++---------
 documentation/adding-new-rtypes.md            |  28 ++--
 documentation/code-tricks.md                  |  14 +-
 documentation/examples.md                     |   2 +-
 documentation/functions/record/R53_ZONE.md    |  15 --
 documentation/index.md                        |   2 +-
 .../domain-modifiers}/A.md                    |   2 +-
 .../domain-modifiers}/AAAA.md                 |   0
 .../domain-modifiers}/AKAMAICDN.md            |   0
 .../domain-modifiers}/ALIAS.md                |   0
 .../domain-modifiers}/AUTODNSSEC_OFF.md       |   0
 .../domain-modifiers}/AUTODNSSEC_ON.md        |   0
 .../domain-modifiers}/AZURE_ALIAS.md          |   0
 .../domain-modifiers}/CAA.md                  |   0
 .../domain-modifiers}/CAA_BUILDER.md          |   2 +-
 .../domain-modifiers}/CF_REDIRECT.md          |   0
 .../domain-modifiers}/CF_TEMP_REDIRECT.md     |   0
 .../domain-modifiers}/CF_WORKER_ROUTE.md      |   0
 .../domain-modifiers}/CLOUDNS_WR.md           |   0
 .../domain-modifiers}/CNAME.md                |   0
 .../domain-modifiers}/DHCID.md                |   0
 .../DISABLE_IGNORE_SAFETY_CHECK.md            |   2 +-
 .../domain-modifiers}/DMARC_BUILDER.md        |   0
 .../domain-modifiers}/DNAME.md                |   0
 .../domain-modifiers}/DS.md                   |   0
 .../domain-modifiers}/DefaultTTL.md           |   8 +-
 .../domain-modifiers}/DnsProvider.md          |   2 +-
 .../domain-modifiers}/FRAME.md                |   0
 .../domain-modifiers}/IGNORE.md               |   6 +-
 .../domain-modifiers}/IGNORE_NAME.md          |   0
 .../domain-modifiers}/IGNORE_TARGET.md        |   0
 .../domain-modifiers}/IMPORT_TRANSFORM.md     |   0
 .../domain-modifiers}/INCLUDE.md              |   0
 .../domain-modifiers}/LOC.md                  |   0
 .../domain-modifiers}/LOC_BUILDER_DD.md       |   0
 .../domain-modifiers}/LOC_BUILDER_DMM_STR.md  |   0
 .../domain-modifiers}/LOC_BUILDER_DMS_STR.md  |   0
 .../domain-modifiers}/LOC_BUILDER_STR.md      |   0
 .../domain-modifiers}/M365_BUILDER.md         |   0
 .../domain-modifiers}/MX.md                   |   0
 .../domain-modifiers}/NAMESERVER.md           |   0
 .../domain-modifiers}/NAMESERVER_TTL.md       |   4 +-
 .../domain-modifiers}/NAPTR.md                |   0
 .../domain-modifiers}/NO_PURGE.md             |   0
 .../domain-modifiers}/NS.md                   |   0
 .../domain-modifiers}/NS1_URLFWD.md           |   0
 .../domain-modifiers}/PTR.md                  |   2 +-
 .../domain-modifiers}/PURGE.md                |   0
 .../domain-modifiers}/R53_ALIAS.md            |   4 +-
 .../domain-modifiers}/SOA.md                  |   0
 .../domain-modifiers}/SPF_BUILDER.md          |   0
 .../domain-modifiers}/SRV.md                  |   0
 .../domain-modifiers}/SSHFP.md                |   0
 .../domain-modifiers}/TLSA.md                 |   0
 .../domain-modifiers}/TXT.md                  |   2 +-
 .../domain-modifiers}/URL.md                  |   0
 .../domain-modifiers}/URL301.md               |   0
 .../R53_EVALUATE_TARGET_HEALTH.md             |   2 +-
 .../record-modifiers/R53_ZONE.md              |  15 ++
 .../record-modifiers}/TTL.md                  |   2 +-
 .../top-level-functions}/D.md                 |   4 +-
 .../top-level-functions}/DEFAULTS.md          |   2 +-
 .../top-level-functions}/DOMAIN_ELSEWHERE.md  |   2 +-
 .../DOMAIN_ELSEWHERE_AUTO.md                  |   2 +-
 .../top-level-functions}/D_EXTEND.md          |   2 +-
 .../top-level-functions}/FETCH.md             |   0
 .../top-level-functions}/IP.md                |   0
 .../top-level-functions}/NewDnsProvider.md    |   0
 .../top-level-functions}/NewRegistrar.md      |   0
 .../top-level-functions}/PANIC.md             |   0
 .../top-level-functions}/REV.md               |   0
 .../top-level-functions}/REVCOMPAT.md         |   0
 .../getConfiguredDomains.md                   |   0
 .../top-level-functions}/require.md           |   0
 .../top-level-functions}/require_glob.md      |   0
 documentation/notifications.md                |   2 +-
 documentation/providers.md                    |   4 +-
 documentation/providers/route53.md            |   4 +-
 documentation/providers/transip.md            |   2 +-
 documentation/styleguide-doc.md               |  10 +-
 documentation/writing-providers.md            |   2 +-
 pkg/js/parse_tests/030-dextenddoc.js          |   2 +-
 86 files changed, 192 insertions(+), 193 deletions(-)
 delete mode 100644 documentation/functions/record/R53_ZONE.md
 rename documentation/{functions/domain => language-reference/domain-modifiers}/A.md (93%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/AAAA.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/AKAMAICDN.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/ALIAS.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/AUTODNSSEC_OFF.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/AUTODNSSEC_ON.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/AZURE_ALIAS.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CAA.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CAA_BUILDER.md (95%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CF_REDIRECT.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CF_TEMP_REDIRECT.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CF_WORKER_ROUTE.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CLOUDNS_WR.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/CNAME.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DHCID.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DISABLE_IGNORE_SAFETY_CHECK.md (88%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DMARC_BUILDER.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DNAME.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DS.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DefaultTTL.md (60%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/DnsProvider.md (94%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/FRAME.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/IGNORE.md (98%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/IGNORE_NAME.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/IGNORE_TARGET.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/IMPORT_TRANSFORM.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/INCLUDE.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/LOC.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/LOC_BUILDER_DD.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/LOC_BUILDER_DMM_STR.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/LOC_BUILDER_DMS_STR.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/LOC_BUILDER_STR.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/M365_BUILDER.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/MX.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NAMESERVER.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NAMESERVER_TTL.md (88%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NAPTR.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NO_PURGE.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NS.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/NS1_URLFWD.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/PTR.md (98%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/PURGE.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/R53_ALIAS.md (97%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/SOA.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/SPF_BUILDER.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/SRV.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/SSHFP.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/TLSA.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/TXT.md (98%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/URL.md (100%)
 rename documentation/{functions/domain => language-reference/domain-modifiers}/URL301.md (100%)
 rename documentation/{functions/record => language-reference/record-modifiers}/R53_EVALUATE_TARGET_HEALTH.md (57%)
 create mode 100644 documentation/language-reference/record-modifiers/R53_ZONE.md
 rename documentation/{functions/record => language-reference/record-modifiers}/TTL.md (93%)
 rename documentation/{functions/global => language-reference/top-level-functions}/D.md (94%)
 rename documentation/{functions/global => language-reference/top-level-functions}/DEFAULTS.md (92%)
 rename documentation/{functions/global => language-reference/top-level-functions}/DOMAIN_ELSEWHERE.md (92%)
 rename documentation/{functions/global => language-reference/top-level-functions}/DOMAIN_ELSEWHERE_AUTO.md (92%)
 rename documentation/{functions/global => language-reference/top-level-functions}/D_EXTEND.md (96%)
 rename documentation/{functions/global => language-reference/top-level-functions}/FETCH.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/IP.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/NewDnsProvider.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/NewRegistrar.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/PANIC.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/REV.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/REVCOMPAT.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/getConfiguredDomains.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/require.md (100%)
 rename documentation/{functions/global => language-reference/top-level-functions}/require_glob.md (100%)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index 730fe7a44c..f23d05a4ac 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -77,19 +77,19 @@ func matrixData() *FeatureMatrix {
 		ProviderDNSProvider  = "DNS Provider"
 		ProviderRegistrar    = "Registrar"
 		ProviderThreadSafe   = "Concurrency Verified"
-		DomainModifierAlias  = "[`ALIAS`](functions/domain/ALIAS.md)"
-		DomainModifierCaa    = "[`CAA`](functions/domain/CAA.md)"
-		DomainModifierDnssec = "[`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md)"
-		DomainModifierLoc    = "[`LOC`](functions/domain/LOC.md)"
-		DomainModifierNaptr  = "[`NAPTR`](functions/domain/NAPTR.md)"
-		DomainModifierPtr    = "[`PTR`](functions/domain/PTR.md)"
-		DomainModifierSoa    = "[`SOA`](functions/domain/SOA.md)"
-		DomainModifierSrv    = "[`SRV`](functions/domain/SRV.md)"
-		DomainModifierSshfp  = "[`SSHFP`](functions/domain/SSHFP.md)"
-		DomainModifierTlsa   = "[`TLSA`](functions/domain/TLSA.md)"
-		DomainModifierDs     = "[`DS`](functions/domain/DS.md)"
-		DomainModifierDhcid  = "[`DHCID`](functions/domain/DHCID.md)"
-		DomainModifierDname  = "[`DNAME`](functions/domain/DNAME.md)"
+		DomainModifierAlias  = "[`ALIAS`](language-reference/domain-modifiers/ALIAS.md)"
+		DomainModifierCaa    = "[`CAA`](language-reference/domain-modifiers/CAA.md)"
+		DomainModifierDnssec = "[`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md)"
+		DomainModifierLoc    = "[`LOC`](language-reference/domain-modifiers/LOC.md)"
+		DomainModifierNaptr  = "[`NAPTR`](language-reference/domain-modifiers/NAPTR.md)"
+		DomainModifierPtr    = "[`PTR`](language-reference/domain-modifiers/PTR.md)"
+		DomainModifierSoa    = "[`SOA`](language-reference/domain-modifiers/SOA.md)"
+		DomainModifierSrv    = "[`SRV`](language-reference/domain-modifiers/SRV.md)"
+		DomainModifierSshfp  = "[`SSHFP`](language-reference/domain-modifiers/SSHFP.md)"
+		DomainModifierTlsa   = "[`TLSA`](language-reference/domain-modifiers/TLSA.md)"
+		DomainModifierDs     = "[`DS`](language-reference/domain-modifiers/DS.md)"
+		DomainModifierDhcid  = "[`DHCID`](language-reference/domain-modifiers/DHCID.md)"
+		DomainModifierDname  = "[`DNAME`](language-reference/domain-modifiers/DNAME.md)"
 		DualHost             = "dual host"
 		CreateDomains        = "create-domains"
 		GetZones             = "get-zones"
diff --git a/build/generate/functionTypes.go b/build/generate/functionTypes.go
index 62b2d68a8b..65194f2fae 100644
--- a/build/generate/functionTypes.go
+++ b/build/generate/functionTypes.go
@@ -78,15 +78,15 @@ func parseFrontMatter(content string) (map[string]interface{}, string, error) {
 }
 
 var returnTypes = map[string]string{
-	"domain": "DomainModifier",
-	"global": "void",
-	"record": "RecordModifier",
+	"domain-modifiers":    "DomainModifier",
+	"top-level-functions": "void",
+	"record-modifiers":    "RecordModifier",
 }
 
 var categories = map[string]string{
-	"domain": "domain-modifiers",
-	"global": "top-level-functions",
-	"record": "record-modifiers",
+	"domain-modifiers":    "domain-modifiers",
+	"top-level-functions": "top-level-functions",
+	"record-modifiers":    "record-modifiers",
 }
 
 var providerNames = map[string]string{
@@ -101,7 +101,7 @@ var providerNames = map[string]string{
 func generateFunctionTypes() (string, error) {
 	funcs := []Function{}
 
-	srcRoot := join("documentation", "functions")
+	srcRoot := join("documentation", "language-reference")
 	types, err := os.ReadDir(srcRoot)
 	if err != nil {
 		return "", err
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index e8ed36bbd4..52d7cfddea 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -180,7 +180,7 @@ declare const DISABLE_REPEATED_DOMAIN_CHECK: RecordModifier;
 /**
  * A adds an A record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
  *
- * The address should be an ip address, either a string, or a numeric value obtained via [IP](../global/IP.md).
+ * The address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
  *
  * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
  *
@@ -371,7 +371,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
 
 /**
  * DNSControl contains a `CAA_BUILDER` which can be used to simply create
- * [`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
+ * [`CAA()`](../domain-modifiers/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain-modifiers/CAA.md) record
  * individually, you can simply configure your report mail address, the
  * authorized certificate authorities and the builder cares about the rest.
  *
@@ -570,11 +570,11 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
 /**
  * `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
  * name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
- * add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
+ * add records with [A](../domain-modifiers/A.md), [CNAME](../domain-modifiers/CNAME.md), and so forth, or add metadata.
  *
  * Modifier arguments are processed according to type as follows:
  *
- * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
+ * - A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers-modifiers) return such functions.
  * - An object argument will be merged into the domain's metadata collection.
  * - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
  *    be used like a macro in multiple domains.
@@ -660,7 +660,7 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  *
  * ## Example
  *
- * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
+ * We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain-modifiers/DefaultTTL.md).
  * The domain `example.com` will have the defaults set.
  *
  * ```javascript
@@ -713,7 +713,7 @@ declare function DHCID(name: string, digest: string, ...modifiers: RecordModifie
  * It replaces the per-record `IGNORE_NAME_DISABLE_SAFETY_CHECK()` which is
  * deprecated as of DNSControl v4.0.0.0.
  *
- * See [`IGNORE()`](../domain/IGNORE.md) for more information.
+ * See [`IGNORE()`](../domain-modifiers/IGNORE.md) for more information.
  *
  * ## Syntax
  *
@@ -861,7 +861,7 @@ declare function DNAME(name: string, target: string, ...modifiers: RecordModifie
  * );
  * ```
  *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
+ * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used out of abundance of caution but since no
  * `DnsProvider()` statements exist, no updates would be performed.
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere
@@ -896,7 +896,7 @@ declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_na
  * );
  * ```
  *
- * NOTE: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
+ * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used to prevent DNSControl from changing the records.
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/domain_elsewhere_auto
  */
@@ -945,7 +945,7 @@ declare function DS(name: string, keytag: number, algorithm: number, digesttype:
  * not `domain.tld`.
  *
  * Some operators only act on an apex domain (e.g.
- * [`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
+ * [`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
  * in a `D_EXTEND` subdomain may not be what you expect.
  *
  * ```javascript
@@ -1007,10 +1007,10 @@ declare function DS(name: string, keytag: number, algorithm: number, digesttype:
 declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
 
 /**
- * DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
- * the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../global/DEFAULTS.md) to override the internal defaults.
+ * DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record-modifiers/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
+ * the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../top-level-functions/DEFAULTS.md) to override the internal defaults.
  *
- * NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain/NAMESERVER_TTL.md) to set a default TTL for all NS records.
+ * NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain-modifiers/NAMESERVER_TTL.md) to set a default TTL for all NS records.
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
@@ -1020,7 +1020,7 @@ declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
  * );
  * ```
  *
- * The DefaultTTL duration is the same format as [`TTL`](../record/TTL.md), an integer number of seconds
+ * The DefaultTTL duration is the same format as [`TTL`](../record-modifiers/TTL.md), an integer number of seconds
  * or a string with a unit such as `"4d"`.
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/defaultttl
@@ -1029,7 +1029,7 @@ declare function DefaultTTL(ttl: Duration): DomainModifier;
 
 /**
  * DnsProvider indicates that the specified provider should be used to manage
- * records for this domain. The name must match the name used with [NewDnsProvider](../global/NewDnsProvider.md).
+ * records for this domain. The name must match the name used with [NewDnsProvider](../top-level-functions/NewDnsProvider.md).
  *
  * The nsCount parameter determines how the nameservers will be managed from this provider.
  *
@@ -1075,11 +1075,11 @@ declare function FRAME(name: string, target: string, ...modifiers: RecordModifie
  *
  * Technically `IGNORE_NAME` is a promise that DNSControl will not modify or
  * delete existing records that match particular patterns. It is like
- * [`NO_PURGE`](../domain/NO_PURGE.md) that matches only specific records.
+ * [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) that matches only specific records.
  *
  * Including a record that is ignored is considered an error and may have
  * undefined behavior. This safety check can be disabled using the
- * [`DISABLE_IGNORE_SAFETY_CHECK`](../domain/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
+ * [`DISABLE_IGNORE_SAFETY_CHECK`](../domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
  *
  * ## Syntax
  *
@@ -1815,7 +1815,7 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
 /**
  * NAMESERVER_TTL sets the TTL on the domain apex NS RRs defined by [`NAMESERVER`](NAMESERVER.md).
  *
- * The value can be an integer or a string. See [`TTL`](../record/TTL.md) for examples.
+ * The value can be an integer or a string. See [`TTL`](../record-modifiers/TTL.md) for examples.
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
@@ -1837,7 +1837,7 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
  * );
  * ```
  *
- * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain/DefaultTTL.md)
+ * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain-modifiers/DefaultTTL.md)
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver_ttl
  */
@@ -2250,7 +2250,7 @@ declare function PANIC(message: string): never;
  * * `PTR("4.3", ...`    // Assuming the domain is `2.1.in-addr.arpa`
  *
  * All magic is RFC2317-aware. We use the first format listed in the
- * RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
+ * RFC for both [`REV()`](../top-level-functions/REV.md) and `PTR()`. The format is
  * `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
  * of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
  * and A, B, C are the first 3 octets of the IP address. For example
@@ -2371,7 +2371,7 @@ declare const PURGE: DomainModifier;
  * * _S3 bucket_ (configured as website): specify the domain name of the Amazon S3 website endpoint in which you configured the bucket (for instance s3-website-us-east-2.amazonaws.com). For the available values refer to the [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
  * * _Another Route53 record_: specify the value of the name of another record in the same hosted zone.
  *
- * For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record/R53_ZONE.md) record modifier.
+ * For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record-modifiers/R53_ZONE.md) record modifier.
  *
  * The zone id can be found depending on the target type:
  *
@@ -2381,7 +2381,7 @@ declare const PURGE: DomainModifier;
  * * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
  * * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
  *
- * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
+ * Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record-modifiers/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
@@ -2398,18 +2398,18 @@ declare const PURGE: DomainModifier;
 declare function R53_ALIAS(name: string, target: string, zone_idModifier: DomainModifier & RecordModifier, evaluatetargethealthModifier: RecordModifier): DomainModifier;
 
 /**
- * `R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
+ * `R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
  *
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_evaluate_target_health
  */
 declare function R53_EVALUATE_TARGET_HEALTH(enabled: boolean): RecordModifier;
 
 /**
- * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
+ * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../top-level-functions/D.md)) or a specific [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record.
  *
- * When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
+ * When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
  *
- * When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
+ * When used with [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) documentation for details.
  *
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/service-provider-specific/amazon-route-53/r53_zone
  */
@@ -2906,7 +2906,7 @@ declare function TLSA(name: string, usage: number, selector: number, type: numbe
 
 /**
  * TTL sets the TTL for a single record only. This will take precedence
- * over the domain's [DefaultTTL](../domain/DefaultTTL.md) if supplied.
+ * over the domain's [DefaultTTL](../domain-modifiers/DefaultTTL.md) if supplied.
  *
  * The value can be:
  *
@@ -3010,7 +3010,7 @@ declare function TTL(ttl: Duration): RecordModifier;
  *
  * #### How can you tell if a provider will support a particular `TXT()` record?
  *
- * Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
+ * Include the `TXT()` record in a [`D()`](../top-level-functions/D.md) as usual, along
  * with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
  * see if any errors are produced.  The check command does not talk to
  * the provider's API, thus permitting you to do this without having an
diff --git a/commands/types/fetch.d.ts b/commands/types/fetch.d.ts
index bf34ddab7a..11dff1a277 100644
--- a/commands/types/fetch.d.ts
+++ b/commands/types/fetch.d.ts
@@ -1,5 +1,5 @@
 /**
- * @dnscontrol-auto-doc-comment functions/global/FETCH.md
+ * @dnscontrol-auto-doc-comment language-reference/top-level-functions/FETCH.md
  */
 declare function FETCH(
     url: string,
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index abb634f693..5c704ded34 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -13,86 +13,85 @@
 
 * [JavaScript DSL](js.md)
 * Top Level Functions
-  * [D](functions/global/D.md)
-  * [DEFAULTS](functions/global/DEFAULTS.md)
-  * [DOMAIN_ELSEWHERE](functions/global/DOMAIN_ELSEWHERE.md)
-  * [DOMAIN_ELSEWHERE_AUTO](functions/global/DOMAIN_ELSEWHERE_AUTO.md)
-  * [D_EXTEND](functions/global/D_EXTEND.md)
-  * [FETCH](functions/global/FETCH.md)
-  * [IP](functions/global/IP.md)
-  * [NewDnsProvider](functions/global/NewDnsProvider.md)
-  * [NewRegistrar](functions/global/NewRegistrar.md)
-  * [PANIC](functions/global/PANIC.md)
-  * [REV](functions/global/REV.md)
-  * [REVCOMPAT](functions/global/REVCOMPAT.md)
-  * [getConfiguredDomains](functions/global/getConfiguredDomains.md)
-  * [require](functions/global/require.md)
-  * [require_glob](functions/global/require_glob.md)
+  * [D](language-reference/top-level-functions/D.md)
+  * [DEFAULTS](language-reference/top-level-functions/DEFAULTS.md)
+  * [DOMAIN_ELSEWHERE](language-reference/top-level-functions/DOMAIN_ELSEWHERE.md)
+  * [DOMAIN_ELSEWHERE_AUTO](language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md)
+  * [D_EXTEND](language-reference/top-level-functions/D_EXTEND.md)
+  * [FETCH](language-reference/top-level-functions/FETCH.md)
+  * [IP](language-reference/top-level-functions/IP.md)
+  * [NewDnsProvider](language-reference/top-level-functions/NewDnsProvider.md)
+  * [NewRegistrar](language-reference/top-level-functions/NewRegistrar.md)
+  * [PANIC](language-reference/top-level-functions/PANIC.md)
+  * [REV](language-reference/top-level-functions/REV.md)
+  * [getConfiguredDomains](language-reference/top-level-functions/getConfiguredDomains.md)
+  * [require](language-reference/top-level-functions/require.md)
+  * [require_glob](language-reference/top-level-functions/require_glob.md)
 * Domain Modifiers
-    * [A](functions/domain/A.md)
-    * [AAAA](functions/domain/AAAA.md)
-    * [ALIAS](functions/domain/ALIAS.md)
-    * [AUTODNSSEC_OFF](functions/domain/AUTODNSSEC_OFF.md)
-    * [AUTODNSSEC_ON](functions/domain/AUTODNSSEC_ON.md)
-    * [CAA](functions/domain/CAA.md)
-    * [CAA_BUILDER](functions/domain/CAA_BUILDER.md)
-    * [CNAME](functions/domain/CNAME.md)
-    * [DHCID](functions/domain/DHCID.md)
-    * [DNAME](functions/domain/DNAME.md)
-    * [DISABLE_IGNORE_SAFETY_CHECK](functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md)
-    * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
-    * [DS](functions/domain/DS.md)
-    * [DefaultTTL](functions/domain/DefaultTTL.md)
-    * [DnsProvider](functions/domain/DnsProvider.md)
-    * [FRAME](functions/domain/FRAME.md)
-    * [IGNORE](functions/domain/IGNORE.md)
-    * [IGNORE_NAME](functions/domain/IGNORE_NAME.md)
-    * [IGNORE_TARGET](functions/domain/IGNORE_TARGET.md)
-    * [IMPORT_TRANSFORM](functions/domain/IMPORT_TRANSFORM.md)
-    * [INCLUDE](functions/domain/INCLUDE.md)
-    * [LOC](functions/domain/LOC.md)
-    * [LOC_BUILDER_DD](functions/domain/LOC_BUILDER_DD.md)
-    * [LOC_BUILDER_DMM_STR](functions/domain/LOC_BUILDER_DMM_STR.md)
-    * [LOC_BUILDER_DMS_STR](functions/domain/LOC_BUILDER_DMS_STR.md)
-    * [LOC_BUILDER_STR](functions/domain/LOC_BUILDER_STR.md)
-    * [M365_BUILDER](functions/domain/M365_BUILDER.md)
-    * [MX](functions/domain/MX.md)
-    * [NAMESERVER](functions/domain/NAMESERVER.md)
-    * [NAMESERVER_TTL](functions/domain/NAMESERVER_TTL.md)
-    * [NAPTR](functions/domain/NAPTR.md)
-    * [NO_PURGE](functions/domain/NO_PURGE.md)
-    * [NS](functions/domain/NS.md)
-    * [PTR](functions/domain/PTR.md)
-    * [PURGE](functions/domain/PURGE.md)
-    * [SOA](functions/domain/SOA.md)
-    * [SPF_BUILDER](functions/domain/SPF_BUILDER.md)
-    * [SRV](functions/domain/SRV.md)
-    * [SSHFP](functions/domain/SSHFP.md)
-    * [TLSA](functions/domain/TLSA.md)
-    * [TXT](functions/domain/TXT.md)
-    * [URL](functions/domain/URL.md)
-    * [URL301](functions/domain/URL301.md)
+    * [A](language-reference/domain-modifiers/A.md)
+    * [AAAA](language-reference/domain-modifiers/AAAA.md)
+    * [ALIAS](language-reference/domain-modifiers/ALIAS.md)
+    * [AUTODNSSEC_OFF](language-reference/domain-modifiers/AUTODNSSEC_OFF.md)
+    * [AUTODNSSEC_ON](language-reference/domain-modifiers/AUTODNSSEC_ON.md)
+    * [CAA](language-reference/domain-modifiers/CAA.md)
+    * [CAA_BUILDER](language-reference/domain-modifiers/CAA_BUILDER.md)
+    * [CNAME](language-reference/domain-modifiers/CNAME.md)
+    * [DHCID](language-reference/domain-modifiers/DHCID.md)
+    * [DNAME](language-reference/domain-modifiers/DNAME.md)
+    * [DISABLE_IGNORE_SAFETY_CHECK](language-reference/domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md)
+    * [DMARC_BUILDER](language-reference/domain-modifiers/DMARC_BUILDER.md)
+    * [DS](language-reference/domain-modifiers/DS.md)
+    * [DefaultTTL](language-reference/domain-modifiers/DefaultTTL.md)
+    * [DnsProvider](language-reference/domain-modifiers/DnsProvider.md)
+    * [FRAME](language-reference/domain-modifiers/FRAME.md)
+    * [IGNORE](language-reference/domain-modifiers/IGNORE.md)
+    * [IGNORE_NAME](language-reference/domain-modifiers/IGNORE_NAME.md)
+    * [IGNORE_TARGET](language-reference/domain-modifiers/IGNORE_TARGET.md)
+    * [IMPORT_TRANSFORM](language-reference/domain-modifiers/IMPORT_TRANSFORM.md)
+    * [INCLUDE](language-reference/domain-modifiers/INCLUDE.md)
+    * [LOC](language-reference/domain-modifiers/LOC.md)
+    * [LOC_BUILDER_DD](language-reference/domain-modifiers/LOC_BUILDER_DD.md)
+    * [LOC_BUILDER_DMM_STR](language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md)
+    * [LOC_BUILDER_DMS_STR](language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md)
+    * [LOC_BUILDER_STR](language-reference/domain-modifiers/LOC_BUILDER_STR.md)
+    * [M365_BUILDER](language-reference/domain-modifiers/M365_BUILDER.md)
+    * [MX](language-reference/domain-modifiers/MX.md)
+    * [NAMESERVER](language-reference/domain-modifiers/NAMESERVER.md)
+    * [NAMESERVER_TTL](language-reference/domain-modifiers/NAMESERVER_TTL.md)
+    * [NAPTR](language-reference/domain-modifiers/NAPTR.md)
+    * [NO_PURGE](language-reference/domain-modifiers/NO_PURGE.md)
+    * [NS](language-reference/domain-modifiers/NS.md)
+    * [PTR](language-reference/domain-modifiers/PTR.md)
+    * [PURGE](language-reference/domain-modifiers/PURGE.md)
+    * [SOA](language-reference/domain-modifiers/SOA.md)
+    * [SPF_BUILDER](language-reference/domain-modifiers/SPF_BUILDER.md)
+    * [SRV](language-reference/domain-modifiers/SRV.md)
+    * [SSHFP](language-reference/domain-modifiers/SSHFP.md)
+    * [TLSA](language-reference/domain-modifiers/TLSA.md)
+    * [TXT](language-reference/domain-modifiers/TXT.md)
+    * [URL](language-reference/domain-modifiers/URL.md)
+    * [URL301](language-reference/domain-modifiers/URL301.md)
     * Service Provider specific
         * Akamai Edge Dns
-            * [AKAMAICDN](functions/domain/AKAMAICDN.md)
+            * [AKAMAICDN](language-reference/domain-modifiers/AKAMAICDN.md)
         * Amazon Route 53
-            * [R53_ALIAS](functions/domain/R53_ALIAS.md)
+            * [R53_ALIAS](language-reference/domain-modifiers/R53_ALIAS.md)
         * Azure DNS
-            * [AZURE_ALIAS](functions/domain/AZURE_ALIAS.md)
+            * [AZURE_ALIAS](language-reference/domain-modifiers/AZURE_ALIAS.md)
         * Cloudflare DNS
-            * [CF_REDIRECT](functions/domain/CF_REDIRECT.md)
-            * [CF_TEMP_REDIRECT](functions/domain/CF_TEMP_REDIRECT.md)
-            * [CF_WORKER_ROUTE](functions/domain/CF_WORKER_ROUTE.md)
+            * [CF_REDIRECT](language-reference/domain-modifiers/CF_REDIRECT.md)
+            * [CF_TEMP_REDIRECT](language-reference/domain-modifiers/CF_TEMP_REDIRECT.md)
+            * [CF_WORKER_ROUTE](language-reference/domain-modifiers/CF_WORKER_ROUTE.md)
         * ClouDNS
-            * [CLOUDNS_WR](functions/domain/CLOUDNS_WR.md)
+            * [CLOUDNS_WR](language-reference/domain-modifiers/CLOUDNS_WR.md)
         * NS1
-            * [NS1_URLFWD](functions/domain/NS1_URLFWD.md)
+            * [NS1_URLFWD](language-reference/domain-modifiers/NS1_URLFWD.md)
 * Record Modifiers
-    * [TTL](functions/record/TTL.md)
+    * [TTL](language-reference/record-modifiers/TTL.md)
     * Service Provider specific
         * Amazon Route 53
-            * [R53_ZONE](functions/record/R53_ZONE.md)
-            * [R53_EVALUATE_TARGET_HEALTH](functions/record/R53\_EVALUATE\_TARGET\_HEALTH.md)
+            * [R53_ZONE](language-reference/record-modifiers/R53_ZONE.md)
+            * [R53_EVALUATE_TARGET_HEALTH](language-reference/record-modifiers/R53\_EVALUATE\_TARGET\_HEALTH.md)
 * [Why CNAME/MX/NS targets require a "dot"](why-the-dot.md)
 
 ## Service Providers
diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index c55730bb3d..b3677eb7d6 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -79,9 +79,9 @@ popd
     func matrixData() *FeatureMatrix {
         const (
             ...
-            DomainModifierCaa    = "[`CAA`](functions/domain/CAA.md)"
-    +       DomainModifierFoo    = "[`FOO`](functions/domain/FOO.md)"
-            DomainModifierLoc    = "[`LOC`](functions/domain/LOC.md)"
+            DomainModifierCaa    = "[`CAA`](language-reference/domain-modifiers/CAA.md)"
+    +       DomainModifierFoo    = "[`FOO`](language-reference/domain-modifiers/FOO.md)"
+            DomainModifierLoc    = "[`LOC`](language-reference/domain-modifiers/LOC.md)"
             ...
         )
         matrix := &FeatureMatrix{
@@ -153,7 +153,7 @@ example we removed `providers.CanUseCAA` from the
 
 Add a function to `pkg/js/helpers.js` for the new record type. This
 is the JavaScript file that defines `dnsconfig.js`'s functions like
-[`A()`](functions/domain/A.md) and [`MX()`](functions/domain/MX.md). Look at the definition of `A`, `MX` and `CAA` for good
+[`A()`](language-reference/domain-modifiers/A.md) and [`MX()`](language-reference/domain-modifiers/MX.md). Look at the definition of `A`, `MX` and `CAA` for good
 examples to use as a base.
 
 Please add the function alphabetically with the others. Also, please run
@@ -292,7 +292,7 @@ tests, please ask!
 
 ## Step 8: Write documentation
 
-Add a new Markdown file to `documentation/functions/domain`. Copy an existing file (`CNAME.md` is a good example). The section between the lines of `---` is called the front matter and it has the following keys:
+Add a new Markdown file to `documentation/language-reference/domain-modifiers`. Copy an existing file (`CNAME.md` is a good example). The section between the lines of `---` is called the front matter and it has the following keys:
 
 -   `name`: The name of the record. This should match the file name and the name of the record in `helpers.js`.
 -   `parameters`: A list of parameter names, in order. Feel free to use spaces in the name if necessary. Your last parameter should be `modifiers...` to allow arbitrary modifiers like `TTL` to be applied to your record.
@@ -307,24 +307,24 @@ Add the new file `FOO.md` to the documentation table of contents [`documentation
 ...
 * Domain Modifiers
 ...
-    * [DnsProvider](functions/domain/DnsProvider.md)
-+   * [FOO](functions/domain/FOO.md)
-    * [FRAME](functions/domain/FRAME.md)
+    * [DnsProvider](language-reference/domain-modifiers/DnsProvider.md)
++   * [FOO](language-reference/domain-modifiers/FOO.md)
+    * [FRAME](language-reference/domain-modifiers/FRAME.md)
 ...
     * Service Provider specific
 ...
         * ClouDNS
-            * [CLOUDNS_WR](functions/domain/CLOUDNS_WR.md)
+            * [CLOUDNS_WR](language-reference/domain-modifiers/CLOUDNS_WR.md)
 +       * ASDF
-+           * [ASDF_NINJA](function/domain/ASDF_NINJA.md)
++           * [ASDF_NINJA](language-reference/domain-modifiers/ASDF_NINJA.md)
         * NS1
-            * [NS1_URLFWD](functions/domain/NS1_URLFWD.md)
+            * [NS1_URLFWD](language-reference/domain-modifiers/NS1_URLFWD.md)
 ...
 * Record Modifiers
 ...
-    * [DMARC_BUILDER](functions/domain/DMARC_BUILDER.md)
-+   * [FOO_HELPER](functions/record/FOO_HELPER.md)
-    * [SPF_BUILDER](functions/domain/SPF_BUILDER.md)
+    * [DMARC_BUILDER](language-reference/domain-modifiers/DMARC_BUILDER.md)
++   * [FOO_HELPER](language-reference/record-modifiers/FOO_HELPER.md)
+    * [SPF_BUILDER](language-reference/domain-modifiers/SPF_BUILDER.md)
 ...
 ```
 {% endcode %}
diff --git a/documentation/code-tricks.md b/documentation/code-tricks.md
index c77a4ab5f5..6700866fb6 100644
--- a/documentation/code-tricks.md
+++ b/documentation/code-tricks.md
@@ -4,10 +4,10 @@ Problem: It is difficult to get CAA and other records exactly right.
 
 Solution: Use a "builder" to construct it for you.
 
-* [CAA Builder](functions/domain/CAA_BUILDER.md)
-* [DMARC Builder](functions/domain/DMARC_BUILDER.md)
-* [M365_BUILDER](functions/domain/M365_BUILDER.md)
-* [SPF Optimizer](functions/domain/SPF_BUILDER.md)
+* [CAA Builder](language-reference/domain-modifiers/CAA_BUILDER.md)
+* [DMARC Builder](language-reference/domain-modifiers/DMARC_BUILDER.md)
+* [M365_BUILDER](language-reference/domain-modifiers/M365_BUILDER.md)
+* [SPF Optimizer](language-reference/domain-modifiers/SPF_BUILDER.md)
 
 # Trailing commas
 
@@ -21,7 +21,7 @@ Because the DNSControl JavaScript DSL has no trailing commas, you can use the `E
 **NOTE**: `END` is just an alias for `{}`, which is ignored by DNSControl.
 {% endhint %}
 
-Let's take an example with domain: `example.com`. We have recorded the [A-record](functions/domain/A.md) 'foo' configured.
+Let's take an example with domain: `example.com`. We have recorded the [A-record](language-reference/domain-modifiers/A.md) 'foo' configured.
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -31,7 +31,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 ```
 {% endcode %}
 
-Let's say we want to add an [A record](functions/domain/A.md) 'bar' to this domain.
+Let's say we want to add an [A record](language-reference/domain-modifiers/A.md) 'bar' to this domain.
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -221,5 +221,5 @@ domain exists, who requested it, any associated ticket numbers, and so
 on.
 
 We also comment the individual parts of a record. Look at the [SPF
-Optimizer](functions/domain/SPF_BUILDER.md) example.  Each part of
+Optimizer](language-reference/domain-modifiers/SPF_BUILDER.md) example.  Each part of
 the SPF record has a comment.
diff --git a/documentation/examples.md b/documentation/examples.md
index b2f1db50b7..eb068fb3a1 100644
--- a/documentation/examples.md
+++ b/documentation/examples.md
@@ -51,7 +51,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
 {% endcode %}
 
 {% hint style="info" %}
-**NOTE**: The [`IP()`](functions/global/IP.md) function doesn't currently support IPv6 (PRs welcome!).  IPv6 addresses are strings.
+**NOTE**: The [`IP()`](language-reference/top-level-functions/IP.md) function doesn't currently support IPv6 (PRs welcome!).  IPv6 addresses are strings.
 {% endhint %}
 {% code title="dnsconfig.js" %}
 ```javascript
diff --git a/documentation/functions/record/R53_ZONE.md b/documentation/functions/record/R53_ZONE.md
deleted file mode 100644
index 8fa6a09aaa..0000000000
--- a/documentation/functions/record/R53_ZONE.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-name: R53_ZONE
-parameters:
-  - zone_id
-parameter_types:
-  zone_id: string
-ts_return: DomainModifier & RecordModifier
-provider: ROUTE53
----
-
-`R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../global/D.md)) or a specific [`R53_ALIAS()`](../domain/R53_ALIAS.md) record.
-
-When used with [`D()`](../global/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
-
-When used with [`R53_ALIAS()`](../domain/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain/R53_ALIAS.md) documentation for details.
diff --git a/documentation/index.md b/documentation/index.md
index 4f785a531e..44b773ba91 100644
--- a/documentation/index.md
+++ b/documentation/index.md
@@ -18,7 +18,7 @@ Take advantage of the advanced features. Use macros and variables for easier upd
 * Supports 35+ [DNS Providers](providers.md) including [BIND](providers/bind.md), [AWS Route 53](providers/route53.md), [Google DNS](providers/gcloud.md), and [name.com](providers/namedotcom.md).
 * [Apply CI/CD principles](ci-cd-gitlab.md) to DNS: Unit-tests, system-tests, automated deployment.
 * All the benefits of Git (or any VCS) for your DNS zone data. View history. Accept PRs.
-* Optimize DNS with [SPF optimizer](functions/domain/SPF_BUILDER.md). Detect too many lookups. Flatten includes.
+* Optimize DNS with [SPF optimizer](language-reference/domain-modifiers/SPF_BUILDER.md). Detect too many lookups. Flatten includes.
 * Runs on Linux, Windows, Mac, or any operating system supported by Go.
 * Enable/disable Cloudflare proxying (the "orange cloud" button) directly from your DNSControl files.
 * [Assign an IP address to a constant](examples.md#variables-for-common-ip-addresses) and use the variable name throughout the configuration. Need to change the IP address globally? Just change the variable and "recompile".
diff --git a/documentation/functions/domain/A.md b/documentation/language-reference/domain-modifiers/A.md
similarity index 93%
rename from documentation/functions/domain/A.md
rename to documentation/language-reference/domain-modifiers/A.md
index 8c1dbd1f3d..c24c0d6342 100644
--- a/documentation/functions/domain/A.md
+++ b/documentation/language-reference/domain-modifiers/A.md
@@ -12,7 +12,7 @@ parameter_types:
 
 A adds an A record To a domain. The name should be the relative label for the record. Use `@` for the domain apex.
 
-The address should be an ip address, either a string, or a numeric value obtained via [IP](../global/IP.md).
+The address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
 
 Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
 
diff --git a/documentation/functions/domain/AAAA.md b/documentation/language-reference/domain-modifiers/AAAA.md
similarity index 100%
rename from documentation/functions/domain/AAAA.md
rename to documentation/language-reference/domain-modifiers/AAAA.md
diff --git a/documentation/functions/domain/AKAMAICDN.md b/documentation/language-reference/domain-modifiers/AKAMAICDN.md
similarity index 100%
rename from documentation/functions/domain/AKAMAICDN.md
rename to documentation/language-reference/domain-modifiers/AKAMAICDN.md
diff --git a/documentation/functions/domain/ALIAS.md b/documentation/language-reference/domain-modifiers/ALIAS.md
similarity index 100%
rename from documentation/functions/domain/ALIAS.md
rename to documentation/language-reference/domain-modifiers/ALIAS.md
diff --git a/documentation/functions/domain/AUTODNSSEC_OFF.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md
similarity index 100%
rename from documentation/functions/domain/AUTODNSSEC_OFF.md
rename to documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md
diff --git a/documentation/functions/domain/AUTODNSSEC_ON.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
similarity index 100%
rename from documentation/functions/domain/AUTODNSSEC_ON.md
rename to documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
diff --git a/documentation/functions/domain/AZURE_ALIAS.md b/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
similarity index 100%
rename from documentation/functions/domain/AZURE_ALIAS.md
rename to documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
diff --git a/documentation/functions/domain/CAA.md b/documentation/language-reference/domain-modifiers/CAA.md
similarity index 100%
rename from documentation/functions/domain/CAA.md
rename to documentation/language-reference/domain-modifiers/CAA.md
diff --git a/documentation/functions/domain/CAA_BUILDER.md b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
similarity index 95%
rename from documentation/functions/domain/CAA_BUILDER.md
rename to documentation/language-reference/domain-modifiers/CAA_BUILDER.md
index d3f9280389..dd1c9274d6 100644
--- a/documentation/functions/domain/CAA_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
@@ -20,7 +20,7 @@ parameter_types:
 ---
 
 DNSControl contains a `CAA_BUILDER` which can be used to simply create
-[`CAA()`](../domain/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain/CAA.md) record
+[`CAA()`](../domain-modifiers/CAA.md) records for your domains. Instead of creating each [`CAA()`](../domain-modifiers/CAA.md) record
 individually, you can simply configure your report mail address, the
 authorized certificate authorities and the builder cares about the rest.
 
diff --git a/documentation/functions/domain/CF_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
similarity index 100%
rename from documentation/functions/domain/CF_REDIRECT.md
rename to documentation/language-reference/domain-modifiers/CF_REDIRECT.md
diff --git a/documentation/functions/domain/CF_TEMP_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
similarity index 100%
rename from documentation/functions/domain/CF_TEMP_REDIRECT.md
rename to documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
diff --git a/documentation/functions/domain/CF_WORKER_ROUTE.md b/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
similarity index 100%
rename from documentation/functions/domain/CF_WORKER_ROUTE.md
rename to documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
diff --git a/documentation/functions/domain/CLOUDNS_WR.md b/documentation/language-reference/domain-modifiers/CLOUDNS_WR.md
similarity index 100%
rename from documentation/functions/domain/CLOUDNS_WR.md
rename to documentation/language-reference/domain-modifiers/CLOUDNS_WR.md
diff --git a/documentation/functions/domain/CNAME.md b/documentation/language-reference/domain-modifiers/CNAME.md
similarity index 100%
rename from documentation/functions/domain/CNAME.md
rename to documentation/language-reference/domain-modifiers/CNAME.md
diff --git a/documentation/functions/domain/DHCID.md b/documentation/language-reference/domain-modifiers/DHCID.md
similarity index 100%
rename from documentation/functions/domain/DHCID.md
rename to documentation/language-reference/domain-modifiers/DHCID.md
diff --git a/documentation/functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md b/documentation/language-reference/domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md
similarity index 88%
rename from documentation/functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md
rename to documentation/language-reference/domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md
index 4954b6b153..ecb77dff3d 100644
--- a/documentation/functions/domain/DISABLE_IGNORE_SAFETY_CHECK.md
+++ b/documentation/language-reference/domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md
@@ -9,7 +9,7 @@ safety check for the entire domain.
 It replaces the per-record `IGNORE_NAME_DISABLE_SAFETY_CHECK()` which is
 deprecated as of DNSControl v4.0.0.0.
 
-See [`IGNORE()`](../domain/IGNORE.md) for more information.
+See [`IGNORE()`](../domain-modifiers/IGNORE.md) for more information.
 
 ## Syntax
 
diff --git a/documentation/functions/domain/DMARC_BUILDER.md b/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
similarity index 100%
rename from documentation/functions/domain/DMARC_BUILDER.md
rename to documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
diff --git a/documentation/functions/domain/DNAME.md b/documentation/language-reference/domain-modifiers/DNAME.md
similarity index 100%
rename from documentation/functions/domain/DNAME.md
rename to documentation/language-reference/domain-modifiers/DNAME.md
diff --git a/documentation/functions/domain/DS.md b/documentation/language-reference/domain-modifiers/DS.md
similarity index 100%
rename from documentation/functions/domain/DS.md
rename to documentation/language-reference/domain-modifiers/DS.md
diff --git a/documentation/functions/domain/DefaultTTL.md b/documentation/language-reference/domain-modifiers/DefaultTTL.md
similarity index 60%
rename from documentation/functions/domain/DefaultTTL.md
rename to documentation/language-reference/domain-modifiers/DefaultTTL.md
index 7df9b7b3a7..bc8516f5e7 100644
--- a/documentation/functions/domain/DefaultTTL.md
+++ b/documentation/language-reference/domain-modifiers/DefaultTTL.md
@@ -6,10 +6,10 @@ parameter_types:
   ttl: Duration
 ---
 
-DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
-the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../global/DEFAULTS.md) to override the internal defaults.
+DefaultTTL sets the TTL for all subsequent records following it in a domain that do not explicitly set one with [`TTL`](../record-modifiers/TTL.md). If neither `DefaultTTL` or `TTL` exist for a record,
+the record will inherit the DNSControl global internal default of 300 seconds. See also [`DEFAULTS`](../top-level-functions/DEFAULTS.md) to override the internal defaults.
 
-NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain/NAMESERVER_TTL.md) to set a default TTL for all NS records.
+NS records are currently a special case, and do not inherit from `DefaultTTL`. See [`NAMESERVER_TTL`](../domain-modifiers/NAMESERVER_TTL.md) to set a default TTL for all NS records.
 
 
 {% code title="dnsconfig.js" %}
@@ -22,5 +22,5 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 ```
 {% endcode %}
 
-The DefaultTTL duration is the same format as [`TTL`](../record/TTL.md), an integer number of seconds
+The DefaultTTL duration is the same format as [`TTL`](../record-modifiers/TTL.md), an integer number of seconds
 or a string with a unit such as `"4d"`.
diff --git a/documentation/functions/domain/DnsProvider.md b/documentation/language-reference/domain-modifiers/DnsProvider.md
similarity index 94%
rename from documentation/functions/domain/DnsProvider.md
rename to documentation/language-reference/domain-modifiers/DnsProvider.md
index ccefe44b88..075d12b0df 100644
--- a/documentation/functions/domain/DnsProvider.md
+++ b/documentation/language-reference/domain-modifiers/DnsProvider.md
@@ -9,7 +9,7 @@ parameter_types:
 ---
 
 DnsProvider indicates that the specified provider should be used to manage
-records for this domain. The name must match the name used with [NewDnsProvider](../global/NewDnsProvider.md).
+records for this domain. The name must match the name used with [NewDnsProvider](../top-level-functions/NewDnsProvider.md).
 
 The nsCount parameter determines how the nameservers will be managed from this provider.
 
diff --git a/documentation/functions/domain/FRAME.md b/documentation/language-reference/domain-modifiers/FRAME.md
similarity index 100%
rename from documentation/functions/domain/FRAME.md
rename to documentation/language-reference/domain-modifiers/FRAME.md
diff --git a/documentation/functions/domain/IGNORE.md b/documentation/language-reference/domain-modifiers/IGNORE.md
similarity index 98%
rename from documentation/functions/domain/IGNORE.md
rename to documentation/language-reference/domain-modifiers/IGNORE.md
index e840a904c2..3a5322ffde 100644
--- a/documentation/functions/domain/IGNORE.md
+++ b/documentation/language-reference/domain-modifiers/IGNORE.md
@@ -26,11 +26,11 @@ records.
 
 Technically `IGNORE_NAME` is a promise that DNSControl will not modify or
 delete existing records that match particular patterns. It is like
-[`NO_PURGE`](../domain/NO_PURGE.md) that matches only specific records.
+[`NO_PURGE`](../domain-modifiers/NO_PURGE.md) that matches only specific records.
 
 Including a record that is ignored is considered an error and may have
 undefined behavior. This safety check can be disabled using the
-[`DISABLE_IGNORE_SAFETY_CHECK`](../domain/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
+[`DISABLE_IGNORE_SAFETY_CHECK`](../domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md) feature.
 
 ## Syntax
 
@@ -45,7 +45,7 @@ IGNORE(labelSpec):
 {% endcode %}
 
 * `labelSpec` is a glob that matches the DNS label. For example `"foo"` or `"foo*"`.  `"*"` matches all labels, as does the empty string (`""`).
-* `typeSpec` is a comma-separated list of DNS types.  For example `"A"` matches DNS A records, `"A,CNAME"` matches both A and CNAME records. `"*"` matches any DNS type, as does the empty string (`""`).  
+* `typeSpec` is a comma-separated list of DNS types.  For example `"A"` matches DNS A records, `"A,CNAME"` matches both A and CNAME records. `"*"` matches any DNS type, as does the empty string (`""`).
 * `targetSpec` is a glob that matches the DNS target. For example `"foo"` or `"foo*"`.  `"*"` matches all targets, as does the empty string (`""`).
 
 `typeSpec` and `targetSpec` default to `"*"` if they are omitted.
diff --git a/documentation/functions/domain/IGNORE_NAME.md b/documentation/language-reference/domain-modifiers/IGNORE_NAME.md
similarity index 100%
rename from documentation/functions/domain/IGNORE_NAME.md
rename to documentation/language-reference/domain-modifiers/IGNORE_NAME.md
diff --git a/documentation/functions/domain/IGNORE_TARGET.md b/documentation/language-reference/domain-modifiers/IGNORE_TARGET.md
similarity index 100%
rename from documentation/functions/domain/IGNORE_TARGET.md
rename to documentation/language-reference/domain-modifiers/IGNORE_TARGET.md
diff --git a/documentation/functions/domain/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
similarity index 100%
rename from documentation/functions/domain/IMPORT_TRANSFORM.md
rename to documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
diff --git a/documentation/functions/domain/INCLUDE.md b/documentation/language-reference/domain-modifiers/INCLUDE.md
similarity index 100%
rename from documentation/functions/domain/INCLUDE.md
rename to documentation/language-reference/domain-modifiers/INCLUDE.md
diff --git a/documentation/functions/domain/LOC.md b/documentation/language-reference/domain-modifiers/LOC.md
similarity index 100%
rename from documentation/functions/domain/LOC.md
rename to documentation/language-reference/domain-modifiers/LOC.md
diff --git a/documentation/functions/domain/LOC_BUILDER_DD.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
similarity index 100%
rename from documentation/functions/domain/LOC_BUILDER_DD.md
rename to documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
diff --git a/documentation/functions/domain/LOC_BUILDER_DMM_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
similarity index 100%
rename from documentation/functions/domain/LOC_BUILDER_DMM_STR.md
rename to documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
diff --git a/documentation/functions/domain/LOC_BUILDER_DMS_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
similarity index 100%
rename from documentation/functions/domain/LOC_BUILDER_DMS_STR.md
rename to documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
diff --git a/documentation/functions/domain/LOC_BUILDER_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
similarity index 100%
rename from documentation/functions/domain/LOC_BUILDER_STR.md
rename to documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
diff --git a/documentation/functions/domain/M365_BUILDER.md b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
similarity index 100%
rename from documentation/functions/domain/M365_BUILDER.md
rename to documentation/language-reference/domain-modifiers/M365_BUILDER.md
diff --git a/documentation/functions/domain/MX.md b/documentation/language-reference/domain-modifiers/MX.md
similarity index 100%
rename from documentation/functions/domain/MX.md
rename to documentation/language-reference/domain-modifiers/MX.md
diff --git a/documentation/functions/domain/NAMESERVER.md b/documentation/language-reference/domain-modifiers/NAMESERVER.md
similarity index 100%
rename from documentation/functions/domain/NAMESERVER.md
rename to documentation/language-reference/domain-modifiers/NAMESERVER.md
diff --git a/documentation/functions/domain/NAMESERVER_TTL.md b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
similarity index 88%
rename from documentation/functions/domain/NAMESERVER_TTL.md
rename to documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
index f2d40cdb8c..b2d7997b6e 100644
--- a/documentation/functions/domain/NAMESERVER_TTL.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
@@ -10,7 +10,7 @@ parameter_types:
 
 NAMESERVER_TTL sets the TTL on the domain apex NS RRs defined by [`NAMESERVER`](NAMESERVER.md).
 
-The value can be an integer or a string. See [`TTL`](../record/TTL.md) for examples.
+The value can be an integer or a string. See [`TTL`](../record-modifiers/TTL.md) for examples.
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -36,4 +36,4 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 ```
 {% endcode %}
 
-To apply a default TTL to all other record types, see [`DefaultTTL`](../domain/DefaultTTL.md)
+To apply a default TTL to all other record types, see [`DefaultTTL`](../domain-modifiers/DefaultTTL.md)
diff --git a/documentation/functions/domain/NAPTR.md b/documentation/language-reference/domain-modifiers/NAPTR.md
similarity index 100%
rename from documentation/functions/domain/NAPTR.md
rename to documentation/language-reference/domain-modifiers/NAPTR.md
diff --git a/documentation/functions/domain/NO_PURGE.md b/documentation/language-reference/domain-modifiers/NO_PURGE.md
similarity index 100%
rename from documentation/functions/domain/NO_PURGE.md
rename to documentation/language-reference/domain-modifiers/NO_PURGE.md
diff --git a/documentation/functions/domain/NS.md b/documentation/language-reference/domain-modifiers/NS.md
similarity index 100%
rename from documentation/functions/domain/NS.md
rename to documentation/language-reference/domain-modifiers/NS.md
diff --git a/documentation/functions/domain/NS1_URLFWD.md b/documentation/language-reference/domain-modifiers/NS1_URLFWD.md
similarity index 100%
rename from documentation/functions/domain/NS1_URLFWD.md
rename to documentation/language-reference/domain-modifiers/NS1_URLFWD.md
diff --git a/documentation/functions/domain/PTR.md b/documentation/language-reference/domain-modifiers/PTR.md
similarity index 98%
rename from documentation/functions/domain/PTR.md
rename to documentation/language-reference/domain-modifiers/PTR.md
index b6c8862f3d..e8ea94e57a 100644
--- a/documentation/functions/domain/PTR.md
+++ b/documentation/language-reference/domain-modifiers/PTR.md
@@ -53,7 +53,7 @@ are all equivalent:
 * `PTR("4.3", ...`    // Assuming the domain is `2.1.in-addr.arpa`
 
 All magic is RFC2317-aware. We use the first format listed in the
-RFC for both [`REV()`](../global/REV.md) and `PTR()`. The format is
+RFC for both [`REV()`](../top-level-functions/REV.md) and `PTR()`. The format is
 `FIRST/MASK.C.B.A.in-addr.arpa` where `FIRST` is the first IP address
 of the zone, `MASK` is the netmask of the zone (25-31 inclusive),
 and A, B, C are the first 3 octets of the IP address. For example
diff --git a/documentation/functions/domain/PURGE.md b/documentation/language-reference/domain-modifiers/PURGE.md
similarity index 100%
rename from documentation/functions/domain/PURGE.md
rename to documentation/language-reference/domain-modifiers/PURGE.md
diff --git a/documentation/functions/domain/R53_ALIAS.md b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
similarity index 97%
rename from documentation/functions/domain/R53_ALIAS.md
rename to documentation/language-reference/domain-modifiers/R53_ALIAS.md
index d247f4e8b0..c7f4b0d0c0 100644
--- a/documentation/functions/domain/R53_ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
@@ -29,7 +29,7 @@ The Target can be any of:
 * _S3 bucket_ (configured as website): specify the domain name of the Amazon S3 website endpoint in which you configured the bucket (for instance s3-website-us-east-2.amazonaws.com). For the available values refer to the [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
 * _Another Route53 record_: specify the value of the name of another record in the same hosted zone.
 
-For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record/R53_ZONE.md) record modifier.
+For all the target type, excluding 'another record', you have to specify the `Zone ID` of the target. This is done by using the [`R53_ZONE`](../record-modifiers/R53_ZONE.md) record modifier.
 
 The zone id can be found depending on the target type:
 
@@ -39,7 +39,7 @@ The zone id can be found depending on the target type:
 * _S3 bucket_ (configured as website): specify the hosted zone ID for the region that you created the bucket in. You can find it in [the List of regions and hosted Zone IDs](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
 * _Another Route 53 record_: you can either specify the correct zone id or do not specify anything and DNSControl will figure out the right zone id. (Note: Route53 alias can't reference a record in a different zone).
 
-Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
+Target health evaluation can be enabled with the [`R53_EVALUATE_TARGET_HEALTH`](../record-modifiers/R53\_EVALUATE\_TARGET\_HEALTH.md) record modifier.
 
 {% code title="dnsconfig.js" %}
 ```javascript
diff --git a/documentation/functions/domain/SOA.md b/documentation/language-reference/domain-modifiers/SOA.md
similarity index 100%
rename from documentation/functions/domain/SOA.md
rename to documentation/language-reference/domain-modifiers/SOA.md
diff --git a/documentation/functions/domain/SPF_BUILDER.md b/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
similarity index 100%
rename from documentation/functions/domain/SPF_BUILDER.md
rename to documentation/language-reference/domain-modifiers/SPF_BUILDER.md
diff --git a/documentation/functions/domain/SRV.md b/documentation/language-reference/domain-modifiers/SRV.md
similarity index 100%
rename from documentation/functions/domain/SRV.md
rename to documentation/language-reference/domain-modifiers/SRV.md
diff --git a/documentation/functions/domain/SSHFP.md b/documentation/language-reference/domain-modifiers/SSHFP.md
similarity index 100%
rename from documentation/functions/domain/SSHFP.md
rename to documentation/language-reference/domain-modifiers/SSHFP.md
diff --git a/documentation/functions/domain/TLSA.md b/documentation/language-reference/domain-modifiers/TLSA.md
similarity index 100%
rename from documentation/functions/domain/TLSA.md
rename to documentation/language-reference/domain-modifiers/TLSA.md
diff --git a/documentation/functions/domain/TXT.md b/documentation/language-reference/domain-modifiers/TXT.md
similarity index 98%
rename from documentation/functions/domain/TXT.md
rename to documentation/language-reference/domain-modifiers/TXT.md
index 67b18dc5b0..d7ec0969ff 100644
--- a/documentation/functions/domain/TXT.md
+++ b/documentation/language-reference/domain-modifiers/TXT.md
@@ -87,7 +87,7 @@ double quotes, back-ticks, or other chars.
 
 #### How can you tell if a provider will support a particular `TXT()` record?
 
-Include the `TXT()` record in a [`D()`](../global/D.md) as usual, along
+Include the `TXT()` record in a [`D()`](../top-level-functions/D.md) as usual, along
 with the `DnsProvider()` for that provider.  Run `dnscontrol check` to
 see if any errors are produced.  The check command does not talk to
 the provider's API, thus permitting you to do this without having an
diff --git a/documentation/functions/domain/URL.md b/documentation/language-reference/domain-modifiers/URL.md
similarity index 100%
rename from documentation/functions/domain/URL.md
rename to documentation/language-reference/domain-modifiers/URL.md
diff --git a/documentation/functions/domain/URL301.md b/documentation/language-reference/domain-modifiers/URL301.md
similarity index 100%
rename from documentation/functions/domain/URL301.md
rename to documentation/language-reference/domain-modifiers/URL301.md
diff --git a/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md b/documentation/language-reference/record-modifiers/R53_EVALUATE_TARGET_HEALTH.md
similarity index 57%
rename from documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
rename to documentation/language-reference/record-modifiers/R53_EVALUATE_TARGET_HEALTH.md
index 72f3ffedc9..95f28e01a0 100644
--- a/documentation/functions/record/R53_EVALUATE_TARGET_HEALTH.md
+++ b/documentation/language-reference/record-modifiers/R53_EVALUATE_TARGET_HEALTH.md
@@ -8,4 +8,4 @@ ts_return: RecordModifier
 provider: ROUTE53
 ---
 
-`R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
+`R53_EVALUATE_TARGET_HEALTH` lets you enable target health evaluation for a [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record. Omitting `R53_EVALUATE_TARGET_HEALTH()` from `R53_ALIAS()` set the behavior to false.
diff --git a/documentation/language-reference/record-modifiers/R53_ZONE.md b/documentation/language-reference/record-modifiers/R53_ZONE.md
new file mode 100644
index 0000000000..a15387df5e
--- /dev/null
+++ b/documentation/language-reference/record-modifiers/R53_ZONE.md
@@ -0,0 +1,15 @@
+---
+name: R53_ZONE
+parameters:
+  - zone_id
+parameter_types:
+  zone_id: string
+ts_return: DomainModifier & RecordModifier
+provider: ROUTE53
+---
+
+`R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../top-level-functions/D.md)) or a specific [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record.
+
+When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
+
+When used with [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) documentation for details.
diff --git a/documentation/functions/record/TTL.md b/documentation/language-reference/record-modifiers/TTL.md
similarity index 93%
rename from documentation/functions/record/TTL.md
rename to documentation/language-reference/record-modifiers/TTL.md
index e51699bd20..a76806e0be 100644
--- a/documentation/functions/record/TTL.md
+++ b/documentation/language-reference/record-modifiers/TTL.md
@@ -7,7 +7,7 @@ parameter_types:
 ---
 
 TTL sets the TTL for a single record only. This will take precedence
-over the domain's [DefaultTTL](../domain/DefaultTTL.md) if supplied.
+over the domain's [DefaultTTL](../domain-modifiers/DefaultTTL.md) if supplied.
 
 The value can be:
 
diff --git a/documentation/functions/global/D.md b/documentation/language-reference/top-level-functions/D.md
similarity index 94%
rename from documentation/functions/global/D.md
rename to documentation/language-reference/top-level-functions/D.md
index 5df7a190ac..d2d48c84e3 100644
--- a/documentation/functions/global/D.md
+++ b/documentation/language-reference/top-level-functions/D.md
@@ -12,11 +12,11 @@ parameter_types:
 
 `D` adds a new Domain for DNSControl to manage. The first two arguments are required: the domain name (fully qualified `example.com` without a trailing dot), and the
 name of the registrar (as previously declared with [NewRegistrar](NewRegistrar.md)). Any number of additional arguments may be included to add DNS Providers with [DNSProvider](NewDnsProvider.md),
-add records with [A](../domain/A.md), [CNAME](../domain/CNAME.md), and so forth, or add metadata.
+add records with [A](../domain-modifiers/A.md), [CNAME](../domain-modifiers/CNAME.md), and so forth, or add metadata.
 
 Modifier arguments are processed according to type as follows:
 
-- A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers) return such functions.
+- A function argument will be called with the domain object as it's only argument. Most of the [built-in modifier functions](https://docs.dnscontrol.org/language-reference/domain-modifiers-modifiers) return such functions.
 - An object argument will be merged into the domain's metadata collection.
 - An array argument will have all of it's members evaluated recursively. This allows you to combine multiple common records or modifiers into a variable that can
    be used like a macro in multiple domains.
diff --git a/documentation/functions/global/DEFAULTS.md b/documentation/language-reference/top-level-functions/DEFAULTS.md
similarity index 92%
rename from documentation/functions/global/DEFAULTS.md
rename to documentation/language-reference/top-level-functions/DEFAULTS.md
index aac34f6316..c316795816 100644
--- a/documentation/functions/global/DEFAULTS.md
+++ b/documentation/language-reference/top-level-functions/DEFAULTS.md
@@ -11,7 +11,7 @@ arguments passed as if they were the first modifiers in the argument list.
 
 ## Example
 
-We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain/DefaultTTL.md).
+We want to create backup zone files for all domains, but not actually register them. Also create a [`DefaultTTL`](../domain-modifiers/DefaultTTL.md).
 The domain `example.com` will have the defaults set.
 
 {% code title="dnsconfig.js" %}
diff --git a/documentation/functions/global/DOMAIN_ELSEWHERE.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
similarity index 92%
rename from documentation/functions/global/DOMAIN_ELSEWHERE.md
rename to documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
index 2f6d0ed4e5..5c30a1448f 100644
--- a/documentation/functions/global/DOMAIN_ELSEWHERE.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
@@ -40,6 +40,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 {% endcode %}
 
 {% hint style="info" %}
-**NOTE**: The [`NO_PURGE`](../domain/NO_PURGE.md) is used out of abundance of caution but since no
+**NOTE**: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used out of abundance of caution but since no
 `DnsProvider()` statements exist, no updates would be performed.
 {% endhint %}
diff --git a/documentation/functions/global/DOMAIN_ELSEWHERE_AUTO.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
similarity index 92%
rename from documentation/functions/global/DOMAIN_ELSEWHERE_AUTO.md
rename to documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
index 3c11a7756b..74ad034932 100644
--- a/documentation/functions/global/DOMAIN_ELSEWHERE_AUTO.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
@@ -44,5 +44,5 @@ D("example.com", REG_NAMEDOTCOM,
 {% endcode %}
 
 {% hint style="info" %}
-**NOTE**: The [`NO_PURGE`](../domain/NO_PURGE.md) is used to prevent DNSControl from changing the records.
+**NOTE**: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used to prevent DNSControl from changing the records.
 {% endhint %}
diff --git a/documentation/functions/global/D_EXTEND.md b/documentation/language-reference/top-level-functions/D_EXTEND.md
similarity index 96%
rename from documentation/functions/global/D_EXTEND.md
rename to documentation/language-reference/top-level-functions/D_EXTEND.md
index 1e4f5e8fab..21f596c77a 100644
--- a/documentation/functions/global/D_EXTEND.md
+++ b/documentation/language-reference/top-level-functions/D_EXTEND.md
@@ -29,7 +29,7 @@ defined as separate domains via separate [`D()`](D.md) statements, then
 not `domain.tld`.
 
 Some operators only act on an apex domain (e.g.
-[`CF_REDIRECT`](../domain/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain/CF_TEMP_REDIRECT.md)). Using them
+[`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
 in a `D_EXTEND` subdomain may not be what you expect.
 
 {% code title="dnsconfig.js" %}
diff --git a/documentation/functions/global/FETCH.md b/documentation/language-reference/top-level-functions/FETCH.md
similarity index 100%
rename from documentation/functions/global/FETCH.md
rename to documentation/language-reference/top-level-functions/FETCH.md
diff --git a/documentation/functions/global/IP.md b/documentation/language-reference/top-level-functions/IP.md
similarity index 100%
rename from documentation/functions/global/IP.md
rename to documentation/language-reference/top-level-functions/IP.md
diff --git a/documentation/functions/global/NewDnsProvider.md b/documentation/language-reference/top-level-functions/NewDnsProvider.md
similarity index 100%
rename from documentation/functions/global/NewDnsProvider.md
rename to documentation/language-reference/top-level-functions/NewDnsProvider.md
diff --git a/documentation/functions/global/NewRegistrar.md b/documentation/language-reference/top-level-functions/NewRegistrar.md
similarity index 100%
rename from documentation/functions/global/NewRegistrar.md
rename to documentation/language-reference/top-level-functions/NewRegistrar.md
diff --git a/documentation/functions/global/PANIC.md b/documentation/language-reference/top-level-functions/PANIC.md
similarity index 100%
rename from documentation/functions/global/PANIC.md
rename to documentation/language-reference/top-level-functions/PANIC.md
diff --git a/documentation/functions/global/REV.md b/documentation/language-reference/top-level-functions/REV.md
similarity index 100%
rename from documentation/functions/global/REV.md
rename to documentation/language-reference/top-level-functions/REV.md
diff --git a/documentation/functions/global/REVCOMPAT.md b/documentation/language-reference/top-level-functions/REVCOMPAT.md
similarity index 100%
rename from documentation/functions/global/REVCOMPAT.md
rename to documentation/language-reference/top-level-functions/REVCOMPAT.md
diff --git a/documentation/functions/global/getConfiguredDomains.md b/documentation/language-reference/top-level-functions/getConfiguredDomains.md
similarity index 100%
rename from documentation/functions/global/getConfiguredDomains.md
rename to documentation/language-reference/top-level-functions/getConfiguredDomains.md
diff --git a/documentation/functions/global/require.md b/documentation/language-reference/top-level-functions/require.md
similarity index 100%
rename from documentation/functions/global/require.md
rename to documentation/language-reference/top-level-functions/require.md
diff --git a/documentation/functions/global/require_glob.md b/documentation/language-reference/top-level-functions/require_glob.md
similarity index 100%
rename from documentation/functions/global/require_glob.md
rename to documentation/language-reference/top-level-functions/require_glob.md
diff --git a/documentation/notifications.md b/documentation/notifications.md
index efd2743695..6b27bde837 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -28,7 +28,7 @@ Notifications are set up in your credentials JSON file. They will use the `notif
 
 If you want to send a notification, add the `--notify` flag to the `dnscontrol preview` or `dnscontrol push` commands.
 
-Below is an example where we add [the A record](functions/domain/A.md) `foo` and display the notification output.
+Below is an example where we add [the A record](language-reference/domain-modifiers/A.md) `foo` and display the notification output.
 
 {% code title="dnsconfig.js" %}
 ```diff
diff --git a/documentation/providers.md b/documentation/providers.md
index b3ef72fff8..153ed07303 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,8 +12,8 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](functions/domain/ALIAS.md) | [`CAA`](functions/domain/CAA.md) | [`AUTODNSSEC`](functions/domain/AUTODNSSEC_ON.md) | [`LOC`](functions/domain/LOC.md) | [`NAPTR`](functions/domain/NAPTR.md) | [`PTR`](functions/domain/PTR.md) | [`SOA`](functions/domain/SOA.md) | [`SRV`](functions/domain/SRV.md) | [`SSHFP`](functions/domain/SSHFP.md) | [`TLSA`](functions/domain/TLSA.md) | [`DS`](functions/domain/DS.md) | [`DHCID`](functions/domain/DHCID.md) | [`DNAME`](functions/domain/DNAME.md) | dual host | create-domains | get-zones |
-| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------ | -------------------------------- | ------------------------------------------------- | -------------------------------- | ------------------------------------ | -------------------------------- | -------------------------------- | -------------------------------- | ------------------------------------ | ---------------------------------- | ------------------------------ | ------------------------------------ | ------------------------------------ | --------- | -------------- | --------- |
+| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------- | -------------- | --------- |
 | [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❌ | ❌ | ❌ |
diff --git a/documentation/providers/route53.md b/documentation/providers/route53.md
index 7f1402c1da..23bd5fa95c 100644
--- a/documentation/providers/route53.md
+++ b/documentation/providers/route53.md
@@ -80,10 +80,10 @@ D("example.com", REG_NONE, DnsProvider(DSP_R53),
 
 ## Split horizon
 
-This provider supports split horizons using the [`R53_ZONE()`](../functions/record/R53_ZONE.md) domain function.
+This provider supports split horizons using the [`R53_ZONE()`](../language-reference/record-modifiers/R53_ZONE.md) domain function.
 
 In this example the domain `testzone.net` appears in the same account twice,
-each with different zone IDs specified using [`R53_ZONE()`](../functions/record/R53_ZONE.md).
+each with different zone IDs specified using [`R53_ZONE()`](../language-reference/record-modifiers/R53_ZONE.md).
 
 {% code title="dnsconfig.js" %}
 ```javascript
diff --git a/documentation/providers/transip.md b/documentation/providers/transip.md
index a05e10e9c6..5dbfe22b90 100644
--- a/documentation/providers/transip.md
+++ b/documentation/providers/transip.md
@@ -64,7 +64,7 @@ TransIP depends on a TransIP personal access token.
 
 > "When multiple or none of the current DNS entries matches, the response will be an error with http status code 406." — _[TransIP - REST API - Update single DNS entry](https://api.transip.nl/rest/docs.html#domains-dns-patch)_
 
-This makes it not possible, for example, to update a [`CAA()`](../functions/domain/CAA.md) record in one update. Instead, the old DNS entry is deleted and the replacement is added. You'll see `[1/2]` and `[2/2]` in the DNSControl output whenever this happens.
+This makes it not possible, for example, to update a [`CAA()`](../language-reference/domain-modifiers/CAA.md) record in one update. Instead, the old DNS entry is deleted and the replacement is added. You'll see `[1/2]` and `[2/2]` in the DNSControl output whenever this happens.
 
 ### Example with a `CAA_BUILDER()`
 
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index aff60131f0..3b523d2e55 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -23,7 +23,7 @@ Within the git repo, docs are grouped:
 
 * [`documentation/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation): general docs
 * [`documentation/providers/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/providers/): One file per provider
-* [`documentation/functions/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/functions/): One file per `dnsconfig.js` language feature
+* [`documentation/language-reference/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/language-reference/): One file per `dnsconfig.js` language feature
 * [`documentation/assets/FOO/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/assets/): Images for page FOO(PNGs only, please!)
 
 ## How to add a new page?
@@ -33,10 +33,10 @@ Within the git repo, docs are grouped:
 
 ## Top-of-Document parameters
 
-Files in the `documentation/functions/{record,domain,global}` subdirectories
+Files in the `documentation/language-reference/{record,domain,global}` subdirectories
 have a header at the top that is used to populate other systems.
 
-Here's an example from [`A`](functions/domain/A.md)
+Here's an example from [`A`](language-reference/domain-modifiers/A.md)
 
 ```
 ---
@@ -193,7 +193,7 @@ However, the first mention on a page should always
 be a link.  Others are at the authors digression.
 
 ```markdown
-The [`PTR`](functions/domain/PTR.md) feature is helpful in LANs.
+The [`PTR`](language-reference/domain-modifiers/PTR.md) feature is helpful in LANs.
 ```
 
 #### Mentioning functions from the Source code
@@ -207,7 +207,7 @@ The function `GetRegistrarCorrections()` returns...
 #### Internal links
 
 ```markdown
-Blah blah blah [M365_BUILDER](functions/domain/M365_BUILDER.md)
+Blah blah blah [M365_BUILDER](language-reference/domain-modifiers/M365_BUILDER.md)
 ```
 
 {% hint style="info" %}
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index c273cc8fed..425bf012ee 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -10,7 +10,7 @@ assigned bugs related to the provider in the future (unless
 you designate someone else as the maintainer). More details
 [here](providers.md).
 
-Please follow the [DNSControl Code Style Guide](https://docs.dnscontrol.org/developer-info/styleguide-code) and the [DNSControl Documentation Style Guide](https://docs.dnscontrol.org/developer-info/styleguide-doc).
+Please follow the [DNSControl Code Style Guide](styleguide-code.md) and the [DNSControl Documentation Style Guide](styleguide-doc.md).
 
 ## Overview
 
diff --git a/pkg/js/parse_tests/030-dextenddoc.js b/pkg/js/parse_tests/030-dextenddoc.js
index 64e4ca06f1..56f43e4cd6 100644
--- a/pkg/js/parse_tests/030-dextenddoc.js
+++ b/pkg/js/parse_tests/030-dextenddoc.js
@@ -1,7 +1,7 @@
 var REG = NewRegistrar("Third-Party", "NONE");
 var DNS = NewDnsProvider("Cloudflare", "CLOUDFLAREAPI");
 
-// The example from docs/functions/global/D_EXTEND.md
+// The example from documentation/language-reference/top-level-functions/D_EXTEND.md
 
 D("domain.tld", REG, DnsProvider(DNS),
   A("@", "127.0.0.1"), // domain.tld

From 6cbfb57ab76350934037c360b088d0592a5df017 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luka=20Kladari=C4=87?= <allixsenos@gmail.com>
Date: Wed, 10 Apr 2024 15:08:56 +0200
Subject: [PATCH 229/438] DOCS: Disabling colors via environment variable
 (#2907)

---
 documentation/colors.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/documentation/colors.md b/documentation/colors.md
index 2247329c90..4daafdb5dd 100644
--- a/documentation/colors.md
+++ b/documentation/colors.md
@@ -15,6 +15,8 @@ codes.
 In order to do so, a global `--no-colors` command option is provided, which when
 set `--no-colors=true`, will disable colors globally.
 
+Alternatively, a `NO_COLOR` environment variable set to any non-empty string will disable color output.
+
 ## (Force) Enable colors
 
 If color support is not correctly detected, providing `--no-colors=false` would

From 2f9d2487f654195da722a5ec66b1b6244154e2c4 Mon Sep 17 00:00:00 2001
From: Jauder Ho <jauderho@users.noreply.github.com>
Date: Mon, 15 Apr 2024 05:36:03 -0700
Subject: [PATCH 230/438] Fix typo: "cooordinate" (#2910)

---
 commands/types/dnscontrol.d.ts                         | 10 +++++-----
 .../language-reference/domain-modifiers/LOC.md         |  2 +-
 .../domain-modifiers/LOC_BUILDER_DD.md                 |  2 +-
 .../domain-modifiers/LOC_BUILDER_DMM_STR.md            |  2 +-
 .../domain-modifiers/LOC_BUILDER_DMS_STR.md            |  2 +-
 .../domain-modifiers/LOC_BUILDER_STR.md                |  2 +-
 6 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 52d7cfddea..fe89377d1f 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1441,7 +1441,7 @@ declare function IP(ip: string): number;
  *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
  *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * ## Format ##
  *
@@ -1525,7 +1525,7 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dd
  */
@@ -1567,7 +1567,7 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dmm_str
  */
@@ -1610,7 +1610,7 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_dms_str
  */
@@ -1658,7 +1658,7 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  *  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  *  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  *  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ *  * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc_builder_str
  */
diff --git a/documentation/language-reference/domain-modifiers/LOC.md b/documentation/language-reference/domain-modifiers/LOC.md
index efaa4130aa..316bc8c01c 100644
--- a/documentation/language-reference/domain-modifiers/LOC.md
+++ b/documentation/language-reference/domain-modifiers/LOC.md
@@ -89,7 +89,7 @@ much work, see also helper functions:
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - build a `LOC` by supplying only **d**ecimal **d**egrees.
  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
 
 ## Format ##
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
index 2756a4f70c..28a75682cb 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
@@ -72,4 +72,4 @@ Part of the series:
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
index adf5037351..34b15dbcd1 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
@@ -52,4 +52,4 @@ Part of the series:
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
index 894ddd71fc..eb1b587609 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
@@ -53,4 +53,4 @@ Part of the series:
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
index 74cab9f7b4..3f05e3bc16 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
@@ -59,4 +59,4 @@ Part of the series:
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
  * [`LOC_BUILDER_DMS_STR({})`](LOC_BUILDER_DMS_STR.md) - accepts DMS 33°51′31″S 151°12′51″E
  * [`LOC_BUILDER_DMM_STR({})`](LOC_BUILDER_DMM_STR.md) - accepts DMM 25.24°S 153.15°E
- * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the cooordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works
+ * [`LOC_BUILDER_STR({})`](LOC_BUILDER_STR.md) - tries the coordinate string in all `LOC_BUILDER_DM*_STR()` functions until one works

From 0cd3c2fb92fc8ca5922b2afb6826eccb3509b204 Mon Sep 17 00:00:00 2001
From: fuero <108815+fuero@users.noreply.github.com>
Date: Wed, 17 Apr 2024 21:50:18 +0200
Subject: [PATCH 231/438] POWERDNS: Enables DHCID (#2911)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Robert Führicht <robert.fuehricht@gmx.at>
---
 documentation/providers.md             | 2 +-
 providers/powerdns/powerdnsProvider.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 153ed07303..d91fe0e372 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -57,7 +57,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
 | [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
diff --git a/providers/powerdns/powerdnsProvider.go b/providers/powerdns/powerdnsProvider.go
index 52c0f205cd..0f386d9033 100644
--- a/providers/powerdns/powerdnsProvider.go
+++ b/providers/powerdns/powerdnsProvider.go
@@ -20,6 +20,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Can("Needs to be enabled in PowerDNS first", "https://doc.powerdns.com/authoritative/guides/alias.html"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented("Normalization within the PowerDNS API seems to be buggy, so disabled", "https://github.com/PowerDNS/pdns/issues/10558"),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),

From 5078927e01ea019a79a3932fddb7ae49cdba9fb2 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 18 Apr 2024 15:43:50 +0200
Subject: [PATCH 232/438] DOCS: Simplified the provider URLs (providers)
 (#2914)

---
 build/generate/featureMatrix.go               |   2 +-
 commands/types/dnscontrol.d.ts                |   4 +-
 docs/_layouts/default.html                    |   2 +-
 docs/index.md                                 |   4 +-
 documentation/.gitbook.yaml                   |  52 +++++
 documentation/SUMMARY.md                      | 104 +++++-----
 documentation/adding-new-rtypes.md            |   4 +-
 documentation/bug-triage.md                   |   2 +-
 documentation/get-zones.md                    |   2 +-
 documentation/getting-started.md              |   2 +-
 documentation/index.md                        |   2 +-
 .../domain-modifiers/SOA.md                   |   2 +-
 .../record-modifiers/R53_ZONE.md              |   2 +-
 documentation/nameservers.md                  |   2 +-
 .../{providers => provider}/akamaiedgedns.md  |   0
 .../{providers => provider}/autodns.md        |   0
 .../{providers => provider}/axfrddns.md       |   0
 .../{providers => provider}/azure_dns.md      |   0
 .../azure_private_dns.md                      |   0
 documentation/{providers => provider}/bind.md |   0
 .../{providers => provider}/bunny_dns.md      |   0
 .../{providers => provider}/cloudflareapi.md  |   0
 .../{providers => provider}/cloudns.md        |   0
 .../{providers => provider}/cscglobal.md      |   0
 .../{providers => provider}/desec.md          |   0
 .../{providers => provider}/digitalocean.md   |   0
 .../{providers => provider}/dnsimple.md       |   0
 .../{providers => provider}/dnsmadeeasy.md    |   0
 .../{providers => provider}/dnsoverhttps.md   |   0
 .../{providers => provider}/domainnameshop.md |   0
 .../{providers => provider}/dynadot.md        |   0
 .../{providers => provider}/easyname.md       |   0
 .../{providers => provider}/exoscale.md       |   0
 .../{providers => provider}/gandi_v5.md       |   0
 .../{providers => provider}/gcloud.md         |   0
 .../{providers => provider}/gcore.md          |   0
 .../{providers => provider}/hedns.md          |   0
 .../{providers => provider}/hetzner.md        |   0
 .../{providers => provider}/hexonet.md        |   0
 .../{providers => provider}/hostingde.md      |   0
 .../{providers => provider}/internetbs.md     |   0
 documentation/{providers => provider}/inwx.md |   0
 .../{providers => provider}/linode.md         |   0
 .../{providers => provider}/loopia.md         |   0
 .../{providers => provider}/luadns.md         |   0
 .../{providers => provider}/msdns.md          |   0
 .../{providers => provider}/mythicbeasts.md   |   0
 .../{providers => provider}/namecheap.md      |   0
 .../{providers => provider}/namedotcom.md     |   0
 .../{providers => provider}/netcup.md         |   0
 .../{providers => provider}/netlify.md        |   0
 documentation/{providers => provider}/ns1.md  |   0
 .../{providers => provider}/opensrs.md        |   0
 .../{providers => provider}/oracle.md         |   0
 documentation/{providers => provider}/ovh.md  |   0
 .../{providers => provider}/packetframe.md    |   0
 .../{providers => provider}/porkbun.md        |   0
 .../{providers => provider}/powerdns.md       |   0
 .../realtimeregister.md                       |   0
 .../{providers => provider}/route53.md        |   0
 documentation/{providers => provider}/rwth.md |   0
 .../{providers => provider}/softlayer.md      |   0
 .../{providers => provider}/transip.md        |   0
 .../{providers => provider}/vultr.md          |   0
 documentation/providers.md                    | 196 +++++++++---------
 documentation/styleguide-doc.md               |   2 +-
 documentation/writing-providers.md            |   4 +-
 67 files changed, 220 insertions(+), 168 deletions(-)
 create mode 100644 documentation/.gitbook.yaml
 rename documentation/{providers => provider}/akamaiedgedns.md (100%)
 rename documentation/{providers => provider}/autodns.md (100%)
 rename documentation/{providers => provider}/axfrddns.md (100%)
 rename documentation/{providers => provider}/azure_dns.md (100%)
 rename documentation/{providers => provider}/azure_private_dns.md (100%)
 rename documentation/{providers => provider}/bind.md (100%)
 rename documentation/{providers => provider}/bunny_dns.md (100%)
 rename documentation/{providers => provider}/cloudflareapi.md (100%)
 rename documentation/{providers => provider}/cloudns.md (100%)
 rename documentation/{providers => provider}/cscglobal.md (100%)
 rename documentation/{providers => provider}/desec.md (100%)
 rename documentation/{providers => provider}/digitalocean.md (100%)
 rename documentation/{providers => provider}/dnsimple.md (100%)
 rename documentation/{providers => provider}/dnsmadeeasy.md (100%)
 rename documentation/{providers => provider}/dnsoverhttps.md (100%)
 rename documentation/{providers => provider}/domainnameshop.md (100%)
 rename documentation/{providers => provider}/dynadot.md (100%)
 rename documentation/{providers => provider}/easyname.md (100%)
 rename documentation/{providers => provider}/exoscale.md (100%)
 rename documentation/{providers => provider}/gandi_v5.md (100%)
 rename documentation/{providers => provider}/gcloud.md (100%)
 rename documentation/{providers => provider}/gcore.md (100%)
 rename documentation/{providers => provider}/hedns.md (100%)
 rename documentation/{providers => provider}/hetzner.md (100%)
 rename documentation/{providers => provider}/hexonet.md (100%)
 rename documentation/{providers => provider}/hostingde.md (100%)
 rename documentation/{providers => provider}/internetbs.md (100%)
 rename documentation/{providers => provider}/inwx.md (100%)
 rename documentation/{providers => provider}/linode.md (100%)
 rename documentation/{providers => provider}/loopia.md (100%)
 rename documentation/{providers => provider}/luadns.md (100%)
 rename documentation/{providers => provider}/msdns.md (100%)
 rename documentation/{providers => provider}/mythicbeasts.md (100%)
 rename documentation/{providers => provider}/namecheap.md (100%)
 rename documentation/{providers => provider}/namedotcom.md (100%)
 rename documentation/{providers => provider}/netcup.md (100%)
 rename documentation/{providers => provider}/netlify.md (100%)
 rename documentation/{providers => provider}/ns1.md (100%)
 rename documentation/{providers => provider}/opensrs.md (100%)
 rename documentation/{providers => provider}/oracle.md (100%)
 rename documentation/{providers => provider}/ovh.md (100%)
 rename documentation/{providers => provider}/packetframe.md (100%)
 rename documentation/{providers => provider}/porkbun.md (100%)
 rename documentation/{providers => provider}/powerdns.md (100%)
 rename documentation/{providers => provider}/realtimeregister.md (100%)
 rename documentation/{providers => provider}/route53.md (100%)
 rename documentation/{providers => provider}/rwth.md (100%)
 rename documentation/{providers => provider}/softlayer.md (100%)
 rename documentation/{providers => provider}/transip.md (100%)
 rename documentation/{providers => provider}/vultr.md (100%)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index f23d05a4ac..db1e459702 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -38,7 +38,7 @@ func markdownTable(matrix *FeatureMatrix) (string, error) {
 		featureMap := matrix.Providers[providerName]
 
 		var tableDataRow []string
-		tableDataRow = append(tableDataRow, "[`"+providerName+"`](providers/"+strings.ToLower(providerName)+".md)")
+		tableDataRow = append(tableDataRow, "[`"+providerName+"`](provider/"+strings.ToLower(providerName)+".md)")
 		for _, featureName := range matrix.Features {
 			tableDataRow = append(tableDataRow, featureEmoji(featureMap, featureName))
 		}
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index fe89377d1f..01d2246dda 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2407,7 +2407,7 @@ declare function R53_EVALUATE_TARGET_HEALTH(enabled: boolean): RecordModifier;
 /**
  * `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../top-level-functions/D.md)) or a specific [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record.
  *
- * When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
+ * When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../provider/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../provider/route53.md).
  *
  * When used with [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) documentation for details.
  *
@@ -2546,7 +2546,7 @@ declare function REVCOMPAT(rfc: string): string;
  * * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
  * * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
  *
- * There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
+ * There is more info about `SOA` in the documentation for the [BIND provider](../../provider/bind.md).
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/soa
  */
diff --git a/docs/_layouts/default.html b/docs/_layouts/default.html
index 1aa9bff608..18db051591 100644
--- a/docs/_layouts/default.html
+++ b/docs/_layouts/default.html
@@ -37,7 +37,7 @@
                 <ul class="nav navbar-nav navbar-right">
                     <li><a class="hidden-xs" href="https://docs.dnscontrol.org/getting-started/getting-started">Getting Started</a></li>
                     <li><a class="hidden-xs" href="https://docs.dnscontrol.org/language-reference/js">Language Reference</a></li>
-                    <li><a class="hidden-xs" href="https://docs.dnscontrol.org/service-providers/providers">Providers</a></li>
+                    <li><a class="hidden-xs" href="https://docs.dnscontrol.org/provider">Providers</a></li>
                     <li><a class="visible-xs" href="https://docs.dnscontrol.org/getting-started/getting-started">Getting Started</a></li>
                     <li><a class="visible-xs" href="{{site.github.url}}/#reference">Reference</a></li>
                     <li><a class="visible-xs" href="{{site.github.url}}/#advanced-features">Advanced features</a></li>
diff --git a/docs/index.md b/docs/index.md
index 922a43d143..a0fa9773f7 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -32,7 +32,7 @@ title: DNSControl
          Use macros and variables for easier updates.
          <!-- Optimize your SPF records. -->
          Upload your zones to
-         <strong><a href="https://docs.dnscontrol.org/service-providers/providers">multiple DNS providers</a></strong>.
+         <strong><a href="https://docs.dnscontrol.org/provider">multiple DNS providers</a></strong>.
     </p>
     </div>
 
@@ -85,7 +85,7 @@ title: DNSControl
                       <a href="https://docs.dnscontrol.org/getting-started/getting-started">Getting Started</a>: A walk-through of the basics
                 </li>
                 <li>
-                    <a href="https://docs.dnscontrol.org/service-providers/providers">Providers</a>: Which DNS providers are supported
+                    <a href="https://docs.dnscontrol.org/provider">Providers</a>: Which DNS providers are supported
                 </li>
                 <li>
                     <a href="https://docs.dnscontrol.org/getting-started/examples">Examples</a>: The DNSControl language by example
diff --git a/documentation/.gitbook.yaml b/documentation/.gitbook.yaml
new file mode 100644
index 0000000000..983e3097d9
--- /dev/null
+++ b/documentation/.gitbook.yaml
@@ -0,0 +1,52 @@
+redirects:
+  service-providers/providers: providers.md
+  service-providers/providers/akamaiedgedns: provider/akamaiedgedns.md
+  service-providers/providers/autodns: provider/autodns.md
+  service-providers/providers/axfrddns: provider/axfrddns.md
+  service-providers/providers/azure_dns: provider/azure_dns.md
+  service-providers/providers/azure_private_dns: provider/azure_private_dns.md
+  service-providers/providers/bind: provider/bind.md
+  service-providers/providers/bunny_dns: provider/bunny_dns.md
+  service-providers/providers/cloudflareapi: provider/cloudflareapi.md
+  service-providers/providers/cloudns: provider/cloudns.md
+  service-providers/providers/cscglobal: provider/cscglobal.md
+  service-providers/providers/desec: provider/desec.md
+  service-providers/providers/digitalocean: provider/digitalocean.md
+  service-providers/providers/dnsimple: provider/dnsimple.md
+  service-providers/providers/dnsmadeeasy: provider/dnsmadeeasy.md
+  service-providers/providers/dnsoverhttps: provider/dnsoverhttps.md
+  service-providers/providers/domainnameshop: provider/domainnameshop.md
+  service-providers/providers/dynadot: provider/dynadot.md
+  service-providers/providers/easyname: provider/easyname.md
+  service-providers/providers/exoscale: provider/exoscale.md
+  service-providers/providers/gandi_v5: provider/gandi_v5.md
+  service-providers/providers/gcloud: provider/gcloud.md
+  service-providers/providers/gcore: provider/gcore.md
+  service-providers/providers/hedns: provider/hedns.md
+  service-providers/providers/hetzner: provider/hetzner.md
+  service-providers/providers/hexonet: provider/hexonet.md
+  service-providers/providers/hostingde: provider/hostingde.md
+  service-providers/providers/internetbs: provider/internetbs.md
+  service-providers/providers/inwx: provider/inwx.md
+  service-providers/providers/linode: provider/linode.md
+  service-providers/providers/loopia: provider/loopia.md
+  service-providers/providers/luadns: provider/luadns.md
+  service-providers/providers/msdns: provider/msdns.md
+  service-providers/providers/mythicbeasts: provider/mythicbeasts.md
+  service-providers/providers/namecheap: provider/namecheap.md
+  service-providers/providers/namedotcom: provider/namedotcom.md
+  service-providers/providers/netcup: provider/netcup.md
+  service-providers/providers/netlify: provider/netlify.md
+  service-providers/providers/ns1: provider/ns1.md
+  service-providers/providers/opensrs: provider/opensrs.md
+  service-providers/providers/oracle: provider/oracle.md
+  service-providers/providers/ovh: provider/ovh.md
+  service-providers/providers/packetframe: provider/packetframe.md
+  service-providers/providers/porkbun: provider/porkbun.md
+  service-providers/providers/powerdns: provider/powerdns.md
+  service-providers/providers/realtimeregister: provider/realtimeregister.md
+  service-providers/providers/route53: provider/route53.md
+  service-providers/providers/rwth: provider/rwth.md
+  service-providers/providers/softlayer: provider/softlayer.md
+  service-providers/providers/transip: provider/transip.md
+  service-providers/providers/vultr: provider/vultr.md
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 5c704ded34..2e2eec4263 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -8,6 +8,7 @@
 * [Examples](examples.md)
 * [Migrating zones to DNSControl](migrating.md)
 * [TypeScript autocomplete and type checking](typescript.md)
+* [Providers](providers.md)
 
 ## Language Reference
 
@@ -94,59 +95,58 @@
             * [R53_EVALUATE_TARGET_HEALTH](language-reference/record-modifiers/R53\_EVALUATE\_TARGET\_HEALTH.md)
 * [Why CNAME/MX/NS targets require a "dot"](why-the-dot.md)
 
-## Service Providers
+## Provider
 
-* [Providers](providers.md)
-    * [Akamai Edge DNS](providers/akamaiedgedns.md)
-    * [Amazon Route 53](providers/route53.md)
-    * [AutoDNS](providers/autodns.md)
-    * [AXFR+DDNS](providers/axfrddns.md)
-    * [Azure DNS](providers/azure_dns.md)
-    * [Azure Private DNS](providers/azure_private_dns.md)
-    * [BIND](providers/bind.md)
-    * [Bunny DNS](providers/bunny\_dns.md)
-    * [Cloudflare](providers/cloudflareapi.md)
-    * [ClouDNS](providers/cloudns.md)
-    * [CSC Global](providers/cscglobal.md)
-    * [deSEC](providers/desec.md)
-    * [DigitalOcean](providers/digitalocean.md)
-    * [DNS Made Easy](providers/dnsmadeeasy.md)
-    * [DNSimple](providers/dnsimple.md)
-    * [DNS-over-HTTPS](providers/dnsoverhttps.md)
-    * [DOMAINNAMESHOP](providers/domainnameshop.md)
-    * [Dynadot](providers/dynadot.md)
-    * [easyname](providers/easyname.md)
-    * [Exoscale](providers/exoscale.md)
-    * [Gandi_v5](providers/gandi_v5.md)
-    * [Gcore](providers/gcore.md)
-    * [Google Cloud DNS](providers/gcloud.md)
-    * [Hetzner DNS Console](providers/hetzner.md)
-    * [HEXONET](providers/hexonet.md)
-    * [hosting.de](providers/hostingde.md)
-    * [Hurricane Electric DNS](providers/hedns.md)
-    * [Internet.bs](providers/internetbs.md)
-    * [INWX](providers/inwx.md)
-    * [Linode](providers/linode.md)
-    * [Loopia](providers/loopia.md)
-    * [LuaDNS](providers/luadns.md)
-    * [Microsoft DNS Server on Microsoft Windows Server](providers/msdns.md)
-    * [Mythic Beasts](providers/mythicbeasts.md)
-    * [Namecheap](providers/namecheap.md)
-    * [Name.com](providers/namedotcom.md)
-    * [Netcup](providers/netcup.md)
-    * [Netlify](providers/netlify.md)
-    * [NS1](providers/ns1.md)
-    * [OpenSRS](providers/opensrs.md)
-    * [Oracle Cloud](providers/oracle.md)
-    * [OVH](providers/ovh.md)
-    * [Packetframe](providers/packetframe.md)
-    * [Porkbun](providers/porkbun.md)
-    * [PowerDNS](providers/powerdns.md)
-    * [Realtime Register](providers/realtimeregister.md)
-    * [RWTH DNS-Admin](providers/rwth.md)
-    * [SoftLayer DNS](providers/softlayer.md)
-    * [TransIP](providers/transip.md)
-    * [Vultr](providers/vultr.md)
+* [Akamai Edge DNS](provider/akamaiedgedns.md)
+* [Amazon Route 53](provider/route53.md)
+* [AutoDNS](provider/autodns.md)
+* [AXFR+DDNS](provider/axfrddns.md)
+* [Azure DNS](provider/azure_dns.md)
+* [Azure Private DNS](provider/azure_private_dns.md)
+* [BIND](provider/bind.md)
+* [Bunny DNS](provider/bunny\_dns.md)
+* [Cloudflare](provider/cloudflareapi.md)
+* [ClouDNS](provider/cloudns.md)
+* [CSC Global](provider/cscglobal.md)
+* [deSEC](provider/desec.md)
+* [DigitalOcean](provider/digitalocean.md)
+* [DNS Made Easy](provider/dnsmadeeasy.md)
+* [DNSimple](provider/dnsimple.md)
+* [DNS-over-HTTPS](provider/dnsoverhttps.md)
+* [DOMAINNAMESHOP](provider/domainnameshop.md)
+* [Dynadot](provider/dynadot.md)
+* [easyname](provider/easyname.md)
+* [Exoscale](provider/exoscale.md)
+* [Gandi_v5](provider/gandi_v5.md)
+* [Gcore](provider/gcore.md)
+* [Google Cloud DNS](provider/gcloud.md)
+* [Hetzner DNS Console](provider/hetzner.md)
+* [HEXONET](provider/hexonet.md)
+* [hosting.de](provider/hostingde.md)
+* [Hurricane Electric DNS](provider/hedns.md)
+* [Internet.bs](provider/internetbs.md)
+* [INWX](provider/inwx.md)
+* [Linode](provider/linode.md)
+* [Loopia](provider/loopia.md)
+* [LuaDNS](provider/luadns.md)
+* [Microsoft DNS Server on Microsoft Windows Server](provider/msdns.md)
+* [Mythic Beasts](provider/mythicbeasts.md)
+* [Namecheap](provider/namecheap.md)
+* [Name.com](provider/namedotcom.md)
+* [Netcup](provider/netcup.md)
+* [Netlify](provider/netlify.md)
+* [NS1](provider/ns1.md)
+* [OpenSRS](provider/opensrs.md)
+* [Oracle Cloud](provider/oracle.md)
+* [OVH](provider/ovh.md)
+* [Packetframe](provider/packetframe.md)
+* [Porkbun](provider/porkbun.md)
+* [PowerDNS](provider/powerdns.md)
+* [Realtime Register](provider/realtimeregister.md)
+* [RWTH DNS-Admin](provider/rwth.md)
+* [SoftLayer DNS](provider/softlayer.md)
+* [TransIP](provider/transip.md)
+* [Vultr](provider/vultr.md)
 
 ## Commands
 
diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index b3677eb7d6..943aaa32a9 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -60,14 +60,14 @@ a minimum.
 -   Run stringer to auto-update the file `dnscontrol/providers/capability_string.go`
 
 ```shell
-pushd; cd providers/;
+pushd; cd provider/;
 stringer -type=Capability
 popd
 ```
 alternatively
 
 ```shell
-pushd; cd providers/;
+pushd; cd provider/;
 go generate
 popd
 ```
diff --git a/documentation/bug-triage.md b/documentation/bug-triage.md
index 4eae829cc7..35102dd0d8 100644
--- a/documentation/bug-triage.md
+++ b/documentation/bug-triage.md
@@ -39,7 +39,7 @@ Message to requester:
 Thank you for requesting this provider!
 
 I've tagged this issue as a provider-request.  It will (soon) be listed as a "requested provider" on the provider list web page:
-https://docs.dnscontrol.org/service-providers/providers
+https://docs.dnscontrol.org/provider
 
 I will now close the issue.  I know that's a bit confusing, but it will remain on the "requested provider" list.
 
diff --git a/documentation/get-zones.md b/documentation/get-zones.md
index 223cd10292..45fc3f74cf 100644
--- a/documentation/get-zones.md
+++ b/documentation/get-zones.md
@@ -192,4 +192,4 @@ provider.)
 Implementing the `ListZones` function also activates the `check-creds`
 subcommand for that provider. Please add to the provider documentation
 a list of error messages that people might see if the credentials are
-invalid.  See `documentation/providers/gcloud.md` for examples.
+invalid.  See `documentation/provider/gcloud.md` for examples.
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 49df0f5b20..8cabc76812 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -298,7 +298,7 @@ $TTL 300
 ```
 
 You can change the "DEFAULT_NOT_SET" text by following the documentation
-for the [BIND provider](providers/bind.md) to set
+for the [BIND provider](provider/bind.md) to set
 the "master" and "mbox" settings.  Try that now.
 
 
diff --git a/documentation/index.md b/documentation/index.md
index 44b773ba91..34bc897d3a 100644
--- a/documentation/index.md
+++ b/documentation/index.md
@@ -15,7 +15,7 @@ Take advantage of the advanced features. Use macros and variables for easier upd
 * Super extensible! Plug-in architecture makes adding new DNS providers and Registrars easy!
 * Eliminate vendor lock-in. Switch DNS providers easily, any time, with full fidelity.
 * Reduce points of failure: Easily maintain dual DNS providers and easily drop one that is down.
-* Supports 35+ [DNS Providers](providers.md) including [BIND](providers/bind.md), [AWS Route 53](providers/route53.md), [Google DNS](providers/gcloud.md), and [name.com](providers/namedotcom.md).
+* Supports 35+ [DNS Providers](providers.md) including [BIND](provider/bind.md), [AWS Route 53](provider/route53.md), [Google DNS](provider/gcloud.md), and [name.com](provider/namedotcom.md).
 * [Apply CI/CD principles](ci-cd-gitlab.md) to DNS: Unit-tests, system-tests, automated deployment.
 * All the benefits of Git (or any VCS) for your DNS zone data. View history. Accept PRs.
 * Optimize DNS with [SPF optimizer](language-reference/domain-modifiers/SPF_BUILDER.md). Detect too many lookups. Flatten includes.
diff --git a/documentation/language-reference/domain-modifiers/SOA.md b/documentation/language-reference/domain-modifiers/SOA.md
index e14f1b4e06..649bbdf324 100644
--- a/documentation/language-reference/domain-modifiers/SOA.md
+++ b/documentation/language-reference/domain-modifiers/SOA.md
@@ -39,4 +39,4 @@ when you are making it easier for spammers how to find you.
 * Most providers automatically generate SOA records.  They will ignore any `SOA()` statements.
 * The mbox field should not be set to a real email address unless you love spam and hate your privacy.
 
-There is more info about `SOA` in the documentation for the [BIND provider](../../providers/bind.md).
+There is more info about `SOA` in the documentation for the [BIND provider](../../provider/bind.md).
diff --git a/documentation/language-reference/record-modifiers/R53_ZONE.md b/documentation/language-reference/record-modifiers/R53_ZONE.md
index a15387df5e..482783913b 100644
--- a/documentation/language-reference/record-modifiers/R53_ZONE.md
+++ b/documentation/language-reference/record-modifiers/R53_ZONE.md
@@ -10,6 +10,6 @@ provider: ROUTE53
 
 `R53_ZONE` lets you specify the AWS Zone ID for an entire domain ([`D()`](../top-level-functions/D.md)) or a specific [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) record.
 
-When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../providers/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../providers/route53.md).
+When used with [`D()`](../top-level-functions/D.md), it sets the zone id of the domain. This can be used to differentiate between split horizon domains in public and private zones. See this [example](../../provider/route53.md#split-horizon) in the [Amazon Route 53 provider page](../../provider/route53.md).
 
 When used with [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) it sets the required Route53 hosted zone id in a R53_ALIAS record. See [`R53_ALIAS()`](../domain-modifiers/R53_ALIAS.md) documentation for details.
diff --git a/documentation/nameservers.md b/documentation/nameservers.md
index cd56c6e9ee..3b58c9f340 100644
--- a/documentation/nameservers.md
+++ b/documentation/nameservers.md
@@ -248,7 +248,7 @@ a notified if the delegation diverges.
 Why?
 Sometimes you just want to know if something changes!
 
-See the [DNS-over-HTTPS Provider](providers/dnsoverhttps.md) documentation for more info.
+See the [DNS-over-HTTPS Provider](provider/dnsoverhttps.md) documentation for more info.
 
 {% code title="dnsconfig.js" %}
 ```javascript
diff --git a/documentation/providers/akamaiedgedns.md b/documentation/provider/akamaiedgedns.md
similarity index 100%
rename from documentation/providers/akamaiedgedns.md
rename to documentation/provider/akamaiedgedns.md
diff --git a/documentation/providers/autodns.md b/documentation/provider/autodns.md
similarity index 100%
rename from documentation/providers/autodns.md
rename to documentation/provider/autodns.md
diff --git a/documentation/providers/axfrddns.md b/documentation/provider/axfrddns.md
similarity index 100%
rename from documentation/providers/axfrddns.md
rename to documentation/provider/axfrddns.md
diff --git a/documentation/providers/azure_dns.md b/documentation/provider/azure_dns.md
similarity index 100%
rename from documentation/providers/azure_dns.md
rename to documentation/provider/azure_dns.md
diff --git a/documentation/providers/azure_private_dns.md b/documentation/provider/azure_private_dns.md
similarity index 100%
rename from documentation/providers/azure_private_dns.md
rename to documentation/provider/azure_private_dns.md
diff --git a/documentation/providers/bind.md b/documentation/provider/bind.md
similarity index 100%
rename from documentation/providers/bind.md
rename to documentation/provider/bind.md
diff --git a/documentation/providers/bunny_dns.md b/documentation/provider/bunny_dns.md
similarity index 100%
rename from documentation/providers/bunny_dns.md
rename to documentation/provider/bunny_dns.md
diff --git a/documentation/providers/cloudflareapi.md b/documentation/provider/cloudflareapi.md
similarity index 100%
rename from documentation/providers/cloudflareapi.md
rename to documentation/provider/cloudflareapi.md
diff --git a/documentation/providers/cloudns.md b/documentation/provider/cloudns.md
similarity index 100%
rename from documentation/providers/cloudns.md
rename to documentation/provider/cloudns.md
diff --git a/documentation/providers/cscglobal.md b/documentation/provider/cscglobal.md
similarity index 100%
rename from documentation/providers/cscglobal.md
rename to documentation/provider/cscglobal.md
diff --git a/documentation/providers/desec.md b/documentation/provider/desec.md
similarity index 100%
rename from documentation/providers/desec.md
rename to documentation/provider/desec.md
diff --git a/documentation/providers/digitalocean.md b/documentation/provider/digitalocean.md
similarity index 100%
rename from documentation/providers/digitalocean.md
rename to documentation/provider/digitalocean.md
diff --git a/documentation/providers/dnsimple.md b/documentation/provider/dnsimple.md
similarity index 100%
rename from documentation/providers/dnsimple.md
rename to documentation/provider/dnsimple.md
diff --git a/documentation/providers/dnsmadeeasy.md b/documentation/provider/dnsmadeeasy.md
similarity index 100%
rename from documentation/providers/dnsmadeeasy.md
rename to documentation/provider/dnsmadeeasy.md
diff --git a/documentation/providers/dnsoverhttps.md b/documentation/provider/dnsoverhttps.md
similarity index 100%
rename from documentation/providers/dnsoverhttps.md
rename to documentation/provider/dnsoverhttps.md
diff --git a/documentation/providers/domainnameshop.md b/documentation/provider/domainnameshop.md
similarity index 100%
rename from documentation/providers/domainnameshop.md
rename to documentation/provider/domainnameshop.md
diff --git a/documentation/providers/dynadot.md b/documentation/provider/dynadot.md
similarity index 100%
rename from documentation/providers/dynadot.md
rename to documentation/provider/dynadot.md
diff --git a/documentation/providers/easyname.md b/documentation/provider/easyname.md
similarity index 100%
rename from documentation/providers/easyname.md
rename to documentation/provider/easyname.md
diff --git a/documentation/providers/exoscale.md b/documentation/provider/exoscale.md
similarity index 100%
rename from documentation/providers/exoscale.md
rename to documentation/provider/exoscale.md
diff --git a/documentation/providers/gandi_v5.md b/documentation/provider/gandi_v5.md
similarity index 100%
rename from documentation/providers/gandi_v5.md
rename to documentation/provider/gandi_v5.md
diff --git a/documentation/providers/gcloud.md b/documentation/provider/gcloud.md
similarity index 100%
rename from documentation/providers/gcloud.md
rename to documentation/provider/gcloud.md
diff --git a/documentation/providers/gcore.md b/documentation/provider/gcore.md
similarity index 100%
rename from documentation/providers/gcore.md
rename to documentation/provider/gcore.md
diff --git a/documentation/providers/hedns.md b/documentation/provider/hedns.md
similarity index 100%
rename from documentation/providers/hedns.md
rename to documentation/provider/hedns.md
diff --git a/documentation/providers/hetzner.md b/documentation/provider/hetzner.md
similarity index 100%
rename from documentation/providers/hetzner.md
rename to documentation/provider/hetzner.md
diff --git a/documentation/providers/hexonet.md b/documentation/provider/hexonet.md
similarity index 100%
rename from documentation/providers/hexonet.md
rename to documentation/provider/hexonet.md
diff --git a/documentation/providers/hostingde.md b/documentation/provider/hostingde.md
similarity index 100%
rename from documentation/providers/hostingde.md
rename to documentation/provider/hostingde.md
diff --git a/documentation/providers/internetbs.md b/documentation/provider/internetbs.md
similarity index 100%
rename from documentation/providers/internetbs.md
rename to documentation/provider/internetbs.md
diff --git a/documentation/providers/inwx.md b/documentation/provider/inwx.md
similarity index 100%
rename from documentation/providers/inwx.md
rename to documentation/provider/inwx.md
diff --git a/documentation/providers/linode.md b/documentation/provider/linode.md
similarity index 100%
rename from documentation/providers/linode.md
rename to documentation/provider/linode.md
diff --git a/documentation/providers/loopia.md b/documentation/provider/loopia.md
similarity index 100%
rename from documentation/providers/loopia.md
rename to documentation/provider/loopia.md
diff --git a/documentation/providers/luadns.md b/documentation/provider/luadns.md
similarity index 100%
rename from documentation/providers/luadns.md
rename to documentation/provider/luadns.md
diff --git a/documentation/providers/msdns.md b/documentation/provider/msdns.md
similarity index 100%
rename from documentation/providers/msdns.md
rename to documentation/provider/msdns.md
diff --git a/documentation/providers/mythicbeasts.md b/documentation/provider/mythicbeasts.md
similarity index 100%
rename from documentation/providers/mythicbeasts.md
rename to documentation/provider/mythicbeasts.md
diff --git a/documentation/providers/namecheap.md b/documentation/provider/namecheap.md
similarity index 100%
rename from documentation/providers/namecheap.md
rename to documentation/provider/namecheap.md
diff --git a/documentation/providers/namedotcom.md b/documentation/provider/namedotcom.md
similarity index 100%
rename from documentation/providers/namedotcom.md
rename to documentation/provider/namedotcom.md
diff --git a/documentation/providers/netcup.md b/documentation/provider/netcup.md
similarity index 100%
rename from documentation/providers/netcup.md
rename to documentation/provider/netcup.md
diff --git a/documentation/providers/netlify.md b/documentation/provider/netlify.md
similarity index 100%
rename from documentation/providers/netlify.md
rename to documentation/provider/netlify.md
diff --git a/documentation/providers/ns1.md b/documentation/provider/ns1.md
similarity index 100%
rename from documentation/providers/ns1.md
rename to documentation/provider/ns1.md
diff --git a/documentation/providers/opensrs.md b/documentation/provider/opensrs.md
similarity index 100%
rename from documentation/providers/opensrs.md
rename to documentation/provider/opensrs.md
diff --git a/documentation/providers/oracle.md b/documentation/provider/oracle.md
similarity index 100%
rename from documentation/providers/oracle.md
rename to documentation/provider/oracle.md
diff --git a/documentation/providers/ovh.md b/documentation/provider/ovh.md
similarity index 100%
rename from documentation/providers/ovh.md
rename to documentation/provider/ovh.md
diff --git a/documentation/providers/packetframe.md b/documentation/provider/packetframe.md
similarity index 100%
rename from documentation/providers/packetframe.md
rename to documentation/provider/packetframe.md
diff --git a/documentation/providers/porkbun.md b/documentation/provider/porkbun.md
similarity index 100%
rename from documentation/providers/porkbun.md
rename to documentation/provider/porkbun.md
diff --git a/documentation/providers/powerdns.md b/documentation/provider/powerdns.md
similarity index 100%
rename from documentation/providers/powerdns.md
rename to documentation/provider/powerdns.md
diff --git a/documentation/providers/realtimeregister.md b/documentation/provider/realtimeregister.md
similarity index 100%
rename from documentation/providers/realtimeregister.md
rename to documentation/provider/realtimeregister.md
diff --git a/documentation/providers/route53.md b/documentation/provider/route53.md
similarity index 100%
rename from documentation/providers/route53.md
rename to documentation/provider/route53.md
diff --git a/documentation/providers/rwth.md b/documentation/provider/rwth.md
similarity index 100%
rename from documentation/providers/rwth.md
rename to documentation/provider/rwth.md
diff --git a/documentation/providers/softlayer.md b/documentation/provider/softlayer.md
similarity index 100%
rename from documentation/providers/softlayer.md
rename to documentation/provider/softlayer.md
diff --git a/documentation/providers/transip.md b/documentation/provider/transip.md
similarity index 100%
rename from documentation/providers/transip.md
rename to documentation/provider/transip.md
diff --git a/documentation/providers/vultr.md b/documentation/provider/vultr.md
similarity index 100%
rename from documentation/providers/vultr.md
rename to documentation/provider/vultr.md
diff --git a/documentation/providers.md b/documentation/providers.md
index d91fe0e372..bbaff36d6b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -14,56 +14,56 @@ If a feature is definitively not supported for whatever reason, we would also li
 <!-- provider-matrix-start -->
 | Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | dual host | create-domains | get-zones |
 | ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------- | -------------- | --------- |
-| [`AKAMAIEDGEDNS`](providers/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](providers/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](providers/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](providers/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](providers/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](providers/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](providers/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](providers/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](providers/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](providers/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](providers/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DNSIMPLE`](providers/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`DNSMADEEASY`](providers/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](providers/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`DOMAINNAMESHOP`](providers/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
-| [`DYNADOT`](providers/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EASYNAME`](providers/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EXOSCALE`](providers/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](providers/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](providers/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](providers/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEDNS`](providers/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](providers/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEXONET`](providers/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](providers/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](providers/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](providers/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`LINODE`](providers/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`LOOPIA`](providers/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`LUADNS`](providers/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`MSDNS`](providers/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`MYTHICBEASTS`](providers/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](providers/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](providers/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NETCUP`](providers/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](providers/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](providers/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](providers/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`ORACLE`](providers/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OVH`](providers/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`PACKETFRAME`](providers/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](providers/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](providers/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](providers/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](providers/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`RWTH`](providers/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`SOFTLAYER`](providers/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](providers/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`VULTR`](providers/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](provider/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
@@ -79,13 +79,13 @@ Providers in this category and their maintainers are:
 
 |Name|Maintainer|
 |---|---|
-|[`AZURE_DNS`](providers/azure_dns.md)|@vatsalyagoel|
-|[`BIND`](providers/bind.md)|@tlimoncelli|
-|[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
-|[`CSCGLOBAL`](providers/cscglobal.md)|@mikenz|
-|[`GCLOUD`](providers/gcloud.md)|@riyadhalnur|
-|[`MSDNS`](providers/msdns.md)|@tlimoncelli|
-|[`ROUTE53`](providers/route53.md)|@tresni|
+|[`AZURE_DNS`](provider/azure_dns.md)|@vatsalyagoel|
+|[`BIND`](provider/bind.md)|@tlimoncelli|
+|[`CLOUDFLAREAPI`](provider/cloudflareapi.md)|@tresni|
+|[`CSCGLOBAL`](provider/cscglobal.md)|@mikenz|
+|[`GCLOUD`](provider/gcloud.md)|@riyadhalnur|
+|[`MSDNS`](provider/msdns.md)|@tlimoncelli|
+|[`ROUTE53`](provider/route53.md)|@tresni|
 
 ### Providers with "contributor support"
 
@@ -109,47 +109,47 @@ Providers in this category and their maintainers are:
 
 |Name|Maintainer|
 |---|---|
-|[`AZURE_PRIVATE_DNS`](providers/azure_private_dns.md)|@matthewmgamble|
-|[`AKAMAIEDGEDNS`](providers/akamaiedgedns.md)|@svernick|
-|[`AXFRDDNS`](providers/axfrddns.md)|@hnrgrgr|
-|[`BUNNY_DNS`](providers/bunny_dns.md)|@ppmathis|
-|[`CLOUDFLAREAPI`](providers/cloudflareapi.md)|@tresni|
-|[`CLOUDNS`](providers/cloudns.md)|@pragmaton|
-|[`CSCGLOBAL`](providers/cscglobal.md)|@Air-New-Zealand|
-|[`DESEC`](providers/desec.md)|@D3luxee|
-|[`DIGITALOCEAN`](providers/digitalocean.md)|@Deraen|
-|[`DNSIMPLE`](providers/dnsimple.md)|@onlyhavecans|
-|[`DNSMADEEASY`](providers/dnsmadeeasy.md)|@vojtad|
-|[`DNSOVERHTTPS`](providers/dnsoverhttps.md)|@mikenz|
-|[`DOMAINNAMESHOP`](providers/domainnameshop.md)|@SimenBai|
-|[`EASYNAME`](providers/easyname.md)|@tresni|
-|[`EXOSCALE`](providers/exoscale.md)|@pierre-emmanuelJ|
-|[`GANDI_V5`](providers/gandi_v5.md)|@TomOnTime|
-|[`GCORE`](providers/gcore.md)|@xddxdd|
-|[`HEDNS`](providers/hedns.md)|@rblenkinsopp|
-|[`HETZNER`](providers/hetzner.md)|@das7pad|
-|[`HEXONET`](providers/hexonet.md)|@KaiSchwarz-cnic|
-|[`HOSTINGDE`](providers/hostingde.md)|@membero|
-|[`INTERNETBS`](providers/internetbs.md)|@pragmaton|
-|[`INWX`](providers/inwx.md)|@patschi|
-|[`LINODE`](providers/linode.md)|@koesie10|
-|[`LOOPIA`](providers/loopia.md)|@systemcrash|
-|[`LUADNS`](providers/luadns.md)|@riku22|
-|[`NAMECHEAP`](providers/namecheap.md)|@willpower232|
-|[`NETCUP`](providers/netcup.md)|@kordianbruck|
-|[`NETLIFY`](providers/netlify.md)|@SphericalKat|
-|[`NS1`](providers/ns1.md)|@costasd|
-|[`OPENSRS`](providers/opensrs.md)|@philhug|
-|[`ORACLE`](providers/oracle.md)|@kallsyms|
-|[`OVH`](providers/ovh.md)|@masterzen|
-|[`PACKETFRAME`](providers/packetframe.md)|@hamptonmoore|
-|[`POWERDNS`](providers/powerdns.md)|@jpbede|
-|[`REALTIMEREGISTER`](providers/realtimeregister.md)|@PJEilers|
-|[`ROUTE53`](providers/route53.md)|@tresni|
-|[`RWTH`](providers/rwth.md)|@MisterErwin|
-|[`SOFTLAYER`](providers/softlayer.md)|@jamielennox|
-|[`TRANSIP`](providers/transip.md)|@blackshadev|
-|[`VULTR`](providers/vultr.md)|@pgaskin|
+|[`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md)|@matthewmgamble|
+|[`AKAMAIEDGEDNS`](provider/akamaiedgedns.md)|@svernick|
+|[`AXFRDDNS`](provider/axfrddns.md)|@hnrgrgr|
+|[`BUNNY_DNS`](provider/bunny_dns.md)|@ppmathis|
+|[`CLOUDFLAREAPI`](provider/cloudflareapi.md)|@tresni|
+|[`CLOUDNS`](provider/cloudns.md)|@pragmaton|
+|[`CSCGLOBAL`](provider/cscglobal.md)|@Air-New-Zealand|
+|[`DESEC`](provider/desec.md)|@D3luxee|
+|[`DIGITALOCEAN`](provider/digitalocean.md)|@Deraen|
+|[`DNSIMPLE`](provider/dnsimple.md)|@onlyhavecans|
+|[`DNSMADEEASY`](provider/dnsmadeeasy.md)|@vojtad|
+|[`DNSOVERHTTPS`](provider/dnsoverhttps.md)|@mikenz|
+|[`DOMAINNAMESHOP`](provider/domainnameshop.md)|@SimenBai|
+|[`EASYNAME`](provider/easyname.md)|@tresni|
+|[`EXOSCALE`](provider/exoscale.md)|@pierre-emmanuelJ|
+|[`GANDI_V5`](provider/gandi_v5.md)|@TomOnTime|
+|[`GCORE`](provider/gcore.md)|@xddxdd|
+|[`HEDNS`](provider/hedns.md)|@rblenkinsopp|
+|[`HETZNER`](provider/hetzner.md)|@das7pad|
+|[`HEXONET`](provider/hexonet.md)|@KaiSchwarz-cnic|
+|[`HOSTINGDE`](provider/hostingde.md)|@membero|
+|[`INTERNETBS`](provider/internetbs.md)|@pragmaton|
+|[`INWX`](provider/inwx.md)|@patschi|
+|[`LINODE`](provider/linode.md)|@koesie10|
+|[`LOOPIA`](provider/loopia.md)|@systemcrash|
+|[`LUADNS`](provider/luadns.md)|@riku22|
+|[`NAMECHEAP`](provider/namecheap.md)|@willpower232|
+|[`NETCUP`](provider/netcup.md)|@kordianbruck|
+|[`NETLIFY`](provider/netlify.md)|@SphericalKat|
+|[`NS1`](provider/ns1.md)|@costasd|
+|[`OPENSRS`](provider/opensrs.md)|@philhug|
+|[`ORACLE`](provider/oracle.md)|@kallsyms|
+|[`OVH`](provider/ovh.md)|@masterzen|
+|[`PACKETFRAME`](provider/packetframe.md)|@hamptonmoore|
+|[`POWERDNS`](provider/powerdns.md)|@jpbede|
+|[`REALTIMEREGISTER`](provider/realtimeregister.md)|@PJEilers|
+|[`ROUTE53`](provider/route53.md)|@tresni|
+|[`RWTH`](provider/rwth.md)|@MisterErwin|
+|[`SOFTLAYER`](provider/softlayer.md)|@jamielennox|
+|[`TRANSIP`](provider/transip.md)|@blackshadev|
+|[`VULTR`](provider/vultr.md)|@pgaskin|
 
 ### Requested providers
 
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index 3b523d2e55..49d1ec755b 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -22,7 +22,7 @@ TL;DR version: [`docs`](https://github.com/StackExchange/dnscontrol/tree/main/do
 Within the git repo, docs are grouped:
 
 * [`documentation/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation): general docs
-* [`documentation/providers/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/providers/): One file per provider
+* [`documentation/provider/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/provider/): One file per provider
 * [`documentation/language-reference/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/language-reference/): One file per `dnsconfig.js` language feature
 * [`documentation/assets/FOO/`](https://github.com/StackExchange/dnscontrol/tree/main/documentation/assets/): Images for page FOO(PNGs only, please!)
 
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 425bf012ee..17d81db59e 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -222,7 +222,7 @@ an automated way to test for this bug.  The manual steps are here in
   * Add the new provider to the [Providers with "contributor support"](providers.md#providers-with-contributor-support) section.
 * Edit `documentation/SUMMARY.md`:
   * Add the provider to the "Providers" list.
-* Create `documentation/providers/PROVIDERNAME.md`:
+* Create `documentation/provider/PROVIDERNAME.md`:
   * Use one of the other files in that directory as a base.
 * Edit `OWNERS`:
   * Add the directory name and your GitHub username.
@@ -311,7 +311,7 @@ These are the things we'll be checking when you submit the PR.  Please try to co
   * `.goreleaser.yml` (Search for `Provider-specific changes`)
   * `documentation/SUMMARY.md`
   * `documentation/providers.md` (the autogenerated table + the second one; make sure it is removed from the `requested` list)
-  * `documentation/providers/`PROVIDERNAME`.md`
+  * `documentation/provider/`PROVIDERNAME`.md`
   * `integrationTest/providers.json`
     * `providers/_all/all.go`
 3. Review the code for style issues, remove debug statements, make sure all exported functions have a comment, and generally tighten up the code.

From df0fa2dbf83ffc523ab6c3be817a9e28c55ffa00 Mon Sep 17 00:00:00 2001
From: fuero <108815+fuero@users.noreply.github.com>
Date: Fri, 19 Apr 2024 19:24:57 +0200
Subject: [PATCH 233/438] POWERDNS: Change DHCID test value to valid base64
 code (#2915)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Robert Führicht <robert.fuehricht@gmx.at>
---
 integrationTest/integration_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 54389591af..983d8a4d74 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1602,7 +1602,7 @@ func makeTests() []*TestGroup {
 		testgroup("DHCID",
 			requires(providers.CanUseDHCID),
 			tc("Create DHCID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
-			tc("Modify DHCID record", dhcid("test", "Test/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+			tc("Modify DHCID record", dhcid("test", "FOOAAAAAAAAuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 		),
 
 		testgroup("DNAME",

From da6f6218ee42b720debe3daae225e947c89e47fd Mon Sep 17 00:00:00 2001
From: fuero <108815+fuero@users.noreply.github.com>
Date: Fri, 19 Apr 2024 20:19:43 +0200
Subject: [PATCH 234/438] POWERDNS: Value in test was too long (#2916)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Robert Führicht <robert.fuehricht@gmx.at>
---
 integrationTest/integration_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 983d8a4d74..3f1833472b 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1602,7 +1602,7 @@ func makeTests() []*TestGroup {
 		testgroup("DHCID",
 			requires(providers.CanUseDHCID),
 			tc("Create DHCID record", dhcid("test", "AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
-			tc("Modify DHCID record", dhcid("test", "FOOAAAAAAAAuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
+			tc("Modify DHCID record", dhcid("test", "AAAAAAAAuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=")),
 		),
 
 		testgroup("DNAME",

From 3f05482e6b6120903e83520bf94975567db987a0 Mon Sep 17 00:00:00 2001
From: xtex <xtexchooser@duck.com>
Date: Mon, 22 Apr 2024 21:54:12 +0800
Subject: [PATCH 235/438] NEW RECORD TYPE: DNSKEY (#2917)

Signed-off-by: xtex <xtexchooser@duck.com>
---
 build/generate/featureMatrix.go               |   6 +
 commands/getZones.go                          |   2 +
 commands/types/dnscontrol.d.ts                |  21 ++++
 documentation/SUMMARY.md                      |   1 +
 documentation/adding-new-rtypes.md            |   4 +-
 .../domain-modifiers/DNSKEY.md                |  35 ++++++
 documentation/providers.md                    | 104 +++++++++---------
 integrationTest/integration_test.go           |  14 +++
 models/dnsrr.go                               |   2 +
 models/domain.go                              |   2 +-
 models/record.go                              |  17 ++-
 models/t_dnskey.go                            |  52 +++++++++
 models/t_parse.go                             |   4 +
 models/target.go                              |   2 +
 pkg/js/helpers.js                             |  31 +++++-
 pkg/js/parse_tests/048-DNSKEY.js              |   3 +
 pkg/js/parse_tests/048-DNSKEY.json            |  22 ++++
 pkg/normalize/validate.go                     |   4 +-
 pkg/prettyzone/prettyzone_test.go             |   4 +
 pkg/prettyzone/sorting.go                     |  14 +++
 providers/bind/bindProvider.go                |   1 +
 providers/capabilities.go                     |   3 +
 providers/capability_string.go                |  11 +-
 providers/desec/desecProvider.go              |   1 +
 24 files changed, 291 insertions(+), 69 deletions(-)
 create mode 100644 documentation/language-reference/domain-modifiers/DNSKEY.md
 create mode 100644 models/t_dnskey.go
 create mode 100644 pkg/js/parse_tests/048-DNSKEY.js
 create mode 100644 pkg/js/parse_tests/048-DNSKEY.json

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index db1e459702..48c593b843 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -90,6 +90,7 @@ func matrixData() *FeatureMatrix {
 		DomainModifierDs     = "[`DS`](language-reference/domain-modifiers/DS.md)"
 		DomainModifierDhcid  = "[`DHCID`](language-reference/domain-modifiers/DHCID.md)"
 		DomainModifierDname  = "[`DNAME`](language-reference/domain-modifiers/DNAME.md)"
+		DomainModifierDnskey = "[`DNSKEY`](language-reference/domain-modifiers/DNSKEY.md)"
 		DualHost             = "dual host"
 		CreateDomains        = "create-domains"
 		GetZones             = "get-zones"
@@ -115,6 +116,7 @@ func matrixData() *FeatureMatrix {
 			DomainModifierDs,
 			DomainModifierDhcid,
 			DomainModifierDname,
+			DomainModifierDnskey,
 			DualHost,
 			CreateDomains,
 			//NoPurge,
@@ -201,6 +203,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierDs,
 			providers.CanUseDS,
 		)
+		setCapability(
+			DomainModifierDnskey,
+			providers.CanUseDNSKEY,
+		)
 		setCapability(
 			DomainModifierLoc,
 			providers.CanUseLOC,
diff --git a/commands/getZones.go b/commands/getZones.go
index 0bec3cbb68..0b58601933 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -337,6 +337,8 @@ func formatDsl(rec *models.RecordConfig, defaultTTL uint32) string {
 		return makeCaa(rec, ttlop)
 	case "DS":
 		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.DsKeyTag, rec.DsAlgorithm, rec.DsDigestType, rec.DsDigest)
+	case "DNSKEY":
+		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.DnskeyFlags, rec.DnskeyProtocol, rec.DnskeyAlgorithm, rec.DnskeyPublicKey)
 	case "MX":
 		target = fmt.Sprintf(`%d, "%s"`, rec.MxPreference, rec.GetTargetField())
 	case "NAPTR":
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 01d2246dda..d23a599388 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -835,6 +835,27 @@ declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy:
  */
 declare function DNAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * DNSKEY adds a DNSKEY record to the domain.
+ *
+ * Flags should be a number.
+ *
+ * Protocol should be a number.
+ *
+ * Algorithm must be a number.
+ *
+ * Public key must be a string.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DNSKEY("@", 257, 3, 13, "AABBCCDD")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dnskey
+ */
+declare function DNSKEY(name: string, flags: number, protocol: number, algorithm: number, publicKey: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `DOMAIN_ELSEWHERE()` is a helper macro that lets you easily indicate that
  * a domain's zones are managed elsewhere. That is, it permits you easily delegate
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 2e2eec4263..653ce865e0 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -39,6 +39,7 @@
     * [CNAME](language-reference/domain-modifiers/CNAME.md)
     * [DHCID](language-reference/domain-modifiers/DHCID.md)
     * [DNAME](language-reference/domain-modifiers/DNAME.md)
+    * [DNSKEY](language-reference/domain-modifiers/DNSKEY.md)
     * [DISABLE_IGNORE_SAFETY_CHECK](language-reference/domain-modifiers/DISABLE_IGNORE_SAFETY_CHECK.md)
     * [DMARC_BUILDER](language-reference/domain-modifiers/DMARC_BUILDER.md)
     * [DS](language-reference/domain-modifiers/DS.md)
diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index 943aaa32a9..b3677eb7d6 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -60,14 +60,14 @@ a minimum.
 -   Run stringer to auto-update the file `dnscontrol/providers/capability_string.go`
 
 ```shell
-pushd; cd provider/;
+pushd; cd providers/;
 stringer -type=Capability
 popd
 ```
 alternatively
 
 ```shell
-pushd; cd provider/;
+pushd; cd providers/;
 go generate
 popd
 ```
diff --git a/documentation/language-reference/domain-modifiers/DNSKEY.md b/documentation/language-reference/domain-modifiers/DNSKEY.md
new file mode 100644
index 0000000000..2f6cf85876
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/DNSKEY.md
@@ -0,0 +1,35 @@
+---
+name: DNSKEY
+parameters:
+  - name
+  - flags
+  - protocol
+  - algorithm
+  - publicKey
+  - modifiers...
+parameter_types:
+  name: string
+  flags: number
+  protocol: number
+  algorithm: number
+  publicKey: string
+  "modifiers...": RecordModifier[]
+---
+
+DNSKEY adds a DNSKEY record to the domain.
+
+Flags should be a number.
+
+Protocol should be a number.
+
+Algorithm must be a number.
+
+Public key must be a string.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DNSKEY("@", 257, 3, 13, "AABBCCDD")
+);
+```
+{% endcode %}
diff --git a/documentation/providers.md b/documentation/providers.md
index bbaff36d6b..4264657b89 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,58 +12,58 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | dual host | create-domains | get-zones |
-| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------- | -------------- | --------- |
-| [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`DOMAINNAMESHOP`](provider/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
-| [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | [`DNSKEY`](language-reference/domain-modifiers/DNSKEY.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------- | --------- | -------------- | --------- |
+| [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](provider/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 3f1833472b..14f3f8fca2 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -522,6 +522,12 @@ func ds(name string, keyTag uint16, algorithm, digestType uint8, digest string)
 	return r
 }
 
+func dnskey(name string, flags uint16, protocol, algorithm uint8, publicKey string) *models.RecordConfig {
+	r := makeRec(name, "", "DNSKEY")
+	r.SetTargetDNSKEY(flags, protocol, algorithm, publicKey)
+	return r
+}
+
 func ignoreName(labelSpec string) *models.RecordConfig {
 	return ignore(labelSpec, "*", "*")
 }
@@ -1612,6 +1618,14 @@ func makeTests() []*TestGroup {
 			tc("Create DNAME record in non-FQDN", dname("a", "b")),
 		),
 
+		testgroup("DNSKEY",
+			requires(providers.CanUseDNSKEY),
+			tc("Create DNSKEY record", dnskey("test", 257, 3, 13, "fRnjbeUVyKvz1bDx2lPmu3KY1k64T358t8kP6Hjveos=")),
+			tc("Modify DNSKEY record 1", dnskey("test", 256, 3, 13, "fRnjbeUVyKvz1bDx2lPmu3KY1k64T358t8kP6Hjveos=")),
+			tc("Modify DNSKEY record 2", dnskey("test", 256, 3, 13, "whjtMiJP9C86l0oTJUxemuYtQ0RIZePWt6QETC2kkKM=")),
+			tc("Modify DNSKEY record 3", dnskey("test", 256, 3, 15, "whjtMiJP9C86l0oTJUxemuYtQ0RIZePWt6QETC2kkKM=")),
+		),
+
 		//// Vendor-specific record types
 
 		// Narrative: DNSControl supports DNS records that don't exist!
diff --git a/models/dnsrr.go b/models/dnsrr.go
index e142fad08a..e41128031f 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -52,6 +52,8 @@ func helperRRtoRC(rr dns.RR, origin string, fixBug bool) (RecordConfig, error) {
 		err = rc.SetTarget(v.Target)
 	case *dns.DS:
 		err = rc.SetTargetDS(v.KeyTag, v.Algorithm, v.DigestType, v.Digest)
+	case *dns.DNSKEY:
+		err = rc.SetTargetDNSKEY(v.Flags, v.Protocol, v.Algorithm, v.PublicKey)
 	case *dns.LOC:
 		err = rc.SetTargetLOC(v.Version, v.Latitude, v.Longitude, v.Altitude, v.Size, v.HorizPre, v.VertPre)
 	case *dns.MX:
diff --git a/models/domain.go b/models/domain.go
index 4a8fb4f4b2..6e29f57287 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -141,7 +141,7 @@ func (dc *DomainConfig) Punycode() error {
 			rec.SetTarget(t)
 		case "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
 			rec.SetTarget(rec.GetTargetField())
-		case "A", "AAAA", "CAA", "DHCID", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
+		case "A", "AAAA", "CAA", "DHCID", "DNSKEY", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
 			// Nothing to do.
 		default:
 			return fmt.Errorf("Punycode rtype %v unimplemented", rec.Type)
diff --git a/models/record.go b/models/record.go
index 47809f001e..46c19b0312 100644
--- a/models/record.go
+++ b/models/record.go
@@ -104,6 +104,10 @@ type RecordConfig struct {
 	DsAlgorithm      uint8             `json:"dsalgorithm,omitempty"`
 	DsDigestType     uint8             `json:"dsdigesttype,omitempty"`
 	DsDigest         string            `json:"dsdigest,omitempty"`
+	DnskeyFlags      uint16            `json:"dnskeyflags,omitempty"`
+	DnskeyProtocol   uint8             `json:"dnskeyprotocol,omitempty"`
+	DnskeyAlgorithm  uint8             `json:"dnskeyalgorithm,omitempty"`
+	DnskeyPublicKey  string            `json:"dnskeypublickey,omitempty"`
 	LocVersion       uint8             `json:"locversion,omitempty"`
 	LocSize          uint8             `json:"locsize,omitempty"`
 	LocHorizPre      uint8             `json:"lochorizpre,omitempty"`
@@ -172,6 +176,10 @@ func (rc *RecordConfig) UnmarshalJSON(b []byte) error {
 		DsAlgorithm      uint8             `json:"dsalgorithm,omitempty"`
 		DsDigestType     uint8             `json:"dsdigesttype,omitempty"`
 		DsDigest         string            `json:"dsdigest,omitempty"`
+		DnskeyFlags      uint16            `json:"dnskeyflags,omitempty"`
+		DnskeyProtocol   uint8             `json:"dnskeyprotocol,omitempty"`
+		DnskeyAlgorithm  uint8             `json:"dnskeyalgorithm,omitempty"`
+		DnskeyPublicKey  string            `json:"dnskeypublickey,omitempty"`
 		LocVersion       uint8             `json:"locversion,omitempty"`
 		LocSize          uint8             `json:"locsize,omitempty"`
 		LocHorizPre      uint8             `json:"lochorizpre,omitempty"`
@@ -368,6 +376,11 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.DS).DigestType = rc.DsDigestType
 		rr.(*dns.DS).Digest = rc.DsDigest
 		rr.(*dns.DS).KeyTag = rc.DsKeyTag
+	case dns.TypeDNSKEY:
+		rr.(*dns.DNSKEY).Flags = rc.DnskeyFlags
+		rr.(*dns.DNSKEY).Protocol = rc.DnskeyProtocol
+		rr.(*dns.DNSKEY).Algorithm = rc.DnskeyAlgorithm
+		rr.(*dns.DNSKEY).PublicKey = rc.DnskeyPublicKey
 	case dns.TypeLOC:
 		// fmt.Printf("ToRR long: %d, lat:%d, sz: %d, hz:%d, vt:%d\n", rc.LocLongitude, rc.LocLatitude, rc.LocSize, rc.LocHorizPre, rc.LocVertPre)
 		// fmt.Printf("ToRR rc: %+v\n", *rc)
@@ -539,7 +552,7 @@ func Downcase(recs []*RecordConfig) {
 		r.Name = strings.ToLower(r.Name)
 		r.NameFQDN = strings.ToLower(r.NameFQDN)
 		switch r.Type { // #rtype_variations
-		case "AKAMAICDN", "ALIAS", "AAAA", "ANAME", "CNAME", "DNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
+		case "AKAMAICDN", "ALIAS", "AAAA", "ANAME", "CNAME", "DNAME", "DS", "DNSKEY", "MX", "NS", "NAPTR", "PTR", "SRV", "TLSA":
 			// Target is case insensitive. Downcase it.
 			r.target = strings.ToLower(r.target)
 			// BUGFIX(tlim): isn't ALIAS in the wrong case statement?
@@ -564,7 +577,7 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 
 	for _, r := range recs {
 		switch r.Type { // #rtype_variations
-		case "ALIAS", "ANAME", "CNAME", "DNAME", "DS", "MX", "NS", "NAPTR", "PTR", "SRV":
+		case "ALIAS", "ANAME", "CNAME", "DNAME", "DS", "DNSKEY", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
 		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
diff --git a/models/t_dnskey.go b/models/t_dnskey.go
new file mode 100644
index 0000000000..4f2be60ff1
--- /dev/null
+++ b/models/t_dnskey.go
@@ -0,0 +1,52 @@
+package models
+
+import (
+	"strconv"
+	"strings"
+
+	"github.com/pkg/errors"
+)
+
+// SetTargetDNSKEY sets the DNSKEY fields.
+func (rc *RecordConfig) SetTargetDNSKEY(flags uint16, protocol, algorithm uint8, publicKey string) error {
+	rc.DnskeyFlags = flags
+	rc.DnskeyProtocol = protocol
+	rc.DnskeyAlgorithm = algorithm
+	rc.DnskeyPublicKey = publicKey
+
+	if rc.Type == "" {
+		rc.Type = "DNSKEY"
+	}
+	if rc.Type != "DNSKEY" {
+		panic("assertion failed: SetTargetDNSKEY called when .Type is not DNSKEY")
+	}
+
+	return nil
+}
+
+// SetTargetDNSKEYStrings is like SetTargetDNSKEY but accepts strings.
+func (rc *RecordConfig) SetTargetDNSKEYStrings(flags, protocol, algorithm, publicKey string) error {
+	u16flags, err := strconv.ParseUint(flags, 10, 16)
+	if err != nil {
+		return errors.Wrap(err, "DNSKEY Flags can't fit in 16 bits")
+	}
+	u8protocol, err := strconv.ParseUint(protocol, 10, 8)
+	if err != nil {
+		return errors.Wrap(err, "DNSKEY Protocol can't fit in 8 bits")
+	}
+	u8algorithm, err := strconv.ParseUint(algorithm, 10, 8)
+	if err != nil {
+		return errors.Wrap(err, "DNSKEY Algorithm can't fit in 8 bits")
+	}
+
+	return rc.SetTargetDNSKEY(uint16(u16flags), uint8(u8protocol), uint8(u8algorithm), publicKey)
+}
+
+// SetTargetDNSKEYString is like SetTargetDNSKEY but accepts one big string.
+func (rc *RecordConfig) SetTargetDNSKEYString(s string) error {
+	part := strings.Fields(s)
+	if len(part) != 4 {
+		return errors.Errorf("DNSKEY value does not contain 4 fieldnskey: (%#v)", s)
+	}
+	return rc.SetTargetDNSKEYStrings(part[0], part[1], part[2], part[3])
+}
diff --git a/models/t_parse.go b/models/t_parse.go
index a0aa4f3741..c7f50f62b4 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -78,6 +78,8 @@ func (rc *RecordConfig) PopulateFromStringFunc(rtype, contents, origin string, t
 		return rc.SetTargetCAAString(contents)
 	case "DS":
 		return rc.SetTargetDSString(contents)
+	case "DNSKEY":
+		return rc.SetTargetDNSKEYString(contents)
 	case "DHCID":
 		return rc.SetTarget(contents)
 	case "DNAME":
@@ -164,6 +166,8 @@ func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error
 		return rc.SetTargetCAAString(contents)
 	case "DS":
 		return rc.SetTargetDSString(contents)
+	case "DNSKEY":
+		return rc.SetTargetDNSKEYString(contents)
 	case "DHCID":
 		return rc.SetTarget(contents)
 	case "DNAME":
diff --git a/models/target.go b/models/target.go
index 4194b03342..ecb82237f1 100644
--- a/models/target.go
+++ b/models/target.go
@@ -117,6 +117,8 @@ func (rc *RecordConfig) GetTargetDebug() string {
 		content += fmt.Sprintf(" caatag=%s caaflag=%d", rc.CaaTag, rc.CaaFlag)
 	case "DS":
 		content += fmt.Sprintf(" ds_algorithm=%d ds_keytag=%d ds_digesttype=%d ds_digest=%s", rc.DsAlgorithm, rc.DsKeyTag, rc.DsDigestType, rc.DsDigest)
+	case "DNSKEY":
+		content += fmt.Sprintf(" dnskey_flags=%d dnskey_protocol=%d dnskey_algorithm=%d dnskey_publickey=%s", rc.DnskeyFlags, rc.DnskeyProtocol, rc.DnskeyAlgorithm, rc.DnskeyPublicKey)
 	case "MX":
 		content += fmt.Sprintf(" pref=%d", rc.MxPreference)
 	case "NAPTR":
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index c4b8ed2d25..bebaf4d340 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -430,6 +430,25 @@ var DHCID = recordBuilder('DHCID');
 // DNAME(name,target, recordModifiers...)
 var DNAME = recordBuilder('DNAME');
 
+// DNSKEY(name, flags, protocol, algorithm, publickey)
+var DNSKEY = recordBuilder('DNSKEY', {
+    args: [
+        ['name', _.isString],
+        ['flags', _.isNumber],
+        ['protocol', _.isNumber],
+        ['algorithm', _.isNumber],
+        ['publickey', _.isString],
+    ],
+    transform: function (record, args, modifiers) {
+        record.name = args.name;
+        record.dnskeyflags = args.flags;
+        record.dnskeyprotocol = args.protocol;
+        record.dnskeyalgorithm = args.algorithm;
+        record.dnskeypublickey = args.publickey;
+        record.target = args.target;
+    },
+});
+
 // PTR(name,target, recordModifiers...)
 var PTR = recordBuilder('PTR');
 
@@ -871,11 +890,11 @@ function IGNORE(labelPattern, rtypePattern, targetPattern) {
 
 // IGNORE_NAME(name, rTypes)
 function IGNORE_NAME(name, rTypes) {
-  return IGNORE(name, rTypes)
+    return IGNORE(name, rTypes);
 }
 
 function IGNORE_TARGET(target, rType) {
-  return IGNORE("*", rType, target)
+    return IGNORE('*', rType, target);
 }
 
 // IMPORT_TRANSFORM(translation_table, domain)
@@ -1482,18 +1501,18 @@ function CAA_BUILDER(value) {
     }
 
     if (value.issue) {
-        var flag = function() {};
+        var flag = function () {};
         if (value.issue_critical) {
-          flag = CAA_CRITICAL;
+            flag = CAA_CRITICAL;
         }
         for (var i = 0, len = value.issue.length; i < len; i++)
             r.push(CAA(value.label, 'issue', value.issue[i], flag));
     }
 
     if (value.issuewild) {
-        var flag = function() {};
+        var flag = function () {};
         if (value.issuewild_critical) {
-          flag = CAA_CRITICAL;
+            flag = CAA_CRITICAL;
         }
         for (var i = 0, len = value.issuewild.length; i < len; i++)
             r.push(CAA(value.label, 'issuewild', value.issuewild[i], flag));
diff --git a/pkg/js/parse_tests/048-DNSKEY.js b/pkg/js/parse_tests/048-DNSKEY.js
new file mode 100644
index 0000000000..0f066011ae
--- /dev/null
+++ b/pkg/js/parse_tests/048-DNSKEY.js
@@ -0,0 +1,3 @@
+D("foo.com","none",
+    DNSKEY("@", 257, 3, 13, "AABBCCDD")
+);
diff --git a/pkg/js/parse_tests/048-DNSKEY.json b/pkg/js/parse_tests/048-DNSKEY.json
new file mode 100644
index 0000000000..52ebf43b9a
--- /dev/null
+++ b/pkg/js/parse_tests/048-DNSKEY.json
@@ -0,0 +1,22 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "DNSKEY",
+          "name": "@",
+          "dnskeyflags": 257,
+          "dnskeyprotocol": 3,
+          "dnskeyalgorithm": 13,
+          "dnskeypublickey": "AABBCCDD",
+          "target": ""
+        }
+      ]
+    }
+  ]
+}
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 6cc9cf7bd7..cbb1206424 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -62,6 +62,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"DHCID":            true,
 		"DNAME":            true,
 		"DS":               true,
+		"DNSKEY":           true,
 		"IMPORT_TRANSFORM": false,
 		"LOC":              true,
 		"MX":               true,
@@ -223,7 +224,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		}
 	case "SRV":
 		check(checkTarget(target))
-	case "CAA", "DHCID", "DS", "IMPORT_TRANSFORM", "SSHFP", "TLSA", "TXT":
+	case "CAA", "DHCID", "DNSKEY", "DS", "IMPORT_TRANSFORM", "SSHFP", "TLSA", "TXT":
 	default:
 		if rec.Metadata["orig_custom_type"] != "" {
 			// it is a valid custom type. We perform no validation on target
@@ -683,6 +684,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("CAA", providers.CanUseCAA),
 	capabilityCheck("DHCID", providers.CanUseDHCID),
 	capabilityCheck("DNAME", providers.CanUseDNAME),
+	capabilityCheck("DNSKEY", providers.CanUseDNSKEY),
 	capabilityCheck("LOC", providers.CanUseLOC),
 	capabilityCheck("NAPTR", providers.CanUseNAPTR),
 	capabilityCheck("PTR", providers.CanUsePTR),
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index c3283e29c5..1e27c757da 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -339,6 +339,8 @@ func TestWriteZoneFileEach(t *testing.T) {
 	d = append(d, mustNewRR(`x.bosun.org.         300 IN CNAME bosun.org.`))    // Must be a label with no other records.
 	d = append(d, mustNewRR(`bosun.org.           300 IN DHCID   AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=`))
 	d = append(d, mustNewRR(`dname.bosun.org.     300 IN DNAME   example.com.`))
+	d = append(d, mustNewRR(`dnssec.bosun.org.    300 IN DS      31334 13 2 94cc505ebc36b1f4e051268b820efb230f1572d445e833bb5bf7380d6c2cbc0a`))
+	d = append(d, mustNewRR(`dnssec.bosun.org.    300 IN DNSKEY  257 3 13 rNR701yiOPHfqDP53GnsHZdlsRqI7O1ksk60rnFILZVk7Z4eTBd1U49oSkTNVNox9tb7N15N2hboXoMEyFFzcw==`))
 	buf := &bytes.Buffer{}
 	writeZoneFileRR(buf, d, "bosun.org")
 	if buf.String() != testdataZFEach {
@@ -360,6 +362,8 @@ var testdataZFEach = `$TTL 300
 4.5              IN PTR   y.bosun.org.
 _443._tcp        IN TLSA  3 1 1 abcdef0
 dname            IN DNAME example.com.
+dnssec           IN DNSKEY 257 3 13 rNR701yiOPHfqDP53GnsHZdlsRqI7O1ksk60rnFILZVk7Z4eTBd1U49oSkTNVNox9tb7N15N2hboXoMEyFFzcw==
+                 IN DS    31334 13 2 94CC505EBC36B1F4E051268B820EFB230F1572D445E833BB5BF7380D6C2CBC0A
 sub              IN NS    bosun.org.
 x                IN CNAME bosun.org.
 `
diff --git a/pkg/prettyzone/sorting.go b/pkg/prettyzone/sorting.go
index c5c373cb85..57bda8983c 100644
--- a/pkg/prettyzone/sorting.go
+++ b/pkg/prettyzone/sorting.go
@@ -99,6 +99,20 @@ func (z *ZoneGenData) Less(i, j int) bool {
 			// flag set goes before ones without flag set
 			return fa > fb
 		}
+	case "DS":
+		pa, pb := a.DsKeyTag, b.DsKeyTag
+		if pa != pb {
+			return pa < pb
+		}
+	case "DNSKEY":
+		pa, pb := a.DnskeyFlags, b.DnskeyFlags
+		if pa != pb {
+			return pa < pb
+		}
+		fa, fb := a.DnskeyProtocol, b.DnskeyProtocol
+		if fa != fb {
+			return fa < fb
+		}
 	default:
 		// pass through. String comparison is sufficient.
 	}
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 763c58d4d8..a1d31cb8db 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -39,6 +39,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
+	providers.CanUseDNSKEY:           providers.Can(),
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index a15fcba16d..83c6af69f8 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -78,6 +78,9 @@ const (
 	// CanUseTLSA indicates the provider can handle TLSA records
 	CanUseTLSA
 
+	// CanUseDNSKEY indicates that the provider can handle DNSKEY records
+	CanUseDNSKEY
+
 	// DocCreateDomains means provider can add domains with the `dnscontrol create-domains` command
 	DocCreateDomains
 
diff --git a/providers/capability_string.go b/providers/capability_string.go
index 6e458e6258..3c7612a97d 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -27,14 +27,15 @@ func _() {
 	_ = x[CanUseSRV-16]
 	_ = x[CanUseSSHFP-17]
 	_ = x[CanUseTLSA-18]
-	_ = x[DocCreateDomains-19]
-	_ = x[DocDualHost-20]
-	_ = x[DocOfficiallySupported-21]
+	_ = x[CanUseDNSKEY-19]
+	_ = x[DocCreateDomains-20]
+	_ = x[DocDualHost-21]
+	_ = x[DocOfficiallySupported-22]
 }
 
-const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDNAMECanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSADocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDNAMECanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACanUseDNSKEYDocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 106, 114, 133, 142, 153, 162, 180, 189, 198, 209, 219, 235, 246, 268}
+var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 106, 114, 133, 142, 153, 162, 180, 189, 198, 209, 219, 231, 247, 258, 280}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index d9aae6fdeb..dd2374a5f7 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -45,6 +45,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Unimplemented("Apex aliasing is supported via new SVCB and HTTPS record types. For details, check the deSEC docs."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
+	providers.CanUseDNSKEY:           providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),

From eae96860cd239a650a43681af6acc8aa7686fd23 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Apr 2024 12:21:16 -0400
Subject: [PATCH 236/438] Build(deps): Bump actions/upload-artifact from 4.3.1
 to 4.3.3 (#2920)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 00ca59f633..6120e1d2e1 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.1
+    - uses: actions/upload-artifact@v4.3.3
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -201,7 +201,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.1
+    - uses: actions/upload-artifact@v4.3.3
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From 3a9b41317584298a403fb419efa88df4e50e9422 Mon Sep 17 00:00:00 2001
From: Florian Ritterhoff <32478819+fritterhoff@users.noreply.github.com>
Date: Wed, 1 May 2024 17:37:15 +0200
Subject: [PATCH 237/438]  NEW RECORD TYPE: HTTPS & SVCB  (#2919)

Thanks so much for this contribution!  I have a feeling that a lot of people are going to need these records soon!
---
 build/generate/featureMatrix.go               | 12 +++++
 commands/getZones.go                          |  2 +
 documentation/SUMMARY.md                      |  2 +
 .../domain-modifiers/HTTPS.md                 | 32 ++++++++++++++
 .../domain-modifiers/SVCB.md                  | 31 +++++++++++++
 integrationTest/integration_test.go           | 31 +++++++++++++
 models/dnsrr.go                               |  4 ++
 models/domain.go                              |  2 +-
 models/record.go                              | 30 ++++++++++++-
 models/t_parse.go                             |  2 +
 models/t_svcb.go                              | 44 +++++++++++++++++++
 models/target.go                              |  3 ++
 pkg/js/helpers.js                             | 32 ++++++++++++++
 pkg/js/parse_tests/047-SVCB.js                |  4 ++
 pkg/js/parse_tests/047-SVCB.json              | 27 ++++++++++++
 pkg/normalize/validate.go                     |  6 ++-
 pkg/prettyzone/prettyzone_test.go             |  4 ++
 pkg/prettyzone/sorting.go                     |  6 +++
 providers/axfrddns/axfrddnsProvider.go        |  2 +
 providers/bind/bindProvider.go                |  2 +
 providers/capabilities.go                     |  6 +++
 providers/capability_string.go                | 30 +++++++------
 22 files changed, 297 insertions(+), 17 deletions(-)
 create mode 100644 documentation/language-reference/domain-modifiers/HTTPS.md
 create mode 100644 documentation/language-reference/domain-modifiers/SVCB.md
 create mode 100644 models/t_svcb.go
 create mode 100644 pkg/js/parse_tests/047-SVCB.js
 create mode 100644 pkg/js/parse_tests/047-SVCB.json

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index 48c593b843..6297c3f905 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -80,12 +80,14 @@ func matrixData() *FeatureMatrix {
 		DomainModifierAlias  = "[`ALIAS`](language-reference/domain-modifiers/ALIAS.md)"
 		DomainModifierCaa    = "[`CAA`](language-reference/domain-modifiers/CAA.md)"
 		DomainModifierDnssec = "[`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md)"
+		DomainModifierHttps  = "[`HTTPS`](language-reference/domain-modifiers/HTTPS.md)"
 		DomainModifierLoc    = "[`LOC`](language-reference/domain-modifiers/LOC.md)"
 		DomainModifierNaptr  = "[`NAPTR`](language-reference/domain-modifiers/NAPTR.md)"
 		DomainModifierPtr    = "[`PTR`](language-reference/domain-modifiers/PTR.md)"
 		DomainModifierSoa    = "[`SOA`](language-reference/domain-modifiers/SOA.md)"
 		DomainModifierSrv    = "[`SRV`](language-reference/domain-modifiers/SRV.md)"
 		DomainModifierSshfp  = "[`SSHFP`](language-reference/domain-modifiers/SSHFP.md)"
+		DomainModifierSvcb   = "[`SVCB`](language-reference/domain-modifiers/SVCB.md)"
 		DomainModifierTlsa   = "[`TLSA`](language-reference/domain-modifiers/TLSA.md)"
 		DomainModifierDs     = "[`DS`](language-reference/domain-modifiers/DS.md)"
 		DomainModifierDhcid  = "[`DHCID`](language-reference/domain-modifiers/DHCID.md)"
@@ -106,12 +108,14 @@ func matrixData() *FeatureMatrix {
 			DomainModifierAlias,
 			DomainModifierCaa,
 			DomainModifierDnssec,
+			DomainModifierHttps,
 			DomainModifierLoc,
 			DomainModifierNaptr,
 			DomainModifierPtr,
 			DomainModifierSoa,
 			DomainModifierSrv,
 			DomainModifierSshfp,
+			DomainModifierSvcb,
 			DomainModifierTlsa,
 			DomainModifierDs,
 			DomainModifierDhcid,
@@ -207,6 +211,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierDnskey,
 			providers.CanUseDNSKEY,
 		)
+		setCapability(
+			DomainModifierHttps,
+			providers.CanUseHTTPS,
+		)
 		setCapability(
 			DomainModifierLoc,
 			providers.CanUseLOC,
@@ -231,6 +239,10 @@ func matrixData() *FeatureMatrix {
 			DomainModifierSshfp,
 			providers.CanUseSSHFP,
 		)
+		setCapability(
+			DomainModifierSvcb,
+			providers.CanUseSVCB,
+		)
 		setCapability(
 			DomainModifierTlsa,
 			providers.CanUseTLSA,
diff --git a/commands/getZones.go b/commands/getZones.go
index 0b58601933..1adbb08376 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -357,6 +357,8 @@ func formatDsl(rec *models.RecordConfig, defaultTTL uint32) string {
 		target = fmt.Sprintf(`"%s", "%s", %d, %d, %d, %d, %d`, rec.GetTargetField(), rec.SoaMbox, rec.SoaSerial, rec.SoaRefresh, rec.SoaRetry, rec.SoaExpire, rec.SoaMinttl)
 	case "SRV":
 		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.SrvPriority, rec.SrvWeight, rec.SrvPort, rec.GetTargetField())
+	case "SVCB", "HTTPS":
+		target = fmt.Sprintf(`%d, "%s", "%s"`, rec.SvcPriority, rec.GetTargetField(), rec.SvcParams)
 	case "TLSA":
 		target = fmt.Sprintf(`%d, %d, %d, "%s"`, rec.TlsaUsage, rec.TlsaSelector, rec.TlsaMatchingType, rec.GetTargetField())
 	case "TXT":
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 653ce865e0..c3dd24e631 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -46,6 +46,7 @@
     * [DefaultTTL](language-reference/domain-modifiers/DefaultTTL.md)
     * [DnsProvider](language-reference/domain-modifiers/DnsProvider.md)
     * [FRAME](language-reference/domain-modifiers/FRAME.md)
+    * [HTTPS](language-reference/domain-modifiers/HTTPS.md)
     * [IGNORE](language-reference/domain-modifiers/IGNORE.md)
     * [IGNORE_NAME](language-reference/domain-modifiers/IGNORE_NAME.md)
     * [IGNORE_TARGET](language-reference/domain-modifiers/IGNORE_TARGET.md)
@@ -69,6 +70,7 @@
     * [SPF_BUILDER](language-reference/domain-modifiers/SPF_BUILDER.md)
     * [SRV](language-reference/domain-modifiers/SRV.md)
     * [SSHFP](language-reference/domain-modifiers/SSHFP.md)
+    * [SVCB](language-reference/domain-modifiers/SVCB.md)
     * [TLSA](language-reference/domain-modifiers/TLSA.md)
     * [TXT](language-reference/domain-modifiers/TXT.md)
     * [URL](language-reference/domain-modifiers/URL.md)
diff --git a/documentation/language-reference/domain-modifiers/HTTPS.md b/documentation/language-reference/domain-modifiers/HTTPS.md
new file mode 100644
index 0000000000..5fe96d6bb2
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/HTTPS.md
@@ -0,0 +1,32 @@
+---
+name: HTTPS
+parameters:
+  - name
+  - priority
+  - target
+  - params
+  - modifiers...
+parameter_types:
+  name: string
+  priority: number
+  target: string
+  params: string
+  "modifiers...": RecordModifier[]
+---
+
+HTTPS adds an HTTPS record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. The HTTPS record is a special form of the SVCB resource record.
+
+The priority must be a positive number, the address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
+
+The params may be configured to specify the `alpn`, `ipv4hint`, `ipv6hint`, `ech` or `port` setting. Several params may be joined by a space. Not existing params may be specified as an empty string `""`
+
+Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
+  HTTPS("@", 1, "test.com", "")
+);
+```
+{% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SVCB.md b/documentation/language-reference/domain-modifiers/SVCB.md
new file mode 100644
index 0000000000..8aa6a4acc4
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/SVCB.md
@@ -0,0 +1,31 @@
+---
+name: SVCB
+parameters:
+  - name
+  - priority
+  - target
+  - params
+  - modifiers...
+parameter_types:
+  name: string
+  priority: number
+  target: string
+  params: string
+  "modifiers...": RecordModifier[]
+---
+
+SVCB adds an SVCB record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
+
+The priority must be a positive number, the address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
+
+The params may be configured to specify the `alpn`, `ipv4hint`, `ipv6hint`, `ech` or `port` setting. Several params may be joined by a space. Not existing params may be specified as an empty string `""`
+
+Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443")
+);
+```
+{% endcode %}
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 14f3f8fca2..5d1ceb727e 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -528,6 +528,13 @@ func dnskey(name string, flags uint16, protocol, algorithm uint8, publicKey stri
 	return r
 }
 
+func https(name string, priority uint16, target string, params string) *models.RecordConfig {
+	r := makeRec(name, target, "HTTPS")
+	r.SvcPriority = priority
+	r.SvcParams = params
+	return r
+}
+
 func ignoreName(labelSpec string) *models.RecordConfig {
 	return ignore(labelSpec, "*", "*")
 }
@@ -620,6 +627,13 @@ func sshfp(name string, algorithm uint8, fingerprint uint8, target string) *mode
 	return r
 }
 
+func svcb(name string, priority uint16, target string, params string) *models.RecordConfig {
+	r := makeRec(name, target, "SVCB")
+	r.SvcPriority = priority
+	r.SvcParams = params
+	return r
+}
+
 func ovhdkim(name, target string) *models.RecordConfig {
 	return makeOvhNativeRecord(name, target, "DKIM")
 }
@@ -1016,6 +1030,23 @@ func makeTests() []*TestGroup {
 			tc("Change back to CNAME", cname("foo", "google2.com.")),
 		),
 
+		testgroup("HTTPS",
+			tc("Create a HTTPS record", https("@", 1, "test.com.", "port=80")),
+			tc("Change HTTPS priority", https("@", 2, "test.com.", "port=80")),
+			tc("Change HTTPS target", https("@", 2, ".", "port=80")),
+			tc("Change HTTPS params", https("@", 2, ".", "port=99")),
+			tc("Change HTTPS params-empty", https("@", 2, ".", "")),
+			tc("Change HTTPS all", https("@", 3, "example.com.", "port=100")),
+		),
+
+		testgroup("SVCB",
+			tc("Create a HTTPS record", https("@", 1, "test.com.", "port=80")),
+			tc("Change HTTPS priority", https("@", 2, "test.com.", "port=80")),
+			tc("Change HTTPS target", https("@", 2, ".", "port=80")),
+			tc("Change HTTPS params", https("@", 2, ".", "port=99")),
+			tc("Change HTTPS params-empty", https("@", 2, ".", "")),
+			tc("Change HTTPS all", https("@", 3, "example.com.", "port=100")),
+		),
 		//// Test edge cases from various types.
 
 		// Narrative: Every DNS record type has some weird edge-case that
diff --git a/models/dnsrr.go b/models/dnsrr.go
index e41128031f..7c7c4f9c5f 100644
--- a/models/dnsrr.go
+++ b/models/dnsrr.go
@@ -54,6 +54,8 @@ func helperRRtoRC(rr dns.RR, origin string, fixBug bool) (RecordConfig, error) {
 		err = rc.SetTargetDS(v.KeyTag, v.Algorithm, v.DigestType, v.Digest)
 	case *dns.DNSKEY:
 		err = rc.SetTargetDNSKEY(v.Flags, v.Protocol, v.Algorithm, v.PublicKey)
+	case *dns.HTTPS:
+		err = rc.SetTargetSVCB(v.Priority, v.Target, v.Value)
 	case *dns.LOC:
 		err = rc.SetTargetLOC(v.Version, v.Latitude, v.Longitude, v.Altitude, v.Size, v.HorizPre, v.VertPre)
 	case *dns.MX:
@@ -70,6 +72,8 @@ func helperRRtoRC(rr dns.RR, origin string, fixBug bool) (RecordConfig, error) {
 		err = rc.SetTargetSRV(v.Priority, v.Weight, v.Port, v.Target)
 	case *dns.SSHFP:
 		err = rc.SetTargetSSHFP(v.Algorithm, v.Type, v.FingerPrint)
+	case *dns.SVCB:
+		err = rc.SetTargetSVCB(v.Priority, v.Target, v.Value)
 	case *dns.TLSA:
 		err = rc.SetTargetTLSA(v.Usage, v.Selector, v.MatchingType, v.Certificate)
 	case *dns.TXT:
diff --git a/models/domain.go b/models/domain.go
index 6e29f57287..e4e6d38d48 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -141,7 +141,7 @@ func (dc *DomainConfig) Punycode() error {
 			rec.SetTarget(t)
 		case "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
 			rec.SetTarget(rec.GetTargetField())
-		case "A", "AAAA", "CAA", "DHCID", "DNSKEY", "DS", "LOC", "NAPTR", "SOA", "SSHFP", "TXT", "TLSA", "AZURE_ALIAS":
+		case "A", "AAAA", "CAA", "DHCID", "DNSKEY", "DS", "HTTPS", "LOC", "NAPTR", "SOA", "SSHFP", "SVCB", "TXT", "TLSA", "AZURE_ALIAS":
 			// Nothing to do.
 		default:
 			return fmt.Errorf("Punycode rtype %v unimplemented", rec.Type)
diff --git a/models/record.go b/models/record.go
index 46c19b0312..9d329858bb 100644
--- a/models/record.go
+++ b/models/record.go
@@ -22,6 +22,7 @@ import (
 //	  ANAME  // Technically not an official rtype yet.
 //	  CAA
 //	  CNAME
+//	  HTTPS
 //	  LOC
 //	  MX
 //	  NAPTR
@@ -30,6 +31,7 @@ import (
 //	  SOA
 //	  SRV
 //	  SSHFP
+//	  SVCB
 //	  TLSA
 //	  TXT
 //	Pseudo-Types: (alphabetical)
@@ -128,6 +130,8 @@ type RecordConfig struct {
 	SoaRetry         uint32            `json:"soaretry,omitempty"`
 	SoaExpire        uint32            `json:"soaexpire,omitempty"`
 	SoaMinttl        uint32            `json:"soaminttl,omitempty"`
+	SvcPriority      uint16            `json:"svcpriority,omitempty"`
+	SvcParams        string            `json:"svcparams,omitempty"`
 	TlsaUsage        uint8             `json:"tlsausage,omitempty"`
 	TlsaSelector     uint8             `json:"tlsaselector,omitempty"`
 	TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
@@ -200,6 +204,8 @@ func (rc *RecordConfig) UnmarshalJSON(b []byte) error {
 		SoaRetry         uint32            `json:"soaretry,omitempty"`
 		SoaExpire        uint32            `json:"soaexpire,omitempty"`
 		SoaMinttl        uint32            `json:"soaminttl,omitempty"`
+		SvcPriority      uint16            `json:"svcpriority,omitempty"`
+		SvcParams        string            `json:"svcparams,omitempty"`
 		TlsaUsage        uint8             `json:"tlsausage,omitempty"`
 		TlsaSelector     uint8             `json:"tlsaselector,omitempty"`
 		TlsaMatchingType uint8             `json:"tlsamatchingtype,omitempty"`
@@ -381,6 +387,10 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.DNSKEY).Protocol = rc.DnskeyProtocol
 		rr.(*dns.DNSKEY).Algorithm = rc.DnskeyAlgorithm
 		rr.(*dns.DNSKEY).PublicKey = rc.DnskeyPublicKey
+	case dns.TypeHTTPS:
+		rr.(*dns.HTTPS).Priority = rc.SvcPriority
+		rr.(*dns.HTTPS).Target = rc.GetTargetField()
+		rr.(*dns.HTTPS).Value = rc.GetSVCBValue()
 	case dns.TypeLOC:
 		// fmt.Printf("ToRR long: %d, lat:%d, sz: %d, hz:%d, vt:%d\n", rc.LocLongitude, rc.LocLatitude, rc.LocSize, rc.LocHorizPre, rc.LocVertPre)
 		// fmt.Printf("ToRR rc: %+v\n", *rc)
@@ -424,6 +434,10 @@ func (rc *RecordConfig) ToRR() dns.RR {
 		rr.(*dns.SSHFP).Algorithm = rc.SshfpAlgorithm
 		rr.(*dns.SSHFP).Type = rc.SshfpFingerprint
 		rr.(*dns.SSHFP).FingerPrint = rc.GetTargetField()
+	case dns.TypeSVCB:
+		rr.(*dns.SVCB).Priority = rc.SvcPriority
+		rr.(*dns.SVCB).Target = rc.GetTargetField()
+		rr.(*dns.SVCB).Value = rc.GetSVCBValue()
 	case dns.TypeTLSA:
 		rr.(*dns.TLSA).Usage = rc.TlsaUsage
 		rr.(*dns.TLSA).MatchingType = rc.TlsaMatchingType
@@ -483,6 +497,20 @@ func (rc *RecordConfig) Key() RecordKey {
 	return RecordKey{rc.NameFQDN, t}
 }
 
+func (rc *RecordConfig) GetSVCBValue() []dns.SVCBKeyValue {
+	record, err := dns.NewRR(fmt.Sprintf("%s %s %d %s %s", rc.NameFQDN, rc.Type, rc.SvcPriority, rc.target, rc.SvcParams))
+	if err != nil {
+		log.Fatalf("could not parse SVCB record: %s", err)
+	}
+	switch r := record.(type) {
+	case *dns.HTTPS:
+		return r.Value
+	case *dns.SVCB:
+		return r.Value
+	}
+	return nil
+}
+
 // Records is a list of *RecordConfig.
 type Records []*RecordConfig
 
@@ -580,7 +608,7 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 		case "ALIAS", "ANAME", "CNAME", "DNAME", "DS", "DNSKEY", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
-		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TLSA", "TXT":
+		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "HTTPS", "IMPORT_TRANSFORM", "LOC", "SSHFP", "SVCB", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
diff --git a/models/t_parse.go b/models/t_parse.go
index c7f50f62b4..10e2a952dd 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -105,6 +105,8 @@ func (rc *RecordConfig) PopulateFromStringFunc(rtype, contents, origin string, t
 		return rc.SetTargetSRVString(contents)
 	case "SSHFP":
 		return rc.SetTargetSSHFPString(contents)
+	case "SVCB", "HTTPS":
+		return rc.SetTargetSVCBString(origin, contents)
 	case "TLSA":
 		return rc.SetTargetTLSAString(contents)
 	default:
diff --git a/models/t_svcb.go b/models/t_svcb.go
new file mode 100644
index 0000000000..fd8b82cbb7
--- /dev/null
+++ b/models/t_svcb.go
@@ -0,0 +1,44 @@
+package models
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/miekg/dns"
+)
+
+// SetTargetSVCB sets the SVCB fields.
+func (rc *RecordConfig) SetTargetSVCB(priority uint16, target string, params []dns.SVCBKeyValue) error {
+	rc.SvcPriority = priority
+	rc.SetTarget(target)
+	paramsStr := []string{}
+	for _, kv := range params {
+		paramsStr = append(paramsStr, fmt.Sprintf("%s=%s", kv.Key(), kv.String()))
+	}
+	rc.SvcParams = strings.Join(paramsStr, " ")
+	if rc.Type == "" {
+		rc.Type = "SVCB"
+	}
+	if rc.Type != "SVCB" && rc.Type != "HTTPS" {
+		panic("assertion failed: SetTargetSVCB called when .Type is not SVCB or HTTPS")
+	}
+	return nil
+}
+
+// SetTargetSVCBString is like SetTargetSVCB but accepts one big string and the origin so parsing can be done using miekg/dns.
+func (rc *RecordConfig) SetTargetSVCBString(origin, contents string) error {
+	if rc.Type == "" {
+		rc.Type = "SVCB"
+	}
+	record, err := dns.NewRR(fmt.Sprintf("%s. %s %s", origin, rc.Type, contents))
+	if err != nil {
+		return fmt.Errorf("could not parse SVCB record: %s", err)
+	}
+	switch r := record.(type) {
+	case *dns.HTTPS:
+		return rc.SetTargetSVCB(r.Priority, r.Target, r.Value)
+	case *dns.SVCB:
+		return rc.SetTargetSVCB(r.Priority, r.Target, r.Value)
+	}
+	return nil
+}
diff --git a/models/target.go b/models/target.go
index ecb82237f1..62fbedc170 100644
--- a/models/target.go
+++ b/models/target.go
@@ -131,6 +131,9 @@ func (rc *RecordConfig) GetTargetDebug() string {
 		content += fmt.Sprintf(" srvpriority=%d srvweight=%d srvport=%d", rc.SrvPriority, rc.SrvWeight, rc.SrvPort)
 	case "SSHFP":
 		content += fmt.Sprintf(" sshfpalgorithm=%d sshfpfingerprint=%d", rc.SshfpAlgorithm, rc.SshfpFingerprint)
+	case "SVCB", "HTTPS":
+		// HTTPS is only a special subform of the SVCB Record
+		content += fmt.Sprintf(" priority=%d params=%v", rc.SvcPriority, rc.SvcParams)
 	case "TLSA":
 		content += fmt.Sprintf(" tlsausage=%d tlsaselector=%d tlsamatchingtype=%d", rc.TlsaUsage, rc.TlsaSelector, rc.TlsaMatchingType)
 	default:
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index bebaf4d340..1ecb348ef6 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -449,6 +449,22 @@ var DNSKEY = recordBuilder('DNSKEY', {
     },
 });
 
+// name, priority, target, params
+var HTTPS = recordBuilder('HTTPS', {
+    args: [
+        ['name', _.isString],
+        ['priority', _.isNumber],
+        ['target', _.isString],
+        ['params', _.isString],
+    ],
+    transform: function (record, args, modifiers) {
+        record.name = args.name;
+        record.svcpriority = args.priority;
+        record.target = args.target;
+        record.svcparams = args.params;
+    },
+});
+
 // PTR(name,target, recordModifiers...)
 var PTR = recordBuilder('PTR');
 
@@ -530,6 +546,22 @@ var SSHFP = recordBuilder('SSHFP', {
     },
 });
 
+// name, priority, target, params
+var SVCB = recordBuilder('SVCB', {
+    args: [
+        ['name', _.isString],
+        ['priority', _.isNumber],
+        ['target', _.isString],
+        ['params', _.isString],
+    ],
+    transform: function (record, args, modifiers) {
+        record.name = args.name;
+        record.svcpriority = args.priority;
+        record.target = args.target;
+        record.svcparams = args.params;
+    },
+});
+
 // name, usage, selector, matchingtype, certificate
 var TLSA = recordBuilder('TLSA', {
     args: [
diff --git a/pkg/js/parse_tests/047-SVCB.js b/pkg/js/parse_tests/047-SVCB.js
new file mode 100644
index 0000000000..1a69a5de08
--- /dev/null
+++ b/pkg/js/parse_tests/047-SVCB.js
@@ -0,0 +1,4 @@
+D("foo.com","none",
+    SVCB("@", 1, ".", ""),
+    HTTPS("@", 2, ".", 'alpn="h3,h2" port=443 ipv4hint=123.123.123.123 ipv6hint=dead::beaf')
+);
diff --git a/pkg/js/parse_tests/047-SVCB.json b/pkg/js/parse_tests/047-SVCB.json
new file mode 100644
index 0000000000..a3aa5c2931
--- /dev/null
+++ b/pkg/js/parse_tests/047-SVCB.json
@@ -0,0 +1,27 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "SVCB",
+          "name": "@",
+          "target": ".",
+          "svcpriority": 1
+        },
+
+        {
+          "type": "HTTPS",
+          "name": "@",
+          "svcparams": "alpn=\"h3,h2\" port=443 ipv4hint=123.123.123.123 ipv6hint=dead::beaf",
+          "svcpriority": 2,
+          "target": "."
+        }
+      ]
+    }
+  ]
+}
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index cbb1206424..acff2857f8 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -63,6 +63,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"DNAME":            true,
 		"DS":               true,
 		"DNSKEY":           true,
+		"HTTPS":            true,
 		"IMPORT_TRANSFORM": false,
 		"LOC":              true,
 		"MX":               true,
@@ -72,6 +73,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"SOA":              true,
 		"SRV":              true,
 		"SSHFP":            true,
+		"SVCB":             true,
 		"TLSA":             true,
 		"TXT":              true,
 	}
@@ -224,7 +226,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		}
 	case "SRV":
 		check(checkTarget(target))
-	case "CAA", "DHCID", "DNSKEY", "DS", "IMPORT_TRANSFORM", "SSHFP", "TLSA", "TXT":
+	case "CAA", "DHCID", "DNSKEY", "DS", "HTTPS", "IMPORT_TRANSFORM", "SSHFP", "SVCB", "TLSA", "TXT":
 	default:
 		if rec.Metadata["orig_custom_type"] != "" {
 			// it is a valid custom type. We perform no validation on target
@@ -685,6 +687,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("DHCID", providers.CanUseDHCID),
 	capabilityCheck("DNAME", providers.CanUseDNAME),
 	capabilityCheck("DNSKEY", providers.CanUseDNSKEY),
+	capabilityCheck("HTTPS", providers.CanUseHTTPS),
 	capabilityCheck("LOC", providers.CanUseLOC),
 	capabilityCheck("NAPTR", providers.CanUseNAPTR),
 	capabilityCheck("PTR", providers.CanUsePTR),
@@ -692,6 +695,7 @@ var providerCapabilityChecks = []pairTypeCapability{
 	capabilityCheck("SOA", providers.CanUseSOA),
 	capabilityCheck("SRV", providers.CanUseSRV),
 	capabilityCheck("SSHFP", providers.CanUseSSHFP),
+	capabilityCheck("SVCB", providers.CanUseSVCB),
 	capabilityCheck("TLSA", providers.CanUseTLSA),
 
 	// DS needs special record-level checks
diff --git a/pkg/prettyzone/prettyzone_test.go b/pkg/prettyzone/prettyzone_test.go
index 1e27c757da..4c98cacf8c 100644
--- a/pkg/prettyzone/prettyzone_test.go
+++ b/pkg/prettyzone/prettyzone_test.go
@@ -341,6 +341,8 @@ func TestWriteZoneFileEach(t *testing.T) {
 	d = append(d, mustNewRR(`dname.bosun.org.     300 IN DNAME   example.com.`))
 	d = append(d, mustNewRR(`dnssec.bosun.org.    300 IN DS      31334 13 2 94cc505ebc36b1f4e051268b820efb230f1572d445e833bb5bf7380d6c2cbc0a`))
 	d = append(d, mustNewRR(`dnssec.bosun.org.    300 IN DNSKEY  257 3 13 rNR701yiOPHfqDP53GnsHZdlsRqI7O1ksk60rnFILZVk7Z4eTBd1U49oSkTNVNox9tb7N15N2hboXoMEyFFzcw==`))
+	d = append(d, mustNewRR(`bosun.org.           300 IN HTTPS 1 . alpn="h3,h2"`))
+	d = append(d, mustNewRR(`bosun.org.           300 IN SVCB 1 . alpn="h3,h2"`))
 	buf := &bytes.Buffer{}
 	writeZoneFileRR(buf, d, "bosun.org")
 	if buf.String() != testdataZFEach {
@@ -359,6 +361,8 @@ var testdataZFEach = `$TTL 300
                  IN TXT   "my text"
                  IN CAA   0 issue "letsencrypt.org"
                  IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=
+                 IN HTTPS 1 . alpn="h3,h2"
+                 IN SVCB  1 . alpn="h3,h2"
 4.5              IN PTR   y.bosun.org.
 _443._tcp        IN TLSA  3 1 1 abcdef0
 dname            IN DNAME example.com.
diff --git a/pkg/prettyzone/sorting.go b/pkg/prettyzone/sorting.go
index 57bda8983c..6ae20f0711 100644
--- a/pkg/prettyzone/sorting.go
+++ b/pkg/prettyzone/sorting.go
@@ -80,6 +80,12 @@ func (z *ZoneGenData) Less(i, j int) bool {
 		if pa != pb {
 			return pa < pb
 		}
+	case "SVCB", "HTTPS":
+		// sort by priority. If they are equal, sort by record.
+		if a.SvcPriority == b.SvcPriority {
+			return a.GetTargetField() < b.GetTargetField()
+		}
+		return a.SvcPriority < b.SvcPriority
 	case "PTR":
 		//ta2, tb2 := a.(*dns.PTR), b.(*dns.PTR)
 		pa, pb := a.GetTargetField(), b.GetTargetField()
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 7ba2839768..41a90915a5 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -44,11 +44,13 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Cannot(),
 	providers.DocDualHost:            providers.Cannot(),
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index a1d31cb8db..753fcbacdf 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -40,12 +40,14 @@ var features = providers.DocumentationNotes{
 	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseDNSKEY:           providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSOA:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can("Driver just maintains list of zone files. It should automatically add missing ones."),
 	providers.DocDualHost:            providers.Can(),
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 83c6af69f8..853c1271ce 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -54,6 +54,9 @@ const (
 	// only for children records, not at the root of the zone.
 	CanUseDSForChildren
 
+	// CanUseHTTPS indicates the provider can handle HTTPS records
+	CanUseHTTPS
+
 	// CanUseLOC indicates whether service provider handles LOC records
 	CanUseLOC
 
@@ -75,6 +78,9 @@ const (
 	// CanUseSSHFP indicates the provider can handle SSHFP records
 	CanUseSSHFP
 
+	// CanUseSVCB indicates the provider can handle SVCB records
+	CanUseSVCB
+
 	// CanUseTLSA indicates the provider can handle TLSA records
 	CanUseTLSA
 
diff --git a/providers/capability_string.go b/providers/capability_string.go
index 3c7612a97d..b41ba039fe 100644
--- a/providers/capability_string.go
+++ b/providers/capability_string.go
@@ -19,23 +19,25 @@ func _() {
 	_ = x[CanUseDNAME-8]
 	_ = x[CanUseDS-9]
 	_ = x[CanUseDSForChildren-10]
-	_ = x[CanUseLOC-11]
-	_ = x[CanUseNAPTR-12]
-	_ = x[CanUsePTR-13]
-	_ = x[CanUseRoute53Alias-14]
-	_ = x[CanUseSOA-15]
-	_ = x[CanUseSRV-16]
-	_ = x[CanUseSSHFP-17]
-	_ = x[CanUseTLSA-18]
-	_ = x[CanUseDNSKEY-19]
-	_ = x[DocCreateDomains-20]
-	_ = x[DocDualHost-21]
-	_ = x[DocOfficiallySupported-22]
+	_ = x[CanUseHTTPS-11]
+	_ = x[CanUseLOC-12]
+	_ = x[CanUseNAPTR-13]
+	_ = x[CanUsePTR-14]
+	_ = x[CanUseRoute53Alias-15]
+	_ = x[CanUseSOA-16]
+	_ = x[CanUseSRV-17]
+	_ = x[CanUseSSHFP-18]
+	_ = x[CanUseSVCB-19]
+	_ = x[CanUseTLSA-20]
+	_ = x[CanUseDNSKEY-21]
+	_ = x[DocCreateDomains-22]
+	_ = x[DocDualHost-23]
+	_ = x[DocOfficiallySupported-24]
 }
 
-const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDNAMECanUseDSCanUseDSForChildrenCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseTLSACanUseDNSKEYDocCreateDomainsDocDualHostDocOfficiallySupported"
+const _Capability_name = "CanAutoDNSSECCanConcurCanGetZonesCanUseAKAMAICDNCanUseAliasCanUseAzureAliasCanUseCAACanUseDHCIDCanUseDNAMECanUseDSCanUseDSForChildrenCanUseHTTPSCanUseLOCCanUseNAPTRCanUsePTRCanUseRoute53AliasCanUseSOACanUseSRVCanUseSSHFPCanUseSVCBCanUseTLSACanUseDNSKEYDocCreateDomainsDocDualHostDocOfficiallySupported"
 
-var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 106, 114, 133, 142, 153, 162, 180, 189, 198, 209, 219, 231, 247, 258, 280}
+var _Capability_index = [...]uint16{0, 13, 22, 33, 48, 59, 75, 84, 95, 106, 114, 133, 144, 153, 164, 173, 191, 200, 209, 220, 230, 240, 252, 268, 279, 301}
 
 func (i Capability) String() string {
 	if i >= Capability(len(_Capability_index)-1) {

From 7741ef08f96f1c269a879caa944af337bc4cc15c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 1 May 2024 18:20:59 -0400
Subject: [PATCH 238/438] Enable support for SVCB/HTTPS in GCLOUD and HEDNS
 (#2926)

---
 commands/types/dnscontrol.d.ts      |  39 +++++++++++
 documentation/providers.md          | 104 ++++++++++++++--------------
 integrationTest/integration_test.go |   2 +
 providers/gcloud/gcloudProvider.go  |   2 +
 providers/hedns/hednsProvider.go    |   2 +
 5 files changed, 97 insertions(+), 52 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index d23a599388..68e0268434 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1079,6 +1079,26 @@ declare function DnsProvider(name: string, nsCount?: number): DomainModifier;
  */
 declare function FRAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * HTTPS adds an HTTPS record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. The HTTPS record is a special form of the SVCB resource record.
+ *
+ * The priority must be a positive number, the address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
+ *
+ * The params may be configured to specify the `alpn`, `ipv4hint`, `ipv6hint`, `ech` or `port` setting. Several params may be joined by a space. Not existing params may be specified as an empty string `""`
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
+ *   HTTPS("@", 1, "test.com", "")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/https
+ */
+declare function HTTPS(name: string, priority: number, target: string, params: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `IGNORE()` makes it possible for DNSControl to share management of a domain
  * with an external system.  The parameters of `IGNORE()` indicate which records
@@ -2907,6 +2927,25 @@ declare function SRV(name: string, priority: number, weight: number, port: numbe
  */
 declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 | 2, value: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * SVCB adds an SVCB record to a domain. The name should be the relative label for the record. Use `@` for the domain apex.
+ *
+ * The priority must be a positive number, the address should be an ip address, either a string, or a numeric value obtained via [IP](../top-level-functions/IP.md).
+ *
+ * The params may be configured to specify the `alpn`, `ipv4hint`, `ipv6hint`, `ech` or `port` setting. Several params may be joined by a space. Not existing params may be specified as an empty string `""`
+ *
+ * Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/language-reference/record-modifiers) or JSON objects, which will be merged into the record's metadata.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443")
+ * );
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/svcb
+ */
+declare function SVCB(name: string, priority: number, target: string, params: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `TLSA` adds a `TLSA` record to a domain. The name should be the relative label for the record.
  *
diff --git a/documentation/providers.md b/documentation/providers.md
index 4264657b89..c85bbb5d8d 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -12,58 +12,58 @@ a provider that supports it, we'd love your contribution to ensure it works corr
 If a feature is definitively not supported for whatever reason, we would also like a PR to clarify why it is not supported, and fill in this entire matrix.
 
 <!-- provider-matrix-start -->
-| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | [`DNSKEY`](language-reference/domain-modifiers/DNSKEY.md) | dual host | create-domains | get-zones |
-| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------- | --------- | -------------- | --------- |
-| [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
-| [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
-| [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`DOMAINNAMESHOP`](provider/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
-| [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
-| [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`HTTPS`](language-reference/domain-modifiers/HTTPS.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`SVCB`](language-reference/domain-modifiers/SVCB.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | [`DNSKEY`](language-reference/domain-modifiers/DNSKEY.md) | dual host | create-domains | get-zones |
+| ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------- | --------- | -------------- | --------- |
+| [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`DOMAINNAMESHOP`](provider/domainnameshop.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ |
+| [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
+| [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
+| [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
+| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
+| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
 ### Providers with "official support"
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 5d1ceb727e..b7120780fd 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1031,6 +1031,7 @@ func makeTests() []*TestGroup {
 		),
 
 		testgroup("HTTPS",
+			requires(providers.CanUseHTTPS),
 			tc("Create a HTTPS record", https("@", 1, "test.com.", "port=80")),
 			tc("Change HTTPS priority", https("@", 2, "test.com.", "port=80")),
 			tc("Change HTTPS target", https("@", 2, ".", "port=80")),
@@ -1040,6 +1041,7 @@ func makeTests() []*TestGroup {
 		),
 
 		testgroup("SVCB",
+			requires(providers.CanUseSVCB),
 			tc("Create a HTTPS record", https("@", 1, "test.com.", "port=80")),
 			tc("Change HTTPS priority", https("@", 2, "test.com.", "port=80")),
 			tc("Change HTTPS target", https("@", 2, ".", "port=80")),
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index b9500a6afa..1ffafd2003 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -30,10 +30,12 @@ var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index ba923dbf15..3201a58ba9 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -51,12 +51,14 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUseDSForChildren:    providers.Cannot(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSOA:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Cannot(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),

From bb79c7070815b80cf7a3b0bee5a7e8a5fc73d82d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 1 May 2024 18:50:15 -0400
Subject: [PATCH 239/438] CHORE: update deps (#2927)

---
 go.mod                                     |  47 +++++-----
 go.sum                                     | 102 ++++++++++-----------
 providers/cloudflare/cloudflareProvider.go |  36 +++++---
 providers/cloudflare/rest.go               |  17 +++-
 4 files changed, 106 insertions(+), 96 deletions(-)

diff --git a/go.mod b/go.mod
index 41806e6d23..474236c836 100644
--- a/go.mod
+++ b/go.mod
@@ -4,17 +4,15 @@ go 1.22.1
 
 retract v4.8.0
 
-require github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-
-require google.golang.org/protobuf v1.33.0 // indirect
+require google.golang.org/protobuf v1.34.0 // indirect
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
-	github.com/PuerkitoBio/goquery v1.9.1
+	github.com/PuerkitoBio/goquery v1.9.2
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
@@ -26,8 +24,8 @@ require (
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.92.0
-	github.com/digitalocean/godo v1.111.0
+	github.com/cloudflare/cloudflare-go v0.94.0
+	github.com/digitalocean/godo v1.113.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -35,9 +33,9 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.12.2
+	github.com/hashicorp/vault/api v1.13.0
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.58
+	github.com/miekg/dns v1.1.59
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
@@ -47,22 +45,22 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
-	github.com/robertkrimen/otto v0.3.0
+	github.com/robertkrimen/otto v0.4.0
 	github.com/softlayer/softlayer-go v1.1.3
 	github.com/stretchr/testify v1.9.0
 	github.com/transip/gotransip/v6 v6.23.0
-	github.com/urfave/cli/v2 v2.27.1
+	github.com/urfave/cli/v2 v2.27.2
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.19.0
-	google.golang.org/api v0.172.0
+	google.golang.org/api v0.177.0
 	gopkg.in/ns1/ns1-go.v2 v2.7.11
 )
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
-	github.com/G-Core/gcore-dns-sdk-go v0.2.8
+	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.16.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
@@ -71,17 +69,18 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0
+	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
 	golang.org/x/text v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/compute v1.23.4 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/auth v0.3.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
+	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
@@ -96,19 +95,20 @@ require (
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -142,7 +142,7 @@ require (
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
+	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect
@@ -153,8 +153,9 @@ require (
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.20.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect
+	google.golang.org/grpc v1.63.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 56083f9588..55cd514a2f 100644
--- a/go.sum
+++ b/go.sum
@@ -1,12 +1,14 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/compute v1.23.4 h1:EBT9Nw4q3zyE7G45Wvv3MzolIrCJEuHys5muLY0wvAw=
-cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
+cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs=
+cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w=
+cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
+cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
+cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
+cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
@@ -21,15 +23,15 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJKJCKcb/psppPl/9CUiQQnTG+Bce0/cIweD5w5Q7aQ=
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
-github.com/G-Core/gcore-dns-sdk-go v0.2.8 h1:jblomjYiCzOgPGy9WwibmtGYJJzU9Jeebv9kwSaUsbA=
-github.com/G-Core/gcore-dns-sdk-go v0.2.8/go.mod h1:ky5q2+je2gyVpM2eGdlXbv/KRmD9nimtNQkjzDbXVys=
-github.com/PuerkitoBio/goquery v1.9.1 h1:mTL6XjbJTZdpfL+Gwl5U2h1l9yEkJjhmlTeV9VPW7UI=
-github.com/PuerkitoBio/goquery v1.9.1/go.mod h1:cW1n6TmIMDoORQU5IU/P1T3tGFunOeXEpGP2WHRwkbY=
+github.com/G-Core/gcore-dns-sdk-go v0.2.9 h1:LMMZIRX8y3aJJuAviNSpFmLbovZUw+6Om+8VElp1F90=
+github.com/G-Core/gcore-dns-sdk-go v0.2.9/go.mod h1:35t795gOfzfVanhzkFyUXEzaBuMXwETmJldPpP28MN4=
+github.com/PuerkitoBio/goquery v1.9.2 h1:4/wZksC3KgkQw7SQgkKotmKljk0M6V8TUvA8Wb4yPeE=
+github.com/PuerkitoBio/goquery v1.9.2/go.mod h1:GHPCaP0ODyyxqcNoFGYlAprUFH81NuRPd0GX3Zu2Mvk=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 h1:vfVc5pSCq58ljNpXXwUcLnHATYi/x+YUdqFc9uBhLbM=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36/go.mod h1:MwE/QxFCN65F0hKGWFHUh2U2o1p2tMPNR1zHkX6vEh8=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY=
@@ -87,11 +89,11 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.92.0 h1:ltJvGvqZ4G6Fm2hHOYZ5RWpJQcrM0oDrsjjZydZhFJQ=
-github.com/cloudflare/cloudflare-go v0.92.0/go.mod h1:nUqvBUUDRxNzsDSQjbqUNWHEIYAoUlgRmcAzMKlFdKs=
+github.com/cloudflare/cloudflare-go v0.94.0 h1:WADmVhCdnn1A9sm5NU08by49Vbh4Lj/JBgTWTr7q7Qc=
+github.com/cloudflare/cloudflare-go v0.94.0/go.mod h1:N1u1cLZ4lG6NeezGOWi7P6aq1DK2iVYg9ze7GZbUmZE=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -101,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.111.0 h1:nBXi9LtykvQiwZjMbljrwr17HwABSBY8ZE872dm2DzI=
-github.com/digitalocean/godo v1.111.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs=
+github.com/digitalocean/godo v1.113.0 h1:CLtCxlP4wDAjKIQ+Hshht/UNbgAp8/J/XBH1ZtDCF9Y=
+github.com/digitalocean/godo v1.113.0/go.mod h1:Z2mTP848Vi3IXXl5YbPekUgr4j4tOePomA+OE1Ag98w=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -133,8 +135,8 @@ github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
-github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
-github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
+github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -159,8 +161,8 @@ github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MG
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw=
-github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
@@ -178,8 +180,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -189,7 +191,6 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
@@ -240,8 +241,8 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=
-github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
+github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y=
+github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -296,8 +297,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
-github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
+github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
+github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -341,8 +342,8 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494 h1:wSmWgpuccqS2IOfmYrbRiUgv+g37W5suLLLxwwniTSc=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08eQ6XwDm1fEwKPdF/xdbkiHtrU+1Hg+vc4=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
-github.com/robertkrimen/otto v0.3.0 h1:5RI+8860NSxvXywDY9ddF5HcPw0puRsd8EgbXV0oqRE=
-github.com/robertkrimen/otto v0.3.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
+github.com/robertkrimen/otto v0.4.0 h1:/c0GRrK1XDPcgIasAsnlpBT5DelIeB9U/Z/JCQsgr7E=
+github.com/robertkrimen/otto v0.4.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
@@ -392,8 +393,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
-github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -403,8 +404,8 @@ github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419/go.mod h1:BxZUa1xZ1
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
@@ -424,12 +425,11 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
 golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 h1:985EYyeCOxTpcgOTJpflJUwOeEz0CQOdPt73OzpE9F8=
-golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
+golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
+golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -453,7 +453,6 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -492,8 +491,6 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -501,8 +498,6 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
-golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -534,25 +529,24 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk=
-google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis=
+google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk=
+google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
+google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
-google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
+google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
+google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -565,8 +559,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4=
+google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 53134000b3..009a396b4c 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -72,15 +72,16 @@ func init() {
 
 // cloudflareProvider is the handle for API calls.
 type cloudflareProvider struct {
-	domainIndex     map[string]string // Call c.fetchDomainList() to populate before use.
-	nameservers     map[string][]string
 	ipConversions   []transform.IPConversion
 	ignoredLabels   []string
 	manageRedirects bool
 	manageWorkers   bool
 	accountID       string
 	cfClient        *cloudflare.API
-	sync.Mutex
+
+	sync.Mutex                      // Protects all access to the following fields:
+	domainIndex map[string]string   // Cache of zone name to zone ID.
+	nameservers map[string][]string // Cache of zone name to list of nameservers.
 }
 
 // TODO(dlemenkov): remove this function after deleting all commented code referecing it
@@ -96,12 +97,14 @@ type cloudflareProvider struct {
 
 // GetNameservers returns the nameservers for a domain.
 func (c *cloudflareProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
+
+	c.Lock()
+	defer c.Unlock()
 	if err := c.cacheDomainList(); err != nil {
 		return nil, err
 	}
-	c.Lock()
+
 	ns, ok := c.nameservers[domain]
-	c.Unlock()
 	if !ok {
 		return nil, fmt.Errorf("nameservers for %s not found in cloudflare cache(%q)", domain, c.accountID)
 	}
@@ -110,15 +113,17 @@ func (c *cloudflareProvider) GetNameservers(domain string) ([]*models.Nameserver
 
 // ListZones returns a list of the DNS zones.
 func (c *cloudflareProvider) ListZones() ([]string, error) {
+
+	c.Lock()
+	defer c.Unlock()
 	if err := c.cacheDomainList(); err != nil {
 		return nil, err
 	}
-	c.Lock()
+
 	zones := make([]string, 0, len(c.domainIndex))
 	for d := range c.domainIndex {
 		zones = append(zones, d)
 	}
-	c.Unlock()
 	return zones, nil
 }
 
@@ -182,12 +187,14 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 }
 
 func (c *cloudflareProvider) getDomainID(name string) (string, error) {
+
+	c.Lock()
+	defer c.Unlock()
 	if err := c.cacheDomainList(); err != nil {
 		return "", err
 	}
-	c.Lock()
+
 	id, ok := c.domainIndex[name]
-	c.Unlock()
 	if !ok {
 		return "", fmt.Errorf("'%s' not a zone in cloudflare account", name)
 	}
@@ -811,21 +818,20 @@ func getProxyMetadata(r *models.RecordConfig) map[string]string {
 
 // EnsureZoneExists creates a zone if it does not exist
 func (c *cloudflareProvider) EnsureZoneExists(domain string) error {
+
+	c.Lock()
+	defer c.Unlock()
 	if err := c.cacheDomainList(); err != nil {
 		return err
 	}
-	// if c.domainIndex == nil {
-	// 	if err := c.fetchDomainList(); err != nil {
-	// 		return err
-	// 	}
-	// }
+
 	if _, ok := c.domainIndex[domain]; ok {
 		return nil
 	}
 	var id string
 	id, err := c.createZone(domain)
 	printer.Printf("Added zone for %s to Cloudflare account: %s\n", domain, id)
-	c.domainIndex = nil // clear the index to let the following functions get a fresh list with nameservers etc..
+	clear(c.domainIndex) // clear the cache so that the next caller has to refresh it, thus loading the new ID.
 	return err
 }
 
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index a223f1e30c..433cba3a18 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -13,12 +13,15 @@ import (
 )
 
 // get list of domains for account. Cache so the ids can be looked up from domain name
+// The caller must do all locking.
 func (c *cloudflareProvider) cacheDomainList() error {
-	c.Lock()
-	defer c.Unlock()
+	if c.domainIndex != nil {
+		return nil
+	}
 
 	c.domainIndex = map[string]string{}
 	c.nameservers = map[string][]string{}
+	//fmt.Printf("DEBUG: CLOUDFLARE POPULATING CACHE\n")
 	zones, err := c.cfClient.ListZones(context.Background())
 	if err != nil {
 		return fmt.Errorf("failed fetching domain list from cloudflare(%q): %s", c.cfClient.APIEmail, err)
@@ -26,11 +29,17 @@ func (c *cloudflareProvider) cacheDomainList() error {
 
 	for _, zone := range zones {
 		if encoded, err := idna.ToASCII(zone.Name); err == nil && encoded != zone.Name {
+			if _, ok := c.domainIndex[encoded]; ok {
+				fmt.Printf("WARNING: Zone %q appears twice in this cloudflare account\n", encoded)
+			}
 			c.domainIndex[encoded] = zone.ID
-			c.nameservers[encoded] = append(c.nameservers[encoded], zone.NameServers...)
+			c.nameservers[encoded] = zone.NameServers
+		}
+		if _, ok := c.domainIndex[zone.Name]; ok {
+			fmt.Printf("WARNING: Zone %q appears twice in this cloudflare account\n", zone.Name)
 		}
 		c.domainIndex[zone.Name] = zone.ID
-		c.nameservers[zone.Name] = append(c.nameservers[zone.Name], zone.NameServers...)
+		c.nameservers[zone.Name] = zone.NameServers
 	}
 
 	return nil

From 3fd6806be0cd9d22528c00c8e282d733ceb32e7c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 2 May 2024 16:50:47 -0400
Subject: [PATCH 240/438] BIND: BUGFIX: SOA serial number doesn't change if
 SOA() used (#2908)

---
 providers/bind/bindProvider.go | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 753fcbacdf..27dbb1598b 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -22,6 +22,7 @@ import (
 	"time"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/bindserial"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/prettyzone"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
@@ -117,14 +118,13 @@ func (s SoaDefaults) String() string {
 
 // bindProvider is the provider handle for the bindProvider driver.
 type bindProvider struct {
-	DefaultNS           []string    `json:"default_ns"`
-	DefaultSoa          SoaDefaults `json:"default_soa"`
-	nameservers         []*models.Nameserver
-	directory           string
-	filenameformat      string
-	zonefile            string // Where the zone data is e texpected
-	zoneFileFound       bool   // Did the zonefile exist?
-	skipNextSoaIncrease bool   // skip next SOA increment (for testing only)
+	DefaultNS      []string    `json:"default_ns"`
+	DefaultSoa     SoaDefaults `json:"default_soa"`
+	nameservers    []*models.Nameserver
+	directory      string
+	filenameformat string
+	zonefile       string // Where the zone data is e texpected
+	zoneFileFound  bool   // Did the zonefile exist?
 }
 
 // GetNameservers returns the nameservers for a domain.
@@ -241,7 +241,6 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 		desiredSoa = dc.Records[len(dc.Records)-1]
 	} else {
 		*desiredSoa = *soaRec
-		c.skipNextSoaIncrease = true
 	}
 
 	var msgs []string
@@ -273,8 +272,11 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 	)
 
 	// We only change the serial number if there is a change.
-	if !c.skipNextSoaIncrease {
-		desiredSoa.SoaSerial = nextSerial
+	desiredSoa.SoaSerial = nextSerial
+
+	// If the --bindserial flag is used, force the serial to that value
+	if bindserial.ForcedValue != 0 {
+		desiredSoa.SoaSerial = uint32(bindserial.ForcedValue & 0xFFFF)
 	}
 
 	corrections = append(corrections,

From cf4cca0df4292b23ac4f302c1719700ad708ed83 Mon Sep 17 00:00:00 2001
From: Christian Burmeister <christianbur@users.noreply.github.com>
Date: Fri, 3 May 2024 13:08:54 +0200
Subject: [PATCH 241/438] INWX: Enable support for SVCB/HTTPS (#2930)

---
 documentation/providers.md     | 2 +-
 providers/inwx/inwxProvider.go | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index c85bbb5d8d..c630d00c8b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -41,7 +41,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
 | [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`LOOPIA`](provider/loopia.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 56e8961623..224406d25d 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -49,11 +49,13 @@ var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Cannot("INWX does not support the ALIAS or ANAME record type."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Unimplemented("DS records are only supported at the apex and require a different API call that hasn't been implemented yet."),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can("PTR records with empty targets are not supported"),
 	providers.CanUseSRV:              providers.Can("SRV records with empty targets are not supported."),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),

From 4757a0feeed125b0e5c519fdbd909cba836f36a6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 3 May 2024 07:09:26 -0400
Subject: [PATCH 242/438] DOCS: Remind devs to run go generate (#2929)

---
 documentation/adding-new-rtypes.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/documentation/adding-new-rtypes.md b/documentation/adding-new-rtypes.md
index b3677eb7d6..acf054e035 100644
--- a/documentation/adding-new-rtypes.md
+++ b/documentation/adding-new-rtypes.md
@@ -328,3 +328,13 @@ Add the new file `FOO.md` to the documentation table of contents [`documentation
 ...
 ```
 {% endcode %}
+
+## Step 9: "go generate"
+
+Re-generate the documentation:
+
+```shell
+go generate ./...
+```
+
+This will regenerate things like the table of which providers have which features and the `dnscontrol.d.ts` file.

From 16163480397fd4152e44e83ac049eeb6597e81c9 Mon Sep 17 00:00:00 2001
From: Amogh Lele <amolele@gmail.com>
Date: Fri, 3 May 2024 23:20:45 +0530
Subject: [PATCH 243/438] NETLIFY: add support for listing all zones (#2933)

Signed-off-by: SphericalKat <amolele@gmail.com>
---
 providers/netlify/netlifyProvider.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index 02af5e517d..fe83a5cfea 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -141,6 +141,21 @@ func (n *netlifyProvider) GetZoneRecords(domain string, meta map[string]string)
 	return cleanRecords, nil
 }
 
+// ListZones returns all DNS zones managed by this provider.
+func (n *netlifyProvider) ListZones() ([]string, error) {
+	zones, err := n.getDNSZones()
+	if err != nil {
+		return nil, err
+	}
+
+	zoneNames := make([]string, len(zones))
+	for i, z := range zones {
+		zoneNames[i] = z.Name
+	}
+
+	return zoneNames, nil
+}
+
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (n *netlifyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
 	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(records)

From 0b25fdbefca54c735e3d9fb1528f14fc4ce00cd4 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 3 May 2024 13:52:42 -0400
Subject: [PATCH 244/438] DOCS: Add reminder to create github label after
 adding new provider (#2932)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 documentation/writing-providers.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 17d81db59e..81f4aadede 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -331,4 +331,5 @@ submit a PR if you haven't already.
 ## Step 16: After the PR is merged
 
 1. Close any related GitHub issues.
+2. [Create an issue (feature request)](https://github.com/StackExchange/dnscontrol/issues/new?title=Add%20label%20for%20PROVIDERNAME) with the text "Please create the GitHub label 'provider-PROVIDERNAME'".
 3. Would you like your provider to be tested automatically as part of every PR?  Sure you would!  Follow the instructions in [Bring-Your-Own-Secrets for automated testing](byo-secrets.md)

From a679095bcb20a108ce8acbfa90460c1c7aa6c82f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 7 May 2024 06:25:27 -0400
Subject: [PATCH 245/438] DOCS: Clarify RE doc (#2934)

---
 documentation/release-engineering.md | 40 +++++++---------------------
 1 file changed, 10 insertions(+), 30 deletions(-)

diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index a6b961d5d6..40f1c48715 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -10,19 +10,27 @@ Please change the version number as appropriate.  Substitute (for example)
 ## Step 1. Rebuild generated files
 
 ```shell
-export VERSION=v4.2.0
+export VERSION=v4.x.0
 git checkout main
 git pull
 go fmt ./...
 go generate ./...
 go mod tidy
+git status
+```
+
+There should be no modified files. If there are, check them in then start over from the beginning:
+
+```
+git checkout -b gogenerate
 git commit -a -m "Update generated files for $VERSION"
 ```
 
 ## Step 2. Tag the commit in main that you want to release
 
 ```shell
-export VERSION=v4.2.0
+export VERSION=v4.x.0
+git checkout main
 git tag -m "Release $VERSION" -a $VERSION
 git push origin HEAD --tags
 ```
@@ -48,33 +56,6 @@ Release notes style guide:
 
 See [https://github.com/StackExchange/dnscontrol/releases](https://github.com/StackExchange/dnscontrol/releases) for examples for recent release notes and copy that style.
 
-Template:
-
-```text
-## Changelog
-
-This release includes many new providers (FILL IN), dozens
-of bug fixes, and FILL IN.
-
-### Breaking changes:
-
-* FILL IN
-
-### Major features:
-
-* FILL IN
-
-### Provider-specific changes:
-
-* FILL IN
-
-### Other changes and improvements:
-
-* FILL IN
-
-### Deprecation warnings:
-```
-
 ## Step 4. Announce it via email
 
 Email the release notes to the mailing list: (note the format of the Subject line and that the first line of the email is the URL of the release)
@@ -108,7 +89,6 @@ Mention the fact that you did this release in your weekly accomplishments.
 If you are at Stack Overflow:
 
 * Add the release to your weekly snippets
-* Run this build: `dnscontrol_embed - Promote most recent artifact into ExternalDNS repo`
 
 ## Tip: How to bump the major version
 

From 6817e08baa352c163d74d7f40352ccd9a0342072 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 7 May 2024 14:14:20 -0400
Subject: [PATCH 246/438] BUG: "ppreview --expect-no-changes" returns error for
 "informational" messages (#2936)

---
 commands/ppreviewPush.go | 50 ++++++++++++++++++++++++++++++++--------
 pkg/printer/printer.go   | 15 +++++++++++-
 2 files changed, 55 insertions(+), 10 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index a92e1f2133..1256d55a67 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -232,27 +232,34 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 	var anyErrors bool
 	for _, zone := range zonesToProcess {
 		out.StartDomain(zone.GetUniqueName())
+
+		// Process DNS provider changes:
 		providersToProcess := whichProvidersToProcess(zone.DNSProviderInstances, args.Providers)
 		for _, provider := range zone.DNSProviderInstances {
 			skip := skipProvider(provider.Name, providersToProcess)
 			out.StartDNSProvider(provider.Name, skip)
 			if !skip {
 				corrections := zone.GetCorrections(provider.Name)
-				totalCorrections += len(corrections)
+				numActions := countActions(corrections)
+				totalCorrections += numActions
+				out.EndProvider2(provider.Name, numActions)
 				reportItems = append(reportItems, genReportItem(zone.Name, corrections, provider.Name))
 				anyErrors = cmp.Or(anyErrors, pprintOrRunCorrections(zone.Name, provider.Name, corrections, out, push, interactive, notifier, report))
-				out.EndProvider(provider.Name, len(corrections), nil)
 			}
 		}
+
+		// Process Registrar changes:
 		skip := skipProvider(zone.RegistrarInstance.Name, providersToProcess)
 		out.StartRegistrar(zone.RegistrarName, !skip)
 		if skip {
 			corrections := zone.GetCorrections(zone.RegistrarInstance.Name)
-			totalCorrections += len(corrections)
+			numActions := countActions(corrections)
+			out.EndProvider2(zone.RegistrarName, numActions)
+			totalCorrections += numActions
 			reportItems = append(reportItems, genReportItem(zone.Name, corrections, zone.RegistrarName))
 			anyErrors = cmp.Or(anyErrors, pprintOrRunCorrections(zone.Name, zone.RegistrarInstance.Name, corrections, out, push, interactive, notifier, report))
-			out.EndProvider(zone.RegistrarName, len(corrections), nil)
 		}
+
 	}
 
 	if os.Getenv("TEAMCITY_VERSION") != "" {
@@ -274,6 +281,16 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 	return nil
 }
 
+func countActions(corrections []*models.Correction) int {
+	r := 0
+	for _, c := range corrections {
+		if c.F != nil {
+			r++
+		}
+	}
+	return r
+}
+
 func whichZonesToProcess(domains []*models.DomainConfig, filter string) []*models.DomainConfig {
 	if filter == "" || filter == "all" {
 		return domains
@@ -429,25 +446,40 @@ func pprintOrRunCorrections(zoneName string, providerName string, corrections []
 		return false
 	}
 	var anyErrors bool
-	for i, correction := range corrections {
-		out.PrintCorrection(i, correction)
+	cc := 0
+	cn := 0
+	for _, correction := range corrections {
+
+		// Print what we're about to do.
+		if correction.F == nil {
+			out.PrintReport(cn, correction)
+			cn++
+		} else {
+			out.PrintCorrection(cc, correction)
+			cc++
+		}
+
 		var err error
 		if push {
+
+			// If interactive, ask "are you sure?" and skip if not.
 			if interactive && !out.PromptToRun() {
 				continue
 			}
+
+			// If it is an action (not an informational message), notify and execute.
 			if correction.F != nil {
+				notifier.Notify(zoneName, providerName, correction.Msg, err, false)
 				err = correction.F()
+				out.EndCorrection(err)
 				if err != nil {
 					anyErrors = true
 				}
 			}
-			out.EndCorrection(err)
 		}
-		notifier.Notify(zoneName, providerName, correction.Msg, err, !push)
 	}
 
-	_ = report // File name to write report to.
+	_ = report // File name to write report to. (obsolete)
 	return anyErrors
 }
 
diff --git a/pkg/printer/printer.go b/pkg/printer/printer.go
index e5717145dd..0686a5ea0b 100644
--- a/pkg/printer/printer.go
+++ b/pkg/printer/printer.go
@@ -16,6 +16,7 @@ type CLI interface {
 	StartDomain(domain string)
 	StartDNSProvider(name string, skip bool)
 	EndProvider(name string, numCorrections int, err error)
+	EndProvider2(name string, numCorrections int)
 	StartRegistrar(name string, skip bool)
 
 	PrintCorrection(n int, c *models.Correction)
@@ -170,6 +171,18 @@ func (c ConsolePrinter) EndProvider(name string, numCorrections int, err error)
 	}
 }
 
+// EndProvider2 is called at the end of each provider.
+func (c ConsolePrinter) EndProvider2(name string, numCorrections int) {
+	plural := "s"
+	if numCorrections == 1 {
+		plural = ""
+	}
+	if (SkinnyReport) && (numCorrections == 0) {
+		return
+	}
+	fmt.Fprintf(c.Writer, "%d correction%s (%s)\n", numCorrections, plural, name)
+}
+
 // Debugf is called to print/format debug information.
 func (c ConsolePrinter) Debugf(format string, args ...interface{}) {
 	if c.Verbose {
@@ -197,7 +210,7 @@ func (c ConsolePrinter) Errorf(format string, args ...interface{}) {
 	fmt.Fprintf(c.Writer, "ERROR: "+format, args...)
 }
 
-// Errorf is called to optionally print/format a message.
+// PrintfIf is called to optionally print/format a message.
 func (c ConsolePrinter) PrintfIf(print bool, format string, args ...interface{}) {
 	if print {
 		fmt.Fprintf(c.Writer, format, args...)

From 1fa92de07e2a69ea38aacc03c2331922c583a412 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 7 May 2024 14:47:28 -0400
Subject: [PATCH 247/438] CHORE: Linting and comment-fixing (#2937)

---
 build/generate/featureMatrix.go | 6 +++---
 commands/zonecache.go           | 1 +
 documentation/SUMMARY.md        | 1 +
 models/domain.go                | 2 ++
 models/record.go                | 1 +
 models/unknown.go               | 1 +
 pkg/rfc4183/mode.go             | 5 +++++
 7 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/build/generate/featureMatrix.go b/build/generate/featureMatrix.go
index 6297c3f905..b786de97f5 100644
--- a/build/generate/featureMatrix.go
+++ b/build/generate/featureMatrix.go
@@ -80,7 +80,7 @@ func matrixData() *FeatureMatrix {
 		DomainModifierAlias  = "[`ALIAS`](language-reference/domain-modifiers/ALIAS.md)"
 		DomainModifierCaa    = "[`CAA`](language-reference/domain-modifiers/CAA.md)"
 		DomainModifierDnssec = "[`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md)"
-		DomainModifierHttps  = "[`HTTPS`](language-reference/domain-modifiers/HTTPS.md)"
+		DomainModifierHTTPS  = "[`HTTPS`](language-reference/domain-modifiers/HTTPS.md)"
 		DomainModifierLoc    = "[`LOC`](language-reference/domain-modifiers/LOC.md)"
 		DomainModifierNaptr  = "[`NAPTR`](language-reference/domain-modifiers/NAPTR.md)"
 		DomainModifierPtr    = "[`PTR`](language-reference/domain-modifiers/PTR.md)"
@@ -108,7 +108,7 @@ func matrixData() *FeatureMatrix {
 			DomainModifierAlias,
 			DomainModifierCaa,
 			DomainModifierDnssec,
-			DomainModifierHttps,
+			DomainModifierHTTPS,
 			DomainModifierLoc,
 			DomainModifierNaptr,
 			DomainModifierPtr,
@@ -212,7 +212,7 @@ func matrixData() *FeatureMatrix {
 			providers.CanUseDNSKEY,
 		)
 		setCapability(
-			DomainModifierHttps,
+			DomainModifierHTTPS,
 			providers.CanUseHTTPS,
 		)
 		setCapability(
diff --git a/commands/zonecache.go b/commands/zonecache.go
index 32aa4a8e15..0cfb70874f 100644
--- a/commands/zonecache.go
+++ b/commands/zonecache.go
@@ -2,6 +2,7 @@ package commands
 
 import "github.com/StackExchange/dnscontrol/v4/providers"
 
+// NewZoneCache creates a zoneCache.
 func NewZoneCache() *zoneCache {
 	return &zoneCache{}
 }
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index c3dd24e631..1dec62ccd3 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -25,6 +25,7 @@
   * [NewRegistrar](language-reference/top-level-functions/NewRegistrar.md)
   * [PANIC](language-reference/top-level-functions/PANIC.md)
   * [REV](language-reference/top-level-functions/REV.md)
+  * [REVCOMPAT](language-reference/top-level-functions/REVCOMPAT.md)
   * [getConfiguredDomains](language-reference/top-level-functions/getConfiguredDomains.md)
   * [require](language-reference/top-level-functions/require.md)
   * [require_glob](language-reference/top-level-functions/require_glob.md)
diff --git a/models/domain.go b/models/domain.go
index e4e6d38d48..e81ef9051a 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -150,6 +150,7 @@ func (dc *DomainConfig) Punycode() error {
 	return nil
 }
 
+// StoreCorrections accumulates corrections in a thread-safe way.
 func (dc *DomainConfig) StoreCorrections(providerName string, corrections []*Correction) {
 	dc.pendingCorrectionsMutex.Lock()
 	defer dc.pendingCorrectionsMutex.Unlock()
@@ -171,6 +172,7 @@ func (dc *DomainConfig) StoreCorrections(providerName string, corrections []*Cor
 	}
 }
 
+// GetCorrections returns the accumulated corrections for providerName.
 func (dc *DomainConfig) GetCorrections(providerName string) []*Correction {
 	dc.pendingCorrectionsMutex.Lock()
 	defer dc.pendingCorrectionsMutex.Unlock()
diff --git a/models/record.go b/models/record.go
index 9d329858bb..7270207b41 100644
--- a/models/record.go
+++ b/models/record.go
@@ -497,6 +497,7 @@ func (rc *RecordConfig) Key() RecordKey {
 	return RecordKey{rc.NameFQDN, t}
 }
 
+// GetSVCBValue returns the SVCB Key/Values as a list of Key/Values.
 func (rc *RecordConfig) GetSVCBValue() []dns.SVCBKeyValue {
 	record, err := dns.NewRR(fmt.Sprintf("%s %s %d %s %s", rc.NameFQDN, rc.Type, rc.SvcPriority, rc.target, rc.SvcParams))
 	if err != nil {
diff --git a/models/unknown.go b/models/unknown.go
index 71dfb696ac..a4128d638c 100644
--- a/models/unknown.go
+++ b/models/unknown.go
@@ -1,5 +1,6 @@
 package models
 
+// MakeUnknown turns an RecordConfig into an UNKNOWN type.
 func MakeUnknown(rc *RecordConfig, rtype string, contents string, origin string) error {
 	rc.Type = "UNKNOWN"
 	rc.UnknownTypeName = rtype
diff --git a/pkg/rfc4183/mode.go b/pkg/rfc4183/mode.go
index 02ef96ad32..587171c8ca 100644
--- a/pkg/rfc4183/mode.go
+++ b/pkg/rfc4183/mode.go
@@ -8,6 +8,7 @@ import (
 var newmode bool
 var modeset bool
 
+// SetCompatibilityMode sets REV() compatibility mode.
 func SetCompatibilityMode(m string) error {
 	if modeset {
 		return fmt.Errorf("ERROR: REVCOMPAT() already set")
@@ -25,16 +26,20 @@ func SetCompatibilityMode(m string) error {
 	return nil
 }
 
+// IsRFC4183Mode returns true if REV() is in RFC4183 mode.
 func IsRFC4183Mode() bool {
 	return newmode
 }
 
 var warningNeeded bool = false
 
+// NeedsWarning sets that a future warning regarding RFC2317
+// compatibility is needed.
 func NeedsWarning() {
 	warningNeeded = true
 }
 
+// PrintWarning prints a warning if a warning related to RFC2317 is needed.
 func PrintWarning() {
 	if modeset {
 		// No warnings if REVCOMPAT() was used.

From 39eb45b9075896488c862485503b05def4285f51 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 7 May 2024 15:14:40 -0400
Subject: [PATCH 248/438] CICD: De-conflate integration test for SVCB and HTTPS
 (#2938)

---
 integrationTest/integration_test.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index b7120780fd..28c7dce3af 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1042,12 +1042,12 @@ func makeTests() []*TestGroup {
 
 		testgroup("SVCB",
 			requires(providers.CanUseSVCB),
-			tc("Create a HTTPS record", https("@", 1, "test.com.", "port=80")),
-			tc("Change HTTPS priority", https("@", 2, "test.com.", "port=80")),
-			tc("Change HTTPS target", https("@", 2, ".", "port=80")),
-			tc("Change HTTPS params", https("@", 2, ".", "port=99")),
-			tc("Change HTTPS params-empty", https("@", 2, ".", "")),
-			tc("Change HTTPS all", https("@", 3, "example.com.", "port=100")),
+			tc("Create a SVCB record", svcb("@", 1, "test.com.", "port=80")),
+			tc("Change SVCB priority", svcb("@", 2, "test.com.", "port=80")),
+			tc("Change SVCB target", svcb("@", 2, ".", "port=80")),
+			tc("Change SVCB params", svcb("@", 2, ".", "port=99")),
+			tc("Change SVCB params-empty", svcb("@", 2, ".", "")),
+			tc("Change SVCB all", svcb("@", 3, "example.com.", "port=100")),
 		),
 		//// Test edge cases from various types.
 

From 612f16b0e79db8e89ea89882ce572616d80ed9c0 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Wed, 8 May 2024 15:38:56 +0200
Subject: [PATCH 249/438] NS1: update ns1-go to 2.10.0 (#2941)

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 474236c836..ef1ce00c72 100644
--- a/go.mod
+++ b/go.mod
@@ -55,7 +55,7 @@ require (
 	golang.org/x/net v0.24.0
 	golang.org/x/oauth2 v0.19.0
 	google.golang.org/api v0.177.0
-	gopkg.in/ns1/ns1-go.v2 v2.7.11
+	gopkg.in/ns1/ns1-go.v2 v2.10.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index 55cd514a2f..843f51e2a0 100644
--- a/go.sum
+++ b/go.sum
@@ -574,8 +574,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.7.11 h1:fs8fkDjfdWdR2Gg//HO+LHrtC38+Z+xpUs3z4iojsn8=
-gopkg.in/ns1/ns1-go.v2 v2.7.11/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.10.0 h1:JbwyVcVRhBczmKnVeK0cc5UbHkYr0JlBWCYGWsTWlyU=
+gopkg.in/ns1/ns1-go.v2 v2.10.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From c67962309efc5d87765236b6b7a0895e0c6c0488 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Foray?= <moi@foray-jero.me>
Date: Wed, 8 May 2024 15:39:18 +0200
Subject: [PATCH 250/438] DESEC: Enable support for SVCB/HTTPS (#2942)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jérôme foray <moi@foray-jero.me>
---
 documentation/providers.md       | 2 +-
 models/t_parse.go                | 2 ++
 providers/desec/desecProvider.go | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index c630d00c8b..b9bb2ec9cb 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -24,7 +24,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 | [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/models/t_parse.go b/models/t_parse.go
index 10e2a952dd..e224f8c600 100644
--- a/models/t_parse.go
+++ b/models/t_parse.go
@@ -188,6 +188,8 @@ func (rc *RecordConfig) PopulateFromString(rtype, contents, origin string) error
 		return rc.SetTargetSRVString(contents)
 	case "SSHFP":
 		return rc.SetTargetSSHFPString(contents)
+	case "SVCB", "HTTPS":
+		return rc.SetTargetSVCBString(origin, contents)
 	case "TLSA":
 		return rc.SetTargetTLSAString(contents)
 	default:
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index dd2374a5f7..1134583f9d 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -46,11 +46,13 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseDNSKEY:           providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Unimplemented(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Unimplemented(),

From 27f9a5f92bd570b01c37593dd5ebc0d153b31c2d Mon Sep 17 00:00:00 2001
From: svernick <108954676+svernick@users.noreply.github.com>
Date: Wed, 8 May 2024 09:41:08 -0400
Subject: [PATCH 251/438] AKAMAIEDGEDNS: new maintainer: Chris Dornin (#2940)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 OWNERS                     | 2 +-
 documentation/providers.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/OWNERS b/OWNERS
index dd5797989f..c82e5c7ac6 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,4 +1,4 @@
-providers/akamaiedgedns @svernick
+providers/akamaiedgedns @cdornin
 providers/autodns @arnoschoon
 providers/axfrddns @hnrgrgr
 providers/azuredns @vatsalyagoel
diff --git a/documentation/providers.md b/documentation/providers.md
index b9bb2ec9cb..82efe053d9 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -110,7 +110,7 @@ Providers in this category and their maintainers are:
 |Name|Maintainer|
 |---|---|
 |[`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md)|@matthewmgamble|
-|[`AKAMAIEDGEDNS`](provider/akamaiedgedns.md)|@svernick|
+|[`AKAMAIEDGEDNS`](provider/akamaiedgedns.md)|@cdornin|
 |[`AXFRDDNS`](provider/axfrddns.md)|@hnrgrgr|
 |[`BUNNY_DNS`](provider/bunny_dns.md)|@ppmathis|
 |[`CLOUDFLAREAPI`](provider/cloudflareapi.md)|@tresni|

From 7bd931694aa49b4f51db79a23a650265f1fdce8c Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Thu, 9 May 2024 03:21:17 +0200
Subject: [PATCH 252/438] NS1: Add SVCB, HTTPS, TLSA support (#2945)

---
 documentation/providers.md   |  2 +-
 providers/ns1/ns1Provider.go | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 82efe053d9..1e9fc4656e 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -51,7 +51,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index af6addd445..96a0e208a4 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -25,9 +25,12 @@ var docNotes = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
+	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Cannot(),
@@ -332,6 +335,17 @@ func buildRecord(recs models.Records, domain string, id string) *dns.Record {
 		} else if r.Type == "NS1_URLFWD" {
 			rec.Type = "URLFWD"
 			rec.AddAnswer(&dns.Answer{Rdata: strings.Fields(r.GetTargetField())})
+		} else if r.Type == "SVCB" || r.Type == "HTTPS" {
+			rec.AddAnswer(&dns.Answer{Rdata: []string{
+				strconv.Itoa(int(r.SvcPriority)),
+				r.GetTargetField(),
+				r.SvcParams}})
+		} else if r.Type == "TLSA" {
+			rec.AddAnswer(&dns.Answer{Rdata: []string{
+				strconv.Itoa(int(r.TlsaUsage)),
+				strconv.Itoa(int(r.TlsaSelector)),
+				strconv.Itoa(int(r.TlsaMatchingType)),
+				r.GetTargetField()}})
 		} else {
 			rec.AddAnswer(&dns.Answer{Rdata: strings.Fields(r.GetTargetField())})
 		}

From a1fc1b1cd907b0c66abac6450985faf63e358d0c Mon Sep 17 00:00:00 2001
From: Damian Zaremba <damian@damianzaremba.co.uk>
Date: Thu, 9 May 2024 02:21:52 +0100
Subject: [PATCH 253/438] BUNNY_DNS: Add support for `ALIAS` (#2946)

---
 documentation/providers.md             | 2 +-
 providers/bunnydns/bunnydnsProvider.go | 2 +-
 providers/bunnydns/records.go          | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 1e9fc4656e..cf9f3fa61b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -20,7 +20,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
-| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
index de9d899bbf..3450b71a4c 100644
--- a/providers/bunnydns/bunnydnsProvider.go
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -14,7 +14,7 @@ var features = providers.DocumentationNotes{
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Cannot(),
-	providers.CanUseAlias:            providers.Cannot(),
+	providers.CanUseAlias:            providers.Can("Bunny flattens CNAME records into A/AAAA records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Cannot(),
 	providers.CanUseDS:               providers.Cannot(),
diff --git a/providers/bunnydns/records.go b/providers/bunnydns/records.go
index 5a6a934463..00ff817fc1 100644
--- a/providers/bunnydns/records.go
+++ b/providers/bunnydns/records.go
@@ -60,6 +60,10 @@ func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		if rc.Name == "@" && rc.Type == "NS" {
 			rc.TTL = 0
 		}
+
+		if rc.Type == "ALIAS" {
+			rc.Type = "CNAME"
+		}
 	}
 
 	zone, err := b.findZoneByDomain(dc.Name)

From e6885cfb00a3e8305ef25c273a568ca9250c2844 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 10 May 2024 06:46:31 -0400
Subject: [PATCH 254/438] CHORE: update deps (#2944)

---
 go.mod | 27 +++++++++++++--------------
 go.sum | 59 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 42 insertions(+), 44 deletions(-)

diff --git a/go.mod b/go.mod
index ef1ce00c72..3c78a8607c 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.22.1
 
 retract v4.8.0
 
-require google.golang.org/protobuf v1.34.0 // indirect
+require google.golang.org/protobuf v1.34.1 // indirect
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
@@ -24,8 +24,8 @@ require (
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
-	github.com/cloudflare/cloudflare-go v0.94.0
-	github.com/digitalocean/godo v1.113.0
+	github.com/cloudflare/cloudflare-go v0.95.0
+	github.com/digitalocean/godo v1.114.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -48,13 +48,13 @@ require (
 	github.com/robertkrimen/otto v0.4.0
 	github.com/softlayer/softlayer-go v1.1.3
 	github.com/stretchr/testify v1.9.0
-	github.com/transip/gotransip/v6 v6.23.0
+	github.com/transip/gotransip/v6 v6.24.0
 	github.com/urfave/cli/v2 v2.27.2
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.22.0 // indirect
-	golang.org/x/net v0.24.0
-	golang.org/x/oauth2 v0.19.0
-	google.golang.org/api v0.177.0
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0
+	golang.org/x/oauth2 v0.20.0
+	google.golang.org/api v0.178.0
 	gopkg.in/ns1/ns1-go.v2 v2.10.0
 )
 
@@ -69,8 +69,8 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
-	golang.org/x/text v0.14.0
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
+	golang.org/x/text v0.15.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -113,7 +113,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -150,10 +150,9 @@ require (
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.20.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c // indirect
+	golang.org/x/tools v0.21.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect
 	google.golang.org/grpc v1.63.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 843f51e2a0..70803f9aa0 100644
--- a/go.sum
+++ b/go.sum
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.94.0 h1:WADmVhCdnn1A9sm5NU08by49Vbh4Lj/JBgTWTr7q7Qc=
-github.com/cloudflare/cloudflare-go v0.94.0/go.mod h1:N1u1cLZ4lG6NeezGOWi7P6aq1DK2iVYg9ze7GZbUmZE=
+github.com/cloudflare/cloudflare-go v0.95.0 h1:VCOZWcIdcbQw1CwT40w0wxqG/wRbp/M5WpWfn50nVCo=
+github.com/cloudflare/cloudflare-go v0.95.0/go.mod h1:X0MKeYo7qpA162hx9N51EG+cSzgWq8wguF9Oe+kF+7I=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.113.0 h1:CLtCxlP4wDAjKIQ+Hshht/UNbgAp8/J/XBH1ZtDCF9Y=
-github.com/digitalocean/godo v1.113.0/go.mod h1:Z2mTP848Vi3IXXl5YbPekUgr4j4tOePomA+OE1Ag98w=
+github.com/digitalocean/godo v1.114.0 h1:sC6/07mDPabsrW/hdlDa7EW9V4XiiGQqkbP7cZgmq6c=
+github.com/digitalocean/godo v1.114.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -207,8 +207,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA=
-github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4=
+github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
+github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -315,7 +315,6 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
 github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
@@ -387,8 +386,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/transip/gotransip/v6 v6.23.0 h1:PsTdjortrEZ8IFFifEryzjVjOy9SgK4ahlnhKBBIQgA=
-github.com/transip/gotransip/v6 v6.23.0/go.mod h1:nzv9eN2tdsUrm5nG5ZX6AugYIU4qgsMwIn2c0EZLk8c=
+github.com/transip/gotransip/v6 v6.24.0 h1:QaHgRT3ikpMCXr8Ntojiced/W4izd9ra9PNE/i+7qTE=
+github.com/transip/gotransip/v6 v6.24.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
@@ -425,11 +424,11 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30=
-golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY=
-golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -453,11 +452,11 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
-golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg=
-golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8=
+golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -491,8 +490,8 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -506,8 +505,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
@@ -523,21 +522,22 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
-golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
+golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
+golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk=
-google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw=
+google.golang.org/api v0.178.0 h1:yoW/QMI4bRVCHF+NWOTa4cL8MoWL3Jnuc7FlcFF91Ok=
+google.golang.org/api v0.178.0/go.mod h1:84/k2v8DFpDRebpGcooklv/lais3MEfqpaBLA12gl2U=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c h1:kaI7oewGK5YnVwj+Y+EJBO/YN1ht8iTL9XkFHtVZLsc=
-google.golang.org/genproto/googleapis/api v0.0.0-20240314234333-6e1732d8331c/go.mod h1:VQW3tUculP/D4B+xVCo+VgSq8As6wA9ZjHl//pmk+6s=
+google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -559,12 +559,11 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4=
-google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=

From 1205ef63434312577b22728d4034d9e44a05d913 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 13 May 2024 14:47:23 +0200
Subject: [PATCH 255/438] DOCS: Code examples with `END` constant (#2950)

---
 commands/types/dnscontrol.d.ts                | 285 +++++++++---------
 documentation/ci-cd-gitlab.md                 |   4 +-
 documentation/cli-variables.md                |  14 +-
 documentation/examples.md                     |  40 +--
 documentation/getting-started.md              |   4 +-
 .../language-reference/domain-modifiers/A.md  |   4 +-
 .../domain-modifiers/AAAA.md                  |   4 +-
 .../domain-modifiers/ALIAS.md                 |   2 +-
 .../domain-modifiers/AUTODNSSEC_ON.md         |   8 +-
 .../domain-modifiers/AZURE_ALIAS.md           |   2 +-
 .../domain-modifiers/CAA.md                   |   4 +-
 .../domain-modifiers/CF_REDIRECT.md           |   2 +-
 .../domain-modifiers/CF_TEMP_REDIRECT.md      |   2 +-
 .../domain-modifiers/CF_WORKER_ROUTE.md       |   2 +-
 .../domain-modifiers/CNAME.md                 |   2 +-
 .../domain-modifiers/DHCID.md                 |   4 +-
 .../domain-modifiers/DNAME.md                 |   4 +-
 .../domain-modifiers/DNSKEY.md                |   4 +-
 .../language-reference/domain-modifiers/DS.md |   4 +-
 .../domain-modifiers/DefaultTTL.md            |   4 +-
 .../domain-modifiers/HTTPS.md                 |   4 +-
 .../domain-modifiers/IMPORT_TRANSFORM.md      |  14 +-
 .../domain-modifiers/INCLUDE.md               |   8 +-
 .../domain-modifiers/LOC.md                   |  13 +-
 .../domain-modifiers/LOC_BUILDER_DD.md        |  15 +-
 .../domain-modifiers/LOC_BUILDER_DMM_STR.md   |   5 +-
 .../domain-modifiers/LOC_BUILDER_DMS_STR.md   |   5 +-
 .../domain-modifiers/LOC_BUILDER_STR.md       |  15 +-
 .../language-reference/domain-modifiers/MX.md |   4 +-
 .../domain-modifiers/NAMESERVER.md            |   6 +-
 .../domain-modifiers/NAMESERVER_TTL.md        |   8 +-
 .../domain-modifiers/NAPTR.md                 |  12 +-
 .../domain-modifiers/NO_PURGE.md              |   4 +-
 .../language-reference/domain-modifiers/NS.md |   2 +-
 .../domain-modifiers/PTR.md                   |  10 +-
 .../domain-modifiers/PURGE.md                 |   4 +-
 .../domain-modifiers/R53_ALIAS.md             |   2 +-
 .../domain-modifiers/SOA.md                   |   2 +-
 .../domain-modifiers/SPF_BUILDER.md           |  16 +-
 .../domain-modifiers/SRV.md                   |   2 +-
 .../domain-modifiers/SVCB.md                  |   4 +-
 .../domain-modifiers/TLSA.md                  |   2 +-
 .../domain-modifiers/TXT.md                   |   4 +-
 .../record-modifiers/TTL.md                   |   2 +-
 .../top-level-functions/D.md                  |  21 +-
 .../top-level-functions/DEFAULTS.md           |  12 +-
 .../top-level-functions/DOMAIN_ELSEWHERE.md   |   4 +-
 .../DOMAIN_ELSEWHERE_AUTO.md                  |   4 +-
 .../top-level-functions/D_EXTEND.md           |  20 +-
 .../top-level-functions/FETCH.md              |   4 +-
 .../top-level-functions/NewDnsProvider.md     |   8 +-
 .../top-level-functions/NewRegistrar.md       |   8 +-
 .../top-level-functions/REV.md                |   4 +-
 .../top-level-functions/require.md            |   4 +-
 .../dnsconfig-code-example-with-filename.md   |   4 +-
 documentation/nameservers.md                  |  36 +--
 documentation/notifications.md                |   2 +-
 documentation/provider/akamaiedgedns.md       |   4 +-
 documentation/provider/autodns.md             |   4 +-
 documentation/provider/azure_dns.md           |   4 +-
 documentation/provider/azure_private_dns.md   |   4 +-
 documentation/provider/bunny_dns.md           |   4 +-
 documentation/provider/cloudflareapi.md       |  16 +-
 documentation/provider/cloudns.md             |   8 +-
 documentation/provider/cscglobal.md           |   4 +-
 documentation/provider/desec.md               |   4 +-
 documentation/provider/digitalocean.md        |   4 +-
 documentation/provider/dnsimple.md            |   4 +-
 documentation/provider/dnsmadeeasy.md         |   4 +-
 documentation/provider/dnsoverhttps.md        |   2 +-
 documentation/provider/domainnameshop.md      |   4 +-
 documentation/provider/easyname.md            |   2 +-
 documentation/provider/exoscale.md            |   4 +-
 documentation/provider/gandi_v5.md            |   4 +-
 documentation/provider/gcloud.md              |   8 +-
 documentation/provider/gcore.md               |   4 +-
 documentation/provider/hedns.md               |   4 +-
 documentation/provider/hetzner.md             |   4 +-
 documentation/provider/hexonet.md             |   4 +-
 documentation/provider/hostingde.md           |   4 +-
 documentation/provider/internetbs.md          |   2 +-
 documentation/provider/inwx.md                |   4 +-
 documentation/provider/linode.md              |   4 +-
 documentation/provider/loopia.md              |   4 +-
 documentation/provider/luadns.md              |   4 +-
 documentation/provider/msdns.md               |   4 +-
 documentation/provider/mythicbeasts.md        |   4 +-
 documentation/provider/namecheap.md           |   8 +-
 documentation/provider/namedotcom.md          |   8 +-
 documentation/provider/netcup.md              |   4 +-
 documentation/provider/netlify.md             |   4 +-
 documentation/provider/ns1.md                 |   4 +-
 documentation/provider/opensrs.md             |   4 +-
 documentation/provider/oracle.md              |   4 +-
 documentation/provider/ovh.md                 |   8 +-
 documentation/provider/packetframe.md         |   4 +-
 documentation/provider/porkbun.md             |   4 +-
 documentation/provider/powerdns.md            |   4 +-
 documentation/provider/realtimeregister.md    |   4 +-
 documentation/provider/route53.md             |   8 +-
 documentation/provider/rwth.md                |   4 +-
 documentation/provider/softlayer.md           |   8 +-
 documentation/provider/transip.md             |   4 +-
 documentation/provider/vultr.md               |   4 +-
 documentation/styleguide-doc.md               |   4 +-
 105 files changed, 454 insertions(+), 465 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 68e0268434..dae2b7fa9d 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -49,9 +49,9 @@ type Duration =
  * > 2. Make sure DNSControl only uses verified configuration if you want to use `FETCH`. For example, an attacker can send Pull Requests to your config repo, and have your CI test malicious configurations and make arbitrary HTTP requests. Therefore, `FETCH` must be explicitly enabled with flag `--allow-fetch` on DNSControl invocation.
  *
  * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), [
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@", "1.2.3.4"),
- * ]);
+ * END);
  *
  * FETCH("https://example.com", {
  *   // All three options below are optional
@@ -189,8 +189,8 @@ declare const DISABLE_REPEATED_DOMAIN_CHECK: RecordModifier;
  *   A("@", "1.2.3.4"),
  *   A("foo", "2.3.4.5"),
  *   A("test.foo", IP("1.2.3.4"), TTL(5000)),
- *   A("*", "1.2.3.4", {foo: 42})
- * );
+ *   A("*", "1.2.3.4", {foo: 42}),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/a
@@ -211,8 +211,8 @@ declare function A(name: string, address: string | number, ...modifiers: RecordM
  *   AAAA("@", addrV6),
  *   AAAA("foo", addrV6),
  *   AAAA("test.foo", addrV6, TTL(5000)),
- *   AAAA("*", addrV6, {foo: 42})
- * );
+ *   AAAA("*", addrV6, {foo: 42}),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/aaaa
@@ -239,7 +239,7 @@ declare function AKAMAICDN(name: string, target: string, ...modifiers: RecordMod
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   ALIAS("@", "google.com."), // example.com -> google.com
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/alias
@@ -275,13 +275,13 @@ declare const AUTODNSSEC_OFF: DomainModifier;
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
- *   A("@", "10.1.1.1")
- * );
+ *   A("@", "10.1.1.1"),
+ * END);
  *
  * D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
- *   A("@", "10.2.2.2")
- * );
+ *   A("@", "10.2.2.2"),
+ * END);
  * ```
  *
  * If neither `AUTODNSSEC_ON` or `AUTODNSSEC_OFF` is specified for a
@@ -331,7 +331,7 @@ declare const AUTODNSSEC_ON: DomainModifier;
  * D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
  *   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
  *   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/azure-dns/azure_alias
@@ -359,8 +359,8 @@ declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target:
  *   CAA("@", "issuewild", ";"),
  *   // Report all violation to test@example.com. If CA does not support
  *   // this record then refuse to issue any certificate
- *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * );
+ *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+ * END);
  * ```
  *
  * DNSControl contains a [`CAA_BUILDER`](CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
@@ -485,7 +485,7 @@ declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critic
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_redirect
@@ -509,7 +509,7 @@ declare function CF_REDIRECT(source: string, destination: string, ...modifiers:
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_temp_redirect
@@ -535,7 +535,7 @@ declare function CF_TEMP_REDIRECT(source: string, destination: string, ...modifi
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
  *     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_worker_route
@@ -560,7 +560,7 @@ declare function CLOUDNS_WR(name: string, target: string, ...modifiers: RecordMo
  *   CNAME("foo", "google.com."), // foo.example.com -> google.com
  *   CNAME("abc", "@"), // abc.example.com -> example.com
  *   CNAME("def", "test"), // def.example.com -> test.example.com
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/cname
@@ -583,8 +583,8 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  * // simple domain
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@","1.2.3.4"),
- *   CNAME("test", "foo.example2.com.")
- * );
+ *   CNAME("test", "foo.example2.com."),
+ * END);
  *
  * // "macro" for records that can be mixed into any zone
  * var GOOGLE_APPS_DOMAIN_MX = [
@@ -598,8 +598,8 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@","1.2.3.4"),
  *   CNAME("test", "foo.example2.com."),
- *   GOOGLE_APPS_DOMAIN_MX
- * );
+ *   GOOGLE_APPS_DOMAIN_MX,
+ * END);
  * ```
  *
  * # Split Horizon DNS
@@ -618,16 +618,16 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  * var DNS_OUTSIDE = NewDnsProvider("bind");
  *
  * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
- *   A("www", "10.10.10.10")
- * );
+ *   A("www", "10.10.10.10"),
+ * END);
  *
  * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
- *   A("www", "20.20.20.20")
- * );
+ *   A("www", "20.20.20.20"),
+ * END);
  *
  * D_EXTEND("example.com!inside",
- *   A("internal", "10.99.99.99")
- * );
+ *   A("internal", "10.99.99.99"),
+ * END);
  * ```
  *
  * A domain name without a `!` is assigned a tag that is the empty
@@ -667,12 +667,12 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  * var COMMON = NewDnsProvider("foo");
  * DEFAULTS(
  *   DnsProvider(COMMON, 0),
- *   DefaultTTL("1d")
- * );
+ *   DefaultTTL("1d"),
+ * END);
  *
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * If you want to clear the defaults, you can do the following.
@@ -682,8 +682,8 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  * DEFAULTS();
  *
  * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
@@ -697,8 +697,8 @@ declare function DEFAULTS(...modifiers: DomainModifier[]): void;
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DHCID("example.com", "ABCDEFG")
- * );
+ *   DHCID("example.com", "ABCDEFG"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dhcid
@@ -827,8 +827,8 @@ declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy:
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DNAME("sub", "example.net.")
- * );
+ *   DNAME("sub", "example.net."),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dname
@@ -848,8 +848,8 @@ declare function DNAME(name: string, target: string, ...modifiers: RecordModifie
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DNSKEY("@", 257, 3, 13, "AABBCCDD")
- * );
+ *   DNSKEY("@", 257, 3, 13, "AABBCCDD"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dnskey
@@ -878,8 +878,8 @@ declare function DNSKEY(name: string, flags: number, protocol: number, algorithm
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     NO_PURGE,
  *     NAMESERVER("ns1.foo.com"),
- *     NAMESERVER("ns2.foo.com")
- * );
+ *     NAMESERVER("ns2.foo.com"),
+ * END);
  * ```
  *
  * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used out of abundance of caution but since no
@@ -913,8 +913,8 @@ declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_na
  * ```javascript
  * D("example.com", REG_NAMEDOTCOM,
  *     NO_PURGE,
- *     DnsProvider(DSP_AZURE)
- * );
+ *     DnsProvider(DSP_AZURE),
+ * END);
  * ```
  *
  * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used to prevent DNSControl from changing the records.
@@ -936,8 +936,8 @@ declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar:
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   DS("example.com", 2371, 13, 2, "ABCDEF")
- * );
+ *   DS("example.com", 2371, 13, 2, "ABCDEF"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ds
@@ -973,25 +973,25 @@ declare function DS(name: string, keytag: number, algorithm: number, digesttype:
  * D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
  *   A("@", "127.0.0.1"), // domain.tld
  *   A("www", "127.0.0.2"), // www.domain.tld
- *   CNAME("a", "b") // a.domain.tld -> b.domain.tld
- * );
+ *   CNAME("a", "b"), // a.domain.tld -> b.domain.tld
+ * END);
  * D_EXTEND("domain.tld",
  *   A("aaa", "127.0.0.3"), // aaa.domain.tld
- *   CNAME("c", "d") // c.domain.tld -> d.domain.tld
- * );
+ *   CNAME("c", "d"), // c.domain.tld -> d.domain.tld
+ * END);
  * D_EXTEND("sub.domain.tld",
  *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
  *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
- *   CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
- * );
+ *   CNAME("e", "f"), // e.sub.domain.tld -> f.sub.domain.tld
+ * END);
  * D_EXTEND("sub.sub.domain.tld",
  *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
- *   CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
- * );
+ *   CNAME("g", "h"), // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
+ * END);
  * D_EXTEND("sub.domain.tld",
  *   A("@", "127.0.0.7"), // sub.domain.tld
- *   CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
- * );
+ *   CNAME("i", "j"), // i.sub.domain.tld -> j.sub.domain.tld
+ * END);
  * ```
  *
  * This will end up in the following modifications: (This output assumes the `--full` flag)
@@ -1037,8 +1037,8 @@ declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   DefaultTTL("4h"),
  *   A("@","1.2.3.4"), // uses default
- *   A("foo", "2.3.4.5", TTL(600)) // overrides default
- * );
+ *   A("foo", "2.3.4.5", TTL(600)), // overrides default
+ * END);
  * ```
  *
  * The DefaultTTL duration is the same format as [`TTL`](../record-modifiers/TTL.md), an integer number of seconds
@@ -1091,8 +1091,8 @@ declare function FRAME(name: string, target: string, ...modifiers: RecordModifie
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
- *   HTTPS("@", 1, "test.com", "")
- * );
+ *   HTTPS("@", 1, "test.com", ""),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/https
@@ -1384,13 +1384,13 @@ declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;
  *
  * ```javascript
  * D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   A("test", "8.8.8.8")
- * );
+ *   A("test", "8.8.8.8"),
+ * END);
  *
  * D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   INCLUDE("example.com!external"),
- *   A("home", "127.0.0.1")
- * );
+ *   A("home", "127.0.0.1"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/include
@@ -1496,17 +1496,16 @@ declare function IP(ip: string): number;
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
  *   //42 21 54     N  71 06  18     W -24m 30m
- *   , LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0)
+ *   LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0),
  *   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
- *   , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10)
+ *   LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10),
  *   //52 14 05     N  00 08  50     E 10m
- *   , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0)
+ *   LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0),
  *   //32  7 19     S 116  2  25     E 10m
- *   , LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0)
+ *   LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0),
  *   //42 21 28.764 N  71 00  51.617 W -44m 2000m
- *   , LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0)
- * );
- *
+ *   LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc
@@ -1538,27 +1537,26 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     LOC_BUILDER_DD({
+ *   LOC_BUILDER_DD({
  *     label: "big-ben",
  *     x: 51.50084265331501,
  *     y: -0.12462541415599787,
  *     alt: 6,
- *   })
- *   , LOC_BUILDER_DD({
+ *   }),
+ *   LOC_BUILDER_DD({
  *     label: "white-house",
  *     x: 38.89775977858357,
  *     y: -77.03655125982903,
  *     alt: 19,
- *   })
- *   , LOC_BUILDER_DD({
+ *   }),
+ *   LOC_BUILDER_DD({
  *     label: "white-house-ttl",
  *     x: 38.89775977858357,
  *     y: -77.03655125982903,
  *     alt: 19,
  *     ttl: "5m",
- *   })
- * );
- *
+ *   }),
+ * END);
  * ```
  *
  * Part of the series:
@@ -1598,9 +1596,8 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  *     label: "tasmania",
  *     str: "42°S 147°E",
  *     alt: 3,
- *   })
- * );
- *
+ *   }),
+ * END);
  * ```
  *
  * Part of the series:
@@ -1641,9 +1638,8 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  *     str: "33°51′31″S 151°12′51″E",
  *     alt: 4,
  *     ttl: "5m",
- *   })
- * );
- *
+ *   }),
+ * END);
  * ```
  *
  * Part of the series:
@@ -1675,23 +1671,22 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   , LOC_BUILDER_STR({
+ *   LOC_BUILDER_STR({
  *     label: "old-faithful",
  *     str: "44.46046°N 110.82815°W",
  *     alt: 2240,
- *   })
- *   , LOC_BUILDER_STR({
+ *   }),
+ *   LOC_BUILDER_STR({
  *     label: "ribblehead-viaduct",
  *     str: "54.210436°N 2.370231°W",
  *     alt: 300,
- *   })
- *   , LOC_BUILDER_STR({
+ *   }),
+ *   LOC_BUILDER_STR({
  *     label: "guinness-brewery",
  *     str: "53°20′40″N 6°17′20″W",
  *     alt: 300,
- *   })
- * );
- *
+ *   }),
+ * END);
  * ```
  *
  * Part of the series:
@@ -1764,8 +1759,8 @@ declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   MX("@", 5, "mail"), // mx example.com -> mail.example.com
- *   MX("sub", 10, "mail.foo.com.")
- * );
+ *   MX("sub", 10, "mail.foo.com."),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/mx
@@ -1791,13 +1786,13 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  *   // Replace the nameservers:
  *   NAMESERVER("ns1.myserver.com."),
  *   NAMESERVER("ns2.myserver.com."),
- * );
+ * END);
  *
  * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // Add these two additional nameservers to the existing list of nameservers.
  *   NAMESERVER("ns1.myserver.com."),
  *   NAMESERVER("ns2.myserver.com."),
- * );
+ * END);
  * ```
  *
  * # The difference between NS() and NAMESERVER()
@@ -1846,7 +1841,7 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
  * D("example.com", REG_THIRDPARTY,
  *   ...
- * )
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver
@@ -1861,8 +1856,8 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   NAMESERVER_TTL("2d"),
- *   NAMESERVER("ns")
- * );
+ *   NAMESERVER("ns"),
+ * END);
  * ```
  *
  * Use `NAMESERVER_TTL("3600"),` or `NAMESERVER_TTL("1h"),` for a 1h default TTL for all subsequent `NS` entries:
@@ -1874,8 +1869,8 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
  *   NAMESERVER("ns1.provider.com."), //inherits NAMESERVER_TTL
  *   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
  *   A("@","1.2.3.4"), // inherits DefaultTTL
- *   A("foo", "2.3.4.5", TTL(600)) // overrides DefaultTTL for this record only
- * );
+ *   A("foo", "2.3.4.5", TTL(600)), // overrides DefaultTTL for this record only
+ * END);
  * ```
  *
  * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain-modifiers/DefaultTTL.md)
@@ -2026,8 +2021,8 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   NAPTR("7",  10, 10, "u", "E2U+SIP", "!^.*$!sip:jane@example.com!", "."),
  *   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
  *   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
- *   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", ".")
- * );
+ *   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", "."),
+ * END);
  * ```
  *
  * Single e164 zone
@@ -2035,8 +2030,8 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  * D("4.3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
  *   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
  *   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
- *   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", ".")
- * );
+ *   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", "."),
+ * END);
  * ```
  *
  * ### Examples for SIP:
@@ -2054,7 +2049,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   A("sip", "192.0.2.2"),
  *   AAAA("sip", "2001:db8::85a3"),
  *   // and so on
- * );
+ * END);
  * ```
  *
  * ### Other RFC based examples:
@@ -2069,7 +2064,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
  *   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
  *   // and so on
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/naptr
@@ -2102,8 +2097,8 @@ declare function NAPTR(subdomain: string, order: number, preference: number, ter
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
- *   A("foo","1.2.3.4")
- * );
+ *   A("foo","1.2.3.4"),
+ * END);
  * ```
  *
  * The main caveat of `NO_PURGE` is that intentionally deleting records becomes
@@ -2144,7 +2139,7 @@ declare const NO_PURGE: DomainModifier;
  *   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
  *   A("ns1.example2.com", "10.10.10.10"), // Glue records
  *   A("ns2.example2.com", "10.10.10.20"), // Glue records
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ns
@@ -2178,8 +2173,8 @@ declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordMo
  * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * In [v3.16](../../v316.md) and later:
@@ -2189,8 +2184,8 @@ declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordMo
  * var DNS_MYAWS = NewDnsProvider("myaws");
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
@@ -2217,8 +2212,8 @@ declare function NewDnsProvider(name: string, type?: string, meta?: object): str
  * var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * In [v3.16](../../v316.md) and later:
@@ -2228,8 +2223,8 @@ declare function NewDnsProvider(name: string, type?: string, meta?: object): str
  * var DNS_MYAWS = NewDnsProvider("myaws");
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
- *   A("@","1.2.3.4")
- * );
+ *   A("@","1.2.3.4"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
@@ -2305,13 +2300,13 @@ declare function PANIC(message: string): never;
  *   PTR("3", "baz.example.com."),
  *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
  *   PTR("1.2.3.10", "ten.example.com."),    // "10"
- * );
+ * END);
  * ```
  *
  * ```javascript
  * D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
  *   PTR("9.9.9.129", "first.example.com."),
- * );
+ * END);
  * ```
  *
  * ```javascript
@@ -2320,7 +2315,7 @@ declare function PANIC(message: string): never;
  *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
  *   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
  *   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
- * );
+ * END);
  * ```
  *
  * # Automatic forward and reverse lookups
@@ -2342,10 +2337,10 @@ declare function PANIC(message: string): never;
  *
  * D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
  *     ...,
- *     END);
+ * END);
  * D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
  *     ...,
- *     END);
+ * END);
  *
  * FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
  * FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
@@ -2376,7 +2371,7 @@ declare function PTR(name: string, target: string, ...modifiers: RecordModifier[
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   PURGE,
- * );
+ * END);
  * ```
  *
  * Since the "last command wins", this is the same as `PURGE`:
@@ -2388,7 +2383,7 @@ declare function PTR(name: string, target: string, ...modifiers: RecordModifier[
  *   PURGE,
  *   NO_PURGE,
  *   PURGE,
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/purge
@@ -2431,7 +2426,7 @@ declare const PURGE: DomainModifier;
  *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
  *   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
  *   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/amazon-route-53/r53_alias
@@ -2507,14 +2502,14 @@ declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
  *   PTR("3", "baz.example.com."),
  *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("1.2.3.10", "ten.example.com."),
- * );
+ * END);
  *
  * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
  *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
  *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
  *   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
- * );
+ * END);
  * ```
  *
  * # Automatic forward and reverse record generation
@@ -2575,7 +2570,7 @@ declare function REVCOMPAT(rfc: string): string;
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
- * );
+ * END);
  * ```
  *
  * If you accidentally include an `@` in the email field DNSControl will quietly
@@ -2609,8 +2604,8 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all")
- * )
+ *   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all"),
+ * END)
  * ```
  *
  * This has a few problems:
@@ -2648,7 +2643,7 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
  *     ]
  *   }),
- * );
+ * END);
  * ```
  *
  * By using the `SPF_BUILDER()` we gain many benefits:
@@ -2683,7 +2678,7 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *   }),
  *   ...
  *   ...
- * );
+ * END);
  * ```
  *
  * The parameters are:
@@ -2866,12 +2861,12 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  * });
  *
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *     SPF_MYSETTINGS
- * );
+ *     SPF_MYSETTINGS,
+ * END);
  *
  * D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *      SPF_MYSETTINGS
- * );
+ *      SPF_MYSETTINGS,
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder
@@ -2889,7 +2884,7 @@ declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead
  *   //               pr  w   port, target
  *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
  *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
@@ -2938,8 +2933,8 @@ declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 |
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443")
- * );
+ *   SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/svcb
@@ -2957,7 +2952,7 @@ declare function SVCB(name: string, priority: number, target: string, params: st
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // Create TLSA record for certificate used on TCP port 443
  *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
@@ -2990,7 +2985,7 @@ declare function TLSA(name: string, usage: number, selector: number, type: numbe
  *   A("foo", "2.3.4.5", TTL(500)), // overrides default
  *   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
  *   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
- * );
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/ttl
@@ -3017,8 +3012,8 @@ declare function TTL(ttl: Duration): RecordModifier;
  *       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
  *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
  *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
- *       TXT("long", "X".repeat(300)) // Long strings are split automatically.
- *     );
+ *       TXT("long", "X".repeat(300)), // Long strings are split automatically.
+ *     END);
  * ```
  *
  * NOTE: In the past, long strings had to be annotated with the keyword
diff --git a/documentation/ci-cd-gitlab.md b/documentation/ci-cd-gitlab.md
index d34f756cbe..676f68cbf9 100644
--- a/documentation/ci-cd-gitlab.md
+++ b/documentation/ci-cd-gitlab.md
@@ -25,8 +25,8 @@ D("cafferata.dev",
     TXT("spf", [
         "v=spf1",
         "-all"
-    ].join(" "))
-);
+    ].join(" ")),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/cli-variables.md b/documentation/cli-variables.md
index b996d36b91..8086de59c4 100644
--- a/documentation/cli-variables.md
+++ b/documentation/cli-variables.md
@@ -60,8 +60,8 @@ D("example.com", REG_NAMECOM, DnsProvider(DNS_NAMECOM), DnsProvider(DNS_BIND),
     A("sitea", host01, TTL(1800)),
     A("siteb", host01, TTL(1800)),
     A("sitec", host02, TTL(1800)),
-    A("sited", host02, TTL(1800))
-);
+    A("sited", host02, TTL(1800)),
+END);
 ```
 {% endcode %}
 
@@ -87,7 +87,7 @@ CLI_DEFAULTS({
 
 D("example.com", REG_EXAMPLE, DnsProvider(DNS_EXAMPLE),
     A("www", "10.10.10.10"),
-);
+END);
 
 if (emergency) {
     // Emergency mode: Configure A/B/C using CNAMEs to our alternate site.
@@ -95,8 +95,8 @@ if (emergency) {
     D_EXTEND("example.com",
         CNAME("a", "a.othersite"),
         CNAME("b", "b.othersite"),
-        CNAME("c", "c.othersite")
-    );
+        CNAME("c", "c.othersite"),
+    END);
 
 } else {
     // Normal operation: Configure A/B/C using A records.
@@ -104,8 +104,8 @@ if (emergency) {
     D_EXTEND("example.com",
         A("a", "10.10.10.10"),
         A("b", "10.10.10.11"),
-        A("c", "10.10.10.12")
-    );
+        A("c", "10.10.10.12"),
+    END);
 
 }
 ```
diff --git a/documentation/examples.md b/documentation/examples.md
index eb068fb3a1..385d54c678 100644
--- a/documentation/examples.md
+++ b/documentation/examples.md
@@ -12,8 +12,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     MX("mail", 20, "mailqueue"),
     TXT("the", "message"),
     NS("department2", "ns1.dnsexample.com."), // use different nameservers
-    NS("department2", "ns2.dnsexample.com.") // for department2.example.com
-)
+    NS("department2", "ns2.dnsexample.com."), // for department2.example.com
+END);
 ```
 {% endcode %}
 
@@ -31,8 +31,8 @@ D("example.com", REG_MY_PROVIDER,
     MX("@", 10, "4.3.2.1", mailTTL), // set TTL
 
     A("@", "1.2.3.4", TTL("10m")), // individual record
-    CNAME("mail", "mx01") // TTL of 5m, as defined per DefaultTTL()
-);
+    CNAME("mail", "mx01"), // TTL of 5m, as defined per DefaultTTL()
+END);
 ```
 {% endcode %}
 
@@ -46,7 +46,7 @@ var DSP_R53 = NewDnsProvider("route53_user1");
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
     A("@", addrA), // 1.2.3.4
     A("www", addrA + 1), // 1.2.3.5
-)
+END);
 ```
 {% endcode %}
 
@@ -72,7 +72,7 @@ var activeDC = dcA;
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
     A("@", activeDC + 5), // fixed address based on activeDC
-)
+END);
 ```
 {% endcode %}
 
@@ -99,8 +99,8 @@ var GOOGLE_APPS_CNAME_RECORDS = [
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
    GOOGLE_APPS_MX_RECORDS,
    GOOGLE_APPS_CNAME_RECORDS,
-   A("@", "1.2.3.4")
-)
+   A("@", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -123,7 +123,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       "~all"
     ]
   }),
-);
+END);
 ```
 {% endcode %}
 
@@ -133,8 +133,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 DEFAULTS(
     NAMESERVER_TTL("24h"),
     DefaultTTL("12h"),
-    CF_PROXY_DEFAULT_OFF
-);
+    CF_PROXY_DEFAULT_OFF,
+END);
 ```
 {% endcode %}
 
@@ -148,20 +148,20 @@ var DSP_R53 = NewDnsProvider("route53_user1");
 var DSP_GCLOUD = NewDnsProvider("gcloud_admin");
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53), DnsProvider(DSP_GCLOUD),
-   A("@", "1.2.3.4")
-)
+   A("@", "1.2.3.4"),
+END);
 
 // above zone uses 8 NS records total (4 from each provider dynamically gathered)
 // below zone will only take 2 from each for a total of 4. May be better for performance reasons.
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_R53, 2), DnsProvider(DSP_GCLOUD ,2),
-   A("@", "1.2.3.4")
-)
+   A("@", "1.2.3.4"),
+END);
 
 // or set a Provider as a non-authoritative backup (don"t register its nameservers)
 D("example3.com", REG_MY_PROVIDER, DnsProvider(DSP_R53), DnsProvider(DSP_GCLOUD, 0),
-   A("@", "1.2.3.4")
-)
+   A("@", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -189,7 +189,7 @@ var FASTMAIL_DKIM = function(the_domain){
   return [
     CNAME("fm1._domainkey", "fm1." + the_domain + ".dkim.fmhosted.com."),
     CNAME("fm2._domainkey", "fm2." + the_domain + ".dkim.fmhosted.com."),
-    CNAME("fm3._domainkey", "fm3." + the_domain + ".dkim.fmhosted.com.")
+    CNAME("fm3._domainkey", "fm3." + the_domain + ".dkim.fmhosted.com."),
   ]
 }
 ```
@@ -203,8 +203,8 @@ var DSP_R53_MAIN = NewDnsProvider("r53_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_R53_MAIN),
     FASTMAIL_MX,
-    FASTMAIL_DKIM("example.com")
-)
+    FASTMAIL_DKIM("example.com"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 8cabc76812..b3e85c499b 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -100,8 +100,8 @@ var REG_NONE = NewRegistrar("none");
 var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
-    A("@", "1.2.3.4")
-);
+    A("@", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/A.md b/documentation/language-reference/domain-modifiers/A.md
index c24c0d6342..14a4dda92d 100644
--- a/documentation/language-reference/domain-modifiers/A.md
+++ b/documentation/language-reference/domain-modifiers/A.md
@@ -22,7 +22,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@", "1.2.3.4"),
   A("foo", "2.3.4.5"),
   A("test.foo", IP("1.2.3.4"), TTL(5000)),
-  A("*", "1.2.3.4", {foo: 42})
-);
+  A("*", "1.2.3.4", {foo: 42}),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/AAAA.md b/documentation/language-reference/domain-modifiers/AAAA.md
index b1d2f7a665..6f83c1716d 100644
--- a/documentation/language-reference/domain-modifiers/AAAA.md
+++ b/documentation/language-reference/domain-modifiers/AAAA.md
@@ -24,7 +24,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AAAA("@", addrV6),
   AAAA("foo", addrV6),
   AAAA("test.foo", addrV6, TTL(5000)),
-  AAAA("*", addrV6, {foo: 42})
-);
+  AAAA("*", addrV6, {foo: 42}),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/ALIAS.md b/documentation/language-reference/domain-modifiers/ALIAS.md
index f7ef804ebf..502db74217 100644
--- a/documentation/language-reference/domain-modifiers/ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/ALIAS.md
@@ -22,6 +22,6 @@ Target should be a string representing the target. If it is a single label we wi
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   ALIAS("@", "google.com."), // example.com -> google.com
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
index 7164cf7d80..7a848193ff 100644
--- a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
+++ b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
@@ -23,13 +23,13 @@ correct syntax is `AUTODNSSEC_ON` not `AUTODNSSEC_ON()`
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
-  A("@", "10.1.1.1")
-);
+  A("@", "10.1.1.1"),
+END);
 
 D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
-  A("@", "10.2.2.2")
-);
+  A("@", "10.2.2.2"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md b/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
index 3e11030fa4..330f648492 100644
--- a/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
@@ -53,6 +53,6 @@ This arrangement is useful if you want some record sets to be aliases and some n
 D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CAA.md b/documentation/language-reference/domain-modifiers/CAA.md
index d7864cea79..c4718a536c 100644
--- a/documentation/language-reference/domain-modifiers/CAA.md
+++ b/documentation/language-reference/domain-modifiers/CAA.md
@@ -33,8 +33,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CAA("@", "issuewild", ";"),
   // Report all violation to test@example.com. If CA does not support
   // this record then refuse to issue any certificate
-  CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
-);
+  CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
index 75bb84f671..7f727cc318 100644
--- a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
@@ -37,6 +37,6 @@ This example redirects the bare (aka apex, or naked) domain to www:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
index 7543ebd54b..6578ba2364 100644
--- a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
@@ -30,6 +30,6 @@ managed by DNSControl and those that aren't.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md b/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
index 7515742745..a448dc0a97 100644
--- a/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
+++ b/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
@@ -30,6 +30,6 @@ This example assigns the patterns `api.example.com/*` and `example.com/api/*` to
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CNAME.md b/documentation/language-reference/domain-modifiers/CNAME.md
index 739ca5ab05..946f34a833 100644
--- a/documentation/language-reference/domain-modifiers/CNAME.md
+++ b/documentation/language-reference/domain-modifiers/CNAME.md
@@ -21,6 +21,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CNAME("foo", "google.com."), // foo.example.com -> google.com
   CNAME("abc", "@"), // abc.example.com -> example.com
   CNAME("def", "test"), // def.example.com -> test.example.com
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DHCID.md b/documentation/language-reference/domain-modifiers/DHCID.md
index 83213d32a9..45139ec725 100644
--- a/documentation/language-reference/domain-modifiers/DHCID.md
+++ b/documentation/language-reference/domain-modifiers/DHCID.md
@@ -17,7 +17,7 @@ Digest should be a string.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  DHCID("example.com", "ABCDEFG")
-);
+  DHCID("example.com", "ABCDEFG"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DNAME.md b/documentation/language-reference/domain-modifiers/DNAME.md
index 3d02fcf6b2..989cb8e781 100644
--- a/documentation/language-reference/domain-modifiers/DNAME.md
+++ b/documentation/language-reference/domain-modifiers/DNAME.md
@@ -17,7 +17,7 @@ Target should be a string.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  DNAME("sub", "example.net.")
-);
+  DNAME("sub", "example.net."),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DNSKEY.md b/documentation/language-reference/domain-modifiers/DNSKEY.md
index 2f6cf85876..e61dc92cfc 100644
--- a/documentation/language-reference/domain-modifiers/DNSKEY.md
+++ b/documentation/language-reference/domain-modifiers/DNSKEY.md
@@ -29,7 +29,7 @@ Public key must be a string.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  DNSKEY("@", 257, 3, 13, "AABBCCDD")
-);
+  DNSKEY("@", 257, 3, 13, "AABBCCDD"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DS.md b/documentation/language-reference/domain-modifiers/DS.md
index ae9cc25f02..0eb9941f30 100644
--- a/documentation/language-reference/domain-modifiers/DS.md
+++ b/documentation/language-reference/domain-modifiers/DS.md
@@ -29,7 +29,7 @@ Digest must be a string.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  DS("example.com", 2371, 13, 2, "ABCDEF")
-);
+  DS("example.com", 2371, 13, 2, "ABCDEF"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DefaultTTL.md b/documentation/language-reference/domain-modifiers/DefaultTTL.md
index bc8516f5e7..6a9d740794 100644
--- a/documentation/language-reference/domain-modifiers/DefaultTTL.md
+++ b/documentation/language-reference/domain-modifiers/DefaultTTL.md
@@ -17,8 +17,8 @@ NS records are currently a special case, and do not inherit from `DefaultTTL`. S
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DefaultTTL("4h"),
   A("@","1.2.3.4"), // uses default
-  A("foo", "2.3.4.5", TTL(600)) // overrides default
-);
+  A("foo", "2.3.4.5", TTL(600)), // overrides default
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/HTTPS.md b/documentation/language-reference/domain-modifiers/HTTPS.md
index 5fe96d6bb2..486d881b95 100644
--- a/documentation/language-reference/domain-modifiers/HTTPS.md
+++ b/documentation/language-reference/domain-modifiers/HTTPS.md
@@ -26,7 +26,7 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
-  HTTPS("@", 1, "test.com", "")
-);
+  HTTPS("@", 1, "test.com", ""),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
index 3476bfacd2..8bdff9ab0b 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
@@ -52,16 +52,16 @@ var TRANSFORM_INT = [
 ]
 
 D("foo.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("one","1.2.3.1")
-  A("two","1.2.3.2")
-  A("three","1.2.3.13")
-  A("four","1.2.3.14")
-);
+  A("one","1.2.3.1"),
+  A("two","1.2.3.2"),
+  A("three","1.2.3.13"),
+  A("four","1.2.3.14"),
+END);
 
 D("bar.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("www","123.123.123.123")
+  A("www","123.123.123.123"),
   IMPORT_TRANSFORM(TRANSFORM_INT, "foo.com", 300),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/INCLUDE.md b/documentation/language-reference/domain-modifiers/INCLUDE.md
index 64944668e1..26bcfce8fa 100644
--- a/documentation/language-reference/domain-modifiers/INCLUDE.md
+++ b/documentation/language-reference/domain-modifiers/INCLUDE.md
@@ -12,12 +12,12 @@ Includes all records from a given domain
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("test", "8.8.8.8")
-);
+  A("test", "8.8.8.8"),
+END);
 
 D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   INCLUDE("example.com!external"),
-  A("home", "127.0.0.1")
-);
+  A("home", "127.0.0.1"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/LOC.md b/documentation/language-reference/domain-modifiers/LOC.md
index 316bc8c01c..f41696fb30 100644
--- a/documentation/language-reference/domain-modifiers/LOC.md
+++ b/documentation/language-reference/domain-modifiers/LOC.md
@@ -105,16 +105,15 @@ The coordinate format for `LOC()` is:
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
   //42 21 54     N  71 06  18     W -24m 30m
-  , LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0)
+  LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0),
   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
-  , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10)
+  LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10),
   //52 14 05     N  00 08  50     E 10m
-  , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0)
+  LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0),
   //32  7 19     S 116  2  25     E 10m
-  , LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0)
+  LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0),
   //42 21 28.764 N  71 00  51.617 W -44m 2000m
-  , LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0)
-);
-
+  LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
index 28a75682cb..633c67b295 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
@@ -42,27 +42,26 @@ The White House:
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-    LOC_BUILDER_DD({
+  LOC_BUILDER_DD({
     label: "big-ben",
     x: 51.50084265331501,
     y: -0.12462541415599787,
     alt: 6,
-  })
-  , LOC_BUILDER_DD({
+  }),
+  LOC_BUILDER_DD({
     label: "white-house",
     x: 38.89775977858357,
     y: -77.03655125982903,
     alt: 19,
-  })
-  , LOC_BUILDER_DD({
+  }),
+  LOC_BUILDER_DD({
     label: "white-house-ttl",
     x: 38.89775977858357,
     y: -77.03655125982903,
     alt: 19,
     ttl: "5m",
-  })
-);
-
+  }),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
index 34b15dbcd1..9dc3f044e3 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
@@ -40,9 +40,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     label: "tasmania",
     str: "42°S 147°E",
     alt: 3,
-  })
-);
-
+  }),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
index eb1b587609..4960d7eb9d 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
@@ -41,9 +41,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     str: "33°51′31″S 151°12′51″E",
     alt: 4,
     ttl: "5m",
-  })
-);
-
+  }),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
index 3f05e3bc16..2235249e72 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
@@ -33,23 +33,22 @@ Accepts a string and tries all `LOC_BUILDER_DM*_STR({})` methods:
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  , LOC_BUILDER_STR({
+  LOC_BUILDER_STR({
     label: "old-faithful",
     str: "44.46046°N 110.82815°W",
     alt: 2240,
-  })
-  , LOC_BUILDER_STR({
+  }),
+  LOC_BUILDER_STR({
     label: "ribblehead-viaduct",
     str: "54.210436°N 2.370231°W",
     alt: 300,
-  })
-  , LOC_BUILDER_STR({
+  }),
+  LOC_BUILDER_STR({
     label: "guinness-brewery",
     str: "53°20′40″N 6°17′20″W",
     alt: 300,
-  })
-);
-
+  }),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/MX.md b/documentation/language-reference/domain-modifiers/MX.md
index e5ba4b27d5..2ec837a51d 100644
--- a/documentation/language-reference/domain-modifiers/MX.md
+++ b/documentation/language-reference/domain-modifiers/MX.md
@@ -22,7 +22,7 @@ Target should be a string representing the MX target. If it is a single label we
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   MX("@", 5, "mail"), // mx example.com -> mail.example.com
-  MX("sub", 10, "mail.foo.com.")
-);
+  MX("sub", 10, "mail.foo.com."),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER.md b/documentation/language-reference/domain-modifiers/NAMESERVER.md
index d404ec86af..a132966e1f 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER.md
@@ -27,13 +27,13 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Replace the nameservers:
   NAMESERVER("ns1.myserver.com."),
   NAMESERVER("ns2.myserver.com."),
-);
+END);
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Add these two additional nameservers to the existing list of nameservers.
   NAMESERVER("ns1.myserver.com."),
   NAMESERVER("ns2.myserver.com."),
-);
+END);
 ```
 {% endcode %}
 
@@ -85,6 +85,6 @@ It looks like this:
 var REG_THIRDPARTY = NewRegistrar("ThirdParty");
 D("example.com", REG_THIRDPARTY,
   ...
-)
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
index b2d7997b6e..f952ac9f8b 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
@@ -16,8 +16,8 @@ The value can be an integer or a string. See [`TTL`](../record-modifiers/TTL.md)
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NAMESERVER_TTL("2d"),
-  NAMESERVER("ns")
-);
+  NAMESERVER("ns"),
+END);
 ```
 {% endcode %}
 
@@ -31,8 +31,8 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NAMESERVER("ns1.provider.com."), //inherits NAMESERVER_TTL
   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
   A("@","1.2.3.4"), // inherits DefaultTTL
-  A("foo", "2.3.4.5", TTL(600)) // overrides DefaultTTL for this record only
-);
+  A("foo", "2.3.4.5", TTL(600)), // overrides DefaultTTL for this record only
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NAPTR.md b/documentation/language-reference/domain-modifiers/NAPTR.md
index afb8473938..5a6a147b71 100644
--- a/documentation/language-reference/domain-modifiers/NAPTR.md
+++ b/documentation/language-reference/domain-modifiers/NAPTR.md
@@ -166,8 +166,8 @@ D("3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
   NAPTR("7",  10, 10, "u", "E2U+SIP", "!^.*$!sip:jane@example.com!", "."),
   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
-  NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", ".")
-);
+  NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", "."),
+END);
 ```
 {% endcode %}
 
@@ -177,8 +177,8 @@ Single e164 zone
 D("4.3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
-  NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", ".")
-);
+  NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", "."),
+END);
 ```
 {% endcode %}
 
@@ -199,7 +199,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("sip", "192.0.2.2"),
   AAAA("sip", "2001:db8::85a3"),
   // and so on
-);
+END);
 ```
 {% endcode %}
 
@@ -217,7 +217,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
   // and so on
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NO_PURGE.md b/documentation/language-reference/domain-modifiers/NO_PURGE.md
index 9d511b5a78..f60e13ff24 100644
--- a/documentation/language-reference/domain-modifiers/NO_PURGE.md
+++ b/documentation/language-reference/domain-modifiers/NO_PURGE.md
@@ -28,8 +28,8 @@ in place.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
-  A("foo","1.2.3.4")
-);
+  A("foo","1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NS.md b/documentation/language-reference/domain-modifiers/NS.md
index 2d9bb3f3a0..d26d5936df 100644
--- a/documentation/language-reference/domain-modifiers/NS.md
+++ b/documentation/language-reference/domain-modifiers/NS.md
@@ -25,6 +25,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
   A("ns1.example2.com", "10.10.10.10"), // Glue records
   A("ns2.example2.com", "10.10.10.20"), // Glue records
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/PTR.md b/documentation/language-reference/domain-modifiers/PTR.md
index e8ea94e57a..2853880280 100644
--- a/documentation/language-reference/domain-modifiers/PTR.md
+++ b/documentation/language-reference/domain-modifiers/PTR.md
@@ -68,7 +68,7 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
   PTR("3", "baz.example.com."),
   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
   PTR("1.2.3.10", "ten.example.com."),    // "10"
-);
+END);
 ```
 {% endcode %}
 
@@ -76,7 +76,7 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
 ```javascript
 D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
   PTR("9.9.9.129", "first.example.com."),
-);
+END);
 ```
 {% endcode %}
 
@@ -87,7 +87,7 @@ D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
-);
+END);
 ```
 {% endcode %}
 
@@ -111,10 +111,10 @@ function FORWARD_AND_REVERSE(ipaddr, fqdn) {
 
 D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
     ...,
-    END);
+END);
 D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
     ...,
-    END);
+END);
 
 FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
 FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
diff --git a/documentation/language-reference/domain-modifiers/PURGE.md b/documentation/language-reference/domain-modifiers/PURGE.md
index 7b7593d005..7cc27651e2 100644
--- a/documentation/language-reference/domain-modifiers/PURGE.md
+++ b/documentation/language-reference/domain-modifiers/PURGE.md
@@ -25,7 +25,7 @@ Purge is the default, but we set it anyway:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   PURGE,
-);
+END);
 ```
 {% endcode %}
 
@@ -39,6 +39,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   PURGE,
   NO_PURGE,
   PURGE,
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/R53_ALIAS.md b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
index c7f4b0d0c0..807a23f9cf 100644
--- a/documentation/language-reference/domain-modifiers/R53_ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
@@ -49,6 +49,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SOA.md b/documentation/language-reference/domain-modifiers/SOA.md
index 649bbdf324..078c41b378 100644
--- a/documentation/language-reference/domain-modifiers/SOA.md
+++ b/documentation/language-reference/domain-modifiers/SOA.md
@@ -26,7 +26,7 @@ parameter_types:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/SPF_BUILDER.md b/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
index 2d3ba98787..71660b217b 100644
--- a/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
@@ -40,8 +40,8 @@ Here is an example of how SPF settings are normally done:
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all")
-)
+  TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all"),
+END)
 ```
 {% endcode %}
 
@@ -81,7 +81,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
     ]
   }),
-);
+END);
 ```
 {% endcode %}
 
@@ -118,7 +118,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   }),
   ...
   ...
-);
+END);
 ```
 {% endcode %}
 
@@ -306,11 +306,11 @@ var SPF_MYSETTINGS = SPF_BUILDER({
 });
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-    SPF_MYSETTINGS
-);
+    SPF_MYSETTINGS,
+END);
 
 D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-     SPF_MYSETTINGS
-);
+     SPF_MYSETTINGS,
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SRV.md b/documentation/language-reference/domain-modifiers/SRV.md
index b0c4c71b0b..e52e1101d0 100644
--- a/documentation/language-reference/domain-modifiers/SRV.md
+++ b/documentation/language-reference/domain-modifiers/SRV.md
@@ -27,6 +27,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   //               pr  w   port, target
   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SVCB.md b/documentation/language-reference/domain-modifiers/SVCB.md
index 8aa6a4acc4..8972603683 100644
--- a/documentation/language-reference/domain-modifiers/SVCB.md
+++ b/documentation/language-reference/domain-modifiers/SVCB.md
@@ -25,7 +25,7 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443")
-);
+  SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/TLSA.md b/documentation/language-reference/domain-modifiers/TLSA.md
index 8299cbd9fa..6a626acfad 100644
--- a/documentation/language-reference/domain-modifiers/TLSA.md
+++ b/documentation/language-reference/domain-modifiers/TLSA.md
@@ -27,6 +27,6 @@ Certificate is a hex string.
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Create TLSA record for certificate used on TCP port 443
   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/TXT.md b/documentation/language-reference/domain-modifiers/TXT.md
index d7ec0969ff..04f3eb9ef2 100644
--- a/documentation/language-reference/domain-modifiers/TXT.md
+++ b/documentation/language-reference/domain-modifiers/TXT.md
@@ -30,8 +30,8 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
       TXT("multiple", ["one", "two", "three"]),  // Multiple strings
       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
-      TXT("long", "X".repeat(300)) // Long strings are split automatically.
-    );
+      TXT("long", "X".repeat(300)), // Long strings are split automatically.
+    END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/record-modifiers/TTL.md b/documentation/language-reference/record-modifiers/TTL.md
index a76806e0be..e967638092 100644
--- a/documentation/language-reference/record-modifiers/TTL.md
+++ b/documentation/language-reference/record-modifiers/TTL.md
@@ -32,6 +32,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("foo", "2.3.4.5", TTL(500)), // overrides default
   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
-);
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/D.md b/documentation/language-reference/top-level-functions/D.md
index d2d48c84e3..393170ac33 100644
--- a/documentation/language-reference/top-level-functions/D.md
+++ b/documentation/language-reference/top-level-functions/D.md
@@ -26,8 +26,8 @@ Modifier arguments are processed according to type as follows:
 // simple domain
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
-  CNAME("test", "foo.example2.com.")
-);
+  CNAME("test", "foo.example2.com."),
+END);
 
 // "macro" for records that can be mixed into any zone
 var GOOGLE_APPS_DOMAIN_MX = [
@@ -41,12 +41,11 @@ var GOOGLE_APPS_DOMAIN_MX = [
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
   CNAME("test", "foo.example2.com."),
-  GOOGLE_APPS_DOMAIN_MX
-);
+  GOOGLE_APPS_DOMAIN_MX,
+END);
 ```
 {% endcode %}
 
-
 # Split Horizon DNS
 
 DNSControl supports Split Horizon DNS. Simply
@@ -64,16 +63,16 @@ var DNS_INSIDE = NewDnsProvider("Cloudflare");
 var DNS_OUTSIDE = NewDnsProvider("bind");
 
 D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
-  A("www", "10.10.10.10")
-);
+  A("www", "10.10.10.10"),
+END);
 
 D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
-  A("www", "20.20.20.20")
-);
+  A("www", "20.20.20.20"),
+END);
 
 D_EXTEND("example.com!inside",
-  A("internal", "10.99.99.99")
-);
+  A("internal", "10.99.99.99"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/DEFAULTS.md b/documentation/language-reference/top-level-functions/DEFAULTS.md
index c316795816..17b54939e4 100644
--- a/documentation/language-reference/top-level-functions/DEFAULTS.md
+++ b/documentation/language-reference/top-level-functions/DEFAULTS.md
@@ -19,12 +19,12 @@ The domain `example.com` will have the defaults set.
 var COMMON = NewDnsProvider("foo");
 DEFAULTS(
   DnsProvider(COMMON, 0),
-  DefaultTTL("1d")
-);
+  DefaultTTL("1d"),
+END);
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -36,7 +36,7 @@ The domain `example2.com` will **not** have the defaults set.
 DEFAULTS();
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
index 5c30a1448f..b41aa374ee 100644
--- a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
@@ -34,8 +34,8 @@ DOMAIN_ELSEWHERE("example.com", REG_MY_PROVIDER, ["ns1.foo.com", "ns2.foo.com"])
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     NO_PURGE,
     NAMESERVER("ns1.foo.com"),
-    NAMESERVER("ns2.foo.com")
-);
+    NAMESERVER("ns2.foo.com"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
index 74ad034932..be25be0836 100644
--- a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
@@ -38,8 +38,8 @@ DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
 ```javascript
 D("example.com", REG_NAMEDOTCOM,
     NO_PURGE,
-    DnsProvider(DSP_AZURE)
-);
+    DnsProvider(DSP_AZURE),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/D_EXTEND.md b/documentation/language-reference/top-level-functions/D_EXTEND.md
index 21f596c77a..c2b77abda8 100644
--- a/documentation/language-reference/top-level-functions/D_EXTEND.md
+++ b/documentation/language-reference/top-level-functions/D_EXTEND.md
@@ -37,25 +37,25 @@ in a `D_EXTEND` subdomain may not be what you expect.
 D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
   A("@", "127.0.0.1"), // domain.tld
   A("www", "127.0.0.2"), // www.domain.tld
-  CNAME("a", "b") // a.domain.tld -> b.domain.tld
-);
+  CNAME("a", "b"), // a.domain.tld -> b.domain.tld
+END);
 D_EXTEND("domain.tld",
   A("aaa", "127.0.0.3"), // aaa.domain.tld
-  CNAME("c", "d") // c.domain.tld -> d.domain.tld
-);
+  CNAME("c", "d"), // c.domain.tld -> d.domain.tld
+END);
 D_EXTEND("sub.domain.tld",
   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
-  CNAME("e", "f") // e.sub.domain.tld -> f.sub.domain.tld
-);
+  CNAME("e", "f"), // e.sub.domain.tld -> f.sub.domain.tld
+END);
 D_EXTEND("sub.sub.domain.tld",
   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
-  CNAME("g", "h") // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
-);
+  CNAME("g", "h"), // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
+END);
 D_EXTEND("sub.domain.tld",
   A("@", "127.0.0.7"), // sub.domain.tld
-  CNAME("i", "j") // i.sub.domain.tld -> j.sub.domain.tld
-);
+  CNAME("i", "j"), // i.sub.domain.tld -> j.sub.domain.tld
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/FETCH.md b/documentation/language-reference/top-level-functions/FETCH.md
index eab3e82ae7..99b083001c 100644
--- a/documentation/language-reference/top-level-functions/FETCH.md
+++ b/documentation/language-reference/top-level-functions/FETCH.md
@@ -22,9 +22,9 @@ Otherwise the syntax of `FETCH` is the same as `fetch`.
 
 {% code title="dnsconfig.js" %}
 ```javascript
-D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), [
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@", "1.2.3.4"),
-]);
+END);
 
 FETCH("https://example.com", {
   // All three options below are optional
diff --git a/documentation/language-reference/top-level-functions/NewDnsProvider.md b/documentation/language-reference/top-level-functions/NewDnsProvider.md
index 4c9f394842..c44855cda4 100644
--- a/documentation/language-reference/top-level-functions/NewDnsProvider.md
+++ b/documentation/language-reference/top-level-functions/NewDnsProvider.md
@@ -31,8 +31,8 @@ var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
 var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -44,7 +44,7 @@ var REG_MYNDC = NewRegistrar("mynamedotcom");
 var DNS_MYAWS = NewDnsProvider("myaws");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/NewRegistrar.md b/documentation/language-reference/top-level-functions/NewRegistrar.md
index 1f0a897036..1eb3b69cb6 100644
--- a/documentation/language-reference/top-level-functions/NewRegistrar.md
+++ b/documentation/language-reference/top-level-functions/NewRegistrar.md
@@ -31,8 +31,8 @@ var REG_MYNDC = NewRegistrar("mynamedotcom", "NAMEDOTCOM");
 var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -44,7 +44,7 @@ var REG_MYNDC = NewRegistrar("mynamedotcom");
 var DNS_MYAWS = NewDnsProvider("myaws");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
-  A("@","1.2.3.4")
-);
+  A("@","1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/REV.md b/documentation/language-reference/top-level-functions/REV.md
index a8a77dd44a..582ef57d28 100644
--- a/documentation/language-reference/top-level-functions/REV.md
+++ b/documentation/language-reference/top-level-functions/REV.md
@@ -63,14 +63,14 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
   PTR("3", "baz.example.com."),
   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("1.2.3.10", "ten.example.com."),
-);
+END);
 
 D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/require.md b/documentation/language-reference/top-level-functions/require.md
index 7e7482e245..b4fc7d6b5b 100644
--- a/documentation/language-reference/top-level-functions/require.md
+++ b/documentation/language-reference/top-level-functions/require.md
@@ -45,8 +45,8 @@ Here's a more complex example:
 require("kubernetes/clusters.js");
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-    IncludeKubernetes()
-);
+    IncludeKubernetes(),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md b/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
index 7f926d83d6..9746454494 100644
--- a/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
+++ b/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
@@ -4,7 +4,7 @@ var REG_NONE = NewRegistrar("none");
 var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
-    A("@", "1.2.3.4")
-);
+    A("@", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/nameservers.md b/documentation/nameservers.md
index 3b58c9f340..7f62d8b3b1 100644
--- a/documentation/nameservers.md
+++ b/documentation/nameservers.md
@@ -45,8 +45,8 @@ Simplicity.
 ```javascript
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -64,8 +64,8 @@ you want to use a high-performance DNS server.
 ```javascript
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_AWS),
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -85,8 +85,8 @@ updating the zone's records (most likely at a different provider).
 ```javascript
 D("example.com", REG_THIRDPARTY,
   DnsProvider(DNS_NAMECOM),
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -108,7 +108,7 @@ D("example.com", REG_NAMECOM,
   NAMESERVER("dns2.p03.nsone.net."),
   NAMESERVER("dns3.p03.nsone.net."),
   NAMESERVER("dns4.p03.nsone.net."),
-);
+END);
 ```
 {% endcode %}
 
@@ -130,8 +130,8 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_CLOUDFLARE, 0),  // Set the DNS provider but ignore the nameservers it suggests (0 == take none of the names it reports)
   NAMESERVER("kim.ns.cloudflare.com."),
   NAMESERVER("walt.ns.cloudflare.com."),
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -149,8 +149,8 @@ Usually only to correct a bug or misconfiguration elsewhere.
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
   NAMESERVER("ns1.myexample.com"),
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -173,8 +173,8 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM), // Our real DNS server
   DnsProvider(DNS_CLOUDFLARE, 0), // Quietly send a copy of the zone here.
   DnsProvider(DNS_BIND, 0), // And here too!
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -203,8 +203,8 @@ More info: https://www.dns-oarc.net/files/workshop-201203/OARC-workshop-London-2
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_AWS, 2),  // Take 2 nameservers from AWS
   DnsProvider(DNS_GOOGLE, 2),  // Take 2 nameservers from GCP
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -232,8 +232,8 @@ this is the output of DNSControl, not the input.
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
   DnsProvider(DNS_BIND, 0), // Don't activate any nameservers related to BIND.
-  A("@", "10.2.3.4")
-);
+  A("@", "10.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -257,7 +257,7 @@ var REG_MONITOR = NewRegistrar("DNS-over-HTTPS");
 D("example.com", REG_MONITOR,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/notifications.md b/documentation/notifications.md
index 6b27bde837..ddbec9a5d2 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -34,7 +34,7 @@ Below is an example where we add [the A record](language-reference/domain-modifi
 ```diff
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 + A("foo", "1.2.3.4"),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/akamaiedgedns.md b/documentation/provider/akamaiedgedns.md
index 8f9e827932..1877ab91b7 100644
--- a/documentation/provider/akamaiedgedns.md
+++ b/documentation/provider/akamaiedgedns.md
@@ -71,8 +71,8 @@ D("example.com", REG_NONE, DnsProvider(DSP_AKAMAIEDGEDNS),
   NAMESERVER_TTL(86400),
   AUTODNSSEC_ON,
   AKAMAICDN("@", "www.preconfigured.edgesuite.net", TTL(20)),
-  A("foo", "1.2.3.4")
-);
+  A("foo", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/autodns.md b/documentation/provider/autodns.md
index d804111cab..cebc550b87 100644
--- a/documentation/provider/autodns.md
+++ b/documentation/provider/autodns.md
@@ -28,7 +28,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_AUTODNS = NewDnsProvider("autodns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AUTODNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/azure_dns.md b/documentation/provider/azure_dns.md
index 2d1070917a..32157e342e 100644
--- a/documentation/provider/azure_dns.md
+++ b/documentation/provider/azure_dns.md
@@ -59,8 +59,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_AZURE_MAIN = NewDnsProvider("azuredns_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AZURE_MAIN),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/azure_private_dns.md b/documentation/provider/azure_private_dns.md
index b55feccd7e..85911429b2 100644
--- a/documentation/provider/azure_private_dns.md
+++ b/documentation/provider/azure_private_dns.md
@@ -57,8 +57,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_AZURE_PRIVATE_MAIN = NewDnsProvider("azure_private_dns_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AZURE_PRIVATE_MAIN),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/bunny_dns.md b/documentation/provider/bunny_dns.md
index 1d5e9f0043..6afe663980 100644
--- a/documentation/provider/bunny_dns.md
+++ b/documentation/provider/bunny_dns.md
@@ -47,8 +47,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_BUNNY_DNS = NewDnsProvider("bunny_dns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_BUNNY_DNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index 2a181fcb0b..b0da09c644 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -161,8 +161,8 @@ var DSP_CLOUDFLARE = NewDnsProvider("cloudflare");
 D("example.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("www1","1.2.3.11", CF_PROXY_ON),        // turn proxy ON.
     A("www2","1.2.3.12", CF_PROXY_OFF),       // default is OFF, this is a no-op.
-    A("www3","1.2.3.13", {"cloudflare_proxy": "on"}) // Old format.
-);
+    A("www3","1.2.3.13", {"cloudflare_proxy": "on"}), // Old format.
+END);
 ```
 {% endcode %}
 
@@ -180,8 +180,8 @@ D("example.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("notproxied", "1.2.3.5"),
     A("another", "1.2.3.6", CF_PROXY_ON),
     ALIAS("@", "www.example.com.", CF_PROXY_ON),
-    CNAME("myalias", "www.example.com.", CF_PROXY_ON)
-);
+    CNAME("myalias", "www.example.com.", CF_PROXY_ON),
+END);
 
 // Example domain where the CF proxy default is set to "on":
 D("example2.tld", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
@@ -190,8 +190,8 @@ D("example2.tld", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("notproxied", "1.2.3.5", CF_PROXY_OFF),
     A("another", "1.2.3.6"),
     ALIAS("@", "www.example2.tld."),
-    CNAME("myalias", "www.example2.tld.")
-);
+    CNAME("myalias", "www.example2.tld."),
+END);
 ```
 {% endcode %}
 
@@ -223,7 +223,7 @@ D("chiphacker.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("meta", "1.2.3.4", CF_PROXY_ON),
 
     // ...
-);
+END);
 ```
 {% endcode %}
 
@@ -246,7 +246,7 @@ D("foo.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     // Assign the patterns `api.foo.com/*` and `foo.com/api/*` to `my-worker` script.
     CF_WORKER_ROUTE("api.foo.com/*", "my-worker"),
     CF_WORKER_ROUTE("foo.com/api/*", "my-worker"),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cloudns.md b/documentation/provider/cloudns.md
index 7536ae33bb..a2f19d38e2 100644
--- a/documentation/provider/cloudns.md
+++ b/documentation/provider/cloudns.md
@@ -42,8 +42,8 @@ var DSP_CLOUDNS = NewDnsProvider("cloudns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_CLOUDNS),
   CLOUDNS_WR("@", "http://example.com/"),
-  CLOUDNS_WR("www", "http://example.com/")
-)
+  CLOUDNS_WR("www", "http://example.com/"),
+END)
 ```
 {% endcode %}
 
@@ -56,8 +56,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_CLOUDNS = NewDnsProvider("cloudns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_CLOUDNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cscglobal.md b/documentation/provider/cscglobal.md
index fef8b025ec..b0542615ac 100644
--- a/documentation/provider/cscglobal.md
+++ b/documentation/provider/cscglobal.md
@@ -37,8 +37,8 @@ var REG_CSCGLOBAL = NewRegistrar("cscglobal");
 var DSP_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_CSCGLOBAL, DnsProvider(DSP_BIND),
-  A("test", "1.2.3.4")
-);
+  A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/desec.md b/documentation/provider/desec.md
index 8b21439359..397912804c 100644
--- a/documentation/provider/desec.md
+++ b/documentation/provider/desec.md
@@ -28,8 +28,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_DESEC = NewDnsProvider("desec");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DESEC),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/digitalocean.md b/documentation/provider/digitalocean.md
index d592a7051d..e9e3311d08 100644
--- a/documentation/provider/digitalocean.md
+++ b/documentation/provider/digitalocean.md
@@ -28,8 +28,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_DIGITALOCEAN = NewDnsProvider("mydigitalocean");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DIGITALOCEAN),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsimple.md b/documentation/provider/dnsimple.md
index a096f9551d..a27a3ed353 100644
--- a/documentation/provider/dnsimple.md
+++ b/documentation/provider/dnsimple.md
@@ -37,8 +37,8 @@ var REG_DNSIMPLE = NewRegistrar("dnsimple");
 var DSP_DNSIMPLE = NewDnsProvider("dnsimple");
 
 D("example.com", REG_DNSIMPLE, DnsProvider(DSP_DNSIMPLE),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsmadeeasy.md b/documentation/provider/dnsmadeeasy.md
index 5357ccaaea..388315564b 100644
--- a/documentation/provider/dnsmadeeasy.md
+++ b/documentation/provider/dnsmadeeasy.md
@@ -37,8 +37,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_DNSMADEEASY = NewDnsProvider("dnsmadeeasy");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DNSMADEEASY),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsoverhttps.md b/documentation/provider/dnsoverhttps.md
index 002a88c315..399eb0260a 100644
--- a/documentation/provider/dnsoverhttps.md
+++ b/documentation/provider/dnsoverhttps.md
@@ -48,7 +48,7 @@ var REG_MONITOR = NewRegistrar("dohcloudflare");
 D("example.com", REG_MONITOR,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/domainnameshop.md b/documentation/provider/domainnameshop.md
index abb115f01d..9b6a9cc88a 100644
--- a/documentation/provider/domainnameshop.md
+++ b/documentation/provider/domainnameshop.md
@@ -29,8 +29,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_DOMAINNAMESHOP = NewDnsProvider("mydomainnameshop");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DOMAINNAMESHOP),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/easyname.md b/documentation/provider/easyname.md
index 748d771f70..fd93d999aa 100644
--- a/documentation/provider/easyname.md
+++ b/documentation/provider/easyname.md
@@ -35,7 +35,7 @@ var REG_EASYNAME = NewRegistrar("easyname");
 D("example.com", REG_EASYNAME,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/exoscale.md b/documentation/provider/exoscale.md
index e245bdd476..e57ba347ed 100644
--- a/documentation/provider/exoscale.md
+++ b/documentation/provider/exoscale.md
@@ -13,7 +13,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_EXOSCALE = NewDnsProvider("exoscale");
 
 D("example.com", REG_NONE, DnsProvider(DSP_EXOSCALE),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/gandi_v5.md b/documentation/provider/gandi_v5.md
index bf9dc3a264..856471d5d6 100644
--- a/documentation/provider/gandi_v5.md
+++ b/documentation/provider/gandi_v5.md
@@ -59,8 +59,8 @@ var REG_GANDI = NewRegistrar("gandi");
 var DSP_GANDI = NewDnsProvider("gandi");
 
 D("example.com", REG_GANDI, DnsProvider(DSP_GANDI),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/gcloud.md b/documentation/provider/gcloud.md
index aba14354fe..66e6defb61 100644
--- a/documentation/provider/gcloud.md
+++ b/documentation/provider/gcloud.md
@@ -65,8 +65,8 @@ var REG_NAMECOM = NewRegistrar("name.com");
 var DSP_GCLOUD = NewDnsProvider("gcloud");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_GCLOUD),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -108,8 +108,8 @@ var DSP_GCLOUD = NewDnsProvider("gcloud", {
 });
 
 D("example.tld", REG_NAMECOM, DnsProvider(DSP_GCLOUD),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/gcore.md b/documentation/provider/gcore.md
index 39d505efd6..9a7b89fa50 100644
--- a/documentation/provider/gcore.md
+++ b/documentation/provider/gcore.md
@@ -28,8 +28,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_GCORE = NewDnsProvider("gcore");
 
 D("example.com", REG_NONE, DnsProvider(DSP_GCORE),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hedns.md b/documentation/provider/hedns.md
index 6b8be53f9f..a5aa66aaf0 100644
--- a/documentation/provider/hedns.md
+++ b/documentation/provider/hedns.md
@@ -111,7 +111,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_HEDNS = NewDnsProvider("hedns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_HEDNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/hetzner.md b/documentation/provider/hetzner.md
index ab1b9bc5f6..b6c3cf3e91 100644
--- a/documentation/provider/hetzner.md
+++ b/documentation/provider/hetzner.md
@@ -31,8 +31,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_HETZNER = NewDnsProvider("hetzner");
 
 D("example.com", REG_NONE, DnsProvider(DSP_HETZNER),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hexonet.md b/documentation/provider/hexonet.md
index 5a2dbcbec1..83b5ba5f63 100644
--- a/documentation/provider/hexonet.md
+++ b/documentation/provider/hexonet.md
@@ -91,8 +91,8 @@ D("example.com", REG_HEXONET, DnsProvider(DSP_HEXONET),
     NAMESERVER("ns3.ispapi.net"),
     NAMESERVER("ns4.ispapi.net"),
     A("elk1", "10.190.234.178"),
-    A("test", "56.123.54.12")
-);
+    A("test", "56.123.54.12"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hostingde.md b/documentation/provider/hostingde.md
index 765368947c..56f1abceca 100644
--- a/documentation/provider/hostingde.md
+++ b/documentation/provider/hostingde.md
@@ -26,8 +26,8 @@ var REG_HOSTINGDE = NewRegistrar("hosting.de");
 var DSP_HOSTINGDE = NewDnsProvider("hosting.de");
 
 D("example.com", REG_HOSTINGDE, DnsProvider(DSP_HOSTINGDE),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/internetbs.md b/documentation/provider/internetbs.md
index 3727da2809..02f982c341 100644
--- a/documentation/provider/internetbs.md
+++ b/documentation/provider/internetbs.md
@@ -32,7 +32,7 @@ var REG_INTERNETBS = NewRegistrar("internetbs");
 D("example.com", REG_INTERNETBS,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/inwx.md b/documentation/provider/inwx.md
index ceb29671a7..2470fba5ed 100644
--- a/documentation/provider/inwx.md
+++ b/documentation/provider/inwx.md
@@ -105,7 +105,7 @@ var REG_INWX = NewRegistrar("inwx");
 var DSP_CF = NewDnsProvider("cloudflare");
 
 D("example.com", REG_INWX, DnsProvider(DSP_CF),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/linode.md b/documentation/provider/linode.md
index c35f213304..76834e46b4 100644
--- a/documentation/provider/linode.md
+++ b/documentation/provider/linode.md
@@ -28,8 +28,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_LINODE = NewDnsProvider("linode");
 
 D("example.com", REG_NONE, DnsProvider(DSP_LINODE),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/loopia.md b/documentation/provider/loopia.md
index 034cc49e47..9b0ce5ae96 100644
--- a/documentation/provider/loopia.md
+++ b/documentation/provider/loopia.md
@@ -198,8 +198,8 @@ D("example.com", REG_LOOPIA, DnsProvider(DSP_LOOPIA),
     //NAMESERVER("ns1.loopia.se."), //default
     //NAMESERVER("ns2.loopia.se."), //default
     A("elk1", "192.0.2.1"),
-    A("test", "192.0.2.2")
-);
+    A("test", "192.0.2.2"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/luadns.md b/documentation/provider/luadns.md
index ee6ce7a8d8..46e0f3418d 100644
--- a/documentation/provider/luadns.md
+++ b/documentation/provider/luadns.md
@@ -29,8 +29,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_LUADNS = NewDnsProvider("luadns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_LUADNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/msdns.md b/documentation/provider/msdns.md
index d3991d3457..a80b8d1925 100644
--- a/documentation/provider/msdns.md
+++ b/documentation/provider/msdns.md
@@ -54,7 +54,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_MSDNS = NewDnsProvider("msdns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_MSDNS),
-      A("test", "1.2.3.4")
-)
+      A("test", "1.2.3.4"),
+END)
 ```
 {% endcode %}
diff --git a/documentation/provider/mythicbeasts.md b/documentation/provider/mythicbeasts.md
index f239722ce5..bf663c705d 100644
--- a/documentation/provider/mythicbeasts.md
+++ b/documentation/provider/mythicbeasts.md
@@ -33,7 +33,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_MYTHIC = NewDnsProvider("mythicbeasts");
 
 D("example.com", REG_NONE, DnsProvider(DSP_MYTHIC),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/namecheap.md b/documentation/provider/namecheap.md
index 3e402422c1..1ea060b877 100644
--- a/documentation/provider/namecheap.md
+++ b/documentation/provider/namecheap.md
@@ -51,8 +51,8 @@ var REG_NAMECHEAP = NewRegistrar("namecheap");
 var DSP_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NAMECHEAP, DnsProvider(DSP_BIND),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -67,8 +67,8 @@ var DSP_NAMECHEAP = NewDnsProvider("namecheap");
 D("example.com", REG_NAMECHEAP, DnsProvider(DSP_NAMECHEAP),
   URL("@", "http://example.com/"),
   URL("www", "http://example.com/"),
-  URL301("backup", "http://backup.example.com/")
-)
+  URL301("backup", "http://backup.example.com/"),
+END)
 ```
 {% endcode %}
 
diff --git a/documentation/provider/namedotcom.md b/documentation/provider/namedotcom.md
index 682df23bd8..1735d748dc 100644
--- a/documentation/provider/namedotcom.md
+++ b/documentation/provider/namedotcom.md
@@ -44,8 +44,8 @@ var REG_NAMECOM = NewRegistrar("name.com");
 var DSP_NAMECOM = NewDnsProvider("name.com");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_NAMECOM),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -58,8 +58,8 @@ var REG_NAMECOM = NewRegistrar("name.com");
 var DSP_R53 = NewDnsProvider("r53");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_R53),
-    A("test","1.2.3.4")
-);
+    A("test","1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/netcup.md b/documentation/provider/netcup.md
index cfd22c0b57..2891a07bd0 100644
--- a/documentation/provider/netcup.md
+++ b/documentation/provider/netcup.md
@@ -27,8 +27,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_NETCUP = NewDnsProvider("netcup");
 
 D("example.com", REG_NONE, DnsProvider(DSP_NETCUP),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/netlify.md b/documentation/provider/netlify.md
index d9058d0a64..59bf361a98 100644
--- a/documentation/provider/netlify.md
+++ b/documentation/provider/netlify.md
@@ -30,8 +30,8 @@ var REG_NETLIFY = NewRegistrar("netlify");
 var DSP_NETLIFY = NewDnsProvider("netlify");
 
 D("example.com", REG_NETLIFY, DnsProvider(DSP_NETLIFY),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/ns1.md b/documentation/provider/ns1.md
index ec6c41416c..391aded8cf 100644
--- a/documentation/provider/ns1.md
+++ b/documentation/provider/ns1.md
@@ -28,7 +28,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_NS1 = NewDnsProvider("ns1");
 
 D("example.com", REG_NONE, DnsProvider(DSP_NS1),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/opensrs.md b/documentation/provider/opensrs.md
index e3d43eedb4..82c068da5c 100644
--- a/documentation/provider/opensrs.md
+++ b/documentation/provider/opensrs.md
@@ -13,7 +13,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_OPENSRS = NewDnsProvider("opensrs");
 
 D("example.com", REG_NONE, DnsProvider(DSP_OPENSRS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/oracle.md b/documentation/provider/oracle.md
index 25defbd473..62ea7782dd 100644
--- a/documentation/provider/oracle.md
+++ b/documentation/provider/oracle.md
@@ -38,7 +38,7 @@ var DSP_ORACLE = NewDnsProvider("oracle");
 D("example.com", REG_NONE, DnsProvider(DSP_ORACLE),
     NAMESERVER_TTL(86400),
 
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/ovh.md b/documentation/provider/ovh.md
index e2bf162e28..dc976bf652 100644
--- a/documentation/provider/ovh.md
+++ b/documentation/provider/ovh.md
@@ -42,8 +42,8 @@ var REG_OVH = NewRegistrar("ovh");
 var DSP_OVH = NewDnsProvider("ovh");
 
 D("example.com", REG_OVH, DnsProvider(DSP_OVH),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -55,8 +55,8 @@ var REG_OVH = NewRegistrar("ovh");
 var DSP_R53 = NewDnsProvider("r53");
 
 D("example.com", REG_OVH, DnsProvider(DSP_R53),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/packetframe.md b/documentation/provider/packetframe.md
index 25905ce986..8f7d8e6b96 100644
--- a/documentation/provider/packetframe.md
+++ b/documentation/provider/packetframe.md
@@ -28,7 +28,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_PACKETFRAME = NewDnsProvider("packetframe");
 
 D("example.com", REG_NONE, DnsProvider(DSP_PACKETFRAME),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/porkbun.md b/documentation/provider/porkbun.md
index 676bd942b4..976579c616 100644
--- a/documentation/provider/porkbun.md
+++ b/documentation/provider/porkbun.md
@@ -31,7 +31,7 @@ var REG_NONE = NewRegistrar("none");
 var DSP_PORKBUN = NewDnsProvider("porkbun");
 
 D("example.com", REG_NONE, DnsProvider(DSP_PORKBUN),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/powerdns.md b/documentation/provider/powerdns.md
index 87e5ae86ad..f0aafd72f7 100644
--- a/documentation/provider/powerdns.md
+++ b/documentation/provider/powerdns.md
@@ -55,8 +55,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_POWERDNS = NewDnsProvider("powerdns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_POWERDNS),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/realtimeregister.md b/documentation/provider/realtimeregister.md
index 1471faa730..cbddfb90eb 100644
--- a/documentation/provider/realtimeregister.md
+++ b/documentation/provider/realtimeregister.md
@@ -42,7 +42,7 @@ var REG_RTR = NewRegistrar("realtimeregister");
 var DSP_RTR = NewDnsProvider("realtimeregister");
 
 D("example.com", REG_RTR, DnsProvider(DSP_RTR),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/route53.md b/documentation/provider/route53.md
index 23bd5fa95c..9b071a6bf8 100644
--- a/documentation/provider/route53.md
+++ b/documentation/provider/route53.md
@@ -73,8 +73,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_R53 = NewDnsProvider("r53_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_R53),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -94,13 +94,13 @@ D("testzone.net!private", REG_NONE,
     DnsProvider(DSP_R53),
     R53_ZONE("Z111111111JCCCP1V7UW"),
     TXT("me", "private testzone.net"),
-);
+END);
 
 D("testzone.net!public", REG_NONE,
     DnsProvider(DSP_R53),
     R53_ZONE("Z222222222INNG98SHJQ2"),
     TXT("me", "public testzone.net"),
-);
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/rwth.md b/documentation/provider/rwth.md
index dc38fcddc6..1bae309e7a 100644
--- a/documentation/provider/rwth.md
+++ b/documentation/provider/rwth.md
@@ -28,8 +28,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_RWTH = NewDnsProvider("rwth");
 
 D("example.rwth-aachen.de", REG_NONE, DnsProvider(DSP_RWTH),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/softlayer.md b/documentation/provider/softlayer.md
index 337f8e9d9d..ce6643afb5 100644
--- a/documentation/provider/softlayer.md
+++ b/documentation/provider/softlayer.md
@@ -36,8 +36,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_SOFTLAYER = NewDnsProvider("softlayer");
 
 D("example.com", REG_NONE, DnsProvider(DSP_SOFTLAYER),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
@@ -53,7 +53,7 @@ var DSP_SOFTLAYER = NewDnsProvider("softlayer");
 D("example.com", REG_NONE, DnsProvider(SOFTLAYER),
     NAMESERVER_TTL(86400),
 
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
diff --git a/documentation/provider/transip.md b/documentation/provider/transip.md
index 5dbfe22b90..a7017cdf6f 100644
--- a/documentation/provider/transip.md
+++ b/documentation/provider/transip.md
@@ -51,8 +51,8 @@ var REG_NONE = NewRegistrar("none");
 var DSP_TRANSIP = NewDnsProvider("transip");
 
 D("example.com", REG_NONE, DnsProvider(DSP_TRANSIP),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/vultr.md b/documentation/provider/vultr.md
index 056f9cf3ab..8b34a8d865 100644
--- a/documentation/provider/vultr.md
+++ b/documentation/provider/vultr.md
@@ -29,8 +29,8 @@ An example configuration:
 var DSP_VULTR = NewDnsProvider("vultr");
 
 D("example.com", REG_DNSIMPLE, DnsProvider(DSP_VULTR),
-    A("test", "1.2.3.4")
-);
+    A("test", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index 49d1ec755b..af260fb039 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -121,8 +121,8 @@ var REG_NONE = NewRegistrar("none");
 var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
-    A("@", "1.2.3.4")
-);
+    A("@", "1.2.3.4"),
+END);
 ```
 {% endcode %}
 

From e3e91ccade869f0b501c85960a71a60b6862f565 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 13 May 2024 14:49:11 +0200
Subject: [PATCH 256/438] DOCS: [OVH] Several improvements (#2949)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/provider/ovh.md | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/documentation/provider/ovh.md b/documentation/provider/ovh.md
index dc976bf652..0e95ab79bc 100644
--- a/documentation/provider/ovh.md
+++ b/documentation/provider/ovh.md
@@ -63,9 +63,9 @@ END);
 ## Activation
 
 To obtain the OVH keys, one need to register an app at OVH by following the
-[OVH API Getting Started](https://docs.ovh.com/gb/en/customer/first-steps-with-ovh-api/)
+[OVH API Getting Started](https://help.ovhcloud.com/csm/en-gb-api-getting-started-ovhcloud-api?id=kb_article_view&sysparm_article=KB0042784)
 
-It consist in declaring the app at https://eu.api.ovh.com/createApp/
+It consist in declaring the app at <https://eu.api.ovh.com/createApp/>
 which gives the `app-key` and `app-secret-key`. If your domains and zones are located in another region, see below for the correct url to use.
 
 Once done, to obtain the `consumer-key` it is necessary to authorize the just created app
@@ -108,7 +108,6 @@ curl -XPOST -H"X-Ovh-Application: <you-app-key>" -H "Content-type: application/j
 
 It should return something akin to:
 
-{% code title="creds.json" %}
 ```json
 {
   "validationUrl": "https://eu.api.ovh.com/auth/?credentialToken=<long-token>",
@@ -116,7 +115,6 @@ It should return something akin to:
   "state": "pendingValidation"
 }
 ```
-{% endcode %}
 
 Open the "validationUrl" in a browser and log in with your OVH account. This will link the app with your account,
 authorizing it to access your zones and domains.
@@ -138,13 +136,13 @@ control panel manually.
 
 ## Dual providers scenario
 
-OVH now allows to host DNS zone for a domain that is not registered in their registrar (see: https://www.ovh.com/manager/web/#/zone). The following dual providers scenario are supported:
+OVH now allows to host DNS zone for a domain that is not registered in their registrar (see: <https://www.ovh.com/manager/web/#/zone>). The following dual providers scenario are supported:
 
 | registrar | zone        | working? |
 |:---------:|:-----------:|:--------:|
-|  OVH      | other       |    √     |
-|  OVH      | OVH + other |    √     |
-|  other    | OVH         |    √     |
+|  OVH      | other       |    ✅     |
+|  OVH      | OVH + other |    ✅     |
+|  other    | OVH         |    ✅     |
 
 ## Caveats
 

From 9815cbb8f312a163e4c3dcd95596c46b7a85fd01 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 13 May 2024 15:03:06 +0200
Subject: [PATCH 257/438] TRANSIP: Concurrency documented (#2948)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           | 2 +-
 providers/transip/transipProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index cf9f3fa61b..5337e8cda7 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -62,7 +62,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index 7e47a3d628..6fe306f1a2 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -33,7 +33,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),

From 4a363966995a37702f7eb202a2d95e7ad15b9e37 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Mon, 13 May 2024 21:58:01 +0200
Subject: [PATCH 258/438] NS1: add support for DNAME and DHCID record types
 (#2951)

---
 documentation/providers.md   | 2 +-
 providers/ns1/ns1Provider.go | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 5337e8cda7..aacf4a04d8 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -51,7 +51,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 96a0e208a4..bbbd43e583 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -23,8 +23,10 @@ var docNotes = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDS:               providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Can(),

From 734a55c31a798ca75c08108e6ca1f5155287ae41 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Mon, 13 May 2024 22:01:31 +0200
Subject: [PATCH 259/438] NS1: enable concurrency (#2952)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/ns1/ns1Provider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index bbbd43e583..f195fb1f4b 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -20,7 +20,7 @@ var docNotes = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDNAME:            providers.Can(),

From 6e4689dc131df9f800d816be61c45fb5ce4288d2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 13 May 2024 16:56:00 -0400
Subject: [PATCH 260/438] CHORE: Update deps (#2953)

---
 documentation/providers.md |  2 +-
 go.mod                     | 22 +++++++++----------
 go.sum                     | 44 +++++++++++++++++++-------------------
 3 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index aacf4a04d8..2a52840852 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -51,7 +51,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
+| [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
diff --git a/go.mod b/go.mod
index 3c78a8607c..ceb208cc93 100644
--- a/go.mod
+++ b/go.mod
@@ -17,15 +17,15 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.26.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.11
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.11
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4
+	github.com/aws/aws-sdk-go-v2/config v1.27.13
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.13
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
 	github.com/cloudflare/cloudflare-go v0.95.0
-	github.com/digitalocean/godo v1.114.0
+	github.com/digitalocean/godo v1.115.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -54,14 +54,14 @@ require (
 	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/net v0.25.0
 	golang.org/x/oauth2 v0.20.0
-	google.golang.org/api v0.178.0
+	google.golang.org/api v0.180.0
 	gopkg.in/ns1/ns1-go.v2 v2.10.0
 )
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
-	github.com/fatih/color v1.16.0
+	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
@@ -75,7 +75,7 @@ require (
 )
 
 require (
-	cloud.google.com/go/auth v0.3.0 // indirect
+	cloud.google.com/go/auth v0.4.1 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
@@ -88,9 +88,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index 70803f9aa0..cf66f6bb63 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs=
-cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w=
+cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg=
+cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
@@ -43,10 +43,10 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
 github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA=
-github.com/aws/aws-sdk-go-v2/config v1.27.11/go.mod h1:SMsV78RIOYdve1vf36z8LmnszlRWkwMQtomCAI0/mIE=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.11 h1:YuIB1dJNf1Re822rriUOTxopaHHvIq0l/pX3fwO+Tzs=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.11/go.mod h1:AQtFPsDH9bI2O+71anW6EKL+NcD7LG3dpKGMV4SShgo=
+github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A=
+github.com/aws/aws-sdk-go-v2/config v1.27.13/go.mod h1:XLiyiTMnguytjRER7u5RIkhIqS8Nyz41SwAWb4xEjxs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.13 h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.13/go.mod h1:FMNcjQrmuBYvOTZDtOLCIu0esmxjF7RuA/89iSXWzQI=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
@@ -59,16 +59,16 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1x
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4 h1:ZZKiHm4cN8IDDZ2kh8DTk+YnYBjVsiFdwf5FwVs//IQ=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.4/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4 h1:Qb7EiHvGJZGU43aCMahEJrP5sJjV62gGXm4y9x/syRQ=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.4/go.mod h1:8wjITSWOCR+G7DhS2WraZnZ/geFYxXLLP0KKTfZtRGQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 h1:cwIxeBttqPN3qkaAjcEcsh8NYr8n2HZPkcKgPAi1phU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.6/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5 h1:UMORr7k+LrfXHiDc/OWCOhHZJgUXs6dk9aPJ7jmKbps=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5 h1:q9G5NP6oWyhzuJDaj5+VYkVLlV2SiOa+B6QaZHMGUfk=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5/go.mod h1:8wjITSWOCR+G7DhS2WraZnZ/geFYxXLLP0KKTfZtRGQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.6/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.114.0 h1:sC6/07mDPabsrW/hdlDa7EW9V4XiiGQqkbP7cZgmq6c=
-github.com/digitalocean/godo v1.114.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
+github.com/digitalocean/godo v1.115.0 h1:Xv0gwN0t7ldD61QKeYeHHwCEKfTXzAOmnUDgGAzoZw4=
+github.com/digitalocean/godo v1.115.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -118,8 +118,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
 github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
@@ -528,8 +528,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.178.0 h1:yoW/QMI4bRVCHF+NWOTa4cL8MoWL3Jnuc7FlcFF91Ok=
-google.golang.org/api v0.178.0/go.mod h1:84/k2v8DFpDRebpGcooklv/lais3MEfqpaBLA12gl2U=
+google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4=
+google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=

From ec241eea1b1639938ba2e54e2b8ae601431224e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Gergely?= <maetveis@gmail.com>
Date: Tue, 14 May 2024 14:47:01 +0200
Subject: [PATCH 261/438] BUG: ZSH Autocomplete does not work if installed as a
 file #2955 (#2956)

---
 commands/completion-scripts/completion.zsh.gotmpl | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/commands/completion-scripts/completion.zsh.gotmpl b/commands/completion-scripts/completion.zsh.gotmpl
index 665a361ecb..1eb2191757 100644
--- a/commands/completion-scripts/completion.zsh.gotmpl
+++ b/commands/completion-scripts/completion.zsh.gotmpl
@@ -1,4 +1,4 @@
-#compdef "{{.App.Name}}"
+#compdef {{.App.Name}}
 
 _dnscontrol() {
   local -a opts
@@ -17,4 +17,12 @@ _dnscontrol() {
   fi
 }
 
-compdef "_dnscontrol" "{{.App.Name}}"
+# Run the function the first time we are auto-loaded, otherwise the very first
+# complete wouldn't work in each shell session
+# Otherwise assume we are directly sourced and register the completion
+# (This is done by the #compdef directive in the autoloaded case.)
+if [[ "${zsh_eval_context[-1]}" == "loadautofunc" ]]; then
+  _dnscontrol "$@"
+else
+  compdef "_dnscontrol" "dnscontrol"
+fi

From 494a3f7f7824484763052ec6819f6b431fcb15eb Mon Sep 17 00:00:00 2001
From: svernick <108954676+svernick@users.noreply.github.com>
Date: Tue, 14 May 2024 08:49:28 -0400
Subject: [PATCH 262/438] AKAMAIEDGEDNS: new maintainer: Ed Lynes (#2954)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 OWNERS                     | 2 +-
 documentation/providers.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/OWNERS b/OWNERS
index c82e5c7ac6..dd6b2c9eaf 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,4 +1,4 @@
-providers/akamaiedgedns @cdornin
+providers/akamaiedgedns @edglynes
 providers/autodns @arnoschoon
 providers/axfrddns @hnrgrgr
 providers/azuredns @vatsalyagoel
diff --git a/documentation/providers.md b/documentation/providers.md
index 2a52840852..864ad7083c 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -110,7 +110,7 @@ Providers in this category and their maintainers are:
 |Name|Maintainer|
 |---|---|
 |[`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md)|@matthewmgamble|
-|[`AKAMAIEDGEDNS`](provider/akamaiedgedns.md)|@cdornin|
+|[`AKAMAIEDGEDNS`](provider/akamaiedgedns.md)|@edglynes|
 |[`AXFRDDNS`](provider/axfrddns.md)|@hnrgrgr|
 |[`BUNNY_DNS`](provider/bunny_dns.md)|@ppmathis|
 |[`CLOUDFLAREAPI`](provider/cloudflareapi.md)|@tresni|

From c3152b41bf1685f9d4dfb79a60e6b671e8043990 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 16 May 2024 14:41:39 +0200
Subject: [PATCH 263/438] TRANSIP: Completed/checked the missing capabilities
 (#2957)

---
 documentation/providers.md           |  2 +-
 providers/transip/transipProvider.go | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 864ad7083c..7c60014a36 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -62,7 +62,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
-| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
 | [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 <!-- provider-matrix-end -->
 
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index 6fe306f1a2..ad9882b467 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -34,16 +34,27 @@ var features = providers.DocumentationNotes{
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Can(),
+	providers.CanUseAKAMAICDN:        providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
+	providers.CanUseAzureAlias:       providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Cannot(),
+	providers.CanUseDNAME:            providers.Cannot(),
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUseDSForChildren:    providers.Cannot(),
+	providers.CanUseHTTPS:            providers.Cannot(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Can(),
+	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUseRoute53Alias:     providers.Cannot(),
+	providers.CanUseSOA:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Cannot(),
 	providers.CanUseTLSA:             providers.Can(),
+	providers.CanUseDNSKEY:           providers.Cannot(),
 	providers.DocCreateDomains:       providers.Cannot(),
+	providers.DocDualHost:            providers.Cannot(),
 	providers.DocOfficiallySupported: providers.Cannot(),
 }
 

From c7975f9b910c2876f1f6ef9ab4d28ad2cb1e73ef Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 16 May 2024 09:15:45 -0400
Subject: [PATCH 264/438] CHORE: Upgrade AWS module (#2958)

---
 go.mod | 24 ++++++++++++------------
 go.sum | 48 ++++++++++++++++++++++++------------------------
 2 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/go.mod b/go.mod
index ceb208cc93..181e0ae96b 100644
--- a/go.mod
+++ b/go.mod
@@ -16,11 +16,11 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.26.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.13
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.13
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5
+	github.com/aws/aws-sdk-go-v2 v1.26.2
+	github.com/aws/aws-sdk-go-v2/config v1.27.14
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.14
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
@@ -82,15 +82,15 @@ require (
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
diff --git a/go.sum b/go.sum
index cf66f6bb63..d99efd7bb9 100644
--- a/go.sum
+++ b/go.sum
@@ -41,34 +41,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
-github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A=
-github.com/aws/aws-sdk-go-v2/config v1.27.13/go.mod h1:XLiyiTMnguytjRER7u5RIkhIqS8Nyz41SwAWb4xEjxs=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.13 h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.13/go.mod h1:FMNcjQrmuBYvOTZDtOLCIu0esmxjF7RuA/89iSXWzQI=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
+github.com/aws/aws-sdk-go-v2 v1.26.2 h1:OTRAL8EPdNoOdiq5SUhCaHhVPBU2wxAUe5uwasoJGRM=
+github.com/aws/aws-sdk-go-v2 v1.26.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.14 h1:QOg8Ud53rrmdjBHX080AaYUBhG2ER28kP/yjE7afF/0=
+github.com/aws/aws-sdk-go-v2/config v1.27.14/go.mod h1:CLgU27opbIwnjwH++zQPvF4qsEIqviKL6l8b1AtRImc=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.14 h1:0y1IAEldTO2ZA3Lcq7u7y4Q2tUQlB3At2LZQijUHu3U=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.14/go.mod h1:En2zXCfDZJgtbp2UnzHDgKMz+mSRc4pA3Ka+jxoJvaA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 h1:HTAQSEibYaSioHzjOQssUJnE8itwVP9SzmdR6lqC38g=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2/go.mod h1:NjUtmUEIimOc5tPw//xqKNK/spUqCTSbxjwzCrnsj8U=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 h1:yrfbQyxO73opeqep8FohU4LJx56iiQuvf4/XPgFB4To=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6/go.mod h1:bFtlRACYBPG2AUYst0ky5TPtgeYqWCksozVTGsZ1zq0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 h1:DXsuqiAp1mGkelZCUSex8DsRtkeK4mW3oreyjNSegoo=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6/go.mod h1:cLtGzsyh+Wz2j1w9Qyfn5DA9i25RfbYjwfJBZqCiP9Y=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5 h1:UMORr7k+LrfXHiDc/OWCOhHZJgUXs6dk9aPJ7jmKbps=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.5/go.mod h1:RTfjFUctf+Zyq8e4rgLXmz43+0kIoIXbENvrFtilumI=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5 h1:q9G5NP6oWyhzuJDaj5+VYkVLlV2SiOa+B6QaZHMGUfk=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.5/go.mod h1:8wjITSWOCR+G7DhS2WraZnZ/geFYxXLLP0KKTfZtRGQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.6/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 h1:gwdGHxiV5f6Of48JJIZVD7sx45kT1l9kYdoUH5oQTZM=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8/go.mod h1:C9Glc6N50uIJqPPeL6N3spW/wzGyeQsQmecnKS7DTR4=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6 h1:UOVmwY0g2koBBRvE3Gb9kjoONfKn4qTKixOO0Zbj9Bw=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6/go.mod h1:QbJlBF4xguHzc4cFK8YoKfIZdTLxUpBCAnc3FafZj5U=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6 h1:UQa4wVLs70GuRhE7/Aq0xun7eGGypU5QuxSp7+ZBGOw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6/go.mod h1:5R+bNIlo4nnxlawoOAR8QTjLdzSPpNNUEKWDdBrYtT0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 h1:sdPpNCoUijc0ntu024ZdjrXh3mB9rud5SjmE7djIfK4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.7/go.mod h1:8RMeDMFTkkDQ5LvaaAykdkNVVR0eQxGWm8CD6uBvd1M=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 h1:/vljM1ZswUEIRHWVxEqDhLzOSGmDcstW2zeTt23Ipf0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1/go.mod h1:XhJksmKh1RYjMbWHf3ZwQF0UYJjlqrm45NVvDe54SOU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 h1:FCYhQETaff4Skb2Hz9WoUqJAesr4MIQ9+TQ9ypjz7Ic=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.8/go.mod h1:s+7oFIwiOegfrF00xNowWwLAtRiA9xhvm1UpZdJ0aus=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=

From df1354bef62d6d22b072d84735eb3b4ac2963c37 Mon Sep 17 00:00:00 2001
From: Phil Pennock <philpennock@users.noreply.github.com>
Date: Thu, 16 May 2024 17:08:57 -0400
Subject: [PATCH 265/438] DNSIMPLE: enable Null MX records (#2960)

---
 providers/dnsimple/auditrecords.go     | 2 --
 providers/dnsimple/dnsimpleProvider.go | 4 +++-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/dnsimple/auditrecords.go b/providers/dnsimple/auditrecords.go
index 1812c0ae5e..93e48d5d98 100644
--- a/providers/dnsimple/auditrecords.go
+++ b/providers/dnsimple/auditrecords.go
@@ -11,8 +11,6 @@ import (
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
 
-	a.Add("MX", rejectif.MxNull) // Last verified 2023-03
-
 	a.Add("TXT", rejectif.TxtLongerThan(1000)) // Last verified 2023-12
 
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2023-03
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index 50d669e1df..cf1acf3189 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -95,7 +95,9 @@ func (c *dnsimpleProvider) GetZoneRecords(domain string, meta map[string]string)
 			r.Name = "@"
 		}
 
-		if r.Type == "CNAME" || r.Type == "MX" || r.Type == "ALIAS" || r.Type == "NS" {
+		if r.Type == "CNAME" || r.Type == "ALIAS" || r.Type == "NS" {
+			r.Content += "."
+		} else if r.Type == "MX" && r.Content != "." {
 			r.Content += "."
 		}
 

From 4083641cb87b6e1819a69f73023532f9dc506dcd Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 21 May 2024 20:51:47 +0200
Subject: [PATCH 266/438] DOCS: Fixed 404 URL's on GitHub page (#2969)

---
 docs/index.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/index.md b/docs/index.md
index a0fa9773f7..2a5d859fdc 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -137,10 +137,10 @@ title: DNSControl
                     <a href="https://docs.dnscontrol.org/developer-info/alias">Aliases</a>: ALIAS/ANAME records
                 </li>
                 <li>
-                    <a href="https://docs.dnscontrol.org/language-reference/record-modifiers/spf_builder">SPF Optimizer</a>: Optimize your SPF records
+                    <a href="https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder">SPF Optimizer</a>: Optimize your SPF records
                 </li>
                 <li>
-                    <a href="https://docs.dnscontrol.org/language-reference/record-modifiers/caa_builder">CAA Builder</a>: Build CAA records the easy way
+                    <a href="https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder">CAA Builder</a>: Build CAA records the easy way
                 </li>
             </ul>
         </div>

From 5e68998aca0ceb81e523a8573fa12d347e2746fb Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 21 May 2024 20:52:18 +0200
Subject: [PATCH 267/438] DOCS: Removed the double Markdown header syntax.
 (#2968)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/examples.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/documentation/examples.md b/documentation/examples.md
index 385d54c678..8e5847fa2a 100644
--- a/documentation/examples.md
+++ b/documentation/examples.md
@@ -1,4 +1,4 @@
-## Typical DNS Records ##
+## Typical DNS Records
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -18,7 +18,7 @@ END);
 {% endcode %}
 
 
-## Set TTLs ##
+## Set TTLs
 {% code title="dnsconfig.js" %}
 ```javascript
 var mailTTL = TTL("1h");
@@ -36,7 +36,7 @@ END);
 ```
 {% endcode %}
 
-## Variables for common IP Addresses ##
+## Variables for common IP Addresses
 {% code title="dnsconfig.js" %}
 ```javascript
 var addrA = IP("1.2.3.4")
@@ -59,7 +59,7 @@ var addrAAAA = "0:0:0:0:0:0:0:0";
 ```
 {% endcode %}
 
-## Variables to swap active Data Center ##
+## Variables to swap active Data Center
 {% code title="dnsconfig.js" %}
 ```javascript
 var DSP_R53 = NewDnsProvider("route53_user1");
@@ -76,7 +76,7 @@ END);
 ```
 {% endcode %}
 
-## Macro for repeated records ##
+## Macro for repeated records
 {% code title="dnsconfig.js" %}
 ```javascript
 var GOOGLE_APPS_MX_RECORDS = [
@@ -104,7 +104,7 @@ END);
 ```
 {% endcode %}
 
-## Use SPF_BUILDER to add comments to SPF records ##
+## Use SPF_BUILDER to add comments to SPF records
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
@@ -127,7 +127,7 @@ END);
 ```
 {% endcode %}
 
-## Set default records modifiers ##
+## Set default records modifiers
 {% code title="dnsconfig.js" %}
 ```javascript
 DEFAULTS(
@@ -140,7 +140,7 @@ END);
 
 # Advanced Examples #
 
-## Dual DNS Providers ##
+## Dual DNS Providers
 {% code title="dnsconfig.js" %}
 ```javascript
 
@@ -165,7 +165,7 @@ END);
 ```
 {% endcode %}
 
-## Automate Fastmail DKIM records ##
+## Automate Fastmail DKIM records
 
 In this example we need a macro that can dynamically change for each domain.
 

From 91bf56c616ca13a38225e2f14fba2d7dfe2f1995 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 21 May 2024 21:00:20 +0200
Subject: [PATCH 268/438] DOCS: [get-zones] Removed old reference to
 `convertzone` (#2971)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/get-zones.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/get-zones.md b/documentation/get-zones.md
index 45fc3f74cf..da0ee5ce21 100644
--- a/documentation/get-zones.md
+++ b/documentation/get-zones.md
@@ -1,4 +1,4 @@
-# get-zones (was "convertzone")
+# get-zones
 
 DNSControl has a stand-alone utility that will contact a provider,
 download the records of one or more zones, and output them to a file

From 2b70f240681bec6833bdb564aa9d0f532239d2f8 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 21 May 2024 21:00:55 +0200
Subject: [PATCH 269/438] DOCS: [REVCOMPAT] Fixed broken URL's (#2970)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/opinions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/opinions.md b/documentation/opinions.md
index 2ee44a9abf..6c3aa825d4 100644
--- a/documentation/opinions.md
+++ b/documentation/opinions.md
@@ -198,7 +198,7 @@ universally.
 Originally DNSControl implemented RFC 2317.
 
 In v5.0 we will adopt RFC 4183 as the default.  A new function,
-[REVCOMPAT()](functions/global/REVCOMPAT.md), will be provided to enable backwards compatibility.
+[REVCOMPAT()](language-reference/top-level-functions/REVCOMPAT.md), will be provided to enable backwards compatibility.
 v4.x users can use the function to adopt the new behavior early.
 
-See [REVCOMPAT()](functions/global/REVCOMPAT.md) for details.
+See [REVCOMPAT()](language-reference/top-level-functions/REVCOMPAT.md) for details.

From 107b585d79c7c288c70310b56337b2e37d70ac33 Mon Sep 17 00:00:00 2001
From: Asif Nawaz <107853964+AsifNawaz-cnic@users.noreply.github.com>
Date: Wed, 22 May 2024 16:41:07 +0100
Subject: [PATCH 270/438] HEXONET: Adopt version 4.0.0 of the
 rtldev-middleware-go-sdk (#2974)

---
 go.mod                               | 2 +-
 go.sum                               | 4 ++--
 providers/hexonet/error.go           | 2 +-
 providers/hexonet/hexonetProvider.go | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index 181e0ae96b..f449641e81 100644
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3
 	github.com/cloudflare/cloudflare-go v0.95.0
 	github.com/digitalocean/godo v1.115.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
diff --git a/go.sum b/go.sum
index d99efd7bb9..e09b8e5db6 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6 h1:NwzyMBDEihBaPYlsguXbiraAofgFL0dIokr7haRptng=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3 v3.5.6/go.mod h1:AuVFPx7rRMTT6MstyP2eWwinthewLFWv+zbaoQ3A+fY=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3 h1:R6bNU7iZz+aPTrZM1zcpJnWOtfTJUgykyWz5hBs/isk=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3/go.mod h1:LgG44oKLMQN53wrIotY6mM1mjA9VOhGQd//lzAIF46A=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
diff --git a/providers/hexonet/error.go b/providers/hexonet/error.go
index 3c78841fe5..4ddd502802 100644
--- a/providers/hexonet/error.go
+++ b/providers/hexonet/error.go
@@ -3,7 +3,7 @@ package hexonet
 import (
 	"fmt"
 
-	"github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3/response"
+	"github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4/response"
 )
 
 // GetHXApiError returns an error including API error code and error description.
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index 5efc33c61b..98f3742bff 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 
 	"github.com/StackExchange/dnscontrol/v4/providers"
-	hxcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v3/apiclient"
+	hxcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4/apiclient"
 )
 
 // GoReleaser: version

From f0d131986d05b23b462ba49bd26143c02168b230 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 22 May 2024 17:47:20 +0200
Subject: [PATCH 271/438] DOCS: Several improvements and cleanups (#2972)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts                            | 4 ++--
 documentation/code-tricks.md                              | 8 ++++----
 .../language-reference/domain-modifiers/LOC_BUILDER_DD.md | 1 -
 .../domain-modifiers/LOC_BUILDER_DMM_STR.md               | 1 -
 .../domain-modifiers/LOC_BUILDER_DMS_STR.md               | 1 -
 .../domain-modifiers/LOC_BUILDER_STR.md                   | 1 -
 .../language-reference/domain-modifiers/NAMESERVER.md     | 2 +-
 .../language-reference/domain-modifiers/NO_PURGE.md       | 2 +-
 documentation/why-the-dot.md                              | 2 +-
 integrationTest/integration_test.go                       | 2 +-
 providers/capabilities.go                                 | 2 +-
 11 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index dae2b7fa9d..c868413a93 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1828,7 +1828,7 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  * If dnsconfig.js has zero `NAMESERVER()` commands for a domain, it will
  * use the API to remove all non-default nameservers.
  *
- * If dnsconfig.js has 1 or more `NAMESERVER()` commands for a domain, it
+ * If `dnsconfig.js` has 1 or more `NAMESERVER()` commands for a domain, it
  * will use the API to add those nameservers (unless, of course,
  * they already exist).
  *
@@ -2103,7 +2103,7 @@ declare function NAPTR(subdomain: string, order: number, preference: number, ter
  *
  * The main caveat of `NO_PURGE` is that intentionally deleting records becomes
  * more difficult. Suppose a `NO_PURGE` zone has an record such as A("ken",
- * "1.2.3.4"). Removing the record from dnsconfig.js will not delete "ken" from
+ * "1.2.3.4"). Removing the record from `dnsconfig.js` will not delete "ken" from
  * the domain. DNSControl has no way of knowing the record was deleted from the
  * file  The DNS record must be removed manually.  Users of `NO_PURGE` are prone
  * to finding themselves with an accumulation of orphaned DNS records. That's easy
diff --git a/documentation/code-tricks.md b/documentation/code-tricks.md
index 6700866fb6..8bb18fb671 100644
--- a/documentation/code-tricks.md
+++ b/documentation/code-tricks.md
@@ -4,10 +4,10 @@ Problem: It is difficult to get CAA and other records exactly right.
 
 Solution: Use a "builder" to construct it for you.
 
-* [CAA Builder](language-reference/domain-modifiers/CAA_BUILDER.md)
-* [DMARC Builder](language-reference/domain-modifiers/DMARC_BUILDER.md)
+* [CAA_BUILDER](language-reference/domain-modifiers/CAA_BUILDER.md)
+* [DMARC_BUILDER](language-reference/domain-modifiers/DMARC_BUILDER.md)
 * [M365_BUILDER](language-reference/domain-modifiers/M365_BUILDER.md)
-* [SPF Optimizer](language-reference/domain-modifiers/SPF_BUILDER.md)
+* [SPF_BUILDER](language-reference/domain-modifiers/SPF_BUILDER.md)
 
 # Trailing commas
 
@@ -127,7 +127,7 @@ records.
 
 Solution 1: Use a macro.
 
-```
+```javascript
 function PARKED_R53(name) {
     D(name, REG_NAMECOM, DnsProvider(DSP_MY_PROVIDER),
        A("@", "10.2.3.4"),
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
index 633c67b295..18be0315b2 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
@@ -65,7 +65,6 @@ END);
 ```
 {% endcode %}
 
-
 Part of the series:
  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
index 9dc3f044e3..07a80577af 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
@@ -45,7 +45,6 @@ END);
 ```
 {% endcode %}
 
-
 Part of the series:
  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
index 4960d7eb9d..af9b16f352 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
@@ -46,7 +46,6 @@ END);
 ```
 {% endcode %}
 
-
 Part of the series:
  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
index 2235249e72..5db404ed5b 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
@@ -52,7 +52,6 @@ END);
 ```
 {% endcode %}
 
-
 Part of the series:
  * [`LOC()`](LOC.md) - build a `LOC` by supplying all 12 parameters
  * [`LOC_BUILDER_DD({})`](LOC_BUILDER_DD.md) - accepts cartesian x, y
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER.md b/documentation/language-reference/domain-modifiers/NAMESERVER.md
index a132966e1f..24c4ee824f 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER.md
@@ -71,7 +71,7 @@ manually.
 If dnsconfig.js has zero `NAMESERVER()` commands for a domain, it will
 use the API to remove all non-default nameservers.
 
-If dnsconfig.js has 1 or more `NAMESERVER()` commands for a domain, it
+If `dnsconfig.js` has 1 or more `NAMESERVER()` commands for a domain, it
 will use the API to add those nameservers (unless, of course,
 they already exist).
 
diff --git a/documentation/language-reference/domain-modifiers/NO_PURGE.md b/documentation/language-reference/domain-modifiers/NO_PURGE.md
index f60e13ff24..229cda3b90 100644
--- a/documentation/language-reference/domain-modifiers/NO_PURGE.md
+++ b/documentation/language-reference/domain-modifiers/NO_PURGE.md
@@ -35,7 +35,7 @@ END);
 
 The main caveat of `NO_PURGE` is that intentionally deleting records becomes
 more difficult. Suppose a `NO_PURGE` zone has an record such as A("ken",
-"1.2.3.4"). Removing the record from dnsconfig.js will not delete "ken" from
+"1.2.3.4"). Removing the record from `dnsconfig.js` will not delete "ken" from
 the domain. DNSControl has no way of knowing the record was deleted from the
 file  The DNS record must be removed manually.  Users of `NO_PURGE` are prone
 to finding themselves with an accumulation of orphaned DNS records. That's easy
diff --git a/documentation/why-the-dot.md b/documentation/why-the-dot.md
index 8354592154..11edef984f 100644
--- a/documentation/why-the-dot.md
+++ b/documentation/why-the-dot.md
@@ -46,7 +46,7 @@ How are they ambiguous?
 
   * Should $DOMAIN be added to "bar.com"?  Well, obviously not, because it already ends with ".com" and we all know that "bar.com.bar.com" is probably not what they want. No, it isn't that obvious!  Why?  (see the next bullet point)
   * Should $DOMAIN be added to "meta.xyz"?  Everyone knows that ".xyz" isn't a TLD. Obviously, yes, $DOMAIN should be appended. However, wait...  ".xyz" became a TLD in June 2014.  We don't want to be surprised by changes like that.  Also, users should not be required to memorize all the TLDs. (In the old days it was reasonable to expect people to memorize the 7 TLDS (gov/edu/com/mil/org/net) but since 2000 that's all changed. By the way, we forgot to include "int" in the original and you didn't notice.)
-  * What is the CNAME target is "www.bar.com" and the domain is "bar.com".  Then It is reasonable to infer the user's intent, right?  "www.bar.com.bar.com." would be silly, right?  Maybe. What if we are copying 100 lines of dnsconfig.js from one `D()` to another. Buried in the middle is this one CNAME that means something entirely different when in a new $DOMAIN. That would be bad.  We've seen this in production and want to prevent this kind of error.
+  * What if the CNAME target is "www.bar.com" and the domain is "bar.com"?  Then It is reasonable to infer the user's intent, right?  `www.bar.com.bar.com.` would be silly, right?  Maybe. What if we are copying 100 lines of `dnsconfig.js` from one `D()` to another. Buried in the middle is this one CNAME that means something entirely different when in a new $DOMAIN. That would be bad.  We've seen this in production and want to prevent this kind of error.
 
 Yes, we could layer rule upon rule upon rule.  Eventually we'd get
 all the rules right.  However, now a user would have to know all the
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 28c7dce3af..f410664804 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -812,7 +812,7 @@ func makeTests() []*TestGroup {
 
 	// clear() is the same as tc("Empty").  It removes all records.
 	// Each testgroup() begins with clear() automagically. You do not
-	// have to include the clear() in teach testgroup().
+	// have to include the clear() in each testgroup().
 
 	tests := []*TestGroup{
 
diff --git a/providers/capabilities.go b/providers/capabilities.go
index 853c1271ce..72f4519858 100644
--- a/providers/capabilities.go
+++ b/providers/capabilities.go
@@ -90,7 +90,7 @@ const (
 	// DocCreateDomains means provider can add domains with the `dnscontrol create-domains` command
 	DocCreateDomains
 
-	// DocDualHost means provider allows full management of apex NS records, so we can safely dual-host with anothe provider
+	// DocDualHost means provider allows full management of apex NS records, so we can safely dual-host with another provider
 	DocDualHost
 
 	// DocOfficiallySupported means it is actively used and maintained by stack exchange

From 0a784a3803a9f848975f1720b5e96374079d90b6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 22 May 2024 16:04:41 -0400
Subject: [PATCH 272/438] CHORE: Clean up comments in models/domain.go (#2975)

---
 models/domain.go | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/models/domain.go b/models/domain.go
index e81ef9051a..565bd5067a 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -46,10 +46,9 @@ type DomainConfig struct {
 	DNSProviderInstances []*DNSProviderInstance `json:"-"`
 
 	// Pending work to do for each provider.  Provider may be a registrar or DSP.
-	// pendingCorrectionsMutex sync.Mutex
+	pendingCorrectionsMutex sync.Mutex                 // Protect pendingCorrections*
 	pendingCorrections      map[string]([]*Correction) // Work to be done for each provider
 	pendingCorrectionsOrder []string                   // Call the providers in this order
-	pendingCorrectionsMutex sync.Mutex                 // Protect pendingCorrections*
 }
 
 // GetSplitHorizonNames returns the domain's name, uniquename, and tag.
@@ -92,17 +91,6 @@ func (dc *DomainConfig) Copy() (*DomainConfig, error) {
 	newDc := &DomainConfig{}
 	err := reprint.FromTo(dc, newDc) // Deep copy
 	return newDc, err
-
-	// NB(tlim): The old version of this copied the structure by gob-encoding
-	// and decoding it. gob doesn't like the dc.RegisterInstance or
-	// dc.DNSProviderInstances fields, so we saved a temporary copy of those,
-	// nil'ed out the original, did the gob copy, and then manually copied those
-	// fields using the temp variables we saved. It looked like:
-	//reg, dnsps := dc.RegistrarInstance, dc.DNSProviderInstances
-	//dc.RegistrarInstance, dc.DNSProviderInstances = nil, nil
-	// (perform the copy)
-	//dc.RegistrarInstance, dc.DNSProviderInstances = reg, dnsps
-	//newDc.RegistrarInstance, newDc.DNSProviderInstances = reg, dnsps
 }
 
 // Filter removes all records that don't match the filter f.
@@ -168,7 +156,6 @@ func (dc *DomainConfig) StoreCorrections(providerName string, corrections []*Cor
 		// Add to existing.
 		dc.pendingCorrections[providerName] = append(c, corrections...)
 		dc.pendingCorrectionsOrder = append(dc.pendingCorrectionsOrder, providerName)
-
 	}
 }
 

From b786b0efe492534983f82453d3948bf641fa8d20 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 28 May 2024 14:06:49 -0400
Subject: [PATCH 273/438] GCLOUD: Fix missing length in make() (#2982)

---
 providers/gcloud/gcloudProvider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 1ffafd2003..2aeb420371 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -475,7 +475,7 @@ func (g *gcloudProvider) EnsureZoneExists(domain string) error {
 		mz.Name = strings.Replace(mz.Name, "zone-", "zone-"+g.Visibility+"-", 1)
 	}
 	if g.Networks != nil {
-		mzn := make([]*gdns.ManagedZonePrivateVisibilityConfigNetwork, len(g.Networks))
+		mzn := make([]*gdns.ManagedZonePrivateVisibilityConfigNetwork, 0, len(g.Networks))
 		printer.Printf("for network(s) ")
 		for _, v := range g.Networks {
 			printer.Printf("%s ", v)

From 1f4c4c65f50bb99d0c57ff95384f502551bf07c0 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 29 May 2024 22:36:26 +0200
Subject: [PATCH 274/438] FEATURE: Add TTL() support to CAA_BUILDER() (#2978)

---
 commands/types/dnscontrol.d.ts                  |  3 ++-
 .../domain-modifiers/CAA_BUILDER.md             |  3 +++
 pkg/js/helpers.js                               | 17 +++++++++++++----
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index c868413a93..79f8b921e9 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -456,10 +456,11 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * * `issue_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
  * * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
  * * `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+ * * `ttl:` Input for `TTL` method (optional)
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/caa_builder
  */
-declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issue_critical?: boolean; issuewild: string[]; issuewild_critical?: boolean }): DomainModifier;
+declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issue_critical?: boolean; issuewild: string[]; issuewild_critical?: boolean; ttl?: Duration }): DomainModifier;
 
 /**
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
diff --git a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
index dd1c9274d6..3d3c0662bd 100644
--- a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
@@ -8,6 +8,7 @@ parameters:
   - issue_critical
   - issuewild
   - issuewild_critical
+  - ttl
 parameters_object: true
 parameter_types:
   label: string?
@@ -17,6 +18,7 @@ parameter_types:
   issue_critical: boolean?
   issuewild: string[]
   issuewild_critical: boolean?
+  ttl: Duration?
 ---
 
 DNSControl contains a `CAA_BUILDER` which can be used to simply create
@@ -114,3 +116,4 @@ which in turns yield the following records:
 * `issue_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
 * `issuewild:` An array of CAs which are allowed to issue wildcard certificates. (Can be simply `"none"` to refuse issuing wildcard certificates for all CAs)
 * `issuewild_critical:` This can be `true` or `false`. If enabled and CA does not support this record, then certificate issue will be refused. (Optional. Default: `false`)
+* `ttl:` Input for `TTL` method (optional)
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 1ecb348ef6..6697020664 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1503,6 +1503,7 @@ function SPF_BUILDER(value) {
 // iodef_critical: Boolean if sending report is required/critical. If not supported, certificate should be refused. (optional)
 // issue: List of CAs which are allowed to issue certificates for the domain (creates one record for each).
 // issuewild: Allowed CAs which can issue wildcard certificates for this domain. (creates one record for each)
+// ttl: The time for TTL, integer or string. (default: not defined, using DefaultTTL)
 
 function CAA_BUILDER(value) {
     if (!value.label) {
@@ -1522,13 +1523,19 @@ function CAA_BUILDER(value) {
         throw 'CAA_BUILDER requires at least one entry at issue or issuewild';
     }
 
+    var CAA_TTL = function () {};
+    if (value.ttl) {
+        CAA_TTL = TTL(value.ttl);
+    }
     r = []; // The list of records to return.
 
     if (value.iodef) {
         if (value.iodef_critical) {
-            r.push(CAA(value.label, 'iodef', value.iodef, CAA_CRITICAL));
+            r.push(
+                CAA(value.label, 'iodef', value.iodef, CAA_CRITICAL, CAA_TTL)
+            );
         } else {
-            r.push(CAA(value.label, 'iodef', value.iodef));
+            r.push(CAA(value.label, 'iodef', value.iodef, CAA_TTL));
         }
     }
 
@@ -1538,7 +1545,7 @@ function CAA_BUILDER(value) {
             flag = CAA_CRITICAL;
         }
         for (var i = 0, len = value.issue.length; i < len; i++)
-            r.push(CAA(value.label, 'issue', value.issue[i], flag));
+            r.push(CAA(value.label, 'issue', value.issue[i], flag, CAA_TTL));
     }
 
     if (value.issuewild) {
@@ -1547,7 +1554,9 @@ function CAA_BUILDER(value) {
             flag = CAA_CRITICAL;
         }
         for (var i = 0, len = value.issuewild.length; i < len; i++)
-            r.push(CAA(value.label, 'issuewild', value.issuewild[i], flag));
+            r.push(
+                CAA(value.label, 'issuewild', value.issuewild[i], flag, CAA_TTL)
+            );
     }
 
     return r;

From b3787ab8f758dd77be39568ed70485f885f33969 Mon Sep 17 00:00:00 2001
From: nemunaire <nemunaire@nemunai.re>
Date: Wed, 29 May 2024 20:37:18 +0000
Subject: [PATCH 275/438] AXFRDDNS: Canonicalize key name as per RFC 2845 3.4.2
 (#2966)

---
 providers/axfrddns/axfrddnsProvider.go | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 41a90915a5..5408e24fdf 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -216,10 +216,7 @@ func readKey(raw string, kind string) (*Key, error) {
 	if err != nil {
 		return nil, fmt.Errorf("cannot decode Base64 secret (%s) in AXFRDDNS.TSIG", kind)
 	}
-	id := arr[1]
-	if !strings.HasSuffix(id, ".") {
-		id += "."
-	}
+	id := dns.CanonicalName(arr[1])
 	return &Key{algo: algo, id: id, secret: arr[2]}, nil
 }
 

From 9dcd8c793ad564101bd541545034faccd62818f5 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 3 Jun 2024 20:31:47 +0200
Subject: [PATCH 276/438] DOCS: AUTODNSSEC_* improvements (#2984)

---
 commands/types/dnscontrol.d.ts                         | 10 +++++-----
 .../domain-modifiers/AUTODNSSEC_OFF.md                 |  4 ++--
 .../domain-modifiers/AUTODNSSEC_ON.md                  |  6 +++---
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 79f8b921e9..ab1fc41e72 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -247,24 +247,24 @@ declare function AKAMAICDN(name: string, target: string, ...modifiers: RecordMod
 declare function ALIAS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
- * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC. It takes no
+ * `AUTODNSSEC_OFF` tells the provider to disable AutoDNSSEC. It takes no
  * parameters.
  *
- * See `AUTODNSSEC_ON` for further details.
+ * See [`AUTODNSSEC_ON`](AUTODNSSEC_ON.md) for further details.
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/autodnssec_off
  */
 declare const AUTODNSSEC_OFF: DomainModifier;
 
 /**
- * AUTODNSSEC_ON tells the provider to enable AutoDNSSEC.
+ * `AUTODNSSEC_ON` tells the provider to **enable** AutoDNSSEC.
  *
- * AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC.
+ * [`AUTODNSSEC_OFF`](AUTODNSSEC_OFF.md) tells the provider to **disable** AutoDNSSEC.
  *
  * AutoDNSSEC is a feature where a DNS provider can automatically manage
  * DNSSEC for a domain. Not all providers support this.
  *
- * At this time, AUTODNSSEC_ON takes no parameters.  There is no ability
+ * At this time, `AUTODNSSEC_ON` takes no parameters.  There is no ability
  * to tune what the DNS provider sets, no algorithm choice.  We simply
  * ask that they follow their defaults when enabling a no-fuss DNSSEC
  * data model.
diff --git a/documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md
index c2e91fe5cc..1c46770425 100644
--- a/documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md
+++ b/documentation/language-reference/domain-modifiers/AUTODNSSEC_OFF.md
@@ -2,7 +2,7 @@
 name: AUTODNSSEC_OFF
 ---
 
-AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC. It takes no
+`AUTODNSSEC_OFF` tells the provider to disable AutoDNSSEC. It takes no
 parameters.
 
-See `AUTODNSSEC_ON` for further details.
+See [`AUTODNSSEC_ON`](AUTODNSSEC_ON.md) for further details.
diff --git a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
index 7a848193ff..907954e288 100644
--- a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
+++ b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
@@ -2,14 +2,14 @@
 name: AUTODNSSEC_ON
 ---
 
-AUTODNSSEC_ON tells the provider to enable AutoDNSSEC.
+`AUTODNSSEC_ON` tells the provider to **enable** AutoDNSSEC.
 
-AUTODNSSEC_OFF tells the provider to disable AutoDNSSEC.
+[`AUTODNSSEC_OFF`](AUTODNSSEC_OFF.md) tells the provider to **disable** AutoDNSSEC.
 
 AutoDNSSEC is a feature where a DNS provider can automatically manage
 DNSSEC for a domain. Not all providers support this.
 
-At this time, AUTODNSSEC_ON takes no parameters.  There is no ability
+At this time, `AUTODNSSEC_ON` takes no parameters.  There is no ability
 to tune what the DNS provider sets, no algorithm choice.  We simply
 ask that they follow their defaults when enabling a no-fuss DNSSEC
 data model.

From f029c9bc017948fed2ec8d07a9fe8a905b40d8f9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 4 Jun 2024 13:58:47 -0400
Subject: [PATCH 277/438] CHORE: update deps (#2991)

---
 go.mod |  49 +++++++++++++-------------
 go.sum | 106 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 77 insertions(+), 78 deletions(-)

diff --git a/go.mod b/go.mod
index f449641e81..8f9fc8c5ff 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.26.2
-	github.com/aws/aws-sdk-go-v2/config v1.27.14
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.14
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6
+	github.com/aws/aws-sdk-go-v2 v1.27.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.17
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.17
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3
-	github.com/cloudflare/cloudflare-go v0.95.0
-	github.com/digitalocean/godo v1.115.0
+	github.com/cloudflare/cloudflare-go v0.96.0
+	github.com/digitalocean/godo v1.116.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -33,7 +33,7 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.13.0
+	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.59
 	github.com/mittwald/go-powerdns v0.6.2
@@ -53,8 +53,8 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.23.0 // indirect
 	golang.org/x/net v0.25.0
-	golang.org/x/oauth2 v0.20.0
-	google.golang.org/api v0.180.0
+	golang.org/x/oauth2 v0.21.0
+	google.golang.org/api v0.182.0
 	gopkg.in/ns1/ns1-go.v2 v2.10.0
 )
 
@@ -69,28 +69,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
-	golang.org/x/text v0.15.0
+	golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc
+	golang.org/x/text v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.4.1 // indirect
+	cloud.google.com/go/auth v0.4.2 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.11 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -118,7 +118,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.6 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
@@ -152,9 +152,10 @@ require (
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect
-	google.golang.org/grpc v1.63.2 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
+	google.golang.org/grpc v1.64.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index e09b8e5db6..ecd2f81814 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg=
-cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro=
+cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg=
+cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
@@ -41,34 +41,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.26.2 h1:OTRAL8EPdNoOdiq5SUhCaHhVPBU2wxAUe5uwasoJGRM=
-github.com/aws/aws-sdk-go-v2 v1.26.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.14 h1:QOg8Ud53rrmdjBHX080AaYUBhG2ER28kP/yjE7afF/0=
-github.com/aws/aws-sdk-go-v2/config v1.27.14/go.mod h1:CLgU27opbIwnjwH++zQPvF4qsEIqviKL6l8b1AtRImc=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.14 h1:0y1IAEldTO2ZA3Lcq7u7y4Q2tUQlB3At2LZQijUHu3U=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.14/go.mod h1:En2zXCfDZJgtbp2UnzHDgKMz+mSRc4pA3Ka+jxoJvaA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2 h1:HTAQSEibYaSioHzjOQssUJnE8itwVP9SzmdR6lqC38g=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.2/go.mod h1:NjUtmUEIimOc5tPw//xqKNK/spUqCTSbxjwzCrnsj8U=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 h1:yrfbQyxO73opeqep8FohU4LJx56iiQuvf4/XPgFB4To=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6/go.mod h1:bFtlRACYBPG2AUYst0ky5TPtgeYqWCksozVTGsZ1zq0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 h1:DXsuqiAp1mGkelZCUSex8DsRtkeK4mW3oreyjNSegoo=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6/go.mod h1:cLtGzsyh+Wz2j1w9Qyfn5DA9i25RfbYjwfJBZqCiP9Y=
+github.com/aws/aws-sdk-go-v2 v1.27.1 h1:xypCL2owhog46iFxBKKpBcw+bPTX/RJzwNj8uSilENw=
+github.com/aws/aws-sdk-go-v2 v1.27.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.17 h1:L0JZN7Gh7pT6u5CJReKsLhGKparqNKui+mcpxMXjDZc=
+github.com/aws/aws-sdk-go-v2/config v1.27.17/go.mod h1:MzM3balLZeaafYcPz8IihAmam/aCz6niPQI0FdprxW0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.17 h1:b3Dk9uxQByS9sc6r0sc2jmxsJKO75eOcb9nNEiaUBLM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.17/go.mod h1:e4khg9iY08LnFK/HXQDWMf9GDaiMari7jWPnXvKAuBU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4 h1:0cSfTYYL9qiRcdi4Dvz+8s3JUgNR2qvbgZkXcwPEEEk=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4/go.mod h1:Wjn5O9eS7uSi7vlPKt/v0MLTncANn9EMmoDvnzJli6o=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 h1:RnLB7p6aaFMRfyQkD6ckxR7myCC9SABIqSz4czYUUbU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8/go.mod h1:XH7dQJd+56wEbP1I4e4Duo+QhSMxNArE8VP7NuUOTeM=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8 h1:jzApk2f58L9yW9q1GEab3BMMFWUkkiZhyrRUtbwUbKU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8/go.mod h1:WqO+FftfO3tGePUtQxPXM6iODVfqMwsVMgTbG/ZXIdQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8 h1:gwdGHxiV5f6Of48JJIZVD7sx45kT1l9kYdoUH5oQTZM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.8/go.mod h1:C9Glc6N50uIJqPPeL6N3spW/wzGyeQsQmecnKS7DTR4=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6 h1:UOVmwY0g2koBBRvE3Gb9kjoONfKn4qTKixOO0Zbj9Bw=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.6/go.mod h1:QbJlBF4xguHzc4cFK8YoKfIZdTLxUpBCAnc3FafZj5U=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6 h1:UQa4wVLs70GuRhE7/Aq0xun7eGGypU5QuxSp7+ZBGOw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.6/go.mod h1:5R+bNIlo4nnxlawoOAR8QTjLdzSPpNNUEKWDdBrYtT0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.7 h1:sdPpNCoUijc0ntu024ZdjrXh3mB9rud5SjmE7djIfK4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.7/go.mod h1:8RMeDMFTkkDQ5LvaaAykdkNVVR0eQxGWm8CD6uBvd1M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1 h1:/vljM1ZswUEIRHWVxEqDhLzOSGmDcstW2zeTt23Ipf0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.1/go.mod h1:XhJksmKh1RYjMbWHf3ZwQF0UYJjlqrm45NVvDe54SOU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.8 h1:FCYhQETaff4Skb2Hz9WoUqJAesr4MIQ9+TQ9ypjz7Ic=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.8/go.mod h1:s+7oFIwiOegfrF00xNowWwLAtRiA9xhvm1UpZdJ0aus=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10 h1:7kZqP7akv0enu6ykJhb9OYlw16oOrSy+Epus8o/VqMY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10/go.mod h1:gYVF3nM1ApfTRDj9pvdhootBb8WbiIejuqn4w8ruMes=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9 h1:vsr2H+csntN31+MflT2GIVguoRdi9fTO6waPU+QSFPM=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9/go.mod h1:kf6UvOptzjYUR5IDuEZ4gVMmNdWsL+jdEdiKzkPZNPE=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9 h1:XOVJB9woNbx9qH2Np+lpjaDOVwjBRxnlnxv4ltUAE9o=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9/go.mod h1:MdiWkoSbcv50IGdaHC9nYcLL6GC9pYJFsrOybA0qjhg=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.10 h1:ItKVmFwbyb/ZnCWf+nu3XBVmUirpO9eGEQd7urnBA0s=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.10/go.mod h1:5XKooCTi9VB/xZmJDvh7uZ+v3uQ7QdX6diOyhvPA+/w=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4 h1:QMSCYDg3Iyls0KZc/dk3JtS2c1lFfqbmYO10qBPPkJk=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4/go.mod h1:MZ/PVYU/mRbmSF6WK3ybCYHjA2mig8utVokDEVLDgE0=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.11 h1:HYS0csS7UJxdYRoG+bGgUYrSwVnV3/ece/wHm90TApM=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.11/go.mod h1:QXnthRM35zI92048MMwfFChjFmoufTdhtHmouwNfhhU=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.95.0 h1:VCOZWcIdcbQw1CwT40w0wxqG/wRbp/M5WpWfn50nVCo=
-github.com/cloudflare/cloudflare-go v0.95.0/go.mod h1:X0MKeYo7qpA162hx9N51EG+cSzgWq8wguF9Oe+kF+7I=
+github.com/cloudflare/cloudflare-go v0.96.0 h1:wd+qrnyw+C2eXUUujE6BzFEOREkEfoCvogpO5h33FxI=
+github.com/cloudflare/cloudflare-go v0.96.0/go.mod h1:gLP9fJT8ROgRCjHNKxISNNKeU1JEg2yT5uPEEI8x9Ec=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.115.0 h1:Xv0gwN0t7ldD61QKeYeHHwCEKfTXzAOmnUDgGAzoZw4=
-github.com/digitalocean/godo v1.115.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
+github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHknxeE=
+github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
@@ -222,14 +222,13 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
-github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM=
+github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
@@ -241,8 +240,8 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y=
-github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg=
+github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
+github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -427,8 +426,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
-golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg=
+golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -455,8 +454,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
-golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -505,8 +504,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
@@ -522,31 +521,30 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
-golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4=
-google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE=
+google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE=
+google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
-google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 h1:W5Xj/70xIA4x60O/IFyXivR5MGqblAb8R3w26pnD6No=
+google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
-google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
+google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From b47ac0df03ee3dcd9b34375f4184c33bd91e666a Mon Sep 17 00:00:00 2001
From: Yuhui Xu <xuyh0120@outlook.com>
Date: Tue, 4 Jun 2024 11:00:10 -0700
Subject: [PATCH 278/438] GCORE: add SVCB and HTTPS support (#2983)

---
 documentation/providers.md       |  2 +-
 providers/gcore/convert.go       | 12 ++++++++++++
 providers/gcore/gcoreProvider.go |  2 ++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 7c60014a36..b1d6618da5 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -35,7 +35,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
 | [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index b57b956410..b8578d70af 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -45,6 +45,11 @@ func nativeToRecords(n gcoreRRSetExtended, zoneName string) ([]*models.RecordCon
 				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
 			}
 
+		case "SCVB": // GCore mistypes "SVCB" as "SCVB"
+			if err := rc.PopulateFromString("SVCB", value.ContentToString(), zoneName); err != nil {
+				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
+			}
+
 		default: //  "A", "AAAA", "CAA", "NS", "CNAME", "MX", "PTR", "SRV"
 			if err := rc.PopulateFromString(recType, value.ContentToString(), zoneName); err != nil {
 				return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
@@ -90,6 +95,13 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 				Meta:    nil,
 				Enabled: true,
 			}
+		case "SVCB":
+			// GCore mistypes "SVCB" as "SCVB"
+			rr = dnssdk.ResourceRecord{
+				Content: dnssdk.ContentFromValue("SCVB", r.GetTargetCombined()),
+				Meta:    nil,
+				Enabled: true,
+			}
 		default:
 			rr = dnssdk.ResourceRecord{
 				Content: dnssdk.ContentFromValue(key.Type, r.GetTargetCombined()),
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index 9ea285558b..f984e9dda3 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -55,6 +55,8 @@ var features = providers.DocumentationNotes{
 	providers.CanUseSRV:              providers.Can("G-Core doesn't support SRV records with empty targets"),
 	providers.CanUseSSHFP:            providers.Cannot(),
 	providers.CanUseTLSA:             providers.Cannot(),
+	providers.CanUseHTTPS:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Cannot(),

From cffd0bbf0440e640f76c58a4e575aad5f6440785 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 4 Jun 2024 14:30:24 -0400
Subject: [PATCH 279/438] Build(deps): Bump alpine from 3.19.1 to 3.20.0
 (#2990)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index d97597c985..c1e4b7f466 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b as RUN
+FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From 39c08bd0bd980dbfa6092c6678f4f692ec96b169 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 5 Jun 2024 20:45:43 +0200
Subject: [PATCH 280/438] DOCS: Provide domain modifiers code examples with a
 Top Level Function D() (#2993)

---
 commands/types/dnscontrol.d.ts                | 283 +++++++++++-------
 .../domain-modifiers/CAA_BUILDER.md           |  69 +++--
 .../domain-modifiers/DMARC_BUILDER.md         |  73 ++---
 .../domain-modifiers/IGNORE.md                | 111 +++++--
 .../domain-modifiers/M365_BUILDER.md          |  28 +-
 .../domain-modifiers/SSHFP.md                 |   4 +-
 6 files changed, 354 insertions(+), 214 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index ab1fc41e72..269e64e348 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -380,25 +380,29 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * ### Simple example
  *
  * ```javascript
- * CAA_BUILDER({
- *   label: "@",
- *   iodef: "mailto:test@example.com",
- *   iodef_critical: true,
- *   issue: [
- *     "letsencrypt.org",
- *     "comodoca.com",
- *   ],
- *   issuewild: "none",
- * })
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CAA_BUILDER({
+ *     label: "@",
+ *     iodef: "mailto:test@example.com",
+ *     iodef_critical: true,
+ *     issue: [
+ *       "letsencrypt.org",
+ *       "comodoca.com",
+ *     ],
+ *     issuewild: "none",
+ *   }),
+ * END);
  * ```
  *
  * `CAA_BUILDER()` builds multiple records:
  *
  * ```javascript
- * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * CAA("@", "issue", "letsencrypt.org")
- * CAA("@", "issue", "comodoca.com")
- * CAA("@", "issuewild", ";")
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+ *   CAA("@", "issue", "letsencrypt.org"),
+ *   CAA("@", "issue", "comodoca.com"),
+ *   CAA("@", "issuewild", ";"),
+ * END);
  * ```
  *
  * which in turns yield the following records:
@@ -415,27 +419,31 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  * The same example can be enriched with CAA_CRITICAL on all records:
  *
  * ```javascript
- * CAA_BUILDER({
- *   label: "@",
- *   iodef: "mailto:test@example.com",
- *   iodef_critical: true,
- *   issue: [
- *     "letsencrypt.org",
- *     "comodoca.com",
- *   ],
- *   issue_critical: true,
- *   issuewild: "none",
- *   issuewild_critical: true,
- * })
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CAA_BUILDER({
+ *     label: "@",
+ *     iodef: "mailto:test@example.com",
+ *     iodef_critical: true,
+ *     issue: [
+ *       "letsencrypt.org",
+ *       "comodoca.com",
+ *     ],
+ *     issue_critical: true,
+ *     issuewild: "none",
+ *     issuewild_critical: true,
+ *   }),
+ * END);
  * ```
  *
  * `CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set:
  *
  * ```javascript
- * CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
- * CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL)
- * CAA("@", "issue", "comodoca.com", CAA_CRITICAL)
- * CAA("@", "issuewild", ";", CAA_CRITICAL)
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+ *   CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
+ *   CAA("@", "issue", "comodoca.com", CAA_CRITICAL),
+ *   CAA("@", "issuewild", ";", CAA_CRITICAL),
+ * END);
  * ```
  *
  * which in turns yield the following records:
@@ -740,12 +748,14 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  * ### Simple example
  *
  * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- * })
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DMARC_BUILDER({
+ *     policy: "reject",
+ *     ruf: [
+ *       "mailto:mailauth-reports@example.com",
+ *     ],
+ *   }),
+ * END);
  * ```
  *
  * This yield the following record:
@@ -757,36 +767,40 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  * ### Advanced example
  *
  * ```javascript
- * DMARC_BUILDER({
- *   policy: "reject",
- *   subdomainPolicy: "quarantine",
- *   percent: 50,
- *   alignmentSPF: "r",
- *   alignmentDKIM: "strict",
- *   rua: [
- *     "mailto:mailauth-reports@example.com",
- *     "https://dmarc.example.com/submit",
- *   ],
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: "1",
- *   reportInterval: "1h",
- * });
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DMARC_BUILDER({
+ *     policy: "reject",
+ *     subdomainPolicy: "quarantine",
+ *     percent: 50,
+ *     alignmentSPF: "r",
+ *     alignmentDKIM: "strict",
+ *     rua: [
+ *       "mailto:mailauth-reports@example.com",
+ *       "https://dmarc.example.com/submit",
+ *     ],
+ *     ruf: [
+ *       "mailto:mailauth-reports@example.com",
+ *     ],
+ *     failureOptions: "1",
+ *     reportInterval: "1h",
+ *   }),
+ * END);
  * ```
  *
  * ```javascript
- * DMARC_BUILDER({
- *   label: "insecure",
- *   policy: "none",
- *   ruf: [
- *     "mailto:mailauth-reports@example.com",
- *   ],
- *   failureOptions: {
- *       SPF: false,
- *       DKIM: true,
- *   },
- * });
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   DMARC_BUILDER({
+ *     label: "insecure",
+ *     policy: "none",
+ *     ruf: [
+ *       "mailto:mailauth-reports@example.com",
+ *     ],
+ *     failureOptions: {
+ *         SPF: false,
+ *         DKIM: true,
+ *     },
+ *   }),
+ * END);
  * ```
  *
  * This yields the following records:
@@ -1128,9 +1142,11 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * The `IGNORE()` function can be used with up to 3 parameters:
  *
  * ```javascript
- * IGNORE(labelSpec, typeSpec, targetSpec):
- * IGNORE(labelSpec, typeSpec):
- * IGNORE(labelSpec):
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   IGNORE(labelSpec, typeSpec, targetSpec),
+ *   IGNORE(labelSpec, typeSpec),
+ *   IGNORE(labelSpec),
+ * END);
  * ```
  *
  * * `labelSpec` is a glob that matches the DNS label. For example `"foo"` or `"foo*"`.  `"*"` matches all labels, as does the empty string (`""`).
@@ -1232,83 +1248,130 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```
  *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("@", "", ""),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
- *     //    foo.more.example.com. A 1.1.1.1
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `foo.example.com. A 1.1.1.1`
+ * * `foo.more.example.com. A 1.1.1.1`
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("example.com.", "", ""),
- *     // Would match:
- *     //    nothing
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * nothing
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("foo", "", ""),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `foo.example.com. A 1.1.1.1`
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("foo.**", "", ""),
- *     // Would match:
- *     //    foo.more.example.com. A 1.1.1.1
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `foo.more.example.com. A 1.1.1.1`
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www", "", ""),
- *     // Would match:
+ * END);
  *     //    www.example.com. A 174.136.107.196
  * ```
  *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.*", "", ""),
- *     // Would match:
+ * END);
  *     //    nothing
  * ```
  *
+ * **Would match**:
+ *
+ * * nothing
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.example.com", "", ""),
- *     // Would match:
+ * END);
  *     //    nothing
  * ```
  *
+ * **Would match**:
+ *
+ * * nothing
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.example.com.", "", ""),
- *     // Would match:
- *     //    none
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * none
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     //IGNORE("", "", "1.1.1.*"),
- *     // Would match:
- *     //    foo.example.com. A 1.1.1.1
- *     //    foo.more.example.com. A 1.1.1.1
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `foo.example.com. A 1.1.1.1`
+ * * `foo.more.example.com. A 1.1.1.1`
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     //IGNORE("", "", "www"),
- *     // Would match:
- *     //    none
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * none
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("", "", "*bar*"),
- *     // Would match:
- *     //    cfull2.example.com. CNAME www.bar.plts.org.
- *     //    cfull3.example.com. CNAME bar.www.plts.org.
- *     //    mfull2.more.example.com. CNAME www.bar.plts.org.
- *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `cfull2.example.com. CNAME www.bar.plts.org.`
+ * * `cfull3.example.com. CNAME bar.www.plts.org.`
+ * * `mfull2.more.example.com. CNAME www.bar.plts.org.`
+ * * `mfull3.more.example.com. CNAME bar.www.plts.org.`
+ *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("", "", "bar.**"),
- *     // Would match:
- *     //    cfull3.example.com. CNAME bar.www.plts.org.
- *     //    mfull3.more.example.com. CNAME bar.www.plts.org.
+ * END);
  * ```
  *
+ * **Would match**:
+ *
+ * * `cfull3.example.com. CNAME bar.www.plts.org.`
+ * * `mfull3.more.example.com. CNAME bar.www.plts.org.`
+ *
  * ## Conflict handling
  *
  * It is considered as an error for a `dnsconfig.js` to both ignore and insert the
@@ -1344,8 +1407,10 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * instead.
  *
  * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
  *     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
+ * END);
  * ```
  *
  * ## Caveats
@@ -1712,9 +1777,11 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  * ### Simple example
  *
  * ```javascript
- * M365_BUILDER({
- *     initialDomain: "example.onmicrosoft.com",
- * });
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   M365_BUILDER({
+ *       initialDomain: "example.onmicrosoft.com",
+ *   }),
+ * END);
  * ```
  *
  * This sets up `MX` records, Autodiscover, and DKIM.
@@ -1722,15 +1789,17 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  * ### Advanced example
  *
  * ```javascript
- * M365_BUILDER({
- *     label: "test",
- *     mx: false,
- *     autodiscover: false,
- *     dkim: false,
- *     mdm: true,
- *     domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
- *     initialDomain: "example.onmicrosoft.com",
- * });
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   M365_BUILDER({
+ *       label: "test",
+ *       mx: false,
+ *       autodiscover: false,
+ *       dkim: false,
+ *       mdm: true,
+ *       domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
+ *       initialDomain: "example.onmicrosoft.com",
+ *   }),
+ * END);
  * ```
  *
  * This sets up Mobile Device Management only.
@@ -2916,7 +2985,9 @@ declare function SRV(name: string, priority: number, weight: number, port: numbe
  * `value` is the fingerprint as a string.
  *
  * ```javascript
- * SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+ * END);
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
diff --git a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
index 3d3c0662bd..cddca306db 100644
--- a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
@@ -32,16 +32,18 @@ authorized certificate authorities and the builder cares about the rest.
 
 {% code title="dnsconfig.js" %}
 ```javascript
-CAA_BUILDER({
-  label: "@",
-  iodef: "mailto:test@example.com",
-  iodef_critical: true,
-  issue: [
-    "letsencrypt.org",
-    "comodoca.com",
-  ],
-  issuewild: "none",
-})
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  CAA_BUILDER({
+    label: "@",
+    iodef: "mailto:test@example.com",
+    iodef_critical: true,
+    issue: [
+      "letsencrypt.org",
+      "comodoca.com",
+    ],
+    issuewild: "none",
+  }),
+END);
 ```
 {% endcode %}
 
@@ -49,10 +51,12 @@ CAA_BUILDER({
 
 {% code title="dnsconfig.js" %}
 ```javascript
-CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
-CAA("@", "issue", "letsencrypt.org")
-CAA("@", "issue", "comodoca.com")
-CAA("@", "issuewild", ";")
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+  CAA("@", "issue", "letsencrypt.org"),
+  CAA("@", "issue", "comodoca.com"),
+  CAA("@", "issuewild", ";"),
+END);
 ```
 {% endcode %}
 
@@ -71,18 +75,20 @@ The same example can be enriched with CAA_CRITICAL on all records:
 
 {% code title="dnsconfig.js" %}
 ```javascript
-CAA_BUILDER({
-  label: "@",
-  iodef: "mailto:test@example.com",
-  iodef_critical: true,
-  issue: [
-    "letsencrypt.org",
-    "comodoca.com",
-  ],
-  issue_critical: true,
-  issuewild: "none",
-  issuewild_critical: true,
-})
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  CAA_BUILDER({
+    label: "@",
+    iodef: "mailto:test@example.com",
+    iodef_critical: true,
+    issue: [
+      "letsencrypt.org",
+      "comodoca.com",
+    ],
+    issue_critical: true,
+    issuewild: "none",
+    issuewild_critical: true,
+  }),
+END);
 ```
 {% endcode %}
 
@@ -90,10 +96,12 @@ CAA_BUILDER({
 
 {% code title="dnsconfig.js" %}
 ```javascript
-CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL)
-CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL)
-CAA("@", "issue", "comodoca.com", CAA_CRITICAL)
-CAA("@", "issuewild", ";", CAA_CRITICAL)
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
+  CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
+  CAA("@", "issue", "comodoca.com", CAA_CRITICAL),
+  CAA("@", "issuewild", ";", CAA_CRITICAL),
+END);
 ```
 {% endcode %}
 
@@ -106,7 +114,6 @@ which in turns yield the following records:
 @ 300 IN CAA 128 issuewild ";"
 ```
 
-
 ### Parameters
 
 * `label:` The label of the CAA record. (Optional. Default: `"@"`)
diff --git a/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md b/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
index 0a237c40ec..e4c6faf0df 100644
--- a/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
@@ -41,12 +41,14 @@ DMARC policies for your domains.
 
 {% code title="dnsconfig.js" %}
 ```javascript
-DMARC_BUILDER({
-  policy: "reject",
-  ruf: [
-    "mailto:mailauth-reports@example.com",
-  ],
-})
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DMARC_BUILDER({
+    policy: "reject",
+    ruf: [
+      "mailto:mailauth-reports@example.com",
+    ],
+  }),
+END);
 ```
 {% endcode %}
 
@@ -60,38 +62,42 @@ This yield the following record:
 
 {% code title="dnsconfig.js" %}
 ```javascript
-DMARC_BUILDER({
-  policy: "reject",
-  subdomainPolicy: "quarantine",
-  percent: 50,
-  alignmentSPF: "r",
-  alignmentDKIM: "strict",
-  rua: [
-    "mailto:mailauth-reports@example.com",
-    "https://dmarc.example.com/submit",
-  ],
-  ruf: [
-    "mailto:mailauth-reports@example.com",
-  ],
-  failureOptions: "1",
-  reportInterval: "1h",
-});
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DMARC_BUILDER({
+    policy: "reject",
+    subdomainPolicy: "quarantine",
+    percent: 50,
+    alignmentSPF: "r",
+    alignmentDKIM: "strict",
+    rua: [
+      "mailto:mailauth-reports@example.com",
+      "https://dmarc.example.com/submit",
+    ],
+    ruf: [
+      "mailto:mailauth-reports@example.com",
+    ],
+    failureOptions: "1",
+    reportInterval: "1h",
+  }),
+END);
 ```
 {% endcode %}
 
 {% code title="dnsconfig.js" %}
 ```javascript
-DMARC_BUILDER({
-  label: "insecure",
-  policy: "none",
-  ruf: [
-    "mailto:mailauth-reports@example.com",
-  ],
-  failureOptions: {
-      SPF: false,
-      DKIM: true,
-  },
-});
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  DMARC_BUILDER({
+    label: "insecure",
+    policy: "none",
+    ruf: [
+      "mailto:mailauth-reports@example.com",
+    ],
+    failureOptions: {
+        SPF: false,
+        DKIM: true,
+    },
+  }),
+END);
 ```
 {% endcode %}
 
@@ -102,7 +108,6 @@ This yields the following records:
 insecure    IN  TXT "v=DMARC1; p=none; ruf=mailto:mailauth-reports@example.com; fo=d"
 ```
 
-
 ### Parameters
 
 * `label:` The DNS label for the DMARC record (`_dmarc` prefix is added, default: `"@"`)
diff --git a/documentation/language-reference/domain-modifiers/IGNORE.md b/documentation/language-reference/domain-modifiers/IGNORE.md
index 3a5322ffde..6a5d310ee5 100644
--- a/documentation/language-reference/domain-modifiers/IGNORE.md
+++ b/documentation/language-reference/domain-modifiers/IGNORE.md
@@ -38,9 +38,11 @@ The `IGNORE()` function can be used with up to 3 parameters:
 
 {% code %}
 ```javascript
-IGNORE(labelSpec, typeSpec, targetSpec):
-IGNORE(labelSpec, typeSpec):
-IGNORE(labelSpec):
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  IGNORE(labelSpec, typeSpec, targetSpec),
+  IGNORE(labelSpec, typeSpec),
+  IGNORE(labelSpec),
+END);
 ```
 {% endcode %}
 
@@ -152,106 +154,153 @@ END);
 
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("@", "", ""),
-    // Would match:
-    //    foo.example.com. A 1.1.1.1
-    //    foo.more.example.com. A 1.1.1.1
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `foo.example.com. A 1.1.1.1`
+* `foo.more.example.com. A 1.1.1.1`
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("example.com.", "", ""),
-    // Would match:
-    //    nothing
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* nothing
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("foo", "", ""),
-    // Would match:
-    //    foo.example.com. A 1.1.1.1
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `foo.example.com. A 1.1.1.1`
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("foo.**", "", ""),
-    // Would match:
-    //    foo.more.example.com. A 1.1.1.1
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `foo.more.example.com. A 1.1.1.1`
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www", "", ""),
-    // Would match:
+END);
     //    www.example.com. A 174.136.107.196
 ```
 {% endcode %}
 
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.*", "", ""),
-    // Would match:
+END);
     //    nothing
 ```
 {% endcode %}
 
+**Would match**:
+
+* nothing
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.example.com", "", ""),
-    // Would match:
+END);
     //    nothing
 ```
 {% endcode %}
 
+**Would match**:
+
+* nothing
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.example.com.", "", ""),
-    // Would match:
-    //    none
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* none
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     //IGNORE("", "", "1.1.1.*"),
-    // Would match:
-    //    foo.example.com. A 1.1.1.1
-    //    foo.more.example.com. A 1.1.1.1
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `foo.example.com. A 1.1.1.1`
+* `foo.more.example.com. A 1.1.1.1`
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     //IGNORE("", "", "www"),
-    // Would match:
-    //    none
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* none
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("", "", "*bar*"),
-    // Would match:
-    //    cfull2.example.com. CNAME www.bar.plts.org.
-    //    cfull3.example.com. CNAME bar.www.plts.org.
-    //    mfull2.more.example.com. CNAME www.bar.plts.org.
-    //    mfull3.more.example.com. CNAME bar.www.plts.org.
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `cfull2.example.com. CNAME www.bar.plts.org.`
+* `cfull3.example.com. CNAME bar.www.plts.org.`
+* `mfull2.more.example.com. CNAME www.bar.plts.org.`
+* `mfull3.more.example.com. CNAME bar.www.plts.org.`
+
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("", "", "bar.**"),
-    // Would match:
-    //    cfull3.example.com. CNAME bar.www.plts.org.
-    //    mfull3.more.example.com. CNAME bar.www.plts.org.
+END);
 ```
 {% endcode %}
 
+**Would match**:
+
+* `cfull3.example.com. CNAME bar.www.plts.org.`
+* `mfull3.more.example.com. CNAME bar.www.plts.org.`
+
 ## Conflict handling
 
 It is considered as an error for a `dnsconfig.js` to both ignore and insert the
@@ -294,8 +343,10 @@ instead.
 
 {% code %}
 ```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/M365_BUILDER.md b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
index 6661a71ea7..985268cc2e 100644
--- a/documentation/language-reference/domain-modifiers/M365_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
@@ -32,9 +32,11 @@ It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](SPF_BUILDER.md) and [`DMARC_
 
 {% code title="dnsconfig.js" %}
 ```javascript
-M365_BUILDER({
-    initialDomain: "example.onmicrosoft.com",
-});
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  M365_BUILDER({
+      initialDomain: "example.onmicrosoft.com",
+  }),
+END);
 ```
 {% endcode %}
 
@@ -44,15 +46,17 @@ This sets up `MX` records, Autodiscover, and DKIM.
 
 {% code title="dnsconfig.js" %}
 ```javascript
-M365_BUILDER({
-    label: "test",
-    mx: false,
-    autodiscover: false,
-    dkim: false,
-    mdm: true,
-    domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
-    initialDomain: "example.onmicrosoft.com",
-});
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  M365_BUILDER({
+      label: "test",
+      mx: false,
+      autodiscover: false,
+      dkim: false,
+      mdm: true,
+      domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
+      initialDomain: "example.onmicrosoft.com",
+  }),
+END);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/SSHFP.md b/documentation/language-reference/domain-modifiers/SSHFP.md
index 2774c9f423..6598b82149 100644
--- a/documentation/language-reference/domain-modifiers/SSHFP.md
+++ b/documentation/language-reference/domain-modifiers/SSHFP.md
@@ -38,6 +38,8 @@ parameter_types:
 
 {% code title="dnsconfig.js" %}
 ```javascript
-SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
+END);
 ```
 {% endcode %}

From 94ce7e2a5db1bbe14d9600753b59de47b0260346 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 10 Jun 2024 19:13:12 +0200
Subject: [PATCH 281/438] BUILD: GoReleaser v2.0.0 (#2996)

---
 .github/workflows/pr_test.yml       | 4 ++--
 .github/workflows/release_draft.yml | 2 +-
 .goreleaser.yml                     | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 6120e1d2e1..2890114283 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -54,7 +54,7 @@ jobs:
       id: build_binaries_tagged
       name: Build binaries (if tagged)
       if: github.ref_type == 'tag'
-      uses: goreleaser/goreleaser-action@v5
+      uses: goreleaser/goreleaser-action@v6
       with:
         distribution: goreleaser
         version: latest
@@ -63,7 +63,7 @@ jobs:
       id: build_binaries_not_tagged
       name: Build binaries (not tagged)
       if: github.ref_type != 'tag'
-      uses: goreleaser/goreleaser-action@v5
+      uses: goreleaser/goreleaser-action@v6
       with:
         args: build --snapshot
   integration-test-providers:
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index cc918ce3a5..55460a4293 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -52,7 +52,7 @@ jobs:
     -
       id: release
       name: Goreleaser release
-      uses: goreleaser/goreleaser-action@v5
+      uses: goreleaser/goreleaser-action@v6
       with:
         distribution: goreleaser
         version: latest
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 5db6fa997b..886a226f65 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,5 +1,6 @@
 # yaml-language-server: $schema=https://goreleaser.com/static/schema.json
 project_name: dnscontrol
+version: 2
 builds:
   -
     id: build

From 68b0b300d61cc23fee7f483426d23e45aee1d89b Mon Sep 17 00:00:00 2001
From: Zheng Chaojian <charliez0sp@gmail.com>
Date: Tue, 11 Jun 2024 12:52:33 +0800
Subject: [PATCH 282/438] CLOUDFLAREAPI: Enable DNSKEY, HTTPS, SVCB record
 types (#3000)

---
 documentation/providers.md                 |  2 +-
 providers/cloudflare/cloudflareProvider.go |  9 +++++--
 providers/cloudflare/rest.go               | 28 +++++++++++++++++++++-
 3 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index b1d6618da5..e0814a3090 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -21,7 +21,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 009a396b4c..ceab87a6ba 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -47,12 +47,15 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDNSKEY:           providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
+	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
+	providers.CanUseSVCB:             providers.Can(),
 	providers.CanUseTLSA:             providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Cannot("Cloudflare will not work well in situations where it is not the only DNS server"),
@@ -642,15 +645,17 @@ type cfRecData struct {
 	Weight       uint16   `json:"weight"`        // SRV
 	Port         uint16   `json:"port"`          // SRV
 	Tag          string   `json:"tag"`           // CAA
-	Flags        uint8    `json:"flags"`         // CAA
+	Flags        uint16   `json:"flags"`         // CAA/DNSKEY
 	Value        string   `json:"value"`         // CAA
 	Usage        uint8    `json:"usage"`         // TLSA
 	Selector     uint8    `json:"selector"`      // TLSA
 	MatchingType uint8    `json:"matching_type"` // TLSA
 	Certificate  string   `json:"certificate"`   // TLSA
-	Algorithm    uint8    `json:"algorithm"`     // SSHFP/DS
+	Algorithm    uint8    `json:"algorithm"`     // SSHFP/DNSKEY/DS
 	HashType     uint8    `json:"type"`          // SSHFP
 	Fingerprint  string   `json:"fingerprint"`   // SSHFP
+	Protocol     uint8    `json:"protocol"`      // DNSKEY
+	PublicKey    string   `json:"public_key"`    // DNSKEY
 	KeyTag       uint16   `json:"key_tag"`       // DS
 	DigestType   uint8    `json:"digest_type"`   // DS
 	Digest       string   `json:"digest"`        // DS
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 433cba3a18..e0f9d6aaab 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -71,6 +71,15 @@ func (c *cloudflareProvider) createZone(domainName string) (string, error) {
 	return zone.ID, err
 }
 
+func cfDnskeyData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Algorithm: rec.DnskeyAlgorithm,
+		Flags:     rec.DnskeyFlags,
+		Protocol:  rec.DnskeyProtocol,
+		PublicKey: rec.DnskeyPublicKey,
+	}
+}
+
 func cfDSData(rec *models.RecordConfig) *cfRecData {
 	return &cfRecData{
 		KeyTag:     rec.DsKeyTag,
@@ -97,7 +106,7 @@ func cfSrvData(rec *models.RecordConfig) *cfRecData {
 func cfCaaData(rec *models.RecordConfig) *cfRecData {
 	return &cfRecData{
 		Tag:   rec.CaaTag,
-		Flags: rec.CaaFlag,
+		Flags: uint16(rec.CaaFlag),
 		Value: rec.GetTargetField(),
 	}
 }
@@ -119,6 +128,14 @@ func cfSshfpData(rec *models.RecordConfig) *cfRecData {
 	}
 }
 
+func cfSvcbData(rec *models.RecordConfig) *cfRecData {
+	return &cfRecData{
+		Priority: rec.SvcPriority,
+		Target:   cfTarget(rec.GetTargetField()),
+		Value:    rec.SvcParams,
+	}
+}
+
 func cfNaptrData(rec *models.RecordConfig) *cfNaptrRecData {
 	return &cfNaptrRecData{
 		Flags:       rec.NaptrFlags,
@@ -175,11 +192,15 @@ func (c *cloudflareProvider) createRecDiff2(rec *models.RecordConfig, domainID s
 			} else if rec.Type == "SSHFP" {
 				cf.Data = cfSshfpData(rec)
 				cf.Name = rec.GetLabelFQDN()
+			} else if rec.Type == "DNSKEY" {
+				cf.Data = cfDnskeyData(rec)
 			} else if rec.Type == "DS" {
 				cf.Data = cfDSData(rec)
 			} else if rec.Type == "NAPTR" {
 				cf.Data = cfNaptrData(rec)
 				cf.Name = rec.GetLabelFQDN()
+			} else if rec.Type == "HTTPS" || rec.Type == "SVCB" {
+				cf.Data = cfSvcbData(rec)
 			}
 			resp, err := c.cfClient.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), cf)
 			if err != nil {
@@ -227,12 +248,17 @@ func (c *cloudflareProvider) modifyRecord(domainID, recID string, proxied bool,
 	} else if rec.Type == "SSHFP" {
 		r.Data = cfSshfpData(rec)
 		r.Name = rec.GetLabelFQDN()
+	} else if rec.Type == "DNSKEY" {
+		r.Data = cfDnskeyData(rec)
+		r.Content = ""
 	} else if rec.Type == "DS" {
 		r.Data = cfDSData(rec)
 		r.Content = ""
 	} else if rec.Type == "NAPTR" {
 		r.Data = cfNaptrData(rec)
 		r.Name = rec.GetLabelFQDN()
+	} else if rec.Type == "HTTPS" || rec.Type == "SVCB" {
+		r.Data = cfSvcbData(rec)
 	}
 	_, err := c.cfClient.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(domainID), r)
 	return err

From 2ccef49183f1713fa5eb9a5903ee4fec66c52bfc Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 11 Jun 2024 15:05:03 -0400
Subject: [PATCH 283/438] CLOUDFLAREAPI: disable DNSKEY until it is fixed
 (#3004)

---
 documentation/providers.md                 | 2 +-
 providers/cloudflare/cloudflareProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index e0814a3090..0e06bea373 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -21,7 +21,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
-| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ | ✅ |
+| [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index ceab87a6ba..40d6acc9d6 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -47,7 +47,7 @@ var features = providers.DocumentationNotes{
 	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can("CF automatically flattens CNAME records into A records dynamically"),
 	providers.CanUseCAA:              providers.Can(),
-	providers.CanUseDNSKEY:           providers.Can(),
+	providers.CanUseDNSKEY:           providers.Cannot(),
 	providers.CanUseDSForChildren:    providers.Can(),
 	providers.CanUseHTTPS:            providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),

From 8eb3c65050f535bffa2bb76da8adf8f4779a07e9 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 11 Jun 2024 15:27:11 -0400
Subject: [PATCH 284/438] FEATURE: Enable "require()" function to accept json5
 files (#3003)

Co-authored-by: charliez0 <charliez0sp@gmail.com>
---
 commands/types/dnscontrol.d.ts                 |  1 +
 commands/types/others.d.ts                     |  1 +
 .../top-level-functions/require.md             | 16 ++++++++++++----
 pkg/js/js.go                                   |  3 ++-
 pkg/js/parse_tests/049-json5-require.js        |  8 ++++++++
 pkg/js/parse_tests/049-json5-require.json      | 18 ++++++++++++++++++
 pkg/js/parse_tests/domain-ip-map.json5         |  7 +++++++
 7 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100644 pkg/js/parse_tests/049-json5-require.js
 create mode 100644 pkg/js/parse_tests/049-json5-require.json
 create mode 100644 pkg/js/parse_tests/domain-ip-map.json5

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 269e64e348..85e0d18598 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -110,6 +110,7 @@ interface ResponseHeaders {
 
 
 declare function require(name: `${string}.json`): any;
+declare function require(name: `${string}.json5`): any;
 declare function require(name: string): true;
 
 /**
diff --git a/commands/types/others.d.ts b/commands/types/others.d.ts
index 31e6aa0d7e..185ede344f 100644
--- a/commands/types/others.d.ts
+++ b/commands/types/others.d.ts
@@ -1,4 +1,5 @@
 declare function require(name: `${string}.json`): any;
+declare function require(name: `${string}.json5`): any;
 declare function require(name: string): true;
 
 /**
diff --git a/documentation/language-reference/top-level-functions/require.md b/documentation/language-reference/top-level-functions/require.md
index b4fc7d6b5b..6226e5c465 100644
--- a/documentation/language-reference/top-level-functions/require.md
+++ b/documentation/language-reference/top-level-functions/require.md
@@ -5,14 +5,14 @@ parameters:
 ts_ignore: true
 ---
 
-`require(...)` loads the specified JavaScript or JSON file, allowing
+`require(...)` loads the specified JavaScript, JSON, or JSON5 file, allowing
 to split your configuration across multiple files.
 
 A better name for this function might be "include".
 
 If the supplied `path` string ends with `.js`, the file is interpreted
 as JavaScript code, almost as though its contents had been included in
-the currently-executing file.  If  the path string ends with `.json`,
+the currently-executing file.  If  the path string ends with `.json` or `.json5` (case insensitive),
 `require()` returns the `JSON.parse()` of the file's contents.
 
 If the path string begins with a `./`, it is interpreted relative to
@@ -81,7 +81,7 @@ function includeK8Sdev() {
 ```
 {% endcode %}
 
-### Example 3: JSON
+### Example 3: JSON and JSON5
 
 Requiring JSON files initializes variables:
 
@@ -89,8 +89,11 @@ Requiring JSON files initializes variables:
 ```javascript
 var domains = require("./domain-ip-map.json")
 
+var REG_MY_PROVIDER = NewRegistrar("none");
+var DSP_MY_DNSSERVER = NewDnsProvider("none");
+
 for (var domain in domains) {
-    D(domain, REG_MY_PROVIDER, PROVIDER,
+    D(domain, REG_MY_PROVIDER, DSP_MY_DNSSERVER,
         A("@", domains[domain])
     );
 }
@@ -106,6 +109,11 @@ for (var domain in domains) {
 ```
 {% endcode %}
 
+JSON5 works the same way, but the filename ends in `.json5`. (Note: JSON5
+features are supported whether the filename ends with `.json` or `.json5`.
+However please don't rely on JSON5 features in a `.json` file as this may
+change some day.)
+
 # Notes
 
 `require()` is *much* closer to PHP's `include()` function than it
diff --git a/pkg/js/js.go b/pkg/js/js.go
index dc054918d1..7112e48f26 100644
--- a/pkg/js/js.go
+++ b/pkg/js/js.go
@@ -157,7 +157,8 @@ func require(call otto.FunctionCall) otto.Value {
 	var value = otto.TrueValue()
 
 	// If its a json file return the json value, else default to true
-	if strings.HasSuffix(filepath.Ext(relFile), "json") {
+	var ext = strings.ToLower(filepath.Ext(relFile))
+	if strings.HasSuffix(ext, "json") || strings.HasSuffix(ext, "json5") {
 		cmd := fmt.Sprintf(`JSON.parse(JSON.stringify(%s))`, string(data))
 		value, err = call.Otto.Run(cmd)
 	} else {
diff --git a/pkg/js/parse_tests/049-json5-require.js b/pkg/js/parse_tests/049-json5-require.js
new file mode 100644
index 0000000000..0c672f2ce0
--- /dev/null
+++ b/pkg/js/parse_tests/049-json5-require.js
@@ -0,0 +1,8 @@
+var domains = require('./domain-ip-map.json5')
+
+var domain = "foo.com"
+var ip = domains["foo.com"]
+
+D(domain,"none",
+    A("@",ip)
+);
diff --git a/pkg/js/parse_tests/049-json5-require.json b/pkg/js/parse_tests/049-json5-require.json
new file mode 100644
index 0000000000..9e9ea70183
--- /dev/null
+++ b/pkg/js/parse_tests/049-json5-require.json
@@ -0,0 +1,18 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "A",
+          "name": "@",
+          "target": "1.1.1.1"
+        }
+      ]
+    }
+  ]
+}
diff --git a/pkg/js/parse_tests/domain-ip-map.json5 b/pkg/js/parse_tests/domain-ip-map.json5
new file mode 100644
index 0000000000..8eec061e70
--- /dev/null
+++ b/pkg/js/parse_tests/domain-ip-map.json5
@@ -0,0 +1,7 @@
+// This is a comment.
+{
+  "foo.com": "1.1.1.1",
+  "bar.com": "5.5.5.5",
+}
+
+// The "bar.com" line has a comma at the end.

From 2344257095bac00787d5c1179e3d39ac26c97897 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 11 Jun 2024 17:11:42 -0400
Subject: [PATCH 285/438] Build(deps): Bump
 github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.5.2 to 1.6.0 (#3006)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 11 +++++------
 go.sum | 26 ++++++++++++--------------
 2 files changed, 17 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index 8f9fc8c5ff..5d42c94e7f 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ retract v4.8.0
 require google.golang.org/protobuf v1.34.1 // indirect
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
@@ -51,8 +51,8 @@ require (
 	github.com/transip/gotransip/v6 v6.24.0
 	github.com/urfave/cli/v2 v2.27.2
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.23.0 // indirect
-	golang.org/x/net v0.25.0
+	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
 	google.golang.org/api v0.182.0
 	gopkg.in/ns1/ns1-go.v2 v2.10.0
@@ -78,7 +78,7 @@ require (
 	cloud.google.com/go/auth v0.4.2 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
@@ -126,7 +126,6 @@ require (
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
-	github.com/kr/pretty v0.3.1 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -150,7 +149,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
diff --git a/go.sum b/go.sum
index ecd2f81814..906c2098e9 100644
--- a/go.sum
+++ b/go.sum
@@ -7,10 +7,10 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
@@ -107,8 +107,6 @@ github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHk
 github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
-github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
-github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
 github.com/dnsimple/dnsimple-go v1.5.1/go.mod h1:QWFwNXg2hV2PrGQE9b69Ig6UwHyIOxQRrECmVvaugss=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -344,8 +342,8 @@ github.com/robertkrimen/otto v0.4.0 h1:/c0GRrK1XDPcgIasAsnlpBT5DelIeB9U/Z/JCQsgr
 github.com/robertkrimen/otto v0.4.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@@ -423,8 +421,8 @@ golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg=
 golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
@@ -451,8 +449,8 @@ golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -489,8 +487,8 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 174fd7b1acaec9004c597dc78c1da6bbe687af84 Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Mon, 17 Jun 2024 21:02:40 +0800
Subject: [PATCH 286/438] PORKBUN: catch error on parsing api (#3012)

---
 providers/porkbun/api.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 066cf50855..003a371771 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -134,7 +134,10 @@ func (c *porkbunProvider) getRecords(domain string) ([]domainRecord, error) {
 	}
 
 	var dr recordResponse
-	json.Unmarshal(bodyString, &dr)
+	err = json.Unmarshal(bodyString, &dr)
+	if err != nil {
+		return nil, fmt.Errorf("failed parsing record list from porkbun: %w", err)
+	}
 
 	var records []domainRecord
 	for _, rec := range dr.Records {
@@ -154,7 +157,10 @@ func (c *porkbunProvider) getNameservers(domain string) ([]string, error) {
 	}
 
 	var ns nsResponse
-	json.Unmarshal(bodyString, &ns)
+	err = json.Unmarshal(bodyString, &ns)
+	if err != nil {
+		return nil, fmt.Errorf("failed parsing nameserver list from porkbun: %w", err)
+	}
 
 	sort.Strings(ns.Nameservers)
 
@@ -185,7 +191,10 @@ func (c *porkbunProvider) listAllDomains() ([]string, error) {
 	}
 
 	var dlr domainListResponse
-	json.Unmarshal(bodyString, &dlr)
+	err = json.Unmarshal(bodyString, &dlr)
+	if err != nil {
+		return nil, fmt.Errorf("failed parsing domain list from porkbun: %w", err)
+	}
 
 	var domains []string
 	for _, domain := range dlr.Domains {

From d55474ca6974dc0c9ff66bd4f422d0cb51bb4c6b Mon Sep 17 00:00:00 2001
From: Karol Lassak <ingwar@ingwar.eu.org>
Date: Mon, 17 Jun 2024 16:46:31 +0200
Subject: [PATCH 287/438] GCLOUD: Fix issue on creating/deleting/updating TXT
 records (#3011)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/gcloud/gcloudProvider.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 2aeb420371..1f429d0b89 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -271,11 +271,11 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		case diff2.CHANGE:
 			newMsgs = change.Msgs
 			newAdds = mkRRSs(n, ty, change.New)
-			newDels = mkRRSs(n, ty, change.Old)
+			newDels = change.Old[0].Original.(*gdns.ResourceRecordSet)
 		case diff2.DELETE:
 			newMsgs = change.Msgs
 			newAdds = nil
-			newDels = mkRRSs(n, ty, change.Old)
+			newDels = change.Old[0].Original.(*gdns.ResourceRecordSet)
 		default:
 			return nil, fmt.Errorf("GCLOUD unhandled change.TYPE %s", change.Type)
 		}
@@ -403,6 +403,7 @@ func nativeToRecord(set *gdns.ResourceRecordSet, rec, origin string) (*models.Re
 	r.SetLabelFromFQDN(set.Name, origin)
 	r.TTL = uint32(set.Ttl)
 	rtype := set.Type
+	r.Original = set
 	err := r.PopulateFromStringFunc(rtype, rec, origin, txtutil.ParseQuoted)
 	if err != nil {
 		return nil, fmt.Errorf("unparsable record %q received from GCLOUD: %w", rtype, err)

From ce07c76fe891233914729d93b447961cd240cae5 Mon Sep 17 00:00:00 2001
From: Hui Hui <github@huihui.contact>
Date: Tue, 18 Jun 2024 00:04:32 +0800
Subject: [PATCH 288/438] Add support for huaweicloud dns (#3010)

Signed-off-by: huihuimoe <github@huihui.contact>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml                |   2 +-
 .goreleaser.yml                              |   2 +-
 OWNERS                                       |   1 +
 README.md                                    |   1 +
 documentation/SUMMARY.md                     |   1 +
 documentation/provider/huaweicloud.md        |  77 +++++++
 documentation/providers.md                   |   2 +
 go.mod                                       |   6 +
 go.sum                                       |  34 +++
 integrationTest/providers.json               |   7 +
 providers/_all/all.go                        |   1 +
 providers/huaweicloud/auditrecords.go        |  18 ++
 providers/huaweicloud/convert.go             |  88 ++++++++
 providers/huaweicloud/huaweicloudProvider.go | 155 +++++++++++++
 providers/huaweicloud/listzones.go           |  95 ++++++++
 providers/huaweicloud/records.go             | 226 +++++++++++++++++++
 16 files changed, 714 insertions(+), 2 deletions(-)
 create mode 100644 documentation/provider/huaweicloud.md
 create mode 100644 providers/huaweicloud/auditrecords.go
 create mode 100644 providers/huaweicloud/convert.go
 create mode 100644 providers/huaweicloud/huaweicloudProvider.go
 create mode 100644 providers/huaweicloud/listzones.go
 create mode 100644 providers/huaweicloud/records.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 2890114283..5665313c10 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -88,7 +88,7 @@ jobs:
         Write-Host "Integration test providers: $Providers"
         echo "integration_test_providers=$(ConvertTo-Json -InputObject $Providers -Compress)" >> $env:GITHUB_OUTPUT
       env:
-        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 886a226f65..268ae3d728 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -39,7 +39,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|huaweicloud|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index dd6b2c9eaf..3a2c3403a4 100644
--- a/OWNERS
+++ b/OWNERS
@@ -24,6 +24,7 @@ providers/hedns @rblenkinsopp
 providers/hetzner @das7pad
 providers/hexonet @KaiSchwarz-cnic
 providers/hostingde @juliusrickert
+providers/huaweicloud @huihuimoe
 providers/internetbs @pragmaton
 providers/inwx @patschi
 providers/linode @koesie10
diff --git a/README.md b/README.md
index f2ea460562..8fd972e2bb 100644
--- a/README.md
+++ b/README.md
@@ -38,6 +38,7 @@ Currently supported DNS providers:
 - Hetzner
 - HEXONET
 - hosting.de
+- Huawei Cloud DNS
 - Hurricane Electric DNS
 - INWX
 - Linode
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 1dec62ccd3..26a8d11726 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -127,6 +127,7 @@
 * [Hetzner DNS Console](provider/hetzner.md)
 * [HEXONET](provider/hexonet.md)
 * [hosting.de](provider/hostingde.md)
+* [Huawei Cloud DNS](provider/huaweicloud.md)
 * [Hurricane Electric DNS](provider/hedns.md)
 * [Internet.bs](provider/internetbs.md)
 * [INWX](provider/inwx.md)
diff --git a/documentation/provider/huaweicloud.md b/documentation/provider/huaweicloud.md
new file mode 100644
index 0000000000..411040d94b
--- /dev/null
+++ b/documentation/provider/huaweicloud.md
@@ -0,0 +1,77 @@
+## Configuration
+
+
+This provider is for the [Huawei Cloud DNS](https://www.huaweicloud.com/intl/en-us/product/dns.html)(Public DNS).  To use this provider, add an entry to `creds.json` with `TYPE` set to `HUAWEICLOUD`.
+along with the API credentials.
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "huaweicloud": {
+    "TYPE": "HUAWEICLOUD",
+    "KeyId": "YOUR_ACCESS_KEY_ID",
+    "SecretKey": "YOUR_SECRET_ACCESS_KEY",
+    "Region": "YOUR_SERVICE_REGION"
+  }
+}
+```
+{% endcode %}
+
+## Metadata
+This provider does not recognize any special metadata fields unique to Huawei Cloud DNS.
+
+## Usage
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_HWCLOUD = NewDnsProvider("huaweicloud");
+
+D("example.com", REG_NONE, DnsProvider(DSP_HWCLOUD),
+    A("test", "1.2.3.4"),
+END);
+```
+{% endcode %}
+
+## Activation
+DNSControl depends on a standard [IAM User](https://support.huaweicloud.com/intl/en-us/usermanual-iam/iam_02_0003.html) with permission to list, create and update hosted zones.
+
+The `DNS FullAccess` policy will also work, but that provides access to many other areas and violates the "principle of least privilege".
+
+The minimum permissions required are as follows:
+
+```json
+{
+    "Version": "1.1",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dns:recordset:delete",
+                "dns:recordset:create",
+                "dns:zone:create",
+                "dns:recordset:get",
+                "dns:nameserver:getZoneNameServer",
+                "dns:zone:list",
+                "dns:recordset:update",
+                "dns:recordset:list",
+                "dns:zone:get"
+            ]
+        }
+    ]
+}
+```
+
+To determine the `Region` parameter, refer to the [endpoint page of huaweicloud](https://developer.huaweicloud.com/intl/en-us/endpoint?DNS). For example, on the international site, the `Region` name `ap-southeast-1` is known to work.
+
+If that doesn't work, log into Huaweicloud's website and open the [API Explorer](https://console-intl.huaweicloud.com/apiexplorer/#/openapi/DNS/debug?api=ListPublicZones), find the `ListPublicZones` API, select a different Region and click Debug to try and find your Region.
+
+## New domains
+If a domain does not exist in your Huawei Cloud account, DNSControl will automatically add it with the `push` command.
+
+## GeoDNS
+Managing GeoDNS RRSet on Huawei Cloud (also called **Line** in Huawei Cloud DNS) is not supported in DNSControl.
+If your Zone needs to use GeoDNS, please create it manually in the console and use [IGNORE](../language-reference/domain-modifiers/IGNORE.md) modifiers in DNSControl to prevent changing it.
diff --git a/documentation/providers.md b/documentation/providers.md
index 0e06bea373..840a3b8745 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -40,6 +40,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
 | [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HUAWEICLOUD`](provider/huaweicloud.md) | ❌ | ✅ | ❌ | ❔ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
@@ -130,6 +131,7 @@ Providers in this category and their maintainers are:
 |[`HETZNER`](provider/hetzner.md)|@das7pad|
 |[`HEXONET`](provider/hexonet.md)|@KaiSchwarz-cnic|
 |[`HOSTINGDE`](provider/hostingde.md)|@membero|
+|[`HUAWEICLOUD`](provider/huaweicloud.md)|@huihuimoe|
 |[`INTERNETBS`](provider/internetbs.md)|@pragmaton|
 |[`INWX`](provider/inwx.md)|@patschi|
 |[`LINODE`](provider/linode.md)|@koesie10|
diff --git a/go.mod b/go.mod
index 5d42c94e7f..c42a4494f6 100644
--- a/go.mod
+++ b/go.mod
@@ -65,6 +65,7 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
@@ -125,10 +126,13 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/peterhellberg/link v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -141,7 +145,9 @@ require (
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
+	go.mongodb.org/mongo-driver v1.12.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/otel v1.24.0 // indirect
diff --git a/go.sum b/go.sum
index 906c2098e9..b63fde7652 100644
--- a/go.sum
+++ b/go.sum
@@ -175,11 +175,13 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -240,6 +242,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
 github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100 h1:OXGVtlUZLIKAX8ERmytPeypL9CdeCwo9/FTxvg90IRg=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100/go.mod h1:lhdEO9Bbb3hZ0wG+JeK9/GqMOp/sgc92mFmVk5tNSCk=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -249,11 +253,13 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/errors v1.0.0 h1:yiq7kjCLll1BiaRuNY53MGI0+EQ3rF6GB+wvboZDefM=
 github.com/juju/errors v1.0.0/go.mod h1:B5x9thDqx0wIMH3+aLIMP9HjItInYWObRovoCFM5Qe8=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -306,9 +312,12 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR
 github.com/mittwald/go-powerdns v0.6.2 h1:jNZoW5vPzsQvUQ3BzXEWteHPWoJ1GwcHyF4mSh4YZ7Y=
 github.com/mittwald/go-powerdns v0.6.2/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAAxrQxRHEu7FkapwTuI2WmL1rw4g=
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
@@ -381,8 +390,11 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
+github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/transip/gotransip/v6 v6.24.0 h1:QaHgRT3ikpMCXr8Ntojiced/W4izd9ra9PNE/i+7qTE=
 github.com/transip/gotransip/v6 v6.24.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
@@ -397,13 +409,19 @@ github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZ
 github.com/vultr/govultr/v2 v2.17.2/go.mod h1:ZFOKGWmgjytfyjeyAdhQlSWwTjh2ig+X49cAp50dzXI=
 github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419 h1:PT5KYEimicg1GRkBtBxCLcHWvMcBRGljOLwG/y4+T5c=
 github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419/go.mod h1:BxZUa1xZ189Ww28wRT0LjHcmHgQmPh27hqfHIwET0ok=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
+github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
 github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
+go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
@@ -417,10 +435,14 @@ go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -442,13 +464,17 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -487,6 +513,9 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
@@ -494,6 +523,9 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -502,6 +534,7 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -540,6 +573,7 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
 google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index e931b29f9f..a2e1567eae 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -288,5 +288,12 @@
     "TYPE": "VULTR",
     "domain": "$VULTR_DOMAIN",
     "token": "$VULTR_TOKEN"
+  },
+  "HUAWEICLOUD": {
+    "TYPE": "HUAWEICLOUD",
+    "domain": "$HUAWEICLOUD_DOMAIN",
+    "Region": "$HUAWEICLOUD_REGION",
+    "KeyId": "$HUAWEICLOUD_KEY_ID",
+    "SecretKey": "$HUAWEICLOUD_KEY"
   }
 }
diff --git a/providers/_all/all.go b/providers/_all/all.go
index c7689b6ae8..9b99d6ed51 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -29,6 +29,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/hetzner"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/hexonet"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/hostingde"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/huaweicloud"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/internetbs"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/inwx"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/linode"
diff --git a/providers/huaweicloud/auditrecords.go b/providers/huaweicloud/auditrecords.go
new file mode 100644
index 0000000000..5b055393ca
--- /dev/null
+++ b/providers/huaweicloud/auditrecords.go
@@ -0,0 +1,18 @@
+package huaweicloud
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+	a.Add("MX", rejectif.MxNull)              // Last verified 2024-06-14
+	a.Add("TXT", rejectif.TxtHasBackslash)    // Last verified 2024-06-14
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2024-06-14
+
+	return a.Audit(records)
+}
diff --git a/providers/huaweicloud/convert.go b/providers/huaweicloud/convert.go
new file mode 100644
index 0000000000..8b33bd44bf
--- /dev/null
+++ b/providers/huaweicloud/convert.go
@@ -0,0 +1,88 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"slices"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/model"
+)
+
+func getRRSetIDFromRecords(rcs models.Records) []string {
+	ids := []string{}
+	for _, r := range rcs {
+		if r.Original == nil {
+			continue
+		}
+		if r.Original.(*model.ListRecordSets).Id == nil {
+			printer.Warnf("RecordSet ID is nil for record %+v\n", r)
+			continue
+		}
+		ids = append(ids, *r.Original.(*model.ListRecordSets).Id)
+	}
+	return slices.Compact(ids)
+}
+
+func nativeToRecords(n *model.ListRecordSets, zoneName string) (models.Records, error) {
+	if n.Name == nil || n.Type == nil || n.Records == nil || n.Ttl == nil {
+		return nil, fmt.Errorf("missing required fields in Huaweicloud's RRset: %+v", n)
+	}
+	var rcs models.Records
+	recName := *n.Name
+	recType := *n.Type
+
+	// Split into records
+	for _, value := range *n.Records {
+		rc := &models.RecordConfig{
+			TTL:      uint32(*n.Ttl),
+			Original: n,
+		}
+		rc.SetLabelFromFQDN(recName, zoneName)
+		if err := rc.PopulateFromString(recType, value, zoneName); err != nil {
+			return nil, fmt.Errorf("unparsable record received from Huaweicloud: %w", err)
+		}
+		rcs = append(rcs, rc)
+	}
+
+	return rcs, nil
+}
+
+func recordsToNative(rcs models.Records, expectedKey models.RecordKey) *model.ListRecordSets {
+	resultTTL := int32(0)
+	resultVal := []string{}
+	name := expectedKey.NameFQDN + "."
+	result := &model.ListRecordSets{
+		Name:    &name,
+		Type:    &expectedKey.Type,
+		Ttl:     &resultTTL,
+		Records: &resultVal,
+	}
+
+	for _, r := range rcs {
+		key := r.Key()
+		if key != expectedKey {
+			continue
+		}
+		val := r.GetTargetCombined()
+		// special case for empty TXT records
+		if key.Type == "TXT" && len(val) == 0 {
+			val = "\"\""
+		}
+
+		resultVal = append(resultVal, val)
+		if resultTTL == 0 {
+			resultTTL = int32(r.TTL)
+		}
+
+		// Check if all TTLs are the same
+		if int32(r.TTL) != resultTTL {
+			printer.Warnf("All TTLs for a rrset (%v) must be the same. Using smaller of %v and %v.\n", key, r.TTL, resultTTL)
+			if int32(r.TTL) < resultTTL {
+				resultTTL = int32(r.TTL)
+			}
+		}
+	}
+
+	return result
+}
diff --git a/providers/huaweicloud/huaweicloudProvider.go b/providers/huaweicloud/huaweicloudProvider.go
new file mode 100644
index 0000000000..7ab3f75b90
--- /dev/null
+++ b/providers/huaweicloud/huaweicloudProvider.go
@@ -0,0 +1,155 @@
+package huaweicloud
+
+import (
+	"encoding/json"
+	"strings"
+	"time"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/region"
+	dnssdk "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/model"
+	dnsRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/region"
+)
+
+// Support for Huawei Cloud DNS.
+// API Documentation: https://www.huaweicloud.com/intl/en-us/product/dns.html
+
+/*
+Huaweicloud API DNS provider:
+Info required in `creds.json`:
+   - KeyId
+   - SecretKey
+   - Region
+*/
+
+type huaweicloudProvider struct {
+	client         *dnssdk.DnsClient
+	domainByZoneID map[string]string
+	zoneIDByDomain map[string]string
+	region         *region.Region
+}
+
+// newHuaweicloud creates the provider.
+func newHuaweicloud(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(m["KeyId"]).
+		WithSk(m["SecretKey"]).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+	region, err := dnsRegion.SafeValueOf(m["Region"])
+	if err != nil {
+		return nil, err
+	}
+
+	client, err := dnssdk.DnsClientBuilder().
+		WithRegion(region).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	c := &huaweicloudProvider{
+		client: dnssdk.NewDnsClient(client),
+		region: region,
+	}
+
+	return c, nil
+}
+
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Cannot(),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDS:               providers.Cannot(),
+	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseNAPTR:            providers.Cannot(),
+	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Cannot(),
+	providers.CanUseTLSA:             providers.Cannot(),
+	providers.CanUseHTTPS:            providers.Cannot(),
+	providers.CanUseSVCB:             providers.Cannot(),
+	providers.CanUseSOA:              providers.Cannot(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Can(),
+	providers.DocOfficiallySupported: providers.Cannot(),
+}
+
+var defaultNameServerNames = []string{
+	// DNS server for regions in the Chinese mainland
+	"ns1.huaweicloud-dns.com.",
+	"ns1.huaweicloud-dns.cn.",
+	// DNS server for countries or regions outside the Chinese mainland
+	"ns1.huaweicloud-dns.net.",
+	"ns1.huaweicloud-dns.org.",
+}
+
+func init() {
+	fns := providers.DspFuncs{
+		Initializer:   newHuaweicloud,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType("HUAWEICLOUD", fns, features)
+}
+
+// huaweicloud has request limiting like above.
+// "The throttling threshold has been reached: policy user over ratelimit,limit:100,time:1 minute"
+func withRetry(f func() error) {
+	const maxRetries = 23
+	const sleepTime = 5 * time.Second
+	var currentRetry int
+	for {
+		err := f()
+		if err == nil {
+			return
+		}
+		if strings.Contains(err.Error(), "over ratelimit") {
+			currentRetry++
+			if currentRetry >= maxRetries {
+				return
+			}
+			printer.Printf("Huaweicloud rate limit exceeded. Waiting %s to retry.\n", sleepTime)
+			time.Sleep(sleepTime)
+		} else {
+			return
+		}
+	}
+}
+
+// GetNameservers returns the nameservers for a domain.
+func (c *huaweicloudProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	if err := c.getZones(); err != nil {
+		return nil, err
+	}
+
+	payload := &model.ShowPublicZoneNameServerRequest{
+		ZoneId: c.zoneIDByDomain[domain],
+	}
+	res, err := c.client.ShowPublicZoneNameServer(payload)
+	if err != nil {
+		return nil, err
+	}
+	nameservers := []string{}
+	if res.Nameservers != nil {
+		for _, record := range *res.Nameservers {
+			if record.Hostname != nil {
+				nameservers = append(nameservers, *record.Hostname)
+			}
+		}
+	}
+	if len(nameservers) != 0 {
+		return models.ToNameserversStripTD(nameservers)
+	}
+
+	return models.ToNameserversStripTD(defaultNameServerNames)
+}
diff --git a/providers/huaweicloud/listzones.go b/providers/huaweicloud/listzones.go
new file mode 100644
index 0000000000..1b7f06905d
--- /dev/null
+++ b/providers/huaweicloud/listzones.go
@@ -0,0 +1,95 @@
+package huaweicloud
+
+import (
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/model"
+)
+
+// EnsureZoneExists creates a zone if it does not exist
+func (c *huaweicloudProvider) EnsureZoneExists(domain string) error {
+	if err := c.getZones(); err != nil {
+		return err
+	}
+
+	if _, ok := c.zoneIDByDomain[domain]; ok {
+		return nil
+	}
+
+	printer.Printf("Adding zone for %s to huaweicloud account in region %s\n", domain, c.region.Id)
+	createPayload := model.CreatePublicZoneRequest{
+		Body: &model.CreatePublicZoneReq{
+			Name: domain,
+		},
+	}
+	res, err := c.client.CreatePublicZone(&createPayload)
+	if err != nil {
+		return err
+	}
+	if res.Id == nil {
+		// clear cache
+		c.zoneIDByDomain = nil
+		c.domainByZoneID = nil
+		return nil
+	}
+	c.zoneIDByDomain[domain] = *res.Id
+	c.domainByZoneID[*res.Id] = domain
+	return nil
+}
+
+// ListZones returns all DNS zones managed by this provider.
+func (c *huaweicloudProvider) ListZones() ([]string, error) {
+	if err := c.getZones(); err != nil {
+		return nil, err
+	}
+	var zones []string
+	for i := range c.zoneIDByDomain {
+		zones = append(zones, i)
+	}
+	return zones, nil
+}
+
+func (c *huaweicloudProvider) getZones() error {
+	if c.zoneIDByDomain != nil {
+		return nil
+	}
+
+	var nextMarker *string
+	c.zoneIDByDomain = make(map[string]string)
+	c.domainByZoneID = make(map[string]string)
+
+	for {
+		listPayload := model.ListPublicZonesRequest{
+			Marker: nextMarker,
+		}
+		zonesRes, err := c.client.ListPublicZones(&listPayload)
+		if err != nil {
+			return err
+		}
+		// empty zones
+		if zonesRes.Zones == nil {
+			return nil
+		}
+		for _, zone := range *zonesRes.Zones {
+			// just a safety check
+			if zone.Name == nil || zone.Id == nil {
+				continue
+			}
+			domain := strings.TrimSuffix(*zone.Name, ".")
+			c.zoneIDByDomain[domain] = *zone.Id
+			c.domainByZoneID[*zone.Id] = domain
+		}
+
+		// if has next page, continue to get next page
+		if zonesRes.Links.Next != nil {
+			marker, err := parseMarkerFromURL(*zonesRes.Links.Next)
+			if err != nil {
+				return err
+			}
+			nextMarker = &marker
+		} else {
+			return nil
+		}
+	}
+}
diff --git a/providers/huaweicloud/records.go b/providers/huaweicloud/records.go
new file mode 100644
index 0000000000..9b0e2e58a8
--- /dev/null
+++ b/providers/huaweicloud/records.go
@@ -0,0 +1,226 @@
+package huaweicloud
+
+import (
+	"fmt"
+	"net/url"
+	"slices"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/dns/v2/model"
+)
+
+// GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
+func (c *huaweicloudProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	if err := c.getZones(); err != nil {
+		return nil, err
+	}
+	zoneID, ok := c.zoneIDByDomain[domain]
+	if !ok {
+		return nil, fmt.Errorf("zone %s not found", domain)
+	}
+	records, err := c.fetchZoneRecordsFromRemote(zoneID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Convert rrsets to DNSControl's RecordConfig
+	existingRecords := []*models.RecordConfig{}
+	for _, rec := range *records {
+		if *rec.Type == "SOA" {
+			continue
+		}
+		nativeRecords, err := nativeToRecords(&rec, domain)
+		if err != nil {
+			return nil, err
+		}
+		existingRecords = append(existingRecords, nativeRecords...)
+	}
+
+	return existingRecords, nil
+}
+
+// GenerateDomainCorrections takes the desired and existing records
+// and produces a Correction list.  The correction list is simply
+// a list of functions to call to actually make the desired
+// correction, and a message to output to the user when the change is
+// made.
+func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+	if err := c.getZones(); err != nil {
+		return nil, err
+	}
+	zoneID, ok := c.zoneIDByDomain[dc.Name]
+	if !ok {
+		return nil, fmt.Errorf("zone %s not found", dc.Name)
+	}
+
+	// Make delete happen earlier than creates & updates.
+	var corrections []*models.Correction
+	var deletions []*models.Correction
+	var reports []*models.Correction
+
+	changes, err := diff2.ByRecordSet(existing, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, change := range changes {
+		switch change.Type {
+		case diff2.REPORT:
+			reports = append(reports, &models.Correction{Msg: change.MsgsJoined})
+		case diff2.CREATE:
+			fallthrough
+		case diff2.CHANGE:
+			records := recordsToNative(change.New, change.Key)
+			rrsetsID := getRRSetIDFromRecords(change.Old)
+			corrections = append(corrections, &models.Correction{
+				Msg: change.MsgsJoined,
+				F: func() error {
+					if len(rrsetsID) == 1 {
+						return c.updateRRSet(zoneID, rrsetsID[0], records)
+					} else {
+						err := c.deleteRRSets(zoneID, rrsetsID)
+						if err != nil {
+							return err
+						}
+						return c.createRRSet(zoneID, records)
+					}
+				},
+			})
+		case diff2.DELETE:
+			rrsetsID := getRRSetIDFromRecords(change.Old)
+			deletions = append(deletions, &models.Correction{
+				Msg: change.MsgsJoined,
+				F: func() error {
+					return c.deleteRRSets(zoneID, rrsetsID)
+				},
+			})
+		default:
+			panic(fmt.Sprintf("unhandled change.Type %s", change.Type))
+		}
+	}
+
+	result := append(reports, deletions...)
+	result = append(result, corrections...)
+	return result, nil
+}
+
+func (c *huaweicloudProvider) deleteRRSets(zoneID string, rrsets []string) error {
+	for _, rrset := range rrsets {
+		deletePayload := &model.DeleteRecordSetRequest{
+			ZoneId:      zoneID,
+			RecordsetId: rrset,
+		}
+		var err error
+		withRetry(func() error {
+			_, err = c.client.DeleteRecordSet(deletePayload)
+			return err
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (c *huaweicloudProvider) createRRSet(zoneID string, rc *model.ListRecordSets) error {
+	createPayload := &model.CreateRecordSetRequest{
+		ZoneId: zoneID,
+		Body: &model.CreateRecordSetRequestBody{
+			Name:    *rc.Name,
+			Type:    *rc.Type,
+			Ttl:     rc.Ttl,
+			Records: *rc.Records,
+		},
+	}
+	var err error
+	withRetry(func() error {
+		_, err = c.client.CreateRecordSet(createPayload)
+		return err
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *huaweicloudProvider) updateRRSet(zoneID, rrsetID string, rc *model.ListRecordSets) error {
+	updatePayload := &model.UpdateRecordSetRequest{
+		ZoneId:      zoneID,
+		RecordsetId: rrsetID,
+		Body: &model.UpdateRecordSetReq{
+			Name:    *rc.Name,
+			Type:    *rc.Type,
+			Ttl:     rc.Ttl,
+			Records: rc.Records,
+		},
+	}
+	var err error
+	withRetry(func() error {
+		_, err = c.client.UpdateRecordSet(updatePayload)
+		return err
+	})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func parseMarkerFromURL(link string) (string, error) {
+	// Parse the marker params from the URL
+	// Example: https://dns.myhuaweicloud.com/v2/zones?marker=abcdefg
+	url, err := url.Parse(link)
+	if err != nil {
+		return "", err
+	}
+	marker := url.Query().Get("marker")
+	if marker == "" {
+		return "", fmt.Errorf("marker not found in URL %s", link)
+	}
+	return marker, nil
+}
+
+func (c *huaweicloudProvider) fetchZoneRecordsFromRemote(zoneID string) (*[]model.ListRecordSets, error) {
+	var nextMarker *string
+	existingRecords := []model.ListRecordSets{}
+	availableStatus := []string{"ACTIVE", "PENDING_CREATE", "PENDING_UPDATE"}
+
+	for {
+		payload := model.ListRecordSetsByZoneRequest{
+			ZoneId: zoneID,
+			Marker: nextMarker,
+		}
+		var res *model.ListRecordSetsByZoneResponse
+		var err error
+		withRetry(func() error {
+			res, err = c.client.ListRecordSetsByZone(&payload)
+			return err
+		})
+		if err != nil {
+			return nil, err
+		}
+		if res.Recordsets == nil {
+			return &existingRecords, nil
+		}
+		for _, record := range *res.Recordsets {
+			if record.Records == nil {
+				continue
+			}
+			if !slices.Contains(availableStatus, *record.Status) {
+				continue
+			}
+			existingRecords = append(existingRecords, record)
+		}
+
+		// if has next page, continue to get next page
+		if res.Links.Next != nil {
+			marker, err := parseMarkerFromURL(*res.Links.Next)
+			if err != nil {
+				return nil, err
+			}
+			nextMarker = &marker
+		} else {
+			return &existingRecords, nil
+		}
+	}
+}

From 2d15884eb3da65f17533037f1bf79e3f8a57f9cb Mon Sep 17 00:00:00 2001
From: Hui Hui <github@huihui.contact>
Date: Wed, 19 Jun 2024 04:17:02 +0800
Subject: [PATCH 289/438] HUAWEICLOUD: add metadata to control Intelligent
 Resolution (#3013)

---
 .github/workflows/pr_test.yml                |   5 +
 documentation/provider/huaweicloud.md        |  36 ++++-
 integrationTest/providers.json               |  14 +-
 providers/huaweicloud/convert.go             |  58 +++++++-
 providers/huaweicloud/huaweicloudProvider.go |  16 ++
 providers/huaweicloud/records.go             | 146 +++++++++++++++----
 6 files changed, 226 insertions(+), 49 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 5665313c10..edc62d9faa 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -117,6 +117,7 @@ jobs:
       GCLOUD_DOMAIN: ${{ vars.GCLOUD_DOMAIN }}
       HEDNS_DOMAIN: ${{ vars.HEDNS_DOMAIN }}
       HEXONET_DOMAIN: ${{ vars.HEXONET_DOMAIN }}
+      HUAWEICLOUD_DOMAIN: ${{ vars.HUAWEICLOUD_DOMAIN }}
       NAMEDOTCOM_DOMAIN: ${{ vars.NAMEDOTCOM_DOMAIN }}
       NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
       POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
@@ -161,6 +162,10 @@ jobs:
       HEXONET_PW: ${{ secrets.HEXONET_PW }}
       HEXONET_UID: ${{ secrets.HEXONET_UID }}
 
+      HUAWEICLOUD_REGION: ${{ secrets.HUAWEICLOUD_REGION }}
+      HUAWEICLOUD_KEY_ID: ${{ secrets.HUAWEICLOUD_KEY_ID }}
+      HUAWEICLOUD_KEY: ${{ secrets.HUAWEICLOUD_KEY }}
+
       NAMEDOTCOM_KEY: ${{ secrets.NAMEDOTCOM_KEY }}
       NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
       NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
diff --git a/documentation/provider/huaweicloud.md b/documentation/provider/huaweicloud.md
index 411040d94b..f351a2e8fd 100644
--- a/documentation/provider/huaweicloud.md
+++ b/documentation/provider/huaweicloud.md
@@ -20,7 +20,37 @@ Example:
 {% endcode %}
 
 ## Metadata
-This provider does not recognize any special metadata fields unique to Huawei Cloud DNS.
+There are some record level metadata available for this provider:
+   * `hw_line` (Line ID, default "default_view") Refer to the [Intelligent Resolution](https://support.huaweicloud.com/intl/en-us/usermanual-dns/dns_usermanual_0041.html) for more information.
+     * Available Line ID refer to [Resolution Lines](https://support.huaweicloud.com/intl/en-us/api-dns/en-us_topic_0085546214.html). Custom Line ID can also be used.
+   * `hw_weight` (0-1000, default "1") Refer to the [Configuring Weighted Routing](https://support.huaweicloud.com/intl/en-us/usermanual-dns/dns_usermanual_0705.html) for more information.
+   * `hw_rrset_key` (default "") User defined key for RRset load balance. This value would be stored in the description field of the RRset.
+
+The following example shows how to use the metadata:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_HWCLOUD = NewDnsProvider("huaweicloud");
+
+D("example.com", REG_NONE, DnsProvider(DSP_HWCLOUD),
+    // this example will create 4 rrsets with the same name "test"
+    A("test", "8.8.8.8"),
+    A("test", "8.8.4.4"),
+    A("test", "9.9.9.9", {hw_weight: "10"}),         // Weighted Routing
+    A("test", "149.112.112.112", {hw_weight: "10"}), // Weighted Routing
+    A("test", "223.5.5.5", {hw_line: "CN"}), // GEODNS
+    A("test", "223.6.6.6", {hw_line: "CN", hw_weight: "10"}), // GEODNS with weight
+
+    // this example will create 3 rrsets with the same name "lb"
+    A("rr-lb", "10.0.0.1", {hw_weight: "10", hw_rrset_key: "lb-zone-a"}),
+    A("rr-lb", "10.0.0.2", {hw_weight: "10", hw_rrset_key: "lb-zone-a"}),
+    A("rr-lb", "10.0.1.1", {hw_weight: "10", hw_rrset_key: "lb-zone-b"}),
+    A("rr-lb", "10.0.1.2", {hw_weight: "10", hw_rrset_key: "lb-zone-b"}),
+    A("rr-lb", "10.0.2.2", {hw_weight: "0",  hw_rrset_key: "lb-zone-c"}),
+END);
+```
+{% endcode %}
 
 ## Usage
 An example configuration:
@@ -71,7 +101,3 @@ If that doesn't work, log into Huaweicloud's website and open the [API Explorer]
 
 ## New domains
 If a domain does not exist in your Huawei Cloud account, DNSControl will automatically add it with the `push` command.
-
-## GeoDNS
-Managing GeoDNS RRSet on Huawei Cloud (also called **Line** in Huawei Cloud DNS) is not supported in DNSControl.
-If your Zone needs to use GeoDNS, please create it manually in the console and use [IGNORE](../language-reference/domain-modifiers/IGNORE.md) modifiers in DNSControl to prevent changing it.
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index a2e1567eae..60dbca7f3f 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -154,6 +154,13 @@
     "authToken": "$HOSTINGDE_AUTHTOKEN",
     "domain": "$HOSTINGDE_DOMAIN"
   },
+  "HUAWEICLOUD": {
+    "TYPE": "HUAWEICLOUD",
+    "domain": "$HUAWEICLOUD_DOMAIN",
+    "Region": "$HUAWEICLOUD_REGION",
+    "KeyId": "$HUAWEICLOUD_KEY_ID",
+    "SecretKey": "$HUAWEICLOUD_KEY"
+  },
   "INWX": {
     "TYPE": "INWX",
     "domain": "$INWX_DOMAIN",
@@ -288,12 +295,5 @@
     "TYPE": "VULTR",
     "domain": "$VULTR_DOMAIN",
     "token": "$VULTR_TOKEN"
-  },
-  "HUAWEICLOUD": {
-    "TYPE": "HUAWEICLOUD",
-    "domain": "$HUAWEICLOUD_DOMAIN",
-    "Region": "$HUAWEICLOUD_REGION",
-    "KeyId": "$HUAWEICLOUD_KEY_ID",
-    "SecretKey": "$HUAWEICLOUD_KEY"
   }
 }
diff --git a/providers/huaweicloud/convert.go b/providers/huaweicloud/convert.go
index 8b33bd44bf..286338fead 100644
--- a/providers/huaweicloud/convert.go
+++ b/providers/huaweicloud/convert.go
@@ -3,6 +3,7 @@ package huaweicloud
 import (
 	"fmt"
 	"slices"
+	"strconv"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
@@ -15,16 +16,16 @@ func getRRSetIDFromRecords(rcs models.Records) []string {
 		if r.Original == nil {
 			continue
 		}
-		if r.Original.(*model.ListRecordSets).Id == nil {
+		if r.Original.(*model.ShowRecordSetByZoneResp).Id == nil {
 			printer.Warnf("RecordSet ID is nil for record %+v\n", r)
 			continue
 		}
-		ids = append(ids, *r.Original.(*model.ListRecordSets).Id)
+		ids = append(ids, *r.Original.(*model.ShowRecordSetByZoneResp).Id)
 	}
 	return slices.Compact(ids)
 }
 
-func nativeToRecords(n *model.ListRecordSets, zoneName string) (models.Records, error) {
+func nativeToRecords(n *model.ShowRecordSetByZoneResp, zoneName string) (models.Records, error) {
 	if n.Name == nil || n.Type == nil || n.Records == nil || n.Ttl == nil {
 		return nil, fmt.Errorf("missing required fields in Huaweicloud's RRset: %+v", n)
 	}
@@ -37,26 +38,71 @@ func nativeToRecords(n *model.ListRecordSets, zoneName string) (models.Records,
 		rc := &models.RecordConfig{
 			TTL:      uint32(*n.Ttl),
 			Original: n,
+			Metadata: map[string]string{},
 		}
 		rc.SetLabelFromFQDN(recName, zoneName)
 		if err := rc.PopulateFromString(recType, value, zoneName); err != nil {
 			return nil, fmt.Errorf("unparsable record received from Huaweicloud: %w", err)
 		}
+		if n.Line != nil {
+			rc.Metadata[metaLine] = *n.Line
+		}
+		if n.Weight != nil {
+			rc.Metadata[metaWeight] = fmt.Sprintf("%d", *n.Weight)
+		}
+		if n.Description != nil {
+			rc.Metadata[metaKey] = *n.Description
+		}
 		rcs = append(rcs, rc)
 	}
 
 	return rcs, nil
 }
 
-func recordsToNative(rcs models.Records, expectedKey models.RecordKey) *model.ListRecordSets {
+func recordsToNative(rcs models.Records, expectedKey models.RecordKey) (*model.ShowRecordSetByZoneResp, error) {
+	// rcs length is guaranteed to be > 0
+	if len(rcs) == 0 {
+		return nil, fmt.Errorf("empty record set")
+	}
+	// line and weight should be the same for all records in the rrset
+	line := rcs[0].Metadata[metaLine]
+	weightStr := rcs[0].Metadata[metaWeight]
+	for _, r := range rcs {
+		if r.Metadata[metaLine] != line {
+			return nil, fmt.Errorf("all records in the rrset must have the same line %s", line)
+		}
+		if r.Metadata[metaWeight] != weightStr {
+			return nil, fmt.Errorf("all records in the rrset must have the same weight %s", weightStr)
+		}
+	}
+
+	// parse weight to int32
+	var weight *int32
+	if weightStr != "" {
+		weightInt, err := strconv.ParseInt(weightStr, 10, 32)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse weight %s to int32", weightStr)
+		}
+		weightInt32 := int32(weightInt)
+		// weight should be 0-1000
+		if weightInt32 < 0 || weightInt32 > 1000 {
+			return nil, fmt.Errorf("weight must be between 0 and 1000")
+		}
+		weight = &weightInt32
+	}
+
 	resultTTL := int32(0)
 	resultVal := []string{}
 	name := expectedKey.NameFQDN + "."
-	result := &model.ListRecordSets{
+	key := rcs[0].Metadata[metaKey]
+	result := &model.ShowRecordSetByZoneResp{
 		Name:    &name,
 		Type:    &expectedKey.Type,
 		Ttl:     &resultTTL,
 		Records: &resultVal,
+		Line:    &line,
+		Weight:  weight,
+		Description: &key,
 	}
 
 	for _, r := range rcs {
@@ -84,5 +130,5 @@ func recordsToNative(rcs models.Records, expectedKey models.RecordKey) *model.Li
 		}
 	}
 
-	return result
+	return result, nil
 }
diff --git a/providers/huaweicloud/huaweicloudProvider.go b/providers/huaweicloud/huaweicloudProvider.go
index 7ab3f75b90..aa73fa12dc 100644
--- a/providers/huaweicloud/huaweicloudProvider.go
+++ b/providers/huaweicloud/huaweicloudProvider.go
@@ -20,10 +20,18 @@ import (
 
 /*
 Huaweicloud API DNS provider:
+
 Info required in `creds.json`:
    - KeyId
    - SecretKey
    - Region
+
+Record level metadata available:
+   - hw_line (refer below Huawei Cloud DNS API documentation for available lines, default "default_view")
+	 					 (https://support.huaweicloud.com/intl/en-us/api-dns/en-us_topic_0085546214.html)
+   - hw_weight (0-1000, default "1")
+	 - hw_rrset_key (default "")
+
 */
 
 type huaweicloudProvider struct {
@@ -33,6 +41,14 @@ type huaweicloudProvider struct {
 	region         *region.Region
 }
 
+const (
+	metaWeight    = "hw_weight"
+	metaLine      = "hw_line"
+	metaKey       = "hw_rrset_key"
+	defaultWeight = "1"
+	defaultLine   = "default_view"
+)
+
 // newHuaweicloud creates the provider.
 func newHuaweicloud(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	auth, err := basic.NewCredentialsBuilder().
diff --git a/providers/huaweicloud/records.go b/providers/huaweicloud/records.go
index 9b0e2e58a8..354c3de7e0 100644
--- a/providers/huaweicloud/records.go
+++ b/providers/huaweicloud/records.go
@@ -54,12 +54,14 @@ func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		return nil, fmt.Errorf("zone %s not found", dc.Name)
 	}
 
+	addDefaultMeta(dc.Records)
+
 	// Make delete happen earlier than creates & updates.
 	var corrections []*models.Correction
 	var deletions []*models.Correction
 	var reports []*models.Correction
 
-	changes, err := diff2.ByRecordSet(existing, dc, nil)
+	changes, err := diff2.ByRecordSet(existing, dc, genComparable)
 	if err != nil {
 		return nil, err
 	}
@@ -71,20 +73,49 @@ func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		case diff2.CREATE:
 			fallthrough
 		case diff2.CHANGE:
-			records := recordsToNative(change.New, change.Key)
-			rrsetsID := getRRSetIDFromRecords(change.Old)
+			newRecordsColl := collectRecordsByLineAndWeightAndKey(change.New)
+			oldRecordsColl := collectRecordsByLineAndWeightAndKey(change.Old)
 			corrections = append(corrections, &models.Correction{
 				Msg: change.MsgsJoined,
 				F: func() error {
-					if len(rrsetsID) == 1 {
-						return c.updateRRSet(zoneID, rrsetsID[0], records)
-					} else {
-						err := c.deleteRRSets(zoneID, rrsetsID)
+					// delete old records if not exist in new records
+					for key, oldRecords := range oldRecordsColl {
+						if _, ok := newRecordsColl[key]; !ok {
+							rrsetIDOld := getRRSetIDFromRecords(oldRecords)
+							err := c.deleteRRSets(zoneID, rrsetIDOld)
+							if err != nil {
+								return err
+							}
+						}
+					}
+					// modify or create new records
+					for key, newRecords := range newRecordsColl {
+						records, err := recordsToNative(newRecords, change.Key)
 						if err != nil {
 							return err
 						}
-						return c.createRRSet(zoneID, records)
+						oldRecords := oldRecordsColl[key]
+						rrsetIDOld := getRRSetIDFromRecords(oldRecords)
+
+						if len(rrsetIDOld) == 1 {
+							// update existing rrset
+							err = c.updateRRSet(zoneID, rrsetIDOld[0], records)
+							if err != nil {
+								return err
+							}
+						} else {
+							// create new rrset or combine multiple rrsets into one
+							err := c.deleteRRSets(zoneID, rrsetIDOld)
+							if err != nil {
+								return err
+							}
+							err = c.createRRSet(zoneID, records)
+							if err != nil {
+								return err
+							}
+						}
 					}
+					return nil
 				},
 			})
 		case diff2.DELETE:
@@ -105,15 +136,63 @@ func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	return result, nil
 }
 
+func collectRecordsByLineAndWeightAndKey(records models.Records) map[string]models.Records {
+	recordsByLineAndWeight := make(map[string]models.Records)
+	for _, rec := range records {
+		line := rec.Metadata[metaLine]
+		weight := rec.Metadata[metaWeight]
+		rrsetKey := rec.Metadata[metaKey]
+		key := weight + "," + line + "," + rrsetKey
+		if _, ok := recordsByLineAndWeight[key]; !ok {
+			recordsByLineAndWeight[key] = models.Records{}
+		}
+		recordsByLineAndWeight[key] = append(recordsByLineAndWeight[key], rec)
+	}
+	return recordsByLineAndWeight
+}
+
+func addDefaultMeta(recs models.Records) {
+	for _, r := range recs {
+		if r.Metadata == nil {
+			r.Metadata = make(map[string]string)
+		}
+		if r.Metadata[metaLine] == "" {
+			r.Metadata[metaLine] = defaultLine
+		}
+		// apex ns should not have weight
+		isApexNS := r.Type == "NS" && r.Name == "@"
+		if !isApexNS && r.Metadata[metaWeight] == "" {
+			r.Metadata[metaWeight] = defaultWeight
+		}
+	}
+}
+
+func genComparable(rec *models.RecordConfig) string {
+	// apex ns
+	if rec.Type == "NS" && rec.Name == "@" {
+		return ""
+	}
+	weight := rec.Metadata[metaWeight]
+	line := rec.Metadata[metaLine]
+	key := rec.Metadata[metaKey]
+	if weight == "" {
+		weight = defaultWeight
+	}
+	if line == "" {
+		line = defaultLine
+	}
+	return "weight=" + weight + " line=" + line + " key=" + key
+}
+
 func (c *huaweicloudProvider) deleteRRSets(zoneID string, rrsets []string) error {
 	for _, rrset := range rrsets {
-		deletePayload := &model.DeleteRecordSetRequest{
+		deletePayload := &model.DeleteRecordSetsRequest{
 			ZoneId:      zoneID,
 			RecordsetId: rrset,
 		}
 		var err error
 		withRetry(func() error {
-			_, err = c.client.DeleteRecordSet(deletePayload)
+			_, err = c.client.DeleteRecordSets(deletePayload)
 			return err
 		})
 		if err != nil {
@@ -123,19 +202,22 @@ func (c *huaweicloudProvider) deleteRRSets(zoneID string, rrsets []string) error
 	return nil
 }
 
-func (c *huaweicloudProvider) createRRSet(zoneID string, rc *model.ListRecordSets) error {
-	createPayload := &model.CreateRecordSetRequest{
+func (c *huaweicloudProvider) createRRSet(zoneID string, rc *model.ShowRecordSetByZoneResp) error {
+	createPayload := &model.CreateRecordSetWithLineRequest{
 		ZoneId: zoneID,
-		Body: &model.CreateRecordSetRequestBody{
-			Name:    *rc.Name,
-			Type:    *rc.Type,
-			Ttl:     rc.Ttl,
-			Records: *rc.Records,
+		Body: &model.CreateRecordSetWithLineRequestBody{
+			Name:        *rc.Name,
+			Type:        *rc.Type,
+			Ttl:         rc.Ttl,
+			Records:     rc.Records,
+			Weight:      rc.Weight,
+			Line:        rc.Line,
+			Description: rc.Description,
 		},
 	}
 	var err error
 	withRetry(func() error {
-		_, err = c.client.CreateRecordSet(createPayload)
+		_, err = c.client.CreateRecordSetWithLine(createPayload)
 		return err
 	})
 	if err != nil {
@@ -144,20 +226,22 @@ func (c *huaweicloudProvider) createRRSet(zoneID string, rc *model.ListRecordSet
 	return nil
 }
 
-func (c *huaweicloudProvider) updateRRSet(zoneID, rrsetID string, rc *model.ListRecordSets) error {
-	updatePayload := &model.UpdateRecordSetRequest{
+func (c *huaweicloudProvider) updateRRSet(zoneID, rrsetID string, rc *model.ShowRecordSetByZoneResp) error {
+	updatePayload := &model.UpdateRecordSetsRequest{
 		ZoneId:      zoneID,
 		RecordsetId: rrsetID,
-		Body: &model.UpdateRecordSetReq{
-			Name:    *rc.Name,
-			Type:    *rc.Type,
-			Ttl:     rc.Ttl,
-			Records: rc.Records,
+		Body: &model.UpdateRecordSetsReq{
+			Name:        *rc.Name,
+			Type:        *rc.Type,
+			Ttl:         rc.Ttl,
+			Records:     rc.Records,
+			Weight:      rc.Weight,
+			Description: rc.Description,
 		},
 	}
 	var err error
 	withRetry(func() error {
-		_, err = c.client.UpdateRecordSet(updatePayload)
+		_, err = c.client.UpdateRecordSets(updatePayload)
 		return err
 	})
 	if err != nil {
@@ -180,20 +264,20 @@ func parseMarkerFromURL(link string) (string, error) {
 	return marker, nil
 }
 
-func (c *huaweicloudProvider) fetchZoneRecordsFromRemote(zoneID string) (*[]model.ListRecordSets, error) {
+func (c *huaweicloudProvider) fetchZoneRecordsFromRemote(zoneID string) (*[]model.ShowRecordSetByZoneResp, error) {
 	var nextMarker *string
-	existingRecords := []model.ListRecordSets{}
+	existingRecords := []model.ShowRecordSetByZoneResp{}
 	availableStatus := []string{"ACTIVE", "PENDING_CREATE", "PENDING_UPDATE"}
 
 	for {
-		payload := model.ListRecordSetsByZoneRequest{
+		payload := model.ShowRecordSetByZoneRequest{
 			ZoneId: zoneID,
 			Marker: nextMarker,
 		}
-		var res *model.ListRecordSetsByZoneResponse
+		var res *model.ShowRecordSetByZoneResponse
 		var err error
 		withRetry(func() error {
-			res, err = c.client.ListRecordSetsByZone(&payload)
+			res, err = c.client.ShowRecordSetByZone(&payload)
 			return err
 		})
 		if err != nil {

From 7fd6a74e0c8f0e17dc8fd36302313fb0bf49b92b Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 18 Jun 2024 17:38:50 -0400
Subject: [PATCH 290/438] CLOUDFLAREAPI: CF_REDIRECT/CF_TEMP_REDIRECT should
 dtrt using Single Redirects (#3002)

Co-authored-by: Josh Zhang <jzhang1@stackoverflow.com>
---
 .gitattributes                                |    2 +
 .../example-permissions-configuration.png     |  Bin 47813 -> 25460 bytes
 documentation/provider/cloudflareapi.md       |   80 +
 go.mod                                        |    8 +-
 go.sum                                        |   10 +-
 integrationTest/integration_test.go           |   96 +-
 models/record.go                              |   27 +
 pkg/cloudflare-go/.changelog/1001.txt         |    3 +
 pkg/cloudflare-go/.changelog/1002.txt         |    3 +
 pkg/cloudflare-go/.changelog/1003.txt         |    3 +
 pkg/cloudflare-go/.changelog/1004.txt         |    7 +
 pkg/cloudflare-go/.changelog/1005.txt         |    3 +
 pkg/cloudflare-go/.changelog/1006.txt         |    3 +
 pkg/cloudflare-go/.changelog/1008.txt         |    3 +
 pkg/cloudflare-go/.changelog/1010.txt         |    3 +
 pkg/cloudflare-go/.changelog/1014.txt         |    3 +
 pkg/cloudflare-go/.changelog/1016.txt         |    7 +
 pkg/cloudflare-go/.changelog/1017.txt         |    3 +
 pkg/cloudflare-go/.changelog/1020.txt         |    3 +
 pkg/cloudflare-go/.changelog/1026.txt         |    3 +
 pkg/cloudflare-go/.changelog/1027.txt         |    3 +
 pkg/cloudflare-go/.changelog/1028.txt         |    3 +
 pkg/cloudflare-go/.changelog/1030.txt         |    3 +
 pkg/cloudflare-go/.changelog/1031.txt         |    3 +
 pkg/cloudflare-go/.changelog/1032.txt         |    3 +
 pkg/cloudflare-go/.changelog/1034.txt         |    9 +
 pkg/cloudflare-go/.changelog/1035.txt         |    3 +
 pkg/cloudflare-go/.changelog/1036.txt         |    3 +
 pkg/cloudflare-go/.changelog/1037.txt         |    3 +
 pkg/cloudflare-go/.changelog/1038.txt         |    9 +
 pkg/cloudflare-go/.changelog/1039.txt         |    3 +
 pkg/cloudflare-go/.changelog/1040.txt         |    3 +
 pkg/cloudflare-go/.changelog/1042.txt         |    3 +
 pkg/cloudflare-go/.changelog/1043.txt         |    3 +
 pkg/cloudflare-go/.changelog/1044.txt         |    3 +
 pkg/cloudflare-go/.changelog/1046.txt         |    3 +
 pkg/cloudflare-go/.changelog/1047.txt         |    3 +
 pkg/cloudflare-go/.changelog/1048.txt         |    3 +
 pkg/cloudflare-go/.changelog/1049.txt         |    3 +
 pkg/cloudflare-go/.changelog/1051.txt         |    3 +
 pkg/cloudflare-go/.changelog/1052.txt         |    3 +
 pkg/cloudflare-go/.changelog/1053.txt         |    3 +
 pkg/cloudflare-go/.changelog/1059.txt         |    3 +
 pkg/cloudflare-go/.changelog/1060.txt         |    3 +
 pkg/cloudflare-go/.changelog/1063.txt         |    3 +
 pkg/cloudflare-go/.changelog/1065.txt         |    9 +
 pkg/cloudflare-go/.changelog/1066.txt         |    3 +
 pkg/cloudflare-go/.changelog/1067.txt         |    3 +
 pkg/cloudflare-go/.changelog/1068.txt         |    3 +
 pkg/cloudflare-go/.changelog/1070.txt         |    3 +
 pkg/cloudflare-go/.changelog/1071.txt         |    3 +
 pkg/cloudflare-go/.changelog/1072.txt         |    3 +
 pkg/cloudflare-go/.changelog/1073.txt         |    3 +
 pkg/cloudflare-go/.changelog/1074.txt         |    3 +
 pkg/cloudflare-go/.changelog/1075.txt         |    3 +
 pkg/cloudflare-go/.changelog/1077.txt         |    3 +
 pkg/cloudflare-go/.changelog/1080.txt         |    3 +
 pkg/cloudflare-go/.changelog/1081.txt         |    3 +
 pkg/cloudflare-go/.changelog/1082.txt         |    3 +
 pkg/cloudflare-go/.changelog/1084.txt         |    3 +
 pkg/cloudflare-go/.changelog/1085.txt         |    3 +
 pkg/cloudflare-go/.changelog/1086.txt         |    3 +
 pkg/cloudflare-go/.changelog/1087.txt         |    3 +
 pkg/cloudflare-go/.changelog/1088.txt         |    3 +
 pkg/cloudflare-go/.changelog/1089.txt         |    3 +
 pkg/cloudflare-go/.changelog/1090.txt         |    3 +
 pkg/cloudflare-go/.changelog/1091.txt         |    3 +
 pkg/cloudflare-go/.changelog/1093.txt         |    3 +
 pkg/cloudflare-go/.changelog/1094.txt         |    3 +
 pkg/cloudflare-go/.changelog/1095.txt         |    7 +
 pkg/cloudflare-go/.changelog/1097.txt         |    3 +
 pkg/cloudflare-go/.changelog/1102.txt         |    3 +
 pkg/cloudflare-go/.changelog/1103.txt         |    3 +
 pkg/cloudflare-go/.changelog/1104.txt         |    3 +
 pkg/cloudflare-go/.changelog/1105.txt         |    3 +
 pkg/cloudflare-go/.changelog/1106.txt         |    3 +
 pkg/cloudflare-go/.changelog/1108.txt         |    3 +
 pkg/cloudflare-go/.changelog/1111.txt         |    3 +
 pkg/cloudflare-go/.changelog/1112.txt         |    3 +
 pkg/cloudflare-go/.changelog/1114.txt         |    7 +
 pkg/cloudflare-go/.changelog/1115.txt         |   47 +
 pkg/cloudflare-go/.changelog/1116.txt         |    3 +
 pkg/cloudflare-go/.changelog/1117.txt         |    3 +
 pkg/cloudflare-go/.changelog/1118.txt         |    3 +
 pkg/cloudflare-go/.changelog/1119.txt         |    3 +
 pkg/cloudflare-go/.changelog/1120.txt         |    3 +
 pkg/cloudflare-go/.changelog/1121.txt         |    3 +
 pkg/cloudflare-go/.changelog/1122.txt         |    3 +
 pkg/cloudflare-go/.changelog/1123.txt         |    3 +
 pkg/cloudflare-go/.changelog/1124.txt         |    3 +
 pkg/cloudflare-go/.changelog/1125.txt         |    3 +
 pkg/cloudflare-go/.changelog/1126.txt         |    3 +
 pkg/cloudflare-go/.changelog/1127.txt         |    3 +
 pkg/cloudflare-go/.changelog/1130.txt         |    3 +
 pkg/cloudflare-go/.changelog/1131.txt         |    3 +
 pkg/cloudflare-go/.changelog/1133.txt         |    3 +
 pkg/cloudflare-go/.changelog/1135.txt         |    3 +
 pkg/cloudflare-go/.changelog/1136.txt         |    7 +
 pkg/cloudflare-go/.changelog/1137.txt         |   39 +
 pkg/cloudflare-go/.changelog/1138.txt         |    3 +
 pkg/cloudflare-go/.changelog/1139.txt         |    3 +
 pkg/cloudflare-go/.changelog/1140.txt         |    3 +
 pkg/cloudflare-go/.changelog/1142.txt         |    3 +
 pkg/cloudflare-go/.changelog/1146.txt         |    3 +
 pkg/cloudflare-go/.changelog/1148.txt         |    3 +
 pkg/cloudflare-go/.changelog/1149.txt         |    3 +
 pkg/cloudflare-go/.changelog/1150.txt         |    3 +
 pkg/cloudflare-go/.changelog/1151.txt         |   15 +
 pkg/cloudflare-go/.changelog/1155.txt         |    3 +
 pkg/cloudflare-go/.changelog/1156.txt         |   31 +
 pkg/cloudflare-go/.changelog/1159.txt         |    3 +
 pkg/cloudflare-go/.changelog/1160.txt         |    3 +
 pkg/cloudflare-go/.changelog/1161.txt         |   23 +
 pkg/cloudflare-go/.changelog/1162.txt         |    3 +
 pkg/cloudflare-go/.changelog/1164.txt         |    3 +
 pkg/cloudflare-go/.changelog/1167.txt         |    3 +
 pkg/cloudflare-go/.changelog/1170.txt         |    7 +
 pkg/cloudflare-go/.changelog/1171.txt         |    3 +
 pkg/cloudflare-go/.changelog/1172.txt         |    3 +
 pkg/cloudflare-go/.changelog/1173.txt         |   11 +
 pkg/cloudflare-go/.changelog/1174.txt         |    3 +
 pkg/cloudflare-go/.changelog/1176.txt         |    3 +
 pkg/cloudflare-go/.changelog/1177.txt         |    3 +
 pkg/cloudflare-go/.changelog/1178.txt         |    3 +
 pkg/cloudflare-go/.changelog/1180.txt         |    3 +
 pkg/cloudflare-go/.changelog/1181.txt         |    3 +
 pkg/cloudflare-go/.changelog/1183.txt         |    3 +
 pkg/cloudflare-go/.changelog/1184.txt         |    3 +
 pkg/cloudflare-go/.changelog/1185.txt         |    3 +
 pkg/cloudflare-go/.changelog/1188.txt         |    3 +
 pkg/cloudflare-go/.changelog/1190.txt         |    7 +
 pkg/cloudflare-go/.changelog/1191.txt         |    3 +
 pkg/cloudflare-go/.changelog/1192.txt         |    3 +
 pkg/cloudflare-go/.changelog/1193.txt         |    3 +
 pkg/cloudflare-go/.changelog/1195.txt         |    3 +
 pkg/cloudflare-go/.changelog/1196.txt         |    3 +
 pkg/cloudflare-go/.changelog/1197.txt         |    3 +
 pkg/cloudflare-go/.changelog/1199.txt         |    3 +
 pkg/cloudflare-go/.changelog/1200.txt         |    3 +
 pkg/cloudflare-go/.changelog/1202.txt         |    3 +
 pkg/cloudflare-go/.changelog/1205.txt         |    3 +
 pkg/cloudflare-go/.changelog/1206.txt         |    3 +
 pkg/cloudflare-go/.changelog/1207.txt         |    3 +
 pkg/cloudflare-go/.changelog/1208.txt         |    3 +
 pkg/cloudflare-go/.changelog/1209.txt         |    3 +
 pkg/cloudflare-go/.changelog/1210.txt         |    3 +
 pkg/cloudflare-go/.changelog/1212.txt         |    3 +
 pkg/cloudflare-go/.changelog/1213.txt         |    3 +
 pkg/cloudflare-go/.changelog/1214.txt         |    3 +
 pkg/cloudflare-go/.changelog/1215.txt         |    3 +
 pkg/cloudflare-go/.changelog/1216.txt         |    3 +
 pkg/cloudflare-go/.changelog/1217.txt         |    3 +
 pkg/cloudflare-go/.changelog/1218.txt         |    3 +
 pkg/cloudflare-go/.changelog/1219.txt         |    3 +
 pkg/cloudflare-go/.changelog/1220.txt         |    3 +
 pkg/cloudflare-go/.changelog/1222.txt         |    3 +
 pkg/cloudflare-go/.changelog/1223.txt         |    3 +
 pkg/cloudflare-go/.changelog/1226.txt         |    3 +
 pkg/cloudflare-go/.changelog/1227.txt         |   10 +
 pkg/cloudflare-go/.changelog/1228.txt         |    3 +
 pkg/cloudflare-go/.changelog/1229.txt         |    3 +
 pkg/cloudflare-go/.changelog/1232.txt         |    3 +
 pkg/cloudflare-go/.changelog/1236.txt         |    3 +
 pkg/cloudflare-go/.changelog/1237.txt         |    3 +
 pkg/cloudflare-go/.changelog/1238.txt         |    3 +
 pkg/cloudflare-go/.changelog/1242.txt         |    7 +
 pkg/cloudflare-go/.changelog/1243.txt         |    3 +
 pkg/cloudflare-go/.changelog/1244.txt         |    3 +
 pkg/cloudflare-go/.changelog/1246.txt         |    3 +
 pkg/cloudflare-go/.changelog/1249.txt         |    3 +
 pkg/cloudflare-go/.changelog/1250.txt         |    3 +
 pkg/cloudflare-go/.changelog/1251.txt         |   11 +
 pkg/cloudflare-go/.changelog/1253.txt         |    3 +
 pkg/cloudflare-go/.changelog/1258.txt         |    3 +
 pkg/cloudflare-go/.changelog/1260.txt         |    3 +
 pkg/cloudflare-go/.changelog/1261.txt         |    7 +
 pkg/cloudflare-go/.changelog/1263.txt         |    3 +
 pkg/cloudflare-go/.changelog/1264.txt         |   19 +
 pkg/cloudflare-go/.changelog/1265.txt         |    7 +
 pkg/cloudflare-go/.changelog/1266.txt         |    3 +
 pkg/cloudflare-go/.changelog/1267.txt         |    3 +
 pkg/cloudflare-go/.changelog/1268.txt         |    3 +
 pkg/cloudflare-go/.changelog/1269.txt         |    3 +
 pkg/cloudflare-go/.changelog/1270.txt         |    3 +
 pkg/cloudflare-go/.changelog/1271.txt         |    3 +
 pkg/cloudflare-go/.changelog/1272.txt         |    3 +
 pkg/cloudflare-go/.changelog/1274.txt         |    3 +
 pkg/cloudflare-go/.changelog/1275.txt         |    3 +
 pkg/cloudflare-go/.changelog/1276.txt         |    3 +
 pkg/cloudflare-go/.changelog/1278.txt         |    3 +
 pkg/cloudflare-go/.changelog/1279.txt         |    7 +
 pkg/cloudflare-go/.changelog/1280.txt         |    3 +
 pkg/cloudflare-go/.changelog/1281.txt         |    3 +
 pkg/cloudflare-go/.changelog/1284.txt         |    3 +
 pkg/cloudflare-go/.changelog/1285.txt         |    3 +
 pkg/cloudflare-go/.changelog/1286.txt         |    3 +
 pkg/cloudflare-go/.changelog/1287.txt         |    3 +
 pkg/cloudflare-go/.changelog/1288.txt         |    3 +
 pkg/cloudflare-go/.changelog/1289.txt         |    3 +
 pkg/cloudflare-go/.changelog/1290.txt         |    3 +
 pkg/cloudflare-go/.changelog/1291.txt         |    3 +
 pkg/cloudflare-go/.changelog/1292.txt         |    3 +
 pkg/cloudflare-go/.changelog/1293.txt         |    3 +
 pkg/cloudflare-go/.changelog/1294.txt         |    3 +
 pkg/cloudflare-go/.changelog/1295.txt         |    3 +
 pkg/cloudflare-go/.changelog/1296.txt         |    3 +
 pkg/cloudflare-go/.changelog/1297.txt         |    3 +
 pkg/cloudflare-go/.changelog/1298.txt         |    3 +
 pkg/cloudflare-go/.changelog/1300.txt         |    3 +
 pkg/cloudflare-go/.changelog/1301.txt         |    3 +
 pkg/cloudflare-go/.changelog/1302.txt         |    3 +
 pkg/cloudflare-go/.changelog/1303.txt         |    3 +
 pkg/cloudflare-go/.changelog/1304.txt         |    3 +
 pkg/cloudflare-go/.changelog/1305.txt         |    3 +
 pkg/cloudflare-go/.changelog/1306.txt         |    3 +
 pkg/cloudflare-go/.changelog/1307.txt         |    3 +
 pkg/cloudflare-go/.changelog/1311.txt         |    3 +
 pkg/cloudflare-go/.changelog/1312.txt         |    3 +
 pkg/cloudflare-go/.changelog/1313.txt         |    7 +
 pkg/cloudflare-go/.changelog/1314.txt         |    3 +
 pkg/cloudflare-go/.changelog/1315.txt         |    7 +
 pkg/cloudflare-go/.changelog/1316.txt         |    3 +
 pkg/cloudflare-go/.changelog/1317.txt         |    3 +
 pkg/cloudflare-go/.changelog/1319.txt         |   59 +
 pkg/cloudflare-go/.changelog/1320.txt         |    3 +
 pkg/cloudflare-go/.changelog/1322.txt         |   31 +
 pkg/cloudflare-go/.changelog/1325.txt         |    3 +
 pkg/cloudflare-go/.changelog/1326.txt         |   83 +
 pkg/cloudflare-go/.changelog/1328.txt         |    3 +
 pkg/cloudflare-go/.changelog/1330.txt         |   15 +
 pkg/cloudflare-go/.changelog/1333.txt         |   47 +
 pkg/cloudflare-go/.changelog/1335.txt         |    3 +
 pkg/cloudflare-go/.changelog/1336.txt         |    3 +
 pkg/cloudflare-go/.changelog/1338.txt         |    3 +
 pkg/cloudflare-go/.changelog/1339.txt         |    7 +
 pkg/cloudflare-go/.changelog/1340.txt         |    3 +
 pkg/cloudflare-go/.changelog/1341.txt         |    3 +
 pkg/cloudflare-go/.changelog/1343.txt         |   11 +
 pkg/cloudflare-go/.changelog/1344.txt         |   11 +
 pkg/cloudflare-go/.changelog/1345.txt         |    3 +
 pkg/cloudflare-go/.changelog/1346.txt         |   11 +
 pkg/cloudflare-go/.changelog/1347.txt         |    3 +
 pkg/cloudflare-go/.changelog/1348.txt         |    3 +
 pkg/cloudflare-go/.changelog/1353.txt         |    3 +
 pkg/cloudflare-go/.changelog/1355.txt         |    3 +
 pkg/cloudflare-go/.changelog/1356.txt         |    3 +
 pkg/cloudflare-go/.changelog/1357.txt         |    3 +
 pkg/cloudflare-go/.changelog/1359.txt         |    3 +
 pkg/cloudflare-go/.changelog/1360.txt         |    7 +
 pkg/cloudflare-go/.changelog/1361.txt         |    7 +
 pkg/cloudflare-go/.changelog/1362.txt         |    3 +
 pkg/cloudflare-go/.changelog/1363.txt         |    3 +
 pkg/cloudflare-go/.changelog/1365.txt         |    3 +
 pkg/cloudflare-go/.changelog/1366.txt         |    3 +
 pkg/cloudflare-go/.changelog/1367.txt         |   23 +
 pkg/cloudflare-go/.changelog/1368.txt         |    3 +
 pkg/cloudflare-go/.changelog/1369.txt         |    3 +
 pkg/cloudflare-go/.changelog/1372.txt         |   23 +
 pkg/cloudflare-go/.changelog/1373.txt         |    3 +
 pkg/cloudflare-go/.changelog/1374.txt         |    3 +
 pkg/cloudflare-go/.changelog/1375.txt         |    3 +
 pkg/cloudflare-go/.changelog/1376.txt         |    3 +
 pkg/cloudflare-go/.changelog/1377.txt         |    3 +
 pkg/cloudflare-go/.changelog/1379.txt         |    7 +
 pkg/cloudflare-go/.changelog/1380.txt         |    3 +
 pkg/cloudflare-go/.changelog/1382.txt         |    3 +
 pkg/cloudflare-go/.changelog/1384.txt         |    3 +
 pkg/cloudflare-go/.changelog/1385.txt         |    3 +
 pkg/cloudflare-go/.changelog/1386.txt         |    3 +
 pkg/cloudflare-go/.changelog/1387.txt         |    3 +
 pkg/cloudflare-go/.changelog/1388.txt         |    3 +
 pkg/cloudflare-go/.changelog/1389.txt         |    3 +
 pkg/cloudflare-go/.changelog/1390.txt         |    3 +
 pkg/cloudflare-go/.changelog/1391.txt         |    3 +
 pkg/cloudflare-go/.changelog/1393.txt         |    3 +
 pkg/cloudflare-go/.changelog/1394.txt         |    3 +
 pkg/cloudflare-go/.changelog/1396.txt         |    3 +
 pkg/cloudflare-go/.changelog/1397.txt         |    3 +
 pkg/cloudflare-go/.changelog/1401.txt         |    3 +
 pkg/cloudflare-go/.changelog/1402.txt         |    3 +
 pkg/cloudflare-go/.changelog/1403.txt         |    7 +
 pkg/cloudflare-go/.changelog/1405.txt         |   11 +
 pkg/cloudflare-go/.changelog/1406.txt         |    3 +
 pkg/cloudflare-go/.changelog/1407.txt         |    3 +
 pkg/cloudflare-go/.changelog/1409.txt         |    3 +
 pkg/cloudflare-go/.changelog/1410.txt         |    3 +
 pkg/cloudflare-go/.changelog/1412.txt         |    3 +
 pkg/cloudflare-go/.changelog/1413.txt         |    3 +
 pkg/cloudflare-go/.changelog/1414.txt         |    3 +
 pkg/cloudflare-go/.changelog/1415.txt         |    7 +
 pkg/cloudflare-go/.changelog/1416.txt         |    3 +
 pkg/cloudflare-go/.changelog/1417.txt         |    3 +
 pkg/cloudflare-go/.changelog/1418.txt         |    3 +
 pkg/cloudflare-go/.changelog/1419.txt         |    3 +
 pkg/cloudflare-go/.changelog/1420.txt         |    3 +
 pkg/cloudflare-go/.changelog/1421.txt         |    3 +
 pkg/cloudflare-go/.changelog/1422.txt         |    3 +
 pkg/cloudflare-go/.changelog/1423.txt         |    3 +
 pkg/cloudflare-go/.changelog/1424.txt         |    7 +
 pkg/cloudflare-go/.changelog/1427.txt         |   23 +
 pkg/cloudflare-go/.changelog/1428.txt         |    3 +
 pkg/cloudflare-go/.changelog/1433.txt         |   43 +
 pkg/cloudflare-go/.changelog/1434.txt         |    3 +
 pkg/cloudflare-go/.changelog/1436.txt         |    3 +
 pkg/cloudflare-go/.changelog/1438.txt         |    3 +
 pkg/cloudflare-go/.changelog/1439.txt         |    3 +
 pkg/cloudflare-go/.changelog/1440.txt         |    3 +
 pkg/cloudflare-go/.changelog/1441.txt         |    3 +
 pkg/cloudflare-go/.changelog/1442.txt         |    3 +
 pkg/cloudflare-go/.changelog/1444.txt         |    3 +
 pkg/cloudflare-go/.changelog/1445.txt         |    3 +
 pkg/cloudflare-go/.changelog/1446.txt         |    3 +
 pkg/cloudflare-go/.changelog/1449.txt         |    3 +
 pkg/cloudflare-go/.changelog/1450.txt         |    3 +
 pkg/cloudflare-go/.changelog/1452.txt         |    3 +
 pkg/cloudflare-go/.changelog/1453.txt         |    3 +
 pkg/cloudflare-go/.changelog/1454.txt         |    3 +
 pkg/cloudflare-go/.changelog/1456.txt         |    3 +
 pkg/cloudflare-go/.changelog/1457.txt         |   15 +
 pkg/cloudflare-go/.changelog/1459.txt         |    3 +
 pkg/cloudflare-go/.changelog/1460.txt         |    3 +
 pkg/cloudflare-go/.changelog/1462.txt         |    3 +
 pkg/cloudflare-go/.changelog/1463.txt         |    3 +
 pkg/cloudflare-go/.changelog/1464.txt         |    3 +
 pkg/cloudflare-go/.changelog/1466.txt         |    3 +
 pkg/cloudflare-go/.changelog/1468.txt         |    3 +
 pkg/cloudflare-go/.changelog/1470.txt         |    3 +
 pkg/cloudflare-go/.changelog/1471.txt         |    3 +
 pkg/cloudflare-go/.changelog/1472.txt         |    3 +
 pkg/cloudflare-go/.changelog/1473.txt         |    3 +
 pkg/cloudflare-go/.changelog/1474.txt         |    3 +
 pkg/cloudflare-go/.changelog/1475.txt         |    3 +
 pkg/cloudflare-go/.changelog/1476.txt         |    3 +
 pkg/cloudflare-go/.changelog/1477.txt         |    3 +
 pkg/cloudflare-go/.changelog/1480.txt         |    7 +
 pkg/cloudflare-go/.changelog/1482.txt         |    3 +
 pkg/cloudflare-go/.changelog/1483.txt         |    3 +
 pkg/cloudflare-go/.changelog/1484.txt         |    3 +
 pkg/cloudflare-go/.changelog/1485.txt         |    3 +
 pkg/cloudflare-go/.changelog/1486.txt         |    3 +
 pkg/cloudflare-go/.changelog/1489.txt         |    3 +
 pkg/cloudflare-go/.changelog/1490.txt         |    3 +
 pkg/cloudflare-go/.changelog/1492.txt         |    3 +
 pkg/cloudflare-go/.changelog/1494.txt         |    3 +
 pkg/cloudflare-go/.changelog/1496.txt         |    7 +
 pkg/cloudflare-go/.changelog/1497.txt         |    3 +
 pkg/cloudflare-go/.changelog/1499.txt         |    3 +
 pkg/cloudflare-go/.changelog/1500.txt         |    3 +
 pkg/cloudflare-go/.changelog/1501.txt         |    3 +
 pkg/cloudflare-go/.changelog/1502.txt         |    3 +
 pkg/cloudflare-go/.changelog/1503.txt         |    3 +
 pkg/cloudflare-go/.changelog/1504.txt         |    3 +
 pkg/cloudflare-go/.changelog/1505.txt         |    3 +
 pkg/cloudflare-go/.changelog/1506.txt         |    3 +
 pkg/cloudflare-go/.changelog/1508.txt         |    7 +
 pkg/cloudflare-go/.changelog/1509.txt         |    3 +
 pkg/cloudflare-go/.changelog/1510.txt         |    3 +
 pkg/cloudflare-go/.changelog/1511.txt         |    3 +
 pkg/cloudflare-go/.changelog/1513.txt         |    3 +
 pkg/cloudflare-go/.changelog/1516.txt         |    3 +
 pkg/cloudflare-go/.changelog/1558.txt         |    3 +
 pkg/cloudflare-go/.changelog/1562.txt         |    3 +
 pkg/cloudflare-go/.changelog/1573.txt         |    3 +
 pkg/cloudflare-go/.changelog/1593.txt         |    3 +
 pkg/cloudflare-go/.changelog/1600.txt         |    3 +
 pkg/cloudflare-go/.changelog/1607.txt         |    3 +
 pkg/cloudflare-go/.changelog/1615.txt         |    3 +
 pkg/cloudflare-go/.changelog/1618.txt         |    3 +
 pkg/cloudflare-go/.changelog/1688.txt         |    3 +
 pkg/cloudflare-go/.changelog/1710.txt         |    3 +
 pkg/cloudflare-go/.changelog/1737.txt         |    3 +
 pkg/cloudflare-go/.changelog/1790.txt         |    3 +
 pkg/cloudflare-go/.changelog/1811.txt         |    3 +
 pkg/cloudflare-go/.changelog/1825.txt         |    3 +
 pkg/cloudflare-go/.changelog/1826.txt         |    3 +
 pkg/cloudflare-go/.changelog/1832.txt         |    3 +
 pkg/cloudflare-go/.changelog/1839.txt         |    3 +
 pkg/cloudflare-go/.changelog/1845.txt         |    3 +
 pkg/cloudflare-go/.changelog/1861.txt         |    3 +
 pkg/cloudflare-go/.changelog/1887.txt         |    3 +
 pkg/cloudflare-go/.changelog/1921.txt         |    3 +
 pkg/cloudflare-go/.changelog/1956.txt         |    7 +
 pkg/cloudflare-go/.changelog/1959.txt         |    3 +
 pkg/cloudflare-go/.changelog/1974.txt         |    3 +
 pkg/cloudflare-go/.changelog/1975.txt         |    3 +
 pkg/cloudflare-go/.changelog/1981.txt         |    3 +
 pkg/cloudflare-go/.changelog/1991.txt         |    3 +
 pkg/cloudflare-go/.changelog/1992.txt         |    3 +
 pkg/cloudflare-go/.changelog/1993.txt         |    3 +
 pkg/cloudflare-go/.changelog/2107.txt         |    3 +
 pkg/cloudflare-go/.changelog/2126.txt         |    3 +
 pkg/cloudflare-go/.changelog/2131.txt         |    3 +
 pkg/cloudflare-go/.changelog/2165.txt         |    3 +
 pkg/cloudflare-go/.changelog/2249.txt         |    3 +
 pkg/cloudflare-go/.changelog/2364.txt         |    3 +
 pkg/cloudflare-go/.changelog/2365.txt         |    3 +
 pkg/cloudflare-go/.changelog/2455.txt         |    3 +
 pkg/cloudflare-go/.changelog/998.txt          |    7 +
 pkg/cloudflare-go/.devcontainer/Dockerfile    |    1 +
 .../.devcontainer/devcontainer.json           |   36 +
 pkg/cloudflare-go/.github/CODEOWNERS          |    5 +
 .../.github/ISSUE_TEMPLATE/bug.yml            |   66 +
 .../.github/ISSUE_TEMPLATE/config.yml         |   11 +
 .../.github/PULL_REQUEST_TEMPLATE.md          |   45 +
 pkg/cloudflare-go/.github/dependabot.yml      |   14 +
 pkg/cloudflare-go/.github/labels.yml          |  208 ++
 pkg/cloudflare-go/.github/stale.yml           |   17 +
 .../.github/workflows/changelog-check.yml     |   19 +
 .../.github/workflows/codeql-analysis.yml     |   70 +
 .../workflows/dependabot-changelog.yml        |   35 +
 .../.github/workflows/generate-changelog.yml  |   31 +
 pkg/cloudflare-go/.github/workflows/lint.yml  |   50 +
 .../workflows/lock-released-issues.yml        |   29 +
 .../.github/workflows/milestone-closed.yml    |   40 +
 .../.github/workflows/milestones.yml          |   25 +
 .../.github/workflows/release.yml             |   26 +
 .../.github/workflows/sync-labels.yml         |   18 +
 pkg/cloudflare-go/.github/workflows/test.yml  |   22 +
 pkg/cloudflare-go/.gitignore                  |    6 +
 pkg/cloudflare-go/.golintci.yaml              |   33 +
 pkg/cloudflare-go/.semgrep.yml                |   88 +
 pkg/cloudflare-go/.semgrepignore              |   22 +
 pkg/cloudflare-go/CHANGELOG.md                | 1140 +++++++++
 pkg/cloudflare-go/CODE_OF_CONDUCT.md          |   77 +
 pkg/cloudflare-go/LICENSE                     |   26 +
 pkg/cloudflare-go/README.md                   |   85 +
 pkg/cloudflare-go/access_application.go       |  510 ++++
 pkg/cloudflare-go/access_application_test.go  | 1545 ++++++++++++
 pkg/cloudflare-go/access_audit_log.go         |   86 +
 .../access_audit_log_example_test.go          |   26 +
 pkg/cloudflare-go/access_audit_log_test.go    |   93 +
 pkg/cloudflare-go/access_bookmark.go          |  206 ++
 pkg/cloudflare-go/access_bookmark_test.go     |  283 +++
 pkg/cloudflare-go/access_ca_certificate.go    |  153 ++
 .../access_ca_certificate_test.go             |  170 ++
 pkg/cloudflare-go/access_custom_page.go       |  127 +
 pkg/cloudflare-go/access_custom_page_test.go  |  196 ++
 pkg/cloudflare-go/access_group.go             |  405 ++++
 pkg/cloudflare-go/access_group_test.go        |  471 ++++
 pkg/cloudflare-go/access_identity_provider.go |  306 +++
 .../access_identity_provider_test.go          |  416 ++++
 pkg/cloudflare-go/access_keys.go              |   64 +
 pkg/cloudflare-go/access_keys_test.go         |  124 +
 .../access_mutual_tls_certificates.go         |  279 +++
 .../access_mutual_tls_certificates_test.go    |  405 ++++
 pkg/cloudflare-go/access_organization.go      |  143 ++
 pkg/cloudflare-go/access_organization_test.go |  281 +++
 pkg/cloudflare-go/access_policy.go            |  356 +++
 pkg/cloudflare-go/access_policy_test.go       |  693 ++++++
 pkg/cloudflare-go/access_seats.go             |  111 +
 pkg/cloudflare-go/access_seats_test.go        |  182 ++
 pkg/cloudflare-go/access_service_tokens.go    |  257 ++
 .../access_service_tokens_test.go             |  313 +++
 pkg/cloudflare-go/access_tag.go               |   85 +
 pkg/cloudflare-go/access_tag_test.go          |  136 ++
 pkg/cloudflare-go/access_user_tokens.go       |   24 +
 pkg/cloudflare-go/access_user_tokens_test.go  |   52 +
 pkg/cloudflare-go/access_users.go             |  362 +++
 pkg/cloudflare-go/access_users_test.go        |  616 +++++
 pkg/cloudflare-go/account_members.go          |  245 ++
 pkg/cloudflare-go/account_members_test.go     |  633 +++++
 pkg/cloudflare-go/account_roles.go            |  111 +
 pkg/cloudflare-go/account_roles_test.go       |  121 +
 pkg/cloudflare-go/accounts.go                 |  151 ++
 pkg/cloudflare-go/accounts_test.go            |  227 ++
 pkg/cloudflare-go/addressing_address_map.go   |  285 +++
 .../addressing_address_map_test.go            |  384 +++
 pkg/cloudflare-go/addressing_ip_prefix.go     |  149 ++
 .../addressing_ip_prefix_test.go              |  237 ++
 pkg/cloudflare-go/api_shield.go               |   71 +
 pkg/cloudflare-go/api_shield_api_discovery.go |  190 ++
 .../api_shield_api_discovery_test.go          |  383 +++
 pkg/cloudflare-go/api_shield_operations.go    |  185 ++
 .../api_shield_operations_test.go             |  491 ++++
 pkg/cloudflare-go/api_shield_schemas.go       |  505 ++++
 pkg/cloudflare-go/api_shield_schemas_test.go  |  669 +++++
 pkg/cloudflare-go/api_shield_test.go          |   84 +
 pkg/cloudflare-go/api_token.go                |  238 ++
 pkg/cloudflare-go/api_token_test.go           |  522 ++++
 pkg/cloudflare-go/argo.go                     |  121 +
 pkg/cloudflare-go/argo_example_test.go        |   65 +
 pkg/cloudflare-go/argo_test.go                |  179 ++
 pkg/cloudflare-go/argo_tunnel.go              |  162 ++
 pkg/cloudflare-go/argo_tunnel_test.go         |  221 ++
 pkg/cloudflare-go/auditlogs.go                |  158 ++
 pkg/cloudflare-go/auditlogs_test.go           |   60 +
 .../authenticated_origin_pulls.go             |   67 +
 ...authenticated_origin_pulls_per_hostname.go |  175 ++
 ...nticated_origin_pulls_per_hostname_test.go |  360 +++
 .../authenticated_origin_pulls_per_zone.go    |  151 ++
 ...uthenticated_origin_pulls_per_zone_test.go |  230 ++
 .../authenticated_origin_pulls_test.go        |  111 +
 pkg/cloudflare-go/bot_management.go           |   91 +
 pkg/cloudflare-go/bot_management_test.go      |   87 +
 pkg/cloudflare-go/cache_reserve.go            |   83 +
 pkg/cloudflare-go/cache_reserve_test.go       |   82 +
 pkg/cloudflare-go/catalog.json                |   67 +
 pkg/cloudflare-go/certificate_packs.go        |  163 ++
 pkg/cloudflare-go/certificate_packs_test.go   |  285 +++
 pkg/cloudflare-go/cloudflare.go               |  593 +++++
 pkg/cloudflare-go/cloudflare_experimental.go  |  343 +++
 pkg/cloudflare-go/cloudflare_test.go          |  549 +++++
 .../cmd/flarectl/.goreleaser.yml              |   23 +
 pkg/cloudflare-go/cmd/flarectl/README.md      |  108 +
 pkg/cloudflare-go/cmd/flarectl/dns.go         |  201 ++
 pkg/cloudflare-go/cmd/flarectl/firewall.go    |  380 +++
 pkg/cloudflare-go/cmd/flarectl/flarectl.go    |  720 ++++++
 pkg/cloudflare-go/cmd/flarectl/misc.go        |  213 ++
 pkg/cloudflare-go/cmd/flarectl/user_agent.go  |  147 ++
 pkg/cloudflare-go/cmd/flarectl/zone.go        |  367 +++
 pkg/cloudflare-go/consts.go                   |   27 +
 pkg/cloudflare-go/convert_types.go            |  932 +++++++
 pkg/cloudflare-go/custom_hostname.go          |  330 +++
 pkg/cloudflare-go/custom_hostname_test.go     | 1114 +++++++++
 pkg/cloudflare-go/custom_nameservers.go       |  207 ++
 pkg/cloudflare-go/custom_nameservers_test.go  |  223 ++
 pkg/cloudflare-go/custom_pages.go             |  177 ++
 pkg/cloudflare-go/custom_pages_test.go        |  351 +++
 pkg/cloudflare-go/d1.go                       |  199 ++
 pkg/cloudflare-go/d1_test.go                  |  238 ++
 pkg/cloudflare-go/dcv_delegation.go           |   41 +
 pkg/cloudflare-go/dcv_delegation_test.go      |   43 +
 pkg/cloudflare-go/device_posture_rule.go      |  331 +++
 pkg/cloudflare-go/device_posture_rule_test.go |  788 ++++++
 pkg/cloudflare-go/devices_dex.go              |  174 ++
 pkg/cloudflare-go/devices_dex_test.go         |  283 +++
 pkg/cloudflare-go/devices_managed_networks.go |  165 ++
 .../devices_managed_networks_test.go          |  245 ++
 pkg/cloudflare-go/devices_policy.go           |  377 +++
 pkg/cloudflare-go/devices_policy_test.go      |  423 ++++
 pkg/cloudflare-go/diagnostics.go              |  102 +
 pkg/cloudflare-go/diagnostics_test.go         |  236 ++
 pkg/cloudflare-go/dlp_dataset.go              |  278 +++
 pkg/cloudflare-go/dlp_dataset_test.go         |  422 ++++
 pkg/cloudflare-go/dlp_payload_log.go          |   72 +
 pkg/cloudflare-go/dlp_payload_log_test.go     |   85 +
 pkg/cloudflare-go/dlp_profile.go              |  234 ++
 pkg/cloudflare-go/dlp_profile_test.go         |  636 +++++
 pkg/cloudflare-go/dns.go                      |  423 ++++
 pkg/cloudflare-go/dns_example_test.go         |   94 +
 pkg/cloudflare-go/dns_firewall.go             |  220 ++
 pkg/cloudflare-go/dns_firewall_test.go        |  145 ++
 pkg/cloudflare-go/dns_test.go                 |  700 ++++++
 pkg/cloudflare-go/docs/changelog-process.md   |   96 +
 pkg/cloudflare-go/docs/conventions.md         |   40 +
 pkg/cloudflare-go/docs/experimental.md        |  119 +
 .../docs/public-api-documentation.md          |   28 +
 pkg/cloudflare-go/docs/release-process.md     |   40 +
 pkg/cloudflare-go/duration.go                 |   41 +
 pkg/cloudflare-go/duration_test.go            |   28 +
 .../email_routing_destination.go              |  156 ++
 .../email_routing_destination_test.go         |  171 ++
 pkg/cloudflare-go/email_routing_rules.go      |  274 +++
 pkg/cloudflare-go/email_routing_rules_test.go |  395 +++
 pkg/cloudflare-go/email_routing_settings.go   |  118 +
 .../email_routing_settings_test.go            |  178 ++
 pkg/cloudflare-go/errors.go                   |  391 +++
 pkg/cloudflare-go/errors_external_test.go     |   28 +
 pkg/cloudflare-go/errors_test.go              |   52 +
 pkg/cloudflare-go/example_test.go             |   40 +
 pkg/cloudflare-go/fallback_domain.go          |  133 +
 pkg/cloudflare-go/fallback_domain_test.go     |  236 ++
 pkg/cloudflare-go/filter.go                   |  290 +++
 pkg/cloudflare-go/filter_test.go              |  391 +++
 pkg/cloudflare-go/firewall.go                 |  281 +++
 pkg/cloudflare-go/firewall_example_test.go    |  106 +
 pkg/cloudflare-go/firewall_rules.go           |  244 ++
 pkg/cloudflare-go/firewall_rules_test.go      |  630 +++++
 pkg/cloudflare-go/firewall_test.go            |  406 ++++
 pkg/cloudflare-go/flake.lock                  |  540 +++++
 pkg/cloudflare-go/flake.nix                   |    7 +
 pkg/cloudflare-go/flox.nix                    |    3 +
 pkg/cloudflare-go/go.mod                      |   32 +
 pkg/cloudflare-go/go.sum                      |   64 +
 pkg/cloudflare-go/healthchecks.go             |  199 ++
 pkg/cloudflare-go/healthchecks_test.go        |  309 +++
 pkg/cloudflare-go/hyperdrive.go               |  214 ++
 pkg/cloudflare-go/hyperdrive_test.go          |  280 +++
 pkg/cloudflare-go/images.go                   |  401 +++
 pkg/cloudflare-go/images_test.go              |  539 +++++
 pkg/cloudflare-go/images_variants.go          |  163 ++
 pkg/cloudflare-go/images_variants_test.go     |  195 ++
 pkg/cloudflare-go/intelligence_asn.go         |  101 +
 pkg/cloudflare-go/intelligence_asn_test.go    |  111 +
 pkg/cloudflare-go/intelligence_domain.go      |  177 ++
 pkg/cloudflare-go/intelligence_domain_test.go |  227 ++
 pkg/cloudflare-go/intelligence_ip.go          |  156 ++
 pkg/cloudflare-go/intelligence_ip_test.go     |  163 ++
 pkg/cloudflare-go/intelligence_phishing.go    |   52 +
 .../intelligence_phishing_test.go             |   51 +
 pkg/cloudflare-go/intelligence_whois.go       |   60 +
 pkg/cloudflare-go/intelligence_whois_test.go  |   77 +
 .../tools/cmd/changelog-check/main.go         |  134 +
 pkg/cloudflare-go/internal/tools/go.mod       |  249 ++
 pkg/cloudflare-go/internal/tools/go.sum       | 1429 +++++++++++
 pkg/cloudflare-go/internal/tools/tools.go     |   45 +
 pkg/cloudflare-go/ip_access_rules.go          |   89 +
 pkg/cloudflare-go/ip_access_rules_test.go     |  311 +++
 pkg/cloudflare-go/ip_list.go                  |  507 ++++
 pkg/cloudflare-go/ip_list_test.go             |  474 ++++
 pkg/cloudflare-go/ips.go                      |   72 +
 pkg/cloudflare-go/ips_test.go                 |   72 +
 pkg/cloudflare-go/keyless.go                  |  146 ++
 pkg/cloudflare-go/keyless_test.go             |  262 ++
 pkg/cloudflare-go/list.go                     |  629 +++++
 pkg/cloudflare-go/list_test.go                | 1045 ++++++++
 pkg/cloudflare-go/load_balancing.go           |  821 +++++++
 .../load_balancing_example_test.go            |   42 +
 pkg/cloudflare-go/load_balancing_test.go      | 2147 +++++++++++++++++
 pkg/cloudflare-go/lockdown.go                 |  192 ++
 pkg/cloudflare-go/lockdown_example_test.go    |   64 +
 pkg/cloudflare-go/lockdown_test.go            |  303 +++
 pkg/cloudflare-go/logger.go                   |  130 +
 pkg/cloudflare-go/logpull.go                  |   58 +
 pkg/cloudflare-go/logpull_test.go             |   62 +
 pkg/cloudflare-go/logpush.go                  |  572 +++++
 pkg/cloudflare-go/logpush_example_test.go     |  201 ++
 pkg/cloudflare-go/logpush_test.go             |  686 ++++++
 pkg/cloudflare-go/magic_firewall_rulesets.go  |  206 ++
 .../magic_firewall_rulesets_test.go           |  318 +++
 pkg/cloudflare-go/magic_transit_gre_tunnel.go |  181 ++
 .../magic_transit_gre_tunnel_test.go          |  331 +++
 .../magic_transit_ipsec_tunnel.go             |  216 ++
 .../magic_transit_ipsec_tunnel_test.go        |  418 ++++
 .../magic_transit_static_routes.go            |  180 ++
 .../magic_transit_static_routes_test.go       |  341 +++
 .../magic_transit_tunnel_healthcheck.go       |   10 +
 pkg/cloudflare-go/managed_headers.go          |   78 +
 pkg/cloudflare-go/managed_headers_test.go     |  234 ++
 pkg/cloudflare-go/miscategorization.go        |   50 +
 pkg/cloudflare-go/miscategorization_test.go   |   62 +
 pkg/cloudflare-go/mtls_certificates.go        |  215 ++
 pkg/cloudflare-go/mtls_certificates_test.go   |  245 ++
 pkg/cloudflare-go/notifications.go            |  447 ++++
 pkg/cloudflare-go/notifications_test.go       |  574 +++++
 pkg/cloudflare-go/observatory.go              |  401 +++
 pkg/cloudflare-go/observatory_test.go         |  464 ++++
 pkg/cloudflare-go/options.go                  |  106 +
 pkg/cloudflare-go/origin_ca.go                |  233 ++
 pkg/cloudflare-go/origin_ca_test.go           |  259 ++
 pkg/cloudflare-go/page_rules.go               |  240 ++
 pkg/cloudflare-go/page_rules_example_test.go  |  110 +
 pkg/cloudflare-go/page_rules_test.go          |  198 ++
 pkg/cloudflare-go/page_shield.go              |   76 +
 pkg/cloudflare-go/page_shield_connections.go  |   88 +
 .../page_shield_connections_test.go           |   90 +
 pkg/cloudflare-go/page_shield_policies.go     |  140 ++
 .../page_shield_policies_test.go              |  151 ++
 pkg/cloudflare-go/page_shield_scripts.go      |  107 +
 pkg/cloudflare-go/page_shield_scripts_test.go |   78 +
 pkg/cloudflare-go/page_shield_test.go         |   77 +
 pkg/cloudflare-go/pages_deployment.go         |  343 +++
 pkg/cloudflare-go/pages_deployment_test.go    |  500 ++++
 pkg/cloudflare-go/pages_domain.go             |  194 ++
 pkg/cloudflare-go/pages_domain_test.go        |  277 +++
 pkg/cloudflare-go/pages_project.go            |  333 +++
 pkg/cloudflare-go/pages_project_test.go       |  671 ++++++
 pkg/cloudflare-go/pagination.go               |   59 +
 pkg/cloudflare-go/pagination_test.go          |  130 +
 .../per_hostname_tls_settings.go              |  251 ++
 .../per_hostname_tls_settings_test.go         |  273 +++
 pkg/cloudflare-go/permission_group.go         |   99 +
 pkg/cloudflare-go/permission_group_test.go    |  152 ++
 pkg/cloudflare-go/policy.go                   |    8 +
 pkg/cloudflare-go/queue.go                    |  378 +++
 pkg/cloudflare-go/queue_test.go               |  485 ++++
 pkg/cloudflare-go/r2_bucket.go                |  147 ++
 pkg/cloudflare-go/r2_bucket_test.go           |  160 ++
 pkg/cloudflare-go/rate_limiting.go            |  199 ++
 .../rate_limiting_example_test.go             |  108 +
 pkg/cloudflare-go/rate_limiting_test.go       |  361 +++
 pkg/cloudflare-go/regional_hostnames.go       |  191 ++
 pkg/cloudflare-go/regional_hostnames_test.go  |  219 ++
 pkg/cloudflare-go/regional_tiered_cache.go    |   85 +
 .../regional_tiered_cache_test.go             |   90 +
 pkg/cloudflare-go/registrar.go                |  176 ++
 pkg/cloudflare-go/registrar_example_test.go   |   85 +
 pkg/cloudflare-go/registrar_test.go           |  375 +++
 pkg/cloudflare-go/resource.go                 |  114 +
 pkg/cloudflare-go/resource_group.go           |   53 +
 pkg/cloudflare-go/resource_group_test.go      |   47 +
 pkg/cloudflare-go/resource_test.go            |   66 +
 pkg/cloudflare-go/rulesets.go                 |  888 +++++++
 pkg/cloudflare-go/rulesets_test.go            |  870 +++++++
 pkg/cloudflare-go/scripts/changelog.tmpl      |   39 +
 .../scripts/generate-changelog-entry.sh       |   36 +
 .../scripts/generate-changelog.sh             |   53 +
 pkg/cloudflare-go/scripts/release-note.tmpl   |    3 +
 pkg/cloudflare-go/secondary_dns_primaries.go  |  165 ++
 .../secondary_dns_primaries_test.go           |  204 ++
 pkg/cloudflare-go/secondary_dns_tsig.go       |  132 +
 pkg/cloudflare-go/secondary_dns_tsig_test.go  |  186 ++
 pkg/cloudflare-go/secondary_dns_zone.go       |  172 ++
 pkg/cloudflare-go/secondary_zone_dns_test.go  |  249 ++
 pkg/cloudflare-go/spectrum.go                 |  368 +++
 pkg/cloudflare-go/spectrum_test.go            |  549 +++++
 pkg/cloudflare-go/split_tunnel.go             |  107 +
 pkg/cloudflare-go/split_tunnel_test.go        |  300 +++
 pkg/cloudflare-go/ssl.go                      |  173 ++
 pkg/cloudflare-go/ssl_test.go                 |  390 +++
 pkg/cloudflare-go/stack_rulesest.go           |   29 +
 pkg/cloudflare-go/stream.go                   |  574 +++++
 pkg/cloudflare-go/stream_test.go              |  659 +++++
 pkg/cloudflare-go/sts.go                      |  101 +
 pkg/cloudflare-go/teams_accounts.go           |  338 +++
 pkg/cloudflare-go/teams_accounts_test.go      |  399 +++
 pkg/cloudflare-go/teams_audit_ssh_settings.go |   86 +
 .../teams_audit_ssh_settings_test.go          |   91 +
 pkg/cloudflare-go/teams_devices.go            |  107 +
 pkg/cloudflare-go/teams_devices_test.go       |  190 ++
 pkg/cloudflare-go/teams_list.go               |  330 +++
 pkg/cloudflare-go/teams_list_test.go          |  356 +++
 pkg/cloudflare-go/teams_locations.go          |  155 ++
 pkg/cloudflare-go/teams_locations_test.go     |  278 +++
 pkg/cloudflare-go/teams_proxy_endpoints.go    |  137 ++
 .../teams_proxy_endpoints_test.go             |  203 ++
 pkg/cloudflare-go/teams_rules.go              |  356 +++
 pkg/cloudflare-go/teams_rules_test.go         |  770 ++++++
 .../testdata/fixtures/dns/list_page_1.json    |   80 +
 .../testdata/fixtures/dns/list_page_2.json    |   58 +
 .../fixtures/images_variants/single_full.json |   17 +
 .../fixtures/images_variants/single_list.json |   19 +
 .../fixtures/tunnel/configuration.json        |   18 +
 .../testdata/fixtures/tunnel/empty.json       |    5 +
 .../fixtures/tunnel/multiple_full.json        |   30 +
 .../testdata/fixtures/tunnel/single_full.json |   25 +
 .../testdata/fixtures/tunnel/token.json       |    6 +
 pkg/cloudflare-go/tiered_cache.go             |  317 +++
 pkg/cloudflare-go/tiered_cache_test.go        |  321 +++
 pkg/cloudflare-go/total_tls.go                |   64 +
 pkg/cloudflare-go/total_tls_test.go           |   74 +
 pkg/cloudflare-go/tunnel.go                   |  536 ++++
 pkg/cloudflare-go/tunnel_routes.go            |  214 ++
 pkg/cloudflare-go/tunnel_routes_test.go       |  222 ++
 pkg/cloudflare-go/tunnel_test.go              |  410 ++++
 pkg/cloudflare-go/tunnel_virtual_networks.go  |  159 ++
 .../tunnel_virtual_networks_test.go           |  185 ++
 pkg/cloudflare-go/turnstile.go                |  245 ++
 pkg/cloudflare-go/turnstile_test.go           |  334 +++
 pkg/cloudflare-go/universal_ssl.go            |  108 +
 pkg/cloudflare-go/universal_ssl_test.go       |  164 ++
 .../url_normalization_settings.go             |   60 +
 .../url_normalization_settings_test.go        |   86 +
 pkg/cloudflare-go/user.go                     |  161 ++
 pkg/cloudflare-go/user_agent.go               |  151 ++
 pkg/cloudflare-go/user_agent_example_test.go  |   31 +
 pkg/cloudflare-go/user_test.go                |  244 ++
 pkg/cloudflare-go/utils.go                    |   28 +
 pkg/cloudflare-go/utils_test.go               |   38 +
 pkg/cloudflare-go/waf.go                      |  352 +++
 pkg/cloudflare-go/waf_overrides.go            |  138 ++
 pkg/cloudflare-go/waf_overrides_test.go       |  238 ++
 pkg/cloudflare-go/waf_test.go                 |  794 ++++++
 pkg/cloudflare-go/waiting_room.go             |  629 +++++
 pkg/cloudflare-go/waiting_room_test.go        |  886 +++++++
 pkg/cloudflare-go/web3.go                     |  198 ++
 pkg/cloudflare-go/web3_test.go                |  228 ++
 pkg/cloudflare-go/web_analytics.go            |  411 ++++
 pkg/cloudflare-go/web_analytics_test.go       |  385 +++
 pkg/cloudflare-go/workers.go                  |  631 +++++
 pkg/cloudflare-go/workers_account_settings.go |   83 +
 .../workers_account_settings_test.go          |   67 +
 pkg/cloudflare-go/workers_bindings.go         |  617 +++++
 pkg/cloudflare-go/workers_bindings_test.go    |  237 ++
 pkg/cloudflare-go/workers_cron_triggers.go    |   91 +
 .../workers_cron_triggers_test.go             |   87 +
 pkg/cloudflare-go/workers_domain.go           |  151 ++
 pkg/cloudflare-go/workers_domain_test.go      |  181 ++
 pkg/cloudflare-go/workers_for_platforms.go    |  139 ++
 .../workers_for_platforms_test.go             |  140 ++
 pkg/cloudflare-go/workers_kv.go               |  378 +++
 pkg/cloudflare-go/workers_kv_example_test.go  |  210 ++
 pkg/cloudflare-go/workers_kv_test.go          |  506 ++++
 pkg/cloudflare-go/workers_routes.go           |  162 ++
 pkg/cloudflare-go/workers_routes_test.go      |  121 +
 pkg/cloudflare-go/workers_secrets.go          |  125 +
 pkg/cloudflare-go/workers_secrets_test.go     |  111 +
 pkg/cloudflare-go/workers_subdomain.go        |   58 +
 pkg/cloudflare-go/workers_subdomain_test.go   |   72 +
 pkg/cloudflare-go/workers_tail.go             |  114 +
 pkg/cloudflare-go/workers_tail_test.go        |  118 +
 pkg/cloudflare-go/workers_test.go             | 1451 +++++++++++
 pkg/cloudflare-go/zaraz.go                    |  430 ++++
 pkg/cloudflare-go/zaraz_test.go               |  996 ++++++++
 pkg/cloudflare-go/zone.go                     | 1077 +++++++++
 pkg/cloudflare-go/zone_cache_variants.go      |   89 +
 pkg/cloudflare-go/zone_cache_variants_test.go |  168 ++
 pkg/cloudflare-go/zone_example_test.go        |   43 +
 pkg/cloudflare-go/zone_hold.go                |  111 +
 pkg/cloudflare-go/zone_hold_test.go           |  124 +
 pkg/cloudflare-go/zone_test.go                | 1612 +++++++++++++
 pkg/cloudflare-go/zones.go                    |  144 ++
 pkg/cloudflare-go/zt_risk_behaviors.go        |  126 +
 pkg/cloudflare-go/zt_risk_behaviors_test.go   |  159 ++
 providers/cloudflare/cloudflareProvider.go    |  160 +-
 providers/cloudflare/rest.go                  |  177 +-
 providers/cloudflare/singleredirect.go        |  199 ++
 providers/cloudflare/singleredirect_test.go   |  321 +++
 providers/huaweicloud/convert.go              |   12 +-
 799 files changed, 100290 insertions(+), 84 deletions(-)
 create mode 100644 pkg/cloudflare-go/.changelog/1001.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1002.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1003.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1004.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1005.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1006.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1008.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1010.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1014.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1016.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1017.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1020.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1026.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1027.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1028.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1030.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1031.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1032.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1034.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1035.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1036.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1037.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1038.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1039.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1040.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1042.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1043.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1044.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1046.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1047.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1048.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1049.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1051.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1052.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1053.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1059.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1060.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1063.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1065.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1066.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1067.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1068.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1070.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1071.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1072.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1073.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1074.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1075.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1077.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1080.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1081.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1082.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1084.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1085.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1086.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1087.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1088.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1089.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1090.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1091.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1093.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1094.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1095.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1097.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1102.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1103.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1104.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1105.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1106.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1108.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1111.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1112.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1114.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1115.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1116.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1117.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1118.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1119.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1120.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1121.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1122.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1123.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1124.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1125.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1126.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1127.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1130.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1131.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1133.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1135.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1136.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1137.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1138.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1139.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1140.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1142.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1146.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1148.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1149.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1150.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1151.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1155.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1156.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1159.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1160.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1161.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1162.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1164.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1167.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1170.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1171.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1172.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1173.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1174.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1176.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1177.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1178.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1180.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1181.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1183.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1184.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1185.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1188.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1190.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1191.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1192.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1193.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1195.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1196.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1197.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1199.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1200.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1202.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1205.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1206.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1207.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1208.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1209.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1210.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1212.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1213.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1214.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1215.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1216.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1217.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1218.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1219.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1220.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1222.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1223.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1226.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1227.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1228.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1229.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1232.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1236.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1237.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1238.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1242.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1243.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1244.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1246.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1249.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1250.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1251.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1253.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1258.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1260.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1261.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1263.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1264.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1265.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1266.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1267.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1268.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1269.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1270.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1271.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1272.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1274.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1275.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1276.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1278.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1279.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1280.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1281.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1284.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1285.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1286.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1287.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1288.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1289.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1290.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1291.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1292.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1293.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1294.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1295.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1296.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1297.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1298.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1300.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1301.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1302.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1303.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1304.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1305.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1306.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1307.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1311.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1312.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1313.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1314.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1315.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1316.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1317.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1319.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1320.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1322.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1325.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1326.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1328.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1330.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1333.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1335.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1336.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1338.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1339.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1340.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1341.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1343.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1344.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1345.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1346.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1347.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1348.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1353.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1355.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1356.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1357.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1359.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1360.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1361.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1362.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1363.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1365.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1366.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1367.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1368.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1369.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1372.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1373.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1374.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1375.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1376.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1377.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1379.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1380.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1382.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1384.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1385.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1386.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1387.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1388.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1389.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1390.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1391.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1393.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1394.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1396.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1397.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1401.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1402.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1403.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1405.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1406.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1407.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1409.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1410.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1412.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1413.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1414.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1415.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1416.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1417.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1418.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1419.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1420.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1421.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1422.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1423.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1424.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1427.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1428.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1433.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1434.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1436.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1438.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1439.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1440.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1441.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1442.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1444.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1445.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1446.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1449.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1450.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1452.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1453.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1454.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1456.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1457.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1459.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1460.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1462.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1463.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1464.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1466.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1468.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1470.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1471.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1472.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1473.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1474.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1475.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1476.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1477.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1480.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1482.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1483.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1484.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1485.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1486.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1489.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1490.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1492.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1494.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1496.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1497.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1499.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1500.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1501.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1502.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1503.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1504.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1505.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1506.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1508.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1509.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1510.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1511.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1513.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1516.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1558.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1562.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1573.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1593.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1600.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1607.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1615.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1618.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1688.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1710.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1737.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1790.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1811.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1825.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1826.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1832.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1839.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1845.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1861.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1887.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1921.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1956.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1959.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1974.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1975.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1981.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1991.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1992.txt
 create mode 100644 pkg/cloudflare-go/.changelog/1993.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2107.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2126.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2131.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2165.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2249.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2364.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2365.txt
 create mode 100644 pkg/cloudflare-go/.changelog/2455.txt
 create mode 100644 pkg/cloudflare-go/.changelog/998.txt
 create mode 100644 pkg/cloudflare-go/.devcontainer/Dockerfile
 create mode 100644 pkg/cloudflare-go/.devcontainer/devcontainer.json
 create mode 100644 pkg/cloudflare-go/.github/CODEOWNERS
 create mode 100644 pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
 create mode 100644 pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
 create mode 100644 pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
 create mode 100644 pkg/cloudflare-go/.github/dependabot.yml
 create mode 100644 pkg/cloudflare-go/.github/labels.yml
 create mode 100644 pkg/cloudflare-go/.github/stale.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/changelog-check.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/generate-changelog.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/lint.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/milestone-closed.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/milestones.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/release.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/sync-labels.yml
 create mode 100644 pkg/cloudflare-go/.github/workflows/test.yml
 create mode 100644 pkg/cloudflare-go/.gitignore
 create mode 100644 pkg/cloudflare-go/.golintci.yaml
 create mode 100644 pkg/cloudflare-go/.semgrep.yml
 create mode 100644 pkg/cloudflare-go/.semgrepignore
 create mode 100644 pkg/cloudflare-go/CHANGELOG.md
 create mode 100644 pkg/cloudflare-go/CODE_OF_CONDUCT.md
 create mode 100644 pkg/cloudflare-go/LICENSE
 create mode 100644 pkg/cloudflare-go/README.md
 create mode 100644 pkg/cloudflare-go/access_application.go
 create mode 100644 pkg/cloudflare-go/access_application_test.go
 create mode 100644 pkg/cloudflare-go/access_audit_log.go
 create mode 100644 pkg/cloudflare-go/access_audit_log_example_test.go
 create mode 100644 pkg/cloudflare-go/access_audit_log_test.go
 create mode 100644 pkg/cloudflare-go/access_bookmark.go
 create mode 100644 pkg/cloudflare-go/access_bookmark_test.go
 create mode 100644 pkg/cloudflare-go/access_ca_certificate.go
 create mode 100644 pkg/cloudflare-go/access_ca_certificate_test.go
 create mode 100644 pkg/cloudflare-go/access_custom_page.go
 create mode 100644 pkg/cloudflare-go/access_custom_page_test.go
 create mode 100644 pkg/cloudflare-go/access_group.go
 create mode 100644 pkg/cloudflare-go/access_group_test.go
 create mode 100644 pkg/cloudflare-go/access_identity_provider.go
 create mode 100644 pkg/cloudflare-go/access_identity_provider_test.go
 create mode 100644 pkg/cloudflare-go/access_keys.go
 create mode 100644 pkg/cloudflare-go/access_keys_test.go
 create mode 100644 pkg/cloudflare-go/access_mutual_tls_certificates.go
 create mode 100644 pkg/cloudflare-go/access_mutual_tls_certificates_test.go
 create mode 100644 pkg/cloudflare-go/access_organization.go
 create mode 100644 pkg/cloudflare-go/access_organization_test.go
 create mode 100644 pkg/cloudflare-go/access_policy.go
 create mode 100644 pkg/cloudflare-go/access_policy_test.go
 create mode 100644 pkg/cloudflare-go/access_seats.go
 create mode 100644 pkg/cloudflare-go/access_seats_test.go
 create mode 100644 pkg/cloudflare-go/access_service_tokens.go
 create mode 100644 pkg/cloudflare-go/access_service_tokens_test.go
 create mode 100644 pkg/cloudflare-go/access_tag.go
 create mode 100644 pkg/cloudflare-go/access_tag_test.go
 create mode 100644 pkg/cloudflare-go/access_user_tokens.go
 create mode 100644 pkg/cloudflare-go/access_user_tokens_test.go
 create mode 100644 pkg/cloudflare-go/access_users.go
 create mode 100644 pkg/cloudflare-go/access_users_test.go
 create mode 100644 pkg/cloudflare-go/account_members.go
 create mode 100644 pkg/cloudflare-go/account_members_test.go
 create mode 100644 pkg/cloudflare-go/account_roles.go
 create mode 100644 pkg/cloudflare-go/account_roles_test.go
 create mode 100644 pkg/cloudflare-go/accounts.go
 create mode 100644 pkg/cloudflare-go/accounts_test.go
 create mode 100644 pkg/cloudflare-go/addressing_address_map.go
 create mode 100644 pkg/cloudflare-go/addressing_address_map_test.go
 create mode 100644 pkg/cloudflare-go/addressing_ip_prefix.go
 create mode 100644 pkg/cloudflare-go/addressing_ip_prefix_test.go
 create mode 100644 pkg/cloudflare-go/api_shield.go
 create mode 100644 pkg/cloudflare-go/api_shield_api_discovery.go
 create mode 100644 pkg/cloudflare-go/api_shield_api_discovery_test.go
 create mode 100644 pkg/cloudflare-go/api_shield_operations.go
 create mode 100644 pkg/cloudflare-go/api_shield_operations_test.go
 create mode 100644 pkg/cloudflare-go/api_shield_schemas.go
 create mode 100644 pkg/cloudflare-go/api_shield_schemas_test.go
 create mode 100644 pkg/cloudflare-go/api_shield_test.go
 create mode 100644 pkg/cloudflare-go/api_token.go
 create mode 100644 pkg/cloudflare-go/api_token_test.go
 create mode 100644 pkg/cloudflare-go/argo.go
 create mode 100644 pkg/cloudflare-go/argo_example_test.go
 create mode 100644 pkg/cloudflare-go/argo_test.go
 create mode 100644 pkg/cloudflare-go/argo_tunnel.go
 create mode 100644 pkg/cloudflare-go/argo_tunnel_test.go
 create mode 100644 pkg/cloudflare-go/auditlogs.go
 create mode 100644 pkg/cloudflare-go/auditlogs_test.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
 create mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_test.go
 create mode 100644 pkg/cloudflare-go/bot_management.go
 create mode 100644 pkg/cloudflare-go/bot_management_test.go
 create mode 100644 pkg/cloudflare-go/cache_reserve.go
 create mode 100644 pkg/cloudflare-go/cache_reserve_test.go
 create mode 100644 pkg/cloudflare-go/catalog.json
 create mode 100644 pkg/cloudflare-go/certificate_packs.go
 create mode 100644 pkg/cloudflare-go/certificate_packs_test.go
 create mode 100644 pkg/cloudflare-go/cloudflare.go
 create mode 100644 pkg/cloudflare-go/cloudflare_experimental.go
 create mode 100644 pkg/cloudflare-go/cloudflare_test.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/README.md
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/dns.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/firewall.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/flarectl.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/misc.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/user_agent.go
 create mode 100644 pkg/cloudflare-go/cmd/flarectl/zone.go
 create mode 100644 pkg/cloudflare-go/consts.go
 create mode 100644 pkg/cloudflare-go/convert_types.go
 create mode 100644 pkg/cloudflare-go/custom_hostname.go
 create mode 100644 pkg/cloudflare-go/custom_hostname_test.go
 create mode 100644 pkg/cloudflare-go/custom_nameservers.go
 create mode 100644 pkg/cloudflare-go/custom_nameservers_test.go
 create mode 100644 pkg/cloudflare-go/custom_pages.go
 create mode 100644 pkg/cloudflare-go/custom_pages_test.go
 create mode 100644 pkg/cloudflare-go/d1.go
 create mode 100644 pkg/cloudflare-go/d1_test.go
 create mode 100644 pkg/cloudflare-go/dcv_delegation.go
 create mode 100644 pkg/cloudflare-go/dcv_delegation_test.go
 create mode 100644 pkg/cloudflare-go/device_posture_rule.go
 create mode 100644 pkg/cloudflare-go/device_posture_rule_test.go
 create mode 100644 pkg/cloudflare-go/devices_dex.go
 create mode 100644 pkg/cloudflare-go/devices_dex_test.go
 create mode 100644 pkg/cloudflare-go/devices_managed_networks.go
 create mode 100644 pkg/cloudflare-go/devices_managed_networks_test.go
 create mode 100644 pkg/cloudflare-go/devices_policy.go
 create mode 100644 pkg/cloudflare-go/devices_policy_test.go
 create mode 100644 pkg/cloudflare-go/diagnostics.go
 create mode 100644 pkg/cloudflare-go/diagnostics_test.go
 create mode 100644 pkg/cloudflare-go/dlp_dataset.go
 create mode 100644 pkg/cloudflare-go/dlp_dataset_test.go
 create mode 100644 pkg/cloudflare-go/dlp_payload_log.go
 create mode 100644 pkg/cloudflare-go/dlp_payload_log_test.go
 create mode 100644 pkg/cloudflare-go/dlp_profile.go
 create mode 100644 pkg/cloudflare-go/dlp_profile_test.go
 create mode 100644 pkg/cloudflare-go/dns.go
 create mode 100644 pkg/cloudflare-go/dns_example_test.go
 create mode 100644 pkg/cloudflare-go/dns_firewall.go
 create mode 100644 pkg/cloudflare-go/dns_firewall_test.go
 create mode 100644 pkg/cloudflare-go/dns_test.go
 create mode 100644 pkg/cloudflare-go/docs/changelog-process.md
 create mode 100644 pkg/cloudflare-go/docs/conventions.md
 create mode 100644 pkg/cloudflare-go/docs/experimental.md
 create mode 100644 pkg/cloudflare-go/docs/public-api-documentation.md
 create mode 100644 pkg/cloudflare-go/docs/release-process.md
 create mode 100644 pkg/cloudflare-go/duration.go
 create mode 100644 pkg/cloudflare-go/duration_test.go
 create mode 100644 pkg/cloudflare-go/email_routing_destination.go
 create mode 100644 pkg/cloudflare-go/email_routing_destination_test.go
 create mode 100644 pkg/cloudflare-go/email_routing_rules.go
 create mode 100644 pkg/cloudflare-go/email_routing_rules_test.go
 create mode 100644 pkg/cloudflare-go/email_routing_settings.go
 create mode 100644 pkg/cloudflare-go/email_routing_settings_test.go
 create mode 100644 pkg/cloudflare-go/errors.go
 create mode 100644 pkg/cloudflare-go/errors_external_test.go
 create mode 100644 pkg/cloudflare-go/errors_test.go
 create mode 100644 pkg/cloudflare-go/example_test.go
 create mode 100644 pkg/cloudflare-go/fallback_domain.go
 create mode 100644 pkg/cloudflare-go/fallback_domain_test.go
 create mode 100644 pkg/cloudflare-go/filter.go
 create mode 100644 pkg/cloudflare-go/filter_test.go
 create mode 100644 pkg/cloudflare-go/firewall.go
 create mode 100644 pkg/cloudflare-go/firewall_example_test.go
 create mode 100644 pkg/cloudflare-go/firewall_rules.go
 create mode 100644 pkg/cloudflare-go/firewall_rules_test.go
 create mode 100644 pkg/cloudflare-go/firewall_test.go
 create mode 100644 pkg/cloudflare-go/flake.lock
 create mode 100644 pkg/cloudflare-go/flake.nix
 create mode 100644 pkg/cloudflare-go/flox.nix
 create mode 100644 pkg/cloudflare-go/go.mod
 create mode 100644 pkg/cloudflare-go/go.sum
 create mode 100644 pkg/cloudflare-go/healthchecks.go
 create mode 100644 pkg/cloudflare-go/healthchecks_test.go
 create mode 100644 pkg/cloudflare-go/hyperdrive.go
 create mode 100644 pkg/cloudflare-go/hyperdrive_test.go
 create mode 100644 pkg/cloudflare-go/images.go
 create mode 100644 pkg/cloudflare-go/images_test.go
 create mode 100644 pkg/cloudflare-go/images_variants.go
 create mode 100644 pkg/cloudflare-go/images_variants_test.go
 create mode 100644 pkg/cloudflare-go/intelligence_asn.go
 create mode 100644 pkg/cloudflare-go/intelligence_asn_test.go
 create mode 100644 pkg/cloudflare-go/intelligence_domain.go
 create mode 100644 pkg/cloudflare-go/intelligence_domain_test.go
 create mode 100644 pkg/cloudflare-go/intelligence_ip.go
 create mode 100644 pkg/cloudflare-go/intelligence_ip_test.go
 create mode 100644 pkg/cloudflare-go/intelligence_phishing.go
 create mode 100644 pkg/cloudflare-go/intelligence_phishing_test.go
 create mode 100644 pkg/cloudflare-go/intelligence_whois.go
 create mode 100644 pkg/cloudflare-go/intelligence_whois_test.go
 create mode 100644 pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
 create mode 100644 pkg/cloudflare-go/internal/tools/go.mod
 create mode 100644 pkg/cloudflare-go/internal/tools/go.sum
 create mode 100644 pkg/cloudflare-go/internal/tools/tools.go
 create mode 100644 pkg/cloudflare-go/ip_access_rules.go
 create mode 100644 pkg/cloudflare-go/ip_access_rules_test.go
 create mode 100644 pkg/cloudflare-go/ip_list.go
 create mode 100644 pkg/cloudflare-go/ip_list_test.go
 create mode 100644 pkg/cloudflare-go/ips.go
 create mode 100644 pkg/cloudflare-go/ips_test.go
 create mode 100644 pkg/cloudflare-go/keyless.go
 create mode 100644 pkg/cloudflare-go/keyless_test.go
 create mode 100644 pkg/cloudflare-go/list.go
 create mode 100644 pkg/cloudflare-go/list_test.go
 create mode 100644 pkg/cloudflare-go/load_balancing.go
 create mode 100644 pkg/cloudflare-go/load_balancing_example_test.go
 create mode 100644 pkg/cloudflare-go/load_balancing_test.go
 create mode 100644 pkg/cloudflare-go/lockdown.go
 create mode 100644 pkg/cloudflare-go/lockdown_example_test.go
 create mode 100644 pkg/cloudflare-go/lockdown_test.go
 create mode 100644 pkg/cloudflare-go/logger.go
 create mode 100644 pkg/cloudflare-go/logpull.go
 create mode 100644 pkg/cloudflare-go/logpull_test.go
 create mode 100644 pkg/cloudflare-go/logpush.go
 create mode 100644 pkg/cloudflare-go/logpush_example_test.go
 create mode 100644 pkg/cloudflare-go/logpush_test.go
 create mode 100644 pkg/cloudflare-go/magic_firewall_rulesets.go
 create mode 100644 pkg/cloudflare-go/magic_firewall_rulesets_test.go
 create mode 100644 pkg/cloudflare-go/magic_transit_gre_tunnel.go
 create mode 100644 pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
 create mode 100644 pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
 create mode 100644 pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
 create mode 100644 pkg/cloudflare-go/magic_transit_static_routes.go
 create mode 100644 pkg/cloudflare-go/magic_transit_static_routes_test.go
 create mode 100644 pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
 create mode 100644 pkg/cloudflare-go/managed_headers.go
 create mode 100644 pkg/cloudflare-go/managed_headers_test.go
 create mode 100644 pkg/cloudflare-go/miscategorization.go
 create mode 100644 pkg/cloudflare-go/miscategorization_test.go
 create mode 100644 pkg/cloudflare-go/mtls_certificates.go
 create mode 100644 pkg/cloudflare-go/mtls_certificates_test.go
 create mode 100644 pkg/cloudflare-go/notifications.go
 create mode 100644 pkg/cloudflare-go/notifications_test.go
 create mode 100644 pkg/cloudflare-go/observatory.go
 create mode 100644 pkg/cloudflare-go/observatory_test.go
 create mode 100644 pkg/cloudflare-go/options.go
 create mode 100644 pkg/cloudflare-go/origin_ca.go
 create mode 100644 pkg/cloudflare-go/origin_ca_test.go
 create mode 100644 pkg/cloudflare-go/page_rules.go
 create mode 100644 pkg/cloudflare-go/page_rules_example_test.go
 create mode 100644 pkg/cloudflare-go/page_rules_test.go
 create mode 100644 pkg/cloudflare-go/page_shield.go
 create mode 100644 pkg/cloudflare-go/page_shield_connections.go
 create mode 100644 pkg/cloudflare-go/page_shield_connections_test.go
 create mode 100644 pkg/cloudflare-go/page_shield_policies.go
 create mode 100644 pkg/cloudflare-go/page_shield_policies_test.go
 create mode 100644 pkg/cloudflare-go/page_shield_scripts.go
 create mode 100644 pkg/cloudflare-go/page_shield_scripts_test.go
 create mode 100644 pkg/cloudflare-go/page_shield_test.go
 create mode 100644 pkg/cloudflare-go/pages_deployment.go
 create mode 100644 pkg/cloudflare-go/pages_deployment_test.go
 create mode 100644 pkg/cloudflare-go/pages_domain.go
 create mode 100644 pkg/cloudflare-go/pages_domain_test.go
 create mode 100644 pkg/cloudflare-go/pages_project.go
 create mode 100644 pkg/cloudflare-go/pages_project_test.go
 create mode 100644 pkg/cloudflare-go/pagination.go
 create mode 100644 pkg/cloudflare-go/pagination_test.go
 create mode 100644 pkg/cloudflare-go/per_hostname_tls_settings.go
 create mode 100644 pkg/cloudflare-go/per_hostname_tls_settings_test.go
 create mode 100644 pkg/cloudflare-go/permission_group.go
 create mode 100644 pkg/cloudflare-go/permission_group_test.go
 create mode 100644 pkg/cloudflare-go/policy.go
 create mode 100644 pkg/cloudflare-go/queue.go
 create mode 100644 pkg/cloudflare-go/queue_test.go
 create mode 100644 pkg/cloudflare-go/r2_bucket.go
 create mode 100644 pkg/cloudflare-go/r2_bucket_test.go
 create mode 100644 pkg/cloudflare-go/rate_limiting.go
 create mode 100644 pkg/cloudflare-go/rate_limiting_example_test.go
 create mode 100644 pkg/cloudflare-go/rate_limiting_test.go
 create mode 100644 pkg/cloudflare-go/regional_hostnames.go
 create mode 100644 pkg/cloudflare-go/regional_hostnames_test.go
 create mode 100644 pkg/cloudflare-go/regional_tiered_cache.go
 create mode 100644 pkg/cloudflare-go/regional_tiered_cache_test.go
 create mode 100644 pkg/cloudflare-go/registrar.go
 create mode 100644 pkg/cloudflare-go/registrar_example_test.go
 create mode 100644 pkg/cloudflare-go/registrar_test.go
 create mode 100644 pkg/cloudflare-go/resource.go
 create mode 100644 pkg/cloudflare-go/resource_group.go
 create mode 100644 pkg/cloudflare-go/resource_group_test.go
 create mode 100644 pkg/cloudflare-go/resource_test.go
 create mode 100644 pkg/cloudflare-go/rulesets.go
 create mode 100644 pkg/cloudflare-go/rulesets_test.go
 create mode 100644 pkg/cloudflare-go/scripts/changelog.tmpl
 create mode 100755 pkg/cloudflare-go/scripts/generate-changelog-entry.sh
 create mode 100755 pkg/cloudflare-go/scripts/generate-changelog.sh
 create mode 100644 pkg/cloudflare-go/scripts/release-note.tmpl
 create mode 100644 pkg/cloudflare-go/secondary_dns_primaries.go
 create mode 100644 pkg/cloudflare-go/secondary_dns_primaries_test.go
 create mode 100644 pkg/cloudflare-go/secondary_dns_tsig.go
 create mode 100644 pkg/cloudflare-go/secondary_dns_tsig_test.go
 create mode 100644 pkg/cloudflare-go/secondary_dns_zone.go
 create mode 100644 pkg/cloudflare-go/secondary_zone_dns_test.go
 create mode 100644 pkg/cloudflare-go/spectrum.go
 create mode 100644 pkg/cloudflare-go/spectrum_test.go
 create mode 100644 pkg/cloudflare-go/split_tunnel.go
 create mode 100644 pkg/cloudflare-go/split_tunnel_test.go
 create mode 100644 pkg/cloudflare-go/ssl.go
 create mode 100644 pkg/cloudflare-go/ssl_test.go
 create mode 100644 pkg/cloudflare-go/stack_rulesest.go
 create mode 100644 pkg/cloudflare-go/stream.go
 create mode 100644 pkg/cloudflare-go/stream_test.go
 create mode 100644 pkg/cloudflare-go/sts.go
 create mode 100644 pkg/cloudflare-go/teams_accounts.go
 create mode 100644 pkg/cloudflare-go/teams_accounts_test.go
 create mode 100644 pkg/cloudflare-go/teams_audit_ssh_settings.go
 create mode 100644 pkg/cloudflare-go/teams_audit_ssh_settings_test.go
 create mode 100644 pkg/cloudflare-go/teams_devices.go
 create mode 100644 pkg/cloudflare-go/teams_devices_test.go
 create mode 100644 pkg/cloudflare-go/teams_list.go
 create mode 100644 pkg/cloudflare-go/teams_list_test.go
 create mode 100644 pkg/cloudflare-go/teams_locations.go
 create mode 100644 pkg/cloudflare-go/teams_locations_test.go
 create mode 100644 pkg/cloudflare-go/teams_proxy_endpoints.go
 create mode 100644 pkg/cloudflare-go/teams_proxy_endpoints_test.go
 create mode 100644 pkg/cloudflare-go/teams_rules.go
 create mode 100644 pkg/cloudflare-go/teams_rules_test.go
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
 create mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
 create mode 100644 pkg/cloudflare-go/tiered_cache.go
 create mode 100644 pkg/cloudflare-go/tiered_cache_test.go
 create mode 100644 pkg/cloudflare-go/total_tls.go
 create mode 100644 pkg/cloudflare-go/total_tls_test.go
 create mode 100644 pkg/cloudflare-go/tunnel.go
 create mode 100644 pkg/cloudflare-go/tunnel_routes.go
 create mode 100644 pkg/cloudflare-go/tunnel_routes_test.go
 create mode 100644 pkg/cloudflare-go/tunnel_test.go
 create mode 100644 pkg/cloudflare-go/tunnel_virtual_networks.go
 create mode 100644 pkg/cloudflare-go/tunnel_virtual_networks_test.go
 create mode 100644 pkg/cloudflare-go/turnstile.go
 create mode 100644 pkg/cloudflare-go/turnstile_test.go
 create mode 100644 pkg/cloudflare-go/universal_ssl.go
 create mode 100644 pkg/cloudflare-go/universal_ssl_test.go
 create mode 100644 pkg/cloudflare-go/url_normalization_settings.go
 create mode 100644 pkg/cloudflare-go/url_normalization_settings_test.go
 create mode 100644 pkg/cloudflare-go/user.go
 create mode 100644 pkg/cloudflare-go/user_agent.go
 create mode 100644 pkg/cloudflare-go/user_agent_example_test.go
 create mode 100644 pkg/cloudflare-go/user_test.go
 create mode 100644 pkg/cloudflare-go/utils.go
 create mode 100644 pkg/cloudflare-go/utils_test.go
 create mode 100644 pkg/cloudflare-go/waf.go
 create mode 100644 pkg/cloudflare-go/waf_overrides.go
 create mode 100644 pkg/cloudflare-go/waf_overrides_test.go
 create mode 100644 pkg/cloudflare-go/waf_test.go
 create mode 100644 pkg/cloudflare-go/waiting_room.go
 create mode 100644 pkg/cloudflare-go/waiting_room_test.go
 create mode 100644 pkg/cloudflare-go/web3.go
 create mode 100644 pkg/cloudflare-go/web3_test.go
 create mode 100644 pkg/cloudflare-go/web_analytics.go
 create mode 100644 pkg/cloudflare-go/web_analytics_test.go
 create mode 100644 pkg/cloudflare-go/workers.go
 create mode 100644 pkg/cloudflare-go/workers_account_settings.go
 create mode 100644 pkg/cloudflare-go/workers_account_settings_test.go
 create mode 100644 pkg/cloudflare-go/workers_bindings.go
 create mode 100644 pkg/cloudflare-go/workers_bindings_test.go
 create mode 100644 pkg/cloudflare-go/workers_cron_triggers.go
 create mode 100644 pkg/cloudflare-go/workers_cron_triggers_test.go
 create mode 100644 pkg/cloudflare-go/workers_domain.go
 create mode 100644 pkg/cloudflare-go/workers_domain_test.go
 create mode 100644 pkg/cloudflare-go/workers_for_platforms.go
 create mode 100644 pkg/cloudflare-go/workers_for_platforms_test.go
 create mode 100644 pkg/cloudflare-go/workers_kv.go
 create mode 100644 pkg/cloudflare-go/workers_kv_example_test.go
 create mode 100644 pkg/cloudflare-go/workers_kv_test.go
 create mode 100644 pkg/cloudflare-go/workers_routes.go
 create mode 100644 pkg/cloudflare-go/workers_routes_test.go
 create mode 100644 pkg/cloudflare-go/workers_secrets.go
 create mode 100644 pkg/cloudflare-go/workers_secrets_test.go
 create mode 100644 pkg/cloudflare-go/workers_subdomain.go
 create mode 100644 pkg/cloudflare-go/workers_subdomain_test.go
 create mode 100644 pkg/cloudflare-go/workers_tail.go
 create mode 100644 pkg/cloudflare-go/workers_tail_test.go
 create mode 100644 pkg/cloudflare-go/workers_test.go
 create mode 100644 pkg/cloudflare-go/zaraz.go
 create mode 100644 pkg/cloudflare-go/zaraz_test.go
 create mode 100644 pkg/cloudflare-go/zone.go
 create mode 100644 pkg/cloudflare-go/zone_cache_variants.go
 create mode 100644 pkg/cloudflare-go/zone_cache_variants_test.go
 create mode 100644 pkg/cloudflare-go/zone_example_test.go
 create mode 100644 pkg/cloudflare-go/zone_hold.go
 create mode 100644 pkg/cloudflare-go/zone_hold_test.go
 create mode 100644 pkg/cloudflare-go/zone_test.go
 create mode 100644 pkg/cloudflare-go/zones.go
 create mode 100644 pkg/cloudflare-go/zt_risk_behaviors.go
 create mode 100644 pkg/cloudflare-go/zt_risk_behaviors_test.go
 create mode 100644 providers/cloudflare/singleredirect.go
 create mode 100644 providers/cloudflare/singleredirect_test.go

diff --git a/.gitattributes b/.gitattributes
index e40dd0eaec..e20a6ea4b0 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -29,3 +29,5 @@ go.sum text eol=lf
 *.jpg binary
 *.png
 *.svg
+
+pkg/cloudflare-go/.changelog text eol=crlf
diff --git a/documentation/assets/providers/cloudflareapi/example-permissions-configuration.png b/documentation/assets/providers/cloudflareapi/example-permissions-configuration.png
index cabb6076ab7313090f92769674d19d6dde64773f..a145f6091e7fcf2eea64956f5aa3ceb470e61c32 100644
GIT binary patch
literal 25460
zcmeEucT`i`zHSf&5djs^4FaMx=}M7a6p<c~Djk(xrI!$z6-8QT0YXqpC;_AsI->L%
znsks7AV827Ae6Uo?|tt+=iPJez32V;j$=3$NmiX}&AGncS7w+tSefP=(>V|bM5C(m
zKnDaO_XUB-KAoiizA4kQ5(E}x9y-eRK?U8+OTdTIw)Zsefj~u()CW(_0H3Lzs~CBJ
zK(tLK|H)chv#mg&XH=>W?&<lOuTEIlUA8^mJ=9`7|JGky<DSE#?`fH(7dACbsJ-4l
z7$LcUIo^n`!hZYIb+x_c<yKby<uJFR<0bL>$BQA^4>o0<BcYqVmt3x}f7?#GvN6c4
zl4D<<FM3Gz&_7K{dmY}>DOO!_Y~ur)K#Xi3hV~)ktEH<k1(*d7GbG&E@99P0{6Gp#
zr25X|lfQx~l!GZx{?H5s(VZ-lPLr{oEJdkK$($_hE}aH09t7&;IJ<tbOjEruO$IC#
zV0LH_p*#G%k5}7QFOhmRYM2?;%j%&)=daB~UtA)a4Apo{rf=9?Is~FV*;E@UpvAx7
zM#eNv^EM?pp$}ZLxc}0V2CR<sVLbVr?Rgx^&O4%g;9m3+;Y#PJlkXIMLoYMc;MgBU
zf6LqwbJ`JeUb@`<1de%TaEs+9J}K%9Daf%Fx;pl*lX)p-<~{Y!@kkDG#QvkvQreD~
z??@r?aB^}LL2N~L$n*quTY-a@*O1cl=IOXVS`U`AYBTRDho8jLz=48|P4t6_5MG|*
zbhA-(3ll$0Yiwsvk90rg?N^99d9pp@u1kH%QL;J7k5@AA;auWo%~xN&EK0FkQtZ)2
z1Yy2x;W3;sMuMOG{j(UAdLN`wI*9?c8_^la+01UEDF;OqG{%O*iG%hI%BD}5dg0E@
zLpTW@cbUVa5t3mW<m74<%JiA1NA3;oWrrW8H?cmF_Ndd!dWdc*=niBYgT-P9wX+sB
zB<8-Kv)Jlye&gQLpY43(>z#}R88A8T#d}M=B9ic@46W?@{PSBkcb*P<TZ$f5ja-@g
z;;XaYjc7NXx+APVU7O$I#!sJSL$Kf^P@OdKprJu9E*veX>m+kica!V4eRfV&mO(WX
z$MR*^u0GC>@uIzuNN<>v)*DAouY+eApKz3DVkgTTC)lJSG=@3S2>&h;G`hyG+J3Ho
z2RCs$OL6D=W!1w48ofg~<ukt@LrmKs80FLH*-wkZDd+dLJd5O3!ipfIv;))19ZdY^
zW9yKJE4huC+`V|_G9vq(RADkZme2yWN&1sB4A(b%k+5U>;FBS4POVq`QW1IHgOCAj
zO_+>zK3}Yhy_0={N~0IG`%-{4`@4deKMwi19OT-OT-<Xm_Xl?gK>~Bz2pOICgHUo)
z1SaXz$e*jYznYwBh4K^Bpl#hsy|W}lsyO2H(>gg|c3s&SU;l{_aVkdo+Sv>Ujd?;!
z*p@BIZ77_$U!U0d?Gk*TSBW4ufAAPW%i^XU{$6#{lZ(`ymMR?>pBei51Lff8_w-KW
zNnZicIDKIM)r*2Zvo(+dUj%dA`&YZ&|9S^%l)l5<8F_hpBASAU3`Yinv<bD&vH}|3
zZR_6{NJX`g$~Ir&j+cCFtSTMve<5~BZ;>pVF?Q|sh72#u3O-WVLp~=-*<DX~ZM_fy
zFT6qeP4}LOK867<iRGjp?s7^!1OGf(zq{|iQ+6E`jEZv&wna*$eo%QDXui-T%3zc`
zOI3b1woIDGPWrjpLj6+QU6GzJ_f@a($Mbd>O`ZB&M1sDMritMFNygsr8Ws($IDuMs
zhojgnmphwfybuGB)Mtr>QlmVX?ztRa3u&tX|KmQeh>74bJ19*pfV^f(S2e78vQz5g
znuPW-y%PweX0#{3S)7izdk(a&w@I^}8u@?|Uim}hDK6t}Y(m{qMt<ek!p>7vzr%|C
z{VOYzon-L%jIR*1wNiiR0kM%4>NadtSY#DHCbRT#|ETC^M(Z9KWbBi@P#sU6&DWow
zMzVT|PbNK@1I&rg;vEsxRdI;fTAg)JA^lYHw=)>_Pm{R0h^YMl<e8lbmWlR*!xSiS
zt%T^h>OyGWuZA2opGklmnMb5RyY~3^NCuV`*dBp#5AzyRt02O+R6=`T;rQ@RQgWsJ
z;}N7-_4&$i=Pq=YQM|ZA#+0?zc&=H$a9Sb!D0w#sWxhXg8Qropyg`Z>?{T)#ADS8t
zh=1?T{5dsw+o$K&QEhHY&kraKv@o>Cq(d%wd$>!^R(5J6A!PGr+t0+ZaVTPi*g=x^
zn+qI5J9h=nu^M8Fclw`Rx2Q#Ol1k#x*Cq)<I9J`zYyK7%NE7hLCNp=+VHcWD@96!I
zKA~=T4m#mpR}o6etqGDQ_}I4>kc_QYAR|+%L!`Oe1Q^fNZ}nOvf@2rt*dWlF4%BOz
z8vA@U=(q)Tyc>D!>ppi}?HFIVCbvg8o;O?TJRUwy#2gb^fnTS@Q{dd<sRs$$OlwlM
zN5EG{@;2Zp_S$?oVtu}V-j4TP`}a4;+fze2vq49Eq>{xNTj-A5RZID)YIzKS5YUY+
zoH-QSAc{cb(Zt;;Nj!FJA+WIf=%6L&AYt#w9e%i3P(f@#5Rc{FuT|R`nftZ*LrZE&
zBc2GN$8ir0&dsQ!%XT|(_|;@bb^VV2CXpn6d^o2vM10P^DWSYGr6@V|Yyl!X=DQ<l
zvQ+;hr(V?nQ$my#AxzZQK)Vi8%>D3cK`5i*BUUx}_th4eb?k)lheLQclxH8oTTdAD
zt0Nw|K5k)v2ogn%rkaArtgZ4%D>Cu~5#Ktk{Od-fSg{~t+lS*e^ky-U9Z#69NwApc
zjISkh<NYR0IzmSXD?LsN6Frub+(Z%Ue4^ZNel=#wEV>wXDCjx4Co|d7o|~s6XFF8K
z3kj+XDoG*o?A02*8>H_MCP}yMRU1|j;)a!b9LIXL>mo}E)`|9A@cJNsQVlS8_O_}`
zT79dtage(~x-@BS+kxN{_9@e%z5X2bWHf`QjnoLjt<H!RSi~&JKEopGxIQZGw<s;t
zSrkE7dQyP<-m`tlnbJRBpnbZUj?bMlI<`(RH5S|b2rgyETKMIQPyZzr`BY5A*BT39
z$5;{GXUDgSh(=RNM}g%m68un{5Zv4YFZ)miZ$8D{m&dbbX1h^m=s5Q5*%0e)(T=OP
z=;opKPRI9DdrU@c`}~1s$z+d&L|olu#xqysb|FqoifH1&W5hdzUkSXTZepvv?{UR!
zO_;PSAZ~>GHa{Y63)RsHO7tTH8WA2Dz;zcO@~KCuXy`!w$e<)fXWe7}fW}!ah(4W=
zg4@po2BTd|Y>vESO0fr*$feE06b`zz!fd&?1F%^Y_=kI=nQf2|X-;#Z=UsjJm*Qnt
z*7_>9#?g`$q7Syi&}w0&bQ|hl=ZYt-3<~SSLCcTgTgIX8%aQ#178NNPnd()Zo>%ru
z7k-<Wu*E+*_AT|C(7;C>8o=E;jtD%_MQ-@-*1-J^`@XcB8KHay551HsjQvT6Pn<Qg
z$X&al(_F;8olFui_9|P%bs7xa86!gYx=F;(^)Jv;2xl>pc_7p@DlE0~LAPH4i4XU9
z4dQefBwCF1=_@t*&?Ih<<|BCXCo8OAQ<)bA{sDf`e@4q@1%I=knR8*pK-Yc+Mh!*C
zUi6!EGPyVf-8IuOOuyvUJ>t1)U}gV^qgWQ_Igfek+GL)zhHBkP!-;&)$w{4VN`7jE
z`YDm?QLCC<O1MqOx0`$=b4nQ#q{TO#D$l)eD1)H<77t<I7w@)hOVQZtO_u9igGp*0
zmrbH9NA)hgswd(&fB1yz&AC2K#JTFc%+k8LkkTsMh)hMBaBpNvF`F_3p`15t`01?{
z+e)ti5K-Fr!#n)LpR@NTc19GXd$Yc(@^or?b>6D!aUNr57}OLH>7H`9Cn#VXvKw;9
z_1vSqt!{W5mf$ASUY2QwmUWBO^`ZVLyJJV1^%genD8X_Z4lE~{g$=G%XLjyO$V#x~
z{Cu#ZX_o88PYDu53zN$<Ni#h|wkB7{`JqnvNS10npaomIqF_531(`+L6L0Qw+kjux
zOUZFp<<V$6S0SZBVVjKO(%nl`Xd*bP1b(q9l-t+4$(*XkN2hVB)M4vo?~y5!)BI__
zSMk*W?V6KRW_NZFhg%}xu*ck`^AvvHw9xN8Z|xq?Q1h9Aw<%P<E#7j_QNC4r)uQvQ
zv82II#Av#Wca-HB8XU>0Ua}3n3$%zD{&l`@gFymRu%Rs`G2wv|`01G!GDx<PP}<b3
zspWl6)sb|sQO30NdrSjL854rsoDs^e#*K=N&qV5YRYb+Ku=cmv36zlkC_a^G%u>Qv
zmISScHM&mf)>O5UiHFjdU1)I!DcJ2&_)^0puMRt&gC)|32)G)fBHSb&b-x;6`YrYP
zt$<Vcg(bGe6fz$s+rPnAhyu+%*HfCI`)J%t)&BB=q?SBOq(mfgJ>@gHwX>~K)!A5p
z<;=w}B>y-BDV=MH8i%)ZQw4J?fr+@4Qa@7-ogc>=fy3M@dUvIja$@T38PKLFtpN$C
zkAk0elw7_g?*B!8no2mpXw0TPJ#`@I&3x~M6O=GXXxn3@rqrzqQcUid`r0bk(v9oP
zu$cd>%Z;0RsehNfjweFWU=uOA^r_!{p_Nhf0}-V=q!y$M?u}6uF^i&Nd6FGWAR12}
zUPaHoi=Y@uk9d*#Yz)B&?<>}R1MRjM9B%8J8l=5V&HK4$p_a50FDaF`QtztPouUcv
zlfos&OF<rH_1o7RwXmD4-BFGVS#Y&5m=O3%{QeATpatib^G6ikZCO!62TpYqM(&rK
zm%NusAR4{fW?`Ah;yW3V$CX6lU_WjMixJFy(rRPC=`rT6ny-}ap(*UVHFS*Z<z0FT
zU|)pG?Xa<Ep7>r}9-N<lzWL8;yM4k7#8GJzjA?%&aLRE##Zl9Jtzp3$b=^KGmt=ki
zUgEu@S46)myhNzBUPXbk9ue1IU~U})ZQH`4@Aj`J3EMAQKkB3_K4N@ts#b4)QY9GG
z&dncb4i`9A?~RQTMA)7di13xmm;_?l1d*JN8{HNl9!C*IJYd$n`I{d1=j(j<i?l8&
z`L{riU*D~-4@>WnT9SJ*<U^BHTsYD(o07p@7=PAV^SRBiTXjwTnsk}gr@|_pzyh7A
z=xy_sW^_Y?S&-@uvL7$rfjh2Us6SR{r=lpU<7}2~DNmKmleruSE+ZNh4!Wlnw$$IX
zuK<7P-!`wuf3m)1i(K`8wB(u(cb{2(`*}IURMY0nyTBIqvD7<Z0l0$qssSx}`@cOl
zpD4S`5BU}$YhZ~OlzSXRPw=u2%ysMR9vfEE`%G}mjRaqFOc1Ef-y+G8fw~Hm2&GS1
z)0YHV9}F{wb?#@FeC$>`)GQU3<;qcvLv-Sud!OYr4U&p%<%czMt)iz-3e0WY5iwuT
z7ocQL`K@qzf!Fb=&KW+{GXP(p&;^v#noSt*hXgK0o_HohrS3?MtCcUV16!R^e8&YW
zfO7od-<9A0s1A5w<kMH<Hv8JN+FR3Qs!kyCy8K=BkTRnR7lhMTxu!Q^QlQ#<Ram`4
z5q=spK<><NK`t*pf$q9oEQGk$_JWd*V?~~$7mK}lP2456D_Oi_e;eP0-H1KEZewd}
zZEvqyRb6e3>qcNlM;(Shj+={p>=-Y6ylGv4(dgJ%CJNPp{;7PjYwBOS&PiYzx3^XQ
zPF`)wv}k|ZL^TR`ZQ8y^R~R1q@#76zjcmsJ43ri!-cHoG`08t6D$v<eC)>phbj;6N
zV}g$B;Ew#scb#MMO)8Qw*nq;u{?b#cem|yP8e=yy=QTP^cw$vS3K#71g4c60%pHtv
z(sMnhpyV<v%>$*U(uPV??EUy&o$U79$!_O|Iv%QbZT-GVEnDIw_rQzz5_drbl*TDg
z=zWtjFSRh+8}?s%I8GW}0rrm?`5%xZ+OO-6_B&*F^JARz!cO=Uw%dHd9vSLYRW<#e
zJIC+jc}&2gX9}o{KHFZg`Z5~$qe_-Mt$A&-manO)X#-zapTzm?aCbJ+eXccHA+#px
zG%&IbH7>P=d$pcA^;A4~k7lm@+sr9z-D@hy=7EI%+r#y4U9vYG&mUdgO9dXWK_3_M
z1>D5aN%6!N;MJO4c4&u!o9RL*(qe6qPy-4|%K5oA*hYs?ePZUG%VZ6YMZnKj;o;$}
zuW7DzV)t_bgKZJFQ;k+&a&Q<Qja%@H<@ea~8XnRP2j})1ctw6|+yk9C2k=Nu2?tM@
z3dHDx{cm>g530*iI4etUq{@)3K!3csr2bCW%TIMcmAky_^CRY9bMelUY6TTce9~9(
z_3PIwYy=!K=&rhmXeDVmuh7cVQ%_1t3OIVMe{jXdVTuacV*lCApFxsTrxgy%R7tb|
z8zf`B-pv57W{R@|Pou2w`aQ2dt$W6>kyeFd6;#zS^z@8F?W7-Yzj`CeG@6^g5^ajQ
zU`kJIt<JZWa&S&Qb5`eKU}~6pMw)jeRd<=nnW4sBb~zT-auI5YsR8>-sEvLtd3dIQ
zv)SXQ!ulg)x!vg(4WZKd^B^r{l?OYulU&Y)1lZ!9`p^@eH&9SJbM|W?8(Mj92U~wc
zvV{vqZpO$(6E+F+b``8@0ylY7^x=#tF=x!;NddI49o=WXobe;ARzSHYxNfmPNDr<g
z2nY4c>lm>4JdSAjl-kh4IEWv^8{9u0P)0d*B|4uAw}NjVc!nhlaRSv@PTh&_Nc%LA
zv8x(~<5<Cqc?0Gf>eK>{dpg4!luEh<2_x+8E)zw^K1hq)y4aE)(1oba75W8Bjh$|y
z9&(>r7RjPL_igUq46F3IEZET9niwM&*8Uw`wklqWwJ{)jV!+=@?f4vrt;*#|OnR4-
z?#(o=siD!Td>zUmRJ#>3!u#7G&AR8y2Rm)aNo&@q*7=l|%VCz0Wv^I$SI7rr%gPjA
zRFlDlJ8+zLSltX3Ro5-sB_G3IjD7#1U|{(eJ6M?#J=?u$+k$TJXpp3ux2)tkJUrY0
z?tBs^pbA_;rGX1v+RS(+7$ELU>F$kFlv*eKjx)j69YFvE6`>)SB7e0g6uv@xT2h|d
zU1J!Rad&iH8fb|da$XARF`ND#MKAqiQ7blQ6bwc*R=p-2OZ!KUGByKjNjy9OkMU8D
z@|aO8u#gm}uH3eUCijB~{KnJyiQMbl<NH7IUC-dvF{JaL#<NfpYb&!CI96ogAEixq
zuN`di*^pm2oIFX%CF<(Vba!UD=dVVB!C>xNi;w(fUR~`Roz@d;FxfRU<=DxRw0DAu
zmpoMK-2XY73j0C3G)Vsh|8lEyPY%x1cHX+2WwA_mVJkx>X`2~8?VYU^6UMi2y7v4~
z<IhUy7w00d4&4cPW^ga~?I%xPf6~sXji6$}QkA7w>(L8UILZ8Y2;jMDsOCIRchVfJ
zH1~U|edkFTnb(#gS@Tz<|CpXRHH;Q$eMz;3y;_|-EWHvhtLt5YeOSWeqMYUAt)g61
zsxJM#7<{Tb?7W?8p{><tJ6Vx^+PKA52?^^{div&2K1U=O8{3Ra-aC_DJj%pzB8@1O
zc&lUVbob!sD6fEkfQ=w??r+meRHZ8JGV$O$Z$EG=btCUAS@0E?-nukmK7Bhg#{+V6
zqXyn}Ya<1B^HOb6%v2YDXi4Cqf3@4dvDvHmGxK{YdNDkC8H-+yE^IiegVLYjRftPx
zIzD;`Sme-#EH#p;e&Ckz5iVK8x0TWdWBR8(y+`e?@FnhZ0YzyRtzW<7`z7WsR_o0?
z+q}%}E}71XcTkF8DQbv`zQ)*&N?`Jn3IPQVY(qhGX!W;mN_)VVxB5s%bNJw3vuD+_
zD@|XhLB#$vm3VD~hVIhE%Sih9Ph`nG9_J`tp1tovmn|napv!ccXxz(4T998`EWWmD
zR#aH8PN^uzLYa9gtIk9B5@Vz_iWZM&$fiHaX<)hyuVN>+rqJlN!?3jO55fm|{e+8>
zfK%E(=V78BJ0bXO{=U?ED<zw5aB>SMG*&HhuB1n<B<Lz(KEa~AUu=7UH>n_Jc=k+=
z16e9UZAmi3d+CGV_?95)=Pp&x2c9cd&2{B17<1PKkEfOHZor3I$CBM*@=LJo@oV65
zcr?9~``aq_!Y8-9@)alG#S9hgFU3_n3YwBjbZ_<hr1NXjZZq|UY)bl|`Bj46-{NlV
zABI(?tW!YifLGDxB-6_)R&hVW(8HcCm+3!9n6WD1jWF2swf0d|qdl^;TbRfQy3bbX
z9LI_0;v0&sGgR15azudNGH+B<6aw}Ct7|P}V&0@3=e;?Y)=I=Dvuba6=F=%tCD-Cl
z!?X4+KH9nT(<8&ZN~_hj3q`J;PyCUhh|W6uSCBNOs8}d=HN($72@bJ*&xwX9k@he>
zZZ5{rn1`)WMRLOllDAVYOUjtHsd7;^Ir!o8D^_?+Q!Wa$k&MV_>S842Bcm*6t0|PS
z7L;YjcHLY8Zzg3qC2&Gzxfj*zQ^gqSJLWbowdInNIA&^Dd&@E>{35p;7Y4#UZKE|P
ziD4;QGU9yOq7`+q7+~<cG~<{jY;<9g2RiOmh$%<uV#jheU8?6~h9Q0mV<EcT<>L~x
z*<k=W32T|%SgR(q^A*-Sjkj6UG>|*meYUqV<~sl8df;t!eBON6H<|8qX;eJ{G@vLs
z|3TQuWPkH)(ZCZpw+eZ1=m}=wL3R5D6}pri9c*gttvAulBYY;KYazs>%vbj3P;0QG
z@GlEp$z9mNyt%a${o41xgTZv$RKJIlLC1$Njfi&-ZhGh1h=o?GUHn~`VKfi;skE70
zN^|XQqVl#<FeO`8o%f3^4d8wJ8u)YqZ2ng4QD6YT6_{1l-)aFg5Hlo}@6q}T_hf%^
z9xHDHe(PioHpW(EdC@Y~k+I5ZXD7HrEN;O-!D+E$2CI{`CW01q8jv#si9>ht9gT5O
zGuNj3$Y1&MR1kjwFExzwV1Ze6Ms2Mb7%3+p?mEfQOP;HNj~x=oe`Y*f+8u|*VxO{#
zrK%BYf3=v$Y%`527fe`Glp{Ys--buq%viN7^kI5m3`6V*lDp689H%~pb{sBfTOF&I
z|2f-Y!xLPFjrLr1>Wi*+$IotT6pz;jO?8UJYbM`q8_GB7GPSQGOHD!`;xaQim)6$e
z5z;>HIv;ZTnsp$GUUp^>3x9wAPNtv}C|Qdx&p&lR5CFub(k5yz<vymT`!IDDSkzDQ
z^W<9vqZUK%3!t-z-;_=;Zj<pSFKFh|y-DDf%{9KD{7APY`gyF<E!}Cd2J>ke9LMnM
zo`AkYB2`Zs{$Jqz*A;PR&&zw#g3d~h^0EaOm<a8C^myj&Z4e(HpHW?H;=MM`bJ9#S
zpYKMp%Ep*fxU|i8BxC}u{g-R%H6WWQN%GHWM0l6Kl>OY18Inp-5_j4UXq6oqPM9hq
z6Vs1|mq~qU{`*_@VGq+eAx}<jFx$y?x~jFN=H~GvA|V;mTx{RZHB#l32j}Y|GRbK2
z^`>&ug0ndVER4HLYvS$$ZE`xK{M=cj+Hz)=_1#=G;)HlZ{}T;OK9GZE2Ryz)=ht)d
zYqu`7PNf4Hg}<*t9l8X)FKZ{shdbrj&H-Y(RjRMB8*3tj<T?P5Iq>hl*CYQ9t6T2^
zc)Bwk%R5q@^h>%t1t>qtRT+65(weQIMkZ#|!hK@=B0in`!SBXvA%?HtyqO=i2oh6&
zNBY@veZDoCJ><0CAoY5ImdbE6BmQ>WEFg9cuPB_^JzJ?EsIhSO`;eYpQ0~KPYl84f
z7n}FcK#;=X79u%e&(AhVN<x5~xjv-VZ)e2T`uTHhaH<SX{lUh2qa*^*oj1N+wP<Z^
zee3l7b0dHL^@r=hOz$GNu{7lqc7(U;=$Og=ccFc>jAfJ0O8WsBlu4&WzL~>cjI%!3
zFU{ys+D-MyZ!3|IG4`_UnrqDsMMXvLDB@<1d~zlu(>Qc{&`?-PikF3j#l{{A3<+KX
zcZ7w)+@g2uf9t0J#dfsyJ}<fVTFAe7N7N+!yHp$an7OXfDxQ31o%lU)Z|ulLBtdI<
z>F$%wQOCkI2%(l68MvQwu+^_+lcTSD^~xO3s_}GkyKJAQ!Gp35CK!no$qRnUT<-3@
z+_KyaT!T){88w-@y%(~nuL`z~xz?{r13NP$2#@US%Y~)Z>+M6gWc`1{#M(2qnytAw
zYQmex{SZ${F>%6b%XGo02eW1RLq!KxrdBl;DgBBxYZMQ#JSo82RzAA>w9zius=e#7
z<S=*JPwFga-`yKr9z_~lZ8Lh~4v&JL^IVyGC06ONv=^IY>A;&6F>3!@{LY;l*P&a{
zHCtG9n>@<_@rG&<cJ5~ORPtz&a)<0$PAexjHqwJ_2U8sg0v8>6h4yd3X&GDlT)cOf
zidy_i^9T+qrEDGOt?>zqTbX)mzx@90f*d;Sxuu)Nr3Jq*#Z{X#Akm74_IX*96W~hv
zn=K3T10i>9ziq1v*V=0A_pfTa*@}GM2_<;;dxeK5DfD77Qx11DNbb0Ioo1`BrZxOy
zsfStUZH3)A3cn|GYo=0asGLM82XRSB9_2{ZxU1&Ajc6J$h$m?+EI+fPN%Gb_%ga9r
zc}eFksmdGtf5nW=7cAlYIH>z&=T7yXragT&&~6PF9jGh+;wUeXi_e?sxJ@JeTe~Yy
zwc?!x8_UOl0L;@CEBR?`*r6IvA<XU>l)-`FzS)y(#I`cdR`@7X+R)K4ue7u@5%WA-
zD;URWS-#btGXfPJo@IWEO~2uP!M(qC+`d=pfq-Bp-Se}kZT#@qhx8)?Zz;cLC_l_6
z9v#JhbJYahlIMqf`T=vDg+_*Z0a~eaHyEYPUZ(F%8PSpWb^fJlz3Uk3MM(+kVi_5j
zjh7vy7Z%gBG@p903U_l)+@WafI$MqCXUB|b7dN*@bq5>jkjq;AV)Dla9@1tac0iXs
z$D$GoJ%#_sJ+Q#W@nYenF|wK)CKsPtw`3jrk!)@!czO1|Y^K*$tT1L>sHcn}t}fEz
znfW^kzkO!uG|pD?bx$g1lQ@*7f8+<F)t8uVu!vYU&h+LqcBfNX4YicA@X<rEp)}>^
zxTn$>61_v$kejK)v$s;xvoiG!vNxZw>Zw_ad6(t5yzP50*F3mlUUQ@Zpg?QHKlM_-
zphRU7q9l!K<z^%mWQC$-7e2}j_nW+Go;7dMUN(MHb<PYvfM2azah!>$=7Ik@wY6vS
zKOS(Um0W{@eD_}#=kr>r7cvj)b+Oj|G<*}@9ihq#{gBE{pI$P>x~h(H4dhM*%O5T=
z*WOU)Kde!QU?}LaUyoI|c5ovDp88x~9WCqNXCN)``okD%S+%4GUtl-BK4r!20mQ@V
zSWtWq=E;MDTzHus*l(ZW^3I}S7EvXLogaF!DAgC2k(`Ol^P!Qs7JZuCUo$^tV@SnX
zhhQxEe6sU5BLZS!Q!aiBZ}+adb#nxXvqWwov{bEj06M}=&T&~g1Uk@?v~PcTk`AQ6
zQ)ZtBLMusnb(1_O9E)md_*){cCp5jG>i`BAmw220sh0k}+T(+s<I*6Vk4(H6KlM0r
z8Ov=uQ8LgI<rAVt(yM@pY!VrC#B)7x_hZdww{)=&!MvpOw&u(L6pMWHy~eM^sLDU?
zv@hAX(k~wYQ-?^83_GFzIIwLRtaS6Dw0;Rwqgm!3#+LI!b-SPZ^hQspko5hV|4gU<
zH)8rXV*39IG0}8%vXn>-BN!Ri0M8Y~<{lS%mAha}1mv)?Hc>4sBf}36pLs?)<B{@5
zx0EB8sW@8mbb<{Rr{}<H_s(XERA1~Af<19QdzCByFd1D_{=KJTKU|KR!n$|(T3zK+
zd2_%xWu|O{W}*dUXV!Ua3d<9~s0^R?Ml*Se5A#=*rMu89>-qUKAnkFWYUX?K;)VOh
zoGLKXT6AIqfQlj(=)3nHK744^^qR)T{!ovn!4Wp;T0_Z&xFlSzO!qi_Xom8v8dAfr
zV}2zugTnBt%Aj$}+p-|`ygY%vpAYs$xSExI$PO+&w*TFvQs&@W=62~6sG)ytDolN&
zC%q*AAn!CLeP?L^s9gM_1{iim_`7<i*YXPMV)`EOQ7oV3I+ttoZlV1f{iUfp^Go`t
z?pvxCrX(R_>NahY?p6Zsm+$8sb&DUYp9X0*s5WWXehhHEGL~|lS6bv-w=rXsy{cMG
z%V_)xwP<jC%TCACj!*LM{8;j^IYe_3LXh19K-fGA87QotKU(#f%_8WqEMUEnGUSX;
z?p?A}uPDhotkF5+eQ)vfsiMM;?MzB{WcP<_?Y$(^FBtWpi1Kz<1x=$WrUJ)&u+Cpl
zfJ;lGeVk~}kFw^ixL68+bJ>cSt-A%1^MWXi>YNYlVAs-iU#?eJo}L|d<Z8dWjz;a6
z0T*eGjp$WFN}u``W8~7YAE?1nYbWR7Z*gcLFa2s@pH_m3Ok4Q_)<DzII}C#Elv<;G
zo6#>$e@XRge!4B03uV>=Yp0>na;}l93fm0S8()~lF{K3#=d!Y%E@vYseCX-vH~N&X
zx2X%&T9u!BNOMXCpRsFYdJ~fa_x~i3=uRuOz$R8M5#=Flhge52NUjx3i3pIdsb(Ao
zv}KGT-m4sNaKFB{Oduo}T0jRo=li{?G=G!59;PO|U9AETjnz`zhBEiYet8fGS_xB2
zjq1fyvDG|$x3}V}UlD4oi?w2Audc8Ot{w!Nj^gEpd3%N$r(ZG))zzxMNK2I*NhlD~
zE$%_{T0g;_OQmJKJM21_%B-Pkb?`t+WpG+B{yR4n1R=(vrg~6QQg9o;iQ17K8)cC=
zDlBZA2-bjmCCM?(aGX{!6H_yZ^P)+GnAQZUW)Z_xgQTwI{sJ7zT4|VnivI@5Wu(P)
zYbe>@cwhs@J^DU-MM+s9rnw4yLq+i~35k$m96I3}Cj`2tTH(24LWqGrjo9y>SpsV1
zWXyT9Ec_RMuh~v23$lKgE{KS1uNxM*@rEdcjR<;7gCC52{PClR{Ewy9Udub;VjGrR
znwV#W`l<N>wAXJJn%O~~%~-faqxZ2lYS%W;sYJA3W$V2amLgJd2xbZ7Fl%k8!w{em
z?9=+4LU%vnyC4=xUA(*~k41hz-p*&+?%b<GM<0}v*TM<ZpyiB5W4UotIya?9MOy6A
z!Z7#D(@*;p3=J9B+uPsqn9-g9^?<uBYeg*>M`tQUx9+4U4tPYPVe>yya1gDh)m2X~
z)hERcT(_Y={q%5u+j}<qxcZy`b@GWL>|tuf^@`d$txq^1Np^dt&l$?~?NM<LbL`*9
zmDUi#-fk8Iz8koDeJL58f`=_NYB-cY-JgpI7H!FSt2)Ung_|3T33-X}M&njA4Zjh$
zk5yEQ(LL0lvcYU;eSlu9N|)A*%wM?C>-3L-sQ&r&l!4BbN0f$u3*v(6VZ7H{_gJq}
zi!$=0D_^?5YMO>7jFIO?Qg6q;e$8m47MbDfr@ONXk5?Z?ME|I(wT`$mVjs&RnIagO
z<o%dNZaecb<g_4c)CtMV+?k=0#SPJ0^$S~RTjg*I?Qq|#3mjpQ0BJ*Lh7EW~5=;ry
zOGsi-cUkwoH|MErm>w@D61oFFto9YEKPW~N<cJ&g0U(uCNJXD|eSDyERteiGDl4#r
zxy#LRp?Q*@Z(9LLV1X-CRu12ets1)V++V;}YfbDESZaN1<cVZSBGTMcZ|!Vc#1Z_B
zW1NM>6|1byWVC1aqS<}Ql<Hi2rfiZ#B)tk4xoz6ve;E3;FsWsJ9Rj77KozE!0gC-c
zTJp0RiDS9wWb|Vg)O64>egZh%1mp$DIUkx-%u4XJ$7Et&|By|5^E;cE18=L*6R;J&
zXN1f4cy?KK@q5QJ;j8McJV^Yz;>SH&;i#2ly$p-w7lzq2+e0Qhmj$~&Xkx7woW9n5
zRGDlogqASmolh8<u`DSh-;UiQY@Ms-ZOaoPkKvWJE>V2As;5~yi`tgJ&ncif5enNC
z#4K-L`KF^w!_)H{5a=OP181YQCY9Ho9GnQd0O$u6CYdemDg0+$rLCtD+sy*i{H47n
zS2H|Q@y`7#Q$mBzm=FeS`i_o{OOY+}6FyUMhUR|XfVW68I^f`E%f@QOR6Cvgfo1%V
zVF&$tzZ7L3aL^Q4_8a$hlhyW&Nt%uD2R8Z5CF6Jk2&9Fu9ODJOiq*x{)Eib92OaI9
z0(NKKY;;Q#S^+Yu3;RX%l`c^==;4#ig)W<=Wqo&_?%XLQdb<ZB@&YG(iWOu5Zaa5K
zoDyOj&r#ucigGYuugtql#+vG~@TQ&eN(;vf1|biu7=;Je3eiZlvCmIl_~}`k_Vuk=
zDswT-1Ah7kY}UWg@xRgW|5xbvf6gcBp99E=l<^z`N}dKf>r0?siT&=bj)NKzO_r4S
z5Oxs*bqY3(ROpToBQtX>j9aT67_OhjFI4+&W(EBGc2!td_~x~{PJp(6QX?}@-U@_C
z-j>w8-@LO(=BOvtX`pbZ%|!<KkTZMz+3%v8OfUKfQOR*E<KKA#`sO}}PeuW@3+YzU
z9uC=sJx{Y%x4+EC$WqoVE*&a4i~bJ)%bAX_A-ixJpkmYR*gIHr(Od6+vUMWtzvNcr
zv^4|Y?O6ZDS;Bnw&3_M7lm0KLI*DNX1y!R{=;A#tEGKPowZm)H@gl-0lU&?!g803;
zD9Y6@uc$WwDTM^C(!2#+)O5~(wsTz9xpr`~QZq@jJgi)a{3Z|u;Ry>zs#J(mPlah<
z;Jmnf4#~jAQeCF;Z&rfww|kNknsO>N#_+-GxBj38G01;N4YD<O&}u}Fi%Q5|WYuW<
zj)nxQwE`M8SW8#uhpkdXHJ+%^5e)g_EI$RgaDp@Umi`WBt^?fmdZ|Nfxr2Z2D!<GP
zcPDc&i=BsoX+1|jq&Y(#0ma@poW1EWC7rL?@)qTc9~Xkg#BkCat(it+@}TbDp)Bex
zt+8dSXOZJ<LMx33b>$^d23_S<E^hAm#lG~7FVsSbWsN!h!M3QzFrvcT<6RfyPqQtV
zK%JB}tirMkv-<H4_fmrQS&M(ZSi6zXd-WZE+@6bTd}hg%e}W|D%Ujj7zY>JE(=<*s
z^#4HzQt|n2dS59xh`)qkN_Z?~lA-=|R#i2tlfmDo#)yj?uq?{!#EjEN<GT1Sc)LUm
z-)cnUm6hom8yk0;O6Z9<l=M%3^|-(C2UJ_h+%V1PeE$}K<8FDj^uol@P~(RoEM~vS
zDO3RsXelnt+d+mOtwTNnXP_&z<s7Fx7BVZ$<tF*0Saq~q8L(5rHRyXX5}56t5C6&j
z-CrF+a29=0Vk`ZppldwEjqvtup5~~}+l;`D@b?*UgMfNB1)+Z8^W!yRW5+7lV9P6i
zHGCwXB|U#xk>5VZRSTHR$~#PLQT7QqN~<4LC3n@=ZXvQflHL?&n%x{4XY8@2q&|M9
zj+LSKd^bl=O^&o8Lh|`(9=K;MZKms5@M$T@U)DS-_sTTJ{&|ZmX40Gmvi)VMQ>k$Y
zM);mQ^bsuzJ=$Wcx42@kCU!ovz$=>@=vfVX;m-Q^fb>gcmcx$Swf-CFCC_5iEYeXh
zOilvSKA0Q2DgD#*nXPP3-3@iF{yD69K_hwY%+BiAMjJQsJB!jUAJ?}!%)3b|rNWke
z@NrtHOi^Ns--!-M+Cg%T@SOVQ|7zdLVbT=jG!=W(<2Y;4_om0iB4|Rk$R)UJ9HVpJ
zYR^NCpC4f674B}|yQQ_pMB>fgG#i5b(oYOgdV}TX6!cF(hP>_PD*$kDKiGAX4A}i#
zbF`1QvA=r=m0_76^&B5)k+>OhKgJ|i=y5lY=LSEd2VL;~rQqn|axYFF0)x%Q%$w`&
z(u5jzz-1<;PThYQJi&d)_zEzXC1>Utss<ar_(LIE*yt4LX(bWrErcs|qgB3w2hk6o
z8}j^~M!VJYUZ~EFHLm<g6UAnB-QP#j{zd}QR>BYE!vNwOE(t2j@Y2LH3;$X_*KVxb
z*&RP5AVQfIUs_;~P<-tgtW0-#IdgpS>M!kSzFfcBhY;V9Ak=S8CYI%;flnHev;ust
zTM8e|+gG8$LkkMkaWN@#92T^9bxr6;X>|Y>LbVml+b@;rrH)TL5m7Twm~!P0C@j?V
zBnY%QUg@S7)0T0bhDH^j(T&dOB^c=Br}f#DTAj%}*`c<o$vpNhezeTd9RR+52fIZ^
z=PdI*In1O@Jm(6=_bUO8lt`Eo_xNDlpQTysg*Ol}OmYoI{jDu8MK9f<v}j;bo5gr|
zG9fjUwWRqv@S@Qc%5%;Gz3c!8*46I#OCPls7Z(u}CHUb&adkC5#%Uh^G;Qj<C8*mY
z;03b%IUcz0m3C1+gh^Sy_33+y<gzp?cU{JBC5yWj+^W>IKJ$B;X?@oA(g~RS&rsms
z+=0Irn*XZe9rQ|`YNA7sgT6$Z=!Jtr>Vb>niGQQes+}|wIl3!dIdTpVaozVetWR3|
zFV}SPh@rF09iF2Q0#E2x-0jm)jZU2RQh`>H)oQcS0o-O1w?EpH#-z$YjX(9-wVD5R
za)ZyFY^SFql#q}xe{@K)DJXIpEmbXdnQ&N8+pML~>OWVC3wuHDpxTiTFCyTYdGb=d
zmzIC(3o6Dx#~%J67Yii<mZ;x!`_Ba%_q%7!=U@Ky-29<gUK0@O&-=B?R;Z;vQk%}W
zyBz~U{MCerqLPQ5G~C}Q@qcZge-OK51bUtjpzf=c=X0I(iQopnHytgww7das68308
zcYE1Bd|l0D)tG7&Mde5e!|$9AW~zn|3(nKgbpYNrhxp6H*+}{JXm;gOR2#XMrx~Oq
zFfho4Q_HO`pv`NoaqpXe7-utYk@={?zGzlmO0fl@+3SgLMQXnHF+jcd{=Zrbb%KYv
zYNveZG^7CSEt2)~!~7;XZCjJcSSTb0ct3QG8O*8O<Z<@`7x-SQmsXF7d0Uz=nD|=R
zQzp8=70@w#wYH^nR}_3>3V_h4w)8RBG$x2ucHu;2+-Sb$+S=P2#WHsYxO{BvUsL#4
zK)2(<BaH88E8l*k-K8UHD3}_x8^NPhcu8B!8C$1lwJ)s|^-F;JpeD+_Zn75$j-e!q
zdn!K|3u(gIzRFSG8a<@|bHm=A2>%d9=z5yW{r+pW>7R7nT_KY*XOaIs2>Qo-9RPy7
zp<iG+HkwB4r@8W{t60;<o!uXD6sKyPyWcBlTFK^Ge^?HPy{9vQcuVUKovaWNyY(6O
zH}k&y%Txy`k80~`U5vUk#k&P<yIY6CN3s+cORs$wWUO1Pa|FUd9X0W`d1OGmF&<7K
zRdTqjD}N~eCd=1m=aDtm-_s0`{M-ZCY_At<2^XhYlpRt8FQ0>$%qOvSGAoKS!dZPN
zA7Gb~slqsZ7@Re10KA=I@|@61aYaUsW3K+0UFcI^(2t|84gtP6FMZwHVkc-tv@$s{
zF)C7SU&Y*iiL*riw!?*KBkp+a*-LGjT?4R@##oPDH(iOVl<r_**d=*BcNxSFNr1zn
zDmn~^=7GiB4FV!5ur2VJocekTbLh7I?}Bv55&)M{Jv(0!vQ`xeR=1&-G${k?)t4Rg
zZuTraqj~pqr?n(`-!7qKe4u61<7SH|v|H>F)7+Nb2r@yJved}S+*NQPOGnCDj&B!0
zI0NRm+K18;RnI2J9I`uP(E>mUw3MMniln=MyY=bW16{fFo0JHgbox4moAE?`eiGU|
zNDv1N7%z_Tvg4U##3ic#j=8(R+-vIoqUJNDk048Czn%t5S#nBBEHHYtQw!Bt4pE?%
z0cTed&*Y0}MXiGL*%n#uuS55iwUHe3hMi&M@7llLsc304B1AMu^bmSZe?S}#RnM8K
zzpDBxcNaQ%gG9$=y#}d1-Ilq@6*UGJLdDlhuJu4Svf|aHUzG?!=8QT<fNazpO*=Lu
zHh}>IpB6;KJDC$cv#ju-G;A|J*ocis47j>{Sd5BD@iK4w`M9cr7()@Z7MMVi<c;=;
z=>t&e(>fDn42cG`ePyjYxAJ$AuFLOY@A&^E1iJue)aD(xibsAc_LGVgr2ED)=Iw*R
ztT`VMla$Q>0+sVG?C0V7Da7BTKCpH|V)?k>en;p=00(bdtp1m+hrE9}0GlU0+w-!X
zuZ6X4?n`uG;)UpIF5mqld?SY1_ZJo*UlMlIe9=E*pKi2eqeL~5aC^Syt0ovLZX{`Y
z=EIBBK8#pE#M2d6c%ECBpWOQ_x6vu*SHCV}r#v^Yd^P&uZj*~i@Ipq28T%QZ_wV0t
z020Dzx^Gg!9)MBCmXhw}Jq^ZX*sBiRLUiEfgb5EyFW~k@DlT|)x%{|PGtR0FHO)qe
zp7oYm*i#n<!eDQ&wHl=~5Z*x#&8lV_QB5}rJ#H#bNopE}Tceoq_*F*O12BBMUhw`4
zPTOi8##=&<mzm>oUZi?1{C=Y6Va0H<Ol2y=qA8HJ@)N*ySsaOT!$fu0eFn(8|AAF7
zImu535fQKH>Km<LQIf8quqe5-lit(Al&O&YJ9+nUZ3U^G7{6P|9aSPRJkvFj6Hb}{
zpDJ;d($*Q~wwkW7P5!i1@zy<51}d9pkkVS!J<t=X;X7&aqSxIkTtjur&jV_~h-{*L
zF1ysXBNnjWcF$inowV;~P!F85)<@?&ej{<CA}*ZoBp=GAg(J?~=l)#Ol$bAgU&g2J
zv;+Ph16D#BfEP=2MYf6Gighbf+D=;|(ia}mt-0eC=)1dawOh){-$`u;`^-)=@VeG+
z$IHHYFS5@UL!U9yXef-sT};tati7mK6+R-q!$YiK&S&d!c&nrvwpyH1h&v5k8ZOED
z;gc9(elwLA!MUS)lL#(VG9oym9F`Hc)q^6+$y=;D&&f^f``Z^z`Ux~0jl4ov+esk>
zJYqh=Ahz9QD?oQQ+#Su;pm^z{W_xSIr^Pb?88Zn+_(bBmJ!(fZoGHPQWA0Zq)41Xj
z5;$2SJE{qFfE#e*ol(+9aibGKeI9VY!~yy=;PWYr=f1Kj5xJIfR7b8&Hy<m0f*Dl)
zK*|3*7ViW(Bz65;%>K9i@89;nKc^%4yUOFA*#G|D#O$*T+hHpk5=#OfF!MwGX*ObM
zUU~~8K@ET6SW>av@F?1pIlh2hWT*lb9Vm~7uC(X}$b*7arZ9eRqz~XGuKtEzAH0!1
zv;#0~L$tdAp^6~K4Zu6pK0Te5BIBnMxHo^bM05(MC+C4$H!3>%;t0UJ8yU+3+#z80
zx<&|5MZFAP?IRz`_Sz*|?xEG|e#kMylb{>TNndHl{u^xIh87$#!M*XOR`_em<R}@u
zeWfB$5L3ErsYhNu^B(@ZV6}k<ew;O&JNTM`gN{E!a%xuPjc2&TaiOX<nJ5T!_CpZ2
zV4Hj->n6f8`L^He2XQMqyH?tbz@t6e5>X)SQCPRH_E0(hw`}&rTiG@|NqkqeR03LJ
zQHE66g?~)PaGEzhf}HC)2FM95!44-kFqww_ie~0sU)>aRX2WVgdCxMuS$O#BGaq=D
z+Cn2i!TxSiJL7*qY*^S+l-($cExE9OY8dhH*n-tl(37qI-kxakclJcCh7wv~!0aa+
zH`YN&7PQ5lE5MVrPjI2$$m91i*iQeIWYqqBnh2fBkP}Fi$5^BH3V&rK`im!K%ba@V
zZp~z~WX1Tt*tp~$WZkYpn0B6>>>ZLv-#`)jap8gd&_RP=^qen$Nxs}v%5RH{KvELG
z)(s=__>vLiu+X3wR44jy1lzH_4f!#|(^`6dabwGIz9xbwyF#DPDODg&rd{wWxO1=P
zrx0F3iY*2_rJ=&{v8CtKiO+5iXvpmFF5@wOkvqW`_<rXz?ac-+YiNEOcqC1;#>K@o
zmmVn>lVI-O=EM-rblP`Fb+oPWfjjVi&2YIr&+OTG&jD~d@`-gyb;a%)MbED7%MMYc
zL1Jv>Ev(wjZ8d?YhP*04FKVAenjbW@5cAmcM7Ypj))Y$_y_k@wPgc?aUykY<xuZHl
zvuvz$#&Ax}!9t2g^bTv>Qpw1?yZ?I3iZ~ucYiuoJ=E7%JIe48%^#se=l&1+Vw|RaU
zC~}>QJ|<n8;Ev9YICrITL9zeNwn*DOZcfpl2j(w|fq7N7_PQb9Z=JdL1Q}$P)KVp&
zV=^UrMYPv!Pbla2Ux3K3Mx>1oyG77}*>J47!i5ZzO|rqCsep>5y^5lTrW-xGcrulX
z)^*5O1~HLUK4c;0+T1Hyz!M74d4R)UVs0*jS=L|A+;`?o$z2J3y7iR-ji0RH%+ynw
zCfv~gB#%0Q<QCm$)%BVqFtXroe<RNVxO?gpl8Q;1l<xz?;=+HNQG0``aGi2l5cY%@
zP$xla6B+nd)O{ajn|iyV%8pXz!a4N6@S@n^=GgLKqUx4|TA=u5JA}odMIQZn#LVKw
z>*^GLtWWm4+Nxop@7sr!wt9CE6pm-y;lZC3cT7U8mc?DOm!id`mIjWO2*N?IP7mn}
zcA?(W!9TuC8ZaonlS$?JuNYWek#F=Fm_MWW7q(3~2v(K1aeH7Uc=DGEu-(CojQc^l
z;S1$|3F35|yRyZlAeA(zYgr0bjy)G~D?wGcYuw!)#Tt+L@w(ayniC}Z^Z5J-PeRf;
z<Jbsr6;JY-sD!hW?-l_^u{5-yf93}$)#gK=!Mx)btE!JDYNSOyP14?SSfz2|$B$0|
zfJtZPR%(_bFnZv;t899K<dCGjUW}L;&H=W=qU29d&rBIf!P!pT{|>JVQ(t$7C~UiZ
zOvN^MttH5*w&^rJn!4*JawX0x*V9Mw3e8%L&vL0QU5Bn)Q|*bbvV~C9xIYXFMK&&E
znEDfRa&yv@?ANPW#&i0mGYfCrxmQ&easI*_S@z?mQhjspmQ+>O3Zs^xlKzD|!EFD;
zwrL!U%d+v;Evu2**->>rc(6lrU6id8)A8ia{=w2cmps-#nOxMXw(;aG(-`|Om1=JV
zAczx&?yF+J#Hgr=>Qq%X^7)*0oF`#6AO?Icm71eJERV!qt=Z;7Wc$)a_Rn+6kV>9E
zD%|@c@z!l*BM_$^$nMKjW2}6EfVbjreaW5HpNs=FIJ_*%cekFf`j)if7`3evy0!g7
z3IWLF!_nV?a_x(mXb4j^lvEx7P{ZEJeL&u#Q>O?Zrp1l=@IOm+rEU#UojmIJ(jlq7
z{%gj*blOYT9@{acAa3FWeO$7i=MJ!tnGJ2y&*rRL7Nj-*xG`knI->hn=6V~C&`y_f
z=k{}xQ6+aB#?6jr;C9Q9<f77(sX7*DVNwVcqkG9lhC1J9D!zfa5iu%5bv|wIx0p2-
zhV2K1)Sh+k$E5?}6@#qAAwd*6OzZw&;g$J>2Q}=zL$>k(y^yP#EFU|LO}jM>QWILA
zE=Zps^{4suO_b9)4CUqR$seZ?Soqbo?H@ayzx4Fl@-e>xarLGn0o{rCYP(ZnC*IMY
zzNV8<qM6@(oM9*Sd~I8M%k?1ssX$Wx0g$NyeDGzzcyUkM7Lg^`{}!s|gyp>V>4ecs
zk-{C;Rt@e0{`vVPI{8?iNk8SCwF$@gD_J}#Ra*NZ=K#+0uDW4iOtpu>p<vPp^zL;^
z^;=-{J3b_;Q~2;+3j3auG<bH6_m6OmwJ)I5b){qPI(@ff9lZKar&G(do2c^I03y`?
z!9`P?tgpZTByTibCaSFeBayRCvkoLrYGcPpzd{z7<K+&-wTTl>bd)cxxirGwtY7NQ
z`6*B&>#YHGOs&vKltsJUInR4_lyh};)g8!nVEi_@LRht}jZvj8_ALECpr;@<KK{yP
z_D{Vk!mp{>Qi063%J0c+duL}c^^j$(S}ubq(}#F;+OL>3uYI2Bs11<q`p;-N89FW^
z!_oGA#CV*^_5YGlrCA?XSwZs)2&nq_RIH3+U@!;04|n57ujMM@M@iWJ{%1qGCvwBG
zb(u3m@N>W2^^X%HIybkdSXgTNExiG2kBzE5C%KFg-DQU-VzokoK;e|eI)pVKJA0L8
z1MnYm)3M5&g{GlGCYnE7vjz+g41gsL{rh}&7Xts)0EuSkbtz@b-H#q1h3|bQ`I%Aw
zHaf($l9H0*(o&9ziHTwl9QdS}9D~dJwictutGv{KBosf;+JCvGSHIZp0d<<S(h|;<
z5HmrVEz!h$j#gk|s!|*eT%*0W_W~u?K)3-GP!ZHcnFL0tPlEY>rfBB>%PiCIw7qf2
zj*Q#$`vUfR*#97)|KzpB1WF$1R}p}45A8DtV=`^W{|x8+Ivsbsb$X_a|L?1qU(g`X
zFW>7hlDwLxd(tgFo^*?G|2@%}f05k3)dW}*ty$v?+R6tXoCMA;B>tK$%*<@k{;|zk
z;vi<Nv-SD#OaAX7)WT1k<=rMy$+VvVT0`8-%#*$CVT-PqAAtuyl_lNhRM_sB$DOLV
zPs#1$PIq4cG4jFE+YiXAJT(}46mqzjgw8OqBVX(PP7Y!+|1S}C{LZQDoc~eu{lDU+
zFT~2h)e_nOk+~(5YQudeop7L_Kmw+8yFmLd^UfDaX&GgK0LuWuM(!31R-TonF%Sg$
z(xcksDWbqtC;r|UOc96pWN-Wa&+t0Ls@a(O<=Fo|zMc%~k!nr(EwXh$rJJ%^ZU&ZR
z13+L%|A;$Qy5#Tq<(F+h5@b_F`o?S7c^)Fu>y^^kF#Mjq&`6JkBCq?<_GMa989=Bl
zWIVtPrgus`q#~19Wy;J?V%=gM?gyCS{=a96GZ}CGD?~B!52AS5=}*XdM_f~Y=V!^y
zmWgdhmUV-yUl~#eE?VIM%o3B~!>jVQft|=RnA@qbb+yLAC-4->q2Z?%u57)JHc1r?
ze%EHo|D=7nX5|<RQ4$daz2~gy(XwuL;PIw>+xlJJpuYrG?FyE4f6@P{4agtc4zWzG
z@lyt)^wUfAjfST&jU#_Xc}BFIu@I-ub2GvJ3xKKac~FV_^aRi5^(*$B$|e9P_2aDE
zwzd3%BX|UkXdBwx9f&tum^+v58-hJ?Y;LBX1q_>^;sWF@k=aXUys)qHH^gF=CY&Hp
z<o{{!{QsHW7dSq&bIOTCj*}3FnRzHVTCz!qlrvKnw=t_QU)xrk*vXej-CMpE&h=%O
z!_eaBp2EzRCATleoC#TE#_?sTAq<I}^QJnd$9bIlxE}Y*Z~lVqxA*J)d_P~W4`8hK
zvDtN@4kP8Wya9zQt{{2ynEE;Vy;F^fTQ+^0ccK3uvfR5v=JAs5l(e3!N5`Qu%c<E`
z7Q91D>a$FH(`~4on<W4$S?Mdb+vRRN9Np7FR%+w_3E`C_W0-Nfh4Cgk;_a&>S_OFt
zzSx^lmI9aLNBpZbShK4qoI!c(&Ib7(KT4L5B0|+Bavz%XrHgf3np-|x2KI<2Qfso)
zus$c|uB8?gXe*CL8~9>=4)LyJrPWaJwxviVYzf*9b#R2_^hwSz;es5bYWWXVl2e!|
z6M<o9$ZoijR1;C{Ng$*HJ*HjfLB}_(g8jerVuc$$)D^7YNZjp%qlD$x9fKLq*bZm0
zT42WXqSSM}#@<tox*zi8k;nbxrwwwwE%(#Yrc$3xp7G}?iV1?ReN#9O@8Ldgsr{ic
zji^5ecMn%$g~dy^wn*9NZ_6v&bX_uF-l3}cO$rdt166Kejx@qf=B>?afNRg2egRQQ
z|F^DXUd5hU$@NjGd=v{QcS_ot^O)Nxo9~EQEG8c3yz?zhLOO`<Tt<uRO4ztYX$5bq
z!01`y-8zj*Hji$Ge~Ziq*1+p($-HL|%)4F;W6QA}8xv##3NT33wdE>abo%-+q<JSG
zHXcB-l$NQ44w}}VZ3gOl`^$HgZI_Am)0L*67juL4ubV;7;#_kff_-}Rni-jr{vnK^
z(Mzp!l*EEhwIev8g;#J6@{Lwq(_`E4wBH@e&h<ILBN*dCWbPpcD<!|bC3+~`q`6)+
z9h)J>l?e93aOjZc2oB)IAV5+|f*wjGd-sd4QF>kCwRB9oBH4#0EPk4pFA@v0bLeFi
zhikdTwFIiueXmZ4?$@t-jQ5pGd`ZV~r~^DMy0~^RT^9DDE<ztI;q;w0Br~LB%O!>X
zC=f#34QEO=o_7t|E4m>M$vgNxr8K7G*m655;#}zr*ehuUoo=Ivy6I%8s8(pQ1B2Up
zjv@2kvWMDt`tRjLSh%F@4andlgG@E}rg3;R82O|*?VIMCPc1D>WNaKiW}x~b4q3Xn
z*DW5hsmTZWP2YA^A-ZZjGj+aq`#3lw8*sya@GNce<b?-RdckRvFZZXAYfW%i6CBnA
zht&%Xe9F4%7GL54T2v#^I`ZrTlcwXDe6R7{#aY6_NCik&`9yCWUr^hD7!`TDzkYG;
zXz&79nhj<jwZ5kpgIrCOn_&#4k=qxN<{Fsqt;|l;BE)ty4MFAPXs31Nt7kfoTp~pj
zd^xDG7>7ikv;y1Ff|t1oO{z)=aP51rI$6^@Klx-qes)nnIl)SAQX7{?gz2t(&j`^M
z0NxB`NYS8y&WU9Rmyg|UIQ4vl8#<yzN`gX8B5#{J{+2Vdyu<Cl!}rQa(*GuBnzPP~
zB3}CTFx3fj#ZQKrcS-vgTQ22$RiCl#i(VivFF`SsyD#iQgo^zwqNvFM{T4?SJ^s2p
z69c+AM&XdQUCXhuOR74j1=r3Q<vfl#go-lPyKdjBIG}h2y$fdSlN~tae5)eM%_eg-
z6{0$D``DUsh!Rx%iGLhIlJBGJ>XV>gDYSsWqTPq8Yok;A?H@#QecQ)=axjQa?PKZA
z%+0lcVpq_})F?`1n7D$5--!4el&_4yc+&JaryRS@Wk<LyQQqdC0qIr7|D_J#Gf*3N
zHF^6S^A7$~7TDCr5GHes97)p5XM;m4Ri66k#U)JJ({5`0XN3sck9`15tmFm;xWnd9
zO11Z$uHZrXmDa;$rLU6k5XeCL4e}EZ>aS~$jnu6VpsWHJl1l1|48pZwjOj%{veUS2
zV8R?w!=+txT@~Ppv9~$C6}tuCpDyM(Iqe1mKP_F8DQ4Fv)wqZT@D_@X?Mt^W`-(Tl
zlGE+gto$M99S|Iy>0d=t2E)@V3SF7|>ZC#sqG#=yuL7&y<u<gM#n}zS534+y;eJD4
zPRTMd{}AIjFjA~{hAF;E#UINgw)}-jP=MGK4fGh3!Y@4<wyV*9j1r>IWF3X|uEyV`
z3al6SOI~0}H@X`u?4*|l)D#m_G?+J`G)mCO<d^VPFwSL=g*5h-Z+uE873n;mP9Sc(
z-0(h=t#n{wgY83?lgoD_)%OK-X!Ci>Y=Gz@;dYlK2?Kr_!6&<QIlGtfC{$Swbxsl`
z9fsR0&wIrQ_1^Z_@+yC}aTal-Jgw)4)M^U@gymj-tf!!gLoa(iLqn;kr@vT73k&iC
z6KlQPojf2Qi#OnId4*7qoH9)TcNe{q_@siN+j)#HTzD~am6o*2&7RbHlFPtXxn6$Y
z73gSJ6E*g;Zbkx46Q7%drkllYge2)llHI-+tIk&Jm=&3chD(@ioJ53m0*NWCiF2u;
pXN{q)F|_|9L;J&5C7{=T*?vOVBeAKmF=iR19(KUmm)o7Z_$zrC!!Q5<

literal 47813
zcmdqIWk6iZvIdF;2pZho-CY9&w?Gmcf(;PdAy{yNTX1)ROK=M=gA<&=-QD3W_CEKX
zd+$E)=lk<ul37eouU=hUUG-Jf*WXo@Wl)g_k)WWUP~~K$)S#eXkD#ESBM{+%PojvJ
zjG>^AW-KHnRplfl$yFU}K^9h~P*Aepe<UJ&P@lsM8g1Q;zzuPdIF_aR7C#0{FN^U0
zwH$eNcl4VNQtwPve`CCpf*T4!3#I25#3uOA?T6D7<Rva8?v93QRn$V{7Le?|-&zmR
z-{0`GTz0&g^QiDRx`TzH31PuB?U08uL8|G&@D;sixPcS2fqDatOAjOYxob;S3Vd>+
z`fc{&LF3*IUA+3X?icfPyV!F@LFc9%Ka}`)L^?;BG{u00nA2D)Of%STf_^usiJ&kO
zPb|Za9I@n`qo!$sJ((tH!UN`K8!1JI1_8TJD+5+_{5Vk6IBSL5c4{&FCR(U<66N9{
zcBGvd#G<KTc0`?@l9LrogaaxGs`cTZUhSfNrhaAs?HR1m4XxMA6+2}7w46BchWSqK
z-}>-uHT+x$M%ld}pzS9=?|F++ok987oY_V#HPX4^ZaB%jqI{{>>uI5S!R<)h_IeU*
zdLP(-4FV&lZ(+ZMQXr*E#o-wi{_eBE9hNB7KPr!L&smtvk|CgxLdtS|?#}G~pzHnN
zfO{L!XiKSvT7=UC6j8CrmLT1KzWo~33p9cnJ(Iz3tKJHe;AzV%#we>V<U#9`5iNkF
zj!8EfF?4>OsfER2z&3allSwm(m{_rG3OD!|n<je;vD(;7n<HX9HY60{_e}8>v4e&o
zha>Jla9Tl#rkiUqovW7cObkf~dsX~kC5Y8%Ei9<eUsaW}urR*>P2SwBUeVQjALojh
zvuft~Q5p(vgK}h>OEggpDsmC(+b6MgE(wqW7gX6t;$nWY!Qh0)&(Rfrl&Y@?#qn-A
zlb|iBRm@h<T71P2;SI@=y8Yk937ElfXd<0;5UL`E{>H5&`QX?3S&Sbp(r-PBpw_o$
zg|Y$3#;<t=W9Jp@3J(4&vJQT@xBMY6?<r7a(K&;dDLg`;-6ft>>9L`EB;`~YsRQy<
zNo&y<gXFX2&B;C>Kf<I3j7TJA+w4G3A)rdyX0x#)(RTf;M6-e!4I*I2Li5dC3AAHO
zd$ry9>IBpPQyvu6p>(2k!{~{36ln0<nEo4OwmH35JWr_a*}K4OOjQPYjxRVr5kE%$
zl>U>e{XV^Dp-6uUagU2ItRQFC+_F|k5RoKeE30O#WGr>;$ByI<?S=b=wG-J_>_-yG
z-{!{595(p4v}kdmTA>Wx@y1`+Ba)Dlnv<Zx2+X(&T`5L-m2YR=tO#9RxnQ~Q)j=;r
z9`;@t_u28M!H-~W`yzK$+0QjdEGjQzED|iTEJ7V&WdzK0Ev&<yymq7TW@#h#!S^Bb
zK^6-kqoc<Ne{B=M4wG1!rYgZNZcejEj`F7W`=FG14gyDLlC-X5Dfu)O+Z!^h<rrCN
z*jOeDQ91EJx{uM3F|09nvY7*nCdk!n0x`@qwzOo_^>Jj;%kSy2u|oN1d}Ed76pQoI
za)t9f)v_38=_|1tkV<fVVy9r+FtmK4rYB_L#KB|OVoYGlP;JTP&yiB)e1G=Qh^b8N
zr<!2#R4#Xc;>S95H1&}WkUUS#+v>AuB;_8d9)rLVwXAA`%`|y2oOe8VcWMGt&Qq{c
z$WzcCOMezKD)1=%(!4DClDJot5}J~$9X`+bi}9EGmsW1<;eg&8(=mDTK8tH}1JEwm
zXk=}8p1;I<x=f4g&#$T0Kkj?)_E7g+|FoNr@jUQM@YH?bwiF(hveY&onbG~(D0A+&
z6_W5Xp&3`EM0USnTGCo`K|)BvBk;=m&~n~buu0HYkTN}8aN9}R$)X9;WYJ{WROlRh
zS@bpID@-eAE7w=H-7ikGBL4bs#Z<`t%uJ(CB<>wg9#4?*vGauRYFdtcKIx7&?`K!!
zVCFhtC+3;pO0kSL`(So4mh>6SzD0D*e#HG`ZuAAyvKo>%XVU*+Dc&^2QrqlqHr!~-
zG{N+fwM!qd<p{e9-?Fv$But%M^@`31t;Na!mUNa^3C%3cW$d5IKS`8)DIvA2=9v`i
zYZ_@94FX|(shKXA+q$&MoqJtVKXR1zxHLV$+jaHrkV*)r`E&CxmogXILzV-9tB+T%
z#Pn#;XeA`t#1MXM!877(eu!(1;IOmy@zm<Y@LZ49f$p*Jfzd|nM)gpBaP}agnU#^Q
zLr=q9L%EB!<Kw~BLBgTS;vu@L<+amw*O8>7;`YfFanj_m;mYr;+3oRtxogF<hk=?I
zh2^lrkB67wg|XCqy>*d(ZnFZ8D0YMU*}D)gLNC#~rrYuh>ubr|S9dtK&bK8uGWQyH
zVyNthvZzJK_^3`ux)`&h0k4r>&l65{O&Hp1{wf{+oVfDi_qJp|MGVCcictv`iJt5-
z$JNH)j`hP{!lP~(cKVL^h{l1|$R3zBgc&$b3!VoLC$}HZ4Wwq@ZM<`mR-?j`A&q=^
zvx)T)^OAm^S(|VPBNsmoU!CZjW16jwyN=JsWpS{f<TT~f?<N6GS3*%jsdE<Q`PBj*
z3bh~&E-ggIyvc5^b0~}(&y-p4m!>_3$LV)!MK!C5)x3%Wb{8HG=HwqOOz!dPLvz2~
zdoH&U?1SA&Tht(*LuKSG233E`?A1*fw&As>iBX>5d_aQay~;mSx=$ia@Mia-q~gt`
zz{*UHcULQ-RK&|L$Z0m2i?xZ#FH)UK-Awo;V)=oXvOGpSHZV59>Z263UR;WtPxRHM
z+t!CoPi?}Qi*C+M(@xWw1Rdt(22XZA^6PD!9h@{A68AfI%d@*roEk?uugc{0|5VM}
zIse}Cedu_Qv<$JFn9((`Y_4-UymzkJ*G6_iIzztmL43$ASIt({ovnd*Jwi}-Q2kK#
zh)8&k7H?WZbe!^M>l#{a_Gw27n8fBEHBZ;Ox8jHOXhvu}>OR*a)-NvX{kl{wcCfIq
zc&=+)NEzHQeP?=H&j#^sT&(guMq5MMjf8}bg(jp+3)LSyXb)7h=xnP0sZ{Wo>D421
zb#z^xUvDk+t{8!=wHkP1J~;Upth5z;iQ7ASoP89yHy{oX7`x?K-<~HNPFYK_MF>Rj
zKz~OpXt1xQ<Dq$PCr6@7S4Jcn>$b7=zCD-aa{BU~&>Xd=uY+T^DzTmV(c##w|1=US
z9P6^3@VTiZW?pj&j)%pT(0YsSx~{w4DHBC>ZhQ|if0H_Fi?DF9@Kd=sol!tZSkLb3
zn&MG%mCO74{<*1|N0Klh()2JP*X@Ugb3Hr>R^29iyHj1dnsYEsl!A5Q5^H8lXTyZ&
zpW82!JcX7KGwJ1gE&{GROLmRp4wIK4%j>kG$@&(X^wvYy`!$m3^b*(YrNcHnuVZf&
zBb8&XqsMFn0(6Kl*q#50{+VOTejF>GZd2t~=BH<yClARA$Kztr_BP8=%1n{H?ThxW
ztnN?FSu3wL-`!?GJ|9LusxH`doD3%->!Y<`wi1#tJOrPKxwP_nJnoZ0d~}H-h)CS1
zytz(YCWRtg5tfD8j`5MnJnksYyKee&R0uQCyg;5u5199+cAmQ$i!-6NTg%$*!Ja<C
zF#;SEMqzVtYEXeF{4}q=)gxe76Qe`njBj?oQlI}ikyZQ*8wdA<rLuc0=Lo-IE(*mt
zw=;&;QT4zepzv0@fe-3E1j@xOI?5-Ry63kyBkt>Q#-y|F-(5pox|3l~%FK+6THKA+
zbWmdtB%$WT6fM3c=aYYhaLY;0@Ok3+w$H^wp4B6KGJTn0WlpYdGy691&y~-*2?3;Q
zWU46#Qc{9q1g;UGV4yLfV1X-W;1?>`0t)W0YbYpM;2i+Su|ZG>z&j@JPc;kXzgl6B
zvS9z~8am?Ti*MB><>Y{Obz=upQyWKfTPGa(A23i*FrpS8G@Ue+6a|fKtyv9CY>iA=
z-K_0ix<CoL2?CearcQ?BZq`;dj)HC?lz)9g5V(H%n2nPBudg^+ico4Qsgg_DI+&94
zva++XQ;H&ylamWOn1BS;q@@4V9r#Ox(%i|(PLPew)zy{Nm5bHZ!HkVVKtO<vos*4|
zlLhz&i=(@Zlc5`njU(0HH~FvoNSQhsJ6PB`S=ic;zuec*$ky3Ogp%@Qp#T2)`#DYB
zEdD)`jpM(j1x%3brG<@ym7VQBb#t-+{l9d3Y5BX`U-SBVIN_I@394GSnObQ{Sy%&7
z1s+Y5OMp-KuVMbt^6v-zyXQwoQwK>~YoMc(=)afcU!DJF<NxjW*N~e39+HEdo%er^
z`9GTeN7t7*2&y<(0K*x+2vL+nnC%~*{p<U}Y%dc29}@q2Isf_;SWi(TVYdI)4N)X8
zCASz9lsJ@})Y}hk&<E)VY1r?s`j#o>-l2Skdix5e21fb<EU;X>{oU{DR+{68z&5dX
z&p|T#_P6h!N51*l!J~x8$39-y9~l_ia%F!_noFO%Z5=hM_h>39DQR26(f?C2<D4L|
zM<s`$`}UnUoYX&Fm~eZPa>Rr8HSZubf($T}<o|e$<-z4O@G*EV>HdfAXIS*bYfsym
zKJz!H>(<~T4qn5~0PyluvHE#o4$Me3(n?WoWc7NKSesR``{U(|b)ue2RsFJev(>d~
z_df?44ig_z18q;Li2d?@yc@<gP35(=YTQhy8RlDFtXuZJPae_e^fmCl?a}|bOJg~n
z6ZrUaf6UuQ>=-YsMSn!*^H9}#yOmnE_p>BH*!vy*KPU5m82`aOYF*%F#eZpZcd~Fn
z$F|k9D;T}ruq$XzMeNbU<M5Y;u=%@#QLa&8m-Prf?V$vgp`6;dfyb+b(NEeIG&+`L
zzZfY;<pU5yzWwi)_$HR@=0JJ0#%+}7UH@={F`D;Aj0|tTNWnP*iBmKO)ANcy`n*vX
z%k)Z%_y6q-+)JG0jqLu%HY=_pxmglHr%I9Q#mPv4Eqo$DCv(`I$38M2r>*s*=uxrf
zhq_)u%Z6kNP<w03^V9v+S{U0r?}F93;#{WBll%SI5ZmF!q)L6`R?3h~+bzg)xvlka
zo$R@iF2k)8;=WD7=cs&RnxNII+4ThG8l8=%kkpN5DsRXMv#gr~o!3_`*tRce*V|Zo
z-Cqq8pU>DoAGbe4np}@<_AA=kSQ<BCli3df0=g8R=FBpGvDD3W;u?6Kf-i620kNX%
zrpQDR?<U}sRu3{x=gLGW;=8P&+@Qk3OW<mLhQ`~TP+%Kgh4;(vBC>5U1lsFH(uIgl
zzx1|4Q$D_d#`s?^-%#3<M9?DQz`;~;Tr)CKJsxP6BRx~ty_%(A#qa8TR7{A*Gu?T*
zN`bYpyG($NS^l`J9<mpI4m>ENKq++#`<y|&fWPN)MCiDdRj+9lP*odXb&80f@P%AT
zmwcWdT`vD<EOeoZS*eIz#ycO*{}C8l=R-Pl-%dAs!uoo>=ot0Oa)vdx;rX<W%;lh}
zZ@#3WZ4aIhpWJOV5Ks5c&glBO{dvihiksMi3cd9DI`lrAfa@RtOWDpJ35Bv_XMir#
z2^KnO`nYCPl=NfJ+rCJW!yqCXJ1fo56W}T5v)=ma>hmtzbt&FhmN)k1|9Bhs4p*xi
zRhyl^>acEMzPK<W<#i#+|CS3NCf`9CRkez<z-oanQ}lQybEb*Tz_L9~qX`|b7lto;
z9JksO5F^;%A2nCBKAa7?+-@e0VsHMM(ccFh3aDttYqHT_$I&V|^pUx5U^D|Gm3}Pw
z<g$|;Ovv@J5o$#)#w2YD2se`n+(0>wuWQ!n4|Sv5#pI72M@7t#*;*>~zV7DRRQg&<
zc9}M#pGKo4;C+5C-Xym@Z&_hIqvx7_pWbp5%2ZxCsVp?SlxR6BdT(Vs{ge~NItWL?
zXOp(%G^tc~)U-dp^4ot&^ptC1G^?lixGnW{$$y;dn0e@ZFqyYGIG(E{ypgvPe1k6b
zumTEA)HHhSilXj}?b=c<cG3ac8}6j*GH*f0Hz{&|P}7Ir>?Pcp=`hGJvX~B=)KyV8
z|E0H7c<|cue0aNam4h_yE1aoVVl;@_Mtdaufy8yu5QW=~>we5`;GSK_d)e!{(TUXi
zW|en4&9R9b9G&Srt<{^5e35rh*@dP|(WeHb@3tRI21~&#B<`8g-)`UlMFyJJl8@%T
zRDnpg|I_3$`ipBRZgS|zXi2Lo-`d>rEqksjHjfIQE9#hM2QCUsJ5$k5r9~lIF5NOO
z%ozAAeHQT?%@A4tO?Y7J4XLwUfbUcFj>*f}o9saGV%_~ylBhn$k@yU#pf#X91qw`|
zJ`axe*{iYFw}4Ryw_U6$Aj=nIP1>xe>_oa6WU6Rjr{B>}Fz|M7Po2xj!Xi_KT9v~u
z|E-&0_PfawyjdmwS<X-DAC^8#5HbFpJ>7nir^oL!uadI5>S5jmFhlzjzw+Lj_D_ps
zQMOumZJJ<MFJ0e=VB_Uc=Dw(P?sCmJV3C)Yd1=qU8&qH`W1EpuzM5lMbACMjEA&1G
z*?OBLBbn#<&6}_ocOg+|yUOiX`JxQo<iEEQf1M?*8US0&W&nB!4IgFBBu>eykHpo<
z@-fbSr~ZE%-WS`si9sK>mT~B4H&;EPeF`WWxa^%uh75EMHnEw55<~M*Q^{e=`N+t+
z5G*Qxq;Z76{@AI>vC@@fSI_xc8MIx0qSAvs8LLi`XW!k$?)vmr4KY*+Ld%#j>Tk?f
z)9v@0uW#4J1pc`T3uwm1M4MwK{TTSGcXGm-oFS!h*FH>TwXqACt`K)3fsb6vk;$Im
zIdtI@@$K0Nf@>Ag+itIER#HLkwDw-1-L9YHsdmKq>7%W~q3k-N9i7%OHEmcb!sE2c
zY35O4PdBAf#g_k6B*O3Fag0Yy6)n|6TOT#_c+_3AQoY9BBFwS1KX6Vq_6pja_TVkp
z_mOO4>-nfm=iDcMY0nVlPK)ZY)e0Nogo-zZhgs_^+&_U{A?O(mJXjZa>ZghV^B14b
zF#noTvzaMeBAfa2PetH-9pCdol)I$V-Df-9HSO9>)F9~E1yptmUI5&P)%{_8edBh9
z5O-5-uyHzn!6yI6!q@$>C9@UPg5<_t`7GCC$Wcc2YBkN9e4i+hD?5MeQnBOl+~5d&
zj?Uz@n%?x|9z3dUe=6~bp%fR;(m)?e{o)$<-jEIB|F{Ndj3Q4MrJoJ{2tC+lmY!@&
zKEcH2H~#3Nvn~tP^|Uno^DdwQ+m=)5>j6Pbf5|3PzQwWOZV#0cU~p6T%`~3#(nKG?
zo-exYa71n2?*|h*$d1F}(eITSiygO|9{^^|IrC3f71?q{Uy83U!uS86b67<Raozof
zx~Hu3ur}R%{f+OcMrL7b-aEaS4t%~^u<bqgD*75Vkp-<y>v_p_*;F(!kwuZC?`DJe
zG}h($@YZN;oadh?s79IGp*uq!PX(u8G4#IF%z)!Rfdx}6*^&mnV#lUI>EfyH{|Ab^
z?1)LM=rzd2s5ry_@~D4H(KihMb=y+8SpOWIa_r&-@I7*=BK;FCN|Dn+GaLzw@B9<}
zd_&|G0os(FQQ~3#u}z>c`sKt!J(RfxDgJ@U$YGRJfVN37*!+LMQ{V|4Fr(Kpup*TI
zlMMcUHASWMw4#a%+cctG)(GV+-O)PTQ(i&xCDoTbXax76zUMRCQK%L<{VS{&?++5s
zVh+6reBfump5*Dd%$d3X_<8{_2uA9K$}C7ThxN-g&kx&TVNG=ttb&ghlZOBlAEe%2
zbR7LvRyRNB{rq?huF{6wKAewQ@0Zor0SNe`NYD#JoHp?B0`SANd<tGG7fnwxPqoEl
zLF4twZv-;%SA7J)7(K~+y9#$H!#?|?VK4`v8FSYqXAOp&)O`N7=O+&#06JI$*trhC
z(2fafj9Y7Cf<<acfd%#WxJ}Z3*_0JF7?$UGmSG5BG!Aaoqw3}2XtlOS($m%MfM{VJ
zz=+m(dQLGy30ulobjr2%>%IAn)E{R7<2G^Bc5kykQ<2Hiw3Aa@u0-V48SwgQh^^g(
z)pDun*QthvMxwxr3D5$NyWUq$1WS|P-|4n(x4i|5$!eDZTLg7q{tRl@(jU%h*0~m_
zedbAYO(bB3NbXf?{pc+<0P&PHiHi8X#0Iz9nYR0-HIZelSM$46MQ2Q^cJJrqDW-l*
z*-oYF>$|PK@&IIh*o~!f5lm?6u~%F;PnYRw1cVTYmq$y@rPtt3wn5Wx=aO(zXRUS-
zBbc~bvrie){xT%uE-*BI7<YC!<(G10&|mr<#K@3VnPqxS+ca+C=K2<Llyct!HssJ3
zfz)o-@}QQ)eIw>-OcH(Wpk_3q@e;tkwrs5zYFqU#KjWadcmNC$&eHyHMl&o9Oe>Es
zDX{<IXauE#VLvfhJ(nt<mfg4)Wyag{Vq7LavT18=fBsiV&D4vB;Bp6G@HNRY*jIXf
zwJp`E`umHgw3*0Gt55&&m5ZpxXi|`Am;NfFN%^m}BPa2VWjqQG=Yq9g@kP)MMkC>5
z*qy5>6zWy{;@O)F<>YBjy$s;zDXQzF?}kCo0Lld&{aB>%7W^2{6(Gi{EB5um+|_)l
z==~L-QL_MO#YK;G_Bq=a2r~T*2mo|Do#+J!wm1AOYnbopdSCN<FB`u`;p=BWHFODQ
z>68Myx6!ZW6pvPwbitvYTRXD8jXHALbiTO);Ju3iksGaKFq-unX6oZS<L(d)X&ET^
zM*LIJj+pxsNPw)cnC^2gk?kxH`Te+F8c5vobdOvPyY_Pp@w|O_0M<MbT`}%Bp`Eu;
zDgc^!%^h%QW{k+9&$pf3%LHT)+rDrDW45*%qv^LrZlaGuUCjev2VRPH;lxA(@42V@
z<!2CbtN`xa(UyV%Z8fuyu8g*pL=1E0spqL~k%AlP+#cMSeDb?WZwlg?FHi2E#$Q6+
z&Oqd9KRv0N8D=Q^*x3w(u(tC67AE=tKT(jc`mho9J1{Sr4Z_1_?=oeEBL6;fBhGV_
z#hc_3b=0r+MA&g)w#s<P18PQhv{co*(Pg7QhHJ^Mq5Wnp41DV5U4>8O)#7t{rYP`u
z(uKan1EAXU5}|cwIjZYi(mZ`7W4RCXWXw#I5sT|U<n2646?Zc`0)zk?N9m;ohDs^x
z67%jy_HvV==lZJ3#pjN4ZC?ZLu$A)&d|ARVBF_^&kAzbtoIkXAH1!)lf9~*V=q;qv
zM?=)!nd@Fo_cW!cg=`S0+Mc4R+4l4lj&q%FPizQqlk`k2+h>ScTb+yWExV}UjgjSe
z=lOKm|LtbQkzn5ECTrwKH@9h2=wAX4;{>sL+5kd@eIT^Zb5$~l{Ip!Cl6fa|+%lQz
zvhWhTdJpr=SlKaiij_r8OEm9)(s$py`}j#KUzBsSB8spIes%2>E3!7-X+rMuJ;Gq%
zg6p!^5=Z2HyKIcr8<{g1lOu!nyS<W``<omd_e&rpVEcwyZEeqW)-V`;7l4oZd+4G!
zD|dRXOFURt!2T#%HqVV%v|T%~I9ULEy9gHV!U&+B`eeywP5YlamS5AQjeYAfjuP1#
z!E*WYQN#H@MozbGXOHUDaC+1O(v&R_YTG<#`J)X6pbp#vL6t^3<m-N;r5w6D5LJ8a
zQCWs73LiuV@l0!Wr3Y^U;k`PUmPNzzd#WXJtB2rGl_@Ppi;GdivR~6beQs8R*WWIA
zXLD~4)wFBm<u%maJ)98dqRDw}c>Ly|i^_xT)o%z|A1D7V)ZOe3Aj4+kmh<j+PgG&Z
zKHoiT0$)_y$8hR<#WIkd&|MUb03!dgC_#5o*{wOXHa9*IzD~Mjgh5o(n2X;(Jf$r6
ziCQ$0Lvqt4j%{S`)=qC9WjRX4)<UQVH^QnBbl9G5mw*XfdK^>*BP-}hw2cVvGn0X>
zRfG;}?*Kek4cQ*$3IR>;QEk#;CEWQ6tD{BVAGa?*M#4`l+CH<XT`ishaqB4Amr9lo
z?NYSUmq5g!y``l(O0(Y%k0C8Kkw-)AongBXM(s|d!FF2ietJN;&yZ+#Bjr#1<m7MN
z@3`(K+i2$uJ31s5hRQpeB}&Nt<&8m}>WoaA_@b8=Kg2e}OIPB|qn{#p>iT$D%sY8O
z>}u9n&;5$d)0@h&6#jb2rumTby7jb|h>LmU_c8#nH*-R;i@!cU3}9{ZE_<G*fgil)
zf;RlGjyK{|T&$7o)j!q9Z5Veg2@!r9PK%6}a}BS?!Sn80NOQYSF7YZ5@n<+BG93{k
z+ryv#-EiZOSfcMs;J!*C<Ehun@r=jdc%)nBYF3!;@<nwUqjF3{&!o!dg72aAfma_*
zA|t}b73s$h&&z@ee@e2qmq5I(6U1cEv|EtM$)L=+E;TQ_t$=VEIJGR=+BUM$WNufK
zQFj!tt~^jnLNPjA-#q>;(bDHZ2!}<cI0}C6yEf$u3>yv-N8%Co8k30MsmwkZhi+XB
zBHD{1S-QF8#&yyj71&O@Gyl+<0Ux4_P67uH)k2Nq8jm5k?8L6Rk~?n8rz);XFQT8L
zrCC@cZMnX;`#Fv`o>~xAlz0#ui9CV=Rf3!8Jz0d!Jw0eXXJss8EIAiCR61+_z18~<
zjR+EbezoKMEm!lFHqqbUt$@5>@$<s+Q-ZqvcH3g6G7S>q{eW+Xo1ZLOs9Ws=uz;(s
zyY7JR(tG;6*Td)MM7T;A;WQ&dbpWh)nTFpEI9L2cD5cTKP~wbqIIYo41>sE(FCmNT
zXpq^U;{}XkWQ>bojBsi{#e2{jN-3Z$SBu@XDU|ZZ0g3cjoZE5Nb{%^{VwA}sL!`Oi
zsfKjZcVqy_%q-qx3S>BjyFK??nyBq&H2V0&hI(*g9hK**2cA4-X`Z3DKgUF~%k`vt
z*aC}j^tdJx27=q)&2tRrK1F$xsRDTmk1xv?ig!$C+S%SNEa`oYcKUQm%1JIk@SO?F
zI`RCRc)WzFWFRcsJ}M+hmwEl_3dK)qTA0=AiR9|m2rBGtiaG9h>pDGVo_ohPXwjyx
zf>YhW6aEf}O!yCv$3CvkNbWMR>8cPFc$A{aHHqXEH*PF!v9!5SjrN<1Q&D@7-2(j_
zUG{H36eK1w34I8A(p@i?pP%ZPjPnS*=cqRte{X$*MYD6x@o8&mM>#tUFDiU92ycxf
zuf+|!pMiP_d(1c3oH+JS@P2XN7)Z7r55ixrv|dB@Aq;yg0m7=0?xW>xcYE;8yvLN*
zP?zw2m<sMDm28;-TmG&|uE*hABX-v($2Occ6S8^)KCbV>2Z)@ZH;J-Q`nm$^M(K~b
zv2H``LkUfTU7}hh(Z0SD%F~x)%+5Om5TLW?_rAg(!l%RpZ?e<3GvbZm+2o>p*d&jV
zBk-<Qlh2rEx4mU|YO*t4GceumDH$Med>hQ7KGx#iKRQ#IS1pL4t}!}GV<XAFtXHYf
zSfm<4y%rts#Sp{1Tl8!m5*q2ivX_~LzeK5YQ2cv4d>8*}E!=}ck);X(@_s5a(D}aE
z_W6z&$?$v)4}j}*C1G2pzl+mVFdI-%vzN)1s>=EuI`ooK6Z8~q>p~MMeIk3lktx8q
zHcTc78)Y9KAWt8-xIOV!SeG>0=tO3_2wqHp|Izy=%5Tz_yzS<I3Hm*|tZO-eD;Yzm
z$Htq!XK*8p50J(4Dlp!Fo$!^?x(to5g##EIEtuFE58wH?kGU(IRK3iG3tw+WqqXD3
zvw_NES1FHMBlSYoUi{z9&SJvDL?st;U_gO@M#lH98V?HI=x+N`=GYn+Z_o%+2cW9T
zWTQ0Y8{-TCc#F|5y89R@bYypoa~q;yqQ9eg=1nD<$sQS|Qs^T_kI>RSAk6i-w>d+l
zy0tlbcL<j)eT<*2bL>5x*9Q9OZ4TswM9P)&PKLm+V-T6-OF2zsLl(QkqK*}{P<DXG
zR+2GDtqDIotmR8zZi<DN&ZC4Nfw`<Ga-{mF*yB%}6A~73ST8#HHgJRa3#au1n!8Pg
zfWNK1A(a0WOb^EDWA@^W!)DhR%IjdiOxkt}Y*)zZ2`oHNY_V(WjcZ^v5#F91Jg#gi
z9{l(Up4irCl~No!c9NUm+9~yQ747G%Wn|crL|upPL?)M9r}TasiC4(4turk~&1YgS
z(GLxT+oHeH6bHmc0^!4APgfgWyu=zvnwPcBCM1EYv5Vq5+<<JE&YPLBCC{CAiYwbR
z@TTTZ>Qk${_Pdi7+0^<edCt@y!e$CG=8uPyVQV8$u>Rr$ZE8D?=ZEEF8&{*>>Y`fi
z--`I?>byk6MIac4DLcFiw(ByB3NS{SLLw_JLzT@ViDk7WU09r8TID-hgAsR<#A@7n
z!2kA|)vR^iHEal$-?)ob;4p0CI)|(WFEuq4o!af=z2rUXMOoEq)6I_EI*QhDo(Wn;
zn|P*&t063V@!SoOJhty;rbxmF>FOguK12apcE4X)SM}gp+F5<_uC&Q~=n*-=G~k{%
zzNtCFSccJ0&~wph*Rg9}bQt16#7c1$hFM=AS36<eb8B{9W;f2f?nJiG0irxJc@OSM
zP<G}@C@9s_$tKKSjQF?vQ?|ub4E6azRE?g)0L{ACl1FntWf(XAmX}~9EnBJ-QtT3t
z1j2QWv;yKX9te8I_x4CjiB9VEEs>757{?mAIcSkULeXlZUD5<PPT&`qbI9asj)EAI
zLB~cR1y|dgVp}%WN!nkH75tL89VvWF<n=ne+0O8=sV~6EM4`%c9%xZ0eI*l1y1Yv8
zEC_4JFHM5Y@GPy1nDLaW{A=O*`DX2vGsdxUtw|S|P32}y1V4nDCEggqc2;){@!&(m
zJM;gQlb2adh&M4>Rdl|;$Dd)q%MhQS6(P1DBG4;@>to;;i0p1tDe2a}#`*kkuETwk
zAkZyn200GI)8}^#C*gPZt|h4Hta;mAMYi$dqB~HKhj1#CY_N$8RZ}Ogq2Zc}P`FyQ
z(b<5-Vxi7@`h-~Veo<oIY0xL{f}aej#W==qe~+SJ)i~g+<IXE1HHu5=UeR54TCD9c
zSMfbtVzvIMwRJU1B)lz&&PYY=ggi~F*}NH+_9urnlxH8mCI;4xFf;t&fIf7yD}{k%
z*~#hUn{VGsg%*Wyo-bJJ14a2dDWCKnmf0L1ll$*FetkS25vmX?Eqe(@r?7ovnT|3@
zNmzud&+sC8n@1bRC?dd%!%QMEbA|hPcb2m`wLr+TrhJ<U6d~6O7ez_j0vgu*u!sb;
z#t~~B$)$t`Mx=y2=e-DR0+dsiqxx3G?%$dDp}E$fvF^UTP5Ss<5jtHhjl~C<x$;{W
zX%A(2!~I3zqEIo^?E~(h&~E57ls4dmMfd$-_-Aw-8+ABm{oc^d)KGX9Z43&ft5I_g
zKY0%b->+Lq&c4g_I#mG87oHD(!_6cO2iLP`<E}weMES4*zkfnu7>jY9_Q(~LDfu?v
zvFo;hy#X_EqhplV5xfeIf0Mvz5D)^=4L2S~$y^;5B@iXmsC%s44eNVLchayP>8M=m
z1~~_6Vv5R8UN=_9kv=l?ar*X!x*+usL)ivhzq77iF@b*Sy`NzX;B_WKeP~6!PWR;y
zV57&uRwH*Ms@fo)C%3O__Y|AoPAEoE3-yG9C1522hOWH(CO?)x)LBf@dK1-?-95?F
z98Omm%kX`UfKh1;#&iLojT!t<Y)s*>%+C2|yMW)O@$7qs4HXS*p}5HnLQ#kOaS<Sg
zC2}PD*iY28UL#ke_YPY_9~kz3^xt*nAB#QTMlH}j$7tlmUo+3t$Q6j(3f-ce9i098
zm=ET%pje(8G$_9cgeHSS@VU5OyL8xbbi|N)M*8(pG_CF>38<<7C;zkIe0Z%t&#Hhx
zp7FRJZi=!{A2)e}fNKrh!O2J_5T?*Wv`NcZRcGF62-&}(y)S~QIB=)>o_+vnZNA4z
zj?t;z;&drkwE@!ly4xXWW)2C6=v{$=KT(Z`p2FZGwCL9qLa%p*R%D8)xsM^$l$<zD
z;htSY$@j^&wF2;XnImq5$-^i(<tk^J_zy8-+`*6v>{U0{Tpk}A+~i19E-WA}s!RQD
zERFX1HI@ppDT9Sqr#mPUpM2F*JDZ9$d9X=L&<5;~)sf3DLt9^*!^G=_5|Fjwv^O;X
zltH(^H6Zw?-yL}-OvuEN7>3eg3MO|4@kuveI%iy15qi$X05q;m(ej3Kp${=(efycO
zcf-)jF@jth^qO6?goZ>TU%Zu=yf`mYj8)&m<GHnDCebHm`WU;y@)4SVt}m3CdBYW%
z$q{{8R^IFO)YrGv)IRi`@#8>FZo*6N72Emg^{7E2E!k5_Gz;v!os<CGG5uLQGJLxE
zXc1kKeN+NQ!%k7|WbNqOp2NIYMny&N_l6Ibp;27gtefyMXB_l@M20S{&hlGl9rFjd
zuIZL7=JEE%`YWQ}iK2(QkTG$I-9&FS;-tFj(fx())5Yb)5c=vDI9?S{MPrK@9S&#C
zo+U?_(1nh?tA+5oyKnK)4m)A5Wge|kr+)^0_3{+;29>Wl{C<Vkpe5`R9%I~{igdp|
zz!E`GgXq*0E77)lLk_7u1S*<VZ&0ud1i1nOF0kd1?Qb3o;fe8P$5rnlr5|*w?z7$d
z;7H?~6(w6IMh++n&g^|LMnyAJ1Rvx;r<Sqz<9GG&!AWz51c7|7(3KqhWe0EkAMViJ
z3{D_1l}5XxKYn{Bn`DCNj?SKXLA&uJj6|y_kSR^C(K6~i9q}7O@bd{X_nU;nB^F+<
zaY1Q~sLDJ_QE}K@D?gr)OpA5T4Y7_KHe#?zMtH39)0&@AzsKHk`c31FDDB?KcTe_)
zeEtVk>bX5UYzB}qLy0gI8+}wvE^lI_XU&&@(ZmGqQ!c2Teb!90!Kw<G$Eq=Fz?&<m
z=UkSe=72sY(tPyX!k{2_b~|h2l5GHj)Mi0yYj5|cb!YTZNa_)vtYQZ`_GfrCASQMN
zr^2h_Nsln=wYkY8e+ScAoW&g8dG=LKWLf8<oqeK2DdOq~!+A3r!LILlAM1%;{cE)L
zaH`e*)cICTfn^g7Pp86!N$hDU+p{l_M*9N#fn2}pI=pZ9dg#`w8h{~f7WFl;+g7`>
zIzC)bN;+@F!fK_wg*mkly=;<^VO;2&PX)PGFkihCPJDmTs;c#*^He#hQ3msrLz}vw
z1o|cS^cz>F>Yddv#lQ;IvvQmb9)YST3;At8EN9$lx6=;1)k*V{P<ABy*~yK0Sbd7*
z1&&Ff6y1`Ap;~Z)d!@hn!c&z)4Q3Shr^D@)HZDf=!@(`Fq3nh&Qp(<GYa`*DBnoTc
zqRvL+bhDiDut;3{CRAqcSeG}%&ery)t$T-iJ<|qQ(&?D-*bA>n+D-7iyP^nC&w^v6
zwKe<t?>s<^Vacz-E@VDHBCqs^)NKcM{I(xvH9!Lyj>nB0r!X02w<uH}X_}7qMa?7?
z4BbeKr1r+71Tr~GVQDM3<hZe0iYuJQm7nm!;&#qOZCZJkHzSDInv~l!cTr!*DbjBG
zx+a;8c);T&#B>Bf$8Ut&oZW5MW++@(yt@_-346;4Y9S!jv~9hN{Y~^Ra&?58DhfZK
z$~b^^j2Qay!aYANfj9nDDI9$lJ)N+}9vLL8q4FW<4pDl8?QG8`-i$w6cM~iA4T!ba
zBT0lYZwE`G{4S6N>Z!Gm)o{f(A5jyIdNPegDR2Ua%QkL?ohyrpIPA?{LwzFmPGDYW
zJtsl-vH|bpxScCf1*aTArq)~fS}Y;xZ#Nhg56_j2OnbP9`0cXZWzsn*<W|DGodD)9
znxJ3Nau%v{jCw5rOVfC!C=yoP`Hj{8jVA8+QFLOzWE)3Eh>^l0_zbI5>}H52`?lZN
zt9(6PDFK6n9aCfM{hEd4*NdI;&+Zy2SII7@8Sx+6dy}uCT*lDJ0d;gELyVEsswd4f
zlOdzL8~nDfUilEhn@|_Tn`x(6O5OwE!s~JnO^xOi(`Z`jGou;JFKyp7eqZkP?0y_G
zwv9Wg(&h!9T4`=r9Q;>}`Agsn-zPqqgVBP}URpcZU3>>FM=EROYc{5gy<r*KARAR-
zX>eqVB+<UN<7?U=U70@ANl9#LTR}qCpovCDGuMntC-C=7E!NJ5eS_ygsZnv*K{kIV
zFtapdmu2?`j1bw@cr+1ura~9-Fb-|%Bmg0x%yfc#kF?WaX8`V_99?%ufNww#MMDxI
z!Hj<+ST_fkAJp<2${QTb=^@d_cQ%`G7^@|S8|$hVy!$QMR?yxlOSM2%ajoW89u}yw
zfGc1OYEl55r>D0YtBxOG{g%sr`1163Of>f>W;`|?S5l7^(I)I>`iKazYN%I=WGA()
z++0qLynBaJe6kowc!&GEyzrx}=6&ddN*etqL`!1#zB3jK3Lq8a`e_2s3u&;GjD8hy
zq@R9h4uY|V8Xw!g-jr%>HUPKDeg-)zzkJr*SANP-`Kq;1HLn$-3Sr2k@YgH7j1qQe
zCa@(lYqKuDd$n!45m?<R4t2~vL>(ezBL2-|OF_Z>0fpAE%<o(^L5jTw-`!HBHGpA+
z{G!p`_AFu(dh;8B7`&>o*yBZb58A`$POjXRb8oI2KZ)aI<Rg+41NcmQev>TRq1O-<
zY|%Z&V=<bH#AvSs-}eTSTknJ3Q)^;MCU4+dqu+kE&|Ey#uWOJzk2#$8>{~%H7<}j1
zi0dDOV&wj6t}mv*OIo0C*sud(A8`;Lmtv|<KeS8(|E4pW*`FCDi2X)fAm7HHf$Lz(
z1JPduWst)y0NX>w)jq*z^DFP%-Y|1Lx*#```$$5hR&o2T8OMseSI0NHOV@r!<Uw=n
zkS6~N!%e!s44^iJY9ej!xcRk#OZqETlPw%|22jl|b5_v?X1ubXi4)-@Jt1{40VCm_
zXS&T=-@aW-S1b#QQ>8hg1YDoU;<8ZdpbKiK2uX77EhTHYDQ?WjCkhImlaa&(3Hv+&
z1N!5<^lgbY3*GbAuxuOSI`SLHLjuf5I}g>Sk6fcawpY?uHk;a1Qyld)BG>uVs9Wcz
z8}IG|15OPeanZmMH<2Y``UkimVFj@g0z#E?*ZSEDccvt(W4@Xi6r`Mk?0z*|JE-Ic
zXv3UQn#Q+$XPvR68L&v=MeHY?S@5u~b7{PrVRRag5?>i$Zy~`}r$GfkhO}XIHcmLd
z*uN%!h-~P3(G$OYQ|rX@{Lgxe8057@8+Xt~Vnb1`IhMqpX6A^e4u0&Dn@(Z@t70!n
zY}5wN=8aOD#Jt(FCw@^Rmux}t>{l9%+w2HacDhU$jRTQ5i|h8GQ!59+5oK7^_iPDh
z2!@umJLU^*G;TIclNCmND2iI``oi=AMSjSV?~Ue7^ynloVR7ex{elolwrkTruhCS1
zS#dGf*z#(zWQrz~HATrj%I>sa$FZ$#&U>b3-n0%F5N=X=TXWn8o+&pyGCO47)G!za
zmVeK@2F08j&s`zs3oP(#3if`Jrg;52F5LetTFFo;2>DTuxkmTcrfOH=JW>@+f*>Hs
zA1_^N+MA0DY-Pl;DX8(NW<JJn+cNQ&lme&n2WmI&)3+J}g^?kdZ;mK#QLTl}Hrd=+
zbx6`)<bn6!@@NPa%{1Eop}QIE>nEXhAmZ4g6KNJ#0s;RBlIRN?b}V<o*74bvH|uvC
zaxN2N&0mTe14tBEpAh4f>??4-4Hg20`E$B&0z9B5NV~N9RzvK>L_D#R?Y}GLMKmzQ
z1>02W#h=x0wf%}(cuAqbyjr*&;Rsx?vGcSY2V9^M%^Q={)9}gF*53=B95tr7xhgnD
zY7xgMpo|nXMg|t8fw$MV|4o<h{X+ZZl0n^>QT<iIn*MM_&;;v0YVfMB;U*Z5QmRV>
z3JbXZQ>7gZMs3mY+qmJspYy+21x0W`8`CNSJ?eiT6GZ!e!@ef|?4<b*CW$y4qc6}V
z?}jAr{|{=#H^dEc@*WWce3F09<KGjK2ijUOGyEq0$yOzY5kRa3+j}OUp%d|fgV4!r
zjQb*g0USWEnr@ROTne%;ul2lUBCB30P*<96c0JY_Oc<PHUY+du`{9S9zs=8qZd8Bd
zhf=Bza`M`*Nv+!gl}TRX-tf>tv-$2?^YPC4I%~_rg?d*Xiwbm913bcLyUUmjWHGNh
zCn9e1Xr*+)KLCZuc&XXdHM!q4V&uDc*_$jQLIH<7R07WKfAK1RC9q6Jq!)+(8C=Nm
z4E>9~kw>E%>f$nAYf;WN^vP?kRz-X@RmfK@o?~hND1t8J$;GA6l)D_xYZWS|mzI}T
zrjP_O5YtODd|Z(Tz3=daEd#2abv?K`-8R{J0OX_g{q2vi5bzqS)aUtWK;7M^Bz&_c
zH|}4Hw1SAeFoK59-XZ96P}Eimp~9dS&zj}rwOMQcmDGBe&>yD@xn7Am+DtMY(dev4
z?y_<ns?9r!5~aWKMS&iCy&33$#mH!!ornE*Q8;V*HTL8P8j0XkrIort-Sjf)rdWVD
zhbhYB&6eOKshKqCfMs#MNvM$JJO@K8pke_SSuLtI67Niz<KsL3i@(z7ZIR;Q0@Q5x
zhW3Cnqu6j0SEfVR-~w5jTzD24eT9OC^^i!OLrh?L>@e|ogGxn3;eoMg{Qpu*_8B&%
z$&p9`E@>~VR({H8Kk@lCX3GuBcY`rAu?$CUQGKZy0Pr9WhuWkW*1-GF+u6Vv|1aee
zCsz^*>tZIJSmn_H(!p<}$(0DGdcRzgl1Xp+WdD5w3(lO%|DfdLFopnSCfHt${y%IF
zb4*}+q{21ZF#coL{eRw1wFK^FBl^GSd`K9o9`8e<N5aIdF^Xh+9)ZMFWnrdwQ(Z=Y
z0~3rXB|8X=?{PI}1~5mwQ+Lr`*wjLahdOaD^ynFV59<QUPyu$US@st~*I^i28~xUq
zbR!5THebE)nt{8SyDr+l5V>+Tt^w|{qxB0<aM|a%b;F)X;xEbg7Eql)JdPW$;;(pb
zW!meaJ)ds3%hU5(rGOFw(}G<W>S1~F5u;Nv@QlM)ZoB!32SCX|WjK3wUv0Ta3a^&=
zy)aGK7Lcv2rHT@s=&1)Prds>cWeT{iH1DKnp6>Q57QWMEXvz(!X{S*5K0jTzyMQ_R
zW?$jyekQW6eeX}40pzc)R)fjrt?QRSK-JjD-x1(dx3DxHRM$;wTk`PhgQEazF$?fA
zjbC^)TW8e<jsQDm9w53{v*^^-0%YZd>t&x~c)_|^BV?i5jkq$UR9+f6*h>N*XJ_Z)
z^<0}4AS^61X!ouI_<#j%`gnia)A%T$egk^|@C!!2!p;M<mmm|7ZS)Dz3FQfWN*3)}
zyTez9v3QpxBCoCAWl=!iS<|of16<y*6O%}TfOeoxcKA}x!^k;9(^w3@2kOcoU@C=F
zmjKyYgR}}Wf9LUfxgLSkElaA3fe@o#Da&j$gBPH{rjqqsQ~2C&;u-gn$hpw>Mv_>*
z5CF=mdI?3{YL<*X+HL;Om{%4$G<k^}Qk@Hr1a|Y{4gfLQ`4i?33j4>Ri(Eu|kXo!i
z0BjV!^tbEOe^c>_gkfH2z^y>hoa^yry^FCHepzaGoDI-f158b@Zb_Rle4vX|7BqDH
zrSpv548t)6*Rg$my4=q%G3`O8jO0B@`)H)Xvro69K22I3GGty(1q2eAik;rTEr5dr
za5|u5(^9~GKYj2&1X%A@$8GoJER`KFb={Z>nkApg2-B{`*y%vhmM=#H0KqPkx#%2m
zct5zgvWlu-z3_+{?AI3`%~Gv-frA7oUU$2N)A<T`FLZbXvh+hzk+1ka8u38<UfcHo
zZ_qBd(N@@o?9)O4O~;D-4%84ZUE7C`DJLU<U<P@ecE;f4JOEV)cL1`lOaeV#fEb6<
zuI0Ve>|Y4!Oe)q3b<Ud<qF5b0Nq55>eZ)4?cL3+RrlS36o)_Y_uGlg_0-k)nSx46h
zO42*=`%XT?xx)@*J8!#ehQi@M&+$xyWSbTM9o^M55-Of$4}L;63E)yT|Gpd`1CG$%
zMoXd%Orgj309@^n{;s0;xv`1-Hn)43y2M2?`0QE$9a}H$K>hlKzR9YbK-ZBCxVYrn
zH*ZJ*lD*4JH0jxNnNB^JoX#12=*>#itWj8_qkYDa#N%IlG9;?#f(V-3AM+z$OKVAL
z=_oqEg4Qh7+}3((PY>rRd=1La_Q25rXY2I4NICgCy%2FnCga<)eY1Jw;TDaO31tYA
zyuHu)FrQwb2k<|iG$F_OJAn*<cSR^n2l_oC_UxI;Z=bWjk>mMtqGKfQPwI3{&;?Lc
zs|RSZeGJ_J*=t?8_%yx9=}VI6B2x@o^vfUOoqkp{?fnFM5hylXOemx~VDTmQP=|6G
zH3c|`Yrk;Lg!YPZ7fT6Atd0~~UJh9Rvava;1GqEI&FEr?QCU(nKgeAro>St#X>=nq
z9RGkMi$lNgV)T*?RbLwx!ygM;071^=AwabrrXQfcO$ukL?x!SpiYMV$m3FI0?s?&q
zTLVnjkpM&KWHdxr5Li%E-+|!>VBS>%2M@G@<V0aL5JMjfgGoT(n_Rbv*K1!p-QQgl
zq}o&ic61>>HQ50U>z%YBTk`>Dy=b~{&Z2rjq{x-#J-`$?>NLHVA>0*@c?KLOH=@I$
zeIL)wa8&di9Uj8Oz<i%shI?-hGL_;fz<YDhNE~DEXCV<w;Ipb3=4B<eTrZ}2a~1P)
zXh2Jf{hN4t7r9}x%i&@Nl=C9MzT#8&UJShZD-(z#L0%g{)A$22Qt<XGKxbM2cH{Ou
z={#?|<NRd9811->i5!i)#xjSp%zZZ8m$GmiHAsn;#dh*DPY=!=d^`s+=nOzJ^)!jP
z69OAqoL!3atWLAQd5I7AK*=5i?$70};q|qnUqB>T&W#eC7ron|nu(El`@0c=>xg~~
z5O5rFFavx0`yBxl{&*PdlNXk5k{+|PCfn(;&+~%7RZi~6yx~NzBE=cN%;Hv^9f*s+
zGLq#R;RzH(4jkcAW;|bh)kAVz3*Py<Dw0QB2Apgu2fOt|pVJ?m&RxA6_9&|Wv4=yK
z6lQ!Kbf(5fkrj;H;QPdM4KQ;QH)odbU$}L^W?cAT3aY~xB&mVWk0uEic8+x5(+1IR
z*k>OYO?&Iq@;>+A88~rGKlBz8pE`sO63Ezfp8{t?y4h?iN1J^12nU%*b}K6fXechD
z+Ia)~(G^HsI-n8oY44r^8<zG8`nF>Z!!I_{AxgD98m$y1nrno=3zf6;``rm}0L3Xm
zY|0dXE<h#F35LSjTsBF5v`~f2`VWqVu3@T8Q?ba?&3ZWmRE!Hdbt~o7=jr6cO6D7V
zhJ{JHEW)^}%UW~$MPuGjmxJpF96h-U5IIGbYRr033N`7^PYFb@trW-KLt5vAYAhxT
zRYvK1lj^HMiCW!2eR`p%4@~)kk}54JJ*Sjw{~cX=%qZX!#{&14n(Oxwj{!v;33#1P
zTc%2|K82*^eY;s^yWFO1XhiP&{v&AR@gN)fs@5r$Rv3pcHqE^vAv6-2BOxp+x&}TZ
z*&1a2ezD5jus4;{A3-P5*x?Yz727-hEw+^)p1$fDhq{aw1R(D}7;1<nzZ;>6w}`jE
zp1iRV_P1S3z1d1OBXt$n*6NfXFr|eg5`i91pGY$)%(jxxA<3jQ)8Hiagt)D%)7q*J
zE5ON->X&0ae=w%7_<ba^Wlp1n{E&-%JQt_bZ~1TRthBm9X1w5-5GKT1d!gWAeKx|r
z!W!;h7hkgvZ8y3pASIxU6PQ4$|5fY%BTlYCq%dESpH5Sz8CC`yRXX5}21=03xk<}_
zTy5mAygzu7MSD|Pllb>F0*j$*;v^g(?#N(F;ZCFIu$BIr<~XE0WxAH`T!$l6NS>Q(
z@q>;2Y~gx@fKbgQVrZw}ereqMc`wc9Z#NNs;TOA;eb$d+q}nZ1O8kmvtrJIGRc-M|
zvFAPXM^0($5}t@#U9o#K(WMtZi@BhkvF+Pk(qlXT#zVrJcs*v#H}M|WJ%2vw3_pTU
zuYfqf>V;3%{wM~X6$ny`pgjCB;E6*SO3yXuq`4+9WY5{GC_JDtRy9qc?gCHbDI%U6
z!E~srLVAL>-0tJE0FYz#?&K6Wi4EgAp~!srpL|hi4*<YZ!}Ysw!xJE0x+VrpiHRP0
z5(627%bM*czM(g6yeQHeSb|<t!T#{54hd2ygP&<Lb@k)f(9-{MAM)hUR>pGbzkbzB
zwQ5Gv1p4Z--ALq=U&%L%DHElu*k7;K;`kc9<__jepgq>-Gbu>V4*@7&?K+>5X(Q#4
zUt|dSCEL<@Ua$uq<5=h|<V>PaVVsvM0^{aLVehpVHH|Qvs3i@UNkdZW=tlAG4rk`>
z?FI(t$Y$#95O3t8;`^>kDCnG!lD_ve1)5Tz$lnrJ#eV{?R!P5Yl-a%DYG@-iVRDTp
zi~piH{^(9-#!E|oh-jK}xo}$TYZS@;<_#XB4*b#sCf<l?GeRiq)~Y9G1Pvpz3Wd_k
ziNKQ@ZNosE@OFUsvS3I2{W%O^Hcv7fWnV_Ac+_#<IS!PW;fbLw+?)lz6dEic16;Vs
zrS02oDB7H|ulfGsG=4yaUM@FU>TP@0W7+MS7`mq&NZ9f`?3X}hi9f_7!Sap8JTd*L
zJ*26Pe_@u)og=o9E>sYa8{4T7uojs!e88Kr%Apj2JW}Y^sJin$ghOX|Yg51*)p8@b
z(YS!!W{VKLOSHyyU``}5ca~jz#q2ss>!NRcWcMV9rC0=}ZK9+ujjJT=mRp(p{mA-q
zS+{&ZvITfE**<DC=-%O*TIPl4kQG1Lcs1%b({+E!@IqHl+0T2C#)5405I322ph*6h
zJ*BhO0VY28#y%#pY51MIp^k3CWw7!8F!vTfS*C6Ls30JqC?!aWAYDo*0>TT5bR(e>
zihxK-ODYN|jndtr(%mXbhe%3ycbCAq9&o>J_tX8)oHKLIoSB`ScVT(!x$o<_uU}nQ
zj@B=5sSF&=FL3bdoVu8m94+YHF1*Yqx;cFAU<ISg{M5H)H&=Ut6Ssa2XAzA@iFgso
z@qIQeTdo!jnJq)QFBM{!$0|Q=pebo9cPW2lta^6sqTRiZVzKQQ;g)1xxuS(%&){><
zGtD=a(K#~+Q5W3VV6D7HmHWKWUw6UdW$M=X(}GK<eR5nbSyVc=b`w))mY;aE7#FTl
zUX(>b{B0q$lJ;v=_#OTQ^UuaHzQU6Pjnf2X`g6`V4@P_|erC6%YsYY|ZYw;%z4`$o
zi*`6ym&uZ;b~)+dDY^TPecSkm*S4+&-ofg4QgEwysq)j==5~dhy`f;?5F;<c>*k}^
zNm(g`kIO%;XOAKauKwz_HslhGmhUK9K6GM4;tcm>g<Ngdh019Pt)Wr7)y>a6&wuW^
zc=+$sXh-Nbgs_fO8jPy*<7?Xlq&Mq4|GtYgWS@3%e?9YAH#AuW+bfhGLpF}gKjePL
zghC!=j_e8doS#_{eVb0jWaR^W5<B5*)_FEr5e);cmF829`BGwyMF~aR6u~C!EK!b~
zBRTuQPJ*1u!<Ucy5jOKaRj%$n5#uDPE}iGFR+oR*w76>T)&-FZLsus@`C@Nuxl%5V
zxH!i+ZJ2YrFpctMjRsgb+YkU(WD`lA)fu93DbS&_l!SE*6BF00n=ki^_cfJm=0j!p
z({D>(n@gj9R$TL)QRoA|oLtIUwPD<`RXeW6%xq5)L-A#O269GAL$}YxU~Br}l;ch2
zq+iJF$28?Q{W(OuadJ6z;GHsKq3QKOCnmo}p4IF2Y*<hFs`;(4FzfDeeBP$t{vzlM
zLP7K6)~8Oz%dAdck(n<?DwT0KyA;3CwB%J8yIYNopXyG^tzG)^Rgp&e)Kb*v+)5Q{
zWrtuQu&F+f8?G_B+`NAAsE79ve~zZ#lbzUd+RjUfGP(6x6*|(knSKhYVCqb9gQ73$
zYNds-KRMg@EiWO>VVQfrLvVFq%u|3$HE`zo#*Z(SCRs^23EW<ypBn`x(n7y+6FuuO
zOetQ^Z^T-m($x<y(*b!{BVntZK_H<Xru?eaYl1*?VgvpPrW4-It!UMP!CPgtvOgQA
zMsXr$35a+56F#FgI(ZTB50{~=vg#r#Mzv0fX$Axz^AVD|@KQrk<XuYRP#;^xM&uI;
z<180eGxe%ib)wUH6!LS+8p97Gx1E)pr^_z&`V`t=4KsBGiq~(!$#G=iWq?$@?uE}P
zkuKLp9+V3im6K{anyc-vrc>SgJnkI&BY=dnQOk00OO0K0_WXJAso)Yfv>RAwbiDG9
zHDHfSCl5UML^vrXPHFB+A@OkgcmtY*z@$2^%LymJ_EiKd0UWO7DaKaXyG6$8MX6_P
ztP6S4Ys_J%R#fk=S-x8(d)mx6BQTMWU`gwL*KpIgY-Pcqf6we$MQfq8A>p~Om7jWy
z5k>y%fmT8k%1>54pLz<FJT!o-G*so*h#|d^N>R7|-so_shi<3WM<tx*@)4s+>9d(5
z?;Oz$>t(~U#v8Yx$(q4JfVsN`y$aM}cFBShtcAsdpYAXa|Hw1^iZ(FyJt3;Hk?olf
zPWrQzDwli$)l<gB=hw;XzHM&vk2I(nJn{Z~+N?8Xv4a2b%$yHr=J~`0K-H_%-<)lD
z%OBy9^k65jyT|20TionT9aU`C;L8i28A}`JC0Dl`H$}`R&s3F1)(bdCtw{1nMoN*I
zt&nXxhA~_DlBJ5mO_^A!8s~VS|C7dwkUNQaA>pYbtc)(AQhH#SvTK|$yv`wd!}G5!
z03OrMBvQI9v?0!$qO&pnMULkv_uM23_+RQO_1u_Z_C73{ST194^LgIYcb-lx*19hi
zdyPOMAuqrz(0a#Hy<%(7G^O(3cK(RguyK&!Z?KdL7a_{L#=+51)*-Gp3Fj_TMm0ZY
zRe83=tPpZB{b@dx+@hT1bw7J!q;uzQu>egkP}vg;9m!?V=4K?BAGpBHrQm~csc=&M
zXchbg$Zlh+e6{UcrB|5zgNH0O7)Qc9b37%p%<DJXnu;KJ$j%<T4n+O_p6@UK>>C_Y
zvGND}dKmyXwV!lK=tsr!@2~ne3}EIv&O7y`zroC?Dk7$^5ip8VL<rhhR2it_5W7fS
zK-tChxq8;CGcmg%XB*@n%e~eXn}Upt<~#Y1lPc1*C<!D)XiT&V#Jt|Vi)L2p<`HQC
zgz@`qYm%1_<+U8c+Nlg$1vd;P&cFx-MY5ChNl$*khB_JA;mJ|+;Jxu7=arg*_lb^^
zINt!q-Yb_TX3nVkmIce0FM_QXpyI?GX4Vt5EfW9!G+?^f$+0)TNrUN<=hVG1-<$Hf
zyyRstT_(M9pTp*Y3H18~00OIB)l1UCAa^-7?z$pcjB_?9TR{o;aFx?4%wl*N8mMX6
z=^1tBB<<wn@2@Z&h+ud!>oVoSyFBUnG5q+O8VjZcYs1)f@wc2m;UsI)5-W1WdPZfo
zEyd4zaiG8cK7&6e9&DQ+spr<HP~yw{9<2j~X4+jM5&>F4**tl~M?TWnVC=y7s3<^U
zW*c&DYZn9$P>=JvqL}N?&5R-O5v_@m7Yfr#E-}qV@mq8K)F*z+Br}Z4mQcdvNG#fY
z`U;OiAAusXb!&P8nU#Ou2b?S!XNcxizD?+SQkda4ELlA^inCNl*DO^J{jq`3_B89F
zk4S8wp7F?6kLvR;(YW;+A9;_3%v1Bl>*j=OZ18Z;pN%UD@$sbn6VbrJ=&x$d*-gI5
zGMPN~`(k~K5(9Ih)*C-D55oVj6aRVOazNlel5th!Ps~RsEJ<8vKB@5EmgIA63G*(2
zzxL6uRde{CXJx=8i78A;FZ+jQOe~tE`VS-X-v=(Z$ewv|-uErTAJAu|zV*|8B6~22
z9%=aI;r)|92^=NyRK|GkivlPu4Wz4`AJjOZecWVA($+H$UYdSzxKmv8B~bIm+>WXB
zN@4^|dSnRZvwYQV<zd8S-CJVg+$In1<UP6%NLfCt*3yr8U9a3TPvS`w?MSS+#Rxf-
z;F0sxCd)-VcG_9X1`A!O%vkBINrXRBxC|Ss)%_IN17uNGIPF3($8>eGO7-J$6Gfq;
zUEfN`BqktW(!<jgqW7V~xQ8)zsVV9o>#K=S4Iq*<Kz3Et)YO}ND~V4NCj_!QxlrXa
z^vR_&?#78;Fu*)0Y{>wg?(HY=8<~K+u=C@ygRysIA8%K$jC_~;RhXV&c$yfTICV~k
zO29@%TXpdbHZhHYF&V{G(|ftMd#-Z@ZUR)i8*{DD@a*Q>bn_akkT4tO`D-!YWJS6E
z>rMnS-DCBFcbs=;&HPr*i^hg>xf?oKMj85X)A@}7u*U@=p7~H>NhlnZ*a})qSL5Qj
zNTj5Oe-*q>_dfE-3J5&-ioLG4KJprDREE1b;|lu97Yh}C)dlmLHQ_eUk)Y0@)t?+^
zP*JHCmHg#Ne2yJD8<K2jfH>UxORS0bfo4G=&ye;8^v6f^%XMlq`(N}+2#>a=0@=yY
z_X@w3=`k0cdA8HJPb5-+P@*EhX7o??CNRo(@H@k(9E}t<`2Yg9v;Wy3e|vyU2W+2r
zfaqU5(BHNNDgYmR%ol%HEC2f9|GT=;2>xIGJD10FpHg1@IxhbDkS)X*ETZNIKsC%G
z=_l`$Q}p$aAdiw&5GI*)uJS|bjDO50fFO--xSy&cOI09iw7X9xR|WuPMwv3>l6VQD
zY`BWMfSdUC-`%ql@d>{C^@!x6(QN)`SGIGwK;M-q(kr$r)*JD`?5?R2<hvA`l&^PQ
zG5(QdF(|d{g$f{wU3?1u%@jHD?5?B=MGuZg8u3r{nZu!|S8;$((E&h~G@u5#t9VWO
z_yj<cKL=4l*@)gcd6gfz+sAxD*bt@|Fu3V-KF_S!d9P{pU2Fp)WbQ&*Nv^wL+Dq^y
zh3^5?fM?njFLv^-<8sv@yR*NydzFuLXB1&%;1l=mtj`*Fag;oo(&M1qGy^+szVWtN
z&^AyLy?KUhN>vG;j=sgFfWOF)7-q}#JNY@tX?g>|y0GS;)nmu8z+dGf8^)CsS*X}Y
zt3ZG;6%gl2Coq?FLm?dd*?fLi4|7T+A#nvE`d-J$bl3JH>KUH^B_g~~G)n0e<GfRc
zaKGQKZ$=_9C2|_cM1iVVKkUG-YTPD!RW`lI7Ls0~9ark|3RRvSRW5Sc79a=UQ|#XJ
z)zGS96FfcvsBn3{+2Fv=#{AtIJb||f9tomrX`Hz|Fe<g1)4<XD6ep@m01jFE;MwQ~
z9?AIQ!G7ub)b}qSS&vKObN;z3z6;z~j{E)UIj~mpvh-e?2>o(92Z*AAm3meKAL$cD
zUdKGCpIyj-cp-{sO_EZI)uGqVbL)Gv!)D)rr{trLBwGYhmyMA{zkt~fyBB!29|e6D
z(gMS-M04*yWN;Br`&=C;`n(Rewk$xUTbel1fS{;mdqtXtcgv4@-r1L&w;rLaVN2(N
zr>pIRx#3R;2QgkKp0qLaiP;4wv8Lt?{)s5tfkxgsD*nf80y;L&Trf$p5WpAs=zvqn
zgGbkmz=g+z?bG|XD4(uvVE4kmQ<nqjW_m^FU6FjWV0XTUdPJ*M%Yh88Qy&t+G1b74
z{gp6duYtrj%(`*JaMylgF3kJZN25TLC7W(BwO;CqR=SkHcE+8mJs_O25L9J~=^Ly}
zIlDn{CPztL*H6a|>IcHk6fzlnKb)HWksx@_X}tq+;1yp|aYb@HsBC`Rzw)SsMpxAo
z%#d$K7N(|R4$=OOmN1E39_icFm%a!CQ8%BK+nj@>(Im^qn7*R6f237){qCLV)JXGc
zvJJ#?i?~2g=8Wm!BCe2)<oh0E%`bOIDuCUS<2}HFUBEY{Hwp;=Y2$+sXzpk5TGzqX
zQ&fUMPnG+$we<Tfiee+|8`sT8JQyb^Be#K+iV8ZmDN<ac^!)SJlN?2#kmwaszx|^^
z_frgj`Ek$3CI*Ins_OSKDXv+JX_NVFsMFTZ37XLEDeok)X?U^rhYqxL=^cx#;FxcN
zEB+W9Es`%?CSlR_16|60^@;5HP?3q_X9Tl8@2w?V!D$yI^AheBt#{yMogd4kjcluO
zc{Qi(l1+`4LXla%5q`G~RkI5`Y*QL%JfR?f&OT&3EZnyQG@jk8q1F>BzOs%46d4&P
z9-A7IzWIrWsa=D~YM@40w$~!?vVOhdgUfaX{^{rLGu#i;3pVGT-QOXgyTw;ULG-k9
zis*o&bZ&%S4D15&C*9uylpIp()X7~A>$?D$!qUM)vDt%n=lSHFRuC^c%ZId)nKNt{
zqT_G@Y;squzDgVy5>OZ-Gxk5Kfe#t+TixAV>!=;t&g%`?PPN2^U3o<u_lR4=^?(5@
z9tkh%D)=s}r^zoW(1@gql=myK{}j25YI@j?M2A!^`HiaGGk3d-wE-~$r6N;NHa&HC
zLI&uDDakmlfieD<I?xHmo%*f2tatAB-Pg=#onJE3U_WyqT24@pYvu<4^sBkEy~epd
zd-G<`EE%#~>Ah|3Yo;z%rjg<bofbv74ugs@xtj-<zO3h3?uQo84&f-oU8oD&oKX3`
zU6#WxPL^;Z2Nq71nR2_3=PsmP4YNJIlwg25U1MEC?O>cNq?7Doy?koITz&>epB2Br
zIcBgiaS@0t)4dBHFON=Mt^Wy7saYt$do9EZjObs3B(8-Qx;wAAzF8b+dzlk<#r^At
zOUMRo>BAX&tXpTxo1Yu{AtBM>{<TRYT}gf?40|5U^J@J%K);i|--F`<b;sR=gOGqR
z{TL^kl$Kn_27z089_Qp#4F}5*VxjrPd}4rHz3Z2YG4ywfDO-1p^3$o%o07cUgtEsP
zcOf$(#{8z5tWi(EcDhs*)lg_`wEfJx0-)dcF%io)*{Us<q@IWOdEtR`E^9Bg1uN}3
zsq8c$+TdqK0j+-!DyQ{Ba`Vm3Q{&gveYsTMdlHJBQ?~i&>#t!Qxv#@cMA{iHAA0G6
zGt;b46fM6}LIUqnC>NJNC8MK1PfT2|&P%*G*mrpd9t)+w@~Y7{nq#xm^hZ@{8|PxL
zx~SS+0WSlip65kuB-@r`pp?D)rP*A+-O%9eo^o^cME|C?;pDkv$xSyD51_vES<j7z
z)SYw=57k_&FBfiBy2QK??OuTY=(HYNQ-C+?Vqg>8#RjE1NM!?jmE6;@tNOp)yzCVX
zsX@Y}&9!4l>{!LSMq94MqS4cnpK#l@5rx8SEugQh7565E59&ygK2VM_I+Bmn<Z+@)
z0wO#5)KQo$qt$uUdDkM4-6SphhT}CRakAC%tG#<|lwa;(X`gKj-(4Kd!N6+!QWTrV
zO(dVfxbTRB+TBTJepv@el<9tPlH(EhRs3dY=)auZX*zWxru9oZHD+`kd-+-`Vk)6H
z?sZ5x;k*3Aa4hw-rr6!L-T%NcX$&Hw$fUE(@l92g0rXmVVp>l+J%`k)7I!U;o$g9f
zRI>d9;%g4;Ls(WgP>lB!2BV4G3w#S$nTsi}Fn*b~H6b{Ht9w%1;(dz+f#_T8;DBCg
zRFdd^JHC9Q<mU*67guFDRg^*pcGgj$xN)D_rjz5>Cf=u+n9M9H?eZA)3IcMU8E$cd
zOm|v>gFcwcU6=CKX1U4(GTr1Cc{>K5yfL`Xgy!lpgsO%bif3;`u~Y8QgqD-$T48bD
z+Mkli*4l?eE34Blo?J={+su;}ABH~Q@tb4orJ182*bh!I)tsF;ewy!7zAO^?mWxj>
zT=C2vLKJ`KN0<b2d!;!T(1g-QyC#(1@Z}r9UJX#DOz5wyWMfu;BYBgC!sRiCZud&S
z>^Y+ATVxNC%R?8-COrYKEPPZSvFm^sb4+g%22e-VSGk?O6htcJmO1x?Z?j!lUQfR_
zH7~VRfoH3oXhe3<obW6uG3hPNZNb2s7?0hKHFutilh63hcraS+V>w$q8iPvv%2iED
zGlda%>;O{wY6bakDKGOZhJ4;4O5^^j5k-1n$5-~z;ewn#>m}|rDS^q?oIVO>ii}mV
zlyE?CDpaLzt3jkLhVjbkznU=Ab3NsKqgw;r%uctl>d0DTap$pPtZsxhK8O-9f0`7<
zySBVO@A@Uj>k8{Y!DXhVJ9Zw}?JO=ut#ao%L%x(e9#tmbUP!xL71pj7qB$W%ln>-n
zu^C%}U~J<k4KC-3)>Q21<>)Z>GI8z(-xCHx<L-1UuK7uP`$Lu#Y4nvMRMh<DBvrK!
z`x;_PQ3p3;$%sCwP>8+dawn`~JhS|CA96p=X?46oPJJfZUF~|_F1%Pj@cHSiRJL@N
zTrzKdZ8}XR+3&R3-#<BcNzI_(rF_mdr<ie09Rmlo<DD#wA%sqCFw_y9^f0SbKF<c6
zy_{XmvStC=X;MkwXQ5ZPK5ZdFqY@8?Z0BXTNm|IgR3ByfC0t=gXA>3}^S^QLJgNA5
zbyr$GWj&AJ7+C`+eiLk=u&j2`B?kGsUt3uzFLAdta(y4Wvw?&^;t{TfbwDiTwHVIE
zC2l580+%}%{Z)FdzuXG9_1zxacjPr@6*WIW932HRn8`rwKnqvgGnkZ?w1HNfjV(wR
zm>f>r7hjzReirAi3h*Ps1txmjV+^a<XD?9g6iH?Y#66>J@y2OsY1>+@c`c-6NZ>n~
zL?!Mw5briBt65zZFLy^hM$Ud`b8!)CVnkY>PoC;?%9E`=O6z0XglWgWvMy>l%!}bO
zHmbL{Jh+5^l1k`g4dXBeWW;p2#M8N5s<plIFnmfteL?4waK&zO%Ej#o4#Oem(52OD
z=YPd+m=F$~l*q$mT6p@#Af0_+)G+gr*LjDz%LXR(Ih;aaB@^LB{0eIZ%cs5>jGnuf
z?AN%WfE7}1&5TA?JHg+>gLNE#r*SQ*tw49-!5)zd3xmJ3;ikq)eM!ux^^beoQiGjI
zk~$CVm19_cLOjM0@!Y-1Hp+wPl$c0n0Z)v9_*ERacbAm)I<LnJ`4C|q%cb+cR>5`Q
z8E26FA-b)b&NrSW?ng~VRCcdRMVU<35RZG!%DXI~+<03wdqZn_&yLLkzpU|_r^5N+
zDPNwi!U9)W&1dc$ZHW<V*McZ3^W`85P`HuWCeUWa`-~41_eArU;Le|GsLbLBc#YB}
zz-HG?tl4E}74N}io?mu|FIs&yq9r#T<!mG5vGe|&)v_lrW(K%KTKl4j{tp&M{a^CS
zi{2%;WI#x*-4^91$s2T8zc}|=k<0|=yF5!FwG?JMleodqrkW_Cv$&b7NB5_E=~xAd
zh-6vj+XAYk@;9z!s-hbP+N`|JX~sAi%(7qD`)=vk*>^>1eBAW%zhOPG=-9DEqpR5B
zR&j3`j2}ggpJuEo?{hu-@ozoz5v+>Rz$P|Y&@!oa5OX}8!6vWp=16Dy56B0_jfiQ<
z1aIp74phZ%1H3ih7?W=CJ9^Y|3V<pztTT!lfA7bS9zUu;62t}#K1BZB&+{Bd<dC0l
zsF3^}qdj^Y&I#ae(`Gk|!O{2h_kTA%N7WH;f_V4GSY1E_8X>%0@>j?HSA~kgXk3@R
z(c4{8!f({^KIm`YC<(h%vVF3IUK<9YBfXUg2-X#gvD)Md38kK>vxNVqMJ+Ju%D4gn
zn{j|DVqf$x-~{h(@2AiY!s^#n?r>F=!%^qT!&?8Dlr+lMD7t@@v=)FE?{AXU-a@k&
z+KrjhcaGp*5Mkt-_V-|&p}yB27-UcI2m?Kk=zqZ(R5}q;a+Idscu=}tL-0&P=T1Yy
z&l3bp$=-2|@Gd!+_8*_VN!<`v)Rp9-bY8Mz2}B@;A}_JJA&fU&K1Qgs+`*RhRT!#*
zXDSj~g$1n>?Y`32sf$t$gB4DiCoag^->z<LQTlZQxkLL8De@hAhrlj;^du(T)PT{N
z!>}&5zMPrL*gRYCRxU*-O2l7sJ6=UAdA7)ZWMP!*ig763d7(Z;Yp9$ov-~RmtV=k<
z^OuyJJ@*Sj^pmes@C0QWt60e#E^eR$QlrulI^Zgni&Aj52N5Irvr||QCY*5jt#*OK
z&}-ki$NJrEjd{R?Yh7XS{F9daeI)8mRry1sz7LTRZ#n;fb)H4?=fs3a=%s$!QAnH_
z%CmF;;|~B+stzJ<-x_8z{QF}3>v5Il;%^KF>@Jl{2#N9YNg&T3o)Iu%+dt*pvHU;7
zgk$xtwE`G)i9*P+$cIXx6A3x<y~`v=kjjs4(vz1Bp||RpTIFfb8RZ5#2W4wirg$Bp
zrQsLQ@^hP(;#j25iv5L<55nd$srDv28}u#D!w~Y7^G$j?dkW1K_gl5jlUH!?&<xMe
z)sZ@bz8&efBlxY~uY<G&X-K%<ERshNx!k#cs^YO2lc3;w_!?Q%0G$}I-%X|vP$v5j
zR4BGhe2Dr<NXHV-&jBQKPdhk$C&w`6dF55xf2=QF>3hIG<jO_yYiMfT=M}(J=2P%i
zdjH9dc+=(hVd$8#7kk0$e$i667?S8OPn;>hA!1NJ*xw6CS=m=5Yw!|h{KW-*B48?r
zqPnE>+<NYZA_&99X%(KMvh|Gnip-l-4L55Q1_W#u=AKRTCExCoE~utz)70-t%A0h&
z0%3(@|GE<)p*i(_cXEYs`p4__&#+w{)SpXUZn93k-s~;-wo6I6j@Y&{Pge;M%VN|0
znNs4JpL<O}*B;X0MTgFe4Kz^jjWF3aeYfzA>Ou_xl~E7U(%k=728arfqW=~-jn3LG
z&%i_WXPMgX>h)hJuXK1O2gu~jZ~rAve~t>bA$g_2m-xk~;7|^a3g^1z-LY_8$h-bP
zH0baN+8*A#|Lgnv=W4Blx_@Rg@h{Bx?@UF@MWpWI*z~LXVUPWP`*%93I0)csg8-wx
z$$yiN=Mpyo`F$TGvCR}Uk3XdAgOTGK#Vus5<PbdtapXM2xYapx@$*B^-wh~l%xc+x
zvnR(G5dC^LM2B_Je1ay}tbr}p8<u&==jH0HWk7p+3B)PyBcggF0PwQuJBQb(0D>(L
zvE$KGc7sOrMXSh`QD%9k+_mw**rg!+R9fOqBy!OdFx@giK;)>I7wmAR6S2n_o`A@!
z8yf!@?qe?>fcs|TJI=3iQY)<k@aYD;{x{-eNNp|v7~x07?t(yDu?2M~>`5n3;9k+I
z540G#W$uL%!(XbmPhFu_>jCjZw`c7Q30gp~Q@DDe&o_|bOkmvG-7Ewsx<B}yMO|3)
zER;0VITu7!sSib1c?hKHKfa5fH-YzZATw$8pXERki2@_d9K5h4X?s@}MeY&+$g$tC
zxKY6V4KCFZD}mMGtc${U`JEse9Tku<;V8Cxzs6mJrZo!zBIWp}6T_$}r4U%-0i>Ge
zuFrM10Y2@Eb^p>y>R%w}6|mK)*?~_W22jt2ZU86xY0?gs5$GJcpZSpp=uUwPGz$F$
z0GQ5Cx7s7wc6^>muTAnpMH@tUd>1ra^V$bHT{4p=gD&4%dA2)$brwQr_W%+yy%l4T
z3jx{RRHB{6SahRZ591JM&<%UkAKkVPn2pf~!s};7cB5rdkZKORWPejN<Jrx+0LI>>
z;V+2i#`MMej0_IT^g#sYo(Gkw<@_9>G~0cM4aheh4%Ijhx5LX{<Ugv@qT@gE)ngkB
zU{5Sl%WajbfPUfI#<7L6RXId6-QV*vG5-3~B^?O0TQvqY)YOEd%M5xR8$j^yc##~e
z7H-ab$m~J<_ppYudzG%mzm8SEMDvNQBIFI7cn_jMM(~C%<qL?s%BEApKyPIAettST
zx)uQ^yygu9+U+rr`t#^MpMyqKHaf?j%LedpGNZ}MXlr_IT%ZuYS_+4JW5@t#{Q7|_
zSS0Q!joamb5x=LJu#CJ{qt%D@V<j%@xp|#?Q!!iu-^K_{CLxu@0P;E&k0(*IIqVe3
z+#2?B$4Q0Iv<{BqF~Y0a<D;d}Ld}=VW?1Skue~JIdU{^~gw=b7aNSVsf!SlDO-W^H
zrLA&8tgRmexu=1<NJ6CC881AA@dNFMeIdl{6E!p<ldq3ejY7j<lly8pYfc-%_O}i4
zRsoFX)~5!@c~0h%KJJ-oWB6BlJg!!PYo!Spn&1E%>)w_OYQCM#MKsDybdr^z51=C>
z#PMKx=Z3)r4#WC$zE7i_HZ&XnGnoe!a30tP25$L~kJm@~DeE;J+W27Q(@4@J;(>YG
zyHLp);eZZp0YtZ$dO#MLqw9OETFZG`&jDipBZ*1@Kj}-CW}Ii5l|c=wFCaniCRbD~
z5FoqXqJceZ?t8GddDYnh2yyFyS2N`-TY52{*CuC*x=th^z$;6W_|w((9m8v;#o3I~
zj5eb0i{UR@Pak+jm>cN-L;~g+Zgh9{4?ve(0BJjXtJ}fs2O&R^Y}c?N<u{it;oHbH
z7+@dKNhH!Rh_d$PE$1uQh40Q7(eVcjgXq@?G3+z}>drx#I}c+Ok`%KEV`8do8P_uz
zeu0>e)25yllC@MmG=q4l$Z5M|X5B{Op=^?G#kG(*BCo3e{Dx5NSLs(b^w?hB5I8y+
z;h-1ysK2<aEZ|klFI5tP$h|bOmK_?{3$0#dTP1w-v?%Yl=`Ge}+q}t)#3<hTNc>TL
zO;2$un}2;zb0;P5duW$KoO~&G6nLjd+bY^Rb1Srv-NON3T$}f|veBz}QCZ=X-}M@d
zs+bo-alY3XTx?ZSS$2H}mro8&KKhFlc3VFZWA75CxPq3w@Jh;ey_{)*@AT)j*I^q)
zS)Eb1=h_%Lfk>s%n7*xSP$_)9tdWbgd5AQaq5GmNnXYEET94Dcz{|IOmZy5#5%wIl
zPGhtnbH!0JnP;p23^#&)8ZV}f<0nox@@Z5HpUPc=v#~Ar*zzYCt++Y5E$4Wjs*qEj
zJ4jG{hVFUBr&?2+T)Clhq?te+DD_>xXhP*Op-|l_B(;Xp@0<RhB=kX(MatZO{Y=8k
z(24~0i<n6-Jy|PkI$vq%xM22ioPE&8EZ#b;ne$-P$Tw8e@8p?~SB;HjH!%d!w5OM0
zg3mX#o#1g=K9jGN7d5U(IP`Fl*jA3NW^heNK037F()znUH&e?t)g3&LBNA73pNF9e
z{jha8aAa_oJ1$06u|vjB*u(Ewbf=!|?lsmus<~^|O3i)p09+cS8}@N-Bo@x$*wTI2
z_ZehD{qwbDo_b(k#M$Dyovz0g7UTFa>^1+WH+P?mfIZd3%Ig@9Z?+~$(I3uLMQPYj
zKG9*wgB`6u?iTNIRaQ`$(T&XFqSiHrFAsNpPRv2R@U_(e<4J27jJFt$Ng;w-(;qcX
zyz=M=5-21$GS&O`j<U)Q(j~^)5vAU8>lY@VtgSji_rkJ9PgHN3fR}UO#i+a?cq3Lr
zn)9k;_TyerTR2ByPoC)Y19)#zChR1iJ01Vv314w8$T--NpZ7w!qj*EIWf*Yhz6RN_
zDV3>|u4oZ}WH#C3_-V=-z1_8lS4|`VCn61o^XNGEQgk;s(=`NQUL{oS0)IC0z4$ZQ
zt!vw-Aj{x=)G@jhKI^eIGl7L7-GRB(zgsQwZ|XpGw~e6(liP=R*bGm)ba*{+1XYtI
z?I8EJkFlT67e{cm&*KXSIfuP7%^3S2{ce7ziVbbOlHdMkgT&2P5}Yxmo`BP{@88IR
zzH<<8{ATG1;K|x_OpGa~5EkXuS#!25B#>micyDLja<+Z>u@9qc;C^D5si3d%F5gKJ
z5#g!Wm&S;;b1<>mG5VXv{gp9siCoPOy0i-H7;qvXE}VO*cd=}-+m*lx>!V6_&iC(^
ze;qj_#GijVIV$fipNj{c(XeKsFWEKJvuT6p6jJ7s7VA$5IB8V8cO8<YwwwS{Sj*J;
zRkvUW*tJe}UU1%>pRA~~LMBV>jUcKI&T?;xtIbsj&ydg|3+DM~m#YB={Q@J;c2|Qc
z09dCY(sGsZ`e^(@l3)TATEE(TlI2PuLFc9pHL|-6$}IIug}N^5Z+k4lVZhpa$4pP@
z4YhT<VlhXXIYBBp`cvmgBiz@E_z$Ij-Z4raC$@!V)9P2ViNa_lngZPtRLRG3<~3e|
z`vK}CQs;xmjU0Q<H7HXyYeG(1SY~<4nJR9<=5R%>o_r$%M~(%cSf9jbt~1A-X|#sB
zN;<`<A-;i0^P3Ii4uG8Ef{?Ftawus1vC6=#BZFwcn`v36j3<tjc;h9PF_Wm;=!Ak4
zaW6PHhL95_=W%Z)6@45@y?!KKOrm|qrONWwQ~anIW=3$THMHzLL8#soykU@j&9e~o
zfzwM#evsHLhIeh-wT>}zc-iin2R09hOAFU6d!)|iTx3--^c(DZ)=MQez`DA;n)Cxw
z^~DDs(SC?jDR~NOX0k~!Iv{O(dDeLa<D?K~sWJ8JOF9J<!6SVPmFn>B<F{>&Ko}O!
zW6AT|7@Vu-uWYv~CzSSAH9@!8LJ6o-ZaeqF>kNg8R#$dnHQlJp$DkObnLbnu{=E$V
zzrT3w53<$A$^)#G9~{T8J10r}p&?*Ftl{-fPfNM|hFm?zen=035LObZqjvEh5R*$i
zf>?1yzf}5Dmb?aN3%_}aAtB}e3oylULF<y~JsGR=4+QKNSf&b%e(r<sB7bPvQ%|9T
zpbiuax&e&x8Q%Ap&%&(JKlfzhJ<XjR9U5Rx{99XB@JNxXgIkOxg5eQ@8rf@>SY^X`
z?Ft@Q|80!-{(nZX+VXOd1EgZYEu1JgkkcRvKfs=_s_*T6K5`?M+pp)q*<3|fZybd|
z?(wfrbKPMB1WKH~*oia<fCbtq;%qhB7K^d`hn@~Vn5J9Lc3ye9G&GZ(*6xL(!;g*p
zO<43e3UzsY4#*Z`@W85oy;~dX-LDaQw_X9fOOa(YOPUq+(^cghc!B>S<+^*V5o0Au
z1jJlQI9aE$188qCD)#Jd%+K;;8@9qp(>=KI=pNfn=%SRD+m<YA>7-ErI9F?LLYX^0
zlNi~JC`w`HGTCq*=CR=0q*zJiAmef$^cE#VZ15zK2sU7QelhF*7vrs^;VU+C>JeOe
zo=C)9I}aM=SXSrh+;Winb;rK*)=P-jJvyo6!=ccaUD#>7{4#c6jyJ;kZ|Ppr0SLtB
z&Ci_v<Kk8_s@x6H`pM<csO2as{$Xept-?4Go&Y9!t?|A<$3Lwf2?Ru1$!1bKdeMLU
zdr266xz6yXC5Z_W9JD^45tsZ+hWhvCW?ryA@xLn^xj()@#I-}O5)yyMUSB^awk<#Y
zk5@n1w+f#T`Rvjc#nwMOBLa>6O{(>uy$H}4d&3)KY(O_OLMC%RvJYF%K2dW|R0qMM
zwqzgc>DDUy^%=c#ht24uwGZA+ghHBZM{4m?fccrYpSi8^o(VmPO&6(h`wa5Y#vo!z
zO?6C`mGL5BPXn1?XN8l)X2`})%aU~*8jjk(;F=*Gj$MFiw&S9)BqNOwxU17(QFnp}
z)u@}R|3_H8dU_c<625`-ws+8z9vP&-aHyRe<Bky7T@2!iVxqsVuXh?FkGnFWtO47c
znZf<gtr%MA@*wa~hI)pQuZ7=gO6RU|w%8m=4~W?$2+s*V&5{kh^cjem7{Q>;!g_Tr
z!T-!s^F?LP&w=q9@i7Aee4Wq*9mA7d7q~y80;y7Q_mu&NF*@L$yplemmBYIby1>=O
zk#v1B7n=Rrf8U8MaX0W9uB_`B?aeFh-@qnTuD;}Bmcc!5u0QssEclL8a#3zFRRHb(
zS>`A1eJ<{AT4u_6W6!ZGkB{ntfbW!g8^`|{y9&Lmn|8O*R1}oN_!6Lo4(46SryZ{~
z0_3Z#W>glDgyY|OzVdeB!$}t1`}fZNg}l=ECr4G?CpkS0C9;$beHf!P@bZIno5khf
zhxGwSPQ(9iV-{Qvj1~oB6PXHx9Z5+^&UQV=!93d-rgLZXi|cf%ywhZ{&}HH8AFmk@
zTXyQA(|Mv<l31QT_u1eyHWRkz1C+|!GU1Oa9Y5Lx;vB-d=cBh5u9dd6X=?VbudAr_
zmlT?c97D%{ehh==n2YL#=OY6wKZ=>)KhUsIfBhUD(vYJOZ$65Y!2H{fT}bF+^T!FW
zQL%h301SLzfZlcl=LU1QgBDW+$?l!r2Wl)&;^0ow4RZocCSHPr*?L+<MTHLeY0+co
zvN*_bOlWUS+33-uEWlZWSwACMHtlD7`6dvX*qJQ5!8cI*h7QSv$o09>!!#Q?;YfD*
zfoqiW&NK`j3F(I1zLrR~dK=$KqO#|F>2S_1vwWfO!~O8Hlwm-pbUlK{P^ozoktzT(
zCNO#V<0{C`3K6$37HDYU7L|w0_5cZ>w!qNy<Hj%=XsK??^%#Z){?<b2qKs70!@_=>
zhBxuk97*Rv%dx&V_;LEP>w=`~2<VsmdO_xLk`~~F(y5!I7r%-Ce6|EL1AoBGHZuSl
z;!MDDuHn&qee>Qf^fL3HH7dyOyu&*CLy|G-ArdYxNxTUYKT6SFka6oj)TG1F)^b|E
zUBlqW$;-=o*r3DrVg|Ck;V<;N92@!h`2`R@8_Xup_2Td|2Gd`9Sc{Lq3>I1{Cbdux
zEvZ)pI)on6XwE0yd^rtJw&naw`Bi}IdIA2^Pl>ef9IRr*pt<zwxmsre%c4k<rc-~O
z1l(kRVTLIZi-WFVx8xD<9B{abbPyZJ`sN--A7^+1sRLpA@wLEdKi-iJw*vh=2=}xC
zIs{USAeQzUgIDQID$m#vA&5aRxP}bZc&i$j)Bg=T^$#Jlqo_e!bqg^`o0d#7An6tJ
zZ>2eyd#yXZE2qHi+xT_eIdpspCKo=FG|$-PZP0SPZD|cf#3T$il$jHOHQRu3ClB@3
z;VqU5;dnZbkW>)U;1~MR=X2hTeI0f~F=#W7WuE0xfthjg6nkkLK^081;GC8BbZ2w5
z(73+dt{l<VGS{6u50~D8&d*{J&nxgP;D(>{n<EVo`6Lp#&yl_{NmNXa%&kKvyNpR!
z?z7P0uVa$%Y8nk0^%kVB&vY~ZiV>C8@DZLq***{QF|KA~NYsTGXMM)fn3RdQ($tZJ
zjK8^J)R~s1yF;rctZ|BmQ+{C^nI#dx^O*_>MId?BFRp;wAvS&hQr_Y*A_kc!U7=ih
zQWI8qTkohpu6N#5O|3AH+ZuEqxS<rg&S<-Tu>0}A@}+xD?W^mUp5@QrmNhpZJiP58
z{B!AL?*VL^B13F@@#(!aL=n6Pp+Pu<!ImLxYg(<mU!{*9tN(V_DE#5q)5w;_p~Fv^
zmnmuG$XjX0-89(SykuYgf%nlq;Fpue@*Q$hQTu=jl_-x>rEJK?@9mr{yu3hjK!Z<%
zpW<63Nl|n&{>pmv56A+D>~+kzwrHr@gUL@ovUyJ)$?34geKA4J1~U>hB;D~SCi>Js
z?(;bO>P5s>i0B~e8{3>9_hSy=Cd*(hC#hit0|!uiJ~@t_Gve@O<q05I;c4C$vaMdW
zNQw)9ngRha@(l*-1T9`NZ@;ZXyOTx{Khf|>8ro4OuqeE%7j!!^<oQIq;U}r}8?^M#
z-X#U+AQL8?x`go(JzV&S-b<6;Lo^pT69ZJ1jh7it9>9fo`2MBRi`yX<9&CN@buH?;
z94#aROP+qgyULezuMfaEDck6K#N#toAR>g|=>Ca%COvhIDaObrFOUf}9GZR4$d?pq
zq@w6GlrAa`2umew|KwLYRVGo~xrR|JASHRmo@Wm1@22=w@)VwxqLK1~%QxF-8bLWW
z$Nv<(<cSWdMrqmZAK7A%x=Sb>t4{HOLM{B_-Ja3P^6}ui#^7`@jlI1mm(TfF{$>0X
zjrkX8vn&VDaE<n8Cw+JJ7}$F}iH}W8i=XeiZRNHi^(EUecr%Z6{y_}3m&2C$5@3Es
zr?;X0nLueW?Yyti{Ect)6sgQC;OW+MEV%acg`J=ZrD094NL^(c*Ov0+Uk5^>5Tace
z1LR1u5C{<hnx^6j>PwP+*WohEwi*!TD0X11aW$-qHWUgQW+fIGJ=8**EGq*gZUJnb
zUJ!3i5t~~dD+8kDPA>>P@03E=Gcx|kBDf!*_SWSVo#!)J3TsY~2c8Q>E5#!sMt&0k
zdF)e5W(9Q3XX4S1)#0XZ4<nFdI;5X0lm^;#n9aAHw0}iq^JIM+sDRB7-}QHn?Qtto
z4t<;Qab9(8B3fulSq^Jc!v)CLHCrha5~<AT(+|>Zg9RxQKgHNhgt>7vT}GC^2dzRX
zgzK>>y1jnN{kSxvXapBA6M-B^*ObN<LK|$4ce~{%L{O>x=x~nBBc-j*rg0HnPi@K8
zp*HL}eRqIW#E|shD_&b2SH`uZ@HS@{O?7qKN5anktir<TzFSiBwwkun_(Vdz1&4Gj
z>3B9k+9jE|JoG0+C(hTcOHkcwI==(EBr3=h0kx(dUO)uVGIa6voRlWLlT8NJu*_vg
z*cT1$zr#7QscA4+l!KI3!*abeWTXNCTfGWrs!8q|4{tPJ_OmW1ZH=SRVcv~8$*D9l
zUc#uSLCvYf51e9|=FiQg6s$fTJ_byIM?QYaq<ZTgAr+|adBivE<Ie9t2;o-r5$X8|
z0WiZAjUi-`A>Tw5*yZyO+)5jeLd~c4HTLYqg<Zxj>z_h)8&CZ%^cN0xE~m1o=;N_W
zZA<YSW7g9ez_K?j!9qvQ26z~iCTR=TWarZs)J$q2f*_%ZtsBH{T%N@{v4FnbQxz`A
z&i=kG08Gw)+Ug7K_FG%~sf!0#ez|xq4=`Bbe9yA#E<J5o;rJ#w?P`d7la$SCP%d)B
z879UERNV*hEm>9HV44tbrY7#wtt9$}vU`tsGgUK6v?|X?)U34zdc7mIWgomij|$$1
zeMEy=^-CPOXtMo&$SJ2k2ji!-yc(Wq;hZMV;$x++dwteEeMYhMrOMLXPEc;{RVyvP
z>{UW<Ld?f)d4XA*UV)<XZO1}p{M7`%SU2mfe0&yewgzZ($!Tc?!>(aIYjY3!;98{~
z>xz1stCpB~eTFGfeS5Q7iH)}i#0JiIju^SpE!Q|5V61xOQU$pMFSi}5{&=uwc9?(g
z${ZP(8ZBm?A$|v0k&-k+y|?lFje4KSSC)$vpTKi%@Zx48Z`p`<evj4iWluf-J9L-N
zgktbRDbOqAlJb44*h_a@W*q8?+G}3Fju3y_$|z;t^;5n)Z%l|H^6sn)Gb-?&R)^sk
zFF&mGPq#&?G|^IC5IQSLT@I1h#`dJnpw2miODI@vV@<TgS)Qk;kb*L`!<|TdM`!V7
zGhq{%!c|A5CDNSOH!C(dS@}Uua-~B6?+NB?(l>6>^UU*v8vOv?*QEJMN0x-nl9Ri(
z3`M1lgs(aSYgp{iNnWHF9oDP?Hje&1L(e8@&ho(J&hO0=WzX*EH*Jvyxux-xOhQ`J
zC+4LR@hWycuuVknI&pI}F(Z}mPSEp#F2#ZFbo&514i0(Fe3R{)i;plln>wOdgmBPZ
zf@%CG_(@**d9#P}Gf9`O@fSBpm(dH!X-P^(oU76_Eyd+X8Grwfy@6h-GGEX=&?~D}
zlmm$s`SJ?aS<OKE%_O)i7G6yAVY}oJDWGm)2DJ&AFi!#x`Hk2R$+ieKEN*BRq0V!6
z@FVId9f}Q=Q!Sr`rbnMFU&h_;3L@9MYnT*-OkuV3Oh#|BV;0j?p~ij6c-362uN;Oo
zMM_tswG{V}?&Yt)bKxHhds}sLwKwVKZ23ix)%|6T8S;xbSSiXF+f0P7+@gc_+b;x8
z`lD~um1`f5^PF}$JaD79uv4kNuQ3c7;0<)Z!TBXjx;ut3@dBk_81l+1B#(8`16z(!
zPxQ@TM_pq+K*j0u8t6$+T|?}YP;4K)l`lDEn~3Fhp0t8NXBv`8iA*!r8A%g4ge#cn
z%ok$cUBDedCiazne(&z?-WVnQJ@7;Ei|XmZ^MVX+s;ZhDmzlq6CA!wLuqO?&zTa1`
zkT33JHDeCOO`Tw0k`gYoR$Rms9v9n8_(2jr%Hh#_L8(THF30oqVpoZpkm8^)xlZ8L
zJDi1v$Y-C2o;$|`&$hKk#ooLhx0(C`V`o?SRTc<Bl4GMi&#u5Z86)>0#bN6~h(c*8
zKF)lx=#-y6%-d_(|Gwv><Wk?g=^rN`M$%v2@XU!cX}W})>V0R)?#!y!mrFEU94FLh
zXb%f6eHr}KU(6URH&(0dXKzYzeER&{x_G5F-wa4~TihK$;~yjOWVu-Nvg;rz&IW16
zc>exmy_XZd1V37F!-tAG3u-NWMVA@4qnQ?-nVM>#!&JBY#QP~($6u)@=_zZ8!;>Ja
zn2H~huy|&Po1uXitn&AFvooEIM<1^f9mv!cHgM_WU&U>QX@x9z@4fLVe_Csz73?6{
zzUfD7hIjF?*vYCBQ((UJ+RAV^<(15aSV@}UqEnD#d(?|=rfe^*+*1g&$LuH_^%XEK
zzUJb$_UdRcG!Xb_i{FaLN~KcjWmf#8f|pf)Ty{@gR$AGc4AYIBfqbiTs8m%_NyR>Y
zTJc1)*LagTwhFq7qf{wpgl)j4QQ7X|{?k@rqPQX>!&4soaXSt4o}%nkn!#-B2^VY?
zig)U-t1K*sw@rrx)muAPIOVLceuTUBw{d3a3au>9WA-qrbV9&q4_|^Fjdw?>&uMI3
z=R!ML3m_aJuXIJ2u)~AztF%bqSujTh&ck+ZXAb}D7;nldY^{~IQ5q<V`6eQwBvsGi
zp`of)cxI;ElKoW)JG16K5j&=-eV*5hT`a|S#GDRlZ-}_euMLocTINRlkoj&SnU%_=
z;#djEkdAw+tK-qnfGxhZn83uw!;V_yC|+gle4e&|%aV#lf^oQj?gT#%URhiGITXa}
zKYP|TU;6QRo~+sON}hhn<5}cSIWCgN2F1rY=k7G5jcUCnsd?{%x}4O%3IYZ4piOe^
z*Gw^%_w4pp0`Q_@>HFFxO(fs6ax`fFu=vsEps@T<1V)Rh-V2XloD_-0ci~%Skn0ic
zitN>ev4>uDnwgQSDU$^pEZBAEC)pG_9lUq;6^Dc{*;=(PyqPVHUv*HEh`EA$GU|hE
zNHXsu1x%O2)=e1aris9MM$n|bWm#=_!<}l{@>Q?=GsP=iIwqIgr80QtUZSM&U*D;*
z;sokML&KE$eJgcYk#?`9XPMf>%NptI^ddR8hrTs3Y?^{_{uae#v6AVe-wTrZ+I%8~
z<#zPgaTh5%8n>c8F4(lV#>MnAyEWqPIc<bj@N3Vq3&R`gqRf2pVDqc_VWZD<-lbRy
zI>ckg*t#Weil|%`jLQpIEcUnD0ra}ds#=Gp<U!KwfC6<bc5A^7PX}p{5&k38;J=7~
zzaV;3erSrUo%~Ie?Xm053)sJag}?nTr_h-e>YkqN!~7j$U<8OEQvC<cfB)}aAcO=K
z{N|zHi3RlEpD*AT%y(s*gO>e&Ad8DH;Wu2-$8FJmd%jx9V^!A~No)Xx_@9sPRwNd{
zX-&;22v=k$OB&&z@kd90&-wnUq8mR+5b^Y{*O=HzQta&x4=0DFkljhcnGgT92#u+B
zfouf$@-HvsSicQUNTW~a0*sB~y1mt`|L}W!i3?~Qq#Y5dqEuc|o>sqJ7YzP<^Tr@&
zF$T#??8{>qw1lsFLrg#$`8BdFCXG^$9dZI-P$$Ujp6)O!qhsgc|Le1CF7!_~tbB1n
zokBO?%~@Yxzic6I+iDSr!0j;0I~@RX#J*{zJh5=01sy|0UPW8QEFRaIjfJ`O5CTHw
z6Frg>=mmrIhxGI$&b#x%)b-~*P?j^Hf!z=kce7r&$wQ?YO!>U#u|I8niKT>%I@u^d
zkJbb_6LNBL1eH@gebq&D^V4PQi$TvP(CU&T5(1QZC@3gE>e;-fR5Q{-%YJyFREQ9?
zo!g+<%1OhiH6%S*`;4BCXe_a{%*@zV4<eJ9_IHXLVI@3DJp$G<4?QCkWhN4tqnZ3A
z)4o;_+r}({fXx^pK(7GY5CQ(}!6rtG_u<dc#~x)w^=*u(_gIP~_>RX{3LUO(n1Ga*
z+wpUa*+CkgNskJ_=cnagqU9QVGxg}@?BykXEm!?mqkB}n2kK;q4=&k_-xh|F98Crw
zrPmgiC#&aw|1}}9qTcwqMI7QX|5$K8;a5@G=>NMsQ8b@16#9sMJ}Kfoe2<3!++Tm_
zDe&>HhyVRM)C-*0BF3%ZCr1CXXkk$j+d3cr?WZmnL@0Clr7y#s|FbpV*21*#6YKY%
z;xH)O^>v^Cj16(USNoke12r#a4Sg*U`a3!WH8leW=PiKzN_ALIlQaA8bS>Td0xlrC
zG!`AFrCD|8Mv??HS@rw?$rHB?g3!`<W3JnS#h@<&sCFO3(>gOd+ppcXnvk675w0-3
zFCdPa6vJy2j0Xw6Ap5$HhlhuVfz)1$PChw>-XV(OOa?yjQ1S%pxAVu3NBQ~7)y=88
z9V<q0k%u1{KLo|x(;dcbP*Ra5G~H0`gr1mbg`SkEtHj6%v&@05Ntd_>vdJt&)F~@#
z&g&o-KH`BM_<)`xxo8l831lEnFU(y;578k)$Hyi*2f`^?u$2M~Mj@oKBw(FJLyaJo
z$g5GhOcdmT!8%)vR5P%G?IRsF@r9N?euxcq^+fFV%!|_O`GE)Fo7_js#iBnbi7M&(
zV(#!U46c9ObGzUx2^H*}YEa$He6=Eep(T=^p=(PjKkr1?J8zc50OQh$yoMxfxOc=8
zC^#vWd$6=;rzT3AI9etUK<v}j49AnwHNEX&6b+V3kyEz?Q|@KcLa_j(6e;(eeJy9%
z16VBpx&Kmz<{-5+4Rq)KDMKBU+mGKI){oNo8rE=X==E;W#qJOqbYRY?^JFCcTI;V-
zkv6Jmxy1gy@O@BW-(&=!h`B3I+|N%gSr92;)G0KHZok#%KSIh!ALr3oSfA-HqP%`D
z(D4K)bH8d2mERZp|2^#b|L{UI!f5P@uaM){62{}bTSkXQX3&)1T_WkcYj*uZW+rE-
z`%C=iC{uJ8RvnGxRe<6xO6EmUh*l4bf7LT;V+b3y1*#<%uqGbMk3FH!_P0$SVAX7+
zR0l$)Z6FY~7Yt7NtZ7-IssoOP2Ld!~o)E|Yhk4ZFf=<zP6WIgh4wHftw$30yL=1Jk
z2$=(N{*Cbv?H;(&MkgqrJf8<Ogb*2^NT}23i1QURS+*cwD;?(xf2L;ntszF&&hMhA
z`LmzPH6}|#pE0HFVT>(rX|C2K-P5A6xY(y47(Chm_yAZrxl*iRTOjYs0$=k5qi2K_
zWgr`|8FnMRQXB+#x?Za`*?9nZ3rk8$7-~+=heFjwrX?c@<)U?bSVv#zYq3v-xy5oy
zcX=JRmhQdc+HL1}=cFV+|2@_o3BV}W$jsP*^RpRZ2ad9+XAWEa0h_9kd0wfKUNOk_
zFN|H77yH1TB5#C!bGGZ-24p!i*v7sI00y}Sv~OleesaL*9Q<KCkvc>I%p-~$##G%{
zxv!vvG&6`acV`C(vY?J3;^wzBOy!wq>qSD1;TZcF=28&7&B5T*0tAJ_Ty&NG#eJ+0
z`7=hGl1=gl-TDtAdBHb99e_2N!Pj{nu;#NBs3A_h>+e^nReIF!n&h|B$heMV5Qyzz
zimlo|Gzkz}0#zd(wM8%7Q3_x#`d1(*7-wNR74$fc8isHQ4Z7+=SeMc?a%DJV;A*_G
z%nf?`R(dRW4fLeNKS|VeT<%H!P}9R`N6m10&H<s2{4vpUCbUptHWxe;&DPElCI#lE
zYa&&92pNKS+?}_EPfRLhoOWgFzyJN%^S*C-1Pa$xG!cam5_FpjH|&S>W~O_%1BHFP
z>ziOT4QE@)QJC67r1pUGWH_H#RNfRu;*PC5Zp&tPy4^Gs-WocN^tZ-!^dXI5Dla|k
z7xSQGCpBzx)Y)+f92R;SFI40eRYr#LsN1_l3x4`%`If2*V}LTXo;Mis?^TIe2lV&~
z9u`~KQe{TJGQ~y3yY%1NvvndSZC1{pqoD_>)}V_S<xI2BR|OtI_D_I(U>KX6D?*f-
zh~9<c)G+vDXX<5b;1Cejyak)i1ayR|`V|Yvn0X`;BDZ$h5&{Ak^t5q{u`nK1ZGy7u
zk-$nVoypIw<psxbjKZGBtOB4<;ojcPb5tco%Y03$JP<GtR=e4b;F=Syk^~#HA@&{g
zc+QgDw<qs|4?7>}UhopPt*-Vxc{wd#pL=fyur%XWloqco%aIYy>2YzN>Dk5iW*{bM
z^_&9Zttj$xA|5kMEez);qNHjX2+b4VaDVIiNJE^6Cz7f$0LdI(Xsr&S$DLWe(0Z|r
zyfqwz?Q05@Qba_~DuUI2#+Bv%0gQr^s^ej?gTtF*uex4Xr_B{oUnC|E3y*xPZ=}Qd
zJ(cn<Ss;idtAKOhG|*J*-t0Cw-$l*pvmreIVmdZ8`@(={_}KWV1^lWqcJjHc88zXx
zsVX^-5bq8$ZBW4N!qTo~ec3$+Se2HD;8gYu>T~j#kOQc0F#<|VtS5M%iCDg9Uk*+}
zqB`ml1A^uOoxRF@35f&A9eI~<05jlA*1}wkRoGn~M7cev2{<K3w@?0E8|b)x6Df@@
zR0#TLt=J-bNSk#jsr0_K@~I!ZUH5ch0&@WKEjMCaS)*$pM0F(G)X3O5j4<%^<rlD|
zQ>vBcpT4O4T*f+nExJXp3bN4o^qeOe!#Etw{aZ6^UuC3k`i`JaX)ePK|JKC*gagh+
zFkK2i3D4&(13P|4^gWQYHqRmj(Q<wgsJjJkF}M09C>I9IbHF>2NI6{4p=`i^t@JED
zvF>5$5+3s+?5VKX50ZteZ*7t^$0Z`6D>iS^?1<bza)NW49TBFd0A@n+ZQ7mBx<U1*
zxJWwNe;oO7Q=%F*=)aS9GoGvF)Ee%82X)=lJ-@`~jsQAjC|9(Io-DS?DQM_dL$KX<
ziiO;64-@7v)<gqb0o--|F8QtkNS>(4dIU4CPbpc2uUTL=FH`&dnfJDI;=Wdfg0EnP
zc$G$%(;ogwyY$q7r_5q|t&u|GtZxK<f^c@U593QG&a)=I7|)Rpa)A@|4IfZB)#OG+
zb_bs2%YgEC_ZVf)_l@3e2I90f=?&``<Xk*LLM2v5%mucOjtxz;{+T|v^$i~zbf{vg
znJr)9p_kQ)BwQEajgo0YISKUs_%XE;<tY##KZZ8hd-s`EMc&*iR46K`J^M-Viqo09
z1EiowkfABzX)-($!fEcg3j*dj;_0{>uk^JZeU4BSzk|TFNpgjKHu;W$6Fv4g!jx2P
z(#n>jyau)3oVpyl5wx~bqIf&USjAsv-Sm~Vz2S_^)Vp^#vLV%`_(bYp!9-RA-ae!?
zmm212$8V3U2)$t~BDU5D7|%#CDXx@$m=vt$eebIiV<lDSs=Tto3r`2;nJ(a87jtc6
zJRRbuIbaj%b?#3%zA1FM2{e=A(>J?iH*1oLr0;jtldiD%hqwf%w3mvd;U6BuLmkkE
zuc%&2PLJwXW3e-LhuYSY>HI#;W!QNRi^6yaz1scTxB!NfSS;a;Iwgt7xTZ3zUL)SD
zoB4{gXwOaNg>b+3-)|LHG`y!KX-W#Bg&Y!T*E4$Yaz@NPu_GK}7nz1hlZY)P6}nq&
zuj}|U*K+xxJ^>Va-RX?!?x^I!9Gre9NRqZ5XA}u4IX<E2xGZ~3@uF=96{g{;3whF*
zbYfA1n;>6Ep8@%Rn&%FE*E$?T+cia%wY5N$?oI0R(bQ77oc;iu&W&Mig3mAJR2u0h
zM4u>$`H)dkU;Zku!j$~kiEAet<dBb>F7xT5{CIz|$w7IL8SBdUxKBO+P!qD5S5!Z%
zSgz}?Vv7A=?VV{j)qB^+!<H$BV@PG%By2PuLuPi!JkMi_*hHCS9+D{)89Fj$$UKXX
zBuU5?GLOmTAVVrb>Rx}GbDwmd`+A-?&#R|bT^IJ|zt?YApY>he)qd|F8T$3UKjCv3
zgBw8C?2iqs@1~+NKZR=z6N-ug47ItfI$Muub1{q<cjh*7QdL_)?Tm(<?~56$Glt{s
z=R&HK=M8z><M8<gr~UfflwT0l#v!tXkl<?Ys_dZgVfFpgdC<d++7HJUY1-eo3`_Xp
zJRbyoTd#++Rg0%3p2Y=&_p<Q(KtfX%OGZZH_kGhNm1{bi{pD*PU+L4ge|wvh3_r^H
za3X|r-5gBX9r3jjB$LijuM%iBwvR69KtaCuYbtkq<s9<PmxE#M(jPm3Rc3%(*O`?H
zdnaM#cbk+M0hl==)ND3!^g}}hZa`h`ikQ(71FcHny9mtwL!w$0S4lf5BZ9hf8`=5_
z%~WuIkmil+%65(i6x<xO7WTa1fHXQ*FX2));4*ekYmlJNo-|feW*?vy=v1*DT=hJZ
zq#t9JJC`6P;q{g;;<1NIpPOJBPiL2_EXA0|(%nioe>&2PeGv~RbG~iJV(VPKx*npY
zd#NJpGJM3fGH7x~;ebUkuq!x3Jh<f58BlWm83X-MRvwBJllLq)&!ioqK*hPMscDU!
zG<aH5QL1#UX%lfeQ90RCr`Vb65-wmoTVd}P1niXHu)|IZlt1bO2TC~;qV30^NVO>T
z2bk65uzHRMIyzjeUTr1r1JkL;z28l*meLU8c+zZ_ol|R|s+3flO5Bfg^ze)bk57+|
zDNb{YcyY|yBG@!9!8or|MRYb{xSMbgU3Jx{?uhnNp)1*pTotNTeMM&TNJGWk=(=~y
zXN-OI)M`FUVq3A{!9xttM8Z50ka9~QkFab-FnB6PI@j&>SvljJEV!6B6%`C@?_YWf
zGV^JBeH+s&v4OEiDDCp}?jVG|?^a=Pan)J2tIt6$PAgT|;&HUx3qjs`w~+ZbiA;-<
z_(ZOYWT?DY8AIIafyY^r?eVK}ybBSt0$Mhv{?&4A$CR8Btkv3VVao@rsal~-0-HZn
zJq8e6!rYsn4fv(}j9(~UU4NKQ;PwGTx?dt8m^Md{czwiPo|H5+wrdbP-Kqo<<L`s8
zL-oO<S>7CV<?widjD7&z>yeo{r*IWoH`lY$VrD<tUQs)45tY{3ZbmfcszI`M-<4H#
zF%k7LjyC;vPD-1vR`O8-rgP8ry`(-%qSU&!Pc~RRhAj~}FjZ^z>djb>sU!Q-+qNp4
zJ!fQsN1jkq#v7BgnL8N_-Ct2AX&-e_A$ew;s2kiEBG;gu<&!g3@a@#xBc}AGQadhy
z>#G9bj7t66w_53xPaTP;MNT)zP1mn=*;9zPC7Nh6OrCKuWHP<d5M!#}bZ6o|-mCwa
zVGPx63KSMK@#fxX+?j;%O}%adT_(YL)A*ngTf1;E-ZD+Hvm04&W;KragZjg>7k5;z
zp5duBQP3wQ1J|PTUb2MPebe`^YE$-S%TjD3+!!^q-B7Nua>_l##5a;r@dYQfk4Sc1
zmtf^N)r9@ExMQe5+Q1w))oh%6hO^SiEJ;r@%)<H|q)*-#dZZ}LD_d5Qq+GXgD0f!a
zqci%a*d_QUFr;_FlWBtVPH>QMXud^NyfWcXDJxh+%K6>{xQIxG5u{&7-Yh{LT~I+~
zpwd%(UUrI7vW9os?gYtBZuaVEU^PNSJC6F|i@AuMV%_6RT5Hx_mVG{qjVL_(o@MN$
zaoWU@hL}<19Q22lAT2p{OOI=#3-%%o`;m$krKH*C{+6_cbE2EfoL&q1p2~Z!#4Oa|
zoPEaWxQOL)s0=CHZTWA|G?pMFEL;;HmROb^a7FcG?$c1U=)Zsspdi7%5lM$u@d)oA
z|7*jCP%-K<l#hEu&;Io-TabDASH<UI3j}^P(Vvl3ml`0ek&aunp}SJ^KuVqf@NcEL
zJMot=Y&*FNkf{LzmA$d%wEDNdWb421Ts4RJzY^(4?1ov2BEW84rKK0xcC%K#B&4+-
zTIQkA%{b&;x+g6!>wjhwIrEp))S{p#IR1%%Gz<B25dIv`x4xDy->TIc)7fo|2T@H?
zyp60V$B90auEj(_pgQY4`$?;9e5@yjb`&21k2Pjkij2Re=g{62Cw7`M1QGD`LJ&r*
z_6N!uam6{G*4FGlLtm%C0qC#nP9TJm1Rg+5tXR*@&0UyGS;!>tg8XnbMbg_C(p-S7
zmNO4tjhsm%CC^F8d6F|K$2e=KtDOma7jCU~Jg<}7E1`p5-^4`4qH@q*B37C%aO%xT
zOgT`huvq^@`rI1?&0+fqnYBe0OsrpTff4k3X@ZsIbs<4PLl|>hz~V?8vJiNIR*{dW
zog_vjT7f64LImRF7i`i-*3G8-@>|tq+8k~~b83T6nprPf&pd9TR?pUYC`1M`d-qKX
z^t%s2kA8;fDK}i^Rzp35NXFe)N;(o+=sSktk(dRkG4R*w2L&FIRU!S5_4hQ$b%lsX
zUv^5kRnIq-R!j#eu(rvE_-@BQJIdB3e{Du*B_91J0!-aYa<L<2gs#e>(w>(#`9@D!
zS#xOx57y~8Gvlc(o!(ApZO33{l8h;|)4L4o;G>3i$0ZRtR}3J1PIfAhzpD_pU*HSW
z0mSQ3yQ44Q{{)%_Or(s5HWuz)E_+~2tWj^(@qSohbgF5UEUUucmI=mdnNi?X1<r8h
zH&t%)ptR4Xf!i;VcS?GFDuH;y_iXAkPf@b-Y%O5e9MX~tpN1+&(?RdN+ojf6%!7I$
zs{^2Hqu0Yf5&`)-GcsqWr?0QJ{?YVVH4A#7`(2y=0PBlrL-218pz=Zj%vE6tRlaQu
zH9;^9Xf^EY-$f;BHRlofu%g?Sr(-_=`=||+qQwkKS*tlyT^-cxV4i9m{RojLgNbfg
zV&a6|N|Im`Jt=RKvZ<;QB55lGC2}RS-;o|`;6|Zoxsj1xV1HZ&!Xpu%oN<p?Ls<!y
zoifg8;&um{P%vEuQ%7E?ubidj#imueT>?{7Mr2By_Gp5!9p<~xqRn==5Nh~U#Ff2A
zZ5oNlt^RS%t$@?u$*Yx}356>bG=y8&G*LIzq7QL)IGR&B2laZldgt452`aztfX;L;
zdcB+rT1wHsY;Rp)qI@Vj8DVUHtFwU1>4jm(NbaL&jbKb1KW*|<#bMxag8#UIIK6ve
z1eYIKxWmYCAsd<Kau4U${^22i%Ro>PPQx$-na@Y?c~oyoZB3PSVjb#^^995gF=$qJ
z9^$lN>S%RVog&;VHuhxItF7P(BB?H`NcF>N+KN2*O?VeNPe)Vk-hR=q`5-<`NX40c
zX0vjK118v_=yQKKO}1XU5WA<TPOrp8>*tmBzk4GYKVswbUy$Q<oZ`)TRPR?7A-h;`
zlBgU%S^)Fa^erqbPEeC^><JwHOUFBP4qQ+i;`H=OkHi~tmLGp~65OD@;b!LmlEO+L
zcPJX`N(=9KArt6ZyaautuikgRfT3xZL5*7JiwySy^e~7t-y`DIhhSd9&uX#rC&ppX
z!}z^zLLCwx4WTzBxHj<;K->RLUe&rl8cX{n@+n+#Y?0w+Nb9iw{Ed>H;g6hFX7OC%
zn!_;7&WTyV^GXBpC`>=%T_B}!q9tCV*a5HA+!SI^-h!fsJ0MycOz#*NkPcM=bLfXy
z#epR6vhxBsZ~nosfynh-kPZ{~E+wAd8NO%58@ED>o5%)YB8P53GVc{@y7HZ3XAZo{
zpb=v+Y$k7{_Q${_v>#f?9iW=y(E{M?-5_Cbu)by%rkg#+z5WUl-Y~I@&1g+GRAz+=
zMS`5(Xq+EnObiCZZ-AjVypE_E29?8*|M$&%!+~sAs81$8bZlZYxa6F~3eoOL4DhT1
zw?}musOb<wP64^Z4`tW514%S22~Kmh@ckS&#GZ8rZM_+G_+|;5qC-GeY!DOU{VR~`
z4MNAI4Pszm=D+#bk^TFhABzIIACGq!n4I6%|7N&v0Q)}U)RF#-iTrC;!CAf0VC7ng
zGu@o<tO;0V_l%y$Y(}4^QvLnJ5zX&XlB9Q~OVcJ~8cFFV;OSatA?BD4;K70CJPqZ`
zJ5=595n1LJKdC{Ou@P>QsrrbLR`di1(>WBe9r`nqygSVM>bB6%dhp<dk7Vcc*tZpt
z)hh4=5S2IC{{dL>$+;DRcJcD%nwbX(a<*cn@{eYeahpfxrt!`zXRK%XLJ-#Hnos5X
zzy12<m#uXar-oK%=BESp5-BNa)C)ZkmVjZ@ugm-PB5lip2TGQnQ4NK%`~6`W7`K3o
ziEHV})*HGhgJus@&cCqMn!7pLWe%J#zpLmJH`b{y>KXx(wknZP&&KK#*TmNwuTz&J
zN|ow&cB8kgV18U>IbN)7(wGZq;I{s@7wfAIdgaXbDja<Q0aL?X2PM5KSg%fQ6;(Z+
zm<Ivrj!X7k8TkFHkFivKB#bhP#4IW;sxo-legD!doivwhZe`iDdE+;H38*=n@e&_Z
zSE~Vi5!zd6o{&y=Z9E4@f$|xeojbHALN>EBT*T+v=A<uI6ZRuhOI;!j>h)Ty_dW^+
zm*4t+a1tYc)O7=qy6)3d&e)6rR#_gNoh1HLn*8f6nTI{4=UcrK<J={?<P_ozH1mN7
zcdd+iUp9e+znm{M_9}+{-sLCNlIwqDI7$VZUO}Kg75?F89<ZRWR$ogHT7viSaB=H^
z_I&^T_Ik;$OO44Ph`Yu^kZ$%M3>TS2X|}G470!#7DaB(;-{JOD!HmWMq;VY@@$fZf
z)HiT4sw5Wc0$k7w=iIQMD@~xY5E!?*|9Gbk(j$vjW<GR8&Da*vlDoq~F$9-!$P?Lq
zYd3+NVkEf~{Fxa}2<Md8=b3nVncV*<s$Yjnf0N3K>%wZbZh&}l%2jU0-Mp))BA+E(
zXE+O;1g^mkMCZxaeM)SS*L2eaNMFTlJPxvGA$TC-*k}=J#-8DkG+r9{x_BYYg(uoy
ztc|_{2s1m?&K~oOle8YH^Tz_h3g#mwF)A4apU6?mb+4D_HJDGz-%apAXt1MM{GN6#
zgXsxGGvz$Icv~crVFfW$FrtHp$AnmvCp|0X{YbuDlSVTIVjXbzFH|qvwfoLm6hVBc
zeGAf&VzgJ#c~hZ5biT)3SXfxBqZ7MY6zICB#}_i<owQ#p^a9k?D0?!n&0p7W8~gYd
z<I*bT4szl3%s*brQlx=_bkmCI3{;r$w^|BDQ<opT-Mayf(B)H<Atb-pvPGLGCNdX`
zp7C3#6_}UpH1%kgj$z(}Mi5$w=k9TIh<tWriho9a6@lwzgvj|409u2vJ6YwW&c-VK
z-f;v<*zTV-qn$p-#6J55+;s^2JH{n!86IyPMvyXGqqsI?$f{u?UJHubyN^!;U+9cn
z&n??~eWMf^e-cUhuKNQ;pf-KZH4q~zy>>8{z54?KG%ivmDwte9mhWX)p?keI4F7QD
z6O?5ZVpJ^2_pU8{bo4dff`H*u%%t)(o}h+qGXzCXe~~%yw=5pwhWQG5tvxJJquy=a
zMa#VU*QOfhbb_ry<Ra>NlY3I*<8^esdP<=yCMB>0JH8chX%Q4(-1SH%2Uo_rgXGN9
z4*da>PnzwNjf?!=L!-s-i-Id>(yUNE$;$SukyO}-nqfj#w^Ef#Eti5*LY$e4E$nA1
zLm*^zc8;SfBAjH{loTkttpcXOYfJZo#`+8|P~Q`Ec`yQzOWF+wSW1BZ%-SOEyY5+R
z1B;%Ab79{?TQ)j6vEC2btp}m%_1?oq3g#VBi9F<b?3y8V7_fLM;+MPvn{UP=o3PUD
zbIOt!r`z9X{c_c8(~$bohLrsYRwv6K!Tw`BfyzY}WF42g^siVOfh$rQz3!hd?m3G`
z`{4ve4dpXe*ffuY0gek0JIc?<K$@MOpC4JsV2h!ylQ|o8i18Jk`WIWNML7K9AEq9s
z&EX=>^X5r*joH}bKVWro0Gaxl`u%IR8B+cdV}r6?CZd5?3J@n?G!7^Yn#G!OeA%h5
z+j0|Kt;}W5$J{foKskH1yZZ}#$<2Dl)!-7`jHoleanb4y3JD#Nn3gO|qO){L_^j??
zNifgcV_5yXBflr7Mam`q`D>PR#QC;e#~*xEOs&*0o0bM&Os|rzwzwHk))a&xD#b#u
z&~`N6fRf3(pzD+6-^f0mV<yI-(`0$sP1QdzGmOdFzif>&YkTTYJ6{<caX*W`XNKH_
zOxJ)xLR;&yUIJ2nX5zu(5GA}wh&70fqg<)!b`p~=<S^a4Xr|N2plIa$T9(ZE{F5AZ
z6AO#Ww<MOspp}rrQyD*h{rX-elzu)JhOcg_sr;t5y6*de^Td`}BN<EaD}pAYJ5s_R
z!<pj=w&B9nOf7omf0D9$!#;$G{G7gs^Q;C4BZC2!DQ!COK6U4+1}-v-gU<fl#j{@I
zT=7rAoZ{RT>B=TLChw1^FdX0_C*rm@Jwn2yBJ+Gdws`$2jB`C*d{E8%1OF-By1k?o
z#wbK?4u$y~UE&6JVMB$7!2r2ZkvfvA3ZwmN)AXJjlbgN87WLyewMw8m4mP5?^+uc4
zy-t^d!dUgx(WzYvrJjV5<Mh+@2yKTlt`u}28zxPTN`bFfc7^?#NP8W1q`=HNRb+g2
zOx#Ics-qRRO-Rg(l<#n>IosDXKO83ec!8N%>2R9ul9L=i=GvUnk`HEc_QW;$XcvNP
zhF9(k59OO~xLv-Y6Mp;2XD5pVO(xvmA0*Fcyx^>^&o7Kc4Visb3m$Vb?RAqTKh`0-
zo|hgZGp<406zks6!as-8MIN;GZ6|5Q$-^u{QjTm5pS(DxB0e2dZ4^eKHItq~CyG7P
zpe}y6mbs%H(!~UtUeC_qwQ2$k6bJ%C5TqQ(EJg@QUm2IFYUBU-%~M-ir|=OEBj4&z
z88m@s3rI199oq$@en?&6b<1dNi<%_B-H|gsn7@slOXufIfRt9osW>21@z>q?Lz*)H
zB!h+WEUTXY5)lHB#yPZqO5t-%A%Th8xP&>leeC>OnxzZ6r&UVNFb1OCxeZ?efC7S)
ziSmvtVdnus=rGFsTi{nnd|MMmUa{|g4xNS`sI};J9Pk(rQ))xd)7)@%c@&#ujoZsB
zdgPh617;&<)pYOQls_Ubw*6EBV6r&C9>nz#rd+><h4?GQbC|nxc}(g&envz8W*IVf
z2P~n$w@_j;7DI$G4*SPffzdjDllQEzuOFz+7RQMq$zL5PLwbwM#F>RJ8P;H2R%vaC
zi1T=M3m4M{DFm~V=b?Vx)7uN8yA^gwgXNGkxb+fD0O2I0PRa3I5M@|RJgxap$}IlS
zdouUE#}A-llx02!OloI#Dq-fMqN0j|X{Y^iFF4so@89|~^1^>mW$AYphn6XDXhw)}
zyE%jW00#NI;Z0CAJA~Pqy3^Fo%k9#|puzBxOMl{gL~Vx$=w!esQ;`{Iy-$@IS)8IL
z)>D%qau)1Ucl34=n6FOLYIfGLWZw!3-QS1?2kiXTW9yDUJN-=<;n4IcyCGnp+@|XJ
ze8T)8N;#ej4-4MIk3pKyrVw&t3u*j2k{~cJJhTQdbBAR$*5%#G&tDGb0?6~S`I*|!
zkmnnG34i>j7)0Mb2Z2lBcN*yI?sWi)z_DHH3O2U?rU?A`C3eUBPw(;n-|+WGaw7EU
acM`Jo4ze#E({p>^pOU<~ToLwM(7ym#z+M3W

diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index b0da09c644..71a4fe46bc 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -63,6 +63,8 @@ DNSControl requires the token to have the following permissions:
 * Add: Enable SSL controls (`Zone → SSL and Certificates → Edit`)
 * Editing Page Rules?
   * Add: Edit Page Rules (`Zone → Page Rules → Edit`)
+* Creating Redirects?
+  * Add: Edit Dynamic Redirect (`Zone → Dynamic Redirect → Edit`)
 * Managing Cloudflare Workers? (if `manage_workers`: set to `true` or `CF_WORKER_ROUTE()` is in use.)
   * Add: Edit Worker Scripts (`Account → Workers Scripts → Edit`)
   * Add: Edit Worker Scripts (`Zone → Workers Routes → Edit`)
@@ -200,6 +202,84 @@ If a domain does not exist in your Cloudflare account, DNSControl
 will automatically add it when `dnscontrol push` is executed.
 
 
+## Old-style vs new-style redirects
+
+Old-style redirects uses the [Page Rules][https://developers.cloudflare.com/rules/page-rules/] product feature, which is [going away](https://developers.cloudflare.com/rules/reference/page-rules-migration/).  In this mode,
+`CF_REDIRECT` and `CF_TEMP_REDIRECT` functions generate Page Rules.
+
+Enable it using:
+
+```javascript
+var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
+    "manage_redirects": true
+});
+```
+
+New redirects uses the [Single Redirects][https://developers.cloudflare.com/rules/url-forwarding/] product feature.  In this mode, 
+`CF_REDIRECT` and `CF_TEMP_REDIRECT` functions generates Single Redirects.
+
+Enable it using:
+
+```javascript
+var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
+    "manage_single_redirects": true
+});
+```
+
+{% hint style="warning" %}
+New-style redirects ("Single Redirect Rules") are a new feature of DNSControl
+as of v4.12.0 and may have bugs.  Please test carefully.
+{% endhint %}
+
+
+Conversion mode:
+
+DNSControl can convert from old-style redirects (Page Rules) to new-style
+redirect (Single Redirects). To enable this mode, set both `manage_redirects`
+and `manage_single_redirects` to true.
+
+{% hint style="warning" %}
+The conversion process only handles a few, very simple, patterns.
+See `providers/cloudflare/singleredirect_test.go` for a list of patterns
+supported.  Please file bugs if you find problems. PRs welcome!
+{% endhint %}
+
+In conversion mode, DNSControl takes `CF_REDIRECT`/`CF_TEMP_REDIRECT`
+statements and turns each of them into two records: a Page Rules and an
+equivalent Single Redirects rule.
+
+Cloudflare processes Single Redirects before Page Rules, thus it is safe to
+have both at the same time, and provides an easy way to test the new-style
+rules.  If they do not work properly, use the Cloudflare web-based control
+panel to manually delete the new-style rule to expose the old-style rule. (and
+report the bug to DNSControl!)
+
+You'll find the new-style rule in the Cloudflare control panel.  It will have
+a very long name that includes the `CF_REDIRECT`/`CF_TEMP_REDIRECT` operands
+plus matcher and replacement expressions.
+
+There is no mechanism to easily delete the old-style rules.  Either delete them
+manually using the Cloudflare control panel or wait for Cloudflare to remove
+the old-style Page Rule feature.
+
+Once the conversion is complete, change
+`manage_redirects` to `false` then either delete the old redirects
+via the CloudFlare control panel or wait for Cloudflare to remove support for the old-style feature.
+
+{% hint style="warning" %}
+Cloudflare's announcement says that they will convert old-style redirects (Page Rules) to new-style
+redirect (Single Redirects) but they do not give a date for when this will happen.  DNSControl
+will probably see these new redirects as foreign and delete them.
+
+Therefore it is probably safer to do the conversion ahead of them.
+
+On the other hand, if you let them do the conversion, their conversion may be more correct
+than DNSControl's.  However there's no way for DNSControl to manage them since the automatically-generated name will be different.
+
+If you have suggestions on how to handle this better please file a bug.
+{% endhint %}
+
+
 ## Redirects
 The Cloudflare provider can manage "Forwarding URL" Page Rules (redirects) for your domains. Simply use the `CF_REDIRECT` and `CF_TEMP_REDIRECT` functions to make redirects:
 
diff --git a/go.mod b/go.mod
index c42a4494f6..05cf19d057 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,8 @@ go 1.22.1
 
 retract v4.8.0
 
+replace github.com/cloudflare/cloudflare-go => ./pkg/cloudflare-go
+
 require google.golang.org/protobuf v1.34.1 // indirect
 
 require (
@@ -24,7 +26,7 @@ require (
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3
-	github.com/cloudflare/cloudflare-go v0.96.0
+	github.com/cloudflare/cloudflare-go v0.97.0
 	github.com/digitalocean/godo v1.116.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -105,7 +107,7 @@ require (
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -119,7 +121,7 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.6 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index b63fde7652..6bf3bae665 100644
--- a/go.sum
+++ b/go.sum
@@ -89,8 +89,6 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.96.0 h1:wd+qrnyw+C2eXUUujE6BzFEOREkEfoCvogpO5h33FxI=
-github.com/cloudflare/cloudflare-go v0.96.0/go.mod h1:gLP9fJT8ROgRCjHNKxISNNKeU1JEg2yT5uPEEI8x9Ec=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -154,8 +152,8 @@ github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3a
 github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe h1:zn8tqiUbec4wR94o7Qj3LZCAT6uGobhEgnDRg6isG5U=
 github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
@@ -227,8 +225,8 @@ github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM=
-github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=
 github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ=
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index f410664804..f0a9d4178f 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -25,6 +25,7 @@ var endIdx = flag.Int("end", -1, "Test index to stop after")
 var verbose = flag.Bool("verbose", false, "Print corrections as you run them")
 var printElapsed = flag.Bool("elapsed", false, "Print elapsed time for each testgroup")
 var enableCFWorkers = flag.Bool("cfworkers", true, "Set false to disable CF worker tests")
+var enableCFRedirectMode = flag.String("cfredirect", "", "cloudflare pagerule tests: default=page_rules, c=convert old to enw, n=new-style, o=none")
 
 func init() {
 	testing.Init()
@@ -65,11 +66,21 @@ func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[string
 		// use this feature. Maybe because we didn't have the capabilities
 		// feature at the time?
 		if name == "CLOUDFLAREAPI" {
+			items := []string{}
 			if *enableCFWorkers {
-				metadata = []byte(`{ "manage_redirects": true, "manage_workers": true }`)
-			} else {
-				metadata = []byte(`{ "manage_redirects": true }`)
+				items = append(items, `"manage_workers": true`)
 			}
+			switch *enableCFRedirectMode {
+			case "":
+				items = append(items, `"manage_redirects": true`)
+			case "c":
+				items = append(items, `"manage_redirects": true`)
+				items = append(items, `"manage_single_redirects": true`)
+			case "n":
+				items = append(items, `"manage_single_redirects": true`)
+			case "o":
+			}
+			metadata = []byte(`{ ` + strings.Join(items, `, `) + ` }`)
 		}
 
 		provider, err := providers.CreateDNSProvider(name, cfg, metadata)
@@ -1830,6 +1841,14 @@ func makeTests() []*TestGroup {
 
 		// CLOUDFLAREAPI features
 
+		// CLOUDFLAREAPI: Redirects:
+
+		// go test -v -verbose -provider CLOUDFLAREAPI                // PAGE_RULEs
+		// go test -v -verbose -provider CLOUDFLAREAPI -cfredirect=c  // Convert: Convert page rules to Single Redirect
+		// go test -v -verbose -provider CLOUDFLAREAPI -cfredirect=n  // New: Convert old to new Single Redirect
+		// ProTip: Add this to just run this test:
+		//  -start 59 -end 60
+
 		testgroup("CF_REDIRECT",
 			only("CLOUDFLAREAPI"),
 			tc("redir", cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
@@ -1838,32 +1857,32 @@ func makeTests() []*TestGroup {
 
 			// Removed these for speed.  They tested if order matters,
 			// which it doesn't seem to.  Re-add if needed.
-			//clear(),
-			//tc("multipleA",
-			//	cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
-			//	cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//),
-			//clear(),
-			//tc("multipleB",
-			//	cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//	cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
-			//),
-			//tc("change1",
-			//	cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//	cfRedir("cnn.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
-			//),
-			//tc("change1",
-			//	cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//	cfRedir("cablenews.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
-			//),
+			clear(),
+			tc("multipleA",
+				cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
+				cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+			),
+			clear(),
+			tc("multipleB",
+				cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+				cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
+			),
+			tc("change1",
+				cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+				cfRedir("cnn.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
+			),
+			tc("change1",
+				cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+				cfRedir("cablenews.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
+			),
 
-			// TODO(tlim): Fix this test case. It is currently failing.
-			//clear(),
-			//tc("multiple3",
-			//	cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//	cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
-			//	cfRedir("nytimes.**current-domain-no-trailing**/*", "https://www.nytimes.com/$1"),
-			//),
+			// NB(tlim): This test case used to fail but mysteriously started working.
+			clear(),
+			tc("multiple3",
+				cfRedir("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+				cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
+				cfRedir("nytimes.**current-domain-no-trailing**/*", "https://www.nytimes.com/$1"),
+			),
 
 			// Repeat the above tests using CF_TEMP_REDIR instead
 			clear(),
@@ -1888,14 +1907,23 @@ func makeTests() []*TestGroup {
 				cfRedirTemp("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
 				cfRedirTemp("cablenews.**current-domain-no-trailing**/*", "https://change.cnn.com/$1"),
 			),
-			// TODO(tlim): Fix this test case:
-			//tc("tempmultiple3",
-			//	cfRedirTemp("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
-			//	cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
-			//	cfRedirTemp("nytimes.**current-domain-no-trailing**/*", "https://www.nytimes.com/$1"),
-			//),
+			// NB(tlim): This test case used to fail but mysteriously started working.
+			tc("tempmultiple3",
+				cfRedirTemp("msnbc.**current-domain-no-trailing**/*", "https://msnbc.cnn.com/$1"),
+				cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1"),
+				cfRedirTemp("nytimes.**current-domain-no-trailing**/*", "https://www.nytimes.com/$1"),
+			),
+		),
+
+		testgroup("CF_REDIRECT_CONVERT",
+			only("CLOUDFLAREAPI"),
+			tc("start301", cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
+			tc("convert302", cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
+			tc("convert301", cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
 		),
 
+		// CLOUDFLAREAPI: PROXY
+
 		testgroup("CF_PROXY A create",
 			only("CLOUDFLAREAPI"),
 			CfProxyOff(), clear(),
diff --git a/models/record.go b/models/record.go
index 7270207b41..b8c8052333 100644
--- a/models/record.go
+++ b/models/record.go
@@ -39,6 +39,7 @@ import (
 //	  CF_REDIRECT
 //	  CF_TEMP_REDIRECT
 //	  CF_WORKER_ROUTE
+//	  CLOUDFLAREAPI_SINGLE_REDIRECT
 //	  CLOUDNS_WR
 //	  FRAME
 //	  IMPORT_TRANSFORM
@@ -51,6 +52,8 @@ import (
 //	  URL301
 //	  WORKER_ROUTE
 //
+// NOTE: All NEW record types should be prefixed with the provider name (Correct: CLOUDFLAREAPI_SINGLE_REDIRECT. Wrong: CF_REDIRECT)
+//
 // Notes about the fields:
 //
 // Name:
@@ -138,6 +141,30 @@ type RecordConfig struct {
 	R53Alias         map[string]string `json:"r53_alias,omitempty"`
 	AzureAlias       map[string]string `json:"azure_alias,omitempty"`
 	UnknownTypeName  string            `json:"unknown_type_name,omitempty"`
+
+	// Cloudflare-specific fields:
+	// When these are used, .target is set to a human-readable version (only to be used for display purposes).
+	CloudflareRedirect *CloudflareSingleRedirectConfig `json:"cloudflareapi_redirect,omitempty"`
+}
+
+// CloudflareSingleRedirectConfig contains info about a Cloudflare Single Redirect.
+//
+//	When these are used, .target is set to a human-readable version (only to be used for display purposes).
+type CloudflareSingleRedirectConfig struct {
+	//
+	Code int `json:"code,omitempty"` // 301 or 302
+	// PR == PageRule
+	PRDisplay     string `json:"pr_display,omitempty"` // How is this displayed to the user
+	PRMatcher     string `json:"pr_matcher,omitempty"`
+	PRReplacement string `json:"pr_replacement,omitempty"`
+	PRPriority    int    `json:"pr_priority,omitempty"` // Really an identifier for the rule.
+	//
+	// SR == SingleRedirect
+	SRDisplay        string `json:"sr_display,omitempty"` // How is this displayed to the user
+	SRMatcher        string `json:"sr_matcher,omitempty"`
+	SRReplacement    string `json:"sr_replacement,omitempty"`
+	SRRRulesetID     string `json:"sr_rulesetid,omitempty"`
+	SRRRulesetRuleID string `json:"sr_rulesetruleid,omitempty"`
 }
 
 // MarshalJSON marshals RecordConfig.
diff --git a/pkg/cloudflare-go/.changelog/1001.txt b/pkg/cloudflare-go/.changelog/1001.txt
new file mode 100644
index 0000000000..8893559c6c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1001.txt
@@ -0,0 +1,3 @@
+```release-note:note
+docs: add release notes
+```
diff --git a/pkg/cloudflare-go/.changelog/1002.txt b/pkg/cloudflare-go/.changelog/1002.txt
new file mode 100644
index 0000000000..a601dd904c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1002.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+rulesets: fix sni action parameter
+```
diff --git a/pkg/cloudflare-go/.changelog/1003.txt b/pkg/cloudflare-go/.changelog/1003.txt
new file mode 100644
index 0000000000..2671840cc5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1003.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/urfave/cli/v2 from 2.11.0 to 2.11.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1004.txt b/pkg/cloudflare-go/.changelog/1004.txt
new file mode 100644
index 0000000000..3e5f12334b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1004.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+firewall_rule: automatically paginate `List` results unless `Page` and `PerPage` are provided
+```
+
+```release-note:enhancement
+filter: automatically paginate `List` results unless `Page` and `PerPage` are provided
+```
diff --git a/pkg/cloudflare-go/.changelog/1005.txt b/pkg/cloudflare-go/.changelog/1005.txt
new file mode 100644
index 0000000000..c6666cccaf
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1005.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1006.txt b/pkg/cloudflare-go/.changelog/1006.txt
new file mode 100644
index 0000000000..334c03dba6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1006.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+access_application: fix inability to set bool values to false
+```
diff --git a/pkg/cloudflare-go/.changelog/1008.txt b/pkg/cloudflare-go/.changelog/1008.txt
new file mode 100644
index 0000000000..272bb6e8bc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1008.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1010.txt b/pkg/cloudflare-go/.changelog/1010.txt
new file mode 100644
index 0000000000..df85b31f4f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1010.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add support to upload module workers
+```
diff --git a/pkg/cloudflare-go/.changelog/1014.txt b/pkg/cloudflare-go/.changelog/1014.txt
new file mode 100644
index 0000000000..a9bbb904de
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1014.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add support for attaching a worker to a domain
+```
diff --git a/pkg/cloudflare-go/.changelog/1016.txt b/pkg/cloudflare-go/.changelog/1016.txt
new file mode 100644
index 0000000000..753e4646bf
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1016.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+firewall_rule: fix double endpoint calls & moving towards common method signature
+```
+
+```release-note:enhancement
+filter: fix double endpoint calls & moving towards common method signature
+```
diff --git a/pkg/cloudflare-go/.changelog/1017.txt b/pkg/cloudflare-go/.changelog/1017.txt
new file mode 100644
index 0000000000..56bd303867
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1017.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+lockdown: automatically paginate `List` results unless `Page` and `PerPage` are provided
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1020.txt b/pkg/cloudflare-go/.changelog/1020.txt
new file mode 100644
index 0000000000..051b9e79d7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1020.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1026.txt b/pkg/cloudflare-go/.changelog/1026.txt
new file mode 100644
index 0000000000..3a43ce2de6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1026.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers-tail: Add in support for Workers tail API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1027.txt b/pkg/cloudflare-go/.changelog/1027.txt
new file mode 100644
index 0000000000..4661228cdc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1027.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers-account-settings: Add in support for Workers account settings API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1028.txt b/pkg/cloudflare-go/.changelog/1028.txt
new file mode 100644
index 0000000000..f76d16ff35
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1028.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+r2: Add in support for creating and deleting R2 buckets
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1030.txt b/pkg/cloudflare-go/.changelog/1030.txt
new file mode 100644
index 0000000000..7a5ff365ac
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1030.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+tunnel_routes: Fix not removing route when it contains virtual network
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1031.txt b/pkg/cloudflare-go/.changelog/1031.txt
new file mode 100644
index 0000000000..3d039fe454
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1031.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers-subdomain: Add in support Workers Subdomain API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1032.txt b/pkg/cloudflare-go/.changelog/1032.txt
new file mode 100644
index 0000000000..f87cc851e7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1032.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+certificate_packs: deprecate "custom" configuration for ACM everywhere
+```
diff --git a/pkg/cloudflare-go/.changelog/1034.txt b/pkg/cloudflare-go/.changelog/1034.txt
new file mode 100644
index 0000000000..bd57aca220
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1034.txt
@@ -0,0 +1,9 @@
+```release-note:enhancement
+email_routing_destination: Adds support for the email routing destination API
+```
+```release-note:enhancement
+email_routing_rules: Adds support for the email routing rules API
+```
+```release-note:enhancement
+email_routing_settings: Adds support for the email routing settings API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1035.txt b/pkg/cloudflare-go/.changelog/1035.txt
new file mode 100644
index 0000000000..4de54becec
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1035.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+r2: fix create bucket endpoint
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1036.txt b/pkg/cloudflare-go/.changelog/1036.txt
new file mode 100644
index 0000000000..a8a4d61cb2
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1036.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+rulesets: add support for `http_config_settings` phase and supporting actions
+```
diff --git a/pkg/cloudflare-go/.changelog/1037.txt b/pkg/cloudflare-go/.changelog/1037.txt
new file mode 100644
index 0000000000..3159870ac1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1037.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps golang.org/x/tools/gopls from 0.9.1 to 0.9.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1038.txt b/pkg/cloudflare-go/.changelog/1038.txt
new file mode 100644
index 0000000000..23286c802d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1038.txt
@@ -0,0 +1,9 @@
+```release-note:bug
+email_routing_destination: Update API reference URLs
+```
+```release-note:bug
+email_routing_rules: Update API reference URLs
+```
+```release-note:bug
+email_routing_settings: Update API reference URLs
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1039.txt b/pkg/cloudflare-go/.changelog/1039.txt
new file mode 100644
index 0000000000..b98e8ddc9f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1039.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps golang.org/x/tools/gopls from 0.9.2 to 0.9.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1040.txt b/pkg/cloudflare-go/.changelog/1040.txt
new file mode 100644
index 0000000000..5f3402d355
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1040.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Support for multipart encoding for DownloadWorker on a module-format Worker script
+```
diff --git a/pkg/cloudflare-go/.changelog/1042.txt b/pkg/cloudflare-go/.changelog/1042.txt
new file mode 100644
index 0000000000..ec8f7cac1b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1042.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+provider: bumps github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1043.txt b/pkg/cloudflare-go/.changelog/1043.txt
new file mode 100644
index 0000000000..68ab4727c8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1043.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudflare: make it clear when the rate limit retries have been exhausted
+```
diff --git a/pkg/cloudflare-go/.changelog/1044.txt b/pkg/cloudflare-go/.changelog/1044.txt
new file mode 100644
index 0000000000..f6a1207058
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1044.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/tools/gopls from 0.9.3 to 0.9.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1046.txt b/pkg/cloudflare-go/.changelog/1046.txt
new file mode 100644
index 0000000000..efe78ee9fb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1046.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+tunnel_configuration: Remove unnecessary double-unmarshalling due to changes in the API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1047.txt b/pkg/cloudflare-go/.changelog/1047.txt
new file mode 100644
index 0000000000..3b368ea25a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1047.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+errors: add some error type convenience functions for mocking and inspection
+```
diff --git a/pkg/cloudflare-go/.changelog/1048.txt b/pkg/cloudflare-go/.changelog/1048.txt
new file mode 100644
index 0000000000..2e671e9a40
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1048.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+workers_test: Fix incorrect test from PR #1014
+```
diff --git a/pkg/cloudflare-go/.changelog/1049.txt b/pkg/cloudflare-go/.changelog/1049.txt
new file mode 100644
index 0000000000..30e3872323
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1049.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+workers_test: Use application/json mime-type in headers
+```
diff --git a/pkg/cloudflare-go/.changelog/1051.txt b/pkg/cloudflare-go/.changelog/1051.txt
new file mode 100644
index 0000000000..817fe1bcd1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1051.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+pages_project: Add compatibility date and compatibility_flags to pages deployment configs
+```
diff --git a/pkg/cloudflare-go/.changelog/1052.txt b/pkg/cloudflare-go/.changelog/1052.txt
new file mode 100644
index 0000000000..e974a16c3c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1052.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+zonelockdown: add `Priority` to `ZoneLockdownCreateParams` and `ZoneLockdownUpdateParams`
+```
diff --git a/pkg/cloudflare-go/.changelog/1053.txt b/pkg/cloudflare-go/.changelog/1053.txt
new file mode 100644
index 0000000000..b57695a3e3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1053.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_account: add support for `suppress_footer`
+```
diff --git a/pkg/cloudflare-go/.changelog/1059.txt b/pkg/cloudflare-go/.changelog/1059.txt
new file mode 100644
index 0000000000..3b9017858a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1059.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api_shield: add GET/PUT for API Shield Configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1060.txt b/pkg/cloudflare-go/.changelog/1060.txt
new file mode 100644
index 0000000000..54ec6e02fc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1060.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+email_routing_settings: change enable endpoint from `enabled` to `enable`
+```
diff --git a/pkg/cloudflare-go/.changelog/1063.txt b/pkg/cloudflare-go/.changelog/1063.txt
new file mode 100644
index 0000000000..e27d99dd19
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1063.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+r2: Add support for listing R2 buckets
+```
diff --git a/pkg/cloudflare-go/.changelog/1065.txt b/pkg/cloudflare-go/.changelog/1065.txt
new file mode 100644
index 0000000000..9dfbfcc4f5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1065.txt
@@ -0,0 +1,9 @@
+```release-note:enhancement
+pages_project: Add `production_branch` field
+```
+```release-note:enhancement
+pages_project: Add `kv_namespaces`, `durable_object_namespaces`, `r2_buckets`, and `d1_databases` bindings to deployment config
+```
+```release-note:enhancement
+pages_project: Add `preview_deployment_setting`, `preview_branch_includes`, and `preview_branch_excludes` to source config
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1066.txt b/pkg/cloudflare-go/.changelog/1066.txt
new file mode 100644
index 0000000000..9e0282172d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1066.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+stream: Update pctComplete to string from int
+```
diff --git a/pkg/cloudflare-go/.changelog/1067.txt b/pkg/cloudflare-go/.changelog/1067.txt
new file mode 100644
index 0000000000..a560e4ad67
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1067.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1068.txt b/pkg/cloudflare-go/.changelog/1068.txt
new file mode 100644
index 0000000000..fa7259c79a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1068.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api: addded context and headers to Raw method
+```
diff --git a/pkg/cloudflare-go/.changelog/1070.txt b/pkg/cloudflare-go/.changelog/1070.txt
new file mode 100644
index 0000000000..d3586c87e3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1070.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+email_routing_rules: Fix response for email routing catch all rule.
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1071.txt b/pkg/cloudflare-go/.changelog/1071.txt
new file mode 100644
index 0000000000..124a8d7943
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1071.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+url_normalization_settings: Add APIs to get and update URL normalization settings
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1072.txt b/pkg/cloudflare-go/.changelog/1072.txt
new file mode 100644
index 0000000000..997e350707
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1072.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+cloudflare: fix nil dereference error in makeRequestWithAuthTypeAndHeaders
+```
diff --git a/pkg/cloudflare-go/.changelog/1073.txt b/pkg/cloudflare-go/.changelog/1073.txt
new file mode 100644
index 0000000000..54216744a6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1073.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_account: add support for `os_distro_name` and `os_distro_revision`
+```
diff --git a/pkg/cloudflare-go/.changelog/1074.txt b/pkg/cloudflare-go/.changelog/1074.txt
new file mode 100644
index 0000000000..1ecbf32289
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1074.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_service_token: add support for refreshing an existing token in place
+```
diff --git a/pkg/cloudflare-go/.changelog/1075.txt b/pkg/cloudflare-go/.changelog/1075.txt
new file mode 100644
index 0000000000..28ef11693c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1075.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+auditlogs: add support for hide_user_logs filter parameter
+```
diff --git a/pkg/cloudflare-go/.changelog/1077.txt b/pkg/cloudflare-go/.changelog/1077.txt
new file mode 100644
index 0000000000..1bd73e23ce
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1077.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.11.2 to 2.14.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1080.txt b/pkg/cloudflare-go/.changelog/1080.txt
new file mode 100644
index 0000000000..be26158692
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1080.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+cloudflare: exiting closer to the source on context timeouts to improve error messaging and better defend from potential edge cases
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1081.txt b/pkg/cloudflare-go/.changelog/1081.txt
new file mode 100644
index 0000000000..f513a4d12a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1081.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.14.0 to 2.14.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1082.txt b/pkg/cloudflare-go/.changelog/1082.txt
new file mode 100644
index 0000000000..4862971105
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1082.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+origin certificate: Fix API auth type used
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1084.txt b/pkg/cloudflare-go/.changelog/1084.txt
new file mode 100644
index 0000000000..6599587b71
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1084.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+load_balancing: update method signatures to match experimental conventions
+```
diff --git a/pkg/cloudflare-go/.changelog/1085.txt b/pkg/cloudflare-go/.changelog/1085.txt
new file mode 100644
index 0000000000..bfc984fcbb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1085.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.14.1 to 2.15.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1086.txt b/pkg/cloudflare-go/.changelog/1086.txt
new file mode 100644
index 0000000000..d62b6d6bed
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1086.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.15.0 to 2.16.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1087.txt b/pkg/cloudflare-go/.changelog/1087.txt
new file mode 100644
index 0000000000..7a46321d6e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1087.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: add input fields for linux OS
+```
diff --git a/pkg/cloudflare-go/.changelog/1088.txt b/pkg/cloudflare-go/.changelog/1088.txt
new file mode 100644
index 0000000000..ac1759d7a4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1088.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+stream: added metadata support
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1089.txt b/pkg/cloudflare-go/.changelog/1089.txt
new file mode 100644
index 0000000000..f0f86c220d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1089.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1090.txt b/pkg/cloudflare-go/.changelog/1090.txt
new file mode 100644
index 0000000000..10d1d303fc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1090.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: Add support for additional device settings policies
+```
diff --git a/pkg/cloudflare-go/.changelog/1091.txt b/pkg/cloudflare-go/.changelog/1091.txt
new file mode 100644
index 0000000000..3bef7aba3e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1091.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: support adaptive_routing and location_strategy
+```
diff --git a/pkg/cloudflare-go/.changelog/1093.txt b/pkg/cloudflare-go/.changelog/1093.txt
new file mode 100644
index 0000000000..b9ebd562f1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1093.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+rulesets: add support for `sensitivity_level` to override all rule sensitivity
+```
diff --git a/pkg/cloudflare-go/.changelog/1094.txt b/pkg/cloudflare-go/.changelog/1094.txt
new file mode 100644
index 0000000000..844eb36ff6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1094.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1095.txt b/pkg/cloudflare-go/.changelog/1095.txt
new file mode 100644
index 0000000000..aeab97d4af
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1095.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+account_member: add support for domain scoped roles
+```
+
+```release-note:breaking-change
+account_member: `CreateAccountMember` has been updated to accept a `CreateAccountMemberParams` struct instead of multiple parameters
+```
diff --git a/pkg/cloudflare-go/.changelog/1097.txt b/pkg/cloudflare-go/.changelog/1097.txt
new file mode 100644
index 0000000000..b8d6ed8d04
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1097.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1102.txt b/pkg/cloudflare-go/.changelog/1102.txt
new file mode 100644
index 0000000000..4a7d41aae4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1102.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+waiting_room: add support for waiting room rules
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1103.txt b/pkg/cloudflare-go/.changelog/1103.txt
new file mode 100644
index 0000000000..887b42adeb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1103.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1104.txt b/pkg/cloudflare-go/.changelog/1104.txt
new file mode 100644
index 0000000000..f9b589d0ff
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1104.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: add UI read-only field to organizations
+```
diff --git a/pkg/cloudflare-go/.changelog/1105.txt b/pkg/cloudflare-go/.changelog/1105.txt
new file mode 100644
index 0000000000..a8631dec87
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1105.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+total_tls: adds support for TotalTLS
+```
diff --git a/pkg/cloudflare-go/.changelog/1106.txt b/pkg/cloudflare-go/.changelog/1106.txt
new file mode 100644
index 0000000000..da158169d9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1106.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudflare: expose `Messages` from the `Response` object
+```
diff --git a/pkg/cloudflare-go/.changelog/1108.txt b/pkg/cloudflare-go/.changelog/1108.txt
new file mode 100644
index 0000000000..76a58babeb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1108.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1111.txt b/pkg/cloudflare-go/.changelog/1111.txt
new file mode 100644
index 0000000000..330d7370ee
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1111.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: Adds support for DLP resources
+```
diff --git a/pkg/cloudflare-go/.changelog/1112.txt b/pkg/cloudflare-go/.changelog/1112.txt
new file mode 100644
index 0000000000..07aa7b3ccd
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1112.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1114.txt b/pkg/cloudflare-go/.changelog/1114.txt
new file mode 100644
index 0000000000..afef666731
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1114.txt
@@ -0,0 +1,7 @@
+```release-note:breaking-change
+teams_list: updated methods to match the experimental client format
+```
+
+```release-note:enhancement
+teams_list: `List` operations now automatically paginate
+```
diff --git a/pkg/cloudflare-go/.changelog/1115.txt b/pkg/cloudflare-go/.changelog/1115.txt
new file mode 100644
index 0000000000..b77fa0e558
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1115.txt
@@ -0,0 +1,47 @@
+```release-note:breaking-change
+workers_kv: `CreateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
+```
+
+```release-note:breaking-change
+workers_kv: `ListWorkersKVNamespaces` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
+```
+
+```release-note:enhancement
+workers_kv: `ListWorkersKVNamespaces` automatically paginates all results unless `PerPage` is defined.
+```
+
+```release-note:breaking-change
+workers_kv: `DeleteWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
+```
+
+```release-note:breaking-change
+workers_kv: `UpdateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
+```
+
+```release-note:breaking-change
+workers_kv: `WriteWorkersKV` has been renamed to `WriteWorkersKVEntry`.
+```
+
+```release-note:breaking-change
+workers_kv: `WriteWorkersKVBulk` has been renamed to `WriteWorkersKVEntries`.
+```
+
+```release-note:breaking-change
+workers_kv: `ReadWorkersKV` has been renamed to `GetWorkersKV`.
+```
+
+```release-note:breaking-change
+workers_kv: `DeleteWorkersKV` has been renamed to `DeleteWorkersKVEntry`.
+```
+
+```release-note:breaking-change
+workers_kv: `DeleteWorkersKVBulk` has been renamed to `DeleteWorkersKVEntries`.
+```
+
+```release-note:breaking-change
+workers_kv: `ListWorkersKVs` has been renamed to `ListWorkersKVKeys`.
+```
+
+```release-note:breaking-change
+workers_kv: `ListWorkersKVsWithOptions` has been removed. Use `ListWorkersKVKeys` instead and pass in the options.
+```
diff --git a/pkg/cloudflare-go/.changelog/1116.txt b/pkg/cloudflare-go/.changelog/1116.txt
new file mode 100644
index 0000000000..9e77f42367
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1116.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: `ioutil` package is being deprecated in favor of `io`
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1117.txt b/pkg/cloudflare-go/.changelog/1117.txt
new file mode 100644
index 0000000000..d369999a2e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1117.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: remove `github.com/pkg/errors` in favor of `errors`
+```
diff --git a/pkg/cloudflare-go/.changelog/1118.txt b/pkg/cloudflare-go/.changelog/1118.txt
new file mode 100644
index 0000000000..0dbd2bd0d6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1118.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.20.2 to 2.20.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1119.txt b/pkg/cloudflare-go/.changelog/1119.txt
new file mode 100644
index 0000000000..ec5e9d33ce
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1119.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1120.txt b/pkg/cloudflare-go/.changelog/1120.txt
new file mode 100644
index 0000000000..ca0c26758c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1120.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: add support for service token rotation
+```
diff --git a/pkg/cloudflare-go/.changelog/1121.txt b/pkg/cloudflare-go/.changelog/1121.txt
new file mode 100644
index 0000000000..75e087cdf7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1121.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+deps: fix import grouping, code formatting and enable goimports linter
+```
diff --git a/pkg/cloudflare-go/.changelog/1122.txt b/pkg/cloudflare-go/.changelog/1122.txt
new file mode 100644
index 0000000000..c5b87f3397
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1122.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.20.3 to 2.23.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1123.txt b/pkg/cloudflare-go/.changelog/1123.txt
new file mode 100644
index 0000000000..55ad335a0d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1123.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5
+```
diff --git a/pkg/cloudflare-go/.changelog/1124.txt b/pkg/cloudflare-go/.changelog/1124.txt
new file mode 100644
index 0000000000..a038d1ba01
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1124.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.23.0 to 2.23.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1125.txt b/pkg/cloudflare-go/.changelog/1125.txt
new file mode 100644
index 0000000000..a4bf8cc9e4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1125.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.23.2 to 2.23.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1126.txt b/pkg/cloudflare-go/.changelog/1126.txt
new file mode 100644
index 0000000000..b6620125fc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1126.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: add input fields crowdstrike
+```
diff --git a/pkg/cloudflare-go/.changelog/1127.txt b/pkg/cloudflare-go/.changelog/1127.txt
new file mode 100644
index 0000000000..36d4124da5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1127.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.23.4 to 2.23.5
+```
diff --git a/pkg/cloudflare-go/.changelog/1130.txt b/pkg/cloudflare-go/.changelog/1130.txt
new file mode 100644
index 0000000000..229e12b783
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1130.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers_domain: add support for workers domain API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1131.txt b/pkg/cloudflare-go/.changelog/1131.txt
new file mode 100644
index 0000000000..1434c51d66
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1131.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+queue: add support queue API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1133.txt b/pkg/cloudflare-go/.changelog/1133.txt
new file mode 100644
index 0000000000..9ebbd785e0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1133.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Support for Workers Analytics Engine bindings
+```
diff --git a/pkg/cloudflare-go/.changelog/1135.txt b/pkg/cloudflare-go/.changelog/1135.txt
new file mode 100644
index 0000000000..8b98f7cb68
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1135.txt
@@ -0,0 +1,3 @@
+```release-note:note
+pages: removed the v1 logs endpoint for Pages deployments. Please switch to v2: https://developers.cloudflare.com/api/operations/pages-deployment-get-deployment-logs
+```
diff --git a/pkg/cloudflare-go/.changelog/1136.txt b/pkg/cloudflare-go/.changelog/1136.txt
new file mode 100644
index 0000000000..976f76ea7c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1136.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+pages: Updates bindings and other Functions related propreties. Service bindings, secrets, fail open/close and usage model are all now supported.
+```
+
+```release-note:breaking-change
+pages: Changed the type of EnvVars in PagesProjectDeploymentConfigEnvironment & PagesProjectDeployment in order to properly support secrets.
+```
diff --git a/pkg/cloudflare-go/.changelog/1137.txt b/pkg/cloudflare-go/.changelog/1137.txt
new file mode 100644
index 0000000000..b479d14d44
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1137.txt
@@ -0,0 +1,39 @@
+```release-note:note
+workers: all worker methods have been split into product ownership(-ish) files
+```
+
+```release-note:note
+workers: all worker methods now require an explicit `ResourceContainer` for endpoints instead of relying on the globally defined `api.AccountID`
+```
+
+```release-note:breaking-change
+workers: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers: API operations now target account level resources instead of older zone level resources (these are a 1:1 now)
+```
+
+```release-note:breaking-change
+workers_bindings: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers_kv: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers_tails: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers_secrets: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers_routes: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+workers_cron_triggers: method signatures have been updated to align with the upcoming client conventions
+```
diff --git a/pkg/cloudflare-go/.changelog/1138.txt b/pkg/cloudflare-go/.changelog/1138.txt
new file mode 100644
index 0000000000..69b22055c3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1138.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+adds OriginRequest field to UnvalidatedIngressRule struct.
+```
diff --git a/pkg/cloudflare-go/.changelog/1139.txt b/pkg/cloudflare-go/.changelog/1139.txt
new file mode 100644
index 0000000000..71f26a2e88
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1139.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.23.5 to 2.23.6
+```
diff --git a/pkg/cloudflare-go/.changelog/1140.txt b/pkg/cloudflare-go/.changelog/1140.txt
new file mode 100644
index 0000000000..f6b31ad5a8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1140.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cache_rules: add ignore option to query string struct
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1142.txt b/pkg/cloudflare-go/.changelog/1142.txt
new file mode 100644
index 0000000000..48f9efbcd7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1142.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: adds support for Egress Policies
+```
diff --git a/pkg/cloudflare-go/.changelog/1146.txt b/pkg/cloudflare-go/.changelog/1146.txt
new file mode 100644
index 0000000000..76ce4035d9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1146.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1148.txt b/pkg/cloudflare-go/.changelog/1148.txt
new file mode 100644
index 0000000000..55149599e0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1148.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+managed_networks: add CRUD functionality for managednetworks
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1149.txt b/pkg/cloudflare-go/.changelog/1149.txt
new file mode 100644
index 0000000000..c6c40af07d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1149.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tiered_cache: Add support for Tiered Caching interactions for setting Smart and Generic topologies
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1150.txt b/pkg/cloudflare-go/.changelog/1150.txt
new file mode 100644
index 0000000000..ef7d48cd3c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1150.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+mtls_certificate: add support for managing mTLS certificates and assocations
+```
diff --git a/pkg/cloudflare-go/.changelog/1151.txt b/pkg/cloudflare-go/.changelog/1151.txt
new file mode 100644
index 0000000000..5482d72f8e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1151.txt
@@ -0,0 +1,15 @@
+```release-note:enhancement
+dns: add support for tags and comments
+```
+
+```release-note:breaking-change
+dns: method signatures have been updated to align with the upcoming client conventions
+```
+
+```release-note:breaking-change
+dns: `DNSRecords` has been renamed to `ListDNSRecords`
+```
+
+```release-note:breaking-change
+dns: `DNSRecord` has been renamed to `GetDNSRecord`
+```
diff --git a/pkg/cloudflare-go/.changelog/1155.txt b/pkg/cloudflare-go/.changelog/1155.txt
new file mode 100644
index 0000000000..d2572b3dfa
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1155.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+workers: correctly set `body` value for non-ES module uploads
+```
diff --git a/pkg/cloudflare-go/.changelog/1156.txt b/pkg/cloudflare-go/.changelog/1156.txt
new file mode 100644
index 0000000000..2a19167b7d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1156.txt
@@ -0,0 +1,31 @@
+```release-note:bug
+firewall_rules: use empty reponse struct on each page call
+```
+
+```release-note:bug
+filter: use empty reponse struct on each page call
+```
+
+```release-note:bug
+email_routing_destination: use empty reponse struct on each page call
+```
+
+```release-note:bug
+email_routing_rules: use empty reponse struct on each page call
+```
+
+```release-note:bug
+lockdown: use empty reponse struct on each page call
+```
+
+```release-note:bug
+queue: use empty reponse struct on each page call
+```
+
+```release-note:bug
+teams_list: use empty reponse struct on each page call
+```
+
+```release-note:bug
+workers_kv: use empty reponse struct on each page call
+```
diff --git a/pkg/cloudflare-go/.changelog/1159.txt b/pkg/cloudflare-go/.changelog/1159.txt
new file mode 100644
index 0000000000..5aca5dc5ba
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1159.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_organization: add user_seat_expiration_inactive_time field
+```
diff --git a/pkg/cloudflare-go/.changelog/1160.txt b/pkg/cloudflare-go/.changelog/1160.txt
new file mode 100644
index 0000000000..b4893dc46b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1160.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add support for workers logpush enablement on script upload
+```
diff --git a/pkg/cloudflare-go/.changelog/1161.txt b/pkg/cloudflare-go/.changelog/1161.txt
new file mode 100644
index 0000000000..5578937b36
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1161.txt
@@ -0,0 +1,23 @@
+```release-note:enhancement
+origin_ca: add support for using API keys, API tokens or API User service keys for interacting with Origin CA endpoints
+```
+
+```release-note:breaking-change
+origin_ca: renamed to `CreateOriginCertificate` to `CreateOriginCACertificate`
+```
+
+```release-note:breaking-change
+origin_ca: renamed to `OriginCertificates` to `ListOriginCACertificates`
+```
+
+```release-note:breaking-change
+origin_ca: renamed to `OriginCertificate` to `GetOriginCACertificate`
+```
+
+```release-note:breaking-change
+origin_ca: renamed to `RevokeOriginCertificate` to `RevokeOriginCACertificate`
+```
+
+```release-note:breaking-change
+origin_ca: renamed to `OriginCARootCertificate` to `GetOriginCARootCertificate`
+```
diff --git a/pkg/cloudflare-go/.changelog/1162.txt b/pkg/cloudflare-go/.changelog/1162.txt
new file mode 100644
index 0000000000..871465c057
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1162.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1164.txt b/pkg/cloudflare-go/.changelog/1164.txt
new file mode 100644
index 0000000000..72272d5df3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1164.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudflare: automatically redact sensitive values from HTTP interactions
+```
diff --git a/pkg/cloudflare-go/.changelog/1167.txt b/pkg/cloudflare-go/.changelog/1167.txt
new file mode 100644
index 0000000000..6dacacf5e7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1167.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dns: don't send "priority" for list operations as it isn't supported and is only used for internal filtering
+```
diff --git a/pkg/cloudflare-go/.changelog/1170.txt b/pkg/cloudflare-go/.changelog/1170.txt
new file mode 100644
index 0000000000..0a3b278ea8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1170.txt
@@ -0,0 +1,7 @@
+```release-note:note
+dns: remove additional lookup from `Update` operations when `Name` or `Type` was omitted
+```
+
+```release-note:breaking-change
+dns: remove these read-only fields from `UpdateDNSRecordParams`: `CreatedOn`, `ModifiedOn`, `Meta`, `ZoneID`, `ZoneName`, `Proxiable`, and `Locked`
+```
diff --git a/pkg/cloudflare-go/.changelog/1171.txt b/pkg/cloudflare-go/.changelog/1171.txt
new file mode 100644
index 0000000000..174071f005
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1171.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: update default `per_page` attribute to 100 records
+```
diff --git a/pkg/cloudflare-go/.changelog/1172.txt b/pkg/cloudflare-go/.changelog/1172.txt
new file mode 100644
index 0000000000..9b4a5bff22
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1172.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+managednetworks: Update should be PUT
+```
diff --git a/pkg/cloudflare-go/.changelog/1173.txt b/pkg/cloudflare-go/.changelog/1173.txt
new file mode 100644
index 0000000000..403a2feff3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1173.txt
@@ -0,0 +1,11 @@
+```release-note:bug
+dns: the field `Tags` in `ListDNSRecordsParams` was not correctly serialized into URL queries
+```
+
+```release-note:enhancement
+dns: the URL parameter `tag-match` for listing DNS records is now supported as the field `TagMatch` in `ListDNSRecordsParams`
+```
+
+```release-note:breaking-change
+dns: the fields `CreatedOn` and `ModifiedOn` are removed from `ListDNSRecordsParams`
+```
diff --git a/pkg/cloudflare-go/.changelog/1174.txt b/pkg/cloudflare-go/.changelog/1174.txt
new file mode 100644
index 0000000000..686be2ad19
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1174.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: `GetDNSRecord`, `UpdateDNSRecord` and `DeleteDNSRecord` now return the new, dedicated error `ErrMissingDNSRecordID` when an empty DNS record ID is given.
+```
diff --git a/pkg/cloudflare-go/.changelog/1176.txt b/pkg/cloudflare-go/.changelog/1176.txt
new file mode 100644
index 0000000000..4d3e6d894d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1176.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: script upload now supports Queues bindings
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1177.txt b/pkg/cloudflare-go/.changelog/1177.txt
new file mode 100644
index 0000000000..bb9f8d81e3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1177.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add support for compatibility_date and compatibility_flags when upoading a worker script
+```
diff --git a/pkg/cloudflare-go/.changelog/1178.txt b/pkg/cloudflare-go/.changelog/1178.txt
new file mode 100644
index 0000000000..08101c917d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1178.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_identity_provider: add scim_config field
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1180.txt b/pkg/cloudflare-go/.changelog/1180.txt
new file mode 100644
index 0000000000..8d21a99d74
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1180.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.23.7 to 2.24.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1181.txt b/pkg/cloudflare-go/.changelog/1181.txt
new file mode 100644
index 0000000000..355b67584b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1181.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_organization: add ui_read_only_toggle_reason field
+```
diff --git a/pkg/cloudflare-go/.changelog/1183.txt b/pkg/cloudflare-go/.changelog/1183.txt
new file mode 100644
index 0000000000..01e3947686
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1183.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+rulesets: add support for `score_per_period` and `score_response_header_name`
+```
diff --git a/pkg/cloudflare-go/.changelog/1184.txt b/pkg/cloudflare-go/.changelog/1184.txt
new file mode 100644
index 0000000000..7e721c577b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1184.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6
+```
diff --git a/pkg/cloudflare-go/.changelog/1185.txt b/pkg/cloudflare-go/.changelog/1185.txt
new file mode 100644
index 0000000000..5cf8562005
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1185.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+magic_transit_ipsec_tunnel: makes customer endpoint an optional field for ipsec tunnel creation
+```
diff --git a/pkg/cloudflare-go/.changelog/1188.txt b/pkg/cloudflare-go/.changelog/1188.txt
new file mode 100644
index 0000000000..b478f060d3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1188.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+queues: UpdateQueue has been updated to match the API and now correctly updates a Queue's name
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1190.txt b/pkg/cloudflare-go/.changelog/1190.txt
new file mode 100644
index 0000000000..6e12a08b1d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1190.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+stream: Fix a bug that cannot unmarshal video duration number.
+```
+
+```release-note:breaking-change
+stream: StreamVideo.Duration has changed from int to float64.
+```
diff --git a/pkg/cloudflare-go/.changelog/1191.txt b/pkg/cloudflare-go/.changelog/1191.txt
new file mode 100644
index 0000000000..f42bc3663c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1191.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.24.1 to 2.24.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1192.txt b/pkg/cloudflare-go/.changelog/1192.txt
new file mode 100644
index 0000000000..23cd06d801
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1192.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1193.txt b/pkg/cloudflare-go/.changelog/1193.txt
new file mode 100644
index 0000000000..461d746f78
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1193.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp_profile: Add new allowed_match_count field to profiles
+```
diff --git a/pkg/cloudflare-go/.changelog/1195.txt b/pkg/cloudflare-go/.changelog/1195.txt
new file mode 100644
index 0000000000..4642d151ee
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1195.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: allow sending empty strings to remove comments
+```
diff --git a/pkg/cloudflare-go/.changelog/1196.txt b/pkg/cloudflare-go/.changelog/1196.txt
new file mode 100644
index 0000000000..fba5681f28
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1196.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dns: always send `tags` to allow clearing
+```
diff --git a/pkg/cloudflare-go/.changelog/1197.txt b/pkg/cloudflare-go/.changelog/1197.txt
new file mode 100644
index 0000000000..9535b0baeb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1197.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_account: add support for `check_disks`
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1199.txt b/pkg/cloudflare-go/.changelog/1199.txt
new file mode 100644
index 0000000000..f7cb743b3a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1199.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.24.2 to 2.24.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1200.txt b/pkg/cloudflare-go/.changelog/1200.txt
new file mode 100644
index 0000000000..40d4ec4b78
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1200.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp_profile: Use int rather than uint for allowed_match_count field
+```
diff --git a/pkg/cloudflare-go/.changelog/1202.txt b/pkg/cloudflare-go/.changelog/1202.txt
new file mode 100644
index 0000000000..58c21d62c2
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1202.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+stream: renamed `RequiredSignedURLs` to `RequireSignedURLs`
+```
diff --git a/pkg/cloudflare-go/.changelog/1205.txt b/pkg/cloudflare-go/.changelog/1205.txt
new file mode 100644
index 0000000000..2573522809
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1205.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: Add new exclude_office_ips field to policy
+```
diff --git a/pkg/cloudflare-go/.changelog/1206.txt b/pkg/cloudflare-go/.changelog/1206.txt
new file mode 100644
index 0000000000..fb12a08ebe
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1206.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tunnels: automatically paginate `ListTunnels`
+```
diff --git a/pkg/cloudflare-go/.changelog/1207.txt b/pkg/cloudflare-go/.changelog/1207.txt
new file mode 100644
index 0000000000..7dd4bc7046
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1207.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudflare: make it clearer when we hit a server error and to retry later
+```
diff --git a/pkg/cloudflare-go/.changelog/1208.txt b/pkg/cloudflare-go/.changelog/1208.txt
new file mode 100644
index 0000000000..8075ecc793
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1208.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_accounts: Add new root_certificate_installation_enabled field
+```
diff --git a/pkg/cloudflare-go/.changelog/1209.txt b/pkg/cloudflare-go/.changelog/1209.txt
new file mode 100644
index 0000000000..bc83d55374
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1209.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dex_test: add CRUD functionality for DEX test configurations
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1210.txt b/pkg/cloudflare-go/.changelog/1210.txt
new file mode 100644
index 0000000000..a05f5531d1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1210.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.24.3 to 2.24.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1212.txt b/pkg/cloudflare-go/.changelog/1212.txt
new file mode 100644
index 0000000000..8656a47b4a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1212.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: Adds support for partial payload logging
+```
diff --git a/pkg/cloudflare-go/.changelog/1213.txt b/pkg/cloudflare-go/.changelog/1213.txt
new file mode 100644
index 0000000000..124db5e916
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1213.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dex_test: use dex test types and json struct mappings instead of managed networks
+```
diff --git a/pkg/cloudflare-go/.changelog/1214.txt b/pkg/cloudflare-go/.changelog/1214.txt
new file mode 100644
index 0000000000..e41d1a146d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1214.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: Add `untrusted_cert` rule setting
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1215.txt b/pkg/cloudflare-go/.changelog/1215.txt
new file mode 100644
index 0000000000..44307cf98b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1215.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/text from 0.3.7 to 0.3.8
+```
diff --git a/pkg/cloudflare-go/.changelog/1216.txt b/pkg/cloudflare-go/.changelog/1216.txt
new file mode 100644
index 0000000000..44307cf98b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1216.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/text from 0.3.7 to 0.3.8
+```
diff --git a/pkg/cloudflare-go/.changelog/1217.txt b/pkg/cloudflare-go/.changelog/1217.txt
new file mode 100644
index 0000000000..0fc959900b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1217.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/time from 0.0.0-20220224211638-0e9765cccd65 to 0.3.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1218.txt b/pkg/cloudflare-go/.changelog/1218.txt
new file mode 100644
index 0000000000..148e60cca6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1218.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1219.txt b/pkg/cloudflare-go/.changelog/1219.txt
new file mode 100644
index 0000000000..148e60cca6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1219.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1220.txt b/pkg/cloudflare-go/.changelog/1220.txt
new file mode 100644
index 0000000000..6f31f37add
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1220.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1222.txt b/pkg/cloudflare-go/.changelog/1222.txt
new file mode 100644
index 0000000000..5d9a668a01
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1222.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dns: dont reuse DNSListResponse when using pagination to avoid Proxied pointer overwrite
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1223.txt b/pkg/cloudflare-go/.changelog/1223.txt
new file mode 100644
index 0000000000..e046c338bc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1223.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add `path_cookie_attribute` app setting
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1226.txt b/pkg/cloudflare-go/.changelog/1226.txt
new file mode 100644
index 0000000000..167b1e6f78
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1226.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+added audit_ssh to gateway actions, updated gateway rule settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1227.txt b/pkg/cloudflare-go/.changelog/1227.txt
new file mode 100644
index 0000000000..96c1ce0524
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1227.txt
@@ -0,0 +1,10 @@
+```release-note:breaking-change
+tunnel: renamed `Tunnels` to `ListTunnels`
+```
+
+```release-note:breaking-change
+tunnel: renamed `Tunnel` to `GetTunnel`
+```
+```release-note:enhancement
+tunnel: updated parameters to latest API docs
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1228.txt b/pkg/cloudflare-go/.changelog/1228.txt
new file mode 100644
index 0000000000..72816b5f3d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1228.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.7.0 to 0.8.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1229.txt b/pkg/cloudflare-go/.changelog/1229.txt
new file mode 100644
index 0000000000..a4b655ccb5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1229.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.24.4 to 2.25.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1232.txt b/pkg/cloudflare-go/.changelog/1232.txt
new file mode 100644
index 0000000000..c8e3ce2bdd
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1232.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+addressing: Add `Address Map` support
+```
diff --git a/pkg/cloudflare-go/.changelog/1236.txt b/pkg/cloudflare-go/.changelog/1236.txt
new file mode 100644
index 0000000000..bf5b7c4ace
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1236.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps actions/setup-go from 3 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1237.txt b/pkg/cloudflare-go/.changelog/1237.txt
new file mode 100644
index 0000000000..1c87f2721b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1237.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_identity_provider: add `claims` and `scopes` fields
+```
diff --git a/pkg/cloudflare-go/.changelog/1238.txt b/pkg/cloudflare-go/.changelog/1238.txt
new file mode 100644
index 0000000000..e01bf64532
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1238.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+tunnel: Fix 'CreateTunnel' for tunnels using config_src
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1242.txt b/pkg/cloudflare-go/.changelog/1242.txt
new file mode 100644
index 0000000000..f847da86f8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1242.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+teams_rules: `AllowChildBypass` changes from a `bool` to `*bool`
+```
+
+```release-note:bug
+teams_rules: `BypassParentRule` changes from a `bool` to `*bool`
+```
diff --git a/pkg/cloudflare-go/.changelog/1243.txt b/pkg/cloudflare-go/.changelog/1243.txt
new file mode 100644
index 0000000000..f5c0728ec9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1243.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+dns: Changed Create/UpdateDNSRecord method signatures to return (DNSRecord, error)
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1244.txt b/pkg/cloudflare-go/.changelog/1244.txt
new file mode 100644
index 0000000000..fa7858c06f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1244.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+ssl: make `GeoRestrictions` a pointer inside of ZoneCustomSSL
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1246.txt b/pkg/cloudflare-go/.changelog/1246.txt
new file mode 100644
index 0000000000..678b27fd5e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1246.txt
@@ -0,0 +1,3 @@
+```release-note:note
+dns_firewall: The `OriginIPs` field has been renamed to `UpstreamIPs`.
+```
diff --git a/pkg/cloudflare-go/.changelog/1249.txt b/pkg/cloudflare-go/.changelog/1249.txt
new file mode 100644
index 0000000000..0f2cbedf95
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1249.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: update `Mode` field to use new `ServiceMode` string type with explicit const service mode values
+```
diff --git a/pkg/cloudflare-go/.changelog/1250.txt b/pkg/cloudflare-go/.changelog/1250.txt
new file mode 100644
index 0000000000..8f1a611d51
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1250.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.0 to 2.25.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1251.txt b/pkg/cloudflare-go/.changelog/1251.txt
new file mode 100644
index 0000000000..b750d6ebf6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1251.txt
@@ -0,0 +1,11 @@
+```release-note:breaking-change
+zone: `ZoneSingleSetting` has been renamed to `GetZoneSetting` and updated method signature inline with our expected conventions
+```
+
+```release-note:breaking-change
+zone: `UpdateZoneSingleSetting` has been renamed to `UpdateZoneSetting` and updated method signature inline with our expected conventions
+```
+
+```release-note:enhancement
+zone: `GetZoneSetting` and `UpdateZoneSetting` now allow configuring the path for where a setting resides instead of assuming `settings`
+```
diff --git a/pkg/cloudflare-go/.changelog/1253.txt b/pkg/cloudflare-go/.changelog/1253.txt
new file mode 100644
index 0000000000..a43f5d8cb7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1253.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+rulesets: add support for add operation to HTTP header configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1258.txt b/pkg/cloudflare-go/.changelog/1258.txt
new file mode 100644
index 0000000000..09748a6ecf
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1258.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: Add `isolation_required` flag to Access policies
+```
diff --git a/pkg/cloudflare-go/.changelog/1260.txt b/pkg/cloudflare-go/.changelog/1260.txt
new file mode 100644
index 0000000000..806345d464
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1260.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: Add `auto_redirect_to_identity` flag to Access organizations
+```
diff --git a/pkg/cloudflare-go/.changelog/1261.txt b/pkg/cloudflare-go/.changelog/1261.txt
new file mode 100644
index 0000000000..efa0a01bad
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1261.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+rulesets: add support for the `http_response_compression` phase
+```
+
+```release-note:enhancement
+rulesets: add support for the `compress_response` action
+```
diff --git a/pkg/cloudflare-go/.changelog/1263.txt b/pkg/cloudflare-go/.changelog/1263.txt
new file mode 100644
index 0000000000..785f7c0c13
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1263.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.8.0 to 0.9.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1264.txt b/pkg/cloudflare-go/.changelog/1264.txt
new file mode 100644
index 0000000000..8c3fff3579
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1264.txt
@@ -0,0 +1,19 @@
+```release-note:breaking-change
+pages_deployment: add support for auto pagination
+```
+
+```release-note:enchancement
+pages_deployment: add Force to DeletePagesDeploymentParams
+```
+
+```release-note:breaking-change
+pages_deployment: change DeletePagesDeploymentParams to contain all parameters
+```
+
+```release-note:breaking-change
+pages_project: rename PagesProject to GetPagesProject
+```
+
+```release-note:breaking-change
+pages_project: change to use ResourceContainer for account ID
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1265.txt b/pkg/cloudflare-go/.changelog/1265.txt
new file mode 100644
index 0000000000..a001f26c5d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1265.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+r2_bucket: add support for getting a bucket
+```
+
+```release-note:breaking-change
+r2_bucket: change creation time from string to *time.Time
+```
diff --git a/pkg/cloudflare-go/.changelog/1266.txt b/pkg/cloudflare-go/.changelog/1266.txt
new file mode 100644
index 0000000000..749e3b8c8a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1266.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: add support for importing and exporting DNS records using BIND file configurations
+```
diff --git a/pkg/cloudflare-go/.changelog/1267.txt b/pkg/cloudflare-go/.changelog/1267.txt
new file mode 100644
index 0000000000..33e3526ec0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1267.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+turnstile: add support for turnstile
+```
diff --git a/pkg/cloudflare-go/.changelog/1268.txt b/pkg/cloudflare-go/.changelog/1268.txt
new file mode 100644
index 0000000000..586bac29d8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1268.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: add input fields tanium, intune and kolide
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1269.txt b/pkg/cloudflare-go/.changelog/1269.txt
new file mode 100644
index 0000000000..686ac6a9af
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1269.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1270.txt b/pkg/cloudflare-go/.changelog/1270.txt
new file mode 100644
index 0000000000..4c09f1f51d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1270.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+data localization: add support for regional hostnames API
+```
diff --git a/pkg/cloudflare-go/.changelog/1271.txt b/pkg/cloudflare-go/.changelog/1271.txt
new file mode 100644
index 0000000000..664212a1e7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1271.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+certificate_packs: add `Status` field to indicate the status of certificate pack
+```
diff --git a/pkg/cloudflare-go/.changelog/1272.txt b/pkg/cloudflare-go/.changelog/1272.txt
new file mode 100644
index 0000000000..dfa3888383
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1272.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+logpush: add support for max upload parameters
+```
diff --git a/pkg/cloudflare-go/.changelog/1274.txt b/pkg/cloudflare-go/.changelog/1274.txt
new file mode 100644
index 0000000000..51deac303d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1274.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.1 to 2.25.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1275.txt b/pkg/cloudflare-go/.changelog/1275.txt
new file mode 100644
index 0000000000..718b80065f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1275.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+rulesets: allow `PreserveQueryString` to be nullable
+```
diff --git a/pkg/cloudflare-go/.changelog/1276.txt b/pkg/cloudflare-go/.changelog/1276.txt
new file mode 100644
index 0000000000..713898c8db
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1276.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+waiting_room: add support for zone-level settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1278.txt b/pkg/cloudflare-go/.changelog/1278.txt
new file mode 100644
index 0000000000..64e605cf14
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1278.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+zone: Added `GetCacheReserve` and `UpdateacheReserve` to allow setting Cache Reserve for a zone.
+```
diff --git a/pkg/cloudflare-go/.changelog/1279.txt b/pkg/cloudflare-go/.changelog/1279.txt
new file mode 100644
index 0000000000..08cd4cab05
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1279.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+pages: add support for Smart Placement. Added `Placement` in `PagesProjectDeploymentConfigEnvironment`.
+```
+
+```release-note:enhancement
+workers: add support for Smart Placement. Added `Placement` in `CreateWorkerParams`.
+```
diff --git a/pkg/cloudflare-go/.changelog/1280.txt b/pkg/cloudflare-go/.changelog/1280.txt
new file mode 100644
index 0000000000..7f690ce831
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1280.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.9.0 to 0.10.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1281.txt b/pkg/cloudflare-go/.changelog/1281.txt
new file mode 100644
index 0000000000..c11f54ae4d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1281.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access: Added `self_hosted_domains` support to access applications
+```
diff --git a/pkg/cloudflare-go/.changelog/1284.txt b/pkg/cloudflare-go/.changelog/1284.txt
new file mode 100644
index 0000000000..0da545211a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1284.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+turnstile: remove `SiteKey`/`Secret` being sent in update request body
+```
diff --git a/pkg/cloudflare-go/.changelog/1285.txt b/pkg/cloudflare-go/.changelog/1285.txt
new file mode 100644
index 0000000000..75140aed1b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1285.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+turnstile: remove `SiteKey` being sent in rotate secret's request body
+```
diff --git a/pkg/cloudflare-go/.changelog/1286.txt b/pkg/cloudflare-go/.changelog/1286.txt
new file mode 100644
index 0000000000..380cc29730
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1286.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1287.txt b/pkg/cloudflare-go/.changelog/1287.txt
new file mode 100644
index 0000000000..3e78c82109
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1287.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1288.txt b/pkg/cloudflare-go/.changelog/1288.txt
new file mode 100644
index 0000000000..7401823441
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1288.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+lists: add support for hostname and ASN lists.
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1289.txt b/pkg/cloudflare-go/.changelog/1289.txt
new file mode 100644
index 0000000000..1c9e25e7aa
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1289.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+flarectl/dns: ensure MX priority value is dereferenced
+```
diff --git a/pkg/cloudflare-go/.changelog/1290.txt b/pkg/cloudflare-go/.changelog/1290.txt
new file mode 100644
index 0000000000..70224ff8f5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1290.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dns: fix MX record priority not set by UpdateDNSRecord
+```
diff --git a/pkg/cloudflare-go/.changelog/1291.txt b/pkg/cloudflare-go/.changelog/1291.txt
new file mode 100644
index 0000000000..60c5bf456c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1291.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tunnels: add support for `access` and `http2Origin` keys
+```
diff --git a/pkg/cloudflare-go/.changelog/1292.txt b/pkg/cloudflare-go/.changelog/1292.txt
new file mode 100644
index 0000000000..9bd62ebe8f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1292.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1293.txt b/pkg/cloudflare-go/.changelog/1293.txt
new file mode 100644
index 0000000000..4c865f5bf5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1293.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: extend documentation for least_outstanding_requests steering policy
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1294.txt b/pkg/cloudflare-go/.changelog/1294.txt
new file mode 100644
index 0000000000..fa92441923
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1294.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: Add missing description field to policy
+```
diff --git a/pkg/cloudflare-go/.changelog/1295.txt b/pkg/cloudflare-go/.changelog/1295.txt
new file mode 100644
index 0000000000..feff3ce194
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1295.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.3 to 2.25.5
+```
diff --git a/pkg/cloudflare-go/.changelog/1296.txt b/pkg/cloudflare-go/.changelog/1296.txt
new file mode 100644
index 0000000000..5eb7ddda1b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1296.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1297.txt b/pkg/cloudflare-go/.changelog/1297.txt
new file mode 100644
index 0000000000..cee310173a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1297.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+email_routing_destination: return encountered error, not `ErrMissingAccountID` all the time
+```
diff --git a/pkg/cloudflare-go/.changelog/1298.txt b/pkg/cloudflare-go/.changelog/1298.txt
new file mode 100644
index 0000000000..fff1d2a2b9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1298.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+custom_hostname: add support for `bundle_method` TLS configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1300.txt b/pkg/cloudflare-go/.changelog/1300.txt
new file mode 100644
index 0000000000..b065b8252b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1300.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.3
+```
diff --git a/pkg/cloudflare-go/.changelog/1301.txt b/pkg/cloudflare-go/.changelog/1301.txt
new file mode 100644
index 0000000000..a0982af621
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1301.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.3 to 0.7.4
+```
diff --git a/pkg/cloudflare-go/.changelog/1302.txt b/pkg/cloudflare-go/.changelog/1302.txt
new file mode 100644
index 0000000000..9be4caa82e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1302.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: support header session affinity policy
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1303.txt b/pkg/cloudflare-go/.changelog/1303.txt
new file mode 100644
index 0000000000..50a9b97a30
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1303.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+tunnel: swap `ConnectTimeout`, `TLSTimeout`, `TCPKeepAlive` and `KeepAliveTimeout` to `TunnelDuration` instead of `time.Duration`
+```
diff --git a/pkg/cloudflare-go/.changelog/1304.txt b/pkg/cloudflare-go/.changelog/1304.txt
new file mode 100644
index 0000000000..f3e8693e2a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1304.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+custom_nameservers: add support for managing custom nameservers
+```
diff --git a/pkg/cloudflare-go/.changelog/1305.txt b/pkg/cloudflare-go/.changelog/1305.txt
new file mode 100644
index 0000000000..1919a14e3f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1305.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.5 to 2.25.6
+```
diff --git a/pkg/cloudflare-go/.changelog/1306.txt b/pkg/cloudflare-go/.changelog/1306.txt
new file mode 100644
index 0000000000..a655ab47bd
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1306.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1307.txt b/pkg/cloudflare-go/.changelog/1307.txt
new file mode 100644
index 0000000000..ce939ea0c5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1307.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.10.0 to 0.11.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1311.txt b/pkg/cloudflare-go/.changelog/1311.txt
new file mode 100644
index 0000000000..46639f877c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1311.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+waiting_room: add support for `additional_routes` and `cookie_suffix`
+```
diff --git a/pkg/cloudflare-go/.changelog/1312.txt b/pkg/cloudflare-go/.changelog/1312.txt
new file mode 100644
index 0000000000..9d3d216d11
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1312.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+railgun: remove support for railgun
+```
diff --git a/pkg/cloudflare-go/.changelog/1313.txt b/pkg/cloudflare-go/.changelog/1313.txt
new file mode 100644
index 0000000000..ace0376ab4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1313.txt
@@ -0,0 +1,7 @@
+```release-note:breaking-change
+virtualdns: remove support in favour of newer DNS firewall methods
+```
+
+```release-note:breaking-change
+dns_firewall: modernise method signatures and conventions to align with the experimental client
+```
diff --git a/pkg/cloudflare-go/.changelog/1314.txt b/pkg/cloudflare-go/.changelog/1314.txt
new file mode 100644
index 0000000000..4eb0d0acb6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1314.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.6 to 2.25.7
+```
diff --git a/pkg/cloudflare-go/.changelog/1315.txt b/pkg/cloudflare-go/.changelog/1315.txt
new file mode 100644
index 0000000000..c5dedfd9a4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1315.txt
@@ -0,0 +1,7 @@
+```release-note:breaking-change
+cloudflare: remove `api.AccountID` from client struct
+```
+
+```release-note:breaking-change
+cloudflare: remove `UsingAccount` in favour of resource specific attributes
+```
diff --git a/pkg/cloudflare-go/.changelog/1316.txt b/pkg/cloudflare-go/.changelog/1316.txt
new file mode 100644
index 0000000000..d2588ba25b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1316.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: support os_version_extra
+```
diff --git a/pkg/cloudflare-go/.changelog/1317.txt b/pkg/cloudflare-go/.changelog/1317.txt
new file mode 100644
index 0000000000..722e04c20d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1317.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: Add ability to specify tail Workers in script metadata
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1319.txt b/pkg/cloudflare-go/.changelog/1319.txt
new file mode 100644
index 0000000000..4235c885cf
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1319.txt
@@ -0,0 +1,59 @@
+```release-note:breaking-change
+access_application: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_application: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_ca_certificate: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_ca_certificate: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_group: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_group: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_identity_provider: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_identity_provider: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_mutual_tls_certificates: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_mutual_tls_certificates: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_organization: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:breaking-change
+access_policy: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:enhancement
+access_policy: add support for auto pagination
+```
+
+```release-note:breaking-change
+access_service_tokens: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
+
+```release-note:breaking-change
+access_user_token: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
+```
diff --git a/pkg/cloudflare-go/.changelog/1320.txt b/pkg/cloudflare-go/.changelog/1320.txt
new file mode 100644
index 0000000000..6fe1268d13
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1320.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.5.1 to 1.6.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1322.txt b/pkg/cloudflare-go/.changelog/1322.txt
new file mode 100644
index 0000000000..9f5c710fec
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1322.txt
@@ -0,0 +1,31 @@
+```release-note:enhancement
+images: adds support for v2 when uploading images directly
+```
+
+```release-note:breaking-change
+images: updated method signatures of `UploadImage` to match newer conventions and standards
+```
+
+```release-note:breaking-change
+images: updated method signatures of `UpdateImage` to match newer conventions and standards
+```
+
+```release-note:breaking-change
+images: updated method signatures of `ListImages` to match newer conventions and standards
+```
+
+```release-note:breaking-change
+images: updated method signatures of `DeleteImage` to match newer conventions and standards
+```
+
+```release-note:breaking-change
+images: renamed `ImageDetails` to `GetImage` to match library conventions
+```
+
+```release-note:breaking-change
+images: renamed `BaseImage` to `GetBaseImage` to match library conventions
+```
+
+```release-note:breaking-change
+images: renamed `ImagesStats` to `GetImagesStats` to match library conventions
+```
diff --git a/pkg/cloudflare-go/.changelog/1325.txt b/pkg/cloudflare-go/.changelog/1325.txt
new file mode 100644
index 0000000000..0742b1f7fc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1325.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource_container: expose `Type` on `*ResourceContainer` to explicitly denote what type of resource it is instead of inferring from `Level`.
+```
diff --git a/pkg/cloudflare-go/.changelog/1326.txt b/pkg/cloudflare-go/.changelog/1326.txt
new file mode 100644
index 0000000000..fd85096d05
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1326.txt
@@ -0,0 +1,83 @@
+```release-note:breaking-change
+logpush: all methods are updated to use the newer client conventions for method signatures
+```
+
+```release-note:breaking-change
+logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
+```
+
+```release-note:breaking-change
+logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
+```
diff --git a/pkg/cloudflare-go/.changelog/1328.txt b/pkg/cloudflare-go/.changelog/1328.txt
new file mode 100644
index 0000000000..51d73f8308
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1328.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.11.0 to 0.12.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1330.txt b/pkg/cloudflare-go/.changelog/1330.txt
new file mode 100644
index 0000000000..630d7ee253
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1330.txt
@@ -0,0 +1,15 @@
+```release-note:enhancement
+workers: Add support for uploading scripts to a Workers for Platforms namespace.
+```
+
+```release-note:enhancement
+workers: Add support for declaring arbitrary bindings with UnsafeBinding.
+```
+
+```release-note:enhancement
+workers: Add support for uploading workers with Workers for Platforms namespace bindings.
+```
+
+```release-note:enhancement
+workers: Add `pipeline_hash` field to Workers script response struct.
+```
diff --git a/pkg/cloudflare-go/.changelog/1333.txt b/pkg/cloudflare-go/.changelog/1333.txt
new file mode 100644
index 0000000000..81026e8158
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1333.txt
@@ -0,0 +1,47 @@
+```release-note:breaking-change
+rulesets: `GetZoneRuleset` is removed in favour of `GetRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `GetAccountRuleset` is removed in favour of `GetRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `CreateZoneRuleset` is removed in favour of `CreateRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `CreateAccountRuleset` is removed in favour of `CreateRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `DeleteZoneRuleset` is removed in favour of `DeleteRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `DeleteAccountRuleset` is removed in favour of `DeleteRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `UpdateZoneRuleset` is removed in favour of `UpdateRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `UpdateAccountRuleset` is removed in favour of `UpdateRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `GetZoneRulesetPhase` is removed in favour of `GetEntrypointRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `GetAccountRulesetPhase` is removed in favour of `GetEntrypointRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `UpdateZoneRulesetPhase` is removed in favour of `UpdateEntrypointRuleset`
+```
+
+```release-note:breaking-change
+rulesets: `UpdateAccountRulesetPhase` is removed in favour of `UpdateEntrypointRuleset`
+```
diff --git a/pkg/cloudflare-go/.changelog/1335.txt b/pkg/cloudflare-go/.changelog/1335.txt
new file mode 100644
index 0000000000..13b520854a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1335.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+images: adds ability to upload image by url
+```
diff --git a/pkg/cloudflare-go/.changelog/1336.txt b/pkg/cloudflare-go/.changelog/1336.txt
new file mode 100644
index 0000000000..f949bdc25e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1336.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+zone: Added `GetRegionalTieredCache` and `UpdateRegionalTieredCache` to allow setting Regional Tiered Cache for a zone.
+```
diff --git a/pkg/cloudflare-go/.changelog/1338.txt b/pkg/cloudflare-go/.changelog/1338.txt
new file mode 100644
index 0000000000..ce00f1f986
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1338.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+load_balancing: Fix pool creation with MinimumOrigins set to 0
+```
diff --git a/pkg/cloudflare-go/.changelog/1339.txt b/pkg/cloudflare-go/.changelog/1339.txt
new file mode 100644
index 0000000000..7326b4ede3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1339.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+device_posture_rule: support certificate_id and cn for client_certificate posture rule
+```
+
+```release-note:enhancement
+device_posture_rule: support active_threats, network_status, infected, and is_active for sentinelone_s2s posture rule
+```
diff --git a/pkg/cloudflare-go/.changelog/1340.txt b/pkg/cloudflare-go/.changelog/1340.txt
new file mode 100644
index 0000000000..beb3997808
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1340.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams-accounts: Adds support for protocol detection
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1341.txt b/pkg/cloudflare-go/.changelog/1341.txt
new file mode 100644
index 0000000000..8ba43549f9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1341.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+flarectl: allow for create or update to actually create the record
+```
diff --git a/pkg/cloudflare-go/.changelog/1343.txt b/pkg/cloudflare-go/.changelog/1343.txt
new file mode 100644
index 0000000000..df6721b237
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1343.txt
@@ -0,0 +1,11 @@
+```release-note:enhancement
+access_application: Add support for custom pages
+```
+
+```release-note:enhancement
+access_custom_page: Add support for custom pages
+```
+
+```release-note:enhancement
+access_organization: add support for custom pages
+```
diff --git a/pkg/cloudflare-go/.changelog/1344.txt b/pkg/cloudflare-go/.changelog/1344.txt
new file mode 100644
index 0000000000..f800df64e0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1344.txt
@@ -0,0 +1,11 @@
+```release-note:enhancement
+access_identity_provider: add attr conditional_access_enabled
+```
+
+```release-note:enhancement
+access_group: add auth_context group ruletype
+```
+
+```release-note:enhancement
+access_identity_provider: add auth context list/put endpoint
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1345.txt b/pkg/cloudflare-go/.changelog/1345.txt
new file mode 100644
index 0000000000..4e748a75c8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1345.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+workers: Fix namespace dispatch upload API path
+```
diff --git a/pkg/cloudflare-go/.changelog/1346.txt b/pkg/cloudflare-go/.changelog/1346.txt
new file mode 100644
index 0000000000..d9826d0f67
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1346.txt
@@ -0,0 +1,11 @@
+```release-note:enhancement
+rulesets: Update API reference links
+```
+
+```release-note:enhancement
+rulesets: Remove internal-only schema kind
+```
+
+```release-note:enhancement
+rulesets: Remove some request parameters that are not allowed or have no effect
+```
diff --git a/pkg/cloudflare-go/.changelog/1347.txt b/pkg/cloudflare-go/.changelog/1347.txt
new file mode 100644
index 0000000000..0271db293b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1347.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_service_token: add support for managing `Duration`
+```
diff --git a/pkg/cloudflare-go/.changelog/1348.txt b/pkg/cloudflare-go/.changelog/1348.txt
new file mode 100644
index 0000000000..19eca269ef
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1348.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+web_analytics: add support for web_analytics API
+```
diff --git a/pkg/cloudflare-go/.changelog/1353.txt b/pkg/cloudflare-go/.changelog/1353.txt
new file mode 100644
index 0000000000..e7a0f4024a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1353.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.12.0 to 0.13.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1355.txt b/pkg/cloudflare-go/.changelog/1355.txt
new file mode 100644
index 0000000000..d19977c085
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1355.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+cloudflare: `Raw` method now returns a RawResponse rather than the raw JSON `Result` message
+```
diff --git a/pkg/cloudflare-go/.changelog/1356.txt b/pkg/cloudflare-go/.changelog/1356.txt
new file mode 100644
index 0000000000..dd94e72a35
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1356.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+per_hostname_tls_settings: add support for managing hostname level TLS settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1357.txt b/pkg/cloudflare-go/.changelog/1357.txt
new file mode 100644
index 0000000000..e6f1f3b8ac
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1357.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+waiting_room: add support for `queueing_status_code`
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1359.txt b/pkg/cloudflare-go/.changelog/1359.txt
new file mode 100644
index 0000000000..982b4884c0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1359.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+streams: adds support to initiate tus upload
+```
diff --git a/pkg/cloudflare-go/.changelog/1360.txt b/pkg/cloudflare-go/.changelog/1360.txt
new file mode 100644
index 0000000000..6b2bbae588
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1360.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+cloudflare: swap `encoding/json` for `github.com/goccy/go-json`
+```
+
+```release-note:bug
+cache_purge: don't escape HTML entity values in URLs for cache keys
+```
diff --git a/pkg/cloudflare-go/.changelog/1361.txt b/pkg/cloudflare-go/.changelog/1361.txt
new file mode 100644
index 0000000000..0a8293a548
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1361.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+workers: Add support for retrieving and uploading only script content.
+```
+
+```release-note:enhancement
+workers: Add support for retrieving and uploading only script metadata.
+```
diff --git a/pkg/cloudflare-go/.changelog/1362.txt b/pkg/cloudflare-go/.changelog/1362.txt
new file mode 100644
index 0000000000..6268fe248f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1362.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.13.0 to 0.14.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1363.txt b/pkg/cloudflare-go/.changelog/1363.txt
new file mode 100644
index 0000000000..e538706f3d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1363.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+bot_management: add support for bot_management API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1365.txt b/pkg/cloudflare-go/.changelog/1365.txt
new file mode 100644
index 0000000000..05cd13708c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1365.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+zone_hold: add support for zone hold API
+```
diff --git a/pkg/cloudflare-go/.changelog/1366.txt b/pkg/cloudflare-go/.changelog/1366.txt
new file mode 100644
index 0000000000..0590b8e738
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1366.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: support eid_last_seen and risk_level and correct total_score for Tanium posture rule
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1367.txt b/pkg/cloudflare-go/.changelog/1367.txt
new file mode 100644
index 0000000000..7f86273575
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1367.txt
@@ -0,0 +1,23 @@
+```release-note:note
+rulesets: Remove non-existent `allow` action
+```
+
+```release-note:enhancement
+rulesets: Add the `ddos_mitigation` action
+```
+
+```release-note:note
+rulesets: Remove non-existent `http_request_main` phase
+```
+
+```release-note:note
+rulesets: Remove non-public `http_response_headers_transform_managed` and `http_request_late_transform_managed` phases
+```
+
+```release-note:breaking-change
+rulesets: Rename `RulesetPhaseRateLimit` to `RulesetPhaseHTTPRatelimit`, to match the phase name
+```
+
+```release-note:breaking-change
+rulesets: Rename `RulesetPhaseSuperBotFightMode` to `RulesetPhaseHTTPRequestSBFM`, to match the phase name
+```
diff --git a/pkg/cloudflare-go/.changelog/1368.txt b/pkg/cloudflare-go/.changelog/1368.txt
new file mode 100644
index 0000000000..c58d12c33d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1368.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: add support for tagging Worker scripts
+```
diff --git a/pkg/cloudflare-go/.changelog/1369.txt b/pkg/cloudflare-go/.changelog/1369.txt
new file mode 100644
index 0000000000..a523c1c9fc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1369.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 4.3.0 to 4.4.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1372.txt b/pkg/cloudflare-go/.changelog/1372.txt
new file mode 100644
index 0000000000..ec3f514081
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1372.txt
@@ -0,0 +1,23 @@
+```release-note:bug
+pagination: Will look at `total_count` and `per_page` to calculate `total_pages` if `total_pages` is zero
+```
+
+```release-note:bug
+access_application: Use autopaginate flag as expected
+```
+
+```release-note:bug
+access_ca_certificate: Use autopaginate flag as expected
+```
+
+```release-note:bug
+access_group: Use autopaginate flag as expected
+```
+
+```release-note:bug
+access_mutual_tls_certifcate: Use autopaginate flag as expected
+```
+
+```release-note:bug
+access_policy: Use autopaginate flag as expected
+```
diff --git a/pkg/cloudflare-go/.changelog/1373.txt b/pkg/cloudflare-go/.changelog/1373.txt
new file mode 100644
index 0000000000..9276016d9e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1373.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: added custom_non_identity_deny_url
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1374.txt b/pkg/cloudflare-go/.changelog/1374.txt
new file mode 100644
index 0000000000..07bc895bb2
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1374.txt
@@ -0,0 +1,3 @@
+```release_note:enhancement
+rulesets: Add support for Proxy Read Timeout configuration via the Rulesets/Cache Rules API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1375.txt b/pkg/cloudflare-go/.changelog/1375.txt
new file mode 100644
index 0000000000..a7d2ae9c79
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1375.txt
@@ -0,0 +1,3 @@
+```release_note:enhancement
+rulesets: Add support for Additional Cacheable Ports configuration via the Rulesets/Cache Rules API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1376.txt b/pkg/cloudflare-go/.changelog/1376.txt
new file mode 100644
index 0000000000..d2881fce35
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1376.txt
@@ -0,0 +1,3 @@
+```release_note:enhancement
+rulesets: Add support for Origin Cache Control configuration via the Rulesets/Cache Rules API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1377.txt b/pkg/cloudflare-go/.changelog/1377.txt
new file mode 100644
index 0000000000..0a986b0202
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1377.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: allow namespaced scripts to be used as Worker tail consumers
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1379.txt b/pkg/cloudflare-go/.changelog/1379.txt
new file mode 100644
index 0000000000..d3d637aa9a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1379.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+images: Fix issue parsing Image Details from API due to incorrect struct json field
+```
+
+```release-note:breaking-change
+images: Renamed Image struct "Metadata" field to "Meta"
+```
diff --git a/pkg/cloudflare-go/.changelog/1380.txt b/pkg/cloudflare-go/.changelog/1380.txt
new file mode 100644
index 0000000000..9c00e73ad3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1380.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancer_monitor: add support for `consecutive_up`, `consecutive_down`
+```
diff --git a/pkg/cloudflare-go/.changelog/1382.txt b/pkg/cloudflare-go/.changelog/1382.txt
new file mode 100644
index 0000000000..6074328c94
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1382.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+semgrep: Improved IPv4 validation by implementing a new pattern to handle cases where non-IPv4 addresses were previously accepted.
+```
diff --git a/pkg/cloudflare-go/.changelog/1384.txt b/pkg/cloudflare-go/.changelog/1384.txt
new file mode 100644
index 0000000000..83a5c51b8e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1384.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dcv_delegation: add GET for DCV Delegation UUID
+```
diff --git a/pkg/cloudflare-go/.changelog/1385.txt b/pkg/cloudflare-go/.changelog/1385.txt
new file mode 100644
index 0000000000..64d8b965e0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1385.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+tunnel: add support for `include_prefix`, `exclude_prefix` in list operations
+```
diff --git a/pkg/cloudflare-go/.changelog/1386.txt b/pkg/cloudflare-go/.changelog/1386.txt
new file mode 100644
index 0000000000..64d0db476a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1386.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+streams: adds support for stream create parameters for tus upload initiate
+```
diff --git a/pkg/cloudflare-go/.changelog/1387.txt b/pkg/cloudflare-go/.changelog/1387.txt
new file mode 100644
index 0000000000..10f721589e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1387.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps actions/checkout from 3 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1388.txt b/pkg/cloudflare-go/.changelog/1388.txt
new file mode 100644
index 0000000000..1969407f4d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1388.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 4.4.0 to 4.6.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1389.txt b/pkg/cloudflare-go/.changelog/1389.txt
new file mode 100644
index 0000000000..0a89e8cd5f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1389.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.14.0 to 0.15.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1390.txt b/pkg/cloudflare-go/.changelog/1390.txt
new file mode 100644
index 0000000000..0bfd9e0537
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1390.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_identity_provider: add support for email_claim_name and authorization_server_id
+```
diff --git a/pkg/cloudflare-go/.changelog/1391.txt b/pkg/cloudflare-go/.changelog/1391.txt
new file mode 100644
index 0000000000..5d14c004e8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1391.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_identity_provider: add support for ping_env_id
+```
diff --git a/pkg/cloudflare-go/.changelog/1393.txt b/pkg/cloudflare-go/.changelog/1393.txt
new file mode 100644
index 0000000000..a3ef6c8ae6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1393.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dns: keep comments when calling UpdateDNSRecord with zero values of UpdateDNSRecordParams
+```
diff --git a/pkg/cloudflare-go/.changelog/1394.txt b/pkg/cloudflare-go/.changelog/1394.txt
new file mode 100644
index 0000000000..c2afb6cf7d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1394.txt
@@ -0,0 +1,3 @@
+```release_note:enhancement
+rulesets: Add support for Cache Reserve configuration via the Rulesets/Cache Rules API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1396.txt b/pkg/cloudflare-go/.changelog/1396.txt
new file mode 100644
index 0000000000..8511d4e9c9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1396.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 4.6.0 to 5.0.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1397.txt b/pkg/cloudflare-go/.changelog/1397.txt
new file mode 100644
index 0000000000..a3954f4473
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1397.txt
@@ -0,0 +1,3 @@
+```release_note:enhancement
+api_shield: Add support for Get/Post/Delete operations in API Shield Endpoint Management
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1401.txt b/pkg/cloudflare-go/.changelog/1401.txt
new file mode 100644
index 0000000000..b1ef19e847
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1401.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+observatory: add support for observatory API
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1402.txt b/pkg/cloudflare-go/.changelog/1402.txt
new file mode 100644
index 0000000000..476979377c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1402.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps codecov/codecov-action from 3 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1403.txt b/pkg/cloudflare-go/.changelog/1403.txt
new file mode 100644
index 0000000000..92568c8807
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1403.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+access_application: Add support for tags
+```
+
+```release-note:enhancement
+access_tag: Add support for tags
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1405.txt b/pkg/cloudflare-go/.changelog/1405.txt
new file mode 100644
index 0000000000..353994093b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1405.txt
@@ -0,0 +1,11 @@
+```release-note:bug
+account_role: autopaginate all available results instead of a static number
+```
+
+```release-note:breaking-change
+account_role: `AccountRoles` has been renamed to `ListAccountRoles` to align with the updated method conventions
+```
+
+```release-note:breaking-change
+account_role: `AccountRole` has been renamed to `GetAccountRole` to align with the updated method conventions
+```
diff --git a/pkg/cloudflare-go/.changelog/1406.txt b/pkg/cloudflare-go/.changelog/1406.txt
new file mode 100644
index 0000000000..248b681c56
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1406.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api_shield_schema: Add support for managing schemas for API Shield Schema Validation 2.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1407.txt b/pkg/cloudflare-go/.changelog/1407.txt
new file mode 100644
index 0000000000..7832770815
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1407.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add support for app launcher customization fields
+```
diff --git a/pkg/cloudflare-go/.changelog/1409.txt b/pkg/cloudflare-go/.changelog/1409.txt
new file mode 100644
index 0000000000..3132d3b0d4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1409.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+list_item: allow filtering by search term, cursor and per page attributes
+```
diff --git a/pkg/cloudflare-go/.changelog/1410.txt b/pkg/cloudflare-go/.changelog/1410.txt
new file mode 100644
index 0000000000..589d96d96a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1410.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+custom_nameservers: change `NSSet` from string to int to match API response
+```
diff --git a/pkg/cloudflare-go/.changelog/1412.txt b/pkg/cloudflare-go/.changelog/1412.txt
new file mode 100644
index 0000000000..fa44dd47e3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1412.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+observatory: fix double url encoding
+```
diff --git a/pkg/cloudflare-go/.changelog/1413.txt b/pkg/cloudflare-go/.changelog/1413.txt
new file mode 100644
index 0000000000..9030b0c29c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1413.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api_shield_discovery: Add support for Get/Patch API Shield API Discovery Operations
+```
diff --git a/pkg/cloudflare-go/.changelog/1414.txt b/pkg/cloudflare-go/.changelog/1414.txt
new file mode 100644
index 0000000000..4af5cf907a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1414.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: extend documentation for least_connections steering policy
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1415.txt b/pkg/cloudflare-go/.changelog/1415.txt
new file mode 100644
index 0000000000..13ecd44289
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1415.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+access_organization: Add support for session_duration
+```
+
+```release-note:enhancement
+access_policy: Add support for session_duration
+```
diff --git a/pkg/cloudflare-go/.changelog/1416.txt b/pkg/cloudflare-go/.changelog/1416.txt
new file mode 100644
index 0000000000..63f14fe519
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1416.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.15.0 to 0.16.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1417.txt b/pkg/cloudflare-go/.changelog/1417.txt
new file mode 100644
index 0000000000..03e4787980
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1417.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+d1: adds support for d1
+```
diff --git a/pkg/cloudflare-go/.changelog/1418.txt b/pkg/cloudflare-go/.changelog/1418.txt
new file mode 100644
index 0000000000..4cc578265d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1418.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api_shield_schema: Add support for Get/Update API Shield Schema Validation Settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1419.txt b/pkg/cloudflare-go/.changelog/1419.txt
new file mode 100644
index 0000000000..a17415283d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1419.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams: Add `audit_ssh_settings` endpoints
+```
diff --git a/pkg/cloudflare-go/.changelog/1420.txt b/pkg/cloudflare-go/.changelog/1420.txt
new file mode 100644
index 0000000000..109580539b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1420.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.16.0 to 0.17.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1421.txt b/pkg/cloudflare-go/.changelog/1421.txt
new file mode 100644
index 0000000000..8607549779
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1421.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.7.0 to 0.17.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1422.txt b/pkg/cloudflare-go/.changelog/1422.txt
new file mode 100644
index 0000000000..20d26bcc19
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1422.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+api_shield_schema: Add support for Get/Update API Shield Operation Schema Validation Settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1423.txt b/pkg/cloudflare-go/.changelog/1423.txt
new file mode 100644
index 0000000000..6a668eb11d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1423.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams: Add support for body_scanning (Enhanced File Detection) in teams account configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1424.txt b/pkg/cloudflare-go/.changelog/1424.txt
new file mode 100644
index 0000000000..f4659f00bb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1424.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+teams: Add `non_identity_enabled` boolean in browser isolation settings
+```
+
+```release-note:breaking-change
+teams: `BrowserIsolation.UrlBrowserIsolationEnabled` has changed from `bool` to `*bool` to meet the library conventions
+```
diff --git a/pkg/cloudflare-go/.changelog/1427.txt b/pkg/cloudflare-go/.changelog/1427.txt
new file mode 100644
index 0000000000..d948ad913e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1427.txt
@@ -0,0 +1,23 @@
+```release-note:enhancement
+access_seats: Add UpdateAccessUserSeat() to list IP Access Rules
+```
+
+```release-note:enhancement
+access_user: Add GetAccessUserActiveSessions() to get all active sessions for a Access/Zero-Trust user.
+```
+
+```release-note:enhancement
+access_user: Add GetAccessUserSingleActiveSession() to get an active session for a Access/Zero-Trust user.
+```
+
+```release-note:enhancement
+access_user: Add GetAccessUserFailedLogins() to get all failed login attempts for a Access/Zero-Trust user.
+```
+
+```release-note:enhancement
+access_user: Add GetAccessUserLastSeenIdentity() to get last seen identity for a Access/Zero-Trust user.
+```
+
+```release-note:enhancement
+access_user: Add ListAccessUsers() to get a list of users for a Access/Zero-Trust account.
+```
diff --git a/pkg/cloudflare-go/.changelog/1428.txt b/pkg/cloudflare-go/.changelog/1428.txt
new file mode 100644
index 0000000000..f0c3236eac
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1428.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+ip_access_rules: Add ListIPAccessRules() to list IP Access Rules
+```
diff --git a/pkg/cloudflare-go/.changelog/1433.txt b/pkg/cloudflare-go/.changelog/1433.txt
new file mode 100644
index 0000000000..b8cbacb051
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1433.txt
@@ -0,0 +1,43 @@
+```release-note:breaking-change
+devices_policy: `UpdateDeviceClientCertificatesZone` is renamed to `UpdateDeviceClientCertificates` with updated method signatures
+```
+
+```release-note:breaking-change
+devices_policy: `GetDeviceClientCertificatesZone` is renamed to `GetDeviceClientCertificates` with updated method signatures
+```
+
+```release-note:breaking-change
+devices_policy: `DeviceClientCertificates` is renamed to `DeviceClientCertificates`
+```
+
+```release-note:breaking-change
+devices_policy: `GetDeviceClientCertificates` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `CreateDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `UpdateDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `UpdateDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `DeleteDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `GetDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:breaking-change
+devices_policy: `GetDeviceSettingsPolicy` is updated with method signatures matching the library conventions
+```
+
+```release-note:enhancement
+devices_policy: Add support for listing device settings policies
+```
diff --git a/pkg/cloudflare-go/.changelog/1434.txt b/pkg/cloudflare-go/.changelog/1434.txt
new file mode 100644
index 0000000000..ef9d30dada
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1434.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/time from 0.3.0 to 0.4.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1436.txt b/pkg/cloudflare-go/.changelog/1436.txt
new file mode 100644
index 0000000000..a3b6264dcb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1436.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: Add support for resolver policies
+```
diff --git a/pkg/cloudflare-go/.changelog/1438.txt b/pkg/cloudflare-go/.changelog/1438.txt
new file mode 100644
index 0000000000..07af199d65
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1438.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.5
+```
diff --git a/pkg/cloudflare-go/.changelog/1439.txt b/pkg/cloudflare-go/.changelog/1439.txt
new file mode 100644
index 0000000000..372b541727
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1439.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.17.0 to 0.18.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1440.txt b/pkg/cloudflare-go/.changelog/1440.txt
new file mode 100644
index 0000000000..f919f069a3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1440.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+per_hostname_tls_setting: use `buildURI` for defining the query parameters when sorting
+```
diff --git a/pkg/cloudflare-go/.changelog/1441.txt b/pkg/cloudflare-go/.changelog/1441.txt
new file mode 100644
index 0000000000..0901f1c8cf
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1441.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+load_balancing: Add support for virtual network id in origins
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1442.txt b/pkg/cloudflare-go/.changelog/1442.txt
new file mode 100644
index 0000000000..7cb0d23735
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1442.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+load_balancing: add healthy field to LoadBalancerPool
+```
diff --git a/pkg/cloudflare-go/.changelog/1444.txt b/pkg/cloudflare-go/.changelog/1444.txt
new file mode 100644
index 0000000000..b6edff2ecb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1444.txt
@@ -0,0 +1,3 @@
+```release-note:enchancement
+pages_project: Add standard as a usage model
+```
diff --git a/pkg/cloudflare-go/.changelog/1445.txt b/pkg/cloudflare-go/.changelog/1445.txt
new file mode 100644
index 0000000000..664bb2d3e9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1445.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_group: Add support for email lists
+```
diff --git a/pkg/cloudflare-go/.changelog/1446.txt b/pkg/cloudflare-go/.changelog/1446.txt
new file mode 100644
index 0000000000..a324d9ebb9
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1446.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+worker_bindings: add support for `d1` bindings
+```
diff --git a/pkg/cloudflare-go/.changelog/1449.txt b/pkg/cloudflare-go/.changelog/1449.txt
new file mode 100644
index 0000000000..855b2a5e31
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1449.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/time from 0.4.0 to 0.5.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1450.txt b/pkg/cloudflare-go/.changelog/1450.txt
new file mode 100644
index 0000000000..660b97d1cd
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1450.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+worker_bindings: Fixing form element name for d1 binding
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1452.txt b/pkg/cloudflare-go/.changelog/1452.txt
new file mode 100644
index 0000000000..944eea80a5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1452.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.18.0 to 0.19.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1453.txt b/pkg/cloudflare-go/.changelog/1453.txt
new file mode 100644
index 0000000000..c50362f14d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1453.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudflare: Add ResultInfo to RawResponse
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1454.txt b/pkg/cloudflare-go/.changelog/1454.txt
new file mode 100644
index 0000000000..b0d74dbef7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1454.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+devices_policy: add fields for Opt-In Split Tunnel Overlapping IPs feature.
+```
diff --git a/pkg/cloudflare-go/.changelog/1456.txt b/pkg/cloudflare-go/.changelog/1456.txt
new file mode 100644
index 0000000000..d8198fe444
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1456.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.25.7 to 2.26.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1457.txt b/pkg/cloudflare-go/.changelog/1457.txt
new file mode 100644
index 0000000000..86f0914cb1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1457.txt
@@ -0,0 +1,15 @@
+```release-note:enhancement
+stream: Add ScheduledDeletion to StreamVideo
+```
+
+```release-note:enhancement
+stream: Add ScheduledDeletion to StreamUploadFromURLParameters
+```
+
+```release-note:enhancement
+stream: Add ScheduledDeletion to StreamCreateVideoParameters
+```
+
+```release-note:enhancement
+stream: Add ScheduledDeletion to StreamVideoCreate
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1459.txt b/pkg/cloudflare-go/.changelog/1459.txt
new file mode 100644
index 0000000000..b7d1a74e41
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1459.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+page_shield: added support for page shield
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1460.txt b/pkg/cloudflare-go/.changelog/1460.txt
new file mode 100644
index 0000000000..0bf5ed5f59
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1460.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps actions/setup-go from 4 to 5
+```
diff --git a/pkg/cloudflare-go/.changelog/1462.txt b/pkg/cloudflare-go/.changelog/1462.txt
new file mode 100644
index 0000000000..179a03ba60
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1462.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github/codeql-action from 2 to 3
+```
diff --git a/pkg/cloudflare-go/.changelog/1463.txt b/pkg/cloudflare-go/.changelog/1463.txt
new file mode 100644
index 0000000000..a6b8e2e2d6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1463.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: Added support for notification settings in a gateway rule
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1464.txt b/pkg/cloudflare-go/.changelog/1464.txt
new file mode 100644
index 0000000000..d2bb00b157
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1464.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rules: add support for Access client fields in device posture integrations
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1466.txt b/pkg/cloudflare-go/.changelog/1466.txt
new file mode 100644
index 0000000000..c7e1d56aa5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1466.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/crypto from 0.14.0 to 0.17.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1468.txt b/pkg/cloudflare-go/.changelog/1468.txt
new file mode 100644
index 0000000000..3c91f64012
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1468.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+logpush: Add support for Output Options
+```
diff --git a/pkg/cloudflare-go/.changelog/1470.txt b/pkg/cloudflare-go/.changelog/1470.txt
new file mode 100644
index 0000000000..b4ab0eaec0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1470.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1471.txt b/pkg/cloudflare-go/.changelog/1471.txt
new file mode 100644
index 0000000000..8fb73896ea
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1471.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.26.0 to 2.27.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1472.txt b/pkg/cloudflare-go/.changelog/1472.txt
new file mode 100644
index 0000000000..7a5fd1c698
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1472.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.27.0 to 2.27.1
+```
diff --git a/pkg/cloudflare-go/.changelog/1473.txt b/pkg/cloudflare-go/.changelog/1473.txt
new file mode 100644
index 0000000000..9070d9eeb1
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1473.txt
@@ -0,0 +1,3 @@
+```release-note:internal
+cloudflare: bump minimum Go version to 1.19
+```
diff --git a/pkg/cloudflare-go/.changelog/1474.txt b/pkg/cloudflare-go/.changelog/1474.txt
new file mode 100644
index 0000000000..6c275e3ec4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1474.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+zaraz: Add support for CRUD APIs
+```
diff --git a/pkg/cloudflare-go/.changelog/1475.txt b/pkg/cloudflare-go/.changelog/1475.txt
new file mode 100644
index 0000000000..80b3e1bb3e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1475.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/cloudflare/circl from 1.3.3 to 1.3.7
+```
diff --git a/pkg/cloudflare-go/.changelog/1476.txt b/pkg/cloudflare-go/.changelog/1476.txt
new file mode 100644
index 0000000000..4320d392e4
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1476.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.19.0 to 0.20.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1477.txt b/pkg/cloudflare-go/.changelog/1477.txt
new file mode 100644
index 0000000000..fad08d0c6c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1477.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add support for default_relay_state in saas apps
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1480.txt b/pkg/cloudflare-go/.changelog/1480.txt
new file mode 100644
index 0000000000..0fdf1bfecb
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1480.txt
@@ -0,0 +1,7 @@
+```release-note:bug
+access_seats: UpdateAccessUserSeat: fix parameters not being an array when sending to the api. This caused an error when updating a user's seat
+```
+
+```release-note:enhancement
+access_seats: Add `UpdateAccessUsersSeats` with an array as input for multiple operations
+```
diff --git a/pkg/cloudflare-go/.changelog/1482.txt b/pkg/cloudflare-go/.changelog/1482.txt
new file mode 100644
index 0000000000..54712fef46
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1482.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+access_users: ListAccessUsers was returning wrong values in pointer fields due to variable missused in loop
+```
diff --git a/pkg/cloudflare-go/.changelog/1483.txt b/pkg/cloudflare-go/.changelog/1483.txt
new file mode 100644
index 0000000000..9b8b9cdfac
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1483.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps actions/cache from 3 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1484.txt b/pkg/cloudflare-go/.changelog/1484.txt
new file mode 100644
index 0000000000..980618dc11
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1484.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+flarectl: alias zone certs to "ct" instead of duplicating the "c" alias
+```
diff --git a/pkg/cloudflare-go/.changelog/1485.txt b/pkg/cloudflare-go/.changelog/1485.txt
new file mode 100644
index 0000000000..e8a177e2e2
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1485.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: add support for EDM and CWL datasets
+```
diff --git a/pkg/cloudflare-go/.changelog/1486.txt b/pkg/cloudflare-go/.changelog/1486.txt
new file mode 100644
index 0000000000..b1da4b5a80
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1486.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_accounts: add support for extended email matching
+```
diff --git a/pkg/cloudflare-go/.changelog/1489.txt b/pkg/cloudflare-go/.changelog/1489.txt
new file mode 100644
index 0000000000..00fd540ecc
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1489.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+pages_project: Add `build_caching` attribute
+```
diff --git a/pkg/cloudflare-go/.changelog/1490.txt b/pkg/cloudflare-go/.changelog/1490.txt
new file mode 100644
index 0000000000..20f833089c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1490.txt
@@ -0,0 +1,3 @@
+```release-note:note
+zaraz: replace deprecated neoEvents with Actions on Zaraz Config tools schema
+```
diff --git a/pkg/cloudflare-go/.changelog/1492.txt b/pkg/cloudflare-go/.changelog/1492.txt
new file mode 100644
index 0000000000..f46c87416b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1492.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+hyperdrive: Add support for hyperdrive CRUD operations
+```
diff --git a/pkg/cloudflare-go/.changelog/1494.txt b/pkg/cloudflare-go/.changelog/1494.txt
new file mode 100644
index 0000000000..ad6abdd66a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1494.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+images_variants: Add support for Images Variants CRUD operations
+```
diff --git a/pkg/cloudflare-go/.changelog/1496.txt b/pkg/cloudflare-go/.changelog/1496.txt
new file mode 100644
index 0000000000..5d3ea28574
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1496.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+access_application: Add support for `allow_authenticate_via_warp`
+```
+
+```release-note:enhancement
+access_organization: Add support for `allow_authenticate_via_warp` and `warp_auth_session_duration`
+```
diff --git a/pkg/cloudflare-go/.changelog/1497.txt b/pkg/cloudflare-go/.changelog/1497.txt
new file mode 100644
index 0000000000..7bcaa6101a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1497.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: add support for Context Awareness in DLP profiles
+```
diff --git a/pkg/cloudflare-go/.changelog/1499.txt b/pkg/cloudflare-go/.changelog/1499.txt
new file mode 100644
index 0000000000..8272eb845b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1499.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_rules: `AntiVirus` settings includes notification settings
+```
diff --git a/pkg/cloudflare-go/.changelog/1500.txt b/pkg/cloudflare-go/.changelog/1500.txt
new file mode 100644
index 0000000000..af3eba15b8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1500.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add support for OIDC SaaS Applications 
+```
diff --git a/pkg/cloudflare-go/.changelog/1501.txt b/pkg/cloudflare-go/.changelog/1501.txt
new file mode 100644
index 0000000000..91b8d37a4b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1501.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+hyperdrive: password should be nested in origin
+```
diff --git a/pkg/cloudflare-go/.changelog/1502.txt b/pkg/cloudflare-go/.changelog/1502.txt
new file mode 100644
index 0000000000..09eb13b858
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1502.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.20.0 to 0.21.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1503.txt b/pkg/cloudflare-go/.changelog/1503.txt
new file mode 100644
index 0000000000..4798139e04
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1503.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+magic-transit: Adds IPsec tunnel healthcheck direction & rate parameters
+```
diff --git a/pkg/cloudflare-go/.changelog/1504.txt b/pkg/cloudflare-go/.changelog/1504.txt
new file mode 100644
index 0000000000..c7a53d1b26
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1504.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golangci/golangci-lint-action from 3 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1505.txt b/pkg/cloudflare-go/.changelog/1505.txt
new file mode 100644
index 0000000000..4e307037a6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1505.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: add support for `name_id_transform_jsonata` in saas apps
+```
diff --git a/pkg/cloudflare-go/.changelog/1506.txt b/pkg/cloudflare-go/.changelog/1506.txt
new file mode 100644
index 0000000000..cafcb8de1c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1506.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+registrar: Fix request method to call domain list endpoint from POST to GET
+```
diff --git a/pkg/cloudflare-go/.changelog/1508.txt b/pkg/cloudflare-go/.changelog/1508.txt
new file mode 100644
index 0000000000..c5be0a4489
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1508.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+workers_for_platforms: Add ability to list Workers for Platforms namespaces, get a namespace, create a new namespace or delete a namespace.
+```
+
+```release-note:enhancement
+workers: Add Workers for Platforms support for getting a Worker, content and bindings
+```
diff --git a/pkg/cloudflare-go/.changelog/1509.txt b/pkg/cloudflare-go/.changelog/1509.txt
new file mode 100644
index 0000000000..ce5c97d109
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1509.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+device_posture_rule: support last_seen and state for crowdstrike_s2s posture rule
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1510.txt b/pkg/cloudflare-go/.changelog/1510.txt
new file mode 100644
index 0000000000..7f3d44bb1a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1510.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+dlp: added optional ContextAwareness support
+```
diff --git a/pkg/cloudflare-go/.changelog/1511.txt b/pkg/cloudflare-go/.changelog/1511.txt
new file mode 100644
index 0000000000..dac7f2cd05
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1511.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/stretchr/testify from 1.8.4 to 1.9.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1513.txt b/pkg/cloudflare-go/.changelog/1513.txt
new file mode 100644
index 0000000000..e08c538162
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1513.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.21.0 to 0.22.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1516.txt b/pkg/cloudflare-go/.changelog/1516.txt
new file mode 100644
index 0000000000..87346e8cae
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1516.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_mutual_tls_certificates: add support for mutual tls hostname settings
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1558.txt b/pkg/cloudflare-go/.changelog/1558.txt
new file mode 100644
index 0000000000..a297d72ea8
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1558.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps google.golang.org/protobuf from 1.28.0 to 1.33.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1562.txt b/pkg/cloudflare-go/.changelog/1562.txt
new file mode 100644
index 0000000000..e135f681d3
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1562.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: add support for `saml_attribute_transform_jsonata` in saas apps
+```
diff --git a/pkg/cloudflare-go/.changelog/1573.txt b/pkg/cloudflare-go/.changelog/1573.txt
new file mode 100644
index 0000000000..57d4e8c776
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1573.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps actions/checkout from 2 to 4
+```
diff --git a/pkg/cloudflare-go/.changelog/1593.txt b/pkg/cloudflare-go/.changelog/1593.txt
new file mode 100644
index 0000000000..8933672912
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1593.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1600.txt b/pkg/cloudflare-go/.changelog/1600.txt
new file mode 100644
index 0000000000..eee34a8637
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1600.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: Adds support for ocr_enabled boolean flag
+```
diff --git a/pkg/cloudflare-go/.changelog/1607.txt b/pkg/cloudflare-go/.changelog/1607.txt
new file mode 100644
index 0000000000..7fee8ceb11
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1607.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1615.txt b/pkg/cloudflare-go/.changelog/1615.txt
new file mode 100644
index 0000000000..3025209f59
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1615.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+teams_rules: add "resolve" to allowable actions
+```
diff --git a/pkg/cloudflare-go/.changelog/1618.txt b/pkg/cloudflare-go/.changelog/1618.txt
new file mode 100644
index 0000000000..eae139f30a
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1618.txt
@@ -0,0 +1,3 @@
+```release-note:breaking-change
+dns: Remove "locked" flag which is always false
+```
diff --git a/pkg/cloudflare-go/.changelog/1688.txt b/pkg/cloudflare-go/.changelog/1688.txt
new file mode 100644
index 0000000000..c9a9d3615e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1688.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.22.0 to 0.24.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1710.txt b/pkg/cloudflare-go/.changelog/1710.txt
new file mode 100644
index 0000000000..86b05e3512
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1710.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+magic_transit_ipsec_tunnel: Adds support for replay_protection boolean flag
+```
diff --git a/pkg/cloudflare-go/.changelog/1737.txt b/pkg/cloudflare-go/.changelog/1737.txt
new file mode 100644
index 0000000000..e8538c8340
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1737.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+workers: support deleting namespaced Workers
+```
diff --git a/pkg/cloudflare-go/.changelog/1790.txt b/pkg/cloudflare-go/.changelog/1790.txt
new file mode 100644
index 0000000000..d5ac346dd5
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1790.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: support options_preflight_bypass for access_application
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1811.txt b/pkg/cloudflare-go/.changelog/1811.txt
new file mode 100644
index 0000000000..86b6399a22
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1811.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_account: adds custom certificate setting to teams account configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1825.txt b/pkg/cloudflare-go/.changelog/1825.txt
new file mode 100644
index 0000000000..c0bf7ae54c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1825.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.19.0 to 0.23.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1826.txt b/pkg/cloudflare-go/.changelog/1826.txt
new file mode 100644
index 0000000000..7538106f32
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1826.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+gateway: added ecs_support field to teams_location resource
+```
diff --git a/pkg/cloudflare-go/.changelog/1832.txt b/pkg/cloudflare-go/.changelog/1832.txt
new file mode 100644
index 0000000000..4f09ea2c1b
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1832.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+ruleset: add support for action parameters `fonts` and `disable_rum`
+```
diff --git a/pkg/cloudflare-go/.changelog/1839.txt b/pkg/cloudflare-go/.changelog/1839.txt
new file mode 100644
index 0000000000..3cecfe483c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1839.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1845.txt b/pkg/cloudflare-go/.changelog/1845.txt
new file mode 100644
index 0000000000..ec93701491
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1845.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golangci/golangci-lint-action from 4 to 5
+```
diff --git a/pkg/cloudflare-go/.changelog/1861.txt b/pkg/cloudflare-go/.changelog/1861.txt
new file mode 100644
index 0000000000..a904c2c185
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1861.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2
+```
diff --git a/pkg/cloudflare-go/.changelog/1887.txt b/pkg/cloudflare-go/.changelog/1887.txt
new file mode 100644
index 0000000000..cb86d3beb6
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1887.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: add support for zt risk behavior configuration
+```
diff --git a/pkg/cloudflare-go/.changelog/1921.txt b/pkg/cloudflare-go/.changelog/1921.txt
new file mode 100644
index 0000000000..a36bc61f6d
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1921.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: add support for `scim_config`
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1956.txt b/pkg/cloudflare-go/.changelog/1956.txt
new file mode 100644
index 0000000000..2f149db7d0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1956.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+access_policy: add support for reusable policies
+```
+
+```release-note:enhancement
+access_application: add support for `policies` array
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1959.txt b/pkg/cloudflare-go/.changelog/1959.txt
new file mode 100644
index 0000000000..a5ab17228e
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1959.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+access_application: fix scim configuration authentication json marshalling
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1974.txt b/pkg/cloudflare-go/.changelog/1974.txt
new file mode 100644
index 0000000000..15e7a6af0f
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1974.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.24.0 to 0.25.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1975.txt b/pkg/cloudflare-go/.changelog/1975.txt
new file mode 100644
index 0000000000..a44e191529
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1975.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golangci/golangci-lint-action from 5 to 6
+```
diff --git a/pkg/cloudflare-go/.changelog/1981.txt b/pkg/cloudflare-go/.changelog/1981.txt
new file mode 100644
index 0000000000..71d4d074ef
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1981.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations
+```
diff --git a/pkg/cloudflare-go/.changelog/1991.txt b/pkg/cloudflare-go/.changelog/1991.txt
new file mode 100644
index 0000000000..d011b75902
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1991.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps bflad/action-milestone-comment from 1 to 2
+```
diff --git a/pkg/cloudflare-go/.changelog/1992.txt b/pkg/cloudflare-go/.changelog/1992.txt
new file mode 100644
index 0000000000..d72844282c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1992.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0
+```
diff --git a/pkg/cloudflare-go/.changelog/1993.txt b/pkg/cloudflare-go/.changelog/1993.txt
new file mode 100644
index 0000000000..86356e9429
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/1993.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6
+```
diff --git a/pkg/cloudflare-go/.changelog/2107.txt b/pkg/cloudflare-go/.changelog/2107.txt
new file mode 100644
index 0000000000..f76e36eeb7
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2107.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3
+```
diff --git a/pkg/cloudflare-go/.changelog/2126.txt b/pkg/cloudflare-go/.changelog/2126.txt
new file mode 100644
index 0000000000..47770bd2ea
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2126.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_accounts: Add `use_zt_virtual_ip` attribute
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/2131.txt b/pkg/cloudflare-go/.changelog/2131.txt
new file mode 100644
index 0000000000..d32928a2d0
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2131.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add support for Hybrid/Implicit flows and options
+```
diff --git a/pkg/cloudflare-go/.changelog/2165.txt b/pkg/cloudflare-go/.changelog/2165.txt
new file mode 100644
index 0000000000..d053fdc624
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2165.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+teams_account: Add Zero Trust connectivity settings
+```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/2249.txt b/pkg/cloudflare-go/.changelog/2249.txt
new file mode 100644
index 0000000000..4130a0f668
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2249.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7
+```
diff --git a/pkg/cloudflare-go/.changelog/2364.txt b/pkg/cloudflare-go/.changelog/2364.txt
new file mode 100644
index 0000000000..3e6fdd72ad
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2364.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps golang.org/x/net from 0.25.0 to 0.26.0
+```
diff --git a/pkg/cloudflare-go/.changelog/2365.txt b/pkg/cloudflare-go/.changelog/2365.txt
new file mode 100644
index 0000000000..ddf0506c9c
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2365.txt
@@ -0,0 +1,3 @@
+```release-note:dependency
+deps: bumps goreleaser/goreleaser-action from 5.1.0 to 6.0.0
+```
diff --git a/pkg/cloudflare-go/.changelog/2455.txt b/pkg/cloudflare-go/.changelog/2455.txt
new file mode 100644
index 0000000000..a3908aeb00
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/2455.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+access_application: Add support for SaaS OIDC Access Token Lifetime
+```
diff --git a/pkg/cloudflare-go/.changelog/998.txt b/pkg/cloudflare-go/.changelog/998.txt
new file mode 100644
index 0000000000..0b3aa66338
--- /dev/null
+++ b/pkg/cloudflare-go/.changelog/998.txt
@@ -0,0 +1,7 @@
+```release-note:enhancement
+rulesets: add support for `http_custom_errors` phase
+```
+
+```release-note:enhancement
+rulesets: add support for `serve_error` action
+```
diff --git a/pkg/cloudflare-go/.devcontainer/Dockerfile b/pkg/cloudflare-go/.devcontainer/Dockerfile
new file mode 100644
index 0000000000..28b19a666a
--- /dev/null
+++ b/pkg/cloudflare-go/.devcontainer/Dockerfile
@@ -0,0 +1 @@
+FROM golang:1.19
diff --git a/pkg/cloudflare-go/.devcontainer/devcontainer.json b/pkg/cloudflare-go/.devcontainer/devcontainer.json
new file mode 100644
index 0000000000..691cbd1c53
--- /dev/null
+++ b/pkg/cloudflare-go/.devcontainer/devcontainer.json
@@ -0,0 +1,36 @@
+{
+  "name": "Go",
+  "build": {
+    "dockerfile": "Dockerfile"
+  },
+  "runArgs": ["--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"],
+  "containerEnv": {
+    "GOPATH": "/go"
+  },
+  "remoteEnv": {
+    "GOPATH": "${containerEnv:GOPATH}"
+  },
+  "onCreateCommand": "go generate -tags tools internal/tools/tools.go",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "go.toolsManagement.checkForUpdates": "local",
+        "go.useLanguageServer": true,
+        "go.gopath": "/go",
+        "[go]": {
+          "editor.formatOnSave": true
+        },
+        "go.formatTool": "gofmt",
+        "go.formatFlags": ["-w", "-s"],
+        "go.toolsManagement.autoUpdate": true,
+        "go.lintTool": "golangci-lint",
+        "go.lintFlags": ["--fast"],
+        "gopls": {
+          "ui.semanticTokens": true
+        },
+        "go.survey.prompt": false
+      },
+      "extensions": ["golang.Go"]
+    }
+  }
+}
diff --git a/pkg/cloudflare-go/.github/CODEOWNERS b/pkg/cloudflare-go/.github/CODEOWNERS
new file mode 100644
index 0000000000..a5d8a3a9b9
--- /dev/null
+++ b/pkg/cloudflare-go/.github/CODEOWNERS
@@ -0,0 +1,5 @@
+
+# Own a service and want to be defined as an owner here? Open a PR or 
+# hit up @jacobbednarz to add your team.
+
+*  @jacobbednarz
diff --git a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
new file mode 100644
index 0000000000..0a836baac7
--- /dev/null
+++ b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
@@ -0,0 +1,66 @@
+name: "\U0001F41B Bug report"
+description: "When something isn't working as expected or documented"
+labels: ["kind/bug", "needs-triage"]
+body:
+- type: checkboxes
+  attributes:
+    label: Confirmation
+    description: Please make sure to have followed the following checks.
+    options:
+      - label: My issue isn't already found on the issue tracker.
+        required: true
+      - label: I have replicated my issue using the latest version of the library and it is still present.
+        required: true
+- type: input
+  attributes:
+    label: cloudflare-go version
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Go environment
+    description: Output from `go env`.
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Expected output
+    description: What did you expect to happen?
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Actual output
+    description: What actually happened?
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Code demonstrating the issue
+    description: |
+      No need to wrap the code in backticks, it will be automatically rendered 
+      as Go in the final issue.
+    placeholder: |
+      1. ...
+      2. ...
+      3. ...
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: Steps to reproduce
+    description: How can your issue be replicated?
+    placeholder: |
+      1. ...
+      2. ...
+      3. ...
+  validations:
+    required: true
+- type: textarea
+  attributes:
+    label: References
+    description: |
+      Are there any other GitHub issues (open or closed) or Pull Requests that 
+      should be linked here? 
+  validations:
+    required: false
diff --git a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000000..0002ca53c2
--- /dev/null
+++ b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,11 @@
+blank_issues_enabled: false
+contact_links:
+  - name: v2.0.0 Beta feedback
+    url: https://github.com/cloudflare/cloudflare-go/discussions/1538
+    about: |
+      If you have a feature request or feedback on our new v2 library, please comment in our discussion page.
+  - name: Cloudflare support
+    url: https://developers.cloudflare.com/support/contacting-cloudflare-support
+    about: |
+      Please only file issues here that you believe represent actual bugs for the Cloudflare Go library.
+      If you're having general trouble with the Cloudflare API, please visit our help center to get support.
diff --git a/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md b/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000000..5e7ad42526
--- /dev/null
+++ b/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,45 @@
+<!-- 
+Provide a general summary of your changes in the title above. You should
+remove this overview, any sections and any section descriptions you
+don't need below before submitting. There isn't a strict requirement to
+use this template if you can structure your description and still cover
+these points. 
+-->
+
+## Description
+
+<!--
+Describe your changes in detail through motivation and context. Why is
+this change required? What problem does it solve? If it fixes an open
+issue, link to the issue using GitHub's closing issues keywords[1].
+-->
+## Has your change been tested?
+
+<!--
+Explain how the change has been tested and what you ran to confirm your
+change affects other parts of the code. Automated tests are generally
+expected and changes without tests should explain why they aren't
+required.
+-->
+
+## Screenshots (if appropriate):
+
+## Types of changes
+
+What sort of change does your code introduce/modify?
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to change)
+
+## Checklist:
+
+- [ ] My code follows the code style of this project.
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.
+- [ ] I have added tests to cover my changes.
+- [ ] All new and existing tests passed.
+- [ ] This change is using publicly documented in [cloudflare/api-schemas](https://github.com/cloudflare/api-schemas) 
+      and relies on stable APIs.
+
+[1]: https://help.github.com/articles/closing-issues-using-keywords/
diff --git a/pkg/cloudflare-go/.github/dependabot.yml b/pkg/cloudflare-go/.github/dependabot.yml
new file mode 100644
index 0000000000..6d349bc3ca
--- /dev/null
+++ b/pkg/cloudflare-go/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: "gomod"
+  directory: "/"
+  schedule:
+    interval: "daily"
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: "daily"
+- package-ecosystem: "docker"
+  directory: "/"
+  schedule:
+    interval: "daily"
diff --git a/pkg/cloudflare-go/.github/labels.yml b/pkg/cloudflare-go/.github/labels.yml
new file mode 100644
index 0000000000..f31c97f0e8
--- /dev/null
+++ b/pkg/cloudflare-go/.github/labels.yml
@@ -0,0 +1,208 @@
+- name: "kind: breaking-change"
+  description: ""
+  color: e11d21
+- name: "kind: bug"
+  description: Categorizes issue or PR as related to a bug.
+  color: e11d21
+- name: 'kind: generation-issue'
+  description: Categorizes issue or PR as related to the generation pipeline.
+  color: e11d21
+- name: "kind: documentation"
+  description: Categorizes issue or PR as related to documentation.
+  color: d4c5f9
+- name: "kind: enhancement"
+  description: Categorizes issue or PR as related to improving an existing feature.
+  color: d4c5f9
+- name: "kind: failing-test"
+  description: |
+    Categorizes issue or PR as related to a consistently or frequently failing
+    test.
+  color: e11d21
+- name: "kind: flakey"
+  description: Categorizes issue or PR as related to a flaky test.
+  color: e11d21
+- name: "kind: regression"
+  description: Categorizes issue or PR as related to a regression from a prior release.
+  color: e11d21
+- name: "kind: support"
+  description: Categorizes issue or PR as related to user support.
+  color: e11d21
+- name: "lifecycle: stale"
+  description: ""
+  color: e11d21
+- name: "likelihood: all"
+  description: Categorizes issue or PR as impacting all users.
+  color: F7D2B6
+- name: "likelihood: few"
+  description: Categorizes issue or PR as impacting a small portion of users.
+  color: F7D2B6
+- name: "likelihood: low"
+  description: Categorizes issue or PR as impacting a low portion of users.
+  color: F7D2B6
+- name: "likelihood: many"
+  description: Categorizes issue or PR as impacting many users.
+  color: F7D2B6
+- name: "likelihood: most"
+  description: Categorizes issue or PR as impacting most users.
+  color: F7D2B6
+- name: needs-triage
+  description: "Indicates an issue or PR lacks a `triage: foo` label and requires one."
+  color: ef9ed3
+- name: "service: access"
+  description: Categorizes issue or PR as related to the Access service.
+  color: 98D063
+- name: "service: addressing"
+  description: Categorizes issue or PR as related to the Addressing service.
+  color: 98D063
+- name: "service: api-shield"
+  description: Categorizes issue or PR as related to the API shield service.
+  color: 98D063
+- name: "service: argo"
+  description: Categorizes issue or PR as related to the Argo service.
+  color: 98D063
+- name: "service: bot-management"
+  description: Categorizes issue or PR as related to the Bot Management service.
+  color: 98D063
+- name: "service: byoip"
+  description: Categorizes issue or PR as related to the BYOIP service.
+  color: 98D063
+- name: "service: cache"
+  description: Categorizes issue or PR as related to the Content Delivery service.
+  color: 98D063
+- name: "service: custom-pages"
+  description: Categorizes issue or PR as related to the custom pages service.
+  color: 98D063
+- name: "service: d1"
+  description: Categorizes issue or PR as related to the D1 service.
+  color: 98D063
+- name: "service: dns"
+  description: Categorizes issue or PR as related to the DNS service.
+  color: 98D063
+- name: "service: durable-objects"
+  description: Categorizes issue or PR as related to the Durable Objects service.
+  color: 98D063
+- name: "service: firewall"
+  description: Categorizes issue or PR as related to the Firewall service.
+  color: 98D063
+- name: "service: gateway"
+  description: Categorizes issue or PR as related to the Zero Trust Gateway service.
+  color: 98D063
+- name: "service: iam"
+  description: Categorizes issue or PR as related to the IAM service.
+  color: 98D063
+- name: "service: kv"
+  description: Categorizes issue or PR as related to the KV service.
+  color: 98D063
+- name: "service: list"
+  description: Categorizes issue or PR as related to the List service.
+  color: 98D063
+- name: "service: lists"
+  description: Categorizes issue or PR as related to the Lists service.
+  color: 98D063
+- name: "service: load-balancing"
+  description: Categorizes issue or PR as related to the Load Balancing service.
+  color: 98D063
+- name: "service: logs"
+  description: Categorizes issue or PR as related to the Logging services.
+  color: 98D063
+- name: "service: magic-transit"
+  description: Categorizes issue or PR as related to Magic Transit services.
+  color: 98D063
+- name: "service: magic-wan"
+  description: Categorizes issue or PR as related to the Magic WAN service.
+  color: 98D063
+- name: "service: notifications"
+  description: Categorizes issue or PR as related to the notification service.
+  color: 98D063
+- name: "service: page-rules"
+  description: Categorizes issue or PR as related to the Page Rules service.
+  color: 98D063
+- name: "service: pages"
+  description: Categorizes issue or PR as related to the Pages service.
+  color: 98D063
+- name: "service: r2"
+  description: Categorizes issue or PR as related to the R2 service.
+  color: 98D063
+- name: "service: rulesets"
+  description: Categorizes issue or PR as related to the Rulesets service.
+  color: 98D063
+- name: "service: spectrum"
+  description: Categorizes issue or PR as related to the Spectrum service.
+  color: 98D063
+- name: "service: tls"
+  description: Categorizes issue or PR as related to the TLS services.
+  color: 98D063
+- name: "service: tunnel"
+  description: Categorizes issue or PR as related to the Tunnel service.
+  color: 98D063
+- name: "service: turnstile"
+  description: |
+    Categorizes issue or PR as related to Turnstile and the Challenge Platform
+    service.
+  color: 98D063
+- name: "service: workers"
+  description: Categorizes issue or PR as related to the Workers service.
+  color: 98D063
+- name: "service: zero-trust-devices"
+  description: Categorizes issue or PR as related to the Zero Trust Devices service.
+  color: 98D063
+- name: "service: zones"
+  description: Categorizes issue or PR as related to the Zones service.
+  color: 98D063
+- name: spam
+  description: ""
+  color: e6f99f
+- name: "triage: accepted"
+  description: Indicates an issue or PR is ready to be actively worked on.
+  color: fbca04
+- name: "triage: duplicate"
+  description: Indicates an issue is a duplicate of other open issue.
+  color: fbca04
+- name: "triage: needs-information"
+  description: Indicates an issue needs more information in order to work on it.
+  color: fbca04
+- name: "triage: not-reproducible"
+  description: Indicates an issue can not be reproduced as described.
+  color: fbca04
+- name: "triage: unresolved"
+  description: Indicates an issue that can not or will not be resolved.
+  color: fbca04
+- name: "workflow: needs-review"
+  description: Indicates an issue or PR needs review or feedback.
+  color: 006b75
+- name: "workflow: pending-cloudflare-response"
+  description: Indicates an issue or PR requires a response from the Cloudflare team.
+  color: 006b75
+- name: "workflow: pending-contributor-response"
+  description: Indicates an issue or PR requires a response from a contributor.
+  color: 006b75
+- name: "workflow: pending-maintainer-response"
+  description: Indicates an issue or PR requires a response from the maintainer team.
+  color: 006b75
+- name: "workflow: pending-op-response"
+  description: Indicates an issue or PR requires a response from the original poster.
+  color: 006b75
+- name: "workflow: pending-public-documentation"
+  description: |
+    Indicates an issue or PR requires changes to public documentation confirming
+    suitability for use.
+  color: 006b75
+- name: "workflow: pending-upstream-library"
+  description: Indicates an issue or PR requires changes from an upstream library.
+  color: 006b75
+- name: "workflow: pending-schemas"
+  description: Indicates an issue or PR requires changes from an upstream library.
+  color: 006b75
+- name: "workflow: synced"
+  description: ""
+  color: 006b75
+
+# autorelease management
+- name: "autorelease: custom version"
+  color: ededed
+- name: "autorelease: pending"
+  color: ededed
+- name: "autorelease: pre-release"
+  color: ededed
+- name: "autorelease: tagged"
+  color: ededed
diff --git a/pkg/cloudflare-go/.github/stale.yml b/pkg/cloudflare-go/.github/stale.yml
new file mode 100644
index 0000000000..3cb76e8841
--- /dev/null
+++ b/pkg/cloudflare-go/.github/stale.yml
@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 180
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 30
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false
diff --git a/pkg/cloudflare-go/.github/workflows/changelog-check.yml b/pkg/cloudflare-go/.github/workflows/changelog-check.yml
new file mode 100644
index 0000000000..fe273f2358
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/changelog-check.yml
@@ -0,0 +1,19 @@
+name: Changelog check
+on: [pull_request_target]
+
+jobs:
+  changelog-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'internal/tools/go.mod'
+      - run: go generate -tags tools internal/tools/tools.go
+      - run: go run cmd/changelog-check/main.go ${{ github.event.pull_request.number }}
+        working-directory: ./internal/tools
+        env:
+          GITHUB_OWNER: cloudflare
+          GITHUB_REPO: cloudflare-go
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml b/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000000..8321177b3c
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,70 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '41 2 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
diff --git a/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml b/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
new file mode 100644
index 0000000000..8c8d83877d
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
@@ -0,0 +1,35 @@
+name: Add CHANGELOG for dependabot changes
+on: pull_request_target
+permissions:
+  pull-requests: write
+  issues: write
+  repository-projects: write
+  contents: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Fetch dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2.1.0
+      - uses: actions/checkout@v4
+      - run: |
+          gh pr checkout $PR_URL
+          cat << EOF > .changelog/$PR_NUMBER.txt
+          \`\`\`release-note:dependency
+          deps: bumps $DEP_NAME from $DEP_PREV_VERSION to $DEP_NEXT_VERSION
+          \`\`\`
+          EOF
+          git config user.name github-actions[bot]
+          git config user.email github-actions[bot]@users.noreply.github.com
+          git add .changelog/$PR_NUMBER.txt
+          git commit -m "add CHANGELOG for #$PR_NUMBER"
+          git push
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          DEP_NAME: ${{ steps.dependabot-metadata.outputs.dependency-names }}
+          DEP_PREV_VERSION: ${{ steps.dependabot-metadata.outputs.previous-version }}
+          DEP_NEXT_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }}
diff --git a/pkg/cloudflare-go/.github/workflows/generate-changelog.yml b/pkg/cloudflare-go/.github/workflows/generate-changelog.yml
new file mode 100644
index 0000000000..73de291827
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/generate-changelog.yml
@@ -0,0 +1,31 @@
+name: Generate CHANGELOG
+on:
+  pull_request_target:
+    types: [closed]
+  workflow_dispatch:
+jobs:
+  GenerateChangelog:
+    if: github.event.pull_request.merged || github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'internal/tools/go.mod'
+      - run: go generate -tags tools internal/tools/tools.go
+      - run: ./scripts/generate-changelog.sh
+      - run: |
+          if [[ `git status --porcelain` ]]; then
+            if ${{github.event_name == 'workflow_dispatch'}}; then
+              MSG="Update CHANGELOG.md (Manual Trigger)"
+            else
+              MSG="Update CHANGELOG.md for #${{ github.event.pull_request.number }}"
+            fi
+            git config --local user.email changelogbot@cloudflare.com
+            git config --local user.name changelogbot
+            git add CHANGELOG.md
+            git commit -m "$MSG"
+            git push
+          fi
diff --git a/pkg/cloudflare-go/.github/workflows/lint.yml b/pkg/cloudflare-go/.github/workflows/lint.yml
new file mode 100644
index 0000000000..ea44260830
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/lint.yml
@@ -0,0 +1,50 @@
+name: Lint
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - ready_for_review
+jobs:
+  golangci-lint:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go${{ matrix.go-version }}-${{ hashFiles('**/go.mod') }}-${{ hashFiles('**/go.sum') }}
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+          args: "--config .golintci.yaml"
+          only-new-issues: true # only show new issues in the PR, not all.
+
+  semgrep:
+    name: semgrep
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      - uses: actions/checkout@v4
+      - run: semgrep ci --config .semgrep.yml
+        env:
+          # only trigger for files in this change
+          SEMGREP_BASELINE_BRANCH: ${{ github.head_ref }}
+
+  # structslop:
+  #  name: structslop
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #    - uses: actions/checkout@v4
+  #    - uses: actions/setup-go@v3
+  #      with:
+  #        go-version: "1.18"
+  #    - name: structslop
+  #      run: |
+  #        go generate -tags tools tools/tools.go
+  #        $(go env GOPATH)/bin/structslop .
diff --git a/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml b/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
new file mode 100644
index 0000000000..f44571e650
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
@@ -0,0 +1,29 @@
+name: Lock released issues and PRs
+
+on:
+  workflow_dispatch:
+    inputs:
+      issue_list:
+        description: Comma seperated (no spaces) list of issues/PRs to lock
+        required: true
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  lock-closed-issues:
+    runs-on: ubuntu-latest
+    steps: 
+      - uses: actions/checkout@v4
+      - run: |
+          IFS=',' read -r -a issues <<< "$ISSUES"
+          for element in "${issues[@]}"
+          do
+              echo "Locking $element"
+              echo "no" | gh pr lock -r resolved $element || true
+              echo "no" | gh issue lock -r resolved $element || true
+          done
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUES: ${{ github.event.inputs.issue_list }}
diff --git a/pkg/cloudflare-go/.github/workflows/milestone-closed.yml b/pkg/cloudflare-go/.github/workflows/milestone-closed.yml
new file mode 100644
index 0000000000..bea4e2f766
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/milestone-closed.yml
@@ -0,0 +1,40 @@
+name: Closed Milestones
+
+on:
+  milestone:
+    types: [closed]
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  comment-on-closed-milestone:
+    runs-on: ubuntu-latest
+    outputs:
+      ids: ${{ steps.milestone-comment.outputs.ids }}
+    steps:
+      - id: milestone-comment
+        uses: bflad/action-milestone-comment@v2
+        with:
+          body: |
+            This functionality has been released in [${{ github.event.milestone.title }}](https://github.com/${{ github.repository }}/releases/tag/${{ github.event.milestone.title }}).
+
+            For further feature requests or bug reports with this functionality, please create a [new GitHub issue](https://github.com/${{ github.repository }}/issues/new/choose) following the template. Thank you!
+  
+  lock-closed-issues:
+    runs-on: ubuntu-latest
+    needs: comment-on-closed-milestone
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          IFS=',' read -r -a issues <<< "$ISSUES"
+          for element in "${issues[@]}"
+          do
+              echo "Locking $element"
+              echo "no" | gh pr lock -r resolved $element || true
+              echo "no" | gh issue lock -r resolved $element || true
+          done
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ISSUES: ${{ needs.comment-on-closed-milestone.outputs.ids }}
diff --git a/pkg/cloudflare-go/.github/workflows/milestones.yml b/pkg/cloudflare-go/.github/workflows/milestones.yml
new file mode 100644
index 0000000000..d161b09550
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/milestones.yml
@@ -0,0 +1,25 @@
+on:
+  pull_request_target:
+    types: [closed]
+name: Add merged PR and linked issues to current milestone of target branch
+jobs:
+  add-merged-to-current-milestone:
+    if: github.event.pull_request.merged
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
+      - id: get-current-milestone
+        run: |
+            echo ::set-output name=current_milestone::v$(head -1 CHANGELOG.md | cut -d " " -f 2)
+      - run: echo ${{ steps.get-current-milestone.outputs.current_milestone }}
+      - id: get-milestone-id
+        run: |
+          echo ::set-output name=milestone_id::$(curl -H "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/milestones | jq 'map(select(.title == "${{ steps.get-current-milestone.outputs.current_milestone }}"))[0].number')
+      - run: echo ${{ steps.get-milestone-id.outputs.milestone_id }}
+      - uses: breathingdust/current-milestone-action@v4
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          pull_number: ${{ github.event.pull_request.number }}
+          milestone_number: ${{ steps.get-milestone-id.outputs.milestone_id }}
diff --git a/pkg/cloudflare-go/.github/workflows/release.yml b/pkg/cloudflare-go/.github/workflows/release.yml
new file mode 100644
index 0000000000..7abfac5e12
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/release.yml
@@ -0,0 +1,26 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v6.0.0
+        with:
+          version: latest
+          args: release --clean
+          workdir: cmd/flarectl
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pkg/cloudflare-go/.github/workflows/sync-labels.yml b/pkg/cloudflare-go/.github/workflows/sync-labels.yml
new file mode 100644
index 0000000000..fd69921cfc
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/sync-labels.yml
@@ -0,0 +1,18 @@
+name: Sync labels
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+    paths:
+      - .github/labels.yml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: micnncim/action-label-syncer@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          manifest: .github/labels.yml
diff --git a/pkg/cloudflare-go/.github/workflows/test.yml b/pkg/cloudflare-go/.github/workflows/test.yml
new file mode 100644
index 0000000000..1405737f7f
--- /dev/null
+++ b/pkg/cloudflare-go/.github/workflows/test.yml
@@ -0,0 +1,22 @@
+on: [pull_request]
+name: Test
+jobs:
+  test:
+    strategy:
+      matrix:
+        go-version: ["1.20", "1.21", "1.22"]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go${{ matrix.go-version }}-${{ hashFiles('**/go.mod') }}-${{ hashFiles('**/go.sum') }}
+      - name: Vet
+        run: go vet ./...
+      - name: Test
+        run: go test -v -race ./...
diff --git a/pkg/cloudflare-go/.gitignore b/pkg/cloudflare-go/.gitignore
new file mode 100644
index 0000000000..0953e13b27
--- /dev/null
+++ b/pkg/cloudflare-go/.gitignore
@@ -0,0 +1,6 @@
+.idea
+.vscode/
+cmd/flarectl/dist/
+cmd/flarectl/flarectl
+cmd/flarectl/flarectl.exe
+.flox/
diff --git a/pkg/cloudflare-go/.golintci.yaml b/pkg/cloudflare-go/.golintci.yaml
new file mode 100644
index 0000000000..d5d1c93978
--- /dev/null
+++ b/pkg/cloudflare-go/.golintci.yaml
@@ -0,0 +1,33 @@
+run:
+  timeout: 5m
+  issues-exit-code: 1
+  tests: true
+  skip-dirs-use-default: true
+  modules-download-mode: readonly
+
+linters:
+  enable:
+    - bodyclose      # ensure HTTP response bodies are successfully closed.
+    - contextcheck   # check we are passing context an inherited context.
+    - gofmt          # checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification.
+    - errname        # checks that sentinel errors are prefixed with the `Err`` and error types are suffixed with the `Error``.
+    - errorlint      # used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
+    - godot          # check if comments end in a period.
+    - misspell       # finds commonly misspelled English words in comments.
+    - nilerr         # checks that there is no simultaneous return of nil error and an invalid value.
+    - tparallel      # detects inappropriate usage of t.Parallel() method in your Go test codes.
+    - unparam        # reports unused function parameters.
+    - whitespace     # detection of leading and trailing whitespace.
+    - gosec          # inspects source code for security problems.
+    - bidichk        # checks for dangerous unicode character sequences.
+    - exportloopref  # prevent scope issues with pointers in loops.
+    - goconst        # use constants where values are repeated.
+    - reassign       # checks that package variables are not reassigned.
+    - goimports      # checks import grouping and code formatting.
+
+output:
+  format: colored-line-number
+
+linters-settings:
+  goconst:
+    ignore-tests: true
diff --git a/pkg/cloudflare-go/.semgrep.yml b/pkg/cloudflare-go/.semgrep.yml
new file mode 100644
index 0000000000..e0a6dc4a51
--- /dev/null
+++ b/pkg/cloudflare-go/.semgrep.yml
@@ -0,0 +1,88 @@
+rules:
+  - id: rfc-5737-ip-address
+    languages:
+      - go
+    message: Where a real IPv4 address isn't needed, use IPv4 addresses from RFC5737.
+    paths:
+      include:
+        - '*.go'
+    patterns:
+      - pattern-regex: '(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
+      - pattern-not-regex: '10\.\d+\.\d+.\d+'
+      - pattern-not-regex: '192\.168\.\d+.\d+'
+      - pattern-not-regex: '192\.0\.2\.\d+'    # 192.0.2.0/24 (TEST-NET-1, rfc5737)
+      - pattern-not-regex: '198\.51\.100\.\d+' # 198.51.100.0/24 (TEST-NET-2, rfc5737)
+      - pattern-not-regex: '203\.0\.113\.\d+'  # 203.0.113.0/24 (TEST-NET-3, rfc5737)
+    severity: WARNING
+  - id: rfc-3849-ip-address
+    languages:
+      - generic
+    message: Where a real IPv6 address isn't needed, use IPv6 addresses from RFC3849.
+    paths:
+      include:
+        - '*.go'
+    patterns:
+      - pattern-regex: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
+    severity: WARNING
+
+  - id: calling-errors-wrap
+    languages: [go]
+    message: 'Do not call `errors.Wrap`. Use `fmt.Errorf(".. : %w", err)` instead.'
+    patterns:
+      - pattern-either:
+        - pattern: |
+            errors.Wrap(...)
+    severity: WARNING
+  - id: no-use-of-stdlib-json
+    languages:
+      - go
+    message: Favour "github.com/goccy/go-json" instead of "encoding/json" to allow better customisation of marshaling and unmarshaling JSON attributes. See https://github.com/cloudflare/cloudflare-go/pull/1360 for full details.
+    paths:
+      include:
+        - '*.go'
+    patterns:
+      - pattern-regex: '\"encoding\/json\"'
+    fix-regex:
+      regex: \".*\"
+      replacement: '"github.com/goccy/go-json"'
+    severity: WARNING
+  - id: use-pointers-for-booleans
+    languages:
+      - go
+    message: |
+      Booleans should always be represented as pointers in structs with an omitempty marshaling tag (most commonly as JSON). This ensures you can determine unset, false and truthy values.
+    paths:
+      include:
+        - '*.go'
+    patterns:
+      - pattern-regex: "bool"
+      - pattern-not-regex: "\\*bool"
+      - pattern-either:
+        - pattern-inside: |
+            type $STRUCTNAME struct {
+                ...
+            }
+    severity: WARNING
+    metadata:
+      references:
+        - https://github.com/cloudflare/cloudflare-go/blob/master/docs/conventions.md#booleans
+  - id: use-pointers-for-time
+    languages:
+      - go
+    message: |
+      time.Time should always be represented as pointers in structs.
+    paths:
+      include:
+        - '*.go'
+    patterns:
+      - pattern-regex: "time\\.Time"
+      - pattern-not-regex: "\\*time\\.Time"
+      - pattern-either:
+        - pattern-inside: |
+            type $STRUCTNAME struct {
+                ...
+            }
+    severity: WARNING
+    metadata:
+      references:
+        - https://github.com/cloudflare/cloudflare-go/blob/master/docs/conventions.md#timetime
diff --git a/pkg/cloudflare-go/.semgrepignore b/pkg/cloudflare-go/.semgrepignore
new file mode 100644
index 0000000000..e12718f031
--- /dev/null
+++ b/pkg/cloudflare-go/.semgrepignore
@@ -0,0 +1,22 @@
+# Based on the default .semgrepignore documented here:
+
+# https://semgrep.dev/docs/ignoring-files-folders-code/#understanding-semgrep-defaults
+
+# but not ignoring '\*\_test.go'.
+
+# Ignore git items
+
+.gitignore
+.git/
+:include .gitignore
+
+.semgrep
+.semgrep_logs/
+
+.github/
+.vscode/
+.changelog/
+CHANGELOG.md
+go.mod
+go.sum
+README.md
diff --git a/pkg/cloudflare-go/CHANGELOG.md b/pkg/cloudflare-go/CHANGELOG.md
new file mode 100644
index 0000000000..7c85aa3400
--- /dev/null
+++ b/pkg/cloudflare-go/CHANGELOG.md
@@ -0,0 +1,1140 @@
+## 0.98.0 (Unreleased)
+
+## 0.97.0 (June 5th, 2024)
+
+ENHANCEMENTS:
+
+* access_application: Add support for Hybrid/Implicit flows and options ([#2131](https://github.com/cloudflare/cloudflare-go/issues/2131))
+* teams_account: Add Zero Trust connectivity settings ([#2165](https://github.com/cloudflare/cloudflare-go/issues/2165))
+* teams_accounts: Add `use_zt_virtual_ip` attribute ([#2126](https://github.com/cloudflare/cloudflare-go/issues/2126))
+
+DEPENDENCIES:
+
+* deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3 ([#2107](https://github.com/cloudflare/cloudflare-go/issues/2107))
+* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 ([#2249](https://github.com/cloudflare/cloudflare-go/issues/2249))
+
+## 0.96.0 (May 22nd, 2024)
+
+ENHANCEMENTS:
+
+* access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations ([#1981](https://github.com/cloudflare/cloudflare-go/issues/1981))
+* ruleset: add support for action parameters `fonts` and `disable_rum` ([#1832](https://github.com/cloudflare/cloudflare-go/issues/1832))
+
+DEPENDENCIES:
+
+* deps: bumps bflad/action-milestone-comment from 1 to 2 ([#1991](https://github.com/cloudflare/cloudflare-go/issues/1991))
+* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6 ([#1993](https://github.com/cloudflare/cloudflare-go/issues/1993))
+* deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ([#1992](https://github.com/cloudflare/cloudflare-go/issues/1992))
+
+## 0.95.0 (May 8th, 2024)
+
+ENHANCEMENTS:
+
+* access_application: add support for `policies` array ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
+* access_application: add support for `scim_config` ([#1921](https://github.com/cloudflare/cloudflare-go/issues/1921))
+* access_policy: add support for reusable policies ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
+* dlp: add support for zt risk behavior configuration ([#1887](https://github.com/cloudflare/cloudflare-go/issues/1887))
+
+BUG FIXES:
+
+* access_application: fix scim configuration authentication json marshalling ([#1959](https://github.com/cloudflare/cloudflare-go/issues/1959))
+
+DEPENDENCIES:
+
+* deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0 ([#1839](https://github.com/cloudflare/cloudflare-go/issues/1839))
+* deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 ([#1861](https://github.com/cloudflare/cloudflare-go/issues/1861))
+* deps: bumps golang.org/x/net from 0.24.0 to 0.25.0 ([#1974](https://github.com/cloudflare/cloudflare-go/issues/1974))
+* deps: bumps golangci/golangci-lint-action from 4 to 5 ([#1845](https://github.com/cloudflare/cloudflare-go/issues/1845))
+* deps: bumps golangci/golangci-lint-action from 5 to 6 ([#1975](https://github.com/cloudflare/cloudflare-go/issues/1975))
+
+## 0.94.0 (April 24th, 2024)
+
+ENHANCEMENTS:
+
+* access_application: support options_preflight_bypass for access_application ([#1790](https://github.com/cloudflare/cloudflare-go/issues/1790))
+* gateway: added ecs_support field to teams_location resource ([#1826](https://github.com/cloudflare/cloudflare-go/issues/1826))
+* teams_account: adds custom certificate setting to teams account configuration ([#1811](https://github.com/cloudflare/cloudflare-go/issues/1811))
+* workers: support deleting namespaced Workers ([#1737](https://github.com/cloudflare/cloudflare-go/issues/1737))
+
+DEPENDENCIES:
+
+* deps: bumps golang.org/x/net from 0.19.0 to 0.23.0 ([#1825](https://github.com/cloudflare/cloudflare-go/issues/1825))
+
+## 0.93.0 (April 10th, 2024)
+
+BREAKING CHANGES:
+
+* dns: Remove "locked" flag which is always false ([#1618](https://github.com/cloudflare/cloudflare-go/issues/1618))
+
+ENHANCEMENTS:
+
+* magic_transit_ipsec_tunnel: Adds support for replay_protection boolean flag ([#1710](https://github.com/cloudflare/cloudflare-go/issues/1710))
+
+DEPENDENCIES:
+
+* deps: bumps golang.org/x/net from 0.22.0 to 0.24.0 ([#1688](https://github.com/cloudflare/cloudflare-go/issues/1688))
+
+## 0.92.0 (March 27th, 2024)
+
+ENHANCEMENTS:
+
+- dlp: Adds support for ocr_enabled boolean flag ([#1600](https://github.com/cloudflare/cloudflare-go/issues/1600))
+
+BUG FIXES:
+
+- teams_rules: add "resolve" to allowable actions ([#1615](https://github.com/cloudflare/cloudflare-go/issues/1615))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0 ([#1593](https://github.com/cloudflare/cloudflare-go/issues/1593))
+- deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0 ([#1607](https://github.com/cloudflare/cloudflare-go/issues/1607))
+
+## 0.91.0 (March 22nd, 2024)
+
+ENHANCEMENTS:
+
+- access_application: add support for `saml_attribute_transform_jsonata` in saas apps ([#1562](https://github.com/cloudflare/cloudflare-go/issues/1562))
+- dlp: Adds support for ocr_enabled boolean flag ([#1600](https://github.com/cloudflare/cloudflare-go/issues/1600))
+
+BUG FIXES:
+
+- teams_rules: add "resolve" to allowable actions ([#1615](https://github.com/cloudflare/cloudflare-go/issues/1615))
+
+DEPENDENCIES:
+
+- deps: bumps actions/checkout from 2 to 4 ([#1573](https://github.com/cloudflare/cloudflare-go/issues/1573))
+- deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0 ([#1593](https://github.com/cloudflare/cloudflare-go/issues/1593))
+- deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0 ([#1607](https://github.com/cloudflare/cloudflare-go/issues/1607))
+- deps: bumps google.golang.org/protobuf from 1.28.0 to 1.33.0 ([#1558](https://github.com/cloudflare/cloudflare-go/issues/1558))
+
+## 0.90.0 (March 13th, 2024)
+
+ENHANCEMENTS:
+
+- access_mutual_tls_certificates: add support for mutual tls hostname settings ([#1516](https://github.com/cloudflare/cloudflare-go/issues/1516))
+- device_posture_rule: support last_seen and state for crowdstrike_s2s posture rule ([#1509](https://github.com/cloudflare/cloudflare-go/issues/1509))
+- dlp: add support for Context Awareness in DLP profiles ([#1497](https://github.com/cloudflare/cloudflare-go/issues/1497))
+- workers: Add Workers for Platforms support for getting a Worker, content and bindings ([#1508](https://github.com/cloudflare/cloudflare-go/issues/1508))
+- workers_for_platforms: Add ability to list Workers for Platforms namespaces, get a namespace, create a new namespace or delete a namespace. ([#1508](https://github.com/cloudflare/cloudflare-go/issues/1508))
+
+BUG FIXES:
+
+- dlp: added optional ContextAwareness support ([#1510](https://github.com/cloudflare/cloudflare-go/issues/1510))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/stretchr/testify from 1.8.4 to 1.9.0 ([#1511](https://github.com/cloudflare/cloudflare-go/issues/1511))
+- deps: bumps golang.org/x/net from 0.21.0 to 0.22.0 ([#1513](https://github.com/cloudflare/cloudflare-go/issues/1513))
+
+## 0.89.0 (February 28th, 2024)
+
+NOTES:
+
+- zaraz: replace deprecated neoEvents with Actions on Zaraz Config tools schema ([#1490](https://github.com/cloudflare/cloudflare-go/issues/1490))
+
+ENHANCEMENTS:
+
+- magic-transit: Adds IPsec tunnel healthcheck direction & rate parameters ([#1503](https://github.com/cloudflare/cloudflare-go/issues/1503))
+
+BUG FIXES:
+
+- registrar: Fix request method to call domain list endpoint from POST to GET ([#1506](https://github.com/cloudflare/cloudflare-go/issues/1506))
+
+## 0.88.0 (February 14th, 2024)
+
+ENHANCEMENTS:
+
+- access_application: Add support for OIDC SaaS Applications ([#1500](https://github.com/cloudflare/cloudflare-go/issues/1500))
+- access_application: Add support for `allow_authenticate_via_warp` ([#1496](https://github.com/cloudflare/cloudflare-go/issues/1496))
+- access_application: add support for `name_id_transform_jsonata` in saas apps ([#1505](https://github.com/cloudflare/cloudflare-go/issues/1505))
+- access_organization: Add support for `allow_authenticate_via_warp` and `warp_auth_session_duration` ([#1496](https://github.com/cloudflare/cloudflare-go/issues/1496))
+- hyperdrive: Add support for hyperdrive CRUD operations ([#1492](https://github.com/cloudflare/cloudflare-go/issues/1492))
+- images_variants: Add support for Images Variants CRUD operations ([#1494](https://github.com/cloudflare/cloudflare-go/issues/1494))
+- teams_rules: `AntiVirus` settings includes notification settings ([#1499](https://github.com/cloudflare/cloudflare-go/issues/1499))
+
+BUG FIXES:
+
+- hyperdrive: password should be nested in origin ([#1501](https://github.com/cloudflare/cloudflare-go/issues/1501))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.20.0 to 0.21.0 ([#1502](https://github.com/cloudflare/cloudflare-go/issues/1502))
+- deps: bumps golangci/golangci-lint-action from 3 to 4 ([#1504](https://github.com/cloudflare/cloudflare-go/issues/1504))
+
+## 0.87.0 (January 31st, 2024)
+
+ENHANCEMENTS:
+
+- access_seats: Add `UpdateAccessUsersSeats` with an array as input for multiple operations ([#1480](https://github.com/cloudflare/cloudflare-go/issues/1480))
+- dlp: add support for EDM and CWL datasets ([#1485](https://github.com/cloudflare/cloudflare-go/issues/1485))
+- logpush: Add support for Output Options ([#1468](https://github.com/cloudflare/cloudflare-go/issues/1468))
+- pages_project: Add `build_caching` attribute ([#1489](https://github.com/cloudflare/cloudflare-go/issues/1489))
+- streams: adds support for stream create parameters for tus upload initiate ([#1386](https://github.com/cloudflare/cloudflare-go/issues/1386))
+- teams_accounts: add support for extended email matching ([#1486](https://github.com/cloudflare/cloudflare-go/issues/1486))
+
+BUG FIXES:
+
+- access_seats: UpdateAccessUserSeat: fix parameters not being an array when sending to the api. This caused an error when updating a user's seat ([#1480](https://github.com/cloudflare/cloudflare-go/issues/1480))
+- access_users: ListAccessUsers was returning wrong values in pointer fields due to variable missused in loop ([#1482](https://github.com/cloudflare/cloudflare-go/issues/1482))
+- flarectl: alias zone certs to "ct" instead of duplicating the "c" alias ([#1484](https://github.com/cloudflare/cloudflare-go/issues/1484))
+
+DEPENDENCIES:
+
+- deps: bumps actions/cache from 3 to 4 ([#1483](https://github.com/cloudflare/cloudflare-go/issues/1483))
+
+## 0.86.0 (January 17, 2024)
+
+ENHANCEMENTS:
+
+- access_application: Add support for default_relay_state in saas apps ([#1477](https://github.com/cloudflare/cloudflare-go/issues/1477))
+- zaraz: Add support for CRUD APIs ([#1474](https://github.com/cloudflare/cloudflare-go/issues/1474))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/cloudflare/circl from 1.3.3 to 1.3.7 ([#1475](https://github.com/cloudflare/cloudflare-go/issues/1475))
+- deps: bumps golang.org/x/net from 0.19.0 to 0.20.0 ([#1476](https://github.com/cloudflare/cloudflare-go/issues/1476))
+
+## 0.85.0 (January 3rd, 2024)
+
+DEPENDENCIES:
+
+- deps: bumps github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 ([#1470](https://github.com/cloudflare/cloudflare-go/issues/1470))
+- deps: bumps github.com/urfave/cli/v2 from 2.26.0 to 2.27.0 ([#1471](https://github.com/cloudflare/cloudflare-go/issues/1471))
+- deps: bumps github.com/urfave/cli/v2 from 2.27.0 to 2.27.1 ([#1472](https://github.com/cloudflare/cloudflare-go/issues/1472))
+
+## 0.84.0 (December 20th, 2023)
+
+ENHANCEMENTS:
+
+- access_group: Add support for email lists ([#1445](https://github.com/cloudflare/cloudflare-go/issues/1445))
+- device_posture_rules: add support for Access client fields in device posture integrations ([#1464](https://github.com/cloudflare/cloudflare-go/issues/1464))
+- page_shield: added support for page shield ([#1459](https://github.com/cloudflare/cloudflare-go/issues/1459))
+
+DEPENDENCIES:
+
+- deps: bumps actions/setup-go from 4 to 5 ([#1460](https://github.com/cloudflare/cloudflare-go/issues/1460))
+- deps: bumps github/codeql-action from 2 to 3 ([#1462](https://github.com/cloudflare/cloudflare-go/issues/1462))
+- deps: bumps golang.org/x/crypto from 0.14.0 to 0.17.0 ([#1466](https://github.com/cloudflare/cloudflare-go/issues/1466))
+
+## 0.83.0 (December 6th, 2023)
+
+ENHANCEMENTS:
+
+- cloudflare: Add ResultInfo to RawResponse ([#1453](https://github.com/cloudflare/cloudflare-go/issues/1453))
+- devices_policy: add fields for Opt-In Split Tunnel Overlapping IPs feature. ([#1454](https://github.com/cloudflare/cloudflare-go/issues/1454))
+- stream: Add ScheduledDeletion to StreamCreateVideoParameters ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
+- stream: Add ScheduledDeletion to StreamUploadFromURLParameters ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
+- stream: Add ScheduledDeletion to StreamVideo ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
+- stream: Add ScheduledDeletion to StreamVideoCreate ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
+- worker_bindings: Fixing form element name for d1 binding ([#1450](https://github.com/cloudflare/cloudflare-go/issues/1450))
+- worker_bindings: add support for `d1` bindings ([#1446](https://github.com/cloudflare/cloudflare-go/issues/1446))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 ([#1456](https://github.com/cloudflare/cloudflare-go/issues/1456))
+- deps: bumps golang.org/x/net from 0.18.0 to 0.19.0 ([#1452](https://github.com/cloudflare/cloudflare-go/issues/1452))
+- deps: bumps golang.org/x/time from 0.4.0 to 0.5.0 ([#1449](https://github.com/cloudflare/cloudflare-go/issues/1449))
+
+## 0.82.0 (November 22nd, 2023)
+
+ENHANCEMENTS:
+
+- ip_access_rules: Add ListIPAccessRules() to list IP Access Rules ([#1428](https://github.com/cloudflare/cloudflare-go/issues/1428))
+- load_balancing: add healthy field to LoadBalancerPool ([#1442](https://github.com/cloudflare/cloudflare-go/issues/1442))
+
+BUG FIXES:
+
+- load_balancing: Add support for virtual network id in origins ([#1441](https://github.com/cloudflare/cloudflare-go/issues/1441))
+- per_hostname_tls_setting: use `buildURI` for defining the query parameters when sorting ([#1440](https://github.com/cloudflare/cloudflare-go/issues/1440))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.5 ([#1438](https://github.com/cloudflare/cloudflare-go/issues/1438))
+- deps: bumps golang.org/x/net from 0.17.0 to 0.18.0 ([#1439](https://github.com/cloudflare/cloudflare-go/issues/1439))
+
+## 0.81.0 (November 8th, 2023)
+
+BREAKING CHANGES:
+
+- devices_policy: `CreateDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `DeleteDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `DeviceClientCertificates` is renamed to `DeviceClientCertificates` ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `GetDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `GetDeviceClientCertificatesZone` is renamed to `GetDeviceClientCertificates` with updated method signatures ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `GetDeviceClientCertificates` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `GetDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `UpdateDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `UpdateDeviceClientCertificatesZone` is renamed to `UpdateDeviceClientCertificates` with updated method signatures ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- devices_policy: `UpdateDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+
+ENHANCEMENTS:
+
+- access_seats: Add UpdateAccessUserSeat() to list IP Access Rules ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- access_user: Add GetAccessUserActiveSessions() to get all active sessions for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- access_user: Add GetAccessUserFailedLogins() to get all failed login attempts for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- access_user: Add GetAccessUserLastSeenIdentity() to get last seen identity for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- access_user: Add GetAccessUserSingleActiveSession() to get an active session for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- access_user: Add ListAccessUsers() to get a list of users for a Access/Zero-Trust account. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
+- devices_policy: Add support for listing device settings policies ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
+- teams_rules: Add support for resolver policies ([#1436](https://github.com/cloudflare/cloudflare-go/issues/1436))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/time from 0.3.0 to 0.4.0 ([#1434](https://github.com/cloudflare/cloudflare-go/issues/1434))
+
+## 0.80.0 (October 25th, 2023)
+
+BREAKING CHANGES:
+
+- teams: `BrowserIsolation.UrlBrowserIsolationEnabled` has changed from `bool` to `*bool` to meet the library conventions ([#1424](https://github.com/cloudflare/cloudflare-go/issues/1424))
+
+ENHANCEMENTS:
+
+- access_application: Add support for app launcher customization fields ([#1407](https://github.com/cloudflare/cloudflare-go/issues/1407))
+- api_shield_schema: Add support for Get/Update API Shield Operation Schema Validation Settings ([#1422](https://github.com/cloudflare/cloudflare-go/issues/1422))
+- api_shield_schema: Add support for Get/Update API Shield Schema Validation Settings ([#1418](https://github.com/cloudflare/cloudflare-go/issues/1418))
+- teams: Add support for body_scanning (Enhanced File Detection) in teams account configuration ([#1423](https://github.com/cloudflare/cloudflare-go/issues/1423))
+- load_balancing: extend documentation for least_connections steering policy ([#1414](https://github.com/cloudflare/cloudflare-go/issues/1414))
+- teams: Add `non_identity_enabled` boolean in browser isolation settings ([#1424](https://github.com/cloudflare/cloudflare-go/issues/1424))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.7.0 to 0.17.0 ([#1421](https://github.com/cloudflare/cloudflare-go/issues/1421))
+
+## 0.79.0 (October 11th, 2023)
+
+ENHANCEMENTS:
+
+- access_organization: Add support for session_duration ([#1415](https://github.com/cloudflare/cloudflare-go/issues/1415))
+- access_policy: Add support for session_duration ([#1415](https://github.com/cloudflare/cloudflare-go/issues/1415))
+
+ENHANCEMENTS:
+
+- api_shield_discovery: Add support for Get/Patch API Shield API Discovery Operations ([#1413](https://github.com/cloudflare/cloudflare-go/issues/1413))
+- api_shield_schema: Add support for managing schemas for API Shield Schema Validation 2.0 ([#1406](https://github.com/cloudflare/cloudflare-go/issues/1406))
+- d1: adds support for d1 ([#1417](https://github.com/cloudflare/cloudflare-go/issues/1417))
+- teams: Add `audit_ssh_settings` endpoints ([#1419](https://github.com/cloudflare/cloudflare-go/issues/1419))
+
+BUG FIXES:
+
+- custom_nameservers: change `NSSet` from string to int to match API response ([#1410](https://github.com/cloudflare/cloudflare-go/issues/1410))
+- observatory: fix double url encoding ([#1412](https://github.com/cloudflare/cloudflare-go/issues/1412))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.15.0 to 0.16.0 ([#1416](https://github.com/cloudflare/cloudflare-go/issues/1416))
+- deps: bumps golang.org/x/net from 0.16.0 to 0.17.0 ([#1420](https://github.com/cloudflare/cloudflare-go/issues/1420))
+
+## 0.78.0 (September 27th, 2023)
+
+BREAKING CHANGES:
+
+- account_role: `AccountRole` has been renamed to `GetAccountRole` to align with the updated method conventions ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
+- account_role: `AccountRoles` has been renamed to `ListAccountRoles` to align with the updated method conventions ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
+
+ENHANCEMENTS:
+
+- access_application: Add support for tags ([#1403](https://github.com/cloudflare/cloudflare-go/issues/1403))
+- access_tag: Add support for tags ([#1403](https://github.com/cloudflare/cloudflare-go/issues/1403))
+- list_item: allow filtering by search term, cursor and per page attributes ([#1409](https://github.com/cloudflare/cloudflare-go/issues/1409))
+- observatory: add support for observatory API ([#1401](https://github.com/cloudflare/cloudflare-go/issues/1401))
+
+BUG FIXES:
+
+- account_role: autopaginate all available results instead of a static number ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
+- semgrep: Improved IPv4 validation by implementing a new pattern to handle cases where non-IPv4 addresses were previously accepted. ([#1382](https://github.com/cloudflare/cloudflare-go/issues/1382))
+
+DEPENDENCIES:
+
+- deps: bumps codecov/codecov-action from 3 to 4 ([#1402](https://github.com/cloudflare/cloudflare-go/issues/1402))
+
+## 0.77.0 (September 13th, 2023)
+
+ENHANCEMENTS:
+
+- access_identity_provider: add support for email_claim_name and authorization_server_id ([#1390](https://github.com/cloudflare/cloudflare-go/issues/1390))
+- access_identity_provider: add support for ping_env_id ([#1391](https://github.com/cloudflare/cloudflare-go/issues/1391))
+- dcv_delegation: add GET for DCV Delegation UUID ([#1384](https://github.com/cloudflare/cloudflare-go/issues/1384))
+- streams: adds support to initiate tus upload ([#1359](https://github.com/cloudflare/cloudflare-go/issues/1359))
+- tunnel: add support for `include_prefix`, `exclude_prefix` in list operations ([#1385](https://github.com/cloudflare/cloudflare-go/issues/1385))
+
+BUG FIXES:
+
+- dns: keep comments when calling UpdateDNSRecord with zero values of UpdateDNSRecordParams ([#1393](https://github.com/cloudflare/cloudflare-go/issues/1393))
+
+DEPENDENCIES:
+
+- deps: bumps actions/checkout from 3 to 4 ([#1387](https://github.com/cloudflare/cloudflare-go/issues/1387))
+- deps: bumps golang.org/x/net from 0.14.0 to 0.15.0 ([#1389](https://github.com/cloudflare/cloudflare-go/issues/1389))
+- deps: bumps goreleaser/goreleaser-action from 4.4.0 to 4.6.0 ([#1388](https://github.com/cloudflare/cloudflare-go/issues/1388))
+- deps: bumps goreleaser/goreleaser-action from 4.6.0 to 5.0.0 ([#1396](https://github.com/cloudflare/cloudflare-go/issues/1396))
+
+## 0.76.0 (August 30th, 2023)
+
+BREAKING CHANGES:
+
+- images: Renamed Image struct "Metadata" field to "Meta" ([#1379](https://github.com/cloudflare/cloudflare-go/issues/1379))
+
+ENHANCEMENTS:
+
+- access_application: added custom_non_identity_deny_url ([#1373](https://github.com/cloudflare/cloudflare-go/issues/1373))
+- load_balancer_monitor: add support for `consecutive_up`, `consecutive_down` ([#1380](https://github.com/cloudflare/cloudflare-go/issues/1380))
+- workers: Add support for retrieving and uploading only script content. ([#1361](https://github.com/cloudflare/cloudflare-go/issues/1361))
+- workers: Add support for retrieving and uploading only script metadata. ([#1361](https://github.com/cloudflare/cloudflare-go/issues/1361))
+- workers: allow namespaced scripts to be used as Worker tail consumers ([#1377](https://github.com/cloudflare/cloudflare-go/issues/1377))
+
+BUG FIXES:
+
+- access_application: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+- access_ca_certificate: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+- access_group: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+- access_mutual_tls_certifcate: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+- access_policy: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+- images: Fix issue parsing Image Details from API due to incorrect struct json field ([#1379](https://github.com/cloudflare/cloudflare-go/issues/1379))
+- pagination: Will look at `total_count` and `per_page` to calculate `total_pages` if `total_pages` is zero ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
+
+## 0.75.0 (August 16th, 2023)
+
+BREAKING CHANGES:
+
+- cloudflare: `Raw` method now returns a RawResponse rather than the raw JSON `Result` message ([#1355](https://github.com/cloudflare/cloudflare-go/issues/1355))
+- rulesets: Rename `RulesetPhaseRateLimit` to `RulesetPhaseHTTPRatelimit`, to match the phase name ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+- rulesets: Rename `RulesetPhaseSuperBotFightMode` to `RulesetPhaseHTTPRequestSBFM`, to match the phase name ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+
+NOTES:
+
+- rulesets: Remove non-existent `allow` action ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+- rulesets: Remove non-existent `http_request_main` phase ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+- rulesets: Remove non-public `http_response_headers_transform_managed` and `http_request_late_transform_managed` phases ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+
+ENHANCEMENTS:
+
+- access_group: add auth_context group ruletype ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
+- access_identity_provider: add attr conditional_access_enabled ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
+- access_identity_provider: add auth context list/put endpoint ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
+- access_service_token: add support for managing `Duration` ([#1347](https://github.com/cloudflare/cloudflare-go/issues/1347))
+- bot_management: add support for bot_management API ([#1363](https://github.com/cloudflare/cloudflare-go/issues/1363))
+- cloudflare: swap `encoding/json` for `github.com/goccy/go-json` ([#1360](https://github.com/cloudflare/cloudflare-go/issues/1360))
+- device_posture_rule: support eid_last_seen and risk_level and correct total_score for Tanium posture rule ([#1366](https://github.com/cloudflare/cloudflare-go/issues/1366))
+- per_hostname_tls_settings: add support for managing hostname level TLS settings ([#1356](https://github.com/cloudflare/cloudflare-go/issues/1356))
+- rulesets: Add the `ddos_mitigation` action ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
+- waiting_room: add support for `queueing_status_code` ([#1357](https://github.com/cloudflare/cloudflare-go/issues/1357))
+- web_analytics: add support for web_analytics API ([#1348](https://github.com/cloudflare/cloudflare-go/issues/1348))
+- workers: add support for tagging Worker scripts ([#1368](https://github.com/cloudflare/cloudflare-go/issues/1368))
+- zone_hold: add support for zone hold API ([#1365](https://github.com/cloudflare/cloudflare-go/issues/1365))
+
+BUG FIXES:
+
+- cache_purge: don't escape HTML entity values in URLs for cache keys ([#1360](https://github.com/cloudflare/cloudflare-go/issues/1360))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.12.0 to 0.13.0 ([#1353](https://github.com/cloudflare/cloudflare-go/issues/1353))
+- deps: bumps golang.org/x/net from 0.13.0 to 0.14.0 ([#1362](https://github.com/cloudflare/cloudflare-go/issues/1362))
+- deps: bumps goreleaser/goreleaser-action from 4.3.0 to 4.4.0 ([#1369](https://github.com/cloudflare/cloudflare-go/issues/1369))
+
+## 0.74.0 (August 2nd, 2023)
+
+ENHANCEMENTS:
+
+- access_application: Add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
+- access_custom_page: Add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
+- access_organization: add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
+- rulesets: Remove internal-only schema kind ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
+- rulesets: Remove some request parameters that are not allowed or have no effect ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
+- rulesets: Update API reference links ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
+- teams-accounts: Adds support for protocol detection ([#1340](https://github.com/cloudflare/cloudflare-go/issues/1340))
+- workers: Add `pipeline_hash` field to Workers script response struct. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
+- workers: Add support for declaring arbitrary bindings with UnsafeBinding. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
+- workers: Add support for uploading scripts to a Workers for Platforms namespace. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
+- workers: Add support for uploading workers with Workers for Platforms namespace bindings. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
+
+BUG FIXES:
+
+- flarectl: allow for create or update to actually create the record ([#1341](https://github.com/cloudflare/cloudflare-go/issues/1341))
+- load_balancing: Fix pool creation with MinimumOrigins set to 0 ([#1338](https://github.com/cloudflare/cloudflare-go/issues/1338))
+- workers: Fix namespace dispatch upload API path ([#1345](https://github.com/cloudflare/cloudflare-go/issues/1345))
+
+## 0.73.0 (July 19th, 2023)
+
+BREAKING CHANGES:
+
+- pages_deployment: add support for auto pagination ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
+- pages_deployment: change DeletePagesDeploymentParams to contain all parameters ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
+- pages_project: change to use ResourceContainer for account ID ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
+- pages_project: rename PagesProject to GetPagesProject ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
+- rulesets: `CreateAccountRuleset` is removed in favour of `CreateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `CreateZoneRuleset` is removed in favour of `CreateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `DeleteAccountRuleset` is removed in favour of `DeleteRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `DeleteZoneRuleset` is removed in favour of `DeleteRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `GetAccountRulesetPhase` is removed in favour of `GetEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `GetAccountRuleset` is removed in favour of `GetRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `GetZoneRulesetPhase` is removed in favour of `GetEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `GetZoneRuleset` is removed in favour of `GetRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `UpdateAccountRulesetPhase` is removed in favour of `UpdateEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `UpdateAccountRuleset` is removed in favour of `UpdateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `UpdateZoneRulesetPhase` is removed in favour of `UpdateEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+- rulesets: `UpdateZoneRuleset` is removed in favour of `UpdateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
+
+ENHANCEMENTS:
+
+- device_posture_rule: support active_threats, network_status, infected, and is_active for sentinelone_s2s posture rule ([#1339](https://github.com/cloudflare/cloudflare-go/issues/1339))
+- device_posture_rule: support certificate_id and cn for client_certificate posture rule ([#1339](https://github.com/cloudflare/cloudflare-go/issues/1339))
+- images: adds ability to upload image by url ([#1335](https://github.com/cloudflare/cloudflare-go/issues/1335))
+- load_balancing: support header session affinity policy ([#1302](https://github.com/cloudflare/cloudflare-go/issues/1302))
+- zone: Added `GetRegionalTieredCache` and `UpdateRegionalTieredCache` to allow setting Regional Tiered Cache for a zone. ([#1336](https://github.com/cloudflare/cloudflare-go/issues/1336))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.11.0 to 0.12.0 ([#1328](https://github.com/cloudflare/cloudflare-go/issues/1328))
+
+## 0.72.0 (July 5th, 2023)
+
+BREAKING CHANGES:
+
+- logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+- logpush: all methods are updated to use the newer client conventions for method signatures ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
+
+ENHANCEMENTS:
+
+- resource_container: expose `Type` on `*ResourceContainer` to explicitly denote what type of resource it is instead of inferring from `Level`. ([#1325](https://github.com/cloudflare/cloudflare-go/issues/1325))
+
+## 0.71.0 (July 5th, 2023)
+
+BREAKING CHANGES:
+
+- access_application: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_ca_certificate: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_group: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_identity_provider: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_mutual_tls_certificates: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_organization: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_policy: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_service_tokens: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_user_token: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- images: renamed `BaseImage` to `GetBaseImage` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: renamed `ImageDetails` to `GetImage` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: renamed `ImagesStats` to `GetImagesStats` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: updated method signatures of `DeleteImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: updated method signatures of `ListImages` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: updated method signatures of `UpdateImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- images: updated method signatures of `UploadImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+
+ENHANCEMENTS:
+
+- access_application: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_ca_certificate: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_group: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_identity_provider: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_mutual_tls_certificates: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- access_policy: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
+- device_posture_rule: support os_version_extra ([#1316](https://github.com/cloudflare/cloudflare-go/issues/1316))
+- images: adds support for v2 when uploading images directly ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
+- workers: Add ability to specify tail Workers in script metadata ([#1317](https://github.com/cloudflare/cloudflare-go/issues/1317))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.5.1 to 1.6.0 ([#1320](https://github.com/cloudflare/cloudflare-go/issues/1320))
+
+## 0.70.0 (June 21st, 2023)
+
+BREAKING CHANGES:
+
+- cloudflare: remove `UsingAccount` in favour of resource specific attributes ([#1315](https://github.com/cloudflare/cloudflare-go/issues/1315))
+- cloudflare: remove `api.AccountID` from client struct ([#1315](https://github.com/cloudflare/cloudflare-go/issues/1315))
+- dns_firewall: modernise method signatures and conventions to align with the experimental client ([#1313](https://github.com/cloudflare/cloudflare-go/issues/1313))
+- railgun: remove support for railgun ([#1312](https://github.com/cloudflare/cloudflare-go/issues/1312))
+- tunnel: swap `ConnectTimeout`, `TLSTimeout`, `TCPKeepAlive` and `KeepAliveTimeout` to `TunnelDuration` instead of `time.Duration` ([#1303](https://github.com/cloudflare/cloudflare-go/issues/1303))
+- virtualdns: remove support in favour of newer DNS firewall methods ([#1313](https://github.com/cloudflare/cloudflare-go/issues/1313))
+
+ENHANCEMENTS:
+
+- custom_nameservers: add support for managing custom nameservers ([#1304](https://github.com/cloudflare/cloudflare-go/issues/1304))
+- load_balancing: extend documentation for least_outstanding_requests steering policy ([#1293](https://github.com/cloudflare/cloudflare-go/issues/1293))
+- waiting_room: add support for `additional_routes` and `cookie_suffix` ([#1311](https://github.com/cloudflare/cloudflare-go/issues/1311))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.3 to 0.7.4 ([#1301](https://github.com/cloudflare/cloudflare-go/issues/1301))
+- deps: bumps github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 ([#1305](https://github.com/cloudflare/cloudflare-go/issues/1305))
+- deps: bumps github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 ([#1314](https://github.com/cloudflare/cloudflare-go/issues/1314))
+- deps: bumps golang.org/x/net from 0.10.0 to 0.11.0 ([#1307](https://github.com/cloudflare/cloudflare-go/issues/1307))
+- deps: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0 ([#1306](https://github.com/cloudflare/cloudflare-go/issues/1306))
+
+## 0.69.0 (June 7th, 2023)
+
+BREAKING CHANGES:
+
+- stream: StreamVideo.Duration has changed from int to float64. ([#1190](https://github.com/cloudflare/cloudflare-go/issues/1190))
+
+ENHANCEMENTS:
+
+- access: Added `self_hosted_domains` support to access applications ([#1281](https://github.com/cloudflare/cloudflare-go/issues/1281))
+- custom_hostname: add support for `bundle_method` TLS configuration ([#1298](https://github.com/cloudflare/cloudflare-go/issues/1298))
+- devices_policy: Add missing description field to policy ([#1294](https://github.com/cloudflare/cloudflare-go/issues/1294))
+- stream: added metadata support ([#1088](https://github.com/cloudflare/cloudflare-go/issues/1088))
+
+BUG FIXES:
+
+- email_routing_destination: return encountered error, not `ErrMissingAccountID` all the time ([#1297](https://github.com/cloudflare/cloudflare-go/issues/1297))
+- stream: Fix a bug that cannot unmarshal video duration number. ([#1190](https://github.com/cloudflare/cloudflare-go/issues/1190))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1 ([#1292](https://github.com/cloudflare/cloudflare-go/issues/1292))
+- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.3 ([#1300](https://github.com/cloudflare/cloudflare-go/issues/1300))
+- deps: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4 ([#1296](https://github.com/cloudflare/cloudflare-go/issues/1296))
+- deps: bumps github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 ([#1295](https://github.com/cloudflare/cloudflare-go/issues/1295))
+
+## 0.68.0 (May 24th, 2023)
+
+BREAKING CHANGES:
+
+- r2_bucket: change creation time from string to \*time.Time ([#1265](https://github.com/cloudflare/cloudflare-go/issues/1265))
+
+ENHANCEMENTS:
+
+- adds OriginRequest field to UnvalidatedIngressRule struct. ([#1138](https://github.com/cloudflare/cloudflare-go/issues/1138))
+- lists: add support for hostname and ASN lists. ([#1288](https://github.com/cloudflare/cloudflare-go/issues/1288))
+- pages: add support for Smart Placement. Added `Placement` in `PagesProjectDeploymentConfigEnvironment`. ([#1279](https://github.com/cloudflare/cloudflare-go/issues/1279))
+- r2_bucket: add support for getting a bucket ([#1265](https://github.com/cloudflare/cloudflare-go/issues/1265))
+- tunnels: add support for `access` and `http2Origin` keys ([#1291](https://github.com/cloudflare/cloudflare-go/issues/1291))
+- workers: add support for Smart Placement. Added `Placement` in `CreateWorkerParams`. ([#1279](https://github.com/cloudflare/cloudflare-go/issues/1279))
+- zone: Added `GetCacheReserve` and `UpdateacheReserve` to allow setting Cache Reserve for a zone. ([#1278](https://github.com/cloudflare/cloudflare-go/issues/1278))
+
+BUG FIXES:
+
+- dns: fix MX record priority not set by UpdateDNSRecord ([#1290](https://github.com/cloudflare/cloudflare-go/issues/1290))
+- flarectl/dns: ensure MX priority value is dereferenced ([#1289](https://github.com/cloudflare/cloudflare-go/issues/1289))
+- turnstile: remove `SiteKey` being sent in rotate secret's request body ([#1285](https://github.com/cloudflare/cloudflare-go/issues/1285))
+- turnstile: remove `SiteKey`/`Secret` being sent in update request body ([#1284](https://github.com/cloudflare/cloudflare-go/issues/1284))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0 ([#1287](https://github.com/cloudflare/cloudflare-go/issues/1287))
+- deps: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3 ([#1286](https://github.com/cloudflare/cloudflare-go/issues/1286))
+
+## 0.67.0 (May 10th, 2023)
+
+NOTES:
+
+- dns_firewall: The `OriginIPs` field has been renamed to `UpstreamIPs`. ([#1246](https://github.com/cloudflare/cloudflare-go/issues/1246))
+
+ENHANCEMENTS:
+
+- device_posture_rule: add input fields tanium, intune and kolide ([#1268](https://github.com/cloudflare/cloudflare-go/issues/1268))
+- waiting_room: add support for zone-level settings ([#1276](https://github.com/cloudflare/cloudflare-go/issues/1276))
+
+BUG FIXES:
+
+- rulesets: allow `PreserveQueryString` to be nullable ([#1275](https://github.com/cloudflare/cloudflare-go/issues/1275))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.25.1 to 2.25.3 ([#1274](https://github.com/cloudflare/cloudflare-go/issues/1274))
+- deps: bumps golang.org/x/net from 0.9.0 to 0.10.0 ([#1280](https://github.com/cloudflare/cloudflare-go/issues/1280))
+
+## 0.66.0 (26th April, 2023)
+
+ENHANCEMENTS:
+
+- access_application: Add `path_cookie_attribute` app setting ([#1223](https://github.com/cloudflare/cloudflare-go/issues/1223))
+- certificate_packs: add `Status` field to indicate the status of certificate pack ([#1271](https://github.com/cloudflare/cloudflare-go/issues/1271))
+- data localization: add support for regional hostnames API ([#1270](https://github.com/cloudflare/cloudflare-go/issues/1270))
+- dns: add support for importing and exporting DNS records using BIND file configurations ([#1266](https://github.com/cloudflare/cloudflare-go/issues/1266))
+- logpush: add support for max upload parameters ([#1272](https://github.com/cloudflare/cloudflare-go/issues/1272))
+- turnstile: add support for turnstile ([#1267](https://github.com/cloudflare/cloudflare-go/issues/1267))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0 ([#1269](https://github.com/cloudflare/cloudflare-go/issues/1269))
+
+## 0.65.0 (12th April, 2023)
+
+ENHANCEMENTS:
+
+- access: Add `auto_redirect_to_identity` flag to Access organizations ([#1260](https://github.com/cloudflare/cloudflare-go/issues/1260))
+- access: Add `isolation_required` flag to Access policies ([#1258](https://github.com/cloudflare/cloudflare-go/issues/1258))
+- rulesets: add support for add operation to HTTP header configuration ([#1253](https://github.com/cloudflare/cloudflare-go/issues/1253))
+- rulesets: add support for the `compress_response` action ([#1261](https://github.com/cloudflare/cloudflare-go/issues/1261))
+- rulesets: add support for the `http_response_compression` phase ([#1261](https://github.com/cloudflare/cloudflare-go/issues/1261))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/net from 0.8.0 to 0.9.0 ([#1263](https://github.com/cloudflare/cloudflare-go/issues/1263))
+
+## 0.64.0 (29th March, 2023)
+
+BREAKING CHANGES:
+
+- dns: Changed Create/UpdateDNSRecord method signatures to return (DNSRecord, error) ([#1243](https://github.com/cloudflare/cloudflare-go/issues/1243))
+- zone: `UpdateZoneSingleSetting` has been renamed to `UpdateZoneSetting` and updated method signature inline with our expected conventions ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
+- zone: `ZoneSingleSetting` has been renamed to `GetZoneSetting` and updated method signature inline with our expected conventions ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
+
+ENHANCEMENTS:
+
+- access_identity_provider: add `claims` and `scopes` fields ([#1237](https://github.com/cloudflare/cloudflare-go/issues/1237))
+- access_identity_provider: add scim_config field ([#1178](https://github.com/cloudflare/cloudflare-go/issues/1178))
+- devices_policy: update `Mode` field to use new `ServiceMode` string type with explicit const service mode values ([#1249](https://github.com/cloudflare/cloudflare-go/issues/1249))
+- ssl: make `GeoRestrictions` a pointer inside of ZoneCustomSSL ([#1244](https://github.com/cloudflare/cloudflare-go/issues/1244))
+- zone: `GetZoneSetting` and `UpdateZoneSetting` now allow configuring the path for where a setting resides instead of assuming `settings` ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
+
+BUG FIXES:
+
+- teams_rules: `AllowChildBypass` changes from a `bool` to `*bool` ([#1242](https://github.com/cloudflare/cloudflare-go/issues/1242))
+- teams_rules: `BypassParentRule` changes from a `bool` to `*bool` ([#1242](https://github.com/cloudflare/cloudflare-go/issues/1242))
+- tunnel: Fix 'CreateTunnel' for tunnels using config_src ([#1238](https://github.com/cloudflare/cloudflare-go/issues/1238))
+
+DEPENDENCIES:
+
+- deps: bumps actions/setup-go from 3 to 4 ([#1236](https://github.com/cloudflare/cloudflare-go/issues/1236))
+- deps: bumps github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 ([#1250](https://github.com/cloudflare/cloudflare-go/issues/1250))
+
+## 0.63.0 (15th March, 2023)
+
+BREAKING CHANGES:
+
+- tunnel: renamed `Tunnel` to `GetTunnel` ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
+- tunnel: renamed `Tunnels` to `ListTunnels` ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
+
+ENHANCEMENTS:
+
+- access_organization: add ui_read_only_toggle_reason field ([#1181](https://github.com/cloudflare/cloudflare-go/issues/1181))
+- added audit_ssh to gateway actions, updated gateway rule settings ([#1226](https://github.com/cloudflare/cloudflare-go/issues/1226))
+- addressing: Add `Address Map` support ([#1232](https://github.com/cloudflare/cloudflare-go/issues/1232))
+- teams_account: add support for `check_disks` ([#1197](https://github.com/cloudflare/cloudflare-go/issues/1197))
+- tunnel: updated parameters to latest API docs ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 ([#1229](https://github.com/cloudflare/cloudflare-go/issues/1229))
+- deps: bumps golang.org/x/net from 0.7.0 to 0.8.0 ([#1228](https://github.com/cloudflare/cloudflare-go/issues/1228))
+
+## 0.62.0 (1st March, 2023)
+
+ENHANCEMENTS:
+
+- dex_test: add CRUD functionality for DEX test configurations ([#1209](https://github.com/cloudflare/cloudflare-go/issues/1209))
+- dlp: Adds support for partial payload logging ([#1212](https://github.com/cloudflare/cloudflare-go/issues/1212))
+- teams_accounts: Add new root_certificate_installation_enabled field ([#1208](https://github.com/cloudflare/cloudflare-go/issues/1208))
+- teams_rules: Add `untrusted_cert` rule setting ([#1214](https://github.com/cloudflare/cloudflare-go/issues/1214))
+- tunnels: automatically paginate `ListTunnels` ([#1206](https://github.com/cloudflare/cloudflare-go/issues/1206))
+
+BUG FIXES:
+
+- dex_test: use dex test types and json struct mappings instead of managed networks ([#1213](https://github.com/cloudflare/cloudflare-go/issues/1213))
+- dns: dont reuse DNSListResponse when using pagination to avoid Proxied pointer overwrite ([#1222](https://github.com/cloudflare/cloudflare-go/issues/1222))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 ([#1220](https://github.com/cloudflare/cloudflare-go/issues/1220))
+- deps: bumps github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 ([#1210](https://github.com/cloudflare/cloudflare-go/issues/1210))
+- deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1218](https://github.com/cloudflare/cloudflare-go/issues/1218))
+- deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1219](https://github.com/cloudflare/cloudflare-go/issues/1219))
+- deps: bumps golang.org/x/text from 0.3.7 to 0.3.8 ([#1215](https://github.com/cloudflare/cloudflare-go/issues/1215))
+- deps: bumps golang.org/x/text from 0.3.7 to 0.3.8 ([#1216](https://github.com/cloudflare/cloudflare-go/issues/1216))
+- deps: bumps golang.org/x/time from 0.0.0-20220224211638-0e9765cccd65 to 0.3.0 ([#1217](https://github.com/cloudflare/cloudflare-go/issues/1217))
+
+## 0.61.0 (15th February, 2023)
+
+ENHANCEMENTS:
+
+- cloudflare: make it clearer when we hit a server error and to retry later ([#1207](https://github.com/cloudflare/cloudflare-go/issues/1207))
+- devices_policy: Add new exclude_office_ips field to policy ([#1205](https://github.com/cloudflare/cloudflare-go/issues/1205))
+- dlp_profile: Use int rather than uint for allowed_match_count field ([#1200](https://github.com/cloudflare/cloudflare-go/issues/1200))
+
+BUG FIXES:
+
+- dns: always send `tags` to allow clearing ([#1196](https://github.com/cloudflare/cloudflare-go/issues/1196))
+- stream: renamed `RequiredSignedURLs` to `RequireSignedURLs` ([#1202](https://github.com/cloudflare/cloudflare-go/issues/1202))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 ([#1199](https://github.com/cloudflare/cloudflare-go/issues/1199))
+
+## 0.60.0 (1st February, 2023)
+
+BREAKING CHANGES:
+
+- queues: UpdateQueue has been updated to match the API and now correctly updates a Queue's name ([#1188](https://github.com/cloudflare/cloudflare-go/issues/1188))
+
+ENHANCEMENTS:
+
+- dlp_profile: Add new allowed_match_count field to profiles ([#1193](https://github.com/cloudflare/cloudflare-go/issues/1193))
+- dns: allow sending empty strings to remove comments ([#1195](https://github.com/cloudflare/cloudflare-go/issues/1195))
+- magic_transit_ipsec_tunnel: makes customer endpoint an optional field for ipsec tunnel creation ([#1185](https://github.com/cloudflare/cloudflare-go/issues/1185))
+- rulesets: add support for `score_per_period` and `score_response_header_name` ([#1183](https://github.com/cloudflare/cloudflare-go/issues/1183))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6 ([#1184](https://github.com/cloudflare/cloudflare-go/issues/1184))
+- deps: bumps github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 ([#1180](https://github.com/cloudflare/cloudflare-go/issues/1180))
+- deps: bumps github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 ([#1191](https://github.com/cloudflare/cloudflare-go/issues/1191))
+- deps: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0 ([#1192](https://github.com/cloudflare/cloudflare-go/issues/1192))
+
+## 0.59.0 (January 18th, 2023)
+
+BREAKING CHANGES:
+
+- dns: remove these read-only fields from `UpdateDNSRecordParams`: `CreatedOn`, `ModifiedOn`, `Meta`, `ZoneID`, `ZoneName`, `Proxiable`, and `Locked` ([#1170](https://github.com/cloudflare/cloudflare-go/issues/1170))
+- dns: the fields `CreatedOn` and `ModifiedOn` are removed from `ListDNSRecordsParams` ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
+
+NOTES:
+
+- dns: remove additional lookup from `Update` operations when `Name` or `Type` was omitted ([#1170](https://github.com/cloudflare/cloudflare-go/issues/1170))
+
+ENHANCEMENTS:
+
+- access_organization: add user_seat_expiration_inactive_time field ([#1159](https://github.com/cloudflare/cloudflare-go/issues/1159))
+- dns: `GetDNSRecord`, `UpdateDNSRecord` and `DeleteDNSRecord` now return the new, dedicated error `ErrMissingDNSRecordID` when an empty DNS record ID is given. ([#1174](https://github.com/cloudflare/cloudflare-go/issues/1174))
+- dns: the URL parameter `tag-match` for listing DNS records is now supported as the field `TagMatch` in `ListDNSRecordsParams` ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
+- dns: update default `per_page` attribute to 100 records ([#1171](https://github.com/cloudflare/cloudflare-go/issues/1171))
+- teams_rules: adds support for Egress Policies ([#1142](https://github.com/cloudflare/cloudflare-go/issues/1142))
+- workers: Add support for compatibility_date and compatibility_flags when upoading a worker script ([#1177](https://github.com/cloudflare/cloudflare-go/issues/1177))
+- workers: script upload now supports Queues bindings ([#1176](https://github.com/cloudflare/cloudflare-go/issues/1176))
+
+BUG FIXES:
+
+- dns: don't send "priority" for list operations as it isn't supported and is only used for internal filtering ([#1167](https://github.com/cloudflare/cloudflare-go/issues/1167))
+- dns: the field `Tags` in `ListDNSRecordsParams` was not correctly serialized into URL queries ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
+- managednetworks: Update should be PUT ([#1172](https://github.com/cloudflare/cloudflare-go/issues/1172))
+
+## 0.58.1 (January 5th, 2023)
+
+ENHANCEMENTS:
+
+- cloudflare: automatically redact sensitive values from HTTP interactions ([#1164](https://github.com/cloudflare/cloudflare-go/issues/1164))
+
+## 0.58.0 (January 4th, 2023)
+
+BREAKING CHANGES:
+
+- dns: `DNSRecord` has been renamed to `GetDNSRecord` ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
+- dns: `DNSRecords` has been renamed to `ListDNSRecords` ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
+- dns: method signatures have been updated to align with the upcoming client conventions ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
+- origin_ca: renamed to `CreateOriginCertificate` to `CreateOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+- origin_ca: renamed to `OriginCARootCertificate` to `GetOriginCARootCertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+- origin_ca: renamed to `OriginCertificate` to `GetOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+- origin_ca: renamed to `OriginCertificates` to `ListOriginCACertificates` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+- origin_ca: renamed to `RevokeOriginCertificate` to `RevokeOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+
+ENHANCEMENTS:
+
+- dns: add support for tags and comments ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
+- mtls_certificate: add support for managing mTLS certificates and assocations ([#1150](https://github.com/cloudflare/cloudflare-go/issues/1150))
+- origin_ca: add support for using API keys, API tokens or API User service keys for interacting with Origin CA endpoints ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
+- workers: Add support for workers logpush enablement on script upload ([#1160](https://github.com/cloudflare/cloudflare-go/issues/1160))
+
+BUG FIXES:
+
+- email_routing_destination: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- email_routing_rules: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- filter: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- firewall_rules: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- lockdown: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- queue: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- teams_list: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+- workers_kv: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 ([#1162](https://github.com/cloudflare/cloudflare-go/issues/1162))
+
+## 0.57.1 (December 23rd, 2022)
+
+ENHANCEMENTS:
+
+- tiered_cache: Add support for Tiered Caching interactions for setting Smart and Generic topologies ([#1149](https://github.com/cloudflare/cloudflare-go/issues/1149))
+
+BUG FIXES:
+
+- workers: correctly set `body` value for non-ES module uploads ([#1155](https://github.com/cloudflare/cloudflare-go/issues/1155))
+
+## 0.57.0 (December 22nd, 2022)
+
+BREAKING CHANGES:
+
+- workers: API operations now target account level resources instead of older zone level resources (these are a 1:1 now) ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_bindings: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_cron_triggers: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_kv: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_routes: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_secrets: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers_tails: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+
+NOTES:
+
+- workers: all worker methods have been split into product ownership(-ish) files ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+- workers: all worker methods now require an explicit `ResourceContainer` for endpoints instead of relying on the globally defined `api.AccountID` ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
+
+ENHANCEMENTS:
+
+- managed_networks: add CRUD functionality for managednetworks ([#1148](https://github.com/cloudflare/cloudflare-go/issues/1148))
+
+DEPENDENCIES:
+
+- deps: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0 ([#1146](https://github.com/cloudflare/cloudflare-go/issues/1146))
+
+## 0.56.0 (December 5th, 2022)
+
+BREAKING CHANGES:
+
+- pages: Changed the type of EnvVars in PagesProjectDeploymentConfigEnvironment & PagesProjectDeployment in order to properly support secrets. ([#1136](https://github.com/cloudflare/cloudflare-go/issues/1136))
+
+NOTES:
+
+- pages: removed the v1 logs endpoint for Pages deployments. Please switch to v2: https://developers.cloudflare.com/api/operations/pages-deployment-get-deployment-logs ([#1135](https://github.com/cloudflare/cloudflare-go/issues/1135))
+
+ENHANCEMENTS:
+
+- cache_rules: add ignore option to query string struct ([#1140](https://github.com/cloudflare/cloudflare-go/issues/1140))
+- pages: Updates bindings and other Functions related propreties. Service bindings, secrets, fail open/close and usage model are all now supported. ([#1136](https://github.com/cloudflare/cloudflare-go/issues/1136))
+- workers: Support for Workers Analytics Engine bindings ([#1133](https://github.com/cloudflare/cloudflare-go/issues/1133))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.23.5 to 2.23.6 ([#1139](https://github.com/cloudflare/cloudflare-go/issues/1139))
+
+## 0.55.0 (November 23th, 2022)
+
+BREAKING CHANGES:
+
+- workers_kv: `CreateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `DeleteWorkersKVBulk` has been renamed to `DeleteWorkersKVEntries`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `DeleteWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `DeleteWorkersKV` has been renamed to `DeleteWorkersKVEntry`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `ListWorkersKVNamespaces` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `ListWorkersKVsWithOptions` has been removed. Use `ListWorkersKVKeys` instead and pass in the options. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `ListWorkersKVs` has been renamed to `ListWorkersKVKeys`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `ReadWorkersKV` has been renamed to `GetWorkersKV`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `UpdateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `WriteWorkersKVBulk` has been renamed to `WriteWorkersKVEntries`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+- workers_kv: `WriteWorkersKV` has been renamed to `WriteWorkersKVEntry`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+
+ENHANCEMENTS:
+
+- device_posture_rule: add input fields crowdstrike ([#1126](https://github.com/cloudflare/cloudflare-go/issues/1126))
+- queue: add support queue API ([#1131](https://github.com/cloudflare/cloudflare-go/issues/1131))
+- r2: Add support for listing R2 buckets ([#1063](https://github.com/cloudflare/cloudflare-go/issues/1063))
+- workers_domain: add support for workers domain API ([#1130](https://github.com/cloudflare/cloudflare-go/issues/1130))
+- workers_kv: `ListWorkersKVNamespaces` automatically paginates all results unless `PerPage` is defined. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.23.4 to 2.23.5 ([#1127](https://github.com/cloudflare/cloudflare-go/issues/1127))
+
+## 0.54.0 (November 9th, 2022)
+
+ENHANCEMENTS:
+
+- access: add support for service token rotation ([#1120](https://github.com/cloudflare/cloudflare-go/issues/1120))
+- deps: fix import grouping, code formatting and enable goimports linter ([#1121](https://github.com/cloudflare/cloudflare-go/issues/1121))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5 ([#1123](https://github.com/cloudflare/cloudflare-go/issues/1123))
+- deps: bumps github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 ([#1122](https://github.com/cloudflare/cloudflare-go/issues/1122))
+- deps: bumps github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 ([#1124](https://github.com/cloudflare/cloudflare-go/issues/1124))
+- deps: bumps github.com/urfave/cli/v2 from 2.23.2 to 2.23.4 ([#1125](https://github.com/cloudflare/cloudflare-go/issues/1125))
+
+## 0.53.0 (October 26th, 2022)
+
+BREAKING CHANGES:
+
+- account_member: `CreateAccountMember` has been updated to accept a `CreateAccountMemberParams` struct instead of multiple parameters ([#1095](https://github.com/cloudflare/cloudflare-go/issues/1095))
+- teams_list: updated methods to match the experimental client format ([#1114](https://github.com/cloudflare/cloudflare-go/issues/1114))
+
+ENHANCEMENTS:
+
+- account_member: add support for domain scoped roles ([#1095](https://github.com/cloudflare/cloudflare-go/issues/1095))
+- cloudflare: expose `Messages` from the `Response` object ([#1106](https://github.com/cloudflare/cloudflare-go/issues/1106))
+- dlp: Adds support for DLP resources ([#1111](https://github.com/cloudflare/cloudflare-go/issues/1111))
+- teams_list: `List` operations now automatically paginate ([#1114](https://github.com/cloudflare/cloudflare-go/issues/1114))
+- total_tls: adds support for TotalTLS ([#1105](https://github.com/cloudflare/cloudflare-go/issues/1105))
+- waiting_room: add support for waiting room rules ([#1102](https://github.com/cloudflare/cloudflare-go/issues/1102))
+
+DEPENDENCIES:
+
+- deps: `ioutil` package is being deprecated in favor of `io` ([#1116](https://github.com/cloudflare/cloudflare-go/issues/1116))
+- deps: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1 ([#1119](https://github.com/cloudflare/cloudflare-go/issues/1119))
+- deps: bumps github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 ([#1108](https://github.com/cloudflare/cloudflare-go/issues/1108))
+- deps: bumps github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 ([#1118](https://github.com/cloudflare/cloudflare-go/issues/1118))
+- deps: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0 ([#1112](https://github.com/cloudflare/cloudflare-go/issues/1112))
+- deps: remove `github.com/pkg/errors` in favor of `errors` ([#1117](https://github.com/cloudflare/cloudflare-go/issues/1117))
+
+## 0.52.0 (October 12th, 2022)
+
+ENHANCEMENTS:
+
+- access: add UI read-only field to organizations ([#1104](https://github.com/cloudflare/cloudflare-go/issues/1104))
+- devices_policy: Add support for additional device settings policies ([#1090](https://github.com/cloudflare/cloudflare-go/issues/1090))
+- rulesets: add support for `sensitivity_level` to override all rule sensitivity ([#1093](https://github.com/cloudflare/cloudflare-go/issues/1093))
+
+DEPENDENCIES:
+
+- deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4 ([#1097](https://github.com/cloudflare/cloudflare-go/issues/1097))
+- deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 ([#1094](https://github.com/cloudflare/cloudflare-go/issues/1094))
+- deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 ([#1103](https://github.com/cloudflare/cloudflare-go/issues/1103))
+
+## 0.51.0 (September 28th, 2022)
+
+BREAKING CHANGES:
+
+- load_balancing: update method signatures to match experimental conventions ([#1084](https://github.com/cloudflare/cloudflare-go/issues/1084))
+
+ENHANCEMENTS:
+
+- device_posture_rule: add input fields for linux OS ([#1087](https://github.com/cloudflare/cloudflare-go/issues/1087))
+- load_balancing: support adaptive_routing and location_strategy ([#1091](https://github.com/cloudflare/cloudflare-go/issues/1091))
+
+BUG FIXES:
+
+- user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one ([#1089](https://github.com/cloudflare/cloudflare-go/issues/1089))
+
+## 0.50.0 (September 14, 2022)
+
+ENHANCEMENTS:
+
+- auditlogs: add support for hide_user_logs filter parameter ([#1075](https://github.com/cloudflare/cloudflare-go/issues/1075))
+
+BUG FIXES:
+
+- cloudflare: exiting closer to the source on context timeouts to improve error messaging and better defend from potential edge cases ([#1080](https://github.com/cloudflare/cloudflare-go/issues/1080))
+- origin certificate: Fix API auth type used ([#1082](https://github.com/cloudflare/cloudflare-go/issues/1082))
+
+DEPENDENCIES:
+
+- deps: bumps github.com/urfave/cli/v2 from 2.11.2 to 2.14.0 ([#1077](https://github.com/cloudflare/cloudflare-go/issues/1077))
+- deps: bumps github.com/urfave/cli/v2 from 2.14.0 to 2.14.1 ([#1081](https://github.com/cloudflare/cloudflare-go/issues/1081))
+- deps: bumps github.com/urfave/cli/v2 from 2.14.1 to 2.15.0 ([#1085](https://github.com/cloudflare/cloudflare-go/issues/1085))
+- deps: bumps github.com/urfave/cli/v2 from 2.15.0 to 2.16.3 ([#1086](https://github.com/cloudflare/cloudflare-go/issues/1086))
+
+## 0.49.0 (August 31st, 2022)
+
+ENHANCEMENTS:
+
+- access_service_token: add support for refreshing an existing token in place ([#1074](https://github.com/cloudflare/cloudflare-go/issues/1074))
+- api: addded context and headers to Raw method ([#1068](https://github.com/cloudflare/cloudflare-go/issues/1068))
+- api_shield: add GET/PUT for API Shield Configuration ([#1059](https://github.com/cloudflare/cloudflare-go/issues/1059))
+- pages_project: Add `kv_namespaces`, `durable_object_namespaces`, `r2_buckets`, and `d1_databases` bindings to deployment config ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
+- pages_project: Add `preview_deployment_setting`, `preview_branch_includes`, and `preview_branch_excludes` to source config ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
+- pages_project: Add `production_branch` field ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
+- teams_account: add support for `os_distro_name` and `os_distro_revision` ([#1073](https://github.com/cloudflare/cloudflare-go/issues/1073))
+- url_normalization_settings: Add APIs to get and update URL normalization settings ([#1071](https://github.com/cloudflare/cloudflare-go/issues/1071))
+- workers: Support for multipart encoding for DownloadWorker on a module-format Worker script ([#1040](https://github.com/cloudflare/cloudflare-go/issues/1040))
+
+BUG FIXES:
+
+- cloudflare: fix nil dereference error in makeRequestWithAuthTypeAndHeaders ([#1072](https://github.com/cloudflare/cloudflare-go/issues/1072))
+- email_routing_rules: Fix response for email routing catch all rule. ([#1070](https://github.com/cloudflare/cloudflare-go/issues/1070))
+- email_routing_settings: change enable endpoint from `enabled` to `enable` ([#1060](https://github.com/cloudflare/cloudflare-go/issues/1060))
+- stream: Update pctComplete to string from int ([#1066](https://github.com/cloudflare/cloudflare-go/issues/1066))
+
+DEPENDENCIES:
+
+- deps: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0 ([#1067](https://github.com/cloudflare/cloudflare-go/issues/1067))
+
+## 0.48.0 (August 22nd, 2022)
+
+ENHANCEMENTS:
+
+- errors: add some error type convenience functions for mocking and inspection ([#1047](https://github.com/cloudflare/cloudflare-go/issues/1047))
+- pages_project: Add compatibility date and compatibility_flags to pages deployment configs ([#1051](https://github.com/cloudflare/cloudflare-go/issues/1051))
+- teams_account: add support for `suppress_footer` ([#1053](https://github.com/cloudflare/cloudflare-go/issues/1053))
+
+BUG FIXES:
+
+- r2: fix create bucket endpoint ([#1035](https://github.com/cloudflare/cloudflare-go/issues/1035))
+- tunnel_configuration: Remove unnecessary double-unmarshalling due to changes in the API ([#1046](https://github.com/cloudflare/cloudflare-go/issues/1046))
+
+## 0.47.1 (August 18th, 2022)
+
+BUG FIXES:
+
+- zonelockdown: add `Priority` to `ZoneLockdownCreateParams` and `ZoneLockdownUpdateParams` ([#1052](https://github.com/cloudflare/cloudflare-go/issues/1052))
+
+## 0.47.0 (August 17th, 2022)
+
+BREAKING CHANGES:
+
+- certificate_packs: deprecate "custom" configuration for ACM everywhere ([#1032](https://github.com/cloudflare/cloudflare-go/issues/1032))
+
+ENHANCEMENTS:
+
+- cloudflare: make it clear when the rate limit retries have been exhausted ([#1043](https://github.com/cloudflare/cloudflare-go/issues/1043))
+- email_routing_destination: Adds support for the email routing destination API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
+- email_routing_rules: Adds support for the email routing rules API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
+- email_routing_settings: Adds support for the email routing settings API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
+- filter: fix double endpoint calls & moving towards common method signature ([#1016](https://github.com/cloudflare/cloudflare-go/issues/1016))
+- firewall_rule: fix double endpoint calls & moving towards common method signature ([#1016](https://github.com/cloudflare/cloudflare-go/issues/1016))
+- lockdown: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1017](https://github.com/cloudflare/cloudflare-go/issues/1017))
+- r2: Add in support for creating and deleting R2 buckets ([#1028](https://github.com/cloudflare/cloudflare-go/issues/1028))
+- rulesets: add support for `http_config_settings` phase and supporting actions ([#1036](https://github.com/cloudflare/cloudflare-go/issues/1036))
+- workers-account-settings: Add in support for Workers account settings API ([#1027](https://github.com/cloudflare/cloudflare-go/issues/1027))
+- workers-subdomain: Add in support Workers Subdomain API ([#1031](https://github.com/cloudflare/cloudflare-go/issues/1031))
+- workers-tail: Add in support for Workers tail API ([#1026](https://github.com/cloudflare/cloudflare-go/issues/1026))
+- workers: Add support for attaching a worker to a domain ([#1014](https://github.com/cloudflare/cloudflare-go/issues/1014))
+- workers: Add support to upload module workers ([#1010](https://github.com/cloudflare/cloudflare-go/issues/1010))
+
+BUG FIXES:
+
+- email_routing_destination: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
+- email_routing_rules: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
+- email_routing_settings: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
+- tunnel_routes: Fix not removing route when it contains virtual network ([#1030](https://github.com/cloudflare/cloudflare-go/issues/1030))
+- workers_test: Fix incorrect test from PR #1014 ([#1048](https://github.com/cloudflare/cloudflare-go/issues/1048))
+- workers_test: Use application/json mime-type in headers ([#1049](https://github.com/cloudflare/cloudflare-go/issues/1049))
+
+DEPENDENCIES:
+
+- deps: bumps golang.org/x/tools/gopls from 0.9.3 to 0.9.4 ([#1044](https://github.com/cloudflare/cloudflare-go/issues/1044))
+- deps: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 ([#1020](https://github.com/cloudflare/cloudflare-go/issues/1020))
+- deps: bumps github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 ([#1042](https://github.com/cloudflare/cloudflare-go/issues/1042))
+- deps: bumps golang.org/x/tools/gopls from 0.9.1 to 0.9.2 ([#1037](https://github.com/cloudflare/cloudflare-go/issues/1037))
+- deps: bumps golang.org/x/tools/gopls from 0.9.2 to 0.9.3 ([#1039](https://github.com/cloudflare/cloudflare-go/issues/1039))
+
+## 0.46.0 (3rd August, 2022)
+
+NOTES:
+
+- docs: add release notes ([#1001](https://github.com/cloudflare/cloudflare-go/issues/1001))
+
+ENHANCEMENTS:
+
+- filter: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1004](https://github.com/cloudflare/cloudflare-go/issues/1004))
+- firewall_rule: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1004](https://github.com/cloudflare/cloudflare-go/issues/1004))
+- rulesets: add support for `http_custom_errors` phase ([#998](https://github.com/cloudflare/cloudflare-go/issues/998))
+- rulesets: add support for `serve_error` action ([#998](https://github.com/cloudflare/cloudflare-go/issues/998))
+
+BUG FIXES:
+
+- access_application: fix inability to set bool values to false ([#1006](https://github.com/cloudflare/cloudflare-go/issues/1006))
+- rulesets: fix sni action parameter ([#1002](https://github.com/cloudflare/cloudflare-go/issues/1002))
+
+DEPENDENCIES:
+
+- provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2 ([#1005](https://github.com/cloudflare/cloudflare-go/issues/1005))
+- provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 ([#1008](https://github.com/cloudflare/cloudflare-go/issues/1008))
+- provider: bumps github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 ([#1003](https://github.com/cloudflare/cloudflare-go/issues/1003))
+
+## 0.45.0 (July 20th, 2022)
diff --git a/pkg/cloudflare-go/CODE_OF_CONDUCT.md b/pkg/cloudflare-go/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000000..bfbc69d229
--- /dev/null
+++ b/pkg/cloudflare-go/CODE_OF_CONDUCT.md
@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at ggalow@cloudflare.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq
+
diff --git a/pkg/cloudflare-go/LICENSE b/pkg/cloudflare-go/LICENSE
new file mode 100644
index 0000000000..39e4ddc276
--- /dev/null
+++ b/pkg/cloudflare-go/LICENSE
@@ -0,0 +1,26 @@
+Copyright (c) 2015-2022, Cloudflare. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation and/or
+other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors
+may be used to endorse or promote products derived from this software without
+specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/cloudflare-go/README.md b/pkg/cloudflare-go/README.md
new file mode 100644
index 0000000000..dc93558467
--- /dev/null
+++ b/pkg/cloudflare-go/README.md
@@ -0,0 +1,85 @@
+# cloudflare-go
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/cloudflare/cloudflare-go.svg)](https://pkg.go.dev/github.com/cloudflare/cloudflare-go)
+![Test](https://github.com/cloudflare/cloudflare-go/workflows/Test/badge.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/cloudflare/cloudflare-go?style=flat-square)](https://goreportcard.com/report/github.com/cloudflare/cloudflare-go)
+
+> **Note**: This library is under active development as we expand it to cover
+> our (expanding!) API. Consider the public API of this package a little
+> unstable as we work towards a v1.0.
+
+A Go library for interacting with
+[Cloudflare's API v4](https://api.cloudflare.com/). This library allows you to:
+
+- Manage and automate changes to your DNS records within Cloudflare
+- Manage and automate changes to your zones (domains) on Cloudflare, including
+  adding new zones to your account
+- List and modify the status of WAF (Web Application Firewall) rules for your
+  zones
+- Fetch Cloudflare's IP ranges for automating your firewall whitelisting
+
+A command-line client, [flarectl](cmd/flarectl), is also available as part of
+this project.
+
+## Installation
+
+You need a working Go environment. We officially support only currently supported Go versions according to [Go project's release policy](https://go.dev/doc/devel/release#policy).
+
+```
+go get github.com/cloudflare/cloudflare-go
+```
+
+## Getting Started
+
+```go
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/cloudflare/cloudflare-go"
+)
+
+func main() {
+	// Construct a new API object using a global API key
+	api, err := cloudflare.New(os.Getenv("CLOUDFLARE_API_KEY"), os.Getenv("CLOUDFLARE_API_EMAIL"))
+	// alternatively, you can use a scoped API token
+	// api, err := cloudflare.NewWithAPIToken(os.Getenv("CLOUDFLARE_API_TOKEN"))
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Most API calls require a Context
+	ctx := context.Background()
+
+	// Fetch user details on the account
+	u, err := api.UserDetails(ctx)
+	if err != nil {
+		log.Fatal(err)
+	}
+	// Print user details
+	fmt.Println(u)
+}
+```
+
+Also refer to the
+[API documentation](https://pkg.go.dev/github.com/cloudflare/cloudflare-go) for
+how to use this package in-depth.
+
+## Experimental improvements
+
+This library is starting to ship with experimental improvements that are not yet
+ready for production but will be introduced before the next major version. See
+[experimental README](/docs/experimental.md) for full details.
+
+## Contributing
+
+Pull Requests are welcome, but please open an issue (or comment in an existing
+issue) to discuss any non-trivial changes before submitting code.
+
+## License
+
+BSD licensed. See the [LICENSE](LICENSE) file for details.
diff --git a/pkg/cloudflare-go/access_application.go b/pkg/cloudflare-go/access_application.go
new file mode 100644
index 0000000000..bdeaf79cd8
--- /dev/null
+++ b/pkg/cloudflare-go/access_application.go
@@ -0,0 +1,510 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessApplicationType represents the application type.
+type AccessApplicationType string
+
+// These constants represent all valid application types.
+const (
+	SelfHosted  AccessApplicationType = "self_hosted"
+	SSH         AccessApplicationType = "ssh"
+	VNC         AccessApplicationType = "vnc"
+	Biso        AccessApplicationType = "biso"
+	AppLauncher AccessApplicationType = "app_launcher"
+	Warp        AccessApplicationType = "warp"
+	Bookmark    AccessApplicationType = "bookmark"
+	Saas        AccessApplicationType = "saas"
+)
+
+// AccessApplication represents an Access application.
+type AccessApplication struct {
+	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
+	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
+	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
+	LogoURL                  string                         `json:"logo_url,omitempty"`
+	AUD                      string                         `json:"aud,omitempty"`
+	Domain                   string                         `json:"domain"`
+	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
+	Type                     AccessApplicationType          `json:"type,omitempty"`
+	SessionDuration          string                         `json:"session_duration,omitempty"`
+	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
+	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
+	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
+	Name                     string                         `json:"name"`
+	ID                       string                         `json:"id,omitempty"`
+	PrivateAddress           string                         `json:"private_address"`
+	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
+	CreatedAt                *time.Time                     `json:"created_at,omitempty"`
+	UpdatedAt                *time.Time                     `json:"updated_at,omitempty"`
+	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
+	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
+	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
+	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
+	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
+	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
+	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
+	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
+	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
+	CustomPages              []string                       `json:"custom_pages,omitempty"`
+	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	Policies                 []AccessPolicy                 `json:"policies,omitempty"`
+	AccessAppLauncherCustomization
+}
+
+type AccessApplicationGatewayRule struct {
+	ID string `json:"id,omitempty"`
+}
+
+// AccessApplicationCorsHeaders represents the CORS HTTP headers for an Access
+// Application.
+type AccessApplicationCorsHeaders struct {
+	AllowedMethods   []string `json:"allowed_methods,omitempty"`
+	AllowedOrigins   []string `json:"allowed_origins,omitempty"`
+	AllowedHeaders   []string `json:"allowed_headers,omitempty"`
+	AllowAllMethods  bool     `json:"allow_all_methods,omitempty"`
+	AllowAllHeaders  bool     `json:"allow_all_headers,omitempty"`
+	AllowAllOrigins  bool     `json:"allow_all_origins,omitempty"`
+	AllowCredentials bool     `json:"allow_credentials,omitempty"`
+	MaxAge           int      `json:"max_age,omitempty"`
+}
+
+// AccessApplicationSCIMConfig represents the configuration for provisioning to an Access Application via SCIM.
+type AccessApplicationSCIMConfig struct {
+	Enabled            *bool                                    `json:"enabled,omitempty"`
+	RemoteURI          string                                   `json:"remote_uri,omitempty"`
+	Authentication     *AccessApplicationScimAuthenticationJson `json:"authentication,omitempty"`
+	IdPUID             string                                   `json:"idp_uid,omitempty"`
+	DeactivateOnDelete *bool                                    `json:"deactivate_on_delete,omitempty"`
+	Mappings           []*AccessApplicationScimMapping          `json:"mappings,omitempty"`
+}
+
+type AccessApplicationScimAuthenticationScheme string
+
+const (
+	AccessApplicationScimAuthenticationSchemeHttpBasic        AccessApplicationScimAuthenticationScheme = "httpbasic"
+	AccessApplicationScimAuthenticationSchemeOauthBearerToken AccessApplicationScimAuthenticationScheme = "oauthbearertoken"
+	AccessApplicationScimAuthenticationSchemeOauth2           AccessApplicationScimAuthenticationScheme = "oauth2"
+)
+
+type AccessApplicationScimAuthenticationJson struct {
+	Value AccessApplicationScimAuthentication
+}
+
+func (a *AccessApplicationScimAuthenticationJson) UnmarshalJSON(buf []byte) error {
+	var scheme baseScimAuthentication
+	if err := json.Unmarshal(buf, &scheme); err != nil {
+		return err
+	}
+
+	switch scheme.Scheme {
+	case AccessApplicationScimAuthenticationSchemeHttpBasic:
+		a.Value = new(AccessApplicationScimAuthenticationHttpBasic)
+	case AccessApplicationScimAuthenticationSchemeOauthBearerToken:
+		a.Value = new(AccessApplicationScimAuthenticationOauthBearerToken)
+	case AccessApplicationScimAuthenticationSchemeOauth2:
+		a.Value = new(AccessApplicationScimAuthenticationOauth2)
+	default:
+		return errors.New("invalid authentication scheme")
+	}
+
+	return json.Unmarshal(buf, a.Value)
+}
+
+func (a *AccessApplicationScimAuthenticationJson) MarshalJSON() ([]byte, error) {
+	return json.Marshal(a.Value)
+}
+
+type AccessApplicationScimAuthentication interface {
+	isScimAuthentication()
+}
+
+type baseScimAuthentication struct {
+	Scheme AccessApplicationScimAuthenticationScheme `json:"scheme"`
+}
+
+func (baseScimAuthentication) isScimAuthentication() {}
+
+type AccessApplicationScimAuthenticationHttpBasic struct {
+	baseScimAuthentication
+	User     string `json:"user"`
+	Password string `json:"password"`
+}
+
+type AccessApplicationScimAuthenticationOauthBearerToken struct {
+	baseScimAuthentication
+	Token string `json:"token"`
+}
+
+type AccessApplicationScimAuthenticationOauth2 struct {
+	baseScimAuthentication
+	ClientID         string   `json:"client_id"`
+	ClientSecret     string   `json:"client_secret"`
+	AuthorizationURL string   `json:"authorization_url"`
+	TokenURL         string   `json:"token_url"`
+	Scopes           []string `json:"scopes,omitempty"`
+}
+
+type AccessApplicationScimMapping struct {
+	Schema           string                                  `json:"schema"`
+	Enabled          *bool                                   `json:"enabled,omitempty"`
+	Filter           string                                  `json:"filter,omitempty"`
+	TransformJsonata string                                  `json:"transform_jsonata,omitempty"`
+	Operations       *AccessApplicationScimMappingOperations `json:"operations,omitempty"`
+}
+
+type AccessApplicationScimMappingOperations struct {
+	Create *bool `json:"create,omitempty"`
+	Update *bool `json:"update,omitempty"`
+	Delete *bool `json:"delete,omitempty"`
+}
+
+// AccessApplicationListResponse represents the response from the list
+// access applications endpoint.
+type AccessApplicationListResponse struct {
+	Result []AccessApplication `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessApplicationDetailResponse is the API response, containing a single
+// access application.
+type AccessApplicationDetailResponse struct {
+	Success  bool              `json:"success"`
+	Errors   []string          `json:"errors"`
+	Messages []string          `json:"messages"`
+	Result   AccessApplication `json:"result"`
+}
+
+type SourceConfig struct {
+	Name      string            `json:"name,omitempty"`
+	NameByIDP map[string]string `json:"name_by_idp,omitempty"`
+}
+
+type SAMLAttributeConfig struct {
+	Name         string       `json:"name,omitempty"`
+	NameFormat   string       `json:"name_format,omitempty"`
+	FriendlyName string       `json:"friendly_name,omitempty"`
+	Required     bool         `json:"required,omitempty"`
+	Source       SourceConfig `json:"source"`
+}
+
+type OIDCClaimConfig struct {
+	Name     string       `json:"name,omitempty"`
+	Source   SourceConfig `json:"source"`
+	Required *bool        `json:"required,omitempty"`
+	Scope    string       `json:"scope,omitempty"`
+}
+
+type RefreshTokenOptions struct {
+	Lifetime string `json:"lifetime,omitempty"`
+}
+
+type AccessApplicationHybridAndImplicitOptions struct {
+	ReturnIDTokenFromAuthorizationEndpoint     *bool `json:"return_id_token_from_authorization_endpoint,omitempty"`
+	ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"return_access_token_from_authorization_endpoint,omitempty"`
+}
+
+type SaasApplication struct {
+	// Items common to both SAML and OIDC
+	AppID     string     `json:"app_id,omitempty"`
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	PublicKey string     `json:"public_key,omitempty"`
+	AuthType  string     `json:"auth_type,omitempty"`
+
+	// SAML saas app
+	ConsumerServiceUrl            string                `json:"consumer_service_url,omitempty"`
+	SPEntityID                    string                `json:"sp_entity_id,omitempty"`
+	IDPEntityID                   string                `json:"idp_entity_id,omitempty"`
+	NameIDFormat                  string                `json:"name_id_format,omitempty"`
+	SSOEndpoint                   string                `json:"sso_endpoint,omitempty"`
+	DefaultRelayState             string                `json:"default_relay_state,omitempty"`
+	CustomAttributes              []SAMLAttributeConfig `json:"custom_attributes,omitempty"`
+	NameIDTransformJsonata        string                `json:"name_id_transform_jsonata,omitempty"`
+	SamlAttributeTransformJsonata string                `json:"saml_attribute_transform_jsonata"`
+
+	// OIDC saas app
+	ClientID                     string                                     `json:"client_id,omitempty"`
+	ClientSecret                 string                                     `json:"client_secret,omitempty"`
+	RedirectURIs                 []string                                   `json:"redirect_uris,omitempty"`
+	GrantTypes                   []string                                   `json:"grant_types,omitempty"`
+	Scopes                       []string                                   `json:"scopes,omitempty"`
+	AppLauncherURL               string                                     `json:"app_launcher_url,omitempty"`
+	GroupFilterRegex             string                                     `json:"group_filter_regex,omitempty"`
+	CustomClaims                 []OIDCClaimConfig                          `json:"custom_claims,omitempty"`
+	AllowPKCEWithoutClientSecret *bool                                      `json:"allow_pkce_without_client_secret,omitempty"`
+	RefreshTokenOptions          *RefreshTokenOptions                       `json:"refresh_token_options,omitempty"`
+	HybridAndImplicitOptions     *AccessApplicationHybridAndImplicitOptions `json:"hybrid_and_implicit_options,omitempty"`
+	AccessTokenLifetime          string                                     `json:"access_token_lifetime,omitempty"`
+}
+
+type AccessAppLauncherCustomization struct {
+	LandingPageDesign     AccessLandingPageDesign `json:"landing_page_design"`
+	LogoURL               string                  `json:"app_launcher_logo_url"`
+	HeaderBackgroundColor string                  `json:"header_bg_color"`
+	BackgroundColor       string                  `json:"bg_color"`
+	FooterLinks           []AccessFooterLink      `json:"footer_links"`
+}
+
+type AccessFooterLink struct {
+	Name string `json:"name"`
+	URL  string `json:"url"`
+}
+
+type AccessLandingPageDesign struct {
+	Title           string `json:"title"`
+	Message         string `json:"message"`
+	ImageURL        string `json:"image_url"`
+	ButtonColor     string `json:"button_color"`
+	ButtonTextColor string `json:"button_text_color"`
+}
+
+type ListAccessApplicationsParams struct {
+	ResultInfo
+}
+
+type CreateAccessApplicationParams struct {
+	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
+	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
+	AUD                      string                         `json:"aud,omitempty"`
+	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
+	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
+	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
+	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
+	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
+	Domain                   string                         `json:"domain"`
+	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
+	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
+	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
+	LogoURL                  string                         `json:"logo_url,omitempty"`
+	Name                     string                         `json:"name"`
+	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
+	PrivateAddress           string                         `json:"private_address"`
+	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
+	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
+	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
+	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
+	SessionDuration          string                         `json:"session_duration,omitempty"`
+	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
+	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
+	Type                     AccessApplicationType          `json:"type,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
+	CustomPages              []string                       `json:"custom_pages,omitempty"`
+	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	// List of policy ids to link to this application in ascending order of precedence.
+	Policies []string `json:"policies,omitempty"`
+	AccessAppLauncherCustomization
+}
+
+type UpdateAccessApplicationParams struct {
+	ID                       string                         `json:"id,omitempty"`
+	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
+	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
+	AUD                      string                         `json:"aud,omitempty"`
+	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
+	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
+	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
+	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
+	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
+	Domain                   string                         `json:"domain"`
+	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
+	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
+	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
+	LogoURL                  string                         `json:"logo_url,omitempty"`
+	Name                     string                         `json:"name"`
+	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
+	PrivateAddress           string                         `json:"private_address"`
+	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
+	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
+	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
+	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
+	SessionDuration          string                         `json:"session_duration,omitempty"`
+	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
+	Type                     AccessApplicationType          `json:"type,omitempty"`
+	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
+	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
+	CustomPages              []string                       `json:"custom_pages,omitempty"`
+	Tags                     []string                       `json:"tags,omitempty"`
+	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
+	// List of policy ids to link to this application in ascending order of precedence.
+	// Can reference reusable policies and policies specific to this application.
+	// If this field is not provided, the existing policies will not be modified.
+	Policies *[]string `json:"policies,omitempty"`
+	AccessAppLauncherCustomization
+}
+
+// ListAccessApplications returns all applications within an account or zone.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-list-access-applications
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-list-access-applications
+func (api *API) ListAccessApplications(ctx context.Context, rc *ResourceContainer, params ListAccessApplicationsParams) ([]AccessApplication, *ResultInfo, error) {
+	baseURL := fmt.Sprintf("/%s/%s/access/apps", rc.Level, rc.Identifier)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var applications []AccessApplication
+	var r AccessApplicationListResponse
+
+	for {
+		uri := buildURI(baseURL, params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessApplication{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessApplication{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		applications = append(applications, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return applications, &r.ResultInfo, nil
+}
+
+// GetAccessApplication returns a single application based on the application
+// ID for either account or zone.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-get-an-access-application
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-get-an-access-application
+func (api *API) GetAccessApplication(ctx context.Context, rc *ResourceContainer, applicationID string) (AccessApplication, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s",
+		rc.Level,
+		rc.Identifier,
+		applicationID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessApplicationDetailResponse AccessApplicationDetailResponse
+	err = json.Unmarshal(res, &accessApplicationDetailResponse)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessApplicationDetailResponse.Result, nil
+}
+
+// CreateAccessApplication creates a new access application.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-add-an-application
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-add-a-bookmark-application
+func (api *API) CreateAccessApplication(ctx context.Context, rc *ResourceContainer, params CreateAccessApplicationParams) (AccessApplication, error) {
+	uri := fmt.Sprintf("/%s/%s/access/apps", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessApplicationDetailResponse AccessApplicationDetailResponse
+	err = json.Unmarshal(res, &accessApplicationDetailResponse)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessApplicationDetailResponse.Result, nil
+}
+
+// UpdateAccessApplication updates an existing access application.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-update-a-bookmark-application
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-update-a-bookmark-application
+func (api *API) UpdateAccessApplication(ctx context.Context, rc *ResourceContainer, params UpdateAccessApplicationParams) (AccessApplication, error) {
+	if params.ID == "" {
+		return AccessApplication{}, fmt.Errorf("access application ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s",
+		rc.Level,
+		rc.Identifier,
+		params.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessApplicationDetailResponse AccessApplicationDetailResponse
+	err = json.Unmarshal(res, &accessApplicationDetailResponse)
+	if err != nil {
+		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessApplicationDetailResponse.Result, nil
+}
+
+// DeleteAccessApplication deletes an access application.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-delete-an-access-application
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-delete-an-access-application
+func (api *API) DeleteAccessApplication(ctx context.Context, rc *ResourceContainer, applicationID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s",
+		rc.Level,
+		rc.Identifier,
+		applicationID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
+
+// RevokeAccessApplicationTokens revokes tokens associated with an
+// access application.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-revoke-service-tokens
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-revoke-service-tokens
+func (api *API) RevokeAccessApplicationTokens(ctx context.Context, rc *ResourceContainer, applicationID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s/revoke-tokens",
+		rc.Level,
+		rc.Identifier,
+		applicationID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_application_test.go b/pkg/cloudflare-go/access_application_test.go
new file mode 100644
index 0000000000..1783863950
--- /dev/null
+++ b/pkg/cloudflare-go/access_application_test.go
@@ -0,0 +1,1545 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testAccessApplicationID = "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+)
+
+func TestAccessApplications(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z",
+					"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+					"name": "Admin Site",
+					"domain": "test.example.com/admin",
+					"type": "self_hosted",
+					"session_duration": "24h",
+					"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+					"auto_redirect_to_identity": false,
+					"enable_binding_cookie": false,
+					"custom_deny_url": "https://www.example.com",
+					"custom_non_identity_deny_url": "https://blocked.com",
+					"custom_deny_message": "denied!",
+					"http_only_cookie_attribute": true,
+					"same_site_cookie_attribute": "strict",
+					"logo_url": "https://www.example.com/example.png",
+					"skip_interstitial": true,
+					"app_launcher_visible": true,
+					"service_auth_401_redirect": true,
+					"path_cookie_attribute": true,
+					"custom_pages": ["480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"],
+					"tags": ["engineers"],
+					"allow_authenticate_via_warp": true,
+					"options_preflight_bypass": false,
+					"policies": [
+						{
+							"id": "699d98642c564d2e855e9661899b7252",
+							"precedence": 1,
+							"reusable": true,
+							"decision": "allow",
+							"created_at": "2014-01-01T05:20:00.12345Z",
+							"updated_at": "2014-01-01T05:20:00.12345Z",
+							"name": "Allow devs",
+							"include": [
+								{
+									"email": {
+										"email": "test@example.com"
+									}
+								}
+							]
+						}
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []AccessApplication{{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		SameSiteCookieAttribute:  "strict",
+		HttpOnlyCookieAttribute:  BoolPtr(true),
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		PathCookieAttribute:      BoolPtr(true),
+		CustomPages:              []string{"480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"},
+		Tags:                     []string{"engineers"},
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		OptionsPreflightBypass:   BoolPtr(false),
+		Policies: []AccessPolicy{
+			{
+				ID:         "699d98642c564d2e855e9661899b7252",
+				Precedence: 1,
+				Reusable:   BoolPtr(true),
+				Decision:   "allow",
+				CreatedAt:  &createdAt,
+				UpdatedAt:  &updatedAt,
+				Name:       "Allow devs",
+				Include: []any{
+					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+				},
+			},
+		},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, _, err := client.ListAccessApplications(context.Background(), AccountIdentifier(testAccountID), ListAccessApplicationsParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
+
+	actual, _, err = client.ListAccessApplications(context.Background(), ZoneIdentifier(testZoneID), ListAccessApplicationsParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin Site",
+				"domain": "test.example.com/admin",
+				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
+				"type": "self_hosted",
+				"session_duration": "24h",
+				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"http_only_cookie_attribute": false,
+				"path_cookie_attribute": false,
+				"allow_authenticate_via_warp": false,
+				"options_preflight_bypass": false,
+				"policies": [
+					{
+						"id": "699d98642c564d2e855e9661899b7252",
+						"precedence": 1,
+						"reusable": true,
+						"decision": "allow",
+						"created_at": "2014-01-01T05:20:00.12345Z",
+						"updated_at": "2014-01-01T05:20:00.12345Z",
+						"name": "Allow devs",
+						"include": [
+							{
+								"email": {
+									"email": "test@example.com"
+								}
+							}
+						]
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessApplication{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		HttpOnlyCookieAttribute:  BoolPtr(false),
+		PathCookieAttribute:      BoolPtr(false),
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		OptionsPreflightBypass:   BoolPtr(false),
+		Policies: []AccessPolicy{
+			{
+				ID:         "699d98642c564d2e855e9661899b7252",
+				Precedence: 1,
+				Reusable:   BoolPtr(true),
+				Decision:   "allow",
+				CreatedAt:  &createdAt,
+				UpdatedAt:  &updatedAt,
+				Name:       "Allow devs",
+				Include: []any{
+					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.GetAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.GetAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessApplications(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin Site",
+				"domain": "test.example.com/admin",
+				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
+				"type": "self_hosted",
+				"session_duration": "24h",
+				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"tags": ["engineers"],
+				"allow_authenticate_via_warp": false,
+				"options_preflight_bypass": true,
+				"policies": [
+					{
+						"id": "699d98642c564d2e855e9661899b7252",
+						"precedence": 1,
+						"reusable": true,
+						"decision": "allow",
+						"created_at": "2014-01-01T05:20:00.12345Z",
+						"updated_at": "2014-01-01T05:20:00.12345Z",
+						"name": "Allow devs",
+						"include": [
+							{
+								"email": {
+									"email": "test@example.com"
+								}
+							}
+						]
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		OptionsPreflightBypass:   BoolPtr(true),
+		Policies: []AccessPolicy{
+			{
+				ID:         "699d98642c564d2e855e9661899b7252",
+				Precedence: 1,
+				Reusable:   BoolPtr(true),
+				Decision:   "allow",
+				CreatedAt:  &createdAt,
+				UpdatedAt:  &updatedAt,
+				Name:       "Allow devs",
+				Include: []any{
+					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name:            "Admin Site",
+		Domain:          "test.example.com/admin",
+		SessionDuration: "24h",
+		Policies:        []string{"699d98642c564d2e855e9661899b7252"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
+
+	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
+		Name:            "Admin Site",
+		Domain:          "test.example.com/admin",
+		SessionDuration: "24h",
+		Policies:        []string{"699d98642c564d2e855e9661899b7252"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestUpdateAccessApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin Site",
+				"domain": "test.example.com/admin",
+				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
+				"type": "self_hosted",
+				"session_duration": "24h",
+				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"tags": ["engineers"],
+				"allow_authenticate_via_warp": true,
+				"options_preflight_bypass": true,
+				"policies": [
+					{
+						"id": "699d98642c564d2e855e9661899b7252",
+						"precedence": 1,
+						"reusable": true,
+						"decision": "allow",
+						"created_at": "2014-01-01T05:20:00.12345Z",
+						"updated_at": "2014-01-01T05:20:00.12345Z",
+						"name": "Allow devs",
+						"include": [
+							{
+								"email": {
+									"email": "test@example.com"
+								}
+							}
+						]
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	fullAccessApplication := AccessApplication{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		SkipInterstitial:         BoolPtr(true),
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		OptionsPreflightBypass:   BoolPtr(true),
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Policies: []AccessPolicy{
+			{
+				ID:         "699d98642c564d2e855e9661899b7252",
+				Precedence: 1,
+				Reusable:   BoolPtr(true),
+				Decision:   "allow",
+				CreatedAt:  &createdAt,
+				UpdatedAt:  &updatedAt,
+				Name:       "Allow devs",
+				Include: []any{
+					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+				},
+			},
+		},
+	}
+
+	params := UpdateAccessApplicationParams{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		OptionsPreflightBypass:   BoolPtr(true),
+		Policies:                 &[]string{"699d98642c564d2e855e9661899b7252"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.UpdateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), UpdateAccessApplicationParams{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		OptionsPreflightBypass:   BoolPtr(true),
+		Policies:                 &[]string{"699d98642c564d2e855e9661899b7252"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestUpdateAccessApplicationOmitPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		reqBody, err := io.ReadAll(r.Body)
+		assert.NoError(t, err)
+		assert.NotContains(t, string(reqBody), "policies")
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin Site",
+				"domain": "test.example.com/admin",
+				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
+				"type": "self_hosted",
+				"session_duration": "24h",
+				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"tags": ["engineers"],
+				"allow_authenticate_via_warp": true,
+				"options_preflight_bypass": true,
+				"policies": [
+					{
+						"id": "699d98642c564d2e855e9661899b7252",
+						"precedence": 1,
+						"reusable": true,
+						"decision": "allow",
+						"created_at": "2014-01-01T05:20:00.12345Z",
+						"updated_at": "2014-01-01T05:20:00.12345Z",
+						"name": "Allow devs",
+						"include": [
+							{
+								"email": {
+									"email": "test@example.com"
+								}
+							}
+						]
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	fullAccessApplication := AccessApplication{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		SkipInterstitial:         BoolPtr(true),
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		OptionsPreflightBypass:   BoolPtr(true),
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Policies: []AccessPolicy{
+			{
+				ID:         "699d98642c564d2e855e9661899b7252",
+				Precedence: 1,
+				Reusable:   BoolPtr(true),
+				Decision:   "allow",
+				CreatedAt:  &createdAt,
+				UpdatedAt:  &updatedAt,
+				Name:       "Allow devs",
+				Include: []any{
+					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+				},
+			},
+		},
+	}
+
+	params := UpdateAccessApplicationParams{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		OptionsPreflightBypass:   BoolPtr(true),
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.UpdateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), UpdateAccessApplicationParams{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin Site",
+		Domain:                   "test.example.com/admin",
+		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
+		Type:                     "self_hosted",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		OptionsPreflightBypass:   BoolPtr(true),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestUpdateAccessApplicationWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), UpdateAccessApplicationParams{})
+	assert.EqualError(t, err, "access application ID cannot be empty")
+
+	_, err = client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), UpdateAccessApplicationParams{})
+	assert.EqualError(t, err, "access application ID cannot be empty")
+}
+
+func TestDeleteAccessApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "699d98642c564d2e855e9661899b7252"
+      }
+    }
+    `)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err := client.DeleteAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err = client.DeleteAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+}
+
+func TestRevokeAccessApplicationTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": []
+    }
+    `)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/revoke-tokens", handler)
+	err := client.RevokeAccessApplicationTokens(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/revoke-tokens", handler)
+	err = client.RevokeAccessApplicationTokens(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+}
+
+func TestAccessApplicationWithCORS(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [
+
+      ],
+      "result":{
+        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+        "created_at": "2014-01-01T05:20:00.12345Z",
+        "updated_at": "2014-01-01T05:20:00.12345Z",
+        "aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+        "name": "Admin Site",
+        "domain": "test.example.com/admin",
+        "type": "self_hosted",
+        "session_duration": "24h",
+        "cors_headers": {
+          "allowed_methods": [
+            "GET"
+          ],
+          "allowed_origins": [
+            "https://example.com"
+          ],
+          "allow_all_headers": true,
+          "max_age": -1
+        }
+      }
+    }
+    `)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessApplication{
+		ID:              "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		CreatedAt:       &createdAt,
+		UpdatedAt:       &updatedAt,
+		AUD:             "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Name:            "Admin Site",
+		Domain:          "test.example.com/admin",
+		Type:            "self_hosted",
+		SessionDuration: "24h",
+		CorsHeaders: &AccessApplicationCorsHeaders{
+			AllowedMethods:  []string{http.MethodGet},
+			AllowedOrigins:  []string{"https://example.com"},
+			AllowAllHeaders: true,
+			MaxAge:          -1,
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.GetAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.GetAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreatePrivateAccessApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Private Admin Site",
+				"private_address": "198.51.100.0",
+				"type": "private_ip",
+		    "gateway_rules": [
+					{"id": "d9c61460-6f4d-4c40-89ea-2f552c9a8466"},
+					{"id": "bc5ee7e7-9773-47a3-835e-b9b9799ebb92"}
+				],
+				"session_duration": "24h",
+				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": false,
+				"service_auth_401_redirect": false
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:             "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:           "Private Admin Site",
+		PrivateAddress: "198.51.100.0",
+		Type:           "private_ip",
+		GatewayRules: []AccessApplicationGatewayRule{
+			{ID: "d9c61460-6f4d-4c40-89ea-2f552c9a8466"},
+			{ID: "bc5ee7e7-9773-47a3-835e-b9b9799ebb92"},
+		},
+		SessionDuration:        "24h",
+		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:            []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
+		AutoRedirectToIdentity: BoolPtr(false),
+		EnableBindingCookie:    BoolPtr(false),
+		AppLauncherVisible:     BoolPtr(false),
+		ServiceAuth401Redirect: BoolPtr(false),
+		CustomDenyMessage:      "denied!",
+		CustomDenyURL:          "https://www.example.com",
+		LogoURL:                "https://www.example.com/example.png",
+		SkipInterstitial:       BoolPtr(true),
+		CreatedAt:              &createdAt,
+		UpdatedAt:              &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name:            "Admin Site",
+		PrivateAddress:  "198.51.100.0",
+		SessionDuration: "24h",
+		Type:            "private_ip",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestCreateSAMLSaasAccessApplications(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin Saas App",
+				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/saml/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"type": "saas",
+				"session_duration": "24h",
+				"allowed_idps": [],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"tags": ["engineers"],
+				"saas_app": {
+					"consumer_service_url": "https://saas.example.com",
+					"sp_entity_id": "dash.example.com",
+					"name_id_format": "id",
+					"default_relay_state": "https://saas.example.com",
+					"custom_attributes": [
+						{
+							"name": "test1",
+							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
+							"source": {
+								"name": "test1"
+							}
+						},
+						{
+							"name": "test2",
+							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+							"source": {
+								"name": "test2"
+							}
+						},
+						{
+							"name": "test3",
+							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+							"source": {
+								"name": "test3"
+							}
+						}
+					],
+					"name_id_transform_jsonata": "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
+					"saml_attribute_transform_jsonata": "$ ~>| groups | {'group_name': name} |"
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                   "Admin Saas App",
+		Domain:                 "example.cloudflareaccess.com/cdn-cgi/access/sso/saml/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Type:                   "saas",
+		SessionDuration:        "24h",
+		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:            []string{},
+		AutoRedirectToIdentity: BoolPtr(false),
+		EnableBindingCookie:    BoolPtr(false),
+		AppLauncherVisible:     BoolPtr(true),
+		ServiceAuth401Redirect: BoolPtr(true),
+		CustomDenyMessage:      "denied!",
+		CustomDenyURL:          "https://www.example.com",
+		LogoURL:                "https://www.example.com/example.png",
+		SkipInterstitial:       BoolPtr(true),
+		SaasApplication: &SaasApplication{
+			ConsumerServiceUrl: "https://saas.example.com",
+			SPEntityID:         "dash.example.com",
+			NameIDFormat:       "id",
+			DefaultRelayState:  "https://saas.example.com",
+			CustomAttributes: []SAMLAttributeConfig{
+				{
+					Name:       "test1",
+					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
+					Source: SourceConfig{
+						Name: "test1",
+					},
+				},
+				{
+					Name:       "test2",
+					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
+					Source: SourceConfig{
+						Name: "test2",
+					},
+				},
+				{
+					Name:       "test3",
+					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+					Source: SourceConfig{
+						Name: "test3",
+					},
+				},
+			},
+			NameIDTransformJsonata:        "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
+			SamlAttributeTransformJsonata: "$ ~>| groups | {'group_name': name} |",
+		},
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name: "Admin Saas Site",
+		SaasApplication: &SaasApplication{
+			ConsumerServiceUrl: "https://examplesaas.com",
+			SPEntityID:         "TEST12345678",
+			NameIDFormat:       "id",
+		},
+		SessionDuration: "24h",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
+
+	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
+		Name: "Admin Saas Site",
+		SaasApplication: &SaasApplication{
+			ConsumerServiceUrl: "https://saas.example.com",
+			SPEntityID:         "TEST12345678",
+			NameIDFormat:       "id",
+		},
+		SessionDuration: "24h",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestCreateOIDCSaasAccessApplications(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin OIDC Saas App",
+				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"type": "saas",
+				"session_duration": "24h",
+				"allowed_idps": [],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"tags": ["engineers"],
+				"saas_app": {
+					"auth_type": "oidc",
+					"client_id": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+					"client_secret": "secret",
+					"redirect_uris": ["https://saas.example.com"],
+					"grant_types": ["authorization_code", "hybrid", "implicit"],
+					"scopes": ["openid", "email", "profile", "groups"],
+					"app_launcher_url": "https://saas.example.com",
+					"group_filter_regex": ".*",
+					"allow_pkce_without_client_secret": false,
+					"custom_claims": [
+						{
+							"name": "test1",
+							"source": {
+								"name": "test1"
+							},
+							"required": true,
+							"scope": "profile"
+						}
+					],
+					"hybrid_and_implicit_options": {
+						"return_id_token_from_authorization_endpoint": true,
+						"return_access_token_from_authorization_endpoint": true
+					},
+					"access_token_lifetime": "1m"
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                   "Admin OIDC Saas App",
+		Domain:                 "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Type:                   "saas",
+		SessionDuration:        "24h",
+		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:            []string{},
+		AutoRedirectToIdentity: BoolPtr(false),
+		EnableBindingCookie:    BoolPtr(false),
+		AppLauncherVisible:     BoolPtr(true),
+		ServiceAuth401Redirect: BoolPtr(true),
+		CustomDenyMessage:      "denied!",
+		CustomDenyURL:          "https://www.example.com",
+		LogoURL:                "https://www.example.com/example.png",
+		SkipInterstitial:       BoolPtr(true),
+		SaasApplication: &SaasApplication{
+			AuthType:                     "oidc",
+			ClientID:                     "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+			ClientSecret:                 "secret",
+			RedirectURIs:                 []string{"https://saas.example.com"},
+			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
+			Scopes:                       []string{"openid", "email", "profile", "groups"},
+			AppLauncherURL:               "https://saas.example.com",
+			GroupFilterRegex:             ".*",
+			AllowPKCEWithoutClientSecret: BoolPtr(false),
+			CustomClaims: []OIDCClaimConfig{
+				{
+					Name:     "test1",
+					Source:   SourceConfig{Name: "test1"},
+					Required: BoolPtr(true),
+					Scope:    "profile",
+				},
+			},
+			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
+				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
+				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
+			},
+			AccessTokenLifetime: "1m",
+		},
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name: "Admin Saas Site",
+		SaasApplication: &SaasApplication{
+			AuthType:                     "oidc",
+			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
+			RedirectURIs:                 []string{"https://saas.example.com"},
+			AppLauncherURL:               "https://saas.example.com",
+			GroupFilterRegex:             ".*",
+			AllowPKCEWithoutClientSecret: BoolPtr(false),
+			CustomClaims: []OIDCClaimConfig{
+				{
+					Name:     "test1",
+					Source:   SourceConfig{Name: "test1"},
+					Required: BoolPtr(true),
+					Scope:    "profile",
+				},
+			},
+			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
+				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
+				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
+			},
+			AccessTokenLifetime: "1m",
+		},
+		SessionDuration: "24h",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
+
+	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
+		Name: "Admin Saas Site",
+		SaasApplication: &SaasApplication{
+			AuthType:                     "oidc",
+			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
+			RedirectURIs:                 []string{"https://saas.example.com"},
+			AppLauncherURL:               "https://saas.example.com",
+			GroupFilterRegex:             ".*",
+			AllowPKCEWithoutClientSecret: BoolPtr(false),
+			CustomClaims: []OIDCClaimConfig{
+				{
+					Name:     "test1",
+					Source:   SourceConfig{Name: "test1"},
+					Required: BoolPtr(true),
+					Scope:    "profile",
+				},
+			},
+			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
+				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
+				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
+			},
+			AccessTokenLifetime: "1m",
+		},
+		SessionDuration: "24h",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestCreateApplicationWithAccessAppLauncherCustomization(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "App Launcher",
+				"type": "app_launcher",
+				"session_duration": "24h",
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": false,
+				"service_auth_401_redirect": false,
+				"landing_page_design": {
+					"title": "A title",
+					"message": "a message",
+					"image_url": "https://www.example.com/example.png",
+					"button_color": "green",
+					"button_text_color": "red"
+				},
+				"header_bg_color": "red",
+				"bg_color": "blue",
+				"footer_links": [
+					{
+						"url": "https://somesite.com",
+						"name": "bug"
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                   "App Launcher",
+		Type:                   "app_launcher",
+		SessionDuration:        "24h",
+		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AutoRedirectToIdentity: BoolPtr(false),
+		EnableBindingCookie:    BoolPtr(false),
+		AppLauncherVisible:     BoolPtr(false),
+		ServiceAuth401Redirect: BoolPtr(false),
+		CustomDenyMessage:      "denied!",
+		CustomDenyURL:          "https://www.example.com",
+		LogoURL:                "https://www.example.com/example.png",
+		SkipInterstitial:       BoolPtr(true),
+		CreatedAt:              &createdAt,
+		UpdatedAt:              &updatedAt,
+		AccessAppLauncherCustomization: AccessAppLauncherCustomization{
+			LandingPageDesign: AccessLandingPageDesign{
+				Title:           "A title",
+				Message:         "a message",
+				ImageURL:        "https://www.example.com/example.png",
+				ButtonColor:     "green",
+				ButtonTextColor: "red",
+			},
+			HeaderBackgroundColor: "red",
+			BackgroundColor:       "blue",
+			FooterLinks: []AccessFooterLink{
+				{
+					URL:  "https://somesite.com",
+					Name: "bug",
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name:            "Admin Site",
+		SessionDuration: "24h",
+		Type:            "app_launcher",
+		AccessAppLauncherCustomization: AccessAppLauncherCustomization{
+			LandingPageDesign: AccessLandingPageDesign{
+				Title:           "A title",
+				Message:         "a message",
+				ImageURL:        "https://www.example.com/example.png",
+				ButtonColor:     "green",
+				ButtonTextColor: "red",
+			},
+			HeaderBackgroundColor: "red",
+			BackgroundColor:       "blue",
+			FooterLinks: []AccessFooterLink{
+				{
+					URL:  "https://somesite.com",
+					Name: "bug",
+				},
+			},
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
+
+func TestCreateAccessApplicationWithSCIMProvisioning(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"name": "Admin SCIM App",
+				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+				"type": "saas",
+				"session_duration": "24h",
+				"allowed_idps": [],
+				"auto_redirect_to_identity": false,
+				"enable_binding_cookie": false,
+				"custom_deny_url": "https://www.example.com",
+				"custom_deny_message": "denied!",
+				"logo_url": "https://www.example.com/example.png",
+				"skip_interstitial": true,
+				"app_launcher_visible": true,
+				"service_auth_401_redirect": true,
+				"custom_non_identity_deny_url": "https://blocked.com",
+				"tags": ["engineers"],
+				"scim_config": {
+					"enabled": true,
+					"remote_uri": "https://scim.com",
+					"authentication": {
+						 "scheme": "oauthbearertoken",
+						 "token": "1234567890"
+					},
+					"idp_uid": "1234567",
+					"deactivate_on_delete": true,
+					"mappings": [
+						{
+							"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
+							"enabled": true,
+							"filter": "title pr or userType eq \"Intern\"",
+							"transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
+							"operations": {
+								"create": true,
+								"update": true,
+								"delete": true
+							}
+						}
+					]
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessApplication := AccessApplication{
+		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:                     "Admin SCIM App",
+		Domain:                   "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		Type:                     "saas",
+		SessionDuration:          "24h",
+		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
+		AllowedIdps:              []string{},
+		AutoRedirectToIdentity:   BoolPtr(false),
+		EnableBindingCookie:      BoolPtr(false),
+		AppLauncherVisible:       BoolPtr(true),
+		ServiceAuth401Redirect:   BoolPtr(true),
+		CustomDenyMessage:        "denied!",
+		CustomDenyURL:            "https://www.example.com",
+		LogoURL:                  "https://www.example.com/example.png",
+		SkipInterstitial:         BoolPtr(true),
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		CustomNonIdentityDenyURL: "https://blocked.com",
+		Tags:                     []string{"engineers"},
+		SCIMConfig: &AccessApplicationSCIMConfig{
+			Enabled:   BoolPtr(true),
+			RemoteURI: "https://scim.com",
+			Authentication: &AccessApplicationScimAuthenticationJson{
+				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
+					Token:                  "1234567890",
+					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
+				},
+			},
+			IdPUID:             "1234567",
+			DeactivateOnDelete: BoolPtr(true),
+			Mappings: []*AccessApplicationScimMapping{
+				{
+					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
+					Enabled:          BoolPtr(true),
+					Filter:           "title pr or userType eq \"Intern\"",
+					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
+					Operations: &AccessApplicationScimMappingOperations{
+						Create: BoolPtr(true),
+						Update: BoolPtr(true),
+						Delete: BoolPtr(true),
+					},
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
+
+	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
+		Name: "Admin Saas Site",
+		SCIMConfig: &AccessApplicationSCIMConfig{
+			Enabled:   BoolPtr(true),
+			RemoteURI: "https://scim.com",
+			Authentication: &AccessApplicationScimAuthenticationJson{
+				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
+					Token:                  "1234567890",
+					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
+				},
+			},
+			IdPUID:             "1234567",
+			DeactivateOnDelete: BoolPtr(true),
+			Mappings: []*AccessApplicationScimMapping{
+				{
+					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
+					Enabled:          BoolPtr(true),
+					Filter:           "title pr or userType eq \"Intern\"",
+					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
+					Operations: &AccessApplicationScimMappingOperations{
+						Create: BoolPtr(true),
+						Update: BoolPtr(true),
+						Delete: BoolPtr(true),
+					},
+				},
+			},
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
+
+	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
+		Name: "Admin SCIM Site",
+		SCIMConfig: &AccessApplicationSCIMConfig{
+			Enabled:   BoolPtr(true),
+			RemoteURI: "https://scim.com",
+			Authentication: &AccessApplicationScimAuthenticationJson{
+				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
+					Token:                  "1234567890",
+					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
+				},
+			},
+			IdPUID:             "1234567",
+			DeactivateOnDelete: BoolPtr(true),
+			Mappings: []*AccessApplicationScimMapping{
+				{
+					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
+					Enabled:          BoolPtr(true),
+					Filter:           "title pr or userType eq \"Intern\"",
+					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
+					Operations: &AccessApplicationScimMappingOperations{
+						Create: BoolPtr(true),
+						Update: BoolPtr(true),
+						Delete: BoolPtr(true),
+					},
+				},
+			},
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessApplication, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_audit_log.go b/pkg/cloudflare-go/access_audit_log.go
new file mode 100644
index 0000000000..62658e3fa8
--- /dev/null
+++ b/pkg/cloudflare-go/access_audit_log.go
@@ -0,0 +1,86 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessAuditLogRecord is the structure of a single Access Audit Log entry.
+type AccessAuditLogRecord struct {
+	UserEmail  string     `json:"user_email"`
+	IPAddress  string     `json:"ip_address"`
+	AppUID     string     `json:"app_uid"`
+	AppDomain  string     `json:"app_domain"`
+	Action     string     `json:"action"`
+	Connection string     `json:"connection"`
+	Allowed    bool       `json:"allowed"`
+	CreatedAt  *time.Time `json:"created_at"`
+	RayID      string     `json:"ray_id"`
+}
+
+// AccessAuditLogListResponse represents the response from the list
+// access applications endpoint.
+type AccessAuditLogListResponse struct {
+	Result []AccessAuditLogRecord `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessAuditLogFilterOptions provides the structure of available audit log
+// filters.
+type AccessAuditLogFilterOptions struct {
+	Direction string
+	Since     *time.Time
+	Until     *time.Time
+	Limit     int
+}
+
+// AccessAuditLogs retrieves all audit logs for the Access service.
+//
+// API reference: https://api.cloudflare.com/#access-requests-access-requests-audit
+func (api *API) AccessAuditLogs(ctx context.Context, accountID string, opts AccessAuditLogFilterOptions) ([]AccessAuditLogRecord, error) {
+	uri := fmt.Sprintf("/accounts/%s/access/logs/access-requests?%s", accountID, opts.Encode())
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessAuditLogRecord{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessAuditLogListResponse AccessAuditLogListResponse
+	err = json.Unmarshal(res, &accessAuditLogListResponse)
+	if err != nil {
+		return []AccessAuditLogRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessAuditLogListResponse.Result, nil
+}
+
+// Encode is a custom method for encoding the filter options into a usable HTTP
+// query parameter string.
+func (a AccessAuditLogFilterOptions) Encode() string {
+	v := url.Values{}
+
+	if a.Direction != "" {
+		v.Set("direction", a.Direction)
+	}
+
+	if a.Limit > 0 {
+		v.Set("limit", strconv.Itoa(a.Limit))
+	}
+
+	if a.Since != nil {
+		v.Set("since", a.Since.Format(time.RFC3339))
+	}
+
+	if a.Until != nil {
+		v.Set("until", a.Until.Format(time.RFC3339))
+	}
+
+	return v.Encode()
+}
diff --git a/pkg/cloudflare-go/access_audit_log_example_test.go b/pkg/cloudflare-go/access_audit_log_example_test.go
new file mode 100644
index 0000000000..1c44de5ab2
--- /dev/null
+++ b/pkg/cloudflare-go/access_audit_log_example_test.go
@@ -0,0 +1,26 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/goccy/go-json"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_AccessAuditLogs() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	filterOpts := cloudflare.AccessAuditLogFilterOptions{}
+	results, _ := api.AccessAuditLogs(context.Background(), "someaccountid", filterOpts)
+
+	for _, record := range results {
+		b, _ := json.Marshal(record)
+		fmt.Println(string(b))
+	}
+}
diff --git a/pkg/cloudflare-go/access_audit_log_test.go b/pkg/cloudflare-go/access_audit_log_test.go
new file mode 100644
index 0000000000..b71c3f99b2
--- /dev/null
+++ b/pkg/cloudflare-go/access_audit_log_test.go
@@ -0,0 +1,93 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessAuditLogs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "user_email": "michelle@example.com",
+      "ip_address": "198.51.100.1",
+      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
+      "app_domain": "test.example.com/admin",
+      "action": "login",
+      "connection": "saml",
+      "allowed": false,
+      "created_at": "2014-01-01T05:20:00.12345Z",
+      "ray_id": "187d944c61940c77"
+    }
+  ]
+}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/access/logs/access-requests", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []AccessAuditLogRecord{{
+		UserEmail:  "michelle@example.com",
+		IPAddress:  "198.51.100.1",
+		AppUID:     "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
+		AppDomain:  "test.example.com/admin",
+		Action:     "login",
+		Connection: "saml",
+		Allowed:    false,
+		CreatedAt:  &createdAt,
+		RayID:      "187d944c61940c77",
+	}}
+
+	actual, err := client.AccessAuditLogs(context.Background(), "01a7362d577a6c3019a474fd6f485823", AccessAuditLogFilterOptions{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessAuditLogsEncodeAllParametersDefined(t *testing.T) {
+	since, _ := time.Parse(time.RFC3339, "2020-07-01T00:00:00Z")
+	until, _ := time.Parse(time.RFC3339, "2020-07-02T00:00:00Z")
+
+	opts := AccessAuditLogFilterOptions{
+		Direction: "desc",
+		Since:     &since,
+		Until:     &until,
+		Limit:     10,
+	}
+
+	assert.Equal(t, "direction=desc&limit=10&since=2020-07-01T00%3A00%3A00Z&until=2020-07-02T00%3A00%3A00Z", opts.Encode())
+}
+
+func TestAccessAuditLogsEncodeOnlyDatesDefined(t *testing.T) {
+	since, _ := time.Parse(time.RFC3339, "2020-07-01T00:00:00Z")
+	until, _ := time.Parse(time.RFC3339, "2020-07-02T00:00:00Z")
+
+	opts := AccessAuditLogFilterOptions{
+		Since: &since,
+		Until: &until,
+	}
+
+	assert.Equal(t, "since=2020-07-01T00%3A00%3A00Z&until=2020-07-02T00%3A00%3A00Z", opts.Encode())
+}
+
+func TestAccessAuditLogsEncodeEmptyValues(t *testing.T) {
+	opts := AccessAuditLogFilterOptions{}
+
+	assert.Equal(t, "", opts.Encode())
+}
diff --git a/pkg/cloudflare-go/access_bookmark.go b/pkg/cloudflare-go/access_bookmark.go
new file mode 100644
index 0000000000..769c861da9
--- /dev/null
+++ b/pkg/cloudflare-go/access_bookmark.go
@@ -0,0 +1,206 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessBookmark represents an Access bookmark application.
+type AccessBookmark struct {
+	ID                 string     `json:"id,omitempty"`
+	Domain             string     `json:"domain"`
+	Name               string     `json:"name"`
+	LogoURL            string     `json:"logo_url,omitempty"`
+	AppLauncherVisible *bool      `json:"app_launcher_visible,omitempty"`
+	CreatedAt          *time.Time `json:"created_at,omitempty"`
+	UpdatedAt          *time.Time `json:"updated_at,omitempty"`
+}
+
+// AccessBookmarkListResponse represents the response from the list
+// access bookmarks endpoint.
+type AccessBookmarkListResponse struct {
+	Result []AccessBookmark `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessBookmarkDetailResponse is the API response, containing a single
+// access bookmark.
+type AccessBookmarkDetailResponse struct {
+	Response
+	Result AccessBookmark `json:"result"`
+}
+
+// AccessBookmarks returns all bookmarks within an account.
+//
+// API reference: https://api.cloudflare.com/#access-bookmarks-list-access-bookmarks
+func (api *API) AccessBookmarks(ctx context.Context, accountID string, pageOpts PaginationOptions) ([]AccessBookmark, ResultInfo, error) {
+	return api.accessBookmarks(ctx, accountID, pageOpts, AccountRouteRoot)
+}
+
+// ZoneLevelAccessBookmarks returns all bookmarks within a zone.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-list-access-bookmarks
+func (api *API) ZoneLevelAccessBookmarks(ctx context.Context, zoneID string, pageOpts PaginationOptions) ([]AccessBookmark, ResultInfo, error) {
+	return api.accessBookmarks(ctx, zoneID, pageOpts, ZoneRouteRoot)
+}
+
+func (api *API) accessBookmarks(ctx context.Context, id string, pageOpts PaginationOptions, routeRoot RouteRoot) ([]AccessBookmark, ResultInfo, error) {
+	uri := buildURI(fmt.Sprintf("/%s/%s/access/bookmarks", routeRoot, id), pageOpts)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessBookmark{}, ResultInfo{}, err
+	}
+
+	var accessBookmarkListResponse AccessBookmarkListResponse
+	err = json.Unmarshal(res, &accessBookmarkListResponse)
+	if err != nil {
+		return []AccessBookmark{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessBookmarkListResponse.Result, accessBookmarkListResponse.ResultInfo, nil
+}
+
+// AccessBookmark returns a single bookmark based on the
+// bookmark ID.
+//
+// API reference: https://api.cloudflare.com/#access-bookmarks-access-bookmarks-details
+func (api *API) AccessBookmark(ctx context.Context, accountID, bookmarkID string) (AccessBookmark, error) {
+	return api.accessBookmark(ctx, accountID, bookmarkID, AccountRouteRoot)
+}
+
+// ZoneLevelAccessBookmark returns a single zone level bookmark based on the
+// bookmark ID.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-access-bookmarks-details
+func (api *API) ZoneLevelAccessBookmark(ctx context.Context, zoneID, bookmarkID string) (AccessBookmark, error) {
+	return api.accessBookmark(ctx, zoneID, bookmarkID, ZoneRouteRoot)
+}
+
+func (api *API) accessBookmark(ctx context.Context, id, bookmarkID string, routeRoot RouteRoot) (AccessBookmark, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/bookmarks/%s",
+		routeRoot,
+		id,
+		bookmarkID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessBookmark{}, err
+	}
+
+	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
+	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
+	if err != nil {
+		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessBookmarkDetailResponse.Result, nil
+}
+
+// CreateAccessBookmark creates a new access bookmark.
+//
+// API reference: https://api.cloudflare.com/#access-bookmarks-create-access-bookmark
+func (api *API) CreateAccessBookmark(ctx context.Context, accountID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
+	return api.createAccessBookmark(ctx, accountID, accessBookmark, AccountRouteRoot)
+}
+
+// CreateZoneLevelAccessBookmark creates a new zone level access bookmark.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-create-access-bookmark
+func (api *API) CreateZoneLevelAccessBookmark(ctx context.Context, zoneID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
+	return api.createAccessBookmark(ctx, zoneID, accessBookmark, ZoneRouteRoot)
+}
+
+func (api *API) createAccessBookmark(ctx context.Context, id string, accessBookmark AccessBookmark, routeRoot RouteRoot) (AccessBookmark, error) {
+	uri := fmt.Sprintf("/%s/%s/access/bookmarks", routeRoot, id)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, accessBookmark)
+	if err != nil {
+		return AccessBookmark{}, err
+	}
+
+	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
+	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
+	if err != nil {
+		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessBookmarkDetailResponse.Result, nil
+}
+
+// UpdateAccessBookmark updates an existing access bookmark.
+//
+// API reference: https://api.cloudflare.com/#access-bookmarks-update-access-bookmark
+func (api *API) UpdateAccessBookmark(ctx context.Context, accountID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
+	return api.updateAccessBookmark(ctx, accountID, accessBookmark, AccountRouteRoot)
+}
+
+// UpdateZoneLevelAccessBookmark updates an existing zone level access bookmark.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-update-access-bookmark
+func (api *API) UpdateZoneLevelAccessBookmark(ctx context.Context, zoneID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
+	return api.updateAccessBookmark(ctx, zoneID, accessBookmark, ZoneRouteRoot)
+}
+
+func (api *API) updateAccessBookmark(ctx context.Context, id string, accessBookmark AccessBookmark, routeRoot RouteRoot) (AccessBookmark, error) {
+	if accessBookmark.ID == "" {
+		return AccessBookmark{}, fmt.Errorf("access bookmark ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/bookmarks/%s",
+		routeRoot,
+		id,
+		accessBookmark.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, accessBookmark)
+	if err != nil {
+		return AccessBookmark{}, err
+	}
+
+	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
+	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
+	if err != nil {
+		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessBookmarkDetailResponse.Result, nil
+}
+
+// DeleteAccessBookmark deletes an access bookmark.
+//
+// API reference: https://api.cloudflare.com/#access-bookmarks-delete-access-bookmark
+func (api *API) DeleteAccessBookmark(ctx context.Context, accountID, bookmarkID string) error {
+	return api.deleteAccessBookmark(ctx, accountID, bookmarkID, AccountRouteRoot)
+}
+
+// DeleteZoneLevelAccessBookmark deletes a zone level access bookmark.
+//
+// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-delete-access-bookmark
+func (api *API) DeleteZoneLevelAccessBookmark(ctx context.Context, zoneID, bookmarkID string) error {
+	return api.deleteAccessBookmark(ctx, zoneID, bookmarkID, ZoneRouteRoot)
+}
+
+func (api *API) deleteAccessBookmark(ctx context.Context, id, bookmarkID string, routeRoot RouteRoot) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/bookmarks/%s",
+		routeRoot,
+		id,
+		bookmarkID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_bookmark_test.go b/pkg/cloudflare-go/access_bookmark_test.go
new file mode 100644
index 0000000000..7b082b1409
--- /dev/null
+++ b/pkg/cloudflare-go/access_bookmark_test.go
@@ -0,0 +1,283 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessBookmarks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+					"name": "Example Site",
+					"domain": "example.com",
+					"logo_url": "https://www.example.com/example.png",
+					"app_launcher_visible": true,
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []AccessBookmark{{
+		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+		CreatedAt:          &createdAt,
+		UpdatedAt:          &updatedAt,
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks", handler)
+
+	actual, _, err := client.AccessBookmarks(context.Background(), testAccountID, PaginationOptions{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks", handler)
+
+	actual, _, err = client.ZoneLevelAccessBookmarks(context.Background(), testZoneID, PaginationOptions{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessBookmark(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "Example Site",
+				"domain": "example.com",
+				"logo_url": "https://www.example.com/example.png",
+				"app_launcher_visible": true,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessBookmark{
+		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+		CreatedAt:          &createdAt,
+		UpdatedAt:          &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.AccessBookmark(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.ZoneLevelAccessBookmark(context.Background(), testZoneID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessBookmarks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "Example Site",
+				"domain": "example.com",
+				"logo_url": "https://www.example.com/example.png",
+				"app_launcher_visible": true,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessBookmark := AccessBookmark{
+		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+		CreatedAt:          &createdAt,
+		UpdatedAt:          &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks", handler)
+
+	actual, err := client.CreateAccessBookmark(context.Background(), testAccountID, AccessBookmark{
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessBookmark, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks", handler)
+
+	actual, err = client.CreateZoneLevelAccessBookmark(context.Background(), testZoneID, AccessBookmark{
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessBookmark, actual)
+	}
+}
+
+func TestUpdateAccessBookmark(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "Example Site",
+				"domain": "example.com",
+				"logo_url": "https://www.example.com/example.png",
+				"app_launcher_visible": true,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	fullAccessBookmark := AccessBookmark{
+		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:               "Example Site",
+		Domain:             "example.com",
+		LogoURL:            "https://www.example.com/example.png",
+		AppLauncherVisible: BoolPtr(true),
+		CreatedAt:          &createdAt,
+		UpdatedAt:          &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.UpdateAccessBookmark(context.Background(), testAccountID, fullAccessBookmark)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessBookmark, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err = client.UpdateZoneLevelAccessBookmark(context.Background(), testZoneID, fullAccessBookmark)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, fullAccessBookmark, actual)
+	}
+}
+
+func TestUpdateAccessBookmarkWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessBookmark(context.Background(), testZoneID, AccessBookmark{})
+	assert.EqualError(t, err, "access bookmark ID cannot be empty")
+
+	_, err = client.UpdateZoneLevelAccessBookmark(context.Background(), testZoneID, AccessBookmark{})
+	assert.EqualError(t, err, "access bookmark ID cannot be empty")
+}
+
+func TestDeleteAccessBookmark(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+      }
+    }
+    `)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err := client.DeleteAccessBookmark(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err = client.DeleteZoneLevelAccessBookmark(context.Background(), testZoneID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_ca_certificate.go b/pkg/cloudflare-go/access_ca_certificate.go
new file mode 100644
index 0000000000..8f167875ed
--- /dev/null
+++ b/pkg/cloudflare-go/access_ca_certificate.go
@@ -0,0 +1,153 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessCACertificate is the structure of the CA certificate used for
+// short-lived certificates.
+type AccessCACertificate struct {
+	ID        string `json:"id"`
+	Aud       string `json:"aud"`
+	PublicKey string `json:"public_key"`
+}
+
+// AccessCACertificateListResponse represents the response of all CA
+// certificates within Access.
+type AccessCACertificateListResponse struct {
+	Response
+	Result []AccessCACertificate `json:"result"`
+	ResultInfo
+}
+
+// AccessCACertificateResponse represents the response of a single CA
+// certificate.
+type AccessCACertificateResponse struct {
+	Response
+	Result AccessCACertificate `json:"result"`
+}
+
+type ListAccessCACertificatesParams struct {
+	ResultInfo
+}
+
+type CreateAccessCACertificateParams struct {
+	ApplicationID string
+}
+
+// ListAccessCACertificates returns all AccessCACertificate within Access.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-list-short-lived-certificate-c-as
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-list-short-lived-certificate-c-as
+func (api *API) ListAccessCACertificates(ctx context.Context, rc *ResourceContainer, params ListAccessCACertificatesParams) ([]AccessCACertificate, *ResultInfo, error) {
+	baseURL := fmt.Sprintf("/%s/%s/access/apps/ca", rc.Level, rc.Identifier)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessCACertificates []AccessCACertificate
+	var r AccessCACertificateListResponse
+
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessCACertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessCACertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		accessCACertificates = append(accessCACertificates, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessCACertificates, &r.ResultInfo, nil
+}
+
+// GetAccessCACertificate returns a single CA certificate associated within
+// Access.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-get-a-short-lived-certificate-ca
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-get-a-short-lived-certificate-ca
+func (api *API) GetAccessCACertificate(ctx context.Context, rc *ResourceContainer, applicationID string) (AccessCACertificate, error) {
+	uri := fmt.Sprintf("/%s/%s/access/apps/%s/ca", rc.Level, rc.Identifier, applicationID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessCACertificate{}, err
+	}
+
+	var accessCAResponse AccessCACertificateResponse
+	err = json.Unmarshal(res, &accessCAResponse)
+	if err != nil {
+		return AccessCACertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessCAResponse.Result, nil
+}
+
+// CreateAccessCACertificate creates a new CA certificate for an AccessApplication.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-create-a-short-lived-certificate-ca
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-create-a-short-lived-certificate-ca
+func (api *API) CreateAccessCACertificate(ctx context.Context, rc *ResourceContainer, params CreateAccessCACertificateParams) (AccessCACertificate, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s/ca",
+		rc.Level,
+		rc.Identifier,
+		params.ApplicationID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return AccessCACertificate{}, err
+	}
+
+	var accessCACertificate AccessCACertificateResponse
+	err = json.Unmarshal(res, &accessCACertificate)
+	if err != nil {
+		return AccessCACertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessCACertificate.Result, nil
+}
+
+// DeleteAccessCACertificate deletes an Access CA certificate on a defined
+// AccessApplication.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-delete-a-short-lived-certificate-ca
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-delete-a-short-lived-certificate-ca
+func (api *API) DeleteAccessCACertificate(ctx context.Context, rc *ResourceContainer, applicationID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/apps/%s/ca",
+		rc.Level,
+		rc.Identifier,
+		applicationID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_ca_certificate_test.go b/pkg/cloudflare-go/access_ca_certificate_test.go
new file mode 100644
index 0000000000..bb75b90a10
--- /dev/null
+++ b/pkg/cloudflare-go/access_ca_certificate_test.go
@@ -0,0 +1,170 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessCACertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "result": {
+    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}
+		`)
+	}
+
+	want := AccessCACertificate{
+		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+testAccessApplicationID+"/ca", handler)
+
+	actual, err := client.GetAccessCACertificate(context.Background(), testAccountRC, testAccessApplicationID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+testAccessApplicationID+"/ca", handler)
+
+	actual, err = client.GetAccessCACertificate(context.Background(), testZoneRC, testAccessApplicationID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessCACertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "result": [{
+    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
+  }],
+  "success": true,
+  "errors": [],
+  "messages": []
+}
+		`)
+	}
+
+	want := []AccessCACertificate{{
+		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/ca", handler)
+
+	actual, _, err := client.ListAccessCACertificates(context.Background(), testAccountRC, ListAccessCACertificatesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/ca", handler)
+
+	actual, _, err = client.ListAccessCACertificates(context.Background(), testZoneRC, ListAccessCACertificatesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessCACertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "result": {
+    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}
+		`)
+	}
+
+	want := AccessCACertificate{
+		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
+		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
+		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
+
+	actual, err := client.CreateAccessCACertificate(context.Background(), testAccountRC, CreateAccessCACertificateParams{ApplicationID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
+
+	actual, err = client.CreateAccessCACertificate(context.Background(), testZoneRC, CreateAccessCACertificateParams{ApplicationID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteAccessCACertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "result": {
+    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4"
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
+
+	err := client.DeleteAccessCACertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
+
+	err = client.DeleteAccessCACertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_custom_page.go b/pkg/cloudflare-go/access_custom_page.go
new file mode 100644
index 0000000000..cb7e2ccb2a
--- /dev/null
+++ b/pkg/cloudflare-go/access_custom_page.go
@@ -0,0 +1,127 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingUID = errors.New("required UID missing")
+
+type AccessCustomPageType string
+
+const (
+	Forbidden      AccessCustomPageType = "forbidden"
+	IdentityDenied AccessCustomPageType = "identity_denied"
+)
+
+type AccessCustomPage struct {
+	// The HTML content of the custom page.
+	CustomHTML string               `json:"custom_html,omitempty"`
+	Name       string               `json:"name,omitempty"`
+	AppCount   int                  `json:"app_count,omitempty"`
+	Type       AccessCustomPageType `json:"type,omitempty"`
+	UID        string               `json:"uid,omitempty"`
+}
+
+type AccessCustomPageListResponse struct {
+	Response
+	Result     []AccessCustomPage `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type AccessCustomPageResponse struct {
+	Response
+	Result AccessCustomPage `json:"result"`
+}
+
+type ListAccessCustomPagesParams struct{}
+
+type CreateAccessCustomPageParams struct {
+	CustomHTML string               `json:"custom_html,omitempty"`
+	Name       string               `json:"name,omitempty"`
+	Type       AccessCustomPageType `json:"type,omitempty"`
+}
+
+type UpdateAccessCustomPageParams struct {
+	CustomHTML string               `json:"custom_html,omitempty"`
+	Name       string               `json:"name,omitempty"`
+	Type       AccessCustomPageType `json:"type,omitempty"`
+	UID        string               `json:"uid,omitempty"`
+}
+
+func (api *API) ListAccessCustomPages(ctx context.Context, rc *ResourceContainer, params ListAccessCustomPagesParams) ([]AccessCustomPage, error) {
+	uri := buildURI(fmt.Sprintf("/%s/%s/access/custom_pages", rc.Level, rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessCustomPage{}, err
+	}
+
+	var customPagesResponse AccessCustomPageListResponse
+	err = json.Unmarshal(res, &customPagesResponse)
+	if err != nil {
+		return []AccessCustomPage{}, err
+	}
+	return customPagesResponse.Result, nil
+}
+
+func (api *API) GetAccessCustomPage(ctx context.Context, rc *ResourceContainer, id string) (AccessCustomPage, error) {
+	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+
+	var customPageResponse AccessCustomPageResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+	return customPageResponse.Result, nil
+}
+
+func (api *API) CreateAccessCustomPage(ctx context.Context, rc *ResourceContainer, params CreateAccessCustomPageParams) (AccessCustomPage, error) {
+	uri := fmt.Sprintf("/%s/%s/access/custom_pages", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+
+	var customPageResponse AccessCustomPageResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+	return customPageResponse.Result, nil
+}
+
+func (api *API) DeleteAccessCustomPage(ctx context.Context, rc *ResourceContainer, id string) error {
+	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, id)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (api *API) UpdateAccessCustomPage(ctx context.Context, rc *ResourceContainer, params UpdateAccessCustomPageParams) (AccessCustomPage, error) {
+	if params.UID == "" {
+		return AccessCustomPage{}, ErrMissingUID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, params.UID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+
+	var customPageResponse AccessCustomPageResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return AccessCustomPage{}, err
+	}
+	return customPageResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_custom_page_test.go b/pkg/cloudflare-go/access_custom_page_test.go
new file mode 100644
index 0000000000..c81f034cd1
--- /dev/null
+++ b/pkg/cloudflare-go/access_custom_page_test.go
@@ -0,0 +1,196 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessCustomPages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"name": "Forbidden",
+					"app_count": 0,
+					"type": "forbidden",
+					"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	want := []AccessCustomPage{
+		{
+			Name:     "Forbidden",
+			AppCount: 0,
+			Type:     Forbidden,
+			UID:      "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
+		},
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages", handler)
+	actual, err := client.ListAccessCustomPages(context.Background(), AccountIdentifier(testAccountID), ListAccessCustomPagesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessCustomPage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
+				"name": "Forbidden",
+				"app_count": 0,
+				"type": "forbidden",
+				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
+			}
+		}`)
+	}
+
+	want := AccessCustomPage{
+		Name:       "Forbidden",
+		AppCount:   0,
+		Type:       Forbidden,
+		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
+		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
+	actual, err := client.GetAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessCustomPage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodPost, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
+				"name": "Forbidden",
+				"app_count": 0,
+				"type": "forbidden",
+				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
+			}
+		}`)
+	}
+
+	customPage := AccessCustomPage{
+		Name:       "Forbidden",
+		AppCount:   0,
+		Type:       Forbidden,
+		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
+		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages", handler)
+	actual, err := client.CreateAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), CreateAccessCustomPageParams{
+		Name:       "Forbidden",
+		Type:       Forbidden,
+		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, customPage, actual)
+	}
+}
+
+func TestUpdateAccessCustomPage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodPut, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
+				"name": "Forbidden",
+				"app_count": 0,
+				"type": "forbidden",
+				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
+			}
+		}`)
+	}
+
+	customPage := AccessCustomPage{
+		Name:       "Forbidden",
+		AppCount:   0,
+		Type:       Forbidden,
+		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
+		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
+	actual, err := client.UpdateAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), UpdateAccessCustomPageParams{
+		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
+		Name:       "Forbidden",
+		Type:       Forbidden,
+		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, customPage, actual)
+	}
+}
+
+func TestDeleteAccessCustomPage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodDelete, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			result: {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
+	err := client.DeleteAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_group.go b/pkg/cloudflare-go/access_group.go
new file mode 100644
index 0000000000..a521db8e02
--- /dev/null
+++ b/pkg/cloudflare-go/access_group.go
@@ -0,0 +1,405 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessGroup defines a group for allowing or disallowing access to
+// one or more Access applications.
+type AccessGroup struct {
+	ID        string     `json:"id,omitempty"`
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+	Name      string     `json:"name"`
+
+	// The include group works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude group works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require group works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+// AccessGroupEmail is used for managing access based on the email.
+// For example, restrict access to users with the email addresses
+// `test@example.com` or `someone@example.com`.
+type AccessGroupEmail struct {
+	Email struct {
+		Email string `json:"email"`
+	} `json:"email"`
+}
+
+// AccessGroupEmailList is used for managing access based on the email
+// list. For example, restrict access to users with the email addresses
+// in the email list with the ID `1234567890abcdef1234567890abcdef`.
+type AccessGroupEmailList struct {
+	EmailList struct {
+		ID string `json:"id"`
+	} `json:"email_list"`
+}
+
+// AccessGroupEmailDomain is used for managing access based on an email
+// domain such as `example.com` instead of individual addresses.
+type AccessGroupEmailDomain struct {
+	EmailDomain struct {
+		Domain string `json:"domain"`
+	} `json:"email_domain"`
+}
+
+// AccessGroupIP is used for managing access based in the IP. It
+// accepts individual IPs or CIDRs.
+type AccessGroupIP struct {
+	IP struct {
+		IP string `json:"ip"`
+	} `json:"ip"`
+}
+
+// AccessGroupGeo is used for managing access based on the country code.
+type AccessGroupGeo struct {
+	Geo struct {
+		CountryCode string `json:"country_code"`
+	} `json:"geo"`
+}
+
+// AccessGroupEveryone is used for managing access to everyone.
+type AccessGroupEveryone struct {
+	Everyone struct{} `json:"everyone"`
+}
+
+// AccessGroupServiceToken is used for managing access based on a specific
+// service token.
+type AccessGroupServiceToken struct {
+	ServiceToken struct {
+		ID string `json:"token_id"`
+	} `json:"service_token"`
+}
+
+// AccessGroupAnyValidServiceToken is used for managing access for all valid
+// service tokens (not restricted).
+type AccessGroupAnyValidServiceToken struct {
+	AnyValidServiceToken struct{} `json:"any_valid_service_token"`
+}
+
+// AccessGroupAccessGroup is used for managing access based on an
+// access group.
+type AccessGroupAccessGroup struct {
+	Group struct {
+		ID string `json:"id"`
+	} `json:"group"`
+}
+
+// AccessGroupCertificate is used for managing access to based on a valid
+// mTLS certificate being presented.
+type AccessGroupCertificate struct {
+	Certificate struct{} `json:"certificate"`
+}
+
+// AccessGroupCertificateCommonName is used for managing access based on a
+// common name within a certificate.
+type AccessGroupCertificateCommonName struct {
+	CommonName struct {
+		CommonName string `json:"common_name"`
+	} `json:"common_name"`
+}
+
+// AccessGroupExternalEvaluation is used for passing user identity to an external url.
+type AccessGroupExternalEvaluation struct {
+	ExternalEvaluation struct {
+		EvaluateURL string `json:"evaluate_url"`
+		KeysURL     string `json:"keys_url"`
+	} `json:"external_evaluation"`
+}
+
+// AccessGroupGSuite is used to configure access based on GSuite group.
+type AccessGroupGSuite struct {
+	Gsuite struct {
+		Email              string `json:"email"`
+		IdentityProviderID string `json:"identity_provider_id"`
+	} `json:"gsuite"`
+}
+
+// AccessGroupGitHub is used to configure access based on a GitHub organisation.
+type AccessGroupGitHub struct {
+	GitHubOrganization struct {
+		Name               string `json:"name"`
+		Team               string `json:"team,omitempty"`
+		IdentityProviderID string `json:"identity_provider_id"`
+	} `json:"github-organization"`
+}
+
+// AccessGroupAzure is used to configure access based on a Azure group.
+type AccessGroupAzure struct {
+	AzureAD struct {
+		ID                 string `json:"id"`
+		IdentityProviderID string `json:"identity_provider_id"`
+	} `json:"azureAD"`
+}
+
+// AccessGroupOkta is used to configure access based on a Okta group.
+type AccessGroupOkta struct {
+	Okta struct {
+		Name               string `json:"name"`
+		IdentityProviderID string `json:"identity_provider_id"`
+	} `json:"okta"`
+}
+
+// AccessGroupSAML is used to allow SAML users with a specific attribute
+// configuration.
+type AccessGroupSAML struct {
+	Saml struct {
+		AttributeName      string `json:"attribute_name"`
+		AttributeValue     string `json:"attribute_value"`
+		IdentityProviderID string `json:"identity_provider_id"`
+	} `json:"saml"`
+}
+
+// AccessGroupAzureAuthContext is used to configure access based on Azure auth contexts.
+type AccessGroupAzureAuthContext struct {
+	AuthContext struct {
+		ID                 string `json:"id"`
+		IdentityProviderID string `json:"identity_provider_id"`
+		ACID               string `json:"ac_id"`
+	} `json:"auth_context"`
+}
+
+// AccessGroupAuthMethod is used for managing access by the "amr"
+// (Authentication Methods References) identifier. For example, an
+// application may want to require that users authenticate using a hardware
+// key by setting the "auth_method" to "swk". A list of values are listed
+// here: https://tools.ietf.org/html/rfc8176#section-2. Custom values are
+// supported as well.
+type AccessGroupAuthMethod struct {
+	AuthMethod struct {
+		AuthMethod string `json:"auth_method"`
+	} `json:"auth_method"`
+}
+
+// AccessGroupLoginMethod restricts the application to specific IdP instances.
+type AccessGroupLoginMethod struct {
+	LoginMethod struct {
+		ID string `json:"id"`
+	} `json:"login_method"`
+}
+
+// AccessGroupDevicePosture restricts the application to specific devices.
+type AccessGroupDevicePosture struct {
+	DevicePosture struct {
+		ID string `json:"integration_uid"`
+	} `json:"device_posture"`
+}
+
+// AccessGroupListResponse represents the response from the list
+// access group endpoint.
+type AccessGroupListResponse struct {
+	Result []AccessGroup `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessGroupIPList restricts the application to specific teams_list of ips.
+type AccessGroupIPList struct {
+	IPList struct {
+		ID string `json:"id"`
+	} `json:"ip_list"`
+}
+
+// AccessGroupDetailResponse is the API response, containing a single
+// access group.
+type AccessGroupDetailResponse struct {
+	Success  bool        `json:"success"`
+	Errors   []string    `json:"errors"`
+	Messages []string    `json:"messages"`
+	Result   AccessGroup `json:"result"`
+}
+
+type ListAccessGroupsParams struct {
+	ResultInfo
+}
+
+type CreateAccessGroupParams struct {
+	Name string `json:"name"`
+
+	// The include group works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude group works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require group works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+type UpdateAccessGroupParams struct {
+	ID   string `json:"id,omitempty"`
+	Name string `json:"name"`
+
+	// The include group works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude group works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require group works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+// ListAccessGroups returns all access groups for an access application.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-list-access-groups
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-list-access-groups
+func (api *API) ListAccessGroups(ctx context.Context, rc *ResourceContainer, params ListAccessGroupsParams) ([]AccessGroup, *ResultInfo, error) {
+	baseURL := fmt.Sprintf("/%s/%s/access/groups", rc.Level, rc.Identifier)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessGroups []AccessGroup
+	var r AccessGroupListResponse
+
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessGroup{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessGroup{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		accessGroups = append(accessGroups, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessGroups, &r.ResultInfo, nil
+}
+
+// GetAccessGroup returns a single group based on the group ID.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-get-an-access-group
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-get-an-access-group
+func (api *API) GetAccessGroup(ctx context.Context, rc *ResourceContainer, groupID string) (AccessGroup, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/groups/%s",
+		rc.Level,
+		rc.Identifier,
+		groupID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessGroup{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessGroupDetailResponse AccessGroupDetailResponse
+	err = json.Unmarshal(res, &accessGroupDetailResponse)
+	if err != nil {
+		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessGroupDetailResponse.Result, nil
+}
+
+// CreateAccessGroup creates a new access group.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-create-an-access-group
+// Zone API Reference:https://developers.cloudflare.com/api/operations/zone-level-access-groups-create-an-access-group
+func (api *API) CreateAccessGroup(ctx context.Context, rc *ResourceContainer, params CreateAccessGroupParams) (AccessGroup, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/groups",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessGroup{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessGroupDetailResponse AccessGroupDetailResponse
+	err = json.Unmarshal(res, &accessGroupDetailResponse)
+	if err != nil {
+		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessGroupDetailResponse.Result, nil
+}
+
+// UpdateAccessGroup updates an existing access group.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-update-an-access-group
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-update-an-access-group
+func (api *API) UpdateAccessGroup(ctx context.Context, rc *ResourceContainer, params UpdateAccessGroupParams) (AccessGroup, error) {
+	if params.ID == "" {
+		return AccessGroup{}, fmt.Errorf("access group ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/groups/%s",
+		rc.Level,
+		rc.Identifier,
+		params.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessGroup{}, err
+	}
+
+	var accessGroupDetailResponse AccessGroupDetailResponse
+	err = json.Unmarshal(res, &accessGroupDetailResponse)
+	if err != nil {
+		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessGroupDetailResponse.Result, nil
+}
+
+// DeleteAccessGroup deletes an access group
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-delete-an-access-group
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-delete-an-access-group
+func (api *API) DeleteAccessGroup(ctx context.Context, rc *ResourceContainer, groupID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/groups/%s",
+		rc.Level,
+		rc.Identifier,
+		groupID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_group_test.go b/pkg/cloudflare-go/access_group_test.go
new file mode 100644
index 0000000000..3acb9acaea
--- /dev/null
+++ b/pkg/cloudflare-go/access_group_test.go
@@ -0,0 +1,471 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	accessGroupID = "699d98642c564d2e855e9661899b7252"
+
+	expectedAccessGroup = AccessGroup{
+		ID:        "699d98642c564d2e855e9661899b7252",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		Name:      "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Require: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+	}
+
+	expectedAccessGroupIpList = AccessGroup{
+		ID:        "899d98642c564d2e855e9661899b7252",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		Name:      "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"ip_list": map[string]interface{}{"id": "989d98642c564d2e855e9661899b7252"}},
+		},
+	}
+
+	expectedAccessGroupEmailList = AccessGroup{
+		ID:        "a99d98642c564d2e855e9661899b7252",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		Name:      "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email_list": map[string]interface{}{"id": "8a9d98642c564d2e855e9661899b7252"}},
+		},
+	}
+)
+
+func TestAccessGroups(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "699d98642c564d2e855e9661899b7252",
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z",
+					"name": "Allow devs",
+					"include": [
+						{
+							"email": {
+								"email": "test@example.com"
+							}
+						}
+					],
+					"exclude": [
+						{
+							"email": {
+								"email": "test@example.com"
+							}
+						}
+					],
+					"require": [
+						{
+							"email": {
+								"email": "test@example.com"
+							}
+						}
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
+
+	actual, _, err := client.ListAccessGroups(context.Background(), testAccountRC, ListAccessGroupsParams{ResultInfo{}})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessGroup{expectedAccessGroup}, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
+
+	actual, _, err = client.ListAccessGroups(context.Background(), testZoneRC, ListAccessGroupsParams{ResultInfo{}})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessGroup{expectedAccessGroup}, actual)
+	}
+}
+
+func TestAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
+
+	actual, err := client.GetAccessGroup(context.Background(), testAccountRC, accessGroupID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
+
+	actual, err = client.GetAccessGroup(context.Background(), testZoneRC, accessGroupID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+}
+
+func TestCreateAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
+
+	params := CreateAccessGroupParams{
+		Name: "Allow devs",
+		Include: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Require: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+	}
+
+	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
+
+	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+}
+
+func TestUpdateAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	params := UpdateAccessGroupParams{
+		ID:   "699d98642c564d2e855e9661899b7252",
+		Name: "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Require: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
+	actual, err := client.UpdateAccessGroup(context.Background(), testAccountRC, params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
+	actual, err = client.UpdateAccessGroup(context.Background(), testZoneRC, params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroup, actual)
+	}
+}
+
+func TestUpdateAccessGroupWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessGroup(context.Background(), testAccountRC, UpdateAccessGroupParams{})
+	assert.EqualError(t, err, "access group ID cannot be empty")
+
+	_, err = client.UpdateAccessGroup(context.Background(), testZoneRC, UpdateAccessGroupParams{})
+	assert.EqualError(t, err, "access group ID cannot be empty")
+}
+
+func TestDeleteAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
+	err := client.DeleteAccessGroup(context.Background(), testAccountRC, accessGroupID)
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
+	err = client.DeleteAccessGroup(context.Background(), testZoneRC, accessGroupID)
+
+	assert.NoError(t, err)
+}
+
+func TestCreateIPListAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "899d98642c564d2e855e9661899b7252",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"ip_list": {
+							"id": "989d98642c564d2e855e9661899b7252"
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
+
+	accessGroup := CreateAccessGroupParams{
+		Name: "Allow devs by iplist",
+		Include: []interface{}{
+			AccessGroupIPList{struct {
+				ID string `json:"id"`
+			}{ID: "989d98642c564d2e855e9661899b7252"}},
+		},
+	}
+
+	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, accessGroup)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroupIpList, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
+
+	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, accessGroup)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroupIpList, actual)
+	}
+}
+
+func TestCreateEmailListAccessGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "a99d98642c564d2e855e9661899b7252",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email_list": {
+							"id": "8a9d98642c564d2e855e9661899b7252"
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
+
+	accessGroup := CreateAccessGroupParams{
+		Name: "Allow devs by email_list",
+		Include: []interface{}{
+			AccessGroupEmailList{struct {
+				ID string `json:"id"`
+			}{ID: "989d98642c564d2e855e9661899b7252"}},
+		},
+	}
+
+	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, accessGroup)
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroupEmailList, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
+
+	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, accessGroup)
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessGroupEmailList, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_identity_provider.go b/pkg/cloudflare-go/access_identity_provider.go
new file mode 100644
index 0000000000..a1ffc8ced5
--- /dev/null
+++ b/pkg/cloudflare-go/access_identity_provider.go
@@ -0,0 +1,306 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessIdentityProvider is the structure of the provider object.
+type AccessIdentityProvider struct {
+	ID         string                                  `json:"id,omitempty"`
+	Name       string                                  `json:"name"`
+	Type       string                                  `json:"type"`
+	Config     AccessIdentityProviderConfiguration     `json:"config"`
+	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
+}
+
+// AccessIdentityProviderConfiguration is the combined structure of *all*
+// identity provider configuration fields. This is done to simplify the use of
+// Access products and their relationship to each other.
+//
+// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/
+type AccessIdentityProviderConfiguration struct {
+	APIToken                  string   `json:"api_token,omitempty"`
+	AppsDomain                string   `json:"apps_domain,omitempty"`
+	Attributes                []string `json:"attributes,omitempty"`
+	AuthURL                   string   `json:"auth_url,omitempty"`
+	CentrifyAccount           string   `json:"centrify_account,omitempty"`
+	CentrifyAppID             string   `json:"centrify_app_id,omitempty"`
+	CertsURL                  string   `json:"certs_url,omitempty"`
+	ClientID                  string   `json:"client_id,omitempty"`
+	ClientSecret              string   `json:"client_secret,omitempty"`
+	Claims                    []string `json:"claims,omitempty"`
+	Scopes                    []string `json:"scopes,omitempty"`
+	DirectoryID               string   `json:"directory_id,omitempty"`
+	EmailAttributeName        string   `json:"email_attribute_name,omitempty"`
+	EmailClaimName            string   `json:"email_claim_name,omitempty"`
+	IdpPublicCert             string   `json:"idp_public_cert,omitempty"`
+	IssuerURL                 string   `json:"issuer_url,omitempty"`
+	OktaAccount               string   `json:"okta_account,omitempty"`
+	OktaAuthorizationServerID string   `json:"authorization_server_id,omitempty"`
+	OneloginAccount           string   `json:"onelogin_account,omitempty"`
+	PingEnvID                 string   `json:"ping_env_id,omitempty"`
+	RedirectURL               string   `json:"redirect_url,omitempty"`
+	SignRequest               bool     `json:"sign_request,omitempty"`
+	SsoTargetURL              string   `json:"sso_target_url,omitempty"`
+	SupportGroups             bool     `json:"support_groups,omitempty"`
+	TokenURL                  string   `json:"token_url,omitempty"`
+	PKCEEnabled               *bool    `json:"pkce_enabled,omitempty"`
+	ConditionalAccessEnabled  bool     `json:"conditional_access_enabled,omitempty"`
+}
+
+type AccessIdentityProviderScimConfiguration struct {
+	Enabled                bool   `json:"enabled,omitempty"`
+	Secret                 string `json:"secret,omitempty"`
+	UserDeprovision        bool   `json:"user_deprovision,omitempty"`
+	SeatDeprovision        bool   `json:"seat_deprovision,omitempty"`
+	GroupMemberDeprovision bool   `json:"group_member_deprovision,omitempty"`
+}
+
+// AccessIdentityProvidersListResponse is the API response for multiple
+// Access Identity Providers.
+type AccessIdentityProvidersListResponse struct {
+	Response
+	Result     []AccessIdentityProvider `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// AccessIdentityProviderResponse is the API response for a single
+// Access Identity Provider.
+type AccessIdentityProviderResponse struct {
+	Response
+	Result AccessIdentityProvider `json:"result"`
+}
+
+type ListAccessIdentityProvidersParams struct {
+	ResultInfo
+}
+
+type CreateAccessIdentityProviderParams struct {
+	Name       string                                  `json:"name"`
+	Type       string                                  `json:"type"`
+	Config     AccessIdentityProviderConfiguration     `json:"config"`
+	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
+}
+
+type UpdateAccessIdentityProviderParams struct {
+	ID         string                                  `json:"-"`
+	Name       string                                  `json:"name"`
+	Type       string                                  `json:"type"`
+	Config     AccessIdentityProviderConfiguration     `json:"config"`
+	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
+}
+
+// AccessAuthContext represents an Access Azure Identity Provider Auth Context.
+type AccessAuthContext struct {
+	ID          string `json:"id"`
+	UID         string `json:"uid"`
+	ACID        string `json:"ac_id"`
+	DisplayName string `json:"display_name"`
+	Description string `json:"description"`
+}
+
+// AccessAuthContextsListResponse represents the response from the list
+// Access Auth Contexts endpoint.
+type AccessAuthContextsListResponse struct {
+	Result []AccessAuthContext `json:"result"`
+	Response
+}
+
+// ListAccessIdentityProviders returns all Access Identity Providers for an
+// account or zone.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-list-access-identity-providers
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-list-access-identity-providers
+func (api *API) ListAccessIdentityProviders(ctx context.Context, rc *ResourceContainer, params ListAccessIdentityProvidersParams) ([]AccessIdentityProvider, *ResultInfo, error) {
+	baseURL := fmt.Sprintf("/%s/%s/access/identity_providers", rc.Level, rc.Identifier)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessProviders []AccessIdentityProvider
+	var r AccessIdentityProvidersListResponse
+
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessIdentityProvider{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessIdentityProvider{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		accessProviders = append(accessProviders, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessProviders, &r.ResultInfo, nil
+}
+
+// GetAccessIdentityProvider returns a single Access Identity
+// Provider for an account or zone.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-get-an-access-identity-provider
+func (api *API) GetAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, identityProviderID string) (AccessIdentityProvider, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/identity_providers/%s",
+		rc.Level,
+		rc.Identifier,
+		identityProviderID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessIdentityProviderResponse AccessIdentityProviderResponse
+	err = json.Unmarshal(res, &accessIdentityProviderResponse)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessIdentityProviderResponse.Result, nil
+}
+
+// CreateAccessIdentityProvider creates a new Access Identity Provider.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-add-an-access-identity-provider
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-add-an-access-identity-provider
+func (api *API) CreateAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, params CreateAccessIdentityProviderParams) (AccessIdentityProvider, error) {
+	uri := fmt.Sprintf("/%s/%s/access/identity_providers", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessIdentityProviderResponse AccessIdentityProviderResponse
+	err = json.Unmarshal(res, &accessIdentityProviderResponse)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessIdentityProviderResponse.Result, nil
+}
+
+// UpdateAccessIdentityProvider updates an existing Access Identity
+// Provider.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-update-an-access-identity-provider
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-update-an-access-identity-provider
+func (api *API) UpdateAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, params UpdateAccessIdentityProviderParams) (AccessIdentityProvider, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/identity_providers/%s",
+		rc.Level,
+		rc.Identifier,
+		params.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessIdentityProvider{}, err
+	}
+
+	var accessIdentityProviderResponse AccessIdentityProviderResponse
+	err = json.Unmarshal(res, &accessIdentityProviderResponse)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessIdentityProviderResponse.Result, nil
+}
+
+// DeleteAccessIdentityProvider deletes an Access Identity Provider.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-delete-an-access-identity-provider
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-delete-an-access-identity-provider
+func (api *API) DeleteAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, identityProviderUUID string) (AccessIdentityProvider, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/identity_providers/%s",
+		rc.Level,
+		rc.Identifier,
+		identityProviderUUID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessIdentityProviderResponse AccessIdentityProviderResponse
+	err = json.Unmarshal(res, &accessIdentityProviderResponse)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessIdentityProviderResponse.Result, nil
+}
+
+// ListAccessIdentityProviderAuthContexts returns an identity provider's auth contexts
+// AzureAD only
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-get-an-access-identity-provider
+func (api *API) ListAccessIdentityProviderAuthContexts(ctx context.Context, rc *ResourceContainer, identityProviderID string) ([]AccessAuthContext, error) {
+	uri := fmt.Sprintf("/%s/%s/access/identity_providers/%s/auth_context", rc.Level, rc.Identifier, identityProviderID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessAuthContext{}, err
+	}
+
+	var accessAuthContextListResponse AccessAuthContextsListResponse
+	err = json.Unmarshal(res, &accessAuthContextListResponse)
+	if err != nil {
+		return []AccessAuthContext{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessAuthContextListResponse.Result, nil
+}
+
+// UpdateAccessIdentityProviderAuthContexts updates an existing Access Identity
+// Provider.
+// AzureAD only
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-refresh-an-access-identity-provider-auth-contexts
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-update-an-access-identity-provider
+func (api *API) UpdateAccessIdentityProviderAuthContexts(ctx context.Context, rc *ResourceContainer, identityProviderID string) (AccessIdentityProvider, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/identity_providers/%s/auth_context",
+		rc.Level,
+		rc.Identifier,
+		identityProviderID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
+	if err != nil {
+		return AccessIdentityProvider{}, err
+	}
+
+	var accessIdentityProviderResponse AccessIdentityProviderResponse
+	err = json.Unmarshal(res, &accessIdentityProviderResponse)
+	if err != nil {
+		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessIdentityProviderResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_identity_provider_test.go b/pkg/cloudflare-go/access_identity_provider_test.go
new file mode 100644
index 0000000000..e928541517
--- /dev/null
+++ b/pkg/cloudflare-go/access_identity_provider_test.go
@@ -0,0 +1,416 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListAccessIdentityProviders(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "1", r.URL.Query().Get("page"))
+		assert.Equal(t, "25", r.URL.Query().Get("per_page"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+					"name": "Widget Corps OTP",
+					"type": "github",
+					"config": {
+						"client_id": "example_id",
+						"client_secret": "a-secret-key"
+					}
+				}
+			],
+			"result_info": {
+				"count": 1,
+				"page": 1,
+				"per_page": 20,
+				"total_count": 1
+		  	}
+		}
+		`)
+	}
+
+	want := []AccessIdentityProvider{
+		{
+			ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			Name: "Widget Corps OTP",
+			Type: "github",
+			Config: AccessIdentityProviderConfiguration{
+				ClientID:     "example_id",
+				ClientSecret: "a-secret-key",
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers", handler)
+
+	actual, _, err := client.ListAccessIdentityProviders(context.Background(), testAccountRC, ListAccessIdentityProvidersParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers", handler)
+
+	actual, _, err = client.ListAccessIdentityProviders(context.Background(), testZoneRC, ListAccessIdentityProvidersParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessIdentityProviderDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "Widget Corps OTP",
+				"type": "github",
+				"config": {
+					"client_id": "example_id",
+					"client_secret": "a-secret-key"
+				}
+			}
+		}
+		`)
+	}
+
+	want := AccessIdentityProvider{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:     "example_id",
+			ClientSecret: "a-secret-key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc841", handler)
+
+	actual, err := client.GetAccessIdentityProvider(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc841")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc841", handler)
+
+	actual, err = client.GetAccessIdentityProvider(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc841")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessIdentityProvider(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "Widget Corps OTP",
+				"type": "github",
+				"config": {
+					"client_id": "example_id",
+					"client_secret": "a-secret-key",
+					"conditional_access_enabled": true
+				}
+			}
+		}
+		`)
+	}
+
+	newIdentityProvider := CreateAccessIdentityProviderParams{
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:                 "example_id",
+			ClientSecret:             "a-secret-key",
+			ConditionalAccessEnabled: true,
+		},
+	}
+
+	want := AccessIdentityProvider{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:                 "example_id",
+			ClientSecret:             "a-secret-key",
+			ConditionalAccessEnabled: true,
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers", handler)
+
+	actual, err := client.CreateAccessIdentityProvider(context.Background(), testAccountRC, newIdentityProvider)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers", handler)
+
+	actual, err = client.CreateAccessIdentityProvider(context.Background(), testZoneRC, newIdentityProvider)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+func TestUpdateAccessIdentityProvider(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "Widget Corps OTP",
+				"type": "github",
+				"config": {
+					"client_id": "example_id",
+					"client_secret": "a-secret-key"
+				}
+			}
+		}
+		`)
+	}
+
+	updatedIdentityProvider := UpdateAccessIdentityProviderParams{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:     "example_id",
+			ClientSecret: "a-secret-key",
+		},
+	}
+
+	want := AccessIdentityProvider{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:     "example_id",
+			ClientSecret: "a-secret-key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.UpdateAccessIdentityProvider(context.Background(), testAccountRC, updatedIdentityProvider)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.UpdateAccessIdentityProvider(context.Background(), testZoneRC, updatedIdentityProvider)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteAccessIdentityProvider(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "Widget Corps OTP",
+				"type": "github",
+				"config": {
+					"client_id": "example_id",
+					"client_secret": "a-secret-key"
+				}
+			}
+		}
+		`)
+	}
+
+	want := AccessIdentityProvider{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps OTP",
+		Type: "github",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:     "example_id",
+			ClientSecret: "a-secret-key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.DeleteAccessIdentityProvider(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.DeleteAccessIdentityProvider(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListAccessIdentityProviderAuthContexts(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "04709095-568a-40c4-bf23-5d9edbefe21e",
+					"uid": "04709095-568a-40c4-bf23-5d9edbefe21e",
+					"ac_id": "c1",
+					"display_name": "test_c1",
+					"description": ""
+				},
+				{
+					"id": "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
+					"uid": "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
+					"ac_id": "c25",
+					"display_name": "test_c25",
+					"description": ""
+				}
+			]
+		}
+		`)
+	}
+
+	want := []AccessAuthContext{
+		{
+			ID:          "04709095-568a-40c4-bf23-5d9edbefe21e",
+			UID:         "04709095-568a-40c4-bf23-5d9edbefe21e",
+			ACID:        "c1",
+			DisplayName: "test_c1",
+			Description: "",
+		},
+		{
+			ID:          "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
+			UID:         "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
+			ACID:        "c25",
+			DisplayName: "test_c25",
+			Description: "",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
+
+	actual, err := client.ListAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
+
+	actual, err = client.ListAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessIdentityProviderAuthContext(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "Widget Corps",
+				"type": "AzureAD",
+				"config": {
+					"client_id": "example_id",
+					"client_secret": "a-secret-key",
+					"conditional_access_enabled": true
+				}
+			}
+		}
+		`)
+	}
+
+	want := AccessIdentityProvider{
+		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name: "Widget Corps",
+		Type: "AzureAD",
+		Config: AccessIdentityProviderConfiguration{
+			ClientID:                 "example_id",
+			ClientSecret:             "a-secret-key",
+			ConditionalAccessEnabled: true,
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
+
+	actual, err := client.UpdateAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
+
+	actual, err = client.UpdateAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_keys.go b/pkg/cloudflare-go/access_keys.go
new file mode 100644
index 0000000000..fbc714deff
--- /dev/null
+++ b/pkg/cloudflare-go/access_keys.go
@@ -0,0 +1,64 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type AccessKeysConfig struct {
+	KeyRotationIntervalDays int       `json:"key_rotation_interval_days"`
+	LastKeyRotationAt       time.Time `json:"last_key_rotation_at"`
+	DaysUntilNextRotation   int       `json:"days_until_next_rotation"`
+}
+
+type AccessKeysConfigUpdateRequest struct {
+	KeyRotationIntervalDays int `json:"key_rotation_interval_days"`
+}
+
+type accessKeysConfigResponse struct {
+	Response
+	Result AccessKeysConfig `json:"result"`
+}
+
+// AccessKeysConfig returns the Access Keys Configuration for an account.
+//
+// API reference: https://api.cloudflare.com/#access-keys-configuration-get-access-keys-configuration
+func (api *API) AccessKeysConfig(ctx context.Context, accountID string) (AccessKeysConfig, error) {
+	uri := fmt.Sprintf("/%s/%s/access/keys", AccountRouteRoot, accountID)
+
+	return api.accessKeysRequest(ctx, http.MethodGet, uri, nil)
+}
+
+// UpdateAccessKeysConfig updates the Access Keys Configuration for an account.
+//
+// API reference: https://api.cloudflare.com/#access-keys-configuration-update-access-keys-configuration
+func (api *API) UpdateAccessKeysConfig(ctx context.Context, accountID string, request AccessKeysConfigUpdateRequest) (AccessKeysConfig, error) {
+	uri := fmt.Sprintf("/%s/%s/access/keys", AccountRouteRoot, accountID)
+
+	return api.accessKeysRequest(ctx, http.MethodPut, uri, request)
+}
+
+// RotateAccessKeys rotates the Access Keys for an account and returns the updated Access Keys Configuration
+//
+// API reference: https://api.cloudflare.com/#access-keys-configuration-rotate-access-keys
+func (api *API) RotateAccessKeys(ctx context.Context, accountID string) (AccessKeysConfig, error) {
+	uri := fmt.Sprintf("/%s/%s/access/keys/rotate", AccountRouteRoot, accountID)
+	return api.accessKeysRequest(ctx, http.MethodPost, uri, nil)
+}
+
+func (api *API) accessKeysRequest(ctx context.Context, method, uri string, params interface{}) (AccessKeysConfig, error) {
+	res, err := api.makeRequestContext(ctx, method, uri, params)
+	if err != nil {
+		return AccessKeysConfig{}, err
+	}
+
+	var keysConfigResponse accessKeysConfigResponse
+	if err := json.Unmarshal(res, &keysConfigResponse); err != nil {
+		return AccessKeysConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return keysConfigResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_keys_test.go b/pkg/cloudflare-go/access_keys_test.go
new file mode 100644
index 0000000000..789bca638b
--- /dev/null
+++ b/pkg/cloudflare-go/access_keys_test.go
@@ -0,0 +1,124 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessKeysConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"key_rotation_interval_days": 42,
+				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
+				"days_until_next_rotation": 3
+			}
+		}`)
+	}
+
+	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AccessKeysConfig{
+		KeyRotationIntervalDays: 42,
+		LastKeyRotationAt:       wantLastRotationAt,
+		DaysUntilNextRotation:   3,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys", handler)
+
+	actual, err := client.AccessKeysConfig(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessKeysConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	wantRequest := AccessKeysConfigUpdateRequest{
+		KeyRotationIntervalDays: 33,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		var gotRequest AccessKeysConfigUpdateRequest
+		assert.NoError(t, json.NewDecoder(r.Body).Decode(&gotRequest))
+		assert.Equal(t, wantRequest, gotRequest)
+
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"key_rotation_interval_days": 42,
+				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
+				"days_until_next_rotation": 3
+			}
+		}`)
+	}
+
+	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AccessKeysConfig{
+		KeyRotationIntervalDays: 42,
+		LastKeyRotationAt:       wantLastRotationAt,
+		DaysUntilNextRotation:   3,
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys", handler)
+
+	actual, err := client.UpdateAccessKeysConfig(context.Background(), testAccountID, wantRequest)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestRotateAccessKeys(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"key_rotation_interval_days": 42,
+				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
+				"days_until_next_rotation": 3
+			}
+		}`)
+	}
+
+	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AccessKeysConfig{
+		KeyRotationIntervalDays: 42,
+		LastKeyRotationAt:       wantLastRotationAt,
+		DaysUntilNextRotation:   3,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys/rotate", handler)
+
+	actual, err := client.RotateAccessKeys(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_mutual_tls_certificates.go b/pkg/cloudflare-go/access_mutual_tls_certificates.go
new file mode 100644
index 0000000000..9d4e413b17
--- /dev/null
+++ b/pkg/cloudflare-go/access_mutual_tls_certificates.go
@@ -0,0 +1,279 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessMutualTLSCertificate is the structure of a single Access Mutual TLS
+// certificate.
+type AccessMutualTLSCertificate struct {
+	ID                  string    `json:"id,omitempty"`
+	CreatedAt           time.Time `json:"created_at,omitempty"`
+	UpdatedAt           time.Time `json:"updated_at,omitempty"`
+	ExpiresOn           time.Time `json:"expires_on,omitempty"`
+	Name                string    `json:"name,omitempty"`
+	Fingerprint         string    `json:"fingerprint,omitempty"`
+	Certificate         string    `json:"certificate,omitempty"`
+	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
+}
+
+// AccessMutualTLSCertificateListResponse is the API response for all Access
+// Mutual TLS certificates.
+type AccessMutualTLSCertificateListResponse struct {
+	Response
+	Result     []AccessMutualTLSCertificate `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// AccessMutualTLSCertificateDetailResponse is the API response for a single
+// Access Mutual TLS certificate.
+type AccessMutualTLSCertificateDetailResponse struct {
+	Response
+	Result AccessMutualTLSCertificate `json:"result"`
+}
+
+type ListAccessMutualTLSCertificatesParams struct {
+	ResultInfo
+}
+
+type CreateAccessMutualTLSCertificateParams struct {
+	ExpiresOn           time.Time `json:"expires_on,omitempty"`
+	Name                string    `json:"name,omitempty"`
+	Fingerprint         string    `json:"fingerprint,omitempty"`
+	Certificate         string    `json:"certificate,omitempty"`
+	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
+}
+
+type UpdateAccessMutualTLSCertificateParams struct {
+	ID                  string    `json:"-"`
+	ExpiresOn           time.Time `json:"expires_on,omitempty"`
+	Name                string    `json:"name,omitempty"`
+	Fingerprint         string    `json:"fingerprint,omitempty"`
+	Certificate         string    `json:"certificate,omitempty"`
+	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
+}
+
+type AccessMutualTLSHostnameSettings struct {
+	ChinaNetwork                *bool  `json:"china_network,omitempty"`
+	ClientCertificateForwarding *bool  `json:"client_certificate_forwarding,omitempty"`
+	Hostname                    string `json:"hostname,omitempty"`
+}
+
+type GetAccessMutualTLSHostnameSettingsResponse struct {
+	Response
+	Result []AccessMutualTLSHostnameSettings `json:"result"`
+}
+
+type UpdateAccessMutualTLSHostnameSettingsParams struct {
+	Settings []AccessMutualTLSHostnameSettings `json:"settings,omitempty"`
+}
+
+// ListAccessMutualTLSCertificates returns all Access TLS certificates
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-list-mtls-certificates
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates
+func (api *API) ListAccessMutualTLSCertificates(ctx context.Context, rc *ResourceContainer, params ListAccessMutualTLSCertificatesParams) ([]AccessMutualTLSCertificate, *ResultInfo, error) {
+	baseURL := fmt.Sprintf(
+		"/%s/%s/access/certificates",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessCertificates []AccessMutualTLSCertificate
+	var r AccessMutualTLSCertificateListResponse
+
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessMutualTLSCertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessMutualTLSCertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		accessCertificates = append(accessCertificates, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessCertificates, &r.ResultInfo, nil
+}
+
+// GetAccessMutualTLSCertificate returns a single Access Mutual TLS
+// certificate.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-get-an-mtls-certificate
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-get-an-mtls-certificate
+func (api *API) GetAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (AccessMutualTLSCertificate, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates/%s",
+		rc.Level,
+		rc.Identifier,
+		certificateID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
+	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessMutualTLSCertificateDetailResponse.Result, nil
+}
+
+// CreateAccessMutualTLSCertificate creates an Access TLS Mutual
+// certificate.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-add-an-mtls-certificate
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-add-an-mtls-certificate
+func (api *API) CreateAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, params CreateAccessMutualTLSCertificateParams) (AccessMutualTLSCertificate, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
+	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessMutualTLSCertificateDetailResponse.Result, nil
+}
+
+// UpdateAccessMutualTLSCertificate updates an account level Access TLS Mutual
+// certificate.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate
+func (api *API) UpdateAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSCertificateParams) (AccessMutualTLSCertificate, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates/%s",
+		rc.Level,
+		rc.Identifier,
+		params.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
+	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
+	if err != nil {
+		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessMutualTLSCertificateDetailResponse.Result, nil
+}
+
+// DeleteAccessMutualTLSCertificate destroys an Access Mutual
+// TLS certificate.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-delete-an-mtls-certificate
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-delete-an-mtls-certificate
+func (api *API) DeleteAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates/%s",
+		rc.Level,
+		rc.Identifier,
+		certificateID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
+	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// GetAccessMutualTLSHostnameSettings returns all Access mTLS hostname settings.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates-hostname-settings
+func (api *API) GetAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer) ([]AccessMutualTLSHostnameSettings, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates/settings",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
+	err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
+	if err != nil {
+		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessMutualTLSHostnameSettingsResponse.Result, nil
+}
+
+// UpdateAccessMutualTLSHostnameSettings updates Access mTLS certificate hostname settings.
+//
+// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
+// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate-settings
+func (api *API) UpdateAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSHostnameSettingsParams) ([]AccessMutualTLSHostnameSettings, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/access/certificates/settings",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
+	err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
+	if err != nil {
+		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessMutualTLSHostnameSettingsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_mutual_tls_certificates_test.go b/pkg/cloudflare-go/access_mutual_tls_certificates_test.go
new file mode 100644
index 0000000000..a83a197da3
--- /dev/null
+++ b/pkg/cloudflare-go/access_mutual_tls_certificates_test.go
@@ -0,0 +1,405 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessMutualTLSCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z",
+					"expires_on": "2014-01-01T05:20:00.12345Z",
+					"name": "Allow devs",
+					"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+					"associated_hostnames": [
+						"admin.example.com"
+					]
+				}
+			]
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []AccessMutualTLSCertificate{{
+		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		CreatedAt:           createdAt,
+		UpdatedAt:           updatedAt,
+		ExpiresOn:           expiresOn,
+		Name:                "Allow devs",
+		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+		AssociatedHostnames: []string{"admin.example.com"},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates", handler)
+
+	actual, _, err := client.ListAccessMutualTLSCertificates(context.Background(), testAccountRC, ListAccessMutualTLSCertificatesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates", handler)
+
+	actual, _, err = client.ListAccessMutualTLSCertificates(context.Background(), testZoneRC, ListAccessMutualTLSCertificatesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessMutualTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_on": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+				"associated_hostnames": [
+					"admin.example.com"
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessMutualTLSCertificate{
+		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		CreatedAt:           createdAt,
+		UpdatedAt:           updatedAt,
+		ExpiresOn:           expiresOn,
+		Name:                "Allow devs",
+		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+		AssociatedHostnames: []string{"admin.example.com"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.GetAccessMutualTLSCertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.GetAccessMutualTLSCertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessMutualTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_on": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+				"associated_hostnames": [
+					"admin.example.com"
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	certificate := CreateAccessMutualTLSCertificateParams{
+		Name:        "Allow devs",
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\nDrUtmu/B\n-----END CERTIFICATE-----",
+	}
+
+	want := AccessMutualTLSCertificate{
+		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		CreatedAt:           createdAt,
+		UpdatedAt:           updatedAt,
+		ExpiresOn:           expiresOn,
+		Name:                "Allow devs",
+		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+		AssociatedHostnames: []string{"admin.example.com"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates", handler)
+
+	actual, err := client.CreateAccessMutualTLSCertificate(context.Background(), testAccountRC, certificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates", handler)
+
+	actual, err = client.CreateAccessMutualTLSCertificate(context.Background(), testZoneRC, certificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessMutualTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_on": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+				"associated_hostnames": [
+					"admin.example.com"
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	certificate := UpdateAccessMutualTLSCertificateParams{
+		ID:          "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:        "Allow devs",
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\nDrUtmu/B\n-----END CERTIFICATE-----",
+	}
+
+	want := AccessMutualTLSCertificate{
+		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		CreatedAt:           createdAt,
+		UpdatedAt:           updatedAt,
+		ExpiresOn:           expiresOn,
+		Name:                "Allow devs",
+		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
+		AssociatedHostnames: []string{"admin.example.com"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.UpdateAccessMutualTLSCertificate(context.Background(), testAccountRC, certificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.UpdateAccessMutualTLSCertificate(context.Background(), testZoneRC, certificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteAccessMutualTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	err := client.DeleteAccessMutualTLSCertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	err = client.DeleteAccessMutualTLSCertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	assert.NoError(t, err)
+}
+
+func TestGetAccessMutualTLSHostnameSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"china_network": false,
+					"client_certificate_forwarding": true,
+					"hostname": "admin.example.com"
+				},
+				{
+					"china_network": true,
+					"client_certificate_forwarding": false,
+					"hostname": "foobar.example.com"
+				}
+			]
+		}`)
+	}
+
+	want := []AccessMutualTLSHostnameSettings{
+		{
+			ChinaNetwork:                BoolPtr(false),
+			ClientCertificateForwarding: BoolPtr(true),
+			Hostname:                    "admin.example.com",
+		},
+		{
+			ChinaNetwork:                BoolPtr(true),
+			ClientCertificateForwarding: BoolPtr(false),
+			Hostname:                    "foobar.example.com",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)
+
+	actual, err := client.GetAccessMutualTLSHostnameSettings(context.Background(), testAccountRC)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)
+
+	actual, err = client.GetAccessMutualTLSHostnameSettings(context.Background(), testZoneRC)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessMutualTLSHostnameSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"china_network": false,
+					"client_certificate_forwarding": true,
+					"hostname": "admin.example.com"
+				},
+				{
+					"china_network": true,
+					"client_certificate_forwarding": false,
+					"hostname": "foobar.example.com"
+				}
+			]
+		}`)
+	}
+
+	certificateSettings := UpdateAccessMutualTLSHostnameSettingsParams{
+		Settings: []AccessMutualTLSHostnameSettings{
+			{
+				ChinaNetwork:                BoolPtr(false),
+				ClientCertificateForwarding: BoolPtr(true),
+				Hostname:                    "admin.example.com",
+			},
+			{
+				ChinaNetwork:                BoolPtr(true),
+				ClientCertificateForwarding: BoolPtr(false),
+				Hostname:                    "foobar.example.com",
+			},
+		},
+	}
+
+	want := []AccessMutualTLSHostnameSettings{
+		{
+			ChinaNetwork:                BoolPtr(false),
+			ClientCertificateForwarding: BoolPtr(true),
+			Hostname:                    "admin.example.com",
+		},
+		{
+			ChinaNetwork:                BoolPtr(true),
+			ClientCertificateForwarding: BoolPtr(false),
+			Hostname:                    "foobar.example.com",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)
+
+	actual, err := client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testAccountRC, certificateSettings)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)
+
+	actual, err = client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testZoneRC, certificateSettings)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_organization.go b/pkg/cloudflare-go/access_organization.go
new file mode 100644
index 0000000000..f7eea16af7
--- /dev/null
+++ b/pkg/cloudflare-go/access_organization.go
@@ -0,0 +1,143 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessOrganization represents an Access organization.
+type AccessOrganization struct {
+	CreatedAt                      *time.Time                    `json:"created_at"`
+	UpdatedAt                      *time.Time                    `json:"updated_at"`
+	Name                           string                        `json:"name"`
+	AuthDomain                     string                        `json:"auth_domain"`
+	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
+	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
+	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
+	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
+	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
+	SessionDuration                *string                       `json:"session_duration,omitempty"`
+	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
+}
+
+// AccessOrganizationLoginDesign represents the login design options.
+type AccessOrganizationLoginDesign struct {
+	BackgroundColor string `json:"background_color"`
+	LogoPath        string `json:"logo_path"`
+	TextColor       string `json:"text_color"`
+	HeaderText      string `json:"header_text"`
+	FooterText      string `json:"footer_text"`
+}
+
+type AccessOrganizationCustomPages struct {
+	Forbidden      AccessCustomPageType `json:"forbidden,omitempty"`
+	IdentityDenied AccessCustomPageType `json:"identity_denied,omitempty"`
+}
+
+// AccessOrganizationListResponse represents the response from the list
+// access organization endpoint.
+type AccessOrganizationListResponse struct {
+	Result AccessOrganization `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessOrganizationDetailResponse is the API response, containing a
+// single access organization.
+type AccessOrganizationDetailResponse struct {
+	Success  bool               `json:"success"`
+	Errors   []string           `json:"errors"`
+	Messages []string           `json:"messages"`
+	Result   AccessOrganization `json:"result"`
+}
+
+type GetAccessOrganizationParams struct{}
+
+type CreateAccessOrganizationParams struct {
+	Name                           string                        `json:"name"`
+	AuthDomain                     string                        `json:"auth_domain"`
+	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
+	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
+	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
+	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
+	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
+	SessionDuration                *string                       `json:"session_duration,omitempty"`
+	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
+}
+
+type UpdateAccessOrganizationParams struct {
+	Name                           string                        `json:"name"`
+	AuthDomain                     string                        `json:"auth_domain"`
+	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
+	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
+	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
+	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
+	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
+	SessionDuration                *string                       `json:"session_duration,omitempty"`
+	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
+	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
+	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
+}
+
+func (api *API) GetAccessOrganization(ctx context.Context, rc *ResourceContainer, params GetAccessOrganizationParams) (AccessOrganization, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessOrganization{}, ResultInfo{}, err
+	}
+
+	var accessOrganizationListResponse AccessOrganizationListResponse
+	err = json.Unmarshal(res, &accessOrganizationListResponse)
+	if err != nil {
+		return AccessOrganization{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessOrganizationListResponse.Result, accessOrganizationListResponse.ResultInfo, nil
+}
+
+func (api *API) CreateAccessOrganization(ctx context.Context, rc *ResourceContainer, params CreateAccessOrganizationParams) (AccessOrganization, error) {
+	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessOrganization{}, err
+	}
+
+	var accessOrganizationDetailResponse AccessOrganizationDetailResponse
+	err = json.Unmarshal(res, &accessOrganizationDetailResponse)
+	if err != nil {
+		return AccessOrganization{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessOrganizationDetailResponse.Result, nil
+}
+
+// UpdateAccessOrganization updates the Access organisation details.
+//
+// Account API reference: https://api.cloudflare.com/#access-organizations-update-access-organization
+// Zone API reference: https://api.cloudflare.com/#zone-level-access-organizations-update-access-organization
+func (api *API) UpdateAccessOrganization(ctx context.Context, rc *ResourceContainer, params UpdateAccessOrganizationParams) (AccessOrganization, error) {
+	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessOrganization{}, err
+	}
+
+	var accessOrganizationDetailResponse AccessOrganizationDetailResponse
+	err = json.Unmarshal(res, &accessOrganizationDetailResponse)
+	if err != nil {
+		return AccessOrganization{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessOrganizationDetailResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_organization_test.go b/pkg/cloudflare-go/access_organization_test.go
new file mode 100644
index 0000000000..fc9cfb4bf3
--- /dev/null
+++ b/pkg/cloudflare-go/access_organization_test.go
@@ -0,0 +1,281 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessOrganization(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Widget Corps Internal Applications",
+				"auth_domain": "test.cloudflareaccess.com",
+				"is_ui_read_only": false,
+				"user_seat_expiration_inactive_time": "720h",
+				"auto_redirect_to_identity": true,
+				"allow_authenticate_via_warp": true,
+				"warp_auth_session_duration": "24h",
+				"session_duration": "12h",
+				"login_design": {
+					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
+					"text_color": "#c5ed1b",
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessOrganization{
+		Name:                     "Widget Corps Internal Applications",
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		AuthDomain:               "test.cloudflareaccess.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		WarpAuthSessionDuration:  StringPtr("24h"),
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		IsUIReadOnly:                   BoolPtr(false),
+		SessionDuration:                StringPtr("12h"),
+		UserSeatExpirationInactiveTime: "720h",
+		AutoRedirectToIdentity:         BoolPtr(true),
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
+
+	actual, _, err := client.GetAccessOrganization(context.Background(), testAccountRC, GetAccessOrganizationParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
+
+	actual, _, err = client.GetAccessOrganization(context.Background(), testZoneRC, GetAccessOrganizationParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessOrganization(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Widget Corps Internal Applications",
+				"auth_domain": "test.cloudflareaccess.com",
+				"allow_authenticate_via_warp": true,
+				"warp_auth_session_duration": "24h",
+				"is_ui_read_only": true,
+				"session_duration": "12h",
+				"login_design": {
+					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
+					"text_color": "#c5ed1b",
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessOrganization{
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Name:                     "Widget Corps Internal Applications",
+		AuthDomain:               "test.cloudflareaccess.com",
+		AllowAuthenticateViaWarp: BoolPtr(true),
+		WarpAuthSessionDuration:  StringPtr("24h"),
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		IsUIReadOnly:    BoolPtr(true),
+		SessionDuration: StringPtr("12h"),
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
+
+	actual, err := client.CreateAccessOrganization(context.Background(), testAccountRC, CreateAccessOrganizationParams{
+		Name:       "Widget Corps Internal Applications",
+		AuthDomain: "test.cloudflareaccess.com",
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		IsUIReadOnly:    BoolPtr(true),
+		SessionDuration: StringPtr("12h"),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
+
+	actual, err = client.CreateAccessOrganization(context.Background(), testZoneRC, CreateAccessOrganizationParams{
+		Name:       "Widget Corps Internal Applications",
+		AuthDomain: "test.cloudflareaccess.com",
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		IsUIReadOnly:    BoolPtr(true),
+		SessionDuration: StringPtr("12h"),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessOrganization(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Widget Corps Internal Applications",
+				"auth_domain": "test.cloudflareaccess.com",
+				"allow_authenticate_via_warp": false,
+				"warp_auth_session_duration": "18h",
+				"login_design": {
+					"background_color": "#c5ed1b",
+					"logo_path": "https://example.com/logo.png",
+					"text_color": "#c5ed1b",
+					"header_text": "Widget Corp",
+					"footer_text": "© Widget Corp"
+				},
+				"is_ui_read_only": false,
+				"ui_read_only_toggle_reason": "this is my reason",
+				"session_duration": "12h"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AccessOrganization{
+		CreatedAt:                &createdAt,
+		UpdatedAt:                &updatedAt,
+		Name:                     "Widget Corps Internal Applications",
+		AuthDomain:               "test.cloudflareaccess.com",
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		IsUIReadOnly:           BoolPtr(false),
+		UIReadOnlyToggleReason: "this is my reason",
+		SessionDuration:        StringPtr("12h"),
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
+
+	actual, err := client.UpdateAccessOrganization(context.Background(), testAccountRC, UpdateAccessOrganizationParams{
+		Name:       "Widget Corps Internal Applications",
+		AuthDomain: "test.cloudflareaccess.com",
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		IsUIReadOnly:             BoolPtr(false),
+		SessionDuration:          StringPtr("12h"),
+		UIReadOnlyToggleReason:   "this is my reason",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
+
+	actual, err = client.UpdateAccessOrganization(context.Background(), testZoneRC, UpdateAccessOrganizationParams{
+		Name:       "Widget Corps Internal Applications",
+		AuthDomain: "test.cloudflareaccess.com",
+		LoginDesign: AccessOrganizationLoginDesign{
+			BackgroundColor: "#c5ed1b",
+			LogoPath:        "https://example.com/logo.png",
+			TextColor:       "#c5ed1b",
+			HeaderText:      "Widget Corp",
+			FooterText:      "© Widget Corp",
+		},
+		WarpAuthSessionDuration:  StringPtr("18h"),
+		AllowAuthenticateViaWarp: BoolPtr(false),
+		IsUIReadOnly:             BoolPtr(false),
+		UIReadOnlyToggleReason:   "this is my reason",
+		SessionDuration:          StringPtr("12h"),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_policy.go b/pkg/cloudflare-go/access_policy.go
new file mode 100644
index 0000000000..a70ceede50
--- /dev/null
+++ b/pkg/cloudflare-go/access_policy.go
@@ -0,0 +1,356 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type AccessApprovalGroup struct {
+	EmailListUuid   string   `json:"email_list_uuid,omitempty"`
+	EmailAddresses  []string `json:"email_addresses,omitempty"`
+	ApprovalsNeeded int      `json:"approvals_needed,omitempty"`
+}
+
+// AccessPolicy defines a policy for allowing or disallowing access to
+// one or more Access applications.
+type AccessPolicy struct {
+	ID string `json:"id,omitempty"`
+	// Precedence is the order in which the policy is executed in an Access application.
+	// As a general rule, lower numbers take precedence over higher numbers.
+	// This field can only be zero when a reusable policy is requested outside the context
+	// of an Access application.
+	Precedence int        `json:"precedence"`
+	Decision   string     `json:"decision"`
+	CreatedAt  *time.Time `json:"created_at"`
+	UpdatedAt  *time.Time `json:"updated_at"`
+	Reusable   *bool      `json:"reusable,omitempty"`
+	Name       string     `json:"name"`
+
+	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
+	SessionDuration              *string               `json:"session_duration,omitempty"`
+	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
+	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
+	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
+	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
+
+	// The include policy works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude policy works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require policy works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+// AccessPolicyListResponse represents the response from the list
+// access policies endpoint.
+type AccessPolicyListResponse struct {
+	Result []AccessPolicy `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessPolicyDetailResponse is the API response, containing a single
+// access policy.
+type AccessPolicyDetailResponse struct {
+	Success  bool         `json:"success"`
+	Errors   []string     `json:"errors"`
+	Messages []string     `json:"messages"`
+	Result   AccessPolicy `json:"result"`
+}
+
+type ListAccessPoliciesParams struct {
+	// ApplicationID is the application ID to list attached access policies for.
+	// If omitted, only reusable policies for the account are returned.
+	ApplicationID string `json:"-"`
+	ResultInfo
+}
+
+type GetAccessPolicyParams struct {
+	PolicyID string `json:"-"`
+	// ApplicationID is the application ID for which to scope the policy for.
+	// Optional, but if included, the policy returned will include its execution precedence within the application.
+	ApplicationID string `json:"-"`
+}
+
+type CreateAccessPolicyParams struct {
+	// ApplicationID is the application ID for which to create the policy for.
+	// Pass an empty value to create a reusable policy.
+	ApplicationID string `json:"-"`
+
+	// Precedence is the order in which the policy is executed in an Access application.
+	// As a general rule, lower numbers take precedence over higher numbers.
+	// This field is ignored when creating a reusable policy.
+	// Read more here https://developers.cloudflare.com/cloudflare-one/policies/access/#order-of-execution
+	Precedence int    `json:"precedence"`
+	Decision   string `json:"decision"`
+	Name       string `json:"name"`
+
+	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
+	SessionDuration              *string               `json:"session_duration,omitempty"`
+	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
+	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
+	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
+	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
+
+	// The include policy works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude policy works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require policy works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+type UpdateAccessPolicyParams struct {
+	// ApplicationID is the application ID that owns the existing policy.
+	// Pass an empty value if the existing policy is reusable.
+	ApplicationID string `json:"-"`
+	PolicyID      string `json:"-"`
+
+	// Precedence is the order in which the policy is executed in an Access application.
+	// As a general rule, lower numbers take precedence over higher numbers.
+	// This field is ignored when updating a reusable policy.
+	Precedence int    `json:"precedence"`
+	Decision   string `json:"decision"`
+	Name       string `json:"name"`
+
+	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
+	SessionDuration              *string               `json:"session_duration,omitempty"`
+	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
+	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
+	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
+	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
+
+	// The include policy works like an OR logical operator. The user must
+	// satisfy one of the rules.
+	Include []interface{} `json:"include"`
+
+	// The exclude policy works like a NOT logical operator. The user must
+	// not satisfy all the rules in exclude.
+	Exclude []interface{} `json:"exclude"`
+
+	// The require policy works like a AND logical operator. The user must
+	// satisfy all the rules in require.
+	Require []interface{} `json:"require"`
+}
+
+type DeleteAccessPolicyParams struct {
+	// ApplicationID is the application ID the policy belongs to.
+	// If the existing policy is reusable, this field must be omitted. Otherwise, it is required.
+	ApplicationID string `json:"-"`
+	PolicyID      string `json:"-"`
+}
+
+// ListAccessPolicies returns all access policies that match the parameters.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-list-access-policies
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-list-access-policies
+func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, params ListAccessPoliciesParams) ([]AccessPolicy, *ResultInfo, error) {
+	var baseURL string
+	if params.ApplicationID != "" {
+		baseURL = fmt.Sprintf(
+			"/%s/%s/access/apps/%s/policies",
+			rc.Level,
+			rc.Identifier,
+			params.ApplicationID,
+		)
+	} else {
+		baseURL = fmt.Sprintf(
+			"/%s/%s/access/policies",
+			rc.Level,
+			rc.Identifier,
+		)
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessPolicies []AccessPolicy
+	var r AccessPolicyListResponse
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessPolicy{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessPolicy{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		accessPolicies = append(accessPolicies, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessPolicies, &r.ResultInfo, nil
+}
+
+// GetAccessPolicy returns a single policy based on the policy ID.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-get-an-access-policy
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-get-an-access-policy
+func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, params GetAccessPolicyParams) (AccessPolicy, error) {
+	var uri string
+	if params.ApplicationID != "" {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/apps/%s/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.ApplicationID,
+			params.PolicyID,
+		)
+	} else {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.PolicyID,
+		)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessPolicyDetailResponse AccessPolicyDetailResponse
+	err = json.Unmarshal(res, &accessPolicyDetailResponse)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessPolicyDetailResponse.Result, nil
+}
+
+// CreateAccessPolicy creates a new access policy.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-create-an-access-policy
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-create-an-access-policy
+func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, params CreateAccessPolicyParams) (AccessPolicy, error) {
+	var uri string
+	if params.ApplicationID != "" {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/apps/%s/policies",
+			rc.Level,
+			rc.Identifier,
+			params.ApplicationID,
+		)
+	} else {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/policies",
+			rc.Level,
+			rc.Identifier,
+		)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessPolicyDetailResponse AccessPolicyDetailResponse
+	err = json.Unmarshal(res, &accessPolicyDetailResponse)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessPolicyDetailResponse.Result, nil
+}
+
+// UpdateAccessPolicy updates an existing access policy.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-update-an-access-policy
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-update-an-access-policy
+func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, params UpdateAccessPolicyParams) (AccessPolicy, error) {
+	if params.PolicyID == "" {
+		return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty")
+	}
+
+	var uri string
+	if params.ApplicationID != "" {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/apps/%s/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.ApplicationID,
+			params.PolicyID,
+		)
+	} else {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.PolicyID,
+		)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accessPolicyDetailResponse AccessPolicyDetailResponse
+	err = json.Unmarshal(res, &accessPolicyDetailResponse)
+	if err != nil {
+		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessPolicyDetailResponse.Result, nil
+}
+
+// DeleteAccessPolicy deletes an access policy.
+//
+// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-delete-an-access-policy
+// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-delete-an-access-policy
+func (api *API) DeleteAccessPolicy(ctx context.Context, rc *ResourceContainer, params DeleteAccessPolicyParams) error {
+	var uri string
+	if params.ApplicationID != "" {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/apps/%s/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.ApplicationID,
+			params.PolicyID,
+		)
+	} else {
+		uri = fmt.Sprintf(
+			"/%s/%s/access/policies/%s",
+			rc.Level,
+			rc.Identifier,
+			params.PolicyID,
+		)
+	}
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_policy_test.go b/pkg/cloudflare-go/access_policy_test.go
new file mode 100644
index 0000000000..7564213820
--- /dev/null
+++ b/pkg/cloudflare-go/access_policy_test.go
@@ -0,0 +1,693 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	pageOptions         = PaginationOptions{}
+	accessApplicationID = "6e1c88f1-6b06-4b8a-a9e9-3ec7da2ee0c1"
+	accessPolicyID      = "699d98642c564d2e855e9661899b7252"
+
+	createdAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresAt, _ = time.Parse(time.RFC3339, "2015-01-01T05:20:00.12345Z")
+
+	isolationRequired            = true
+	purposeJustificationRequired = true
+	purposeJustificationPrompt   = "Please provide a business reason for your need to access before continuing."
+	approvalRequired             = true
+
+	expectedAccessPolicy = AccessPolicy{
+		ID:         "699d98642c564d2e855e9661899b7252",
+		Precedence: 1,
+		Decision:   "allow",
+		CreatedAt:  &createdAt,
+		UpdatedAt:  &updatedAt,
+		Name:       "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Require: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		IsolationRequired:            &isolationRequired,
+		SessionDuration:              StringPtr("12h"),
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		ApprovalRequired:             &approvalRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
+)
+
+func TestAccessPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"precedence": 1,
+				"decision": "allow",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+				  {
+					"email": {
+					  "email": "test@example.com"
+					}
+				  }
+				],
+				"exclude": [
+				  {
+					"email": {
+					  "email": "test@example.com"
+					}
+				  }
+				],
+				"require": [
+				  {
+					"email": {
+					  "email": "test@example.com"
+					}
+				  }
+				],
+				"isolation_required": true,
+				"purpose_justification_required": true,
+				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
+				"approval_required": true,
+				"session_duration": "12h",
+				"approval_groups": [
+				  {
+					"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+					"approvals_needed": 3
+				  },
+				  {
+					"email_addresses": [
+					  "email1@example.com",
+					  "email2@example.com"
+					],
+					"approvals_needed": 1
+				  }
+				]
+			  }
+			],
+			"result_info": {
+			  "page": 1,
+			  "per_page": 20,
+			  "count": 1,
+			  "total_count": 20
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, _, err := client.ListAccessPolicies(context.Background(), testAccountRC, ListAccessPoliciesParams{ApplicationID: accessApplicationID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, _, err = client.ListAccessPolicies(context.Background(), testZoneRC, ListAccessPoliciesParams{ApplicationID: accessApplicationID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
+	}
+
+	// Test Listing reusable policies
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies", handler)
+
+	actual, _, err = client.ListAccessPolicies(context.Background(), testAccountRC, ListAccessPoliciesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/policies", handler)
+
+	actual, _, err = client.ListAccessPolicies(context.Background(), testZoneRC, ListAccessPoliciesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
+	}
+}
+
+func TestAccessPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"precedence": 1,
+				"decision": "allow",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"isolation_required": true,
+				"purpose_justification_required": true,
+				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
+				"approval_required": true,
+				"session_duration": "12h",
+				"approval_groups": [
+					{
+						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+						"approvals_needed": 3
+					},
+					{
+						"email_addresses": ["email1@example.com", "email2@example.com"],
+						"approvals_needed": 1
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+
+	actual, err := client.GetAccessPolicy(context.Background(), testAccountRC, GetAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+
+	actual, err = client.GetAccessPolicy(context.Background(), testZoneRC, GetAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	// Test getting a reusable policy
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
+
+	actual, err = client.GetAccessPolicy(context.Background(), testAccountRC, GetAccessPolicyParams{PolicyID: accessPolicyID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
+
+	actual, err = client.GetAccessPolicy(context.Background(), testZoneRC, GetAccessPolicyParams{PolicyID: accessPolicyID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+}
+
+func TestCreateAccessPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"precedence": 1,
+				"decision": "allow",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"isolation_required": true,
+				"purpose_justification_required": true,
+				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
+				"approval_required": true,
+				"session_duration": "12h",
+				"approval_groups": [
+					{
+						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+						"approvals_needed": 3
+					},
+					{
+						"email_addresses": ["email1@example.com", "email2@example.com"],
+						"approvals_needed": 1
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	accessPolicy := CreateAccessPolicyParams{
+		ApplicationID: accessApplicationID,
+		Name:          "Allow devs",
+		Include: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Require: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Decision:                     "allow",
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		SessionDuration:              StringPtr("12h"),
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, err := client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	// Test creating a reusable policy
+	accessPolicy.ApplicationID = ""
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies", handler)
+
+	actual, err = client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/policies", handler)
+
+	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+}
+
+func TestCreateAccessPolicyAuthContextRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expectedAccessPolicyAuthContext := AccessPolicy{
+		ID:         "699d98642c564d2e855e9661899b7252",
+		Precedence: 1,
+		Decision:   "allow",
+		CreatedAt:  &createdAt,
+		UpdatedAt:  &updatedAt,
+		Name:       "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{},
+		Require: []interface{}{
+			map[string]interface{}{"auth_context": map[string]interface{}{"id": "authContextID123", "identity_provider_id": "IDPIDtest123", "ac_id": "c1"}},
+		},
+		IsolationRequired:            &isolationRequired,
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		ApprovalRequired:             &approvalRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		SessionDuration:              StringPtr("12h"),
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"precedence": 1,
+				"decision": "allow",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [],
+				"require": [
+					{
+						"auth_context": {
+							"id": "authContextID123",
+							"identity_provider_id": "IDPIDtest123",
+							"ac_id": "c1"
+						}
+					}
+				],
+				"isolation_required": true,
+				"purpose_justification_required": true,
+				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
+				"approval_required": true,
+				"session_duration": "12h",
+				"approval_groups": [
+					{
+						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+						"approvals_needed": 3
+					},
+					{
+						"email_addresses": ["email1@example.com", "email2@example.com"],
+						"approvals_needed": 1
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	accessPolicy := CreateAccessPolicyParams{
+		ApplicationID: accessApplicationID,
+		Name:          "Allow devs",
+		Include: []interface{}{
+			AccessGroupEmail{struct {
+				Email string `json:"email"`
+			}{Email: "test@example.com"}},
+		},
+		Exclude: []interface{}{},
+		Require: []interface{}{
+			AccessGroupAzureAuthContext{struct {
+				ID                 string `json:"id"`
+				IdentityProviderID string `json:"identity_provider_id"`
+				ACID               string `json:"ac_id"`
+			}{
+				ID:                 "authContextID123",
+				IdentityProviderID: "IDPIDtest123",
+				ACID:               "c1",
+			}},
+		},
+		Decision:                     "allow",
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, err := client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicyAuthContext, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
+
+	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicyAuthContext, actual)
+	}
+}
+
+func TestUpdateAccessPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	accessPolicy := UpdateAccessPolicyParams{
+		ApplicationID: accessApplicationID,
+		PolicyID:      accessPolicyID,
+		Precedence:    1,
+		Decision:      "allow",
+		Name:          "Allow devs",
+		Include: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Exclude: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		Require: []interface{}{
+			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
+		},
+		IsolationRequired:            &isolationRequired,
+		PurposeJustificationRequired: &purposeJustificationRequired,
+		ApprovalRequired:             &approvalRequired,
+		PurposeJustificationPrompt:   &purposeJustificationPrompt,
+		SessionDuration:              StringPtr("12h"),
+		ApprovalGroups: []AccessApprovalGroup{
+			{
+				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+				ApprovalsNeeded: 3,
+			},
+			{
+				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
+				ApprovalsNeeded: 1,
+			},
+		},
+	}
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252",
+				"precedence": 1,
+				"decision": "allow",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"name": "Allow devs",
+				"session_duration": "12h",
+				"include": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"exclude": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"require": [
+					{
+						"email": {
+							"email": "test@example.com"
+						}
+					}
+				],
+				"isolation_required": true,
+				"purpose_justification_required": true,
+				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
+				"approval_required": true,
+				"approval_groups": [
+					{
+						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
+						"approvals_needed": 3
+					},
+					{
+						"email_addresses": ["email1@example.com", "email2@example.com"],
+						"approvals_needed": 1
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+	actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	// Test updating reusable policies
+	accessPolicy.ApplicationID = ""
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
+	actual, err = client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
+	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccessPolicy, actual)
+	}
+}
+
+func TestUpdateAccessPolicyWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
+	assert.EqualError(t, err, "access policy ID cannot be empty")
+
+	_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
+	assert.EqualError(t, err, "access policy ID cannot be empty")
+}
+
+func TestDeleteAccessPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "699d98642c564d2e855e9661899b7252"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+	err := client.DeleteAccessPolicy(context.Background(), testAccountRC, DeleteAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
+	err = client.DeleteAccessPolicy(context.Background(), testZoneRC, DeleteAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
+
+	assert.NoError(t, err)
+
+	// Test deleting a reusable policy
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
+	err = client.DeleteAccessPolicy(context.Background(), testAccountRC, DeleteAccessPolicyParams{PolicyID: accessPolicyID})
+
+	assert.NoError(t, err)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
+	err = client.DeleteAccessPolicy(context.Background(), testZoneRC, DeleteAccessPolicyParams{PolicyID: accessPolicyID})
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_seats.go b/pkg/cloudflare-go/access_seats.go
new file mode 100644
index 0000000000..ea44eebc7b
--- /dev/null
+++ b/pkg/cloudflare-go/access_seats.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var errMissingAccessSeatUID = errors.New("missing required access seat UID")
+
+// AccessUpdateAccessUserSeatResult represents a Access User Seat.
+type AccessUpdateAccessUserSeatResult struct {
+	AccessSeat  *bool      `json:"access_seat"`
+	CreatedAt   *time.Time `json:"created_at"`
+	UpdatedAt   *time.Time `json:"updated_at"`
+	GatewaySeat *bool      `json:"gateway_seat"`
+	SeatUID     string     `json:"seat_uid,omitempty"`
+}
+
+// UpdateAccessUserSeatParams represents the update payload for access seats.
+type UpdateAccessUserSeatParams struct {
+	SeatUID     string `json:"seat_uid,omitempty"`
+	AccessSeat  *bool  `json:"access_seat"`
+	GatewaySeat *bool  `json:"gateway_seat"`
+}
+
+// UpdateAccessUsersSeatsParams represents the update payload for multiple access seats.
+type UpdateAccessUsersSeatsParams []struct {
+	SeatUID     string `json:"seat_uid,omitempty"`
+	AccessSeat  *bool  `json:"access_seat"`
+	GatewaySeat *bool  `json:"gateway_seat"`
+}
+
+// AccessUserSeatResponse represents the response from the access user seat endpoints.
+type UpdateAccessUserSeatResponse struct {
+	Response
+	Result     []AccessUpdateAccessUserSeatResult `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// UpdateAccessUserSeat updates a single Access User Seat.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-seats-update-a-user-seat
+func (api *API) UpdateAccessUserSeat(ctx context.Context, rc *ResourceContainer, params UpdateAccessUserSeatParams) ([]AccessUpdateAccessUserSeatResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if params.SeatUID == "" {
+		return []AccessUpdateAccessUserSeatResult{}, errMissingAccessSeatUID
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/seats",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	// this requests expects an array of params, but this method only accepts a single param
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, []UpdateAccessUserSeatParams{params})
+	if err != nil {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var updateAccessUserSeatResponse UpdateAccessUserSeatResponse
+	err = json.Unmarshal(res, &updateAccessUserSeatResponse)
+	if err != nil {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return updateAccessUserSeatResponse.Result, nil
+}
+
+// UpdateAccessUsersSeats updates many Access User Seats.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-seats-update-a-user-seat
+func (api *API) UpdateAccessUsersSeats(ctx context.Context, rc *ResourceContainer, params UpdateAccessUsersSeatsParams) ([]AccessUpdateAccessUserSeatResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	for _, param := range params {
+		if param.SeatUID == "" {
+			return []AccessUpdateAccessUserSeatResult{}, errMissingAccessSeatUID
+		}
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/seats",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	// this requests expects an array of params, but this method only accepts a single param
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var updateAccessUserSeatResponse UpdateAccessUserSeatResponse
+	err = json.Unmarshal(res, &updateAccessUserSeatResponse)
+	if err != nil {
+		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return updateAccessUserSeatResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_seats_test.go b/pkg/cloudflare-go/access_seats_test.go
new file mode 100644
index 0000000000..90ef47511d
--- /dev/null
+++ b/pkg/cloudflare-go/access_seats_test.go
@@ -0,0 +1,182 @@
+package cloudflare
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testAccessGroupSeatUID = "access-group-seat-uid"
+var testAccessGroupSeatUID2 = "access-group-seat-uid2"
+
+func TestUpdateAccessUserSeat_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessUserSeat(context.Background(), testZoneRC, UpdateAccessUserSeatParams{})
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestUpdateAccessUserSeat_MissingUID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessUserSeat(context.Background(), testAccountRC, UpdateAccessUserSeatParams{})
+	assert.EqualError(t, err, "missing required access seat UID")
+}
+
+func TestUpdateAccessUsersSeats_MissingUID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccessUsersSeats(context.Background(), testAccountRC, UpdateAccessUsersSeatsParams{{GatewaySeat: BoolPtr(false), SeatUID: "seat_id"}, {SeatUID: "", AccessSeat: BoolPtr(true)}})
+	assert.EqualError(t, err, "missing required access seat UID")
+}
+
+func TestUpdateAccessUserSeat(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		req := []UpdateAccessUserSeatParams{}
+
+		// Try to decode the request body into the struct.
+		err := json.NewDecoder(r.Body).Decode(&req)
+		assert.NoError(t, err, "Failed to decode request body into UpdateAccessUserSeatParams")
+		assert.Equal(t, len(req), 1, "Expected 1 seat to be updated, got %d", len(req))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"access_seat": false,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"gateway_seat": false,
+				"seat_uid": null,
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			  }
+			],
+			"success": true,
+			"result_info": {
+			  "count": 1,
+			  "page": 1,
+			  "per_page": 20,
+			  "total_count": 2000
+			}
+		  }
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/seats", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := []AccessUpdateAccessUserSeatResult{
+		{
+			AccessSeat:  BoolPtr(false),
+			CreatedAt:   &createdAt,
+			GatewaySeat: BoolPtr(false),
+			SeatUID:     "",
+			UpdatedAt:   &updatedAt,
+		},
+	}
+
+	actual, err := client.UpdateAccessUserSeat(context.Background(), testAccountRC, UpdateAccessUserSeatParams{
+		SeatUID:     testAccessGroupSeatUID,
+		AccessSeat:  BoolPtr(false),
+		GatewaySeat: BoolPtr(false),
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccessUsersSeats(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		req := []UpdateAccessUserSeatParams{}
+
+		// Try to decode the request body into the struct.
+		err := json.NewDecoder(r.Body).Decode(&req)
+		assert.NoError(t, err, "Failed to decode request body into UpdateAccessUserSeatParams")
+		assert.Equal(t, len(req), 2, "Expected 2 seat to be updated, got %d", len(req))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"access_seat": false,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"gateway_seat": false,
+				"seat_uid": "%s",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			  },
+			  {
+				"access_seat": false,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"gateway_seat": false,
+				"seat_uid": "%s",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			  }
+			],
+			"success": true,
+			"result_info": {
+			  "count": 1,
+			  "page": 1,
+			  "per_page": 20,
+			  "total_count": 2000
+			}
+		  }
+		`, testAccessGroupSeatUID, testAccessGroupSeatUID2)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/seats", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := []AccessUpdateAccessUserSeatResult{
+		{
+			AccessSeat:  BoolPtr(false),
+			CreatedAt:   &createdAt,
+			GatewaySeat: BoolPtr(false),
+			SeatUID:     testAccessGroupSeatUID,
+			UpdatedAt:   &updatedAt,
+		},
+		{
+			AccessSeat:  BoolPtr(false),
+			CreatedAt:   &createdAt,
+			GatewaySeat: BoolPtr(false),
+			SeatUID:     testAccessGroupSeatUID2,
+			UpdatedAt:   &updatedAt,
+		},
+	}
+
+	actual, err := client.UpdateAccessUsersSeats(context.Background(), testAccountRC, UpdateAccessUsersSeatsParams{
+		{
+			SeatUID:     testAccessGroupSeatUID,
+			AccessSeat:  BoolPtr(false),
+			GatewaySeat: BoolPtr(false),
+		},
+		{
+			SeatUID:     testAccessGroupSeatUID2,
+			AccessSeat:  BoolPtr(false),
+			GatewaySeat: BoolPtr(false),
+		},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_service_tokens.go b/pkg/cloudflare-go/access_service_tokens.go
new file mode 100644
index 0000000000..5202b24919
--- /dev/null
+++ b/pkg/cloudflare-go/access_service_tokens.go
@@ -0,0 +1,257 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingServiceTokenUUID = errors.New("missing required service token UUID")
+)
+
+// AccessServiceToken represents an Access Service Token.
+type AccessServiceToken struct {
+	ClientID  string     `json:"client_id"`
+	CreatedAt *time.Time `json:"created_at"`
+	ExpiresAt *time.Time `json:"expires_at"`
+	ID        string     `json:"id"`
+	Name      string     `json:"name"`
+	UpdatedAt *time.Time `json:"updated_at"`
+	Duration  string     `json:"duration,omitempty"`
+}
+
+// AccessServiceTokenUpdateResponse represents the response from the API
+// when a new Service Token is updated. This base struct is also used in the
+// Create as they are very similar responses.
+type AccessServiceTokenUpdateResponse struct {
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+	ExpiresAt *time.Time `json:"expires_at"`
+	ID        string     `json:"id"`
+	Name      string     `json:"name"`
+	ClientID  string     `json:"client_id"`
+	Duration  string     `json:"duration,omitempty"`
+}
+
+// AccessServiceTokenRefreshResponse represents the response from the API
+// when an existing service token is refreshed to last longer.
+type AccessServiceTokenRefreshResponse struct {
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+	ExpiresAt *time.Time `json:"expires_at"`
+	ID        string     `json:"id"`
+	Name      string     `json:"name"`
+	ClientID  string     `json:"client_id"`
+	Duration  string     `json:"duration,omitempty"`
+}
+
+// AccessServiceTokenCreateResponse is the same API response as the Update
+// operation with the exception that the `ClientSecret` is present in a
+// Create operation.
+type AccessServiceTokenCreateResponse struct {
+	CreatedAt    *time.Time `json:"created_at"`
+	UpdatedAt    *time.Time `json:"updated_at"`
+	ExpiresAt    *time.Time `json:"expires_at"`
+	ID           string     `json:"id"`
+	Name         string     `json:"name"`
+	ClientID     string     `json:"client_id"`
+	ClientSecret string     `json:"client_secret"`
+	Duration     string     `json:"duration,omitempty"`
+}
+
+// AccessServiceTokenRotateResponse is the same API response as the Create
+// operation.
+type AccessServiceTokenRotateResponse struct {
+	CreatedAt    *time.Time `json:"created_at"`
+	UpdatedAt    *time.Time `json:"updated_at"`
+	ExpiresAt    *time.Time `json:"expires_at"`
+	ID           string     `json:"id"`
+	Name         string     `json:"name"`
+	ClientID     string     `json:"client_id"`
+	ClientSecret string     `json:"client_secret"`
+	Duration     string     `json:"duration,omitempty"`
+}
+
+// AccessServiceTokensListResponse represents the response from the list
+// Access Service Tokens endpoint.
+type AccessServiceTokensListResponse struct {
+	Result []AccessServiceToken `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessServiceTokensDetailResponse is the API response, containing a single
+// Access Service Token.
+type AccessServiceTokensDetailResponse struct {
+	Success  bool               `json:"success"`
+	Errors   []string           `json:"errors"`
+	Messages []string           `json:"messages"`
+	Result   AccessServiceToken `json:"result"`
+}
+
+// AccessServiceTokensCreationDetailResponse is the API response, containing a
+// single Access Service Token.
+type AccessServiceTokensCreationDetailResponse struct {
+	Success  bool                             `json:"success"`
+	Errors   []string                         `json:"errors"`
+	Messages []string                         `json:"messages"`
+	Result   AccessServiceTokenCreateResponse `json:"result"`
+}
+
+// AccessServiceTokensUpdateDetailResponse is the API response, containing a
+// single Access Service Token.
+type AccessServiceTokensUpdateDetailResponse struct {
+	Success  bool                             `json:"success"`
+	Errors   []string                         `json:"errors"`
+	Messages []string                         `json:"messages"`
+	Result   AccessServiceTokenUpdateResponse `json:"result"`
+}
+
+// AccessServiceTokensRefreshDetailResponse is the API response, containing a
+// single Access Service Token.
+type AccessServiceTokensRefreshDetailResponse struct {
+	Success  bool                              `json:"success"`
+	Errors   []string                          `json:"errors"`
+	Messages []string                          `json:"messages"`
+	Result   AccessServiceTokenRefreshResponse `json:"result"`
+}
+
+// AccessServiceTokensRotateSecretDetailResponse is the API response, containing a
+// single Access Service Token.
+type AccessServiceTokensRotateSecretDetailResponse struct {
+	Success  bool                             `json:"success"`
+	Errors   []string                         `json:"errors"`
+	Messages []string                         `json:"messages"`
+	Result   AccessServiceTokenRotateResponse `json:"result"`
+}
+
+type ListAccessServiceTokensParams struct{}
+
+type CreateAccessServiceTokenParams struct {
+	Name     string `json:"name"`
+	Duration string `json:"duration,omitempty"`
+}
+
+type UpdateAccessServiceTokenParams struct {
+	Name     string `json:"name"`
+	UUID     string `json:"-"`
+	Duration string `json:"duration,omitempty"`
+}
+
+func (api *API) ListAccessServiceTokens(ctx context.Context, rc *ResourceContainer, params ListAccessServiceTokensParams) ([]AccessServiceToken, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessServiceToken{}, ResultInfo{}, err
+	}
+
+	var accessServiceTokensListResponse AccessServiceTokensListResponse
+	err = json.Unmarshal(res, &accessServiceTokensListResponse)
+	if err != nil {
+		return []AccessServiceToken{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokensListResponse.Result, accessServiceTokensListResponse.ResultInfo, nil
+}
+
+func (api *API) CreateAccessServiceToken(ctx context.Context, rc *ResourceContainer, params CreateAccessServiceTokenParams) (AccessServiceTokenCreateResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+
+	if err != nil {
+		return AccessServiceTokenCreateResponse{}, err
+	}
+
+	var accessServiceTokenCreation AccessServiceTokensCreationDetailResponse
+	err = json.Unmarshal(res, &accessServiceTokenCreation)
+	if err != nil {
+		return AccessServiceTokenCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokenCreation.Result, nil
+}
+
+func (api *API) UpdateAccessServiceToken(ctx context.Context, rc *ResourceContainer, params UpdateAccessServiceTokenParams) (AccessServiceTokenUpdateResponse, error) {
+	if params.UUID == "" {
+		return AccessServiceTokenUpdateResponse{}, ErrMissingServiceTokenUUID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s", rc.Level, rc.Identifier, params.UUID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AccessServiceTokenUpdateResponse{}, err
+	}
+
+	var accessServiceTokenUpdate AccessServiceTokensUpdateDetailResponse
+	err = json.Unmarshal(res, &accessServiceTokenUpdate)
+	if err != nil {
+		return AccessServiceTokenUpdateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokenUpdate.Result, nil
+}
+
+func (api *API) DeleteAccessServiceToken(ctx context.Context, rc *ResourceContainer, uuid string) (AccessServiceTokenUpdateResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s", rc.Level, rc.Identifier, uuid)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return AccessServiceTokenUpdateResponse{}, err
+	}
+
+	var accessServiceTokenUpdate AccessServiceTokensUpdateDetailResponse
+	err = json.Unmarshal(res, &accessServiceTokenUpdate)
+	if err != nil {
+		return AccessServiceTokenUpdateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokenUpdate.Result, nil
+}
+
+// RefreshAccessServiceToken updates the expiry of an Access Service Token
+// in place.
+//
+// API reference: https://api.cloudflare.com/#access-service-tokens-refresh-a-service-token
+func (api *API) RefreshAccessServiceToken(ctx context.Context, rc *ResourceContainer, id string) (AccessServiceTokenRefreshResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s/refresh", rc.Level, rc.Identifier, id)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return AccessServiceTokenRefreshResponse{}, err
+	}
+
+	var accessServiceTokenRefresh AccessServiceTokensRefreshDetailResponse
+	err = json.Unmarshal(res, &accessServiceTokenRefresh)
+	if err != nil {
+		return AccessServiceTokenRefreshResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokenRefresh.Result, nil
+}
+
+// RotateAccessServiceToken rotates the client secret of an Access Service
+// Token in place.
+// API reference: https://api.cloudflare.com/#access-service-tokens-rotate-a-service-token
+func (api *API) RotateAccessServiceToken(ctx context.Context, rc *ResourceContainer, id string) (AccessServiceTokenRotateResponse, error) {
+	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s/rotate", rc.Level, rc.Identifier, id)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return AccessServiceTokenRotateResponse{}, err
+	}
+
+	var accessServiceTokenRotate AccessServiceTokensRotateSecretDetailResponse
+	err = json.Unmarshal(res, &accessServiceTokenRotate)
+	if err != nil {
+		return AccessServiceTokenRotateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accessServiceTokenRotate.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_service_tokens_test.go b/pkg/cloudflare-go/access_service_tokens_test.go
new file mode 100644
index 0000000000..1f9ed8120b
--- /dev/null
+++ b/pkg/cloudflare-go/access_service_tokens_test.go
@@ -0,0 +1,313 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessServiceTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z",
+					"expires_at": "2015-01-01T05:20:00.12345Z",
+					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+					"name": "CI/CD token",
+					"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+					"duration": "8760h"
+				}
+			]
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expiresAt, _ := time.Parse(time.RFC3339, "2015-01-01T05:20:00.12345Z")
+
+	want := []AccessServiceToken{
+		{
+			CreatedAt: &createdAt,
+			UpdatedAt: &updatedAt,
+			ExpiresAt: &expiresAt,
+			ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			Name:      "CI/CD token",
+			ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
+			Duration:  "8760h",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens", handler)
+
+	actual, _, err := client.ListAccessServiceTokens(context.Background(), testAccountRC, ListAccessServiceTokensParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens", handler)
+
+	actual, _, err = client.ListAccessServiceTokens(context.Background(), testZoneRC, ListAccessServiceTokensParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessServiceToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_at": "2015-01-01T05:20:00.12345Z",
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "CI/CD token",
+				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+				"client_secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
+				"duration": "8760h"
+			}
+		}
+		`)
+	}
+
+	expected := AccessServiceTokenCreateResponse{
+		CreatedAt:    &createdAt,
+		UpdatedAt:    &updatedAt,
+		ExpiresAt:    &expiresAt,
+		ID:           "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:         "CI/CD token",
+		ClientID:     "88bf3b6d86161464f6509f7219099e57.access.example.com",
+		ClientSecret: "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
+		Duration:     "8760h",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens", handler)
+
+	actual, err := client.CreateAccessServiceToken(context.Background(), testAccountRC, CreateAccessServiceTokenParams{Name: "CI/CD token"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens", handler)
+
+	actual, err = client.CreateAccessServiceToken(context.Background(), testZoneRC, CreateAccessServiceTokenParams{Name: "CI/CD token"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestUpdateAccessServiceToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_at": "2015-01-01T05:20:00.12345Z",
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "CI/CD token",
+				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+				"duration": "8760h"
+			}
+		}
+		`)
+	}
+
+	expected := AccessServiceTokenUpdateResponse{
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		ExpiresAt: &expiresAt,
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "CI/CD token",
+		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
+		Duration:  "8760h",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.UpdateAccessServiceToken(context.Background(), testAccountRC, UpdateAccessServiceTokenParams{UUID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", Name: "CI/CD token"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.UpdateAccessServiceToken(context.Background(), testZoneRC, UpdateAccessServiceTokenParams{UUID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", Name: "CI/CD token"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestRefreshAccessServiceToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_at": "2015-01-01T05:20:00.12345Z",
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "CI/CD token",
+				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+				"duration": "8760h"
+			}
+		}
+		`)
+	}
+
+	expected := AccessServiceTokenRefreshResponse{
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		ExpiresAt: &expiresAt,
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "CI/CD token",
+		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
+		Duration:  "8760h",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/refresh", handler)
+
+	actual, err := client.RefreshAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestRotateAccessServiceToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_at": "2015-01-01T05:20:00.12345Z",
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "CI/CD token",
+				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+				"client_secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
+				"duration": "8760h"
+			}
+		}
+		`)
+	}
+
+	expected := AccessServiceTokenRotateResponse{
+		CreatedAt:    &createdAt,
+		UpdatedAt:    &updatedAt,
+		ExpiresAt:    &expiresAt,
+		ID:           "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:         "CI/CD token",
+		ClientID:     "88bf3b6d86161464f6509f7219099e57.access.example.com",
+		ClientSecret: "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
+		Duration:     "8760h",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/rotate", handler)
+
+	actual, err := client.RotateAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestDeleteAccessServiceToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"expires_at": "2015-01-01T05:20:00.12345Z",
+				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "CI/CD token",
+				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
+				"duration": "8760h"
+			}
+		}
+		`)
+	}
+
+	expected := AccessServiceTokenUpdateResponse{
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		ExpiresAt: &expiresAt,
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "CI/CD token",
+		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
+		Duration:  "8760h",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err := client.DeleteAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	actual, err = client.DeleteAccessServiceToken(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/access_tag.go b/pkg/cloudflare-go/access_tag.go
new file mode 100644
index 0000000000..9bba613d1e
--- /dev/null
+++ b/pkg/cloudflare-go/access_tag.go
@@ -0,0 +1,85 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type AccessTag struct {
+	Name     string `json:"name,omitempty"`
+	AppCount int    `json:"app_count,omitempty"`
+}
+
+type AccessTagListResponse struct {
+	Response
+	Result     []AccessTag `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type AccessTagResponse struct {
+	Response
+	Result AccessTag `json:"result"`
+}
+
+type ListAccessTagsParams struct{}
+
+type CreateAccessTagParams struct {
+	Name string `json:"name,omitempty"`
+}
+
+func (api *API) ListAccessTags(ctx context.Context, rc *ResourceContainer, params ListAccessTagsParams) ([]AccessTag, error) {
+	uri := buildURI(fmt.Sprintf("/%s/%s/access/tags", rc.Level, rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessTag{}, err
+	}
+
+	var TagsResponse AccessTagListResponse
+	err = json.Unmarshal(res, &TagsResponse)
+	if err != nil {
+		return []AccessTag{}, err
+	}
+	return TagsResponse.Result, nil
+}
+
+func (api *API) GetAccessTag(ctx context.Context, rc *ResourceContainer, tagName string) (AccessTag, error) {
+	uri := fmt.Sprintf("/%s/%s/access/tags/%s", rc.Level, rc.Identifier, tagName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccessTag{}, err
+	}
+
+	var TagResponse AccessTagResponse
+	err = json.Unmarshal(res, &TagResponse)
+	if err != nil {
+		return AccessTag{}, err
+	}
+	return TagResponse.Result, nil
+}
+
+func (api *API) CreateAccessTag(ctx context.Context, rc *ResourceContainer, params CreateAccessTagParams) (AccessTag, error) {
+	uri := fmt.Sprintf("/%s/%s/access/tags", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AccessTag{}, err
+	}
+
+	var TagResponse AccessTagResponse
+	err = json.Unmarshal(res, &TagResponse)
+	if err != nil {
+		return AccessTag{}, err
+	}
+	return TagResponse.Result, nil
+}
+
+func (api *API) DeleteAccessTag(ctx context.Context, rc *ResourceContainer, tagName string) error {
+	uri := fmt.Sprintf("/%s/%s/access/tags/%s", rc.Level, rc.Identifier, tagName)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_tag_test.go b/pkg/cloudflare-go/access_tag_test.go
new file mode 100644
index 0000000000..612a9e6c51
--- /dev/null
+++ b/pkg/cloudflare-go/access_tag_test.go
@@ -0,0 +1,136 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccessTags(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"name": "engineers",
+					"app_count": 0
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	want := []AccessTag{
+		{
+			Name:     "engineers",
+			AppCount: 0,
+		},
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags", handler)
+	actual, err := client.ListAccessTags(context.Background(), AccountIdentifier(testAccountID), ListAccessTagsParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccessTag(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "engineers",
+				"app_count": 0
+			}
+		}`)
+	}
+
+	want := AccessTag{
+		Name:     "engineers",
+		AppCount: 0,
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags/engineers", handler)
+	actual, err := client.GetAccessTag(context.Background(), AccountIdentifier(testAccountID), "engineers")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateAccessTag(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodPost, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "sales",
+				"app_count": 0
+			}
+		}`)
+	}
+
+	Tag := AccessTag{
+		Name:     "sales",
+		AppCount: 0,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags", handler)
+	actual, err := client.CreateAccessTag(context.Background(), AccountIdentifier(testAccountID), CreateAccessTagParams{
+		Name: "sales",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, Tag, actual)
+	}
+}
+
+func TestDeleteAccessTag(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodDelete, "HTTP method")
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			result: {
+				"id": "engineers"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags/engineers", handler)
+	err := client.DeleteAccessTag(context.Background(), AccountIdentifier(testAccountID), "engineers")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_user_tokens.go b/pkg/cloudflare-go/access_user_tokens.go
new file mode 100644
index 0000000000..ba32d7fbfe
--- /dev/null
+++ b/pkg/cloudflare-go/access_user_tokens.go
@@ -0,0 +1,24 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+)
+
+type RevokeAccessUserTokensParams struct {
+	Email string `json:"email"`
+}
+
+// RevokeAccessUserTokens revokes any outstanding tokens issued for a specific user
+// Access User.
+func (api *API) RevokeAccessUserTokens(ctx context.Context, rc *ResourceContainer, params RevokeAccessUserTokensParams) error {
+	uri := fmt.Sprintf("/%s/%s/access/organizations/revoke_user", rc.Level, rc.Identifier)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/access_user_tokens_test.go b/pkg/cloudflare-go/access_user_tokens_test.go
new file mode 100644
index 0000000000..921c9b85cf
--- /dev/null
+++ b/pkg/cloudflare-go/access_user_tokens_test.go
@@ -0,0 +1,52 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRevokeAccessUserTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"result": true
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations/revoke_user", handler)
+
+	err := client.RevokeAccessUserTokens(context.Background(), testAccountRC, RevokeAccessUserTokensParams{Email: "test@example.com"})
+
+	assert.NoError(t, err)
+}
+
+func TestRevokeZoneLevelAccessUserTokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"result": true
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations/revoke_user", handler)
+
+	err := client.RevokeAccessUserTokens(context.Background(), testZoneRC, RevokeAccessUserTokensParams{Email: "test@example.com"})
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/access_users.go b/pkg/cloudflare-go/access_users.go
new file mode 100644
index 0000000000..233ceb2bb6
--- /dev/null
+++ b/pkg/cloudflare-go/access_users.go
@@ -0,0 +1,362 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type AccessUserActiveSessionsResponse struct {
+	Result     []AccessUserActiveSessionResult `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+type AccessUserActiveSessionResult struct {
+	Expiration int64                           `json:"expiration"`
+	Metadata   AccessUserActiveSessionMetadata `json:"metadata"`
+	Name       string                          `json:"name"`
+}
+
+type AccessUserActiveSessionMetadata struct {
+	Apps    map[string]AccessUserActiveSessionMetadataApp `json:"apps"`
+	Expires int64                                         `json:"expires"`
+	IAT     int64                                         `json:"iat"`
+	Nonce   string                                        `json:"nonce"`
+	TTL     int64                                         `json:"ttl"`
+}
+
+type AccessUserActiveSessionMetadataApp struct {
+	Hostname string `json:"hostname"`
+	Name     string `json:"name"`
+	Type     string `json:"type"`
+	UID      string `json:"uid"`
+}
+
+type AccessUserDevicePosture struct {
+	Check       AccessUserDevicePostureCheck `json:"check"`
+	Data        map[string]interface{}       `json:"data"`
+	Description string                       `json:"description"`
+	Error       string                       `json:"error"`
+	ID          string                       `json:"id"`
+	RuleName    string                       `json:"rule_name"`
+	Success     *bool                        `json:"success"`
+	Timestamp   string                       `json:"timestamp"`
+	Type        string                       `json:"type"`
+}
+
+type AccessUserDeviceSession struct {
+	LastAuthenticated int64 `json:"last_authenticated"`
+}
+
+type AccessUserFailedLoginsResponse struct {
+	Result     []AccessUserFailedLoginResult `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+type AccessUserFailedLoginResult struct {
+	Expiration int64                         `json:"expiration"`
+	Metadata   AccessUserFailedLoginMetadata `json:"metadata"`
+}
+
+type AccessUserFailedLoginMetadata struct {
+	AppName   string `json:"app_name"`
+	Aud       string `json:"aud"`
+	Datetime  string `json:"datetime"`
+	RayID     string `json:"ray_id"`
+	UserEmail string `json:"user_email"`
+	UserUUID  string `json:"user_uuid"`
+}
+
+type AccessUserLastSeenIdentityResponse struct {
+	Result     AccessUserLastSeenIdentityResult `json:"result"`
+	ResultInfo ResultInfo                       `json:"result_info"`
+	Response
+}
+
+type AccessUserLastSeenIdentityResult struct {
+	AccountID          string                             `json:"account_id"`
+	AuthStatus         string                             `json:"auth_status"`
+	CommonName         string                             `json:"common_name"`
+	DeviceID           string                             `json:"device_id"`
+	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
+	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
+	Email              string                             `json:"email"`
+	Geo                AccessUserIdentityGeo              `json:"geo"`
+	IAT                int64                              `json:"iat"`
+	IDP                AccessUserIDP                      `json:"idp"`
+	IP                 string                             `json:"ip"`
+	IsGateway          *bool                              `json:"is_gateway"`
+	IsWarp             *bool                              `json:"is_warp"`
+	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
+	ServiceTokenID     string                             `json:"service_token_id"`
+	ServiceTokenStatus *bool                              `json:"service_token_status"`
+	UserUUID           string                             `json:"user_uuid"`
+	Version            int                                `json:"version"`
+}
+
+type AccessUserLastSeenIdentitySessionResponse struct {
+	Result     GetAccessUserLastSeenIdentityResult `json:"result"`
+	ResultInfo ResultInfo                          `json:"result_info"`
+	Response
+}
+
+type GetAccessUserLastSeenIdentityResult struct {
+	AccountID          string                             `json:"account_id"`
+	AuthStatus         string                             `json:"auth_status"`
+	CommonName         string                             `json:"common_name"`
+	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
+	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
+	DeviceID           string                             `json:"device_id"`
+	Email              string                             `json:"email"`
+	Geo                AccessUserIdentityGeo              `json:"geo"`
+	IAT                int64                              `json:"iat"`
+	IDP                AccessUserIDP                      `json:"idp"`
+	IP                 string                             `json:"ip"`
+	IsGateway          *bool                              `json:"is_gateway"`
+	IsWarp             *bool                              `json:"is_warp"`
+	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
+	ServiceTokenID     string                             `json:"service_token_id"`
+	ServiceTokenStatus *bool                              `json:"service_token_status"`
+	UserUUID           string                             `json:"user_uuid"`
+	Version            int                                `json:"version"`
+}
+
+type AccessUserDevicePostureCheck struct {
+	Exists *bool  `json:"exists"`
+	Path   string `json:"path"`
+}
+
+type AccessUserIdentityGeo struct {
+	Country string `json:"country"`
+}
+
+type AccessUserIDP struct {
+	ID   string `json:"id"`
+	Type string `json:"type"`
+}
+
+type AccessUserMTLSAuth struct {
+	AuthStatus    string `json:"auth_status"`
+	CertIssuerDN  string `json:"cert_issuer_dn"`
+	CertIssuerSKI string `json:"cert_issuer_ski"`
+	CertPresented *bool  `json:"cert_presented"`
+	CertSerial    string `json:"cert_serial"`
+}
+
+type AccessUserListResponse struct {
+	Result     []AccessUser `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+type AccessUser struct {
+	ID                  string `json:"id"`
+	AccessSeat          *bool  `json:"access_seat"`
+	ActiveDeviceCount   int    `json:"active_device_count"`
+	CreatedAt           string `json:"created_at"`
+	Email               string `json:"email"`
+	GatewaySeat         *bool  `json:"gateway_seat"`
+	LastSuccessfulLogin string `json:"last_successful_login"`
+	Name                string `json:"name"`
+	SeatUID             string `json:"seat_uid"`
+	UID                 string `json:"uid"`
+	UpdatedAt           string `json:"updated_at"`
+}
+
+type AccessUserParams struct {
+	ResultInfo
+}
+
+type GetAccessUserSingleActiveSessionResponse struct {
+	Result     GetAccessUserSingleActiveSessionResult `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+type GetAccessUserSingleActiveSessionResult struct {
+	AccountID          string                             `json:"account_id"`
+	AuthStatus         string                             `json:"auth_status"`
+	CommonName         string                             `json:"common_name"`
+	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
+	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
+	DeviceID           string                             `json:"device_id"`
+	Email              string                             `json:"email"`
+	Geo                AccessUserIdentityGeo              `json:"geo"`
+	IAT                int64                              `json:"iat"`
+	IDP                AccessUserIDP                      `json:"idp"`
+	IP                 string                             `json:"ip"`
+	IsGateway          *bool                              `json:"is_gateway"`
+	IsWarp             *bool                              `json:"is_warp"`
+	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
+	ServiceTokenID     string                             `json:"service_token_id"`
+	ServiceTokenStatus *bool                              `json:"service_token_status"`
+	UserUUID           string                             `json:"user_uuid"`
+	Version            int                                `json:"version"`
+	IsActive           *bool                              `json:"isActive"`
+}
+
+// ListAccessUsers returns a list of users for a single cloudflare access/zerotrust account.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-users
+func (api *API) ListAccessUsers(ctx context.Context, rc *ResourceContainer, params AccessUserParams) ([]AccessUser, *ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AccessUser{}, &ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	baseURL := fmt.Sprintf("/%s/%s/access/users", rc.Level, rc.Identifier)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var accessUsers []AccessUser
+	var resultInfo *ResultInfo = nil
+
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccessUser{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+		var r AccessUserListResponse
+		resultInfo = &r.ResultInfo
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccessUser{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		accessUsers = append(accessUsers, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return accessUsers, resultInfo, nil
+}
+
+// GetAccessUserActiveSessions returns a list of active sessions for an user.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-active-sessions
+func (api *API) GetAccessUserActiveSessions(ctx context.Context, rc *ResourceContainer, userID string) ([]AccessUserActiveSessionResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AccessUserActiveSessionResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/users/%s/active_sessions",
+		rc.Level,
+		rc.Identifier,
+		userID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessUserActiveSessionResult{}, err
+	}
+
+	var accessUserActiveSessionsResponse AccessUserActiveSessionsResponse
+	err = json.Unmarshal(res, &accessUserActiveSessionsResponse)
+	if err != nil {
+		return []AccessUserActiveSessionResult{}, err
+	}
+	return accessUserActiveSessionsResponse.Result, nil
+}
+
+// GetAccessUserSingleActiveSession returns a single active session for a user.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-active-session
+func (api *API) GetAccessUserSingleActiveSession(ctx context.Context, rc *ResourceContainer, userID string, sessionID string) (GetAccessUserSingleActiveSessionResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return GetAccessUserSingleActiveSessionResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/users/%s/active_sessions/%s",
+		rc.Level,
+		rc.Identifier,
+		userID,
+		sessionID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return GetAccessUserSingleActiveSessionResult{}, err
+	}
+
+	var accessUserActiveSingleSessionsResponse GetAccessUserSingleActiveSessionResponse
+	err = json.Unmarshal(res, &accessUserActiveSingleSessionsResponse)
+	if err != nil {
+		return GetAccessUserSingleActiveSessionResult{}, err
+	}
+	return accessUserActiveSingleSessionsResponse.Result, nil
+}
+
+// GetAccessUserFailedLogins returns a list of failed logins for a user.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-failed-logins
+func (api *API) GetAccessUserFailedLogins(ctx context.Context, rc *ResourceContainer, userID string) ([]AccessUserFailedLoginResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AccessUserFailedLoginResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/users/%s/failed_logins",
+		rc.Level,
+		rc.Identifier,
+		userID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccessUserFailedLoginResult{}, err
+	}
+
+	var accessUserFailedLoginsResponse AccessUserFailedLoginsResponse
+	err = json.Unmarshal(res, &accessUserFailedLoginsResponse)
+	if err != nil {
+		return []AccessUserFailedLoginResult{}, err
+	}
+	return accessUserFailedLoginsResponse.Result, nil
+}
+
+// GetAccessUserLastSeenIdentity returns the last seen identity for a user.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-last-seen-identity
+func (api *API) GetAccessUserLastSeenIdentity(ctx context.Context, rc *ResourceContainer, userID string) (GetAccessUserLastSeenIdentityResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return GetAccessUserLastSeenIdentityResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/access/users/%s/last_seen_identity",
+		rc.Level,
+		rc.Identifier,
+		userID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return GetAccessUserLastSeenIdentityResult{}, err
+	}
+
+	var accessUserLastSeenIdentityResponse AccessUserLastSeenIdentitySessionResponse
+	err = json.Unmarshal(res, &accessUserLastSeenIdentityResponse)
+	if err != nil {
+		return GetAccessUserLastSeenIdentityResult{}, err
+	}
+	return accessUserLastSeenIdentityResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/access_users_test.go b/pkg/cloudflare-go/access_users_test.go
new file mode 100644
index 0000000000..dd24d3f1f3
--- /dev/null
+++ b/pkg/cloudflare-go/access_users_test.go
@@ -0,0 +1,616 @@
+package cloudflare
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	testAccessUserID        = "access-user-id"
+	testAccessUserSessionID = "access-user-session-id"
+
+	expectedListAccessUserResult = []AccessUser{
+		{
+			AccessSeat:          BoolPtr(false),
+			ActiveDeviceCount:   2,
+			CreatedAt:           "2014-01-01T05:20:00.12345Z",
+			Email:               "jdoe@example.com",
+			GatewaySeat:         BoolPtr(false),
+			ID:                  "f3b12456-80dd-4e89-9f5f-ba3dfff12365",
+			LastSuccessfulLogin: "2020-07-01T05:20:00Z",
+			Name:                "Jane Doe",
+			SeatUID:             "",
+			UID:                 "",
+			UpdatedAt:           "2014-01-01T05:20:00.12345Z",
+		},
+		{
+			AccessSeat:          BoolPtr(true),
+			ActiveDeviceCount:   2,
+			CreatedAt:           "2024-01-01T05:20:00.12345Z",
+			Email:               "jhondoe@example.com",
+			GatewaySeat:         BoolPtr(true),
+			ID:                  "c3b12456-80dd-4e89-9f5f-ba3dfff12367",
+			LastSuccessfulLogin: "2020-07-01T05:20:00Z",
+			Name:                "Jhon Doe",
+			SeatUID:             "",
+			UID:                 "",
+			UpdatedAt:           "2014-01-01T05:20:00.12345Z",
+		},
+	}
+
+	expectedGetAccessUserActiveSessionsResult = AccessUserActiveSessionResult{
+		Expiration: 1694813506,
+		Metadata: AccessUserActiveSessionMetadata{
+			Apps: map[string]AccessUserActiveSessionMetadataApp{
+				"property1": {
+					Hostname: "test.example.com",
+					Name:     "app name",
+					Type:     "self_hosted",
+					UID:      "cc2a8145-0128-4429-87f3-872c4d380c4e",
+				},
+				"property2": {
+					Hostname: "test.example.com",
+					Name:     "app name",
+					Type:     "self_hosted",
+					UID:      "cc2a8145-0128-4429-87f3-872c4d380c4e",
+				},
+			},
+			Expires: 1694813506,
+			IAT:     1694791905,
+			Nonce:   "X1aXj1lFVcqqyoXF",
+			TTL:     21600,
+		},
+		Name: "string",
+	}
+
+	expectedGetAccessUserFailedLoginsResult = AccessUserFailedLoginResult{
+		Expiration: 0,
+		Metadata: AccessUserFailedLoginMetadata{
+			AppName:   "Test App",
+			Aud:       "39691c1480a2352a18ece567debc2b32552686cbd38eec0887aa18d5d3f00c04",
+			Datetime:  "2022-02-02T21:54:34.914Z",
+			RayID:     "6d76a8a42ead4133",
+			UserEmail: "test@cloudflare.com",
+			UserUUID:  "57171132-e453-4ee8-b2a5-8cbaad333207",
+		},
+	}
+
+	expectedGetAccessUserLastSeenIdentityResult = GetAccessUserLastSeenIdentityResult{
+		AccountID:  "1234567890",
+		AuthStatus: "NONE",
+		CommonName: "",
+		DevicePosture: map[string]AccessUserDevicePosture{
+			"property1": {
+				Check: AccessUserDevicePostureCheck{
+					Exists: BoolPtr(true),
+					Path:   "string",
+				},
+				Data:        map[string]interface{}{},
+				Description: "string",
+				Error:       "string",
+				ID:          "string",
+				RuleName:    "string",
+				Success:     BoolPtr(true),
+				Timestamp:   "string",
+				Type:        "string",
+			},
+			"property2": {
+				Check: AccessUserDevicePostureCheck{
+					Exists: BoolPtr(true),
+					Path:   "string",
+				},
+				Data:        map[string]interface{}{},
+				Description: "string",
+				Error:       "string",
+				ID:          "string",
+				RuleName:    "string",
+				Success:     BoolPtr(true),
+				Timestamp:   "string",
+				Type:        "string",
+			},
+		},
+		DeviceID: "",
+		DeviceSessions: map[string]AccessUserDeviceSession{
+			"property1": {
+				LastAuthenticated: 1638832687,
+			},
+			"property2": {
+				LastAuthenticated: 1638832687,
+			},
+		},
+		Email: "test@cloudflare.com",
+		Geo: AccessUserIdentityGeo{
+			Country: "US",
+		},
+		IAT: 1694791905,
+		IDP: AccessUserIDP{
+			ID:   "string",
+			Type: "string",
+		},
+		IP:        "127.0.0.0",
+		IsGateway: BoolPtr(false),
+		IsWarp:    BoolPtr(false),
+		MtlsAuth: AccessUserMTLSAuth{
+			AuthStatus:    "string",
+			CertIssuerDN:  "string",
+			CertIssuerSKI: "string",
+			CertPresented: BoolPtr(true),
+			CertSerial:    "string",
+		},
+		ServiceTokenID:     "",
+		ServiceTokenStatus: BoolPtr(false),
+		UserUUID:           "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
+		Version:            2,
+	}
+
+	expectedGetAccessUserSingleActiveSessionResult = GetAccessUserSingleActiveSessionResult{
+		AccountID:  "1234567890",
+		AuthStatus: "NONE",
+		CommonName: "",
+		DevicePosture: map[string]AccessUserDevicePosture{
+			"property1": {
+				Check: AccessUserDevicePostureCheck{
+					Exists: BoolPtr(true),
+					Path:   "string",
+				},
+				Data:        map[string]interface{}{},
+				Description: "string",
+				Error:       "string",
+				ID:          "string",
+				RuleName:    "string",
+				Success:     BoolPtr(true),
+				Timestamp:   "string",
+				Type:        "string",
+			},
+			"property2": {
+				Check: AccessUserDevicePostureCheck{
+					Exists: BoolPtr(true),
+					Path:   "string",
+				},
+				Data:        map[string]interface{}{},
+				Description: "string",
+				Error:       "string",
+				ID:          "string",
+				RuleName:    "string",
+				Success:     BoolPtr(true),
+				Timestamp:   "string",
+				Type:        "string",
+			},
+		},
+		DeviceID: "",
+		DeviceSessions: map[string]AccessUserDeviceSession{
+			"property1": {
+				LastAuthenticated: 1638832687,
+			},
+			"property2": {
+				LastAuthenticated: 1638832687,
+			},
+		},
+		Email: "test@cloudflare.com",
+		Geo: AccessUserIdentityGeo{
+			Country: "US",
+		},
+		IAT: 1694791905,
+		IDP: AccessUserIDP{
+			ID:   "string",
+			Type: "string",
+		},
+		IP:        "127.0.0.0",
+		IsGateway: BoolPtr(false),
+		IsWarp:    BoolPtr(false),
+		MtlsAuth: AccessUserMTLSAuth{
+			AuthStatus:    "string",
+			CertIssuerDN:  "string",
+			CertIssuerSKI: "string",
+			CertPresented: BoolPtr(true),
+			CertSerial:    "string",
+		},
+		ServiceTokenID:     "",
+		ServiceTokenStatus: BoolPtr(false),
+		UserUUID:           "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
+		Version:            2,
+		IsActive:           BoolPtr(true),
+	}
+)
+
+func TestListAccessUsers_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, _, err := client.ListAccessUsers(context.Background(), testZoneRC, AccessUserParams{})
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestListAccessUsers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		userList, err := json.Marshal(expectedListAccessUserResult)
+		assert.NoError(t, err, "Error marshaling expectedListAccessUserResult")
+
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": %s,
+			"success": true,
+			"result_info": {
+			  "count": 2,
+			  "page": 1,
+			  "per_page": 100,
+			  "total_count": 2
+			}
+		  }`, string(userList))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users", handler)
+
+	actual, _, err := client.ListAccessUsers(context.Background(), testAccountRC, AccessUserParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedListAccessUserResult, actual)
+	}
+}
+
+func TestListAccessUsersWithPagination(t *testing.T) {
+	setup()
+	defer teardown()
+	// page 1 of 2
+	page := 1
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		userList, err := json.Marshal(expectedListAccessUserResult)
+		assert.NoError(t, err, "Error marshaling expectedListAccessUserResult")
+
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": %s,
+			"success": true,
+			"result_info": {
+			  "count": 2,
+			  "page": %d,
+			  "per_page": 2,
+			  "total_count": 4
+			}
+		  }`, string(userList), page)
+		// increment page for the next call
+		page++
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users", handler)
+
+	actual, _, err := client.ListAccessUsers(context.Background(), testAccountRC, AccessUserParams{})
+	expected := []AccessUser{}
+	// two pages of the same expectedResult
+	expected = append(expected, expectedListAccessUserResult...)
+	expected = append(expected, expectedListAccessUserResult...)
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestGetGetAccessUserActiveSessions_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetAccessUserActiveSessions(context.Background(), testZoneRC, testAccessUserID)
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestGetGetAccessUserActiveSessions(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"expiration": 1694813506,
+				"metadata": {
+				  "apps": {
+					"property1": {
+					  "hostname": "test.example.com",
+					  "name": "app name",
+					  "type": "self_hosted",
+					  "uid": "cc2a8145-0128-4429-87f3-872c4d380c4e"
+					},
+					"property2": {
+					  "hostname": "test.example.com",
+					  "name": "app name",
+					  "type": "self_hosted",
+					  "uid": "cc2a8145-0128-4429-87f3-872c4d380c4e"
+					}
+				  },
+				  "expires": 1694813506,
+				  "iat": 1694791905,
+				  "nonce": "X1aXj1lFVcqqyoXF",
+				  "ttl": 21600
+				},
+				"name": "string"
+			  }
+			],
+			"success": true,
+			"result_info": {
+			  "count": 1,
+			  "page": 1,
+			  "per_page": 20,
+			  "total_count": 2000
+			}
+		  }
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/active_sessions", handler)
+
+	actual, err := client.GetAccessUserActiveSessions(context.Background(), testAccountRC, testAccessUserID)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessUserActiveSessionResult{expectedGetAccessUserActiveSessionsResult}, actual)
+	}
+}
+
+func TestGetAccessUserSingleActiveSession_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetAccessUserSingleActiveSession(context.Background(), testZoneRC, testAccessUserID, testAccessUserSessionID)
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestGetAccessUserSingleActiveSession(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "account_id": "1234567890",
+			  "auth_status": "NONE",
+			  "common_name": "",
+			  "devicePosture": {
+				"property1": {
+				  "check": {
+					"exists": true,
+					"path": "string"
+				  },
+				  "data": {},
+				  "description": "string",
+				  "error": "string",
+				  "id": "string",
+				  "rule_name": "string",
+				  "success": true,
+				  "timestamp": "string",
+				  "type": "string"
+				},
+				"property2": {
+				  "check": {
+					"exists": true,
+					"path": "string"
+				  },
+				  "data": {},
+				  "description": "string",
+				  "error": "string",
+				  "id": "string",
+				  "rule_name": "string",
+				  "success": true,
+				  "timestamp": "string",
+				  "type": "string"
+				}
+			  },
+			  "device_id": "",
+			  "device_sessions": {
+				"property1": {
+				  "last_authenticated": 1638832687
+				},
+				"property2": {
+				  "last_authenticated": 1638832687
+				}
+			  },
+			  "email": "test@cloudflare.com",
+			  "geo": {
+				"country": "US"
+			  },
+			  "iat": 1694791905,
+			  "idp": {
+				"id": "string",
+				"type": "string"
+			  },
+			  "ip": "127.0.0.0",
+			  "is_gateway": false,
+			  "is_warp": false,
+			  "mtls_auth": {
+				"auth_status": "string",
+				"cert_issuer_dn": "string",
+				"cert_issuer_ski": "string",
+				"cert_presented": true,
+				"cert_serial": "string"
+			  },
+			  "service_token_id": "",
+			  "service_token_status": false,
+			  "user_uuid": "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
+			  "version": 2,
+			  "isActive": true
+			},
+			"success": true
+		  }
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/active_sessions/"+testAccessUserSessionID, handler)
+
+	actual, err := client.GetAccessUserSingleActiveSession(context.Background(), testAccountRC, testAccessUserID, testAccessUserSessionID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedGetAccessUserSingleActiveSessionResult, actual)
+	}
+}
+
+func TestGetAccessUserFailedLogins_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetAccessUserFailedLogins(context.Background(), testZoneRC, testAccessUserID)
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestGetAccessUserFailedLogins(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"expiration": 0,
+				"metadata": {
+				  "app_name": "Test App",
+				  "aud": "39691c1480a2352a18ece567debc2b32552686cbd38eec0887aa18d5d3f00c04",
+				  "datetime": "2022-02-02T21:54:34.914Z",
+				  "ray_id": "6d76a8a42ead4133",
+				  "user_email": "test@cloudflare.com",
+				  "user_uuid": "57171132-e453-4ee8-b2a5-8cbaad333207"
+				}
+			  }
+			],
+			"success": true,
+			"result_info": {
+			  "count": 1,
+			  "page": 1,
+			  "per_page": 20,
+			  "total_count": 2000
+			}
+		  }
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/failed_logins", handler)
+
+	actual, err := client.GetAccessUserFailedLogins(context.Background(), testAccountRC, testAccessUserID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []AccessUserFailedLoginResult{expectedGetAccessUserFailedLoginsResult}, actual)
+	}
+}
+
+func TestGetAccessUserLastSeenIdentity_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetAccessUserLastSeenIdentity(context.Background(), testZoneRC, testAccessUserID)
+	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
+}
+
+func TestGetAccessUserLastSeenIdentity(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "errors": [],
+  "messages": [],
+  "result": {
+    "account_id": "1234567890",
+    "auth_status": "NONE",
+    "common_name": "",
+    "devicePosture": {
+      "property1": {
+        "check": {
+          "exists": true,
+          "path": "string"
+        },
+        "data": {},
+        "description": "string",
+        "error": "string",
+        "id": "string",
+        "rule_name": "string",
+        "success": true,
+        "timestamp": "string",
+        "type": "string"
+      },
+      "property2": {
+        "check": {
+          "exists": true,
+          "path": "string"
+        },
+        "data": {},
+        "description": "string",
+        "error": "string",
+        "id": "string",
+        "rule_name": "string",
+        "success": true,
+        "timestamp": "string",
+        "type": "string"
+      }
+    },
+    "device_id": "",
+    "device_sessions": {
+      "property1": {
+        "last_authenticated": 1638832687
+      },
+      "property2": {
+        "last_authenticated": 1638832687
+      }
+    },
+    "email": "test@cloudflare.com",
+    "geo": {
+      "country": "US"
+    },
+    "iat": 1694791905,
+    "idp": {
+      "id": "string",
+      "type": "string"
+    },
+    "ip": "127.0.0.0",
+    "is_gateway": false,
+    "is_warp": false,
+    "mtls_auth": {
+      "auth_status": "string",
+      "cert_issuer_dn": "string",
+      "cert_issuer_ski": "string",
+      "cert_presented": true,
+      "cert_serial": "string"
+    },
+    "service_token_id": "",
+    "service_token_status": false,
+    "user_uuid": "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
+    "version": 2
+  },
+  "success": true
+}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/last_seen_identity", handler)
+
+	actual, err := client.GetAccessUserLastSeenIdentity(context.Background(), testAccountRC, testAccessUserID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedGetAccessUserLastSeenIdentityResult, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/account_members.go b/pkg/cloudflare-go/account_members.go
new file mode 100644
index 0000000000..d6ecab560d
--- /dev/null
+++ b/pkg/cloudflare-go/account_members.go
@@ -0,0 +1,245 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// AccountMember is the definition of a member of an account.
+type AccountMember struct {
+	ID       string                   `json:"id"`
+	Code     string                   `json:"code"`
+	User     AccountMemberUserDetails `json:"user"`
+	Status   string                   `json:"status"`
+	Roles    []AccountRole            `json:"roles,omitempty"`
+	Policies []Policy                 `json:"policies,omitempty"`
+}
+
+// AccountMemberUserDetails outlines all the personal information about
+// a member.
+type AccountMemberUserDetails struct {
+	ID                             string `json:"id"`
+	FirstName                      string `json:"first_name"`
+	LastName                       string `json:"last_name"`
+	Email                          string `json:"email"`
+	TwoFactorAuthenticationEnabled bool   `json:"two_factor_authentication_enabled"`
+}
+
+// AccountMembersListResponse represents the response from the list
+// account members endpoint.
+type AccountMembersListResponse struct {
+	Result []AccountMember `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccountMemberDetailResponse is the API response, containing a single
+// account member.
+type AccountMemberDetailResponse struct {
+	Success  bool          `json:"success"`
+	Errors   []string      `json:"errors"`
+	Messages []string      `json:"messages"`
+	Result   AccountMember `json:"result"`
+}
+
+// AccountMemberInvitation represents the invitation for a new member to
+// the account.
+type AccountMemberInvitation struct {
+	Email    string   `json:"email"`
+	Roles    []string `json:"roles,omitempty"`
+	Policies []Policy `json:"policies,omitempty"`
+	Status   string   `json:"status,omitempty"`
+}
+
+const errMissingMemberRolesOrPolicies = "account member must be created with roles or policies (not both)"
+
+var ErrMissingMemberRolesOrPolicies = errors.New(errMissingMemberRolesOrPolicies)
+
+type CreateAccountMemberParams struct {
+	EmailAddress string
+	Roles        []string
+	Policies     []Policy
+	Status       string
+}
+
+// AccountMembers returns all members of an account.
+//
+// API reference: https://api.cloudflare.com/#accounts-list-accounts
+func (api *API) AccountMembers(ctx context.Context, accountID string, pageOpts PaginationOptions) ([]AccountMember, ResultInfo, error) {
+	if accountID == "" {
+		return []AccountMember{}, ResultInfo{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/members", accountID), pageOpts)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AccountMember{}, ResultInfo{}, err
+	}
+
+	var accountMemberListresponse AccountMembersListResponse
+	err = json.Unmarshal(res, &accountMemberListresponse)
+	if err != nil {
+		return []AccountMember{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accountMemberListresponse.Result, accountMemberListresponse.ResultInfo, nil
+}
+
+// CreateAccountMemberWithStatus invites a new member to join an account, allowing setting the status.
+//
+// Refer to the API reference for valid statuses.
+//
+// Deprecated: Use `CreateAccountMember` with a `Status` field instead.
+//
+// API reference: https://api.cloudflare.com/#account-members-add-member
+func (api *API) CreateAccountMemberWithStatus(ctx context.Context, accountID string, emailAddress string, roles []string, status string) (AccountMember, error) {
+	return api.CreateAccountMember(ctx, AccountIdentifier(accountID), CreateAccountMemberParams{
+		EmailAddress: emailAddress,
+		Roles:        roles,
+		Status:       status,
+	})
+}
+
+// CreateAccountMember invites a new member to join an account with roles.
+// The member will be placed into "pending" status and receive an email confirmation.
+// NOTE: If you are currently enrolled in Domain Scoped Roles, your roles will
+// be converted to policies upon member invitation.
+//
+// API reference: https://api.cloudflare.com/#account-members-add-member
+func (api *API) CreateAccountMember(ctx context.Context, rc *ResourceContainer, params CreateAccountMemberParams) (AccountMember, error) {
+	if rc.Level != AccountRouteLevel {
+		return AccountMember{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return AccountMember{}, ErrMissingAccountID
+	}
+
+	invite := AccountMemberInvitation{
+		Email:  params.EmailAddress,
+		Status: params.Status,
+	}
+
+	roles := []AccountRole{}
+	for i := 0; i < len(params.Roles); i++ {
+		roles = append(roles, AccountRole{ID: params.Roles[i]})
+	}
+	err := validateRolesAndPolicies(roles, params.Policies)
+	if err != nil {
+		return AccountMember{}, err
+	}
+
+	if params.Roles != nil {
+		invite.Roles = params.Roles
+	} else if params.Policies != nil {
+		invite.Policies = params.Policies
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/members", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, invite)
+	if err != nil {
+		return AccountMember{}, err
+	}
+
+	var accountMemberListResponse AccountMemberDetailResponse
+	err = json.Unmarshal(res, &accountMemberListResponse)
+	if err != nil {
+		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accountMemberListResponse.Result, nil
+}
+
+// DeleteAccountMember removes a member from an account.
+//
+// API reference: https://api.cloudflare.com/#account-members-remove-member
+func (api *API) DeleteAccountMember(ctx context.Context, accountID string, userID string) error {
+	if accountID == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/members/%s", accountID, userID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// UpdateAccountMember modifies an existing account member.
+//
+// API reference: https://api.cloudflare.com/#account-members-update-member
+func (api *API) UpdateAccountMember(ctx context.Context, accountID string, userID string, member AccountMember) (AccountMember, error) {
+	if accountID == "" {
+		return AccountMember{}, ErrMissingAccountID
+	}
+
+	err := validateRolesAndPolicies(member.Roles, member.Policies)
+	if err != nil {
+		return AccountMember{}, err
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/members/%s", accountID, userID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, member)
+	if err != nil {
+		return AccountMember{}, err
+	}
+
+	var accountMemberListResponse AccountMemberDetailResponse
+	err = json.Unmarshal(res, &accountMemberListResponse)
+	if err != nil {
+		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accountMemberListResponse.Result, nil
+}
+
+// AccountMember returns details of a single account member.
+//
+// API reference: https://api.cloudflare.com/#account-members-member-details
+func (api *API) AccountMember(ctx context.Context, accountID string, memberID string) (AccountMember, error) {
+	if accountID == "" {
+		return AccountMember{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf(
+		"/accounts/%s/members/%s",
+		accountID,
+		memberID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccountMember{}, err
+	}
+
+	var accountMemberResponse AccountMemberDetailResponse
+	err = json.Unmarshal(res, &accountMemberResponse)
+	if err != nil {
+		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accountMemberResponse.Result, nil
+}
+
+// validateRolesAndPolicies ensures either roles or policies are provided in
+// CreateAccountMember requests, but not both.
+func validateRolesAndPolicies(roles []AccountRole, policies []Policy) error {
+	hasRoles := len(roles) > 0
+	hasPolicies := len(policies) > 0
+	hasRolesOrPolicies := hasRoles || hasPolicies
+	hasRolesAndPolicies := hasRoles && hasPolicies
+	hasCorrectPermissions := hasRolesOrPolicies && !hasRolesAndPolicies
+	if !hasCorrectPermissions {
+		return ErrMissingMemberRolesOrPolicies
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/account_members_test.go b/pkg/cloudflare-go/account_members_test.go
new file mode 100644
index 0000000000..0834c110cb
--- /dev/null
+++ b/pkg/cloudflare-go/account_members_test.go
@@ -0,0 +1,633 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var expectedAccountMemberStruct = AccountMember{
+	ID:   "4536bcfad5faccb111b47003c79917fa",
+	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+	User: AccountMemberUserDetails{
+		ID:                             "7c5dae5552338874e5053f2534d2767a",
+		FirstName:                      "John",
+		LastName:                       "Appleseed",
+		Email:                          "user@example.com",
+		TwoFactorAuthenticationEnabled: false,
+	},
+	Status: "accepted",
+	Roles: []AccountRole{
+		{
+			ID:          "3536bcfad5faccb999b47003c79917fb",
+			Name:        "Account Administrator",
+			Description: "Administrative access to the entire Account",
+			Permissions: map[string]AccountRolePermission{
+				"analytics": {Read: true, Edit: true},
+				"billing":   {Read: true, Edit: false},
+			},
+		},
+	},
+}
+
+var expectedNewAccountMemberStruct = AccountMember{
+	ID:   "4536bcfad5faccb111b47003c79917fa",
+	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+	User: AccountMemberUserDetails{
+		Email:                          "user@example.com",
+		TwoFactorAuthenticationEnabled: false,
+	},
+	Status: "pending",
+	Roles: []AccountRole{
+		{
+			ID:          "3536bcfad5faccb999b47003c79917fb",
+			Name:        "Account Administrator",
+			Description: "Administrative access to the entire Account",
+			Permissions: map[string]AccountRolePermission{
+				"analytics": {Read: true, Edit: true},
+				"billing":   {Read: true, Edit: true},
+			},
+		},
+	},
+}
+
+var expectedNewAccountMemberAcceptedStruct = AccountMember{
+	ID:   "4536bcfad5faccb111b47003c79917fa",
+	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+	User: AccountMemberUserDetails{
+		Email:                          "user@example.com",
+		TwoFactorAuthenticationEnabled: false,
+	},
+	Status: "accepted",
+	Roles: []AccountRole{
+		{
+			ID:          "3536bcfad5faccb999b47003c79917fb",
+			Name:        "Account Administrator",
+			Description: "Administrative access to the entire Account",
+			Permissions: map[string]AccountRolePermission{
+				"analytics": {Read: true, Edit: true},
+				"billing":   {Read: true, Edit: true},
+			},
+		},
+	},
+}
+
+var newUpdatedAccountMemberStruct = AccountMember{
+	ID:   "4536bcfad5faccb111b47003c79917fa",
+	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+	User: AccountMemberUserDetails{
+		ID:                             "7c5dae5552338874e5053f2534d2767a",
+		FirstName:                      "John",
+		LastName:                       "Appleseeds",
+		Email:                          "new-user@example.com",
+		TwoFactorAuthenticationEnabled: false,
+	},
+	Status: "accepted",
+	Roles: []AccountRole{
+		{
+			ID:          "3536bcfad5faccb999b47003c79917fb",
+			Name:        "Account Administrator",
+			Description: "Administrative access to the entire Account",
+			Permissions: map[string]AccountRolePermission{
+				"analytics": {Read: true, Edit: true},
+				"billing":   {Read: true, Edit: true},
+			},
+		},
+	},
+}
+
+var mockPolicy = Policy{
+	ID: "mock-policy-id",
+	PermissionGroups: []PermissionGroup{{
+		ID:   "mock-permission-group-id",
+		Name: "mock-permission-group-name",
+		Permissions: []Permission{{
+			ID:  "mock-permission-id",
+			Key: "mock-permission-key",
+		}},
+	}},
+	ResourceGroups: []ResourceGroup{{
+		ID:   "mock-resource-group-id",
+		Name: "mock-resource-group-name",
+		Scope: Scope{
+			Key: "mock-resource-group-name",
+			ScopeObjects: []ScopeObject{{
+				Key: "*",
+			}},
+		},
+	}},
+	Access: "allow",
+}
+
+var expectedNewAccountMemberWithPoliciesStruct = AccountMember{
+	ID:   "new-member-with-polcies-id",
+	Code: "new-member-with-policies-code",
+	User: AccountMemberUserDetails{
+		ID:                             "new-member-with-policies-user-id",
+		FirstName:                      "John",
+		LastName:                       "Appleseed",
+		Email:                          "user@example.com",
+		TwoFactorAuthenticationEnabled: false,
+	},
+	Status:   "accepted",
+	Policies: []Policy{mockPolicy},
+}
+
+func TestAccountMembers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "4536bcfad5faccb111b47003c79917fa",
+					"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+					"user": {
+						"id": "7c5dae5552338874e5053f2534d2767a",
+						"first_name": "John",
+						"last_name": "Appleseed",
+						"email": "user@example.com",
+						"two_factor_authentication_enabled": false
+					},
+					"status": "accepted",
+					"roles": [
+						{
+							"id": "3536bcfad5faccb999b47003c79917fb",
+							"name": "Account Administrator",
+							"description": "Administrative access to the entire Account",
+							"permissions": {
+								"analytics": {
+									"read": true,
+									"edit": true
+								},
+								"billing": {
+									"read": true,
+									"edit": false
+								}
+							}
+						}
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
+	want := []AccountMember{expectedAccountMemberStruct}
+
+	actual, _, err := client.AccountMembers(context.Background(), "01a7362d577a6c3019a474fd6f485823", PaginationOptions{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccountMembersWithoutAccountID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, _, err := client.AccountMembers(context.Background(), "", PaginationOptions{})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+}
+
+func TestCreateAccountMemberWithStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "4536bcfad5faccb111b47003c79917fa",
+				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+				"user": {
+					"id": null,
+					"first_name": null,
+					"last_name": null,
+					"email": "user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "accepted",
+				"roles": [{
+					"id": "3536bcfad5faccb999b47003c79917fb",
+					"name": "Account Administrator",
+					"description": "Administrative access to the entire Account",
+					"permissions": {
+						"analytics": {
+							"read": true,
+							"edit": true
+						},
+						"billing": {
+							"read": true,
+							"edit": true
+						}
+					}
+				}]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
+
+	actual, err := client.CreateAccountMemberWithStatus(context.Background(), "01a7362d577a6c3019a474fd6f485823", "user@example.com", []string{"3536bcfad5faccb999b47003c79917fb"}, "accepted")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedNewAccountMemberAcceptedStruct, actual)
+	}
+}
+
+func TestCreateAccountMember(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "4536bcfad5faccb111b47003c79917fa",
+				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+				"user": {
+					"id": null,
+					"first_name": null,
+					"last_name": null,
+					"email": "user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "pending",
+				"roles": [{
+					"id": "3536bcfad5faccb999b47003c79917fb",
+					"name": "Account Administrator",
+					"description": "Administrative access to the entire Account",
+					"permissions": {
+						"analytics": {
+							"read": true,
+							"edit": true
+						},
+						"billing": {
+							"read": true,
+							"edit": true
+						}
+					}
+				}]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
+
+	createAccountParams := CreateAccountMemberParams{
+		EmailAddress: "user@example.com",
+		Roles:        []string{"3536bcfad5faccb999b47003c79917fb"},
+	}
+
+	actual, err := client.CreateAccountMember(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), createAccountParams)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedNewAccountMemberStruct, actual)
+	}
+}
+
+func TestCreateAccountMemberWithPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "new-member-with-polcies-id",
+				"code": "new-member-with-policies-code",
+				"user": {
+					"id": "new-member-with-policies-user-id",
+					"first_name": "John",
+					"last_name": "Appleseed",
+					"email": "user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "accepted",
+				"policies": [{
+					"id": "mock-policy-id",
+					"permission_groups": [{
+						"id": "mock-permission-group-id",
+						"name": "mock-permission-group-name",
+						"permissions": [{
+							"id": "mock-permission-id",
+							"key": "mock-permission-key"
+						}]
+					}],
+					"resource_groups": [{
+						"id": "mock-resource-group-id",
+						"name": "mock-resource-group-name",
+						"scope": {
+							"key": "mock-resource-group-name",
+							"objects": [{
+								"key": "*"
+							}]
+						}
+					}],
+					"access": "allow"
+				}]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
+	actual, err := client.CreateAccountMember(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), CreateAccountMemberParams{
+		EmailAddress: "user@example.com",
+		Roles:        nil,
+		Policies:     []Policy{mockPolicy},
+		Status:       "",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedNewAccountMemberWithPoliciesStruct, actual)
+	}
+}
+
+func TestCreateAccountMemberWithRolesAndPoliciesErr(t *testing.T) {
+	setup()
+	defer teardown()
+
+	accountResource := &ResourceContainer{
+		Level:      AccountRouteLevel,
+		Identifier: "01a7362d577a6c3019a474fd6f485823",
+	}
+	_, err := client.CreateAccountMember(context.Background(), accountResource, CreateAccountMemberParams{
+		EmailAddress: "user@example.com",
+		Roles:        []string{"fake-role-id"},
+		Policies:     []Policy{mockPolicy},
+		Status:       "active",
+	})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err, ErrMissingMemberRolesOrPolicies)
+	}
+}
+
+func TestCreateAccountMemberWithoutAccountID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	accountResource := &ResourceContainer{
+		Level:      AccountRouteLevel,
+		Identifier: "",
+	}
+	_, err := client.CreateAccountMember(context.Background(), accountResource, CreateAccountMemberParams{
+		EmailAddress: "user@example.com",
+		Roles:        []string{"fake-role-id"},
+		Status:       "active",
+	})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+}
+
+func TestUpdateAccountMember(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "4536bcfad5faccb111b47003c79917fa",
+				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+				"user": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"first_name": "John",
+					"last_name": "Appleseeds",
+					"email": "new-user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "accepted",
+				"roles": [{
+					"id": "3536bcfad5faccb999b47003c79917fb",
+					"name": "Account Administrator",
+					"description": "Administrative access to the entire Account",
+					"permissions": {
+						"analytics": {
+							"read": true,
+							"edit": true
+						},
+						"billing": {
+							"read": true,
+							"edit": true
+						}
+					}
+				}]
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members/4536bcfad5faccb111b47003c79917fa", handler)
+
+	actual, err := client.UpdateAccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "4536bcfad5faccb111b47003c79917fa", newUpdatedAccountMemberStruct)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, newUpdatedAccountMemberStruct, actual)
+	}
+}
+
+func TestUpdateAccountMemberWithPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "new-member-with-polcies-id",
+				"code": "new-member-with-policies-code",
+				"user": {
+					"id": "new-member-with-policies-user-id",
+					"first_name": "John",
+					"last_name": "Appleseed",
+					"email": "user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "accepted",
+				"policies": [{
+					"id": "mock-policy-id",
+					"permission_groups": [{
+						"id": "mock-permission-group-id",
+						"name": "mock-permission-group-name",
+						"permissions": [{
+							"id": "mock-permission-id",
+							"key": "mock-permission-key"
+						}]
+					}],
+					"resource_groups": [{
+						"id": "mock-resource-group-id",
+						"name": "mock-resource-group-name",
+						"scope": {
+							"key": "mock-resource-group-name",
+							"objects": [{
+								"key": "*"
+							}]
+						}
+					}],
+					"access": "allow"
+				}]
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members/new-member-with-polcies-id", handler)
+
+	actual, err := client.UpdateAccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "new-member-with-polcies-id", expectedNewAccountMemberWithPoliciesStruct)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedNewAccountMemberWithPoliciesStruct, actual)
+	}
+}
+
+func UpdateAccountMemberWithRolesAndPoliciesErr(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccountMember(context.Background(),
+		"01a7362d577a6c3019a474fd6f485823",
+		"",
+		AccountMember{
+			Roles: []AccountRole{{
+				ID: "some-role",
+			}},
+			Policies: []Policy{mockPolicy},
+		},
+	)
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err, ErrMissingMemberRolesOrPolicies)
+	}
+}
+
+func TestUpdateAccountMemberWithoutAccountID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateAccountMember(context.Background(), "", "4536bcfad5faccb111b47003c79917fa", newUpdatedAccountMemberStruct)
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+}
+
+func TestAccountMember(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "4536bcfad5faccb111b47003c79917fa",
+				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
+				"user": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"first_name": "John",
+					"last_name": "Appleseed",
+					"email": "user@example.com",
+					"two_factor_authentication_enabled": false
+				},
+				"status": "accepted",
+				"roles": [
+					{
+						"id": "3536bcfad5faccb999b47003c79917fb",
+						"name": "Account Administrator",
+						"description": "Administrative access to the entire Account",
+						"permissions": {
+							"analytics": {
+								"read": true,
+								"edit": true
+							},
+							"billing": {
+								"read": true,
+								"edit": false
+							}
+						}
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/members/4536bcfad5faccb111b47003c79917fa", handler)
+
+	actual, err := client.AccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "4536bcfad5faccb111b47003c79917fa")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccountMemberStruct, actual)
+	}
+}
+
+func TestAccountMemberWithoutAccountID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.AccountMember(context.Background(), "", "4536bcfad5faccb111b47003c79917fa")
+
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+}
diff --git a/pkg/cloudflare-go/account_roles.go b/pkg/cloudflare-go/account_roles.go
new file mode 100644
index 0000000000..d216ae3105
--- /dev/null
+++ b/pkg/cloudflare-go/account_roles.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// AccountRole defines the roles that a member can have attached.
+type AccountRole struct {
+	ID          string                           `json:"id"`
+	Name        string                           `json:"name"`
+	Description string                           `json:"description"`
+	Permissions map[string]AccountRolePermission `json:"permissions"`
+}
+
+// AccountRolePermission is the shared structure for all permissions
+// that can be assigned to a member.
+type AccountRolePermission struct {
+	Read bool `json:"read"`
+	Edit bool `json:"edit"`
+}
+
+// AccountRolesListResponse represents the list response from the
+// account roles.
+type AccountRolesListResponse struct {
+	Result []AccountRole `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccountRoleDetailResponse is the API response, containing a single
+// account role.
+type AccountRoleDetailResponse struct {
+	Success  bool        `json:"success"`
+	Errors   []string    `json:"errors"`
+	Messages []string    `json:"messages"`
+	Result   AccountRole `json:"result"`
+}
+
+type ListAccountRolesParams struct {
+	ResultInfo
+}
+
+// ListAccountRoles returns all roles of an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/account-roles-list-roles
+func (api *API) ListAccountRoles(ctx context.Context, rc *ResourceContainer, params ListAccountRolesParams) ([]AccountRole, error) {
+	if rc.Identifier == "" {
+		return []AccountRole{}, ErrMissingAccountID
+	}
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+	var roles []AccountRole
+	var r AccountRolesListResponse
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/roles", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []AccountRole{}, err
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []AccountRole{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		roles = append(roles, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return roles, nil
+}
+
+// GetAccountRole returns the details of a single account role.
+//
+// API reference: https://developers.cloudflare.com/api/operations/account-roles-role-details
+func (api *API) GetAccountRole(ctx context.Context, rc *ResourceContainer, roleID string) (AccountRole, error) {
+	if rc.Identifier == "" {
+		return AccountRole{}, ErrMissingAccountID
+	}
+	uri := fmt.Sprintf("/accounts/%s/roles/%s", rc.Identifier, roleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AccountRole{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var accountRole AccountRoleDetailResponse
+	err = json.Unmarshal(res, &accountRole)
+	if err != nil {
+		return AccountRole{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accountRole.Result, nil
+}
diff --git a/pkg/cloudflare-go/account_roles_test.go b/pkg/cloudflare-go/account_roles_test.go
new file mode 100644
index 0000000000..22d0ac9055
--- /dev/null
+++ b/pkg/cloudflare-go/account_roles_test.go
@@ -0,0 +1,121 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var expectedAccountRole = AccountRole{
+	ID:          "3536bcfad5faccb999b47003c79917fb",
+	Name:        "Account Administrator",
+	Description: "Administrative access to the entire Account",
+	Permissions: map[string]AccountRolePermission{
+		"dns_records": {Read: true, Edit: true},
+		"lb":          {Read: true, Edit: false},
+	},
+}
+
+func TestAccountRoles(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "3536bcfad5faccb999b47003c79917fb",
+					"name": "Account Administrator",
+					"description": "Administrative access to the entire Account",
+					"permissions": {
+						"dns_records": {
+							"read": true,
+							"edit": true
+						},
+						"lb": {
+							"read": true,
+							"edit": false
+						}
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/roles", testAccountID), handler)
+	want := []AccountRole{expectedAccountRole}
+	_, err := client.ListAccountRoles(context.Background(), AccountIdentifier(""), ListAccountRolesParams{})
+	if assert.Error(t, err, "Expected error when no account ID is provided") {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	actual, err := client.ListAccountRoles(context.Background(), testAccountRC, ListAccountRolesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccountRole(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "3536bcfad5faccb999b47003c79917fb",
+				"name": "Account Administrator",
+				"description": "Administrative access to the entire Account",
+				"permissions": {
+					"dns_records": {
+						"read": true,
+						"edit": true
+					},
+					"lb": {
+						"read": true,
+						"edit": false
+					}
+				}
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/roles/3536bcfad5faccb999b47003c79917fb", testAccountID), handler)
+	_, err := client.GetAccountRole(context.Background(), AccountIdentifier(""), "3536bcfad5faccb999b47003c79917fb")
+	if assert.Error(t, err, "Expected error when no account ID is provided") {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	actual, err := client.GetAccountRole(context.Background(), testAccountRC, "3536bcfad5faccb999b47003c79917fb")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAccountRole, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/accounts.go b/pkg/cloudflare-go/accounts.go
new file mode 100644
index 0000000000..aee3c6aef2
--- /dev/null
+++ b/pkg/cloudflare-go/accounts.go
@@ -0,0 +1,151 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccountSettings outlines the available options for an account.
+type AccountSettings struct {
+	EnforceTwoFactor bool `json:"enforce_twofactor"`
+}
+
+// Account represents the root object that owns resources.
+type Account struct {
+	ID        string           `json:"id,omitempty"`
+	Name      string           `json:"name,omitempty"`
+	Type      string           `json:"type,omitempty"`
+	CreatedOn time.Time        `json:"created_on,omitempty"`
+	Settings  *AccountSettings `json:"settings,omitempty"`
+}
+
+// AccountResponse represents the response from the accounts endpoint for a
+// single account ID.
+type AccountResponse struct {
+	Result Account `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccountListResponse represents the response from the list accounts endpoint.
+type AccountListResponse struct {
+	Result []Account `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccountDetailResponse is the API response, containing a single Account.
+type AccountDetailResponse struct {
+	Success  bool     `json:"success"`
+	Errors   []string `json:"errors"`
+	Messages []string `json:"messages"`
+	Result   Account  `json:"result"`
+}
+
+// AccountsListParams holds the filterable options for Accounts.
+type AccountsListParams struct {
+	Name string `url:"name,omitempty"`
+
+	PaginationOptions
+}
+
+// Accounts returns all accounts the logged in user has access to.
+//
+// API reference: https://api.cloudflare.com/#accounts-list-accounts
+func (api *API) Accounts(ctx context.Context, params AccountsListParams) ([]Account, ResultInfo, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, buildURI("/accounts", params), nil)
+	if err != nil {
+		return []Account{}, ResultInfo{}, err
+	}
+
+	var accListResponse AccountListResponse
+	err = json.Unmarshal(res, &accListResponse)
+	if err != nil {
+		return []Account{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return accListResponse.Result, accListResponse.ResultInfo, nil
+}
+
+// Account returns a single account based on the ID.
+//
+// API reference: https://api.cloudflare.com/#accounts-account-details
+func (api *API) Account(ctx context.Context, accountID string) (Account, ResultInfo, error) {
+	uri := fmt.Sprintf("/accounts/%s", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Account{}, ResultInfo{}, err
+	}
+
+	var accResponse AccountResponse
+	err = json.Unmarshal(res, &accResponse)
+	if err != nil {
+		return Account{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return accResponse.Result, accResponse.ResultInfo, nil
+}
+
+// UpdateAccount allows management of an account using the account ID.
+//
+// API reference: https://api.cloudflare.com/#accounts-update-account
+func (api *API) UpdateAccount(ctx context.Context, accountID string, account Account) (Account, error) {
+	uri := fmt.Sprintf("/accounts/%s", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, account)
+	if err != nil {
+		return Account{}, err
+	}
+
+	var a AccountDetailResponse
+	err = json.Unmarshal(res, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return a.Result, nil
+}
+
+// CreateAccount creates a new account. Note: This requires the Tenant
+// entitlement.
+//
+// API reference: https://developers.cloudflare.com/tenant/tutorial/provisioning-resources#creating-an-account
+func (api *API) CreateAccount(ctx context.Context, account Account) (Account, error) {
+	uri := "/accounts"
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, account)
+	if err != nil {
+		return Account{}, err
+	}
+
+	var a AccountDetailResponse
+	err = json.Unmarshal(res, &a)
+	if err != nil {
+		return Account{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return a.Result, nil
+}
+
+// DeleteAccount removes an account. Note: This requires the Tenant
+// entitlement.
+//
+// API reference: https://developers.cloudflare.com/tenant/tutorial/provisioning-resources#optional-deleting-accounts
+func (api *API) DeleteAccount(ctx context.Context, accountID string) error {
+	if accountID == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s", accountID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/accounts_test.go b/pkg/cloudflare-go/accounts_test.go
new file mode 100644
index 0000000000..0f0fecc9c7
--- /dev/null
+++ b/pkg/cloudflare-go/accounts_test.go
@@ -0,0 +1,227 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	accountCreatedOn, _   = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	expectedAccountStruct = Account{
+		ID:        "01a7362d577a6c3019a474fd6f485823",
+		Name:      "Cloudflare Demo",
+		CreatedOn: accountCreatedOn,
+		Settings: &AccountSettings{
+			EnforceTwoFactor: false,
+		},
+	}
+)
+
+func TestAccounts(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "01a7362d577a6c3019a474fd6f485823",
+					"name": "Cloudflare Demo",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"settings": {
+						"enforce_twofactor": false
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts", handler)
+	want := []Account{expectedAccountStruct}
+
+	actual, _, err := client.Accounts(context.Background(), AccountsListParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "01a7362d577a6c3019a474fd6f485823",
+				"name": "Cloudflare Demo",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"settings": {
+					"enforce_twofactor": false
+				}
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823", handler)
+	want := expectedAccountStruct
+
+	actual, _, err := client.Account(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+				"id":"01a7362d577a6c3019a474fd6f485823",
+				"name":"Cloudflare Demo - New",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"settings":{
+					"enforce_twofactor":false
+					}
+				}`, string(b), "JSON payload not equal")
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "01a7362d577a6c3019a474fd6f485823",
+				"name": "Cloudflare Demo - New",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"settings": {
+					"enforce_twofactor": false
+				}
+			}
+		}`)
+	})
+
+	oldAccountDetails := Account{
+		ID:        "01a7362d577a6c3019a474fd6f485823",
+		Name:      "Cloudflare Demo - Old",
+		CreatedOn: accountCreatedOn,
+		Settings: &AccountSettings{
+			EnforceTwoFactor: false,
+		},
+	}
+
+	newAccountDetails := Account{
+		ID:        "01a7362d577a6c3019a474fd6f485823",
+		Name:      "Cloudflare Demo - New",
+		CreatedOn: accountCreatedOn,
+		Settings: &AccountSettings{
+			EnforceTwoFactor: false,
+		},
+	}
+
+	account, err := client.UpdateAccount(context.Background(), newAccountDetails.ID, newAccountDetails)
+	if assert.NoError(t, err) {
+		assert.NotEqual(t, oldAccountDetails.Name, account.Name)
+		assert.Equal(t, account.Name, "Cloudflare Demo - New")
+	}
+}
+
+func TestCreateAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "Cloudflare Demo",
+				"type": "standard"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts", handler)
+	newAccount := Account{
+		Name: "Cloudflare Demo",
+		Type: "standard",
+	}
+
+	actual, err := client.CreateAccount(context.Background(), newAccount)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, newAccount, actual)
+	}
+}
+
+func TestDeleteAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "1b16db169c9cb7853009857198fae1b9"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID, handler)
+	err := client.DeleteAccount(context.Background(), testAccountID)
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/addressing_address_map.go b/pkg/cloudflare-go/addressing_address_map.go
new file mode 100644
index 0000000000..0109e79bb8
--- /dev/null
+++ b/pkg/cloudflare-go/addressing_address_map.go
@@ -0,0 +1,285 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AddressMap contains information about an address map.
+type AddressMap struct {
+	ID           string                 `json:"id"`
+	Description  *string                `json:"description,omitempty"`
+	DefaultSNI   *string                `json:"default_sni"`
+	Enabled      *bool                  `json:"enabled"`
+	Deletable    *bool                  `json:"can_delete"`
+	CanModifyIPs *bool                  `json:"can_modify_ips"`
+	Memberships  []AddressMapMembership `json:"memberships"`
+	IPs          []AddressMapIP         `json:"ips"`
+	CreatedAt    time.Time              `json:"created_at"`
+	ModifiedAt   time.Time              `json:"modified_at"`
+}
+
+type AddressMapIP struct {
+	IP        string    `json:"ip"`
+	CreatedAt time.Time `json:"created_at"`
+}
+
+type AddressMapMembershipContainer struct {
+	Identifier string                   `json:"identifier"`
+	Kind       AddressMapMembershipKind `json:"kind"`
+}
+
+type AddressMapMembership struct {
+	Identifier string                   `json:"identifier"`
+	Kind       AddressMapMembershipKind `json:"kind"`
+	Deletable  *bool                    `json:"can_delete"`
+	CreatedAt  time.Time                `json:"created_at"`
+}
+
+func (ammb *AddressMapMembershipContainer) URLFragment() string {
+	switch ammb.Kind {
+	case AddressMapMembershipAccount:
+		return fmt.Sprintf("accounts/%s", ammb.Identifier)
+	case AddressMapMembershipZone:
+		return fmt.Sprintf("zones/%s", ammb.Identifier)
+	default:
+		return fmt.Sprintf("%s/%s", ammb.Kind, ammb.Identifier)
+	}
+}
+
+type AddressMapMembershipKind string
+
+const (
+	AddressMapMembershipZone    AddressMapMembershipKind = "zone"
+	AddressMapMembershipAccount AddressMapMembershipKind = "account"
+)
+
+// ListAddressMapResponse contains a slice of address maps.
+type ListAddressMapResponse struct {
+	Response
+	Result []AddressMap `json:"result"`
+}
+
+// GetAddressMapResponse contains a specific address map's API Response.
+type GetAddressMapResponse struct {
+	Response
+	Result AddressMap `json:"result"`
+}
+
+// CreateAddressMapParams contains information about an address map to be created.
+type CreateAddressMapParams struct {
+	Description *string                         `json:"description"`
+	Enabled     *bool                           `json:"enabled"`
+	IPs         []string                        `json:"ips"`
+	Memberships []AddressMapMembershipContainer `json:"memberships"`
+}
+
+// UpdateAddressMapParams contains information about an address map to be updated.
+type UpdateAddressMapParams struct {
+	ID          string  `json:"-"`
+	Description *string `json:"description,omitempty"`
+	Enabled     *bool   `json:"enabled,omitempty"`
+	DefaultSNI  *string `json:"default_sni,omitempty"`
+}
+
+// AddressMapFilter contains filter parameters for finding a list of address maps.
+type ListAddressMapsParams struct {
+	IP   *string `url:"ip,omitempty"`
+	CIDR *string `url:"cidr,omitempty"`
+}
+
+// CreateIPAddressToAddressMapParams contains request parameters to add/remove IP address to/from an address map.
+type CreateIPAddressToAddressMapParams struct {
+	// ID represents the target address map for adding the IP address.
+	ID string
+	// The IP address.
+	IP string
+}
+
+// CreateMembershipToAddressMapParams contains request parameters to add/remove membership from an address map.
+type CreateMembershipToAddressMapParams struct {
+	// ID represents the target address map for adding the membershp.
+	ID         string
+	Membership AddressMapMembershipContainer
+}
+
+type DeleteMembershipFromAddressMapParams struct {
+	// ID represents the target address map for removing the IP address.
+	ID         string
+	Membership AddressMapMembershipContainer
+}
+
+type DeleteIPAddressFromAddressMapParams struct {
+	// ID represents the target address map for adding the membershp.
+	ID string
+	IP string
+}
+
+// ListAddressMaps lists all address maps owned by the account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-list-address-maps
+func (api *API) ListAddressMaps(ctx context.Context, rc *ResourceContainer, params ListAddressMapsParams) ([]AddressMap, error) {
+	if rc.Level != AccountRouteLevel {
+		return []AddressMap{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/addressing/address_maps", rc.URLFragment()), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []AddressMap{}, err
+	}
+
+	result := ListAddressMapResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// CreateAddressMap creates a new address map under the account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-create-address-map
+func (api *API) CreateAddressMap(ctx context.Context, rc *ResourceContainer, params CreateAddressMapParams) (AddressMap, error) {
+	if rc.Level != AccountRouteLevel {
+		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps", rc.URLFragment())
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return AddressMap{}, err
+	}
+
+	result := GetAddressMapResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetAddressMap returns a specific address map.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-address-map-details
+func (api *API) GetAddressMap(ctx context.Context, rc *ResourceContainer, id string) (AddressMap, error) {
+	if rc.Level != AccountRouteLevel {
+		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AddressMap{}, err
+	}
+
+	result := GetAddressMapResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateAddressMap modifies properties of an address map owned by the account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-update-address-map
+func (api *API) UpdateAddressMap(ctx context.Context, rc *ResourceContainer, params UpdateAddressMapParams) (AddressMap, error) {
+	if rc.Level != AccountRouteLevel {
+		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return AddressMap{}, err
+	}
+
+	result := GetAddressMapResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteAddressMap deletes a particular address map owned by the account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-delete-address-map
+func (api *API) DeleteAddressMap(ctx context.Context, rc *ResourceContainer, id string) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), id)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	return err
+}
+
+// CreateIPAddressToAddressMap adds an IP address from a prefix owned by the account to a particular address map.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-an-ip-to-an-address-map
+func (api *API) CreateIPAddressToAddressMap(ctx context.Context, rc *ResourceContainer, params CreateIPAddressToAddressMapParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/ips/%s", rc.URLFragment(), params.ID, params.IP)
+	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
+	return err
+}
+
+// DeleteIPAddressFromAddressMap removes an IP address from a particular address map.
+//
+// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-an-ip-from-an-address-map
+func (api *API) DeleteIPAddressFromAddressMap(ctx context.Context, rc *ResourceContainer, params DeleteIPAddressFromAddressMapParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/ips/%s", rc.URLFragment(), params.ID, params.IP)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	return err
+}
+
+// CreateMembershipToAddressMap adds a zone/account as a member of a particular address map.
+//
+// API reference:
+//   - account: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-an-account-membership-to-an-address-map
+//   - zone: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-a-zone-membership-to-an-address-map
+func (api *API) CreateMembershipToAddressMap(ctx context.Context, rc *ResourceContainer, params CreateMembershipToAddressMapParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	if params.Membership.Kind != AddressMapMembershipZone && params.Membership.Kind != AddressMapMembershipAccount {
+		return fmt.Errorf("requested membershp kind (%q) is not supported", params.Membership.Kind)
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/%s", rc.URLFragment(), params.ID, params.Membership.URLFragment())
+	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
+	return err
+}
+
+// DeleteMembershipFromAddressMap removes a zone/account as a member of a particular address map.
+//
+// API reference:
+//   - account: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-an-account-membership-from-an-address-map
+//   - zone: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-a-zone-membership-from-an-address-map
+func (api *API) DeleteMembershipFromAddressMap(ctx context.Context, rc *ResourceContainer, params DeleteMembershipFromAddressMapParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	if params.Membership.Kind != AddressMapMembershipZone && params.Membership.Kind != AddressMapMembershipAccount {
+		return fmt.Errorf("requested membershp kind (%q) is not supported", params.Membership.Kind)
+	}
+
+	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/%s", rc.URLFragment(), params.ID, params.Membership.URLFragment())
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	return err
+}
diff --git a/pkg/cloudflare-go/addressing_address_map_test.go b/pkg/cloudflare-go/addressing_address_map_test.go
new file mode 100644
index 0000000000..0bbb3dd606
--- /dev/null
+++ b/pkg/cloudflare-go/addressing_address_map_test.go
@@ -0,0 +1,384 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	addressMapDesc       = "My Ecommerce zones"
+	addressMapDefaultSNI = "*.example.com"
+)
+
+func TestListAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expectedIP := "127.0.0.1"
+	expectedCIDR := "127.0.0.1/24"
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		actualIP := r.URL.Query().Get("ip")
+		assert.Equal(t, expectedIP, actualIP, "Expected ip %q, got %q", expectedIP, actualIP)
+
+		actualCIDR := r.URL.Query().Get("cidr")
+		assert.Equal(t, expectedCIDR, actualCIDR, "Expected cidr %q, got %q", expectedCIDR, actualCIDR)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [{
+			  "id": "9a7806061c88ada191ed06f989cc3dac",
+			  "description": "My Ecommerce zones",
+			  "can_delete": true,
+			  "can_modify_ips": true,
+			  "default_sni": "*.example.com",
+			  "created_at": "2023-01-01T05:20:00.12345Z",
+			  "modified_at": "2023-01-05T05:20:00.12345Z",
+			  "enabled": true,
+			  "ips": [
+				{
+				  "ip": "192.0.2.1",
+				  "created_at": "2023-01-02T05:20:00.12345Z"
+				}
+			  ],
+			  "memberships": [
+				{
+				  "kind": "zone",
+				  "identifier": "01a7362d577a6c3019a474fd6f485823",
+				  "can_delete": true,
+				  "created_at": "2023-01-03T05:20:00.12345Z"
+				}
+			  ]
+			}]
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
+	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
+	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
+
+	want := []AddressMap{
+		{
+			ID:           "9a7806061c88ada191ed06f989cc3dac",
+			CreatedAt:    createdAt,
+			ModifiedAt:   modifiedAt,
+			Description:  &addressMapDesc,
+			Deletable:    BoolPtr(true),
+			CanModifyIPs: BoolPtr(true),
+			DefaultSNI:   &addressMapDefaultSNI,
+			Enabled:      BoolPtr(true),
+			IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
+			Memberships: []AddressMapMembership{{
+				Identifier: "01a7362d577a6c3019a474fd6f485823",
+				Kind:       AddressMapMembershipZone,
+				Deletable:  BoolPtr(true),
+				CreatedAt:  membershipCreatedAt,
+			}},
+		},
+	}
+
+	actual, err := client.ListAddressMaps(context.Background(), AccountIdentifier(testAccountID), ListAddressMapsParams{&expectedIP, &expectedCIDR})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "9a7806061c88ada191ed06f989cc3dac",
+			  "description": "My Ecommerce zones",
+			  "can_delete": true,
+			  "can_modify_ips": true,
+			  "default_sni": "*.example.com",
+			  "created_at": "2023-01-01T05:20:00.12345Z",
+			  "modified_at": "2023-01-05T05:20:00.12345Z",
+			  "enabled": true,
+			  "ips": [
+				{
+				  "ip": "192.0.2.1",
+				  "created_at": "2023-01-02T05:20:00.12345Z"
+				}
+			  ],
+			  "memberships": [
+				{
+				  "kind": "zone",
+				  "identifier": "01a7362d577a6c3019a474fd6f485823",
+				  "can_delete": true,
+				  "created_at": "2023-01-03T05:20:00.12345Z"
+				}
+			  ]
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
+	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
+	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
+
+	want := AddressMap{
+		ID:           "9a7806061c88ada191ed06f989cc3dac",
+		CreatedAt:    createdAt,
+		ModifiedAt:   modifiedAt,
+		Description:  &addressMapDesc,
+		Deletable:    BoolPtr(true),
+		CanModifyIPs: BoolPtr(true),
+		DefaultSNI:   &addressMapDefaultSNI,
+		Enabled:      BoolPtr(true),
+		IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
+		Memberships: []AddressMapMembership{{
+			Identifier: "01a7362d577a6c3019a474fd6f485823",
+			Kind:       AddressMapMembershipZone,
+			Deletable:  BoolPtr(true),
+			CreatedAt:  membershipCreatedAt,
+		}},
+	}
+
+	actual, err := client.GetAddressMap(context.Background(), AccountIdentifier(testAccountID), "9a7806061c88ada191ed06f989cc3dac")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "9a7806061c88ada191ed06f989cc3dac",
+			  "description": "My Ecommerce zones",
+			  "can_delete": true,
+			  "can_modify_ips": true,
+			  "default_sni": "*.example.com",
+			  "created_at": "2023-01-01T05:20:00.12345Z",
+			  "modified_at": "2023-01-05T05:20:00.12345Z",
+			  "enabled": true,
+			  "ips": [
+				{
+				  "ip": "192.0.2.1",
+				  "created_at": "2023-01-02T05:20:00.12345Z"
+				}
+			  ],
+			  "memberships": [
+				{
+				  "kind": "zone",
+				  "identifier": "01a7362d577a6c3019a474fd6f485823",
+				  "can_delete": true,
+				  "created_at": "2023-01-03T05:20:00.12345Z"
+				}
+			  ]
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
+	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
+	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
+
+	want := AddressMap{
+		ID:           "9a7806061c88ada191ed06f989cc3dac",
+		CreatedAt:    createdAt,
+		ModifiedAt:   modifiedAt,
+		Description:  &addressMapDesc,
+		Deletable:    BoolPtr(true),
+		CanModifyIPs: BoolPtr(true),
+		DefaultSNI:   &addressMapDefaultSNI,
+		Enabled:      BoolPtr(true),
+		IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
+		Memberships: []AddressMapMembership{{
+			Identifier: "01a7362d577a6c3019a474fd6f485823",
+			Kind:       AddressMapMembershipZone,
+			Deletable:  BoolPtr(true),
+			CreatedAt:  membershipCreatedAt,
+		}},
+	}
+
+	actual, err := client.UpdateAddressMap(context.Background(), AccountIdentifier(testAccountID), UpdateAddressMapParams{ID: "9a7806061c88ada191ed06f989cc3dac"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "9a7806061c88ada191ed06f989cc3dac"
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
+
+	err := client.DeleteAddressMap(context.Background(), AccountIdentifier(testAccountID), "9a7806061c88ada191ed06f989cc3dac")
+	assert.NoError(t, err)
+}
+
+func TestAddIPAddressToAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/ips/192.0.2.1", handler)
+
+	err := client.CreateIPAddressToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateIPAddressToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", "192.0.2.1"})
+	assert.NoError(t, err)
+}
+
+func TestRemoveIPAddressFromAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/ips/192.0.2.1", handler)
+
+	err := client.DeleteIPAddressFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteIPAddressFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", "192.0.2.1"})
+	assert.NoError(t, err)
+}
+
+func TestAddZoneToAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/zones/01a7362d577a6c3019a474fd6f485823", handler)
+
+	err := client.CreateMembershipToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateMembershipToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipZone}})
+	assert.NoError(t, err)
+}
+
+func TestRemoveZoneFromAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/zones/01a7362d577a6c3019a474fd6f485823", handler)
+
+	err := client.DeleteMembershipFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteMembershipFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipZone}})
+	assert.NoError(t, err)
+}
+
+func TestAddAccountToAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/accounts/01a7362d577a6c3019a474fd6f485823", handler)
+
+	err := client.CreateMembershipToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateMembershipToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipAccount}})
+	assert.NoError(t, err)
+}
+
+func TestRemoveAccountFromAddressMap(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": []
+		  }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/accounts/01a7362d577a6c3019a474fd6f485823", handler)
+
+	err := client.DeleteMembershipFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteMembershipFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipAccount}})
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/addressing_ip_prefix.go b/pkg/cloudflare-go/addressing_ip_prefix.go
new file mode 100644
index 0000000000..a2e686c3b2
--- /dev/null
+++ b/pkg/cloudflare-go/addressing_ip_prefix.go
@@ -0,0 +1,149 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// IPPrefix contains information about an IP prefix.
+type IPPrefix struct {
+	ID                   string     `json:"id"`
+	CreatedAt            *time.Time `json:"created_at"`
+	ModifiedAt           *time.Time `json:"modified_at"`
+	CIDR                 string     `json:"cidr"`
+	AccountID            string     `json:"account_id"`
+	Description          string     `json:"description"`
+	Approved             string     `json:"approved"`
+	OnDemandEnabled      bool       `json:"on_demand_enabled"`
+	OnDemandLocked       bool       `json:"on_demand_locked"`
+	Advertised           bool       `json:"advertised"`
+	AdvertisedModifiedAt *time.Time `json:"advertised_modified_at"`
+}
+
+// AdvertisementStatus contains information about the BGP status of an IP prefix.
+type AdvertisementStatus struct {
+	Advertised           bool       `json:"advertised"`
+	AdvertisedModifiedAt *time.Time `json:"advertised_modified_at"`
+}
+
+// ListIPPrefixResponse contains a slice of IP prefixes.
+type ListIPPrefixResponse struct {
+	Response
+	Result []IPPrefix `json:"result"`
+}
+
+// GetIPPrefixResponse contains a specific IP prefix's API Response.
+type GetIPPrefixResponse struct {
+	Response
+	Result IPPrefix `json:"result"`
+}
+
+// GetAdvertisementStatusResponse contains an API Response for the BGP status of the IP Prefix.
+type GetAdvertisementStatusResponse struct {
+	Response
+	Result AdvertisementStatus `json:"result"`
+}
+
+// IPPrefixUpdateRequest contains information about prefix updates.
+type IPPrefixUpdateRequest struct {
+	Description string `json:"description"`
+}
+
+// AdvertisementStatusUpdateRequest contains information about bgp status updates.
+type AdvertisementStatusUpdateRequest struct {
+	Advertised bool `json:"advertised"`
+}
+
+// ListPrefixes lists all IP prefixes for a given account
+//
+// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-list-prefixes
+func (api *API) ListPrefixes(ctx context.Context, accountID string) ([]IPPrefix, error) {
+	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []IPPrefix{}, err
+	}
+
+	result := ListIPPrefixResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetPrefix returns a specific IP prefix
+//
+// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-prefix-details
+func (api *API) GetPrefix(ctx context.Context, accountID, ID string) (IPPrefix, error) {
+	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IPPrefix{}, err
+	}
+
+	result := GetIPPrefixResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdatePrefixDescription edits the description of the IP prefix
+//
+// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
+func (api *API) UpdatePrefixDescription(ctx context.Context, accountID, ID string, description string) (IPPrefix, error) {
+	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, IPPrefixUpdateRequest{Description: description})
+	if err != nil {
+		return IPPrefix{}, err
+	}
+
+	result := GetIPPrefixResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetAdvertisementStatus returns the BGP status of the IP prefix
+//
+// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
+func (api *API) GetAdvertisementStatus(ctx context.Context, accountID, ID string) (AdvertisementStatus, error) {
+	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s/bgp/status", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AdvertisementStatus{}, err
+	}
+
+	result := GetAdvertisementStatusResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return AdvertisementStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateAdvertisementStatus changes the BGP status of an IP prefix
+//
+// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
+func (api *API) UpdateAdvertisementStatus(ctx context.Context, accountID, ID string, advertised bool) (AdvertisementStatus, error) {
+	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s/bgp/status", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, AdvertisementStatusUpdateRequest{Advertised: advertised})
+	if err != nil {
+		return AdvertisementStatus{}, err
+	}
+
+	result := GetAdvertisementStatusResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return AdvertisementStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
diff --git a/pkg/cloudflare-go/addressing_ip_prefix_test.go b/pkg/cloudflare-go/addressing_ip_prefix_test.go
new file mode 100644
index 0000000000..0b7bd8cabf
--- /dev/null
+++ b/pkg/cloudflare-go/addressing_ip_prefix_test.go
@@ -0,0 +1,237 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListIPPrefix(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+				{
+					"id": "f68579455bd947efb65ffa1bcf33b52c",
+					"created_at": "2020-04-24T21:25:55.643771Z",
+					"modified_at": "2020-04-24T21:25:55.643771Z",
+					"cidr": "10.1.2.3/24",
+					"account_id": "foo",
+					"description": "Sample Prefix",
+					"approved": "V",
+					"on_demand_enabled": true,
+					"on_demand_locked": false,
+					"advertised": true,
+					"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+
+	want := []IPPrefix{
+		{
+			ID:                   "f68579455bd947efb65ffa1bcf33b52c",
+			CreatedAt:            &createdAt,
+			ModifiedAt:           &modifiedAt,
+			CIDR:                 "10.1.2.3/24",
+			AccountID:            "foo",
+			Description:          "Sample Prefix",
+			Approved:             "V",
+			OnDemandEnabled:      true,
+			Advertised:           true,
+			AdvertisedModifiedAt: &advertisedModifiedAt,
+		},
+	}
+
+	actual, err := client.ListPrefixes(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetIPPrefix(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"created_at": "2020-04-24T21:25:55.643771Z",
+				"modified_at": "2020-04-24T21:25:55.643771Z",
+				"cidr": "10.1.2.3/24",
+				"account_id": "foo",
+				"description": "Sample Prefix",
+				"approved": "V",
+				"on_demand_enabled": true,
+				"on_demand_locked": false,
+				"advertised": true,
+				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+
+	want := IPPrefix{
+		ID:                   "f68579455bd947efb65ffa1bcf33b52c",
+		CreatedAt:            &createdAt,
+		ModifiedAt:           &modifiedAt,
+		CIDR:                 "10.1.2.3/24",
+		AccountID:            "foo",
+		Description:          "Sample Prefix",
+		Approved:             "V",
+		OnDemandEnabled:      true,
+		Advertised:           true,
+		AdvertisedModifiedAt: &advertisedModifiedAt,
+	}
+
+	actual, err := client.GetPrefix(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdatePrefixDescription(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"created_at": "2020-04-24T21:25:55.643771Z",
+				"modified_at": "2020-04-24T21:25:55.643771Z",
+				"cidr": "10.1.2.3/24",
+				"account_id": "foo",
+				"description": "My IP Prefix",
+				"approved": "V",
+				"on_demand_enabled": true,
+				"on_demand_locked": false,
+				"advertised": true,
+				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+
+	want := IPPrefix{
+		ID:                   "f68579455bd947efb65ffa1bcf33b52c",
+		CreatedAt:            &createdAt,
+		ModifiedAt:           &modifiedAt,
+		CIDR:                 "10.1.2.3/24",
+		AccountID:            "foo",
+		Description:          "My IP Prefix",
+		Approved:             "V",
+		OnDemandEnabled:      true,
+		Advertised:           true,
+		AdvertisedModifiedAt: &advertisedModifiedAt,
+	}
+
+	actual, err := client.UpdatePrefixDescription(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c", "My IP Prefix")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetAdvertisementStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"advertised": true,
+				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c/bgp/status", handler)
+
+	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+
+	want := AdvertisementStatus{
+		Advertised:           true,
+		AdvertisedModifiedAt: &advertisedModifiedAt,
+	}
+
+	actual, err := client.GetAdvertisementStatus(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAdvertisementStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"advertised": false,
+				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c/bgp/status", handler)
+
+	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
+
+	want := AdvertisementStatus{
+		Advertised:           false,
+		AdvertisedModifiedAt: &advertisedModifiedAt,
+	}
+
+	actual, err := client.UpdateAdvertisementStatus(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c", false)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/api_shield.go b/pkg/cloudflare-go/api_shield.go
new file mode 100644
index 0000000000..622631c269
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield.go
@@ -0,0 +1,71 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// AuthIdCharacteristics a single option from
+// configuration?properties=auth_id_characteristics.
+type AuthIdCharacteristics struct {
+	Type string `json:"type"`
+	Name string `json:"name"`
+}
+
+// APIShield is all the available options under
+// configuration?properties=auth_id_characteristics.
+type APIShield struct {
+	AuthIdCharacteristics []AuthIdCharacteristics `json:"auth_id_characteristics"`
+}
+
+// APIShieldResponse represents the response from the api_gateway/configuration endpoint.
+type APIShieldResponse struct {
+	Result APIShield `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type UpdateAPIShieldParams struct {
+	AuthIdCharacteristics []AuthIdCharacteristics `json:"auth_id_characteristics"`
+}
+
+// GetAPIShieldConfiguration gets a zone API shield configuration.
+//
+// API documentation: https://api.cloudflare.com/#api-shield-settings-retrieve-information-about-specific-configuration-properties
+func (api *API) GetAPIShieldConfiguration(ctx context.Context, rc *ResourceContainer) (APIShield, ResultInfo, error) {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/configuration?properties=auth_id_characteristics", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return APIShield{}, ResultInfo{}, err
+	}
+	var asResponse APIShieldResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return APIShield{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse.Result, asResponse.ResultInfo, nil
+}
+
+// UpdateAPIShieldConfiguration sets a zone API shield configuration.
+//
+// API documentation: https://api.cloudflare.com/#api-shield-settings-set-configuration-properties
+func (api *API) UpdateAPIShieldConfiguration(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldParams) (Response, error) {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/configuration", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Response{}, err
+	}
+	var asResponse Response
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return Response{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse, nil
+}
diff --git a/pkg/cloudflare-go/api_shield_api_discovery.go b/pkg/cloudflare-go/api_shield_api_discovery.go
new file mode 100644
index 0000000000..69b3ad2433
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_api_discovery.go
@@ -0,0 +1,190 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// APIShieldDiscoveryOrigin is an enumeration on what discovery engine an operation was discovered by.
+type APIShieldDiscoveryOrigin string
+
+const (
+
+	// APIShieldDiscoveryOriginML discovered operations that were sourced using ML API Discovery.
+	APIShieldDiscoveryOriginML APIShieldDiscoveryOrigin = "ML"
+	// APIShieldDiscoveryOriginSessionIdentifier discovered operations that were sourced using Session Identifier
+	// API Discovery.
+	APIShieldDiscoveryOriginSessionIdentifier APIShieldDiscoveryOrigin = "SessionIdentifier"
+)
+
+// APIShieldDiscoveryState is an enumeration on states a discovery operation can be in.
+type APIShieldDiscoveryState string
+
+const (
+	// APIShieldDiscoveryStateReview discovered operations that are not saved into API Shield Endpoint Management.
+	APIShieldDiscoveryStateReview APIShieldDiscoveryState = "review"
+	// APIShieldDiscoveryStateSaved discovered operations that are already saved into API Shield Endpoint Management.
+	APIShieldDiscoveryStateSaved APIShieldDiscoveryState = "saved"
+	// APIShieldDiscoveryStateIgnored discovered operations that have been marked as ignored.
+	APIShieldDiscoveryStateIgnored APIShieldDiscoveryState = "ignored"
+)
+
+// APIShieldDiscoveryOperation is an operation that was discovered by API Discovery.
+type APIShieldDiscoveryOperation struct {
+	// ID represents the ID of the operation, formatted as UUID
+	ID string `json:"id"`
+	// Origin represents the API discovery engine(s) that discovered this operation
+	Origin []APIShieldDiscoveryOrigin `json:"origin"`
+	// State represents the state of operation in API Discovery
+	State APIShieldDiscoveryState `json:"state"`
+	// LastUpdated timestamp of when this operation was last updated
+	LastUpdated *time.Time `json:"last_updated"`
+	// Features are additional data about the operation
+	Features map[string]any `json:"features,omitempty"`
+
+	Method   string `json:"method"`
+	Host     string `json:"host"`
+	Endpoint string `json:"endpoint"`
+}
+
+// ListAPIShieldDiscoveryOperationsParams represents the parameters to pass when retrieving discovered operations.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-discovery-retrieve-discovered-operations-on-a-zone
+type ListAPIShieldDiscoveryOperationsParams struct {
+	// Direction to order results.
+	Direction string `url:"direction,omitempty"`
+	// OrderBy when requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.
+	OrderBy string `url:"order,omitempty"`
+	// Hosts filters results to only include the specified hosts.
+	Hosts []string `url:"host,omitempty"`
+	// Methods filters results to only include the specified methods.
+	Methods []string `url:"method,omitempty"`
+	// Endpoint filters results to only include endpoints containing this pattern.
+	Endpoint string `url:"endpoint,omitempty"`
+	// Diff when true, only return API Discovery results that are not saved into API Shield Endpoint Management
+	Diff bool `url:"diff,omitempty"`
+	// Origin filters results to only include discovery results sourced from a particular discovery engine
+	// See APIShieldDiscoveryOrigin for valid values.
+	Origin APIShieldDiscoveryOrigin `url:"origin,omitempty"`
+	// State filters results to only include discovery results in a particular state
+	// See APIShieldDiscoveryState for valid values.
+	State APIShieldDiscoveryState `url:"state,omitempty"`
+
+	// Pagination options to apply to the request.
+	PaginationOptions
+}
+
+// UpdateAPIShieldDiscoveryOperationParams represents the parameters to pass to patch a discovery operation
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operation
+type UpdateAPIShieldDiscoveryOperationParams struct {
+	// OperationID is the ID, formatted as UUID, of the operation to be updated
+	OperationID string                  `json:"-" url:"-"`
+	State       APIShieldDiscoveryState `json:"state" url:"-"`
+}
+
+// UpdateAPIShieldDiscoveryOperationsParams maps discovery operation IDs to PatchAPIShieldDiscoveryOperation structs
+//
+// Example:
+//
+//	UpdateAPIShieldDiscoveryOperations{
+//			"99522293-a505-45e5-bbad-bbc339f5dc40": PatchAPIShieldDiscoveryOperation{ State: "review" },
+//	}
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operations
+type UpdateAPIShieldDiscoveryOperationsParams map[string]UpdateAPIShieldDiscoveryOperation
+
+// UpdateAPIShieldDiscoveryOperation represents the state to set on a discovery operation.
+type UpdateAPIShieldDiscoveryOperation struct {
+	// State is the state to set on the operation
+	State APIShieldDiscoveryState `json:"state" url:"-"`
+}
+
+// APIShieldListDiscoveryOperationsResponse represents the response from the api_gateway/discovery/operations endpoint.
+type APIShieldListDiscoveryOperationsResponse struct {
+	Result     []APIShieldDiscoveryOperation `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// APIShieldPatchDiscoveryOperationResponse represents the response from the PATCH api_gateway/discovery/operations/{id} endpoint.
+type APIShieldPatchDiscoveryOperationResponse struct {
+	Result UpdateAPIShieldDiscoveryOperation `json:"result"`
+	Response
+}
+
+// APIShieldPatchDiscoveryOperationsResponse represents the response from the PATCH api_gateway/discovery/operations endpoint.
+type APIShieldPatchDiscoveryOperationsResponse struct {
+	Result UpdateAPIShieldDiscoveryOperationsParams `json:"result"`
+	Response
+}
+
+// ListAPIShieldDiscoveryOperations retrieve the most up to date view of discovered operations.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-discovery-retrieve-discovered-operations-on-a-zone
+func (api *API) ListAPIShieldDiscoveryOperations(ctx context.Context, rc *ResourceContainer, params ListAPIShieldDiscoveryOperationsParams) ([]APIShieldDiscoveryOperation, ResultInfo, error) {
+	uri := buildURI(fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", rc.Identifier), params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var asResponse APIShieldListDiscoveryOperationsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse.Result, asResponse.ResultInfo, nil
+}
+
+// UpdateAPIShieldDiscoveryOperation updates certain fields on a discovered operation.
+//
+// API Documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operation
+func (api *API) UpdateAPIShieldDiscoveryOperation(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldDiscoveryOperationParams) (*UpdateAPIShieldDiscoveryOperation, error) {
+	if params.OperationID == "" {
+		return nil, fmt.Errorf("operation ID must be provided")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations/%s", rc.Identifier, params.OperationID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	// Result should be the updated schema that was patched
+	var asResponse APIShieldPatchDiscoveryOperationResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// UpdateAPIShieldDiscoveryOperations bulk updates certain fields on multiple discovered operations
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operations
+func (api *API) UpdateAPIShieldDiscoveryOperations(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldDiscoveryOperationsParams) (*UpdateAPIShieldDiscoveryOperationsParams, error) {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	// Result should be the updated schema that was patched
+	var asResponse APIShieldPatchDiscoveryOperationsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/api_shield_api_discovery_test.go b/pkg/cloudflare-go/api_shield_api_discovery_test.go
new file mode 100644
index 0000000000..3344c49344
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_api_discovery_test.go
@@ -0,0 +1,383 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const testAPIShieldDiscoveryOperationID = "d3f614c0-7d73-4e4f-8d17-4215e7d78b77"
+
+func TestListAPIShieldDiscoveryOperations(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				"method": "POST",
+				"host": "api.cloudflare.com",
+				"endpoint": "/client/v4/zones",
+				"last_updated": "2023-03-02T15:46:06.000000Z",
+				"origin": ["ML"],
+				"state": "review"
+			}
+		],
+		"result_info": {
+			"page": 3,
+			"per_page": 20,
+			"count": 1,
+			"total_count": 2000
+		}
+	}`
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, actualResultInfo, err := client.ListAPIShieldDiscoveryOperations(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		ListAPIShieldDiscoveryOperationsParams{},
+	)
+
+	lastUpdated := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+	expectedOps := []APIShieldDiscoveryOperation{
+		{
+			Method:      "POST",
+			Host:        "api.cloudflare.com",
+			Endpoint:    "/client/v4/zones",
+			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+			LastUpdated: &lastUpdated,
+			Origin:      []APIShieldDiscoveryOrigin{APIShieldDiscoveryOriginML},
+			State:       APIShieldDiscoveryStateReview,
+		},
+	}
+
+	expectedResultInfo := ResultInfo{
+		Page:    3,
+		PerPage: 20,
+		Count:   1,
+		Total:   2000,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedOps, actual)
+		assert.Equal(t, expectedResultInfo, actualResultInfo)
+	}
+}
+
+func TestListAPIShieldDiscoveryOperationsWithParams(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				"method": "POST",
+				"host": "api.cloudflare.com",
+				"endpoint": "/client/v4/zones",
+				"last_updated": "2023-03-02T15:46:06.000000Z",
+				"origin": ["SessionIdentifier"],
+				"state": "saved",
+				"features": {
+					"traffic_stats": {}
+				}
+			}
+		],
+		"result_info": {
+			"page": 3,
+			"per_page": 20,
+			"count": 1,
+			"total_count": 2000
+		}
+	}`
+
+	tests := []struct {
+		name           string
+		params         ListAPIShieldDiscoveryOperationsParams
+		expectedParams url.Values
+	}{
+		{
+			name: "all params",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Direction: "desc",
+				OrderBy:   "host",
+				Hosts:     []string{"api.cloudflare.com", "developers.cloudflare.com"},
+				Methods:   []string{"GET", "PUT"},
+				Endpoint:  "/client",
+				Origin:    APIShieldDiscoveryOriginSessionIdentifier,
+				State:     APIShieldDiscoveryStateSaved,
+				Diff:      true,
+				PaginationOptions: PaginationOptions{
+					Page:    1,
+					PerPage: 25,
+				},
+			},
+			expectedParams: url.Values{
+				"direction": []string{"desc"},
+				"order":     []string{"host"},
+				"host":      []string{"api.cloudflare.com", "developers.cloudflare.com"},
+				"method":    []string{"GET", "PUT"},
+				"endpoint":  []string{"/client"},
+				"origin":    []string{"SessionIdentifier"},
+				"state":     []string{"saved"},
+				"diff":      []string{"true"},
+				"page":      []string{"1"},
+				"per_page":  []string{"25"},
+			},
+		},
+		{
+			name: "direction only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Direction: "desc",
+			},
+			expectedParams: url.Values{
+				"direction": []string{"desc"},
+			},
+		},
+		{
+			name: "order only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				OrderBy: "host",
+			},
+			expectedParams: url.Values{
+				"order": []string{"host"},
+			},
+		},
+		{
+			name: "hosts only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"},
+			},
+			expectedParams: url.Values{
+				"host": []string{"api.cloudflare.com", "developers.cloudflare.com"},
+			},
+		},
+		{
+			name: "methods only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Methods: []string{"GET", "PUT"},
+			},
+			expectedParams: url.Values{
+				"method": []string{"GET", "PUT"},
+			},
+		},
+		{
+			name: "endpoint only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Endpoint: "/client",
+			},
+			expectedParams: url.Values{
+				"endpoint": []string{"/client"},
+			},
+		},
+		{
+			name: "origin only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Origin: APIShieldDiscoveryOriginSessionIdentifier,
+			},
+			expectedParams: url.Values{
+				"origin": []string{"SessionIdentifier"},
+			},
+		},
+		{
+			name: "state only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				State: APIShieldDiscoveryStateSaved,
+			},
+			expectedParams: url.Values{
+				"state": []string{"saved"},
+			},
+		},
+		{
+			name: "diff only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				Diff: true,
+			},
+			expectedParams: url.Values{
+				"diff": []string{"true"},
+			},
+		},
+		{
+			name: "pagination only",
+			params: ListAPIShieldDiscoveryOperationsParams{
+				PaginationOptions: PaginationOptions{
+					Page:    1,
+					PerPage: 25,
+				},
+			},
+			expectedParams: url.Values{
+				"page":     []string{"1"},
+				"per_page": []string{"25"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			setup()
+			t.Cleanup(teardown)
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				require.Equal(t, test.expectedParams, r.URL.Query())
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprint(w, response)
+			}
+
+			mux.HandleFunc(endpoint, handler)
+
+			actual, _, err := client.ListAPIShieldDiscoveryOperations(
+				context.Background(),
+				ZoneIdentifier(testZoneID),
+				test.params,
+			)
+
+			lastUpdated := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+			expected := []APIShieldDiscoveryOperation{
+				{
+					Method:      "POST",
+					Host:        "api.cloudflare.com",
+					Endpoint:    "/client/v4/zones",
+					ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+					LastUpdated: &lastUpdated,
+					Origin:      []APIShieldDiscoveryOrigin{APIShieldDiscoveryOriginSessionIdentifier},
+					State:       APIShieldDiscoveryStateSaved,
+					Features: map[string]any{
+						"traffic_stats": map[string]any{},
+					},
+				},
+			}
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, expected, actual)
+			}
+		})
+	}
+}
+
+func TestUpdateAPIShieldDiscoveryOperation(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations/%s", testZoneID, testAPIShieldDiscoveryOperationID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"state": "ignored"
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		require.Equal(t, `{"state":"ignored"}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.UpdateAPIShieldDiscoveryOperation(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateAPIShieldDiscoveryOperationParams{
+			OperationID: testAPIShieldDiscoveryOperationID,
+			State:       APIShieldDiscoveryStateIgnored,
+		},
+	)
+
+	// patch result is a cut down representation of the schema
+	// so metadata like created date is not populated
+	expected := &UpdateAPIShieldDiscoveryOperation{
+		State: APIShieldDiscoveryStateIgnored,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	assert.NoError(t, err)
+}
+
+func TestUpdateAPIShieldDiscoveryOperations(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"9b16ce22-d1bf-425d-869f-a11f8240fafb": { "state": "ignored" },
+			"c51c2ea1-a690-48fd-8e3f-7fc79b269947": { "state": "review" }
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		require.Equal(t, `{"9b16ce22-d1bf-425d-869f-a11f8240fafb":{"state":"ignored"},"c51c2ea1-a690-48fd-8e3f-7fc79b269947":{"state":"review"}}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.UpdateAPIShieldDiscoveryOperations(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateAPIShieldDiscoveryOperationsParams{
+			"9b16ce22-d1bf-425d-869f-a11f8240fafb": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateIgnored},
+			"c51c2ea1-a690-48fd-8e3f-7fc79b269947": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateReview},
+		},
+	)
+
+	expected := &UpdateAPIShieldDiscoveryOperationsParams{
+		"9b16ce22-d1bf-425d-869f-a11f8240fafb": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateIgnored},
+		"c51c2ea1-a690-48fd-8e3f-7fc79b269947": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateReview},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	assert.NoError(t, err)
+}
+
+func TestMustProvideDiscoveryOperationID(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	_, err := client.UpdateAPIShieldDiscoveryOperation(context.Background(), ZoneIdentifier(testZoneID), UpdateAPIShieldDiscoveryOperationParams{})
+	require.ErrorContains(t, err, "operation ID must be provided")
+}
diff --git a/pkg/cloudflare-go/api_shield_operations.go b/pkg/cloudflare-go/api_shield_operations.go
new file mode 100644
index 0000000000..1d89a1754b
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_operations.go
@@ -0,0 +1,185 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// APIShieldOperation represents an operation stored in API Shield Endpoint Management.
+type APIShieldOperation struct {
+	APIShieldBasicOperation
+	ID          string         `json:"operation_id"`
+	LastUpdated *time.Time     `json:"last_updated"`
+	Features    map[string]any `json:"features,omitempty"`
+}
+
+// GetAPIShieldOperationParams represents the parameters to pass when retrieving an operation.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation
+type GetAPIShieldOperationParams struct {
+	// The Operation ID to retrieve
+	OperationID string `url:"-"`
+	// Features represents a set of features to return in `features` object when
+	// performing making read requests against an Operation or listing operations.
+	Features []string `url:"feature,omitempty"`
+}
+
+// CreateAPIShieldOperationsParams represents the parameters to pass when adding one or more operations.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-add-operations-to-a-zone
+type CreateAPIShieldOperationsParams struct {
+	// Operations are a slice of operations to be created in API Shield Endpoint Management
+	Operations []APIShieldBasicOperation `url:"-"`
+}
+
+// APIShieldBasicOperation should be used when creating an operation in API Shield Endpoint Management.
+type APIShieldBasicOperation struct {
+	Method   string `json:"method"`
+	Host     string `json:"host"`
+	Endpoint string `json:"endpoint"`
+}
+
+// DeleteAPIShieldOperationParams represents the parameters to pass to delete an operation.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-delete-an-operation
+type DeleteAPIShieldOperationParams struct {
+	// OperationID is the operation to be deleted
+	OperationID string `url:"-"`
+}
+
+// ListAPIShieldOperationsParams represents the parameters to pass when retrieving operations
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
+type ListAPIShieldOperationsParams struct {
+	// Features represents a set of features to return in `features` object when
+	// performing making read requests against an Operation or listing operations.
+	Features []string `url:"feature,omitempty"`
+	// Direction to order results.
+	Direction string `url:"direction,omitempty"`
+	// OrderBy when requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.
+	OrderBy string `url:"order,omitempty"`
+	// Filters to only return operations that match filtering criteria, see APIShieldGetOperationsFilters
+	APIShieldListOperationsFilters
+	// Pagination options to apply to the request.
+	PaginationOptions
+}
+
+// APIShieldListOperationsFilters represents the filtering query parameters to set when retrieving operations
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
+type APIShieldListOperationsFilters struct {
+	// Hosts filters results to only include the specified hosts.
+	Hosts []string `url:"host,omitempty"`
+	// Methods filters results to only include the specified methods.
+	Methods []string `url:"method,omitempty"`
+	// Endpoint filter results to only include endpoints containing this pattern.
+	Endpoint string `url:"endpoint,omitempty"`
+}
+
+// APIShieldGetOperationResponse represents the response from the api_gateway/operations/{id} endpoint.
+type APIShieldGetOperationResponse struct {
+	Result APIShieldOperation `json:"result"`
+	Response
+}
+
+// APIShieldGetOperationsResponse represents the response from the api_gateway/operations endpoint.
+type APIShieldGetOperationsResponse struct {
+	Result     []APIShieldOperation `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// APIShieldDeleteOperationResponse represents the response from the api_gateway/operations/{id} endpoint (DELETE).
+type APIShieldDeleteOperationResponse struct {
+	Result interface{} `json:"result"`
+	Response
+}
+
+// GetAPIShieldOperation returns information about an operation
+//
+// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation
+func (api *API) GetAPIShieldOperation(ctx context.Context, rc *ResourceContainer, params GetAPIShieldOperationParams) (*APIShieldOperation, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, params.OperationID)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldGetOperationResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// ListAPIShieldOperations retrieve information about all operations on a zone
+//
+// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
+func (api *API) ListAPIShieldOperations(ctx context.Context, rc *ResourceContainer, params ListAPIShieldOperationsParams) ([]APIShieldOperation, ResultInfo, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var asResponse APIShieldGetOperationsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse.Result, asResponse.ResultInfo, nil
+}
+
+// CreateAPIShieldOperations add one or more operations to a zone.
+//
+// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-add-operations-to-a-zone
+func (api *API) CreateAPIShieldOperations(ctx context.Context, rc *ResourceContainer, params CreateAPIShieldOperationsParams) ([]APIShieldOperation, error) {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Operations)
+	if err != nil {
+		return nil, err
+	}
+
+	// Result should be all the operations added to the zone, similar to doing GetAPIShieldOperations
+	var asResponse APIShieldGetOperationsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse.Result, nil
+}
+
+// DeleteAPIShieldOperation deletes a single operation
+//
+// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-delete-an-operation
+func (api *API) DeleteAPIShieldOperation(ctx context.Context, rc *ResourceContainer, params DeleteAPIShieldOperationParams) error {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, params.OperationID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var asResponse APIShieldDeleteOperationResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/api_shield_operations_test.go b/pkg/cloudflare-go/api_shield_operations_test.go
new file mode 100644
index 0000000000..fdcc25cc85
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_operations_test.go
@@ -0,0 +1,491 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const testAPIShieldOperationId = "9def2cb0-3ed0-4737-92ca-f09efa4718fd"
+
+func TestGetAPIShieldOperation(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+			"method": "POST",
+			"host": "api.cloudflare.com",
+			"endpoint": "/client/v4/zones",
+			"last_updated": "2023-03-02T15:46:06.000000Z"
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.GetAPIShieldOperation(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		GetAPIShieldOperationParams{
+			OperationID: testAPIShieldOperationId,
+		},
+	)
+
+	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+	expected := &APIShieldOperation{
+		APIShieldBasicOperation: APIShieldBasicOperation{
+			Method:   "POST",
+			Host:     "api.cloudflare.com",
+			Endpoint: "/client/v4/zones",
+		},
+		ID:          testAPIShieldOperationId,
+		LastUpdated: &time,
+		Features:    nil,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestGetAPIShieldOperationWithParams(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+			"method": "POST",
+			"host": "api.cloudflare.com",
+			"endpoint": "/client/v4/zones",
+			"last_updated": "2023-03-02T15:46:06.000000Z",
+			"features":{
+				"thresholds":{},
+				"parameter_schemas":{}
+			}
+		}
+	}`
+
+	tests := []struct {
+		name           string
+		getParams      GetAPIShieldOperationParams
+		expectedParams url.Values
+	}{
+		{
+			name: "one feature",
+			getParams: GetAPIShieldOperationParams{
+				OperationID: testAPIShieldOperationId,
+				Features:    []string{"thresholds"},
+			},
+			expectedParams: url.Values{
+				"feature": []string{"thresholds"},
+			},
+		},
+		{
+			name: "more than one feature",
+			getParams: GetAPIShieldOperationParams{
+				OperationID: testAPIShieldOperationId,
+				Features:    []string{"thresholds", "parameter_schemas"},
+			},
+			expectedParams: url.Values{
+				"feature": []string{"thresholds", "parameter_schemas"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			setup()
+			t.Cleanup(teardown)
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				require.Equal(t, test.expectedParams, r.URL.Query())
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprint(w, response)
+			}
+
+			mux.HandleFunc(endpoint, handler)
+
+			actual, err := client.GetAPIShieldOperation(
+				context.Background(),
+				ZoneIdentifier(testZoneID),
+				test.getParams,
+			)
+
+			time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+			expected := &APIShieldOperation{
+				APIShieldBasicOperation: APIShieldBasicOperation{
+					Method:   "POST",
+					Host:     "api.cloudflare.com",
+					Endpoint: "/client/v4/zones",
+				},
+				ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				LastUpdated: &time,
+				Features: map[string]any{
+					"thresholds":        map[string]any{},
+					"parameter_schemas": map[string]any{},
+				},
+			}
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, expected, actual)
+			}
+		})
+	}
+}
+
+func TestListAPIShieldOperations(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				"method": "POST",
+				"host": "api.cloudflare.com",
+				"endpoint": "/client/v4/zones",
+				"last_updated": "2023-03-02T15:46:06.000000Z"
+			}
+
+		],
+		"result_info": {
+			"page": 3,
+			"per_page": 20,
+			"count": 1,
+			"total_count": 2000
+		}
+	}`
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, actualResultInfo, err := client.ListAPIShieldOperations(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		ListAPIShieldOperationsParams{},
+	)
+
+	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+	expectedOps := []APIShieldOperation{
+		{
+			APIShieldBasicOperation: APIShieldBasicOperation{
+				Method:   "POST",
+				Host:     "api.cloudflare.com",
+				Endpoint: "/client/v4/zones",
+			},
+			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+			LastUpdated: &time,
+			Features:    nil,
+		},
+	}
+
+	expectedResultInfo := ResultInfo{
+		Page:    3,
+		PerPage: 20,
+		Count:   1,
+		Total:   2000,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedOps, actual)
+		assert.Equal(t, expectedResultInfo, actualResultInfo)
+	}
+}
+
+func TestListAPIShieldOperationsWithParams(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				"method": "POST",
+				"host": "api.cloudflare.com",
+				"endpoint": "/client/v4/zones",
+				"last_updated": "2023-03-02T15:46:06.000000Z",
+				"features": {
+					"thresholds": {}
+                }
+			}
+		],
+		"result_info": {
+			"page": 3,
+			"per_page": 20,
+			"count": 1,
+			"total_count": 2000
+		}
+	}`
+
+	tests := []struct {
+		name           string
+		params         ListAPIShieldOperationsParams
+		expectedParams url.Values
+	}{
+		{
+			name: "all params",
+			params: ListAPIShieldOperationsParams{
+				Features:  []string{"thresholds", "parameter_schemas"},
+				Direction: "desc",
+				OrderBy:   "host",
+				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
+					Hosts:    []string{"api.cloudflare.com", "developers.cloudflare.com"},
+					Methods:  []string{"GET", "PUT"},
+					Endpoint: "/client",
+				},
+				PaginationOptions: PaginationOptions{
+					Page:    1,
+					PerPage: 25,
+				},
+			},
+			expectedParams: url.Values{
+				"feature":   []string{"thresholds", "parameter_schemas"},
+				"direction": []string{"desc"},
+				"order":     []string{"host"},
+				"host":      []string{"api.cloudflare.com", "developers.cloudflare.com"},
+				"method":    []string{"GET", "PUT"},
+				"endpoint":  []string{"/client"},
+				"page":      []string{"1"},
+				"per_page":  []string{"25"},
+			},
+		},
+		{
+			name: "features only",
+			params: ListAPIShieldOperationsParams{
+				Features: []string{"thresholds", "parameter_schemas"},
+			},
+			expectedParams: url.Values{
+				"feature": []string{"thresholds", "parameter_schemas"},
+			},
+		},
+		{
+			name: "direction only",
+			params: ListAPIShieldOperationsParams{
+				Direction: "desc",
+			},
+			expectedParams: url.Values{
+				"direction": []string{"desc"},
+			},
+		},
+		{
+			name: "order only",
+			params: ListAPIShieldOperationsParams{
+				OrderBy: "host",
+			},
+			expectedParams: url.Values{
+				"order": []string{"host"},
+			},
+		},
+		{
+			name: "hosts only",
+			params: ListAPIShieldOperationsParams{
+				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
+					Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"},
+				},
+			},
+			expectedParams: url.Values{
+				"host": []string{"api.cloudflare.com", "developers.cloudflare.com"},
+			},
+		},
+		{
+			name: "methods only",
+			params: ListAPIShieldOperationsParams{
+				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
+					Methods: []string{"GET", "PUT"},
+				},
+			},
+			expectedParams: url.Values{
+				"method": []string{"GET", "PUT"},
+			},
+		},
+		{
+			name: "endpoint only",
+			params: ListAPIShieldOperationsParams{
+				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
+					Endpoint: "/client",
+				},
+			},
+			expectedParams: url.Values{
+				"endpoint": []string{"/client"},
+			},
+		},
+		{
+			name: "pagination only",
+			params: ListAPIShieldOperationsParams{
+				PaginationOptions: PaginationOptions{
+					Page:    1,
+					PerPage: 25,
+				},
+			},
+			expectedParams: url.Values{
+				"page":     []string{"1"},
+				"per_page": []string{"25"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			setup()
+			t.Cleanup(teardown)
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				require.Equal(t, test.expectedParams, r.URL.Query())
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprint(w, response)
+			}
+
+			mux.HandleFunc(endpoint, handler)
+
+			actual, _, err := client.ListAPIShieldOperations(
+				context.Background(),
+				ZoneIdentifier(testZoneID),
+				test.params,
+			)
+
+			time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+			expected := []APIShieldOperation{
+				{
+					APIShieldBasicOperation: APIShieldBasicOperation{
+						Method:   "POST",
+						Host:     "api.cloudflare.com",
+						Endpoint: "/client/v4/zones",
+					},
+					ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+					LastUpdated: &time,
+					Features: map[string]any{
+						"thresholds": map[string]any{},
+					},
+				},
+			}
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, expected, actual)
+			}
+		})
+	}
+}
+
+func TestCreateAPIShieldOperations(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+				"method": "POST",
+				"host": "api.cloudflare.com",
+				"endpoint": "/client/v4/zones",
+				"last_updated": "2023-03-02T15:46:06.000000Z"
+			}
+		]
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		require.Equal(t, []byte(`[{"method":"POST","host":"api.cloudflare.com","endpoint":"/client/v4/zones"}]`), body)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.CreateAPIShieldOperations(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		CreateAPIShieldOperationsParams{
+			Operations: []APIShieldBasicOperation{
+				{
+					Method:   "POST",
+					Host:     "api.cloudflare.com",
+					Endpoint: "/client/v4/zones",
+				},
+			},
+		},
+	)
+
+	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+	expected := []APIShieldOperation{
+		{
+			APIShieldBasicOperation: APIShieldBasicOperation{
+				Method:   "POST",
+				Host:     "api.cloudflare.com",
+				Endpoint: "/client/v4/zones",
+			},
+			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
+			LastUpdated: &time,
+			Features:    nil,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestDeleteAPIShieldOperation(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
+	response := `{"result":{},"success":true,"errors":[],"messages":[]}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	err := client.DeleteAPIShieldOperation(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		DeleteAPIShieldOperationParams{
+			OperationID: testAPIShieldOperationId,
+		},
+	)
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/api_shield_schemas.go b/pkg/cloudflare-go/api_shield_schemas.go
new file mode 100644
index 0000000000..804181d866
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_schemas.go
@@ -0,0 +1,505 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// APIShieldSchema represents a schema stored in API Shield Schema Validation 2.0.
+type APIShieldSchema struct {
+	// ID represents the ID of the schema
+	ID string `json:"schema_id"`
+	// Name represents the name of the schema
+	Name string `json:"name"`
+	// Kind of the schema
+	Kind string `json:"kind"`
+	// Source is the contents of the schema
+	Source string `json:"source,omitempty"`
+	// CreatedAt is the time the schema was created
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	// ValidationEnabled controls if schema is used for validation
+	ValidationEnabled bool `json:"validation_enabled,omitempty"`
+}
+
+// CreateAPIShieldSchemaParams represents the parameters to pass when creating a schema in Schema Validation 2.0.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-post-schema
+type CreateAPIShieldSchemaParams struct {
+	// Source is a io.Reader containing the contents of the schema
+	Source io.Reader
+	// Name represents the name of the schema.
+	Name string
+	// Kind of the schema. This is always set to openapi_v3.
+	Kind string
+	// ValidationEnabled controls if schema is used for validation
+	ValidationEnabled *bool
+}
+
+// GetAPIShieldSchemaParams represents the parameters to pass when retrieving a schema with a given schema ID.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-specific-schema
+type GetAPIShieldSchemaParams struct {
+	// SchemaID is the ID of the schema to retrieve
+	SchemaID string `url:"-"`
+
+	// OmitSource specifies whether the contents of the schema should be returned in the "Source" field.
+	OmitSource *bool `url:"omit_source,omitempty"`
+}
+
+// ListAPIShieldSchemasParams represents the parameters to pass when retrieving all schemas.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-all-schemas
+type ListAPIShieldSchemasParams struct {
+	// OmitSource specifies whether the contents of the schema should be returned in the "Source" field.
+	OmitSource *bool `url:"omit_source,omitempty"`
+
+	// ValidationEnabled specifies whether to return only schemas that have validation enabled.
+	ValidationEnabled *bool `url:"validation_enabled,omitempty"`
+
+	// PaginationOptions to apply to the request.
+	PaginationOptions
+}
+
+// DeleteAPIShieldSchemaParams represents the parameters to pass to delete a schema.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-delete-a-schema
+type DeleteAPIShieldSchemaParams struct {
+	// SchemaID is the schema to be deleted
+	SchemaID string `url:"-"`
+}
+
+// UpdateAPIShieldSchemaParams represents the parameters to pass to patch certain fields on an existing schema
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-enable-validation-for-a-schema
+type UpdateAPIShieldSchemaParams struct {
+	// SchemaID is the schema to be patched
+	SchemaID string `json:"-" url:"-"`
+
+	// ValidationEnabled controls if schema is used for validation
+	ValidationEnabled *bool `json:"validation_enabled" url:"-"`
+}
+
+// APIShieldGetSchemaResponse represents the response from the GET api_gateway/user_schemas/{id} endpoint.
+type APIShieldGetSchemaResponse struct {
+	Result APIShieldSchema `json:"result"`
+	Response
+}
+
+// APIShieldListSchemasResponse represents the response from the GET api_gateway/user_schemas endpoint.
+type APIShieldListSchemasResponse struct {
+	Result     []APIShieldSchema `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// APIShieldCreateSchemaResponse represents the response from the POST api_gateway/user_schemas endpoint.
+type APIShieldCreateSchemaResponse struct {
+	Result APIShieldCreateSchemaResult `json:"result"`
+	Response
+}
+
+// APIShieldDeleteSchemaResponse represents the response from the DELETE api_gateway/user_schemas/{id} endpoint.
+type APIShieldDeleteSchemaResponse struct {
+	Result interface{} `json:"result"`
+	Response
+}
+
+// APIShieldPatchSchemaResponse represents the response from the PATCH api_gateway/user_schemas/{id} endpoint.
+type APIShieldPatchSchemaResponse struct {
+	Result APIShieldSchema `json:"result"`
+	Response
+}
+
+// APIShieldCreateSchemaResult represents the successful result of creating a schema in Schema Validation 2.0.
+type APIShieldCreateSchemaResult struct {
+	// APIShieldSchema is the schema that was created
+	Schema APIShieldSchema `json:"schema"`
+	// APIShieldCreateSchemaEvents are non-critical event logs that occurred during processing.
+	Events APIShieldCreateSchemaEvents `json:"upload_details"`
+}
+
+// APIShieldCreateSchemaEvents are event logs that occurred during processing.
+//
+// The logs are separated into levels of severity.
+type APIShieldCreateSchemaEvents struct {
+	Critical *APIShieldCreateSchemaEventWithLocation   `json:"critical,omitempty"`
+	Errors   []APIShieldCreateSchemaEventWithLocations `json:"errors,omitempty"`
+	Warnings []APIShieldCreateSchemaEventWithLocations `json:"warnings,omitempty"`
+}
+
+// APIShieldCreateSchemaEvent is an event log that occurred during processing.
+type APIShieldCreateSchemaEvent struct {
+	// Code identifies the event that occurred
+	Code uint `json:"code"`
+	// Message describes the event that occurred
+	Message string `json:"message"`
+}
+
+// APIShieldCreateSchemaEventWithLocation is an event log that occurred during processing, with the location
+// in the schema where the event occurred.
+type APIShieldCreateSchemaEventWithLocation struct {
+	APIShieldCreateSchemaEvent
+
+	// Location is where the event occurred
+	// See https://goessner.net/articles/JsonPath/ for JSONPath specification.
+	Location string `json:"location,omitempty"`
+}
+
+// APIShieldCreateSchemaEventWithLocations is an event log that occurred during processing, with the location(s)
+// in the schema where the event occurred.
+type APIShieldCreateSchemaEventWithLocations struct {
+	APIShieldCreateSchemaEvent
+
+	// Locations lists JSONPath locations where the event occurred
+	// See https://goessner.net/articles/JsonPath/ for JSONPath specification
+	Locations []string `json:"locations"`
+}
+
+func (cse APIShieldCreateSchemaEventWithLocations) String() string {
+	var s string
+	s += cse.Message
+
+	if len(cse.Locations) == 0 || (len(cse.Locations) == 1 && cse.Locations[0] == "") {
+		// append nothing
+	} else if len(cse.Locations) == 1 {
+		s += fmt.Sprintf(" (%s)", cse.Locations[0])
+	} else {
+		s += " (multiple locations)"
+	}
+
+	return s
+}
+
+// GetAPIShieldSchema retrieves information about a specific schema on a zone
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-specific-schema
+func (api *API) GetAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params GetAPIShieldSchemaParams) (*APIShieldSchema, error) {
+	if params.SchemaID == "" {
+		return nil, fmt.Errorf("schema ID must be provided")
+	}
+
+	path := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldGetSchemaResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// ListAPIShieldSchemas retrieves all schemas for a zone
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-all-schemas
+func (api *API) ListAPIShieldSchemas(ctx context.Context, rc *ResourceContainer, params ListAPIShieldSchemasParams) ([]APIShieldSchema, ResultInfo, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", rc.Identifier)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var asResponse APIShieldListSchemasResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return asResponse.Result, asResponse.ResultInfo, nil
+}
+
+// CreateAPIShieldSchema uploads a schema to a zone
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-post-schema
+func (api *API) CreateAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params CreateAPIShieldSchemaParams) (*APIShieldCreateSchemaResult, error) {
+	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", rc.Identifier)
+
+	if params.Name == "" {
+		return nil, fmt.Errorf("name must not be empty")
+	}
+
+	if params.Source == nil {
+		return nil, fmt.Errorf("source must not be nil")
+	}
+
+	// Prepare the form to be submitted
+	var b bytes.Buffer
+	w := multipart.NewWriter(&b)
+	// write fields
+	if err := w.WriteField("name", params.Name); err != nil {
+		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+	}
+	if err := w.WriteField("kind", params.Kind); err != nil {
+		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+	}
+
+	if params.ValidationEnabled != nil {
+		if err := w.WriteField("validation_enabled", strconv.FormatBool(*params.ValidationEnabled)); err != nil {
+			return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+		}
+	}
+
+	// write schema contents
+	part, err := w.CreateFormFile("file", params.Name)
+	if err != nil {
+		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+	}
+	if _, err := io.Copy(part, params.Source); err != nil {
+		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+	}
+	if err := w.Close(); err != nil {
+		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
+	}
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, &b, http.Header{
+		"Content-Type": []string{w.FormDataContentType()},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldCreateSchemaResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// DeleteAPIShieldSchema deletes a single schema
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-delete-a-schema
+func (api *API) DeleteAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params DeleteAPIShieldSchemaParams) error {
+	if params.SchemaID == "" {
+		return fmt.Errorf("schema ID must be provided")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var asResponse APIShieldDeleteSchemaResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// UpdateAPIShieldSchema updates certain fields on an existing schema.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-enable-validation-for-a-schema
+func (api *API) UpdateAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldSchemaParams) (*APIShieldSchema, error) {
+	if params.SchemaID == "" {
+		return nil, fmt.Errorf("schema ID must be provided")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	// Result should be the updated schema that was patched
+	var asResponse APIShieldPatchSchemaResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// Schema Validation Settings
+
+// APIShieldSchemaValidationSettings represents zone level schema validation settings for
+// API Shield Schema Validation 2.0.
+type APIShieldSchemaValidationSettings struct {
+	// DefaultMitigationAction is the mitigation to apply when there is no operation-level
+	// mitigation action defined
+	DefaultMitigationAction string `json:"validation_default_mitigation_action" url:"-"`
+	// OverrideMitigationAction when set, will apply to all requests regardless of
+	// zone-level/operation-level setting
+	OverrideMitigationAction *string `json:"validation_override_mitigation_action" url:"-"`
+}
+
+// UpdateAPIShieldSchemaValidationSettingsParams represents the parameters to pass to update certain fields
+// on schema validation settings on the zone
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-patch-zone-level-settings
+type UpdateAPIShieldSchemaValidationSettingsParams struct {
+	// DefaultMitigationAction is the mitigation to apply when there is no operation-level
+	// mitigation action defined
+	//
+	// passing a `nil` value will have no effect on this setting
+	DefaultMitigationAction *string `json:"validation_default_mitigation_action" url:"-"`
+
+	// OverrideMitigationAction when set, will apply to all requests regardless of
+	// zone-level/operation-level setting
+	//
+	// passing a `nil` value will have no effect on this setting
+	OverrideMitigationAction *string `json:"validation_override_mitigation_action" url:"-"`
+}
+
+// APIShieldSchemaValidationSettingsResponse represents the response from the GET api_gateway/settings/schema_validation endpoint.
+type APIShieldSchemaValidationSettingsResponse struct {
+	Result APIShieldSchemaValidationSettings `json:"result"`
+	Response
+}
+
+// GetAPIShieldSchemaValidationSettings retrieves zone level schema validation settings
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-zone-level-settings
+func (api *API) GetAPIShieldSchemaValidationSettings(ctx context.Context, rc *ResourceContainer) (*APIShieldSchemaValidationSettings, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", rc.Identifier)
+
+	uri := buildURI(path, nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldSchemaValidationSettingsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// UpdateAPIShieldSchemaValidationSettings updates certain fields on zone level schema validation settings
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-patch-zone-level-settings
+func (api *API) UpdateAPIShieldSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldSchemaValidationSettingsParams) (*APIShieldSchemaValidationSettings, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", rc.Identifier)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldSchemaValidationSettingsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// APIShieldOperationSchemaValidationSettings represents operation level schema validation settings for
+// API Shield Schema Validation 2.0.
+type APIShieldOperationSchemaValidationSettings struct {
+	// MitigationAction is the mitigation to apply to the operation
+	MitigationAction *string `json:"mitigation_action" url:"-"`
+}
+
+// GetAPIShieldOperationSchemaValidationSettingsParams represents the parameters to pass to retrieve
+// the schema validation settings set on the operation.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-operation-level-settings
+type GetAPIShieldOperationSchemaValidationSettingsParams struct {
+	// The Operation ID to apply the mitigation action to
+	OperationID string `url:"-"`
+}
+
+// UpdateAPIShieldOperationSchemaValidationSettings maps operation IDs to APIShieldOperationSchemaValidationSettings
+//
+// # This can be used to bulk update operations in one call
+//
+// Example:
+//
+//	UpdateAPIShieldOperationSchemaValidationSettings{
+//			"99522293-a505-45e5-bbad-bbc339f5dc40": APIShieldOperationSchemaValidationSettings{ MitigationAction: nil },
+//	}
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-update-multiple-operation-level-settings
+type UpdateAPIShieldOperationSchemaValidationSettings map[string]APIShieldOperationSchemaValidationSettings
+
+// APIShieldOperationSchemaValidationSettingsResponse represents the response from the GET api_gateway/operation/{operationID}/schema_validation endpoint.
+type APIShieldOperationSchemaValidationSettingsResponse struct {
+	Result APIShieldOperationSchemaValidationSettings `json:"result"`
+	Response
+}
+
+// UpdateAPIShieldOperationSchemaValidationSettingsResponse represents the response from the PATCH api_gateway/operations/schema_validation endpoint.
+type UpdateAPIShieldOperationSchemaValidationSettingsResponse struct {
+	Result UpdateAPIShieldOperationSchemaValidationSettings `json:"result"`
+	Response
+}
+
+// GetAPIShieldOperationSchemaValidationSettings retrieves operation level schema validation settings
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-operation-level-settings
+func (api *API) GetAPIShieldOperationSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params GetAPIShieldOperationSchemaValidationSettingsParams) (*APIShieldOperationSchemaValidationSettings, error) {
+	if params.OperationID == "" {
+		return nil, fmt.Errorf("operation ID must be provided")
+	}
+
+	path := fmt.Sprintf("/zones/%s/api_gateway/operations/%s/schema_validation", rc.Identifier, params.OperationID)
+
+	uri := buildURI(path, nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse APIShieldOperationSchemaValidationSettingsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
+
+// UpdateAPIShieldOperationSchemaValidationSettings update multiple operation level schema validation settings
+//
+// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-update-multiple-operation-level-settings
+func (api *API) UpdateAPIShieldOperationSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldOperationSchemaValidationSettings) (*UpdateAPIShieldOperationSchemaValidationSettings, error) {
+	path := fmt.Sprintf("/zones/%s/api_gateway/operations/schema_validation", rc.Identifier)
+
+	uri := buildURI(path, nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var asResponse UpdateAPIShieldOperationSchemaValidationSettingsResponse
+	err = json.Unmarshal(res, &asResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &asResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/api_shield_schemas_test.go b/pkg/cloudflare-go/api_shield_schemas_test.go
new file mode 100644
index 0000000000..00514eaa60
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_schemas_test.go
@@ -0,0 +1,669 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"mime"
+	"mime/multipart"
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const testAPIShieldSchemaId = "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e"
+
+func TestGetAPIShieldSchema(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
+			"name": "petstore.json",
+			"kind": "openapi_v3",
+			"created_at": "2023-03-02T15:46:06.000000Z",
+			"validation_enabled": true,
+			"source": "{}"
+		}
+	}`
+
+	tests := []struct {
+		name           string
+		getParams      GetAPIShieldSchemaParams
+		expectedParams url.Values
+	}{
+		{
+			name: "without omit source",
+			getParams: GetAPIShieldSchemaParams{
+				SchemaID: testAPIShieldSchemaId,
+			},
+			expectedParams: url.Values{},
+		},
+		{
+			name: "with omit source=true",
+			getParams: GetAPIShieldSchemaParams{
+				SchemaID:   testAPIShieldSchemaId,
+				OmitSource: BoolPtr(true),
+			},
+			expectedParams: url.Values{
+				"omit_source": []string{"true"},
+			},
+		},
+		{
+			name: "with omit source=false",
+			getParams: GetAPIShieldSchemaParams{
+				SchemaID:   testAPIShieldSchemaId,
+				OmitSource: BoolPtr(false),
+			},
+			expectedParams: url.Values{
+				"omit_source": []string{"false"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			setup()
+			t.Cleanup(teardown)
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				require.Equal(t, test.expectedParams, r.URL.Query())
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprint(w, response)
+			}
+
+			mux.HandleFunc(endpoint, handler)
+
+			actual, err := client.GetAPIShieldSchema(
+				context.Background(),
+				ZoneIdentifier(testZoneID),
+				test.getParams,
+			)
+
+			createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+			expected := &APIShieldSchema{
+				ID:                testAPIShieldSchemaId,
+				Name:              "petstore.json",
+				Kind:              "openapi_v3",
+				Source:            "{}",
+				CreatedAt:         &createdAt,
+				ValidationEnabled: true,
+			}
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, expected, actual)
+			}
+		})
+	}
+}
+
+func TestListAPIShieldSchemas(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": [
+			{
+				"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
+				"name": "petstore.json",
+				"kind": "openapi_v3",
+				"created_at": "2023-03-02T15:46:06.000000Z",
+				"validation_enabled": true,
+				"source": "{}"
+			}
+		],
+		"result_info": {
+			"page": 3,
+			"per_page": 20,
+			"count": 1,
+			"total_count": 2000
+		}
+	}`
+
+	tests := []struct {
+		name           string
+		getParams      ListAPIShieldSchemasParams
+		expectedParams url.Values
+	}{
+		{
+			name:           "with empty params",
+			getParams:      ListAPIShieldSchemasParams{},
+			expectedParams: url.Values{},
+		},
+		{
+			name: "all params",
+			getParams: ListAPIShieldSchemasParams{
+				OmitSource:        BoolPtr(true),
+				ValidationEnabled: BoolPtr(false),
+				PaginationOptions: PaginationOptions{
+					Page:    1,
+					PerPage: 25,
+				},
+			},
+			expectedParams: url.Values{
+				"omit_source":        []string{"true"},
+				"validation_enabled": []string{"false"},
+				"page":               []string{"1"},
+				"per_page":           []string{"25"},
+			},
+		},
+		{
+			name: "with omit source",
+			getParams: ListAPIShieldSchemasParams{
+				OmitSource: BoolPtr(true),
+			},
+			expectedParams: url.Values{
+				"omit_source": []string{"true"},
+			},
+		},
+		{
+			name: "with validation enabled",
+			getParams: ListAPIShieldSchemasParams{
+				ValidationEnabled: BoolPtr(true),
+			},
+			expectedParams: url.Values{
+				"validation_enabled": []string{"true"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			setup()
+			t.Cleanup(teardown)
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				require.Equal(t, test.expectedParams, r.URL.Query())
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprint(w, response)
+			}
+
+			mux.HandleFunc(endpoint, handler)
+
+			actual, resultInfo, err := client.ListAPIShieldSchemas(
+				context.Background(),
+				ZoneIdentifier(testZoneID),
+				test.getParams,
+			)
+
+			createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+			expected := []APIShieldSchema{
+				{
+					ID:                testAPIShieldSchemaId,
+					Name:              "petstore.json",
+					Kind:              "openapi_v3",
+					Source:            "{}",
+					CreatedAt:         &createdAt,
+					ValidationEnabled: true,
+				},
+			}
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, expected, actual)
+
+				expectedResultInfo := ResultInfo{
+					Page:    3,
+					PerPage: 20,
+					Count:   1,
+					Total:   2000,
+				}
+				assert.Equal(t, expectedResultInfo, resultInfo)
+			}
+		})
+	}
+}
+
+func TestDeleteAPIShieldSchema(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
+	response := `{"result":{},"success":true,"errors":[],"messages":[]}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	err := client.DeleteAPIShieldSchema(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		DeleteAPIShieldSchemaParams{
+			SchemaID: testAPIShieldSchemaId,
+		},
+	)
+
+	assert.NoError(t, err)
+}
+
+func TestUpdateAPIShieldSchema(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
+			"name": "petstore.json",
+			"kind": "openapi_v3",
+			"validation_enabled": true
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		require.Equal(t, `{"validation_enabled":true}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.UpdateAPIShieldSchema(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateAPIShieldSchemaParams{
+			SchemaID:          testAPIShieldSchemaId,
+			ValidationEnabled: BoolPtr(true),
+		},
+	)
+
+	// patch result is a cut down representation of the schema
+	// so metadata like created date is not populated
+	expected := &APIShieldSchema{
+		ID:                testAPIShieldSchemaId,
+		Name:              "petstore.json",
+		Kind:              "openapi_v3",
+		ValidationEnabled: true,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+
+	assert.NoError(t, err)
+}
+
+func TestCreateAPIShieldSchema(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"schema": {
+				"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
+				"name": "petstore.json",
+				"kind": "openapi_v3",
+				"created_at": "2023-03-02T15:46:06.000000Z",
+				"validation_enabled": true,
+				"source": "{}"
+			},
+			"upload_details": {
+				"warnings": [
+					{
+						"code": 28,
+						"message": "unsupported media type: application/octet-stream",
+						"locations": [
+							".paths[\"/user/{username}\"].put"
+						]
+					}
+				]
+			}
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		// Check that form data has been sent correctly.
+		mediaType, params, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+		require.NoError(t, err)
+		require.True(t, strings.HasPrefix(mediaType, "multipart/form-data"))
+
+		expectedParts := []struct {
+			partKeys map[string]string
+			data     []byte
+		}{
+			{
+				partKeys: map[string]string{"name": "name"},
+				data:     []byte("petstore.json"),
+			},
+			{
+				partKeys: map[string]string{"name": "kind"},
+				data:     []byte("openapi_v3"),
+			},
+			{
+				partKeys: map[string]string{"name": "validation_enabled"},
+				data:     []byte("true"),
+			},
+			{
+				partKeys: map[string]string{"filename": "petstore.json", "name": "file"},
+				data:     []byte("{}"),
+			},
+		}
+
+		multiPartReader := multipart.NewReader(r.Body, params["boundary"])
+		partNum := 0
+		for {
+			part, err := multiPartReader.NextPart()
+			if errors.Is(err, io.EOF) {
+				break
+			}
+			require.NoError(t, err)
+
+			// more parts found - this is unexpected
+			require.Less(t, partNum, len(expectedParts))
+
+			value, err := io.ReadAll(part)
+			require.NoError(t, err)
+
+			_, dParams, err := mime.ParseMediaType(part.Header.Get("Content-Disposition"))
+			require.NoError(t, err)
+
+			require.Equal(t, expectedParts[partNum].partKeys, dParams)
+			require.Equal(t, expectedParts[partNum].data, value)
+			partNum++
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.CreateAPIShieldSchema(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		CreateAPIShieldSchemaParams{
+			Name:              "petstore.json",
+			Kind:              "openapi_v3",
+			Source:            strings.NewReader("{}"),
+			ValidationEnabled: BoolPtr(true),
+		},
+	)
+
+	createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
+	expected := &APIShieldCreateSchemaResult{
+		Schema: APIShieldSchema{
+			ID:                testAPIShieldSchemaId,
+			Name:              "petstore.json",
+			Kind:              "openapi_v3",
+			Source:            "{}",
+			CreatedAt:         &createdAt,
+			ValidationEnabled: true,
+		},
+		Events: APIShieldCreateSchemaEvents{
+			Warnings: []APIShieldCreateSchemaEventWithLocations{
+				{
+					APIShieldCreateSchemaEvent: APIShieldCreateSchemaEvent{
+						Code:    28,
+						Message: "unsupported media type: application/octet-stream",
+					},
+					Locations: []string{
+						".paths[\"/user/{username}\"].put",
+					},
+				},
+			},
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestCreateAPIShieldSchemaError(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
+	response := `{
+		"success" : false,
+		"errors": [
+			{
+			  "code": 21400,
+			  "message": "only default parameter styles are supported: path, form (.paths[\"/pet/{petId}\"].get.parameters[0])"
+			}
+		],
+		"messages": [],
+		"result": {
+			"upload_details": {
+				"errors": [
+					{
+						"code": 22,
+						"message": "only default parameter styles are supported: path, form",
+						"locations": [
+							".paths[\"/pet/{petId}\"].get.parameters[0]"
+						]
+					}
+				]
+			}
+		}
+	}`
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(400)
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	_, err := client.CreateAPIShieldSchema(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		CreateAPIShieldSchemaParams{
+			Name:              "petstore.json",
+			Kind:              "openapi_v3",
+			Source:            strings.NewReader("{}"),
+			ValidationEnabled: BoolPtr(true),
+		},
+	)
+
+	require.ErrorContains(t, err, "only default parameter styles are supported: path, form (.paths[\"/pet/{petId}\"].get.parameters[0]) (21400)")
+}
+
+func TestMustProvideSchemaID(t *testing.T) {
+	setup()
+	t.Cleanup(teardown)
+
+	_, err := client.GetAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), GetAPIShieldSchemaParams{})
+	require.ErrorContains(t, err, "schema ID must be provided")
+
+	_, err = client.UpdateAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), UpdateAPIShieldSchemaParams{})
+	require.ErrorContains(t, err, "schema ID must be provided")
+
+	err = client.DeleteAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), DeleteAPIShieldSchemaParams{})
+	require.ErrorContains(t, err, "schema ID must be provided")
+}
+
+func TestGetAPIShieldSchemaValidationSettings(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"validation_default_mitigation_action": "log",
+			"validation_override_mitigation_action": "none"
+		}
+	}`
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.GetAPIShieldSchemaValidationSettings(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+	)
+
+	none := "none"
+	expected := &APIShieldSchemaValidationSettings{
+		DefaultMitigationAction:  "log",
+		OverrideMitigationAction: &none,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestUpdateAPIShieldSchemaValidationSettings(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", testZoneID)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"validation_default_mitigation_action": "log",
+			"validation_override_mitigation_action": null
+		}
+	}`
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.UpdateAPIShieldSchemaValidationSettings(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateAPIShieldSchemaValidationSettingsParams{}, // specifying nil is ok for fields
+	)
+
+	expected := &APIShieldSchemaValidationSettings{
+		DefaultMitigationAction:  "log",
+		OverrideMitigationAction: nil,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestGetAPIShieldOperationSchemaValidationSettings(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s/schema_validation", testZoneID, testAPIShieldOperationId)
+	response := `{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"mitigation_action": "log"
+		}
+	}`
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.GetAPIShieldOperationSchemaValidationSettings(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		GetAPIShieldOperationSchemaValidationSettingsParams{OperationID: testAPIShieldOperationId},
+	)
+
+	log := "log"
+	expected := &APIShieldOperationSchemaValidationSettings{
+		MitigationAction: &log,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
+
+func TestUpdateAPIShieldOperationSchemaValidationSettings(t *testing.T) {
+	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/schema_validation", testZoneID)
+	response := fmt.Sprintf(`{
+		"success" : true,
+		"errors": [],
+		"messages": [],
+		"result": {
+			"%s": null
+		}
+	}`, testAPIShieldOperationId)
+
+	setup()
+	t.Cleanup(teardown)
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		require.Empty(t, r.URL.Query())
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		expected := fmt.Sprintf(`{"%s":{"mitigation_action":null}}`, testAPIShieldOperationId)
+		require.Equal(t, expected, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc(endpoint, handler)
+
+	actual, err := client.UpdateAPIShieldOperationSchemaValidationSettings(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateAPIShieldOperationSchemaValidationSettings{
+			testAPIShieldOperationId: APIShieldOperationSchemaValidationSettings{
+				MitigationAction: nil,
+			},
+		},
+	)
+
+	expected := &UpdateAPIShieldOperationSchemaValidationSettings{
+		testAPIShieldOperationId: APIShieldOperationSchemaValidationSettings{
+			MitigationAction: nil,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expected, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/api_shield_test.go b/pkg/cloudflare-go/api_shield_test.go
new file mode 100644
index 0000000000..9644ad7b0b
--- /dev/null
+++ b/pkg/cloudflare-go/api_shield_test.go
@@ -0,0 +1,84 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetAPIShield(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success" : true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"auth_id_characteristics": [
+			{
+				"type": "header",
+				"name": "test-header"
+			},
+			{
+				"type": "cookie",
+				"name": "test-cookie"
+			}
+		]
+	}
+}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/api_gateway/configuration", handler)
+
+	var authChars []AuthIdCharacteristics
+	authChars = append(authChars, AuthIdCharacteristics{Type: "header", Name: "test-header"})
+	authChars = append(authChars, AuthIdCharacteristics{Type: "cookie", Name: "test-cookie"})
+
+	want := APIShield{
+		AuthIdCharacteristics: authChars,
+	}
+
+	actual, _, err := client.GetAPIShieldConfiguration(context.Background(), ZoneIdentifier(testZoneID))
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestPutAPIShield(t *testing.T) {
+	setup()
+	defer teardown()
+
+	// now lets do a PUT
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success" : true,
+	"errors": [],
+	"messages": [],
+	"result": []
+}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/api_gateway/configuration", handler)
+
+	apiShieldData := UpdateAPIShieldParams{AuthIdCharacteristics: []AuthIdCharacteristics{{Type: "header", Name: "different-header"}, {Type: "cookie", Name: "different-cookie"}}}
+
+	want := Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
+
+	actual, err := client.UpdateAPIShieldConfiguration(context.Background(), ZoneIdentifier(testZoneID), apiShieldData)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/api_token.go b/pkg/cloudflare-go/api_token.go
new file mode 100644
index 0000000000..92554774d6
--- /dev/null
+++ b/pkg/cloudflare-go/api_token.go
@@ -0,0 +1,238 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// APIToken is the full API token.
+type APIToken struct {
+	ID         string             `json:"id,omitempty"`
+	Name       string             `json:"name,omitempty"`
+	Status     string             `json:"status,omitempty"`
+	IssuedOn   *time.Time         `json:"issued_on,omitempty"`
+	ModifiedOn *time.Time         `json:"modified_on,omitempty"`
+	NotBefore  *time.Time         `json:"not_before,omitempty"`
+	ExpiresOn  *time.Time         `json:"expires_on,omitempty"`
+	Policies   []APITokenPolicies `json:"policies,omitempty"`
+	Condition  *APITokenCondition `json:"condition,omitempty"`
+	Value      string             `json:"value,omitempty"`
+}
+
+// APITokenPermissionGroups is the permission groups associated with API tokens.
+type APITokenPermissionGroups struct {
+	ID     string   `json:"id"`
+	Name   string   `json:"name,omitempty"`
+	Scopes []string `json:"scopes,omitempty"`
+}
+
+// APITokenPolicies are policies attached to an API token.
+type APITokenPolicies struct {
+	ID               string                     `json:"id,omitempty"`
+	Effect           string                     `json:"effect"`
+	Resources        map[string]interface{}     `json:"resources"`
+	PermissionGroups []APITokenPermissionGroups `json:"permission_groups"`
+}
+
+// APITokenRequestIPCondition is the struct for adding an IP restriction to an
+// API token.
+type APITokenRequestIPCondition struct {
+	In    []string `json:"in,omitempty"`
+	NotIn []string `json:"not_in,omitempty"`
+}
+
+// APITokenCondition is the outer structure for request conditions (currently
+// only IPs).
+type APITokenCondition struct {
+	RequestIP *APITokenRequestIPCondition `json:"request.ip,omitempty"`
+}
+
+// APITokenResponse is the API response for a single API token.
+type APITokenResponse struct {
+	Response
+	Result APIToken `json:"result"`
+}
+
+// APITokenListResponse is the API response for multiple API tokens.
+type APITokenListResponse struct {
+	Response
+	Result []APIToken `json:"result"`
+}
+
+// APITokenRollResponse is the API response when rolling the token.
+type APITokenRollResponse struct {
+	Response
+	Result string `json:"result"`
+}
+
+// APITokenVerifyResponse is the API response for verifying a token.
+type APITokenVerifyResponse struct {
+	Response
+	Result APITokenVerifyBody `json:"result"`
+}
+
+// APITokenPermissionGroupsResponse is the API response for the available
+// permission groups.
+type APITokenPermissionGroupsResponse struct {
+	Response
+	Result []APITokenPermissionGroups `json:"result"`
+}
+
+// APITokenVerifyBody is the API body for verifying a token.
+type APITokenVerifyBody struct {
+	ID        string    `json:"id"`
+	Status    string    `json:"status"`
+	NotBefore time.Time `json:"not_before"`
+	ExpiresOn time.Time `json:"expires_on"`
+}
+
+// GetAPIToken returns a single API token based on the ID.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-token-details
+func (api *API) GetAPIToken(ctx context.Context, tokenID string) (APIToken, error) {
+	uri := fmt.Sprintf("/user/tokens/%s", tokenID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return APIToken{}, err
+	}
+
+	var apiTokenResponse APITokenResponse
+	err = json.Unmarshal(res, &apiTokenResponse)
+	if err != nil {
+		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return apiTokenResponse.Result, nil
+}
+
+// APITokens returns all available API tokens.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-list-tokens
+func (api *API) APITokens(ctx context.Context) ([]APIToken, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens", nil)
+	if err != nil {
+		return []APIToken{}, err
+	}
+
+	var apiTokenListResponse APITokenListResponse
+	err = json.Unmarshal(res, &apiTokenListResponse)
+	if err != nil {
+		return []APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return apiTokenListResponse.Result, nil
+}
+
+// CreateAPIToken creates a new token. Returns the API token that has been
+// generated.
+//
+// The token value itself is only shown once (post create) and will present as
+// `Value` from this method. If you fail to capture it at this point, you will
+// need to roll the token in order to get a new value.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-create-token
+func (api *API) CreateAPIToken(ctx context.Context, token APIToken) (APIToken, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPost, "/user/tokens", token)
+	if err != nil {
+		return APIToken{}, err
+	}
+
+	var createTokenAPIResponse APITokenResponse
+	err = json.Unmarshal(res, &createTokenAPIResponse)
+	if err != nil {
+		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return createTokenAPIResponse.Result, nil
+}
+
+// UpdateAPIToken updates an existing API token.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-update-token
+func (api *API) UpdateAPIToken(ctx context.Context, tokenID string, token APIToken) (APIToken, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPut, "/user/tokens/"+tokenID, token)
+	if err != nil {
+		return APIToken{}, err
+	}
+
+	var updatedTokenResponse APITokenResponse
+	err = json.Unmarshal(res, &updatedTokenResponse)
+	if err != nil {
+		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return updatedTokenResponse.Result, nil
+}
+
+// RollAPIToken rolls the credential associated with the token.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-roll-token
+func (api *API) RollAPIToken(ctx context.Context, tokenID string) (string, error) {
+	uri := fmt.Sprintf("/user/tokens/%s/value", tokenID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var apiTokenRollResponse APITokenRollResponse
+	err = json.Unmarshal(res, &apiTokenRollResponse)
+	if err != nil {
+		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return apiTokenRollResponse.Result, nil
+}
+
+// VerifyAPIToken tests the validity of the token.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-verify-token
+func (api *API) VerifyAPIToken(ctx context.Context) (APITokenVerifyBody, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens/verify", nil)
+	if err != nil {
+		return APITokenVerifyBody{}, err
+	}
+
+	var apiTokenVerifyResponse APITokenVerifyResponse
+	err = json.Unmarshal(res, &apiTokenVerifyResponse)
+	if err != nil {
+		return APITokenVerifyBody{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return apiTokenVerifyResponse.Result, nil
+}
+
+// DeleteAPIToken deletes a single API token.
+//
+// API reference: https://api.cloudflare.com/#user-api-tokens-delete-token
+func (api *API) DeleteAPIToken(ctx context.Context, tokenID string) error {
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, "/user/tokens/"+tokenID, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ListAPITokensPermissionGroups returns all available API token permission groups.
+//
+// API reference: https://api.cloudflare.com/#permission-groups-list-permission-groups
+func (api *API) ListAPITokensPermissionGroups(ctx context.Context) ([]APITokenPermissionGroups, error) {
+	var r APITokenPermissionGroupsResponse
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens/permission_groups", nil)
+	if err != nil {
+		return []APITokenPermissionGroups{}, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []APITokenPermissionGroups{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/api_token_test.go b/pkg/cloudflare-go/api_token_test.go
new file mode 100644
index 0000000000..a48759832a
--- /dev/null
+++ b/pkg/cloudflare-go/api_token_test.go
@@ -0,0 +1,522 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPITokens(t *testing.T) {
+	setup()
+	defer teardown()
+
+	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
+	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "id": "ed17574386854bf78a67040be0a770b0",
+          "name": "readonly token",
+          "status": "active",
+          "issued_on": "2018-07-01T05:20:00Z",
+          "modified_on": "2018-07-02T05:20:00Z",
+          "not_before": "2018-07-01T05:20:00Z",
+          "expires_on": "2020-01-01T00:00:00Z",
+          "policies": [
+            {
+              "id": "f267e341f3dd4697bd3b9f71dd96247f",
+              "effect": "allow",
+              "resources": {
+                "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
+              },
+              "permission_groups": [
+                {
+                  "id": "c8fed203ed3043cba015a93ad1616f1f",
+                  "name": "Zone Read"
+                },
+                {
+                  "id": "82e64a83756745bbbb1c9c2701bf816b",
+                  "name": "DNS Read"
+                }
+              ]
+            }
+          ],
+          "condition": {
+            "request.ip": {
+              "in": [
+                "192.0.2.0/24",
+                "2001:db8::/48"
+              ],
+              "not_in": [
+                "198.51.100.0/24",
+                "2001:db8:1::/48"
+              ]
+            }
+          }
+        }
+      ]
+    }`)
+	}
+
+	mux.HandleFunc("/user/tokens", handler)
+
+	resources := make(map[string]interface{})
+	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
+	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
+
+	expectedAPIToken := APIToken{
+		ID:         "ed17574386854bf78a67040be0a770b0",
+		Name:       "readonly token",
+		Status:     "active",
+		IssuedOn:   &issuedOn,
+		ModifiedOn: &modifiedOn,
+		NotBefore:  &notBefore,
+		ExpiresOn:  &expiresOn,
+		Policies: []APITokenPolicies{{
+			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
+			Effect:    "allow",
+			Resources: resources,
+			PermissionGroups: []APITokenPermissionGroups{
+				{
+					ID:   "c8fed203ed3043cba015a93ad1616f1f",
+					Name: "Zone Read",
+				},
+				{
+					ID:   "82e64a83756745bbbb1c9c2701bf816b",
+					Name: "DNS Read",
+				},
+			},
+		}},
+		Condition: &APITokenCondition{
+			RequestIP: &APITokenRequestIPCondition{
+				In:    []string{"192.0.2.0/24", "2001:db8::/48"},
+				NotIn: []string{"198.51.100.0/24", "2001:db8:1::/48"},
+			},
+		},
+	}
+
+	actual, err := client.APITokens(context.Background())
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []APIToken{expectedAPIToken}, actual)
+	}
+}
+
+func TestGetAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
+	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+          "id": "ed17574386854bf78a67040be0a770b0",
+          "name": "readonly token",
+          "status": "active",
+          "issued_on": "2018-07-01T05:20:00Z",
+          "modified_on": "2018-07-02T05:20:00Z",
+          "not_before": "2018-07-01T05:20:00Z",
+          "expires_on": "2020-01-01T00:00:00Z",
+          "policies": [
+            {
+              "id": "f267e341f3dd4697bd3b9f71dd96247f",
+              "effect": "allow",
+              "resources": {
+                "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+                "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
+              },
+              "permission_groups": [
+                {
+                  "id": "c8fed203ed3043cba015a93ad1616f1f",
+                  "name": "Zone Read"
+                },
+                {
+                  "id": "82e64a83756745bbbb1c9c2701bf816b",
+                  "name": "DNS Read"
+                }
+              ]
+            }
+          ],
+          "condition": {
+            "request.ip": {
+              "in": [
+                "192.0.2.0/24",
+                "2001:db8::/48"
+              ],
+              "not_in": [
+                "198.51.100.0/24",
+                "2001:db8:1::/48"
+              ]
+            }
+          }
+        }
+      }`)
+	}
+
+	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
+
+	resources := make(map[string]interface{})
+	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
+	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
+
+	expectedAPIToken := APIToken{
+		ID:         "ed17574386854bf78a67040be0a770b0",
+		Name:       "readonly token",
+		Status:     "active",
+		IssuedOn:   &issuedOn,
+		ModifiedOn: &modifiedOn,
+		NotBefore:  &notBefore,
+		ExpiresOn:  &expiresOn,
+		Policies: []APITokenPolicies{{
+			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
+			Effect:    "allow",
+			Resources: resources,
+			PermissionGroups: []APITokenPermissionGroups{
+				{
+					ID:   "c8fed203ed3043cba015a93ad1616f1f",
+					Name: "Zone Read",
+				},
+				{
+					ID:   "82e64a83756745bbbb1c9c2701bf816b",
+					Name: "DNS Read",
+				},
+			},
+		}},
+		Condition: &APITokenCondition{
+			RequestIP: &APITokenRequestIPCondition{
+				In:    []string{"192.0.2.0/24", "2001:db8::/48"},
+				NotIn: []string{"198.51.100.0/24", "2001:db8:1::/48"},
+			},
+		},
+	}
+
+	actual, err := client.GetAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAPIToken, actual)
+	}
+}
+
+func TestCreateAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	// issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	// modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
+	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+    "success":true,
+    "errors":[],
+    "messages":[],
+    "result":{
+      "id":"ed17574386854bf78a67040be0a770b0",
+      "name":"readonly token",
+      "status":"active",
+      "issued_on":"2018-07-01T05:20:00Z",
+      "modified_on":"2018-07-02T05:20:00Z",
+      "not_before":"2018-07-01T05:20:00Z",
+      "expires_on":"2020-01-01T00:00:00Z",
+      "policies":[
+        {
+          "id":"f267e341f3dd4697bd3b9f71dd96247f",
+          "effect":"allow",
+          "resources":{
+            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4":"*",
+            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43":"*"
+          },
+          "permission_groups":[
+            {
+              "id":"c8fed203ed3043cba015a93ad1616f1f",
+              "name":"Zone Read"
+            },
+            {
+              "id":"82e64a83756745bbbb1c9c2701bf816b",
+              "name":"DNS Read"
+            }
+          ]
+        }
+      ]
+    }
+  }`)
+	}
+
+	mux.HandleFunc("/user/tokens", handler)
+
+	resources := make(map[string]interface{})
+	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
+	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
+
+	tokenToCreate := APIToken{
+		Name:      "readonly token",
+		NotBefore: &notBefore,
+		ExpiresOn: &expiresOn,
+		Policies: []APITokenPolicies{{
+			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
+			Effect:    "allow",
+			Resources: resources,
+			PermissionGroups: []APITokenPermissionGroups{
+				{
+					ID:   "c8fed203ed3043cba015a93ad1616f1f",
+					Name: "Zone Read",
+				},
+				{
+					ID:   "82e64a83756745bbbb1c9c2701bf816b",
+					Name: "DNS Read",
+				},
+			},
+		}},
+	}
+
+	actual, err := client.CreateAPIToken(context.Background(), tokenToCreate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, tokenToCreate.Name, actual.Name)
+		assert.Equal(t, tokenToCreate.Policies, actual.Policies)
+	}
+}
+
+func TestUpdateAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
+	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "ed17574386854bf78a67040be0a770b0",
+    "name": "readonly token",
+    "status": "active",
+    "issued_on": "2018-07-01T05:20:00Z",
+    "modified_on": "2018-07-02T05:20:00Z",
+    "not_before": "2018-07-01T05:20:00Z",
+    "expires_on": "2020-01-01T00:00:00Z",
+    "policies": [
+      {
+        "id": "f267e341f3dd4697bd3b9f71dd96247f",
+        "effect": "allow",
+        "resources": {
+          "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
+          "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
+        },
+        "permission_groups": [
+          {
+            "id": "c8fed203ed3043cba015a93ad1616f1f",
+            "name": "Zone Read"
+          },
+          {
+            "id": "82e64a83756745bbbb1c9c2701bf816b",
+            "name": "DNS Read"
+          }
+        ]
+      }
+    ],
+    "condition": {
+      "request.ip": {
+        "in": [
+          "198.51.100.0/24",
+          "2400:cb00::/32"
+        ],
+        "not_in": [
+          "198.51.100.0/24",
+          "2400:cb00::/32"
+        ]
+      }
+    }
+  }
+}`)
+	}
+
+	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
+
+	resources := make(map[string]interface{})
+	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
+	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
+
+	expectedAPIToken := APIToken{
+		ID:         "ed17574386854bf78a67040be0a770b0",
+		Name:       "readonly token",
+		Status:     "active",
+		IssuedOn:   &issuedOn,
+		ModifiedOn: &modifiedOn,
+		NotBefore:  &notBefore,
+		ExpiresOn:  &expiresOn,
+		Policies: []APITokenPolicies{{
+			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
+			Effect:    "allow",
+			Resources: resources,
+			PermissionGroups: []APITokenPermissionGroups{
+				{
+					ID:   "c8fed203ed3043cba015a93ad1616f1f",
+					Name: "Zone Read",
+				},
+				{
+					ID:   "82e64a83756745bbbb1c9c2701bf816b",
+					Name: "DNS Read",
+				},
+			},
+		},
+		},
+		Condition: &APITokenCondition{
+			RequestIP: &APITokenRequestIPCondition{
+				In:    []string{"198.51.100.0/24", "2400:cb00::/32"},
+				NotIn: []string{"198.51.100.0/24", "2400:cb00::/32"},
+			},
+		},
+	}
+
+	actual, err := client.UpdateAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0", APIToken{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedAPIToken, actual)
+	}
+}
+
+func TestRollAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"
+    }
+    `)
+	}
+
+	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0/value", handler)
+
+	actual, err := client.RollAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T", actual)
+	}
+}
+
+func TestVerifyAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "ed17574386854bf78a67040be0a770b0",
+        "status": "active",
+        "not_before": "2018-07-01T05:20:00Z",
+        "expires_on": "2020-01-01T00:00:00Z"
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/user/tokens/verify", handler)
+
+	actual, err := client.VerifyAPIToken(context.Background())
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, "active", actual.Status)
+	}
+}
+
+func TestDeleteAPIToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "9a7806061c88ada191ed06f989cc3dac"
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
+
+	err := client.DeleteAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
+	assert.NoError(t, err)
+}
+
+func TestListAPITokensPermissionGroups(t *testing.T) {
+	setup()
+	defer teardown()
+
+	var pgID = "47aa30b6eb97ecae0518b750d6b142b6"
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": [
+			{
+				"id": %q,
+				"name": "DNS Read",
+				"scopes": ["com.cloudflare.api.account.zone"]
+			}
+		  ]
+		}
+		`, pgID)
+	}
+
+	mux.HandleFunc("/user/tokens/permission_groups", handler)
+	want := []APITokenPermissionGroups{{
+		ID:     pgID,
+		Name:   "DNS Read",
+		Scopes: []string{"com.cloudflare.api.account.zone"},
+	}}
+	actual, err := client.ListAPITokensPermissionGroups(context.Background())
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/argo.go b/pkg/cloudflare-go/argo.go
new file mode 100644
index 0000000000..d789257a4d
--- /dev/null
+++ b/pkg/cloudflare-go/argo.go
@@ -0,0 +1,121 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var validSettingValues = []string{"on", "off"}
+
+// ArgoFeatureSetting is the structure of the API object for the
+// argo smart routing and tiered caching settings.
+type ArgoFeatureSetting struct {
+	Editable   bool      `json:"editable,omitempty"`
+	ID         string    `json:"id,omitempty"`
+	ModifiedOn time.Time `json:"modified_on,omitempty"`
+	Value      string    `json:"value"`
+}
+
+// ArgoDetailsResponse is the API response for the argo smart routing
+// and tiered caching response.
+type ArgoDetailsResponse struct {
+	Result ArgoFeatureSetting `json:"result"`
+	Response
+}
+
+// ArgoSmartRouting returns the current settings for smart routing.
+//
+// API reference: https://api.cloudflare.com/#argo-smart-routing-get-argo-smart-routing-setting
+func (api *API) ArgoSmartRouting(ctx context.Context, zoneID string) (ArgoFeatureSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/argo/smart_routing", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ArgoFeatureSetting{}, err
+	}
+
+	var argoDetailsResponse ArgoDetailsResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// UpdateArgoSmartRouting updates the setting for smart routing.
+//
+// API reference: https://api.cloudflare.com/#argo-smart-routing-patch-argo-smart-routing-setting
+func (api *API) UpdateArgoSmartRouting(ctx context.Context, zoneID, settingValue string) (ArgoFeatureSetting, error) {
+	if !contains(validSettingValues, settingValue) {
+		return ArgoFeatureSetting{}, fmt.Errorf("invalid setting value '%s'. must be 'on' or 'off'", settingValue)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/argo/smart_routing", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ArgoFeatureSetting{Value: settingValue})
+	if err != nil {
+		return ArgoFeatureSetting{}, err
+	}
+
+	var argoDetailsResponse ArgoDetailsResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// ArgoTieredCaching returns the current settings for tiered caching.
+//
+// API reference: TBA.
+func (api *API) ArgoTieredCaching(ctx context.Context, zoneID string) (ArgoFeatureSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ArgoFeatureSetting{}, err
+	}
+
+	var argoDetailsResponse ArgoDetailsResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// UpdateArgoTieredCaching updates the setting for tiered caching.
+//
+// API reference: TBA.
+func (api *API) UpdateArgoTieredCaching(ctx context.Context, zoneID, settingValue string) (ArgoFeatureSetting, error) {
+	if !contains(validSettingValues, settingValue) {
+		return ArgoFeatureSetting{}, fmt.Errorf("invalid setting value '%s'. must be 'on' or 'off'", settingValue)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ArgoFeatureSetting{Value: settingValue})
+	if err != nil {
+		return ArgoFeatureSetting{}, err
+	}
+
+	var argoDetailsResponse ArgoDetailsResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+func contains(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/cloudflare-go/argo_example_test.go b/pkg/cloudflare-go/argo_example_test.go
new file mode 100644
index 0000000000..720b6de47c
--- /dev/null
+++ b/pkg/cloudflare-go/argo_example_test.go
@@ -0,0 +1,65 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ArgoSmartRouting() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	smartRoutingSettings, err := api.ArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("smart routing is %s", smartRoutingSettings.Value)
+}
+
+func ExampleAPI_ArgoTieredCaching() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	tieredCachingSettings, err := api.ArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("tiered caching is %s", tieredCachingSettings.Value)
+}
+
+func ExampleAPI_UpdateArgoSmartRouting() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	smartRoutingSettings, err := api.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "on")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("smart routing is %s", smartRoutingSettings.Value)
+}
+
+func ExampleAPI_UpdateArgoTieredCaching() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	tieredCachingSettings, err := api.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "on")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("tiered caching is %s", tieredCachingSettings.Value)
+}
diff --git a/pkg/cloudflare-go/argo_test.go b/pkg/cloudflare-go/argo_test.go
new file mode 100644
index 0000000000..8f5f28507d
--- /dev/null
+++ b/pkg/cloudflare-go/argo_test.go
@@ -0,0 +1,179 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var argoTimestamp, _ = time.Parse(time.RFC3339Nano, "2019-02-20T22:37:07.107449Z")
+
+func TestArgoSmartRouting(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "smart_routing",
+				"value": "on",
+				"editable": true,
+				"modified_on": "2019-02-20T22:37:07.107449Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/smart_routing", handler)
+	want := ArgoFeatureSetting{
+		ID:         "smart_routing",
+		Value:      "on",
+		Editable:   true,
+		ModifiedOn: argoTimestamp,
+	}
+
+	actual, err := client.ArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateArgoSmartRouting(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "smart_routing",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2019-02-20T22:37:07.107449Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/smart_routing", handler)
+	want := ArgoFeatureSetting{
+		ID:         "smart_routing",
+		Value:      "off",
+		Editable:   true,
+		ModifiedOn: argoTimestamp,
+	}
+
+	actual, err := client.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "off")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateArgoSmartRoutingWithInvalidValue(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "notreal")
+
+	if assert.Error(t, err) {
+		assert.Equal(t, "invalid setting value 'notreal'. must be 'on' or 'off'", err.Error())
+	}
+}
+
+func TestArgoTieredCaching(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "tiered_caching",
+				"value": "on",
+				"editable": true,
+				"modified_on": "2019-02-20T22:37:07.107449Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/tiered_caching", handler)
+	want := ArgoFeatureSetting{
+		ID:         "tiered_caching",
+		Value:      "on",
+		Editable:   true,
+		ModifiedOn: argoTimestamp,
+	}
+
+	actual, err := client.ArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateArgoTieredCaching(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "tiered_caching",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2019-02-20T22:37:07.107449Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/tiered_caching", handler)
+	want := ArgoFeatureSetting{
+		ID:         "tiered_caching",
+		Value:      "off",
+		Editable:   true,
+		ModifiedOn: argoTimestamp,
+	}
+
+	actual, err := client.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "off")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateArgoTieredCachingWithInvalidValue(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "notreal")
+
+	if assert.Error(t, err) {
+		assert.Equal(t, "invalid setting value 'notreal'. must be 'on' or 'off'", err.Error())
+	}
+}
diff --git a/pkg/cloudflare-go/argo_tunnel.go b/pkg/cloudflare-go/argo_tunnel.go
new file mode 100644
index 0000000000..fa444f0ead
--- /dev/null
+++ b/pkg/cloudflare-go/argo_tunnel.go
@@ -0,0 +1,162 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// ArgoTunnel is the struct definition of a tunnel.
+type ArgoTunnel struct {
+	ID          string                 `json:"id,omitempty"`
+	Name        string                 `json:"name,omitempty"`
+	Secret      string                 `json:"tunnel_secret,omitempty"`
+	CreatedAt   *time.Time             `json:"created_at,omitempty"`
+	DeletedAt   *time.Time             `json:"deleted_at,omitempty"`
+	Connections []ArgoTunnelConnection `json:"connections,omitempty"`
+}
+
+// ArgoTunnelConnection represents the connections associated with a tunnel.
+type ArgoTunnelConnection struct {
+	ColoName           string `json:"colo_name"`
+	UUID               string `json:"uuid"`
+	IsPendingReconnect bool   `json:"is_pending_reconnect"`
+}
+
+// ArgoTunnelsDetailResponse is used for representing the API response payload for
+// multiple tunnels.
+type ArgoTunnelsDetailResponse struct {
+	Result []ArgoTunnel `json:"result"`
+	Response
+}
+
+// ArgoTunnelDetailResponse is used for representing the API response payload for
+// a single tunnel.
+type ArgoTunnelDetailResponse struct {
+	Result ArgoTunnel `json:"result"`
+	Response
+}
+
+// ArgoTunnels lists all tunnels.
+//
+// API reference: https://api.cloudflare.com/#argo-tunnel-list-argo-tunnels
+//
+// Deprecated: Use `Tunnels` instead.
+func (api *API) ArgoTunnels(ctx context.Context, accountID string) ([]ArgoTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
+	if err != nil {
+		return []ArgoTunnel{}, err
+	}
+
+	var argoDetailsResponse ArgoTunnelsDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return []ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// ArgoTunnel returns a single Argo tunnel.
+//
+// API reference: https://api.cloudflare.com/#argo-tunnel-get-argo-tunnel
+//
+// Deprecated: Use `Tunnel` instead.
+func (api *API) ArgoTunnel(ctx context.Context, accountID, tunnelUUID string) (ArgoTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
+	if err != nil {
+		return ArgoTunnel{}, err
+	}
+
+	var argoDetailsResponse ArgoTunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// CreateArgoTunnel creates a new tunnel for the account.
+//
+// API reference: https://api.cloudflare.com/#argo-tunnel-create-argo-tunnel
+//
+// Deprecated: Use `CreateTunnel` instead.
+func (api *API) CreateArgoTunnel(ctx context.Context, accountID, name, secret string) (ArgoTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
+
+	tunnel := ArgoTunnel{Name: name, Secret: secret}
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, tunnel, argoV1Header())
+	if err != nil {
+		return ArgoTunnel{}, err
+	}
+
+	var argoDetailsResponse ArgoTunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return argoDetailsResponse.Result, nil
+}
+
+// DeleteArgoTunnel removes a single Argo tunnel.
+//
+// API reference: https://api.cloudflare.com/#argo-tunnel-delete-argo-tunnel
+//
+// Deprecated: Use `DeleteTunnel` instead.
+func (api *API) DeleteArgoTunnel(ctx context.Context, accountID, tunnelUUID string) error {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
+	if err != nil {
+		return err
+	}
+
+	var argoDetailsResponse ArgoTunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// CleanupArgoTunnelConnections deletes any inactive connections on a tunnel.
+//
+// API reference: https://api.cloudflare.com/#argo-tunnel-clean-up-argo-tunnel-connections
+//
+// Deprecated: Use `CleanupTunnelConnections` instead.
+func (api *API) CleanupArgoTunnelConnections(ctx context.Context, accountID, tunnelUUID string) error {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", accountID, tunnelUUID)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
+	if err != nil {
+		return err
+	}
+
+	var argoDetailsResponse ArgoTunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// The early implementation of Argo Tunnel endpoints didn't conform to the V4
+// API standard response structure. This has been remedied going forward however
+// to support older clients this isn't yet the default. An explicit `Accept`
+// header is used to get the V4 compatible version.
+func argoV1Header() http.Header {
+	header := make(http.Header)
+	header.Set("Accept", "application/json;version=1")
+
+	return header
+}
diff --git a/pkg/cloudflare-go/argo_tunnel_test.go b/pkg/cloudflare-go/argo_tunnel_test.go
new file mode 100644
index 0000000000..29f29e1002
--- /dev/null
+++ b/pkg/cloudflare-go/argo_tunnel_test.go
@@ -0,0 +1,221 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestArgoTunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+					"name": "blog",
+					"created_at": "2009-11-10T23:00:00Z",
+					"deleted_at": "2009-11-10T23:00:00Z",
+					"connections": [
+						{
+							"colo_name": "DFW",
+							"uuid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+							"is_pending_reconnect": false
+						}
+					]
+				}
+			]
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := []ArgoTunnel{{
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []ArgoTunnelConnection{{
+			ColoName:           "DFW",
+			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			IsPendingReconnect: false,
+		}},
+	}}
+
+	actual, err := client.ArgoTunnels(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestArgoTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name":"blog",
+				"created_at":"2009-11-10T23:00:00Z",
+				"deleted_at":"2009-11-10T23:00:00Z",
+				"connections":[
+					{
+						"colo_name":"DFW",
+						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+						"is_pending_reconnect":false
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := ArgoTunnel{
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []ArgoTunnelConnection{{
+			ColoName:           "DFW",
+			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			IsPendingReconnect: false,
+		}},
+	}
+
+	actual, err := client.ArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateArgoTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name":"blog",
+				"created_at":"2009-11-10T23:00:00Z",
+				"deleted_at":"2009-11-10T23:00:00Z",
+				"connections":[
+					{
+						"colo_name":"DFW",
+						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+						"is_pending_reconnect":false
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := ArgoTunnel{
+		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []ArgoTunnelConnection{{
+			ColoName:           "DFW",
+			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			IsPendingReconnect: false,
+		}},
+	}
+
+	actual, err := client.CreateArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "blog", "notarealsecret")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteArgoTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name":"blog",
+				"created_at":"2009-11-10T23:00:00Z",
+				"deleted_at":"2009-11-10T23:00:00Z",
+				"connections":[
+					{
+						"colo_name":"DFW",
+						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+						"is_pending_reconnect":false
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
+
+	err := client.DeleteArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+	assert.NoError(t, err)
+}
+
+func TestCleanupArgoTunnelConnections(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": []
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/connections", handler)
+
+	err := client.CleanupArgoTunnelConnections(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/auditlogs.go b/pkg/cloudflare-go/auditlogs.go
new file mode 100644
index 0000000000..c21398a26a
--- /dev/null
+++ b/pkg/cloudflare-go/auditlogs.go
@@ -0,0 +1,158 @@
+package cloudflare
+
+import (
+	"context"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AuditLogAction is a member of AuditLog, the action that was taken.
+type AuditLogAction struct {
+	Result bool   `json:"result"`
+	Type   string `json:"type"`
+}
+
+// AuditLogActor is a member of AuditLog, who performed the action.
+type AuditLogActor struct {
+	Email string `json:"email"`
+	ID    string `json:"id"`
+	IP    string `json:"ip"`
+	Type  string `json:"type"`
+}
+
+// AuditLogOwner is a member of AuditLog, who owns this audit log.
+type AuditLogOwner struct {
+	ID string `json:"id"`
+}
+
+// AuditLogResource is a member of AuditLog, what was the action performed on.
+type AuditLogResource struct {
+	ID   string `json:"id"`
+	Type string `json:"type"`
+}
+
+// AuditLog is an resource that represents an update in the cloudflare dash.
+type AuditLog struct {
+	Action       AuditLogAction         `json:"action"`
+	Actor        AuditLogActor          `json:"actor"`
+	ID           string                 `json:"id"`
+	Metadata     map[string]interface{} `json:"metadata"`
+	NewValue     string                 `json:"newValue"`
+	NewValueJSON map[string]interface{} `json:"newValueJson"`
+	OldValue     string                 `json:"oldValue"`
+	OldValueJSON map[string]interface{} `json:"oldValueJson"`
+	Owner        AuditLogOwner          `json:"owner"`
+	Resource     AuditLogResource       `json:"resource"`
+	When         time.Time              `json:"when"`
+}
+
+// AuditLogResponse is the response returned from the cloudflare v4 api.
+type AuditLogResponse struct {
+	Response   Response
+	Result     []AuditLog `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// AuditLogFilter is an object for filtering the audit log response from the api.
+type AuditLogFilter struct {
+	ID           string
+	ActorIP      string
+	ActorEmail   string
+	HideUserLogs bool
+	Direction    string
+	ZoneName     string
+	Since        string
+	Before       string
+	PerPage      int
+	Page         int
+}
+
+// ToQuery turns an audit log filter in to an HTTP Query Param
+// list, suitable for use in a url.URL.RawQuery. It will not include empty
+// members of the struct in the query parameters.
+func (a AuditLogFilter) ToQuery() url.Values {
+	v := url.Values{}
+
+	if a.ID != "" {
+		v.Add("id", a.ID)
+	}
+	if a.ActorIP != "" {
+		v.Add("actor.ip", a.ActorIP)
+	}
+	if a.ActorEmail != "" {
+		v.Add("actor.email", a.ActorEmail)
+	}
+	if a.HideUserLogs {
+		v.Add("hide_user_logs", "true")
+	}
+	if a.ZoneName != "" {
+		v.Add("zone.name", a.ZoneName)
+	}
+	if a.Direction != "" {
+		v.Add("direction", a.Direction)
+	}
+	if a.Since != "" {
+		v.Add("since", a.Since)
+	}
+	if a.Before != "" {
+		v.Add("before", a.Before)
+	}
+	if a.PerPage > 0 {
+		v.Add("per_page", strconv.Itoa(a.PerPage))
+	}
+	if a.Page > 0 {
+		v.Add("page", strconv.Itoa(a.Page))
+	}
+
+	return v
+}
+
+// GetOrganizationAuditLogs will return the audit logs of a specific
+// organization, based on the ID passed in. The audit logs can be
+// filtered based on any argument in the AuditLogFilter.
+//
+// API Reference: https://api.cloudflare.com/#audit-logs-list-organization-audit-logs
+func (api *API) GetOrganizationAuditLogs(ctx context.Context, organizationID string, a AuditLogFilter) (AuditLogResponse, error) {
+	uri := url.URL{
+		Path:       path.Join("/accounts", organizationID, "audit_logs"),
+		ForceQuery: true,
+		RawQuery:   a.ToQuery().Encode(),
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri.String(), nil)
+	if err != nil {
+		return AuditLogResponse{}, err
+	}
+	return unmarshalReturn(res)
+}
+
+// unmarshalReturn will unmarshal bytes and return an auditlogresponse.
+func unmarshalReturn(res []byte) (AuditLogResponse, error) {
+	var auditResponse AuditLogResponse
+	err := json.Unmarshal(res, &auditResponse)
+	if err != nil {
+		return auditResponse, err
+	}
+	return auditResponse, nil
+}
+
+// GetUserAuditLogs will return your user's audit logs. The audit logs can be
+// filtered based on any argument in the AuditLogFilter.
+//
+// API Reference: https://api.cloudflare.com/#audit-logs-list-user-audit-logs
+func (api *API) GetUserAuditLogs(ctx context.Context, a AuditLogFilter) (AuditLogResponse, error) {
+	uri := url.URL{
+		Path:       path.Join("/user", "audit_logs"),
+		ForceQuery: true,
+		RawQuery:   a.ToQuery().Encode(),
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri.String(), nil)
+	if err != nil {
+		return AuditLogResponse{}, err
+	}
+	return unmarshalReturn(res)
+}
diff --git a/pkg/cloudflare-go/auditlogs_test.go b/pkg/cloudflare-go/auditlogs_test.go
new file mode 100644
index 0000000000..a7f7fc2074
--- /dev/null
+++ b/pkg/cloudflare-go/auditlogs_test.go
@@ -0,0 +1,60 @@
+package cloudflare
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestAuditLogFilterToQuery(t *testing.T) {
+	filter := AuditLogFilter{
+		ID: "aaaa",
+	}
+	if !strings.Contains(filter.ToQuery().Encode(), "id=aaaa") {
+		t.Fatalf("Did not properly stringify the id field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.ActorEmail = "admin@example.com"
+	if !strings.Contains(filter.ToQuery().Encode(), "actor.email=admin%40example.com") {
+		t.Fatalf("Did not properly stringify the actor.email field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.HideUserLogs = true
+	if !strings.Contains(filter.ToQuery().Encode(), "hide_user_logs=true") {
+		t.Fatalf("Did not properly stringify the hide_user_logs field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.ActorIP = "192.0.2.0"
+	if !strings.Contains(filter.ToQuery().Encode(), "&actor.ip=192.0.2.0") {
+		t.Fatalf("Did not properly stringify the actorip field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.ZoneName = "example.com"
+	if !strings.Contains(filter.ToQuery().Encode(), "&zone.name=example.com") {
+		t.Fatalf("Did not properly stringify the zone.name field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.Direction = "direction"
+	if !strings.Contains(filter.ToQuery().Encode(), "&direction=direction") {
+		t.Fatalf("Did not properly stringify the direction field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.Since = "10-2-2018"
+	if !strings.Contains(filter.ToQuery().Encode(), "&since=10-2-2018") {
+		t.Fatalf("Did not properly stringify the since field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.Before = "10-2-2018"
+	if !strings.Contains(filter.ToQuery().Encode(), "&before=10-2-2018") {
+		t.Fatalf("Did not properly stringify the before field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.PerPage = 10000
+	if !strings.Contains(filter.ToQuery().Encode(), "&per_page=10000") {
+		t.Fatalf("Did not properly stringify the per_page field: %s", filter.ToQuery().Encode())
+	}
+
+	filter.Page = 3
+	if !strings.Contains(filter.ToQuery().Encode(), "&page=3") {
+		t.Fatalf("Did not properly stringify the page field: %s", filter.ToQuery().Encode())
+	}
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls.go b/pkg/cloudflare-go/authenticated_origin_pulls.go
new file mode 100644
index 0000000000..ff46549cea
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls.go
@@ -0,0 +1,67 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AuthenticatedOriginPulls represents global AuthenticatedOriginPulls (tls_client_auth) metadata.
+type AuthenticatedOriginPulls struct {
+	ID         string    `json:"id"`
+	Value      string    `json:"value"`
+	Editable   bool      `json:"editable"`
+	ModifiedOn time.Time `json:"modified_on"`
+}
+
+// AuthenticatedOriginPullsResponse represents the response from the global AuthenticatedOriginPulls (tls_client_auth) details endpoint.
+type AuthenticatedOriginPullsResponse struct {
+	Response
+	Result AuthenticatedOriginPulls `json:"result"`
+}
+
+// GetAuthenticatedOriginPullsStatus returns the configuration details for global AuthenticatedOriginPulls (tls_client_auth).
+//
+// API reference: https://api.cloudflare.com/#zone-settings-get-tls-client-auth-setting
+func (api *API) GetAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string) (AuthenticatedOriginPulls, error) {
+	uri := fmt.Sprintf("/zones/%s/settings/tls_client_auth", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AuthenticatedOriginPulls{}, err
+	}
+	var r AuthenticatedOriginPullsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return AuthenticatedOriginPulls{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// SetAuthenticatedOriginPullsStatus toggles whether global AuthenticatedOriginPulls is enabled for the zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-change-tls-client-auth-setting
+func (api *API) SetAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string, enable bool) (AuthenticatedOriginPulls, error) {
+	uri := fmt.Sprintf("/zones/%s/settings/tls_client_auth", zoneID)
+	var val string
+	if enable {
+		val = "on"
+	} else {
+		val = "off"
+	}
+	params := struct {
+		Value string `json:"value"`
+	}{
+		Value: val,
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return AuthenticatedOriginPulls{}, err
+	}
+	var r AuthenticatedOriginPullsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return AuthenticatedOriginPulls{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
new file mode 100644
index 0000000000..c8ea3eccb4
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
@@ -0,0 +1,175 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// PerHostnameAuthenticatedOriginPullsCertificateDetails represents the metadata for a Per Hostname AuthenticatedOriginPulls certificate.
+type PerHostnameAuthenticatedOriginPullsCertificateDetails struct {
+	ID           string    `json:"id"`
+	Certificate  string    `json:"certificate"`
+	Issuer       string    `json:"issuer"`
+	Signature    string    `json:"signature"`
+	SerialNumber string    `json:"serial_number"`
+	ExpiresOn    time.Time `json:"expires_on"`
+	Status       string    `json:"status"`
+	UploadedOn   time.Time `json:"uploaded_on"`
+}
+
+// PerHostnameAuthenticatedOriginPullsCertificateResponse represents the response from endpoints relating to creating and deleting a Per Hostname AuthenticatedOriginPulls certificate.
+type PerHostnameAuthenticatedOriginPullsCertificateResponse struct {
+	Response
+	Result PerHostnameAuthenticatedOriginPullsCertificateDetails `json:"result"`
+}
+
+// PerHostnameAuthenticatedOriginPullsDetails contains metadata about the Per Hostname AuthenticatedOriginPulls configuration on a hostname.
+type PerHostnameAuthenticatedOriginPullsDetails struct {
+	Hostname       string    `json:"hostname"`
+	CertID         string    `json:"cert_id"`
+	Enabled        bool      `json:"enabled"`
+	Status         string    `json:"status"`
+	CreatedAt      time.Time `json:"created_at"`
+	UpdatedAt      time.Time `json:"updated_at"`
+	CertStatus     string    `json:"cert_status"`
+	Issuer         string    `json:"issuer"`
+	Signature      string    `json:"signature"`
+	SerialNumber   string    `json:"serial_number"`
+	Certificate    string    `json:"certificate"`
+	CertUploadedOn time.Time `json:"cert_uploaded_on"`
+	CertUpdatedAt  time.Time `json:"cert_updated_at"`
+	ExpiresOn      time.Time `json:"expires_on"`
+}
+
+// PerHostnameAuthenticatedOriginPullsDetailsResponse represents Per Hostname AuthenticatedOriginPulls configuration metadata for a single hostname.
+type PerHostnameAuthenticatedOriginPullsDetailsResponse struct {
+	Response
+	Result PerHostnameAuthenticatedOriginPullsDetails `json:"result"`
+}
+
+// PerHostnamesAuthenticatedOriginPullsDetailsResponse represents Per Hostname AuthenticatedOriginPulls configuration metadata for multiple hostnames.
+type PerHostnamesAuthenticatedOriginPullsDetailsResponse struct {
+	Response
+	Result []PerHostnameAuthenticatedOriginPullsDetails `json:"result"`
+}
+
+// PerHostnameAuthenticatedOriginPullsCertificateParams represents the required data related to the client certificate being uploaded to be used in Per Hostname AuthenticatedOriginPulls.
+type PerHostnameAuthenticatedOriginPullsCertificateParams struct {
+	Certificate string `json:"certificate"`
+	PrivateKey  string `json:"private_key"`
+}
+
+// PerHostnameAuthenticatedOriginPullsConfig represents the config state for Per Hostname AuthenticatedOriginPulls applied on a hostname.
+type PerHostnameAuthenticatedOriginPullsConfig struct {
+	Hostname string `json:"hostname"`
+	CertID   string `json:"cert_id"`
+	Enabled  bool   `json:"enabled"`
+}
+
+// PerHostnameAuthenticatedOriginPullsConfigParams represents the expected config param format for Per Hostname AuthenticatedOriginPulls applied on a hostname.
+type PerHostnameAuthenticatedOriginPullsConfigParams struct {
+	Config []PerHostnameAuthenticatedOriginPullsConfig `json:"config"`
+}
+
+// ListPerHostnameAuthenticatedOriginPullsCertificates will get all certificate under Per Hostname AuthenticatedOriginPulls zone.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-list-certificates
+func (api *API) ListPerHostnameAuthenticatedOriginPullsCertificates(ctx context.Context, zoneID string) ([]PerHostnameAuthenticatedOriginPullsDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PerHostnameAuthenticatedOriginPullsDetails{}, err
+	}
+	var r PerHostnamesAuthenticatedOriginPullsDetailsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UploadPerHostnameAuthenticatedOriginPullsCertificate will upload the provided certificate and private key to the edge under Per Hostname AuthenticatedOriginPulls.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-upload-a-hostname-client-certificate
+func (api *API) UploadPerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID string, params PerHostnameAuthenticatedOriginPullsCertificateParams) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetPerHostnameAuthenticatedOriginPullsCertificate retrieves certificate metadata about the requested Per Hostname certificate.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-get-the-hostname-client-certificate
+func (api *API) GetPerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeletePerHostnameAuthenticatedOriginPullsCertificate will remove the requested Per Hostname certificate from the edge.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-delete-hostname-client-certificate
+func (api *API) DeletePerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// EditPerHostnameAuthenticatedOriginPullsConfig applies the supplied Per Hostname AuthenticatedOriginPulls config onto a hostname(s) in the edge.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication
+func (api *API) EditPerHostnameAuthenticatedOriginPullsConfig(ctx context.Context, zoneID string, config []PerHostnameAuthenticatedOriginPullsConfig) ([]PerHostnameAuthenticatedOriginPullsDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames", zoneID)
+	conf := PerHostnameAuthenticatedOriginPullsConfigParams{
+		Config: config,
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, conf)
+	if err != nil {
+		return []PerHostnameAuthenticatedOriginPullsDetails{}, err
+	}
+	var r PerHostnamesAuthenticatedOriginPullsDetailsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetPerHostnameAuthenticatedOriginPullsConfig returns the config state of Per Hostname AuthenticatedOriginPulls of the provided hostname within a zone.
+//
+// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-get-the-hostname-status-for-client-authentication
+func (api *API) GetPerHostnameAuthenticatedOriginPullsConfig(ctx context.Context, zoneID, hostname string) (PerHostnameAuthenticatedOriginPullsDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/%s", zoneID, hostname)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PerHostnameAuthenticatedOriginPullsDetails{}, err
+	}
+	var r PerHostnameAuthenticatedOriginPullsDetailsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
new file mode 100644
index 0000000000..635ceb1011
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
@@ -0,0 +1,360 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"hostname": "app.example.com",
+					"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+					"enabled": true,
+					"status": "active",
+					"created_at": "2019-10-28T18:11:23.37411Z",
+					"updated_at": "2019-10-28T18:11:23.37411Z",
+					"cert_status": "active",
+					"issuer": "GlobalSign",
+					"signature": "SHA256WithRSA",
+					"serial_number": "6743787633689793699141714808227354901",
+					"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+					"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
+					"cert_updated_at": "2019-10-28T18:11:23.37411Z",
+					"expires_on": "2100-01-01T05:20:00Z"
+				},
+				{
+					"hostname": "anotherapp.example.com",
+					"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff61",
+					"enabled": true,
+					"status": "active",
+					"created_at": "2019-10-28T18:11:23.37411Z",
+					"updated_at": "2019-10-28T18:11:23.37411Z",
+					"cert_status": "active",
+					"issuer": "GlobalSign",
+					"signature": "SHA256WithRSA",
+					"serial_number": "6743787633689793699141714808227354921",
+					"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+					"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
+					"cert_updated_at": "2019-10-28T18:11:23.37411Z",
+					"expires_on": "2100-01-01T05:20:00Z"
+				  }
+			  ]
+		}`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	createdAt, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+
+	want := []PerHostnameAuthenticatedOriginPullsDetails{
+		{
+			Hostname:       "app.example.com",
+			Enabled:        true,
+			CertStatus:     "active",
+			CreatedAt:      createdAt,
+			UpdatedAt:      updatedAt,
+			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			Issuer:         "GlobalSign",
+			Signature:      "SHA256WithRSA",
+			SerialNumber:   "6743787633689793699141714808227354901",
+			ExpiresOn:      expiresOn,
+			Status:         "active",
+			CertUploadedOn: updatedAt,
+			CertUpdatedAt:  updatedAt,
+		}, {
+			Hostname:       "anotherapp.example.com",
+			Enabled:        true,
+			CertStatus:     "active",
+			CreatedAt:      createdAt,
+			UpdatedAt:      updatedAt,
+			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff61",
+			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			Issuer:         "GlobalSign",
+			Signature:      "SHA256WithRSA",
+			SerialNumber:   "6743787633689793699141714808227354921",
+			ExpiresOn:      expiresOn,
+			Status:         "active",
+			CertUploadedOn: updatedAt,
+			CertUpdatedAt:  updatedAt,
+		},
+	}
+	actual, err := client.ListPerHostnameAuthenticatedOriginPullsCertificates(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUploadPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "serial_number": "6743787633689793699141714808227354901",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "6743787633689793699141714808227354901",
+		ExpiresOn:    expiresOn,
+		Status:       "active",
+		UploadedOn:   uploadedOn,
+	}
+
+	clientCert := PerHostnameAuthenticatedOriginPullsCertificateParams{
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		PrivateKey:  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
+	}
+	actual, err := client.UploadPerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", clientCert)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "serial_number": "6743787633689793699141714808227354901",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+
+	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "6743787633689793699141714808227354901",
+		ExpiresOn:    expiresOn,
+		Status:       "active",
+		UploadedOn:   uploadedOn,
+	}
+	actual, err := client.GetPerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+func TestDeletePerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "serial_number": "6743787633689793699141714808227354901",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+
+	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "6743787633689793699141714808227354901",
+		ExpiresOn:    expiresOn,
+		Status:       "active",
+		UploadedOn:   uploadedOn,
+	}
+	actual, err := client.DeletePerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestEditPerHostnameAuthenticatedOriginPullsConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"hostname": "app.example.com",
+				"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+				"enabled": true,
+				"status": "active",
+				"created_at": "2100-01-01T05:20:00Z",
+				"updated_at": "2100-01-01T05:20:00Z",
+				"cert_status": "active",
+				"issuer": "GlobalSign",
+				"signature": "SHA256WithRSA",
+				"serial_number": "6743787633689793699141714808227354901",
+				"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+				"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
+				"cert_updated_at": "2100-01-01T05:20:00Z",
+				"expires_on": "2100-01-01T05:20:00Z"
+			  }
+			]
+		  }`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	certUploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	certUpdatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+
+	want := []PerHostnameAuthenticatedOriginPullsDetails{
+		{
+			Hostname:       "app.example.com",
+			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			Enabled:        true,
+			Status:         "active",
+			CreatedAt:      createdAt,
+			UpdatedAt:      updatedAt,
+			CertStatus:     "active",
+			Issuer:         "GlobalSign",
+			Signature:      "SHA256WithRSA",
+			SerialNumber:   "6743787633689793699141714808227354901",
+			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			CertUploadedOn: certUploadedOn,
+			CertUpdatedAt:  certUpdatedAt,
+			ExpiresOn:      expiresOn,
+		},
+	}
+
+	config := []PerHostnameAuthenticatedOriginPullsConfig{
+		{
+			Hostname: "app.example.com",
+			CertID:   "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			Enabled:  true,
+		},
+	}
+	actual, err := client.EditPerHostnameAuthenticatedOriginPullsConfig(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", config)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetPerHostnameAuthenticatedOriginPullsConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "hostname": "app.example.com",
+			  "cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "enabled": true,
+			  "status": "active",
+			  "created_at": "2100-01-01T05:20:00Z",
+			  "updated_at": "2100-01-01T05:20:00Z",
+			  "cert_status": "active",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "serial_number": "6743787633689793699141714808227354901",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
+			  "cert_updated_at": "2100-01-01T05:20:00Z",
+			  "expires_on": "2100-01-01T05:20:00Z"
+			}
+		  }`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/app.example.com", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	certUploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	certUpdatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+
+	want := PerHostnameAuthenticatedOriginPullsDetails{
+		Hostname:       "app.example.com",
+		CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Enabled:        true,
+		Status:         "active",
+		CreatedAt:      createdAt,
+		UpdatedAt:      updatedAt,
+		CertStatus:     "active",
+		Issuer:         "GlobalSign",
+		Signature:      "SHA256WithRSA",
+		SerialNumber:   "6743787633689793699141714808227354901",
+		Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		CertUploadedOn: certUploadedOn,
+		CertUpdatedAt:  certUpdatedAt,
+		ExpiresOn:      expiresOn,
+	}
+	actual, err := client.GetPerHostnameAuthenticatedOriginPullsConfig(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "app.example.com")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
new file mode 100644
index 0000000000..a72b34e0c2
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
@@ -0,0 +1,151 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// PerZoneAuthenticatedOriginPullsSettings represents the settings for Per Zone AuthenticatedOriginPulls.
+type PerZoneAuthenticatedOriginPullsSettings struct {
+	Enabled bool `json:"enabled"`
+}
+
+// PerZoneAuthenticatedOriginPullsSettingsResponse represents the response from the Per Zone AuthenticatedOriginPulls settings endpoint.
+type PerZoneAuthenticatedOriginPullsSettingsResponse struct {
+	Response
+	Result PerZoneAuthenticatedOriginPullsSettings `json:"result"`
+}
+
+// PerZoneAuthenticatedOriginPullsCertificateDetails represents the metadata for a Per Zone AuthenticatedOriginPulls client certificate.
+type PerZoneAuthenticatedOriginPullsCertificateDetails struct {
+	ID          string    `json:"id"`
+	Certificate string    `json:"certificate"`
+	Issuer      string    `json:"issuer"`
+	Signature   string    `json:"signature"`
+	ExpiresOn   time.Time `json:"expires_on"`
+	Status      string    `json:"status"`
+	UploadedOn  time.Time `json:"uploaded_on"`
+}
+
+// PerZoneAuthenticatedOriginPullsCertificateResponse represents the response from endpoints relating to creating and deleting a per zone AuthenticatedOriginPulls certificate.
+type PerZoneAuthenticatedOriginPullsCertificateResponse struct {
+	Response
+	Result PerZoneAuthenticatedOriginPullsCertificateDetails `json:"result"`
+}
+
+// PerZoneAuthenticatedOriginPullsCertificatesResponse represents the response from the per zone AuthenticatedOriginPulls certificate list endpoint.
+type PerZoneAuthenticatedOriginPullsCertificatesResponse struct {
+	Response
+	Result []PerZoneAuthenticatedOriginPullsCertificateDetails `json:"result"`
+}
+
+// PerZoneAuthenticatedOriginPullsCertificateParams represents the required data related to the client certificate being uploaded to be used in Per Zone AuthenticatedOriginPulls.
+type PerZoneAuthenticatedOriginPullsCertificateParams struct {
+	Certificate string `json:"certificate"`
+	PrivateKey  string `json:"private_key"`
+}
+
+// GetPerZoneAuthenticatedOriginPullsStatus returns whether per zone AuthenticatedOriginPulls is enabled or not. It is false by default.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-get-enablement-setting-for-zone
+func (api *API) GetPerZoneAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string) (PerZoneAuthenticatedOriginPullsSettings, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/settings", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PerZoneAuthenticatedOriginPullsSettings{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsSettingsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerZoneAuthenticatedOriginPullsSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// SetPerZoneAuthenticatedOriginPullsStatus will update whether Per Zone AuthenticatedOriginPulls is enabled for the zone.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-set-enablement-for-zone
+func (api *API) SetPerZoneAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string, enable bool) (PerZoneAuthenticatedOriginPullsSettings, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/settings", zoneID)
+	params := struct {
+		Enabled bool `json:"enabled"`
+	}{
+		Enabled: enable,
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return PerZoneAuthenticatedOriginPullsSettings{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsSettingsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerZoneAuthenticatedOriginPullsSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UploadPerZoneAuthenticatedOriginPullsCertificate will upload a provided client certificate and enable it to be used in all AuthenticatedOriginPulls requests for the zone.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-upload-certificate
+func (api *API) UploadPerZoneAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID string, params PerZoneAuthenticatedOriginPullsCertificateParams) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListPerZoneAuthenticatedOriginPullsCertificates returns a list of all user uploaded client certificates to Per Zone AuthenticatedOriginPulls.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-list-certificates
+func (api *API) ListPerZoneAuthenticatedOriginPullsCertificates(ctx context.Context, zoneID string) ([]PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsCertificatesResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetPerZoneAuthenticatedOriginPullsCertificateDetails returns the metadata associated with a user uploaded client certificate to Per Zone AuthenticatedOriginPulls.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-get-certificate-details
+func (api *API) GetPerZoneAuthenticatedOriginPullsCertificateDetails(ctx context.Context, zoneID, certificateID string) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeletePerZoneAuthenticatedOriginPullsCertificate removes the specified client certificate from the edge.
+//
+// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-delete-certificate
+func (api *API) DeletePerZoneAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
+	}
+	var r PerZoneAuthenticatedOriginPullsCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
new file mode 100644
index 0000000000..26d2567331
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
@@ -0,0 +1,230 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetPerZoneAuthenticatedOriginPullsStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "enabled": true
+			}
+		  }`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/settings", handler)
+	want := PerZoneAuthenticatedOriginPullsSettings{
+		Enabled: true,
+	}
+	actual, err := client.GetPerZoneAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSetPerZoneAuthenticatedOriginPullsStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "enabled": true
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/settings", handler)
+	want := PerZoneAuthenticatedOriginPullsSettings{
+		Enabled: true,
+	}
+	actual, err := client.SetPerZoneAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", true)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUploadPerZoneAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
+		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:      "GlobalSign",
+		Signature:   "SHA256WithRSA",
+		ExpiresOn:   expiresOn,
+		Status:      "active",
+		UploadedOn:  uploadedOn,
+	}
+
+	clientCert := PerZoneAuthenticatedOriginPullsCertificateParams{
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		PrivateKey:  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
+	}
+	actual, err := client.UploadPerZoneAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", clientCert)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListPerZoneAuthenticatedOriginPullsCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+				"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+				"issuer": "GlobalSign",
+				"signature": "SHA256WithRSA",
+				"expires_on": "2100-01-01T05:20:00Z",
+				"status": "active",
+				"uploaded_on": "2019-10-28T18:11:23.37411Z"
+			  }
+			]
+		  }
+		`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	want := []PerZoneAuthenticatedOriginPullsCertificateDetails{
+		{
+			ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			Issuer:      "GlobalSign",
+			Signature:   "SHA256WithRSA",
+			ExpiresOn:   expiresOn,
+			Status:      "active",
+			UploadedOn:  uploadedOn,
+		},
+	}
+	actual, err := client.ListPerZoneAuthenticatedOriginPullsCertificates(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetPerZoneAuthenticatedOriginPullsCertificateDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		  }		  
+		`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
+		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:      "GlobalSign",
+		Signature:   "SHA256WithRSA",
+		ExpiresOn:   expiresOn,
+		Status:      "active",
+		UploadedOn:  uploadedOn,
+	}
+	actual, err := client.GetPerZoneAuthenticatedOriginPullsCertificateDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeletePerZoneAuthenticatedOriginPullsCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+			  "issuer": "GlobalSign",
+			  "signature": "SHA256WithRSA",
+			  "expires_on": "2100-01-01T05:20:00Z",
+			  "status": "active",
+			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
+			}
+		  }		  
+		`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
+	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
+		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
+		Issuer:      "GlobalSign",
+		Signature:   "SHA256WithRSA",
+		ExpiresOn:   expiresOn,
+		Status:      "active",
+		UploadedOn:  uploadedOn,
+	}
+	actual, err := client.DeletePerZoneAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_test.go
new file mode 100644
index 0000000000..1e3caa8642
--- /dev/null
+++ b/pkg/cloudflare-go/authenticated_origin_pulls_test.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAuthenticatedOriginPullsDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+		    "id": "tls_client_auth",
+		    "value": "on",
+		    "editable": true,
+		    "modified_on": "2014-01-01T05:20:00.12345Z"
+		  }
+		}`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
+
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AuthenticatedOriginPulls{
+		ID:         "tls_client_auth",
+		Value:      "on",
+		Editable:   true,
+		ModifiedOn: modifiedOn,
+	}
+
+	actual, err := client.GetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSetAuthenticatedOriginPullsStatusEnabled(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "tls_client_auth",
+			  "value": "on",
+			  "editable": true,
+			  "modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		  }`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AuthenticatedOriginPulls{
+		ID:         "tls_client_auth",
+		Value:      "on",
+		Editable:   true,
+		ModifiedOn: modifiedOn,
+	}
+
+	actual, err := client.SetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", true)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSetAuthenticatedOriginPullsStatusDisabled(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "tls_client_auth",
+			  "value": "off",
+			  "editable": true,
+			  "modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		  }`)
+	}
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := AuthenticatedOriginPulls{
+		ID:         "tls_client_auth",
+		Value:      "off",
+		Editable:   true,
+		ModifiedOn: modifiedOn,
+	}
+
+	actual, err := client.SetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", false)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/bot_management.go b/pkg/cloudflare-go/bot_management.go
new file mode 100644
index 0000000000..f77968f459
--- /dev/null
+++ b/pkg/cloudflare-go/bot_management.go
@@ -0,0 +1,91 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// BotManagement represents the bots config for a zone.
+type BotManagement struct {
+	EnableJS                     *bool   `json:"enable_js,omitempty"`
+	FightMode                    *bool   `json:"fight_mode,omitempty"`
+	SBFMDefinitelyAutomated      *string `json:"sbfm_definitely_automated,omitempty"`
+	SBFMLikelyAutomated          *string `json:"sbfm_likely_automated,omitempty"`
+	SBFMVerifiedBots             *string `json:"sbfm_verified_bots,omitempty"`
+	SBFMStaticResourceProtection *bool   `json:"sbfm_static_resource_protection,omitempty"`
+	OptimizeWordpress            *bool   `json:"optimize_wordpress,omitempty"`
+	SuppressSessionScore         *bool   `json:"suppress_session_score,omitempty"`
+	AutoUpdateModel              *bool   `json:"auto_update_model,omitempty"`
+	UsingLatestModel             *bool   `json:"using_latest_model,omitempty"`
+}
+
+// BotManagementResponse represents the response from the bot_management endpoint.
+type BotManagementResponse struct {
+	Result BotManagement `json:"result"`
+	Response
+}
+
+type UpdateBotManagementParams struct {
+	EnableJS                     *bool   `json:"enable_js,omitempty"`
+	FightMode                    *bool   `json:"fight_mode,omitempty"`
+	SBFMDefinitelyAutomated      *string `json:"sbfm_definitely_automated,omitempty"`
+	SBFMLikelyAutomated          *string `json:"sbfm_likely_automated,omitempty"`
+	SBFMVerifiedBots             *string `json:"sbfm_verified_bots,omitempty"`
+	SBFMStaticResourceProtection *bool   `json:"sbfm_static_resource_protection,omitempty"`
+	OptimizeWordpress            *bool   `json:"optimize_wordpress,omitempty"`
+	SuppressSessionScore         *bool   `json:"suppress_session_score,omitempty"`
+	AutoUpdateModel              *bool   `json:"auto_update_model,omitempty"`
+}
+
+// GetBotManagement gets a zone API shield configuration.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/bot-management-for-a-zone-get-config
+func (api *API) GetBotManagement(ctx context.Context, rc *ResourceContainer) (BotManagement, error) {
+	uri := fmt.Sprintf("/zones/%s/bot_management", rc.Identifier)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, botV2Header())
+	if err != nil {
+		return BotManagement{}, err
+	}
+	var bmResponse BotManagementResponse
+	err = json.Unmarshal(res, &bmResponse)
+	if err != nil {
+		return BotManagement{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return bmResponse.Result, nil
+}
+
+// UpdateBotManagement sets a zone API shield configuration.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/bot-management-for-a-zone-update-config
+func (api *API) UpdateBotManagement(ctx context.Context, rc *ResourceContainer, params UpdateBotManagementParams) (BotManagement, error) {
+	uri := fmt.Sprintf("/zones/%s/bot_management", rc.Identifier)
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, params, botV2Header())
+	if err != nil {
+		return BotManagement{}, err
+	}
+
+	var bmResponse BotManagementResponse
+	err = json.Unmarshal(res, &bmResponse)
+	if err != nil {
+		return BotManagement{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return bmResponse.Result, nil
+}
+
+// We are currently undergoing the process of updating the bot management API.
+// The older 1.0.0 version of the is still the default version, so we will need
+// to explicitly set this special header on all requests. We will eventually
+// make 2.0.0 the default version, and later we will remove the 1.0.0 entirely.
+func botV2Header() http.Header {
+	header := make(http.Header)
+	header.Set("Cloudflare-Version", "2.0.0")
+
+	return header
+}
diff --git a/pkg/cloudflare-go/bot_management_test.go b/pkg/cloudflare-go/bot_management_test.go
new file mode 100644
index 0000000000..e0837804e5
--- /dev/null
+++ b/pkg/cloudflare-go/bot_management_test.go
@@ -0,0 +1,87 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetBotManagement(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "2.0.0", r.Header.Get("Cloudflare-Version"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success" : true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"enable_js": false,
+		"fight_mode": true,
+		"using_latest_model": true
+	}
+}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/bot_management", handler)
+
+	want := BotManagement{
+		EnableJS:         BoolPtr(false),
+		FightMode:        BoolPtr(true),
+		UsingLatestModel: BoolPtr(true),
+	}
+
+	actual, err := client.GetBotManagement(context.Background(), ZoneIdentifier(testZoneID))
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateBotManagement(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		assert.Equal(t, "2.0.0", r.Header.Get("Cloudflare-Version"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success" : true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"enable_js": false,
+		"fight_mode": true,
+		"using_latest_model": true
+	}
+}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/bot_management", handler)
+
+	bmData := UpdateBotManagementParams{
+		EnableJS:  BoolPtr(false),
+		FightMode: BoolPtr(true),
+	}
+
+	want := BotManagement{
+		EnableJS:         BoolPtr(false),
+		FightMode:        BoolPtr(true),
+		UsingLatestModel: BoolPtr(true),
+	}
+
+	actual, err := client.UpdateBotManagement(context.Background(), ZoneIdentifier(testZoneID), bmData)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/cache_reserve.go b/pkg/cloudflare-go/cache_reserve.go
new file mode 100644
index 0000000000..64e74b39a9
--- /dev/null
+++ b/pkg/cloudflare-go/cache_reserve.go
@@ -0,0 +1,83 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// CacheReserve is the structure of the API object for the cache reserve
+// setting.
+type CacheReserve struct {
+	ID         string    `json:"id,omitempty"`
+	ModifiedOn time.Time `json:"modified_on,omitempty"`
+	Value      string    `json:"value"`
+}
+
+// CacheReserveDetailsResponse is the API response for the cache reserve
+// setting.
+type CacheReserveDetailsResponse struct {
+	Result CacheReserve `json:"result"`
+	Response
+}
+
+type zoneCacheReserveSingleResponse struct {
+	Response
+	Result CacheReserve `json:"result"`
+}
+
+type GetCacheReserveParams struct{}
+
+type UpdateCacheReserveParams struct {
+	Value string `json:"value"`
+}
+
+// GetCacheReserve returns information about the current cache reserve settings.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-get-cache-reserve-setting
+func (api *API) GetCacheReserve(ctx context.Context, rc *ResourceContainer, params GetCacheReserveParams) (CacheReserve, error) {
+	if rc.Level != ZoneRouteLevel {
+		return CacheReserve{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/cache/cache_reserve", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CacheReserve{}, err
+	}
+
+	var cacheReserveDetailsResponse CacheReserveDetailsResponse
+	err = json.Unmarshal(res, &cacheReserveDetailsResponse)
+	if err != nil {
+		return CacheReserve{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return cacheReserveDetailsResponse.Result, nil
+}
+
+// UpdateCacheReserve updates the cache reserve setting for a zone
+//
+// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-change-cache-reserve-setting
+func (api *API) UpdateCacheReserve(ctx context.Context, rc *ResourceContainer, params UpdateCacheReserveParams) (CacheReserve, error) {
+	if rc.Level != ZoneRouteLevel {
+		return CacheReserve{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/cache/cache_reserve", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return CacheReserve{}, err
+	}
+
+	response := &zoneCacheReserveSingleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return CacheReserve{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/cache_reserve_test.go b/pkg/cloudflare-go/cache_reserve_test.go
new file mode 100644
index 0000000000..4434c9cf28
--- /dev/null
+++ b/pkg/cloudflare-go/cache_reserve_test.go
@@ -0,0 +1,82 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var cacheReserveTimestampString = "2019-02-20T22:37:07.107449Z"
+var cacheReserveTimestamp, _ = time.Parse(time.RFC3339Nano, cacheReserveTimestampString)
+
+func TestCacheReserve(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "cache_reserve",
+				"value": "on",
+				"modified_on": "%s"
+			}
+		}
+		`, cacheReserveTimestampString)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/cache/cache_reserve", handler)
+	want := CacheReserve{
+		ID:         "cache_reserve",
+		Value:      "on",
+		ModifiedOn: cacheReserveTimestamp,
+	}
+
+	actual, err := client.GetCacheReserve(context.Background(), ZoneIdentifier("01a7362d577a6c3019a474fd6f485823"), GetCacheReserveParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateCacheReserve(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "cache_reserve",
+				"value": "off",
+				"modified_on": "%s"
+			}
+		}
+		`, cacheReserveTimestampString)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/cache/cache_reserve", handler)
+	want := CacheReserve{
+		ID:         "cache_reserve",
+		Value:      "off",
+		ModifiedOn: cacheReserveTimestamp,
+	}
+
+	actual, err := client.UpdateCacheReserve(context.Background(), ZoneIdentifier("01a7362d577a6c3019a474fd6f485823"), UpdateCacheReserveParams{Value: "off"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/catalog.json b/pkg/cloudflare-go/catalog.json
new file mode 100644
index 0000000000..97847246e4
--- /dev/null
+++ b/pkg/cloudflare-go/catalog.json
@@ -0,0 +1,67 @@
+{
+  "nixpkgs-flox": {
+    "x86_64-darwin": {
+      "stable": {
+        "go_1_20": {
+          "latest": {
+            "cache": {
+              "out": {
+                "https://cache.nixos.org": {}
+              }
+            },
+            "element": {
+              "attrPath": [
+                "legacyPackages",
+                "x86_64-darwin",
+                "go_1_20"
+              ],
+              "originalUrl": "flake:nixpkgs",
+              "storePaths": [
+                "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
+              ],
+              "url": "github:flox/nixpkgs/d0d55259081f0b97c828f38559cad899d351cad1"
+            },
+            "eval": {
+              "meta": {
+                "description": "The Go Programming language",
+                "outputsToInstall": [
+                  "out"
+                ],
+                "position": "/nix/store/32cp7y0cf36h3xp0fqwy2nf432fpcaci-source/pkgs/development/compilers/go/1.20.nix:176",
+                "unfree": false
+              },
+              "name": "go-1.20.1",
+              "outputs": {
+                "out": "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
+              },
+              "pname": "go",
+              "system": "x86_64-darwin",
+              "version": "1.20.1"
+            },
+            "publish_element": {
+              "attrPath": [
+                "evalCatalog",
+                "x86_64-darwin",
+                "stable",
+                "go_1_20"
+              ],
+              "originalUrl": "flake:nixpkgs-flox",
+              "storePaths": [
+                "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
+              ],
+              "url": "flake:nixpkgs-flox/b7e7e40e2aa1ca2a44db440f5dc52213564af02f"
+            },
+            "source": {
+              "locked": {
+                "lastModified": 1676973346,
+                "revCount": 456418
+              }
+            },
+            "type": "catalogRender",
+            "version": 1
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/pkg/cloudflare-go/certificate_packs.go b/pkg/cloudflare-go/certificate_packs.go
new file mode 100644
index 0000000000..2fee1d6746
--- /dev/null
+++ b/pkg/cloudflare-go/certificate_packs.go
@@ -0,0 +1,163 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// CertificatePackGeoRestrictions is for the structure of the geographic
+// restrictions for a TLS certificate.
+type CertificatePackGeoRestrictions struct {
+	Label string `json:"label"`
+}
+
+// CertificatePackCertificate is the base structure of a TLS certificate that is
+// contained within a certificate pack.
+type CertificatePackCertificate struct {
+	ID              string                         `json:"id"`
+	Hosts           []string                       `json:"hosts"`
+	Issuer          string                         `json:"issuer"`
+	Signature       string                         `json:"signature"`
+	Status          string                         `json:"status"`
+	BundleMethod    string                         `json:"bundle_method"`
+	GeoRestrictions CertificatePackGeoRestrictions `json:"geo_restrictions"`
+	ZoneID          string                         `json:"zone_id"`
+	UploadedOn      time.Time                      `json:"uploaded_on"`
+	ModifiedOn      time.Time                      `json:"modified_on"`
+	ExpiresOn       time.Time                      `json:"expires_on"`
+	Priority        int                            `json:"priority"`
+}
+
+// CertificatePack is the overarching structure of a certificate pack response.
+type CertificatePack struct {
+	ID                   string                       `json:"id"`
+	Type                 string                       `json:"type"`
+	Hosts                []string                     `json:"hosts"`
+	Certificates         []CertificatePackCertificate `json:"certificates"`
+	PrimaryCertificate   string                       `json:"primary_certificate"`
+	Status               string                       `json:"status"`
+	ValidationRecords    []SSLValidationRecord        `json:"validation_records,omitempty"`
+	ValidationErrors     []SSLValidationError         `json:"validation_errors,omitempty"`
+	ValidationMethod     string                       `json:"validation_method"`
+	ValidityDays         int                          `json:"validity_days"`
+	CertificateAuthority string                       `json:"certificate_authority"`
+	CloudflareBranding   bool                         `json:"cloudflare_branding"`
+}
+
+// CertificatePackRequest is used for requesting a new certificate.
+type CertificatePackRequest struct {
+	Type                 string   `json:"type"`
+	Hosts                []string `json:"hosts"`
+	ValidationMethod     string   `json:"validation_method"`
+	ValidityDays         int      `json:"validity_days"`
+	CertificateAuthority string   `json:"certificate_authority"`
+	CloudflareBranding   bool     `json:"cloudflare_branding"`
+}
+
+// CertificatePacksResponse is for responses where multiple certificates are
+// expected.
+type CertificatePacksResponse struct {
+	Response
+	Result []CertificatePack `json:"result"`
+}
+
+// CertificatePacksDetailResponse contains a single certificate pack in the
+// response.
+type CertificatePacksDetailResponse struct {
+	Response
+	Result CertificatePack `json:"result"`
+}
+
+// ListCertificatePacks returns all available TLS certificate packs for a zone.
+//
+// API Reference: https://api.cloudflare.com/#certificate-packs-list-certificate-packs
+func (api *API) ListCertificatePacks(ctx context.Context, zoneID string) ([]CertificatePack, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs?status=all", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []CertificatePack{}, err
+	}
+
+	var certificatePacksResponse CertificatePacksResponse
+	err = json.Unmarshal(res, &certificatePacksResponse)
+	if err != nil {
+		return []CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return certificatePacksResponse.Result, nil
+}
+
+// CertificatePack returns a single TLS certificate pack on a zone.
+//
+// API Reference: https://api.cloudflare.com/#certificate-packs-get-certificate-pack
+func (api *API) CertificatePack(ctx context.Context, zoneID, certificatePackID string) (CertificatePack, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificatePackID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CertificatePack{}, err
+	}
+
+	var certificatePacksDetailResponse CertificatePacksDetailResponse
+	err = json.Unmarshal(res, &certificatePacksDetailResponse)
+	if err != nil {
+		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return certificatePacksDetailResponse.Result, nil
+}
+
+// CreateCertificatePack creates a new certificate pack associated with a zone.
+//
+// API Reference: https://api.cloudflare.com/#certificate-packs-order-advanced-certificate-manager-certificate-pack
+func (api *API) CreateCertificatePack(ctx context.Context, zoneID string, cert CertificatePackRequest) (CertificatePack, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/order", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, cert)
+	if err != nil {
+		return CertificatePack{}, err
+	}
+
+	var certificatePacksDetailResponse CertificatePacksDetailResponse
+	err = json.Unmarshal(res, &certificatePacksDetailResponse)
+	if err != nil {
+		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return certificatePacksDetailResponse.Result, nil
+}
+
+// DeleteCertificatePack removes a certificate pack associated with a zone.
+//
+// API Reference: https://api.cloudflare.com/#certificate-packs-delete-advanced-certificate-manager-certificate-pack
+func (api *API) DeleteCertificatePack(ctx context.Context, zoneID, certificateID string) error {
+	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificateID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RestartCertificateValidation kicks off the validation process for a
+// pending certificate pack.
+//
+// API Reference: https://api.cloudflare.com/#certificate-packs-restart-validation-for-advanced-certificate-manager-certificate-pack
+func (api *API) RestartCertificateValidation(ctx context.Context, zoneID, certificateID string) (CertificatePack, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, nil)
+	if err != nil {
+		return CertificatePack{}, err
+	}
+
+	var certificatePackResponse CertificatePacksDetailResponse
+	err = json.Unmarshal(res, &certificatePackResponse)
+	if err != nil {
+		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return certificatePackResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/certificate_packs_test.go b/pkg/cloudflare-go/certificate_packs_test.go
new file mode 100644
index 0000000000..6dc9758247
--- /dev/null
+++ b/pkg/cloudflare-go/certificate_packs_test.go
@@ -0,0 +1,285 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	uploadedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _  = time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+
+	desiredCertificatePack = CertificatePack{
+		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
+		Type:                 "advanced",
+		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
+		PrimaryCertificate:   "b2cfa4183267af678ea06c7407d4d6d8",
+		ValidationMethod:     "txt",
+		ValidityDays:         90,
+		CertificateAuthority: "lets_encrypt",
+		Certificates: []CertificatePackCertificate{{
+			ID:              "3822ff90-ea29-44df-9e55-21300bb9419b",
+			Hosts:           []string{"example.com"},
+			Issuer:          "GlobalSign",
+			Signature:       "SHA256WithRSA",
+			Status:          "active",
+			BundleMethod:    "ubiquitous",
+			GeoRestrictions: CertificatePackGeoRestrictions{Label: "us"},
+			ZoneID:          testZoneID,
+			UploadedOn:      uploadedOn,
+			ModifiedOn:      uploadedOn,
+			ExpiresOn:       expiresOn,
+			Priority:        1,
+		}},
+	}
+
+	pendingCertificatePack = CertificatePack{
+		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
+		Type:                 "advanced",
+		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
+		Status:               "initializing",
+		ValidationMethod:     "txt",
+		ValidityDays:         90,
+		CertificateAuthority: "lets_encrypt",
+	}
+)
+
+func TestListCertificatePacks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+      "type": "advanced",
+      "hosts": [
+        "example.com",
+        "*.example.com",
+        "www.example.com"
+      ],
+      "validity_days": 90,
+      "validation_method": "txt",
+      "certificate_authority": "lets_encrypt",
+      "certificates": [
+        {
+          "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+          "hosts": [
+            "example.com"
+          ],
+          "issuer": "GlobalSign",
+          "signature": "SHA256WithRSA",
+          "status": "active",
+          "bundle_method": "ubiquitous",
+          "geo_restrictions": {
+            "label": "us"
+          },
+          "zone_id": "%[1]s",
+          "uploaded_on": "2014-01-01T05:20:00Z",
+          "modified_on": "2014-01-01T05:20:00Z",
+          "expires_on": "2016-01-01T05:20:00Z",
+          "priority": 1
+        }
+      ],
+      "primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
+    }
+  ]
+}
+		`, testZoneID)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs", handler)
+
+	want := []CertificatePack{desiredCertificatePack}
+	actual, err := client.ListCertificatePacks(context.Background(), testZoneID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListCertificatePack(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+    "type": "advanced",
+    "validity_days": 90,
+    "validation_method": "txt",
+    "certificate_authority": "lets_encrypt",
+    "hosts": [
+      "example.com",
+      "*.example.com",
+      "www.example.com"
+    ],
+    "certificates": [
+      {
+        "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+        "hosts": [
+          "example.com"
+        ],
+        "issuer": "GlobalSign",
+        "signature": "SHA256WithRSA",
+        "status": "active",
+        "bundle_method": "ubiquitous",
+        "geo_restrictions": {
+          "label": "us"
+        },
+        "zone_id": "%[1]s",
+        "uploaded_on": "2014-01-01T05:20:00Z",
+        "modified_on": "2014-01-01T05:20:00Z",
+        "expires_on": "2016-01-01T05:20:00Z",
+        "priority": 1
+      }
+    ],
+    "primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
+  }
+}
+		`, testZoneID)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
+
+	actual, err := client.CertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, desiredCertificatePack, actual)
+	}
+}
+
+func TestCreateCertificatePack(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+        "type": "advanced",
+        "hosts": [
+          "example.com",
+          "*.example.com",
+          "www.example.com"
+        ],
+        "status": "initializing",
+        "validation_method": "txt",
+        "validity_days": 90,
+        "certificate_authority": "lets_encrypt",
+        "cloudflare_branding": false
+      }
+    }
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/order", handler)
+
+	certificate := CertificatePackRequest{
+		Type:                 "advanced",
+		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
+		ValidationMethod:     "txt",
+		ValidityDays:         90,
+		CertificateAuthority: "lets_encrypt",
+	}
+	actual, err := client.CreateCertificatePack(context.Background(), testZoneID, certificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, pendingCertificatePack, actual)
+	}
+}
+
+func TestRestartAdvancedCertificateValidation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
+    "type": "advanced",
+    "hosts": [
+      "example.com",
+      "*.example.com",
+      "www.example.com"
+    ],
+    "status": "initializing",
+    "validation_method": "txt",
+    "validity_days": 365,
+    "certificate_authority": "lets_encrypt",
+    "cloudflare_branding": false
+  }
+}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
+
+	certificate := CertificatePack{
+		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
+		Type:                 "advanced",
+		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
+		Status:               "initializing",
+		ValidityDays:         365,
+		ValidationMethod:     "txt",
+		CertificateAuthority: "lets_encrypt",
+		CloudflareBranding:   false,
+	}
+
+	actual, err := client.RestartCertificateValidation(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, certificate, actual)
+	}
+}
+
+func TestDeleteCertificatePack(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "3822ff90-ea29-44df-9e55-21300bb9419b"
+  }
+}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
+
+	err := client.DeleteCertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/cloudflare.go b/pkg/cloudflare-go/cloudflare.go
new file mode 100644
index 0000000000..b228981011
--- /dev/null
+++ b/pkg/cloudflare-go/cloudflare.go
@@ -0,0 +1,593 @@
+// Package cloudflare implements the Cloudflare v4 API.
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"log"
+	"math"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"golang.org/x/time/rate"
+)
+
+var (
+	Version string = "v4"
+
+	// Deprecated: Use `client.New` configuration instead.
+	apiURL = fmt.Sprintf("%s://%s%s", defaultScheme, defaultHostname, defaultBasePath)
+)
+
+const (
+	// AuthKeyEmail specifies that we should authenticate with API key and email address.
+	AuthKeyEmail = 1 << iota
+	// AuthUserService specifies that we should authenticate with a User-Service key.
+	AuthUserService
+	// AuthToken specifies that we should authenticate with an API Token.
+	AuthToken
+)
+
+// API holds the configuration for the current API client. A client should not
+// be modified concurrently.
+type API struct {
+	APIKey            string
+	APIEmail          string
+	APIUserServiceKey string
+	APIToken          string
+	BaseURL           string
+	UserAgent         string
+	headers           http.Header
+	httpClient        *http.Client
+	authType          int
+	rateLimiter       *rate.Limiter
+	retryPolicy       RetryPolicy
+	logger            Logger
+	Debug             bool
+}
+
+// newClient provides shared logic for New and NewWithUserServiceKey.
+func newClient(opts ...Option) (*API, error) {
+	silentLogger := log.New(io.Discard, "", log.LstdFlags)
+
+	api := &API{
+		BaseURL:     fmt.Sprintf("%s://%s%s", defaultScheme, defaultHostname, defaultBasePath),
+		UserAgent:   userAgent + "/" + Version,
+		headers:     make(http.Header),
+		rateLimiter: rate.NewLimiter(rate.Limit(4), 1), // 4rps equates to default api limit (1200 req/5 min)
+		retryPolicy: RetryPolicy{
+			MaxRetries:    3,
+			MinRetryDelay: 1 * time.Second,
+			MaxRetryDelay: 30 * time.Second,
+		},
+		logger: silentLogger,
+	}
+
+	err := api.parseOptions(opts...)
+	if err != nil {
+		return nil, fmt.Errorf("options parsing failed: %w", err)
+	}
+
+	// Fall back to http.DefaultClient if the package user does not provide
+	// their own.
+	if api.httpClient == nil {
+		api.httpClient = http.DefaultClient
+	}
+
+	return api, nil
+}
+
+// New creates a new Cloudflare v4 API client.
+func New(key, email string, opts ...Option) (*API, error) {
+	if key == "" || email == "" {
+		return nil, errors.New(errEmptyCredentials)
+	}
+
+	api, err := newClient(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	api.APIKey = key
+	api.APIEmail = email
+	api.authType = AuthKeyEmail
+
+	return api, nil
+}
+
+// NewWithAPIToken creates a new Cloudflare v4 API client using API Tokens.
+func NewWithAPIToken(token string, opts ...Option) (*API, error) {
+	if token == "" {
+		return nil, errors.New(errEmptyAPIToken)
+	}
+
+	api, err := newClient(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	api.APIToken = token
+	api.authType = AuthToken
+
+	return api, nil
+}
+
+// NewWithUserServiceKey creates a new Cloudflare v4 API client using service key authentication.
+func NewWithUserServiceKey(key string, opts ...Option) (*API, error) {
+	if key == "" {
+		return nil, errors.New(errEmptyCredentials)
+	}
+
+	api, err := newClient(opts...)
+	if err != nil {
+		return nil, err
+	}
+
+	api.APIUserServiceKey = key
+	api.authType = AuthUserService
+
+	return api, nil
+}
+
+// SetAuthType sets the authentication method (AuthKeyEmail, AuthToken, or AuthUserService).
+func (api *API) SetAuthType(authType int) {
+	api.authType = authType
+}
+
+// ZoneIDByName retrieves a zone's ID from the name.
+func (api *API) ZoneIDByName(zoneName string) (string, error) {
+	zoneName = normalizeZoneName(zoneName)
+	res, err := api.ListZonesContext(context.Background(), WithZoneFilters(zoneName, "", ""))
+	if err != nil {
+		return "", fmt.Errorf("ListZonesContext command failed: %w", err)
+	}
+
+	switch len(res.Result) {
+	case 0:
+		return "", errors.New("zone could not be found")
+	case 1:
+		return res.Result[0].ID, nil
+	default:
+		return "", errors.New("ambiguous zone name; an account ID might help")
+	}
+}
+
+// makeRequest makes a HTTP request and returns the body as a byte slice,
+// closing it before returning. params will be serialized to JSON.
+func (api *API) makeRequest(method, uri string, params interface{}) ([]byte, error) {
+	return api.makeRequestWithAuthType(context.Background(), method, uri, params, api.authType)
+}
+
+func (api *API) makeRequestContext(ctx context.Context, method, uri string, params interface{}) ([]byte, error) {
+	return api.makeRequestWithAuthType(ctx, method, uri, params, api.authType)
+}
+
+func (api *API) makeRequestContextWithHeaders(ctx context.Context, method, uri string, params interface{}, headers http.Header) ([]byte, error) {
+	return api.makeRequestWithAuthTypeAndHeaders(ctx, method, uri, params, api.authType, headers)
+}
+
+func (api *API) makeRequestWithAuthType(ctx context.Context, method, uri string, params interface{}, authType int) ([]byte, error) {
+	return api.makeRequestWithAuthTypeAndHeaders(ctx, method, uri, params, authType, nil)
+}
+
+// APIResponse holds the structure for a response from the API. It looks alot
+// like `http.Response` however, uses a `[]byte` for the `Body` instead of a
+// `io.ReadCloser`.
+//
+// This may go away in the experimental client in favour of `http.Response`.
+type APIResponse struct {
+	Body       []byte
+	Status     string
+	StatusCode int
+	Headers    http.Header
+}
+
+func (api *API) makeRequestWithAuthTypeAndHeaders(ctx context.Context, method, uri string, params interface{}, authType int, headers http.Header) ([]byte, error) {
+	res, err := api.makeRequestWithAuthTypeAndHeadersComplete(ctx, method, uri, params, authType, headers)
+	if err != nil {
+		return nil, err
+	}
+	return res.Body, err
+}
+
+// Use this method if an API response can have different Content-Type headers and different body formats.
+func (api *API) makeRequestContextWithHeadersComplete(ctx context.Context, method, uri string, params interface{}, headers http.Header) (*APIResponse, error) {
+	return api.makeRequestWithAuthTypeAndHeadersComplete(ctx, method, uri, params, api.authType, headers)
+}
+
+func (api *API) makeRequestWithAuthTypeAndHeadersComplete(ctx context.Context, method, uri string, params interface{}, authType int, headers http.Header) (*APIResponse, error) {
+	var err error
+	var resp *http.Response
+	var respErr error
+	var respBody []byte
+
+	for i := 0; i <= api.retryPolicy.MaxRetries; i++ {
+		var reqBody io.Reader
+		if params != nil {
+			if r, ok := params.(io.Reader); ok {
+				reqBody = r
+			} else if paramBytes, ok := params.([]byte); ok {
+				reqBody = bytes.NewReader(paramBytes)
+			} else {
+				var jsonBody []byte
+				jsonBody, err = json.Marshal(params)
+				if err != nil {
+					return nil, fmt.Errorf("error marshalling params to JSON: %w", err)
+				}
+				reqBody = bytes.NewReader(jsonBody)
+			}
+		}
+
+		if i > 0 {
+			// expect the backoff introduced here on errored requests to dominate the effect of rate limiting
+			// don't need a random component here as the rate limiter should do something similar
+			// nb time duration could truncate an arbitrary float. Since our inputs are all ints, we should be ok
+			sleepDuration := time.Duration(math.Pow(2, float64(i-1)) * float64(api.retryPolicy.MinRetryDelay))
+
+			if sleepDuration > api.retryPolicy.MaxRetryDelay {
+				sleepDuration = api.retryPolicy.MaxRetryDelay
+			}
+			// useful to do some simple logging here, maybe introduce levels later
+			api.logger.Printf("Sleeping %s before retry attempt number %d for request %s %s", sleepDuration.String(), i, method, uri)
+
+			select {
+			case <-time.After(sleepDuration):
+			case <-ctx.Done():
+				return nil, fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
+			}
+		}
+
+		err = api.rateLimiter.Wait(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("error caused by request rate limiting: %w", err)
+		}
+
+		resp, respErr = api.request(ctx, method, uri, reqBody, authType, headers)
+
+		// short circuit processing on context timeouts
+		if respErr != nil && errors.Is(respErr, context.DeadlineExceeded) {
+			return nil, respErr
+		}
+
+		// retry if the server is rate limiting us or if it failed
+		// assumes server operations are rolled back on failure
+		if respErr != nil || resp.StatusCode == http.StatusTooManyRequests || resp.StatusCode >= 500 {
+			if resp != nil && resp.StatusCode == http.StatusTooManyRequests {
+				respErr = errors.New("exceeded available rate limit retries")
+			}
+
+			if respErr == nil {
+				respErr = fmt.Errorf("received %s response (HTTP %d), please try again later", strings.ToLower(http.StatusText(resp.StatusCode)), resp.StatusCode)
+			}
+			continue
+		} else {
+			respBody, err = io.ReadAll(resp.Body)
+			defer resp.Body.Close()
+			if err != nil {
+				return nil, fmt.Errorf("could not read response body: %w", err)
+			}
+
+			break
+		}
+	}
+
+	// still had an error after all retries
+	if respErr != nil {
+		return nil, respErr
+	}
+
+	if resp.StatusCode >= http.StatusBadRequest {
+		if strings.HasSuffix(resp.Request.URL.Path, "/filters/validate-expr") {
+			return nil, fmt.Errorf("%s", respBody)
+		}
+
+		if resp.StatusCode >= http.StatusInternalServerError {
+			return nil, &ServiceError{cloudflareError: &Error{
+				StatusCode: resp.StatusCode,
+				RayID:      resp.Header.Get("cf-ray"),
+				Errors: []ResponseInfo{{
+					Message: errInternalServiceError,
+				}},
+			}}
+		}
+
+		errBody := &Response{}
+		err = json.Unmarshal(respBody, &errBody)
+		if err != nil {
+			return nil, fmt.Errorf(errUnmarshalErrorBody+": %w", err)
+		}
+
+		errCodes := make([]int, 0, len(errBody.Errors))
+		errMsgs := make([]string, 0, len(errBody.Errors))
+		for _, e := range errBody.Errors {
+			errCodes = append(errCodes, e.Code)
+			errMsgs = append(errMsgs, e.Message)
+		}
+
+		err := &Error{
+			StatusCode:    resp.StatusCode,
+			RayID:         resp.Header.Get("cf-ray"),
+			Errors:        errBody.Errors,
+			ErrorCodes:    errCodes,
+			ErrorMessages: errMsgs,
+			Messages:      errBody.Messages,
+		}
+
+		switch resp.StatusCode {
+		case http.StatusUnauthorized:
+			err.Type = ErrorTypeAuthorization
+			return nil, &AuthorizationError{cloudflareError: err}
+		case http.StatusForbidden:
+			err.Type = ErrorTypeAuthentication
+			return nil, &AuthenticationError{cloudflareError: err}
+		case http.StatusNotFound:
+			err.Type = ErrorTypeNotFound
+			return nil, &NotFoundError{cloudflareError: err}
+		case http.StatusTooManyRequests:
+			err.Type = ErrorTypeRateLimit
+			return nil, &RatelimitError{cloudflareError: err}
+		default:
+			err.Type = ErrorTypeRequest
+			return nil, &RequestError{cloudflareError: err}
+		}
+	}
+
+	return &APIResponse{
+		Body:       respBody,
+		StatusCode: resp.StatusCode,
+		Status:     resp.Status,
+		Headers:    resp.Header,
+	}, nil
+}
+
+// request makes a HTTP request to the given API endpoint, returning the raw
+// *http.Response, or an error if one occurred. The caller is responsible for
+// closing the response body.
+func (api *API) request(ctx context.Context, method, uri string, reqBody io.Reader, authType int, headers http.Header) (*http.Response, error) {
+	req, err := http.NewRequestWithContext(ctx, method, api.BaseURL+uri, reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP request creation failed: %w", err)
+	}
+
+	combinedHeaders := make(http.Header)
+	copyHeader(combinedHeaders, api.headers)
+	copyHeader(combinedHeaders, headers)
+	req.Header = combinedHeaders
+
+	if authType&AuthKeyEmail != 0 {
+		req.Header.Set("X-Auth-Key", api.APIKey)
+		req.Header.Set("X-Auth-Email", api.APIEmail)
+	}
+	if authType&AuthUserService != 0 {
+		req.Header.Set("X-Auth-User-Service-Key", api.APIUserServiceKey)
+	}
+	if authType&AuthToken != 0 {
+		req.Header.Set("Authorization", "Bearer "+api.APIToken)
+	}
+
+	if api.UserAgent != "" {
+		req.Header.Set("User-Agent", api.UserAgent)
+	}
+
+	if req.Header.Get("Content-Type") == "" {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	if api.Debug {
+		dump, err := httputil.DumpRequestOut(req, true)
+		if err != nil {
+			return nil, err
+		}
+
+		// Strip out any sensitive information from the request payload.
+		sensitiveKeys := []string{api.APIKey, api.APIEmail, api.APIToken, api.APIUserServiceKey}
+		for _, key := range sensitiveKeys {
+			if key != "" {
+				valueRegex := regexp.MustCompile(fmt.Sprintf("(?m)%s", key))
+				dump = valueRegex.ReplaceAll(dump, []byte("[redacted]"))
+			}
+		}
+		log.Printf("\n%s", string(dump))
+	}
+
+	resp, err := api.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP request failed: %w", err)
+	}
+
+	if api.Debug {
+		dump, err := httputil.DumpResponse(resp, true)
+		if err != nil {
+			return resp, err
+		}
+		log.Printf("\n%s", string(dump))
+	}
+
+	return resp, nil
+}
+
+// copyHeader copies all headers for `source` and sets them on `target`.
+// based on https://godoc.org/github.com/golang/gddo/httputil/header#Copy
+func copyHeader(target, source http.Header) {
+	for k, vs := range source {
+		target[k] = vs
+	}
+}
+
+// ResponseInfo contains a code and message returned by the API as errors or
+// informational messages inside the response.
+type ResponseInfo struct {
+	Code    int    `json:"code"`
+	Message string `json:"message"`
+}
+
+// Response is a template.  There will also be a result struct.  There will be a
+// unique response type for each response, which will include this type.
+type Response struct {
+	Success  bool           `json:"success"`
+	Errors   []ResponseInfo `json:"errors"`
+	Messages []ResponseInfo `json:"messages"`
+}
+
+// ResultInfoCursors contains information about cursors.
+type ResultInfoCursors struct {
+	Before string `json:"before" url:"before,omitempty"`
+	After  string `json:"after" url:"after,omitempty"`
+}
+
+// ResultInfo contains metadata about the Response.
+type ResultInfo struct {
+	Page       int               `json:"page" url:"page,omitempty"`
+	PerPage    int               `json:"per_page" url:"per_page,omitempty"`
+	TotalPages int               `json:"total_pages" url:"-"`
+	Count      int               `json:"count" url:"-"`
+	Total      int               `json:"total_count" url:"-"`
+	Cursor     string            `json:"cursor" url:"cursor,omitempty"`
+	Cursors    ResultInfoCursors `json:"cursors" url:"cursors,omitempty"`
+}
+
+// RawResponse keeps the result as JSON form.
+type RawResponse struct {
+	Response
+	Result     json.RawMessage `json:"result"`
+	ResultInfo *ResultInfo     `json:"result_info,omitempty"`
+}
+
+// Raw makes a HTTP request with user provided params and returns the
+// result as a RawResponse, which contains the untouched JSON result.
+func (api *API) Raw(ctx context.Context, method, endpoint string, data interface{}, headers http.Header) (RawResponse, error) {
+	var r RawResponse
+	res, err := api.makeRequestContextWithHeaders(ctx, method, endpoint, data, headers)
+	if err != nil {
+		return r, err
+	}
+
+	if err := json.Unmarshal(res, &r); err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// PaginationOptions can be passed to a list request to configure paging
+// These values will be defaulted if omitted, and PerPage has min/max limits set by resource.
+type PaginationOptions struct {
+	Page    int `json:"page,omitempty" url:"page,omitempty"`
+	PerPage int `json:"per_page,omitempty" url:"per_page,omitempty"`
+}
+
+// RetryPolicy specifies number of retries and min/max retry delays
+// This config is used when the client exponentially backs off after errored requests.
+type RetryPolicy struct {
+	MaxRetries    int
+	MinRetryDelay time.Duration
+	MaxRetryDelay time.Duration
+}
+
+// Logger defines the interface this library needs to use logging
+// This is a subset of the methods implemented in the log package.
+type Logger interface {
+	Printf(format string, v ...interface{})
+}
+
+// ReqOption is a functional option for configuring API requests.
+type ReqOption func(opt *reqOption)
+
+type reqOption struct {
+	params url.Values
+}
+
+// WithZoneFilters applies a filter based on zone properties.
+func WithZoneFilters(zoneName, accountID, status string) ReqOption {
+	return func(opt *reqOption) {
+		if zoneName != "" {
+			opt.params.Set("name", normalizeZoneName(zoneName))
+		}
+
+		if accountID != "" {
+			opt.params.Set("account.id", accountID)
+		}
+
+		if status != "" {
+			opt.params.Set("status", status)
+		}
+	}
+}
+
+// WithPagination configures the pagination for a response.
+func WithPagination(opts PaginationOptions) ReqOption {
+	return func(opt *reqOption) {
+		if opts.Page > 0 {
+			opt.params.Set("page", strconv.Itoa(opts.Page))
+		}
+
+		if opts.PerPage > 0 {
+			opt.params.Set("per_page", strconv.Itoa(opts.PerPage))
+		}
+	}
+}
+
+// checkResultInfo checks whether ResultInfo is reasonable except that it currently
+// ignores the cursor information. perPage, page, and count are the requested #items
+// per page, the requested page number, and the actual length of the Result array.
+//
+// Responses from the actual Cloudflare servers should pass all these checks (or we
+// discover a serious bug in the Cloudflare servers). However, the unit tests can
+// easily violate these constraints and this utility function can help debugging.
+// Correct pagination information is crucial for more advanced List* functions that
+// handle pagination automatically and fetch different pages in parallel.
+//
+// TODO: check cursors as well.
+func checkResultInfo(perPage, page, count int, info *ResultInfo) bool {
+	if info.Cursor != "" || info.Cursors.Before != "" || info.Cursors.After != "" {
+		panic("checkResultInfo could not handle cursors yet.")
+	}
+
+	switch {
+	case info.PerPage != perPage || info.Page != page || info.Count != count:
+		return false
+
+	case info.PerPage <= 0:
+		return false
+
+	case info.Total == 0 && info.TotalPages == 0 && info.Page == 1 && info.Count == 0:
+		return true
+
+	case info.Total <= 0 || info.TotalPages <= 0:
+		return false
+
+	case info.Total > info.PerPage*info.TotalPages || info.Total <= info.PerPage*(info.TotalPages-1):
+		return false
+	}
+
+	switch {
+	case info.Page > info.TotalPages || info.Page <= 0:
+		return false
+
+	case info.Page < info.TotalPages:
+		return info.Count == info.PerPage
+
+	case info.Page == info.TotalPages:
+		return info.Count == info.Total-info.PerPage*(info.TotalPages-1)
+
+	default:
+		// This is actually impossible, but Go compiler does not know trichotomy
+		panic("checkResultInfo: impossible")
+	}
+}
+
+type OrderDirection string
+
+const (
+	OrderDirectionAsc  OrderDirection = "asc"
+	OrderDirectionDesc OrderDirection = "desc"
+)
diff --git a/pkg/cloudflare-go/cloudflare_experimental.go b/pkg/cloudflare-go/cloudflare_experimental.go
new file mode 100644
index 0000000000..c09e803a5d
--- /dev/null
+++ b/pkg/cloudflare-go/cloudflare_experimental.go
@@ -0,0 +1,343 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/hashicorp/go-retryablehttp"
+)
+
+type service struct {
+	client *Client
+}
+
+type ClientParams struct {
+	Key            string
+	Email          string
+	UserServiceKey string
+	Token          string
+	STS            *SecurityTokenConfiguration
+	BaseURL        *url.URL
+	UserAgent      string
+	Headers        http.Header
+	HTTPClient     *http.Client
+	RetryPolicy    RetryPolicy
+	Logger         LeveledLoggerInterface
+	Debug          bool
+}
+
+// A Client manages communication with the Cloudflare API.
+type Client struct {
+	clientMu sync.Mutex
+
+	*ClientParams
+
+	common service // Reuse a single struct instead of allocating one for each service on the heap.
+
+	Zones *ZonesService
+}
+
+// Client returns the http.Client used by this Cloudflare client.
+func (c *Client) Client() *http.Client {
+	c.clientMu.Lock()
+	defer c.clientMu.Unlock()
+	clientCopy := *c.HTTPClient
+	return &clientCopy
+}
+
+// Call is the entrypoint to making API calls with the correct request setup.
+func (c *Client) Call(ctx context.Context, method, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, method, path, payload, nil)
+}
+
+// CallWithHeaders is the entrypoint to making API calls with the correct
+// request setup (like `Call`) but allows passing in additional HTTP headers
+// with the request.
+func (c *Client) CallWithHeaders(ctx context.Context, method, path string, payload interface{}, headers http.Header) ([]byte, error) {
+	return c.makeRequest(ctx, method, path, payload, headers)
+}
+
+// New creates a new instance of the API client by merging ClientParams with the
+// default values.
+func NewExperimental(config *ClientParams) (*Client, error) {
+	c := &Client{ClientParams: &ClientParams{}}
+	c.common.client = c
+
+	defaultURL, _ := url.Parse(defaultScheme + "://" + defaultHostname + defaultBasePath)
+	if config.BaseURL != nil {
+		c.ClientParams.BaseURL = config.BaseURL
+	} else {
+		c.ClientParams.BaseURL = defaultURL
+	}
+
+	if config.UserAgent != "" {
+		c.ClientParams.UserAgent = config.UserAgent
+	} else {
+		c.ClientParams.UserAgent = userAgent + "/" + Version
+	}
+
+	if config.HTTPClient != nil {
+		c.ClientParams.HTTPClient = config.HTTPClient
+	} else {
+		retryClient := retryablehttp.NewClient()
+
+		if c.RetryPolicy.MaxRetries > 0 {
+			retryClient.RetryMax = c.RetryPolicy.MaxRetries
+		} else {
+			retryClient.RetryMax = 4
+		}
+
+		if c.RetryPolicy.MinRetryDelay > 0 {
+			retryClient.RetryWaitMin = c.RetryPolicy.MinRetryDelay
+		} else {
+			retryClient.RetryWaitMin = 1 * time.Second
+		}
+
+		if c.RetryPolicy.MaxRetryDelay > 0 {
+			retryClient.RetryWaitMax = c.RetryPolicy.MaxRetryDelay
+		} else {
+			retryClient.RetryWaitMax = 30 * time.Second
+		}
+
+		retryClient.Logger = silentRetryLogger
+		c.ClientParams.HTTPClient = retryClient.StandardClient()
+	}
+
+	if config.Headers != nil {
+		c.ClientParams.Headers = config.Headers
+	} else {
+		c.ClientParams.Headers = make(http.Header)
+	}
+
+	if config.Key != "" && config.Token != "" {
+		return nil, ErrAPIKeysAndTokensAreMutuallyExclusive
+	}
+
+	if config.Key != "" {
+		c.ClientParams.Key = config.Key
+		c.ClientParams.Email = config.Email
+	}
+
+	if config.Token != "" {
+		c.ClientParams.Token = config.Token
+	}
+
+	if config.UserServiceKey != "" {
+		c.ClientParams.UserServiceKey = config.UserServiceKey
+	}
+
+	c.ClientParams.Debug = config.Debug
+	if c.ClientParams.Debug {
+		c.ClientParams.Logger = &LeveledLogger{Level: 4}
+	} else {
+		c.ClientParams.Logger = SilentLeveledLogger
+	}
+
+	if config.STS != nil {
+		stsToken, err := fetchSTSCredentials(config.STS)
+		if err != nil {
+			return nil, ErrSTSFailure
+		}
+		c.ClientParams.Token = stsToken
+	}
+
+	c.Zones = (*ZonesService)(&c.common)
+
+	return c, nil
+}
+
+// request makes a HTTP request to the given API endpoint, returning the raw
+// *http.Response, or an error if one occurred. The caller is responsible for
+// closing the response body.
+func (c *Client) request(ctx context.Context, method, uri string, reqBody io.Reader, headers http.Header) (*http.Response, error) {
+	req, err := http.NewRequestWithContext(ctx, method, c.BaseURL.String()+uri, reqBody)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP request creation failed: %w", err)
+	}
+
+	combinedHeaders := make(http.Header)
+	copyHeader(combinedHeaders, c.Headers)
+	copyHeader(combinedHeaders, headers)
+	req.Header = combinedHeaders
+
+	if c.Key == "" && c.Email == "" && c.Token == "" && c.UserServiceKey == "" {
+		return nil, ErrMissingCredentials
+	}
+
+	if c.Key != "" {
+		req.Header.Set("X-Auth-Key", c.ClientParams.Key)
+		req.Header.Set("X-Auth-Email", c.ClientParams.Email)
+	}
+
+	if c.UserServiceKey != "" {
+		req.Header.Set("X-Auth-User-Service-Key", c.ClientParams.UserServiceKey)
+	}
+
+	if c.Token != "" {
+		req.Header.Set("Authorization", "Bearer "+c.ClientParams.Token)
+	}
+
+	if c.UserAgent != "" {
+		req.Header.Set("User-Agent", c.ClientParams.UserAgent)
+	}
+
+	if req.Header.Get("Content-Type") == "" {
+		req.Header.Set("Content-Type", "application/json")
+	}
+
+	if c.Debug {
+		dump, err := httputil.DumpRequestOut(req, true)
+		if err != nil {
+			return nil, err
+		}
+
+		// Strip out any sensitive information from the request payload.
+		sensitiveKeys := []string{c.Key, c.Email, c.Token, c.UserServiceKey}
+		for _, key := range sensitiveKeys {
+			if key != "" {
+				valueRegex := regexp.MustCompile(fmt.Sprintf("(?m)%s", key))
+				dump = valueRegex.ReplaceAll(dump, []byte("[redacted]"))
+			}
+		}
+		log.Printf("\n%s", string(dump))
+	}
+
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("HTTP request failed: %w", err)
+	}
+
+	if c.Debug {
+		dump, err := httputil.DumpResponse(resp, true)
+		if err != nil {
+			return resp, err
+		}
+		log.Printf("\n%s", string(dump))
+	}
+
+	return resp, nil
+}
+
+func (c *Client) makeRequest(ctx context.Context, method, uri string, params interface{}, headers http.Header) ([]byte, error) {
+	var reqBody io.Reader
+	var err error
+
+	if params != nil {
+		if r, ok := params.(io.Reader); ok {
+			reqBody = r
+		} else if paramBytes, ok := params.([]byte); ok {
+			reqBody = bytes.NewReader(paramBytes)
+		} else {
+			var jsonBody []byte
+			jsonBody, err = json.Marshal(params)
+			if err != nil {
+				return nil, fmt.Errorf("error marshalling params to JSON: %w", err)
+			}
+			reqBody = bytes.NewReader(jsonBody)
+		}
+	}
+
+	var resp *http.Response
+	var respErr error
+	var respBody []byte
+
+	resp, respErr = c.request(ctx, method, uri, reqBody, headers)
+	if respErr != nil {
+		return nil, respErr
+	}
+
+	respBody, err = io.ReadAll(resp.Body)
+	resp.Body.Close()
+	if err != nil {
+		return nil, fmt.Errorf("could not read response body: %w", err)
+	}
+
+	if resp.StatusCode >= http.StatusBadRequest {
+		if strings.HasSuffix(resp.Request.URL.Path, "/filters/validate-expr") {
+			return nil, fmt.Errorf("%s", respBody)
+		}
+
+		if resp.StatusCode >= http.StatusInternalServerError {
+			return nil, &ServiceError{cloudflareError: &Error{
+				StatusCode: resp.StatusCode,
+				RayID:      resp.Header.Get("cf-ray"),
+				Errors: []ResponseInfo{{
+					Message: errInternalServiceError,
+				}},
+			}}
+		}
+
+		errBody := &Response{}
+		err = json.Unmarshal(respBody, &errBody)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal response body: %w", err)
+		}
+
+		errCodes := make([]int, 0, len(errBody.Errors))
+		errMsgs := make([]string, 0, len(errBody.Errors))
+		for _, e := range errBody.Errors {
+			errCodes = append(errCodes, e.Code)
+			errMsgs = append(errMsgs, e.Message)
+		}
+
+		err := &Error{
+			StatusCode:    resp.StatusCode,
+			RayID:         resp.Header.Get("cf-ray"),
+			Errors:        errBody.Errors,
+			ErrorCodes:    errCodes,
+			ErrorMessages: errMsgs,
+		}
+
+		switch resp.StatusCode {
+		case http.StatusUnauthorized:
+			err.Type = ErrorTypeAuthorization
+			return nil, &AuthorizationError{cloudflareError: err}
+		case http.StatusForbidden:
+			err.Type = ErrorTypeAuthentication
+			return nil, &AuthenticationError{cloudflareError: err}
+		case http.StatusNotFound:
+			err.Type = ErrorTypeNotFound
+			return nil, &NotFoundError{cloudflareError: err}
+		case http.StatusTooManyRequests:
+			err.Type = ErrorTypeRateLimit
+			return nil, &RatelimitError{cloudflareError: err}
+		default:
+			err.Type = ErrorTypeRequest
+			return nil, &RequestError{cloudflareError: err}
+		}
+	}
+
+	return respBody, nil
+}
+
+func (c *Client) get(ctx context.Context, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, http.MethodGet, path, payload, nil)
+}
+
+func (c *Client) post(ctx context.Context, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, http.MethodPost, path, payload, nil)
+}
+
+func (c *Client) patch(ctx context.Context, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, http.MethodPatch, path, payload, nil)
+}
+
+func (c *Client) put(ctx context.Context, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, http.MethodPut, path, payload, nil)
+}
+
+func (c *Client) delete(ctx context.Context, path string, payload interface{}) ([]byte, error) {
+	return c.makeRequest(ctx, http.MethodDelete, path, payload, nil)
+}
diff --git a/pkg/cloudflare-go/cloudflare_test.go b/pkg/cloudflare-go/cloudflare_test.go
new file mode 100644
index 0000000000..e7ffb09f66
--- /dev/null
+++ b/pkg/cloudflare-go/cloudflare_test.go
@@ -0,0 +1,549 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	// mux is the HTTP request multiplexer used with the test server.
+	mux *http.ServeMux
+
+	// client is the API client being tested.
+	client *API
+
+	// server is a test HTTP server used to provide mock API responses.
+	server *httptest.Server
+
+	// testAccountRC is a test account resource container.
+	testAccountRC = AccountIdentifier(testAccountID)
+
+	// testZoneRC is a test zone resource container.
+	testZoneRC = ZoneIdentifier(testZoneID)
+)
+
+func setup(opts ...Option) {
+	// test server
+	mux = http.NewServeMux()
+	server = httptest.NewServer(mux)
+
+	// disable rate limits and retries in testing - prepended so any provided value overrides this
+	opts = append([]Option{UsingRateLimit(100000), UsingRetryPolicy(0, 0, 0)}, opts...)
+
+	// Cloudflare client configured to use test server
+	client, _ = New("deadbeef", "cloudflare@example.org", opts...)
+	client.BaseURL = server.URL
+}
+
+func teardown() {
+	server.Close()
+}
+
+func TestClient_Headers(t *testing.T) {
+	// it should set default headers
+	setup()
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "cloudflare@example.org", r.Header.Get("X-Auth-Email"))
+		assert.Equal(t, "deadbeef", r.Header.Get("X-Auth-Key"))
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+	})
+	client.UserDetails(context.Background()) //nolint
+	teardown()
+
+	// it should override appropriate default headers when custom headers given
+	headers := make(http.Header)
+	headers.Set("Content-Type", "application/xhtml+xml")
+	headers.Add("X-Random", "a random header")
+	setup(Headers(headers))
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "cloudflare@example.org", r.Header.Get("X-Auth-Email"))
+		assert.Equal(t, "deadbeef", r.Header.Get("X-Auth-Key"))
+		assert.Equal(t, "application/xhtml+xml", r.Header.Get("Content-Type"))
+		assert.Equal(t, "a random header", r.Header.Get("X-Random"))
+	})
+	client.UserDetails(context.Background()) //nolint
+	teardown()
+
+	// it should set X-Auth-User-Service-Key and omit X-Auth-Email and X-Auth-Key when client.authType is AuthUserService
+	setup()
+	client.SetAuthType(AuthUserService)
+	client.APIUserServiceKey = "userservicekey"
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Empty(t, r.Header.Get("X-Auth-Email"))
+		assert.Empty(t, r.Header.Get("X-Auth-Key"))
+		assert.Empty(t, r.Header.Get("Authorization"))
+		assert.Equal(t, "userservicekey", r.Header.Get("X-Auth-User-Service-Key"))
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+	})
+	client.UserDetails(context.Background()) //nolint
+	teardown()
+
+	// it should set X-Auth-User-Service-Key and omit X-Auth-Email and X-Auth-Key when using NewWithUserServiceKey
+	setup()
+	client, err := NewWithUserServiceKey("userservicekey")
+	assert.NoError(t, err)
+	client.BaseURL = server.URL
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Empty(t, r.Header.Get("X-Auth-Email"))
+		assert.Empty(t, r.Header.Get("X-Auth-Key"))
+		assert.Empty(t, r.Header.Get("Authorization"))
+		assert.Equal(t, "userservicekey", r.Header.Get("X-Auth-User-Service-Key"))
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+	})
+	client.UserDetails(context.Background()) //nolint
+	teardown()
+
+	// it should set Authorization and omit others credential headers when using NewWithAPIToken
+	setup()
+	client, err = NewWithAPIToken("my-api-token")
+	assert.NoError(t, err)
+	client.BaseURL = server.URL
+	mux.HandleFunc("/zones/123456", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Empty(t, r.Header.Get("X-Auth-Email"))
+		assert.Empty(t, r.Header.Get("X-Auth-Key"))
+		assert.Empty(t, r.Header.Get("X-Auth-User-Service-Key"))
+		assert.Equal(t, "Bearer my-api-token", r.Header.Get("Authorization"))
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+	})
+	client.UserDetails(context.Background()) //nolint
+	teardown()
+}
+
+func TestClient_RetryCanSucceedAfterErrors(t *testing.T) {
+	setup(UsingRetryPolicy(2, 0, 1))
+	defer teardown()
+
+	requestsReceived := 0
+	// could test any function, using ListLoadBalancerPools
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		actual := LoadBalancerPool{}
+		assert.NoError(t, json.NewDecoder(r.Body).Decode(&actual))
+		assert.Equal(t, "123", actual.ID)
+		w.Header().Set("content-type", "application/json")
+
+		// we are doing three *retries*
+		if requestsReceived == 0 {
+			// return error causing client to retry
+			w.WriteHeader(500)
+			fmt.Fprint(w, `{
+				"success": false,
+				"errors": [ "server created some error"],
+				"messages": [],
+				"result": []
+			}`)
+		} else if requestsReceived == 1 {
+			// return error causing client to retry
+			w.WriteHeader(429)
+			fmt.Fprint(w, `{
+				"success": false,
+				"errors": [ "this is a rate limiting error"],
+				"messages": [],
+				"result": []
+			}`)
+		} else {
+			// return success response
+			fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result":
+                {
+                    "id": "17b5962d775c646f3f9725cbc7a53df4",
+                    "created_on": "2014-01-01T05:20:00.12345Z",
+                    "modified_on": "2014-02-01T05:20:00.12345Z",
+                    "description": "Primary data center - Provider XYZ",
+                    "name": "primary-dc-1",
+                    "enabled": true,
+                    "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                    "origins": [
+                      {
+                        "name": "app-server-1",
+                        "address": "198.51.100.1",
+                        "enabled": true
+                      }
+                    ],
+                    "notification_email": "someone@example.com"
+                },
+            "result_info": {
+                "page": 1,
+                "per_page": 20,
+                "count": 1,
+                "total_count": 1
+            }
+        }`)
+		}
+		requestsReceived++
+	}
+
+	mux.HandleFunc("/user/load_balancers/pools", handler)
+
+	_, err := client.CreateLoadBalancerPool(context.Background(), UserIdentifier(testUserID), CreateLoadBalancerPoolParams{LoadBalancerPool: LoadBalancerPool{ID: "123"}})
+	assert.NoError(t, err)
+}
+
+func TestClient_RetryReturnsPersistentErrorResponse(t *testing.T) {
+	setup(UsingRetryPolicy(2, 0, 1))
+	defer teardown()
+
+	// could test any function, using ListLoadBalancerPools
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		// return error causing client to retry
+		w.WriteHeader(500)
+		fmt.Fprint(w, `{
+			"success": false,
+			"errors": [ "server created some error"],
+			"messages": [],
+			"result": []
+		}`)
+	}
+
+	mux.HandleFunc("/user/load_balancers/pools", handler)
+
+	_, err := client.ListLoadBalancerPools(context.Background(), UserIdentifier(testUserID), ListLoadBalancerPoolParams{})
+	assert.Error(t, err)
+}
+
+func TestZoneIDByNameWithNonUniqueZonesWithoutOrgID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "023e105f4ecef8ad9ca31a8372d0c353",
+					"name": "example.com",
+					"development_mode": 7200,
+					"original_name_servers": [
+						"ns1.originaldnshost.com",
+						"ns2.originaldnshost.com"
+					],
+					"original_registrar": "GoDaddy",
+					"original_dnshost": "NameCheap",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"modified_on": "2014-01-01T05:20:00.12345Z",
+					"owner": {
+						"id": "7c5dae5552338874e5053f2534d2767a",
+						"email": "user@example.com",
+						"owner_type": "user"
+					},
+					"account": {
+						"id": "01a7362d577a6c3019a474fd6f485823",
+						"name": "Demo Account"
+					},
+					"permissions": [
+						"#zone:read",
+						"#zone:edit"
+					],
+					"plan": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"plan_pending": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"status": "active",
+					"paused": false,
+					"type": "full",
+					"name_servers": [
+						"tony.ns.cloudflare.com",
+						"woz.ns.cloudflare.com"
+					]
+				},
+				{
+					"id": "023e105f4ecef8ad9ca31a8372d0c353",
+					"name": "example.com",
+					"development_mode": 7200,
+					"original_name_servers": [
+						"ns1.originaldnshost.com",
+						"ns2.originaldnshost.com"
+					],
+					"original_registrar": "GoDaddy",
+					"original_dnshost": "NameCheap",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"modified_on": "2014-01-01T05:20:00.12345Z",
+					"owner": {
+						"id": "7c5dae5552338874e5053f2534d2767a",
+						"email": "user@example.com",
+						"owner_type": "user"
+					},
+					"account": {
+						"id": "01a7362d577a6c3019a474fd6f485823",
+						"name": "Demo Account"
+					},
+					"permissions": [
+						"#zone:read",
+						"#zone:edit"
+					],
+					"plan": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"plan_pending": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"status": "active",
+					"paused": false,
+					"type": "full",
+					"name_servers": [
+						"tony.ns.cloudflare.com",
+						"woz.ns.cloudflare.com"
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 50,
+				"count": 2,
+				"total_count": 2,
+				"total_pages": 1
+			}
+		}
+		`)
+	}
+
+	// `HandleFunc` doesn't handle query parameters so we just need to
+	// handle the `/zones` endpoint instead.
+	mux.HandleFunc("/zones", handler)
+
+	_, err := client.ZoneIDByName("example.com")
+	assert.EqualError(t, err, "ambiguous zone name; an account ID might help")
+}
+
+func TestZoneIDByNameWithIDN(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"name": "exämple.com",
+					"development_mode": 7200,
+					"original_name_servers": [
+						"ns1.originaldnshost.com",
+						"ns2.originaldnshost.com"
+					],
+					"original_registrar": "GoDaddy",
+					"original_dnshost": "NameCheap",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"modified_on": "2014-01-01T05:20:00.12345Z",
+					"owner": {
+						"id": "7c5dae5552338874e5053f2534d2767a",
+						"email": "user@exämple.com",
+						"owner_type": "user"
+					},
+					"account": {
+						"id": "01a7362d577a6c3019a474fd6f485823",
+						"name": "Demo Account"
+					},
+					"permissions": [
+						"#zone:read",
+						"#zone:edit"
+					],
+					"plan": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"plan_pending": {
+						"id": "e592fd9519420ba7405e1307bff33214",
+						"name": "Pro Plan",
+						"price": 20,
+						"currency": "USD",
+						"frequency": "monthly",
+						"legacy_id": "pro",
+						"is_subscribed": true,
+						"can_subscribe": true
+					},
+					"status": "active",
+					"paused": false,
+					"type": "full",
+					"name_servers": [
+						"tony.ns.cloudflare.com",
+						"woz.ns.cloudflare.com"
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 50,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}
+		`)
+	}
+
+	// `HandleFunc` doesn't handle query parameters so we just need to
+	// handle the `/zones` endpoint instead.
+	mux.HandleFunc("/zones", handler)
+
+	actual, err := client.ZoneIDByName("exämple.com")
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, "7c5dae5552338874e5053f2534d2767a")
+	}
+
+	actual, err = client.ZoneIDByName("xn--exmple-cua.com")
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, "7c5dae5552338874e5053f2534d2767a")
+	}
+}
+
+func TestClient_ContextIsPassedToRequest(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	httpClient := &http.Client{
+		Transport: RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
+			assert.Equal(t, ctx, r.Context())
+
+			rec := httptest.NewRecorder()
+			rec.WriteHeader(http.StatusOK)
+			return rec.Result(), nil
+		}),
+	}
+
+	cfClient, _ := New("deadbeef", "cloudflare@example.org", HTTPClient(httpClient))
+
+	cfClient.ListZonesContext(ctx) //nolint
+}
+
+func TestErrorFromResponseWithUnmarshalingError(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(400)
+		fmt.Fprintf(w, `{ not valid json`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/access/apps", handler)
+
+	_, err := client.CreateAccessApplication(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), CreateAccessApplicationParams{
+		Name:            "Admin Site",
+		Domain:          "test.example.com/admin",
+		SessionDuration: "24h",
+	})
+
+	assert.Regexp(t, "error unmarshalling the JSON response error body: ", err)
+}
+
+type RoundTripperFunc func(*http.Request) (*http.Response, error)
+
+func (t RoundTripperFunc) RoundTrip(request *http.Request) (*http.Response, error) {
+	return t(request)
+}
+
+func TestContextTimeout(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		time.Sleep(3 * time.Second)
+	}
+
+	mux.HandleFunc("/timeout", handler)
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	start := time.Now()
+	_, err := client.makeRequestContext(ctx, http.MethodHead, "/timeout", nil)
+	assert.ErrorIs(t, err, context.DeadlineExceeded)
+	assert.WithinDuration(t, start, time.Now(), 2*time.Second,
+		"makeRequestContext took too much time with an expiring context")
+}
+
+func TestCheckResultInfo(t *testing.T) {
+	for _, c := range [...]struct {
+		TestName   string
+		PerPage    int
+		Page       int
+		Count      int
+		ResultInfo ResultInfo
+		Verdict    bool
+	}{
+		{"per_page do not match", 20, 1, 0, ResultInfo{Page: 1, PerPage: 30, TotalPages: 0, Count: 0, Total: 0}, false},
+		{"page counts do not match", 20, 2, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 40}, false},
+		{"counts do not match", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 19, Total: 21}, false},
+		{"counts do not match", 20, 1, 19, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 21}, false},
+		{"per_page 0", 0, 1, 0, ResultInfo{Page: 1, PerPage: 0, TotalPages: 1, Count: 0, Total: 0}, false},
+		{"number of items is zero", 20, 1, 0, ResultInfo{Page: 1, PerPage: 20, TotalPages: 0, Count: 0, Total: 0}, true},
+		{"number of items is 0 but number of pages is greater than 0", 20, 1, 0, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 0, Total: 0}, false},
+		{"total number of items greater than 0 but number of pages is 0", 20, 1, 1, ResultInfo{Page: 1, PerPage: 20, TotalPages: 0, Count: 1, Total: 1}, false},
+		{"too many total number of items (one more page is needed)", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 20, Total: 21}, false},
+		{"too few total number of items (the second page would be empty)", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 20}, false},
+		{"page number cannot be zero", 20, 0, 20, ResultInfo{Page: 0, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, false},
+		{"page number cannot go beyond number of pages", 20, 2, 20, ResultInfo{Page: 2, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, false},
+		{"the last page is full of results", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, true},
+		{"we are not on the last page so it should be full of results", 20, 1, 19, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 19, Total: 39}, false},
+		{"last page only has 19 items not 20", 20, 2, 20, ResultInfo{Page: 2, PerPage: 20, TotalPages: 2, Count: 20, Total: 39}, false},
+		{"fully working result info", 20, 2, 19, ResultInfo{Page: 2, PerPage: 20, TotalPages: 2, Count: 19, Total: 39}, true},
+	} {
+		t.Run(c.TestName, func(t *testing.T) {
+			assert.Equal(t, c.Verdict, checkResultInfo(c.PerPage, c.Page, c.Count, &c.ResultInfo))
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml b/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
new file mode 100644
index 0000000000..131b233f2b
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
@@ -0,0 +1,23 @@
+before:
+  hooks:
+    - cp ../../LICENSE .
+    - go mod download
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    binary: flarectl
+    mod_timestamp: '{{ .CommitTimestamp }}'
+archives:
+  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
+checksum:
+  disable: true
+changelog:
+  disable: true
diff --git a/pkg/cloudflare-go/cmd/flarectl/README.md b/pkg/cloudflare-go/cmd/flarectl/README.md
new file mode 100644
index 0000000000..8bbdce4cad
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/README.md
@@ -0,0 +1,108 @@
+# flarectl
+
+A CLI application for interacting with a Cloudflare account. Powered by [cloudflare-go](https://github.com/cloudflare/cloudflare-go).
+
+## Installation 
+
+Install it when you install our command-line library:
+
+```sh
+go install github.com/cloudflare/cloudflare-go/cmd/flarectl@latest
+```
+
+# Usage
+
+You must authenticate with Cloudflare using either an API Token or API Key.
+
+To use an API Token, set the `CF_API_TOKEN` environment variable:
+
+```
+$ export CF_API_TOKEN=Abc123Xyz
+```
+
+To use an API Key, set the `CF_API_KEY` and `CF_API_EMAIL` environment variables:
+
+```
+$ export CF_API_KEY=abcdef1234567890
+$ export CF_API_EMAIL=someone@example.com
+```
+
+Once authenticated, you can run flarectl commands:
+
+```
+$ flarectl:
+
+   flarectl - Cloudflare CLI
+
+USAGE:
+   flarectl [global options] command [command options] [arguments...]
+   
+VERSION:
+   2017.10.0
+   
+COMMANDS:
+   ips, i                     Print Cloudflare IP ranges
+   user, u                    User information
+   zone, z                    Zone information
+   dns, d                     DNS records
+   user-agents, ua            User-Agent blocking
+   pagerules, p               Page Rules
+   railgun, r                 Railgun information
+   firewall, f                Firewall
+   origin-ca-root-cert, ocrc  Print Origin CA Root Certificate (in PEM format)
+   help, h                    Shows a list of commands or help for one command
+   
+GLOBAL OPTIONS:
+   --help, -h		show help
+   --version, -v	print the version
+   
+```
+
+## Examples
+
+## Block an IP via the IP Firewall
+
+```sh
+flarectl firewall rules create --zone="example.com" --value="8.8.8.8" --mode="block" --notes="Block bad actor"
+
+ID                               Value   Scope Mode  Notes
+-------------------------------- ------- ----- ----- ----------------
+7bc6fa4569f78777039ef5ebd7b4cedd 8.8.8.8 zone  block Block bad actor
+```
+
+### List Firewall Rules
+
+```sh
+~ flarectl firewall rules list
+
+ID                               Value           Scope Mode      Notes 
+-------------------------------- --------------- ----- --------- ----- 
+210173b610198c8ce3dfe39987e4df78 8.8.8.8         user  whitelist       
+36e86aebff4cb8cb2020e622c2ff2b90 8.8.4.4         user  whitelist       
+ba6bea6e646e2d453c394a41c6ab931a 45.55.2.6       user  whitelist       
+edff311e3f81b35e9cd64e4fa9d18465 45.55.2.5       user  whitelist       
+```
+
+### Challenge All Requests for a specific User-Agent
+
+```
+~ flarectl ua create --zone="example.com" --mode="challenge" --description="Challenge Chrome v61" --value="Mozilla/5.0 (Macintosh Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML like Gecko) Chrome/61.0.3163.100 Safari/537.36"
+
+ID                               Description          Mode      Value                                                                                                                 Paused 
+-------------------------------- -------------------- --------- --------------------------------------------------------------------------------------------------------------------- ------ 
+a23b50de3c064a5a860e8b84cd2b382c Challenge Chrome v61 challenge Mozilla/5.0 (Macintosh Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML like Gecko) Chrome/61.0.3163.100 Safari/537.36 false  
+```
+
+### Add a DNS record
+
+```sh
+~ flarectl dns create --zone="example.com" --name="app" --type="CNAME" --content="myapp.herokuapp.com" --proxy
+
+ID                               Name                      Type  Content             TTL Proxiable Proxy
+-------------------------------- ------------------------- ----- ------------------- --- --------- -----
+5c5d051f7944cf4715127270dd4d05f4 app.questionable.services CNAME myapp.herokuapp.com 1   true      true
+```
+
+## License
+
+BSD licensed. See the [LICENSE](LICENSE) file for details.
diff --git a/pkg/cloudflare-go/cmd/flarectl/dns.go b/pkg/cloudflare-go/cmd/flarectl/dns.go
new file mode 100644
index 0000000000..84c57095d1
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/dns.go
@@ -0,0 +1,201 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/urfave/cli/v2"
+)
+
+func formatDNSRecord(record cloudflare.DNSRecord) []string {
+	return []string{
+		record.ID,
+		record.Name,
+		record.Type,
+		record.Content,
+		strconv.FormatInt(int64(record.TTL), 10),
+		strconv.FormatBool(record.Proxiable),
+		strconv.FormatBool(*record.Proxied),
+	}
+}
+
+func dnsCreate(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "name", "type", "content"); err != nil {
+		return err
+	}
+	zone := c.String("zone")
+	name := c.String("name")
+	rtype := c.String("type")
+	content := c.String("content")
+	ttl := c.Int("ttl")
+	proxy := c.Bool("proxy")
+	priority := uint16(c.Uint("priority"))
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	record := cloudflare.CreateDNSRecordParams{
+		Name:     name,
+		Type:     strings.ToUpper(rtype),
+		Content:  content,
+		TTL:      ttl,
+		Proxied:  &proxy,
+		Priority: &priority,
+	}
+	result, err := api.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), record)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error creating DNS record: ", err)
+		return err
+	}
+
+	output := [][]string{
+		formatDNSRecord(result),
+	}
+
+	writeTable(c, output, "ID", "Name", "Type", "Content", "TTL", "Proxiable", "Proxy")
+
+	return nil
+}
+
+func dnsCreateOrUpdate(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "name", "type", "content"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	zone := c.String("zone")
+	name := c.String("name")
+	rtype := strings.ToUpper(c.String("type"))
+	content := c.String("content")
+	ttl := c.Int("ttl")
+	proxy := c.Bool("proxy")
+	priority := uint16(c.Uint("priority"))
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error updating DNS record: ", err)
+		return err
+	}
+
+	records, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Name: name + "." + zone})
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error fetching DNS records: ", err)
+		return err
+	}
+
+	var result cloudflare.DNSRecord
+	if len(records) > 0 {
+		// Record exists - find the ID and update it.
+		// This is imprecise without knowing the original content; if a label
+		// has multiple RRs we'll just update the first one.
+		for _, r := range records {
+			if r.Type == rtype {
+				rr := cloudflare.UpdateDNSRecordParams{}
+				rr.ID = r.ID
+				rr.Type = r.Type
+				rr.Content = content
+				rr.TTL = ttl
+				rr.Proxied = &proxy
+				rr.Priority = &priority
+
+				result, err = api.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
+				if err != nil {
+					fmt.Println("Error updating DNS record:", err)
+					return err
+				}
+			}
+		}
+	} else {
+		// Record doesn't exist - create it
+		rr := cloudflare.CreateDNSRecordParams{
+			Name:     name,
+			Type:     rtype,
+			Content:  content,
+			TTL:      ttl,
+			Proxied:  &proxy,
+			Priority: &priority,
+		}
+
+		// TODO: Print the response.
+		result, err = api.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
+		if err != nil {
+			fmt.Println("Error creating DNS record:", err)
+			return err
+		}
+	}
+
+	output := [][]string{
+		formatDNSRecord(result),
+	}
+
+	writeTable(c, output, "ID", "Name", "Type", "Content", "TTL", "Proxiable", "Proxy")
+
+	return nil
+}
+
+func dnsUpdate(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "id"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	zone := c.String("zone")
+	recordID := c.String("id")
+	name := c.String("name")
+	rtype := c.String("type")
+	content := c.String("content")
+	ttl := c.Int("ttl")
+	proxy := c.Bool("proxy")
+	priority := uint16(c.Uint("priority"))
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	record := cloudflare.UpdateDNSRecordParams{
+		ID:       recordID,
+		Name:     name,
+		Type:     strings.ToUpper(rtype),
+		Content:  content,
+		TTL:      ttl,
+		Proxied:  &proxy,
+		Priority: &priority,
+	}
+	_, err = api.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), record)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error updating DNS record: ", err)
+		return err
+	}
+
+	return nil
+}
+
+func dnsDelete(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "id"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	zone := c.String("zone")
+	recordID := c.String("id")
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	err = api.DeleteDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), recordID)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error deleting DNS record: ", err)
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/firewall.go b/pkg/cloudflare-go/cmd/flarectl/firewall.go
new file mode 100644
index 0000000000..8003ee78fe
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/firewall.go
@@ -0,0 +1,380 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"strconv"
+
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/urfave/cli/v2"
+)
+
+func formatAccessRule(rule cloudflare.AccessRule) []string {
+	return []string{
+		rule.ID,
+		rule.Configuration.Value,
+		rule.Scope.Type,
+		rule.Mode,
+		rule.Notes,
+	}
+}
+
+func firewallAccessRules(c *cli.Context) error {
+	accountID, zoneID, err := getScope(c)
+	if err != nil {
+		return err
+	}
+
+	// Create an empty access rule for searching for rules
+	rule := cloudflare.AccessRule{
+		Configuration: getConfiguration(c),
+	}
+	if c.String("scope-type") != "" {
+		rule.Scope.Type = c.String("scope-type")
+	}
+	if c.String("notes") != "" {
+		rule.Notes = c.String("notes")
+	}
+	if c.String("mode") != "" {
+		rule.Mode = c.String("mode")
+	}
+
+	var response *cloudflare.AccessRuleListResponse
+	switch {
+	case accountID != "":
+		response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, 1)
+	case zoneID != "":
+		response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, 1)
+	default:
+		response, err = api.ListUserAccessRules(context.Background(), rule, 1)
+	}
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	totalPages := response.ResultInfo.TotalPages
+	rules := make([]cloudflare.AccessRule, 0, response.ResultInfo.Total)
+	rules = append(rules, response.Result...)
+	if totalPages > 1 {
+		for page := 2; page <= totalPages; page++ {
+			switch {
+			case accountID != "":
+				response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, page)
+			case zoneID != "":
+				response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, page)
+			default:
+				response, err = api.ListUserAccessRules(context.Background(), rule, page)
+			}
+			if err != nil {
+				fmt.Println(err)
+				return err
+			}
+			rules = append(rules, response.Result...)
+		}
+	}
+
+	output := make([][]string, 0, len(rules))
+	for _, rule := range rules {
+		output = append(output, formatAccessRule(rule))
+	}
+	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
+
+	return nil
+}
+
+func firewallAccessRuleCreate(c *cli.Context) error {
+	if err := checkFlags(c, "mode", "value"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	accountID, zoneID, err := getScope(c)
+	if err != nil {
+		return err
+	}
+	configuration := getConfiguration(c)
+	mode := c.String("mode")
+	notes := c.String("notes")
+
+	rule := cloudflare.AccessRule{
+		Configuration: configuration,
+		Mode:          mode,
+		Notes:         notes,
+	}
+
+	var (
+		rules []cloudflare.AccessRule
+	)
+
+	switch {
+	case accountID != "":
+		resp, err := api.CreateAccountAccessRule(context.Background(), accountID, rule)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "error creating account access rule: ", err)
+			return err
+		}
+		rules = append(rules, resp.Result)
+	case zoneID != "":
+		resp, err := api.CreateZoneAccessRule(context.Background(), zoneID, rule)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "error creating zone access rule: ", err)
+			return err
+		}
+		rules = append(rules, resp.Result)
+	default:
+		resp, err := api.CreateUserAccessRule(context.Background(), rule)
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "error creating user access rule: ", err)
+			return err
+		}
+		rules = append(rules, resp.Result)
+	}
+
+	output := make([][]string, 0, len(rules))
+	for _, rule := range rules {
+		output = append(output, formatAccessRule(rule))
+	}
+	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
+
+	return nil
+}
+
+func firewallAccessRuleUpdate(c *cli.Context) error {
+	if err := checkFlags(c, "id"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	id := c.String("id")
+	accountID, zoneID, err := getScope(c)
+	if err != nil {
+		return err
+	}
+	mode := c.String("mode")
+	notes := c.String("notes")
+
+	rule := cloudflare.AccessRule{
+		Mode:  mode,
+		Notes: notes,
+	}
+
+	var (
+		rules       []cloudflare.AccessRule
+		errUpdating = "error updating firewall access rule"
+	)
+	switch {
+	case accountID != "":
+		resp, err := api.UpdateAccountAccessRule(context.Background(), accountID, id, rule)
+		if err != nil {
+			return fmt.Errorf(errUpdating+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	case zoneID != "":
+		resp, err := api.UpdateZoneAccessRule(context.Background(), zoneID, id, rule)
+		if err != nil {
+			return fmt.Errorf(errUpdating+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	default:
+		resp, err := api.UpdateUserAccessRule(context.Background(), id, rule)
+		if err != nil {
+			return fmt.Errorf(errUpdating+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	}
+
+	output := make([][]string, 0, len(rules))
+	for _, rule := range rules {
+		output = append(output, formatAccessRule(rule))
+	}
+	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
+
+	return nil
+}
+
+func firewallAccessRuleCreateOrUpdate(c *cli.Context) error {
+	if err := checkFlags(c, "mode", "value"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	accountID, zoneID, err := getScope(c)
+	if err != nil {
+		return err
+	}
+	configuration := getConfiguration(c)
+	mode := c.String("mode")
+	notes := c.String("notes")
+
+	// Look for an existing record
+	rule := cloudflare.AccessRule{
+		Configuration: configuration,
+	}
+	var response *cloudflare.AccessRuleListResponse
+	switch {
+	case accountID != "":
+		response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, 1)
+	case zoneID != "":
+		response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, 1)
+	default:
+		response, err = api.ListUserAccessRules(context.Background(), rule, 1)
+	}
+	if err != nil {
+		fmt.Println("Error creating or updating firewall access rule:", err)
+		return err
+	}
+
+	rule.Mode = mode
+	rule.Notes = notes
+	if len(response.Result) > 0 {
+		for _, r := range response.Result {
+			if mode == "" {
+				rule.Mode = r.Mode
+			}
+			if notes == "" {
+				rule.Notes = r.Notes
+			}
+			switch {
+			case accountID != "":
+				_, err = api.UpdateAccountAccessRule(context.Background(), accountID, r.ID, rule)
+			case zoneID != "":
+				_, err = api.UpdateZoneAccessRule(context.Background(), zoneID, r.ID, rule)
+			default:
+				_, err = api.UpdateUserAccessRule(context.Background(), r.ID, rule)
+			}
+			if err != nil {
+				fmt.Println("Error updating firewall access rule:", err)
+			}
+		}
+	} else {
+		switch {
+		case accountID != "":
+			_, err = api.CreateAccountAccessRule(context.Background(), accountID, rule)
+		case zoneID != "":
+			_, err = api.CreateZoneAccessRule(context.Background(), zoneID, rule)
+		default:
+			_, err = api.CreateUserAccessRule(context.Background(), rule)
+		}
+		if err != nil {
+			fmt.Println("Error creating firewall access rule:", err)
+		}
+	}
+
+	return nil
+}
+
+func firewallAccessRuleDelete(c *cli.Context) error {
+	if err := checkFlags(c, "id"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+	ruleID := c.String("id")
+
+	accountID, zoneID, err := getScope(c)
+	if err != nil {
+		return err
+	}
+
+	var (
+		rules       []cloudflare.AccessRule
+		errDeleting = "error deleting firewall access rule"
+	)
+	switch {
+	case accountID != "":
+		resp, err := api.DeleteAccountAccessRule(context.Background(), accountID, ruleID)
+		if err != nil {
+			return fmt.Errorf(errDeleting+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	case zoneID != "":
+		resp, err := api.DeleteZoneAccessRule(context.Background(), zoneID, ruleID)
+		if err != nil {
+			return fmt.Errorf(errDeleting+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	default:
+		resp, err := api.DeleteUserAccessRule(context.Background(), ruleID)
+		if err != nil {
+			return fmt.Errorf(errDeleting+": %w", err)
+		}
+		rules = append(rules, resp.Result)
+	}
+	if err != nil {
+		fmt.Println("Error deleting firewall access rule:", err)
+	}
+
+	output := make([][]string, 0, len(rules))
+	for _, rule := range rules {
+		output = append(output, formatAccessRule(rule))
+	}
+	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
+
+	return nil
+}
+
+func getScope(c *cli.Context) (string, string, error) {
+	var account, accountID string
+	if c.String("account") != "" {
+		account = c.String("account")
+		params := cloudflare.AccountsListParams{}
+		accounts, _, err := api.Accounts(context.Background(), params)
+		if err != nil {
+			fmt.Println(err)
+			return "", "", err
+		}
+		for _, acc := range accounts {
+			if acc.Name == account {
+				accountID = acc.ID
+				break
+			}
+		}
+		if accountID == "" {
+			err := errors.New("account could not be found")
+			fmt.Println(err)
+			return "", "", err
+		}
+	}
+
+	var zone, zoneID string
+	if c.String("zone") != "" {
+		zone = c.String("zone")
+		id, err := api.ZoneIDByName(zone)
+		if err != nil {
+			fmt.Println(err)
+			return "", "", err
+		}
+		zoneID = id
+	}
+
+	if zoneID != "" && accountID != "" {
+		err := errors.New("Cannot specify both --zone and --account")
+		fmt.Println(err)
+		return "", "", err
+	}
+
+	return accountID, zoneID, nil
+}
+
+func getConfiguration(c *cli.Context) cloudflare.AccessRuleConfiguration {
+	configuration := cloudflare.AccessRuleConfiguration{}
+	if c.String("value") != "" {
+		ip := net.ParseIP(c.String("value"))
+		_, cidr, cidrErr := net.ParseCIDR(c.String("value"))
+		_, asnErr := strconv.ParseInt(c.String("value"), 10, 32)
+		if ip != nil {
+			configuration.Target = "ip"
+			configuration.Value = ip.String()
+		} else if cidrErr == nil {
+			cidr.IP = cidr.IP.Mask(cidr.Mask)
+			configuration.Target = "ip_range"
+			configuration.Value = cidr.String()
+		} else if asnErr == nil {
+			configuration.Target = "asn"
+			configuration.Value = c.String("value")
+		} else {
+			configuration.Target = "country"
+			configuration.Value = c.String("value")
+		}
+	}
+	return configuration
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/flarectl.go b/pkg/cloudflare-go/cmd/flarectl/flarectl.go
new file mode 100644
index 0000000000..5cec7e3963
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/flarectl.go
@@ -0,0 +1,720 @@
+package main
+
+import (
+	"os"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	version = "dev"     //nolint
+	commit  = "none"    //nolint
+	date    = "unknown" //nolint
+	builtBy = "unknown" //nolint
+)
+
+var api *cloudflare.API
+
+func main() {
+	app := cli.NewApp()
+	app.Name = "flarectl"
+	app.Usage = "Cloudflare CLI"
+	app.Version = version
+	app.Flags = []cli.Flag{
+		&cli.StringFlag{
+			Name:    "account-id",
+			Usage:   "Optional account ID",
+			Value:   "",
+			EnvVars: []string{"CF_ACCOUNT_ID"},
+		},
+		&cli.BoolFlag{
+			Name:  "json",
+			Usage: "show output as JSON instead of as a table",
+		},
+	}
+	app.Commands = []*cli.Command{
+		{
+			Name:    "ips",
+			Aliases: []string{"i"},
+			Action:  ips,
+			Usage:   "Print Cloudflare IP ranges",
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:  "ip-type",
+					Usage: "type of IPs ( ipv4 | ipv6 | all )",
+					Value: "all",
+				},
+				&cli.BoolFlag{
+					Name:  "ip-only",
+					Usage: "show only addresses",
+				},
+			},
+		},
+		{
+			Name:    "user",
+			Aliases: []string{"u"},
+			Usage:   "User information",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "info",
+					Aliases: []string{"i"},
+					Action:  userInfo,
+					Usage:   "User details",
+				},
+				{
+					Name:    "update",
+					Aliases: []string{"u"},
+					Action:  userUpdate,
+					Usage:   "Update user details",
+				},
+			},
+		},
+
+		{
+			Name:    "zone",
+			Aliases: []string{"z"},
+			Usage:   "Zone information",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "list",
+					Aliases: []string{"l"},
+					Action:  zoneList,
+					Usage:   "List all zones on an account",
+				},
+				{
+					Name:    "create",
+					Aliases: []string{"c"},
+					Action:  zoneCreate,
+					Usage:   "Create a new zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.BoolFlag{
+							Name:  "jumpstart",
+							Usage: "automatically fetch DNS records",
+						},
+						&cli.StringFlag{
+							Name:  "account-id",
+							Usage: "account ID",
+						},
+					},
+				},
+				{
+					Name:   "delete",
+					Action: zoneDelete,
+					Usage:  "Delete a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+				{
+					Name:   "check",
+					Action: zoneCheck,
+					Usage:  "Initiate a zone activation check",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+				{
+					Name:    "info",
+					Aliases: []string{"i"},
+					Action:  zoneInfo,
+					Usage:   "Information on one zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+				{
+					Name:    "lockdown",
+					Aliases: []string{"lo"},
+					Action:  zoneCreateLockdown,
+					Usage:   "Lockdown a zone based on config",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringSliceFlag{
+							Name:  "urls",
+							Usage: "a list of [exact] URLs to lockdown",
+						},
+						&cli.StringSliceFlag{
+							Name:  "targets",
+							Usage: "a list of targets type",
+						},
+						&cli.StringSliceFlag{
+							Name:  "values",
+							Usage: "a list of values such as ip, ip_range etc.",
+						},
+					},
+				},
+				{
+					Name:    "plan",
+					Aliases: []string{"p"},
+					Action:  zonePlan,
+					Usage:   "Plan information for one zone",
+				},
+				{
+					Name:    "settings",
+					Aliases: []string{"s"},
+					Action:  zoneSettings,
+					Usage:   "Settings for one zone",
+				},
+				{
+					Name:   "purge",
+					Action: zoneCachePurge,
+					Usage:  "(Selectively) Purge the cache for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.BoolFlag{
+							Name:  "everything",
+							Usage: "purge everything from cache for the zone",
+						},
+						&cli.StringSliceFlag{
+							Name:  "hosts",
+							Usage: "a list of hostnames to purge the cache for",
+						},
+						&cli.StringSliceFlag{
+							Name:  "tags",
+							Usage: "the cache tags to purge (Enterprise only)",
+						},
+						&cli.StringSliceFlag{
+							Name:  "files",
+							Usage: "a list of [exact] URLs to purge",
+						},
+						&cli.StringSliceFlag{
+							Name:  "prefixes",
+							Usage: "a list of host/path prefixes to purge",
+						},
+					},
+				},
+				{
+					Name:    "dns",
+					Aliases: []string{"d"},
+					Action:  zoneRecords,
+					Usage:   "DNS records for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+				{
+					Name:    "railgun",
+					Aliases: []string{"r"},
+					Action:  zoneRailgun,
+					Usage:   "Railguns for a zone",
+				},
+				{
+					Name:    "certs",
+					Aliases: []string{"ct"},
+					Action:  zoneCerts,
+					Usage:   "Custom SSL certificates for a zone",
+				},
+				{
+					Name:    "keyless",
+					Aliases: []string{"k"},
+					Action:  zoneKeyless,
+					Usage:   "Keyless SSL for a zone",
+				},
+				{
+					Name:    "export",
+					Aliases: []string{"x"},
+					Action:  zoneExport,
+					Usage:   "Export DNS records for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+			},
+		},
+
+		{
+			Name:    "dns",
+			Aliases: []string{"d"},
+			Usage:   "DNS records",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "list",
+					Aliases: []string{"l"},
+					Action:  zoneRecords,
+					Usage:   "List DNS records for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "id",
+							Usage: "record id",
+						},
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "type",
+							Usage: "record type",
+						},
+						&cli.StringFlag{
+							Name:  "name",
+							Usage: "record name",
+						},
+						&cli.StringFlag{
+							Name:  "content",
+							Usage: "record content",
+						},
+					},
+				},
+				{
+					Name:    "create",
+					Aliases: []string{"c"},
+					Action:  dnsCreate,
+					Usage:   "Create a DNS record",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "name",
+							Usage: "record name",
+						},
+						&cli.StringFlag{
+							Name:  "type",
+							Usage: "record type",
+						},
+						&cli.StringFlag{
+							Name:  "content",
+							Usage: "record content",
+						},
+						&cli.IntFlag{
+							Name:  "ttl",
+							Usage: "TTL (1 = automatic)",
+							Value: 1,
+						},
+						&cli.BoolFlag{
+							Name:  "proxy",
+							Usage: "proxy through Cloudflare (orange cloud)",
+						},
+						&cli.UintFlag{
+							Name:  "priority",
+							Usage: "priority for an MX record. Only used for MX",
+						},
+					},
+				},
+				{
+					Name:    "update",
+					Aliases: []string{"u"},
+					Action:  dnsUpdate,
+					Usage:   "Update a DNS record",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "id",
+							Usage: "record id",
+						},
+						&cli.StringFlag{
+							Name:  "name",
+							Usage: "record name",
+						},
+						&cli.StringFlag{
+							Name:  "content",
+							Usage: "record content",
+						},
+						&cli.StringFlag{
+							Name:  "type",
+							Usage: "record type",
+						},
+						&cli.IntFlag{
+							Name:  "ttl",
+							Usage: "TTL (1 = automatic)",
+							Value: 1,
+						},
+						&cli.BoolFlag{
+							Name:  "proxy",
+							Usage: "proxy through Cloudflare (orange cloud)",
+						},
+						&cli.UintFlag{
+							Name:  "priority",
+							Usage: "priority for an MX record. Only used for MX",
+						},
+					},
+				},
+				{
+					Name:    "create-or-update",
+					Aliases: []string{"o"},
+					Action:  dnsCreateOrUpdate,
+					Usage:   "Create a DNS record, or update if it exists",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "name",
+							Usage: "record name",
+						},
+						&cli.StringFlag{
+							Name:  "content",
+							Usage: "record content",
+						},
+						&cli.StringFlag{
+							Name:  "type",
+							Usage: "record type",
+						},
+						&cli.IntFlag{
+							Name:  "ttl",
+							Usage: "TTL (1 = automatic)",
+							Value: 1,
+						},
+						&cli.BoolFlag{
+							Name:  "proxy",
+							Usage: "proxy through Cloudflare (orange cloud)",
+						},
+						&cli.UintFlag{
+							Name:  "priority",
+							Usage: "priority for an MX record. Only used for MX",
+						},
+					},
+				},
+				{
+					Name:    "delete",
+					Aliases: []string{"d"},
+					Action:  dnsDelete,
+					Usage:   "Delete a DNS record",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "id",
+							Usage: "record id",
+						},
+					},
+				},
+			},
+		},
+		{
+			Name:    "user-agents",
+			Aliases: []string{"ua"},
+			Usage:   "User-Agent blocking",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "list",
+					Aliases: []string{"l"},
+					Action:  userAgentList,
+					Usage:   "List User-Agent blocks for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.IntFlag{
+							Name:  "page",
+							Usage: "result page to return",
+						},
+					},
+				},
+				{
+					Name:    "create",
+					Aliases: []string{"c"},
+					Action:  userAgentCreate,
+					Usage:   "Create a User-Agent blocking rule",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "mode",
+							Usage: "the blocking mode: block, challenge, js_challenge, whitelist",
+						},
+						&cli.StringFlag{
+							Name:  "value",
+							Usage: "the exact User-Agent to block",
+						},
+						&cli.BoolFlag{
+							Name:  "paused",
+							Usage: "whether the rule should be paused (default: false)",
+						},
+						&cli.StringFlag{
+							Name:  "description",
+							Usage: "a description for the rule",
+						},
+					},
+				},
+				{
+					Name:    "update",
+					Aliases: []string{"u"},
+					Action:  userAgentUpdate,
+					Usage:   "Update an existing User-Agent block",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "id",
+							Usage: "User-Agent blocking rule ID",
+						},
+						&cli.StringFlag{
+							Name:  "mode",
+							Usage: "the blocking mode: block, challenge, js_challenge, whitelist",
+						},
+						&cli.StringFlag{
+							Name:  "value",
+							Usage: "the exact User-Agent to block",
+						},
+						&cli.BoolFlag{
+							Name:  "paused",
+							Usage: "whether the rule should be paused (default: false)",
+						},
+						&cli.StringFlag{
+							Name:  "description",
+							Usage: "a description for the rule",
+						},
+					},
+				},
+				{
+					Name:    "delete",
+					Aliases: []string{"d"},
+					Action:  userAgentDelete,
+					Usage:   "Delete a User-Agent block",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+						&cli.StringFlag{
+							Name:  "id",
+							Usage: "User-Agent blocking rule ID",
+						},
+					},
+				},
+			},
+		},
+		{
+			Name:    "pagerules",
+			Aliases: []string{"p"},
+			Usage:   "Page Rules",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "list",
+					Aliases: []string{"l"},
+					Action:  pageRules,
+					Usage:   "List Page Rules for a zone",
+					Flags: []cli.Flag{
+						&cli.StringFlag{
+							Name:  "zone",
+							Usage: "zone name",
+						},
+					},
+				},
+			},
+		},
+
+		{
+			Name:    "railgun",
+			Aliases: []string{"r"},
+			Usage:   "Railgun information",
+			Before:  initializeAPI,
+			Action:  railgun,
+		},
+
+		{
+			Name:    "firewall",
+			Aliases: []string{"f"},
+			Usage:   "Firewall",
+			Before:  initializeAPI,
+			Subcommands: []*cli.Command{
+				{
+					Name:    "rules",
+					Aliases: []string{"r"},
+					Usage:   "Access Rules",
+					Subcommands: []*cli.Command{
+						{
+							Name:    "list",
+							Aliases: []string{"l"},
+							Action:  firewallAccessRules,
+							Usage:   "List firewall access rules",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  "zone",
+									Usage: "zone name",
+								},
+								&cli.StringFlag{
+									Name:  "account",
+									Usage: "account name",
+								},
+								&cli.StringFlag{
+									Name:  "value",
+									Usage: "rule value",
+								},
+								&cli.StringFlag{
+									Name:  "scope-type",
+									Usage: "rule scope",
+								},
+
+								&cli.StringFlag{
+									Name:  "mode",
+									Usage: "rule mode",
+								},
+								&cli.StringFlag{
+									Name:  "notes",
+									Usage: "rule notes",
+								},
+							},
+						},
+						{
+							Name:    "create",
+							Aliases: []string{"c"},
+							Action:  firewallAccessRuleCreate,
+							Usage:   "Create a firewall access rule",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  "zone",
+									Usage: "zone name",
+								},
+								&cli.StringFlag{
+									Name:  "account",
+									Usage: "account name",
+								},
+								&cli.StringFlag{
+									Name:  "value",
+									Usage: "rule value",
+								},
+								&cli.StringFlag{
+									Name:  "mode",
+									Usage: "rule mode",
+								},
+								&cli.StringFlag{
+									Name:  "notes",
+									Usage: "rule notes",
+								},
+							},
+						},
+						{
+							Name:    "update",
+							Aliases: []string{"u"},
+							Action:  firewallAccessRuleUpdate,
+							Usage:   "Update a firewall access rule",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  "id",
+									Usage: "rule id",
+								},
+								&cli.StringFlag{
+									Name:  "zone",
+									Usage: "zone name",
+								},
+								&cli.StringFlag{
+									Name:  "account",
+									Usage: "account name",
+								},
+								&cli.StringFlag{
+									Name:  "mode",
+									Usage: "rule mode",
+								},
+								&cli.StringFlag{
+									Name:  "notes",
+									Usage: "rule notes",
+								},
+							},
+						},
+						{
+							Name:    "create-or-update",
+							Aliases: []string{"o"},
+							Action:  firewallAccessRuleCreateOrUpdate,
+							Usage:   "Create a firewall access rule, or update it if it exists",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  "zone",
+									Usage: "zone name",
+								},
+								&cli.StringFlag{
+									Name:  "account",
+									Usage: "account name",
+								},
+								&cli.StringFlag{
+									Name:  "value",
+									Usage: "rule value",
+								},
+								&cli.StringFlag{
+									Name:  "mode",
+									Usage: "rule mode",
+								},
+								&cli.StringFlag{
+									Name:  "notes",
+									Usage: "rule notes",
+								},
+							},
+						},
+						{
+							Name:    "delete",
+							Aliases: []string{"d"},
+							Action:  firewallAccessRuleDelete,
+							Usage:   "Delete a firewall access rule",
+							Flags: []cli.Flag{
+								&cli.StringFlag{
+									Name:  "id",
+									Usage: "rule id",
+								},
+								&cli.StringFlag{
+									Name:  "zone",
+									Usage: "zone name",
+								},
+								&cli.StringFlag{
+									Name:  "account",
+									Usage: "account name",
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+		{
+			Name:    "origin-ca-root-cert",
+			Aliases: []string{"ocrc"},
+			Action:  originCARootCertificate,
+			Usage:   "Print Origin CA Root Certificate (in PEM format)",
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "algorithm",
+					Usage:    "certificate algorithm ( ecc | rsa )",
+					Required: true,
+				},
+			},
+		},
+	}
+	err := app.Run(os.Args)
+	if err != nil {
+		os.Exit(1)
+	}
+	os.Exit(0)
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/misc.go b/pkg/cloudflare-go/cmd/flarectl/misc.go
new file mode 100644
index 0000000000..d6d4357c33
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/misc.go
@@ -0,0 +1,213 @@
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+	"github.com/goccy/go-json"
+	"github.com/olekukonko/tablewriter"
+	"github.com/urfave/cli/v2"
+)
+
+func initializeAPI(c *cli.Context) error {
+	apiToken := os.Getenv("CF_API_TOKEN")
+	apiKey := os.Getenv("CF_API_KEY")
+	apiEmail := os.Getenv("CF_API_EMAIL")
+
+	// Be aware the following code sets the global package `api` variable
+	var err error
+
+	if apiToken != "" {
+		api, err = cloudflare.NewWithAPIToken(apiToken)
+	} else {
+		if apiKey == "" {
+			err := errors.New("No CF_API_KEY or CF_API_TOKEN environment set")
+			fmt.Fprintln(os.Stderr, err)
+			return err
+		}
+
+		if apiEmail == "" {
+			err := errors.New("No CF_API_EMAIL environment set")
+			fmt.Fprintln(os.Stderr, err)
+			return err
+		}
+
+		api, err = cloudflare.New(apiKey, apiEmail)
+	}
+
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "cloudflare api: %s", err)
+		return err
+	}
+
+	return nil
+}
+
+// writeTableTabular outputs tabular data to STDOUT.
+func writeTableTabular(data [][]string, cols ...string) {
+	table := tablewriter.NewWriter(os.Stdout)
+	table.SetHeader(cols)
+	table.SetBorder(false)
+	table.AppendBulk(data)
+
+	table.Render()
+}
+
+// writeTableJSON outputs JSON data to STDOUT.
+func writeTableJSON(data [][]string, cols ...string) {
+	mappedData := make([]map[string]string, 0)
+	for i := range data {
+		rowData := make(map[string]string)
+		for j := range data[i] {
+			rowData[cols[j]] = data[i][j]
+		}
+		mappedData = append(mappedData, rowData)
+	}
+	jsonData, err := json.Marshal(mappedData)
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	fmt.Println(string(jsonData))
+}
+
+// writeTable outputs JSON or tabular data to STDOUT.
+func writeTable(c *cli.Context, data [][]string, cols ...string) {
+	if c.Bool("json") {
+		writeTableJSON(data, cols...)
+	} else {
+		writeTableTabular(data, cols...)
+	}
+}
+
+// Utility function to check if CLI flags were given.
+func checkFlags(c *cli.Context, flags ...string) error {
+	for _, flag := range flags {
+		if c.String(flag) == "" {
+			cli.ShowSubcommandHelp(c) // nolint
+			err := fmt.Errorf("error: the required flag %q was empty or not provided", flag)
+			fmt.Fprintln(os.Stderr, err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+func ips(c *cli.Context) error {
+	if c.String("ip-type") == "all" {
+		_getIps("ipv4", c.Bool("ip-only"))
+		_getIps("ipv6", c.Bool("ip-only"))
+	} else {
+		_getIps(c.String("ip-type"), c.Bool("ip-only"))
+	}
+
+	return nil
+}
+
+func _getIps(ipType string, showMsgType bool) {
+	ips, _ := cloudflare.IPs()
+
+	switch ipType {
+	case "ipv4":
+		if showMsgType {
+			fmt.Println("IPv4 ranges:")
+		}
+		for _, r := range ips.IPv4CIDRs {
+			fmt.Println(" ", r)
+		}
+	case "ipv6":
+		if showMsgType {
+			fmt.Println("IPv6 ranges:")
+		}
+		for _, r := range ips.IPv6CIDRs {
+			fmt.Println(" ", r)
+		}
+	}
+}
+
+func userInfo(c *cli.Context) error {
+	user, err := api.UserDetails(context.Background())
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	var output [][]string
+	output = append(output, []string{
+		user.ID,
+		user.Email,
+		user.Username,
+		user.FirstName + " " + user.LastName,
+		fmt.Sprintf("%t", user.TwoFA),
+	})
+	writeTable(c, output, "ID", "Email", "Username", "Name", "2FA")
+
+	return nil
+}
+
+func userUpdate(*cli.Context) error {
+	return nil
+}
+
+func pageRules(c *cli.Context) error {
+	if err := checkFlags(c, "zone"); err != nil {
+		return err
+	}
+	zone := c.String("zone")
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	rules, err := api.ListPageRules(context.Background(), zoneID)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	fmt.Printf("%3s %-32s %-8s %s\n", "Pri", "ID", "Status", "URL")
+	for _, r := range rules {
+		var settings []string
+		fmt.Printf("%3d %s %-8s %s\n", r.Priority, r.ID, r.Status, r.Targets[0].Constraint.Value)
+		for _, a := range r.Actions {
+			var s string
+			switch v := a.Value.(type) {
+			case int:
+				s = fmt.Sprintf("%s: %d", cloudflare.PageRuleActions[a.ID], v)
+			case float64:
+				s = fmt.Sprintf("%s: %.f", cloudflare.PageRuleActions[a.ID], v)
+			case map[string]interface{}:
+				s = fmt.Sprintf("%s: %.f - %s", cloudflare.PageRuleActions[a.ID], v["status_code"], v["url"])
+			case nil:
+				s = cloudflare.PageRuleActions[a.ID]
+			default:
+				vs := fmt.Sprintf("%s", v)
+				s = fmt.Sprintf("%s: %s", cloudflare.PageRuleActions[a.ID], strings.Title(strings.Replace(vs, "_", " ", -1)))
+			}
+			settings = append(settings, s)
+		}
+		fmt.Println("   ", strings.Join(settings, ", "))
+	}
+
+	return nil
+}
+
+func originCARootCertificate(c *cli.Context) error {
+	cert, err := cloudflare.GetOriginCARootCertificate(c.String("algorithm"))
+	if err != nil {
+		return err
+	}
+
+	fmt.Println(string(cert[:]))
+	return nil
+}
+
+func railgun(*cli.Context) error {
+	return nil
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/user_agent.go b/pkg/cloudflare-go/cmd/flarectl/user_agent.go
new file mode 100644
index 0000000000..a00bb40d99
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/user_agent.go
@@ -0,0 +1,147 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strconv"
+
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/urfave/cli/v2"
+)
+
+func formatUserAgentRule(rule cloudflare.UserAgentRule) []string {
+	return []string{
+		rule.ID,
+		rule.Description,
+		rule.Mode,
+		rule.Configuration.Value,
+		strconv.FormatBool(rule.Paused),
+	}
+}
+
+func userAgentCreate(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "mode", "value"); err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	userAgentRule := cloudflare.UserAgentRule{
+		Description: c.String("description"),
+		Mode:        c.String("mode"),
+		Paused:      c.Bool("paused"),
+		Configuration: cloudflare.UserAgentRuleConfig{
+			Target: "ua",
+			Value:  c.String("value"),
+		},
+	}
+
+	resp, err := api.CreateUserAgentRule(context.Background(), zoneID, userAgentRule)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error creating User-Agent block rule: ", err)
+		return err
+	}
+
+	output := [][]string{
+		formatUserAgentRule(resp.Result),
+	}
+
+	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
+
+	return nil
+}
+
+func userAgentUpdate(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "id", "mode", "value"); err != nil {
+		return err
+	}
+
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return err
+	}
+
+	userAgentRule := cloudflare.UserAgentRule{
+		Description: c.String("description"),
+		Mode:        c.String("mode"),
+		Paused:      c.Bool("paused"),
+		Configuration: cloudflare.UserAgentRuleConfig{
+			Target: "ua",
+			Value:  c.String("value"),
+		},
+	}
+
+	resp, err := api.UpdateUserAgentRule(context.Background(), zoneID, c.String("id"), userAgentRule)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error updating User-Agent block rule: ", err)
+		return err
+	}
+
+	output := [][]string{
+		formatUserAgentRule(resp.Result),
+	}
+
+	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
+
+	return nil
+}
+
+func userAgentDelete(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "id"); err != nil {
+		return err
+	}
+
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return err
+	}
+
+	resp, err := api.DeleteUserAgentRule(context.Background(), zoneID, c.String("id"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error deleting User-Agent block rule: ", err)
+		return err
+	}
+
+	output := [][]string{
+		formatUserAgentRule(resp.Result),
+	}
+
+	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
+
+	return nil
+}
+
+func userAgentList(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "page"); err != nil {
+		return err
+	}
+
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return err
+	}
+
+	resp, err := api.ListUserAgentRules(context.Background(), zoneID, c.Int("page"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error listing User-Agent block rules: ", err)
+		return err
+	}
+
+	output := make([][]string, 0, len(resp.Result))
+	for _, rule := range resp.Result {
+		output = append(output, formatUserAgentRule(rule))
+	}
+
+	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/cmd/flarectl/zone.go b/pkg/cloudflare-go/cmd/flarectl/zone.go
new file mode 100644
index 0000000000..5ab4e24b43
--- /dev/null
+++ b/pkg/cloudflare-go/cmd/flarectl/zone.go
@@ -0,0 +1,367 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+	"github.com/urfave/cli/v2"
+)
+
+func zoneCerts(*cli.Context) error {
+	return nil
+}
+
+func zoneKeyless(*cli.Context) error {
+	return nil
+}
+
+func zoneRailgun(*cli.Context) error {
+	return nil
+}
+
+func zoneCreate(c *cli.Context) error {
+	if err := checkFlags(c, "zone"); err != nil {
+		return err
+	}
+	zone := c.String("zone")
+	jumpstart := c.Bool("jumpstart")
+	accountID := c.String("account-id")
+	zoneType := c.String("type")
+	var account cloudflare.Account
+	if accountID != "" {
+		account.ID = accountID
+	}
+
+	if zoneType != "partial" {
+		zoneType = "full"
+	}
+
+	_, err := api.CreateZone(context.Background(), zone, jumpstart, account, zoneType)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, err.Error()+"\n")
+		return err
+	}
+
+	return nil
+}
+
+func zoneCheck(c *cli.Context) error {
+	if err := checkFlags(c, "zone"); err != nil {
+		return err
+	}
+	zone := c.String("zone")
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	res, err := api.ZoneActivationCheck(context.Background(), zoneID)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	fmt.Printf("%s\n", res.Messages[0].Message)
+
+	return nil
+}
+
+func zoneList(c *cli.Context) error {
+	zones, err := api.ListZones(context.Background())
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	output := make([][]string, 0, len(zones))
+	for _, z := range zones {
+		output = append(output, []string{
+			z.ID,
+			z.Name,
+			z.Plan.Name,
+			z.Status,
+		})
+	}
+	writeTable(c, output, "ID", "Name", "Plan", "Status")
+
+	return nil
+}
+
+func zoneDelete(c *cli.Context) error {
+	if err := checkFlags(c, "zone"); err != nil {
+		return err
+	}
+
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return err
+	}
+
+	_, err = api.DeleteZone(context.Background(), zoneID)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, err.Error()+"\n")
+		return err
+	}
+
+	return nil
+}
+
+func zoneCreateLockdown(c *cli.Context) error {
+	if err := checkFlags(c, "zone", "urls", "targets", "values"); err != nil {
+		return err
+	}
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	targets := c.StringSlice("targets")
+	values := c.StringSlice("values")
+	if len(targets) != len(values) {
+		cli.ShowCommandHelp(c, "targets and values does not match") //nolint
+		return nil
+	}
+	var zonelockdownconfigs = []cloudflare.ZoneLockdownConfig{}
+	for index := 0; index < len(targets); index++ {
+		zonelockdownconfigs = append(zonelockdownconfigs, cloudflare.ZoneLockdownConfig{
+			Target: c.StringSlice("targets")[index],
+			Value:  c.StringSlice("values")[index],
+		})
+	}
+	params := cloudflare.ZoneLockdownCreateParams{
+		Description:    c.String("description"),
+		URLs:           c.StringSlice("urls"),
+		Configurations: zonelockdownconfigs,
+	}
+
+	resp, err := api.CreateZoneLockdown(context.Background(), cloudflare.ZoneIdentifier(zoneID), params)
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Error creating ZONE lock down: ", err)
+		return err
+	}
+
+	output := make([][]string, 0, 1)
+
+	format := []string{
+		resp.ID,
+	}
+
+	output = append(output, format)
+
+	writeTable(c, output, "ID")
+
+	return nil
+}
+
+func zoneInfo(c *cli.Context) error {
+	var zone string
+	if c.NArg() > 0 {
+		zone = c.Args().First()
+	} else if c.String("zone") != "" {
+		zone = c.String("zone")
+	} else {
+		cli.ShowSubcommandHelp(c) //nolint
+		return nil
+	}
+	zones, err := api.ListZones(context.Background(), zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	output := make([][]string, 0, len(zones))
+	for _, z := range zones {
+		var nameservers []string
+		if len(z.VanityNS) > 0 {
+			nameservers = z.VanityNS
+		} else {
+			nameservers = z.NameServers
+		}
+		output = append(output, []string{
+			z.ID,
+			z.Name,
+			z.Plan.Name,
+			z.Status,
+			strings.Join(nameservers, ", "),
+			fmt.Sprintf("%t", z.Paused),
+			z.Type,
+		})
+	}
+	writeTable(c, output, "ID", "Zone", "Plan", "Status", "Name Servers", "Paused", "Type")
+
+	return nil
+}
+
+func zonePlan(*cli.Context) error {
+	return nil
+}
+
+func zoneSettings(*cli.Context) error {
+	return nil
+}
+
+func zoneCachePurge(c *cli.Context) error {
+	if err := checkFlags(c, "zone"); err != nil {
+		cli.ShowSubcommandHelp(c) //nolint
+		return err
+	}
+
+	zoneName := c.String("zone")
+	zoneID, err := api.ZoneIDByName(c.String("zone"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, err)
+		return err
+	}
+
+	var resp cloudflare.PurgeCacheResponse
+
+	// Purge everything
+	if c.Bool("everything") {
+		resp, err = api.PurgeEverything(context.Background(), zoneID)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error purging all from zone %q: %s\n", zoneName, err)
+			return err
+		}
+	} else {
+		var (
+			files    = c.StringSlice("files")
+			tags     = c.StringSlice("tags")
+			hosts    = c.StringSlice("hosts")
+			prefixes = c.StringSlice("prefixes")
+		)
+
+		if len(files) == 0 && len(tags) == 0 && len(hosts) == 0 && len(prefixes) == 0 {
+			fmt.Fprintln(os.Stderr, "You must provide at least one of the --files, --tags, --prefixes or --hosts flags")
+			return nil
+		}
+
+		// Purge selectively
+		purgeReq := cloudflare.PurgeCacheRequest{
+			Files:    c.StringSlice("files"),
+			Tags:     c.StringSlice("tags"),
+			Hosts:    c.StringSlice("hosts"),
+			Prefixes: c.StringSlice("prefixes"),
+		}
+
+		resp, err = api.PurgeCache(context.Background(), zoneID, purgeReq)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error purging the cache from zone %q: %s\n", zoneName, err)
+			return err
+		}
+	}
+
+	output := make([][]string, 0, 1)
+	output = append(output, formatCacheResponse(resp))
+
+	writeTable(c, output, "ID")
+
+	return nil
+}
+
+func zoneRecords(c *cli.Context) error {
+	var zone string
+	if c.NArg() > 0 {
+		zone = c.Args().First()
+	} else if c.String("zone") != "" {
+		zone = c.String("zone")
+	} else {
+		cli.ShowSubcommandHelp(c) //nolint
+		return nil
+	}
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	// Create an empty record for searching for records
+	rr := cloudflare.ListDNSRecordsParams{}
+	var records []cloudflare.DNSRecord
+	if c.String("id") != "" {
+		rec, err := api.GetDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), c.String("id"))
+		if err != nil {
+			fmt.Println(err)
+			return err
+		}
+		records = append(records, rec)
+	} else {
+		if c.String("type") != "" {
+			rr.Type = c.String("type")
+		}
+		if c.String("name") != "" {
+			rr.Name = c.String("name")
+		}
+		if c.String("content") != "" {
+			rr.Content = c.String("content")
+		}
+		var err error
+		records, _, err = api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
+		if err != nil {
+			fmt.Println(err)
+			return err
+		}
+	}
+	output := make([][]string, 0, len(records))
+	for _, r := range records {
+		switch r.Type {
+		case "MX":
+			r.Content = fmt.Sprintf("%d %s", *r.Priority, r.Content)
+		case "SRV":
+			dp := r.Data.(map[string]interface{})
+			r.Content = fmt.Sprintf("%.f %s", dp["priority"], r.Content)
+			// Cloudflare's API, annoyingly, automatically prepends the weight
+			// and port into content, separated by tabs.
+			// XXX: File this as a bug. LOC doesn't do this.
+			r.Content = strings.Replace(r.Content, "\t", " ", -1)
+		}
+		output = append(output, []string{
+			r.ID,
+			r.Type,
+			r.Name,
+			r.Content,
+			strconv.FormatBool(*r.Proxied),
+			fmt.Sprintf("%d", r.TTL),
+		})
+	}
+	writeTable(c, output, "ID", "Type", "Name", "Content", "Proxied", "TTL")
+
+	return nil
+}
+
+func formatCacheResponse(resp cloudflare.PurgeCacheResponse) []string {
+	return []string{
+		resp.Result.ID,
+	}
+}
+
+func zoneExport(c *cli.Context) error {
+	var zone string
+	if c.NArg() > 0 {
+		zone = c.Args().First()
+	} else if c.String("zone") != "" {
+		zone = c.String("zone")
+	} else {
+		cli.ShowSubcommandHelp(c) //nolint
+		return nil
+	}
+
+	zoneID, err := api.ZoneIDByName(zone)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	res, err := api.ZoneExport(context.Background(), zoneID)
+	if err != nil {
+		fmt.Println(err)
+		return err
+	}
+	fmt.Print(res)
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/consts.go b/pkg/cloudflare-go/consts.go
new file mode 100644
index 0000000000..668ddc3152
--- /dev/null
+++ b/pkg/cloudflare-go/consts.go
@@ -0,0 +1,27 @@
+package cloudflare
+
+// RouteRoot represents the name of the route namespace.
+type RouteRoot string
+
+const (
+	defaultScheme   = "https"
+	defaultHostname = "api.cloudflare.com"
+	defaultBasePath = "/client/v4"
+	userAgent       = "cloudflare-go"
+
+	// AccountRouteRoot is the accounts route namespace.
+	AccountRouteRoot RouteRoot = "accounts"
+
+	// ZoneRouteRoot is the zones route namespace.
+	ZoneRouteRoot RouteRoot = "zones"
+
+	originCARootCertEccURL = "https://developers.cloudflare.com/ssl/static/origin_ca_ecc_root.pem"
+	originCARootCertRsaURL = "https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem"
+
+	// Used for testing.
+	testAccountID    = "01a7362d577a6c3019a474fd6f485823"
+	testZoneID       = "d56084adb405e0b7e32c52321bf07be6"
+	testUserID       = "a81be4e9b20632860d20a64c054c4150"
+	testCertPackUUID = "a77f8bd7-3b47-46b4-a6f1-75cf98109948"
+	testTunnelID     = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+)
diff --git a/pkg/cloudflare-go/convert_types.go b/pkg/cloudflare-go/convert_types.go
new file mode 100644
index 0000000000..f3ebc83d0d
--- /dev/null
+++ b/pkg/cloudflare-go/convert_types.go
@@ -0,0 +1,932 @@
+// File contains helper methods for accepting variants (pointers, values,
+// slices, etc) of a particular type and returning them in another. A common use
+// is pointer to values and back.
+//
+// _Most_ follow the convention of (where <type> is a Golang type such as Bool):
+//
+// <type>Ptr: Accepts a value and returns a pointer.
+// <type>: Accepts a pointer and returns a value.
+// <type>PtrSlice: Accepts a slice of values and returns a slice of pointers.
+// <type>Slice: Accepts a slice of pointers and returns a slice of values.
+// <type>PtrMap: Accepts a string map of values into a string map of pointers.
+// <type>Map: Accepts a string map of pointers into a string map of values.
+//
+// Not all Golang types are covered here, only those that are commonly used.
+package cloudflare
+
+import (
+	"reflect"
+	"time"
+)
+
+// AnyPtr is a helper routine that allocates a new interface value
+// to store v and returns a pointer to it.
+//
+// Usage: var _ *Type = AnyPtr(Type(value) | value).(*Type)
+//
+//	var _ *bool = AnyPtr(true).(*bool)
+//	var _ *byte = AnyPtr(byte(1)).(*byte)
+//	var _ *complex64 = AnyPtr(complex64(1.1)).(*complex64)
+//	var _ *complex128 = AnyPtr(complex128(1.1)).(*complex128)
+//	var _ *float32 = AnyPtr(float32(1.1)).(*float32)
+//	var _ *float64 = AnyPtr(float64(1.1)).(*float64)
+//	var _ *int = AnyPtr(int(1)).(*int)
+//	var _ *int8 = AnyPtr(int8(8)).(*int8)
+//	var _ *int16 = AnyPtr(int16(16)).(*int16)
+//	var _ *int32 = AnyPtr(int32(32)).(*int32)
+//	var _ *int64 = AnyPtr(int64(64)).(*int64)
+//	var _ *rune = AnyPtr(rune(1)).(*rune)
+//	var _ *string = AnyPtr("ptr").(*string)
+//	var _ *uint = AnyPtr(uint(1)).(*uint)
+//	var _ *uint8 = AnyPtr(uint8(8)).(*uint8)
+//	var _ *uint16 = AnyPtr(uint16(16)).(*uint16)
+//	var _ *uint32 = AnyPtr(uint32(32)).(*uint32)
+//	var _ *uint64 = AnyPtr(uint64(64)).(*uint64)
+func AnyPtr(v interface{}) interface{} {
+	r := reflect.New(reflect.TypeOf(v))
+	reflect.ValueOf(r.Interface()).Elem().Set(reflect.ValueOf(v))
+	return r.Interface()
+}
+
+// BytePtr is a helper routine that allocates a new byte value to store v and
+// returns a pointer to it.
+func BytePtr(v byte) *byte { return &v }
+
+// Complex64Ptr is a helper routine that allocates a new complex64 value to
+// store v and returns a pointer to it.
+func Complex64Ptr(v complex64) *complex64 { return &v }
+
+// Complex128Ptr is a helper routine that allocates a new complex128 value
+// to store v and returns a pointer to it.
+func Complex128Ptr(v complex128) *complex128 { return &v }
+
+// RunePtr is a helper routine that allocates a new rune value to store v
+// and returns a pointer to it.
+func RunePtr(v rune) *rune { return &v }
+
+// TimePtr is a helper routine that allocates a new time.Time value
+// to store v and returns a pointer to it.
+func TimePtr(v time.Time) *time.Time { return &v }
+
+// DurationPtr is a helper routine that allocates a new time.Duration value
+// to store v and returns a pointer to it.
+func DurationPtr(v time.Duration) *time.Duration { return &v }
+
+// BoolPtr is a helper routine that allocates a new bool value to store v and
+// returns a pointer to it.
+func BoolPtr(v bool) *bool { return &v }
+
+// Bool is a helper routine that accepts a bool pointer and returns a value
+// to it.
+func Bool(v *bool) bool {
+	if v != nil {
+		return *v
+	}
+	return false
+}
+
+// BoolPtrSlice converts a slice of bool values into a slice of bool pointers.
+func BoolPtrSlice(src []bool) []*bool {
+	dst := make([]*bool, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// BoolSlice converts a slice of bool pointers into a slice of bool values.
+func BoolSlice(src []*bool) []bool {
+	dst := make([]bool, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// BoolPtrMap converts a string map of bool values into a string map of bool
+// pointers.
+func BoolPtrMap(src map[string]bool) map[string]*bool {
+	dst := make(map[string]*bool)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// BoolMap converts a string map of bool pointers into a string map of bool
+// values.
+func BoolMap(src map[string]*bool) map[string]bool {
+	dst := make(map[string]bool)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Byte is a helper routine that accepts a byte pointer and returns a
+// value to it.
+func Byte(v *byte) byte {
+	if v != nil {
+		return *v
+	}
+	return byte(0)
+}
+
+// Complex64 is a helper routine that accepts a complex64 pointer and
+// returns a value to it.
+func Complex64(v *complex64) complex64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Complex128 is a helper routine that accepts a complex128 pointer and
+// returns a value to it.
+func Complex128(v *complex128) complex128 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float32Ptr is a helper routine that allocates a new float32 value to store v
+// and returns a pointer to it.
+func Float32Ptr(v float32) *float32 { return &v }
+
+// Float32 is a helper routine that accepts a float32 pointer and returns a
+// value to it.
+func Float32(v *float32) float32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float32PtrSlice converts a slice of float32 values into a slice of float32
+// pointers.
+func Float32PtrSlice(src []float32) []*float32 {
+	dst := make([]*float32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Float32Slice converts a slice of float32 pointers into a slice of
+// float32 values.
+func Float32Slice(src []*float32) []float32 {
+	dst := make([]float32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Float32PtrMap converts a string map of float32 values into a string map of
+// float32 pointers.
+func Float32PtrMap(src map[string]float32) map[string]*float32 {
+	dst := make(map[string]*float32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Float32Map converts a string map of float32 pointers into a string
+// map of float32 values.
+func Float32Map(src map[string]*float32) map[string]float32 {
+	dst := make(map[string]float32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Float64Ptr is a helper routine that allocates a new float64 value to store v
+// and returns a pointer to it.
+func Float64Ptr(v float64) *float64 { return &v }
+
+// Float64 is a helper routine that accepts a float64 pointer and returns a
+// value to it.
+func Float64(v *float64) float64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Float64PtrSlice converts a slice of float64 values into a slice of float64
+// pointers.
+func Float64PtrSlice(src []float64) []*float64 {
+	dst := make([]*float64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Float64Slice converts a slice of float64 pointers into a slice of
+// float64 values.
+func Float64Slice(src []*float64) []float64 {
+	dst := make([]float64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Float64PtrMap converts a string map of float64 values into a string map of
+// float64 pointers.
+func Float64PtrMap(src map[string]float64) map[string]*float64 {
+	dst := make(map[string]*float64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Float64Map converts a string map of float64 pointers into a string
+// map of float64 values.
+func Float64Map(src map[string]*float64) map[string]float64 {
+	dst := make(map[string]float64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// IntPtr is a helper routine that allocates a new int value to store v and
+// returns a pointer to it.
+func IntPtr(v int) *int { return &v }
+
+// Int is a helper routine that accepts a int pointer and returns a value
+// to it.
+func Int(v *int) int {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// IntPtrSlice converts a slice of int values into a slice of int pointers.
+func IntPtrSlice(src []int) []*int {
+	dst := make([]*int, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// IntSlice converts a slice of int pointers into a slice of int values.
+func IntSlice(src []*int) []int {
+	dst := make([]int, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// IntPtrMap converts a string map of int values into a string map of int
+// pointers.
+func IntPtrMap(src map[string]int) map[string]*int {
+	dst := make(map[string]*int)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// IntMap converts a string map of int pointers into a string map of int
+// values.
+func IntMap(src map[string]*int) map[string]int {
+	dst := make(map[string]int)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int8Ptr is a helper routine that allocates a new int8 value to store v and
+// returns a pointer to it.
+func Int8Ptr(v int8) *int8 { return &v }
+
+// Int8 is a helper routine that accepts a int8 pointer and returns a value
+// to it.
+func Int8(v *int8) int8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int8PtrSlice converts a slice of int8 values into a slice of int8 pointers.
+func Int8PtrSlice(src []int8) []*int8 {
+	dst := make([]*int8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int8Slice converts a slice of int8 pointers into a slice of int8 values.
+func Int8Slice(src []*int8) []int8 {
+	dst := make([]int8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int8PtrMap converts a string map of int8 values into a string map of int8
+// pointers.
+func Int8PtrMap(src map[string]int8) map[string]*int8 {
+	dst := make(map[string]*int8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int8Map converts a string map of int8 pointers into a string map of int8
+// values.
+func Int8Map(src map[string]*int8) map[string]int8 {
+	dst := make(map[string]int8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int16Ptr is a helper routine that allocates a new int16 value to store v
+// and returns a pointer to it.
+func Int16Ptr(v int16) *int16 { return &v }
+
+// Int16 is a helper routine that accepts a int16 pointer and returns a
+// value to it.
+func Int16(v *int16) int16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int16PtrSlice converts a slice of int16 values into a slice of int16
+// pointers.
+func Int16PtrSlice(src []int16) []*int16 {
+	dst := make([]*int16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int16Slice converts a slice of int16 pointers into a slice of int16
+// values.
+func Int16Slice(src []*int16) []int16 {
+	dst := make([]int16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int16PtrMap converts a string map of int16 values into a string map of int16
+// pointers.
+func Int16PtrMap(src map[string]int16) map[string]*int16 {
+	dst := make(map[string]*int16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int16Map converts a string map of int16 pointers into a string map of
+// int16 values.
+func Int16Map(src map[string]*int16) map[string]int16 {
+	dst := make(map[string]int16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int32Ptr is a helper routine that allocates a new int32 value to store v
+// and returns a pointer to it.
+func Int32Ptr(v int32) *int32 { return &v }
+
+// Int32 is a helper routine that accepts a int32 pointer and returns a
+// value to it.
+func Int32(v *int32) int32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int32PtrSlice converts a slice of int32 values into a slice of int32
+// pointers.
+func Int32PtrSlice(src []int32) []*int32 {
+	dst := make([]*int32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int32Slice converts a slice of int32 pointers into a slice of int32
+// values.
+func Int32Slice(src []*int32) []int32 {
+	dst := make([]int32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int32PtrMap converts a string map of int32 values into a string map of int32
+// pointers.
+func Int32PtrMap(src map[string]int32) map[string]*int32 {
+	dst := make(map[string]*int32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int32Map converts a string map of int32 pointers into a string map of
+// int32 values.
+func Int32Map(src map[string]*int32) map[string]int32 {
+	dst := make(map[string]int32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Int64Ptr is a helper routine that allocates a new int64 value to store v
+// and returns a pointer to it.
+func Int64Ptr(v int64) *int64 { return &v }
+
+// Int64 is a helper routine that accepts a int64 pointer and returns a
+// value to it.
+func Int64(v *int64) int64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Int64PtrSlice converts a slice of int64 values into a slice of int64
+// pointers.
+func Int64PtrSlice(src []int64) []*int64 {
+	dst := make([]*int64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Int64Slice converts a slice of int64 pointers into a slice of int64
+// values.
+func Int64Slice(src []*int64) []int64 {
+	dst := make([]int64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Int64PtrMap converts a string map of int64 values into a string map of int64
+// pointers.
+func Int64PtrMap(src map[string]int64) map[string]*int64 {
+	dst := make(map[string]*int64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Int64Map converts a string map of int64 pointers into a string map of
+// int64 values.
+func Int64Map(src map[string]*int64) map[string]int64 {
+	dst := make(map[string]int64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Rune is a helper routine that accepts a rune pointer and returns a value
+// to it.
+func Rune(v *rune) rune {
+	if v != nil {
+		return *v
+	}
+	return rune(0)
+}
+
+// StringPtr is a helper routine that allocates a new string value to store v
+// and returns a pointer to it.
+func StringPtr(v string) *string { return &v }
+
+// String is a helper routine that accepts a string pointer and returns a
+// value to it.
+func String(v *string) string {
+	if v != nil {
+		return *v
+	}
+	return ""
+}
+
+// StringPtrSlice converts a slice of string values into a slice of string
+// pointers.
+func StringPtrSlice(src []string) []*string {
+	dst := make([]*string, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// StringSlice converts a slice of string pointers into a slice of string
+// values.
+func StringSlice(src []*string) []string {
+	dst := make([]string, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// StringPtrMap converts a string map of string values into a string map of
+// string pointers.
+func StringPtrMap(src map[string]string) map[string]*string {
+	dst := make(map[string]*string)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// StringMap converts a string map of string pointers into a string map of
+// string values.
+func StringMap(src map[string]*string) map[string]string {
+	dst := make(map[string]string)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// UintPtr is a helper routine that allocates a new uint value to store v
+// and returns a pointer to it.
+func UintPtr(v uint) *uint { return &v }
+
+// Uint is a helper routine that accepts a uint pointer and returns a value
+// to it.
+func Uint(v *uint) uint {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// UintPtrSlice converts a slice of uint values uinto a slice of uint pointers.
+func UintPtrSlice(src []uint) []*uint {
+	dst := make([]*uint, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// UintSlice converts a slice of uint pointers uinto a slice of uint
+// values.
+func UintSlice(src []*uint) []uint {
+	dst := make([]uint, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// UintPtrMap converts a string map of uint values uinto a string map of uint
+// pointers.
+func UintPtrMap(src map[string]uint) map[string]*uint {
+	dst := make(map[string]*uint)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// UintMap converts a string map of uint pointers uinto a string map of
+// uint values.
+func UintMap(src map[string]*uint) map[string]uint {
+	dst := make(map[string]uint)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint8Ptr is a helper routine that allocates a new uint8 value to store v
+// and returns a pointer to it.
+func Uint8Ptr(v uint8) *uint8 { return &v }
+
+// Uint8 is a helper routine that accepts a uint8 pointer and returns a
+// value to it.
+func Uint8(v *uint8) uint8 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint8PtrSlice converts a slice of uint8 values into a slice of uint8
+// pointers.
+func Uint8PtrSlice(src []uint8) []*uint8 {
+	dst := make([]*uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint8Slice converts a slice of uint8 pointers into a slice of uint8
+// values.
+func Uint8Slice(src []*uint8) []uint8 {
+	dst := make([]uint8, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint8PtrMap converts a string map of uint8 values into a string map of uint8
+// pointers.
+func Uint8PtrMap(src map[string]uint8) map[string]*uint8 {
+	dst := make(map[string]*uint8)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint8Map converts a string map of uint8 pointers into a string
+// map of uint8 values.
+func Uint8Map(src map[string]*uint8) map[string]uint8 {
+	dst := make(map[string]uint8)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint16Ptr is a helper routine that allocates a new uint16 value to store v
+// and returns a pointer to it.
+func Uint16Ptr(v uint16) *uint16 { return &v }
+
+// Uint16 is a helper routine that accepts a uint16 pointer and returns a
+// value to it.
+func Uint16(v *uint16) uint16 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint16PtrSlice converts a slice of uint16 values into a slice of uint16
+// pointers.
+func Uint16PtrSlice(src []uint16) []*uint16 {
+	dst := make([]*uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint16Slice converts a slice of uint16 pointers into a slice of uint16
+// values.
+func Uint16Slice(src []*uint16) []uint16 {
+	dst := make([]uint16, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint16PtrMap converts a string map of uint16 values into a string map of
+// uint16 pointers.
+func Uint16PtrMap(src map[string]uint16) map[string]*uint16 {
+	dst := make(map[string]*uint16)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint16Map converts a string map of uint16 pointers into a string map of
+// uint16 values.
+func Uint16Map(src map[string]*uint16) map[string]uint16 {
+	dst := make(map[string]uint16)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint32Ptr is a helper routine that allocates a new uint32 value to store v
+// and returns a pointer to it.
+func Uint32Ptr(v uint32) *uint32 { return &v }
+
+// Uint32 is a helper routine that accepts a uint32 pointer and returns a
+// value to it.
+func Uint32(v *uint32) uint32 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint32PtrSlice converts a slice of uint32 values into a slice of uint32
+// pointers.
+func Uint32PtrSlice(src []uint32) []*uint32 {
+	dst := make([]*uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint32Slice converts a slice of uint32 pointers into a slice of uint32
+// values.
+func Uint32Slice(src []*uint32) []uint32 {
+	dst := make([]uint32, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint32PtrMap converts a string map of uint32 values into a string map of
+// uint32 pointers.
+func Uint32PtrMap(src map[string]uint32) map[string]*uint32 {
+	dst := make(map[string]*uint32)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint32Map converts a string map of uint32 pointers into a string
+// map of uint32 values.
+func Uint32Map(src map[string]*uint32) map[string]uint32 {
+	dst := make(map[string]uint32)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Uint64Ptr is a helper routine that allocates a new uint64 value to store v
+// and returns a pointer to it.
+func Uint64Ptr(v uint64) *uint64 { return &v }
+
+// Uint64 is a helper routine that accepts a uint64 pointer and returns a
+// value to it.
+func Uint64(v *uint64) uint64 {
+	if v != nil {
+		return *v
+	}
+	return 0
+}
+
+// Uint64PtrSlice converts a slice of uint64 values into a slice of uint64
+// pointers.
+func Uint64PtrSlice(src []uint64) []*uint64 {
+	dst := make([]*uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		dst[i] = &(src[i])
+	}
+	return dst
+}
+
+// Uint64Slice converts a slice of uint64 pointers into a slice of uint64
+// values.
+func Uint64Slice(src []*uint64) []uint64 {
+	dst := make([]uint64, len(src))
+	for i := 0; i < len(src); i++ {
+		if src[i] != nil {
+			dst[i] = *(src[i])
+		}
+	}
+	return dst
+}
+
+// Uint64PtrMap converts a string map of uint64 values into a string map of
+// uint64 pointers.
+func Uint64PtrMap(src map[string]uint64) map[string]*uint64 {
+	dst := make(map[string]*uint64)
+	for k, val := range src {
+		v := val
+		dst[k] = &v
+	}
+	return dst
+}
+
+// Uint64Map converts a string map of uint64 pointers into a string map of
+// uint64 values.
+func Uint64Map(src map[string]*uint64) map[string]uint64 {
+	dst := make(map[string]uint64)
+	for k, val := range src {
+		if val != nil {
+			dst[k] = *val
+		}
+	}
+	return dst
+}
+
+// Time is a helper routine that accepts a time pointer value and returns a
+// value to it.
+func Time(v *time.Time) time.Time {
+	if v != nil {
+		return *v
+	}
+	return time.Time{}
+}
+
+// Duration is a helper routine that accepts a time pointer ion value
+// and returns a value to it.
+// func Duration(v *time.Duration) time.Duration {
+// 	if v != nil {
+// 		return *v
+// 	}
+// 	return time.Duration(0)
+// }
diff --git a/pkg/cloudflare-go/custom_hostname.go b/pkg/cloudflare-go/custom_hostname.go
new file mode 100644
index 0000000000..b625b72326
--- /dev/null
+++ b/pkg/cloudflare-go/custom_hostname.go
@@ -0,0 +1,330 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// CustomHostnameStatus is the enumeration of valid state values in the CustomHostnameSSL.
+type CustomHostnameStatus string
+
+const (
+	// PENDING status represents state of CustomHostname is pending.
+	PENDING CustomHostnameStatus = "pending"
+	// ACTIVE status represents state of CustomHostname is active.
+	ACTIVE CustomHostnameStatus = "active"
+	// MOVED status represents state of CustomHostname is moved.
+	MOVED CustomHostnameStatus = "moved"
+	// DELETED status represents state of CustomHostname is deleted.
+	DELETED CustomHostnameStatus = "deleted"
+	// BLOCKED status represents state of CustomHostname is blocked from going active.
+	BLOCKED CustomHostnameStatus = "blocked"
+)
+
+// CustomHostnameSSLSettings represents the SSL settings for a custom hostname.
+type CustomHostnameSSLSettings struct {
+	HTTP2         string   `json:"http2,omitempty"`
+	HTTP3         string   `json:"http3,omitempty"`
+	TLS13         string   `json:"tls_1_3,omitempty"`
+	MinTLSVersion string   `json:"min_tls_version,omitempty"`
+	Ciphers       []string `json:"ciphers,omitempty"`
+	EarlyHints    string   `json:"early_hints,omitempty"`
+}
+
+// CustomHostnameOwnershipVerification represents ownership verification status of a given custom hostname.
+type CustomHostnameOwnershipVerification struct {
+	Type  string `json:"type,omitempty"`
+	Name  string `json:"name,omitempty"`
+	Value string `json:"value,omitempty"`
+}
+
+// SSLValidationError represents errors that occurred during SSL validation.
+type SSLValidationError struct {
+	Message string `json:"message,omitempty"`
+}
+
+// CustomHostnameSSLCertificates represent certificate properties like issuer, expires date and etc.
+type CustomHostnameSSLCertificates struct {
+	Issuer            string     `json:"issuer"`
+	SerialNumber      string     `json:"serial_number"`
+	Signature         string     `json:"signature"`
+	ExpiresOn         *time.Time `json:"expires_on"`
+	IssuedOn          *time.Time `json:"issued_on"`
+	FingerprintSha256 string     `json:"fingerprint_sha256"`
+	ID                string     `json:"id"`
+}
+
+// CustomHostnameSSL represents the SSL section in a given custom hostname.
+type CustomHostnameSSL struct {
+	ID                   string                          `json:"id,omitempty"`
+	Status               string                          `json:"status,omitempty"`
+	Method               string                          `json:"method,omitempty"`
+	Type                 string                          `json:"type,omitempty"`
+	Wildcard             *bool                           `json:"wildcard,omitempty"`
+	CustomCertificate    string                          `json:"custom_certificate,omitempty"`
+	CustomKey            string                          `json:"custom_key,omitempty"`
+	CertificateAuthority string                          `json:"certificate_authority,omitempty"`
+	Issuer               string                          `json:"issuer,omitempty"`
+	SerialNumber         string                          `json:"serial_number,omitempty"`
+	Settings             CustomHostnameSSLSettings       `json:"settings,omitempty"`
+	Certificates         []CustomHostnameSSLCertificates `json:"certificates,omitempty"`
+	// Deprecated: use ValidationRecords.
+	// If there a single validation record, this will equal ValidationRecords[0] for backwards compatibility.
+	SSLValidationRecord
+	ValidationRecords []SSLValidationRecord `json:"validation_records,omitempty"`
+	ValidationErrors  []SSLValidationError  `json:"validation_errors,omitempty"`
+	BundleMethod      string                `json:"bundle_method,omitempty"`
+}
+
+// CustomMetadata defines custom metadata for the hostname. This requires logic to be implemented by Cloudflare to act on the data provided.
+type CustomMetadata map[string]interface{}
+
+// CustomHostname represents a custom hostname in a zone.
+type CustomHostname struct {
+	ID                        string                                  `json:"id,omitempty"`
+	Hostname                  string                                  `json:"hostname,omitempty"`
+	CustomOriginServer        string                                  `json:"custom_origin_server,omitempty"`
+	CustomOriginSNI           string                                  `json:"custom_origin_sni,omitempty"`
+	SSL                       *CustomHostnameSSL                      `json:"ssl,omitempty"`
+	CustomMetadata            *CustomMetadata                         `json:"custom_metadata,omitempty"`
+	Status                    CustomHostnameStatus                    `json:"status,omitempty"`
+	VerificationErrors        []string                                `json:"verification_errors,omitempty"`
+	OwnershipVerification     CustomHostnameOwnershipVerification     `json:"ownership_verification,omitempty"`
+	OwnershipVerificationHTTP CustomHostnameOwnershipVerificationHTTP `json:"ownership_verification_http,omitempty"`
+	CreatedAt                 *time.Time                              `json:"created_at,omitempty"`
+}
+
+// CustomHostnameOwnershipVerificationHTTP represents a response from the Custom Hostnames endpoints.
+type CustomHostnameOwnershipVerificationHTTP struct {
+	HTTPUrl  string `json:"http_url,omitempty"`
+	HTTPBody string `json:"http_body,omitempty"`
+}
+
+// CustomHostnameResponse represents a response from the Custom Hostnames endpoints.
+type CustomHostnameResponse struct {
+	Result CustomHostname `json:"result"`
+	Response
+}
+
+// CustomHostnameListResponse represents a response from the Custom Hostnames endpoints.
+type CustomHostnameListResponse struct {
+	Result []CustomHostname `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// CustomHostnameFallbackOrigin represents a Custom Hostnames Fallback Origin.
+type CustomHostnameFallbackOrigin struct {
+	Origin string   `json:"origin,omitempty"`
+	Status string   `json:"status,omitempty"`
+	Errors []string `json:"errors,omitempty"`
+}
+
+// CustomHostnameFallbackOriginResponse represents a response from the Custom Hostnames Fallback Origin endpoint.
+type CustomHostnameFallbackOriginResponse struct {
+	Result CustomHostnameFallbackOrigin `json:"result"`
+	Response
+}
+
+// UpdateCustomHostnameSSL modifies SSL configuration for the given custom
+// hostname in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-update-custom-hostname-configuration
+func (api *API) UpdateCustomHostnameSSL(ctx context.Context, zoneID string, customHostnameID string, ssl *CustomHostnameSSL) (*CustomHostnameResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
+	ch := CustomHostname{
+		SSL: ssl,
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ch)
+	if err != nil {
+		return nil, err
+	}
+
+	var response *CustomHostnameResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response, nil
+}
+
+// UpdateCustomHostname modifies configuration for the given custom
+// hostname in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-update-custom-hostname-configuration
+func (api *API) UpdateCustomHostname(ctx context.Context, zoneID string, customHostnameID string, ch CustomHostname) (*CustomHostnameResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ch)
+	if err != nil {
+		return nil, err
+	}
+
+	var response *CustomHostnameResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response, nil
+}
+
+// DeleteCustomHostname deletes a custom hostname (and any issued SSL
+// certificates).
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-delete-a-custom-hostname-and-any-issued-ssl-certificates-
+func (api *API) DeleteCustomHostname(ctx context.Context, zoneID string, customHostnameID string) error {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var response *CustomHostnameResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// CreateCustomHostname creates a new custom hostname and requests that an SSL certificate be issued for it.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-create-custom-hostname
+func (api *API) CreateCustomHostname(ctx context.Context, zoneID string, ch CustomHostname) (*CustomHostnameResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ch)
+	if err != nil {
+		return nil, err
+	}
+
+	var response *CustomHostnameResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// CustomHostnames fetches custom hostnames for the given zone,
+// by applying filter.Hostname if not empty and scoping the result to page'th 50 items.
+//
+// The returned ResultInfo can be used to implement pagination.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-list-custom-hostnames
+func (api *API) CustomHostnames(ctx context.Context, zoneID string, page int, filter CustomHostname) ([]CustomHostname, ResultInfo, error) {
+	v := url.Values{}
+	v.Set("per_page", "50")
+	v.Set("page", strconv.Itoa(page))
+	if filter.Hostname != "" {
+		v.Set("hostname", filter.Hostname)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames?%s", zoneID, v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []CustomHostname{}, ResultInfo{}, err
+	}
+	var customHostnameListResponse CustomHostnameListResponse
+	err = json.Unmarshal(res, &customHostnameListResponse)
+	if err != nil {
+		return []CustomHostname{}, ResultInfo{}, err
+	}
+
+	return customHostnameListResponse.Result, customHostnameListResponse.ResultInfo, nil
+}
+
+// CustomHostname inspects the given custom hostname in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-custom-hostname-configuration-details
+func (api *API) CustomHostname(ctx context.Context, zoneID string, customHostnameID string) (CustomHostname, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CustomHostname{}, err
+	}
+
+	var response CustomHostnameResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return CustomHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// CustomHostnameIDByName retrieves the ID for the given hostname in the given zone.
+func (api *API) CustomHostnameIDByName(ctx context.Context, zoneID string, hostname string) (string, error) {
+	customHostnames, _, err := api.CustomHostnames(ctx, zoneID, 1, CustomHostname{Hostname: hostname})
+	if err != nil {
+		return "", fmt.Errorf("CustomHostnames command failed: %w", err)
+	}
+	for _, ch := range customHostnames {
+		if ch.Hostname == hostname {
+			return ch.ID, nil
+		}
+	}
+	return "", errors.New("CustomHostname could not be found")
+}
+
+// UpdateCustomHostnameFallbackOrigin modifies the Custom Hostname Fallback origin in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-update-fallback-origin-for-custom-hostnames
+func (api *API) UpdateCustomHostnameFallbackOrigin(ctx context.Context, zoneID string, chfo CustomHostnameFallbackOrigin) (*CustomHostnameFallbackOriginResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, chfo)
+	if err != nil {
+		return nil, err
+	}
+
+	var response *CustomHostnameFallbackOriginResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response, nil
+}
+
+// DeleteCustomHostnameFallbackOrigin deletes the Custom Hostname Fallback origin in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-delete-fallback-origin-for-custom-hostnames
+func (api *API) DeleteCustomHostnameFallbackOrigin(ctx context.Context, zoneID string) error {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var response *CustomHostnameFallbackOriginResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// CustomHostnameFallbackOrigin inspects the Custom Hostname Fallback origin in the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-properties
+func (api *API) CustomHostnameFallbackOrigin(ctx context.Context, zoneID string) (CustomHostnameFallbackOrigin, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CustomHostnameFallbackOrigin{}, err
+	}
+
+	var response CustomHostnameFallbackOriginResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return CustomHostnameFallbackOrigin{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/custom_hostname_test.go b/pkg/cloudflare-go/custom_hostname_test.go
new file mode 100644
index 0000000000..c38bbbee34
--- /dev/null
+++ b/pkg/cloudflare-go/custom_hostname_test.go
@@ -0,0 +1,1114 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCustomHostname_DeleteCustomHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+{
+  "id": "bar"
+}`)
+	})
+
+	err := client.DeleteCustomHostname(context.Background(), "foo", "bar")
+
+	assert.NoError(t, err)
+}
+
+func TestCustomHostname_CreateCustomHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"validation_records": [{
+				"cname_target": "dcv.digicert.com",
+				"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com"
+			}],
+			"settings": {
+			"http2": "on"
+			}
+		},
+		"status": "pending",
+		"verification_errors": [
+		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+		],
+		"ownership_verification": {
+		  "type": "txt",
+		  "name": "_cf-custom-hostname.app.example.com",
+		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"ownership_verification_http": {
+		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"created_at": "2020-02-06T18:11:23.531995Z"
+	}
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv"}})
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
+
+	validationRec := SSLValidationRecord{
+		CnameTarget: "dcv.digicert.com",
+		CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+	}
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:                "dv",
+				Method:              "cname",
+				Status:              "pending_validation",
+				SSLValidationRecord: validationRec,
+				ValidationRecords:   []SSLValidationRecord{validationRec},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "on",
+				},
+			},
+			Status:             "pending",
+			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
+			OwnershipVerification: CustomHostnameOwnershipVerification{
+				Type:  "txt",
+				Name:  "_cf-custom-hostname.app.example.com",
+				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
+				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			CreatedAt: &createdAt,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CreateCustomHostname_MethodTxt(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "txt",
+			"type": "dv",
+			"txt_name": "app.example.com",
+			"txt_value": "ca3-f8db94da174g4c409b17fcaa5470deb2",
+			"settings": {
+			"http2": "on"
+			}
+		},
+		"status": "pending",
+		"verification_errors": [
+		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+		],
+		"ownership_verification": {
+		  "type": "txt",
+		  "name": "_cf-custom-hostname.app.example.com",
+		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"ownership_verification_http": {
+		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"created_at": "2020-02-06T18:11:23.531995Z"
+	}
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "txt", Type: "dv"}})
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "txt",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					TxtName:  "app.example.com",
+					TxtValue: "ca3-f8db94da174g4c409b17fcaa5470deb2",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "on",
+				},
+			},
+			Status:             "pending",
+			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
+			OwnershipVerification: CustomHostnameOwnershipVerification{
+				Type:  "txt",
+				Name:  "_cf-custom-hostname.app.example.com",
+				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
+				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			CreatedAt: &createdAt,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CreateCustomHostname_CustomOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"settings": {
+			"http2": "on"
+			}
+		}
+  	}
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv"}})
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "on",
+				},
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CreateCustomHostname_No_SSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"status": "pending",
+		"verification_errors": [
+		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+		],
+		"ownership_verification": {
+		  "type": "txt",
+		  "name": "_cf-custom-hostname.app.example.com",
+		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"ownership_verification_http": {
+		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"created_at": "2020-02-06T18:11:23.531995Z"
+	}
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com"})
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			Status:             "pending",
+			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
+			OwnershipVerification: CustomHostnameOwnershipVerification{
+				Type:  "txt",
+				Name:  "_cf-custom-hostname.app.example.com",
+				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
+				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			CreatedAt: &createdAt,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CreateCustomHostname_CustomOriginSNI(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"custom_origin_sni": "app.example.com",
+		"status": "pending",
+		"verification_errors": [
+		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+		],
+		"ownership_verification": {
+		  "type": "txt",
+		  "name": "_cf-custom-hostname.app.example.com",
+		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"ownership_verification_http": {
+		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
+		},
+		"created_at": "2020-02-06T18:11:23.531995Z"
+	}
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", CustomOriginSNI: "app.example.com"})
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			CustomOriginSNI:    "app.example.com",
+			Status:             "pending",
+			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
+			OwnershipVerification: CustomHostnameOwnershipVerification{
+				Type:  "txt",
+				Name:  "_cf-custom-hostname.app.example.com",
+				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
+				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
+				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
+			},
+			CreatedAt: &createdAt,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CustomHostnames(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success": true,
+	"result": [
+		{
+			"id": "custom_host_1",
+			"hostname": "custom.host.one",
+			"ssl": {
+				"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+				"type": "dv",
+				"method": "cname",
+				"status": "pending_validation",
+				"cname_target": "dcv.digicert.com",
+				"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				"issuer": "DigiCertInc",
+				"serial_number": "6743787633689793699141714808227354901",
+				"http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
+      			"http_body": "ca3-574923932a82475cb8592200f1a2a23d"
+			},
+			"custom_metadata": {
+				"a_random_field": "random field value"
+			},
+			"status": "pending",
+			"verification_errors": [
+				"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+    		],
+			"ownership_verification": {
+				"type": "txt",
+      			"name": "_cf-custom-hostname.app.example.com",
+      			"value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
+    		}
+		}
+	],
+	"result_info": {
+		"page": 1,
+		"per_page": 20,
+		"count": 5,
+		"total_count": 5
+	}
+}`)
+	})
+
+	customHostnames, _, err := client.CustomHostnames(context.Background(), "foo", 1, CustomHostname{})
+
+	want := []CustomHostname{
+		{
+			ID:       "custom_host_1",
+			Hostname: "custom.host.one",
+			SSL: &CustomHostnameSSL{
+				ID:     "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+					HTTPUrl:     "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
+					HTTPBody:    "ca3-574923932a82475cb8592200f1a2a23d",
+				},
+				Issuer:       "DigiCertInc",
+				SerialNumber: "6743787633689793699141714808227354901",
+			},
+			CustomMetadata: &CustomMetadata{"a_random_field": "random field value"},
+			Status:         PENDING,
+			VerificationErrors: []string{"None of the A or AAAA records are owned " +
+				"by this account and the pre-generated ownership verification token was not found."},
+			OwnershipVerification: CustomHostnameOwnershipVerification{
+				Type:  "txt",
+				Name:  "_cf-custom-hostname.app.example.com",
+				Value: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
+			},
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, customHostnames)
+	}
+}
+
+func TestCustomHostname_CustomHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+"success": true,
+"result": {
+    "id": "bar",
+    "hostname": "foo.bar.com",
+    "ssl": {
+      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+      "type": "dv",
+      "method": "http",
+      "status": "active",
+      "issuer": "DigiCertInc",
+      "serial_number": "6743787633689793699141714808227354901",
+      "settings": {
+        "ciphers": ["ECDHE-RSA-AES128-GCM-SHA256","AES128-SHA"],
+        "http2": "on",
+        "min_tls_version": "1.2"
+      }
+    },
+    "custom_metadata": {
+      "origin": "a.custom.origin"
+    },
+	"status": "pending",
+	"verification_errors": [
+		"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+    ],
+	"ownership_verification": {
+		"type": "txt",
+     	"name": "_cf-custom-hostname.app.example.com",
+    	"value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
+    }
+  }
+}`)
+	})
+
+	customHostname, err := client.CustomHostname(context.Background(), "foo", "bar")
+
+	want := CustomHostname{
+		ID:       "bar",
+		Hostname: "foo.bar.com",
+		SSL: &CustomHostnameSSL{
+			ID:           "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Status:       "active",
+			Method:       "http",
+			Type:         "dv",
+			Issuer:       "DigiCertInc",
+			SerialNumber: "6743787633689793699141714808227354901",
+			Settings: CustomHostnameSSLSettings{
+				HTTP2:         "on",
+				MinTLSVersion: "1.2",
+				Ciphers:       []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES128-SHA"},
+			},
+		},
+		CustomMetadata: &CustomMetadata{"origin": "a.custom.origin"},
+		Status:         PENDING,
+		VerificationErrors: []string{"None of the A or AAAA records are owned " +
+			"by this account and the pre-generated ownership verification token was not found."},
+		OwnershipVerification: CustomHostnameOwnershipVerification{
+			Type:  "txt",
+			Name:  "_cf-custom-hostname.app.example.com",
+			Value: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, customHostname)
+	}
+}
+
+func TestCustomHostname_CustomHostname_WithSSLError(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+"success": true,
+"result": {
+	"id": "bar",
+	"hostname": "example.com",
+	"ssl": {
+		"type": "dv",
+		"method": "cname",
+		"status": "pending_validation",
+		"cname_target": "dcv.digicert.com",
+		"cname": "810b7d5f01154524b961ba0cd578acc2.example.com",
+		"validation_errors": [{
+			"message": "SERVFAIL looking up CAA for example.com"
+		}]
+	},
+	"status": "pending",
+	"verification_errors": [
+		"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
+	],
+	"ownership_verification_http": {
+		"http_url": "http://example.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
+	}
+}
+}`)
+	})
+
+	customHostname, err := client.CustomHostname(context.Background(), "foo", "bar")
+
+	want := CustomHostname{
+		ID:       "bar",
+		Hostname: "example.com",
+		SSL: &CustomHostnameSSL{
+			Type:   "dv",
+			Method: "cname",
+			Status: "pending_validation",
+			SSLValidationRecord: SSLValidationRecord{
+				CnameName:   "810b7d5f01154524b961ba0cd578acc2.example.com",
+				CnameTarget: "dcv.digicert.com",
+			},
+			ValidationErrors: []SSLValidationError{
+				{
+					Message: "SERVFAIL looking up CAA for example.com",
+				},
+			},
+		},
+		Status: PENDING,
+		VerificationErrors: []string{"None of the A or AAAA records are owned " +
+			"by this account and the pre-generated ownership verification token was not found."},
+		OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
+			HTTPBody: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
+			HTTPUrl:  "http://example.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, customHostname)
+	}
+}
+
+func TestCustomHostname_UpdateCustomHostnameSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"settings": {
+			"http2": "off",
+			"tls_1_3": "on"
+			}
+		}
+  	}
+}`)
+	})
+
+	response, err := client.UpdateCustomHostnameSSL(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", &CustomHostnameSSL{Method: "cname", Type: "dv", Settings: CustomHostnameSSLSettings{HTTP2: "off", TLS13: "on"}})
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "off",
+					TLS13: "on",
+				},
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_UpdateCustomHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		defer r.Body.Close()
+		reqBody, err := io.ReadAll(r.Body)
+		assert.NoError(t, err, "Reading request body")
+		assert.JSONEq(t, `
+{
+	"hostname": "app.example.com",
+	"custom_origin_server": "example.app.com",
+	"ssl": {
+		"method": "cname",
+		"type": "dv",
+		"wildcard": false,
+		"settings": {}
+	},
+	"ownership_verification": {},
+	"ownership_verification_http": {}
+}`, string(reqBody), "Unexpected request body")
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"settings": {
+				"http2": "off",
+				"tls_1_3": "on"
+			}
+		}
+  	}
+}`)
+	})
+
+	wildcard := false
+	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}})
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "off",
+					TLS13: "on",
+				},
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_UpdateCustomHostnameWithCustomMetadata(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		defer r.Body.Close()
+		reqBody, err := io.ReadAll(r.Body)
+		assert.NoError(t, err, "Reading request body")
+		assert.JSONEq(t, `
+{
+	"hostname": "app.example.com",
+	"custom_origin_server": "example.app.com",
+	"ssl": {
+		"method": "cname",
+		"type": "dv",
+		"wildcard": false,
+		"settings": {}
+	},
+	"custom_metadata": {
+		"a_random_field": "updated field value"
+	},
+	"ownership_verification": {},
+	"ownership_verification_http": {}
+}`, string(reqBody), "Unexpected request body")
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"settings": {
+				"http2": "off",
+				"tls_1_3": "on"
+			}
+		},
+		"custom_metadata": {
+			"a_random_field": "updated field value"
+		}
+	}
+}`)
+	})
+
+	wildcard := false
+	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}, CustomMetadata: &CustomMetadata{"a_random_field": "updated field value"}})
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "off",
+					TLS13: "on",
+				},
+			},
+			CustomMetadata: &CustomMetadata{
+				"a_random_field": "updated field value",
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_UpdateCustomHostnameWithEmptyCustomMetadata(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		defer r.Body.Close()
+		reqBody, err := io.ReadAll(r.Body)
+		assert.NoError(t, err, "Reading request body")
+		assert.JSONEq(t, `
+{
+	"hostname": "app.example.com",
+	"custom_origin_server": "example.app.com",
+	"ssl": {
+		"method": "cname",
+		"type": "dv",
+		"wildcard": false,
+		"settings": {}
+	},
+	"custom_metadata": {},
+	"ownership_verification": {},
+	"ownership_verification_http": {}
+}`, string(reqBody), "Unexpected request body")
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+	"success": true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+		"hostname": "app.example.com",
+		"custom_origin_server": "example.app.com",
+		"ssl": {
+			"status": "pending_validation",
+			"method": "cname",
+			"type": "dv",
+			"cname_target": "dcv.digicert.com",
+			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+			"settings": {
+				"http2": "off",
+				"tls_1_3": "on"
+			}
+		},
+		"custom_metadata": {}
+	}
+}`)
+	})
+
+	wildcard := false
+	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}, CustomMetadata: &CustomMetadata{}})
+
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "example.app.com",
+			SSL: &CustomHostnameSSL{
+				Type:   "dv",
+				Method: "cname",
+				Status: "pending_validation",
+				SSLValidationRecord: SSLValidationRecord{
+					CnameTarget: "dcv.digicert.com",
+					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
+				},
+				Settings: CustomHostnameSSLSettings{
+					HTTP2: "off",
+					TLS13: "on",
+				},
+			},
+			CustomMetadata: &CustomMetadata{},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CustomHostnameFallbackOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "origin": "fallback.example.com",
+    "status": "pending_deployment",
+    "errors": [
+      "DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"
+    ],
+    "created_at": "2019-10-28T18:11:23.37411Z",
+    "updated_at": "2020-03-16T18:11:23.531995Z"
+  }
+}`)
+	})
+
+	customHostnameFallbackOrigin, err := client.CustomHostnameFallbackOrigin(context.Background(), "foo")
+
+	want := CustomHostnameFallbackOrigin{
+		Origin: "fallback.example.com",
+		Status: "pending_deployment",
+		Errors: []string{"DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, customHostnameFallbackOrigin)
+	}
+}
+
+func TestCustomHostname_DeleteCustomHostnameFallbackOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+{
+  "id": "bar"
+}`)
+	})
+
+	err := client.DeleteCustomHostnameFallbackOrigin(context.Background(), "foo")
+
+	assert.NoError(t, err)
+}
+
+func TestCustomHostname_UpdateCustomHostnameFallbackOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "origin": "fallback.example.com",
+    "status": "pending_deployment",
+    "errors": [
+      "DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"
+    ],
+    "created_at": "2019-10-28T18:11:23.37411Z",
+    "updated_at": "2020-03-16T18:11:23.531995Z"
+  }
+}`)
+	})
+
+	response, err := client.UpdateCustomHostnameFallbackOrigin(context.Background(), "foo", CustomHostnameFallbackOrigin{Origin: "fallback.example.com"})
+
+	want := &CustomHostnameFallbackOriginResponse{
+		Result: CustomHostnameFallbackOrigin{
+			Origin: "fallback.example.com",
+			Status: "pending_deployment",
+			Errors: []string{"DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func TestCustomHostname_CreateCustomHostnameCustomCertificateAuthority(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+  "result": {
+    "id": "614b3124-cd57-42f0-8307-000000000000",
+    "hostname": "app.example.com",
+    "ssl": {
+      "id": "d9ae4881-34d2-4820-8e28-000000000000",
+      "type": "dv",
+      "method": "http",
+      "status": "initializing",
+      "settings": {
+        "min_tls_version": "1.2"
+      },
+      "wildcard": false,
+      "certificate_authority": "lets_encrypt"
+    },
+    "custom_origin_server": "origin.example.com",
+    "created_at": "2020-06-30T21:37:36.563495Z"
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}`)
+	})
+
+	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", CertificateAuthority: "lets_encrypt"}})
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-06-30T21:37:36.563495Z")
+
+	wildcard := false
+	want := &CustomHostnameResponse{
+		Result: CustomHostname{
+			ID:                 "614b3124-cd57-42f0-8307-000000000000",
+			Hostname:           "app.example.com",
+			CustomOriginServer: "origin.example.com",
+			SSL: &CustomHostnameSSL{
+				ID:     "d9ae4881-34d2-4820-8e28-000000000000",
+				Type:   "dv",
+				Method: "http",
+				Status: "initializing",
+				Settings: CustomHostnameSSLSettings{
+					MinTLSVersion: "1.2",
+				},
+				Wildcard:             &wildcard,
+				CertificateAuthority: "lets_encrypt",
+			},
+			CreatedAt: &createdAt,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
diff --git a/pkg/cloudflare-go/custom_nameservers.go b/pkg/cloudflare-go/custom_nameservers.go
new file mode 100644
index 0000000000..dda3003c57
--- /dev/null
+++ b/pkg/cloudflare-go/custom_nameservers.go
@@ -0,0 +1,207 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type CustomNameserverRecord struct {
+	Type  string `json:"type"`
+	Value string `json:"value"`
+}
+
+type CustomNameserver struct {
+	NSName string `json:"ns_name"`
+	NSSet  int    `json:"ns_set"`
+}
+
+type CustomNameserverResult struct {
+	DNSRecords []CustomNameserverRecord `json:"dns_records"`
+	NSName     string                   `json:"ns_name"`
+	NSSet      int                      `json:"ns_set"`
+	Status     string                   `json:"status"`
+	ZoneTag    string                   `json:"zone_tag"`
+}
+
+type CustomNameserverZoneMetadata struct {
+	NSSet   int  `json:"ns_set"`
+	Enabled bool `json:"enabled"`
+}
+
+type customNameserverListResponse struct {
+	Response
+	Result []CustomNameserverResult `json:"result"`
+}
+
+type customNameserverCreateResponse struct {
+	Response
+	Result CustomNameserverResult `json:"result"`
+}
+
+type getEligibleZonesAccountCustomNameserversResponse struct {
+	Result []string `json:"result"`
+}
+
+type customNameserverZoneMetadata struct {
+	Response
+	Result CustomNameserverZoneMetadata
+}
+
+type GetCustomNameserversParams struct{}
+
+type CreateCustomNameserversParams struct {
+	NSName string `json:"ns_name"`
+	NSSet  int    `json:"ns_set"`
+}
+
+type DeleteCustomNameserversParams struct {
+	NSName string
+}
+
+type GetEligibleZonesAccountCustomNameserversParams struct{}
+
+type GetCustomNameserverZoneMetadataParams struct{}
+
+type UpdateCustomNameserverZoneMetadataParams struct {
+	NSSet   int  `json:"ns_set"`
+	Enabled bool `json:"enabled"`
+}
+
+// GetCustomNameservers lists custom nameservers.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-list-account-custom-nameservers
+func (api *API) GetCustomNameservers(ctx context.Context, rc *ResourceContainer, params GetCustomNameserversParams) ([]CustomNameserverResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return []CustomNameserverResult{}, ErrRequiredAccountLevelResourceContainer
+	}
+	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var response customNameserverListResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// CreateCustomNameservers adds a custom nameserver.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-add-account-custom-nameserver
+func (api *API) CreateCustomNameservers(ctx context.Context, rc *ResourceContainer, params CreateCustomNameserversParams) (CustomNameserverResult, error) {
+	if rc.Level != AccountRouteLevel {
+		return CustomNameserverResult{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return CustomNameserverResult{}, err
+	}
+
+	response := &customNameserverCreateResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return CustomNameserverResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// DeleteCustomNameservers removes a custom nameserver.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-delete-account-custom-nameserver
+func (api *API) DeleteCustomNameservers(ctx context.Context, rc *ResourceContainer, params DeleteCustomNameserversParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	if params.NSName == "" {
+		return errors.New("missing required NSName parameter")
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_ns/%s", rc.Level, rc.Identifier, params.NSName)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// GetEligibleZonesAccountCustomNameservers lists zones eligible for custom nameservers.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-get-eligible-zones-for-account-custom-nameservers
+func (api *API) GetEligibleZonesAccountCustomNameservers(ctx context.Context, rc *ResourceContainer, params GetEligibleZonesAccountCustomNameserversParams) ([]string, error) {
+	if rc.Level != AccountRouteLevel {
+		return []string{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_ns/availability", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var response getEligibleZonesAccountCustomNameserversResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// GetCustomNameserverZoneMetadata get metadata for custom nameservers on a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-usage-for-a-zone-get-account-custom-nameserver-related-zone-metadata
+func (api *API) GetCustomNameserverZoneMetadata(ctx context.Context, rc *ResourceContainer, params GetCustomNameserverZoneMetadataParams) (CustomNameserverZoneMetadata, error) {
+	if rc.Level != ZoneRouteLevel {
+		return CustomNameserverZoneMetadata{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CustomNameserverZoneMetadata{}, err
+	}
+
+	var response customNameserverZoneMetadata
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return CustomNameserverZoneMetadata{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// UpdateCustomNameserverZoneMetadata set metadata for custom nameservers on a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-usage-for-a-zone-set-account-custom-nameserver-related-zone-metadata
+func (api *API) UpdateCustomNameserverZoneMetadata(ctx context.Context, rc *ResourceContainer, params UpdateCustomNameserverZoneMetadataParams) error {
+	if rc.Level != ZoneRouteLevel {
+		return ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/custom_nameservers_test.go b/pkg/cloudflare-go/custom_nameservers_test.go
new file mode 100644
index 0000000000..423205cac6
--- /dev/null
+++ b/pkg/cloudflare-go/custom_nameservers_test.go
@@ -0,0 +1,223 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAccountCustomNameserver_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"ns_name": "ns1.example.com",
+					"ns_set": 1,
+					"dns_records": [
+						{
+							"type": "A",
+							"value": "192.0.2.1"
+						},
+						{
+							"type": "AAAA",
+							"value": "2400:cb00:2049:1::ffff:ffee"
+						}
+					]
+				},
+				{
+					"ns_name": "ns2.example.com",
+					"ns_set": 1,
+					"dns_records": [
+						{
+							"type": "A",
+							"value": "192.0.2.2"
+						},
+						{
+							"type": "AAAA",
+							"value": "2400:cb00:2049:1::ffff:fffe"
+						}
+					]
+				}
+			]
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns", handler)
+	want := []CustomNameserverResult{
+		{
+			DNSRecords: []CustomNameserverRecord{
+				{
+					Type:  "A",
+					Value: "192.0.2.1",
+				},
+				{
+					Type:  "AAAA",
+					Value: "2400:cb00:2049:1::ffff:ffee",
+				},
+			},
+			NSName: "ns1.example.com",
+			NSSet:  1,
+		},
+		{
+			DNSRecords: []CustomNameserverRecord{
+				{
+					Type:  "A",
+					Value: "192.0.2.2",
+				},
+				{
+					Type:  "AAAA",
+					Value: "2400:cb00:2049:1::ffff:fffe",
+				},
+			},
+			NSName: "ns2.example.com",
+			NSSet:  1,
+		},
+	}
+
+	actual, err := client.GetCustomNameservers(context.Background(), AccountIdentifier(testAccountID), GetCustomNameserversParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccountCustomNameserver_Create(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"ns_name": "ns1.example.com",
+				"ns_set": 1,
+				"dns_records": [
+					{
+						"type": "A",
+						"value": "192.0.2.1"
+					},
+					{
+						"type": "AAAA",
+						"value": "2400:cb00:2049:1::ffff:ffee"
+					}
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns", handler)
+	want := CustomNameserverResult{
+		DNSRecords: []CustomNameserverRecord{
+			{
+				Type:  "A",
+				Value: "192.0.2.1",
+			},
+			{
+				Type:  "AAAA",
+				Value: "2400:cb00:2049:1::ffff:ffee",
+			},
+		},
+		NSName: "ns1.example.com",
+		NSSet:  1,
+	}
+
+	actual, err := client.CreateCustomNameservers(
+		context.Background(),
+		AccountIdentifier(testAccountID),
+		CreateCustomNameserversParams{
+			NSName: "ns1.example.com",
+			NSSet:  1,
+		},
+	)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccountCustomNameserver_GetEligibleZones(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+    "result": [
+        "example.com",
+        "example2.com",
+        "example3.com"
+    ],
+    "success": true,
+    "errors": [],
+    "messages": []
+}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns/availability", handler)
+	want := []string{
+		"example.com",
+		"example2.com",
+		"example3.com",
+	}
+
+	actual, err := client.GetEligibleZonesAccountCustomNameservers(
+		context.Background(),
+		AccountIdentifier(testAccountID),
+		GetEligibleZonesAccountCustomNameserversParams{},
+	)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestAccountCustomNameserver_GetAccountCustomNameserverZoneMetadata(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"ns_set": 1,
+				"enabled": true
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/custom_ns", handler)
+	want := CustomNameserverZoneMetadata{
+		NSSet:   1,
+		Enabled: true,
+	}
+
+	actual, err := client.GetCustomNameserverZoneMetadata(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		GetCustomNameserverZoneMetadataParams{},
+	)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/custom_pages.go b/pkg/cloudflare-go/custom_pages.go
new file mode 100644
index 0000000000..ae68d680fd
--- /dev/null
+++ b/pkg/cloudflare-go/custom_pages.go
@@ -0,0 +1,177 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// CustomPage represents a custom page configuration.
+type CustomPage struct {
+	CreatedOn      time.Time   `json:"created_on"`
+	ModifiedOn     time.Time   `json:"modified_on"`
+	URL            interface{} `json:"url"`
+	State          string      `json:"state"`
+	RequiredTokens []string    `json:"required_tokens"`
+	PreviewTarget  string      `json:"preview_target"`
+	Description    string      `json:"description"`
+	ID             string      `json:"id"`
+}
+
+// CustomPageResponse represents the response from the custom pages endpoint.
+type CustomPageResponse struct {
+	Response
+	Result []CustomPage `json:"result"`
+}
+
+// CustomPageDetailResponse represents the response from the custom page endpoint.
+type CustomPageDetailResponse struct {
+	Response
+	Result CustomPage `json:"result"`
+}
+
+// CustomPageOptions is used to determine whether or not the operation
+// should take place on an account or zone level based on which is
+// provided to the function.
+//
+// A non-empty value denotes desired use.
+type CustomPageOptions struct {
+	AccountID string
+	ZoneID    string
+}
+
+// CustomPageParameters is used to update a particular custom page with
+// the values provided.
+type CustomPageParameters struct {
+	URL   interface{} `json:"url"`
+	State string      `json:"state"`
+}
+
+// CustomPages lists custom pages for a zone or account.
+//
+// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-list-available-custom-pages
+// Account API reference: https://api.cloudflare.com/#custom-pages-account--list-custom-pages
+func (api *API) CustomPages(ctx context.Context, options *CustomPageOptions) ([]CustomPage, error) {
+	var (
+		pageType, identifier string
+	)
+
+	if options.AccountID == "" && options.ZoneID == "" {
+		return nil, ErrAccountIDOrZoneIDAreRequired
+	}
+
+	if options.AccountID != "" && options.ZoneID != "" {
+		return nil, ErrAccountIDAndZoneIDAreMutuallyExclusive
+	}
+
+	// Should the account ID be defined, treat this as an account level operation.
+	if options.AccountID != "" {
+		pageType = "accounts"
+		identifier = options.AccountID
+	} else {
+		pageType = "zones"
+		identifier = options.ZoneID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_pages", pageType, identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var customPageResponse CustomPageResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return customPageResponse.Result, nil
+}
+
+// CustomPage lists a single custom page based on the ID.
+//
+// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-custom-page-details
+// Account API reference: https://api.cloudflare.com/#custom-pages-account--custom-page-details
+func (api *API) CustomPage(ctx context.Context, options *CustomPageOptions, customPageID string) (CustomPage, error) {
+	var (
+		pageType, identifier string
+	)
+
+	if options.AccountID == "" && options.ZoneID == "" {
+		return CustomPage{}, ErrAccountIDOrZoneIDAreRequired
+	}
+
+	if options.AccountID != "" && options.ZoneID != "" {
+		return CustomPage{}, ErrAccountIDAndZoneIDAreMutuallyExclusive
+	}
+
+	// Should the account ID be defined, treat this as an account level operation.
+	if options.AccountID != "" {
+		pageType = "accounts"
+		identifier = options.AccountID
+	} else {
+		pageType = "zones"
+		identifier = options.ZoneID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_pages/%s", pageType, identifier, customPageID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return CustomPage{}, err
+	}
+
+	var customPageResponse CustomPageDetailResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return CustomPage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return customPageResponse.Result, nil
+}
+
+// UpdateCustomPage updates a single custom page setting.
+//
+// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-update-custom-page-url
+// Account API reference: https://api.cloudflare.com/#custom-pages-account--update-custom-page
+func (api *API) UpdateCustomPage(ctx context.Context, options *CustomPageOptions, customPageID string, pageParameters CustomPageParameters) (CustomPage, error) {
+	var (
+		pageType, identifier string
+	)
+
+	if options.AccountID == "" && options.ZoneID == "" {
+		return CustomPage{}, ErrAccountIDOrZoneIDAreRequired
+	}
+
+	if options.AccountID != "" && options.ZoneID != "" {
+		return CustomPage{}, ErrAccountIDAndZoneIDAreMutuallyExclusive
+	}
+
+	// Should the account ID be defined, treat this as an account level operation.
+	if options.AccountID != "" {
+		pageType = "accounts"
+		identifier = options.AccountID
+	} else {
+		pageType = "zones"
+		identifier = options.ZoneID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/custom_pages/%s", pageType, identifier, customPageID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, pageParameters)
+	if err != nil {
+		return CustomPage{}, err
+	}
+
+	var customPageResponse CustomPageDetailResponse
+	err = json.Unmarshal(res, &customPageResponse)
+	if err != nil {
+		return CustomPage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return customPageResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/custom_pages_test.go b/pkg/cloudflare-go/custom_pages_test.go
new file mode 100644
index 0000000000..a8d28beed9
--- /dev/null
+++ b/pkg/cloudflare-go/custom_pages_test.go
@@ -0,0 +1,351 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var timestamp, _ = time.Parse(time.RFC3339Nano, "2014-01-01T05:20:00.12345Z")
+var expectedCustomPage = CustomPage{
+	ID:             "basic_challenge",
+	CreatedOn:      timestamp,
+	ModifiedOn:     timestamp,
+	URL:            "http://www.example.com",
+	State:          "default",
+	RequiredTokens: []string{"::CAPTCHA_BOX::"},
+	PreviewTarget:  "preview:target",
+	Description:    "Basic challenge",
+}
+var updatedCustomPage = CustomPage{
+	ID:             "basic_challenge",
+	CreatedOn:      timestamp,
+	ModifiedOn:     timestamp,
+	URL:            "https://mytestexample.com",
+	State:          "customized",
+	RequiredTokens: []string{"::CAPTCHA_BOX::"},
+	PreviewTarget:  "preview:target",
+	Description:    "Basic challenge",
+}
+var defaultCustomPage = CustomPage{
+	ID:             "basic_challenge",
+	CreatedOn:      timestamp,
+	ModifiedOn:     timestamp,
+	URL:            nil,
+	State:          "default",
+	RequiredTokens: []string{"::CAPTCHA_BOX::"},
+	PreviewTarget:  "preview:target",
+	Description:    "Basic challenge",
+}
+
+func TestCustomPagesWithoutZoneIDOrAccountID(t *testing.T) {
+	_, err := client.CustomPages(context.Background(), &CustomPageOptions{})
+	assert.EqualError(t, err, "either account ID or zone ID must be provided")
+}
+
+func TestCustomPagesWithZoneIDAndAccountID(t *testing.T) {
+	_, err := client.CustomPages(context.Background(), &CustomPageOptions{ZoneID: "abc123", AccountID: "321cba"})
+	assert.EqualError(t, err, "account ID and zone ID are mutually exclusive")
+}
+
+func TestCustomPagesForZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "basic_challenge",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"modified_on": "2014-01-01T05:20:00.12345Z",
+					"url": "http://www.example.com",
+					"state": "default",
+					"required_tokens": [
+						"::CAPTCHA_BOX::"
+					],
+					"preview_target": "preview:target",
+					"description": "Basic challenge"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages", handler)
+	want := []CustomPage{expectedCustomPage}
+
+	pages, err := client.CustomPages(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, pages)
+	}
+}
+
+func TestCustomPagesForAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "basic_challenge",
+					"created_on": "2014-01-01T05:20:00.12345Z",
+					"modified_on": "2014-01-01T05:20:00.12345Z",
+					"url": "http://www.example.com",
+					"state": "default",
+					"required_tokens": [
+						"::CAPTCHA_BOX::"
+					],
+					"preview_target": "preview:target",
+					"description": "Basic challenge"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages", handler)
+	want := []CustomPage{expectedCustomPage}
+
+	pages, err := client.CustomPages(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, pages)
+	}
+}
+
+func TestCustomPageForZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "basic_challenge",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"url": "http://www.example.com",
+				"state": "default",
+				"required_tokens": [
+					"::CAPTCHA_BOX::"
+				],
+				"preview_target": "preview:target",
+				"description": "Basic challenge"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
+
+	page, err := client.CustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedCustomPage, page)
+	}
+}
+
+func TestCustomPageForAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "basic_challenge",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"url": "http://www.example.com",
+				"state": "default",
+				"required_tokens": [
+					"::CAPTCHA_BOX::"
+				],
+				"preview_target": "preview:target",
+				"description": "Basic challenge"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages/basic_challenge", handler)
+
+	page, err := client.CustomPage(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"}, "basic_challenge")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedCustomPage, page)
+	}
+}
+
+func TestUpdateCustomPagesForAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "basic_challenge",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"url": "https://mytestexample.com",
+				"state": "customized",
+				"required_tokens": [
+					"::CAPTCHA_BOX::"
+				],
+				"preview_target": "preview:target",
+				"description": "Basic challenge"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages/basic_challenge", handler)
+	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"}, "basic_challenge", CustomPageParameters{URL: "https://mytestexample.com", State: "customized"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, updatedCustomPage, actual)
+	}
+}
+
+func TestUpdateCustomPagesForZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "basic_challenge",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"url": "https://mytestexample.com",
+				"state": "customized",
+				"required_tokens": [
+					"::CAPTCHA_BOX::"
+				],
+				"preview_target": "preview:target",
+				"description": "Basic challenge"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
+	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge", CustomPageParameters{URL: "https://mytestexample.com", State: "customized"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, updatedCustomPage, actual)
+	}
+}
+
+func TestUpdateCustomPagesToDefault(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+			"result":{
+				"id":"basic_challenge",
+				"description":"Basic challenge",
+				"required_tokens":[
+					"::CAPTCHA_BOX::"
+				],
+				"preview_target":"preview:target",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"url":null,
+				"state":"default"
+			},
+			"success":true,
+			"errors":[],
+			"messages":[]
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
+	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge", CustomPageParameters{URL: nil, State: "default"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, defaultCustomPage, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/d1.go b/pkg/cloudflare-go/d1.go
new file mode 100644
index 0000000000..08a3ecc51f
--- /dev/null
+++ b/pkg/cloudflare-go/d1.go
@@ -0,0 +1,199 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingDatabaseID = fmt.Errorf("required missing database ID")
+)
+
+type D1Database struct {
+	Name      string     `json:"name"`
+	NumTables int        `json:"num_tables"`
+	UUID      string     `json:"uuid"`
+	Version   string     `json:"version"`
+	CreatedAt *time.Time `json:"created_at"`
+	FileSize  int64      `json:"file_size"`
+}
+
+type ListD1DatabasesParams struct {
+	Name string `url:"name,omitempty"`
+	ResultInfo
+}
+
+type ListD1Response struct {
+	Result []D1Database `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type CreateD1DatabaseParams struct {
+	Name string `json:"name"`
+}
+
+type D1DatabaseResponse struct {
+	Result D1Database `json:"result"`
+	Response
+}
+
+type QueryD1DatabaseParams struct {
+	DatabaseID string   `json:"-"`
+	SQL        string   `json:"sql"`
+	Parameters []string `json:"params"`
+}
+
+type D1DatabaseMetadata struct {
+	ChangedDB   *bool   `json:"changed_db,omitempty"`
+	Changes     int     `json:"changes"`
+	Duration    float64 `json:"duration"`
+	LastRowID   int     `json:"last_row_id"`
+	RowsRead    int     `json:"rows_read"`
+	RowsWritten int     `json:"rows_written"`
+	SizeAfter   int     `json:"size_after"`
+}
+
+type D1Result struct {
+	Success *bool              `json:"success"`
+	Results []map[string]any   `json:"results"`
+	Meta    D1DatabaseMetadata `json:"meta"`
+}
+
+type QueryD1Response struct {
+	Result []D1Result `json:"result"`
+	Response
+}
+
+// ListD1Databases returns all databases for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-list-databases
+func (api *API) ListD1Databases(ctx context.Context, rc *ResourceContainer, params ListD1DatabasesParams) ([]D1Database, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []D1Database{}, &ResultInfo{}, ErrMissingAccountID
+	}
+	baseURL := fmt.Sprintf("/accounts/%s/d1/database", rc.Identifier)
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 100
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+	var databases []D1Database
+	var r ListD1Response
+	for {
+		uri := buildURI(baseURL, params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []D1Database{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []D1Database{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		databases = append(databases, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return databases, &r.ResultInfo, nil
+}
+
+// CreateD1Database creates a new database for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-create-database
+func (api *API) CreateD1Database(ctx context.Context, rc *ResourceContainer, params CreateD1DatabaseParams) (D1Database, error) {
+	if rc.Identifier == "" {
+		return D1Database{}, ErrMissingAccountID
+	}
+	uri := fmt.Sprintf("/accounts/%s/d1/database", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return D1Database{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r D1DatabaseResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return D1Database{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteD1Database deletes a database for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-delete-database
+func (api *API) DeleteD1Database(ctx context.Context, rc *ResourceContainer, databaseID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+	if databaseID == "" {
+		return ErrMissingDatabaseID
+	}
+	uri := fmt.Sprintf("/accounts/%s/d1/database/%s", rc.Identifier, databaseID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+	return nil
+}
+
+// GetD1Database returns a database for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-get-database
+func (api *API) GetD1Database(ctx context.Context, rc *ResourceContainer, databaseID string) (D1Database, error) {
+	if rc.Identifier == "" {
+		return D1Database{}, ErrMissingAccountID
+	}
+	uri := fmt.Sprintf("/accounts/%s/d1/database/%s", rc.Identifier, databaseID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return D1Database{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r D1DatabaseResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return D1Database{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// QueryD1Database queries a database for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-query-database
+func (api *API) QueryD1Database(ctx context.Context, rc *ResourceContainer, params QueryD1DatabaseParams) ([]D1Result, error) {
+	if rc.Identifier == "" {
+		return []D1Result{}, ErrMissingAccountID
+	}
+	if params.DatabaseID == "" {
+		return []D1Result{}, ErrMissingDatabaseID
+	}
+	uri := fmt.Sprintf("/accounts/%s/d1/database/%s/query", rc.Identifier, params.DatabaseID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return []D1Result{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueryD1Response
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []D1Result{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/d1_test.go b/pkg/cloudflare-go/d1_test.go
new file mode 100644
index 0000000000..1f3c5399ae
--- /dev/null
+++ b/pkg/cloudflare-go/d1_test.go
@@ -0,0 +1,238 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testD1DatabaseID = "480f4f691a284fdd92401ed29f0ac1df"
+	testD1Result     = `{
+		  "created_at": "2014-01-01T05:20:00.12345Z",
+		  "name": "my-database",
+		  "uuid": "480f4f691a284fdd92401ed29f0ac1df",
+		  "version": "beta",
+		  "num_tables": 1,
+		  "file_size": 100
+		}
+`
+)
+
+var (
+	d1CreatedAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	testD1Database = D1Database{
+		Name:      "my-database",
+		NumTables: 1,
+		UUID:      testD1DatabaseID,
+		Version:   "beta",
+		CreatedAt: &d1CreatedAt,
+		FileSize:  100,
+	}
+)
+
+func TestListD1Databases(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": [
+                %s
+            ],
+            "result_info": {
+                "page": 1,
+                "per_page": 100,
+                "count": 1,
+                "total_count": 1
+            }
+        }`, testD1Result)
+	})
+
+	_, _, err := client.ListD1Databases(context.Background(), AccountIdentifier(""), ListD1DatabasesParams{})
+	if assert.Error(t, err, "Didn't get error for missing Account ID get listing D1 Database") {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+	actual, _, err := client.ListD1Databases(context.Background(), testAccountRC, ListD1DatabasesParams{})
+	if assert.NoError(t, err, "ListD1Databases returned error: %v", err) {
+		expected := []D1Database{testD1Database}
+		if !assert.Equal(t, expected, actual) {
+			t.Errorf("ListD1Databases returned %+v, expected %+v", actual, expected)
+		}
+	}
+}
+
+func TestGetD1Databases(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": %s
+        }`, testD1Result)
+	})
+
+	_, err := client.GetD1Database(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err, "Didn't get error for missing Account ID get getting D1 Database") {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+	actual, err := client.GetD1Database(context.Background(), testAccountRC, testD1DatabaseID)
+	if assert.NoError(t, err, "GetD1Database returned error: %v", err) {
+		if !assert.Equal(t, testD1Database, actual) {
+			t.Errorf("GetD1Database returned %+v, expected %+v", actual, testD1Database)
+		}
+	}
+}
+
+func TestCreateD1Database(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testD1Result)
+	})
+
+	_, err := client.CreateD1Database(context.Background(), AccountIdentifier(""), CreateD1DatabaseParams{})
+	if assert.Error(t, err, "Didn't get error for missing Account ID get creating D1 Database") {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+	actual, err := client.CreateD1Database(context.Background(), testAccountRC, CreateD1DatabaseParams{
+		Name: "my-database",
+	})
+	if assert.NoError(t, err, "CreateD1Database returned error: %v", err) {
+		if !assert.Equal(t, testD1Database, actual) {
+			t.Errorf("CreateD1Database returned %+v, expected %+v", actual, testD1Database)
+		}
+	}
+}
+
+func TestDeleteD1Database(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	})
+
+	err := client.DeleteD1Database(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err, "Didn't get error for missing Account ID get deleting D1 Database") {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+	err = client.DeleteD1Database(context.Background(), testAccountRC, testD1DatabaseID)
+	assert.NoError(t, err, "DeleteD1Database returned error: %v", err)
+}
+
+func TestQueryD1Database(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID+"/query", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		if err != nil {
+			t.Errorf("Error reading request body: %v", err)
+		}
+		if got := string(b); got != `{"sql":"SELECT * FROM my-database","params":["param1","param2"]}` {
+			t.Errorf("request Body is %s, want %s", got, `{"sql":"SELECT * FROM my-database","params":["param1","param2"]}`)
+		}
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"success": true,
+					"meta": {
+						"changed_db": false,
+						"changes": 0,
+						"duration": 3.3,
+						"last_row_id": 3,
+						"rows_read": 3,
+						"rows_written": 0,
+						"size_after": 10
+					},
+					"results": [
+						{
+							"id": 1,
+							"name": "test user"
+						},
+						{
+							"id": 2,
+							"name": "test user 2"
+						}
+					]
+				}
+			]
+		}`)
+	})
+
+	_, err := client.QueryD1Database(context.Background(), AccountIdentifier(""), QueryD1DatabaseParams{})
+	if assert.Error(t, err, "Didn't get error for missing Account ID get querying D1 Database") {
+		assert.Equal(t, err, ErrMissingAccountID)
+	}
+	_, err = client.QueryD1Database(context.Background(), testAccountRC, QueryD1DatabaseParams{})
+	if assert.Error(t, err, "Didn't get error for missing D1 Database ID get querying D1 Database") {
+		assert.Equal(t, err, ErrMissingDatabaseID)
+	}
+	actual, err := client.QueryD1Database(context.Background(), testAccountRC, QueryD1DatabaseParams{
+		DatabaseID: testD1DatabaseID,
+		SQL:        "SELECT * FROM my-database",
+		Parameters: []string{"param1", "param2"},
+	})
+	if assert.NoError(t, err, "QueryD1Database returned error: %v", err) {
+		expected := D1Result{
+			Success: BoolPtr(true),
+			Meta: D1DatabaseMetadata{
+				ChangedDB:   BoolPtr(false),
+				Changes:     0,
+				Duration:    3.3,
+				LastRowID:   3,
+				RowsRead:    3,
+				RowsWritten: 0,
+				SizeAfter:   10,
+			},
+			Results: []map[string]any{
+				{
+					"id":   float64(1),
+					"name": "test user",
+				},
+				{
+					"id":   float64(2),
+					"name": "test user 2",
+				},
+			},
+		}
+		if !assert.Equal(t, expected, actual[0]) {
+			t.Errorf("QueryD1Database returned %+v, expected %+v", actual, expected)
+		}
+	}
+}
diff --git a/pkg/cloudflare-go/dcv_delegation.go b/pkg/cloudflare-go/dcv_delegation.go
new file mode 100644
index 0000000000..db66db2736
--- /dev/null
+++ b/pkg/cloudflare-go/dcv_delegation.go
@@ -0,0 +1,41 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type DCVDelegation struct {
+	UUID string `json:"uuid"`
+}
+
+// DCVDelegationResponse represents the response from the dcv_delegation/uuid endpoint.
+type DCVDelegationResponse struct {
+	Result DCVDelegation `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type GetDCVDelegationParams struct{}
+
+// GetDCVDelegation gets a zone DCV Delegation UUID.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/dcv-delegation-uuid-get
+func (api *API) GetDCVDelegation(ctx context.Context, rc *ResourceContainer, params GetDCVDelegationParams) (DCVDelegation, ResultInfo, error) {
+	uri := fmt.Sprintf("/zones/%s/dcv_delegation/uuid", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DCVDelegation{}, ResultInfo{}, err
+	}
+	var dcvResponse DCVDelegationResponse
+	err = json.Unmarshal(res, &dcvResponse)
+	if err != nil {
+		return DCVDelegation{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dcvResponse.Result, dcvResponse.ResultInfo, nil
+}
diff --git a/pkg/cloudflare-go/dcv_delegation_test.go b/pkg/cloudflare-go/dcv_delegation_test.go
new file mode 100644
index 0000000000..a7a0350b23
--- /dev/null
+++ b/pkg/cloudflare-go/dcv_delegation_test.go
@@ -0,0 +1,43 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetDCVDelegation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	testUuid := "b9ab465427f949ed"
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	"success" : true,
+	"errors": [],
+	"messages": [],
+	"result": {
+		"uuid": "%s"
+	}
+}
+		`, testUuid)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dcv_delegation/uuid", handler)
+
+	want := DCVDelegation{
+		UUID: testUuid,
+	}
+
+	actual, _, err := client.GetDCVDelegation(context.Background(), ZoneIdentifier(testZoneID), GetDCVDelegationParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/device_posture_rule.go b/pkg/cloudflare-go/device_posture_rule.go
new file mode 100644
index 0000000000..4768b77048
--- /dev/null
+++ b/pkg/cloudflare-go/device_posture_rule.go
@@ -0,0 +1,331 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// DevicePostureIntegrationConfig contains authentication information
+// for a device posture integration.
+type DevicePostureIntegrationConfig struct {
+	ClientID           string `json:"client_id,omitempty"`
+	ClientSecret       string `json:"client_secret,omitempty"`
+	AuthUrl            string `json:"auth_url,omitempty"`
+	ApiUrl             string `json:"api_url,omitempty"`
+	ClientKey          string `json:"client_key,omitempty"`
+	CustomerID         string `json:"customer_id,omitempty"`
+	AccessClientID     string `json:"access_client_id,omitempty"`
+	AccessClientSecret string `json:"access_client_secret,omitempty"`
+}
+
+// DevicePostureIntegration represents a device posture integration.
+type DevicePostureIntegration struct {
+	IntegrationID string                         `json:"id,omitempty"`
+	Name          string                         `json:"name,omitempty"`
+	Type          string                         `json:"type,omitempty"`
+	Interval      string                         `json:"interval,omitempty"`
+	Config        DevicePostureIntegrationConfig `json:"config,omitempty"`
+}
+
+// DevicePostureIntegrationResponse represents the response from the get
+// device posture integrations endpoint.
+type DevicePostureIntegrationResponse struct {
+	Result DevicePostureIntegration `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// DevicePostureIntegrationListResponse represents the response from the list
+// device posture integrations endpoint.
+type DevicePostureIntegrationListResponse struct {
+	Result []DevicePostureIntegration `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// CreateDevicePostureIntegration creates a device posture integration within an account.
+//
+// API reference: https://api.cloudflare.com/#device-posture-integrations-create-device-posture-integration
+func (api *API) CreateDevicePostureIntegration(ctx context.Context, accountID string, integration DevicePostureIntegration) (DevicePostureIntegration, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture/integration", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, integration)
+	if err != nil {
+		fmt.Printf("err:%+v res:%+v\n", err, res)
+		return DevicePostureIntegration{}, err
+	}
+
+	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
+	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
+	if err != nil {
+		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureIntegrationResponse.Result, nil
+}
+
+// UpdateDevicePostureIntegration updates a device posture integration within an account.
+//
+// API reference: https://api.cloudflare.com/#device-posture-integrations-update-device-posture-integration
+func (api *API) UpdateDevicePostureIntegration(ctx context.Context, accountID string, integration DevicePostureIntegration) (DevicePostureIntegration, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture/integration/%s", AccountRouteRoot, accountID, integration.IntegrationID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, integration)
+	if err != nil {
+		return DevicePostureIntegration{}, err
+	}
+
+	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
+	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
+	if err != nil {
+		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureIntegrationResponse.Result, nil
+}
+
+// DevicePostureIntegration returns a specific device posture integrations within an account.
+//
+// API reference: https://api.cloudflare.com/#device-posture-integrations-device-posture-integration-details
+func (api *API) DevicePostureIntegration(ctx context.Context, accountID, integrationID string) (DevicePostureIntegration, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture/integration/%s", AccountRouteRoot, accountID, integrationID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DevicePostureIntegration{}, err
+	}
+
+	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
+	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
+	if err != nil {
+		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureIntegrationResponse.Result, nil
+}
+
+// DevicePostureIntegrations returns all device posture integrations within an account.
+//
+// API reference: https://api.cloudflare.com/#device-posture-integrations-list-device-posture-integrations
+func (api *API) DevicePostureIntegrations(ctx context.Context, accountID string) ([]DevicePostureIntegration, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture/integration", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DevicePostureIntegration{}, ResultInfo{}, err
+	}
+
+	var devicePostureIntegrationListResponse DevicePostureIntegrationListResponse
+	err = json.Unmarshal(res, &devicePostureIntegrationListResponse)
+	if err != nil {
+		return []DevicePostureIntegration{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureIntegrationListResponse.Result, devicePostureIntegrationListResponse.ResultInfo, nil
+}
+
+// DeleteDevicePostureIntegration deletes a device posture integration.
+//
+// API reference: https://api.cloudflare.com/#device-posture-integrations-delete-device-posture-integration
+func (api *API) DeleteDevicePostureIntegration(ctx context.Context, accountID, ruleID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/devices/posture/integration/%s",
+		AccountRouteRoot,
+		accountID,
+		ruleID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DevicePostureRule represents a device posture rule.
+type DevicePostureRule struct {
+	ID          string                   `json:"id,omitempty"`
+	Type        string                   `json:"type"`
+	Name        string                   `json:"name"`
+	Description string                   `json:"description,omitempty"`
+	Schedule    string                   `json:"schedule,omitempty"`
+	Match       []DevicePostureRuleMatch `json:"match,omitempty"`
+	Input       DevicePostureRuleInput   `json:"input,omitempty"`
+	Expiration  string                   `json:"expiration,omitempty"`
+}
+
+// DevicePostureRuleMatch represents the conditions that the client must match to run the rule.
+type DevicePostureRuleMatch struct {
+	Platform string `json:"platform,omitempty"`
+}
+
+// DevicePostureRuleInput represents the value to be checked against.
+type DevicePostureRuleInput struct {
+	ID               string   `json:"id,omitempty"`
+	Path             string   `json:"path,omitempty"`
+	Exists           bool     `json:"exists,omitempty"`
+	Thumbprint       string   `json:"thumbprint,omitempty"`
+	Sha256           string   `json:"sha256,omitempty"`
+	Running          bool     `json:"running,omitempty"`
+	RequireAll       bool     `json:"requireAll,omitempty"`
+	CheckDisks       []string `json:"checkDisks,omitempty"`
+	Enabled          bool     `json:"enabled,omitempty"`
+	Version          string   `json:"version,omitempty"`
+	VersionOperator  string   `json:"versionOperator,omitempty"`
+	Overall          string   `json:"overall,omitempty"`
+	SensorConfig     string   `json:"sensor_config,omitempty"`
+	Os               string   `json:"os,omitempty"`
+	OsDistroName     string   `json:"os_distro_name,omitempty"`
+	OsDistroRevision string   `json:"os_distro_revision,omitempty"`
+	OSVersionExtra   string   `json:"os_version_extra,omitempty"`
+	Operator         string   `json:"operator,omitempty"`
+	Domain           string   `json:"domain,omitempty"`
+	ComplianceStatus string   `json:"compliance_status,omitempty"`
+	ConnectionID     string   `json:"connection_id,omitempty"`
+	IssueCount       string   `json:"issue_count,omitempty"`
+	CountOperator    string   `json:"countOperator,omitempty"`
+	TotalScore       int      `json:"total_score,omitempty"`
+	ScoreOperator    string   `json:"scoreOperator,omitempty"`
+	CertificateID    string   `json:"certificate_id,omitempty"`
+	CommonName       string   `json:"cn,omitempty"`
+	ActiveThreats    int      `json:"active_threats,omitempty"`
+	NetworkStatus    string   `json:"network_status,omitempty"`
+	Infected         bool     `json:"infected,omitempty"`
+	IsActive         bool     `json:"is_active,omitempty"`
+	EidLastSeen      string   `json:"eid_last_seen,omitempty"`
+	RiskLevel        string   `json:"risk_level,omitempty"`
+	State            string   `json:"state,omitempty"`
+	LastSeen         string   `json:"last_seen,omitempty"`
+}
+
+// DevicePostureRuleListResponse represents the response from the list
+// device posture rules endpoint.
+type DevicePostureRuleListResponse struct {
+	Result []DevicePostureRule `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// DevicePostureRuleDetailResponse is the API response, containing a single
+// device posture rule.
+type DevicePostureRuleDetailResponse struct {
+	Response
+	Result DevicePostureRule `json:"result"`
+}
+
+// DevicePostureRules returns all device posture rules within an account.
+//
+// API reference: https://api.cloudflare.com/#device-posture-rules-list-device-posture-rules
+func (api *API) DevicePostureRules(ctx context.Context, accountID string) ([]DevicePostureRule, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DevicePostureRule{}, ResultInfo{}, err
+	}
+
+	var devicePostureRuleListResponse DevicePostureRuleListResponse
+	err = json.Unmarshal(res, &devicePostureRuleListResponse)
+	if err != nil {
+		return []DevicePostureRule{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureRuleListResponse.Result, devicePostureRuleListResponse.ResultInfo, nil
+}
+
+// DevicePostureRule returns a single device posture rule based on the rule ID.
+//
+// API reference: https://api.cloudflare.com/#device-posture-rules-device-posture-rules-details
+func (api *API) DevicePostureRule(ctx context.Context, accountID, ruleID string) (DevicePostureRule, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/devices/posture/%s",
+		AccountRouteRoot,
+		accountID,
+		ruleID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DevicePostureRule{}, err
+	}
+
+	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
+	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
+	if err != nil {
+		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureRuleDetailResponse.Result, nil
+}
+
+// CreateDevicePostureRule creates a new device posture rule.
+//
+// API reference: https://api.cloudflare.com/#device-posture-rules-create-device-posture-rule
+func (api *API) CreateDevicePostureRule(ctx context.Context, accountID string, rule DevicePostureRule) (DevicePostureRule, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/posture", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
+	if err != nil {
+		return DevicePostureRule{}, err
+	}
+
+	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
+	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
+	if err != nil {
+		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureRuleDetailResponse.Result, nil
+}
+
+// UpdateDevicePostureRule updates an existing device posture rule.
+//
+// API reference: https://api.cloudflare.com/#device-posture-rules-update-device-posture-rule
+func (api *API) UpdateDevicePostureRule(ctx context.Context, accountID string, rule DevicePostureRule) (DevicePostureRule, error) {
+	if rule.ID == "" {
+		return DevicePostureRule{}, fmt.Errorf("device posture rule ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/devices/posture/%s",
+		AccountRouteRoot,
+		accountID,
+		rule.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
+	if err != nil {
+		return DevicePostureRule{}, err
+	}
+
+	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
+	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
+	if err != nil {
+		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return devicePostureRuleDetailResponse.Result, nil
+}
+
+// DeleteDevicePostureRule deletes a device posture rule.
+//
+// API reference: https://api.cloudflare.com/#device-posture-rules-delete-device-posture-rule
+func (api *API) DeleteDevicePostureRule(ctx context.Context, accountID, ruleID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/devices/posture/%s",
+		AccountRouteRoot,
+		accountID,
+		ruleID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/device_posture_rule_test.go b/pkg/cloudflare-go/device_posture_rule_test.go
new file mode 100644
index 0000000000..b9b72b2b82
--- /dev/null
+++ b/pkg/cloudflare-go/device_posture_rule_test.go
@@ -0,0 +1,788 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDevicePostureIntegrations(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+					"interval": "1h",
+					"type": "workspace_one",
+					"name": "My integration name",
+					"config": {
+						"auth_url":      "https://auth_url.example.com",
+						"api_url":       "https://api_url.example.com",
+						"client_id":     "test_client_id",
+						"client_secret": "test_client_secret",
+						"customer_id":   "test_customer_id",
+						"client_key": 	 "test_client_key"
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	want := []DevicePostureIntegration{{
+		IntegrationID: "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:          "My integration name",
+		Type:          "workspace_one",
+		Interval:      "1h",
+		Config: DevicePostureIntegrationConfig{
+			AuthUrl:      "https://auth_url.example.com",
+			ApiUrl:       "https://api_url.example.com",
+			ClientID:     "test_client_id",
+			ClientSecret: "test_client_secret",
+			CustomerID:   "test_customer_id",
+			ClientKey:    "test_client_key",
+		},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
+
+	actual, _, err := client.DevicePostureIntegrations(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureIntegration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"interval": "1h",
+				"type": "workspace_one",
+				"name": "My integration name",
+				"config": {
+					"auth_url":      "https://auth_url.example.com",
+					"api_url":       "https://api_url.example.com",
+					"client_id":     "test_client_id",
+					"client_secret": "test_client_secret",
+					"customer_id":   "test_customer_id",
+					"client_key": 	 "test_client_key"
+				}
+			}
+		}`, id)
+	}
+
+	want := DevicePostureIntegration{
+		IntegrationID: id,
+		Name:          "My integration name",
+		Type:          "workspace_one",
+		Interval:      "1h",
+		Config: DevicePostureIntegrationConfig{
+			AuthUrl:      "https://auth_url.example.com",
+			ApiUrl:       "https://api_url.example.com",
+			ClientID:     "test_client_id",
+			ClientSecret: "test_client_secret",
+			CustomerID:   "test_customer_id",
+			ClientKey:    "test_client_key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
+
+	actual, err := client.DevicePostureIntegration(context.Background(), testAccountID, id)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureIntegrationUpdate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"interval": "1h",
+				"type": "workspace_one",
+				"name": "My integration name",
+				"config": {
+					"auth_url":      "https://auth_url.example.com",
+					"api_url":       "https://api_url.example.com",
+					"client_id":     "test_client_id",
+					"client_secret": "test_client_secret",
+					"customer_id":   "test_customer_id",
+					"client_key": 	 "test_client_key"
+				}
+			}
+		}`, id)
+	}
+
+	want := DevicePostureIntegration{
+		IntegrationID: id,
+		Name:          "My integration name",
+		Type:          "workspace_one",
+		Interval:      "1h",
+		Config: DevicePostureIntegrationConfig{
+			AuthUrl:      "https://auth_url.example.com",
+			ApiUrl:       "https://api_url.example.com",
+			ClientID:     "test_client_id",
+			ClientSecret: "test_client_secret",
+			CustomerID:   "test_customer_id",
+			ClientKey:    "test_client_key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
+
+	actual, err := client.UpdateDevicePostureIntegration(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureIntegrationCreate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"interval": "1h",
+				"type": "workspace_one",
+				"name": "My integration name",
+				"config": {
+					"auth_url":      "https://auth_url.example.com",
+					"api_url":       "https://api_url.example.com",
+					"client_id":     "test_client_id",
+					"client_secret": "test_client_secret",
+					"customer_id":   "test_customer_id",
+					"client_key": 	 "test_client_key"
+				}
+			}
+		}`, id)
+	}
+
+	want := DevicePostureIntegration{
+		IntegrationID: id,
+		Name:          "My integration name",
+		Type:          "workspace_one",
+		Interval:      "1h",
+		Config: DevicePostureIntegrationConfig{
+			AuthUrl:      "https://auth_url.example.com",
+			ApiUrl:       "https://api_url.example.com",
+			ClientID:     "test_client_id",
+			ClientSecret: "test_client_secret",
+			CustomerID:   "test_customer_id",
+			ClientKey:    "test_client_key",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
+
+	actual, err := client.CreateDevicePostureIntegration(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureIntegrationTaniumCreate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"interval": "1h",
+				"type": "tanium_s2s",
+				"name": "My Tanium integration",
+				"config": {
+					"api_url":              "https://api_url.example.com",
+					"client_secret":        "test_client_secret",
+					"access_client_id":     "test_access_client_id",
+					"access_client_secret": "test_access_client_secret"
+				}
+			}
+		}`, id)
+	}
+
+	want := DevicePostureIntegration{
+		IntegrationID: id,
+		Name:          "My Tanium integration",
+		Type:          "tanium_s2s",
+		Interval:      "1h",
+		Config: DevicePostureIntegrationConfig{
+			ApiUrl:             "https://api_url.example.com",
+			ClientSecret:       "test_client_secret",
+			AccessClientID:     "test_access_client_id",
+			AccessClientSecret: "test_access_client_secret",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
+
+	actual, err := client.CreateDevicePostureIntegration(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureIntegrationDelete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": null
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
+
+	err := client.DeleteDevicePostureIntegration(context.Background(), testAccountID, id)
+	assert.NoError(t, err)
+}
+
+func TestDevicePostureRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+					"schedule": "1h",
+					"type": "file",
+					"name": "My rule name",
+					"description": "My description",
+					"expiration": "1h",
+					"match": [
+						{
+							"platform": "ios"
+						}
+					],
+					"input": {
+						"id": "9e597887-345e-4a32-a09c-68811b129768",
+						"path": "/tmp/data.zta",
+						"exists": true,
+						"thumbprint": "asdfasdfasdfasdf",
+						"sha256": "D75398FC796D659DEB4170569DCFEC63E3897C71E3AE8642FD3139A554AEE21E",
+						"running": true
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	want := []DevicePostureRule{{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "file",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input: DevicePostureRuleInput{
+			ID:         "9e597887-345e-4a32-a09c-68811b129768",
+			Path:       "/tmp/data.zta",
+			Exists:     true,
+			Thumbprint: "asdfasdfasdfasdf",
+			Sha256:     "D75398FC796D659DEB4170569DCFEC63E3897C71E3AE8642FD3139A554AEE21E",
+			Running:    true,
+		},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture", handler)
+
+	actual, _, err := client.DevicePostureRules(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureFileRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "file",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"path": "/tmp/test",
+					"exists": true,
+					"sha256": "42b4daec3962691f5893a966245e5ea30f9f8df7254e7b7af43a171e3e29c857"
+				}
+			}
+		}
+		`)
+	}
+
+	want := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "file",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input: DevicePostureRuleInput{
+			Path:   "/tmp/test",
+			Exists: true,
+			Sha256: "42b4daec3962691f5893a966245e5ea30f9f8df7254e7b7af43a171e3e29c857",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureDiskEncryptionRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "disk_encryption",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"requireAll": true,
+					"checkDisks": ["C", "D"]
+				}
+			}
+		}
+		`)
+	}
+
+	want := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "disk_encryption",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input: DevicePostureRuleInput{
+			RequireAll: true,
+			CheckDisks: []string{"C", "D"},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureOsVersionRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "os_version",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"version": "10.0.1",
+					"operator": ">="
+				}
+			}
+		}
+		`)
+	}
+
+	want := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "os_version",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input: DevicePostureRuleInput{
+			Version:  "10.0.1",
+			Operator: ">=",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureDomainJoinedRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "domain_joined",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"domain": "example.com"
+				}
+			}
+		}
+		`)
+	}
+
+	want := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "domain_joined",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input: DevicePostureRuleInput{
+			Domain: "example.com",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDevicePostureClientCertificateRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "client_certificate",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "windows"
+					}
+				],
+				"input": {
+					"certificate_id": "d2c04b78-3ba2-4294-8efa-4e85aef0777f",
+					"cn": "example.com"
+				}
+			}
+		}
+		`)
+	}
+
+	want := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "client_certificate",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "windows"}},
+		Input: DevicePostureRuleInput{
+			CertificateID: "d2c04b78-3ba2-4294-8efa-4e85aef0777f",
+			CommonName:    "example.com",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateDevicePostureRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "file",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"id": "9e597887-345e-4a32-a09c-68811b129768"
+				}
+			}
+		}
+		`)
+	}
+
+	rule := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "file",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture", handler)
+
+	actual, err := client.CreateDevicePostureRule(context.Background(), testAccountID, DevicePostureRule{
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "file",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, rule, actual)
+	}
+}
+
+func TestUpdateDevicePostureRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"schedule": "1h",
+				"expiration": "1h",
+				"type": "file",
+				"name": "My rule name",
+				"description": "My description",
+				"match": [
+					{
+						"platform": "ios"
+					}
+				],
+				"input": {
+					"id": "9e597887-345e-4a32-a09c-68811b129768"
+				}
+			}
+		}
+		`)
+	}
+
+	rule := DevicePostureRule{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My rule name",
+		Description: "My description",
+		Type:        "file",
+		Schedule:    "1h",
+		Expiration:  "1h",
+		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
+		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.UpdateDevicePostureRule(context.Background(), testAccountID, rule)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, rule, actual)
+	}
+}
+
+func TestUpdateDevicePostureRuleWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateDevicePostureRule(context.Background(), testZoneID, DevicePostureRule{})
+	assert.EqualError(t, err, "device posture rule ID cannot be empty")
+}
+
+func TestDeleteDevicePostureRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+      }
+    }
+    `)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err := client.DeleteDevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/devices_dex.go b/pkg/cloudflare-go/devices_dex.go
new file mode 100644
index 0000000000..4c9ef5070e
--- /dev/null
+++ b/pkg/cloudflare-go/devices_dex.go
@@ -0,0 +1,174 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type DeviceDexTestData map[string]interface{}
+
+type DeviceDexTest struct {
+	TestID      string             `json:"test_id"`
+	Name        string             `json:"name"`
+	Description string             `json:"description,omitempty"`
+	Interval    string             `json:"interval"`
+	Enabled     bool               `json:"enabled"`
+	Updated     time.Time          `json:"updated"`
+	Created     time.Time          `json:"created"`
+	Data        *DeviceDexTestData `json:"data"`
+}
+
+type DeviceDexTests struct {
+	DexTests []DeviceDexTest `json:"dex_tests"`
+}
+
+type DeviceDexTestResponse struct {
+	Response
+	Result DeviceDexTest `json:"result"`
+}
+
+type DeviceDexTestListResponse struct {
+	Response
+	Result DeviceDexTests `json:"result"`
+}
+
+type ListDeviceDexTestParams struct{}
+
+type CreateDeviceDexTestParams struct {
+	TestID      string             `json:"test_id,omitempty"`
+	Name        string             `json:"name"`
+	Description string             `json:"description,omitempty"`
+	Interval    string             `json:"interval"`
+	Enabled     bool               `json:"enabled"`
+	Data        *DeviceDexTestData `json:"data"`
+}
+
+type UpdateDeviceDexTestParams struct {
+	TestID      string             `json:"test_id,omitempty"`
+	Name        string             `json:"name"`
+	Description string             `json:"description,omitempty"`
+	Interval    string             `json:"interval"`
+	Enabled     bool               `json:"enabled"`
+	Data        *DeviceDexTestData `json:"data"`
+}
+
+// ListDexTests returns all Device Dex Tests for a given account.
+//
+// API reference : https://developers.cloudflare.com/api/operations/device-dex-test-details
+func (api *API) ListDexTests(ctx context.Context, rc *ResourceContainer, params ListDeviceDexTestParams) (DeviceDexTests, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceDexTests{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/dex_tests", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DeviceDexTests{}, err
+	}
+
+	var response DeviceDexTestListResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return DeviceDexTests{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// CreateDeviceDexTest created a new Device Dex Test
+//
+// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-create-device-dex-test
+func (api *API) CreateDeviceDexTest(ctx context.Context, rc *ResourceContainer, params CreateDeviceDexTestParams) (DeviceDexTest, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/dex_tests", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return DeviceDexTest{}, err
+	}
+
+	var deviceDexTestResponse DeviceDexTestResponse
+	if err := json.Unmarshal(res, &deviceDexTestResponse); err != nil {
+		return DeviceDexTest{}, fmt.Errorf("%s: %w\n\nres: %s", errUnmarshalError, err, string(res))
+	}
+
+	return deviceDexTestResponse.Result, err
+}
+
+// UpdateDeviceDexTest Updates a Device Dex Test.
+//
+// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-update-device-dex-test
+func (api *API) UpdateDeviceDexTest(ctx context.Context, rc *ResourceContainer, params UpdateDeviceDexTestParams) (DeviceDexTest, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, params.TestID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return DeviceDexTest{}, err
+	}
+
+	var deviceDexTestsResponse DeviceDexTestResponse
+
+	if err := json.Unmarshal(res, &deviceDexTestsResponse); err != nil {
+		return DeviceDexTest{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return deviceDexTestsResponse.Result, err
+}
+
+// GetDeviceDexTest gets a single Device Dex Test.
+//
+// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-get-device-dex-test
+func (api *API) GetDeviceDexTest(ctx context.Context, rc *ResourceContainer, testID string) (DeviceDexTest, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, testID)
+
+	deviceDexTestResponse := DeviceDexTestResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DeviceDexTest{}, err
+	}
+
+	if err := json.Unmarshal(res, &deviceDexTestResponse); err != nil {
+		return DeviceDexTest{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return deviceDexTestResponse.Result, err
+}
+
+// DeleteDexTest deletes a Device Dex Test.
+//
+// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-delete-device-dex-test
+func (api *API) DeleteDexTest(ctx context.Context, rc *ResourceContainer, testID string) (DeviceDexTests, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceDexTests{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, testID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return DeviceDexTests{}, err
+	}
+
+	var response DeviceDexTestListResponse
+	if err := json.Unmarshal(res, &response); err != nil {
+		return DeviceDexTests{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, err
+}
diff --git a/pkg/cloudflare-go/devices_dex_test.go b/pkg/cloudflare-go/devices_dex_test.go
new file mode 100644
index 0000000000..f5901f7916
--- /dev/null
+++ b/pkg/cloudflare-go/devices_dex_test.go
@@ -0,0 +1,283 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testID = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+
+var dexTimestamp, _ = time.Parse(time.RFC3339, "2023-01-30T19:59:44.401278Z")
+
+func TestGetDeviceDexTests(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"dex_tests": [
+					{
+						"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+						"name": "http test dash",
+						"description": "dex test description",
+						"interval": "0h30m0s",
+						"enabled": true,
+						"data": {
+						"host": "https://dash.cloudflare.com",
+						"kind": "http",
+						"method": "GET"
+						},
+						"updated": "2023-01-30T19:59:44.401278Z",
+						"created": "2023-01-30T19:59:44.401278Z"
+					}
+				]
+			}
+		  }`)
+	}
+
+	dexTest := []DeviceDexTest{{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+		Updated: dexTimestamp,
+		Created: dexTimestamp,
+	}}
+
+	want := DeviceDexTests{
+		DexTests: dexTest,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests", handler)
+
+	actual, err := client.ListDexTests(context.Background(), AccountIdentifier(testAccountID), ListDeviceDexTestParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeviceDexTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "http test dash",
+				"description": "dex test description",
+				"interval": "0h30m0s",
+				"enabled": true,
+				"data": {
+				"host": "https://dash.cloudflare.com",
+				"kind": "http",
+				"method": "GET"
+				},
+				"updated": "2023-01-30T19:59:44.401278Z",
+				"created": "2023-01-30T19:59:44.401278Z"
+			}
+		  }`)
+	}
+
+	want := DeviceDexTest{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+		Updated: dexTimestamp,
+		Created: dexTimestamp,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
+
+	actual, err := client.GetDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), testID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateDeviceDexTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "http test dash",
+				"description": "dex test description",
+				"interval": "0h30m0s",
+				"enabled": true,
+				"data": {
+				"host": "https://dash.cloudflare.com",
+				"kind": "http",
+				"method": "GET"
+				},
+				"updated": "2023-01-30T19:59:44.401278Z",
+				"created": "2023-01-30T19:59:44.401278Z"
+			}
+		  }`)
+	}
+
+	want := DeviceDexTest{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+		Updated: dexTimestamp,
+		Created: dexTimestamp,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests", handler)
+
+	actual, err := client.CreateDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), CreateDeviceDexTestParams{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateDeviceDexTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"name": "http test dash",
+				"description": "dex test description",
+				"interval": "0h30m0s",
+				"enabled": true,
+				"data": {
+				"host": "https://dash.cloudflare.com",
+				"kind": "http",
+				"method": "GET"
+				},
+				"updated": "2023-01-30T19:59:44.401278Z",
+				"created": "2023-01-30T19:59:44.401278Z"
+			}
+		  }`)
+	}
+
+	want := DeviceDexTest{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+		Updated: dexTimestamp,
+		Created: dexTimestamp,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
+
+	actual, err := client.UpdateDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceDexTestParams{
+		TestID:      testID,
+		Name:        "http test dash",
+		Description: "dex test description",
+		Interval:    "0h30m0s",
+		Enabled:     true,
+		Data: &DeviceDexTestData{
+			"kind":   "http",
+			"method": "GET",
+			"host":   "https://dash.cloudflare.com",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteDeviceDexTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"dex_tests": []
+			}
+		  }`)
+	}
+
+	want := DeviceDexTests{
+		DexTests: []DeviceDexTest{},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
+
+	actual, err := client.DeleteDexTest(context.Background(), AccountIdentifier(testAccountID), testID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/devices_managed_networks.go b/pkg/cloudflare-go/devices_managed_networks.go
new file mode 100644
index 0000000000..11fc7ea10a
--- /dev/null
+++ b/pkg/cloudflare-go/devices_managed_networks.go
@@ -0,0 +1,165 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type Config struct {
+	TlsSockAddr string `json:"tls_sockaddr,omitempty"`
+	Sha256      string `json:"sha256,omitempty"`
+}
+
+type DeviceManagedNetwork struct {
+	NetworkID string  `json:"network_id,omitempty"`
+	Type      string  `json:"type"`
+	Name      string  `json:"name"`
+	Config    *Config `json:"config"`
+}
+
+type DeviceManagedNetworkResponse struct {
+	Response
+	Result DeviceManagedNetwork `json:"result"`
+}
+
+type DeviceManagedNetworkListResponse struct {
+	Response
+	Result []DeviceManagedNetwork `json:"result"`
+}
+
+type ListDeviceManagedNetworksParams struct{}
+
+type CreateDeviceManagedNetworkParams struct {
+	NetworkID string  `json:"network_id,omitempty"`
+	Type      string  `json:"type"`
+	Name      string  `json:"name"`
+	Config    *Config `json:"config"`
+}
+
+type UpdateDeviceManagedNetworkParams struct {
+	NetworkID string  `json:"network_id,omitempty"`
+	Type      string  `json:"type"`
+	Name      string  `json:"name"`
+	Config    *Config `json:"config"`
+}
+
+// ListDeviceManagedNetwork returns all Device Managed Networks for a given
+// account.
+//
+// API reference : https://api.cloudflare.com/#device-managed-networks-list-device-managed-networks
+func (api *API) ListDeviceManagedNetworks(ctx context.Context, rc *ResourceContainer, params ListDeviceManagedNetworksParams) ([]DeviceManagedNetwork, error) {
+	if rc.Level != AccountRouteLevel {
+		return []DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/networks", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DeviceManagedNetwork{}, err
+	}
+
+	var response DeviceManagedNetworkListResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return []DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// CreateDeviceManagedNetwork creates a new Device Managed Network.
+//
+// API reference: https://api.cloudflare.com/#device-managed-networks-create-device-managed-network
+func (api *API) CreateDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, params CreateDeviceManagedNetworkParams) (DeviceManagedNetwork, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/networks", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return DeviceManagedNetwork{}, err
+	}
+
+	var deviceManagedNetworksResponse DeviceManagedNetworkResponse
+	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
+		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return deviceManagedNetworksResponse.Result, err
+}
+
+// UpdateDeviceManagedNetwork Update a Device Managed Network.
+//
+// API reference: https://api.cloudflare.com/#device-managed-networks-update-device-managed-network
+func (api *API) UpdateDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, params UpdateDeviceManagedNetworkParams) (DeviceManagedNetwork, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, params.NetworkID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return DeviceManagedNetwork{}, err
+	}
+
+	var deviceManagedNetworksResponse DeviceManagedNetworkResponse
+
+	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
+		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return deviceManagedNetworksResponse.Result, err
+}
+
+// GetDeviceManagedNetwork gets a single Device Managed Network.
+//
+// API reference: https://api.cloudflare.com/#device-managed-networks-device-managed-network-details
+func (api *API) GetDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, networkID string) (DeviceManagedNetwork, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, networkID)
+
+	deviceManagedNetworksResponse := DeviceManagedNetworkResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DeviceManagedNetwork{}, err
+	}
+
+	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
+		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return deviceManagedNetworksResponse.Result, err
+}
+
+// DeleteManagedNetworks deletes a Device Managed Network.
+//
+// API reference: https://api.cloudflare.com/#device-managed-networks-delete-device-managed-network
+func (api *API) DeleteManagedNetworks(ctx context.Context, rc *ResourceContainer, networkID string) ([]DeviceManagedNetwork, error) {
+	if rc.Level != AccountRouteLevel {
+		return []DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, networkID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return []DeviceManagedNetwork{}, err
+	}
+
+	var response DeviceManagedNetworkListResponse
+	if err := json.Unmarshal(res, &response); err != nil {
+		return []DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, err
+}
diff --git a/pkg/cloudflare-go/devices_managed_networks_test.go b/pkg/cloudflare-go/devices_managed_networks_test.go
new file mode 100644
index 0000000000..c62c7c6792
--- /dev/null
+++ b/pkg/cloudflare-go/devices_managed_networks_test.go
@@ -0,0 +1,245 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testNetworkID = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+
+func TestGetDeviceManagedNetworks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"type": "tls",
+				"name": "managed-network-1",
+				"config": {
+				  "tls_sockaddr": "foobar:1234",
+				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+				}
+			  }
+			]
+		  }`)
+	}
+
+	want := []DeviceManagedNetwork{{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks", handler)
+
+	actual, err := client.ListDeviceManagedNetworks(context.Background(), AccountIdentifier(testAccountID), ListDeviceManagedNetworksParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeviceManagedNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result":
+			  {
+				"network_id": "%s",
+				"type": "tls",
+				"name": "managed-network-1",
+				"config": {
+				  "tls_sockaddr": "foobar:1234",
+				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+				}
+			  }
+		  }`, testNetworkID)
+	}
+
+	want := DeviceManagedNetwork{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
+
+	actual, err := client.GetDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), testNetworkID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateDeviceManagedNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result":
+			  {
+				"network_id": "%s",
+				"type": "tls",
+				"name": "managed-network-1",
+				"config": {
+				  "tls_sockaddr": "foobar:1234",
+				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+				}
+			  }
+		  }`, testNetworkID)
+	}
+
+	want := DeviceManagedNetwork{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks", handler)
+
+	actual, err := client.CreateDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), CreateDeviceManagedNetworkParams{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateDeviceManagedNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result":
+			  {
+				"network_id": "%s",
+				"type": "tls",
+				"name": "managed-network-1",
+				"config": {
+				  "tls_sockaddr": "foobar:1234",
+				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+				}
+			  }
+		  }`, testNetworkID)
+	}
+
+	want := DeviceManagedNetwork{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
+
+	actual, err := client.UpdateDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceManagedNetworkParams{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteDeviceManagedNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				"network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+				"type": "tls",
+				"name": "managed-network-1",
+				"config": {
+				  "tls_sockaddr": "foobar:1234",
+				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
+				}
+			  }
+			]
+		  }`)
+	}
+
+	want := []DeviceManagedNetwork{{
+		NetworkID: testNetworkID,
+		Type:      "tls",
+		Name:      "managed-network-1",
+		Config: &Config{
+			TlsSockAddr: "foobar:1234",
+			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
+		},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
+
+	actual, err := client.DeleteManagedNetworks(context.Background(), AccountIdentifier(testAccountID), testNetworkID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/devices_policy.go b/pkg/cloudflare-go/devices_policy.go
new file mode 100644
index 0000000000..1a8b03b9d5
--- /dev/null
+++ b/pkg/cloudflare-go/devices_policy.go
@@ -0,0 +1,377 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type Enabled struct {
+	Enabled bool `json:"enabled"`
+}
+
+// DeviceClientCertificates identifies if the zero trust zone is configured for an account.
+type DeviceClientCertificates struct {
+	Response
+	Result Enabled
+}
+
+type ServiceMode string
+
+const (
+	oneDotOne      ServiceMode = "1dot1"
+	warp           ServiceMode = "warp"
+	proxy          ServiceMode = "proxy"
+	postureOnly    ServiceMode = "posture_only"
+	warpTunnelOnly ServiceMode = "warp_tunnel_only"
+
+	listDeviceSettingsPoliciesDefaultPageSize = 20
+)
+
+type ServiceModeV2 struct {
+	Mode ServiceMode `json:"mode,omitempty"`
+	Port int         `json:"port,omitempty"`
+}
+
+type DeviceSettingsPolicy struct {
+	ServiceModeV2       *ServiceModeV2    `json:"service_mode_v2"`
+	DisableAutoFallback *bool             `json:"disable_auto_fallback"`
+	FallbackDomains     *[]FallbackDomain `json:"fallback_domains"`
+	Include             *[]SplitTunnel    `json:"include"`
+	Exclude             *[]SplitTunnel    `json:"exclude"`
+	GatewayUniqueID     *string           `json:"gateway_unique_id"`
+	SupportURL          *string           `json:"support_url"`
+	CaptivePortal       *int              `json:"captive_portal"`
+	AllowModeSwitch     *bool             `json:"allow_mode_switch"`
+	SwitchLocked        *bool             `json:"switch_locked"`
+	AllowUpdates        *bool             `json:"allow_updates"`
+	AutoConnect         *int              `json:"auto_connect"`
+	AllowedToLeave      *bool             `json:"allowed_to_leave"`
+	PolicyID            *string           `json:"policy_id"`
+	Enabled             *bool             `json:"enabled"`
+	Name                *string           `json:"name"`
+	Match               *string           `json:"match"`
+	Precedence          *int              `json:"precedence"`
+	Default             bool              `json:"default"`
+	ExcludeOfficeIps    *bool             `json:"exclude_office_ips"`
+	Description         *string           `json:"description"`
+	LANAllowMinutes     *uint             `json:"lan_allow_minutes"`
+	LANAllowSubnetSize  *uint             `json:"lan_allow_subnet_size"`
+}
+
+type DeviceSettingsPolicyResponse struct {
+	Response
+	Result DeviceSettingsPolicy
+}
+
+type DeleteDeviceSettingsPolicyResponse struct {
+	Response
+	Result []DeviceSettingsPolicy
+}
+
+type CreateDeviceSettingsPolicyParams struct {
+	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
+	CaptivePortal       *int           `json:"captive_portal,omitempty"`
+	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
+	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
+	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
+	AutoConnect         *int           `json:"auto_connect,omitempty"`
+	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
+	SupportURL          *string        `json:"support_url,omitempty"`
+	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
+	Precedence          *int           `json:"precedence,omitempty"`
+	Name                *string        `json:"name,omitempty"`
+	Match               *string        `json:"match,omitempty"`
+	Enabled             *bool          `json:"enabled,omitempty"`
+	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
+	Description         *string        `json:"description,omitempty"`
+	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
+	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
+}
+
+type UpdateDefaultDeviceSettingsPolicyParams struct {
+	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
+	CaptivePortal       *int           `json:"captive_portal,omitempty"`
+	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
+	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
+	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
+	AutoConnect         *int           `json:"auto_connect,omitempty"`
+	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
+	SupportURL          *string        `json:"support_url,omitempty"`
+	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
+	Precedence          *int           `json:"precedence,omitempty"`
+	Name                *string        `json:"name,omitempty"`
+	Match               *string        `json:"match,omitempty"`
+	Enabled             *bool          `json:"enabled,omitempty"`
+	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
+	Description         *string        `json:"description,omitempty"`
+	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
+	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
+}
+
+type UpdateDeviceSettingsPolicyParams struct {
+	PolicyID            *string        `json:"-"`
+	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
+	CaptivePortal       *int           `json:"captive_portal,omitempty"`
+	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
+	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
+	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
+	AutoConnect         *int           `json:"auto_connect,omitempty"`
+	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
+	SupportURL          *string        `json:"support_url,omitempty"`
+	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
+	Precedence          *int           `json:"precedence,omitempty"`
+	Name                *string        `json:"name,omitempty"`
+	Match               *string        `json:"match,omitempty"`
+	Enabled             *bool          `json:"enabled,omitempty"`
+	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
+	Description         *string        `json:"description,omitempty"`
+	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
+	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
+}
+
+type ListDeviceSettingsPoliciesResponse struct {
+	Response
+	ResultInfo ResultInfo             `json:"result_info"`
+	Result     []DeviceSettingsPolicy `json:"result"`
+}
+
+type UpdateDeviceClientCertificatesParams struct {
+	Enabled *bool `json:"enabled"`
+}
+
+type GetDeviceClientCertificatesParams struct{}
+
+type GetDefaultDeviceSettingsPolicyParams struct{}
+
+type GetDeviceSettingsPolicyParams struct {
+	PolicyID *string `json:"-"`
+}
+
+// UpdateDeviceClientCertificates controls the zero trust zone used to provision client certificates.
+//
+// API reference: https://api.cloudflare.com/#device-client-certificates
+func (api *API) UpdateDeviceClientCertificates(ctx context.Context, rc *ResourceContainer, params UpdateDeviceClientCertificatesParams) (DeviceClientCertificates, error) {
+	if rc.Level != ZoneRouteLevel {
+		return DeviceClientCertificates{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy/certificates", rc.Level, rc.Identifier)
+
+	result := DeviceClientCertificates{Result: Enabled{false}}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// GetDeviceClientCertificates controls the zero trust zone used to provision
+// client certificates.
+//
+// API reference: https://api.cloudflare.com/#device-client-certificates
+func (api *API) GetDeviceClientCertificates(ctx context.Context, rc *ResourceContainer, params GetDeviceClientCertificatesParams) (DeviceClientCertificates, error) {
+	if rc.Level != ZoneRouteLevel {
+		return DeviceClientCertificates{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy/certificates", rc.Level, rc.Identifier)
+
+	result := DeviceClientCertificates{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return result, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// CreateDeviceSettingsPolicy creates a settings policy against devices that
+// match the policy.
+//
+// API reference: https://api.cloudflare.com/#devices-create-device-settings-policy
+func (api *API) CreateDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params CreateDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+// UpdateDefaultDeviceSettingsPolicy updates the default settings policy for an account
+//
+// API reference: https://api.cloudflare.com/#devices-update-default-device-settings-policy
+func (api *API) UpdateDefaultDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params UpdateDefaultDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	result := DeviceSettingsPolicyResponse{}
+	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+// UpdateDeviceSettingsPolicy updates a settings policy
+//
+// API reference: https://api.cloudflare.com/#devices-update-device-settings-policy
+func (api *API) UpdateDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params UpdateDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, *params.PolicyID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+// DeleteDeviceSettingsPolicy deletes a settings policy and returns a list
+// of all of the other policies in the account.
+//
+// API reference: https://api.cloudflare.com/#devices-delete-device-settings-policy
+func (api *API) DeleteDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, policyID string) ([]DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return []DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, policyID)
+
+	result := DeleteDeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return []DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+// GetDefaultDeviceSettings gets the default device settings policy.
+//
+// API reference: https://api.cloudflare.com/#devices-get-default-device-settings-policy
+func (api *API) GetDefaultDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params GetDefaultDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+// GetDefaultDeviceSettings gets the device settings policy by its policyID.
+//
+// API reference: https://api.cloudflare.com/#devices-get-device-settings-policy-by-id
+func (api *API) GetDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params GetDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
+	if rc.Level != AccountRouteLevel {
+		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, *params.PolicyID)
+
+	result := DeviceSettingsPolicyResponse{}
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DeviceSettingsPolicy{}, err
+	}
+
+	if err := json.Unmarshal(res, &result); err != nil {
+		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, err
+}
+
+type ListDeviceSettingsPoliciesParams struct {
+	ResultInfo
+}
+
+// ListDeviceSettingsPolicies returns all device settings policies for an account
+//
+// API reference: https://api.cloudflare.com/#devices-list-device-settings-policies
+func (api *API) ListDeviceSettingsPolicies(ctx context.Context, rc *ResourceContainer, params ListDeviceSettingsPoliciesParams) ([]DeviceSettingsPolicy, *ResultInfo, error) {
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = listDeviceSettingsPoliciesDefaultPageSize
+	}
+
+	var policies []DeviceSettingsPolicy
+	var lastResultInfo ResultInfo
+	for {
+		uri := buildURI(fmt.Sprintf("/%s/%s/devices/policies", rc.Level, rc.Identifier), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return nil, nil, err
+		}
+		var r ListDeviceSettingsPoliciesResponse
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		policies = append(policies, r.Result...)
+		lastResultInfo = r.ResultInfo
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return policies, &lastResultInfo, nil
+}
diff --git a/pkg/cloudflare-go/devices_policy_test.go b/pkg/cloudflare-go/devices_policy_test.go
new file mode 100644
index 0000000000..c78a13838e
--- /dev/null
+++ b/pkg/cloudflare-go/devices_policy_test.go
@@ -0,0 +1,423 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	deviceSettingsPolicyID         = "a842fa8a-a583-482e-9cd9-eb43362949fd"
+	deviceSettingsPolicyMatch      = "identity.email == \"test@example.com\""
+	deviceSettingsPolicyPrecedence = 10
+
+	defaultDeviceSettingsPolicy = DeviceSettingsPolicy{
+		ServiceModeV2: &ServiceModeV2{
+			Mode: "warp",
+		},
+		DisableAutoFallback: BoolPtr(false),
+		FallbackDomains: &[]FallbackDomain{
+			{Suffix: "invalid"},
+			{Suffix: "test"},
+		},
+		Exclude: &[]SplitTunnel{
+			{Address: "10.0.0.0/8"},
+			{Address: "100.64.0.0/10"},
+		},
+		GatewayUniqueID:    StringPtr("t1235"),
+		SupportURL:         StringPtr(""),
+		CaptivePortal:      IntPtr(180),
+		AllowModeSwitch:    BoolPtr(false),
+		SwitchLocked:       BoolPtr(false),
+		AllowUpdates:       BoolPtr(false),
+		AutoConnect:        IntPtr(0),
+		AllowedToLeave:     BoolPtr(true),
+		Enabled:            BoolPtr(true),
+		PolicyID:           nil,
+		Name:               nil,
+		Match:              nil,
+		Precedence:         nil,
+		Default:            true,
+		ExcludeOfficeIps:   BoolPtr(false),
+		Description:        nil,
+		LANAllowMinutes:    nil,
+		LANAllowSubnetSize: nil,
+	}
+
+	nonDefaultDeviceSettingsPolicy = DeviceSettingsPolicy{
+		ServiceModeV2: &ServiceModeV2{
+			Mode: "warp",
+		},
+		DisableAutoFallback: BoolPtr(false),
+		FallbackDomains: &[]FallbackDomain{
+			{Suffix: "invalid"},
+			{Suffix: "test"},
+		},
+		Exclude: &[]SplitTunnel{
+			{Address: "10.0.0.0/8"},
+			{Address: "100.64.0.0/10"},
+		},
+		GatewayUniqueID:    StringPtr("t1235"),
+		SupportURL:         StringPtr(""),
+		CaptivePortal:      IntPtr(180),
+		AllowModeSwitch:    BoolPtr(false),
+		SwitchLocked:       BoolPtr(false),
+		AllowUpdates:       BoolPtr(false),
+		AutoConnect:        IntPtr(0),
+		AllowedToLeave:     BoolPtr(true),
+		PolicyID:           &deviceSettingsPolicyID,
+		Enabled:            BoolPtr(true),
+		Name:               StringPtr("test"),
+		Match:              &deviceSettingsPolicyMatch,
+		Precedence:         &deviceSettingsPolicyPrecedence,
+		Default:            false,
+		ExcludeOfficeIps:   BoolPtr(true),
+		Description:        StringPtr("Test Description"),
+		LANAllowMinutes:    UintPtr(120),
+		LANAllowSubnetSize: UintPtr(31),
+	}
+
+	defaultDeviceSettingsPolicyJson = `{
+		"service_mode_v2": {
+			"mode": "warp"
+		},
+		"disable_auto_fallback": false,
+		"fallback_domains": [
+			{
+				"suffix": "invalid"
+			},
+			{
+				"suffix": "test"
+			}
+		],
+		"exclude": [
+			{
+				"address": "10.0.0.0/8"
+			},
+			{
+				"address": "100.64.0.0/10"
+			}
+		],
+		"gateway_unique_id": "t1235",
+		"support_url": "",
+		"captive_portal": 180,
+		"allow_mode_switch": false,
+		"switch_locked": false,
+		"allow_updates": false,
+		"auto_connect": 0,
+		"allowed_to_leave": true,
+		"enabled": true,
+		"default": true,
+		"exclude_office_ips":false
+	}`
+
+	nonDefaultDeviceSettingsPolicyJson = fmt.Sprintf(`{
+		"service_mode_v2": {
+			"mode": "warp"
+		},
+		"disable_auto_fallback": false,
+		"fallback_domains": [
+			{
+				"suffix": "invalid"
+			},
+			{
+				"suffix": "test"
+			}
+		],
+		"exclude": [
+			{
+				"address": "10.0.0.0/8"
+			},
+			{
+				"address": "100.64.0.0/10"
+			}
+		],
+		"gateway_unique_id": "t1235",
+		"support_url": "",
+		"captive_portal": 180,
+		"allow_mode_switch": false,
+		"switch_locked": false,
+		"allow_updates": false,
+		"auto_connect": 0,
+		"allowed_to_leave": true,
+		"policy_id": "%s",
+		"enabled": true,
+		"name": "test",
+		"match": %#v,
+		"precedence": 10,
+		"default": false,
+		"exclude_office_ips":true,
+		"description":"Test Description",
+		"lan_allow_minutes": 120,
+		"lan_allow_subnet_size": 31
+	}`, deviceSettingsPolicyID, deviceSettingsPolicyMatch)
+)
+
+func TestUpdateDeviceClientCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": {"enabled": true}
+		}`)
+	}
+
+	want := DeviceClientCertificates{
+		Response: Response{
+			Success:  true,
+			Errors:   nil,
+			Messages: nil,
+		},
+		Result: Enabled{true},
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/devices/policy/certificates", handler)
+
+	actual, err := client.UpdateDeviceClientCertificates(context.Background(), ZoneIdentifier(testZoneID), UpdateDeviceClientCertificatesParams{Enabled: BoolPtr(true)})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetDeviceClientCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": {"enabled": false}
+		}`)
+	}
+
+	want := DeviceClientCertificates{
+		Response: Response{
+			Success:  true,
+			Errors:   nil,
+			Messages: nil,
+		},
+		Result: Enabled{false},
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/devices/policy/certificates", handler)
+
+	actual, err := client.GetDeviceClientCertificates(context.Background(), ZoneIdentifier(testZoneID), GetDeviceClientCertificatesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": %s
+		}`, nonDefaultDeviceSettingsPolicyJson)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
+
+	actual, err := client.CreateDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), CreateDeviceSettingsPolicyParams{
+		Precedence:         IntPtr(10),
+		Match:              &deviceSettingsPolicyMatch,
+		Name:               StringPtr("test"),
+		Description:        StringPtr("Test Description"),
+		LANAllowMinutes:    UintPtr(120),
+		LANAllowSubnetSize: UintPtr(31),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
+	}
+}
+
+func TestUpdateDefaultDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": %s
+		}`, defaultDeviceSettingsPolicyJson)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
+
+	actual, err := client.UpdateDefaultDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), UpdateDefaultDeviceSettingsPolicyParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, defaultDeviceSettingsPolicy, actual)
+	}
+}
+
+func TestUpdateDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": %s
+		}`, nonDefaultDeviceSettingsPolicyJson)
+	}
+
+	precedence := 10
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
+
+	actual, err := client.UpdateDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceSettingsPolicyParams{
+		PolicyID:   &deviceSettingsPolicyID,
+		Precedence: &precedence,
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
+	}
+}
+
+func TestDeleteDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": [ %s ]
+		}`, defaultDeviceSettingsPolicyJson)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
+
+	actual, err := client.DeleteDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), deviceSettingsPolicyID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []DeviceSettingsPolicy{defaultDeviceSettingsPolicy}, actual)
+	}
+}
+
+func TestGetDefaultDeviceSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": %s
+		}`, defaultDeviceSettingsPolicyJson)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
+
+	actual, err := client.GetDefaultDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), GetDefaultDeviceSettingsPolicyParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, defaultDeviceSettingsPolicy, actual)
+	}
+}
+
+func TestGetDeviceSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": %s
+		}`, nonDefaultDeviceSettingsPolicyJson)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
+
+	actual, err := client.GetDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), GetDeviceSettingsPolicyParams{PolicyID: &deviceSettingsPolicyID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
+	}
+}
+
+func TestListDeviceSettingsPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": null,
+			"messages": null,
+			"result": [%s],
+			"result_info": {
+  				"count": 1,
+  				"page": 1,
+  				"per_page": 20,
+  				"total_count": 1
+			}
+		}`, nonDefaultDeviceSettingsPolicyJson)
+	}
+
+	want := []DeviceSettingsPolicy{nonDefaultDeviceSettingsPolicy}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policies", handler)
+
+	actual, resultInfo, err := client.ListDeviceSettingsPolicies(context.Background(), AccountIdentifier(testAccountID), ListDeviceSettingsPoliciesParams{
+		ResultInfo: ResultInfo{
+			Page:    1,
+			PerPage: 20,
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+		assert.Equal(t, &ResultInfo{
+			Count:   1,
+			Page:    1,
+			PerPage: 20,
+			Total:   1,
+		}, resultInfo)
+		assert.Len(t, actual, 1)
+	}
+}
diff --git a/pkg/cloudflare-go/diagnostics.go b/pkg/cloudflare-go/diagnostics.go
new file mode 100644
index 0000000000..4eb8e71655
--- /dev/null
+++ b/pkg/cloudflare-go/diagnostics.go
@@ -0,0 +1,102 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// DiagnosticsTracerouteConfiguration is the overarching structure of the
+// diagnostics traceroute requests.
+type DiagnosticsTracerouteConfiguration struct {
+	Targets []string                                  `json:"targets"`
+	Colos   []string                                  `json:"colos,omitempty"`
+	Options DiagnosticsTracerouteConfigurationOptions `json:"options,omitempty"`
+}
+
+// DiagnosticsTracerouteConfigurationOptions contains the options for performing
+// traceroutes.
+type DiagnosticsTracerouteConfigurationOptions struct {
+	PacketsPerTTL int    `json:"packets_per_ttl"`
+	PacketType    string `json:"packet_type"`
+	MaxTTL        int    `json:"max_ttl"`
+	WaitTime      int    `json:"wait_time"`
+}
+
+// DiagnosticsTracerouteResponse is the outer response of the API response.
+type DiagnosticsTracerouteResponse struct {
+	Response
+	Result []DiagnosticsTracerouteResponseResult `json:"result"`
+}
+
+// DiagnosticsTracerouteResponseResult is the inner API response for the
+// traceroute request.
+type DiagnosticsTracerouteResponseResult struct {
+	Target string                               `json:"target"`
+	Colos  []DiagnosticsTracerouteResponseColos `json:"colos"`
+}
+
+// DiagnosticsTracerouteResponseColo contains the Name and City of a colocation.
+type DiagnosticsTracerouteResponseColo struct {
+	Name string `json:"name"`
+	City string `json:"city"`
+}
+
+// DiagnosticsTracerouteResponseNodes holds a summary of nodes contacted in the
+// traceroute.
+type DiagnosticsTracerouteResponseNodes struct {
+	Asn         string  `json:"asn"`
+	IP          string  `json:"ip"`
+	Name        string  `json:"name"`
+	PacketCount int     `json:"packet_count"`
+	MeanRttMs   float64 `json:"mean_rtt_ms"`
+	StdDevRttMs float64 `json:"std_dev_rtt_ms"`
+	MinRttMs    float64 `json:"min_rtt_ms"`
+	MaxRttMs    float64 `json:"max_rtt_ms"`
+}
+
+// DiagnosticsTracerouteResponseHops holds packet and node information of the
+// hops.
+type DiagnosticsTracerouteResponseHops struct {
+	PacketsTTL  int                                  `json:"packets_ttl"`
+	PacketsSent int                                  `json:"packets_sent"`
+	PacketsLost int                                  `json:"packets_lost"`
+	Nodes       []DiagnosticsTracerouteResponseNodes `json:"nodes"`
+}
+
+// DiagnosticsTracerouteResponseColos is the summary struct of a colocation test.
+type DiagnosticsTracerouteResponseColos struct {
+	Error            string                              `json:"error"`
+	Colo             DiagnosticsTracerouteResponseColo   `json:"colo"`
+	TracerouteTimeMs int                                 `json:"traceroute_time_ms"`
+	TargetSummary    DiagnosticsTracerouteResponseNodes  `json:"target_summary"`
+	Hops             []DiagnosticsTracerouteResponseHops `json:"hops"`
+}
+
+// PerformTraceroute initiates a traceroute from the Cloudflare network to the
+// requested targets.
+//
+// API documentation: https://api.cloudflare.com/#diagnostics-traceroute
+func (api *API) PerformTraceroute(ctx context.Context, accountID string, targets, colos []string, tracerouteOptions DiagnosticsTracerouteConfigurationOptions) ([]DiagnosticsTracerouteResponseResult, error) {
+	uri := fmt.Sprintf("/accounts/%s/diagnostics/traceroute", accountID)
+	diagnosticsPayload := DiagnosticsTracerouteConfiguration{
+		Targets: targets,
+		Colos:   colos,
+		Options: tracerouteOptions,
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, diagnosticsPayload)
+	if err != nil {
+		return []DiagnosticsTracerouteResponseResult{}, err
+	}
+
+	var diagnosticsResponse DiagnosticsTracerouteResponse
+	err = json.Unmarshal(res, &diagnosticsResponse)
+	if err != nil {
+		return []DiagnosticsTracerouteResponseResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return diagnosticsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/diagnostics_test.go b/pkg/cloudflare-go/diagnostics_test.go
new file mode 100644
index 0000000000..0662c006ba
--- /dev/null
+++ b/pkg/cloudflare-go/diagnostics_test.go
@@ -0,0 +1,236 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDiagnosticsPerformTraceroute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		var request DiagnosticsTracerouteConfiguration
+		var err error
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		err = json.NewDecoder(r.Body).Decode(&request)
+		assert.NoError(t, err)
+		assert.Equal(t, request.Colos, []string{"den01"}, "Exepected key 'colos' to be [\"den01\"], got %+v", request.Colos)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "target": "1.1.1.1",
+      "colos": [
+        {
+          "error": "",
+          "colo": {
+            "name": "den01",
+            "city": "Denver, CO, US"
+          },
+          "traceroute_time_ms": 969,
+          "target_summary": {
+            "asn": "",
+            "ip": "1.1.1.1",
+            "name": "1.1.1.1",
+            "packet_count": 3,
+            "mean_rtt_ms": 0.021,
+            "std_dev_rtt_ms": 0.011269427669584647,
+            "min_rtt_ms": 0.014,
+            "max_rtt_ms": 0.034
+          },
+          "hops": [
+            {
+              "packets_ttl": 1,
+              "packets_sent": 3,
+              "packets_lost": 0,
+              "nodes": [
+                {
+                  "asn": "AS13335",
+                  "ip": "1.1.1.1",
+                  "name": "one.one.one.one",
+                  "packet_count": 3,
+                  "mean_rtt_ms": 0.021,
+                  "std_dev_rtt_ms": 0.011269427669584647,
+                  "min_rtt_ms": 0.014,
+                  "max_rtt_ms": 0.034
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/diagnostics/traceroute", handler)
+
+	want := []DiagnosticsTracerouteResponseResult{{
+		Target: "1.1.1.1",
+		Colos: []DiagnosticsTracerouteResponseColos{{
+			Error: "",
+			Colo: DiagnosticsTracerouteResponseColo{
+				Name: "den01", City: "Denver, CO, US",
+			},
+			TracerouteTimeMs: 969,
+			TargetSummary: DiagnosticsTracerouteResponseNodes{
+				Asn:         "",
+				IP:          "1.1.1.1",
+				Name:        "1.1.1.1",
+				PacketCount: 3,
+				MeanRttMs:   0.021,
+				StdDevRttMs: 0.011269427669584647,
+				MinRttMs:    0.014,
+				MaxRttMs:    0.034,
+			},
+			Hops: []DiagnosticsTracerouteResponseHops{{
+				PacketsTTL:  1,
+				PacketsSent: 3,
+				PacketsLost: 0,
+				Nodes: []DiagnosticsTracerouteResponseNodes{{
+					Asn:         "AS13335",
+					IP:          "1.1.1.1",
+					Name:        "one.one.one.one",
+					PacketCount: 3,
+					MeanRttMs:   0.021,
+					StdDevRttMs: 0.011269427669584647,
+					MinRttMs:    0.014,
+					MaxRttMs:    0.034,
+				}},
+			}},
+		}},
+	},
+	}
+
+	opts := DiagnosticsTracerouteConfigurationOptions{PacketsPerTTL: 1, PacketType: "imcp", MaxTTL: 1, WaitTime: 1}
+	trace, err := client.PerformTraceroute(context.Background(), "01a7362d577a6c3019a474fd6f485823", []string{"1.1.1.1"}, []string{"den01"}, opts)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, trace)
+	}
+}
+
+func TestDiagnosticsPerformTracerouteEmptyColos(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		var request DiagnosticsTracerouteConfiguration
+		var err error
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		err = json.NewDecoder(r.Body).Decode(&request)
+		assert.NoError(t, err)
+		assert.Nil(t, request.Colos, "Exepected key 'colos' to be nil, got %+v", request.Colos)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "target": "1.1.1.1",
+      "colos": [
+        {
+          "error": "",
+          "colo": {
+            "name": "den01",
+            "city": "Denver, CO, US"
+          },
+          "traceroute_time_ms": 969,
+          "target_summary": {
+            "asn": "",
+            "ip": "1.1.1.1",
+            "name": "1.1.1.1",
+            "packet_count": 3,
+            "mean_rtt_ms": 0.021,
+            "std_dev_rtt_ms": 0.011269427669584647,
+            "min_rtt_ms": 0.014,
+            "max_rtt_ms": 0.034
+          },
+          "hops": [
+            {
+              "packets_ttl": 1,
+              "packets_sent": 3,
+              "packets_lost": 0,
+              "nodes": [
+                {
+                  "asn": "AS13335",
+                  "ip": "1.1.1.1",
+                  "name": "one.one.one.one",
+                  "packet_count": 3,
+                  "mean_rtt_ms": 0.021,
+                  "std_dev_rtt_ms": 0.011269427669584647,
+                  "min_rtt_ms": 0.014,
+                  "max_rtt_ms": 0.034
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/diagnostics/traceroute", handler)
+
+	want := []DiagnosticsTracerouteResponseResult{{
+		Target: "1.1.1.1",
+		Colos: []DiagnosticsTracerouteResponseColos{{
+			Error: "",
+			Colo: DiagnosticsTracerouteResponseColo{
+				Name: "den01", City: "Denver, CO, US",
+			},
+			TracerouteTimeMs: 969,
+			TargetSummary: DiagnosticsTracerouteResponseNodes{
+				Asn:         "",
+				IP:          "1.1.1.1",
+				Name:        "1.1.1.1",
+				PacketCount: 3,
+				MeanRttMs:   0.021,
+				StdDevRttMs: 0.011269427669584647,
+				MinRttMs:    0.014,
+				MaxRttMs:    0.034,
+			},
+			Hops: []DiagnosticsTracerouteResponseHops{{
+				PacketsTTL:  1,
+				PacketsSent: 3,
+				PacketsLost: 0,
+				Nodes: []DiagnosticsTracerouteResponseNodes{{
+					Asn:         "AS13335",
+					IP:          "1.1.1.1",
+					Name:        "one.one.one.one",
+					PacketCount: 3,
+					MeanRttMs:   0.021,
+					StdDevRttMs: 0.011269427669584647,
+					MinRttMs:    0.014,
+					MaxRttMs:    0.034,
+				}},
+			}},
+		}},
+	},
+	}
+
+	opts := DiagnosticsTracerouteConfigurationOptions{PacketsPerTTL: 1, PacketType: "imcp", MaxTTL: 1, WaitTime: 1}
+	trace, err := client.PerformTraceroute(context.Background(), "01a7362d577a6c3019a474fd6f485823", []string{"1.1.1.1"}, []string{}, opts)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, trace)
+	}
+}
diff --git a/pkg/cloudflare-go/dlp_dataset.go b/pkg/cloudflare-go/dlp_dataset.go
new file mode 100644
index 0000000000..09cf86416c
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_dataset.go
@@ -0,0 +1,278 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingDatasetID = errors.New("missing required dataset ID")
+)
+
+// DLPDatasetUpload represents a single upload version attached to a DLP dataset.
+type DLPDatasetUpload struct {
+	NumCells int    `json:"num_cells"`
+	Status   string `json:"status,omitempty"`
+	Version  int    `json:"version"`
+}
+
+// DLPDataset represents a DLP Exact Data Match dataset or Custom Word List.
+type DLPDataset struct {
+	CreatedAt   *time.Time         `json:"created_at,omitempty"`
+	Description string             `json:"description,omitempty"`
+	ID          string             `json:"id,omitempty"`
+	Name        string             `json:"name,omitempty"`
+	NumCells    int                `json:"num_cells"`
+	Secret      *bool              `json:"secret,omitempty"`
+	Status      string             `json:"status,omitempty"`
+	UpdatedAt   *time.Time         `json:"updated_at,omitempty"`
+	Uploads     []DLPDatasetUpload `json:"uploads"`
+}
+
+type ListDLPDatasetsParams struct{}
+
+type DLPDatasetListResponse struct {
+	Result []DLPDataset `json:"result"`
+	Response
+}
+
+// ListDLPDatasets returns all the DLP datasets associated with an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-read-all
+func (api *API) ListDLPDatasets(ctx context.Context, rc *ResourceContainer, params ListDLPDatasetsParams) ([]DLPDataset, error) {
+	if rc.Identifier == "" {
+		return nil, nil
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets", rc.Level, rc.Identifier), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var dlpDatasetListResponse DLPDatasetListResponse
+	err = json.Unmarshal(res, &dlpDatasetListResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpDatasetListResponse.Result, nil
+}
+
+type DLPDatasetGetResponse struct {
+	Result DLPDataset `json:"result"`
+	Response
+}
+
+// GetDLPDataset returns a DLP dataset based on the dataset ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-read
+func (api *API) GetDLPDataset(ctx context.Context, rc *ResourceContainer, datasetID string) (DLPDataset, error) {
+	if rc.Identifier == "" {
+		return DLPDataset{}, nil
+	}
+
+	if datasetID == "" {
+		return DLPDataset{}, ErrMissingDatasetID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, datasetID), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DLPDataset{}, err
+	}
+
+	var dlpDatasetGetResponse DLPDatasetGetResponse
+	err = json.Unmarshal(res, &dlpDatasetGetResponse)
+	if err != nil {
+		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpDatasetGetResponse.Result, nil
+}
+
+type CreateDLPDatasetParams struct {
+	Description string `json:"description,omitempty"`
+	Name        string `json:"name"`
+	Secret      *bool  `json:"secret,omitempty"`
+}
+
+type CreateDLPDatasetResult struct {
+	MaxCells int        `json:"max_cells"`
+	Secret   string     `json:"secret"`
+	Version  int        `json:"version"`
+	Dataset  DLPDataset `json:"dataset"`
+}
+
+type CreateDLPDatasetResponse struct {
+	Result CreateDLPDatasetResult `json:"result"`
+	Response
+}
+
+// CreateDLPDataset creates a DLP dataset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-create
+func (api *API) CreateDLPDataset(ctx context.Context, rc *ResourceContainer, params CreateDLPDatasetParams) (CreateDLPDatasetResult, error) {
+	if rc.Identifier == "" {
+		return CreateDLPDatasetResult{}, nil
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets", rc.Level, rc.Identifier), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return CreateDLPDatasetResult{}, err
+	}
+
+	var CreateDLPDatasetResponse CreateDLPDatasetResponse
+	err = json.Unmarshal(res, &CreateDLPDatasetResponse)
+	if err != nil {
+		return CreateDLPDatasetResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return CreateDLPDatasetResponse.Result, nil
+}
+
+// DeleteDLPDataset deletes a DLP dataset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-delete
+func (api *API) DeleteDLPDataset(ctx context.Context, rc *ResourceContainer, datasetID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingResourceIdentifier
+	}
+
+	if datasetID == "" {
+		return ErrMissingDatasetID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, datasetID), nil)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	return err
+}
+
+type UpdateDLPDatasetParams struct {
+	DatasetID   string
+	Description *string `json:"description,omitempty"` // nil to leave descrption as-is
+	Name        *string `json:"name,omitempty"`        // nil to leave name as-is
+}
+
+type UpdateDLPDatasetResponse struct {
+	Result DLPDataset `json:"result"`
+	Response
+}
+
+// UpdateDLPDataset updates the details of a DLP dataset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-update
+func (api *API) UpdateDLPDataset(ctx context.Context, rc *ResourceContainer, params UpdateDLPDatasetParams) (DLPDataset, error) {
+	if rc.Identifier == "" {
+		return DLPDataset{}, nil
+	}
+
+	if params.DatasetID == "" {
+		return DLPDataset{}, ErrMissingDatasetID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, params.DatasetID), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return DLPDataset{}, err
+	}
+
+	var updateDLPDatasetResponse UpdateDLPDatasetResponse
+	err = json.Unmarshal(res, &updateDLPDatasetResponse)
+	if err != nil {
+		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return updateDLPDatasetResponse.Result, nil
+}
+
+type CreateDLPDatasetUploadResult struct {
+	MaxCells int    `json:"max_cells"`
+	Secret   string `json:"secret"`
+	Version  int    `json:"version"`
+}
+
+type CreateDLPDatasetUploadResponse struct {
+	Result CreateDLPDatasetUploadResult `json:"result"`
+	Response
+}
+type CreateDLPDatasetUploadParams struct {
+	DatasetID string
+}
+
+// CreateDLPDatasetUpload creates a new upload version for the specified DLP dataset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-create-version
+func (api *API) CreateDLPDatasetUpload(ctx context.Context, rc *ResourceContainer, params CreateDLPDatasetUploadParams) (CreateDLPDatasetUploadResult, error) {
+	if rc.Identifier == "" {
+		return CreateDLPDatasetUploadResult{}, nil
+	}
+
+	if params.DatasetID == "" {
+		return CreateDLPDatasetUploadResult{}, ErrMissingDatasetID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s/upload", rc.Level, rc.Identifier, params.DatasetID), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return CreateDLPDatasetUploadResult{}, err
+	}
+
+	var dlpDatasetCreateUploadResponse CreateDLPDatasetUploadResponse
+	err = json.Unmarshal(res, &dlpDatasetCreateUploadResponse)
+	if err != nil {
+		return CreateDLPDatasetUploadResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpDatasetCreateUploadResponse.Result, nil
+}
+
+type UploadDLPDatasetVersionParams struct {
+	DatasetID string
+	Version   int
+	Body      interface{}
+}
+
+type UploadDLPDatasetVersionResponse struct {
+	Result DLPDataset `json:"result"`
+	Response
+}
+
+// UploadDLPDatasetVersion uploads a new version of the specified DLP dataset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-upload-version
+func (api *API) UploadDLPDatasetVersion(ctx context.Context, rc *ResourceContainer, params UploadDLPDatasetVersionParams) (DLPDataset, error) {
+	if rc.Identifier == "" {
+		return DLPDataset{}, nil
+	}
+
+	if params.DatasetID == "" {
+		return DLPDataset{}, ErrMissingDatasetID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s/upload/%d", rc.Level, rc.Identifier, params.DatasetID, params.Version), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Body)
+	if err != nil {
+		return DLPDataset{}, err
+	}
+
+	var dlpDatasetUploadVersionResponse UploadDLPDatasetVersionResponse
+	err = json.Unmarshal(res, &dlpDatasetUploadVersionResponse)
+	if err != nil {
+		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpDatasetUploadVersionResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/dlp_dataset_test.go b/pkg/cloudflare-go/dlp_dataset_test.go
new file mode 100644
index 0000000000..363163627f
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_dataset_test.go
@@ -0,0 +1,422 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestListDLPDatasets(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"created_at": "2019-08-24T14:15:22Z",
+					"description": "string",
+					"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+					"name": "string",
+					"num_cells": 0,
+					"secret": true,
+					"status": "empty",
+					"updated_at": "2019-08-24T14:15:22Z",
+					"uploads": [
+					  {
+						"num_cells": 0,
+						"status": "empty",
+						"version": 0
+					  }
+					]
+				  }
+			]
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+
+	secret := true
+	want := []DLPDataset{
+		{
+			CreatedAt:   &createdAt,
+			Description: "string",
+			ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+			Name:        "string",
+			NumCells:    0,
+			Secret:      &secret,
+			Status:      "empty",
+			UpdatedAt:   &updatedAt,
+			Uploads: []DLPDatasetUpload{
+				{
+					NumCells: 0,
+					Status:   "empty",
+					Version:  0,
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets", handler)
+
+	actual, err := client.ListDLPDatasets(context.Background(), AccountIdentifier(testAccountID), ListDLPDatasetsParams{})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestGetDLPDataset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2019-08-24T14:15:22Z",
+				"description": "string",
+				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+				"name": "string",
+				"num_cells": 0,
+				"secret": true,
+				"status": "empty",
+				"updated_at": "2019-08-24T14:15:22Z",
+				"uploads": [
+					{
+						"num_cells": 0,
+						"status": "empty",
+						"version": 0
+					}
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+
+	secret := true
+	want := DLPDataset{
+		CreatedAt:   &createdAt,
+		Description: "string",
+		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+		Name:        "string",
+		NumCells:    0,
+		Secret:      &secret,
+		Status:      "empty",
+		UpdatedAt:   &updatedAt,
+		Uploads: []DLPDatasetUpload{
+			{
+				NumCells: 0,
+				Status:   "empty",
+				Version:  0,
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
+
+	actual, err := client.GetDLPDataset(context.Background(), AccountIdentifier(testAccountID), "497f6eca-6276-4993-bfeb-53cbbbba6f08")
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestCreateDLPDataset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var reqBody CreateDLPDatasetParams
+		err := json.NewDecoder(r.Body).Decode(&reqBody)
+		require.Nil(t, err)
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"max_cells": 0,
+				"secret": "1234",
+				"version": 0,
+				"dataset": {
+					"created_at": "2019-08-24T14:15:22Z",
+					"description": "`+reqBody.Description+`",
+					"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+					"name": "`+reqBody.Name+`",
+					"num_cells": 0,
+					"secret": `+fmt.Sprintf("%t", *reqBody.Secret)+`,
+					"status": "empty",
+					"updated_at": "2019-08-24T14:15:22Z",
+					"uploads": [
+						{
+							"num_cells": 0,
+							"status": "empty",
+							"version": 0
+						}
+					]
+				}
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+
+	secret := true
+	want := CreateDLPDatasetResult{
+		MaxCells: 0,
+		Secret:   "1234",
+		Version:  0,
+		Dataset: DLPDataset{
+			CreatedAt:   &createdAt,
+			Description: "string",
+			ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+			Name:        "string",
+			NumCells:    0,
+			Secret:      &secret,
+			Status:      "empty",
+			UpdatedAt:   &updatedAt,
+			Uploads: []DLPDatasetUpload{
+				{
+					NumCells: 0,
+					Status:   "empty",
+					Version:  0,
+				},
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets", handler)
+
+	actual, err := client.CreateDLPDataset(context.Background(), AccountIdentifier(testAccountID), CreateDLPDatasetParams{Description: "string", Name: "string", Secret: &secret})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestDeleteDLPDataset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": null
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
+
+	err := client.DeleteDLPDataset(context.Background(), AccountIdentifier(testAccountID), "497f6eca-6276-4993-bfeb-53cbbbba6f08")
+	require.NoError(t, err)
+}
+
+func TestUpdateDLPDataset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var reqBody UpdateDLPDatasetParams
+		err := json.NewDecoder(r.Body).Decode(&reqBody)
+		require.Nil(t, err)
+
+		var description string
+		if reqBody.Description == nil {
+			description = "string"
+		} else {
+			description = *reqBody.Description
+		}
+
+		var name string
+		if reqBody.Name == nil {
+			name = "string"
+		} else {
+			name = *reqBody.Name
+		}
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2019-08-24T14:15:22Z",
+				"description": "`+description+`",
+				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+				"name": "`+name+`",
+				"num_cells": 0,
+				"secret": true,
+				"status": "empty",
+				"updated_at": "2019-08-24T14:15:22Z",
+				"uploads": [
+					{
+						"num_cells": 0,
+						"status": "empty",
+						"version": 0
+					}
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+
+	secret := true
+	want := DLPDataset{
+		CreatedAt:   &createdAt,
+		Description: "new_desc",
+		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+		Name:        "string",
+		NumCells:    0,
+		Secret:      &secret,
+		Status:      "empty",
+		UpdatedAt:   &updatedAt,
+		Uploads: []DLPDatasetUpload{
+			{
+				NumCells: 0,
+				Status:   "empty",
+				Version:  0,
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
+
+	description := "new_desc"
+	actual, err := client.UpdateDLPDataset(context.Background(), AccountIdentifier(testAccountID), UpdateDLPDatasetParams{Description: &description, Name: nil, DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08"})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestCreateDLPDatasetUpload(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"max_cells": 0,
+				"secret": "1234",
+				"version": 1
+			}
+		}`)
+	}
+
+	want := CreateDLPDatasetUploadResult{
+		MaxCells: 0,
+		Secret:   "1234",
+		Version:  1,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08/upload", handler)
+
+	actual, err := client.CreateDLPDatasetUpload(context.Background(), AccountIdentifier(testAccountID), CreateDLPDatasetUploadParams{DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08"})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestUploadDLPDatasetVersion(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		body, err := io.ReadAll(r.Body)
+		require.NoError(t, err)
+		require.Equal(t, []byte{1, 2, 3, 4}, body)
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"created_at": "2019-08-24T14:15:22Z",
+				"description": "string",
+				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+				"name": "string",
+				"num_cells": 5,
+				"secret": true,
+				"status": "complete",
+				"updated_at": "2019-08-24T14:15:22Z",
+				"uploads": [
+					{
+						"num_cells": 0,
+						"status": "empty",
+						"version": 0
+					},
+					{
+						"num_cells": 5,
+						"status": "complete",
+						"version": 1
+					}
+				]
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
+
+	secret := true
+	want := DLPDataset{
+		CreatedAt:   &createdAt,
+		Description: "string",
+		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
+		Name:        "string",
+		NumCells:    5,
+		Secret:      &secret,
+		Status:      "complete",
+		UpdatedAt:   &updatedAt,
+		Uploads: []DLPDatasetUpload{
+			{
+				NumCells: 0,
+				Status:   "empty",
+				Version:  0,
+			},
+			{
+				NumCells: 5,
+				Status:   "complete",
+				Version:  1,
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08/upload/1", handler)
+
+	actual, err := client.UploadDLPDatasetVersion(context.Background(), AccountIdentifier(testAccountID), UploadDLPDatasetVersionParams{DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08", Version: 1, Body: []byte{1, 2, 3, 4}})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
diff --git a/pkg/cloudflare-go/dlp_payload_log.go b/pkg/cloudflare-go/dlp_payload_log.go
new file mode 100644
index 0000000000..80123b459d
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_payload_log.go
@@ -0,0 +1,72 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type DLPPayloadLogSettings struct {
+	PublicKey string `json:"public_key,omitempty"`
+
+	// Only present in responses
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+}
+
+type GetDLPPayloadLogSettingsParams struct{}
+
+type DLPPayloadLogSettingsResponse struct {
+	Response
+	Result DLPPayloadLogSettings `json:"result"`
+}
+
+// GetDLPPayloadLogSettings gets the current DLP payload logging settings.
+//
+// API reference: https://api.cloudflare.com/#dlp-payload-log-settings-get-settings
+func (api *API) GetDLPPayloadLogSettings(ctx context.Context, rc *ResourceContainer, params GetDLPPayloadLogSettingsParams) (DLPPayloadLogSettings, error) {
+	if rc.Identifier == "" {
+		return DLPPayloadLogSettings{}, ErrMissingResourceIdentifier
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/payload_log", rc.Level, rc.Identifier), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DLPPayloadLogSettings{}, err
+	}
+
+	var dlpPayloadLogSettingsResponse DLPPayloadLogSettingsResponse
+	err = json.Unmarshal(res, &dlpPayloadLogSettingsResponse)
+	if err != nil {
+		return DLPPayloadLogSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpPayloadLogSettingsResponse.Result, nil
+}
+
+// UpdateDLPPayloadLogSettings sets the current DLP payload logging settings to new values.
+//
+// API reference: https://api.cloudflare.com/#dlp-payload-log-settings-update-settings
+func (api *API) UpdateDLPPayloadLogSettings(ctx context.Context, rc *ResourceContainer, settings DLPPayloadLogSettings) (DLPPayloadLogSettings, error) {
+	if rc.Identifier == "" {
+		return DLPPayloadLogSettings{}, ErrMissingResourceIdentifier
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/payload_log", rc.Level, rc.Identifier), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
+	if err != nil {
+		return DLPPayloadLogSettings{}, err
+	}
+
+	var dlpPayloadLogSettingsResponse DLPPayloadLogSettingsResponse
+	err = json.Unmarshal(res, &dlpPayloadLogSettingsResponse)
+	if err != nil {
+		return DLPPayloadLogSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpPayloadLogSettingsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/dlp_payload_log_test.go b/pkg/cloudflare-go/dlp_payload_log_test.go
new file mode 100644
index 0000000000..6cb86b54ac
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_payload_log_test.go
@@ -0,0 +1,85 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetDLPPayloadLogSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"public_key": "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
+				"updated_at": "2022-12-22T21:02:39Z"
+			}
+		}`)
+	}
+
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-12-22T21:02:39Z")
+
+	want := DLPPayloadLogSettings{
+		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/payload_log", handler)
+
+	actual, err := client.GetDLPPayloadLogSettings(context.Background(), AccountIdentifier(testAccountID), GetDLPPayloadLogSettingsParams{})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestPutDLPPayloadLogSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var requestSettings DLPPayloadLogSettings
+		err := json.NewDecoder(r.Body).Decode(&requestSettings)
+		require.Nil(t, err)
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"public_key": "`+requestSettings.PublicKey+`",
+				"updated_at": "2022-12-22T21:02:39Z"
+			}
+		}`)
+	}
+
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-12-22T21:02:39Z")
+
+	want := DLPPayloadLogSettings{
+		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/payload_log", handler)
+
+	actual, err := client.UpdateDLPPayloadLogSettings(context.Background(), AccountIdentifier(testAccountID), DLPPayloadLogSettings{
+		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
+	})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
diff --git a/pkg/cloudflare-go/dlp_profile.go b/pkg/cloudflare-go/dlp_profile.go
new file mode 100644
index 0000000000..25e78e9c44
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_profile.go
@@ -0,0 +1,234 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingProfileID = errors.New("missing required profile ID")
+)
+
+// DLPPattern represents a DLP Pattern that matches an entry.
+type DLPPattern struct {
+	Regex      string `json:"regex,omitempty"`
+	Validation string `json:"validation,omitempty"`
+}
+
+// DLPEntry represents a DLP Entry, which can be matched in HTTP bodies or files.
+type DLPEntry struct {
+	ID        string `json:"id,omitempty"`
+	Name      string `json:"name,omitempty"`
+	ProfileID string `json:"profile_id,omitempty"`
+	Enabled   *bool  `json:"enabled,omitempty"`
+	Type      string `json:"type,omitempty"`
+
+	// The following fields are only present for custom entries.
+
+	Pattern   *DLPPattern `json:"pattern,omitempty"`
+	CreatedAt *time.Time  `json:"created_at,omitempty"`
+	UpdatedAt *time.Time  `json:"updated_at,omitempty"`
+}
+
+// Content types to exclude from context analysis and return all matches.
+type DLPContextAwarenessSkip struct {
+	// Return all matches, regardless of context analysis result, if the data is a file.
+	Files *bool `json:"files,omitempty"`
+}
+
+// Scan the context of predefined entries to only return matches surrounded by keywords.
+type DLPContextAwareness struct {
+	Enabled *bool                   `json:"enabled,omitempty"`
+	Skip    DLPContextAwarenessSkip `json:"skip"`
+}
+
+// DLPProfile represents a DLP Profile, which contains a set
+// of entries.
+type DLPProfile struct {
+	ID                string `json:"id,omitempty"`
+	Name              string `json:"name,omitempty"`
+	Type              string `json:"type,omitempty"`
+	Description       string `json:"description,omitempty"`
+	AllowedMatchCount int    `json:"allowed_match_count"`
+	OCREnabled        *bool  `json:"ocr_enabled,omitempty"`
+
+	ContextAwareness *DLPContextAwareness `json:"context_awareness,omitempty"`
+
+	// The following fields are omitted for predefined DLP
+	// profiles.
+	Entries   []DLPEntry `json:"entries,omitempty"`
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+}
+
+// DLPProfilesCreateRequest represents a request to create a
+// set of profiles.
+type DLPProfilesCreateRequest struct {
+	Profiles []DLPProfile `json:"profiles"`
+}
+
+// DLPProfileListResponse represents the response from the list
+// dlp profiles endpoint.
+type DLPProfileListResponse struct {
+	Result []DLPProfile `json:"result"`
+	Response
+}
+
+// DLPProfileResponse is the API response, containing a single
+// access application.
+type DLPProfileResponse struct {
+	Success  bool       `json:"success"`
+	Errors   []string   `json:"errors"`
+	Messages []string   `json:"messages"`
+	Result   DLPProfile `json:"result"`
+}
+
+type ListDLPProfilesParams struct{}
+
+type CreateDLPProfilesParams struct {
+	Profiles []DLPProfile `json:"profiles"`
+	Type     string
+}
+
+type UpdateDLPProfileParams struct {
+	ProfileID string
+	Profile   DLPProfile
+	Type      string
+}
+
+// ListDLPProfiles returns all DLP profiles within an account.
+//
+// API reference: https://api.cloudflare.com/#dlp-profiles-list-all-profiles
+func (api *API) ListDLPProfiles(ctx context.Context, rc *ResourceContainer, params ListDLPProfilesParams) ([]DLPProfile, error) {
+	if rc.Identifier == "" {
+		return []DLPProfile{}, ErrMissingResourceIdentifier
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles", rc.Level, rc.Identifier), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DLPProfile{}, err
+	}
+
+	var dlpProfilesListResponse DLPProfileListResponse
+	err = json.Unmarshal(res, &dlpProfilesListResponse)
+	if err != nil {
+		return []DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpProfilesListResponse.Result, nil
+}
+
+// GetDLPProfile returns a single DLP profile (custom or predefined) based on
+// the profile ID.
+//
+// API reference: https://api.cloudflare.com/#dlp-profiles-get-dlp-profile
+func (api *API) GetDLPProfile(ctx context.Context, rc *ResourceContainer, profileID string) (DLPProfile, error) {
+	if rc.Identifier == "" {
+		return DLPProfile{}, ErrMissingResourceIdentifier
+	}
+
+	if profileID == "" {
+		return DLPProfile{}, ErrMissingProfileID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s", rc.Level, rc.Identifier, profileID), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DLPProfile{}, err
+	}
+
+	var dlpProfileResponse DLPProfileResponse
+	err = json.Unmarshal(res, &dlpProfileResponse)
+	if err != nil {
+		return DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpProfileResponse.Result, nil
+}
+
+// CreateDLPProfiles creates a set of DLP Profile.
+//
+// API reference: https://api.cloudflare.com/#dlp-profiles-create-custom-profiles
+func (api *API) CreateDLPProfiles(ctx context.Context, rc *ResourceContainer, params CreateDLPProfilesParams) ([]DLPProfile, error) {
+	if rc.Identifier == "" {
+		return []DLPProfile{}, ErrMissingResourceIdentifier
+	}
+
+	if params.Type == "" || params.Type != "custom" {
+		return []DLPProfile{}, fmt.Errorf("unsupported DLP profile type: %q", params.Type)
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s", rc.Level, rc.Identifier, params.Type), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return []DLPProfile{}, err
+	}
+
+	var dLPCustomProfilesResponse DLPProfileListResponse
+	err = json.Unmarshal(res, &dLPCustomProfilesResponse)
+	if err != nil {
+		return []DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dLPCustomProfilesResponse.Result, nil
+}
+
+// DeleteDLPProfile deletes a DLP profile. Only custom profiles can be deleted.
+//
+// API reference: https://api.cloudflare.com/#dlp-profiles-delete-custom-profile
+func (api *API) DeleteDLPProfile(ctx context.Context, rc *ResourceContainer, profileID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingResourceIdentifier
+	}
+
+	if profileID == "" {
+		return ErrMissingProfileID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/custom/%s", rc.Level, rc.Identifier, profileID), nil)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	return err
+}
+
+// UpdateDLPProfile updates a DLP profile.
+//
+// API reference: https://api.cloudflare.com/#dlp-profiles-update-custom-profile
+// API reference: https://api.cloudflare.com/#dlp-profiles-update-predefined-profile
+func (api *API) UpdateDLPProfile(ctx context.Context, rc *ResourceContainer, params UpdateDLPProfileParams) (DLPProfile, error) {
+	if rc.Identifier == "" {
+		return DLPProfile{}, ErrMissingResourceIdentifier
+	}
+
+	if params.Type == "" {
+		params.Type = "custom"
+	}
+
+	if params.ProfileID == "" {
+		return DLPProfile{}, ErrMissingProfileID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s/%s", rc.Level, rc.Identifier, params.Type, params.ProfileID), nil)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Profile)
+	if err != nil {
+		return DLPProfile{}, err
+	}
+
+	var dlpProfileResponse DLPProfileResponse
+	err = json.Unmarshal(res, &dlpProfileResponse)
+	if err != nil {
+		return DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return dlpProfileResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/dlp_profile_test.go b/pkg/cloudflare-go/dlp_profile_test.go
new file mode 100644
index 0000000000..3345c3dd35
--- /dev/null
+++ b/pkg/cloudflare-go/dlp_profile_test.go
@@ -0,0 +1,636 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDLPProfiles(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
+					"name": "U.S. Social Security Numbers",
+					"entries": [
+						{
+							"id": "111b9d4b-a5c6-40f0-957d-9d53b25dd84a",
+							"name": "SSN Numeric Detection",
+							"profile_id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
+							"enabled": false,
+							"type": "predefined"
+						},
+						{
+							"id": "aec08712-ee49-4109-9d9f-3b229c5b3dcd",
+							"name": "SSN Text",
+							"profile_id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
+							"enabled": false,
+							"type": "predefined"
+						}
+					],
+					"type": "predefined",
+					"allowed_match_count": 0,
+					"context_awareness": {
+						"enabled": true,
+						"skip": {
+							"files": true
+						}
+					},
+					"ocr_enabled": false
+				},
+				{
+					"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+					"name": "Example Custom Profile",
+					"entries": [
+						{
+							"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+							"name": "matches credit card regex",
+							"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+							"created_at": "2022-10-18T08:00:56Z",
+							"updated_at": "2022-10-18T08:00:57Z",
+							"pattern": {
+								"regex": "^4[0-9]$",
+								"validation": "luhn"
+							},
+							"enabled": true,
+							"type": "custom"
+						}
+					],
+					"created_at": "2022-10-18T08:00:56Z",
+					"updated_at": "2022-10-18T08:00:57Z",
+					"type": "custom",
+					"description": "just a custom profile example",
+					"allowed_match_count": 1,
+					"ocr_enabled": true 
+				}
+			]
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
+
+	want := []DLPProfile{
+		{
+			ID:                "d658f520-6ecb-4a34-a725-ba37243c2d28",
+			Name:              "U.S. Social Security Numbers",
+			Type:              "predefined",
+			Description:       "",
+			AllowedMatchCount: 0,
+			ContextAwareness: &DLPContextAwareness{
+				Enabled: BoolPtr(true),
+				Skip: DLPContextAwarenessSkip{
+					Files: BoolPtr(true),
+				},
+			},
+			OCREnabled: BoolPtr(false),
+			Entries: []DLPEntry{
+				{
+					ID:        "111b9d4b-a5c6-40f0-957d-9d53b25dd84a",
+					Name:      "SSN Numeric Detection",
+					ProfileID: "d658f520-6ecb-4a34-a725-ba37243c2d28",
+					Type:      "predefined",
+					Enabled:   BoolPtr(false),
+				},
+				{
+					ID:   "aec08712-ee49-4109-9d9f-3b229c5b3dcd",
+					Name: "SSN Text", ProfileID: "d658f520-6ecb-4a34-a725-ba37243c2d28",
+					Type:    "predefined",
+					Enabled: BoolPtr(false),
+				},
+			},
+		},
+		{
+			ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
+			Name:              "Example Custom Profile",
+			Type:              "custom",
+			Description:       "just a custom profile example",
+			AllowedMatchCount: 1,
+			// Omit ContextAwareness to test ContextAwareness optionality
+			OCREnabled: BoolPtr(true),
+			Entries: []DLPEntry{
+				{
+					ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+					Name:      "matches credit card regex",
+					ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+					Enabled:   BoolPtr(true),
+					Type:      "custom",
+					Pattern: &DLPPattern{
+						Regex:      "^4[0-9]$",
+						Validation: "luhn",
+					},
+					CreatedAt: &createdAt,
+					UpdatedAt: &updatedAt,
+				},
+			},
+			CreatedAt: &createdAt,
+			UpdatedAt: &updatedAt,
+		}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles", handler)
+
+	actual, err := client.ListDLPProfiles(context.Background(), AccountIdentifier(testAccountID), ListDLPProfilesParams{})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestGetDLPProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+				"name": "Example Custom Profile",
+				"entries": [
+					{
+						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+						"name": "matches credit card regex",
+						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+						"created_at": "2022-10-18T08:00:56Z",
+						"updated_at": "2022-10-18T08:00:57Z",
+						"pattern": {
+							"regex": "^4[0-9]$",
+							"validation": "luhn"
+						},
+						"enabled": true,
+						"type": "custom"
+					}
+				],
+				"created_at": "2022-10-18T08:00:56Z",
+				"updated_at": "2022-10-18T08:00:57Z",
+				"type": "custom",
+				"description": "just a custom profile example",
+				"allowed_match_count": 42,
+				"context_awareness": {
+					"enabled": false,
+					"skip": {
+						"files": false
+					}
+				}
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
+
+	want := DLPProfile{
+		ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Name:              "Example Custom Profile",
+		Type:              "custom",
+		Description:       "just a custom profile example",
+		AllowedMatchCount: 42,
+		ContextAwareness: &DLPContextAwareness{
+			Enabled: BoolPtr(false),
+			Skip: DLPContextAwarenessSkip{
+				Files: BoolPtr(false),
+			},
+		},
+		Entries: []DLPEntry{
+			{
+				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+				Name:      "matches credit card regex",
+				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+				Enabled:   BoolPtr(true),
+				Pattern: &DLPPattern{
+					Regex:      "^4[0-9]$",
+					Validation: "luhn",
+				},
+				Type:      "custom",
+				CreatedAt: &createdAt,
+				UpdatedAt: &updatedAt,
+			},
+		},
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
+
+	actual, err := client.GetDLPProfile(context.Background(), AccountIdentifier(testAccountID), "29678c26-a191-428d-9f63-6e20a4a636a4")
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestCreateDLPCustomProfiles(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var reqBody DLPProfilesCreateRequest
+		err := json.NewDecoder(r.Body).Decode(&reqBody)
+		require.Nil(t, err)
+		requestProfile := reqBody.Profiles[0]
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [{
+				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+				"name": "`+requestProfile.Name+`",
+				"entries": [
+					{
+						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+						"name": "`+requestProfile.Entries[0].Name+`",
+						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+						"created_at": "2022-10-18T08:00:56Z",
+						"updated_at": "2022-10-18T08:00:57Z",
+						"pattern": {
+							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
+							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
+						},
+						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
+						"type": "custom"
+					}
+				],
+				"created_at": "2022-10-18T08:00:56Z",
+				"updated_at": "2022-10-18T08:00:57Z",
+				"type": "custom",
+				"description": "`+requestProfile.Description+`",
+				"allowed_match_count": 0,
+				"ocr_enabled": true
+			}]
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
+
+	want := []DLPProfile{
+		{
+			ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
+			Name:        "Example Custom Profile",
+			Type:        "custom",
+			Description: "just a custom profile example",
+			Entries: []DLPEntry{
+				{
+					ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+					Name:      "matches credit card regex",
+					ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+					Enabled:   BoolPtr(true),
+					Type:      "custom",
+					Pattern: &DLPPattern{
+						Regex:      "^4[0-9]$",
+						Validation: "luhn",
+					},
+					CreatedAt: &createdAt,
+					UpdatedAt: &updatedAt,
+				},
+			},
+			CreatedAt:         &createdAt,
+			UpdatedAt:         &updatedAt,
+			AllowedMatchCount: 0,
+			OCREnabled:        BoolPtr(true),
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom", handler)
+
+	profiles := []DLPProfile{
+		{
+			Name:        "Example Custom Profile",
+			Description: "just a custom profile example",
+			Type:        "custom",
+			Entries: []DLPEntry{
+				{
+					Name:    "matches credit card regex",
+					Enabled: BoolPtr(true),
+					Pattern: &DLPPattern{
+						Regex:      "^4[0-9]$",
+						Validation: "luhn",
+					},
+				},
+			},
+			AllowedMatchCount: 0,
+		},
+	}
+	actual, err := client.CreateDLPProfiles(context.Background(), AccountIdentifier(testAccountID), CreateDLPProfilesParams{Profiles: profiles, Type: "custom"})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestCreateDLPCustomProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var reqBody DLPProfilesCreateRequest
+		err := json.NewDecoder(r.Body).Decode(&reqBody)
+		require.Nil(t, err)
+		requestProfile := reqBody.Profiles[0]
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [{
+				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+				"name": "`+requestProfile.Name+`",
+				"entries": [
+					{
+						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+						"name": "`+requestProfile.Entries[0].Name+`",
+						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+						"created_at": "2022-10-18T08:00:56Z",
+						"updated_at": "2022-10-18T08:00:57Z",
+						"pattern": {
+							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
+							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
+						},
+						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
+						"type": "custom"
+					}
+				],
+				"created_at": "2022-10-18T08:00:56Z",
+				"updated_at": "2022-10-18T08:00:57Z",
+				"type": "custom",
+				"description": "`+requestProfile.Description+`",
+				"allowed_match_count": 0
+			}]
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
+
+	want := []DLPProfile{{
+
+		ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Name:        "Example Custom Profile",
+		Type:        "custom",
+		Description: "just a custom profile example",
+		Entries: []DLPEntry{
+			{
+				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+				Name:      "matches credit card regex",
+				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+				Type:      "custom",
+				Enabled:   BoolPtr(true),
+				Pattern: &DLPPattern{
+					Regex:      "^4[0-9]$",
+					Validation: "luhn",
+				},
+				CreatedAt: &createdAt,
+				UpdatedAt: &updatedAt,
+			},
+		},
+		CreatedAt:         &createdAt,
+		UpdatedAt:         &updatedAt,
+		AllowedMatchCount: 0,
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom", handler)
+
+	profiles := []DLPProfile{{
+		Name:        "Example Custom Profile",
+		Description: "just a custom profile example",
+		Entries: []DLPEntry{
+			{
+				Name:    "matches credit card regex",
+				Enabled: BoolPtr(true),
+				Pattern: &DLPPattern{
+					Regex:      "^4[0-9]$",
+					Validation: "luhn",
+				},
+			},
+		},
+		AllowedMatchCount: 0,
+	}}
+
+	actual, err := client.CreateDLPProfiles(context.Background(), AccountIdentifier(testAccountID), CreateDLPProfilesParams{
+		Profiles: profiles,
+		Type:     "custom",
+	})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestUpdateDLPCustomProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var requestProfile DLPProfile
+		err := json.NewDecoder(r.Body).Decode(&requestProfile)
+		require.Nil(t, err)
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+				"name": "`+requestProfile.Name+`",
+				"entries": [
+					{
+						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+						"name": "`+requestProfile.Entries[0].Name+`",
+						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+						"created_at": "2022-10-18T08:00:56Z",
+						"updated_at": "2022-10-18T08:00:57Z",
+						"pattern": {
+							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
+							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
+						},
+						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
+						"type": "custom"
+					}
+				],
+				"created_at": "2022-10-18T08:00:56Z",
+				"updated_at": "2022-10-18T08:00:57Z",
+				"type": "custom",
+				"description": "`+requestProfile.Description+`",
+				"allowed_match_count": 0
+			}
+		}`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
+
+	want := DLPProfile{
+
+		ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Name:        "Example Custom Profile",
+		Type:        "custom",
+		Description: "just a custom profile example",
+		Entries: []DLPEntry{
+			{
+				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+				Name:      "matches credit card regex",
+				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+				Enabled:   BoolPtr(true),
+				Type:      "custom",
+				Pattern: &DLPPattern{
+					Regex:      "^4[0-9]$",
+					Validation: "luhn",
+				},
+				CreatedAt: &createdAt,
+				UpdatedAt: &updatedAt,
+			},
+		},
+		CreatedAt:         &createdAt,
+		UpdatedAt:         &updatedAt,
+		AllowedMatchCount: 0,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
+
+	customProfile := DLPProfile{
+		Name:        "Example Custom Profile",
+		Description: "just a custom profile example",
+		Entries: []DLPEntry{
+			{
+				Name:    "matches credit card regex",
+				Enabled: BoolPtr(true),
+				Pattern: &DLPPattern{
+					Regex:      "^4[0-9]$",
+					Validation: "luhn",
+				},
+			},
+		},
+		AllowedMatchCount: 0,
+	}
+	actual, err := client.UpdateDLPProfile(context.Background(), AccountIdentifier(testAccountID), UpdateDLPProfileParams{
+		ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Type:      "custom",
+		Profile:   customProfile,
+	})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestUpdateDLPPredefinedProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var requestProfile DLPProfile
+		err := json.NewDecoder(r.Body).Decode(&requestProfile)
+		require.Nil(t, err)
+
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+				"name": "Example predefined profile",
+				"entries": [
+					{
+						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
+						"name": "Example predefined entry",
+						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
+						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
+						"type": "predefined"
+					}
+				],
+				"type": "predefined",
+				"description": "example predefined profile",
+				"allowed_match_count": 0,
+				"context_awareness": {
+					"enabled": true,
+					"skip": {
+						"files": true
+					}
+				}
+			}
+		}`)
+	}
+
+	want := DLPProfile{
+		ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Name:              "Example predefined profile",
+		Type:              "predefined",
+		Description:       "example predefined profile",
+		AllowedMatchCount: 0,
+		ContextAwareness: &DLPContextAwareness{
+			Enabled: BoolPtr(true),
+			Skip: DLPContextAwarenessSkip{
+				Files: BoolPtr(true),
+			},
+		},
+		Entries: []DLPEntry{
+			{
+				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
+				Name:      "Example predefined entry",
+				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+				Type:      "predefined",
+				Enabled:   BoolPtr(true),
+			},
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/predefined/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
+
+	actual, err := client.UpdateDLPProfile(context.Background(), AccountIdentifier(testAccountID), UpdateDLPProfileParams{
+		ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
+		Type:      "predefined",
+		Profile: DLPProfile{
+			Entries: []DLPEntry{
+				{
+					ID:      "29678c26-a191-428d-9f63-6e20a4a636a4",
+					Enabled: BoolPtr(true),
+				},
+			},
+		}})
+	require.NoError(t, err)
+	require.Equal(t, want, actual)
+}
+
+func TestDeleteDLPCustomProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
+
+	err := client.DeleteDLPProfile(context.Background(), AccountIdentifier(testAccountID), "29678c26-a191-428d-9f63-6e20a4a636a4")
+	require.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/dns.go b/pkg/cloudflare-go/dns.go
new file mode 100644
index 0000000000..14dbe2d4b3
--- /dev/null
+++ b/pkg/cloudflare-go/dns.go
@@ -0,0 +1,423 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+	"golang.org/x/net/idna"
+)
+
+// ErrMissingBINDContents is for when the BIND file contents is required but not set.
+var ErrMissingBINDContents = errors.New("required BIND config contents missing")
+
+// DNSRecord represents a DNS record in a zone.
+type DNSRecord struct {
+	CreatedOn  time.Time   `json:"created_on,omitempty"`
+	ModifiedOn time.Time   `json:"modified_on,omitempty"`
+	Type       string      `json:"type,omitempty"`
+	Name       string      `json:"name,omitempty"`
+	Content    string      `json:"content,omitempty"`
+	Meta       interface{} `json:"meta,omitempty"`
+	Data       interface{} `json:"data,omitempty"` // data returned by: SRV, LOC
+	ID         string      `json:"id,omitempty"`
+	ZoneID     string      `json:"zone_id,omitempty"`
+	ZoneName   string      `json:"zone_name,omitempty"`
+	Priority   *uint16     `json:"priority,omitempty"`
+	TTL        int         `json:"ttl,omitempty"`
+	Proxied    *bool       `json:"proxied,omitempty"`
+	Proxiable  bool        `json:"proxiable,omitempty"`
+	Comment    string      `json:"comment,omitempty"` // the server will omit the comment field when the comment is empty
+	Tags       []string    `json:"tags,omitempty"`
+}
+
+// DNSRecordResponse represents the response from the DNS endpoint.
+type DNSRecordResponse struct {
+	Result DNSRecord `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type ListDirection string
+
+const (
+	ListDirectionAsc  ListDirection = "asc"
+	ListDirectionDesc ListDirection = "desc"
+)
+
+type ListDNSRecordsParams struct {
+	Type      string        `url:"type,omitempty"`
+	Name      string        `url:"name,omitempty"`
+	Content   string        `url:"content,omitempty"`
+	Proxied   *bool         `url:"proxied,omitempty"`
+	Comment   string        `url:"comment,omitempty"` // currently, the server does not support searching for records with an empty comment
+	Tags      []string      `url:"tag,omitempty"`     // potentially multiple `tag=`
+	TagMatch  string        `url:"tag-match,omitempty"`
+	Order     string        `url:"order,omitempty"`
+	Direction ListDirection `url:"direction,omitempty"`
+	Match     string        `url:"match,omitempty"`
+	Priority  *uint16       `url:"-"`
+
+	ResultInfo
+}
+
+type UpdateDNSRecordParams struct {
+	Type     string      `json:"type,omitempty"`
+	Name     string      `json:"name,omitempty"`
+	Content  string      `json:"content,omitempty"`
+	Data     interface{} `json:"data,omitempty"` // data for: SRV, LOC
+	ID       string      `json:"-"`
+	Priority *uint16     `json:"priority,omitempty"`
+	TTL      int         `json:"ttl,omitempty"`
+	Proxied  *bool       `json:"proxied,omitempty"`
+	Comment  *string     `json:"comment,omitempty"` // nil will keep the current comment, while StringPtr("") will empty it
+	Tags     []string    `json:"tags"`
+}
+
+// DNSListResponse represents the response from the list DNS records endpoint.
+type DNSListResponse struct {
+	Result []DNSRecord `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// listDNSRecordsDefaultPageSize represents the default per_page size of the API.
+var listDNSRecordsDefaultPageSize int = 100
+
+// nontransitionalLookup implements the nontransitional processing as specified in
+// Unicode Technical Standard 46 with almost all checkings off to maximize user freedom.
+var nontransitionalLookup = idna.New(
+	idna.MapForLookup(),
+	idna.StrictDomainName(false),
+	idna.ValidateLabels(false),
+)
+
+// toUTS46ASCII tries to convert IDNs (international domain names)
+// from Unicode form to Punycode, using non-transitional process specified
+// in UTS 46.
+//
+// Note: conversion errors are silently discarded and partial conversion
+// results are used.
+func toUTS46ASCII(name string) string {
+	name, _ = nontransitionalLookup.ToASCII(name)
+	return name
+}
+
+// proxiedRecordsRe is the regular expression for determining if a DNS record
+// is proxied or not.
+var proxiedRecordsRe = regexp.MustCompile(`(?m)^.*\.\s+1\s+IN\s+CNAME.*$`)
+
+// proxiedRecordImportTemplate is the multipart template for importing *only*
+// proxied records. See `nonProxiedRecordImportTemplate` for importing records
+// that are not proxied.
+var proxiedRecordImportTemplate = `--------------------------BOUNDARY
+Content-Disposition: form-data; name="file"; filename="bind.txt"
+
+%s
+--------------------------BOUNDARY
+Content-Disposition: form-data; name="proxied"
+
+true
+--------------------------BOUNDARY--`
+
+// nonProxiedRecordImportTemplate is the multipart template for importing DNS
+// records that are not proxed. For importing proxied records, use
+// `proxiedRecordImportTemplate`.
+var nonProxiedRecordImportTemplate = `--------------------------BOUNDARY
+Content-Disposition: form-data; name="file"; filename="bind.txt"
+
+%s
+--------------------------BOUNDARY--`
+
+// sanitiseBINDFileInput accepts the BIND file as a string and removes parts
+// that are not required for importing or would break the import (like SOA
+// records).
+func sanitiseBINDFileInput(s string) string {
+	// Remove SOA records.
+	soaRe := regexp.MustCompile(`(?m)[\r\n]+^.*IN\s+SOA.*$`)
+	s = soaRe.ReplaceAllString(s, "")
+
+	// Remove all comments.
+	commentRe := regexp.MustCompile(`(?m)[\r\n]+^.*;;.*$`)
+	s = commentRe.ReplaceAllString(s, "")
+
+	// Swap all the tabs to spaces.
+	r := strings.NewReplacer(
+		"\t", " ",
+		"\n\n", "\n",
+	)
+	s = r.Replace(s)
+	s = strings.TrimSpace(s)
+
+	return s
+}
+
+// extractProxiedRecords accepts a BIND file (as a string) and returns only the
+// proxied DNS records.
+func extractProxiedRecords(s string) string {
+	proxiedOnlyRecords := proxiedRecordsRe.FindAllString(s, -1)
+	return strings.Join(proxiedOnlyRecords, "\n")
+}
+
+// removeProxiedRecords accepts a BIND file (as a string) and returns the file
+// contents without any proxied records included.
+func removeProxiedRecords(s string) string {
+	return proxiedRecordsRe.ReplaceAllString(s, "")
+}
+
+type ExportDNSRecordsParams struct{}
+type ImportDNSRecordsParams struct {
+	BINDContents string
+}
+
+type CreateDNSRecordParams struct {
+	CreatedOn  time.Time   `json:"created_on,omitempty" url:"created_on,omitempty"`
+	ModifiedOn time.Time   `json:"modified_on,omitempty" url:"modified_on,omitempty"`
+	Type       string      `json:"type,omitempty" url:"type,omitempty"`
+	Name       string      `json:"name,omitempty" url:"name,omitempty"`
+	Content    string      `json:"content,omitempty" url:"content,omitempty"`
+	Meta       interface{} `json:"meta,omitempty"`
+	Data       interface{} `json:"data,omitempty"` // data returned by: SRV, LOC
+	ID         string      `json:"id,omitempty"`
+	ZoneID     string      `json:"zone_id,omitempty"`
+	ZoneName   string      `json:"zone_name,omitempty"`
+	Priority   *uint16     `json:"priority,omitempty"`
+	TTL        int         `json:"ttl,omitempty"`
+	Proxied    *bool       `json:"proxied,omitempty" url:"proxied,omitempty"`
+	Proxiable  bool        `json:"proxiable,omitempty"`
+	Comment    string      `json:"comment,omitempty" url:"comment,omitempty"` // to the server, there's no difference between "no comment" and "empty comment"
+	Tags       []string    `json:"tags,omitempty"`
+}
+
+// CreateDNSRecord creates a DNS record for the zone identifier.
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record
+func (api *API) CreateDNSRecord(ctx context.Context, rc *ResourceContainer, params CreateDNSRecordParams) (DNSRecord, error) {
+	if rc.Identifier == "" {
+		return DNSRecord{}, ErrMissingZoneID
+	}
+	params.Name = toUTS46ASCII(params.Name)
+
+	uri := fmt.Sprintf("/zones/%s/dns_records", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return DNSRecord{}, err
+	}
+
+	var recordResp *DNSRecordResponse
+	err = json.Unmarshal(res, &recordResp)
+	if err != nil {
+		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return recordResp.Result, nil
+}
+
+// ListDNSRecords returns a slice of DNS records for the given zone identifier.
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-list-dns-records
+func (api *API) ListDNSRecords(ctx context.Context, rc *ResourceContainer, params ListDNSRecordsParams) ([]DNSRecord, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return nil, nil, ErrMissingZoneID
+	}
+
+	params.Name = toUTS46ASCII(params.Name)
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = listDNSRecordsDefaultPageSize
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var records []DNSRecord
+	var lastResultInfo ResultInfo
+
+	for {
+		uri := buildURI(fmt.Sprintf("/zones/%s/dns_records", rc.Identifier), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []DNSRecord{}, &ResultInfo{}, err
+		}
+		var listResponse DNSListResponse
+		err = json.Unmarshal(res, &listResponse)
+		if err != nil {
+			return []DNSRecord{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		records = append(records, listResponse.Result...)
+		lastResultInfo = listResponse.ResultInfo
+		params.ResultInfo = listResponse.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return records, &lastResultInfo, nil
+}
+
+// ErrMissingDNSRecordID is for when DNS record ID is needed but not given.
+var ErrMissingDNSRecordID = errors.New("required DNS record ID missing")
+
+// GetDNSRecord returns a single DNS record for the given zone & record
+// identifiers.
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-dns-record-details
+func (api *API) GetDNSRecord(ctx context.Context, rc *ResourceContainer, recordID string) (DNSRecord, error) {
+	if rc.Identifier == "" {
+		return DNSRecord{}, ErrMissingZoneID
+	}
+	if recordID == "" {
+		return DNSRecord{}, ErrMissingDNSRecordID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, recordID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DNSRecord{}, err
+	}
+	var r DNSRecordResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateDNSRecord updates a single DNS record for the given zone & record
+// identifiers.
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record
+func (api *API) UpdateDNSRecord(ctx context.Context, rc *ResourceContainer, params UpdateDNSRecordParams) (DNSRecord, error) {
+	if rc.Identifier == "" {
+		return DNSRecord{}, ErrMissingZoneID
+	}
+
+	if params.ID == "" {
+		return DNSRecord{}, ErrMissingDNSRecordID
+	}
+
+	params.Name = toUTS46ASCII(params.Name)
+
+	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return DNSRecord{}, err
+	}
+
+	var recordResp *DNSRecordResponse
+	err = json.Unmarshal(res, &recordResp)
+	if err != nil {
+		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return recordResp.Result, nil
+}
+
+// DeleteDNSRecord deletes a single DNS record for the given zone & record
+// identifiers.
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-delete-dns-record
+func (api *API) DeleteDNSRecord(ctx context.Context, rc *ResourceContainer, recordID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingZoneID
+	}
+	if recordID == "" {
+		return ErrMissingDNSRecordID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, recordID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r DNSRecordResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// ExportDNSRecords returns all DNS records for a zone in the BIND format.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-export-dns-records
+func (api *API) ExportDNSRecords(ctx context.Context, rc *ResourceContainer, params ExportDNSRecordsParams) (string, error) {
+	if rc.Level != ZoneRouteLevel {
+		return "", ErrRequiredZoneLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return "", ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/dns_records/export", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return "", err
+	}
+
+	return string(res), nil
+}
+
+// ImportDNSRecords takes the contents of a BIND configuration file and imports
+// all records at once.
+//
+// The current state of the API doesn't allow the proxying field to be
+// automatically set on records where the TTL is 1. Instead you need to
+// explicitly tell the endpoint which records are proxied in the form data. To
+// achieve a simpler abstraction, we do the legwork in the method of making the
+// two separate API calls (one for proxied and one for non-proxied) instead of
+// making the end user know about this detail.
+//
+// API reference: https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-import-dns-records
+func (api *API) ImportDNSRecords(ctx context.Context, rc *ResourceContainer, params ImportDNSRecordsParams) error {
+	if rc.Level != ZoneRouteLevel {
+		return ErrRequiredZoneLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ErrMissingZoneID
+	}
+
+	if params.BINDContents == "" {
+		return ErrMissingBINDContents
+	}
+
+	sanitisedBindData := sanitiseBINDFileInput(params.BINDContents)
+	nonProxiedRecords := removeProxiedRecords(sanitisedBindData)
+	proxiedOnlyRecords := extractProxiedRecords(sanitisedBindData)
+
+	nonProxiedRecordPayload := []byte(fmt.Sprintf(nonProxiedRecordImportTemplate, nonProxiedRecords))
+	nonProxiedReqBody := bytes.NewReader(nonProxiedRecordPayload)
+
+	uri := fmt.Sprintf("/zones/%s/dns_records/import", rc.Identifier)
+	multipartUploadHeaders := http.Header{
+		"Content-Type": {"multipart/form-data; boundary=------------------------BOUNDARY"},
+	}
+
+	_, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, nonProxiedReqBody, multipartUploadHeaders)
+	if err != nil {
+		return err
+	}
+
+	proxiedRecordPayload := []byte(fmt.Sprintf(proxiedRecordImportTemplate, proxiedOnlyRecords))
+	proxiedReqBody := bytes.NewReader(proxiedRecordPayload)
+
+	_, err = api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, proxiedReqBody, multipartUploadHeaders)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/dns_example_test.go b/pkg/cloudflare-go/dns_example_test.go
new file mode 100644
index 0000000000..e864a16fea
--- /dev/null
+++ b/pkg/cloudflare-go/dns_example_test.go
@@ -0,0 +1,94 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListDNSRecords_all() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch all records for a zone
+	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range recs {
+		fmt.Printf("%s: %s\n", r.Name, r.Content)
+	}
+}
+
+func ExampleAPI_ListDNSRecords_filterByContent() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Content: "198.51.100.1"})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range recs {
+		fmt.Printf("%s: %s\n", r.Name, r.Content)
+	}
+}
+
+func ExampleAPI_ListDNSRecords_filterByName() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Name: "foo.example.com"})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range recs {
+		fmt.Printf("%s: %s\n", r.Name, r.Content)
+	}
+}
+
+func ExampleAPI_ListDNSRecords_filterByType() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Type: "AAAA"})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range recs {
+		fmt.Printf("%s: %s\n", r.Name, r.Content)
+	}
+}
diff --git a/pkg/cloudflare-go/dns_firewall.go b/pkg/cloudflare-go/dns_firewall.go
new file mode 100644
index 0000000000..090b24c98a
--- /dev/null
+++ b/pkg/cloudflare-go/dns_firewall.go
@@ -0,0 +1,220 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingClusterID = errors.New("missing required cluster ID")
+
+// DNSFirewallCluster represents a DNS Firewall configuration.
+type DNSFirewallCluster struct {
+	ID                   string   `json:"id,omitempty"`
+	Name                 string   `json:"name"`
+	UpstreamIPs          []string `json:"upstream_ips"`
+	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
+	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
+	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
+	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
+	ModifiedOn           string   `json:"modified_on,omitempty"`
+}
+
+// DNSFirewallAnalyticsMetrics represents a group of aggregated DNS Firewall metrics.
+type DNSFirewallAnalyticsMetrics struct {
+	QueryCount         *int64   `json:"queryCount"`
+	UncachedCount      *int64   `json:"uncachedCount"`
+	StaleCount         *int64   `json:"staleCount"`
+	ResponseTimeAvg    *float64 `json:"responseTimeAvg"`
+	ResponseTimeMedian *float64 `json:"responseTimeMedian"`
+	ResponseTime90th   *float64 `json:"responseTime90th"`
+	ResponseTime99th   *float64 `json:"responseTime99th"`
+}
+
+// DNSFirewallAnalytics represents a set of aggregated DNS Firewall metrics.
+// TODO: Add the queried data and not only the aggregated values.
+type DNSFirewallAnalytics struct {
+	Totals DNSFirewallAnalyticsMetrics `json:"totals"`
+	Min    DNSFirewallAnalyticsMetrics `json:"min"`
+	Max    DNSFirewallAnalyticsMetrics `json:"max"`
+}
+
+// DNSFirewallUserAnalyticsOptions represents range and dimension selection on analytics endpoint.
+type DNSFirewallUserAnalyticsOptions struct {
+	Metrics []string   `url:"metrics,omitempty" del:","`
+	Since   *time.Time `url:"since,omitempty"`
+	Until   *time.Time `url:"until,omitempty"`
+}
+
+// dnsFirewallResponse represents a DNS Firewall response.
+type dnsFirewallResponse struct {
+	Response
+	Result *DNSFirewallCluster `json:"result"`
+}
+
+// dnsFirewallListResponse represents an array of DNS Firewall responses.
+type dnsFirewallListResponse struct {
+	Response
+	Result []*DNSFirewallCluster `json:"result"`
+}
+
+// dnsFirewallAnalyticsResponse represents a DNS Firewall analytics response.
+type dnsFirewallAnalyticsResponse struct {
+	Response
+	Result DNSFirewallAnalytics `json:"result"`
+}
+
+type CreateDNSFirewallClusterParams struct {
+	Name                 string   `json:"name"`
+	UpstreamIPs          []string `json:"upstream_ips"`
+	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
+	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
+	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
+	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
+}
+
+type GetDNSFirewallClusterParams struct {
+	ClusterID string `json:"-"`
+}
+
+type UpdateDNSFirewallClusterParams struct {
+	ClusterID            string   `json:"-"`
+	Name                 string   `json:"name"`
+	UpstreamIPs          []string `json:"upstream_ips"`
+	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
+	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
+	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
+	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
+}
+
+type ListDNSFirewallClustersParams struct{}
+
+type GetDNSFirewallUserAnalyticsParams struct {
+	ClusterID string `json:"-"`
+	DNSFirewallUserAnalyticsOptions
+}
+
+// CreateDNSFirewallCluster creates a new DNS Firewall cluster.
+//
+// API reference: https://api.cloudflare.com/#dns-firewall-create-dns-firewall-cluster
+func (api *API) CreateDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params CreateDNSFirewallClusterParams) (*DNSFirewallCluster, error) {
+	uri := fmt.Sprintf("/%s/dns_firewall", rc.URLFragment())
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &dnsFirewallResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// GetDNSFirewallCluster fetches a single DNS Firewall cluster.
+//
+// API reference: https://api.cloudflare.com/#dns-firewall-dns-firewall-cluster-details
+func (api *API) GetDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params GetDNSFirewallClusterParams) (*DNSFirewallCluster, error) {
+	if params.ClusterID == "" {
+		return &DNSFirewallCluster{}, ErrMissingClusterID
+	}
+
+	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), params.ClusterID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &dnsFirewallResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// ListDNSFirewallClusters lists the DNS Firewall clusters associated with an account.
+//
+// API reference: https://api.cloudflare.com/#dns-firewall-list-dns-firewall-clusters
+func (api *API) ListDNSFirewallClusters(ctx context.Context, rc *ResourceContainer, params ListDNSFirewallClustersParams) ([]*DNSFirewallCluster, error) {
+	uri := fmt.Sprintf("/%s/dns_firewall", rc.URLFragment())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &dnsFirewallListResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// UpdateDNSFirewallCluster updates a DNS Firewall cluster.
+//
+// API reference: https://api.cloudflare.com/#dns-firewall-update-dns-firewall-cluster
+func (api *API) UpdateDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params UpdateDNSFirewallClusterParams) error {
+	if params.ClusterID == "" {
+		return ErrMissingClusterID
+	}
+
+	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), params.ClusterID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return err
+	}
+
+	response := &dnsFirewallResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// DeleteDNSFirewallCluster deletes a DNS Firewall cluster. Note that this cannot be
+// undone, and will stop all traffic to that cluster.
+//
+// API reference: https://api.cloudflare.com/#dns-firewall-delete-dns-firewall-cluster
+func (api *API) DeleteDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, clusterID string) error {
+	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), clusterID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	response := &dnsFirewallResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// GetDNSFirewallUserAnalytics retrieves analytics report for a specified dimension and time range.
+func (api *API) GetDNSFirewallUserAnalytics(ctx context.Context, rc *ResourceContainer, params GetDNSFirewallUserAnalyticsParams) (DNSFirewallAnalytics, error) {
+	uri := buildURI(fmt.Sprintf("/%s/dns_firewall/%s/dns_analytics/report", rc.URLFragment(), params.ClusterID), params.DNSFirewallUserAnalyticsOptions)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DNSFirewallAnalytics{}, err
+	}
+
+	response := dnsFirewallAnalyticsResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return DNSFirewallAnalytics{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/dns_firewall_test.go b/pkg/cloudflare-go/dns_firewall_test.go
new file mode 100644
index 0000000000..5c85320cb3
--- /dev/null
+++ b/pkg/cloudflare-go/dns_firewall_test.go
@@ -0,0 +1,145 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDNSFirewallUserAnalytics_UserLevel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	now := time.Now().UTC()
+	since := now.Add(-1 * time.Hour)
+	until := now
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		expectedMetrics := "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedia,responseTime90th,responseTime99th"
+
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET'")
+		assert.Equal(t, expectedMetrics, r.URL.Query().Get("metrics"), "Expected many metrics in URL parameter")
+		assert.Equal(t, since.Format(time.RFC3339), r.URL.Query().Get("since"), "Expected since parameter in URL")
+		assert.Equal(t, until.Format(time.RFC3339), r.URL.Query().Get("until"), "Expected until parameter in URL")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": {
+			"totals":{
+				"queryCount": 5,
+				"uncachedCount":6,
+				"staleCount":7,
+				"responseTimeAvg":1.0,
+				"responseTimeMedian":2.0,
+				"responseTime90th":3.0,
+				"responseTime99th":4.0
+			  }
+		  },
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}`)
+	}
+
+	mux.HandleFunc("/user/dns_firewall/12345/dns_analytics/report", handler)
+	want := DNSFirewallAnalytics{
+		Totals: DNSFirewallAnalyticsMetrics{
+			QueryCount:         Int64Ptr(5),
+			UncachedCount:      Int64Ptr(6),
+			StaleCount:         Int64Ptr(7),
+			ResponseTimeAvg:    Float64Ptr(1.0),
+			ResponseTimeMedian: Float64Ptr(2.0),
+			ResponseTime90th:   Float64Ptr(3.0),
+			ResponseTime99th:   Float64Ptr(4.0),
+		},
+	}
+
+	actual, err := client.GetDNSFirewallUserAnalytics(context.Background(), UserIdentifier("foo"), GetDNSFirewallUserAnalyticsParams{ClusterID: "12345", DNSFirewallUserAnalyticsOptions: DNSFirewallUserAnalyticsOptions{
+		Metrics: []string{
+			"queryCount",
+			"uncachedCount",
+			"staleCount",
+			"responseTimeAvg",
+			"responseTimeMedia",
+			"responseTime90th",
+			"responseTime99th",
+		},
+		Since: &since,
+		Until: &until,
+	}})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDNSFirewallUserAnalytics_AccountLevel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	now := time.Now().UTC()
+	since := now.Add(-1 * time.Hour)
+	until := now
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		expectedMetrics := "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedia,responseTime90th,responseTime99th"
+
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET'")
+		assert.Equal(t, expectedMetrics, r.URL.Query().Get("metrics"), "Expected many metrics in URL parameter")
+		assert.Equal(t, since.Format(time.RFC3339), r.URL.Query().Get("since"), "Expected since parameter in URL")
+		assert.Equal(t, until.Format(time.RFC3339), r.URL.Query().Get("until"), "Expected until parameter in URL")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": {
+			"totals":{
+				"queryCount": 5,
+				"uncachedCount":6,
+				"staleCount":7,
+				"responseTimeAvg":1.0,
+				"responseTimeMedian":2.0,
+				"responseTime90th":3.0,
+				"responseTime99th":4.0
+			  }
+		  },
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/dns_firewall/12345/dns_analytics/report", handler)
+	want := DNSFirewallAnalytics{
+		Totals: DNSFirewallAnalyticsMetrics{
+			QueryCount:         Int64Ptr(5),
+			UncachedCount:      Int64Ptr(6),
+			StaleCount:         Int64Ptr(7),
+			ResponseTimeAvg:    Float64Ptr(1.0),
+			ResponseTimeMedian: Float64Ptr(2.0),
+			ResponseTime90th:   Float64Ptr(3.0),
+			ResponseTime99th:   Float64Ptr(4.0),
+		},
+	}
+
+	actual, err := client.GetDNSFirewallUserAnalytics(context.Background(), AccountIdentifier(testAccountID), GetDNSFirewallUserAnalyticsParams{ClusterID: "12345", DNSFirewallUserAnalyticsOptions: DNSFirewallUserAnalyticsOptions{
+		Metrics: []string{
+			"queryCount",
+			"uncachedCount",
+			"staleCount",
+			"responseTimeAvg",
+			"responseTimeMedia",
+			"responseTime90th",
+			"responseTime99th",
+		},
+		Since: &since,
+		Until: &until,
+	}})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/dns_test.go b/pkg/cloudflare-go/dns_test.go
new file mode 100644
index 0000000000..43546dcc94
--- /dev/null
+++ b/pkg/cloudflare-go/dns_test.go
@@ -0,0 +1,700 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_toUTS46ASCII(t *testing.T) {
+	tests := map[string]struct {
+		domain   string
+		expected string
+	}{
+		"empty stays empty": {
+			domain:   "",
+			expected: "",
+		},
+		"unicode gets encoded": {
+			domain:   "😺.com",
+			expected: "xn--138h.com",
+		},
+		"unicode gets mapped and encoded": {
+			domain:   "ÖBB.at",
+			expected: "xn--bb-eka.at",
+		},
+		"punycode stays punycode": {
+			domain:   "xn--138h.com",
+			expected: "xn--138h.com",
+		},
+		"hyphens are not checked": {
+			domain:   "s3--s4.com",
+			expected: "s3--s4.com",
+		},
+		"STD3 rules are not enforced": {
+			domain:   "℀.com",
+			expected: "a/c.com",
+		},
+		"bidi check is disabled": {
+			domain:   "englishﻋﺮﺑﻲ.com",
+			expected: "xn--english-gqjzfwd1j.com",
+		},
+		"invalid joiners are allowed": {
+			domain:   "a\u200cb.com",
+			expected: "xn--ab-j1t.com",
+		},
+		"partial results are used despite errors": {
+			domain:   "xn--:D.xn--.😺.com",
+			expected: "xn--:d..xn--138h.com",
+		},
+	}
+	for name, tt := range tests {
+		t.Run(name, func(t *testing.T) {
+			actual := toUTS46ASCII(tt.domain)
+			assert.Equal(t, tt.expected, actual)
+		})
+	}
+}
+
+func TestCreateDNSRecord(t *testing.T) {
+	setup()
+	defer teardown()
+
+	priority := uint16(10)
+	proxied := false
+	asciiInput := DNSRecord{
+		Type:     "A",
+		Name:     "xn--138h.example.com",
+		Content:  "198.51.100.4",
+		TTL:      120,
+		Priority: &priority,
+		Proxied:  &proxied,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		var v DNSRecord
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, asciiInput, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"type": "A",
+				"name": "xn--138h.example.com",
+				"content": "198.51.100.4",
+				"proxiable": true,
+				"proxied": false,
+				"ttl": 120,
+				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+				"zone_name": "example.com",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"data": {},
+				"meta": {
+					"auto_added": true,
+					"source": "primary"
+				}
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := DNSRecord{
+		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
+		Type:       asciiInput.Type,
+		Name:       asciiInput.Name,
+		Content:    asciiInput.Content,
+		Proxiable:  true,
+		Proxied:    asciiInput.Proxied,
+		TTL:        asciiInput.TTL,
+		ZoneID:     testZoneID,
+		ZoneName:   "example.com",
+		CreatedOn:  createdOn,
+		ModifiedOn: modifiedOn,
+		Data:       map[string]interface{}{},
+		Meta: map[string]interface{}{
+			"auto_added": true,
+			"source":     "primary",
+		},
+	}
+
+	_, err := client.CreateDNSRecord(context.Background(), ZoneIdentifier(""), CreateDNSRecordParams{})
+	assert.ErrorIs(t, err, ErrMissingZoneID)
+
+	actual, err := client.CreateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), CreateDNSRecordParams{
+		Type:     "A",
+		Name:     "😺.example.com",
+		Content:  "198.51.100.4",
+		TTL:      120,
+		Priority: &priority,
+		Proxied:  &proxied})
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestListDNSRecords(t *testing.T) {
+	setup()
+	defer teardown()
+
+	asciiInput := DNSRecord{
+		Name:    "xn--138h.example.com",
+		Type:    "A",
+		Content: "198.51.100.4",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, asciiInput.Name, r.URL.Query().Get("name"))
+		assert.Equal(t, asciiInput.Type, r.URL.Query().Get("type"))
+		assert.Equal(t, asciiInput.Content, r.URL.Query().Get("content"))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "372e67954025e0ba6aaa6d586b9e0b59",
+					"type": "A",
+					"name": "xn--138h.example.com",
+					"content": "198.51.100.4",
+					"proxiable": true,
+					"proxied": false,
+					"ttl": 120,
+					"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+					"zone_name": "example.com",
+					"created_on": "2014-01-01T05:20:00Z",
+					"modified_on": "2014-01-01T05:20:00Z",
+					"data": {},
+					"meta": {
+						"auto_added": true,
+						"source": "primary"
+					}
+				}
+			],
+			"result_info": {
+				"count": 1,
+				"page": 1,
+				"per_page": 20,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
+
+	proxied := false
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := []DNSRecord{{
+		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
+		Type:       "A",
+		Name:       asciiInput.Name,
+		Content:    asciiInput.Content,
+		Proxiable:  true,
+		Proxied:    &proxied,
+		TTL:        120,
+		ZoneID:     testZoneID,
+		ZoneName:   "example.com",
+		CreatedOn:  createdOn,
+		ModifiedOn: modifiedOn,
+		Data:       map[string]interface{}{},
+		Meta: map[string]interface{}{
+			"auto_added": true,
+			"source":     "primary",
+		},
+	}}
+
+	_, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(""), ListDNSRecordsParams{})
+	assert.ErrorIs(t, err, ErrMissingZoneID)
+
+	actual, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{
+		Name:    "😺.example.com",
+		Type:    "A",
+		Content: "198.51.100.4",
+	})
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestListDNSRecordsSearch(t *testing.T) {
+	setup()
+	defer teardown()
+
+	recordInput := DNSRecord{
+		Name:    "example.com",
+		Type:    "A",
+		Content: "198.51.100.4",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, recordInput.Name, r.URL.Query().Get("name"))
+		assert.Equal(t, recordInput.Type, r.URL.Query().Get("type"))
+		assert.Equal(t, recordInput.Content, r.URL.Query().Get("content"))
+		assert.Equal(t, "all", r.URL.Query().Get("match"))
+		assert.Equal(t, "1", r.URL.Query().Get("page"))
+		assert.Equal(t, "type", r.URL.Query().Get("order"))
+		assert.Equal(t, "asc", r.URL.Query().Get("direction"))
+		assert.Equal(t, "any", r.URL.Query().Get("tag-match"))
+		assert.ElementsMatch(t, []string{"tag1", "tag2"}, r.URL.Query()["tag"])
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "372e67954025e0ba6aaa6d586b9e0b59",
+					"type": "A",
+					"name": "example.com",
+					"content": "198.51.100.4",
+					"proxiable": true,
+					"proxied": true,
+					"ttl": 120,
+					"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+					"zone_name": "example.com",
+					"created_on": "2014-01-01T05:20:00Z",
+					"modified_on": "2014-01-01T05:20:00Z",
+					"data": {},
+					"meta": {
+						"auto_added": true,
+						"source": "primary"
+					},
+					"tags": ["tag1", "tag2extended"]
+				}
+			],
+			"result_info": {
+				"count": 1,
+				"page": 1,
+				"per_page": 20,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
+
+	proxied := true
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := []DNSRecord{{
+		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
+		Type:       "A",
+		Name:       recordInput.Name,
+		Content:    recordInput.Content,
+		Proxiable:  true,
+		Proxied:    &proxied,
+		TTL:        120,
+		ZoneID:     testZoneID,
+		ZoneName:   "example.com",
+		CreatedOn:  createdOn,
+		ModifiedOn: modifiedOn,
+		Data:       map[string]interface{}{},
+		Meta: map[string]interface{}{
+			"auto_added": true,
+			"source":     "primary",
+		},
+		Tags: []string{"tag1", "tag2extended"},
+	}}
+
+	actual, resultInfo, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{
+		ResultInfo: ResultInfo{
+			Page: 1,
+		},
+		Match:     "all",
+		Order:     "type",
+		Direction: ListDirectionAsc,
+		Name:      "example.com",
+		Type:      "A",
+		Content:   "198.51.100.4",
+		TagMatch:  "any",
+		Tags:      []string{"tag1", "tag2"},
+	})
+	require.NoError(t, err)
+	assert.Equal(t, 1, resultInfo.Total)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestListDNSRecordsPagination(t *testing.T) {
+	// change listDNSRecordsDefaultPageSize value to 1 to force pagination
+	listDNSRecordsDefaultPageSize = 3
+
+	setup()
+	defer teardown()
+
+	var page1Called, page2Called bool
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		page := r.URL.Query().Get("page")
+		w.Header().Set("content-type", "application/json")
+
+		var response string
+		switch page {
+		case "1":
+			response = loadFixture("dns", "list_page_1")
+			page1Called = true
+		case "2":
+			response = loadFixture("dns", "list_page_2")
+			page2Called = true
+		default:
+			assert.Failf(t, "Unexpeted page requested: %s", page)
+			return
+		}
+		fmt.Fprint(w, response)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
+
+	actual, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{})
+	require.NoError(t, err)
+	assert.True(t, page1Called)
+	assert.True(t, page2Called)
+	assert.Len(t, actual, 5)
+
+	type ls struct {
+		Results []map[string]interface{} `json:"result"`
+	}
+
+	expectedRecords := make(map[string]map[string]interface{})
+
+	response1 := loadFixture("dns", "list_page_1")
+	var fixtureDataPage1 ls
+	err = json.Unmarshal([]byte(response1), &fixtureDataPage1)
+	assert.NoError(t, err)
+	for _, record := range fixtureDataPage1.Results {
+		expectedRecords[record["id"].(string)] = record
+	}
+
+	response2 := loadFixture("dns", "list_page_2")
+	var fixtureDataPage2 ls
+	err = json.Unmarshal([]byte(response2), &fixtureDataPage2)
+	assert.NoError(t, err)
+	for _, record := range fixtureDataPage2.Results {
+		expectedRecords[record["id"].(string)] = record
+	}
+
+	for _, actualRecord := range actual {
+		expected, exist := expectedRecords[actualRecord.ID]
+		assert.True(t, exist, "DNS record doesn't exist in fixtures")
+		assert.Equal(t, expected["type"].(string), actualRecord.Type)
+		assert.Equal(t, expected["name"].(string), actualRecord.Name)
+		assert.Equal(t, expected["content"].(string), actualRecord.Content)
+		assert.Equal(t, expected["proxiable"].(bool), actualRecord.Proxiable)
+		assert.Equal(t, expected["proxied"].(bool), *actualRecord.Proxied)
+		assert.Equal(t, int(expected["ttl"].(float64)), actualRecord.TTL)
+		assert.Equal(t, expected["zone_id"].(string), actualRecord.ZoneID)
+		assert.Equal(t, expected["zone_name"].(string), actualRecord.ZoneName)
+		assert.Equal(t, expected["data"], actualRecord.Data)
+		assert.Equal(t, expected["meta"], actualRecord.Meta)
+	}
+}
+
+func TestGetDNSRecord(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"type": "A",
+				"name": "example.com",
+				"content": "198.51.100.4",
+				"proxiable": true,
+				"proxied": false,
+				"ttl": 120,
+				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+				"zone_name": "example.com",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"data": {},
+				"meta": {
+					"auto_added": true,
+					"source": "primary"
+				},
+				"comment": "This is a comment",
+				"tags": ["tag1", "tag2"]
+			}
+		}`)
+	}
+
+	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
+
+	proxied := false
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := DNSRecord{
+		ID:         dnsRecordID,
+		Type:       "A",
+		Name:       "example.com",
+		Content:    "198.51.100.4",
+		Proxiable:  true,
+		Proxied:    &proxied,
+		TTL:        120,
+		ZoneID:     testZoneID,
+		ZoneName:   "example.com",
+		CreatedOn:  createdOn,
+		ModifiedOn: modifiedOn,
+		Data:       map[string]interface{}{},
+		Meta: map[string]interface{}{
+			"auto_added": true,
+			"source":     "primary",
+		},
+		Comment: "This is a comment",
+		Tags:    []string{"tag1", "tag2"},
+	}
+
+	_, err := client.GetDNSRecord(context.Background(), ZoneIdentifier(""), dnsRecordID)
+	assert.ErrorIs(t, err, ErrMissingZoneID)
+
+	_, err = client.GetDNSRecord(context.Background(), ZoneIdentifier(testZoneID), "")
+	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
+
+	actual, err := client.GetDNSRecord(context.Background(), ZoneIdentifier(testZoneID), dnsRecordID)
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateDNSRecord(t *testing.T) {
+	setup()
+	defer teardown()
+
+	proxied := false
+	input := DNSRecord{
+		ID:      "372e67954025e0ba6aaa6d586b9e0b59",
+		Type:    "A",
+		Name:    "xn--138h.example.com",
+		Content: "198.51.100.4",
+		TTL:     120,
+		Proxied: &proxied,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v DNSRecord
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"type": "A",
+				"name": "example.com",
+				"content": "198.51.100.4",
+				"proxiable": true,
+				"proxied": false,
+				"ttl": 120,
+				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+				"zone_name": "example.com",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"data": {},
+				"meta": {
+					"auto_added": true,
+					"source": "primary"
+				}
+			}
+		}`)
+	}
+
+	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
+
+	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(""), UpdateDNSRecordParams{ID: dnsRecordID})
+	assert.ErrorIs(t, err, ErrMissingZoneID)
+
+	_, err = client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{})
+	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
+
+	_, err = client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
+		ID:      dnsRecordID,
+		Type:    "A",
+		Name:    "😺.example.com",
+		Content: "198.51.100.4",
+		TTL:     120,
+		Proxied: &proxied,
+	})
+	require.NoError(t, err)
+}
+
+func TestUpdateDNSRecord_ClearComment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := DNSRecord{
+		ID:      "372e67954025e0ba6aaa6d586b9e0b59",
+		Comment: "",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v DNSRecord
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"type": "A",
+				"name": "example.com",
+				"content": "198.51.100.4",
+				"proxiable": true,
+				"proxied": false,
+				"ttl": 120,
+				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+				"zone_name": "example.com",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"comment":null,
+				"tags":[],
+				"data": {},
+				"meta": {
+					"auto_added": true,
+					"source": "primary"
+				}
+			}
+		}`)
+	}
+
+	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
+
+	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
+		ID:      dnsRecordID,
+		Comment: StringPtr(""),
+	})
+	require.NoError(t, err)
+}
+
+func TestUpdateDNSRecord_KeepComment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := DNSRecord{
+		ID: "372e67954025e0ba6aaa6d586b9e0b59",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v DNSRecord
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"type": "A",
+				"name": "example.com",
+				"content": "198.51.100.4",
+				"proxiable": true,
+				"proxied": false,
+				"ttl": 120,
+				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
+				"zone_name": "example.com",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"comment":null,
+				"tags":[],
+				"data": {},
+				"meta": {
+					"auto_added": true,
+					"source": "primary"
+				}
+			}
+		}`)
+	}
+
+	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
+
+	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
+		ID: dnsRecordID,
+	})
+	require.NoError(t, err)
+}
+
+func TestDeleteDNSRecord(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59"
+			}
+		}`)
+	}
+
+	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
+
+	err := client.DeleteDNSRecord(context.Background(), ZoneIdentifier(""), dnsRecordID)
+	assert.ErrorIs(t, err, ErrMissingZoneID)
+
+	err = client.DeleteDNSRecord(context.Background(), ZoneIdentifier(testZoneID), "")
+	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
+
+	err = client.DeleteDNSRecord(context.Background(), ZoneIdentifier(testZoneID), dnsRecordID)
+	require.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/docs/changelog-process.md b/pkg/cloudflare-go/docs/changelog-process.md
new file mode 100644
index 0000000000..33bc59add7
--- /dev/null
+++ b/pkg/cloudflare-go/docs/changelog-process.md
@@ -0,0 +1,96 @@
+## Changelog Process
+
+We use the [go-changelog](https://github.com/hashicorp/go-changelog) to generate and update the changelog from files created in the `.changelog/` directory. It is important that when you raise your Pull Request, there is a changelog entry which describes the changes your contribution makes. Not all changes require an entry in the CHANGELOG, guidance follows on what changes do.
+
+### Changelog Format
+
+The changelog format requires an entry in the following format, where HEADER corresponds to the changelog category, and the entry is the changelog entry itself. The entry should be included in a file in the `.changelog` directory with the naming convention `{PR-NUMBER}.txt`. For example, to create a changelog entry for pull request 1234, there should be a file named `.changelog/1234.txt`.
+
+````markdown
+```release-note:{HEADER}
+{ENTRY}
+```
+````
+
+If a pull request should contain multiple changelog entries, then multiple blocks can be added to the same changelog file. For example:
+
+````markdown
+```release-note:note
+foo: The `broken` attribute has been deprecated. All configurations using `broken` should be updated to use the new `not_broken` attribute instead.
+```
+
+```release-note:enhancement
+foo: Add `not_broken` attribute
+```
+````
+
+### Skipping changelog entries
+
+In order to skip/pass the automated checks where a CHANGELOG entry is not required, apply the `workflow/skip-changelog-entry` label.
+
+### Pull Request Types to CHANGELOG
+
+The CHANGELOG is intended to show operator-impacting changes to the codebase for a particular version. If every change or commit to the code resulted in an entry, the CHANGELOG would become less useful for operators. The lists below are general guidelines and examples for when a decision needs to be made to decide whether a change should have an entry.
+
+#### Changes that should have a CHANGELOG entry
+
+##### Resource and provider bug fixes
+
+A new bug entry should use the `release-note:bug` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
+
+````markdown
+```release-note:bug
+foo: Fix 'thing' being optional
+```
+````
+
+##### Resource and provider enhancements
+
+A new enhancement entry should use the `release-note:enhancement` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
+
+````markdown
+```release-note:enhancement
+foo: Add new capability
+```
+````
+
+##### Deprecations
+
+A breaking-change entry should use the `release-note:note` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
+
+````markdown
+```release-note:note
+foo: X attribute is being deprecated in favor of the new Y attribute
+```
+````
+
+##### Breaking Changes and Removals
+
+A breaking-change entry should use the `release-note:breaking-change` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
+
+````markdown
+```release-note:breaking-change
+foo: Resource no longer works for 'EXAMPLE' parameters
+```
+````
+
+#### Changes that may have a CHANGELOG entry
+
+Dependency updates: If the update contains relevant bug fixes or enhancements that affect operators, those should be called out.
+Any changes which do not fit into the above categories but warrant highlighting.
+
+````markdown
+```release-note:note
+foo: Example resource now does X slightly differently
+```
+
+```release-note:dependency
+`foo` v0.1.0 => v0.1.1
+```
+````
+
+#### Changes that should _not_ have a CHANGELOG entry
+
+- Resource and provider documentation updates
+- Testing updates
+- Code refactoring (context dependant)
diff --git a/pkg/cloudflare-go/docs/conventions.md b/pkg/cloudflare-go/docs/conventions.md
new file mode 100644
index 0000000000..acbe2fabb6
--- /dev/null
+++ b/pkg/cloudflare-go/docs/conventions.md
@@ -0,0 +1,40 @@
+# Conventions
+
+This document aims to cover the conventions and guidance to consider when 
+making changes the Go SDK.
+
+## Methods
+
+- All methods should take a maximum of 3 parameter. See examples in [experimental](./experimental.md)
+- The first parameter is always `context.Context`.
+- The second is a `*ResourceContainer`.
+- The final is a struct of available parameters for the method. 
+  - The parameter naming convention should be `<MethodName>Params`. Example: 
+    method name of `GetDNSRecords` has a struct parameter name of 
+    `GetDNSRecordsParams`.
+  - Do not share parameter structs between methods. Each should have a dedicated
+    one.
+  - Even if you don't intend to have parameter configurations, you should add
+    the third parameter to your method signature for future flexibility.
+  
+## Types
+
+### Booleans
+
+- Should always be represented as pointers in structs with an `omitempty` 
+  marshaling tag (most commonly as JSON). This ensures you can determine unset, 
+  false and truthy values.
+
+### `time.Time`
+
+- Should always be represented as pointers in structs.
+
+### Ports (0-65535)
+
+- Should use `uint16` unless you have a reason to restrict the port range in 
+  which case, you should also provide a validator on the type.
+
+## Marshaling/unmarshaling
+
+- Avoid custom marshal/unmarshal handlers unless absolutely necessary. They can
+  be difficult to debug in a larger codebase.
diff --git a/pkg/cloudflare-go/docs/experimental.md b/pkg/cloudflare-go/docs/experimental.md
new file mode 100644
index 0000000000..5ed9b308ca
--- /dev/null
+++ b/pkg/cloudflare-go/docs/experimental.md
@@ -0,0 +1,119 @@
+# README (experimental)
+
+An experimental and incremental update of the library focusing on a more modern
+and consistent experience.
+
+## Improvements
+
+### Automatically paginate `List` operations by default
+
+`List()` methods will automatically paginate all resources **unless** 
+`PerPage` or `Page` is supplied as a part of the `$entityListParams`.
+
+This allows us the best of both worlds where if you need to explicitly 
+override the inbuilt pagination, you have the ability to.
+
+## Nested methods and services
+
+Not all methods are defined at the top level. Instead, they are nested under
+service objects.
+
+```golang
+// old
+client.ListZones(...)
+client.ZoneLevelAccessServiceTokens(...)
+
+// new
+client.Zones.List()
+client.Access.ServiceTokens(...)
+```
+
+This avoids polluting the global namespace and having more specific methods
+for services.
+
+### Consistent CRUD method signatures
+
+Majority of methods on an entity will follow a standard method signature.
+
+| Signature                                                                 | Purpose                                            | Return value                                                                                                                   |
+| ------------------------------------------------------------------------- | -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
+| `Get(ctx, *ResourceContainer, $entityID) ($entity, error)`                | Fetches a single entity by a `$entityID`.          | Returns the entity and `error` based on the listing parameters.                                                                |
+| `List(ctx, *ResourceContainer, params) ([]$entity, ResultInfo, error)` | Fetches all entities.                              | Returns the list of matching entities, the result information (pagination, fail/success and additional metadata), and `error`. |
+| `New(ctx, *ResourceContainer, params) ($entity, error)`                | Creates a new entity with the provided parameters. | Returns the newly created entity and `error`.                                                                                  |
+| `Update(ctx, *ResourceContainer, params) ($entity, error)`             | Updates an existing entity.                        | Returns the updated entity and `error`.                                                                                        |
+| `Delete(ctx, *ResourceContainer, $entityID) (error)`                      | Deletes a single entity by a `$entityID`.          | Returns `error`.                                                                                                               |
+
+- `*ResourceContainer` determines the "level" of the resource and where it will
+  operate at. Operated using `UserIdentifier`, `ZoneIdentifier`, and
+  `AccountIdentifier` respectively.
+- `$entityID` is the resource identifier.
+- `params` is a complex structure that allows filtering/finding resources
+  matching the struct fields. By providing a structure as the third argument
+  in all the methods that require it, we can add/remove fields without the 
+  need for a breaking change and instead can issue deprecation notices when
+  specific fields are used.
+- `$entity` the resource being operated on.
+
+Exceptions to this convention will be:
+
+- Methods outside of CRUD operations
+- Top level level concepts such as `Accounts` and `Zones`
+
+#### Examples
+
+`DNSRecord` is used below for the examples however, all entites will implement the
+same methods and interfaces.
+
+```go
+params := cloudflare.ClientParams{
+  Key: "3bc3be114fb6323adc5b0ad7422d193a",
+  Email: "someone@example.com",
+  HTTPClient: myCustomHTTPClient,
+  // ...
+}
+c, err := cloudflare.NewExperimental(params)
+```
+
+**Create a new DNS record**
+
+```go
+dParams := &cloudflare.DNSRecordParams{
+  Name: "@",
+  Content: "foo.example.com",
+  TTL: 300,
+}
+r, _ := c.DNSRecord.New(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), dParams)
+```
+
+**Fetching a known DNS record by ID**
+
+```go
+r, _ := c.DNSRecord.Get(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), "3e7705498e8be60520841409ebc69bc1")
+```
+
+**Listing all records matching a single account ID (filter option)**
+
+```go
+dParams := &cloudflare.DNSRecordListParams{
+  AccountID: "d8e8fca2dc0f896fd7cb4cb0031ba249"
+}
+r, _, _ := c.DNSRecord.List(context.TODO(), dParams)
+```
+
+**Update an existing DNS record**
+
+```go
+dParams := &cloudflare.DNSRecordParams{
+  ID: "b5163cf270a3fbac34827c4a2713eef4",
+  Name: "@",
+  Content: "bar.example.com",
+  TTL: 300,
+}
+r, _ := c.DNSRecord.Update(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), dParams)
+```
+
+**Delete a DNS Record**
+
+```go
+r, _ := c.DNSRecord.Delete(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), "b5163cf270a3fbac34827c4a2713eef4")
+```
diff --git a/pkg/cloudflare-go/docs/public-api-documentation.md b/pkg/cloudflare-go/docs/public-api-documentation.md
new file mode 100644
index 0000000000..a2b2c4b355
--- /dev/null
+++ b/pkg/cloudflare-go/docs/public-api-documentation.md
@@ -0,0 +1,28 @@
+## Why is my PR labelled with `workflow/pending-public-api`?
+
+To ensure the public SDKs (including the [Cloudflare Terraform Provider]) are
+only using stable and intentionally exposed endpoints, we require that all API
+functionality is backed by public documentation. This can either be
+api.cloudflare.com or developers.cloudflare.com depending on the delivery medium.
+
+## But, wrangler/cloudflared/other project doesn't require public documentation?
+
+On occasion, Cloudflare teams release functionality or tooling specific to the
+systems they are responsible for. [Wrangler] and [cloudflared] are two prominent
+examples of this. In these situations, the teams may choose to use unstable or
+undocumented endpoints as they are able to maintain both internal and external
+compatibility for these tools should something need to change without notice or
+a deprecation period.
+
+Unfortunately, the SDKs are not in the same position and cannot make the same
+guarantees externally due to being an interface for external integrations; not
+an abstraction of the functionality. By only accepting documented API endpoints
+into the SDKs, we establish an API contract with the service teams that ensures
+consumers have a reliable and consistent experience when using them. Should an
+API contract be broken, or need fixing, the service team will be responsible to
+maintain it in such a time that a deprecation notice is issued and integrations
+have a migration period.
+
+[cloudflare terraform provider]: https://github.com/cloudflare/terraform-provider-cloudflare/
+[wrangler]: https://github.com/cloudflare/wrangler2
+[cloudflared]: https://github.com/cloudflare/cloudflared
diff --git a/pkg/cloudflare-go/docs/release-process.md b/pkg/cloudflare-go/docs/release-process.md
new file mode 100644
index 0000000000..d2ae372d8d
--- /dev/null
+++ b/pkg/cloudflare-go/docs/release-process.md
@@ -0,0 +1,40 @@
+## Release Process
+
+We aim to release on a fortnightly cadence, alternating weeks with the [terraform-provider-cloudflare](https://github.com/cloudflare/terraform-provider-cloudflare).
+
+This is to accommodate downstream tools and allow changes from this library to
+be used in the other systems without a month long delay.
+
+To determine when the next release is due, you can either:
+
+- Review the latest [releases](https://github.com/cloudflare/cloudflare-go/releases); or
+- Review the [current milestones](https://github.com/cloudflare/cloudflare-go/milestones).
+
+If a hotfix is needed, the same process outlined below is used however only the
+semantic versioning patch version is bumped.
+
+- Ensure CI is passing for [`master` branch](https://github.com/cloudflare/cloudflare-go/actions?query=branch%3Amaster).
+- Remove "(Unreleased)" portion from the header for the version you are intending
+  to release (here, 2.27.0). Create a new H2 above for the next unreleased
+  version (here 2.28.0). Example diff:
+
+  ```diff
+  + ## 2.28.0 (Unreleased)
+
+  + ## 2.27.0
+  - ## 2.27.0 (Unreleased)
+
+  NOTES:
+
+  * dependency: Update foo to v0.0.2 ([#1184](https://github.com/cloudflare/cloudflare-go/issues/123))
+  ```
+
+  Bumping the minor version is usually fine here unless you are intending on
+  releasing a major version bump.
+
+- Create a new GitHub release with the release title exactly matching the tag
+  (e.g. `v2.27.0`) and copy the entries from the CHANGELOG to the release notes.
+- A GitHub Action will now build the binaries, documentation and create the release.
+- Once this is completed, close off the milestone for the current release and
+  open the next that matches the CHANGELOG additions from earlier. Example: close
+  v2.27.0 but open a v2.28.0.
diff --git a/pkg/cloudflare-go/duration.go b/pkg/cloudflare-go/duration.go
new file mode 100644
index 0000000000..2e39d5ed4a
--- /dev/null
+++ b/pkg/cloudflare-go/duration.go
@@ -0,0 +1,41 @@
+package cloudflare
+
+import (
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Duration implements json.Marshaler and json.Unmarshaler for time.Duration
+// using the fmt.Stringer interface of time.Duration and time.ParseDuration.
+type Duration struct {
+	time.Duration
+}
+
+// MarshalJSON encodes a Duration as a JSON string formatted using String.
+func (d Duration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(d.Duration.String())
+}
+
+// UnmarshalJSON decodes a Duration from a JSON string parsed using time.ParseDuration.
+func (d *Duration) UnmarshalJSON(buf []byte) error {
+	var str string
+
+	err := json.Unmarshal(buf, &str)
+	if err != nil {
+		return err
+	}
+
+	dur, err := time.ParseDuration(str)
+	if err != nil {
+		return err
+	}
+
+	d.Duration = dur
+	return nil
+}
+
+var (
+	_ = json.Marshaler((*Duration)(nil))
+	_ = json.Unmarshaler((*Duration)(nil))
+)
diff --git a/pkg/cloudflare-go/duration_test.go b/pkg/cloudflare-go/duration_test.go
new file mode 100644
index 0000000000..c186955886
--- /dev/null
+++ b/pkg/cloudflare-go/duration_test.go
@@ -0,0 +1,28 @@
+package cloudflare
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+func ExampleDuration() {
+	d := Duration{1 * time.Second}
+	fmt.Println(d)
+
+	buf, err := json.Marshal(d)
+	fmt.Println(string(buf), err)
+
+	err = json.Unmarshal([]byte(`"5s"`), &d)
+	fmt.Println(d, err)
+
+	d.Duration += time.Second
+	fmt.Println(d, err)
+
+	// Output:
+	// 1s
+	// "1s" <nil>
+	// 5s <nil>
+	// 6s <nil>
+}
diff --git a/pkg/cloudflare-go/email_routing_destination.go b/pkg/cloudflare-go/email_routing_destination.go
new file mode 100644
index 0000000000..3ad0284dcb
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_destination.go
@@ -0,0 +1,156 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type EmailRoutingDestinationAddress struct {
+	Tag      string     `json:"tag,omitempty"`
+	Email    string     `json:"email,omitempty"`
+	Verified *time.Time `json:"verified,omitempty"`
+	Created  *time.Time `json:"created,omitempty"`
+	Modified *time.Time `json:"modified,omitempty"`
+}
+
+type ListEmailRoutingAddressParameters struct {
+	ResultInfo
+	Direction string `url:"direction,omitempty"`
+	Verified  *bool  `url:"verified,omitempty"`
+}
+
+type ListEmailRoutingAddressResponse struct {
+	Result     []EmailRoutingDestinationAddress `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+type CreateEmailRoutingAddressParameters struct {
+	Email string `json:"email,omitempty"`
+}
+
+type CreateEmailRoutingAddressResponse struct {
+	Result EmailRoutingDestinationAddress `json:"result,omitempty"`
+	Response
+}
+
+// ListEmailRoutingDestinationAddresses Lists existing destination addresses.
+//
+// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-list-destination-addresses
+func (api *API) ListEmailRoutingDestinationAddresses(ctx context.Context, rc *ResourceContainer, params ListEmailRoutingAddressParameters) ([]EmailRoutingDestinationAddress, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []EmailRoutingDestinationAddress{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var addresses []EmailRoutingDestinationAddress
+	var eResponse ListEmailRoutingAddressResponse
+	for {
+		eResponse = ListEmailRoutingAddressResponse{}
+		uri := buildURI(fmt.Sprintf("/accounts/%s/email/routing/addresses", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []EmailRoutingDestinationAddress{}, &ResultInfo{}, err
+		}
+		err = json.Unmarshal(res, &eResponse)
+		if err != nil {
+			return []EmailRoutingDestinationAddress{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		addresses = append(addresses, eResponse.Result...)
+		params.ResultInfo = eResponse.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return addresses, &eResponse.ResultInfo, nil
+}
+
+// CreateEmailRoutingDestinationAddress Create a destination address to forward your emails to.
+// Destination addresses need to be verified before they become active.
+//
+// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-create-a-destination-address
+func (api *API) CreateEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, params CreateEmailRoutingAddressParameters) (EmailRoutingDestinationAddress, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, err
+	}
+
+	var r CreateEmailRoutingAddressResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// GetEmailRoutingDestinationAddress Gets information for a specific destination email already created.
+//
+// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-get-a-destination-address
+func (api *API) GetEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, addressID string) (EmailRoutingDestinationAddress, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses/%s", rc.Identifier, addressID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, err
+	}
+
+	var r CreateEmailRoutingAddressResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteEmailRoutingDestinationAddress Deletes a specific destination address.
+//
+// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-delete-destination-address
+func (api *API) DeleteEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, addressID string) (EmailRoutingDestinationAddress, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses/%s", rc.Identifier, addressID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, err
+	}
+
+	var r CreateEmailRoutingAddressResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/email_routing_destination_test.go b/pkg/cloudflare-go/email_routing_destination_test.go
new file mode 100644
index 0000000000..b4451d3660
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_destination_test.go
@@ -0,0 +1,171 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testEmailID = "ea95132c15732412d22c1476fa83f27a"
+
+func createTestDestinationAddress() EmailRoutingDestinationAddress {
+	verified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	return EmailRoutingDestinationAddress{
+		Tag:      testEmailID,
+		Email:    "user@example.com",
+		Verified: &verified,
+		Created:  &created,
+		Modified: &modified,
+	}
+}
+
+func TestEmailRouting_ListDestinationAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "tag": "ea95132c15732412d22c1476fa83f27a",
+      "email": "user@example.com",
+      "verified": "2014-01-02T02:20:00Z",
+      "created": "2014-01-02T02:20:00Z",
+      "modified": "2014-01-02T02:20:00Z"
+    }
+  ],
+  "result_info": {
+    "page": 1,
+    "per_page": 20,
+    "count": 1,
+    "total_count": 1
+  }
+}`)
+	})
+
+	_, _, err := client.ListEmailRoutingDestinationAddresses(context.Background(), AccountIdentifier(""), ListEmailRoutingAddressParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := createTestDestinationAddress()
+
+	res, resInfo, err := client.ListEmailRoutingDestinationAddresses(context.Background(), AccountIdentifier(testAccountID), ListEmailRoutingAddressParameters{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, resInfo.Page, 1)
+		assert.Equal(t, want, res[0])
+	}
+}
+
+func TestEmailRouting_CreateDestinationAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "ea95132c15732412d22c1476fa83f27a",
+    "email": "user@example.com",
+    "verified": "2014-01-02T02:20:00Z",
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z"
+  }
+}`)
+	})
+
+	_, err := client.CreateEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), CreateEmailRoutingAddressParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := createTestDestinationAddress()
+
+	res, err := client.CreateEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), CreateEmailRoutingAddressParameters{Email: "user@example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_GetDestinationAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses/"+testEmailID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "ea95132c15732412d22c1476fa83f27a",
+    "email": "user@example.com",
+    "verified": "2014-01-02T02:20:00Z",
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z"
+  }
+}`)
+	})
+
+	_, err := client.GetEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := createTestDestinationAddress()
+
+	res, err := client.GetEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), testEmailID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_DeleteDestinationAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses/"+testEmailID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "ea95132c15732412d22c1476fa83f27a",
+    "email": "user@example.com",
+    "verified": "2014-01-02T02:20:00Z",
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z"
+  }
+}`)
+	})
+
+	_, err := client.DeleteEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := createTestDestinationAddress()
+
+	res, err := client.DeleteEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), testEmailID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/email_routing_rules.go b/pkg/cloudflare-go/email_routing_rules.go
new file mode 100644
index 0000000000..736200d04d
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_rules.go
@@ -0,0 +1,274 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingRuleID = errors.New("required rule id missing")
+
+type EmailRoutingRuleMatcher struct {
+	Type  string `json:"type,omitempty"`
+	Field string `json:"field,omitempty"`
+	Value string `json:"value,omitempty"`
+}
+
+type EmailRoutingRuleAction struct {
+	Type  string   `json:"type,omitempty"`
+	Value []string `json:"value,omitempty"`
+}
+
+type EmailRoutingRule struct {
+	Tag      string                    `json:"tag,omitempty"`
+	Name     string                    `json:"name,omitempty"`
+	Priority int                       `json:"priority,omitempty"`
+	Enabled  *bool                     `json:"enabled,omitempty"`
+	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
+	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
+}
+
+type ListEmailRoutingRulesParameters struct {
+	Enabled *bool `url:"enabled,omitempty"`
+	ResultInfo
+}
+
+type ListEmailRoutingRuleResponse struct {
+	Result     []EmailRoutingRule `json:"result"`
+	ResultInfo `json:"result_info,omitempty"`
+	Response
+}
+
+type CreateEmailRoutingRuleParameters struct {
+	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
+	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
+	Name     string                    `json:"name,omitempty"`
+	Enabled  *bool                     `json:"enabled,omitempty"`
+	Priority int                       `json:"priority,omitempty"`
+}
+
+type CreateEmailRoutingRuleResponse struct {
+	Result EmailRoutingRule `json:"result"`
+	Response
+}
+
+type GetEmailRoutingRuleResponse struct {
+	Result EmailRoutingRule `json:"result"`
+	Response
+}
+
+type UpdateEmailRoutingRuleParameters struct {
+	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
+	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
+	Name     string                    `json:"name,omitempty"`
+	Enabled  *bool                     `json:"enabled,omitempty"`
+	Priority int                       `json:"priority,omitempty"`
+	RuleID   string
+}
+
+type EmailRoutingCatchAllRule struct {
+	Tag      string                    `json:"tag,omitempty"`
+	Name     string                    `json:"name,omitempty"`
+	Enabled  *bool                     `json:"enabled,omitempty"`
+	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
+	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
+}
+
+type EmailRoutingCatchAllRuleResponse struct {
+	Result EmailRoutingCatchAllRule `json:"result"`
+	Response
+}
+
+// ListEmailRoutingRules Lists existing routing rules.
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-list-routing-rules
+func (api *API) ListEmailRoutingRules(ctx context.Context, rc *ResourceContainer, params ListEmailRoutingRulesParameters) ([]EmailRoutingRule, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []EmailRoutingRule{}, &ResultInfo{}, ErrMissingZoneID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var rules []EmailRoutingRule
+	var rResponse ListEmailRoutingRuleResponse
+	for {
+		rResponse = ListEmailRoutingRuleResponse{}
+		uri := buildURI(fmt.Sprintf("/zones/%s/email/routing/rules", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []EmailRoutingRule{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &rResponse)
+		if err != nil {
+			return []EmailRoutingRule{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		rules = append(rules, rResponse.Result...)
+		params.ResultInfo = rResponse.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return rules, &rResponse.ResultInfo, nil
+}
+
+// CreateEmailRoutingRule Rules consist of a set of criteria for matching emails (such as an email being sent to a specific custom email address) plus a set of actions to take on the email (like forwarding it to a specific destination address).
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-create-routing-rule
+func (api *API) CreateEmailRoutingRule(ctx context.Context, rc *ResourceContainer, params CreateEmailRoutingRuleParameters) (EmailRoutingRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingRule{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return EmailRoutingRule{}, err
+	}
+
+	var r CreateEmailRoutingRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// GetEmailRoutingRule Get information for a specific routing rule already created.
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-get-routing-rule
+func (api *API) GetEmailRoutingRule(ctx context.Context, rc *ResourceContainer, ruleID string) (EmailRoutingRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingRule{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, ruleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return EmailRoutingRule{}, err
+	}
+
+	var r GetEmailRoutingRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateEmailRoutingRule Update actions, matches, or enable/disable specific routing rules
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-update-routing-rule
+func (api *API) UpdateEmailRoutingRule(ctx context.Context, rc *ResourceContainer, params UpdateEmailRoutingRuleParameters) (EmailRoutingRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingRule{}, ErrMissingZoneID
+	}
+
+	if params.RuleID == "" {
+		return EmailRoutingRule{}, ErrMissingRuleID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, params.RuleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return EmailRoutingRule{}, err
+	}
+
+	var r GetEmailRoutingRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteEmailRoutingRule Delete a specific routing rule.
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-delete-routing-rule
+func (api *API) DeleteEmailRoutingRule(ctx context.Context, rc *ResourceContainer, ruleID string) (EmailRoutingRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingRule{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, ruleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return EmailRoutingRule{}, err
+	}
+
+	var r GetEmailRoutingRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// GetEmailRoutingCatchAllRule Get information on the default catch-all routing rule.
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-get-catch-all-rule
+func (api *API) GetEmailRoutingCatchAllRule(ctx context.Context, rc *ResourceContainer) (EmailRoutingCatchAllRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingCatchAllRule{}, ErrMissingZoneID
+	}
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules/catch_all", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return EmailRoutingCatchAllRule{}, err
+	}
+
+	var r EmailRoutingCatchAllRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingCatchAllRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateEmailRoutingCatchAllRule Enable or disable catch-all routing rule, or change action to forward to specific destination address.
+//
+// API reference: https://api.cloudflare.com/#email-routing-routing-rules-update-catch-all-rule
+func (api *API) UpdateEmailRoutingCatchAllRule(ctx context.Context, rc *ResourceContainer, params EmailRoutingCatchAllRule) (EmailRoutingCatchAllRule, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingCatchAllRule{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/rules/catch_all", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return EmailRoutingCatchAllRule{}, err
+	}
+
+	var r EmailRoutingCatchAllRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingCatchAllRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/email_routing_rules_test.go b/pkg/cloudflare-go/email_routing_rules_test.go
new file mode 100644
index 0000000000..5a3cdb4d7c
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_rules_test.go
@@ -0,0 +1,395 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testEmailRoutingRule = EmailRoutingRule{
+	Tag:      "a7e6fb77503c41d8a7f3113c6918f10c",
+	Name:     "Rule send to user@example.net",
+	Priority: 0,
+	Enabled:  BoolPtr(true),
+	Matchers: []EmailRoutingRuleMatcher{
+		{
+			Type:  "literal",
+			Field: "to",
+			Value: "test@example.com",
+		},
+	},
+	Actions: []EmailRoutingRuleAction{
+		{
+			Type:  "forward",
+			Value: []string{"destinationaddress@example.net"},
+		},
+	},
+}
+
+func TestEmailRouting_ListRoutingRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+      "name": "Rule send to user@example.net",
+      "priority": 0,
+      "enabled": true,
+      "matchers": [
+        {
+          "type": "literal",
+          "field": "to",
+          "value": "test@example.com"
+        }
+      ],
+      "actions": [
+        {
+          "type": "forward",
+          "value": [
+            "destinationaddress@example.net"
+          ]
+        }
+      ]
+    }
+  ],
+  "result_info": {
+    "page": 1,
+    "per_page": 20,
+    "count": 1,
+    "total_count": 1
+  }
+}`)
+	})
+
+	_, _, err := client.ListEmailRoutingRules(context.Background(), AccountIdentifier(""), ListEmailRoutingRulesParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	res, resInfo, err := client.ListEmailRoutingRules(context.Background(), AccountIdentifier(testZoneID), ListEmailRoutingRulesParameters{Enabled: BoolPtr(true)})
+	if assert.NoError(t, err) {
+		assert.Equal(t, resInfo.Page, 1)
+		assert.Equal(t, testEmailRoutingRule, res[0])
+	}
+}
+
+func TestEmailRouting_CreateRoutingRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Rule send to user@example.net",
+    "priority": 0,
+    "enabled": true,
+    "matchers": [
+      {
+        "type": "literal",
+        "field": "to",
+        "value": "test@example.com"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ]
+  }
+}`)
+	})
+
+	_, err := client.CreateEmailRoutingRule(context.Background(), AccountIdentifier(""), CreateEmailRoutingRuleParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	res, err := client.CreateEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), CreateEmailRoutingRuleParameters{Enabled: BoolPtr(true)})
+	if assert.NoError(t, err) {
+		assert.Equal(t, testEmailRoutingRule, res)
+	}
+}
+
+func TestEmailRouting_GetRoutingRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Rule send to user@example.net",
+    "priority": 0,
+    "enabled": true,
+    "matchers": [
+      {
+        "type": "literal",
+        "field": "to",
+        "value": "test@example.com"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ]
+  }
+}`)
+	})
+
+	_, err := client.GetEmailRoutingRule(context.Background(), ZoneIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	res, err := client.GetEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), "a7e6fb77503c41d8a7f3113c6918f10c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, testEmailRoutingRule, res)
+	}
+}
+
+func TestEmailRouting_UpdateRoutingRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Rule send to user@example.net",
+    "priority": 0,
+    "enabled": true,
+    "matchers": [
+      {
+        "type": "literal",
+        "field": "to",
+        "value": "test@example.com"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ]
+  }
+}`)
+	})
+
+	_, err := client.UpdateEmailRoutingRule(context.Background(), ZoneIdentifier(""), UpdateEmailRoutingRuleParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+	_, err = client.UpdateEmailRoutingRule(context.Background(), ZoneIdentifier(testZoneID), UpdateEmailRoutingRuleParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingRuleID, err)
+	}
+
+	res, err := client.UpdateEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), UpdateEmailRoutingRuleParameters{RuleID: "a7e6fb77503c41d8a7f3113c6918f10c"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, testEmailRoutingRule, res)
+	}
+}
+
+func TestEmailRouting_DeleteRoutingRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Rule send to user@example.net",
+    "priority": 0,
+    "enabled": true,
+    "matchers": [
+      {
+        "type": "literal",
+        "field": "to",
+        "value": "test@example.com"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ]
+  }
+}`)
+	})
+
+	_, err := client.DeleteEmailRoutingRule(context.Background(), ZoneIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	res, err := client.DeleteEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), "a7e6fb77503c41d8a7f3113c6918f10c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, testEmailRoutingRule, res)
+	}
+}
+
+func TestEmailRouting_GetAllRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/catch_all", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Send to user@example.net rule.",
+    "matchers": [
+      {
+        "type": "all"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ],
+    "enabled": true,
+    "priority": 2147483647
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}`)
+	})
+
+	_, err := client.GetEmailRoutingCatchAllRule(context.Background(), ZoneIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := EmailRoutingCatchAllRule{
+		Tag:     "a7e6fb77503c41d8a7f3113c6918f10c",
+		Name:    "Send to user@example.net rule.",
+		Enabled: BoolPtr(true),
+		Matchers: []EmailRoutingRuleMatcher{
+			{
+				Type: "all",
+			},
+		},
+		Actions: []EmailRoutingRuleAction{
+			{
+				Type:  "forward",
+				Value: []string{"destinationaddress@example.net"},
+			},
+		},
+	}
+
+	res, err := client.GetEmailRoutingCatchAllRule(context.Background(), AccountIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_UpdateAllRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/catch_all", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "result": {
+    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
+    "name": "Send to user@example.net rule.",
+    "matchers": [
+      {
+        "type": "all"
+      }
+    ],
+    "actions": [
+      {
+        "type": "forward",
+        "value": [
+          "destinationaddress@example.net"
+        ]
+      }
+    ],
+    "enabled": true,
+    "priority": 2147483647
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}`)
+	})
+
+	_, err := client.UpdateEmailRoutingCatchAllRule(context.Background(), ZoneIdentifier(""), EmailRoutingCatchAllRule{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := EmailRoutingCatchAllRule{
+		Tag:     "a7e6fb77503c41d8a7f3113c6918f10c",
+		Name:    "Send to user@example.net rule.",
+		Enabled: BoolPtr(true),
+		Matchers: []EmailRoutingRuleMatcher{
+			{
+				Type: "all",
+			},
+		},
+		Actions: []EmailRoutingRuleAction{
+			{
+				Type:  "forward",
+				Value: []string{"destinationaddress@example.net"},
+			},
+		},
+	}
+
+	res, err := client.UpdateEmailRoutingCatchAllRule(context.Background(), AccountIdentifier(testZoneID), EmailRoutingCatchAllRule{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/email_routing_settings.go b/pkg/cloudflare-go/email_routing_settings.go
new file mode 100644
index 0000000000..20fc3eaf8a
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_settings.go
@@ -0,0 +1,118 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type EmailRoutingSettings struct {
+	Tag        string     `json:"tag,omitempty"`
+	Name       string     `json:"name,omitempty"`
+	Enabled    bool       `json:"enabled,omitempty"`
+	Created    *time.Time `json:"created,omitempty"`
+	Modified   *time.Time `json:"modified,omitempty"`
+	SkipWizard *bool      `json:"skip_wizard,omitempty"`
+	Status     string     `json:"status,omitempty"`
+}
+
+type EmailRoutingSettingsResponse struct {
+	Result EmailRoutingSettings `json:"result,omitempty"`
+	Response
+}
+
+type EmailRoutingDNSSettingsResponse struct {
+	Result []DNSRecord `json:"result,omitempty"`
+	Response
+}
+
+// GetEmailRoutingSettings Get information about the settings for your Email Routing zone.
+//
+// API reference: https://api.cloudflare.com/#email-routing-settings-get-email-routing-settings
+func (api *API) GetEmailRoutingSettings(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingSettings{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return EmailRoutingSettings{}, err
+	}
+
+	var r EmailRoutingSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// EnableEmailRouting Enable you Email Routing zone. Add and lock the necessary MX and SPF records.
+//
+// API reference: https://api.cloudflare.com/#email-routing-settings-enable-email-routing
+func (api *API) EnableEmailRouting(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingSettings{}, ErrMissingZoneID
+	}
+	uri := fmt.Sprintf("/zones/%s/email/routing/enable", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return EmailRoutingSettings{}, err
+	}
+
+	var r EmailRoutingSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DisableEmailRouting Disable your Email Routing zone. Also removes additional MX records previously required for Email Routing to work.
+//
+// API reference: https://api.cloudflare.com/#email-routing-settings-disable-email-routing
+func (api *API) DisableEmailRouting(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
+	if rc.Identifier == "" {
+		return EmailRoutingSettings{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/email/routing/disable", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return EmailRoutingSettings{}, err
+	}
+
+	var r EmailRoutingSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetEmailRoutingDNSSettings Show the DNS records needed to configure your Email Routing zone.
+//
+// API reference: https://api.cloudflare.com/#email-routing-settings-email-routing---dns-settings
+func (api *API) GetEmailRoutingDNSSettings(ctx context.Context, rc *ResourceContainer) ([]DNSRecord, error) {
+	if rc.Identifier == "" {
+		return []DNSRecord{}, ErrMissingZoneID
+	}
+	uri := fmt.Sprintf("/zones/%s/email/routing/dns", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DNSRecord{}, err
+	}
+
+	var r EmailRoutingDNSSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/email_routing_settings_test.go b/pkg/cloudflare-go/email_routing_settings_test.go
new file mode 100644
index 0000000000..975e939806
--- /dev/null
+++ b/pkg/cloudflare-go/email_routing_settings_test.go
@@ -0,0 +1,178 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func createTestEmailRoutingSettings() EmailRoutingSettings {
+	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	return EmailRoutingSettings{
+		Tag:        "75610dab9e69410a82cf7e400a09ecec",
+		Name:       "example.net",
+		Enabled:    true,
+		Created:    &created,
+		Modified:   &modified,
+		SkipWizard: BoolPtr(true),
+		Status:     "read",
+	}
+}
+
+func TestEmailRouting_GetSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "75610dab9e69410a82cf7e400a09ecec",
+    "name": "example.net",
+    "enabled": true,
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z",
+    "skip_wizard": true,
+    "status": "read"
+  }
+}`)
+	})
+
+	_, err := client.GetEmailRoutingSettings(context.Background(), AccountIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := createTestEmailRoutingSettings()
+
+	res, err := client.GetEmailRoutingSettings(context.Background(), AccountIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_Enable(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/enable", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "75610dab9e69410a82cf7e400a09ecec",
+    "name": "example.net",
+    "enabled": true,
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z",
+    "skip_wizard": true,
+    "status": "read"
+  }
+}`)
+	})
+
+	_, err := client.EnableEmailRouting(context.Background(), AccountIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := createTestEmailRoutingSettings()
+
+	res, err := client.EnableEmailRouting(context.Background(), AccountIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_Disabled(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/disable", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "tag": "75610dab9e69410a82cf7e400a09ecec",
+    "name": "example.net",
+    "enabled": true,
+    "created": "2014-01-02T02:20:00Z",
+    "modified": "2014-01-02T02:20:00Z",
+    "skip_wizard": true,
+    "status": "read"
+  }
+}`)
+	})
+
+	_, err := client.DisableEmailRouting(context.Background(), AccountIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := createTestEmailRoutingSettings()
+
+	res, err := client.DisableEmailRouting(context.Background(), AccountIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestEmailRouting_DNSSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/dns", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "type": "A",
+      "name": "example.com",
+      "content": "192.0.2.1",
+      "ttl": 3600,
+      "priority": 10
+    }
+  ]
+}`)
+	})
+
+	_, err := client.GetEmailRoutingDNSSettings(context.Background(), AccountIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	want := []DNSRecord{
+		{
+			Type:     "A",
+			Name:     "example.com",
+			Content:  "192.0.2.1",
+			TTL:      3600,
+			Priority: Uint16Ptr(10),
+		},
+	}
+
+	res, err := client.GetEmailRoutingDNSSettings(context.Background(), AccountIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Len(t, res, 1)
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/errors.go b/pkg/cloudflare-go/errors.go
new file mode 100644
index 0000000000..85fdc3efac
--- /dev/null
+++ b/pkg/cloudflare-go/errors.go
@@ -0,0 +1,391 @@
+package cloudflare
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+const (
+	errEmptyCredentials                       = "invalid credentials: key & email must not be empty" //nolint:gosec,unused
+	errEmptyAPIToken                          = "invalid credentials: API Token must not be empty"   //nolint:gosec,unused
+	errInternalServiceError                   = "internal service error"
+	errMakeRequestError                       = "error from makeRequest"
+	errUnmarshalError                         = "error unmarshalling the JSON response"
+	errUnmarshalErrorBody                     = "error unmarshalling the JSON response error body"
+	errRequestNotSuccessful                   = "error reported by API"
+	errMissingAccountID                       = "required missing account ID"
+	errMissingZoneID                          = "required missing zone ID"
+	errMissingAccountOrZoneID                 = "either account ID or zone ID must be provided"
+	errAccountIDAndZoneIDAreMutuallyExclusive = "account ID and zone ID are mutually exclusive"
+	errMissingResourceIdentifier              = "required missing resource identifier"
+	errOperationStillRunning                  = "bulk operation did not finish before timeout"
+	errOperationUnexpectedStatus              = "bulk operation returned an unexpected status"
+	errResultInfo                             = "incorrect pagination info (result_info) in responses"
+	errManualPagination                       = "unexpected pagination options passed to functions that handle pagination automatically"
+	errInvalidResourceIdentifer               = "invalid resource identifier: %s"
+	errInvalidZoneIdentifer                   = "invalid zone identifier: %s"
+	errAPIKeysAndTokensAreMutuallyExclusive   = "API keys and tokens are mutually exclusive" //nolint:gosec
+	errMissingCredentials                     = "no credentials provided"
+
+	errInvalidResourceContainerAccess        = "requested resource container (%q) is not supported for this endpoint"
+	errRequiredAccountLevelResourceContainer = "this endpoint requires using an account level resource container and identifiers"
+	errRequiredZoneLevelResourceContainer    = "this endpoint requires using a zone level resource container and identifiers"
+)
+
+var (
+	ErrAPIKeysAndTokensAreMutuallyExclusive   = errors.New(errAPIKeysAndTokensAreMutuallyExclusive)
+	ErrMissingCredentials                     = errors.New(errMissingCredentials)
+	ErrMissingAccountID                       = errors.New(errMissingAccountID)
+	ErrMissingZoneID                          = errors.New(errMissingZoneID)
+	ErrAccountIDOrZoneIDAreRequired           = errors.New(errMissingAccountOrZoneID)
+	ErrAccountIDAndZoneIDAreMutuallyExclusive = errors.New(errAccountIDAndZoneIDAreMutuallyExclusive)
+	ErrMissingResourceIdentifier              = errors.New(errMissingResourceIdentifier)
+
+	ErrRequiredAccountLevelResourceContainer = errors.New(errRequiredAccountLevelResourceContainer)
+	ErrRequiredZoneLevelResourceContainer    = errors.New(errRequiredZoneLevelResourceContainer)
+)
+
+type ErrorType string
+
+const (
+	ErrorTypeRequest        ErrorType = "request"
+	ErrorTypeAuthentication ErrorType = "authentication"
+	ErrorTypeAuthorization  ErrorType = "authorization"
+	ErrorTypeNotFound       ErrorType = "not_found"
+	ErrorTypeRateLimit      ErrorType = "rate_limit"
+	ErrorTypeService        ErrorType = "service"
+)
+
+type Error struct {
+	// The classification of error encountered.
+	Type ErrorType
+
+	// StatusCode is the HTTP status code from the response.
+	StatusCode int
+
+	// Errors is all of the error messages and codes, combined.
+	Errors []ResponseInfo
+
+	// ErrorCodes is a list of all the error codes.
+	ErrorCodes []int
+
+	// ErrorMessages is a list of all the error codes.
+	ErrorMessages []string
+
+	// Messages is a list of informational messages provided by the endpoint.
+	Messages []ResponseInfo
+
+	// RayID is the internal identifier for the request that was made.
+	RayID string
+}
+
+func (e Error) Error() string {
+	var errString string
+	errMessages := []string{}
+	for _, err := range e.Errors {
+		m := ""
+		if err.Message != "" {
+			m += err.Message
+		}
+
+		if err.Code != 0 {
+			m += fmt.Sprintf(" (%d)", err.Code)
+		}
+
+		errMessages = append(errMessages, m)
+	}
+
+	msgs := []string{}
+	for _, m := range e.Messages {
+		msgs = append(msgs, m.Message)
+	}
+
+	errString += strings.Join(errMessages, ", ")
+
+	// `Messages` is primarily used for additional validation failure notes in
+	// page rules. This shouldn't be used going forward but instead, use the
+	// error fields appropriately.
+	if len(msgs) > 0 {
+		errString += "\n" + strings.Join(msgs, "  \n")
+	}
+
+	return errString
+}
+
+// RequestError is for 4xx errors that we encounter not covered elsewhere
+// (generally bad payloads).
+type RequestError struct {
+	cloudflareError *Error
+}
+
+func (e RequestError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e RequestError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e RequestError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e RequestError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e RequestError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e RequestError) Messages() []ResponseInfo {
+	return e.cloudflareError.Messages
+}
+
+func (e RequestError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e RequestError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewRequestError(e *Error) RequestError {
+	return RequestError{
+		cloudflareError: e,
+	}
+}
+
+// RatelimitError is for HTTP 429s where the service is telling the client to
+// slow down.
+type RatelimitError struct {
+	cloudflareError *Error
+}
+
+func (e RatelimitError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e RatelimitError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e RatelimitError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e RatelimitError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e RatelimitError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e RatelimitError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e RatelimitError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewRatelimitError(e *Error) RatelimitError {
+	return RatelimitError{
+		cloudflareError: e,
+	}
+}
+
+// ServiceError is a handler for 5xx errors returned to the client.
+type ServiceError struct {
+	cloudflareError *Error
+}
+
+func (e ServiceError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e ServiceError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e ServiceError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e ServiceError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e ServiceError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e ServiceError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e ServiceError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewServiceError(e *Error) ServiceError {
+	return ServiceError{
+		cloudflareError: e,
+	}
+}
+
+// AuthenticationError is for HTTP 401 responses.
+type AuthenticationError struct {
+	cloudflareError *Error
+}
+
+func (e AuthenticationError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e AuthenticationError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e AuthenticationError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e AuthenticationError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e AuthenticationError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e AuthenticationError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e AuthenticationError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewAuthenticationError(e *Error) AuthenticationError {
+	return AuthenticationError{
+		cloudflareError: e,
+	}
+}
+
+// AuthorizationError is for HTTP 403 responses.
+type AuthorizationError struct {
+	cloudflareError *Error
+}
+
+func (e AuthorizationError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e AuthorizationError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e AuthorizationError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e AuthorizationError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e AuthorizationError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e AuthorizationError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e AuthorizationError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewAuthorizationError(e *Error) AuthorizationError {
+	return AuthorizationError{
+		cloudflareError: e,
+	}
+}
+
+// NotFoundError is for HTTP 404 responses.
+type NotFoundError struct {
+	cloudflareError *Error
+}
+
+func (e NotFoundError) Error() string {
+	return e.cloudflareError.Error()
+}
+
+func (e NotFoundError) Errors() []ResponseInfo {
+	return e.cloudflareError.Errors
+}
+
+func (e NotFoundError) ErrorCodes() []int {
+	return e.cloudflareError.ErrorCodes
+}
+
+func (e NotFoundError) ErrorMessages() []string {
+	return e.cloudflareError.ErrorMessages
+}
+
+func (e NotFoundError) InternalErrorCodeIs(code int) bool {
+	return e.cloudflareError.InternalErrorCodeIs(code)
+}
+
+func (e NotFoundError) RayID() string {
+	return e.cloudflareError.RayID
+}
+
+func (e NotFoundError) Type() ErrorType {
+	return e.cloudflareError.Type
+}
+
+func NewNotFoundError(e *Error) NotFoundError {
+	return NotFoundError{
+		cloudflareError: e,
+	}
+}
+
+// ClientError returns a boolean whether or not the raised error was caused by
+// something client side.
+func (e *Error) ClientError() bool {
+	return e.StatusCode >= http.StatusBadRequest &&
+		e.StatusCode < http.StatusInternalServerError
+}
+
+// ClientRateLimited returns a boolean whether or not the raised error was
+// caused by too many requests from the client.
+func (e *Error) ClientRateLimited() bool {
+	return e.Type == ErrorTypeRateLimit
+}
+
+// InternalErrorCodeIs returns a boolean whether or not the desired internal
+// error code is present in `e.InternalErrorCodes`.
+func (e *Error) InternalErrorCodeIs(code int) bool {
+	for _, errCode := range e.ErrorCodes {
+		if errCode == code {
+			return true
+		}
+	}
+
+	return false
+}
+
+// ErrorMessageContains returns a boolean whether or not a substring exists in
+// any of the `e.ErrorMessages` slice entries.
+func (e *Error) ErrorMessageContains(s string) bool {
+	for _, errMsg := range e.ErrorMessages {
+		if strings.Contains(errMsg, s) {
+			return true
+		}
+	}
+	return false
+}
diff --git a/pkg/cloudflare-go/errors_external_test.go b/pkg/cloudflare-go/errors_external_test.go
new file mode 100644
index 0000000000..c9874106cd
--- /dev/null
+++ b/pkg/cloudflare-go/errors_external_test.go
@@ -0,0 +1,28 @@
+package cloudflare_test
+
+import (
+	"testing"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestError_CreateErrors(t *testing.T) {
+	baseErr := &cloudflare.Error{
+		StatusCode: 400,
+		ErrorCodes: []int{10000},
+	}
+
+	requestErr := cloudflare.NewRequestError(baseErr)
+	assert.True(t, requestErr.InternalErrorCodeIs(10000))
+	limitError := cloudflare.NewRatelimitError(baseErr)
+	assert.True(t, limitError.InternalErrorCodeIs(10000))
+	svcErr := cloudflare.NewServiceError(baseErr)
+	assert.True(t, svcErr.InternalErrorCodeIs(10000))
+	authErr := cloudflare.NewAuthenticationError(baseErr)
+	assert.True(t, authErr.InternalErrorCodeIs(10000))
+	authzErr := cloudflare.NewAuthorizationError(baseErr)
+	assert.True(t, authzErr.InternalErrorCodeIs(10000))
+	notFoundErr := cloudflare.NewNotFoundError(baseErr)
+	assert.True(t, notFoundErr.InternalErrorCodeIs(10000))
+}
diff --git a/pkg/cloudflare-go/errors_test.go b/pkg/cloudflare-go/errors_test.go
new file mode 100644
index 0000000000..f661990775
--- /dev/null
+++ b/pkg/cloudflare-go/errors_test.go
@@ -0,0 +1,52 @@
+package cloudflare
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestError_Error(t *testing.T) {
+	tests := map[string]struct {
+		response []ResponseInfo
+		want     string
+	}{
+		"basic complete response": {
+			response: []ResponseInfo{{
+				Code:    10000,
+				Message: "Authentication error",
+			}},
+			want: "Authentication error (10000)",
+		},
+		"multiple complete response": {
+			response: []ResponseInfo{
+				{
+					Code:    10000,
+					Message: "Authentication error",
+				},
+				{
+					Code:    10001,
+					Message: "Not authentication error",
+				},
+			},
+			want: "Authentication error (10000), Not authentication error (10001)",
+		},
+		"missing internal error code": {
+			response: []ResponseInfo{{
+				Message: "something is broke",
+			}},
+			want: "something is broke",
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			got := &RequestError{cloudflareError: &Error{
+				StatusCode: 400,
+				Errors:     tc.response,
+			}}
+
+			assert.Equal(t, tc.want, got.Error())
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/example_test.go b/pkg/cloudflare-go/example_test.go
new file mode 100644
index 0000000000..5c6cc83e4f
--- /dev/null
+++ b/pkg/cloudflare-go/example_test.go
@@ -0,0 +1,40 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+const (
+	user   = "cloudflare@example.org"
+	domain = "example.com"
+	apiKey = "deadbeef"
+)
+
+func Example() {
+	api, err := cloudflare.New("deadbeef", "cloudflare@example.org")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Fetch the zone ID for zone example.org
+	zoneID, err := api.ZoneIDByName("example.org")
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	// Fetch all DNS records for example.org
+	records, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{})
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	for _, r := range records {
+		fmt.Printf("%s: %s\n", r.Name, r.Content)
+	}
+}
diff --git a/pkg/cloudflare-go/fallback_domain.go b/pkg/cloudflare-go/fallback_domain.go
new file mode 100644
index 0000000000..e8bdfc9379
--- /dev/null
+++ b/pkg/cloudflare-go/fallback_domain.go
@@ -0,0 +1,133 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// FallbackDomainResponse represents the response from the get fallback
+// domain endpoints.
+type FallbackDomainResponse struct {
+	Response
+	Result []FallbackDomain `json:"result"`
+}
+
+// FallbackDomain represents the individual domain struct.
+type FallbackDomain struct {
+	Suffix      string   `json:"suffix,omitempty"`
+	Description string   `json:"description,omitempty"`
+	DNSServer   []string `json:"dns_server,omitempty"`
+}
+
+// ListFallbackDomains returns all fallback domains within an account.
+//
+// API reference: https://api.cloudflare.com/#devices-get-local-domain-fallback-list
+func (api *API) ListFallbackDomains(ctx context.Context, accountID string) ([]FallbackDomain, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []FallbackDomain{}, err
+	}
+
+	var fallbackDomainResponse FallbackDomainResponse
+	err = json.Unmarshal(res, &fallbackDomainResponse)
+	if err != nil {
+		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return fallbackDomainResponse.Result, nil
+}
+
+// ListFallbackDomainsDeviceSettingsPolicy returns all fallback domains within an account for a specific device settings policy.
+//
+// API reference: https://api.cloudflare.com/#devices-get-local-domain-fallback-list
+func (api *API) ListFallbackDomainsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) ([]FallbackDomain, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains", AccountRouteRoot, accountID, policyID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []FallbackDomain{}, err
+	}
+
+	var fallbackDomainResponse FallbackDomainResponse
+	err = json.Unmarshal(res, &fallbackDomainResponse)
+	if err != nil {
+		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return fallbackDomainResponse.Result, nil
+}
+
+// UpdateFallbackDomain updates the existing fallback domain policy.
+//
+// API reference: https://api.cloudflare.com/#devices-set-local-domain-fallback-list
+func (api *API) UpdateFallbackDomain(ctx context.Context, accountID string, domains []FallbackDomain) ([]FallbackDomain, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domains)
+	if err != nil {
+		return []FallbackDomain{}, err
+	}
+
+	var fallbackDomainResponse FallbackDomainResponse
+	err = json.Unmarshal(res, &fallbackDomainResponse)
+	if err != nil {
+		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return fallbackDomainResponse.Result, nil
+}
+
+// UpdateFallbackDomainDeviceSettingsPolicy updates the existing fallback domain policy for a specific device settings policy.
+//
+// API reference: https://api.cloudflare.com/#devices-set-local-domain-fallback-list
+func (api *API) UpdateFallbackDomainDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, domains []FallbackDomain) ([]FallbackDomain, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains", AccountRouteRoot, accountID, policyID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domains)
+	if err != nil {
+		return []FallbackDomain{}, err
+	}
+
+	var fallbackDomainResponse FallbackDomainResponse
+	err = json.Unmarshal(res, &fallbackDomainResponse)
+	if err != nil {
+		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return fallbackDomainResponse.Result, nil
+}
+
+// RestoreFallbackDomainDefaultsDeviceSettingsPolicy resets the domain fallback values to the default
+// list for a specific device settings policy.
+//
+// API reference: TBA.
+func (api *API) RestoreFallbackDomainDefaults(ctx context.Context, accountID string) error {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains?reset_defaults=true", AccountRouteRoot, accountID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, []string{})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// RestoreFallbackDomainDefaults resets the domain fallback values to the default
+// list.
+//
+// API reference: TBA.
+func (api *API) RestoreFallbackDomainDefaultsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) error {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains?reset_defaults=true", AccountRouteRoot, accountID, policyID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, []string{})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/fallback_domain_test.go b/pkg/cloudflare-go/fallback_domain_test.go
new file mode 100644
index 0000000000..159e909e64
--- /dev/null
+++ b/pkg/cloudflare-go/fallback_domain_test.go
@@ -0,0 +1,236 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListFallbackDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "suffix": "example.com",
+          "description": "Domain bypass for local development"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []FallbackDomain{{
+		Suffix:      "example.com",
+		Description: "Domain bypass for local development",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
+
+	actual, err := client.ListFallbackDomains(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListFallbackDomainsDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "suffix": "example.com",
+          "description": "Domain bypass for local development"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []FallbackDomain{{
+		Suffix:      "example.com",
+		Description: "Domain bypass for local development",
+	}}
+
+	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/fallback_domains", handler)
+
+	actual, err := client.ListFallbackDomainsDeviceSettingsPolicy(context.Background(), testAccountID, policyID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestFallbackDomainDNSServer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "suffix": "example.com",
+          "description": "Domain bypass for local development",
+					"dns_server": ["192.168.0.1", "10.1.1.1"]
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []FallbackDomain{{
+		Suffix:      "example.com",
+		Description: "Domain bypass for local development",
+		DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
+
+	actual, err := client.ListFallbackDomains(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateFallbackDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "suffix": "example_one.com",
+          "description": "example one",
+					"dns_server": ["192.168.0.1", "10.1.1.1"]
+       },
+       {
+          "suffix": "example_two.com",
+          "description": "example two"
+       },
+       {
+          "suffix": "example_three.com",
+          "description": "example three"
+       }
+      ]
+    }
+    `)
+	}
+
+	domains := []FallbackDomain{
+		{
+			Suffix:      "example_one.com",
+			Description: "example one",
+			DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
+		},
+		{
+			Suffix:      "example_two.com",
+			Description: "example two",
+		},
+		{
+			Suffix:      "example_three.com",
+			Description: "example three",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
+
+	actual, err := client.UpdateFallbackDomain(context.Background(), testAccountID, domains)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, domains, actual)
+	}
+}
+
+func TestUpdateFallbackDomainDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "suffix": "example_one.com",
+          "description": "example one",
+					"dns_server": ["192.168.0.1", "10.1.1.1"]
+       },
+       {
+          "suffix": "example_two.com",
+          "description": "example two"
+       },
+       {
+          "suffix": "example_three.com",
+          "description": "example three"
+       }
+      ]
+    }
+    `)
+	}
+
+	domains := []FallbackDomain{
+		{
+			Suffix:      "example_one.com",
+			Description: "example one",
+			DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
+		},
+		{
+			Suffix:      "example_two.com",
+			Description: "example two",
+		},
+		{
+			Suffix:      "example_three.com",
+			Description: "example three",
+		},
+	}
+
+	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/fallback_domains", handler)
+
+	actual, err := client.UpdateFallbackDomainDeviceSettingsPolicy(context.Background(), testAccountID, policyID, domains)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, domains, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/filter.go b/pkg/cloudflare-go/filter.go
new file mode 100644
index 0000000000..107cab5440
--- /dev/null
+++ b/pkg/cloudflare-go/filter.go
@@ -0,0 +1,290 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrNotEnoughFilterIDsProvided = errors.New("at least one filter ID must be provided.")
+
+// Filter holds the structure of the filter type.
+type Filter struct {
+	ID          string `json:"id,omitempty"`
+	Expression  string `json:"expression"`
+	Paused      bool   `json:"paused"`
+	Description string `json:"description"`
+
+	// Property is mentioned in documentation however isn't populated in
+	// any of the API requests. For now, let's just omit it unless it's
+	// provided.
+	Ref string `json:"ref,omitempty"`
+}
+
+// FiltersDetailResponse is the API response that is returned
+// for requesting all filters on a zone.
+type FiltersDetailResponse struct {
+	Result     []Filter `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// FilterDetailResponse is the API response that is returned
+// for requesting a single filter on a zone.
+type FilterDetailResponse struct {
+	Result     Filter `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// FilterValidateExpression represents the JSON payload for checking
+// an expression.
+type FilterValidateExpression struct {
+	Expression string `json:"expression"`
+}
+
+// FilterValidateExpressionResponse represents the API response for
+// checking the expression. It conforms to the JSON API approach however
+// we don't need all of the fields exposed.
+type FilterValidateExpressionResponse struct {
+	Success bool                                `json:"success"`
+	Errors  []FilterValidationExpressionMessage `json:"errors"`
+}
+
+// FilterValidationExpressionMessage represents the API error message.
+type FilterValidationExpressionMessage struct {
+	Message string `json:"message"`
+}
+
+// FilterCreateParams contains required and optional params
+// for creating a filter.
+type FilterCreateParams struct {
+	ID          string `json:"id,omitempty"`
+	Expression  string `json:"expression"`
+	Paused      bool   `json:"paused"`
+	Description string `json:"description"`
+	Ref         string `json:"ref,omitempty"`
+}
+
+// FilterUpdateParams contains required and optional params
+// for updating a filter.
+type FilterUpdateParams struct {
+	ID          string `json:"id"`
+	Expression  string `json:"expression"`
+	Paused      bool   `json:"paused"`
+	Description string `json:"description"`
+	Ref         string `json:"ref,omitempty"`
+}
+
+type FilterListParams struct {
+	ResultInfo
+}
+
+// Filter returns a single filter in a zone based on the filter ID.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-by-filter-id
+func (api *API) Filter(ctx context.Context, rc *ResourceContainer, filterID string) (Filter, error) {
+	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, filterID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Filter{}, err
+	}
+
+	var filterResponse FilterDetailResponse
+	err = json.Unmarshal(res, &filterResponse)
+	if err != nil {
+		return Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return filterResponse.Result, nil
+}
+
+// Filters returns filters for a zone.
+//
+// Automatically paginates all results unless `params.PerPage` and `params.Page`
+// is set.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-all-filters
+func (api *API) Filters(ctx context.Context, rc *ResourceContainer, params FilterListParams) ([]Filter, *ResultInfo, error) {
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var filters []Filter
+	var fResponse FiltersDetailResponse
+	for {
+		fResponse = FiltersDetailResponse{}
+		uri := buildURI(fmt.Sprintf("/zones/%s/filters", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []Filter{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &fResponse)
+		if err != nil {
+			return []Filter{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+		}
+
+		filters = append(filters, fResponse.Result...)
+		params.ResultInfo = fResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return filters, &fResponse.ResultInfo, nil
+}
+
+// CreateFilters creates new filters.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/post/
+func (api *API) CreateFilters(ctx context.Context, rc *ResourceContainer, params []FilterCreateParams) ([]Filter, error) {
+	uri := fmt.Sprintf("/zones/%s/filters", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return []Filter{}, err
+	}
+
+	var filtersResponse FiltersDetailResponse
+	err = json.Unmarshal(res, &filtersResponse)
+	if err != nil {
+		return []Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return filtersResponse.Result, nil
+}
+
+// UpdateFilter updates a single filter.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/put/#update-a-single-filter
+func (api *API) UpdateFilter(ctx context.Context, rc *ResourceContainer, params FilterUpdateParams) (Filter, error) {
+	if params.ID == "" {
+		return Filter{}, fmt.Errorf("filter ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, params.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Filter{}, err
+	}
+
+	var filterResponse FilterDetailResponse
+	err = json.Unmarshal(res, &filterResponse)
+	if err != nil {
+		return Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return filterResponse.Result, nil
+}
+
+// UpdateFilters updates many filters at once.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/put/#update-multiple-filters
+func (api *API) UpdateFilters(ctx context.Context, rc *ResourceContainer, params []FilterUpdateParams) ([]Filter, error) {
+	for _, filter := range params {
+		if filter.ID == "" {
+			return []Filter{}, fmt.Errorf("filter ID cannot be empty")
+		}
+	}
+
+	uri := fmt.Sprintf("/zones/%s/filters", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return []Filter{}, err
+	}
+
+	var filtersResponse FiltersDetailResponse
+	err = json.Unmarshal(res, &filtersResponse)
+	if err != nil {
+		return []Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return filtersResponse.Result, nil
+}
+
+// DeleteFilter deletes a single filter.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/delete/#delete-a-single-filter
+func (api *API) DeleteFilter(ctx context.Context, rc *ResourceContainer, filterID string) error {
+	if filterID == "" {
+		return fmt.Errorf("filter ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, filterID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteFilters deletes multiple filters.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/delete/#delete-multiple-filters
+func (api *API) DeleteFilters(ctx context.Context, rc *ResourceContainer, filterIDs []string) error {
+	if len(filterIDs) == 0 {
+		return ErrNotEnoughFilterIDsProvided
+	}
+
+	// Swap this to a typed struct and passing in all parameters together.
+	q := url.Values{}
+	for _, id := range filterIDs {
+		q.Add("id", id)
+	}
+
+	uri := (&url.URL{
+		Path:     fmt.Sprintf("/zones/%s/filters", rc.Identifier),
+		RawQuery: q.Encode(),
+	}).String()
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ValidateFilterExpression checks correctness of a filter expression.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/validation/
+func (api *API) ValidateFilterExpression(ctx context.Context, expression string) error {
+	expressionPayload := FilterValidateExpression{Expression: expression}
+
+	_, err := api.makeRequestContext(ctx, http.MethodPost, "/filters/validate-expr", expressionPayload)
+	if err != nil {
+		var filterValidationResponse FilterValidateExpressionResponse
+
+		jsonErr := json.Unmarshal([]byte(err.Error()), &filterValidationResponse)
+		if jsonErr != nil {
+			return fmt.Errorf(errUnmarshalError+": %w", jsonErr)
+		}
+
+		if !filterValidationResponse.Success {
+			// Unsure why but the API returns `errors` as an array but it only
+			// ever shows the issue with one problem at a time ¯\_(ツ)_/¯
+			return fmt.Errorf(filterValidationResponse.Errors[0].Message)
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/filter_test.go b/pkg/cloudflare-go/filter_test.go
new file mode 100644
index 0000000000..b36c7cc8e5
--- /dev/null
+++ b/pkg/cloudflare-go/filter_test.go
@@ -0,0 +1,391 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFilter(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"id": "b7ff25282d394be7b945e23c7106ce8a",
+				"paused": false,
+				"description": "Login from office",
+				"expression": "ip.src eq 198.51.100.1"
+			},
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/b7ff25282d394be7b945e23c7106ce8a", handler)
+	want := Filter{
+		ID:          "b7ff25282d394be7b945e23c7106ce8a",
+		Paused:      false,
+		Description: "Login from office",
+		Expression:  "ip.src eq 198.51.100.1",
+	}
+
+	actual, err := client.Filter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "b7ff25282d394be7b945e23c7106ce8a")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestFilters(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+					{
+						"id": "b7ff25282d394be7b945e23c7106ce8a",
+						"paused": false,
+						"description": "Login from office",
+						"expression": "ip.src eq 93.184.216.0 and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")"
+					},
+					{
+						"id": "c218c536b2bd406f958f278cf0fa8c0f",
+						"paused": false,
+						"description": "Login",
+						"expression": "(http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")"
+					},
+					{
+						"id": "f2a64520581a4209aab12187a0081364",
+						"paused": false,
+						"description": "not /api",
+						"expression": "not http.request.uri.path matches \"^/api/.*$\""
+			}, {
+						"id": "14217d7bd5ab435e84b1bd468bf4fb9f",
+						"paused": false,
+						"description": "/api",
+						"expression": "http.request.uri.path matches \"^/api/.*$\""
+			}, {
+						"id": "60ee852f9cbb4802978d15600c7f3110",
+						"paused": false,
+						"expression": "ip.src eq 93.184.216.0"
+			} ],
+				"success": true,
+				"errors": null,
+				"messages": null,
+				"result_info": {
+					"page": 1,
+					"per_page": 25,
+					"count": 5,
+					"total_count": 5,
+					"total_pages": 1
+			} }
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
+	want := []Filter{
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from office",
+			Expression:  "ip.src eq 93.184.216.0 and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",
+		},
+		{
+			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+			Paused:      false,
+			Description: "Login",
+			Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",
+		},
+		{
+			ID:          "f2a64520581a4209aab12187a0081364",
+			Paused:      false,
+			Description: "not /api",
+			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
+		},
+		{
+			ID:          "14217d7bd5ab435e84b1bd468bf4fb9f",
+			Paused:      false,
+			Description: "/api",
+			Expression:  "http.request.uri.path matches \"^/api/.*$\"",
+		}, {
+			ID:         "60ee852f9cbb4802978d15600c7f3110",
+			Paused:     false,
+			Expression: "ip.src eq 93.184.216.0",
+		},
+	}
+
+	actual, _, err := client.Filters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), FilterListParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSingleFilter(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+				{
+					"id": "b7ff25282d394be7b945e23c7106ce8a",
+					"paused": false,
+					"description": "Login from office",
+					"expression": "ip.src eq 198.51.100.1"
+				}
+			],
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
+	params := []FilterCreateParams{
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from office",
+			Expression:  "ip.src eq 198.51.100.1",
+		},
+	}
+
+	want := []Filter{
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from office",
+			Expression:  "ip.src eq 198.51.100.1",
+		},
+	}
+
+	actual, err := client.CreateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMultipleFilters(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+				{
+					"id": "b7ff25282d394be7b945e23c7106ce8a",
+					"paused": false,
+					"description": "Login from office",
+					"expression": "ip.src eq 198.51.100.1"
+				},
+				{
+					"id": "b7ff25282d394be7b945e23c7106ce8a",
+					"paused": false,
+					"description": "Login from second office",
+					"expression": "ip.src eq 10.0.0.1"
+				}
+			],
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
+	params := []FilterCreateParams{
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from office",
+			Expression:  "ip.src eq 198.51.100.1",
+		},
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from second office",
+			Expression:  "ip.src eq 10.0.0.1",
+		},
+	}
+
+	want := []Filter{
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from office",
+			Expression:  "ip.src eq 198.51.100.1",
+		},
+		{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Paused:      false,
+			Description: "Login from second office",
+			Expression:  "ip.src eq 10.0.0.1",
+		},
+	}
+
+	actual, err := client.CreateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSingleFilter(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+					"id": "60ee852f9cbb4802978d15600c7f3110",
+					"paused": false,
+					"description": "IP of example.org",
+					"expression": "ip.src eq 93.184.216.0"
+			},
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/60ee852f9cbb4802978d15600c7f3110", handler)
+	params := FilterUpdateParams{
+		ID:          "60ee852f9cbb4802978d15600c7f3110",
+		Paused:      false,
+		Description: "IP of example.org",
+		Expression:  "ip.src eq 93.184.216.0",
+	}
+
+	want := Filter{
+		ID:          "60ee852f9cbb4802978d15600c7f3110",
+		Paused:      false,
+		Description: "IP of example.org",
+		Expression:  "ip.src eq 93.184.216.0",
+	}
+
+	actual, err := client.UpdateFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateMultipleFilters(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+				{
+					"id": "60ee852f9cbb4802978d15600c7f3110",
+					"paused": false,
+					"description": "IP of example.org",
+					"expression": "ip.src eq 93.184.216.0"
+				},
+				{
+					"id": "c218c536b2bd406f958f278cf0fa8c0f",
+					"paused": false,
+					"description": "IP of example.com",
+					"expression": "ip.src ne 198.51.100.1"
+				}
+			],
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
+	params := []FilterUpdateParams{
+		{
+			ID:          "60ee852f9cbb4802978d15600c7f3110",
+			Paused:      false,
+			Description: "IP of example.org",
+			Expression:  "ip.src eq 93.184.216.0",
+		},
+		{
+			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+			Paused:      false,
+			Description: "IP of example.com",
+			Expression:  "ip.src ne 198.51.100.1",
+		},
+	}
+
+	want := []Filter{
+		{
+			ID:          "60ee852f9cbb4802978d15600c7f3110",
+			Paused:      false,
+			Description: "IP of example.org",
+			Expression:  "ip.src eq 93.184.216.0",
+		},
+		{
+			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+			Paused:      false,
+			Description: "IP of example.com",
+			Expression:  "ip.src ne 198.51.100.1",
+		},
+	}
+
+	actual, err := client.UpdateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteFilter(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [],
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/60ee852f9cbb4802978d15600c7f3110", handler)
+
+	err := client.DeleteFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "60ee852f9cbb4802978d15600c7f3110")
+	assert.Nil(t, err)
+	assert.NoError(t, err)
+}
+
+func TestDeleteFilterWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	err := client.DeleteFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "")
+	assert.EqualError(t, err, "filter ID cannot be empty")
+}
diff --git a/pkg/cloudflare-go/firewall.go b/pkg/cloudflare-go/firewall.go
new file mode 100644
index 0000000000..893165c570
--- /dev/null
+++ b/pkg/cloudflare-go/firewall.go
@@ -0,0 +1,281 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// AccessRule represents a firewall access rule.
+type AccessRule struct {
+	ID            string                  `json:"id,omitempty"`
+	Notes         string                  `json:"notes,omitempty"`
+	AllowedModes  []string                `json:"allowed_modes,omitempty"`
+	Mode          string                  `json:"mode,omitempty"`
+	Configuration AccessRuleConfiguration `json:"configuration,omitempty"`
+	Scope         AccessRuleScope         `json:"scope,omitempty"`
+	CreatedOn     time.Time               `json:"created_on,omitempty"`
+	ModifiedOn    time.Time               `json:"modified_on,omitempty"`
+}
+
+// AccessRuleConfiguration represents the configuration of a firewall
+// access rule.
+type AccessRuleConfiguration struct {
+	Target string `json:"target,omitempty"`
+	Value  string `json:"value,omitempty"`
+}
+
+// AccessRuleScope represents the scope of a firewall access rule.
+type AccessRuleScope struct {
+	ID    string `json:"id,omitempty"`
+	Email string `json:"email,omitempty"`
+	Name  string `json:"name,omitempty"`
+	Type  string `json:"type,omitempty"`
+}
+
+// AccessRuleResponse represents the response from the firewall access
+// rule endpoint.
+type AccessRuleResponse struct {
+	Result AccessRule `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// AccessRuleListResponse represents the response from the list access rules
+// endpoint.
+type AccessRuleListResponse struct {
+	Result []AccessRule `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// ListUserAccessRules returns a slice of access rules for the logged-in user.
+//
+// This takes an AccessRule to allow filtering of the results returned.
+//
+// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
+func (api *API) ListUserAccessRules(ctx context.Context, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
+	return api.listAccessRules(ctx, "/user", accessRule, page)
+}
+
+// CreateUserAccessRule creates a firewall access rule for the logged-in user.
+//
+// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-create-access-rule
+func (api *API) CreateUserAccessRule(ctx context.Context, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.createAccessRule(ctx, "/user", accessRule)
+}
+
+// UserAccessRule returns the details of a user's account access rule.
+//
+// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
+func (api *API) UserAccessRule(ctx context.Context, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.retrieveAccessRule(ctx, "/user", accessRuleID)
+}
+
+// UpdateUserAccessRule updates a single access rule for the logged-in user &
+// given access rule identifier.
+//
+// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
+func (api *API) UpdateUserAccessRule(ctx context.Context, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.updateAccessRule(ctx, "/user", accessRuleID, accessRule)
+}
+
+// DeleteUserAccessRule deletes a single access rule for the logged-in user and
+// access rule identifiers.
+//
+// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
+func (api *API) DeleteUserAccessRule(ctx context.Context, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.deleteAccessRule(ctx, "/user", accessRuleID)
+}
+
+// ListZoneAccessRules returns a slice of access rules for the given zone
+// identifier.
+//
+// This takes an AccessRule to allow filtering of the results returned.
+//
+// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
+func (api *API) ListZoneAccessRules(ctx context.Context, zoneID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
+	return api.listAccessRules(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRule, page)
+}
+
+// CreateZoneAccessRule creates a firewall access rule for the given zone
+// identifier.
+//
+// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-create-access-rule
+func (api *API) CreateZoneAccessRule(ctx context.Context, zoneID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.createAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRule)
+}
+
+// ZoneAccessRule returns the details of a zone's access rule.
+//
+// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
+func (api *API) ZoneAccessRule(ctx context.Context, zoneID string, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.retrieveAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID)
+}
+
+// UpdateZoneAccessRule updates a single access rule for the given zone &
+// access rule identifiers.
+//
+// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-update-access-rule
+func (api *API) UpdateZoneAccessRule(ctx context.Context, zoneID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.updateAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID, accessRule)
+}
+
+// DeleteZoneAccessRule deletes a single access rule for the given zone and
+// access rule identifiers.
+//
+// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-delete-access-rule
+func (api *API) DeleteZoneAccessRule(ctx context.Context, zoneID, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.deleteAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID)
+}
+
+// ListAccountAccessRules returns a slice of access rules for the given
+// account identifier.
+//
+// This takes an AccessRule to allow filtering of the results returned.
+//
+// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-list-access-rules
+func (api *API) ListAccountAccessRules(ctx context.Context, accountID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
+	return api.listAccessRules(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRule, page)
+}
+
+// CreateAccountAccessRule creates a firewall access rule for the given
+// account identifier.
+//
+// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-create-access-rule
+func (api *API) CreateAccountAccessRule(ctx context.Context, accountID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.createAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRule)
+}
+
+// AccountAccessRule returns the details of an account's access rule.
+//
+// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-access-rule-details
+func (api *API) AccountAccessRule(ctx context.Context, accountID string, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.retrieveAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID)
+}
+
+// UpdateAccountAccessRule updates a single access rule for the given
+// account & access rule identifiers.
+//
+// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-update-access-rule
+func (api *API) UpdateAccountAccessRule(ctx context.Context, accountID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	return api.updateAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID, accessRule)
+}
+
+// DeleteAccountAccessRule deletes a single access rule for the given
+// account and access rule identifiers.
+//
+// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-delete-access-rule
+func (api *API) DeleteAccountAccessRule(ctx context.Context, accountID, accessRuleID string) (*AccessRuleResponse, error) {
+	return api.deleteAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID)
+}
+
+func (api *API) listAccessRules(ctx context.Context, prefix string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
+	// Construct a query string
+	v := url.Values{}
+	if page <= 0 {
+		page = 1
+	}
+	v.Set("page", strconv.Itoa(page))
+	// Request as many rules as possible per page - API max is 100
+	v.Set("per_page", "100")
+	if accessRule.Notes != "" {
+		v.Set("notes", accessRule.Notes)
+	}
+	if accessRule.Mode != "" {
+		v.Set("mode", accessRule.Mode)
+	}
+	if accessRule.Scope.Type != "" {
+		v.Set("scope_type", accessRule.Scope.Type)
+	}
+	if accessRule.Configuration.Value != "" {
+		v.Set("configuration_value", accessRule.Configuration.Value)
+	}
+	if accessRule.Configuration.Target != "" {
+		v.Set("configuration_target", accessRule.Configuration.Target)
+	}
+	v.Set("page", strconv.Itoa(page))
+
+	uri := fmt.Sprintf("%s/firewall/access_rules/rules?%s", prefix, v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &AccessRuleListResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response, nil
+}
+
+func (api *API) createAccessRule(ctx context.Context, prefix string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	uri := fmt.Sprintf("%s/firewall/access_rules/rules", prefix)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, accessRule)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &AccessRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+func (api *API) retrieveAccessRule(ctx context.Context, prefix, accessRuleID string) (*AccessRuleResponse, error) {
+	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	response := &AccessRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+func (api *API) updateAccessRule(ctx context.Context, prefix, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
+	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, accessRule)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &AccessRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response, nil
+}
+
+func (api *API) deleteAccessRule(ctx context.Context, prefix, accessRuleID string) (*AccessRuleResponse, error) {
+	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &AccessRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
diff --git a/pkg/cloudflare-go/firewall_example_test.go b/pkg/cloudflare-go/firewall_example_test.go
new file mode 100644
index 0000000000..571b617096
--- /dev/null
+++ b/pkg/cloudflare-go/firewall_example_test.go
@@ -0,0 +1,106 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListZoneAccessRules_all() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch all access rules for a zone
+	response, err := api.ListZoneAccessRules(context.Background(), zoneID, cloudflare.AccessRule{}, 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range response.Result {
+		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
+	}
+}
+
+func ExampleAPI_ListZoneAccessRules_filterByIP() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch only access rules whose target is 198.51.100.1
+	localhost := cloudflare.AccessRule{
+		Configuration: cloudflare.AccessRuleConfiguration{Target: "198.51.100.1"},
+	}
+	response, err := api.ListZoneAccessRules(context.Background(), zoneID, localhost, 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range response.Result {
+		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
+	}
+}
+
+func ExampleAPI_ListZoneAccessRules_filterByMode() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch access rules with an action of "block"
+	foo := cloudflare.AccessRule{
+		Mode: "block",
+	}
+	response, err := api.ListZoneAccessRules(context.Background(), zoneID, foo, 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range response.Result {
+		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
+	}
+}
+
+func ExampleAPI_ListZoneAccessRules_filterByNote() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch only access rules with notes containing "example"
+	foo := cloudflare.AccessRule{
+		Notes: "example",
+	}
+	response, err := api.ListZoneAccessRules(context.Background(), zoneID, foo, 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range response.Result {
+		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
+	}
+}
diff --git a/pkg/cloudflare-go/firewall_rules.go b/pkg/cloudflare-go/firewall_rules.go
new file mode 100644
index 0000000000..edcd2a0b93
--- /dev/null
+++ b/pkg/cloudflare-go/firewall_rules.go
@@ -0,0 +1,244 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// FirewallRule is the struct of the firewall rule.
+type FirewallRule struct {
+	ID          string      `json:"id,omitempty"`
+	Paused      bool        `json:"paused"`
+	Description string      `json:"description"`
+	Action      string      `json:"action"`
+	Priority    interface{} `json:"priority"`
+	Filter      Filter      `json:"filter"`
+	Products    []string    `json:"products,omitempty"`
+	Ref         string      `json:"ref,omitempty"`
+	CreatedOn   time.Time   `json:"created_on,omitempty"`
+	ModifiedOn  time.Time   `json:"modified_on,omitempty"`
+}
+
+// FirewallRulesDetailResponse is the API response for the firewall
+// rules.
+type FirewallRulesDetailResponse struct {
+	Result     []FirewallRule `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// FirewallRuleResponse is the API response that is returned
+// for requesting a single firewall rule on a zone.
+type FirewallRuleResponse struct {
+	Result     FirewallRule `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// FirewallRuleCreateParams contains required and optional params
+// for creating a firewall rule.
+type FirewallRuleCreateParams struct {
+	ID          string      `json:"id,omitempty"`
+	Paused      bool        `json:"paused"`
+	Description string      `json:"description"`
+	Action      string      `json:"action"`
+	Priority    interface{} `json:"priority"`
+	Filter      Filter      `json:"filter"`
+	Products    []string    `json:"products,omitempty"`
+	Ref         string      `json:"ref,omitempty"`
+}
+
+// FirewallRuleUpdateParams contains required and optional params
+// for updating a firewall rule.
+type FirewallRuleUpdateParams struct {
+	ID          string      `json:"id"`
+	Paused      bool        `json:"paused"`
+	Description string      `json:"description"`
+	Action      string      `json:"action"`
+	Priority    interface{} `json:"priority"`
+	Filter      Filter      `json:"filter"`
+	Products    []string    `json:"products,omitempty"`
+	Ref         string      `json:"ref,omitempty"`
+}
+
+type FirewallRuleListParams struct {
+	ResultInfo
+}
+
+// FirewallRules returns all firewall rules.
+//
+// Automatically paginates all results unless `params.PerPage` and `params.Page`
+// is set.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/get/#get-all-rules
+func (api *API) FirewallRules(ctx context.Context, rc *ResourceContainer, params FirewallRuleListParams) ([]FirewallRule, *ResultInfo, error) {
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var firewallRules []FirewallRule
+	var fResponse FirewallRulesDetailResponse
+	for {
+		fResponse = FirewallRulesDetailResponse{}
+		uri := buildURI(fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []FirewallRule{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &fResponse)
+		if err != nil {
+			return []FirewallRule{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+		}
+
+		firewallRules = append(firewallRules, fResponse.Result...)
+		params.ResultInfo = fResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return firewallRules, &fResponse.ResultInfo, nil
+}
+
+// FirewallRule returns a single firewall rule based on the ID.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/get/#get-by-rule-id
+func (api *API) FirewallRule(ctx context.Context, rc *ResourceContainer, firewallRuleID string) (FirewallRule, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, firewallRuleID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return FirewallRule{}, err
+	}
+
+	var firewallRuleResponse FirewallRuleResponse
+	err = json.Unmarshal(res, &firewallRuleResponse)
+	if err != nil {
+		return FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return firewallRuleResponse.Result, nil
+}
+
+// CreateFirewallRules creates new firewall rules.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/post/
+func (api *API) CreateFirewallRules(ctx context.Context, rc *ResourceContainer, params []FirewallRuleCreateParams) ([]FirewallRule, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return []FirewallRule{}, err
+	}
+
+	var firewallRulesDetailResponse FirewallRulesDetailResponse
+	err = json.Unmarshal(res, &firewallRulesDetailResponse)
+	if err != nil {
+		return []FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return firewallRulesDetailResponse.Result, nil
+}
+
+// UpdateFirewallRule updates a single firewall rule.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/put/#update-a-single-rule
+func (api *API) UpdateFirewallRule(ctx context.Context, rc *ResourceContainer, params FirewallRuleUpdateParams) (FirewallRule, error) {
+	if params.ID == "" {
+		return FirewallRule{}, fmt.Errorf("firewall rule ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, params.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return FirewallRule{}, err
+	}
+
+	var firewallRuleResponse FirewallRuleResponse
+	err = json.Unmarshal(res, &firewallRuleResponse)
+	if err != nil {
+		return FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return firewallRuleResponse.Result, nil
+}
+
+// UpdateFirewallRules updates a single firewall rule.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/put/#update-multiple-rules
+func (api *API) UpdateFirewallRules(ctx context.Context, rc *ResourceContainer, params []FirewallRuleUpdateParams) ([]FirewallRule, error) {
+	for _, firewallRule := range params {
+		if firewallRule.ID == "" {
+			return []FirewallRule{}, fmt.Errorf("firewall ID cannot be empty")
+		}
+	}
+
+	uri := fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return []FirewallRule{}, err
+	}
+
+	var firewallRulesDetailResponse FirewallRulesDetailResponse
+	err = json.Unmarshal(res, &firewallRulesDetailResponse)
+	if err != nil {
+		return []FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return firewallRulesDetailResponse.Result, nil
+}
+
+// DeleteFirewallRule deletes a single firewall rule.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/delete/#delete-a-single-rule
+func (api *API) DeleteFirewallRule(ctx context.Context, rc *ResourceContainer, firewallRuleID string) error {
+	if firewallRuleID == "" {
+		return fmt.Errorf("firewall rule ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, firewallRuleID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// DeleteFirewallRules deletes multiple firewall rules at once.
+//
+// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/delete/#delete-multiple-rules
+func (api *API) DeleteFirewallRules(ctx context.Context, rc *ResourceContainer, firewallRuleIDs []string) error {
+	v := url.Values{}
+
+	for _, ruleID := range firewallRuleIDs {
+		v.Add("id", ruleID)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/firewall/rules?%s", rc.Identifier, v.Encode())
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/firewall_rules_test.go b/pkg/cloudflare-go/firewall_rules_test.go
new file mode 100644
index 0000000000..42db16192e
--- /dev/null
+++ b/pkg/cloudflare-go/firewall_rules_test.go
@@ -0,0 +1,630 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFirewallRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+				{
+					"id":"2ae338944d6143383c3cf05a7c80d984",
+					"paused":false,
+					"description":"allow uploads without waf",
+					"action":"bypass",
+					"products": ["waf"],
+					"priority":null,
+					"filter":{
+						"id":"74217d7bd5ab435e84b1bd473bf4fb9f",
+						"expression":"http.request.uri.path matches \"^/upload$\"",
+						"paused":false,
+						"description":"/upload"
+					}
+				},
+				{
+					"id":"4ae338944d6143378c3cf05a7c77d983",
+					"paused":false,
+					"description":"allow API traffic without challenge",
+					"action":"allow",
+					"priority":null,
+					"filter":{
+						"id":"14217d7bd5ab435e84b1bd468bf4fb9f",
+						"expression":"http.request.uri.path matches \"^/api/.*$\"",
+						"paused":false,
+						"description":"/api"
+					}
+				},
+				{
+					"id":"f2d427378e7542acb295380d352e2ebd",
+					"paused":false,
+					"description":"do not challenge login from office",
+					"action":"allow",
+					"priority":null,
+					"filter":{
+						"id":"b7ff25282d394be7b945e23c7106ce8a",
+						"expression":"(http.request.uri.path ~ \"^.*/xmlrpc.php$\"",
+						"paused":false,
+						"description":"wordpress xmlrpc"
+					}
+				},
+				{
+					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
+					"paused":false,
+					"description":"challenge login",
+					"action":"challenge",
+					"priority":null,
+					"filter":{
+						"id":"c218c536b2bd406f958f278cf0fa8c0f",
+						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\"",
+						"paused":false,
+						"description":"Login"
+					}
+				},
+				{
+					"id":"52161eb6af4241bb9d4b32394be72fdf",
+					"paused":false,
+					"description":"JS challenge site",
+					"action":"js_challenge",
+					"priority":null,
+					"filter":{
+						"id":"f2a64520581a4209aab12187a0081364",
+						"expression":"not http.request.uri.path matches \"^/api/.*$\"",
+						"paused":false,
+						"description":"not /api"
+					}
+				}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null,
+			"result_info":{
+				"page":1,
+				"per_page":25,
+				"count":5,
+				"total_count":5
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
+	want := []FirewallRule{
+		{
+			ID:          "2ae338944d6143383c3cf05a7c80d984",
+			Paused:      false,
+			Description: "allow uploads without waf",
+			Action:      "bypass",
+			Priority:    nil,
+			Products:    []string{"waf"},
+			Filter: Filter{
+				ID:          "74217d7bd5ab435e84b1bd473bf4fb9f",
+				Expression:  "http.request.uri.path matches \"^/upload$\"",
+				Paused:      false,
+				Description: "/upload",
+			},
+		},
+		{
+			ID:          "4ae338944d6143378c3cf05a7c77d983",
+			Paused:      false,
+			Description: "allow API traffic without challenge",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "14217d7bd5ab435e84b1bd468bf4fb9f",
+				Expression:  "http.request.uri.path matches \"^/api/.*$\"",
+				Paused:      false,
+				Description: "/api",
+			},
+		},
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "(http.request.uri.path ~ \"^.*/xmlrpc.php$\"",
+				Paused:      false,
+				Description: "wordpress xmlrpc",
+			},
+		},
+		{
+			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Paused:      false,
+			Description: "challenge login",
+			Action:      "challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\"",
+				Paused:      false,
+				Description: "Login",
+			},
+		},
+		{
+			ID:          "52161eb6af4241bb9d4b32394be72fdf",
+			Paused:      false,
+			Description: "JS challenge site",
+			Action:      "js_challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "f2a64520581a4209aab12187a0081364",
+				Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
+				Paused:      false,
+				Description: "not /api",
+			},
+		},
+	}
+
+	actual, _, err := client.FirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), FirewallRuleListParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestFirewallRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":{
+				"id":"f2d427378e7542acb295380d352e2ebd",
+				"paused":false,
+				"description":"do not challenge login from office",
+				"action":"allow",
+				"priority":null,
+				"filter":{
+					"id":"b7ff25282d394be7b945e23c7106ce8a",
+					"expression":"ip.src in {198.51.100.1} ~ \"^.*/login.php$\")",
+					"paused":false,
+					"description":"Login from office"
+				}
+			},
+			"success":true,
+			"errors":null,
+			"messages":null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/f2d427378e7542acb295380d352e2ebd", handler)
+	want := FirewallRule{
+		ID:          "f2d427378e7542acb295380d352e2ebd",
+		Paused:      false,
+		Description: "do not challenge login from office",
+		Action:      "allow",
+		Priority:    nil,
+		Filter: Filter{
+			ID:          "b7ff25282d394be7b945e23c7106ce8a",
+			Expression:  "ip.src in {198.51.100.1} ~ \"^.*/login.php$\")",
+			Paused:      false,
+			Description: "Login from office",
+		},
+	}
+
+	actual, err := client.FirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "f2d427378e7542acb295380d352e2ebd")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSingleFirewallRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+				{
+					"id":"f2d427378e7542acb295380d352e2ebd",
+					"paused":false,
+					"description":"do not challenge login from office",
+					"action":"allow",
+					"priority":null,
+					"filter":{
+						"id":"b7ff25282d394be7b945e23c7106ce8a",
+						"expression":"ip.src in {198.51.100.0/24}",
+						"paused":false,
+						"description":"Login from office"
+					}
+				}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
+	params := []FirewallRuleCreateParams{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+	}
+
+	want := []FirewallRule{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+	}
+
+	actual, err := client.CreateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMultipleFirewallRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+				{
+					"id":"f2d427378e7542acb295380d352e2ebd",
+					"paused":false,
+					"description":"do not challenge login from office",
+					"action":"allow",
+					"priority":null,
+					"filter":{
+						"id":"b7ff25282d394be7b945e23c7106ce8a",
+						"expression":"ip.src in {198.51.100.0/24}",
+						"paused":false,
+						"description":"Login from office"
+					}
+				},
+				{
+					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
+					"paused":false,
+					"description":"challenge login",
+					"action":"challenge",
+					"priority":null,
+					"filter":{
+						"id":"c218c536b2bd406f958f278cf0fa8c0f",
+						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+						"paused":false,
+						"description":"Login"
+					}
+				}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
+	params := []FirewallRuleCreateParams{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+		{
+			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Paused:      false,
+			Description: "challenge login",
+			Action:      "challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+				Paused:      false,
+				Description: "Login",
+			},
+		},
+	}
+
+	want := []FirewallRule{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+		{
+			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Paused:      false,
+			Description: "challenge login",
+			Action:      "challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+				Paused:      false,
+				Description: "Login",
+			},
+		},
+	}
+
+	actual, err := client.CreateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateFirewallRuleWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	want := FirewallRuleUpdateParams{
+		ID:          "",
+		Paused:      false,
+		Description: "challenge site",
+		Action:      "challenge",
+		Priority:    nil,
+		Filter: Filter{
+			ID:          "f2a64520581a4209aab12187a0081364",
+			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
+			Paused:      false,
+			Description: "not /api",
+		},
+	}
+
+	_, err := client.UpdateFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), want)
+	assert.EqualError(t, err, "firewall rule ID cannot be empty")
+}
+
+func TestUpdateSingleFirewallRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":{
+				"id":"52161eb6af4241bb9d4b32394be72fdf",
+				"paused":false,
+				"description":"challenge site",
+				"action":"challenge",
+				"priority":null,
+				"filter":{
+					"id":"f2a64520581a4209aab12187a0081364",
+					"expression":"not http.request.uri.path matches \"^/api/.*$\"",
+					"paused":false,
+					"description":"not /api"
+				}
+			},
+			"success":true,
+			"errors":null,
+			"messages":null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/52161eb6af4241bb9d4b32394be72fdf", handler)
+	params := FirewallRuleUpdateParams{
+		ID:          "52161eb6af4241bb9d4b32394be72fdf",
+		Paused:      false,
+		Description: "challenge site",
+		Action:      "challenge",
+		Priority:    nil,
+		Filter: Filter{
+			ID:          "f2a64520581a4209aab12187a0081364",
+			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
+			Paused:      false,
+			Description: "not /api",
+		},
+	}
+
+	want := FirewallRule{
+		ID:          "52161eb6af4241bb9d4b32394be72fdf",
+		Paused:      false,
+		Description: "challenge site",
+		Action:      "challenge",
+		Priority:    nil,
+		Filter: Filter{
+			ID:          "f2a64520581a4209aab12187a0081364",
+			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
+			Paused:      false,
+			Description: "not /api",
+		},
+	}
+
+	actual, err := client.UpdateFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateMultipleFirewallRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+				{
+					"id":"f2d427378e7542acb295380d352e2ebd",
+					"paused":false,
+					"description":"do not challenge login from office",
+					"action":"allow",
+					"priority":null,
+					"filter":{
+						"id":"b7ff25282d394be7b945e23c7106ce8a",
+						"expression":"ip.src in {198.51.100.0/24}",
+						"paused":false,
+						"description":"Login from office"
+					}
+				},
+				{
+					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
+					"paused":false,
+					"description":"challenge login",
+					"action":"challenge",
+					"priority":null,
+					"filter":{
+						"id":"c218c536b2bd406f958f278cf0fa8c0f",
+						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+						"paused":false,
+						"description":"Login"
+					}
+				}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
+	params := []FirewallRuleUpdateParams{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+		{
+			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Paused:      false,
+			Description: "challenge login",
+			Action:      "challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+				Paused:      false,
+				Description: "Login",
+			},
+		},
+	}
+
+	want := []FirewallRule{
+		{
+			ID:          "f2d427378e7542acb295380d352e2ebd",
+			Paused:      false,
+			Description: "do not challenge login from office",
+			Action:      "allow",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "b7ff25282d394be7b945e23c7106ce8a",
+				Expression:  "ip.src in {198.51.100.0/24}",
+				Paused:      false,
+				Description: "Login from office",
+			},
+		},
+		{
+			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Paused:      false,
+			Description: "challenge login",
+			Action:      "challenge",
+			Priority:    nil,
+			Filter: Filter{
+				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
+				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
+				Paused:      false,
+				Description: "Login",
+			},
+		},
+	}
+
+	actual, err := client.UpdateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSingleFirewallRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [],
+			"success": true,
+			"errors": null,
+			"messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/f2d427378e7542acb295380d352e2ebd", handler)
+
+	err := client.DeleteFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "f2d427378e7542acb295380d352e2ebd")
+	assert.NoError(t, err)
+}
+
+func TestDeleteFirewallRuleWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	err := client.DeleteFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "")
+	assert.EqualError(t, err, "firewall rule ID cannot be empty")
+}
diff --git a/pkg/cloudflare-go/firewall_test.go b/pkg/cloudflare-go/firewall_test.go
new file mode 100644
index 0000000000..b8a1bcb823
--- /dev/null
+++ b/pkg/cloudflare-go/firewall_test.go
@@ -0,0 +1,406 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestListAccessRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "92f17202ed8bd63d69a66b86a49a8f6b",
+					"notes": "This rule is on because of an event that occurred on date X",
+					"allowed_modes": [
+						"whitelist",
+						"block",
+						"challenge",
+						"js_challenge"
+					],
+					"mode": "challenge",
+					"configuration": {
+						"target": "ip",
+						"value": "198.51.100.4"
+					},
+					"created_on": "2014-01-01T05:20:00Z",
+					"modified_on": "2014-01-01T05:20:00Z",
+					"scope": {
+						"id": "7c5dae5552338874e5053f2534d2767a",
+						"email": "user@example.com",
+						"type": "user"
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 200
+			}
+		}`)
+	}
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := &AccessRuleListResponse{
+		Result: []AccessRule{{
+			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
+			Notes:        "This rule is on because of an event that occurred on date X",
+			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
+			Mode:         "challenge",
+			Configuration: AccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.4",
+			},
+			CreatedOn:  createdOn,
+			ModifiedOn: modifiedOn,
+			Scope: AccessRuleScope{
+				ID:    "7c5dae5552338874e5053f2534d2767a",
+				Email: "user@example.com",
+				Type:  "user",
+			},
+		}},
+		ResultInfo: ResultInfo{
+			Page:    1,
+			PerPage: 20,
+			Count:   1,
+			Total:   200,
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	accessRule := AccessRule{
+		Notes: "my note",
+		Mode:  "challenge",
+		Configuration: AccessRuleConfiguration{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		},
+	}
+
+	mux.HandleFunc("/user/firewall/access_rules/rules", handler)
+	actual, err := client.ListUserAccessRules(context.Background(), accessRule, 1)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules", handler)
+	actual, err = client.ListZoneAccessRules(context.Background(), testZoneID, accessRule, 1)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules", handler)
+	actual, err = client.ListAccountAccessRules(context.Background(), testAccountID, accessRule, 1)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestCreateAccessRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := AccessRule{
+		Mode: "challenge",
+		Configuration: AccessRuleConfiguration{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		},
+		Notes: "This rule is on because of an event that occurred on date X",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		var v AccessRule
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
+				"notes": "This rule is on because of an event that occurred on date X",
+				"allowed_modes": [
+					"whitelist",
+					"block",
+					"challenge",
+					"js_challenge"
+				],
+				"mode": "challenge",
+				"configuration": {
+					"target": "ip",
+					"value": "198.51.100.4"
+				},
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"scope": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"email": "user@example.com",
+					"type": "user"
+				}
+			}
+		}`)
+	}
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := &AccessRuleResponse{
+		Result: AccessRule{
+			ID:            "92f17202ed8bd63d69a66b86a49a8f6b",
+			Notes:         input.Notes,
+			AllowedModes:  []string{"whitelist", "block", "challenge", "js_challenge"},
+			Mode:          input.Mode,
+			Configuration: input.Configuration,
+			CreatedOn:     createdOn,
+			ModifiedOn:    modifiedOn,
+			Scope: AccessRuleScope{
+				ID:    "7c5dae5552338874e5053f2534d2767a",
+				Email: "user@example.com",
+				Type:  "user",
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	mux.HandleFunc("/user/firewall/access_rules/rules", handler)
+	actual, err := client.CreateUserAccessRule(context.Background(), input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules", handler)
+	actual, err = client.CreateZoneAccessRule(context.Background(), testZoneID, input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules", handler)
+	actual, err = client.CreateAccountAccessRule(context.Background(), testAccountID, input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestAccessRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
+				"notes": "This rule is on because of an event that occurred on date X",
+				"allowed_modes": [
+					"whitelist",
+					"block",
+					"challenge",
+					"js_challenge"
+				],
+				"mode": "challenge",
+				"configuration": {
+					"target": "ip",
+					"value": "198.51.100.4"
+				},
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"scope": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"email": "user@example.com",
+					"type": "user"
+				}
+			}
+		}`)
+	}
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := &AccessRuleResponse{
+		Result: AccessRule{
+			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
+			Notes:        "This rule is on because of an event that occurred on date X",
+			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
+			Mode:         "challenge",
+			Configuration: AccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.4",
+			},
+			CreatedOn:  createdOn,
+			ModifiedOn: modifiedOn,
+			Scope: AccessRuleScope{
+				ID:    "7c5dae5552338874e5053f2534d2767a",
+				Email: "user@example.com",
+				Type:  "user",
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
+
+	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err := client.UserAccessRule(context.Background(), accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.ZoneAccessRule(context.Background(), testZoneID, accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.AccountAccessRule(context.Background(), testAccountID, accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateAccessRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := AccessRule{
+		Mode:  "challenge",
+		Notes: "This rule is on because of an event that occurred on date X",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v AccessRule
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
+				"notes": "This rule is on because of an event that occurred on date X",
+				"allowed_modes": [
+					"whitelist",
+					"block",
+					"challenge",
+					"js_challenge"
+				],
+				"mode": "challenge",
+				"configuration": {
+					"target": "ip",
+					"value": "198.51.100.4"
+				},
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"scope": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"email": "user@example.com",
+					"type": "user"
+				}
+			}
+		}`)
+	}
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := &AccessRuleResponse{
+		Result: AccessRule{
+			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
+			Notes:        "This rule is on because of an event that occurred on date X",
+			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
+			Mode:         "challenge",
+			Configuration: AccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.4",
+			},
+			CreatedOn:  createdOn,
+			ModifiedOn: modifiedOn,
+			Scope: AccessRuleScope{
+				ID:    "7c5dae5552338874e5053f2534d2767a",
+				Email: "user@example.com",
+				Type:  "user",
+			},
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
+
+	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err := client.UpdateUserAccessRule(context.Background(), accessRuleID, input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.UpdateZoneAccessRule(context.Background(), testZoneID, accessRuleID, input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.UpdateAccountAccessRule(context.Background(), testAccountID, accessRuleID, input)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestDeleteAccessRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "92f17202ed8bd63d69a66b86a49a8f6b"
+			}
+		}`)
+	}
+
+	want := &AccessRuleResponse{
+		Result: AccessRule{
+			ID: "92f17202ed8bd63d69a66b86a49a8f6b",
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
+
+	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err := client.DeleteUserAccessRule(context.Background(), accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.DeleteZoneAccessRule(context.Background(), testZoneID, accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
+	actual, err = client.DeleteAccountAccessRule(context.Background(), testAccountID, accessRuleID)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
diff --git a/pkg/cloudflare-go/flake.lock b/pkg/cloudflare-go/flake.lock
new file mode 100644
index 0000000000..153b6ef7dd
--- /dev/null
+++ b/pkg/cloudflare-go/flake.lock
@@ -0,0 +1,540 @@
+{
+  "nodes": {
+    "builtfilter": {
+      "inputs": {
+        "flox-floxpkgs": [
+          "flox-floxpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1679586988,
+        "narHash": "sha256-TkoF4E4yN40s042YG6DaOzk+vtbzsoey0lUO+tm03is=",
+        "owner": "flox",
+        "repo": "builtfilter",
+        "rev": "931a381bb96d909f51fcf25d7ca4fa9dcfb12aff",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "builtfilter-rs",
+        "repo": "builtfilter",
+        "type": "github"
+      }
+    },
+    "capacitor": {
+      "inputs": {
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1675110136,
+        "narHash": "sha256-83n/ZLBMoIkgYGy12F1hNaqMUgJsfkno5P1+sm9liOU=",
+        "owner": "flox",
+        "repo": "capacitor",
+        "rev": "9d4b9bce0f439e01fe2c2b2a1bfe08592a6204c4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "v0",
+        "repo": "capacitor",
+        "type": "github"
+      }
+    },
+    "capacitor_2": {
+      "inputs": {
+        "nixpkgs": [
+          "flox-floxpkgs",
+          "nixpkgs",
+          "nixpkgs"
+        ],
+        "nixpkgs-lib": "nixpkgs-lib_2"
+      },
+      "locked": {
+        "lastModified": 1675110136,
+        "narHash": "sha256-83n/ZLBMoIkgYGy12F1hNaqMUgJsfkno5P1+sm9liOU=",
+        "owner": "flox",
+        "repo": "capacitor",
+        "rev": "9d4b9bce0f439e01fe2c2b2a1bfe08592a6204c4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "repo": "capacitor",
+        "type": "github"
+      }
+    },
+    "catalog": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1665076737,
+        "narHash": "sha256-S0bD7Z434Lvm7U4VHwvmxdTMrexdr72Yk6z0ExE3j7s=",
+        "owner": "flox",
+        "repo": "floxpkgs",
+        "rev": "bd8326c2fea27d01933eacb922f5ae70f97140c6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "publish",
+        "repo": "floxpkgs",
+        "type": "github"
+      }
+    },
+    "commitizen-src": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1679149521,
+        "narHash": "sha256-F/fbBEwG7ijHELy4RnpvlXOPkTsXFxjALdK7UIGIzMo=",
+        "owner": "commitizen-tools",
+        "repo": "commitizen",
+        "rev": "378a42881891633d8a81939cb46426eb36ed01aa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "commitizen-tools",
+        "repo": "commitizen",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flox": {
+      "inputs": {
+        "commitizen-src": "commitizen-src",
+        "flox-bash": [
+          "flox-floxpkgs",
+          "flox-bash"
+        ],
+        "flox-floxpkgs": [
+          "flox-floxpkgs"
+        ],
+        "shellHooks": "shellHooks"
+      },
+      "locked": {
+        "lastModified": 1679679655,
+        "narHash": "sha256-zug5lg3CqDMkmtbort6CHFJgUPyzRip0tg7t3dbSTWo=",
+        "ref": "main",
+        "rev": "98a44ab06d9f9f5e4824fd3add2d32aef95e606f",
+        "revCount": 427,
+        "type": "git",
+        "url": "ssh://git@github.com/flox/flox"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "ssh://git@github.com/flox/flox"
+      }
+    },
+    "flox-bash": {
+      "inputs": {
+        "flox-floxpkgs": [
+          "flox-floxpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1679665116,
+        "narHash": "sha256-v1qgb6rOVa9q8oIlps/Z4kw7+YQqN3AsScNEgy5xwGQ=",
+        "ref": "main",
+        "rev": "db7efcacb5f5935b286006288f23f931a573a918",
+        "revCount": 216,
+        "type": "git",
+        "url": "ssh://git@github.com/flox/flox-bash"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "ssh://git@github.com/flox/flox-bash"
+      }
+    },
+    "flox-floxpkgs": {
+      "inputs": {
+        "builtfilter": "builtfilter",
+        "capacitor": "capacitor",
+        "catalog": "catalog",
+        "flox": "flox",
+        "flox-bash": "flox-bash",
+        "nixpkgs": "nixpkgs_3",
+        "tracelinks": "tracelinks"
+      },
+      "locked": {
+        "lastModified": 1680131458,
+        "narHash": "sha256-B0xvpF2h5iotKAMP13l0VtsXRAPwKQLitmxKdBSWLQQ=",
+        "owner": "flox",
+        "repo": "floxpkgs",
+        "rev": "6d8216d24ce8959b599107ccff8b15c959540b1a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "repo": "floxpkgs",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "flox-floxpkgs",
+          "flox",
+          "shellHooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1676973346,
+        "narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
+        "owner": "flox",
+        "repo": "nixpkgs",
+        "rev": "d0d55259081f0b97c828f38559cad899d351cad1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "stable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1679791877,
+        "narHash": "sha256-tTV1Mf0hPWIMtqyU16Kd2JUBDWvfHlDC9pF57vcbgpQ=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "cc060ddbf652a532b54057081d5abd6144d01971",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs-lib_2": {
+      "locked": {
+        "lastModified": 1679791877,
+        "narHash": "sha256-tTV1Mf0hPWIMtqyU16Kd2JUBDWvfHlDC9pF57vcbgpQ=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "cc060ddbf652a532b54057081d5abd6144d01971",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1678872516,
+        "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable_2": {
+      "locked": {
+        "lastModified": 1676973346,
+        "narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
+        "owner": "flox",
+        "repo": "nixpkgs",
+        "rev": "d0d55259081f0b97c828f38559cad899d351cad1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "stable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-staging": {
+      "locked": {
+        "lastModified": 1679262748,
+        "narHash": "sha256-DQCrrAFrkxijC6haUzOC5ZoFqpcv/tg2WxnyW3np1Cc=",
+        "owner": "flox",
+        "repo": "nixpkgs",
+        "rev": "60c1d71f2ba4c80178ec84523c2ca0801522e0a6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "staging",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1679944645,
+        "narHash": "sha256-e5Qyoe11UZjVfgRfwNoSU57ZeKuEmjYb77B9IVW7L/M=",
+        "owner": "flox",
+        "repo": "nixpkgs",
+        "rev": "4bb072f0a8b267613c127684e099a70e1f6ff106",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "ref": "unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1678898370,
+        "narHash": "sha256-xTICr1j+uat5hk9FyuPOFGxpWHdJRibwZC+ATi0RbtE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ac718d02867a84b42522a0ece52d841188208f2c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "inputs": {
+        "capacitor": "capacitor_2",
+        "flox": [
+          "flox-floxpkgs",
+          "flox"
+        ],
+        "flox-bash": [
+          "flox-floxpkgs",
+          "flox-bash"
+        ],
+        "flox-floxpkgs": [
+          "flox-floxpkgs"
+        ],
+        "nixpkgs": [
+          "flox-floxpkgs",
+          "nixpkgs",
+          "nixpkgs-stable"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable_2",
+        "nixpkgs-staging": "nixpkgs-staging",
+        "nixpkgs-unstable": "nixpkgs-unstable",
+        "nixpkgs__flox__aarch64-darwin": "nixpkgs__flox__aarch64-darwin",
+        "nixpkgs__flox__aarch64-linux": "nixpkgs__flox__aarch64-linux",
+        "nixpkgs__flox__i686-linux": "nixpkgs__flox__i686-linux",
+        "nixpkgs__flox__x86_64-darwin": "nixpkgs__flox__x86_64-darwin",
+        "nixpkgs__flox__x86_64-linux": "nixpkgs__flox__x86_64-linux"
+      },
+      "locked": {
+        "lastModified": 1680113891,
+        "narHash": "sha256-JiAmKV8ECf877cDbTum06NQ28n8FvwC4DYlCYzEVWxg=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "b7e7e40e2aa1ca2a44db440f5dc52213564af02f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "nixpkgs__flox__aarch64-darwin": {
+      "flake": false,
+      "locked": {
+        "host": "catalog.floxsdlc.com",
+        "lastModified": 1680113678,
+        "narHash": "sha256-rCkwbly3gyvNcw21VBMXcf6EmF7crKZAS8Ylh2B5H+I=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "31d3b5fafdf504842e1e47a0c9b5888cf5dbae06",
+        "type": "github"
+      },
+      "original": {
+        "host": "catalog.floxsdlc.com",
+        "owner": "flox",
+        "ref": "aarch64-darwin",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "nixpkgs__flox__aarch64-linux": {
+      "flake": false,
+      "locked": {
+        "host": "catalog.floxsdlc.com",
+        "lastModified": 1680113660,
+        "narHash": "sha256-ZofvvoatURsk1p5JvqajdrcO9iIT7UHjV2cb7io4FK0=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "8112f3ce4a227cd5088165d929761d877eea6709",
+        "type": "github"
+      },
+      "original": {
+        "host": "catalog.floxsdlc.com",
+        "owner": "flox",
+        "ref": "aarch64-linux",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "nixpkgs__flox__i686-linux": {
+      "flake": false,
+      "locked": {
+        "host": "catalog.floxsdlc.com",
+        "lastModified": 1680113793,
+        "narHash": "sha256-xbjWq4lOP+K2772K8kDF17+CPoVyalqXYWyoH3x8au8=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "c189975540c856ac025be398761788c118ff5733",
+        "type": "github"
+      },
+      "original": {
+        "host": "catalog.floxsdlc.com",
+        "owner": "flox",
+        "ref": "i686-linux",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "nixpkgs__flox__x86_64-darwin": {
+      "flake": false,
+      "locked": {
+        "host": "catalog.floxsdlc.com",
+        "lastModified": 1680113786,
+        "narHash": "sha256-HBNnTigb0MxCM6j6XmIH/0BRlUp7Rpe1et13TBf7xfM=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "5ab94a52855a10ad1ac0edd7277654bd587faf3e",
+        "type": "github"
+      },
+      "original": {
+        "host": "catalog.floxsdlc.com",
+        "owner": "flox",
+        "ref": "x86_64-darwin",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "nixpkgs__flox__x86_64-linux": {
+      "flake": false,
+      "locked": {
+        "host": "catalog.floxsdlc.com",
+        "lastModified": 1680113768,
+        "narHash": "sha256-YnzWsglWn0TAeg2xQaVg8UFgALVU0TYZ/PdKV32EEtk=",
+        "owner": "flox",
+        "repo": "nixpkgs-flox",
+        "rev": "50ecffffa7c51a92a7a6bb9eb105625ed8b8f18d",
+        "type": "github"
+      },
+      "original": {
+        "host": "catalog.floxsdlc.com",
+        "owner": "flox",
+        "ref": "x86_64-linux",
+        "repo": "nixpkgs-flox",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flox-floxpkgs": "flox-floxpkgs"
+      }
+    },
+    "shellHooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": "nixpkgs_2",
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1678976941,
+        "narHash": "sha256-skNr08frCwN9NO+7I77MjOHHAw+L410/37JknNld+W4=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "32b1dbedfd77892a6e375737ef04d8efba634e9e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "tracelinks": {
+      "inputs": {
+        "flox-floxpkgs": [
+          "flox-floxpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1674847293,
+        "narHash": "sha256-wPirp+8gIUpoAgE8zoXZalAJzCzcdDHKLEPOapJUtfs=",
+        "ref": "main",
+        "rev": "46108503f52bc2fcc948abb9b00fc65a13e5f5bd",
+        "revCount": 9,
+        "type": "git",
+        "url": "ssh://git@github.com/flox/tracelinks"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "ssh://git@github.com/flox/tracelinks"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/pkg/cloudflare-go/flake.nix b/pkg/cloudflare-go/flake.nix
new file mode 100644
index 0000000000..3fd85dbded
--- /dev/null
+++ b/pkg/cloudflare-go/flake.nix
@@ -0,0 +1,7 @@
+{
+  description = "A flox project";
+
+  inputs.flox-floxpkgs.url = "github:flox/floxpkgs";
+
+  outputs = args @ {flox-floxpkgs, ...}: flox-floxpkgs.project args (_: {});
+}
diff --git a/pkg/cloudflare-go/flox.nix b/pkg/cloudflare-go/flox.nix
new file mode 100644
index 0000000000..3f82311a7e
--- /dev/null
+++ b/pkg/cloudflare-go/flox.nix
@@ -0,0 +1,3 @@
+{
+  packages.nixpkgs-flox.go_1_20 = { };
+}
diff --git a/pkg/cloudflare-go/go.mod b/pkg/cloudflare-go/go.mod
new file mode 100644
index 0000000000..5524d69758
--- /dev/null
+++ b/pkg/cloudflare-go/go.mod
@@ -0,0 +1,32 @@
+module github.com/cloudflare/cloudflare-go
+
+go 1.19
+
+require (
+	github.com/goccy/go-json v0.10.3
+	github.com/google/go-querystring v1.1.0
+	github.com/hashicorp/go-retryablehttp v0.7.7
+	github.com/olekukonko/tablewriter v0.0.5
+	github.com/stretchr/testify v1.9.0
+	github.com/urfave/cli/v2 v2.27.2
+	golang.org/x/net v0.26.0
+	golang.org/x/time v0.5.0
+)
+
+require gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rogpeppe/go-internal v1.8.1 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
+	golang.org/x/text v0.16.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
diff --git a/pkg/cloudflare-go/go.sum b/pkg/cloudflare-go/go.sum
new file mode 100644
index 0000000000..b1a05597db
--- /dev/null
+++ b/pkg/cloudflare-go/go.sum
@@ -0,0 +1,64 @@
+github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
+github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
+golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/pkg/cloudflare-go/healthchecks.go b/pkg/cloudflare-go/healthchecks.go
new file mode 100644
index 0000000000..cd5acd154c
--- /dev/null
+++ b/pkg/cloudflare-go/healthchecks.go
@@ -0,0 +1,199 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Healthcheck describes a Healthcheck object.
+type Healthcheck struct {
+	ID                   string                 `json:"id,omitempty"`
+	CreatedOn            *time.Time             `json:"created_on,omitempty"`
+	ModifiedOn           *time.Time             `json:"modified_on,omitempty"`
+	Name                 string                 `json:"name"`
+	Description          string                 `json:"description"`
+	Suspended            bool                   `json:"suspended"`
+	Address              string                 `json:"address"`
+	Retries              int                    `json:"retries,omitempty"`
+	Timeout              int                    `json:"timeout,omitempty"`
+	Interval             int                    `json:"interval,omitempty"`
+	ConsecutiveSuccesses int                    `json:"consecutive_successes,omitempty"`
+	ConsecutiveFails     int                    `json:"consecutive_fails,omitempty"`
+	Type                 string                 `json:"type,omitempty"`
+	CheckRegions         []string               `json:"check_regions"`
+	HTTPConfig           *HealthcheckHTTPConfig `json:"http_config,omitempty"`
+	TCPConfig            *HealthcheckTCPConfig  `json:"tcp_config,omitempty"`
+	Status               string                 `json:"status"`
+	FailureReason        string                 `json:"failure_reason"`
+}
+
+// HealthcheckHTTPConfig describes configuration for a HTTP healthcheck.
+type HealthcheckHTTPConfig struct {
+	Method          string              `json:"method"`
+	Port            uint16              `json:"port,omitempty"`
+	Path            string              `json:"path"`
+	ExpectedCodes   []string            `json:"expected_codes"`
+	ExpectedBody    string              `json:"expected_body"`
+	FollowRedirects bool                `json:"follow_redirects"`
+	AllowInsecure   bool                `json:"allow_insecure"`
+	Header          map[string][]string `json:"header"`
+}
+
+// HealthcheckTCPConfig describes configuration for a TCP healthcheck.
+type HealthcheckTCPConfig struct {
+	Method string `json:"method"`
+	Port   uint16 `json:"port,omitempty"`
+}
+
+// HealthcheckListResponse is the API response, containing an array of healthchecks.
+type HealthcheckListResponse struct {
+	Response
+	Result     []Healthcheck `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// HealthcheckResponse is the API response, containing a single healthcheck.
+type HealthcheckResponse struct {
+	Response
+	Result Healthcheck `json:"result"`
+}
+
+// Healthchecks returns all healthchecks for a zone.
+//
+// API reference: https://api.cloudflare.com/#health-checks-list-health-checks
+func (api *API) Healthchecks(ctx context.Context, zoneID string) ([]Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Healthcheck{}, err
+	}
+	var r HealthcheckListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// Healthcheck returns a single healthcheck by ID.
+//
+// API reference: https://api.cloudflare.com/#health-checks-health-check-details
+func (api *API) Healthcheck(ctx context.Context, zoneID, healthcheckID string) (Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Healthcheck{}, err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateHealthcheck creates a new healthcheck in a zone.
+//
+// API reference: https://api.cloudflare.com/#health-checks-create-health-check
+func (api *API) CreateHealthcheck(ctx context.Context, zoneID string, healthcheck Healthcheck) (Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, healthcheck)
+	if err != nil {
+		return Healthcheck{}, err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateHealthcheck updates an existing healthcheck.
+//
+// API reference: https://api.cloudflare.com/#health-checks-update-health-check
+func (api *API) UpdateHealthcheck(ctx context.Context, zoneID string, healthcheckID string, healthcheck Healthcheck) (Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, healthcheck)
+	if err != nil {
+		return Healthcheck{}, err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteHealthcheck deletes a healthcheck in a zone.
+//
+// API reference: https://api.cloudflare.com/#health-checks-delete-health-check
+func (api *API) DeleteHealthcheck(ctx context.Context, zoneID string, healthcheckID string) error {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// CreateHealthcheckPreview creates a new preview of a healthcheck in a zone.
+//
+// API reference: https://api.cloudflare.com/#health-checks-create-preview-health-check
+func (api *API) CreateHealthcheckPreview(ctx context.Context, zoneID string, healthcheck Healthcheck) (Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/preview", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, healthcheck)
+	if err != nil {
+		return Healthcheck{}, err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// HealthcheckPreview returns a single healthcheck preview by its ID.
+//
+// API reference: https://api.cloudflare.com/#health-checks-health-check-preview-details
+func (api *API) HealthcheckPreview(ctx context.Context, zoneID, id string) (Healthcheck, error) {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/preview/%s", zoneID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Healthcheck{}, err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteHealthcheckPreview deletes a healthcheck preview in a zone if it exists.
+//
+// API reference: https://api.cloudflare.com/#health-checks-delete-preview-health-check
+func (api *API) DeleteHealthcheckPreview(ctx context.Context, zoneID string, id string) error {
+	uri := fmt.Sprintf("/zones/%s/healthchecks/preview/%s", zoneID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r HealthcheckResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/healthchecks_test.go b/pkg/cloudflare-go/healthchecks_test.go
new file mode 100644
index 0000000000..80c24a93c8
--- /dev/null
+++ b/pkg/cloudflare-go/healthchecks_test.go
@@ -0,0 +1,309 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	healthcheckID       = "314d6b003029433741b94a7c9284915a"
+	healthcheckResponse = `{
+		"id": "%s",
+		"name": "example-healthcheck",
+		"description": "Example Healthcheck",
+		"suspended": false,
+		"address": "www.example.com",
+		"retries": 2,
+		"timeout": 5,
+		"consecutive_successes": 2,
+		"consecutive_fails": 2,
+		"interval": 60,
+		"type": "HTTP",
+		"check_regions": [
+			"WNAM"
+		],
+		"http_config": {
+			"method": "GET",
+			"path": "/",
+			"port": 8443,
+			"expected_body": "",
+			"expected_codes": [
+				"200"
+			],
+			"follow_redirects": true,
+			"allow_insecure": false,
+			"header": {
+				"Host": [
+					"www.example.com"
+				]
+			}
+		},
+		"tcp_config": null,
+		"created_on": "2019-01-13T12:20:00.12345Z",
+		"modified_on": "2019-01-13T12:20:00.12345Z",
+		"status": "unknown",
+		"failure_reason": ""
+	}`
+)
+
+var (
+	createdOn, _  = time.Parse(time.RFC3339, "2019-01-13T12:20:00.12345Z")
+	modifiedOn, _ = time.Parse(time.RFC3339, "2019-01-13T12:20:00.12345Z")
+
+	expectedHealthcheck = Healthcheck{
+		ID:                   "314d6b003029433741b94a7c9284915a",
+		CreatedOn:            &createdOn,
+		ModifiedOn:           &modifiedOn,
+		Description:          "Example Healthcheck",
+		Name:                 "example-healthcheck",
+		Suspended:            false,
+		Address:              "www.example.com",
+		Retries:              2,
+		ConsecutiveSuccesses: 2,
+		ConsecutiveFails:     2,
+		Timeout:              5,
+		Interval:             60,
+		Type:                 "HTTP",
+		CheckRegions:         []string{"WNAM"},
+		HTTPConfig: &HealthcheckHTTPConfig{
+			Method:          http.MethodGet,
+			Path:            "/",
+			Port:            8443,
+			ExpectedBody:    "",
+			ExpectedCodes:   []string{"200"},
+			FollowRedirects: true,
+			AllowInsecure:   false,
+			Header: map[string][]string{
+				"Host": {"www.example.com"},
+			},
+		},
+		Status:        "unknown",
+		FailureReason: "",
+	}
+)
+
+func TestHealthchecks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+			%s
+			],
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result_info": {
+				"page": 1,
+				"per_page": 25,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+  		}
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks", handler)
+	want := []Healthcheck{expectedHealthcheck}
+
+	actual, err := client.Healthchecks(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestHealthcheck(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": %s,
+			"success": true,
+			"errors": [],
+			"messages": []
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
+	want := expectedHealthcheck
+
+	actual, err := client.Healthcheck(context.Background(), testZoneID, healthcheckID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateHealthcheck(t *testing.T) {
+	setup()
+	defer teardown()
+	newHealthcheck := Healthcheck{
+		Name:      "example-healthcheck",
+		Address:   "www.example.com",
+		Suspended: false,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks", handler)
+	want := expectedHealthcheck
+
+	actual, err := client.CreateHealthcheck(context.Background(), testZoneID, newHealthcheck)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateHealthcheck(t *testing.T) {
+	setup()
+	defer teardown()
+	updatedHealthcheck := Healthcheck{
+		Name:    "example-healthcheck",
+		Address: "www.example.com",
+		HTTPConfig: &HealthcheckHTTPConfig{
+			Path: "/newpath",
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
+	want := expectedHealthcheck
+
+	actual, err := client.UpdateHealthcheck(context.Background(), testZoneID, healthcheckID, updatedHealthcheck)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteHealthcheck(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
+
+	err := client.DeleteHealthcheck(context.Background(), testZoneID, healthcheckID)
+	assert.NoError(t, err)
+}
+
+func TestCreateHealthcheckPreview(t *testing.T) {
+	setup()
+	defer teardown()
+	newHealthcheck := Healthcheck{
+		Name:      "example-healthcheck",
+		Address:   "www.example.com",
+		Suspended: false,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview", handler)
+	want := expectedHealthcheck
+
+	actual, err := client.CreateHealthcheckPreview(context.Background(), testZoneID, newHealthcheck)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestHealthcheckPreview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": %s,
+			"success": true,
+			"errors": [],
+			"messages": []
+		}
+		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview/"+healthcheckID, handler)
+	want := expectedHealthcheck
+
+	actual, err := client.HealthcheckPreview(context.Background(), testZoneID, healthcheckID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteHealthcheckPreview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview/"+healthcheckID, handler)
+
+	err := client.DeleteHealthcheckPreview(context.Background(), testZoneID, healthcheckID)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/hyperdrive.go b/pkg/cloudflare-go/hyperdrive.go
new file mode 100644
index 0000000000..c1ddbc9a5f
--- /dev/null
+++ b/pkg/cloudflare-go/hyperdrive.go
@@ -0,0 +1,214 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingHyperdriveConfigID             = errors.New("required hyperdrive config id is missing")
+	ErrMissingHyperdriveConfigName           = errors.New("required hyperdrive config name is missing")
+	ErrMissingHyperdriveConfigOriginDatabase = errors.New("required hyperdrive config origin database is missing")
+	ErrMissingHyperdriveConfigOriginPassword = errors.New("required hyperdrive config origin password is missing")
+	ErrMissingHyperdriveConfigOriginHost     = errors.New("required hyperdrive config origin host is missing")
+	ErrMissingHyperdriveConfigOriginScheme   = errors.New("required hyperdrive config origin scheme is missing")
+	ErrMissingHyperdriveConfigOriginUser     = errors.New("required hyperdrive config origin user is missing")
+)
+
+type HyperdriveConfig struct {
+	ID      string                  `json:"id,omitempty"`
+	Name    string                  `json:"name,omitempty"`
+	Origin  HyperdriveConfigOrigin  `json:"origin,omitempty"`
+	Caching HyperdriveConfigCaching `json:"caching,omitempty"`
+}
+
+type HyperdriveConfigOrigin struct {
+	Database string `json:"database,omitempty"`
+	Password string `json:"password"`
+	Host     string `json:"host,omitempty"`
+	Port     int    `json:"port,omitempty"`
+	Scheme   string `json:"scheme,omitempty"`
+	User     string `json:"user,omitempty"`
+}
+
+type HyperdriveConfigCaching struct {
+	Disabled             *bool `json:"disabled,omitempty"`
+	MaxAge               int   `json:"max_age,omitempty"`
+	StaleWhileRevalidate int   `json:"stale_while_revalidate,omitempty"`
+}
+
+type HyperdriveConfigListResponse struct {
+	Response
+	Result []HyperdriveConfig `json:"result"`
+}
+
+type CreateHyperdriveConfigParams struct {
+	Name    string                  `json:"name"`
+	Origin  HyperdriveConfigOrigin  `json:"origin"`
+	Caching HyperdriveConfigCaching `json:"caching,omitempty"`
+}
+
+type HyperdriveConfigResponse struct {
+	Response
+	Result HyperdriveConfig `json:"result"`
+}
+
+type UpdateHyperdriveConfigParams struct {
+	HyperdriveID string                  `json:"-"`
+	Name         string                  `json:"name"`
+	Origin       HyperdriveConfigOrigin  `json:"origin"`
+	Caching      HyperdriveConfigCaching `json:"caching,omitempty"`
+}
+
+type ListHyperdriveConfigParams struct{}
+
+// ListHyperdriveConfigs returns the Hyperdrive configs owned by an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/list-hyperdrive
+func (api *API) ListHyperdriveConfigs(ctx context.Context, rc *ResourceContainer, params ListHyperdriveConfigParams) ([]HyperdriveConfig, error) {
+	if rc.Identifier == "" {
+		return []HyperdriveConfig{}, ErrMissingAccountID
+	}
+
+	hResponse := HyperdriveConfigListResponse{}
+	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []HyperdriveConfig{}, err
+	}
+
+	err = json.Unmarshal(res, &hResponse)
+	if err != nil {
+		return []HyperdriveConfig{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+	}
+
+	return hResponse.Result, nil
+}
+
+// CreateHyperdriveConfig creates a new Hyperdrive config.
+//
+// API reference: https://developers.cloudflare.com/api/operations/create-hyperdrive
+func (api *API) CreateHyperdriveConfig(ctx context.Context, rc *ResourceContainer, params CreateHyperdriveConfigParams) (HyperdriveConfig, error) {
+	if rc.Identifier == "" {
+		return HyperdriveConfig{}, ErrMissingAccountID
+	}
+
+	if params.Name == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return HyperdriveConfig{}, err
+	}
+
+	var r HyperdriveConfigResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteHyperdriveConfig deletes a Hyperdrive config.
+//
+// API reference: https://developers.cloudflare.com/api/operations/delete-hyperdrive
+func (api *API) DeleteHyperdriveConfig(ctx context.Context, rc *ResourceContainer, hyperdriveID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+	if hyperdriveID == "" {
+		return ErrMissingHyperdriveConfigID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, hyperdriveID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
+
+// GetHyperdriveConfig returns a single Hyperdrive config based on the ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/get-hyperdrive
+func (api *API) GetHyperdriveConfig(ctx context.Context, rc *ResourceContainer, hyperdriveID string) (HyperdriveConfig, error) {
+	if rc.Identifier == "" {
+		return HyperdriveConfig{}, ErrMissingAccountID
+	}
+
+	if hyperdriveID == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, hyperdriveID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return HyperdriveConfig{}, err
+	}
+
+	var r HyperdriveConfigResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateHyperdriveConfig updates a Hyperdrive config.
+//
+// API reference: https://developers.cloudflare.com/api/operations/update-hyperdrive
+func (api *API) UpdateHyperdriveConfig(ctx context.Context, rc *ResourceContainer, params UpdateHyperdriveConfigParams) (HyperdriveConfig, error) {
+	if rc.Identifier == "" {
+		return HyperdriveConfig{}, ErrMissingAccountID
+	}
+
+	if params.HyperdriveID == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigID
+	}
+
+	if params.Origin.Database == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginDatabase
+	}
+
+	if params.Origin.Password == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginPassword
+	}
+
+	if params.Origin.Host == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginHost
+	}
+
+	if params.Origin.Scheme == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginScheme
+	}
+
+	if params.Origin.User == "" {
+		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginUser
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, params.HyperdriveID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return HyperdriveConfig{}, err
+	}
+
+	var r HyperdriveConfigResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/hyperdrive_test.go b/pkg/cloudflare-go/hyperdrive_test.go
new file mode 100644
index 0000000000..c19378f149
--- /dev/null
+++ b/pkg/cloudflare-go/hyperdrive_test.go
@@ -0,0 +1,280 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testHyperdriveConfigId   = "6b7efc370ea34ded8327fa20698dfe3a"
+	testHyperdriveConfigName = "example-hyperdrive"
+)
+
+func testHyperdriveConfig() HyperdriveConfig {
+	return HyperdriveConfig{
+		ID:   testHyperdriveConfigId,
+		Name: testHyperdriveConfigName,
+		Origin: HyperdriveConfigOrigin{
+			Database: "postgres",
+			Host:     "database.example.com",
+			Port:     5432,
+			Scheme:   "postgres",
+			User:     "postgres",
+		},
+		Caching: HyperdriveConfigCaching{
+			Disabled:             BoolPtr(false),
+			MaxAge:               30,
+			StaleWhileRevalidate: 15,
+		},
+	}
+}
+
+func TestHyperdriveConfig_List(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [{
+				"id": "6b7efc370ea34ded8327fa20698dfe3a",
+				"caching": {
+					"disabled": false,
+					"max_age": 30,
+					"stale_while_revalidate": 15
+				},
+				"name": "example-hyperdrive",
+				"origin": {
+					"database": "postgres",
+					"host": "database.example.com",
+					"port": 5432,
+					"scheme": "postgres",
+					"user": "postgres"
+				}
+			}]
+		}`)
+	})
+
+	_, err := client.ListHyperdriveConfigs(context.Background(), AccountIdentifier(""), ListHyperdriveConfigParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	result, err := client.ListHyperdriveConfigs(context.Background(), AccountIdentifier(testAccountID), ListHyperdriveConfigParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(result))
+		assert.Equal(t, testHyperdriveConfig(), result[0])
+	}
+}
+
+func TestHyperdriveConfig_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "6b7efc370ea34ded8327fa20698dfe3a",
+				"caching": {
+					"disabled": false,
+					"max_age": 30,
+					"stale_while_revalidate": 15
+				},
+				"name": "example-hyperdrive",
+				"origin": {
+					"database": "postgres",
+					"host": "database.example.com",
+					"port": 5432,
+					"scheme": "postgres",
+					"user": "postgres"
+				}
+			}
+		}`)
+	})
+
+	_, err := client.GetHyperdriveConfig(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.GetHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
+	}
+
+	result, err := client.GetHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), testHyperdriveConfigId)
+	if assert.NoError(t, err) {
+		assert.Equal(t, testHyperdriveConfig(), result)
+	}
+}
+
+func TestHyperdriveConfig_Create(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "6b7efc370ea34ded8327fa20698dfe3a",
+				"caching": {
+					"disabled": false,
+					"max_age": 30,
+					"stale_while_revalidate": 15
+				},
+				"name": "example-hyperdrive",
+				"origin": {
+					"database": "postgres",
+					"host": "database.example.com",
+					"port": 5432,
+					"scheme": "postgres",
+					"user": "postgres"
+				}
+			}
+		}`)
+	})
+
+	_, err := client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(""), CreateHyperdriveConfigParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), CreateHyperdriveConfigParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingHyperdriveConfigName, err)
+	}
+
+	result, err := client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), CreateHyperdriveConfigParams{
+		Name: "example-hyperdrive",
+		Origin: HyperdriveConfigOrigin{
+			Database: "postgres",
+			Password: "password",
+			Host:     "database.example.com",
+			Port:     5432,
+			Scheme:   "postgres",
+			User:     "postgres",
+		},
+		Caching: HyperdriveConfigCaching{
+			Disabled:             BoolPtr(false),
+			MaxAge:               30,
+			StaleWhileRevalidate: 15,
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, testHyperdriveConfig(), result)
+	}
+}
+
+func TestHyperdriveConfig_Delete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": null
+		}`)
+	})
+	err := client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
+	}
+
+	err = client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), testHyperdriveConfigId)
+	assert.NoError(t, err)
+}
+
+func TestHyperdriveConfig_Update(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "6b7efc370ea34ded8327fa20698dfe3a",
+				"caching": {
+					"disabled": false,
+					"max_age": 30,
+					"stale_while_revalidate": 15
+				},
+				"name": "example-hyperdrive",
+				"origin": {
+					"database": "postgres",
+					"host": "database.example.com",
+					"port": 5432,
+					"scheme": "postgres",
+					"user": "postgres"
+				}
+			}
+		}`)
+	})
+
+	_, err := client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(""), UpdateHyperdriveConfigParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), UpdateHyperdriveConfigParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
+	}
+
+	result, err := client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), UpdateHyperdriveConfigParams{
+		HyperdriveID: "6b7efc370ea34ded8327fa20698dfe3a",
+		Name:         "example-hyperdrive",
+		Origin: HyperdriveConfigOrigin{
+			Database: "postgres",
+			Password: "password",
+			Host:     "database.example.com",
+			Port:     5432,
+			Scheme:   "postgres",
+			User:     "postgres",
+		},
+		Caching: HyperdriveConfigCaching{
+			Disabled:             BoolPtr(false),
+			MaxAge:               30,
+			StaleWhileRevalidate: 15,
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, testHyperdriveConfig(), result)
+	}
+}
diff --git a/pkg/cloudflare-go/images.go b/pkg/cloudflare-go/images.go
new file mode 100644
index 0000000000..35208ea80e
--- /dev/null
+++ b/pkg/cloudflare-go/images.go
@@ -0,0 +1,401 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrInvalidImagesAPIVersion = errors.New("invalid images API version")
+	ErrMissingImageID          = errors.New("required image ID missing")
+)
+
+type ImagesAPIVersion string
+
+const (
+	ImagesAPIVersionV1 ImagesAPIVersion = "v1"
+	ImagesAPIVersionV2 ImagesAPIVersion = "v2"
+)
+
+// Image represents a Cloudflare Image.
+type Image struct {
+	ID                string                 `json:"id"`
+	Filename          string                 `json:"filename"`
+	Meta              map[string]interface{} `json:"meta,omitempty"`
+	RequireSignedURLs bool                   `json:"requireSignedURLs"`
+	Variants          []string               `json:"variants"`
+	Uploaded          time.Time              `json:"uploaded"`
+}
+
+// UploadImageParams is the data required for an Image Upload request.
+type UploadImageParams struct {
+	File              io.ReadCloser
+	URL               string
+	Name              string
+	RequireSignedURLs bool
+	Metadata          map[string]interface{}
+}
+
+// write writes the image upload data to a multipart writer, so
+// it can be used in an HTTP request.
+func (b UploadImageParams) write(mpw *multipart.Writer) error {
+	if b.File == nil && b.URL == "" {
+		return errors.New("a file or url to upload must be specified")
+	}
+
+	if b.File != nil {
+		name := b.Name
+		part, err := mpw.CreateFormFile("file", name)
+		if err != nil {
+			return err
+		}
+		_, err = io.Copy(part, b.File)
+		if err != nil {
+			_ = b.File.Close()
+			return err
+		}
+		_ = b.File.Close()
+	}
+
+	if b.URL != "" {
+		err := mpw.WriteField("url", b.URL)
+		if err != nil {
+			return err
+		}
+	}
+
+	// According to the Cloudflare docs, this field defaults to false.
+	// For simplicity, we will only send it if the value is true, however
+	// if the default is changed to true, this logic will need to be updated.
+	if b.RequireSignedURLs {
+		err := mpw.WriteField("requireSignedURLs", "true")
+		if err != nil {
+			return err
+		}
+	}
+
+	if b.Metadata != nil {
+		part, err := mpw.CreateFormField("metadata")
+		if err != nil {
+			return err
+		}
+		err = json.NewEncoder(part).Encode(b.Metadata)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// UpdateImageParams is the data required for an UpdateImage request.
+type UpdateImageParams struct {
+	ID                string                 `json:"-"`
+	RequireSignedURLs bool                   `json:"requireSignedURLs"`
+	Metadata          map[string]interface{} `json:"metadata,omitempty"`
+}
+
+// CreateImageDirectUploadURLParams is the data required for a CreateImageDirectUploadURL request.
+type CreateImageDirectUploadURLParams struct {
+	Version           ImagesAPIVersion       `json:"-"`
+	Expiry            *time.Time             `json:"expiry,omitempty"`
+	Metadata          map[string]interface{} `json:"metadata,omitempty"`
+	RequireSignedURLs *bool                  `json:"requireSignedURLs,omitempty"`
+}
+
+// ImageDirectUploadURLResponse is the API response for a direct image upload url.
+type ImageDirectUploadURLResponse struct {
+	Result ImageDirectUploadURL `json:"result"`
+	Response
+}
+
+// ImageDirectUploadURL .
+type ImageDirectUploadURL struct {
+	ID        string `json:"id"`
+	UploadURL string `json:"uploadURL"`
+}
+
+// ImagesListResponse is the API response for listing all images.
+type ImagesListResponse struct {
+	Result struct {
+		Images []Image `json:"images"`
+	} `json:"result"`
+	Response
+}
+
+// ImageDetailsResponse is the API response for getting an image's details.
+type ImageDetailsResponse struct {
+	Result Image `json:"result"`
+	Response
+}
+
+// ImagesStatsResponse is the API response for image stats.
+type ImagesStatsResponse struct {
+	Result struct {
+		Count ImagesStatsCount `json:"count"`
+	} `json:"result"`
+	Response
+}
+
+// ImagesStatsCount is the stats attached to a ImagesStatsResponse.
+type ImagesStatsCount struct {
+	Current int64 `json:"current"`
+	Allowed int64 `json:"allowed"`
+}
+
+type ListImagesParams struct {
+	ResultInfo
+}
+
+// UploadImage uploads a single image.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-upload-an-image-using-a-single-http-request
+func (api *API) UploadImage(ctx context.Context, rc *ResourceContainer, params UploadImageParams) (Image, error) {
+	if rc.Level != AccountRouteLevel {
+		return Image{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if params.File != nil && params.URL != "" {
+		return Image{}, errors.New("file and url uploads are mutually exclusive and can only be performed individually")
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1", rc.Identifier)
+
+	body := &bytes.Buffer{}
+	w := multipart.NewWriter(body)
+	if err := params.write(w); err != nil {
+		_ = w.Close()
+		return Image{}, fmt.Errorf("error writing multipart body: %w", err)
+	}
+	_ = w.Close()
+
+	res, err := api.makeRequestContextWithHeaders(
+		ctx,
+		http.MethodPost,
+		uri,
+		body,
+		http.Header{
+			"Accept":       []string{"application/json"},
+			"Content-Type": []string{w.FormDataContentType()},
+		},
+	)
+	if err != nil {
+		return Image{}, err
+	}
+
+	var imageDetailsResponse ImageDetailsResponse
+	err = json.Unmarshal(res, &imageDetailsResponse)
+	if err != nil {
+		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imageDetailsResponse.Result, nil
+}
+
+// UpdateImage updates an existing image's metadata.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-update-image
+func (api *API) UpdateImage(ctx context.Context, rc *ResourceContainer, params UpdateImageParams) (Image, error) {
+	if rc.Level != AccountRouteLevel {
+		return Image{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, params.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return Image{}, err
+	}
+
+	var imageDetailsResponse ImageDetailsResponse
+	err = json.Unmarshal(res, &imageDetailsResponse)
+	if err != nil {
+		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imageDetailsResponse.Result, nil
+}
+
+var imagesMultipartBoundary = "----CloudflareImagesGoClientBoundary"
+
+// CreateImageDirectUploadURL creates an authenticated direct upload url.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-create-authenticated-direct-upload-url
+func (api *API) CreateImageDirectUploadURL(ctx context.Context, rc *ResourceContainer, params CreateImageDirectUploadURLParams) (ImageDirectUploadURL, error) {
+	if rc.Level != AccountRouteLevel {
+		return ImageDirectUploadURL{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if params.Version != "" && params.Version != ImagesAPIVersionV1 && params.Version != ImagesAPIVersionV2 {
+		return ImageDirectUploadURL{}, ErrInvalidImagesAPIVersion
+	}
+
+	var err error
+	var uri string
+	var res []byte
+	switch params.Version {
+	case ImagesAPIVersionV2:
+		uri = fmt.Sprintf("/%s/%s/images/%s/direct_upload", rc.Level, rc.Identifier, params.Version)
+		body := &bytes.Buffer{}
+		writer := multipart.NewWriter(body)
+		if err := writer.SetBoundary(imagesMultipartBoundary); err != nil {
+			return ImageDirectUploadURL{}, fmt.Errorf("error setting multipart boundary")
+		}
+
+		if *params.RequireSignedURLs {
+			if err = writer.WriteField("requireSignedURLs", "true"); err != nil {
+				return ImageDirectUploadURL{}, fmt.Errorf("error writing requireSignedURLs field: %w", err)
+			}
+		}
+		if !params.Expiry.IsZero() {
+			if err = writer.WriteField("expiry", params.Expiry.Format(time.RFC3339)); err != nil {
+				return ImageDirectUploadURL{}, fmt.Errorf("error writing expiry field: %w", err)
+			}
+		}
+		if params.Metadata != nil {
+			var metadataBytes []byte
+			if metadataBytes, err = json.Marshal(params.Metadata); err != nil {
+				return ImageDirectUploadURL{}, fmt.Errorf("error marshalling metadata to JSON: %w", err)
+			}
+			if err = writer.WriteField("metadata", string(metadataBytes)); err != nil {
+				return ImageDirectUploadURL{}, fmt.Errorf("error writing metadata field: %w", err)
+			}
+		}
+		if err = writer.Close(); err != nil {
+			return ImageDirectUploadURL{}, fmt.Errorf("error closing multipart writer: %w", err)
+		}
+
+		res, err = api.makeRequestContextWithHeaders(
+			ctx,
+			http.MethodPost,
+			uri,
+			body,
+			http.Header{
+				"Accept":       []string{"application/json"},
+				"Content-Type": []string{writer.FormDataContentType()},
+			},
+		)
+	case ImagesAPIVersionV1:
+	case "":
+		uri = fmt.Sprintf("/%s/%s/images/%s/direct_upload", rc.Level, rc.Identifier, ImagesAPIVersionV1)
+		res, err = api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	default:
+		return ImageDirectUploadURL{}, ErrInvalidImagesAPIVersion
+	}
+
+	if err != nil {
+		return ImageDirectUploadURL{}, err
+	}
+
+	var imageDirectUploadURLResponse ImageDirectUploadURLResponse
+	err = json.Unmarshal(res, &imageDirectUploadURLResponse)
+	if err != nil {
+		return ImageDirectUploadURL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imageDirectUploadURLResponse.Result, nil
+}
+
+// ListImages lists all images.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-list-images
+func (api *API) ListImages(ctx context.Context, rc *ResourceContainer, params ListImagesParams) ([]Image, error) {
+	uri := buildURI(fmt.Sprintf("/accounts/%s/images/v1", rc.Identifier), params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Image{}, err
+	}
+
+	var imagesListResponse ImagesListResponse
+	err = json.Unmarshal(res, &imagesListResponse)
+	if err != nil {
+		return []Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imagesListResponse.Result.Images, nil
+}
+
+// GetImage gets the details of an uploaded image.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-image-details
+func (api *API) GetImage(ctx context.Context, rc *ResourceContainer, id string) (Image, error) {
+	if rc.Level != AccountRouteLevel {
+		return Image{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, id)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Image{}, err
+	}
+
+	var imageDetailsResponse ImageDetailsResponse
+	err = json.Unmarshal(res, &imageDetailsResponse)
+	if err != nil {
+		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imageDetailsResponse.Result, nil
+}
+
+// GetBaseImage gets the base image used to derive variants.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-base-image
+func (api *API) GetBaseImage(ctx context.Context, rc *ResourceContainer, id string) ([]byte, error) {
+	if rc.Level != AccountRouteLevel {
+		return []byte{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1/%s/blob", rc.Identifier, id)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+// DeleteImage deletes an image.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-delete-image
+func (api *API) DeleteImage(ctx context.Context, rc *ResourceContainer, id string) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, id)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// GetImagesStats gets an account's statistics for Cloudflare Images.
+//
+// API Reference: https://api.cloudflare.com/#cloudflare-images-images-usage-statistics
+func (api *API) GetImagesStats(ctx context.Context, rc *ResourceContainer) (ImagesStatsCount, error) {
+	if rc.Level != AccountRouteLevel {
+		return ImagesStatsCount{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/images/v1/stats", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ImagesStatsCount{}, err
+	}
+
+	var imagesStatsResponse ImagesStatsResponse
+	err = json.Unmarshal(res, &imagesStatsResponse)
+	if err != nil {
+		return ImagesStatsCount{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return imagesStatsResponse.Result.Count, nil
+}
diff --git a/pkg/cloudflare-go/images_test.go b/pkg/cloudflare-go/images_test.go
new file mode 100644
index 0000000000..f986a3e689
--- /dev/null
+++ b/pkg/cloudflare-go/images_test.go
@@ -0,0 +1,539 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func timeMustParse(layout, value string) time.Time {
+	t, err := time.Parse(layout, value)
+	if err != nil {
+		panic(err)
+	}
+	return t
+}
+
+var expectedImageStruct = Image{
+	ID:       "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+	Filename: "avatar.png",
+	Meta: map[string]interface{}{
+		"meta": "metaID",
+	},
+	RequireSignedURLs: true,
+	Variants: []string{
+		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail",
+	},
+	Uploaded: timeMustParse(time.RFC3339, "2014-01-02T02:20:00Z"),
+}
+
+func TestUploadImage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		u, err := parseImageMultipartUpload(r)
+		if !assert.NoError(t, err) {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+		assert.Equal(t, u.RequireSignedURLs, true)
+		assert.Equal(t, u.Metadata, map[string]interface{}{"meta": "metaID"})
+		assert.Equal(t, u.File, []byte("this is definitely an image"))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"filename": "avatar.png",
+				"meta": {
+					"meta": "metaID"
+				},
+				"requireSignedURLs": true,
+				"variants": [
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
+				],
+				"uploaded": "2014-01-02T02:20:00Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
+	want := expectedImageStruct
+
+	actual, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
+		File: fakeFile{
+			Buffer: bytes.NewBufferString("this is definitely an image"),
+		},
+		Name:              "avatar.png",
+		RequireSignedURLs: true,
+		Metadata: map[string]interface{}{
+			"meta": "metaID",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUploadImageByUrl(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		u, err := parseImageMultipartUpload(r)
+		if !assert.NoError(t, err) {
+			w.WriteHeader(http.StatusBadRequest)
+			return
+		}
+		assert.Equal(t, u.RequireSignedURLs, true)
+		assert.Equal(t, u.Metadata, map[string]interface{}{"meta": "metaID"})
+		assert.Equal(t, u.Url, "https://www.images-elsewhere.com/avatar.png")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"filename": "avatar.png",
+				"meta": {
+					"meta": "metaID"
+				},
+				"requireSignedURLs": true,
+				"variants": [
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
+				],
+				"uploaded": "2014-01-02T02:20:00Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
+	want := expectedImageStruct
+
+	actual, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
+		URL:               "https://www.images-elsewhere.com/avatar.png",
+		RequireSignedURLs: true,
+		Metadata: map[string]interface{}{
+			"meta": "metaID",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateImage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := UpdateImageParams{
+		RequireSignedURLs: true,
+		Metadata: map[string]interface{}{
+			"meta": "metaID",
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v UpdateImageParams
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"filename": "avatar.png",
+				"meta": {
+					"meta": "metaID"
+				},
+				"requireSignedURLs": true,
+				"variants": [
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
+				],
+				"uploaded": "2014-01-02T02:20:00Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
+	want := expectedImageStruct
+
+	actual, err := client.UpdateImage(context.Background(), AccountIdentifier(testAccountID), UpdateImageParams{
+		ID:                "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+		RequireSignedURLs: true,
+		Metadata: map[string]interface{}{
+			"meta": "metaID",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateImageDirectUploadURL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expiry := time.Now().UTC().Add(30 * time.Minute)
+	input := CreateImageDirectUploadURLParams{
+		Expiry: &expiry,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		var v CreateImageDirectUploadURLParams
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"uploadURL": "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/direct_upload", handler)
+	want := ImageDirectUploadURL{
+		ID:        "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+		UploadURL: "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383",
+	}
+
+	actual, err := client.CreateImageDirectUploadURL(context.Background(), AccountIdentifier(testAccountID), input)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateImageConflictingTypes(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
+		URL: "https://example.com/foo.jpg",
+		File: fakeFile{
+			Buffer: bytes.NewBufferString("this is definitely an image"),
+		},
+	})
+
+	assert.Error(t, err)
+}
+
+func TestCreateImageDirectUploadURLV2(t *testing.T) {
+	setup()
+	defer teardown()
+
+	exp := time.Now().UTC().Add(30 * time.Minute)
+	metadata := map[string]interface{}{
+		"metaKey1": "metaValue1",
+		"metaKey2": "metaValue2",
+	}
+	requireSignedURLs := true
+	input := CreateImageDirectUploadURLParams{
+		Version:           ImagesAPIVersionV2,
+		Expiry:            &exp,
+		Metadata:          metadata,
+		RequireSignedURLs: &requireSignedURLs,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		require.Equal(t,
+			fmt.Sprintf("multipart/form-data; boundary=%s", imagesMultipartBoundary),
+			r.Header.Get("Content-Type"),
+		)
+		require.NoError(t, r.ParseMultipartForm(32<<20))
+		require.Equal(t, exp.Format(time.RFC3339), r.Form.Get("expiry"))
+		require.Equal(t, "true", r.Form.Get("requireSignedURLs"))
+		marshalledMetadata, err := json.Marshal(metadata)
+		require.NoError(t, err)
+		require.Equal(t, string(marshalledMetadata), r.Form.Get("metadata"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"uploadURL": "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v2/direct_upload", handler)
+	want := ImageDirectUploadURL{
+		ID:        "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+		UploadURL: "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383",
+	}
+
+	actual, err := client.CreateImageDirectUploadURL(context.Background(), AccountIdentifier(testAccountID), input)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListImages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"images": [
+					{
+						"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+						"filename": "avatar.png",
+						"meta": {
+							"meta": "metaID"
+						},
+						"requireSignedURLs": true,
+						"variants": [
+							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
+						],
+						"uploaded": "2014-01-02T02:20:00Z"
+					}
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
+	want := []Image{expectedImageStruct}
+
+	actual, err := client.ListImages(context.Background(), AccountIdentifier(testAccountID), ListImagesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestImageDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
+				"filename": "avatar.png",
+				"meta": {
+					"meta": "metaID"
+				},
+				"requireSignedURLs": true,
+				"variants": [
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
+					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
+				],
+				"uploaded": "2014-01-02T02:20:00Z"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
+	want := expectedImageStruct
+
+	actual, err := client.GetImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestBaseImage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "image/png")
+		_, _ = w.Write([]byte{})
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/blob", handler)
+	want := []byte{}
+
+	actual, err := client.GetBaseImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteImage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
+
+	err := client.DeleteImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
+	require.NoError(t, err)
+}
+
+type fakeFile struct {
+	*bytes.Buffer
+}
+
+func (f fakeFile) Close() error {
+	return nil
+}
+
+type imageMultipartUpload struct {
+	// this is for testing, never read an entire file into memory,
+	// especially when being done on a per-http request basis.
+	File              []byte
+	Url               string
+	RequireSignedURLs bool
+	Metadata          map[string]interface{}
+}
+
+func parseImageMultipartUpload(r *http.Request) (imageMultipartUpload, error) {
+	var u imageMultipartUpload
+	mdBytes, err := getImageFormValue(r, "metadata")
+	if err != nil {
+		if !strings.HasPrefix(err.Error(), "no value found for key") {
+			return u, err
+		}
+	}
+	if mdBytes != nil {
+		err = json.Unmarshal(mdBytes, &u.Metadata)
+		if err != nil {
+			return u, err
+		}
+	}
+
+	rsuBytes, err := getImageFormValue(r, "requireSignedURLs")
+	if err != nil {
+		if !strings.HasPrefix(err.Error(), "no value found for key") {
+			return u, err
+		}
+	}
+	if rsuBytes != nil {
+		if bytes.Equal(rsuBytes, []byte("true")) {
+			u.RequireSignedURLs = true
+		}
+	}
+
+	if _, ok := r.MultipartForm.Value["url"]; ok {
+		urlBytes, err := getImageFormValue(r, "url")
+		if err != nil {
+			if !strings.HasPrefix(err.Error(), "no value found for key") {
+				return u, err
+			}
+		}
+		if urlBytes != nil {
+			u.Url = string(urlBytes)
+		}
+	} else {
+		f, _, err := r.FormFile("file")
+		if err != nil {
+			return u, err
+		}
+		defer f.Close()
+
+		u.File, err = io.ReadAll(f)
+		if err != nil {
+			return u, err
+		}
+	}
+
+	return u, nil
+}
+
+// See getFormValue for more information, the only difference between
+// getFormValue and this one is the max memory.
+func getImageFormValue(r *http.Request, key string) ([]byte, error) {
+	err := r.ParseMultipartForm(10 * 1024 * 1024)
+	if err != nil {
+		return nil, err
+	}
+
+	if values, ok := r.MultipartForm.Value[key]; ok {
+		return []byte(values[0]), nil
+	}
+
+	if fileHeaders, ok := r.MultipartForm.File[key]; ok {
+		file, err := fileHeaders[0].Open()
+		if err != nil {
+			return nil, err
+		}
+		return io.ReadAll(file)
+	}
+
+	return nil, fmt.Errorf("no value found for key %v", key)
+}
diff --git a/pkg/cloudflare-go/images_variants.go b/pkg/cloudflare-go/images_variants.go
new file mode 100644
index 0000000000..2949551166
--- /dev/null
+++ b/pkg/cloudflare-go/images_variants.go
@@ -0,0 +1,163 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type ImagesVariant struct {
+	ID                     string                `json:"id,omitempty"`
+	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
+	Options                ImagesVariantsOptions `json:"options,omitempty"`
+}
+
+type ImagesVariantsOptions struct {
+	Fit      string `json:"fit,omitempty"`
+	Height   int    `json:"height,omitempty"`
+	Metadata string `json:"metadata,omitempty"`
+	Width    int    `json:"width,omitempty"`
+}
+
+type ListImageVariantsParams struct{}
+
+type ListImagesVariantsResponse struct {
+	Result ListImageVariantsResult `json:"result,omitempty"`
+	Response
+}
+
+type ListImageVariantsResult struct {
+	ImagesVariants map[string]ImagesVariant `json:"variants,omitempty"`
+}
+
+type CreateImagesVariantParams struct {
+	ID                     string                `json:"id,omitempty"`
+	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
+	Options                ImagesVariantsOptions `json:"options,omitempty"`
+}
+
+type UpdateImagesVariantParams struct {
+	ID                     string                `json:"-"`
+	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
+	Options                ImagesVariantsOptions `json:"options,omitempty"`
+}
+
+type ImagesVariantResult struct {
+	Variant ImagesVariant `json:"variant,omitempty"`
+}
+
+type ImagesVariantResponse struct {
+	Result ImagesVariantResult `json:"result,omitempty"`
+	Response
+}
+
+// Lists existing variants.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-list-variants
+func (api *API) ListImagesVariants(ctx context.Context, rc *ResourceContainer, params ListImageVariantsParams) (ListImageVariantsResult, error) {
+	if rc.Identifier == "" {
+		return ListImageVariantsResult{}, ErrMissingAccountID
+	}
+
+	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return ListImageVariantsResult{}, err
+	}
+
+	var listImageVariantsResponse ListImagesVariantsResponse
+	err = json.Unmarshal(res, &listImageVariantsResponse)
+	if err != nil {
+		return ListImageVariantsResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return listImageVariantsResponse.Result, nil
+}
+
+// Fetch details for a single variant.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
+func (api *API) GetImagesVariant(ctx context.Context, rc *ResourceContainer, variantID string) (ImagesVariant, error) {
+	if rc.Identifier == "" {
+		return ImagesVariant{}, ErrMissingAccountID
+	}
+
+	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, variantID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return ImagesVariant{}, err
+	}
+
+	var imagesVariantDetailResponse ImagesVariantResponse
+	err = json.Unmarshal(res, &imagesVariantDetailResponse)
+	if err != nil {
+		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return imagesVariantDetailResponse.Result.Variant, nil
+}
+
+// Specify variants that allow you to resize images for different use cases.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-create-a-variant
+func (api *API) CreateImagesVariant(ctx context.Context, rc *ResourceContainer, params CreateImagesVariantParams) (ImagesVariant, error) {
+	if rc.Identifier == "" {
+		return ImagesVariant{}, ErrMissingAccountID
+	}
+
+	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, params)
+	if err != nil {
+		return ImagesVariant{}, err
+	}
+
+	var createImagesVariantResponse ImagesVariantResponse
+	err = json.Unmarshal(res, &createImagesVariantResponse)
+	if err != nil {
+		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return createImagesVariantResponse.Result.Variant, nil
+}
+
+// Deleting a variant purges the cache for all images associated with the variant.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
+func (api *API) DeleteImagesVariant(ctx context.Context, rc *ResourceContainer, variantID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, variantID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
+
+// Updating a variant purges the cache for all images associated with the variant.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
+func (api *API) UpdateImagesVariant(ctx context.Context, rc *ResourceContainer, params UpdateImagesVariantParams) (ImagesVariant, error) {
+	if rc.Identifier == "" {
+		return ImagesVariant{}, ErrMissingAccountID
+	}
+
+	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, baseURL, params)
+	if err != nil {
+		return ImagesVariant{}, err
+	}
+
+	var imagesVariantDetailResponse ImagesVariantResponse
+	err = json.Unmarshal(res, &imagesVariantDetailResponse)
+	if err != nil {
+		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return imagesVariantDetailResponse.Result.Variant, nil
+}
diff --git a/pkg/cloudflare-go/images_variants_test.go b/pkg/cloudflare-go/images_variants_test.go
new file mode 100644
index 0000000000..994eaad2c7
--- /dev/null
+++ b/pkg/cloudflare-go/images_variants_test.go
@@ -0,0 +1,195 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testImagesVariantID = "hero"
+)
+
+func TestImageVariants_List(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprint(w, loadFixture("images_variants", "single_list"))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/variants", handler)
+
+	want := ListImageVariantsResult{
+		ImagesVariants: map[string]ImagesVariant{
+			"hero": {
+				ID:                     "hero",
+				NeverRequireSignedURLs: BoolPtr(true),
+				Options: ImagesVariantsOptions{
+					Fit:      "scale-down",
+					Height:   768,
+					Width:    1366,
+					Metadata: "none",
+				},
+			},
+		},
+	}
+
+	got, err := client.ListImagesVariants(context.Background(), AccountIdentifier(testAccountID), ListImageVariantsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestImageVariants_Delete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method '%s', got %s", http.MethodDelete, r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {}
+		}`)
+	}
+
+	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
+	mux.HandleFunc(url, handler)
+
+	err := client.DeleteImagesVariant(context.Background(), AccountIdentifier(testAccountID), testImagesVariantID)
+	assert.NoError(t, err)
+}
+
+func TestImagesVariants_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method '%s', got %s", http.MethodGet, r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
+	}
+
+	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
+	mux.HandleFunc(url, handler)
+
+	want := ImagesVariant{
+		ID:                     "hero",
+		NeverRequireSignedURLs: BoolPtr(true),
+		Options: ImagesVariantsOptions{
+			Fit:      "scale-down",
+			Height:   768,
+			Width:    1366,
+			Metadata: "none",
+		},
+	}
+
+	got, err := client.GetImagesVariant(context.Background(), AccountIdentifier(testAccountID), testImagesVariantID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestImagesVariants_Create(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method '%s', got %s", http.MethodPost, r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
+	}
+
+	url := fmt.Sprintf("/accounts/%s/images/v1/variants", testAccountID)
+	mux.HandleFunc(url, handler)
+
+	want := ImagesVariant{
+		ID:                     "hero",
+		NeverRequireSignedURLs: BoolPtr(true),
+		Options: ImagesVariantsOptions{
+			Fit:      "scale-down",
+			Height:   768,
+			Width:    1366,
+			Metadata: "none",
+		},
+	}
+
+	got, err := client.CreateImagesVariant(context.Background(), AccountIdentifier(testAccountID), CreateImagesVariantParams{
+		ID:                     testImagesVariantID,
+		NeverRequireSignedURLs: BoolPtr(true),
+		Options: ImagesVariantsOptions{
+			Fit:      "scale-down",
+			Height:   768,
+			Width:    1366,
+			Metadata: "none",
+		},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestImagesVariants_Update(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method '%s', got %s", http.MethodPatch, r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
+	}
+
+	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
+	mux.HandleFunc(url, handler)
+
+	want := ImagesVariant{
+		ID:                     "hero",
+		NeverRequireSignedURLs: BoolPtr(true),
+		Options: ImagesVariantsOptions{
+			Fit:      "scale-down",
+			Height:   768,
+			Width:    1366,
+			Metadata: "none",
+		},
+	}
+
+	got, err := client.UpdateImagesVariant(context.Background(), AccountIdentifier(testAccountID), UpdateImagesVariantParams{
+		ID:                     "hero",
+		NeverRequireSignedURLs: BoolPtr(true),
+		Options: ImagesVariantsOptions{
+			Fit:      "scale-down",
+			Height:   768,
+			Width:    1366,
+			Metadata: "none",
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestImageVariants_MissingAccountId(t *testing.T) {
+	_, err := client.ListImagesVariants(context.Background(), AccountIdentifier(""), ListImageVariantsParams{})
+	assert.Equal(t, ErrMissingAccountID, err)
+
+	_, err = client.GetImagesVariant(context.Background(), AccountIdentifier(""), testImagesVariantID)
+	assert.Equal(t, ErrMissingAccountID, err)
+
+	_, err = client.CreateImagesVariant(context.Background(), AccountIdentifier(""), CreateImagesVariantParams{})
+	assert.Equal(t, ErrMissingAccountID, err)
+
+	err = client.DeleteImagesVariant(context.Background(), AccountIdentifier(""), testImagesVariantID)
+	assert.Equal(t, ErrMissingAccountID, err)
+
+	_, err = client.UpdateImagesVariant(context.Background(), AccountIdentifier(""), UpdateImagesVariantParams{})
+	assert.Equal(t, ErrMissingAccountID, err)
+}
diff --git a/pkg/cloudflare-go/intelligence_asn.go b/pkg/cloudflare-go/intelligence_asn.go
new file mode 100644
index 0000000000..f66cdff682
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_asn.go
@@ -0,0 +1,101 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// ErrMissingASN is for when ASN is required but not set.
+var ErrMissingASN = errors.New("required asn missing")
+
+// ASNInfo represents ASN information.
+type ASNInfo struct {
+	ASN         int      `json:"asn"`
+	Description string   `json:"description"`
+	Country     string   `json:"country"`
+	Type        string   `json:"type"`
+	DomainCount int      `json:"domain_count"`
+	TopDomains  []string `json:"top_domains"`
+}
+
+// IntelligenceASNOverviewParameters represents parameters for an ASN request.
+type IntelligenceASNOverviewParameters struct {
+	AccountID string
+	ASN       int
+}
+
+// IntelligenceASNResponse represents an API response for ASN info.
+type IntelligenceASNResponse struct {
+	Response
+	Result []ASNInfo `json:"result,omitempty"`
+}
+
+// IntelligenceASNSubnetsParameters represents parameters for an ASN subnet request.
+type IntelligenceASNSubnetsParameters struct {
+	AccountID string
+	ASN       int
+}
+
+// IntelligenceASNSubnetResponse represents an ASN subnet API response.
+type IntelligenceASNSubnetResponse struct {
+	ASN          int      `json:"asn,omitempty"`
+	IPCountTotal int      `json:"ip_count_total,omitempty"`
+	Subnets      []string `json:"subnets,omitempty"`
+	Count        int      `json:"count,omitempty"`
+	Page         int      `json:"page,omitempty"`
+	PerPage      int      `json:"per_page,omitempty"`
+}
+
+// IntelligenceASNOverview get overview for an ASN number
+//
+// API Reference: https://api.cloudflare.com/#asn-intelligence-get-asn-overview
+func (api *API) IntelligenceASNOverview(ctx context.Context, params IntelligenceASNOverviewParameters) ([]ASNInfo, error) {
+	if params.AccountID == "" {
+		return []ASNInfo{}, ErrMissingAccountID
+	}
+
+	if params.ASN == 0 {
+		return []ASNInfo{}, ErrMissingASN
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/intel/asn/%d", params.AccountID, params.ASN)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []ASNInfo{}, err
+	}
+
+	var asnInfoResponse IntelligenceASNResponse
+	if err := json.Unmarshal(res, &asnInfoResponse); err != nil {
+		return []ASNInfo{}, err
+	}
+	return asnInfoResponse.Result, nil
+}
+
+// IntelligenceASNSubnets gets all subnets of an ASN
+//
+// API Reference: https://api.cloudflare.com/#asn-intelligence-get-asn-subnets
+func (api *API) IntelligenceASNSubnets(ctx context.Context, params IntelligenceASNSubnetsParameters) (IntelligenceASNSubnetResponse, error) {
+	if params.AccountID == "" {
+		return IntelligenceASNSubnetResponse{}, ErrMissingAccountID
+	}
+
+	if params.ASN == 0 {
+		return IntelligenceASNSubnetResponse{}, ErrMissingASN
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/intel/asn/%d/subnets", params.AccountID, params.ASN)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IntelligenceASNSubnetResponse{}, err
+	}
+
+	var intelligenceASNSubnetResponse IntelligenceASNSubnetResponse
+	if err := json.Unmarshal(res, &intelligenceASNSubnetResponse); err != nil {
+		return IntelligenceASNSubnetResponse{}, err
+	}
+	return intelligenceASNSubnetResponse, nil
+}
diff --git a/pkg/cloudflare-go/intelligence_asn_test.go b/pkg/cloudflare-go/intelligence_asn_test.go
new file mode 100644
index 0000000000..f66fffbe8d
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_asn_test.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testASNNumber = "13335"
+
+func TestIntelligence_ASNOverview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/asn/"+testASNNumber, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "asn": 13335,
+      "description": "CLOUDFLARENET",
+      "country": "US",
+      "type": "hosting_provider",
+      "domain_count": 1,
+      "top_domains": [
+        "example.com"
+      ]
+    }
+  ]
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	// Make sure missing ASN is thrown
+	_, err = client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingASN, err)
+	}
+	want := ASNInfo{
+		ASN:         13335,
+		Description: "CLOUDFLARENET",
+		Country:     "US",
+		Type:        "hosting_provider",
+		DomainCount: 1,
+		TopDomains:  []string{"example.com"},
+	}
+
+	out, err := client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{AccountID: testAccountID, ASN: 13335})
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(out), 1, "Length of ASN overview not expected")
+		assert.Equal(t, out[0], want, "structs not equal")
+	}
+}
+
+func TestIntelligence_ASNSubnet(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/asn/"+testASNNumber+"/subnets", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "asn": 13335,
+  "ip_count_total": 1,
+  "subnets": [
+    "192.0.2.0/24",
+    "2001:DB8::/32"
+  ],
+  "count": 1,
+  "page": 1,
+  "per_page": 20
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing ASN is thrown
+	_, err = client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingASN, err)
+	}
+
+	want := IntelligenceASNSubnetResponse{
+		ASN:          13335,
+		IPCountTotal: 1,
+		Subnets:      []string{"192.0.2.0/24", "2001:DB8::/32"},
+		Count:        1,
+		Page:         1,
+		PerPage:      20,
+	}
+
+	out, err := client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{AccountID: testAccountID, ASN: 13335})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/intelligence_domain.go b/pkg/cloudflare-go/intelligence_domain.go
new file mode 100644
index 0000000000..b12b2c8ee9
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_domain.go
@@ -0,0 +1,177 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// ErrMissingDomain is for when domain is needed but not given.
+var ErrMissingDomain = errors.New("required domain missing")
+
+// DomainDetails represents details for a domain.
+type DomainDetails struct {
+	Domain                string                `json:"domain"`
+	ResolvesToRefs        []ResolvesToRefs      `json:"resolves_to_refs"`
+	PopularityRank        int                   `json:"popularity_rank"`
+	Application           Application           `json:"application"`
+	RiskTypes             []interface{}         `json:"risk_types"`
+	ContentCategories     []ContentCategories   `json:"content_categories"`
+	AdditionalInformation AdditionalInformation `json:"additional_information"`
+}
+
+// ResolvesToRefs what a domain resolves to.
+type ResolvesToRefs struct {
+	ID    string `json:"id"`
+	Value string `json:"value"`
+}
+
+type Application struct {
+	ID   int    `json:"id"`
+	Name string `json:"name"`
+}
+
+// ContentCategories represents the categories for a domain.
+type ContentCategories struct {
+	ID              int    `json:"id"`
+	SuperCategoryID int    `json:"super_category_id"`
+	Name            string `json:"name"`
+}
+
+// AdditionalInformation represents any additional information for a domain.
+type AdditionalInformation struct {
+	SuspectedMalwareFamily string `json:"suspected_malware_family"`
+}
+
+// DomainHistory represents the history for a domain.
+type DomainHistory struct {
+	Domain          string            `json:"domain"`
+	Categorizations []Categorizations `json:"categorizations"`
+}
+
+// Categories represents categories for a domain.
+type Categories struct {
+	ID   int    `json:"id"`
+	Name string `json:"name"`
+}
+
+// Categorizations represents the categories and when those categories were set.
+type Categorizations struct {
+	Categories []Categories `json:"categories"`
+	Start      string       `json:"start"`
+	End        string       `json:"end"`
+}
+
+// GetDomainDetailsParameters represent the parameters for a domain details request.
+type GetDomainDetailsParameters struct {
+	AccountID string `url:"-"`
+	Domain    string `url:"domain,omitempty"`
+}
+
+// DomainDetailsResponse represents an API response for domain details.
+type DomainDetailsResponse struct {
+	Response
+	Result DomainDetails `json:"result,omitempty"`
+}
+
+// GetBulkDomainDetailsParameters represents the parameters for bulk domain details request.
+type GetBulkDomainDetailsParameters struct {
+	AccountID string   `url:"-"`
+	Domains   []string `url:"domain"`
+}
+
+// GetBulkDomainDetailsResponse represents an API response for bulk domain details.
+type GetBulkDomainDetailsResponse struct {
+	Response
+	Result []DomainDetails `json:"result,omitempty"`
+}
+
+// GetDomainHistoryParameters represents the parameters for domain history request.
+type GetDomainHistoryParameters struct {
+	AccountID string `url:"-"`
+	Domain    string `url:"domain,omitempty"`
+}
+
+// GetDomainHistoryResponse represents an API response for domain history.
+type GetDomainHistoryResponse struct {
+	Response
+	Result []DomainHistory `json:"result,omitempty"`
+}
+
+// IntelligenceDomainDetails gets domain information.
+//
+// API Reference: https://api.cloudflare.com/#domain-intelligence-get-domain-details
+func (api *API) IntelligenceDomainDetails(ctx context.Context, params GetDomainDetailsParameters) (DomainDetails, error) {
+	if params.AccountID == "" {
+		return DomainDetails{}, ErrMissingAccountID
+	}
+
+	if params.Domain == "" {
+		return DomainDetails{}, ErrMissingDomain
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return DomainDetails{}, err
+	}
+
+	var domainDetails DomainDetailsResponse
+	if err := json.Unmarshal(res, &domainDetails); err != nil {
+		return DomainDetails{}, err
+	}
+	return domainDetails.Result, nil
+}
+
+// IntelligenceBulkDomainDetails gets domain information for a list of domains.
+//
+// API Reference: https://api.cloudflare.com/#domain-intelligence-get-multiple-domain-details
+func (api *API) IntelligenceBulkDomainDetails(ctx context.Context, params GetBulkDomainDetailsParameters) ([]DomainDetails, error) {
+	if params.AccountID == "" {
+		return []DomainDetails{}, ErrMissingAccountID
+	}
+
+	if len(params.Domains) == 0 {
+		return []DomainDetails{}, ErrMissingDomain
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain/bulk", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DomainDetails{}, err
+	}
+
+	var domainDetails GetBulkDomainDetailsResponse
+	if err := json.Unmarshal(res, &domainDetails); err != nil {
+		return []DomainDetails{}, err
+	}
+	return domainDetails.Result, nil
+}
+
+// IntelligenceDomainHistory get domain history for given domain
+//
+// API Reference: https://api.cloudflare.com/#domain-history-get-domain-history
+func (api *API) IntelligenceDomainHistory(ctx context.Context, params GetDomainHistoryParameters) ([]DomainHistory, error) {
+	if params.AccountID == "" {
+		return []DomainHistory{}, ErrMissingAccountID
+	}
+
+	if params.Domain == "" {
+		return []DomainHistory{}, ErrMissingDomain
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain-history", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []DomainHistory{}, err
+	}
+
+	var domainDetails GetDomainHistoryResponse
+	if err := json.Unmarshal(res, &domainDetails); err != nil {
+		return []DomainHistory{}, err
+	}
+	return domainDetails.Result, nil
+}
diff --git a/pkg/cloudflare-go/intelligence_domain_test.go b/pkg/cloudflare-go/intelligence_domain_test.go
new file mode 100644
index 0000000000..185502bdb5
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_domain_test.go
@@ -0,0 +1,227 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntelligence_DomainDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "domain": "cloudflare.com",
+    "resolves_to_refs": [
+      {
+        "id": "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537",
+        "value": "192.0.2.0"
+      }
+    ],
+    "popularity_rank": 18,
+    "application": {
+      "id": 1370,
+      "name": "CLOUDFLARE"
+    },
+    "risk_types": [],
+    "content_categories": [
+      {
+        "id": 155,
+        "super_category_id": 26,
+        "name": "Technology"
+      }
+    ],
+    "additional_information": {
+      "suspected_malware_family": ""
+    }
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	// Make sure missing domain is thrown
+	_, err = client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+	want := DomainDetails{
+		Domain: "cloudflare.com",
+		ResolvesToRefs: []ResolvesToRefs{
+			{
+				ID:    "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537",
+				Value: "192.0.2.0",
+			},
+		},
+		PopularityRank: 18,
+		Application: Application{
+			ID:   1370,
+			Name: "CLOUDFLARE",
+		},
+		RiskTypes: []interface{}{},
+		ContentCategories: []ContentCategories{
+			{
+				ID:              155,
+				SuperCategoryID: 26,
+				Name:            "Technology",
+			},
+		},
+		AdditionalInformation: AdditionalInformation{
+			SuspectedMalwareFamily: "",
+		},
+	}
+
+	out, err := client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
+
+func TestIntelligence_BulkDomainDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain/bulk", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "domain": "cloudflare.com",
+      "popularity_rank": 18,
+      "application": {
+        "id": 1370,
+        "name": "CLOUDFLARE"
+      },
+      "risk_types": [],
+      "content_categories": [
+        {
+          "id": 155,
+          "super_category_id": 26,
+          "name": "Technology"
+        }
+      ],
+      "additional_information": {
+        "suspected_malware_family": ""
+      }
+    }
+  ]
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	// Make sure missing domain is thrown
+	_, err = client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+	want := DomainDetails{
+		Domain:         "cloudflare.com",
+		PopularityRank: 18,
+		Application: Application{
+			ID:   1370,
+			Name: "CLOUDFLARE",
+		},
+		RiskTypes: []interface{}{},
+		ContentCategories: []ContentCategories{
+			{
+				ID:              155,
+				SuperCategoryID: 26,
+				Name:            "Technology",
+			},
+		},
+		AdditionalInformation: AdditionalInformation{
+			SuspectedMalwareFamily: "",
+		},
+	}
+
+	out, err := client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{AccountID: testAccountID, Domains: []string{"cloudflare.com"}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(out), 1, "Length of ASN overview not expected")
+		assert.Equal(t, out[0], want, "structs not equal")
+	}
+}
+
+func TestIntelligence_DomainHistory(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain-history", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "domain": "cloudflare.com",
+      "categorizations": [
+        {
+          "categories": [
+            {
+              "id": 155,
+              "name": "Technology"
+            }
+          ],
+          "start": "2021-04-01",
+          "end": "2021-04-30"
+        }
+      ]
+    }
+  ]
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	// Make sure missing domain is thrown
+	_, err = client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+	want := DomainHistory{
+		Domain: "cloudflare.com",
+		Categorizations: []Categorizations{
+			{
+				Categories: []Categories{
+					{
+						ID:   155,
+						Name: "Technology",
+					},
+				},
+				Start: "2021-04-01",
+				End:   "2021-04-30",
+			},
+		},
+	}
+
+	out, err := client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(out), 1, "Length of Domain History not expected")
+		assert.Equal(t, out[0], want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/intelligence_ip.go b/pkg/cloudflare-go/intelligence_ip.go
new file mode 100644
index 0000000000..47c74b30e5
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_ip.go
@@ -0,0 +1,156 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// IPIntelligence represents IP intelligence information.
+type IPIntelligence struct {
+	IP           string       `json:"ip"`
+	BelongsToRef BelongsToRef `json:"belongs_to_ref"`
+	RiskTypes    []RiskTypes  `json:"risk_types"`
+}
+
+// BelongsToRef represents information about who owns an IP address.
+type BelongsToRef struct {
+	ID          string `json:"id"`
+	Value       int    `json:"value"`
+	Type        string `json:"type"`
+	Country     string `json:"country"`
+	Description string `json:"description"`
+}
+
+// RiskTypes represent risk types for an IP.
+type RiskTypes struct {
+	ID              int    `json:"id"`
+	SuperCategoryID int    `json:"super_category_id"`
+	Name            string `json:"name"`
+}
+
+// IPPassiveDNS represent DNS response.
+type IPPassiveDNS struct {
+	ReverseRecords []ReverseRecords `json:"reverse_records,omitempty"`
+	Count          int              `json:"count,omitempty"`
+	Page           int              `json:"page,omitempty"`
+	PerPage        int              `json:"per_page,omitempty"`
+}
+
+// ReverseRecords represent records for passive DNS.
+type ReverseRecords struct {
+	FirstSeen string `json:"first_seen,omitempty"`
+	LastSeen  string `json:"last_seen,omitempty"`
+	Hostname  string `json:"hostname,omitempty"`
+}
+
+// IPIntelligenceParameters represents parameters for an IP Intelligence request.
+type IPIntelligenceParameters struct {
+	AccountID string `url:"-"`
+	IPv4      string `url:"ipv4,omitempty"`
+	IPv6      string `url:"ipv6,omitempty"`
+}
+
+// IPIntelligenceResponse represents an IP Intelligence API response.
+type IPIntelligenceResponse struct {
+	Response
+	Result []IPIntelligence `json:"result,omitempty"`
+}
+
+// IPIntelligenceListParameters represents the parameters for an IP list request.
+type IPIntelligenceListParameters struct {
+	AccountID string
+}
+
+// IPIntelligenceItem represents an item in an IP list.
+type IPIntelligenceItem struct {
+	ID   int    `json:"id,omitempty"`
+	Name string `json:"name,omitempty"`
+}
+
+// IPIntelligenceListResponse represents the response for an IP list API response.
+type IPIntelligenceListResponse struct {
+	Response
+	Result []IPIntelligenceItem `json:"result,omitempty"`
+}
+
+// IPIntelligencePassiveDNSParameters represents the parameters for a passive DNS request.
+type IPIntelligencePassiveDNSParameters struct {
+	AccountID string `url:"-"`
+	IPv4      string `url:"ipv4,omitempty"`
+	Start     string `url:"start,omitempty"`
+	End       string `url:"end,omitempty"`
+	Page      int    `url:"page,omitempty"`
+	PerPage   int    `url:"per_page,omitempty"`
+}
+
+// IPIntelligencePassiveDNSResponse represents a passive API response.
+type IPIntelligencePassiveDNSResponse struct {
+	Response
+	Result IPPassiveDNS `json:"result,omitempty"`
+}
+
+// IntelligenceGetIPOverview gets information about ipv4 or ipv6 address.
+//
+// API Reference: https://api.cloudflare.com/#ip-intelligence-get-ip-overview
+func (api *API) IntelligenceGetIPOverview(ctx context.Context, params IPIntelligenceParameters) ([]IPIntelligence, error) {
+	if params.AccountID == "" {
+		return []IPIntelligence{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/ip", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []IPIntelligence{}, err
+	}
+
+	var ipDetails IPIntelligenceResponse
+	if err := json.Unmarshal(res, &ipDetails); err != nil {
+		return []IPIntelligence{}, err
+	}
+	return ipDetails.Result, nil
+}
+
+// IntelligenceGetIPList gets intelligence ip-lists.
+//
+// API Reference: https://api.cloudflare.com/#ip-list-get-ip-lists
+func (api *API) IntelligenceGetIPList(ctx context.Context, params IPIntelligenceListParameters) ([]IPIntelligenceItem, error) {
+	if params.AccountID == "" {
+		return []IPIntelligenceItem{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/intel/ip-list", params.AccountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []IPIntelligenceItem{}, err
+	}
+
+	var ipListItem IPIntelligenceListResponse
+	if err := json.Unmarshal(res, &ipListItem); err != nil {
+		return []IPIntelligenceItem{}, err
+	}
+	return ipListItem.Result, nil
+}
+
+// IntelligencePassiveDNS gets a history of DNS for an ip.
+//
+// API Reference: https://api.cloudflare.com/#passive-dns-by-ip-get-passive-dns-by-ip
+func (api *API) IntelligencePassiveDNS(ctx context.Context, params IPIntelligencePassiveDNSParameters) (IPPassiveDNS, error) {
+	if params.AccountID == "" {
+		return IPPassiveDNS{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/dns", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IPPassiveDNS{}, err
+	}
+
+	var passiveDNS IPIntelligencePassiveDNSResponse
+	if err := json.Unmarshal(res, &passiveDNS); err != nil {
+		return IPPassiveDNS{}, err
+	}
+	return passiveDNS.Result, nil
+}
diff --git a/pkg/cloudflare-go/intelligence_ip_test.go b/pkg/cloudflare-go/intelligence_ip_test.go
new file mode 100644
index 0000000000..b8389fec53
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_ip_test.go
@@ -0,0 +1,163 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntelligence_GetIPOverview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/ip", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "ip": "192.0.2.0",
+      "belongs_to_ref": {
+        "id": "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8",
+        "value": 13335,
+        "type": "hosting_provider",
+        "country": "US",
+        "description": "CLOUDFLARENET"
+      },
+      "risk_types": [
+        {
+          "id": 131,
+          "super_category_id": 21,
+          "name": "Phishing"
+        }
+      ]
+    }
+  ]
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceGetIPOverview(context.Background(), IPIntelligenceParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := IPIntelligence{
+		IP: "192.0.2.0",
+		BelongsToRef: BelongsToRef{
+			ID:          "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8",
+			Value:       13335,
+			Type:        "hosting_provider",
+			Country:     "US",
+			Description: "CLOUDFLARENET",
+		},
+		RiskTypes: []RiskTypes{
+			{
+				ID:              131,
+				SuperCategoryID: 21,
+				Name:            "Phishing",
+			},
+		},
+	}
+
+	out, err := client.IntelligenceGetIPOverview(context.Background(), IPIntelligenceParameters{AccountID: testAccountID, IPv4: "192.0.2.0", IPv6: "2001:0DB8::"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(out), 1, "IP overview length mismatch")
+		assert.Equal(t, out[0], want, "structs not equal")
+	}
+}
+
+func TestIntelligence_GetIPLists(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/ip-list", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": 3,
+      "name": "Malware"
+    }
+]
+}
+  `)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceGetIPList(context.Background(), IPIntelligenceListParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := []IPIntelligenceItem{
+		{
+			ID:   3,
+			Name: "Malware",
+		},
+	}
+
+	out, err := client.IntelligenceGetIPList(context.Background(), IPIntelligenceListParameters{AccountID: testAccountID})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
+
+func TestIntelligence_PassiveDNS(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/dns", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "reverse_records": [
+      {
+        "first_seen": "2021-04-01",
+        "last_seen": "2021-04-30",
+        "hostname": "cloudflare.com"
+      }
+    ],
+    "count": 1,
+    "page": 1,
+    "per_page": 20
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligencePassiveDNS(context.Background(), IPIntelligencePassiveDNSParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := IPPassiveDNS{
+		Count:   1,
+		Page:    1,
+		PerPage: 20,
+		ReverseRecords: []ReverseRecords{{
+			FirstSeen: "2021-04-01",
+			LastSeen:  "2021-04-30",
+			Hostname:  "cloudflare.com",
+		}},
+	}
+
+	out, err := client.IntelligencePassiveDNS(context.Background(), IPIntelligencePassiveDNSParameters{AccountID: testAccountID})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/intelligence_phishing.go b/pkg/cloudflare-go/intelligence_phishing.go
new file mode 100644
index 0000000000..ceb3f497ee
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_phishing.go
@@ -0,0 +1,52 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// PhishingScan represent information about a phishing scan.
+type PhishingScan struct {
+	URL        string  `json:"url"`
+	Phishing   bool    `json:"phishing"`
+	Verified   bool    `json:"verified"`
+	Score      float64 `json:"score"`
+	Classifier string  `json:"classifier"`
+}
+
+// PhishingScanParameters represent parameters for a phishing scan request.
+type PhishingScanParameters struct {
+	AccountID string `url:"-"`
+	URL       string `url:"url,omitempty"`
+	Skip      bool   `url:"skip,omitempty"`
+}
+
+// PhishingScanResponse represent an API response for a phishing scan.
+type PhishingScanResponse struct {
+	Response
+	Result PhishingScan `json:"result,omitempty"`
+}
+
+// IntelligencePhishingScan scans a URL for suspected phishing
+//
+// API Reference: https://api.cloudflare.com/#phishing-url-scanner-scan-suspicious-url
+func (api *API) IntelligencePhishingScan(ctx context.Context, params PhishingScanParameters) (PhishingScan, error) {
+	if params.AccountID == "" {
+		return PhishingScan{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel-phishing/predict", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PhishingScan{}, err
+	}
+
+	var phishingScanResponse PhishingScanResponse
+	if err := json.Unmarshal(res, &phishingScanResponse); err != nil {
+		return PhishingScan{}, err
+	}
+	return phishingScanResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/intelligence_phishing_test.go b/pkg/cloudflare-go/intelligence_phishing_test.go
new file mode 100644
index 0000000000..f394b5ba09
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_phishing_test.go
@@ -0,0 +1,51 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntelligence_PhishingScan(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel-phishing/predict", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "url": "https://www.cloudflare.com",
+    "phishing": false,
+    "verified": false,
+    "score": 0.99,
+    "classifier": "MACHINE_LEARNING_v2"
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligencePhishingScan(context.Background(), PhishingScanParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	want := PhishingScan{
+		URL:        "https://www.cloudflare.com",
+		Phishing:   false,
+		Verified:   false,
+		Score:      0.99,
+		Classifier: "MACHINE_LEARNING_v2",
+	}
+
+	out, err := client.IntelligencePhishingScan(context.Background(), PhishingScanParameters{AccountID: testAccountID, URL: "https://www.cloudflare.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/intelligence_whois.go b/pkg/cloudflare-go/intelligence_whois.go
new file mode 100644
index 0000000000..72a3a61364
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_whois.go
@@ -0,0 +1,60 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// WHOIS represents whois information.
+type WHOIS struct {
+	Domain            string   `json:"domain,omitempty"`
+	CreatedDate       string   `json:"created_date,omitempty"`
+	UpdatedDate       string   `json:"updated_date,omitempty"`
+	Registrant        string   `json:"registrant,omitempty"`
+	RegistrantOrg     string   `json:"registrant_org,omitempty"`
+	RegistrantCountry string   `json:"registrant_country,omitempty"`
+	RegistrantEmail   string   `json:"registrant_email,omitempty"`
+	Registrar         string   `json:"registrar,omitempty"`
+	Nameservers       []string `json:"nameservers,omitempty"`
+}
+
+// WHOISParameters represents parameters for a who is request.
+type WHOISParameters struct {
+	AccountID string `url:"-"`
+	Domain    string `url:"domain"`
+}
+
+// WHOISResponse represents an API response for a whois request.
+type WHOISResponse struct {
+	Response
+	Result WHOIS `json:"result,omitempty"`
+}
+
+// IntelligenceWHOIS gets whois information for a domain.
+//
+// API Reference: https://api.cloudflare.com/#whois-record-get-whois-record
+func (api *API) IntelligenceWHOIS(ctx context.Context, params WHOISParameters) (WHOIS, error) {
+	if params.AccountID == "" {
+		return WHOIS{}, ErrMissingAccountID
+	}
+
+	if params.Domain == "" {
+		return WHOIS{}, ErrMissingDomain
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/whois", params.AccountID), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WHOIS{}, err
+	}
+
+	var whoisResponse WHOISResponse
+	if err := json.Unmarshal(res, &whoisResponse); err != nil {
+		return WHOIS{}, err
+	}
+
+	return whoisResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/intelligence_whois_test.go b/pkg/cloudflare-go/intelligence_whois_test.go
new file mode 100644
index 0000000000..819dcfa890
--- /dev/null
+++ b/pkg/cloudflare-go/intelligence_whois_test.go
@@ -0,0 +1,77 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIntelligence_WHOIS(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/intel/whois", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "domain": "cloudflare.com",
+    "created_date": "2009-02-17",
+    "updated_date": "2017-05-24",
+    "registrant": "DATA REDACTED",
+    "registrant_org": "DATA REDACTED",
+    "registrant_country": "United States",
+    "registrant_email": "https://domaincontact.cloudflareregistrar.com/cloudflare.com",
+    "registrar": "Cloudflare, Inc.",
+    "nameservers": [
+      "ns3.cloudflare.com",
+      "ns4.cloudflare.com",
+      "ns5.cloudflare.com",
+      "ns6.cloudflare.com",
+      "ns7.cloudflare.com"
+    ]
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.IntelligenceWHOIS(context.Background(), WHOISParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing domain is thrown
+	_, err = client.IntelligenceWHOIS(context.Background(), WHOISParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+
+	want := WHOIS{
+		Domain:            "cloudflare.com",
+		CreatedDate:       "2009-02-17",
+		UpdatedDate:       "2017-05-24",
+		Registrant:        "DATA REDACTED",
+		RegistrantOrg:     "DATA REDACTED",
+		RegistrantCountry: "United States",
+		RegistrantEmail:   "https://domaincontact.cloudflareregistrar.com/cloudflare.com",
+		Registrar:         "Cloudflare, Inc.",
+		Nameservers: []string{
+			"ns3.cloudflare.com",
+			"ns4.cloudflare.com",
+			"ns5.cloudflare.com",
+			"ns6.cloudflare.com",
+			"ns7.cloudflare.com",
+		},
+	}
+
+	out, err := client.IntelligenceWHOIS(context.Background(), WHOISParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go b/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
new file mode 100644
index 0000000000..d52e5a355a
--- /dev/null
+++ b/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
@@ -0,0 +1,134 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/cloudflare/cloudflare-go"
+	"github.com/google/go-github/github"
+	"golang.org/x/oauth2"
+)
+
+const (
+	changelogEntryFileFormat      = ".changelog/%d.txt"
+	changelogProcessDocumentation = "https://github.com/cloudflare/cloudflare-go/blob/master/docs/changelog-process.md"
+	changelogDetectedMessage      = "changelog detected :white_check_mark:"
+)
+
+var (
+	changelogEntryPresent        = false
+	successMessageAlreadyPresent = false
+)
+
+func getSkipLabels() []string {
+	return []string{"workflow/skip-changelog-entry", "dependencies"}
+}
+
+func main() {
+	ctx := context.Background()
+	if len(os.Args) < 2 {
+		log.Fatalf("Usage: changelog-check PR#\n")
+	}
+	pr := os.Args[1]
+	prNo, err := strconv.Atoi(pr)
+	if err != nil {
+		log.Fatalf("error parsing PR %q as a number: %s", pr, err)
+	}
+
+	owner := os.Getenv("GITHUB_OWNER")
+	repo := os.Getenv("GITHUB_REPO")
+	token := os.Getenv("GITHUB_TOKEN")
+
+	if owner == "" {
+		log.Fatalf("GITHUB_OWNER not set")
+	}
+
+	if repo == "" {
+		log.Fatalf("GITHUB_REPO not set")
+	}
+
+	if token == "" {
+		log.Fatalf("GITHUB_TOKEN not set")
+	}
+
+	ts := oauth2.StaticTokenSource(
+		&oauth2.Token{AccessToken: token},
+	)
+	tc := oauth2.NewClient(ctx, ts)
+
+	client := github.NewClient(tc)
+
+	pullRequest, _, err := client.PullRequests.Get(ctx, owner, repo, prNo)
+	if err != nil {
+		log.Fatalf("error retrieving pull request %s/%s#%d: %s", owner, repo, prNo, err)
+	}
+
+	for _, label := range pullRequest.Labels {
+		for _, skipLabel := range getSkipLabels() {
+			if label.GetName() == skipLabel {
+				log.Printf("%s label found, exiting as changelog is not required\n", label.GetName())
+				os.Exit(0)
+			}
+		}
+	}
+
+	files, _, _ := client.PullRequests.ListFiles(ctx, owner, repo, prNo, &github.ListOptions{})
+	if err != nil {
+		log.Fatalf("error retrieving files on pull request %s/%s#%d: %s", owner, repo, prNo, err)
+	}
+
+	for _, file := range files {
+		if file.GetFilename() == fmt.Sprintf(changelogEntryFileFormat, prNo) {
+			changelogEntryPresent = true
+		}
+	}
+
+	comments, _, _ := client.Issues.ListComments(ctx, owner, repo, prNo, &github.IssueListCommentsOptions{})
+	for _, comment := range comments {
+		if strings.Contains(comment.GetBody(), "no changelog entry is attached to") {
+			if changelogEntryPresent {
+				client.Issues.EditComment(ctx, owner, repo, *comment.ID, &github.IssueComment{
+					Body: cloudflare.StringPtr(changelogDetectedMessage),
+				})
+				os.Exit(0)
+			}
+			log.Println("no change in status of changelog checks; exiting")
+			os.Exit(1)
+		}
+
+		if strings.Contains(comment.GetBody(), changelogDetectedMessage) {
+			successMessageAlreadyPresent = true
+		}
+	}
+
+	if changelogEntryPresent {
+		if !successMessageAlreadyPresent {
+			_, _, _ = client.Issues.CreateComment(ctx, owner, repo, prNo, &github.IssueComment{
+				Body: cloudflare.StringPtr(changelogDetectedMessage),
+			})
+		}
+		log.Printf("changelog found for %d, skipping remainder of checks\n", prNo)
+		os.Exit(0)
+	}
+
+	body := "Oops! It looks like no changelog entry is attached to" +
+		" this PR. Please include a release note as described in " +
+		changelogProcessDocumentation + ".\n\nExample: " +
+		"\n\n~~~\n```release-note:TYPE\nRelease note" +
+		"\n```\n~~~\n\n" +
+		"If you do not require a release note to be included, please add the `workflow/skip-changelog-entry` label."
+
+	_, _, err = client.Issues.CreateComment(ctx, owner, repo, prNo, &github.IssueComment{
+		Body: &body,
+	})
+
+	if err != nil {
+		log.Fatalf("failed to comment on pull request %s/%s#%d: %s", owner, repo, prNo, err)
+	}
+
+	os.Exit(1)
+}
diff --git a/pkg/cloudflare-go/internal/tools/go.mod b/pkg/cloudflare-go/internal/tools/go.mod
new file mode 100644
index 0000000000..c592590428
--- /dev/null
+++ b/pkg/cloudflare-go/internal/tools/go.mod
@@ -0,0 +1,249 @@
+module github.com/cloudflare/cloudflare-go/internal/tools
+
+go 1.19
+
+require (
+	github.com/breml/bidichk v0.2.3
+	github.com/cloudflare/cloudflare-go v0.48.0
+	github.com/curioswitch/go-reassign v0.2.0
+	github.com/cweill/gotests v1.6.0
+	github.com/go-delve/delve v1.9.0
+	github.com/golangci/golangci-lint v1.48.0
+	github.com/google/go-github v17.0.0+incompatible
+	github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8
+	github.com/jgautheron/goconst v1.5.1
+	github.com/kyoh86/exportloopref v0.1.8
+	github.com/orijtech/structslop v0.0.6
+	github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949
+	github.com/securego/gosec/v2 v2.13.1
+	github.com/uudashr/gopkgs/v2 v2.1.2
+	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
+	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
+	golang.org/x/tools v0.13.0
+	golang.org/x/tools/gopls v0.9.4
+)
+
+require (
+	4d63.com/gochecknoglobals v0.1.0 // indirect
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Antonboom/errname v0.1.7 // indirect
+	github.com/Antonboom/nilnil v0.1.1 // indirect
+	github.com/BurntSushi/toml v1.2.0 // indirect
+	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
+	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver v1.5.0 // indirect
+	github.com/Masterminds/semver/v3 v3.1.1 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/OpenPeeDeeP/depguard v1.1.0 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/alexkohler/prealloc v1.0.0 // indirect
+	github.com/alingse/asasalint v0.0.11 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/ashanbrown/forbidigo v1.3.0 // indirect
+	github.com/ashanbrown/makezero v1.1.1 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bflad/gopaniccheck v0.1.0 // indirect
+	github.com/bflad/tfproviderlint v0.28.1 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/bkielbasa/cyclop v1.2.0 // indirect
+	github.com/blizzy78/varnamelen v0.8.0 // indirect
+	github.com/bombsimon/wsl/v3 v3.3.0 // indirect
+	github.com/breml/errchkjson v0.3.0 // indirect
+	github.com/butuzov/ireturn v0.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/charithe/durationcheck v0.0.9 // indirect
+	github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4 // indirect
+	github.com/cilium/ebpf v0.7.0 // indirect
+	github.com/client9/misspell v0.3.4 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
+	github.com/cosiner/argv v0.1.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/daixiang0/gci v0.6.2 // indirect
+	github.com/dave/dst v0.26.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/denis-tingaikin/go-header v0.4.3 // indirect
+	github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/esimonov/ifshort v1.0.4 // indirect
+	github.com/ettle/strcase v0.1.1 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/structtag v1.2.0 // indirect
+	github.com/firefart/nonamedreturns v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/fzipp/gocyclo v0.6.0 // indirect
+	github.com/go-critic/go-critic v0.6.3 // indirect
+	github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-toolsmith/astcast v1.0.0 // indirect
+	github.com/go-toolsmith/astcopy v1.0.0 // indirect
+	github.com/go-toolsmith/astequal v1.0.1 // indirect
+	github.com/go-toolsmith/astfmt v1.0.0 // indirect
+	github.com/go-toolsmith/astp v1.0.0 // indirect
+	github.com/go-toolsmith/strparse v1.0.0 // indirect
+	github.com/go-toolsmith/typep v1.0.2 // indirect
+	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gofrs/flock v0.8.1 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
+	github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
+	github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
+	github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a // indirect
+	github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect
+	github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect
+	github.com/golangci/misspell v0.3.5 // indirect
+	github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect
+	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-dap v0.6.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/gookit/color v1.5.1 // indirect
+	github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect
+	github.com/gostaticanalysis/analysisutil v0.7.1 // indirect
+	github.com/gostaticanalysis/comment v1.4.2 // indirect
+	github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect
+	github.com/gostaticanalysis/nilerr v0.1.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hc-install v0.4.0 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/terraform-exec v0.17.2 // indirect
+	github.com/hashicorp/terraform-json v0.14.0 // indirect
+	github.com/hashicorp/terraform-plugin-docs v0.13.0 // indirect
+	github.com/hexops/gotextdiff v1.0.3 // indirect
+	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
+	github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
+	github.com/julz/importas v0.1.0 // indirect
+	github.com/karrick/godirwalk v1.12.0 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/kisielk/errcheck v1.6.2 // indirect
+	github.com/kisielk/gotool v1.0.0 // indirect
+	github.com/kulti/thelper v0.6.3 // indirect
+	github.com/kunwardeep/paralleltest v1.0.6 // indirect
+	github.com/ldez/gomoddirectives v0.2.3 // indirect
+	github.com/ldez/tagliatelle v0.3.1 // indirect
+	github.com/leonklingele/grouper v1.1.0 // indirect
+	github.com/lufeee/execinquery v1.2.1 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/maratori/testpackage v1.1.0 // indirect
+	github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
+	github.com/mgechev/revive v1.2.1 // indirect
+	github.com/mitchellh/cli v1.1.4 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/moricho/tparallel v0.2.1 // indirect
+	github.com/nakabonne/nestif v0.3.1 // indirect
+	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
+	github.com/nishanths/exhaustive v0.8.1 // indirect
+	github.com/nishanths/predeclared v0.2.2 // indirect
+	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
+	github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/polyfloyd/go-errorlint v1.0.0 // indirect
+	github.com/posener/complete v1.2.3 // indirect
+	github.com/prometheus/client_golang v1.12.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a // indirect
+	github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5 // indirect
+	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
+	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/russross/blackfriday v1.6.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/ryancurrah/gomodguard v1.2.4 // indirect
+	github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect
+	github.com/sanposhiho/wastedassign/v2 v2.0.6 // indirect
+	github.com/sashamelentyev/usestdlibvars v1.8.0 // indirect
+	github.com/sergi/go-diff v1.2.0 // indirect
+	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
+	github.com/shopspring/decimal v1.3.1 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/sivchari/containedctx v1.0.2 // indirect
+	github.com/sivchari/nosnakecase v1.7.0 // indirect
+	github.com/sivchari/tenv v1.7.0 // indirect
+	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/sonatard/noctx v0.0.1 // indirect
+	github.com/sourcegraph/go-diff v0.6.1 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/cobra v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/viper v1.12.0 // indirect
+	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
+	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
+	github.com/stretchr/objx v0.5.0 // indirect
+	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/subosito/gotenv v1.4.0 // indirect
+	github.com/sylvia7788/contextcheck v1.0.4 // indirect
+	github.com/tdakkota/asciicheck v0.1.1 // indirect
+	github.com/tetafro/godot v1.4.11 // indirect
+	github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 // indirect
+	github.com/tomarrell/wrapcheck/v2 v2.6.2 // indirect
+	github.com/tommy-muehle/go-mnd/v2 v2.5.0 // indirect
+	github.com/ultraware/funlen v0.0.3 // indirect
+	github.com/ultraware/whitespace v0.0.5 // indirect
+	github.com/uudashr/gocognit v1.0.6 // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
+	github.com/yagipy/maintidx v1.0.0 // indirect
+	github.com/yeya24/promlinter v0.2.0 // indirect
+	github.com/zclconf/go-cty v1.10.0 // indirect
+	gitlab.com/bosi/decorder v0.2.3 // indirect
+	go.starlark.net v0.0.0-20200821142938-949cc6f4b097 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.17.0 // indirect
+	golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e // indirect
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
+	golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/ini.v1 v1.66.6 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	honnef.co/go/tools v0.3.3 // indirect
+	mvdan.cc/gofumpt v0.3.1 // indirect
+	mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect
+	mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect
+	mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 // indirect
+	mvdan.cc/xurls/v2 v2.4.0 // indirect
+)
diff --git a/pkg/cloudflare-go/internal/tools/go.sum b/pkg/cloudflare-go/internal/tools/go.sum
new file mode 100644
index 0000000000..8375f5d098
--- /dev/null
+++ b/pkg/cloudflare-go/internal/tools/go.sum
@@ -0,0 +1,1429 @@
+4d63.com/gochecknoglobals v0.1.0 h1:zeZSRqj5yCg28tCkIV/z/lWbwvNm5qnKVS15PI8nhD0=
+4d63.com/gochecknoglobals v0.1.0/go.mod h1:wfdC5ZjKSPr7CybKEcgJhUOgeAQW1+7WcyK8OvUilfo=
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.61.0/go.mod h1:XukKJg4Y7QsUu0Hxg3qQKUWR4VuWivmyMK2+rUyxAqw=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
+cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
+cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/Antonboom/errname v0.1.7 h1:mBBDKvEYwPl4WFFNwec1CZO096G6vzK9vvDQzAwkako=
+github.com/Antonboom/errname v0.1.7/go.mod h1:g0ONh16msHIPgJSGsecu1G/dcF2hlYR/0SddnIAGavU=
+github.com/Antonboom/nilnil v0.1.1 h1:PHhrh5ANKFWRBh7TdYmyyq2gyT2lotnvFvvFbylF81Q=
+github.com/Antonboom/nilnil v0.1.1/go.mod h1:L1jBqoWM7AOeTD+tSquifKSesRHs4ZdaxvZR+xdJEaI=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
+github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM=
+github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
+github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2 h1:DGdS4FlsdM6OkluXOhgkvwx05ZjD3Idm9WqtYnOmSuY=
+github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2/go.mod h1:xj0D2jwLdp6tOKLheyZCsfL0nz8DaicmJxSwj3VcHtY=
+github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
+github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
+github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
+github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
+github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
+github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
+github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
+github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
+github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
+github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
+github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
+github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
+github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
+github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/OpenPeeDeeP/depguard v1.1.0 h1:pjK9nLPS1FwQYGGpPxoMYpe7qACHOhAWQMQzV71i49o=
+github.com/OpenPeeDeeP/depguard v1.1.0/go.mod h1:JtAMzWkmFEzDPyAd+W0NHl1lvpQKTvT9jnRVsohBKpc=
+github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
+github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
+github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
+github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
+github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pOcUuw=
+github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE=
+github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw=
+github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I=
+github.com/andybalholm/crlf v0.0.0-20171020200849-670099aa064f/go.mod h1:k8feO4+kXDxro6ErPXBRTJ/ro2mf0SsFG8s7doP9kJE=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
+github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
+github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
+github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
+github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
+github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
+github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
+github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/ashanbrown/forbidigo v1.3.0 h1:VkYIwb/xxdireGAdJNZoo24O4lmnEWkactplBlWTShc=
+github.com/ashanbrown/forbidigo v1.3.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI=
+github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
+github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
+github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
+github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bflad/gopaniccheck v0.1.0 h1:tJftp+bv42ouERmUMWLoUn/5bi/iQZjHPznM00cP/bU=
+github.com/bflad/gopaniccheck v0.1.0/go.mod h1:ZCj2vSr7EqVeDaqVsWN4n2MwdROx1YL+LFo47TSWtsA=
+github.com/bflad/tfproviderlint v0.28.1 h1:7f54/ynV6/lK5/1EyG7tHtc4sMdjJSEFGjZNRJKwBs8=
+github.com/bflad/tfproviderlint v0.28.1/go.mod h1:7Z9Pyl1Z1UWJcPBuyjN89D2NaJGpjReQb5NoaaQCthQ=
+github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
+github.com/bkielbasa/cyclop v1.2.0 h1:7Jmnh0yL2DjKfw28p86YTd/B4lRGcNuu12sKE35sM7A=
+github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
+github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M=
+github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k=
+github.com/bombsimon/wsl/v3 v3.3.0 h1:Mka/+kRLoQJq7g2rggtgQsjuI/K5Efd87WX96EWFxjM=
+github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
+github.com/breml/bidichk v0.2.3 h1:qe6ggxpTfA8E75hdjWPZ581sY3a2lnl0IRxLQFelECI=
+github.com/breml/bidichk v0.2.3/go.mod h1:8u2C6DnAy0g2cEq+k/A2+tr9O1s+vHGxWn0LTc70T2A=
+github.com/breml/errchkjson v0.3.0 h1:YdDqhfqMT+I1vIxPSas44P+9Z9HzJwCeAzjB8PxP1xw=
+github.com/breml/errchkjson v0.3.0/go.mod h1:9Cogkyv9gcT8HREpzi3TiqBxCqDzo8awa92zSDFcofU=
+github.com/butuzov/ireturn v0.1.1 h1:QvrO2QF2+/Cx1WA/vETCIYBKtRjc30vesdoPUNo1EbY=
+github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/charithe/durationcheck v0.0.9 h1:mPP4ucLrf/rKZiIG/a9IPXHGlh8p4CzgpyTy6EEutYk=
+github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
+github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4 h1:tFXjAxje9thrTF4h57Ckik+scJjTWdwAtZqZPtOT48M=
+github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4/go.mod h1:W8EnPSQ8Nv4fUjc/v1/8tHFqhuOJXnRub0dTfuAQktU=
+github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/cilium/ebpf v0.7.0 h1:1k/q3ATgxSXRdrmPfH8d7YK0GfqVsEKZAX9dQZvs56k=
+github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
+github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/cloudflare-go v0.48.0 h1:bg4mGzmR21+85p9qvwupje42IUqVK6ZSunrnY8lNGtE=
+github.com/cloudflare/cloudflare-go v0.48.0/go.mod h1:NTQPvombbf52QYX6YdY/oA15F7u9GNzeBhY3c3H49vA=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
+github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
+github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
+github.com/cosiner/argv v0.1.0 h1:BVDiEL32lwHukgJKP87btEPenzrrHUjajs/8yzaqcXg=
+github.com/cosiner/argv v0.1.0/go.mod h1:EusR6TucWKX+zFgtdUsKT2Cvg45K5rtpCcWz4hK06d8=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
+github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo=
+github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc=
+github.com/cweill/gotests v1.6.0 h1:KJx+/p4EweijYzqPb4Y/8umDCip1Cv6hEVyOx0mE9W8=
+github.com/cweill/gotests v1.6.0/go.mod h1:CaRYbxQZGQOxXDvM9l0XJVV2Tjb2E5H53vq+reR2GrA=
+github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
+github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/daixiang0/gci v0.6.2 h1:TXCP5RqjE/UupXO+p33MEhqdv7QxjKGw5MVkt9ATiMs=
+github.com/daixiang0/gci v0.6.2/go.mod h1:EpVfrztufwVgQRXjnX4zuNinEpLj5OmMjtu/+MB0V0c=
+github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY=
+github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
+github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
+github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
+github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8=
+github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/denis-tingaikin/go-header v0.4.3 h1:tEaZKAlqql6SKCY++utLmkPLd6K8IBM20Ha7UVm+mtU=
+github.com/denis-tingaikin/go-header v0.4.3/go.mod h1:0wOCWuN71D5qIgE2nz9KrKmuYBAC2Mra5RassOIQ2/c=
+github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9 h1:G765iDCq7bP5opdrPkXk+4V3yfkgV9iGFuheWZ/X/zY=
+github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9/go.mod h1:D6ICZm05D9VN1n/8iOtBxLpXtoGp6HDFUJ1RNVieOSE=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
+github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStBA=
+github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0=
+github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw=
+github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=
+github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
+github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y=
+github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
+github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
+github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
+github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
+github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
+github.com/go-critic/go-critic v0.6.3 h1:abibh5XYBTASawfTQ0rA7dVtQT+6KzpGqb/J+DxRDaw=
+github.com/go-critic/go-critic v0.6.3/go.mod h1:c6b3ZP1MQ7o6lPR7Rv3lEf7pYQUmAcx8ABHgdZCQt/k=
+github.com/go-delve/delve v1.9.0 h1:+vW0r1vuwk5Fqv+89ZvLTUfx55PvlENvfW4DH3v+x48=
+github.com/go-delve/delve v1.9.0/go.mod h1:CMUUF5L5qeBI3DXz9K/vXOt+h+TycVegYuzq8vv2cOk=
+github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d h1:pxjSLshkZJGLVm0wv20f/H0oTWiq/egkoJQ2ja6LEvo=
+github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d/go.mod h1:biJCRbqp51wS+I92HMqn5H8/A0PAhxn2vyOT+JqhiGI=
+github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
+github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
+github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
+github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
+github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
+github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
+github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
+github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
+github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM=
+github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
+github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
+github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
+github.com/go-toolsmith/astcast v1.0.0 h1:JojxlmI6STnFVG9yOImLeGREv8W2ocNUM+iOhR6jE7g=
+github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
+github.com/go-toolsmith/astcopy v1.0.0 h1:OMgl1b1MEpjFQ1m5ztEO06rz5CUd3oBv9RF7+DyvdG8=
+github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
+github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
+github.com/go-toolsmith/astequal v1.0.1 h1:JbSszi42Jiqu36Gnf363HWS9MTEAz67vTQLponh3Moc=
+github.com/go-toolsmith/astequal v1.0.1/go.mod h1:4oGA3EZXTVItV/ipGiOx7NWkY5veFfcsOJVS2YxltLw=
+github.com/go-toolsmith/astfmt v1.0.0 h1:A0vDDXt+vsvLEdbMFJAUBI/uTbRw1ffOPnxsILnFL6k=
+github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
+github.com/go-toolsmith/astp v1.0.0 h1:alXE75TXgcmupDsMK1fRAy0YUzLzqPVvBKoyWV+KPXg=
+github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
+github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5 h1:eD9POs68PHkwrx7hAB78z1cb6PfGq/jyWn3wJywsH1o=
+github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5/go.mod h1:3NAwwmD4uY/yggRxoEjk/S00MIV3A+H7rrE3i87eYxM=
+github.com/go-toolsmith/strparse v1.0.0 h1:Vcw78DnpCAKlM20kSbAyO4mPfJn/lyYA4BJUDxe2Jb4=
+github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
+github.com/go-toolsmith/typep v1.0.2 h1:8xdsa1+FSIH/RhEkgnD1j2CJOy5mNllW1Q9tRiYwvlk=
+github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
+github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
+github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
+github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
+github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0=
+github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
+github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM=
+github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
+github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe h1:6RGUuS7EGotKx6J5HIP8ZtyMdiDscjMLfRBSPuzVVeo=
+github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe/go.mod h1:gjqyPShc/m8pEMpk0a3SeagVb0kaqvhscv+i9jI5ZhQ=
+github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a h1:iR3fYXUjHCR97qWS8ch1y9zPNsgXThGwjKPrYfqMPks=
+github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
+github.com/golangci/golangci-lint v1.48.0 h1:hRiBNk9iRqdAKMa06ntfEiLyza1/3IE9rHLNJaek4a8=
+github.com/golangci/golangci-lint v1.48.0/go.mod h1:5N+oxduCho+7yuccW69upg/O7cxjfR/d+IQeiNxGmKM=
+github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 h1:MfyDlzVjl1hoaPzPD4Gpb/QgoRfSBR0jdhwGyAWwMSA=
+github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
+github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA=
+github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
+github.com/golangci/misspell v0.3.5 h1:pLzmVdl3VxTOncgzHcvLOKirdvcx/TydsClUQXTehjo=
+github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
+github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 h1:DIPQnGy2Gv2FSA4B/hh8Q7xx3B7AIDk3DAMeHclH1vQ=
+github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6/go.mod h1:0AKcRCkMoKvUvlf89F6O7H2LYdhr1zBh736mBItOdRs=
+github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 h1:zwtduBRr5SSWhqsYNgcuWO2kFlpdOZbP0+yRjmvPGys=
+github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-dap v0.6.0 h1:Y1RHGUtv3R8y6sXq2dtGRMYrFB2hSqyFVws7jucrzX4=
+github.com/google/go-dap v0.6.0/go.mod h1:5q8aYQFnHOAZEMP+6vmq25HKYAEwE+LF5yh7JKrrhSQ=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
+github.com/gookit/color v1.5.1 h1:Vjg2VEcdHpwq+oY63s/ksHrgJYCTo0bwWvmmYWdE9fQ=
+github.com/gookit/color v1.5.1/go.mod h1:wZFzea4X8qN6vHOSP2apMb4/+w/orMznEzYsIHPaqKM=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 h1:PVRE9d4AQKmbelZ7emNig1+NT27DUmKZn5qXxfio54U=
+github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0=
+github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
+github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
+github.com/gostaticanalysis/analysisutil v0.1.0/go.mod h1:dMhHRU9KTiDcuLGdy87/2gTR8WruwYZrKdRq9m1O6uw=
+github.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk=
+github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=
+github.com/gostaticanalysis/comment v1.3.0/go.mod h1:xMicKDx7XRXYdVwY9f9wQpDJVnqWxw9wCauCMKp+IBI=
+github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado=
+github.com/gostaticanalysis/comment v1.4.2 h1:hlnx5+S2fY9Zo9ePo4AhgYsYHbM2+eAv8m/s1JiCd6Q=
+github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM=
+github.com/gostaticanalysis/forcetypeassert v0.1.0 h1:6eUflI3DiGusXGK6X7cCcIgVCpZ2CiZ1Q7jl6ZxNV70=
+github.com/gostaticanalysis/forcetypeassert v0.1.0/go.mod h1:qZEedyP/sY1lTGV1uJ3VhWZ2mqag3IkWsDHVbplHXak=
+github.com/gostaticanalysis/nilerr v0.1.1 h1:ThE+hJP0fEp4zWLkWHWcRyI2Od0p7DlgYG3Uqrmrcpk=
+github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
+github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
+github.com/gostaticanalysis/testutil v0.4.0 h1:nhdCmubdmDF6VEatUNjgUZBJKWRqugoISdUv3PPQgHY=
+github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
+github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
+github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
+github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
+github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8 h1:9YDSbzqiU768LY0p5rAsifqaZ+wGOjBGtaW6GDH5tyg=
+github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8/go.mod h1:bYsOXLQjb/yhHHiZAfoiPzhNHVjiNTGryeeBwzn1Uak=
+github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
+github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
+github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
+github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
+github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
+github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY=
+github.com/hashicorp/go-getter v1.5.0/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM=
+github.com/hashicorp/go-getter v1.5.2/go.mod h1:orNH3BTYLu/fIxGIdLjLoAJHWMDQ/UKQr5O4m3iBuoo=
+github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
+github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
+github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-plugin v1.3.0/go.mod h1:F9eH4LrE/ZsRdbwhfjs9k9HoDUwAHnYtXdgmf1AVNs0=
+github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
+github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
+github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hashicorp/hc-install v0.4.0 h1:cZkRFr1WVa0Ty6x5fTvL1TuO1flul231rWkGH92oYYk=
+github.com/hashicorp/hc-install v0.4.0/go.mod h1:5d155H8EC5ewegao9A4PUTMNPZaq+TbOzkJJZ4vrXeI=
+github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
+github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90=
+github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8=
+github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
+github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
+github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A=
+github.com/hashicorp/terraform-exec v0.10.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo=
+github.com/hashicorp/terraform-exec v0.13.0/go.mod h1:SGhto91bVRlgXQWcJ5znSz+29UZIa8kpBbkGwQ+g9E8=
+github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go=
+github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8=
+github.com/hashicorp/terraform-json v0.5.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU=
+github.com/hashicorp/terraform-json v0.8.0/go.mod h1:3defM4kkMfttwiE7VakJDwCd4R+umhSQnvJwORXbprE=
+github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e17dKDpqV7s=
+github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM=
+github.com/hashicorp/terraform-plugin-docs v0.13.0 h1:6e+VIWsVGb6jYJewfzq2ok2smPzZrt1Wlm9koLeKazY=
+github.com/hashicorp/terraform-plugin-docs v0.13.0/go.mod h1:W0oCmHAjIlTHBbvtppWHe8fLfZ2BznQbuv8+UD8OucQ=
+github.com/hashicorp/terraform-plugin-go v0.2.1/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4=
+github.com/hashicorp/terraform-plugin-sdk v1.16.1/go.mod h1:KSsGcuZ1JRqnmYzz+sWIiUwNvJkzXbGRIdefwFfOdyY=
+github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0/go.mod h1:z+cMZ0iswzZOahBJ3XmNWgWkVnAd2bl8g+FhyyuPDH4=
+github.com/hashicorp/terraform-plugin-test/v2 v2.1.3/go.mod h1:pmaUHiUtDL/8Mz3FuyZ/vRDb0LpaOWQjVRW9ORF7FHs=
+github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
+github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
+github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
+github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
+github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
+github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
+github.com/jgautheron/goconst v1.5.1 h1:HxVbL1MhydKs8R8n/HE5NPvzfaYmQJA3o879lE4+WcM=
+github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
+github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
+github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs=
+github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
+github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9BjwUk7KlCh6S9EAGWBt1oExIUv9WyNCiRz5amv48=
+github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
+github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
+github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY=
+github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
+github.com/karrick/godirwalk v1.12.0 h1:nkS4xxsjiZMvVlazd0mFyiwD4BR9f3m6LXGhM2TUx3Y=
+github.com/karrick/godirwalk v1.12.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
+github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
+github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M=
+github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.6.2 h1:uGQ9xI8/pgc9iOoCe7kWQgRE6SBTrCGmTSf0LrEtY7c=
+github.com/kisielk/errcheck v1.6.2/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw=
+github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kulti/thelper v0.6.3 h1:ElhKf+AlItIu+xGnI990no4cE2+XaSu1ULymV2Yulxs=
+github.com/kulti/thelper v0.6.3/go.mod h1:DsqKShOvP40epevkFrvIwkCMNYxMeTNjdWL4dqWHZ6I=
+github.com/kunwardeep/paralleltest v1.0.6 h1:FCKYMF1OF2+RveWlABsdnmsvJrei5aoyZoaGS+Ugg8g=
+github.com/kunwardeep/paralleltest v1.0.6/go.mod h1:Y0Y0XISdZM5IKm3TREQMZ6iteqn1YuwCsJO/0kL9Zes=
+github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
+github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
+github.com/kyoh86/exportloopref v0.1.8 h1:5Ry/at+eFdkX9Vsdw3qU4YkvGtzuVfzT4X7S77LoN/M=
+github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg=
+github.com/ldez/gomoddirectives v0.2.3 h1:y7MBaisZVDYmKvt9/l1mjNCiSA1BVn34U0ObUcJwlhA=
+github.com/ldez/gomoddirectives v0.2.3/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
+github.com/ldez/tagliatelle v0.3.1 h1:3BqVVlReVUZwafJUwQ+oxbx2BEX2vUG4Yu/NOfMiKiM=
+github.com/ldez/tagliatelle v0.3.1/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
+github.com/leonklingele/grouper v1.1.0 h1:tC2y/ygPbMFSBOs3DcyaEMKnnwH7eYKzohOtRrf0SAg=
+github.com/leonklingele/grouper v1.1.0/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM=
+github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM=
+github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
+github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
+github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
+github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ=
+github.com/maratori/testpackage v1.1.0 h1:GJY4wlzQhuBusMF1oahQCBtUV/AQ/k69IZ68vxaac2Q=
+github.com/maratori/testpackage v1.1.0/go.mod h1:PeAhzU8qkCwdGEMTEupsHJNlQu2gZopMC6RjbhmHeDc=
+github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 h1:pWxk9e//NbPwfxat7RXkts09K+dEBJWakUWwICVqYbA=
+github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
+github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
+github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo=
+github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
+github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
+github.com/mgechev/revive v1.2.1 h1:GjFml7ZsoR0IrQ2E2YIvWFNS5GPDV7xNwvA5GM1HZC4=
+github.com/mgechev/revive v1.2.1/go.mod h1:+Ro3wqY4vakcYNtkBWdZC7dBg1xSB6sp054wWwmeFm0=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
+github.com/mitchellh/cli v1.1.1/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
+github.com/mitchellh/cli v1.1.4 h1:qj8czE26AU4PbiaPXK5uVmMSM+V5BYsFBiM9HhGRLUA=
+github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
+github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
+github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
+github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-testing-interface v1.0.4/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
+github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
+github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/moricho/tparallel v0.2.1 h1:95FytivzT6rYzdJLdtfn6m1bfFJylOJK41+lgv/EHf4=
+github.com/moricho/tparallel v0.2.1/go.mod h1:fXEIZxG2vdfl0ZF8b42f5a78EhjjD5mX8qUplsoSU4k=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U=
+github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
+github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 h1:4kuARK6Y6FxaNu/BnU2OAaLF86eTVhP2hjTB6iMvItA=
+github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/nishanths/exhaustive v0.8.1 h1:0QKNascWv9qIHY7zRoZSxeRr6kuk5aAT3YXLTiDmjTo=
+github.com/nishanths/exhaustive v0.8.1/go.mod h1:qj+zJJUgJ76tR92+25+03oYUhzF4R7/2Wk7fGTfCHmg=
+github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
+github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
+github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs=
+github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
+github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
+github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
+github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/orijtech/structslop v0.0.6 h1:MAw4cRHkpNgr5+irv9R1sG07wdxjCe1hkd/ozVv9ugU=
+github.com/orijtech/structslop v0.0.6/go.mod h1:3zH7DQgjl7qvvnMni63/U82f+EjQ3MofOx9BRxanAiA=
+github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k=
+github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
+github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
+github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
+github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
+github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
+github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw=
+github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI=
+github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d h1:CdDQnGF8Nq9ocOS/xlSptM1N3BbrA6/kmaep5ggwaIA=
+github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
+github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
+github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/polyfloyd/go-errorlint v1.0.0 h1:pDrQG0lrh68e602Wfp68BlUTRFoHn8PZYAjLgt2LFsM=
+github.com/polyfloyd/go-errorlint v1.0.0/go.mod h1:KZy4xxPJyy88/gldCe5OdW6OQRtNO3EZE7hXzmnebgA=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
+github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E=
+github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
+github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
+github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
+github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/quasilyte/go-ruleguard v0.3.1-0.20210203134552-1b5a410e1cc8/go.mod h1:KsAh3x0e7Fkpgs+Q9pNLS5XpFSvYCEVl5gP9Pp1xp30=
+github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a h1:sWFavxtIctGrVs5SYZ5Ml1CvrDAs8Kf5kx2PI3C41dA=
+github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a/go.mod h1:VMX+OnnSw4LicdiEGtRSD/1X8kW7GuEscjYNr4cOIT4=
+github.com/quasilyte/go-ruleguard/dsl v0.3.0/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
+github.com/quasilyte/go-ruleguard/dsl v0.3.16/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
+github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc=
+github.com/quasilyte/go-ruleguard/rules v0.0.0-20211022131956-028d6511ab71/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50=
+github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5 h1:PDWGei+Rf2bBiuZIbZmM20J2ftEy9IeUCHA8HbQqed8=
+github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5/go.mod h1:wSEyW6O61xRV6zb6My3HxrQ5/8ke7NE2OayqCHa3xRM=
+github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 h1:L8QM9bvf68pVdQ3bCFZMDmnt9yqcMBro1pC7F+IPYMY=
+github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
+github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs=
+github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ=
+github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949 h1:iaD+iVf9xGfajsJp+zYrg9Lrk6gMJ6/hZHO4cYq5D5o=
+github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949/go.mod h1:9V3eNbj9Z53yO7cKB6cSX9f0O7rYdIiuGBhjA1YsQuw=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
+github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryancurrah/gomodguard v1.2.4 h1:CpMSDKan0LtNGGhPrvupAoLeObRFjND8/tU1rEOtBp4=
+github.com/ryancurrah/gomodguard v1.2.4/go.mod h1:+Kem4VjWwvFpUJRJSwa16s1tBJe+vbv02+naTow2f6M=
+github.com/ryanrolds/sqlclosecheck v0.3.0 h1:AZx+Bixh8zdUBxUA1NxbxVAS78vTPq4rCb8OUZI9xFw=
+github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
+github.com/sanposhiho/wastedassign/v2 v2.0.6 h1:+6/hQIHKNJAUixEj6EmOngGIisyeI+T3335lYTyxRoA=
+github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
+github.com/sashamelentyev/usestdlibvars v1.8.0 h1:QnWP9IOEuRyYKH+IG0LlQIjuJlc0rfdo4K3/Zh3WRMw=
+github.com/sashamelentyev/usestdlibvars v1.8.0/go.mod h1:BFt7b5mSVHaaa26ZupiNRV2ODViQBxZZVhtAxAJRrjs=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
+github.com/securego/gosec/v2 v2.13.1 h1:7mU32qn2dyC81MH9L2kefnQyRMUarfDER3iQyMHcjYM=
+github.com/securego/gosec/v2 v2.13.1/go.mod h1:EO1sImBMBWFjOTFzMWfTRrZW6M15gm60ljzrmy/wtHo=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
+github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU=
+github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
+github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
+github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sivchari/containedctx v1.0.2 h1:0hLQKpgC53OVF1VT7CeoFHk9YKstur1XOgfYIc1yrHI=
+github.com/sivchari/containedctx v1.0.2/go.mod h1:PwZOeqm4/DLoJOqMSIJs3aKqXRX4YO+uXww087KZ7Bw=
+github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt95do8=
+github.com/sivchari/nosnakecase v1.7.0/go.mod h1:CwDzrzPea40/GB6uynrNLiorAlgFRvRbFSgJx2Gs+QY=
+github.com/sivchari/tenv v1.7.0 h1:d4laZMBK6jpe5PWepxlV9S+LC0yXqvYHiq8E6ceoVVE=
+github.com/sivchari/tenv v1.7.0/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg=
+github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
+github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
+github.com/sonatard/noctx v0.0.1 h1:VC1Qhl6Oxx9vvWo3UDgrGXYCeKCe3Wbw7qAWL6FrmTY=
+github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI=
+github.com/sourcegraph/go-diff v0.6.1 h1:hmA1LzxW0n1c3Q4YbrFgg4P99GSnebYa3x8gr0HZqLQ=
+github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
+github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
+github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
+github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
+github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
+github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
+github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
+github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
+github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
+github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
+github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
+github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=
+github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
+github.com/stbenjam/no-sprintf-host-port v0.1.1 h1:tYugd/yrm1O0dV+ThCbaKZh195Dfm07ysF0U6JQXczc=
+github.com/stbenjam/no-sprintf-host-port v0.1.1/go.mod h1:TLhvtIvONRzdmkFiio4O8LHsN9N74I+PhRquPsxpL0I=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
+github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
+github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
+github.com/sylvia7788/contextcheck v1.0.4 h1:MsiVqROAdr0efZc/fOCt0c235qm9XJqHtWwM+2h2B04=
+github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
+github.com/tdakkota/asciicheck v0.1.1 h1:PKzG7JUTUmVspQTDqtkX9eSiLGossXTybutHwTXuO0A=
+github.com/tdakkota/asciicheck v0.1.1/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
+github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA=
+github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
+github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=
+github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
+github.com/tetafro/godot v1.4.11 h1:BVoBIqAf/2QdbFmSwAWnaIqDivZdOV0ZRwEm6jivLKw=
+github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
+github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 h1:kl4KhGNsJIbDHS9/4U9yQo1UcPQM0kOMJHn29EoH/Ro=
+github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
+github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/tomarrell/wrapcheck/v2 v2.6.2 h1:3dI6YNcrJTQ/CJQ6M/DUkc0gnqYSIk6o0rChn9E/D0M=
+github.com/tomarrell/wrapcheck/v2 v2.6.2/go.mod h1:ao7l5p0aOlUNJKI0qVwB4Yjlqutd0IvAB9Rdwyilxvg=
+github.com/tommy-muehle/go-mnd/v2 v2.5.0 h1:iAj0a8e6+dXSL7Liq0aXPox36FiN1dBbjA6lt9fl65s=
+github.com/tommy-muehle/go-mnd/v2 v2.5.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
+github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
+github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ultraware/funlen v0.0.3 h1:5ylVWm8wsNwH5aWo9438pwvsK0QiqVuUrt9bn7S/iLA=
+github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
+github.com/ultraware/whitespace v0.0.5 h1:hh+/cpIcopyMYbZNVov9iSxvJU3OYQg78Sfaqzi/CzI=
+github.com/ultraware/whitespace v0.0.5/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
+github.com/uudashr/gocognit v1.0.6 h1:2Cgi6MweCsdB6kpcVQp7EW4U23iBFQWfTXiWlyp842Y=
+github.com/uudashr/gocognit v1.0.6/go.mod h1:nAIUuVBnYU7pcninia3BHOvQkpQCeO76Uscky5BOwcY=
+github.com/uudashr/gopkgs/v2 v2.1.2 h1:A0+QH6wqNRHORJnxmqfeuBEsK4nYQ7pgcOHhqpqcrpo=
+github.com/uudashr/gopkgs/v2 v2.1.2/go.mod h1:O9VKOuPWrUpVhaxcg7N3QiTrlDhgJb/84Y7b3qaX1rI=
+github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
+github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
+github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
+github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
+github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
+github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
+github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
+github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
+github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=
+github.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk=
+github.com/yeya24/promlinter v0.2.0 h1:xFKDQ82orCU5jQujdaD8stOHiv8UN68BSdn2a8u8Y3o=
+github.com/yeya24/promlinter v0.2.0/go.mod h1:u54lkmBOZrpEbQQ6gox2zWKKLKu2SGe+2KOiextY+IA=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
+github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
+github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
+github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
+github.com/zclconf/go-cty v1.7.1/go.mod h1:VDR4+I79ubFBGm1uJac1226K5yANQFHeauxPBoP54+o=
+github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
+github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
+github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
+gitlab.com/bosi/decorder v0.2.3 h1:gX4/RgK16ijY8V+BRQHAySfQAb354T7/xQpDB2n10P0=
+gitlab.com/bosi/decorder v0.2.3/go.mod h1:9K1RB5+VPNQYtXtTDAzd2OEftsZb1oV0IrJrzChSdGE=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.starlark.net v0.0.0-20200821142938-949cc6f4b097 h1:YiRMXXgG+Pg26t1fjq+iAjaauKWMC9cmGFrtOEuwDDg=
+go.starlark.net v0.0.0-20200821142938-949cc6f4b097/go.mod h1:f0znQkUKRrkk36XxWbGjMqQM8wGv/xHBVE2qc3B5oFU=
+go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
+go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
+go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U=
+go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
+golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 h1:QlVATYS7JBoZMVaf+cNjb90WD/beKVHnIxFKT4QaHVI=
+golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e h1:7Xs2YCOpMlNqSQSmrrnhlzBXIE/bpMecZplbLePTJvE=
+golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
+golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
+golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 h1:M73Iuj3xbbb9Uk1DYhzydthsj6oOd6l9bpuFcNoUvTs=
+golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190307163923-6a08e3108db3/go.mod h1:25r3+/G6/xytQM8iWZKq3Hn0kr0rgFKPUNVEL/dr3z4=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190321232350-e250d351ecad/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190916130336-e45ffcd953cc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191109212701-97ad0ed33101/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200214201135-548b770e2dfa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200324003944-a576cf524670/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200624225443-88f3c62a19ff/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200625211823-6506e20df31f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200713011307-fd294ab11aed/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200831203904-5a2aa26beb65/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
+golang.org/x/tools v0.0.0-20200917221617-d56e4e40bc9d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201002184944-ecd9fd270d5d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201230224404-63754364767c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
+golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
+golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.9-0.20211228192929-ee1ca4ffc4da/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
+golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
+golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
+golang.org/x/tools/gopls v0.9.4 h1:YhHOxVi++ILnY+QnH9FGtRKZZrunSaR7OW8/dCp7bBk=
+golang.org/x/tools/gopls v0.9.4/go.mod h1:merWH6UwxKhBcAlppWCEC4kJDvHxmHdKNDftyHnMsjU=
+golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df h1:BkeW9/QJhcigekDUPS9N9bIb0v7gPKKmLYeczVAqr2s=
+golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df/go.mod h1:UZshlUPxXeGUM9I14UOawXQg6yosDE9cr1vKY/DzgWo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/api v0.34.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
+google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
+google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
+google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
+gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.3.3 h1:oDx7VAwstgpYpb3wv0oxiZlxY+foCpRAwY7Vk6XpAgA=
+honnef.co/go/tools v0.3.3/go.mod h1:jzwdWgg7Jdq75wlfblQxO4neNaFFSvgc1tD5Wv8U0Yw=
+mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8=
+mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE=
+mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I=
+mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
+mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo=
+mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
+mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 h1:seuXWbRB1qPrS3NQnHmFKLJLtskWyueeIzmLXghMGgk=
+mvdan.cc/unparam v0.0.0-20220706161116-678bad134442/go.mod h1:F/Cxw/6mVrNKqrR2YjFf5CaW0Bw4RL8RfbEf4GRggJk=
+mvdan.cc/xurls/v2 v2.4.0 h1:tzxjVAj+wSBmDcF6zBB7/myTy3gX9xvi8Tyr28AuQgc=
+mvdan.cc/xurls/v2 v2.4.0/go.mod h1:+GEjq9uNjqs8LQfM9nVnM8rff0OQ5Iash5rzX+N1CSg=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/pkg/cloudflare-go/internal/tools/tools.go b/pkg/cloudflare-go/internal/tools/tools.go
new file mode 100644
index 0000000000..4a0baee4de
--- /dev/null
+++ b/pkg/cloudflare-go/internal/tools/tools.go
@@ -0,0 +1,45 @@
+//go:build tools
+// +build tools
+
+package tools
+
+//go:generate go install github.com/breml/bidichk/cmd/bidichk
+//go:generate go install github.com/curioswitch/go-reassign
+//go:generate go install github.com/cweill/gotests/gotests
+//go:generate go install github.com/go-delve/delve/cmd/dlv
+//go:generate go install github.com/golangci/golangci-lint/cmd/golangci-lint
+//go:generate go install github.com/google/go-github/github
+//go:generate go install github.com/hashicorp/go-changelog/cmd/changelog-build
+//go:generate go install github.com/jgautheron/goconst/cmd/goconst
+//go:generate go install github.com/kyoh86/exportloopref/cmd/exportloopref
+//go:generate go install github.com/orijtech/structslop/cmd/structslop
+//go:generate go install github.com/ramya-rao-a/go-outline
+//go:generate go install github.com/securego/gosec/v2/cmd/gosec
+//go:generate go install github.com/uudashr/gopkgs/v2/cmd/gopkgs
+//go:generate go install golang.org/x/lint/golint
+//go:generate go install golang.org/x/oauth2
+//go:generate go install golang.org/x/tools/gopls@latest
+//go:generate go install golang.org/x/tools/cmd/goimports@latest
+
+import (
+	// local development tooling for linting and debugging.
+	_ "github.com/breml/bidichk/cmd/bidichk"
+	_ "github.com/curioswitch/go-reassign"
+	_ "github.com/cweill/gotests/gotests"
+	_ "github.com/go-delve/delve/cmd/dlv"
+	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
+	_ "github.com/hashicorp/go-changelog/cmd/changelog-build"
+	_ "github.com/jgautheron/goconst/cmd/goconst"
+	_ "github.com/kyoh86/exportloopref/cmd/exportloopref"
+	_ "github.com/orijtech/structslop/cmd/structslop"
+	_ "github.com/ramya-rao-a/go-outline"
+	_ "github.com/securego/gosec/v2/cmd/gosec"
+	_ "github.com/uudashr/gopkgs/v2/cmd/gopkgs"
+	_ "golang.org/x/lint/golint"
+	_ "golang.org/x/tools/cmd/goimports"
+	_ "golang.org/x/tools/gopls"
+
+	// used for changelog-check tooling
+	_ "github.com/google/go-github/github"
+	_ "golang.org/x/oauth2"
+)
diff --git a/pkg/cloudflare-go/ip_access_rules.go b/pkg/cloudflare-go/ip_access_rules.go
new file mode 100644
index 0000000000..58d29cd084
--- /dev/null
+++ b/pkg/cloudflare-go/ip_access_rules.go
@@ -0,0 +1,89 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type ListIPAccessRulesOrderOption string
+type ListIPAccessRulesMatchOption string
+type IPAccessRulesModeOption string
+
+const (
+	IPAccessRulesConfigurationTarget  ListIPAccessRulesOrderOption = "configuration.target"
+	IPAccessRulesConfigurationValue   ListIPAccessRulesOrderOption = "configuration.value"
+	IPAccessRulesMatchOptionAll       ListIPAccessRulesMatchOption = "all"
+	IPAccessRulesMatchOptionAny       ListIPAccessRulesMatchOption = "any"
+	IPAccessRulesModeBlock            IPAccessRulesModeOption      = "block"
+	IPAccessRulesModeChallenge        IPAccessRulesModeOption      = "challenge"
+	IPAccessRulesModeJsChallenge      IPAccessRulesModeOption      = "js_challenge"
+	IPAccessRulesModeManagedChallenge IPAccessRulesModeOption      = "managed_challenge"
+	IPAccessRulesModeWhitelist        IPAccessRulesModeOption      = "whitelist"
+)
+
+type ListIPAccessRulesFilters struct {
+	Configuration IPAccessRuleConfiguration    `json:"configuration,omitempty"`
+	Match         ListIPAccessRulesMatchOption `json:"match,omitempty"`
+	Mode          IPAccessRulesModeOption      `json:"mode,omitempty"`
+	Notes         string                       `json:"notes,omitempty"`
+}
+
+type ListIPAccessRulesParams struct {
+	Direction string                       `url:"direction,omitempty"`
+	Filters   ListIPAccessRulesFilters     `url:"filters,omitempty"`
+	Order     ListIPAccessRulesOrderOption `url:"order,omitempty"`
+	PaginationOptions
+}
+
+type IPAccessRuleConfiguration struct {
+	Target string `json:"target,omitempty"`
+	Value  string `json:"value,omitempty"`
+}
+
+type IPAccessRule struct {
+	AllowedModes  []IPAccessRulesModeOption `json:"allowed_modes"`
+	Configuration IPAccessRuleConfiguration `json:"configuration"`
+	CreatedOn     string                    `json:"created_on"`
+	ID            string                    `json:"id"`
+	Mode          IPAccessRulesModeOption   `json:"mode"`
+	ModifiedOn    string                    `json:"modified_on"`
+	Notes         string                    `json:"notes"`
+}
+
+type ListIPAccessRulesResponse struct {
+	Result     []IPAccessRule `json:"result"`
+	ResultInfo `json:"result_info"`
+	Response
+}
+
+// ListIPAccessRules fetches IP Access rules of a zone/user/account. You can
+// filter the results using several optional parameters.
+//
+// API references:
+//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-a-user-list-ip-access-rules
+//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-a-zone-list-ip-access-rules
+//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-an-account-list-ip-access-rules
+func (api *API) ListIPAccessRules(ctx context.Context, rc *ResourceContainer, params ListIPAccessRulesParams) ([]IPAccessRule, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []IPAccessRule{}, &ResultInfo{}, ErrMissingResourceIdentifier
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/firewall/access_rules/rules", rc.Level, rc.Identifier), params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []IPAccessRule{}, &ResultInfo{}, err
+	}
+
+	result := ListIPAccessRulesResponse{}
+
+	err = json.Unmarshal(res, &result)
+	if err != nil {
+		return []IPAccessRule{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, &result.ResultInfo, nil
+}
diff --git a/pkg/cloudflare-go/ip_access_rules_test.go b/pkg/cloudflare-go/ip_access_rules_test.go
new file mode 100644
index 0000000000..4eba124433
--- /dev/null
+++ b/pkg/cloudflare-go/ip_access_rules_test.go
@@ -0,0 +1,311 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListIPAccessRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.1"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "f2d427378e7542acb295380d352e2ebd",
+							"mode": "whitelist",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "Whitelisting this IP."
+						},
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.2"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "92f17202ed8bd63d69a66b86a49a8f6b",
+							"mode": "block",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "This rule is enabled because of an event that occurred on date X."
+						},
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.3"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "4ae338944d6143378c3cf05a7c77d983",
+							"mode": "challenge",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "This rule is enabled because of an event that occurred on date Y."
+						},
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.4"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "52161eb6af4241bb9d4b32394be72fdf",
+							"mode": "js_challenge",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "This rule is enabled because of an event that occurred on date Z."
+						},
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.5"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "cbf4b7a5a2a24e59a03044d6d44ceb09",
+							"mode": "managed_challenge",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "This rule is enabled because we like the challenge page."
+						}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null,
+			"result_info":{
+				"page":1,
+				"per_page":25,
+				"count":5,
+				"total_count":5
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/access_rules/rules", handler)
+	want := []IPAccessRule{
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "f2d427378e7542acb295380d352e2ebd",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.1",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "whitelist",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "Whitelisting this IP.",
+		},
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "92f17202ed8bd63d69a66b86a49a8f6b",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.2",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "block",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "This rule is enabled because of an event that occurred on date X.",
+		},
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "4ae338944d6143378c3cf05a7c77d983",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.3",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "challenge",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "This rule is enabled because of an event that occurred on date Y.",
+		},
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "52161eb6af4241bb9d4b32394be72fdf",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.4",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "js_challenge",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "This rule is enabled because of an event that occurred on date Z.",
+		},
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.5",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "managed_challenge",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "This rule is enabled because we like the challenge page.",
+		},
+	}
+
+	actual, _, err := client.ListIPAccessRules(context.Background(),
+		ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), ListIPAccessRulesParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListIPAccessRulesWithParams(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result":[
+						{
+							"allowed_modes": [
+								"whitelist",
+								"block",
+								"challenge",
+								"js_challenge",
+								"managed_challenge"
+							],
+							"configuration": {
+								"target": "ip",
+								"value": "198.51.100.5"
+							},
+							"created_on": "2014-01-01T05:20:00.12345Z",
+							"id": "cbf4b7a5a2a24e59a03044d6d44ceb09",
+							"mode": "managed_challenge",
+							"modified_on": "2014-01-01T05:20:00.12345Z",
+							"notes": "This rule is enabled because we like the challenge page."
+						}
+			],
+			"success":true,
+			"errors":null,
+			"messages":null,
+			"result_info":{
+				"page":1,
+				"per_page":100,
+				"count":1,
+				"total_count":1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/access_rules/rules", handler)
+	want := []IPAccessRule{
+		{
+			AllowedModes: []IPAccessRulesModeOption{
+				IPAccessRulesModeWhitelist,
+				IPAccessRulesModeBlock,
+				IPAccessRulesModeChallenge,
+				IPAccessRulesModeJsChallenge,
+				IPAccessRulesModeManagedChallenge,
+			},
+			ID: "cbf4b7a5a2a24e59a03044d6d44ceb09",
+			Configuration: IPAccessRuleConfiguration{
+				Target: "ip",
+				Value:  "198.51.100.5",
+			},
+			CreatedOn:  "2014-01-01T05:20:00.12345Z",
+			Mode:       "managed_challenge",
+			ModifiedOn: "2014-01-01T05:20:00.12345Z",
+			Notes:      "This rule is enabled because we like the challenge page.",
+		},
+	}
+
+	actual, _, err := client.ListIPAccessRules(context.Background(),
+		ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), ListIPAccessRulesParams{
+			Direction: "asc",
+			Filters: ListIPAccessRulesFilters{
+				Configuration: IPAccessRuleConfiguration{
+					Target: "ip",
+				},
+				Match: "any",
+				Mode:  "manage_challenge",
+				Notes: "This rule is enabled because we like the challenge page.",
+			},
+			Order: IPAccessRulesConfigurationTarget,
+			PaginationOptions: PaginationOptions{
+				Page:    1,
+				PerPage: 100,
+			},
+		})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/ip_list.go b/pkg/cloudflare-go/ip_list.go
new file mode 100644
index 0000000000..a9c5e7151a
--- /dev/null
+++ b/pkg/cloudflare-go/ip_list.go
@@ -0,0 +1,507 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// The definitions in this file are deprecated and should be removed after
+// enough time is given for users to migrate. Use the more general `List`
+// methods instead.
+
+const (
+	// IPListTypeIP specifies a list containing IP addresses.
+	IPListTypeIP = "ip"
+)
+
+// IPListBulkOperation contains information about a Bulk Operation.
+type IPListBulkOperation struct {
+	ID        string     `json:"id"`
+	Status    string     `json:"status"`
+	Error     string     `json:"error"`
+	Completed *time.Time `json:"completed"`
+}
+
+// IPList contains information about an IP List.
+type IPList struct {
+	ID                    string     `json:"id"`
+	Name                  string     `json:"name"`
+	Description           string     `json:"description"`
+	Kind                  string     `json:"kind"`
+	NumItems              int        `json:"num_items"`
+	NumReferencingFilters int        `json:"num_referencing_filters"`
+	CreatedOn             *time.Time `json:"created_on"`
+	ModifiedOn            *time.Time `json:"modified_on"`
+}
+
+// IPListItem contains information about a single IP List Item.
+type IPListItem struct {
+	ID         string     `json:"id"`
+	IP         string     `json:"ip"`
+	Comment    string     `json:"comment"`
+	CreatedOn  *time.Time `json:"created_on"`
+	ModifiedOn *time.Time `json:"modified_on"`
+}
+
+// IPListCreateRequest contains data for a new IP List.
+type IPListCreateRequest struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	Kind        string `json:"kind"`
+}
+
+// IPListItemCreateRequest contains data for a new IP List Item.
+type IPListItemCreateRequest struct {
+	IP      string `json:"ip"`
+	Comment string `json:"comment"`
+}
+
+// IPListItemDeleteRequest wraps IP List Items that shall be deleted.
+type IPListItemDeleteRequest struct {
+	Items []IPListItemDeleteItemRequest `json:"items"`
+}
+
+// IPListItemDeleteItemRequest contains single IP List Items that shall be deleted.
+type IPListItemDeleteItemRequest struct {
+	ID string `json:"id"`
+}
+
+// IPListUpdateRequest contains data for an IP List update.
+type IPListUpdateRequest struct {
+	Description string `json:"description"`
+}
+
+// IPListResponse contains a single IP List.
+type IPListResponse struct {
+	Response
+	Result IPList `json:"result"`
+}
+
+// IPListItemCreateResponse contains information about the creation of an IP List Item.
+type IPListItemCreateResponse struct {
+	Response
+	Result struct {
+		OperationID string `json:"operation_id"`
+	} `json:"result"`
+}
+
+// IPListListResponse contains a slice of IP Lists.
+type IPListListResponse struct {
+	Response
+	Result []IPList `json:"result"`
+}
+
+// IPListBulkOperationResponse contains information about a Bulk Operation.
+type IPListBulkOperationResponse struct {
+	Response
+	Result IPListBulkOperation `json:"result"`
+}
+
+// IPListDeleteResponse contains information about the deletion of an IP List.
+type IPListDeleteResponse struct {
+	Response
+	Result struct {
+		ID string `json:"id"`
+	} `json:"result"`
+}
+
+// IPListItemsListResponse contains information about IP List Items.
+type IPListItemsListResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []IPListItem `json:"result"`
+}
+
+// IPListItemDeleteResponse contains information about the deletion of an IP List Item.
+type IPListItemDeleteResponse struct {
+	Response
+	Result struct {
+		OperationID string `json:"operation_id"`
+	} `json:"result"`
+}
+
+// IPListItemsGetResponse contains information about a single IP List Item.
+type IPListItemsGetResponse struct {
+	Response
+	Result IPListItem `json:"result"`
+}
+
+// ListIPLists lists all IP Lists.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-list-lists
+//
+// Deprecated: Use `ListLists` instead.
+func (api *API) ListIPLists(ctx context.Context, accountID string) ([]IPList, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []IPList{}, err
+	}
+
+	result := IPListListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// CreateIPList creates a new IP List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list
+//
+// Deprecated: Use `CreateList` instead.
+func (api *API) CreateIPList(ctx context.Context, accountID, name, description, kind string) (IPList,
+	error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
+		IPListCreateRequest{Name: name, Description: description, Kind: kind})
+	if err != nil {
+		return IPList{}, err
+	}
+
+	result := IPListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetIPList returns a single IP List
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-list
+//
+// Deprecated: Use `GetList` instead.
+func (api *API) GetIPList(ctx context.Context, accountID, ID string) (IPList, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IPList{}, err
+	}
+
+	result := IPListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateIPList updates the description of an existing IP List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-update-list
+//
+// Deprecated: Use `UpdateList` instead.
+func (api *API) UpdateIPList(ctx context.Context, accountID, ID, description string) (IPList, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, IPListUpdateRequest{Description: description})
+	if err != nil {
+		return IPList{}, err
+	}
+
+	result := IPListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteIPList deletes an IP List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-delete-list
+//
+// Deprecated: Use `DeleteList` instead.
+func (api *API) DeleteIPList(ctx context.Context, accountID, ID string) (IPListDeleteResponse, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return IPListDeleteResponse{}, err
+	}
+
+	result := IPListDeleteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// ListIPListItems returns a list with all items in an IP List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-list-list-items
+//
+// Deprecated: Use `ListListItems` instead.
+func (api *API) ListIPListItems(ctx context.Context, accountID, ID string) ([]IPListItem, error) {
+	var list []IPListItem
+	var cursor string
+	var cursorQuery string
+
+	for {
+		if len(cursor) > 0 {
+			cursorQuery = fmt.Sprintf("?cursor=%s", cursor)
+		}
+		uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items%s", accountID, ID, cursorQuery)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []IPListItem{}, err
+		}
+
+		result := IPListItemsListResponse{}
+		if err := json.Unmarshal(res, &result); err != nil {
+			return []IPListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		list = append(list, result.Result...)
+		if cursor = result.ResultInfo.Cursors.After; cursor == "" {
+			break
+		}
+	}
+
+	return list, nil
+}
+
+// CreateIPListItemAsync creates a new IP List Item asynchronously. Users have
+// to poll the operation status by using the operation_id returned by this
+// function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
+//
+// Deprecated: Use `CreateListItemAsync` instead.
+func (api *API) CreateIPListItemAsync(ctx context.Context, accountID, ID, ip, comment string) (IPListItemCreateResponse, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, []IPListItemCreateRequest{{IP: ip, Comment: comment}})
+	if err != nil {
+		return IPListItemCreateResponse{}, err
+	}
+
+	result := IPListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// CreateIPListItem creates a new IP List Item synchronously and returns the
+// current set of IP List Items.
+//
+// Deprecated: Use `CreateListItem` instead.
+func (api *API) CreateIPListItem(ctx context.Context, accountID, ID, ip, comment string) ([]IPListItem, error) {
+	result, err := api.CreateIPListItemAsync(ctx, accountID, ID, ip, comment)
+
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	return api.ListIPListItems(ctx, accountID, ID)
+}
+
+// CreateIPListItemsAsync bulk creates many IP List Items asynchronously. Users
+// have to poll the operation status by using the operation_id returned by this
+// function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
+//
+// Deprecated: Use `CreateListItemsAsync` instead.
+func (api *API) CreateIPListItemsAsync(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
+	IPListItemCreateResponse, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, items)
+	if err != nil {
+		return IPListItemCreateResponse{}, err
+	}
+
+	result := IPListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// CreateIPListItems bulk creates many IP List Items synchronously and returns
+// the current set of IP List Items.
+//
+// Deprecated: Use `CreateListItems` instead.
+func (api *API) CreateIPListItems(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
+	[]IPListItem, error) {
+	result, err := api.CreateIPListItemsAsync(ctx, accountID, ID, items)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	return api.ListIPListItems(ctx, accountID, ID)
+}
+
+// ReplaceIPListItemsAsync replaces all IP List Items asynchronously. Users have
+// to poll the operation status by using the operation_id returned by this
+// function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-replace-list-items
+//
+// Deprecated: Use `ReplaceListItemsAsync` instead.
+func (api *API) ReplaceIPListItemsAsync(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
+	IPListItemCreateResponse, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, items)
+	if err != nil {
+		return IPListItemCreateResponse{}, err
+	}
+
+	result := IPListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// ReplaceIPListItems replaces all IP List Items synchronously and returns the
+// current set of IP List Items.
+//
+// Deprecated: Use `ReplaceListItems` instead.
+func (api *API) ReplaceIPListItems(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
+	[]IPListItem, error) {
+	result, err := api.ReplaceIPListItemsAsync(ctx, accountID, ID, items)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	return api.ListIPListItems(ctx, accountID, ID)
+}
+
+// DeleteIPListItemsAsync removes specific Items of an IP List by their ID
+// asynchronously. Users have to poll the operation status by using the
+// operation_id returned by this function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-delete-list-items
+//
+// Deprecated: Use `DeleteListItemsAsync` instead.
+func (api *API) DeleteIPListItemsAsync(ctx context.Context, accountID, ID string, items IPListItemDeleteRequest) (
+	IPListItemDeleteResponse, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, items)
+	if err != nil {
+		return IPListItemDeleteResponse{}, err
+	}
+
+	result := IPListItemDeleteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListItemDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// DeleteIPListItems removes specific Items of an IP List by their ID
+// synchronously and returns the current set of IP List Items.
+//
+// Deprecated: Use `DeleteListItems` instead.
+func (api *API) DeleteIPListItems(ctx context.Context, accountID, ID string, items IPListItemDeleteRequest) (
+	[]IPListItem, error) {
+	result, err := api.DeleteIPListItemsAsync(ctx, accountID, ID, items)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
+	if err != nil {
+		return []IPListItem{}, err
+	}
+
+	return api.ListIPListItems(ctx, accountID, ID)
+}
+
+// GetIPListItem returns a single IP List Item.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-list-item
+//
+// Deprecated: Use `GetListItem` instead.
+func (api *API) GetIPListItem(ctx context.Context, accountID, listID, id string) (IPListItem, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items/%s", accountID, listID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IPListItem{}, err
+	}
+
+	result := IPListItemsGetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetIPListBulkOperation returns the status of a bulk operation.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-bulk-operation
+//
+// Deprecated: Use `GetListBulkOperation` instead.
+func (api *API) GetIPListBulkOperation(ctx context.Context, accountID, ID string) (IPListBulkOperation, error) {
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/bulk_operations/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return IPListBulkOperation{}, err
+	}
+
+	result := IPListBulkOperationResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return IPListBulkOperation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// pollIPListBulkOperation implements synchronous behaviour for some
+// asynchronous endpoints. bulk-operation status can be either pending, running,
+// failed or completed.
+func (api *API) pollIPListBulkOperation(ctx context.Context, accountID, ID string) error {
+	for i := uint8(0); i < 16; i++ {
+		sleepDuration := 1 << (i / 2) * time.Second
+		select {
+		case <-time.After(sleepDuration):
+		case <-ctx.Done():
+			return fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
+		}
+
+		bulkResult, err := api.GetIPListBulkOperation(ctx, accountID, ID)
+		if err != nil {
+			return err
+		}
+
+		switch bulkResult.Status {
+		case "failed":
+			return errors.New(bulkResult.Error)
+		case "pending", "running":
+			continue
+		case "completed":
+			return nil
+		default:
+			return fmt.Errorf("%s: %s", errOperationUnexpectedStatus, bulkResult.Status)
+		}
+	}
+
+	return errors.New(errOperationStillRunning)
+}
diff --git a/pkg/cloudflare-go/ip_list_test.go b/pkg/cloudflare-go/ip_list_test.go
new file mode 100644
index 0000000000..88369b8cd3
--- /dev/null
+++ b/pkg/cloudflare-go/ip_list_test.go
@@ -0,0 +1,474 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListIPLists(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+				{
+					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+					"name": "list1",
+					"description": "This is a note.",
+					"kind": "ip",
+					"num_items": 10,
+					"num_referencing_filters": 2,
+					"created_on": "2020-01-01T08:00:00Z",
+					"modified_on": "2020-01-10T14:00:00Z"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := []IPList{
+		{
+			ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			Name:                  "list1",
+			Description:           "This is a note.",
+			Kind:                  "ip",
+			NumItems:              10,
+			NumReferencingFilters: 2,
+			CreatedOn:             &createdOn,
+			ModifiedOn:            &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListIPLists(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateIPList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This is a note.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := IPList{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This is a note.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.CreateIPList(context.Background(), testAccountID, "list1", "This is a note.", "ip")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetIPList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This is a note.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := IPList{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This is a note.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.GetIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateIPList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This note was updated.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := IPList{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This note was updated.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.UpdateIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		"This note was updated.")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteIPList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "34b12448945f11eaa1b71c4d701ab86e"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	want := IPListDeleteResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.ID = "34b12448945f11eaa1b71c4d701ab86e"
+
+	actual, err := client.DeleteIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListIPListsItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
+			fmt.Fprint(w, `{
+			"result": [
+    			{
+      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"ip": "192.0.2.2",
+      				"comment": "Another Private IP address",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		} else {
+			fmt.Fprint(w, `{
+			"result": [
+    			{
+      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"ip": "192.0.2.1",
+      				"comment": "Private IP address",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx",
+					"after": "yyy"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		}
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := []IPListItem{
+		{
+			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			IP:         "192.0.2.1",
+			Comment:    "Private IP address",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+		{
+			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			IP:         "192.0.2.2",
+			Comment:    "Another Private IP address",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListIPListItems(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateIPListItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := IPListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.CreateIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		[]IPListItemCreateRequest{{
+			IP:      "192.0.2.1",
+			Comment: "Private IP",
+		}, {
+			IP:      "192.0.2.2",
+			Comment: "Another Private IP",
+		}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceIPListItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := IPListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.ReplaceIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		[]IPListItemCreateRequest{{
+			IP:      "192.0.2.1",
+			Comment: "Private IP",
+		}, {
+			IP:      "192.0.2.2",
+			Comment: "Another Private IP",
+		}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteIPListItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := IPListItemDeleteResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.DeleteIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		IPListItemDeleteRequest{[]IPListItemDeleteItemRequest{{
+			ID: "34b12448945f11eaa1b71c4d701ab86e",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetIPListItem(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"ip": "192.0.2.1",
+				"comment": "Private IP address",
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
+		"34b12448945f11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := IPListItem{
+		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		IP:         "192.0.2.1",
+		Comment:    "Private IP address",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	}
+
+	actual, err := client.GetIPListItem(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		"34b12448945f11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestPollIPListTimeout(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), 0)
+	defer cancel()
+
+	start := time.Now()
+	err := client.pollIPListBulkOperation(ctx, testAccountID, "list1")
+	assert.ErrorIs(t, err, context.DeadlineExceeded)
+	assert.WithinDuration(t, start, time.Now(), time.Second,
+		"pollIPListBulkOperation took too much time with an expiring context")
+}
diff --git a/pkg/cloudflare-go/ips.go b/pkg/cloudflare-go/ips.go
new file mode 100644
index 0000000000..3f181a79bb
--- /dev/null
+++ b/pkg/cloudflare-go/ips.go
@@ -0,0 +1,72 @@
+package cloudflare
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/goccy/go-json"
+)
+
+// IPRangesResponse contains the structure for the API response, not modified.
+type IPRangesResponse struct {
+	IPv4CIDRs  []string `json:"ipv4_cidrs"`
+	IPv6CIDRs  []string `json:"ipv6_cidrs"`
+	ChinaColos []string `json:"china_colos"`
+}
+
+// IPRanges contains lists of IPv4 and IPv6 CIDRs.
+type IPRanges struct {
+	IPv4CIDRs      []string `json:"ipv4_cidrs"`
+	IPv6CIDRs      []string `json:"ipv6_cidrs"`
+	ChinaIPv4CIDRs []string `json:"china_ipv4_cidrs"`
+	ChinaIPv6CIDRs []string `json:"china_ipv6_cidrs"`
+}
+
+// IPsResponse is the API response containing a list of IPs.
+type IPsResponse struct {
+	Response
+	Result IPRangesResponse `json:"result"`
+}
+
+// IPs gets a list of Cloudflare's IP ranges.
+//
+// This does not require logging in to the API.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ips
+func IPs() (IPRanges, error) {
+	uri := fmt.Sprintf("%s/ips?china_colo=1", apiURL)
+	resp, err := http.Get(uri) //nolint:gosec
+	if err != nil {
+		return IPRanges{}, fmt.Errorf("HTTP request failed: %w", err)
+	}
+	if resp.StatusCode != http.StatusOK {
+		return IPRanges{}, errors.New("HTTP request failed: status is not HTTP 200")
+	}
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return IPRanges{}, fmt.Errorf("Response body could not be read: %w", err)
+	}
+	var r IPsResponse
+	err = json.Unmarshal(body, &r)
+	if err != nil {
+		return IPRanges{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	var ips IPRanges
+	ips.IPv4CIDRs = r.Result.IPv4CIDRs
+	ips.IPv6CIDRs = r.Result.IPv6CIDRs
+
+	for _, ip := range r.Result.ChinaColos {
+		if strings.Contains(ip, ":") {
+			ips.ChinaIPv6CIDRs = append(ips.ChinaIPv6CIDRs, ip)
+		} else {
+			ips.ChinaIPv4CIDRs = append(ips.ChinaIPv4CIDRs, ip)
+		}
+	}
+
+	return ips, nil
+}
diff --git a/pkg/cloudflare-go/ips_test.go b/pkg/cloudflare-go/ips_test.go
new file mode 100644
index 0000000000..cc3b959307
--- /dev/null
+++ b/pkg/cloudflare-go/ips_test.go
@@ -0,0 +1,72 @@
+package cloudflare
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type MockTransport struct {
+	http.Transport
+	Server *httptest.Server
+	Path   string
+}
+
+func (m *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
+	url, err := url.Parse(m.Server.URL + m.Path)
+	if err != nil {
+		return nil, err
+	}
+
+	req.URL = url
+
+	return m.Transport.RoundTrip(req)
+}
+
+func Test_IPs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux := http.NewServeMux()
+	server = httptest.NewServer(mux)
+	defer server.Close()
+
+	defaultTransport := http.DefaultTransport
+	http.DefaultTransport = &MockTransport{
+		Server: server,
+		Path:   "/ips",
+	}
+	defer func() { http.DefaultTransport = defaultTransport }()
+
+	mux.HandleFunc("/ips", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "ipv4_cidrs": ["198.51.100.0/24"],
+    "ipv6_cidrs": ["ffff:ffff::/32"],
+    "china_colos": ["42.81.6.0/25", "2408:871a:1801:7::/72"]
+  }
+}`)
+	})
+
+	ipRanges, err := IPs()
+
+	assert.NoError(t, err)
+
+	assert.Len(t, ipRanges.IPv4CIDRs, 1)
+	assert.Equal(t, "198.51.100.0/24", ipRanges.IPv4CIDRs[0])
+	assert.Len(t, ipRanges.IPv6CIDRs, 1)
+	assert.Equal(t, "ffff:ffff::/32", ipRanges.IPv6CIDRs[0])
+	assert.Len(t, ipRanges.ChinaIPv4CIDRs, 1)
+	assert.Equal(t, "42.81.6.0/25", ipRanges.ChinaIPv4CIDRs[0])
+	assert.Len(t, ipRanges.ChinaIPv6CIDRs, 1)
+	assert.Equal(t, "2408:871a:1801:7::/72", ipRanges.ChinaIPv6CIDRs[0])
+}
diff --git a/pkg/cloudflare-go/keyless.go b/pkg/cloudflare-go/keyless.go
new file mode 100644
index 0000000000..39896af9b1
--- /dev/null
+++ b/pkg/cloudflare-go/keyless.go
@@ -0,0 +1,146 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// KeylessSSL represents Keyless SSL configuration.
+type KeylessSSL struct {
+	ID          string    `json:"id"`
+	Name        string    `json:"name"`
+	Host        string    `json:"host"`
+	Port        int       `json:"port"`
+	Status      string    `json:"status"`
+	Enabled     bool      `json:"enabled"`
+	Permissions []string  `json:"permissions"`
+	CreatedOn   time.Time `json:"created_on"`
+	ModifiedOn  time.Time `json:"modified_on"`
+}
+
+// KeylessSSLCreateRequest represents the request format made for creating KeylessSSL.
+type KeylessSSLCreateRequest struct {
+	Host         string `json:"host"`
+	Port         int    `json:"port"`
+	Certificate  string `json:"certificate"`
+	Name         string `json:"name,omitempty"`
+	BundleMethod string `json:"bundle_method,omitempty"`
+}
+
+// KeylessSSLDetailResponse is the API response, containing a single Keyless SSL.
+type KeylessSSLDetailResponse struct {
+	Response
+	Result KeylessSSL `json:"result"`
+}
+
+// KeylessSSLListResponse represents the response from the Keyless SSL list endpoint.
+type KeylessSSLListResponse struct {
+	Response
+	Result []KeylessSSL `json:"result"`
+}
+
+// KeylessSSLUpdateRequest represents the request for updating KeylessSSL.
+type KeylessSSLUpdateRequest struct {
+	Host    string `json:"host,omitempty"`
+	Name    string `json:"name,omitempty"`
+	Port    int    `json:"port,omitempty"`
+	Enabled *bool  `json:"enabled,omitempty"`
+}
+
+// CreateKeylessSSL creates a new Keyless SSL configuration for the zone.
+//
+// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-create-keyless-ssl-configuration
+func (api *API) CreateKeylessSSL(ctx context.Context, zoneID string, keylessSSL KeylessSSLCreateRequest) (KeylessSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/keyless_certificates", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, keylessSSL)
+	if err != nil {
+		return KeylessSSL{}, err
+	}
+
+	var keylessSSLDetailResponse KeylessSSLDetailResponse
+	err = json.Unmarshal(res, &keylessSSLDetailResponse)
+	if err != nil {
+		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return keylessSSLDetailResponse.Result, nil
+}
+
+// ListKeylessSSL lists Keyless SSL configurations for a zone.
+//
+// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-list-keyless-ssl-configurations
+func (api *API) ListKeylessSSL(ctx context.Context, zoneID string) ([]KeylessSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/keyless_certificates", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var keylessSSLListResponse KeylessSSLListResponse
+	err = json.Unmarshal(res, &keylessSSLListResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return keylessSSLListResponse.Result, nil
+}
+
+// KeylessSSL provides the configuration for a given Keyless SSL identifier.
+//
+// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-keyless-ssl-details
+func (api *API) KeylessSSL(ctx context.Context, zoneID, keylessSSLID string) (KeylessSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, keylessSSLID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return KeylessSSL{}, err
+	}
+
+	var keylessResponse KeylessSSLDetailResponse
+	err = json.Unmarshal(res, &keylessResponse)
+	if err != nil {
+		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return keylessResponse.Result, nil
+}
+
+// UpdateKeylessSSL updates an existing Keyless SSL configuration.
+//
+// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-edit-keyless-ssl-configuration
+func (api *API) UpdateKeylessSSL(ctx context.Context, zoneID, kelessSSLID string, keylessSSL KeylessSSLUpdateRequest) (KeylessSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, kelessSSLID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, keylessSSL)
+	if err != nil {
+		return KeylessSSL{}, err
+	}
+
+	var keylessSSLDetailResponse KeylessSSLDetailResponse
+	err = json.Unmarshal(res, &keylessSSLDetailResponse)
+	if err != nil {
+		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return keylessSSLDetailResponse.Result, nil
+}
+
+// DeleteKeylessSSL deletes an existing Keyless SSL configuration.
+//
+// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-delete-keyless-ssl-configuration
+func (api *API) DeleteKeylessSSL(ctx context.Context, zoneID, keylessSSLID string) error {
+	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, keylessSSLID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/keyless_test.go b/pkg/cloudflare-go/keyless_test.go
new file mode 100644
index 0000000000..4b90601daa
--- /dev/null
+++ b/pkg/cloudflare-go/keyless_test.go
@@ -0,0 +1,262 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCreateKeylessSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := KeylessSSLCreateRequest{
+		Host:         "example.com",
+		Port:         24008,
+		Certificate:  "-----BEGIN CERTIFICATE----- MIIDtTCCAp2g1v2tdw= -----END CERTIFICATE-----",
+		Name:         "example.com Keyless SSL",
+		BundleMethod: "optimal",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		var v KeylessSSLCreateRequest
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "4d2844d2ce78891c34d0b6c0535a291e",
+				"name": "example.com Keyless SSL",
+				"host": "example.com",
+				"port": 24008,
+				"status": "active",
+				"enabled": false,
+				"permissions": [
+					"#ssl:read",
+					"#ssl:edit"
+				],
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates", handler)
+
+	actual, err := client.CreateKeylessSSL(context.Background(), testZoneID, input)
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := KeylessSSL{
+		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
+		Name:        input.Name,
+		Host:        input.Host,
+		Port:        input.Port,
+		Status:      "active",
+		Enabled:     false,
+		Permissions: []string{"#ssl:read", "#ssl:edit"},
+		CreatedOn:   createdOn,
+		ModifiedOn:  modifiedOn,
+	}
+	assert.Equal(t, want, actual)
+}
+
+func TestListKeylessSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":[
+			   {
+				  "id":"4d2844d2ce78891c34d0b6c0535a291e",
+				  "name":"example.com Keyless SSL",
+				  "host":"example.com",
+				  "port":24008,
+				  "status":"active",
+				  "enabled":false,
+				  "permissions":[
+					 "#ssl:read",
+					 "#ssl:edit"
+				  ],
+				  "created_on":"2014-01-01T05:20:00Z",
+				  "modified_on":"2014-01-01T05:20:00Z"
+			   }
+			]
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates", handler)
+
+	actual, err := client.ListKeylessSSL(context.Background(), testZoneID)
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := []KeylessSSL{{
+		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
+		Name:        "example.com Keyless SSL",
+		Host:        "example.com",
+		Port:        24008,
+		Status:      "active",
+		Enabled:     false,
+		Permissions: []string{"#ssl:read", "#ssl:edit"},
+		CreatedOn:   createdOn,
+		ModifiedOn:  modifiedOn,
+	}}
+	assert.Equal(t, want, actual)
+}
+
+func TestKeylessSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+			   "id":"4d2844d2ce78891c34d0b6c0535a291e",
+			   "name":"example.com Keyless SSL",
+			   "host":"example.com",
+			   "port":24008,
+			   "status":"active",
+			   "enabled":false,
+			   "permissions":[
+				  "#ssl:read",
+				  "#ssl:edit"
+			   ],
+			   "created_on":"2014-01-01T05:20:00Z",
+			   "modified_on":"2014-01-01T05:20:00Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
+
+	actual, err := client.KeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e")
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := KeylessSSL{
+		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
+		Name:        "example.com Keyless SSL",
+		Host:        "example.com",
+		Port:        24008,
+		Status:      "active",
+		Enabled:     false,
+		Permissions: []string{"#ssl:read", "#ssl:edit"},
+		CreatedOn:   createdOn,
+		ModifiedOn:  modifiedOn,
+	}
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateKeylessSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	enabled := false
+	input := KeylessSSLUpdateRequest{
+		Host:    "example.com",
+		Name:    "example.com Keyless SSL",
+		Port:    24008,
+		Enabled: &enabled,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		var v KeylessSSLUpdateRequest
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, input, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+			   "id":"4d2844d2ce78891c34d0b6c0535a291e",
+			   "name":"example.com Keyless SSL",
+			   "host":"example.com",
+			   "port":24008,
+			   "status":"active",
+			   "enabled":false,
+			   "permissions":[
+				  "#ssl:read",
+				  "#ssl:edit"
+			   ],
+			   "created_on":"2014-01-01T05:20:00Z",
+			   "modified_on":"2014-01-01T05:20:00Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
+
+	actual, err := client.UpdateKeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e", input)
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := KeylessSSL{
+		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
+		Name:        input.Name,
+		Host:        input.Host,
+		Port:        input.Port,
+		Status:      "active",
+		Enabled:     enabled,
+		Permissions: []string{"#ssl:read", "#ssl:edit"},
+		CreatedOn:   createdOn,
+		ModifiedOn:  modifiedOn,
+	}
+	assert.Equal(t, want, actual)
+}
+
+func TestDeleteKeylessSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":{
+			   "id":"4d2844d2ce78891c34d0b6c0535a291e"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
+
+	err := client.DeleteKeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e")
+	require.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/list.go b/pkg/cloudflare-go/list.go
new file mode 100644
index 0000000000..f7cef4aca6
--- /dev/null
+++ b/pkg/cloudflare-go/list.go
@@ -0,0 +1,629 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	// ListTypeIP specifies a list containing IP addresses.
+	ListTypeIP = "ip"
+	// ListTypeRedirect specifies a list containing redirects.
+	ListTypeRedirect = "redirect"
+	// ListTypeHostname specifies a list containing hostnames.
+	ListTypeHostname = "hostname"
+	// ListTypeHostname specifies a list containing autonomous system numbers (ASNs).
+	ListTypeASN = "asn"
+)
+
+// ListBulkOperation contains information about a Bulk Operation.
+type ListBulkOperation struct {
+	ID        string     `json:"id"`
+	Status    string     `json:"status"`
+	Error     string     `json:"error"`
+	Completed *time.Time `json:"completed"`
+}
+
+// List contains information about a List.
+type List struct {
+	ID                    string     `json:"id"`
+	Name                  string     `json:"name"`
+	Description           string     `json:"description"`
+	Kind                  string     `json:"kind"`
+	NumItems              int        `json:"num_items"`
+	NumReferencingFilters int        `json:"num_referencing_filters"`
+	CreatedOn             *time.Time `json:"created_on"`
+	ModifiedOn            *time.Time `json:"modified_on"`
+}
+
+// Redirect represents a redirect item in a List.
+type Redirect struct {
+	SourceUrl           string `json:"source_url"`
+	IncludeSubdomains   *bool  `json:"include_subdomains,omitempty"`
+	TargetUrl           string `json:"target_url"`
+	StatusCode          *int   `json:"status_code,omitempty"`
+	PreserveQueryString *bool  `json:"preserve_query_string,omitempty"`
+	SubpathMatching     *bool  `json:"subpath_matching,omitempty"`
+	PreservePathSuffix  *bool  `json:"preserve_path_suffix,omitempty"`
+}
+
+type Hostname struct {
+	UrlHostname string `json:"url_hostname"`
+}
+
+// ListItem contains information about a single List Item.
+type ListItem struct {
+	ID         string     `json:"id"`
+	IP         *string    `json:"ip,omitempty"`
+	Redirect   *Redirect  `json:"redirect,omitempty"`
+	Hostname   *Hostname  `json:"hostname,omitempty"`
+	ASN        *uint32    `json:"asn,omitempty"`
+	Comment    string     `json:"comment"`
+	CreatedOn  *time.Time `json:"created_on"`
+	ModifiedOn *time.Time `json:"modified_on"`
+}
+
+// ListCreateRequest contains data for a new List.
+type ListCreateRequest struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+	Kind        string `json:"kind"`
+}
+
+// ListItemCreateRequest contains data for a new List Item.
+type ListItemCreateRequest struct {
+	IP       *string   `json:"ip,omitempty"`
+	Redirect *Redirect `json:"redirect,omitempty"`
+	Hostname *Hostname `json:"hostname,omitempty"`
+	ASN      *uint32   `json:"asn,omitempty"`
+	Comment  string    `json:"comment"`
+}
+
+// ListItemDeleteRequest wraps List Items that shall be deleted.
+type ListItemDeleteRequest struct {
+	Items []ListItemDeleteItemRequest `json:"items"`
+}
+
+// ListItemDeleteItemRequest contains single List Items that shall be deleted.
+type ListItemDeleteItemRequest struct {
+	ID string `json:"id"`
+}
+
+// ListUpdateRequest contains data for a List update.
+type ListUpdateRequest struct {
+	Description string `json:"description"`
+}
+
+// ListResponse contains a single List.
+type ListResponse struct {
+	Response
+	Result List `json:"result"`
+}
+
+// ListItemCreateResponse contains information about the creation of a List Item.
+type ListItemCreateResponse struct {
+	Response
+	Result struct {
+		OperationID string `json:"operation_id"`
+	} `json:"result"`
+}
+
+// ListListResponse contains a slice of Lists.
+type ListListResponse struct {
+	Response
+	Result []List `json:"result"`
+}
+
+// ListBulkOperationResponse contains information about a Bulk Operation.
+type ListBulkOperationResponse struct {
+	Response
+	Result ListBulkOperation `json:"result"`
+}
+
+// ListDeleteResponse contains information about the deletion of a List.
+type ListDeleteResponse struct {
+	Response
+	Result struct {
+		ID string `json:"id"`
+	} `json:"result"`
+}
+
+// ListItemsListResponse contains information about List Items.
+type ListItemsListResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []ListItem `json:"result"`
+}
+
+// ListItemDeleteResponse contains information about the deletion of a List Item.
+type ListItemDeleteResponse struct {
+	Response
+	Result struct {
+		OperationID string `json:"operation_id"`
+	} `json:"result"`
+}
+
+// ListItemsGetResponse contains information about a single List Item.
+type ListItemsGetResponse struct {
+	Response
+	Result ListItem `json:"result"`
+}
+
+type ListListsParams struct {
+}
+
+type ListCreateParams struct {
+	Name        string
+	Description string
+	Kind        string
+}
+
+type ListGetParams struct {
+	ID string
+}
+
+type ListUpdateParams struct {
+	ID          string
+	Description string
+}
+
+type ListDeleteParams struct {
+	ID string
+}
+
+type ListListItemsParams struct {
+	ID      string `url:"-"`
+	Search  string `url:"search,omitempty"`
+	PerPage int    `url:"per_page,omitempty"`
+	Cursor  string `url:"cursor,omitempty"`
+}
+
+type ListCreateItemsParams struct {
+	ID    string
+	Items []ListItemCreateRequest
+}
+
+type ListCreateItemParams struct {
+	ID   string
+	Item ListItemCreateRequest
+}
+
+type ListReplaceItemsParams struct {
+	ID    string
+	Items []ListItemCreateRequest
+}
+
+type ListDeleteItemsParams struct {
+	ID    string
+	Items ListItemDeleteRequest
+}
+
+type ListGetItemParams struct {
+	ListID string
+	ID     string
+}
+
+type ListGetBulkOperationParams struct {
+	ID string
+}
+
+// ListLists lists all Lists.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-list-lists
+func (api *API) ListLists(ctx context.Context, rc *ResourceContainer, params ListListsParams) ([]List, error) {
+	if rc.Identifier == "" {
+		return []List{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []List{}, err
+	}
+
+	result := ListListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// CreateList creates a new List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list
+func (api *API) CreateList(ctx context.Context, rc *ResourceContainer, params ListCreateParams) (List, error) {
+	if rc.Identifier == "" {
+		return List{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ListCreateRequest{Name: params.Name, Description: params.Description, Kind: params.Kind})
+	if err != nil {
+		return List{}, err
+	}
+
+	result := ListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetList returns a single List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-list
+func (api *API) GetList(ctx context.Context, rc *ResourceContainer, listID string) (List, error) {
+	if rc.Identifier == "" {
+		return List{}, ErrMissingAccountID
+	}
+
+	if listID == "" {
+		return List{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, listID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return List{}, err
+	}
+
+	result := ListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateList updates the description of an existing List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-update-list
+func (api *API) UpdateList(ctx context.Context, rc *ResourceContainer, params ListUpdateParams) (List, error) {
+	if rc.Identifier == "" {
+		return List{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return List{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, ListUpdateRequest{Description: params.Description})
+	if err != nil {
+		return List{}, err
+	}
+
+	result := ListResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteList deletes a List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-delete-list
+func (api *API) DeleteList(ctx context.Context, rc *ResourceContainer, listID string) (ListDeleteResponse, error) {
+	if rc.Identifier == "" {
+		return ListDeleteResponse{}, ErrMissingAccountID
+	}
+
+	if listID == "" {
+		return ListDeleteResponse{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, listID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return ListDeleteResponse{}, err
+	}
+
+	result := ListDeleteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// ListListItems returns a list with all items in a List.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-list-list-items
+func (api *API) ListListItems(ctx context.Context, rc *ResourceContainer, params ListListItemsParams) ([]ListItem, error) {
+	var list []ListItem
+
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []ListItem{}, err
+		}
+
+		result := ListItemsListResponse{}
+		if err := json.Unmarshal(res, &result); err != nil {
+			return []ListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		list = append(list, result.Result...)
+		if cursor := result.ResultInfo.Cursors.After; cursor == "" {
+			break
+		} else {
+			params.Cursor = cursor
+		}
+	}
+
+	return list, nil
+}
+
+// CreateListItemAsync creates a new List Item asynchronously. Users have to poll the operation status by
+// using the operation_id returned by this function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
+func (api *API) CreateListItemAsync(ctx context.Context, rc *ResourceContainer, params ListCreateItemParams) (ListItemCreateResponse, error) {
+	if rc.Identifier == "" {
+		return ListItemCreateResponse{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return ListItemCreateResponse{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, []ListItemCreateRequest{params.Item})
+	if err != nil {
+		return ListItemCreateResponse{}, err
+	}
+
+	result := ListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// CreateListItem creates a new List Item synchronously and returns the current set of List Items.
+func (api *API) CreateListItem(ctx context.Context, rc *ResourceContainer, params ListCreateItemParams) ([]ListItem, error) {
+	result, err := api.CreateListItemAsync(ctx, rc, params)
+
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
+}
+
+// CreateListItemsAsync bulk creates multiple List Items asynchronously. Users
+// have to poll the operation status by using the operation_id returned by this
+// function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
+func (api *API) CreateListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListCreateItemsParams) (ListItemCreateResponse, error) {
+	if rc.Identifier == "" {
+		return ListItemCreateResponse{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return ListItemCreateResponse{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Items)
+	if err != nil {
+		return ListItemCreateResponse{}, err
+	}
+
+	result := ListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// CreateListItems bulk creates multiple List Items synchronously and returns
+// the current set of List Items.
+func (api *API) CreateListItems(ctx context.Context, rc *ResourceContainer, params ListCreateItemsParams) ([]ListItem, error) {
+	result, err := api.CreateListItemsAsync(ctx, rc, params)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
+}
+
+// ReplaceListItemsAsync replaces all List Items asynchronously. Users have to
+// poll the operation status by using the operation_id returned by this
+// function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-replace-list-items
+func (api *API) ReplaceListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListReplaceItemsParams) (ListItemCreateResponse, error) {
+	if rc.Identifier == "" {
+		return ListItemCreateResponse{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return ListItemCreateResponse{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Items)
+	if err != nil {
+		return ListItemCreateResponse{}, err
+	}
+
+	result := ListItemCreateResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// ReplaceListItems replaces all List Items synchronously and returns the
+// current set of List Items.
+func (api *API) ReplaceListItems(ctx context.Context, rc *ResourceContainer, params ListReplaceItemsParams) (
+	[]ListItem, error) {
+	result, err := api.ReplaceListItemsAsync(ctx, rc, params)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
+}
+
+// DeleteListItemsAsync removes specific Items of a List by their ID
+// asynchronously. Users have to poll the operation status by using the
+// operation_id returned by this function.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-delete-list-items
+func (api *API) DeleteListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListDeleteItemsParams) (ListItemDeleteResponse, error) {
+	if rc.Identifier == "" {
+		return ListItemDeleteResponse{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return ListItemDeleteResponse{}, ErrMissingListID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, params.Items)
+	if err != nil {
+		return ListItemDeleteResponse{}, err
+	}
+
+	result := ListItemDeleteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListItemDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, nil
+}
+
+// DeleteListItems removes specific Items of a List by their ID synchronously
+// and returns the current set of List Items.
+func (api *API) DeleteListItems(ctx context.Context, rc *ResourceContainer, params ListDeleteItemsParams) ([]ListItem, error) {
+	result, err := api.DeleteListItemsAsync(ctx, rc, params)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
+	if err != nil {
+		return []ListItem{}, err
+	}
+
+	return api.ListListItems(ctx, AccountIdentifier(rc.Identifier), ListListItemsParams{ID: params.ID})
+}
+
+// GetListItem returns a single List Item.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-list-item
+func (api *API) GetListItem(ctx context.Context, rc *ResourceContainer, listID, itemID string) (ListItem, error) {
+	if rc.Identifier == "" {
+		return ListItem{}, ErrMissingAccountID
+	}
+
+	if listID == "" {
+		return ListItem{}, ErrMissingListID
+	}
+
+	if itemID == "" {
+		return ListItem{}, ErrMissingResourceIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items/%s", rc.Identifier, listID, itemID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ListItem{}, err
+	}
+
+	result := ListItemsGetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetListBulkOperation returns the status of a bulk operation.
+//
+// API reference: https://api.cloudflare.com/#rules-lists-get-bulk-operation
+func (api *API) GetListBulkOperation(ctx context.Context, rc *ResourceContainer, ID string) (ListBulkOperation, error) {
+	if rc.Identifier == "" {
+		return ListBulkOperation{}, ErrMissingAccountID
+	}
+
+	if ID == "" {
+		return ListBulkOperation{}, ErrMissingResourceIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/rules/lists/bulk_operations/%s", rc.Identifier, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ListBulkOperation{}, err
+	}
+
+	result := ListBulkOperationResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ListBulkOperation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// pollListBulkOperation implements synchronous behaviour for some asynchronous
+// endpoints. bulk-operation status can be either pending, running, failed or
+// completed.
+func (api *API) pollListBulkOperation(ctx context.Context, rc *ResourceContainer, ID string) error {
+	for i := uint8(0); i < 16; i++ {
+		sleepDuration := 1 << (i / 2) * time.Second
+		select {
+		case <-time.After(sleepDuration):
+		case <-ctx.Done():
+			return fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
+		}
+
+		bulkResult, err := api.GetListBulkOperation(ctx, rc, ID)
+		if err != nil {
+			return err
+		}
+
+		switch bulkResult.Status {
+		case "failed":
+			return errors.New(bulkResult.Error)
+		case "pending", "running":
+			continue
+		case "completed":
+			return nil
+		default:
+			return fmt.Errorf("%s: %s", errOperationUnexpectedStatus, bulkResult.Status)
+		}
+	}
+
+	return errors.New(errOperationStillRunning)
+}
diff --git a/pkg/cloudflare-go/list_test.go b/pkg/cloudflare-go/list_test.go
new file mode 100644
index 0000000000..0a622f8d1e
--- /dev/null
+++ b/pkg/cloudflare-go/list_test.go
@@ -0,0 +1,1045 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListLists(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+				{
+					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+					"name": "list1",
+					"description": "This is a note.",
+					"kind": "ip",
+					"num_items": 10,
+					"num_referencing_filters": 2,
+					"created_on": "2020-01-01T08:00:00Z",
+					"modified_on": "2020-01-10T14:00:00Z"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := []List{
+		{
+			ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			Name:                  "list1",
+			Description:           "This is a note.",
+			Kind:                  "ip",
+			NumItems:              10,
+			NumReferencingFilters: 2,
+			CreatedOn:             &createdOn,
+			ModifiedOn:            &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListLists(context.Background(), AccountIdentifier(testAccountID), ListListsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This is a note.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := List{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This is a note.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.CreateList(context.Background(), AccountIdentifier(testAccountID), ListCreateParams{
+		Name: "list1", Description: "This is a note.", Kind: "ip",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This is a note.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := List{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This is a note.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.GetList(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "list1",
+				"description": "This note was updated.",
+				"kind": "ip",
+				"num_items": 10,
+				"num_referencing_filters": 2,
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := List{
+		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:                  "list1",
+		Description:           "This note was updated.",
+		Kind:                  "ip",
+		NumItems:              10,
+		NumReferencingFilters: 2,
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+	}
+
+	actual, err := client.UpdateList(context.Background(), AccountIdentifier(testAccountID),
+		ListUpdateParams{
+			ID: "2c0fc9fa937b11eaa1b71c4d701ab86e", Description: "This note was updated.",
+		},
+	)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "34b12448945f11eaa1b71c4d701ab86e"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	want := ListDeleteResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.ID = "34b12448945f11eaa1b71c4d701ab86e"
+
+	actual, err := client.DeleteList(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListsItemsIP(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
+			fmt.Fprint(w, `{
+			"result": [
+    			{
+      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"ip": "192.0.2.2",
+      				"comment": "Another Private IP address",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		} else {
+			fmt.Fprint(w, `{
+			"result": [
+    			{
+      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"ip": "192.0.2.1",
+      				"comment": "Private IP address",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx",
+					"after": "yyy"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		}
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := []ListItem{
+		{
+			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			IP:         StringPtr("192.0.2.1"),
+			Comment:    "Private IP address",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+		{
+			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			IP:         StringPtr("192.0.2.2"),
+			Comment:    "Another Private IP address",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListListItems(context.Background(), AccountIdentifier(testAccountID), ListListItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListsItemsRedirect(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
+			fmt.Fprint(w, `{
+			"result": [
+				{
+      				"id": "1c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"redirect": {
+						"source_url": "www.3fonteinen.be",
+						"target_url": "https://shop.3fonteinen.be"
+					},
+      				"comment": "3F redirect",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		} else {
+			fmt.Fprint(w, `{
+			"result": [
+				{
+      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"redirect": {
+						"source_url": "http://cloudflare.com",
+						"include_subdomains": true,
+						"target_url": "https://cloudflare.com",
+						"status_code": 302,
+						"preserve_query_string": true,
+						"subpath_matching": true,
+						"preserve_path_suffix": false
+					},
+      				"comment": "Cloudflare http redirect",
+      				"created_on": "2020-01-01T08:00:00Z",
+      				"modified_on": "2020-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx",
+					"after": "yyy"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+		}
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := []ListItem{
+		{
+			ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
+			Redirect: &Redirect{
+				SourceUrl:           "http://cloudflare.com",
+				IncludeSubdomains:   BoolPtr(true),
+				TargetUrl:           "https://cloudflare.com",
+				StatusCode:          IntPtr(302),
+				PreserveQueryString: BoolPtr(true),
+				SubpathMatching:     BoolPtr(true),
+				PreservePathSuffix:  BoolPtr(false),
+			},
+			Comment:    "Cloudflare http redirect",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+		{
+			ID: "1c0fc9fa937b11eaa1b71c4d701ab86e",
+			Redirect: &Redirect{
+				SourceUrl: "www.3fonteinen.be",
+				TargetUrl: "https://shop.3fonteinen.be",
+			},
+			Comment:    "3F redirect",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListListItems(
+		context.Background(),
+		AccountIdentifier(testAccountID),
+		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
+	)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListsItemsHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+				{
+      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"hostname": {
+						"url_hostname": "cloudflare.com"
+					},
+      				"comment": "CF hostname",
+      				"created_on": "2023-01-01T08:00:00Z",
+      				"modified_on": "2023-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
+
+	want := []ListItem{
+		{
+			ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
+			Hostname: &Hostname{
+				UrlHostname: "cloudflare.com",
+			},
+			Comment:    "CF hostname",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListListItems(
+		context.Background(),
+		AccountIdentifier(testAccountID),
+		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
+	)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListsItemsASN(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		fmt.Fprint(w, `{
+			"result": [
+				{
+      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
+      				"asn": 3456,
+      				"comment": "ASN",
+      				"created_on": "2023-01-01T08:00:00Z",
+      				"modified_on": "2023-01-10T14:00:00Z"
+    			}
+  			],
+  			"result_info": {
+    			"cursors": {
+					"before": "xxx"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
+
+	want := []ListItem{
+		{
+			ID:         "0c0fc9fa937b11eaa1b71c4d701ab86e",
+			ASN:        Uint32Ptr(3456),
+			Comment:    "ASN",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+		},
+	}
+
+	actual, err := client.ListListItems(
+		context.Background(),
+		AccountIdentifier(testAccountID),
+		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
+	)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateListItemsIP(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			IP:      StringPtr("192.0.2.1"),
+			Comment: "Private IP",
+		}, {
+			IP:      StringPtr("192.0.2.2"),
+			Comment: "Another Private IP",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateListItemsRedirect(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
+		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			Redirect: &Redirect{
+				SourceUrl: "www.3fonteinen.be",
+				TargetUrl: "https://shop.3fonteinen.be",
+			},
+			Comment: "redirect 3F",
+		}, {
+			Redirect: &Redirect{
+				SourceUrl: "www.cf.com",
+				TargetUrl: "https://cloudflare.com",
+			},
+			Comment: "Redirect cf",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateListItemsHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
+		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			Hostname: &Hostname{
+				UrlHostname: "3fonteinen.be", // ie. only match 3fonteinen.be
+			},
+			Comment: "hostname 3F",
+		}, {
+			Hostname: &Hostname{
+				UrlHostname: "*.cf.com", // ie. match all subdomains of cf.com but not cf.com
+			},
+			Comment: "Hostname cf",
+		}, {
+			Hostname: &Hostname{
+				UrlHostname: "*.abc.com", // ie. equivalent to match all subdomains of abc.com excluding abc.com
+			},
+			Comment: "Hostname abc",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateListItemsASN(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
+		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			ASN:     Uint32Ptr(458),
+			Comment: "ASN 458",
+		}, {
+			ASN:     Uint32Ptr(789),
+			Comment: "ASN 789",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceListItemsIP(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			IP:      StringPtr("192.0.2.1"),
+			Comment: "Private IP",
+		}, {
+			IP:      StringPtr("192.0.2.2"),
+			Comment: "Another Private IP",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceListItemsRedirect(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			Redirect: &Redirect{
+				SourceUrl: "www.3fonteinen.be",
+				TargetUrl: "https://shop.3fonteinen.be",
+			},
+			Comment: "redirect 3F",
+		}, {
+			Redirect: &Redirect{
+				SourceUrl: "www.cf.com",
+				TargetUrl: "https://cloudflare.com",
+			},
+			Comment: "Redirect cf",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceListItemsHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			Hostname: &Hostname{
+				UrlHostname: "3fonteinen.be",
+			},
+			Comment: "hostname 3F",
+		}, {
+			Hostname: &Hostname{
+				UrlHostname: "cf.com",
+			},
+			Comment: "Hostname cf",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceListItemsASN(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemCreateResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: []ListItemCreateRequest{{
+			ASN:     Uint32Ptr(4567),
+			Comment: "ASN 4567",
+		}, {
+			ASN:     Uint32Ptr(8901),
+			Comment: "ASN 8901",
+		}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteListItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
+
+	want := ListItemDeleteResponse{}
+	want.Success = true
+	want.Errors = []ResponseInfo{}
+	want.Messages = []ResponseInfo{}
+	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
+
+	actual, err := client.DeleteListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListDeleteItemsParams{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Items: ListItemDeleteRequest{[]ListItemDeleteItemRequest{{
+			ID: "34b12448945f11eaa1b71c4d701ab86e",
+		}}}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetListItemIP(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"ip": "192.0.2.1",
+				"comment": "Private IP address",
+				"created_on": "2020-01-01T08:00:00Z",
+				"modified_on": "2020-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
+		"34b12448945f11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
+
+	want := ListItem{
+		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		IP:         StringPtr("192.0.2.1"),
+		Comment:    "Private IP address",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	}
+
+	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetListItemHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"hostname": {
+					"url_hostname": "cloudflare.com"
+				},
+				"comment": "CF Hostname",
+				"created_on": "2023-01-01T08:00:00Z",
+				"modified_on": "2023-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
+		"34b12448945f11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
+
+	want := ListItem{
+		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Hostname: &Hostname{
+			UrlHostname: "cloudflare.com",
+		},
+		Comment:    "CF Hostname",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	}
+
+	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetListItemASN(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"asn": 5555,
+				"comment": "asn 5555",
+				"created_on": "2023-01-01T08:00:00Z",
+				"modified_on": "2023-01-10T14:00:00Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
+		"34b12448945f11eaa1b71c4d701ab86e", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
+
+	want := ListItem{
+		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		ASN:        Uint32Ptr(5555),
+		Comment:    "asn 5555",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	}
+
+	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestPollListTimeout(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), 0)
+	defer cancel()
+
+	start := time.Now()
+	err := client.pollListBulkOperation(ctx, AccountIdentifier(testAccountID), "list1")
+	assert.ErrorIs(t, err, context.DeadlineExceeded)
+	assert.WithinDuration(t, start, time.Now(), time.Second,
+		"pollListBulkOperation took too much time with an expiring context")
+}
diff --git a/pkg/cloudflare-go/load_balancing.go b/pkg/cloudflare-go/load_balancing.go
new file mode 100644
index 0000000000..44d7fd9fa3
--- /dev/null
+++ b/pkg/cloudflare-go/load_balancing.go
@@ -0,0 +1,821 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// LoadBalancerPool represents a load balancer pool's properties.
+type LoadBalancerPool struct {
+	ID                string                      `json:"id,omitempty"`
+	CreatedOn         *time.Time                  `json:"created_on,omitempty"`
+	ModifiedOn        *time.Time                  `json:"modified_on,omitempty"`
+	Description       string                      `json:"description"`
+	Name              string                      `json:"name"`
+	Enabled           bool                        `json:"enabled"`
+	MinimumOrigins    *int                        `json:"minimum_origins,omitempty"`
+	Monitor           string                      `json:"monitor,omitempty"`
+	Origins           []LoadBalancerOrigin        `json:"origins"`
+	NotificationEmail string                      `json:"notification_email,omitempty"`
+	Latitude          *float32                    `json:"latitude,omitempty"`
+	Longitude         *float32                    `json:"longitude,omitempty"`
+	LoadShedding      *LoadBalancerLoadShedding   `json:"load_shedding,omitempty"`
+	OriginSteering    *LoadBalancerOriginSteering `json:"origin_steering,omitempty"`
+	Healthy           *bool                       `json:"healthy,omitempty"`
+
+	// CheckRegions defines the geographic region(s) from where to run health-checks from - e.g. "WNAM", "WEU", "SAF", "SAM".
+	// Providing a null/empty value means "all regions", which may not be available to all plan types.
+	CheckRegions []string `json:"check_regions"`
+}
+
+// LoadBalancerOrigin represents a Load Balancer origin's properties.
+type LoadBalancerOrigin struct {
+	Name    string `json:"name"`
+	Address string `json:"address"`
+	Enabled bool   `json:"enabled"`
+	// Weight of this origin relative to other origins in the pool.
+	// Based on the configured weight the total traffic is distributed
+	// among origins within the pool.
+	//
+	// When LoadBalancerOriginSteering.Policy="least_outstanding_requests", this
+	// weight is used to scale the origin's outstanding requests.
+	// When LoadBalancerOriginSteering.Policy="least_connections", this
+	// weight is used to scale the origin's open connections.
+	Weight float64             `json:"weight"`
+	Header map[string][]string `json:"header"`
+	// The virtual network subnet ID the origin belongs in.
+	// Virtual network must also belong to the account.
+	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
+}
+
+// LoadBalancerOriginSteering controls origin selection for new sessions and traffic without session affinity.
+type LoadBalancerOriginSteering struct {
+	// Policy determines the type of origin steering policy to use.
+	// It defaults to "random" (weighted) when empty or unspecified.
+	//
+	// "random": Select an origin randomly.
+	//
+	// "hash": Select an origin by computing a hash over the CF-Connecting-IP address.
+	//
+	// "least_outstanding_requests": Select an origin by taking into consideration origin weights,
+	// as well as each origin's number of outstanding requests. Origins with more pending requests
+	// are weighted proportionately less relative to others.
+	//
+	// "least_connections": Select an origin by taking into consideration origin weights,
+	// as well as each origin's number of open connections. Origins with more open connections
+	// are weighted proportionately less relative to others. Supported for HTTP/1 and HTTP/2 connections.
+	Policy string `json:"policy,omitempty"`
+}
+
+// LoadBalancerMonitor represents a load balancer monitor's properties.
+type LoadBalancerMonitor struct {
+	ID              string              `json:"id,omitempty"`
+	CreatedOn       *time.Time          `json:"created_on,omitempty"`
+	ModifiedOn      *time.Time          `json:"modified_on,omitempty"`
+	Type            string              `json:"type"`
+	Description     string              `json:"description"`
+	Method          string              `json:"method"`
+	Path            string              `json:"path"`
+	Header          map[string][]string `json:"header"`
+	Timeout         int                 `json:"timeout"`
+	Retries         int                 `json:"retries"`
+	Interval        int                 `json:"interval"`
+	ConsecutiveUp   int                 `json:"consecutive_up"`
+	ConsecutiveDown int                 `json:"consecutive_down"`
+	Port            uint16              `json:"port,omitempty"`
+	ExpectedBody    string              `json:"expected_body"`
+	ExpectedCodes   string              `json:"expected_codes"`
+	FollowRedirects bool                `json:"follow_redirects"`
+	AllowInsecure   bool                `json:"allow_insecure"`
+	ProbeZone       string              `json:"probe_zone"`
+}
+
+// LoadBalancer represents a load balancer's properties.
+type LoadBalancer struct {
+	ID                        string                     `json:"id,omitempty"`
+	CreatedOn                 *time.Time                 `json:"created_on,omitempty"`
+	ModifiedOn                *time.Time                 `json:"modified_on,omitempty"`
+	Description               string                     `json:"description"`
+	Name                      string                     `json:"name"`
+	TTL                       int                        `json:"ttl,omitempty"`
+	FallbackPool              string                     `json:"fallback_pool"`
+	DefaultPools              []string                   `json:"default_pools"`
+	RegionPools               map[string][]string        `json:"region_pools"`
+	PopPools                  map[string][]string        `json:"pop_pools"`
+	CountryPools              map[string][]string        `json:"country_pools"`
+	Proxied                   bool                       `json:"proxied"`
+	Enabled                   *bool                      `json:"enabled,omitempty"`
+	Persistence               string                     `json:"session_affinity,omitempty"`
+	PersistenceTTL            int                        `json:"session_affinity_ttl,omitempty"`
+	SessionAffinityAttributes *SessionAffinityAttributes `json:"session_affinity_attributes,omitempty"`
+	Rules                     []*LoadBalancerRule        `json:"rules,omitempty"`
+	RandomSteering            *RandomSteering            `json:"random_steering,omitempty"`
+	AdaptiveRouting           *AdaptiveRouting           `json:"adaptive_routing,omitempty"`
+	LocationStrategy          *LocationStrategy          `json:"location_strategy,omitempty"`
+
+	// SteeringPolicy controls pool selection logic.
+	//
+	// "off": Select pools in DefaultPools order.
+	//
+	// "geo": Select pools based on RegionPools/PopPools/CountryPools.
+	// For non-proxied requests, the country for CountryPools is determined by LocationStrategy.
+	//
+	// "dynamic_latency": Select pools based on RTT (requires health checks).
+	//
+	// "random": Selects pools in a random order.
+	//
+	// "proximity": Use the pools' latitude and longitude to select the closest pool using
+	// the Cloudflare PoP location for proxied requests or the location determined by
+	// LocationStrategy for non-proxied requests.
+	//
+	// "least_outstanding_requests": Select a pool by taking into consideration
+	// RandomSteering weights, as well as each pool's number of outstanding requests.
+	// Pools with more pending requests are weighted proportionately less relative to others.
+	//
+	// "least_connections": Select a pool by taking into consideration
+	// RandomSteering weights, as well as each pool's number of open connections.
+	// Pools with more open connections are weighted proportionately less relative to others.
+	// Supported for HTTP/1 and HTTP/2 connections.
+	//
+	// "": Maps to "geo" if RegionPools or PopPools or CountryPools have entries otherwise "off".
+	SteeringPolicy string `json:"steering_policy,omitempty"`
+}
+
+// LoadBalancerLoadShedding contains the settings for controlling load shedding.
+type LoadBalancerLoadShedding struct {
+	DefaultPercent float32 `json:"default_percent,omitempty"`
+	DefaultPolicy  string  `json:"default_policy,omitempty"`
+	SessionPercent float32 `json:"session_percent,omitempty"`
+	SessionPolicy  string  `json:"session_policy,omitempty"`
+}
+
+// LoadBalancerRule represents a single rule entry for a Load Balancer. Each rules
+// is run one after the other in priority order. Disabled rules are skipped.
+type LoadBalancerRule struct {
+	Overrides LoadBalancerRuleOverrides `json:"overrides"`
+
+	// Name is required but is only used for human readability
+	Name string `json:"name"`
+
+	Condition string `json:"condition"`
+
+	// Priority controls the order of rule execution the lowest value will be invoked first
+	Priority int `json:"priority"`
+
+	// FixedResponse if set and the condition is true we will not run
+	// routing logic but rather directly respond with the provided fields.
+	// FixedResponse implies terminates.
+	FixedResponse *LoadBalancerFixedResponseData `json:"fixed_response,omitempty"`
+
+	Disabled bool `json:"disabled"`
+
+	// Terminates flag this rule as 'terminating'. No further rules will
+	// be executed after this one.
+	Terminates bool `json:"terminates,omitempty"`
+}
+
+// LoadBalancerFixedResponseData contains all the data needed to generate
+// a fixed response from a Load Balancer. This behavior can be enabled via Rules.
+type LoadBalancerFixedResponseData struct {
+	// MessageBody data to write into the http body
+	MessageBody string `json:"message_body,omitempty"`
+	// StatusCode the http status code to response with
+	StatusCode int `json:"status_code,omitempty"`
+	// ContentType value of the http 'content-type' header
+	ContentType string `json:"content_type,omitempty"`
+	// Location value of the http 'location' header
+	Location string `json:"location,omitempty"`
+}
+
+// LoadBalancerRuleOverrides are the set of field overridable by the rules system.
+type LoadBalancerRuleOverrides struct {
+	// session affinity
+	Persistence    string `json:"session_affinity,omitempty"`
+	PersistenceTTL *uint  `json:"session_affinity_ttl,omitempty"`
+
+	SessionAffinityAttrs *LoadBalancerRuleOverridesSessionAffinityAttrs `json:"session_affinity_attributes,omitempty"`
+
+	TTL uint `json:"ttl,omitempty"`
+
+	SteeringPolicy string `json:"steering_policy,omitempty"`
+	FallbackPool   string `json:"fallback_pool,omitempty"`
+
+	DefaultPools []string            `json:"default_pools,omitempty"`
+	PoPPools     map[string][]string `json:"pop_pools,omitempty"`
+	RegionPools  map[string][]string `json:"region_pools,omitempty"`
+	CountryPools map[string][]string `json:"country_pools,omitempty"`
+
+	RandomSteering   *RandomSteering   `json:"random_steering,omitempty"`
+	AdaptiveRouting  *AdaptiveRouting  `json:"adaptive_routing,omitempty"`
+	LocationStrategy *LocationStrategy `json:"location_strategy,omitempty"`
+}
+
+// RandomSteering configures pool weights.
+//
+// SteeringPolicy="random": A random pool is selected with probability
+// proportional to pool weights.
+//
+// SteeringPolicy="least_outstanding_requests": Use pool weights to
+// scale each pool's outstanding requests.
+//
+// SteeringPolicy="least_connections": Use pool weights to
+// scale each pool's open connections.
+type RandomSteering struct {
+	DefaultWeight float64            `json:"default_weight,omitempty"`
+	PoolWeights   map[string]float64 `json:"pool_weights,omitempty"`
+}
+
+// AdaptiveRouting controls features that modify the routing of requests
+// to pools and origins in response to dynamic conditions, such as during
+// the interval between active health monitoring requests.
+// For example, zero-downtime failover occurs immediately when an origin
+// becomes unavailable due to HTTP 521, 522, or 523 response codes.
+// If there is another healthy origin in the same pool, the request is
+// retried once against this alternate origin.
+type AdaptiveRouting struct {
+	// FailoverAcrossPools extends zero-downtime failover of requests to healthy origins
+	// from alternate pools, when no healthy alternate exists in the same pool, according
+	// to the failover order defined by traffic and origin steering.
+	// When set false (the default) zero-downtime failover will only occur between origins
+	// within the same pool. See SessionAffinityAttributes for control over when sessions
+	// are broken or reassigned.
+	FailoverAcrossPools *bool `json:"failover_across_pools,omitempty"`
+}
+
+// LocationStrategy controls location-based steering for non-proxied requests.
+// See SteeringPolicy to learn how steering is affected.
+type LocationStrategy struct {
+	// PreferECS determines whether the EDNS Client Subnet (ECS) GeoIP should
+	// be preferred as the authoritative location.
+	//
+	// "always": Always prefer ECS.
+	//
+	// "never": Never prefer ECS.
+	//
+	// "proximity": (default) Prefer ECS only when SteeringPolicy="proximity".
+	//
+	// "geo": Prefer ECS only when SteeringPolicy="geo".
+	PreferECS string `json:"prefer_ecs,omitempty"`
+	// Mode determines the authoritative location when ECS is not preferred,
+	// does not exist in the request, or its GeoIP lookup is unsuccessful.
+	//
+	// "pop": (default) Use the Cloudflare PoP location.
+	//
+	// "resolver_ip": Use the DNS resolver GeoIP location.
+	// If the GeoIP lookup is unsuccessful, use the Cloudflare PoP location.
+	Mode string `json:"mode,omitempty"`
+}
+
+// LoadBalancerRuleOverridesSessionAffinityAttrs mimics SessionAffinityAttributes without the
+// DrainDuration field as that field can not be overwritten via rules.
+type LoadBalancerRuleOverridesSessionAffinityAttrs struct {
+	SameSite             string   `json:"samesite,omitempty"`
+	Secure               string   `json:"secure,omitempty"`
+	ZeroDowntimeFailover string   `json:"zero_downtime_failover,omitempty"`
+	Headers              []string `json:"headers,omitempty"`
+	RequireAllHeaders    *bool    `json:"require_all_headers,omitempty"`
+}
+
+// SessionAffinityAttributes represents additional configuration options for session affinity.
+type SessionAffinityAttributes struct {
+	SameSite             string   `json:"samesite,omitempty"`
+	Secure               string   `json:"secure,omitempty"`
+	DrainDuration        int      `json:"drain_duration,omitempty"`
+	ZeroDowntimeFailover string   `json:"zero_downtime_failover,omitempty"`
+	Headers              []string `json:"headers,omitempty"`
+	RequireAllHeaders    bool     `json:"require_all_headers,omitempty"`
+}
+
+// LoadBalancerOriginHealth represents the health of the origin.
+type LoadBalancerOriginHealth struct {
+	Healthy       bool     `json:"healthy,omitempty"`
+	RTT           Duration `json:"rtt,omitempty"`
+	FailureReason string   `json:"failure_reason,omitempty"`
+	ResponseCode  int      `json:"response_code,omitempty"`
+}
+
+// LoadBalancerPoolPopHealth represents the health of the pool for given PoP.
+type LoadBalancerPoolPopHealth struct {
+	Healthy bool                                  `json:"healthy,omitempty"`
+	Origins []map[string]LoadBalancerOriginHealth `json:"origins,omitempty"`
+}
+
+// LoadBalancerPoolHealth represents the healthchecks from different PoPs for a pool.
+type LoadBalancerPoolHealth struct {
+	ID        string                               `json:"pool_id,omitempty"`
+	PopHealth map[string]LoadBalancerPoolPopHealth `json:"pop_health,omitempty"`
+}
+
+// loadBalancerPoolResponse represents the response from the load balancer pool endpoints.
+type loadBalancerPoolResponse struct {
+	Response
+	Result LoadBalancerPool `json:"result"`
+}
+
+// loadBalancerPoolListResponse represents the response from the List Pools endpoint.
+type loadBalancerPoolListResponse struct {
+	Response
+	Result     []LoadBalancerPool `json:"result"`
+	ResultInfo ResultInfo         `json:"result_info"`
+}
+
+// loadBalancerMonitorResponse represents the response from the load balancer monitor endpoints.
+type loadBalancerMonitorResponse struct {
+	Response
+	Result LoadBalancerMonitor `json:"result"`
+}
+
+// loadBalancerMonitorListResponse represents the response from the List Monitors endpoint.
+type loadBalancerMonitorListResponse struct {
+	Response
+	Result     []LoadBalancerMonitor `json:"result"`
+	ResultInfo ResultInfo            `json:"result_info"`
+}
+
+// loadBalancerResponse represents the response from the load balancer endpoints.
+type loadBalancerResponse struct {
+	Response
+	Result LoadBalancer `json:"result"`
+}
+
+// loadBalancerListResponse represents the response from the List Load Balancers endpoint.
+type loadBalancerListResponse struct {
+	Response
+	Result     []LoadBalancer `json:"result"`
+	ResultInfo ResultInfo     `json:"result_info"`
+}
+
+// loadBalancerPoolHealthResponse represents the response from the Pool Health Details endpoint.
+type loadBalancerPoolHealthResponse struct {
+	Response
+	Result LoadBalancerPoolHealth `json:"result"`
+}
+
+type CreateLoadBalancerPoolParams struct {
+	LoadBalancerPool LoadBalancerPool
+}
+
+type ListLoadBalancerPoolParams struct {
+	PaginationOptions
+}
+
+type UpdateLoadBalancerPoolParams struct {
+	LoadBalancer LoadBalancerPool
+}
+
+type CreateLoadBalancerMonitorParams struct {
+	LoadBalancerMonitor LoadBalancerMonitor
+}
+
+type ListLoadBalancerMonitorParams struct {
+	PaginationOptions
+}
+
+type UpdateLoadBalancerMonitorParams struct {
+	LoadBalancerMonitor LoadBalancerMonitor
+}
+
+type CreateLoadBalancerParams struct {
+	LoadBalancer LoadBalancer
+}
+
+type ListLoadBalancerParams struct {
+	PaginationOptions
+}
+
+type UpdateLoadBalancerParams struct {
+	LoadBalancer LoadBalancer
+}
+
+var (
+	ErrMissingPoolID         = errors.New("missing required pool ID")
+	ErrMissingMonitorID      = errors.New("missing required monitor ID")
+	ErrMissingLoadBalancerID = errors.New("missing required load balancer ID")
+)
+
+// CreateLoadBalancerPool creates a new load balancer pool.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-create-pool
+func (api *API) CreateLoadBalancerPool(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerPoolParams) (LoadBalancerPool, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = "/user/load_balancers/pools"
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools", rc.Identifier)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancerPool)
+	if err != nil {
+		return LoadBalancerPool{}, err
+	}
+	var r loadBalancerPoolResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListLoadBalancerPools lists load balancer pools connected to an account.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-list-pools
+func (api *API) ListLoadBalancerPools(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerPoolParams) ([]LoadBalancerPool, error) {
+	if rc.Level == ZoneRouteLevel {
+		return []LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = "/user/load_balancers/pools"
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools", rc.Identifier)
+	}
+
+	uri = buildURI(uri, params.PaginationOptions)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r loadBalancerPoolListResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetLoadBalancerPool returns the details for a load balancer pool.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-pool-details
+func (api *API) GetLoadBalancerPool(ctx context.Context, rc *ResourceContainer, poolID string) (LoadBalancerPool, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if poolID == "" {
+		return LoadBalancerPool{}, ErrMissingPoolID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/pools/%s", poolID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, poolID)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LoadBalancerPool{}, err
+	}
+	var r loadBalancerPoolResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteLoadBalancerPool disables and deletes a load balancer pool.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-delete-pool
+func (api *API) DeleteLoadBalancerPool(ctx context.Context, rc *ResourceContainer, poolID string) error {
+	if rc.Level == ZoneRouteLevel {
+		return fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if poolID == "" {
+		return ErrMissingPoolID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/pools/%s", poolID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, poolID)
+	}
+
+	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// UpdateLoadBalancerPool modifies a configured load balancer pool.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-update-pool
+func (api *API) UpdateLoadBalancerPool(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerPoolParams) (LoadBalancerPool, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if params.LoadBalancer.ID == "" {
+		return LoadBalancerPool{}, ErrMissingPoolID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/pools/%s", params.LoadBalancer.ID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, params.LoadBalancer.ID)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancer)
+	if err != nil {
+		return LoadBalancerPool{}, err
+	}
+	var r loadBalancerPoolResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateLoadBalancerMonitor creates a new load balancer monitor.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-monitors-create-monitor
+func (api *API) CreateLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerMonitorParams) (LoadBalancerMonitor, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = "/user/load_balancers/monitors"
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors", rc.Identifier)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancerMonitor)
+	if err != nil {
+		return LoadBalancerMonitor{}, err
+	}
+	var r loadBalancerMonitorResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListLoadBalancerMonitors lists load balancer monitors connected to an account.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-monitors-list-monitors
+func (api *API) ListLoadBalancerMonitors(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerMonitorParams) ([]LoadBalancerMonitor, error) {
+	if rc.Level == ZoneRouteLevel {
+		return []LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = "/user/load_balancers/monitors"
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors", rc.Identifier)
+	}
+
+	uri = buildURI(uri, params.PaginationOptions)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r loadBalancerMonitorListResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetLoadBalancerMonitor returns the details for a load balancer monitor.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-monitors-monitor-details
+func (api *API) GetLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, monitorID string) (LoadBalancerMonitor, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if monitorID == "" {
+		return LoadBalancerMonitor{}, ErrMissingMonitorID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", monitorID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, monitorID)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LoadBalancerMonitor{}, err
+	}
+	var r loadBalancerMonitorResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteLoadBalancerMonitor disables and deletes a load balancer monitor.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-monitors-delete-monitor
+func (api *API) DeleteLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, monitorID string) error {
+	if rc.Level == ZoneRouteLevel {
+		return fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if monitorID == "" {
+		return ErrMissingMonitorID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", monitorID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, monitorID)
+	}
+
+	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+// UpdateLoadBalancerMonitor modifies a configured load balancer monitor.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-monitors-update-monitor
+func (api *API) UpdateLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerMonitorParams) (LoadBalancerMonitor, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if params.LoadBalancerMonitor.ID == "" {
+		return LoadBalancerMonitor{}, ErrMissingMonitorID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", params.LoadBalancerMonitor.ID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, params.LoadBalancerMonitor.ID)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancerMonitor)
+	if err != nil {
+		return LoadBalancerMonitor{}, err
+	}
+	var r loadBalancerMonitorResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateLoadBalancer creates a new load balancer.
+//
+// API reference: https://api.cloudflare.com/#load-balancers-create-load-balancer
+func (api *API) CreateLoadBalancer(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerParams) (LoadBalancer, error) {
+	if rc.Level != ZoneRouteLevel {
+		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/load_balancers", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancer)
+	if err != nil {
+		return LoadBalancer{}, err
+	}
+	var r loadBalancerResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListLoadBalancers lists load balancers configured on a zone.
+//
+// API reference: https://api.cloudflare.com/#load-balancers-list-load-balancers
+func (api *API) ListLoadBalancers(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerParams) ([]LoadBalancer, error) {
+	if rc.Level != ZoneRouteLevel {
+		return []LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/load_balancers", rc.Identifier), params.PaginationOptions)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r loadBalancerListResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetLoadBalancer returns the details for a load balancer.
+//
+// API reference: https://api.cloudflare.com/#load-balancers-load-balancer-details
+func (api *API) GetLoadBalancer(ctx context.Context, rc *ResourceContainer, loadbalancerID string) (LoadBalancer, error) {
+	if rc.Level != ZoneRouteLevel {
+		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if loadbalancerID == "" {
+		return LoadBalancer{}, ErrMissingLoadBalancerID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, loadbalancerID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LoadBalancer{}, err
+	}
+	var r loadBalancerResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteLoadBalancer disables and deletes a load balancer.
+//
+// API reference: https://api.cloudflare.com/#load-balancers-delete-load-balancer
+func (api *API) DeleteLoadBalancer(ctx context.Context, rc *ResourceContainer, loadbalancerID string) error {
+	if rc.Level != ZoneRouteLevel {
+		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if loadbalancerID == "" {
+		return ErrMissingLoadBalancerID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, loadbalancerID)
+
+	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+// UpdateLoadBalancer modifies a configured load balancer.
+//
+// API reference: https://api.cloudflare.com/#load-balancers-update-load-balancer
+func (api *API) UpdateLoadBalancer(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerParams) (LoadBalancer, error) {
+	if rc.Level != ZoneRouteLevel {
+		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if params.LoadBalancer.ID == "" {
+		return LoadBalancer{}, ErrMissingLoadBalancerID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, params.LoadBalancer.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancer)
+	if err != nil {
+		return LoadBalancer{}, err
+	}
+	var r loadBalancerResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetLoadBalancerPoolHealth fetches the latest healtcheck details for a single
+// pool.
+//
+// API reference: https://api.cloudflare.com/#load-balancer-pools-pool-health-details
+func (api *API) GetLoadBalancerPoolHealth(ctx context.Context, rc *ResourceContainer, poolID string) (LoadBalancerPoolHealth, error) {
+	if rc.Level == ZoneRouteLevel {
+		return LoadBalancerPoolHealth{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if poolID == "" {
+		return LoadBalancerPoolHealth{}, ErrMissingPoolID
+	}
+
+	var uri string
+	if rc.Level == UserRouteLevel {
+		uri = fmt.Sprintf("/user/load_balancers/pools/%s/health", poolID)
+	} else {
+		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s/health", rc.Identifier, poolID)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LoadBalancerPoolHealth{}, err
+	}
+	var r loadBalancerPoolHealthResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return LoadBalancerPoolHealth{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/load_balancing_example_test.go b/pkg/cloudflare-go/load_balancing_example_test.go
new file mode 100644
index 0000000000..2aaa8956ac
--- /dev/null
+++ b/pkg/cloudflare-go/load_balancing_example_test.go
@@ -0,0 +1,42 @@
+package cloudflare_test
+
+import (
+	context "context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListLoadBalancers() {
+	// Construct a new API object.
+	api, err := cloudflare.New("deadbeef", "test@example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// List LBs configured in zone.
+	lbList, err := api.ListLoadBalancers(context.Background(), cloudflare.ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), cloudflare.ListLoadBalancerParams{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, lb := range lbList {
+		fmt.Println(lb)
+	}
+}
+
+func ExampleAPI_GetLoadBalancerPoolHealth() {
+	// Construct a new API object.
+	api, err := cloudflare.New("deadbeef", "test@example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch pool health details.
+	healthInfo, err := api.GetLoadBalancerPoolHealth(context.Background(), cloudflare.AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), "example-pool-id")
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(healthInfo)
+}
diff --git a/pkg/cloudflare-go/load_balancing_test.go b/pkg/cloudflare-go/load_balancing_test.go
new file mode 100644
index 0000000000..3a9ab5afb5
--- /dev/null
+++ b/pkg/cloudflare-go/load_balancing_test.go
@@ -0,0 +1,2147 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateLoadBalancerPool(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+              "description": "Primary data center - Provider XYZ",
+              "name": "primary-dc-1",
+              "enabled": true,
+              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+              "latitude": 55,
+              "longitude": -12.5,
+              "load_shedding": {
+                "default_percent": 50,
+                "default_policy": "random",
+                "session_percent": 10,
+                "session_policy": "hash"
+              },
+              "origin_steering": {
+                "policy": "random"
+              },
+              "origins": [
+                {
+                  "name": "app-server-1",
+                  "address": "198.51.100.1",
+                  "enabled": true,
+                  "weight": 1,
+                  "header": {
+                      "Host": [
+                          "example.com"
+                      ]
+                  },
+			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                }
+              ],
+              "notification_email": "someone@example.com",
+              "check_regions": [
+                "WEU"
+              ]
+            }`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "17b5962d775c646f3f9725cbc7a53df4",
+              "created_on": "2014-01-01T05:20:00.12345Z",
+              "modified_on": "2014-02-01T05:20:00.12345Z",
+              "description": "Primary data center - Provider XYZ",
+              "name": "primary-dc-1",
+              "enabled": true,
+              "minimum_origins": 1,
+              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+              "latitude": 55,
+              "longitude": -12.5,
+              "load_shedding": {
+                "default_percent": 50,
+                "default_policy": "random",
+                "session_percent": 10,
+                "session_policy": "hash"
+              },
+              "origin_steering": {
+                "policy": "random"
+              },
+              "origins": [
+                {
+                  "name": "app-server-1",
+                  "address": "198.51.100.1",
+                  "enabled": true,
+                  "weight": 1,
+                  "header": {
+                      "Host": [
+                          "example.com"
+                      ]
+                  },
+			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                }
+              ],
+              "notification_email": "someone@example.com",
+              "check_regions": [
+                "WEU"
+              ],
+			  "healthy": true
+            }
+        }`)
+	}
+
+	fptr := func(f float32) *float32 {
+		return &f
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancerPool{
+		ID:             "17b5962d775c646f3f9725cbc7a53df4",
+		CreatedOn:      &createdOn,
+		ModifiedOn:     &modifiedOn,
+		Description:    "Primary data center - Provider XYZ",
+		Name:           "primary-dc-1",
+		Enabled:        true,
+		MinimumOrigins: IntPtr(1),
+		Monitor:        "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		Latitude:       fptr(55),
+		Longitude:      fptr(-12.5),
+		LoadShedding: &LoadBalancerLoadShedding{
+			DefaultPercent: 50,
+			DefaultPolicy:  "random",
+			SessionPercent: 10,
+			SessionPolicy:  "hash",
+		},
+		OriginSteering: &LoadBalancerOriginSteering{
+			Policy: "random",
+		},
+		Origins: []LoadBalancerOrigin{
+			{
+				Name:    "app-server-1",
+				Address: "198.51.100.1",
+				Enabled: true,
+				Weight:  1,
+				Header: map[string][]string{
+					"Host": {"example.com"},
+				},
+				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+			},
+		},
+		NotificationEmail: "someone@example.com",
+		CheckRegions: []string{
+			"WEU",
+		},
+		Healthy: BoolPtr(true),
+	}
+	request := LoadBalancerPool{
+		Description: "Primary data center - Provider XYZ",
+		Name:        "primary-dc-1",
+		Enabled:     true,
+		Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		Latitude:    fptr(55),
+		Longitude:   fptr(-12.5),
+		LoadShedding: &LoadBalancerLoadShedding{
+			DefaultPercent: 50,
+			DefaultPolicy:  "random",
+			SessionPercent: 10,
+			SessionPolicy:  "hash",
+		},
+		OriginSteering: &LoadBalancerOriginSteering{
+			Policy: "random",
+		},
+		Origins: []LoadBalancerOrigin{
+			{
+				Name:    "app-server-1",
+				Address: "198.51.100.1",
+				Enabled: true,
+				Weight:  1,
+				Header: map[string][]string{
+					"Host": {"example.com"},
+				},
+				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+			},
+		},
+		NotificationEmail: "someone@example.com",
+		CheckRegions: []string{
+			"WEU",
+		},
+	}
+
+	actual, err := client.CreateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerPoolParams{LoadBalancerPool: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateLoadBalancerPool_MinimumOriginsZero(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+              "description": "Primary data center - Provider XYZ",
+              "name": "primary-dc-2",
+              "minimum_origins": 0,
+              "enabled": true,
+              "check_regions": null,
+              "origins": null
+            }`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "description": "Primary data center - Provider XYZ",
+              "created_on": "2014-01-01T05:20:00.12345Z",
+              "modified_on": "2014-02-01T05:20:00.12345Z",
+              "id": "f6fea70e5154b4c563bd549ef405b7d7",
+              "enabled": true,
+              "minimum_origins": 0,
+              "name": "primary-dc-2",
+              "notification_email": "",
+              "check_regions": null,
+              "origins": []
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancerPool{
+		ID:                "f6fea70e5154b4c563bd549ef405b7d7",
+		CreatedOn:         &createdOn,
+		ModifiedOn:        &modifiedOn,
+		Description:       "Primary data center - Provider XYZ",
+		Name:              "primary-dc-2",
+		Enabled:           true,
+		MinimumOrigins:    IntPtr(0),
+		Origins:           []LoadBalancerOrigin{},
+		NotificationEmail: "",
+	}
+	request := LoadBalancerPool{
+		Description:    "Primary data center - Provider XYZ",
+		Name:           "primary-dc-2",
+		Enabled:        true,
+		MinimumOrigins: IntPtr(0),
+	}
+
+	actual, err := client.CreateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerPoolParams{LoadBalancerPool: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.CreateLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerPoolParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestListLoadBalancerPools(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": [
+                {
+                    "id": "17b5962d775c646f3f9725cbc7a53df4",
+                    "created_on": "2014-01-01T05:20:00.12345Z",
+                    "modified_on": "2014-02-01T05:20:00.12345Z",
+                    "description": "Primary data center - Provider XYZ",
+                    "name": "primary-dc-1",
+                    "enabled": true,
+                    "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                    "origin_steering": {
+                      "policy": "random"
+                    },
+                    "origins": [
+                      {
+                        "name": "app-server-1",
+                        "address": "198.51.100.1",
+                        "enabled": true,
+                        "weight": 1,
+					    "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                      }
+                    ],
+                    "notification_email": "someone@example.com"
+                }
+            ],
+            "result_info": {
+                "page": 1,
+                "per_page": 20,
+                "count": 1,
+                "total_count": 1
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := []LoadBalancerPool{
+		{
+			ID:          "17b5962d775c646f3f9725cbc7a53df4",
+			CreatedOn:   &createdOn,
+			ModifiedOn:  &modifiedOn,
+			Description: "Primary data center - Provider XYZ",
+			Name:        "primary-dc-1",
+			Enabled:     true,
+			Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
+			OriginSteering: &LoadBalancerOriginSteering{
+				Policy: "random",
+			},
+			Origins: []LoadBalancerOrigin{
+				{
+					Name:             "app-server-1",
+					Address:          "198.51.100.1",
+					Enabled:          true,
+					Weight:           1,
+					VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+				},
+			},
+			NotificationEmail: "someone@example.com",
+		},
+	}
+
+	actual, err := client.ListLoadBalancerPools(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerPoolParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.ListLoadBalancerPools(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerPoolParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestGetLoadBalancerPool(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "17b5962d775c646f3f9725cbc7a53df4",
+              "created_on": "2014-01-01T05:20:00.12345Z",
+              "modified_on": "2014-02-01T05:20:00.12345Z",
+              "description": "Primary data center - Provider XYZ",
+              "name": "primary-dc-1",
+              "enabled": true,
+              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+              "origin_steering": {
+                "policy": "random"
+              },
+              "origins": [
+                {
+                  "name": "app-server-1",
+                  "address": "198.51.100.1",
+                  "enabled": true,
+                  "weight": 1,
+				  "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                }
+              ],
+              "notification_email": "someone@example.com"
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancerPool{
+		ID:          "17b5962d775c646f3f9725cbc7a53df4",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Description: "Primary data center - Provider XYZ",
+		Name:        "primary-dc-1",
+		Enabled:     true,
+		Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		OriginSteering: &LoadBalancerOriginSteering{
+			Policy: "random",
+		},
+		Origins: []LoadBalancerOrigin{
+			{
+				Name:             "app-server-1",
+				Address:          "198.51.100.1",
+				Enabled:          true,
+				Weight:           1,
+				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+			},
+		},
+		NotificationEmail: "someone@example.com",
+	}
+
+	actual, err := client.GetLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "17b5962d775c646f3f9725cbc7a53df4")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.GetLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "bar")
+	assert.Error(t, err)
+}
+
+func TestGetLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestDeleteLoadBalancerPool(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "17b5962d775c646f3f9725cbc7a53df4"
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
+	assert.NoError(t, client.DeleteLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "17b5962d775c646f3f9725cbc7a53df4"))
+	assert.Error(t, client.DeleteLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "bar"))
+}
+
+func TestDeleteLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	err := client.DeleteLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestUpdateLoadBalancerPool(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+              "id": "17b5962d775c646f3f9725cbc7a53df4",
+              "description": "Primary data center - Provider XYZZY",
+              "name": "primary-dc-2",
+              "enabled": false,
+              "origin_steering": {
+                "policy": "random"
+              },
+              "origins": [
+                {
+                  "name": "app-server-2",
+                  "address": "198.51.100.2",
+                  "enabled": false,
+                  "weight": 1,
+                  "header": {
+                      "Host": [
+                          "example.com"
+                      ]
+                  },
+			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                }
+              ],
+              "notification_email": "nobody@example.com",
+              "check_regions": [
+                "WEU"
+              ]
+						}`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "17b5962d775c646f3f9725cbc7a53df4",
+              "created_on": "2014-01-01T05:20:00.12345Z",
+              "modified_on": "2017-02-01T05:20:00.12345Z",
+              "description": "Primary data center - Provider XYZZY",
+              "name": "primary-dc-2",
+              "enabled": false,
+              "origin_steering": {
+                "policy": "random"
+              },
+              "origins": [
+                {
+                  "name": "app-server-2",
+                  "address": "198.51.100.2",
+                  "enabled": false,
+                  "weight": 1,
+                  "header": {
+                      "Host": [
+                          "example.com"
+                      ]
+                  },
+			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
+                }
+              ],
+              "notification_email": "nobody@example.com",
+              "check_regions": [
+                "WEU"
+              ]
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
+	want := LoadBalancerPool{
+		ID:          "17b5962d775c646f3f9725cbc7a53df4",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Description: "Primary data center - Provider XYZZY",
+		Name:        "primary-dc-2",
+		Enabled:     false,
+		OriginSteering: &LoadBalancerOriginSteering{
+			Policy: "random",
+		},
+		Origins: []LoadBalancerOrigin{
+			{
+				Name:    "app-server-2",
+				Address: "198.51.100.2",
+				Enabled: false,
+				Weight:  1,
+				Header: map[string][]string{
+					"Host": {"example.com"},
+				},
+				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+			},
+		},
+		NotificationEmail: "nobody@example.com",
+		CheckRegions: []string{
+			"WEU",
+		},
+	}
+	request := LoadBalancerPool{
+		ID:          "17b5962d775c646f3f9725cbc7a53df4",
+		Description: "Primary data center - Provider XYZZY",
+		Name:        "primary-dc-2",
+		Enabled:     false,
+		OriginSteering: &LoadBalancerOriginSteering{
+			Policy: "random",
+		},
+		Origins: []LoadBalancerOrigin{
+			{
+				Name:    "app-server-2",
+				Address: "198.51.100.2",
+				Enabled: false,
+				Weight:  1,
+				Header: map[string][]string{
+					"Host": {"example.com"},
+				},
+				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
+			},
+		},
+		NotificationEmail: "nobody@example.com",
+		CheckRegions: []string{
+			"WEU",
+		},
+	}
+
+	actual, err := client.UpdateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerPoolParams{LoadBalancer: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerPoolParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestCreateLoadBalancerMonitor(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+              "type": "https",
+              "description": "Login page monitor",
+              "method": "GET",
+              "path": "/health",
+              "header": {
+                "Host": [
+                  "example.com"
+                ],
+                "X-App-ID": [
+                  "abc123"
+                ]
+              },
+              "timeout": 3,
+              "retries": 0,
+              "interval": 90,
+              "consecutive_up": 2,
+              "consecutive_down": 2,
+              "expected_body": "alive",
+              "expected_codes": "2xx",
+              "follow_redirects": true,
+              "allow_insecure": true,
+              "probe_zone": ""
+						}`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2014-02-01T05:20:00.12345Z",
+                "type": "https",
+                "description": "Login page monitor",
+                "method": "GET",
+                "path": "/health",
+                "header": {
+                  "Host": [
+                    "example.com"
+                  ],
+                  "X-App-ID": [
+                    "abc123"
+                  ]
+                },
+                "timeout": 3,
+                "retries": 0,
+                "interval": 90,
+                "consecutive_up": 2,
+                "consecutive_down": 2,
+                "expected_body": "alive",
+                "expected_codes": "2xx",
+                "follow_redirects": true,
+                "allow_insecure": true,
+                "probe_zone": ""
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancerMonitor{
+		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Type:        "https",
+		Description: "Login page monitor",
+		Method:      http.MethodGet,
+		Path:        "/health",
+		Header: map[string][]string{
+			"Host":     {"example.com"},
+			"X-App-ID": {"abc123"},
+		},
+		Timeout:         3,
+		Retries:         0,
+		Interval:        90,
+		ConsecutiveUp:   2,
+		ConsecutiveDown: 2,
+		ExpectedBody:    "alive",
+		ExpectedCodes:   "2xx",
+
+		FollowRedirects: true,
+		AllowInsecure:   true,
+	}
+	request := LoadBalancerMonitor{
+		Type:        "https",
+		Description: "Login page monitor",
+		Method:      http.MethodGet,
+		Path:        "/health",
+		Header: map[string][]string{
+			"Host":     {"example.com"},
+			"X-App-ID": {"abc123"},
+		},
+		Timeout:         3,
+		Retries:         0,
+		Interval:        90,
+		ConsecutiveUp:   2,
+		ConsecutiveDown: 2,
+		ExpectedBody:    "alive",
+		ExpectedCodes:   "2xx",
+
+		FollowRedirects: true,
+		AllowInsecure:   true,
+	}
+
+	actual, err := client.CreateLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerMonitorParams{LoadBalancerMonitor: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.CreateLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerMonitorParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestListLoadBalancerMonitors(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": [
+                {
+                    "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                    "created_on": "2014-01-01T05:20:00.12345Z",
+                    "modified_on": "2014-02-01T05:20:00.12345Z",
+                    "type": "https",
+                    "description": "Login page monitor",
+                    "method": "GET",
+                    "path": "/health",
+                    "header": {
+                      "Host": [
+                        "example.com"
+                      ],
+                      "X-App-ID": [
+                        "abc123"
+                      ]
+                    },
+                    "timeout": 3,
+                    "retries": 0,
+                    "interval": 90,
+                    "consecutive_up": 2,
+                    "consecutive_down": 2,
+                    "expected_body": "alive",
+                    "expected_codes": "2xx"
+                }
+            ],
+            "result_info": {
+                "page": 1,
+                "per_page": 20,
+                "count": 1,
+                "total_count": 1
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := []LoadBalancerMonitor{
+		{
+			ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
+			CreatedOn:   &createdOn,
+			ModifiedOn:  &modifiedOn,
+			Type:        "https",
+			Description: "Login page monitor",
+			Method:      http.MethodGet,
+			Path:        "/health",
+			Header: map[string][]string{
+				"Host":     {"example.com"},
+				"X-App-ID": {"abc123"},
+			},
+			Timeout:         3,
+			Retries:         0,
+			Interval:        90,
+			ConsecutiveUp:   2,
+			ConsecutiveDown: 2,
+			ExpectedBody:    "alive",
+			ExpectedCodes:   "2xx",
+		},
+	}
+
+	actual, err := client.ListLoadBalancerMonitors(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerMonitorParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListLoadBalancerMonitors_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.ListLoadBalancerMonitors(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerMonitorParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestGetLoadBalancerMonitor(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2014-02-01T05:20:00.12345Z",
+                "type": "https",
+                "description": "Login page monitor",
+                "method": "GET",
+                "path": "/health",
+                "header": {
+                  "Host": [
+                    "example.com"
+                  ],
+                  "X-App-ID": [
+                    "abc123"
+                  ]
+                },
+                "timeout": 3,
+                "retries": 0,
+                "interval": 90,
+                "consecutive_up": 2,
+                "consecutive_down": 2,
+                "expected_body": "alive",
+                "expected_codes": "2xx",
+                "follow_redirects": true,
+                "allow_insecure": true,
+                "probe_zone": ""
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancerMonitor{
+		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Type:        "https",
+		Description: "Login page monitor",
+		Method:      http.MethodGet,
+		Path:        "/health",
+		Header: map[string][]string{
+			"Host":     {"example.com"},
+			"X-App-ID": {"abc123"},
+		},
+		Timeout:         3,
+		Retries:         0,
+		Interval:        90,
+		ConsecutiveUp:   2,
+		ConsecutiveDown: 2,
+		ExpectedBody:    "alive",
+		ExpectedCodes:   "2xx",
+
+		FollowRedirects: true,
+		AllowInsecure:   true,
+	}
+
+	actual, err := client.GetLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "f1aba936b94213e5b8dca0c0dbf1f9cc")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.GetLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "bar")
+	assert.Error(t, err)
+}
+
+func TestGetLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestDeleteLoadBalancerMonitor(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "f1aba936b94213e5b8dca0c0dbf1f9cc"
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
+	assert.NoError(t, client.DeleteLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "f1aba936b94213e5b8dca0c0dbf1f9cc"))
+	assert.Error(t, client.DeleteLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "bar"))
+}
+
+func TestDeleteLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	err := client.DeleteLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestUpdateLoadBalancerMonitor(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                "type": "http",
+                "description": "Login page monitor",
+                "method": "GET",
+                "path": "/status",
+                "header": {
+                  "Host": [
+                    "example.com"
+                  ],
+                  "X-App-ID": [
+                    "easy"
+                  ]
+                },
+                "timeout": 3,
+                "retries": 0,
+                "interval": 90,
+                "consecutive_up": 2,
+                "consecutive_down": 2,
+                "expected_body": "kicking",
+                "expected_codes": "200",
+                "follow_redirects": true,
+                "allow_insecure": true,
+                "probe_zone": ""
+						}`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2017-02-01T05:20:00.12345Z",
+                "type": "http",
+                "description": "Login page monitor",
+                "method": "GET",
+                "path": "/status",
+                "header": {
+                  "Host": [
+                    "example.com"
+                  ],
+                  "X-App-ID": [
+                    "easy"
+                  ]
+                },
+                "timeout": 3,
+                "retries": 0,
+                "interval": 90,
+                "consecutive_up": 2,
+                "consecutive_down": 2,
+                "expected_body": "kicking",
+                "expected_codes": "200",
+                "follow_redirects": true,
+                "allow_insecure": true,
+                "probe_zone": ""
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
+	want := LoadBalancerMonitor{
+		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Type:        "http",
+		Description: "Login page monitor",
+		Method:      http.MethodGet,
+		Path:        "/status",
+		Header: map[string][]string{
+			"Host":     {"example.com"},
+			"X-App-ID": {"easy"},
+		},
+		Timeout:         3,
+		Retries:         0,
+		Interval:        90,
+		ConsecutiveUp:   2,
+		ConsecutiveDown: 2,
+		ExpectedBody:    "kicking",
+		ExpectedCodes:   "200",
+
+		FollowRedirects: true,
+		AllowInsecure:   true,
+	}
+	request := LoadBalancerMonitor{
+		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
+		Type:        "http",
+		Description: "Login page monitor",
+		Method:      http.MethodGet,
+		Path:        "/status",
+		Header: map[string][]string{
+			"Host":     {"example.com"},
+			"X-App-ID": {"easy"},
+		},
+		Timeout:         3,
+		Retries:         0,
+		Interval:        90,
+		ConsecutiveUp:   2,
+		ConsecutiveDown: 2,
+		ExpectedBody:    "kicking",
+		ExpectedCodes:   "200",
+
+		FollowRedirects: true,
+		AllowInsecure:   true,
+	}
+
+	actual, err := client.UpdateLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerMonitorParams{LoadBalancerMonitor: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerMonitorParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
+
+func TestCreateLoadBalancer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+              "description": "Load Balancer for www.example.com",
+              "name": "www.example.com",
+              "ttl": 30,
+              "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+              "default_pools": [
+                "de90f38ced07c2e2f4df50b1f61d4194",
+                "9290f38c5d07c2e2f4df57b1f61d4196",
+                "00920f38ce07c2e2f4df50b1f61d4194"
+              ],
+              "region_pools": {
+                "WNAM": [
+                  "de90f38ced07c2e2f4df50b1f61d4194",
+                  "9290f38c5d07c2e2f4df57b1f61d4196"
+                ],
+                "ENAM": [
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ]
+              },
+              "country_pools": {
+                "US": [
+                  "de90f38ced07c2e2f4df50b1f61d4194"
+                ],
+                "GB": [
+                  "abd90f38ced07c2e2f4df50b1f61d4194"
+                ]
+              },
+              "pop_pools": {
+                "LAX": [
+                  "de90f38ced07c2e2f4df50b1f61d4194",
+                  "9290f38c5d07c2e2f4df57b1f61d4196"
+                ],
+                "LHR": [
+                  "abd90f38ced07c2e2f4df50b1f61d4194",
+                  "f9138c5d07c2e2f4df57b1f61d4196"
+                ],
+                "SJC": [
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ]
+			  },
+			  "random_steering": {
+			    "default_weight": 0.2,
+			    "pool_weights": {
+			        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+			        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
+			    }
+			  },
+			  "adaptive_routing": {
+				"failover_across_pools": true
+			  },
+			  "location_strategy": {
+				"prefer_ecs": "always",
+				"mode": "resolver_ip"
+			  },
+			  "rules": [
+				  {
+					  "name": "example rule",
+					  "condition": "cf.load_balancer.region == \"SAF\"",
+					  "disabled": false,
+					  "priority": 0,
+					  "overrides": {
+						  "region_pools": {
+							  "SAF": ["de90f38ced07c2e2f4df50b1f61d4194"]
+						  },
+						  "adaptive_routing": {
+							"failover_across_pools": false
+						  },
+						  "location_strategy": {
+							"prefer_ecs": "never",
+							"mode": "pop"
+						  }
+					  }
+				  }
+			  ],
+              "proxied": true,
+              "session_affinity": "cookie",
+              "session_affinity_ttl": 5000,
+              "session_affinity_attributes": {
+                "samesite": "Strict",
+                "secure": "Always",
+                "drain_duration": 60,
+                "zero_downtime_failover": "sticky"
+              }
+            }`, string(b))
+		}
+
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "699d98642c564d2e855e9661899b7252",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2014-02-01T05:20:00.12345Z",
+                "description": "Load Balancer for www.example.com",
+                "name": "www.example.com",
+                "ttl": 30,
+                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+                "default_pools": [
+                  "de90f38ced07c2e2f4df50b1f61d4194",
+                  "9290f38c5d07c2e2f4df57b1f61d4196",
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ],
+                "region_pools": {
+                  "WNAM": [
+                    "de90f38ced07c2e2f4df50b1f61d4194",
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "ENAM": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "country_pools": {
+                  "US": [
+                    "de90f38ced07c2e2f4df50b1f61d4194"
+                  ],
+                  "GB": [
+                    "abd90f38ced07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "pop_pools": {
+                  "LAX": [
+                    "de90f38ced07c2e2f4df50b1f61d4194",
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "LHR": [
+                    "abd90f38ced07c2e2f4df50b1f61d4194",
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "SJC": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+				},
+				"random_steering": {
+				   "default_weight": 0.2,
+				    "pool_weights": {
+				        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+				        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
+				    }
+				},
+				"adaptive_routing": {
+					"failover_across_pools": true
+				},
+				"location_strategy": {
+					"prefer_ecs": "always",
+					"mode": "resolver_ip"
+				},
+				"rules": [
+				  {
+					  "name": "example rule",
+					  "condition": "cf.load_balancer.region == \"SAF\"",
+					  "overrides": {
+						  "region_pools": {
+							  "SAF": ["de90f38ced07c2e2f4df50b1f61d4194"]
+						  },
+						  "adaptive_routing": {
+							"failover_across_pools": false
+						  },
+						  "location_strategy": {
+							"prefer_ecs": "never",
+							"mode": "pop"
+						  }
+					  }
+				  }
+			  ],
+                "proxied": true,
+                "session_affinity": "cookie",
+                "session_affinity_ttl": 5000,
+                "session_affinity_attributes": {
+                    "samesite": "Strict",
+                    "secure": "Always",
+                    "drain_duration": 60,
+	                "zero_downtime_failover": "sticky"
+                }
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancer{
+		ID:           "699d98642c564d2e855e9661899b7252",
+		CreatedOn:    &createdOn,
+		ModifiedOn:   &modifiedOn,
+		Description:  "Load Balancer for www.example.com",
+		Name:         "www.example.com",
+		TTL:          30,
+		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+		DefaultPools: []string{
+			"de90f38ced07c2e2f4df50b1f61d4194",
+			"9290f38c5d07c2e2f4df57b1f61d4196",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		RegionPools: map[string][]string{
+			"WNAM": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"ENAM": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		CountryPools: map[string][]string{
+			"US": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+			},
+			"GB": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+			},
+		},
+		PopPools: map[string][]string{
+			"LAX": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"LHR": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+			"SJC": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		RandomSteering: &RandomSteering{
+			DefaultWeight: 0.2,
+			PoolWeights: map[string]float64{
+				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
+			},
+		},
+		AdaptiveRouting: &AdaptiveRouting{
+			FailoverAcrossPools: BoolPtr(true),
+		},
+		LocationStrategy: &LocationStrategy{
+			PreferECS: "always",
+			Mode:      "resolver_ip",
+		},
+		Rules: []*LoadBalancerRule{
+			{
+				Name:      "example rule",
+				Condition: "cf.load_balancer.region == \"SAF\"",
+				Overrides: LoadBalancerRuleOverrides{
+					RegionPools: map[string][]string{
+						"SAF": {"de90f38ced07c2e2f4df50b1f61d4194"},
+					},
+					AdaptiveRouting: &AdaptiveRouting{
+						FailoverAcrossPools: BoolPtr(false),
+					},
+					LocationStrategy: &LocationStrategy{
+						PreferECS: "never",
+						Mode:      "pop",
+					},
+				},
+			},
+		},
+		Proxied:        true,
+		Persistence:    "cookie",
+		PersistenceTTL: 5000,
+		SessionAffinityAttributes: &SessionAffinityAttributes{
+			SameSite:             "Strict",
+			Secure:               "Always",
+			DrainDuration:        60,
+			ZeroDowntimeFailover: "sticky",
+		},
+	}
+	request := LoadBalancer{
+		Description:  "Load Balancer for www.example.com",
+		Name:         "www.example.com",
+		TTL:          30,
+		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+		DefaultPools: []string{
+			"de90f38ced07c2e2f4df50b1f61d4194",
+			"9290f38c5d07c2e2f4df57b1f61d4196",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		RegionPools: map[string][]string{
+			"WNAM": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"ENAM": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		CountryPools: map[string][]string{
+			"US": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+			},
+			"GB": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+			},
+		},
+		PopPools: map[string][]string{
+			"LAX": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"LHR": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+			"SJC": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		RandomSteering: &RandomSteering{
+			DefaultWeight: 0.2,
+			PoolWeights: map[string]float64{
+				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
+			},
+		},
+		AdaptiveRouting: &AdaptiveRouting{
+			FailoverAcrossPools: BoolPtr(true),
+		},
+		LocationStrategy: &LocationStrategy{
+			PreferECS: "always",
+			Mode:      "resolver_ip",
+		},
+		Rules: []*LoadBalancerRule{
+			{
+				Name:      "example rule",
+				Condition: "cf.load_balancer.region == \"SAF\"",
+				Overrides: LoadBalancerRuleOverrides{
+					RegionPools: map[string][]string{
+						"SAF": {"de90f38ced07c2e2f4df50b1f61d4194"},
+					},
+					AdaptiveRouting: &AdaptiveRouting{
+						FailoverAcrossPools: BoolPtr(false),
+					},
+					LocationStrategy: &LocationStrategy{
+						PreferECS: "never",
+						Mode:      "pop",
+					},
+				},
+			},
+		},
+		Proxied:        true,
+		Persistence:    "cookie",
+		PersistenceTTL: 5000,
+		SessionAffinityAttributes: &SessionAffinityAttributes{
+			SameSite:             "Strict",
+			Secure:               "Always",
+			DrainDuration:        60,
+			ZeroDowntimeFailover: "sticky",
+		},
+	}
+
+	actual, err := client.CreateLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerParams{LoadBalancer: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateLoadBalancer_AccountIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.CreateLoadBalancer(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
+	}
+}
+
+func TestListLoadBalancers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": [
+                {
+                    "id": "699d98642c564d2e855e9661899b7252",
+                    "created_on": "2014-01-01T05:20:00.12345Z",
+                    "modified_on": "2014-02-01T05:20:00.12345Z",
+                    "description": "Load Balancer for www.example.com",
+                    "name": "www.example.com",
+                    "ttl": 30,
+                    "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+                    "default_pools": [
+                      "de90f38ced07c2e2f4df50b1f61d4194",
+                      "9290f38c5d07c2e2f4df57b1f61d4196",
+                      "00920f38ce07c2e2f4df50b1f61d4194"
+                    ],
+                    "region_pools": {
+                      "WNAM": [
+                        "de90f38ced07c2e2f4df50b1f61d4194",
+                        "9290f38c5d07c2e2f4df57b1f61d4196"
+                      ],
+                      "ENAM": [
+                        "00920f38ce07c2e2f4df50b1f61d4194"
+                      ]
+                    },
+                    "country_pools": {
+                      "US": [
+                        "de90f38ced07c2e2f4df50b1f61d4194"
+                      ],
+                      "GB": [
+                        "abd90f38ced07c2e2f4df50b1f61d4194"
+                      ]
+                    },
+                    "pop_pools": {
+                      "LAX": [
+                        "de90f38ced07c2e2f4df50b1f61d4194",
+                        "9290f38c5d07c2e2f4df57b1f61d4196"
+                      ],
+                      "LHR": [
+                        "abd90f38ced07c2e2f4df50b1f61d4194",
+                        "f9138c5d07c2e2f4df57b1f61d4196"
+                      ],
+                      "SJC": [
+                        "00920f38ce07c2e2f4df50b1f61d4194"
+                      ]
+                    },
+                    "random_steering": {
+                        "default_weight": 0.2,
+                        "pool_weights": {
+                            "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+                            "de90f38ced07c2e2f4df50b1f61d4194": 0.4
+                        }
+                    },
+					"adaptive_routing": {
+						"failover_across_pools": true
+					},
+					"location_strategy": {
+						"prefer_ecs": "always",
+						"mode": "resolver_ip"
+					},
+                    "proxied": true
+                }
+            ],
+            "result_info": {
+                "page": 1,
+                "per_page": 20,
+                "count": 1,
+                "total_count": 1
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := []LoadBalancer{
+		{
+			ID:           "699d98642c564d2e855e9661899b7252",
+			CreatedOn:    &createdOn,
+			ModifiedOn:   &modifiedOn,
+			Description:  "Load Balancer for www.example.com",
+			Name:         "www.example.com",
+			TTL:          30,
+			FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+			DefaultPools: []string{
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+			RegionPools: map[string][]string{
+				"WNAM": {
+					"de90f38ced07c2e2f4df50b1f61d4194",
+					"9290f38c5d07c2e2f4df57b1f61d4196",
+				},
+				"ENAM": {
+					"00920f38ce07c2e2f4df50b1f61d4194",
+				},
+			},
+			CountryPools: map[string][]string{
+				"US": {
+					"de90f38ced07c2e2f4df50b1f61d4194",
+				},
+				"GB": {
+					"abd90f38ced07c2e2f4df50b1f61d4194",
+				},
+			},
+			PopPools: map[string][]string{
+				"LAX": {
+					"de90f38ced07c2e2f4df50b1f61d4194",
+					"9290f38c5d07c2e2f4df57b1f61d4196",
+				},
+				"LHR": {
+					"abd90f38ced07c2e2f4df50b1f61d4194",
+					"f9138c5d07c2e2f4df57b1f61d4196",
+				},
+				"SJC": {
+					"00920f38ce07c2e2f4df50b1f61d4194",
+				},
+			},
+			RandomSteering: &RandomSteering{
+				DefaultWeight: 0.2,
+				PoolWeights: map[string]float64{
+					"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+					"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
+				},
+			},
+			AdaptiveRouting: &AdaptiveRouting{
+				FailoverAcrossPools: BoolPtr(true),
+			},
+			LocationStrategy: &LocationStrategy{
+				PreferECS: "always",
+				Mode:      "resolver_ip",
+			},
+			Proxied: true,
+		},
+	}
+
+	actual, err := client.ListLoadBalancers(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListLoadBalancer_AccountIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.ListLoadBalancers(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
+	}
+}
+
+func TestGetLoadBalancer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "699d98642c564d2e855e9661899b7252",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2014-02-01T05:20:00.12345Z",
+                "description": "Load Balancer for www.example.com",
+                "name": "www.example.com",
+                "ttl": 30,
+                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+                "default_pools": [
+                  "de90f38ced07c2e2f4df50b1f61d4194",
+                  "9290f38c5d07c2e2f4df57b1f61d4196",
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ],
+                "region_pools": {
+                  "WNAM": [
+                    "de90f38ced07c2e2f4df50b1f61d4194",
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "ENAM": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "country_pools": {
+                  "US": [
+                    "de90f38ced07c2e2f4df50b1f61d4194"
+                  ],
+                  "GB": [
+                    "abd90f38ced07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "pop_pools": {
+                  "LAX": [
+                    "de90f38ced07c2e2f4df50b1f61d4194",
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "LHR": [
+                    "abd90f38ced07c2e2f4df50b1f61d4194",
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "SJC": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "random_steering": {
+                    "default_weight": 0.2,
+                    "pool_weights": {
+                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+                        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
+                    }
+                },
+				"adaptive_routing": {
+					"failover_across_pools": true
+				},
+				"location_strategy": {
+					"prefer_ecs": "always",
+					"mode": "resolver_ip"
+				},
+                "proxied": true
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+	want := LoadBalancer{
+		ID:           "699d98642c564d2e855e9661899b7252",
+		CreatedOn:    &createdOn,
+		ModifiedOn:   &modifiedOn,
+		Description:  "Load Balancer for www.example.com",
+		Name:         "www.example.com",
+		TTL:          30,
+		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+		DefaultPools: []string{
+			"de90f38ced07c2e2f4df50b1f61d4194",
+			"9290f38c5d07c2e2f4df57b1f61d4196",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		RegionPools: map[string][]string{
+			"WNAM": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"ENAM": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		CountryPools: map[string][]string{
+			"US": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+			},
+			"GB": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+			},
+		},
+		PopPools: map[string][]string{
+			"LAX": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"LHR": {
+				"abd90f38ced07c2e2f4df50b1f61d4194",
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+			"SJC": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		RandomSteering: &RandomSteering{
+			DefaultWeight: 0.2,
+			PoolWeights: map[string]float64{
+				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
+				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
+			},
+		},
+		AdaptiveRouting: &AdaptiveRouting{
+			FailoverAcrossPools: BoolPtr(true),
+		},
+		LocationStrategy: &LocationStrategy{
+			PreferECS: "always",
+			Mode:      "resolver_ip",
+		},
+		Proxied: true,
+	}
+
+	actual, err := client.GetLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.GetLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "bar")
+	assert.Error(t, err)
+}
+
+func TestGetLoadBalancer_AccountIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetLoadBalancer(context.Background(), AccountIdentifier(testAccountID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
+	}
+}
+
+func TestDeleteLoadBalancer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+              "id": "699d98642c564d2e855e9661899b7252"
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
+	assert.NoError(t, client.DeleteLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "699d98642c564d2e855e9661899b7252"))
+	assert.Error(t, client.DeleteLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "bar"))
+}
+
+func TestDeleteLoadBalancer_AccountIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	err := client.DeleteLoadBalancer(context.Background(), AccountIdentifier(testAccountID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
+	}
+}
+
+func TestUpdateLoadBalancer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+                "id": "699d98642c564d2e855e9661899b7252",
+                "description": "Load Balancer for www.example.com",
+                "name": "www.example.com",
+                "ttl": 30,
+                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+                "default_pools": [
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ],
+                "region_pools": {
+                  "WNAM": [
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "ENAM": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "country_pools": {
+                  "US": [
+                    "de90f38ced07c2e2f4df50b1f61d4194"
+                  ],
+                  "GB": [
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ]
+                },
+                "pop_pools": {
+                  "LAX": [
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "LHR": [
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "SJC": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "random_steering": {
+                    "default_weight": 0.5,
+                    "pool_weights": {
+                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.2
+                    }
+                },
+				"adaptive_routing": {
+					"failover_across_pools": false
+				},
+				"location_strategy": {
+					"prefer_ecs": "never",
+					"mode": "pop"
+				},
+                "proxied": true,
+                "session_affinity": "none",
+                "session_affinity_attributes": {
+                  "samesite": "Strict",
+                  "secure": "Always",
+				  "zero_downtime_failover": "sticky"
+                }
+			}`, string(b))
+		}
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "id": "699d98642c564d2e855e9661899b7252",
+                "created_on": "2014-01-01T05:20:00.12345Z",
+                "modified_on": "2017-02-01T05:20:00.12345Z",
+                "description": "Load Balancer for www.example.com",
+                "name": "www.example.com",
+                "ttl": 30,
+                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
+                "default_pools": [
+                  "00920f38ce07c2e2f4df50b1f61d4194"
+                ],
+                "region_pools": {
+                  "WNAM": [
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "ENAM": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "country_pools": {
+                  "US": [
+                    "de90f38ced07c2e2f4df50b1f61d4194"
+                  ],
+                  "GB": [
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ]
+                },
+                "pop_pools": {
+                  "LAX": [
+                    "9290f38c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "LHR": [
+                    "f9138c5d07c2e2f4df57b1f61d4196"
+                  ],
+                  "SJC": [
+                    "00920f38ce07c2e2f4df50b1f61d4194"
+                  ]
+                },
+                "random_steering": {
+                    "default_weight": 0.5,
+                    "pool_weights": {
+                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.2
+                    }
+                },
+				"adaptive_routing": {
+					"failover_across_pools": false
+				},
+				"location_strategy": {
+					"prefer_ecs": "never",
+					"mode": "pop"
+				},
+                "proxied": true,
+                "session_affinity": "none",
+                "session_affinity_attributes": {
+                  "samesite": "Strict",
+                  "secure": "Always",
+	              "zero_downtime_failover": "sticky"
+                }
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
+	want := LoadBalancer{
+		ID:           "699d98642c564d2e855e9661899b7252",
+		CreatedOn:    &createdOn,
+		ModifiedOn:   &modifiedOn,
+		Description:  "Load Balancer for www.example.com",
+		Name:         "www.example.com",
+		TTL:          30,
+		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+		DefaultPools: []string{
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		RegionPools: map[string][]string{
+			"WNAM": {
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"ENAM": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		CountryPools: map[string][]string{
+			"US": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+			},
+			"GB": {
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+		},
+		PopPools: map[string][]string{
+			"LAX": {
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"LHR": {
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+			"SJC": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		RandomSteering: &RandomSteering{
+			DefaultWeight: 0.5,
+			PoolWeights: map[string]float64{
+				"9290f38c5d07c2e2f4df57b1f61d4196": 0.2,
+			},
+		},
+		AdaptiveRouting: &AdaptiveRouting{
+			FailoverAcrossPools: BoolPtr(false),
+		},
+		LocationStrategy: &LocationStrategy{
+			PreferECS: "never",
+			Mode:      "pop",
+		},
+		Proxied:     true,
+		Persistence: "none",
+		SessionAffinityAttributes: &SessionAffinityAttributes{
+			SameSite:             "Strict",
+			Secure:               "Always",
+			ZeroDowntimeFailover: "sticky",
+		},
+	}
+	request := LoadBalancer{
+		ID:           "699d98642c564d2e855e9661899b7252",
+		Description:  "Load Balancer for www.example.com",
+		Name:         "www.example.com",
+		TTL:          30,
+		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
+		DefaultPools: []string{
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		RegionPools: map[string][]string{
+			"WNAM": {
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"ENAM": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		CountryPools: map[string][]string{
+			"US": {
+				"de90f38ced07c2e2f4df50b1f61d4194",
+			},
+			"GB": {
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+		},
+		PopPools: map[string][]string{
+			"LAX": {
+				"9290f38c5d07c2e2f4df57b1f61d4196",
+			},
+			"LHR": {
+				"f9138c5d07c2e2f4df57b1f61d4196",
+			},
+			"SJC": {
+				"00920f38ce07c2e2f4df50b1f61d4194",
+			},
+		},
+		RandomSteering: &RandomSteering{
+			DefaultWeight: 0.5,
+			PoolWeights: map[string]float64{
+				"9290f38c5d07c2e2f4df57b1f61d4196": 0.2,
+			},
+		},
+		AdaptiveRouting: &AdaptiveRouting{
+			FailoverAcrossPools: BoolPtr(false),
+		},
+		LocationStrategy: &LocationStrategy{
+			PreferECS: "never",
+			Mode:      "pop",
+		},
+		Proxied:     true,
+		Persistence: "none",
+		SessionAffinityAttributes: &SessionAffinityAttributes{
+			SameSite:             "Strict",
+			Secure:               "Always",
+			ZeroDowntimeFailover: "sticky",
+		},
+	}
+
+	actual, err := client.UpdateLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerParams{LoadBalancer: request})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateLoadBalancer_AccountIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateLoadBalancer(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerParams{LoadBalancer: LoadBalancer{}})
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
+	}
+}
+
+func TestLoadBalancerPoolHealthDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": {
+                "pool_id": "699d98642c564d2e855e9661899b7252",
+                "pop_health": {
+                    "Amsterdam, NL": {
+                        "healthy": true,
+                        "origins": [
+                          {
+                            "2001:DB8::5": {
+                                "healthy": true,
+                                "rtt": "12.1ms",
+                                "failure_reason": "No failures",
+                                "response_code": 401
+                            }
+                          }
+                        ]
+                    }
+                }
+            }
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/699d98642c564d2e855e9661899b7252/health", handler)
+	want := LoadBalancerPoolHealth{
+		ID: "699d98642c564d2e855e9661899b7252",
+		PopHealth: map[string]LoadBalancerPoolPopHealth{
+			"Amsterdam, NL": {
+				Healthy: true,
+				Origins: []map[string]LoadBalancerOriginHealth{
+					{
+						"2001:DB8::5": {
+							Healthy:       true,
+							RTT:           Duration{12*time.Millisecond + 100*time.Microsecond},
+							FailureReason: "No failures",
+							ResponseCode:  401,
+						},
+					},
+				},
+			},
+		},
+	}
+
+	actual, err := client.GetLoadBalancerPoolHealth(context.Background(), AccountIdentifier(testAccountID), "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestLoadBalancerPoolHealthDetails_ZoneIsNotSupported(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.GetLoadBalancerPoolHealth(context.Background(), ZoneIdentifier(testZoneID), "foo")
+	if assert.Error(t, err) {
+		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
+	}
+}
diff --git a/pkg/cloudflare-go/lockdown.go b/pkg/cloudflare-go/lockdown.go
new file mode 100644
index 0000000000..b7c76320ef
--- /dev/null
+++ b/pkg/cloudflare-go/lockdown.go
@@ -0,0 +1,192 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// ZoneLockdown represents a Zone Lockdown rule. A rule only permits access to
+// the provided URL pattern(s) from the given IP address(es) or subnet(s).
+type ZoneLockdown struct {
+	ID             string               `json:"id"`
+	Description    string               `json:"description"`
+	URLs           []string             `json:"urls"`
+	Configurations []ZoneLockdownConfig `json:"configurations"`
+	Paused         bool                 `json:"paused"`
+	Priority       int                  `json:"priority,omitempty"`
+	CreatedOn      *time.Time           `json:"created_on,omitempty"`
+	ModifiedOn     *time.Time           `json:"modified_on,omitempty"`
+}
+
+// ZoneLockdownConfig represents a Zone Lockdown config, which comprises
+// a Target ("ip" or "ip_range") and a Value (an IP address or IP+mask,
+// respectively.)
+type ZoneLockdownConfig struct {
+	Target string `json:"target"`
+	Value  string `json:"value"`
+}
+
+// ZoneLockdownResponse represents a response from the Zone Lockdown endpoint.
+type ZoneLockdownResponse struct {
+	Result ZoneLockdown `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// ZoneLockdownListResponse represents a response from the List Zone Lockdown
+// endpoint.
+type ZoneLockdownListResponse struct {
+	Result []ZoneLockdown `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// ZoneLockdownCreateParams contains required and optional params
+// for creating a zone lockdown.
+type ZoneLockdownCreateParams struct {
+	Description    string               `json:"description"`
+	URLs           []string             `json:"urls"`
+	Configurations []ZoneLockdownConfig `json:"configurations"`
+	Paused         bool                 `json:"paused"`
+	Priority       int                  `json:"priority,omitempty"`
+}
+
+// ZoneLockdownUpdateParams contains required and optional params
+// for updating a zone lockdown.
+type ZoneLockdownUpdateParams struct {
+	ID             string               `json:"id"`
+	Description    string               `json:"description"`
+	URLs           []string             `json:"urls"`
+	Configurations []ZoneLockdownConfig `json:"configurations"`
+	Paused         bool                 `json:"paused"`
+	Priority       int                  `json:"priority,omitempty"`
+}
+
+type LockdownListParams struct {
+	ResultInfo
+}
+
+// CreateZoneLockdown creates a Zone ZoneLockdown rule for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-create-a-ZoneLockdown-rule
+func (api *API) CreateZoneLockdown(ctx context.Context, rc *ResourceContainer, params ZoneLockdownCreateParams) (ZoneLockdown, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return ZoneLockdown{}, err
+	}
+
+	response := &ZoneLockdownResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// UpdateZoneLockdown updates a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-update-ZoneLockdown-rule
+func (api *API) UpdateZoneLockdown(ctx context.Context, rc *ResourceContainer, params ZoneLockdownUpdateParams) (ZoneLockdown, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return ZoneLockdown{}, err
+	}
+
+	response := &ZoneLockdownResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// DeleteZoneLockdown deletes a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-delete-ZoneLockdown-rule
+func (api *API) DeleteZoneLockdown(ctx context.Context, rc *ResourceContainer, id string) (ZoneLockdown, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, id)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return ZoneLockdown{}, err
+	}
+
+	response := &ZoneLockdownResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// ZoneLockdown retrieves a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-ZoneLockdown-rule-details
+func (api *API) ZoneLockdown(ctx context.Context, rc *ResourceContainer, id string) (ZoneLockdown, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneLockdown{}, err
+	}
+
+	response := &ZoneLockdownResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// ListZoneLockdowns retrieves every Zone ZoneLockdown rules for a given zone ID.
+//
+// Automatically paginates all results unless `params.PerPage` and `params.Page`
+// is set.
+//
+// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-list-ZoneLockdown-rules
+func (api *API) ListZoneLockdowns(ctx context.Context, rc *ResourceContainer, params LockdownListParams) ([]ZoneLockdown, *ResultInfo, error) {
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var zoneLockdowns []ZoneLockdown
+	var zResponse ZoneLockdownListResponse
+	for {
+		zResponse = ZoneLockdownListResponse{}
+		uri := buildURI(fmt.Sprintf("/zones/%s/firewall/lockdowns", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []ZoneLockdown{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &zResponse)
+		if err != nil {
+			return []ZoneLockdown{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+		}
+
+		zoneLockdowns = append(zoneLockdowns, zResponse.Result...)
+		params.ResultInfo = zResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return zoneLockdowns, &zResponse.ResultInfo, nil
+}
diff --git a/pkg/cloudflare-go/lockdown_example_test.go b/pkg/cloudflare-go/lockdown_example_test.go
new file mode 100644
index 0000000000..ffb1002f9b
--- /dev/null
+++ b/pkg/cloudflare-go/lockdown_example_test.go
@@ -0,0 +1,64 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListZoneLockdowns_all() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch all Zone Lockdown rules for a zone, by page.
+	rules, _, err := api.ListZoneLockdowns(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.LockdownListParams{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range rules {
+		fmt.Printf("%s: %s\n", strings.Join(r.URLs, ", "), r.Configurations)
+	}
+}
+
+func ExampleAPI_CreateZoneLockdown() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	newZoneLockdown := cloudflare.ZoneLockdownCreateParams{
+		Description: "Test Zone Lockdown Rule",
+		URLs: []string{
+			"*.example.org/test",
+		},
+		Configurations: []cloudflare.ZoneLockdownConfig{
+			{
+				Target: "ip",
+				Value:  "198.51.100.1",
+			},
+		},
+		Paused: false,
+	}
+
+	response, err := api.CreateZoneLockdown(context.Background(), cloudflare.ZoneIdentifier(zoneID), newZoneLockdown)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Response: ", response)
+}
diff --git a/pkg/cloudflare-go/lockdown_test.go b/pkg/cloudflare-go/lockdown_test.go
new file mode 100644
index 0000000000..470fca6bfb
--- /dev/null
+++ b/pkg/cloudflare-go/lockdown_test.go
@@ -0,0 +1,303 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCreateZoneLockdown(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := ZoneLockdownCreateParams{
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused: false,
+	}
+
+	want := ZoneLockdown{
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused: false,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s")
+
+		var v ZoneLockdown
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, want, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"paused": false,
+				"description": "Restrict access to these endpoints to requests from a known IP address",
+				"urls": [
+					"api.mysite.com/some/endpoint*"
+				],
+				"configurations": [
+				  {
+					  "target": "ip",
+					  "value": "198.51.100.4"
+				  }
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns", handler)
+
+	actual, err := client.CreateZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), input)
+	require.NoError(t, err)
+
+	want.ID = "372e67954025e0ba6aaa6d586b9e0b59"
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want.CreatedOn = &createdOn
+	want.ModifiedOn = &modifiedOn
+
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateZoneLockdown(t *testing.T) {
+	setup()
+	defer teardown()
+
+	input := ZoneLockdownUpdateParams{
+		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused: false,
+	}
+
+	want := ZoneLockdown{
+		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused: false,
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s")
+
+		var v ZoneLockdown
+		err := json.NewDecoder(r.Body).Decode(&v)
+		require.NoError(t, err)
+		assert.Equal(t, want, v)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"paused": false,
+				"description": "Restrict access to these endpoints to requests from a known IP address",
+				"urls": [
+					"api.mysite.com/some/endpoint*"
+				],
+				"configurations": [
+				  {
+					  "target": "ip",
+					  "value": "198.51.100.4"
+				  }
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/372e67954025e0ba6aaa6d586b9e0b59", handler)
+
+	actual, err := client.UpdateZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), input)
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want.CreatedOn = &createdOn
+	want.ModifiedOn = &modifiedOn
+
+	assert.Equal(t, want, actual)
+}
+
+func TestDeleteZoneLockdown(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59"
+			}
+		}`)
+	}
+
+	zoneLockdownID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/"+zoneLockdownID, handler)
+
+	actual, err := client.DeleteZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), zoneLockdownID)
+	require.NoError(t, err)
+
+	want := ZoneLockdown{
+		ID: zoneLockdownID,
+	}
+	assert.Equal(t, want, actual)
+}
+
+func TestZoneLockdown(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "372e67954025e0ba6aaa6d586b9e0b59",
+				"created_on": "2014-01-01T05:20:00Z",
+				"modified_on": "2014-01-01T05:20:00Z",
+				"paused": false,
+				"description": "Restrict access to these endpoints to requests from a known IP address",
+				"urls": [
+					"api.mysite.com/some/endpoint*"
+				],
+				"configurations": [
+				  {
+					  "target": "ip",
+					  "value": "198.51.100.4"
+				  }
+				]
+			}
+		}`)
+	}
+
+	zoneLockdownID := "372e67954025e0ba6aaa6d586b9e0b59"
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/"+zoneLockdownID, handler)
+
+	actual, err := client.ZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), zoneLockdownID)
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := ZoneLockdown{
+		ID:          zoneLockdownID,
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused:     false,
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	}
+	assert.Equal(t, want, actual)
+}
+
+func TestListZoneLockdowns(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s")
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+				  "id": "372e67954025e0ba6aaa6d586b9e0b59",
+				  "created_on": "2014-01-01T05:20:00Z",
+				  "modified_on": "2014-01-01T05:20:00Z",
+				  "paused": false,
+				  "description": "Restrict access to these endpoints to requests from a known IP address",
+				  "urls": [
+					  "api.mysite.com/some/endpoint*"
+				  ],
+				  "configurations": [
+					{
+						"target": "ip",
+						"value": "198.51.100.4"
+					}
+				  ]
+			  }
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns", handler)
+
+	actual, _, err := client.ListZoneLockdowns(context.Background(), ZoneIdentifier(testZoneID), LockdownListParams{})
+	require.NoError(t, err)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	want := []ZoneLockdown{{
+		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
+		Description: "Restrict access to these endpoints to requests from a known IP address",
+		URLs:        []string{"api.mysite.com/some/endpoint*"},
+		Configurations: []ZoneLockdownConfig{{
+			Target: "ip",
+			Value:  "198.51.100.4",
+		}},
+		Paused:     false,
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+	},
+	}
+	assert.Equal(t, want, actual)
+}
diff --git a/pkg/cloudflare-go/logger.go b/pkg/cloudflare-go/logger.go
new file mode 100644
index 0000000000..b1bd9b4ef3
--- /dev/null
+++ b/pkg/cloudflare-go/logger.go
@@ -0,0 +1,130 @@
+package cloudflare
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"os"
+)
+
+// silentRetryLogger is the logger provided with retryable client to stop it
+// displaying the retry attempts.
+var silentRetryLogger = log.New(io.Discard, "", log.LstdFlags)
+
+const (
+	// LevelNull sets a logger to show no messages at all.
+	LevelNull Level = 0
+
+	// LevelError sets a logger to show error messages only.
+	LevelError Level = 1
+
+	// LevelWarn sets a logger to show warning messages or anything more
+	// severe.
+	LevelWarn Level = 2
+
+	// LevelInfo sets a logger to show informational messages or anything more
+	// severe.
+	LevelInfo Level = 3
+
+	// LevelDebug sets a logger to show informational messages or anything more
+	// severe.
+	LevelDebug Level = 4
+)
+
+// DefaultLeveledLogger is the default logger that the library will use to log
+// errors, warnings, and informational messages.
+var DefaultLeveledLogger LeveledLoggerInterface = &LeveledLogger{
+	Level: LevelError,
+}
+
+// SilentLeveledLogger is a logger for disregarding all logs written.
+var SilentLeveledLogger LeveledLoggerInterface = &LeveledLogger{
+	Level: LevelNull,
+}
+
+// Level represents a logging level.
+type Level uint32
+
+// LeveledLogger is a leveled logger implementation.
+//
+// It prints warnings and errors to `os.Stderr` and other messages to
+// `os.Stdout`.
+type LeveledLogger struct {
+	// Level is the minimum logging level that will be emitted by this logger.
+	//
+	// For example, a Level set to LevelWarn will emit warnings and errors, but
+	// not informational or debug messages.
+	//
+	// Always set this with a constant like LevelWarn because the individual
+	// values are not guaranteed to be stable.
+	Level Level
+
+	// Internal testing use only.
+	stderrOverride io.Writer
+	stdoutOverride io.Writer
+}
+
+// Debugf logs a debug message using Printf conventions.
+func (l *LeveledLogger) Debugf(format string, v ...interface{}) {
+	if l.Level >= LevelDebug {
+		fmt.Fprintf(l.stdout(), "[debug] "+format, v...)
+	}
+}
+
+// Errorf logs a warning message using Printf conventions.
+func (l *LeveledLogger) Errorf(format string, v ...interface{}) {
+	// Infof logs a debug message using Printf conventions.
+	if l.Level >= LevelError {
+		fmt.Fprintf(l.stderr(), "[error] "+format, v...)
+	}
+}
+
+// Infof logs an informational message using Printf conventions.
+func (l *LeveledLogger) Infof(format string, v ...interface{}) {
+	if l.Level >= LevelInfo {
+		fmt.Fprintf(l.stdout(), "[info] "+format, v...)
+	}
+}
+
+// Warnf logs a warning message using Printf conventions.
+func (l *LeveledLogger) Warnf(format string, v ...interface{}) {
+	if l.Level >= LevelWarn {
+		fmt.Fprintf(l.stderr(), "[warn] "+format, v...)
+	}
+}
+
+func (l *LeveledLogger) stderr() io.Writer {
+	if l.stderrOverride != nil {
+		return l.stderrOverride
+	}
+
+	return os.Stderr
+}
+
+func (l *LeveledLogger) stdout() io.Writer {
+	if l.stdoutOverride != nil {
+		return l.stdoutOverride
+	}
+
+	return os.Stdout
+}
+
+// LeveledLoggerInterface provides a basic leveled logging interface for
+// printing debug, informational, warning, and error messages.
+//
+// It's implemented by LeveledLogger and also provides out-of-the-box
+// compatibility with a Logrus Logger, but may require a thin shim for use with
+// other logging libraries that you use less standard conventions like Zap.
+type LeveledLoggerInterface interface {
+	// Debugf logs a debug message using Printf conventions.
+	Debugf(format string, v ...interface{})
+
+	// Errorf logs a warning message using Printf conventions.
+	Errorf(format string, v ...interface{})
+
+	// Infof logs an informational message using Printf conventions.
+	Infof(format string, v ...interface{})
+
+	// Warnf logs a warning message using Printf conventions.
+	Warnf(format string, v ...interface{})
+}
diff --git a/pkg/cloudflare-go/logpull.go b/pkg/cloudflare-go/logpull.go
new file mode 100644
index 0000000000..d369115958
--- /dev/null
+++ b/pkg/cloudflare-go/logpull.go
@@ -0,0 +1,58 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// LogpullRetentionConfiguration describes a the structure of a Logpull Retention
+// payload.
+type LogpullRetentionConfiguration struct {
+	Flag bool `json:"flag"`
+}
+
+// LogpullRetentionConfigurationResponse is the API response, containing the
+// Logpull retention result.
+type LogpullRetentionConfigurationResponse struct {
+	Response
+	Result LogpullRetentionConfiguration `json:"result"`
+}
+
+// GetLogpullRetentionFlag gets the current setting flag.
+//
+// API reference: https://developers.cloudflare.com/logs/logpull-api/enabling-log-retention/
+func (api *API) GetLogpullRetentionFlag(ctx context.Context, zoneID string) (*LogpullRetentionConfiguration, error) {
+	uri := fmt.Sprintf("/zones/%s/logs/control/retention/flag", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return &LogpullRetentionConfiguration{}, err
+	}
+	var r LogpullRetentionConfigurationResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+// SetLogpullRetentionFlag updates the retention flag to the defined boolean.
+//
+// API reference: https://developers.cloudflare.com/logs/logpull-api/enabling-log-retention/
+func (api *API) SetLogpullRetentionFlag(ctx context.Context, zoneID string, enabled bool) (*LogpullRetentionConfiguration, error) {
+	uri := fmt.Sprintf("/zones/%s/logs/control/retention/flag", zoneID)
+	flagPayload := LogpullRetentionConfiguration{Flag: enabled}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, flagPayload)
+	if err != nil {
+		return &LogpullRetentionConfiguration{}, err
+	}
+	var r LogpullRetentionConfigurationResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return &LogpullRetentionConfiguration{}, err
+	}
+	return &r.Result, nil
+}
diff --git a/pkg/cloudflare-go/logpull_test.go b/pkg/cloudflare-go/logpull_test.go
new file mode 100644
index 0000000000..ce9275d963
--- /dev/null
+++ b/pkg/cloudflare-go/logpull_test.go
@@ -0,0 +1,62 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetLogpullRetentionFlag(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		"errors": [],
+		"messages": [],
+		"result": {
+			"flag": true
+		},
+		"success": true
+	}`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/logs/control/retention/flag", handler)
+	want := &LogpullRetentionConfiguration{Flag: true}
+
+	actual, err := client.GetLogpullRetentionFlag(context.Background(), "d56084adb405e0b7e32c52321bf07be6")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSetLogpullRetentionFlag(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		"errors": [],
+		"messages": [],
+		"result": {
+			"flag": false
+		},
+		"success": true
+	}`)
+	}
+
+	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/logs/control/retention/flag", handler)
+	want := &LogpullRetentionConfiguration{Flag: false}
+
+	actual, err := client.SetLogpullRetentionFlag(context.Background(), "d56084adb405e0b7e32c52321bf07be6", false)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/logpush.go b/pkg/cloudflare-go/logpush.go
new file mode 100644
index 0000000000..34e32e9cb5
--- /dev/null
+++ b/pkg/cloudflare-go/logpush.go
@@ -0,0 +1,572 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// LogpushJob describes a Logpush job.
+type LogpushJob struct {
+	ID                       int                   `json:"id,omitempty"`
+	Dataset                  string                `json:"dataset"`
+	Enabled                  bool                  `json:"enabled"`
+	Kind                     string                `json:"kind,omitempty"`
+	Name                     string                `json:"name"`
+	LogpullOptions           string                `json:"logpull_options,omitempty"`
+	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
+	DestinationConf          string                `json:"destination_conf"`
+	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
+	LastComplete             *time.Time            `json:"last_complete,omitempty"`
+	LastError                *time.Time            `json:"last_error,omitempty"`
+	ErrorMessage             string                `json:"error_message,omitempty"`
+	Frequency                string                `json:"frequency,omitempty"`
+	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
+	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
+	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
+	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
+}
+
+type LogpushJobFilters struct {
+	Where LogpushJobFilter `json:"where"`
+}
+
+type Operator string
+
+const (
+	Equal              Operator = "eq"
+	NotEqual           Operator = "!eq"
+	LessThan           Operator = "lt"
+	LessThanOrEqual    Operator = "leq"
+	GreaterThan        Operator = "gt"
+	GreaterThanOrEqual Operator = "geq"
+	StartsWith         Operator = "startsWith"
+	EndsWith           Operator = "endsWith"
+	NotStartsWith      Operator = "!startsWith"
+	NotEndsWith        Operator = "!endsWith"
+	Contains           Operator = "contains"
+	NotContains        Operator = "!contains"
+	ValueIsIn          Operator = "in"
+	ValueIsNotIn       Operator = "!in"
+)
+
+type LogpushJobFilter struct {
+	// either this
+	And []LogpushJobFilter `json:"and,omitempty"`
+	Or  []LogpushJobFilter `json:"or,omitempty"`
+	// or this
+	Key      string      `json:"key,omitempty"`
+	Operator Operator    `json:"operator,omitempty"`
+	Value    interface{} `json:"value,omitempty"`
+}
+
+type LogpushOutputOptions struct {
+	FieldNames      []string `json:"field_names"`
+	OutputType      string   `json:"output_type,omitempty"`
+	BatchPrefix     string   `json:"batch_prefix,omitempty"`
+	BatchSuffix     string   `json:"batch_suffix,omitempty"`
+	RecordPrefix    string   `json:"record_prefix,omitempty"`
+	RecordSuffix    string   `json:"record_suffix,omitempty"`
+	RecordTemplate  string   `json:"record_template,omitempty"`
+	RecordDelimiter string   `json:"record_delimiter,omitempty"`
+	FieldDelimiter  string   `json:"field_delimiter,omitempty"`
+	TimestampFormat string   `json:"timestamp_format,omitempty"`
+	SampleRate      float64  `json:"sample_rate,omitempty"`
+	CVE202144228    *bool    `json:"CVE-2021-44228,omitempty"`
+}
+
+// LogpushJobsResponse is the API response, containing an array of Logpush Jobs.
+type LogpushJobsResponse struct {
+	Response
+	Result []LogpushJob `json:"result"`
+}
+
+// LogpushJobDetailsResponse is the API response, containing a single Logpush Job.
+type LogpushJobDetailsResponse struct {
+	Response
+	Result LogpushJob `json:"result"`
+}
+
+// LogpushFieldsResponse is the API response for a datasets fields.
+type LogpushFieldsResponse struct {
+	Response
+	Result LogpushFields `json:"result"`
+}
+
+// LogpushFields is a map of available Logpush field names & descriptions.
+type LogpushFields map[string]string
+
+// LogpushGetOwnershipChallenge describes a ownership validation.
+type LogpushGetOwnershipChallenge struct {
+	Filename string `json:"filename"`
+	Valid    bool   `json:"valid"`
+	Message  string `json:"message"`
+}
+
+// LogpushGetOwnershipChallengeResponse is the API response, containing a ownership challenge.
+type LogpushGetOwnershipChallengeResponse struct {
+	Response
+	Result LogpushGetOwnershipChallenge `json:"result"`
+}
+
+// LogpushGetOwnershipChallengeRequest is the API request for get ownership challenge.
+type LogpushGetOwnershipChallengeRequest struct {
+	DestinationConf string `json:"destination_conf"`
+}
+
+// LogpushOwnershipChallengeValidationResponse is the API response,
+// containing a ownership challenge validation result.
+type LogpushOwnershipChallengeValidationResponse struct {
+	Response
+	Result struct {
+		Valid bool `json:"valid"`
+	}
+}
+
+// LogpushValidateOwnershipChallengeRequest is the API request for validate ownership challenge.
+type LogpushValidateOwnershipChallengeRequest struct {
+	DestinationConf    string `json:"destination_conf"`
+	OwnershipChallenge string `json:"ownership_challenge"`
+}
+
+// LogpushDestinationExistsResponse is the API response,
+// containing a destination exists check result.
+type LogpushDestinationExistsResponse struct {
+	Response
+	Result struct {
+		Exists bool `json:"exists"`
+	}
+}
+
+// LogpushDestinationExistsRequest is the API request for check destination exists.
+type LogpushDestinationExistsRequest struct {
+	DestinationConf string `json:"destination_conf"`
+}
+
+// Custom Marshaller for LogpushJob filter key.
+func (f LogpushJob) MarshalJSON() ([]byte, error) {
+	type Alias LogpushJob
+
+	var filter string
+
+	if f.Filter != nil {
+		b, err := json.Marshal(f.Filter)
+
+		if err != nil {
+			return nil, err
+		}
+
+		filter = string(b)
+	}
+
+	return json.Marshal(&struct {
+		Filter string `json:"filter,omitempty"`
+		Alias
+	}{
+		Filter: filter,
+		Alias:  (Alias)(f),
+	})
+}
+
+// Custom Unmarshaller for LogpushJob filter key.
+func (f *LogpushJob) UnmarshalJSON(data []byte) error {
+	type Alias LogpushJob
+	aux := &struct {
+		Filter string `json:"filter,omitempty"`
+		*Alias
+	}{
+		Alias: (*Alias)(f),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	if aux != nil && aux.Filter != "" {
+		var filter LogpushJobFilters
+		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
+			return err
+		}
+		if err := filter.Where.Validate(); err != nil {
+			return err
+		}
+		f.Filter = &filter
+	}
+	return nil
+}
+
+func (f CreateLogpushJobParams) MarshalJSON() ([]byte, error) {
+	type Alias CreateLogpushJobParams
+
+	var filter string
+
+	if f.Filter != nil {
+		b, err := json.Marshal(f.Filter)
+
+		if err != nil {
+			return nil, err
+		}
+
+		filter = string(b)
+	}
+
+	return json.Marshal(&struct {
+		Filter string `json:"filter,omitempty"`
+		Alias
+	}{
+		Filter: filter,
+		Alias:  (Alias)(f),
+	})
+}
+
+// Custom Unmarshaller for CreateLogpushJobParams filter key.
+func (f *CreateLogpushJobParams) UnmarshalJSON(data []byte) error {
+	type Alias CreateLogpushJobParams
+	aux := &struct {
+		Filter string `json:"filter,omitempty"`
+		*Alias
+	}{
+		Alias: (*Alias)(f),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	if aux != nil && aux.Filter != "" {
+		var filter LogpushJobFilters
+		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
+			return err
+		}
+		if err := filter.Where.Validate(); err != nil {
+			return err
+		}
+		f.Filter = &filter
+	}
+	return nil
+}
+
+func (f UpdateLogpushJobParams) MarshalJSON() ([]byte, error) {
+	type Alias UpdateLogpushJobParams
+
+	var filter string
+
+	if f.Filter != nil {
+		b, err := json.Marshal(f.Filter)
+
+		if err != nil {
+			return nil, err
+		}
+
+		filter = string(b)
+	}
+
+	return json.Marshal(&struct {
+		Filter string `json:"filter,omitempty"`
+		Alias
+	}{
+		Filter: filter,
+		Alias:  (Alias)(f),
+	})
+}
+
+// Custom Unmarshaller for UpdateLogpushJobParams filter key.
+func (f *UpdateLogpushJobParams) UnmarshalJSON(data []byte) error {
+	type Alias UpdateLogpushJobParams
+	aux := &struct {
+		Filter string `json:"filter,omitempty"`
+		*Alias
+	}{
+		Alias: (*Alias)(f),
+	}
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	if aux != nil && aux.Filter != "" {
+		var filter LogpushJobFilters
+		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
+			return err
+		}
+		if err := filter.Where.Validate(); err != nil {
+			return err
+		}
+		f.Filter = &filter
+	}
+	return nil
+}
+
+func (filter *LogpushJobFilter) Validate() error {
+	if filter.And != nil {
+		if filter.Or != nil || filter.Key != "" || filter.Operator != "" || filter.Value != nil {
+			return errors.New("And can't be set with Or, Key, Operator or Value")
+		}
+		for i, element := range filter.And {
+			err := element.Validate()
+			if err != nil {
+				return fmt.Errorf("element %v in And is invalid: %w", i, err)
+			}
+		}
+		return nil
+	}
+	if filter.Or != nil {
+		if filter.And != nil || filter.Key != "" || filter.Operator != "" || filter.Value != nil {
+			return errors.New("Or can't be set with And, Key, Operator or Value")
+		}
+		for i, element := range filter.Or {
+			err := element.Validate()
+			if err != nil {
+				return fmt.Errorf("element %v in Or is invalid: %w", i, err)
+			}
+		}
+		return nil
+	}
+	if filter.Key == "" {
+		return errors.New("Key is missing")
+	}
+
+	if filter.Operator == "" {
+		return errors.New("Operator is missing")
+	}
+
+	if filter.Value == nil {
+		return errors.New("Value is missing")
+	}
+
+	return nil
+}
+
+type CreateLogpushJobParams struct {
+	Dataset                  string                `json:"dataset"`
+	Enabled                  bool                  `json:"enabled"`
+	Kind                     string                `json:"kind,omitempty"`
+	Name                     string                `json:"name"`
+	LogpullOptions           string                `json:"logpull_options,omitempty"`
+	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
+	DestinationConf          string                `json:"destination_conf"`
+	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
+	ErrorMessage             string                `json:"error_message,omitempty"`
+	Frequency                string                `json:"frequency,omitempty"`
+	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
+	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
+	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
+	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
+}
+
+type ListLogpushJobsParams struct{}
+
+type ListLogpushJobsForDatasetParams struct {
+	Dataset string `json:"-"`
+}
+
+type GetLogpushFieldsParams struct {
+	Dataset string `json:"-"`
+}
+
+type UpdateLogpushJobParams struct {
+	ID                       int                   `json:"-"`
+	Dataset                  string                `json:"dataset"`
+	Enabled                  bool                  `json:"enabled"`
+	Kind                     string                `json:"kind,omitempty"`
+	Name                     string                `json:"name"`
+	LogpullOptions           string                `json:"logpull_options,omitempty"`
+	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
+	DestinationConf          string                `json:"destination_conf"`
+	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
+	LastComplete             *time.Time            `json:"last_complete,omitempty"`
+	LastError                *time.Time            `json:"last_error,omitempty"`
+	ErrorMessage             string                `json:"error_message,omitempty"`
+	Frequency                string                `json:"frequency,omitempty"`
+	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
+	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
+	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
+	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
+}
+
+type ValidateLogpushOwnershipChallengeParams struct {
+	DestinationConf    string `json:"destination_conf"`
+	OwnershipChallenge string `json:"ownership_challenge"`
+}
+
+type GetLogpushOwnershipChallengeParams struct {
+	DestinationConf string `json:"destination_conf"`
+}
+
+// CreateLogpushJob creates a new zone-level Logpush Job.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-create-logpush-job
+func (api *API) CreateLogpushJob(ctx context.Context, rc *ResourceContainer, params CreateLogpushJobParams) (*LogpushJob, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/jobs", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return nil, err
+	}
+	var r LogpushJobDetailsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+// ListAccountLogpushJobs returns all Logpush Jobs for all datasets.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs
+func (api *API) ListLogpushJobs(ctx context.Context, rc *ResourceContainer, params ListLogpushJobsParams) ([]LogpushJob, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/jobs", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []LogpushJob{}, err
+	}
+	var r LogpushJobsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// LogpushJobsForDataset returns all Logpush Jobs for a dataset.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs-for-a-dataset
+func (api *API) ListLogpushJobsForDataset(ctx context.Context, rc *ResourceContainer, params ListLogpushJobsForDatasetParams) ([]LogpushJob, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/datasets/%s/jobs", rc.Level, rc.Identifier, params.Dataset)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []LogpushJob{}, err
+	}
+	var r LogpushJobsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// LogpushFields returns fields for a given dataset.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs
+func (api *API) GetLogpushFields(ctx context.Context, rc *ResourceContainer, params GetLogpushFieldsParams) (LogpushFields, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/datasets/%s/fields", rc.Level, rc.Identifier, params.Dataset)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LogpushFields{}, err
+	}
+	var r LogpushFieldsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return LogpushFields{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// LogpushJob fetches detail about one Logpush Job for a zone.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-logpush-job-details
+func (api *API) GetLogpushJob(ctx context.Context, rc *ResourceContainer, jobID int) (LogpushJob, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, jobID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return LogpushJob{}, err
+	}
+	var r LogpushJobDetailsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateLogpushJob lets you update a Logpush Job.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-update-logpush-job
+func (api *API) UpdateLogpushJob(ctx context.Context, rc *ResourceContainer, params UpdateLogpushJobParams) error {
+	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return err
+	}
+	var r LogpushJobDetailsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// DeleteLogpushJob deletes a Logpush Job for a zone.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-delete-logpush-job
+func (api *API) DeleteLogpushJob(ctx context.Context, rc *ResourceContainer, jobID int) error {
+	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, jobID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r LogpushJobDetailsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// GetLogpushOwnershipChallenge returns ownership challenge.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-get-ownership-challenge
+func (api *API) GetLogpushOwnershipChallenge(ctx context.Context, rc *ResourceContainer, params GetLogpushOwnershipChallengeParams) (*LogpushGetOwnershipChallenge, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/ownership", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return nil, err
+	}
+	var r LogpushGetOwnershipChallengeResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !r.Result.Valid {
+		return nil, errors.New(r.Result.Message)
+	}
+
+	return &r.Result, nil
+}
+
+// ValidateLogpushOwnershipChallenge returns zone-level ownership challenge validation result.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-validate-ownership-challenge
+func (api *API) ValidateLogpushOwnershipChallenge(ctx context.Context, rc *ResourceContainer, params ValidateLogpushOwnershipChallengeParams) (bool, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/ownership/validate", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return false, err
+	}
+	var r LogpushGetOwnershipChallengeResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return false, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result.Valid, nil
+}
+
+// CheckLogpushDestinationExists returns zone-level destination exists check result.
+//
+// API reference: https://api.cloudflare.com/#logpush-jobs-check-destination-exists
+func (api *API) CheckLogpushDestinationExists(ctx context.Context, rc *ResourceContainer, destinationConf string) (bool, error) {
+	uri := fmt.Sprintf("/%s/%s/logpush/validate/destination/exists", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, LogpushDestinationExistsRequest{
+		DestinationConf: destinationConf,
+	})
+	if err != nil {
+		return false, err
+	}
+	var r LogpushDestinationExistsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return false, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result.Exists, nil
+}
diff --git a/pkg/cloudflare-go/logpush_example_test.go b/pkg/cloudflare-go/logpush_example_test.go
new file mode 100644
index 0000000000..3714ce74cf
--- /dev/null
+++ b/pkg/cloudflare-go/logpush_example_test.go
@@ -0,0 +1,201 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/goccy/go-json"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_CreateLogpushJob() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	job, err := api.CreateLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.CreateLogpushJobParams{
+		Enabled:         false,
+		Name:            "example.com",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+		DestinationConf: "s3://mybucket/logs?region=us-west-2",
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", job)
+}
+
+func ExampleAPI_UpdateLogpushJob() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = api.UpdateLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.UpdateLogpushJobParams{
+		ID:              1,
+		Enabled:         true,
+		Name:            "updated.com",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp",
+		DestinationConf: "gs://mybucket/logs",
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func ExampleAPI_ListLogpushJobs() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	jobs, err := api.ListLogpushJobs(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListLogpushJobsParams{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", jobs)
+	for _, r := range jobs {
+		fmt.Printf("%+v\n", r)
+	}
+}
+
+func ExampleAPI_GetLogpushJob() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	job, err := api.GetLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", job)
+}
+
+func ExampleAPI_DeleteLogpushJob() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = api.DeleteLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func ExampleAPI_GetLogpushOwnershipChallenge() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	ownershipChallenge, err := api.GetLogpushOwnershipChallenge(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", ownershipChallenge)
+}
+
+func ExampleAPI_ValidateLogpushOwnershipChallenge() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	isValid, err := api.ValidateLogpushOwnershipChallenge(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ValidateLogpushOwnershipChallengeParams{
+		DestinationConf:    "destination_conf",
+		OwnershipChallenge: "ownership_challenge",
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", isValid)
+}
+
+func ExampleAPI_CheckLogpushDestinationExists() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	exists, err := api.CheckLogpushDestinationExists(context.Background(), cloudflare.ZoneIdentifier(zoneID), "destination_conf")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", exists)
+}
+
+func ExampleLogpushJob_MarshalJSON() {
+	job := cloudflare.LogpushJob{
+		Name:            "example.com static assets",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
+		Dataset:         "http_requests",
+		DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
+		Filter: &cloudflare.LogpushJobFilters{
+			Where: cloudflare.LogpushJobFilter{
+				And: []cloudflare.LogpushJobFilter{
+					{Key: "ClientRequestPath", Operator: cloudflare.Contains, Value: "/static\\"},
+					{Key: "ClientRequestHost", Operator: cloudflare.Equal, Value: "example.com"},
+				},
+			},
+		},
+	}
+
+	jobstring, err := json.Marshal(job)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%s", jobstring)
+	// Output: {"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\\\\\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}
+}
diff --git a/pkg/cloudflare-go/logpush_test.go b/pkg/cloudflare-go/logpush_test.go
new file mode 100644
index 0000000000..f0872c624a
--- /dev/null
+++ b/pkg/cloudflare-go/logpush_test.go
@@ -0,0 +1,686 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strconv"
+	"testing"
+
+	"github.com/goccy/go-json"
+
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	jobID                       = 1
+	serverLogpushJobDescription = `{
+	"id": %d,
+	"dataset": "http_requests",
+	"kind": "",
+	"enabled": false,
+	"name": "example.com",
+	"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+	"destination_conf": "s3://mybucket/logs?region=us-west-2",
+	"last_complete": "%[2]s",
+	"last_error": "%[2]s",
+	"error_message": "test",
+	"frequency": "high",
+	"max_upload_bytes": 5000000
+  }
+`
+	serverLogpushJobWithOutputOptionsDescription = `{
+	"id": %d,
+	"dataset": "http_requests",
+	"kind": "",
+	"enabled": false,
+	"name": "example.com",
+	"output_options": {
+		"field_names":[
+			"RayID",
+			"ClientIP",
+			"EdgeStartTimestamp"
+		],
+		"timestamp_format": "rfc3339"
+	},
+	"destination_conf": "s3://mybucket/logs?region=us-west-2",
+	"last_complete": "%[2]s",
+	"last_error": "%[2]s",
+	"error_message": "test",
+	"frequency": "high",
+	"max_upload_bytes": 5000000
+  }
+`
+	serverEdgeLogpushJobDescription = `{
+	"id": %d,
+	"dataset": "http_requests",
+	"kind": "edge",
+	"enabled": true,
+	"name": "example.com",
+	"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+	"destination_conf": "s3://mybucket/logs?region=us-west-2",
+	"last_complete": "%[2]s",
+	"last_error": "%[2]s",
+	"error_message": "test",
+	"frequency": "high"
+  }
+`
+	serverLogpushGetOwnershipChallengeDescription = `{
+	"filename": "logs/challenge-filename.txt",
+	"valid": true,
+	"message": ""
+  }
+`
+	serverLogpushGetOwnershipChallengeInvalidResponseDescription = `{
+	"filename": "logs/challenge-filename.txt",
+	"valid": false,
+	"message": "destination is invalid"
+  }
+`
+)
+
+var (
+	testLogpushTimestamp     = time.Now().UTC()
+	expectedLogpushJobStruct = LogpushJob{
+		ID:              jobID,
+		Dataset:         "http_requests",
+		Enabled:         false,
+		Name:            "example.com",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+		DestinationConf: "s3://mybucket/logs?region=us-west-2",
+		LastComplete:    &testLogpushTimestamp,
+		LastError:       &testLogpushTimestamp,
+		ErrorMessage:    "test",
+		Frequency:       "high",
+		MaxUploadBytes:  5000000,
+	}
+	expectedLogpushJobWithOutputOptionsStruct = LogpushJob{
+		ID:      jobID,
+		Dataset: "http_requests",
+		Enabled: false,
+		Name:    "example.com",
+		OutputOptions: &LogpushOutputOptions{
+			FieldNames: []string{
+				"RayID",
+				"ClientIP",
+				"EdgeStartTimestamp",
+			},
+			TimestampFormat: "rfc3339",
+		},
+		DestinationConf: "s3://mybucket/logs?region=us-west-2",
+		LastComplete:    &testLogpushTimestamp,
+		LastError:       &testLogpushTimestamp,
+		ErrorMessage:    "test",
+		Frequency:       "high",
+		MaxUploadBytes:  5000000,
+	}
+	expectedEdgeLogpushJobStruct = LogpushJob{
+		ID:              jobID,
+		Dataset:         "http_requests",
+		Kind:            "edge",
+		Enabled:         true,
+		Name:            "example.com",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+		DestinationConf: "s3://mybucket/logs?region=us-west-2",
+		LastComplete:    &testLogpushTimestamp,
+		LastError:       &testLogpushTimestamp,
+		ErrorMessage:    "test",
+		Frequency:       "high",
+	}
+	expectedLogpushGetOwnershipChallengeStruct = LogpushGetOwnershipChallenge{
+		Filename: "logs/challenge-filename.txt",
+		Valid:    true,
+		Message:  "",
+	}
+)
+
+func TestLogpushJobs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 1,
+			"per_page": 25,
+			"count": 1,
+			"total_count": 1
+		  }
+		}
+		`, fmt.Sprintf(serverLogpushJobDescription, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs", handler)
+	want := []LogpushJob{expectedLogpushJobStruct}
+
+	actual, err := client.ListLogpushJobs(context.Background(), ZoneIdentifier(testZoneID), ListLogpushJobsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetLogpushJob(t *testing.T) {
+	testCases := map[string]struct {
+		result string
+		want   LogpushJob
+	}{
+		"core logpush job": {
+			result: serverLogpushJobDescription,
+			want:   expectedLogpushJobStruct,
+		},
+		"core logpush job with output options": {
+			result: serverLogpushJobWithOutputOptionsDescription,
+			want:   expectedLogpushJobWithOutputOptionsStruct,
+		},
+		"edge logpush job": {
+			result: serverEdgeLogpushJobDescription,
+			want:   expectedEdgeLogpushJobStruct,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprintf(w, `{
+				  "result": %s,
+				  "success": true,
+				  "errors": null,
+				  "messages": null
+				}
+				`, fmt.Sprintf(tc.result, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
+			}
+
+			mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
+
+			actual, err := client.GetLogpushJob(context.Background(), ZoneIdentifier(testZoneID), jobID)
+			if assert.NoError(t, err) {
+				assert.Equal(t, tc.want, actual)
+			}
+		})
+	}
+}
+
+func TestCreateLogpushJob(t *testing.T) {
+	testCases := map[string]struct {
+		newJob  CreateLogpushJobParams
+		payload string
+		result  string
+		want    LogpushJob
+	}{
+		"core logpush job": {
+			newJob: CreateLogpushJobParams{
+				Dataset:          "http_requests",
+				Enabled:          false,
+				Name:             "example.com",
+				LogpullOptions:   "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				DestinationConf:  "s3://mybucket/logs?region=us-west-2",
+				MaxUploadRecords: 1000,
+			},
+			payload: `{
+				"dataset": "http_requests",
+				"enabled":false,
+				"name":"example.com",
+				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				"destination_conf":"s3://mybucket/logs?region=us-west-2",
+				"max_upload_records": 1000
+			}`,
+			result: serverLogpushJobDescription,
+			want:   expectedLogpushJobStruct,
+		},
+		"core logpush job with output options": {
+			newJob: CreateLogpushJobParams{
+				Dataset: "http_requests",
+				Enabled: false,
+				Name:    "example.com",
+				OutputOptions: &LogpushOutputOptions{
+					FieldNames: []string{
+						"RayID",
+						"ClientIP",
+						"EdgeStartTimestamp",
+					},
+					TimestampFormat: "rfc3339",
+				},
+				DestinationConf:  "s3://mybucket/logs?region=us-west-2",
+				MaxUploadRecords: 1000,
+			},
+			payload: `{
+				"dataset": "http_requests",
+				"enabled":false,
+				"name":"example.com",
+				"output_options": {
+					"field_names":[
+						"RayID",
+						"ClientIP",
+						"EdgeStartTimestamp"
+					],
+					"timestamp_format": "rfc3339"
+				},
+				"destination_conf":"s3://mybucket/logs?region=us-west-2",
+				"max_upload_records": 1000
+			}`,
+			result: serverLogpushJobWithOutputOptionsDescription,
+			want:   expectedLogpushJobWithOutputOptionsStruct,
+		},
+		"edge logpush job": {
+			newJob: CreateLogpushJobParams{
+				Dataset:         "http_requests",
+				Enabled:         true,
+				Name:            "example.com",
+				Kind:            "edge",
+				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				DestinationConf: "s3://mybucket/logs?region=us-west-2",
+			},
+			payload: `{
+				"dataset": "http_requests",
+				"enabled":true,
+				"name":"example.com",
+				"kind":"edge",
+				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				"destination_conf":"s3://mybucket/logs?region=us-west-2"
+			}`,
+			result: serverEdgeLogpushJobDescription,
+			want:   expectedEdgeLogpushJobStruct,
+		},
+		"filtered edge logpush job": {
+			newJob: CreateLogpushJobParams{
+				Dataset:         "http_requests",
+				Enabled:         true,
+				Name:            "example.com",
+				Kind:            "edge",
+				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				DestinationConf: "s3://mybucket/logs?region=us-west-2",
+				Filter: &LogpushJobFilters{
+					Where: LogpushJobFilter{Key: "ClientRequestHost", Operator: "eq", Value: "example.com"},
+				},
+			},
+			payload: `{
+				"dataset": "http_requests",
+				"enabled":true,
+				"name":"example.com",
+				"kind":"edge",
+				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				"destination_conf":"s3://mybucket/logs?region=us-west-2",
+				"filter":"{\"where\":{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}}"
+			}`,
+			result: serverEdgeLogpushJobDescription,
+			want:   expectedEdgeLogpushJobStruct,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+				b, err := io.ReadAll(r.Body)
+				defer r.Body.Close()
+
+				if assert.NoError(t, err) {
+					assert.JSONEq(t, tc.payload, string(b), "JSON payload not equal")
+				}
+
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprintf(w, `{
+				"result": %s,
+				"success": true,
+				"errors": null,
+				"messages": null
+				}
+				`, fmt.Sprintf(tc.result, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
+			}
+
+			mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs", handler)
+
+			actual, err := client.CreateLogpushJob(context.Background(), ZoneIdentifier(testZoneID), tc.newJob)
+			if assert.NoError(t, err) {
+				assert.Equal(t, tc.want, *actual)
+			}
+		})
+	}
+}
+
+func TestUpdateLogpushJob(t *testing.T) {
+	setup()
+	defer teardown()
+	updatedJob := UpdateLogpushJobParams{
+		ID:              jobID,
+		Enabled:         true,
+		Name:            "updated.com",
+		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp",
+		DestinationConf: "gs://mybucket/logs",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(serverLogpushJobDescription, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
+
+	err := client.UpdateLogpushJob(context.Background(), ZoneIdentifier(testZoneID), updatedJob)
+	assert.NoError(t, err)
+}
+
+func TestDeleteLogpushJob(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
+
+	err := client.DeleteLogpushJob(context.Background(), ZoneIdentifier(testZoneID), jobID)
+	assert.NoError(t, err)
+}
+
+func TestGetLogpushOwnershipChallenge(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, serverLogpushGetOwnershipChallengeDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership", handler)
+
+	want := &expectedLogpushGetOwnershipChallengeStruct
+
+	actual, err := client.GetLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetLogpushOwnershipChallengeWithInvalidResponse(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, serverLogpushGetOwnershipChallengeInvalidResponseDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership", handler)
+	_, err := client.GetLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
+
+	assert.Error(t, err)
+}
+
+func TestValidateLogpushOwnershipChallenge(t *testing.T) {
+	testCases := map[string]struct {
+		isValid bool
+	}{
+		"ownership is valid": {
+			isValid: true,
+		},
+		"ownership is not valid": {
+			isValid: false,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprintf(w, `{
+				  "result": {
+					"valid": %v
+				  },
+				  "success": true,
+				  "errors": null,
+				  "messages": null
+				}
+				`, tc.isValid)
+			}
+
+			mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership/validate", handler)
+
+			actual, err := client.ValidateLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), ValidateLogpushOwnershipChallengeParams{
+				DestinationConf:    "destination_conf",
+				OwnershipChallenge: "ownership_challenge",
+			})
+			if assert.NoError(t, err) {
+				assert.Equal(t, tc.isValid, actual)
+			}
+		})
+	}
+}
+
+func TestCheckLogpushDestinationExists(t *testing.T) {
+	testCases := map[string]struct {
+		exists bool
+	}{
+		"destination exists": {
+			exists: true,
+		},
+		"destination does not exists": {
+			exists: false,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			handler := func(w http.ResponseWriter, r *http.Request) {
+				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+				w.Header().Set("content-type", "application/json")
+				fmt.Fprintf(w, `{
+				  "result": {
+					"exists": %v
+				  },
+				  "success": true,
+				  "errors": null,
+				  "messages": null
+				}
+				`, tc.exists)
+			}
+
+			mux.HandleFunc("/zones/"+testZoneID+"/logpush/validate/destination/exists", handler)
+
+			actual, err := client.CheckLogpushDestinationExists(context.Background(), ZoneIdentifier(testZoneID), "destination_conf")
+			if assert.NoError(t, err) {
+				assert.Equal(t, tc.exists, actual)
+			}
+		})
+	}
+}
+
+var (
+	validFilter LogpushJobFilter = LogpushJobFilter{Key: "ClientRequestPath", Operator: Contains, Value: "static"}
+)
+
+var logpushJobFiltersTest = []struct {
+	name                 string
+	input                LogpushJobFilter
+	haserror             bool
+	expectedErrorMessage string
+}{
+	// Tests without And or Or
+	{"Empty Filter", LogpushJobFilter{}, true, "Key is missing"},
+	{"Missing Operator", LogpushJobFilter{Key: "ClientRequestPath"}, true, "Operator is missing"},
+	{"Missing Value", LogpushJobFilter{Key: "ClientRequestPath", Operator: Contains}, true, "Value is missing"},
+	{"Valid Basic Filter", validFilter, false, ""},
+	// Tests with And
+	{"Valid And Filter", LogpushJobFilter{And: []LogpushJobFilter{validFilter}}, false, ""},
+	{"And and Or", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Or: []LogpushJobFilter{validFilter}}, true, "And can't be set with Or, Key, Operator or Value"},
+	{"And and Key", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Key: "Key"}, true, "And can't be set with Or, Key, Operator or Value"},
+	{"And and Operator", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Operator: Contains}, true, "And can't be set with Or, Key, Operator or Value"},
+	{"And and Value", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Value: "Value"}, true, "And can't be set with Or, Key, Operator or Value"},
+	{"And with nested error", LogpushJobFilter{And: []LogpushJobFilter{validFilter, {}}}, true, "element 1 in And is invalid: Key is missing"},
+	// Tests with Or
+	{"Valid Or Filter", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}}, false, ""},
+	{"Or and Key", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Key: "Key"}, true, "Or can't be set with And, Key, Operator or Value"},
+	{"Or and Operator", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Operator: Contains}, true, "Or can't be set with And, Key, Operator or Value"},
+	{"Or and Value", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Value: "Value"}, true, "Or can't be set with And, Key, Operator or Value"},
+	{"Or with nested error", LogpushJobFilter{Or: []LogpushJobFilter{validFilter, {}}}, true, "element 1 in Or is invalid: Key is missing"},
+}
+
+func TestLogpushJobFilter_Validate(t *testing.T) {
+	for _, tt := range logpushJobFiltersTest {
+		t.Run(tt.name, func(t *testing.T) {
+			got := tt.input.Validate()
+			if tt.haserror {
+				assert.ErrorContains(t, got, tt.expectedErrorMessage)
+			} else {
+				assert.NoError(t, got)
+			}
+		})
+	}
+}
+
+func TestLogpushJob_Unmarshall(t *testing.T) {
+	t.Run("Valid Filter", func(t *testing.T) {
+		jsonstring := `{"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\\\\\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
+		var job LogpushJob
+		if err := json.Unmarshal([]byte(jsonstring), &job); err != nil {
+			log.Fatal(err)
+		}
+
+		assert.Equal(t, LogpushJob{
+			Name:            "example.com static assets",
+			LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
+			Dataset:         "http_requests",
+			DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
+			Filter: &LogpushJobFilters{
+				Where: LogpushJobFilter{
+					And: []LogpushJobFilter{
+						{Key: "ClientRequestPath", Operator: Contains, Value: "/static\\"},
+						{Key: "ClientRequestHost", Operator: Equal, Value: "example.com"},
+					},
+				},
+			},
+		}, job)
+	})
+
+	t.Run("Invalid Filter", func(t *testing.T) {
+		jsonstring := `{"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
+		var job LogpushJob
+		err := json.Unmarshal([]byte(jsonstring), &job)
+
+		assert.ErrorContains(t, err, "element 0 in And is invalid: Value is missing")
+	})
+
+	t.Run("No Filter", func(t *testing.T) {
+		jsonstring := `{"dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
+		var job LogpushJob
+		if err := json.Unmarshal([]byte(jsonstring), &job); err != nil {
+			log.Fatal(err)
+		}
+
+		assert.Equal(t, LogpushJob{
+			Name:            "example.com static assets",
+			LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
+			Dataset:         "http_requests",
+			DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
+		}, job)
+	})
+}
+
+func TestLogPushJob_Marshall(t *testing.T) {
+	testCases := []struct {
+		job  LogpushJob
+		want string
+	}{
+		{
+			job: LogpushJob{
+				Dataset:         "http_requests",
+				Name:            "valid filter",
+				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				DestinationConf: "https://example.com",
+				Filter: &LogpushJobFilters{
+					Where: LogpushJobFilter{Key: "ClientRequestHost", Operator: Equal, Value: "example.com"},
+				},
+			},
+			want: `{
+				"dataset": "http_requests",
+				"enabled": false,
+				"name": "valid filter",
+				"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				"destination_conf": "https://example.com",
+				"filter":"{\"where\":{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}}"
+			}`,
+		},
+		{
+			job: LogpushJob{
+				Dataset:         "http_requests",
+				Name:            "no filter",
+				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				DestinationConf: "https://example.com",
+			},
+			want: `{
+				"dataset": "http_requests",
+				"enabled": false,
+				"name": "no filter",
+				"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
+				"destination_conf": "https://example.com"
+			}`,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.job.Name, func(t *testing.T) {
+			got, err := json.Marshal(tc.job)
+
+			if assert.NoError(t, err) {
+				assert.JSONEq(t, tc.want, string(got))
+			}
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/magic_firewall_rulesets.go b/pkg/cloudflare-go/magic_firewall_rulesets.go
new file mode 100644
index 0000000000..1851198be2
--- /dev/null
+++ b/pkg/cloudflare-go/magic_firewall_rulesets.go
@@ -0,0 +1,206 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	// MagicFirewallRulesetKindRoot specifies a root Ruleset.
+	MagicFirewallRulesetKindRoot = "root"
+
+	// MagicFirewallRulesetPhaseMagicTransit specifies the Magic Transit Ruleset phase.
+	MagicFirewallRulesetPhaseMagicTransit = "magic_transit"
+
+	// MagicFirewallRulesetRuleActionSkip specifies a skip (allow) action.
+	MagicFirewallRulesetRuleActionSkip MagicFirewallRulesetRuleAction = "skip"
+
+	// MagicFirewallRulesetRuleActionBlock specifies a block action.
+	MagicFirewallRulesetRuleActionBlock MagicFirewallRulesetRuleAction = "block"
+)
+
+// MagicFirewallRulesetRuleAction specifies the action for a Firewall rule.
+type MagicFirewallRulesetRuleAction string
+
+// MagicFirewallRuleset contains information about a Firewall Ruleset.
+type MagicFirewallRuleset struct {
+	ID          string                     `json:"id"`
+	Name        string                     `json:"name"`
+	Description string                     `json:"description"`
+	Kind        string                     `json:"kind"`
+	Version     string                     `json:"version,omitempty"`
+	LastUpdated *time.Time                 `json:"last_updated,omitempty"`
+	Phase       string                     `json:"phase"`
+	Rules       []MagicFirewallRulesetRule `json:"rules"`
+}
+
+// MagicFirewallRulesetRuleActionParameters specifies the action parameters for a Firewall rule.
+type MagicFirewallRulesetRuleActionParameters struct {
+	Ruleset string `json:"ruleset,omitempty"`
+}
+
+// MagicFirewallRulesetRule contains information about a single Magic Firewall rule.
+type MagicFirewallRulesetRule struct {
+	ID               string                                    `json:"id,omitempty"`
+	Version          string                                    `json:"version,omitempty"`
+	Action           MagicFirewallRulesetRuleAction            `json:"action"`
+	ActionParameters *MagicFirewallRulesetRuleActionParameters `json:"action_parameters,omitempty"`
+	Expression       string                                    `json:"expression"`
+	Description      string                                    `json:"description"`
+	LastUpdated      *time.Time                                `json:"last_updated,omitempty"`
+	Ref              string                                    `json:"ref,omitempty"`
+	Enabled          bool                                      `json:"enabled"`
+}
+
+// CreateMagicFirewallRulesetRequest contains data for a new Firewall ruleset.
+type CreateMagicFirewallRulesetRequest struct {
+	Name        string                     `json:"name"`
+	Description string                     `json:"description"`
+	Kind        string                     `json:"kind"`
+	Phase       string                     `json:"phase"`
+	Rules       []MagicFirewallRulesetRule `json:"rules"`
+}
+
+// UpdateMagicFirewallRulesetRequest contains data for a Magic Firewall ruleset update.
+type UpdateMagicFirewallRulesetRequest struct {
+	Description string                     `json:"description"`
+	Rules       []MagicFirewallRulesetRule `json:"rules"`
+}
+
+// ListMagicFirewallRulesetResponse contains a list of Magic Firewall rulesets.
+type ListMagicFirewallRulesetResponse struct {
+	Response
+	Result []MagicFirewallRuleset `json:"result"`
+}
+
+// GetMagicFirewallRulesetResponse contains a single Magic Firewall Ruleset.
+type GetMagicFirewallRulesetResponse struct {
+	Response
+	Result MagicFirewallRuleset `json:"result"`
+}
+
+// CreateMagicFirewallRulesetResponse contains response data when creating a new Magic Firewall ruleset.
+type CreateMagicFirewallRulesetResponse struct {
+	Response
+	Result MagicFirewallRuleset `json:"result"`
+}
+
+// UpdateMagicFirewallRulesetResponse contains response data when updating an existing Magic Firewall ruleset.
+type UpdateMagicFirewallRulesetResponse struct {
+	Response
+	Result MagicFirewallRuleset `json:"result"`
+}
+
+// ListMagicFirewallRulesets lists all Rulesets for a given account
+//
+// API reference: https://api.cloudflare.com/#rulesets-list-rulesets
+//
+// Deprecated: Use `ListZoneRuleset` or `ListAccountRuleset` instead.
+func (api *API) ListMagicFirewallRulesets(ctx context.Context, accountID string) ([]MagicFirewallRuleset, error) {
+	uri := fmt.Sprintf("/accounts/%s/rulesets", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []MagicFirewallRuleset{}, err
+	}
+
+	result := ListMagicFirewallRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetMagicFirewallRuleset returns a specific Magic Firewall Ruleset
+//
+// API reference: https://api.cloudflare.com/#rulesets-get-a-ruleset
+//
+// Deprecated: Use `GetZoneRuleset` or `GetAccountRuleset` instead.
+func (api *API) GetMagicFirewallRuleset(ctx context.Context, accountID, ID string) (MagicFirewallRuleset, error) {
+	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return MagicFirewallRuleset{}, err
+	}
+
+	result := GetMagicFirewallRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// CreateMagicFirewallRuleset creates a Magic Firewall ruleset
+//
+// API reference: https://api.cloudflare.com/#rulesets-list-rulesets
+//
+// Deprecated: Use `CreateZoneRuleset` or `CreateAccountRuleset` instead.
+func (api *API) CreateMagicFirewallRuleset(ctx context.Context, accountID, name, description string, rules []MagicFirewallRulesetRule) (MagicFirewallRuleset, error) {
+	uri := fmt.Sprintf("/accounts/%s/rulesets", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
+		CreateMagicFirewallRulesetRequest{
+			Name:        name,
+			Description: description,
+			Kind:        MagicFirewallRulesetKindRoot,
+			Phase:       MagicFirewallRulesetPhaseMagicTransit,
+			Rules:       rules})
+	if err != nil {
+		return MagicFirewallRuleset{}, err
+	}
+
+	result := CreateMagicFirewallRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteMagicFirewallRuleset deletes a Magic Firewall ruleset
+//
+// API reference: https://api.cloudflare.com/#rulesets-delete-ruleset
+//
+// Deprecated: Use `DeleteZoneRuleset` or `DeleteAccountRuleset` instead.
+func (api *API) DeleteMagicFirewallRuleset(ctx context.Context, accountID, ID string) error {
+	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	// Firewall API is not implementing the standard response blob but returns an empty response (204) in case
+	// of a success. So we are checking for the response body size here
+	if len(res) > 0 {
+		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
+	}
+
+	return nil
+}
+
+// UpdateMagicFirewallRuleset updates a Magic Firewall ruleset
+//
+// API reference: https://api.cloudflare.com/#rulesets-update-ruleset
+//
+// Deprecated: Use `UpdateZoneRuleset` or `UpdateAccountRuleset` instead.
+func (api *API) UpdateMagicFirewallRuleset(ctx context.Context, accountID, ID string, description string, rules []MagicFirewallRulesetRule) (MagicFirewallRuleset, error) {
+	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri,
+		UpdateMagicFirewallRulesetRequest{Description: description, Rules: rules})
+	if err != nil {
+		return MagicFirewallRuleset{}, err
+	}
+
+	result := UpdateMagicFirewallRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
diff --git a/pkg/cloudflare-go/magic_firewall_rulesets_test.go b/pkg/cloudflare-go/magic_firewall_rulesets_test.go
new file mode 100644
index 0000000000..990da0e0a5
--- /dev/null
+++ b/pkg/cloudflare-go/magic_firewall_rulesets_test.go
@@ -0,0 +1,318 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListMagicFirewallRulesets(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+				{
+					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+					"name": "ruleset1",
+					"description": "Test Firewall Ruleset",
+					"kind": "root",
+					"version": "1",
+					"last_updated": "2020-12-02T20:24:07.776073Z",
+					"phase": "magic_transit"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+
+	want := []MagicFirewallRuleset{
+		{
+			ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			Name:        "ruleset1",
+			Description: "Test Firewall Ruleset",
+			Kind:        "root",
+			Version:     "1",
+			LastUpdated: &lastUpdated,
+			Phase:       MagicFirewallRulesetPhaseMagicTransit,
+		},
+	}
+
+	actual, err := client.ListMagicFirewallRulesets(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetMagicFirewallRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "ruleset1",
+				"description": "Test Firewall Ruleset",
+				"kind": "root",
+				"version": "1",
+				"last_updated": "2020-12-02T20:24:07.776073Z",
+				"phase": "magic_transit",
+				"rules": [
+					{
+						"id": "62449e2e0de149619edb35e59c10d801",
+						"version": "1",
+						"action": "skip",
+						"action_parameters":{
+   							"ruleset":"current"
+						},
+						"expression": "tcp.dstport in { 32768..65535 }",
+						"description": "Allow TCP Ephemeral Ports",
+						"last_updated": "2020-12-02T20:24:07.776073Z",
+						"ref": "72449e2e0de149619edb35e59c10d801",
+						"enabled": true
+					}
+				]
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+	rules := []MagicFirewallRulesetRule{{
+		ID:      "62449e2e0de149619edb35e59c10d801",
+		Version: "1",
+		Action:  MagicFirewallRulesetRuleActionSkip,
+		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "tcp.dstport in { 32768..65535 }",
+		Description: "Allow TCP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     true,
+	}}
+
+	want := MagicFirewallRuleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "ruleset1",
+		Description: "Test Firewall Ruleset",
+		Kind:        "root",
+		Version:     "1",
+		LastUpdated: &lastUpdated,
+		Phase:       MagicFirewallRulesetPhaseMagicTransit,
+		Rules:       rules,
+	}
+
+	actual, err := client.GetMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicFirewallRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "ruleset1",
+				"description": "Test Firewall Ruleset",
+				"kind": "root",
+				"version": "1",
+				"last_updated": "2020-12-02T20:24:07.776073Z",
+				"phase": "magic_transit",
+				"rules": [
+					{
+						"id": "62449e2e0de149619edb35e59c10d801",
+						"version": "1",
+						"action": "skip",
+						"action_parameters":{
+   							"ruleset":"current"
+						},
+						"expression": "tcp.dstport in { 32768..65535 }",
+						"description": "Allow TCP Ephemeral Ports",
+						"last_updated": "2020-12-02T20:24:07.776073Z",
+						"ref": "72449e2e0de149619edb35e59c10d801",
+						"enabled": true
+					}
+				]
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+	rules := []MagicFirewallRulesetRule{{
+		ID:      "62449e2e0de149619edb35e59c10d801",
+		Version: "1",
+		Action:  MagicFirewallRulesetRuleActionSkip,
+		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "tcp.dstport in { 32768..65535 }",
+		Description: "Allow TCP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     true,
+	}}
+
+	want := MagicFirewallRuleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "ruleset1",
+		Description: "Test Firewall Ruleset",
+		Kind:        "root",
+		Version:     "1",
+		LastUpdated: &lastUpdated,
+		Phase:       MagicFirewallRulesetPhaseMagicTransit,
+		Rules:       rules,
+	}
+
+	actual, err := client.CreateMagicFirewallRuleset(context.Background(), testAccountID, "ruleset1", "Test Firewall Ruleset", rules)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateMagicFirewallRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+				"name": "ruleset1",
+				"description": "Test Firewall Ruleset Update",
+				"kind": "root",
+				"version": "1",
+				"last_updated": "2020-12-02T20:24:07.776073Z",
+				"phase": "magic_transit",
+				"rules": [
+					{
+						"id": "62449e2e0de149619edb35e59c10d801",
+						"version": "1",
+						"action": "skip",
+						"action_parameters":{
+   							"ruleset":"current"
+						},
+						"expression": "tcp.dstport in { 32768..65535 }",
+						"description": "Allow TCP Ephemeral Ports",
+						"last_updated": "2020-12-02T20:24:07.776073Z",
+						"ref": "72449e2e0de149619edb35e59c10d801",
+						"enabled": true
+					},
+					{
+						"id": "62449e2e0de149619edb35e59c10d802",
+						"version": "1",
+						"action": "skip",
+						"action_parameters":{
+   							"ruleset":"current"
+						},
+						"expression": "udp.dstport in { 32768..65535 }",
+						"description": "Allow UDP Ephemeral Ports",
+						"last_updated": "2020-12-02T20:24:07.776073Z",
+						"ref": "72449e2e0de149619edb35e59c10d801",
+						"enabled": true
+					}
+				]
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+	rules := []MagicFirewallRulesetRule{{
+		ID:      "62449e2e0de149619edb35e59c10d801",
+		Version: "1",
+		Action:  MagicFirewallRulesetRuleActionSkip,
+		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "tcp.dstport in { 32768..65535 }",
+		Description: "Allow TCP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     true,
+	}, {
+		ID:      "62449e2e0de149619edb35e59c10d802",
+		Version: "1",
+		Action:  MagicFirewallRulesetRuleActionSkip,
+		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "udp.dstport in { 32768..65535 }",
+		Description: "Allow UDP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     true,
+	}}
+
+	want := MagicFirewallRuleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "ruleset1",
+		Description: "Test Firewall Ruleset Update",
+		Kind:        "root",
+		Version:     "1",
+		LastUpdated: &lastUpdated,
+		Phase:       MagicFirewallRulesetPhaseMagicTransit,
+		Rules:       rules,
+	}
+
+	actual, err := client.UpdateMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e", "Test Firewall Ruleset Update", rules)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+// Firewall API is not implementing the standard response blob but returns an empty response (204) in case
+// of a success. So we are checking for the response body size here
+// TODO, This is going to be changed by MFW-63.
+func TestDeleteMagicFirewallRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, ``)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	err := client.DeleteMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/magic_transit_gre_tunnel.go b/pkg/cloudflare-go/magic_transit_gre_tunnel.go
new file mode 100644
index 0000000000..52e24d5f1e
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_gre_tunnel.go
@@ -0,0 +1,181 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Magic Transit GRE Tunnel Error messages.
+const (
+	errMagicTransitGRETunnelNotModified = "When trying to modify GRE tunnel, API returned modified: false"
+	errMagicTransitGRETunnelNotDeleted  = "When trying to delete GRE tunnel, API returned deleted: false"
+)
+
+// MagicTransitGRETunnel contains information about a GRE tunnel.
+type MagicTransitGRETunnel struct {
+	ID                    string                            `json:"id,omitempty"`
+	CreatedOn             *time.Time                        `json:"created_on,omitempty"`
+	ModifiedOn            *time.Time                        `json:"modified_on,omitempty"`
+	Name                  string                            `json:"name"`
+	CustomerGREEndpoint   string                            `json:"customer_gre_endpoint"`
+	CloudflareGREEndpoint string                            `json:"cloudflare_gre_endpoint"`
+	InterfaceAddress      string                            `json:"interface_address"`
+	Description           string                            `json:"description,omitempty"`
+	TTL                   uint8                             `json:"ttl,omitempty"`
+	MTU                   uint16                            `json:"mtu,omitempty"`
+	HealthCheck           *MagicTransitGRETunnelHealthcheck `json:"health_check,omitempty"`
+}
+
+// MagicTransitGRETunnelHealthcheck contains information about a GRE tunnel health check.
+type MagicTransitGRETunnelHealthcheck struct {
+	Enabled bool   `json:"enabled"`
+	Target  string `json:"target,omitempty"`
+	Type    string `json:"type,omitempty"`
+}
+
+// ListMagicTransitGRETunnelsResponse contains a response including GRE tunnels.
+type ListMagicTransitGRETunnelsResponse struct {
+	Response
+	Result struct {
+		GRETunnels []MagicTransitGRETunnel `json:"gre_tunnels"`
+	} `json:"result"`
+}
+
+// GetMagicTransitGRETunnelResponse contains a response including zero or one GRE tunnels.
+type GetMagicTransitGRETunnelResponse struct {
+	Response
+	Result struct {
+		GRETunnel MagicTransitGRETunnel `json:"gre_tunnel"`
+	} `json:"result"`
+}
+
+// CreateMagicTransitGRETunnelsRequest is an array of GRE tunnels to create.
+type CreateMagicTransitGRETunnelsRequest struct {
+	GRETunnels []MagicTransitGRETunnel `json:"gre_tunnels"`
+}
+
+// UpdateMagicTransitGRETunnelResponse contains a response after updating a GRE Tunnel.
+type UpdateMagicTransitGRETunnelResponse struct {
+	Response
+	Result struct {
+		Modified          bool                  `json:"modified"`
+		ModifiedGRETunnel MagicTransitGRETunnel `json:"modified_gre_tunnel"`
+	} `json:"result"`
+}
+
+// DeleteMagicTransitGRETunnelResponse contains a response after deleting a GRE Tunnel.
+type DeleteMagicTransitGRETunnelResponse struct {
+	Response
+	Result struct {
+		Deleted          bool                  `json:"deleted"`
+		DeletedGRETunnel MagicTransitGRETunnel `json:"deleted_gre_tunnel"`
+	} `json:"result"`
+}
+
+// ListMagicTransitGRETunnels lists all GRE tunnels for a given account.
+//
+// API reference: https://api.cloudflare.com/#magic-gre-tunnels-list-gre-tunnels
+func (api *API) ListMagicTransitGRETunnels(ctx context.Context, accountID string) ([]MagicTransitGRETunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []MagicTransitGRETunnel{}, err
+	}
+
+	result := ListMagicTransitGRETunnelsResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.GRETunnels, nil
+}
+
+// GetMagicTransitGRETunnel returns zero or one GRE tunnel.
+//
+// API reference: https://api.cloudflare.com/#magic-gre-tunnels-gre-tunnel-details
+func (api *API) GetMagicTransitGRETunnel(ctx context.Context, accountID string, id string) (MagicTransitGRETunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return MagicTransitGRETunnel{}, err
+	}
+
+	result := GetMagicTransitGRETunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.GRETunnel, nil
+}
+
+// CreateMagicTransitGRETunnels creates one or more GRE tunnels.
+//
+// API reference: https://api.cloudflare.com/#magic-gre-tunnels-create-gre-tunnels
+func (api *API) CreateMagicTransitGRETunnels(ctx context.Context, accountID string, tunnels []MagicTransitGRETunnel) ([]MagicTransitGRETunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitGRETunnelsRequest{
+		GRETunnels: tunnels,
+	})
+
+	if err != nil {
+		return []MagicTransitGRETunnel{}, err
+	}
+
+	result := ListMagicTransitGRETunnelsResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.GRETunnels, nil
+}
+
+// UpdateMagicTransitGRETunnel updates a GRE tunnel.
+//
+// API reference: https://api.cloudflare.com/#magic-gre-tunnels-update-gre-tunnel
+func (api *API) UpdateMagicTransitGRETunnel(ctx context.Context, accountID string, id string, tunnel MagicTransitGRETunnel) (MagicTransitGRETunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnel)
+
+	if err != nil {
+		return MagicTransitGRETunnel{}, err
+	}
+
+	result := UpdateMagicTransitGRETunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Modified {
+		return MagicTransitGRETunnel{}, errors.New(errMagicTransitGRETunnelNotModified)
+	}
+
+	return result.Result.ModifiedGRETunnel, nil
+}
+
+// DeleteMagicTransitGRETunnel deletes a GRE tunnel.
+//
+// API reference: https://api.cloudflare.com/#magic-gre-tunnels-delete-gre-tunnel
+func (api *API) DeleteMagicTransitGRETunnel(ctx context.Context, accountID string, id string) (MagicTransitGRETunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return MagicTransitGRETunnel{}, err
+	}
+
+	result := DeleteMagicTransitGRETunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Deleted {
+		return MagicTransitGRETunnel{}, errors.New(errMagicTransitGRETunnelNotDeleted)
+	}
+
+	return result.Result.DeletedGRETunnel, nil
+}
diff --git a/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go b/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
new file mode 100644
index 0000000000..412b6738a7
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
@@ -0,0 +1,331 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListMagicTransitGRETunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "gre_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "GRE_1",
+            "customer_gre_endpoint": "203.0.113.1",
+            "cloudflare_gre_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+            "ttl": 64,
+            "mtu": 1476,
+            "health_check": {
+              "enabled": true,
+              "target": "203.0.113.1",
+              "type": "request"
+            }
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitGRETunnel{
+		{
+			ID:                    "c4a7362d577a6c3019a474fd6f485821",
+			CreatedOn:             &createdOn,
+			ModifiedOn:            &modifiedOn,
+			Name:                  "GRE_1",
+			CustomerGREEndpoint:   "203.0.113.1",
+			CloudflareGREEndpoint: "203.0.113.2",
+			InterfaceAddress:      "192.0.2.0/31",
+			Description:           "Tunnel for ISP X",
+			TTL:                   64,
+			MTU:                   1476,
+			HealthCheck: &MagicTransitGRETunnelHealthcheck{
+				Enabled: true,
+				Target:  "203.0.113.1",
+				Type:    "request",
+			},
+		},
+	}
+
+	actual, err := client.ListMagicTransitGRETunnels(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetMagicTransitGRETunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "gre_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "GRE_1",
+          "customer_gre_endpoint": "203.0.113.1",
+          "cloudflare_gre_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X",
+          "ttl": 64,
+          "mtu": 1476,
+          "health_check": {
+            "enabled": true,
+            "target": "203.0.113.1",
+            "type": "request"
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitGRETunnel{
+		ID:                    "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+		Name:                  "GRE_1",
+		CustomerGREEndpoint:   "203.0.113.1",
+		CloudflareGREEndpoint: "203.0.113.2",
+		InterfaceAddress:      "192.0.2.0/31",
+		Description:           "Tunnel for ISP X",
+		TTL:                   64,
+		MTU:                   1476,
+		HealthCheck: &MagicTransitGRETunnelHealthcheck{
+			Enabled: true,
+			Target:  "203.0.113.1",
+			Type:    "request",
+		},
+	}
+
+	actual, err := client.GetMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicTransitGRETunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "gre_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "GRE_1",
+            "customer_gre_endpoint": "203.0.113.1",
+            "cloudflare_gre_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+            "ttl": 64,
+            "mtu": 1476,
+            "health_check": {
+                  "enabled": true,
+                  "target": "203.0.113.1",
+                  "type": "request"
+            }
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitGRETunnel{
+		{
+			ID:                    "c4a7362d577a6c3019a474fd6f485821",
+			CreatedOn:             &createdOn,
+			ModifiedOn:            &modifiedOn,
+			Name:                  "GRE_1",
+			CustomerGREEndpoint:   "203.0.113.1",
+			CloudflareGREEndpoint: "203.0.113.2",
+			InterfaceAddress:      "192.0.2.0/31",
+			Description:           "Tunnel for ISP X",
+			TTL:                   64,
+			MTU:                   1476,
+			HealthCheck: &MagicTransitGRETunnelHealthcheck{
+				Enabled: true,
+				Target:  "203.0.113.1",
+				Type:    "request",
+			},
+		},
+	}
+
+	actual, err := client.CreateMagicTransitGRETunnels(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateMagicTransitGRETunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "modified": true,
+        "modified_gre_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "GRE_1",
+          "customer_gre_endpoint": "203.0.113.1",
+          "cloudflare_gre_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X",
+          "ttl": 64,
+          "mtu": 1476,
+          "health_check": {
+            "enabled": true,
+            "target": "203.0.113.1",
+            "type": "request"
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitGRETunnel{
+		ID:                    "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+		Name:                  "GRE_1",
+		CustomerGREEndpoint:   "203.0.113.1",
+		CloudflareGREEndpoint: "203.0.113.2",
+		InterfaceAddress:      "192.0.2.0/31",
+		Description:           "Tunnel for ISP X",
+		TTL:                   64,
+		MTU:                   1476,
+		HealthCheck: &MagicTransitGRETunnelHealthcheck{
+			Enabled: true,
+			Target:  "203.0.113.1",
+			Type:    "request",
+		},
+	}
+
+	actual, err := client.UpdateMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteMagicTransitGRETunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "deleted": true,
+        "deleted_gre_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "GRE_1",
+          "customer_gre_endpoint": "203.0.113.1",
+          "cloudflare_gre_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X",
+          "ttl": 64,
+          "mtu": 1476,
+          "health_check": {
+            "enabled": true,
+            "target": "203.0.113.1",
+            "type": "request"
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitGRETunnel{
+		ID:                    "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:             &createdOn,
+		ModifiedOn:            &modifiedOn,
+		Name:                  "GRE_1",
+		CustomerGREEndpoint:   "203.0.113.1",
+		CloudflareGREEndpoint: "203.0.113.2",
+		InterfaceAddress:      "192.0.2.0/31",
+		Description:           "Tunnel for ISP X",
+		TTL:                   64,
+		MTU:                   1476,
+		HealthCheck: &MagicTransitGRETunnelHealthcheck{
+			Enabled: true,
+			Target:  "203.0.113.1",
+			Type:    "request",
+		},
+	}
+
+	actual, err := client.DeleteMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go b/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
new file mode 100644
index 0000000000..6b13fe1295
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
@@ -0,0 +1,216 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Magic Transit IPsec Tunnel Error messages.
+const (
+	errMagicTransitIPsecTunnelNotModified = "When trying to modify IPsec tunnel, API returned modified: false"
+	errMagicTransitIPsecTunnelNotDeleted  = "When trying to delete IPsec tunnel, API returned deleted: false"
+)
+
+type RemoteIdentities struct {
+	HexID  string `json:"hex_id"`
+	FQDNID string `json:"fqdn_id"`
+	UserID string `json:"user_id"`
+}
+
+// MagicTransitIPsecTunnelPskMetadata contains metadata associated with PSK.
+type MagicTransitIPsecTunnelPskMetadata struct {
+	LastGeneratedOn *time.Time `json:"last_generated_on,omitempty"`
+}
+
+// MagicTransitIPsecTunnel contains information about an IPsec tunnel.
+type MagicTransitIPsecTunnel struct {
+	ID                 string                              `json:"id,omitempty"`
+	CreatedOn          *time.Time                          `json:"created_on,omitempty"`
+	ModifiedOn         *time.Time                          `json:"modified_on,omitempty"`
+	Name               string                              `json:"name"`
+	CustomerEndpoint   string                              `json:"customer_endpoint,omitempty"`
+	CloudflareEndpoint string                              `json:"cloudflare_endpoint"`
+	InterfaceAddress   string                              `json:"interface_address"`
+	Description        string                              `json:"description,omitempty"`
+	HealthCheck        *MagicTransitTunnelHealthcheck      `json:"health_check,omitempty"`
+	Psk                string                              `json:"psk,omitempty"`
+	PskMetadata        *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata,omitempty"`
+	RemoteIdentities   *RemoteIdentities                   `json:"remote_identities,omitempty"`
+	AllowNullCipher    bool                                `json:"allow_null_cipher"`
+	ReplayProtection   *bool                               `json:"replay_protection,omitempty"`
+}
+
+// ListMagicTransitIPsecTunnelsResponse contains a response including IPsec tunnels.
+type ListMagicTransitIPsecTunnelsResponse struct {
+	Response
+	Result struct {
+		IPsecTunnels []MagicTransitIPsecTunnel `json:"ipsec_tunnels"`
+	} `json:"result"`
+}
+
+// GetMagicTransitIPsecTunnelResponse contains a response including zero or one IPsec tunnels.
+type GetMagicTransitIPsecTunnelResponse struct {
+	Response
+	Result struct {
+		IPsecTunnel MagicTransitIPsecTunnel `json:"ipsec_tunnel"`
+	} `json:"result"`
+}
+
+// CreateMagicTransitIPsecTunnelsRequest is an array of IPsec tunnels to create.
+type CreateMagicTransitIPsecTunnelsRequest struct {
+	IPsecTunnels []MagicTransitIPsecTunnel `json:"ipsec_tunnels"`
+}
+
+// UpdateMagicTransitIPsecTunnelResponse contains a response after updating an IPsec Tunnel.
+type UpdateMagicTransitIPsecTunnelResponse struct {
+	Response
+	Result struct {
+		Modified            bool                    `json:"modified"`
+		ModifiedIPsecTunnel MagicTransitIPsecTunnel `json:"modified_ipsec_tunnel"`
+	} `json:"result"`
+}
+
+// DeleteMagicTransitIPsecTunnelResponse contains a response after deleting an IPsec Tunnel.
+type DeleteMagicTransitIPsecTunnelResponse struct {
+	Response
+	Result struct {
+		Deleted            bool                    `json:"deleted"`
+		DeletedIPsecTunnel MagicTransitIPsecTunnel `json:"deleted_ipsec_tunnel"`
+	} `json:"result"`
+}
+
+// GenerateMagicTransitIPsecTunnelPSKResponse contains a response after generating IPsec Tunnel.
+type GenerateMagicTransitIPsecTunnelPSKResponse struct {
+	Response
+	Result struct {
+		Psk         string                              `json:"psk"`
+		PskMetadata *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata"`
+	} `json:"result"`
+}
+
+// ListMagicTransitIPsecTunnels lists all IPsec tunnels for a given account
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-list-ipsec-tunnels
+func (api *API) ListMagicTransitIPsecTunnels(ctx context.Context, accountID string) ([]MagicTransitIPsecTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []MagicTransitIPsecTunnel{}, err
+	}
+
+	result := ListMagicTransitIPsecTunnelsResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.IPsecTunnels, nil
+}
+
+// GetMagicTransitIPsecTunnel returns zero or one IPsec tunnel
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-ipsec-tunnel-details
+func (api *API) GetMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string) (MagicTransitIPsecTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return MagicTransitIPsecTunnel{}, err
+	}
+
+	result := GetMagicTransitIPsecTunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.IPsecTunnel, nil
+}
+
+// CreateMagicTransitIPsecTunnels creates one or more IPsec tunnels
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-create-ipsec-tunnels
+func (api *API) CreateMagicTransitIPsecTunnels(ctx context.Context, accountID string, tunnels []MagicTransitIPsecTunnel) ([]MagicTransitIPsecTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitIPsecTunnelsRequest{
+		IPsecTunnels: tunnels,
+	})
+
+	if err != nil {
+		return []MagicTransitIPsecTunnel{}, err
+	}
+
+	result := ListMagicTransitIPsecTunnelsResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.IPsecTunnels, nil
+}
+
+// UpdateMagicTransitIPsecTunnel updates an IPsec tunnel
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-update-ipsec-tunnel
+func (api *API) UpdateMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string, tunnel MagicTransitIPsecTunnel) (MagicTransitIPsecTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnel)
+
+	if err != nil {
+		return MagicTransitIPsecTunnel{}, err
+	}
+
+	result := UpdateMagicTransitIPsecTunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Modified {
+		return MagicTransitIPsecTunnel{}, errors.New(errMagicTransitIPsecTunnelNotModified)
+	}
+
+	return result.Result.ModifiedIPsecTunnel, nil
+}
+
+// DeleteMagicTransitIPsecTunnel deletes an IPsec Tunnel
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-delete-ipsec-tunnel
+func (api *API) DeleteMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string) (MagicTransitIPsecTunnel, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return MagicTransitIPsecTunnel{}, err
+	}
+
+	result := DeleteMagicTransitIPsecTunnelResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Deleted {
+		return MagicTransitIPsecTunnel{}, errors.New(errMagicTransitIPsecTunnelNotDeleted)
+	}
+
+	return result.Result.DeletedIPsecTunnel, nil
+}
+
+// GenerateMagicTransitIPsecTunnelPSK generates a pre shared key (psk) for an IPsec tunnel
+//
+// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-generate-pre-shared-key-psk-for-ipsec-tunnels
+func (api *API) GenerateMagicTransitIPsecTunnelPSK(ctx context.Context, accountID string, id string) (string, *MagicTransitIPsecTunnelPskMetadata, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s/psk_generate", accountID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+
+	if err != nil {
+		return "", nil, err
+	}
+
+	result := GenerateMagicTransitIPsecTunnelPSKResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return "", nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Psk, result.Result.PskMetadata, nil
+}
diff --git a/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go b/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
new file mode 100644
index 0000000000..ed93007d8c
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
@@ -0,0 +1,418 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListMagicTransitIPsecTunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "IPsec_1",
+            "customer_endpoint": "203.0.113.1",
+            "cloudflare_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+			"replay_protection": true
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitIPsecTunnel{
+		{
+			ID:                 "c4a7362d577a6c3019a474fd6f485821",
+			CreatedOn:          &createdOn,
+			ModifiedOn:         &modifiedOn,
+			Name:               "IPsec_1",
+			CustomerEndpoint:   "203.0.113.1",
+			CloudflareEndpoint: "203.0.113.2",
+			InterfaceAddress:   "192.0.2.0/31",
+			Description:        "Tunnel for ISP X",
+			ReplayProtection:   BoolPtr(true),
+		},
+	}
+
+	actual, err := client.ListMagicTransitIPsecTunnels(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetMagicTransitIPsecTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "IPsec_1",
+          "customer_endpoint": "203.0.113.1",
+          "cloudflare_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X",
+          "allow_null_cipher": true,
+		  "replay_protection": true
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitIPsecTunnel{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+		AllowNullCipher:    true,
+		ReplayProtection:   BoolPtr(true),
+	}
+
+	actual, err := client.GetMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicTransitIPsecTunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "IPsec_1",
+            "customer_endpoint": "203.0.113.1",
+            "cloudflare_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X"
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitIPsecTunnel{{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+	}}
+
+	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicTransitIPsecTunnelsWithHealthcheck(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "IPsec_1",
+            "customer_endpoint": "203.0.113.1",
+            "cloudflare_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+            "health_check": {
+              "enabled": true,
+              "type": "reply",
+              "rate": "mid",
+              "direction": "bidirectional"
+            }
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitIPsecTunnel{{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+		HealthCheck: &MagicTransitTunnelHealthcheck{
+			Enabled:   true,
+			Type:      "reply",
+			Rate:      "mid",
+			Direction: "bidirectional",
+		},
+	}}
+
+	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicTransitIPsecTunnelsWithReplayProtection(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "ipsec_tunnels": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "name": "IPsec_1",
+            "customer_endpoint": "203.0.113.1",
+            "cloudflare_endpoint": "203.0.113.2",
+            "interface_address": "192.0.2.0/31",
+            "description": "Tunnel for ISP X",
+			"replay_protection": true
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitIPsecTunnel{{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+		ReplayProtection:   BoolPtr(true),
+	}}
+
+	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateMagicTransitIPsecTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "modified": true,
+        "modified_ipsec_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "IPsec_1",
+          "customer_endpoint": "203.0.113.1",
+          "cloudflare_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X",
+          "allow_null_cipher": true
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitIPsecTunnel{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+		AllowNullCipher:    true,
+	}
+
+	actual, err := client.UpdateMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteMagicTransitIPsecTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "deleted": true,
+        "deleted_ipsec_tunnel": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "name": "IPsec_1",
+          "customer_endpoint": "203.0.113.1",
+          "cloudflare_endpoint": "203.0.113.2",
+          "interface_address": "192.0.2.0/31",
+          "description": "Tunnel for ISP X"
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitIPsecTunnel{
+		ID:                 "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:          &createdOn,
+		ModifiedOn:         &modifiedOn,
+		Name:               "IPsec_1",
+		CustomerEndpoint:   "203.0.113.1",
+		CloudflareEndpoint: "203.0.113.2",
+		InterfaceAddress:   "192.0.2.0/31",
+		Description:        "Tunnel for ISP X",
+	}
+
+	actual, err := client.DeleteMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestMagicTransitIPsecTunnelGeneratePSK(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "psk": "itworks",
+				"psk_metadata": {
+		      "last_generated_on": "2017-06-14T05:20:00Z"
+		    }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821/psk_generate", handler)
+
+	lastGeneratedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitIPsecTunnelPskMetadata{
+		LastGeneratedOn: &lastGeneratedOn,
+	}
+
+	want_psk := "itworks"
+
+	psk, actual, err := client.GenerateMagicTransitIPsecTunnelPSK(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, *actual)
+		assert.Equal(t, want_psk, psk)
+	}
+}
diff --git a/pkg/cloudflare-go/magic_transit_static_routes.go b/pkg/cloudflare-go/magic_transit_static_routes.go
new file mode 100644
index 0000000000..3554a9d162
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_static_routes.go
@@ -0,0 +1,180 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Magic Transit Static Routes Error messages.
+const (
+	errMagicTransitStaticRouteNotModified = "When trying to modify static route, API returned modified: false"
+	errMagicTransitStaticRouteNotDeleted  = "When trying to delete static route, API returned deleted: false"
+)
+
+// MagicTransitStaticRouteScope contains information about a static route's scope.
+type MagicTransitStaticRouteScope struct {
+	ColoRegions []string `json:"colo_regions,omitempty"`
+	ColoNames   []string `json:"colo_names,omitempty"`
+}
+
+// MagicTransitStaticRoute contains information about a static route.
+type MagicTransitStaticRoute struct {
+	ID          string                       `json:"id,omitempty"`
+	Prefix      string                       `json:"prefix"`
+	CreatedOn   *time.Time                   `json:"created_on,omitempty"`
+	ModifiedOn  *time.Time                   `json:"modified_on,omitempty"`
+	Nexthop     string                       `json:"nexthop"`
+	Priority    int                          `json:"priority,omitempty"`
+	Description string                       `json:"description,omitempty"`
+	Weight      int                          `json:"weight,omitempty"`
+	Scope       MagicTransitStaticRouteScope `json:"scope,omitempty"`
+}
+
+// ListMagicTransitStaticRoutesResponse contains a response including Magic Transit static routes.
+type ListMagicTransitStaticRoutesResponse struct {
+	Response
+	Result struct {
+		Routes []MagicTransitStaticRoute `json:"routes"`
+	} `json:"result"`
+}
+
+// GetMagicTransitStaticRouteResponse contains a response including exactly one static route.
+type GetMagicTransitStaticRouteResponse struct {
+	Response
+	Result struct {
+		Route MagicTransitStaticRoute `json:"route"`
+	} `json:"result"`
+}
+
+// UpdateMagicTransitStaticRouteResponse contains a static route update response.
+type UpdateMagicTransitStaticRouteResponse struct {
+	Response
+	Result struct {
+		Modified      bool                    `json:"modified"`
+		ModifiedRoute MagicTransitStaticRoute `json:"modified_route"`
+	} `json:"result"`
+}
+
+// DeleteMagicTransitStaticRouteResponse contains a static route deletion response.
+type DeleteMagicTransitStaticRouteResponse struct {
+	Response
+	Result struct {
+		Deleted      bool                    `json:"deleted"`
+		DeletedRoute MagicTransitStaticRoute `json:"deleted_route"`
+	} `json:"result"`
+}
+
+// CreateMagicTransitStaticRoutesRequest is an array of static routes to create.
+type CreateMagicTransitStaticRoutesRequest struct {
+	Routes []MagicTransitStaticRoute `json:"routes"`
+}
+
+// ListMagicTransitStaticRoutes lists all static routes for a given account
+//
+// API reference: https://api.cloudflare.com/#magic-transit-static-routes-list-routes
+func (api *API) ListMagicTransitStaticRoutes(ctx context.Context, accountID string) ([]MagicTransitStaticRoute, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/routes", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []MagicTransitStaticRoute{}, err
+	}
+
+	result := ListMagicTransitStaticRoutesResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Routes, nil
+}
+
+// GetMagicTransitStaticRoute returns exactly one static route
+//
+// API reference: https://api.cloudflare.com/#magic-transit-static-routes-route-details
+func (api *API) GetMagicTransitStaticRoute(ctx context.Context, accountID, ID string) (MagicTransitStaticRoute, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return MagicTransitStaticRoute{}, err
+	}
+
+	result := GetMagicTransitStaticRouteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Route, nil
+}
+
+// CreateMagicTransitStaticRoute creates a new static route
+//
+// API reference: https://api.cloudflare.com/#magic-transit-static-routes-create-routes
+func (api *API) CreateMagicTransitStaticRoute(ctx context.Context, accountID string, route MagicTransitStaticRoute) ([]MagicTransitStaticRoute, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/routes", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitStaticRoutesRequest{
+		Routes: []MagicTransitStaticRoute{
+			route,
+		},
+	})
+
+	if err != nil {
+		return []MagicTransitStaticRoute{}, err
+	}
+
+	result := ListMagicTransitStaticRoutesResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Routes, nil
+}
+
+// UpdateMagicTransitStaticRoute updates a static route
+//
+// API reference: https://api.cloudflare.com/#magic-transit-static-routes-update-route
+func (api *API) UpdateMagicTransitStaticRoute(ctx context.Context, accountID, ID string, route MagicTransitStaticRoute) (MagicTransitStaticRoute, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, route)
+
+	if err != nil {
+		return MagicTransitStaticRoute{}, err
+	}
+
+	result := UpdateMagicTransitStaticRouteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Modified {
+		return MagicTransitStaticRoute{}, errors.New(errMagicTransitStaticRouteNotModified)
+	}
+
+	return result.Result.ModifiedRoute, nil
+}
+
+// DeleteMagicTransitStaticRoute deletes a static route
+//
+// API reference: https://api.cloudflare.com/#magic-transit-static-routes-delete-route
+func (api *API) DeleteMagicTransitStaticRoute(ctx context.Context, accountID, ID string) (MagicTransitStaticRoute, error) {
+	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return MagicTransitStaticRoute{}, err
+	}
+
+	result := DeleteMagicTransitStaticRouteResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !result.Result.Deleted {
+		return MagicTransitStaticRoute{}, errors.New(errMagicTransitStaticRouteNotDeleted)
+	}
+
+	return result.Result.DeletedRoute, nil
+}
diff --git a/pkg/cloudflare-go/magic_transit_static_routes_test.go b/pkg/cloudflare-go/magic_transit_static_routes_test.go
new file mode 100644
index 0000000000..5c8b0a090e
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_static_routes_test.go
@@ -0,0 +1,341 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListMagicTransitStaticRoutes(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "routes": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "prefix": "192.0.2.0/24",
+            "nexthop": "203.0.113.1",
+            "priority": 100,
+            "description": "New route for new prefix 203.0.113.1",
+            "weight": 100,
+            "scope": {
+              "colo_regions": [
+                "APAC"
+              ],
+              "colo_names": [
+                "den01"
+              ]
+            }
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := []MagicTransitStaticRoute{
+		{
+			ID:          "c4a7362d577a6c3019a474fd6f485821",
+			CreatedOn:   &createdOn,
+			ModifiedOn:  &modifiedOn,
+			Prefix:      "192.0.2.0/24",
+			Nexthop:     "203.0.113.1",
+			Priority:    100,
+			Description: "New route for new prefix 203.0.113.1",
+			Weight:      100,
+			Scope: MagicTransitStaticRouteScope{
+				ColoRegions: []string{
+					"APAC",
+				},
+				ColoNames: []string{
+					"den01",
+				},
+			},
+		},
+	}
+
+	actual, err := client.ListMagicTransitStaticRoutes(context.Background(), testAccountID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetMagicTransitStaticRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "route": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "prefix": "192.0.2.0/24",
+          "nexthop": "203.0.113.1",
+          "priority": 100,
+          "description": "New route for new prefix 203.0.113.1",
+          "weight": 100,
+          "scope": {
+            "colo_regions": [
+              "APAC"
+            ],
+            "colo_names": [
+              "den01"
+            ]
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitStaticRoute{
+		ID:          "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Prefix:      "192.0.2.0/24",
+		Nexthop:     "203.0.113.1",
+		Priority:    100,
+		Description: "New route for new prefix 203.0.113.1",
+		Weight:      100,
+		Scope: MagicTransitStaticRouteScope{
+			ColoRegions: []string{
+				"APAC",
+			},
+			ColoNames: []string{
+				"den01",
+			},
+		},
+	}
+
+	actual, err := client.GetMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateMagicTransitStaticRoutes(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "routes": [
+          {
+            "id": "c4a7362d577a6c3019a474fd6f485821",
+            "created_on": "2017-06-14T00:00:00Z",
+            "modified_on": "2017-06-14T05:20:00Z",
+            "prefix": "192.0.2.0/24",
+            "nexthop": "203.0.113.1",
+            "priority": 100,
+            "description": "New route for new prefix 203.0.113.1",
+            "weight": 100,
+            "scope": {
+              "colo_regions": [
+                "APAC"
+              ],
+              "colo_names": [
+                "den01"
+              ]
+            }
+          }
+        ]
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitStaticRoute{
+		ID:          "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Prefix:      "192.0.2.0/24",
+		Nexthop:     "203.0.113.1",
+		Priority:    100,
+		Description: "New route for new prefix 203.0.113.1",
+		Weight:      100,
+		Scope: MagicTransitStaticRouteScope{
+			ColoRegions: []string{
+				"APAC",
+			},
+			ColoNames: []string{
+				"den01",
+			},
+		},
+	}
+
+	actual, err := client.CreateMagicTransitStaticRoute(context.Background(), testAccountID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, []MagicTransitStaticRoute{
+			want,
+		}, actual)
+	}
+}
+
+func TestUpdateMagicTransitStaticRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "modified": true,
+        "modified_route": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "prefix": "192.0.2.0/24",
+          "nexthop": "203.0.113.1",
+          "priority": 100,
+          "description": "New route for new prefix 203.0.113.1",
+          "weight": 100,
+          "scope": {
+            "colo_regions": [
+              "APAC"
+            ],
+            "colo_names": [
+              "den01"
+            ]
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitStaticRoute{
+		ID:          "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Prefix:      "192.0.2.0/24",
+		Nexthop:     "203.0.113.1",
+		Priority:    100,
+		Description: "New route for new prefix 203.0.113.1",
+		Weight:      100,
+		Scope: MagicTransitStaticRouteScope{
+			ColoRegions: []string{
+				"APAC",
+			},
+			ColoNames: []string{
+				"den01",
+			},
+		},
+	}
+
+	actual, err := client.UpdateMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteMagicTransitStaticRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "deleted": true,
+        "deleted_route": {
+          "id": "c4a7362d577a6c3019a474fd6f485821",
+          "created_on": "2017-06-14T00:00:00Z",
+          "modified_on": "2017-06-14T05:20:00Z",
+          "prefix": "192.0.2.0/24",
+          "nexthop": "203.0.113.1",
+          "priority": 100,
+          "description": "New route for new prefix 203.0.113.1",
+          "weight": 100,
+          "scope": {
+            "colo_regions": [
+              "APAC"
+            ],
+            "colo_names": [
+              "den01"
+            ]
+          }
+        }
+      }
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
+
+	want := MagicTransitStaticRoute{
+		ID:          "c4a7362d577a6c3019a474fd6f485821",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+		Prefix:      "192.0.2.0/24",
+		Nexthop:     "203.0.113.1",
+		Priority:    100,
+		Description: "New route for new prefix 203.0.113.1",
+		Weight:      100,
+		Scope: MagicTransitStaticRouteScope{
+			ColoRegions: []string{
+				"APAC",
+			},
+			ColoNames: []string{
+				"den01",
+			},
+		},
+	}
+
+	actual, err := client.DeleteMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go b/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
new file mode 100644
index 0000000000..ced8a40f41
--- /dev/null
+++ b/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
@@ -0,0 +1,10 @@
+package cloudflare
+
+// MagicTransitTunnelHealthcheck contains information about a tunnel health check.
+type MagicTransitTunnelHealthcheck struct {
+	Enabled   bool   `json:"enabled"`
+	Target    string `json:"target,omitempty"`
+	Type      string `json:"type,omitempty"`
+	Rate      string `json:"rate,omitempty"`
+	Direction string `json:"direction,omitempty"`
+}
diff --git a/pkg/cloudflare-go/managed_headers.go b/pkg/cloudflare-go/managed_headers.go
new file mode 100644
index 0000000000..54de0dd8e4
--- /dev/null
+++ b/pkg/cloudflare-go/managed_headers.go
@@ -0,0 +1,78 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type ListManagedHeadersResponse struct {
+	Response
+	Result ManagedHeaders `json:"result"`
+}
+
+type UpdateManagedHeadersParams struct {
+	ManagedHeaders
+}
+
+type ManagedHeaders struct {
+	ManagedRequestHeaders  []ManagedHeader `json:"managed_request_headers"`
+	ManagedResponseHeaders []ManagedHeader `json:"managed_response_headers"`
+}
+
+type ManagedHeader struct {
+	ID            string   `json:"id"`
+	Enabled       bool     `json:"enabled"`
+	HasCoflict    bool     `json:"has_conflict,omitempty"`
+	ConflictsWith []string `json:"conflicts_with,omitempty"`
+}
+
+type ListManagedHeadersParams struct {
+	Status string `url:"status,omitempty"`
+}
+
+func (api *API) ListZoneManagedHeaders(ctx context.Context, rc *ResourceContainer, params ListManagedHeadersParams) (ManagedHeaders, error) {
+	if rc.Identifier == "" {
+		return ManagedHeaders{}, ErrMissingZoneID
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/managed_headers", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ManagedHeaders{}, err
+	}
+
+	result := ListManagedHeadersResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ManagedHeaders{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+func (api *API) UpdateZoneManagedHeaders(ctx context.Context, rc *ResourceContainer, params UpdateManagedHeadersParams) (ManagedHeaders, error) {
+	if rc.Identifier == "" {
+		return ManagedHeaders{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/managed_headers", rc.Identifier)
+
+	payload, err := json.Marshal(params.ManagedHeaders)
+	if err != nil {
+		return ManagedHeaders{}, err
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, payload)
+	if err != nil {
+		return ManagedHeaders{}, err
+	}
+
+	result := ListManagedHeadersResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return ManagedHeaders{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
diff --git a/pkg/cloudflare-go/managed_headers_test.go b/pkg/cloudflare-go/managed_headers_test.go
new file mode 100644
index 0000000000..a1c202ed74
--- /dev/null
+++ b/pkg/cloudflare-go/managed_headers_test.go
@@ -0,0 +1,234 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListManagedHeaders(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "managed_request_headers": [
+          {
+            "id": "add_true_client_ip_headers",
+            "enabled": false,
+            "has_conflict": false,
+            "conflicts_with": ["remove_visitor_ip_headers"]
+          },
+          {
+            "id": "add_visitor_location_headers",
+            "enabled": true,
+            "has_conflict": false
+          }
+        ],
+        "managed_response_headers": [
+          {
+            "id": "add_security_headers",
+            "enabled": false,
+            "has_conflict": false
+          },
+          {
+            "id": "remove_x-powered-by_header",
+            "enabled": true,
+            "has_conflict": false
+          }
+        ]
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
+
+	want := ManagedHeaders{
+		ManagedRequestHeaders: []ManagedHeader{
+			{
+				ID:            "add_true_client_ip_headers",
+				Enabled:       false,
+				HasCoflict:    false,
+				ConflictsWith: []string{"remove_visitor_ip_headers"},
+			},
+			{
+				ID:         "add_visitor_location_headers",
+				Enabled:    true,
+				HasCoflict: false,
+			},
+		},
+		ManagedResponseHeaders: []ManagedHeader{
+			{
+				ID:         "add_security_headers",
+				Enabled:    false,
+				HasCoflict: false,
+			},
+			{
+				ID:         "remove_x-powered-by_header",
+				Enabled:    true,
+				HasCoflict: false,
+			},
+		},
+	}
+
+	zoneActual, err := client.ListZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), ListManagedHeadersParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+}
+
+func TestFilterManagedHeaders(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, r.URL.Query().Get("status"), "enabled")
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "managed_request_headers": [
+          {
+            "id": "add_visitor_location_headers",
+            "enabled": true,
+            "has_conflict": false
+          }
+        ],
+        "managed_response_headers": [
+          {
+            "id": "remove_x-powered-by_header",
+            "enabled": true,
+            "has_conflict": false
+          }
+        ]
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
+
+	want := ManagedHeaders{
+		ManagedRequestHeaders: []ManagedHeader{
+			{
+				ID:         "add_visitor_location_headers",
+				Enabled:    true,
+				HasCoflict: false,
+			},
+		},
+		ManagedResponseHeaders: []ManagedHeader{
+			{
+				ID:         "remove_x-powered-by_header",
+				Enabled:    true,
+				HasCoflict: false,
+			},
+		},
+	}
+
+	zoneActual, err := client.ListZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), ListManagedHeadersParams{
+		Status: "enabled",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+}
+
+func TestUpdateManagedHeaders(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "managed_request_headers": [
+          {
+            "id": "add_true_client_ip_headers",
+            "enabled": true,
+            "has_conflict": false,
+            "conflicts_with": ["remove_visitor_ip_headers"]
+          },
+          {
+            "id": "add_visitor_location_headers",
+            "enabled": true,
+            "has_conflict": false
+          }
+        ],
+        "managed_response_headers": [
+          {
+            "id": "add_security_headers",
+            "enabled": false,
+            "has_conflict": false
+          },
+          {
+            "id": "remove_x-powered-by_header",
+            "enabled": false,
+            "has_conflict": false
+          }
+        ]
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
+	managedHeadersForUpdate := ManagedHeaders{
+		ManagedRequestHeaders: []ManagedHeader{
+			{
+				ID:      "add_visitor_location_headers",
+				Enabled: true,
+			},
+		},
+		ManagedResponseHeaders: []ManagedHeader{
+			{
+				ID:      "remove_x-powered-by_header",
+				Enabled: false,
+			},
+		},
+	}
+	want := ManagedHeaders{
+		ManagedRequestHeaders: []ManagedHeader{
+			{
+				ID:            "add_true_client_ip_headers",
+				Enabled:       true,
+				HasCoflict:    false,
+				ConflictsWith: []string{"remove_visitor_ip_headers"},
+			},
+			{
+				ID:         "add_visitor_location_headers",
+				Enabled:    true,
+				HasCoflict: false,
+			},
+		},
+		ManagedResponseHeaders: []ManagedHeader{
+			{
+				ID:         "add_security_headers",
+				Enabled:    false,
+				HasCoflict: false,
+			},
+			{
+				ID:         "remove_x-powered-by_header",
+				Enabled:    false,
+				HasCoflict: false,
+			},
+		},
+	}
+	zoneActual, err := client.UpdateZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), UpdateManagedHeadersParams{
+		ManagedHeaders: managedHeadersForUpdate,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+}
diff --git a/pkg/cloudflare-go/miscategorization.go b/pkg/cloudflare-go/miscategorization.go
new file mode 100644
index 0000000000..5164c530db
--- /dev/null
+++ b/pkg/cloudflare-go/miscategorization.go
@@ -0,0 +1,50 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+)
+
+var (
+	// ErrMissingIP is for when ipv4 or ipv6 indicator was given but ip is missing.
+	ErrMissingIP = errors.New("ip is required when using 'ipv4' or 'ipv6' indicator type and is missing")
+	// ErrMissingURL is for when url or domain indicator was given but url is missing.
+	ErrMissingURL = errors.New("url is required when using 'domain' or 'url' indicator type and is missing")
+)
+
+// MisCategorizationParameters represents the parameters for a miscategorization request.
+type MisCategorizationParameters struct {
+	AccountID       string
+	IndicatorType   string `json:"indicator_type,omitempty"`
+	IP              string `json:"ip,omitempty"`
+	URL             string `json:"url,omitempty"`
+	ContentAdds     []int  `json:"content_adds,omitempty"`
+	ContentRemoves  []int  `json:"content_removes,omitempty"`
+	SecurityAdds    []int  `json:"security_adds,omitempty"`
+	SecurityRemoves []int  `json:"security_removes,omitempty"`
+}
+
+// CreateMiscategorization creates a miscatergorization.
+//
+// API Reference: https://api.cloudflare.com/#miscategorization-create-miscategorization
+func (api *API) CreateMiscategorization(ctx context.Context, params MisCategorizationParameters) error {
+	if params.AccountID == "" {
+		return ErrMissingAccountID
+	}
+	if (params.IndicatorType == "ipv6" || params.IndicatorType == "ipv4") && params.IP == "" {
+		return ErrMissingIP
+	}
+	if (params.IndicatorType == "domain" || params.IndicatorType == "url") && params.URL == "" {
+		return ErrMissingURL
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/intel/miscategorization", params.AccountID)
+	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/miscategorization_test.go b/pkg/cloudflare-go/miscategorization_test.go
new file mode 100644
index 0000000000..576b7dedf0
--- /dev/null
+++ b/pkg/cloudflare-go/miscategorization_test.go
@@ -0,0 +1,62 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateMiscategorization(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/intel/miscategorization", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": []
+}`)
+	})
+	ctx := context.Background()
+	err := client.CreateMiscategorization(ctx, MisCategorizationParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv4"})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingIP, err)
+	}
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv6"})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingIP, err)
+	}
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "url"})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingURL, err)
+	}
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "domain"})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingURL, err)
+	}
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv4", IP: "192.0.2.0"})
+	assert.NoError(t, err, "Got error for creating miscategorization for ipv4")
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv6", IP: "2400:cb00::/32"})
+	assert.NoError(t, err, "Got error for creating miscategorization for ipv6")
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "domain", URL: "example.com"})
+	assert.NoError(t, err, "Got error for creating miscategorization for domain")
+
+	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "url", URL: "https://example.com/news/"})
+	assert.NoError(t, err, "Got error for creating miscategorization for url")
+}
diff --git a/pkg/cloudflare-go/mtls_certificates.go b/pkg/cloudflare-go/mtls_certificates.go
new file mode 100644
index 0000000000..4ab8794f9b
--- /dev/null
+++ b/pkg/cloudflare-go/mtls_certificates.go
@@ -0,0 +1,215 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// MTLSAssociation represents the metadata for an existing association
+// between a user-uploaded mTLS certificate and a Cloudflare service.
+type MTLSAssociation struct {
+	Service string `json:"service"`
+	Status  string `json:"status"`
+}
+
+// MTLSAssociationResponse represents the response from the retrieval endpoint
+// for mTLS certificate associations.
+type MTLSAssociationResponse struct {
+	Response
+	Result []MTLSAssociation `json:"result"`
+}
+
+// MTLSCertificate represents the metadata for a user-uploaded mTLS
+// certificate.
+type MTLSCertificate struct {
+	ID           string    `json:"id"`
+	Name         string    `json:"name"`
+	Issuer       string    `json:"issuer"`
+	Signature    string    `json:"signature"`
+	SerialNumber string    `json:"serial_number"`
+	Certificates string    `json:"certificates"`
+	CA           bool      `json:"ca"`
+	UploadedOn   time.Time `json:"uploaded_on"`
+	UpdatedAt    time.Time `json:"updated_at"`
+	ExpiresOn    time.Time `json:"expires_on"`
+}
+
+// MTLSCertificateResponse represents the response from endpoints relating to
+// retrieving, creating, and deleting an mTLS certificate.
+type MTLSCertificateResponse struct {
+	Response
+	Result MTLSCertificate `json:"result"`
+}
+
+// MTLSCertificatesResponse represents the response from the mTLS certificate
+// list endpoint.
+type MTLSCertificatesResponse struct {
+	Response
+	Result     []MTLSCertificate `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// MTLSCertificateParams represents the data related to the mTLS certificate
+// being uploaded. Name is an optional field.
+type CreateMTLSCertificateParams struct {
+	Name         string `json:"name"`
+	Certificates string `json:"certificates"`
+	PrivateKey   string `json:"private_key"`
+	CA           bool   `json:"ca"`
+}
+
+type ListMTLSCertificatesParams struct {
+	PaginationOptions
+	Limit  int    `url:"limit,omitempty"`
+	Offset int    `url:"offset,omitempty"`
+	Name   string `url:"name,omitempty"`
+	CA     bool   `url:"ca,omitempty"`
+}
+
+type ListMTLSCertificateAssociationsParams struct {
+	CertificateID string
+}
+
+var (
+	ErrMissingCertificateID = errors.New("missing required certificate ID")
+)
+
+// ListMTLSCertificates returns a list of all user-uploaded mTLS certificates.
+//
+// API reference: https://api.cloudflare.com/#mtls-certificate-management-list-mtls-certificates
+func (api *API) ListMTLSCertificates(ctx context.Context, rc *ResourceContainer, params ListMTLSCertificatesParams) ([]MTLSCertificate, ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return []MTLSCertificate{}, ResultInfo{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []MTLSCertificate{}, ResultInfo{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/mtls_certificates", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
+	if err != nil {
+		return []MTLSCertificate{}, ResultInfo{}, err
+	}
+	var r MTLSCertificatesResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []MTLSCertificate{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, r.ResultInfo, err
+}
+
+// GetMTLSCertificate returns the metadata associated with a user-uploaded mTLS
+// certificate.
+//
+// API reference: https://api.cloudflare.com/#mtls-certificate-management-get-mtls-certificate
+func (api *API) GetMTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (MTLSCertificate, error) {
+	if rc.Level != AccountRouteLevel {
+		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return MTLSCertificate{}, ErrMissingAccountID
+	}
+
+	if certificateID == "" {
+		return MTLSCertificate{}, ErrMissingCertificateID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s", rc.Identifier, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return MTLSCertificate{}, err
+	}
+	var r MTLSCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListMTLSCertificateAssociations returns a list of all existing associations
+// between the mTLS certificate and Cloudflare services.
+//
+// API reference: https://api.cloudflare.com/#mtls-certificate-management-list-mtls-certificate-associations
+func (api *API) ListMTLSCertificateAssociations(ctx context.Context, rc *ResourceContainer, params ListMTLSCertificateAssociationsParams) ([]MTLSAssociation, error) {
+	if rc.Level != AccountRouteLevel {
+		return []MTLSAssociation{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []MTLSAssociation{}, ErrMissingAccountID
+	}
+
+	if params.CertificateID == "" {
+		return []MTLSAssociation{}, ErrMissingCertificateID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s/associations", rc.Identifier, params.CertificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []MTLSAssociation{}, err
+	}
+	var r MTLSAssociationResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []MTLSAssociation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateMTLSCertificate will create the provided certificate for use with mTLS
+// enabled Cloudflare services.
+//
+// API reference: https://api.cloudflare.com/#mtls-certificate-management-upload-mtls-certificate
+func (api *API) CreateMTLSCertificate(ctx context.Context, rc *ResourceContainer, params CreateMTLSCertificateParams) (MTLSCertificate, error) {
+	if rc.Level != AccountRouteLevel {
+		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return MTLSCertificate{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/mtls_certificates", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return MTLSCertificate{}, err
+	}
+	var r MTLSCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteMTLSCertificate will delete the specified mTLS certificate.
+//
+// API reference: https://api.cloudflare.com/#mtls-certificate-management-delete-mtls-certificate
+func (api *API) DeleteMTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (MTLSCertificate, error) {
+	if rc.Level != AccountRouteLevel {
+		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return MTLSCertificate{}, ErrMissingAccountID
+	}
+
+	if certificateID == "" {
+		return MTLSCertificate{}, ErrMissingCertificateID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s", rc.Identifier, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return MTLSCertificate{}, err
+	}
+	var r MTLSCertificateResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/mtls_certificates_test.go b/pkg/cloudflare-go/mtls_certificates_test.go
new file mode 100644
index 0000000000..2652eae7b0
--- /dev/null
+++ b/pkg/cloudflare-go/mtls_certificates_test.go
@@ -0,0 +1,245 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetMTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+				"name": "example_ca_cert_5",
+				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
+				"signature": "SHA256WithRSA",
+				"serial_number": "235217144297995885180570755458463043449861756659",
+				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+				"ca": true,
+				"uploaded_on": "2022-11-22T17:32:30.467938Z",
+				"expires_on": "2122-10-29T16:59:47Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
+	want := MTLSCertificate{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Name:         "example_ca_cert_5",
+		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "235217144297995885180570755458463043449861756659",
+		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+		CA:           true,
+		UploadedOn:   uploadedOn,
+		ExpiresOn:    expiresOn,
+	}
+
+	actual, err := client.GetMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListMTLSCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+					"name": "example_ca_cert_5",
+					"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
+					"signature": "SHA256WithRSA",
+					"serial_number": "235217144297995885180570755458463043449861756659",
+					"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+					"ca": true,
+					"uploaded_on": "2022-11-22T17:32:30.467938Z",
+					"expires_on": "2122-10-29T16:59:47Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 50,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
+	want := []MTLSCertificate{
+		{
+			ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+			Name:         "example_ca_cert_5",
+			Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
+			Signature:    "SHA256WithRSA",
+			SerialNumber: "235217144297995885180570755458463043449861756659",
+			Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+			CA:           true,
+			UploadedOn:   uploadedOn,
+			ExpiresOn:    expiresOn,
+		},
+	}
+
+	actual, _, err := client.ListMTLSCertificates(context.Background(), AccountIdentifier(testAccountID), ListMTLSCertificatesParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListCertificateAssociations(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"service": "gateway",
+					"status": "pending_deployment"
+				}
+			]
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60/associations", handler)
+	want := []MTLSAssociation{
+		{
+			Service: "gateway",
+			Status:  "pending_deployment",
+		},
+	}
+
+	actual, err := client.ListMTLSCertificateAssociations(context.Background(), AccountIdentifier(testAccountID), ListMTLSCertificateAssociationsParams{
+		CertificateID: "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUploadMTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+				"name": "example_ca_cert_5",
+				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
+				"signature": "SHA256WithRSA",
+				"serial_number": "235217144297995885180570755458463043449861756659",
+				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+				"ca": true,
+				"uploaded_on": "2022-11-22T17:32:30.467938Z",
+				"updated_at": "2022-11-22T17:32:30.467938Z",
+				"expires_on": "2122-10-29T16:59:47Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
+	want := MTLSCertificate{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Name:         "example_ca_cert_5",
+		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "235217144297995885180570755458463043449861756659",
+		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+		CA:           true,
+		UploadedOn:   uploadedOn,
+		UpdatedAt:    uploadedOn,
+		ExpiresOn:    expiresOn,
+	}
+
+	cert := CreateMTLSCertificateParams{
+		Name:         "example_ca_cert_5",
+		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+		PrivateKey:   "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEXDkcICRU3XBv9hiiPnBWIjgTQyowmVFxDr11mONgZB/cMYjE/OvQjvnpwNcOaSK16MOpAjNbELKRx2lZiVJaLRDCccqCxXwP/CrdRChcqGzo7mbNksMlcidrErb0LlEBKLFC2QjRmRKqB+YOs4TD8WsZu2S667A2fZmjRlaqOxFi1h62ee0P+TLU628UC/nl41JifSt5Evt7hMDHakemdwZblNYr2p6T3NQjdhjYXTtP4UmOGJBhJ7i7Kicg3d3CIgdTMbggSeGWqjndr4ldVnD96FN3cVT5uDFsn2CJXTFgdeBWoUnMS4VnUZzPWGf4vSBXC8qV7Ls+w46yT7T1AgMBAAECggEAQZnp/oqCeNPOR6l5S2L+1tfx0gWjZ78hJVteUpZ0iHSK7F6kKeOxyOird7vUXV0kmo+cJq+0hp0Ke4eam640FCpwKfYoSQ4/R3vgujGWJnaihCN5tv5sMet0XeJPuz5qE7ALoKCvwI6aXLHs20aAeZIDTQJ9QbGSGnJVzOWn+JDTidIgZpN57RpXfSAwnJPTQK/PN8i5z108hsaDOdEgGmxYZ7kYqMqzX20KXmth58LDfPixs5JGtS60iiKC/wOcGzkB2/AdTSojR76oEU77cANP/3zO25NG//whUdYlW0t0d7PgXxIeJe+xgYnamDQJx3qonVyt4H77ha0ObRAj9QKBgQDicZr+VTwFMnELP3a+FXGnjehRiuS1i7MXGKxNweCD+dFlML0FplSQS8Ro2n+d8lu8BBXGx0qm6VXu8Rhn7TAUL6q+PCgfarzxfIhacb/TZCqfieIHsMlVBfhV5HCXnk+kis0tuC/PRArcWTwDHJUJXkBhvkUsNswvQzavDPI7KwKBgQDd/WgLkj7A3X5fgIHZH/GbDSBiXwzKb+rF4ZCT2XFgG/OAW7vapfcX/w+v+5lBLyrocmOAS3PGGAhM5T3HLnUCQfnK4qgps1Lqibkc9Tmnsn60LanUjuUMsYv/zSw70tozbzhJ0pioEpWfRxRZBztO2Rr8Ntm7h6Fk701EXGNAXwKBgQCD1xsjy2J3sCerIdcz0u5qXLAPkeuZW+34m4/ucdwTWwc0gEz9lhsULFj9p4G351zLuiEnq+7mAWLcDJlmIO3mQt6JhiLiL9Y0T4pgBmxmWqKKYtAsJB0EmMY+1BNN44mBRqMxZFTJu1cLdhT/xstrOeoIPqytknYNanfTMZlzIwKBgHrLXe5oq0XMP8dcMneEcAUwsaU4pr6kQd3L9EmUkl5zl7J9C+DaxWAEuwzBw/iGutlxzRB+rD/7szu14wJ29EqXbDGKRzMp+se5/yfBjm7xEZ1hVPw7PwBShfqt57X/4Ktq7lwHnmH6RcGhc+P7WBc5iO/S94YAdIp8xOT3pf9JAoGAE0QkqJUY+5Mgr+fBO0VNV72ZoPveGpW+De59uhKAOnu1zljQCUtk59m6+DXfm0tNYKtawa5n8iN71Zh+s62xXSt3pYi1Y5CCCmv8Y4BhwIcPwXKk3zEvLgSHVTpC0bayA9aSO4bbZgVXa5w+Z0w/vvfp9DWo1IS3EnQRrz6WMYA=\n-----END PRIVATE KEY-----",
+		CA:           true,
+	}
+	actual, err := client.CreateMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), cert)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteMTLSCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+				"name": "example_ca_cert_5",
+				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
+				"signature": "SHA256WithRSA",
+				"serial_number": "235217144297995885180570755458463043449861756659",
+				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+				"ca": true,
+				"uploaded_on": "2022-11-22T17:32:30.467938Z",
+				"expires_on": "2122-10-29T16:59:47Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
+	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
+	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
+	want := MTLSCertificate{
+		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
+		Name:         "example_ca_cert_5",
+		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
+		Signature:    "SHA256WithRSA",
+		SerialNumber: "235217144297995885180570755458463043449861756659",
+		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
+		CA:           true,
+		UploadedOn:   uploadedOn,
+		ExpiresOn:    expiresOn,
+	}
+
+	actual, err := client.DeleteMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/notifications.go b/pkg/cloudflare-go/notifications.go
new file mode 100644
index 0000000000..7afd66f1f4
--- /dev/null
+++ b/pkg/cloudflare-go/notifications.go
@@ -0,0 +1,447 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// NotificationMechanismData holds a single public facing mechanism data
+// integation.
+type NotificationMechanismData struct {
+	Name string `json:"name"`
+	ID   string `json:"id"`
+}
+
+// NotificationMechanismIntegrations is a list of all the integrations of a
+// certain mechanism type e.g. all email integrations.
+type NotificationMechanismIntegrations []NotificationMechanismData
+
+// NotificationPolicy represents the notification policy created along with
+// the destinations.
+type NotificationPolicy struct {
+	ID          string                                       `json:"id"`
+	Name        string                                       `json:"name"`
+	Description string                                       `json:"description"`
+	Enabled     bool                                         `json:"enabled"`
+	AlertType   string                                       `json:"alert_type"`
+	Mechanisms  map[string]NotificationMechanismIntegrations `json:"mechanisms"`
+	Created     time.Time                                    `json:"created"`
+	Modified    time.Time                                    `json:"modified"`
+	Conditions  map[string]interface{}                       `json:"conditions"`
+	Filters     map[string][]string                          `json:"filters"`
+}
+
+// NotificationPoliciesResponse holds the response for listing all
+// notification policies for an account.
+type NotificationPoliciesResponse struct {
+	Response
+	ResultInfo
+	Result []NotificationPolicy
+}
+
+// NotificationPolicyResponse holds the response type when a single policy
+// is retrieved.
+type NotificationPolicyResponse struct {
+	Response
+	Result NotificationPolicy
+}
+
+// NotificationWebhookIntegration describes the webhook information along
+// with its status.
+type NotificationWebhookIntegration struct {
+	ID          string     `json:"id"`
+	Name        string     `json:"name"`
+	Type        string     `json:"type"`
+	URL         string     `json:"url"`
+	CreatedAt   time.Time  `json:"created_at"`
+	LastSuccess *time.Time `json:"last_success"`
+	LastFailure *time.Time `json:"last_failure"`
+}
+
+// NotificationWebhookResponse describes a single webhook retrieved.
+type NotificationWebhookResponse struct {
+	Response
+	ResultInfo
+	Result NotificationWebhookIntegration
+}
+
+// NotificationWebhooksResponse describes a list of webhooks retrieved.
+type NotificationWebhooksResponse struct {
+	Response
+	ResultInfo
+	Result []NotificationWebhookIntegration
+}
+
+// NotificationUpsertWebhooks describes a valid webhook request.
+type NotificationUpsertWebhooks struct {
+	Name   string `json:"name"`
+	URL    string `json:"url"`
+	Secret string `json:"secret"`
+}
+
+// NotificationPagerDutyResource describes a PagerDuty integration.
+type NotificationPagerDutyResource struct {
+	ID   string `json:"id"`
+	Name string `json:"name"`
+}
+
+// NotificationPagerDutyResponse describes the PagerDuty integration
+// retrieved.
+type NotificationPagerDutyResponse struct {
+	Response
+	ResultInfo
+	Result NotificationPagerDutyResource
+}
+
+// NotificationResource describes the id of an inserted/updated/deleted
+// resource.
+type NotificationResource struct {
+	ID string
+}
+
+// SaveResponse is returned when a resource is inserted/updated/deleted.
+type SaveResponse struct {
+	Response
+	Result NotificationResource
+}
+
+// NotificationMechanismMetaData represents the state of the delivery
+// mechanism.
+type NotificationMechanismMetaData struct {
+	Eligible bool   `json:"eligible"`
+	Ready    bool   `json:"ready"`
+	Type     string `json:"type"`
+}
+
+// NotificationMechanisms are the different possible delivery mechanisms.
+type NotificationMechanisms struct {
+	Email     NotificationMechanismMetaData `json:"email"`
+	PagerDuty NotificationMechanismMetaData `json:"pagerduty"`
+	Webhooks  NotificationMechanismMetaData `json:"webhooks,omitempty"`
+}
+
+// NotificationEligibilityResponse describes the eligible mechanisms that
+// can be configured for a notification.
+type NotificationEligibilityResponse struct {
+	Response
+	Result NotificationMechanisms
+}
+
+// NotificationsGroupedByProduct are grouped by products.
+type NotificationsGroupedByProduct map[string][]NotificationAlertWithDescription
+
+// NotificationAlertWithDescription represents the alert/notification
+// available.
+type NotificationAlertWithDescription struct {
+	DisplayName string `json:"display_name"`
+	Type        string `json:"type"`
+	Description string `json:"description"`
+}
+
+// NotificationAvailableAlertsResponse describes the available
+// alerts/notifications grouped by products.
+type NotificationAvailableAlertsResponse struct {
+	Response
+	Result NotificationsGroupedByProduct
+}
+
+// NotificationHistory describes the history
+// of notifications sent for an account.
+type NotificationHistory struct {
+	ID            string    `json:"id"`
+	Name          string    `json:"name"`
+	Description   string    `json:"description"`
+	AlertBody     string    `json:"alert_body"`
+	AlertType     string    `json:"alert_type"`
+	Mechanism     string    `json:"mechanism"`
+	MechanismType string    `json:"mechanism_type"`
+	Sent          time.Time `json:"sent"`
+}
+
+// NotificationHistoryResponse describes the notification history
+// response for an account for a specific time period.
+type NotificationHistoryResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []NotificationHistory
+}
+
+// ListNotificationPolicies will return the notification policies
+// created by a user for a specific account.
+//
+// API Reference: https://api.cloudflare.com/#notification-policies-properties
+func (api *API) ListNotificationPolicies(ctx context.Context, accountID string) (NotificationPoliciesResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationPoliciesResponse{}, err
+	}
+	var r NotificationPoliciesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// GetNotificationPolicy returns a specific created by a user, given the account
+// id and the policy id.
+//
+// API Reference: https://api.cloudflare.com/#notification-policies-properties
+func (api *API) GetNotificationPolicy(ctx context.Context, accountID, policyID string) (NotificationPolicyResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policyID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationPolicyResponse{}, err
+	}
+	var r NotificationPolicyResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// CreateNotificationPolicy creates a notification policy for an account.
+//
+// API Reference: https://api.cloudflare.com/#notification-policies-create-notification-policy
+func (api *API) CreateNotificationPolicy(ctx context.Context, accountID string, policy NotificationPolicy) (SaveResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, policy)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// UpdateNotificationPolicy updates a notification policy, given the
+// account id and the policy id and returns the policy id.
+//
+// API Reference: https://api.cloudflare.com/#notification-policies-update-notification-policy
+func (api *API) UpdateNotificationPolicy(ctx context.Context, accountID string, policy *NotificationPolicy) (SaveResponse, error) {
+	if policy == nil {
+		return SaveResponse{}, fmt.Errorf("policy cannot be nil")
+	}
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policy.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, baseURL, policy)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// DeleteNotificationPolicy deletes a notification policy for an account.
+//
+// API Reference: https://api.cloudflare.com/#notification-policies-delete-notification-policy
+func (api *API) DeleteNotificationPolicy(ctx context.Context, accountID, policyID string) (SaveResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policyID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// ListNotificationWebhooks will return the webhook destinations configured
+// for an account.
+//
+// API Reference: https://api.cloudflare.com/#notification-webhooks-list-webhooks
+func (api *API) ListNotificationWebhooks(ctx context.Context, accountID string) (NotificationWebhooksResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationWebhooksResponse{}, err
+	}
+	var r NotificationWebhooksResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// CreateNotificationWebhooks will help connect a webhooks destination.
+// A test message will be sent to the webhooks endpoint during creation.
+// If added successfully, the webhooks can be setup as a destination mechanism
+// while creating policies.
+//
+// Notifications will be posted to this URL.
+//
+// API Reference: https://api.cloudflare.com/#notification-webhooks-create-webhook
+func (api *API) CreateNotificationWebhooks(ctx context.Context, accountID string, webhooks *NotificationUpsertWebhooks) (SaveResponse, error) {
+	if webhooks == nil {
+		return SaveResponse{}, fmt.Errorf("webhooks cannot be nil")
+	}
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, webhooks)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// GetNotificationWebhooks will return a specific webhook destination,
+// given the account and webhooks ids.
+//
+// API Reference: https://api.cloudflare.com/#notification-webhooks-get-webhook
+func (api *API) GetNotificationWebhooks(ctx context.Context, accountID, webhookID string) (NotificationWebhookResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationWebhookResponse{}, err
+	}
+	var r NotificationWebhookResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// UpdateNotificationWebhooks will update a particular webhook's name,
+// given the account and webhooks ids.
+//
+// The webhook url and secret cannot be updated.
+//
+// API Reference: https://api.cloudflare.com/#notification-webhooks-update-webhook
+func (api *API) UpdateNotificationWebhooks(ctx context.Context, accountID, webhookID string, webhooks *NotificationUpsertWebhooks) (SaveResponse, error) {
+	if webhooks == nil {
+		return SaveResponse{}, fmt.Errorf("webhooks cannot be nil")
+	}
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, baseURL, webhooks)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// DeleteNotificationWebhooks will delete a webhook, given the account and
+// webhooks ids. Deleting the webhooks will remove it from any connected
+// notification policies.
+//
+// API Reference: https://api.cloudflare.com/#notification-webhooks-delete-webhook
+func (api *API) DeleteNotificationWebhooks(ctx context.Context, accountID, webhookID string) (SaveResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
+	if err != nil {
+		return SaveResponse{}, err
+	}
+
+	return unmarshalNotificationSaveResponse(res)
+}
+
+// ListPagerDutyNotificationDestinations will return the pagerduty
+// destinations configured for an account.
+//
+// API Reference: https://api.cloudflare.com/#notification-destinations-with-pagerduty-list-pagerduty-services
+func (api *API) ListPagerDutyNotificationDestinations(ctx context.Context, accountID string) (NotificationPagerDutyResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/pagerduty", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationPagerDutyResponse{}, err
+	}
+	var r NotificationPagerDutyResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// GetEligibleNotificationDestinations will return the types of
+// destinations an account is eligible to configure.
+//
+// API Reference: https://api.cloudflare.com/#notification-mechanism-eligibility-properties
+func (api *API) GetEligibleNotificationDestinations(ctx context.Context, accountID string) (NotificationEligibilityResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/eligible", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationEligibilityResponse{}, err
+	}
+	var r NotificationEligibilityResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// GetAvailableNotificationTypes will return the alert types available for
+// a given account.
+//
+// API Reference: https://api.cloudflare.com/#notification-mechanism-eligibility-properties
+func (api *API) GetAvailableNotificationTypes(ctx context.Context, accountID string) (NotificationAvailableAlertsResponse, error) {
+	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/available_alerts", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
+	if err != nil {
+		return NotificationAvailableAlertsResponse{}, err
+	}
+	var r NotificationAvailableAlertsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
+
+// TimeRange is an object for filtering the alert history based on timestamp.
+type TimeRange struct {
+	Since  string `json:"since,omitempty" url:"since,omitempty"`
+	Before string `json:"before,omitempty" url:"before,omitempty"`
+}
+
+// AlertHistoryFilter is an object for filtering the alert history response from the api.
+type AlertHistoryFilter struct {
+	TimeRange
+	PaginationOptions
+}
+
+// ListNotificationHistory will return the history of alerts sent for
+// a given account. The time period varies based on zone plan.
+// Free, Biz, Pro = 30 days
+// Ent = 90 days
+//
+// API Reference: https://api.cloudflare.com/#notification-history-list-history
+func (api *API) ListNotificationHistory(ctx context.Context, accountID string, alertHistoryFilter AlertHistoryFilter) ([]NotificationHistory, ResultInfo, error) {
+	uri := buildURI(fmt.Sprintf("/accounts/%s/alerting/v3/history", accountID), alertHistoryFilter)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []NotificationHistory{}, ResultInfo{}, err
+	}
+	var r NotificationHistoryResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []NotificationHistory{}, ResultInfo{}, err
+	}
+	return r.Result, r.ResultInfo, nil
+}
+
+// unmarshal will unmarshal bytes and return a SaveResponse.
+func unmarshalNotificationSaveResponse(res []byte) (SaveResponse, error) {
+	var r SaveResponse
+	err := json.Unmarshal(res, &r)
+	if err != nil {
+		return r, err
+	}
+	return r, nil
+}
diff --git a/pkg/cloudflare-go/notifications_test.go b/pkg/cloudflare-go/notifications_test.go
new file mode 100644
index 0000000000..1b857d0163
--- /dev/null
+++ b/pkg/cloudflare-go/notifications_test.go
@@ -0,0 +1,574 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	testWebhookID = "fe49ee055d23404e9d58f9110b210c8d"
+	testPolicyID  = "6ec8a5145d0d2263a36fad55c03cb43d"
+)
+
+var (
+	notificationTimestamp = time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC)
+)
+
+func TestGetEligibleNotificationDestinations(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expected := NotificationMechanisms{
+		Email:     NotificationMechanismMetaData{true, true, "email"},
+		PagerDuty: NotificationMechanismMetaData{true, true, "pagerduty"},
+		Webhooks:  NotificationMechanismMetaData{true, true, "webhooks"},
+	}
+	b, err := json.Marshal(expected)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result":%s
+}`, string(b))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/eligible", handler)
+
+	actual, err := client.GetEligibleNotificationDestinations(context.Background(), testAccountID)
+	require.Nil(t, err)
+	require.NotNil(t, actual)
+	assert.Equal(t, expected, actual.Result)
+}
+func TestGetAvailableNotificationTypes(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expected := make(NotificationsGroupedByProduct, 1)
+	alert1 := NotificationAlertWithDescription{Type: "secondary_dns_zone_successfully_updated", DisplayName: "Secondary DNS Successfully Updated", Description: "Secondary zone transfers are succeeding, the zone has been updated."}
+	alert2 := NotificationAlertWithDescription{Type: "secondary_dns_zone_validation_warning", DisplayName: "Secondary DNSSEC Validation Warning", Description: "The transferred DNSSEC zone is incorrectly configured."}
+	expected["DNS"] = []NotificationAlertWithDescription{alert1, alert2}
+
+	b, err := json.Marshal(expected)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/available_alerts", handler)
+
+	actual, err := client.GetAvailableNotificationTypes(context.Background(), testAccountID)
+	require.Nil(t, err)
+	require.NotNil(t, actual)
+	assert.Equal(t, expected, actual.Result)
+}
+func TestListPagerDutyDestinations(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expected := NotificationPagerDutyResource{ID: "valid-uuid", Name: "my pagerduty connection"}
+	b, err := json.Marshal(expected)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/pagerduty", handler)
+
+	actual, err := client.ListPagerDutyNotificationDestinations(context.Background(), testAccountID)
+	require.Nil(t, err)
+	require.NotNil(t, actual)
+	assert.Equal(t, expected, actual.Result)
+}
+
+func TestCreateNotificationPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mechanisms := make(map[string]NotificationMechanismIntegrations)
+	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
+	policy := NotificationPolicy{
+		Description: "Notifies when my zones are under attack",
+		Name:        "CF DOS attack alert - L4",
+		Enabled:     true,
+		AlertType:   "dos_attack_l4",
+		Mechanisms:  mechanisms,
+		Conditions:  nil,
+		Filters:     nil,
+	}
+	b, err := json.Marshal(policy)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies", handler)
+	res, err := client.CreateNotificationPolicy(context.Background(), testAccountID, policy)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+}
+
+func TestGetNotificationPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mechanisms := make(map[string]NotificationMechanismIntegrations)
+	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
+	policy := NotificationPolicy{
+		ID:          testPolicyID,
+		Description: "Notifies when my zones are under attack",
+		Name:        "CF DOS attack alert - L4",
+		Enabled:     true,
+		AlertType:   "dos_attack_l4",
+		Mechanisms:  mechanisms,
+		Conditions:  nil,
+		Filters:     nil,
+		Created:     notificationTimestamp,
+		Modified:    notificationTimestamp,
+	}
+	b, err := json.Marshal(policy)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
+
+	res, err := client.GetNotificationPolicy(context.Background(), testAccountID, testPolicyID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, policy, res.Result)
+}
+
+func TestListNotificationPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mechanisms := make(map[string]NotificationMechanismIntegrations)
+	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
+	policy := NotificationPolicy{
+		ID:          testPolicyID,
+		Description: "Notifies when my zones are under attack",
+		Name:        "CF DOS attack alert - L4",
+		Enabled:     true,
+		AlertType:   "dos_attack_l4",
+		Mechanisms:  mechanisms,
+		Conditions:  nil,
+		Filters:     nil,
+		Created:     time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
+		Modified:    time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
+	}
+	policies := []NotificationPolicy{
+		policy,
+	}
+	b, err := json.Marshal(policies)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies", handler)
+
+	res, err := client.ListNotificationPolicies(context.Background(), testAccountID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, policies, res.Result)
+}
+
+func TestUpdateNotificationPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mechanisms := make(map[string]NotificationMechanismIntegrations)
+	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
+	policy := NotificationPolicy{
+		ID:          testPolicyID,
+		Description: "Notifies when my zones are under attack",
+		Name:        "CF DOS attack alert - L4",
+		Enabled:     true,
+		AlertType:   "dos_attack_l4",
+		Mechanisms:  mechanisms,
+		Conditions:  nil,
+		Filters:     nil,
+		Created:     time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
+		Modified:    time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
+	}
+	b, err := json.Marshal(policy)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
+
+	res, err := client.UpdateNotificationPolicy(context.Background(), testAccountID, &policy)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, testPolicyID, res.Result.ID)
+}
+
+func TestDeleteNotificationPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	result := NotificationResource{ID: testPolicyID}
+	b, err := json.Marshal(result)
+	require.NoError(t, err)
+	require.NotNil(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
+
+	res, err := client.DeleteNotificationPolicy(context.Background(), testAccountID, testPolicyID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, testPolicyID, res.Result.ID)
+}
+
+func TestCreateNotificationWebhooks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	webhook := NotificationUpsertWebhooks{
+		Name:   "my test webhook",
+		URL:    "https://example.com",
+		Secret: "mischief-managed", // optional
+	}
+
+	result := NotificationResource{ID: testWebhookID}
+
+	b, err := json.Marshal(result)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks", handler)
+
+	res, err := client.CreateNotificationWebhooks(context.Background(), testAccountID, &webhook)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, testWebhookID, res.Result.ID)
+}
+
+func TestListNotificationWebhooks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	webhook := NotificationWebhookIntegration{
+		ID:          testWebhookID,
+		Name:        "my test webhook",
+		URL:         "https://example.com",
+		Type:        "generic",
+		CreatedAt:   notificationTimestamp,
+		LastSuccess: &notificationTimestamp,
+		LastFailure: &notificationTimestamp,
+	}
+	webhooks := []NotificationWebhookIntegration{webhook}
+	b, err := json.Marshal(webhooks)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks", handler)
+
+	res, err := client.ListNotificationWebhooks(context.Background(), testAccountID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, webhooks, res.Result)
+}
+
+func TestGetNotificationWebhooks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	webhook := NotificationWebhookIntegration{
+		ID:          testWebhookID,
+		Name:        "my test webhook",
+		URL:         "https://example.com",
+		Type:        "generic",
+		CreatedAt:   notificationTimestamp,
+		LastSuccess: &notificationTimestamp,
+		LastFailure: &notificationTimestamp,
+	}
+	b, err := json.Marshal(webhook)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
+
+	res, err := client.GetNotificationWebhooks(context.Background(), testAccountID, testWebhookID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, webhook, res.Result)
+}
+
+func TestUpdateNotificationWebhooks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	result := NotificationResource{ID: testWebhookID}
+	b, err := json.Marshal(result)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	webhook := NotificationUpsertWebhooks{
+		Name:   "my test webhook with a new name",
+		URL:    "https://example.com",
+		Secret: "mischief-managed",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
+
+	res, err := client.UpdateNotificationWebhooks(context.Background(), testAccountID, testWebhookID, &webhook)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, testWebhookID, res.Result.ID)
+}
+
+func TestDeleteNotificationWebhooks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	result := NotificationResource{ID: testWebhookID}
+	b, err := json.Marshal(result)
+	require.NoError(t, err)
+	require.NotEmpty(t, b)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+  									"result":%s
+								}`,
+			string(b))
+		require.NoError(t, err)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
+
+	res, err := client.DeleteNotificationWebhooks(context.Background(), testAccountID, testWebhookID)
+	require.NoError(t, err)
+	require.NotNil(t, res)
+
+	assert.Equal(t, testWebhookID, res.Result.ID)
+}
+
+func TestListNotificationHistory(t *testing.T) {
+	setup()
+	defer teardown()
+
+	expected := []NotificationHistory{
+		{
+			ID:            "some-id",
+			Name:          "some-name",
+			Description:   "some-description",
+			AlertBody:     "some-alert-body",
+			AlertType:     "some-alert-type",
+			Mechanism:     "some-mechanism",
+			MechanismType: "some-mechanism-type",
+			Sent:          notificationTimestamp,
+		},
+	}
+
+	expectedResultInfo := ResultInfo{
+		Page:    0,
+		PerPage: 25,
+		Count:   1,
+	}
+
+	pageOptions := PaginationOptions{
+		PerPage: 25,
+		Page:    1,
+	}
+
+	timeRange := TimeRange{
+		Since:  time.Now().Add(-15 * time.Minute).Format(time.RFC3339),
+		Before: time.Now().Format(time.RFC3339),
+	}
+
+	historyFilters := AlertHistoryFilter{TimeRange: timeRange, PaginationOptions: pageOptions}
+
+	alertHistory, err := json.Marshal(expected)
+	require.NoError(t, err)
+	require.NotNil(t, alertHistory)
+
+	resultInfo, err := json.Marshal(expectedResultInfo)
+	require.NoError(t, err)
+	require.NotNil(t, resultInfo)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err = fmt.Fprintf(w, `{
+  									"success": true,
+  									"errors": [],
+  									"messages": [],
+									"result_info": %s,
+  									"result": %s
+								}`,
+			string(resultInfo),
+			string(alertHistory))
+		if err != nil {
+			return
+		}
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/history", handler)
+
+	actualResult, actualResultInfo, err := client.ListNotificationHistory(context.Background(), testAccountID, historyFilters)
+	require.Nil(t, err)
+	require.NotNil(t, actualResult)
+	require.Equal(t, expected, actualResult)
+	require.Equal(t, expectedResultInfo, actualResultInfo)
+}
diff --git a/pkg/cloudflare-go/observatory.go b/pkg/cloudflare-go/observatory.go
new file mode 100644
index 0000000000..d1f7d08ed7
--- /dev/null
+++ b/pkg/cloudflare-go/observatory.go
@@ -0,0 +1,401 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/google/go-querystring/query"
+)
+
+var (
+	ErrMissingObservatoryUrl    = errors.New("missing required page url")
+	ErrMissingObservatoryTestID = errors.New("missing required test id")
+)
+
+// ObservatoryPage describes all the tests for a web page.
+type ObservatoryPage struct {
+	URL               string                `json:"url"`
+	Region            labeledRegion         `json:"region"`
+	ScheduleFrequency string                `json:"scheduleFrequency"`
+	Tests             []ObservatoryPageTest `json:"tests"`
+}
+
+// ObservatoryPageTest describes a single test for a web page.
+type ObservatoryPageTest struct {
+	ID                string                      `json:"id"`
+	Date              *time.Time                  `json:"date"`
+	URL               string                      `json:"url"`
+	Region            labeledRegion               `json:"region"`
+	ScheduleFrequency *string                     `json:"scheduleFrequency"`
+	MobileReport      ObservatoryLighthouseReport `json:"mobileReport"`
+	DesktopReport     ObservatoryLighthouseReport `json:"desktopReport"`
+}
+
+// labeledRegion describes a region the test was run in.
+type labeledRegion struct {
+	Value string `json:"value"`
+	Label string `json:"label"`
+}
+
+// ObservatorySchedule describe a test schedule.
+type ObservatorySchedule struct {
+	URL       string `json:"url"`
+	Region    string `json:"region"`
+	Frequency string `json:"frequency"`
+}
+
+// ObservatoryLighthouseReport describes the web vital metrics result.
+type ObservatoryLighthouseReport struct {
+	PerformanceScore int    `json:"performanceScore"`
+	State            string `json:"state"`
+	DeviceType       string `json:"deviceType"`
+	// TTFB is time to first byte
+	TTFB int `json:"ttfb"`
+	// FCP is first contentful paint
+	FCP int `json:"fcp"`
+	// LCP is largest contentful pain
+	LCP int `json:"lcp"`
+	// TTI is time to interactive
+	TTI int `json:"tti"`
+	// TBT is total blocking time
+	TBT int `json:"tbt"`
+	// SI is speed index
+	SI int `json:"si"`
+	// CLS is cumulative layout shift
+	CLS   float64          `json:"cls"`
+	Error *lighthouseError `json:"error,omitempty"`
+}
+
+// lighthouseError describes the test error.
+type lighthouseError struct {
+	Code              string `json:"code"`
+	Detail            string `json:"detail"`
+	FinalDisplayedURL string `json:"finalDisplayedUrl"`
+}
+
+// ObservatoryPageTrend describes the web vital metrics trend.
+type ObservatoryPageTrend struct {
+	PerformanceScore []*int     `json:"performanceScore"`
+	TTFB             []*int     `json:"ttfb"`
+	FCP              []*int     `json:"fcp"`
+	LCP              []*int     `json:"lcp"`
+	TTI              []*int     `json:"tti"`
+	TBT              []*int     `json:"tbt"`
+	SI               []*int     `json:"si"`
+	CLS              []*float64 `json:"cls"`
+}
+
+type ListObservatoryPagesParams struct {
+}
+
+// ObservatoryPagesResponse is the API response, containing a list of ObservatoryPage.
+type ObservatoryPagesResponse struct {
+	Response
+	Result []ObservatoryPage `json:"result"`
+}
+
+// ListObservatoryPages returns a list of pages which have been tested.
+//
+// API reference: https://api.cloudflare.com/#speed-list-pages
+func (api *API) ListObservatoryPages(ctx context.Context, rc *ResourceContainer, params ListObservatoryPagesParams) ([]ObservatoryPage, error) {
+	uri := fmt.Sprintf("/zones/%s/speed_api/pages", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryPagesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+type GetObservatoryPageTrendParams struct {
+	URL        string     `url:"-"`
+	Region     string     `url:"region"`
+	DeviceType string     `url:"deviceType"`
+	Start      *time.Time `url:"start"`
+	End        *time.Time `url:"end,omitempty"`
+	Timezone   string     `url:"tz"`
+	Metrics    []string   `url:"metrics"`
+}
+
+type ObservatoryPageTrendResponse struct {
+	Response
+	Result ObservatoryPageTrend `json:"result"`
+}
+
+// GetObservatoryPageTrend returns a the trend of web vital metrics for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-list-page-trend
+func (api *API) GetObservatoryPageTrend(ctx context.Context, rc *ResourceContainer, params GetObservatoryPageTrendParams) (*ObservatoryPageTrend, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+	v, _ := query.Values(params)
+	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/trend?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryPageTrendResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+var listObservatoryPageTestDefaultPageSize = 20
+
+type ListObservatoryPageTestParams struct {
+	URL    string `url:"-"`
+	Region string `url:"region"`
+	ResultInfo
+}
+
+type ObservatoryPageTestsResponse struct {
+	Response
+	Result     []ObservatoryPageTest `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// ListObservatoryPageTests returns a list of tests for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-list-test-history
+func (api *API) ListObservatoryPageTests(ctx context.Context, rc *ResourceContainer, params ListObservatoryPageTestParams) ([]ObservatoryPageTest, *ResultInfo, error) {
+	if params.URL == "" {
+		return nil, nil, ErrMissingObservatoryUrl
+	}
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = listObservatoryPageTestDefaultPageSize
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+	var tests []ObservatoryPageTest
+	var lastResultInfo ResultInfo
+	for {
+		// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+		v, _ := query.Values(params)
+		uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return nil, nil, err
+		}
+		var r ObservatoryPageTestsResponse
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		tests = append(tests, r.Result...)
+		lastResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return tests, &lastResultInfo, nil
+}
+
+type CreateObservatoryPageTestParams struct {
+	URL      string
+	Settings CreateObservatoryPageTestSettings
+}
+type CreateObservatoryPageTestSettings struct {
+	Region string `json:"region"`
+}
+
+type ObservatoryPageTestResponse struct {
+	Response
+	Result ObservatoryPageTest `json:"result"`
+}
+
+// CreateObservatoryPageTest starts a test for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-create-test
+func (api *API) CreateObservatoryPageTest(ctx context.Context, rc *ResourceContainer, params CreateObservatoryPageTestParams) (*ObservatoryPageTest, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests", rc.Identifier, url.PathEscape(params.URL))
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Settings)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryPageTestResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type DeleteObservatoryPageTestsParams struct {
+	URL    string `url:"-"`
+	Region string `url:"region"`
+}
+
+type ObservatoryCountResponse struct {
+	Response
+	Result struct {
+		Count int `json:"count"`
+	} `json:"result"`
+}
+
+// DeleteObservatoryPageTests deletes all tests for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-delete-tests
+func (api *API) DeleteObservatoryPageTests(ctx context.Context, rc *ResourceContainer, params DeleteObservatoryPageTestsParams) (*int, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+	v, _ := query.Values(params)
+	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryCountResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result.Count, nil
+}
+
+type GetObservatoryPageTestParams struct {
+	URL    string
+	TestID string
+}
+
+// GetObservatoryPageTest returns a specific test for a page.
+//
+// API reference: https://api.cloudflare.com/#speed-get-test
+func (api *API) GetObservatoryPageTest(ctx context.Context, rc *ResourceContainer, params GetObservatoryPageTestParams) (*ObservatoryPageTest, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	if params.TestID == "" {
+		return nil, ErrMissingObservatoryTestID
+	}
+	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests/%s", rc.Identifier, url.PathEscape(params.URL), params.TestID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryPageTestResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type CreateObservatoryScheduledPageTestParams struct {
+	URL       string `url:"-" json:"-"`
+	Region    string `url:"region" json:"-"`
+	Frequency string `url:"frequency" json:"-"`
+}
+
+type ObservatoryScheduledPageTest struct {
+	Schedule ObservatorySchedule `json:"schedule"`
+	Test     ObservatoryPageTest `json:"test"`
+}
+
+type CreateObservatoryScheduledPageTestResponse struct {
+	Response
+	Result ObservatoryScheduledPageTest `json:"result"`
+}
+
+// CreateObservatoryScheduledPageTest creates a scheduled test for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-create-scheduled-test
+func (api *API) CreateObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params CreateObservatoryScheduledPageTestParams) (*ObservatoryScheduledPageTest, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+	v, _ := query.Values(params)
+	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r CreateObservatoryScheduledPageTestResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type GetObservatoryScheduledPageTestParams struct {
+	URL    string `url:"-"`
+	Region string `url:"region"`
+}
+
+type ObservatoryScheduleResponse struct {
+	Response
+	Result ObservatorySchedule `json:"result"`
+}
+
+// GetObservatoryScheduledPageTest returns the test schedule for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-get-scheduled-test
+func (api *API) GetObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params GetObservatoryScheduledPageTestParams) (*ObservatorySchedule, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+	v, _ := query.Values(params)
+	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryScheduleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type DeleteObservatoryScheduledPageTestParams struct {
+	URL    string `url:"-"`
+	Region string `url:"region"`
+}
+
+// DeleteObservatoryScheduledPageTest deletes the test schedule for a page in a specific region.
+//
+// API reference: https://api.cloudflare.com/#speed-delete-scheduled-test
+func (api *API) DeleteObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params DeleteObservatoryScheduledPageTestParams) (*int, error) {
+	if params.URL == "" {
+		return nil, ErrMissingObservatoryUrl
+	}
+	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
+	v, _ := query.Values(params)
+	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r ObservatoryCountResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result.Count, nil
+}
diff --git a/pkg/cloudflare-go/observatory_test.go b/pkg/cloudflare-go/observatory_test.go
new file mode 100644
index 0000000000..fa897141d0
--- /dev/null
+++ b/pkg/cloudflare-go/observatory_test.go
@@ -0,0 +1,464 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var testURL = "example.com/a/b"
+var escapedTestURL = url.PathEscape(testURL)
+var region = "us-central1"
+var regionLabel = "Iowa, USA"
+var frequency = "DAILY"
+var observatoryTestID = "52cc96c9-b709-4ffe-9048-338853d3db46"
+var date = time.Now().UTC()
+
+var pageJSON = fmt.Sprintf(`
+{
+  "url": "%[1]s",
+  "region": {
+    "value": "%[2]s",
+    "label": "%[3]s"
+  },
+  "scheduleFrequency": "%[4]s",
+  "tests": [
+    {
+      "id": "%[5]s",
+      "date": "%[6]s",
+      "url": "%[1]s",
+      "scheduleFrequency": "%[4]s",
+      "region": {
+        "value": "%[2]s",
+        "label": "%[3]s"
+      },
+      "mobileReport": {
+        "performanceScore": 100,
+        "ttfb": 10,
+        "fcp": 10,
+        "lcp": 10,
+        "tti": 10,
+        "tbt": 10,
+        "si": 10,
+        "cls": 0.10,
+        "state": "COMPLETED",
+        "deviceType": "DESKTOP"
+      },
+      "desktopReport": {
+        "performanceScore": 100,
+        "ttfb": 10,
+        "fcp": 10,
+        "lcp": 10,
+        "tti": 10,
+        "tbt": 10,
+        "si": 10,
+        "cls": 0.10,
+        "state": "COMPLETED",
+        "deviceType": "DESKTOP"
+      }
+    }
+  ]
+}`, testURL, region, regionLabel, frequency, observatoryTestID, date.Format(time.RFC3339Nano))
+
+var scheduledPageTestJSON = fmt.Sprintf(`
+{
+  "schedule": {
+    "url": "%[1]s",
+    "region": "%[2]s",
+    "frequency": "%[3]s"
+  },
+  "test": %[4]s
+}
+`, testURL, region, frequency, pageTestJSON)
+
+var scheduleJSON = fmt.Sprintf(`
+{
+  "url": "%[1]s",
+  "region": "%[2]s",
+  "frequency": "%[3]s"
+}
+`, testURL, region, frequency)
+
+var pageTestJSON = fmt.Sprintf(`
+{
+  "id": "%[1]s",
+  "date": "%[2]s",
+  "url": "%[3]s",
+  "region": {
+    "value": "%[4]s",
+    "label": "%[5]s"
+  },
+  "scheduleFrequency": "%[6]s",
+  "mobileReport": %[7]s,
+  "desktopReport": %[7]s
+}`, observatoryTestID, date.Format(time.RFC3339Nano), testURL, region, regionLabel, frequency, reportJSON, reportJSON)
+
+var reportJSON = `
+{
+  "state": "COMPLETED",
+  "deviceType": "DESKTOP",
+  "performanceScore": 100,
+  "ttfb": 10,
+  "fcp": 10,
+  "lcp": 10,
+  "tti": 10,
+  "tbt": 10,
+  "si": 10,
+  "cls": 0.10
+}
+`
+
+var report = ObservatoryLighthouseReport{
+	PerformanceScore: 100,
+	State:            "COMPLETED",
+	DeviceType:       "DESKTOP",
+	TTFB:             10,
+	FCP:              10,
+	LCP:              10,
+	TTI:              10,
+	TBT:              10,
+	SI:               10,
+	CLS:              0.10,
+	Error:            nil,
+}
+
+var page = ObservatoryPage{
+	URL: testURL,
+	Region: labeledRegion{
+		Value: region,
+		Label: regionLabel,
+	},
+	ScheduleFrequency: frequency,
+	Tests: []ObservatoryPageTest{
+		pageTest,
+	},
+}
+var pageTest = ObservatoryPageTest{
+	ID:   observatoryTestID,
+	Date: &date,
+	URL:  testURL,
+	Region: labeledRegion{
+		Value: region,
+		Label: regionLabel,
+	},
+	ScheduleFrequency: &frequency,
+	MobileReport:      report,
+	DesktopReport:     report,
+}
+
+var scheduledPageTest = ObservatoryScheduledPageTest{
+	Schedule: ObservatorySchedule{
+		URL:       testURL,
+		Region:    region,
+		Frequency: frequency,
+	},
+	Test: pageTest,
+}
+
+var schedule = ObservatorySchedule{
+	URL:       testURL,
+	Region:    region,
+	Frequency: frequency,
+}
+
+func TestListObservatoryPages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages", r.URL.EscapedPath())
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, pageJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages", handler)
+	want := []ObservatoryPage{
+		page,
+	}
+	pages, err := client.ListObservatoryPages(context.Background(), ZoneIdentifier(testZoneID), ListObservatoryPagesParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, pages)
+	}
+}
+
+func TestObservatoryPageTrend(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "DESKTOP", r.URL.Query().Get("deviceType"))
+		assert.Equal(t, "America/Chicago", r.URL.Query().Get("tz"))
+		assert.Equal(t, "fcp,lcp", r.URL.Query().Get("metrics"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/trend", r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+			    "performanceScore": [null, 100],
+			    "ttfb": [null, 10],
+			    "fcp": [null, 10],
+			    "lcp": [null, 10],
+			    "tti": [null, 10],
+			    "tbt": [null, 10],
+			    "si": [null, 10],
+			    "cls": [null, 0.10]
+			  }
+			}
+		`)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/trend", handler)
+	want := ObservatoryPageTrend{
+		PerformanceScore: []*int{nil, IntPtr(100)},
+		TTFB:             []*int{nil, IntPtr(10)},
+		FCP:              []*int{nil, IntPtr(10)},
+		LCP:              []*int{nil, IntPtr(10)},
+		TTI:              []*int{nil, IntPtr(10)},
+		TBT:              []*int{nil, IntPtr(10)},
+		SI:               []*int{nil, IntPtr(10)},
+		CLS:              []*float64{nil, Float64Ptr(0.10)},
+	}
+	trend, err := client.GetObservatoryPageTrend(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryPageTrendParams{
+		URL:        testURL,
+		Region:     region,
+		DeviceType: "DESKTOP",
+		Start:      &date,
+		End:        &date,
+		Timezone:   "America/Chicago",
+		Metrics:    []string{"fcp,lcp"},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, trend)
+	}
+}
+
+func TestListObservatoryPageTests(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, region, r.URL.Query().Get("region"))
+		assert.Equal(t, "1", r.URL.Query().Get("page"))
+		assert.Equal(t, "10", r.URL.Query().Get("per_page"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [%s]
+			}
+		`, pageTestJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
+	want := []ObservatoryPageTest{
+		pageTest,
+	}
+	tests, _, err := client.ListObservatoryPageTests(context.Background(), ZoneIdentifier(testZoneID), ListObservatoryPageTestParams{
+		URL: testURL,
+		ResultInfo: ResultInfo{
+			Page:    1,
+			PerPage: 10,
+		},
+		Region: region,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, tests)
+	}
+}
+
+func TestCreateObservatoryPageTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		assert.NoError(t, err)
+		assert.True(t, strings.Contains(string(b), region))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, pageTestJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
+	want := pageTest
+	test, err := client.CreateObservatoryPageTest(context.Background(), ZoneIdentifier(testZoneID), CreateObservatoryPageTestParams{
+		URL: testURL,
+		Settings: CreateObservatoryPageTestSettings{
+			Region: region,
+		},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, test)
+	}
+}
+
+func TestDeleteObservatoryPageTests(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		assert.Equal(t, region, r.URL.Query().Get("region"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+                "count": 2
+              }
+			}
+		`)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
+	want := 2
+	count, err := client.DeleteObservatoryPageTests(context.Background(), ZoneIdentifier(testZoneID), DeleteObservatoryPageTestsParams{
+		URL:    testURL,
+		Region: region,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, count)
+	}
+}
+
+func TestGetObservatoryPageTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests/"+observatoryTestID, r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, pageTestJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests/"+observatoryTestID, handler)
+	want := pageTest
+	test, err := client.GetObservatoryPageTest(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryPageTestParams{
+		TestID: observatoryTestID,
+		URL:    testURL,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, test)
+	}
+}
+
+func TestCreateObservatoryScheduledPageTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		assert.Equal(t, frequency, r.URL.Query().Get("frequency"))
+		assert.Equal(t, region, r.URL.Query().Get("region"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, scheduledPageTestJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
+	want := scheduledPageTest
+	pages, err := client.CreateObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), CreateObservatoryScheduledPageTestParams{
+		Frequency: frequency,
+		URL:       testURL,
+		Region:    region,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, pages)
+	}
+}
+
+func TestObservatoryScheduledPageTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, region, r.URL.Query().Get("region"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, scheduleJSON)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
+	want := schedule
+	schedule, err := client.GetObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryScheduledPageTestParams{
+		URL:    testURL,
+		Region: region,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, schedule)
+	}
+}
+
+func TestDeleteObservatoryScheduledPageTest(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		assert.Equal(t, region, r.URL.Query().Get("region"))
+		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": { 
+                "count": 2
+              }
+			}
+		`)
+	}
+	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
+	want := 2
+	count, err := client.DeleteObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), DeleteObservatoryScheduledPageTestParams{
+		URL:    testURL,
+		Region: region,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, count)
+	}
+}
diff --git a/pkg/cloudflare-go/options.go b/pkg/cloudflare-go/options.go
new file mode 100644
index 0000000000..0638a2d5c4
--- /dev/null
+++ b/pkg/cloudflare-go/options.go
@@ -0,0 +1,106 @@
+package cloudflare
+
+import (
+	"net/http"
+	"time"
+
+	"golang.org/x/time/rate"
+)
+
+// Option is a functional option for configuring the API client.
+type Option func(*API) error
+
+// HTTPClient accepts a custom *http.Client for making API calls.
+func HTTPClient(client *http.Client) Option {
+	return func(api *API) error {
+		api.httpClient = client
+		return nil
+	}
+}
+
+// Headers allows you to set custom HTTP headers when making API calls (e.g. for
+// satisfying HTTP proxies, or for debugging).
+func Headers(headers http.Header) Option {
+	return func(api *API) error {
+		api.headers = headers
+		return nil
+	}
+}
+
+// UsingRateLimit applies a non-default rate limit to client API requests
+// If not specified the default of 4rps will be applied.
+func UsingRateLimit(rps float64) Option {
+	return func(api *API) error {
+		// because ratelimiter doesnt do any windowing
+		// setting burst makes it difficult to enforce a fixed rate
+		// so setting it equal to 1 this effectively disables bursting
+		// this doesn't check for sensible values, ultimately the api will enforce that the value is ok
+		api.rateLimiter = rate.NewLimiter(rate.Limit(rps), 1)
+		return nil
+	}
+}
+
+// UsingRetryPolicy applies a non-default number of retries and min/max retry delays
+// This will be used when the client exponentially backs off after errored requests.
+func UsingRetryPolicy(maxRetries int, minRetryDelaySecs int, maxRetryDelaySecs int) Option {
+	// seconds is very granular for a minimum delay - but this is only in case of failure
+	return func(api *API) error {
+		api.retryPolicy = RetryPolicy{
+			MaxRetries:    maxRetries,
+			MinRetryDelay: time.Duration(minRetryDelaySecs) * time.Second,
+			MaxRetryDelay: time.Duration(maxRetryDelaySecs) * time.Second,
+		}
+		return nil
+	}
+}
+
+// UsingLogger can be set if you want to get log output from this API instance
+// By default no log output is emitted.
+func UsingLogger(logger Logger) Option {
+	return func(api *API) error {
+		api.logger = logger
+		return nil
+	}
+}
+
+// UserAgent can be set if you want to send a software name and version for HTTP access logs.
+// It is recommended to set it in order to help future Customer Support diagnostics
+// and prevent collateral damage by sharing generic User-Agent string with abusive users.
+// E.g. "my-software/1.2.3". By default generic Go User-Agent is used.
+func UserAgent(userAgent string) Option {
+	return func(api *API) error {
+		api.UserAgent = userAgent
+		return nil
+	}
+}
+
+// BaseURL allows you to override the default HTTP base URL used for API calls.
+func BaseURL(baseURL string) Option {
+	return func(api *API) error {
+		api.BaseURL = baseURL
+		return nil
+	}
+}
+
+func Debug(debug bool) Option {
+	return func(api *API) error {
+		api.Debug = debug
+		return nil
+	}
+}
+
+// parseOptions parses the supplied options functions and returns a configured
+// *API instance.
+func (api *API) parseOptions(opts ...Option) error {
+	// Range over each options function and apply it to our API type to
+	// configure it. Options functions are applied in order, with any
+	// conflicting options overriding earlier calls.
+	for _, option := range opts {
+		err := option(api)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/origin_ca.go b/pkg/cloudflare-go/origin_ca.go
new file mode 100644
index 0000000000..ff8589a3c4
--- /dev/null
+++ b/pkg/cloudflare-go/origin_ca.go
@@ -0,0 +1,233 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// OriginCACertificate represents a Cloudflare-issued certificate.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ca
+type OriginCACertificate struct {
+	ID              string    `json:"id"`
+	Certificate     string    `json:"certificate"`
+	Hostnames       []string  `json:"hostnames"`
+	ExpiresOn       time.Time `json:"expires_on"`
+	RequestType     string    `json:"request_type"`
+	RequestValidity int       `json:"requested_validity"`
+	RevokedAt       time.Time `json:"revoked_at,omitempty"`
+	CSR             string    `json:"csr"`
+}
+
+type CreateOriginCertificateParams struct {
+	ID              string    `json:"id"`
+	Certificate     string    `json:"certificate"`
+	Hostnames       []string  `json:"hostnames"`
+	ExpiresOn       time.Time `json:"expires_on"`
+	RequestType     string    `json:"request_type"`
+	RequestValidity int       `json:"requested_validity"`
+	RevokedAt       time.Time `json:"revoked_at,omitempty"`
+	CSR             string    `json:"csr"`
+}
+
+// UnmarshalJSON handles custom parsing from an API response to an OriginCACertificate
+// http://choly.ca/post/go-json-marshalling/
+func (c *OriginCACertificate) UnmarshalJSON(data []byte) error {
+	type Alias OriginCACertificate
+
+	aux := &struct {
+		ExpiresOn string `json:"expires_on"`
+		*Alias
+	}{
+		Alias: (*Alias)(c),
+	}
+
+	var err error
+
+	if err = json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	// This format comes from time.Time.String() source
+	c.ExpiresOn, err = time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", aux.ExpiresOn)
+
+	if err != nil {
+		c.ExpiresOn, err = time.Parse(time.RFC3339, aux.ExpiresOn)
+	}
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ListOriginCertificatesParams represents the parameters used to list
+// Cloudflare-issued certificates.
+type ListOriginCertificatesParams struct {
+	ZoneID string `url:"zone_id,omitempty"`
+}
+
+// OriginCACertificateID represents the ID of the revoked certificate from the Revoke Certificate endpoint.
+type OriginCACertificateID struct {
+	ID string `json:"id"`
+}
+
+// originCACertificateResponse represents the response from the Create Certificate and the Certificate Details endpoints.
+type originCACertificateResponse struct {
+	Response
+	Result OriginCACertificate `json:"result"`
+}
+
+// originCACertificateResponseList represents the response from the List Certificates endpoint.
+type originCACertificateResponseList struct {
+	Response
+	Result     []OriginCACertificate `json:"result"`
+	ResultInfo ResultInfo            `json:"result_info"`
+}
+
+// originCACertificateResponseRevoke represents the response from the Revoke Certificate endpoint.
+type originCACertificateResponseRevoke struct {
+	Response
+	Result OriginCACertificateID `json:"result"`
+}
+
+// CreateOriginCACertificate creates a Cloudflare-signed certificate.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ca-create-certificate
+func (api *API) CreateOriginCACertificate(ctx context.Context, params CreateOriginCertificateParams) (*OriginCACertificate, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPost, "/certificates", params)
+	if err != nil {
+		return &OriginCACertificate{}, err
+	}
+
+	var originResponse *originCACertificateResponse
+
+	err = json.Unmarshal(res, &originResponse)
+
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !originResponse.Success {
+		return nil, errors.New(errRequestNotSuccessful)
+	}
+
+	return &originResponse.Result, nil
+}
+
+// ListOriginCACertificates lists all Cloudflare-issued certificates.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ca-list-certificates
+func (api *API) ListOriginCACertificates(ctx context.Context, params ListOriginCertificatesParams) ([]OriginCACertificate, error) {
+	uri := buildURI("/certificates", params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var originResponse *originCACertificateResponseList
+
+	err = json.Unmarshal(res, &originResponse)
+
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !originResponse.Success {
+		return nil, errors.New(errRequestNotSuccessful)
+	}
+
+	return originResponse.Result, nil
+}
+
+// GetOriginCACertificate returns the details for a Cloudflare-issued
+// certificate.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ca-certificate-details
+func (api *API) GetOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificate, error) {
+	uri := fmt.Sprintf("/certificates/%s", certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var originResponse *originCACertificateResponse
+
+	err = json.Unmarshal(res, &originResponse)
+
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !originResponse.Success {
+		return nil, errors.New(errRequestNotSuccessful)
+	}
+
+	return &originResponse.Result, nil
+}
+
+// RevokeOriginCACertificate revokes a created certificate for a zone.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-ca-revoke-certificate
+func (api *API) RevokeOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificateID, error) {
+	uri := fmt.Sprintf("/certificates/%s", certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	var originResponse *originCACertificateResponseRevoke
+
+	err = json.Unmarshal(res, &originResponse)
+
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !originResponse.Success {
+		return nil, errors.New(errRequestNotSuccessful)
+	}
+
+	return &originResponse.Result, nil
+}
+
+// Gets the Cloudflare Origin CA Root Certificate for a given algorithm in PEM format.
+// Algorithm must be one of ['ecc', 'rsa'].
+func GetOriginCARootCertificate(algorithm string) ([]byte, error) {
+	var url string
+	switch algorithm {
+	case "ecc":
+		url = originCARootCertEccURL
+	case "rsa":
+		url = originCARootCertRsaURL
+	default:
+		return nil, fmt.Errorf("invalid algorithm: must be one of ['ecc', 'rsa']")
+	}
+
+	resp, err := http.Get(url) //nolint:gosec
+	if err != nil {
+		return nil, fmt.Errorf("HTTP request failed: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, errors.New(errRequestNotSuccessful)
+	}
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("Response body could not be read: %w", err)
+	}
+
+	return body, nil
+}
diff --git a/pkg/cloudflare-go/origin_ca_test.go b/pkg/cloudflare-go/origin_ca_test.go
new file mode 100644
index 0000000000..df79ace0a2
--- /dev/null
+++ b/pkg/cloudflare-go/origin_ca_test.go
@@ -0,0 +1,259 @@
+package cloudflare
+
+import (
+	"context"
+	"encoding/pem"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	payloadTemplate = `{"expires_on":"%s"}`
+	unmarshalTime   = time.Now().UTC().Round(time.Second)
+)
+
+func TestOriginCA_UnmarshalRFC3339(t *testing.T) {
+	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.Format(time.RFC3339))
+
+	var cert OriginCACertificate
+	err := json.Unmarshal([]byte(payload), &cert)
+	if assert.NoError(t, err) {
+		assert.Equal(t, unmarshalTime, cert.ExpiresOn)
+	}
+}
+
+func TestOriginCA_UnmarshalString(t *testing.T) {
+	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.String())
+
+	var cert OriginCACertificate
+	err := json.Unmarshal([]byte(payload), &cert)
+	if assert.NoError(t, err) {
+		assert.Equal(t, unmarshalTime, cert.ExpiresOn)
+	}
+}
+
+func TestOriginCA_UnmarshalOther(t *testing.T) {
+	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.Format(time.RFC1123))
+
+	var cert OriginCACertificate
+	err := json.Unmarshal([]byte(payload), &cert)
+	assert.Error(t, err)
+	assert.Equal(t, OriginCACertificate{}, cert)
+}
+
+func TestOriginCA_CreateOriginCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/certificates", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %ss", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "0x47530d8f561faa08",
+    "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+    "hostnames": [
+      "example.com",
+      "*.another.com"
+    ],
+    "expires_on": "2014-01-01T05:20:00.12345Z",
+    "request_type": "origin-rsa",
+    "requested_validity": 5475,
+    "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
+  }
+}`)
+	})
+
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	testCertificate := CreateOriginCertificateParams{
+		ID:              "0x47530d8f561faa08",
+		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+		Hostnames:       []string{"example.com", "*.another.com"},
+		ExpiresOn:       expiresOn,
+		RequestType:     "origin-rsa",
+		RequestValidity: 5475,
+		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
+	}
+
+	createdCertificate, err := client.CreateOriginCACertificate(context.Background(), testCertificate)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, &OriginCACertificate{
+			ID:              "0x47530d8f561faa08",
+			Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+			Hostnames:       []string{"example.com", "*.another.com"},
+			ExpiresOn:       expiresOn,
+			RequestType:     "origin-rsa",
+			RequestValidity: 5475,
+			CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
+		}, createdCertificate)
+	}
+}
+
+func TestOriginCA_OriginCertificates(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/certificates", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %ss", r.Method)
+		assert.Equal(t, testZoneID, r.URL.Query().Get("zone_id"), "Expected zone_id '', got %%s", testZoneID)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": "0x47530d8f561faa08",
+      "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+      "hostnames": [
+        "example.com",
+        "*.another.com"
+      ],
+      "expires_on": "2014-01-01T05:20:00.12345Z",
+      "request_type": "origin-rsa",
+      "requested_validity": 5475,
+      "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
+    }
+  ],
+  "result_info": {
+    "page": 1,
+    "per_page": 20,
+    "count": 1,
+    "total_count": 1
+  }
+}`)
+	})
+
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	testCertificate := OriginCACertificate{
+		ID:              "0x47530d8f561faa08",
+		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+		Hostnames:       []string{"example.com", "*.another.com"},
+		ExpiresOn:       expiresOn,
+		RequestType:     "origin-rsa",
+		RequestValidity: 5475,
+		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
+	}
+
+	certs, err := client.ListOriginCACertificates(context.Background(), ListOriginCertificatesParams{ZoneID: testZoneID})
+
+	if assert.NoError(t, err) {
+		assert.IsType(t, []OriginCACertificate{}, certs, "Expected type []OriginCACertificate and got %v", certs)
+		assert.Equal(t, certs[0], testCertificate)
+	}
+}
+
+func TestOriginCA_OriginCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/certificates/0x47530d8f561faa08", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %ss", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "0x47530d8f561faa08",
+    "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+    "hostnames": [
+      "example.com",
+      "*.another.com"
+    ],
+    "expires_on": "2014-01-01T05:20:00.12345Z",
+    "request_type": "origin-rsa",
+    "requested_validity": 5475,
+    "revoked_at": "2014-01-02T05:20:00.12345Z",
+    "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
+  }
+}`)
+	})
+
+	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	revokedAt, _ := time.Parse(time.RFC3339, "2014-01-02T05:20:00.12345Z")
+
+	testCertificate := OriginCACertificate{
+		ID:              "0x47530d8f561faa08",
+		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
+		Hostnames:       []string{"example.com", "*.another.com"},
+		ExpiresOn:       expiresOn,
+		RequestType:     "origin-rsa",
+		RequestValidity: 5475,
+		RevokedAt:       revokedAt,
+		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
+	}
+
+	cert, err := client.GetOriginCACertificate(context.Background(), testCertificate.ID)
+
+	if assert.NoError(t, err) {
+		assert.IsType(t, &OriginCACertificate{}, cert, "Expected type &OriginCACertificate and got %v", cert)
+		assert.Equal(t, cert, &testCertificate)
+	}
+}
+
+func TestOriginCA_RevokeCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/certificates/0x47530d8f561faa08", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %ss", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "0x47530d8f561faa08"
+  }
+}`)
+	})
+
+	testCertificate := OriginCACertificateID{
+		ID: "0x47530d8f561faa08",
+	}
+
+	cert, err := client.RevokeOriginCACertificate(context.Background(), testCertificate.ID)
+
+	if assert.NoError(t, err) {
+		assert.IsType(t, &OriginCACertificateID{}, cert, "Expected type &OriginCACertificateID and got %v", cert)
+		assert.Equal(t, cert, &testCertificate)
+	}
+}
+
+func TestOriginCA_OriginCARootCertificate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	// This test intentionally hits the live endpoints to ensure these are
+	// - **active** (as they may change over time)
+	// - not subject to bot management
+	// - return the expected content (type)
+
+	algorithms := []string{"ecc", "rsa"}
+
+	for _, algorithm := range algorithms {
+		t.Logf("get origin CA root certificate for algorithm %s", algorithm)
+		rootCACert, err := GetOriginCARootCertificate(algorithm)
+
+		if assert.NoError(t, err) {
+			assert.NotNil(t, rootCACert)
+
+			// Asserts that the content returned is a PEM formatted certificate
+			p, _ := pem.Decode(rootCACert)
+			assert.NotNil(t, p)
+			assert.Equal(t, "CERTIFICATE", p.Type)
+		}
+	}
+}
diff --git a/pkg/cloudflare-go/page_rules.go b/pkg/cloudflare-go/page_rules.go
new file mode 100644
index 0000000000..c4fa391f50
--- /dev/null
+++ b/pkg/cloudflare-go/page_rules.go
@@ -0,0 +1,240 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// PageRuleTarget is the target to evaluate on a request.
+//
+// Currently Target must always be "url" and Operator must be "matches". Value
+// is the URL pattern to match against.
+type PageRuleTarget struct {
+	Target     string `json:"target"`
+	Constraint struct {
+		Operator string `json:"operator"`
+		Value    string `json:"value"`
+	} `json:"constraint"`
+}
+
+/*
+PageRuleAction is the action to take when the target is matched.
+
+Valid IDs are:
+
+	always_online
+	always_use_https
+	automatic_https_rewrites
+	browser_cache_ttl
+	browser_check
+	bypass_cache_on_cookie
+	cache_by_device_type
+	cache_deception_armor
+	cache_level
+	cache_key_fields
+	cache_on_cookie
+	disable_apps
+	disable_performance
+	disable_railgun
+	disable_security
+	edge_cache_ttl
+	email_obfuscation
+	explicit_cache_control
+	forwarding_url
+	host_header_override
+	ip_geolocation
+	minify
+	mirage
+	opportunistic_encryption
+	origin_error_page_pass_thru
+	polish
+	resolve_override
+	respect_strong_etag
+	response_buffering
+	rocket_loader
+	security_level
+	server_side_exclude
+	sort_query_string_for_cache
+	ssl
+	true_client_ip_header
+	waf
+*/
+type PageRuleAction struct {
+	ID    string      `json:"id"`
+	Value interface{} `json:"value"`
+}
+
+// PageRuleActions maps API action IDs to human-readable strings.
+var PageRuleActions = map[string]string{
+	"always_online":               "Always Online",               // Value of type string
+	"always_use_https":            "Always Use HTTPS",            // Value of type interface{}
+	"automatic_https_rewrites":    "Automatic HTTPS Rewrites",    // Value of type string
+	"browser_cache_ttl":           "Browser Cache TTL",           // Value of type int
+	"browser_check":               "Browser Integrity Check",     // Value of type string
+	"bypass_cache_on_cookie":      "Bypass Cache on Cookie",      // Value of type string
+	"cache_by_device_type":        "Cache By Device Type",        // Value of type string
+	"cache_deception_armor":       "Cache Deception Armor",       // Value of type string
+	"cache_level":                 "Cache Level",                 // Value of type string
+	"cache_key_fields":            "Custom Cache Key",            // Value of type map[string]interface
+	"cache_on_cookie":             "Cache On Cookie",             // Value of type string
+	"disable_apps":                "Disable Apps",                // Value of type interface{}
+	"disable_performance":         "Disable Performance",         // Value of type interface{}
+	"disable_railgun":             "Disable Railgun",             // Value of type string
+	"disable_security":            "Disable Security",            // Value of type interface{}
+	"edge_cache_ttl":              "Edge Cache TTL",              // Value of type int
+	"email_obfuscation":           "Email Obfuscation",           // Value of type string
+	"explicit_cache_control":      "Origin Cache Control",        // Value of type string
+	"forwarding_url":              "Forwarding URL",              // Value of type map[string]interface
+	"host_header_override":        "Host Header Override",        // Value of type string
+	"ip_geolocation":              "IP Geolocation Header",       // Value of type string
+	"minify":                      "Minify",                      // Value of type map[string]interface
+	"mirage":                      "Mirage",                      // Value of type string
+	"opportunistic_encryption":    "Opportunistic Encryption",    // Value of type string
+	"origin_error_page_pass_thru": "Origin Error Page Pass-thru", // Value of type string
+	"polish":                      "Polish",                      // Value of type string
+	"resolve_override":            "Resolve Override",            // Value of type string
+	"respect_strong_etag":         "Respect Strong ETags",        // Value of type string
+	"response_buffering":          "Response Buffering",          // Value of type string
+	"rocket_loader":               "Rocker Loader",               // Value of type string
+	"security_level":              "Security Level",              // Value of type string
+	"server_side_exclude":         "Server Side Excludes",        // Value of type string
+	"sort_query_string_for_cache": "Query String Sort",           // Value of type string
+	"ssl":                         "SSL",                         // Value of type string
+	"true_client_ip_header":       "True Client IP Header",       // Value of type string
+	"waf":                         "Web Application Firewall",    // Value of type string
+}
+
+// PageRule describes a Page Rule.
+type PageRule struct {
+	ID         string           `json:"id,omitempty"`
+	Targets    []PageRuleTarget `json:"targets"`
+	Actions    []PageRuleAction `json:"actions"`
+	Priority   int              `json:"priority"`
+	Status     string           `json:"status"`
+	ModifiedOn time.Time        `json:"modified_on,omitempty"`
+	CreatedOn  time.Time        `json:"created_on,omitempty"`
+}
+
+// PageRuleDetailResponse is the API response, containing a single PageRule.
+type PageRuleDetailResponse struct {
+	Success  bool     `json:"success"`
+	Errors   []string `json:"errors"`
+	Messages []string `json:"messages"`
+	Result   PageRule `json:"result"`
+}
+
+// PageRulesResponse is the API response, containing an array of PageRules.
+type PageRulesResponse struct {
+	Success  bool       `json:"success"`
+	Errors   []string   `json:"errors"`
+	Messages []string   `json:"messages"`
+	Result   []PageRule `json:"result"`
+}
+
+// CreatePageRule creates a new Page Rule for a zone.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-create-a-page-rule
+func (api *API) CreatePageRule(ctx context.Context, zoneID string, rule PageRule) (*PageRule, error) {
+	uri := fmt.Sprintf("/zones/%s/pagerules", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
+	if err != nil {
+		return nil, err
+	}
+	var r PageRuleDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+// ListPageRules returns all Page Rules for a zone.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-list-page-rules
+func (api *API) ListPageRules(ctx context.Context, zoneID string) ([]PageRule, error) {
+	uri := fmt.Sprintf("/zones/%s/pagerules", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PageRule{}, err
+	}
+	var r PageRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []PageRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// PageRule fetches detail about one Page Rule for a zone.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-page-rule-details
+func (api *API) PageRule(ctx context.Context, zoneID, ruleID string) (PageRule, error) {
+	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PageRule{}, err
+	}
+	var r PageRuleDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PageRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ChangePageRule lets you change individual settings for a Page Rule. This is
+// in contrast to UpdatePageRule which replaces the entire Page Rule.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-change-a-page-rule
+func (api *API) ChangePageRule(ctx context.Context, zoneID, ruleID string, rule PageRule) error {
+	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, rule)
+	if err != nil {
+		return err
+	}
+	var r PageRuleDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// UpdatePageRule lets you replace a Page Rule. This is in contrast to
+// ChangePageRule which lets you change individual settings.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-update-a-page-rule
+func (api *API) UpdatePageRule(ctx context.Context, zoneID, ruleID string, rule PageRule) error {
+	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
+	if err != nil {
+		return err
+	}
+	var r PageRuleDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// DeletePageRule deletes a Page Rule for a zone.
+//
+// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-delete-a-page-rule
+func (api *API) DeletePageRule(ctx context.Context, zoneID, ruleID string) error {
+	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r PageRuleDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/page_rules_example_test.go b/pkg/cloudflare-go/page_rules_example_test.go
new file mode 100644
index 0000000000..182f8c93b5
--- /dev/null
+++ b/pkg/cloudflare-go/page_rules_example_test.go
@@ -0,0 +1,110 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+var exampleNewPageRule = cloudflare.PageRule{
+	Actions: []cloudflare.PageRuleAction{
+		{
+			ID:    "always_online",
+			Value: "on",
+		},
+		{
+			ID:    "ssl",
+			Value: "flexible",
+		},
+	},
+	Targets: []cloudflare.PageRuleTarget{
+		{
+			Target: "url",
+			Constraint: struct {
+				Operator string "json:\"operator\""
+				Value    string "json:\"value\""
+			}{Operator: "matches", Value: fmt.Sprintf("example.%s", domain)},
+		},
+	},
+	Priority: 1,
+	Status:   "active",
+}
+
+func ExampleAPI_CreatePageRule() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pageRule, err := api.CreatePageRule(context.Background(), zoneID, exampleNewPageRule)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", pageRule)
+}
+
+func ExampleAPI_ListPageRules() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pageRules, err := api.ListPageRules(context.Background(), zoneID)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", pageRules)
+	for _, r := range pageRules {
+		fmt.Printf("%+v\n", r)
+	}
+}
+
+func ExampleAPI_PageRule() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pageRules, err := api.PageRule(context.Background(), zoneID, "my_page_rule_id")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", pageRules)
+}
+
+func ExampleAPI_DeletePageRule() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = api.DeletePageRule(context.Background(), zoneID, "my_page_rule_id")
+	if err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/pkg/cloudflare-go/page_rules_test.go b/pkg/cloudflare-go/page_rules_test.go
new file mode 100644
index 0000000000..fd7a1fd45a
--- /dev/null
+++ b/pkg/cloudflare-go/page_rules_test.go
@@ -0,0 +1,198 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	pageRuleID                = "15dae2fc158942f2adb1dd2a3d4273bc"
+	serverPageRuleDescription = `{
+    "id": "%s",
+    "targets": [
+      {
+        "target": "url",
+        "constraint": {
+          "operator": "matches",
+          "value": "example.%s"
+        }
+      }
+    ],
+    "actions": [
+      {
+        "id": "always_online",
+        "value": "on"
+      },
+      {
+        "id": "ssl",
+        "value": "flexible"
+      }
+    ],
+    "priority": 1,
+    "status": "active",
+    "created_on": "%[3]s",
+    "modified_on": "%[3]s"
+  }
+`
+)
+
+var testTimestamp = time.Now().UTC()
+var expectedPageRuleStruct = PageRule{
+	ID: pageRuleID,
+	Actions: []PageRuleAction{
+		{
+			ID:    "always_online",
+			Value: "on",
+		},
+		{
+			ID:    "ssl",
+			Value: "flexible",
+		},
+	},
+	Targets: []PageRuleTarget{
+		{
+			Target: "url",
+			Constraint: struct {
+				Operator string "json:\"operator\""
+				Value    string "json:\"value\""
+			}{Operator: "matches", Value: fmt.Sprintf("example.%s", testZoneID)},
+		},
+	},
+	Priority:   1,
+	Status:     "active",
+	CreatedOn:  testTimestamp,
+	ModifiedOn: testTimestamp,
+}
+
+func TestListPageRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 1,
+			"per_page": 25,
+			"count": 1,
+			"total_count": 1
+		  }
+		}
+		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/pagerules", handler)
+	want := []PageRule{expectedPageRuleStruct}
+
+	actual, err := client.ListPageRules(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetPageRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/pagerules/"+pageRuleID, handler)
+	want := expectedPageRuleStruct
+
+	actual, err := client.PageRule(context.Background(), testZoneID, pageRuleID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreatePageRule(t *testing.T) {
+	setup()
+	defer teardown()
+	newPageRule := PageRule{
+		Actions: []PageRuleAction{
+			{
+				ID:    "always_online",
+				Value: "on",
+			},
+			{
+				ID:    "ssl",
+				Value: "flexible",
+			},
+		},
+		Targets: []PageRuleTarget{
+			{
+				Target: "url",
+				Constraint: struct {
+					Operator string "json:\"operator\""
+					Value    string "json:\"value\""
+				}{Operator: "matches", Value: fmt.Sprintf("example.%s", testZoneID)},
+			},
+		},
+		Priority: 1,
+		Status:   "active",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/pagerules", handler)
+	want := &expectedPageRuleStruct
+
+	actual, err := client.CreatePageRule(context.Background(), testZoneID, newPageRule)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeletePageRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/pagerules/"+pageRuleID, handler)
+
+	err := client.DeletePageRule(context.Background(), testZoneID, pageRuleID)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/page_shield.go b/pkg/cloudflare-go/page_shield.go
new file mode 100644
index 0000000000..d05c949722
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield.go
@@ -0,0 +1,76 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// PageShield represents the page shield object minus any timestamps.
+type PageShield struct {
+	Enabled                        *bool `json:"enabled,omitempty"`
+	UseCloudflareReportingEndpoint *bool `json:"use_cloudflare_reporting_endpoint,omitempty"`
+	UseConnectionURLPath           *bool `json:"use_connection_url_path,omitempty"`
+}
+
+type UpdatePageShieldSettingsParams struct {
+	Enabled                        *bool `json:"enabled,omitempty"`
+	UseCloudflareReportingEndpoint *bool `json:"use_cloudflare_reporting_endpoint,omitempty"`
+	UseConnectionURLPath           *bool `json:"use_connection_url_path,omitempty"`
+}
+
+// PageShieldSettings represents the page shield settings for a zone.
+type PageShieldSettings struct {
+	PageShield
+	UpdatedAt string `json:"updated_at"`
+}
+
+// PageShieldSettingsResponse represents the response from the page shield settings endpoint.
+type PageShieldSettingsResponse struct {
+	PageShield PageShieldSettings `json:"result"`
+	Response
+}
+
+type GetPageShieldSettingsParams struct{}
+
+// GetPageShieldSettings returns the page shield settings for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-page-shield-settings
+func (api *API) GetPageShieldSettings(ctx context.Context, rc *ResourceContainer, params GetPageShieldSettingsParams) (*PageShieldSettingsResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/page_shield", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldSettingsResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
+
+// UpdatePageShieldSettings updates the page shield settings for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-update-page-shield-settings
+func (api *API) UpdatePageShieldSettings(ctx context.Context, rc *ResourceContainer, params UpdatePageShieldSettingsParams) (*PageShieldSettingsResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/page_shield", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldSettingsResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
diff --git a/pkg/cloudflare-go/page_shield_connections.go b/pkg/cloudflare-go/page_shield_connections.go
new file mode 100644
index 0000000000..9046512769
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_connections.go
@@ -0,0 +1,88 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// ListPageShieldConnectionsParams represents parameters for a page shield connection request.
+type ListPageShieldConnectionsParams struct {
+	Direction           string `url:"direction"`
+	ExcludeCdnCgi       *bool  `url:"exclude_cdn_cgi,omitempty"`
+	ExcludeUrls         string `url:"exclude_urls"`
+	Export              string `url:"export"`
+	Hosts               string `url:"hosts"`
+	OrderBy             string `url:"order_by"`
+	Page                string `url:"page"`
+	PageURL             string `url:"page_url"`
+	PerPage             int    `url:"per_page"`
+	PrioritizeMalicious *bool  `url:"prioritize_malicious,omitempty"`
+	Status              string `url:"status"`
+	URLs                string `url:"urls"`
+}
+
+// PageShieldConnection represents a page shield connection.
+type PageShieldConnection struct {
+	AddedAt                 string   `json:"added_at"`
+	DomainReportedMalicious *bool    `json:"domain_reported_malicious,omitempty"`
+	FirstPageURL            string   `json:"first_page_url"`
+	FirstSeenAt             string   `json:"first_seen_at"`
+	Host                    string   `json:"host"`
+	ID                      string   `json:"id"`
+	LastSeenAt              string   `json:"last_seen_at"`
+	PageURLs                []string `json:"page_urls"`
+	URL                     string   `json:"url"`
+	URLContainsCdnCgiPath   *bool    `json:"url_contains_cdn_cgi_path,omitempty"`
+}
+
+// ListPageShieldConnectionsResponse represents the response from the list page shield connections endpoint.
+type ListPageShieldConnectionsResponse struct {
+	Result []PageShieldConnection `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// ListPageShieldConnections lists all page shield connections for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-connections
+func (api *API) ListPageShieldConnections(ctx context.Context, rc *ResourceContainer, params ListPageShieldConnectionsParams) ([]PageShieldConnection, ResultInfo, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/connections", rc.Identifier)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var psResponse ListPageShieldConnectionsResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return psResponse.Result, psResponse.ResultInfo, nil
+}
+
+// GetPageShieldConnection gets a page shield connection for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-a-page-shield-connection
+func (api *API) GetPageShieldConnection(ctx context.Context, rc *ResourceContainer, connectionID string) (*PageShieldConnection, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/connections/%s", rc.Identifier, connectionID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldConnection
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
diff --git a/pkg/cloudflare-go/page_shield_connections_test.go b/pkg/cloudflare-go/page_shield_connections_test.go
new file mode 100644
index 0000000000..42e78cc631
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_connections_test.go
@@ -0,0 +1,90 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+// Mock data for PageShieldConnections.
+var mockPageShieldConnections = []PageShieldConnection{
+	{
+		AddedAt:                 "2021-08-18T10:51:10.09615Z",
+		DomainReportedMalicious: BoolPtr(false),
+		FirstPageURL:            "blog.cloudflare.com/page",
+		FirstSeenAt:             "2021-08-18T10:51:08Z",
+		Host:                    "blog.cloudflare.com",
+		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
+		LastSeenAt:              "2021-09-02T09:57:54Z",
+		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
+		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
+		URLContainsCdnCgiPath:   BoolPtr(false),
+	},
+	{
+		AddedAt:                 "2021-09-18T10:51:10.09615Z",
+		DomainReportedMalicious: BoolPtr(false),
+		FirstPageURL:            "blog.cloudflare.com/page02",
+		FirstSeenAt:             "2021-08-18T10:51:08Z",
+		Host:                    "blog.cloudflare.com",
+		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
+		LastSeenAt:              "2021-09-02T09:57:54Z",
+		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
+		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
+		URLContainsCdnCgiPath:   BoolPtr(false),
+	},
+	{
+		AddedAt:                 "2021-10-18T10:51:10.09615Z",
+		DomainReportedMalicious: BoolPtr(false),
+		FirstPageURL:            "blog.cloudflare.com/page03",
+		FirstSeenAt:             "2021-08-18T10:51:08Z",
+		Host:                    "blog.cloudflare.com",
+		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
+		LastSeenAt:              "2021-09-02T09:57:54Z",
+		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
+		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
+		URLContainsCdnCgiPath:   BoolPtr(false),
+	},
+}
+
+func TestListPageShieldConnections(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/connections", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := ListPageShieldConnectionsResponse{
+			Result: mockPageShieldConnections,
+		}
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, _, err := client.ListPageShieldConnections(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldConnectionsParams{})
+	assert.NoError(t, err)
+	assert.Equal(t, mockPageShieldConnections, result)
+}
+
+func TestGetPageShieldConnection(t *testing.T) {
+	setup()
+	defer teardown()
+
+	connectionID := "c9ef84a6bf5e47138c75d95e2f933e8f" //nolint
+	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/connections/%s", connectionID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := mockPageShieldConnections[0] // Assuming it's the first mock connection
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, err := client.GetPageShieldConnection(context.Background(), ZoneIdentifier(testZoneID), connectionID)
+	assert.NoError(t, err)
+	assert.Equal(t, &mockPageShieldConnections[0], result)
+}
diff --git a/pkg/cloudflare-go/page_shield_policies.go b/pkg/cloudflare-go/page_shield_policies.go
new file mode 100644
index 0000000000..29ce64ad0e
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_policies.go
@@ -0,0 +1,140 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// PageShieldPolicy represents a page shield policy.
+type PageShieldPolicy struct {
+	Action      string `json:"action"`
+	Description string `json:"description"`
+	Enabled     *bool  `json:"enabled,omitempty"`
+	Expression  string `json:"expression"`
+	ID          string `json:"id"`
+	Value       string `json:"value"`
+}
+
+type CreatePageShieldPolicyParams struct {
+	Action      string `json:"action"`
+	Description string `json:"description"`
+	Enabled     *bool  `json:"enabled,omitempty"`
+	Expression  string `json:"expression"`
+	ID          string `json:"id"`
+	Value       string `json:"value"`
+}
+
+type UpdatePageShieldPolicyParams struct {
+	Action      string `json:"action"`
+	Description string `json:"description"`
+	Enabled     *bool  `json:"enabled,omitempty"`
+	Expression  string `json:"expression"`
+	ID          string `json:"id"`
+	Value       string `json:"value"`
+}
+
+// ListPageShieldPoliciesResponse represents the response from the list page shield policies endpoint.
+type ListPageShieldPoliciesResponse struct {
+	Result []PageShieldPolicy `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type ListPageShieldPoliciesParams struct{}
+
+// ListPageShieldPolicies lists all page shield policies for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-policies
+func (api *API) ListPageShieldPolicies(ctx context.Context, rc *ResourceContainer, params ListPageShieldPoliciesParams) ([]PageShieldPolicy, ResultInfo, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/policies", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var psResponse ListPageShieldPoliciesResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return psResponse.Result, psResponse.ResultInfo, nil
+}
+
+// CreatePageShieldPolicy creates a page shield policy for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-create-page-shield-policy
+func (api *API) CreatePageShieldPolicy(ctx context.Context, rc *ResourceContainer, params CreatePageShieldPolicyParams) (*PageShieldPolicy, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/policies", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, path, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldPolicy
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
+
+// DeletePageShieldPolicy deletes a page shield policy for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-delete-page-shield-policy
+func (api *API) DeletePageShieldPolicy(ctx context.Context, rc *ResourceContainer, policyID string) error {
+	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, policyID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, path, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// GetPageShieldPolicy gets a page shield policy for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-page-shield-policy
+func (api *API) GetPageShieldPolicy(ctx context.Context, rc *ResourceContainer, policyID string) (*PageShieldPolicy, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, policyID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldPolicy
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
+
+// UpdatePageShieldPolicy updates a page shield policy for a zone.
+//
+// API documentation: https://developers.cloudflare.com/api/operations/page-shield-update-page-shield-policy
+func (api *API) UpdatePageShieldPolicy(ctx context.Context, rc *ResourceContainer, params UpdatePageShieldPolicyParams) (*PageShieldPolicy, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, params.ID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, path, params)
+	if err != nil {
+		return nil, err
+	}
+
+	var psResponse PageShieldPolicy
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse, nil
+}
diff --git a/pkg/cloudflare-go/page_shield_policies_test.go b/pkg/cloudflare-go/page_shield_policies_test.go
new file mode 100644
index 0000000000..239c4639d0
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_policies_test.go
@@ -0,0 +1,151 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+var mockPageShieldPolicies = []PageShieldPolicy{
+	{
+		Action:      "allow",
+		Description: "Checkout page CSP policy",
+		Enabled:     BoolPtr(true),
+		Expression:  "ends_with(http.request.uri.path, \"/checkout\")",
+		ID:          "c9ef84a6bf5e47138c75d95e2f933e8f",
+		Value:       "script-src 'none';",
+	},
+	{
+		Action:      "allow",
+		Description: "Checkout page CSP policy",
+		Enabled:     BoolPtr(true),
+		Expression:  "ends_with(http.request.uri.path, \"/login\")",
+		ID:          "c9ef84a6bf5e47138c75d95e2f933e82",
+		Value:       "script-src 'none';",
+	},
+	{
+		Action:      "allow",
+		Description: "Checkout page CSP policy",
+		Enabled:     BoolPtr(true),
+		Expression:  "ends_with(http.request.uri.path, \"/logout\")",
+		ID:          "c9ef84a6bf5e47138c75d95e2f933e83",
+		Value:       "script-src 'none';",
+	},
+}
+
+func TestListPageShieldPolicies(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/policies", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := ListPageShieldPoliciesResponse{
+			Result: mockPageShieldPolicies,
+		}
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, _, err := client.ListPageShieldPolicies(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldPoliciesParams{})
+	assert.NoError(t, err)
+	assert.Equal(t, mockPageShieldPolicies, result)
+}
+
+func TestCreatePageShieldPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/policies", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		var params PageShieldPolicy
+		err := json.NewDecoder(r.Body).Decode(&params)
+		assert.NoError(t, err)
+		params.ID = "newPolicyID"
+		err = json.NewEncoder(w).Encode(params)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	newPolicy := CreatePageShieldPolicyParams{
+		Action:      "block",
+		Description: "New policy",
+		Enabled:     BoolPtr(true),
+		Expression:  "ends_with(http.request.uri.path, \"/new\")",
+		Value:       "script-src 'self';",
+	}
+	result, err := client.CreatePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), newPolicy)
+	assert.NoError(t, err)
+	assert.Equal(t, "newPolicyID", result.ID)
+}
+
+func TestDeletePageShieldPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
+	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.WriteHeader(http.StatusOK) // Assuming successful deletion returns 200 OK
+	})
+	err := client.DeletePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), policyID)
+	assert.NoError(t, err)
+}
+
+func TestGetPageShieldPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
+	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		err := json.NewEncoder(w).Encode(mockPageShieldPolicies[0]) // Assuming the first mock policy
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, err := client.GetPageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), policyID)
+	assert.NoError(t, err)
+	assert.Equal(t, &mockPageShieldPolicies[0], result)
+}
+
+func TestUpdatePageShieldPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
+	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var params PageShieldPolicy
+		err := json.NewDecoder(r.Body).Decode(&params)
+		assert.NoError(t, err)
+		params.ID = policyID
+		err = json.NewEncoder(w).Encode(params)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	updatedPolicy := UpdatePageShieldPolicyParams{
+		ID:          policyID,
+		Action:      "block",
+		Description: "Updated policy",
+		Enabled:     BoolPtr(false),
+		Expression:  "ends_with(http.request.uri.path, \"/updated\")",
+		Value:       "script-src 'self';",
+	}
+	result, err := client.UpdatePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), updatedPolicy)
+	assert.NoError(t, err)
+	assert.Equal(t, policyID, result.ID)
+	assert.Equal(t, "Updated policy", result.Description)
+}
diff --git a/pkg/cloudflare-go/page_shield_scripts.go b/pkg/cloudflare-go/page_shield_scripts.go
new file mode 100644
index 0000000000..09559b59f9
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_scripts.go
@@ -0,0 +1,107 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// PageShieldScript represents a Page Shield script.
+type PageShieldScript struct {
+	AddedAt                 string   `json:"added_at"`
+	DomainReportedMalicious *bool    `json:"domain_reported_malicious,omitempty"`
+	FetchedAt               string   `json:"fetched_at"`
+	FirstPageURL            string   `json:"first_page_url"`
+	FirstSeenAt             string   `json:"first_seen_at"`
+	Hash                    string   `json:"hash"`
+	Host                    string   `json:"host"`
+	ID                      string   `json:"id"`
+	JSIntegrityScore        int      `json:"js_integrity_score"`
+	LastSeenAt              string   `json:"last_seen_at"`
+	PageURLs                []string `json:"page_urls"`
+	URL                     string   `json:"url"`
+	URLContainsCdnCgiPath   *bool    `json:"url_contains_cdn_cgi_path,omitempty"`
+}
+
+// ListPageShieldScriptsParams represents a PageShield Script request parameters.
+//
+// API reference: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-scripts#Query-Parameters
+type ListPageShieldScriptsParams struct {
+	Direction           string `url:"direction"`
+	ExcludeCdnCgi       *bool  `url:"exclude_cdn_cgi,omitempty"`
+	ExcludeDuplicates   *bool  `url:"exclude_duplicates,omitempty"`
+	ExcludeUrls         string `url:"exclude_urls"`
+	Export              string `url:"export"`
+	Hosts               string `url:"hosts"`
+	OrderBy             string `url:"order_by"`
+	Page                string `url:"page"`
+	PageURL             string `url:"page_url"`
+	PerPage             int    `url:"per_page"`
+	PrioritizeMalicious *bool  `url:"prioritize_malicious,omitempty"`
+	Status              string `url:"status"`
+	URLs                string `url:"urls"`
+}
+
+// PageShieldScriptsResponse represents the response from the PageShield Script API.
+type PageShieldScriptsResponse struct {
+	Results []PageShieldScript `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// PageShieldScriptResponse represents the response from the PageShield Script API.
+type PageShieldScriptResponse struct {
+	Result   PageShieldScript          `json:"result"`
+	Versions []PageShieldScriptVersion `json:"versions"`
+}
+
+// PageShieldScriptVersion represents a Page Shield script version.
+type PageShieldScriptVersion struct {
+	FetchedAt        string `json:"fetched_at"`
+	Hash             string `json:"hash"`
+	JSIntegrityScore int    `json:"js_integrity_score"`
+}
+
+// ListPageShieldScripts returns a list of PageShield Scripts.
+//
+// API reference: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-scripts
+func (api *API) ListPageShieldScripts(ctx context.Context, rc *ResourceContainer, params ListPageShieldScriptsParams) ([]PageShieldScript, ResultInfo, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/scripts", rc.Identifier)
+
+	uri := buildURI(path, params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, ResultInfo{}, err
+	}
+
+	var psResponse PageShieldScriptsResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return psResponse.Results, psResponse.ResultInfo, nil
+}
+
+// GetPageShieldScript returns a PageShield Script.
+//
+// API reference: https://developers.cloudflare.com/api/operations/page-shield-get-a-page-shield-script
+func (api *API) GetPageShieldScript(ctx context.Context, rc *ResourceContainer, scriptID string) (*PageShieldScript, []PageShieldScriptVersion, error) {
+	path := fmt.Sprintf("/zones/%s/page_shield/scripts/%s", rc.Identifier, scriptID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var psResponse PageShieldScriptResponse
+	err = json.Unmarshal(res, &psResponse)
+	if err != nil {
+		return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &psResponse.Result, psResponse.Versions, nil
+}
diff --git a/pkg/cloudflare-go/page_shield_scripts_test.go b/pkg/cloudflare-go/page_shield_scripts_test.go
new file mode 100644
index 0000000000..d6d430dcdc
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_scripts_test.go
@@ -0,0 +1,78 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+var mockPageShieldScripts = []PageShieldScript{
+	{
+		AddedAt:                 "2021-08-18T10:51:10.09615Z",
+		DomainReportedMalicious: BoolPtr(false),
+		FetchedAt:               "2021-09-02T10:17:54Z",
+		FirstPageURL:            "blog.cloudflare.com/page",
+		FirstSeenAt:             "2021-08-18T10:51:08Z",
+		Hash:                    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+		Host:                    "blog.cloudflare.com",
+		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
+		JSIntegrityScore:        10,
+		LastSeenAt:              "2021-09-02T09:57:54Z",
+		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
+		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
+		URLContainsCdnCgiPath:   BoolPtr(false),
+	},
+}
+
+var mockVersions = []PageShieldScriptVersion{
+	{
+		FetchedAt:        "2021-09-02T10:17:54Z",
+		Hash:             "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+		JSIntegrityScore: 10,
+	},
+}
+
+func TestListPageShieldScripts(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/scripts", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := PageShieldScriptsResponse{Results: mockPageShieldScripts}
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, _, err := client.ListPageShieldScripts(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldScriptsParams{})
+	assert.NoError(t, err)
+	assert.Equal(t, mockPageShieldScripts, result)
+}
+
+func TestGetPageShieldScript(t *testing.T) {
+	setup()
+	defer teardown()
+
+	scriptID := "c9ef84a6bf5e47138c75d95e2f933e8f"
+	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/scripts/%s", scriptID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := PageShieldScriptResponse{
+			Result:   mockPageShieldScripts[0],
+			Versions: mockVersions,
+		}
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+	result, versions, err := client.GetPageShieldScript(context.Background(), ZoneIdentifier(testZoneID), scriptID)
+	assert.NoError(t, err)
+	assert.Equal(t, &mockPageShieldScripts[0], result)
+	assert.Equal(t, mockVersions, versions)
+}
diff --git a/pkg/cloudflare-go/page_shield_test.go b/pkg/cloudflare-go/page_shield_test.go
new file mode 100644
index 0000000000..a41e51e221
--- /dev/null
+++ b/pkg/cloudflare-go/page_shield_test.go
@@ -0,0 +1,77 @@
+package cloudflare
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+// Mock PageShieldSettings data.
+var mockPageShieldSettings = PageShieldSettings{
+	PageShield: PageShield{
+		Enabled:                        BoolPtr(true),
+		UseCloudflareReportingEndpoint: BoolPtr(true),
+		UseConnectionURLPath:           BoolPtr(true),
+	},
+	UpdatedAt: "2022-10-12T17:56:52.083582+01:00",
+}
+
+func TestGetPageShieldSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		response := PageShieldSettingsResponse{
+			PageShield: mockPageShieldSettings,
+		}
+		err := json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	result, err := client.GetPageShieldSettings(context.Background(), ZoneIdentifier(testZoneID), GetPageShieldSettingsParams{})
+	assert.NoError(t, err)
+	assert.Equal(t, &PageShieldSettingsResponse{PageShield: mockPageShieldSettings}, result)
+}
+
+func TestUpdatePageShieldSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/page_shield", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+
+		var params PageShield
+		err := json.NewDecoder(r.Body).Decode(&params)
+		assert.NoError(t, err)
+
+		response := PageShieldSettingsResponse{
+			PageShield: PageShieldSettings{
+				PageShield: params,
+				UpdatedAt:  "2022-10-13T10:00:00.000Z",
+			},
+		}
+		err = json.NewEncoder(w).Encode(response)
+		if err != nil {
+			t.Fatal(err)
+		}
+	})
+
+	newSettings := UpdatePageShieldSettingsParams{
+		Enabled:                        BoolPtr(false),
+		UseCloudflareReportingEndpoint: BoolPtr(false),
+		UseConnectionURLPath:           BoolPtr(false),
+	}
+	result, err := client.UpdatePageShieldSettings(context.Background(), ZoneIdentifier(testZoneID), newSettings)
+	assert.NoError(t, err)
+	assert.Equal(t, false, *result.PageShield.Enabled)
+	assert.Equal(t, false, *result.PageShield.UseCloudflareReportingEndpoint)
+	assert.Equal(t, false, *result.PageShield.UseConnectionURLPath)
+}
diff --git a/pkg/cloudflare-go/pages_deployment.go b/pkg/cloudflare-go/pages_deployment.go
new file mode 100644
index 0000000000..b81a2c1b77
--- /dev/null
+++ b/pkg/cloudflare-go/pages_deployment.go
@@ -0,0 +1,343 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// SizeOptions can be passed to a list request to configure size and cursor location.
+// These values will be defaulted if omitted.
+//
+// This should be swapped to ResultInfoCursors once the types are corrected.
+type SizeOptions struct {
+	Size   int  `json:"size,omitempty" url:"size,omitempty"`
+	Before *int `json:"before,omitempty" url:"before,omitempty"`
+	After  *int `json:"after,omitempty" url:"after,omitempty"`
+}
+
+// PagesDeploymentStageLogs represents the logs for a Pages deployment stage.
+type PagesDeploymentStageLogs struct {
+	Name      string                         `json:"name"`
+	StartedOn *time.Time                     `json:"started_on"`
+	EndedOn   *time.Time                     `json:"ended_on"`
+	Status    string                         `json:"status"`
+	Start     int                            `json:"start"`
+	End       int                            `json:"end"`
+	Total     int                            `json:"total"`
+	Data      []PagesDeploymentStageLogEntry `json:"data"`
+}
+
+// PagesDeploymentStageLogEntry represents a single log entry in a Pages deployment stage.
+type PagesDeploymentStageLogEntry struct {
+	ID        int        `json:"id"`
+	Timestamp *time.Time `json:"timestamp"`
+	Message   string     `json:"message"`
+}
+
+// PagesDeploymentLogs represents the logs for a Pages deployment.
+type PagesDeploymentLogs struct {
+	Total                 int                       `json:"total"`
+	IncludesContainerLogs bool                      `json:"includes_container_logs"`
+	Data                  []PagesDeploymentLogEntry `json:"data"`
+}
+
+// PagesDeploymentLogEntry represents a single log entry in a Pages deployment.
+type PagesDeploymentLogEntry struct {
+	Timestamp *time.Time `json:"ts"`
+	Line      string     `json:"line"`
+}
+
+type pagesDeploymentListResponse struct {
+	Response
+	Result     []PagesProjectDeployment `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type pagesDeploymentResponse struct {
+	Response
+	Result PagesProjectDeployment `json:"result"`
+}
+
+type pagesDeploymentLogsResponse struct {
+	Response
+	Result     PagesDeploymentLogs `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type ListPagesDeploymentsParams struct {
+	ProjectName string `url:"-"`
+
+	ResultInfo
+}
+
+type GetPagesDeploymentInfoParams struct {
+	ProjectName  string
+	DeploymentID string
+}
+
+type GetPagesDeploymentStageLogsParams struct {
+	ProjectName  string
+	DeploymentID string
+	StageName    string
+
+	SizeOptions
+}
+
+type GetPagesDeploymentLogsParams struct {
+	ProjectName  string
+	DeploymentID string
+
+	SizeOptions
+}
+
+type DeletePagesDeploymentParams struct {
+	ProjectName  string `url:"-"`
+	DeploymentID string `url:"-"`
+	Force        bool   `url:"force,omitempty"`
+}
+
+type CreatePagesDeploymentParams struct {
+	ProjectName string `json:"-"`
+	Branch      string `json:"branch,omitempty"`
+}
+
+type RetryPagesDeploymentParams struct {
+	ProjectName  string
+	DeploymentID string
+}
+
+type RollbackPagesDeploymentParams struct {
+	ProjectName  string
+	DeploymentID string
+}
+
+var (
+	ErrMissingProjectName  = errors.New("required missing project name")
+	ErrMissingDeploymentID = errors.New("required missing deployment ID")
+)
+
+// ListPagesDeployments returns all deployments for a Pages project.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-get-deployments
+func (api *API) ListPagesDeployments(ctx context.Context, rc *ResourceContainer, params ListPagesDeploymentsParams) ([]PagesProjectDeployment, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []PagesProjectDeployment{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return []PagesProjectDeployment{}, &ResultInfo{}, ErrMissingProjectName
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var deployments []PagesProjectDeployment
+	var r pagesDeploymentListResponse
+
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments", rc.Identifier, params.ProjectName), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []PagesProjectDeployment{}, &ResultInfo{}, err
+		}
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []PagesProjectDeployment{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		deployments = append(deployments, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.Done() || !autoPaginate {
+			break
+		}
+	}
+	return deployments, &r.ResultInfo, nil
+}
+
+// GetPagesDeploymentInfo returns a deployment for a Pages project.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-get-deployment-info
+func (api *API) GetPagesDeploymentInfo(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
+	if rc.Identifier == "" {
+		return PagesProjectDeployment{}, ErrMissingAccountID
+	}
+
+	if projectName == "" {
+		return PagesProjectDeployment{}, ErrMissingProjectName
+	}
+
+	if deploymentID == "" {
+		return PagesProjectDeployment{}, ErrMissingDeploymentID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s", rc.Identifier, projectName, deploymentID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PagesProjectDeployment{}, err
+	}
+	var r pagesDeploymentResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// GetPagesDeploymentLogs returns the logs for a Pages deployment.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-get-deployment-logs
+func (api *API) GetPagesDeploymentLogs(ctx context.Context, rc *ResourceContainer, params GetPagesDeploymentLogsParams) (PagesDeploymentLogs, error) {
+	if rc.Identifier == "" {
+		return PagesDeploymentLogs{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return PagesDeploymentLogs{}, ErrMissingProjectName
+	}
+
+	if params.DeploymentID == "" {
+		return PagesDeploymentLogs{}, ErrMissingDeploymentID
+	}
+
+	uri := buildURI(
+		fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/history/logs", rc.Identifier, params.ProjectName, params.DeploymentID),
+		params.SizeOptions,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PagesDeploymentLogs{}, err
+	}
+	var r pagesDeploymentLogsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesDeploymentLogs{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeletePagesDeployment deletes a Pages deployment.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-delete-deployment
+func (api *API) DeletePagesDeployment(ctx context.Context, rc *ResourceContainer, params DeletePagesDeploymentParams) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return ErrMissingProjectName
+	}
+
+	if params.DeploymentID == "" {
+		return ErrMissingDeploymentID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s", rc.Identifier, params.ProjectName, params.DeploymentID), params)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// CreatePagesDeployment creates a Pages production deployment.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-create-deployment
+func (api *API) CreatePagesDeployment(ctx context.Context, rc *ResourceContainer, params CreatePagesDeploymentParams) (PagesProjectDeployment, error) {
+	if rc.Identifier == "" {
+		return PagesProjectDeployment{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return PagesProjectDeployment{}, ErrMissingProjectName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments", rc.Identifier, params.ProjectName)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return PagesProjectDeployment{}, err
+	}
+	var r pagesDeploymentResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// RetryPagesDeployment retries a specific Pages deployment.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-retry-deployment
+func (api *API) RetryPagesDeployment(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
+	if rc.Identifier == "" {
+		return PagesProjectDeployment{}, ErrMissingAccountID
+	}
+
+	if projectName == "" {
+		return PagesProjectDeployment{}, ErrMissingProjectName
+	}
+
+	if deploymentID == "" {
+		return PagesProjectDeployment{}, ErrMissingDeploymentID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/retry", rc.Identifier, projectName, deploymentID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return PagesProjectDeployment{}, err
+	}
+	var r pagesDeploymentResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// RollbackPagesDeployment rollbacks the Pages production deployment to a previous production deployment.
+//
+// API reference: https://api.cloudflare.com/#pages-deployment-rollback-deployment
+func (api *API) RollbackPagesDeployment(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
+	if rc.Identifier == "" {
+		return PagesProjectDeployment{}, ErrMissingAccountID
+	}
+
+	if projectName == "" {
+		return PagesProjectDeployment{}, ErrMissingProjectName
+	}
+
+	if deploymentID == "" {
+		return PagesProjectDeployment{}, ErrMissingDeploymentID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/rollback", rc.Identifier, projectName, deploymentID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return PagesProjectDeployment{}, err
+	}
+	var r pagesDeploymentResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/pages_deployment_test.go b/pkg/cloudflare-go/pages_deployment_test.go
new file mode 100644
index 0000000000..7e7f3ee0e8
--- /dev/null
+++ b/pkg/cloudflare-go/pages_deployment_test.go
@@ -0,0 +1,500 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testPagesDeploymentResponse = `
+	{
+		"id": "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
+		"short_id": "0012e50b",
+		"project_id": "80776025-b1bd-4181-993f-8238c27d226f",
+		"project_name": "test",
+		"environment": "production",
+		"url": "https://0012e50b.test.pages.dev",
+		"created_on": "2021-01-01T00:00:00Z",
+		"modified_on": "2021-01-01T00:00:00Z",
+		"latest_stage": {
+			"name": "deploy",
+			"started_on": "2021-01-01T00:00:00Z",
+			"ended_on": "2021-01-01T00:00:00Z",
+			"status": "success"
+		},
+		"deployment_trigger": {
+			"type": "ad_hoc",
+			"metadata": {
+				"branch": "main",
+				"commit_hash": "20fb65fa9d7fd2a11f7fa3ebdc44137b263ee835",
+				"commit_message": "Test commit"
+			}
+		},
+		"stages": [
+			{
+				"name": "queued",
+				"started_on": "2021-01-01T00:00:00Z",
+				"ended_on": "2021-01-01T00:00:00Z",
+				"status": "success"
+			},
+			{
+				"name": "initialize",
+				"started_on": "2021-01-01T00:00:00Z",
+				"ended_on": "2021-01-01T00:00:00Z",
+				"status": "success"
+			},
+			{
+				"name": "clone_repo",
+				"started_on": "2021-01-01T00:00:00Z",
+				"ended_on": "2021-01-01T00:00:00Z",
+				"status": "success"
+			},
+			{
+				"name": "build",
+				"started_on": "2021-01-01T00:00:00Z",
+				"ended_on": "2021-01-01T00:00:00Z",
+				"status": "success"
+			},
+			{
+				"name": "deploy",
+				"started_on": "2021-01-01T00:00:00Z",
+				"ended_on": "2021-01-01T00:00:00Z",
+				"status": "success"
+			}
+		],
+		"build_config": {
+			"build_command": "bash test.sh",
+			"destination_dir": "",
+			"root_dir": "",
+			"web_analytics_tag": null,
+			"web_analytics_token": null
+		},
+		"source": {
+			"type": "github",
+			"config": {
+				"owner": "coudflare",
+				"repo_name": "Test",
+				"production_branch": "main",
+				"pr_comments_enabled": false
+			}
+		},
+		"env_vars": {
+			"NODE_VERSION": {
+				"value": "16"
+			}
+		},
+		"aliases": null
+	}`
+
+	testPagesDeploymentLogsResponse = `
+	{
+		"total": 6,
+		"includes_container_logs": true,
+		"data": [
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Installing dependencies"
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Verify run directory"
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Executing user command: bash test.sh"
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Finished"
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Building functions..."
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Validating asset output directory"
+			},
+			{
+				"ts": "2021-01-01T00:00:00Z",
+				"line": "Parsed 2 valid header rules."
+			}
+		]
+	}`
+)
+
+var (
+	pagesDeploymentDummyTime, _ = time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
+
+	expectedPagesDeployment = &PagesProjectDeployment{
+		ID:          "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
+		ShortID:     "0012e50b",
+		ProjectID:   "80776025-b1bd-4181-993f-8238c27d226f",
+		ProjectName: "test",
+		Environment: "production",
+		URL:         "https://0012e50b.test.pages.dev",
+		CreatedOn:   &pagesDeploymentDummyTime,
+		ModifiedOn:  &pagesDeploymentDummyTime,
+		Aliases:     nil,
+		LatestStage: *expectedPagesDeploymentLatestStage,
+		EnvVars: EnvironmentVariableMap{
+			"NODE_VERSION": &EnvironmentVariable{
+				Value: "16",
+			},
+		},
+		DeploymentTrigger: PagesProjectDeploymentTrigger{
+			Type: "ad_hoc",
+			Metadata: &PagesProjectDeploymentTriggerMetadata{
+				Branch:        "main",
+				CommitHash:    "20fb65fa9d7fd2a11f7fa3ebdc44137b263ee835",
+				CommitMessage: "Test commit",
+			},
+		},
+		Stages: expectedPagesDeploymentStages,
+		BuildConfig: PagesProjectBuildConfig{
+			BuildCommand:   "bash test.sh",
+			DestinationDir: "",
+			RootDir:        "",
+		},
+		Source: PagesProjectSource{
+			Type: "github",
+			Config: &PagesProjectSourceConfig{
+				Owner:             "coudflare",
+				RepoName:          "Test",
+				ProductionBranch:  "main",
+				PRCommentsEnabled: false,
+			},
+		},
+	}
+
+	expectedPagesDeploymentStages = []PagesProjectDeploymentStage{
+		{
+			Name:      "queued",
+			StartedOn: &pagesDeploymentDummyTime,
+			EndedOn:   &pagesDeploymentDummyTime,
+			Status:    "success",
+		},
+		{
+			Name:      "initialize",
+			StartedOn: &pagesDeploymentDummyTime,
+			EndedOn:   &pagesDeploymentDummyTime,
+			Status:    "success",
+		},
+		{
+			Name:      "clone_repo",
+			StartedOn: &pagesDeploymentDummyTime,
+			EndedOn:   &pagesDeploymentDummyTime,
+			Status:    "success",
+		},
+		{
+			Name:      "build",
+			StartedOn: &pagesDeploymentDummyTime,
+			EndedOn:   &pagesDeploymentDummyTime,
+			Status:    "success",
+		},
+		*expectedPagesDeploymentLatestStage,
+	}
+
+	expectedPagesDeploymentLatestStage = &PagesProjectDeploymentStage{
+		Name:      "deploy",
+		StartedOn: &pagesDeploymentDummyTime,
+		EndedOn:   &pagesDeploymentDummyTime,
+		Status:    "success",
+	}
+
+	expectedPagesDeploymentLogs = &PagesDeploymentLogs{
+		Total:                 6,
+		IncludesContainerLogs: true,
+		Data:                  expectedPagesDeploymentLogEntries,
+	}
+
+	expectedPagesDeploymentLogEntries = []PagesDeploymentLogEntry{
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Installing dependencies",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Verify run directory",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Executing user command: bash test.sh",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Finished",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Building functions...",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Validating asset output directory",
+		},
+		{
+			Timestamp: &pagesDeploymentDummyTime,
+			Line:      "Parsed 2 valid header rules.",
+		},
+	}
+)
+
+func TestListPagesDeployments(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "25", r.URL.Query().Get("per_page"))
+		assert.Equal(t, "1", r.URL.Query().Get("page"))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				%s
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 100,
+				"count": 1,
+				"total_count": 1
+			  }
+		}`, testPagesDeploymentResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
+
+	expectedPagesDeployments := []PagesProjectDeployment{
+		*expectedPagesDeployment,
+	}
+	expectedResultInfo := ResultInfo{
+		Page:    1,
+		PerPage: 100,
+		Count:   1,
+		Total:   1,
+	}
+	actual, resultInfo, err := client.ListPagesDeployments(context.Background(), AccountIdentifier(testAccountID), ListPagesDeploymentsParams{
+		ProjectName: "test",
+		ResultInfo:  ResultInfo{},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedPagesDeployments, actual)
+		assert.Equal(t, &expectedResultInfo, resultInfo)
+	}
+}
+
+func TestListPagesDeploymentsPagination(t *testing.T) {
+	setup()
+	defer teardown()
+	var page1Called, page2Called bool
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		page := r.URL.Query().Get("page")
+		w.Header().Set("content-type", "application/json")
+		switch page {
+		case "1":
+			page1Called = true
+			fmt.Fprintf(w, `{
+				"success": true,
+				"errors": [],
+				"messages": [],
+				"result": [
+					%s
+				],
+				"result_info": {
+					"page": 1,
+					"per_page": 25,
+					"total_count": 26,
+					"total_pages": 2
+				  }
+			}`, testPagesDeploymentResponse)
+		case "2":
+			page2Called = true
+			fmt.Fprintf(w, `{
+				"success": true,
+				"errors": [],
+				"messages": [],
+				"result": [
+					%s
+				],
+				"result_info": {
+					"page": 2,
+					"per_page": 25,
+					"total_count": 26,
+					"total_pages": 2
+				  }
+			}`, testPagesDeploymentResponse)
+		default:
+			assert.Failf(t, "Unexpected page number", "Expected page 1 or 2, got %s", page)
+			return
+		}
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
+	actual, resultInfo, err := client.ListPagesDeployments(context.Background(), AccountIdentifier(testAccountID), ListPagesDeploymentsParams{
+		ProjectName: "test",
+		ResultInfo:  ResultInfo{},
+	})
+	if assert.NoError(t, err) {
+		assert.True(t, page1Called)
+		assert.True(t, page2Called)
+		assert.Equal(t, 2, len(actual))
+		assert.Equal(t, 26, resultInfo.Total)
+	}
+}
+
+func TestGetPagesDeploymentInfo(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testPagesDeploymentResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe", handler)
+
+	actual, err := client.GetPagesDeploymentInfo(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesDeployment, actual)
+	}
+}
+
+func TestGetPagesDeploymentLogs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testPagesDeploymentLogsResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/history/logs", handler)
+
+	actual, err := client.GetPagesDeploymentLogs(context.Background(), AccountIdentifier(testAccountID), GetPagesDeploymentLogsParams{
+		ProjectName:  "test",
+		DeploymentID: "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
+		SizeOptions:  SizeOptions{},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesDeploymentLogs, actual)
+	}
+}
+
+func TestDeletePagesDeployment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		assert.Equal(t, "true", r.URL.Query().Get("force"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": null
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe", handler)
+
+	err := client.DeletePagesDeployment(context.Background(), AccountIdentifier(testAccountID), DeletePagesDeploymentParams{ProjectName: "test", DeploymentID: "0012e50b-fa5d-44db-8cb5-1f372785dcbe", Force: true})
+	assert.NoError(t, err)
+}
+
+func TestCreatePagesDeployment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testPagesDeploymentResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
+
+	actual, err := client.CreatePagesDeployment(context.Background(), AccountIdentifier(testAccountID), CreatePagesDeploymentParams{
+		ProjectName: "test",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesDeployment, actual)
+	}
+}
+
+func TestRetryPagesDeployment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testPagesDeploymentResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/retry", handler)
+
+	actual, err := client.RetryPagesDeployment(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesDeployment, actual)
+	}
+}
+
+func TestRollbackPagesDeployment(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": %s
+		}`, testPagesDeploymentResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/rollback", handler)
+
+	actual, err := client.RollbackPagesDeployment(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesDeployment, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/pages_domain.go b/pkg/cloudflare-go/pages_domain.go
new file mode 100644
index 0000000000..a6fa8ac9f1
--- /dev/null
+++ b/pkg/cloudflare-go/pages_domain.go
@@ -0,0 +1,194 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// PagesDomain represents a pages domain.
+type PagesDomain struct {
+	ID               string           `json:"id"`
+	Name             string           `json:"name"`
+	Status           string           `json:"status"`
+	VerificationData VerificationData `json:"verification_data"`
+	ValidationData   ValidationData   `json:"validation_data"`
+	ZoneTag          string           `json:"zone_tag"`
+	CreatedOn        *time.Time       `json:"created_on"`
+}
+
+// VerificationData represents verification data for a domain.
+type VerificationData struct {
+	Status string `json:"status"`
+}
+
+// ValidationData represents validation data for a domain.
+type ValidationData struct {
+	Status string `json:"status"`
+	Method string `json:"method"`
+}
+
+// PagesDomainsParameters represents parameters for a pages domains request.
+type PagesDomainsParameters struct {
+	AccountID   string
+	ProjectName string
+}
+
+// PagesDomainsResponse represents an API response for a pages domains request.
+type PagesDomainsResponse struct {
+	Response
+	Result []PagesDomain `json:"result,omitempty"`
+}
+
+// PagesDomainParameters represents parameters for a pages domain request.
+type PagesDomainParameters struct {
+	AccountID   string `json:"-"`
+	ProjectName string `json:"-"`
+	DomainName  string `json:"name,omitempty"`
+}
+
+// PagesDomainResponse represents an API response for a pages domain request.
+type PagesDomainResponse struct {
+	Response
+	Result PagesDomain `json:"result,omitempty"`
+}
+
+// GetPagesDomains gets all domains for a pages project.
+//
+// API Reference: https://api.cloudflare.com/#pages-domains-get-domains
+func (api *API) GetPagesDomains(ctx context.Context, params PagesDomainsParameters) ([]PagesDomain, error) {
+	if params.AccountID == "" {
+		return []PagesDomain{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return []PagesDomain{}, ErrMissingProjectName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains", params.AccountID, params.ProjectName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PagesDomain{}, err
+	}
+
+	var pageDomainResponse PagesDomainsResponse
+	if err := json.Unmarshal(res, &pageDomainResponse); err != nil {
+		return []PagesDomain{}, err
+	}
+	return pageDomainResponse.Result, nil
+}
+
+// GetPagesDomain gets a single domain.
+//
+// API Reference: https://api.cloudflare.com/#pages-domains-get-domains
+func (api *API) GetPagesDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
+	if params.AccountID == "" {
+		return PagesDomain{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return PagesDomain{}, ErrMissingProjectName
+	}
+
+	if params.DomainName == "" {
+		return PagesDomain{}, ErrMissingDomain
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PagesDomain{}, err
+	}
+
+	var pagesDomainResponse PagesDomainResponse
+	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
+		return PagesDomain{}, err
+	}
+	return pagesDomainResponse.Result, nil
+}
+
+// PagesPatchDomain retries the validation status of a single domain.
+//
+// API Reference: https://api.cloudflare.com/#pages-domains-patch-domain
+func (api *API) PagesPatchDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
+	if params.AccountID == "" {
+		return PagesDomain{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return PagesDomain{}, ErrMissingProjectName
+	}
+
+	if params.DomainName == "" {
+		return PagesDomain{}, ErrMissingDomain
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, nil)
+	if err != nil {
+		return PagesDomain{}, err
+	}
+
+	var pagesDomainResponse PagesDomainResponse
+	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
+		return PagesDomain{}, err
+	}
+	return pagesDomainResponse.Result, nil
+}
+
+// PagesAddDomain adds a domain to a pages project.
+//
+// API Reference: https://api.cloudflare.com/#pages-domains-add-domain
+func (api *API) PagesAddDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
+	if params.AccountID == "" {
+		return PagesDomain{}, ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return PagesDomain{}, ErrMissingProjectName
+	}
+
+	if params.DomainName == "" {
+		return PagesDomain{}, ErrMissingDomain
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains", params.AccountID, params.ProjectName)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return PagesDomain{}, err
+	}
+
+	var pagesDomainResponse PagesDomainResponse
+	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
+		return PagesDomain{}, err
+	}
+	return pagesDomainResponse.Result, nil
+}
+
+// PagesDeleteDomain removes a domain from a pages project.
+//
+// API Reference: https://api.cloudflare.com/#pages-domains-delete-domain
+func (api *API) PagesDeleteDomain(ctx context.Context, params PagesDomainParameters) error {
+	if params.AccountID == "" {
+		return ErrMissingAccountID
+	}
+
+	if params.ProjectName == "" {
+		return ErrMissingProjectName
+	}
+
+	if params.DomainName == "" {
+		return ErrMissingDomain
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, params)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/pages_domain_test.go b/pkg/cloudflare-go/pages_domain_test.go
new file mode 100644
index 0000000000..20e80e7b45
--- /dev/null
+++ b/pkg/cloudflare-go/pages_domain_test.go
@@ -0,0 +1,277 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testPagesProjectName = "page-project"
+
+var testCreatedOn, _ = time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
+
+var testPagesDomain = PagesDomain{
+	ID:     "8232210c-6818-4e34-8d95-cc386874b8d2",
+	Name:   "example.com",
+	Status: "pending",
+	VerificationData: VerificationData{
+		Status: "active",
+	},
+	ValidationData: ValidationData{
+		Status: "active",
+		Method: "http",
+	},
+	ZoneTag:   "023e105f4ecef8ad9ca31a8372d0c353",
+	CreatedOn: &testCreatedOn,
+}
+
+func TestPages_GetDomains(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
+      "name": "example.com",
+      "status": "pending",
+      "verification_data": {
+        "status": "active"
+      },
+      "validation_data": {
+        "status": "active",
+        "method": "http"
+      },
+      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
+      "created_on": "2017-01-01T00:00:00Z"
+    }
+  ]
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.GetPagesDomains(context.Background(), PagesDomainsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing project name is thrown
+	_, err = client.GetPagesDomains(context.Background(), PagesDomainsParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingProjectName, err)
+	}
+
+	out, err := client.GetPagesDomains(context.Background(), PagesDomainsParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(out), "Domains length not correct")
+		assert.Equal(t, out[0], testPagesDomain, "structs not equal")
+	}
+}
+
+func TestPages_GetDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
+      "name": "example.com",
+      "status": "pending",
+      "verification_data": {
+        "status": "active"
+      },
+      "validation_data": {
+        "status": "active",
+        "method": "http"
+      },
+      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
+      "created_on": "2017-01-01T00:00:00Z"
+    }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.GetPagesDomain(context.Background(), PagesDomainParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing project name is thrown
+	_, err = client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingProjectName, err)
+	}
+
+	// Make sure missing domain is thrown
+	_, err = client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+
+	out, err := client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, testPagesDomain, "structs not equal")
+	}
+}
+
+func TestPages_PatchDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
+      "name": "example.com",
+      "status": "pending",
+      "verification_data": {
+        "status": "active"
+      },
+      "validation_data": {
+        "status": "active",
+        "method": "http"
+      },
+      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
+      "created_on": "2017-01-01T00:00:00Z"
+    }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.PagesPatchDomain(context.Background(), PagesDomainParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing project name is thrown
+	_, err = client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingProjectName, err)
+	}
+
+	// Make sure missing domain is thrown
+	_, err = client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+
+	out, err := client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, testPagesDomain, "structs not equal")
+	}
+}
+
+func TestPages_AddDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
+      "name": "example.com",
+      "status": "pending",
+      "verification_data": {
+        "status": "active"
+      },
+      "validation_data": {
+        "status": "active",
+        "method": "http"
+      },
+      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
+      "created_on": "2017-01-01T00:00:00Z"
+    }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.PagesAddDomain(context.Background(), PagesDomainParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing project name is thrown
+	_, err = client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingProjectName, err)
+	}
+
+	// Make sure missing domain is thrown
+	_, err = client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+
+	out, err := client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, testPagesDomain, "structs not equal")
+	}
+}
+
+func TestPages_DeleteDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": null
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	err := client.PagesDeleteDomain(context.Background(), PagesDomainParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing project name is thrown
+	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingProjectName, err)
+	}
+
+	// Make sure missing domain is thrown
+	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingDomain, err)
+	}
+
+	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/pages_project.go b/pkg/cloudflare-go/pages_project.go
new file mode 100644
index 0000000000..202846158a
--- /dev/null
+++ b/pkg/cloudflare-go/pages_project.go
@@ -0,0 +1,333 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type PagesPreviewDeploymentSetting string
+
+const (
+	PagesPreviewAllBranches    PagesPreviewDeploymentSetting = "all"
+	PagesPreviewNoBranches     PagesPreviewDeploymentSetting = "none"
+	PagesPreviewCustomBranches PagesPreviewDeploymentSetting = "custom"
+)
+
+// PagesProject represents a Pages project.
+type PagesProject struct {
+	Name                string                        `json:"name,omitempty"`
+	ID                  string                        `json:"id"`
+	CreatedOn           *time.Time                    `json:"created_on"`
+	SubDomain           string                        `json:"subdomain"`
+	Domains             []string                      `json:"domains,omitempty"`
+	Source              *PagesProjectSource           `json:"source,omitempty"`
+	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
+	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
+	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
+	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
+	ProductionBranch    string                        `json:"production_branch,omitempty"`
+}
+
+// PagesProjectSource represents the configuration of a Pages project source.
+type PagesProjectSource struct {
+	Type   string                    `json:"type"`
+	Config *PagesProjectSourceConfig `json:"config"`
+}
+
+// PagesProjectSourceConfig represents the properties use to configure a Pages project source.
+type PagesProjectSourceConfig struct {
+	Owner                        string                        `json:"owner"`
+	RepoName                     string                        `json:"repo_name"`
+	ProductionBranch             string                        `json:"production_branch"`
+	PRCommentsEnabled            bool                          `json:"pr_comments_enabled"`
+	DeploymentsEnabled           bool                          `json:"deployments_enabled"`
+	ProductionDeploymentsEnabled bool                          `json:"production_deployments_enabled"`
+	PreviewDeploymentSetting     PagesPreviewDeploymentSetting `json:"preview_deployment_setting"`
+	PreviewBranchIncludes        []string                      `json:"preview_branch_includes"`
+	PreviewBranchExcludes        []string                      `json:"preview_branch_excludes"`
+}
+
+// PagesProjectBuildConfig represents the configuration of a Pages project build process.
+type PagesProjectBuildConfig struct {
+	BuildCaching      *bool  `json:"build_caching,omitempty"`
+	BuildCommand      string `json:"build_command"`
+	DestinationDir    string `json:"destination_dir"`
+	RootDir           string `json:"root_dir"`
+	WebAnalyticsTag   string `json:"web_analytics_tag"`
+	WebAnalyticsToken string `json:"web_analytics_token"`
+}
+
+// PagesProjectDeploymentConfigs represents the configuration for deployments in a Pages project.
+type PagesProjectDeploymentConfigs struct {
+	Preview    PagesProjectDeploymentConfigEnvironment `json:"preview"`
+	Production PagesProjectDeploymentConfigEnvironment `json:"production"`
+}
+
+// PagesProjectDeploymentConfigEnvironment represents the configuration for preview or production deploys.
+type PagesProjectDeploymentConfigEnvironment struct {
+	EnvVars                          EnvironmentVariableMap `json:"env_vars,omitempty"`
+	KvNamespaces                     NamespaceBindingMap    `json:"kv_namespaces,omitempty"`
+	DoNamespaces                     NamespaceBindingMap    `json:"durable_object_namespaces,omitempty"`
+	D1Databases                      D1BindingMap           `json:"d1_databases,omitempty"`
+	R2Bindings                       R2BindingMap           `json:"r2_buckets,omitempty"`
+	ServiceBindings                  ServiceBindingMap      `json:"services,omitempty"`
+	CompatibilityDate                string                 `json:"compatibility_date,omitempty"`
+	CompatibilityFlags               []string               `json:"compatibility_flags,omitempty"`
+	FailOpen                         bool                   `json:"fail_open"`
+	AlwaysUseLatestCompatibilityDate bool                   `json:"always_use_latest_compatibility_date"`
+	UsageModel                       UsageModel             `json:"usage_model,omitempty"`
+	Placement                        *Placement             `json:"placement,omitempty"`
+}
+
+// PagesProjectDeployment represents a deployment to a Pages project.
+type PagesProjectDeployment struct {
+	ID                 string                        `json:"id"`
+	ShortID            string                        `json:"short_id"`
+	ProjectID          string                        `json:"project_id"`
+	ProjectName        string                        `json:"project_name"`
+	Environment        string                        `json:"environment"`
+	URL                string                        `json:"url"`
+	CreatedOn          *time.Time                    `json:"created_on"`
+	ModifiedOn         *time.Time                    `json:"modified_on"`
+	Aliases            []string                      `json:"aliases,omitempty"`
+	LatestStage        PagesProjectDeploymentStage   `json:"latest_stage"`
+	EnvVars            EnvironmentVariableMap        `json:"env_vars"`
+	KvNamespaces       NamespaceBindingMap           `json:"kv_namespaces,omitempty"`
+	DoNamespaces       NamespaceBindingMap           `json:"durable_object_namespaces,omitempty"`
+	D1Databases        D1BindingMap                  `json:"d1_databases,omitempty"`
+	R2Bindings         R2BindingMap                  `json:"r2_buckets,omitempty"`
+	ServiceBindings    ServiceBindingMap             `json:"services,omitempty"`
+	Placement          *Placement                    `json:"placement,omitempty"`
+	DeploymentTrigger  PagesProjectDeploymentTrigger `json:"deployment_trigger"`
+	Stages             []PagesProjectDeploymentStage `json:"stages"`
+	BuildConfig        PagesProjectBuildConfig       `json:"build_config"`
+	Source             PagesProjectSource            `json:"source"`
+	CompatibilityDate  string                        `json:"compatibility_date,omitempty"`
+	CompatibilityFlags []string                      `json:"compatibility_flags,omitempty"`
+	UsageModel         UsageModel                    `json:"usage_model,omitempty"`
+	IsSkipped          bool                          `json:"is_skipped"`
+	ProductionBranch   string                        `json:"production_branch,omitempty"`
+}
+
+// PagesProjectDeploymentStage represents an individual stage in a Pages project deployment.
+type PagesProjectDeploymentStage struct {
+	Name      string     `json:"name"`
+	StartedOn *time.Time `json:"started_on,omitempty"`
+	EndedOn   *time.Time `json:"ended_on,omitempty"`
+	Status    string     `json:"status"`
+}
+
+// PagesProjectDeploymentTrigger represents information about what caused a deployment.
+type PagesProjectDeploymentTrigger struct {
+	Type     string                                 `json:"type"`
+	Metadata *PagesProjectDeploymentTriggerMetadata `json:"metadata"`
+}
+
+// PagesProjectDeploymentTriggerMetadata represents additional information about the cause of a deployment.
+type PagesProjectDeploymentTriggerMetadata struct {
+	Branch        string `json:"branch"`
+	CommitHash    string `json:"commit_hash"`
+	CommitMessage string `json:"commit_message"`
+}
+
+type pagesProjectResponse struct {
+	Response
+	Result PagesProject `json:"result"`
+}
+
+type pagesProjectListResponse struct {
+	Response
+	Result     []PagesProject `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type EnvironmentVariableMap map[string]*EnvironmentVariable
+
+// PagesProjectDeploymentVar represents a deployment environment variable.
+type EnvironmentVariable struct {
+	Value string     `json:"value"`
+	Type  EnvVarType `json:"type"`
+}
+
+type EnvVarType string
+
+const (
+	PlainText  EnvVarType = "plain_text"
+	SecretText EnvVarType = "secret_text"
+)
+
+type NamespaceBindingMap map[string]*NamespaceBindingValue
+
+type NamespaceBindingValue struct {
+	Value string `json:"namespace_id"`
+}
+
+type R2BindingMap map[string]*R2BindingValue
+
+type R2BindingValue struct {
+	Name string `json:"name"`
+}
+
+type D1BindingMap map[string]*D1Binding
+
+type D1Binding struct {
+	ID string `json:"id"`
+}
+
+type ServiceBindingMap map[string]*ServiceBinding
+
+type ServiceBinding struct {
+	Service     string `json:"service"`
+	Environment string `json:"environment"`
+}
+
+type UsageModel string
+
+const (
+	Bundled  UsageModel = "bundled"
+	Unbound  UsageModel = "unbound"
+	Standard UsageModel = "standard"
+)
+
+type ListPagesProjectsParams struct {
+	PaginationOptions
+}
+
+type CreatePagesProjectParams struct {
+	Name                string                        `json:"name,omitempty"`
+	SubDomain           string                        `json:"subdomain"`
+	Domains             []string                      `json:"domains,omitempty"`
+	Source              *PagesProjectSource           `json:"source,omitempty"`
+	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
+	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
+	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
+	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
+	ProductionBranch    string                        `json:"production_branch,omitempty"`
+}
+
+type UpdatePagesProjectParams struct {
+	// `ID` is used for addressing the resource via the UI or a stable
+	// anchor whereas `Name` is used for updating the value.
+	ID                  string                        `json:"-"`
+	Name                string                        `json:"name,omitempty"`
+	SubDomain           string                        `json:"subdomain"`
+	Domains             []string                      `json:"domains,omitempty"`
+	Source              *PagesProjectSource           `json:"source,omitempty"`
+	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
+	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
+	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
+	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
+	ProductionBranch    string                        `json:"production_branch,omitempty"`
+}
+
+// ListPagesProjects returns all Pages projects for an account.
+//
+// API reference: https://api.cloudflare.com/#pages-project-get-projects
+func (api *API) ListPagesProjects(ctx context.Context, rc *ResourceContainer, params ListPagesProjectsParams) ([]PagesProject, ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []PagesProject{}, ResultInfo{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects", rc.Identifier), params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PagesProject{}, ResultInfo{}, err
+	}
+	var r pagesProjectListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []PagesProject{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, r.ResultInfo, nil
+}
+
+// GetPagesProject returns a single Pages project by name.
+//
+// API reference: https://api.cloudflare.com/#pages-project-get-project
+func (api *API) GetPagesProject(ctx context.Context, rc *ResourceContainer, projectName string) (PagesProject, error) {
+	if rc.Identifier == "" {
+		return PagesProject{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, projectName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PagesProject{}, err
+	}
+	var r pagesProjectResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreatePagesProject creates a new Pages project in an account.
+//
+// API reference: https://api.cloudflare.com/#pages-project-create-project
+func (api *API) CreatePagesProject(ctx context.Context, rc *ResourceContainer, params CreatePagesProjectParams) (PagesProject, error) {
+	if rc.Identifier == "" {
+		return PagesProject{}, ErrMissingAccountID
+	}
+	uri := fmt.Sprintf("/accounts/%s/pages/projects", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return PagesProject{}, err
+	}
+	var r pagesProjectResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdatePagesProject updates an existing Pages project.
+//
+// API reference: https://api.cloudflare.com/#pages-project-update-project
+func (api *API) UpdatePagesProject(ctx context.Context, rc *ResourceContainer, params UpdatePagesProjectParams) (PagesProject, error) {
+	if rc.Identifier == "" {
+		return PagesProject{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return PagesProject{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return PagesProject{}, err
+	}
+	var r pagesProjectResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeletePagesProject deletes a Pages project by name.
+//
+// API reference: https://api.cloudflare.com/#pages-project-delete-project
+func (api *API) DeletePagesProject(ctx context.Context, rc *ResourceContainer, projectName string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, projectName)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r pagesProjectResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/pages_project_test.go b/pkg/cloudflare-go/pages_project_test.go
new file mode 100644
index 0000000000..49861c0694
--- /dev/null
+++ b/pkg/cloudflare-go/pages_project_test.go
@@ -0,0 +1,671 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testPagesProjectResponse = `
+    {
+        "name": "Test Pages Project",
+        "id": "5a321fc7-3162-7d36-adce-1213996a7",
+        "created_on": "2021-01-01T00:00:00Z",
+        "subdomain": "test.pages.dev",
+        "domains": [
+          "testdomain.com",
+          "testdomain.org"
+        ],
+		"production_branch": "main",
+        "source": {
+          "type": "github",
+          "config": {
+            "owner": "cloudflare",
+            "repo_name": "pages-test",
+            "production_branch": "main",
+            "pr_comments_enabled": true,
+            "deployments_enabled": true,
+			"preview_deployment_setting": "custom",
+			"preview_branch_includes": [
+				"release/*",
+				"production",
+				"main"
+			],
+			"preview_branch_excludes": [
+				"dependabot/*",
+				"dev",
+				"*/ignore"
+			]
+          }
+        },
+        "build_config": {
+          "build_caching": true,
+          "build_command": "npm run build",
+          "destination_dir": "build",
+          "root_dir": "/",
+          "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
+          "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
+        },
+        "deployment_configs": {
+          "preview": {
+            "env_vars": {
+              "BUILD_VERSION": {
+                "value": "1.2"
+              },
+              "ENV": {
+                "value": "preview"
+              },
+			  "API_KEY": {
+				"value": "",
+				"type": "secret_text"
+			  }
+            },
+			"compatibility_date": "2022-08-15",
+			"compatibility_flags": ["preview_flag"]
+          },
+          "production": {
+            "env_vars": {
+              "BUILD_VERSION": {
+                "value": "1.2"
+              },
+              "ENV": {
+                "value": "production"
+              },
+			  "API_KEY": {
+				"value": "",
+				"type": "secret_text"
+			  }
+            },
+			"d1_databases": {
+				"D1_BINDING": {
+					"id": "a94509c6-0757-43f3-b053-474b0ab10935"
+				}
+			},
+			"kv_namespaces": {
+				"KV_BINDING": {
+				  "namespace_id": "5eb63bbbe01eeed093cb22bb8f5acdc3"
+				}
+			},
+		  	"durable_object_namespaces": {
+				"DO_BINDING": {
+			  		"namespace_id": "5eb63bbbe01eeed093cb22bb8f5acdc3"
+				}
+		  	},
+			"r2_buckets": {
+				"R2_BINDING": {
+					"name": "some-bucket"
+				}
+			},
+			"services": {
+				"SERVICE_BINDING": {
+					"service": "some-worker",
+					"environment": "production"
+				}
+			},
+			"compatibility_date": "2022-08-15",
+			"compatibility_flags": ["production_flag"],
+			"fail_open": false,
+			"always_use_latest_compatibility_date": false,
+			"usage_model": "bundled",
+			"placement": {
+				"mode": "smart"
+			}
+          }
+        },
+        "latest_deployment": {
+          "id": "c35216d1-ebac-1a3a-d56c-ad74e54e5",
+          "short_id": "c35216d1",
+          "project_id": "5a321fc7-3162-7d36-adce-1213996a7",
+          "project_name": "pages-test",
+          "environment": "preview",
+		  "production_branch": "main",
+          "url": "https://c35216d1.pages-test.pages.dev",
+          "created_on": "2021-03-09T00:55:03.923456Z",
+          "modified_on": "2021-03-09T00:58:59.045655Z",
+          "aliases": [
+            "https://branchname.pages-test.pages.dev"
+          ],
+          "latest_stage": {
+            "name": "deploy",
+            "started_on": "2021-03-09T00:55:03.923456Z",
+            "ended_on": "2021-03-09T00:58:59.045655Z",
+            "status": "success"
+          },
+          "env_vars": {
+            "BUILD_VERSION": {
+              "value": "1.2"
+            },
+            "ENV": {
+              "value": "STAGING"
+            },
+			"API_KEY": {
+			  "value": "",
+			  "type": "secret_text"
+			}
+          },
+		  "placement": {
+			"mode": "smart"
+		  },
+		  "compatibility_date": "2022-08-15",
+		  "compatibility_flags": ["deployment_flag"],
+		  "fail_open": false,
+		  "always_use_latest_compatibility_date": false,
+		  "usage_model": "bundled",
+          "deployment_trigger": {
+            "type": "ad_hoc",
+            "metadata": {
+              "branch": "main",
+              "commit_hash": "fa26be19de6bff93f70bc2308434e4a440bbad02",
+              "commit_message": "Update index.html"
+            }
+          },
+          "stages": [
+            {
+              "name": "queued",
+              "started_on": "2021-06-03T15:38:15.608194Z",
+              "ended_on": "2021-06-03T15:39:03.134378Z",
+              "status": "active"
+            },
+            {
+              "name": "test_stage_1",
+              "started_on": null,
+              "ended_on": null,
+              "status": "idle"
+            }
+          ],
+          "build_config": {
+            "build_caching": true,
+            "build_command": "npm run build",
+            "destination_dir": "build",
+            "root_dir": "/",
+            "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
+            "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
+          },
+          "source": {
+            "type": "github",
+            "config": {
+              "owner": "cloudflare",
+              "repo_name": "pages-test",
+              "production_branch": "main",
+              "pr_comments_enabled": true,
+              "deployments_enabled": true,
+			  "preview_deployment_setting": "custom",
+			  "preview_branch_includes": [
+				"release/*",
+				"production",
+				"main"
+			  ],
+			  "preview_branch_excludes": [
+				"dependabot/*",
+				"dev",
+				"*/ignore"
+			  ]
+            }
+          }
+        },
+        "canonical_deployment": {
+          "id": "c35216d1-ebac-1a3a-d56c-ad74e54e5",
+          "short_id": "c35216d1",
+          "project_id": "5a321fc7-3162-7d36-adce-1213996a7",
+          "project_name": "pages-test",
+          "environment": "preview",
+          "url": "https://c35216d1.pages-test.pages.dev",
+          "created_on": "2021-03-09T00:55:03.923456Z",
+          "modified_on": "2021-03-09T00:58:59.045655Z",
+		  "production_branch": "main",
+          "aliases": [
+            "https://branchname.pages-test.pages.dev"
+          ],
+          "latest_stage": {
+            "name": "deploy",
+            "started_on": "2021-03-09T00:55:03.923456Z",
+            "ended_on": "2021-03-09T00:58:59.045655Z",
+            "status": "success"
+          },
+          "env_vars": {
+            "BUILD_VERSION": {
+              "value": "1.2"
+            },
+            "ENV": {
+              "value": "STAGING"
+            },
+			"API_KEY": {
+			  "value": "",
+			  "type": "secret_text"
+			}
+          },
+		  "placement": {
+			"mode": "smart"
+		  },
+		  "compatibility_date": "2022-08-15",
+		  "compatibility_flags": ["deployment_flag"],
+		  "fail_open": false,
+		  "always_use_latest_compatibility_date": false,
+		  "build_image_major_version": 1,
+		  "usage_model": "bundled",
+          "deployment_trigger": {
+            "type": "ad_hoc",
+            "metadata": {
+              "branch": "main",
+              "commit_hash": "fa26be19de6bff93f70bc2308434e4a440bbad02",
+              "commit_message": "Update index.html"
+            }
+          },
+          "stages": [
+            {
+              "name": "queued",
+              "started_on": "2021-06-03T15:38:15.608194Z",
+              "ended_on": "2021-06-03T15:39:03.134378Z",
+              "status": "active"
+            },
+            {
+              "name": "test_stage_1",
+              "started_on": null,
+              "ended_on": null,
+              "status": "idle"
+            }
+          ],
+          "build_config": {
+            "build_caching": true,
+            "build_command": "npm run build",
+            "destination_dir": "build",
+            "root_dir": "/",
+            "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
+            "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
+          },
+          "source": {
+            "type": "github",
+            "config": {
+              "owner": "cloudflare",
+              "repo_name": "pages-test",
+              "production_branch": "main",
+              "pr_comments_enabled": true,
+              "deployments_enabled": true,
+			  "preview_deployment_setting": "custom",
+			  "preview_branch_includes": [
+				"release/*",
+				"production",
+				"main"
+			  ],
+			  "preview_branch_excludes": [
+				"dependabot/*",
+				"dev",
+				"*/ignore"
+			  ]
+            }
+          }
+        }
+      }`
+)
+
+var (
+	pagesProjectCreatedOn, _ = time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
+
+	expectedPagesProject = &PagesProject{
+		SubDomain: "test.pages.dev",
+		Name:      "Test Pages Project",
+		Domains: []string{
+			"testdomain.com",
+			"testdomain.org",
+		},
+		CanonicalDeployment: *expectedPagesProjectDeployment,
+		BuildConfig:         *expectedPagesProjectBuildConfig,
+		CreatedOn:           &pagesProjectCreatedOn,
+		DeploymentConfigs:   *expectedPagesProjectDeploymentConfigs,
+		Source:              expectedPagesProjectSource,
+		ID:                  "5a321fc7-3162-7d36-adce-1213996a7",
+		LatestDeployment:    *expectedPagesProjectDeployment,
+		ProductionBranch:    "main",
+	}
+
+	deploymentCreatedOn, _  = time.Parse(time.RFC3339, "2021-03-09T00:55:03.923456Z")
+	deploymentModifiedOn, _ = time.Parse(time.RFC3339, "2021-03-09T00:58:59.045655Z")
+
+	expectedPagesProjectDeployment = &PagesProjectDeployment{
+		ID:          "c35216d1-ebac-1a3a-d56c-ad74e54e5",
+		ShortID:     "c35216d1",
+		ProjectID:   "5a321fc7-3162-7d36-adce-1213996a7",
+		ProjectName: "pages-test",
+		Environment: "preview",
+		URL:         "https://c35216d1.pages-test.pages.dev",
+		CreatedOn:   &deploymentCreatedOn,
+		ModifiedOn:  &deploymentModifiedOn,
+		Aliases: []string{
+			"https://branchname.pages-test.pages.dev",
+		},
+		LatestStage: *expectedPagesProjectLatestDeploymentStage,
+		EnvVars: EnvironmentVariableMap{
+			"BUILD_VERSION": &EnvironmentVariable{
+				Value: "1.2",
+			},
+			"ENV": &EnvironmentVariable{
+				Value: "STAGING",
+			},
+			"API_KEY": &EnvironmentVariable{
+				Value: "",
+				Type:  SecretText,
+			},
+		},
+		Placement: &Placement{
+			Mode: PlacementModeSmart,
+		},
+		CompatibilityFlags: []string{"deployment_flag"},
+		CompatibilityDate:  "2022-08-15",
+		UsageModel:         Bundled,
+		DeploymentTrigger:  *expectedPagesProjectDeploymentTrigger,
+		Stages:             expectedStages,
+		BuildConfig:        *expectedPagesProjectBuildConfig,
+		Source:             *expectedPagesProjectSource,
+		ProductionBranch:   "main",
+	}
+
+	latestDeploymentStageStartedOn, _ = time.Parse(time.RFC3339, "2021-03-09T00:55:03.923456Z")
+	latestDeploymentStageEndedOn, _   = time.Parse(time.RFC3339, "2021-03-09T00:58:59.045655Z")
+
+	expectedPagesProjectLatestDeploymentStage = &PagesProjectDeploymentStage{
+		Name:      "deploy",
+		StartedOn: &latestDeploymentStageStartedOn,
+		EndedOn:   &latestDeploymentStageEndedOn,
+		Status:    "success",
+	}
+
+	expectedPagesProjectDeploymentTrigger = &PagesProjectDeploymentTrigger{
+		Type:     "ad_hoc",
+		Metadata: expectedPagesProjectDeploymentTriggerMetadata,
+	}
+
+	expectedPagesProjectDeploymentTriggerMetadata = &PagesProjectDeploymentTriggerMetadata{
+		Branch:        "main",
+		CommitHash:    "fa26be19de6bff93f70bc2308434e4a440bbad02",
+		CommitMessage: "Update index.html",
+	}
+
+	queuedStageStartedOn, _ = time.Parse(time.RFC3339, "2021-06-03T15:38:15.608194Z")
+	queuedStageEndedOn, _   = time.Parse(time.RFC3339, "2021-06-03T15:39:03.134378Z")
+
+	expectedStages = []PagesProjectDeploymentStage{
+		{
+			Name:      "queued",
+			StartedOn: &queuedStageStartedOn,
+			EndedOn:   &queuedStageEndedOn,
+			Status:    "active",
+		},
+		{
+			Name:   "test_stage_1",
+			Status: "idle",
+		},
+	}
+
+	expectedPagesProjectBuildConfig = &PagesProjectBuildConfig{
+		BuildCaching:      BoolPtr(true),
+		BuildCommand:      "npm run build",
+		DestinationDir:    "build",
+		RootDir:           "/",
+		WebAnalyticsTag:   "0ee1d926cd60d2618a108d4232a75b73",
+		WebAnalyticsToken: "c05bb382259183db3a0a822b64c11459",
+	}
+
+	expectedPagesProjectDeploymentConfigs = &PagesProjectDeploymentConfigs{
+		Preview:    *expectedPagesProjectDeploymentConfigPreview,
+		Production: *expectedPagesProjectDeploymentConfigProduction,
+	}
+
+	expectedPagesProjectDeploymentConfigPreview = &PagesProjectDeploymentConfigEnvironment{
+		EnvVars: EnvironmentVariableMap{
+			"BUILD_VERSION": &EnvironmentVariable{
+				Value: "1.2",
+			},
+			"ENV": &EnvironmentVariable{
+				Value: "preview",
+			},
+			"API_KEY": &EnvironmentVariable{
+				Value: "",
+				Type:  SecretText,
+			},
+		},
+		CompatibilityDate:  "2022-08-15",
+		CompatibilityFlags: []string{"preview_flag"},
+	}
+
+	expectedPagesProjectDeploymentConfigProduction = &PagesProjectDeploymentConfigEnvironment{
+		EnvVars: EnvironmentVariableMap{
+			"BUILD_VERSION": &EnvironmentVariable{
+				Value: "1.2",
+			},
+			"ENV": &EnvironmentVariable{
+				Value: "production",
+			},
+			"API_KEY": &EnvironmentVariable{
+				Value: "",
+				Type:  SecretText,
+			},
+		},
+		KvNamespaces: NamespaceBindingMap{
+			"KV_BINDING": &NamespaceBindingValue{Value: "5eb63bbbe01eeed093cb22bb8f5acdc3"},
+		},
+		D1Databases: D1BindingMap{
+			"D1_BINDING": &D1Binding{ID: "a94509c6-0757-43f3-b053-474b0ab10935"},
+		},
+		DoNamespaces: NamespaceBindingMap{
+			"DO_BINDING": &NamespaceBindingValue{Value: "5eb63bbbe01eeed093cb22bb8f5acdc3"},
+		},
+		R2Bindings: R2BindingMap{
+			"R2_BINDING": &R2BindingValue{Name: "some-bucket"},
+		},
+		ServiceBindings: ServiceBindingMap{
+			"SERVICE_BINDING": &ServiceBinding{
+				Service:     "some-worker",
+				Environment: "production",
+			},
+		},
+		CompatibilityDate:                "2022-08-15",
+		CompatibilityFlags:               []string{"production_flag"},
+		FailOpen:                         false,
+		AlwaysUseLatestCompatibilityDate: false,
+		UsageModel:                       Bundled,
+		Placement: &Placement{
+			Mode: PlacementModeSmart,
+		},
+	}
+
+	expectedPagesProjectSource = &PagesProjectSource{
+		Type:   "github",
+		Config: expectedPagesProjectSourceConfig,
+	}
+
+	expectedPagesProjectSourceConfig = &PagesProjectSourceConfig{
+		Owner:                    "cloudflare",
+		RepoName:                 "pages-test",
+		ProductionBranch:         "main",
+		PRCommentsEnabled:        true,
+		DeploymentsEnabled:       true,
+		PreviewDeploymentSetting: PagesPreviewCustomBranches,
+		PreviewBranchIncludes:    []string{"release/*", "production", "main"},
+		PreviewBranchExcludes:    []string{"dependabot/*", "dev", "*/ignore"},
+	}
+)
+
+func TestListPagesProjects(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": [
+                %s
+            ],
+            "result_info": {
+                "page": 1,
+                "per_page": 100,
+                "count": 1,
+                "total_count": 1
+            }
+        }`, testPagesProjectResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects", handler)
+
+	expectedPagesProjects := []PagesProject{
+		*expectedPagesProject,
+	}
+	expectedResultInfo := ResultInfo{
+		Page:    1,
+		PerPage: 100,
+		Count:   1,
+		Total:   1,
+	}
+
+	_, _, err := client.ListPagesProjects(context.Background(), AccountIdentifier(""), ListPagesProjectsParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+
+	actual, resultInfo, err := client.ListPagesProjects(context.Background(), AccountIdentifier(testAccountID), ListPagesProjectsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedPagesProjects, actual)
+		assert.Equal(t, expectedResultInfo, resultInfo)
+	}
+}
+
+func TestPagesProject(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": %s
+        }`, testPagesProjectResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
+
+	_, err := client.GetPagesProject(context.Background(), AccountIdentifier(""), "Test Pages Project")
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+
+	actual, err := client.GetPagesProject(context.Background(), AccountIdentifier(testAccountID), "Test Pages Project")
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesProject, actual)
+	}
+}
+
+func TestCreatePagesProject(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": %s
+        }`, testPagesProjectResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects", handler)
+
+	params := &CreatePagesProjectParams{
+		SubDomain: "test.pages.dev",
+		Name:      "Test Pages Project",
+		Domains: []string{
+			"testdomain.com",
+			"testdomain.org",
+		},
+		CanonicalDeployment: *expectedPagesProjectDeployment,
+		BuildConfig:         *expectedPagesProjectBuildConfig,
+		DeploymentConfigs:   *expectedPagesProjectDeploymentConfigs,
+		Source:              expectedPagesProjectSource,
+		LatestDeployment:    *expectedPagesProjectDeployment,
+		ProductionBranch:    "main",
+	}
+	_, err := client.CreatePagesProject(context.Background(), AccountIdentifier(""), *params)
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+
+	actual, err := client.CreatePagesProject(context.Background(), AccountIdentifier(testAccountID), *params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, *expectedPagesProject, actual)
+	}
+}
+
+func TestUpdatePagesProject(t *testing.T) {
+	setup()
+	defer teardown()
+
+	updateAttributes := &UpdatePagesProjectParams{
+		ID:   "Test Pages Project",
+		Name: "updated-project-name",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": %s
+        }`, testPagesProjectResponse)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
+
+	_, err := client.UpdatePagesProject(context.Background(), AccountIdentifier(""), *updateAttributes)
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+
+	_, err = client.UpdatePagesProject(context.Background(), AccountIdentifier(testAccountID), *updateAttributes)
+
+	assert.NoError(t, err)
+}
+
+func TestDeletePagesProject(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+            "success": true,
+            "errors": [],
+            "messages": [],
+            "result": null
+        }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
+
+	err := client.DeletePagesProject(context.Background(), AccountIdentifier(""), "Test Pages Project")
+	if assert.Error(t, err) {
+		assert.Equal(t, err.Error(), errMissingAccountID)
+	}
+
+	err = client.DeletePagesProject(context.Background(), AccountIdentifier(testAccountID), "Test Pages Project")
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/pagination.go b/pkg/cloudflare-go/pagination.go
new file mode 100644
index 0000000000..db06ff8a33
--- /dev/null
+++ b/pkg/cloudflare-go/pagination.go
@@ -0,0 +1,59 @@
+package cloudflare
+
+import (
+	"math"
+)
+
+// Look first for total_pages, but if total_count and per_page are set then use that to get page count.
+func (p ResultInfo) getTotalPages() int {
+	totalPages := p.TotalPages
+	if totalPages == 0 && p.Total > 0 && p.PerPage > 0 {
+		totalPages = int(math.Ceil(float64(p.Total) / float64(p.PerPage)))
+	}
+	return totalPages
+}
+
+// Done returns true for the last page and false otherwise.
+func (p ResultInfo) Done() bool {
+	// A little hacky but if the response body is lacking a defined `ResultInfo`
+	// object the page will be 1 however the counts will be empty so if we have
+	// that response, we just assume this is the only page.
+	totalPages := p.getTotalPages()
+	if p.Page == 1 && totalPages == 0 {
+		return true
+	}
+
+	return p.Page > 1 && p.Page > totalPages
+}
+
+// Next advances the page of a paginated API response, but does not fetch the
+// next page of results.
+func (p ResultInfo) Next() ResultInfo {
+	// A little hacky but if the response body is lacking a defined `ResultInfo`
+	// object the page will be 1 however the counts will be empty so if we have
+	// that response, we just assume this is the only page.
+	totalPages := p.getTotalPages()
+	if p.Page == 1 && totalPages == 0 {
+		return p
+	}
+
+	// This shouldn't happen normally however, when it does just return the
+	// current page.
+	if p.Page > totalPages {
+		return p
+	}
+
+	p.Page++
+	return p
+}
+
+// HasMorePages returns whether there is another page of results after the
+// current one.
+func (p ResultInfo) HasMorePages() bool {
+	totalPages := p.getTotalPages()
+	if totalPages == 0 {
+		return false
+	}
+
+	return p.Page >= 1 && p.Page < totalPages
+}
diff --git a/pkg/cloudflare-go/pagination_test.go b/pkg/cloudflare-go/pagination_test.go
new file mode 100644
index 0000000000..2a045c6370
--- /dev/null
+++ b/pkg/cloudflare-go/pagination_test.go
@@ -0,0 +1,130 @@
+package cloudflare
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPagination_Done(t *testing.T) {
+	testCases := map[string]struct {
+		r        ResultInfo
+		expected bool
+	}{
+		"missing ResultInfo pagination information": {
+			r:        ResultInfo{Page: 1},
+			expected: true,
+		},
+		"total pages greater than page": {
+			r:        ResultInfo{Page: 1, TotalPages: 2},
+			expected: false,
+		},
+		"total pages greater than page (alot)": {
+			r:        ResultInfo{Page: 1, TotalPages: 200},
+			expected: false,
+		},
+		// this should never happen
+		"total pages less than page": {
+			r:        ResultInfo{Page: 3, TotalPages: 1},
+			expected: true,
+		},
+		"total pages missing but done": {
+			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
+			expected: true,
+		},
+		"total pages missing and not done": {
+			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
+			expected: false,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert.Equal(t, tc.r.Done(), tc.expected)
+		})
+	}
+}
+
+func TestPagination_Next(t *testing.T) {
+	testCases := map[string]struct {
+		r        ResultInfo
+		expected ResultInfo
+	}{
+		"missing ResultInfo pagination information": {
+			r:        ResultInfo{Page: 1},
+			expected: ResultInfo{Page: 1},
+		},
+		"total pages greater than page": {
+			r:        ResultInfo{Page: 1, TotalPages: 3},
+			expected: ResultInfo{Page: 2, TotalPages: 3},
+		},
+		"total pages greater than page (alot)": {
+			r:        ResultInfo{Page: 1, TotalPages: 3000},
+			expected: ResultInfo{Page: 2, TotalPages: 3000},
+		},
+		// bug, this should never happen
+		"total pages less than page": {
+			r:        ResultInfo{Page: 3, TotalPages: 1},
+			expected: ResultInfo{Page: 3, TotalPages: 1},
+		},
+		"use per page and greater than page": {
+			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
+			expected: ResultInfo{Page: 4, Total: 70, PerPage: 25},
+		},
+		"use per page and less than page": {
+			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
+			expected: ResultInfo{Page: 2, Total: 70, PerPage: 25},
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			assert.Equal(t, tc.r.Next(), tc.expected)
+		})
+	}
+}
+
+func TestPagination_HasMorePages(t *testing.T) {
+	testCases := map[string]struct {
+		r        ResultInfo
+		expected bool
+	}{
+		"missing ResultInfo pagination information": {
+			r:        ResultInfo{Page: 1},
+			expected: false,
+		},
+		"total pages greater than page": {
+			r:        ResultInfo{Page: 1, TotalPages: 3},
+			expected: true,
+		},
+		"total pages greater than page (alot)": {
+			r:        ResultInfo{Page: 1, TotalPages: 3000},
+			expected: true,
+		},
+		// bug, this should never happen
+		"total pages less than page": {
+			r:        ResultInfo{Page: 3, TotalPages: 1},
+			expected: false,
+		},
+		"use per page and greater than page": {
+			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
+			expected: false,
+		},
+		"use per page and less than page": {
+			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
+			expected: true,
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			assert.Equal(t, tc.r.HasMorePages(), tc.expected)
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/per_hostname_tls_settings.go b/pkg/cloudflare-go/per_hostname_tls_settings.go
new file mode 100644
index 0000000000..19c159819c
--- /dev/null
+++ b/pkg/cloudflare-go/per_hostname_tls_settings.go
@@ -0,0 +1,251 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// HostnameTLSSetting represents the metadata for a user-created tls setting.
+type HostnameTLSSetting struct {
+	Hostname  string     `json:"hostname"`
+	Value     string     `json:"value"`
+	Status    string     `json:"status"`
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+}
+
+// HostnameTLSSettingResponse represents the response from the PUT and DELETE endpoints for per-hostname tls settings.
+type HostnameTLSSettingResponse struct {
+	Response
+	Result HostnameTLSSetting `json:"result"`
+}
+
+// HostnameTLSSettingsResponse represents the response from the retrieval endpoint for per-hostname tls settings.
+type HostnameTLSSettingsResponse struct {
+	Response
+	Result     []HostnameTLSSetting `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// ListHostnameTLSSettingsParams represents the data related to per-hostname tls settings being retrieved.
+type ListHostnameTLSSettingsParams struct {
+	Setting           string `json:"-" url:"setting,omitempty"`
+	PaginationOptions `json:"-"`
+	Limit             int      `json:"-" url:"limit,omitempty"`
+	Offset            int      `json:"-" url:"offset,omitempty"`
+	Hostname          []string `json:"-" url:"hostname,omitempty"`
+}
+
+// UpdateHostnameTLSSettingParams represents the data related to the per-hostname tls setting being updated.
+type UpdateHostnameTLSSettingParams struct {
+	Setting  string
+	Hostname string
+	Value    string `json:"value"`
+}
+
+// DeleteHostnameTLSSettingParams represents the data related to the per-hostname tls setting being deleted.
+type DeleteHostnameTLSSettingParams struct {
+	Setting  string
+	Hostname string
+}
+
+var (
+	ErrMissingHostnameTLSSettingName = errors.New("tls setting name required but missing")
+)
+
+// ListHostnameTLSSettings returns a list of all user-created tls setting values for the specified setting and hostnames.
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-list
+func (api *API) ListHostnameTLSSettings(ctx context.Context, rc *ResourceContainer, params ListHostnameTLSSettingsParams) ([]HostnameTLSSetting, ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []HostnameTLSSetting{}, ResultInfo{}, ErrMissingZoneID
+	}
+	if params.Setting == "" {
+		return []HostnameTLSSetting{}, ResultInfo{}, ErrMissingHostnameTLSSettingName
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/hostnames/settings/%s", rc.Identifier, params.Setting), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []HostnameTLSSetting{}, ResultInfo{}, err
+	}
+	var r HostnameTLSSettingsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []HostnameTLSSetting{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, r.ResultInfo, err
+}
+
+// UpdateHostnameTLSSetting will update the per-hostname tls setting for the specified hostname.
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put
+func (api *API) UpdateHostnameTLSSetting(ctx context.Context, rc *ResourceContainer, params UpdateHostnameTLSSettingParams) (HostnameTLSSetting, error) {
+	if rc.Identifier == "" {
+		return HostnameTLSSetting{}, ErrMissingZoneID
+	}
+	if params.Setting == "" {
+		return HostnameTLSSetting{}, ErrMissingHostnameTLSSettingName
+	}
+	if params.Hostname == "" {
+		return HostnameTLSSetting{}, ErrMissingHostname
+	}
+
+	uri := fmt.Sprintf("/zones/%s/hostnames/settings/%s/%s", rc.Identifier, params.Setting, params.Hostname)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return HostnameTLSSetting{}, err
+	}
+	var r HostnameTLSSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return HostnameTLSSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteHostnameTLSSetting will delete the specified per-hostname tls setting.
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-delete
+func (api *API) DeleteHostnameTLSSetting(ctx context.Context, rc *ResourceContainer, params DeleteHostnameTLSSettingParams) (HostnameTLSSetting, error) {
+	if rc.Identifier == "" {
+		return HostnameTLSSetting{}, ErrMissingZoneID
+	}
+	if params.Setting == "" {
+		return HostnameTLSSetting{}, ErrMissingHostnameTLSSettingName
+	}
+	if params.Hostname == "" {
+		return HostnameTLSSetting{}, ErrMissingHostname
+	}
+
+	uri := fmt.Sprintf("/zones/%s/hostnames/settings/%s/%s", rc.Identifier, params.Setting, params.Hostname)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return HostnameTLSSetting{}, err
+	}
+	var r HostnameTLSSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return HostnameTLSSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// HostnameTLSSettingCiphers represents the metadata for a user-created ciphers tls setting.
+type HostnameTLSSettingCiphers struct {
+	Hostname  string     `json:"hostname"`
+	Value     []string   `json:"value"`
+	Status    string     `json:"status"`
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+}
+
+// HostnameTLSSettingCiphersResponse represents the response from the PUT and DELETE endpoints for per-hostname ciphers tls settings.
+type HostnameTLSSettingCiphersResponse struct {
+	Response
+	Result HostnameTLSSettingCiphers `json:"result"`
+}
+
+// HostnameTLSSettingsCiphersResponse represents the response from the retrieval endpoint for per-hostname ciphers tls settings.
+type HostnameTLSSettingsCiphersResponse struct {
+	Response
+	Result     []HostnameTLSSettingCiphers `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// ListHostnameTLSSettingsCiphersParams represents the data related to per-hostname ciphers tls settings being retrieved.
+type ListHostnameTLSSettingsCiphersParams struct {
+	PaginationOptions
+	Limit    int      `json:"-" url:"limit,omitempty"`
+	Offset   int      `json:"-" url:"offset,omitempty"`
+	Hostname []string `json:"-" url:"hostname,omitempty"`
+}
+
+// UpdateHostnameTLSSettingCiphersParams represents the data related to the per-hostname ciphers tls setting being updated.
+type UpdateHostnameTLSSettingCiphersParams struct {
+	Hostname string
+	Value    []string `json:"value"`
+}
+
+// DeleteHostnameTLSSettingCiphersParams represents the data related to the per-hostname ciphers tls setting being deleted.
+type DeleteHostnameTLSSettingCiphersParams struct {
+	Hostname string
+}
+
+// ListHostnameTLSSettingsCiphers returns a list of all user-created tls setting ciphers values for the specified setting and hostnames.
+// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-list
+func (api *API) ListHostnameTLSSettingsCiphers(ctx context.Context, rc *ResourceContainer, params ListHostnameTLSSettingsCiphersParams) ([]HostnameTLSSettingCiphers, ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []HostnameTLSSettingCiphers{}, ResultInfo{}, ErrMissingZoneID
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/hostnames/settings/ciphers", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []HostnameTLSSettingCiphers{}, ResultInfo{}, err
+	}
+	var r HostnameTLSSettingsCiphersResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []HostnameTLSSettingCiphers{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, r.ResultInfo, err
+}
+
+// UpdateHostnameTLSSettingCiphers will update the per-hostname ciphers tls setting for the specified hostname.
+// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put
+func (api *API) UpdateHostnameTLSSettingCiphers(ctx context.Context, rc *ResourceContainer, params UpdateHostnameTLSSettingCiphersParams) (HostnameTLSSettingCiphers, error) {
+	if rc.Identifier == "" {
+		return HostnameTLSSettingCiphers{}, ErrMissingZoneID
+	}
+	if params.Hostname == "" {
+		return HostnameTLSSettingCiphers{}, ErrMissingHostname
+	}
+
+	uri := fmt.Sprintf("/zones/%s/hostnames/settings/ciphers/%s", rc.Identifier, params.Hostname)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return HostnameTLSSettingCiphers{}, err
+	}
+	var r HostnameTLSSettingCiphersResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return HostnameTLSSettingCiphers{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteHostnameTLSSettingCiphers will delete the specified per-hostname ciphers tls setting value.
+// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
+//
+// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-delete
+func (api *API) DeleteHostnameTLSSettingCiphers(ctx context.Context, rc *ResourceContainer, params DeleteHostnameTLSSettingCiphersParams) (HostnameTLSSettingCiphers, error) {
+	if rc.Identifier == "" {
+		return HostnameTLSSettingCiphers{}, ErrMissingZoneID
+	}
+	if params.Hostname == "" {
+		return HostnameTLSSettingCiphers{}, ErrMissingHostname
+	}
+
+	uri := fmt.Sprintf("/zones/%s/hostnames/settings/ciphers/%s", rc.Identifier, params.Hostname)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return HostnameTLSSettingCiphers{}, err
+	}
+	// Unmarshal into HostnameTLSSettingResponse first because the API returns an empty string
+	var r HostnameTLSSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return HostnameTLSSettingCiphers{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return HostnameTLSSettingCiphers{
+		Hostname:  r.Result.Hostname,
+		Value:     []string{},
+		Status:    r.Result.Status,
+		CreatedAt: r.Result.CreatedAt,
+		UpdatedAt: r.Result.UpdatedAt,
+	}, nil
+}
diff --git a/pkg/cloudflare-go/per_hostname_tls_settings_test.go b/pkg/cloudflare-go/per_hostname_tls_settings_test.go
new file mode 100644
index 0000000000..b857d2eb6f
--- /dev/null
+++ b/pkg/cloudflare-go/per_hostname_tls_settings_test.go
@@ -0,0 +1,273 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListHostnameTLSSettingsMinTLSVersion(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"hostname": "app.example.com",
+					"value": "1.2",
+					"status": "active",
+					"created_at": "2023-07-26T21:12:55.56942Z",
+					"updated_at": "2023-07-31T22:06:44.739794Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 50,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+	want := []HostnameTLSSetting{
+		{
+			Hostname:  "app.example.com",
+			Value:     "1.2",
+			Status:    "active",
+			CreatedAt: &createdAt,
+			UpdatedAt: &updatedAt,
+		},
+	}
+
+	actual, _, err := client.ListHostnameTLSSettings(context.Background(), ZoneIdentifier(testZoneID), ListHostnameTLSSettingsParams{Setting: "min_tls_version"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateHostnameTLSSettingMinTLSVersion(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"hostname": "app.example.com",
+				"value": "1.2",
+				"status": "active",
+				"created_at": "2023-07-26T21:12:55.56942Z",
+				"updated_at": "2023-07-31T22:06:44.739794Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version/app.example.com", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+
+	want := HostnameTLSSetting{
+		Hostname:  "app.example.com",
+		Value:     "1.2",
+		Status:    "active",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	params := UpdateHostnameTLSSettingParams{
+		Setting:  "min_tls_version",
+		Hostname: "app.example.com",
+		Value:    "1.2",
+	}
+	actual, err := client.UpdateHostnameTLSSetting(context.Background(), ZoneIdentifier(testZoneID), params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteHostnameTLSSettingMinTLSVersion(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"hostname": "app.example.com",
+				"value": "",
+				"status": "active",
+				"created_at": "2023-07-26T21:12:55.56942Z",
+				"updated_at": "2023-07-31T22:06:44.739794Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version/app.example.com", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+	want := HostnameTLSSetting{
+		Hostname:  "app.example.com",
+		Value:     "",
+		Status:    "active",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	actual, err := client.DeleteHostnameTLSSetting(context.Background(), ZoneIdentifier(testZoneID), DeleteHostnameTLSSettingParams{Setting: "min_tls_version", Hostname: "app.example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListHostnameTLSSettingsCiphers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"hostname": "app.example.com",
+					"value": [
+						"AES128-GCM-SHA256",
+						"ECDHE-RSA-AES128-GCM-SHA256"
+					],
+					"status": "active",
+					"created_at": "2023-07-26T21:12:55.56942Z",
+					"updated_at": "2023-07-31T22:06:44.739794Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 50,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+
+	want := []HostnameTLSSettingCiphers{
+		{
+			Hostname:  "app.example.com",
+			Value:     []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
+			Status:    "active",
+			CreatedAt: &createdAt,
+			UpdatedAt: &updatedAt,
+		},
+	}
+
+	actual, _, err := client.ListHostnameTLSSettingsCiphers(context.Background(), ZoneIdentifier(testZoneID), ListHostnameTLSSettingsCiphersParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateHostnameTLSSettingCiphers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"hostname": "app.example.com",
+				"value": [
+					"AES128-GCM-SHA256",
+					"ECDHE-RSA-AES128-GCM-SHA256"
+				],
+				"status": "active",
+				"created_at": "2023-07-26T21:12:55.56942Z",
+				"updated_at": "2023-07-31T22:06:44.739794Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers/app.example.com", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+
+	want := HostnameTLSSettingCiphers{
+		Hostname:  "app.example.com",
+		Value:     []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
+		Status:    "active",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	params := UpdateHostnameTLSSettingCiphersParams{
+		Hostname: "app.example.com",
+		Value:    []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
+	}
+	actual, err := client.UpdateHostnameTLSSettingCiphers(context.Background(), ZoneIdentifier(testZoneID), params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteHostnameTLSSettingCiphers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"hostname": "app.example.com",
+				"value": "",
+				"status": "active",
+				"created_at": "2023-07-26T21:12:55.56942Z",
+				"updated_at": "2023-07-31T22:06:44.739794Z"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers/app.example.com", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
+	want := HostnameTLSSettingCiphers{
+		Hostname:  "app.example.com",
+		Value:     []string{},
+		Status:    "active",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	actual, err := client.DeleteHostnameTLSSettingCiphers(context.Background(), ZoneIdentifier(testZoneID), DeleteHostnameTLSSettingCiphersParams{Hostname: "app.example.com"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/permission_group.go b/pkg/cloudflare-go/permission_group.go
new file mode 100644
index 0000000000..9fa7aa315c
--- /dev/null
+++ b/pkg/cloudflare-go/permission_group.go
@@ -0,0 +1,99 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type PermissionGroup struct {
+	ID          string            `json:"id"`
+	Name        string            `json:"name"`
+	Meta        map[string]string `json:"meta"`
+	Permissions []Permission      `json:"permissions"`
+}
+
+type Permission struct {
+	ID         string            `json:"id"`
+	Key        string            `json:"key"`
+	Attributes map[string]string `json:"attributes,omitempty"` // same as Meta in other structs
+}
+
+type PermissionGroupListResponse struct {
+	Success  bool              `json:"success"`
+	Errors   []string          `json:"errors"`
+	Messages []string          `json:"messages"`
+	Result   []PermissionGroup `json:"result"`
+}
+
+type PermissionGroupDetailResponse struct {
+	Success  bool            `json:"success"`
+	Errors   []string        `json:"errors"`
+	Messages []string        `json:"messages"`
+	Result   PermissionGroup `json:"result"`
+}
+
+type ListPermissionGroupParams struct {
+	Depth    int    `url:"depth,omitempty"`
+	RoleName string `url:"name,omitempty"`
+}
+
+const errMissingPermissionGroupID = "missing required permission group ID"
+
+var ErrMissingPermissionGroupID = errors.New(errMissingPermissionGroupID)
+
+// GetPermissionGroup returns a specific permission group from the API given
+// the account ID and permission group ID.
+func (api *API) GetPermissionGroup(ctx context.Context, rc *ResourceContainer, permissionGroupId string) (PermissionGroup, error) {
+	if rc.Level != AccountRouteLevel {
+		return PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return PermissionGroup{}, ErrMissingAccountID
+	}
+
+	if permissionGroupId == "" {
+		return PermissionGroup{}, ErrMissingPermissionGroupID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/iam/permission_groups/%s?depth=2", rc.Identifier, permissionGroupId)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return PermissionGroup{}, err
+	}
+
+	var permissionGroupResponse PermissionGroupDetailResponse
+	err = json.Unmarshal(res, &permissionGroupResponse)
+	if err != nil {
+		return PermissionGroup{}, err
+	}
+
+	return permissionGroupResponse.Result, nil
+}
+
+// ListPermissionGroups returns all valid permission groups for the provided
+// parameters.
+func (api *API) ListPermissionGroups(ctx context.Context, rc *ResourceContainer, params ListPermissionGroupParams) ([]PermissionGroup, error) {
+	if rc.Level != AccountRouteLevel {
+		return []PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	params.Depth = 2
+	uri := buildURI(fmt.Sprintf("/accounts/%s/iam/permission_groups", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []PermissionGroup{}, err
+	}
+
+	var permissionGroupResponse PermissionGroupListResponse
+	err = json.Unmarshal(res, &permissionGroupResponse)
+	if err != nil {
+		return []PermissionGroup{}, err
+	}
+
+	return permissionGroupResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/permission_group_test.go b/pkg/cloudflare-go/permission_group_test.go
new file mode 100644
index 0000000000..d3520db9e3
--- /dev/null
+++ b/pkg/cloudflare-go/permission_group_test.go
@@ -0,0 +1,152 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var mockPermissionGroup = PermissionGroup{
+	ID:   "f08020434ba14a0bb46bd9ff52f23b04",
+	Name: "Fake Permission Group",
+	Meta: map[string]string{
+		"description": "Can represent a permission group",
+	},
+	Permissions: []Permission{{
+		ID:  "7d42552322884d19bb63ed7f69b5ac21",
+		Key: "com.cloudflare.api.account.fake.permission",
+		Attributes: map[string]string{
+			"legacy_name": "#fake:permission",
+		},
+	}},
+}
+
+func TestListPermissionGroup_ByName(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "result": [
+				{
+				  "id": "f08020434ba14a0bb46bd9ff52f23b04",
+				  "name": "Fake Permission Group",
+				  "status": "V",
+				  "meta": {
+					"description": "Can represent a permission group"
+				  },
+				  "created_on": "2022-08-29T16:58:29.745574Z",
+				  "modified_on": "2022-09-12T08:26:37.255907Z",
+				  "permissions": [
+					{
+					  "id": "7d42552322884d19bb63ed7f69b5ac21",
+					  "key": "com.cloudflare.api.account.fake.permission",
+					  "attributes": {
+						"legacy_name": "#fake:permission"
+					  }
+					}
+				  ]
+				}
+			  ],
+			  "success": true,
+			  "errors": [],
+			  "messages": []
+			}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups", handler)
+
+	result, err := client.ListPermissionGroups(context.Background(), AccountIdentifier(testAccountID), ListPermissionGroupParams{RoleName: "fake-permission-group-name"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, result, []PermissionGroup{mockPermissionGroup})
+	}
+}
+
+func TestGetPermissionGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"id": "f08020434ba14a0bb46bd9ff52f23b04",
+				"name": "Fake Permission Group",
+				"status": "V",
+				"meta": {
+					"description": "Can represent a permission group"
+				},
+				"created_on": "2022-08-29T16:58:29.745574Z",
+				"modified_on": "2022-09-12T08:26:37.255907Z",
+				"permissions": [
+					{
+						"id": "7d42552322884d19bb63ed7f69b5ac21",
+						"key": "com.cloudflare.api.account.fake.permission",
+						"attributes": {
+							"legacy_name": "#fake:permission"
+						}
+					}
+				]
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+			}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups/fake-permission-group-id", handler)
+
+	result, err := client.GetPermissionGroup(context.Background(), AccountIdentifier(testAccountID), "fake-permission-group-id")
+	if assert.NoError(t, err) {
+		assert.Equal(t, result, mockPermissionGroup)
+	}
+}
+
+func TestPermissionGroups(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "result": [
+				{
+				  "id": "f08020434ba14a0bb46bd9ff52f23b04",
+				  "name": "Fake Permission Group",
+				  "status": "V",
+				  "meta": {
+					"description": "Can represent a permission group"
+				  },
+				  "created_on": "2022-08-29T16:58:29.745574Z",
+				  "modified_on": "2022-09-12T08:26:37.255907Z",
+				  "permissions": [
+					{
+					  "id": "7d42552322884d19bb63ed7f69b5ac21",
+					  "key": "com.cloudflare.api.account.fake.permission",
+					  "attributes": {
+						"legacy_name": "#fake:permission"
+					  }
+					}
+				  ]
+				}
+			  ],
+			  "success": true,
+			  "errors": [],
+			  "messages": []
+			}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups", handler)
+
+	result, err := client.ListPermissionGroups(context.Background(), AccountIdentifier(testAccountID), ListPermissionGroupParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, result, []PermissionGroup{mockPermissionGroup})
+	}
+}
diff --git a/pkg/cloudflare-go/policy.go b/pkg/cloudflare-go/policy.go
new file mode 100644
index 0000000000..8077241201
--- /dev/null
+++ b/pkg/cloudflare-go/policy.go
@@ -0,0 +1,8 @@
+package cloudflare
+
+type Policy struct {
+	ID               string            `json:"id"`
+	PermissionGroups []PermissionGroup `json:"permission_groups"`
+	ResourceGroups   []ResourceGroup   `json:"resource_groups"`
+	Access           string            `json:"access"`
+}
diff --git a/pkg/cloudflare-go/queue.go b/pkg/cloudflare-go/queue.go
new file mode 100644
index 0000000000..9f6d6e1213
--- /dev/null
+++ b/pkg/cloudflare-go/queue.go
@@ -0,0 +1,378 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingQueueName         = errors.New("required queue name is missing")
+	ErrMissingQueueConsumerName = errors.New("required queue consumer name is missing")
+)
+
+type Queue struct {
+	ID                  string          `json:"queue_id,omitempty"`
+	Name                string          `json:"queue_name,omitempty"`
+	CreatedOn           *time.Time      `json:"created_on,omitempty"`
+	ModifiedOn          *time.Time      `json:"modified_on,omitempty"`
+	ProducersTotalCount int             `json:"producers_total_count,omitempty"`
+	Producers           []QueueProducer `json:"producers,omitempty"`
+	ConsumersTotalCount int             `json:"consumers_total_count,omitempty"`
+	Consumers           []QueueConsumer `json:"consumers,omitempty"`
+}
+
+type QueueProducer struct {
+	Service     string `json:"service,omitempty"`
+	Environment string `json:"environment,omitempty"`
+}
+
+type QueueConsumer struct {
+	Name            string                `json:"-"`
+	Service         string                `json:"service,omitempty"`
+	ScriptName      string                `json:"script_name,omitempty"`
+	Environment     string                `json:"environment,omitempty"`
+	Settings        QueueConsumerSettings `json:"settings,omitempty"`
+	QueueName       string                `json:"queue_name,omitempty"`
+	CreatedOn       *time.Time            `json:"created_on,omitempty"`
+	DeadLetterQueue string                `json:"dead_letter_queue,omitempty"`
+}
+
+type QueueConsumerSettings struct {
+	BatchSize   int `json:"batch_size,omitempty"`
+	MaxRetires  int `json:"max_retries,omitempty"`
+	MaxWaitTime int `json:"max_wait_time_ms,omitempty"`
+}
+
+type QueueListResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []Queue `json:"result"`
+}
+
+type CreateQueueParams struct {
+	Name string `json:"queue_name"`
+}
+
+type QueueResponse struct {
+	Response
+	Result Queue `json:"result"`
+}
+
+type ListQueueConsumersResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []QueueConsumer `json:"result"`
+}
+
+type ListQueuesParams struct {
+	ResultInfo
+}
+
+type QueueConsumerResponse struct {
+	Response
+	Result QueueConsumer `json:"result"`
+}
+
+type UpdateQueueParams struct {
+	Name        string `json:"-"`
+	UpdatedName string `json:"queue_name,omitempty"`
+}
+
+type ListQueueConsumersParams struct {
+	QueueName string `url:"-"`
+	ResultInfo
+}
+
+type CreateQueueConsumerParams struct {
+	QueueName string `json:"-"`
+	Consumer  QueueConsumer
+}
+
+type UpdateQueueConsumerParams struct {
+	QueueName string `json:"-"`
+	Consumer  QueueConsumer
+}
+
+type DeleteQueueConsumerParams struct {
+	QueueName, ConsumerName string
+}
+
+// ListQueues returns the queues owned by an account.
+//
+// API reference: https://api.cloudflare.com/#queue-list-queues
+func (api *API) ListQueues(ctx context.Context, rc *ResourceContainer, params ListQueuesParams) ([]Queue, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []Queue{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var queues []Queue
+	var qResponse QueueListResponse
+	for {
+		qResponse = QueueListResponse{}
+		uri := buildURI(fmt.Sprintf("/accounts/%s/workers/queues", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []Queue{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &qResponse)
+		if err != nil {
+			return []Queue{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+		}
+
+		queues = append(queues, qResponse.Result...)
+		params.ResultInfo = qResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return queues, &qResponse.ResultInfo, nil
+}
+
+// CreateQueue creates a new queue.
+//
+// API reference: https://api.cloudflare.com/#queue-create-queue
+func (api *API) CreateQueue(ctx context.Context, rc *ResourceContainer, queue CreateQueueParams) (Queue, error) {
+	if rc.Identifier == "" {
+		return Queue{}, ErrMissingAccountID
+	}
+
+	if queue.Name == "" {
+		return Queue{}, ErrMissingQueueName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, queue)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueueResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteQueue deletes a queue.
+//
+// API reference: https://api.cloudflare.com/#queue-delete-queue
+func (api *API) DeleteQueue(ctx context.Context, rc *ResourceContainer, queueName string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+	if queueName == "" {
+		return ErrMissingQueueName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, queueName)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+	return nil
+}
+
+// GetQueue returns a single queue based on the name.
+//
+// API reference: https://api.cloudflare.com/#queue-get-queue
+func (api *API) GetQueue(ctx context.Context, rc *ResourceContainer, queueName string) (Queue, error) {
+	if rc.Identifier == "" {
+		return Queue{}, ErrMissingAccountID
+	}
+
+	if queueName == "" {
+		return Queue{}, ErrMissingQueueName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, queueName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueueResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateQueue updates a queue.
+//
+// API reference: https://api.cloudflare.com/#queue-update-queue
+func (api *API) UpdateQueue(ctx context.Context, rc *ResourceContainer, params UpdateQueueParams) (Queue, error) {
+	if rc.Identifier == "" {
+		return Queue{}, ErrMissingAccountID
+	}
+
+	if params.Name == "" || params.UpdatedName == "" {
+		return Queue{}, ErrMissingQueueName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, params.Name)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueueResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListQueueConsumers returns the consumers of a queue.
+//
+// API reference: https://api.cloudflare.com/#queue-list-queue-consumers
+func (api *API) ListQueueConsumers(ctx context.Context, rc *ResourceContainer, params ListQueueConsumersParams) ([]QueueConsumer, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []QueueConsumer{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	if params.QueueName == "" {
+		return []QueueConsumer{}, &ResultInfo{}, ErrMissingQueueName
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var queuesConsumers []QueueConsumer
+	var qResponse ListQueueConsumersResponse
+	for {
+		qResponse = ListQueueConsumersResponse{}
+		uri := buildURI(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", rc.Identifier, params.QueueName), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []QueueConsumer{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &qResponse)
+		if err != nil {
+			return []QueueConsumer{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
+		}
+
+		queuesConsumers = append(queuesConsumers, qResponse.Result...)
+		params.ResultInfo = qResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return queuesConsumers, &qResponse.ResultInfo, nil
+}
+
+// CreateQueueConsumer creates a new consumer for a queue.
+//
+// API reference: https://api.cloudflare.com/#queue-create-queue-consumer
+func (api *API) CreateQueueConsumer(ctx context.Context, rc *ResourceContainer, params CreateQueueConsumerParams) (QueueConsumer, error) {
+	if rc.Identifier == "" {
+		return QueueConsumer{}, ErrMissingAccountID
+	}
+
+	if params.QueueName == "" {
+		return QueueConsumer{}, ErrMissingQueueName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", rc.Identifier, params.QueueName)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Consumer)
+	if err != nil {
+		return QueueConsumer{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueueConsumerResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return QueueConsumer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteQueueConsumer deletes the consumer for a queue..
+//
+// API reference: https://api.cloudflare.com/#queue-delete-queue-consumer
+func (api *API) DeleteQueueConsumer(ctx context.Context, rc *ResourceContainer, params DeleteQueueConsumerParams) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if params.QueueName == "" {
+		return ErrMissingQueueName
+	}
+
+	if params.ConsumerName == "" {
+		return ErrMissingQueueConsumerName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", rc.Identifier, params.QueueName, params.ConsumerName)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
+
+// UpdateQueueConsumer updates the consumer for a queue, or creates one if it does not exist..
+//
+// API reference: https://api.cloudflare.com/#queue-update-queue-consumer
+func (api *API) UpdateQueueConsumer(ctx context.Context, rc *ResourceContainer, params UpdateQueueConsumerParams) (QueueConsumer, error) {
+	if rc.Identifier == "" {
+		return QueueConsumer{}, ErrMissingAccountID
+	}
+
+	if params.QueueName == "" {
+		return QueueConsumer{}, ErrMissingQueueName
+	}
+
+	if params.Consumer.Name == "" {
+		return QueueConsumer{}, ErrMissingQueueConsumerName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", rc.Identifier, params.QueueName, params.Consumer.Name)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Consumer)
+	if err != nil {
+		return QueueConsumer{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r QueueConsumerResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return QueueConsumer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/queue_test.go b/pkg/cloudflare-go/queue_test.go
new file mode 100644
index 0000000000..b175a7045d
--- /dev/null
+++ b/pkg/cloudflare-go/queue_test.go
@@ -0,0 +1,485 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testQueueID           = "6b7efc370ea34ded8327fa20698dfe3a"
+	testQueueName         = "example-queue"
+	testQueueConsumerName = "example-consumer"
+)
+
+func testQueue() Queue {
+	CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+	ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+	return Queue{
+		ID:                  testQueueID,
+		Name:                testQueueName,
+		CreatedOn:           &CreatedOn,
+		ModifiedOn:          &ModifiedOn,
+		ProducersTotalCount: 1,
+		Producers: []QueueProducer{
+			{
+				Service:     "example-producer",
+				Environment: "production",
+			},
+		},
+		ConsumersTotalCount: 1,
+		Consumers: []QueueConsumer{
+			{
+				Service:     "example-consumer",
+				Environment: "production",
+				Settings: QueueConsumerSettings{
+					BatchSize:   10,
+					MaxRetires:  3,
+					MaxWaitTime: 5000,
+				},
+			},
+		},
+	}
+}
+
+func testQueueConsumer() QueueConsumer {
+	CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+	return QueueConsumer{
+		Service:     "example-consumer",
+		Environment: "production",
+		Settings: QueueConsumerSettings{
+			BatchSize:   10,
+			MaxRetires:  3,
+			MaxWaitTime: 5000,
+		},
+		QueueName: testQueueName,
+		CreatedOn: &CreatedOn,
+	}
+}
+
+func TestQueue_List(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": null,
+  "messages": null,
+  "result": [
+    {
+      "queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
+      "queue_name": "example-queue",
+      "created_on": "2023-01-01T00:00:00Z",
+      "modified_on": "2023-01-01T00:00:00Z",
+      "producers_total_count": 1,
+      "producers": [
+        {
+          "service": "example-producer",
+          "environment": "production"
+        }
+      ],
+      "consumers_total_count": 1,
+      "consumers": [
+        {
+          "service": "example-consumer",
+          "environment": "production",
+          "settings": {
+            "batch_size": 10,
+            "max_retries": 3,
+            "max_wait_time_ms": 5000
+          }
+        }
+      ]
+    }
+  ],
+  "result_info": {
+    "page": 1,
+    "per_page": 100,
+    "count": 1,
+    "total_count": 1,
+    "total_pages": 1
+  }
+}`)
+	})
+
+	_, _, err := client.ListQueues(context.Background(), AccountIdentifier(""), ListQueuesParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	result, _, err := client.ListQueues(context.Background(), AccountIdentifier(testAccountID), ListQueuesParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(result))
+		assert.Equal(t, testQueue(), result[0])
+	}
+}
+
+func TestQueue_Create(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result": {
+			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
+			"queue_name": "example-queue",
+			"created_on": "2023-01-01T00:00:00Z",
+			"modified_on": "2023-01-01T00:00:00Z"
+		}
+	}`)
+	})
+	_, err := client.CreateQueue(context.Background(), AccountIdentifier(""), CreateQueueParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.CreateQueue(context.Background(), AccountIdentifier(testAccountID), CreateQueueParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+	results, err := client.CreateQueue(context.Background(), AccountIdentifier(testAccountID), CreateQueueParams{Name: "example-queue"})
+	if assert.NoError(t, err) {
+		CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+		ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+		createdQueue := Queue{
+			ID:         testQueueID,
+			Name:       testQueueName,
+			CreatedOn:  &CreatedOn,
+			ModifiedOn: &ModifiedOn,
+		}
+
+		assert.Equal(t, createdQueue, results)
+	}
+}
+
+func TestQueue_Delete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": null
+		}`)
+	})
+	err := client.DeleteQueue(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.DeleteQueue(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	err = client.DeleteQueue(context.Background(), AccountIdentifier(testAccountID), testQueueName)
+	assert.NoError(t, err)
+}
+
+func TestQueue_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+		{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
+			"queue_name": "example-queue",
+			"created_on": "2023-01-01T00:00:00Z",
+			"modified_on": "2023-01-01T00:00:00Z",
+			"producers_total_count": 1,
+			"producers": [
+			  {
+				"service": "example-producer",
+				"environment": "production"
+			  }
+			],
+			"consumers_total_count": 1,
+			"consumers": [
+			  {
+				"service": "example-consumer",
+				"environment": "production",
+				"settings": {
+				  "batch_size": 10,
+				  "max_retries": 3,
+				  "max_wait_time_ms": 5000
+				}
+			  }
+			]
+		  }
+		}`)
+	})
+
+	_, err := client.GetQueue(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.GetQueue(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	result, err := client.GetQueue(context.Background(), AccountIdentifier(testAccountID), testQueueID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, testQueue(), result)
+	}
+}
+
+func TestQueue_Update(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result": {
+			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
+			"queue_name": "renamed-example-queue",
+			"created_on": "2023-01-01T00:00:00Z",
+			"modified_on": "2023-01-01T00:00:00Z"
+		}
+	}`)
+	})
+	_, err := client.UpdateQueue(context.Background(), AccountIdentifier(""), UpdateQueueParams{Name: testQueueName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.UpdateQueue(context.Background(), AccountIdentifier(testAccountID), UpdateQueueParams{Name: testQueueName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	results, err := client.UpdateQueue(context.Background(), AccountIdentifier(testAccountID), UpdateQueueParams{Name: testQueueName, UpdatedName: "renamed-example-queue"})
+	if assert.NoError(t, err) {
+		CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+		ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
+		createdQueue := Queue{
+			ID:         testQueueID,
+			Name:       "renamed-example-queue",
+			CreatedOn:  &CreatedOn,
+			ModifiedOn: &ModifiedOn,
+		}
+
+		assert.Equal(t, createdQueue, results)
+	}
+}
+
+func TestQueue_ListConsumers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+	{
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result": [
+			{
+			  "service": "example-consumer",
+			  "environment": "production",
+			  "settings": {
+				"batch_size": 10,
+				"max_retries": 3,
+				"max_wait_time_ms": 5000
+			  },
+			  "queue_name": "example-queue",
+			  "created_on": "2023-01-01T00:00:00Z"
+			}
+		  ],
+		  "result_info": {
+			"page": 1,
+			"per_page": 100,
+			"count": 1,
+			"total_count": 1,
+			"total_pages": 1
+		  }
+		}`)
+	})
+
+	_, _, err := client.ListQueueConsumers(context.Background(), AccountIdentifier(""), ListQueueConsumersParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, _, err = client.ListQueueConsumers(context.Background(), AccountIdentifier(testAccountID), ListQueueConsumersParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	result, _, err := client.ListQueueConsumers(context.Background(), AccountIdentifier(testAccountID), ListQueueConsumersParams{QueueName: testQueueName})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(result))
+		assert.Equal(t, testQueueConsumer(), result[0])
+	}
+}
+
+func TestQueue_CreateConsumer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"service": "example-consumer",
+			"environment": "production",
+			"settings": {
+			  "batch_size": 10,
+			  "max_retries": 3,
+			  "max_wait_time_ms": 5000
+			},
+			"dead_letter_queue": "example-dlq",
+			"queue_name": "example-queue",
+			"created_on": "2023-01-01T00:00:00Z"
+		  }
+		}`)
+	})
+
+	_, err := client.CreateQueueConsumer(context.Background(), AccountIdentifier(""), CreateQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.CreateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), CreateQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	result, err := client.CreateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), CreateQueueConsumerParams{QueueName: testQueueName, Consumer: QueueConsumer{
+		Service:     "example-consumer",
+		Environment: "production",
+	}})
+	if assert.NoError(t, err) {
+		expectedQueueConsumer := testQueueConsumer()
+		expectedQueueConsumer.DeadLetterQueue = "example-dlq"
+		assert.Equal(t, expectedQueueConsumer, result)
+	}
+}
+
+func TestQueue_DeleteConsumer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", testAccountID, testQueueName, testQueueConsumerName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": null
+		}`)
+	})
+
+	err := client.DeleteQueueConsumer(context.Background(), AccountIdentifier(""), DeleteQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{QueueName: testQueueName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueConsumerName, err)
+	}
+
+	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{QueueName: testQueueName, ConsumerName: testQueueConsumerName})
+	assert.NoError(t, err)
+}
+
+func TestQueue_UpdateConsumer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", testAccountID, testQueueName, testQueueConsumerName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"service": "example-consumer",
+			"environment": "production",
+			"settings": {
+			  "batch_size": 10,
+			  "max_retries": 3,
+			  "max_wait_time_ms": 5000
+			},
+			"queue_name": "example-queue",
+			"created_on": "2023-01-01T00:00:00Z"
+		  }
+		}`)
+	})
+
+	_, err := client.UpdateQueueConsumer(context.Background(), AccountIdentifier(""), UpdateQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueName, err)
+	}
+
+	_, err = client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{QueueName: testQueueName})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingQueueConsumerName, err)
+	}
+
+	result, err := client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{QueueName: testQueueName, Consumer: QueueConsumer{
+		Name:        testQueueConsumerName,
+		Service:     "example-consumer",
+		Environment: "production",
+	}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, testQueueConsumer(), result)
+	}
+}
diff --git a/pkg/cloudflare-go/r2_bucket.go b/pkg/cloudflare-go/r2_bucket.go
new file mode 100644
index 0000000000..c9ce8fe0f8
--- /dev/null
+++ b/pkg/cloudflare-go/r2_bucket.go
@@ -0,0 +1,147 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingBucketName = errors.New("require bucket name missing")
+)
+
+// R2Bucket defines a container for objects stored in R2 Storage.
+type R2Bucket struct {
+	Name         string     `json:"name"`
+	CreationDate *time.Time `json:"creation_date,omitempty"`
+	Location     string     `json:"location,omitempty"`
+}
+
+// R2Buckets represents the map of buckets response from
+// the R2 buckets endpoint.
+type R2Buckets struct {
+	Buckets []R2Bucket `json:"buckets"`
+}
+
+// R2BucketListResponse represents the response from the list
+// R2 buckets endpoint.
+type R2BucketListResponse struct {
+	Result R2Buckets `json:"result"`
+	Response
+}
+
+type ListR2BucketsParams struct {
+	Name       string `url:"name_contains,omitempty"`
+	StartAfter string `url:"start_after,omitempty"`
+	PerPage    int64  `url:"per_page,omitempty"`
+	Order      string `url:"order,omitempty"`
+	Direction  string `url:"direction,omitempty"`
+	Cursor     string `url:"cursor,omitempty"`
+}
+
+type CreateR2BucketParameters struct {
+	Name         string `json:"name,omitempty"`
+	LocationHint string `json:"locationHint,omitempty"`
+}
+
+type R2BucketResponse struct {
+	Result R2Bucket `json:"result"`
+	Response
+}
+
+// ListR2Buckets Lists R2 buckets.
+func (api *API) ListR2Buckets(ctx context.Context, rc *ResourceContainer, params ListR2BucketsParams) ([]R2Bucket, error) {
+	if rc.Identifier == "" {
+		return []R2Bucket{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/r2/buckets", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []R2Bucket{}, err
+	}
+
+	var r2BucketListResponse R2BucketListResponse
+	err = json.Unmarshal(res, &r2BucketListResponse)
+	if err != nil {
+		return []R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r2BucketListResponse.Result.Buckets, nil
+}
+
+// CreateR2Bucket Creates a new R2 bucket.
+//
+// API reference: https://api.cloudflare.com/#r2-bucket-create-bucket
+func (api *API) CreateR2Bucket(ctx context.Context, rc *ResourceContainer, params CreateR2BucketParameters) (R2Bucket, error) {
+	if rc.Identifier == "" {
+		return R2Bucket{}, ErrMissingAccountID
+	}
+
+	if params.Name == "" {
+		return R2Bucket{}, ErrMissingBucketName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/r2/buckets", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return R2Bucket{}, err
+	}
+
+	var r2BucketResponse R2BucketResponse
+	err = json.Unmarshal(res, &r2BucketResponse)
+	if err != nil {
+		return R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r2BucketResponse.Result, nil
+}
+
+// GetR2Bucket Gets an existing R2 bucket.
+//
+// API reference: https://api.cloudflare.com/#r2-bucket-get-bucket
+func (api *API) GetR2Bucket(ctx context.Context, rc *ResourceContainer, bucketName string) (R2Bucket, error) {
+	if rc.Identifier == "" {
+		return R2Bucket{}, ErrMissingAccountID
+	}
+
+	if bucketName == "" {
+		return R2Bucket{}, ErrMissingBucketName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/r2/buckets/%s", rc.Identifier, bucketName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return R2Bucket{}, err
+	}
+
+	var r2BucketResponse R2BucketResponse
+	err = json.Unmarshal(res, &r2BucketResponse)
+	if err != nil {
+		return R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r2BucketResponse.Result, nil
+}
+
+// DeleteR2Bucket Deletes an existing R2 bucket.
+//
+// API reference: https://api.cloudflare.com/#r2-bucket-delete-bucket
+func (api *API) DeleteR2Bucket(ctx context.Context, rc *ResourceContainer, bucketName string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if bucketName == "" {
+		return ErrMissingBucketName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/r2/buckets/%s", rc.Identifier, bucketName)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	return err
+}
diff --git a/pkg/cloudflare-go/r2_bucket_test.go b/pkg/cloudflare-go/r2_bucket_test.go
new file mode 100644
index 0000000000..ac9b2f9607
--- /dev/null
+++ b/pkg/cloudflare-go/r2_bucket_test.go
@@ -0,0 +1,160 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testBucketName = "example-bucket"
+
+func TestR2_ListBuckets(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+	"buckets": [
+		{
+			"name": "example-bucket",
+			"creation_date": "2022-06-24T19:58:49.477Z"
+		}
+	]
+  }
+}`)
+	})
+	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
+	want := []R2Bucket{
+		{
+			Name:         "example-bucket",
+			CreationDate: &createDate,
+		},
+	}
+	actual, err := client.ListR2Buckets(context.Background(), AccountIdentifier(testAccountID), ListR2BucketsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestR2_GetBucket(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets/%s", testAccountID, testBucketName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+			"name": "example-bucket",
+			"creation_date": "2022-06-24T19:58:49.477Z",
+			"location": "ENAM"
+	}
+}`)
+	})
+
+	_, err := client.GetR2Bucket(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.GetR2Bucket(context.Background(), AccountIdentifier(testAccountID), "")
+
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingBucketName, err)
+	}
+
+	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
+	want := R2Bucket{
+		Name:         testBucketName,
+		CreationDate: &createDate,
+		Location:     "ENAM",
+	}
+
+	actual, err := client.GetR2Bucket(context.Background(), AccountIdentifier(testAccountID), testBucketName)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestR2_CreateBucket(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+			"name": "example-bucket",
+			"creation_date": "2022-06-24T19:58:49.477Z",
+			"location": "ENAM"
+	}
+}`)
+	})
+
+	_, err := client.CreateR2Bucket(context.Background(), AccountIdentifier(""), CreateR2BucketParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.CreateR2Bucket(context.Background(), AccountIdentifier(testAccountID), CreateR2BucketParameters{Name: ""})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingBucketName, err)
+	}
+	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
+	want := R2Bucket{
+		Name:         testBucketName,
+		CreationDate: &createDate,
+		Location:     "ENAM",
+	}
+
+	actual, err := client.CreateR2Bucket(context.Background(), AccountIdentifier(testAccountID), CreateR2BucketParameters{Name: testBucketName, LocationHint: "ENAM"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestR2_DeleteBucket(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets/%s", testAccountID, testBucketName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {}
+}`)
+	})
+
+	err := client.DeleteR2Bucket(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.DeleteR2Bucket(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingBucketName, err)
+	}
+
+	err = client.DeleteR2Bucket(context.Background(), AccountIdentifier(testAccountID), "example-bucket")
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/rate_limiting.go b/pkg/cloudflare-go/rate_limiting.go
new file mode 100644
index 0000000000..1a9f5cb44e
--- /dev/null
+++ b/pkg/cloudflare-go/rate_limiting.go
@@ -0,0 +1,199 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// RateLimit is a policy than can be applied to limit traffic within a customer domain.
+type RateLimit struct {
+	ID          string                  `json:"id,omitempty"`
+	Disabled    bool                    `json:"disabled,omitempty"`
+	Description string                  `json:"description,omitempty"`
+	Match       RateLimitTrafficMatcher `json:"match"`
+	Bypass      []RateLimitKeyValue     `json:"bypass,omitempty"`
+	Threshold   int                     `json:"threshold"`
+	Period      int                     `json:"period"`
+	Action      RateLimitAction         `json:"action"`
+	Correlate   *RateLimitCorrelate     `json:"correlate,omitempty"`
+}
+
+// RateLimitTrafficMatcher contains the rules that will be used to apply a rate limit to traffic.
+type RateLimitTrafficMatcher struct {
+	Request  RateLimitRequestMatcher  `json:"request"`
+	Response RateLimitResponseMatcher `json:"response"`
+}
+
+// RateLimitRequestMatcher contains the matching rules pertaining to requests.
+type RateLimitRequestMatcher struct {
+	Methods    []string `json:"methods,omitempty"`
+	Schemes    []string `json:"schemes,omitempty"`
+	URLPattern string   `json:"url,omitempty"`
+}
+
+// RateLimitResponseMatcher contains the matching rules pertaining to responses.
+type RateLimitResponseMatcher struct {
+	Statuses      []int                            `json:"status,omitempty"`
+	OriginTraffic *bool                            `json:"origin_traffic,omitempty"` // api defaults to true so we need an explicit empty value
+	Headers       []RateLimitResponseMatcherHeader `json:"headers,omitempty"`
+}
+
+// RateLimitResponseMatcherHeader contains the structure of the origin
+// HTTP headers used in request matcher checks.
+type RateLimitResponseMatcherHeader struct {
+	Name  string `json:"name"`
+	Op    string `json:"op"`
+	Value string `json:"value"`
+}
+
+// RateLimitKeyValue is k-v formatted as expected in the rate limit description.
+type RateLimitKeyValue struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
+}
+
+// RateLimitAction is the action that will be taken when the rate limit threshold is reached.
+type RateLimitAction struct {
+	Mode     string                   `json:"mode"`
+	Timeout  int                      `json:"timeout"`
+	Response *RateLimitActionResponse `json:"response"`
+}
+
+// RateLimitActionResponse is the response that will be returned when rate limit action is triggered.
+type RateLimitActionResponse struct {
+	ContentType string `json:"content_type"`
+	Body        string `json:"body"`
+}
+
+// RateLimitCorrelate pertainings to NAT support.
+type RateLimitCorrelate struct {
+	By string `json:"by"`
+}
+
+type rateLimitResponse struct {
+	Response
+	Result RateLimit `json:"result"`
+}
+
+type rateLimitListResponse struct {
+	Response
+	Result     []RateLimit `json:"result"`
+	ResultInfo ResultInfo  `json:"result_info"`
+}
+
+// CreateRateLimit creates a new rate limit for a zone.
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-create-a-ratelimit
+func (api *API) CreateRateLimit(ctx context.Context, zoneID string, limit RateLimit) (RateLimit, error) {
+	uri := fmt.Sprintf("/zones/%s/rate_limits", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, limit)
+	if err != nil {
+		return RateLimit{}, err
+	}
+	var r rateLimitResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListRateLimits returns Rate Limits for a zone, paginated according to the provided options
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-list-rate-limits
+func (api *API) ListRateLimits(ctx context.Context, zoneID string, pageOpts PaginationOptions) ([]RateLimit, ResultInfo, error) {
+	uri := buildURI(fmt.Sprintf("/zones/%s/rate_limits", zoneID), pageOpts)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []RateLimit{}, ResultInfo{}, err
+	}
+
+	var r rateLimitListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []RateLimit{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, r.ResultInfo, nil
+}
+
+// ListAllRateLimits returns all Rate Limits for a zone.
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-list-rate-limits
+func (api *API) ListAllRateLimits(ctx context.Context, zoneID string) ([]RateLimit, error) {
+	pageOpts := PaginationOptions{
+		PerPage: 100, // this is the max page size allowed
+		Page:    1,
+	}
+
+	allRateLimits := make([]RateLimit, 0)
+	for {
+		rateLimits, resultInfo, err := api.ListRateLimits(ctx, zoneID, pageOpts)
+		if err != nil {
+			return []RateLimit{}, err
+		}
+		allRateLimits = append(allRateLimits, rateLimits...)
+		// total pages is not returned on this call
+		// if number of records is less than the max, this must be the last page
+		// in case TotalCount % PerPage = 0, the last request will return an empty list
+		if resultInfo.Count < resultInfo.PerPage {
+			break
+		}
+		// continue with the next page
+		pageOpts.Page = pageOpts.Page + 1
+	}
+
+	return allRateLimits, nil
+}
+
+// RateLimit fetches detail about one Rate Limit for a zone.
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-rate-limit-details
+func (api *API) RateLimit(ctx context.Context, zoneID, limitID string) (RateLimit, error) {
+	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return RateLimit{}, err
+	}
+	var r rateLimitResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateRateLimit lets you replace a Rate Limit for a zone.
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-update-rate-limit
+func (api *API) UpdateRateLimit(ctx context.Context, zoneID, limitID string, limit RateLimit) (RateLimit, error) {
+	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, limit)
+	if err != nil {
+		return RateLimit{}, err
+	}
+	var r rateLimitResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteRateLimit deletes a Rate Limit for a zone.
+//
+// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-delete-rate-limit
+func (api *API) DeleteRateLimit(ctx context.Context, zoneID, limitID string) error {
+	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r rateLimitResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/rate_limiting_example_test.go b/pkg/cloudflare-go/rate_limiting_example_test.go
new file mode 100644
index 0000000000..a894d8b4e2
--- /dev/null
+++ b/pkg/cloudflare-go/rate_limiting_example_test.go
@@ -0,0 +1,108 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+var exampleNewRateLimit = cloudflare.RateLimit{
+	Description: "test",
+	Match: cloudflare.RateLimitTrafficMatcher{
+		Request: cloudflare.RateLimitRequestMatcher{
+			URLPattern: "exampledomain.com/test-rate-limit",
+		},
+	},
+	Threshold: 0,
+	Period:    0,
+	Action: cloudflare.RateLimitAction{
+		Mode:    "ban",
+		Timeout: 60,
+	},
+	Correlate: &cloudflare.RateLimitCorrelate{
+		By: "nat",
+	},
+}
+
+func ExampleAPI_CreateRateLimit() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	rateLimit, err := api.CreateRateLimit(context.Background(), zoneID, exampleNewRateLimit)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", rateLimit)
+}
+
+func ExampleAPI_ListRateLimits() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	pageOpts := cloudflare.PaginationOptions{
+		PerPage: 5,
+		Page:    1,
+	}
+	rateLimits, _, err := api.ListRateLimits(context.Background(), zoneID, pageOpts)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", rateLimits)
+	for _, r := range rateLimits {
+		fmt.Printf("%+v\n", r)
+	}
+}
+
+func ExampleAPI_RateLimit() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	rateLimits, err := api.RateLimit(context.Background(), zoneID, "my_rate_limit_id")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", rateLimits)
+}
+
+func ExampleAPI_DeleteRateLimit() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName(domain)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	err = api.DeleteRateLimit(context.Background(), zoneID, "my_rate_limit_id")
+	if err != nil {
+		log.Fatal(err)
+	}
+}
diff --git a/pkg/cloudflare-go/rate_limiting_test.go b/pkg/cloudflare-go/rate_limiting_test.go
new file mode 100644
index 0000000000..9af0650c60
--- /dev/null
+++ b/pkg/cloudflare-go/rate_limiting_test.go
@@ -0,0 +1,361 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	rateLimitID                = "72dae2fc158942f2adb1dd2a3d4143bc"
+	serverRateLimitDescription = `{
+	"id": "72dae2fc158942f2adb1dd2a3d4143bc",
+	"disabled": false,
+	"description": "test",
+	"match": {
+	"request": {
+	  "methods": [
+		"_ALL_"
+	  ],
+	  "schemes": [
+		"_ALL_"
+	  ],
+	  "url": "exampledomain.com/test-rate-limit"
+	},
+	"response": {
+	  "origin_traffic": true
+	}
+	},
+	"login_protect": false,
+	"threshold": 50,
+	"period": 1,
+	"action": {
+		"mode": "ban",
+		"timeout": 60
+	},
+	"correlate": {
+		"by": "nat"
+	}
+}
+`
+)
+
+var expectedOriginTraffic = true
+var expectedRateLimitStruct = RateLimit{
+	ID:          "72dae2fc158942f2adb1dd2a3d4143bc",
+	Disabled:    false,
+	Description: "test",
+	Match: RateLimitTrafficMatcher{
+		Request: RateLimitRequestMatcher{
+			Methods:    []string{"_ALL_"},
+			Schemes:    []string{"_ALL_"},
+			URLPattern: "exampledomain.com/test-rate-limit",
+		},
+		Response: RateLimitResponseMatcher{
+			OriginTraffic: &expectedOriginTraffic,
+		},
+	},
+	Threshold: 50,
+	Period:    1,
+	Action: RateLimitAction{
+		Mode:    "ban",
+		Timeout: 60,
+	},
+	Correlate: &RateLimitCorrelate{
+		By: "nat",
+	},
+}
+
+func TestListRateLimits(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 1,
+			"per_page": 25,
+			"count": 1,
+			"total_count": 1
+		  }
+		}
+		`, serverRateLimitDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
+	want := []RateLimit{expectedRateLimitStruct}
+
+	actual, _, err := client.ListRateLimits(context.Background(), testZoneID, PaginationOptions{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListRateLimitsWithPageOpts(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 1,
+			"per_page": 25,
+			"count": 1,
+			"total_count": 1
+		  }
+		}
+		`, serverRateLimitDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
+	want := []RateLimit{expectedRateLimitStruct}
+
+	pageOpts := PaginationOptions{
+		PerPage: 50,
+	}
+	actual, _, err := client.ListRateLimits(context.Background(), testZoneID, pageOpts)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListAllRateLimitsDoesPagination(t *testing.T) {
+	setup()
+	defer teardown()
+
+	oneHundredRateLimitRecords := strings.Repeat(serverRateLimitDescription+",", 99) + serverRateLimitDescription
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		if r.URL.Query().Get("page") == "1" {
+			fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 1,
+			"per_page": 100,
+			"count": 100,
+			"total_count": 101
+		  }
+		}
+		`, oneHundredRateLimitRecords)
+		} else if r.URL.Query().Get("page") == "2" {
+			fmt.Fprintf(w, `{
+		  "result": [
+			%s
+		  ],
+		  "success": true,
+		  "errors": null,
+		  "messages": null,
+		  "result_info": {
+			"page": 2,
+			"per_page": 100,
+			"count": 1,
+			"total_count": 101
+		  }
+		}
+		`, serverRateLimitDescription)
+		}
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
+	want := make([]RateLimit, 101)
+	for i := range want {
+		want[i] = expectedRateLimitStruct
+	}
+
+	actual, err := client.ListAllRateLimits(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetRateLimit(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, serverRateLimitDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
+	want := expectedRateLimitStruct
+
+	actual, err := client.RateLimit(context.Background(), testZoneID, rateLimitID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateRateLimit(t *testing.T) {
+	setup()
+	defer teardown()
+	newRateLimit := RateLimit{
+		Description: "test",
+		Match: RateLimitTrafficMatcher{
+			Request: RateLimitRequestMatcher{
+				URLPattern: "exampledomain.com/test-rate-limit",
+			},
+		},
+		Period:    1,
+		Threshold: 50,
+		Action: RateLimitAction{
+			Mode:    "ban",
+			Timeout: 60,
+		},
+		Correlate: &RateLimitCorrelate{
+			By: "nat",
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, serverRateLimitDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
+	want := expectedRateLimitStruct
+
+	actual, err := client.CreateRateLimit(context.Background(), testZoneID, newRateLimit)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateRateLimitWithZeroedThreshold(t *testing.T) {
+	setup()
+	defer teardown()
+	newRateLimit := RateLimit{
+		Description: "test",
+		Match: RateLimitTrafficMatcher{
+			Request: RateLimitRequestMatcher{
+				URLPattern: "exampledomain.com/test-rate-limit",
+			},
+		},
+		Period:    0, // 0 is the default values if int fields are not set
+		Threshold: 0,
+		Action: RateLimitAction{
+			Mode:    "ban",
+			Timeout: 60,
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.WriteHeader(400)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": false,
+		  "errors": [{ "message": "ratelimit.api.validation_error:threshold is too low and must be at least 2,sample_rate is too low and must be at least 1 second" } ],
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
+
+	actual, err := client.CreateRateLimit(context.Background(), testZoneID, newRateLimit)
+	assert.Error(t, err)
+	assert.Equal(t, RateLimit{}, actual)
+}
+
+func TestUpdateRateLimit(t *testing.T) {
+	setup()
+	defer teardown()
+	newRateLimit := RateLimit{
+		Description: "test-2",
+		Match: RateLimitTrafficMatcher{
+			Request: RateLimitRequestMatcher{
+				URLPattern: "exampledomain.com/test-rate-limit-2",
+			},
+		},
+		Period:    2,
+		Threshold: 100,
+		Action: RateLimitAction{
+			Mode:    "ban",
+			Timeout: 600,
+		},
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": %s,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`, serverRateLimitDescription)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
+	want := expectedRateLimitStruct
+
+	actual, err := client.UpdateRateLimit(context.Background(), testZoneID, rateLimitID, newRateLimit)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteRateLimit(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+		  "result": null,
+		  "success": true,
+		  "errors": null,
+		  "messages": null
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
+
+	err := client.DeleteRateLimit(context.Background(), testZoneID, rateLimitID)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/regional_hostnames.go b/pkg/cloudflare-go/regional_hostnames.go
new file mode 100644
index 0000000000..51227709a1
--- /dev/null
+++ b/pkg/cloudflare-go/regional_hostnames.go
@@ -0,0 +1,191 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type Region struct {
+	Key   string `json:"key"`
+	Label string `json:"label"`
+}
+
+type RegionalHostname struct {
+	Hostname  string     `json:"hostname"`
+	RegionKey string     `json:"region_key"`
+	CreatedOn *time.Time `json:"created_on,omitempty"`
+}
+
+// regionalHostnameResponse contains an API Response from a Create, Get, Update, or Delete call.
+type regionalHostnameResponse struct {
+	Response
+	Result RegionalHostname `json:"result"`
+}
+
+type ListDataLocalizationRegionsParams struct{}
+type ListDataLocalizationRegionalHostnamesParams struct{}
+
+type CreateDataLocalizationRegionalHostnameParams struct {
+	Hostname  string `json:"hostname"`
+	RegionKey string `json:"region_key"`
+}
+
+type UpdateDataLocalizationRegionalHostnameParams struct {
+	Hostname  string `json:"-"`
+	RegionKey string `json:"region_key"`
+}
+
+// ListDataLocalizationRegions lists all available regions.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) ListDataLocalizationRegions(ctx context.Context, rc *ResourceContainer, params ListDataLocalizationRegionsParams) ([]Region, error) {
+	if rc.Level != AccountRouteLevel {
+		return []Region{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return []Region{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/addressing/regional_hostnames/regions", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Region{}, err
+	}
+	result := struct {
+		Result []Region `json:"result"`
+	}{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []Region{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result.Result, nil
+}
+
+// ListDataLocalizationRegionalHostnames lists all regional hostnames for a zone.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) ListDataLocalizationRegionalHostnames(ctx context.Context, rc *ResourceContainer, params ListDataLocalizationRegionalHostnamesParams) ([]RegionalHostname, error) {
+	if rc.Level != ZoneRouteLevel {
+		return []RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return []RegionalHostname{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []RegionalHostname{}, err
+	}
+	result := struct {
+		Result []RegionalHostname `json:"result"`
+	}{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result.Result, nil
+}
+
+// CreateDataLocalizationRegionalHostname lists all regional hostnames for a zone.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) CreateDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, params CreateDataLocalizationRegionalHostnameParams) (RegionalHostname, error) {
+	if rc.Level != ZoneRouteLevel {
+		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return RegionalHostname{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return RegionalHostname{}, err
+	}
+	result := regionalHostnameResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result.Result, nil
+}
+
+// GetDataLocalizationRegionalHostname returns the details of a specific regional hostname.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) GetDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, hostname string) (RegionalHostname, error) {
+	if rc.Level != ZoneRouteLevel {
+		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return RegionalHostname{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, hostname)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return RegionalHostname{}, err
+	}
+
+	result := regionalHostnameResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result.Result, nil
+}
+
+// UpdateDataLocalizationRegionalHostname returns the details of a specific regional hostname.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) UpdateDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, params UpdateDataLocalizationRegionalHostnameParams) (RegionalHostname, error) {
+	if rc.Level != ZoneRouteLevel {
+		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return RegionalHostname{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, params.Hostname)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return RegionalHostname{}, err
+	}
+	result := regionalHostnameResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result.Result, nil
+}
+
+// DeleteDataLocalizationRegionalHostname deletes a regional hostname.
+//
+// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
+func (api *API) DeleteDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, hostname string) error {
+	if rc.Level != ZoneRouteLevel {
+		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, hostname)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/regional_hostnames_test.go b/pkg/cloudflare-go/regional_hostnames_test.go
new file mode 100644
index 0000000000..0391d3ccbc
--- /dev/null
+++ b/pkg/cloudflare-go/regional_hostnames_test.go
@@ -0,0 +1,219 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const regionalHostname = "eu.example.com"
+
+func TestListRegions(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [
+				{
+				  "key": "ca",
+				  "label": "Canada"
+				},
+				{
+				  "key": "eu",
+				  "label": "Europe"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/regional_hostnames/regions", handler)
+
+	want := []Region{
+		{
+			Key:   "ca",
+			Label: "Canada",
+		},
+		{
+			Key:   "eu",
+			Label: "Europe",
+		},
+	}
+
+	actual, err := client.ListDataLocalizationRegions(context.Background(), AccountIdentifier(testAccountID), ListDataLocalizationRegionsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListRegionalHostnames(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": [
+			{
+			  "hostname": "%s",
+			  "region_key": "ca",
+			  "created_on": "2023-01-14T00:47:57.060267Z"
+			}
+		  ],
+		  "success": true,
+		  "errors": [],
+		  "messages": []
+		}`, regionalHostname)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
+	want := []RegionalHostname{
+		{
+			Hostname:  regionalHostname,
+			RegionKey: "ca",
+			CreatedOn: &createdOn,
+		},
+	}
+
+	actual, err := client.ListDataLocalizationRegionalHostnames(context.Background(), ZoneIdentifier(testZoneID), ListDataLocalizationRegionalHostnamesParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateRegionalHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": {
+			  "hostname": "%s",
+			  "region_key": "ca",
+			  "created_on": "2023-01-14T00:47:57.060267Z"
+		  },
+		  "success": true,
+		  "errors": [],
+		  "messages": []
+		}`, regionalHostname)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames", handler)
+
+	params := CreateDataLocalizationRegionalHostnameParams{
+		RegionKey: "ca",
+		Hostname:  regionalHostname,
+	}
+
+	want := RegionalHostname{
+		RegionKey: "ca",
+		Hostname:  regionalHostname,
+	}
+
+	actual, err := client.CreateDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), params)
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
+	want.CreatedOn = &createdOn
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetRegionalHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": {
+			  "hostname": "%s",
+			  "region_key": "ca",
+			  "created_on": "2023-01-14T00:47:57.060267Z"
+		  },
+		  "success": true,
+		  "errors": [],
+		  "messages": []
+		}`, regionalHostname)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
+
+	actual, err := client.GetDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), regionalHostname)
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
+	want := RegionalHostname{
+		RegionKey: "ca",
+		Hostname:  regionalHostname,
+		CreatedOn: &createdOn,
+	}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateRegionalHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "result": {
+			  "hostname": "%s",
+			  "region_key": "eu",
+			  "created_on": "2023-01-14T00:47:57.060267Z"
+		  },
+		  "success": true,
+		  "errors": [],
+		  "messages": []
+		}`, regionalHostname)
+	}
+
+	params := UpdateDataLocalizationRegionalHostnameParams{
+		RegionKey: "eu",
+		Hostname:  regionalHostname,
+	}
+
+	want := RegionalHostname{
+		RegionKey: "eu",
+		Hostname:  regionalHostname,
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
+
+	actual, err := client.UpdateDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), params)
+	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
+	want.CreatedOn = &createdOn
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteRegionalHostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
+
+	err := client.DeleteDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), regionalHostname)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/regional_tiered_cache.go b/pkg/cloudflare-go/regional_tiered_cache.go
new file mode 100644
index 0000000000..eb3254be2b
--- /dev/null
+++ b/pkg/cloudflare-go/regional_tiered_cache.go
@@ -0,0 +1,85 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// RegionalTieredCache is the structure of the API object for the regional tiered cache
+// setting.
+type RegionalTieredCache struct {
+	ID         string    `json:"id,omitempty"`
+	ModifiedOn time.Time `json:"modified_on,omitempty"`
+	Value      string    `json:"value"`
+}
+
+// RegionalTieredCacheDetailsResponse is the API response for the regional tiered cache
+// setting.
+type RegionalTieredCacheDetailsResponse struct {
+	Result RegionalTieredCache `json:"result"`
+	Response
+}
+
+type zoneRegionalTieredCacheSingleResponse struct {
+	Response
+	Result RegionalTieredCache `json:"result"`
+}
+
+type GetRegionalTieredCacheParams struct{}
+
+type UpdateRegionalTieredCacheParams struct {
+	Value string `json:"value"`
+}
+
+// GetRegionalTieredCache returns information about the current regional tiered
+// cache settings.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-get-regional-tiered-cache-setting
+func (api *API) GetRegionalTieredCache(ctx context.Context, rc *ResourceContainer, params GetRegionalTieredCacheParams) (RegionalTieredCache, error) {
+	if rc.Level != ZoneRouteLevel {
+		return RegionalTieredCache{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/cache/regional_tiered_cache", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return RegionalTieredCache{}, err
+	}
+
+	var RegionalTieredCacheDetailsResponse RegionalTieredCacheDetailsResponse
+	err = json.Unmarshal(res, &RegionalTieredCacheDetailsResponse)
+	if err != nil {
+		return RegionalTieredCache{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return RegionalTieredCacheDetailsResponse.Result, nil
+}
+
+// UpdateRegionalTieredCache updates the regional tiered cache setting for a
+// zone.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-change-regional-tiered-cache-setting
+func (api *API) UpdateRegionalTieredCache(ctx context.Context, rc *ResourceContainer, params UpdateRegionalTieredCacheParams) (RegionalTieredCache, error) {
+	if rc.Level != ZoneRouteLevel {
+		return RegionalTieredCache{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/%s/%s/cache/regional_tiered_cache", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return RegionalTieredCache{}, err
+	}
+
+	response := &zoneRegionalTieredCacheSingleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return RegionalTieredCache{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/regional_tiered_cache_test.go b/pkg/cloudflare-go/regional_tiered_cache_test.go
new file mode 100644
index 0000000000..df74f3bfe2
--- /dev/null
+++ b/pkg/cloudflare-go/regional_tiered_cache_test.go
@@ -0,0 +1,90 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var regionalTieredCacheTimestampString = "2019-02-20T22:37:07.107449Z"
+var regionalTieredCacheTimestamp, _ = time.Parse(time.RFC3339Nano, regionalTieredCacheTimestampString)
+
+func TestRegionalTieredCache(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "regional_tiered_cache",
+				"value": "on",
+				"modified_on": "%s"
+			}
+		}
+		`, regionalTieredCacheTimestampString)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/cache/regional_tiered_cache", handler)
+	want := RegionalTieredCache{
+		ID:         "regional_tiered_cache",
+		Value:      "on",
+		ModifiedOn: regionalTieredCacheTimestamp,
+	}
+
+	actual, err := client.GetRegionalTieredCache(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		GetRegionalTieredCacheParams{},
+	)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateRegionalTieredCache(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "regional_tiered_cache",
+				"value": "off",
+				"modified_on": "%s"
+			}
+		}
+		`, regionalTieredCacheTimestampString)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/cache/regional_tiered_cache", handler)
+	want := RegionalTieredCache{
+		ID:         "regional_tiered_cache",
+		Value:      "off",
+		ModifiedOn: regionalTieredCacheTimestamp,
+	}
+
+	actual, err := client.UpdateRegionalTieredCache(
+		context.Background(),
+		ZoneIdentifier(testZoneID),
+		UpdateRegionalTieredCacheParams{Value: "off"},
+	)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/registrar.go b/pkg/cloudflare-go/registrar.go
new file mode 100644
index 0000000000..68144ac4a1
--- /dev/null
+++ b/pkg/cloudflare-go/registrar.go
@@ -0,0 +1,176 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// RegistrarDomain is the structure of the API response for a new
+// Cloudflare Registrar domain.
+type RegistrarDomain struct {
+	ID                string              `json:"id"`
+	Available         bool                `json:"available"`
+	SupportedTLD      bool                `json:"supported_tld"`
+	CanRegister       bool                `json:"can_register"`
+	TransferIn        RegistrarTransferIn `json:"transfer_in"`
+	CurrentRegistrar  string              `json:"current_registrar"`
+	ExpiresAt         time.Time           `json:"expires_at"`
+	RegistryStatuses  string              `json:"registry_statuses"`
+	Locked            bool                `json:"locked"`
+	CreatedAt         time.Time           `json:"created_at"`
+	UpdatedAt         time.Time           `json:"updated_at"`
+	RegistrantContact RegistrantContact   `json:"registrant_contact"`
+}
+
+// RegistrarTransferIn contains the structure for a domain transfer in
+// request.
+type RegistrarTransferIn struct {
+	UnlockDomain      string `json:"unlock_domain"`
+	DisablePrivacy    string `json:"disable_privacy"`
+	EnterAuthCode     string `json:"enter_auth_code"`
+	ApproveTransfer   string `json:"approve_transfer"`
+	AcceptFoa         string `json:"accept_foa"`
+	CanCancelTransfer bool   `json:"can_cancel_transfer"`
+}
+
+// RegistrantContact is the contact details for the domain registration.
+type RegistrantContact struct {
+	ID           string `json:"id"`
+	FirstName    string `json:"first_name"`
+	LastName     string `json:"last_name"`
+	Organization string `json:"organization"`
+	Address      string `json:"address"`
+	Address2     string `json:"address2"`
+	City         string `json:"city"`
+	State        string `json:"state"`
+	Zip          string `json:"zip"`
+	Country      string `json:"country"`
+	Phone        string `json:"phone"`
+	Email        string `json:"email"`
+	Fax          string `json:"fax"`
+}
+
+// RegistrarDomainConfiguration is the structure for making updates to
+// and existing domain.
+type RegistrarDomainConfiguration struct {
+	NameServers []string `json:"name_servers"`
+	Privacy     bool     `json:"privacy"`
+	Locked      bool     `json:"locked"`
+	AutoRenew   bool     `json:"auto_renew"`
+}
+
+// RegistrarDomainDetailResponse is the structure of the detailed
+// response from the API for a single domain.
+type RegistrarDomainDetailResponse struct {
+	Response
+	Result RegistrarDomain `json:"result"`
+}
+
+// RegistrarDomainsDetailResponse is the structure of the detailed
+// response from the API.
+type RegistrarDomainsDetailResponse struct {
+	Response
+	Result []RegistrarDomain `json:"result"`
+}
+
+// RegistrarDomain returns a single domain based on the account ID and
+// domain name.
+//
+// API reference: https://api.cloudflare.com/#registrar-domains-get-domain
+func (api *API) RegistrarDomain(ctx context.Context, accountID, domainName string) (RegistrarDomain, error) {
+	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s", accountID, domainName)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return RegistrarDomain{}, err
+	}
+
+	var r RegistrarDomainDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// RegistrarDomains returns all registrar domains based on the account
+// ID.
+//
+// API reference: https://api.cloudflare.com/#registrar-domains-list-domains
+func (api *API) RegistrarDomains(ctx context.Context, accountID string) ([]RegistrarDomain, error) {
+	uri := fmt.Sprintf("/accounts/%s/registrar/domains", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []RegistrarDomain{}, err
+	}
+
+	var r RegistrarDomainsDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// TransferRegistrarDomain initiates the transfer from another registrar
+// to Cloudflare Registrar.
+//
+// API reference: https://api.cloudflare.com/#registrar-domains-transfer-domain
+func (api *API) TransferRegistrarDomain(ctx context.Context, accountID, domainName string) ([]RegistrarDomain, error) {
+	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s/transfer", accountID, domainName)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return []RegistrarDomain{}, err
+	}
+
+	var r RegistrarDomainsDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CancelRegistrarDomainTransfer cancels a pending domain transfer.
+//
+// API reference: https://api.cloudflare.com/#registrar-domains-cancel-transfer
+func (api *API) CancelRegistrarDomainTransfer(ctx context.Context, accountID, domainName string) ([]RegistrarDomain, error) {
+	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s/cancel_transfer", accountID, domainName)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return []RegistrarDomain{}, err
+	}
+
+	var r RegistrarDomainsDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateRegistrarDomain updates an existing Registrar Domain configuration.
+//
+// API reference: https://api.cloudflare.com/#registrar-domains-update-domain
+func (api *API) UpdateRegistrarDomain(ctx context.Context, accountID, domainName string, domainConfiguration RegistrarDomainConfiguration) (RegistrarDomain, error) {
+	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s", accountID, domainName)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domainConfiguration)
+	if err != nil {
+		return RegistrarDomain{}, err
+	}
+
+	var r RegistrarDomainDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/registrar_example_test.go b/pkg/cloudflare-go/registrar_example_test.go
new file mode 100644
index 0000000000..5e6229bc01
--- /dev/null
+++ b/pkg/cloudflare-go/registrar_example_test.go
@@ -0,0 +1,85 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_RegistrarDomain() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	domain, err := api.RegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", domain)
+}
+
+func ExampleAPI_RegistrarDomains() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	domains, err := api.RegistrarDomains(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", domains)
+}
+
+func ExampleAPI_TransferRegistrarDomain() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	domain, err := api.TransferRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", domain)
+}
+
+func ExampleAPI_CancelRegistrarDomainTransfer() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	domains, err := api.CancelRegistrarDomainTransfer(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", domains)
+}
+
+func ExampleAPI_UpdateRegistrarDomain() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	domain, err := api.UpdateRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com", cloudflare.RegistrarDomainConfiguration{
+		NameServers: []string{"ns1.cloudflare.com", "ns2.cloudflare.com"},
+		Locked:      false,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", domain)
+}
diff --git a/pkg/cloudflare-go/registrar_test.go b/pkg/cloudflare-go/registrar_test.go
new file mode 100644
index 0000000000..98590ac45a
--- /dev/null
+++ b/pkg/cloudflare-go/registrar_test.go
@@ -0,0 +1,375 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	createdAndModifiedTimestamp, _ = time.Parse(time.RFC3339, "2018-08-28T17:26:26Z")
+	expiresAtTimestamp, _          = time.Parse(time.RFC3339, "2019-08-28T23:59:59Z")
+	expectedRegistrarTransferIn    = RegistrarTransferIn{
+		UnlockDomain:      "ok",
+		DisablePrivacy:    "ok",
+		EnterAuthCode:     "needed",
+		ApproveTransfer:   "unknown",
+		AcceptFoa:         "needed",
+		CanCancelTransfer: true,
+	}
+	expectedRegistrarContact = RegistrantContact{
+		ID:           "ea95132c15732412d22c1476fa83f27a",
+		FirstName:    "John",
+		LastName:     "Appleseed",
+		Organization: "Cloudflare, Inc.",
+		Address:      "123 Sesame St.",
+		Address2:     "Suite 430",
+		City:         "Austin",
+		State:        "TX",
+		Zip:          "12345",
+		Country:      "US",
+		Phone:        "+1 123-123-1234",
+		Email:        "user@example.com",
+		Fax:          "123-867-5309",
+	}
+	expectedRegistrarDomain = RegistrarDomain{
+		ID:                "ea95132c15732412d22c1476fa83f27a",
+		Available:         false,
+		SupportedTLD:      true,
+		CanRegister:       false,
+		TransferIn:        expectedRegistrarTransferIn,
+		CurrentRegistrar:  "Cloudflare",
+		ExpiresAt:         expiresAtTimestamp,
+		RegistryStatuses:  "ok,serverTransferProhibited",
+		Locked:            false,
+		CreatedAt:         createdAndModifiedTimestamp,
+		UpdatedAt:         createdAndModifiedTimestamp,
+		RegistrantContact: expectedRegistrarContact,
+	}
+)
+
+func TestRegistrarDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ea95132c15732412d22c1476fa83f27a",
+				"available": false,
+				"supported_tld": true,
+				"can_register": false,
+				"transfer_in": {
+					"unlock_domain": "ok",
+					"disable_privacy": "ok",
+					"enter_auth_code": "needed",
+					"approve_transfer": "unknown",
+					"accept_foa": "needed",
+					"can_cancel_transfer": true
+				},
+				"current_registrar": "Cloudflare",
+				"expires_at": "2019-08-28T23:59:59Z",
+				"registry_statuses": "ok,serverTransferProhibited",
+				"locked": false,
+				"created_at": "2018-08-28T17:26:26Z",
+				"updated_at": "2018-08-28T17:26:26Z",
+				"registrant_contact": {
+					"id": "ea95132c15732412d22c1476fa83f27a",
+					"first_name": "John",
+					"last_name": "Appleseed",
+					"organization": "Cloudflare, Inc.",
+					"address": "123 Sesame St.",
+					"address2": "Suite 430",
+					"city": "Austin",
+					"state": "TX",
+					"zip": "12345",
+					"country": "US",
+					"phone": "+1 123-123-1234",
+					"email": "user@example.com",
+					"fax": "123-867-5309"
+				}
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com", handler)
+
+	actual, err := client.RegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedRegistrarDomain, actual)
+	}
+}
+
+func TestRegistrarDomains(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "ea95132c15732412d22c1476fa83f27a",
+					"available": false,
+					"supported_tld": true,
+					"can_register": false,
+					"transfer_in": {
+						"unlock_domain": "ok",
+						"disable_privacy": "ok",
+						"enter_auth_code": "needed",
+						"approve_transfer": "unknown",
+						"accept_foa": "needed",
+						"can_cancel_transfer": true
+					},
+					"current_registrar": "Cloudflare",
+					"expires_at": "2019-08-28T23:59:59Z",
+					"registry_statuses": "ok,serverTransferProhibited",
+					"locked": false,
+					"created_at": "2018-08-28T17:26:26Z",
+					"updated_at": "2018-08-28T17:26:26Z",
+					"registrant_contact": {
+						"id": "ea95132c15732412d22c1476fa83f27a",
+						"first_name": "John",
+						"last_name": "Appleseed",
+						"organization": "Cloudflare, Inc.",
+						"address": "123 Sesame St.",
+						"address2": "Suite 430",
+						"city": "Austin",
+						"state": "TX",
+						"zip": "12345",
+						"country": "US",
+						"phone": "+1 123-123-1234",
+						"email": "user@example.com",
+						"fax": "123-867-5309"
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains", handler)
+
+	actual, err := client.RegistrarDomains(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
+	}
+}
+
+func TestTransferRegistrarDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "ea95132c15732412d22c1476fa83f27a",
+					"available": false,
+					"supported_tld": true,
+					"can_register": false,
+					"transfer_in": {
+						"unlock_domain": "ok",
+						"disable_privacy": "ok",
+						"enter_auth_code": "needed",
+						"approve_transfer": "unknown",
+						"accept_foa": "needed",
+						"can_cancel_transfer": true
+					},
+					"current_registrar": "Cloudflare",
+					"expires_at": "2019-08-28T23:59:59Z",
+					"registry_statuses": "ok,serverTransferProhibited",
+					"locked": false,
+					"created_at": "2018-08-28T17:26:26Z",
+					"updated_at": "2018-08-28T17:26:26Z",
+					"registrant_contact": {
+						"id": "ea95132c15732412d22c1476fa83f27a",
+						"first_name": "John",
+						"last_name": "Appleseed",
+						"organization": "Cloudflare, Inc.",
+						"address": "123 Sesame St.",
+						"address2": "Suite 430",
+						"city": "Austin",
+						"state": "TX",
+						"zip": "12345",
+						"country": "US",
+						"phone": "+1 123-123-1234",
+						"email": "user@example.com",
+						"fax": "123-867-5309"
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com/transfer", handler)
+
+	actual, err := client.TransferRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
+	}
+}
+
+func TestCancelRegistrarDomainTransfer(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "ea95132c15732412d22c1476fa83f27a",
+					"available": false,
+					"supported_tld": true,
+					"can_register": false,
+					"transfer_in": {
+						"unlock_domain": "ok",
+						"disable_privacy": "ok",
+						"enter_auth_code": "needed",
+						"approve_transfer": "unknown",
+						"accept_foa": "needed",
+						"can_cancel_transfer": true
+					},
+					"current_registrar": "Cloudflare",
+					"expires_at": "2019-08-28T23:59:59Z",
+					"registry_statuses": "ok,serverTransferProhibited",
+					"locked": false,
+					"created_at": "2018-08-28T17:26:26Z",
+					"updated_at": "2018-08-28T17:26:26Z",
+					"registrant_contact": {
+						"id": "ea95132c15732412d22c1476fa83f27a",
+						"first_name": "John",
+						"last_name": "Appleseed",
+						"organization": "Cloudflare, Inc.",
+						"address": "123 Sesame St.",
+						"address2": "Suite 430",
+						"city": "Austin",
+						"state": "TX",
+						"zip": "12345",
+						"country": "US",
+						"phone": "+1 123-123-1234",
+						"email": "user@example.com",
+						"fax": "123-867-5309"
+					}
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com/cancel_transfer", handler)
+
+	actual, err := client.CancelRegistrarDomainTransfer(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
+	}
+}
+
+func TestUpdateRegistrarDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "ea95132c15732412d22c1476fa83f27a",
+				"available": false,
+				"supported_tld": true,
+				"can_register": false,
+				"transfer_in": {
+					"unlock_domain": "ok",
+					"disable_privacy": "ok",
+					"enter_auth_code": "needed",
+					"approve_transfer": "unknown",
+					"accept_foa": "needed",
+					"can_cancel_transfer": true
+				},
+				"current_registrar": "Cloudflare",
+				"expires_at": "2019-08-28T23:59:59Z",
+				"registry_statuses": "ok,serverTransferProhibited",
+				"locked": false,
+				"created_at": "2018-08-28T17:26:26Z",
+				"updated_at": "2018-08-28T17:26:26Z",
+				"registrant_contact": {
+					"id": "ea95132c15732412d22c1476fa83f27a",
+					"first_name": "John",
+					"last_name": "Appleseed",
+					"organization": "Cloudflare, Inc.",
+					"address": "123 Sesame St.",
+					"address2": "Suite 430",
+					"city": "Austin",
+					"state": "TX",
+					"zip": "12345",
+					"country": "US",
+					"phone": "+1 123-123-1234",
+					"email": "user@example.com",
+					"fax": "123-867-5309"
+				}
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com", handler)
+
+	actual, err := client.UpdateRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com", RegistrarDomainConfiguration{
+		NameServers: []string{"ns1.cloudflare.com", "ns2.cloudflare.com"},
+		Locked:      false,
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedRegistrarDomain, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/resource.go b/pkg/cloudflare-go/resource.go
new file mode 100644
index 0000000000..d781975930
--- /dev/null
+++ b/pkg/cloudflare-go/resource.go
@@ -0,0 +1,114 @@
+package cloudflare
+
+import "fmt"
+
+// RouteLevel holds the "level" where the resource resides. Commonly used in
+// routing configurations or builders.
+type RouteLevel string
+
+// ResourceType holds the type of the resource. This is similar to `RouteLevel`
+// however this is the singular version of `RouteLevel` and isn't suitable for
+// use in routing.
+type ResourceType string
+
+const (
+	user    = "user"
+	zone    = "zone"
+	account = "account"
+
+	zones    = zone + "s"
+	accounts = account + "s"
+
+	AccountRouteLevel RouteLevel = accounts
+	ZoneRouteLevel    RouteLevel = zones
+	UserRouteLevel    RouteLevel = user
+
+	AccountType ResourceType = account
+	ZoneType    ResourceType = zone
+	UserType    ResourceType = user
+)
+
+// ResourceContainer defines an API resource you wish to target. Should not be
+// used directly, use `UserIdentifier`, `ZoneIdentifier` and `AccountIdentifier`
+// instead.
+type ResourceContainer struct {
+	Level      RouteLevel
+	Identifier string
+	Type       ResourceType
+}
+
+func (r RouteLevel) String() string {
+	switch r {
+	case AccountRouteLevel:
+		return accounts
+	case ZoneRouteLevel:
+		return zones
+	case UserRouteLevel:
+		return user
+	default:
+		return "unknown"
+	}
+}
+
+func (r ResourceType) String() string {
+	switch r {
+	case AccountType:
+		return account
+	case ZoneType:
+		return zone
+	case UserType:
+		return user
+	default:
+		return "unknown"
+	}
+}
+
+// Returns a URL fragment of the endpoint scoped by the container.
+//
+// For example, a zone identifier would have a fragment like "zones/foobar" while
+// an account identifier would generate "accounts/foobar".
+func (rc *ResourceContainer) URLFragment() string {
+	if rc.Level == "" {
+		return rc.Identifier
+	}
+
+	if rc.Level == UserRouteLevel {
+		return user
+	}
+
+	return fmt.Sprintf("%s/%s", rc.Level, rc.Identifier)
+}
+
+// ResourceIdentifier returns a generic *ResourceContainer.
+func ResourceIdentifier(id string) *ResourceContainer {
+	return &ResourceContainer{
+		Identifier: id,
+	}
+}
+
+// UserIdentifier returns a user level *ResourceContainer.
+func UserIdentifier(id string) *ResourceContainer {
+	return &ResourceContainer{
+		Level:      UserRouteLevel,
+		Identifier: id,
+		Type:       UserType,
+	}
+}
+
+// ZoneIdentifier returns a zone level *ResourceContainer.
+func ZoneIdentifier(id string) *ResourceContainer {
+	return &ResourceContainer{
+		Level:      ZoneRouteLevel,
+		Identifier: id,
+		Type:       ZoneType,
+	}
+}
+
+// AccountIdentifier returns an account level *ResourceContainer.
+func AccountIdentifier(id string) *ResourceContainer {
+	return &ResourceContainer{
+		Level:      AccountRouteLevel,
+		Identifier: id,
+		Type:       AccountType,
+	}
+}
diff --git a/pkg/cloudflare-go/resource_group.go b/pkg/cloudflare-go/resource_group.go
new file mode 100644
index 0000000000..6d25ffb5e8
--- /dev/null
+++ b/pkg/cloudflare-go/resource_group.go
@@ -0,0 +1,53 @@
+package cloudflare
+
+import "fmt"
+
+type ResourceGroup struct {
+	ID    string            `json:"id"`
+	Name  string            `json:"name"`
+	Meta  map[string]string `json:"meta"`
+	Scope Scope             `json:"scope"`
+}
+
+type Scope struct {
+	Key          string        `json:"key"`
+	ScopeObjects []ScopeObject `json:"objects"`
+}
+
+type ScopeObject struct {
+	Key string `json:"key"`
+}
+
+// NewResourceGroupForZone takes an existing zone and provides a resource group
+// to be used within a Policy that allows access to that zone.
+func NewResourceGroupForZone(zone Zone) ResourceGroup {
+	return NewResourceGroup(fmt.Sprintf("com.cloudflare.api.account.zone.%s", zone.ID))
+}
+
+// NewResourceGroupForAccount takes an existing zone and provides a resource group
+// to be used within a Policy that allows access to that account.
+func NewResourceGroupForAccount(account Account) ResourceGroup {
+	return NewResourceGroup(fmt.Sprintf("com.cloudflare.api.account.%s", account.ID))
+}
+
+// NewResourceGroup takes a Cloudflare-formatted key (e.g. 'com.cloudflare.api.%s') and
+// returns a resource group to be used within a Policy to allow access to that resource.
+func NewResourceGroup(key string) ResourceGroup {
+	scope := Scope{
+		Key: key,
+		ScopeObjects: []ScopeObject{
+			{
+				Key: "*",
+			},
+		},
+	}
+	resourceGroup := ResourceGroup{
+		ID:   "",
+		Name: key,
+		Meta: map[string]string{
+			"editable": "false",
+		},
+		Scope: scope,
+	}
+	return resourceGroup
+}
diff --git a/pkg/cloudflare-go/resource_group_test.go b/pkg/cloudflare-go/resource_group_test.go
new file mode 100644
index 0000000000..6f0ff3d366
--- /dev/null
+++ b/pkg/cloudflare-go/resource_group_test.go
@@ -0,0 +1,47 @@
+package cloudflare
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewResourceGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	key := "com.cloudflare.test.1"
+	rg := NewResourceGroup(key)
+
+	assert.Equal(t, rg.Name, key)
+	assert.Equal(t, rg.Scope.Key, key)
+}
+
+func TestNewResourceGroupForAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "some-fake-account-id"
+	rg := NewResourceGroupForAccount(Account{
+		ID: id,
+	})
+
+	key := fmt.Sprintf("com.cloudflare.api.account.%s", id)
+	assert.Equal(t, rg.Name, key)
+	assert.Equal(t, rg.Scope.Key, key)
+}
+
+func TestNewResourceGroupForZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "some-fake-zone-id"
+	rg := NewResourceGroupForZone(Zone{
+		ID: id,
+	})
+
+	key := fmt.Sprintf("com.cloudflare.api.account.zone.%s", id)
+	assert.Equal(t, rg.Name, key)
+	assert.Equal(t, rg.Scope.Key, key)
+}
diff --git a/pkg/cloudflare-go/resource_test.go b/pkg/cloudflare-go/resource_test.go
new file mode 100644
index 0000000000..ad2e7295a3
--- /dev/null
+++ b/pkg/cloudflare-go/resource_test.go
@@ -0,0 +1,66 @@
+package cloudflare
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestResourceProperties(t *testing.T) {
+	testCases := map[string]struct {
+		container          *ResourceContainer
+		expectedRoute      string
+		expectedType       string
+		expectedIdentifier string
+	}{
+		account: {
+			container:          AccountIdentifier("abcd1234"),
+			expectedRoute:      accounts,
+			expectedType:       account,
+			expectedIdentifier: "abcd1234",
+		},
+		zone: {
+			container:          ZoneIdentifier("abcd1234"),
+			expectedRoute:      zones,
+			expectedType:       zone,
+			expectedIdentifier: "abcd1234",
+		},
+		user: {
+			container:          UserIdentifier("abcd1234"),
+			expectedRoute:      user,
+			expectedType:       user,
+			expectedIdentifier: "abcd1234",
+		},
+	}
+
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			assert.Equal(t, tc.container.Level.String(), tc.expectedRoute)
+			assert.Equal(t, tc.container.Type.String(), tc.expectedType)
+			assert.Equal(t, tc.container.Identifier, tc.expectedIdentifier)
+		})
+	}
+}
+func TestResourcURLFragment(t *testing.T) {
+	tests := map[string]struct {
+		container *ResourceContainer
+		want      string
+	}{
+		"account resource": {container: AccountIdentifier("foo"), want: "accounts/foo"},
+		"zone resource":    {container: ZoneIdentifier("foo"), want: "zones/foo"},
+		// this is pretty well deprecated in favour of `AccountIdentifier` but
+		// here for completeness.
+		"user level resource":    {container: UserIdentifier("foo"), want: "user"},
+		"missing level resource": {container: &ResourceContainer{Level: "", Identifier: "foo"}, want: "foo"},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			got := tc.container.URLFragment()
+			assert.Equal(t, tc.want, got)
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/rulesets.go b/pkg/cloudflare-go/rulesets.go
new file mode 100644
index 0000000000..8b1ad430a5
--- /dev/null
+++ b/pkg/cloudflare-go/rulesets.go
@@ -0,0 +1,888 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingRulesetPhase = errors.New("missing required phase")
+)
+
+const (
+	RulesetKindCustom  RulesetKind = "custom"
+	RulesetKindManaged RulesetKind = "managed"
+	RulesetKindRoot    RulesetKind = "root"
+	RulesetKindZone    RulesetKind = "zone"
+
+	RulesetPhaseDDoSL4                       RulesetPhase = "ddos_l4"
+	RulesetPhaseDDoSL7                       RulesetPhase = "ddos_l7"
+	RulesetPhaseHTTPConfigSettings           RulesetPhase = "http_config_settings"
+	RulesetPhaseHTTPCustomErrors             RulesetPhase = "http_custom_errors"
+	RulesetPhaseHTTPLogCustomFields          RulesetPhase = "http_log_custom_fields"
+	RulesetPhaseHTTPRatelimit                RulesetPhase = "http_ratelimit"
+	RulesetPhaseHTTPRequestCacheSettings     RulesetPhase = "http_request_cache_settings"
+	RulesetPhaseHTTPRequestDynamicRedirect   RulesetPhase = "http_request_dynamic_redirect" //nolint:gosec
+	RulesetPhaseHTTPRequestFirewallCustom    RulesetPhase = "http_request_firewall_custom"
+	RulesetPhaseHTTPRequestFirewallManaged   RulesetPhase = "http_request_firewall_managed"
+	RulesetPhaseHTTPRequestLateTransform     RulesetPhase = "http_request_late_transform"
+	RulesetPhaseHTTPRequestOrigin            RulesetPhase = "http_request_origin"
+	RulesetPhaseHTTPRequestRedirect          RulesetPhase = "http_request_redirect"
+	RulesetPhaseHTTPRequestSanitize          RulesetPhase = "http_request_sanitize"
+	RulesetPhaseHTTPRequestSBFM              RulesetPhase = "http_request_sbfm"
+	RulesetPhaseHTTPRequestTransform         RulesetPhase = "http_request_transform"
+	RulesetPhaseHTTPResponseCompression      RulesetPhase = "http_response_compression"
+	RulesetPhaseHTTPResponseFirewallManaged  RulesetPhase = "http_response_firewall_managed"
+	RulesetPhaseHTTPResponseHeadersTransform RulesetPhase = "http_response_headers_transform"
+	RulesetPhaseMagicTransit                 RulesetPhase = "magic_transit"
+
+	RulesetRuleActionBlock                RulesetRuleAction = "block"
+	RulesetRuleActionChallenge            RulesetRuleAction = "challenge"
+	RulesetRuleActionCompressResponse     RulesetRuleAction = "compress_response"
+	RulesetRuleActionDDoSDynamic          RulesetRuleAction = "ddos_dynamic"
+	RulesetRuleActionDDoSMitigation       RulesetRuleAction = "ddos_mitigation"
+	RulesetRuleActionExecute              RulesetRuleAction = "execute"
+	RulesetRuleActionForceConnectionClose RulesetRuleAction = "force_connection_close"
+	RulesetRuleActionJSChallenge          RulesetRuleAction = "js_challenge"
+	RulesetRuleActionLog                  RulesetRuleAction = "log"
+	RulesetRuleActionLogCustomField       RulesetRuleAction = "log_custom_field"
+	RulesetRuleActionManagedChallenge     RulesetRuleAction = "managed_challenge"
+	RulesetRuleActionRedirect             RulesetRuleAction = "redirect"
+	RulesetRuleActionRewrite              RulesetRuleAction = "rewrite"
+	RulesetRuleActionRoute                RulesetRuleAction = "route"
+	RulesetRuleActionScore                RulesetRuleAction = "score"
+	RulesetRuleActionServeError           RulesetRuleAction = "serve_error"
+	RulesetRuleActionSetCacheSettings     RulesetRuleAction = "set_cache_settings"
+	RulesetRuleActionSetConfig            RulesetRuleAction = "set_config"
+	RulesetRuleActionSkip                 RulesetRuleAction = "skip"
+
+	RulesetActionParameterProductBIC           RulesetActionParameterProduct = "bic"
+	RulesetActionParameterProductHOT           RulesetActionParameterProduct = "hot"
+	RulesetActionParameterProductRateLimit     RulesetActionParameterProduct = "ratelimit"
+	RulesetActionParameterProductSecurityLevel RulesetActionParameterProduct = "securityLevel"
+	RulesetActionParameterProductUABlock       RulesetActionParameterProduct = "uablock"
+	RulesetActionParameterProductWAF           RulesetActionParameterProduct = "waf"
+	RulesetActionParameterProductZoneLockdown  RulesetActionParameterProduct = "zonelockdown"
+
+	RulesetRuleActionParametersHTTPHeaderOperationRemove RulesetRuleActionParametersHTTPHeaderOperation = "remove"
+	RulesetRuleActionParametersHTTPHeaderOperationSet    RulesetRuleActionParametersHTTPHeaderOperation = "set"
+	RulesetRuleActionParametersHTTPHeaderOperationAdd    RulesetRuleActionParametersHTTPHeaderOperation = "add"
+)
+
+// RulesetKindValues exposes all the available `RulesetKind` values as a slice
+// of strings.
+func RulesetKindValues() []string {
+	return []string{
+		string(RulesetKindCustom),
+		string(RulesetKindManaged),
+		string(RulesetKindRoot),
+		string(RulesetKindZone),
+	}
+}
+
+// RulesetPhaseValues exposes all the available `RulesetPhase` values as a slice
+// of strings.
+func RulesetPhaseValues() []string {
+	return []string{
+		string(RulesetPhaseDDoSL4),
+		string(RulesetPhaseDDoSL7),
+		string(RulesetPhaseHTTPConfigSettings),
+		string(RulesetPhaseHTTPCustomErrors),
+		string(RulesetPhaseHTTPLogCustomFields),
+		string(RulesetPhaseHTTPRatelimit),
+		string(RulesetPhaseHTTPRequestCacheSettings),
+		string(RulesetPhaseHTTPRequestDynamicRedirect),
+		string(RulesetPhaseHTTPRequestFirewallCustom),
+		string(RulesetPhaseHTTPRequestFirewallManaged),
+		string(RulesetPhaseHTTPRequestLateTransform),
+		string(RulesetPhaseHTTPRequestOrigin),
+		string(RulesetPhaseHTTPRequestRedirect),
+		string(RulesetPhaseHTTPRequestSanitize),
+		string(RulesetPhaseHTTPRequestSBFM),
+		string(RulesetPhaseHTTPRequestTransform),
+		string(RulesetPhaseHTTPResponseCompression),
+		string(RulesetPhaseHTTPResponseFirewallManaged),
+		string(RulesetPhaseHTTPResponseHeadersTransform),
+		string(RulesetPhaseMagicTransit),
+	}
+}
+
+// RulesetRuleActionValues exposes all the available `RulesetRuleAction` values
+// as a slice of strings.
+func RulesetRuleActionValues() []string {
+	return []string{
+		string(RulesetRuleActionBlock),
+		string(RulesetRuleActionChallenge),
+		string(RulesetRuleActionCompressResponse),
+		string(RulesetRuleActionDDoSDynamic),
+		string(RulesetRuleActionDDoSMitigation),
+		string(RulesetRuleActionExecute),
+		string(RulesetRuleActionForceConnectionClose),
+		string(RulesetRuleActionJSChallenge),
+		string(RulesetRuleActionLog),
+		string(RulesetRuleActionLogCustomField),
+		string(RulesetRuleActionManagedChallenge),
+		string(RulesetRuleActionRedirect),
+		string(RulesetRuleActionRewrite),
+		string(RulesetRuleActionRoute),
+		string(RulesetRuleActionScore),
+		string(RulesetRuleActionServeError),
+		string(RulesetRuleActionSetCacheSettings),
+		string(RulesetRuleActionSetConfig),
+		string(RulesetRuleActionSkip),
+	}
+}
+
+// RulesetActionParameterProductValues exposes all the available
+// `RulesetActionParameterProduct` values as a slice of strings.
+func RulesetActionParameterProductValues() []string {
+	return []string{
+		string(RulesetActionParameterProductBIC),
+		string(RulesetActionParameterProductHOT),
+		string(RulesetActionParameterProductRateLimit),
+		string(RulesetActionParameterProductSecurityLevel),
+		string(RulesetActionParameterProductUABlock),
+		string(RulesetActionParameterProductWAF),
+		string(RulesetActionParameterProductZoneLockdown),
+	}
+}
+
+func RulesetRuleActionParametersHTTPHeaderOperationValues() []string {
+	return []string{
+		string(RulesetRuleActionParametersHTTPHeaderOperationRemove),
+		string(RulesetRuleActionParametersHTTPHeaderOperationSet),
+		string(RulesetRuleActionParametersHTTPHeaderOperationAdd),
+	}
+}
+
+// RulesetRuleAction defines a custom type that is used to express allowed
+// values for the rule action.
+type RulesetRuleAction string
+
+// RulesetKind is the custom type for allowed variances of rulesets.
+type RulesetKind string
+
+// RulesetPhase is the custom type for defining at what point the ruleset will
+// be applied in the request pipeline.
+type RulesetPhase string
+
+// RulesetActionParameterProduct is the custom type for defining what products
+// can be used within the action parameters of a ruleset.
+type RulesetActionParameterProduct string
+
+// RulesetRuleActionParametersHTTPHeaderOperation defines available options for
+// HTTP header operations in actions.
+type RulesetRuleActionParametersHTTPHeaderOperation string
+
+// Ruleset contains the structure of a Ruleset. Using `string` for Kind and
+// Phase is a developer nicety to support downstream clients like Terraform who
+// don't really have a strong and expansive type system. As always, the
+// recommendation is to use the types provided where possible to avoid
+// surprises.
+type Ruleset struct {
+	ID                       string        `json:"id,omitempty"`
+	Name                     string        `json:"name,omitempty"`
+	Description              string        `json:"description,omitempty"`
+	Kind                     string        `json:"kind,omitempty"`
+	Version                  *string       `json:"version,omitempty"`
+	LastUpdated              *time.Time    `json:"last_updated,omitempty"`
+	Phase                    string        `json:"phase,omitempty"`
+	Rules                    []RulesetRule `json:"rules"`
+	ShareableEntitlementName string        `json:"shareable_entitlement_name,omitempty"`
+}
+
+// RulesetActionParametersLogCustomField wraps an object that is part of
+// request_fields, response_fields or cookie_fields.
+type RulesetActionParametersLogCustomField struct {
+	Name string `json:"name,omitempty"`
+}
+
+// RulesetRuleActionParameters specifies the action parameters for a Ruleset
+// rule.
+type RulesetRuleActionParameters struct {
+	ID                       string                                            `json:"id,omitempty"`
+	Ruleset                  string                                            `json:"ruleset,omitempty"`
+	Rulesets                 []string                                          `json:"rulesets,omitempty"`
+	Rules                    map[string][]string                               `json:"rules,omitempty"`
+	Increment                int                                               `json:"increment,omitempty"`
+	URI                      *RulesetRuleActionParametersURI                   `json:"uri,omitempty"`
+	Headers                  map[string]RulesetRuleActionParametersHTTPHeader  `json:"headers,omitempty"`
+	Products                 []string                                          `json:"products,omitempty"`
+	Phases                   []string                                          `json:"phases,omitempty"`
+	Overrides                *RulesetRuleActionParametersOverrides             `json:"overrides,omitempty"`
+	MatchedData              *RulesetRuleActionParametersMatchedData           `json:"matched_data,omitempty"`
+	Version                  *string                                           `json:"version,omitempty"`
+	Response                 *RulesetRuleActionParametersBlockResponse         `json:"response,omitempty"`
+	HostHeader               string                                            `json:"host_header,omitempty"`
+	Origin                   *RulesetRuleActionParametersOrigin                `json:"origin,omitempty"`
+	SNI                      *RulesetRuleActionParametersSni                   `json:"sni,omitempty"`
+	RequestFields            []RulesetActionParametersLogCustomField           `json:"request_fields,omitempty"`
+	ResponseFields           []RulesetActionParametersLogCustomField           `json:"response_fields,omitempty"`
+	CookieFields             []RulesetActionParametersLogCustomField           `json:"cookie_fields,omitempty"`
+	Cache                    *bool                                             `json:"cache,omitempty"`
+	AdditionalCacheablePorts []int                                             `json:"additional_cacheable_ports,omitempty"`
+	EdgeTTL                  *RulesetRuleActionParametersEdgeTTL               `json:"edge_ttl,omitempty"`
+	BrowserTTL               *RulesetRuleActionParametersBrowserTTL            `json:"browser_ttl,omitempty"`
+	ServeStale               *RulesetRuleActionParametersServeStale            `json:"serve_stale,omitempty"`
+	Content                  string                                            `json:"content,omitempty"`
+	ContentType              string                                            `json:"content_type,omitempty"`
+	StatusCode               uint16                                            `json:"status_code,omitempty"`
+	RespectStrongETags       *bool                                             `json:"respect_strong_etags,omitempty"`
+	CacheKey                 *RulesetRuleActionParametersCacheKey              `json:"cache_key,omitempty"`
+	OriginCacheControl       *bool                                             `json:"origin_cache_control,omitempty"`
+	OriginErrorPagePassthru  *bool                                             `json:"origin_error_page_passthru,omitempty"`
+	CacheReserve             *RulesetRuleActionParametersCacheReserve          `json:"cache_reserve,omitempty"`
+	FromList                 *RulesetRuleActionParametersFromList              `json:"from_list,omitempty"`
+	FromValue                *RulesetRuleActionParametersFromValue             `json:"from_value,omitempty"`
+	AutomaticHTTPSRewrites   *bool                                             `json:"automatic_https_rewrites,omitempty"`
+	AutoMinify               *RulesetRuleActionParametersAutoMinify            `json:"autominify,omitempty"`
+	BrowserIntegrityCheck    *bool                                             `json:"bic,omitempty"`
+	DisableApps              *bool                                             `json:"disable_apps,omitempty"`
+	DisableZaraz             *bool                                             `json:"disable_zaraz,omitempty"`
+	DisableRailgun           *bool                                             `json:"disable_railgun,omitempty"`
+	DisableRUM               *bool                                             `json:"disable_rum,omitempty"`
+	EmailObfuscation         *bool                                             `json:"email_obfuscation,omitempty"`
+	Fonts                    *bool                                             `json:"fonts,omitempty"`
+	Mirage                   *bool                                             `json:"mirage,omitempty"`
+	OpportunisticEncryption  *bool                                             `json:"opportunistic_encryption,omitempty"`
+	Polish                   *Polish                                           `json:"polish,omitempty"`
+	ReadTimeout              *uint                                             `json:"read_timeout,omitempty"`
+	RocketLoader             *bool                                             `json:"rocket_loader,omitempty"`
+	SecurityLevel            *SecurityLevel                                    `json:"security_level,omitempty"`
+	ServerSideExcludes       *bool                                             `json:"server_side_excludes,omitempty"`
+	SSL                      *SSL                                              `json:"ssl,omitempty"`
+	SXG                      *bool                                             `json:"sxg,omitempty"`
+	HotLinkProtection        *bool                                             `json:"hotlink_protection,omitempty"`
+	Algorithms               []RulesetRuleActionParametersCompressionAlgorithm `json:"algorithms,omitempty"`
+}
+
+// RulesetRuleActionParametersFromList holds the FromList struct for
+// actions which pull data from a list.
+type RulesetRuleActionParametersFromList struct {
+	Name string `json:"name"`
+	Key  string `json:"key"`
+}
+
+type RulesetRuleActionParametersAutoMinify struct {
+	HTML bool `json:"html"`
+	CSS  bool `json:"css"`
+	JS   bool `json:"js"`
+}
+
+type RulesetRuleActionParametersFromValue struct {
+	StatusCode          uint16                               `json:"status_code,omitempty"`
+	TargetURL           RulesetRuleActionParametersTargetURL `json:"target_url"`
+	PreserveQueryString *bool                                `json:"preserve_query_string,omitempty"`
+}
+
+type RulesetRuleActionParametersTargetURL struct {
+	Value      string `json:"value,omitempty"`
+	Expression string `json:"expression,omitempty"`
+}
+
+type RulesetRuleActionParametersEdgeTTL struct {
+	Mode          string                                     `json:"mode,omitempty"`
+	Default       *uint                                      `json:"default,omitempty"`
+	StatusCodeTTL []RulesetRuleActionParametersStatusCodeTTL `json:"status_code_ttl,omitempty"`
+}
+
+type RulesetRuleActionParametersStatusCodeTTL struct {
+	StatusCodeRange *RulesetRuleActionParametersStatusCodeRange `json:"status_code_range,omitempty"`
+	StatusCodeValue *uint                                       `json:"status_code,omitempty"`
+	Value           *int                                        `json:"value,omitempty"`
+}
+
+type RulesetRuleActionParametersStatusCodeRange struct {
+	From *uint `json:"from,omitempty"`
+	To   *uint `json:"to,omitempty"`
+}
+
+type RulesetRuleActionParametersBrowserTTL struct {
+	Mode    string `json:"mode"`
+	Default *uint  `json:"default,omitempty"`
+}
+
+type RulesetRuleActionParametersServeStale struct {
+	DisableStaleWhileUpdating *bool `json:"disable_stale_while_updating,omitempty"`
+}
+
+type RulesetRuleActionParametersCacheKey struct {
+	CacheByDeviceType       *bool                                 `json:"cache_by_device_type,omitempty"`
+	IgnoreQueryStringsOrder *bool                                 `json:"ignore_query_strings_order,omitempty"`
+	CacheDeceptionArmor     *bool                                 `json:"cache_deception_armor,omitempty"`
+	CustomKey               *RulesetRuleActionParametersCustomKey `json:"custom_key,omitempty"`
+}
+
+type RulesetRuleActionParametersCacheReserve struct {
+	Eligible        *bool `json:"eligible,omitempty"`
+	MinimumFileSize *uint `json:"minimum_file_size,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKey struct {
+	Query  *RulesetRuleActionParametersCustomKeyQuery  `json:"query_string,omitempty"`
+	Header *RulesetRuleActionParametersCustomKeyHeader `json:"header,omitempty"`
+	Cookie *RulesetRuleActionParametersCustomKeyCookie `json:"cookie,omitempty"`
+	User   *RulesetRuleActionParametersCustomKeyUser   `json:"user,omitempty"`
+	Host   *RulesetRuleActionParametersCustomKeyHost   `json:"host,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKeyHeader struct {
+	RulesetRuleActionParametersCustomKeyFields
+	ExcludeOrigin *bool `json:"exclude_origin,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKeyCookie RulesetRuleActionParametersCustomKeyFields
+
+type RulesetRuleActionParametersCustomKeyFields struct {
+	Include       []string `json:"include,omitempty"`
+	CheckPresence []string `json:"check_presence,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKeyQuery struct {
+	Include *RulesetRuleActionParametersCustomKeyList `json:"include,omitempty"`
+	Exclude *RulesetRuleActionParametersCustomKeyList `json:"exclude,omitempty"`
+	Ignore  *bool                                     `json:"ignore,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKeyList struct {
+	List []string
+	All  bool
+}
+
+func (s *RulesetRuleActionParametersCustomKeyList) UnmarshalJSON(data []byte) error {
+	var all string
+	if err := json.Unmarshal(data, &all); err == nil {
+		s.All = all == "*"
+		return nil
+	}
+	var list []string
+	if err := json.Unmarshal(data, &list); err == nil {
+		s.List = list
+	}
+
+	return nil
+}
+
+func (s RulesetRuleActionParametersCustomKeyList) MarshalJSON() ([]byte, error) {
+	if s.All {
+		return json.Marshal("*")
+	}
+	return json.Marshal(s.List)
+}
+
+type RulesetRuleActionParametersCustomKeyUser struct {
+	DeviceType *bool `json:"device_type,omitempty"`
+	Geo        *bool `json:"geo,omitempty"`
+	Lang       *bool `json:"lang,omitempty"`
+}
+
+type RulesetRuleActionParametersCustomKeyHost struct {
+	Resolved *bool `json:"resolved,omitempty"`
+}
+
+// RulesetRuleActionParametersBlockResponse holds the BlockResponse struct
+// for an action parameter.
+type RulesetRuleActionParametersBlockResponse struct {
+	StatusCode  uint16 `json:"status_code"`
+	ContentType string `json:"content_type"`
+	Content     string `json:"content"`
+}
+
+// RulesetRuleActionParametersURI holds the URI struct for an action parameter.
+type RulesetRuleActionParametersURI struct {
+	Path   *RulesetRuleActionParametersURIPath  `json:"path,omitempty"`
+	Query  *RulesetRuleActionParametersURIQuery `json:"query,omitempty"`
+	Origin *bool                                `json:"origin,omitempty"`
+}
+
+// RulesetRuleActionParametersURIPath holds the path specific portion of a URI
+// action parameter.
+type RulesetRuleActionParametersURIPath struct {
+	Value      string `json:"value,omitempty"`
+	Expression string `json:"expression,omitempty"`
+}
+
+// RulesetRuleActionParametersURIQuery holds the query specific portion of a URI
+// action parameter.
+type RulesetRuleActionParametersURIQuery struct {
+	Value      *string `json:"value,omitempty"`
+	Expression string  `json:"expression,omitempty"`
+}
+
+// RulesetRuleActionParametersHTTPHeader is the definition for define action
+// parameters that involve HTTP headers.
+type RulesetRuleActionParametersHTTPHeader struct {
+	Operation  string `json:"operation,omitempty"`
+	Value      string `json:"value,omitempty"`
+	Expression string `json:"expression,omitempty"`
+}
+
+type RulesetRuleActionParametersOverrides struct {
+	Enabled          *bool                                   `json:"enabled,omitempty"`
+	Action           string                                  `json:"action,omitempty"`
+	SensitivityLevel string                                  `json:"sensitivity_level,omitempty"`
+	Categories       []RulesetRuleActionParametersCategories `json:"categories,omitempty"`
+	Rules            []RulesetRuleActionParametersRules      `json:"rules,omitempty"`
+}
+
+type RulesetRuleActionParametersCategories struct {
+	Category string `json:"category"`
+	Action   string `json:"action,omitempty"`
+	Enabled  *bool  `json:"enabled,omitempty"`
+}
+
+type RulesetRuleActionParametersRules struct {
+	ID               string `json:"id"`
+	Action           string `json:"action,omitempty"`
+	Enabled          *bool  `json:"enabled,omitempty"`
+	ScoreThreshold   int    `json:"score_threshold,omitempty"`
+	SensitivityLevel string `json:"sensitivity_level,omitempty"`
+}
+
+// RulesetRuleActionParametersMatchedData holds the structure for WAF based
+// payload logging.
+type RulesetRuleActionParametersMatchedData struct {
+	PublicKey string `json:"public_key,omitempty"`
+}
+
+// RulesetRuleActionParametersOrigin is the definition for route action
+// parameters that involve origin overrides.
+type RulesetRuleActionParametersOrigin struct {
+	Host string `json:"host,omitempty"`
+	Port uint16 `json:"port,omitempty"`
+}
+
+// RulesetRuleActionParametersSni is the definition for the route action
+// parameters that involve SNI overrides.
+type RulesetRuleActionParametersSni struct {
+	Value string `json:"value"`
+}
+
+// RulesetRuleActionParametersCompressionAlgorithm defines a compression
+// algorithm for the compress_response action.
+type RulesetRuleActionParametersCompressionAlgorithm struct {
+	Name string `json:"name"`
+}
+
+type Polish int
+
+const (
+	_ Polish = iota
+	PolishOff
+	PolishLossless
+	PolishLossy
+)
+
+func (p Polish) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.String())
+}
+
+func (p Polish) String() string {
+	return [...]string{"off", "lossless", "lossy"}[p-1]
+}
+
+func (p *Polish) UnmarshalJSON(data []byte) error {
+	var (
+		s   string
+		err error
+	)
+	err = json.Unmarshal(data, &s)
+	if err != nil {
+		return err
+	}
+	v, err := PolishFromString(s)
+	if err != nil {
+		return err
+	}
+	*p = *v
+	return nil
+}
+
+func PolishFromString(s string) (*Polish, error) {
+	s = strings.ToLower(s)
+	var v Polish
+	switch s {
+	case "off":
+		v = PolishOff
+	case "lossless":
+		v = PolishLossless
+	case "lossy":
+		v = PolishLossy
+	default:
+		return nil, fmt.Errorf("unknown variant for polish: %s", s)
+	}
+	return &v, nil
+}
+
+func (p Polish) IntoRef() *Polish {
+	return &p
+}
+
+type SecurityLevel int
+
+const (
+	_ SecurityLevel = iota
+	SecurityLevelOff
+	SecurityLevelEssentiallyOff
+	SecurityLevelLow
+	SecurityLevelMedium
+	SecurityLevelHigh
+	SecurityLevelHelp
+)
+
+func (p SecurityLevel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.String())
+}
+
+func (p SecurityLevel) String() string {
+	return [...]string{"off", "essentially_off", "low", "medium", "high", "under_attack"}[p-1]
+}
+
+func (p *SecurityLevel) UnmarshalJSON(data []byte) error {
+	var (
+		s   string
+		err error
+	)
+	err = json.Unmarshal(data, &s)
+	if err != nil {
+		return err
+	}
+	v, err := SecurityLevelFromString(s)
+	if err != nil {
+		return err
+	}
+	*p = *v
+	return nil
+}
+
+func SecurityLevelFromString(s string) (*SecurityLevel, error) {
+	s = strings.ToLower(s)
+	var v SecurityLevel
+	switch s {
+	case "off":
+		v = SecurityLevelOff
+	case "essentially_off":
+		v = SecurityLevelEssentiallyOff
+	case "low":
+		v = SecurityLevelLow
+	case "medium":
+		v = SecurityLevelMedium
+	case "high":
+		v = SecurityLevelHigh
+	case "under_attack":
+		v = SecurityLevelHelp
+	default:
+		return nil, fmt.Errorf("unknown variant for security_level: %s", s)
+	}
+	return &v, nil
+}
+
+func (p SecurityLevel) IntoRef() *SecurityLevel {
+	return &p
+}
+
+type SSL int
+
+const (
+	_ SSL = iota
+	SSLOff
+	SSLFlexible
+	SSLFull
+	SSLStrict
+	SSLOriginPull
+)
+
+func (p SSL) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.String())
+}
+
+func (p SSL) String() string {
+	return [...]string{"off", "flexible", "full", "strict", "origin_pull"}[p-1]
+}
+
+func (p *SSL) UnmarshalJSON(data []byte) error {
+	var (
+		s   string
+		err error
+	)
+	err = json.Unmarshal(data, &s)
+	if err != nil {
+		return err
+	}
+	v, err := SSLFromString(s)
+	if err != nil {
+		return err
+	}
+	*p = *v
+	return nil
+}
+
+func SSLFromString(s string) (*SSL, error) {
+	s = strings.ToLower(s)
+	var v SSL
+	switch s {
+	case "off":
+		v = SSLOff
+	case "flexible":
+		v = SSLFlexible
+	case "full":
+		v = SSLFull
+	case "strict":
+		v = SSLStrict
+	case "origin_pull":
+		v = SSLOriginPull
+	default:
+		return nil, fmt.Errorf("unknown variant for ssl: %s", s)
+	}
+	return &v, nil
+}
+
+func (p SSL) IntoRef() *SSL {
+	return &p
+}
+
+// RulesetRule contains information about a single Ruleset Rule.
+type RulesetRule struct {
+	ID                     string                             `json:"id,omitempty"`
+	Version                *string                            `json:"version,omitempty"`
+	Action                 string                             `json:"action"`
+	ActionParameters       *RulesetRuleActionParameters       `json:"action_parameters,omitempty"`
+	Expression             string                             `json:"expression"`
+	Description            string                             `json:"description,omitempty"`
+	LastUpdated            *time.Time                         `json:"last_updated,omitempty"`
+	Ref                    string                             `json:"ref,omitempty"`
+	Enabled                *bool                              `json:"enabled,omitempty"`
+	ScoreThreshold         int                                `json:"score_threshold,omitempty"`
+	RateLimit              *RulesetRuleRateLimit              `json:"ratelimit,omitempty"`
+	ExposedCredentialCheck *RulesetRuleExposedCredentialCheck `json:"exposed_credential_check,omitempty"`
+	Logging                *RulesetRuleLogging                `json:"logging,omitempty"`
+}
+
+// RulesetRuleRateLimit contains the structure of a HTTP rate limit Ruleset Rule.
+type RulesetRuleRateLimit struct {
+	Characteristics         []string `json:"characteristics,omitempty"`
+	RequestsPerPeriod       int      `json:"requests_per_period,omitempty"`
+	ScorePerPeriod          int      `json:"score_per_period,omitempty"`
+	ScoreResponseHeaderName string   `json:"score_response_header_name,omitempty"`
+	Period                  int      `json:"period,omitempty"`
+	MitigationTimeout       int      `json:"mitigation_timeout,omitempty"`
+	CountingExpression      string   `json:"counting_expression,omitempty"`
+	RequestsToOrigin        bool     `json:"requests_to_origin,omitempty"`
+}
+
+// RulesetRuleExposedCredentialCheck contains the structure of an exposed
+// credential check Ruleset Rule.
+type RulesetRuleExposedCredentialCheck struct {
+	UsernameExpression string `json:"username_expression,omitempty"`
+	PasswordExpression string `json:"password_expression,omitempty"`
+}
+
+// RulesetRuleLogging contains the logging configuration for the rule.
+type RulesetRuleLogging struct {
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
+// UpdateRulesetRequest is the representation of a Ruleset update.
+type UpdateRulesetRequest struct {
+	Description string        `json:"description"`
+	Rules       []RulesetRule `json:"rules"`
+}
+
+// ListRulesetResponse contains all Rulesets.
+type ListRulesetResponse struct {
+	Response
+	Result []Ruleset `json:"result"`
+}
+
+// GetRulesetResponse contains a single Ruleset.
+type GetRulesetResponse struct {
+	Response
+	Result Ruleset `json:"result"`
+}
+
+// CreateRulesetResponse contains response data when creating a new Ruleset.
+type CreateRulesetResponse struct {
+	Response
+	Result Ruleset `json:"result"`
+}
+
+// UpdateRulesetResponse contains response data when updating an existing
+// Ruleset.
+type UpdateRulesetResponse struct {
+	Response
+	Result Ruleset `json:"result"`
+}
+
+type ListRulesetsParams struct{}
+
+type CreateRulesetParams struct {
+	Name        string        `json:"name,omitempty"`
+	Description string        `json:"description,omitempty"`
+	Kind        string        `json:"kind,omitempty"`
+	Phase       string        `json:"phase,omitempty"`
+	Rules       []RulesetRule `json:"rules"`
+}
+
+type UpdateRulesetParams struct {
+	ID          string        `json:"-"`
+	Description string        `json:"description"`
+	Rules       []RulesetRule `json:"rules"`
+}
+
+type UpdateEntrypointRulesetParams struct {
+	Phase       string        `json:"-"`
+	Description string        `json:"description,omitempty"`
+	Rules       []RulesetRule `json:"rules"`
+}
+
+// ListRulesets lists all Rulesets in a given zone or account depending on the
+// ResourceContainer type provided.
+//
+// API reference: https://developers.cloudflare.com/api/operations/listAccountRulesets
+// API reference: https://developers.cloudflare.com/api/operations/listZoneRulesets
+func (api *API) ListRulesets(ctx context.Context, rc *ResourceContainer, params ListRulesetsParams) ([]Ruleset, error) {
+	uri := fmt.Sprintf("/%s/%s/rulesets", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Ruleset{}, err
+	}
+
+	result := ListRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetRuleset fetches a single ruleset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/getAccountRuleset
+// API reference: https://developers.cloudflare.com/api/operations/getZoneRuleset
+func (api *API) GetRuleset(ctx context.Context, rc *ResourceContainer, rulesetID string) (Ruleset, error) {
+	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, rulesetID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Ruleset{}, err
+	}
+
+	result := GetRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// CreateRuleset creates a new ruleset.
+//
+// API reference: https://developers.cloudflare.com/api/operations/createAccountRuleset
+// API reference: https://developers.cloudflare.com/api/operations/createZoneRuleset
+func (api *API) CreateRuleset(ctx context.Context, rc *ResourceContainer, params CreateRulesetParams) (Ruleset, error) {
+	uri := fmt.Sprintf("/%s/%s/rulesets", rc.Level, rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return Ruleset{}, err
+	}
+
+	result := CreateRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteRuleset removes a ruleset based on the ruleset ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/deleteAccountRuleset
+// API reference: https://developers.cloudflare.com/api/operations/deleteZoneRuleset
+func (api *API) DeleteRuleset(ctx context.Context, rc *ResourceContainer, rulesetID string) error {
+	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, rulesetID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	// The API is not implementing the standard response blob but returns an
+	// empty response (204) in case of a success. So we are checking for the
+	// response body size here.
+	if len(res) > 0 {
+		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
+	}
+
+	return nil
+}
+
+// UpdateRuleset updates a ruleset based on the ruleset ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/updateAccountRuleset
+// API reference: https://developers.cloudflare.com/api/operations/updateZoneRuleset
+func (api *API) UpdateRuleset(ctx context.Context, rc *ResourceContainer, params UpdateRulesetParams) (Ruleset, error) {
+	if params.ID == "" {
+		return Ruleset{}, ErrMissingResourceIdentifier
+	}
+
+	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Ruleset{}, err
+	}
+
+	result := UpdateRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// GetEntrypointRuleset returns an entry point ruleset base on the phase.
+//
+// API reference: https://developers.cloudflare.com/api/operations/getAccountEntrypointRuleset
+// API reference: https://developers.cloudflare.com/api/operations/getZoneEntrypointRuleset
+func (api *API) GetEntrypointRuleset(ctx context.Context, rc *ResourceContainer, phase string) (Ruleset, error) {
+	uri := fmt.Sprintf("/%s/%s/rulesets/phases/%s/entrypoint", rc.Level, rc.Identifier, phase)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Ruleset{}, err
+	}
+
+	result := GetRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateEntrypointRuleset updates an entry point ruleset phase based on the
+// phase.
+//
+// API reference: https://developers.cloudflare.com/api/operations/updateAccountEntrypointRuleset
+// API reference: https://developers.cloudflare.com/api/operations/updateZoneEntrypointRuleset
+func (api *API) UpdateEntrypointRuleset(ctx context.Context, rc *ResourceContainer, params UpdateEntrypointRulesetParams) (Ruleset, error) {
+	if params.Phase == "" {
+		return Ruleset{}, ErrMissingRulesetPhase
+	}
+
+	uri := fmt.Sprintf("/%s/%s/rulesets/phases/%s/entrypoint", rc.Level, rc.Identifier, params.Phase)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Ruleset{}, err
+	}
+
+	result := GetRulesetResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
diff --git a/pkg/cloudflare-go/rulesets_test.go b/pkg/cloudflare-go/rulesets_test.go
new file mode 100644
index 0000000000..dbaf2b4f13
--- /dev/null
+++ b/pkg/cloudflare-go/rulesets_test.go
@@ -0,0 +1,870 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListRulesets(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": [
+        {
+          "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+          "name": "my example ruleset",
+          "description": "Test magic transit ruleset",
+          "kind": "root",
+          "version": "1",
+          "last_updated": "2020-12-02T20:24:07.776073Z",
+          "phase": "magic_transit"
+        }
+      ],
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+
+	want := []Ruleset{
+		{
+			ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+			Name:        "my example ruleset",
+			Description: "Test magic transit ruleset",
+			Kind:        "root",
+			Version:     StringPtr("1"),
+			LastUpdated: &lastUpdated,
+			Phase:       string(RulesetPhaseMagicTransit),
+		},
+	}
+
+	zoneActual, err := client.ListRulesets(context.Background(), ZoneIdentifier(testZoneID), ListRulesetsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.ListRulesets(context.Background(), AccountIdentifier(testAccountID), ListRulesetsParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_MagicTransit(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+        "name": "my example ruleset",
+        "description": "Test magic transit ruleset",
+        "kind": "root",
+        "version": "1",
+        "last_updated": "2020-12-02T20:24:07.776073Z",
+        "phase": "magic_transit"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+
+	want := Ruleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "my example ruleset",
+		Description: "Test magic transit ruleset",
+		Kind:        "root",
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseMagicTransit),
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_WAF(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "70339d97bdb34195bbf054b1ebe81f76",
+        "name": "Cloudflare Normalization Ruleset",
+        "description": "Created by the Cloudflare security team, this ruleset provides normalization on the URL path",
+        "kind": "managed",
+        "version": "1",
+        "rules": [
+          {
+            "id": "78723a9e0c7c4c6dbec5684cb766231d",
+            "version": "1",
+            "action": "rewrite",
+            "action_parameters": {
+              "uri": {
+                "path": {
+                  "expression": "normalize_url_path(raw.http.request.uri.path)"
+                },
+                "origin": false
+              }
+            },
+            "description": "Normalization on the URL path, without propagating it to the origin",
+            "last_updated": "2020-12-18T09:28:09.655749Z",
+            "ref": "272936dc447b41fe976255ff6b768ec0",
+            "enabled": true
+          }
+        ],
+        "last_updated": "2020-12-18T09:28:09.655749Z",
+        "phase": "http_request_sanitize"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
+
+	rules := []RulesetRule{{
+		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionRewrite),
+		ActionParameters: &RulesetRuleActionParameters{
+			URI: &RulesetRuleActionParametersURI{
+				Path: &RulesetRuleActionParametersURIPath{
+					Expression: "normalize_url_path(raw.http.request.uri.path)",
+				},
+				Origin: BoolPtr(false),
+			},
+		},
+		Description: "Normalization on the URL path, without propagating it to the origin",
+		LastUpdated: &lastUpdated,
+		Ref:         "272936dc447b41fe976255ff6b768ec0",
+		Enabled:     BoolPtr(true),
+	}}
+
+	want := Ruleset{
+		ID:          "70339d97bdb34195bbf054b1ebe81f76",
+		Name:        "Cloudflare Normalization Ruleset",
+		Description: "Created by the Cloudflare security team, this ruleset provides normalization on the URL path",
+		Kind:        string(RulesetKindManaged),
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseHTTPRequestSanitize),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_SetCacheSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "70339d97bdb34195bbf054b1ebe81f76",
+        "name": "Cloudflare Cache Rules Ruleset",
+        "description": "This ruleset provides cache settings modifications",
+        "kind": "zone",
+        "version": "1",
+        "rules": [
+          {
+            "id": "78723a9e0c7c4c6dbec5684cb766231d",
+            "version": "1",
+            "action": "set_cache_settings",
+            "action_parameters": {
+				"cache": true,
+				"edge_ttl":{"mode":"respect_origin","default":60,"status_code_ttl":[{"status_code":200,"value":30},{"status_code_range":{"from":201,"to":300},"value":20}]},
+				"browser_ttl":{"mode":"override_origin","default":10},
+				"serve_stale":{"disable_stale_while_updating":true},
+				"respect_strong_etags":true,
+				"cache_key":{
+					"cache_deception_armor":true,
+					"ignore_query_strings_order":true,
+					"custom_key": {
+						"query_string":{"include":"*"},
+						"header":{"include":["habc","hdef"],"check_presence":["hfizz","hbuzz"],"exclude_origin":true},
+						"cookie":{"include":["cabc","cdef"],"check_presence":["cfizz","cbuzz"]},
+						"user":{
+							"device_type":true,
+							"geo":true,
+							"lang":true
+						},
+						"host":{
+							"resolved":true
+						}
+					}
+				},
+				"additional_cacheable_ports": [1,2,3,4],
+				"origin_cache_control": true,
+				"read_timeout": 1000,
+				"origin_error_page_passthru":true,
+				"cache_reserve": {
+					"eligible": true,
+					"minimum_file_size": 1000
+				}
+			},
+			"description": "Set all available cache settings in one rule",
+			"last_updated": "2020-12-18T09:28:09.655749Z",
+			"ref": "272936dc447b41fe976255ff6b768ec0",
+			"enabled": true
+          }
+        ],
+        "last_updated": "2020-12-18T09:28:09.655749Z",
+        "phase": "http_request_cache_settings"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
+
+	rules := []RulesetRule{{
+		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionSetCacheSettings),
+		ActionParameters: &RulesetRuleActionParameters{
+			Cache: BoolPtr(true),
+			EdgeTTL: &RulesetRuleActionParametersEdgeTTL{
+				Mode:    "respect_origin",
+				Default: UintPtr(60),
+				StatusCodeTTL: []RulesetRuleActionParametersStatusCodeTTL{
+					{
+						StatusCodeValue: UintPtr(200),
+						Value:           IntPtr(30),
+					},
+					{
+						StatusCodeRange: &RulesetRuleActionParametersStatusCodeRange{
+							From: UintPtr(201),
+							To:   UintPtr(300),
+						},
+						Value: IntPtr(20),
+					},
+				},
+			},
+			BrowserTTL: &RulesetRuleActionParametersBrowserTTL{
+				Mode:    "override_origin",
+				Default: UintPtr(10),
+			},
+			ServeStale: &RulesetRuleActionParametersServeStale{
+				DisableStaleWhileUpdating: BoolPtr(true),
+			},
+			RespectStrongETags: BoolPtr(true),
+			CacheKey: &RulesetRuleActionParametersCacheKey{
+				IgnoreQueryStringsOrder: BoolPtr(true),
+				CacheDeceptionArmor:     BoolPtr(true),
+				CustomKey: &RulesetRuleActionParametersCustomKey{
+					Query: &RulesetRuleActionParametersCustomKeyQuery{
+						Include: &RulesetRuleActionParametersCustomKeyList{
+							All: true,
+						},
+					},
+					Header: &RulesetRuleActionParametersCustomKeyHeader{
+						RulesetRuleActionParametersCustomKeyFields: RulesetRuleActionParametersCustomKeyFields{
+							Include:       []string{"habc", "hdef"},
+							CheckPresence: []string{"hfizz", "hbuzz"},
+						},
+						ExcludeOrigin: BoolPtr(true),
+					},
+					Cookie: &RulesetRuleActionParametersCustomKeyCookie{
+						Include:       []string{"cabc", "cdef"},
+						CheckPresence: []string{"cfizz", "cbuzz"},
+					},
+					User: &RulesetRuleActionParametersCustomKeyUser{
+						DeviceType: BoolPtr(true),
+						Geo:        BoolPtr(true),
+						Lang:       BoolPtr(true),
+					},
+					Host: &RulesetRuleActionParametersCustomKeyHost{
+						Resolved: BoolPtr(true),
+					},
+				},
+			},
+			AdditionalCacheablePorts: []int{1, 2, 3, 4},
+			OriginCacheControl:       BoolPtr(true),
+			ReadTimeout:              UintPtr(1000),
+			OriginErrorPagePassthru:  BoolPtr(true),
+			CacheReserve: &RulesetRuleActionParametersCacheReserve{
+				Eligible:        BoolPtr(true),
+				MinimumFileSize: UintPtr(1000),
+			},
+		},
+		Description: "Set all available cache settings in one rule",
+		LastUpdated: &lastUpdated,
+		Ref:         "272936dc447b41fe976255ff6b768ec0",
+		Enabled:     BoolPtr(true),
+	}}
+
+	want := Ruleset{
+		ID:          "70339d97bdb34195bbf054b1ebe81f76",
+		Name:        "Cloudflare Cache Rules Ruleset",
+		Description: "This ruleset provides cache settings modifications",
+		Kind:        string(RulesetKindZone),
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseHTTPRequestCacheSettings),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_SetConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "70339d97bdb34195bbf054b1ebe81f76",
+        "name": "Cloudflare Config Rules Ruleset",
+        "description": "This ruleset provides config rules modifications",
+        "kind": "zone",
+        "version": "1",
+        "rules": [
+          {
+            "id": "78723a9e0c7c4c6dbec5684cb766231d",
+            "version": "1",
+            "action": "set_config",
+            "action_parameters": {
+				"automatic_https_rewrites":true,
+				"autominify":{"html":true, "css":true, "js":true},
+				"bic":true,
+				"disable_apps":true,
+				"polish":"off",
+				"disable_zaraz":true,
+				"disable_railgun":true,
+				"email_obfuscation":true,
+				"mirage":true,
+				"opportunistic_encryption":true,
+				"rocket_loader":true,
+				"security_level":"off",
+				"server_side_excludes":true,
+				"ssl":"off",
+				"sxg":true,
+				"hotlink_protection":true,
+				"fonts":true,
+				"disable_rum":true
+            },
+			"description": "Set all available config rules in one rule",
+			"last_updated": "2020-12-18T09:28:09.655749Z",
+			"ref": "272936dc447b41fe976255ff6b768ec0",
+			"enabled": true
+          }
+        ],
+        "last_updated": "2020-12-18T09:28:09.655749Z",
+        "phase": "http_config_settings"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
+
+	rules := []RulesetRule{{
+		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionSetConfig),
+		ActionParameters: &RulesetRuleActionParameters{
+			AutomaticHTTPSRewrites: BoolPtr(true),
+			AutoMinify: &RulesetRuleActionParametersAutoMinify{
+				HTML: true,
+				CSS:  true,
+				JS:   true,
+			},
+			BrowserIntegrityCheck:   BoolPtr(true),
+			DisableApps:             BoolPtr(true),
+			DisableZaraz:            BoolPtr(true),
+			DisableRailgun:          BoolPtr(true),
+			DisableRUM:              BoolPtr(true),
+			EmailObfuscation:        BoolPtr(true),
+			Fonts:                   BoolPtr(true),
+			Mirage:                  BoolPtr(true),
+			OpportunisticEncryption: BoolPtr(true),
+			Polish:                  PolishOff.IntoRef(),
+			RocketLoader:            BoolPtr(true),
+			SecurityLevel:           SecurityLevelOff.IntoRef(),
+			ServerSideExcludes:      BoolPtr(true),
+			SSL:                     SSLOff.IntoRef(),
+			SXG:                     BoolPtr(true),
+			HotLinkProtection:       BoolPtr(true),
+		},
+		Description: "Set all available config rules in one rule",
+		LastUpdated: &lastUpdated,
+		Ref:         "272936dc447b41fe976255ff6b768ec0",
+		Enabled:     BoolPtr(true),
+	}}
+
+	want := Ruleset{
+		ID:          "70339d97bdb34195bbf054b1ebe81f76",
+		Name:        "Cloudflare Config Rules Ruleset",
+		Description: "This ruleset provides config rules modifications",
+		Kind:        string(RulesetKindZone),
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseHTTPConfigSettings),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_RedirectFromValue(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "70339d97bdb34195bbf054b1ebe81f76",
+        "name": "Cloudflare Redirect Rules Ruleset",
+        "description": "This ruleset provides redirect from value",
+        "kind": "zone",
+        "version": "1",
+        "rules": [
+          {
+            "id": "78723a9e0c7c4c6dbec5684cb766231d",
+            "version": "1",
+            "action": "redirect",
+            "action_parameters": {
+				"from_value": {
+					"status_code": 301,
+					"target_url": {
+						"value": "some_host.com"
+					},
+					"preserve_query_string": true
+				}
+			},
+			"description": "Set dynamic redirect from value",
+			"last_updated": "2020-12-18T09:28:09.655749Z",
+			"ref": "272936dc447b41fe976255ff6b768ec0",
+			"enabled": true
+          }
+        ],
+        "last_updated": "2020-12-18T09:28:09.655749Z",
+        "phase": "http_request_dynamic_redirect"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
+
+	rules := []RulesetRule{{
+		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionRedirect),
+		ActionParameters: &RulesetRuleActionParameters{
+			FromValue: &RulesetRuleActionParametersFromValue{
+				StatusCode: 301,
+				TargetURL: RulesetRuleActionParametersTargetURL{
+					Value: "some_host.com",
+				},
+				PreserveQueryString: BoolPtr(true),
+			},
+		},
+		Description: "Set dynamic redirect from value",
+		LastUpdated: &lastUpdated,
+		Ref:         "272936dc447b41fe976255ff6b768ec0",
+		Enabled:     BoolPtr(true),
+	}}
+
+	want := Ruleset{
+		ID:          "70339d97bdb34195bbf054b1ebe81f76",
+		Name:        "Cloudflare Redirect Rules Ruleset",
+		Description: "This ruleset provides redirect from value",
+		Kind:        string(RulesetKindZone),
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseHTTPRequestDynamicRedirect),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestGetRuleset_CompressResponse(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "70339d97bdb34195bbf054b1ebe81f76",
+        "name": "Cloudflare compress response ruleset",
+        "description": "This ruleset provides response compression rules",
+        "kind": "zone",
+        "version": "1",
+        "rules": [
+          {
+            "id": "78723a9e0c7c4c6dbec5684cb766231d",
+            "version": "1",
+            "action": "compress_response",
+            "action_parameters": {
+				"algorithms": [ { "name": "brotli" }, { "name": "default" } ]
+            },
+			"description": "Compress response rule",
+			"last_updated": "2020-12-18T09:28:09.655749Z",
+			"ref": "272936dc447b41fe976255ff6b768ec0",
+			"enabled": true
+          }
+        ],
+        "last_updated": "2020-12-18T09:28:09.655749Z",
+        "phase": "http_response_compression"
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
+
+	rules := []RulesetRule{{
+		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionCompressResponse),
+		ActionParameters: &RulesetRuleActionParameters{
+			Algorithms: []RulesetRuleActionParametersCompressionAlgorithm{
+				{Name: "brotli"},
+				{Name: "default"},
+			},
+		},
+		Description: "Compress response rule",
+		LastUpdated: &lastUpdated,
+		Ref:         "272936dc447b41fe976255ff6b768ec0",
+		Enabled:     BoolPtr(true),
+	}}
+
+	want := Ruleset{
+		ID:          "70339d97bdb34195bbf054b1ebe81f76",
+		Name:        "Cloudflare compress response ruleset",
+		Description: "This ruleset provides response compression rules",
+		Kind:        string(RulesetKindZone),
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseHTTPResponseCompression),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestCreateRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+        "name": "my example ruleset",
+        "description": "Test magic transit ruleset",
+        "kind": "root",
+        "version": "1",
+        "last_updated": "2020-12-02T20:24:07.776073Z",
+        "phase": "magic_transit",
+        "rules": [
+          {
+            "id": "62449e2e0de149619edb35e59c10d801",
+            "version": "1",
+            "action": "skip",
+            "action_parameters":{
+              "ruleset":"current"
+            },
+            "expression": "tcp.dstport in { 32768..65535 }",
+            "description": "Allow TCP Ephemeral Ports",
+            "last_updated": "2020-12-02T20:24:07.776073Z",
+            "ref": "72449e2e0de149619edb35e59c10d801",
+            "enabled": true
+          }
+        ]
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+
+	rules := []RulesetRule{{
+		ID:      "62449e2e0de149619edb35e59c10d801",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionSkip),
+		ActionParameters: &RulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "tcp.dstport in { 32768..65535 }",
+		Description: "Allow TCP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     BoolPtr(true),
+	}}
+
+	newRuleset := CreateRulesetParams{
+		Name:        "my example ruleset",
+		Description: "Test magic transit ruleset",
+		Kind:        "root",
+		Phase:       string(RulesetPhaseMagicTransit),
+		Rules:       rules,
+	}
+
+	want := Ruleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "my example ruleset",
+		Description: "Test magic transit ruleset",
+		Kind:        "root",
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseMagicTransit),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.CreateRuleset(context.Background(), ZoneIdentifier(testZoneID), newRuleset)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.CreateRuleset(context.Background(), AccountIdentifier(testAccountID), newRuleset)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
+
+func TestDeleteRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, ``)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	zErr := client.DeleteRuleset(context.Background(), ZoneIdentifier(testZoneID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	assert.NoError(t, zErr)
+
+	aErr := client.DeleteRuleset(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
+	assert.NoError(t, aErr)
+}
+
+func TestUpdateRuleset(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+      "result": {
+        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
+        "name": "ruleset1",
+        "description": "Test Firewall Ruleset Update",
+        "kind": "root",
+        "version": "1",
+        "last_updated": "2020-12-02T20:24:07.776073Z",
+        "phase": "magic_transit",
+        "rules": [
+          {
+            "id": "62449e2e0de149619edb35e59c10d801",
+            "version": "1",
+            "action": "skip",
+            "action_parameters":{
+              "ruleset":"current"
+            },
+            "expression": "tcp.dstport in { 32768..65535 }",
+            "description": "Allow TCP Ephemeral Ports",
+            "last_updated": "2020-12-02T20:24:07.776073Z",
+            "ref": "72449e2e0de149619edb35e59c10d801",
+            "enabled": true
+          },
+          {
+            "id": "62449e2e0de149619edb35e59c10d802",
+            "version": "1",
+            "action": "skip",
+            "action_parameters":{
+              "ruleset":"current"
+            },
+            "expression": "udp.dstport in { 32768..65535 }",
+            "description": "Allow UDP Ephemeral Ports",
+            "last_updated": "2020-12-02T20:24:07.776073Z",
+            "ref": "72449e2e0de149619edb35e59c10d801",
+            "enabled": true
+          }
+        ]
+      },
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
+
+	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
+
+	rules := []RulesetRule{{
+		ID:      "62449e2e0de149619edb35e59c10d801",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionSkip),
+		ActionParameters: &RulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "tcp.dstport in { 32768..65535 }",
+		Description: "Allow TCP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     BoolPtr(true),
+	}, {
+		ID:      "62449e2e0de149619edb35e59c10d802",
+		Version: StringPtr("1"),
+		Action:  string(RulesetRuleActionSkip),
+		ActionParameters: &RulesetRuleActionParameters{
+			Ruleset: "current",
+		},
+		Expression:  "udp.dstport in { 32768..65535 }",
+		Description: "Allow UDP Ephemeral Ports",
+		LastUpdated: &lastUpdated,
+		Ref:         "72449e2e0de149619edb35e59c10d801",
+		Enabled:     BoolPtr(true),
+	}}
+
+	updated := UpdateRulesetParams{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Description: "Test Firewall Ruleset Update",
+		Rules:       rules,
+	}
+
+	want := Ruleset{
+		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
+		Name:        "ruleset1",
+		Description: "Test Firewall Ruleset Update",
+		Kind:        "root",
+		Version:     StringPtr("1"),
+		LastUpdated: &lastUpdated,
+		Phase:       string(RulesetPhaseMagicTransit),
+		Rules:       rules,
+	}
+
+	zoneActual, err := client.UpdateRuleset(context.Background(), ZoneIdentifier(testZoneID), updated)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, zoneActual)
+	}
+
+	accountActual, err := client.UpdateRuleset(context.Background(), AccountIdentifier(testAccountID), updated)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, accountActual)
+	}
+}
diff --git a/pkg/cloudflare-go/scripts/changelog.tmpl b/pkg/cloudflare-go/scripts/changelog.tmpl
new file mode 100644
index 0000000000..e5b8afa8b2
--- /dev/null
+++ b/pkg/cloudflare-go/scripts/changelog.tmpl
@@ -0,0 +1,39 @@
+{{- if index .NotesByType "breaking-change" }}
+BREAKING CHANGES:
+
+{{range index .NotesByType "breaking-change" -}}
+{{ template "note" .}}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.note }}
+NOTES:
+
+{{range .NotesByType.note -}}
+{{ template "note" .}}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.enhancement }}
+ENHANCEMENTS:
+
+{{range .NotesByType.enhancement | sort -}}
+{{ template "note" .}}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.bug }}
+BUG FIXES:
+
+{{range .NotesByType.bug | sort -}}
+{{ template "note" . }}
+{{ end -}}
+{{- end -}}
+
+{{- if .NotesByType.dependency }}
+DEPENDENCIES:
+
+{{range .NotesByType.dependency | sort -}}
+{{ template "note" . }}
+{{ end -}}
+{{- end -}}
diff --git a/pkg/cloudflare-go/scripts/generate-changelog-entry.sh b/pkg/cloudflare-go/scripts/generate-changelog-entry.sh
new file mode 100755
index 0000000000..cfe9583a3f
--- /dev/null
+++ b/pkg/cloudflare-go/scripts/generate-changelog-entry.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Generate a changelog entry for a proposed PR by grabbing the next available
+# auto incrementing ID in GitHub.
+
+if ! command -v curl &> /dev/null
+then
+  echo "jq not be found"
+  exit 1
+fi
+
+if ! command -v jq &> /dev/null
+then
+  echo "jq not be found"
+  exit 1
+fi
+
+current_pr=$(curl -s "https://api.github.com/repos/cloudflare/cloudflare-go/issues?state=all&per_page=1" | jq -r ".[].number")
+next_pr=$(($current_pr + 1))
+changelog_path=".changelog/$next_pr.txt"
+
+echo "==> What type of change is this? (enhancement, bug, breaking-change)"
+read entry_type
+
+echo "==> What is the summary of this change? Example: dns: updated X to do Y"
+read entry_summary
+
+touch $(pwd)/$changelog_path
+cat > $(pwd)/$changelog_path <<EOF
+\`\`\`release-note:$entry_type
+$entry_summary
+\`\`\`
+EOF
+
+echo
+echo "Successfully created $changelog_path. Don't forget to commit it and open the PR!"
diff --git a/pkg/cloudflare-go/scripts/generate-changelog.sh b/pkg/cloudflare-go/scripts/generate-changelog.sh
new file mode 100755
index 0000000000..dbd0c3775f
--- /dev/null
+++ b/pkg/cloudflare-go/scripts/generate-changelog.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+
+__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+__parent="$(dirname "$__dir")"
+
+CHANGELOG_FILE_NAME="CHANGELOG.md"
+CHANGELOG_TMP_FILE_NAME="CHANGELOG.tmp"
+TARGET_SHA=$(git rev-parse HEAD)
+PREVIOUS_RELEASE_SHA=$(git rev-list -n 1 $(git describe --abbrev=0 --match='v*.*.*' --tags))
+
+if [ $TARGET_SHA == $PREVIOUS_RELEASE_SHA ]; then
+  echo "Nothing to do"
+  exit 0
+fi
+
+PREVIOUS_CHANGELOG=$(sed -n -e "/## $(git describe --abbrev=0 --match='v*.*.*' --tags | tr -d v)/,\$p" $__parent/$CHANGELOG_FILE_NAME)
+
+if [ -z "$PREVIOUS_CHANGELOG" ]
+then
+    echo "Unable to locate previous changelog contents."
+    exit 1
+fi
+
+CHANGELOG=$($(go env GOPATH)/bin/changelog-build -this-release $TARGET_SHA \
+                      -last-release $PREVIOUS_RELEASE_SHA \
+                      -git-dir $__parent \
+                      -entries-dir .changelog \
+                      -changelog-template $__dir/changelog.tmpl \
+                      -note-template $__dir/release-note.tmpl)
+
+if [ -z "$CHANGELOG" ]
+then
+    echo "No changelog generated."
+    exit 0
+fi
+
+rm -f $CHANGELOG_TMP_FILE_NAME
+
+sed -n -e "1{/## /p;}" $__parent/$CHANGELOG_FILE_NAME > $CHANGELOG_TMP_FILE_NAME
+echo "$CHANGELOG" >> $CHANGELOG_TMP_FILE_NAME
+echo >> $CHANGELOG_TMP_FILE_NAME
+echo "$PREVIOUS_CHANGELOG" >> $CHANGELOG_TMP_FILE_NAME
+
+cp $CHANGELOG_TMP_FILE_NAME $CHANGELOG_FILE_NAME
+
+rm $CHANGELOG_TMP_FILE_NAME
+
+echo "Successfully generated changelog."
+
+exit 0
diff --git a/pkg/cloudflare-go/scripts/release-note.tmpl b/pkg/cloudflare-go/scripts/release-note.tmpl
new file mode 100644
index 0000000000..de55697a25
--- /dev/null
+++ b/pkg/cloudflare-go/scripts/release-note.tmpl
@@ -0,0 +1,3 @@
+{{- define "note" -}}
+* {{.Body}} ([#{{- .Issue -}}](https://github.com/cloudflare/cloudflare-go/issues/{{- .Issue -}}))
+{{- end -}}
diff --git a/pkg/cloudflare-go/secondary_dns_primaries.go b/pkg/cloudflare-go/secondary_dns_primaries.go
new file mode 100644
index 0000000000..427a41aca9
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_dns_primaries.go
@@ -0,0 +1,165 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	errSecondaryDNSInvalidPrimaryID   = "secondary DNS primary ID is required"
+	errSecondaryDNSInvalidPrimaryIP   = "secondary DNS primary IP invalid"
+	errSecondaryDNSInvalidPrimaryPort = "secondary DNS primary port invalid"
+)
+
+// SecondaryDNSPrimary is the representation of the DNS Primary.
+type SecondaryDNSPrimary struct {
+	ID         string `json:"id,omitempty"`
+	IP         string `json:"ip"`
+	Port       int    `json:"port"`
+	IxfrEnable bool   `json:"ixfr_enable"`
+	TsigID     string `json:"tsig_id"`
+	Name       string `json:"name"`
+}
+
+// SecondaryDNSPrimaryDetailResponse is the API representation of a single
+// secondary DNS primary response.
+type SecondaryDNSPrimaryDetailResponse struct {
+	Response
+	Result SecondaryDNSPrimary `json:"result"`
+}
+
+// SecondaryDNSPrimaryListResponse is the API representation of all secondary DNS
+// primaries.
+type SecondaryDNSPrimaryListResponse struct {
+	Response
+	Result []SecondaryDNSPrimary `json:"result"`
+}
+
+// GetSecondaryDNSPrimary returns a single secondary DNS primary.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-primary--primary-details
+func (api *API) GetSecondaryDNSPrimary(ctx context.Context, accountID, primaryID string) (SecondaryDNSPrimary, error) {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries/%s", accountID, primaryID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return SecondaryDNSPrimary{}, err
+	}
+
+	var r SecondaryDNSPrimaryDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListSecondaryDNSPrimaries returns all secondary DNS primaries for an account.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-primary--list-primaries
+func (api *API) ListSecondaryDNSPrimaries(ctx context.Context, accountID string) ([]SecondaryDNSPrimary, error) {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []SecondaryDNSPrimary{}, err
+	}
+
+	var r SecondaryDNSPrimaryListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateSecondaryDNSPrimary creates a secondary DNS primary.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-primary--create-primary
+func (api *API) CreateSecondaryDNSPrimary(ctx context.Context, accountID string, primary SecondaryDNSPrimary) (SecondaryDNSPrimary, error) {
+	if err := validateRequiredSecondaryDNSPrimaries(primary); err != nil {
+		return SecondaryDNSPrimary{}, err
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, SecondaryDNSPrimary{
+		IP:         primary.IP,
+		Port:       primary.Port,
+		IxfrEnable: primary.IxfrEnable,
+		TsigID:     primary.TsigID,
+		Name:       primary.Name,
+	})
+	if err != nil {
+		return SecondaryDNSPrimary{}, err
+	}
+
+	var r SecondaryDNSPrimaryDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateSecondaryDNSPrimary creates a secondary DNS primary.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-primary--update-primary
+func (api *API) UpdateSecondaryDNSPrimary(ctx context.Context, accountID string, primary SecondaryDNSPrimary) (SecondaryDNSPrimary, error) {
+	if primary.ID == "" {
+		return SecondaryDNSPrimary{}, errors.New(errSecondaryDNSInvalidPrimaryID)
+	}
+
+	if err := validateRequiredSecondaryDNSPrimaries(primary); err != nil {
+		return SecondaryDNSPrimary{}, err
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries/%s", accountID, primary.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, SecondaryDNSPrimary{
+		IP:         primary.IP,
+		Port:       primary.Port,
+		IxfrEnable: primary.IxfrEnable,
+		TsigID:     primary.TsigID,
+		Name:       primary.Name,
+	})
+	if err != nil {
+		return SecondaryDNSPrimary{}, err
+	}
+
+	var r SecondaryDNSPrimaryDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteSecondaryDNSPrimary deletes a secondary DNS primary.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-primary--delete-primary
+func (api *API) DeleteSecondaryDNSPrimary(ctx context.Context, accountID, primaryID string) error {
+	uri := fmt.Sprintf("/zones/%s/secondary_dns/primaries/%s", accountID, primaryID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func validateRequiredSecondaryDNSPrimaries(p SecondaryDNSPrimary) error {
+	if p.IP == "" {
+		return errors.New(errSecondaryDNSInvalidPrimaryIP)
+	}
+
+	if p.Port == 0 {
+		return errors.New(errSecondaryDNSInvalidPrimaryPort)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/secondary_dns_primaries_test.go b/pkg/cloudflare-go/secondary_dns_primaries_test.go
new file mode 100644
index 0000000000..594d4a28f3
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_dns_primaries_test.go
@@ -0,0 +1,204 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetSecondaryDNSPrimary(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "23ff594956f20c2a721606e94745a8aa",
+				"ip": "192.0.2.53",
+				"port": 53,
+				"ixfr_enable": false,
+				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "my-primary-1"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
+	want := SecondaryDNSPrimary{
+		ID:         "23ff594956f20c2a721606e94745a8aa",
+		IP:         "192.0.2.53",
+		Port:       53,
+		IxfrEnable: false,
+		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:       "my-primary-1",
+	}
+
+	actual, err := client.GetSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", "23ff594956f20c2a721606e94745a8aa")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListSecondaryDNSPrimaries(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [{
+				"id": "23ff594956f20c2a721606e94745a8aa",
+				"ip": "192.0.2.53",
+				"port": 53,
+				"ixfr_enable": false,
+				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "my-primary-1"
+			}]
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries", handler)
+	want := []SecondaryDNSPrimary{{
+		ID:         "23ff594956f20c2a721606e94745a8aa",
+		IP:         "192.0.2.53",
+		Port:       53,
+		IxfrEnable: false,
+		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:       "my-primary-1",
+	}}
+
+	actual, err := client.ListSecondaryDNSPrimaries(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSecondaryDNSPrimary(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "23ff594956f20c2a721606e94745a8aa",
+				"ip": "192.0.2.53",
+				"port": 53,
+				"ixfr_enable": false,
+				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "my-primary-1"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries", handler)
+	want := SecondaryDNSPrimary{
+		ID:         "23ff594956f20c2a721606e94745a8aa",
+		IP:         "192.0.2.53",
+		Port:       53,
+		IxfrEnable: false,
+		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:       "my-primary-1",
+	}
+
+	actual, err := client.CreateSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSecondaryDNSPrimary(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "23ff594956f20c2a721606e94745a8aa",
+				"ip": "192.0.2.53",
+				"port": 53,
+				"ixfr_enable": false,
+				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "my-primary-1"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
+	want := SecondaryDNSPrimary{
+		ID:         "23ff594956f20c2a721606e94745a8aa",
+		IP:         "192.0.2.53",
+		Port:       53,
+		IxfrEnable: false,
+		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:       "my-primary-1",
+	}
+
+	actual, err := client.UpdateSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSecondaryDNSPrimary(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "23ff594956f20c2a721606e94745a8aa"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
+
+	err := client.DeleteSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", "23ff594956f20c2a721606e94745a8aa")
+	assert.NoError(t, err)
+}
+
+func TestValidateRequiredSecondaryDNSPrimaries(t *testing.T) {
+	p1 := SecondaryDNSPrimary{}
+	err1 := validateRequiredSecondaryDNSPrimaries(p1)
+	assert.EqualError(t, err1, errSecondaryDNSInvalidPrimaryIP)
+
+	p2 := SecondaryDNSPrimary{IP: "192.0.2.53"}
+	err2 := validateRequiredSecondaryDNSPrimaries(p2)
+	assert.EqualError(t, err2, errSecondaryDNSInvalidPrimaryPort)
+
+	p3 := SecondaryDNSPrimary{IP: "192.0.2.53", Port: 53}
+	err3 := validateRequiredSecondaryDNSPrimaries(p3)
+	assert.NoError(t, err3)
+}
diff --git a/pkg/cloudflare-go/secondary_dns_tsig.go b/pkg/cloudflare-go/secondary_dns_tsig.go
new file mode 100644
index 0000000000..07b76bc096
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_dns_tsig.go
@@ -0,0 +1,132 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	errSecondaryDNSTSIGMissingID = "secondary DNS TSIG ID is required"
+)
+
+// SecondaryDNSTSIG contains the structure for a secondary DNS TSIG.
+type SecondaryDNSTSIG struct {
+	ID     string `json:"id,omitempty"`
+	Name   string `json:"name"`
+	Secret string `json:"secret"`
+	Algo   string `json:"algo"`
+}
+
+// SecondaryDNSTSIGDetailResponse is the API response for a single secondary
+// DNS TSIG.
+type SecondaryDNSTSIGDetailResponse struct {
+	Response
+	Result SecondaryDNSTSIG `json:"result"`
+}
+
+// SecondaryDNSTSIGListResponse is the API response for all secondary DNS TSIGs.
+type SecondaryDNSTSIGListResponse struct {
+	Response
+	Result []SecondaryDNSTSIG `json:"result"`
+}
+
+// GetSecondaryDNSTSIG gets a single account level TSIG for a secondary DNS
+// configuration.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-tsig--tsig-details
+func (api *API) GetSecondaryDNSTSIG(ctx context.Context, accountID, tsigID string) (SecondaryDNSTSIG, error) {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsigID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return SecondaryDNSTSIG{}, err
+	}
+
+	var r SecondaryDNSTSIGDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListSecondaryDNSTSIGs gets all account level TSIG for a secondary DNS
+// configuration.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-tsig--list-tsigs
+func (api *API) ListSecondaryDNSTSIGs(ctx context.Context, accountID string) ([]SecondaryDNSTSIG, error) {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []SecondaryDNSTSIG{}, err
+	}
+
+	var r SecondaryDNSTSIGListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateSecondaryDNSTSIG creates a secondary DNS TSIG at the account level.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-tsig--create-tsig
+func (api *API) CreateSecondaryDNSTSIG(ctx context.Context, accountID string, tsig SecondaryDNSTSIG) (SecondaryDNSTSIG, error) {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs", accountID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, tsig)
+
+	if err != nil {
+		return SecondaryDNSTSIG{}, err
+	}
+
+	result := SecondaryDNSTSIGDetailResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateSecondaryDNSTSIG updates an existing secondary DNS TSIG at
+// the account level.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-tsig--update-tsig
+func (api *API) UpdateSecondaryDNSTSIG(ctx context.Context, accountID string, tsig SecondaryDNSTSIG) (SecondaryDNSTSIG, error) {
+	if tsig.ID == "" {
+		return SecondaryDNSTSIG{}, errors.New(errSecondaryDNSTSIGMissingID)
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsig.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tsig)
+
+	if err != nil {
+		return SecondaryDNSTSIG{}, err
+	}
+
+	result := SecondaryDNSTSIGDetailResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteSecondaryDNSTSIG deletes a secondary DNS TSIG.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-tsig--delete-tsig
+func (api *API) DeleteSecondaryDNSTSIG(ctx context.Context, accountID, tsigID string) error {
+	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsigID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/secondary_dns_tsig_test.go b/pkg/cloudflare-go/secondary_dns_tsig_test.go
new file mode 100644
index 0000000000..3f135e0468
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_dns_tsig_test.go
@@ -0,0 +1,186 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetSecondaryDNSTSIG(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "tsig.customer.cf.",
+				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+				"algo": "hmac-sha512."
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
+
+	want := SecondaryDNSTSIG{
+		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:   "tsig.customer.cf.",
+		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+		Algo:   "hmac-sha512.",
+	}
+
+	actual, err := client.GetSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", "69cd1e104af3e6ed3cb344f263fd0d5a")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListSecondaryDNSTSIGs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+					"name": "tsig.customer.cf.",
+					"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+					"algo": "hmac-sha512."
+				}
+			]
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs", handler)
+
+	want := []SecondaryDNSTSIG{{
+		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:   "tsig.customer.cf.",
+		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+		Algo:   "hmac-sha512.",
+	}}
+
+	actual, err := client.ListSecondaryDNSTSIGs(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSecondaryDNSTSIG(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "tsig.customer.cf.",
+				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+				"algo": "hmac-sha512."
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs", handler)
+
+	want := SecondaryDNSTSIG{
+		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:   "tsig.customer.cf.",
+		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+		Algo:   "hmac-sha512.",
+	}
+
+	actual, err := client.CreateSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", SecondaryDNSTSIG{
+		Name:   "tsig.customer.cf.",
+		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+		Algo:   "hmac-sha512.",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSecondaryDNSTSIG(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
+				"name": "tsig.customer.cf.",
+				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+				"algo": "hmac-sha512."
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
+
+	want := SecondaryDNSTSIG{
+		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
+		Name:   "tsig.customer.cf.",
+		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
+		Algo:   "hmac-sha512.",
+	}
+
+	actual, err := client.UpdateSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSecondaryDNSTSIG(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "269d8f4853475ca241c4e730be286b20"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
+
+	err := client.DeleteSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", "69cd1e104af3e6ed3cb344f263fd0d5a")
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/secondary_dns_zone.go b/pkg/cloudflare-go/secondary_dns_zone.go
new file mode 100644
index 0000000000..2371366c4f
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_dns_zone.go
@@ -0,0 +1,172 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+const (
+	errSecondaryDNSInvalidAutoRefreshValue = "secondary DNS auto refresh value is invalid"
+	errSecondaryDNSInvalidZoneName         = "secondary DNS zone name is invalid"
+	errSecondaryDNSInvalidPrimaries        = "secondary DNS primaries value is invalid"
+)
+
+// SecondaryDNSZone contains the high level structure of a secondary DNS zone.
+type SecondaryDNSZone struct {
+	ID                 string    `json:"id,omitempty"`
+	Name               string    `json:"name,omitempty"`
+	Primaries          []string  `json:"primaries,omitempty"`
+	AutoRefreshSeconds int       `json:"auto_refresh_seconds,omitempty"`
+	SoaSerial          int       `json:"soa_serial,omitempty"`
+	CreatedTime        time.Time `json:"created_time,omitempty"`
+	CheckedTime        time.Time `json:"checked_time,omitempty"`
+	ModifiedTime       time.Time `json:"modified_time,omitempty"`
+}
+
+// SecondaryDNSZoneDetailResponse is the API response for a single secondary
+// DNS zone.
+type SecondaryDNSZoneDetailResponse struct {
+	Response
+	Result SecondaryDNSZone `json:"result"`
+}
+
+// SecondaryDNSZoneAXFRResponse is the API response for a single secondary
+// DNS AXFR response.
+type SecondaryDNSZoneAXFRResponse struct {
+	Response
+	Result string `json:"result"`
+}
+
+// GetSecondaryDNSZone returns the secondary DNS zone configuration for a
+// single zone.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-secondary-zone-configuration-details
+func (api *API) GetSecondaryDNSZone(ctx context.Context, zoneID string) (SecondaryDNSZone, error) {
+	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return SecondaryDNSZone{}, err
+	}
+
+	var r SecondaryDNSZoneDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateSecondaryDNSZone creates a secondary DNS zone.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-create-secondary-zone-configuration
+func (api *API) CreateSecondaryDNSZone(ctx context.Context, zoneID string, zone SecondaryDNSZone) (SecondaryDNSZone, error) {
+	if err := validateRequiredSecondaryDNSZoneValues(zone); err != nil {
+		return SecondaryDNSZone{}, err
+	}
+
+	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
+		SecondaryDNSZone{
+			Name:               zone.Name,
+			AutoRefreshSeconds: zone.AutoRefreshSeconds,
+			Primaries:          zone.Primaries,
+		},
+	)
+
+	if err != nil {
+		return SecondaryDNSZone{}, err
+	}
+
+	result := SecondaryDNSZoneDetailResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// UpdateSecondaryDNSZone updates an existing secondary DNS zone.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-update-secondary-zone-configuration
+func (api *API) UpdateSecondaryDNSZone(ctx context.Context, zoneID string, zone SecondaryDNSZone) (SecondaryDNSZone, error) {
+	if err := validateRequiredSecondaryDNSZoneValues(zone); err != nil {
+		return SecondaryDNSZone{}, err
+	}
+
+	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri,
+		SecondaryDNSZone{
+			Name:               zone.Name,
+			AutoRefreshSeconds: zone.AutoRefreshSeconds,
+			Primaries:          zone.Primaries,
+		},
+	)
+
+	if err != nil {
+		return SecondaryDNSZone{}, err
+	}
+
+	result := SecondaryDNSZoneDetailResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result, nil
+}
+
+// DeleteSecondaryDNSZone deletes a secondary DNS zone.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-delete-secondary-zone-configuration
+func (api *API) DeleteSecondaryDNSZone(ctx context.Context, zoneID string) error {
+	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ForceSecondaryDNSZoneAXFR requests an immediate AXFR request.
+//
+// API reference: https://api.cloudflare.com/#secondary-dns-update-secondary-zone-configuration
+func (api *API) ForceSecondaryDNSZoneAXFR(ctx context.Context, zoneID string) error {
+	uri := fmt.Sprintf("/zones/%s/secondary_dns/force_axfr", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	result := SecondaryDNSZoneAXFRResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// validateRequiredSecondaryDNSZoneValues ensures that the payload matches the
+// API requirements for required fields.
+func validateRequiredSecondaryDNSZoneValues(zone SecondaryDNSZone) error {
+	if zone.Name == "" {
+		return errors.New(errSecondaryDNSInvalidZoneName)
+	}
+
+	if zone.AutoRefreshSeconds == 0 || zone.AutoRefreshSeconds < 0 {
+		return errors.New(errSecondaryDNSInvalidAutoRefreshValue)
+	}
+
+	if len(zone.Primaries) == 0 {
+		return errors.New(errSecondaryDNSInvalidPrimaries)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/secondary_zone_dns_test.go b/pkg/cloudflare-go/secondary_zone_dns_test.go
new file mode 100644
index 0000000000..4a7d94144b
--- /dev/null
+++ b/pkg/cloudflare-go/secondary_zone_dns_test.go
@@ -0,0 +1,249 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetSecondaryDNSZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "269d8f4853475ca241c4e730be286b20",
+				"name": "www.example.com.",
+				"primaries": [
+					"23ff594956f20c2a721606e94745a8aa",
+					"00920f38ce07c2e2f4df50b1f61d4194"
+				],
+				"auto_refresh_seconds": 86400,
+				"soa_serial": 2019102400,
+				"created_time": "2019-10-24T17:09:42.883908+01:00",
+				"checked_time": "2019-10-24T17:09:42.883908+01:00",
+				"modified_time": "2019-10-24T17:09:42.883908+01:00"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	want := SecondaryDNSZone{
+		ID:   "269d8f4853475ca241c4e730be286b20",
+		Name: "www.example.com.",
+		Primaries: []string{
+			"23ff594956f20c2a721606e94745a8aa",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		AutoRefreshSeconds: 86400,
+		SoaSerial:          2019102400,
+		CreatedTime:        createdOn,
+		CheckedTime:        checkedOn,
+		ModifiedTime:       modifiedOn,
+	}
+
+	actual, err := client.GetSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSecondaryDNSZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "269d8f4853475ca241c4e730be286b20",
+				"name": "www.example.com.",
+				"primaries": [
+					"23ff594956f20c2a721606e94745a8aa",
+					"00920f38ce07c2e2f4df50b1f61d4194"
+				],
+				"auto_refresh_seconds": 86400,
+				"soa_serial": 2019102400,
+				"created_time": "2019-10-24T17:09:42.883908+01:00",
+				"checked_time": "2019-10-24T17:09:42.883908+01:00",
+				"modified_time": "2019-10-24T17:09:42.883908+01:00"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	want := SecondaryDNSZone{
+		ID:   "269d8f4853475ca241c4e730be286b20",
+		Name: "www.example.com.",
+		Primaries: []string{
+			"23ff594956f20c2a721606e94745a8aa",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		AutoRefreshSeconds: 86400,
+		SoaSerial:          2019102400,
+		CreatedTime:        createdOn,
+		CheckedTime:        checkedOn,
+		ModifiedTime:       modifiedOn,
+	}
+
+	newSecondaryZone := SecondaryDNSZone{
+		Name: "www.example.com.",
+		Primaries: []string{
+			"23ff594956f20c2a721606e94745a8aa",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		AutoRefreshSeconds: 86400,
+	}
+
+	actual, err := client.CreateSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823", newSecondaryZone)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSecondaryDNSZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "269d8f4853475ca241c4e730be286b20",
+				"name": "www.example.com.",
+				"primaries": [
+					"23ff594956f20c2a721606e94745a8aa",
+					"00920f38ce07c2e2f4df50b1f61d4194"
+				],
+				"auto_refresh_seconds": 86400,
+				"soa_serial": 2019102400,
+				"created_time": "2019-10-24T17:09:42.883908+01:00",
+				"checked_time": "2019-10-24T17:09:42.883908+01:00",
+				"modified_time": "2019-10-24T17:09:42.883908+01:00"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
+	want := SecondaryDNSZone{
+		ID:   "269d8f4853475ca241c4e730be286b20",
+		Name: "www.example.com.",
+		Primaries: []string{
+			"23ff594956f20c2a721606e94745a8aa",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		AutoRefreshSeconds: 86400,
+		SoaSerial:          2019102400,
+		CreatedTime:        createdOn,
+		CheckedTime:        checkedOn,
+		ModifiedTime:       modifiedOn,
+	}
+
+	updatedZone := SecondaryDNSZone{
+		Name: "www.example.com.",
+		Primaries: []string{
+			"23ff594956f20c2a721606e94745a8aa",
+			"00920f38ce07c2e2f4df50b1f61d4194",
+		},
+		AutoRefreshSeconds: 86400,
+	}
+
+	actual, err := client.UpdateSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823", updatedZone)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSecondaryDNSZone(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "269d8f4853475ca241c4e730be286b20"
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
+
+	err := client.DeleteSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	assert.NoError(t, err)
+}
+
+func TestForceSecondaryDNSZoneAXFR(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": "OK"
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns/force_axfr", handler)
+
+	err := client.ForceSecondaryDNSZoneAXFR(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	assert.NoError(t, err)
+}
+
+func TestValidateRequiredSecondaryDNSZoneValues(t *testing.T) {
+	z1 := SecondaryDNSZone{}
+	err1 := validateRequiredSecondaryDNSZoneValues(z1)
+	assert.EqualError(t, err1, errSecondaryDNSInvalidZoneName)
+
+	z2 := SecondaryDNSZone{Name: "example.com."}
+	err2 := validateRequiredSecondaryDNSZoneValues(z2)
+	assert.EqualError(t, err2, errSecondaryDNSInvalidAutoRefreshValue)
+
+	z3 := SecondaryDNSZone{Name: "example.com.", AutoRefreshSeconds: 1}
+	err3 := validateRequiredSecondaryDNSZoneValues(z3)
+	assert.EqualError(t, err3, errSecondaryDNSInvalidPrimaries)
+
+	z4 := SecondaryDNSZone{Name: "example.com.", AutoRefreshSeconds: 1, Primaries: []string{"a", "b"}}
+	err4 := validateRequiredSecondaryDNSZoneValues(z4)
+	assert.NoError(t, err4)
+}
diff --git a/pkg/cloudflare-go/spectrum.go b/pkg/cloudflare-go/spectrum.go
new file mode 100644
index 0000000000..2ebfb41d5f
--- /dev/null
+++ b/pkg/cloudflare-go/spectrum.go
@@ -0,0 +1,368 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// ProxyProtocol implements json.Unmarshaler in order to support deserializing of the deprecated boolean
+// value for `proxy_protocol`.
+type ProxyProtocol string
+
+// UnmarshalJSON handles deserializing of both the deprecated boolean value and the current string value
+// for the `proxy_protocol` field.
+func (p *ProxyProtocol) UnmarshalJSON(data []byte) error {
+	var raw interface{}
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+
+	switch pp := raw.(type) {
+	case string:
+		*p = ProxyProtocol(pp)
+	case bool:
+		if pp {
+			*p = "v1"
+		} else {
+			*p = "off"
+		}
+	default:
+		return fmt.Errorf("invalid type for proxy_protocol field: %T", pp)
+	}
+	return nil
+}
+
+// SpectrumApplicationOriginPort defines a union of a single port or range of ports.
+type SpectrumApplicationOriginPort struct {
+	Port, Start, End uint16
+}
+
+// ErrOriginPortInvalid is a common error for failing to parse a single port or port range.
+var ErrOriginPortInvalid = errors.New("invalid origin port")
+
+func (p *SpectrumApplicationOriginPort) parse(s string) error {
+	switch split := strings.Split(s, "-"); len(split) {
+	case 1:
+		i, err := strconv.ParseUint(split[0], 10, 16)
+		if err != nil {
+			return err
+		}
+		p.Port = uint16(i)
+	case 2:
+		start, err := strconv.ParseUint(split[0], 10, 16)
+		if err != nil {
+			return err
+		}
+		end, err := strconv.ParseUint(split[1], 10, 16)
+		if err != nil {
+			return err
+		}
+		if start >= end {
+			return ErrOriginPortInvalid
+		}
+		p.Start = uint16(start)
+		p.End = uint16(end)
+	default:
+		return ErrOriginPortInvalid
+	}
+	return nil
+}
+
+// UnmarshalJSON converts a byte slice into a single port or port range.
+func (p *SpectrumApplicationOriginPort) UnmarshalJSON(b []byte) error {
+	var port interface{}
+	if err := json.Unmarshal(b, &port); err != nil {
+		return err
+	}
+
+	switch i := port.(type) {
+	case float64:
+		p.Port = uint16(i)
+	case string:
+		if err := p.parse(i); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalJSON converts a single port or port range to a suitable byte slice.
+func (p *SpectrumApplicationOriginPort) MarshalJSON() ([]byte, error) {
+	if p.End > 0 {
+		return json.Marshal(fmt.Sprintf("%d-%d", p.Start, p.End))
+	}
+	return json.Marshal(p.Port)
+}
+
+// SpectrumApplication defines a single Spectrum Application.
+type SpectrumApplication struct {
+	DNS              SpectrumApplicationDNS         `json:"dns,omitempty"`
+	OriginDirect     []string                       `json:"origin_direct,omitempty"`
+	ID               string                         `json:"id,omitempty"`
+	Protocol         string                         `json:"protocol,omitempty"`
+	TrafficType      string                         `json:"traffic_type,omitempty"`
+	TLS              string                         `json:"tls,omitempty"`
+	ProxyProtocol    ProxyProtocol                  `json:"proxy_protocol,omitempty"`
+	ModifiedOn       *time.Time                     `json:"modified_on,omitempty"`
+	OriginDNS        *SpectrumApplicationOriginDNS  `json:"origin_dns,omitempty"`
+	OriginPort       *SpectrumApplicationOriginPort `json:"origin_port,omitempty"`
+	CreatedOn        *time.Time                     `json:"created_on,omitempty"`
+	EdgeIPs          *SpectrumApplicationEdgeIPs    `json:"edge_ips,omitempty"`
+	ArgoSmartRouting bool                           `json:"argo_smart_routing,omitempty"`
+	IPv4             bool                           `json:"ipv4,omitempty"`
+	IPFirewall       bool                           `json:"ip_firewall,omitempty"`
+}
+
+// UnmarshalJSON handles setting the `ProxyProtocol` field based on the value of the deprecated `spp` field.
+func (a *SpectrumApplication) UnmarshalJSON(data []byte) error {
+	var body map[string]interface{}
+	if err := json.Unmarshal(data, &body); err != nil {
+		return err
+	}
+
+	var app spectrumApplicationRaw
+	if err := json.Unmarshal(data, &app); err != nil {
+		return err
+	}
+
+	if spp, ok := body["spp"]; ok && spp.(bool) {
+		app.ProxyProtocol = "simple"
+	}
+
+	*a = SpectrumApplication(app)
+	return nil
+}
+
+// spectrumApplicationRaw is used to inspect an application body to support the deprecated boolean value for `spp`.
+type spectrumApplicationRaw SpectrumApplication
+
+// SpectrumApplicationDNS holds the external DNS configuration for a Spectrum
+// Application.
+type SpectrumApplicationDNS struct {
+	Type string `json:"type"`
+	Name string `json:"name"`
+}
+
+// SpectrumApplicationOriginDNS holds the origin DNS configuration for a Spectrum
+// Application.
+type SpectrumApplicationOriginDNS struct {
+	Name string `json:"name"`
+}
+
+// SpectrumApplicationDetailResponse is the structure of the detailed response
+// from the API.
+type SpectrumApplicationDetailResponse struct {
+	Response
+	Result SpectrumApplication `json:"result"`
+}
+
+// SpectrumApplicationsDetailResponse is the structure of the detailed response
+// from the API.
+type SpectrumApplicationsDetailResponse struct {
+	Response
+	Result []SpectrumApplication `json:"result"`
+}
+
+// SpectrumApplicationEdgeIPs represents configuration for Bring-Your-Own-IP
+// https://developers.cloudflare.com/spectrum/getting-started/byoip/
+type SpectrumApplicationEdgeIPs struct {
+	Type         SpectrumApplicationEdgeType      `json:"type"`
+	Connectivity *SpectrumApplicationConnectivity `json:"connectivity,omitempty"`
+	IPs          []net.IP                         `json:"ips,omitempty"`
+}
+
+// SpectrumApplicationEdgeType for possible Edge configurations.
+type SpectrumApplicationEdgeType string
+
+const (
+	// SpectrumEdgeTypeDynamic IP config.
+	SpectrumEdgeTypeDynamic SpectrumApplicationEdgeType = "dynamic"
+	// SpectrumEdgeTypeStatic IP config.
+	SpectrumEdgeTypeStatic SpectrumApplicationEdgeType = "static"
+)
+
+// UnmarshalJSON function for SpectrumApplicationEdgeType enum.
+func (t *SpectrumApplicationEdgeType) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+
+	newEdgeType := SpectrumApplicationEdgeType(strings.ToLower(s))
+	switch newEdgeType {
+	case SpectrumEdgeTypeDynamic, SpectrumEdgeTypeStatic:
+		*t = newEdgeType
+		return nil
+	}
+
+	return errors.New(errUnmarshalError)
+}
+
+func (t SpectrumApplicationEdgeType) String() string {
+	return string(t)
+}
+
+// SpectrumApplicationConnectivity specifies IP address type on the edge configuration.
+type SpectrumApplicationConnectivity string
+
+const (
+	// SpectrumConnectivityAll specifies IPv4/6 edge IP.
+	SpectrumConnectivityAll SpectrumApplicationConnectivity = "all"
+	// SpectrumConnectivityIPv4 specifies IPv4 edge IP.
+	SpectrumConnectivityIPv4 SpectrumApplicationConnectivity = "ipv4"
+	// SpectrumConnectivityIPv6 specifies IPv6 edge IP.
+	SpectrumConnectivityIPv6 SpectrumApplicationConnectivity = "ipv6"
+	// SpectrumConnectivityStatic specifies static edge IP configuration.
+	SpectrumConnectivityStatic SpectrumApplicationConnectivity = "static"
+)
+
+func (c SpectrumApplicationConnectivity) String() string {
+	return string(c)
+}
+
+// UnmarshalJSON function for SpectrumApplicationConnectivity enum.
+func (c *SpectrumApplicationConnectivity) UnmarshalJSON(b []byte) error {
+	var s string
+	err := json.Unmarshal(b, &s)
+	if err != nil {
+		return err
+	}
+
+	newConnectivity := SpectrumApplicationConnectivity(strings.ToLower(s))
+	if newConnectivity.Dynamic() {
+		*c = newConnectivity
+		return nil
+	}
+
+	return errors.New(errUnmarshalError)
+}
+
+// Dynamic checks if address family is specified as dynamic config.
+func (c SpectrumApplicationConnectivity) Dynamic() bool {
+	switch c {
+	case SpectrumConnectivityAll, SpectrumConnectivityIPv4, SpectrumConnectivityIPv6:
+		return true
+	}
+	return false
+}
+
+// Static checks if address family is specified as static config.
+func (c SpectrumApplicationConnectivity) Static() bool {
+	return c == SpectrumConnectivityStatic
+}
+
+// SpectrumApplications fetches all of the Spectrum applications for a zone.
+//
+// API reference: https://developers.cloudflare.com/spectrum/api-reference/#list-spectrum-applications
+func (api *API) SpectrumApplications(ctx context.Context, zoneID string) ([]SpectrumApplication, error) {
+	uri := fmt.Sprintf("/zones/%s/spectrum/apps", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []SpectrumApplication{}, err
+	}
+
+	var spectrumApplications SpectrumApplicationsDetailResponse
+	err = json.Unmarshal(res, &spectrumApplications)
+	if err != nil {
+		return []SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return spectrumApplications.Result, nil
+}
+
+// SpectrumApplication fetches a single Spectrum application based on the ID.
+//
+// API reference: https://developers.cloudflare.com/spectrum/api-reference/#list-spectrum-applications
+func (api *API) SpectrumApplication(ctx context.Context, zoneID string, applicationID string) (SpectrumApplication, error) {
+	uri := fmt.Sprintf(
+		"/zones/%s/spectrum/apps/%s",
+		zoneID,
+		applicationID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return SpectrumApplication{}, err
+	}
+
+	var spectrumApplication SpectrumApplicationDetailResponse
+	err = json.Unmarshal(res, &spectrumApplication)
+	if err != nil {
+		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return spectrumApplication.Result, nil
+}
+
+// CreateSpectrumApplication creates a new Spectrum application.
+//
+// API reference: https://developers.cloudflare.com/spectrum/api-reference/#create-a-spectrum-application
+func (api *API) CreateSpectrumApplication(ctx context.Context, zoneID string, appDetails SpectrumApplication) (SpectrumApplication, error) {
+	uri := fmt.Sprintf("/zones/%s/spectrum/apps", zoneID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, appDetails)
+	if err != nil {
+		return SpectrumApplication{}, err
+	}
+
+	var spectrumApplication SpectrumApplicationDetailResponse
+	err = json.Unmarshal(res, &spectrumApplication)
+	if err != nil {
+		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return spectrumApplication.Result, nil
+}
+
+// UpdateSpectrumApplication updates an existing Spectrum application.
+//
+// API reference: https://developers.cloudflare.com/spectrum/api-reference/#update-a-spectrum-application
+func (api *API) UpdateSpectrumApplication(ctx context.Context, zoneID, appID string, appDetails SpectrumApplication) (SpectrumApplication, error) {
+	uri := fmt.Sprintf(
+		"/zones/%s/spectrum/apps/%s",
+		zoneID,
+		appID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, appDetails)
+	if err != nil {
+		return SpectrumApplication{}, err
+	}
+
+	var spectrumApplication SpectrumApplicationDetailResponse
+	err = json.Unmarshal(res, &spectrumApplication)
+	if err != nil {
+		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return spectrumApplication.Result, nil
+}
+
+// DeleteSpectrumApplication removes a Spectrum application based on the ID.
+//
+// API reference: https://developers.cloudflare.com/spectrum/api-reference/#delete-a-spectrum-application
+func (api *API) DeleteSpectrumApplication(ctx context.Context, zoneID string, applicationID string) error {
+	uri := fmt.Sprintf(
+		"/zones/%s/spectrum/apps/%s",
+		zoneID,
+		applicationID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/spectrum_test.go b/pkg/cloudflare-go/spectrum_test.go
new file mode 100644
index 0000000000..85fa20cb6d
--- /dev/null
+++ b/pkg/cloudflare-go/spectrum_test.go
@@ -0,0 +1,549 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSpectrumApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/22",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_direct": [
+					"tcp://192.0.2.1:22"
+				],
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "off",
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:         "f68579455bd947efb65ffa1bcf33b52c",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+		Protocol:   "tcp/22",
+		IPv4:       true,
+		DNS: SpectrumApplicationDNS{
+			Name: "spectrum.example.com",
+			Type: "CNAME",
+		},
+		OriginDirect:  []string{"tcp://192.0.2.1:22"},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "off",
+	}
+
+	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSpectrumApplications(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+					{
+					"id": "f68579455bd947efb65ffa1bcf33b52c",
+					"protocol": "tcp/22",
+					"ipv4": true,
+					"dns": {
+						"type": "CNAME",
+						"name": "spectrum.example.com"
+					},
+					"origin_direct": [
+						"tcp://192.0.2.1:22"
+					],
+					"ip_firewall": true,
+					"proxy_protocol": "off",
+					"tls": "off",
+					"created_on": "2018-03-28T21:25:55.643771Z",
+					"modified_on": "2018-03-28T21:25:55.643771Z"
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := []SpectrumApplication{
+		{
+			ID:         "f68579455bd947efb65ffa1bcf33b52c",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+			Protocol:   "tcp/22",
+			IPv4:       true,
+			DNS: SpectrumApplicationDNS{
+				Name: "spectrum.example.com",
+				Type: "CNAME",
+			},
+			OriginDirect:  []string{"tcp://192.0.2.1:22"},
+			IPFirewall:    true,
+			ProxyProtocol: "off",
+			TLS:           "off",
+		},
+	}
+
+	actual, err := client.SpectrumApplications(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSpectrumApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/23",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum1.example.com"
+				},
+				"origin_direct": [
+					"tcp://192.0.2.1:23"
+				],
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "full",
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:       "f68579455bd947efb65ffa1bcf33b52c",
+		Protocol: "tcp/23",
+		IPv4:     true,
+		DNS: SpectrumApplicationDNS{
+			Type: "CNAME",
+			Name: "spectrum1.example.com",
+		},
+		OriginDirect:  []string{"tcp://192.0.2.1:23"},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "full",
+		CreatedOn:     &createdOn,
+		ModifiedOn:    &modifiedOn,
+	}
+
+	actual, err := client.UpdateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSpectrumApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/22",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_direct": [
+					"tcp://192.0.2.1:22"
+				],
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "full",
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:       "f68579455bd947efb65ffa1bcf33b52c",
+		Protocol: "tcp/22",
+		IPv4:     true,
+		DNS: SpectrumApplicationDNS{
+			Type: "CNAME",
+			Name: "spectrum.example.com",
+		},
+		OriginDirect:  []string{"tcp://192.0.2.1:22"},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "full",
+		CreatedOn:     &createdOn,
+		ModifiedOn:    &modifiedOn,
+	}
+
+	actual, err := client.CreateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateSpectrumApplication_OriginDNS(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "5683dc9a12ba4dc6bceaca011bcafcf5",
+				"protocol": "tcp/22",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_dns": {
+					"name" : "spectrum.origin.example.com"
+				},
+				"origin_port": 2022,
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "full",
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
+
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:       "5683dc9a12ba4dc6bceaca011bcafcf5",
+		Protocol: "tcp/22",
+		IPv4:     true,
+		DNS: SpectrumApplicationDNS{
+			Type: "CNAME",
+			Name: "spectrum.example.com",
+		},
+		OriginDNS: &SpectrumApplicationOriginDNS{
+			Name: "spectrum.origin.example.com",
+		},
+		OriginPort: &SpectrumApplicationOriginPort{
+			Port: 2022,
+		},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "full",
+		CreatedOn:     &createdOn,
+		ModifiedOn:    &modifiedOn,
+	}
+
+	actual, err := client.CreateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSpectrumApplication(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "40d67c87c6cd4b889a4fd57805225e85"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+
+	err := client.DeleteSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
+	assert.NoError(t, err)
+}
+
+func TestSpectrumApplicationProxyProtocolDeprecations(t *testing.T) {
+	for _, testCase := range []struct {
+		actualProxyProtocol   bool
+		actualSPP             bool
+		expectedProxyProtocol ProxyProtocol
+	}{
+		{
+			actualProxyProtocol:   false,
+			actualSPP:             false,
+			expectedProxyProtocol: "off",
+		},
+		{
+			actualProxyProtocol:   true,
+			actualSPP:             false,
+			expectedProxyProtocol: "v1",
+		},
+		{
+			actualProxyProtocol:   false,
+			actualSPP:             true,
+			expectedProxyProtocol: "simple",
+		},
+	} {
+		setup()
+
+		handler := func(w http.ResponseWriter, r *http.Request) {
+			assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+			w.Header().Set("content-type", "application/json")
+			fmt.Fprintf(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/22",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_direct": [
+					"tcp://192.0.2.1:22"
+				],
+				"ip_firewall": true,
+				"proxy_protocol": %v,
+				"spp": %v,
+				"tls": "off",
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`, testCase.actualProxyProtocol, testCase.actualSPP)
+		}
+
+		mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+		createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+		modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+		want := SpectrumApplication{
+			ID:         "f68579455bd947efb65ffa1bcf33b52c",
+			CreatedOn:  &createdOn,
+			ModifiedOn: &modifiedOn,
+			Protocol:   "tcp/22",
+			IPv4:       true,
+			DNS: SpectrumApplicationDNS{
+				Name: "spectrum.example.com",
+				Type: "CNAME",
+			},
+			OriginDirect:  []string{"tcp://192.0.2.1:22"},
+			IPFirewall:    true,
+			ProxyProtocol: testCase.expectedProxyProtocol,
+			TLS:           "off",
+		}
+
+		actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
+		if assert.NoError(t, err) {
+			assert.Equal(t, want, actual)
+		}
+
+		teardown()
+	}
+}
+
+func TestSpectrumApplicationEdgeIPs(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/22",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_direct": [
+					"tcp://192.0.2.1:22"
+				],
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "off",
+				"edge_ips": {
+					"type": "static",
+					"ips": [
+						"192.0.2.1",
+						"2001:db8::1"
+					]
+				},
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:         "f68579455bd947efb65ffa1bcf33b52c",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+		Protocol:   "tcp/22",
+		IPv4:       true,
+		DNS: SpectrumApplicationDNS{
+			Name: "spectrum.example.com",
+			Type: "CNAME",
+		},
+		OriginDirect:  []string{"tcp://192.0.2.1:22"},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "off",
+		EdgeIPs: &SpectrumApplicationEdgeIPs{
+			Type: SpectrumEdgeTypeStatic,
+			IPs:  []net.IP{net.ParseIP("192.0.2.1"), net.ParseIP("2001:db8::1")},
+		},
+	}
+
+	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSpectrumApplicationPortRange(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "f68579455bd947efb65ffa1bcf33b52c",
+				"protocol": "tcp/22-23",
+				"ipv4": true,
+				"dns": {
+					"type": "CNAME",
+					"name": "spectrum.example.com"
+				},
+				"origin_dns": {
+				  "name": "cloudflare.com"
+				},
+				"origin_port": "2022-2023",
+				"ip_firewall": true,
+				"proxy_protocol": "off",
+				"tls": "off",
+				"edge_ips": {
+					"type": "static",
+					"ips": [
+						"192.0.2.1",
+						"2001:db8::1"
+					]
+				},
+				"created_on": "2018-03-28T21:25:55.643771Z",
+				"modified_on": "2018-03-28T21:25:55.643771Z"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
+	want := SpectrumApplication{
+		ID:         "f68579455bd947efb65ffa1bcf33b52c",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+		Protocol:   "tcp/22-23",
+		IPv4:       true,
+		DNS: SpectrumApplicationDNS{
+			Name: "spectrum.example.com",
+			Type: "CNAME",
+		},
+		OriginDNS: &SpectrumApplicationOriginDNS{
+			Name: "cloudflare.com",
+		},
+		OriginPort: &SpectrumApplicationOriginPort{
+			Start: 2022,
+			End:   2023,
+		},
+		IPFirewall:    true,
+		ProxyProtocol: "off",
+		TLS:           "off",
+		EdgeIPs: &SpectrumApplicationEdgeIPs{
+			Type: SpectrumEdgeTypeStatic,
+			IPs:  []net.IP{net.ParseIP("192.0.2.1"), net.ParseIP("2001:db8::1")},
+		},
+	}
+
+	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/split_tunnel.go b/pkg/cloudflare-go/split_tunnel.go
new file mode 100644
index 0000000000..3124aa74cf
--- /dev/null
+++ b/pkg/cloudflare-go/split_tunnel.go
@@ -0,0 +1,107 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// SplitTunnelResponse represents the response from the get split
+// tunnel endpoints.
+type SplitTunnelResponse struct {
+	Response
+	Result []SplitTunnel `json:"result"`
+}
+
+// SplitTunnel represents the individual tunnel struct.
+type SplitTunnel struct {
+	Address     string `json:"address,omitempty"`
+	Host        string `json:"host,omitempty"`
+	Description string `json:"description,omitempty"`
+}
+
+// ListSplitTunnel returns all include or exclude split tunnel  within an account.
+//
+// API reference for include: https://api.cloudflare.com/#device-policy-get-split-tunnel-include-list
+// API reference for exclude: https://api.cloudflare.com/#device-policy-get-split-tunnel-exclude-list
+func (api *API) ListSplitTunnels(ctx context.Context, accountID string, mode string) ([]SplitTunnel, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, mode)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []SplitTunnel{}, err
+	}
+
+	var splitTunnelResponse SplitTunnelResponse
+	err = json.Unmarshal(res, &splitTunnelResponse)
+	if err != nil {
+		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return splitTunnelResponse.Result, nil
+}
+
+// UpdateSplitTunnel updates the existing split tunnel policy.
+//
+// API reference for include: https://api.cloudflare.com/#device-policy-set-split-tunnel-include-list
+// API reference for exclude: https://api.cloudflare.com/#device-policy-set-split-tunnel-exclude-list
+func (api *API) UpdateSplitTunnel(ctx context.Context, accountID string, mode string, tunnels []SplitTunnel) ([]SplitTunnel, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, mode)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnels)
+	if err != nil {
+		return []SplitTunnel{}, err
+	}
+
+	var splitTunnelResponse SplitTunnelResponse
+	err = json.Unmarshal(res, &splitTunnelResponse)
+	if err != nil {
+		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return splitTunnelResponse.Result, nil
+}
+
+// ListSplitTunnelDeviceSettingsPolicy returns all include or exclude split tunnel within a device settings policy
+//
+// API reference for include: https://api.cloudflare.com/#device-policy-get-split-tunnel-include-list
+// API reference for exclude: https://api.cloudflare.com/#device-policy-get-split-tunnel-exclude-list
+func (api *API) ListSplitTunnelsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, mode string) ([]SplitTunnel, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/%s", AccountRouteRoot, accountID, policyID, mode)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []SplitTunnel{}, err
+	}
+
+	var splitTunnelResponse SplitTunnelResponse
+	err = json.Unmarshal(res, &splitTunnelResponse)
+	if err != nil {
+		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return splitTunnelResponse.Result, nil
+}
+
+// UpdateSplitTunnelDeviceSettingsPolicy updates the existing split tunnel policy within a device settings policy
+//
+// API reference for include: https://api.cloudflare.com/#device-policy-set-split-tunnel-include-list
+// API reference for exclude: https://api.cloudflare.com/#device-policy-set-split-tunnel-exclude-list
+func (api *API) UpdateSplitTunnelDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, mode string, tunnels []SplitTunnel) ([]SplitTunnel, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/%s", AccountRouteRoot, accountID, policyID, mode)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnels)
+	if err != nil {
+		return []SplitTunnel{}, err
+	}
+
+	var splitTunnelResponse SplitTunnelResponse
+	err = json.Unmarshal(res, &splitTunnelResponse)
+	if err != nil {
+		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return splitTunnelResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/split_tunnel_test.go b/pkg/cloudflare-go/split_tunnel_test.go
new file mode 100644
index 0000000000..63c6448fb3
--- /dev/null
+++ b/pkg/cloudflare-go/split_tunnel_test.go
@@ -0,0 +1,300 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSplitTunnelIncludeHost(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "host": "*.example.com",
+          "description": "default"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []SplitTunnel{{
+		Host:        "*.example.com",
+		Description: "default",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
+
+	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "include")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSplitTunnelIncludeAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "address": "192.0.2.0/24",
+          "description": "TEST-NET-1"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []SplitTunnel{{
+		Address:     "192.0.2.0/24",
+		Description: "TEST-NET-1",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
+
+	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "include")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSplitTunnelInclude(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "address": "192.0.2.0/24",
+          "description": "TEST-NET-1"
+       },
+       {
+          "address": "198.51.100.0/24",
+          "description": "TEST-NET-2"
+       },
+       {
+          "host": "*.example.com",
+          "description": "example host name"
+       }
+      ]
+    }
+    `)
+	}
+
+	tunnels := []SplitTunnel{
+		{
+			Address:     "192.0.2.0/24",
+			Description: "TEST-NET-1",
+		},
+		{
+			Address:     "198.51.100.0/24",
+			Description: "TEST-NET-2",
+		},
+		{
+			Host:        "*.example.com",
+			Description: "example host name",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
+
+	actual, err := client.UpdateSplitTunnel(context.Background(), testAccountID, "include", tunnels)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, tunnels, actual)
+	}
+}
+
+func TestSplitTunnelExcludeHost(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "host": "*.example.com",
+          "description": "default"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []SplitTunnel{{
+		Host:        "*.example.com",
+		Description: "default",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
+
+	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "exclude")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestSplitTunnelExcludeAddress(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "address": "192.0.2.0/24",
+          "description": "TEST-NET-1"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []SplitTunnel{{
+		Address:     "192.0.2.0/24",
+		Description: "TEST-NET-1",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
+
+	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "exclude")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateSplitTunnelExclude(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "address": "192.0.2.0/24",
+          "description": "TEST-NET-1"
+       },
+       {
+          "address": "198.51.100.0/24",
+          "description": "TEST-NET-2"
+       },
+       {
+          "host": "*.example.com",
+          "description": "example host name"
+       }
+      ]
+    }
+    `)
+	}
+
+	tunnels := []SplitTunnel{
+		{
+			Address:     "192.0.2.0/24",
+			Description: "TEST-NET-1",
+		},
+		{
+			Address:     "198.51.100.0/24",
+			Description: "TEST-NET-2",
+		},
+		{
+			Host:        "*.example.com",
+			Description: "example host name",
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
+
+	actual, err := client.UpdateSplitTunnel(context.Background(), testAccountID, "exclude", tunnels)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, tunnels, actual)
+	}
+}
+
+func TestSplitTunnelsDeviceSettingsPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+    {
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": [
+        {
+          "host": "*.example.com",
+          "description": "default"
+       }
+      ]
+    }
+    `)
+	}
+
+	want := []SplitTunnel{{
+		Host:        "*.example.com",
+		Description: "default",
+	}}
+
+	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/include", handler)
+
+	actual, err := client.ListSplitTunnelsDeviceSettingsPolicy(context.Background(), testAccountID, policyID, "include")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/ssl.go b/pkg/cloudflare-go/ssl.go
new file mode 100644
index 0000000000..3d1b5cfdb7
--- /dev/null
+++ b/pkg/cloudflare-go/ssl.go
@@ -0,0 +1,173 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// ZoneCustomSSL represents custom SSL certificate metadata.
+type ZoneCustomSSL struct {
+	ID              string                        `json:"id"`
+	Hosts           []string                      `json:"hosts"`
+	Issuer          string                        `json:"issuer"`
+	Signature       string                        `json:"signature"`
+	Status          string                        `json:"status"`
+	BundleMethod    string                        `json:"bundle_method"`
+	GeoRestrictions *ZoneCustomSSLGeoRestrictions `json:"geo_restrictions,omitempty"`
+	ZoneID          string                        `json:"zone_id"`
+	UploadedOn      time.Time                     `json:"uploaded_on"`
+	ModifiedOn      time.Time                     `json:"modified_on"`
+	ExpiresOn       time.Time                     `json:"expires_on"`
+	Priority        int                           `json:"priority"`
+	KeylessServer   KeylessSSL                    `json:"keyless_server"`
+}
+
+// ZoneCustomSSLGeoRestrictions represents the parameter to create or update
+// geographic restrictions on a custom ssl certificate.
+type ZoneCustomSSLGeoRestrictions struct {
+	Label string `json:"label"`
+}
+
+// zoneCustomSSLResponse represents the response from the zone SSL details endpoint.
+type zoneCustomSSLResponse struct {
+	Response
+	Result ZoneCustomSSL `json:"result"`
+}
+
+// zoneCustomSSLsResponse represents the response from the zone SSL list endpoint.
+type zoneCustomSSLsResponse struct {
+	Response
+	Result []ZoneCustomSSL `json:"result"`
+}
+
+// ZoneCustomSSLOptions represents the parameters to create or update an existing
+// custom SSL configuration.
+type ZoneCustomSSLOptions struct {
+	Certificate     string                        `json:"certificate"`
+	PrivateKey      string                        `json:"private_key"`
+	BundleMethod    string                        `json:"bundle_method,omitempty"`
+	GeoRestrictions *ZoneCustomSSLGeoRestrictions `json:"geo_restrictions,omitempty"`
+	Type            string                        `json:"type,omitempty"`
+}
+
+// ZoneCustomSSLPriority represents a certificate's ID and priority. It is a
+// subset of ZoneCustomSSL used for patch requests.
+type ZoneCustomSSLPriority struct {
+	ID       string `json:"ID"`
+	Priority int    `json:"priority"`
+}
+
+// CreateSSL allows you to add a custom SSL certificate to the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-create-ssl-configuration
+func (api *API) CreateSSL(ctx context.Context, zoneID string, options ZoneCustomSSLOptions) (ZoneCustomSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, options)
+	if err != nil {
+		return ZoneCustomSSL{}, err
+	}
+	var r zoneCustomSSLResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListSSL lists the custom certificates for the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-list-ssl-configurations
+func (api *API) ListSSL(ctx context.Context, zoneID string) ([]ZoneCustomSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r zoneCustomSSLsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// SSLDetails returns the configuration details for a custom SSL certificate.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-ssl-configuration-details
+func (api *API) SSLDetails(ctx context.Context, zoneID, certificateID string) (ZoneCustomSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneCustomSSL{}, err
+	}
+	var r zoneCustomSSLResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateSSL updates (replaces) a custom SSL certificate.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-update-ssl-configuration
+func (api *API) UpdateSSL(ctx context.Context, zoneID, certificateID string, options ZoneCustomSSLOptions) (ZoneCustomSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, options)
+	if err != nil {
+		return ZoneCustomSSL{}, err
+	}
+	var r zoneCustomSSLResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ReprioritizeSSL allows you to change the priority (which is served for a given
+// request) of custom SSL certificates associated with the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-re-prioritize-ssl-certificates
+func (api *API) ReprioritizeSSL(ctx context.Context, zoneID string, p []ZoneCustomSSLPriority) ([]ZoneCustomSSL, error) {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates/prioritize", zoneID)
+	params := struct {
+		Certificates []ZoneCustomSSLPriority `json:"certificates"`
+	}{
+		Certificates: p,
+	}
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return nil, err
+	}
+	var r zoneCustomSSLsResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteSSL deletes a custom SSL certificate from the given zone.
+//
+// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-delete-an-ssl-certificate
+func (api *API) DeleteSSL(ctx context.Context, zoneID, certificateID string) error {
+	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
+	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+// SSLValidationRecord displays Domain Control Validation tokens.
+type SSLValidationRecord struct {
+	CnameTarget string `json:"cname_target,omitempty"`
+	CnameName   string `json:"cname,omitempty"`
+
+	TxtName  string `json:"txt_name,omitempty"`
+	TxtValue string `json:"txt_value,omitempty"`
+
+	HTTPUrl  string `json:"http_url,omitempty"`
+	HTTPBody string `json:"http_body,omitempty"`
+
+	Emails []string `json:"emails,omitempty"`
+}
diff --git a/pkg/cloudflare-go/ssl_test.go b/pkg/cloudflare-go/ssl_test.go
new file mode 100644
index 0000000000..e7fb3798a3
--- /dev/null
+++ b/pkg/cloudflare-go/ssl_test.go
@@ -0,0 +1,390 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{"certificate":"-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----","geo_restrictions":{"label":"us"},"private_key":"-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----","bundle_method":"ubiquitous"}`, string(b))
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "id": "7e7b8deba8538af625850b7b2530034c",
+            "hosts": [
+              "example.com"
+            ],
+            "issuer": "GlobalSign",
+            "signature": "SHA256WithRSA",
+            "status": "active",
+            "bundle_method": "ubiquitous",
+            "geo_restrictions": {
+               "label": "us"
+            },
+            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+            "uploaded_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "expires_on": "2016-01-01T05:20:00Z",
+            "priority": 1
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates", handler)
+
+	hosts := make([]string, 1, 4)
+	hosts[0] = "example.com"
+	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+	want := ZoneCustomSSL{
+		ID:              "7e7b8deba8538af625850b7b2530034c",
+		Hosts:           hosts,
+		Issuer:          "GlobalSign",
+		Signature:       "SHA256WithRSA",
+		Status:          "active",
+		BundleMethod:    "ubiquitous",
+		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
+		ZoneID:          "023e105f4ecef8ad9ca31a8372d0c353",
+		UploadedOn:      uploadedOn,
+		ModifiedOn:      modifiedOn,
+		ExpiresOn:       expiresOn,
+		Priority:        1,
+	}
+
+	actual, err := client.CreateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", ZoneCustomSSLOptions{
+		Certificate:     "-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----",
+		PrivateKey:      "-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----",
+		BundleMethod:    "ubiquitous",
+		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.CreateSSL(context.Background(), "bar", ZoneCustomSSLOptions{})
+	assert.Error(t, err)
+}
+
+func TestListSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": [
+            {
+              "id": "7e7b8deba8538af625850b7b2530034c",
+              "hosts": [
+                "example.com"
+              ],
+              "issuer": "GlobalSign",
+              "signature": "SHA256WithRSA",
+              "status": "active",
+              "bundle_method": "ubiquitous",
+              "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+              "uploaded_on": "2014-01-01T05:20:00Z",
+              "modified_on": "2014-01-01T05:20:00Z",
+              "expires_on": "2016-01-01T05:20:00Z",
+              "priority": 1
+            }
+          ],
+          "result_info": {
+            "page": 1,
+            "per_page": 20,
+            "count": 1,
+            "total_count": 1
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates", handler)
+
+	hosts := make([]string, 1, 4)
+	hosts[0] = "example.com"
+	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+
+	want := make([]ZoneCustomSSL, 1, 4)
+	want[0] = ZoneCustomSSL{
+		ID:           "7e7b8deba8538af625850b7b2530034c",
+		Hosts:        hosts,
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		Status:       "active",
+		BundleMethod: "ubiquitous",
+		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
+		UploadedOn:   uploadedOn,
+		ModifiedOn:   modifiedOn,
+		ExpiresOn:    expiresOn,
+		Priority:     1,
+	}
+
+	actual, err := client.ListSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.ListSSL(context.Background(), "bar")
+	assert.Error(t, err)
+}
+
+func TestSSLDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "id": "7e7b8deba8538af625850b7b2530034c",
+            "hosts": [
+              "example.com"
+            ],
+            "issuer": "GlobalSign",
+            "signature": "SHA256WithRSA",
+            "status": "active",
+            "bundle_method": "ubiquitous",
+            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+            "uploaded_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "expires_on": "2016-01-01T05:20:00Z",
+            "priority": 1
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
+
+	hosts := make([]string, 1, 4)
+	hosts[0] = "example.com"
+	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+	want := ZoneCustomSSL{
+		ID:           "7e7b8deba8538af625850b7b2530034c",
+		Hosts:        hosts,
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		Status:       "active",
+		BundleMethod: "ubiquitous",
+		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
+		UploadedOn:   uploadedOn,
+		ModifiedOn:   modifiedOn,
+		ExpiresOn:    expiresOn,
+		Priority:     1,
+	}
+
+	actual, err := client.SSLDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.SSLDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar")
+	assert.Error(t, err)
+}
+
+func TestUpdateSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{"certificate":"-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----","geo_restrictions":{"label":"us"},"private_key":"-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----","bundle_method":"ubiquitous"}`, string(b))
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "id": "7e7b8deba8538af625850b7b2530034c",
+            "hosts": [
+              "example.com"
+            ],
+            "issuer": "GlobalSign",
+            "signature": "SHA256WithRSA",
+            "status": "active",
+            "bundle_method": "ubiquitous",
+			"geo_restrictions": {
+               "label": "us"
+            },
+            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+            "uploaded_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "expires_on": "2016-01-01T05:20:00Z",
+            "priority": 1
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
+
+	hosts := make([]string, 1, 4)
+	hosts[0] = "example.com"
+	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+	want := ZoneCustomSSL{
+		ID:              "7e7b8deba8538af625850b7b2530034c",
+		Hosts:           hosts,
+		Issuer:          "GlobalSign",
+		Signature:       "SHA256WithRSA",
+		Status:          "active",
+		BundleMethod:    "ubiquitous",
+		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
+		ZoneID:          "023e105f4ecef8ad9ca31a8372d0c353",
+		UploadedOn:      uploadedOn,
+		ModifiedOn:      modifiedOn,
+		ExpiresOn:       expiresOn,
+		Priority:        1,
+	}
+
+	actual, err := client.UpdateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c", ZoneCustomSSLOptions{
+		Certificate:     "-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----",
+		PrivateKey:      "-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----",
+		BundleMethod:    "ubiquitous",
+		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+
+	_, err = client.UpdateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar", ZoneCustomSSLOptions{})
+	assert.Error(t, err)
+}
+
+func TestReprioritizeSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{"certificates":[{"ID":"5a7805061c76ada191ed06f989cc3dac","priority":2},{"ID":"9a7806061c88ada191ed06f989cc3dac","priority":1}]}`, string(b))
+		}
+
+		w.Header().Set("content-type", "application/json")
+		// XXX: Test response flow properly.
+		// Current response assertion uses generic example from the documentation,
+		// rather than responding to the actual PUT request.
+		// https://api.cloudflare.com/#custom-ssl-for-a-zone-re-prioritize-ssl-certificates
+		fmt.Fprint(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": [
+            {
+              "id": "7e7b8deba8538af625850b7b2530034c",
+              "hosts": [
+                "example.com"
+              ],
+              "issuer": "GlobalSign",
+              "signature": "SHA256WithRSA",
+              "status": "active",
+              "bundle_method": "ubiquitous",
+              "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+              "uploaded_on": "2014-01-01T05:20:00Z",
+              "modified_on": "2014-01-01T05:20:00Z",
+              "expires_on": "2016-01-01T05:20:00Z",
+              "priority": 1
+            }
+          ],
+          "result_info": {
+            "page": 1,
+            "per_page": 20,
+            "count": 1,
+            "total_count": 1
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/prioritize", handler)
+
+	hosts := make([]string, 1, 4)
+	hosts[0] = "example.com"
+	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
+
+	want := make([]ZoneCustomSSL, 1, 4)
+	want[0] = ZoneCustomSSL{
+		ID:           "7e7b8deba8538af625850b7b2530034c",
+		Hosts:        hosts,
+		Issuer:       "GlobalSign",
+		Signature:    "SHA256WithRSA",
+		Status:       "active",
+		BundleMethod: "ubiquitous",
+		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
+		UploadedOn:   uploadedOn,
+		ModifiedOn:   modifiedOn,
+		ExpiresOn:    expiresOn,
+		Priority:     1,
+	}
+
+	actual, err := client.ReprioritizeSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", []ZoneCustomSSLPriority{
+		{ID: "5a7805061c76ada191ed06f989cc3dac", Priority: 2},
+		{ID: "9a7806061c88ada191ed06f989cc3dac", Priority: 1},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteSSL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+          "id": "7e7b8deba8538af625850b7b2530034c"
+        }`)
+	}
+
+	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
+
+	err := client.DeleteSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c")
+	assert.NoError(t, err, "Expected to successfully delete certificate ID '7e7b8deba8538af625850b7b2530034c', received error instead")
+
+	err = client.DeleteSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar")
+	assert.Error(t, err, "Expected to error when attempting to delete certificate ID 'bar', did not receive error instead")
+}
diff --git a/pkg/cloudflare-go/stack_rulesest.go b/pkg/cloudflare-go/stack_rulesest.go
new file mode 100644
index 0000000000..cf91e15fd8
--- /dev/null
+++ b/pkg/cloudflare-go/stack_rulesest.go
@@ -0,0 +1,29 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+)
+
+// DeleteRulesetRule removes a ruleset rule based on the ruleset ID +
+// ruleset rule ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/deleteZoneRulesetRule
+func (api *API) DeleteRulesetRule(ctx context.Context, rc *ResourceContainer, rulesetID, rulesetRuleID string) error {
+	uri := fmt.Sprintf("/%s/%s/rulesets/%s/rules/%s", rc.Level, rc.Identifier, rulesetID, rulesetRuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	// The API is not implementing the standard response blob but returns an
+	// empty response (204) in case of a success. So we are checking for the
+	// response body size here.
+	if len(res) > 0 {
+		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/stream.go b/pkg/cloudflare-go/stream.go
new file mode 100644
index 0000000000..3880649962
--- /dev/null
+++ b/pkg/cloudflare-go/stream.go
@@ -0,0 +1,574 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	// ErrMissingUploadURL is for when a URL is required but missing.
+	ErrMissingUploadURL = errors.New("required url missing")
+	// ErrMissingMaxDuration is for when MaxDuration is required but missing.
+	ErrMissingMaxDuration = errors.New("required max duration missing")
+	// ErrMissingVideoID is for when VideoID is required but missing.
+	ErrMissingVideoID = errors.New("required video id missing")
+	// ErrMissingFilePath is for when FilePath is required but missing.
+	ErrMissingFilePath = errors.New("required file path missing")
+	// ErrMissingTusResumable is for when TusResumable is required but missing.
+	ErrMissingTusResumable = errors.New("required tus resumable missing")
+	// ErrInvalidTusResumable is for when TusResumable is invalid.
+	ErrInvalidTusResumable = errors.New("invalid tus resumable")
+	// ErrMarshallingTUSMetadata is for when TUS metadata cannot be marshalled.
+	ErrMarshallingTUSMetadata = errors.New("error marshalling TUS metadata")
+	// ErrMissingUploadLength is for when UploadLength is required but missing.
+	ErrMissingUploadLength = errors.New("required upload length missing")
+	// ErrInvalidStatusCode is for when the status code is invalid.
+	ErrInvalidStatusCode = errors.New("invalid status code")
+)
+
+type TusProtocolVersion string
+
+const (
+	TusProtocolVersion1_0_0 TusProtocolVersion = "1.0.0"
+)
+
+// StreamVideo represents a stream video.
+type StreamVideo struct {
+	AllowedOrigins        []string                 `json:"allowedOrigins,omitempty"`
+	Created               *time.Time               `json:"created,omitempty"`
+	Duration              float64                  `json:"duration,omitempty"`
+	Input                 StreamVideoInput         `json:"input,omitempty"`
+	MaxDurationSeconds    int                      `json:"maxDurationSeconds,omitempty"`
+	Meta                  map[string]interface{}   `json:"meta,omitempty"`
+	Modified              *time.Time               `json:"modified,omitempty"`
+	UploadExpiry          *time.Time               `json:"uploadExpiry,omitempty"`
+	Playback              StreamVideoPlayback      `json:"playback,omitempty"`
+	Preview               string                   `json:"preview,omitempty"`
+	ReadyToStream         bool                     `json:"readyToStream,omitempty"`
+	RequireSignedURLs     bool                     `json:"requireSignedURLs,omitempty"`
+	Size                  int                      `json:"size,omitempty"`
+	Status                StreamVideoStatus        `json:"status,omitempty"`
+	Thumbnail             string                   `json:"thumbnail,omitempty"`
+	ThumbnailTimestampPct float64                  `json:"thumbnailTimestampPct,omitempty"`
+	UID                   string                   `json:"uid,omitempty"`
+	Creator               string                   `json:"creator,omitempty"`
+	LiveInput             string                   `json:"liveInput,omitempty"`
+	Uploaded              *time.Time               `json:"uploaded,omitempty"`
+	ScheduledDeletion     *time.Time               `json:"scheduledDeletion,omitempty"`
+	Watermark             StreamVideoWatermark     `json:"watermark,omitempty"`
+	NFT                   StreamVideoNFTParameters `json:"nft,omitempty"`
+}
+
+// StreamVideoInput represents the video input values of a stream video.
+type StreamVideoInput struct {
+	Height int `json:"height,omitempty"`
+	Width  int `json:"width,omitempty"`
+}
+
+// StreamVideoPlayback represents the playback URLs for a video.
+type StreamVideoPlayback struct {
+	HLS  string `json:"hls,omitempty"`
+	Dash string `json:"dash,omitempty"`
+}
+
+// StreamVideoStatus represents the status of a stream video.
+type StreamVideoStatus struct {
+	State           string `json:"state,omitempty"`
+	PctComplete     string `json:"pctComplete,omitempty"`
+	ErrorReasonCode string `json:"errorReasonCode,omitempty"`
+	ErrorReasonText string `json:"errorReasonText,omitempty"`
+}
+
+// StreamVideoWatermark represents a watermark for a stream video.
+type StreamVideoWatermark struct {
+	UID            string     `json:"uid,omitempty"`
+	Size           int        `json:"size,omitempty"`
+	Height         int        `json:"height,omitempty"`
+	Width          int        `json:"width,omitempty"`
+	Created        *time.Time `json:"created,omitempty"`
+	DownloadedFrom string     `json:"downloadedFrom,omitempty"`
+	Name           string     `json:"name,omitempty"`
+	Opacity        float64    `json:"opacity,omitempty"`
+	Padding        float64    `json:"padding,omitempty"`
+	Scale          float64    `json:"scale,omitempty"`
+	Position       string     `json:"position,omitempty"`
+}
+
+// StreamVideoNFTParameters represents a NFT for a stream video.
+type StreamVideoNFTParameters struct {
+	AccountID string
+	VideoID   string
+	Contract  string `json:"contract,omitempty"`
+	Token     int    `json:"token,omitempty"`
+}
+
+// StreamUploadFromURLParameters are the parameters used when uploading a video from URL.
+type StreamUploadFromURLParameters struct {
+	AccountID             string
+	VideoID               string
+	URL                   string                  `json:"url"`
+	Creator               string                  `json:"creator,omitempty"`
+	ThumbnailTimestampPct float64                 `json:"thumbnailTimestampPct,omitempty"`
+	AllowedOrigins        []string                `json:"allowedOrigins,omitempty"`
+	RequireSignedURLs     bool                    `json:"requireSignedURLs,omitempty"`
+	Watermark             UploadVideoURLWatermark `json:"watermark,omitempty"`
+	Meta                  map[string]interface{}  `json:"meta,omitempty"`
+	ScheduledDeletion     *time.Time              `json:"scheduledDeletion,omitempty"`
+}
+
+// StreamCreateVideoParameters are parameters used when creating a video.
+type StreamCreateVideoParameters struct {
+	AccountID             string
+	MaxDurationSeconds    int                     `json:"maxDurationSeconds,omitempty"`
+	Expiry                *time.Time              `json:"expiry,omitempty"`
+	Creator               string                  `json:"creator,omitempty"`
+	ThumbnailTimestampPct float64                 `json:"thumbnailTimestampPct,omitempty"`
+	AllowedOrigins        []string                `json:"allowedOrigins,omitempty"`
+	RequireSignedURLs     bool                    `json:"requireSignedURLs,omitempty"`
+	Watermark             UploadVideoURLWatermark `json:"watermark,omitempty"`
+	Meta                  map[string]interface{}  `json:"meta,omitempty"`
+	ScheduledDeletion     *time.Time              `json:"scheduledDeletion,omitempty"`
+}
+
+// UploadVideoURLWatermark represents UID of an existing watermark.
+type UploadVideoURLWatermark struct {
+	UID string `json:"uid,omitempty"`
+}
+
+// StreamVideoCreate represents parameters returned after creating a video.
+type StreamVideoCreate struct {
+	UploadURL         string               `json:"uploadURL,omitempty"`
+	UID               string               `json:"uid,omitempty"`
+	Watermark         StreamVideoWatermark `json:"watermark,omitempty"`
+	ScheduledDeletion *time.Time           `json:"scheduledDeletion,omitempty"`
+}
+
+// StreamParameters are the basic parameters needed.
+type StreamParameters struct {
+	AccountID string
+	VideoID   string
+}
+
+// StreamUploadFileParameters are parameters needed for file upload of a video.
+type StreamUploadFileParameters struct {
+	AccountID         string
+	VideoID           string
+	FilePath          string
+	ScheduledDeletion *time.Time
+}
+
+// StreamListParameters represents parameters used when listing stream videos.
+type StreamListParameters struct {
+	AccountID     string
+	VideoID       string
+	After         *time.Time `url:"after,omitempty"`
+	Before        *time.Time `url:"before,omitempty"`
+	Creator       string     `url:"creator,omitempty"`
+	IncludeCounts bool       `url:"include_counts,omitempty"`
+	Search        string     `url:"search,omitempty"`
+	Limit         int        `url:"limit,omitempty"`
+	Asc           bool       `url:"asc,omitempty"`
+	Status        string     `url:"status,omitempty"`
+}
+
+// StreamSignedURLParameters represent parameters used when creating a signed URL.
+type StreamSignedURLParameters struct {
+	AccountID    string
+	VideoID      string
+	ID           string             `json:"id,omitempty"`
+	PEM          string             `json:"pem,omitempty"`
+	EXP          int                `json:"exp,omitempty"`
+	NBF          int                `json:"nbf,omitempty"`
+	Downloadable bool               `json:"downloadable,omitempty"`
+	AccessRules  []StreamAccessRule `json:"accessRules,omitempty"`
+}
+
+type StreamInitiateTUSUploadParameters struct {
+	DirectUserUpload bool               `url:"direct_user,omitempty"`
+	TusResumable     TusProtocolVersion `url:"-"`
+	UploadLength     int64              `url:"-"`
+	UploadCreator    string             `url:"-"`
+	Metadata         TUSUploadMetadata  `url:"-"`
+}
+
+type StreamInitiateTUSUploadResponse struct {
+	ResponseHeaders http.Header
+}
+
+type TUSUploadMetadata struct {
+	Name                  string     `json:"name,omitempty"`
+	MaxDurationSeconds    int        `json:"maxDurationSeconds,omitempty"`
+	RequireSignedURLs     bool       `json:"requiresignedurls,omitempty"`
+	AllowedOrigins        string     `json:"allowedorigins,omitempty"`
+	ThumbnailTimestampPct float64    `json:"thumbnailtimestamppct,omitempty"`
+	ScheduledDeletion     *time.Time `json:"scheduledDeletion,omitempty"`
+	Expiry                *time.Time `json:"expiry,omitempty"`
+	Watermark             string     `json:"watermark,omitempty"`
+}
+
+func (t TUSUploadMetadata) ToTUSCsv() (string, error) {
+	var metadataValues []string
+	if t.Name != "" {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "name", base64.StdEncoding.EncodeToString([]byte(t.Name))))
+	}
+	if t.MaxDurationSeconds != 0 {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "maxDurationSeconds", base64.StdEncoding.EncodeToString([]byte(strconv.Itoa(t.MaxDurationSeconds)))))
+	}
+	if t.RequireSignedURLs {
+		metadataValues = append(metadataValues, "requiresignedurls")
+	}
+	if t.AllowedOrigins != "" {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "allowedorigins", base64.StdEncoding.EncodeToString([]byte(t.AllowedOrigins))))
+	}
+	if t.ThumbnailTimestampPct != 0 {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "thumbnailtimestamppct", base64.StdEncoding.EncodeToString([]byte(strconv.FormatFloat(t.ThumbnailTimestampPct, 'f', -1, 64)))))
+	}
+	if t.ScheduledDeletion != nil {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "scheduledDeletion", base64.StdEncoding.EncodeToString([]byte(t.ScheduledDeletion.Format(time.RFC3339)))))
+	}
+	if t.Expiry != nil {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "expiry", base64.StdEncoding.EncodeToString([]byte(t.Expiry.Format(time.RFC3339)))))
+	}
+	if t.Watermark != "" {
+		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "watermark", base64.StdEncoding.EncodeToString([]byte(t.Watermark))))
+	}
+
+	if len(metadataValues) > 0 {
+		return strings.Join(metadataValues, ","), nil
+	}
+
+	return "", nil
+}
+
+// StreamVideoResponse represents an API response of a stream video.
+type StreamVideoResponse struct {
+	Response
+	Result StreamVideo `json:"result,omitempty"`
+}
+
+// StreamVideoCreateResponse represents an API response of creating a stream video.
+type StreamVideoCreateResponse struct {
+	Response
+	Result StreamVideoCreate `json:"result,omitempty"`
+}
+
+// StreamListResponse represents the API response from a StreamListRequest.
+type StreamListResponse struct {
+	Response
+	Result []StreamVideo `json:"result,omitempty"`
+	Total  string        `json:"total,omitempty"`
+	Range  string        `json:"range,omitempty"`
+}
+
+// StreamSignedURLResponse represents an API response for a signed URL.
+type StreamSignedURLResponse struct {
+	Response
+	Result struct {
+		Token string `json:"token,omitempty"`
+	}
+}
+
+// StreamAccessRule represents the accessRules when creating a signed URL.
+type StreamAccessRule struct {
+	Type    string   `json:"type"`
+	Country []string `json:"country,omitempty"`
+	Action  string   `json:"action"`
+	IP      []string `json:"ip,omitempty"`
+}
+
+// StreamUploadFromURL send a video URL to it will be downloaded and made available on Stream.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-upload-a-video-from-a-url
+func (api *API) StreamUploadFromURL(ctx context.Context, params StreamUploadFromURLParameters) (StreamVideo, error) {
+	if params.AccountID == "" {
+		return StreamVideo{}, ErrMissingAccountID
+	}
+
+	if params.URL == "" {
+		return StreamVideo{}, ErrMissingUploadURL
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/copy", params.AccountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return StreamVideo{}, err
+	}
+
+	var streamVideoResponse StreamVideoResponse
+	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
+		return StreamVideo{}, err
+	}
+	return streamVideoResponse.Result, nil
+}
+
+// StreamUploadVideoFile uploads a video from a path to the file.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-upload-a-video-using-a-single-http-request
+func (api *API) StreamUploadVideoFile(ctx context.Context, params StreamUploadFileParameters) (StreamVideo, error) {
+	if params.AccountID == "" {
+		return StreamVideo{}, ErrMissingAccountID
+	}
+
+	if params.FilePath == "" {
+		return StreamVideo{}, ErrMissingFilePath
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream", params.AccountID)
+
+	// Create new multipart writer
+	body := &bytes.Buffer{}
+	writer := multipart.NewWriter(body)
+	formFile, err := writer.CreateFormFile("file", params.FilePath)
+	if err != nil {
+		return StreamVideo{}, err
+	}
+	file, err := os.Open(params.FilePath)
+	if err != nil {
+		return StreamVideo{}, err
+	}
+	if _, err := io.Copy(formFile, file); err != nil {
+		return StreamVideo{}, err
+	}
+	if err := writer.Close(); err != nil {
+		return StreamVideo{}, err
+	}
+
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, body, http.Header{
+		"Accept":       []string{"application/json"},
+		"Content-Type": []string{writer.FormDataContentType()},
+	})
+	if err != nil {
+		return StreamVideo{}, err
+	}
+
+	var streamVideoResponse StreamVideoResponse
+	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
+		return StreamVideo{}, err
+	}
+	return streamVideoResponse.Result, nil
+}
+
+// StreamCreateVideoDirectURL creates a video and returns an authenticated URL.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-create-a-video-and-get-authenticated-direct-upload-url
+func (api *API) StreamCreateVideoDirectURL(ctx context.Context, params StreamCreateVideoParameters) (StreamVideoCreate, error) {
+	if params.AccountID == "" {
+		return StreamVideoCreate{}, ErrMissingAccountID
+	}
+
+	if params.MaxDurationSeconds == 0 {
+		return StreamVideoCreate{}, ErrMissingMaxDuration
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/direct_upload", params.AccountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return StreamVideoCreate{}, err
+	}
+
+	var streamVideoCreateResponse StreamVideoCreateResponse
+	if err := json.Unmarshal(res, &streamVideoCreateResponse); err != nil {
+		return StreamVideoCreate{}, err
+	}
+	return streamVideoCreateResponse.Result, nil
+}
+
+// StreamListVideos list videos currently in stream.
+//
+// API reference: https://api.cloudflare.com/#stream-videos-list-videos
+func (api *API) StreamListVideos(ctx context.Context, params StreamListParameters) ([]StreamVideo, error) {
+	if params.AccountID == "" {
+		return []StreamVideo{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/stream", params.AccountID), params)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []StreamVideo{}, err
+	}
+
+	var streamListResponse StreamListResponse
+	if err := json.Unmarshal(res, &streamListResponse); err != nil {
+		return []StreamVideo{}, err
+	}
+	return streamListResponse.Result, nil
+}
+
+// StreamInitiateTUSVideoUpload generates a direct upload TUS url for a video.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/stream-videos-initiate-video-uploads-using-tus
+func (api *API) StreamInitiateTUSVideoUpload(ctx context.Context, rc *ResourceContainer, params StreamInitiateTUSUploadParameters) (StreamInitiateTUSUploadResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return StreamInitiateTUSUploadResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	headers := http.Header{}
+	if params.TusResumable == "" {
+		return StreamInitiateTUSUploadResponse{}, ErrMissingTusResumable
+	} else if params.TusResumable != TusProtocolVersion1_0_0 {
+		return StreamInitiateTUSUploadResponse{}, ErrInvalidTusResumable
+	} else {
+		headers.Set("Tus-Resumable", string(params.TusResumable))
+	}
+
+	if params.UploadLength == 0 {
+		return StreamInitiateTUSUploadResponse{}, ErrMissingUploadLength
+	} else {
+		headers.Set("Upload-Length", strconv.FormatInt(params.UploadLength, 10))
+	}
+
+	if params.UploadCreator != "" {
+		headers.Set("Upload-Creator", params.UploadCreator)
+	}
+
+	metadataTusCsv, err := params.Metadata.ToTUSCsv()
+	if err != nil {
+		return StreamInitiateTUSUploadResponse{}, ErrMarshallingTUSMetadata
+	}
+	if metadataTusCsv != "" {
+		headers.Set("Upload-Metadata", metadataTusCsv)
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/stream", rc.Identifier), params)
+	res, err := api.makeRequestWithAuthTypeAndHeadersComplete(ctx, http.MethodPost, uri, nil, api.authType, headers)
+	if err != nil {
+		return StreamInitiateTUSUploadResponse{}, err
+	}
+
+	if res.StatusCode != http.StatusCreated {
+		return StreamInitiateTUSUploadResponse{}, ErrInvalidStatusCode
+	}
+
+	return StreamInitiateTUSUploadResponse{ResponseHeaders: res.Headers}, nil
+}
+
+// StreamGetVideo gets the details for a specific video.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-video-details
+func (api *API) StreamGetVideo(ctx context.Context, options StreamParameters) (StreamVideo, error) {
+	if options.AccountID == "" {
+		return StreamVideo{}, ErrMissingAccountID
+	}
+
+	if options.VideoID == "" {
+		return StreamVideo{}, ErrMissingVideoID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return StreamVideo{}, err
+	}
+	var streamVideoResponse StreamVideoResponse
+	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
+		return StreamVideo{}, err
+	}
+	return streamVideoResponse.Result, nil
+}
+
+// StreamEmbedHTML gets an HTML fragment to embed on a web page.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-embed-code-html
+func (api *API) StreamEmbedHTML(ctx context.Context, options StreamParameters) (string, error) {
+	if options.AccountID == "" {
+		return "", ErrMissingAccountID
+	}
+
+	if options.VideoID == "" {
+		return "", ErrMissingVideoID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/%s/embed", options.AccountID, options.VideoID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	if err != nil {
+		return "", err
+	}
+	return string(res), nil
+}
+
+// StreamDeleteVideo deletes a video.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-delete-video
+func (api *API) StreamDeleteVideo(ctx context.Context, options StreamParameters) error {
+	if options.AccountID == "" {
+		return ErrMissingAccountID
+	}
+
+	if options.VideoID == "" {
+		return ErrMissingVideoID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
+	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
+		return err
+	}
+	return nil
+}
+
+// StreamAssociateNFT associates a video to a token and contract address.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-associate-video-to-an-nft
+func (api *API) StreamAssociateNFT(ctx context.Context, options StreamVideoNFTParameters) (StreamVideo, error) {
+	if options.AccountID == "" {
+		return StreamVideo{}, ErrMissingAccountID
+	}
+
+	if options.VideoID == "" {
+		return StreamVideo{}, ErrMissingVideoID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, options)
+	if err != nil {
+		return StreamVideo{}, err
+	}
+	var streamVideoResponse StreamVideoResponse
+	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
+		return StreamVideo{}, err
+	}
+	return streamVideoResponse.Result, nil
+}
+
+// StreamCreateSignedURL creates a signed URL token for a video.
+//
+// API Reference: https://api.cloudflare.com/#stream-videos-associate-video-to-an-nft
+func (api *API) StreamCreateSignedURL(ctx context.Context, params StreamSignedURLParameters) (string, error) {
+	if params.AccountID == "" {
+		return "", ErrMissingAccountID
+	}
+	if params.VideoID == "" {
+		return "", ErrMissingVideoID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/stream/%s/token", params.AccountID, params.VideoID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+
+	if err != nil {
+		return "", err
+	}
+	var streamSignedResponse StreamSignedURLResponse
+	if err := json.Unmarshal(res, &streamSignedResponse); err != nil {
+		return "", err
+	}
+	return streamSignedResponse.Result.Token, nil
+}
diff --git a/pkg/cloudflare-go/stream_test.go b/pkg/cloudflare-go/stream_test.go
new file mode 100644
index 0000000000..510e2bb5a7
--- /dev/null
+++ b/pkg/cloudflare-go/stream_test.go
@@ -0,0 +1,659 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	singleStreamResponse = `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "allowedOrigins": [
+      "example.com"
+    ],
+    "created": "2014-01-02T02:20:00Z",
+    "duration": 300.5,
+    "input": {
+      "height": 1080,
+      "width": 1920
+    },
+    "maxDurationSeconds": 300,
+    "meta": {
+	  "name": "My First Stream Video"
+	},
+    "modified": "2014-01-02T02:20:00Z",
+    "uploadExpiry": "2014-01-02T02:20:00Z",
+    "playback": {
+      "hls": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8",
+      "dash": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd"
+    },
+    "preview": "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
+    "readyToStream": true,
+    "requireSignedURLs": true,
+    "size": 4190963,
+    "status": {
+      "state": "inprogress",
+      "pctComplete": "51",
+      "errorReasonCode": "ERR_NON_VIDEO",
+      "errorReasonText": "The file was not recognized as a valid video file."
+    },
+    "thumbnail": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
+    "thumbnailTimestampPct": 0.529241,
+    "uid": "ea95132c15732412d22c1476fa83f27a",
+    "creator": "creator-id_abcde12345",
+    "liveInput": "fc0a8dc887b16759bfd9ad922230a014",
+    "uploaded": "2014-01-02T02:20:00Z",
+    "watermark": {
+      "uid": "ea95132c15732412d22c1476fa83f27a",
+      "size": 29472,
+      "height": 600,
+      "width": 400,
+      "created": "2014-01-02T02:20:00Z",
+      "downloadedFrom": "https://company.com/logo.png",
+      "name": "Marketing Videos",
+      "opacity": 0.75,
+      "padding": 0.1,
+      "scale": 0.1,
+      "position": "center"
+    },
+    "nft": {
+      "contract": "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
+      "token": 5
+    },
+	"scheduledDeletion": "2014-01-02T02:20:00Z"
+  }
+}
+`
+	testVideoID = "ea95132c15732412d22c1476fa83f27a"
+)
+
+var (
+	TestVideoStruct = createTestVideo()
+)
+
+func createTestVideo() StreamVideo {
+	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	uploadexpiry, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	uploaded, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+
+	return StreamVideo{
+		AllowedOrigins:     []string{"example.com"},
+		Created:            &created,
+		Duration:           300.5,
+		Input:              StreamVideoInput{Height: 1080, Width: 1920},
+		MaxDurationSeconds: 300,
+		Modified:           &modified,
+		UploadExpiry:       &uploadexpiry,
+		Playback:           StreamVideoPlayback{Dash: "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd", HLS: "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8"},
+		Preview:            "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
+		ReadyToStream:      true,
+		RequireSignedURLs:  true,
+		Size:               4190963,
+		Status: StreamVideoStatus{
+			State:           "inprogress",
+			PctComplete:     "51",
+			ErrorReasonCode: "ERR_NON_VIDEO",
+			ErrorReasonText: "The file was not recognized as a valid video file.",
+		},
+		Thumbnail:             "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
+		ThumbnailTimestampPct: 0.529241,
+		UID:                   "ea95132c15732412d22c1476fa83f27a",
+		Creator:               "creator-id_abcde12345",
+		LiveInput:             "fc0a8dc887b16759bfd9ad922230a014",
+		Uploaded:              &uploaded,
+		Watermark: StreamVideoWatermark{
+			UID:            "ea95132c15732412d22c1476fa83f27a",
+			Size:           29472,
+			Height:         600,
+			Width:          400,
+			Created:        &created,
+			DownloadedFrom: "https://company.com/logo.png",
+			Name:           "Marketing Videos",
+			Opacity:        0.75,
+			Padding:        0.1,
+			Scale:          0.1,
+			Position:       "center",
+		},
+		Meta: map[string]interface{}{
+			"name": "My First Stream Video",
+		},
+		NFT: StreamVideoNFTParameters{
+			Token:    5,
+			Contract: "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
+		},
+		ScheduledDeletion: &scheduledDuration,
+	}
+}
+
+func TestStream_StreamUploadFromURL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/copy", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, singleStreamResponse)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.StreamUploadFromURL(context.Background(), StreamUploadFromURLParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing upload URL is thrown
+	_, err = client.StreamUploadFromURL(context.Background(), StreamUploadFromURLParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingUploadURL, err)
+	}
+
+	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+
+	want := TestVideoStruct
+	input := StreamUploadFromURLParameters{
+		AccountID: testAccountID,
+		URL:       "https://example.com/myvideo.mp4",
+		Meta: map[string]interface{}{
+			"name": "My First Stream Video",
+		},
+		ScheduledDeletion: &scheduledDuration,
+	}
+
+	out, err := client.StreamUploadFromURL(context.Background(), input)
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
+
+func TestStream_UploadVideoFile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, singleStreamResponse)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.StreamUploadVideoFile(context.Background(), StreamUploadFileParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure missing file path is thrown
+	_, err = client.StreamUploadVideoFile(context.Background(), StreamUploadFileParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingFilePath, err)
+	}
+
+	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+
+	input := StreamUploadFileParameters{
+		AccountID:         testAccountID,
+		VideoID:           testVideoID,
+		FilePath:          "stream_test.go",
+		ScheduledDeletion: &scheduledDuration,
+	}
+
+	out, err := client.StreamUploadVideoFile(context.Background(), input)
+
+	want := TestVideoStruct
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
+
+func TestStream_CreateVideoDirectURL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/direct_upload", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "uploadURL": "www.example.com/samplepath",
+    "uid": "ea95132c15732412d22c1476fa83f27a",
+    "watermark": {
+      "uid": "ea95132c15732412d22c1476fa83f27a",
+      "size": 29472,
+      "height": 600,
+      "width": 400,
+      "created": "2014-01-02T02:20:00Z",
+      "downloadedFrom": "https://company.com/logo.png",
+      "name": "Marketing Videos",
+      "opacity": 0.75,
+      "padding": 0.1,
+      "scale": 0.1,
+      "position": "center"
+    },
+	"scheduledDeletion": "2014-01-02T02:20:00Z"
+  }
+}
+`)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamCreateVideoDirectURL(context.Background(), StreamCreateVideoParameters{})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure MaxDuration is required
+	_, err = client.StreamCreateVideoDirectURL(context.Background(), StreamCreateVideoParameters{AccountID: testAccountID})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingMaxDuration, err)
+	}
+
+	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+
+	input := StreamCreateVideoParameters{
+		AccountID:          testAccountID,
+		MaxDurationSeconds: 300,
+		Meta: map[string]interface{}{
+			"name": "My First Stream Video",
+		},
+		ScheduledDeletion: &scheduledDuration,
+	}
+
+	out, err := client.StreamCreateVideoDirectURL(context.Background(), input)
+
+	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
+
+	want := StreamVideoCreate{
+		UploadURL: "www.example.com/samplepath",
+		UID:       "ea95132c15732412d22c1476fa83f27a",
+		Watermark: StreamVideoWatermark{
+			UID:            "ea95132c15732412d22c1476fa83f27a",
+			Size:           29472,
+			Height:         600,
+			Width:          400,
+			Created:        &created,
+			DownloadedFrom: "https://company.com/logo.png",
+			Name:           "Marketing Videos",
+			Opacity:        0.75,
+			Padding:        0.1,
+			Scale:          0.1,
+			Position:       "center",
+		},
+		ScheduledDeletion: &scheduledDuration,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, out, want, "structs not equal")
+	}
+}
+
+func TestStream_ListVideos(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [{
+    "allowedOrigins": [
+      "example.com"
+    ],
+    "created": "2014-01-02T02:20:00Z",
+    "duration": 300.5,
+    "input": {
+      "height": 1080,
+      "width": 1920
+    },
+    "maxDurationSeconds": 300,
+    "meta": {
+	  "name": "My First Stream Video"
+	},
+    "modified": "2014-01-02T02:20:00Z",
+    "uploadExpiry": "2014-01-02T02:20:00Z",
+    "playback": {
+      "hls": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8",
+      "dash": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd"
+    },
+    "preview": "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
+    "readyToStream": true,
+    "requireSignedURLs": true,
+    "size": 4190963,
+    "status": {
+      "state": "inprogress",
+      "pctComplete": "51",
+      "errorReasonCode": "ERR_NON_VIDEO",
+      "errorReasonText": "The file was not recognized as a valid video file."
+    },
+    "thumbnail": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
+    "thumbnailTimestampPct": 0.529241,
+    "uid": "ea95132c15732412d22c1476fa83f27a",
+    "creator": "creator-id_abcde12345",
+    "liveInput": "fc0a8dc887b16759bfd9ad922230a014",
+    "uploaded": "2014-01-02T02:20:00Z",
+    "watermark": {
+      "uid": "ea95132c15732412d22c1476fa83f27a",
+      "size": 29472,
+      "height": 600,
+      "width": 400,
+      "created": "2014-01-02T02:20:00Z",
+      "downloadedFrom": "https://company.com/logo.png",
+      "name": "Marketing Videos",
+      "opacity": 0.75,
+      "padding": 0.1,
+      "scale": 0.1,
+      "position": "center"
+    },
+    "nft": {
+      "contract": "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
+      "token": 5
+    },
+ 	"scheduledDeletion": "2014-01-02T02:20:00Z"
+  }]
+}
+`)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamListVideos(context.Background(), StreamListParameters{})
+
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	out, err := client.StreamListVideos(context.Background(), StreamListParameters{AccountID: testAccountID})
+	want := TestVideoStruct
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(out), 1, "length of videos is not one")
+		assert.Equal(t, out[0], want, "structs not equal")
+	}
+}
+
+func TestStream_GetVideo(t *testing.T) {
+	setup()
+	defer teardown()
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, singleStreamResponse)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamGetVideo(context.Background(), StreamParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure VideoID is required
+	_, err = client.StreamGetVideo(context.Background(), StreamParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingVideoID, err)
+	}
+
+	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
+	out, err := client.StreamGetVideo(context.Background(), input)
+
+	want := TestVideoStruct
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestStream_DeleteVideo(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {}
+		}`)
+	})
+
+	// Make sure AccountID is required
+	err := client.StreamDeleteVideo(context.Background(), StreamParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure VideoID is required
+	err = client.StreamDeleteVideo(context.Background(), StreamParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingVideoID, err)
+	}
+
+	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
+	err = client.StreamDeleteVideo(context.Background(), input)
+	require.NoError(t, err)
+}
+
+func TestStream_EmbedHTML(t *testing.T) {
+	setup()
+	defer teardown()
+
+	streamHTML := `<stream id="ea95132c15732412d22c1476fa83f27a"></stream><script data-cfasync="false" defer type="text/javascript" src="https://embed.cloudflarestream.com/embed/we4g.fla9.latest.js"></script>`
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID+"/embed", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "text/html")
+		fmt.Fprint(w, streamHTML)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamEmbedHTML(context.Background(), StreamParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure VideoID is required
+	_, err = client.StreamEmbedHTML(context.Background(), StreamParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingVideoID, err)
+	}
+
+	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
+	out, err := client.StreamEmbedHTML(context.Background(), input)
+	if assert.NoError(t, err) {
+		assert.Equal(t, streamHTML, out, "bad html output")
+	}
+}
+
+func TestStream_AssociateNFT(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		fmt.Fprint(w, singleStreamResponse)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamAssociateNFT(context.Background(), StreamVideoNFTParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure VideoID is required
+	_, err = client.StreamAssociateNFT(context.Background(), StreamVideoNFTParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingVideoID, err)
+	}
+
+	input := StreamVideoNFTParameters{AccountID: testAccountID, VideoID: testVideoID, Token: 5, Contract: "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85"}
+	out, err := client.StreamAssociateNFT(context.Background(), input)
+
+	want := TestVideoStruct
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestStream_CreateSignedURL(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID+"/token", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		fmt.Fprint(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIn0.eyJzdWIiOiJlYTk1MTMyYzE1NzMyNDEyZDIyYzE0NzZmYTgzZjI3YSIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIiwiZXhwIjoiMTUzNzQ2MDM2NSIsIm5iZiI6IjE1Mzc0NTMxNjUifQ.OZhqOARADn1iubK6GKcn25hN3nU-hCFF5q9w2C4yup0C4diG7aMIowiRpP-eDod8dbAJubsiFuTKrqPcmyCKWYsiv0TQueukqbQlF7HCO1TV-oF6El5-7ldJ46eD-ZQ0XgcIYEKrQOYFF8iDQbqPm3REWd6BnjKZdeVrLzuRaiSnZ9qqFpGu5dfxIY9-nZKDubJHqCr3Imtb211VIG_b9MdtO92JjvkDS-rxT_pkEfTZSafl1OU-98A7KBGtPSJHz2dHORIrUiTA6on4eIXTj9aFhGiir4rSn-rn0OjPRTtJMWIDMoQyE_fwrSYzB7MPuzL2t82BWaEbHZTfixBm5A"
+  }
+}`)
+	})
+
+	// Make sure AccountID is required
+	_, err := client.StreamCreateSignedURL(context.Background(), StreamSignedURLParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	// Make sure VideoID is required
+	_, err = client.StreamCreateSignedURL(context.Background(), StreamSignedURLParameters{AccountID: testAccountID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingVideoID, err)
+	}
+
+	input := StreamSignedURLParameters{AccountID: testAccountID, VideoID: testVideoID}
+	out, err := client.StreamCreateSignedURL(context.Background(), input)
+
+	want := "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIn0.eyJzdWIiOiJlYTk1MTMyYzE1NzMyNDEyZDIyYzE0NzZmYTgzZjI3YSIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIiwiZXhwIjoiMTUzNzQ2MDM2NSIsIm5iZiI6IjE1Mzc0NTMxNjUifQ.OZhqOARADn1iubK6GKcn25hN3nU-hCFF5q9w2C4yup0C4diG7aMIowiRpP-eDod8dbAJubsiFuTKrqPcmyCKWYsiv0TQueukqbQlF7HCO1TV-oF6El5-7ldJ46eD-ZQ0XgcIYEKrQOYFF8iDQbqPm3REWd6BnjKZdeVrLzuRaiSnZ9qqFpGu5dfxIY9-nZKDubJHqCr3Imtb211VIG_b9MdtO92JjvkDS-rxT_pkEfTZSafl1OU-98A7KBGtPSJHz2dHORIrUiTA6on4eIXTj9aFhGiir4rSn-rn0OjPRTtJMWIDMoQyE_fwrSYzB7MPuzL2t82BWaEbHZTfixBm5A"
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestStream_TUSUploadMetadataToTUSCsv(t *testing.T) {
+	md := TUSUploadMetadata{
+		Name: "test.mp4",
+	}
+	csv, err := md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=", csv)
+
+	md.RequireSignedURLs = true
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls", csv)
+
+	md.AllowedOrigins = "example.com"
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=", csv)
+
+	md.ThumbnailTimestampPct = 0.5
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41", csv)
+
+	scheduleDeletion, _ := time.Parse(time.RFC3339, "2023-10-01T02:20:00Z")
+	md.ScheduledDeletion = &scheduleDeletion
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=", csv)
+
+	expiry, _ := time.Parse(time.RFC3339, "2023-09-25T02:45:00Z")
+	md.Expiry = &expiry
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=", csv)
+
+	md.Watermark = "watermark-profile-uid"
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=,watermark d2F0ZXJtYXJrLXByb2ZpbGUtdWlk", csv)
+
+	md.MaxDurationSeconds = 300
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "name dGVzdC5tcDQ=,maxDurationSeconds MzAw,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=,watermark d2F0ZXJtYXJrLXByb2ZpbGUtdWlk", csv)
+
+	// empty metadata should return empty string
+	md = TUSUploadMetadata{}
+	csv, err = md.ToTUSCsv()
+	assert.NoError(t, err)
+	assert.Equal(t, "", csv)
+}
+
+func TestStream_StreamInitiateTUSVideoUpload(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		// Make sure Tus-Resumable header is set
+		assert.Equal(t, "1.0.0", r.Header.Get("Tus-Resumable"))
+		// Make sure Upload-Length header is set
+		assert.Equal(t, "123", r.Header.Get("Upload-Length"))
+		// set the response headers
+		// if query param direct_user=true, then return the direct url in the header
+		if r.URL.Query().Get("direct_user") == "true" {
+			w.Header().Set("Location", "https://upload.videodelivery.net/tus/90c68cb5cd4fd5350b1962279c90bec0?tusv2=true")
+		} else {
+			w.Header().Set("Location", "https://api.cloudflare.com/client/v4/accounts/"+testAccountID+"/media/278f2a7e763c73dedc064b965d2cfbed?tusv2=true")
+		}
+
+		w.Header().Set("stream-media-id", "278f2a7e763c73dedc064b965d2cfbed")
+		w.Header().Set("Tus-Resumable", "1.0.0")
+		w.WriteHeader(http.StatusCreated)
+	})
+
+	// Make sure Tus-Resumable header is set
+	params := StreamInitiateTUSUploadParameters{}
+	_, err := client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingTusResumable, err)
+	}
+	params.TusResumable = TusProtocolVersion1_0_0
+
+	// Make sure Upload-Length header is set
+	_, err = client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingUploadLength, err)
+	}
+	params.UploadLength = 123
+
+	out, err := client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, "https://api.cloudflare.com/client/v4/accounts/"+testAccountID+"/media/278f2a7e763c73dedc064b965d2cfbed?tusv2=true", out.ResponseHeaders.Get("Location"))
+		assert.Equal(t, "278f2a7e763c73dedc064b965d2cfbed", out.ResponseHeaders.Get("stream-media-id"))
+		assert.Equal(t, "1.0.0", out.ResponseHeaders.Get("Tus-Resumable"))
+	}
+
+	params.DirectUserUpload = true
+	out, err = client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, "https://upload.videodelivery.net/tus/90c68cb5cd4fd5350b1962279c90bec0?tusv2=true", out.ResponseHeaders.Get("Location"))
+		assert.Equal(t, "278f2a7e763c73dedc064b965d2cfbed", out.ResponseHeaders.Get("stream-media-id"))
+		assert.Equal(t, "1.0.0", out.ResponseHeaders.Get("Tus-Resumable"))
+	}
+}
diff --git a/pkg/cloudflare-go/sts.go b/pkg/cloudflare-go/sts.go
new file mode 100644
index 0000000000..350e5cb085
--- /dev/null
+++ b/pkg/cloudflare-go/sts.go
@@ -0,0 +1,101 @@
+package cloudflare
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/goccy/go-json"
+
+	"github.com/hashicorp/go-retryablehttp"
+)
+
+var (
+	ErrSTSFailure               = errors.New("failed to fetch security token")
+	ErrSTSHTTPFailure           = errors.New("failed making securtiy token issuer call")
+	ErrSTSHTTPResponseError     = errors.New("security token request returned a failure")
+	ErrSTSMissingServiceSecret  = errors.New("service secret missing but is required")
+	ErrSTSMissingServiceTag     = errors.New("service tag missing but is required")
+	ErrSTSMissingIssuerHostname = errors.New("issuer hostname missing but is required")
+	ErrSTSMissingServicePath    = errors.New("issuer path missing but is required")
+)
+
+// IssuerConfiguration allows the configuration of the issuance provider.
+type IssuerConfiguration struct {
+	Hostname string
+	Path     string
+}
+
+// SecurityTokenConfiguration holds the configuration for requesting a security
+// token from the service.
+type SecurityTokenConfiguration struct {
+	Issuer     *IssuerConfiguration
+	ServiceTag string
+	Secret     string
+}
+
+type securityToken struct {
+	Token string `json:"json_web_token"`
+}
+
+type securityTokenResponse struct {
+	Result securityToken `json:"result"`
+	Response
+}
+
+// fetchSTSCredentials provides a way to authenticate with the security token
+// service and issue a usable token for the system.
+func fetchSTSCredentials(stsConfig *SecurityTokenConfiguration) (string, error) {
+	if stsConfig.Secret == "" {
+		return "", ErrSTSMissingServiceSecret
+	}
+
+	if stsConfig.ServiceTag == "" {
+		return "", ErrSTSMissingServiceTag
+	}
+
+	if stsConfig.Issuer.Hostname == "" {
+		return "", ErrSTSMissingIssuerHostname
+	}
+
+	if stsConfig.Issuer.Path == "" {
+		return "", ErrSTSMissingServicePath
+	}
+
+	retryableClient := retryablehttp.NewClient()
+	retryableClient.RetryMax = 3
+	stsClient := retryableClient.StandardClient()
+
+	uri := fmt.Sprintf("https://%s%s", stsConfig.Issuer.Hostname, stsConfig.Issuer.Path)
+	req, err := http.NewRequest(http.MethodGet, uri, nil)
+	if err != nil {
+		return "", fmt.Errorf("HTTP request creation failed: %w", err)
+	}
+
+	req.Header.Set("Authorization", "Bearer "+stsConfig.ServiceTag+stsConfig.Secret)
+
+	resp, err := stsClient.Do(req)
+	if err != nil {
+		return "", ErrSTSHTTPFailure
+	}
+
+	var respBody []byte
+	respBody, err = io.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("failed to read response body: %w", err)
+	}
+	resp.Body.Close()
+
+	var stsTokenResponse *securityTokenResponse
+	err = json.Unmarshal(respBody, &stsTokenResponse)
+	if err != nil {
+		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !stsTokenResponse.Success {
+		return "", ErrSTSHTTPResponseError
+	}
+
+	return stsTokenResponse.Result.Token, nil
+}
diff --git a/pkg/cloudflare-go/teams_accounts.go b/pkg/cloudflare-go/teams_accounts.go
new file mode 100644
index 0000000000..3472fa4874
--- /dev/null
+++ b/pkg/cloudflare-go/teams_accounts.go
@@ -0,0 +1,338 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type TeamsAccount struct {
+	GatewayTag   string `json:"gateway_tag"`   // Internal teams ID
+	ProviderName string `json:"provider_name"` // Auth provider
+	ID           string `json:"id"`            // cloudflare account ID
+}
+
+// TeamsAccountResponse is the API response, containing information on teams
+// account.
+type TeamsAccountResponse struct {
+	Response
+	Result TeamsAccount `json:"result"`
+}
+
+// TeamsConfigResponse is the API response, containing information on teams
+// account config.
+type TeamsConfigResponse struct {
+	Response
+	Result TeamsConfiguration `json:"result"`
+}
+
+// TeamsConfiguration data model.
+type TeamsConfiguration struct {
+	Settings  TeamsAccountSettings `json:"settings"`
+	CreatedAt time.Time            `json:"created_at,omitempty"`
+	UpdatedAt time.Time            `json:"updated_at,omitempty"`
+}
+
+type TeamsAccountSettings struct {
+	Antivirus             *TeamsAntivirus             `json:"antivirus,omitempty"`
+	TLSDecrypt            *TeamsTLSDecrypt            `json:"tls_decrypt,omitempty"`
+	ActivityLog           *TeamsActivityLog           `json:"activity_log,omitempty"`
+	BlockPage             *TeamsBlockPage             `json:"block_page,omitempty"`
+	BrowserIsolation      *BrowserIsolation           `json:"browser_isolation,omitempty"`
+	FIPS                  *TeamsFIPS                  `json:"fips,omitempty"`
+	ProtocolDetection     *TeamsProtocolDetection     `json:"protocol_detection,omitempty"`
+	BodyScanning          *TeamsBodyScanning          `json:"body_scanning,omitempty"`
+	ExtendedEmailMatching *TeamsExtendedEmailMatching `json:"extended_email_matching,omitempty"`
+	CustomCertificate     *TeamsCustomCertificate     `json:"custom_certificate,omitempty"`
+}
+
+type BrowserIsolation struct {
+	UrlBrowserIsolationEnabled *bool `json:"url_browser_isolation_enabled,omitempty"`
+	NonIdentityEnabled         *bool `json:"non_identity_enabled,omitempty"`
+}
+
+type TeamsAntivirus struct {
+	EnabledDownloadPhase bool                       `json:"enabled_download_phase"`
+	EnabledUploadPhase   bool                       `json:"enabled_upload_phase"`
+	FailClosed           bool                       `json:"fail_closed"`
+	NotificationSettings *TeamsNotificationSettings `json:"notification_settings"`
+}
+
+type TeamsFIPS struct {
+	TLS bool `json:"tls"`
+}
+
+type TeamsTLSDecrypt struct {
+	Enabled bool `json:"enabled"`
+}
+
+type TeamsProtocolDetection struct {
+	Enabled bool `json:"enabled"`
+}
+
+type TeamsActivityLog struct {
+	Enabled bool `json:"enabled"`
+}
+
+type TeamsBlockPage struct {
+	Enabled         *bool  `json:"enabled,omitempty"`
+	FooterText      string `json:"footer_text,omitempty"`
+	HeaderText      string `json:"header_text,omitempty"`
+	LogoPath        string `json:"logo_path,omitempty"`
+	BackgroundColor string `json:"background_color,omitempty"`
+	Name            string `json:"name,omitempty"`
+	MailtoAddress   string `json:"mailto_address,omitempty"`
+	MailtoSubject   string `json:"mailto_subject,omitempty"`
+	SuppressFooter  *bool  `json:"suppress_footer,omitempty"`
+}
+
+type TeamsInspectionMode = string
+
+const (
+	TeamsShallowInspectionMode TeamsInspectionMode = "shallow"
+	TeamsDeepInspectionMode    TeamsInspectionMode = "deep"
+)
+
+type TeamsBodyScanning struct {
+	InspectionMode TeamsInspectionMode `json:"inspection_mode,omitempty"`
+}
+
+type TeamsExtendedEmailMatching struct {
+	Enabled *bool `json:"enabled,omitempty"`
+}
+
+type TeamsCustomCertificate struct {
+	Enabled       *bool      `json:"enabled,omitempty"`
+	ID            string     `json:"id,omitempty"`
+	BindingStatus string     `json:"binding_status,omitempty"`
+	QsPackId      string     `json:"qs_pack_id,omitempty"`
+	UpdatedAt     *time.Time `json:"updated_at,omitempty"`
+}
+
+type TeamsRuleType = string
+
+const (
+	TeamsHttpRuleType TeamsRuleType = "http"
+	TeamsDnsRuleType  TeamsRuleType = "dns"
+	TeamsL4RuleType   TeamsRuleType = "l4"
+)
+
+type TeamsAccountLoggingConfiguration struct {
+	LogAll    bool `json:"log_all"`
+	LogBlocks bool `json:"log_blocks"`
+}
+
+type TeamsLoggingSettings struct {
+	LoggingSettingsByRuleType map[TeamsRuleType]TeamsAccountLoggingConfiguration `json:"settings_by_rule_type"`
+	RedactPii                 bool                                               `json:"redact_pii,omitempty"`
+}
+
+type TeamsDeviceSettings struct {
+	GatewayProxyEnabled                bool  `json:"gateway_proxy_enabled"`
+	GatewayProxyUDPEnabled             bool  `json:"gateway_udp_proxy_enabled"`
+	RootCertificateInstallationEnabled bool  `json:"root_certificate_installation_enabled"`
+	UseZTVirtualIP                     *bool `json:"use_zt_virtual_ip"`
+}
+
+type TeamsDeviceSettingsResponse struct {
+	Response
+	Result TeamsDeviceSettings `json:"result"`
+}
+
+type TeamsLoggingSettingsResponse struct {
+	Response
+	Result TeamsLoggingSettings `json:"result"`
+}
+
+type TeamsConnectivitySettings struct {
+	ICMPProxyEnabled   *bool `json:"icmp_proxy_enabled"`
+	OfframpWARPEnabled *bool `json:"offramp_warp_enabled"`
+}
+
+type TeamsAccountConnectivitySettingsResponse struct {
+	Response
+	Result TeamsConnectivitySettings `json:"result"`
+}
+
+// TeamsAccount returns teams account information with internal and external ID.
+//
+// API reference: TBA.
+func (api *API) TeamsAccount(ctx context.Context, accountID string) (TeamsAccount, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsAccount{}, err
+	}
+
+	var teamsAccountResponse TeamsAccountResponse
+	err = json.Unmarshal(res, &teamsAccountResponse)
+	if err != nil {
+		return TeamsAccount{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsAccountResponse.Result, nil
+}
+
+// TeamsAccountConfiguration returns teams account configuration.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountConfiguration(ctx context.Context, accountID string) (TeamsConfiguration, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/configuration", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsConfiguration{}, err
+	}
+
+	var teamsConfigResponse TeamsConfigResponse
+	err = json.Unmarshal(res, &teamsConfigResponse)
+	if err != nil {
+		return TeamsConfiguration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConfigResponse.Result, nil
+}
+
+// TeamsAccountDeviceConfiguration returns teams account device configuration with udp status.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountDeviceConfiguration(ctx context.Context, accountID string) (TeamsDeviceSettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/devices/settings", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsDeviceSettings{}, err
+	}
+
+	var teamsDeviceResponse TeamsDeviceSettingsResponse
+	err = json.Unmarshal(res, &teamsDeviceResponse)
+	if err != nil {
+		return TeamsDeviceSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsDeviceResponse.Result, nil
+}
+
+// TeamsAccountLoggingConfiguration returns teams account logging configuration.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountLoggingConfiguration(ctx context.Context, accountID string) (TeamsLoggingSettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/logging", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsLoggingSettings{}, err
+	}
+
+	var teamsConfigResponse TeamsLoggingSettingsResponse
+	err = json.Unmarshal(res, &teamsConfigResponse)
+	if err != nil {
+		return TeamsLoggingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConfigResponse.Result, nil
+}
+
+// TeamsAccountConnectivityConfiguration returns zero trust account connectivity settings.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-get-connectivity-settings
+func (api *API) TeamsAccountConnectivityConfiguration(ctx context.Context, accountID string) (TeamsConnectivitySettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsConnectivitySettings{}, err
+	}
+
+	var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse
+	err = json.Unmarshal(res, &teamsConnectivityResponse)
+	if err != nil {
+		return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConnectivityResponse.Result, nil
+}
+
+// TeamsAccountUpdateConfiguration updates a teams account configuration.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountUpdateConfiguration(ctx context.Context, accountID string, config TeamsConfiguration) (TeamsConfiguration, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/configuration", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, config)
+	if err != nil {
+		return TeamsConfiguration{}, err
+	}
+
+	var teamsConfigResponse TeamsConfigResponse
+	err = json.Unmarshal(res, &teamsConfigResponse)
+	if err != nil {
+		return TeamsConfiguration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConfigResponse.Result, nil
+}
+
+// TeamsAccountUpdateLoggingConfiguration updates the log settings and returns new teams account logging configuration.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountUpdateLoggingConfiguration(ctx context.Context, accountID string, config TeamsLoggingSettings) (TeamsLoggingSettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/logging", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, config)
+	if err != nil {
+		return TeamsLoggingSettings{}, err
+	}
+
+	var teamsConfigResponse TeamsLoggingSettingsResponse
+	err = json.Unmarshal(res, &teamsConfigResponse)
+	if err != nil {
+		return TeamsLoggingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConfigResponse.Result, nil
+}
+
+// TeamsAccountDeviceUpdateConfiguration updates teams account device configuration including udp filtering status.
+//
+// API reference: TBA.
+func (api *API) TeamsAccountDeviceUpdateConfiguration(ctx context.Context, accountID string, settings TeamsDeviceSettings) (TeamsDeviceSettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/devices/settings", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
+	if err != nil {
+		return TeamsDeviceSettings{}, err
+	}
+
+	var teamsDeviceResponse TeamsDeviceSettingsResponse
+	err = json.Unmarshal(res, &teamsDeviceResponse)
+	if err != nil {
+		return TeamsDeviceSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsDeviceResponse.Result, nil
+}
+
+// TeamsAccountConnectivityUpdateConfiguration updates zero trust account connectivity settings.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-patch-connectivity-settings
+func (api *API) TeamsAccountConnectivityUpdateConfiguration(ctx context.Context, accountID string, settings TeamsConnectivitySettings) (TeamsConnectivitySettings, error) {
+	uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
+	if err != nil {
+		return TeamsConnectivitySettings{}, err
+	}
+
+	var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse
+	err = json.Unmarshal(res, &teamsConnectivityResponse)
+	if err != nil {
+		return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsConnectivityResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/teams_accounts_test.go b/pkg/cloudflare-go/teams_accounts_test.go
new file mode 100644
index 0000000000..5fd3686ac6
--- /dev/null
+++ b/pkg/cloudflare-go/teams_accounts_test.go
@@ -0,0 +1,399 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTeamsAccount(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"provider_name": "cf",
+				"gateway_tag": "1234"
+			}
+		}
+		`, testAccountID)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway", handler)
+
+	actual, err := client.TeamsAccount(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual.ProviderName, "cf")
+		assert.Equal(t, actual.GatewayTag, "1234")
+		assert.Equal(t, actual.ID, testAccountID)
+	}
+}
+
+func TestTeamsAccountConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"settings": {
+					"antivirus": {
+					"enabled_download_phase": true,
+						"notification_settings": {
+					  		"enabled":true,
+					   		"msg":"msg",
+					   		"support_url":"https://hi.com"
+						}
+				 	},
+					"tls_decrypt": {
+						"enabled": true
+					},
+					"protocol_detection": {
+						"enabled": true
+					},
+					"fips": {
+						"tls": true
+					},
+					"activity_log": {
+						"enabled": true
+					},
+					"block_page": {
+						"enabled": true,
+						"name": "Cloudflare",
+						"footer_text": "--footer--",
+						"header_text": "--header--",
+						"mailto_address": "admin@example.com",
+						"mailto_subject": "Blocked User Inquiry",
+						"logo_path": "https://logos.com/a.png",
+						"background_color": "#ff0000",
+						"suppress_footer": true
+					},
+					"browser_isolation": {
+						"url_browser_isolation_enabled": true,
+						"non_identity_enabled": true
+					},
+					"body_scanning": {
+						"inspection_mode": "deep"
+					},
+					"extended_email_matching": {
+						"enabled": true
+					}
+				}
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/configuration", handler)
+
+	actual, err := client.TeamsAccountConfiguration(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual.Settings, TeamsAccountSettings{
+			Antivirus: &TeamsAntivirus{
+				EnabledDownloadPhase: true,
+				NotificationSettings: &TeamsNotificationSettings{
+					Enabled:    &trueValue,
+					Message:    "msg",
+					SupportURL: "https://hi.com",
+				},
+			},
+			ActivityLog:       &TeamsActivityLog{Enabled: true},
+			TLSDecrypt:        &TeamsTLSDecrypt{Enabled: true},
+			ProtocolDetection: &TeamsProtocolDetection{Enabled: true},
+			FIPS:              &TeamsFIPS{TLS: true},
+			BodyScanning:      &TeamsBodyScanning{InspectionMode: "deep"},
+
+			BlockPage: &TeamsBlockPage{
+				Enabled:         BoolPtr(true),
+				FooterText:      "--footer--",
+				HeaderText:      "--header--",
+				LogoPath:        "https://logos.com/a.png",
+				BackgroundColor: "#ff0000",
+				Name:            "Cloudflare",
+				MailtoAddress:   "admin@example.com",
+				MailtoSubject:   "Blocked User Inquiry",
+				SuppressFooter:  BoolPtr(true),
+			},
+			BrowserIsolation: &BrowserIsolation{
+				UrlBrowserIsolationEnabled: BoolPtr(true),
+				NonIdentityEnabled:         BoolPtr(true),
+			},
+			ExtendedEmailMatching: &TeamsExtendedEmailMatching{
+				Enabled: BoolPtr(true),
+			},
+		})
+	}
+}
+
+func TestTeamsAccountUpdateConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'put', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"settings": {
+					"antivirus": {
+						"enabled_download_phase": false
+					},
+					"tls_decrypt": {
+						"enabled": true
+					},
+					"activity_log": {
+						"enabled": true
+					},
+					"protocol_detection": {
+						"enabled": true
+					},
+					"extended_email_matching": {
+						"enabled": true
+					},
+					"custom_certificate": {
+						"enabled": true
+					}
+				}
+			}
+		}
+		`)
+	}
+
+	settings := TeamsAccountSettings{
+		Antivirus:         &TeamsAntivirus{EnabledDownloadPhase: false},
+		ActivityLog:       &TeamsActivityLog{Enabled: true},
+		TLSDecrypt:        &TeamsTLSDecrypt{Enabled: true},
+		ProtocolDetection: &TeamsProtocolDetection{Enabled: true},
+		ExtendedEmailMatching: &TeamsExtendedEmailMatching{
+			Enabled: BoolPtr(true),
+		},
+		CustomCertificate: &TeamsCustomCertificate{
+			Enabled: BoolPtr(true),
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/configuration", handler)
+
+	configuration := TeamsConfiguration{
+		Settings: settings,
+	}
+	actual, err := client.TeamsAccountUpdateConfiguration(context.Background(), testAccountID, configuration)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, configuration)
+	}
+}
+
+func TestTeamsAccountGetLoggingConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"settings_by_rule_type":{"dns":{"log_all":false,"log_blocks":true}},"redact_pii":true}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler)
+
+	actual, err := client.TeamsAccountLoggingConfiguration(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsLoggingSettings{
+			RedactPii: true,
+			LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
+				TeamsDnsRuleType: {LogAll: false, LogBlocks: true},
+			},
+		})
+	}
+}
+
+func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"settings_by_rule_type":{"dns":{"log_all":false,"log_blocks":true}, "http":{"log_all":true,"log_blocks":false}, "l4": {"log_all": false, "log_blocks": true}},"redact_pii":true}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler)
+
+	actual, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{
+		RedactPii: true,
+		LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
+			TeamsDnsRuleType: {
+				LogAll:    false,
+				LogBlocks: true,
+			},
+			TeamsHttpRuleType: {
+				LogAll: true,
+			},
+			TeamsL4RuleType: {
+				LogBlocks: true,
+			},
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsLoggingSettings{
+			RedactPii: true,
+			LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
+				TeamsDnsRuleType:  {LogAll: false, LogBlocks: true},
+				TeamsHttpRuleType: {LogAll: true, LogBlocks: false},
+				TeamsL4RuleType:   {LogAll: false, LogBlocks: true},
+			},
+		})
+	}
+}
+
+func TestTeamsAccountGetDeviceConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"gateway_proxy_enabled": true,"gateway_udp_proxy_enabled":false, "root_certificate_installation_enabled":true, "use_zt_virtual_ip":false}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/settings", handler)
+
+	actual, err := client.TeamsAccountDeviceConfiguration(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsDeviceSettings{
+			GatewayProxyEnabled:                true,
+			GatewayProxyUDPEnabled:             false,
+			RootCertificateInstallationEnabled: true,
+			UseZTVirtualIP:                     BoolPtr(false),
+		})
+	}
+}
+
+func TestTeamsAccountUpdateDeviceConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"gateway_proxy_enabled": true,"gateway_udp_proxy_enabled":true, "root_certificate_installation_enabled":true, "use_zt_virtual_ip":true}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/settings", handler)
+
+	actual, err := client.TeamsAccountDeviceUpdateConfiguration(context.Background(), testAccountID, TeamsDeviceSettings{
+		GatewayProxyUDPEnabled:             true,
+		GatewayProxyEnabled:                true,
+		RootCertificateInstallationEnabled: true,
+		UseZTVirtualIP:                     BoolPtr(true),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsDeviceSettings{
+			GatewayProxyEnabled:                true,
+			GatewayProxyUDPEnabled:             true,
+			RootCertificateInstallationEnabled: true,
+			UseZTVirtualIP:                     BoolPtr(true),
+		})
+	}
+}
+
+func TestTeamsAccountGetConnectivityConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"icmp_proxy_enabled": false,"offramp_warp_enabled":false}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/zerotrust/connectivity_settings", handler)
+
+	actual, err := client.TeamsAccountConnectivityConfiguration(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsConnectivitySettings{
+			ICMPProxyEnabled:   BoolPtr(false),
+			OfframpWARPEnabled: BoolPtr(false),
+		})
+	}
+}
+
+func TestTeamsAccountUpdateConnectivityConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {"icmp_proxy_enabled": true,"offramp_warp_enabled":true}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/zerotrust/connectivity_settings", handler)
+
+	actual, err := client.TeamsAccountConnectivityUpdateConfiguration(context.Background(), testAccountID, TeamsConnectivitySettings{
+		ICMPProxyEnabled:   BoolPtr(true),
+		OfframpWARPEnabled: BoolPtr(true),
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual, TeamsConnectivitySettings{
+			ICMPProxyEnabled:   BoolPtr(true),
+			OfframpWARPEnabled: BoolPtr(true),
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/teams_audit_ssh_settings.go b/pkg/cloudflare-go/teams_audit_ssh_settings.go
new file mode 100644
index 0000000000..a4ec1e320b
--- /dev/null
+++ b/pkg/cloudflare-go/teams_audit_ssh_settings.go
@@ -0,0 +1,86 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// TeamsList represents a Teams List.
+type AuditSSHSettings struct {
+	PublicKey string     `json:"public_key"`
+	SeedUUID  string     `json:"seed_id"`
+	CreatedAt *time.Time `json:"created_at"`
+	UpdatedAt *time.Time `json:"updated_at"`
+}
+
+type AuditSSHSettingsResponse struct {
+	Result AuditSSHSettings `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type GetAuditSSHSettingsParams struct{}
+
+type UpdateAuditSSHSettingsParams struct {
+	PublicKey string `json:"public_key"`
+}
+
+// GetAuditSSHSettings returns the accounts zt audit ssh settings.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-get-audit-ssh-settings
+func (api *API) GetAuditSSHSettings(ctx context.Context, rc *ResourceContainer, params GetAuditSSHSettingsParams) (AuditSSHSettings, ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return AuditSSHSettings{}, ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/%s/%s/gateway/audit_ssh_settings", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return AuditSSHSettings{}, ResultInfo{}, err
+	}
+
+	var auditSSHSettingsResponse AuditSSHSettingsResponse
+	err = json.Unmarshal(res, &auditSSHSettingsResponse)
+	if err != nil {
+		return AuditSSHSettings{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return auditSSHSettingsResponse.Result, auditSSHSettingsResponse.ResultInfo, nil
+}
+
+// UpdateAuditSSHSettings updates an existing zt audit ssh setting.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-update-audit-ssh-settings
+func (api *API) UpdateAuditSSHSettings(ctx context.Context, rc *ResourceContainer, params UpdateAuditSSHSettingsParams) (AuditSSHSettings, error) {
+	if rc.Level != AccountRouteLevel {
+		return AuditSSHSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return AuditSSHSettings{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/audit_ssh_settings",
+		rc.Level,
+		rc.Identifier,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return AuditSSHSettings{}, err
+	}
+
+	var auditSSHSettingsResponse AuditSSHSettingsResponse
+	err = json.Unmarshal(res, &auditSSHSettingsResponse)
+	if err != nil {
+		return AuditSSHSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return auditSSHSettingsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/teams_audit_ssh_settings_test.go b/pkg/cloudflare-go/teams_audit_ssh_settings_test.go
new file mode 100644
index 0000000000..934f980998
--- /dev/null
+++ b/pkg/cloudflare-go/teams_audit_ssh_settings_test.go
@@ -0,0 +1,91 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetAuditSSHSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"public_key": "1pyl6I1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
+				"seed_id": "f1f968a9-83e7-401a-8abc-e0efe128425c",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AuditSSHSettings{
+		PublicKey: "1pyl6I1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
+		SeedUUID:  "f1f968a9-83e7-401a-8abc-e0efe128425c",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/audit_ssh_settings", handler)
+
+	actual, _, err := client.GetAuditSSHSettings(context.Background(), AccountIdentifier(testAccountID), GetAuditSSHSettingsParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateAuditSSHSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"public_key": "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
+				"seed_id": "f1f968a9-83e7-401a-8abc-e0efe128425c",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := AuditSSHSettings{
+		PublicKey: "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
+		SeedUUID:  "f1f968a9-83e7-401a-8abc-e0efe128425c",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/audit_ssh_settings", handler)
+
+	actual, err := client.UpdateAuditSSHSettings(context.Background(), AccountIdentifier(testAccountID), UpdateAuditSSHSettingsParams{PublicKey: "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA="})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/teams_devices.go b/pkg/cloudflare-go/teams_devices.go
new file mode 100644
index 0000000000..96ec4d08bb
--- /dev/null
+++ b/pkg/cloudflare-go/teams_devices.go
@@ -0,0 +1,107 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type TeamsDevicesList struct {
+	Response
+	Result []TeamsDeviceListItem `json:"result"`
+}
+
+type TeamsDeviceDetail struct {
+	Response
+	Result TeamsDeviceListItem `json:"result"`
+}
+
+type TeamsDeviceListItem struct {
+	User             UserItem `json:"user,omitempty"`
+	ID               string   `json:"id,omitempty"`
+	Key              string   `json:"key,omitempty"`
+	DeviceType       string   `json:"device_type,omitempty"`
+	Name             string   `json:"name,omitempty"`
+	Model            string   `json:"model,omitempty"`
+	Manufacturer     string   `json:"manufacturer,omitempty"`
+	Deleted          bool     `json:"deleted,omitempty"`
+	Version          string   `json:"version,omitempty"`
+	SerialNumber     string   `json:"serial_number,omitempty"`
+	OSVersion        string   `json:"os_version,omitempty"`
+	OSDistroName     string   `json:"os_distro_name,omitempty"`
+	OsDistroRevision string   `json:"os_distro_revision,omitempty"`
+	OSVersionExtra   string   `json:"os_version_extra,omitempty"`
+	MacAddress       string   `json:"mac_address,omitempty"`
+	IP               string   `json:"ip,omitempty"`
+	Created          string   `json:"created,omitempty"`
+	Updated          string   `json:"updated,omitempty"`
+	LastSeen         string   `json:"last_seen,omitempty"`
+	RevokedAt        string   `json:"revoked_at,omitempty"`
+}
+
+type UserItem struct {
+	ID    string `json:"id,omitempty"`
+	Name  string `json:"name,omitempty"`
+	Email string `json:"email,omitempty"`
+}
+
+// ListTeamsDevice returns all devices for a given account.
+//
+// API reference : https://api.cloudflare.com/#devices-list-devices
+func (api *API) ListTeamsDevices(ctx context.Context, accountID string) ([]TeamsDeviceListItem, error) {
+	uri := fmt.Sprintf("/%s/%s/devices", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TeamsDeviceListItem{}, err
+	}
+
+	var response TeamsDevicesList
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return []TeamsDeviceListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// RevokeTeamsDevice revokes device with given identifiers.
+//
+// API reference : https://api.cloudflare.com/#devices-revoke-devices
+func (api *API) RevokeTeamsDevices(ctx context.Context, accountID string, deviceIds []string) (Response, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/revoke", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, deviceIds)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// GetTeamsDeviceDetails gets device details.
+//
+// API reference : https://api.cloudflare.com/#devices-device-details
+func (api *API) GetTeamsDeviceDetails(ctx context.Context, accountID string, deviceID string) (TeamsDeviceListItem, error) {
+	uri := fmt.Sprintf("/%s/%s/devices/%s", AccountRouteRoot, accountID, deviceID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsDeviceListItem{}, err
+	}
+
+	var response TeamsDeviceDetail
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TeamsDeviceListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/teams_devices_test.go b/pkg/cloudflare-go/teams_devices_test.go
new file mode 100644
index 0000000000..3c78bb38d6
--- /dev/null
+++ b/pkg/cloudflare-go/teams_devices_test.go
@@ -0,0 +1,190 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTeamsDevicesList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+        {
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": [
+            {
+              "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+              "user": {
+                "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+                "name": "John Appleseed",
+                "email": "user@example.com"
+              },
+              "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
+              "device_type": "windows",
+              "name": "My mobile device",
+              "model": "MyPhone(pro-X)",
+              "manufacturer": "My phone corp",
+              "deleted": true,
+              "version": "1.0.0",
+              "serial_number": "EXAMPLEHMD6R",
+              "os_version": "10.0.0",
+              "os_distro_name": "ubuntu",
+              "os_distro_revision": "1.0.0",
+			  "os_version_extra": "(a)",
+              "mac_address": "00-00-5E-00-53-00",
+              "ip": "192.0.2.1",
+              "created": "2017-06-14T00:00:00Z",
+              "updated": "2017-06-14T00:00:00Z",
+              "last_seen": "2017-06-14T00:00:00Z",
+              "revoked_at": "2017-06-14T00:00:00Z"
+            }
+          ]
+        }
+    `)
+	}
+
+	want := []TeamsDeviceListItem{{
+		ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		User: UserItem{
+			ID:    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			Name:  "John Appleseed",
+			Email: "user@example.com",
+		},
+		Key:              "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
+		DeviceType:       "windows",
+		Name:             "My mobile device",
+		Model:            "MyPhone(pro-X)",
+		Manufacturer:     "My phone corp",
+		Deleted:          true,
+		Version:          "1.0.0",
+		SerialNumber:     "EXAMPLEHMD6R",
+		OSVersion:        "10.0.0",
+		OSDistroName:     "ubuntu",
+		OsDistroRevision: "1.0.0",
+		OSVersionExtra:   "(a)",
+		MacAddress:       "00-00-5E-00-53-00",
+		IP:               "192.0.2.1",
+		Created:          "2017-06-14T00:00:00Z",
+		Updated:          "2017-06-14T00:00:00Z",
+		LastSeen:         "2017-06-14T00:00:00Z",
+		RevokedAt:        "2017-06-14T00:00:00Z",
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices", handler)
+
+	actual, err := client.ListTeamsDevices(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestRevokeTeamsDevices(t *testing.T) {
+	setup()
+	defer teardown()
+
+	deviceIds := []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "g174e90a-fafe-4643-bbbc-4a0ed4fc8415"}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "result": null,
+      "success": true,
+      "errors": [],
+      "messages": []
+    }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/revoke", handler)
+
+	want := Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
+
+	actual, err := client.RevokeTeamsDevices(context.Background(), testAccountID, deviceIds)
+	require.NoError(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestGetTeamsDeviceDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+        "user": {
+          "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+          "name": "John Appleseed",
+          "email": "user@example.com"
+        },
+        "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
+        "device_type": "windows",
+        "name": "My mobile device",
+        "model": "MyPhone(pro-X)",
+        "manufacturer": "My phone corp",
+        "deleted": true,
+        "version": "1.0.0",
+        "serial_number": "EXAMPLEHMD6R",
+        "os_version": "10.0.0",
+        "mac_address": "00-00-5E-00-53-00",
+        "ip": "192.0.2.1",
+        "created": "2017-06-14T00:00:00Z",
+        "updated": "2017-06-14T00:00:00Z",
+        "last_seen": "2017-06-14T00:00:00Z",
+        "revoked_at": "2017-06-14T00:00:00Z"
+      }
+    }
+    `)
+	}
+
+	want := TeamsDeviceListItem{
+		ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+		User: UserItem{
+			ID:    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+			Name:  "John Appleseed",
+			Email: "user@example.com",
+		},
+		Key:          "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
+		DeviceType:   "windows",
+		Name:         "My mobile device",
+		Model:        "MyPhone(pro-X)",
+		Manufacturer: "My phone corp",
+		Deleted:      true,
+		Version:      "1.0.0",
+		SerialNumber: "EXAMPLEHMD6R",
+		OSVersion:    "10.0.0",
+		MacAddress:   "00-00-5E-00-53-00",
+		IP:           "192.0.2.1",
+		Created:      "2017-06-14T00:00:00Z",
+		Updated:      "2017-06-14T00:00:00Z",
+		LastSeen:     "2017-06-14T00:00:00Z",
+		RevokedAt:    "2017-06-14T00:00:00Z",
+	}
+
+	deviceID := "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/devices/"+deviceID, handler)
+
+	actual, err := client.GetTeamsDeviceDetails(context.Background(), testAccountID, deviceID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/teams_list.go b/pkg/cloudflare-go/teams_list.go
new file mode 100644
index 0000000000..066d7afffe
--- /dev/null
+++ b/pkg/cloudflare-go/teams_list.go
@@ -0,0 +1,330 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingListID = errors.New("required missing list ID")
+
+// TeamsList represents a Teams List.
+type TeamsList struct {
+	ID          string          `json:"id,omitempty"`
+	Name        string          `json:"name"`
+	Type        string          `json:"type"`
+	Description string          `json:"description,omitempty"`
+	Items       []TeamsListItem `json:"items,omitempty"`
+	Count       uint64          `json:"count,omitempty"`
+	CreatedAt   *time.Time      `json:"created_at,omitempty"`
+	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
+}
+
+// TeamsListItem represents a single list item.
+type TeamsListItem struct {
+	Value     string     `json:"value"`
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+}
+
+// PatchTeamsList represents a patch request for appending/removing list items.
+type PatchTeamsList struct {
+	ID     string          `json:"id"`
+	Append []TeamsListItem `json:"append"`
+	Remove []string        `json:"remove"`
+}
+
+// TeamsListListResponse represents the response from the list
+// teams lists endpoint.
+type TeamsListListResponse struct {
+	Result []TeamsList `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// TeamsListItemsListResponse represents the response from the list
+// teams list items endpoint.
+type TeamsListItemsListResponse struct {
+	Result []TeamsListItem `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// TeamsListDetailResponse is the API response, containing a single
+// teams list.
+type TeamsListDetailResponse struct {
+	Response
+	Result TeamsList `json:"result"`
+}
+
+type ListTeamsListItemsParams struct {
+	ListID string `url:"-"`
+
+	ResultInfo
+}
+
+type ListTeamListsParams struct{}
+
+type CreateTeamsListParams struct {
+	ID          string          `json:"id,omitempty"`
+	Name        string          `json:"name"`
+	Type        string          `json:"type"`
+	Description string          `json:"description,omitempty"`
+	Items       []TeamsListItem `json:"items,omitempty"`
+	Count       uint64          `json:"count,omitempty"`
+	CreatedAt   *time.Time      `json:"created_at,omitempty"`
+	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
+}
+
+type UpdateTeamsListParams struct {
+	ID          string          `json:"id,omitempty"`
+	Name        string          `json:"name"`
+	Type        string          `json:"type"`
+	Description string          `json:"description,omitempty"`
+	Items       []TeamsListItem `json:"items,omitempty"`
+	Count       uint64          `json:"count,omitempty"`
+	CreatedAt   *time.Time      `json:"created_at,omitempty"`
+	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
+}
+
+type PatchTeamsListParams struct {
+	ID     string          `json:"id"`
+	Append []TeamsListItem `json:"append"`
+	Remove []string        `json:"remove"`
+}
+
+// ListTeamsLists returns all lists within an account.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-list-teams-lists
+func (api *API) ListTeamsLists(ctx context.Context, rc *ResourceContainer, params ListTeamListsParams) ([]TeamsList, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/lists", AccountRouteRoot, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TeamsList{}, ResultInfo{}, err
+	}
+
+	var teamsListListResponse TeamsListListResponse
+	err = json.Unmarshal(res, &teamsListListResponse)
+	if err != nil {
+		return []TeamsList{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsListListResponse.Result, teamsListListResponse.ResultInfo, nil
+}
+
+// GetTeamsList returns a single list based on the list ID.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-teams-list-details
+func (api *API) GetTeamsList(ctx context.Context, rc *ResourceContainer, listID string) (TeamsList, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/lists/%s",
+		rc.Level,
+		rc.Identifier,
+		listID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsList{}, err
+	}
+
+	var teamsListDetailResponse TeamsListDetailResponse
+	err = json.Unmarshal(res, &teamsListDetailResponse)
+	if err != nil {
+		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsListDetailResponse.Result, nil
+}
+
+// ListTeamsListItems returns all list items for a list.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-teams-list-items
+func (api *API) ListTeamsListItems(ctx context.Context, rc *ResourceContainer, params ListTeamsListItemsParams) ([]TeamsListItem, ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return []TeamsListItem{}, ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return []TeamsListItem{}, ResultInfo{}, ErrMissingAccountID
+	}
+
+	if params.ListID == "" {
+		return []TeamsListItem{}, ResultInfo{}, ErrMissingListID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var teamListItems []TeamsListItem
+	var lResponse TeamsListItemsListResponse
+	for {
+		lResponse = TeamsListItemsListResponse{}
+		uri := buildURI(
+			fmt.Sprintf("/%s/%s/gateway/lists/%s/items", rc.Level, rc.Identifier, params.ListID),
+			params,
+		)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []TeamsListItem{}, ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &lResponse)
+		if err != nil {
+			return []TeamsListItem{}, ResultInfo{}, fmt.Errorf("failed to unmarshal teams list JSON data: %w", err)
+		}
+
+		teamListItems = append(teamListItems, lResponse.Result...)
+		params.ResultInfo = lResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return teamListItems, lResponse.ResultInfo, nil
+}
+
+// CreateTeamsList creates a new teams list.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-create-teams-list
+func (api *API) CreateTeamsList(ctx context.Context, rc *ResourceContainer, params CreateTeamsListParams) (TeamsList, error) {
+	if rc.Level != AccountRouteLevel {
+		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return TeamsList{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/gateway/lists", rc.Level, rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return TeamsList{}, err
+	}
+
+	var teamsListDetailResponse TeamsListDetailResponse
+	err = json.Unmarshal(res, &teamsListDetailResponse)
+	if err != nil {
+		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsListDetailResponse.Result, nil
+}
+
+// UpdateTeamsList updates an existing teams list.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-update-teams-list
+func (api *API) UpdateTeamsList(ctx context.Context, rc *ResourceContainer, params UpdateTeamsListParams) (TeamsList, error) {
+	if rc.Level != AccountRouteLevel {
+		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return TeamsList{}, ErrMissingAccountID
+	}
+
+	if params.ID == "" {
+		return TeamsList{}, fmt.Errorf("teams list ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/lists/%s",
+		rc.Level,
+		rc.Identifier,
+		params.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return TeamsList{}, err
+	}
+
+	var teamsListDetailResponse TeamsListDetailResponse
+	err = json.Unmarshal(res, &teamsListDetailResponse)
+	if err != nil {
+		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsListDetailResponse.Result, nil
+}
+
+// PatchTeamsList updates the items in an existing teams list.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-patch-teams-list
+func (api *API) PatchTeamsList(ctx context.Context, rc *ResourceContainer, listPatch PatchTeamsListParams) (TeamsList, error) {
+	if rc.Level != AccountRouteLevel {
+		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return TeamsList{}, ErrMissingAccountID
+	}
+
+	if listPatch.ID == "" {
+		return TeamsList{}, fmt.Errorf("teams list ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/lists/%s",
+		AccountRouteRoot,
+		rc.Identifier,
+		listPatch.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, listPatch)
+	if err != nil {
+		return TeamsList{}, err
+	}
+
+	var teamsListDetailResponse TeamsListDetailResponse
+	err = json.Unmarshal(res, &teamsListDetailResponse)
+	if err != nil {
+		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsListDetailResponse.Result, nil
+}
+
+// DeleteTeamsList deletes a teams list.
+//
+// API reference: https://api.cloudflare.com/#teams-lists-delete-teams-list
+func (api *API) DeleteTeamsList(ctx context.Context, rc *ResourceContainer, teamsListID string) error {
+	if rc.Level != AccountRouteLevel {
+		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/lists/%s",
+		AccountRouteRoot,
+		rc.Identifier,
+		teamsListID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/teams_list_test.go b/pkg/cloudflare-go/teams_list_test.go
new file mode 100644
index 0000000000..6dbf384f17
--- /dev/null
+++ b/pkg/cloudflare-go/teams_list_test.go
@@ -0,0 +1,356 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTeamsLists(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+					"name": "My Serial List",
+					"description": "My Description",
+					"type": "SERIAL",
+					"count": 1,
+					"created_at": "2014-01-01T05:20:00.12345Z",
+					"updated_at": "2014-01-01T05:20:00.12345Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []TeamsList{{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists", handler)
+
+	actual, _, err := client.ListTeamsLists(context.Background(), AccountIdentifier(testAccountID), ListTeamListsParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "My Serial List",
+				"description": "My Description",
+				"type": "SERIAL",
+				"count": 1,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			},
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := TeamsList{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.GetTeamsList(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsListItems(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, r.Method, http.MethodGet, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"value": "val1",
+					"created_at": "2014-01-01T05:20:00.12345Z"
+				},
+				{
+					"value": "val2",
+					"created_at": "2014-01-01T05:20:00.12345Z"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []TeamsListItem{
+		{
+			Value:     "val1",
+			CreatedAt: &createdAt,
+		},
+		{
+			Value:     "val2",
+			CreatedAt: &createdAt,
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/items", handler)
+
+	actual, _, err := client.ListTeamsListItems(context.Background(), AccountIdentifier(testAccountID), ListTeamsListItemsParams{ListID: "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateTeamsList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "My Serial List",
+				"description": "My Description",
+				"type": "SERIAL",
+				"count": 1,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	teamsList := TeamsList{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists", handler)
+
+	actual, err := client.CreateTeamsList(context.Background(), AccountIdentifier(testAccountID), CreateTeamsListParams{
+		Name:        "My Serial List",
+		Description: "My Description",
+		Type:        "SERIAL",
+		Count:       1,
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, teamsList, actual)
+	}
+}
+
+func TestUpdateTeamsList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "My Serial List",
+				"description": "My Updated Description",
+				"type": "SERIAL",
+				"count": 1,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	teamsList := TeamsList{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Updated Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.UpdateTeamsList(context.Background(), AccountIdentifier(testAccountID), UpdateTeamsListParams{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Updated Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, teamsList, actual)
+	}
+}
+
+func TestUpdateTeamsListWithMissingID(t *testing.T) {
+	setup()
+	defer teardown()
+
+	_, err := client.UpdateTeamsList(context.Background(), AccountIdentifier(testAccountID), UpdateTeamsListParams{})
+	assert.EqualError(t, err, "teams list ID cannot be empty")
+}
+
+func TestPatchTeamsList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+				"name": "My Serial List",
+				"description": "My Updated Description",
+				"type": "SERIAL",
+				"count": 1,
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z"
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	teamsList := TeamsList{
+		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Name:        "My Serial List",
+		Description: "My Updated Description",
+		Type:        "SERIAL",
+		Count:       1,
+		CreatedAt:   &createdAt,
+		UpdatedAt:   &updatedAt,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+
+	actual, err := client.PatchTeamsList(context.Background(), AccountIdentifier(testAccountID), PatchTeamsListParams{
+		ID:     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
+		Append: []TeamsListItem{{Value: "abcd-1234"}},
+		Remove: []string{"def-5678"},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, teamsList, actual)
+	}
+}
+
+func TestDeleteTeamsList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+      "success": true,
+      "errors": [],
+      "messages": [],
+      "result": {
+        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
+      }
+    }
+    `)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
+	err := client.DeleteTeamsList(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/teams_locations.go b/pkg/cloudflare-go/teams_locations.go
new file mode 100644
index 0000000000..b6c58304e6
--- /dev/null
+++ b/pkg/cloudflare-go/teams_locations.go
@@ -0,0 +1,155 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type TeamsLocationsListResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []TeamsLocation `json:"result"`
+}
+
+type TeamsLocationDetailResponse struct {
+	Response
+	Result TeamsLocation `json:"result"`
+}
+
+type TeamsLocationNetwork struct {
+	ID      string `json:"id"`
+	Network string `json:"network"`
+}
+
+type TeamsLocation struct {
+	ID                    string                 `json:"id"`
+	Name                  string                 `json:"name"`
+	Networks              []TeamsLocationNetwork `json:"networks"`
+	PolicyIDs             []string               `json:"policy_ids"`
+	Ip                    string                 `json:"ip,omitempty"`
+	Subdomain             string                 `json:"doh_subdomain"`
+	AnonymizedLogsEnabled bool                   `json:"anonymized_logs_enabled"`
+	IPv4Destination       string                 `json:"ipv4_destination"`
+	ClientDefault         bool                   `json:"client_default"`
+	ECSSupport            *bool                  `json:"ecs_support,omitempty"`
+
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+}
+
+// TeamsLocations returns all locations within an account.
+//
+// API reference: https://api.cloudflare.com/#teams-locations-list-teams-locations
+func (api *API) TeamsLocations(ctx context.Context, accountID string) ([]TeamsLocation, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/locations", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TeamsLocation{}, ResultInfo{}, err
+	}
+
+	var teamsLocationsListResponse TeamsLocationsListResponse
+	err = json.Unmarshal(res, &teamsLocationsListResponse)
+	if err != nil {
+		return []TeamsLocation{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsLocationsListResponse.Result, teamsLocationsListResponse.ResultInfo, nil
+}
+
+// TeamsLocation returns a single location based on the ID.
+//
+// API reference: https://api.cloudflare.com/#teams-locations-teams-location-details
+func (api *API) TeamsLocation(ctx context.Context, accountID, locationID string) (TeamsLocation, error) {
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/locations/%s",
+		AccountRouteRoot,
+		accountID,
+		locationID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsLocation{}, err
+	}
+
+	var teamsLocationDetailResponse TeamsLocationDetailResponse
+	err = json.Unmarshal(res, &teamsLocationDetailResponse)
+	if err != nil {
+		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsLocationDetailResponse.Result, nil
+}
+
+// CreateTeamsLocation creates a new teams location.
+//
+// API reference: https://api.cloudflare.com/#teams-locations-create-teams-location
+func (api *API) CreateTeamsLocation(ctx context.Context, accountID string, teamsLocation TeamsLocation) (TeamsLocation, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/locations", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, teamsLocation)
+	if err != nil {
+		return TeamsLocation{}, err
+	}
+
+	var teamsLocationDetailResponse TeamsLocationDetailResponse
+	err = json.Unmarshal(res, &teamsLocationDetailResponse)
+	if err != nil {
+		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsLocationDetailResponse.Result, nil
+}
+
+// UpdateTeamsLocation updates an existing teams location.
+//
+// API reference: https://api.cloudflare.com/#teams-locations-update-teams-location
+func (api *API) UpdateTeamsLocation(ctx context.Context, accountID string, teamsLocation TeamsLocation) (TeamsLocation, error) {
+	if teamsLocation.ID == "" {
+		return TeamsLocation{}, fmt.Errorf("teams location ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/locations/%s",
+		AccountRouteRoot,
+		accountID,
+		teamsLocation.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, teamsLocation)
+	if err != nil {
+		return TeamsLocation{}, err
+	}
+
+	var teamsLocationDetailResponse TeamsLocationDetailResponse
+	err = json.Unmarshal(res, &teamsLocationDetailResponse)
+	if err != nil {
+		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsLocationDetailResponse.Result, nil
+}
+
+// DeleteTeamsLocation deletes a teams location.
+//
+// API reference: https://api.cloudflare.com/#teams-locations-delete-teams-location
+func (api *API) DeleteTeamsLocation(ctx context.Context, accountID, teamsLocationID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/locations/%s",
+		AccountRouteRoot,
+		accountID,
+		teamsLocationID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/teams_locations_test.go b/pkg/cloudflare-go/teams_locations_test.go
new file mode 100644
index 0000000000..4eb615b1bc
--- /dev/null
+++ b/pkg/cloudflare-go/teams_locations_test.go
@@ -0,0 +1,278 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTeamsLocations(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "0f8185414dec4a5e9034f3d917c17890",
+					"name": "home",
+					"networks": [
+						{
+							"network": "198.51.100.1/32",
+							"id": "8e4c7835436345f0ab395429b187a076"
+						}
+					],
+					"policy_ids": [],
+					"ip": "2a06:98c1:54::2419",
+					"doh_subdomain": "q15l7x2lbw",
+					"anonymized_logs_enabled": false,
+					"ipv4_destination": null,
+					"client_default": false,
+					"ecs_support": false,
+					"created_at": "2020-05-18T22:07:03Z",
+					"updated_at": "2020-05-18T22:07:05Z"
+				}
+			]
+		}
+		`)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := []TeamsLocation{{
+		ID:                    "0f8185414dec4a5e9034f3d917c17890",
+		Name:                  "home",
+		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
+		PolicyIDs:             []string{},
+		Ip:                    "2a06:98c1:54::2419",
+		Subdomain:             "q15l7x2lbw",
+		AnonymizedLogsEnabled: false,
+		IPv4Destination:       "",
+		ClientDefault:         false,
+		ECSSupport:            BoolPtr(false),
+		CreatedAt:             &createdAt,
+		UpdatedAt:             &updatedAt,
+	}}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations", testAccountID), handler)
+
+	actual, _, err := client.TeamsLocations(context.Background(), testAccountID)
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestTeamsLocation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"name": "home",
+				"networks": [
+					{
+						"network": "198.51.100.1/32",
+						"id": "8e4c7835436345f0ab395429b187a076"
+					}
+				],
+				"policy_ids": [],
+				"ip": "2a06:98c1:54::2419",
+				"doh_subdomain": "q15l7x2lbw",
+				"anonymized_logs_enabled": false,
+				"ipv4_destination": null,
+				"client_default": false,
+				"ecs_support": false,
+				"created_at": "2020-05-18T22:07:03Z",
+				"updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`, id)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsLocation{
+		ID:                    id,
+		Name:                  "home",
+		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
+		PolicyIDs:             []string{},
+		Ip:                    "2a06:98c1:54::2419",
+		Subdomain:             "q15l7x2lbw",
+		AnonymizedLogsEnabled: false,
+		IPv4Destination:       "",
+		ClientDefault:         false,
+		ECSSupport:            BoolPtr(false),
+		CreatedAt:             &createdAt,
+		UpdatedAt:             &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
+
+	actual, err := client.TeamsLocation(context.Background(), testAccountID, id)
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestCreateTeamsLocation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"name": "test",
+				"networks": [
+					{
+						"network": "198.51.100.1/32",
+						"id": "8e4c7835436345f0ab395429b187a076"
+					}
+				],
+				"policy_ids": [],
+				"ip": "2a06:98c1:54::2419",
+				"doh_subdomain": "q15l7x2lbw",
+				"anonymized_logs_enabled": false,
+				"ipv4_destination": null,
+				"client_default": false,
+				"ecs_support": false,
+				"created_at": "2020-05-18T22:07:03Z",
+				"updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`, id)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsLocation{
+		ID:                    id,
+		Name:                  "test",
+		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
+		PolicyIDs:             []string{},
+		Ip:                    "2a06:98c1:54::2419",
+		Subdomain:             "q15l7x2lbw",
+		AnonymizedLogsEnabled: false,
+		IPv4Destination:       "",
+		ClientDefault:         false,
+		ECSSupport:            BoolPtr(false),
+		CreatedAt:             &createdAt,
+		UpdatedAt:             &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations", testAccountID), handler)
+
+	actual, err := client.CreateTeamsLocation(context.Background(), testAccountID, TeamsLocation{
+		Name:          "test",
+		ClientDefault: true,
+		Networks:      []TeamsLocationNetwork{},
+	})
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateTeamsLocation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"name": "new",
+				"networks": [
+					{
+						"network": "198.51.100.1/32",
+						"id": "8e4c7835436345f0ab395429b187a076"
+					}
+				],
+				"policy_ids": [],
+				"ip": "2a06:98c1:54::2419",
+				"doh_subdomain": "q15l7x2lbw",
+				"anonymized_logs_enabled": false,
+				"ipv4_destination": null,
+				"client_default": false,
+				"ecs_support": false,
+				"created_at": "2020-05-18T22:07:03Z",
+				"updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`, id)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsLocation{
+		ID:                    id,
+		Name:                  "new",
+		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
+		PolicyIDs:             []string{},
+		Ip:                    "2a06:98c1:54::2419",
+		Subdomain:             "q15l7x2lbw",
+		AnonymizedLogsEnabled: false,
+		IPv4Destination:       "",
+		ClientDefault:         false,
+		ECSSupport:            BoolPtr(false),
+		CreatedAt:             &createdAt,
+		UpdatedAt:             &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
+
+	actual, err := client.UpdateTeamsLocation(context.Background(), testAccountID, TeamsLocation{
+		ID:            id,
+		Name:          "new",
+		ClientDefault: false,
+		Networks:      []TeamsLocationNetwork{{ID: "", Network: "1.2.3.4"}},
+	})
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestDeleteTeamsLocation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
+	err := client.DeleteTeamsLocation(context.Background(), testAccountID, id)
+	require.Nil(t, err)
+}
diff --git a/pkg/cloudflare-go/teams_proxy_endpoints.go b/pkg/cloudflare-go/teams_proxy_endpoints.go
new file mode 100644
index 0000000000..8a658e20eb
--- /dev/null
+++ b/pkg/cloudflare-go/teams_proxy_endpoints.go
@@ -0,0 +1,137 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type TeamsProxyEndpointListResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []TeamsProxyEndpoint `json:"result"`
+}
+type TeamsProxyEndpointDetailResponse struct {
+	Response
+	Result TeamsProxyEndpoint `json:"result"`
+}
+
+type TeamsProxyEndpoint struct {
+	ID        string     `json:"id"`
+	Name      string     `json:"name"`
+	IPs       []string   `json:"ips"`
+	Subdomain string     `json:"subdomain"`
+	CreatedAt *time.Time `json:"created_at,omitempty"`
+	UpdatedAt *time.Time `json:"updated_at,omitempty"`
+}
+
+// TeamsProxyEndpoint returns a single proxy endpoints within an account.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-proxy-endpoint-details
+func (api *API) TeamsProxyEndpoint(ctx context.Context, accountID, proxyEndpointID string) (TeamsProxyEndpoint, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints/%s", AccountRouteRoot, accountID, proxyEndpointID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsProxyEndpoint{}, err
+	}
+
+	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
+	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
+	if err != nil {
+		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsProxyEndpointDetailResponse.Result, nil
+}
+
+// TeamsProxyEndpoints returns all proxy endpoints within an account.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-list-proxy-endpoints
+func (api *API) TeamsProxyEndpoints(ctx context.Context, accountID string) ([]TeamsProxyEndpoint, ResultInfo, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TeamsProxyEndpoint{}, ResultInfo{}, err
+	}
+
+	var teamsProxyEndpointListResponse TeamsProxyEndpointListResponse
+	err = json.Unmarshal(res, &teamsProxyEndpointListResponse)
+	if err != nil {
+		return []TeamsProxyEndpoint{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsProxyEndpointListResponse.Result, teamsProxyEndpointListResponse.ResultInfo, nil
+}
+
+// CreateTeamsProxyEndpoint creates a new proxy endpoint.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-create-proxy-endpoint
+func (api *API) CreateTeamsProxyEndpoint(ctx context.Context, accountID string, proxyEndpoint TeamsProxyEndpoint) (TeamsProxyEndpoint, error) {
+	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints", AccountRouteRoot, accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, proxyEndpoint)
+	if err != nil {
+		return TeamsProxyEndpoint{}, err
+	}
+
+	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
+	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
+	if err != nil {
+		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsProxyEndpointDetailResponse.Result, nil
+}
+
+// UpdateTeamsProxyEndpoint updates an existing teams Proxy Endpoint.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-update-proxy-endpoint
+func (api *API) UpdateTeamsProxyEndpoint(ctx context.Context, accountID string, proxyEndpoint TeamsProxyEndpoint) (TeamsProxyEndpoint, error) {
+	if proxyEndpoint.ID == "" {
+		return TeamsProxyEndpoint{}, fmt.Errorf("Proxy Endpoint ID cannot be empty")
+	}
+
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/proxy_endpoints/%s",
+		AccountRouteRoot,
+		accountID,
+		proxyEndpoint.ID,
+	)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, proxyEndpoint)
+	if err != nil {
+		return TeamsProxyEndpoint{}, err
+	}
+
+	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
+	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
+	if err != nil {
+		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsProxyEndpointDetailResponse.Result, nil
+}
+
+// DeleteTeamsProxyEndpoint deletes a teams Proxy Endpoint.
+//
+// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-delete-proxy-endpoint
+func (api *API) DeleteTeamsProxyEndpoint(ctx context.Context, accountID, proxyEndpointID string) error {
+	uri := fmt.Sprintf(
+		"/%s/%s/gateway/proxy_endpoints/%s",
+		AccountRouteRoot,
+		accountID,
+		proxyEndpointID,
+	)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/teams_proxy_endpoints_test.go b/pkg/cloudflare-go/teams_proxy_endpoints_test.go
new file mode 100644
index 0000000000..e4bc158a1d
--- /dev/null
+++ b/pkg/cloudflare-go/teams_proxy_endpoints_test.go
@@ -0,0 +1,203 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestProxyEndpoint(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				 "id": "0f8185414dec4a5e9034f3d917c17890",
+				 "name": "home",
+				 "ips": ["192.0.2.1/32"],
+				 "subdomain": "q15l7x2lbw",
+				 "created_at": "2020-05-18T22:07:03Z",
+				 "updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsProxyEndpoint{
+		ID:        "0f8185414dec4a5e9034f3d917c17890",
+		Name:      "home",
+		IPs:       []string{"192.0.2.1/32"},
+		Subdomain: "q15l7x2lbw",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
+
+	actual, err := client.TeamsProxyEndpoint(context.Background(), testAccountID, id)
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestProxyEndpoints(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "0f8185414dec4a5e9034f3d917c17890",
+					"name": "home",
+					"ips": ["192.0.2.1/32"],
+					"subdomain": "q15l7x2lbw",
+					"created_at": "2020-05-18T22:07:03Z",
+					"updated_at": "2020-05-18T22:07:05Z"
+				}
+			]
+		}
+		`)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := []TeamsProxyEndpoint{{
+		ID:        "0f8185414dec4a5e9034f3d917c17890",
+		Name:      "home",
+		IPs:       []string{"192.0.2.1/32"},
+		Subdomain: "q15l7x2lbw",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints", testAccountID), handler)
+
+	actual, _, err := client.TeamsProxyEndpoints(context.Background(), testAccountID)
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestCreateProxyEndpoint(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"name": "test",
+				"ips": ["192.0.2.1/32"],
+				"subdomain": "q15l7x2lbw",
+				"created_at": "2020-05-18T22:07:03Z",
+				"updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`, id)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsProxyEndpoint{
+		ID:        id,
+		Name:      "test",
+		IPs:       []string{"192.0.2.1/32"},
+		Subdomain: "q15l7x2lbw",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints", testAccountID), handler)
+
+	actual, err := client.CreateTeamsProxyEndpoint(context.Background(), testAccountID, TeamsProxyEndpoint{})
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateProxyEndpoint(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, err := fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "%s",
+				"name": "new",
+				"ips": ["192.0.2.1/32"],
+				"subdomain": "q15l7x2lbw",
+				"created_at": "2020-05-18T22:07:03Z",
+				"updated_at": "2020-05-18T22:07:05Z"
+			}
+		}`, id)
+		require.Nil(t, err)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
+
+	want := TeamsProxyEndpoint{
+		ID:        id,
+		Name:      "new",
+		IPs:       []string{"192.0.2.1/32"},
+		Subdomain: "q15l7x2lbw",
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
+
+	actual, err := client.UpdateTeamsProxyEndpoint(context.Background(), testAccountID, TeamsProxyEndpoint{
+		ID: id,
+	})
+	require.Nil(t, err)
+	assert.Equal(t, want, actual)
+}
+
+func TestDeleteProxyEndpoint(t *testing.T) {
+	setup()
+	defer teardown()
+
+	id := "0f8185414dec4a5e9034f3d917c17890"
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
+	err := client.DeleteTeamsProxyEndpoint(context.Background(), testAccountID, id)
+	require.Nil(t, err)
+}
diff --git a/pkg/cloudflare-go/teams_rules.go b/pkg/cloudflare-go/teams_rules.go
new file mode 100644
index 0000000000..b03c012157
--- /dev/null
+++ b/pkg/cloudflare-go/teams_rules.go
@@ -0,0 +1,356 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type TeamsRuleSettings struct {
+	// list of ipv4 or ipv6 ips to override with, when action is set to dns override
+	OverrideIPs []string `json:"override_ips"`
+
+	// show this string at block page caused by this rule
+	BlockReason string `json:"block_reason"`
+
+	// host name to override with when action is set to dns override. Can not be used with OverrideIPs
+	OverrideHost string `json:"override_host"`
+
+	// settings for browser isolation actions
+	BISOAdminControls *TeamsBISOAdminControlSettings `json:"biso_admin_controls"`
+
+	// settings for l4(network) level overrides
+	L4Override *TeamsL4OverrideSettings `json:"l4override"`
+
+	// settings for adding headers to http requests
+	AddHeaders http.Header `json:"add_headers"`
+
+	// settings for session check in allow action
+	CheckSession *TeamsCheckSessionSettings `json:"check_session"`
+
+	// Enable block page on rules with action block
+	BlockPageEnabled bool `json:"block_page_enabled"`
+
+	// whether to disable dnssec validation for allow action
+	InsecureDisableDNSSECValidation bool `json:"insecure_disable_dnssec_validation"`
+
+	// settings for rules with egress action
+	EgressSettings *EgressSettings `json:"egress"`
+
+	// DLP payload logging configuration
+	PayloadLog *TeamsDlpPayloadLogSettings `json:"payload_log"`
+
+	//AuditSsh Settings
+	AuditSSH *AuditSSHRuleSettings `json:"audit_ssh"`
+
+	// Turns on ip category based filter on dns if the rule contains dns category checks
+	IPCategories bool `json:"ip_categories"`
+
+	// Allow parent MSP accounts to enable bypass their children's rules. Do not set them for non MSP accounts.
+	AllowChildBypass *bool `json:"allow_child_bypass,omitempty"`
+
+	// Allow child MSP accounts to bypass their parent's rules. Do not set them for non MSP accounts.
+	BypassParentRule *bool `json:"bypass_parent_rule,omitempty"`
+
+	// Action taken when an untrusted origin certificate error occurs in a http allow rule
+	UntrustedCertSettings *UntrustedCertSettings `json:"untrusted_cert"`
+
+	// Specifies that a resolver policy should use Cloudflare's DNS Resolver.
+	ResolveDnsThroughCloudflare *bool `json:"resolve_dns_through_cloudflare,omitempty"`
+
+	// Resolver policy settings.
+	DnsResolverSettings *TeamsDnsResolverSettings `json:"dns_resolvers,omitempty"`
+
+	NotificationSettings *TeamsNotificationSettings `json:"notification_settings"`
+}
+
+type TeamsGatewayUntrustedCertAction string
+
+const (
+	UntrustedCertPassthrough TeamsGatewayUntrustedCertAction = "pass_through"
+	UntrustedCertBlock       TeamsGatewayUntrustedCertAction = "block"
+	UntrustedCertError       TeamsGatewayUntrustedCertAction = "error"
+)
+
+type UntrustedCertSettings struct {
+	Action TeamsGatewayUntrustedCertAction `json:"action"`
+}
+
+type TeamsNotificationSettings struct {
+	Enabled    *bool  `json:"enabled,omitempty"`
+	Message    string `json:"msg"`
+	SupportURL string `json:"support_url"`
+}
+
+type AuditSSHRuleSettings struct {
+	CommandLogging bool `json:"command_logging"`
+}
+
+type EgressSettings struct {
+	Ipv6Range    string `json:"ipv6"`
+	Ipv4         string `json:"ipv4"`
+	Ipv4Fallback string `json:"ipv4_fallback"`
+}
+
+// TeamsL4OverrideSettings used in l4 filter type rule with action set to override.
+type TeamsL4OverrideSettings struct {
+	IP   string `json:"ip,omitempty"`
+	Port int    `json:"port,omitempty"`
+}
+
+type TeamsBISOAdminControlSettings struct {
+	DisablePrinting             bool `json:"dp"`
+	DisableCopyPaste            bool `json:"dcp"`
+	DisableDownload             bool `json:"dd"`
+	DisableUpload               bool `json:"du"`
+	DisableKeyboard             bool `json:"dk"`
+	DisableClipboardRedirection bool `json:"dcr"`
+}
+
+type TeamsCheckSessionSettings struct {
+	Enforce  bool     `json:"enforce"`
+	Duration Duration `json:"duration"`
+}
+
+type (
+	TeamsDnsResolverSettings struct {
+		V4Resolvers []TeamsDnsResolverAddressV4 `json:"ipv4,omitempty"`
+		V6Resolvers []TeamsDnsResolverAddressV6 `json:"ipv6,omitempty"`
+	}
+
+	TeamsDnsResolverAddressV4 struct {
+		TeamsDnsResolverAddress
+	}
+
+	TeamsDnsResolverAddressV6 struct {
+		TeamsDnsResolverAddress
+	}
+
+	TeamsDnsResolverAddress struct {
+		IP                         string `json:"ip"`
+		Port                       *int   `json:"port,omitempty"`
+		VnetID                     string `json:"vnet_id,omitempty"`
+		RouteThroughPrivateNetwork *bool  `json:"route_through_private_network,omitempty"`
+	}
+)
+
+type TeamsDlpPayloadLogSettings struct {
+	Enabled bool `json:"enabled"`
+}
+
+type TeamsFilterType string
+
+type TeamsGatewayAction string
+
+const (
+	HttpFilter        TeamsFilterType = "http"
+	DnsFilter         TeamsFilterType = "dns"
+	L4Filter          TeamsFilterType = "l4"
+	EgressFilter      TeamsFilterType = "egress"
+	DnsResolverFilter TeamsFilterType = "dns_resolver"
+)
+
+const (
+	Allow        TeamsGatewayAction = "allow"        // dns|http|l4
+	Block        TeamsGatewayAction = "block"        // dns|http|l4
+	SafeSearch   TeamsGatewayAction = "safesearch"   // dns
+	YTRestricted TeamsGatewayAction = "ytrestricted" // dns
+	On           TeamsGatewayAction = "on"           // http
+	Off          TeamsGatewayAction = "off"          // http
+	Scan         TeamsGatewayAction = "scan"         // http
+	NoScan       TeamsGatewayAction = "noscan"       // http
+	Isolate      TeamsGatewayAction = "isolate"      // http
+	NoIsolate    TeamsGatewayAction = "noisolate"    // http
+	Override     TeamsGatewayAction = "override"     // http
+	L4Override   TeamsGatewayAction = "l4_override"  // l4
+	Egress       TeamsGatewayAction = "egress"       // egress
+	AuditSSH     TeamsGatewayAction = "audit_ssh"    // l4
+	Resolve      TeamsGatewayAction = "resolve"      // resolve
+)
+
+func TeamsRulesActionValues() []string {
+	return []string{
+		string(Allow),
+		string(Block),
+		string(SafeSearch),
+		string(YTRestricted),
+		string(On),
+		string(Off),
+		string(Scan),
+		string(NoScan),
+		string(Isolate),
+		string(NoIsolate),
+		string(Override),
+		string(L4Override),
+		string(Egress),
+		string(AuditSSH),
+		string(Resolve),
+	}
+}
+
+func TeamsRulesUntrustedCertActionValues() []string {
+	return []string{
+		string(UntrustedCertPassthrough),
+		string(UntrustedCertBlock),
+		string(UntrustedCertError),
+	}
+}
+
+// TeamsRule represents an Teams wirefilter rule.
+type TeamsRule struct {
+	ID            string             `json:"id,omitempty"`
+	CreatedAt     *time.Time         `json:"created_at,omitempty"`
+	UpdatedAt     *time.Time         `json:"updated_at,omitempty"`
+	DeletedAt     *time.Time         `json:"deleted_at,omitempty"`
+	Name          string             `json:"name"`
+	Description   string             `json:"description"`
+	Precedence    uint64             `json:"precedence"`
+	Enabled       bool               `json:"enabled"`
+	Action        TeamsGatewayAction `json:"action"`
+	Filters       []TeamsFilterType  `json:"filters"`
+	Traffic       string             `json:"traffic"`
+	Identity      string             `json:"identity"`
+	DevicePosture string             `json:"device_posture"`
+	Version       uint64             `json:"version"`
+	RuleSettings  TeamsRuleSettings  `json:"rule_settings,omitempty"`
+}
+
+// TeamsRuleResponse is the API response, containing a single rule.
+type TeamsRuleResponse struct {
+	Response
+	Result TeamsRule `json:"result"`
+}
+
+// TeamsRuleResponse is the API response, containing an array of rules.
+type TeamsRulesResponse struct {
+	Response
+	Result []TeamsRule `json:"result"`
+}
+
+// TeamsRulePatchRequest is used to patch an existing rule.
+type TeamsRulePatchRequest struct {
+	ID           string             `json:"id"`
+	Name         string             `json:"name"`
+	Description  string             `json:"description"`
+	Precedence   uint64             `json:"precedence"`
+	Enabled      bool               `json:"enabled"`
+	Action       TeamsGatewayAction `json:"action"`
+	RuleSettings TeamsRuleSettings  `json:"rule_settings,omitempty"`
+}
+
+// TeamsRules returns all rules within an account.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsRules(ctx context.Context, accountID string) ([]TeamsRule, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TeamsRule{}, err
+	}
+
+	var teamsRulesResponse TeamsRulesResponse
+	err = json.Unmarshal(res, &teamsRulesResponse)
+	if err != nil {
+		return []TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsRulesResponse.Result, nil
+}
+
+// TeamsRule returns the rule with rule ID in the URL.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsRule(ctx context.Context, accountID string, ruleId string) (TeamsRule, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TeamsRule{}, err
+	}
+
+	var teamsRuleResponse TeamsRuleResponse
+	err = json.Unmarshal(res, &teamsRuleResponse)
+	if err != nil {
+		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsRuleResponse.Result, nil
+}
+
+// TeamsCreateRule creates a rule with wirefilter expression.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsCreateRule(ctx context.Context, accountID string, rule TeamsRule) (TeamsRule, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
+	if err != nil {
+		return TeamsRule{}, err
+	}
+
+	var teamsRuleResponse TeamsRuleResponse
+	err = json.Unmarshal(res, &teamsRuleResponse)
+	if err != nil {
+		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsRuleResponse.Result, nil
+}
+
+// TeamsUpdateRule updates a rule with wirefilter expression.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsUpdateRule(ctx context.Context, accountID string, ruleId string, rule TeamsRule) (TeamsRule, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
+	if err != nil {
+		return TeamsRule{}, err
+	}
+
+	var teamsRuleResponse TeamsRuleResponse
+	err = json.Unmarshal(res, &teamsRuleResponse)
+	if err != nil {
+		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsRuleResponse.Result, nil
+}
+
+// TeamsPatchRule patches a rule associated values.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsPatchRule(ctx context.Context, accountID string, ruleId string, rule TeamsRulePatchRequest) (TeamsRule, error) {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, rule)
+	if err != nil {
+		return TeamsRule{}, err
+	}
+
+	var teamsRuleResponse TeamsRuleResponse
+	err = json.Unmarshal(res, &teamsRuleResponse)
+	if err != nil {
+		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return teamsRuleResponse.Result, nil
+}
+
+// TeamsDeleteRule deletes a rule.
+//
+// API reference: https://api.cloudflare.com/#teams-rules-properties
+func (api *API) TeamsDeleteRule(ctx context.Context, accountID string, ruleId string) error {
+	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
+
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/teams_rules_test.go b/pkg/cloudflare-go/teams_rules_test.go
new file mode 100644
index 0000000000..226ce50bb2
--- /dev/null
+++ b/pkg/cloudflare-go/teams_rules_test.go
@@ -0,0 +1,770 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTeamsRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+				  "id": "7559a944-3dd7-41bf-b183-360a814a8c36",
+				  "name": "rule1",
+				  "description": "rule description",
+				  "precedence": 1000,
+				  "enabled": false,
+				  "action": "isolate",
+				  "filters": [
+					"http"
+				  ],
+				  "created_at": "2014-01-01T05:20:00.12345Z",
+				  "updated_at": "2014-01-01T05:20:00.12345Z",
+				  "deleted_at": null,
+				  "traffic": "http.host == \"example.com\"",
+				  "identity": "",
+				  "version": 1,
+				  "rule_settings": {
+					"block_page_enabled": false,
+					"block_reason": "",
+					"override_ips": null,
+					"override_host": "",
+					"l4override": null,
+					"biso_admin_controls": null,
+					"add_headers": null,
+					"check_session": {
+						"enforce": true,
+						"duration": "15m0s"
+					},
+                    "insecure_disable_dnssec_validation": false,
+					"untrusted_cert": {
+						"action": "error"
+					},
+					"dns_resolvers": {
+						"ipv4": [
+							{"ip": "10.0.0.2", "port": 5053},
+							{
+								"ip": "192.168.0.2",
+								"vnet_id": "16fd7a32-11f0-4687-a0bb-7031d241e184",
+								"route_through_private_network": true
+							}
+						],
+						"ipv6": [
+							{"ip": "2460::1"}
+						]
+					},
+					"notification_settings": {
+						"enabled": true,
+						"msg": "message",
+						"support_url": "https://hello.com"
+					}
+				  }
+				},
+				{
+				  "id": "9ae57318-f32e-46b3-b889-48dd6dcc49af",
+				  "name": "rule2",
+				  "description": "rule description 2",
+				  "precedence": 2000,
+				  "enabled": true,
+				  "action": "block",
+				  "filters": [
+					"http"
+				  ],
+				  "created_at": "2014-01-01T05:20:00.12345Z",
+				  "updated_at": "2014-01-01T05:20:00.12345Z",
+				  "deleted_at": null,
+				  "traffic": "http.host == \"abcd.com\"",
+				  "identity": "",
+				  "version": 1,
+				  "rule_settings": {
+					"block_page_enabled": true,
+					"block_reason": "",
+					"override_ips": null,
+					"override_host": "",
+					"l4override": null,
+					"biso_admin_controls": null,
+					"add_headers": null,
+					"check_session": null,
+                    "insecure_disable_dnssec_validation": true,
+					"untrusted_cert": {
+						"action": "pass_through"
+					},
+					"resolve_dns_through_cloudflare": true
+				  }
+				}
+			]
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := []TeamsRule{{
+		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
+		Name:          "rule1",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       false,
+		Action:        Isolate,
+		Filters:       []TeamsFilterType{HttpFilter},
+		Traffic:       `http.host == "example.com"`,
+		DevicePosture: "",
+		Identity:      "",
+		Version:       1,
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:  false,
+			BlockReason:       "",
+			OverrideIPs:       nil,
+			OverrideHost:      "",
+			L4Override:        nil,
+			AddHeaders:        nil,
+			BISOAdminControls: nil,
+			CheckSession: &TeamsCheckSessionSettings{
+				Enforce:  true,
+				Duration: Duration{900 * time.Second},
+			},
+			InsecureDisableDNSSECValidation: false,
+			UntrustedCertSettings: &UntrustedCertSettings{
+				Action: UntrustedCertError,
+			},
+			DnsResolverSettings: &TeamsDnsResolverSettings{
+				V4Resolvers: []TeamsDnsResolverAddressV4{
+					{
+						TeamsDnsResolverAddress{
+							IP:   "10.0.0.2",
+							Port: IntPtr(5053),
+						},
+					},
+					{
+						TeamsDnsResolverAddress{
+							IP:                         "192.168.0.2",
+							VnetID:                     "16fd7a32-11f0-4687-a0bb-7031d241e184",
+							RouteThroughPrivateNetwork: BoolPtr(true),
+						},
+					},
+				},
+				V6Resolvers: []TeamsDnsResolverAddressV6{
+					{
+						TeamsDnsResolverAddress{
+							IP: "2460::1",
+						},
+					},
+				},
+			},
+			NotificationSettings: &TeamsNotificationSettings{
+				Enabled:    BoolPtr(true),
+				Message:    "message",
+				SupportURL: "https://hello.com",
+			},
+		},
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		DeletedAt: nil,
+	},
+		{
+			ID:            "9ae57318-f32e-46b3-b889-48dd6dcc49af",
+			Name:          "rule2",
+			Description:   "rule description 2",
+			Precedence:    2000,
+			Enabled:       true,
+			Action:        Block,
+			Filters:       []TeamsFilterType{HttpFilter},
+			Traffic:       `http.host == "abcd.com"`,
+			Identity:      "",
+			DevicePosture: "",
+			Version:       1,
+			RuleSettings: TeamsRuleSettings{
+				BlockPageEnabled:  true,
+				BlockReason:       "",
+				OverrideIPs:       nil,
+				OverrideHost:      "",
+				L4Override:        nil,
+				AddHeaders:        nil,
+				BISOAdminControls: nil,
+				CheckSession:      nil,
+				// setting is invalid for block rules, just testing serialization here
+				InsecureDisableDNSSECValidation: true,
+				UntrustedCertSettings: &UntrustedCertSettings{
+					Action: UntrustedCertPassthrough,
+				},
+				ResolveDnsThroughCloudflare: BoolPtr(true),
+			},
+			CreatedAt: &createdAt,
+			UpdatedAt: &updatedAt,
+			DeletedAt: nil,
+		}}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsRules(context.Background(), testAccountID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "7559a944-3dd7-41bf-b183-360a814a8c36",
+				"name": "rule1",
+				"description": "rule description",
+				"precedence": 1000,
+				"enabled": false,
+				"action": "isolate",
+				"filters": [
+					"http"
+				],
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-01-01T05:20:00.12345Z",
+				"deleted_at": null,
+				"traffic": "http.host == \"abcd.com\"",
+				"identity": "",
+				"version": 1,
+				"rule_settings": {
+					"block_page_enabled": false,
+					"block_reason": "",
+					"override_ips": null,
+					"override_host": "",
+					"l4override": null,
+					"biso_admin_controls": null,
+					"add_headers": null,
+					"check_session": {
+						"enforce": true,
+						"duration": "15m0s"
+					},
+                    "insecure_disable_dnssec_validation": false,
+					"untrusted_cert": {
+						"action": "block"
+					}
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := TeamsRule{
+		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
+		Name:          "rule1",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       false,
+		Action:        Isolate,
+		Filters:       []TeamsFilterType{HttpFilter},
+		Traffic:       `http.host == "abcd.com"`,
+		Identity:      "",
+		DevicePosture: "",
+		Version:       1,
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:  false,
+			BlockReason:       "",
+			OverrideIPs:       nil,
+			OverrideHost:      "",
+			L4Override:        nil,
+			AddHeaders:        nil,
+			BISOAdminControls: nil,
+			CheckSession: &TeamsCheckSessionSettings{
+				Enforce:  true,
+				Duration: Duration{900 * time.Second},
+			},
+			InsecureDisableDNSSECValidation: false,
+			UntrustedCertSettings: &UntrustedCertSettings{
+				Action: UntrustedCertBlock,
+			},
+		},
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
+
+	actual, err := client.TeamsRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsCreateHTTPRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "rule1",
+				"description": "rule description",
+				"precedence": 1000,
+				"enabled": false,
+				"action": "isolate",
+				"filters": [
+					"http"
+				],
+				"traffic": "http.host == \"abcd.com\"",
+				"identity": "",
+				"rule_settings": {
+					"block_page_enabled": false,
+					"biso_admin_controls": {"dp": true, "du": true, "dk": true},
+					"add_headers": {
+						"X-Test": ["abcd"]
+					},
+					"check_session": {
+						"enforce": true,
+						"duration": "5m0s"
+					},
+                    "insecure_disable_dnssec_validation": false
+				}
+			}
+		}
+		`)
+	}
+
+	want := TeamsRule{
+		Name:          "rule1",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       false,
+		Action:        Isolate,
+		Filters:       []TeamsFilterType{HttpFilter},
+		Traffic:       `http.host == "abcd.com"`,
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled: false,
+			BlockReason:      "",
+			OverrideIPs:      nil,
+			OverrideHost:     "",
+			L4Override:       nil,
+			AddHeaders:       http.Header{"X-Test": []string{"abcd"}},
+			BISOAdminControls: &TeamsBISOAdminControlSettings{
+				DisablePrinting: true,
+				DisableKeyboard: true,
+				DisableUpload:   true,
+			},
+			CheckSession: &TeamsCheckSessionSettings{
+				Enforce:  true,
+				Duration: Duration{300 * time.Second},
+			},
+			InsecureDisableDNSSECValidation: false,
+			EgressSettings:                  nil,
+		},
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsCreateEgressRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "egress via chicago",
+				"description": "rule description",
+				"precedence": 1000,
+				"enabled": false,
+				"action": "egress",
+				"filters": [
+					"egress"
+				],
+				"traffic": "net.src.geo.country == \"US\"",
+				"identity": "",
+				"rule_settings": {
+					"egress": {
+						"ipv6": "2a06:98c1:54::c61/64",
+						"ipv4": "2.2.2.2",
+						"ipv4_fallback": "1.1.1.1"
+					}
+				}
+			}
+		}
+		`)
+	}
+
+	want := TeamsRule{
+		Name:          "egress via chicago",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       false,
+		Action:        Egress,
+		Filters:       []TeamsFilterType{EgressFilter},
+		Traffic:       `net.src.geo.country == "US"`,
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:                false,
+			BlockReason:                     "",
+			OverrideIPs:                     nil,
+			OverrideHost:                    "",
+			L4Override:                      nil,
+			AddHeaders:                      nil,
+			BISOAdminControls:               nil,
+			CheckSession:                    nil,
+			InsecureDisableDNSSECValidation: false,
+			EgressSettings: &EgressSettings{
+				Ipv6Range:    "2a06:98c1:54::c61/64",
+				Ipv4:         "2.2.2.2",
+				Ipv4Fallback: "1.1.1.1",
+			},
+		},
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsCreateL4Rule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "block 4.4.4.4",
+				"description": "rule description",
+				"precedence": 1000,
+				"enabled": true,
+				"action": "audit_ssh",
+				"filters": [
+					"l4"
+				],
+				"traffic": "net.src.geo.country == \"US\"",
+				"identity": "",
+				"rule_settings": {
+					"audit_ssh": { "command_logging": true }
+				}
+			}
+		}
+		`)
+	}
+
+	want := TeamsRule{
+		Name:          "block 4.4.4.4",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       true,
+		Action:        AuditSSH,
+		Filters:       []TeamsFilterType{L4Filter},
+		Traffic:       `net.src.geo.country == "US"`,
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:                false,
+			BlockReason:                     "",
+			OverrideIPs:                     nil,
+			OverrideHost:                    "",
+			L4Override:                      nil,
+			AddHeaders:                      nil,
+			BISOAdminControls:               nil,
+			CheckSession:                    nil,
+			InsecureDisableDNSSECValidation: false,
+			EgressSettings:                  nil,
+			AuditSSH: &AuditSSHRuleSettings{
+				CommandLogging: true,
+			},
+		},
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsCreateResolverPolicy(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "resolve 4.4.4.4",
+				"description": "rule description",
+				"precedence": 1000,
+				"enabled": true,
+				"action": "resolve",
+				"filters": [
+					"dns_resolver"
+				],
+				"traffic": "any(dns.domains[*] == \"scottstots.com\")",
+				"identity": "",
+				"rule_settings": {
+					"audit_ssh": { "command_logging": true },
+					"resolve_dns_through_cloudflare": true
+				}
+			}
+		}
+		`)
+	}
+
+	want := TeamsRule{
+		Name:          "resolve 4.4.4.4",
+		Description:   "rule description",
+		Precedence:    1000,
+		Enabled:       true,
+		Action:        Resolve,
+		Filters:       []TeamsFilterType{DnsResolverFilter},
+		Traffic:       `any(dns.domains[*] == "scottstots.com")`,
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:                false,
+			BlockReason:                     "",
+			OverrideIPs:                     nil,
+			OverrideHost:                    "",
+			L4Override:                      nil,
+			AddHeaders:                      nil,
+			BISOAdminControls:               nil,
+			CheckSession:                    nil,
+			InsecureDisableDNSSECValidation: false,
+			EgressSettings:                  nil,
+			AuditSSH: &AuditSSHRuleSettings{
+				CommandLogging: true,
+			},
+			ResolveDnsThroughCloudflare: BoolPtr(true),
+		},
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
+
+	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsUpdateRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "7559a944-3dd7-41bf-b183-360a814a8c36",
+				"name": "rule_name_change",
+				"description": "rule new description",
+				"precedence": 3000,
+				"enabled": true,
+				"action": "block",
+				"filters": [
+					"http"
+				],
+				"traffic": "",
+				"identity": "",
+				"created_at": "2014-01-01T05:20:00.12345Z",
+				"updated_at": "2014-02-01T05:20:00.12345Z",
+				"rule_settings": {
+					"block_page_enabled": false,
+					"block_reason": "",
+					"override_ips": null,
+					"override_host": "",
+					"l4override": null,
+					"biso_admin_controls": null,
+					"add_headers": null,
+					"check_session": null,
+                    "insecure_disable_dnssec_validation": false
+				}
+			}
+		}
+		`)
+	}
+
+	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
+
+	want := TeamsRule{
+		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
+		Name:          "rule_name_change",
+		Description:   "rule new description",
+		Precedence:    3000,
+		Enabled:       true,
+		Action:        Block,
+		Filters:       []TeamsFilterType{HttpFilter},
+		Traffic:       "",
+		Identity:      "",
+		DevicePosture: "",
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:                false,
+			BlockReason:                     "",
+			OverrideIPs:                     nil,
+			OverrideHost:                    "",
+			L4Override:                      nil,
+			AddHeaders:                      nil,
+			BISOAdminControls:               nil,
+			CheckSession:                    nil,
+			InsecureDisableDNSSECValidation: false,
+		},
+		CreatedAt: &createdAt,
+		UpdatedAt: &updatedAt,
+		DeletedAt: nil,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
+
+	actual, err := client.TeamsUpdateRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36", want)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTeamsPatchRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'Patch', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"name": "rule_name_change",
+				"description": "rule new description",
+				"precedence": 3000,
+				"enabled": true,
+				"action": "block",
+				"rule_settings": {
+					"block_page_enabled": false,
+					"block_reason": "",
+					"override_ips": null,
+					"override_host": "",
+					"l4override": null,
+					"biso_admin_controls": null,
+					"add_headers": null,
+					"check_session": null,
+                    "insecure_disable_dnssec_validation": false
+				}
+			}
+		}
+		`)
+	}
+
+	reqBody := TeamsRulePatchRequest{
+		Name:        "rule_name_change",
+		Description: "rule new description",
+		Precedence:  3000,
+		Enabled:     true,
+		Action:      Block,
+		RuleSettings: TeamsRuleSettings{
+			BlockPageEnabled:                false,
+			BlockReason:                     "",
+			OverrideIPs:                     nil,
+			OverrideHost:                    "",
+			L4Override:                      nil,
+			AddHeaders:                      nil,
+			BISOAdminControls:               nil,
+			CheckSession:                    nil,
+			InsecureDisableDNSSECValidation: false,
+		},
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
+
+	actual, err := client.TeamsPatchRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36", reqBody)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, actual.Name, "rule_name_change")
+		assert.Equal(t, actual.Description, "rule new description")
+		assert.Equal(t, actual.Precedence, uint64(3000))
+		assert.Equal(t, actual.Action, Block)
+		assert.Equal(t, actual.Enabled, true)
+	}
+}
+
+func TestTeamsDeleteRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'Delete', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": nil
+		}
+		`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
+
+	err := client.TeamsDeleteRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
new file mode 100644
index 0000000000..5ff33aac68
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
@@ -0,0 +1,80 @@
+{
+    "success": true,
+    "errors": [],
+    "messages": [],
+    "result": [
+        {
+            "id": "372e67954025e0ba6aaa6d586b9e0b59",
+            "type": "A",
+            "name": "example.com",
+            "content": "198.51.100.4",
+            "proxiable": true,
+            "proxied": true,
+            "ttl": 120,
+            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
+            "zone_name": "example.com",
+            "created_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "data": {},
+            "meta": {
+                "auto_added": true,
+                "source": "primary"
+            },
+            "tags": [
+                "tag1",
+                "tag2extended"
+            ]
+        },
+        {
+            "id": "7eb0a9821aec4b1395bd8cc03d88c17d",
+            "type": "A",
+            "name": "sub1.example.com",
+            "content": "198.51.100.5",
+            "proxiable": true,
+            "proxied": false,
+            "ttl": 120,
+            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
+            "zone_name": "example.com",
+            "created_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "data": {},
+            "meta": {
+                "auto_added": true,
+                "source": "primary"
+            },
+            "tags": [
+                "tag1",
+                "tag2extended"
+            ]
+        },
+        {
+            "id": "4c2c40857e334a2d903dd28f65a99682",
+            "type": "A",
+            "name": "sub2.example.com",
+            "content": "198.51.100.6",
+            "proxiable": true,
+            "proxied": true,
+            "ttl": 120,
+            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
+            "zone_name": "example.com",
+            "created_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "data": {},
+            "meta": {
+                "auto_added": true,
+                "source": "primary"
+            },
+            "tags": [
+                "tag1",
+                "tag2extended"
+            ]
+        }
+    ],
+    "result_info": {
+        "count": 3,
+        "page": 1,
+        "per_page": 3,
+        "total_count": 5,
+        "total_pages": 2
+    }
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
new file mode 100644
index 0000000000..f783aa4497
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
@@ -0,0 +1,58 @@
+{
+    "success": true,
+    "errors": [],
+    "messages": [],
+    "result": [
+        {
+            "id": "97e1dc2d19204b448b6ee04724f005ba",
+            "type": "A",
+            "name": "sub3.example.com",
+            "content": "198.51.100.7",
+            "proxiable": true,
+            "proxied": false,
+            "ttl": 120,
+            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
+            "zone_name": "example.com",
+            "created_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "data": {},
+            "meta": {
+                "auto_added": true,
+                "source": "primary"
+            },
+            "tags": [
+                "tag1",
+                "tag2extended"
+            ]
+        },
+        {
+            "id": "5bafaa7059d3480da9f6e2ecd8468c33",
+            "type": "A",
+            "name": "sub4.example.com",
+            "content": "198.51.100.8",
+            "proxiable": true,
+            "proxied": false,
+            "ttl": 120,
+            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
+            "zone_name": "example.com",
+            "created_on": "2014-01-01T05:20:00Z",
+            "modified_on": "2014-01-01T05:20:00Z",
+            "data": {},
+            "meta": {
+                "auto_added": true,
+                "source": "primary"
+            },
+            "tags": [
+                "tag1",
+                "tag2extended"
+            ]
+        }
+    ],
+    "result_info": {
+        "count": 2,
+        "page": 2,
+        "per_page": 3,
+        "total_count": 5,
+        "total_pages": 2
+    }
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
new file mode 100644
index 0000000000..f8bc039b5c
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
@@ -0,0 +1,17 @@
+{
+  "errors": [],
+  "messages": [],
+  "result": {
+    "variant": {
+      "id": "hero",
+      "neverRequireSignedURLs": true,
+      "options": {
+        "fit": "scale-down",
+        "height": 768,
+        "metadata": "none",
+        "width": 1366
+      }
+    }
+  },
+  "success": true
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
new file mode 100644
index 0000000000..1838aa6ce3
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
@@ -0,0 +1,19 @@
+{
+  "errors": [],
+  "messages": [],
+  "result": {
+    "variants": {
+      "hero": {
+        "id": "hero",
+        "neverRequireSignedURLs": true,
+        "options": {
+          "fit": "scale-down",
+          "height": 768,
+          "metadata": "none",
+          "width": 1366
+        }
+      }
+    }
+  },
+  "success": true
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
new file mode 100644
index 0000000000..41e642cb40
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
@@ -0,0 +1,18 @@
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "config": {
+      "warp-routing": { "enabled": true },
+      "originRequest": { "connectTimeout": 10 },
+      "ingress": [
+        { "hostname": "test.example.com", "service": "https://localhost:8000", "originRequest": { "noTLSVerify": true } },
+        { "service": "http_status:404" }
+      ]
+    },
+    "tunnel_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+    "version": 5,
+    "created_at": "2021-01-25T18:22:34.317854Z"
+  }
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
new file mode 100644
index 0000000000..ca0f4176fc
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
@@ -0,0 +1,5 @@
+{
+  "success": true,
+  "errors": [],
+  "messages": []
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
new file mode 100644
index 0000000000..586dd9003a
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
@@ -0,0 +1,30 @@
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+      "name": "blog",
+      "created_at": "2009-11-10T23:00:00Z",
+      "deleted_at": "2009-11-10T23:00:00Z",
+      "connections": [
+        {
+          "colo_name": "DFW",
+          "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+          "is_pending_reconnect": false,
+          "client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+          "client_version": "2022.2.0",
+          "opened_at": "2021-01-25T18:22:34.317854Z",
+          "origin_ip": "198.51.100.1"
+        }
+      ]
+    }
+  ],
+  "result_info": {
+    "count": 1,
+    "page": 1,
+    "per_page": 20,
+    "total_count": 1
+  }
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
new file mode 100644
index 0000000000..6eb38f30cc
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
@@ -0,0 +1,25 @@
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+    "name": "blog",
+    "created_at": "2009-11-10T23:00:00Z",
+    "deleted_at": "2009-11-10T23:00:00Z",
+    "connections": [
+      {
+        "colo_name": "DFW",
+        "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+        "is_pending_reconnect": false,
+        "client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+        "client_version": "2022.2.0",
+        "opened_at": "2021-01-25T18:22:34.317854Z",
+        "origin_ip": "198.51.100.1"
+      }
+    ],
+    "status": "healthy",
+    "tun_type": "cfd_tunnel",
+    "remote_config": true
+  }
+}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
new file mode 100644
index 0000000000..9e1a53407c
--- /dev/null
+++ b/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
@@ -0,0 +1,6 @@
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": "ZHNraGdhc2RraGFza2hqZGFza2poZGFza2poYXNrZGpoYWtzamRoa2FzZGpoa2FzamRoa2Rhc2po\na2FzamRoa2FqCg=="
+}
diff --git a/pkg/cloudflare-go/tiered_cache.go b/pkg/cloudflare-go/tiered_cache.go
new file mode 100644
index 0000000000..a6e845084b
--- /dev/null
+++ b/pkg/cloudflare-go/tiered_cache.go
@@ -0,0 +1,317 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type TieredCacheType int
+
+const (
+	TieredCacheOff     TieredCacheType = 0
+	TieredCacheGeneric TieredCacheType = 1
+	TieredCacheSmart   TieredCacheType = 2
+)
+
+func (e TieredCacheType) String() string {
+	switch e {
+	case TieredCacheGeneric:
+		return "generic"
+	case TieredCacheSmart:
+		return "smart"
+	case TieredCacheOff:
+		return "off"
+	default:
+		return fmt.Sprintf("%d", int(e))
+	}
+}
+
+type TieredCache struct {
+	Type         TieredCacheType
+	LastModified time.Time
+}
+
+// GetTieredCache allows you to retrieve the current Tiered Cache Settings for a Zone.
+// This function does not support custom topologies, only Generic and Smart Tiered Caching.
+//
+// API Reference: https://api.cloudflare.com/#smart-tiered-cache-get-smart-tiered-cache-setting
+// API Reference: https://api.cloudflare.com/#tiered-cache-get-tiered-cache-setting
+func (api *API) GetTieredCache(ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	var lastModified time.Time
+
+	generic, err := getGenericTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+	lastModified = generic.LastModified
+
+	smart, err := getSmartTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+
+	if smart.LastModified.After(lastModified) {
+		lastModified = smart.LastModified
+	}
+
+	if generic.Type == TieredCacheOff {
+		return TieredCache{Type: TieredCacheOff, LastModified: lastModified}, nil
+	}
+
+	if smart.Type == TieredCacheOff {
+		return TieredCache{Type: TieredCacheGeneric, LastModified: lastModified}, nil
+	}
+
+	return TieredCache{Type: TieredCacheSmart, LastModified: lastModified}, nil
+}
+
+// SetTieredCache allows you to set a zone's tiered cache topology between the available types.
+// Using the value of TieredCacheOff will disable Tiered Cache entirely.
+//
+// API Reference: https://api.cloudflare.com/#smart-tiered-cache-patch-smart-tiered-cache-setting
+// API Reference: https://api.cloudflare.com/#tiered-cache-patch-tiered-cache-setting
+func (api *API) SetTieredCache(ctx context.Context, rc *ResourceContainer, value TieredCacheType) (TieredCache, error) {
+	if value == TieredCacheOff {
+		return api.DeleteTieredCache(ctx, rc)
+	}
+
+	var lastModified time.Time
+
+	if value == TieredCacheGeneric {
+		result, err := deleteSmartTieredCache(api, ctx, rc)
+		if err != nil {
+			return TieredCache{}, err
+		}
+		lastModified = result.LastModified
+
+		result, err = enableGenericTieredCache(api, ctx, rc)
+		if err != nil {
+			return TieredCache{}, err
+		}
+
+		if result.LastModified.After(lastModified) {
+			lastModified = result.LastModified
+		}
+		return TieredCache{Type: TieredCacheGeneric, LastModified: lastModified}, nil
+	}
+
+	result, err := enableGenericTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+	lastModified = result.LastModified
+
+	result, err = enableSmartTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+
+	if result.LastModified.After(lastModified) {
+		lastModified = result.LastModified
+	}
+	return TieredCache{Type: TieredCacheSmart, LastModified: lastModified}, nil
+}
+
+// DeleteTieredCache allows you to delete the tiered cache settings for a zone.
+// This is equivalent to using SetTieredCache with the value of TieredCacheOff.
+//
+// API Reference: https://api.cloudflare.com/#smart-tiered-cache-delete-smart-tiered-cache-setting
+// API Reference: https://api.cloudflare.com/#tiered-cache-patch-tiered-cache-setting
+func (api *API) DeleteTieredCache(ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	var lastModified time.Time
+
+	result, err := deleteSmartTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+	lastModified = result.LastModified
+
+	result, err = disableGenericTieredCache(api, ctx, rc)
+	if err != nil {
+		return TieredCache{}, err
+	}
+
+	if result.LastModified.After(lastModified) {
+		lastModified = result.LastModified
+	}
+	return TieredCache{Type: TieredCacheOff, LastModified: lastModified}, nil
+}
+
+type tieredCacheResult struct {
+	ID           string    `json:"id"`
+	Value        string    `json:"value,omitempty"`
+	LastModified time.Time `json:"modified_on"`
+}
+
+type tieredCacheResponse struct {
+	Result tieredCacheResult `json:"result"`
+	Response
+}
+
+type tieredCacheSetting struct {
+	Value string `json:"value"`
+}
+
+func getGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to retrieve generic tiered cache failed")
+	}
+
+	if response.Result.Value == "off" {
+		return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
+	}
+
+	return TieredCache{Type: TieredCacheGeneric, LastModified: response.Result.LastModified}, nil
+}
+
+func getSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		var notFoundError *NotFoundError
+		if errors.As(err, &notFoundError) {
+			return TieredCache{Type: TieredCacheOff}, nil
+		}
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to retrieve smart tiered cache failed")
+	}
+
+	if response.Result.Value == "off" {
+		return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
+	}
+	return TieredCache{Type: TieredCacheSmart, LastModified: response.Result.LastModified}, nil
+}
+
+func enableGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
+	setting := tieredCacheSetting{
+		Value: "on",
+	}
+	body, err := json.Marshal(setting)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to enable generic tiered cache failed")
+	}
+
+	return TieredCache{Type: TieredCacheGeneric, LastModified: response.Result.LastModified}, nil
+}
+
+func enableSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
+	setting := tieredCacheSetting{
+		Value: "on",
+	}
+	body, err := json.Marshal(setting)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to enable smart tiered cache failed")
+	}
+
+	return TieredCache{Type: TieredCacheSmart, LastModified: response.Result.LastModified}, nil
+}
+
+func disableGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
+	setting := tieredCacheSetting{
+		Value: "off",
+	}
+	body, err := json.Marshal(setting)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to disable generic tiered cache failed")
+	}
+
+	return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
+}
+
+func deleteSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
+	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		var notFoundError *NotFoundError
+		if errors.As(err, &notFoundError) {
+			return TieredCache{Type: TieredCacheOff}, nil
+		}
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	var response tieredCacheResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return TieredCache{Type: TieredCacheOff}, err
+	}
+
+	if !response.Success {
+		return TieredCache{Type: TieredCacheOff}, errors.New("request to disable smart tiered cache failed")
+	}
+
+	return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
+}
diff --git a/pkg/cloudflare-go/tiered_cache_test.go b/pkg/cloudflare-go/tiered_cache_test.go
new file mode 100644
index 0000000000..c30ada6404
--- /dev/null
+++ b/pkg/cloudflare-go/tiered_cache_test.go
@@ -0,0 +1,321 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func createSmartTieredCacheHandler(val string, lastModified string) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"editable": true,
+				"id": "tiered_cache_smart_topology_enable",
+				"modified_on": "%s",
+				"value": "%s"
+            }
+          }`, lastModified, val)
+	}
+}
+
+func nonexistentSmartTieredCacheHandler() func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(404)
+		fmt.Fprintf(w, `{
+			"result": null,
+			"success": false,
+			"errors": [
+				{
+					"code": 1142,
+					"message": "Unable to retrieve tiered_cache_smart_topology_enable setting value. The zone setting does not exist."
+				}
+			],
+			"messages": []
+		}`)
+	}
+}
+
+func createGenericTieredCacheHandler(val string, lastModified string) func(http.ResponseWriter, *http.Request) {
+	return func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "tiered_caching",
+				"value": "%s",
+				"modified_on": "%s",
+				"editable": false
+            }
+          }`, val, lastModified)
+	}
+}
+
+func TestGetTieredCache(t *testing.T) {
+	t.Run("can identify when Smart Tiered Cache", func(t *testing.T) {
+		t.Run("is disabled", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("off", lastModified))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheGeneric,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("is enabled", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheSmart,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("zone setting does not exist", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheGeneric,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+	})
+
+	t.Run("can identify when generic tiered cache", func(t *testing.T) {
+		t.Run("is disabled", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("off", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheOff,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("is enabled", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheGeneric,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+	})
+
+	t.Run("determines the latest last modified when", func(t *testing.T) {
+		t.Run("smart tiered cache zone setting does not exist", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheGeneric,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("generic tiered cache was modified more recently", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			earlier := time.Now().Add(time.Minute * -5).Format(time.RFC3339)
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", earlier))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheSmart,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("smart tiered cache was modified more recently", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			earlier := time.Now().Add(time.Minute * -5).Format(time.RFC3339)
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", earlier))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheSmart,
+				LastModified: wanted,
+			}
+
+			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+	})
+}
+
+func TestSetTieredCache(t *testing.T) {
+	t.Run("can enable tiered caching", func(t *testing.T) {
+		t.Run("using smart caching", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheSmart,
+				LastModified: wanted,
+			}
+
+			got, err := client.SetTieredCache(context.Background(), ZoneIdentifier(testZoneID), TieredCacheSmart)
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+
+		t.Run("use generic caching", func(t *testing.T) {
+			setup()
+			defer teardown()
+
+			lastModified := time.Now().Format(time.RFC3339)
+
+			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
+			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
+
+			wanted, _ := time.Parse(time.RFC3339, lastModified)
+			want := TieredCache{
+				Type:         TieredCacheGeneric,
+				LastModified: wanted,
+			}
+
+			got, err := client.SetTieredCache(context.Background(), ZoneIdentifier(testZoneID), TieredCacheGeneric)
+
+			if assert.NoError(t, err) {
+				assert.Equal(t, want, got)
+			}
+		})
+	})
+}
+
+func TestDeleteTieredCache(t *testing.T) {
+	t.Run("can disable tiered caching", func(t *testing.T) {
+		setup()
+		defer teardown()
+
+		lastModified := time.Now().Format(time.RFC3339)
+
+		mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("off", lastModified))
+		mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
+
+		wanted, _ := time.Parse(time.RFC3339, lastModified)
+		want := TieredCache{
+			Type:         TieredCacheOff,
+			LastModified: wanted,
+		}
+
+		got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
+
+		if assert.NoError(t, err) {
+			assert.Equal(t, want, got)
+		}
+	})
+}
diff --git a/pkg/cloudflare-go/total_tls.go b/pkg/cloudflare-go/total_tls.go
new file mode 100644
index 0000000000..5ea0bdb3b7
--- /dev/null
+++ b/pkg/cloudflare-go/total_tls.go
@@ -0,0 +1,64 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type TotalTLS struct {
+	Enabled              *bool  `json:"enabled,omitempty"`
+	CertificateAuthority string `json:"certificate_authority,omitempty"`
+	ValidityDays         int    `json:"validity_days,omitempty"`
+}
+
+type TotalTLSResponse struct {
+	Response
+	Result TotalTLS `json:"result"`
+}
+
+// GetTotalTLS Get Total TLS Settings for a Zone.
+//
+// API Reference: https://api.cloudflare.com/#total-tls-total-tls-settings-details
+func (api *API) GetTotalTLS(ctx context.Context, rc *ResourceContainer) (TotalTLS, error) {
+	if rc.Identifier == "" {
+		return TotalTLS{}, ErrMissingZoneID
+	}
+	uri := fmt.Sprintf("/zones/%s/acm/total_tls", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TotalTLS{}, err
+	}
+
+	var r TotalTLSResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TotalTLS{}, err
+	}
+
+	return r.Result, nil
+}
+
+// SetTotalTLS Set Total TLS Settings or disable the feature for a Zone.
+//
+// API Reference: https://api.cloudflare.com/#total-tls-enable-or-disable-total-tls
+func (api *API) SetTotalTLS(ctx context.Context, rc *ResourceContainer, params TotalTLS) (TotalTLS, error) {
+	if rc.Identifier == "" {
+		return TotalTLS{}, ErrMissingZoneID
+	}
+	uri := fmt.Sprintf("/zones/%s/acm/total_tls", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return TotalTLS{}, err
+	}
+
+	var r TotalTLSResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TotalTLS{}, err
+	}
+
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/total_tls_test.go b/pkg/cloudflare-go/total_tls_test.go
new file mode 100644
index 0000000000..3b5e239630
--- /dev/null
+++ b/pkg/cloudflare-go/total_tls_test.go
@@ -0,0 +1,74 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTotalTLS_GetSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/acm/total_tls", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"enabled": true,
+		"certificate_authority": "google",
+		"validity_days": 90
+	  }
+	}`)
+	})
+
+	_, err := client.GetTotalTLS(context.Background(), ZoneIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	result, err := client.GetTotalTLS(context.Background(), ZoneIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, BoolPtr(true), result.Enabled)
+		assert.Equal(t, "google", result.CertificateAuthority)
+		assert.Equal(t, 90, result.ValidityDays)
+	}
+}
+
+func TestTotalTLS_SetSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/acm/total_tls", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "enabled": true,
+    "certificate_authority": "google",
+    "validity_days": 90
+  }
+}`)
+	})
+
+	_, err := client.SetTotalTLS(context.Background(), ZoneIdentifier(""), TotalTLS{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	result, err := client.SetTotalTLS(context.Background(), ZoneIdentifier(testZoneID), TotalTLS{CertificateAuthority: "google", Enabled: BoolPtr(true)})
+	if assert.NoError(t, err) {
+		assert.Equal(t, BoolPtr(true), result.Enabled)
+		assert.Equal(t, "google", result.CertificateAuthority)
+		assert.Equal(t, 90, result.ValidityDays)
+	}
+}
diff --git a/pkg/cloudflare-go/tunnel.go b/pkg/cloudflare-go/tunnel.go
new file mode 100644
index 0000000000..2f3f6d7c90
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel.go
@@ -0,0 +1,536 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// A TunnelDuration is a Duration that has custom serialization for JSON.
+// JSON in Javascript assumes that int fields are 32 bits and Duration fields
+// are deserialized assuming that numbers are in nanoseconds, which in 32bit
+// integers limits to just 2 seconds. This type assumes that when
+// serializing/deserializing from JSON, that the number is in seconds, while it
+// maintains the YAML serde assumptions.
+type TunnelDuration struct {
+	time.Duration
+}
+
+func (s TunnelDuration) MarshalJSON() ([]byte, error) {
+	return json.Marshal(s.Duration.Seconds())
+}
+
+func (s *TunnelDuration) UnmarshalJSON(data []byte) error {
+	seconds, err := strconv.ParseInt(string(data), 10, 64)
+	if err != nil {
+		return err
+	}
+
+	s.Duration = time.Duration(seconds * int64(time.Second))
+	return nil
+}
+
+// ErrMissingTunnelID is for when a required tunnel ID is missing from the
+// parameters.
+var ErrMissingTunnelID = errors.New("required missing tunnel ID")
+
+// Tunnel is the struct definition of a tunnel.
+type Tunnel struct {
+	ID             string             `json:"id,omitempty"`
+	Name           string             `json:"name,omitempty"`
+	Secret         string             `json:"tunnel_secret,omitempty"`
+	CreatedAt      *time.Time         `json:"created_at,omitempty"`
+	DeletedAt      *time.Time         `json:"deleted_at,omitempty"`
+	Connections    []TunnelConnection `json:"connections,omitempty"`
+	ConnsActiveAt  *time.Time         `json:"conns_active_at,omitempty"`
+	ConnInactiveAt *time.Time         `json:"conns_inactive_at,omitempty"`
+	TunnelType     string             `json:"tun_type,omitempty"`
+	Status         string             `json:"status,omitempty"`
+	RemoteConfig   bool               `json:"remote_config,omitempty"`
+}
+
+// Connection is the struct definition of a connection.
+type Connection struct {
+	ID            string             `json:"id,omitempty"`
+	Features      []string           `json:"features,omitempty"`
+	Version       string             `json:"version,omitempty"`
+	Arch          string             `json:"arch,omitempty"`
+	Connections   []TunnelConnection `json:"conns,omitempty"`
+	RunAt         *time.Time         `json:"run_at,omitempty"`
+	ConfigVersion int                `json:"config_version,omitempty"`
+}
+
+// TunnelConnection represents the connections associated with a tunnel.
+type TunnelConnection struct {
+	ColoName           string `json:"colo_name"`
+	ID                 string `json:"id"`
+	IsPendingReconnect bool   `json:"is_pending_reconnect"`
+	ClientID           string `json:"client_id"`
+	ClientVersion      string `json:"client_version"`
+	OpenedAt           string `json:"opened_at"`
+	OriginIP           string `json:"origin_ip"`
+}
+
+// TunnelsDetailResponse is used for representing the API response payload for
+// multiple tunnels.
+type TunnelsDetailResponse struct {
+	Result []Tunnel `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// listTunnelsDefaultPageSize represents the default per_page size of the API.
+var listTunnelsDefaultPageSize int = 100
+
+// TunnelDetailResponse is used for representing the API response payload for
+// a single tunnel.
+type TunnelDetailResponse struct {
+	Result Tunnel `json:"result"`
+	Response
+}
+
+// TunnelConnectionResponse is used for representing the API response payload for
+// connections of a single tunnel.
+type TunnelConnectionResponse struct {
+	Result []Connection `json:"result"`
+	Response
+}
+
+type TunnelConfigurationResult struct {
+	TunnelID string              `json:"tunnel_id,omitempty"`
+	Config   TunnelConfiguration `json:"config,omitempty"`
+	Version  int                 `json:"version,omitempty"`
+}
+
+// TunnelConfigurationResponse is used for representing the API response payload
+// for a single tunnel.
+type TunnelConfigurationResponse struct {
+	Result TunnelConfigurationResult `json:"result"`
+	Response
+}
+
+// TunnelTokenResponse is  the API response for a tunnel token.
+type TunnelTokenResponse struct {
+	Result string `json:"result"`
+	Response
+}
+
+type TunnelCreateParams struct {
+	Name      string `json:"name,omitempty"`
+	Secret    string `json:"tunnel_secret,omitempty"`
+	ConfigSrc string `json:"config_src,omitempty"`
+}
+
+type TunnelUpdateParams struct {
+	Name   string `json:"name,omitempty"`
+	Secret string `json:"tunnel_secret,omitempty"`
+}
+
+type UnvalidatedIngressRule struct {
+	Hostname      string               `json:"hostname,omitempty"`
+	Path          string               `json:"path,omitempty"`
+	Service       string               `json:"service,omitempty"`
+	OriginRequest *OriginRequestConfig `json:"originRequest,omitempty"`
+}
+
+// OriginRequestConfig is a set of optional fields that users may set to
+// customize how cloudflared sends requests to origin services. It is used to set
+// up general config that apply to all rules, and also, specific per-rule
+// config.
+type OriginRequestConfig struct {
+	// HTTP proxy timeout for establishing a new connection
+	ConnectTimeout *TunnelDuration `json:"connectTimeout,omitempty"`
+	// HTTP proxy timeout for completing a TLS handshake
+	TLSTimeout *TunnelDuration `json:"tlsTimeout,omitempty"`
+	// HTTP proxy TCP keepalive duration
+	TCPKeepAlive *TunnelDuration `json:"tcpKeepAlive,omitempty"`
+	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
+	NoHappyEyeballs *bool `json:"noHappyEyeballs,omitempty"`
+	// HTTP proxy maximum keepalive connection pool size
+	KeepAliveConnections *int `json:"keepAliveConnections,omitempty"`
+	// HTTP proxy timeout for closing an idle connection
+	KeepAliveTimeout *TunnelDuration `json:"keepAliveTimeout,omitempty"`
+	// Sets the HTTP Host header for the local webserver.
+	HTTPHostHeader *string `json:"httpHostHeader,omitempty"`
+	// Hostname on the origin server certificate.
+	OriginServerName *string `json:"originServerName,omitempty"`
+	// Path to the CA for the certificate of your origin.
+	// This option should be used only if your certificate is not signed by Cloudflare.
+	CAPool *string `json:"caPool,omitempty"`
+	// Disables TLS verification of the certificate presented by your origin.
+	// Will allow any certificate from the origin to be accepted.
+	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
+	NoTLSVerify *bool `json:"noTLSVerify,omitempty"`
+	// Disables chunked transfer encoding.
+	// Useful if you are running a WSGI server.
+	DisableChunkedEncoding *bool `json:"disableChunkedEncoding,omitempty"`
+	// Runs as jump host
+	BastionMode *bool `json:"bastionMode,omitempty"`
+	// Listen address for the proxy.
+	ProxyAddress *string `json:"proxyAddress,omitempty"`
+	// Listen port for the proxy.
+	ProxyPort *uint `json:"proxyPort,omitempty"`
+	// Valid options are 'socks' or empty.
+	ProxyType *string `json:"proxyType,omitempty"`
+	// IP rules for the proxy service
+	IPRules []IngressIPRule `json:"ipRules,omitempty"`
+	// Attempt to connect to origin with HTTP/2
+	Http2Origin *bool `json:"http2Origin,omitempty"`
+	// Access holds all access related configs
+	Access *AccessConfig `json:"access,omitempty"`
+}
+
+type AccessConfig struct {
+	// Required when set to true will fail every request that does not arrive
+	// through an access authenticated endpoint.
+	Required bool `yaml:"required" json:"required,omitempty"`
+	// TeamName is the organization team name to get the public key certificates for.
+	TeamName string `yaml:"teamName" json:"teamName"`
+	// AudTag is the AudTag to verify access JWT against.
+	AudTag []string `yaml:"audTag" json:"audTag"`
+}
+
+type IngressIPRule struct {
+	Prefix *string `json:"prefix,omitempty"`
+	Ports  []int   `json:"ports,omitempty"`
+	Allow  bool    `json:"allow,omitempty"`
+}
+
+type TunnelConfiguration struct {
+	Ingress       []UnvalidatedIngressRule `json:"ingress,omitempty"`
+	WarpRouting   *WarpRoutingConfig       `json:"warp-routing,omitempty"`
+	OriginRequest OriginRequestConfig      `json:"originRequest,omitempty"`
+}
+
+type WarpRoutingConfig struct {
+	Enabled bool `json:"enabled,omitempty"`
+}
+
+type TunnelConfigurationParams struct {
+	TunnelID string              `json:"-"`
+	Config   TunnelConfiguration `json:"config,omitempty"`
+}
+
+type TunnelListParams struct {
+	Name          string     `url:"name,omitempty"`
+	UUID          string     `url:"uuid,omitempty"` // the tunnel ID
+	IsDeleted     *bool      `url:"is_deleted,omitempty"`
+	ExistedAt     *time.Time `url:"existed_at,omitempty"`
+	IncludePrefix string     `url:"include_prefix,omitempty"`
+	ExcludePrefix string     `url:"exclude_prefix,omitempty"`
+
+	ResultInfo
+}
+
+// ListTunnels lists all tunnels.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-list-cloudflare-tunnels
+func (api *API) ListTunnels(ctx context.Context, rc *ResourceContainer, params TunnelListParams) ([]Tunnel, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []Tunnel{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = listTunnelsDefaultPageSize
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var records []Tunnel
+	var listResponse TunnelsDetailResponse
+
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []Tunnel{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &listResponse)
+		if err != nil {
+			return []Tunnel{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		records = append(records, listResponse.Result...)
+		params.ResultInfo = listResponse.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return records, &listResponse.ResultInfo, nil
+}
+
+// GetTunnel returns a single Argo tunnel.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-get-cloudflare-tunnel
+func (api *API) GetTunnel(ctx context.Context, rc *ResourceContainer, tunnelID string) (Tunnel, error) {
+	if rc.Identifier == "" {
+		return Tunnel{}, ErrMissingAccountID
+	}
+
+	if tunnelID == "" {
+		return Tunnel{}, errors.New("missing tunnel ID")
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", rc.Identifier, tunnelID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Tunnel{}, err
+	}
+
+	var argoDetailsResponse TunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// CreateTunnel creates a new tunnel for the account.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-create-cloudflare-tunnel
+func (api *API) CreateTunnel(ctx context.Context, rc *ResourceContainer, params TunnelCreateParams) (Tunnel, error) {
+	if rc.Identifier == "" {
+		return Tunnel{}, ErrMissingAccountID
+	}
+
+	if params.Name == "" {
+		return Tunnel{}, errors.New("missing tunnel name")
+	}
+
+	if params.Secret == "" {
+		return Tunnel{}, errors.New("missing tunnel secret")
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return Tunnel{}, err
+	}
+
+	var argoDetailsResponse TunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return argoDetailsResponse.Result, nil
+}
+
+// UpdateTunnel updates an existing tunnel for the account.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-update-cloudflare-tunnel
+func (api *API) UpdateTunnel(ctx context.Context, rc *ResourceContainer, params TunnelUpdateParams) (Tunnel, error) {
+	if rc.Identifier == "" {
+		return Tunnel{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier)
+
+	var tunnel Tunnel
+
+	if params.Name != "" {
+		tunnel.Name = params.Name
+	}
+
+	if params.Secret != "" {
+		tunnel.Secret = params.Secret
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, tunnel)
+	if err != nil {
+		return Tunnel{}, err
+	}
+
+	var argoDetailsResponse TunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return argoDetailsResponse.Result, nil
+}
+
+// UpdateTunnelConfiguration updates an existing tunnel for the account.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-configuration-properties
+func (api *API) UpdateTunnelConfiguration(ctx context.Context, rc *ResourceContainer, params TunnelConfigurationParams) (TunnelConfigurationResult, error) {
+	if rc.Identifier == "" {
+		return TunnelConfigurationResult{}, ErrMissingAccountID
+	}
+
+	if params.TunnelID == "" {
+		return TunnelConfigurationResult{}, ErrMissingTunnelID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", rc.Identifier, params.TunnelID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return TunnelConfigurationResult{}, err
+	}
+
+	var tunnelDetailsResponse TunnelConfigurationResponse
+	err = json.Unmarshal(res, &tunnelDetailsResponse)
+	if err != nil {
+		return TunnelConfigurationResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	var tunnelDetails TunnelConfigurationResult
+
+	tunnelDetails.Config = tunnelDetailsResponse.Result.Config
+	tunnelDetails.TunnelID = tunnelDetailsResponse.Result.TunnelID
+	tunnelDetails.Version = tunnelDetailsResponse.Result.Version
+
+	return tunnelDetails, nil
+}
+
+// GetTunnelConfiguration updates an existing tunnel for the account.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-configuration-properties
+func (api *API) GetTunnelConfiguration(ctx context.Context, rc *ResourceContainer, tunnelID string) (TunnelConfigurationResult, error) {
+	if rc.Identifier == "" {
+		return TunnelConfigurationResult{}, ErrMissingAccountID
+	}
+
+	if tunnelID == "" {
+		return TunnelConfigurationResult{}, ErrMissingTunnelID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", rc.Identifier, tunnelID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TunnelConfigurationResult{}, err
+	}
+
+	var tunnelDetailsResponse TunnelConfigurationResponse
+	err = json.Unmarshal(res, &tunnelDetailsResponse)
+	if err != nil {
+		return TunnelConfigurationResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	var tunnelDetails TunnelConfigurationResult
+
+	tunnelDetails.Config = tunnelDetailsResponse.Result.Config
+	tunnelDetails.TunnelID = tunnelDetailsResponse.Result.TunnelID
+	tunnelDetails.Version = tunnelDetailsResponse.Result.Version
+
+	return tunnelDetails, nil
+}
+
+// ListTunnelConnections gets all connections on a tunnel.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-list-cloudflare-tunnel-connections
+func (api *API) ListTunnelConnections(ctx context.Context, rc *ResourceContainer, tunnelID string) ([]Connection, error) {
+	if rc.Identifier == "" {
+		return []Connection{}, ErrMissingAccountID
+	}
+
+	if tunnelID == "" {
+		return []Connection{}, ErrMissingTunnelID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", rc.Identifier, tunnelID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Connection{}, err
+	}
+
+	var argoDetailsResponse TunnelConnectionResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return []Connection{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return argoDetailsResponse.Result, nil
+}
+
+// DeleteTunnel removes a single Argo tunnel.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-delete-cloudflare-tunnel
+func (api *API) DeleteTunnel(ctx context.Context, rc *ResourceContainer, tunnelID string) error {
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", rc.Identifier, tunnelID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var argoDetailsResponse TunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// CleanupTunnelConnections deletes any inactive connections on a tunnel.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-clean-up-cloudflare-tunnel-connections
+func (api *API) CleanupTunnelConnections(ctx context.Context, rc *ResourceContainer, tunnelID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if tunnelID == "" {
+		return errors.New("missing tunnel ID")
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", rc.Identifier, tunnelID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var argoDetailsResponse TunnelDetailResponse
+	err = json.Unmarshal(res, &argoDetailsResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// GetTunnelToken that allows to run a tunnel.
+//
+// API reference: https://api.cloudflare.com/#cloudflare-tunnel-get-cloudflare-tunnel-token
+func (api *API) GetTunnelToken(ctx context.Context, rc *ResourceContainer, tunnelID string) (string, error) {
+	if rc.Identifier == "" {
+		return "", ErrMissingAccountID
+	}
+
+	if tunnelID == "" {
+		return "", errors.New("missing tunnel ID")
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/token", rc.Identifier, tunnelID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return "", err
+	}
+
+	var tunnelTokenResponse TunnelTokenResponse
+	err = json.Unmarshal(res, &tunnelTokenResponse)
+	if err != nil {
+		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return tunnelTokenResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/tunnel_routes.go b/pkg/cloudflare-go/tunnel_routes.go
new file mode 100644
index 0000000000..c67925eba9
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel_routes.go
@@ -0,0 +1,214 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingNetwork      = errors.New("missing required network parameter")
+	ErrInvalidNetworkValue = errors.New("invalid IP parameter. Cannot use CIDR ranges for this endpoint.")
+)
+
+// TunnelRoute is the full record for a route.
+type TunnelRoute struct {
+	Network          string     `json:"network"`
+	TunnelID         string     `json:"tunnel_id"`
+	TunnelName       string     `json:"tunnel_name"`
+	Comment          string     `json:"comment"`
+	CreatedAt        *time.Time `json:"created_at"`
+	DeletedAt        *time.Time `json:"deleted_at"`
+	VirtualNetworkID string     `json:"virtual_network_id"`
+}
+
+type TunnelRoutesListParams struct {
+	TunnelID         string     `url:"tunnel_id,omitempty"`
+	Comment          string     `url:"comment,omitempty"`
+	IsDeleted        *bool      `url:"is_deleted,omitempty"`
+	NetworkSubset    string     `url:"network_subset,omitempty"`
+	NetworkSuperset  string     `url:"network_superset,omitempty"`
+	ExistedAt        *time.Time `url:"existed_at,omitempty"`
+	VirtualNetworkID string     `url:"virtual_network_id,omitempty"`
+	PaginationOptions
+}
+
+type TunnelRoutesCreateParams struct {
+	Network          string `json:"-"`
+	TunnelID         string `json:"tunnel_id"`
+	Comment          string `json:"comment,omitempty"`
+	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
+}
+
+type TunnelRoutesUpdateParams struct {
+	Network          string `json:"network"`
+	TunnelID         string `json:"tunnel_id"`
+	Comment          string `json:"comment,omitempty"`
+	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
+}
+
+type TunnelRoutesForIPParams struct {
+	Network          string `url:"-"`
+	VirtualNetworkID string `url:"virtual_network_id,omitempty"`
+}
+
+type TunnelRoutesDeleteParams struct {
+	Network          string `url:"-"`
+	VirtualNetworkID string `url:"virtual_network_id,omitempty"`
+}
+
+// tunnelRouteListResponse is the API response for listing tunnel routes.
+type tunnelRouteListResponse struct {
+	Response
+	Result []TunnelRoute `json:"result"`
+}
+
+type tunnelRouteResponse struct {
+	Response
+	Result TunnelRoute `json:"result"`
+}
+
+// ListTunnelRoutes lists all defined routes for tunnels in the account.
+//
+// See: https://api.cloudflare.com/#tunnel-route-list-tunnel-routes
+func (api *API) ListTunnelRoutes(ctx context.Context, rc *ResourceContainer, params TunnelRoutesListParams) ([]TunnelRoute, error) {
+	if rc.Identifier == "" {
+		return []TunnelRoute{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/routes", AccountRouteRoot, rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []TunnelRoute{}, err
+	}
+
+	var resp tunnelRouteListResponse
+	err = json.Unmarshal(res, &resp)
+	if err != nil {
+		return []TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return resp.Result, nil
+}
+
+// GetTunnelRouteForIP finds the Tunnel Route that encompasses the given IP.
+//
+// See: https://api.cloudflare.com/#tunnel-route-get-tunnel-route-by-ip
+func (api *API) GetTunnelRouteForIP(ctx context.Context, rc *ResourceContainer, params TunnelRoutesForIPParams) (TunnelRoute, error) {
+	if rc.Identifier == "" {
+		return TunnelRoute{}, ErrMissingAccountID
+	}
+
+	if params.Network == "" {
+		return TunnelRoute{}, ErrMissingNetwork
+	}
+
+	if strings.Contains(params.Network, "/") {
+		return TunnelRoute{}, ErrInvalidNetworkValue
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/routes/ip/%s", AccountRouteRoot, rc.Identifier, params.Network), params)
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TunnelRoute{}, err
+	}
+
+	var routeResponse tunnelRouteResponse
+	err = json.Unmarshal(responseBody, &routeResponse)
+	if err != nil {
+		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return routeResponse.Result, nil
+}
+
+// CreateTunnelRoute add a new route to the account routing table for the given
+// tunnel.
+//
+// See: https://api.cloudflare.com/#tunnel-route-create-route
+func (api *API) CreateTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesCreateParams) (TunnelRoute, error) {
+	if rc.Identifier == "" {
+		return TunnelRoute{}, ErrMissingAccountID
+	}
+
+	if params.Network == "" {
+		return TunnelRoute{}, ErrMissingNetwork
+	}
+
+	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network))
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return TunnelRoute{}, err
+	}
+
+	var routeResponse tunnelRouteResponse
+	err = json.Unmarshal(responseBody, &routeResponse)
+	if err != nil {
+		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return routeResponse.Result, nil
+}
+
+// DeleteTunnelRoute delete an existing route from the account routing table.
+//
+// See: https://api.cloudflare.com/#tunnel-route-delete-route
+func (api *API) DeleteTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesDeleteParams) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if params.Network == "" {
+		return ErrMissingNetwork
+	}
+
+	// Cannot fully utilize buildURI here because it tries to escape "%" sign
+	// from the already escaped "/" sign from Network field.
+	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network), buildURI("", params))
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var routeResponse tunnelRouteResponse
+	err = json.Unmarshal(responseBody, &routeResponse)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// UpdateTunnelRoute updates an existing route in the account routing table for
+// the given tunnel.
+//
+// See: https://api.cloudflare.com/#tunnel-route-update-route
+func (api *API) UpdateTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesUpdateParams) (TunnelRoute, error) {
+	if rc.Identifier == "" {
+		return TunnelRoute{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network))
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return TunnelRoute{}, err
+	}
+
+	var routeResponse tunnelRouteResponse
+	err = json.Unmarshal(responseBody, &routeResponse)
+	if err != nil {
+		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return routeResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/tunnel_routes_test.go b/pkg/cloudflare-go/tunnel_routes_test.go
new file mode 100644
index 0000000000..b9583bd115
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel_routes_test.go
@@ -0,0 +1,222 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListTunnelRoutes(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+			    "network": "ff01::/32",
+				"tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+				"tunnel_name": "blog",
+				"comment": "Example comment for this route",
+				"created_at": "2021-01-25T18:22:34.317854Z",
+				"deleted_at": "2021-01-25T18:22:34.317854Z",
+				"virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
+              }
+            ]
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes", handler)
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := []TunnelRoute{
+		{
+			"ff01::/32",
+			"f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			"blog",
+			"Example comment for this route",
+			&ts,
+			&ts,
+			"9f322de4-5988-4945-b770-f1d6ac200f86",
+		},
+	}
+
+	params := TunnelRoutesListParams{}
+	got, err := client.ListTunnelRoutes(context.Background(), AccountIdentifier(testAccountID), params)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestTunnelRouteForIP(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "network": "ff01::/32",
+			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "tunnel_name": "blog",
+			  "comment": "Example comment for this route",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z",
+			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
+            }
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/ip/10.1.0.137", handler)
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := TunnelRoute{
+		Network:          "ff01::/32",
+		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		TunnelName:       "blog",
+		Comment:          "Example comment for this route",
+		CreatedAt:        &ts,
+		DeletedAt:        &ts,
+		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
+	}
+
+	got, err := client.GetTunnelRouteForIP(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesForIPParams{Network: "10.1.0.137"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestCreateTunnelRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "network": "10.0.0.0/16",
+			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "tunnel_name": "blog",
+			  "comment": "Example comment for this route",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z",
+			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
+            }
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := TunnelRoute{
+		Network:          "10.0.0.0/16",
+		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		TunnelName:       "blog",
+		Comment:          "Example comment for this route",
+		CreatedAt:        &ts,
+		DeletedAt:        &ts,
+		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
+	}
+
+	tunnel, err := client.CreateTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesCreateParams{TunnelID: testTunnelID, Network: "10.0.0.0/16", Comment: "foo", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, tunnel)
+	}
+}
+
+func TestUpdateTunnelRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		_, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "network": "10.0.0.0/16",
+			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "tunnel_name": "blog",
+			  "comment": "Example comment for this route",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z",
+			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
+            }
+          }`)
+	}
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := TunnelRoute{
+		Network:          "10.0.0.0/16",
+		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		TunnelName:       "blog",
+		Comment:          "Example comment for this route",
+		CreatedAt:        &ts,
+		DeletedAt:        &ts,
+		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
+	tunnel, err := client.UpdateTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesUpdateParams{TunnelID: testTunnelID, Network: "10.0.0.0/16", Comment: "foo", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, tunnel)
+	}
+}
+
+func TestDeleteTunnelRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "network": "ff01::/32",
+			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "tunnel_name": "blog",
+			  "comment": "Example comment for this route",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z",
+			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
+            }
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
+	err := client.DeleteTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesDeleteParams{Network: "10.0.0.0/16", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/tunnel_test.go b/pkg/cloudflare-go/tunnel_test.go
new file mode 100644
index 0000000000..da912ccf4b
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel_test.go
@@ -0,0 +1,410 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListTunnels(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "multiple_full"))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := []Tunnel{{
+		ID:        testTunnelID,
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []TunnelConnection{{
+			ColoName:           "DFW",
+			ID:                 testTunnelID,
+			IsPendingReconnect: false,
+			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+			ClientVersion:      "2022.2.0",
+			OpenedAt:           "2021-01-25T18:22:34.317854Z",
+			OriginIP:           "198.51.100.1",
+		}},
+	}}
+
+	actual, _, err := client.ListTunnels(context.Background(), AccountIdentifier(testAccountID), TunnelListParams{UUID: testTunnelID})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListTunnelsPagination(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		qry, _ := url.Parse(r.RequestURI)
+		assert.Equal(t, "blog", qry.Query().Get("name"))
+		assert.Equal(t, "2", qry.Query().Get("page"))
+		assert.Equal(t, "1", qry.Query().Get("per_page"))
+		fmt.Fprint(w, loadFixture("tunnel", "multiple_full"))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := []Tunnel{
+		{
+			ID:        testTunnelID,
+			Name:      "blog",
+			CreatedAt: &createdAt,
+			DeletedAt: &deletedAt,
+			Connections: []TunnelConnection{{
+				ColoName:           "DFW",
+				ID:                 testTunnelID,
+				IsPendingReconnect: false,
+				ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+				ClientVersion:      "2022.2.0",
+				OpenedAt:           "2021-01-25T18:22:34.317854Z",
+				OriginIP:           "198.51.100.1",
+			}},
+		},
+	}
+
+	actual, _, err := client.ListTunnels(context.Background(), AccountIdentifier(testAccountID),
+		TunnelListParams{
+			Name: "blog",
+			ResultInfo: ResultInfo{
+				Page:    2,
+				PerPage: 1,
+			},
+		})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel/"+testTunnelID, handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := Tunnel{
+		ID:        testTunnelID,
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []TunnelConnection{{
+			ColoName:           "DFW",
+			ID:                 testTunnelID,
+			IsPendingReconnect: false,
+			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+			ClientVersion:      "2022.2.0",
+			OpenedAt:           "2021-01-25T18:22:34.317854Z",
+			OriginIP:           "198.51.100.1",
+		}},
+		TunnelType:   "cfd_tunnel",
+		Status:       "healthy",
+		RemoteConfig: true,
+	}
+
+	actual, err := client.GetTunnel(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
+
+	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := Tunnel{
+		ID:        testTunnelID,
+		Name:      "blog",
+		CreatedAt: &createdAt,
+		DeletedAt: &deletedAt,
+		Connections: []TunnelConnection{{
+			ColoName:           "DFW",
+			ID:                 testTunnelID,
+			IsPendingReconnect: false,
+			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+			ClientVersion:      "2022.2.0",
+			OpenedAt:           "2021-01-25T18:22:34.317854Z",
+			OriginIP:           "198.51.100.1",
+		}},
+		TunnelType:   "cfd_tunnel",
+		Status:       "healthy",
+		RemoteConfig: true,
+	}
+
+	actual, err := client.CreateTunnel(context.Background(), AccountIdentifier(testAccountID), TunnelCreateParams{Name: "blog", Secret: "notarealsecret", ConfigSrc: "cloudflare"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateTunnelConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method '%s', got %s", http.MethodPut, r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "configuration"))
+	}
+
+	timeout, _ := time.ParseDuration("10s")
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", testAccountID, testTunnelID), handler)
+	want := TunnelConfigurationResult{
+		TunnelID: testTunnelID,
+		Version:  5,
+		Config: TunnelConfiguration{
+			Ingress: []UnvalidatedIngressRule{
+				{
+					Hostname: "test.example.com",
+					Service:  "https://localhost:8000",
+					OriginRequest: &OriginRequestConfig{
+						NoTLSVerify: BoolPtr(true),
+					},
+				},
+				{
+					Service: "http_status:404",
+				},
+			},
+			WarpRouting: &WarpRoutingConfig{
+				Enabled: true,
+			},
+			OriginRequest: OriginRequestConfig{
+				ConnectTimeout: &TunnelDuration{timeout},
+			},
+		}}
+
+	actual, err := client.UpdateTunnelConfiguration(context.Background(), AccountIdentifier(testAccountID), TunnelConfigurationParams{
+		TunnelID: testTunnelID,
+		Config: TunnelConfiguration{
+			Ingress: []UnvalidatedIngressRule{
+				{
+					Hostname: "test.example.com",
+					Service:  "https://localhost:8000",
+					OriginRequest: &OriginRequestConfig{
+						NoTLSVerify: BoolPtr(true),
+					},
+				},
+				{
+					Service: "http_status:404",
+				},
+			},
+			WarpRouting: &WarpRoutingConfig{
+				Enabled: true,
+			},
+			OriginRequest: OriginRequestConfig{
+				ConnectTimeout: &TunnelDuration{10},
+			},
+		},
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestGetTunnelConfiguration(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method '%s', got %s", http.MethodGet, r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "configuration"))
+	}
+
+	timeout, _ := time.ParseDuration("10s")
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", testAccountID, testTunnelID), handler)
+	want := TunnelConfigurationResult{
+		TunnelID: testTunnelID,
+		Version:  5,
+		Config: TunnelConfiguration{
+			Ingress: []UnvalidatedIngressRule{
+				{
+					Hostname: "test.example.com",
+					Service:  "https://localhost:8000",
+					OriginRequest: &OriginRequestConfig{
+						NoTLSVerify: BoolPtr(true),
+					},
+				},
+				{
+					Service: "http_status:404",
+				},
+			},
+			WarpRouting: &WarpRoutingConfig{
+				Enabled: true,
+			},
+			OriginRequest: OriginRequestConfig{
+				ConnectTimeout: &TunnelDuration{timeout},
+			},
+		}}
+
+	actual, err := client.GetTunnelConfiguration(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestTunnelConnections(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success":true,
+			"errors":[],
+			"messages":[],
+			"result":[{
+				"id":"dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+				"features": [
+					"allow_remote_config",
+					"serialized_headers",
+					"ha-origin"
+				],
+				"version": "2022.2.0",
+            	"arch": "linux_amd64",
+				"config_version": 15,
+				"run_at":"2009-11-10T23:00:00Z",
+				"conns": [
+					{
+						"colo_name": "DFW",
+						"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
+						"is_pending_reconnect": false,
+						"client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+						"client_version": "2022.2.0",
+						"opened_at": "2021-01-25T18:22:34.317854Z",
+						"origin_ip": "198.51.100.1"
+					}
+				]
+			}]
+		}
+		`)
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", testAccountID, testTunnelID), handler)
+
+	runAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
+	want := []Connection{
+		{
+			ID: "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+			Features: []string{
+				"allow_remote_config",
+				"serialized_headers",
+				"ha-origin",
+			},
+			Version: "2022.2.0",
+			Arch:    "linux_amd64",
+			RunAt:   &runAt,
+			Connections: []TunnelConnection{{
+				ColoName:           "DFW",
+				ID:                 testTunnelID,
+				IsPendingReconnect: false,
+				ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
+				ClientVersion:      "2022.2.0",
+				OpenedAt:           "2021-01-25T18:22:34.317854Z",
+				OriginIP:           "198.51.100.1",
+			}},
+			ConfigVersion: 15,
+		},
+	}
+
+	actual, err := client.ListTunnelConnections(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteTunnel(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", testAccountID, testTunnelID), handler)
+
+	err := client.DeleteTunnel(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+	assert.NoError(t, err)
+}
+
+func TestCleanupTunnelConnections(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "empty"))
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", testAccountID, testTunnelID), handler)
+
+	err := client.CleanupTunnelConnections(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+	assert.NoError(t, err)
+}
+
+func TestTunnelToken(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, loadFixture("tunnel", "token"))
+	}
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/token", testAccountID, testTunnelID), handler)
+
+	token, err := client.GetTunnelToken(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
+	assert.NoError(t, err)
+	assert.Equal(t, "ZHNraGdhc2RraGFza2hqZGFza2poZGFza2poYXNrZGpoYWtzamRoa2FzZGpoa2FzamRoa2Rhc2po\na2FzamRoa2FqCg==", token)
+}
diff --git a/pkg/cloudflare-go/tunnel_virtual_networks.go b/pkg/cloudflare-go/tunnel_virtual_networks.go
new file mode 100644
index 0000000000..26a6875ac1
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel_virtual_networks.go
@@ -0,0 +1,159 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingVnetName = errors.New("required missing virtual network name")
+
+// TunnelVirtualNetwork is segregation of Tunnel IP Routes via Virtualized
+// Networks to handle overlapping private IPs in your origins.
+type TunnelVirtualNetwork struct {
+	ID               string     `json:"id"`
+	Name             string     `json:"name"`
+	IsDefaultNetwork bool       `json:"is_default_network"`
+	Comment          string     `json:"comment"`
+	CreatedAt        *time.Time `json:"created_at"`
+	DeletedAt        *time.Time `json:"deleted_at"`
+}
+
+type TunnelVirtualNetworksListParams struct {
+	ID        string `url:"id,omitempty"`
+	Name      string `url:"name,omitempty"`
+	IsDefault *bool  `url:"is_default,omitempty"`
+	IsDeleted *bool  `url:"is_deleted,omitempty"`
+
+	PaginationOptions
+}
+
+type TunnelVirtualNetworkCreateParams struct {
+	Name      string `json:"name"`
+	Comment   string `json:"comment"`
+	IsDefault bool   `json:"is_default"`
+}
+
+type TunnelVirtualNetworkUpdateParams struct {
+	VnetID           string `json:"-"`
+	Name             string `json:"name,omitempty"`
+	Comment          string `json:"comment,omitempty"`
+	IsDefaultNetwork *bool  `json:"is_default_network,omitempty"`
+}
+
+// tunnelRouteListResponse is the API response for listing tunnel virtual
+// networks.
+type tunnelVirtualNetworkListResponse struct {
+	Response
+	Result []TunnelVirtualNetwork `json:"result"`
+}
+
+type tunnelVirtualNetworkResponse struct {
+	Response
+	Result TunnelVirtualNetwork `json:"result"`
+}
+
+// ListTunnelVirtualNetworks lists all defined virtual networks for tunnels in
+// the account.
+//
+// API reference: https://api.cloudflare.com/#tunnel-virtual-network-list-virtual-networks
+func (api *API) ListTunnelVirtualNetworks(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworksListParams) ([]TunnelVirtualNetwork, error) {
+	if rc.Identifier == "" {
+		return []TunnelVirtualNetwork{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/virtual_networks", AccountRouteRoot, rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
+	if err != nil {
+		return []TunnelVirtualNetwork{}, err
+	}
+
+	var resp tunnelVirtualNetworkListResponse
+	err = json.Unmarshal(res, &resp)
+	if err != nil {
+		return []TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return resp.Result, nil
+}
+
+// CreateTunnelVirtualNetwork adds a new virtual network to the account.
+//
+// API reference: https://api.cloudflare.com/#tunnel-virtual-network-create-virtual-network
+func (api *API) CreateTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworkCreateParams) (TunnelVirtualNetwork, error) {
+	if rc.Identifier == "" {
+		return TunnelVirtualNetwork{}, ErrMissingAccountID
+	}
+
+	if params.Name == "" {
+		return TunnelVirtualNetwork{}, ErrMissingVnetName
+	}
+
+	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks", AccountRouteRoot, rc.Identifier)
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return TunnelVirtualNetwork{}, err
+	}
+
+	var resp tunnelVirtualNetworkResponse
+	err = json.Unmarshal(responseBody, &resp)
+	if err != nil {
+		return TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return resp.Result, nil
+}
+
+// DeleteTunnelVirtualNetwork deletes an existing virtual network from the
+// account.
+//
+// API reference: https://api.cloudflare.com/#tunnel-virtual-network-delete-virtual-network
+func (api *API) DeleteTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, vnetID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks/%s", AccountRouteRoot, rc.Identifier, vnetID)
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var resp tunnelVirtualNetworkResponse
+	err = json.Unmarshal(responseBody, &resp)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// UpdateTunnelRoute updates an existing virtual network in the account.
+//
+// API reference: https://api.cloudflare.com/#tunnel-virtual-network-update-virtual-network
+func (api *API) UpdateTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworkUpdateParams) (TunnelVirtualNetwork, error) {
+	if rc.Identifier == "" {
+		return TunnelVirtualNetwork{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks/%s", AccountRouteRoot, rc.Identifier, params.VnetID)
+
+	responseBody, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return TunnelVirtualNetwork{}, err
+	}
+
+	var resp tunnelVirtualNetworkResponse
+	err = json.Unmarshal(responseBody, &resp)
+	if err != nil {
+		return TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return resp.Result, nil
+}
diff --git a/pkg/cloudflare-go/tunnel_virtual_networks_test.go b/pkg/cloudflare-go/tunnel_virtual_networks_test.go
new file mode 100644
index 0000000000..2e6affdd23
--- /dev/null
+++ b/pkg/cloudflare-go/tunnel_virtual_networks_test.go
@@ -0,0 +1,185 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTunnelVirtualNetworks(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+			  {
+			    "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+				"name": "us-east-1-vpc",
+				"is_default_network": true,
+				"comment": "Staging VPC for data science",
+				"created_at": "2021-01-25T18:22:34.317854Z",
+				"deleted_at": "2021-01-25T18:22:34.317854Z"
+              }
+            ]
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks", handler)
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+
+	want := []TunnelVirtualNetwork{
+		{
+			ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			Name:             "us-east-1-vpc",
+			IsDefaultNetwork: true,
+			Comment:          "Staging VPC for data science",
+			CreatedAt:        &ts,
+			DeletedAt:        &ts,
+		},
+	}
+
+	got, err := client.ListTunnelVirtualNetworks(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworksListParams{})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestCreateTunnelVirtualNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "name": "us-east-1-vpc",
+			  "is_default_network": true,
+			  "comment": "Staging VPC for data science",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z"
+            }
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks", handler)
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := TunnelVirtualNetwork{
+		ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		Name:             "us-east-1-vpc",
+		IsDefaultNetwork: true,
+		Comment:          "Staging VPC for data science",
+		CreatedAt:        &ts,
+		DeletedAt:        &ts,
+	}
+
+	tunnel, err := client.CreateTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworkCreateParams{
+		Name:      "us-east-1-vpc",
+		IsDefault: true,
+		Comment:   "Staging VPC for data science",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, tunnel)
+	}
+}
+
+func TestUpdateTunnelVirtualNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		_, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "name": "us-east-1-vpc",
+			  "is_default_network": true,
+			  "comment": "Staging VPC for data science",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z"
+            }
+          }`)
+	}
+
+	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
+	want := TunnelVirtualNetwork{
+		ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		Name:             "us-east-1-vpc",
+		IsDefaultNetwork: true,
+		Comment:          "Staging VPC for data science",
+		CreatedAt:        &ts,
+		DeletedAt:        &ts,
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks/f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", handler)
+
+	tunnel, err := client.UpdateTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworkUpdateParams{
+		VnetID:           "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+		Name:             "us-east-1-vpc",
+		IsDefaultNetwork: BoolPtr(true),
+		Comment:          "Staging VPC for data science",
+	})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, tunnel)
+	}
+}
+
+func TestDeleteTunnelVirtualNetwork(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+			  "name": "us-east-1-vpc",
+			  "is_default_network": true,
+			  "comment": "Staging VPC for data science",
+			  "created_at": "2021-01-25T18:22:34.317854Z",
+			  "deleted_at": "2021-01-25T18:22:34.317854Z"
+            }
+          }`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks/f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", handler)
+
+	err := client.DeleteTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/turnstile.go b/pkg/cloudflare-go/turnstile.go
new file mode 100644
index 0000000000..5bc9273cd9
--- /dev/null
+++ b/pkg/cloudflare-go/turnstile.go
@@ -0,0 +1,245 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingSiteKey = errors.New("required site key missing")
+
+type TurnstileWidget struct {
+	SiteKey      string     `json:"sitekey,omitempty"`
+	Secret       string     `json:"secret,omitempty"`
+	CreatedOn    *time.Time `json:"created_on,omitempty"`
+	ModifiedOn   *time.Time `json:"modified_on,omitempty"`
+	Name         string     `json:"name,omitempty"`
+	Domains      []string   `json:"domains,omitempty"`
+	Mode         string     `json:"mode,omitempty"`
+	BotFightMode bool       `json:"bot_fight_mode,omitempty"`
+	Region       string     `json:"region,omitempty"`
+	OffLabel     bool       `json:"offlabel,omitempty"`
+}
+
+type CreateTurnstileWidgetParams struct {
+	Name         string   `json:"name,omitempty"`
+	Domains      []string `json:"domains,omitempty"`
+	Mode         string   `json:"mode,omitempty"`
+	BotFightMode bool     `json:"bot_fight_mode,omitempty"`
+	Region       string   `json:"region,omitempty"`
+	OffLabel     bool     `json:"offlabel,omitempty"`
+}
+
+type UpdateTurnstileWidgetParams struct {
+	SiteKey      string   `json:"-"`
+	Name         string   `json:"name,omitempty"`
+	Domains      []string `json:"domains,omitempty"`
+	Mode         string   `json:"mode,omitempty"`
+	BotFightMode bool     `json:"bot_fight_mode,omitempty"`
+	Region       string   `json:"region,omitempty"`
+	OffLabel     bool     `json:"offlabel,omitempty"`
+}
+
+type TurnstileWidgetResponse struct {
+	Response
+	Result TurnstileWidget `json:"result"`
+}
+
+type ListTurnstileWidgetParams struct {
+	ResultInfo
+	Direction string         `url:"direction,omitempty"`
+	Order     OrderDirection `url:"order,omitempty"`
+}
+
+type ListTurnstileWidgetResponse struct {
+	Response
+	ResultInfo `json:"result_info"`
+	Result     []TurnstileWidget `json:"result"`
+}
+
+type RotateTurnstileWidgetParams struct {
+	SiteKey               string `json:"-"`
+	InvalidateImmediately bool   `json:"invalidate_immediately,omitempty"`
+}
+
+// CreateTurnstileWidget creates a new challenge widgets.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-properties
+func (api *API) CreateTurnstileWidget(ctx context.Context, rc *ResourceContainer, params CreateTurnstileWidgetParams) (TurnstileWidget, error) {
+	if rc.Identifier == "" {
+		return TurnstileWidget{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/challenges/widgets", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, "POST", uri, params)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r TurnstileWidgetResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// ListTurnstileWidgets lists challenge widgets.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-list-challenge-widgets
+func (api *API) ListTurnstileWidgets(ctx context.Context, rc *ResourceContainer, params ListTurnstileWidgetParams) ([]TurnstileWidget, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return []TurnstileWidget{}, &ResultInfo{}, ErrMissingAccountID
+	}
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = 25
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var widgets []TurnstileWidget
+	var r ListTurnstileWidgetResponse
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/challenges/widgets", rc.Identifier), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+		if err != nil {
+			return []TurnstileWidget{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+		}
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []TurnstileWidget{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		widgets = append(widgets, r.Result...)
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return widgets, &r.ResultInfo, nil
+}
+
+// GetTurnstileWidget shows a single challenge widget configuration.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-challenge-widget-details
+func (api *API) GetTurnstileWidget(ctx context.Context, rc *ResourceContainer, siteKey string) (TurnstileWidget, error) {
+	if rc.Identifier == "" {
+		return TurnstileWidget{}, ErrMissingAccountID
+	}
+
+	if siteKey == "" {
+		return TurnstileWidget{}, ErrMissingSiteKey
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, siteKey)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r TurnstileWidgetResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateTurnstileWidget update the configuration of a widget.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-update-a-challenge-widget
+func (api *API) UpdateTurnstileWidget(ctx context.Context, rc *ResourceContainer, params UpdateTurnstileWidgetParams) (TurnstileWidget, error) {
+	if rc.Identifier == "" {
+		return TurnstileWidget{}, ErrMissingAccountID
+	}
+
+	if params.SiteKey == "" {
+		return TurnstileWidget{}, ErrMissingSiteKey
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, params.SiteKey)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r TurnstileWidgetResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// RotateTurnstileWidget generates a new secret key for this widget. If
+// invalidate_immediately is set to false, the previous secret remains valid for
+// 2 hours.
+//
+// Note that secrets cannot be rotated again during the grace period.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-rotate-secret-for-a-challenge-widget
+func (api *API) RotateTurnstileWidget(ctx context.Context, rc *ResourceContainer, param RotateTurnstileWidgetParams) (TurnstileWidget, error) {
+	if rc.Identifier == "" {
+		return TurnstileWidget{}, ErrMissingAccountID
+	}
+	if param.SiteKey == "" {
+		return TurnstileWidget{}, ErrMissingSiteKey
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s/rotate_secret", rc.Identifier, param.SiteKey)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, param)
+
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r TurnstileWidgetResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteTurnstileWidget delete a challenge widget.
+//
+// API reference: https://api.cloudflare.com/#challenge-widgets-delete-a-challenge-widget
+func (api *API) DeleteTurnstileWidget(ctx context.Context, rc *ResourceContainer, siteKey string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if siteKey == "" {
+		return ErrMissingSiteKey
+	}
+	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, siteKey)
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r TurnstileWidgetResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/turnstile_test.go b/pkg/cloudflare-go/turnstile_test.go
new file mode 100644
index 0000000000..38e835514f
--- /dev/null
+++ b/pkg/cloudflare-go/turnstile_test.go
@@ -0,0 +1,334 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testTurnstileWidgetSiteKey = "0x4AAF00AAAABn0R22HWm-YUc"
+
+var (
+	turnstileWidgetCreatedOn, _  = time.Parse(time.RFC3339, "2014-01-01T05:20:00.123123Z")
+	turnstileWidgetModifiedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.123123Z")
+	expectedTurnstileWidget      = TurnstileWidget{
+		SiteKey:    "0x4AAF00AAAABn0R22HWm-YUc",
+		Secret:     "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+		CreatedOn:  &turnstileWidgetCreatedOn,
+		ModifiedOn: &turnstileWidgetModifiedOn,
+		Name:       "blog.cloudflare.com login form",
+		Domains: []string{
+			"203.0.113.1",
+			"cloudflare.com",
+			"blog.example.com",
+		},
+		Mode:         "invisible",
+		BotFightMode: true,
+		Region:       "world",
+		OffLabel:     false,
+	}
+)
+
+func TestTurnstileWidget_Create(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+			{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+				"sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+				"secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+				"created_on": "2014-01-01T05:20:00.123123Z",
+				"modified_on": "2014-01-01T05:20:00.123123Z",
+				"name": "blog.cloudflare.com login form",
+				"domains": [
+				  "203.0.113.1",
+				  "cloudflare.com",
+				  "blog.example.com"
+				],
+				"mode": "invisible",
+				"bot_fight_mode": true,
+				"region": "world",
+				"offlabel": false
+			  }
+			}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.CreateTurnstileWidget(context.Background(), AccountIdentifier(""), CreateTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	out, err := client.CreateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), CreateTurnstileWidgetParams{
+		Name:         "blog.cloudflare.com login form",
+		Mode:         "invisible",
+		BotFightMode: true,
+		Domains: []string{
+			"203.0.113.1",
+			"cloudflare.com",
+			"blog.example.com",
+		},
+		Region:   "world",
+		OffLabel: false,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedTurnstileWidget, out, "create challenge_widgets structs not equal")
+	}
+}
+
+func TestTurnstileWidget_List(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "asc", r.URL.Query().Get("order"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+      "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+      "created_on": "2014-01-01T05:20:00.123123Z",
+      "modified_on": "2014-01-01T05:20:00.123123Z",
+      "name": "blog.cloudflare.com login form",
+      "domains": [
+        "203.0.113.1",
+        "cloudflare.com",
+        "blog.example.com"
+      ],
+      "mode": "invisible",
+      "bot_fight_mode": true,
+	  "region": "world",
+	  "offlabel": false
+    }
+  ],
+  "result_info": {
+    "page": 1,
+    "per_page": 20,
+    "count": 1,
+    "total_count": 1
+  }
+}`)
+	})
+
+	_, _, err := client.ListTurnstileWidgets(context.Background(), AccountIdentifier(""), ListTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	out, results, err := client.ListTurnstileWidgets(context.Background(), AccountIdentifier(testAccountID), ListTurnstileWidgetParams{
+		Order: OrderDirectionAsc,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(out), "expected 1 challenge_widgets")
+		assert.Equal(t, 20, results.PerPage, "expected 20 per page")
+		assert.Equal(t, expectedTurnstileWidget, out[0], "list challenge_widgets structs not equal")
+	}
+}
+
+func TestTurnstileWidget_Get(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+    "created_on": "2014-01-01T05:20:00.123123Z",
+    "modified_on": "2014-01-01T05:20:00.123123Z",
+    "name": "blog.cloudflare.com login form",
+    "domains": [
+      "203.0.113.1",
+      "cloudflare.com",
+      "blog.example.com"
+    ],
+    "mode": "invisible",
+	"bot_fight_mode": true,
+	"region": "world",
+	"offlabel": false
+  }
+}`)
+	})
+
+	_, err := client.GetTurnstileWidget(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.GetTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingSiteKey, err)
+	}
+
+	out, err := client.GetTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), testTurnstileWidgetSiteKey)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedTurnstileWidget, out, "get challenge_widgets structs not equal")
+	}
+}
+
+func TestTurnstileWidgets_Update(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+    "created_on": "2014-01-01T05:20:00.123123Z",
+    "modified_on": "2014-01-01T05:20:00.123123Z",
+    "name": "blog.cloudflare.com login form",
+    "domains": [
+      "203.0.113.1",
+      "cloudflare.com",
+      "blog.example.com"
+    ],
+    "mode": "invisible",
+	"bot_fight_mode": true,
+	"region": "world",
+	"offlabel": false
+  }
+}`)
+	})
+
+	_, err := client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(""), UpdateTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), UpdateTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingSiteKey, err)
+	}
+
+	out, err := client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), UpdateTurnstileWidgetParams{
+		SiteKey: testTurnstileWidgetSiteKey,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedTurnstileWidget, out, "update challenge_widgets structs not equal")
+	}
+}
+
+func TestTurnstileWidgets_RotateSecret(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey+"/rotate_secret", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+    "created_on": "2014-01-01T05:20:00.123123Z",
+    "modified_on": "2014-01-01T05:20:00.123123Z",
+    "name": "blog.cloudflare.com login form",
+    "domains": [
+      "203.0.113.1",
+      "cloudflare.com",
+      "blog.example.com"
+    ],
+    "mode": "invisible",
+	"bot_fight_mode": true,
+	"region": "world",
+	"offlabel": false
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	_, err := client.RotateTurnstileWidget(context.Background(), AccountIdentifier(""), RotateTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.RotateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), RotateTurnstileWidgetParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingSiteKey, err)
+	}
+
+	out, err := client.RotateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), RotateTurnstileWidgetParams{SiteKey: testTurnstileWidgetSiteKey})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedTurnstileWidget, out, "rotate challenge_widgets structs not equal")
+	}
+}
+
+func TestTurnstileWidgets_Delete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
+    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
+    "created_on": "2014-01-01T05:20:00.123123Z",
+    "modified_on": "2014-01-01T05:20:00.123123Z",
+    "name": "blog.cloudflare.com login form",
+    "domains": [
+      "203.0.113.1",
+      "cloudflare.com",
+      "blog.example.com"
+    ],
+    "mode": "invisible",
+	"bot_fight_mode": true,
+	"region": "world",
+	"offlabel": false
+  }
+}`)
+	})
+
+	// Make sure missing account ID is thrown
+	err := client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	err = client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingSiteKey, err)
+	}
+
+	err = client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), testTurnstileWidgetSiteKey)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/universal_ssl.go b/pkg/cloudflare-go/universal_ssl.go
new file mode 100644
index 0000000000..a0b7a1bb94
--- /dev/null
+++ b/pkg/cloudflare-go/universal_ssl.go
@@ -0,0 +1,108 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// UniversalSSLSetting represents a universal ssl setting's properties.
+type UniversalSSLSetting struct {
+	Enabled bool `json:"enabled"`
+}
+
+type universalSSLSettingResponse struct {
+	Response
+	Result UniversalSSLSetting `json:"result"`
+}
+
+// UniversalSSLVerificationDetails represents a universal ssl verification's properties.
+type UniversalSSLVerificationDetails struct {
+	CertificateStatus  string                `json:"certificate_status"`
+	VerificationType   string                `json:"verification_type"`
+	ValidationMethod   string                `json:"validation_method"`
+	CertPackUUID       string                `json:"cert_pack_uuid"`
+	VerificationStatus bool                  `json:"verification_status"`
+	BrandCheck         bool                  `json:"brand_check"`
+	VerificationInfo   []SSLValidationRecord `json:"verification_info"`
+}
+
+type universalSSLVerificationResponse struct {
+	Response
+	Result []UniversalSSLVerificationDetails `json:"result"`
+}
+
+type UniversalSSLCertificatePackValidationMethodSetting struct {
+	ValidationMethod string `json:"validation_method"`
+}
+
+type universalSSLCertificatePackValidationMethodSettingResponse struct {
+	Response
+	Result UniversalSSLCertificatePackValidationMethodSetting `json:"result"`
+}
+
+// UniversalSSLSettingDetails returns the details for a universal ssl setting
+//
+// API reference: https://api.cloudflare.com/#universal-ssl-settings-for-a-zone-universal-ssl-settings-details
+func (api *API) UniversalSSLSettingDetails(ctx context.Context, zoneID string) (UniversalSSLSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/universal/settings", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return UniversalSSLSetting{}, err
+	}
+	var r universalSSLSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return UniversalSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// EditUniversalSSLSetting edits the universal ssl setting for a zone
+//
+// API reference: https://api.cloudflare.com/#universal-ssl-settings-for-a-zone-edit-universal-ssl-settings
+func (api *API) EditUniversalSSLSetting(ctx context.Context, zoneID string, setting UniversalSSLSetting) (UniversalSSLSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/universal/settings", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, setting)
+	if err != nil {
+		return UniversalSSLSetting{}, err
+	}
+	var r universalSSLSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return UniversalSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UniversalSSLVerificationDetails returns the details for a universal ssl verification
+//
+// API reference: https://api.cloudflare.com/#ssl-verification-ssl-verification-details
+func (api *API) UniversalSSLVerificationDetails(ctx context.Context, zoneID string) ([]UniversalSSLVerificationDetails, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/verification", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []UniversalSSLVerificationDetails{}, err
+	}
+	var r universalSSLVerificationResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []UniversalSSLVerificationDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateUniversalSSLCertificatePackValidationMethod changes the validation method for a certificate pack
+//
+// API reference: https://api.cloudflare.com/#ssl-verification-ssl-verification-details
+func (api *API) UpdateUniversalSSLCertificatePackValidationMethod(ctx context.Context, zoneID string, certPackUUID string, setting UniversalSSLCertificatePackValidationMethodSetting) (UniversalSSLCertificatePackValidationMethodSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/ssl/verification/%s", zoneID, certPackUUID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, setting)
+	if err != nil {
+		return UniversalSSLCertificatePackValidationMethodSetting{}, err
+	}
+	var r universalSSLCertificatePackValidationMethodSettingResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return UniversalSSLCertificatePackValidationMethodSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/universal_ssl_test.go b/pkg/cloudflare-go/universal_ssl_test.go
new file mode 100644
index 0000000000..3b2e16922c
--- /dev/null
+++ b/pkg/cloudflare-go/universal_ssl_test.go
@@ -0,0 +1,164 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUniversalSSLSettingDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "enabled": true
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/universal/settings", handler)
+
+	want := UniversalSSLSetting{
+		Enabled: true,
+	}
+
+	got, err := client.UniversalSSLSettingDetails(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestEditUniversalSSLSetting(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"enabled":true}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+			  "enabled": true
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/universal/settings", handler)
+
+	want := UniversalSSLSetting{
+		Enabled: true,
+	}
+
+	got, err := client.EditUniversalSSLSetting(context.Background(), testZoneID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestUniversalSSLVerificationDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": [{
+				"certificate_status": "active",
+				"verification_type": "cname",
+				"verification_status": true,
+				"verification_info": [
+				{
+					"status": "pending",
+					"http_url": "http://example.com/.well-known/acme-challenge/Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA",
+					"http_body": "Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA.Jckzm7Z9uOFls_MXPYibNRz6koY5a8qpI_BeHtDtf-g"
+				}
+			],
+				"brand_check": false,
+				"validation_method": "txt",
+				"cert_pack_uuid": "a77f8bd7-3b47-46b4-a6f1-75cf98109948"
+			}]
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/verification", handler)
+
+	want := []UniversalSSLVerificationDetails{
+		{
+			CertificateStatus:  "active",
+			VerificationType:   "cname",
+			ValidationMethod:   "txt",
+			CertPackUUID:       "a77f8bd7-3b47-46b4-a6f1-75cf98109948",
+			VerificationStatus: true,
+			BrandCheck:         false,
+			VerificationInfo: []SSLValidationRecord{{
+				HTTPUrl:  "http://example.com/.well-known/acme-challenge/Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA",
+				HTTPBody: "Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA.Jckzm7Z9uOFls_MXPYibNRz6koY5a8qpI_BeHtDtf-g",
+			}},
+		},
+	}
+
+	got, err := client.UniversalSSLVerificationDetails(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestUpdateSSLCertificatePackValidationMethod(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"validation_method":"txt"}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"validation_method": "txt",
+				"status": "pending_validation"
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/ssl/verification/"+testCertPackUUID, handler)
+
+	want := UniversalSSLCertificatePackValidationMethodSetting{
+		ValidationMethod: "txt",
+	}
+
+	got, err := client.UpdateUniversalSSLCertificatePackValidationMethod(context.Background(), testZoneID, testCertPackUUID, want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
diff --git a/pkg/cloudflare-go/url_normalization_settings.go b/pkg/cloudflare-go/url_normalization_settings.go
new file mode 100644
index 0000000000..c919100fa4
--- /dev/null
+++ b/pkg/cloudflare-go/url_normalization_settings.go
@@ -0,0 +1,60 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type URLNormalizationSettings struct {
+	Type  string `json:"type"`
+	Scope string `json:"scope"`
+}
+
+type URLNormalizationSettingsResponse struct {
+	Result URLNormalizationSettings `json:"result"`
+	Response
+}
+
+type URLNormalizationSettingsUpdateParams struct {
+	Type  string `json:"type"`
+	Scope string `json:"scope"`
+}
+
+// URLNormalizationSettings API reference: https://api.cloudflare.com/#url-normalization-get-url-normalization-settings
+func (api *API) URLNormalizationSettings(ctx context.Context, rc *ResourceContainer) (URLNormalizationSettings, error) {
+	uri := fmt.Sprintf("/zones/%s/url_normalization", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return URLNormalizationSettings{}, err
+	}
+
+	var urlNormalizationSettingsResponse URLNormalizationSettingsResponse
+	err = json.Unmarshal(res, &urlNormalizationSettingsResponse)
+	if err != nil {
+		return URLNormalizationSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return urlNormalizationSettingsResponse.Result, nil
+}
+
+// UpdateURLNormalizationSettings https://api.cloudflare.com/#url-normalization-update-url-normalization-settings
+func (api *API) UpdateURLNormalizationSettings(ctx context.Context, rc *ResourceContainer, params URLNormalizationSettingsUpdateParams) (URLNormalizationSettings, error) {
+	uri := fmt.Sprintf("/zones/%s/url_normalization", rc.Identifier)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return URLNormalizationSettings{}, err
+	}
+
+	var urlNormalizationSettingsResponse URLNormalizationSettingsResponse
+	err = json.Unmarshal(res, &urlNormalizationSettingsResponse)
+	if err != nil {
+		return URLNormalizationSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return urlNormalizationSettingsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/url_normalization_settings_test.go b/pkg/cloudflare-go/url_normalization_settings_test.go
new file mode 100644
index 0000000000..6a6ac11167
--- /dev/null
+++ b/pkg/cloudflare-go/url_normalization_settings_test.go
@@ -0,0 +1,86 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestURLNormalizationSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"type": "cloudflare",
+				"scope": "incoming"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/url_normalization", handler)
+
+	want := URLNormalizationSettings{
+		Type:  "cloudflare",
+		Scope: "incoming",
+	}
+
+	got, err := client.URLNormalizationSettings(context.Background(), ZoneIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
+
+func TestUpdateURLNormalizationSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"type":"cloudflare","scope":"incoming"}`, string(body))
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"type": "cloudflare",
+				"scope": "incoming"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/url_normalization", handler)
+
+	params := URLNormalizationSettingsUpdateParams{
+		Type:  "cloudflare",
+		Scope: "incoming",
+	}
+
+	want := URLNormalizationSettings{
+		Type:  "cloudflare",
+		Scope: "incoming",
+	}
+
+	got, err := client.UpdateURLNormalizationSettings(context.Background(), ZoneIdentifier(testZoneID), params)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, got)
+	}
+}
diff --git a/pkg/cloudflare-go/user.go b/pkg/cloudflare-go/user.go
new file mode 100644
index 0000000000..90feb89904
--- /dev/null
+++ b/pkg/cloudflare-go/user.go
@@ -0,0 +1,161 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// User describes a user account.
+type User struct {
+	ID         string     `json:"id,omitempty"`
+	Email      string     `json:"email,omitempty"`
+	FirstName  string     `json:"first_name,omitempty"`
+	LastName   string     `json:"last_name,omitempty"`
+	Username   string     `json:"username,omitempty"`
+	Telephone  string     `json:"telephone,omitempty"`
+	Country    string     `json:"country,omitempty"`
+	Zipcode    string     `json:"zipcode,omitempty"`
+	CreatedOn  *time.Time `json:"created_on,omitempty"`
+	ModifiedOn *time.Time `json:"modified_on,omitempty"`
+	APIKey     string     `json:"api_key,omitempty"`
+	TwoFA      bool       `json:"two_factor_authentication_enabled,omitempty"`
+	Betas      []string   `json:"betas,omitempty"`
+	Accounts   []Account  `json:"organizations,omitempty"`
+}
+
+// UserResponse wraps a response containing User accounts.
+type UserResponse struct {
+	Response
+	Result User `json:"result"`
+}
+
+// userBillingProfileResponse wraps a response containing Billing Profile information.
+type userBillingProfileResponse struct {
+	Response
+	Result UserBillingProfile
+}
+
+// UserBillingProfile contains Billing Profile information.
+type UserBillingProfile struct {
+	ID              string     `json:"id,omitempty"`
+	FirstName       string     `json:"first_name,omitempty"`
+	LastName        string     `json:"last_name,omitempty"`
+	Address         string     `json:"address,omitempty"`
+	Address2        string     `json:"address2,omitempty"`
+	Company         string     `json:"company,omitempty"`
+	City            string     `json:"city,omitempty"`
+	State           string     `json:"state,omitempty"`
+	ZipCode         string     `json:"zipcode,omitempty"`
+	Country         string     `json:"country,omitempty"`
+	Telephone       string     `json:"telephone,omitempty"`
+	CardNumber      string     `json:"card_number,omitempty"`
+	CardExpiryYear  int        `json:"card_expiry_year,omitempty"`
+	CardExpiryMonth int        `json:"card_expiry_month,omitempty"`
+	VAT             string     `json:"vat,omitempty"`
+	CreatedOn       *time.Time `json:"created_on,omitempty"`
+	EditedOn        *time.Time `json:"edited_on,omitempty"`
+}
+
+type UserBillingHistoryResponse struct {
+	Response
+	Result     []UserBillingHistory `json:"result"`
+	ResultInfo ResultInfo           `json:"result_info"`
+}
+
+type UserBillingHistory struct {
+	ID          string                 `json:"id,omitempty"`
+	Type        string                 `json:"type,omitempty"`
+	Action      string                 `json:"action,omitempty"`
+	Description string                 `json:"description,omitempty"`
+	OccurredAt  *time.Time             `json:"occurred_at,omitempty"`
+	Amount      float32                `json:"amount,omitempty"`
+	Currency    string                 `json:"currency,omitempty"`
+	Zone        userBillingHistoryZone `json:"zone"`
+}
+
+type userBillingHistoryZone struct {
+	Name string `json:"name,omitempty"`
+}
+
+type UserBillingOptions struct {
+	PaginationOptions
+	Order      string     `url:"order,omitempty"`
+	Type       string     `url:"type,omitempty"`
+	OccurredAt *time.Time `url:"occurred_at,omitempty"`
+	Action     string     `url:"action,omitempty"`
+}
+
+// UserDetails provides information about the logged-in user.
+//
+// API reference: https://api.cloudflare.com/#user-user-details
+func (api *API) UserDetails(ctx context.Context) (User, error) {
+	var r UserResponse
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user", nil)
+	if err != nil {
+		return User{}, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return User{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateUser updates the properties of the given user.
+//
+// API reference: https://api.cloudflare.com/#user-update-user
+func (api *API) UpdateUser(ctx context.Context, user *User) (User, error) {
+	var r UserResponse
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/user", user)
+	if err != nil {
+		return User{}, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return User{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UserBillingProfile returns the billing profile of the user.
+//
+// API reference: https://api.cloudflare.com/#user-billing-profile
+func (api *API) UserBillingProfile(ctx context.Context) (UserBillingProfile, error) {
+	var r userBillingProfileResponse
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/billing/profile", nil)
+	if err != nil {
+		return UserBillingProfile{}, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return UserBillingProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UserBillingHistory return the billing history of the user
+//
+// API reference: https://api.cloudflare.com/#user-billing-history-billing-history-details
+func (api *API) UserBillingHistory(ctx context.Context, pageOpts UserBillingOptions) ([]UserBillingHistory, error) {
+	uri := buildURI("/user/billing/history", pageOpts)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []UserBillingHistory{}, err
+	}
+	var r UserBillingHistoryResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []UserBillingHistory{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/user_agent.go b/pkg/cloudflare-go/user_agent.go
new file mode 100644
index 0000000000..10449bbc06
--- /dev/null
+++ b/pkg/cloudflare-go/user_agent.go
@@ -0,0 +1,151 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/goccy/go-json"
+)
+
+// UserAgentRule represents a User-Agent Block. These rules can be used to
+// challenge, block or whitelist specific User-Agents for a given zone.
+type UserAgentRule struct {
+	ID            string              `json:"id"`
+	Description   string              `json:"description"`
+	Mode          string              `json:"mode"`
+	Configuration UserAgentRuleConfig `json:"configuration"`
+	Paused        bool                `json:"paused"`
+}
+
+// UserAgentRuleConfig represents a Zone Lockdown config, which comprises
+// a Target ("ip" or "ip_range") and a Value (an IP address or IP+mask,
+// respectively.)
+type UserAgentRuleConfig ZoneLockdownConfig
+
+// UserAgentRuleResponse represents a response from the Zone Lockdown endpoint.
+type UserAgentRuleResponse struct {
+	Result UserAgentRule `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// UserAgentRuleListResponse represents a response from the List Zone Lockdown endpoint.
+type UserAgentRuleListResponse struct {
+	Result []UserAgentRule `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// CreateUserAgentRule creates a User-Agent Block rule for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-create-a-useragent-rule
+func (api *API) CreateUserAgentRule(ctx context.Context, zoneID string, ld UserAgentRule) (*UserAgentRuleResponse, error) {
+	switch ld.Mode {
+	case "block", "challenge", "js_challenge", "managed_challenge":
+		break
+	default:
+		return nil, errors.New(`the User-Agent Block rule mode must be one of "block", "challenge", "js_challenge", "managed_challenge"`)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ld)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UserAgentRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// UpdateUserAgentRule updates a User-Agent Block rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-update-useragent-rule
+func (api *API) UpdateUserAgentRule(ctx context.Context, zoneID string, id string, ld UserAgentRule) (*UserAgentRuleResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, ld)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UserAgentRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// DeleteUserAgentRule deletes a User-Agent Block rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-delete-useragent-rule
+func (api *API) DeleteUserAgentRule(ctx context.Context, zoneID string, id string) (*UserAgentRuleResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UserAgentRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// UserAgentRule retrieves a User-Agent Block rule (based on the ID) for the given zone ID.
+//
+// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-useragent-rule-details
+func (api *API) UserAgentRule(ctx context.Context, zoneID string, id string) (*UserAgentRuleResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UserAgentRuleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// ListUserAgentRules retrieves a list of User-Agent Block rules for a given zone ID by page number.
+//
+// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-list-useragent-rules
+func (api *API) ListUserAgentRules(ctx context.Context, zoneID string, page int) (*UserAgentRuleListResponse, error) {
+	v := url.Values{}
+	if page <= 0 {
+		page = 1
+	}
+
+	v.Set("page", strconv.Itoa(page))
+	v.Set("per_page", strconv.Itoa(100))
+
+	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules?%s", zoneID, v.Encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &UserAgentRuleListResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
diff --git a/pkg/cloudflare-go/user_agent_example_test.go b/pkg/cloudflare-go/user_agent_example_test.go
new file mode 100644
index 0000000000..26db115a47
--- /dev/null
+++ b/pkg/cloudflare-go/user_agent_example_test.go
@@ -0,0 +1,31 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListUserAgentRules_all() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	zoneID, err := api.ZoneIDByName("example.com")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch all Zone Lockdown rules for a zone, by page.
+	rules, err := api.ListUserAgentRules(context.Background(), zoneID, 1)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, r := range rules.Result {
+		fmt.Printf("%s: %s\n", r.Configuration.Target, r.Configuration.Value)
+	}
+}
diff --git a/pkg/cloudflare-go/user_test.go b/pkg/cloudflare-go/user_test.go
new file mode 100644
index 0000000000..d3d70903d8
--- /dev/null
+++ b/pkg/cloudflare-go/user_test.go
@@ -0,0 +1,244 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestUser_UserDetails(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+"success": true,
+"errors": [],
+"messages": [],
+"result": {
+    "id": "1",
+    "email": "cloudflare@example.com",
+    "first_name": "Jane",
+    "last_name": "Smith",
+    "username": "cloudflare12345",
+    "telephone": "+1 (650) 319 8930",
+    "country": "US",
+    "zipcode": "94107",
+    "created_on": "2009-07-01T00:00:00Z",
+    "modified_on": "2016-05-06T20:32:00Z",
+    "two_factor_authentication_enabled": true,
+    "betas": ["mirage_forever"]
+  }
+}`)
+	})
+
+	user, err := client.UserDetails(context.Background())
+
+	createdOn, _ := time.Parse(time.RFC3339, "2009-07-01T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2016-05-06T20:32:00Z")
+
+	want := User{
+		ID:         "1",
+		Email:      "cloudflare@example.com",
+		FirstName:  "Jane",
+		LastName:   "Smith",
+		Username:   "cloudflare12345",
+		Telephone:  "+1 (650) 319 8930",
+		Country:    "US",
+		Zipcode:    "94107",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+		TwoFA:      true,
+		Betas:      []string{"mirage_forever"},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, user, want)
+	}
+}
+
+func TestUser_UpdateUser(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{"country":"US","first_name":"John","username":"cfuser12345","email":"user@example.com",
+                       "last_name": "Appleseed","telephone": "+1 123-123-1234","zipcode": "12345"}`, string(b), "JSON not equal")
+		}
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "7c5dae5552338874e5053f2534d2767a",
+    "email": "user@example.com",
+    "first_name": "John",
+    "last_name": "Appleseed",
+    "username": "cfuser12345",
+    "telephone": "+1 123-123-1234",
+    "country": "US",
+    "zipcode": "12345",
+    "created_on": "2014-01-01T05:20:00Z",
+    "modified_on": "2014-01-01T05:20:00Z",
+    "two_factor_authentication_enabled": false
+  }
+}`)
+	})
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
+
+	userIn := User{
+		Email:     "user@example.com",
+		FirstName: "John",
+		LastName:  "Appleseed",
+		Username:  "cfuser12345",
+		Telephone: "+1 123-123-1234",
+		Country:   "US",
+		Zipcode:   "12345",
+		TwoFA:     false,
+	}
+
+	userOut, err := client.UpdateUser(context.Background(), &userIn)
+
+	want := User{
+		ID:         "7c5dae5552338874e5053f2534d2767a",
+		Email:      "user@example.com",
+		FirstName:  "John",
+		LastName:   "Appleseed",
+		Username:   "cfuser12345",
+		Telephone:  "+1 123-123-1234",
+		Country:    "US",
+		Zipcode:    "12345",
+		CreatedOn:  &createdOn,
+		ModifiedOn: &modifiedOn,
+		TwoFA:      false,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, userOut, want, "structs not equal")
+	}
+}
+
+func TestUser_UserBillingProfile(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/user/billing/profile", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "0020c268dbf54e975e7fe8563df49d52",
+    "first_name": "Bob",
+    "last_name": "Smith",
+    "address": "123 3rd St.",
+    "address2": "Apt 123",
+    "company": "Cloudflare",
+    "city": "San Francisco",
+    "state": "CA",
+    "zipcode": "12345",
+    "country": "US",
+    "telephone": "+1 111-867-5309",
+    "card_number": "xxxx-xxxx-xxxx-1234",
+    "card_expiry_year": 2015,
+    "card_expiry_month": 4,
+    "vat": "aaa-123-987",
+    "edited_on": "2014-04-01T12:21:02.0000Z",
+    "created_on": "2014-03-01T12:21:02.0000Z"
+  }
+}`)
+	})
+
+	createdOn, _ := time.Parse(time.RFC3339, "2014-03-01T12:21:02.0000Z")
+	editedOn, _ := time.Parse(time.RFC3339, "2014-04-01T12:21:02.0000Z")
+
+	userBillingProfile, err := client.UserBillingProfile(context.Background())
+
+	want := UserBillingProfile{
+		ID:              "0020c268dbf54e975e7fe8563df49d52",
+		FirstName:       "Bob",
+		LastName:        "Smith",
+		Address:         "123 3rd St.",
+		Address2:        "Apt 123",
+		Company:         "Cloudflare",
+		City:            "San Francisco",
+		State:           "CA",
+		ZipCode:         "12345",
+		Country:         "US",
+		Telephone:       "+1 111-867-5309",
+		CardNumber:      "xxxx-xxxx-xxxx-1234",
+		CardExpiryYear:  2015,
+		CardExpiryMonth: 4,
+		VAT:             "aaa-123-987",
+		CreatedOn:       &createdOn,
+		EditedOn:        &editedOn,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, userBillingProfile, want, "structs not equal")
+	}
+}
+
+func TestUser_UserBillingHistory(t *testing.T) {
+	setup()
+	defer teardown()
+	mux.HandleFunc("/user/billing/history", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": [
+    {
+      "id": "b69a9f3492637782896352daae219e7d",
+      "type": "charge",
+      "action": "subscription",
+      "description": "The billing item description",
+      "occurred_at": "2014-03-01T12:21:59.3456Z",
+      "amount": 20.99,
+      "currency": "USD",
+      "zone": {
+        "name": "example.com"
+      }
+    }
+  ]
+}`)
+	})
+
+	userBillingProfile, err := client.UserBillingHistory(context.Background(), UserBillingOptions{})
+
+	OccurredAt, _ := time.Parse(time.RFC3339, "2014-03-01T12:21:59.3456Z")
+
+	want := []UserBillingHistory{{
+		ID:          "b69a9f3492637782896352daae219e7d",
+		Type:        "charge",
+		Action:      "subscription",
+		Description: "The billing item description",
+		OccurredAt:  &OccurredAt,
+		Amount:      20.99,
+		Currency:    "USD",
+		Zone:        userBillingHistoryZone{Name: "example.com"},
+	}}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, userBillingProfile, want, "structs not equal")
+	}
+}
diff --git a/pkg/cloudflare-go/utils.go b/pkg/cloudflare-go/utils.go
new file mode 100644
index 0000000000..bc2dc56338
--- /dev/null
+++ b/pkg/cloudflare-go/utils.go
@@ -0,0 +1,28 @@
+package cloudflare
+
+import (
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+
+	"github.com/google/go-querystring/query"
+)
+
+// buildURI assembles the base path and queries.
+func buildURI(path string, options interface{}) string {
+	v, _ := query.Values(options)
+	return (&url.URL{Path: path, RawQuery: v.Encode()}).String()
+}
+
+// loadFixture takes a series of path components and returns the JSON fixture at
+// that location associated.
+func loadFixture(parts ...string) string {
+	paths := []string{"testdata", "fixtures"}
+	paths = append(paths, parts...)
+	b, err := os.ReadFile(filepath.Join(paths...) + ".json")
+	if err != nil {
+		fmt.Print(err)
+	}
+	return string(b)
+}
diff --git a/pkg/cloudflare-go/utils_test.go b/pkg/cloudflare-go/utils_test.go
new file mode 100644
index 0000000000..5973d8c720
--- /dev/null
+++ b/pkg/cloudflare-go/utils_test.go
@@ -0,0 +1,38 @@
+package cloudflare
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+type testExample struct {
+	A string `url:"a,omitempty"`
+	C string `url:"c,omitempty"`
+
+	PaginationOptions
+}
+
+func Test_buildURI(t *testing.T) {
+	tests := map[string]struct {
+		path   string
+		params interface{}
+		want   string
+	}{
+		"multi level path without params":        {path: "/accounts/foo", params: testExample{}, want: "/accounts/foo"},
+		"multi level path with params":           {path: "/zones/foo", params: testExample{A: "b"}, want: "/zones/foo?a=b"},
+		"multi level path with multiple params":  {path: "/zones/foo", params: testExample{A: "b", C: "d"}, want: "/zones/foo?a=b&c=d"},
+		"multi level path with nested fields":    {path: "/zones/foo", params: testExample{A: "b", C: "d", PaginationOptions: PaginationOptions{PerPage: 10}}, want: "/zones/foo?a=b&c=d&per_page=10"},
+		"single level path without params":       {path: "/foo", params: testExample{}, want: "/foo"},
+		"single level path with params":          {path: "/bar", params: testExample{C: "d"}, want: "/bar?c=d"},
+		"single level path with multiple params": {path: "/foo", params: testExample{A: "b", C: "d"}, want: "/foo?a=b&c=d"},
+		"single level path with nested fields":   {path: "/foo", params: testExample{A: "b", C: "d", PaginationOptions: PaginationOptions{PerPage: 10}}, want: "/foo?a=b&c=d&per_page=10"},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			got := buildURI(tc.path, tc.params)
+			assert.Equal(t, tc.want, got)
+		})
+	}
+}
diff --git a/pkg/cloudflare-go/waf.go b/pkg/cloudflare-go/waf.go
new file mode 100644
index 0000000000..c7a458a0ce
--- /dev/null
+++ b/pkg/cloudflare-go/waf.go
@@ -0,0 +1,352 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+
+	"github.com/goccy/go-json"
+)
+
+// WAFPackage represents a WAF package configuration.
+type WAFPackage struct {
+	ID            string `json:"id"`
+	Name          string `json:"name"`
+	Description   string `json:"description"`
+	ZoneID        string `json:"zone_id"`
+	DetectionMode string `json:"detection_mode"`
+	Sensitivity   string `json:"sensitivity"`
+	ActionMode    string `json:"action_mode"`
+}
+
+// WAFPackagesResponse represents the response from the WAF packages endpoint.
+type WAFPackagesResponse struct {
+	Response
+	Result     []WAFPackage `json:"result"`
+	ResultInfo ResultInfo   `json:"result_info"`
+}
+
+// WAFPackageResponse represents the response from the WAF package endpoint.
+type WAFPackageResponse struct {
+	Response
+	Result     WAFPackage `json:"result"`
+	ResultInfo ResultInfo `json:"result_info"`
+}
+
+// WAFPackageOptions represents options to edit a WAF package.
+type WAFPackageOptions struct {
+	Sensitivity string `json:"sensitivity,omitempty"`
+	ActionMode  string `json:"action_mode,omitempty"`
+}
+
+// WAFGroup represents a WAF rule group.
+type WAFGroup struct {
+	ID                 string   `json:"id"`
+	Name               string   `json:"name"`
+	Description        string   `json:"description"`
+	RulesCount         int      `json:"rules_count"`
+	ModifiedRulesCount int      `json:"modified_rules_count"`
+	PackageID          string   `json:"package_id"`
+	Mode               string   `json:"mode"`
+	AllowedModes       []string `json:"allowed_modes"`
+}
+
+// WAFGroupsResponse represents the response from the WAF groups endpoint.
+type WAFGroupsResponse struct {
+	Response
+	Result     []WAFGroup `json:"result"`
+	ResultInfo ResultInfo `json:"result_info"`
+}
+
+// WAFGroupResponse represents the response from the WAF group endpoint.
+type WAFGroupResponse struct {
+	Response
+	Result     WAFGroup   `json:"result"`
+	ResultInfo ResultInfo `json:"result_info"`
+}
+
+// WAFRule represents a WAF rule.
+type WAFRule struct {
+	ID          string `json:"id"`
+	Description string `json:"description"`
+	Priority    string `json:"priority"`
+	PackageID   string `json:"package_id"`
+	Group       struct {
+		ID   string `json:"id"`
+		Name string `json:"name"`
+	} `json:"group"`
+	Mode         string   `json:"mode"`
+	DefaultMode  string   `json:"default_mode"`
+	AllowedModes []string `json:"allowed_modes"`
+}
+
+// WAFRulesResponse represents the response from the WAF rules endpoint.
+type WAFRulesResponse struct {
+	Response
+	Result     []WAFRule  `json:"result"`
+	ResultInfo ResultInfo `json:"result_info"`
+}
+
+// WAFRuleResponse represents the response from the WAF rule endpoint.
+type WAFRuleResponse struct {
+	Response
+	Result     WAFRule    `json:"result"`
+	ResultInfo ResultInfo `json:"result_info"`
+}
+
+// WAFRuleOptions is a subset of WAFRule, for editable options.
+type WAFRuleOptions struct {
+	Mode string `json:"mode"`
+}
+
+// ListWAFPackages returns a slice of the WAF packages for the given zone.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-packages-list-firewall-packages
+func (api *API) ListWAFPackages(ctx context.Context, zoneID string) ([]WAFPackage, error) {
+	// Construct a query string
+	v := url.Values{}
+	// Request as many WAF packages as possible per page - API max is 100
+	v.Set("per_page", "100")
+
+	var packages []WAFPackage
+	var res []byte
+	var err error
+	page := 1
+
+	// Loop over makeRequest until what we've fetched all records
+	for {
+		v.Set("page", strconv.Itoa(page))
+		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages?%s", zoneID, v.Encode())
+		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []WAFPackage{}, err
+		}
+
+		var p WAFPackagesResponse
+		err = json.Unmarshal(res, &p)
+		if err != nil {
+			return []WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		if !p.Success {
+			// TODO: Provide an actual error message instead of always returning nil
+			return []WAFPackage{}, err
+		}
+
+		packages = append(packages, p.Result...)
+		if p.ResultInfo.Page >= p.ResultInfo.TotalPages {
+			break
+		}
+
+		// Loop around and fetch the next page
+		page++
+	}
+
+	return packages, nil
+}
+
+// WAFPackage returns a WAF package for the given zone.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-packages-firewall-package-details
+func (api *API) WAFPackage(ctx context.Context, zoneID, packageID string) (WAFPackage, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s", zoneID, packageID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WAFPackage{}, err
+	}
+
+	var r WAFPackageResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateWAFPackage lets you update the a WAF Package.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-packages-edit-firewall-package
+func (api *API) UpdateWAFPackage(ctx context.Context, zoneID, packageID string, opts WAFPackageOptions) (WAFPackage, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s", zoneID, packageID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
+	if err != nil {
+		return WAFPackage{}, err
+	}
+
+	var r WAFPackageResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListWAFGroups returns a slice of the WAF groups for the given WAF package.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-groups-list-rule-groups
+func (api *API) ListWAFGroups(ctx context.Context, zoneID, packageID string) ([]WAFGroup, error) {
+	// Construct a query string
+	v := url.Values{}
+	// Request as many WAF groups as possible per page - API max is 100
+	v.Set("per_page", "100")
+
+	var groups []WAFGroup
+	var res []byte
+	var err error
+	page := 1
+
+	// Loop over makeRequest until what we've fetched all records
+	for {
+		v.Set("page", strconv.Itoa(page))
+		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups?%s", zoneID, packageID, v.Encode())
+		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []WAFGroup{}, err
+		}
+
+		var r WAFGroupsResponse
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		if !r.Success {
+			// TODO: Provide an actual error message instead of always returning nil
+			return []WAFGroup{}, err
+		}
+
+		groups = append(groups, r.Result...)
+		if r.ResultInfo.Page >= r.ResultInfo.TotalPages {
+			break
+		}
+
+		// Loop around and fetch the next page
+		page++
+	}
+	return groups, nil
+}
+
+// WAFGroup returns a WAF rule group from the given WAF package.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-groups-rule-group-details
+func (api *API) WAFGroup(ctx context.Context, zoneID, packageID, groupID string) (WAFGroup, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups/%s", zoneID, packageID, groupID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WAFGroup{}, err
+	}
+
+	var r WAFGroupResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateWAFGroup lets you update the mode of a WAF Group.
+//
+// API Reference: https://api.cloudflare.com/#waf-rule-groups-edit-rule-group
+func (api *API) UpdateWAFGroup(ctx context.Context, zoneID, packageID, groupID, mode string) (WAFGroup, error) {
+	opts := WAFRuleOptions{Mode: mode}
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups/%s", zoneID, packageID, groupID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
+	if err != nil {
+		return WAFGroup{}, err
+	}
+
+	var r WAFGroupResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ListWAFRules returns a slice of the WAF rules for the given WAF package.
+//
+// API Reference: https://api.cloudflare.com/#waf-rules-list-rules
+func (api *API) ListWAFRules(ctx context.Context, zoneID, packageID string) ([]WAFRule, error) {
+	// Construct a query string
+	v := url.Values{}
+	// Request as many WAF rules as possible per page - API max is 100
+	v.Set("per_page", "100")
+
+	var rules []WAFRule
+	var res []byte
+	var err error
+	page := 1
+
+	// Loop over makeRequest until what we've fetched all records
+	for {
+		v.Set("page", strconv.Itoa(page))
+		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules?%s", zoneID, packageID, v.Encode())
+		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []WAFRule{}, err
+		}
+
+		var r WAFRulesResponse
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return []WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+
+		if !r.Success {
+			// TODO: Provide an actual error message instead of always returning nil
+			return []WAFRule{}, err
+		}
+
+		rules = append(rules, r.Result...)
+		if r.ResultInfo.Page >= r.ResultInfo.TotalPages {
+			break
+		}
+
+		// Loop around and fetch the next page
+		page++
+	}
+
+	return rules, nil
+}
+
+// WAFRule returns a WAF rule from the given WAF package.
+//
+// API Reference: https://api.cloudflare.com/#waf-rules-rule-details
+func (api *API) WAFRule(ctx context.Context, zoneID, packageID, ruleID string) (WAFRule, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules/%s", zoneID, packageID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WAFRule{}, err
+	}
+
+	var r WAFRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateWAFRule lets you update the mode of a WAF Rule.
+//
+// API Reference: https://api.cloudflare.com/#waf-rules-edit-rule
+func (api *API) UpdateWAFRule(ctx context.Context, zoneID, packageID, ruleID, mode string) (WAFRule, error) {
+	opts := WAFRuleOptions{Mode: mode}
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules/%s", zoneID, packageID, ruleID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
+	if err != nil {
+		return WAFRule{}, err
+	}
+
+	var r WAFRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/waf_overrides.go b/pkg/cloudflare-go/waf_overrides.go
new file mode 100644
index 0000000000..665cb61682
--- /dev/null
+++ b/pkg/cloudflare-go/waf_overrides.go
@@ -0,0 +1,138 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// WAFOverridesResponse represents the response form the WAF overrides endpoint.
+type WAFOverridesResponse struct {
+	Response
+	Result     []WAFOverride `json:"result"`
+	ResultInfo ResultInfo    `json:"result_info"`
+}
+
+// WAFOverrideResponse represents the response form the WAF override endpoint.
+type WAFOverrideResponse struct {
+	Response
+	Result     WAFOverride `json:"result"`
+	ResultInfo ResultInfo  `json:"result_info"`
+}
+
+// WAFOverride represents a WAF override.
+type WAFOverride struct {
+	ID            string            `json:"id,omitempty"`
+	Description   string            `json:"description"`
+	URLs          []string          `json:"urls"`
+	Priority      int               `json:"priority"`
+	Groups        map[string]string `json:"groups"`
+	RewriteAction map[string]string `json:"rewrite_action"`
+	Rules         map[string]string `json:"rules"`
+	Paused        bool              `json:"paused"`
+}
+
+// ListWAFOverrides returns a slice of the WAF overrides.
+//
+// API Reference: https://api.cloudflare.com/#waf-overrides-list-uri-controlled-waf-configurations
+func (api *API) ListWAFOverrides(ctx context.Context, zoneID string) ([]WAFOverride, error) {
+	var overrides []WAFOverride
+	var res []byte
+	var err error
+
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides", zoneID)
+	res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []WAFOverride{}, err
+	}
+
+	var r WAFOverridesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	if !r.Success {
+		// TODO: Provide an actual error message instead of always returning nil
+		return []WAFOverride{}, err
+	}
+
+	for ri := range r.Result {
+		overrides = append(overrides, r.Result[ri])
+	}
+	return overrides, nil
+}
+
+// WAFOverride returns a WAF override from the given override ID.
+//
+// API Reference: https://api.cloudflare.com/#waf-overrides-uri-controlled-waf-configuration-details
+func (api *API) WAFOverride(ctx context.Context, zoneID, overrideID string) (WAFOverride, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WAFOverride{}, err
+	}
+
+	var r WAFOverrideResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// CreateWAFOverride creates a new WAF override.
+//
+// API reference: https://api.cloudflare.com/#waf-overrides-create-a-uri-controlled-waf-configuration
+func (api *API) CreateWAFOverride(ctx context.Context, zoneID string, override WAFOverride) (WAFOverride, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, override)
+	if err != nil {
+		return WAFOverride{}, err
+	}
+	var r WAFOverrideResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateWAFOverride updates an existing WAF override.
+//
+// API reference: https://api.cloudflare.com/#waf-overrides-update-uri-controlled-waf-configuration
+func (api *API) UpdateWAFOverride(ctx context.Context, zoneID, overrideID string, override WAFOverride) (WAFOverride, error) {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, override)
+	if err != nil {
+		return WAFOverride{}, err
+	}
+
+	var r WAFOverrideResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteWAFOverride deletes a WAF override for a zone.
+//
+// API reference: https://api.cloudflare.com/#waf-overrides-delete-lockdown-rule
+func (api *API) DeleteWAFOverride(ctx context.Context, zoneID, overrideID string) error {
+	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r WAFOverrideResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
diff --git a/pkg/cloudflare-go/waf_overrides_test.go b/pkg/cloudflare-go/waf_overrides_test.go
new file mode 100644
index 0000000000..01d886490f
--- /dev/null
+++ b/pkg/cloudflare-go/waf_overrides_test.go
@@ -0,0 +1,238 @@
+package cloudflare
+
+import (
+	context "context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWAFOverride(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "a27cece9ec0e4af39ae9c58e3326e2b6",
+				"paused": false,
+				"urls": [
+					"foo.bar.com"
+				],
+				"priority": 0,
+				"groups": {
+					"ea8687e59929c1fd05ba97574ad43f77": "default"
+				},
+				"rules": {
+					"100015": "disable"
+				},
+				"rewrite_action": {
+					"default": "simulate"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/a27cece9ec0e4af39ae9c58e3326e2b6", handler)
+	want := WAFOverride{
+		ID:            "a27cece9ec0e4af39ae9c58e3326e2b6",
+		Paused:        false,
+		URLs:          []string{"foo.bar.com"},
+		Priority:      0,
+		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
+		Rules:         map[string]string{"100015": "disable"},
+		RewriteAction: map[string]string{"default": "simulate"},
+	}
+
+	actual, err := client.WAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "a27cece9ec0e4af39ae9c58e3326e2b6")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListWAFOverrides(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-overrides-list-uri-controlled-waf-configurations
+		fmt.Fprintf(w, `{
+			"result": [
+				{
+					"id": "a27cece9ec0e4af39ae9c58e3326e2b6",
+					"paused": false,
+					"urls": [
+						"foo.bar.com"
+					],
+					"priority": 0,
+					"groups": {
+						"ea8687e59929c1fd05ba97574ad43f77": "default"
+					},
+					"rules": {
+						"100015": "disable"
+					},
+					"rewrite_action": {
+						"default": "simulate"
+					}
+				}
+			],
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result_info": {
+				"page": 1,
+				"per_page": 25,
+				"count": 1,
+				"total_count": 1,
+				"total_pages": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/overrides", handler)
+
+	want := []WAFOverride{
+		{
+			ID:            "a27cece9ec0e4af39ae9c58e3326e2b6",
+			Paused:        false,
+			URLs:          []string{"foo.bar.com"},
+			Priority:      0,
+			Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
+			Rules:         map[string]string{"100015": "disable"},
+			RewriteAction: map[string]string{"default": "simulate"},
+		},
+	}
+
+	d, err := client.ListWAFOverrides(context.Background(), testZoneID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+}
+
+func TestCreateWAFOverride(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "cf5b1db4ac454d7bad98ebec4533db57",
+				"paused": false,
+				"urls": [
+					"foo.bar.com"
+				],
+				"priority": 0,
+				"groups": {
+					"ea8687e59929c1fd05ba97574ad43f77": "default"
+				},
+				"rules": {
+					"100015": "disable"
+				},
+				"rewrite_action": {
+					"default": "simulate"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides", handler)
+
+	want := WAFOverride{
+		ID:            "cf5b1db4ac454d7bad98ebec4533db57",
+		URLs:          []string{"foo.bar.com"},
+		Rules:         map[string]string{"100015": "disable"},
+		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
+		RewriteAction: map[string]string{"default": "simulate"},
+	}
+
+	actual, err := client.CreateWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteWAFOverride(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "18a9b91a93364593a8f41bd53bb2c02d"
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/18a9b91a93364593a8f41bd53bb2c02d", handler)
+
+	err := client.DeleteWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "18a9b91a93364593a8f41bd53bb2c02d")
+	assert.NoError(t, err)
+}
+
+func TestUpdateWAFOverride(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": {
+				"id": "e160a4fca2b346a7a418f49da049c566",
+				"paused": false,
+				"urls": [
+					"foo.bar.com"
+				],
+				"priority": 0,
+				"groups": {
+					"ea8687e59929c1fd05ba97574ad43f77": "block"
+				},
+				"rules": {
+					"100015": "disable"
+				},
+				"rewrite_action": {
+					"default": "block"
+				}
+			},
+			"success": true,
+			"errors": [],
+			"messages": []
+		}`)
+	}
+
+	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/e160a4fca2b346a7a418f49da049c566", handler)
+
+	want := WAFOverride{
+		ID:            "e160a4fca2b346a7a418f49da049c566",
+		URLs:          []string{"foo.bar.com"},
+		Rules:         map[string]string{"100015": "disable"},
+		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "block"},
+		RewriteAction: map[string]string{"default": "block"},
+	}
+
+	actual, err := client.UpdateWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "e160a4fca2b346a7a418f49da049c566", want)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/waf_test.go b/pkg/cloudflare-go/waf_test.go
new file mode 100644
index 0000000000..31e19bef01
--- /dev/null
+++ b/pkg/cloudflare-go/waf_test.go
@@ -0,0 +1,794 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListWAFPackages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rule-packages-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"name": "WordPress rules",
+				"description": "Common WordPress exploit protections",
+				"detection_mode": "traditional",
+				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+				"status": "active"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages", handler)
+
+	want := []WAFPackage{
+		{
+			ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
+			Name:          "WordPress rules",
+			Description:   "Common WordPress exploit protections",
+			ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
+			DetectionMode: "traditional",
+			Sensitivity:   "",
+			ActionMode:    "",
+		},
+	}
+
+	d, err := client.ListWAFPackages(context.Background(), testZoneID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestListWAFPackagesMultiplePages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	page := 1
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		reqURI, err := url.ParseRequestURI(r.RequestURI)
+		assert.NoError(t, err)
+
+		query, err := url.ParseQuery(reqURI.RawQuery)
+		assert.NoError(t, err)
+
+		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+				"id": "fake_id_number_%[1]d",
+				"name": "Fake rule name %[1]d",
+				"description": "Fake rule description %[1]d",
+				"detection_mode": "traditional",
+				"zone_id": "%[2]s",
+				"status": "active"
+				}
+			],
+			"result_info": {
+				"page": %[1]d,
+				"per_page": 1,
+				"total_pages": 2,
+				"count": 1,
+				"total_count": 2
+			}
+		}`, page, testZoneID)
+
+		page++
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages", handler)
+
+	want := []WAFPackage{
+		{
+			ID:            "fake_id_number_1",
+			Name:          "Fake rule name 1",
+			Description:   "Fake rule description 1",
+			ZoneID:        testZoneID,
+			DetectionMode: "traditional",
+			Sensitivity:   "",
+			ActionMode:    "",
+		},
+		{
+			ID:            "fake_id_number_2",
+			Name:          "Fake rule name 2",
+			Description:   "Fake rule description 2",
+			ZoneID:        testZoneID,
+			DetectionMode: "traditional",
+			Sensitivity:   "",
+			ActionMode:    "",
+		},
+	}
+
+	d, err := client.ListWAFPackages(context.Background(), testZoneID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestWAFPackage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rule-packages-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result":
+			{
+				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"name": "WordPress rules",
+				"description": "Common WordPress exploit protections",
+				"detection_mode": "traditional",
+				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+				"status": "active"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b", handler)
+
+	want := WAFPackage{
+		ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
+		Name:          "WordPress rules",
+		Description:   "Common WordPress exploit protections",
+		ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
+		DetectionMode: "traditional",
+		Sensitivity:   "",
+		ActionMode:    "",
+	}
+
+	d, err := client.WAFPackage(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.WAFPackage(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestUpdateWAFPackage(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"sensitivity":"high","action_mode":"challenge"}`, string(body), "Expected body '{\"sensitivity\":\"high\",\"action_mode\":\"challenge\"}', got %s", string(body))
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"name": "OWASP ModSecurity Core Rule Set",
+				"description": "Covers OWASP Top 10 vulnerabilities, and more.",
+				"detection_mode": "anomaly",
+				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
+				"status": "active",
+				"sensitivity": "high",
+				"action_mode": "challenge"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b", handler)
+
+	want := WAFPackage{
+		ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
+		Name:          "OWASP ModSecurity Core Rule Set",
+		Description:   "Covers OWASP Top 10 vulnerabilities, and more.",
+		ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
+		DetectionMode: "anomaly",
+		Sensitivity:   "high",
+		ActionMode:    "challenge",
+	}
+
+	d, err := client.UpdateWAFPackage(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", WAFPackageOptions{Sensitivity: "high", ActionMode: "challenge"})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+}
+
+func TestListWAFGroups(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+
+		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "de677e5818985db1285d0e80225f06e5",
+					"name": "Project Honey Pot",
+					"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+					"rules_count": 10,
+					"modified_rules_count": 2,
+					"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+					"mode": "on",
+					"allowed_modes": [
+						"on",
+						"off"
+					]
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+			}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups", handler)
+
+	want := []WAFGroup{
+		{
+			ID:                 "de677e5818985db1285d0e80225f06e5",
+			Name:               "Project Honey Pot",
+			Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+			RulesCount:         10,
+			ModifiedRulesCount: 2,
+			PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
+			Mode:               "on",
+			AllowedModes:       []string{"on", "off"},
+		},
+	}
+
+	d, err := client.ListWAFGroups(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFGroups(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestListWAFGroupsMultiplePages(t *testing.T) {
+	setup()
+	defer teardown()
+	packageID := "efgh456"
+
+	page := 1
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		reqURI, err := url.ParseRequestURI(r.RequestURI)
+		assert.NoError(t, err)
+
+		query, err := url.ParseQuery(reqURI.RawQuery)
+		assert.NoError(t, err)
+
+		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+					"id": "fake_group_id_%[1]d",
+					"name": "Fake Group Name %[1]d",
+					"description": "Fake Group Description %[1]d",
+					"rules_count": 1%[1]d,
+					"modified_rules_count": %[1]d,
+					"package_id": "%[2]s",
+					"mode": "on",
+					"allowed_modes": [
+						"on",
+						"off"
+					]
+				}
+			],
+			"result_info": {
+				"page": %[1]d,
+				"per_page": 1,
+				"total_pages": 2,
+				"count": 1,
+				"total_count": 2
+			}
+		}`, page, packageID)
+
+		page++
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/"+packageID+"/groups", handler)
+
+	want := []WAFGroup{
+		{
+			ID:                 "fake_group_id_1",
+			Name:               "Fake Group Name 1",
+			Description:        "Fake Group Description 1",
+			RulesCount:         11,
+			ModifiedRulesCount: 1,
+			PackageID:          packageID,
+			Mode:               "on",
+			AllowedModes:       []string{"on", "off"},
+		},
+		{
+			ID:                 "fake_group_id_2",
+			Name:               "Fake Group Name 2",
+			Description:        "Fake Group Description 2",
+			RulesCount:         12,
+			ModifiedRulesCount: 2,
+			PackageID:          packageID,
+			Mode:               "on",
+			AllowedModes:       []string{"on", "off"},
+		},
+	}
+
+	d, err := client.ListWAFGroups(context.Background(), testZoneID, packageID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFGroups(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestWAFGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-rule-group-details
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "de677e5818985db1285d0e80225f06e5",
+				"name": "Project Honey Pot",
+				"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+				"rules_count": 10,
+				"modified_rules_count": 2,
+				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"mode": "on",
+				"allowed_modes": [
+					"on",
+					"off"
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups/de677e5818985db1285d0e80225f06e5", handler)
+
+	want := WAFGroup{
+		ID:                 "de677e5818985db1285d0e80225f06e5",
+		Name:               "Project Honey Pot",
+		Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+		RulesCount:         10,
+		ModifiedRulesCount: 2,
+		PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
+		Mode:               "on",
+		AllowedModes:       []string{"on", "off"},
+	}
+
+	d, err := client.WAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "de677e5818985db1285d0e80225f06e5")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.WAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "123")
+	assert.Error(t, err)
+}
+
+func TestUpdateWAFGroup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"mode":"on"}`, string(body), "Expected body '{\"mode\":\"on\"}', got %s", string(body))
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-edit-rule-group
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "de677e5818985db1285d0e80225f06e5",
+				"name": "Project Honey Pot",
+				"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+				"rules_count": 10,
+				"modified_rules_count": 2,
+				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"mode": "on",
+				"allowed_modes": [
+					"on",
+					"off"
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups/de677e5818985db1285d0e80225f06e5", handler)
+
+	want := WAFGroup{
+		ID:                 "de677e5818985db1285d0e80225f06e5",
+		Name:               "Project Honey Pot",
+		Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
+		RulesCount:         10,
+		ModifiedRulesCount: 2,
+		PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
+		Mode:               "on",
+		AllowedModes:       []string{"on", "off"},
+	}
+
+	d, err := client.UpdateWAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "de677e5818985db1285d0e80225f06e5", "on")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+}
+
+func TestListWAFRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+				"id": "f939de3be84e66e757adcdcb87908023",
+				"description": "SQL injection prevention for SELECT statements",
+				"priority": "5",
+				"group": {
+					"id": "de677e5818985db1285d0e80225f06e5",
+					"name": "Project Honey Pot"
+				},
+				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"allowed_modes": [
+					"on",
+					"off"
+				],
+				"mode": "on"
+				}
+			],
+			"result_info": {
+				"page": 1,
+				"per_page": 20,
+				"count": 1,
+				"total_count": 1
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules", handler)
+
+	want := []WAFRule{
+		{
+			ID:          "f939de3be84e66e757adcdcb87908023",
+			Description: "SQL injection prevention for SELECT statements",
+			Priority:    "5",
+			PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
+			Group: struct {
+				ID   string `json:"id"`
+				Name string `json:"name"`
+			}{
+				ID:   "de677e5818985db1285d0e80225f06e5",
+				Name: "Project Honey Pot",
+			},
+			Mode:         "on",
+			DefaultMode:  "",
+			AllowedModes: []string{"on", "off"},
+		},
+	}
+
+	d, err := client.ListWAFRules(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestListWAFRulesMultiplePages(t *testing.T) {
+	setup()
+	defer teardown()
+	packageID := "efgh456"
+
+	page := 1
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		reqURI, err := url.ParseRequestURI(r.RequestURI)
+		assert.NoError(t, err)
+
+		query, err := url.ParseQuery(reqURI.RawQuery)
+		assert.NoError(t, err)
+
+		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": [
+				{
+				"id": "fake_rule_id_%[1]d",
+				"description": "Fake Rule Description %[1]d",
+				"priority": "%[1]d",
+				"group": {
+					"id": "fake_group_id_%[1]d",
+					"name": "Fake Group Name %[1]d"
+				},
+				"package_id": "%[2]s",
+				"allowed_modes": [
+					"on",
+					"off"
+				],
+				"mode": "on"
+				}
+			],
+			"result_info": {
+				"page": %[1]d,
+				"per_page": 1,
+				"total_pages": 2,
+				"count": 1,
+				"total_count": 2
+			}
+		}`, page, packageID)
+
+		page++
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/"+packageID+"/rules", handler)
+
+	want := []WAFRule{
+		{
+			ID:          "fake_rule_id_1",
+			Description: "Fake Rule Description 1",
+			Priority:    "1",
+			PackageID:   packageID,
+			Group: struct {
+				ID   string `json:"id"`
+				Name string `json:"name"`
+			}{
+				ID:   "fake_group_id_1",
+				Name: "Fake Group Name 1",
+			},
+			Mode:         "on",
+			DefaultMode:  "",
+			AllowedModes: []string{"on", "off"},
+		},
+		{
+			ID:          "fake_rule_id_2",
+			Description: "Fake Rule Description 2",
+			Priority:    "2",
+			PackageID:   packageID,
+			Group: struct {
+				ID   string `json:"id"`
+				Name string `json:"name"`
+			}{
+				ID:   "fake_group_id_2",
+				Name: "Fake Group Name 2",
+			},
+			Mode:         "on",
+			DefaultMode:  "",
+			AllowedModes: []string{"on", "off"},
+		},
+	}
+
+	d, err := client.ListWAFRules(context.Background(), testZoneID, packageID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestWAFRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f939de3be84e66e757adcdcb87908023",
+				"description": "SQL injection prevention for SELECT statements",
+				"priority": "5",
+				"group": {
+					"id": "de677e5818985db1285d0e80225f06e5",
+					"name": "Project Honey Pot"
+				},
+				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"allowed_modes": [
+					"on",
+					"off"
+				],
+				"mode": "on"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules/f939de3be84e66e757adcdcb87908023", handler)
+
+	want := WAFRule{
+		ID:          "f939de3be84e66e757adcdcb87908023",
+		Description: "SQL injection prevention for SELECT statements",
+		Priority:    "5",
+		PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
+		Group: struct {
+			ID   string `json:"id"`
+			Name string `json:"name"`
+		}{
+			ID:   "de677e5818985db1285d0e80225f06e5",
+			Name: "Project Honey Pot",
+		},
+		Mode:         "on",
+		DefaultMode:  "",
+		AllowedModes: []string{"on", "off"},
+	}
+
+	d, err := client.WAFRule(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "f939de3be84e66e757adcdcb87908023")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
+
+func TestUpdateWAFRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		if err != nil {
+			panic(err)
+		}
+		defer r.Body.Close()
+
+		assert.Equal(t, `{"mode":"on"}`, string(body), "Expected method '{\"mode\":\"on\"}', got %s", string(body))
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "f939de3be84e66e757adcdcb87908023",
+				"description": "SQL injection prevention for SELECT statements",
+				"priority": "5",
+				"group": {
+					"id": "de677e5818985db1285d0e80225f06e5",
+					"name": "Project Honey Pot"
+				},
+				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
+				"allowed_modes": [
+					"on",
+					"off"
+				],
+				"mode": "on"
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules/f939de3be84e66e757adcdcb87908023", handler)
+
+	want := WAFRule{
+		ID:          "f939de3be84e66e757adcdcb87908023",
+		Description: "SQL injection prevention for SELECT statements",
+		Priority:    "5",
+		PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
+		Group: struct {
+			ID   string `json:"id"`
+			Name string `json:"name"`
+		}{
+			ID:   "de677e5818985db1285d0e80225f06e5",
+			Name: "Project Honey Pot",
+		},
+		Mode:         "on",
+		DefaultMode:  "",
+		AllowedModes: []string{"on", "off"},
+	}
+
+	d, err := client.UpdateWAFRule(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "f939de3be84e66e757adcdcb87908023", "on")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
+	assert.Error(t, err)
+}
diff --git a/pkg/cloudflare-go/waiting_room.go b/pkg/cloudflare-go/waiting_room.go
new file mode 100644
index 0000000000..7bd98d9a33
--- /dev/null
+++ b/pkg/cloudflare-go/waiting_room.go
@@ -0,0 +1,629 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingWaitingRoomID     = errors.New("missing required waiting room ID")
+	ErrMissingWaitingRoomRuleID = errors.New("missing required waiting room rule ID")
+)
+
+// WaitingRoom describes a WaitingRoom object.
+type WaitingRoom struct {
+	CreatedOn                  time.Time           `json:"created_on,omitempty"`
+	ModifiedOn                 time.Time           `json:"modified_on,omitempty"`
+	Path                       string              `json:"path"`
+	Name                       string              `json:"name"`
+	Description                string              `json:"description,omitempty"`
+	QueueingMethod             string              `json:"queueing_method,omitempty"`
+	CustomPageHTML             string              `json:"custom_page_html,omitempty"`
+	DefaultTemplateLanguage    string              `json:"default_template_language,omitempty"`
+	Host                       string              `json:"host"`
+	ID                         string              `json:"id,omitempty"`
+	NewUsersPerMinute          int                 `json:"new_users_per_minute"`
+	TotalActiveUsers           int                 `json:"total_active_users"`
+	SessionDuration            int                 `json:"session_duration"`
+	QueueAll                   bool                `json:"queue_all"`
+	DisableSessionRenewal      bool                `json:"disable_session_renewal"`
+	Suspended                  bool                `json:"suspended"`
+	JsonResponseEnabled        bool                `json:"json_response_enabled"`
+	NextEventPrequeueStartTime *time.Time          `json:"next_event_prequeue_start_time,omitempty"`
+	NextEventStartTime         *time.Time          `json:"next_event_start_time,omitempty"`
+	CookieSuffix               string              `json:"cookie_suffix"`
+	AdditionalRoutes           []*WaitingRoomRoute `json:"additional_routes,omitempty"`
+	QueueingStatusCode         int                 `json:"queueing_status_code"`
+}
+
+// WaitingRoomStatus describes the status of a waiting room.
+type WaitingRoomStatus struct {
+	Status                    string `json:"status"`
+	EventID                   string `json:"event_id"`
+	EstimatedQueuedUsers      int    `json:"estimated_queued_users"`
+	EstimatedTotalActiveUsers int    `json:"estimated_total_active_users"`
+	MaxEstimatedTimeMinutes   int    `json:"max_estimated_time_minutes"`
+}
+
+// WaitingRoomEvent describes a WaitingRoomEvent object.
+type WaitingRoomEvent struct {
+	EventEndTime          time.Time  `json:"event_end_time"`
+	CreatedOn             time.Time  `json:"created_on,omitempty"`
+	ModifiedOn            time.Time  `json:"modified_on,omitempty"`
+	PrequeueStartTime     *time.Time `json:"prequeue_start_time,omitempty"`
+	EventStartTime        time.Time  `json:"event_start_time"`
+	Name                  string     `json:"name"`
+	Description           string     `json:"description,omitempty"`
+	QueueingMethod        string     `json:"queueing_method,omitempty"`
+	ID                    string     `json:"id,omitempty"`
+	CustomPageHTML        string     `json:"custom_page_html,omitempty"`
+	NewUsersPerMinute     int        `json:"new_users_per_minute,omitempty"`
+	TotalActiveUsers      int        `json:"total_active_users,omitempty"`
+	SessionDuration       int        `json:"session_duration,omitempty"`
+	DisableSessionRenewal *bool      `json:"disable_session_renewal,omitempty"`
+	Suspended             bool       `json:"suspended"`
+	ShuffleAtEventStart   bool       `json:"shuffle_at_event_start"`
+}
+
+type WaitingRoomRule struct {
+	ID          string     `json:"id,omitempty"`
+	Version     string     `json:"version,omitempty"`
+	Action      string     `json:"action"`
+	Expression  string     `json:"expression"`
+	Description string     `json:"description"`
+	LastUpdated *time.Time `json:"last_updated,omitempty"`
+	Enabled     *bool      `json:"enabled"`
+}
+
+// WaitingRoomSettings describes zone-level waiting room settings.
+type WaitingRoomSettings struct {
+	// Whether to allow verified search engine crawlers to bypass all waiting rooms on this zone
+	SearchEngineCrawlerBypass bool `json:"search_engine_crawler_bypass"`
+}
+
+// WaitingRoomPagePreviewURL describes a WaitingRoomPagePreviewURL object.
+type WaitingRoomPagePreviewURL struct {
+	PreviewURL string `json:"preview_url"`
+}
+
+// WaitingRoomPagePreviewCustomHTML describes a WaitingRoomPagePreviewCustomHTML object.
+type WaitingRoomPagePreviewCustomHTML struct {
+	CustomHTML string `json:"custom_html"`
+}
+
+// WaitingRoomRoute describes a WaitingRoomRoute object.
+type WaitingRoomRoute struct {
+	Host string `json:"host"`
+	Path string `json:"path"`
+}
+
+// WaitingRoomDetailResponse is the API response, containing a single WaitingRoom.
+type WaitingRoomDetailResponse struct {
+	Response
+	Result WaitingRoom `json:"result"`
+}
+
+// WaitingRoomsResponse is the API response, containing an array of WaitingRooms.
+type WaitingRoomsResponse struct {
+	Response
+	Result []WaitingRoom `json:"result"`
+}
+
+// WaitingRoomSettingsResponse is the API response, containing zone-level Waiting Room settings.
+type WaitingRoomSettingsResponse struct {
+	Response
+	Result WaitingRoomSettings `json:"result"`
+}
+
+// WaitingRoomStatusResponse is the API response, containing the status of a waiting room.
+type WaitingRoomStatusResponse struct {
+	Response
+	Result WaitingRoomStatus `json:"result"`
+}
+
+// WaitingRoomPagePreviewResponse is the API response, containing the URL to a custom waiting room preview.
+type WaitingRoomPagePreviewResponse struct {
+	Response
+	Result WaitingRoomPagePreviewURL `json:"result"`
+}
+
+// WaitingRoomEventDetailResponse is the API response, containing a single WaitingRoomEvent.
+type WaitingRoomEventDetailResponse struct {
+	Response
+	Result WaitingRoomEvent `json:"result"`
+}
+
+// WaitingRoomEventsResponse is the API response, containing an array of WaitingRoomEvents.
+type WaitingRoomEventsResponse struct {
+	Response
+	Result []WaitingRoomEvent `json:"result"`
+}
+
+// WaitingRoomRulesResponse is the API response, containing an array of WaitingRoomRule.
+type WaitingRoomRulesResponse struct {
+	Response
+	Result []WaitingRoomRule `json:"result"`
+}
+
+// CreateWaitingRoom creates a new Waiting Room for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-create-waiting-room
+func (api *API) CreateWaitingRoom(ctx context.Context, zoneID string, waitingRoom WaitingRoom) (*WaitingRoom, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, waitingRoom)
+	if err != nil {
+		return nil, err
+	}
+	var r WaitingRoomDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+// ListWaitingRooms returns all Waiting Room for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-list-waiting-rooms
+func (api *API) ListWaitingRooms(ctx context.Context, zoneID string) ([]WaitingRoom, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []WaitingRoom{}, err
+	}
+	var r WaitingRoomsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// WaitingRoom fetches detail about one Waiting room for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-waiting-room-details
+func (api *API) WaitingRoom(ctx context.Context, zoneID, waitingRoomID string) (WaitingRoom, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WaitingRoom{}, err
+	}
+	var r WaitingRoomDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ChangeWaitingRoom lets you change individual settings for a Waiting room. This is
+// in contrast to UpdateWaitingRoom which replaces the entire Waiting room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-update-waiting-room
+func (api *API) ChangeWaitingRoom(ctx context.Context, zoneID, waitingRoomID string, waitingRoom WaitingRoom) (WaitingRoom, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, waitingRoom)
+	if err != nil {
+		return WaitingRoom{}, err
+	}
+	var r WaitingRoomDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateWaitingRoom lets you replace a Waiting Room. This is in contrast to
+// ChangeWaitingRoom which lets you change individual settings.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-update-waiting-room
+func (api *API) UpdateWaitingRoom(ctx context.Context, zoneID string, waitingRoom WaitingRoom) (WaitingRoom, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoom.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, waitingRoom)
+	if err != nil {
+		return WaitingRoom{}, err
+	}
+	var r WaitingRoomDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteWaitingRoom deletes a Waiting Room for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-delete-waiting-room
+func (api *API) DeleteWaitingRoom(ctx context.Context, zoneID, waitingRoomID string) error {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r WaitingRoomDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+// WaitingRoomStatus returns the status of one Waiting Room for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-get-waiting-room-status
+func (api *API) WaitingRoomStatus(ctx context.Context, zoneID, waitingRoomID string) (WaitingRoomStatus, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/status", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WaitingRoomStatus{}, err
+	}
+	var r WaitingRoomStatusResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// WaitingRoomPagePreview uploads a custom waiting room page for preview and
+// returns a preview URL.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-create-a-custom-waiting-room-page-preview
+func (api *API) WaitingRoomPagePreview(ctx context.Context, zoneID, customHTML string) (WaitingRoomPagePreviewURL, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/preview", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, WaitingRoomPagePreviewCustomHTML{CustomHTML: customHTML})
+
+	if err != nil {
+		return WaitingRoomPagePreviewURL{}, err
+	}
+	var r WaitingRoomPagePreviewResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomPagePreviewURL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// CreateWaitingRoomEvent creates a new event for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-create-event
+func (api *API) CreateWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (*WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, waitingRoomEvent)
+	if err != nil {
+		return nil, err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+// ListWaitingRoomEvents returns all Waiting Room Events for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-list-events
+func (api *API) ListWaitingRoomEvents(ctx context.Context, zoneID string, waitingRoomID string) ([]WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events", zoneID, waitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []WaitingRoomEvent{}, err
+	}
+	var r WaitingRoomEventsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// WaitingRoomEvent fetches detail about one Waiting Room Event for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-event-details
+func (api *API) WaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, eventID string) (WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, eventID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WaitingRoomEvent{}, err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// WaitingRoomEventPreview returns an event's configuration as if it was active.
+// Inherited fields from the waiting room will be displayed with their current values.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-preview-active-event-details
+func (api *API) WaitingRoomEventPreview(ctx context.Context, zoneID string, waitingRoomID string, eventID string) (WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s/details", zoneID, waitingRoomID, eventID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WaitingRoomEvent{}, err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ChangeWaitingRoomEvent lets you change individual settings for a Waiting Room Event. This is
+// in contrast to UpdateWaitingRoomEvent which replaces the entire Waiting Room Event.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-patch-event
+func (api *API) ChangeWaitingRoomEvent(ctx context.Context, zoneID, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, waitingRoomEvent.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, waitingRoomEvent)
+	if err != nil {
+		return WaitingRoomEvent{}, err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateWaitingRoomEvent lets you replace a Waiting Room Event. This is in contrast to
+// ChangeWaitingRoomEvent which lets you change individual settings.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-update-event
+func (api *API) UpdateWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (WaitingRoomEvent, error) {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, waitingRoomEvent.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, waitingRoomEvent)
+	if err != nil {
+		return WaitingRoomEvent{}, err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// DeleteWaitingRoomEvent deletes an event for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-delete-event
+func (api *API) DeleteWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, eventID string) error {
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, eventID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+	var r WaitingRoomEventDetailResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return nil
+}
+
+type ListWaitingRoomRuleParams struct {
+	WaitingRoomID string
+}
+
+type CreateWaitingRoomRuleParams struct {
+	WaitingRoomID string
+	Rule          WaitingRoomRule
+}
+
+type ReplaceWaitingRoomRuleParams struct {
+	WaitingRoomID string
+	Rules         []WaitingRoomRule
+}
+
+type UpdateWaitingRoomRuleParams struct {
+	WaitingRoomID string
+	Rule          WaitingRoomRule
+}
+
+type DeleteWaitingRoomRuleParams struct {
+	WaitingRoomID string
+	RuleID        string
+}
+
+// ListWaitingRoomRules lists all rules for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-list-waiting-room-rules
+func (api *API) ListWaitingRoomRules(ctx context.Context, rc *ResourceContainer, params ListWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
+	if params.WaitingRoomID == "" {
+		return nil, ErrMissingWaitingRoomID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var r WaitingRoomRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// CreateWaitingRoomRule creates a new rule for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-create-waiting-room-rule
+func (api *API) CreateWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params CreateWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
+	if params.WaitingRoomID == "" {
+		return nil, ErrMissingWaitingRoomID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Rule)
+	if err != nil {
+		return nil, err
+	}
+
+	var r WaitingRoomRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// ReplaceWaitingRoomRules replaces all rules for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-replace-waiting-room-rules
+func (api *API) ReplaceWaitingRoomRules(ctx context.Context, rc *ResourceContainer, params ReplaceWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
+	if params.WaitingRoomID == "" {
+		return nil, ErrMissingWaitingRoomID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Rules)
+	if err != nil {
+		return nil, err
+	}
+
+	var r WaitingRoomRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateWaitingRoomRule updates a rule for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-patch-waiting-room-rule
+func (api *API) UpdateWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params UpdateWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
+	if params.WaitingRoomID == "" {
+		return nil, ErrMissingWaitingRoomID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules/%s", rc.Identifier, params.WaitingRoomID, params.Rule.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params.Rule)
+	if err != nil {
+		return nil, err
+	}
+
+	var r WaitingRoomRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DeleteWaitingRoomRule deletes a rule for a Waiting Room.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-delete-waiting-room-rule
+func (api *API) DeleteWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params DeleteWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
+	if params.WaitingRoomID == "" {
+		return nil, ErrMissingWaitingRoomID
+	}
+
+	if params.RuleID == "" {
+		return nil, ErrMissingWaitingRoomRuleID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules/%s", rc.Identifier, params.WaitingRoomID, params.RuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	var r WaitingRoomRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// GetWaitingRoomSettings fetches the Waiting Room zone-level settings for a zone.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-get-zone-settings
+func (api *API) GetWaitingRoomSettings(ctx context.Context, rc *ResourceContainer) (WaitingRoomSettings, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WaitingRoomSettings{}, err
+	}
+	var r WaitingRoomSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+type PatchWaitingRoomSettingsParams struct {
+	SearchEngineCrawlerBypass *bool `json:"search_engine_crawler_bypass,omitempty"`
+}
+
+// PatchWaitingRoomSettings lets you change individual zone-level Waiting Room settings. This is
+// in contrast to UpdateWaitingRoomSettings which replaces all settings.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-patch-zone-settings
+func (api *API) PatchWaitingRoomSettings(ctx context.Context, rc *ResourceContainer, params PatchWaitingRoomSettingsParams) (WaitingRoomSettings, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return WaitingRoomSettings{}, err
+	}
+	var r WaitingRoomSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+type UpdateWaitingRoomSettingsParams struct {
+	SearchEngineCrawlerBypass *bool `json:"search_engine_crawler_bypass,omitempty"`
+}
+
+// UpdateWaitingRoomSettings lets you replace all zone-level Waiting Room settings. This is in contrast to
+// PatchWaitingRoomSettings which lets you change individual settings.
+//
+// API reference: https://api.cloudflare.com/#waiting-room-update-zone-settings
+func (api *API) UpdateWaitingRoomSettings(ctx context.Context, rc *ResourceContainer, params UpdateWaitingRoomSettingsParams) (WaitingRoomSettings, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
+	}
+
+	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return WaitingRoomSettings{}, err
+	}
+	var r WaitingRoomSettingsResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/waiting_room_test.go b/pkg/cloudflare-go/waiting_room_test.go
new file mode 100644
index 0000000000..4d5ccf00e0
--- /dev/null
+++ b/pkg/cloudflare-go/waiting_room_test.go
@@ -0,0 +1,886 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var waitingRoomID = "699d98642c564d2e855e9661899b7252"
+var waitingRoomEventID = "25756b2dfe6e378a06b033b670413757"
+var waitingRoomRuleID = "25756b2dfe6e378a06b033b670413757"
+var testTimestampWaitingRoom = time.Now().UTC()
+var testTimestampWaitingRoomEvent = time.Now().UTC()
+var testTimestampWaitingRoomEventPrequeue = time.Now().UTC()
+var testTimestampWaitingRoomEventStart = testTimestampWaitingRoomEventPrequeue.Add(5 * time.Minute)
+var testTimestampWaitingRoomEventEnd = testTimestampWaitingRoomEventStart.Add(1 * time.Minute)
+var waitingRoomJSON = fmt.Sprintf(`
+    {
+      "id": "%s",
+      "created_on": "%s",
+      "modified_on": "%s",
+      "name": "production_webinar",
+      "description": "Production - DO NOT MODIFY",
+      "queueing_method": "random",
+      "suspended": false,
+      "host": "shop.example.com",
+      "path": "/shop/checkout",
+      "queue_all": true,
+      "new_users_per_minute": 600,
+      "total_active_users": 1000,
+      "session_duration": 10,
+      "disable_session_renewal": false,
+      "json_response_enabled": true,
+      "custom_page_html": "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}",
+      "default_template_language": "en-US",
+      "next_event_prequeue_start_time": null,
+      "next_event_start_time": "%s",
+	  "cookie_suffix": "example_shop",
+	  "additional_routes": [{"host": "shop2.example.com", "path": "/shop/checkout"}],
+	  "queueing_status_code": 200
+    }
+   `, waitingRoomID, testTimestampWaitingRoom.Format(time.RFC3339Nano), testTimestampWaitingRoom.Format(time.RFC3339Nano),
+	testTimestampWaitingRoomEventStart.Format(time.RFC3339Nano))
+
+var waitingRoomEventJSON = fmt.Sprintf(`
+    {
+      "id": "%s",
+      "created_on": "%s",
+      "modified_on": "%s",
+      "name": "production_webinar_event",
+      "description": "Production event - DO NOT MODIFY",
+      "suspended": false,
+      "prequeue_start_time": "%s",
+      "event_start_time": "%s",
+      "event_end_time": "%s",
+      "shuffle_at_event_start": false,
+      "new_users_per_minute": 2000,
+      "total_active_users": 2500,
+      "session_duration": null,
+      "disable_session_renewal": null,
+      "queueing_method": "random",
+      "custom_page_html": "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Event is prequeueing / Queue all enabled {{/waitTimeKnown}}"
+    }
+   `, waitingRoomEventID, testTimestampWaitingRoomEvent.Format(time.RFC3339Nano),
+	testTimestampWaitingRoomEvent.Format(time.RFC3339Nano),
+	testTimestampWaitingRoomEventPrequeue.Format(time.RFC3339Nano),
+	testTimestampWaitingRoomEventStart.Format(time.RFC3339Nano),
+	testTimestampWaitingRoomEventEnd.Format(time.RFC3339Nano))
+
+var waitingRoomStatusJSON = fmt.Sprintf(`
+    {
+      "status": "queueing",
+      "event_id": "%s",
+      "estimated_queued_users": 10,
+      "estimated_total_active_users": 9,
+      "max_estimated_time_minutes": 5
+    }
+   `, waitingRoomEventID)
+
+var waitingRoomRuleJSON = fmt.Sprintf(`
+{
+  "id": "%s",
+  "version": "1",
+  "description": "bypass ip",
+  "action": "bypass_waiting_room",
+  "expression": "ip.src in {1.2.3.4 5.6.7.8}",
+  "enabled": true,
+  "last_updated": "%s"
+}
+`, waitingRoomRuleID, testTimestampWaitingRoom.Format(time.RFC3339Nano))
+
+var waitingRoomPagePreviewJSON = `
+    {
+      "preview_url": "http://waitingrooms.dev/preview/35af8c12-6d68-4608-babb-b53435a5ddfb"
+    }
+    `
+
+var waitingRoomSettingsJSON = `
+    {
+      "search_engine_crawler_bypass": true
+    }
+   `
+
+var waitingRoom = WaitingRoom{
+	ID:                         waitingRoomID,
+	CreatedOn:                  testTimestampWaitingRoom,
+	ModifiedOn:                 testTimestampWaitingRoom,
+	Name:                       "production_webinar",
+	Description:                "Production - DO NOT MODIFY",
+	QueueingMethod:             "random",
+	Suspended:                  false,
+	Host:                       "shop.example.com",
+	Path:                       "/shop/checkout",
+	QueueAll:                   true,
+	NewUsersPerMinute:          600,
+	TotalActiveUsers:           1000,
+	SessionDuration:            10,
+	DisableSessionRenewal:      false,
+	JsonResponseEnabled:        true,
+	CustomPageHTML:             "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}",
+	DefaultTemplateLanguage:    "en-US",
+	NextEventStartTime:         &testTimestampWaitingRoomEventStart,
+	NextEventPrequeueStartTime: nil,
+	CookieSuffix:               "example_shop",
+	AdditionalRoutes:           []*WaitingRoomRoute{{Host: "shop2.example.com", Path: "/shop/checkout"}},
+	QueueingStatusCode:         200,
+}
+
+var waitingRoomEvent = WaitingRoomEvent{
+	ID:                    waitingRoomEventID,
+	CreatedOn:             testTimestampWaitingRoomEvent,
+	ModifiedOn:            testTimestampWaitingRoomEvent,
+	Name:                  "production_webinar_event",
+	Description:           "Production event - DO NOT MODIFY",
+	Suspended:             false,
+	PrequeueStartTime:     &testTimestampWaitingRoomEventPrequeue,
+	EventStartTime:        testTimestampWaitingRoomEventStart,
+	EventEndTime:          testTimestampWaitingRoomEventEnd,
+	ShuffleAtEventStart:   false,
+	NewUsersPerMinute:     2000,
+	TotalActiveUsers:      2500,
+	SessionDuration:       0,
+	DisableSessionRenewal: nil,
+	QueueingMethod:        "random",
+	CustomPageHTML:        "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Event is prequeueing / Queue all enabled {{/waitTimeKnown}}",
+}
+
+var waitingRoomStatus = WaitingRoomStatus{
+	Status:                    "queueing",
+	EventID:                   waitingRoomEventID,
+	EstimatedQueuedUsers:      10,
+	EstimatedTotalActiveUsers: 9,
+	MaxEstimatedTimeMinutes:   5,
+}
+
+var waitingRoomPagePreview = WaitingRoomPagePreviewURL{
+	PreviewURL: "http://waitingrooms.dev/preview/35af8c12-6d68-4608-babb-b53435a5ddfb",
+}
+
+var waitingRoomRule = WaitingRoomRule{
+	ID:          waitingRoomRuleID,
+	Version:     "1",
+	Action:      "bypass_waiting_room",
+	Expression:  "ip.src in {1.2.3.4 5.6.7.8}",
+	Description: "bypass ip",
+	Enabled:     BoolPtr(true),
+	LastUpdated: &testTimestampWaitingRoom,
+}
+
+var waitingRoomSettings = WaitingRoomSettings{
+	SearchEngineCrawlerBypass: true,
+}
+
+var waitingRoomSettingsUpdate = UpdateWaitingRoomSettingsParams{
+	SearchEngineCrawlerBypass: BoolPtr(true),
+}
+
+var waitingRoomSettingsPatch = PatchWaitingRoomSettingsParams{
+	SearchEngineCrawlerBypass: BoolPtr(true),
+}
+
+func TestListWaitingRooms(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
+	want := []WaitingRoom{waitingRoom}
+
+	actual, err := client.ListWaitingRooms(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListWaitingRoomsNoResult(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": []
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
+	want := []WaitingRoom{}
+
+	actual, err := client.ListWaitingRooms(context.Background(), testZoneID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoom(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
+	want := waitingRoom
+
+	actual, err := client.WaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoomNotFound(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.WriteHeader(http.StatusNotFound)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": null,
+			  "errors": [
+			  	{
+      			"code": 1001,
+      			"message": "Object not found."
+    			}
+    		],
+			  "messages": []
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
+
+	_, err := client.WaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	assert.NotNil(t, err)
+}
+
+func TestCreateWaitingRoom(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
+	want := &waitingRoom
+
+	actual, err := client.CreateWaitingRoom(context.Background(), testZoneID, waitingRoom)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateWaitingRoomError(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.WriteHeader(http.StatusBadRequest)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			 "success": false,
+			 "errors": [
+			  	{
+      			"code": 1002,
+      			"message": "new_users_per_minute must be in range [200, total_active_users]: invalid data"
+    			}
+    		],
+			  "messages": []
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
+
+	_, err := client.CreateWaitingRoom(context.Background(), testZoneID, waitingRoom)
+	assert.NotNil(t, err)
+}
+
+func TestUpdateWaitingRoom(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
+	want := waitingRoom
+
+	actual, err := client.UpdateWaitingRoom(context.Background(), testZoneID, waitingRoom)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestChangeWaitingRoom(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
+	want := waitingRoom
+
+	actual, err := client.ChangeWaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", WaitingRoom{TotalActiveUsers: 400})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteWaitingRoom(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+			    "id": "699d98642c564d2e855e9661899b7252"
+			  }
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
+
+	err := client.DeleteWaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	assert.NoError(t, err)
+}
+
+func TestWaitingRoomStatus(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomStatusJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/status", handler)
+	want := waitingRoomStatus
+
+	actual, err := client.WaitingRoomStatus(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoomPagePreview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomPagePreviewJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/preview", handler)
+	want := waitingRoomPagePreview
+
+	actual, err := client.WaitingRoomPagePreview(context.Background(), testZoneID, "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateWaitingRoomEvent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
+	want := &waitingRoomEvent
+
+	actual, err := client.CreateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListWaitingRoomEvents(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
+	want := []WaitingRoomEvent{waitingRoomEvent}
+
+	actual, err := client.ListWaitingRoomEvents(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestListWaitingRoomEventsNoResult(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": []
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
+	want := []WaitingRoomEvent{}
+
+	actual, err := client.ListWaitingRoomEvents(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoomEvent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
+	want := waitingRoomEvent
+
+	actual, err := client.WaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoomEventPreview(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757/details", handler)
+	want := waitingRoomEvent
+
+	actual, err := client.WaitingRoomEventPreview(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateWaitingRoomEvent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
+	want := waitingRoomEvent
+
+	actual, err := client.UpdateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestChangeWaitingRoomEvent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomEventJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
+	want := waitingRoomEvent
+
+	actual, err := client.UpdateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteWaitingRoomEvent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+			    "id": "25756b2dfe6e378a06b033b670413757"
+			  }
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
+
+	err := client.DeleteWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
+	assert.NoError(t, err)
+}
+
+func TestListWaitingRoomRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomRuleJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
+	want := []WaitingRoomRule{waitingRoomRule}
+
+	actual, err := client.ListWaitingRoomRules(context.Background(), ZoneIdentifier(testZoneID), ListWaitingRoomRuleParams{WaitingRoomID: "699d98642c564d2e855e9661899b7252"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestCreateWaitingRoomRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomRuleJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
+	want := []WaitingRoomRule{waitingRoomRule}
+
+	actual, err := client.CreateWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), CreateWaitingRoomRuleParams{
+		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
+		Rule:          waitingRoomRule,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateWaitingRoomRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomRuleJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules/"+waitingRoomRuleID, handler)
+	want := []WaitingRoomRule{waitingRoomRule}
+
+	actual, err := client.UpdateWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), UpdateWaitingRoomRuleParams{
+		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
+		Rule:          waitingRoomRule,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestDeleteWaitingRoomRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": []
+			}
+		`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules/"+waitingRoomRuleID, handler)
+	want := []WaitingRoomRule{}
+
+	actual, err := client.DeleteWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), DeleteWaitingRoomRuleParams{
+		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
+		RuleID:        waitingRoomRuleID,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestReplaceWaitingRoomRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ]
+			}
+		`, waitingRoomRuleJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
+	want := []WaitingRoomRule{waitingRoomRule}
+
+	actual, err := client.ReplaceWaitingRoomRules(context.Background(), ZoneIdentifier(testZoneID), ReplaceWaitingRoomRuleParams{
+		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
+		Rules:         want,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestWaitingRoomSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomSettingsJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
+	want := waitingRoomSettings
+
+	actual, err := client.GetWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID))
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateWaitingRoomSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomSettingsJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
+	want := waitingRoomSettings
+
+	actual, err := client.UpdateWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID), waitingRoomSettingsUpdate)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestChangeWaitingRoomSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, waitingRoomSettingsJSON)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
+	want := waitingRoomSettings
+
+	actual, err := client.PatchWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID), waitingRoomSettingsPatch)
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/web3.go b/pkg/cloudflare-go/web3.go
new file mode 100644
index 0000000000..481a5332b7
--- /dev/null
+++ b/pkg/cloudflare-go/web3.go
@@ -0,0 +1,198 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	// ErrMissingIdentifier is for when identifier is required but missing.
+	ErrMissingIdentifier = errors.New("identifier required but missing")
+	// ErrMissingName is for when name is required but missing.
+	ErrMissingName = errors.New("name required but missing")
+	// ErrMissingTarget is for when target is required but missing.
+	ErrMissingTarget = errors.New("target required but missing")
+)
+
+// Web3Hostname represents a web3 hostname.
+type Web3Hostname struct {
+	ID          string     `json:"id,omitempty"`
+	Name        string     `json:"name,omitempty"`
+	Description string     `json:"description,omitempty"`
+	Status      string     `json:"status,omitempty"`
+	Target      string     `json:"target,omitempty"`
+	Dnslink     string     `json:"dnslink,omitempty"`
+	CreatedOn   *time.Time `json:"created_on,omitempty"`
+	ModifiedOn  *time.Time `json:"modified_on,omitempty"`
+}
+
+// Web3HostnameListParameters represents the parameters for listing web3 hostnames.
+type Web3HostnameListParameters struct {
+	ZoneID string
+}
+
+// Web3HostnameListResponse represents the API response body for listing web3 hostnames.
+type Web3HostnameListResponse struct {
+	Response
+	Result []Web3Hostname `json:"result"`
+}
+
+// Web3HostnameCreateParameters represents the parameters for creating a web3 hostname.
+type Web3HostnameCreateParameters struct {
+	ZoneID      string
+	Name        string `json:"name,omitempty"`
+	Target      string `json:"target,omitempty"`
+	Description string `json:"description,omitempty"`
+	DNSLink     string `json:"dnslink,omitempty"`
+}
+
+// Web3HostnameResponse represents an API response body for a web3 hostname.
+type Web3HostnameResponse struct {
+	Response
+	Result Web3Hostname `json:"result,omitempty"`
+}
+
+// Web3HostnameDetailsParameters represents the parameters for getting a single web3 hostname.
+type Web3HostnameDetailsParameters struct {
+	ZoneID     string
+	Identifier string
+}
+
+// Web3HostnameUpdateParameters represents the parameters for editing a web3 hostname.
+type Web3HostnameUpdateParameters struct {
+	ZoneID      string
+	Identifier  string
+	Description string `json:"description,omitempty"`
+	DNSLink     string `json:"dnslink,omitempty"`
+}
+
+// Web3HostnameDeleteResult represents the result of deleting a web3 hostname.
+type Web3HostnameDeleteResult struct {
+	ID string `json:"id,omitempty"`
+}
+
+// Web3HostnameDeleteResponse represents the API response body for deleting a web3 hostname.
+type Web3HostnameDeleteResponse struct {
+	Response
+	Result Web3HostnameDeleteResult `json:"result,omitempty"`
+}
+
+// ListWeb3Hostnames lists all web3 hostnames.
+//
+// API Reference: https://api.cloudflare.com/#web3-hostname-list-web3-hostnames
+func (api *API) ListWeb3Hostnames(ctx context.Context, params Web3HostnameListParameters) ([]Web3Hostname, error) {
+	if params.ZoneID == "" {
+		return []Web3Hostname{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/web3/hostnames", params.ZoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []Web3Hostname{}, err
+	}
+	var web3ListResponse Web3HostnameListResponse
+	if err := json.Unmarshal(res, &web3ListResponse); err != nil {
+		return []Web3Hostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return web3ListResponse.Result, nil
+}
+
+// CreateWeb3Hostname creates a web3 hostname.
+//
+// API Reference: https://api.cloudflare.com/#web3-hostname-create-web3-hostname
+func (api *API) CreateWeb3Hostname(ctx context.Context, params Web3HostnameCreateParameters) (Web3Hostname, error) {
+	if params.ZoneID == "" {
+		return Web3Hostname{}, ErrMissingZoneID
+	}
+	if params.Name == "" {
+		return Web3Hostname{}, ErrMissingName
+	}
+	if params.Target == "" {
+		return Web3Hostname{}, ErrMissingTarget
+	}
+
+	uri := fmt.Sprintf("/zones/%s/web3/hostnames", params.ZoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return Web3Hostname{}, err
+	}
+	var web3Response Web3HostnameResponse
+	if err := json.Unmarshal(res, &web3Response); err != nil {
+		return Web3Hostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return web3Response.Result, nil
+}
+
+// GetWeb3Hostname gets a single web3 hostname by identifier.
+//
+// API Reference: https://api.cloudflare.com/#web3-hostname-web3-hostname-details
+func (api *API) GetWeb3Hostname(ctx context.Context, params Web3HostnameDetailsParameters) (Web3Hostname, error) {
+	if params.ZoneID == "" {
+		return Web3Hostname{}, ErrMissingZoneID
+	}
+	if params.Identifier == "" {
+		return Web3Hostname{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Web3Hostname{}, err
+	}
+	var web3Response Web3HostnameResponse
+	if err := json.Unmarshal(res, &web3Response); err != nil {
+		return Web3Hostname{}, err
+	}
+	return web3Response.Result, nil
+}
+
+// UpdateWeb3Hostname edits a web3 hostname.
+//
+// API Reference: https://api.cloudflare.com/#web3-hostname-edit-web3-hostname
+func (api *API) UpdateWeb3Hostname(ctx context.Context, params Web3HostnameUpdateParameters) (Web3Hostname, error) {
+	if params.ZoneID == "" {
+		return Web3Hostname{}, ErrMissingZoneID
+	}
+	if params.Identifier == "" {
+		return Web3Hostname{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return Web3Hostname{}, err
+	}
+	var web3Response Web3HostnameResponse
+	if err := json.Unmarshal(res, &web3Response); err != nil {
+		return Web3Hostname{}, err
+	}
+	return web3Response.Result, nil
+}
+
+// DeleteWeb3Hostname deletes a web3 hostname.
+//
+// API Reference: https://api.cloudflare.com/#web3-hostname-delete-web3-hostname
+func (api *API) DeleteWeb3Hostname(ctx context.Context, params Web3HostnameDetailsParameters) (Web3HostnameDeleteResult, error) {
+	if params.ZoneID == "" {
+		return Web3HostnameDeleteResult{}, ErrMissingZoneID
+	}
+	if params.Identifier == "" {
+		return Web3HostnameDeleteResult{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return Web3HostnameDeleteResult{}, err
+	}
+	var web3Response Web3HostnameDeleteResponse
+	if err := json.Unmarshal(res, &web3Response); err != nil {
+		return Web3HostnameDeleteResult{}, err
+	}
+	return web3Response.Result, nil
+}
diff --git a/pkg/cloudflare-go/web3_test.go b/pkg/cloudflare-go/web3_test.go
new file mode 100644
index 0000000000..690cbccc15
--- /dev/null
+++ b/pkg/cloudflare-go/web3_test.go
@@ -0,0 +1,228 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testWeb3HostnameID = "9a7806061c88ada191ed06f989cc3dac"
+
+func createTestWeb3Hostname() Web3Hostname {
+	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	return Web3Hostname{
+		ID:          testWeb3HostnameID,
+		Name:        "gateway.example.com",
+		Description: "This is my IPFS gateway.",
+		Status:      "active",
+		Target:      "ipfs",
+		Dnslink:     "/ipns/onboarding.ipfs.cloudflare.com",
+		CreatedOn:   &createdOn,
+		ModifiedOn:  &modifiedOn,
+	}
+}
+
+func TestListWeb3Hostnames(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": [
+		{
+		  "id": "9a7806061c88ada191ed06f989cc3dac",
+		  "name": "gateway.example.com",
+		  "description": "This is my IPFS gateway.",
+		  "status": "active",
+		  "target": "ipfs",
+		  "dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
+		  "created_on": "2014-01-01T05:20:00.12345Z",
+		  "modified_on": "2014-01-01T05:20:00.12345Z"
+		}
+	  ]
+	}`)
+	})
+
+	_, err := client.ListWeb3Hostnames(context.Background(), Web3HostnameListParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+	out, err := client.ListWeb3Hostnames(context.Background(), Web3HostnameListParameters{ZoneID: testZoneID})
+	assert.NoError(t, err, "Got error listing web3 hostnames")
+	want := createTestWeb3Hostname()
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(out), "length of web3hosts is wrong")
+		assert.Equal(t, want, out[0], "structs not equal")
+	}
+}
+
+func TestCreateWeb3Hostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result":
+		{
+		  "id": "9a7806061c88ada191ed06f989cc3dac",
+		  "name": "gateway.example.com",
+		  "description": "This is my IPFS gateway.",
+		  "status": "active",
+		  "target": "ipfs",
+		  "dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
+		  "created_on": "2014-01-01T05:20:00.12345Z",
+		  "modified_on": "2014-01-01T05:20:00.12345Z"
+		}
+	}`)
+	})
+
+	_, err := client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	_, err = client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingName, err)
+	}
+
+	_, err = client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID, Name: "gateway.example.com"})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingTarget, err)
+	}
+
+	out, err := client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID, Name: "gateway.example.com", Target: "ipfs"})
+	assert.NoError(t, err, "Got error creating web3 hostname")
+	want := createTestWeb3Hostname()
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestGetWeb3Hostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"id": "9a7806061c88ada191ed06f989cc3dac",
+		"name": "gateway.example.com",
+		"description": "This is my IPFS gateway.",
+		"status": "active",
+		"target": "ipfs",
+		"dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
+		"created_on": "2014-01-01T05:20:00.12345Z",
+		"modified_on": "2014-01-01T05:20:00.12345Z"
+	  }
+	}`)
+	})
+	_, err := client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+	_, err = client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingIdentifier, err)
+	}
+
+	out, err := client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
+	assert.NoError(t, err, "Got error getting web3 hostname")
+	want := createTestWeb3Hostname()
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestUpdateWeb3Hostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"id": "9a7806061c88ada191ed06f989cc3dac",
+		"name": "gateway.example.com",
+		"description": "This is my IPFS gateway.",
+		"status": "active",
+		"target": "ipfs",
+		"dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
+		"created_on": "2014-01-01T05:20:00.12345Z",
+		"modified_on": "2014-01-01T05:20:00.12345Z"
+	  }
+	}`)
+	})
+	_, err := client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+	_, err = client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{ZoneID: testZoneID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingIdentifier, err)
+	}
+
+	out, err := client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
+	assert.NoError(t, err, "Got error getting web3 hostname")
+	want := createTestWeb3Hostname()
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out, "structs not equal")
+	}
+}
+
+func TestDeleteWeb3Hostname(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"id": "9a7806061c88ada191ed06f989cc3dac"
+	  }
+	}
+	`)
+	})
+	_, err := client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+	_, err = client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingIdentifier, err)
+	}
+
+	out, err := client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
+	assert.NoError(t, err, "Got error deleting web3 hostname")
+	if assert.NoError(t, err) {
+		assert.Equal(t, testWeb3HostnameID, out.ID, "delete web3 response incorrect")
+	}
+}
diff --git a/pkg/cloudflare-go/web_analytics.go b/pkg/cloudflare-go/web_analytics.go
new file mode 100644
index 0000000000..9f3041f1a3
--- /dev/null
+++ b/pkg/cloudflare-go/web_analytics.go
@@ -0,0 +1,411 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingWebAnalyticsSiteTag     = errors.New("missing required web analytics site ID")
+	ErrMissingWebAnalyticsRulesetID   = errors.New("missing required web analytics ruleset ID")
+	ErrMissingWebAnalyticsRuleID      = errors.New("missing required web analytics rule ID")
+	ErrMissingWebAnalyticsSiteHost    = errors.New("missing required web analytics host or zone_tag")
+	ErrConflictingWebAnalyticSiteHost = errors.New("conflicting web analytics host and zone_tag, only one must be specified")
+)
+
+// listWebAnalyticsSitesDefaultPageSize represents the default per_pagesize of the API.
+var listWebAnalyticsSitesDefaultPageSize = 10
+
+// WebAnalyticsSite describes a Web Analytics Site object.
+type WebAnalyticsSite struct {
+	SiteTag   string     `json:"site_tag"`
+	SiteToken string     `json:"site_token"`
+	Created   *time.Time `json:"created,omitempty"`
+	// Snippet is an encoded JS script to insert into your site HTML.
+	Snippet string `json:"snippet"`
+	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
+	AutoInstall bool                `json:"auto_install"`
+	Ruleset     WebAnalyticsRuleset `json:"ruleset"`
+	Rules       []WebAnalyticsRule  `json:"rules"`
+}
+
+// WebAnalyticsRule describes a Web Analytics Rule object.
+type WebAnalyticsRule struct {
+	ID    string   `json:"id,omitempty"`
+	Host  string   `json:"host"`
+	Paths []string `json:"paths"`
+	// Inclusive defines whether the rule includes or excludes the matched traffic from being measured in web analytics.
+	Inclusive bool       `json:"inclusive"`
+	Created   *time.Time `json:"created,omitempty"`
+	// IsPaused defines whether the rule is paused (inactive) or not.
+	IsPaused bool `json:"is_paused"`
+	Priority int  `json:"priority,omitempty"`
+}
+
+// CreateWebAnalyticsRule describes the properties required to create or update a Web Analytics Rule object.
+type CreateWebAnalyticsRule struct {
+	ID    string   `json:"id,omitempty"`
+	Host  string   `json:"host"`
+	Paths []string `json:"paths"`
+	// Inclusive defines whether the rule includes or excludes the matched traffic from being measured in web analytics.
+	Inclusive bool `json:"inclusive"`
+	IsPaused  bool `json:"is_paused"`
+}
+
+// WebAnalyticsRuleset describes a Web Analytics Ruleset object.
+type WebAnalyticsRuleset struct {
+	ID       string `json:"id"`
+	ZoneTag  string `json:"zone_tag"`
+	ZoneName string `json:"zone_name"`
+	Enabled  bool   `json:"enabled"`
+}
+
+// WebAnalyticsSiteResponse is the API response, containing a single WebAnalyticsSite.
+type WebAnalyticsSiteResponse struct {
+	Response
+	Result WebAnalyticsSite `json:"result"`
+}
+
+// WebAnalyticsSitesResponse is the API response, containing an array of WebAnalyticsSite.
+type WebAnalyticsSitesResponse struct {
+	Response
+	ResultInfo ResultInfo         `json:"result_info"`
+	Result     []WebAnalyticsSite `json:"result"`
+}
+
+// WebAnalyticsRuleResponse is the API response, containing a single WebAnalyticsRule.
+type WebAnalyticsRuleResponse struct {
+	Response
+	Result WebAnalyticsRule `json:"result"`
+}
+
+type WebAnalyticsRulesetRules struct {
+	Ruleset WebAnalyticsRuleset `json:"ruleset"`
+	Rules   []WebAnalyticsRule  `json:"rules"`
+}
+
+// WebAnalyticsRulesResponse is the API response, containing a WebAnalyticsRuleset and array of WebAnalyticsRule.
+type WebAnalyticsRulesResponse struct {
+	Response
+	Result WebAnalyticsRulesetRules `json:"result"`
+}
+
+// WebAnalyticsIDResponse is the API response, containing a single ID.
+type WebAnalyticsIDResponse struct {
+	Response
+	Result struct {
+		ID string `json:"id"`
+	} `json:"result"`
+}
+
+// WebAnalyticsSiteTagResponse is the API response, containing a single ID.
+type WebAnalyticsSiteTagResponse struct {
+	Response
+	Result struct {
+		SiteTag string `json:"site_tag"`
+	} `json:"result"`
+}
+
+type CreateWebAnalyticsSiteParams struct {
+	// Host is the host to measure traffic for.
+	Host string `json:"host,omitempty"`
+	// ZoneTag is the zone tag to measure traffic for.
+	ZoneTag string `json:"zone_tag,omitempty"`
+	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
+	AutoInstall *bool `json:"auto_install"`
+}
+
+// CreateWebAnalyticsSite creates a new Web Analytics Site for an Account.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-create-site
+func (api *API) CreateWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params CreateWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.Host == "" && params.ZoneTag == "" {
+		return nil, ErrMissingWebAnalyticsSiteHost
+	}
+	if params.Host != "" && params.ZoneTag != "" {
+		return nil, ErrConflictingWebAnalyticSiteHost
+	}
+	if params.AutoInstall == nil {
+		// default auto_install to true for orange-clouded zones (zone_tag is specified)
+		params.AutoInstall = BoolPtr(params.ZoneTag != "")
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/site_info", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsSiteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type ListWebAnalyticsSitesParams struct {
+	ResultInfo
+	// Property to order Sites by, "host" or "created".
+	OrderBy string `url:"order_by,omitempty"`
+}
+
+// ListWebAnalyticsSites returns all Web Analytics Sites of an Account.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-list-sites
+func (api *API) ListWebAnalyticsSites(ctx context.Context, rc *ResourceContainer, params ListWebAnalyticsSitesParams) ([]WebAnalyticsSite, *ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, nil, ErrRequiredAccountLevelResourceContainer
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = listWebAnalyticsSitesDefaultPageSize
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var sites []WebAnalyticsSite
+	var lastResultInfo ResultInfo
+
+	for {
+		uri := buildURI(fmt.Sprintf("/accounts/%s/rum/site_info/list", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return nil, nil, err
+		}
+		var r WebAnalyticsSitesResponse
+		err = json.Unmarshal(res, &r)
+		if err != nil {
+			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		sites = append(sites, r.Result...)
+		lastResultInfo = r.ResultInfo
+		params.ResultInfo = r.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return sites, &lastResultInfo, nil
+}
+
+type GetWebAnalyticsSiteParams struct {
+	SiteTag string
+}
+
+// GetWebAnalyticsSite fetches detail about one Web Analytics Site for an Account.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-get-site
+func (api *API) GetWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params GetWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.SiteTag == "" {
+		return nil, ErrMissingWebAnalyticsSiteTag
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsSiteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type UpdateWebAnalyticsSiteParams struct {
+	SiteTag string `json:"-"`
+	// Host is the host to measure traffic for.
+	Host string `json:"host,omitempty"`
+	// ZoneTag is the zone tag to measure traffic for.
+	ZoneTag string `json:"zone_tag,omitempty"`
+	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
+	AutoInstall *bool `json:"auto_install"`
+}
+
+// UpdateWebAnalyticsSite updates an existing Web Analytics Site for an Account.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-update-site
+func (api *API) UpdateWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params UpdateWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.SiteTag == "" {
+		return nil, ErrMissingWebAnalyticsSiteTag
+	}
+	if params.AutoInstall == nil {
+		// default auto_install to true for orange-clouded zones (zone_tag is specified)
+		params.AutoInstall = BoolPtr(params.ZoneTag != "")
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsSiteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type DeleteWebAnalyticsSiteParams struct {
+	SiteTag string
+}
+
+// DeleteWebAnalyticsSite deletes an existing Web Analytics Site for an Account.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-delete-site
+func (api *API) DeleteWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params DeleteWebAnalyticsSiteParams) (*string, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.SiteTag == "" {
+		return nil, ErrMissingWebAnalyticsSiteTag
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsSiteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result.SiteTag, nil
+}
+
+type CreateWebAnalyticsRuleParams struct {
+	RulesetID string
+	Rule      CreateWebAnalyticsRule
+}
+
+// CreateWebAnalyticsRule creates a new Web Analytics Rule in a Web Analytics ruleset.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-create-rule
+func (api *API) CreateWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params CreateWebAnalyticsRuleParams) (*WebAnalyticsRule, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.RulesetID == "" {
+		return nil, ErrMissingWebAnalyticsRulesetID
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule", rc.Identifier, params.RulesetID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Rule)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type ListWebAnalyticsRulesParams struct {
+	RulesetID string
+}
+
+// ListWebAnalyticsRules fetches all Web Analytics Rules in a Web Analytics ruleset.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-list-rules
+func (api *API) ListWebAnalyticsRules(ctx context.Context, rc *ResourceContainer, params ListWebAnalyticsRulesParams) (*WebAnalyticsRulesetRules, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.RulesetID == "" {
+		return nil, ErrMissingWebAnalyticsRulesetID
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rules", rc.Identifier, params.RulesetID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsRulesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
+
+type DeleteWebAnalyticsRuleParams struct {
+	RulesetID string
+	RuleID    string
+}
+
+// DeleteWebAnalyticsRule deletes an existing Web Analytics Rule from a Web Analytics ruleset.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-delete-rule
+func (api *API) DeleteWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params DeleteWebAnalyticsRuleParams) (*string, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.RulesetID == "" {
+		return nil, ErrMissingWebAnalyticsRulesetID
+	}
+	if params.RuleID == "" {
+		return nil, ErrMissingWebAnalyticsRuleID
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule/%s", rc.Identifier, params.RulesetID, params.RuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsIDResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result.ID, nil
+}
+
+type UpdateWebAnalyticsRuleParams struct {
+	RulesetID string
+	RuleID    string
+	Rule      CreateWebAnalyticsRule
+}
+
+// UpdateWebAnalyticsRule updates a Web Analytics Rule in a Web Analytics ruleset.
+//
+// API reference: https://api.cloudflare.com/#web-analytics-update-rule
+func (api *API) UpdateWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params UpdateWebAnalyticsRuleParams) (*WebAnalyticsRule, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+	if params.RulesetID == "" {
+		return nil, ErrMissingWebAnalyticsRulesetID
+	}
+	if params.RuleID == "" {
+		return nil, ErrMissingWebAnalyticsRuleID
+	}
+	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule/%s", rc.Identifier, params.RulesetID, params.RuleID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Rule)
+	if err != nil {
+		return nil, err
+	}
+	var r WebAnalyticsRuleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return &r.Result, nil
+}
diff --git a/pkg/cloudflare-go/web_analytics_test.go b/pkg/cloudflare-go/web_analytics_test.go
new file mode 100644
index 0000000000..cbacbb2ded
--- /dev/null
+++ b/pkg/cloudflare-go/web_analytics_test.go
@@ -0,0 +1,385 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var siteTag = "46c32e0ea0e85e90aa1a6df4596b831e"
+var siteToken = "75300e6c2c5648d983fcef2a6c03d14e"
+var rulesetID = "2e8804e9-674f-4652-94a4-1c664d0d6764"
+var ruleID = "3caf59c9-eda3-4f99-a4a3-ee5fc2358a78"
+
+// var snippetFormat = `\u003c!-- Cloudflare Web Analytics --\u003e\u003cscript defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{\"token\": \"%s\"}'\u003e\u003c/script\u003e\u003c!-- End Cloudflare Web Analytics --\u003e`.
+var snippetFormat = `%s`
+var createdTimestamp = time.Now().UTC()
+var siteJSON = fmt.Sprintf(`
+{
+  "site_tag": "%s",
+  "site_token": "%s",
+  "created": "%s",
+  "snippet": "%s",
+  "auto_install": true,
+  "ruleset": {
+    "zone_tag": "%s",
+    "zone_name": "example.com",
+    "enabled": true,
+    "id": "%s"
+  },
+  "rules": [
+    {
+      "host": "example.com",
+      "paths": [
+        "*"
+      ],
+      "inclusive": true,
+      "created": "%s",
+      "is_paused": false,
+      "priority": 1000,
+      "id": "%s"
+    }
+  ]
+}
+`, siteTag, siteToken, createdTimestamp.Format(time.RFC3339Nano), fmt.Sprintf(snippetFormat, siteToken), testZoneID, rulesetID, createdTimestamp.Format(time.RFC3339Nano), ruleID)
+
+var rulesetJSON = fmt.Sprintf(`
+{
+  "id": "%s",
+  "zone_tag": "%s",
+  "zone_name": "%s",
+  "enabled": true
+}
+`, rulesetID, testZoneID, "example.com")
+
+var ruleJSON = fmt.Sprintf(`
+{
+  "id": "%s",
+  "host": "example.com",
+  "paths": [
+    "*"
+  ],
+  "inclusive": true,
+  "created": "%s",
+  "is_paused": false,
+  "priority": 1000
+}
+`, ruleID, createdTimestamp.Format(time.RFC3339Nano))
+
+var site = WebAnalyticsSite{
+	SiteTag:     siteTag,
+	SiteToken:   siteToken,
+	AutoInstall: true,
+	Snippet:     fmt.Sprintf(snippetFormat, siteToken),
+	Ruleset:     ruleset,
+	Rules: []WebAnalyticsRule{
+		rule,
+	},
+	Created: TimePtr(createdTimestamp.UTC()),
+}
+
+var ruleset = WebAnalyticsRuleset{
+	ID:       rulesetID,
+	ZoneTag:  testZoneID,
+	ZoneName: "example.com",
+	Enabled:  true,
+}
+
+var rule = WebAnalyticsRule{
+	ID:   ruleID,
+	Host: "example.com",
+	Paths: []string{
+		"*",
+	},
+	Inclusive: true,
+	Created:   TimePtr(createdTimestamp.UTC()),
+	IsPaused:  false,
+	Priority:  1000,
+}
+
+func TestListWebAnalyticsSites(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "1", r.URL.Query().Get("page"))
+		assert.Equal(t, "10", r.URL.Query().Get("per_page"))
+		assert.Equal(t, "host", r.URL.Query().Get("order_by"))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": [
+			    %s
+			  ],
+              "result_info": {
+                "page": 1,
+                "per_page": 10,
+                "count": 1,
+                "total_count": 1,
+                "total_pages": 1
+              }
+			}
+		`, siteJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/list", handler)
+	want := []WebAnalyticsSite{site}
+	actual, resultInfo, err := client.ListWebAnalyticsSites(context.Background(), AccountIdentifier(testAccountID), ListWebAnalyticsSitesParams{
+		ResultInfo: ResultInfo{
+			Page:    0,
+			PerPage: 0,
+		},
+		OrderBy: "host",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+		assert.Equal(t, &ResultInfo{
+			Page:       1,
+			PerPage:    10,
+			TotalPages: 1,
+			Count:      1,
+			Total:      1,
+		}, resultInfo)
+		assert.Len(t, actual, 1)
+	}
+}
+
+func TestGetWebAnalyticsSite(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, siteJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
+	want := site
+	actual, err := client.GetWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), GetWebAnalyticsSiteParams{
+		SiteTag: siteTag,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestCreateWebAnalyticsSite(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		body, err := io.ReadAll(r.Body)
+		assert.NoError(t, err)
+		assert.True(t, strings.Contains(string(body), `"auto_install":true`))
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, siteJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info", handler)
+	want := site
+	actual, err := client.CreateWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), CreateWebAnalyticsSiteParams{
+		ZoneTag: testZoneID,
+		//AutoInstall: BoolPtr(true),  // should default to true
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestUpdateWebAnalyticsSite(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, siteJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
+	want := site
+	actual, err := client.UpdateWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), UpdateWebAnalyticsSiteParams{
+		SiteTag:     site.SiteTag,
+		Host:        "example.com",
+		AutoInstall: BoolPtr(true),
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestDeleteWebAnalyticsSite(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+                "site_tag": "%s"
+              }
+			}
+		`, siteTag)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
+	want := siteTag
+	actual, err := client.DeleteWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), DeleteWebAnalyticsSiteParams{
+		SiteTag: siteTag,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestListWebAnalyticsRules(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+                "ruleset": %s,
+                "rules": [
+                  %s
+                ]
+              }
+			}
+		`, rulesetJSON, ruleJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rules", handler)
+	want := WebAnalyticsRulesetRules{
+		Ruleset: ruleset,
+		Rules:   []WebAnalyticsRule{rule},
+	}
+	actual, err := client.ListWebAnalyticsRules(context.Background(), AccountIdentifier(testAccountID), ListWebAnalyticsRulesParams{
+		RulesetID: rulesetID,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestCreateWebAnalyticsRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, ruleJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule", handler)
+	want := rule
+	actual, err := client.CreateWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), CreateWebAnalyticsRuleParams{
+		RulesetID: rulesetID,
+		Rule: CreateWebAnalyticsRule{
+			Host:      "example.com",
+			Paths:     []string{"*"},
+			Inclusive: true,
+			IsPaused:  false,
+		},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestUpdateWebAnalyticsRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": %s
+			}
+		`, ruleJSON)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule/"+ruleID, handler)
+	want := rule
+	actual, err := client.UpdateWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), UpdateWebAnalyticsRuleParams{
+		RulesetID: rulesetID,
+		RuleID:    ruleID,
+		Rule: CreateWebAnalyticsRule{
+			Host:      "example.com",
+			Paths:     []string{"*"},
+			Inclusive: true,
+			IsPaused:  false,
+		},
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
+
+func TestDeleteWebAnalyticsRule(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			  "success": true,
+			  "errors": [],
+			  "messages": [],
+			  "result": {
+                "id": "%s"
+              }
+			}
+		`, ruleID)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule/"+ruleID, handler)
+	want := ruleID
+	actual, err := client.DeleteWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), DeleteWebAnalyticsRuleParams{
+		RulesetID: rulesetID,
+		RuleID:    ruleID,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, &want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/workers.go b/pkg/cloudflare-go/workers.go
new file mode 100644
index 0000000000..2ffc492dde
--- /dev/null
+++ b/pkg/cloudflare-go/workers.go
@@ -0,0 +1,631 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"mime"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+	"strings"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// WorkerRequestParams provides parameters for worker requests for both enterprise and standard requests.
+type WorkerRequestParams struct {
+	ZoneID     string
+	ScriptName string
+}
+
+type CreateWorkerParams struct {
+	ScriptName string
+	Script     string
+
+	// DispatchNamespaceName uploads the worker to a WFP dispatch namespace if provided
+	DispatchNamespaceName *string
+
+	// Module changes the Content-Type header to specify the script is an
+	// ES Module syntax script.
+	Module bool
+
+	// Logpush opts the worker into Workers Logpush logging. A nil value leaves
+	// the current setting unchanged.
+	//
+	// Documentation: https://developers.cloudflare.com/workers/platform/logpush/
+	Logpush *bool
+
+	// TailConsumers specifies a list of Workers that will consume the logs of
+	// the attached Worker.
+	// Documentation: https://developers.cloudflare.com/workers/platform/tail-workers/
+	TailConsumers *[]WorkersTailConsumer
+
+	// Bindings should be a map where the keys are the binding name, and the
+	// values are the binding content
+	Bindings map[string]WorkerBinding
+
+	// CompatibilityDate is a date in the form yyyy-mm-dd,
+	// which will be used to determine which version of the Workers runtime is used.
+	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/
+	CompatibilityDate string
+
+	// CompatibilityFlags are the names of features of the Workers runtime to be enabled or disabled,
+	// usually used together with CompatibilityDate.
+	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/#compatibility-flags
+	CompatibilityFlags []string
+
+	Placement *Placement
+
+	// Tags are used to better manage CRUD operations at scale.
+	//  https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/platform/tags/
+	Tags []string
+}
+
+func (p CreateWorkerParams) RequiresMultipart() bool {
+	switch {
+	case p.Module:
+		return true
+	case p.Logpush != nil:
+		return true
+	case p.Placement != nil:
+		return true
+	case len(p.Bindings) > 0:
+		return true
+	case p.CompatibilityDate != "":
+		return true
+	case len(p.CompatibilityFlags) > 0:
+		return true
+	case p.TailConsumers != nil:
+		return true
+	case len(p.Tags) > 0:
+		return true
+	}
+
+	return false
+}
+
+type UpdateWorkersScriptContentParams struct {
+	ScriptName string
+	Script     string
+
+	// DispatchNamespaceName uploads the worker to a WFP dispatch namespace if provided
+	DispatchNamespaceName *string
+
+	// Module changes the Content-Type header to specify the script is an
+	// ES Module syntax script.
+	Module bool
+}
+
+type UpdateWorkersScriptSettingsParams struct {
+	ScriptName string
+
+	// Logpush opts the worker into Workers Logpush logging. A nil value leaves
+	// the current setting unchanged.
+	//
+	// Documentation: https://developers.cloudflare.com/workers/platform/logpush/
+	Logpush *bool
+
+	// TailConsumers specifies a list of Workers that will consume the logs of
+	// the attached Worker.
+	// Documentation: https://developers.cloudflare.com/workers/platform/tail-workers/
+	TailConsumers *[]WorkersTailConsumer
+
+	// Bindings should be a map where the keys are the binding name, and the
+	// values are the binding content
+	Bindings map[string]WorkerBinding
+
+	// CompatibilityDate is a date in the form yyyy-mm-dd,
+	// which will be used to determine which version of the Workers runtime is used.
+	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/
+	CompatibilityDate string
+
+	// CompatibilityFlags are the names of features of the Workers runtime to be enabled or disabled,
+	// usually used together with CompatibilityDate.
+	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/#compatibility-flags
+	CompatibilityFlags []string
+
+	Placement *Placement
+}
+
+// WorkerScriptParams provides a worker script and the associated bindings.
+type WorkerScriptParams struct {
+	ScriptName string
+
+	// Module changes the Content-Type header to specify the script is an
+	// ES Module syntax script.
+	Module bool
+
+	// Bindings should be a map where the keys are the binding name, and the
+	// values are the binding content
+	Bindings map[string]WorkerBinding
+}
+
+// WorkerRoute is used to map traffic matching a URL pattern to a workers
+//
+// API reference: https://api.cloudflare.com/#worker-routes-properties
+type WorkerRoute struct {
+	ID         string `json:"id,omitempty"`
+	Pattern    string `json:"pattern"`
+	ScriptName string `json:"script,omitempty"`
+}
+
+// WorkerRoutesResponse embeds Response struct and slice of WorkerRoutes.
+type WorkerRoutesResponse struct {
+	Response
+	Routes []WorkerRoute `json:"result"`
+}
+
+// WorkerRouteResponse embeds Response struct and a single WorkerRoute.
+type WorkerRouteResponse struct {
+	Response
+	WorkerRoute `json:"result"`
+}
+
+// WorkerScript Cloudflare Worker struct with metadata.
+type WorkerScript struct {
+	WorkerMetaData
+	Script     string `json:"script"`
+	UsageModel string `json:"usage_model,omitempty"`
+}
+
+type WorkersTailConsumer struct {
+	Service     string  `json:"service"`
+	Environment *string `json:"environment,omitempty"`
+	Namespace   *string `json:"namespace,omitempty"`
+}
+
+// WorkerMetaData contains worker script information such as size, creation & modification dates.
+type WorkerMetaData struct {
+	ID               string                 `json:"id,omitempty"`
+	ETAG             string                 `json:"etag,omitempty"`
+	Size             int                    `json:"size,omitempty"`
+	CreatedOn        time.Time              `json:"created_on,omitempty"`
+	ModifiedOn       time.Time              `json:"modified_on,omitempty"`
+	Logpush          *bool                  `json:"logpush,omitempty"`
+	TailConsumers    *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
+	LastDeployedFrom *string                `json:"last_deployed_from,omitempty"`
+	DeploymentId     *string                `json:"deployment_id,omitempty"`
+	PlacementMode    *PlacementMode         `json:"placement_mode,omitempty"`
+	PipelineHash     *string                `json:"pipeline_hash,omitempty"`
+}
+
+// WorkerListResponse wrapper struct for API response to worker script list API call.
+type WorkerListResponse struct {
+	Response
+	ResultInfo
+	WorkerList []WorkerMetaData `json:"result"`
+}
+
+// WorkerScriptResponse wrapper struct for API response to worker script calls.
+type WorkerScriptResponse struct {
+	Response
+	Module       bool
+	WorkerScript `json:"result"`
+}
+
+// WorkerScriptSettingsResponse wrapper struct for API response to worker script settings calls.
+type WorkerScriptSettingsResponse struct {
+	Response
+	WorkerMetaData
+}
+
+type ListWorkersParams struct{}
+
+type DeleteWorkerParams struct {
+	ScriptName string
+
+	// DispatchNamespaceName is the dispatch namespace the Worker is uploaded to.
+	DispatchNamespace *string
+}
+
+type PlacementMode string
+
+const (
+	PlacementModeOff   PlacementMode = ""
+	PlacementModeSmart PlacementMode = "smart"
+)
+
+type Placement struct {
+	Mode PlacementMode `json:"mode"`
+}
+
+// DeleteWorker deletes a single Worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-delete-worker
+func (api *API) DeleteWorker(ctx context.Context, rc *ResourceContainer, params DeleteWorkerParams) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, params.ScriptName)
+	if params.DispatchNamespace != nil && *params.DispatchNamespace != "" {
+		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s", rc.Identifier, *params.DispatchNamespace, params.ScriptName)
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	var r WorkerScriptResponse
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
+
+// GetWorker fetch raw script content for your worker returns string containing
+// worker code js.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-download-worker
+func (api *API) GetWorker(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkerScriptResponse, error) {
+	return api.GetWorkerWithDispatchNamespace(ctx, rc, scriptName, "")
+}
+
+// GetWorker fetch raw script content for your worker returns string containing
+// worker code js.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-download-worker
+func (api *API) GetWorkerWithDispatchNamespace(ctx context.Context, rc *ResourceContainer, scriptName string, dispatchNamespace string) (WorkerScriptResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerScriptResponse{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, scriptName)
+	if dispatchNamespace != "" {
+		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s/content", rc.Identifier, dispatchNamespace, scriptName)
+	}
+	res, err := api.makeRequestContextWithHeadersComplete(ctx, http.MethodGet, uri, nil, nil)
+	var r WorkerScriptResponse
+	if err != nil {
+		return r, err
+	}
+
+	// Check if the response type is multipart, in which case this was a module worker
+	mediaType, mediaParams, _ := mime.ParseMediaType(res.Headers.Get("content-type"))
+	if strings.HasPrefix(mediaType, "multipart/") {
+		bytesReader := bytes.NewReader(res.Body)
+		mimeReader := multipart.NewReader(bytesReader, mediaParams["boundary"])
+		mimePart, err := mimeReader.NextPart()
+		if err != nil {
+			return r, fmt.Errorf("could not get multipart response body: %w", err)
+		}
+		mimePartBody, err := io.ReadAll(mimePart)
+		if err != nil {
+			return r, fmt.Errorf("could not read multipart response body: %w", err)
+		}
+		r.Script = string(mimePartBody)
+		r.Module = true
+	} else {
+		r.Script = string(res.Body)
+		r.Module = false
+	}
+
+	r.Success = true
+	return r, nil
+}
+
+// ListWorkers returns list of Workers for given account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-list-workers
+func (api *API) ListWorkers(ctx context.Context, rc *ResourceContainer, params ListWorkersParams) (WorkerListResponse, *ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerListResponse{}, &ResultInfo{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerListResponse{}, &ResultInfo{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkerListResponse{}, &ResultInfo{}, err
+	}
+
+	var r WorkerListResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerListResponse{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r, &r.ResultInfo, nil
+}
+
+// UploadWorker pushes raw script content for your Worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-upload-worker-module
+func (api *API) UploadWorker(ctx context.Context, rc *ResourceContainer, params CreateWorkerParams) (WorkerScriptResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerScriptResponse{}, ErrMissingAccountID
+	}
+
+	body := []byte(params.Script)
+	var (
+		contentType = "application/javascript"
+		err         error
+	)
+
+	if params.RequiresMultipart() {
+		contentType, body, err = formatMultipartBody(params)
+		if err != nil {
+			return WorkerScriptResponse{}, err
+		}
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, params.ScriptName)
+	if params.DispatchNamespaceName != nil && *params.DispatchNamespaceName != "" {
+		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s", rc.Identifier, *params.DispatchNamespaceName, params.ScriptName)
+	}
+
+	headers := make(http.Header)
+	headers.Set("Content-Type", contentType)
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, body, headers)
+
+	var r WorkerScriptResponse
+	if err != nil {
+		return r, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r, nil
+}
+
+// GetWorkersScriptContent returns the pure script content of a worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-get-content
+func (api *API) GetWorkersScriptContent(ctx context.Context, rc *ResourceContainer, scriptName string) (string, error) {
+	if rc.Level != AccountRouteLevel {
+		return "", ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return "", ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/content/v2", rc.Identifier, scriptName)
+	res, err := api.makeRequestContextWithHeadersComplete(ctx, http.MethodGet, uri, nil, nil)
+	if err != nil {
+		return "", err
+	}
+
+	return string(res.Body), nil
+}
+
+// UpdateWorkersScriptContent pushes only script content, no metadata.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-put-content
+func (api *API) UpdateWorkersScriptContent(ctx context.Context, rc *ResourceContainer, params UpdateWorkersScriptContentParams) (WorkerScriptResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerScriptResponse{}, ErrMissingAccountID
+	}
+
+	body := []byte(params.Script)
+	var (
+		contentType = "application/javascript"
+		err         error
+	)
+
+	if params.Module {
+		var formattedParams CreateWorkerParams
+		formattedParams.Script = params.Script
+		formattedParams.ScriptName = params.ScriptName
+		formattedParams.Module = params.Module
+		formattedParams.DispatchNamespaceName = params.DispatchNamespaceName
+		contentType, body, err = formatMultipartBody(formattedParams)
+		if err != nil {
+			return WorkerScriptResponse{}, err
+		}
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/content", rc.Identifier, params.ScriptName)
+	if params.DispatchNamespaceName != nil {
+		uri = fmt.Sprintf("/accounts/%s/workers/dispatch_namespaces/%s/scripts/%s/content", rc.Identifier, *params.DispatchNamespaceName, params.ScriptName)
+	}
+
+	headers := make(http.Header)
+	headers.Set("Content-Type", contentType)
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, body, headers)
+
+	var r WorkerScriptResponse
+	if err != nil {
+		return r, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r, nil
+}
+
+// GetWorkersScriptSettings returns the metadata of a worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-get-settings
+func (api *API) GetWorkersScriptSettings(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkerScriptSettingsResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerScriptSettingsResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerScriptSettingsResponse{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/settings", rc.Identifier, scriptName)
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, nil)
+	var r WorkerScriptSettingsResponse
+	if err != nil {
+		return r, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	r.Success = true
+
+	return r, nil
+}
+
+// UpdateWorkersScriptSettings pushes only script metadata.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-script-patch-settings
+func (api *API) UpdateWorkersScriptSettings(ctx context.Context, rc *ResourceContainer, params UpdateWorkersScriptSettingsParams) (WorkerScriptSettingsResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkerScriptSettingsResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerScriptSettingsResponse{}, ErrMissingAccountID
+	}
+
+	body, err := json.Marshal(params)
+	if err != nil {
+		return WorkerScriptSettingsResponse{}, err
+	}
+	headers := make(http.Header)
+	headers.Set("Content-Type", "application/json")
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/settings", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPatch, uri, body, headers)
+	var r WorkerScriptSettingsResponse
+	if err != nil {
+		return r, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	r.Success = true
+
+	return r, nil
+}
+
+// Returns content-type, body, error.
+func formatMultipartBody(params CreateWorkerParams) (string, []byte, error) {
+	var buf = &bytes.Buffer{}
+	var mpw = multipart.NewWriter(buf)
+	defer mpw.Close()
+
+	// Write metadata part
+	var scriptPartName string
+	meta := struct {
+		BodyPart           string                 `json:"body_part,omitempty"`
+		MainModule         string                 `json:"main_module,omitempty"`
+		Bindings           []workerBindingMeta    `json:"bindings"`
+		Logpush            *bool                  `json:"logpush,omitempty"`
+		TailConsumers      *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
+		CompatibilityDate  string                 `json:"compatibility_date,omitempty"`
+		CompatibilityFlags []string               `json:"compatibility_flags,omitempty"`
+		Placement          *Placement             `json:"placement,omitempty"`
+		Tags               []string               `json:"tags"`
+	}{
+		Bindings:           make([]workerBindingMeta, 0, len(params.Bindings)),
+		Logpush:            params.Logpush,
+		TailConsumers:      params.TailConsumers,
+		CompatibilityDate:  params.CompatibilityDate,
+		CompatibilityFlags: params.CompatibilityFlags,
+		Placement:          params.Placement,
+		Tags:               params.Tags,
+	}
+
+	if params.Module {
+		scriptPartName = "worker.mjs"
+		meta.MainModule = scriptPartName
+	} else {
+		scriptPartName = "script"
+		meta.BodyPart = scriptPartName
+	}
+
+	bodyWriters := make([]workerBindingBodyWriter, 0, len(params.Bindings))
+	for name, b := range params.Bindings {
+		bindingMeta, bodyWriter, err := b.serialize(name)
+		if err != nil {
+			return "", nil, err
+		}
+
+		meta.Bindings = append(meta.Bindings, bindingMeta)
+		bodyWriters = append(bodyWriters, bodyWriter)
+	}
+
+	var hdr = textproto.MIMEHeader{}
+	hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, "metadata"))
+	hdr.Set("content-type", "application/json")
+	pw, err := mpw.CreatePart(hdr)
+	if err != nil {
+		return "", nil, err
+	}
+	metaJSON, err := json.Marshal(meta)
+	if err != nil {
+		return "", nil, err
+	}
+	_, err = pw.Write(metaJSON)
+	if err != nil {
+		return "", nil, err
+	}
+
+	// Write script part
+	hdr = textproto.MIMEHeader{}
+
+	contentType := "application/javascript"
+	if params.Module {
+		contentType = "application/javascript+module"
+		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"; filename="%[1]s"`, scriptPartName))
+	} else {
+		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, scriptPartName))
+	}
+	hdr.Set("content-type", contentType)
+
+	pw, err = mpw.CreatePart(hdr)
+	if err != nil {
+		return "", nil, err
+	}
+	_, err = pw.Write([]byte(params.Script))
+	if err != nil {
+		return "", nil, err
+	}
+
+	// Write other bindings with parts
+	for _, w := range bodyWriters {
+		if w != nil {
+			err = w(mpw)
+			if err != nil {
+				return "", nil, err
+			}
+		}
+	}
+
+	mpw.Close()
+
+	return mpw.FormDataContentType(), buf.Bytes(), nil
+}
diff --git a/pkg/cloudflare-go/workers_account_settings.go b/pkg/cloudflare-go/workers_account_settings.go
new file mode 100644
index 0000000000..55e0d30e70
--- /dev/null
+++ b/pkg/cloudflare-go/workers_account_settings.go
@@ -0,0 +1,83 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type WorkersAccountSettings struct {
+	DefaultUsageModel string `json:"default_usage_model,omitempty"`
+	GreenCompute      bool   `json:"green_compute,omitempty"`
+}
+
+type CreateWorkersAccountSettingsParameters struct {
+	DefaultUsageModel string `json:"default_usage_model,omitempty"`
+	GreenCompute      bool   `json:"green_compute,omitempty"`
+}
+
+type CreateWorkersAccountSettingsResponse struct {
+	Response
+	Result WorkersAccountSettings
+}
+
+type WorkersAccountSettingsParameters struct{}
+
+type WorkersAccountSettingsResponse struct {
+	Response
+	Result WorkersAccountSettings
+}
+
+// CreateWorkersAccountSettings sets the account settings for Workers.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-account-settings-create-worker-account-settings
+func (api *API) CreateWorkersAccountSettings(ctx context.Context, rc *ResourceContainer, params CreateWorkersAccountSettingsParameters) (WorkersAccountSettings, error) {
+	if rc.Identifier == "" {
+		return WorkersAccountSettings{}, ErrMissingAccountID
+	}
+
+	if rc.Level != AccountRouteLevel {
+		return WorkersAccountSettings{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/account-settings", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return WorkersAccountSettings{}, err
+	}
+
+	var workersAccountSettingsResponse CreateWorkersAccountSettingsResponse
+	if err := json.Unmarshal(res, &workersAccountSettingsResponse); err != nil {
+		return WorkersAccountSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return workersAccountSettingsResponse.Result, nil
+}
+
+// WorkersAccountSettings returns the current account settings for Workers.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-account-settings-fetch-worker-account-settings
+func (api *API) WorkersAccountSettings(ctx context.Context, rc *ResourceContainer, params WorkersAccountSettingsParameters) (WorkersAccountSettings, error) {
+	if rc.Identifier == "" {
+		return WorkersAccountSettings{}, ErrMissingAccountID
+	}
+
+	if rc.Level != AccountRouteLevel {
+		return WorkersAccountSettings{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/account-settings", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
+	if err != nil {
+		return WorkersAccountSettings{}, err
+	}
+
+	var workersAccountSettingsResponse CreateWorkersAccountSettingsResponse
+	if err := json.Unmarshal(res, &workersAccountSettingsResponse); err != nil {
+		return WorkersAccountSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return workersAccountSettingsResponse.Result, nil
+}
diff --git a/pkg/cloudflare-go/workers_account_settings_test.go b/pkg/cloudflare-go/workers_account_settings_test.go
new file mode 100644
index 0000000000..0bdd35fd33
--- /dev/null
+++ b/pkg/cloudflare-go/workers_account_settings_test.go
@@ -0,0 +1,67 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWorkersAccountSettings_CreateAccountSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/account-settings", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "default_usage_model": "unbound",
+	"green_compute": false
+  }
+}`)
+	})
+	res, err := client.CreateWorkersAccountSettings(context.Background(), AccountIdentifier(testAccountID), CreateWorkersAccountSettingsParameters{DefaultUsageModel: "unbound", GreenCompute: false})
+	want := WorkersAccountSettings{
+		DefaultUsageModel: "unbound",
+		GreenCompute:      false,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersAccountSettings_GetAccountSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/account-settings", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "default_usage_model": "unbound",
+	"green_compute": true
+  }
+}`)
+	})
+
+	res, err := client.WorkersAccountSettings(context.Background(), AccountIdentifier(testAccountID), WorkersAccountSettingsParameters{})
+	want := WorkersAccountSettings{
+		DefaultUsageModel: "unbound",
+		GreenCompute:      true,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_bindings.go b/pkg/cloudflare-go/workers_bindings.go
new file mode 100644
index 0000000000..0516c5b3f7
--- /dev/null
+++ b/pkg/cloudflare-go/workers_bindings.go
@@ -0,0 +1,617 @@
+package cloudflare
+
+import (
+	"context"
+	rand "crypto/rand"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"net/textproto"
+
+	"github.com/goccy/go-json"
+)
+
+// WorkerBindingType represents a particular type of binding.
+type WorkerBindingType string
+
+func (b WorkerBindingType) String() string {
+	return string(b)
+}
+
+const (
+	// WorkerDurableObjectBindingType is the type for Durable Object bindings.
+	WorkerDurableObjectBindingType WorkerBindingType = "durable_object_namespace"
+	// WorkerInheritBindingType is the type for inherited bindings.
+	WorkerInheritBindingType WorkerBindingType = "inherit"
+	// WorkerKvNamespaceBindingType is the type for KV Namespace bindings.
+	WorkerKvNamespaceBindingType WorkerBindingType = "kv_namespace"
+	// WorkerWebAssemblyBindingType is the type for Web Assembly module bindings.
+	WorkerWebAssemblyBindingType WorkerBindingType = "wasm_module"
+	// WorkerSecretTextBindingType is the type for secret text bindings.
+	WorkerSecretTextBindingType WorkerBindingType = "secret_text"
+	// WorkerPlainTextBindingType is the type for plain text bindings.
+	WorkerPlainTextBindingType WorkerBindingType = "plain_text"
+	// WorkerServiceBindingType is the type for service bindings.
+	WorkerServiceBindingType WorkerBindingType = "service"
+	// WorkerR2BucketBindingType is the type for R2 bucket bindings.
+	WorkerR2BucketBindingType WorkerBindingType = "r2_bucket"
+	// WorkerAnalyticsEngineBindingType is the type for Analytics Engine dataset bindings.
+	WorkerAnalyticsEngineBindingType WorkerBindingType = "analytics_engine"
+	// WorkerQueueBindingType is the type for queue bindings.
+	WorkerQueueBindingType WorkerBindingType = "queue"
+	// DispatchNamespaceBindingType is the type for WFP namespace bindings.
+	DispatchNamespaceBindingType WorkerBindingType = "dispatch_namespace"
+	// WorkerD1DataseBindingType is for D1 databases.
+	WorkerD1DataseBindingType WorkerBindingType = "d1"
+)
+
+type ListWorkerBindingsParams struct {
+	ScriptName        string
+	DispatchNamespace *string
+}
+
+// WorkerBindingListItem a struct representing an individual binding in a list of bindings.
+type WorkerBindingListItem struct {
+	Name    string `json:"name"`
+	Binding WorkerBinding
+}
+
+// WorkerBindingListResponse wrapper struct for API response to worker binding list API call.
+type WorkerBindingListResponse struct {
+	Response
+	BindingList []WorkerBindingListItem
+}
+
+// Workers supports multiple types of bindings, e.g. KV namespaces or WebAssembly modules, and each type
+// of binding will be represented differently in the upload request body. At a high-level, every binding
+// will specify metadata, which is a JSON object with the properties "name" and "type". Some types of bindings
+// will also have additional metadata properties. For example, KV bindings also specify the KV namespace.
+// In addition to the metadata, some binding types may need to include additional data as part of the
+// multipart form. For example, WebAssembly bindings will include the contents of the WebAssembly module.
+
+// WorkerBinding is the generic interface implemented by all of
+// the various binding types.
+type WorkerBinding interface {
+	Type() WorkerBindingType
+
+	// serialize is responsible for returning the binding metadata as well as an optionally
+	// returning a function that can modify the multipart form body. For example, this is used
+	// by WebAssembly bindings to add a new part containing the WebAssembly module contents.
+	serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error)
+}
+
+// workerBindingMeta is the metadata portion of the binding.
+type workerBindingMeta = map[string]interface{}
+
+// workerBindingBodyWriter allows for a binding to add additional parts to the multipart body.
+type workerBindingBodyWriter func(*multipart.Writer) error
+
+// WorkerInheritBinding will just persist whatever binding content was previously uploaded.
+type WorkerInheritBinding struct {
+	// Optional parameter that allows for renaming a binding without changing
+	// its contents. If `OldName` is empty, the binding name will not be changed.
+	OldName string
+}
+
+// Type returns the type of the binding.
+func (b WorkerInheritBinding) Type() WorkerBindingType {
+	return WorkerInheritBindingType
+}
+
+func (b WorkerInheritBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	meta := workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+	}
+
+	if b.OldName != "" {
+		meta["old_name"] = b.OldName
+	}
+
+	return meta, nil, nil
+}
+
+// WorkerKvNamespaceBinding is a binding to a Workers KV Namespace.
+//
+// https://developers.cloudflare.com/workers/archive/api/resource-bindings/kv-namespaces/
+type WorkerKvNamespaceBinding struct {
+	NamespaceID string
+}
+
+// Type returns the type of the binding.
+func (b WorkerKvNamespaceBinding) Type() WorkerBindingType {
+	return WorkerKvNamespaceBindingType
+}
+
+func (b WorkerKvNamespaceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.NamespaceID == "" {
+		return nil, nil, fmt.Errorf(`namespace ID for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name":         bindingName,
+		"type":         b.Type(),
+		"namespace_id": b.NamespaceID,
+	}, nil, nil
+}
+
+// WorkerDurableObjectBinding is a binding to a Workers Durable Object.
+//
+// https://api.cloudflare.com/#durable-objects-namespace-properties
+type WorkerDurableObjectBinding struct {
+	ClassName  string
+	ScriptName string
+}
+
+// Type returns the type of the binding.
+func (b WorkerDurableObjectBinding) Type() WorkerBindingType {
+	return WorkerDurableObjectBindingType
+}
+
+func (b WorkerDurableObjectBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.ClassName == "" {
+		return nil, nil, fmt.Errorf(`ClassName for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name":        bindingName,
+		"type":        b.Type(),
+		"class_name":  b.ClassName,
+		"script_name": b.ScriptName,
+	}, nil, nil
+}
+
+// WorkerWebAssemblyBinding is a binding to a WebAssembly module.
+//
+// https://developers.cloudflare.com/workers/archive/api/resource-bindings/webassembly-modules/
+type WorkerWebAssemblyBinding struct {
+	Module io.Reader
+}
+
+// Type returns the type of the binding.
+func (b WorkerWebAssemblyBinding) Type() WorkerBindingType {
+	return WorkerWebAssemblyBindingType
+}
+
+func (b WorkerWebAssemblyBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	partName := getRandomPartName()
+
+	bodyWriter := func(mpw *multipart.Writer) error {
+		var hdr = textproto.MIMEHeader{}
+		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, partName))
+		hdr.Set("content-type", "application/wasm")
+		pw, err := mpw.CreatePart(hdr)
+		if err != nil {
+			return err
+		}
+		_, err = io.Copy(pw, b.Module)
+		return err
+	}
+
+	return workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+		"part": partName,
+	}, bodyWriter, nil
+}
+
+// WorkerPlainTextBinding is a binding to plain text.
+//
+// https://developers.cloudflare.com/workers/tooling/api/scripts/#add-a-plain-text-binding
+type WorkerPlainTextBinding struct {
+	Text string
+}
+
+// Type returns the type of the binding.
+func (b WorkerPlainTextBinding) Type() WorkerBindingType {
+	return WorkerPlainTextBindingType
+}
+
+func (b WorkerPlainTextBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Text == "" {
+		return nil, nil, fmt.Errorf(`text for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+		"text": b.Text,
+	}, nil, nil
+}
+
+// WorkerSecretTextBinding is a binding to secret text.
+//
+// https://developers.cloudflare.com/workers/tooling/api/scripts/#add-a-secret-text-binding
+type WorkerSecretTextBinding struct {
+	Text string
+}
+
+// Type returns the type of the binding.
+func (b WorkerSecretTextBinding) Type() WorkerBindingType {
+	return WorkerSecretTextBindingType
+}
+
+func (b WorkerSecretTextBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Text == "" {
+		return nil, nil, fmt.Errorf(`text for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+		"text": b.Text,
+	}, nil, nil
+}
+
+type WorkerServiceBinding struct {
+	Service     string
+	Environment *string
+}
+
+func (b WorkerServiceBinding) Type() WorkerBindingType {
+	return WorkerServiceBindingType
+}
+
+func (b WorkerServiceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Service == "" {
+		return nil, nil, fmt.Errorf(`service for binding "%s" cannot be empty`, bindingName)
+	}
+
+	meta := workerBindingMeta{
+		"name":    bindingName,
+		"type":    b.Type(),
+		"service": b.Service,
+	}
+
+	if b.Environment != nil {
+		meta["environment"] = *b.Environment
+	}
+
+	return meta, nil, nil
+}
+
+// WorkerR2BucketBinding is a binding to an R2 bucket.
+type WorkerR2BucketBinding struct {
+	BucketName string
+}
+
+// Type returns the type of the binding.
+func (b WorkerR2BucketBinding) Type() WorkerBindingType {
+	return WorkerR2BucketBindingType
+}
+
+func (b WorkerR2BucketBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.BucketName == "" {
+		return nil, nil, fmt.Errorf(`BucketName for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name":        bindingName,
+		"type":        b.Type(),
+		"bucket_name": b.BucketName,
+	}, nil, nil
+}
+
+// WorkerAnalyticsEngineBinding is a binding to an Analytics Engine dataset.
+type WorkerAnalyticsEngineBinding struct {
+	Dataset string
+}
+
+// Type returns the type of the binding.
+func (b WorkerAnalyticsEngineBinding) Type() WorkerBindingType {
+	return WorkerAnalyticsEngineBindingType
+}
+
+func (b WorkerAnalyticsEngineBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Dataset == "" {
+		return nil, nil, fmt.Errorf(`dataset for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name":    bindingName,
+		"type":    b.Type(),
+		"dataset": b.Dataset,
+	}, nil, nil
+}
+
+// WorkerQueueBinding is a binding to a Workers Queue.
+//
+// https://developers.cloudflare.com/workers/platform/bindings/#queue-bindings
+type WorkerQueueBinding struct {
+	Binding string
+	Queue   string
+}
+
+// Type returns the type of the binding.
+func (b WorkerQueueBinding) Type() WorkerBindingType {
+	return WorkerQueueBindingType
+}
+
+func (b WorkerQueueBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Binding == "" {
+		return nil, nil, fmt.Errorf(`binding name for binding "%s" cannot be empty`, bindingName)
+	}
+	if b.Queue == "" {
+		return nil, nil, fmt.Errorf(`queue name for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"type":       b.Type(),
+		"name":       b.Binding,
+		"queue_name": b.Queue,
+	}, nil, nil
+}
+
+// DispatchNamespaceBinding is a binding to a Workers for Platforms namespace
+//
+// https://developers.cloudflare.com/workers/platform/bindings/#dispatch-namespace-bindings-workers-for-platforms
+type DispatchNamespaceBinding struct {
+	Binding   string
+	Namespace string
+	Outbound  *NamespaceOutboundOptions
+}
+
+type NamespaceOutboundOptions struct {
+	Worker WorkerReference
+	Params []OutboundParamSchema
+}
+
+type WorkerReference struct {
+	Service     string
+	Environment *string
+}
+
+type OutboundParamSchema struct {
+	Name string
+}
+
+// Type returns the type of the binding.
+func (b DispatchNamespaceBinding) Type() WorkerBindingType {
+	return DispatchNamespaceBindingType
+}
+
+func (b DispatchNamespaceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.Binding == "" {
+		return nil, nil, fmt.Errorf(`binding name for binding "%s" cannot be empty`, bindingName)
+	}
+	if b.Namespace == "" {
+		return nil, nil, fmt.Errorf(`namespace name for binding "%s" cannot be empty`, bindingName)
+	}
+
+	meta := workerBindingMeta{
+		"type":      b.Type(),
+		"name":      b.Binding,
+		"namespace": b.Namespace,
+	}
+
+	if b.Outbound != nil {
+		if b.Outbound.Worker.Service == "" {
+			return nil, nil, fmt.Errorf(`outbound options for binding "%s" must have a service name`, bindingName)
+		}
+
+		var params []map[string]interface{}
+		for _, param := range b.Outbound.Params {
+			params = append(params, map[string]interface{}{
+				"name": param.Name,
+			})
+		}
+
+		meta["outbound"] = map[string]interface{}{
+			"worker": map[string]interface{}{
+				"service":     b.Outbound.Worker.Service,
+				"environment": b.Outbound.Worker.Environment,
+			},
+			"params": params,
+		}
+	}
+
+	return meta, nil, nil
+}
+
+// WorkerD1DatabaseBinding is a binding to a D1 instance.
+type WorkerD1DatabaseBinding struct {
+	DatabaseID string
+}
+
+// Type returns the type of the binding.
+func (b WorkerD1DatabaseBinding) Type() WorkerBindingType {
+	return WorkerD1DataseBindingType
+}
+
+func (b WorkerD1DatabaseBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	if b.DatabaseID == "" {
+		return nil, nil, fmt.Errorf(`database ID for binding "%s" cannot be empty`, bindingName)
+	}
+
+	return workerBindingMeta{
+		"name": bindingName,
+		"type": b.Type(),
+		"id":   b.DatabaseID,
+	}, nil, nil
+}
+
+// UnsafeBinding is for experimental or deprecated bindings, and allows specifying any binding type or property.
+type UnsafeBinding map[string]interface{}
+
+// Type returns the type of the binding.
+func (b UnsafeBinding) Type() WorkerBindingType {
+	return ""
+}
+
+func (b UnsafeBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
+	b["name"] = bindingName
+	return b, nil, nil
+}
+
+// Each binding that adds a part to the multipart form body will need
+// a unique part name so we just generate a random 128bit hex string.
+func getRandomPartName() string {
+	randBytes := make([]byte, 16)
+	rand.Read(randBytes) //nolint:errcheck
+	return hex.EncodeToString(randBytes)
+}
+
+// ListWorkerBindings returns all the bindings for a particular worker.
+func (api *API) ListWorkerBindings(ctx context.Context, rc *ResourceContainer, params ListWorkerBindingsParams) (WorkerBindingListResponse, error) {
+	if params.ScriptName == "" {
+		return WorkerBindingListResponse{}, errors.New("script name is required")
+	}
+
+	if rc.Level != AccountRouteLevel {
+		return WorkerBindingListResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkerBindingListResponse{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/bindings", rc.Identifier, params.ScriptName)
+	if params.DispatchNamespace != nil && *params.DispatchNamespace != "" {
+		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s/bindings", rc.Identifier, *params.DispatchNamespace, params.ScriptName)
+	}
+
+	var jsonRes struct {
+		Response
+		Bindings []workerBindingMeta `json:"result"`
+	}
+	var r WorkerBindingListResponse
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return r, err
+	}
+	err = json.Unmarshal(res, &jsonRes)
+	if err != nil {
+		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	r = WorkerBindingListResponse{
+		Response:    jsonRes.Response,
+		BindingList: make([]WorkerBindingListItem, 0, len(jsonRes.Bindings)),
+	}
+	for _, jsonBinding := range jsonRes.Bindings {
+		name, ok := jsonBinding["name"].(string)
+		if !ok {
+			return r, fmt.Errorf("binding missing name %v", jsonBinding)
+		}
+		bType, ok := jsonBinding["type"].(string)
+		if !ok {
+			return r, fmt.Errorf("binding missing type %v", jsonBinding)
+		}
+		bindingListItem := WorkerBindingListItem{
+			Name: name,
+		}
+
+		switch WorkerBindingType(bType) {
+		case WorkerDurableObjectBindingType:
+			class_name := jsonBinding["class_name"].(string)
+			script_name := jsonBinding["script_name"].(string)
+			bindingListItem.Binding = WorkerDurableObjectBinding{
+				ClassName:  class_name,
+				ScriptName: script_name,
+			}
+		case WorkerKvNamespaceBindingType:
+			namespaceID := jsonBinding["namespace_id"].(string)
+			bindingListItem.Binding = WorkerKvNamespaceBinding{
+				NamespaceID: namespaceID,
+			}
+		case WorkerQueueBindingType:
+			queueName := jsonBinding["queue_name"].(string)
+			bindingListItem.Binding = WorkerQueueBinding{
+				Binding: name,
+				Queue:   queueName,
+			}
+		case WorkerWebAssemblyBindingType:
+			bindingListItem.Binding = WorkerWebAssemblyBinding{
+				Module: &bindingContentReader{
+					api:         api,
+					ctx:         ctx,
+					accountID:   rc.Identifier,
+					params:      &params,
+					bindingName: name,
+				},
+			}
+		case WorkerPlainTextBindingType:
+			text := jsonBinding["text"].(string)
+			bindingListItem.Binding = WorkerPlainTextBinding{
+				Text: text,
+			}
+		case WorkerServiceBindingType:
+			service := jsonBinding["service"].(string)
+			environment := jsonBinding["environment"].(string)
+			bindingListItem.Binding = WorkerServiceBinding{
+				Service:     service,
+				Environment: &environment,
+			}
+		case WorkerSecretTextBindingType:
+			bindingListItem.Binding = WorkerSecretTextBinding{}
+		case WorkerR2BucketBindingType:
+			bucketName := jsonBinding["bucket_name"].(string)
+			bindingListItem.Binding = WorkerR2BucketBinding{
+				BucketName: bucketName,
+			}
+		case WorkerAnalyticsEngineBindingType:
+			dataset := jsonBinding["dataset"].(string)
+			bindingListItem.Binding = WorkerAnalyticsEngineBinding{
+				Dataset: dataset,
+			}
+		case WorkerD1DataseBindingType:
+			database_id := jsonBinding["database_id"].(string)
+			bindingListItem.Binding = WorkerD1DatabaseBinding{
+				DatabaseID: database_id,
+			}
+		default:
+			bindingListItem.Binding = WorkerInheritBinding{}
+		}
+		r.BindingList = append(r.BindingList, bindingListItem)
+	}
+
+	return r, nil
+}
+
+// bindingContentReader is an io.Reader that will lazily load the
+// raw bytes for a binding from the API when the Read() method
+// is first called. This is only useful for binding types
+// that store raw bytes, like WebAssembly modules.
+type bindingContentReader struct {
+	api         *API
+	accountID   string
+	params      *ListWorkerBindingsParams
+	ctx         context.Context
+	bindingName string
+	content     []byte
+	position    int
+}
+
+func (b *bindingContentReader) Read(p []byte) (n int, err error) {
+	// Lazily load the content when Read() is first called
+	if b.content == nil {
+		uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/bindings/%s/content", b.accountID, b.params.ScriptName, b.bindingName)
+		res, err := b.api.makeRequestContext(b.ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return 0, err
+		}
+		b.content = res
+	}
+
+	if b.position >= len(b.content) {
+		return 0, io.EOF
+	}
+
+	bytesRemaining := len(b.content) - b.position
+	bytesToProcess := 0
+	if len(p) < bytesRemaining {
+		bytesToProcess = len(p)
+	} else {
+		bytesToProcess = bytesRemaining
+	}
+
+	for i := 0; i < bytesToProcess; i++ {
+		p[i] = b.content[b.position]
+		b.position = b.position + 1
+	}
+
+	return bytesToProcess, nil
+}
diff --git a/pkg/cloudflare-go/workers_bindings_test.go b/pkg/cloudflare-go/workers_bindings_test.go
new file mode 100644
index 0000000000..bb7f141fa8
--- /dev/null
+++ b/pkg/cloudflare-go/workers_bindings_test.go
@@ -0,0 +1,237 @@
+package cloudflare
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListWorkerBindings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/my-script/bindings", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, listBindingsResponseData)
+	})
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/my-script/bindings/MY_WASM/content", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/wasm")
+		_, _ = w.Write([]byte("mock multi-script wasm"))
+	})
+
+	res, err := client.ListWorkerBindings(context.Background(), AccountIdentifier(testAccountID), ListWorkerBindingsParams{
+		ScriptName: "my-script",
+	})
+	assert.NoError(t, err)
+
+	assert.Equal(t, successResponse, res.Response)
+	assert.Equal(t, 9, len(res.BindingList))
+
+	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
+		Name: "MY_KV",
+		Binding: WorkerKvNamespaceBinding{
+			NamespaceID: "89f5f8fd93f94cb98473f6f421aa3b65",
+		},
+	})
+	assert.Equal(t, WorkerKvNamespaceBindingType, res.BindingList[0].Binding.Type())
+
+	assert.Equal(t, "MY_WASM", res.BindingList[1].Name)
+	wasmBinding := res.BindingList[1].Binding.(WorkerWebAssemblyBinding)
+	wasmModuleContent, err := io.ReadAll(wasmBinding.Module)
+	assert.NoError(t, err)
+	assert.Equal(t, []byte("mock multi-script wasm"), wasmModuleContent)
+	assert.Equal(t, WorkerWebAssemblyBindingType, res.BindingList[1].Binding.Type())
+
+	assert.Equal(t, res.BindingList[2], WorkerBindingListItem{
+		Name: "MY_PLAIN_TEXT",
+		Binding: WorkerPlainTextBinding{
+			Text: "text",
+		},
+	})
+	assert.Equal(t, WorkerPlainTextBindingType, res.BindingList[2].Binding.Type())
+
+	assert.Equal(t, res.BindingList[3], WorkerBindingListItem{
+		Name:    "MY_SECRET_TEXT",
+		Binding: WorkerSecretTextBinding{},
+	})
+	assert.Equal(t, WorkerSecretTextBindingType, res.BindingList[3].Binding.Type())
+
+	environment := "MY_ENVIRONMENT"
+	assert.Equal(t, res.BindingList[4], WorkerBindingListItem{
+		Name: "MY_SERVICE_BINDING",
+		Binding: WorkerServiceBinding{
+			Service:     "MY_SERVICE",
+			Environment: &environment,
+		},
+	})
+	assert.Equal(t, WorkerServiceBindingType, res.BindingList[4].Binding.Type())
+
+	assert.Equal(t, res.BindingList[5], WorkerBindingListItem{
+		Name:    "MY_NEW_BINDING",
+		Binding: WorkerInheritBinding{},
+	})
+	assert.Equal(t, WorkerInheritBindingType, res.BindingList[5].Binding.Type())
+
+	assert.Equal(t, res.BindingList[6], WorkerBindingListItem{
+		Name: "MY_BUCKET",
+		Binding: WorkerR2BucketBinding{
+			BucketName: "bucket",
+		},
+	})
+	assert.Equal(t, WorkerR2BucketBindingType, res.BindingList[6].Binding.Type())
+
+	assert.Equal(t, res.BindingList[7], WorkerBindingListItem{
+		Name: "MY_DATASET",
+		Binding: WorkerAnalyticsEngineBinding{
+			Dataset: "my_dataset",
+		},
+	})
+
+	assert.Equal(t, WorkerAnalyticsEngineBindingType, res.BindingList[7].Binding.Type())
+
+	assert.Equal(t, res.BindingList[8], WorkerBindingListItem{
+		Name: "MY_DATABASE",
+		Binding: WorkerD1DatabaseBinding{
+			DatabaseID: "cef5331f-e5c7-4c8a-a415-7908ae45f92a",
+		},
+	})
+	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
+}
+
+func TestListWorkerBindings_Wfp(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/my-namespace/scripts/my-script/bindings", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, listBindingsResponseData)
+	})
+
+	res, err := client.ListWorkerBindings(context.Background(), AccountIdentifier(testAccountID), ListWorkerBindingsParams{
+		ScriptName:        "my-script",
+		DispatchNamespace: &[]string{"my-namespace"}[0],
+	})
+	assert.NoError(t, err)
+
+	assert.Equal(t, successResponse, res.Response)
+	assert.Equal(t, 9, len(res.BindingList))
+
+	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
+		Name: "MY_KV",
+		Binding: WorkerKvNamespaceBinding{
+			NamespaceID: "89f5f8fd93f94cb98473f6f421aa3b65",
+		},
+	})
+	assert.Equal(t, WorkerKvNamespaceBindingType, res.BindingList[0].Binding.Type())
+
+	// WASM binding - No binding content endpoint exists for WfP
+
+	assert.Equal(t, res.BindingList[2], WorkerBindingListItem{
+		Name: "MY_PLAIN_TEXT",
+		Binding: WorkerPlainTextBinding{
+			Text: "text",
+		},
+	})
+	assert.Equal(t, WorkerPlainTextBindingType, res.BindingList[2].Binding.Type())
+
+	assert.Equal(t, res.BindingList[3], WorkerBindingListItem{
+		Name:    "MY_SECRET_TEXT",
+		Binding: WorkerSecretTextBinding{},
+	})
+	assert.Equal(t, WorkerSecretTextBindingType, res.BindingList[3].Binding.Type())
+
+	environment := "MY_ENVIRONMENT"
+	assert.Equal(t, res.BindingList[4], WorkerBindingListItem{
+		Name: "MY_SERVICE_BINDING",
+		Binding: WorkerServiceBinding{
+			Service:     "MY_SERVICE",
+			Environment: &environment,
+		},
+	})
+	assert.Equal(t, WorkerServiceBindingType, res.BindingList[4].Binding.Type())
+
+	assert.Equal(t, res.BindingList[5], WorkerBindingListItem{
+		Name:    "MY_NEW_BINDING",
+		Binding: WorkerInheritBinding{},
+	})
+	assert.Equal(t, WorkerInheritBindingType, res.BindingList[5].Binding.Type())
+
+	assert.Equal(t, res.BindingList[6], WorkerBindingListItem{
+		Name: "MY_BUCKET",
+		Binding: WorkerR2BucketBinding{
+			BucketName: "bucket",
+		},
+	})
+	assert.Equal(t, WorkerR2BucketBindingType, res.BindingList[6].Binding.Type())
+
+	assert.Equal(t, res.BindingList[7], WorkerBindingListItem{
+		Name: "MY_DATASET",
+		Binding: WorkerAnalyticsEngineBinding{
+			Dataset: "my_dataset",
+		},
+	})
+
+	assert.Equal(t, WorkerAnalyticsEngineBindingType, res.BindingList[7].Binding.Type())
+
+	assert.Equal(t, res.BindingList[8], WorkerBindingListItem{
+		Name: "MY_DATABASE",
+		Binding: WorkerD1DatabaseBinding{
+			DatabaseID: "cef5331f-e5c7-4c8a-a415-7908ae45f92a",
+		},
+	})
+	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
+}
+
+func ExampleUnsafeBinding() {
+	pretty := func(meta workerBindingMeta) string {
+		buf := bytes.NewBufferString("")
+		encoder := json.NewEncoder(buf)
+		encoder.SetIndent("", "  ")
+		if err := encoder.Encode(meta); err != nil {
+			fmt.Println("error:", err)
+		}
+		return buf.String()
+	}
+
+	binding_a := WorkerServiceBinding{
+		Service: "foo",
+	}
+	meta_a, _, _ := binding_a.serialize("my_binding")
+	meta_a_json := pretty(meta_a)
+	fmt.Println(meta_a_json)
+
+	binding_b := UnsafeBinding{
+		"type":    "service",
+		"service": "foo",
+	}
+	meta_b, _, _ := binding_b.serialize("my_binding")
+	meta_b_json := pretty(meta_b)
+	fmt.Println(meta_b_json)
+
+	fmt.Println(meta_a_json == meta_b_json)
+	// Output:
+	// {
+	//   "name": "my_binding",
+	//   "service": "foo",
+	//   "type": "service"
+	// }
+	//
+	// {
+	//   "name": "my_binding",
+	//   "service": "foo",
+	//   "type": "service"
+	// }
+	//
+	// true
+}
diff --git a/pkg/cloudflare-go/workers_cron_triggers.go b/pkg/cloudflare-go/workers_cron_triggers.go
new file mode 100644
index 0000000000..c231c994c9
--- /dev/null
+++ b/pkg/cloudflare-go/workers_cron_triggers.go
@@ -0,0 +1,91 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// WorkerCronTriggerResponse represents the response from the Worker cron trigger
+// API endpoint.
+type WorkerCronTriggerResponse struct {
+	Response
+	Result WorkerCronTriggerSchedules `json:"result"`
+}
+
+// WorkerCronTriggerSchedules contains the schedule of Worker cron triggers.
+type WorkerCronTriggerSchedules struct {
+	Schedules []WorkerCronTrigger `json:"schedules"`
+}
+
+// WorkerCronTrigger holds an individual cron schedule for a worker.
+type WorkerCronTrigger struct {
+	Cron       string     `json:"cron"`
+	CreatedOn  *time.Time `json:"created_on,omitempty"`
+	ModifiedOn *time.Time `json:"modified_on,omitempty"`
+}
+
+type ListWorkerCronTriggersParams struct {
+	ScriptName string
+}
+
+type UpdateWorkerCronTriggersParams struct {
+	ScriptName string
+	Crons      []WorkerCronTrigger
+}
+
+// ListWorkerCronTriggers fetches all available cron triggers for a single Worker
+// script.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-cron-trigger-get-cron-triggers
+func (api *API) ListWorkerCronTriggers(ctx context.Context, rc *ResourceContainer, params ListWorkerCronTriggersParams) ([]WorkerCronTrigger, error) {
+	if rc.Level != AccountRouteLevel {
+		return []WorkerCronTrigger{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []WorkerCronTrigger{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/schedules", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []WorkerCronTrigger{}, err
+	}
+
+	result := WorkerCronTriggerResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []WorkerCronTrigger{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Schedules, err
+}
+
+// UpdateWorkerCronTriggers updates a single schedule for a Worker cron trigger.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-cron-trigger-update-cron-triggers
+func (api *API) UpdateWorkerCronTriggers(ctx context.Context, rc *ResourceContainer, params UpdateWorkerCronTriggersParams) ([]WorkerCronTrigger, error) {
+	if rc.Level != AccountRouteLevel {
+		return []WorkerCronTrigger{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []WorkerCronTrigger{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/schedules", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Crons)
+	if err != nil {
+		return []WorkerCronTrigger{}, err
+	}
+
+	result := WorkerCronTriggerResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return []WorkerCronTrigger{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result.Result.Schedules, err
+}
diff --git a/pkg/cloudflare-go/workers_cron_triggers_test.go b/pkg/cloudflare-go/workers_cron_triggers_test.go
new file mode 100644
index 0000000000..0194d75ef3
--- /dev/null
+++ b/pkg/cloudflare-go/workers_cron_triggers_test.go
@@ -0,0 +1,87 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestListWorkerCronTriggers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"schedules": [
+					{
+						"cron": "*/30 * * * *",
+						"created_on": "2017-01-01T00:00:00Z",
+						"modified_on": "2017-01-01T00:00:00Z"
+					}
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/example-script/schedules", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
+	want := []WorkerCronTrigger{{
+		Cron:       "*/30 * * * *",
+		ModifiedOn: &modifiedOn,
+		CreatedOn:  &createdOn,
+	}}
+
+	actual, err := client.ListWorkerCronTriggers(context.Background(), AccountIdentifier(testAccountID), ListWorkerCronTriggersParams{ScriptName: "example-script"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateWorkerCronTriggers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"schedules": [
+					{
+						"cron": "*/30 * * * *",
+						"created_on": "2017-01-01T00:00:00Z",
+						"modified_on": "2017-01-01T00:00:00Z"
+					}
+				]
+			}
+		}`)
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/example-script/schedules", handler)
+	createdOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
+	modifiedOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
+	want := []WorkerCronTrigger{{
+		Cron:       "*/30 * * * *",
+		ModifiedOn: &modifiedOn,
+		CreatedOn:  &createdOn,
+	}}
+
+	actual, err := client.UpdateWorkerCronTriggers(context.Background(), AccountIdentifier(testAccountID), UpdateWorkerCronTriggersParams{ScriptName: "example-script", Crons: want})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_domain.go b/pkg/cloudflare-go/workers_domain.go
new file mode 100644
index 0000000000..a70954284f
--- /dev/null
+++ b/pkg/cloudflare-go/workers_domain.go
@@ -0,0 +1,151 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingHostname    = errors.New("required hostname missing")
+	ErrMissingService     = errors.New("required service missing")
+	ErrMissingEnvironment = errors.New("required environment missing")
+)
+
+type AttachWorkersDomainParams struct {
+	ID          string `json:"id,omitempty"`
+	ZoneID      string `json:"zone_id,omitempty"`
+	ZoneName    string `json:"zone_name,omitempty"`
+	Hostname    string `json:"hostname,omitempty"`
+	Service     string `json:"service,omitempty"`
+	Environment string `json:"environment,omitempty"`
+}
+
+type WorkersDomain struct {
+	ID          string `json:"id,omitempty"`
+	ZoneID      string `json:"zone_id,omitempty"`
+	ZoneName    string `json:"zone_name,omitempty"`
+	Hostname    string `json:"hostname,omitempty"`
+	Service     string `json:"service,omitempty"`
+	Environment string `json:"environment,omitempty"`
+}
+
+type WorkersDomainResponse struct {
+	Response
+	Result WorkersDomain `json:"result"`
+}
+
+type ListWorkersDomainParams struct {
+	ZoneID      string `url:"zone_id,omitempty"`
+	ZoneName    string `url:"zone_name,omitempty"`
+	Hostname    string `url:"hostname,omitempty"`
+	Service     string `url:"service,omitempty"`
+	Environment string `url:"environment,omitempty"`
+}
+
+type WorkersDomainListResponse struct {
+	Response
+	Result []WorkersDomain `json:"result"`
+}
+
+// ListWorkersDomains lists all Worker Domains.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-domain-list-domains
+func (api *API) ListWorkersDomains(ctx context.Context, rc *ResourceContainer, params ListWorkersDomainParams) ([]WorkersDomain, error) {
+	if rc.Identifier == "" {
+		return []WorkersDomain{}, ErrMissingAccountID
+	}
+
+	uri := buildURI(fmt.Sprintf("/accounts/%s/workers/domains", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r WorkersDomainListResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return []WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// AttachWorkersDomain attaches a worker to a zone and hostname.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-domain-attach-to-domain
+func (api *API) AttachWorkersDomain(ctx context.Context, rc *ResourceContainer, domain AttachWorkersDomainParams) (WorkersDomain, error) {
+	if rc.Identifier == "" {
+		return WorkersDomain{}, ErrMissingAccountID
+	}
+
+	if domain.ZoneID == "" {
+		return WorkersDomain{}, ErrMissingZoneID
+	}
+
+	if domain.Hostname == "" {
+		return WorkersDomain{}, ErrMissingHostname
+	}
+
+	if domain.Service == "" {
+		return WorkersDomain{}, ErrMissingService
+	}
+
+	if domain.Environment == "" {
+		return WorkersDomain{}, ErrMissingEnvironment
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/domains", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domain)
+	if err != nil {
+		return WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r WorkersDomainResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// GetWorkersDomain gets a single Worker Domain.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-domain-get-a-domain
+func (api *API) GetWorkersDomain(ctx context.Context, rc *ResourceContainer, domainID string) (WorkersDomain, error) {
+	if rc.Identifier == "" {
+		return WorkersDomain{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/domains/%s", rc.Identifier, domainID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	var r WorkersDomainResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// DetachWorkersDomain detaches a worker from a zone and hostname.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-domain-detach-from-domain
+func (api *API) DetachWorkersDomain(ctx context.Context, rc *ResourceContainer, domainID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/domains/%s", rc.Identifier, domainID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errMakeRequestError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/workers_domain_test.go b/pkg/cloudflare-go/workers_domain_test.go
new file mode 100644
index 0000000000..443929f28d
--- /dev/null
+++ b/pkg/cloudflare-go/workers_domain_test.go
@@ -0,0 +1,181 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testWorkerDomainID = "dbe10b4bc17c295377eabd600e1787fd"
+
+var expectedWorkerDomain = WorkersDomain{
+	ID:          testWorkerDomainID,
+	ZoneID:      "593c9c94de529bbbfaac7c53ced0447d",
+	ZoneName:    "example.com",
+	Hostname:    "foo.example.com",
+	Service:     "foo",
+	Environment: "production",
+}
+
+func TestWorkersDomain_GetDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains/%s", testAccountID, testWorkerDomainID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"id": "dbe10b4bc17c295377eabd600e1787fd",
+			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
+			"zone_name": "example.com",
+			"hostname": "foo.example.com",
+			"service": "foo",
+			"environment": "production"
+		  }
+		}`)
+	})
+	_, err := client.GetWorkersDomain(context.Background(), AccountIdentifier(""), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	res, err := client.GetWorkersDomain(context.Background(), AccountIdentifier(testAccountID), testWorkerDomainID)
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedWorkerDomain, res)
+	}
+}
+
+func TestWorkersDomain_ListDomains(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": [
+			{
+			  "id": "dbe10b4bc17c295377eabd600e1787fd",
+			  "zone_id": "593c9c94de529bbbfaac7c53ced0447d",
+			  "zone_name": "example.com",
+			  "hostname": "foo.example.com",
+			  "service": "foo",
+			  "environment": "production"
+			}
+		  ]
+		}`)
+	})
+	_, err := client.ListWorkersDomains(context.Background(), AccountIdentifier(""), ListWorkersDomainParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	res, err := client.ListWorkersDomains(context.Background(), AccountIdentifier(testAccountID), ListWorkersDomainParams{})
+	if assert.NoError(t, err) {
+		assert.Equal(t, 1, len(res))
+		assert.Equal(t, expectedWorkerDomain, res[0])
+	}
+}
+
+func TestWorkersDomain_AttachDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"id": "dbe10b4bc17c295377eabd600e1787fd",
+			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
+			"zone_name": "example.com",
+			"hostname": "foo.example.com",
+			"service": "foo",
+			"environment": "production"
+		  }
+		}`)
+	})
+	_, err := client.AttachWorkersDomain(context.Background(), AccountIdentifier(""), AttachWorkersDomainParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingZoneID, err)
+	}
+
+	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
+		ZoneID: testZoneID,
+	})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingHostname, err)
+	}
+
+	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
+		ZoneID:   testZoneID,
+		Hostname: "foo.example.com",
+	})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingService, err)
+	}
+
+	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
+		ZoneID:   testZoneID,
+		Hostname: "foo.example.com",
+		Service:  "foo",
+	})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingEnvironment, err)
+	}
+
+	res, err := client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
+		ZoneID:      testZoneID,
+		Hostname:    "foo.example.com",
+		Service:     "foo",
+		Environment: "production",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedWorkerDomain, res)
+	}
+}
+
+func TestWorkersDomain_DetachDomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains/%s", testAccountID, testWorkerDomainID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+		  "success": true,
+		  "errors": [],
+		  "messages": [],
+		  "result": {
+			"id": "dbe10b4bc17c295377eabd600e1787fd",
+			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
+			"zone_name": "example.com",
+			"hostname": "foo.example.com",
+			"service": "foo",
+			"environment": "production"
+		  }
+		}`)
+	})
+	err := client.DetachWorkersDomain(context.Background(), AccountIdentifier(""), testWorkerDomainID)
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+	err = client.DetachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), testWorkerDomainID)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/workers_for_platforms.go b/pkg/cloudflare-go/workers_for_platforms.go
new file mode 100644
index 0000000000..eda77eaee2
--- /dev/null
+++ b/pkg/cloudflare-go/workers_for_platforms.go
@@ -0,0 +1,139 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type WorkersForPlatformsDispatchNamespace struct {
+	NamespaceId   string     `json:"namespace_id"`
+	NamespaceName string     `json:"namespace_name"`
+	CreatedOn     *time.Time `json:"created_on,omitempty"`
+	CreatedBy     string     `json:"created_by"`
+	ModifiedOn    *time.Time `json:"modified_on,omitempty"`
+	ModifiedBy    string     `json:"modified_by"`
+}
+
+type ListWorkersForPlatformsDispatchNamespaceResponse struct {
+	Response
+	Result []WorkersForPlatformsDispatchNamespace `json:"result"`
+}
+
+type GetWorkersForPlatformsDispatchNamespaceResponse struct {
+	Response
+	Result WorkersForPlatformsDispatchNamespace `json:"result"`
+}
+
+type CreateWorkersForPlatformsDispatchNamespaceParams struct {
+	Name string `json:"name"`
+}
+
+// ListWorkersForPlatformsDispatchNamespaces lists the dispatch namespaces.
+//
+// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-list
+func (api *API) ListWorkersForPlatformsDispatchNamespaces(ctx context.Context, rc *ResourceContainer) (*ListWorkersForPlatformsDispatchNamespaceResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return nil, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	var r ListWorkersForPlatformsDispatchNamespaceResponse
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &r, nil
+}
+
+// GetWorkersForPlatformsDispatchNamespace gets a specific dispatch namespace.
+//
+// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-get-namespace
+func (api *API) GetWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, name string) (*GetWorkersForPlatformsDispatchNamespaceResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return nil, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s", rc.Identifier, name)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+
+	var r GetWorkersForPlatformsDispatchNamespaceResponse
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &r, nil
+}
+
+// CreateWorkersForPlatformsDispatchNamespace creates a new dispatch namespace.
+//
+// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-create
+func (api *API) CreateWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, params CreateWorkersForPlatformsDispatchNamespaceParams) (*GetWorkersForPlatformsDispatchNamespaceResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return nil, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return nil, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+
+	var r GetWorkersForPlatformsDispatchNamespaceResponse
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return &r, nil
+}
+
+// DeleteWorkersForPlatformsDispatchNamespace deletes a dispatch namespace.
+//
+// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-delete-namespace
+func (api *API) DeleteWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, name string) error {
+	if rc.Level != AccountRouteLevel {
+		return ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s", rc.Identifier, name)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/workers_for_platforms_test.go b/pkg/cloudflare-go/workers_for_platforms_test.go
new file mode 100644
index 0000000000..720fcc0b95
--- /dev/null
+++ b/pkg/cloudflare-go/workers_for_platforms_test.go
@@ -0,0 +1,140 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	listDispatchNamespaces = `{
+    "result": [
+		{
+            "namespace_id": "6446f71d-13b3-4bbc-a8a4-9e18760499c8",
+            "namespace_name": "test",
+            "created_on": "2024-02-20T17:26:15.4134Z",
+            "created_by": "4e599df4216133509abaac54b109a647",
+            "modified_on": "2024-02-20T17:26:15.4134Z",
+            "modified_by": "4e599df4216133509abaac54b109a647"
+        },
+        {
+            "namespace_id": "d6851dad-d412-4509-ae13-a364bc5f125a",
+            "namespace_name": "test-2",
+            "created_on": "2024-02-20T20:28:36.560575Z",
+            "created_by": "4e599df4216133509abaac54b109a647",
+            "modified_on": "2024-02-20T20:28:36.560575Z",
+            "modified_by": "4e599df4216133509abaac54b109a647"
+        }
+	],
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+
+	getDispatchNamespace = `{
+	"result": {
+		"namespace_id": "6446f71d-13b3-4bbc-a8a4-9e18760499c8",
+		"namespace_name": "test",
+		"created_on": "2024-02-20T17:26:15.4134Z",
+		"created_by": "4e599df4216133509abaac54b109a647",
+		"modified_on": "2024-02-20T17:26:15.4134Z",
+		"modified_by": "4e599df4216133509abaac54b109a647"
+	},
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+
+	deleteDispatchNamespace = `{
+    "result": null,
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+)
+
+func TestListWorkersForPlatformsDispatchNamespaces(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, listDispatchNamespaces)
+	})
+
+	res, err := client.ListWorkersForPlatformsDispatchNamespaces(context.Background(), AccountIdentifier(testAccountID))
+
+	assert.NoError(t, err)
+	assert.Len(t, res.Result, 2)
+
+	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result[0].NamespaceId)
+	assert.Equal(t, "test", res.Result[0].NamespaceName)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[0].CreatedBy)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[0].ModifiedBy)
+
+	assert.Equal(t, "d6851dad-d412-4509-ae13-a364bc5f125a", res.Result[1].NamespaceId)
+	assert.Equal(t, "test-2", res.Result[1].NamespaceName)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[1].CreatedBy)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[1].ModifiedBy)
+}
+
+func TestGetWorkersForPlatformsDispatchNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/test", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, getDispatchNamespace)
+	})
+
+	res, err := client.GetWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "test")
+
+	assert.NoError(t, err)
+
+	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result.NamespaceId)
+	assert.Equal(t, "test", res.Result.NamespaceName)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.CreatedBy)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.ModifiedBy)
+}
+
+func TestCreateWorkersForPlatformsDispatchNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, getDispatchNamespace)
+	})
+
+	res, err := client.CreateWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), CreateWorkersForPlatformsDispatchNamespaceParams{
+		Name: "test",
+	})
+
+	assert.NoError(t, err)
+
+	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result.NamespaceId)
+	assert.Equal(t, "test", res.Result.NamespaceName)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.CreatedBy)
+	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.ModifiedBy)
+}
+
+func TestDeleteWorkersForPlatformsDispatchNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/test", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, deleteDispatchNamespace)
+	})
+
+	err := client.DeleteWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "test")
+
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/workers_kv.go b/pkg/cloudflare-go/workers_kv.go
new file mode 100644
index 0000000000..d7e1f04010
--- /dev/null
+++ b/pkg/cloudflare-go/workers_kv.go
@@ -0,0 +1,378 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/goccy/go-json"
+)
+
+// CreateWorkersKVNamespaceParams provides parameters for creating and updating storage namespaces.
+type CreateWorkersKVNamespaceParams struct {
+	Title string `json:"title"`
+}
+
+type UpdateWorkersKVNamespaceParams struct {
+	NamespaceID string `json:"-"`
+	Title       string `json:"title"`
+}
+
+// WorkersKVPair is used in an array in the request to the bulk KV api.
+type WorkersKVPair struct {
+	Key           string      `json:"key"`
+	Value         string      `json:"value"`
+	Expiration    int         `json:"expiration,omitempty"`
+	ExpirationTTL int         `json:"expiration_ttl,omitempty"`
+	Metadata      interface{} `json:"metadata,omitempty"`
+	Base64        bool        `json:"base64,omitempty"`
+}
+
+// WorkersKVNamespaceResponse is the response received when creating storage namespaces.
+type WorkersKVNamespaceResponse struct {
+	Response
+	Result WorkersKVNamespace `json:"result"`
+}
+
+// WorkersKVNamespace contains the unique identifier and title of a storage namespace.
+type WorkersKVNamespace struct {
+	ID    string `json:"id"`
+	Title string `json:"title"`
+}
+
+// ListWorkersKVNamespacesResponse contains a slice of storage namespaces associated with an
+// account, pagination information, and an embedded response struct.
+type ListWorkersKVNamespacesResponse struct {
+	Response
+	Result     []WorkersKVNamespace `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// StorageKey is a key name used to identify a storage value.
+type StorageKey struct {
+	Name       string      `json:"name"`
+	Expiration int         `json:"expiration"`
+	Metadata   interface{} `json:"metadata"`
+}
+
+// ListStorageKeysResponse contains a slice of keys belonging to a storage namespace,
+// pagination information, and an embedded response struct.
+type ListStorageKeysResponse struct {
+	Response
+	Result     []StorageKey `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+type ListWorkersKVNamespacesParams struct {
+	ResultInfo
+}
+
+type WriteWorkersKVEntryParams struct {
+	NamespaceID string
+	Key         string
+	Value       []byte
+}
+
+type WriteWorkersKVEntriesParams struct {
+	NamespaceID string
+	KVs         []*WorkersKVPair
+}
+
+type GetWorkersKVParams struct {
+	NamespaceID string
+	Key         string
+}
+
+type DeleteWorkersKVEntryParams struct {
+	NamespaceID string
+	Key         string
+}
+
+type DeleteWorkersKVEntriesParams struct {
+	NamespaceID string
+	Keys        []string
+}
+
+type ListWorkersKVsParams struct {
+	NamespaceID string `url:"-"`
+	Limit       int    `url:"limit,omitempty"`
+	Cursor      string `url:"cursor,omitempty"`
+	Prefix      string `url:"prefix,omitempty"`
+}
+
+// CreateWorkersKVNamespace creates a namespace under the given title.
+// A 400 is returned if the account already owns a namespace with this title.
+// A namespace must be explicitly deleted to be replaced.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-create-a-namespace
+func (api *API) CreateWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, params CreateWorkersKVNamespaceParams) (WorkersKVNamespaceResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkersKVNamespaceResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkersKVNamespaceResponse{}, ErrMissingIdentifier
+	}
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return WorkersKVNamespaceResponse{}, err
+	}
+
+	result := WorkersKVNamespaceResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// ListWorkersKVNamespaces lists storage namespaces.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-list-namespaces
+func (api *API) ListWorkersKVNamespaces(ctx context.Context, rc *ResourceContainer, params ListWorkersKVNamespacesParams) ([]WorkersKVNamespace, *ResultInfo, error) {
+	if rc.Level != AccountRouteLevel {
+		return []WorkersKVNamespace{}, &ResultInfo{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []WorkersKVNamespace{}, &ResultInfo{}, ErrMissingIdentifier
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+	if params.PerPage < 1 {
+		params.PerPage = 50
+	}
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var namespaces []WorkersKVNamespace
+	var nsResponse ListWorkersKVNamespacesResponse
+	for {
+		nsResponse = ListWorkersKVNamespacesResponse{}
+		uri := buildURI(fmt.Sprintf("/accounts/%s/storage/kv/namespaces", rc.Identifier), params)
+
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []WorkersKVNamespace{}, &ResultInfo{}, err
+		}
+
+		err = json.Unmarshal(res, &nsResponse)
+		if err != nil {
+			return []WorkersKVNamespace{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal workers KV namespaces JSON data: %w", err)
+		}
+
+		namespaces = append(namespaces, nsResponse.Result...)
+		params.ResultInfo = nsResponse.ResultInfo.Next()
+
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+
+	return namespaces, &nsResponse.ResultInfo, nil
+}
+
+// DeleteWorkersKVNamespace deletes the namespace corresponding to the given ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-remove-a-namespace
+func (api *API) DeleteWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, namespaceID string) (Response, error) {
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s", rc.Identifier, namespaceID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// UpdateWorkersKVNamespace modifies a KV namespace based on the ID.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-rename-a-namespace
+func (api *API) UpdateWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, params UpdateWorkersKVNamespaceParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s", rc.Identifier, params.NamespaceID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// WriteWorkersKVEntry writes a single KV value based on the key.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-write-key-value-pair-with-metadata
+func (api *API) WriteWorkersKVEntry(ctx context.Context, rc *ResourceContainer, params WriteWorkersKVEntryParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
+	res, err := api.makeRequestContextWithHeaders(
+		ctx, http.MethodPut, uri, params.Value, http.Header{"Content-Type": []string{"application/octet-stream"}},
+	)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// WriteWorkersKVEntries writes multiple KVs at once.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-write-multiple-key-value-pairs
+func (api *API) WriteWorkersKVEntries(ctx context.Context, rc *ResourceContainer, params WriteWorkersKVEntriesParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/bulk", rc.Identifier, params.NamespaceID)
+	res, err := api.makeRequestContextWithHeaders(
+		ctx, http.MethodPut, uri, params.KVs, http.Header{"Content-Type": []string{"application/json"}},
+	)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// GetWorkersKV returns the value associated with the given key in the
+// given namespace.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-read-key-value-pair
+func (api API) GetWorkersKV(ctx context.Context, rc *ResourceContainer, params GetWorkersKVParams) ([]byte, error) {
+	if rc.Level != AccountRouteLevel {
+		return []byte(``), ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return []byte(``), ErrMissingIdentifier
+	}
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	return res, nil
+}
+
+// DeleteWorkersKVEntry deletes a key and value for a provided storage namespace.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-delete-key-value-pair
+func (api API) DeleteWorkersKVEntry(ctx context.Context, rc *ResourceContainer, params DeleteWorkersKVEntryParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingIdentifier
+	}
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result, err
+}
+
+// DeleteWorkersKVEntries deletes multiple KVs at once.
+//
+// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-delete-multiple-key-value-pairs
+func (api *API) DeleteWorkersKVEntries(ctx context.Context, rc *ResourceContainer, params DeleteWorkersKVEntriesParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingIdentifier
+	}
+	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/bulk", rc.Identifier, params.NamespaceID)
+	res, err := api.makeRequestContextWithHeaders(
+		ctx, http.MethodDelete, uri, params.Keys, http.Header{"Content-Type": []string{"application/json"}},
+	)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// ListWorkersKVKeys lists a namespace's keys.
+//
+// API Reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-list-a-namespace'-s-keys
+func (api API) ListWorkersKVKeys(ctx context.Context, rc *ResourceContainer, params ListWorkersKVsParams) (ListStorageKeysResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return ListStorageKeysResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ListStorageKeysResponse{}, ErrMissingIdentifier
+	}
+
+	uri := buildURI(
+		fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/keys", rc.Identifier, params.NamespaceID),
+		params,
+	)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ListStorageKeysResponse{}, err
+	}
+
+	result := ListStorageKeysResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return result, err
+}
diff --git a/pkg/cloudflare-go/workers_kv_example_test.go b/pkg/cloudflare-go/workers_kv_example_test.go
new file mode 100644
index 0000000000..233adbc661
--- /dev/null
+++ b/pkg/cloudflare-go/workers_kv_example_test.go
@@ -0,0 +1,210 @@
+package cloudflare_test
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+const (
+	namespace = "xxxxxx96ee002e8xxxxxx665354c0449"
+	accountID = "xxxxxx10ee002e8xxxxxx665354c0410"
+)
+
+func ExampleAPI_CreateWorkersKVNamespace() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	req := cloudflare.CreateWorkersKVNamespaceParams{Title: "test_namespace2"}
+	response, err := api.CreateWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), req)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(response)
+}
+
+func ExampleAPI_ListWorkersKVNamespaces() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	lsr, _, err := api.ListWorkersKVNamespaces(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVNamespacesParams{})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(lsr)
+
+	resp, _, err := api.ListWorkersKVNamespaces(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVNamespacesParams{ResultInfo: cloudflare.ResultInfo{
+		PerPage: 10,
+	}})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
+
+func ExampleAPI_DeleteWorkersKVNamespace() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	response, err := api.DeleteWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), namespace)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(response)
+}
+
+func ExampleAPI_UpdateWorkersKVNamespace() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	resp, err := api.UpdateWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.UpdateWorkersKVNamespaceParams{
+		NamespaceID: namespace,
+		Title:       "test_title",
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
+
+func ExampleAPI_WriteWorkersKVEntry() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	payload := []byte("test payload")
+	key := "test_key"
+
+	resp, err := api.WriteWorkersKVEntry(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.WriteWorkersKVEntryParams{
+		NamespaceID: namespace,
+		Key:         key,
+		Value:       payload,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
+
+func ExampleAPI_WriteWorkersKVEntries() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	payload := []*cloudflare.WorkersKVPair{
+		{
+			Key:   "key1",
+			Value: "value1",
+		},
+		{
+			Key:      "key2",
+			Value:    base64.StdEncoding.EncodeToString([]byte("value2")),
+			Base64:   true,
+			Metadata: "key2's value will be decoded in base64 before it is stored",
+		},
+	}
+
+	resp, err := api.WriteWorkersKVEntries(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.WriteWorkersKVEntriesParams{
+		NamespaceID: namespace,
+		KVs:         payload,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
+
+func ExampleAPI_GetWorkersKV() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	key := "test_key"
+	resp, err := api.GetWorkersKV(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.GetWorkersKVParams{NamespaceID: namespace, Key: key})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%s\n", resp)
+}
+
+func ExampleAPI_DeleteWorkersKVEntry() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	key := "test_key"
+	resp, err := api.DeleteWorkersKVEntry(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.DeleteWorkersKVEntryParams{
+		NamespaceID: namespace,
+		Key:         key,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Printf("%+v\n", resp)
+}
+
+func ExampleAPI_DeleteWorkersKVEntries() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	keys := []string{"key1", "key2", "key3"}
+
+	resp, err := api.DeleteWorkersKVEntries(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.DeleteWorkersKVEntriesParams{
+		NamespaceID: namespace,
+		Keys:        keys,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
+
+func ExampleAPI_ListWorkersKVKeys() {
+	api, err := cloudflare.New(apiKey, user)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	limit := 50
+	prefix := "my-prefix"
+	cursor := "AArAbNSOuYcr4HmzGH02-cfDN8Ck9ejOwkn_Ai5rsn7S9NEqVJBenU9-gYRlrsziyjKLx48hNDLvtYzBAmkPsLGdye8ECr5PqFYcIOfUITdhkyTc1x6bV8nmyjz5DO-XaZH4kYY1KfqT8NRBIe5sic6yYt3FUDttGjafy0ivi-Up-TkVdRB0OxCf3O3OB-svG6DXheV5XTdDNrNx1o_CVqy2l2j0F4iKV1qFe_KhdkjC7Y6QjhUZ1MOb3J_uznNYVCoxZ-bVAAsJmXA"
+
+	resp, err := api.ListWorkersKVKeys(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVsParams{
+		NamespaceID: namespace,
+		Prefix:      prefix,
+		Limit:       limit,
+		Cursor:      cursor,
+	})
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fmt.Println(resp)
+}
diff --git a/pkg/cloudflare-go/workers_kv_test.go b/pkg/cloudflare-go/workers_kv_test.go
new file mode 100644
index 0000000000..80d7b140b9
--- /dev/null
+++ b/pkg/cloudflare-go/workers_kv_test.go
@@ -0,0 +1,506 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"sort"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestWorkersKV_CreateWorkersKVNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := `{
+		"result": {
+			"id" : "3aeaxxxxee014exxxx4cf66xxxxc0448",
+			"title": "test_namespace"
+		},
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.CreateWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), CreateWorkersKVNamespaceParams{Title: "Namespace"})
+	want := WorkersKVNamespaceResponse{
+		successResponse,
+		WorkersKVNamespace{
+			ID:    "3aeaxxxxee014exxxx4cf66xxxxc0448",
+			Title: "test_namespace",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Response, res.Response)
+	}
+}
+
+func TestWorkersKV_DeleteWorkersKVNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	namespace := "3aeaxxxxee014exxxx4cf66xxxxc0448"
+	response := `{
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.DeleteWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), namespace)
+	want := successResponse
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersKV_ListWorkersKVNamespaces(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := `{
+		"result": [
+			{"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+			"title": "test_namespace_1"
+			},
+			{"id": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
+			"title": "test_namespace_2"
+			}
+		],
+		"success": true,
+		"errors": [],
+		"messages": [],
+		"result_info": {
+			"page": 1,
+			"per_page": 100,
+			"count": 2,
+			"total_count": 2,
+			"total_pages": 1
+		}
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, _, err := client.ListWorkersKVNamespaces(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVNamespacesParams{})
+	want := []WorkersKVNamespace{
+		{
+			ID:    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+			Title: "test_namespace_1",
+		},
+		{
+			ID:    "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
+			Title: "test_namespace_2",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		sort.Slice(res, func(i, j int) bool {
+			return res[i].ID < res[j].ID
+		})
+		sort.Slice(want, func(i, j int) bool {
+			return want[i].ID < want[j].ID
+		})
+		assert.Equal(t, res, want)
+	}
+}
+
+func TestWorkersKV_ListWorkersKVNamespaceMultiplePages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response1 := `{
+		"result": [
+			{"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+			"title": "test_namespace_1"
+			}
+		],
+		"success": true,
+		"errors": [],
+		"messages": [],
+		"result_info": {
+			"page": 1,
+			"per_page": 100,
+			"count": 1,
+			"total_count": 2,
+			"total_pages": 2
+		}
+	}`
+
+	response2 := `{
+		"result": [
+			{"id": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
+			"title": "test_namespace_2"
+			}
+		],
+		"success": true,
+		"errors": [],
+		"messages": [],
+		"result_info": {
+			"page": 2,
+			"per_page": 100,
+			"count": 1,
+			"total_count": 2,
+			"total_pages": 2
+		}
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+
+		if r.URL.Query().Get("page") == "1" {
+			fmt.Fprint(w, response1)
+			return
+		} else if r.URL.Query().Get("page") == "2" {
+			fmt.Fprint(w, response2)
+			return
+		} else {
+			panic(errors.New("Got a request for an unexpected page"))
+		}
+	})
+
+	res, _, err := client.ListWorkersKVNamespaces(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVNamespacesParams{})
+	want := []WorkersKVNamespace{
+		{
+			ID:    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+			Title: "test_namespace_1",
+		},
+		{
+			ID:    "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
+			Title: "test_namespace_2",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		sort.Slice(res, func(i, j int) bool {
+			return res[i].ID < res[j].ID
+		})
+		sort.Slice(want, func(i, j int) bool {
+			return want[i].ID < want[j].ID
+		})
+		assert.Equal(t, res, want)
+	}
+}
+
+func TestWorkersKV_UpdateWorkersKVNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": null,
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.UpdateWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersKVNamespaceParams{Title: "Namespace", NamespaceID: namespace})
+	want := successResponse
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersKV_WriteWorkersKVEntry(t *testing.T) {
+	setup()
+	defer teardown()
+
+	key := "test_key"
+	value := []byte("test_value")
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": null,
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/octet-stream")
+		fmt.Fprint(w, response)
+	})
+
+	want := successResponse
+	res, err := client.WriteWorkersKVEntry(context.Background(), AccountIdentifier(testAccountID), WriteWorkersKVEntryParams{NamespaceID: namespace, Key: key, Value: value})
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersKV_WriteWorkersKVEntries(t *testing.T) {
+	setup()
+	defer teardown()
+
+	kvs := []*WorkersKVPair{
+		{Key: "key1", Value: "value1"},
+		{Key: "key2", Value: "value2"},
+		{Key: "key3", Value: "value3", Metadata: "meta3", Base64: true},
+	}
+
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": null,
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/bulk", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	})
+
+	want := successResponse
+	res, err := client.WriteWorkersKVEntries(context.Background(), AccountIdentifier(testAccountID), WriteWorkersKVEntriesParams{NamespaceID: namespace, KVs: kvs})
+	require.NoError(t, err)
+	assert.Equal(t, want, res)
+}
+
+func TestWorkersKV_ReadWorkersKV(t *testing.T) {
+	setup()
+	defer teardown()
+
+	key := "test_key"
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "text/plain")
+		fmt.Fprint(w, "test_value")
+	})
+
+	res, err := client.GetWorkersKV(context.Background(), AccountIdentifier(testAccountID), GetWorkersKVParams{NamespaceID: namespace, Key: key})
+	want := []byte("test_value")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersKV_DeleteWorkersKVEntry(t *testing.T) {
+	setup()
+	defer teardown()
+
+	key := "test_key"
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": null,
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.DeleteWorkersKVEntry(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersKVEntryParams{NamespaceID: namespace, Key: key})
+	want := successResponse
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersKV_DeleteWorkersKVBulk(t *testing.T) {
+	setup()
+	defer teardown()
+
+	keys := []string{"key1", "key2", "key3"}
+
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": null,
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/bulk", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	})
+
+	want := successResponse
+	res, err := client.DeleteWorkersKVEntries(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersKVEntriesParams{NamespaceID: namespace, Keys: keys})
+	require.NoError(t, err)
+	assert.Equal(t, want, res)
+}
+
+func TestWorkersKV_ListKeys(t *testing.T) {
+	setup()
+	defer teardown()
+
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": [
+			{"name": "test_key_1"},
+			{"name": "test_key_2"}
+		],
+		"success": true,
+		"errors": [],
+		"messages": [],
+		"result_info": {
+			"page": 1,
+			"per_page": 20,
+			"count": 2,
+			"total_count": 2,
+			"total_pages": 1
+		}
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/keys", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.ListWorkersKVKeys(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVsParams{NamespaceID: namespace})
+
+	want := ListStorageKeysResponse{
+		successResponse,
+		[]StorageKey{
+			{Name: "test_key_1"},
+			{Name: "test_key_2"},
+		},
+		ResultInfo{
+			Page:       1,
+			PerPage:    20,
+			Count:      2,
+			TotalPages: 1,
+			Total:      2,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Response, res.Response)
+		assert.Equal(t, want.ResultInfo, res.ResultInfo)
+
+		sort.Slice(res.Result, func(i, j int) bool {
+			return res.Result[i].Name < res.Result[j].Name
+		})
+
+		sort.Slice(want.Result, func(i, j int) bool {
+			return want.Result[i].Name < want.Result[j].Name
+		})
+		assert.Equal(t, want.Result, res.Result)
+	}
+}
+
+func TestWorkersKV_ListKeysWithParameters(t *testing.T) {
+	setup()
+	defer teardown()
+
+	cursor := "AArAbNSOuYcr4HmzGH02-cfDN8Ck9ejOwkn_Ai5rsn7S9NEqVJBenU9-gYRlrsziyjKLx48hNDLvtYzBAmkPsLGdye8ECr5PqFYcIOfUITdhkyTc1x6bV8nmyjz5DO-XaZH4kYY1KfqT8NRBIe5sic6yYt3FUDttGjafy0ivi-Up-TkVdRB0OxCf3O3OB-svG6DXheV5XTdDNrNx1o_CVqy2l2j0F4iKV1qFe_KhdkjC7Y6QjhUZ1MOb3J_uznNYVCoxZ-bVAAsJmXA"
+	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	response := `{
+		"result": [
+			{
+				"name": "test_key_1",
+				"metadata": "test_key_1_meta"
+			},
+			{
+				"name": "test_key_2",
+				"metadata": {
+					"test2_meta_key": "test2_meta_value"
+				}
+			}
+		],
+		"success": true,
+		"errors": [],
+		"messages": [],
+		"result_info": {
+			"page": 1,
+			"per_page": 20,
+			"count": 2,
+			"total_count": 2,
+			"total_pages": 1,
+			"cursor": "` + cursor + `"
+		}
+	}`
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/keys", namespace), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	limit, prefix := 25, "test-prefix"
+	res, err := client.ListWorkersKVKeys(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVsParams{
+		NamespaceID: namespace,
+		Limit:       limit,
+		Prefix:      prefix,
+	})
+
+	want := ListStorageKeysResponse{
+		successResponse,
+		[]StorageKey{
+			{
+				Name:     "test_key_1",
+				Metadata: "test_key_1_meta",
+			},
+			{
+				Name: "test_key_2",
+				Metadata: map[string]interface{}{
+					"test2_meta_key": "test2_meta_value",
+				},
+			},
+		},
+		ResultInfo{
+			Page:       1,
+			PerPage:    20,
+			Count:      2,
+			TotalPages: 1,
+			Total:      2,
+			Cursor:     cursor,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Response, res.Response)
+		assert.Equal(t, want.ResultInfo, res.ResultInfo)
+
+		sort.Slice(res.Result, func(i, j int) bool {
+			return res.Result[i].Name < res.Result[j].Name
+		})
+
+		sort.Slice(want.Result, func(i, j int) bool {
+			return want.Result[i].Name < want.Result[j].Name
+		})
+		assert.Equal(t, want.Result, res.Result)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_routes.go b/pkg/cloudflare-go/workers_routes.go
new file mode 100644
index 0000000000..9fc7f7a894
--- /dev/null
+++ b/pkg/cloudflare-go/workers_routes.go
@@ -0,0 +1,162 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+var ErrMissingWorkerRouteID = errors.New("missing required route ID")
+
+type ListWorkerRoutes struct{}
+
+type CreateWorkerRouteParams struct {
+	Pattern string `json:"pattern"`
+	Script  string `json:"script,omitempty"`
+}
+
+type ListWorkerRoutesParams struct{}
+
+type UpdateWorkerRouteParams struct {
+	ID      string `json:"id,omitempty"`
+	Pattern string `json:"pattern"`
+	Script  string `json:"script,omitempty"`
+}
+
+// CreateWorkerRoute creates worker route for a script.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-routes-create-route
+func (api *API) CreateWorkerRoute(ctx context.Context, rc *ResourceContainer, params CreateWorkerRouteParams) (WorkerRouteResponse, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if rc.Identifier == "" {
+		return WorkerRouteResponse{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/workers/routes", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
+	if err != nil {
+		return WorkerRouteResponse{}, err
+	}
+
+	var r WorkerRouteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// DeleteWorkerRoute deletes worker route for a script.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-routes-delete-route
+func (api *API) DeleteWorkerRoute(ctx context.Context, rc *ResourceContainer, routeID string) (WorkerRouteResponse, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if rc.Identifier == "" {
+		return WorkerRouteResponse{}, ErrMissingIdentifier
+	}
+
+	if routeID == "" {
+		return WorkerRouteResponse{}, errors.New("missing required route ID")
+	}
+
+	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, routeID)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return WorkerRouteResponse{}, err
+	}
+	var r WorkerRouteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// ListWorkerRoutes returns list of Worker routes.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-routes-list-routes
+func (api *API) ListWorkerRoutes(ctx context.Context, rc *ResourceContainer, params ListWorkerRoutesParams) (WorkerRoutesResponse, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WorkerRoutesResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if rc.Identifier == "" {
+		return WorkerRoutesResponse{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/workers/routes", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkerRoutesResponse{}, err
+	}
+	var r WorkerRoutesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerRoutesResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r, nil
+}
+
+// GetWorkerRoute returns a Workers route.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-routes-get-route
+func (api *API) GetWorkerRoute(ctx context.Context, rc *ResourceContainer, routeID string) (WorkerRouteResponse, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if rc.Identifier == "" {
+		return WorkerRouteResponse{}, ErrMissingIdentifier
+	}
+
+	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, routeID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkerRouteResponse{}, err
+	}
+	var r WorkerRouteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// UpdateWorkerRoute updates worker route for a script.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-routes-update-route
+func (api *API) UpdateWorkerRoute(ctx context.Context, rc *ResourceContainer, params UpdateWorkerRouteParams) (WorkerRouteResponse, error) {
+	if rc.Level != ZoneRouteLevel {
+		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
+	}
+
+	if rc.Identifier == "" {
+		return WorkerRouteResponse{}, ErrMissingIdentifier
+	}
+
+	if params.ID == "" {
+		return WorkerRouteResponse{}, ErrMissingWorkerRouteID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, params.ID)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return WorkerRouteResponse{}, err
+	}
+	var r WorkerRouteResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
diff --git a/pkg/cloudflare-go/workers_routes_test.go b/pkg/cloudflare-go/workers_routes_test.go
new file mode 100644
index 0000000000..8d36fdc9d4
--- /dev/null
+++ b/pkg/cloudflare-go/workers_routes_test.go
@@ -0,0 +1,121 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateWorkersRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, createWorkerRouteResponse)
+	})
+
+	res, err := client.CreateWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), CreateWorkerRouteParams{
+		Pattern: "app1.example.com/*",
+		Script:  "example",
+	})
+
+	want := WorkerRouteResponse{successResponse, WorkerRoute{ID: "e7a57d8746e74ae49c25994dadb421b1"}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestDeleteWorkersRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/e7a57d8746e74ae49c25994dadb421b1", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, deleteWorkerRouteResponseData)
+	})
+	res, err := client.DeleteWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), "e7a57d8746e74ae49c25994dadb421b1")
+	want := WorkerRouteResponse{successResponse,
+		WorkerRoute{
+			ID: "e7a57d8746e74ae49c25994dadb421b1",
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestListWorkersRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, listWorkerRouteResponse)
+	})
+
+	res, err := client.ListWorkerRoutes(context.Background(), ZoneIdentifier(testZoneID), ListWorkerRoutesParams{})
+	want := WorkerRoutesResponse{successResponse,
+		[]WorkerRoute{
+			{ID: "e7a57d8746e74ae49c25994dadb421b1", Pattern: "app1.example.com/*", ScriptName: "test_script_1"},
+			{ID: "f8b68e9857f85bf59c25994dadb421b1", Pattern: "app2.example.com/*", ScriptName: "test_script_2"},
+			{ID: "2b5bf4240cd34c77852fac70b1bf745a", Pattern: "app3.example.com/*", ScriptName: "test_script_3"},
+		},
+	}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestGetWorkersRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/1234", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, getRouteResponseData)
+	})
+
+	res, err := client.GetWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), "1234")
+	want := WorkerRouteResponse{successResponse,
+		WorkerRoute{
+			ID:         "e7a57d8746e74ae49c25994dadb421b1",
+			Pattern:    "app1.example.com/*",
+			ScriptName: "script-name"},
+	}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUpdateWorkersRoute(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/e7a57d8746e74ae49c25994dadb421b1", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, updateWorkerRouteEntResponse)
+	})
+
+	res, err := client.UpdateWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), UpdateWorkerRouteParams{
+		ID:      "e7a57d8746e74ae49c25994dadb421b1",
+		Pattern: "app3.example.com/*",
+		Script:  "test_script_1",
+	})
+	want := WorkerRouteResponse{successResponse,
+		WorkerRoute{
+			ID:         "e7a57d8746e74ae49c25994dadb421b1",
+			Pattern:    "app3.example.com/*",
+			ScriptName: "test_script_1",
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_secrets.go b/pkg/cloudflare-go/workers_secrets.go
new file mode 100644
index 0000000000..cfcd597fd4
--- /dev/null
+++ b/pkg/cloudflare-go/workers_secrets.go
@@ -0,0 +1,125 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+// WorkersPutSecretRequest provides parameters for creating and updating secrets.
+type WorkersPutSecretRequest struct {
+	Name string            `json:"name"`
+	Text string            `json:"text"`
+	Type WorkerBindingType `json:"type"`
+}
+
+// WorkersSecret contains the name and type of the secret.
+type WorkersSecret struct {
+	Name string `json:"name"`
+	Type string `json:"secret_text"`
+}
+
+// WorkersPutSecretResponse is the response received when creating or updating a secret.
+type WorkersPutSecretResponse struct {
+	Response
+	Result WorkersSecret `json:"result"`
+}
+
+// WorkersListSecretsResponse is the response received when listing secrets.
+type WorkersListSecretsResponse struct {
+	Response
+	Result []WorkersSecret `json:"result"`
+}
+
+type SetWorkersSecretParams struct {
+	ScriptName string
+	Secret     *WorkersPutSecretRequest
+}
+
+type DeleteWorkersSecretParams struct {
+	ScriptName string
+	SecretName string
+}
+
+type ListWorkersSecretsParams struct {
+	ScriptName string
+}
+
+// SetWorkersSecret creates or updates a secret.
+//
+// API reference: https://api.cloudflare.com/
+func (api *API) SetWorkersSecret(ctx context.Context, rc *ResourceContainer, params SetWorkersSecretParams) (WorkersPutSecretResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkersPutSecretResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkersPutSecretResponse{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Secret)
+	if err != nil {
+		return WorkersPutSecretResponse{}, err
+	}
+
+	result := WorkersPutSecretResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// DeleteWorkersSecret deletes a secret.
+//
+// API reference: https://api.cloudflare.com/
+func (api *API) DeleteWorkersSecret(ctx context.Context, rc *ResourceContainer, params DeleteWorkersSecretParams) (Response, error) {
+	if rc.Level != AccountRouteLevel {
+		return Response{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return Response{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets/%s", rc.Identifier, params.ScriptName, params.SecretName)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return Response{}, err
+	}
+
+	result := Response{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
+
+// ListWorkersSecrets lists secrets for a given worker
+// API reference: https://api.cloudflare.com/
+func (api *API) ListWorkersSecrets(ctx context.Context, rc *ResourceContainer, params ListWorkersSecretsParams) (WorkersListSecretsResponse, error) {
+	if rc.Level != AccountRouteLevel {
+		return WorkersListSecretsResponse{}, ErrRequiredAccountLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return WorkersListSecretsResponse{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkersListSecretsResponse{}, err
+	}
+
+	result := WorkersListSecretsResponse{}
+	if err := json.Unmarshal(res, &result); err != nil {
+		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return result, err
+}
diff --git a/pkg/cloudflare-go/workers_secrets_test.go b/pkg/cloudflare-go/workers_secrets_test.go
new file mode 100644
index 0000000000..dc3ac99faa
--- /dev/null
+++ b/pkg/cloudflare-go/workers_secrets_test.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSetWorkersSecret(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := `{
+		"result": {
+			"name" : "my-secret",
+			"type": "secret_text"
+		},
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+	req := &WorkersPutSecretRequest{
+		Name: "my-secret",
+		Text: "super-secret",
+	}
+	res, err := client.SetWorkersSecret(context.Background(), AccountIdentifier(testAccountID), SetWorkersSecretParams{ScriptName: "test-script", Secret: req})
+	want := WorkersPutSecretResponse{
+		successResponse,
+		WorkersSecret{
+			Name: "test",
+			Type: "secret_text",
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Response, res.Response)
+	}
+}
+
+func TestDeleteWorkersSecret(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := `{
+		"result": {
+			"name" : "test",
+			"type": "secret_text"
+		},
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets/my-secret", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.DeleteWorkersSecret(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersSecretParams{ScriptName: "test-script", SecretName: "my-secret"})
+	want := successResponse
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestListWorkersSecret(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := `{
+		"result": [{
+			"name" : "my-secret",
+			"type": "secret_text"
+		}],
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, response)
+	})
+
+	res, err := client.ListWorkersSecrets(context.Background(), AccountIdentifier(testAccountID), ListWorkersSecretsParams{ScriptName: "test-script"})
+	want := WorkersListSecretsResponse{
+		successResponse,
+		[]WorkersSecret{
+			{
+				Name: "my-secret",
+				Type: "secret_text",
+			},
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Response, res.Response)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_subdomain.go b/pkg/cloudflare-go/workers_subdomain.go
new file mode 100644
index 0000000000..4fc2e7c4db
--- /dev/null
+++ b/pkg/cloudflare-go/workers_subdomain.go
@@ -0,0 +1,58 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/goccy/go-json"
+)
+
+type WorkersSubdomain struct {
+	Name string `json:"name,omitempty"`
+}
+
+type WorkersSubdomainResponse struct {
+	Response
+	Result WorkersSubdomain
+}
+
+// WorkersCreateSubdomain Creates a Workers subdomain for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-subdomain-create-subdomain
+func (api *API) WorkersCreateSubdomain(ctx context.Context, rc *ResourceContainer, params WorkersSubdomain) (WorkersSubdomain, error) {
+	if rc.Identifier == "" {
+		return WorkersSubdomain{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/subdomain", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return WorkersSubdomain{}, err
+	}
+	var r WorkersSubdomainResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return WorkersSubdomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// WorkersGetSubdomain Creates a Workers subdomain for an account.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-subdomain-get-subdomain
+func (api *API) WorkersGetSubdomain(ctx context.Context, rc *ResourceContainer) (WorkersSubdomain, error) {
+	if rc.Identifier == "" {
+		return WorkersSubdomain{}, ErrMissingAccountID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/subdomain", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkersSubdomain{}, err
+	}
+	var r WorkersSubdomainResponse
+	if err := json.Unmarshal(res, &r); err != nil {
+		return WorkersSubdomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
diff --git a/pkg/cloudflare-go/workers_subdomain_test.go b/pkg/cloudflare-go/workers_subdomain_test.go
new file mode 100644
index 0000000000..d460cce028
--- /dev/null
+++ b/pkg/cloudflare-go/workers_subdomain_test.go
@@ -0,0 +1,72 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestWorkersSubdomain_CreateSubdomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/subdomain", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "name": "example-subdomain"
+  }
+}`)
+	})
+
+	_, err := client.WorkersCreateSubdomain(context.Background(), AccountIdentifier(""), WorkersSubdomain{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	res, err := client.WorkersCreateSubdomain(context.Background(), AccountIdentifier(testAccountID), WorkersSubdomain{Name: "example-subdomain"})
+
+	want := WorkersSubdomain{Name: "example-subdomain"}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersSubdomain_GetSubdomain(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/subdomain", testAccountID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "name": "example-subdomain"
+  }
+}`)
+	})
+
+	_, err := client.WorkersGetSubdomain(context.Background(), AccountIdentifier(""))
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingAccountID, err)
+	}
+
+	res, err := client.WorkersGetSubdomain(context.Background(), AccountIdentifier(testAccountID))
+
+	want := WorkersSubdomain{Name: "example-subdomain"}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
diff --git a/pkg/cloudflare-go/workers_tail.go b/pkg/cloudflare-go/workers_tail.go
new file mode 100644
index 0000000000..733bc98dcd
--- /dev/null
+++ b/pkg/cloudflare-go/workers_tail.go
@@ -0,0 +1,114 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+var (
+	ErrMissingScriptName = errors.New("required script name missing")
+	ErrMissingTailID     = errors.New("required tail id missing")
+)
+
+type WorkersTail struct {
+	ID        string     `json:"id"`
+	URL       string     `json:"url"`
+	ExpiresAt *time.Time `json:"expires_at"`
+}
+
+type StartWorkersTailResponse struct {
+	Response
+	Result WorkersTail
+}
+
+type ListWorkersTailParameters struct {
+	AccountID  string
+	ScriptName string
+}
+
+type ListWorkersTailResponse struct {
+	Response
+	Result WorkersTail
+}
+
+// StartWorkersTail Starts a tail that receives logs and exception from a Worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-start-tail
+func (api *API) StartWorkersTail(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkersTail, error) {
+	if rc.Identifier == "" {
+		return WorkersTail{}, ErrMissingAccountID
+	}
+
+	if scriptName == "" {
+		return WorkersTail{}, ErrMissingScriptName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", rc.Identifier, scriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return WorkersTail{}, err
+	}
+
+	var workerstailResponse StartWorkersTailResponse
+	if err := json.Unmarshal(res, &workerstailResponse); err != nil {
+		return WorkersTail{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return workerstailResponse.Result, nil
+}
+
+// ListWorkersTail Get list of tails currently deployed on a Worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-list-tails
+func (api *API) ListWorkersTail(ctx context.Context, rc *ResourceContainer, params ListWorkersTailParameters) (WorkersTail, error) {
+	if rc.Identifier == "" {
+		return WorkersTail{}, ErrMissingAccountID
+	}
+
+	if params.ScriptName == "" {
+		return WorkersTail{}, ErrMissingScriptName
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", rc.Identifier, params.ScriptName)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return WorkersTail{}, err
+	}
+
+	var workerstailResponse ListWorkersTailResponse
+	if err := json.Unmarshal(res, &workerstailResponse); err != nil {
+		return WorkersTail{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return workerstailResponse.Result, nil
+}
+
+// DeleteWorkersTail Deletes a tail from a Worker.
+//
+// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-delete-tail
+func (api *API) DeleteWorkersTail(ctx context.Context, rc *ResourceContainer, scriptName, tailID string) error {
+	if rc.Identifier == "" {
+		return ErrMissingAccountID
+	}
+
+	if scriptName == "" {
+		return ErrMissingScriptName
+	}
+
+	if tailID == "" {
+		return ErrMissingTailID
+	}
+
+	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails/%s", rc.Identifier, scriptName, tailID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/workers_tail_test.go b/pkg/cloudflare-go/workers_tail_test.go
new file mode 100644
index 0000000000..ed57b4d80c
--- /dev/null
+++ b/pkg/cloudflare-go/workers_tail_test.go
@@ -0,0 +1,118 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	testScriptName = "this-is_my_script-01"
+	testTailID     = "03dc9f77817b488fb26c5861ec18f791"
+)
+
+func TestWorkersTail_StartWorkersTail(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", testAccountID, testScriptName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "03dc9f77817b488fb26c5861ec18f791",
+    "url": "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
+    "expires_at": "2021-08-20T19:15:51Z"
+  }
+}`)
+	})
+
+	_, err := client.StartWorkersTail(context.Background(), AccountIdentifier(testAccountID), "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingScriptName, err)
+	}
+
+	res, err := client.StartWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName)
+	expiresAt, _ := time.Parse(time.RFC3339, "2021-08-20T19:15:51Z")
+	want := WorkersTail{
+		ID:        "03dc9f77817b488fb26c5861ec18f791",
+		URL:       "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
+		ExpiresAt: &expiresAt,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersTail_ListWorkersTail(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", testAccountID, testScriptName), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "03dc9f77817b488fb26c5861ec18f791",
+    "url": "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
+    "expires_at": "2021-08-20T19:15:51Z"
+  }
+}`)
+	})
+
+	_, err := client.ListWorkersTail(context.Background(), AccountIdentifier(testAccountID), ListWorkersTailParameters{ScriptName: ""})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingScriptName, err)
+	}
+
+	res, err := client.ListWorkersTail(context.Background(), AccountIdentifier(testAccountID), ListWorkersTailParameters{ScriptName: testScriptName})
+	expiresAt, _ := time.Parse(time.RFC3339, "2021-08-20T19:15:51Z")
+	want := WorkersTail{
+		ID:        "03dc9f77817b488fb26c5861ec18f791",
+		URL:       "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
+		ExpiresAt: &expiresAt,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestWorkersTail_DeleteWorkersTail(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails/%s", testAccountID, testScriptName, testTailID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+  "success": true,
+  "errors": [],
+  "messages": [],
+}`)
+	})
+
+	err := client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), "", "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingScriptName, err)
+	}
+
+	err = client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName, "")
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrMissingTailID, err)
+	}
+
+	err = client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName, testTailID)
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/workers_test.go b/pkg/cloudflare-go/workers_test.go
new file mode 100644
index 0000000000..6175440a13
--- /dev/null
+++ b/pkg/cloudflare-go/workers_test.go
@@ -0,0 +1,1451 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+const (
+	deleteWorkerResponseData = `{
+    "result": null,
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+
+	updateWorkerRouteResponse = `{
+    "result": {
+        "id": "e7a57d8746e74ae49c25994dadb421b1",
+        "pattern": "app3.example.com/*",
+        "enabled": true
+    },
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	updateWorkerRouteEntResponse = `{
+    "result": {
+        "id": "e7a57d8746e74ae49c25994dadb421b1",
+        "pattern": "app3.example.com/*",
+        "script": "test_script_1"
+    },
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	createWorkerRouteResponse = `{
+    "result": {
+        "id": "e7a57d8746e74ae49c25994dadb421b1"
+    },
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	listRouteResponseData = `{
+    "result": [
+        {
+            "id": "e7a57d8746e74ae49c25994dadb421b1",
+            "pattern": "app1.example.com/*",
+            "enabled": true
+        },
+        {
+            "id": "f8b68e9857f85bf59c25994dadb421b1",
+            "pattern": "app2.example.com/*",
+            "enabled": false
+        }
+    ],
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	listWorkerRouteResponse = `{
+    "result": [
+        {
+            "id": "e7a57d8746e74ae49c25994dadb421b1",
+            "pattern": "app1.example.com/*",
+            "script": "test_script_1"
+        },
+        {
+            "id": "f8b68e9857f85bf59c25994dadb421b1",
+            "pattern": "app2.example.com/*",
+            "script": "test_script_2"
+        },
+        {
+            "id": "2b5bf4240cd34c77852fac70b1bf745a",
+            "pattern": "app3.example.com/*",
+			"script": "test_script_3"
+        }
+    ],
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	getRouteResponseData = `{
+    "result": {
+       "id": "e7a57d8746e74ae49c25994dadb421b1",
+       "pattern": "app1.example.com/*",
+       "script": "script-name"
+    },
+    "success": true,
+    "errors": [],
+    "messages": []
+}`
+	listBindingsResponseData = `{
+		"result": [
+			{
+				"name": "MY_KV",
+				"namespace_id": "89f5f8fd93f94cb98473f6f421aa3b65",
+				"type": "kv_namespace"
+			},
+			{
+				"name": "MY_WASM",
+				"type": "wasm_module"
+			},
+			{
+				"name": "MY_PLAIN_TEXT",
+				"type": "plain_text",
+				"text": "text"
+			},
+			{
+				"name": "MY_SECRET_TEXT",
+				"type": "secret_text"
+			},
+			{
+				"name": "MY_SERVICE_BINDING",
+				"type": "service",
+				"service": "MY_SERVICE",
+				"environment": "MY_ENVIRONMENT"
+			},
+			{
+				"name": "MY_NEW_BINDING",
+				"type": "some_imaginary_new_binding_type"
+			},
+			{
+				"name": "MY_BUCKET",
+				"type": "r2_bucket",
+				"bucket_name": "bucket"
+			},
+			{
+				"name": "MY_DATASET",
+				"type": "analytics_engine",
+				"dataset": "my_dataset"
+			},
+			{
+				"name": "MY_DATABASE",
+				"type": "d1",
+				"database_id": "cef5331f-e5c7-4c8a-a415-7908ae45f92a"
+			}
+		],
+		"success": true,
+		"errors": [],
+		"messages": []
+	}`
+	listWorkersResponseData = `{
+  "result": [
+    {
+      "id": "bar",
+      "created_on": "2018-04-22T17:10:48.938097Z",
+      "modified_on": "2018-04-22T17:10:48.938097Z",
+      "etag": "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a"
+    },
+    {
+      "id": "baz",
+      "created_on": "2018-04-22T17:10:48.938097Z",
+      "modified_on": "2018-04-22T17:10:48.938097Z",
+      "etag": "380dg51e97e80b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43088b"
+    }
+  ],
+  "success": true,
+  "errors": [],
+  "messages": []
+}`
+	workerMetadata = `{
+		"id": "e7a57d8746e74ae49c25994dadb421b1",
+		"etag": "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+		"logpush": true
+	}`
+	workerScript = `addEventListener('fetch', event => {
+  event.passThroughOnException()
+  event.respondWith(handleRequest(event.request))
+})
+
+async function handleRequest(request) {
+  return fetch(request)
+}`
+	workerModuleScript = `export default {
+  async fetch(request, env, event) {
+    event.passThroughOnException()
+    return fetch(request)
+  }
+}`
+	workerModuleScriptDownloadResponse = `
+--workermodulescriptdownload
+Content-Disposition: form-data; name="worker.js"
+
+export default {
+  async fetch(request, env, event) {
+    event.passThroughOnException()
+    return fetch(request)
+  }
+}
+--workermodulescriptdownload--
+`
+)
+
+var (
+	successResponse               = Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
+	deleteWorkerRouteResponseData = createWorkerRouteResponse
+	attachWorkerToDomainResponse  = fmt.Sprintf(`{
+    "result": {
+        "id": "e7a57d8746e74ae49c25994dadb421b1",
+	"zone_id": "%s",
+	"service":"test_script_1",
+	"hostname":"api4.example.com",
+	"environment":"production"
+    },
+    "success": true,
+    "errors": [],
+    "messages": []
+}`, testZoneID)
+)
+
+type (
+	WorkersTestScriptResponse struct {
+		Script            string                 `json:"script"`
+		UsageModel        string                 `json:"usage_model,omitempty"`
+		Handlers          []string               `json:"handlers"`
+		ID                string                 `json:"id,omitempty"`
+		ETAG              string                 `json:"etag,omitempty"`
+		Size              uint                   `json:"size,omitempty"`
+		CreatedOn         string                 `json:"created_on,omitempty"`
+		ModifiedOn        string                 `json:"modified_on,omitempty"`
+		LastDeployedFrom  *string                `json:"last_deployed_from,omitempty"`
+		DeploymentId      *string                `json:"deployment_id,omitempty"`
+		CompatibilityDate *string                `json:"compatibility_date,omitempty"`
+		Logpush           *bool                  `json:"logpush,omitempty"`
+		TailConsumers     *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
+		PlacementMode     *string                `json:"placement_mode,omitempty"`
+	}
+	workersTestResponseOpt func(r *WorkersTestScriptResponse)
+)
+
+var (
+	expectedWorkersServiceWorkerScript = "addEventListener('fetch', event => {\n  event.passThroughOnException()\n  event.respondWith(handleRequest(event.request))\n})\n\nasync function handleRequest(request) {\n  return fetch(request)\n}"
+	expectedWorkersModuleWorkerScript  = "export default {\n  async fetch(request, env, event) {\n    event.passThroughOnException()\n    return fetch(request)\n  }\n}"
+	WorkersDefaultTestResponse         = WorkersTestScriptResponse{
+		Script:            expectedWorkersServiceWorkerScript,
+		Handlers:          []string{"fetch"},
+		UsageModel:        "unbound",
+		ID:                "e7a57d8746e74ae49c25994dadb421b1",
+		ETAG:              "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+		Size:              191,
+		LastDeployedFrom:  StringPtr("dash"),
+		Logpush:           BoolPtr(false),
+		CompatibilityDate: StringPtr("2022-07-12"),
+	}
+)
+
+//nolint:unused
+func withWorkerScript(content string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.Script = content }
+}
+
+//nolint:unused
+func withWorkerUsageModel(um string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.UsageModel = um }
+}
+
+//nolint:unused
+func withWorkerHandlers(h []string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.Handlers = h }
+}
+
+//nolint:unused
+func withWorkerID(id string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.ID = id }
+}
+
+//nolint:unused
+func withWorkerEtag(etag string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.ETAG = etag }
+}
+
+//nolint:unused
+func withWorkerSize(size uint) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.Size = size }
+}
+
+//nolint:unused
+func withWorkerCreatedOn(co time.Time) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.CreatedOn = co.Format(time.RFC3339Nano) }
+}
+
+//nolint:unused
+func withWorkerModifiedOn(mo time.Time) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.ModifiedOn = mo.Format(time.RFC3339Nano) }
+}
+
+//nolint:unused
+func withWorkerLogpush(logpush *bool) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.Logpush = logpush }
+}
+
+//nolint:unused
+func withWorkerPlacementMode(mode *string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.PlacementMode = mode }
+}
+
+//nolint:unused
+func withWorkerTailConsumers(consumers ...WorkersTailConsumer) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.TailConsumers = &consumers }
+}
+
+//nolint:unused
+func withWorkerLastDeployedFrom(from *string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.LastDeployedFrom = from }
+}
+
+//nolint:unused
+func withWorkerDeploymentId(dID *string) workersTestResponseOpt {
+	return func(r *WorkersTestScriptResponse) { r.DeploymentId = dID }
+}
+
+func workersScriptResponse(t testing.TB, opts ...workersTestResponseOpt) string {
+	var responseConfig = WorkersDefaultTestResponse
+	for _, opt := range opts {
+		opt(&responseConfig)
+	}
+
+	bytes, err := json.Marshal(struct {
+		Response
+		Result WorkersTestScriptResponse `json:"result"`
+	}{
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+		Result:   responseConfig,
+	})
+	require.NoError(t, err)
+
+	return string(bytes)
+}
+
+func getFormValue(r *http.Request, key string) ([]byte, error) {
+	err := r.ParseMultipartForm(1024 * 1024)
+	if err != nil {
+		return nil, err
+	}
+
+	// In Go 1.10 there was a bug where field values with a content-type
+	// but without a filename would end up in Form.File but in versions
+	// before and after 1.10 they would be in form.Value. Here we check
+	// both in order to handle both scenarios
+	// https://golang.org/doc/go1.11#mime/multipart
+
+	// pre/post v1.10
+	if values, ok := r.MultipartForm.Value[key]; ok {
+		return []byte(values[0]), nil
+	}
+
+	// v1.10
+	if fileHeaders, ok := r.MultipartForm.File[key]; ok {
+		file, err := fileHeaders[0].Open()
+		if err != nil {
+			return nil, err
+		}
+		return io.ReadAll(file)
+	}
+
+	return nil, fmt.Errorf("no value found for key %v", key)
+}
+
+func getFileDetails(r *http.Request, key string) (*multipart.FileHeader, error) {
+	err := r.ParseMultipartForm(1024 * 1024)
+	if err != nil {
+		return nil, err
+	}
+
+	fileHeaders := r.MultipartForm.File[key]
+
+	if len(fileHeaders) > 0 {
+		return fileHeaders[0], nil
+	}
+
+	return nil, fmt.Errorf("no value found for key %v", key)
+}
+
+type multipartUpload struct {
+	Script             string
+	BindingMeta        map[string]workerBindingMeta
+	Logpush            *bool
+	CompatibilityDate  string
+	CompatibilityFlags []string
+	Placement          *Placement
+	Tags               []string
+}
+
+func parseMultipartUpload(r *http.Request) (multipartUpload, error) {
+	// Parse the metadata
+	mdBytes, err := getFormValue(r, "metadata")
+	if err != nil {
+		return multipartUpload{}, err
+	}
+
+	var metadata struct {
+		BodyPart           string              `json:"body_part,omitempty"`
+		MainModule         string              `json:"main_module,omitempty"`
+		Bindings           []workerBindingMeta `json:"bindings"`
+		Logpush            *bool               `json:"logpush,omitempty"`
+		CompatibilityDate  string              `json:"compatibility_date,omitempty"`
+		CompatibilityFlags []string            `json:"compatibility_flags,omitempty"`
+		Placement          *Placement          `json:"placement,omitempty"`
+		Tags               []string            `json:"tags"`
+	}
+	err = json.Unmarshal(mdBytes, &metadata)
+	if err != nil {
+		return multipartUpload{}, err
+	}
+
+	// Get the script
+	script, err := getFormValue(r, metadata.BodyPart)
+	if err != nil {
+		script, err = getFormValue(r, metadata.MainModule)
+
+		if err != nil {
+			return multipartUpload{}, err
+		}
+	}
+
+	// Since bindings are specified in the Go API as a map but are uploaded as a
+	// JSON array, the ordering of uploaded bindings is non-deterministic. To make
+	// it easier to compare for equality without running into ordering issues, we
+	// convert it back to a map
+	bindingMeta := make(map[string]workerBindingMeta)
+	for _, binding := range metadata.Bindings {
+		bindingMeta[binding["name"].(string)] = binding
+	}
+
+	return multipartUpload{
+		Script:             string(script),
+		BindingMeta:        bindingMeta,
+		Logpush:            metadata.Logpush,
+		CompatibilityDate:  metadata.CompatibilityDate,
+		CompatibilityFlags: metadata.CompatibilityFlags,
+		Placement:          metadata.Placement,
+		Tags:               metadata.Tags,
+	}, nil
+}
+
+func TestDeleteWorker(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, deleteWorkerResponseData)
+	})
+
+	err := client.DeleteWorker(context.Background(), AccountIdentifier(testAccountID), DeleteWorkerParams{ScriptName: "bar"})
+	assert.NoError(t, err)
+}
+
+func TestDeleteNamespacedWorker(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/foo/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, deleteWorkerResponseData)
+	})
+
+	err := client.DeleteWorker(context.Background(), AccountIdentifier(testAccountID), DeleteWorkerParams{
+		ScriptName:        "bar",
+		DispatchNamespace: &[]string{"foo"}[0],
+	})
+	assert.NoError(t, err)
+}
+
+func TestGetWorker(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, workerScript)
+	})
+	res, err := client.GetWorker(context.Background(), AccountIdentifier(testAccountID), "foo")
+	want := WorkerScriptResponse{
+		successResponse,
+		false,
+		WorkerScript{
+			Script: workerScript,
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Script, res.Script)
+	}
+}
+
+func TestGetWorker_Module(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "multipart/form-data; boundary=workermodulescriptdownload")
+		fmt.Fprint(w, workerModuleScriptDownloadResponse)
+	})
+
+	res, err := client.GetWorker(context.Background(), AccountIdentifier(testAccountID), "foo")
+	want := WorkerScriptResponse{
+		successResponse,
+		true,
+		WorkerScript{
+			Script: workerModuleScript,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Script, res.Script)
+	}
+}
+
+func TestGetWorkerWithDispatchNamespace_Module(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/bar/scripts/foo/content", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "multipart/form-data; boundary=workermodulescriptdownload")
+		fmt.Fprint(w, workerModuleScriptDownloadResponse)
+	})
+
+	res, err := client.GetWorkerWithDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "foo", "bar")
+	want := WorkerScriptResponse{
+		successResponse,
+		true,
+		WorkerScript{
+			Script: workerModuleScript,
+		},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Script, res.Script)
+	}
+}
+
+func TestGetWorkersScriptContent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/content/v2", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, workerScript)
+	})
+
+	res, err := client.GetWorkersScriptContent(context.Background(), AccountIdentifier(testAccountID), "foo")
+	want := workerScript
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUpdateWorkersScriptContent(t *testing.T) {
+	setup()
+	defer teardown()
+
+	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/content", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		contentTypeHeader := r.Header.Get("content-type")
+		assert.Equal(t, "application/javascript", contentTypeHeader, "Expected content-type request header to be 'application/javascript', got %s", contentTypeHeader)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
+	})
+
+	res, err := client.UpdateWorkersScriptContent(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersScriptContentParams{ScriptName: "foo", Script: workerScript})
+	want := WorkerScriptResponse{
+		successResponse,
+		false,
+		WorkerScript{
+			Script: workerScript,
+		},
+	}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.Script, res.Script)
+	}
+}
+
+func TestGetWorkersScriptSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/settings", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, workerMetadata)
+	})
+
+	res, err := client.GetWorkersScriptSettings(context.Background(), AccountIdentifier(testAccountID), "foo")
+	logpush := true
+	want := WorkerScriptSettingsResponse{
+		successResponse,
+		WorkerMetaData{
+			ID:      "e7a57d8746e74ae49c25994dadb421b1",
+			ETAG:    "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+			Logpush: &logpush,
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.WorkerMetaData, res.WorkerMetaData)
+	}
+}
+
+func TestUpdateWorkersScriptSettings(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/settings", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/javascript")
+		fmt.Fprint(w, workerMetadata)
+	})
+
+	res, err := client.UpdateWorkersScriptSettings(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersScriptSettingsParams{ScriptName: "foo"})
+	logpush := true
+	want := WorkerScriptSettingsResponse{
+		successResponse,
+		WorkerMetaData{
+			ID:      "e7a57d8746e74ae49c25994dadb421b1",
+			ETAG:    "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+			Logpush: &logpush,
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want.WorkerMetaData, res.WorkerMetaData)
+	}
+}
+
+func TestListWorkers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, listWorkersResponseData)
+	})
+
+	res, _, err := client.ListWorkers(context.Background(), AccountIdentifier(testAccountID), ListWorkersParams{})
+	sampleDate, _ := time.Parse(time.RFC3339Nano, "2018-04-22T17:10:48.938097Z")
+	want := []WorkerMetaData{
+		{
+			ID:         "bar",
+			ETAG:       "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+			CreatedOn:  sampleDate,
+			ModifiedOn: sampleDate,
+		},
+		{
+			ID:         "baz",
+			ETAG:       "380dg51e97e80b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43088b",
+			CreatedOn:  sampleDate,
+			ModifiedOn: sampleDate,
+		},
+	}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res.WorkerList)
+	}
+}
+
+func TestUploadWorker_Basic(t *testing.T) {
+	setup()
+	defer teardown()
+
+	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		contentTypeHeader := r.Header.Get("content-type")
+		assert.Equal(t, "application/javascript", contentTypeHeader, "Expected content-type request header to be 'application/javascript', got %s", contentTypeHeader)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
+	})
+	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerScript})
+	want := WorkerScriptResponse{
+		successResponse,
+		false,
+		WorkerScript{
+			Script:     workerScript,
+			UsageModel: "unbound",
+			WorkerMetaData: WorkerMetaData{
+				ID:               "e7a57d8746e74ae49c25994dadb421b1",
+				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+				Size:             191,
+				ModifiedOn:       formattedTime,
+				Logpush:          BoolPtr(false),
+				LastDeployedFrom: StringPtr("dash"),
+			},
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUploadWorker_Module(t *testing.T) {
+	setup()
+	defer teardown()
+
+	formattedCreatedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		assert.Equal(t, workerModuleScript, mpUpload.Script)
+
+		workerFileDetails, err := getFileDetails(r, "worker.mjs")
+		if !assert.NoError(t, err) {
+			assert.FailNow(t, "worker file not found in multipart form body")
+		}
+		contentTypeHeader := workerFileDetails.Header.Get("content-type")
+		expectedContentType := "application/javascript+module"
+		assert.Equal(t, expectedContentType, contentTypeHeader, "Expected content-type request header to be %s, got %s", expectedContentType, contentTypeHeader)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerCreatedOn(formattedCreatedTime)))
+	})
+	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerModuleScript, Module: true})
+	want := WorkerScriptResponse{
+		Response: successResponse,
+		Module:   false,
+		WorkerScript: WorkerScript{
+			Script:     workerModuleScript,
+			UsageModel: "unbound",
+			WorkerMetaData: WorkerMetaData{
+				ID:               "e7a57d8746e74ae49c25994dadb421b1",
+				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+				Size:             191,
+				CreatedOn:        formattedCreatedTime,
+				Logpush:          BoolPtr(false),
+				LastDeployedFrom: StringPtr("dash"),
+			},
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUploadWorker_WithDurableObjectBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name":        "b1",
+				"type":        "durable_object_namespace",
+				"class_name":  "TheClass",
+				"script_name": "the_script",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerDurableObjectBinding{
+				ClassName:  "TheClass",
+				ScriptName: "the_script",
+			},
+		},
+	})
+
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithInheritBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
+	// Setup route handler for both single-script and multi-script
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name": "b1",
+				"type": "inherit",
+			},
+			"b2": {
+				"name":     "b2",
+				"type":     "inherit",
+				"old_name": "old_binding_name",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	want := WorkerScriptResponse{
+		Response: successResponse,
+		Module:   false,
+		WorkerScript: WorkerScript{
+			Script:     workerScript,
+			UsageModel: "unbound",
+			WorkerMetaData: WorkerMetaData{
+				ID:               "e7a57d8746e74ae49c25994dadb421b1",
+				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+				Size:             191,
+				ModifiedOn:       formattedTime,
+				Logpush:          BoolPtr(false),
+				LastDeployedFrom: StringPtr("dash"),
+			},
+		}}
+
+	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerInheritBinding{},
+			"b2": WorkerInheritBinding{
+				OldName: "old_binding_name",
+			},
+		}})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUploadWorker_WithKVBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name":         "b1",
+				"type":         "kv_namespace",
+				"namespace_id": "test-namespace",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerKvNamespaceBinding{
+				NamespaceID: "test-namespace",
+			},
+		}})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithWasmBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		partName := mpUpload.BindingMeta["b1"]["part"].(string)
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name": "b1",
+				"type": "wasm_module",
+				"part": partName,
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		wasmContent, err := getFormValue(r, partName)
+		assert.NoError(t, err)
+		assert.Equal(t, []byte("fake-wasm"), wasmContent)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerWebAssemblyBinding{
+				Module: strings.NewReader("fake-wasm"),
+			},
+		},
+	})
+
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithPlainTextBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name": "b1",
+				"type": "plain_text",
+				"text": "plain text value",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerPlainTextBinding{
+				Text: "plain text value",
+			},
+		},
+	})
+
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_ModuleWithPlainTextBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name": "b1",
+				"type": "plain_text",
+				"text": "plain text value",
+			},
+		}
+		assert.Equal(t, workerModuleScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		workerFileDetails, err := getFileDetails(r, "worker.mjs")
+		if !assert.NoError(t, err) {
+			assert.FailNow(t, "worker file not found in multipart form body")
+		}
+		contentDispositonHeader := workerFileDetails.Header.Get("content-disposition")
+		expectedContentDisposition := fmt.Sprintf(`form-data; name="%s"; filename="%[1]s"`, "worker.mjs")
+		assert.Equal(t, expectedContentDisposition, contentDispositonHeader, "Expected content-disposition request header to be %s, got %s", expectedContentDisposition, contentDispositonHeader)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript)))
+	})
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerModuleScript,
+		Module:     true,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerPlainTextBinding{
+				Text: "plain text value",
+			},
+		},
+	})
+
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithSecretTextBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name": "b1",
+				"type": "secret_text",
+				"text": "secret text value",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerSecretTextBinding{
+				Text: "secret text value",
+			},
+		},
+	})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithServiceBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name":    "b1",
+				"type":    "service",
+				"service": "the_service",
+			},
+			"b2": {
+				"name":        "b2",
+				"type":        "service",
+				"service":     "the_service",
+				"environment": "the_environment",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerServiceBinding{
+				Service: "the_service",
+			},
+			"b2": WorkerServiceBinding{
+				Service:     "the_service",
+				Environment: StringPtr("the_environment"),
+			},
+		},
+	})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithLogpush(t *testing.T) {
+	setup()
+	defer teardown()
+
+	var (
+		formattedTime, _ = time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
+		logpush          = BoolPtr(true)
+	)
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expected := true
+		assert.Equal(t, &expected, mpUpload.Logpush)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerLogpush(logpush), withWorkerModifiedOn(formattedTime)))
+	})
+	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerScript, Logpush: logpush})
+	want := WorkerScriptResponse{
+		Response: successResponse,
+		Module:   false,
+		WorkerScript: WorkerScript{
+			Script:     expectedWorkersModuleWorkerScript,
+			UsageModel: "unbound",
+			WorkerMetaData: WorkerMetaData{
+				ID:               "e7a57d8746e74ae49c25994dadb421b1",
+				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
+				Size:             191,
+				ModifiedOn:       formattedTime,
+				Logpush:          logpush,
+				LastDeployedFrom: StringPtr("dash"),
+			},
+		}}
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, res)
+	}
+}
+
+func TestUploadWorker_WithCompatibilityFlags(t *testing.T) {
+	setup()
+	defer teardown()
+
+	compatibilityDate := time.Now().Format("2006-01-02")
+	compatibilityFlags := []string{"formdata_parser_supports_files"}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, compatibilityDate, mpUpload.CompatibilityDate)
+		assert.Equal(t, compatibilityFlags, mpUpload.CompatibilityFlags)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName:         "bar",
+		Script:             workerScript,
+		CompatibilityDate:  compatibilityDate,
+		CompatibilityFlags: compatibilityFlags,
+	})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithQueueBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name":       "b1",
+				"type":       "queue",
+				"queue_name": "test-queue",
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerQueueBinding{
+				Binding: "b1",
+				Queue:   "test-queue",
+			},
+		}})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithDispatchNamespaceBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		expectedBindings := map[string]workerBindingMeta{
+			"b1": {
+				"name":      "b1",
+				"type":      "dispatch_namespace",
+				"namespace": "n1",
+				"outbound": map[string]interface{}{
+					"worker": map[string]interface{}{
+						"service":     "w1",
+						"environment": "e1",
+					},
+					"params": []interface{}{
+						map[string]interface{}{"name": "param1"},
+					},
+				},
+			},
+		}
+		assert.Equal(t, workerScript, mpUpload.Script)
+		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	environmentName := "e1"
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": DispatchNamespaceBinding{
+				Binding:   "b1",
+				Namespace: "n1",
+				Outbound: &NamespaceOutboundOptions{
+					Worker: WorkerReference{
+						Service:     "w1",
+						Environment: &environmentName,
+					},
+					Params: []OutboundParamSchema{
+						{
+							Name: "param1",
+						},
+					},
+				},
+			},
+		}})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_WithSmartPlacementEnabled(t *testing.T) {
+	setup()
+	defer teardown()
+
+	placementMode := PlacementModeSmart
+	response := workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerPlacementMode(StringPtr("smart")))
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	t.Run("Test enabling Smart Placement", func(t *testing.T) {
+		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+			ScriptName: "bar",
+			Script:     workerScript,
+			Placement: &Placement{
+				Mode: placementMode,
+			},
+		})
+		assert.NoError(t, err)
+		assert.Equal(t, placementMode, *worker.PlacementMode)
+	})
+
+	t.Run("Test disabling placement", func(t *testing.T) {
+		placementMode = PlacementModeOff
+		response = workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript))
+
+		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+			ScriptName: "bar",
+			Script:     workerScript,
+			Placement: &Placement{
+				Mode: placementMode,
+			},
+		})
+		assert.NoError(t, err)
+		assert.Nil(t, worker.PlacementMode)
+	})
+}
+
+func TestUploadWorker_WithTailConsumers(t *testing.T) {
+	setup()
+	defer teardown()
+
+	response := workersScriptResponse(t,
+		withWorkerScript(expectedWorkersModuleWorkerScript))
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		assert.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, response)
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	t.Run("adds tail consumers", func(t *testing.T) {
+		tailConsumers := []WorkersTailConsumer{
+			{Service: "my-service-a"},
+			{Service: "my-service-b", Environment: StringPtr("production")},
+			{Service: "a-namespaced-service", Namespace: StringPtr("a-dispatch-namespace")},
+		}
+		response = workersScriptResponse(t,
+			withWorkerScript(expectedWorkersModuleWorkerScript),
+			withWorkerTailConsumers(tailConsumers...))
+
+		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+			ScriptName:    "bar",
+			Script:        workerScript,
+			TailConsumers: &tailConsumers,
+		})
+		assert.NoError(t, err)
+		require.NotNil(t, worker.TailConsumers)
+		assert.Len(t, *worker.TailConsumers, 3)
+	})
+}
+
+func TestUploadWorker_ToDispatchNamespace(t *testing.T) {
+	setup()
+	defer teardown()
+
+	namespaceName := "n1"
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		require.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc(
+		fmt.Sprintf("/accounts/"+testAccountID+"/workers/dispatch/namespaces/%s/scripts/bar", namespaceName),
+		handler,
+	)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName:            "bar",
+		Script:                workerScript,
+		DispatchNamespaceName: &namespaceName,
+		Bindings: map[string]WorkerBinding{
+			"b1": WorkerPlainTextBinding{
+				Text: "hello",
+			},
+		},
+	})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_ToDispatchNamespace_Tags(t *testing.T) {
+	setup()
+	defer teardown()
+
+	namespaceName := "n1"
+	tags := []string{"hello=there", "another-tag"}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		require.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+
+		assert.EqualValues(t, tags, mpUpload.Tags)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc(
+		fmt.Sprintf("/accounts/"+testAccountID+"/workers/dispatch/namespaces/%s/scripts/bar", namespaceName),
+		handler,
+	)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName:            "bar",
+		Script:                workerScript,
+		DispatchNamespaceName: &namespaceName,
+		Tags:                  tags,
+	})
+	assert.NoError(t, err)
+}
+
+func TestUploadWorker_UnsafeBinding(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		mpUpload, err := parseMultipartUpload(r)
+		require.NoError(t, err)
+
+		assert.Equal(t, workerScript, mpUpload.Script)
+
+		require.Contains(t, mpUpload.BindingMeta, "b1")
+		assert.Contains(t, mpUpload.BindingMeta["b1"], "name")
+		assert.Equal(t, "b1", mpUpload.BindingMeta["b1"]["name"])
+		assert.Contains(t, mpUpload.BindingMeta["b1"], "type")
+		assert.Equal(t, "dynamic_dispatch", mpUpload.BindingMeta["b1"]["type"])
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, workersScriptResponse(t))
+	}
+	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
+
+	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
+		ScriptName: "bar",
+		Script:     workerScript,
+		Bindings: map[string]WorkerBinding{
+			"b1": UnsafeBinding{
+				"type": "dynamic_dispatch",
+			},
+		},
+	})
+	assert.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/zaraz.go b/pkg/cloudflare-go/zaraz.go
new file mode 100644
index 0000000000..3ffc4f5ede
--- /dev/null
+++ b/pkg/cloudflare-go/zaraz.go
@@ -0,0 +1,430 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type ZarazConfig struct {
+	DebugKey      string                   `json:"debugKey"`
+	Tools         map[string]ZarazTool     `json:"tools"`
+	Triggers      map[string]ZarazTrigger  `json:"triggers"`
+	ZarazVersion  int64                    `json:"zarazVersion"`
+	Consent       ZarazConsent             `json:"consent,omitempty"`
+	DataLayer     *bool                    `json:"dataLayer,omitempty"`
+	Dlp           []any                    `json:"dlp,omitempty"`
+	HistoryChange *bool                    `json:"historyChange,omitempty"`
+	Settings      ZarazConfigSettings      `json:"settings,omitempty"`
+	Variables     map[string]ZarazVariable `json:"variables,omitempty"`
+}
+
+type ZarazWorker struct {
+	EscapedWorkerName string `json:"escapedWorkerName"`
+	WorkerTag         string `json:"workerTag"`
+	MutableId         string `json:"mutableId,omitempty"`
+}
+type ZarazConfigSettings struct {
+	AutoInjectScript    *bool       `json:"autoInjectScript"`
+	InjectIframes       *bool       `json:"injectIframes,omitempty"`
+	Ecommerce           *bool       `json:"ecommerce,omitempty"`
+	HideQueryParams     *bool       `json:"hideQueryParams,omitempty"`
+	HideIpAddress       *bool       `json:"hideIPAddress,omitempty"`
+	HideUserAgent       *bool       `json:"hideUserAgent,omitempty"`
+	HideExternalReferer *bool       `json:"hideExternalReferer,omitempty"`
+	CookieDomain        string      `json:"cookieDomain,omitempty"`
+	InitPath            string      `json:"initPath,omitempty"`
+	ScriptPath          string      `json:"scriptPath,omitempty"`
+	TrackPath           string      `json:"trackPath,omitempty"`
+	EventsApiPath       string      `json:"eventsApiPath,omitempty"`
+	McRootPath          string      `json:"mcRootPath,omitempty"`
+	ContextEnricher     ZarazWorker `json:"contextEnricher,omitempty"`
+}
+
+// Deprecated: To be removed pending migration of existing configs.
+type ZarazNeoEvent struct {
+	BlockingTriggers []string       `json:"blockingTriggers"`
+	FiringTriggers   []string       `json:"firingTriggers"`
+	Data             map[string]any `json:"data"`
+	ActionType       string         `json:"actionType,omitempty"`
+}
+
+type ZarazAction struct {
+	BlockingTriggers []string       `json:"blockingTriggers"`
+	FiringTriggers   []string       `json:"firingTriggers"`
+	Data             map[string]any `json:"data"`
+	ActionType       string         `json:"actionType,omitempty"`
+}
+
+type ZarazToolType string
+
+const (
+	ZarazToolLibrary   ZarazToolType = "library"
+	ZarazToolComponent ZarazToolType = "component"
+	ZarazToolCustomMc  ZarazToolType = "custom-mc"
+)
+
+type ZarazTool struct {
+	BlockingTriggers []string               `json:"blockingTriggers"`
+	Enabled          *bool                  `json:"enabled"`
+	DefaultFields    map[string]any         `json:"defaultFields"`
+	Name             string                 `json:"name"`
+	NeoEvents        []ZarazNeoEvent        `json:"neoEvents"`
+	Actions          map[string]ZarazAction `json:"actions"`
+	Type             ZarazToolType          `json:"type"`
+	DefaultPurpose   string                 `json:"defaultPurpose,omitempty"`
+	Library          string                 `json:"library,omitempty"`
+	Component        string                 `json:"component,omitempty"`
+	Permissions      []string               `json:"permissions"`
+	Settings         map[string]any         `json:"settings"`
+	Worker           ZarazWorker            `json:"worker,omitempty"`
+}
+
+type ZarazTriggerSystem string
+
+const ZarazPageload ZarazTriggerSystem = "pageload"
+
+type ZarazLoadRuleOp string
+
+type ZarazRuleType string
+
+const (
+	ZarazClickListener     ZarazRuleType = "clickListener"
+	ZarazTimer             ZarazRuleType = "timer"
+	ZarazFormSubmission    ZarazRuleType = "formSubmission"
+	ZarazVariableMatch     ZarazRuleType = "variableMatch"
+	ZarazScrollDepth       ZarazRuleType = "scrollDepth"
+	ZarazElementVisibility ZarazRuleType = "elementVisibility"
+	ZarazClientEval        ZarazRuleType = "clientEval"
+)
+
+type ZarazSelectorType string
+
+const (
+	ZarazXPath ZarazSelectorType = "xpath"
+	ZarazCSS   ZarazSelectorType = "css"
+)
+
+type ZarazRuleSettings struct {
+	Type        ZarazSelectorType `json:"type,omitempty"`
+	Selector    string            `json:"selector,omitempty"`
+	WaitForTags int               `json:"waitForTags,omitempty"`
+	Interval    int               `json:"interval,omitempty"`
+	Limit       int               `json:"limit,omitempty"`
+	Validate    *bool             `json:"validate,omitempty"`
+	Variable    string            `json:"variable,omitempty"`
+	Match       string            `json:"match,omitempty"`
+	Positions   string            `json:"positions,omitempty"`
+	Op          ZarazLoadRuleOp   `json:"op,omitempty"`
+	Value       string            `json:"value,omitempty"`
+}
+
+type ZarazTriggerRule struct {
+	Id       string            `json:"id"`
+	Match    string            `json:"match,omitempty"`
+	Op       ZarazLoadRuleOp   `json:"op,omitempty"`
+	Value    string            `json:"value,omitempty"`
+	Action   ZarazRuleType     `json:"action"`
+	Settings ZarazRuleSettings `json:"settings"`
+}
+
+type ZarazTrigger struct {
+	Name         string             `json:"name"`
+	Description  string             `json:"description,omitempty"`
+	LoadRules    []ZarazTriggerRule `json:"loadRules"`
+	ExcludeRules []ZarazTriggerRule `json:"excludeRules"`
+	ClientRules  []any              `json:"clientRules,omitempty"` // what is this?
+	System       ZarazTriggerSystem `json:"system,omitempty"`
+}
+
+type ZarazVariableType string
+
+const (
+	ZarazVarString ZarazVariableType = "string"
+	ZarazVarSecret ZarazVariableType = "secret"
+	ZarazVarWorker ZarazVariableType = "worker"
+)
+
+type ZarazVariable struct {
+	Name  string            `json:"name"`
+	Type  ZarazVariableType `json:"type"`
+	Value interface{}       `json:"value"`
+}
+
+type ZarazButtonTextTranslations struct {
+	AcceptAll        map[string]string `json:"accept_all"`
+	RejectAll        map[string]string `json:"reject_all"`
+	ConfirmMyChoices map[string]string `json:"confirm_my_choices"`
+}
+
+type ZarazPurpose struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+}
+
+type ZarazPurposeWithTranslations struct {
+	Name        map[string]string `json:"name"`
+	Description map[string]string `json:"description"`
+	Order       int               `json:"order"`
+}
+
+type ZarazConsent struct {
+	Enabled                               *bool                                   `json:"enabled"`
+	ButtonTextTranslations                ZarazButtonTextTranslations             `json:"buttonTextTranslations,omitempty"`
+	CompanyEmail                          string                                  `json:"companyEmail,omitempty"`
+	CompanyName                           string                                  `json:"companyName,omitempty"`
+	CompanyStreetAddress                  string                                  `json:"companyStreetAddress,omitempty"`
+	ConsentModalIntroHTML                 string                                  `json:"consentModalIntroHTML,omitempty"`
+	ConsentModalIntroHTMLWithTranslations map[string]string                       `json:"consentModalIntroHTMLWithTranslations,omitempty"`
+	CookieName                            string                                  `json:"cookieName,omitempty"`
+	CustomCSS                             string                                  `json:"customCSS,omitempty"`
+	CustomIntroDisclaimerDismissed        *bool                                   `json:"customIntroDisclaimerDismissed,omitempty"`
+	DefaultLanguage                       string                                  `json:"defaultLanguage,omitempty"`
+	HideModal                             *bool                                   `json:"hideModal,omitempty"`
+	Purposes                              map[string]ZarazPurpose                 `json:"purposes,omitempty"`
+	PurposesWithTranslations              map[string]ZarazPurposeWithTranslations `json:"purposesWithTranslations,omitempty"`
+}
+
+type ZarazConfigResponse struct {
+	Result ZarazConfig `json:"result"`
+	Response
+}
+
+type ZarazWorkflowResponse struct {
+	Result string `json:"result"`
+	Response
+}
+
+type ZarazPublishResponse struct {
+	Result string `json:"result"`
+	Response
+}
+
+type UpdateZarazConfigParams struct {
+	DebugKey      string                   `json:"debugKey"`
+	Tools         map[string]ZarazTool     `json:"tools"`
+	Triggers      map[string]ZarazTrigger  `json:"triggers"`
+	ZarazVersion  int64                    `json:"zarazVersion"`
+	Consent       ZarazConsent             `json:"consent,omitempty"`
+	DataLayer     *bool                    `json:"dataLayer,omitempty"`
+	Dlp           []any                    `json:"dlp,omitempty"`
+	HistoryChange *bool                    `json:"historyChange,omitempty"`
+	Settings      ZarazConfigSettings      `json:"settings,omitempty"`
+	Variables     map[string]ZarazVariable `json:"variables,omitempty"`
+}
+
+type UpdateZarazWorkflowParams struct {
+	Workflow string `json:"workflow"`
+}
+
+type PublishZarazConfigParams struct {
+	Description string `json:"description"`
+}
+
+type ZarazHistoryRecord struct {
+	ID          int64      `json:"id,omitempty"`
+	UserID      string     `json:"userId,omitempty"`
+	Description string     `json:"description,omitempty"`
+	CreatedAt   *time.Time `json:"createdAt,omitempty"`
+	UpdatedAt   *time.Time `json:"updatedAt,omitempty"`
+}
+
+type ZarazConfigHistoryListResponse struct {
+	Result []ZarazHistoryRecord `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+type ListZarazConfigHistoryParams struct {
+	ResultInfo
+}
+
+type GetZarazConfigsByIdResponse = map[string]interface{}
+
+// listZarazConfigHistoryDefaultPageSize represents the default per_page size of the API.
+var listZarazConfigHistoryDefaultPageSize int = 100
+
+func (api *API) GetZarazConfig(ctx context.Context, rc *ResourceContainer) (ZarazConfigResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazConfigResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/config", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZarazConfigResponse{}, err
+	}
+
+	var recordResp ZarazConfigResponse
+	err = json.Unmarshal(res, &recordResp)
+	if err != nil {
+		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return recordResp, nil
+}
+
+func (api *API) UpdateZarazConfig(ctx context.Context, rc *ResourceContainer, params UpdateZarazConfigParams) (ZarazConfigResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazConfigResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/config", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
+	if err != nil {
+		return ZarazConfigResponse{}, err
+	}
+
+	var updateResp ZarazConfigResponse
+	err = json.Unmarshal(res, &updateResp)
+	if err != nil {
+		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return updateResp, nil
+}
+
+func (api *API) GetZarazWorkflow(ctx context.Context, rc *ResourceContainer) (ZarazWorkflowResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazWorkflowResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/workflow", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZarazWorkflowResponse{}, err
+	}
+
+	var response ZarazWorkflowResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZarazWorkflowResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+func (api *API) UpdateZarazWorkflow(ctx context.Context, rc *ResourceContainer, params UpdateZarazWorkflowParams) (ZarazWorkflowResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazWorkflowResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/workflow", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Workflow)
+	if err != nil {
+		return ZarazWorkflowResponse{}, err
+	}
+
+	var response ZarazWorkflowResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZarazWorkflowResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+func (api *API) PublishZarazConfig(ctx context.Context, rc *ResourceContainer, params PublishZarazConfigParams) (ZarazPublishResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazPublishResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/publish", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Description)
+	if err != nil {
+		return ZarazPublishResponse{}, err
+	}
+
+	var response ZarazPublishResponse
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZarazPublishResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+func (api *API) ListZarazConfigHistory(ctx context.Context, rc *ResourceContainer, params ListZarazConfigHistoryParams) ([]ZarazHistoryRecord, *ResultInfo, error) {
+	if rc.Identifier == "" {
+		return nil, nil, ErrMissingZoneID
+	}
+
+	autoPaginate := true
+	if params.PerPage >= 1 || params.Page >= 1 {
+		autoPaginate = false
+	}
+
+	if params.PerPage < 1 {
+		params.PerPage = listZarazConfigHistoryDefaultPageSize
+	}
+
+	if params.Page < 1 {
+		params.Page = 1
+	}
+
+	var records []ZarazHistoryRecord
+	var lastResultInfo ResultInfo
+
+	for {
+		uri := buildURI(fmt.Sprintf("/zones/%s/settings/zaraz/v2/history", rc.Identifier), params)
+		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+		if err != nil {
+			return []ZarazHistoryRecord{}, &ResultInfo{}, err
+		}
+		var listResponse ZarazConfigHistoryListResponse
+		err = json.Unmarshal(res, &listResponse)
+		if err != nil {
+			return []ZarazHistoryRecord{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+		}
+		records = append(records, listResponse.Result...)
+		lastResultInfo = listResponse.ResultInfo
+		params.ResultInfo = listResponse.ResultInfo.Next()
+		if params.ResultInfo.Done() || !autoPaginate {
+			break
+		}
+	}
+	return records, &lastResultInfo, nil
+}
+
+func (api *API) GetDefaultZarazConfig(ctx context.Context, rc *ResourceContainer) (ZarazConfigResponse, error) {
+	if rc.Identifier == "" {
+		return ZarazConfigResponse{}, ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/default", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZarazConfigResponse{}, err
+	}
+
+	var recordResp ZarazConfigResponse
+	err = json.Unmarshal(res, &recordResp)
+	if err != nil {
+		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return recordResp, nil
+}
+
+func (api *API) ExportZarazConfig(ctx context.Context, rc *ResourceContainer) error {
+	if rc.Identifier == "" {
+		return ErrMissingZoneID
+	}
+
+	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/export", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	var recordResp ZarazConfig
+	err = json.Unmarshal(res, &recordResp)
+	if err != nil {
+		return fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/zaraz_test.go b/pkg/cloudflare-go/zaraz_test.go
new file mode 100644
index 0000000000..0087c9334a
--- /dev/null
+++ b/pkg/cloudflare-go/zaraz_test.go
@@ -0,0 +1,996 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var trueValue bool = true
+var falseValue bool = false
+
+var expectedConfig ZarazConfig = ZarazConfig{
+	DebugKey:      "cheese",
+	ZarazVersion:  44,
+	DataLayer:     &trueValue,
+	Dlp:           []any{},
+	HistoryChange: &trueValue,
+	Settings: ZarazConfigSettings{
+		AutoInjectScript: &trueValue,
+	},
+	Tools: map[string]ZarazTool{
+		"PBQr": {
+			BlockingTriggers: []string{},
+			Enabled:          &trueValue,
+			DefaultFields:    map[string]any{},
+			Name:             "Custom HTML",
+			Actions: map[string]ZarazAction{
+				"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+					ActionType:       "event",
+					BlockingTriggers: []string{},
+					Data: map[string]any{
+						"__zaraz_setting_name": "pageview1",
+						"htmlCode":             "<script>console.log('pageview')</script>",
+					},
+					FiringTriggers: []string{"Pageview"},
+				},
+			},
+			Type:           ZarazToolComponent,
+			DefaultPurpose: "rJJC",
+			Component:      "html",
+			Permissions:    []string{"execute_unsafe_scripts"},
+			Settings:       map[string]any{},
+		},
+	},
+	Triggers: map[string]ZarazTrigger{
+		"Pageview": {
+			Name:         "Pageview",
+			Description:  "All page loads",
+			LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
+			ExcludeRules: []ZarazTriggerRule{},
+			ClientRules:  []any{},
+			System:       ZarazPageload,
+		},
+		"TFOl": {
+			Name:         "test",
+			Description:  "",
+			LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
+			ExcludeRules: []ZarazTriggerRule{},
+		},
+	},
+	Variables: map[string]ZarazVariable{
+		"jwIx": {
+			Name:  "test",
+			Type:  ZarazVarString,
+			Value: "sss",
+		},
+		"pAuL": {
+			Name: "test-worker-var",
+			Type: ZarazVarWorker,
+			Value: map[string]interface{}{
+				"escapedWorkerName": "worker-var-example",
+				"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+				"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
+			},
+		},
+	},
+	Consent: ZarazConsent{
+		Enabled: &trueValue,
+		ButtonTextTranslations: ZarazButtonTextTranslations{
+			AcceptAll:        map[string]string{"en": "Accept ALL"},
+			ConfirmMyChoices: map[string]string{"en": "YES!"},
+			RejectAll:        map[string]string{"en": "Reject ALL"},
+		},
+		CompanyEmail:                          "email@example.com",
+		ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
+		CookieName:                            "zaraz-consent",
+		CustomCSS:                             ".test {\n    color: red;\n}",
+		CustomIntroDisclaimerDismissed:        &trueValue,
+		DefaultLanguage:                       "en",
+		HideModal:                             &falseValue,
+		PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
+			"rJJC": {
+				Description: map[string]string{"en": "Blah blah"},
+				Name:        map[string]string{"en": "Analytics"},
+				Order:       0,
+			},
+		},
+	},
+}
+
+func TestGetZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": {
+				"consent": {
+				  "buttonTextTranslations": {
+					"accept_all": {
+					  "en": "Accept ALL"
+					},
+					"confirm_my_choices": {
+					  "en": "YES!"
+					},
+					"reject_all": {
+					  "en": "Reject ALL"
+					}
+				  },
+				  "companyEmail": "email@example.com",
+				  "consentModalIntroHTMLWithTranslations": {
+					"en": "Lorem ipsum dolar set Amet?"
+				  },
+				  "cookieName": "zaraz-consent",
+				  "customCSS": ".test {\n    color: red;\n}",
+				  "customIntroDisclaimerDismissed": true,
+				  "defaultLanguage": "en",
+				  "enabled": true,
+				  "hideModal": false,
+				  "purposesWithTranslations": {
+					"rJJC": {
+					  "description": {
+						"en": "Blah blah"
+					  },
+					  "name": {
+						"en": "Analytics"
+					  },
+					  "order": 0
+					}
+				  }
+				},
+				"dataLayer": true,
+				"debugKey": "cheese",
+				"dlp": [],
+				"historyChange": true,
+				"invalidKey": "cheese",
+				"settings": {
+				  "autoInjectScript": true
+				},
+				"tools": {
+				  "PBQr": {
+					"blockingTriggers": [],
+					"component": "html",
+					"defaultFields": {},
+					"defaultPurpose": "rJJC",
+					"enabled": true,
+					"mode": {
+					  "cloud": false,
+					  "ignoreSPA": true,
+					  "light": false,
+					  "sample": false,
+					  "segment": {
+						"end": 100,
+						"start": 0
+					  },
+					  "trigger": "pageload"
+					},
+					"name": "Custom HTML",
+					"actions": {
+					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+							"actionType": "event",
+							"blockingTriggers": [],
+							"data": {
+								"__zaraz_setting_name": "pageview1",
+								"htmlCode": "<script>console.log('pageview')</script>"
+							},
+							"firingTriggers": [
+								"Pageview"
+							]
+					  }
+					},
+					"permissions": [
+					  "execute_unsafe_scripts"
+					],
+					"settings": {},
+					"type": "component"
+				  }
+				},
+				"triggers": {
+				  "Pageview": {
+					"clientRules": [],
+					"description": "All page loads",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"match": "{{ client.__zarazTrack }}",
+						"op": "EQUALS",
+						"value": "Pageview"
+					  }
+					],
+					"name": "Pageview",
+					"system": "pageload"
+				  },
+				  "TFOl": {
+					"description": "",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"id": "Kqsc",
+						"match": "test",
+						"op": "CONTAINS",
+						"value": "test"
+					  },
+					  {
+						"action": "clickListener",
+						"id": "EDnV",
+						"settings": {
+						  "selector": "test",
+						  "type": "css",
+						  "waitForTags": 0
+						}
+					  }
+					],
+					"name": "test"
+				  }
+				},
+				"variables": {
+				  "jwIx": {
+					"name": "test",
+					"type": "string",
+					"value": "sss"
+				  },
+				  "pAuL": {
+					"name": "test-worker-var",
+					"type": "worker",
+					"value": {
+					  "escapedWorkerName": "worker-var-example",
+					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
+					}
+				  }
+				},
+				"zarazVersion": 44
+			  }
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
+
+	actual, err := client.GetZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
+	require.NoError(t, err)
+
+	assert.Equal(t, expectedConfig, actual.Result)
+}
+
+func TestUpdateZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": {
+				"consent": {
+				  "buttonTextTranslations": {
+					"accept_all": {
+					  "en": "Accept ALL"
+					},
+					"confirm_my_choices": {
+					  "en": "YES!"
+					},
+					"reject_all": {
+					  "en": "Reject ALL"
+					}
+				  },
+				  "companyEmail": "email@example.com",
+				  "consentModalIntroHTMLWithTranslations": {
+					"en": "Lorem ipsum dolar set Amet?"
+				  },
+				  "cookieName": "zaraz-consent",
+				  "customCSS": ".test {\n    color: red;\n}",
+				  "customIntroDisclaimerDismissed": true,
+				  "defaultLanguage": "en",
+				  "enabled": true,
+				  "hideModal": false,
+				  "purposesWithTranslations": {
+					"rJJC": {
+					  "description": {
+						"en": "Blah blah"
+					  },
+					  "name": {
+						"en": "Analytics"
+					  },
+					  "order": 0
+					}
+				  }
+				},
+				"dataLayer": true,
+				"debugKey": "butter",
+				"dlp": [],
+				"historyChange": true,
+				"invalidKey": "cheese",
+				"settings": {
+				  "autoInjectScript": true
+				},
+				"tools": {
+				  "PBQr": {
+					"blockingTriggers": [],
+					"component": "html",
+					"defaultFields": {},
+					"defaultPurpose": "rJJC",
+					"enabled": true,
+					"mode": {
+					  "cloud": false,
+					  "ignoreSPA": true,
+					  "light": false,
+					  "sample": false,
+					  "segment": {
+						"end": 100,
+						"start": 0
+					  },
+					  "trigger": "pageload"
+					},
+					"name": "Custom HTML",
+					"actions": {
+					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+							"actionType": "event",
+							"blockingTriggers": [],
+							"data": {
+								"__zaraz_setting_name": "pageview1",
+								"htmlCode": "<script>console.log('pageview')</script>"
+							},
+							"firingTriggers": [
+								"Pageview"
+							]
+					  }
+					},
+					"permissions": [
+					  "execute_unsafe_scripts"
+					],
+					"settings": {},
+					"type": "component"
+				  }
+				},
+				"triggers": {
+				  "Pageview": {
+					"clientRules": [],
+					"description": "All page loads",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"match": "{{ client.__zarazTrack }}",
+						"op": "EQUALS",
+						"value": "Pageview"
+					  }
+					],
+					"name": "Pageview",
+					"system": "pageload"
+				  },
+				  "TFOl": {
+					"description": "",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"id": "Kqsc",
+						"match": "test",
+						"op": "CONTAINS",
+						"value": "test"
+					  },
+					  {
+						"action": "clickListener",
+						"id": "EDnV",
+						"settings": {
+						  "selector": "test",
+						  "type": "css",
+						  "waitForTags": 0
+						}
+					  }
+					],
+					"name": "test"
+				  }
+				},
+				"variables": {
+				  "jwIx": {
+					"name": "test",
+					"type": "string",
+					"value": "sss"
+				  },
+				  "pAuL": {
+					"name": "test-worker-var",
+					"type": "worker",
+					"value": {
+					  "escapedWorkerName": "worker-var-example",
+					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
+					}
+				  }
+				},
+				"zarazVersion": 44
+			  }
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
+	payload := UpdateZarazConfigParams{
+		DebugKey:      "cheese",
+		ZarazVersion:  44,
+		DataLayer:     &trueValue,
+		Dlp:           []any{},
+		HistoryChange: &trueValue,
+		Settings: ZarazConfigSettings{
+			AutoInjectScript: &trueValue,
+		},
+		Tools: map[string]ZarazTool{
+			"PBQr": {
+				BlockingTriggers: []string{},
+				Enabled:          &trueValue,
+				DefaultFields:    map[string]any{},
+				Name:             "Custom HTML",
+				Actions: map[string]ZarazAction{
+					"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+						ActionType:       "event",
+						BlockingTriggers: []string{},
+						Data: map[string]any{
+							"__zaraz_setting_name": "pageview1",
+							"htmlCode":             "<script>console.log('pageview')</script>",
+						},
+						FiringTriggers: []string{"Pageview"},
+					},
+				},
+				Type:           ZarazToolComponent,
+				DefaultPurpose: "rJJC",
+				Component:      "html",
+				Permissions:    []string{"execute_unsafe_scripts"},
+				Settings:       map[string]any{},
+			},
+		},
+		Triggers: map[string]ZarazTrigger{
+			"Pageview": {
+				Name:         "Pageview",
+				Description:  "All page loads",
+				LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
+				ExcludeRules: []ZarazTriggerRule{},
+				ClientRules:  []any{},
+				System:       ZarazPageload,
+			},
+			"TFOl": {
+				Name:         "test",
+				Description:  "",
+				LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
+				ExcludeRules: []ZarazTriggerRule{},
+			},
+		},
+		Variables: map[string]ZarazVariable{
+			"jwIx": {
+				Name:  "test",
+				Type:  ZarazVarString,
+				Value: "sss",
+			},
+			"pAuL": {
+				Name: "test-worker-var",
+				Type: ZarazVarWorker,
+				Value: map[string]interface{}{
+					"escapedWorkerName": "worker-var-example",
+					"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+					"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
+				},
+			},
+		},
+		Consent: ZarazConsent{
+			Enabled: &trueValue,
+			ButtonTextTranslations: ZarazButtonTextTranslations{
+				AcceptAll:        map[string]string{"en": "Accept ALL"},
+				ConfirmMyChoices: map[string]string{"en": "YES!"},
+				RejectAll:        map[string]string{"en": "Reject ALL"},
+			},
+			CompanyEmail:                          "email@example.com",
+			ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
+			CookieName:                            "zaraz-consent",
+			CustomCSS:                             ".test {\n    color: red;\n}",
+			CustomIntroDisclaimerDismissed:        &trueValue,
+			DefaultLanguage:                       "en",
+			HideModal:                             &falseValue,
+			PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
+				"rJJC": {
+					Description: map[string]string{"en": "Blah blah"},
+					Name:        map[string]string{"en": "Analytics"},
+					Order:       0,
+				},
+			},
+		},
+	}
+	payload.DebugKey = "butter" // Updating config
+	modifiedConfig := expectedConfig
+	modifiedConfig.DebugKey = "butter" // Updating config
+	expected := ZarazConfigResponse{
+		Result: modifiedConfig,
+	}
+
+	actual, err := client.UpdateZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
+	require.NoError(t, err)
+
+	assert.Equal(t, expected.Result, actual.Result)
+}
+
+func TestUpdateDeprecatedZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": {
+				"consent": {
+				  "buttonTextTranslations": {
+					"accept_all": {
+					  "en": "Accept ALL"
+					},
+					"confirm_my_choices": {
+					  "en": "YES!"
+					},
+					"reject_all": {
+					  "en": "Reject ALL"
+					}
+				  },
+				  "companyEmail": "email@example.com",
+				  "consentModalIntroHTMLWithTranslations": {
+					"en": "Lorem ipsum dolar set Amet?"
+				  },
+				  "cookieName": "zaraz-consent",
+				  "customCSS": ".test {\n    color: red;\n}",
+				  "customIntroDisclaimerDismissed": true,
+				  "defaultLanguage": "en",
+				  "enabled": true,
+				  "hideModal": false,
+				  "purposesWithTranslations": {
+					"rJJC": {
+					  "description": {
+						"en": "Blah blah"
+					  },
+					  "name": {
+						"en": "Analytics"
+					  },
+					  "order": 0
+					}
+				  }
+				},
+				"dataLayer": true,
+				"debugKey": "butter",
+				"dlp": [],
+				"historyChange": true,
+				"invalidKey": "cheese",
+				"settings": {
+				  "autoInjectScript": true
+				},
+				"tools": {
+				  "PBQr": {
+					"blockingTriggers": [],
+					"component": "html",
+					"defaultFields": {},
+					"defaultPurpose": "rJJC",
+					"enabled": true,
+					"mode": {
+					  "cloud": false,
+					  "ignoreSPA": true,
+					  "light": false,
+					  "sample": false,
+					  "segment": {
+						"end": 100,
+						"start": 0
+					  },
+					  "trigger": "pageload"
+					},
+					"name": "Custom HTML",
+					"actions": {
+					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+							"actionType": "event",
+							"blockingTriggers": [],
+							"data": {
+								"__zaraz_setting_name": "pageview1",
+								"htmlCode": "<script>console.log('pageview')</script>"
+							},
+							"firingTriggers": [
+								"Pageview"
+							]
+					  }
+					},
+					"permissions": [
+					  "execute_unsafe_scripts"
+					],
+					"settings": {},
+					"type": "component"
+				  }
+				},
+				"triggers": {
+				  "Pageview": {
+					"clientRules": [],
+					"description": "All page loads",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"match": "{{ client.__zarazTrack }}",
+						"op": "EQUALS",
+						"value": "Pageview"
+					  }
+					],
+					"name": "Pageview",
+					"system": "pageload"
+				  },
+				  "TFOl": {
+					"description": "",
+					"excludeRules": [],
+					"loadRules": [
+					  {
+						"id": "Kqsc",
+						"match": "test",
+						"op": "CONTAINS",
+						"value": "test"
+					  },
+					  {
+						"action": "clickListener",
+						"id": "EDnV",
+						"settings": {
+						  "selector": "test",
+						  "type": "css",
+						  "waitForTags": 0
+						}
+					  }
+					],
+					"name": "test"
+				  }
+				},
+				"variables": {
+				  "jwIx": {
+					"name": "test",
+					"type": "string",
+					"value": "sss"
+				  },
+				  "pAuL": {
+					"name": "test-worker-var",
+					"type": "worker",
+					"value": {
+					  "escapedWorkerName": "worker-var-example",
+					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
+					}
+				  }
+				},
+				"zarazVersion": 44
+			  }
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
+	payload := UpdateZarazConfigParams{
+		DebugKey:      "cheese",
+		ZarazVersion:  44,
+		DataLayer:     &trueValue,
+		Dlp:           []any{},
+		HistoryChange: &trueValue,
+		Settings: ZarazConfigSettings{
+			AutoInjectScript: &trueValue,
+		},
+		Tools: map[string]ZarazTool{
+			"PBQr": {
+				BlockingTriggers: []string{},
+				Enabled:          &trueValue,
+				DefaultFields:    map[string]any{},
+				Name:             "Custom HTML",
+				Actions: map[string]ZarazAction{
+					"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
+						ActionType:       "event",
+						BlockingTriggers: []string{},
+						Data: map[string]any{
+							"__zaraz_setting_name": "pageview1",
+							"htmlCode":             "<script>console.log('pageview')</script>",
+						},
+						FiringTriggers: []string{"Pageview"},
+					},
+				},
+				Type:           ZarazToolComponent,
+				DefaultPurpose: "rJJC",
+				Component:      "html",
+				Permissions:    []string{"execute_unsafe_scripts"},
+				Settings:       map[string]any{},
+			},
+		},
+		Triggers: map[string]ZarazTrigger{
+			"Pageview": {
+				Name:         "Pageview",
+				Description:  "All page loads",
+				LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
+				ExcludeRules: []ZarazTriggerRule{},
+				ClientRules:  []any{},
+				System:       ZarazPageload,
+			},
+			"TFOl": {
+				Name:         "test",
+				Description:  "",
+				LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
+				ExcludeRules: []ZarazTriggerRule{},
+			},
+		},
+		Variables: map[string]ZarazVariable{
+			"jwIx": {
+				Name:  "test",
+				Type:  ZarazVarString,
+				Value: "sss",
+			},
+			"pAuL": {
+				Name: "test-worker-var",
+				Type: ZarazVarWorker,
+				Value: map[string]interface{}{
+					"escapedWorkerName": "worker-var-example",
+					"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
+					"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
+				},
+			},
+		},
+		Consent: ZarazConsent{
+			Enabled: &trueValue,
+			ButtonTextTranslations: ZarazButtonTextTranslations{
+				AcceptAll:        map[string]string{"en": "Accept ALL"},
+				ConfirmMyChoices: map[string]string{"en": "YES!"},
+				RejectAll:        map[string]string{"en": "Reject ALL"},
+			},
+			CompanyEmail:                          "email@example.com",
+			ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
+			CookieName:                            "zaraz-consent",
+			CustomCSS:                             ".test {\n    color: red;\n}",
+			CustomIntroDisclaimerDismissed:        &trueValue,
+			DefaultLanguage:                       "en",
+			HideModal:                             &falseValue,
+			PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
+				"rJJC": {
+					Description: map[string]string{"en": "Blah blah"},
+					Name:        map[string]string{"en": "Analytics"},
+					Order:       0,
+				},
+			},
+		},
+	}
+	payload.DebugKey = "butter" // Updating config
+	modifiedConfig := expectedConfig
+	modifiedConfig.DebugKey = "butter" // Updating config
+	expected := ZarazConfigResponse{
+		Result: modifiedConfig,
+	}
+
+	actual, err := client.UpdateZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
+	require.NoError(t, err)
+
+	assert.Equal(t, expected.Result, actual.Result)
+}
+
+func TestGetZarazWorkflow(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": "realtime"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/workflow", handler)
+	want := ZarazWorkflowResponse{
+		Result: "realtime",
+		Response: Response{
+			Success:  true,
+			Messages: []ResponseInfo{},
+			Errors:   []ResponseInfo{},
+		},
+	}
+
+	actual, err := client.GetZarazWorkflow(context.Background(), ZoneIdentifier(testZoneID))
+
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestUpdateZarazWorkflow(t *testing.T) {
+	setup()
+	defer teardown()
+
+	payload := UpdateZarazWorkflowParams{
+		Workflow: "realtime",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		body, _ := io.ReadAll(r.Body)
+		bodyString := string(body)
+		assert.Equal(t, fmt.Sprintf("\"%s\"", payload.Workflow), bodyString)
+
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": "realtime"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/workflow", handler)
+	want := ZarazWorkflowResponse{
+		Result: "realtime",
+		Response: Response{
+			Success:  true,
+			Messages: []ResponseInfo{},
+			Errors:   []ResponseInfo{},
+		},
+	}
+
+	actual, err := client.UpdateZarazWorkflow(context.Background(), ZoneIdentifier(testZoneID), payload)
+
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestPublishZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	payload := PublishZarazConfigParams{
+		Description: "test description",
+	}
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		body, _ := io.ReadAll(r.Body)
+		bodyString := string(body)
+		assert.Equal(t, fmt.Sprintf("\"%s\"", payload.Description), bodyString)
+
+		w.Header().Set("Content-Type", "application/json")
+		fmt.Fprint(w, `{
+			"errors": [],
+			"messages": [],
+			"success": true,
+			"result": "Config has been published successfully"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/publish", handler)
+	want := ZarazPublishResponse{
+		Result: "Config has been published successfully",
+		Response: Response{
+			Success:  true,
+			Messages: []ResponseInfo{},
+			Errors:   []ResponseInfo{},
+		},
+	}
+
+	actual, err := client.PublishZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
+
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestGetZarazConfigHistoryList(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprint(w, `{
+			"result": [
+			  {
+				"createdAt": "2023-01-01T05:20:00Z",
+				"description": "test 1",
+				"id": 1005736,
+				"updatedAt": "2023-01-01T05:20:00Z",
+				"userId": "9ceddf6f117afe04c64716c83468d3a4"
+			  },
+			  {
+				"createdAt": "2023-01-01T05:20:00Z",
+				"description": "test 2",
+				"id": 1005735,
+				"updatedAt": "2023-01-01T05:20:00Z",
+				"userId": "9ceddf6f117afe04c64716c83468d3a4"
+			  }
+			],
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result_info": {
+			  "page": 1,
+			  "per_page": 2,
+			  "count": 2,
+			  "total_count": 8
+			}
+		  }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/history", handler)
+	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00Z")
+	updatedAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00Z")
+	want := []ZarazHistoryRecord{
+		{
+			CreatedAt:   &createdAt,
+			Description: "test 1",
+			ID:          1005736,
+			UpdatedAt:   &updatedAt,
+			UserID:      "9ceddf6f117afe04c64716c83468d3a4",
+		},
+		{
+			CreatedAt:   &createdAt,
+			Description: "test 2",
+			ID:          1005735,
+			UpdatedAt:   &updatedAt,
+			UserID:      "9ceddf6f117afe04c64716c83468d3a4",
+		},
+	}
+
+	actual, _, err := client.ListZarazConfigHistory(context.Background(), ZoneIdentifier(testZoneID), ListZarazConfigHistoryParams{
+		ResultInfo: ResultInfo{
+			PerPage: 2,
+		},
+	})
+
+	require.NoError(t, err)
+
+	assert.Equal(t, want, actual)
+}
+
+func TestGetDefaultZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "text/plain")
+		fmt.Fprint(w, `{
+			"someTestKeyThatRepsTheConfig": "test"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/default", handler)
+
+	_, err := client.GetDefaultZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
+	require.NoError(t, err)
+}
+
+func TestExportZarazConfig(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "text/plain")
+		fmt.Fprint(w, `{
+			"someTestKeyThatRepsTheConfig": "test"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/export", handler)
+
+	err := client.ExportZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
+	require.NoError(t, err)
+}
diff --git a/pkg/cloudflare-go/zone.go b/pkg/cloudflare-go/zone.go
new file mode 100644
index 0000000000..de92880a15
--- /dev/null
+++ b/pkg/cloudflare-go/zone.go
@@ -0,0 +1,1077 @@
+package cloudflare
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"sync"
+	"time"
+
+	"github.com/goccy/go-json"
+
+	"golang.org/x/net/idna"
+)
+
+var (
+	// ErrMissingSettingName is for when setting name is required but missing.
+	ErrMissingSettingName = errors.New("zone setting name required but missing")
+)
+
+// Owner describes the resource owner.
+type Owner struct {
+	ID        string `json:"id"`
+	Email     string `json:"email"`
+	Name      string `json:"name"`
+	OwnerType string `json:"type"`
+}
+
+// Zone describes a Cloudflare zone.
+type Zone struct {
+	ID   string `json:"id"`
+	Name string `json:"name"`
+	// DevMode contains the time in seconds until development expires (if
+	// positive) or since it expired (if negative). It will be 0 if never used.
+	DevMode           int       `json:"development_mode"`
+	OriginalNS        []string  `json:"original_name_servers"`
+	OriginalRegistrar string    `json:"original_registrar"`
+	OriginalDNSHost   string    `json:"original_dnshost"`
+	CreatedOn         time.Time `json:"created_on"`
+	ModifiedOn        time.Time `json:"modified_on"`
+	NameServers       []string  `json:"name_servers"`
+	Owner             Owner     `json:"owner"`
+	Permissions       []string  `json:"permissions"`
+	Plan              ZonePlan  `json:"plan"`
+	PlanPending       ZonePlan  `json:"plan_pending,omitempty"`
+	Status            string    `json:"status"`
+	Paused            bool      `json:"paused"`
+	Type              string    `json:"type"`
+	Host              struct {
+		Name    string
+		Website string
+	} `json:"host"`
+	VanityNS        []string `json:"vanity_name_servers"`
+	Betas           []string `json:"betas"`
+	DeactReason     string   `json:"deactivation_reason"`
+	Meta            ZoneMeta `json:"meta"`
+	Account         Account  `json:"account"`
+	VerificationKey string   `json:"verification_key"`
+}
+
+// ZoneMeta describes metadata about a zone.
+type ZoneMeta struct {
+	// custom_certificate_quota is broken - sometimes it's a string, sometimes a number!
+	// CustCertQuota     int    `json:"custom_certificate_quota"`
+	PageRuleQuota     int  `json:"page_rule_quota"`
+	WildcardProxiable bool `json:"wildcard_proxiable"`
+	PhishingDetected  bool `json:"phishing_detected"`
+}
+
+// ZonePlan contains the plan information for a zone.
+type ZonePlan struct {
+	ZonePlanCommon
+	LegacyID          string `json:"legacy_id"`
+	IsSubscribed      bool   `json:"is_subscribed"`
+	CanSubscribe      bool   `json:"can_subscribe"`
+	LegacyDiscount    bool   `json:"legacy_discount"`
+	ExternallyManaged bool   `json:"externally_managed"`
+}
+
+// ZoneRatePlan contains the plan information for a zone.
+type ZoneRatePlan struct {
+	ZonePlanCommon
+	Components []zoneRatePlanComponents `json:"components,omitempty"`
+}
+
+// ZonePlanCommon contains fields used by various Plan endpoints.
+type ZonePlanCommon struct {
+	ID        string `json:"id"`
+	Name      string `json:"name,omitempty"`
+	Price     int    `json:"price,omitempty"`
+	Currency  string `json:"currency,omitempty"`
+	Frequency string `json:"frequency,omitempty"`
+}
+
+type zoneRatePlanComponents struct {
+	Name      string `json:"name"`
+	Default   int    `json:"Default"`
+	UnitPrice int    `json:"unit_price"`
+}
+
+// ZoneID contains only the zone ID.
+type ZoneID struct {
+	ID string `json:"id"`
+}
+
+// ZoneResponse represents the response from the Zone endpoint containing a single zone.
+type ZoneResponse struct {
+	Response
+	Result Zone `json:"result"`
+}
+
+// ZonesResponse represents the response from the Zone endpoint containing an array of zones.
+type ZonesResponse struct {
+	Response
+	Result     []Zone `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// ZoneIDResponse represents the response from the Zone endpoint, containing only a zone ID.
+type ZoneIDResponse struct {
+	Response
+	Result ZoneID `json:"result"`
+}
+
+// AvailableZoneRatePlansResponse represents the response from the Available Rate Plans endpoint.
+type AvailableZoneRatePlansResponse struct {
+	Response
+	Result     []ZoneRatePlan `json:"result"`
+	ResultInfo `json:"result_info"`
+}
+
+// AvailableZonePlansResponse represents the response from the Available Plans endpoint.
+type AvailableZonePlansResponse struct {
+	Response
+	Result []ZonePlan `json:"result"`
+	ResultInfo
+}
+
+// ZoneRatePlanResponse represents the response from the Plan Details endpoint.
+type ZoneRatePlanResponse struct {
+	Response
+	Result ZoneRatePlan `json:"result"`
+}
+
+// ZoneSetting contains settings for a zone.
+type ZoneSetting struct {
+	ID            string      `json:"id"`
+	Editable      bool        `json:"editable"`
+	ModifiedOn    string      `json:"modified_on,omitempty"`
+	Value         interface{} `json:"value"`
+	TimeRemaining int         `json:"time_remaining"`
+}
+
+// ZoneSettingResponse represents the response from the Zone Setting endpoint.
+type ZoneSettingResponse struct {
+	Response
+	Result []ZoneSetting `json:"result"`
+}
+
+// ZoneSettingSingleResponse represents the response from the Zone Setting endpoint for the specified setting.
+type ZoneSettingSingleResponse struct {
+	Response
+	Result ZoneSetting `json:"result"`
+}
+
+// ZoneSSLSetting contains ssl setting for a zone.
+type ZoneSSLSetting struct {
+	ID                string `json:"id"`
+	Editable          bool   `json:"editable"`
+	ModifiedOn        string `json:"modified_on"`
+	Value             string `json:"value"`
+	CertificateStatus string `json:"certificate_status"`
+}
+
+// ZoneSSLSettingResponse represents the response from the Zone SSL Setting
+// endpoint.
+type ZoneSSLSettingResponse struct {
+	Response
+	Result ZoneSSLSetting `json:"result"`
+}
+
+// ZoneAnalyticsData contains totals and timeseries analytics data for a zone.
+type ZoneAnalyticsData struct {
+	Totals     ZoneAnalytics   `json:"totals"`
+	Timeseries []ZoneAnalytics `json:"timeseries"`
+}
+
+// zoneAnalyticsDataResponse represents the response from the Zone Analytics Dashboard endpoint.
+type zoneAnalyticsDataResponse struct {
+	Response
+	Result ZoneAnalyticsData `json:"result"`
+}
+
+// ZoneAnalyticsColocation contains analytics data by datacenter.
+type ZoneAnalyticsColocation struct {
+	ColocationID string          `json:"colo_id"`
+	Timeseries   []ZoneAnalytics `json:"timeseries"`
+}
+
+// zoneAnalyticsColocationResponse represents the response from the Zone Analytics By Co-location endpoint.
+type zoneAnalyticsColocationResponse struct {
+	Response
+	Result []ZoneAnalyticsColocation `json:"result"`
+}
+
+// ZoneAnalytics contains analytics data for a zone.
+type ZoneAnalytics struct {
+	Since    time.Time `json:"since"`
+	Until    time.Time `json:"until"`
+	Requests struct {
+		All         int            `json:"all"`
+		Cached      int            `json:"cached"`
+		Uncached    int            `json:"uncached"`
+		ContentType map[string]int `json:"content_type"`
+		Country     map[string]int `json:"country"`
+		SSL         struct {
+			Encrypted   int `json:"encrypted"`
+			Unencrypted int `json:"unencrypted"`
+		} `json:"ssl"`
+		HTTPStatus map[string]int `json:"http_status"`
+	} `json:"requests"`
+	Bandwidth struct {
+		All         int            `json:"all"`
+		Cached      int            `json:"cached"`
+		Uncached    int            `json:"uncached"`
+		ContentType map[string]int `json:"content_type"`
+		Country     map[string]int `json:"country"`
+		SSL         struct {
+			Encrypted   int `json:"encrypted"`
+			Unencrypted int `json:"unencrypted"`
+		} `json:"ssl"`
+	} `json:"bandwidth"`
+	Threats struct {
+		All     int            `json:"all"`
+		Country map[string]int `json:"country"`
+		Type    map[string]int `json:"type"`
+	} `json:"threats"`
+	Pageviews struct {
+		All           int            `json:"all"`
+		SearchEngines map[string]int `json:"search_engines"`
+	} `json:"pageviews"`
+	Uniques struct {
+		All int `json:"all"`
+	}
+}
+
+// ZoneAnalyticsOptions represents the optional parameters in Zone Analytics
+// endpoint requests.
+type ZoneAnalyticsOptions struct {
+	Since      *time.Time
+	Until      *time.Time
+	Continuous *bool
+}
+
+// PurgeCacheRequest represents the request format made to the purge endpoint.
+type PurgeCacheRequest struct {
+	Everything bool `json:"purge_everything,omitempty"`
+	// Purge by filepath (exact match). Limit of 30
+	Files []string `json:"files,omitempty"`
+	// Purge by Tag (Enterprise only):
+	// https://support.cloudflare.com/hc/en-us/articles/206596608-How-to-Purge-Cache-Using-Cache-Tags-Enterprise-only-
+	Tags []string `json:"tags,omitempty"`
+	// Purge by hostname - e.g. "assets.example.com"
+	Hosts []string `json:"hosts,omitempty"`
+	// Purge by prefix - e.g. "example.com/css"
+	Prefixes []string `json:"prefixes,omitempty"`
+}
+
+// PurgeCacheResponse represents the response from the purge endpoint.
+type PurgeCacheResponse struct {
+	Response
+	Result struct {
+		ID string `json:"id"`
+	} `json:"result"`
+}
+
+// newZone describes a new zone.
+type newZone struct {
+	Name      string `json:"name"`
+	JumpStart bool   `json:"jump_start"`
+	Type      string `json:"type"`
+	// We use a pointer to get a nil type when the field is empty.
+	// This allows us to completely omit this with json.Marshal().
+	Account *Account `json:"organization,omitempty"`
+}
+
+// FallbackOrigin describes a fallback origin.
+type FallbackOrigin struct {
+	Value string `json:"value"`
+	ID    string `json:"id,omitempty"`
+}
+
+// FallbackOriginResponse represents the response from the fallback_origin endpoint.
+type FallbackOriginResponse struct {
+	Response
+	Result FallbackOrigin `json:"result"`
+}
+
+// zoneSubscriptionRatePlanPayload is used to build the JSON payload for
+// setting a particular rate plan on an existing zone.
+type zoneSubscriptionRatePlanPayload struct {
+	RatePlan struct {
+		ID string `json:"id"`
+	} `json:"rate_plan"`
+}
+
+type GetZoneSettingParams struct {
+	Name       string `json:"-"`
+	PathPrefix string `json:"-"`
+}
+
+type UpdateZoneSettingParams struct {
+	Name       string      `json:"-"`
+	PathPrefix string      `json:"-"`
+	Value      interface{} `json:"value"`
+}
+
+// CreateZone creates a zone on an account.
+//
+// Setting jumpstart to true will attempt to automatically scan for existing
+// DNS records. Setting this to false will create the zone with no DNS records.
+//
+// If account is non-empty, it must have at least the ID field populated.
+// This will add the new zone to the specified multi-user account.
+//
+// API reference: https://api.cloudflare.com/#zone-create-a-zone
+func (api *API) CreateZone(ctx context.Context, name string, jumpstart bool, account Account, zoneType string) (Zone, error) {
+	var newzone newZone
+	newzone.Name = name
+	newzone.JumpStart = jumpstart
+	if account.ID != "" {
+		newzone.Account = &account
+	}
+
+	if zoneType == "partial" {
+		newzone.Type = "partial"
+	} else {
+		newzone.Type = "full"
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodPost, "/zones", newzone)
+	if err != nil {
+		return Zone{}, err
+	}
+
+	var r ZoneResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ZoneActivationCheck initiates another zone activation check for newly-created zones.
+//
+// API reference: https://api.cloudflare.com/#zone-initiate-another-zone-activation-check
+func (api *API) ZoneActivationCheck(ctx context.Context, zoneID string) (Response, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPut, "/zones/"+zoneID+"/activation_check", nil)
+	if err != nil {
+		return Response{}, err
+	}
+	var r Response
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Response{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// ListZones lists zones on an account. Optionally takes a list of zone names
+// to filter against.
+//
+// API reference: https://api.cloudflare.com/#zone-list-zones
+func (api *API) ListZones(ctx context.Context, z ...string) ([]Zone, error) {
+	var zones []Zone
+	if len(z) > 0 {
+		var (
+			v = url.Values{}
+			r ZonesResponse
+		)
+		for _, zone := range z {
+			v.Set("name", normalizeZoneName(zone))
+			res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones?"+v.Encode(), nil)
+			if err != nil {
+				return []Zone{}, err
+			}
+			err = json.Unmarshal(res, &r)
+			if err != nil {
+				return []Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+			}
+			if !r.Success {
+				// TODO: Provide an actual error message instead of always returning nil
+				return []Zone{}, err
+			}
+			zones = append(zones, r.Result...)
+		}
+	} else {
+		res, err := api.ListZonesContext(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		zones = res.Result
+	}
+
+	return zones, nil
+}
+
+const listZonesPerPage = 50
+
+// listZonesFetch fetches one page of zones.
+// This is placed as a separate function to prevent any possibility of unintended capturing.
+func (api *API) listZonesFetch(ctx context.Context, wg *sync.WaitGroup, errc chan error,
+	path string, pageSize int, buf []Zone) {
+	defer wg.Done()
+
+	// recordError sends the error to errc in a non-blocking manner
+	recordError := func(err error) {
+		select {
+		case errc <- err:
+		default:
+		}
+	}
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
+	if err != nil {
+		recordError(err)
+		return
+	}
+
+	var r ZonesResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		recordError(err)
+		return
+	}
+
+	if len(r.Result) != pageSize {
+		recordError(errors.New(errResultInfo))
+		return
+	}
+
+	copy(buf, r.Result)
+}
+
+// ListZonesContext lists all zones on an account automatically handling the
+// pagination. Optionally takes a list of ReqOptions.
+func (api *API) ListZonesContext(ctx context.Context, opts ...ReqOption) (r ZonesResponse, err error) {
+	opt := reqOption{
+		params: url.Values{},
+	}
+	for _, of := range opts {
+		of(&opt)
+	}
+
+	if opt.params.Get("page") != "" || opt.params.Get("per_page") != "" {
+		return ZonesResponse{}, errors.New(errManualPagination)
+	}
+
+	opt.params.Add("per_page", strconv.Itoa(listZonesPerPage))
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones?"+opt.params.Encode(), nil)
+	if err != nil {
+		return ZonesResponse{}, err
+	}
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZonesResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	// avoid overhead in most common cases where the total #zones <= 50
+	if r.TotalPages < 2 {
+		return r, nil
+	}
+
+	// parameters of pagination
+	var (
+		totalPageCount = r.TotalPages
+		totalCount     = r.Total
+
+		// zones is a large slice to prevent resizing during concurrent writes.
+		zones = make([]Zone, totalCount)
+	)
+
+	// Copy the first page into zones.
+	copy(zones, r.Result)
+
+	var wg sync.WaitGroup
+	wg.Add(totalPageCount - 1)  // all pages except the first one.
+	errc := make(chan error, 1) // getting the first error
+
+	// Creating all the workers.
+	for pageNum := 2; pageNum <= totalPageCount; pageNum++ {
+		// Note: URL.Values is just a map[string], so this would override the existing 'page'
+		opt.params.Set("page", strconv.Itoa(pageNum))
+
+		// start is the first index in the zone buffer
+		start := listZonesPerPage * (pageNum - 1)
+
+		pageSize := listZonesPerPage
+		if pageNum == totalPageCount {
+			// The size of the last page (which would be <= 50).
+			pageSize = totalCount - start
+		}
+
+		go api.listZonesFetch(ctx, &wg, errc, "/zones?"+opt.params.Encode(), pageSize, zones[start:])
+	}
+
+	wg.Wait()
+
+	select {
+	case err := <-errc: // if there were any errors
+		return ZonesResponse{}, err
+	default: // if there were no errors, the receive statement should block
+		r.Result = zones
+		return r, nil
+	}
+}
+
+// ZoneDetails fetches information about a zone.
+//
+// API reference: https://api.cloudflare.com/#zone-zone-details
+func (api *API) ZoneDetails(ctx context.Context, zoneID string) (Zone, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID, nil)
+	if err != nil {
+		return Zone{}, err
+	}
+	var r ZoneResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ZoneOptions is a subset of Zone, for editable options.
+type ZoneOptions struct {
+	Paused   *bool     `json:"paused,omitempty"`
+	VanityNS []string  `json:"vanity_name_servers,omitempty"`
+	Plan     *ZonePlan `json:"plan,omitempty"`
+	Type     string    `json:"type,omitempty"`
+}
+
+// ZoneSetPaused pauses Cloudflare service for the entire zone, sending all
+// traffic direct to the origin.
+func (api *API) ZoneSetPaused(ctx context.Context, zoneID string, paused bool) (Zone, error) {
+	zoneopts := ZoneOptions{Paused: &paused}
+	zone, err := api.EditZone(ctx, zoneID, zoneopts)
+	if err != nil {
+		return Zone{}, err
+	}
+
+	return zone, nil
+}
+
+// ZoneSetType toggles the type for an existing zone.
+//
+// Valid values for `type` are "full" and "partial"
+//
+// API reference: https://api.cloudflare.com/#zone-edit-zone
+func (api *API) ZoneSetType(ctx context.Context, zoneID string, zoneType string) (Zone, error) {
+	zoneopts := ZoneOptions{Type: zoneType}
+	zone, err := api.EditZone(ctx, zoneID, zoneopts)
+	if err != nil {
+		return Zone{}, err
+	}
+
+	return zone, nil
+}
+
+// ZoneSetVanityNS sets custom nameservers for the zone.
+// These names must be within the same zone.
+func (api *API) ZoneSetVanityNS(ctx context.Context, zoneID string, ns []string) (Zone, error) {
+	zoneopts := ZoneOptions{VanityNS: ns}
+	zone, err := api.EditZone(ctx, zoneID, zoneopts)
+	if err != nil {
+		return Zone{}, err
+	}
+
+	return zone, nil
+}
+
+// ZoneSetPlan sets the rate plan of an existing zone.
+//
+// Valid values for `planType` are "CF_FREE", "CF_PRO", "CF_BIZ" and
+// "CF_ENT".
+//
+// API reference: https://api.cloudflare.com/#zone-subscription-create-zone-subscription
+func (api *API) ZoneSetPlan(ctx context.Context, zoneID string, planType string) error {
+	zonePayload := zoneSubscriptionRatePlanPayload{}
+	zonePayload.RatePlan.ID = planType
+
+	uri := fmt.Sprintf("/zones/%s/subscription", zoneID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, zonePayload)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ZoneUpdatePlan updates the rate plan of an existing zone.
+//
+// Valid values for `planType` are "CF_FREE", "CF_PRO", "CF_BIZ" and
+// "CF_ENT".
+//
+// API reference: https://api.cloudflare.com/#zone-subscription-update-zone-subscription
+func (api *API) ZoneUpdatePlan(ctx context.Context, zoneID string, planType string) error {
+	zonePayload := zoneSubscriptionRatePlanPayload{}
+	zonePayload.RatePlan.ID = planType
+
+	uri := fmt.Sprintf("/zones/%s/subscription", zoneID)
+
+	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, zonePayload)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// EditZone edits the given zone.
+//
+// This is usually called by ZoneSetPaused, ZoneSetType, or ZoneSetVanityNS.
+//
+// API reference: https://api.cloudflare.com/#zone-edit-zone-properties
+func (api *API) EditZone(ctx context.Context, zoneID string, zoneOpts ZoneOptions) (Zone, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/zones/"+zoneID, zoneOpts)
+	if err != nil {
+		return Zone{}, err
+	}
+	var r ZoneResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// PurgeEverything purges the cache for the given zone.
+//
+// Note: this will substantially increase load on the origin server for that
+// zone if there is a high cached vs. uncached request ratio.
+//
+// API reference: https://api.cloudflare.com/#zone-purge-all-files
+func (api *API) PurgeEverything(ctx context.Context, zoneID string) (PurgeCacheResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/purge_cache", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, PurgeCacheRequest{true, nil, nil, nil, nil})
+	if err != nil {
+		return PurgeCacheResponse{}, err
+	}
+	var r PurgeCacheResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PurgeCacheResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// PurgeCache purges the cache using the given PurgeCacheRequest (zone/url/tag).
+//
+// API reference: https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags
+func (api *API) PurgeCache(ctx context.Context, zoneID string, pcr PurgeCacheRequest) (PurgeCacheResponse, error) {
+	return api.PurgeCacheContext(ctx, zoneID, pcr)
+}
+
+// PurgeCacheContext purges the cache using the given PurgeCacheRequest (zone/url/tag).
+//
+// API reference: https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags
+func (api *API) PurgeCacheContext(ctx context.Context, zoneID string, pcr PurgeCacheRequest) (PurgeCacheResponse, error) {
+	// manually build the payload to ensure we don't escape HTML entities to
+	// match their keys for purging.
+	payload, err := json.MarshalWithOption(pcr, json.DisableHTMLEscape())
+	if err != nil {
+		return PurgeCacheResponse{}, err
+	}
+
+	uri := fmt.Sprintf("/zones/%s/purge_cache", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, payload)
+	if err != nil {
+		return PurgeCacheResponse{}, err
+	}
+	var r PurgeCacheResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return PurgeCacheResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r, nil
+}
+
+// DeleteZone deletes the given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-delete-a-zone
+func (api *API) DeleteZone(ctx context.Context, zoneID string) (ZoneID, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, "/zones/"+zoneID, nil)
+	if err != nil {
+		return ZoneID{}, err
+	}
+	var r ZoneIDResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneID{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// AvailableZoneRatePlans returns information about all plans available to the specified zone.
+//
+// API reference: https://api.cloudflare.com/#zone-plan-available-plans
+func (api *API) AvailableZoneRatePlans(ctx context.Context, zoneID string) ([]ZoneRatePlan, error) {
+	uri := fmt.Sprintf("/zones/%s/available_rate_plans", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []ZoneRatePlan{}, err
+	}
+	var r AvailableZoneRatePlansResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []ZoneRatePlan{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// AvailableZonePlans returns information about all plans available to the specified zone.
+//
+// API reference: https://api.cloudflare.com/#zone-rate-plan-list-available-plans
+func (api *API) AvailableZonePlans(ctx context.Context, zoneID string) ([]ZonePlan, error) {
+	uri := fmt.Sprintf("/zones/%s/available_plans", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return []ZonePlan{}, err
+	}
+	var r AvailableZonePlansResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return []ZonePlan{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// encode encodes non-nil fields into URL encoded form.
+func (o ZoneAnalyticsOptions) encode() string {
+	v := url.Values{}
+	if o.Since != nil {
+		v.Set("since", o.Since.Format(time.RFC3339))
+	}
+	if o.Until != nil {
+		v.Set("until", o.Until.Format(time.RFC3339))
+	}
+	if o.Continuous != nil {
+		v.Set("continuous", fmt.Sprintf("%t", *o.Continuous))
+	}
+	return v.Encode()
+}
+
+// ZoneAnalyticsDashboard returns zone analytics information.
+//
+// API reference: https://api.cloudflare.com/#zone-analytics-dashboard
+func (api *API) ZoneAnalyticsDashboard(ctx context.Context, zoneID string, options ZoneAnalyticsOptions) (ZoneAnalyticsData, error) {
+	uri := fmt.Sprintf("/zones/%s/analytics/dashboard?%s", zoneID, options.encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneAnalyticsData{}, err
+	}
+	var r zoneAnalyticsDataResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneAnalyticsData{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ZoneAnalyticsByColocation returns zone analytics information by datacenter.
+//
+// API reference: https://api.cloudflare.com/#zone-analytics-analytics-by-co-locations
+func (api *API) ZoneAnalyticsByColocation(ctx context.Context, zoneID string, options ZoneAnalyticsOptions) ([]ZoneAnalyticsColocation, error) {
+	uri := fmt.Sprintf("/zones/%s/analytics/colos?%s", zoneID, options.encode())
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+	var r zoneAnalyticsColocationResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// ZoneSettings returns all of the settings for a given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-get-all-zone-settings
+func (api *API) ZoneSettings(ctx context.Context, zoneID string) (*ZoneSettingResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/settings", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &ZoneSettingResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// UpdateZoneSettings updates the settings for a given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-edit-zone-settings-info
+func (api *API) UpdateZoneSettings(ctx context.Context, zoneID string, settings []ZoneSetting) (*ZoneSettingResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/settings", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, struct {
+		Items []ZoneSetting `json:"items"`
+	}{settings})
+	if err != nil {
+		return nil, err
+	}
+
+	response := &ZoneSettingResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// ZoneSSLSettings returns information about SSL setting to the specified zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-get-ssl-setting
+func (api *API) ZoneSSLSettings(ctx context.Context, zoneID string) (ZoneSSLSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/settings/ssl", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneSSLSetting{}, err
+	}
+	var r ZoneSSLSettingResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateZoneSSLSettings update information about SSL setting to the specified zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-change-ssl-setting
+func (api *API) UpdateZoneSSLSettings(ctx context.Context, zoneID string, sslValue string) (ZoneSSLSetting, error) {
+	uri := fmt.Sprintf("/zones/%s/settings/ssl", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ZoneSSLSetting{Value: sslValue})
+	if err != nil {
+		return ZoneSSLSetting{}, err
+	}
+	var r ZoneSSLSettingResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// FallbackOrigin returns information about the fallback origin for the specified zone.
+//
+// API reference: https://developers.cloudflare.com/ssl/ssl-for-saas/api-calls/#fallback-origin-configuration
+func (api *API) FallbackOrigin(ctx context.Context, zoneID string) (FallbackOrigin, error) {
+	uri := fmt.Sprintf("/zones/%s/fallback_origin", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return FallbackOrigin{}, err
+	}
+
+	var r FallbackOriginResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return FallbackOrigin{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+// UpdateFallbackOrigin updates the fallback origin for a given zone.
+//
+// API reference: https://developers.cloudflare.com/ssl/ssl-for-saas/api-calls/#4-example-patch-to-change-fallback-origin
+func (api *API) UpdateFallbackOrigin(ctx context.Context, zoneID string, fbo FallbackOrigin) (*FallbackOriginResponse, error) {
+	uri := fmt.Sprintf("/zones/%s/fallback_origin", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, fbo)
+	if err != nil {
+		return nil, err
+	}
+
+	response := &FallbackOriginResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response, nil
+}
+
+// normalizeZoneName tries to convert IDNs (international domain names)
+// from Punycode to Unicode form. If the given zone name is not represented
+// as Punycode, or converting fails (for invalid representations), it
+// is returned unchanged.
+//
+// Because all the zone name comparison is currently done using the API service
+// (except for comparison with the empty string), theoretically, we could
+// remove this function from the Go library. However, there should be no harm
+// calling this function other than gelable performance penalty.
+//
+// Note: conversion errors are silently discarded.
+func normalizeZoneName(name string) string {
+	if n, err := idna.ToUnicode(name); err == nil {
+		return n
+	}
+	return name
+}
+
+// GetZoneSetting returns information about specified setting to the specified
+// zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-get-all-zone-settings
+func (api *API) GetZoneSetting(ctx context.Context, rc *ResourceContainer, params GetZoneSettingParams) (ZoneSetting, error) {
+	if rc.Level != ZoneRouteLevel {
+		return ZoneSetting{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ZoneSetting{}, ErrMissingName
+	}
+
+	pathPrefix := "settings"
+	if params.PathPrefix != "" {
+		pathPrefix = params.PathPrefix
+	}
+
+	uri := fmt.Sprintf("/zones/%s/%s/%s", rc.Identifier, pathPrefix, params.Name)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneSetting{}, err
+	}
+	var r ZoneSettingSingleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateZoneSetting updates the specified setting for a given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-settings-edit-zone-settings-info
+func (api *API) UpdateZoneSetting(ctx context.Context, rc *ResourceContainer, params UpdateZoneSettingParams) (ZoneSetting, error) {
+	if rc.Level != ZoneRouteLevel {
+		return ZoneSetting{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	if rc.Identifier == "" {
+		return ZoneSetting{}, ErrMissingName
+	}
+
+	pathPrefix := "settings"
+	if params.PathPrefix != "" {
+		pathPrefix = params.PathPrefix
+	}
+
+	uri := fmt.Sprintf("/zones/%s/%s/%s", rc.Identifier, pathPrefix, params.Name)
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
+	if err != nil {
+		return ZoneSetting{}, err
+	}
+
+	response := &ZoneSettingSingleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// ZoneExport returns the text BIND config for the given zone
+//
+// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-export-dns-records
+func (api *API) ZoneExport(ctx context.Context, zoneID string) (string, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID+"/dns_records/export", nil)
+	if err != nil {
+		return "", err
+	}
+	return string(res), nil
+}
+
+// ZoneDNSSECResponse represents the response from the Zone DNSSEC Setting.
+type ZoneDNSSECResponse struct {
+	Response
+	Result ZoneDNSSEC `json:"result"`
+}
+
+// ZoneDNSSEC represents the response from the Zone DNSSEC Setting result.
+type ZoneDNSSEC struct {
+	Status          string    `json:"status"`
+	Flags           int       `json:"flags"`
+	Algorithm       string    `json:"algorithm"`
+	KeyType         string    `json:"key_type"`
+	DigestType      string    `json:"digest_type"`
+	DigestAlgorithm string    `json:"digest_algorithm"`
+	Digest          string    `json:"digest"`
+	DS              string    `json:"ds"`
+	KeyTag          int       `json:"key_tag"`
+	PublicKey       string    `json:"public_key"`
+	ModifiedOn      time.Time `json:"modified_on"`
+}
+
+// ZoneDNSSECSetting returns the DNSSEC details of a zone
+//
+// API reference: https://api.cloudflare.com/#dnssec-dnssec-details
+func (api *API) ZoneDNSSECSetting(ctx context.Context, zoneID string) (ZoneDNSSEC, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID+"/dnssec", nil)
+	if err != nil {
+		return ZoneDNSSEC{}, err
+	}
+	response := ZoneDNSSECResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneDNSSEC{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// ZoneDNSSECDeleteResponse represents the response from the Zone DNSSEC Delete request.
+type ZoneDNSSECDeleteResponse struct {
+	Response
+	Result string `json:"result"`
+}
+
+// DeleteZoneDNSSEC deletes DNSSEC for zone
+//
+// API reference: https://api.cloudflare.com/#dnssec-delete-dnssec-records
+func (api *API) DeleteZoneDNSSEC(ctx context.Context, zoneID string) (string, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, "/zones/"+zoneID+"/dnssec", nil)
+	if err != nil {
+		return "", err
+	}
+	response := ZoneDNSSECDeleteResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response.Result, nil
+}
+
+// ZoneDNSSECUpdateOptions represents the options for DNSSEC update.
+type ZoneDNSSECUpdateOptions struct {
+	Status string `json:"status"`
+}
+
+// UpdateZoneDNSSEC updates DNSSEC for a zone
+//
+// API reference: https://api.cloudflare.com/#dnssec-edit-dnssec-status
+func (api *API) UpdateZoneDNSSEC(ctx context.Context, zoneID string, options ZoneDNSSECUpdateOptions) (ZoneDNSSEC, error) {
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/zones/"+zoneID+"/dnssec", options)
+	if err != nil {
+		return ZoneDNSSEC{}, err
+	}
+	response := ZoneDNSSECResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneDNSSEC{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/zone_cache_variants.go b/pkg/cloudflare-go/zone_cache_variants.go
new file mode 100644
index 0000000000..101f388d55
--- /dev/null
+++ b/pkg/cloudflare-go/zone_cache_variants.go
@@ -0,0 +1,89 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+type ZoneCacheVariantsValues struct {
+	Avif []string `json:"avif,omitempty"`
+	Bmp  []string `json:"bmp,omitempty"`
+	Gif  []string `json:"gif,omitempty"`
+	Jpeg []string `json:"jpeg,omitempty"`
+	Jpg  []string `json:"jpg,omitempty"`
+	Jpg2 []string `json:"jpg2,omitempty"`
+	Jp2  []string `json:"jp2,omitempty"`
+	Png  []string `json:"png,omitempty"`
+	Tiff []string `json:"tiff,omitempty"`
+	Tif  []string `json:"tif,omitempty"`
+	Webp []string `json:"webp,omitempty"`
+}
+
+type ZoneCacheVariants struct {
+	ModifiedOn time.Time               `json:"modified_on"`
+	Value      ZoneCacheVariantsValues `json:"value"`
+}
+
+type updateZoneCacheVariantsRequest struct {
+	Value ZoneCacheVariantsValues `json:"value"`
+}
+
+type zoneCacheVariantsSingleResponse struct {
+	Response
+	Result ZoneCacheVariants `json:"result"`
+}
+
+// ZoneCacheVariants returns information about the current cache variants
+//
+// API reference: https://api.cloudflare.com/#zone-cache-settings-get-variants-setting
+func (api *API) ZoneCacheVariants(ctx context.Context, zoneID string) (ZoneCacheVariants, error) {
+	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneCacheVariants{}, err
+	}
+	var r zoneCacheVariantsSingleResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return ZoneCacheVariants{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateZoneCacheVariants updates the cache variants for a given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-cache-settings-change-variants-setting
+func (api *API) UpdateZoneCacheVariants(ctx context.Context, zoneID string, variants ZoneCacheVariantsValues) (ZoneCacheVariants, error) {
+	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
+
+	updateReq := updateZoneCacheVariantsRequest{Value: variants}
+	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, updateReq)
+	if err != nil {
+		return ZoneCacheVariants{}, err
+	}
+
+	response := &zoneCacheVariantsSingleResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneCacheVariants{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// DeleteZoneCacheVariants deletes cache variants for a given zone.
+//
+// API reference: https://api.cloudflare.com/#zone-cache-settings-delete-variants-setting
+func (api *API) DeleteZoneCacheVariants(ctx context.Context, zoneID string) error {
+	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
+	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/zone_cache_variants_test.go b/pkg/cloudflare-go/zone_cache_variants_test.go
new file mode 100644
index 0000000000..315d2d9221
--- /dev/null
+++ b/pkg/cloudflare-go/zone_cache_variants_test.go
@@ -0,0 +1,168 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestZoneCacheVariants(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+        {
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "id": "variants",
+            "modified_on": "2014-01-01T05:20:00.12345Z",
+            "value": {
+              "avif": [
+                "image/webp",
+                "image/jpeg"
+              ],
+              "bmp": [
+                "image/webp",
+                "image/jpeg"
+              ]
+            }
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
+
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+	want := ZoneCacheVariants{
+		ModifiedOn: modifiedOn,
+		Value: ZoneCacheVariantsValues{
+			Avif: []string{
+				"image/webp",
+				"image/jpeg",
+			},
+			Bmp: []string{
+				"image/webp",
+				"image/jpeg",
+			},
+		},
+	}
+
+	actual, err := client.ZoneCacheVariants(context.Background(), testZoneID)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestZoneCacheVariantsUpdate(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{"value":{"avif":["image/webp","image/jpeg"],"bmp":["image/webp","image/jpeg"]}}`, string(b))
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+        {
+		  "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+		    "id": "variants",
+            "modified_on": "2014-01-01T05:20:00.12345Z",
+            "value": {
+			  "avif": [
+			    "image/webp",
+                "image/jpeg"
+              ],
+			  "bmp": [
+				"image/webp",
+				"image/jpeg"
+			  ]
+            }
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
+
+	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+
+	want := ZoneCacheVariants{
+		ModifiedOn: modifiedOn,
+		Value: ZoneCacheVariantsValues{
+			Avif: []string{
+				"image/webp",
+				"image/jpeg",
+			},
+			Bmp: []string{
+				"image/webp",
+				"image/jpeg",
+			},
+		},
+	}
+
+	zoneCacheVariants := ZoneCacheVariantsValues{
+		Avif: []string{
+			"image/webp",
+			"image/jpeg",
+		},
+		Bmp: []string{
+			"image/webp",
+			"image/jpeg",
+		}}
+
+	actual, err := client.UpdateZoneCacheVariants(context.Background(), testZoneID, zoneCacheVariants)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestZoneCacheVariantsDelete(t *testing.T) {
+	setup()
+	defer teardown()
+
+	apiCalled := false
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		apiCalled = true
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `
+        {
+		  "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "id": "variants",
+            "modified_on": "2014-01-01T05:20:00.12345Z"
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
+
+	err := client.DeleteZoneCacheVariants(context.Background(), testZoneID)
+
+	assert.NoError(t, err)
+	assert.True(t, apiCalled)
+}
diff --git a/pkg/cloudflare-go/zone_example_test.go b/pkg/cloudflare-go/zone_example_test.go
new file mode 100644
index 0000000000..cbcb50413b
--- /dev/null
+++ b/pkg/cloudflare-go/zone_example_test.go
@@ -0,0 +1,43 @@
+package cloudflare_test
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	cloudflare "github.com/cloudflare/cloudflare-go"
+)
+
+func ExampleAPI_ListZones_all() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch all zones available to this user.
+	zones, err := api.ListZones(context.Background())
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, z := range zones {
+		fmt.Println(z.Name)
+	}
+}
+
+func ExampleAPI_ListZones_filter() {
+	api, err := cloudflare.New("deadbeef", "test@example.org")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Fetch a slice of zones example.org and example.net.
+	zones, err := api.ListZones(context.Background(), "example.org", "example.net")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, z := range zones {
+		fmt.Println(z.Name)
+	}
+}
diff --git a/pkg/cloudflare-go/zone_hold.go b/pkg/cloudflare-go/zone_hold.go
new file mode 100644
index 0000000000..c7f30ccc42
--- /dev/null
+++ b/pkg/cloudflare-go/zone_hold.go
@@ -0,0 +1,111 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/goccy/go-json"
+)
+
+// Retrieve whether the zone is subject to a zone hold, and metadata about the
+// hold.
+type ZoneHold struct {
+	Hold              *bool      `json:"hold,omitempty"`
+	IncludeSubdomains *bool      `json:"include_subdomains,omitempty"`
+	HoldAfter         *time.Time `json:"hold_after,omitempty"`
+}
+
+// ZoneHoldResponse represents a response from the Zone Hold endpoint.
+type ZoneHoldResponse struct {
+	Result ZoneHold `json:"result"`
+	Response
+	ResultInfo `json:"result_info"`
+}
+
+// CreateZoneHoldParams represents params for the Create Zone Hold
+// endpoint.
+type CreateZoneHoldParams struct {
+	IncludeSubdomains *bool `url:"include_subdomains,omitempty"`
+}
+
+// DeleteZoneHoldParams represents params for the Delete Zone Hold
+// endpoint.
+type DeleteZoneHoldParams struct {
+	HoldAfter *time.Time `url:"hold_after,omitempty"`
+}
+
+type GetZoneHoldParams struct{}
+
+// CreateZoneHold enforces a zone hold on the zone, blocking the creation and
+// activation of zone.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zones-0-hold-post
+func (api *API) CreateZoneHold(ctx context.Context, rc *ResourceContainer, params CreateZoneHoldParams) (ZoneHold, error) {
+	if rc.Level != ZoneRouteLevel {
+		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/hold", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
+	if err != nil {
+		return ZoneHold{}, err
+	}
+
+	response := &ZoneHoldResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// DeleteZoneHold removes enforcement of a zone hold on the zone, permanently or
+// temporarily, allowing the creation and activation of zones with this hostname.
+//
+// API reference:https://developers.cloudflare.com/api/operations/zones-0-hold-delete
+func (api *API) DeleteZoneHold(ctx context.Context, rc *ResourceContainer, params DeleteZoneHoldParams) (ZoneHold, error) {
+	if rc.Level != ZoneRouteLevel {
+		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := buildURI(fmt.Sprintf("/zones/%s/hold", rc.Identifier), params)
+	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
+	if err != nil {
+		return ZoneHold{}, err
+	}
+
+	response := &ZoneHoldResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
+
+// GetZoneHold retrieves whether the zone is subject to a zone hold, and the
+// metadata about the hold.
+//
+// API reference: https://developers.cloudflare.com/api/operations/zones-0-hold-get
+func (api *API) GetZoneHold(ctx context.Context, rc *ResourceContainer, params GetZoneHoldParams) (ZoneHold, error) {
+	if rc.Level != ZoneRouteLevel {
+		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
+	}
+
+	uri := fmt.Sprintf("/zones/%s/hold", rc.Identifier)
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return ZoneHold{}, err
+	}
+
+	response := &ZoneHoldResponse{}
+	err = json.Unmarshal(res, &response)
+	if err != nil {
+		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return response.Result, nil
+}
diff --git a/pkg/cloudflare-go/zone_hold_test.go b/pkg/cloudflare-go/zone_hold_test.go
new file mode 100644
index 0000000000..6911e80609
--- /dev/null
+++ b/pkg/cloudflare-go/zone_hold_test.go
@@ -0,0 +1,124 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCreateZoneHold(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "true", r.URL.Query().Get("include_subdomains"))
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"hold": true,
+		"hold_after": "2023-03-20T15:12:32Z",
+		"include_subdomains": true
+	  }
+	}`)
+	})
+
+	_, err := client.CreateZoneHold(context.Background(), AccountIdentifier(""), CreateZoneHoldParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
+	}
+
+	out, err := client.CreateZoneHold(context.Background(), ZoneIdentifier(testZoneID), CreateZoneHoldParams{IncludeSubdomains: BoolPtr(true)})
+	holdAfter, _ := time.Parse(time.RFC3339Nano, "2023-03-20T15:12:32Z")
+	want := ZoneHold{
+		IncludeSubdomains: BoolPtr(true),
+		Hold:              BoolPtr(true),
+		HoldAfter:         &holdAfter,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out)
+	}
+}
+
+func TestDeleteZoneHold(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "2023-03-20T15:12:32Z", r.URL.Query().Get("hold_after"))
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"hold": false,
+		"hold_after": "2023-03-20T15:12:32.025799Z",
+		"include_subdomains": false
+	  }
+	}`)
+	})
+
+	_, err := client.DeleteZoneHold(context.Background(), AccountIdentifier(""), DeleteZoneHoldParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
+	}
+
+	holdAfter, _ := time.Parse(time.RFC3339, "2023-03-20T15:12:32.025799Z")
+	out, err := client.DeleteZoneHold(context.Background(), ZoneIdentifier(testZoneID), DeleteZoneHoldParams{HoldAfter: &holdAfter})
+	want := ZoneHold{
+		IncludeSubdomains: BoolPtr(false),
+		Hold:              BoolPtr(false),
+		HoldAfter:         &holdAfter,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out)
+	}
+}
+
+func TestGetZoneHold(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		fmt.Fprint(w, `
+	{
+	  "success": true,
+	  "errors": [],
+	  "messages": [],
+	  "result": {
+		"hold": false,
+		"hold_after": "2023-03-20T15:12:32Z",
+		"include_subdomains": false
+	  }
+	}`)
+	})
+
+	_, err := client.GetZoneHold(context.Background(), AccountIdentifier(""), GetZoneHoldParams{})
+	if assert.Error(t, err) {
+		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
+	}
+
+	out, err := client.GetZoneHold(context.Background(), ZoneIdentifier(testZoneID), GetZoneHoldParams{})
+	holdAfter, _ := time.Parse(time.RFC3339Nano, "2023-03-20T15:12:32Z")
+	want := ZoneHold{
+		IncludeSubdomains: BoolPtr(false),
+		Hold:              BoolPtr(false),
+		HoldAfter:         &holdAfter,
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, out)
+	}
+}
diff --git a/pkg/cloudflare-go/zone_test.go b/pkg/cloudflare-go/zone_test.go
new file mode 100644
index 0000000000..d8b94cd1c6
--- /dev/null
+++ b/pkg/cloudflare-go/zone_test.go
@@ -0,0 +1,1612 @@
+package cloudflare
+
+import (
+	"context"
+	"crypto/md5"   //nolint:gosec
+	"encoding/hex" // for generating IDs
+	"fmt"
+	"net/http"
+	"net/url"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/goccy/go-json"
+	"github.com/stretchr/testify/assert"
+)
+
+// mockID returns a hex string of length 32, suitable for all kinds of IDs
+// used in the Cloudflare API.
+func mockID(seed string) string {
+	arr := md5.Sum([]byte(seed)) //nolint:gosec
+	return hex.EncodeToString(arr[:])
+}
+
+func mustParseTime(s string) time.Time {
+	t, err := time.Parse(time.RFC3339Nano, s)
+	if err != nil {
+		panic(err)
+	}
+	return t
+}
+
+func mockZone(i int) *Zone {
+	zoneName := fmt.Sprintf("%d.example.com", i)
+	ownerName := "Test Account"
+
+	return &Zone{
+		ID:      mockID(zoneName),
+		Name:    zoneName,
+		DevMode: 0,
+		OriginalNS: []string{
+			"linda.ns.cloudflare.com",
+			"merlin.ns.cloudflare.com",
+		},
+		OriginalRegistrar: "cloudflare, inc. (id: 1910)",
+		OriginalDNSHost:   "",
+		CreatedOn:         mustParseTime("2021-07-28T05:06:20.736244Z"),
+		ModifiedOn:        mustParseTime("2021-07-28T05:06:20.736244Z"),
+		NameServers: []string{
+			"abby.ns.cloudflare.com",
+			"noel.ns.cloudflare.com",
+		},
+		Owner: Owner{
+			ID:        mockID(ownerName),
+			Email:     "",
+			Name:      ownerName,
+			OwnerType: "organization",
+		},
+		Permissions: []string{
+			"#access:read",
+			"#analytics:read",
+			"#auditlogs:read",
+			"#billing:read",
+			"#dns_records:read",
+			"#lb:read",
+			"#legal:read",
+			"#logs:read",
+			"#member:read",
+			"#organization:read",
+			"#ssl:read",
+			"#stream:read",
+			"#subscription:read",
+			"#waf:read",
+			"#webhooks:read",
+			"#worker:read",
+			"#zone:read",
+			"#zone_settings:read",
+		},
+		Plan: ZonePlan{
+			ZonePlanCommon: ZonePlanCommon{
+				ID:       "0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
+				Name:     "Free Website",
+				Currency: "USD",
+			},
+			IsSubscribed:      false,
+			CanSubscribe:      false,
+			LegacyID:          "free",
+			LegacyDiscount:    false,
+			ExternallyManaged: false,
+		},
+		PlanPending: ZonePlan{
+			ZonePlanCommon: ZonePlanCommon{
+				ID: "",
+			},
+			IsSubscribed:      false,
+			CanSubscribe:      false,
+			LegacyID:          "",
+			LegacyDiscount:    false,
+			ExternallyManaged: false,
+		},
+		Status: "active",
+		Paused: false,
+		Type:   "full",
+		Host: struct {
+			Name    string
+			Website string
+		}{
+			Name:    "",
+			Website: "",
+		},
+		VanityNS:    nil,
+		Betas:       nil,
+		DeactReason: "",
+		Meta: ZoneMeta{
+			PageRuleQuota:     3,
+			WildcardProxiable: false,
+			PhishingDetected:  false,
+		},
+		Account: Account{
+			ID:   mockID(ownerName),
+			Name: ownerName,
+		},
+		VerificationKey: "",
+	}
+}
+
+func mockZonesResponse(total, page, start, count int) *ZonesResponse {
+	zones := make([]Zone, count)
+	for i := range zones {
+		zones[i] = *mockZone(start + i)
+	}
+
+	return &ZonesResponse{
+		Result: zones,
+		ResultInfo: ResultInfo{
+			Page:       page,
+			PerPage:    50,
+			TotalPages: (total + 49) / 50,
+			Count:      count,
+			Total:      total,
+		},
+		Response: Response{
+			Success:  true,
+			Errors:   []ResponseInfo{},
+			Messages: []ResponseInfo{},
+		},
+	}
+}
+
+func TestZoneAnalyticsDashboard(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "2015-01-01T12:23:00Z", r.URL.Query().Get("since"))
+		assert.Equal(t, "2015-01-02T12:23:00Z", r.URL.Query().Get("until"))
+		assert.Equal(t, "true", r.URL.Query().Get("continuous"))
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#zone-analytics-properties
+		fmt.Fprintf(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": {
+            "totals": {
+              "since": "2015-01-01T12:23:00Z",
+              "until": "2015-01-02T12:23:00Z",
+              "requests": {
+                "all": 1234085328,
+                "cached": 1234085328,
+                "uncached": 13876154,
+                "content_type": {
+                  "css": 15343,
+                  "html": 1234213,
+                  "javascript": 318236,
+                  "gif": 23178,
+                  "jpeg": 1982048
+                },
+                "country": {
+                  "US": 4181364,
+                  "AG": 37298,
+                  "GI": 293846
+                },
+                "ssl": {
+                  "encrypted": 12978361,
+                  "unencrypted": 781263
+                },
+                "http_status": {
+                  "200": 13496983,
+                  "301": 283,
+                  "400": 187936,
+                  "402": 1828,
+                  "404": 1293
+                }
+              },
+              "bandwidth": {
+                "all": 213867451,
+                "cached": 113205063,
+                "uncached": 113205063,
+                "content_type": {
+                  "css": 237421,
+                  "html": 1231290,
+                  "javascript": 123245,
+                  "gif": 1234242,
+                  "jpeg": 784278
+                },
+                "country": {
+                  "US": 123145433,
+                  "AG": 2342483,
+                  "GI": 984753
+                },
+                "ssl": {
+                  "encrypted": 37592942,
+                  "unencrypted": 237654192
+                }
+              },
+              "threats": {
+                "all": 23423873,
+                "country": {
+                  "US": 123,
+                  "CN": 523423,
+                  "AU": 91
+                },
+                "type": {
+                  "user.ban.ip": 123,
+                  "hot.ban.unknown": 5324,
+                  "macro.chl.captchaErr": 1341,
+                  "macro.chl.jschlErr": 5323
+                }
+              },
+              "pageviews": {
+                "all": 5724723,
+                "search_engines": {
+                  "googlebot": 35272,
+                  "pingdom": 13435,
+                  "bingbot": 5372,
+                  "baidubot": 1345
+                }
+              },
+              "uniques": {
+                "all": 12343
+              }
+            },
+            "timeseries": [
+              {
+                "since": "2015-01-01T12:23:00Z",
+                "until": "2015-01-02T12:23:00Z",
+                "requests": {
+                  "all": 1234085328,
+                  "cached": 1234085328,
+                  "uncached": 13876154,
+                  "content_type": {
+                    "css": 15343,
+                    "html": 1234213,
+                    "javascript": 318236,
+                    "gif": 23178,
+                    "jpeg": 1982048
+                  },
+                  "country": {
+                    "US": 4181364,
+                    "AG": 37298,
+                    "GI": 293846
+                  },
+                  "ssl": {
+                    "encrypted": 12978361,
+                    "unencrypted": 781263
+                  },
+                  "http_status": {
+                    "200": 13496983,
+                    "301": 283,
+                    "400": 187936,
+                    "402": 1828,
+                    "404": 1293
+                  }
+                },
+                "bandwidth": {
+                  "all": 213867451,
+                  "cached": 113205063,
+                  "uncached": 113205063,
+                  "content_type": {
+                    "css": 237421,
+                    "html": 1231290,
+                    "javascript": 123245,
+                    "gif": 1234242,
+                    "jpeg": 784278
+                  },
+                  "country": {
+                    "US": 123145433,
+                    "AG": 2342483,
+                    "GI": 984753
+                  },
+                  "ssl": {
+                    "encrypted": 37592942,
+                    "unencrypted": 237654192
+                  }
+                },
+                "threats": {
+                  "all": 23423873,
+                  "country": {
+                    "US": 123,
+                    "CN": 523423,
+                    "AU": 91
+                  },
+                  "type": {
+                    "user.ban.ip": 123,
+                    "hot.ban.unknown": 5324,
+                    "macro.chl.captchaErr": 1341,
+                    "macro.chl.jschlErr": 5323
+                  }
+                },
+                "pageviews": {
+                  "all": 5724723,
+                  "search_engines": {
+                    "googlebot": 35272,
+                    "pingdom": 13435,
+                    "bingbot": 5372,
+                    "baidubot": 1345
+                  }
+                },
+                "uniques": {
+                  "all": 12343
+                }
+              }
+            ]
+          },
+          "query": {
+            "since": "2015-01-01T12:23:00Z",
+            "until": "2015-01-02T12:23:00Z",
+            "time_delta": 60
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/foo/analytics/dashboard", handler)
+
+	since, _ := time.Parse(time.RFC3339, "2015-01-01T12:23:00Z")
+	until, _ := time.Parse(time.RFC3339, "2015-01-02T12:23:00Z")
+	data := ZoneAnalytics{
+		Since: since,
+		Until: until,
+		Requests: struct {
+			All         int            `json:"all"`
+			Cached      int            `json:"cached"`
+			Uncached    int            `json:"uncached"`
+			ContentType map[string]int `json:"content_type"`
+			Country     map[string]int `json:"country"`
+			SSL         struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			} `json:"ssl"`
+			HTTPStatus map[string]int `json:"http_status"`
+		}{
+			All:      1234085328,
+			Cached:   1234085328,
+			Uncached: 13876154,
+			ContentType: map[string]int{
+				"css":        15343,
+				"html":       1234213,
+				"javascript": 318236,
+				"gif":        23178,
+				"jpeg":       1982048,
+			},
+			Country: map[string]int{
+				"US": 4181364,
+				"AG": 37298,
+				"GI": 293846,
+			},
+			SSL: struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			}{
+				Encrypted:   12978361,
+				Unencrypted: 781263,
+			},
+			HTTPStatus: map[string]int{
+				"200": 13496983,
+				"301": 283,
+				"400": 187936,
+				"402": 1828,
+				"404": 1293,
+			},
+		},
+		Bandwidth: struct {
+			All         int            `json:"all"`
+			Cached      int            `json:"cached"`
+			Uncached    int            `json:"uncached"`
+			ContentType map[string]int `json:"content_type"`
+			Country     map[string]int `json:"country"`
+			SSL         struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			} `json:"ssl"`
+		}{
+			All:      213867451,
+			Cached:   113205063,
+			Uncached: 113205063,
+			ContentType: map[string]int{
+				"css":        237421,
+				"html":       1231290,
+				"javascript": 123245,
+				"gif":        1234242,
+				"jpeg":       784278,
+			},
+			Country: map[string]int{
+				"US": 123145433,
+				"AG": 2342483,
+				"GI": 984753,
+			},
+			SSL: struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			}{
+				Encrypted:   37592942,
+				Unencrypted: 237654192,
+			},
+		},
+		Threats: struct {
+			All     int            `json:"all"`
+			Country map[string]int `json:"country"`
+			Type    map[string]int `json:"type"`
+		}{
+			All: 23423873,
+			Country: map[string]int{
+				"US": 123,
+				"CN": 523423,
+				"AU": 91,
+			},
+			Type: map[string]int{
+				"user.ban.ip":          123,
+				"hot.ban.unknown":      5324,
+				"macro.chl.captchaErr": 1341,
+				"macro.chl.jschlErr":   5323,
+			},
+		},
+		Pageviews: struct {
+			All           int            `json:"all"`
+			SearchEngines map[string]int `json:"search_engines"`
+		}{
+			All: 5724723,
+			SearchEngines: map[string]int{
+				"googlebot": 35272,
+				"pingdom":   13435,
+				"bingbot":   5372,
+				"baidubot":  1345,
+			},
+		},
+		Uniques: struct {
+			All int `json:"all"`
+		}{
+			All: 12343,
+		},
+	}
+	want := ZoneAnalyticsData{
+		Totals:     data,
+		Timeseries: []ZoneAnalytics{data},
+	}
+
+	continuous := true
+	d, err := client.ZoneAnalyticsDashboard(context.Background(), "foo", ZoneAnalyticsOptions{
+		Since:      &since,
+		Until:      &until,
+		Continuous: &continuous,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ZoneAnalyticsDashboard(context.Background(), "bar", ZoneAnalyticsOptions{})
+	assert.Error(t, err)
+}
+
+func TestZoneAnalyticsByColocation(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		assert.Equal(t, "2015-01-01T12:23:00Z", r.URL.Query().Get("since"))
+		assert.Equal(t, "2015-01-02T12:23:00Z", r.URL.Query().Get("until"))
+		assert.Equal(t, "true", r.URL.Query().Get("continuous"))
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#zone-analytics-analytics-by-co-locations
+		fmt.Fprintf(w, `{
+          "success": true,
+          "errors": [],
+          "messages": [],
+          "result": [
+            {
+              "colo_id": "SFO",
+              "timeseries": [
+                {
+                  "since": "2015-01-01T12:23:00Z",
+                  "until": "2015-01-02T12:23:00Z",
+                  "requests": {
+                    "all": 1234085328,
+                    "cached": 1234085328,
+                    "uncached": 13876154,
+                    "content_type": {
+                      "css": 15343,
+                      "html": 1234213,
+                      "javascript": 318236,
+                      "gif": 23178,
+                      "jpeg": 1982048
+                    },
+                    "country": {
+                      "US": 4181364,
+                      "AG": 37298,
+                      "GI": 293846
+                    },
+                    "ssl": {
+                      "encrypted": 12978361,
+                      "unencrypted": 781263
+                    },
+                    "http_status": {
+                      "200": 13496983,
+                      "301": 283,
+                      "400": 187936,
+                      "402": 1828,
+                      "404": 1293
+                    }
+                  },
+                  "bandwidth": {
+                    "all": 213867451,
+                    "cached": 113205063,
+                    "uncached": 113205063,
+                    "content_type": {
+                      "css": 237421,
+                      "html": 1231290,
+                      "javascript": 123245,
+                      "gif": 1234242,
+                      "jpeg": 784278
+                    },
+                    "country": {
+                      "US": 123145433,
+                      "AG": 2342483,
+                      "GI": 984753
+                    },
+                    "ssl": {
+                      "encrypted": 37592942,
+                      "unencrypted": 237654192
+                    }
+                  },
+                  "threats": {
+                    "all": 23423873,
+                    "country": {
+                      "US": 123,
+                      "CN": 523423,
+                      "AU": 91
+                    },
+                    "type": {
+                      "user.ban.ip": 123,
+                      "hot.ban.unknown": 5324,
+                      "macro.chl.captchaErr": 1341,
+                      "macro.chl.jschlErr": 5323
+                    }
+                  },
+                  "pageviews": {
+                    "all": 5724723,
+                    "search_engines": {
+                      "googlebot": 35272,
+                      "pingdom": 13435,
+                      "bingbot": 5372,
+                      "baidubot": 1345
+                    }
+                  },
+                  "uniques": {
+                    "all": 12343
+                  }
+                }
+              ]
+            }
+          ],
+          "query": {
+            "since": "2015-01-01T12:23:00Z",
+            "until": "2015-01-02T12:23:00Z",
+            "time_delta": 60
+          }
+        }`)
+	}
+
+	mux.HandleFunc("/zones/foo/analytics/colos", handler)
+
+	since, _ := time.Parse(time.RFC3339, "2015-01-01T12:23:00Z")
+	until, _ := time.Parse(time.RFC3339, "2015-01-02T12:23:00Z")
+	data := ZoneAnalytics{
+		Since: since,
+		Until: until,
+		Requests: struct {
+			All         int            `json:"all"`
+			Cached      int            `json:"cached"`
+			Uncached    int            `json:"uncached"`
+			ContentType map[string]int `json:"content_type"`
+			Country     map[string]int `json:"country"`
+			SSL         struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			} `json:"ssl"`
+			HTTPStatus map[string]int `json:"http_status"`
+		}{
+			All:      1234085328,
+			Cached:   1234085328,
+			Uncached: 13876154,
+			ContentType: map[string]int{
+				"css":        15343,
+				"html":       1234213,
+				"javascript": 318236,
+				"gif":        23178,
+				"jpeg":       1982048,
+			},
+			Country: map[string]int{
+				"US": 4181364,
+				"AG": 37298,
+				"GI": 293846,
+			},
+			SSL: struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			}{
+				Encrypted:   12978361,
+				Unencrypted: 781263,
+			},
+			HTTPStatus: map[string]int{
+				"200": 13496983,
+				"301": 283,
+				"400": 187936,
+				"402": 1828,
+				"404": 1293,
+			},
+		},
+		Bandwidth: struct {
+			All         int            `json:"all"`
+			Cached      int            `json:"cached"`
+			Uncached    int            `json:"uncached"`
+			ContentType map[string]int `json:"content_type"`
+			Country     map[string]int `json:"country"`
+			SSL         struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			} `json:"ssl"`
+		}{
+			All:      213867451,
+			Cached:   113205063,
+			Uncached: 113205063,
+			ContentType: map[string]int{
+				"css":        237421,
+				"html":       1231290,
+				"javascript": 123245,
+				"gif":        1234242,
+				"jpeg":       784278,
+			},
+			Country: map[string]int{
+				"US": 123145433,
+				"AG": 2342483,
+				"GI": 984753,
+			},
+			SSL: struct {
+				Encrypted   int `json:"encrypted"`
+				Unencrypted int `json:"unencrypted"`
+			}{
+				Encrypted:   37592942,
+				Unencrypted: 237654192,
+			},
+		},
+		Threats: struct {
+			All     int            `json:"all"`
+			Country map[string]int `json:"country"`
+			Type    map[string]int `json:"type"`
+		}{
+			All: 23423873,
+			Country: map[string]int{
+				"US": 123,
+				"CN": 523423,
+				"AU": 91,
+			},
+			Type: map[string]int{
+				"user.ban.ip":          123,
+				"hot.ban.unknown":      5324,
+				"macro.chl.captchaErr": 1341,
+				"macro.chl.jschlErr":   5323,
+			},
+		},
+		Pageviews: struct {
+			All           int            `json:"all"`
+			SearchEngines map[string]int `json:"search_engines"`
+		}{
+			All: 5724723,
+			SearchEngines: map[string]int{
+				"googlebot": 35272,
+				"pingdom":   13435,
+				"bingbot":   5372,
+				"baidubot":  1345,
+			},
+		},
+		Uniques: struct {
+			All int `json:"all"`
+		}{
+			All: 12343,
+		},
+	}
+	want := []ZoneAnalyticsColocation{
+		{
+			ColocationID: "SFO",
+			Timeseries:   []ZoneAnalytics{data},
+		},
+	}
+
+	continuous := true
+	d, err := client.ZoneAnalyticsByColocation(context.Background(), "foo", ZoneAnalyticsOptions{
+		Since:      &since,
+		Until:      &until,
+		Continuous: &continuous,
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, d)
+	}
+
+	_, err = client.ZoneAnalyticsDashboard(context.Background(), "bar", ZoneAnalyticsOptions{})
+	assert.Error(t, err)
+}
+
+func TestWithPagination(t *testing.T) {
+	opt := reqOption{
+		params: url.Values{},
+	}
+	popts := PaginationOptions{
+		Page:    45,
+		PerPage: 500,
+	}
+	of := WithPagination(popts)
+	of(&opt)
+
+	tests := []struct {
+		name     string
+		expected string
+	}{
+		{"page", "45"},
+		{"per_page", "500"},
+	}
+
+	for _, tt := range tests {
+		if got := opt.params.Get(tt.name); got != tt.expected {
+			t.Errorf("expected param %s to be %s, got %s", tt.name, tt.expected, got)
+		}
+	}
+}
+
+func TestZoneFilters(t *testing.T) {
+	opt := reqOption{
+		params: url.Values{},
+	}
+	of := WithZoneFilters("example.org", "", "")
+	of(&opt)
+
+	if got := opt.params.Get("name"); got != "example.org" {
+		t.Errorf("expected param %s to be %s, got %s", "name", "example.org", got)
+	}
+}
+
+var createdAndModifiedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
+var expectedFullZoneSetup = Zone{
+	ID:      "023e105f4ecef8ad9ca31a8372d0c353",
+	Name:    "example.com",
+	DevMode: 7200,
+	OriginalNS: []string{
+		"ns1.originaldnshost.com",
+		"ns2.originaldnshost.com",
+	},
+	OriginalRegistrar: "GoDaddy",
+	OriginalDNSHost:   "NameCheap",
+	CreatedOn:         createdAndModifiedOn,
+	ModifiedOn:        createdAndModifiedOn,
+	Owner: Owner{
+		ID:        "7c5dae5552338874e5053f2534d2767a",
+		Email:     "user@example.com",
+		OwnerType: "user",
+	},
+	Account: Account{
+		ID:   "01a7362d577a6c3019a474fd6f485823",
+		Name: "Demo Account",
+	},
+	Permissions: []string{"#zone:read", "#zone:edit"},
+	Plan: ZonePlan{
+		ZonePlanCommon: ZonePlanCommon{
+			ID:        "e592fd9519420ba7405e1307bff33214",
+			Name:      "Pro Plan",
+			Price:     20,
+			Currency:  "USD",
+			Frequency: "monthly",
+		},
+		LegacyID:     "pro",
+		IsSubscribed: true,
+		CanSubscribe: true,
+	},
+	PlanPending: ZonePlan{
+		ZonePlanCommon: ZonePlanCommon{
+			ID:        "e592fd9519420ba7405e1307bff33214",
+			Name:      "Pro Plan",
+			Price:     20,
+			Currency:  "USD",
+			Frequency: "monthly",
+		},
+		LegacyID:     "pro",
+		IsSubscribed: true,
+		CanSubscribe: true,
+	},
+	Status:      "active",
+	Paused:      false,
+	Type:        "full",
+	NameServers: []string{"tony.ns.cloudflare.com", "woz.ns.cloudflare.com"},
+}
+var expectedPartialZoneSetup = Zone{
+	ID:      "023e105f4ecef8ad9ca31a8372d0c353",
+	Name:    "example.com",
+	DevMode: 7200,
+	OriginalNS: []string{
+		"ns1.originaldnshost.com",
+		"ns2.originaldnshost.com",
+	},
+	OriginalRegistrar: "GoDaddy",
+	OriginalDNSHost:   "NameCheap",
+	CreatedOn:         createdAndModifiedOn,
+	ModifiedOn:        createdAndModifiedOn,
+	Owner: Owner{
+		ID:        "7c5dae5552338874e5053f2534d2767a",
+		Email:     "user@example.com",
+		OwnerType: "user",
+	},
+	Account: Account{
+		ID:   "01a7362d577a6c3019a474fd6f485823",
+		Name: "Demo Account",
+	},
+	Permissions: []string{"#zone:read", "#zone:edit"},
+	Plan: ZonePlan{
+		ZonePlanCommon: ZonePlanCommon{
+			ID:        "e592fd9519420ba7405e1307bff33214",
+			Name:      "Pro Plan",
+			Price:     20,
+			Currency:  "USD",
+			Frequency: "monthly",
+		},
+		LegacyID:     "pro",
+		IsSubscribed: true,
+		CanSubscribe: true,
+	},
+	PlanPending: ZonePlan{
+		ZonePlanCommon: ZonePlanCommon{
+			ID:        "e592fd9519420ba7405e1307bff33214",
+			Name:      "Pro Plan",
+			Price:     20,
+			Currency:  "USD",
+			Frequency: "monthly",
+		},
+		LegacyID:     "pro",
+		IsSubscribed: true,
+		CanSubscribe: true,
+	},
+	Status:      "active",
+	Paused:      false,
+	Type:        "partial",
+	NameServers: []string{"tony.ns.cloudflare.com", "woz.ns.cloudflare.com"},
+}
+
+func TestCreateZoneFullSetup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "023e105f4ecef8ad9ca31a8372d0c353",
+				"name": "example.com",
+				"development_mode": 7200,
+				"original_name_servers": [
+					"ns1.originaldnshost.com",
+					"ns2.originaldnshost.com"
+				],
+				"original_registrar": "GoDaddy",
+				"original_dnshost": "NameCheap",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"activated_on": "2014-01-02T00:01:00.12345Z",
+				"owner": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"email": "user@example.com",
+					"type": "user"
+				},
+				"account": {
+					"id": "01a7362d577a6c3019a474fd6f485823",
+					"name": "Demo Account"
+				},
+				"permissions": [
+					"#zone:read",
+					"#zone:edit"
+				],
+				"plan": {
+					"id": "e592fd9519420ba7405e1307bff33214",
+					"name": "Pro Plan",
+					"price": 20,
+					"currency": "USD",
+					"frequency": "monthly",
+					"legacy_id": "pro",
+					"is_subscribed": true,
+					"can_subscribe": true
+				},
+				"plan_pending": {
+					"id": "e592fd9519420ba7405e1307bff33214",
+					"name": "Pro Plan",
+					"price": 20,
+					"currency": "USD",
+					"frequency": "monthly",
+					"legacy_id": "pro",
+					"is_subscribed": true,
+					"can_subscribe": true
+				},
+				"status": "active",
+				"paused": false,
+				"type": "full",
+				"name_servers": [
+					"tony.ns.cloudflare.com",
+					"woz.ns.cloudflare.com"
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones", handler)
+
+	actual, err := client.CreateZone(context.Background(), "example.com", false, Account{ID: "01a7362d577a6c3019a474fd6f485823"}, "full")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedFullZoneSetup, actual)
+	}
+}
+
+func TestCreateZonePartialSetup(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"success": true,
+			"errors": [],
+			"messages": [],
+			"result": {
+				"id": "023e105f4ecef8ad9ca31a8372d0c353",
+				"name": "example.com",
+				"development_mode": 7200,
+				"original_name_servers": [
+					"ns1.originaldnshost.com",
+					"ns2.originaldnshost.com"
+				],
+				"original_registrar": "GoDaddy",
+				"original_dnshost": "NameCheap",
+				"created_on": "2014-01-01T05:20:00.12345Z",
+				"modified_on": "2014-01-01T05:20:00.12345Z",
+				"activated_on": "2014-01-02T00:01:00.12345Z",
+				"owner": {
+					"id": "7c5dae5552338874e5053f2534d2767a",
+					"email": "user@example.com",
+					"type": "user"
+				},
+				"account": {
+					"id": "01a7362d577a6c3019a474fd6f485823",
+					"name": "Demo Account"
+				},
+				"permissions": [
+					"#zone:read",
+					"#zone:edit"
+				],
+				"plan": {
+					"id": "e592fd9519420ba7405e1307bff33214",
+					"name": "Pro Plan",
+					"price": 20,
+					"currency": "USD",
+					"frequency": "monthly",
+					"legacy_id": "pro",
+					"is_subscribed": true,
+					"can_subscribe": true
+				},
+				"plan_pending": {
+					"id": "e592fd9519420ba7405e1307bff33214",
+					"name": "Pro Plan",
+					"price": 20,
+					"currency": "USD",
+					"frequency": "monthly",
+					"legacy_id": "pro",
+					"is_subscribed": true,
+					"can_subscribe": true
+				},
+				"status": "active",
+				"paused": false,
+				"type": "partial",
+				"name_servers": [
+					"tony.ns.cloudflare.com",
+					"woz.ns.cloudflare.com"
+				]
+			}
+		}
+		`)
+	}
+
+	mux.HandleFunc("/zones", handler)
+
+	actual, err := client.CreateZone(context.Background(), "example.com", false, Account{ID: "01a7362d577a6c3019a474fd6f485823"}, "partial")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, expectedPartialZoneSetup, actual)
+	}
+}
+
+func TestFallbackOrigin_FallbackOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+"success": true,
+"errors": [],
+"messages": [],
+"result": {
+    "id": "fallback_origin",
+    "value": "app.example.com",
+    "editable": true
+  }
+}`)
+	})
+
+	fallbackOrigin, err := client.FallbackOrigin(context.Background(), "foo")
+
+	want := FallbackOrigin{
+		ID:    "fallback_origin",
+		Value: "app.example.com",
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, fallbackOrigin)
+	}
+}
+
+func TestFallbackOrigin_UpdateFallbackOrigin(t *testing.T) {
+	setup()
+	defer teardown()
+
+	mux.HandleFunc("/zones/foo/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+		fmt.Fprintf(w, `
+{
+  "success": true,
+  "errors": [],
+  "messages": [],
+  "result": {
+    "id": "fallback_origin",
+    "value": "app.example.com",
+		"editable": true
+  }
+}`)
+	})
+
+	response, err := client.UpdateFallbackOrigin(context.Background(), "foo", FallbackOrigin{Value: "app.example.com"})
+
+	want := &FallbackOriginResponse{
+		Result: FallbackOrigin{
+			ID:    "fallback_origin",
+			Value: "app.example.com",
+		},
+		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
+	}
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, response)
+	}
+}
+
+func Test_normalizeZoneName(t *testing.T) {
+	tests := []struct {
+		name     string
+		zone     string
+		expected string
+	}{
+		{
+			name:     "unicode stays unicode",
+			zone:     "ünì¢øðe.tld",
+			expected: "ünì¢øðe.tld",
+		}, {
+			name:     "valid punycode is normalized to unicode",
+			zone:     "xn--ne-7ca90ava1cya.tld",
+			expected: "ünì¢øðe.tld",
+		}, {
+			name:     "valid punycode in second label",
+			zone:     "example.xn--j6w193g",
+			expected: "example.香港",
+		}, {
+			name:     "invalid punycode is returned without change",
+			zone:     "xn-invalid.xn-invalid-tld",
+			expected: "xn-invalid.xn-invalid-tld",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := normalizeZoneName(tt.zone)
+			assert.Equal(t, tt.expected, actual)
+		})
+	}
+}
+
+func TestZonePartialHasVerificationKey(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#zone-zone-details (plus an undocumented field verification_key from curl to API)
+		fmt.Fprintf(w, `{
+  "result": {
+    "id": "foo",
+    "name": "bar",
+    "status": "active",
+    "paused": false,
+    "type": "partial",
+    "development_mode": 0,
+    "verification_key": "foo-bar",
+    "original_name_servers": ["a","b","c","d"],
+    "original_registrar": null,
+    "original_dnshost": null,
+    "modified_on": "2019-09-04T15:11:43.409805Z",
+    "created_on": "2018-12-06T14:33:38.410126Z",
+    "activated_on": "2018-12-06T14:34:39.274528Z",
+    "meta": {
+      "step": 4,
+      "wildcard_proxiable": true,
+      "custom_certificate_quota": 1,
+      "page_rule_quota": 100,
+      "phishing_detected": false,
+      "multiple_railguns_allowed": false
+    },
+    "owner": {
+      "id": "bbbbbbbbbbbbbbbbbbbbbbbb",
+      "type": "organization",
+      "name": "OrgName"
+    },
+    "account": {
+      "id": "aaaaaaaaaaaaaaaaaaaaaaaa",
+      "name": "AccountName"
+    },
+    "permissions": [
+      "#access:edit",
+      "#access:read",
+      "#analytics:read",
+      "#app:edit",
+      "#auditlogs:read",
+      "#billing:read",
+      "#cache_purge:edit",
+      "#dns_records:edit",
+      "#dns_records:read",
+      "#lb:edit",
+      "#lb:read",
+      "#legal:read",
+      "#logs:edit",
+      "#logs:read",
+      "#member:read",
+      "#organization:edit",
+      "#organization:read",
+      "#ssl:edit",
+      "#ssl:read",
+      "#stream:edit",
+      "#stream:read",
+      "#subscription:edit",
+      "#subscription:read",
+      "#waf:edit",
+      "#waf:read",
+      "#webhooks:edit",
+      "#webhooks:read",
+      "#worker:edit",
+      "#worker:read",
+      "#zone:edit",
+      "#zone:read",
+      "#zone_settings:edit",
+      "#zone_settings:read"
+    ],
+    "plan": {
+      "id": "94f3b7b768b0458b56d2cac4fe5ec0f9",
+      "name": "Enterprise Website",
+      "price": 0,
+      "currency": "USD",
+      "frequency": "monthly",
+      "is_subscribed": true,
+      "can_subscribe": true,
+      "legacy_id": "enterprise",
+      "legacy_discount": false,
+      "externally_managed": true
+    }
+  },
+  "success": true,
+  "errors": [],
+  "messages": []
+}`)
+	}
+
+	mux.HandleFunc("/zones/foo", handler)
+
+	z, err := client.ZoneDetails(context.Background(), "foo")
+	if assert.NoError(t, err) {
+		assert.NotEmpty(t, z.VerificationKey)
+		assert.Equal(t, z.VerificationKey, "foo-bar")
+	}
+}
+
+func TestZoneDNSSECSetting(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#dnssec-properties
+		fmt.Fprintf(w, `{
+			"result": {
+				"status": "active",
+				"flags": 257,
+				"algorithm": "13",
+				"key_type": "ECDSAP256SHA256",
+				"digest_type": "2",
+				"digest_algorithm": "SHA256",
+				"digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
+				"ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
+				"key_tag": 42,
+				"public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
+				"modified_on": "2014-01-01T05:20:00Z"
+  			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/foo/dnssec", handler)
+
+	z, err := client.ZoneDNSSECSetting(context.Background(), "foo")
+	if assert.NoError(t, err) {
+		assert.Equal(t, z.Status, "active")
+		assert.Equal(t, z.Flags, 257)
+		assert.Equal(t, z.Algorithm, "13")
+		assert.Equal(t, z.KeyType, "ECDSAP256SHA256")
+		assert.Equal(t, z.DigestType, "2")
+		assert.Equal(t, z.DigestAlgorithm, "SHA256")
+		assert.Equal(t, z.Digest, "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
+		assert.Equal(t, z.DS, "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
+		assert.Equal(t, z.KeyTag, 42)
+		assert.Equal(t, z.PublicKey, "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==")
+		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
+		assert.Equal(t, z.ModifiedOn, time)
+	}
+}
+
+func TestDeleteZoneDNSSEC(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#dnssec-properties
+		fmt.Fprintf(w, `{
+			"result": "foo"
+		}`)
+	}
+
+	mux.HandleFunc("/zones/foo/dnssec", handler)
+
+	z, err := client.DeleteZoneDNSSEC(context.Background(), "foo")
+	if assert.NoError(t, err) {
+		assert.Equal(t, z, "foo")
+	}
+}
+
+func TestUpdateZoneDNSSEC(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#dnssec-properties
+		fmt.Fprintf(w, `{
+			"result": {
+				"status": "active",
+				"flags": 257,
+				"algorithm": "13",
+				"key_type": "ECDSAP256SHA256",
+				"digest_type": "2",
+				"digest_algorithm": "SHA256",
+				"digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
+				"ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
+				"key_tag": 42,
+				"public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
+				"modified_on": "2014-01-01T05:20:00Z"
+  			}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/foo/dnssec", handler)
+
+	z, err := client.UpdateZoneDNSSEC(context.Background(), "foo", ZoneDNSSECUpdateOptions{
+		Status: "active",
+	})
+	if assert.NoError(t, err) {
+		assert.Equal(t, z.Status, "active")
+		assert.Equal(t, z.Flags, 257)
+		assert.Equal(t, z.Algorithm, "13")
+		assert.Equal(t, z.KeyType, "ECDSAP256SHA256")
+		assert.Equal(t, z.DigestType, "2")
+		assert.Equal(t, z.DigestAlgorithm, "SHA256")
+		assert.Equal(t, z.Digest, "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
+		assert.Equal(t, z.DS, "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
+		assert.Equal(t, z.KeyTag, 42)
+		assert.Equal(t, z.PublicKey, "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==")
+		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
+		assert.Equal(t, z.ModifiedOn, time)
+	}
+}
+
+func TestZoneSetType(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+			"result": {
+				"type": "partial",
+				"verification_key": "000000000-000000000",
+				"modified_on": "2014-01-01T05:20:00Z"
+				}
+		}`)
+	}
+
+	mux.HandleFunc("/zones/foo", handler)
+
+	z, err := client.ZoneSetType(context.Background(), "foo", "partial")
+	if assert.NoError(t, err) {
+		assert.Equal(t, z.Type, "partial")
+		assert.Equal(t, z.VerificationKey, "000000000-000000000")
+		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
+		assert.Equal(t, z.ModifiedOn, time)
+	}
+}
+
+func parsePage(t *testing.T, total int, s string) (int, bool) {
+	if s == "" {
+		return 1, true
+	}
+
+	page, err := strconv.Atoi(s)
+	if !assert.NoError(t, err) {
+		return 0, false
+	}
+
+	if !assert.LessOrEqual(t, page, total) || !assert.GreaterOrEqual(t, page, 1) {
+		return 0, false
+	}
+
+	return page, true
+}
+
+func TestListZones(t *testing.T) {
+	setup()
+	defer teardown()
+
+	const (
+		total     = 392
+		totalPage = (total + 49) / 50
+	)
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case !assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method):
+			return
+		case !assert.Equal(t, "50", r.URL.Query().Get("per_page")):
+			return
+		}
+
+		page, ok := parsePage(t, totalPage, r.URL.Query().Get("page"))
+		if !ok {
+			return
+		}
+
+		start := (page - 1) * 50
+
+		count := 50
+		if page == totalPage {
+			count = total - start
+		}
+
+		w.Header().Set("content-type", "application/json")
+		err := json.NewEncoder(w).Encode(mockZonesResponse(total, page, start, count))
+		assert.NoError(t, err)
+	}
+
+	mux.HandleFunc("/zones", handler)
+
+	zones, err := client.ListZones(context.Background())
+	if !assert.NoError(t, err) || !assert.Equal(t, total, len(zones)) {
+		return
+	}
+
+	for i, zone := range zones {
+		assert.Equal(t, *mockZone(i), zone)
+	}
+}
+
+func TestListZonesFailingPages(t *testing.T) {
+	setup()
+	defer teardown()
+
+	const (
+		total     = 1489
+		totalPage = (total + 49) / 50
+	)
+
+	// the pages to reject
+	isReject := func(i int) bool { return i == 4 || i == 7 }
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case !assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method):
+			return
+		case !assert.Equal(t, "50", r.URL.Query().Get("per_page")):
+			return
+		}
+
+		page, ok := parsePage(t, totalPage, r.URL.Query().Get("page"))
+		switch {
+		case !ok:
+			return
+		case isReject(page):
+			return
+		}
+
+		start := (page - 1) * 50
+
+		count := 50
+		if page == totalPage {
+			count = total - start
+		}
+
+		w.Header().Set("content-type", "application/json")
+		err := json.NewEncoder(w).Encode(mockZonesResponse(total, page, start, count))
+		assert.NoError(t, err)
+	}
+
+	mux.HandleFunc("/zones", handler)
+
+	_, err := client.ListZones(context.Background())
+	assert.Error(t, err)
+}
+
+func TestListZonesContextManualPagination1(t *testing.T) {
+	_, err := client.ListZonesContext(context.Background(), WithPagination(PaginationOptions{Page: 2}))
+	assert.EqualError(t, err, errManualPagination)
+}
+
+func TestListZonesContextManualPagination2(t *testing.T) {
+	_, err := client.ListZonesContext(context.Background(), WithPagination(PaginationOptions{PerPage: 30}))
+	assert.EqualError(t, err, errManualPagination)
+}
+
+func TestUpdateZoneSSLSettings(t *testing.T) {
+	setup()
+	defer teardown()
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		// JSON data from: https://api.cloudflare.com/#zone-settings-properties
+		_, _ = fmt.Fprintf(w, `{
+			"result": {
+				"id": "ssl",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/foo/settings/ssl", handler)
+	s, err := client.UpdateZoneSSLSettings(context.Background(), "foo", "off")
+	if assert.NoError(t, err) {
+		assert.Equal(t, s.ID, "ssl")
+		assert.Equal(t, s.Value, "off")
+		assert.Equal(t, s.Editable, true)
+		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
+	}
+}
+
+func TestGetZoneSetting(t *testing.T) {
+	setup()
+	defer teardown()
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, _ = fmt.Fprintf(w, `{
+			"result": {
+				"id": "ssl",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/foo/settings/ssl", handler)
+	s, err := client.GetZoneSetting(context.Background(), ZoneIdentifier("foo"), GetZoneSettingParams{Name: "ssl"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, s.ID, "ssl")
+		assert.Equal(t, s.Value, "off")
+		assert.Equal(t, s.Editable, true)
+		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
+	}
+}
+
+func TestGetZoneSettingWithCustomPathPrefix(t *testing.T) {
+	setup()
+	defer teardown()
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, _ = fmt.Fprintf(w, `{
+			"result": {
+				"id": "ssl",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/foo/my_custom_path/ssl", handler)
+	s, err := client.GetZoneSetting(context.Background(), ZoneIdentifier("foo"), GetZoneSettingParams{Name: "ssl", PathPrefix: "my_custom_path"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, s.ID, "ssl")
+		assert.Equal(t, s.Value, "off")
+		assert.Equal(t, s.Editable, true)
+		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
+	}
+}
+
+func TestUpdateZoneSetting(t *testing.T) {
+	setup()
+	defer teardown()
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, _ = fmt.Fprintf(w, `{
+			"result": {
+				"id": "ssl",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/foo/settings/ssl", handler)
+	s, err := client.UpdateZoneSetting(context.Background(), ZoneIdentifier("foo"), UpdateZoneSettingParams{Name: "ssl", Value: "off"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, s.ID, "ssl")
+		assert.Equal(t, s.Value, "off")
+		assert.Equal(t, s.Editable, true)
+		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
+	}
+}
+
+func TestUpdateZoneSettingWithCustomPathPrefix(t *testing.T) {
+	setup()
+	defer teardown()
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		_, _ = fmt.Fprintf(w, `{
+			"result": {
+				"id": "ssl",
+				"value": "off",
+				"editable": true,
+				"modified_on": "2014-01-01T05:20:00.12345Z"
+			}
+		}`)
+	}
+	mux.HandleFunc("/zones/foo/my_custom_path/ssl", handler)
+	s, err := client.UpdateZoneSetting(context.Background(), ZoneIdentifier("foo"), UpdateZoneSettingParams{Name: "ssl", PathPrefix: "my_custom_path", Value: "off"})
+	if assert.NoError(t, err) {
+		assert.Equal(t, s.ID, "ssl")
+		assert.Equal(t, s.Value, "off")
+		assert.Equal(t, s.Editable, true)
+		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
+	}
+}
diff --git a/pkg/cloudflare-go/zones.go b/pkg/cloudflare-go/zones.go
new file mode 100644
index 0000000000..82ddd6c253
--- /dev/null
+++ b/pkg/cloudflare-go/zones.go
@@ -0,0 +1,144 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/goccy/go-json"
+)
+
+const defaultZonesPerPage = 100
+
+type ZonesService service
+
+type ZoneCreateParams struct {
+	Name      string   `json:"name"`
+	JumpStart bool     `json:"jump_start"`
+	Type      string   `json:"type"`
+	Account   *Account `json:"organization,omitempty"`
+}
+
+type ZoneListParams struct {
+	Match       string `url:"match,omitempty"`
+	Name        string `url:"name,omitempty"`
+	AccountName string `url:"account.name,omitempty"`
+	Status      string `url:"status,omitempty"`
+	AccountID   string `url:"account.id,omitempty"`
+	Direction   string `url:"direction,omitempty"`
+
+	ResultInfo // Rename `ResultInfo` in the next major version.
+}
+
+type ZoneUpdateParams struct {
+	ID                string
+	Paused            *bool    `json:"paused"`
+	VanityNameServers []string `json:"vanity_name_servers,omitempty"`
+	Plan              ZonePlan `json:"plan,omitempty"`
+	Type              string   `json:"type,omitempty"`
+}
+
+// New creates a new zone.
+//
+// API reference: https://api.cloudflare.com/#zone-zone-details
+func (s *ZonesService) New(ctx context.Context, zone *ZoneCreateParams) (Zone, error) {
+	res, err := s.client.post(ctx, "/zones", zone)
+	if err != nil {
+		return Zone{}, err
+	}
+
+	var r ZoneResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+	}
+
+	return r.Result, nil
+}
+
+// Get fetches a single zone.
+//
+// API reference: https://api.cloudflare.com/#zone-zone-details
+func (s *ZonesService) Get(ctx context.Context, rc *ResourceContainer) (Zone, error) {
+	uri := fmt.Sprintf("/zones/%s", rc.Identifier)
+	res, err := s.client.get(ctx, uri, nil)
+	if err != nil {
+		return Zone{}, fmt.Errorf("failed to fetch zones: %w", err)
+	}
+
+	var r ZoneResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+	}
+
+	return r.Result, nil
+}
+
+// List returns all zones that match the provided `ZoneParams` struct.
+//
+// Pagination is automatically handled unless `params.Page` is supplied.
+//
+// API reference: https://api.cloudflare.com/#zone-list-zones
+func (s *ZonesService) List(ctx context.Context, params *ZoneListParams) ([]Zone, *ResultInfo, error) {
+	res, _ := s.client.get(ctx, buildURI("/zones", params), nil)
+
+	var r ZonesResponse
+	err := json.Unmarshal(res, &r)
+	if err != nil {
+		return []Zone{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+	}
+
+	if params.Page < 1 && params.PerPage < 1 {
+		var zones []Zone
+		params.PerPage = defaultZonesPerPage
+		params.Page = 1
+		for !params.ResultInfo.Done() {
+			res, _ := s.client.get(ctx, buildURI("/zones", params), nil)
+
+			var zResponse ZonesResponse
+			err := json.Unmarshal(res, &zResponse)
+			if err != nil {
+				return []Zone{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+			}
+
+			zones = append(zones, zResponse.Result...)
+
+			params.ResultInfo = zResponse.ResultInfo.Next()
+		}
+		r.Result = zones
+	}
+
+	return r.Result, &r.ResultInfo, nil
+}
+
+// Update modifies an existing zone.
+//
+// API reference: https://api.cloudflare.com/#zone-edit-zone
+func (s *ZonesService) Update(ctx context.Context, params *ZoneUpdateParams) ([]Zone, error) {
+	uri := fmt.Sprintf("/zones/%s", params.ID)
+	res, _ := s.client.patch(ctx, uri, params)
+
+	var r ZonesResponse
+	err := json.Unmarshal(res, &r)
+	if err != nil {
+		return []Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+	}
+
+	return r.Result, nil
+}
+
+// Delete deletes a zone based on ID.
+//
+// API reference: https://api.cloudflare.com/#zone-delete-zone
+func (s *ZonesService) Delete(ctx context.Context, rc *ResourceContainer) error {
+	uri := fmt.Sprintf("/zones/%s", rc.Identifier)
+	res, _ := s.client.delete(ctx, uri, nil)
+
+	var r ZoneResponse
+	err := json.Unmarshal(res, &r)
+	if err != nil {
+		return fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
+	}
+
+	return nil
+}
diff --git a/pkg/cloudflare-go/zt_risk_behaviors.go b/pkg/cloudflare-go/zt_risk_behaviors.go
new file mode 100644
index 0000000000..370e3c3ed6
--- /dev/null
+++ b/pkg/cloudflare-go/zt_risk_behaviors.go
@@ -0,0 +1,126 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/goccy/go-json"
+)
+
+// Behavior represents a single zt risk behavior config.
+type Behavior struct {
+	Name        string    `json:"name,omitempty"`
+	Description string    `json:"description,omitempty"`
+	RiskLevel   RiskLevel `json:"risk_level"`
+	Enabled     *bool     `json:"enabled"`
+}
+
+// Wrapper used to have full-fidelity repro of json structure.
+type Behaviors struct {
+	Behaviors map[string]Behavior `json:"behaviors"`
+}
+
+// BehaviorResponse represents the response from the zt risk scoring endpoint
+// and contains risk behaviors for an account.
+type BehaviorResponse struct {
+	Success  bool      `json:"success"`
+	Result   Behaviors `json:"result"`
+	Errors   []string  `json:"errors"`
+	Messages []string  `json:"messages"`
+}
+
+// Behaviors returns all zero trust risk scoring behaviors for the provided account
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-get-behaviors
+func (api *API) Behaviors(ctx context.Context, accountID string) (Behaviors, error) {
+	uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
+	if err != nil {
+		return Behaviors{}, err
+	}
+
+	var r BehaviorResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+	return r.Result, nil
+}
+
+// UpdateBehaviors returns all zero trust risk scoring behaviors for the provided account
+// NOTE: description/name updates are no-ops, risk_level [low medium high] and enabled [true/false] results in modifications
+//
+// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-put-behaviors
+func (api *API) UpdateBehaviors(ctx context.Context, accountID string, behaviors Behaviors) (Behaviors, error) {
+	uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID)
+
+	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, behaviors)
+	if err != nil {
+		return Behaviors{}, err
+	}
+
+	var r BehaviorResponse
+	err = json.Unmarshal(res, &r)
+	if err != nil {
+		return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
+	}
+
+	return r.Result, nil
+}
+
+type RiskLevel int
+
+const (
+	_ RiskLevel = iota
+	Low
+	Medium
+	High
+)
+
+func (p RiskLevel) MarshalJSON() ([]byte, error) {
+	return json.Marshal(p.String())
+}
+
+func (p RiskLevel) String() string {
+	return [...]string{"low", "medium", "high"}[p-1]
+}
+
+func (p *RiskLevel) UnmarshalJSON(data []byte) error {
+	var (
+		s   string
+		err error
+	)
+	err = json.Unmarshal(data, &s)
+	if err != nil {
+		return err
+	}
+	v, err := RiskLevelFromString(s)
+	if err != nil {
+		return err
+	}
+	*p = *v
+	return nil
+}
+
+func RiskLevelFromString(s string) (*RiskLevel, error) {
+	s = strings.ToLower(s)
+	var v RiskLevel
+	switch s {
+	case "low":
+		v = Low
+	case "medium":
+		v = Medium
+	case "high":
+		v = High
+	default:
+		return nil, fmt.Errorf("unknown variant for risk level: %s", s)
+	}
+	return &v, nil
+}
+
+func (p RiskLevel) IntoRef() *RiskLevel {
+	return &p
+}
diff --git a/pkg/cloudflare-go/zt_risk_behaviors_test.go b/pkg/cloudflare-go/zt_risk_behaviors_test.go
new file mode 100644
index 0000000000..2ed6cfa26f
--- /dev/null
+++ b/pkg/cloudflare-go/zt_risk_behaviors_test.go
@@ -0,0 +1,159 @@
+package cloudflare
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	expectedBehaviors = Behaviors{
+		Behaviors: map[string]Behavior{
+			"high_dlp": {
+				Name:        "High Number of DLP Policies Triggered",
+				Description: "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
+				RiskLevel:   Low,
+				Enabled:     BoolPtr(true),
+			},
+			"imp_travel": {
+				Name:        "Impossible Travel",
+				Description: "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
+				RiskLevel:   High,
+				Enabled:     BoolPtr(false),
+			},
+		},
+	}
+
+	updateBehaviors = Behaviors{
+		Behaviors: map[string]Behavior{
+			"high_dlp": {
+				RiskLevel: Low,
+				Enabled:   BoolPtr(true),
+			},
+			"imp_travel": {
+				RiskLevel: High,
+				Enabled:   BoolPtr(false),
+			},
+		},
+	}
+)
+
+func TestBehaviors(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+				"result": {
+					"behaviors": {
+						"high_dlp": {
+							"name": "High Number of DLP Policies Triggered",
+							"description": "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
+							"risk_level": "low",
+							"enabled":true
+						},
+						"imp_travel": {
+							"name": "Impossible Travel",
+							"description": "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
+							"risk_level": "high",
+							"enabled": false
+						}
+					}
+				},
+				"success": true,
+				"errors": [],
+				"messages": []
+			}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/zt_risk_scoring/behaviors", handler)
+	want := expectedBehaviors
+
+	actual, err := client.Behaviors(context.Background(), "01a7362d577a6c3019a474fd6f485823")
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestUpdateBehaviors(t *testing.T) {
+	setup()
+	defer teardown()
+
+	handler := func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
+		b, err := io.ReadAll(r.Body)
+		defer r.Body.Close()
+
+		if assert.NoError(t, err) {
+			assert.JSONEq(t, `{
+					"behaviors": {
+						"high_dlp": {
+							"risk_level": "low",
+							"enabled":true
+						},
+						"imp_travel": {
+							"risk_level": "high",
+							"enabled": false
+						}
+					}
+				}`, string(b), "JSON payload not equal")
+		}
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w, `{
+				"result": {
+					"behaviors": {
+						"high_dlp": {
+							"name": "High Number of DLP Policies Triggered",
+							"description": "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
+							"risk_level": "low",
+							"enabled":true
+						},
+						"imp_travel": {
+							"name": "Impossible Travel",
+							"description": "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
+							"risk_level": "high",
+							"enabled": false
+						}
+					}
+				},
+				"success": true,
+				"errors": [],
+				"messages": []
+			}`)
+	}
+
+	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/zt_risk_scoring/behaviors", handler)
+
+	want := expectedBehaviors
+	actual, err := client.UpdateBehaviors(context.Background(), "01a7362d577a6c3019a474fd6f485823", updateBehaviors)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, want, actual)
+	}
+}
+
+func TestRiskLevelFromString(t *testing.T) {
+	got, _ := RiskLevelFromString("high")
+	want := High
+
+	if *got != want {
+		t.Errorf("got %#v, wanted %#v", *got, want)
+	}
+}
+
+func TestStringFromRiskLevel(t *testing.T) {
+	got := fmt.Sprint(High)
+	want := "high"
+
+	if got != want {
+		t.Errorf("got %#v, wanted %#v", got, want)
+	}
+}
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 40d6acc9d6..62745b40a5 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -77,10 +77,12 @@ func init() {
 type cloudflareProvider struct {
 	ipConversions   []transform.IPConversion
 	ignoredLabels   []string
-	manageRedirects bool
+	manageRedirects bool // Old "Page Rule"-style redirects.
 	manageWorkers   bool
 	accountID       string
 	cfClient        *cloudflare.API
+	//
+	manageSingleRedirects bool // New "Single Redirects"-style redirects.
 
 	sync.Mutex                      // Protects all access to the following fields:
 	domainIndex map[string]string   // Cache of zone name to zone ID.
@@ -167,7 +169,7 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 	// 	}
 	// }
 
-	if c.manageRedirects {
+	if c.manageRedirects { // if old
 		prs, err := c.getPageRules(domainID, domain)
 		if err != nil {
 			return nil, err
@@ -175,6 +177,19 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 		records = append(records, prs...)
 	}
 
+	if c.manageSingleRedirects { // if new xor old
+		// Download the list of Single Redirects.
+		// For each one, generate a CLOUDFLAREAPI_SINGLE_REDIRECT record
+		// Append these records to `records`
+		prs, err := c.getSingleRedirects(domainID, domain)
+		if err != nil {
+			return nil, err
+		}
+		//printer.Printf("DEBUG: Single Redirects")
+		//fmt.Fprintf(os.Stdout, "DEBUG: Single Redirects")
+		records = append(records, prs...)
+	}
+
 	if c.manageWorkers {
 		wrs, err := c.getWorkerRoutes(domainID, domain)
 		if err != nil {
@@ -265,8 +280,9 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		case diff2.DELETE:
 			deleteRec := inst.Old[0]
 			deleteRecType := deleteRec.Type
-			deleteRecOrig := deleteRec.Original
-			corrs = c.mkDeleteCorrection(deleteRecType, deleteRecOrig, domainID, msg)
+			//deleteRecOrig := deleteRec.Original
+			//corrs = c.mkDeleteCorrection(deleteRecType, deleteRecOrig, domainID, msg)
+			corrs = c.mkDeleteCorrection(deleteRecType, deleteRec, domainID, msg)
 			// DS records must always have a corresponding NS record.
 			// Therefore, we remove DS records before any NS records.
 			addToFront = (deleteRecType == "DS")
@@ -317,13 +333,20 @@ func (c *cloudflareProvider) mkCreateCorrection(newrec *models.RecordConfig, dom
 	case "PAGE_RULE":
 		return []*models.Correction{{
 			Msg: msg,
-			F:   func() error { return c.createPageRule(domainID, newrec.GetTargetField()) },
+			F:   func() error { return c.createPageRule(domainID, *newrec.CloudflareRedirect) },
 		}}
 	case "WORKER_ROUTE":
 		return []*models.Correction{{
 			Msg: msg,
 			F:   func() error { return c.createWorkerRoute(domainID, newrec.GetTargetField()) },
 		}}
+	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+		return []*models.Correction{{
+			Msg: msg,
+			F: func() error {
+				return c.createSingleRedirect(domainID, *newrec.CloudflareRedirect)
+			},
+		}}
 	default:
 		return c.createRecDiff2(newrec, domainID, msg)
 	}
@@ -337,6 +360,9 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 		idTxt = oldrec.Original.(cloudflare.PageRule).ID
 	case "WORKER_ROUTE":
 		idTxt = oldrec.Original.(cloudflare.WorkerRoute).ID
+	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+		//idTxt = oldrec.Original.(cloudflare.RulesetRule).ID
+		idTxt = oldrec.CloudflareRedirect.SRRRulesetID
 	default:
 		idTxt = oldrec.Original.(cloudflare.DNSRecord).ID
 	}
@@ -347,7 +373,14 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 		return []*models.Correction{{
 			Msg: msg,
 			F: func() error {
-				return c.updatePageRule(idTxt, domainID, newrec.GetTargetField())
+				return c.updatePageRule(idTxt, domainID, *newrec.CloudflareRedirect)
+			},
+		}}
+	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+		return []*models.Correction{{
+			Msg: msg,
+			F: func() error {
+				return c.updateSingleRedirect(domainID, oldrec, newrec)
 			},
 		}}
 	case "WORKER_ROUTE":
@@ -368,16 +401,18 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 	}
 }
 
-func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec any, domainID string, msg string) []*models.Correction {
+func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec *models.RecordConfig, domainID string, msg string) []*models.Correction {
 
 	var idTxt string
 	switch recType {
 	case "PAGE_RULE":
-		idTxt = origRec.(cloudflare.PageRule).ID
+		idTxt = origRec.Original.(cloudflare.PageRule).ID
 	case "WORKER_ROUTE":
-		idTxt = origRec.(cloudflare.WorkerRoute).ID
+		idTxt = origRec.Original.(cloudflare.WorkerRoute).ID
+	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+		idTxt = origRec.Original.(cloudflare.RulesetRule).ID
 	default:
-		idTxt = origRec.(cloudflare.DNSRecord).ID
+		idTxt = origRec.Original.(cloudflare.DNSRecord).ID
 	}
 	msg = msg + color.RedString(" id=%v", idTxt)
 
@@ -386,11 +421,18 @@ func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec any, dom
 		F: func() error {
 			switch recType {
 			case "PAGE_RULE":
-				return c.deletePageRule(origRec.(cloudflare.PageRule).ID, domainID)
+				return c.deletePageRule(origRec.Original.(cloudflare.PageRule).ID, domainID)
 			case "WORKER_ROUTE":
-				return c.deleteWorkerRoute(origRec.(cloudflare.WorkerRoute).ID, domainID)
+				return c.deleteWorkerRoute(origRec.Original.(cloudflare.WorkerRoute).ID, domainID)
+			case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+				//o := origRec.Original.(cloudflare.Ruleset)
+				//printer.Printf("DEBUG: DELETE %+v\n", o)
+				// printer.Printf("DEBUG: DELETE ID = %+v\n", o.ID)
+				// printer.Printf("DEBUG: DELETE ACTION %+v\n", o.ActionParameters)
+				// printer.Printf("DEBUG: DELETE FROMVALUE %+v\n", o.ActionParameters.FromValue)
+				return c.deleteSingleRedirects(domainID, *origRec.CloudflareRedirect)
 			default:
-				return c.deleteDNSRecord(origRec.(cloudflare.DNSRecord), domainID)
+				return c.deleteDNSRecord(origRec.Original.(cloudflare.DNSRecord), domainID)
 			}
 		},
 	}
@@ -517,21 +559,71 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 
 		// CF_REDIRECT record types. Encode target as $FROM,$TO,$PRIO,$CODE
 		if rec.Type == "CF_REDIRECT" || rec.Type == "CF_TEMP_REDIRECT" {
-			if !c.manageRedirects {
-				return fmt.Errorf("you must add 'manage_redirects: true' metadata to cloudflare provider to use CF_REDIRECT records")
-			}
-			parts := strings.Split(rec.GetTargetField(), ",")
-			if len(parts) != 2 {
-				return fmt.Errorf("invalid data specified for cloudflare redirect record")
+			if !c.manageRedirects && !c.manageSingleRedirects {
+				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_REDIRECT/CF_TEMP_REDIRECT records")
 			}
+			// parts := strings.Split(rec.GetTargetField(), ",")
+			// if len(parts) != 2 {
+			// 	return fmt.Errorf("invalid data specified for cloudflare redirect record")
+			// }
 			code := 301
 			if rec.Type == "CF_TEMP_REDIRECT" {
 				code = 302
 			}
-			rec.SetTarget(fmt.Sprintf("%s,%d,%d", rec.GetTargetField(), currentPrPrio, code))
-			currentPrPrio++
-			rec.TTL = 1
-			rec.Type = "PAGE_RULE"
+
+			if c.manageRedirects && !c.manageSingleRedirects {
+				// Old-Style only.  Convert this record to PAGE_RULE.
+				//printer.Printf("DEBUG: prepro() target=%q\n", rec.GetTargetField())
+				sr, err := newCfsrFromUserInput(rec.GetTargetField(), code, currentPrPrio)
+				if err != nil {
+					return err
+				}
+				fixPageRule(rec, sr)
+				currentPrPrio++
+			} else if !c.manageRedirects && c.manageSingleRedirects {
+				// New-Style only.  Convert this record to a CLOUDFLAREAPI_SINGLE_REDIRECT.
+				sr, err := newCfsrFromUserInput(rec.GetTargetField(), code, currentPrPrio)
+				if err != nil {
+					return err
+				}
+				err = fixSingleRedirect(rec, sr)
+				if err != nil {
+					return err
+				}
+			} else {
+				// Both!  Convert this record to PAGE_RULE and append an additional CLOUDFLAREAPI_SINGLE_REDIRECT.
+
+				target := rec.GetTargetField()
+
+				// make a copy:
+				newRec, err := rec.Copy()
+				if err != nil {
+					return err
+				}
+
+				// The copy becomes the CF SingleRedirect
+				sr, err := newCfsrFromUserInput(target, code, currentPrPrio)
+				if err != nil {
+					return err
+				}
+				err = fixSingleRedirect(newRec, sr)
+				if err != nil {
+					return err
+				}
+
+				// Append the copy to the end of the list.
+				dc.Records = append(dc.Records, newRec)
+
+				// The original becomes the PAGE_RULE:
+				sr, err = newCfsrFromUserInput(target, code, currentPrPrio)
+				if err != nil {
+					return err
+				}
+				fixPageRule(rec, sr)
+				currentPrPrio++
+
+			}
+
 		}
 
 		// CF_WORKER_ROUTE record types. Encode target as $PATTERN,$SCRIPT
@@ -570,6 +662,23 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 	return nil
 }
 
+func fixPageRule(rc *models.RecordConfig, sr *models.CloudflareSingleRedirectConfig) {
+	rc.Type = "PAGE_RULE"
+	rc.TTL = 1
+	rc.SetTarget(sr.PRDisplay)
+	rc.CloudflareRedirect = sr
+}
+
+func fixSingleRedirect(rc *models.RecordConfig, sr *models.CloudflareSingleRedirectConfig) error {
+	rc.Type = "CLOUDFLAREAPI_SINGLE_REDIRECT"
+	rc.TTL = 1
+	rc.SetTarget(sr.SRDisplay)
+	rc.CloudflareRedirect = sr
+
+	err := addNewStyleFields(sr)
+	return err
+}
+
 func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	api := &cloudflareProvider{}
 	// check api keys from creds json file
@@ -610,13 +719,16 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 		parsedMeta := &struct {
 			IPConversions   string   `json:"ip_conversions"`
 			IgnoredLabels   []string `json:"ignored_labels"`
-			ManageRedirects bool     `json:"manage_redirects"`
+			ManageRedirects bool     `json:"manage_redirects"` // Old-style PAGE_RULE-based redirects
 			ManageWorkers   bool     `json:"manage_workers"`
+			//
+			ManageSingleRedirects bool `json:"manage_single_redirects"` // New-style Dynamic "Single Redirects"
 		}{}
 		err := json.Unmarshal([]byte(metadata), parsedMeta)
 		if err != nil {
 			return nil, err
 		}
+		api.manageSingleRedirects = parsedMeta.ManageSingleRedirects
 		api.manageRedirects = parsedMeta.ManageRedirects
 		api.manageWorkers = parsedMeta.ManageWorkers
 		// ignored_labels:
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index e0f9d6aaab..5d650f4508 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -3,7 +3,6 @@ package cloudflare
 import (
 	"context"
 	"fmt"
-	"strconv"
 	"strings"
 
 	"golang.org/x/net/idna"
@@ -276,6 +275,143 @@ func (c *cloudflareProvider) getUniversalSSL(domainID string) (bool, error) {
 	return result.Enabled, err
 }
 
+func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*models.RecordConfig, error) {
+	rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(id), "http_request_dynamic_redirect")
+	if err != nil {
+		return nil, fmt.Errorf("failed fetching redirect rule list cloudflare: %s", err)
+	}
+	//var rulelist []cloudflare.RulesetRule
+	//rulelist = rules.Rules
+	//rulelist := rules.Rules
+
+	//printer.Printf("DEBUG: rules %+v\n", rules)
+	recs := []*models.RecordConfig{}
+	for _, pr := range rules.Rules {
+		//printer.Printf("DEBUG: %+v\n", pr)
+
+		var thisPr = pr
+		r := &models.RecordConfig{
+			Type:     "CLOUDFLAREAPI_SINGLE_REDIRECT",
+			Original: thisPr,
+			TTL:      1,
+		}
+		r.SetLabel("@", domain)
+
+		// Extract the valuables from the rule, use it to make the sr:
+		srMatcher := pr.Expression
+		srReplacement := pr.ActionParameters.FromValue.TargetURL.Expression
+		code := int(pr.ActionParameters.FromValue.StatusCode)
+		sr := newCfsrFromAPIData(srMatcher, srReplacement, code)
+		//sr.SRRRuleList = rulelist
+		//printer.Printf("DEBUG: DESCRIPTION = %v\n", pr.Description)
+		sr.SRDisplay = pr.Description
+		// printer.Printf("DEBUG: PR = %+v\n", pr)
+		// printer.Printf("DEBUG: rules = %+v\n", rules)
+		sr.SRRRulesetID = rules.ID
+		sr.SRRRulesetRuleID = pr.ID //correct
+
+		r.CloudflareRedirect = sr
+		r.SetTarget(pr.Description)
+
+		recs = append(recs, r)
+	}
+
+	return recs, nil
+}
+
+func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.CloudflareSingleRedirectConfig) error {
+
+	//printer.Printf("DEBUG: createSingleRedir: d=%v crf=%+v\n", domainID, cfr)
+	// Asumption for target:
+
+	newSingleRedirectRulesActionParameters := cloudflare.RulesetRuleActionParameters{}
+	newSingleRedirectRule := cloudflare.RulesetRule{}
+	newSingleRedirectRules := []cloudflare.RulesetRule{}
+	newSingleRedirectRules = append(newSingleRedirectRules, newSingleRedirectRule)
+	newSingleRedirect := cloudflare.UpdateEntrypointRulesetParams{}
+
+	// Preserve query string
+	preserveQueryString := true
+	newSingleRedirectRulesActionParameters.FromValue = &cloudflare.RulesetRuleActionParametersFromValue{}
+	// Redirect status code
+	newSingleRedirectRulesActionParameters.FromValue.StatusCode = uint16(cfr.Code)
+	// Incoming request expression
+	newSingleRedirectRules[0].Expression = cfr.SRMatcher
+	// Redirect expression
+	newSingleRedirectRulesActionParameters.FromValue.TargetURL.Expression = cfr.SRReplacement
+	// Redirect name
+	newSingleRedirectRules[0].Description = cfr.SRDisplay
+	// Rule action, should always be redirect in this case
+	newSingleRedirectRules[0].Action = "redirect"
+	// Phase should always be http_request_dynamic_redirect
+	newSingleRedirect.Phase = "http_request_dynamic_redirect"
+
+	// Assigns the values in the nested structs
+	newSingleRedirectRulesActionParameters.FromValue.PreserveQueryString = &preserveQueryString
+	newSingleRedirectRules[0].ActionParameters = &newSingleRedirectRulesActionParameters
+
+	// Get a list of current redirects so that the new redirect get appended to it
+	rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), "http_request_dynamic_redirect")
+	if err != nil {
+		return fmt.Errorf("failed fetching redirect rule list cloudflare: %s", err)
+	}
+	newSingleRedirect.Rules = newSingleRedirectRules
+	newSingleRedirect.Rules = append(newSingleRedirect.Rules, rules.Rules...)
+
+	_, err = c.cfClient.UpdateEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), newSingleRedirect)
+
+	return err
+}
+
+func (c *cloudflareProvider) deleteSingleRedirects(domainID string, cfr models.CloudflareSingleRedirectConfig) error {
+
+	// This block should delete rules using the as is Cloudflare Golang lib in theory, need to debug why it isn't
+	// updatedRuleset := cloudflare.UpdateEntrypointRulesetParams{}
+	// updatedRulesetRules := []cloudflare.RulesetRule{}
+
+	// rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), "http_request_dynamic_redirect")
+	// if err != nil {
+	// 	return fmt.Errorf("failed fetching redirect rule list cloudflare: %s", err)
+	// }
+
+	// for _, rule := range rules.Rules {
+	// 	if rule.ID != cfr.SRRRulesetRuleID {
+	// 		updatedRulesetRules = append(updatedRulesetRules, rule)
+	// 	} else {
+	// 		printer.Printf("DEBUG: MATCH %v : %v\n", rule.ID, cfr.SRRRulesetRuleID)
+	// 	}
+	// }
+	// updatedRuleset.Rules = updatedRulesetRules
+	// _, err = c.cfClient.UpdateEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), updatedRuleset)
+
+	// Old Code
+
+	// rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), "http_request_dynamic_redirect")
+	// if err != nil {
+	// 	return err
+	// }
+	//printer.Printf("DEBUG: CALLING API DeleteRulesetRule: SRRRulesetID=%v, cfr.SRRRulesetRuleID=%v\n", cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
+
+	err := c.cfClient.DeleteRulesetRule(context.Background(), cloudflare.ZoneIdentifier(domainID), cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
+	// TODO(tlim): This is terrible.  It returns an error even when it is successful.
+	if strings.Contains(err.Error(), `"success": true,`) {
+		return nil
+	}
+
+	return err
+}
+
+func (c *cloudflareProvider) updateSingleRedirect(domainID string, oldrec, newrec *models.RecordConfig) error {
+	// rulesetID := cfr.SRRRulesetID
+	// rulesetRuleID := cfr.SRRRulesetRuleID
+	//printer.Printf("DEBUG: UPDATE-DEL domID=%v sr=%+v\n", domainID, cfr)
+	if err := c.deleteSingleRedirects(domainID, *oldrec.CloudflareRedirect); err != nil {
+		return err
+	}
+	//printer.Printf("DEBUG: UPDATE-CREATE domID=%v sr=%+v\n", domainID, newrec.CloudflareRedirect)
+	return c.createSingleRedirect(domainID, *newrec.CloudflareRedirect)
+}
+
 func (c *cloudflareProvider) getPageRules(id string, domain string) ([]*models.RecordConfig, error) {
 	rules, err := c.cfClient.ListPageRules(context.Background(), id)
 	if err != nil {
@@ -298,11 +434,20 @@ func (c *cloudflareProvider) getPageRules(id string, domain string) ([]*models.R
 			TTL:      1,
 		}
 		r.SetLabel("@", domain)
-		r.SetTarget(fmt.Sprintf("%s,%s,%d,%d", // $FROM,$TO,$PRIO,$CODE
+		code := intZero(value["status_code"])
+		raw := fmt.Sprintf("%s,%s,%d,%d", // $FROM,$TO,$PRIO,$CODE
 			pr.Targets[0].Constraint.Value,
 			value["url"],
 			pr.Priority,
-			intZero(value["status_code"])))
+			code)
+		r.SetTarget(raw)
+
+		cr, err := newCfsrFromUserInput(raw, code, pr.Priority)
+		if err != nil {
+			return nil, err
+		}
+		r.CloudflareRedirect = cr
+
 		recs = append(recs, r)
 	}
 	return recs, nil
@@ -312,33 +457,43 @@ func (c *cloudflareProvider) deletePageRule(recordID, domainID string) error {
 	return c.cfClient.DeletePageRule(context.Background(), domainID, recordID)
 }
 
-func (c *cloudflareProvider) updatePageRule(recordID, domainID string, target string) error {
+func (c *cloudflareProvider) updatePageRule(recordID, domainID string, cfr models.CloudflareSingleRedirectConfig) error {
 	// maybe someday?
 	//c.apiProvider.UpdatePageRule(context.Background(), domainId, recordID, )
 	if err := c.deletePageRule(recordID, domainID); err != nil {
 		return err
 	}
-	return c.createPageRule(domainID, target)
+	return c.createPageRule(domainID, cfr)
 }
 
-func (c *cloudflareProvider) createPageRule(domainID string, target string) error {
+func (c *cloudflareProvider) createPageRule(domainID string, cfr models.CloudflareSingleRedirectConfig) error {
+	//printer.Printf("DEBUG: called createPageRule(%s, %+v)\n", domainID, cfr)
 	// from to priority code
-	parts := strings.Split(target, ",")
-	priority, _ := strconv.Atoi(parts[2])
-	code, _ := strconv.Atoi(parts[3])
+	// parts := strings.Split(target, ",")
+	// priority, _ := strconv.Atoi(parts[2])
+	// code, _ := strconv.Atoi(parts[3])
+	// printer.Printf("DEBUG: pr.PageRule target = %v\n", target)
+	// printer.Printf("DEBUG: pr.PageRule target = %v\n", parts[0])
+	// printer.Printf("DEBUG: pr.PageRule url    = %v\n", parts[1])
+	// printer.Printf("DEBUG: pr.PageRule code   = %v\n", code)
+	priority := cfr.PRPriority
+	code := cfr.Code
+	matcher := cfr.PRMatcher
+	replacement := cfr.PRReplacement
 	pr := cloudflare.PageRule{
 		Status:   "active",
 		Priority: priority,
 		Targets: []cloudflare.PageRuleTarget{
-			{Target: "url", Constraint: pageRuleConstraint{Operator: "matches", Value: parts[0]}},
+			{Target: "url", Constraint: pageRuleConstraint{Operator: "matches", Value: matcher}},
 		},
 		Actions: []cloudflare.PageRuleAction{
 			{ID: "forwarding_url", Value: &pageRuleFwdInfo{
 				StatusCode: code,
-				URL:        parts[1],
+				URL:        replacement,
 			}},
 		},
 	}
+	//printer.Printf("DEBUG: createPageRule pr=%+v\n", pr)
 	_, err := c.cfClient.CreatePageRule(context.Background(), domainID, pr)
 	return err
 }
diff --git a/providers/cloudflare/singleredirect.go b/providers/cloudflare/singleredirect.go
new file mode 100644
index 0000000000..033ac1a9d1
--- /dev/null
+++ b/providers/cloudflare/singleredirect.go
@@ -0,0 +1,199 @@
+package cloudflare
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+)
+
+func newCfsrFromUserInput(target string, code int, priority int) (*models.CloudflareSingleRedirectConfig, error) {
+	// target: matcher,replacement,priority,code
+	// target: cable.slackoverflow.com/*,https://change.cnn.com/$1,1,302
+
+	r := &models.CloudflareSingleRedirectConfig{}
+
+	// Break apart the 4-part string and store into the individual fields:
+	parts := strings.Split(target, ",")
+	//printer.Printf("DEBUG: cfsrFromOldStyle: parts=%v\n", parts)
+	r.PRDisplay = fmt.Sprintf("%s,%d,%03d", target, priority, code)
+	r.PRMatcher = parts[0]
+	r.PRReplacement = parts[1]
+	r.PRPriority = priority
+	r.Code = code
+
+	// Convert old-style to new-style:
+	if err := addNewStyleFields(r); err != nil {
+		return nil, err
+	}
+	return r, nil
+}
+
+func newCfsrFromAPIData(sm, sr string, code int) *models.CloudflareSingleRedirectConfig {
+	r := &models.CloudflareSingleRedirectConfig{
+		PRMatcher:     "UNKNOWABLE",
+		PRReplacement: "UNKNOWABLE",
+		//PRPriority:    0,
+		Code:          code,
+		SRMatcher:     sm,
+		SRReplacement: sr,
+	}
+	return r
+}
+
+// addNewStyleFields takes a PAGE_RULE-style target and populates the CFSRC.
+func addNewStyleFields(sr *models.CloudflareSingleRedirectConfig) error {
+
+	// Extract the fields we're reading from:
+	prMatcher := sr.PRMatcher
+	prReplacement := sr.PRReplacement
+	code := sr.Code
+
+	// Convert old-style patterns to new-style rules:
+	srMatcher, srReplacement, err := makeRuleFromPattern(prMatcher, prReplacement, code != 301)
+	if err != nil {
+		return err
+	}
+	display := fmt.Sprintf(`%s,%s,%d,%03d matcher=%q replacement=%q`,
+		prMatcher, prReplacement,
+		sr.PRPriority, code,
+		srMatcher, srReplacement,
+	)
+
+	// Store the results in the fields we're writing to:
+	sr.SRMatcher = srMatcher
+	sr.SRReplacement = srReplacement
+	sr.SRDisplay = display
+
+	return nil
+}
+
+// makeRuleFromPattern compile old-style patterns and replacements into new-style rules and expressions.
+func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, string, error) {
+
+	_ = temporary // Prevents error due to this variable not (yet) being used
+
+	var matcher, expr string
+	var err error
+
+	var host, path string
+	origPattern := pattern
+	pattern, host, path, err = normalizeURL(pattern)
+	_ = pattern
+	if err != nil {
+		return "", "", err
+	}
+	var rhost, rpath string
+	origReplacement := replacement
+	replacement, rhost, rpath, err = normalizeURL(replacement)
+	_ = rpath
+	if err != nil {
+		return "", "", err
+	}
+
+	// TODO(tlim): This could be a lot faster by not repeating itself so much.
+	// However I want to get it working before it is optimized.
+
+	// pattern -> matcher
+
+	if !strings.Contains(host, `*`) && (path == `/` || path == "") {
+		// https://i.sstatic.net/  (No Wildcards)
+		matcher = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, host, "/")
+
+	} else if !strings.Contains(host, `*`) && (path == `/*`) {
+		// https://i.stack.imgur.com/*
+		matcher = fmt.Sprintf(`http.host eq "%s"`, host)
+
+	} else if !strings.Contains(host, `*`) && !strings.Contains(path, "*") {
+		// https://insights.stackoverflow.com/trends
+		matcher = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, host, path)
+
+	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && !strings.Contains(path, "*") {
+		// *stackoverflow.careers/  (wildcard at beginning only)
+		matcher = fmt.Sprintf(`( http.host eq "%s" or ends_with(http.host, ".%s") ) and http.request.uri.path eq "%s"`, host[1:], host[1:], path)
+
+	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && path == "/*" {
+		// *stackoverflow.careers/*  (wildcard at beginning and end)
+		matcher = fmt.Sprintf(`http.host eq "%s" or ends_with(http.host, ".%s")`, host[1:], host[1:])
+
+	} else if strings.Contains(host, `*`) && path == "/*" {
+		// meta.*yodeya.com/* (wildcard in host)
+		h := simpleGlobToRegex(host)
+		matcher = fmt.Sprintf(`http.host matches r###"%s"###`, h)
+	}
+
+	// replacement
+
+	if !strings.Contains(replacement, `$`) {
+		//  https://stackexchange.com/ (no substitutions)
+		expr = fmt.Sprintf(`"%s"`, replacement)
+
+	} else if strings.Count(replacement, `$`) == 1 && rpath == `/$1` {
+		// https://i.sstatic.net/$1 ($1 at end)
+		expr = fmt.Sprintf(`concat("https://%s/", http.request.uri.path)`, rhost)
+
+	} else if strings.Count(host, `*`) == 1 && strings.Count(path, `*`) == 1 &&
+		strings.Count(replacement, `$`) == 1 && rpath == `/$2` {
+		// https://careers.stackoverflow.com/$2
+		expr = fmt.Sprintf(`concat("https://%s/", http.request.uri.path)`, rhost)
+
+	}
+
+	// Not implemented
+
+	if matcher == "" {
+		return "", "", fmt.Errorf("conversion not implemented for pattern: %s", origPattern)
+	}
+	if expr == "" {
+		return "", "", fmt.Errorf("conversion not implemented for replacemennt: %s", origReplacement)
+	}
+
+	return matcher, expr, nil
+}
+
+// normalizeURL turns foo.com into https://foo.com and replaces HTTP with HTTPS.
+// It also returns an error if there is a port specified (like :8080)
+func normalizeURL(s string) (string, string, string, error) {
+	orig := s
+	if strings.HasPrefix(s, `http://`) {
+		s = "https://" + s[7:]
+	} else if !strings.HasPrefix(s, `https://`) {
+		s = `https://` + s
+	}
+
+	// Make sure it parses.
+	u, err := url.Parse(s)
+	if err != nil {
+		return "", "", "", err
+	}
+
+	// Make sure it doesn't have a port (https://example.com:8080)
+	_, port, _ := net.SplitHostPort(u.Host)
+	if port != "" {
+		return "", "", "", fmt.Errorf("unimplemented port: %q", orig)
+	}
+
+	return s, u.Host, u.Path, nil
+}
+
+// simpleGlobToRegex translates very simple Glob patterns into regexp-compatible expressions.
+// It only handles `.` and `*` currently.  See singleredirect_test.go for supported patterns.
+func simpleGlobToRegex(g string) string {
+
+	if g == "" {
+		return `.*`
+	}
+
+	if !strings.HasSuffix(g, "*") {
+		g = g + `$`
+	}
+	if !strings.HasPrefix(g, "*") {
+		g = `^` + g
+	}
+
+	g = strings.ReplaceAll(g, `.`, `\.`)
+	g = strings.ReplaceAll(g, `*`, `.*`)
+	return g
+}
diff --git a/providers/cloudflare/singleredirect_test.go b/providers/cloudflare/singleredirect_test.go
new file mode 100644
index 0000000000..6c1ac23554
--- /dev/null
+++ b/providers/cloudflare/singleredirect_test.go
@@ -0,0 +1,321 @@
+package cloudflare
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/gobwas/glob"
+)
+
+func Test_makeSingleDirectRule(t *testing.T) {
+	tests := []struct {
+		name string
+		//
+		pattern string
+		replace string
+		//
+		wantMatch string
+		wantExpr  string
+		wantErr   bool
+	}{
+		{
+			name:      "000",
+			pattern:   "example.com/",
+			replace:   "foo.com",
+			wantMatch: `http.host eq "example.com" and http.request.uri.path eq "/"`,
+			wantExpr:  `"https://foo.com"`,
+			wantErr:   false,
+		},
+
+		/*
+			All the test-cases I could find in dnsconfig.js
+
+			Generated with this:
+
+			dnscontrol print-ir --pretty |grep '"target' |grep , | sed -e 's@"target":@@g' > /tmp/list
+			vim /tmp/list    # removed the obvious duplicates
+			awk < /tmp/list -v q='"' -F, '{ print "{" ; print "name: " q NR  q ","  ; print "pattern: " $1 q "," ; print "replace: " q $2 "," ; print "wantMatch: `FIXME`," ; print "wantExpr:  `FIXME`," ; print "wantErr:   false," ; print "},"  }' | pbcopy
+
+		*/
+
+		{
+			name:      "1",
+			pattern:   "https://i-dev.sstatic.net/",
+			replace:   "https://stackexchange.com/",
+			wantMatch: `http.host eq "i-dev.sstatic.net" and http.request.uri.path eq "/"`,
+			wantExpr:  `"https://stackexchange.com/"`,
+			wantErr:   false,
+		},
+		{
+			name:      "2",
+			pattern:   "https://i.stack.imgur.com/*",
+			replace:   "https://i.sstatic.net/$1",
+			wantMatch: `http.host eq "i.stack.imgur.com"`,
+			wantExpr:  `concat("https://i.sstatic.net/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "3",
+			pattern:   "https://img.stack.imgur.com/*",
+			replace:   "https://i.sstatic.net/$1",
+			wantMatch: `http.host eq "img.stack.imgur.com"`,
+			wantExpr:  `concat("https://i.sstatic.net/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "4",
+			pattern:   "https://insights.stackoverflow.com/",
+			replace:   "https://survey.stackoverflow.co",
+			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/"`,
+			wantExpr:  `"https://survey.stackoverflow.co"`,
+			wantErr:   false,
+		},
+		{
+			name:      "5",
+			pattern:   "https://insights.stackoverflow.com/trends",
+			replace:   "https://trends.stackoverflow.co",
+			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/trends"`,
+			wantExpr:  `"https://trends.stackoverflow.co"`,
+			wantErr:   false,
+		},
+		{
+			name:      "6",
+			pattern:   "https://insights.stackoverflow.com/trends/",
+			replace:   "https://trends.stackoverflow.co",
+			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/trends/"`,
+			wantExpr:  `"https://trends.stackoverflow.co"`,
+			wantErr:   false,
+		},
+		{
+			name:      "7",
+			pattern:   "https://insights.stackoverflow.com/survey/2021",
+			replace:   "https://survey.stackoverflow.co/2021",
+			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/survey/2021"`,
+			wantExpr:  `"https://survey.stackoverflow.co/2021"`,
+			wantErr:   false,
+		},
+		// {
+		// 	name:      "27",
+		// 	pattern:   "*www.stackoverflow.help/*",
+		// 	replace:   "https://stackoverflow.help/$1",
+		/// FIXME(tlim): Should "$1" should be a "$2"?   See dnsconfig.js:4344
+		// 	wantMatch: `FIXME`,
+		// 	wantExpr:  `FIXME`,
+		// 	wantErr:   false,
+		// },
+		{
+			name:      "28",
+			pattern:   "*stackoverflow.help/support/solutions/articles/36000241656-write-an-article",
+			replace:   "https://stackoverflow.help/en/articles/4397209-write-an-article",
+			wantMatch: `( http.host eq "stackoverflow.help" or ends_with(http.host, ".stackoverflow.help") ) and http.request.uri.path eq "/support/solutions/articles/36000241656-write-an-article"`,
+			wantExpr:  `"https://stackoverflow.help/en/articles/4397209-write-an-article"`,
+			wantErr:   false,
+		},
+		{
+			name:      "29",
+			pattern:   "*stackoverflow.careers/*",
+			replace:   "https://careers.stackoverflow.com/$2",
+			wantMatch: `http.host eq "stackoverflow.careers" or ends_with(http.host, ".stackoverflow.careers")`,
+			wantExpr:  `concat("https://careers.stackoverflow.com/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "31",
+			pattern:   "stackenterprise.com/*",
+			replace:   "https://stackoverflow.co/teams/",
+			wantMatch: `http.host eq "stackenterprise.com"`,
+			wantExpr:  `"https://stackoverflow.co/teams/"`,
+			wantErr:   false,
+		},
+		{
+			name:      "33",
+			pattern:   "meta.*yodeya.com/*",
+			replace:   "https://judaism.meta.stackexchange.com/$2",
+			wantMatch: `http.host matches r###"^meta\..*yodeya\.com$"###`,
+			wantExpr:  `concat("https://judaism.meta.stackexchange.com/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "34",
+			pattern:   "chat.*yodeya.com/*",
+			replace:   "https://chat.stackexchange.com/?tab=site\u0026host=judaism.stackexchange.com",
+			wantMatch: `http.host matches r###"^chat\..*yodeya\.com$"###`,
+			wantExpr:  `"https://chat.stackexchange.com/?tab=site&host=judaism.stackexchange.com"`,
+			wantErr:   false,
+		},
+		{
+			name:      "35",
+			pattern:   "*yodeya.com/*",
+			replace:   "https://judaism.stackexchange.com/$2",
+			wantMatch: `http.host eq "yodeya.com" or ends_with(http.host, ".yodeya.com")`,
+			wantExpr:  `concat("https://judaism.stackexchange.com/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "36",
+			pattern:   "meta.*seasonedadvice.com/*",
+			replace:   "https://cooking.meta.stackexchange.com/$2",
+			wantMatch: `http.host matches r###"^meta\..*seasonedadvice\.com$"###`,
+			wantExpr:  `concat("https://cooking.meta.stackexchange.com/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "70",
+			pattern:   "collectivesonstackoverflow.co/*",
+			replace:   "https://stackoverflow.com/collectives-on-stack-overflow",
+			wantMatch: `http.host eq "collectivesonstackoverflow.co"`,
+			wantExpr:  `"https://stackoverflow.com/collectives-on-stack-overflow"`,
+			wantErr:   false,
+		},
+		{
+			name:      "71",
+			pattern:   "*collectivesonstackoverflow.co/*",
+			replace:   "https://stackoverflow.com/collectives-on-stack-overflow",
+			wantMatch: `http.host eq "collectivesonstackoverflow.co" or ends_with(http.host, ".collectivesonstackoverflow.co")`,
+			wantExpr:  `"https://stackoverflow.com/collectives-on-stack-overflow"`,
+			wantErr:   false,
+		},
+		{
+			name:      "76",
+			pattern:   "*stackexchange.ca/*",
+			replace:   "https://stackexchange.com/$2",
+			wantMatch: `http.host eq "stackexchange.ca" or ends_with(http.host, ".stackexchange.ca")`,
+			wantExpr:  `concat("https://stackexchange.com/", http.request.uri.path)`,
+			wantErr:   false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotMatch, gotExpr, err := makeRuleFromPattern(tt.pattern, tt.replace, true)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("makeSingleDirectRule() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if gotMatch != tt.wantMatch {
+				t.Errorf("makeSingleDirectRule() MATCH = %v\n                                                  want %v", gotMatch, tt.wantMatch)
+			}
+			if gotExpr != tt.wantExpr {
+				t.Errorf("makeSingleDirectRule()  EXPR = %v\n                                                  want %v", gotExpr, tt.wantExpr)
+			}
+			//_ = gotType
+		})
+	}
+}
+
+func Test_normalizeURL(t *testing.T) {
+	tests := []struct {
+		name    string
+		s       string
+		want    string
+		want1   string
+		want2   string
+		wantErr bool
+	}{
+		{
+			s:     "foo.com",
+			want:  "https://foo.com",
+			want1: "foo.com",
+			want2: "",
+		},
+		{
+			s:     "http://foo.com",
+			want:  "https://foo.com",
+			want1: "foo.com",
+			want2: "",
+		},
+		{
+			s:     "https://foo.com",
+			want:  "https://foo.com",
+			want1: "foo.com",
+			want2: "",
+		},
+
+		{
+			s:     "foo.com/bar",
+			want:  "https://foo.com/bar",
+			want1: "foo.com",
+			want2: "/bar",
+		},
+		{
+			s:     "http://foo.com/bar",
+			want:  "https://foo.com/bar",
+			want1: "foo.com",
+			want2: "/bar",
+		},
+		{
+			s:     "https://foo.com/bar",
+			want:  "https://foo.com/bar",
+			want1: "foo.com",
+			want2: "/bar",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, got1, got2, err := normalizeURL(tt.s)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("normalizeURL() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("normalizeURL() got = %v, want %v", got, tt.want)
+			}
+			if got1 != tt.want1 {
+				t.Errorf("normalizeURL() got1 = %v, want1 %v", got1, tt.want1)
+			}
+			if got2 != tt.want2 {
+				t.Errorf("normalizeURL() got2 = %v, want2 %v", got2, tt.want2)
+			}
+		})
+	}
+}
+
+func Test_simpleGlobToRegex(t *testing.T) {
+	tests := []struct {
+		name    string
+		pattern string
+		want    string
+	}{
+		{"1", `foo`, `^foo$`},
+		{"2", `fo.o`, `^fo\.o$`},
+		{"3", `*foo`, `.*foo$`},
+		{"4", `foo*`, `^foo.*`},
+		{"5", `f.oo*`, `^f\.oo.*`},
+		{"6", `f*oo*`, `^f.*oo.*`},
+	}
+
+	data := []string{
+		"bar",
+		"foo",
+		"foofoo",
+		"ONEfooTWO",
+		"fo",
+		"frankfodog",
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := simpleGlobToRegex(tt.pattern)
+			if got != tt.want {
+				t.Errorf("simpleGlobToRegex() = %v, want %v", got, tt.want)
+			}
+
+			// Make sure the regex compiles and gets the same result when matching against strings in data.
+			for i, d := range data {
+
+				rm, err := regexp.MatchString(got, d)
+				if err != nil {
+					t.Errorf("simpleGlobToRegex() = %003d  can not compile: %v", i, err)
+				}
+
+				g := glob.MustCompile(tt.pattern)
+				gm := g.Match(d) // true
+
+				if gm != rm {
+					t.Errorf("simpleGlobToRegex() = %003d  glob: %v '%v'  regexp: %v '%v'", i, gm, tt.pattern, rm, got)
+				}
+
+			}
+		})
+
+	}
+}
diff --git a/providers/huaweicloud/convert.go b/providers/huaweicloud/convert.go
index 286338fead..11f2926ea5 100644
--- a/providers/huaweicloud/convert.go
+++ b/providers/huaweicloud/convert.go
@@ -96,12 +96,12 @@ func recordsToNative(rcs models.Records, expectedKey models.RecordKey) (*model.S
 	name := expectedKey.NameFQDN + "."
 	key := rcs[0].Metadata[metaKey]
 	result := &model.ShowRecordSetByZoneResp{
-		Name:    &name,
-		Type:    &expectedKey.Type,
-		Ttl:     &resultTTL,
-		Records: &resultVal,
-		Line:    &line,
-		Weight:  weight,
+		Name:        &name,
+		Type:        &expectedKey.Type,
+		Ttl:         &resultTTL,
+		Records:     &resultVal,
+		Line:        &line,
+		Weight:      weight,
 		Description: &key,
 	}
 

From 3b0e12412e40ff116422594ea5b6bde04c6b9ddc Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 18 Jun 2024 17:59:13 -0400
Subject: [PATCH 291/438] CHORE: update deps (#3015)

---
 go.mod |  54 +++++++++++++++---------------
 go.sum | 104 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 79 insertions(+), 79 deletions(-)

diff --git a/go.mod b/go.mod
index 05cf19d057..2bd1eee0d8 100644
--- a/go.mod
+++ b/go.mod
@@ -4,9 +4,9 @@ go 1.22.1
 
 retract v4.8.0
 
-replace github.com/cloudflare/cloudflare-go => ./pkg/cloudflare-go
+require google.golang.org/protobuf v1.34.2 // indirect
 
-require google.golang.org/protobuf v1.34.1 // indirect
+replace github.com/cloudflare/cloudflare-go => ./pkg/cloudflare-go
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
@@ -18,16 +18,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.27.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.17
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.17
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9
+	github.com/aws/aws-sdk-go-v2 v1.29.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.20
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4
 	github.com/cloudflare/cloudflare-go v0.97.0
-	github.com/digitalocean/godo v1.116.0
+	github.com/digitalocean/godo v1.118.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -37,7 +37,7 @@ require (
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.59
+	github.com/miekg/dns v1.1.61
 	github.com/mittwald/go-powerdns v0.6.2
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
@@ -56,12 +56,12 @@ require (
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
-	google.golang.org/api v0.182.0
-	gopkg.in/ns1/ns1-go.v2 v2.10.0
+	google.golang.org/api v0.185.0
+	gopkg.in/ns1/ns1-go.v2 v2.11.0
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
@@ -72,28 +72,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
 	golang.org/x/text v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.4.2 // indirect
+	cloud.google.com/go/auth v0.5.1 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.20.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.28.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 // indirect
 	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -155,13 +155,13 @@ require (
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.18.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
+	golang.org/x/tools v0.22.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
 	google.golang.org/grpc v1.64.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 6bf3bae665..63c4fe6071 100644
--- a/go.sum
+++ b/go.sum
@@ -1,16 +1,16 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg=
-cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc=
+cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw=
+cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
@@ -41,34 +41,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.27.1 h1:xypCL2owhog46iFxBKKpBcw+bPTX/RJzwNj8uSilENw=
-github.com/aws/aws-sdk-go-v2 v1.27.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.17 h1:L0JZN7Gh7pT6u5CJReKsLhGKparqNKui+mcpxMXjDZc=
-github.com/aws/aws-sdk-go-v2/config v1.27.17/go.mod h1:MzM3balLZeaafYcPz8IihAmam/aCz6niPQI0FdprxW0=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.17 h1:b3Dk9uxQByS9sc6r0sc2jmxsJKO75eOcb9nNEiaUBLM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.17/go.mod h1:e4khg9iY08LnFK/HXQDWMf9GDaiMari7jWPnXvKAuBU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4 h1:0cSfTYYL9qiRcdi4Dvz+8s3JUgNR2qvbgZkXcwPEEEk=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4/go.mod h1:Wjn5O9eS7uSi7vlPKt/v0MLTncANn9EMmoDvnzJli6o=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 h1:RnLB7p6aaFMRfyQkD6ckxR7myCC9SABIqSz4czYUUbU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8/go.mod h1:XH7dQJd+56wEbP1I4e4Duo+QhSMxNArE8VP7NuUOTeM=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8 h1:jzApk2f58L9yW9q1GEab3BMMFWUkkiZhyrRUtbwUbKU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.8/go.mod h1:WqO+FftfO3tGePUtQxPXM6iODVfqMwsVMgTbG/ZXIdQ=
+github.com/aws/aws-sdk-go-v2 v1.29.0 h1:uMlEecEwgp2gs6CsM6ugquNHr6mg0LHylPBR8u5Ojac=
+github.com/aws/aws-sdk-go-v2 v1.29.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.20 h1:oQSn/KNUMV54X0FBEDQQ2ymNfcKyMT81ar8gyvMzzqs=
+github.com/aws/aws-sdk-go-v2/config v1.27.20/go.mod h1:IbEMotJrWc3Bh7++HXZDlviHZP7kHrkHU3PNl9e17po=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.20 h1:VYTCplAeOeBv5InTtrmF61OIwD4aHKryg3KZ6hf7dsI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.20/go.mod h1:ktubcFYvbN8++72jVM9IJoQH6Q2TP+Z7r2VbV1AaESU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 h1:54QUEXjkE1SlxHmRA3gBXA52j/ZSAgdOfAFGv1NsPCY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7/go.mod h1:bQRjJsdSMzmo/qbtGeBtPbIMp1IgQ+9R9jYJLm12uJA=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 h1:ltkhl3I9ddcRR3Dsy+7bOFFq546O8OYsfNEXVIyuOSE=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11/go.mod h1:H4D8JoCFNJwnT7U5U8iwgG24n71Fx2I/ZP/18eYFr9g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80z/yZIJX+e0jnNxjMLVyfpSXM0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10 h1:7kZqP7akv0enu6ykJhb9OYlw16oOrSy+Epus8o/VqMY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10/go.mod h1:gYVF3nM1ApfTRDj9pvdhootBb8WbiIejuqn4w8ruMes=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9 h1:vsr2H+csntN31+MflT2GIVguoRdi9fTO6waPU+QSFPM=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.40.9/go.mod h1:kf6UvOptzjYUR5IDuEZ4gVMmNdWsL+jdEdiKzkPZNPE=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9 h1:XOVJB9woNbx9qH2Np+lpjaDOVwjBRxnlnxv4ltUAE9o=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.23.9/go.mod h1:MdiWkoSbcv50IGdaHC9nYcLL6GC9pYJFsrOybA0qjhg=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.10 h1:ItKVmFwbyb/ZnCWf+nu3XBVmUirpO9eGEQd7urnBA0s=
-github.com/aws/aws-sdk-go-v2/service/sso v1.20.10/go.mod h1:5XKooCTi9VB/xZmJDvh7uZ+v3uQ7QdX6diOyhvPA+/w=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4 h1:QMSCYDg3Iyls0KZc/dk3JtS2c1lFfqbmYO10qBPPkJk=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4/go.mod h1:MZ/PVYU/mRbmSF6WK3ybCYHjA2mig8utVokDEVLDgE0=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.11 h1:HYS0csS7UJxdYRoG+bGgUYrSwVnV3/ece/wHm90TApM=
-github.com/aws/aws-sdk-go-v2/service/sts v1.28.11/go.mod h1:QXnthRM35zI92048MMwfFChjFmoufTdhtHmouwNfhhU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0 h1:tvIBVabBmCMZvPFtT18HQbSjskzVEcSvdJIAjLQmP78=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0/go.mod h1:rJl5QZ1ntzfPi2g3u1p8LQk78tbKj0JNmaNG1a9u97A=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0 h1:oJ2TcKRuwWuFwbwCH/ocaLP3EpCTca4B0wqNb6PopKE=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0/go.mod h1:L2ps9ionyOaplG4vh51jyIRUK+xB7vjMqnObxXsRoK0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
+github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0/go.mod h1:B3G77bQDCmhp0RV0P/J9Kd4/qsymdWVhzTe3btAtywE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 h1:dqW4XRwPE/poWSqVntpeXLHzpPK6AOfKmL9QWDYl9aw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.29.0/go.mod h1:j8+hrxlmLR8ZQo6ytTAls/JFrt5bVisuS6PD8gw2VBw=
 github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
 github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3 h1:R6bNU7iZz+aPTrZM1zcpJnWOtfTJUgykyWz5hBs/isk=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.3/go.mod h1:LgG44oKLMQN53wrIotY6mM1mjA9VOhGQd//lzAIF46A=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4 h1:KBCS1XYHLlhCdF0w78TRrICzrnWY7WXZnf3QlN+6R+s=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4/go.mod h1:Q1sepvresNmUKT9CBheBm+7J5jzd/ApD0Ha0VGm/nQ0=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -101,8 +101,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHknxeE=
-github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
+github.com/digitalocean/godo v1.118.0 h1:lkzGFQmACrVCp7UqH1sAi4JK/PWwlc5aaxubgorKmC4=
+github.com/digitalocean/godo v1.118.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -298,8 +298,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs=
-github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk=
+github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
+github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -444,8 +444,8 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg=
-golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
+golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -453,8 +453,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
-golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
+golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -550,23 +550,23 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
+golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE=
-google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM=
+google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU=
+google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 h1:W5Xj/70xIA4x60O/IFyXivR5MGqblAb8R3w26pnD6No=
-google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE=
+google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -587,8 +587,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -601,8 +601,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.10.0 h1:JbwyVcVRhBczmKnVeK0cc5UbHkYr0JlBWCYGWsTWlyU=
-gopkg.in/ns1/ns1-go.v2 v2.10.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.11.0 h1:T+rMHhQsQ58bSgGZwX8INxU0sjDO7cWieX9xPr/UEY4=
+gopkg.in/ns1/ns1-go.v2 v2.11.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From 01e0fbb629efa3cbbe54a5670e3eaea5c90caa25 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sat, 29 Jun 2024 19:06:37 +0200
Subject: [PATCH 292/438] DOCS: Getting started installation options summary
 (#3023)

---
 documentation/getting-started.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index b3e85c499b..d5aee1eadb 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -5,6 +5,11 @@
 
 Choose one of the following installation methods:
 
+1. [Homebrew](#homebrew)
+2. [Docker](#docker)
+3. [GitHub binaries](#binaries)
+4. [GitHub source](#source)
+
 ### Homebrew
 
 On macOS (or Linux) you can install it using [Homebrew](https://brew.sh).

From f83c8162ba80744e743f4dbedf1ea7a414faa594 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Sat, 29 Jun 2024 19:10:09 +0200
Subject: [PATCH 293/438] DOCS: MacPorts removed (#3022)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .goreleaser.yml                  | 12 ------------
 documentation/getting-started.md |  8 --------
 2 files changed, 20 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 268ae3d728..c24e4b9a92 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -175,12 +175,6 @@ release:
     brew install dnscontrol
     ```
 
-    ##### Install with [MacPorts](https://www.macports.org)
-
-    ```shell
-    sudo port install dnscontrol
-    ```
-
     ##### Using with [Docker](https://www.docker.com)
 
     You can use the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/) or [GitHub Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol).
@@ -209,10 +203,4 @@ release:
     brew upgrade dnscontrol
     ```
 
-    ##### Install with [MacPorts](https://www.macports.org)
-
-    ```shell
-    sudo port upgrade dnscontrol
-    ```
-
     Alternatively, you can grab the latest binary (or the apt/rpm/deb package) from this page.
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index d5aee1eadb..1d04a160bb 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -18,14 +18,6 @@ On macOS (or Linux) you can install it using [Homebrew](https://brew.sh).
 brew install dnscontrol
 ```
 
-### MacPorts
-
-Alternatively on macOS you can install it using [MacPorts](https://www.macports.org).
-
-```shell
-sudo port install dnscontrol
-```
-
 ### Docker
 
 You can use DNSControl locally using the Docker image from [Docker hub](https://hub.docker.com/r/stackexchange/dnscontrol/) or [GitHub Container Registry](https://github.com/stackexchange/dnscontrol/pkgs/container/dnscontrol) and the command below.

From d1a84205b6450dec7ceafd567caa57ee7b533260 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sat, 29 Jun 2024 15:33:35 -0400
Subject: [PATCH 294/438] CHORE: Update deps (#3026)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod                                  | 37 ++++++-------
 go.sum                                  | 73 +++++++++++++------------
 pkg/cloudflare-go/internal/tools/go.mod | 10 ++--
 pkg/cloudflare-go/internal/tools/go.sum | 23 ++++----
 4 files changed, 73 insertions(+), 70 deletions(-)

diff --git a/go.mod b/go.mod
index 2bd1eee0d8..db3fada90c 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require google.golang.org/protobuf v1.34.2 // indirect
 replace github.com/cloudflare/cloudflare-go => ./pkg/cloudflare-go
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
@@ -18,11 +18,11 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.29.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.20
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.20
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0
+	github.com/aws/aws-sdk-go-v2 v1.30.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.23
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4
@@ -56,7 +56,7 @@ require (
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.21.0
-	google.golang.org/api v0.185.0
+	google.golang.org/api v0.186.0
 	gopkg.in/ns1/ns1-go.v2 v2.11.0
 )
 
@@ -78,23 +78,23 @@ require (
 )
 
 require (
-	cloud.google.com/go/auth v0.5.1 // indirect
+	cloud.google.com/go/auth v0.6.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 // indirect
-	github.com/aws/smithy-go v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
+	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -116,7 +116,7 @@ require (
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -160,7 +160,6 @@ require (
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
 	google.golang.org/grpc v1.64.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
diff --git a/go.sum b/go.sum
index 63c4fe6071..be8d19df46 100644
--- a/go.sum
+++ b/go.sum
@@ -1,14 +1,14 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw=
-cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s=
+cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g=
+cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
@@ -41,36 +41,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.29.0 h1:uMlEecEwgp2gs6CsM6ugquNHr6mg0LHylPBR8u5Ojac=
-github.com/aws/aws-sdk-go-v2 v1.29.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
-github.com/aws/aws-sdk-go-v2/config v1.27.20 h1:oQSn/KNUMV54X0FBEDQQ2ymNfcKyMT81ar8gyvMzzqs=
-github.com/aws/aws-sdk-go-v2/config v1.27.20/go.mod h1:IbEMotJrWc3Bh7++HXZDlviHZP7kHrkHU3PNl9e17po=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20 h1:VYTCplAeOeBv5InTtrmF61OIwD4aHKryg3KZ6hf7dsI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.20/go.mod h1:ktubcFYvbN8++72jVM9IJoQH6Q2TP+Z7r2VbV1AaESU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7 h1:54QUEXjkE1SlxHmRA3gBXA52j/ZSAgdOfAFGv1NsPCY=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.7/go.mod h1:bQRjJsdSMzmo/qbtGeBtPbIMp1IgQ+9R9jYJLm12uJA=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11 h1:ltkhl3I9ddcRR3Dsy+7bOFFq546O8OYsfNEXVIyuOSE=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.11/go.mod h1:H4D8JoCFNJwnT7U5U8iwgG24n71Fx2I/ZP/18eYFr9g=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11 h1:+BgX2AY7yV4ggSwa80z/yZIJX+e0jnNxjMLVyfpSXM0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.11/go.mod h1:DlBATBSDCz30BCdRFldmyLsAzJwi2pdQ+YSdJTHhTUI=
+github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o=
+github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
+github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac=
+github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13 h1:3A8vxp65nZy6aMlSCBvpIyxIbAN0DOSxaPDZuzasxuU=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.13/go.mod h1:IxJ/pMQ/Y+MDFGo6pQRyqzKKwtGMHb5IWp5PXSQr8dM=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0 h1:tvIBVabBmCMZvPFtT18HQbSjskzVEcSvdJIAjLQmP78=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.41.0/go.mod h1:rJl5QZ1ntzfPi2g3u1p8LQk78tbKj0JNmaNG1a9u97A=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0 h1:oJ2TcKRuwWuFwbwCH/ocaLP3EpCTca4B0wqNb6PopKE=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.24.0/go.mod h1:L2ps9ionyOaplG4vh51jyIRUK+xB7vjMqnObxXsRoK0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0 h1:P0zUA+5liaoNILI/btBBQHC09PFPyRJr+w+Xt9KHKck=
-github.com/aws/aws-sdk-go-v2/service/sso v1.21.0/go.mod h1:0bmRzdsq9/iNyP02H4UV0ZRjFx6qQBqRvfCJ4trFgjE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0 h1:jPV8U9r3msO9ECm9geW8PGjU/rz8vfPTPmIBbA83W3M=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.0/go.mod h1:B3G77bQDCmhp0RV0P/J9Kd4/qsymdWVhzTe3btAtywE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0 h1:dqW4XRwPE/poWSqVntpeXLHzpPK6AOfKmL9QWDYl9aw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.29.0/go.mod h1:j8+hrxlmLR8ZQo6ytTAls/JFrt5bVisuS6PD8gw2VBw=
-github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
-github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1 h1:nsqHenlmW2rjUgMTiA58YhVAEooFA4IaXdzB6Y7WOpc=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1/go.mod h1:FL7amoKYyP0gYGOvg2ea5kGW5mh0NsBS9AGWR11LMVo=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1 h1:uZaxAiNNMPjG+e62AkoAQC741a1qZn3ykSguq4uWusg=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1/go.mod h1:RtjKHdAJsjzeadr5jgXgKPMn6GXF8y1eXs/VXVYAfrE=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ=
+github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
+github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -205,8 +205,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
-github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
+github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
+github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -556,13 +556,14 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU=
-google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg=
+google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug=
+google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU=
 google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE=
 google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
diff --git a/pkg/cloudflare-go/internal/tools/go.mod b/pkg/cloudflare-go/internal/tools/go.mod
index c592590428..bf856580de 100644
--- a/pkg/cloudflare-go/internal/tools/go.mod
+++ b/pkg/cloudflare-go/internal/tools/go.mod
@@ -69,7 +69,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/esimonov/ifshort v1.0.4 // indirect
 	github.com/ettle/strcase v0.1.1 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/fatih/structtag v1.2.0 // indirect
 	github.com/firefart/nonamedreturns v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.5.4 // indirect
@@ -114,7 +114,7 @@ require (
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
@@ -144,8 +144,8 @@ require (
 	github.com/magiconair/properties v1.8.6 // indirect
 	github.com/maratori/testpackage v1.1.0 // indirect
 	github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
 	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
@@ -230,7 +230,7 @@ require (
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
 	golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df // indirect
diff --git a/pkg/cloudflare-go/internal/tools/go.sum b/pkg/cloudflare-go/internal/tools/go.sum
index 8375f5d098..ab0c7aadff 100644
--- a/pkg/cloudflare-go/internal/tools/go.sum
+++ b/pkg/cloudflare-go/internal/tools/go.sum
@@ -214,8 +214,9 @@ github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcH
 github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw=
 github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=
 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
 github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y=
@@ -433,7 +434,7 @@ github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
@@ -441,8 +442,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.3.0/go.mod h1:F9eH4LrE/ZsRdbwhfjs9k9HoDUwAHnYtXdgmf1AVNs0=
 github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
 github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
 github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
@@ -593,16 +594,18 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -1134,7 +1137,6 @@ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1146,12 +1148,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=

From 53efc51d71688595910001cb61aa295bb4483ff7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 13:10:32 -0400
Subject: [PATCH 295/438] Build(deps): Bump github.com/softlayer/softlayer-go
 from 1.1.3 to 1.1.5 (#3029)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod |  2 +-
 go.sum | 12 ++++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index db3fada90c..241390d9b0 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
 	github.com/robertkrimen/otto v0.4.0
-	github.com/softlayer/softlayer-go v1.1.3
+	github.com/softlayer/softlayer-go v1.1.5
 	github.com/stretchr/testify v1.9.0
 	github.com/transip/gotransip/v6 v6.24.0
 	github.com/urfave/cli/v2 v2.27.2
diff --git a/go.sum b/go.sum
index be8d19df46..7962d777cb 100644
--- a/go.sum
+++ b/go.sum
@@ -147,6 +147,8 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
 github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
 github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe h1:zn8tqiUbec4wR94o7Qj3LZCAT6uGobhEgnDRg6isG5U=
@@ -195,6 +197,8 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
+github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
@@ -321,6 +325,10 @@ github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
 github.com/nrdcg/goinwx v0.10.0 h1:6W630bjDxQD6OuXKqrFRYVpTt0G/9GXXm3CeOrN0zJM=
 github.com/nrdcg/goinwx v0.10.0/go.mod h1:mnMSTi7CXBu2io4DzdOBoGFA1XclD0sEPWJaDhNgkA4=
+github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
+github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
+github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
 github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
@@ -369,8 +377,8 @@ github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYl
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
-github.com/softlayer/softlayer-go v1.1.3 h1:dfFzt5eOKIAyB/b78fHMyDu5ICx0ZtxL9NRhBlf831A=
-github.com/softlayer/softlayer-go v1.1.3/go.mod h1:Pc7F57OgUKaAam7TtpqkUeqL7QyKknfiUI4R49h41/U=
+github.com/softlayer/softlayer-go v1.1.5 h1:UFFtgKxiw0yIuUw93XBCFIiIMYR5eLgmm4a5DqMHXGg=
+github.com/softlayer/softlayer-go v1.1.5/go.mod h1:WeJrBLoTJcaT8nO1azeyHyNpo/fDLtbpbvh+pzts+Qw=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

From 277b0a0730ceb3795874c1171ed06e3c879b190a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 13:10:43 -0400
Subject: [PATCH 296/438] Build(deps): Bump alpine from 3.20.0 to 3.20.1
 (#3028)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index c1e4b7f466..72e47cb9fd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd as RUN
+FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From f3acdc45f8334305063a611721423c1a64958291 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 1 Jul 2024 13:27:13 -0400
Subject: [PATCH 297/438] Build(deps): Bump
 github.com/huaweicloud/huaweicloud-sdk-go-v3 from 0.1.100 to 0.1.103 (#3030)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 241390d9b0..ee74ffda6d 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 7962d777cb..526ae760eb 100644
--- a/go.sum
+++ b/go.sum
@@ -244,8 +244,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
 github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100 h1:OXGVtlUZLIKAX8ERmytPeypL9CdeCwo9/FTxvg90IRg=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.100/go.mod h1:lhdEO9Bbb3hZ0wG+JeK9/GqMOp/sgc92mFmVk5tNSCk=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103 h1:xuWRET87TRmBHTxIsKjv0xerTx0iptyXU9XVF5AWOMc=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103/go.mod h1:lhdEO9Bbb3hZ0wG+JeK9/GqMOp/sgc92mFmVk5tNSCk=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=

From 2f155ced46823ae735ea91ef55340d43b2a831ce Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Tue, 2 Jul 2024 06:02:30 +0800
Subject: [PATCH 298/438] PORKBUN: fix JSON unmarshal and add retry on rate
 limit (#3019)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/porkbun/api.go             | 28 +++++++++++++++-------------
 providers/porkbun/porkbunProvider.go |  5 -----
 2 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 003a371771..70dc7d6ba5 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"io"
 	"net/http"
 	"sort"
@@ -34,33 +35,21 @@ type domainRecord struct {
 	Content string `json:"content"`
 	TTL     string `json:"ttl"`
 	Prio    string `json:"prio"`
-	Notes   string `json:"notes"`
 }
 
 type recordResponse struct {
-	Status  string         `json:"status"`
 	Records []domainRecord `json:"records"`
 }
 
 type domainListRecord struct {
-	Domain       string `json:"domain"`
-	Status       string `json:"status"`
-	TLD          string `json:"tld"`
-	CreateDate   string `json:"createDate"`
-	ExpireDate   string `json:"expireDate"`
-	SecurityLock string `json:"securityLock"`
-	WhoisPrivacy string `json:"whoisPrivacy"`
-	AutoRenew    string `json:"autoRenew"`
-	NotLocal     string `json:"notLocal"`
+	Domain string `json:"domain"`
 }
 
 type domainListResponse struct {
-	Status  string             `json:"status"`
 	Domains []domainListRecord `json:"domains"`
 }
 
 type nsResponse struct {
-	Status      string   `json:"status"`
 	Nameservers []string `json:"ns"`
 }
 
@@ -76,8 +65,11 @@ func (c *porkbunProvider) post(endpoint string, params requestParams) ([]byte, e
 	client := &http.Client{}
 	req, _ := http.NewRequest("POST", baseURL+endpoint, bytes.NewBuffer(personJSON))
 
+	retrycnt := 0
+
 	// If request sending too fast, the server will fail with the following error:
 	// porkbun API error: Create error: We were unable to create the DNS record.
+retry:
 	time.Sleep(500 * time.Millisecond)
 	resp, err := client.Do(req)
 	if err != nil {
@@ -86,6 +78,16 @@ func (c *porkbunProvider) post(endpoint string, params requestParams) ([]byte, e
 
 	bodyString, _ := io.ReadAll(resp.Body)
 
+	if resp.StatusCode == 202 {
+		retrycnt += 1
+		if retrycnt == 5 {
+			return bodyString, fmt.Errorf("rate limiting exceeded")
+		}
+		printer.Warnf("Rate limiting.. waiting for %d minute(s)\n", retrycnt)
+		time.Sleep(time.Minute * time.Duration(retrycnt))
+		goto retry
+	}
+
 	// Got error from API ?
 	var errResp errorResponse
 	err = json.Unmarshal(bodyString, &errResp)
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index b85e2de410..7b3d47bf1a 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -43,11 +43,6 @@ func newPorkbun(m map[string]string, _ json.RawMessage) (*porkbunProvider, error
 		return nil, fmt.Errorf("missing porkbun api_key or secret_key")
 	}
 
-	// Validate authentication
-	if err := c.ping(); err != nil {
-		return nil, err
-	}
-
 	return c, nil
 }
 

From c22f20db2cf7aa3607fe5a8d5c8c951995ff0cbf Mon Sep 17 00:00:00 2001
From: Jens Willemsens <6514515+JenswBE@users.noreply.github.com>
Date: Tue, 2 Jul 2024 00:03:31 +0200
Subject: [PATCH 299/438] DESEC: Fix init (#3017)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/desec/desecProvider.go |  43 +++++-----
 providers/desec/protocol.go      | 132 +++++++++++++++++--------------
 2 files changed, 91 insertions(+), 84 deletions(-)

diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 1134583f9d..dee3f4fb1f 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
@@ -21,18 +22,10 @@ Info required in `creds.json`:
 // NewDeSec creates the provider.
 func NewDeSec(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	c := &desecProvider{}
-	c.creds.token = m["auth-token"]
-	if c.creds.token == "" {
+	c.token = strings.TrimSpace(m["auth-token"])
+	if c.token == "" {
 		return nil, fmt.Errorf("missing deSEC auth-token")
 	}
-	if err := c.authenticate(); err != nil {
-		return nil, fmt.Errorf("authentication failed")
-	}
-	//DomainIndex is used for corrections (minttl) and domain creation
-	if err := c.initializeDomainIndex(); err != nil {
-		return nil, err
-	}
-
 	return c, nil
 }
 
@@ -41,7 +34,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("deSEC always signs all records. When trying to disable, a notice is printed."),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Unimplemented("Apex aliasing is supported via new SVCB and HTTPS record types. For details, check the deSEC docs."),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
@@ -119,9 +112,13 @@ func (c *desecProvider) GetZoneRecords(domain string, meta map[string]string) (m
 
 // EnsureZoneExists creates a zone if it does not exist
 func (c *desecProvider) EnsureZoneExists(domain string) error {
-	c.mutex.Lock()
-	defer c.mutex.Unlock()
-	if _, ok := c.domainIndex[domain]; ok {
+	_, ok, err := c.searchDomainIndex(domain)
+	if err != nil {
+		return err
+	}
+
+	if ok {
+		// Domain already exists
 		return nil
 	}
 	return c.createDomain(domain)
@@ -155,14 +152,14 @@ func PrepDesiredRecords(dc *models.DomainConfig, minTTL uint32) {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
-	var minTTL uint32
-	c.mutex.Lock()
-	if ttl, ok := c.domainIndex[dc.Name]; !ok {
+	minTTL, ok, err := c.searchDomainIndex(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+	if !ok {
 		minTTL = 3600
-	} else {
-		minTTL = ttl
 	}
-	c.mutex.Unlock()
+
 	PrepDesiredRecords(dc, minTTL)
 
 	keysToUpdate, toReport, err := diff.NewCompat(dc).ChangedGroups(existing)
@@ -250,9 +247,5 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 
 // ListZones return all the zones in the account
 func (c *desecProvider) ListZones() ([]string, error) {
-	var domains []string
-	for domain := range c.domainIndex {
-		domains = append(domains, domain)
-	}
-	return domains, nil
+	return c.listDomainIndex()
 }
diff --git a/providers/desec/protocol.go b/providers/desec/protocol.go
index f056352b57..af5b3980df 100644
--- a/providers/desec/protocol.go
+++ b/providers/desec/protocol.go
@@ -19,14 +19,9 @@ const apiBase = "https://desec.io/api/v1"
 
 // Api layer for desec
 type desecProvider struct {
-	domainIndex map[string]uint32 //stores the minimum ttl of each domain. (key = domain and value = ttl)
-	creds       struct {
-		tokenid  string
-		token    string
-		user     string
-		password string
-	}
-	mutex sync.Mutex
+	domainIndex     map[string]uint32 //stores the minimum ttl of each domain. (key = domain and value = ttl)
+	domainIndexLock sync.Mutex
+	token           string
 }
 
 type domainObject struct {
@@ -66,86 +61,105 @@ type nonFieldError struct {
 	Errors []string `json:"non_field_errors"`
 }
 
-func (c *desecProvider) authenticate() error {
-	endpoint := "/auth/account/"
-	var _, resp, err = c.get(endpoint, "GET")
-	//restricted tokens are valid, but get 403 on /auth/account
-	//invalid tokens get 401
-	if resp.StatusCode == 403 {
-		return nil
-	}
-	if err != nil {
-		return err
+// withDomainIndex checks if the domain index is initialized. If not, it's fetched from the deSEC API.
+// Next, the provided readFn function is executed to extract data from the domain index.
+func (c *desecProvider) withDomainIndex(readFn func(domainIndex map[string]uint32)) error {
+	// Lock index
+	c.domainIndexLock.Lock()
+	defer c.domainIndexLock.Unlock()
+
+	// Init index if needed
+	if c.domainIndex == nil {
+		printer.Debugf("Domain index not yet populated, fetching now\n")
+		var err error
+		c.domainIndex, err = c.fetchDomainIndex()
+		if err != nil {
+			return fmt.Errorf("failed to fetch domain index: %w", err)
+		}
 	}
+
+	// Execute handler on index
+	readFn(c.domainIndex)
 	return nil
 }
-func (c *desecProvider) initializeDomainIndex() error {
-	c.mutex.Lock()
-	defer c.mutex.Unlock()
-	if c.domainIndex != nil {
-		return nil
-	}
+
+// listDomainIndex lists all the available domains in the domain index
+func (c *desecProvider) listDomainIndex() (domains []string, err error) {
+	err = c.withDomainIndex(func(domainIndex map[string]uint32) {
+		domains = make([]string, 0, len(domainIndex))
+		for domain := range domainIndex {
+			domains = append(domains, domain)
+		}
+	})
+	return
+}
+
+// searchDomainIndex performs a lookup to the domain index for the TTL of the domain
+func (c *desecProvider) searchDomainIndex(domain string) (ttl uint32, found bool, err error) {
+	err = c.withDomainIndex(func(domainIndex map[string]uint32) {
+		ttl, found = domainIndex[domain]
+	})
+	return
+}
+
+func (c *desecProvider) fetchDomainIndex() (map[string]uint32, error) {
 	endpoint := "/domains/"
+	var domainIndex map[string]uint32
 	var bodyString, resp, err = c.get(endpoint, "GET")
 	if resp.StatusCode == 400 && resp.Header.Get("Link") != "" {
 		//pagination is required
-		links := c.convertLinks(resp.Header.Get("Link"))
+		links := convertLinks(resp.Header.Get("Link"))
 		endpoint = links["first"]
 		printer.Debugf("initial endpoint %s\n", endpoint)
 		for endpoint != "" {
 			bodyString, resp, err = c.get(endpoint, "GET")
 			if err != nil {
-				if resp.StatusCode == 404 {
-					return nil
-				}
-				return fmt.Errorf("failed fetching domains: %s", err)
+				return nil, fmt.Errorf("failed fetching domains: %s", err)
 			}
-			err = c.buildIndexFromResponse(bodyString)
+			domainIndex, err = appendDomainIndexFromResponse(domainIndex, bodyString)
 			if err != nil {
-				return fmt.Errorf("failed fetching domains: %s", err)
+				return nil, fmt.Errorf("failed fetching domains: %s", err)
 			}
-			links = c.convertLinks(resp.Header.Get("Link"))
+			links = convertLinks(resp.Header.Get("Link"))
 			endpoint = links["next"]
 			printer.Debugf("next endpoint %s\n", endpoint)
 		}
-		printer.Debugf("Domain Index initilized with pagination (%d domains)\n", len(c.domainIndex))
-		return nil //domainIndex was build using pagination without errors
+		printer.Debugf("Domain Index fetched with pagination (%d domains)\n", len(domainIndex))
+		return domainIndex, nil //domainIndex was build using pagination without errors
 	}
 
 	//no pagination required
 	if err != nil && resp.StatusCode != 400 {
-		if resp.StatusCode == 404 {
-			return nil
-		}
-		return fmt.Errorf("failed fetching domains: %s", err)
+		return nil, fmt.Errorf("failed fetching domains: %s", err)
 	}
-	err = c.buildIndexFromResponse(bodyString)
-	if err == nil {
-		printer.Debugf("Domain Index initilized without pagination (%d domains)\n", len(c.domainIndex))
+	domainIndex, err = appendDomainIndexFromResponse(domainIndex, bodyString)
+	if err != nil {
+		return nil, err
 	}
-	return err
+	printer.Debugf("Domain Index fetched without pagination (%d domains)\n", len(domainIndex))
+	return domainIndex, nil
 }
 
-// buildIndexFromResponse takes the bodyString from initializeDomainIndex and builds the domainIndex
-func (c *desecProvider) buildIndexFromResponse(bodyString []byte) error {
-	if c.domainIndex == nil {
-		c.domainIndex = map[string]uint32{}
-	}
+func appendDomainIndexFromResponse(domainIndex map[string]uint32, bodyString []byte) (map[string]uint32, error) {
 	var dr []domainObject
 	err := json.Unmarshal(bodyString, &dr)
 	if err != nil {
-		return err
+		return nil, err
+	}
+
+	if domainIndex == nil {
+		domainIndex = make(map[string]uint32, len(dr))
 	}
 	for _, domain := range dr {
 		//deSEC allows different minimum ttls per domain
 		//we store the actual minimum ttl to use it in desecProvider.go GetDomainCorrections() to enforce the minimum ttl and avoid api errors.
-		c.domainIndex[domain.Name] = domain.MinimumTTL
+		domainIndex[domain.Name] = domain.MinimumTTL
 	}
-	return nil
+	return domainIndex, nil
 }
 
 // Parses the Link Header into a map (https://github.com/desec-io/desec-tools/blob/main/fetch_zone.py#L13)
-func (c *desecProvider) convertLinks(links string) map[string]string {
+func convertLinks(links string) map[string]string {
 	mapping := make(map[string]string)
 	printer.Debugf("Header: %s\n", links)
 	for _, link := range strings.Split(links, ", ") {
@@ -173,7 +187,7 @@ func (c *desecProvider) getRecords(domain string) ([]resourceRecord, error) {
 	var bodyString, resp, err = c.get(fmt.Sprintf(endpoint, domain), "GET")
 	if resp.StatusCode == 400 && resp.Header.Get("Link") != "" {
 		//pagination required
-		links := c.convertLinks(resp.Header.Get("Link"))
+		links := convertLinks(resp.Header.Get("Link"))
 		endpoint = links["first"]
 		printer.Debugf("getRecords: initial endpoint %s\n", fmt.Sprintf(endpoint, domain))
 		for endpoint != "" {
@@ -189,7 +203,7 @@ func (c *desecProvider) getRecords(domain string) ([]resourceRecord, error) {
 				return rrsNew, fmt.Errorf("failed fetching records for domain %s (deSEC): %s", domain, err)
 			}
 			rrsNew = append(rrsNew, tmp...)
-			links = c.convertLinks(resp.Header.Get("Link"))
+			links = convertLinks(resp.Header.Get("Link"))
 			endpoint = links["next"]
 			printer.Debugf("getRecords: next endpoint %s\n", endpoint)
 		}
@@ -282,7 +296,7 @@ retry:
 	client := &http.Client{}
 	req, _ := http.NewRequest(method, endpoint, nil)
 	q := req.URL.Query()
-	req.Header.Add("Authorization", fmt.Sprintf("Token %s", c.creds.token))
+	req.Header.Add("Authorization", fmt.Sprintf("Token %s", c.token))
 
 	req.URL.RawQuery = q.Encode()
 
@@ -304,12 +318,12 @@ retry:
 					if wait > 180 {
 						return []byte{}, resp, fmt.Errorf("rate limiting exceeded")
 					}
-					printer.Warnf("Rate limiting.. waiting for %s seconds", waitfor)
+					printer.Warnf("Rate limiting.. waiting for %s seconds\n", waitfor)
 					time.Sleep(time.Duration(wait+1) * time.Second)
 					goto retry
 				}
 			}
-			printer.Warnf("Rate limiting.. waiting for 500 milliseconds")
+			printer.Warnf("Rate limiting.. waiting for 500 milliseconds\n")
 			time.Sleep(500 * time.Millisecond)
 			goto retry
 		}
@@ -346,7 +360,7 @@ retry:
 	}
 	q := req.URL.Query()
 	if endpoint != "/auth/login/" {
-		req.Header.Add("Authorization", fmt.Sprintf("Token %s", c.creds.token))
+		req.Header.Add("Authorization", fmt.Sprintf("Token %s", c.token))
 	}
 	req.Header.Set("Content-Type", "application/json")
 
@@ -371,12 +385,12 @@ retry:
 					if wait > 180 {
 						return []byte{}, fmt.Errorf("rate limiting exceeded")
 					}
-					printer.Warnf("Rate limiting.. waiting for %s seconds", waitfor)
+					printer.Warnf("Rate limiting.. waiting for %s seconds\n", waitfor)
 					time.Sleep(time.Duration(wait+1) * time.Second)
 					goto retry
 				}
 			}
-			printer.Warnf("Rate limiting.. waiting for 500 milliseconds")
+			printer.Warnf("Rate limiting.. waiting for 500 milliseconds\n")
 			time.Sleep(500 * time.Millisecond)
 			goto retry
 		}

From 5ef1e9979b6c975632ca45dcb434a966988d1c90 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 1 Jul 2024 20:21:44 -0400
Subject: [PATCH 300/438] CLOUDFLARE: Fix bugs with the new "single redirect"
 feature (#3031)

Co-authored-by: Josh Zhang <jzhang1@stackoverflow.com>
---
 documentation/providers.md                  |  2 +-
 pkg/cloudflare-go/internal/tools/go.sum     | 12 ++++
 providers/cloudflare/rest.go                | 15 +++--
 providers/cloudflare/singleredirect.go      | 24 ++++++-
 providers/cloudflare/singleredirect_test.go | 74 ++++++++++++++++-----
 5 files changed, 101 insertions(+), 26 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 840a3b8745..d0c569911a 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -24,7 +24,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
-| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
+| [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 | [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/pkg/cloudflare-go/internal/tools/go.sum b/pkg/cloudflare-go/internal/tools/go.sum
index ab0c7aadff..003cb032f9 100644
--- a/pkg/cloudflare-go/internal/tools/go.sum
+++ b/pkg/cloudflare-go/internal/tools/go.sum
@@ -214,6 +214,8 @@ github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcH
 github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw=
 github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
@@ -434,6 +436,7 @@ github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
 github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
+github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
 github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
@@ -442,6 +445,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.3.0/go.mod h1:F9eH4LrE/ZsRdbwhfjs9k9HoDUwAHnYtXdgmf1AVNs0=
 github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
+github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
+github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
 github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
@@ -594,6 +599,8 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -602,6 +609,8 @@ github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
@@ -1137,6 +1146,7 @@ golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -1153,6 +1163,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 5d650f4508..948d85b7c7 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -2,6 +2,7 @@ package cloudflare
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -278,7 +279,11 @@ func (c *cloudflareProvider) getUniversalSSL(domainID string) (bool, error) {
 func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*models.RecordConfig, error) {
 	rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(id), "http_request_dynamic_redirect")
 	if err != nil {
-		return nil, fmt.Errorf("failed fetching redirect rule list cloudflare: %s", err)
+		var e *cloudflare.NotFoundError
+		if errors.As(err, &e) {
+			return []*models.RecordConfig{}, nil
+		}
+		return nil, fmt.Errorf("failed fetching redirect rule list cloudflare: %s (%T)", err, err)
 	}
 	//var rulelist []cloudflare.RulesetRule
 	//rulelist = rules.Rules
@@ -330,8 +335,9 @@ func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.Cl
 	newSingleRedirectRules = append(newSingleRedirectRules, newSingleRedirectRule)
 	newSingleRedirect := cloudflare.UpdateEntrypointRulesetParams{}
 
-	// Preserve query string
-	preserveQueryString := true
+	// Preserve query string if there isn't one in the replacement.
+	preserveQueryString := !strings.Contains(cfr.SRReplacement, "?")
+
 	newSingleRedirectRulesActionParameters.FromValue = &cloudflare.RulesetRuleActionParametersFromValue{}
 	// Redirect status code
 	newSingleRedirectRulesActionParameters.FromValue.StatusCode = uint16(cfr.Code)
@@ -352,7 +358,8 @@ func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.Cl
 
 	// Get a list of current redirects so that the new redirect get appended to it
 	rules, err := c.cfClient.GetEntrypointRuleset(context.Background(), cloudflare.ZoneIdentifier(domainID), "http_request_dynamic_redirect")
-	if err != nil {
+	var e *cloudflare.NotFoundError
+	if err != nil && !errors.As(err, &e) {
 		return fmt.Errorf("failed fetching redirect rule list cloudflare: %s", err)
 	}
 	newSingleRedirect.Rules = newSingleRedirectRules
diff --git a/providers/cloudflare/singleredirect.go b/providers/cloudflare/singleredirect.go
index 033ac1a9d1..4c98fc217b 100644
--- a/providers/cloudflare/singleredirect.go
+++ b/providers/cloudflare/singleredirect.go
@@ -122,22 +122,40 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 		// meta.*yodeya.com/* (wildcard in host)
 		h := simpleGlobToRegex(host)
 		matcher = fmt.Sprintf(`http.host matches r###"%s"###`, h)
+
+	} else if !strings.Contains(host, `*`) && strings.Count(path, `*`) == 1 && strings.HasSuffix(path, "*") {
+		// domain.tld/.well-known* (wildcard in path)
+		matcher = fmt.Sprintf(`(starts_with(http.request.uri.path, "%s") and http.host eq "%s")`,
+			path[0:len(path)-1],
+			host)
+
 	}
 
 	// replacement
 
 	if !strings.Contains(replacement, `$`) {
 		//  https://stackexchange.com/ (no substitutions)
-		expr = fmt.Sprintf(`"%s"`, replacement)
+		expr = fmt.Sprintf(`concat("%s", "")`, replacement)
+
+	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && strings.Count(replacement, `$`) == 1 && len(rpath) > 3 && strings.HasSuffix(rpath, "/$2") {
+		// *stackoverflowenterprise.com/* -> https://www.stackoverflowbusiness.com/enterprise/$2
+		expr = fmt.Sprintf(`concat("https://%s", "%s", http.request.uri.path)`,
+			rhost,
+			rpath[0:len(rpath)-3],
+		)
 
 	} else if strings.Count(replacement, `$`) == 1 && rpath == `/$1` {
 		// https://i.sstatic.net/$1 ($1 at end)
-		expr = fmt.Sprintf(`concat("https://%s/", http.request.uri.path)`, rhost)
+		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	} else if strings.Count(host, `*`) == 1 && strings.Count(path, `*`) == 1 &&
 		strings.Count(replacement, `$`) == 1 && rpath == `/$2` {
 		// https://careers.stackoverflow.com/$2
-		expr = fmt.Sprintf(`concat("https://%s/", http.request.uri.path)`, rhost)
+		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
+
+	} else if strings.Count(replacement, `$`) == 1 && strings.HasSuffix(replacement, `$1`) {
+		// https://social.domain.tld/.well-known$1
+		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	}
 
diff --git a/providers/cloudflare/singleredirect_test.go b/providers/cloudflare/singleredirect_test.go
index 6c1ac23554..3ca1941c49 100644
--- a/providers/cloudflare/singleredirect_test.go
+++ b/providers/cloudflare/singleredirect_test.go
@@ -23,7 +23,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "example.com/",
 			replace:   "foo.com",
 			wantMatch: `http.host eq "example.com" and http.request.uri.path eq "/"`,
-			wantExpr:  `"https://foo.com"`,
+			wantExpr:  `concat("https://foo.com", "")`,
 			wantErr:   false,
 		},
 
@@ -43,7 +43,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://i-dev.sstatic.net/",
 			replace:   "https://stackexchange.com/",
 			wantMatch: `http.host eq "i-dev.sstatic.net" and http.request.uri.path eq "/"`,
-			wantExpr:  `"https://stackexchange.com/"`,
+			wantExpr:  `concat("https://stackexchange.com/", "")`,
 			wantErr:   false,
 		},
 		{
@@ -51,7 +51,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://i.stack.imgur.com/*",
 			replace:   "https://i.sstatic.net/$1",
 			wantMatch: `http.host eq "i.stack.imgur.com"`,
-			wantExpr:  `concat("https://i.sstatic.net/", http.request.uri.path)`,
+			wantExpr:  `concat("https://i.sstatic.net", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -59,7 +59,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://img.stack.imgur.com/*",
 			replace:   "https://i.sstatic.net/$1",
 			wantMatch: `http.host eq "img.stack.imgur.com"`,
-			wantExpr:  `concat("https://i.sstatic.net/", http.request.uri.path)`,
+			wantExpr:  `concat("https://i.sstatic.net", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -67,7 +67,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://insights.stackoverflow.com/",
 			replace:   "https://survey.stackoverflow.co",
 			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/"`,
-			wantExpr:  `"https://survey.stackoverflow.co"`,
+			wantExpr:  `concat("https://survey.stackoverflow.co", "")`,
 			wantErr:   false,
 		},
 		{
@@ -75,7 +75,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://insights.stackoverflow.com/trends",
 			replace:   "https://trends.stackoverflow.co",
 			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/trends"`,
-			wantExpr:  `"https://trends.stackoverflow.co"`,
+			wantExpr:  `concat("https://trends.stackoverflow.co", "")`,
 			wantErr:   false,
 		},
 		{
@@ -83,7 +83,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://insights.stackoverflow.com/trends/",
 			replace:   "https://trends.stackoverflow.co",
 			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/trends/"`,
-			wantExpr:  `"https://trends.stackoverflow.co"`,
+			wantExpr:  `concat("https://trends.stackoverflow.co", "")`,
 			wantErr:   false,
 		},
 		{
@@ -91,7 +91,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "https://insights.stackoverflow.com/survey/2021",
 			replace:   "https://survey.stackoverflow.co/2021",
 			wantMatch: `http.host eq "insights.stackoverflow.com" and http.request.uri.path eq "/survey/2021"`,
-			wantExpr:  `"https://survey.stackoverflow.co/2021"`,
+			wantExpr:  `concat("https://survey.stackoverflow.co/2021", "")`,
 			wantErr:   false,
 		},
 		// {
@@ -108,7 +108,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "*stackoverflow.help/support/solutions/articles/36000241656-write-an-article",
 			replace:   "https://stackoverflow.help/en/articles/4397209-write-an-article",
 			wantMatch: `( http.host eq "stackoverflow.help" or ends_with(http.host, ".stackoverflow.help") ) and http.request.uri.path eq "/support/solutions/articles/36000241656-write-an-article"`,
-			wantExpr:  `"https://stackoverflow.help/en/articles/4397209-write-an-article"`,
+			wantExpr:  `concat("https://stackoverflow.help/en/articles/4397209-write-an-article", "")`,
 			wantErr:   false,
 		},
 		{
@@ -116,7 +116,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "*stackoverflow.careers/*",
 			replace:   "https://careers.stackoverflow.com/$2",
 			wantMatch: `http.host eq "stackoverflow.careers" or ends_with(http.host, ".stackoverflow.careers")`,
-			wantExpr:  `concat("https://careers.stackoverflow.com/", http.request.uri.path)`,
+			wantExpr:  `concat("https://careers.stackoverflow.com", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -124,7 +124,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "stackenterprise.com/*",
 			replace:   "https://stackoverflow.co/teams/",
 			wantMatch: `http.host eq "stackenterprise.com"`,
-			wantExpr:  `"https://stackoverflow.co/teams/"`,
+			wantExpr:  `concat("https://stackoverflow.co/teams/", "")`,
 			wantErr:   false,
 		},
 		{
@@ -132,7 +132,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "meta.*yodeya.com/*",
 			replace:   "https://judaism.meta.stackexchange.com/$2",
 			wantMatch: `http.host matches r###"^meta\..*yodeya\.com$"###`,
-			wantExpr:  `concat("https://judaism.meta.stackexchange.com/", http.request.uri.path)`,
+			wantExpr:  `concat("https://judaism.meta.stackexchange.com", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -140,7 +140,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "chat.*yodeya.com/*",
 			replace:   "https://chat.stackexchange.com/?tab=site\u0026host=judaism.stackexchange.com",
 			wantMatch: `http.host matches r###"^chat\..*yodeya\.com$"###`,
-			wantExpr:  `"https://chat.stackexchange.com/?tab=site&host=judaism.stackexchange.com"`,
+			wantExpr:  `concat("https://chat.stackexchange.com/?tab=site&host=judaism.stackexchange.com", "")`,
 			wantErr:   false,
 		},
 		{
@@ -148,7 +148,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "*yodeya.com/*",
 			replace:   "https://judaism.stackexchange.com/$2",
 			wantMatch: `http.host eq "yodeya.com" or ends_with(http.host, ".yodeya.com")`,
-			wantExpr:  `concat("https://judaism.stackexchange.com/", http.request.uri.path)`,
+			wantExpr:  `concat("https://judaism.stackexchange.com", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -156,7 +156,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "meta.*seasonedadvice.com/*",
 			replace:   "https://cooking.meta.stackexchange.com/$2",
 			wantMatch: `http.host matches r###"^meta\..*seasonedadvice\.com$"###`,
-			wantExpr:  `concat("https://cooking.meta.stackexchange.com/", http.request.uri.path)`,
+			wantExpr:  `concat("https://cooking.meta.stackexchange.com", http.request.uri.path)`,
 			wantErr:   false,
 		},
 		{
@@ -164,7 +164,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "collectivesonstackoverflow.co/*",
 			replace:   "https://stackoverflow.com/collectives-on-stack-overflow",
 			wantMatch: `http.host eq "collectivesonstackoverflow.co"`,
-			wantExpr:  `"https://stackoverflow.com/collectives-on-stack-overflow"`,
+			wantExpr:  `concat("https://stackoverflow.com/collectives-on-stack-overflow", "")`,
 			wantErr:   false,
 		},
 		{
@@ -172,7 +172,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "*collectivesonstackoverflow.co/*",
 			replace:   "https://stackoverflow.com/collectives-on-stack-overflow",
 			wantMatch: `http.host eq "collectivesonstackoverflow.co" or ends_with(http.host, ".collectivesonstackoverflow.co")`,
-			wantExpr:  `"https://stackoverflow.com/collectives-on-stack-overflow"`,
+			wantExpr:  `concat("https://stackoverflow.com/collectives-on-stack-overflow", "")`,
 			wantErr:   false,
 		},
 		{
@@ -180,10 +180,48 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			pattern:   "*stackexchange.ca/*",
 			replace:   "https://stackexchange.com/$2",
 			wantMatch: `http.host eq "stackexchange.ca" or ends_with(http.host, ".stackexchange.ca")`,
-			wantExpr:  `concat("https://stackexchange.com/", http.request.uri.path)`,
+			wantExpr:  `concat("https://stackexchange.com", http.request.uri.path)`,
 			wantErr:   false,
 		},
+
+		// https://github.com/StackExchange/dnscontrol/issues/2313#issuecomment-2197296025
+		{
+			name:      "pro-sumer1",
+			pattern:   "domain.tld/.well-known*",
+			replace:   "https://social.domain.tld/.well-known$1",
+			wantMatch: `(starts_with(http.request.uri.path, "/.well-known") and http.host eq "domain.tld")`,
+			wantExpr:  `concat("https://social.domain.tld", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "pro-sumer2",
+			pattern:   "domain.tld/users*",
+			replace:   "https://social.domain.tld/users$1",
+			wantMatch: `(starts_with(http.request.uri.path, "/users") and http.host eq "domain.tld")`,
+			wantExpr:  `concat("https://social.domain.tld", http.request.uri.path)`,
+			wantErr:   false,
+		},
+		{
+			name:      "pro-sumer3",
+			pattern:   "domain.tld/@*",
+			replace:   `https://social.domain.tld/@$1`,
+			wantMatch: `(starts_with(http.request.uri.path, "/@") and http.host eq "domain.tld")`,
+			wantExpr:  `concat("https://social.domain.tld", http.request.uri.path)`,
+			wantErr:   false,
+		},
+
+		{
+			name:      "stackentwild",
+			pattern:   "*stackoverflowenterprise.com/*",
+			replace:   "https://www.stackoverflowbusiness.com/enterprise/$2",
+			wantMatch: `http.host eq "stackoverflowenterprise.com" or ends_with(http.host, ".stackoverflowenterprise.com")`,
+			wantExpr:  `concat("https://www.stackoverflowbusiness.com", "/enterprise", http.request.uri.path)`,
+			wantErr:   false,
+		},
+
+		//
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			gotMatch, gotExpr, err := makeRuleFromPattern(tt.pattern, tt.replace, true)

From a091da9067be2502f6c96f3fa37822c0f0ec2c4e Mon Sep 17 00:00:00 2001
From: Josh Zhang <66385638+jzhang-sre@users.noreply.github.com>
Date: Tue, 2 Jul 2024 16:25:30 -0400
Subject: [PATCH 301/438] CLOUDFLARE: Bugfix for Redirect, correct typo in
 error message. (#3033)

---
 providers/cloudflare/singleredirect.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/cloudflare/singleredirect.go b/providers/cloudflare/singleredirect.go
index 4c98fc217b..7c49815e5a 100644
--- a/providers/cloudflare/singleredirect.go
+++ b/providers/cloudflare/singleredirect.go
@@ -149,7 +149,7 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	} else if strings.Count(host, `*`) == 1 && strings.Count(path, `*`) == 1 &&
-		strings.Count(replacement, `$`) == 1 && rpath == `/$2` {
+		strings.Count(replacement, `$`) == 1 && strings.HasPrefix(rpath, `/$2`) {
 		// https://careers.stackoverflow.com/$2
 		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
@@ -165,7 +165,7 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 		return "", "", fmt.Errorf("conversion not implemented for pattern: %s", origPattern)
 	}
 	if expr == "" {
-		return "", "", fmt.Errorf("conversion not implemented for replacemennt: %s", origReplacement)
+		return "", "", fmt.Errorf("conversion not implemented for replacement: %s", origReplacement)
 	}
 
 	return matcher, expr, nil

From 937c0dc46c3472f8321462fbe176b27e3a3448fd Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 2 Jul 2024 16:46:56 -0400
Subject: [PATCH 302/438] CLOUDFLARE: Fix another redirect bug (#3034)

---
 providers/cloudflare/singleredirect.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/cloudflare/singleredirect.go b/providers/cloudflare/singleredirect.go
index 7c49815e5a..71d67012dd 100644
--- a/providers/cloudflare/singleredirect.go
+++ b/providers/cloudflare/singleredirect.go
@@ -149,7 +149,7 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	} else if strings.Count(host, `*`) == 1 && strings.Count(path, `*`) == 1 &&
-		strings.Count(replacement, `$`) == 1 && strings.HasPrefix(rpath, `/$2`) {
+		strings.Count(replacement, `$`) == 1 && strings.HasSuffix(rpath, `/$2`) {
 		// https://careers.stackoverflow.com/$2
 		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 

From 088306883da1b82fa0d21ea12e2672f55720f181 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 8 Jul 2024 12:38:38 -0400
Subject: [PATCH 303/438] CLOUDFLAREAPI: Add CF_SINGLE_REDIRECT to manage
 "dynamic single" redirects (#3035)

---
 commands/printIR.go                           |   7 +
 commands/types/dnscontrol.d.ts                |  36 +++++-
 documentation/SUMMARY.md                      |   1 +
 .../domain-modifiers/CF_REDIRECT.md           |   2 +-
 .../domain-modifiers/CF_SINGLE_REDIRECT.md    |  44 +++++++
 .../top-level-functions/D_EXTEND.md           |   3 +-
 documentation/provider/cloudflareapi.md       |   4 +-
 integrationTest/integration_test.go           |  31 ++++-
 models/domain.go                              |   5 +-
 models/rawrecord.go                           |  12 ++
 models/record.go                              |  19 +--
 pkg/cloudflare-go/rulesets.go                 |   1 +
 pkg/js/helpers.js                             |  72 +++++++++++
 pkg/js/js_test.go                             |   2 +-
 pkg/js/parse_tests/050-cfSingleRedirect.js    |   8 ++
 pkg/js/parse_tests/050-cfSingleRedirect.json  |  77 +++++++++++
 pkg/normalize/validate.go                     |   3 +-
 pkg/rtypecontrol/rtypecontrol.go              |  18 +++
 pkg/rtypecontrol/validate.go                  |  43 ++++++
 pkg/rtypecontrol/validate_test.go             |  51 ++++++++
 pkg/rtypes/postprocess.go                     |  61 +++++++++
 providers/cloudflare/cloudflareProvider.go    |  35 +++--
 providers/cloudflare/rest.go                  |  23 ++--
 .../cfsingleredirect/cfsingleredirect.go      |  56 ++++++++
 .../cfsingleredirect/convert.go}              | 122 +++++++++---------
 .../cfsingleredirect/convert_test.go}         |   4 +-
 .../rtypes/cfsingleredirect/native.go         |  19 +++
 27 files changed, 652 insertions(+), 107 deletions(-)
 create mode 100644 documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
 create mode 100644 models/rawrecord.go
 create mode 100644 pkg/js/parse_tests/050-cfSingleRedirect.js
 create mode 100644 pkg/js/parse_tests/050-cfSingleRedirect.json
 create mode 100644 pkg/rtypecontrol/rtypecontrol.go
 create mode 100644 pkg/rtypecontrol/validate.go
 create mode 100644 pkg/rtypecontrol/validate_test.go
 create mode 100644 pkg/rtypes/postprocess.go
 create mode 100644 providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
 rename providers/cloudflare/{singleredirect.go => rtypes/cfsingleredirect/convert.go} (51%)
 rename providers/cloudflare/{singleredirect_test.go => rtypes/cfsingleredirect/convert_test.go} (99%)
 create mode 100644 providers/cloudflare/rtypes/cfsingleredirect/native.go

diff --git a/commands/printIR.go b/commands/printIR.go
index fce7530a87..cb463504fc 100644
--- a/commands/printIR.go
+++ b/commands/printIR.go
@@ -11,6 +11,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/js"
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
 	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rtypes"
 	"github.com/urfave/cli/v2"
 )
 
@@ -128,6 +129,12 @@ func ExecuteDSL(args ExecuteDSLArgs) (*models.DNSConfig, error) {
 	if err != nil {
 		return nil, fmt.Errorf("executing %s: %w", args.JSFile, err)
 	}
+
+	err = rtypes.PostProcess(dnsConfig.Domains)
+	if err != nil {
+		return nil, err
+	}
+
 	return dnsConfig, nil
 }
 
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 85e0d18598..169073da02 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -477,7 +477,7 @@ declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critic
  *
  * If _any_ `CF_REDIRECT` or [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) functions are used then
  * `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
- * Page Rule types other than "Forwarding URL” will be left alone.
+ * Page Rule types other than "Forwarding URL" will be left alone.
  *
  * WARNING: Cloudflare does not currently fully document the Page Rules API and
  * this interface is not extensively tested. Take precautions such as making
@@ -502,6 +502,37 @@ declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critic
  */
 declare function CF_REDIRECT(source: string, destination: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * `CF_SINGLE_REDIRECT` is a Cloudflare-specific feature for creating HTTP 301
+ * (permanent) or 302 (temporary) redirects.
+ *
+ * This feature manages dynamic "Single Redirects". (Single Redirects can be
+ * static or dynamic but DNSControl only maintains dynamic redirects).
+ *
+ * Cloudflare documentation: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   CF_SINGLE_REDIRECT("name", 301, "when", "then"),
+ *   CF_SINGLE_REDIRECT('redirect www.example.com', 301, 'http.host eq "www.example.com"', 'concat("https://otherplace.com", http.request.uri.path)'),
+ *   CF_SINGLE_REDIRECT('redirect yyy.example.com', 301, 'http.host eq "yyy.example.com"', 'concat("https://survey.stackoverflow.co", "")'),
+ * END);
+ * ```
+ *
+ * The fields are:
+ *
+ * * name: The name (basically a comment, but it must be unique)
+ * * code: Either 301 (permanent) or 302 (temporary) redirects. May be a number or string.
+ * * when: What Cloudflare sometimes calls the "rule expression".
+ * * then: The replacement expression.
+ *
+ * NOTE:
+ * The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_single_redirect
+ */
+declare function CF_SINGLE_REDIRECT(name: string, code: number, when: string, then: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * `CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
  * Rules) to generate a HTTP 302 temporary redirect.
@@ -982,7 +1013,8 @@ declare function DS(name: string, keytag: number, algorithm: number, digesttype:
  * not `domain.tld`.
  *
  * Some operators only act on an apex domain (e.g.
- * [`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
+ * [`CF_SINGLE_REDIRECT`](../domain-modifiers/CF_SINGLE_REDIRECT.md),
+ * [`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md), and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
  * in a `D_EXTEND` subdomain may not be what you expect.
  *
  * ```javascript
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 26a8d11726..e220a0b4de 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -84,6 +84,7 @@
         * Azure DNS
             * [AZURE_ALIAS](language-reference/domain-modifiers/AZURE_ALIAS.md)
         * Cloudflare DNS
+            * [CF_SINGLE_REDIRECT](language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md)
             * [CF_REDIRECT](language-reference/domain-modifiers/CF_REDIRECT.md)
             * [CF_TEMP_REDIRECT](language-reference/domain-modifiers/CF_TEMP_REDIRECT.md)
             * [CF_WORKER_ROUTE](language-reference/domain-modifiers/CF_WORKER_ROUTE.md)
diff --git a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
index 7f727cc318..f530aafbb7 100644
--- a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
@@ -16,7 +16,7 @@ generate a HTTP 301 permanent redirect.
 
 If _any_ `CF_REDIRECT` or [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) functions are used then
 `dnscontrol` will manage _all_ "Forwarding URL" type Page Rules for the domain.
-Page Rule types other than "Forwarding URL” will be left alone.
+Page Rule types other than "Forwarding URL" will be left alone.
 
 {% hint style="warning" %}
 **WARNING**: Cloudflare does not currently fully document the Page Rules API and
diff --git a/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
new file mode 100644
index 0000000000..bfc3561ab4
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
@@ -0,0 +1,44 @@
+---
+name: CF_SINGLE_REDIRECT
+parameters:
+  - name
+  - code
+  - when
+  - then
+  - modifiers...
+provider: CLOUDFLAREAPI
+parameter_types:
+  name: string
+  code: number
+  when: string
+  then: string
+  "modifiers...": RecordModifier[]
+---
+
+`CF_SINGLE_REDIRECT` is a Cloudflare-specific feature for creating HTTP 301
+(permanent) or 302 (temporary) redirects.
+
+This feature manages dynamic "Single Redirects". (Single Redirects can be
+static or dynamic but DNSControl only maintains dynamic redirects).
+
+Cloudflare documentation: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  CF_SINGLE_REDIRECT("name", 301, "when", "then"),
+  CF_SINGLE_REDIRECT('redirect www.example.com', 301, 'http.host eq "www.example.com"', 'concat("https://otherplace.com", http.request.uri.path)'),
+  CF_SINGLE_REDIRECT('redirect yyy.example.com', 301, 'http.host eq "yyy.example.com"', 'concat("https://survey.stackoverflow.co", "")'),
+END);
+```
+{% endcode %}
+
+The fields are:
+
+* name: The name (basically a comment, but it must be unique)
+* code: Either 301 (permanent) or 302 (temporary) redirects. May be a number or string.
+* when: What Cloudflare sometimes calls the "rule expression".
+* then: The replacement expression.
+
+NOTE:
+The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
diff --git a/documentation/language-reference/top-level-functions/D_EXTEND.md b/documentation/language-reference/top-level-functions/D_EXTEND.md
index c2b77abda8..55be8d0822 100644
--- a/documentation/language-reference/top-level-functions/D_EXTEND.md
+++ b/documentation/language-reference/top-level-functions/D_EXTEND.md
@@ -29,7 +29,8 @@ defined as separate domains via separate [`D()`](D.md) statements, then
 not `domain.tld`.
 
 Some operators only act on an apex domain (e.g.
-[`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
+[`CF_SINGLE_REDIRECT`](../domain-modifiers/CF_SINGLE_REDIRECT.md),
+[`CF_REDIRECT`](../domain-modifiers/CF_REDIRECT.md), and [`CF_TEMP_REDIRECT`](../domain-modifiers/CF_TEMP_REDIRECT.md)). Using them
 in a `D_EXTEND` subdomain may not be what you expect.
 
 {% code title="dnsconfig.js" %}
diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index 71a4fe46bc..6a028371ad 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -215,7 +215,7 @@ var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
 });
 ```
 
-New redirects uses the [Single Redirects][https://developers.cloudflare.com/rules/url-forwarding/] product feature.  In this mode, 
+New redirects uses the [Single Redirects][https://developers.cloudflare.com/rules/url-forwarding/] product feature.  In this mode,
 `CF_REDIRECT` and `CF_TEMP_REDIRECT` functions generates Single Redirects.
 
 Enable it using:
@@ -240,7 +240,7 @@ and `manage_single_redirects` to true.
 
 {% hint style="warning" %}
 The conversion process only handles a few, very simple, patterns.
-See `providers/cloudflare/singleredirect_test.go` for a list of patterns
+See `providers/cloudflare/rtypes/cfsingleredirect/convert_test.go` for a list of patterns
 supported.  Please file bugs if you find problems. PRs welcome!
 {% endhint %}
 
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index f0a9d4178f..02ea3129be 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -16,6 +16,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/_all"
 	"github.com/StackExchange/dnscontrol/v4/providers/cloudflare"
+	"github.com/StackExchange/dnscontrol/v4/providers/cloudflare/rtypes/cfsingleredirect"
 	"github.com/miekg/dns/dnsutil"
 )
 
@@ -60,7 +61,7 @@ func getProvider(t *testing.T) (providers.DNSServiceProvider, string, map[string
 		}
 
 		var metadata json.RawMessage
-		// CLOUDFLAREAPI tests related to CF_REDIRECT/CF_TEMP_REDIRECT
+		// CLOUDFLAREAPI tests related to CLOUDFLAREAPI_SINGLE_REDIRECT/CF_REDIRECT/CF_TEMP_REDIRECT
 		// requires metadata to enable this feature.
 		// In hindsight, I have no idea why this metadata flag is required to
 		// use this feature. Maybe because we didn't have the capabilities
@@ -497,6 +498,19 @@ func cfProxyCNAME(name, target, status string) *models.RecordConfig {
 	return r
 }
 
+func cfSingleRedirectEnabled() bool {
+	return ((*enableCFRedirectMode) != "")
+}
+
+func cfSingleRedirect(name string, code any, when, then string) *models.RecordConfig {
+	r := makeRec("@", name, "CLOUDFLAREAPI_SINGLE_REDIRECT")
+	err := cfsingleredirect.FromRaw(r, []any{name, code, when, then})
+	if err != nil {
+		panic("Should not happen... cfSingleRedirect")
+	}
+	return r
+}
+
 func cfWorkerRoute(pattern, target string) *models.RecordConfig {
 	t := fmt.Sprintf("%s,%s", pattern, target)
 	r := makeRec("@", t, "CF_WORKER_ROUTE")
@@ -706,6 +720,9 @@ func tc(desc string, recs ...*models.RecordConfig) *TestCase {
 	var records []*models.RecordConfig
 	var unmanagedItems []*models.UnmanagedConfig
 	for _, r := range recs {
+		if r == nil {
+			continue
+		}
 		switch r.Type {
 		case "IGNORE":
 			unmanagedItems = append(unmanagedItems, &models.UnmanagedConfig{
@@ -806,7 +823,7 @@ func makeTests() []*TestGroup {
 	// Only run this test if all these bool flags are true:
 	//     alltrue(*enableCFWorkers, *anotherFlag, myBoolValue)
 	// NOTE: You can't mix not() and only()
-	//     reset(not("ROUTE53"), only("GCLOUD")),  // ERROR!
+	//     not("ROUTE53"), only("GCLOUD"),  // ERROR!
 	// NOTE: All requires()/not()/only() must appear before any tc().
 
 	// tc()
@@ -1917,11 +1934,21 @@ func makeTests() []*TestGroup {
 
 		testgroup("CF_REDIRECT_CONVERT",
 			only("CLOUDFLAREAPI"),
+			alltrue(cfSingleRedirectEnabled()),
 			tc("start301", cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
 			tc("convert302", cfRedirTemp("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
 			tc("convert301", cfRedir("cnn.**current-domain-no-trailing**/*", "https://www.cnn.com/$1")),
 		),
 
+		testgroup("CLOUDFLAREAPI_SINGLE_REDIRECT",
+			only("CLOUDFLAREAPI"),
+			alltrue(cfSingleRedirectEnabled()),
+			tc("start301", cfSingleRedirect(`name1`, `301`, `http.host eq "cnn.slackoverflow.com"`, `concat("https://www.cnn.com", http.request.uri.path)`)),
+			tc("changecode", cfSingleRedirect(`name1`, `302`, `http.host eq "cnn.slackoverflow.com"`, `concat("https://www.cnn.com", http.request.uri.path)`)),
+			tc("changewhen", cfSingleRedirect(`name1`, `302`, `http.host eq "msnbc.slackoverflow.com"`, `concat("https://www.cnn.com", http.request.uri.path)`)),
+			tc("changethen", cfSingleRedirect(`name1`, `302`, `http.host eq "msnbc.slackoverflow.com"`, `concat("https://www.msnbc.com", http.request.uri.path)`)),
+		),
+
 		// CLOUDFLAREAPI: PROXY
 
 		testgroup("CF_PROXY A create",
diff --git a/models/domain.go b/models/domain.go
index 565bd5067a..5102cf5a69 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -45,6 +45,9 @@ type DomainConfig struct {
 	RegistrarInstance    *RegistrarInstance     `json:"-"`
 	DNSProviderInstances []*DNSProviderInstance `json:"-"`
 
+	// Raw user-input from dnsconfig.js that will be processed into RecordConfigs later:
+	RawRecords []RawRecordConfig `json:"rawrecords,omitempty"`
+
 	// Pending work to do for each provider.  Provider may be a registrar or DSP.
 	pendingCorrectionsMutex sync.Mutex                 // Protect pendingCorrections*
 	pendingCorrections      map[string]([]*Correction) // Work to be done for each provider
@@ -127,7 +130,7 @@ func (dc *DomainConfig) Punycode() error {
 				return err
 			}
 			rec.SetTarget(t)
-		case "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
+		case "CLOUDFLAREAPI_SINGLE_REDIRECT", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE":
 			rec.SetTarget(rec.GetTargetField())
 		case "A", "AAAA", "CAA", "DHCID", "DNSKEY", "DS", "HTTPS", "LOC", "NAPTR", "SOA", "SSHFP", "SVCB", "TXT", "TLSA", "AZURE_ALIAS":
 			// Nothing to do.
diff --git a/models/rawrecord.go b/models/rawrecord.go
new file mode 100644
index 0000000000..47d30ef189
--- /dev/null
+++ b/models/rawrecord.go
@@ -0,0 +1,12 @@
+package models
+
+// RawRecordConfig stores the user-input from dnsconfig.js for a DNS
+// Record.  This is later processed (in Go) to become a RecordConfig.
+// NOTE: Only newer rtypes are processed this way.  Eventually the
+// legacy types will be converted.
+type RawRecordConfig struct {
+	Type  string           `json:"type"`
+	Args  []any            `json:"args,omitempty"`
+	Metas []map[string]any `json:"metas,omitempty"`
+	TTL   uint32           `json:"ttl,omitempty"`
+}
diff --git a/models/record.go b/models/record.go
index b8c8052333..0de836535e 100644
--- a/models/record.go
+++ b/models/record.go
@@ -91,8 +91,8 @@ import (
 type RecordConfig struct {
 	Type      string            `json:"type"` // All caps rtype name.
 	Name      string            `json:"name"` // The short name. See above.
+	NameFQDN  string            `json:"-"`    // Must end with ".$origin". See above.
 	SubDomain string            `json:"subdomain,omitempty"`
-	NameFQDN  string            `json:"-"` // Must end with ".$origin". See above.
 	target    string            // If a name, must end with "."
 	TTL       uint32            `json:"ttl,omitempty"`
 	Metadata  map[string]string `json:"meta,omitempty"`
@@ -154,15 +154,15 @@ type CloudflareSingleRedirectConfig struct {
 	//
 	Code int `json:"code,omitempty"` // 301 or 302
 	// PR == PageRule
-	PRDisplay     string `json:"pr_display,omitempty"` // How is this displayed to the user
-	PRMatcher     string `json:"pr_matcher,omitempty"`
-	PRReplacement string `json:"pr_replacement,omitempty"`
-	PRPriority    int    `json:"pr_priority,omitempty"` // Really an identifier for the rule.
+	PRDisplay  string `json:"pr_display,omitempty"` // How is this displayed to the user
+	PRWhen     string `json:"pr_when,omitempty"`
+	PRThen     string `json:"pr_then,omitempty"`
+	PRPriority int    `json:"pr_priority,omitempty"` // Really an identifier for the rule.
 	//
 	// SR == SingleRedirect
 	SRDisplay        string `json:"sr_display,omitempty"` // How is this displayed to the user
-	SRMatcher        string `json:"sr_matcher,omitempty"`
-	SRReplacement    string `json:"sr_replacement,omitempty"`
+	SRWhen           string `json:"sr_when,omitempty"`
+	SRThen           string `json:"sr_then,omitempty"`
 	SRRRulesetID     string `json:"sr_rulesetid,omitempty"`
 	SRRRulesetRuleID string `json:"sr_rulesetruleid,omitempty"`
 }
@@ -196,6 +196,7 @@ func (rc *RecordConfig) UnmarshalJSON(b []byte) error {
 		TTL       uint32            `json:"ttl,omitempty"`
 		Metadata  map[string]string `json:"meta,omitempty"`
 		Original  interface{}       `json:"-"` // Store pointer to provider-specific record object. Used in diffing.
+		Args      []any             `json:"args,omitempty"`
 
 		MxPreference     uint16            `json:"mxpreference,omitempty"`
 		SrvPriority      uint16            `json:"srvpriority,omitempty"`
@@ -612,7 +613,7 @@ func Downcase(recs []*RecordConfig) {
 			// Target is case insensitive. Downcase it.
 			r.target = strings.ToLower(r.target)
 			// BUGFIX(tlim): isn't ALIAS in the wrong case statement?
-		case "A", "CAA", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "DHCID", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
+		case "A", "CAA", "CLOUDFLAREAPI_SINGLE_REDIRECT", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "DHCID", "IMPORT_TRANSFORM", "LOC", "SSHFP", "TXT":
 			// Do nothing. (IP address or case sensitive target)
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
@@ -636,7 +637,7 @@ func CanonicalizeTargets(recs []*RecordConfig, origin string) {
 		case "ALIAS", "ANAME", "CNAME", "DNAME", "DS", "DNSKEY", "MX", "NS", "NAPTR", "PTR", "SRV":
 			// Target is a hostname that might be a shortname. Turn it into a FQDN.
 			r.target = dnsutil.AddOrigin(r.target, originFQDN)
-		case "A", "AKAMAICDN", "CAA", "DHCID", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "HTTPS", "IMPORT_TRANSFORM", "LOC", "SSHFP", "SVCB", "TLSA", "TXT":
+		case "A", "AKAMAICDN", "CAA", "DHCID", "CLOUDFLAREAPI_SINGLE_REDIRECT", "CF_REDIRECT", "CF_TEMP_REDIRECT", "CF_WORKER_ROUTE", "HTTPS", "IMPORT_TRANSFORM", "LOC", "SSHFP", "SVCB", "TLSA", "TXT":
 			// Do nothing.
 		case "SOA":
 			if r.target != "DEFAULT_NOT_SET." {
diff --git a/pkg/cloudflare-go/rulesets.go b/pkg/cloudflare-go/rulesets.go
index 8b1ad430a5..2a960fc2c5 100644
--- a/pkg/cloudflare-go/rulesets.go
+++ b/pkg/cloudflare-go/rulesets.go
@@ -874,6 +874,7 @@ func (api *API) UpdateEntrypointRuleset(ctx context.Context, rc *ResourceContain
 	}
 
 	uri := fmt.Sprintf("/%s/%s/rulesets/phases/%s/entrypoint", rc.Level, rc.Identifier, params.Phase)
+	//fmt.Printf("DEBUG: update: uri=%v\n", uri)
 	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
 	if err != nil {
 		return Ruleset{}, err
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 6697020664..ab6870c0e5 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -104,6 +104,7 @@ function newDomain(name, registrar) {
         registrar: registrar,
         meta: {},
         records: [],
+        rawrecords: [],
         recordsabsent: [],
         dnsProviders: {},
         defaultTTL: 0,
@@ -1097,6 +1098,7 @@ function recordBuilder(type, opts) {
             // Handle D_EXTEND() with subdomains.
             if (
                 d.subdomain &&
+                record.type != 'CF_SINGLE_REDIRECT' &&
                 record.type != 'CF_REDIRECT' &&
                 record.type != 'CF_TEMP_REDIRECT' &&
                 record.type != 'CF_WORKER_ROUTE'
@@ -1915,3 +1917,73 @@ var DISABLE_REPEATED_DOMAIN_CHECK = { skip_fqdn_check: 'true' };
 // D("bar.com", ...
 //     A("foo.bar.com", "10.1.1.1", DISABLE_REPEATED_DOMAIN_CHECK),
 // )
+
+// ============================================================
+
+// RTYPES
+
+// Background:
+// Old-style commands: Commands built using recordBuild() are the original
+// style.  They all validation and pre-processing here in helpers.js. This
+// seemed like a good idea at the time, but in hindsight it puts a burden on the
+// developer to know both Javascript and go.
+
+// New-style commands: Command built using rawrecordBuilder() are the new style.
+// They simply pack up the arguments listed in dnsconfig.js and store them in
+// .rawrecords. This is passed to the Go code, which is responsible for all
+// validation, pre-processing, etc.  The benefit is this minimizes the need for
+// Javascript knowledge, and allows us to use the testing platform build into
+// Go.
+
+function rawrecordBuilder(type) {
+
+    return function () {
+
+        // Copy the raw args:
+        var rawArgs = [];
+        for (var i = 0; i < arguments.length; i++) {
+            rawArgs.push(arguments[i]);
+        }
+
+        return function (d) {
+
+             var record = {
+                 type: type,
+             };
+
+            // Process the args: Functions are executed, objects are assumed to
+            // be meta and stored, strings are assumed to be args and are
+            // stored.
+            // NB(tlim): Allowing for the intermixing of args and meta seems
+            // bad.  It might be better to simply preserve the first n items as
+            // args, then assume the rest are metas. That would be more similar
+            // to the old style functions. However at this time I can't think of
+            // a reason this isn't sufficient.
+            var processedArgs = [];
+            var processedMetas = [];
+            for (var i = 0; i < rawArgs.length; i++) {
+                var r = rawArgs[i];
+                if (_.isFunction(r)) {
+                  r(record);
+                } else if (_.isObject(r)) {
+                  processedMetas.push(r);
+                } else {
+                  processedArgs.push(r);
+                }
+            };
+            // Store the processed args.
+            record.args = processedArgs;
+            record.metas = processedMetas;
+
+            // Add this raw record to the list of records.
+            d.rawrecords.push(record);
+
+            return record;
+        };
+    };
+}
+
+// PLEASE KEEP THIS LIST ALPHABETICAL!
+
+// CLOUDFLAREAPI:
+var CF_SINGLE_REDIRECT = rawrecordBuilder('CLOUDFLAREAPI_SINGLE_REDIRECT');
diff --git a/pkg/js/js_test.go b/pkg/js/js_test.go
index 9b1ef438ad..ae09ba00b4 100644
--- a/pkg/js/js_test.go
+++ b/pkg/js/js_test.go
@@ -86,7 +86,7 @@ func TestParsedFiles(t *testing.T) {
 			as := string(actualJSON)
 			_, _ = es, as
 			// When debugging, leave behind the actual result:
-			//os.WriteFile(expectedFile+".ACTUAL", []byte(as), 0644)
+			os.WriteFile(expectedFile+".ACTUAL", []byte(as), 0644) // Leave behind the actual result:
 			testifyrequire.JSONEqf(t, es, as, "EXPECTING %q = \n```\n%s\n```", expectedFile, as)
 
 			// For each domain, if there is a zone file, test against it:
diff --git a/pkg/js/parse_tests/050-cfSingleRedirect.js b/pkg/js/parse_tests/050-cfSingleRedirect.js
new file mode 100644
index 0000000000..6f221b66ac
--- /dev/null
+++ b/pkg/js/parse_tests/050-cfSingleRedirect.js
@@ -0,0 +1,8 @@
+D("foo.com","none",
+    A("name1", "1.2.3.4", { meta: "value" } ),
+    CF_SINGLE_REDIRECT("name1", 301, "when1", "then1"),
+    CF_SINGLE_REDIRECT("name2", 302, "when2", "then2"),
+    CF_SINGLE_REDIRECT("name3", "301", "when3", "then3"),
+    CF_SINGLE_REDIRECT("namettl", 302, "whenttl", "thenttl", TTL(999)),
+    CF_SINGLE_REDIRECT("namemeta", 302, "whenmeta", "thenmeta", { metastr: "stringy"}, { metanum: 22 } )
+);
diff --git a/pkg/js/parse_tests/050-cfSingleRedirect.json b/pkg/js/parse_tests/050-cfSingleRedirect.json
new file mode 100644
index 0000000000..8b4965c31f
--- /dev/null
+++ b/pkg/js/parse_tests/050-cfSingleRedirect.json
@@ -0,0 +1,77 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "foo.com",
+      "registrar": "none",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "A",
+          "name": "name1",
+          "meta": {
+            "meta": "value"
+          },
+          "target": "1.2.3.4"
+        }
+      ],
+      "rawrecords": [
+        {
+          "type": "CLOUDFLAREAPI_SINGLE_REDIRECT",
+          "args": [
+            "name1",
+            301,
+            "when1",
+            "then1"
+          ]
+        },
+        {
+          "type": "CLOUDFLAREAPI_SINGLE_REDIRECT",
+          "args": [
+            "name2",
+            302,
+            "when2",
+            "then2"
+          ]
+        },
+        {
+          "type": "CLOUDFLAREAPI_SINGLE_REDIRECT",
+          "args": [
+            "name3",
+            "301",
+            "when3",
+            "then3"
+          ]
+        },
+        {
+          "type": "CLOUDFLAREAPI_SINGLE_REDIRECT",
+          "args": [
+            "namettl",
+            302,
+            "whenttl",
+            "thenttl"
+          ],
+          "ttl": 999
+        },
+        {
+          "type": "CLOUDFLAREAPI_SINGLE_REDIRECT",
+          "args": [
+            "namemeta",
+            302,
+            "whenmeta",
+            "thenmeta"
+          ],
+          "metas": [
+            {
+              "metastr": "stringy"
+            },
+            {
+              "metanum": 22
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index acff2857f8..06d9d5b9a0 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rtypecontrol"
 	"github.com/StackExchange/dnscontrol/v4/pkg/transform"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns"
@@ -78,7 +79,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"TXT":              true,
 	}
 	_, ok := validTypes[rec.Type]
-	if !ok {
+	if !ok || rtypecontrol.IsValid(rec.Type) {
 		cType := providers.GetCustomRecordType(rec.Type)
 		if cType == nil {
 			return fmt.Errorf("unsupported record type (%v) domain=%v name=%v", rec.Type, domain, rec.GetLabel())
diff --git a/pkg/rtypecontrol/rtypecontrol.go b/pkg/rtypecontrol/rtypecontrol.go
new file mode 100644
index 0000000000..83e8a579e4
--- /dev/null
+++ b/pkg/rtypecontrol/rtypecontrol.go
@@ -0,0 +1,18 @@
+package rtypecontrol
+
+var validTypes = map[string]struct{}{}
+
+func Register(t string) {
+	// Does this already exist?
+	if _, ok := validTypes[t]; ok {
+		panic("rtype %q already registered. Can't register it a second time!")
+	}
+
+	validTypes[t] = struct{}{}
+
+}
+
+func IsValid(t string) bool {
+	_, ok := validTypes[t]
+	return ok
+}
diff --git a/pkg/rtypecontrol/validate.go b/pkg/rtypecontrol/validate.go
new file mode 100644
index 0000000000..b4d649a7bf
--- /dev/null
+++ b/pkg/rtypecontrol/validate.go
@@ -0,0 +1,43 @@
+package rtypecontrol
+
+import (
+	"fmt"
+	"strconv"
+)
+
+// CheckArgTypes validates that the items in args are of appropriate types. argTypes is a string: "ssi" means the args should be string, string, int.
+// 's': Valid only if string.
+// 'i': Valid only if int, float64, or a string that Atoi() can convert to an int.
+func CheckArgTypes(args []any, argTypes string) error {
+
+	if len(args) != len(argTypes) {
+		return fmt.Errorf("wrong number of arguments. Expected %v, got %v", len(argTypes), len(args))
+	}
+
+	for i, at := range argTypes {
+		arg := args[i]
+		switch at {
+
+		case 'i':
+			if s, ok := arg.(string); ok { // Is this a string-encoded int?
+				ni, err := strconv.Atoi(s)
+				if err != nil {
+					return fmt.Errorf("value %q is type %T, expected INT", arg, arg)
+				}
+				args[i] = ni
+			} else if _, ok := arg.(float64); ok {
+				args[i] = int(arg.(float64))
+			} else if _, ok := arg.(int); !ok {
+				return fmt.Errorf("value %q is type %T, expected INT", arg, arg)
+			}
+
+		case 's':
+			if _, ok := arg.(string); !ok {
+				return fmt.Errorf("value %q is type %T, expected STRING", arg, arg)
+			}
+
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/rtypecontrol/validate_test.go b/pkg/rtypecontrol/validate_test.go
new file mode 100644
index 0000000000..f803d6f584
--- /dev/null
+++ b/pkg/rtypecontrol/validate_test.go
@@ -0,0 +1,51 @@
+package rtypecontrol
+
+import "testing"
+
+func TestValidateArgs(t *testing.T) {
+	tests := []struct {
+		name     string
+		dataArgs []any
+		dataRule string
+		wantErr  bool
+	}{
+		{
+			name:     "string",
+			dataArgs: []any{"one"},
+			dataRule: "s",
+			wantErr:  false,
+		},
+		{
+			name:     "int to string",
+			dataArgs: []any{100},
+			dataRule: "s",
+			wantErr:  true,
+		},
+
+		{
+			name:     "int",
+			dataArgs: []any{int(1)},
+			dataRule: "i",
+			wantErr:  false,
+		},
+		{
+			name:     "string to int",
+			dataArgs: []any{"111"},
+			dataRule: "i",
+			wantErr:  false,
+		},
+		{
+			name:     "txt to int",
+			dataArgs: []any{"one"},
+			dataRule: "i",
+			wantErr:  true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := CheckArgTypes(tt.dataArgs, tt.dataRule); (err != nil) != tt.wantErr {
+				t.Errorf("ValidateArgs() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
diff --git a/pkg/rtypes/postprocess.go b/pkg/rtypes/postprocess.go
new file mode 100644
index 0000000000..c38abc6ba0
--- /dev/null
+++ b/pkg/rtypes/postprocess.go
@@ -0,0 +1,61 @@
+package rtypes
+
+import (
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/providers/cloudflare/rtypes/cfsingleredirect"
+)
+
+func PostProcess(domains []*models.DomainConfig) error {
+
+	var err error
+
+	for _, dc := range domains {
+		fmt.Printf("DOMAIN: %d %s\n", len(dc.Records), dc.Name)
+
+		for _, rawRec := range dc.RawRecords {
+			rec := &models.RecordConfig{
+				Type:     rawRec.Type,
+				TTL:      rawRec.TTL,
+				Name:     rawRec.Args[0].(string),
+				Metadata: map[string]string{},
+			}
+
+			// Copy the metadata (convert everything to string)
+			for _, m := range rawRec.Metas {
+				for mk, mv := range m {
+					if v, ok := mv.(string); ok {
+						rec.Metadata[mk] = v // Already a string. No new malloc.
+					} else {
+						rec.Metadata[mk] = fmt.Sprintf("%v", mv)
+					}
+				}
+			}
+
+			// Call the proper initialize function.
+			// TODO(tlim): Good candiate for an interface or a lookup table.
+			switch rawRec.Type {
+
+			case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+				rec.Name = rawRec.Args[0].(string)
+				err = cfsingleredirect.FromRaw(rec, rawRec.Args)
+
+			default:
+				err = fmt.Errorf("unknown rawrec type=%q", rawRec.Type)
+			}
+			if err != nil {
+				return fmt.Errorf("%s (%q, %q) record error: %w", rawRec.Type, rec.Name, dc.Name, err)
+			}
+
+			// Free memeory:
+			clear(rawRec.Args)
+			rawRec.Args = nil
+
+			dc.Records = append(dc.Records, rec)
+		}
+		dc.RawRecords = nil
+	}
+
+	return nil
+}
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 62745b40a5..82a90a237b 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -17,6 +17,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/pkg/transform"
 	"github.com/StackExchange/dnscontrol/v4/providers"
+	"github.com/StackExchange/dnscontrol/v4/providers/cloudflare/rtypes/cfsingleredirect"
 	"github.com/cloudflare/cloudflare-go"
 	"github.com/fatih/color"
 )
@@ -68,6 +69,8 @@ func init() {
 		RecordAuditor: AuditRecords,
 	}
 	providers.RegisterDomainServiceProviderType("CLOUDFLAREAPI", fns, features)
+	providers.RegisterCustomRecordType("rtype", "CLOUDFLAREAPI", "")
+	//providers.RegisterCustomRecordType("CF_SINGLE_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_TEMP_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_WORKER_ROUTE", "CLOUDFLAREAPI", "")
@@ -341,6 +344,9 @@ func (c *cloudflareProvider) mkCreateCorrection(newrec *models.RecordConfig, dom
 			F:   func() error { return c.createWorkerRoute(domainID, newrec.GetTargetField()) },
 		}}
 	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+		//fmt.Printf("DEBUG: mkCreateSingleRedir: newrec=%+v\n", *newrec)
+		//fmt.Printf("DEBUG: mkCreateSingleRedir: crn=%+v\n", (*newrec).CloudflareRedirect)
+		//fmt.Printf("DEBUG: mkCreateSingleRedir: cr=%+v\n", (*newrec).CloudflareRedirect)
 		return []*models.Correction{{
 			Msg: msg,
 			F: func() error {
@@ -557,15 +563,13 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 			}
 		}
 
-		// CF_REDIRECT record types. Encode target as $FROM,$TO,$PRIO,$CODE
+		// CF_REDIRECT record types. Encode target as
+		// $FROM,$TO,$PRIO,$CODE or build Cfsr struct for new-style
+		// (Single Redirect) versions.
 		if rec.Type == "CF_REDIRECT" || rec.Type == "CF_TEMP_REDIRECT" {
 			if !c.manageRedirects && !c.manageSingleRedirects {
 				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_REDIRECT/CF_TEMP_REDIRECT records")
 			}
-			// parts := strings.Split(rec.GetTargetField(), ",")
-			// if len(parts) != 2 {
-			// 	return fmt.Errorf("invalid data specified for cloudflare redirect record")
-			// }
 			code := 301
 			if rec.Type == "CF_TEMP_REDIRECT" {
 				code = 302
@@ -574,7 +578,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 			if c.manageRedirects && !c.manageSingleRedirects {
 				// Old-Style only.  Convert this record to PAGE_RULE.
 				//printer.Printf("DEBUG: prepro() target=%q\n", rec.GetTargetField())
-				sr, err := newCfsrFromUserInput(rec.GetTargetField(), code, currentPrPrio)
+				sr, err := cfsingleredirect.FromUserInput(rec.GetTargetField(), code, currentPrPrio)
 				if err != nil {
 					return err
 				}
@@ -582,7 +586,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 				currentPrPrio++
 			} else if !c.manageRedirects && c.manageSingleRedirects {
 				// New-Style only.  Convert this record to a CLOUDFLAREAPI_SINGLE_REDIRECT.
-				sr, err := newCfsrFromUserInput(rec.GetTargetField(), code, currentPrPrio)
+				sr, err := cfsingleredirect.FromUserInput(rec.GetTargetField(), code, currentPrPrio)
 				if err != nil {
 					return err
 				}
@@ -602,7 +606,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 				}
 
 				// The copy becomes the CF SingleRedirect
-				sr, err := newCfsrFromUserInput(target, code, currentPrPrio)
+				sr, err := cfsingleredirect.FromUserInput(target, code, currentPrPrio)
 				if err != nil {
 					return err
 				}
@@ -615,7 +619,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 				dc.Records = append(dc.Records, newRec)
 
 				// The original becomes the PAGE_RULE:
-				sr, err = newCfsrFromUserInput(target, code, currentPrPrio)
+				sr, err = cfsingleredirect.FromUserInput(target, code, currentPrPrio)
 				if err != nil {
 					return err
 				}
@@ -624,10 +628,15 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 
 			}
 
-		}
+		} else if rec.Type == "CLOUDFLAREAPI_SINGLE_REDIRECT" {
+			// CLOUDFLAREAPI_SINGLE_REDIRECT record types.
+			if !c.manageSingleRedirects {
+				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_SINGLE__REDIRECT records")
+			}
+			// Nothing needs to be done.
 
-		// CF_WORKER_ROUTE record types. Encode target as $PATTERN,$SCRIPT
-		if rec.Type == "CF_WORKER_ROUTE" {
+		} else if rec.Type == "CF_WORKER_ROUTE" {
+			// CF_WORKER_ROUTE record types. Encode target as $PATTERN,$SCRIPT
 			parts := strings.Split(rec.GetTargetField(), ",")
 			if len(parts) != 2 {
 				return fmt.Errorf("invalid data specified for cloudflare worker record")
@@ -675,7 +684,7 @@ func fixSingleRedirect(rc *models.RecordConfig, sr *models.CloudflareSingleRedir
 	rc.SetTarget(sr.SRDisplay)
 	rc.CloudflareRedirect = sr
 
-	err := addNewStyleFields(sr)
+	err := cfsingleredirect.AddNewStyleFields(sr)
 	return err
 }
 
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 948d85b7c7..bb6fb5ed80 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -9,6 +9,7 @@ import (
 	"golang.org/x/net/idna"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/providers/cloudflare/rtypes/cfsingleredirect"
 	"github.com/cloudflare/cloudflare-go"
 )
 
@@ -303,10 +304,10 @@ func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*mo
 		r.SetLabel("@", domain)
 
 		// Extract the valuables from the rule, use it to make the sr:
-		srMatcher := pr.Expression
-		srReplacement := pr.ActionParameters.FromValue.TargetURL.Expression
+		srWhen := pr.Expression
+		srThen := pr.ActionParameters.FromValue.TargetURL.Expression
 		code := int(pr.ActionParameters.FromValue.StatusCode)
-		sr := newCfsrFromAPIData(srMatcher, srReplacement, code)
+		sr := cfsingleredirect.FromAPIData(srWhen, srThen, code)
 		//sr.SRRRuleList = rulelist
 		//printer.Printf("DEBUG: DESCRIPTION = %v\n", pr.Description)
 		sr.SRDisplay = pr.Description
@@ -336,15 +337,15 @@ func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.Cl
 	newSingleRedirect := cloudflare.UpdateEntrypointRulesetParams{}
 
 	// Preserve query string if there isn't one in the replacement.
-	preserveQueryString := !strings.Contains(cfr.SRReplacement, "?")
+	preserveQueryString := !strings.Contains(cfr.SRThen, "?")
 
 	newSingleRedirectRulesActionParameters.FromValue = &cloudflare.RulesetRuleActionParametersFromValue{}
 	// Redirect status code
 	newSingleRedirectRulesActionParameters.FromValue.StatusCode = uint16(cfr.Code)
 	// Incoming request expression
-	newSingleRedirectRules[0].Expression = cfr.SRMatcher
+	newSingleRedirectRules[0].Expression = cfr.SRWhen
 	// Redirect expression
-	newSingleRedirectRulesActionParameters.FromValue.TargetURL.Expression = cfr.SRReplacement
+	newSingleRedirectRulesActionParameters.FromValue.TargetURL.Expression = cfr.SRThen
 	// Redirect name
 	newSingleRedirectRules[0].Description = cfr.SRDisplay
 	// Rule action, should always be redirect in this case
@@ -449,7 +450,7 @@ func (c *cloudflareProvider) getPageRules(id string, domain string) ([]*models.R
 			code)
 		r.SetTarget(raw)
 
-		cr, err := newCfsrFromUserInput(raw, code, pr.Priority)
+		cr, err := cfsingleredirect.FromUserInput(raw, code, pr.Priority)
 		if err != nil {
 			return nil, err
 		}
@@ -485,18 +486,18 @@ func (c *cloudflareProvider) createPageRule(domainID string, cfr models.Cloudfla
 	// printer.Printf("DEBUG: pr.PageRule code   = %v\n", code)
 	priority := cfr.PRPriority
 	code := cfr.Code
-	matcher := cfr.PRMatcher
-	replacement := cfr.PRReplacement
+	prWhen := cfr.PRWhen
+	prThen := cfr.PRThen
 	pr := cloudflare.PageRule{
 		Status:   "active",
 		Priority: priority,
 		Targets: []cloudflare.PageRuleTarget{
-			{Target: "url", Constraint: pageRuleConstraint{Operator: "matches", Value: matcher}},
+			{Target: "url", Constraint: pageRuleConstraint{Operator: "matches", Value: prWhen}},
 		},
 		Actions: []cloudflare.PageRuleAction{
 			{ID: "forwarding_url", Value: &pageRuleFwdInfo{
 				StatusCode: code,
-				URL:        replacement,
+				URL:        prThen,
 			}},
 		},
 	}
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
new file mode 100644
index 0000000000..938e8ca742
--- /dev/null
+++ b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
@@ -0,0 +1,56 @@
+package cfsingleredirect
+
+import (
+	"fmt"
+	"strconv"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rtypecontrol"
+)
+
+func init() {
+	rtypecontrol.Register("CLOUDFLAREAPI_SINGLE_REDIRECT")
+}
+
+func FromRaw(rc *models.RecordConfig, items []any) error {
+
+	var err error
+
+	// Validate types.
+	if err := rtypecontrol.CheckArgTypes(items, "siss"); err != nil {
+		return err
+	}
+
+	// Unpack the args:
+	var name, when, then string
+	var code int
+
+	name = items[0].(string)
+
+	ucode := items[1]
+	switch v := ucode.(type) {
+	case int:
+		code = v
+	case float64:
+		code = int(v)
+	case string:
+		code, err = strconv.Atoi(v)
+		if err != nil {
+			return err
+		}
+	default:
+		return fmt.Errorf("code %q unexpected type %T", ucode, v)
+	}
+
+	if code != 301 && code != 302 {
+		return fmt.Errorf("code (%03d) is not 301 or 302", code)
+	}
+
+	when, then = items[2].(string), items[3].(string)
+
+	rc.Name = name
+	rc.CloudflareRedirect = FromAPIData(when, then, code)
+	rc.SetTarget(rc.CloudflareRedirect.SRDisplay)
+
+	return nil
+}
diff --git a/providers/cloudflare/singleredirect.go b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
similarity index 51%
rename from providers/cloudflare/singleredirect.go
rename to providers/cloudflare/rtypes/cfsingleredirect/convert.go
index 71d67012dd..7a16ba27e7 100644
--- a/providers/cloudflare/singleredirect.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
@@ -1,4 +1,4 @@
-package cloudflare
+package cfsingleredirect
 
 import (
 	"fmt"
@@ -9,7 +9,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 )
 
-func newCfsrFromUserInput(target string, code int, priority int) (*models.CloudflareSingleRedirectConfig, error) {
+func FromUserInput(target string, code int, priority int) (*models.CloudflareSingleRedirectConfig, error) {
 	// target: matcher,replacement,priority,code
 	// target: cable.slackoverflow.com/*,https://change.cnn.com/$1,1,302
 
@@ -19,68 +19,54 @@ func newCfsrFromUserInput(target string, code int, priority int) (*models.Cloudf
 	parts := strings.Split(target, ",")
 	//printer.Printf("DEBUG: cfsrFromOldStyle: parts=%v\n", parts)
 	r.PRDisplay = fmt.Sprintf("%s,%d,%03d", target, priority, code)
-	r.PRMatcher = parts[0]
-	r.PRReplacement = parts[1]
+	r.PRWhen = parts[0]
+	r.PRThen = parts[1]
 	r.PRPriority = priority
 	r.Code = code
 
 	// Convert old-style to new-style:
-	if err := addNewStyleFields(r); err != nil {
+	if err := AddNewStyleFields(r); err != nil {
 		return nil, err
 	}
 	return r, nil
 }
 
-func newCfsrFromAPIData(sm, sr string, code int) *models.CloudflareSingleRedirectConfig {
-	r := &models.CloudflareSingleRedirectConfig{
-		PRMatcher:     "UNKNOWABLE",
-		PRReplacement: "UNKNOWABLE",
-		//PRPriority:    0,
-		Code:          code,
-		SRMatcher:     sm,
-		SRReplacement: sr,
-	}
-	return r
-}
-
-// addNewStyleFields takes a PAGE_RULE-style target and populates the CFSRC.
-func addNewStyleFields(sr *models.CloudflareSingleRedirectConfig) error {
+// AddNewStyleFields takes a PAGE_RULE-style target and populates the CFSRC.
+func AddNewStyleFields(sr *models.CloudflareSingleRedirectConfig) error {
 
 	// Extract the fields we're reading from:
-	prMatcher := sr.PRMatcher
-	prReplacement := sr.PRReplacement
+	prWhen := sr.PRWhen
+	prThen := sr.PRThen
 	code := sr.Code
 
 	// Convert old-style patterns to new-style rules:
-	srMatcher, srReplacement, err := makeRuleFromPattern(prMatcher, prReplacement, code != 301)
+	srWhen, srThen, err := makeRuleFromPattern(prWhen, prThen)
 	if err != nil {
 		return err
 	}
-	display := fmt.Sprintf(`%s,%s,%d,%03d matcher=%q replacement=%q`,
-		prMatcher, prReplacement,
+	display := fmt.Sprintf(`%s,%s,%d,%03d matcher=%s replacement=%s`,
+		prWhen, prThen,
 		sr.PRPriority, code,
-		srMatcher, srReplacement,
+		srWhen, srThen,
 	)
 
 	// Store the results in the fields we're writing to:
-	sr.SRMatcher = srMatcher
-	sr.SRReplacement = srReplacement
+	sr.SRWhen = srWhen
+	sr.SRThen = srThen
 	sr.SRDisplay = display
 
 	return nil
 }
 
 // makeRuleFromPattern compile old-style patterns and replacements into new-style rules and expressions.
-func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, string, error) {
+func makeRuleFromPattern(pattern, replacement string) (string, string, error) {
 
-	_ = temporary // Prevents error due to this variable not (yet) being used
-
-	var matcher, expr string
+	var srWhen, srThen string
 	var err error
 
-	var host, path string
+	var phost, ppath string
 	origPattern := pattern
-	pattern, host, path, err = normalizeURL(pattern)
+	pattern, phost, ppath, err = normalizeURL(pattern)
 	_ = pattern
 	if err != nil {
 		return "", "", err
@@ -96,38 +82,41 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 	// TODO(tlim): This could be a lot faster by not repeating itself so much.
 	// However I want to get it working before it is optimized.
 
-	// pattern -> matcher
+	// "pr" is Page Rule (old style)
+	// "sr" is Static Rule (new style)
+	// prWhen + prThen is the old-style matching pattern and replacement pattern.
+	// srWhen + srThen is the new-style matching rule and replacement expression.
 
-	if !strings.Contains(host, `*`) && (path == `/` || path == "") {
+	if !strings.Contains(phost, `*`) && (ppath == `/` || ppath == "") {
 		// https://i.sstatic.net/  (No Wildcards)
-		matcher = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, host, "/")
+		srWhen = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, phost, "/")
 
-	} else if !strings.Contains(host, `*`) && (path == `/*`) {
+	} else if !strings.Contains(phost, `*`) && (ppath == `/*`) {
 		// https://i.stack.imgur.com/*
-		matcher = fmt.Sprintf(`http.host eq "%s"`, host)
+		srWhen = fmt.Sprintf(`http.host eq "%s"`, phost)
 
-	} else if !strings.Contains(host, `*`) && !strings.Contains(path, "*") {
+	} else if !strings.Contains(phost, `*`) && !strings.Contains(ppath, "*") {
 		// https://insights.stackoverflow.com/trends
-		matcher = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, host, path)
+		srWhen = fmt.Sprintf(`http.host eq "%s" and http.request.uri.path eq "%s"`, phost, ppath)
 
-	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && !strings.Contains(path, "*") {
+	} else if phost[0] == '*' && strings.Count(phost, `*`) == 1 && !strings.Contains(ppath, "*") {
 		// *stackoverflow.careers/  (wildcard at beginning only)
-		matcher = fmt.Sprintf(`( http.host eq "%s" or ends_with(http.host, ".%s") ) and http.request.uri.path eq "%s"`, host[1:], host[1:], path)
+		srWhen = fmt.Sprintf(`( http.host eq "%s" or ends_with(http.host, ".%s") ) and http.request.uri.path eq "%s"`, phost[1:], phost[1:], ppath)
 
-	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && path == "/*" {
+	} else if phost[0] == '*' && strings.Count(phost, `*`) == 1 && ppath == "/*" {
 		// *stackoverflow.careers/*  (wildcard at beginning and end)
-		matcher = fmt.Sprintf(`http.host eq "%s" or ends_with(http.host, ".%s")`, host[1:], host[1:])
+		srWhen = fmt.Sprintf(`http.host eq "%s" or ends_with(http.host, ".%s")`, phost[1:], phost[1:])
 
-	} else if strings.Contains(host, `*`) && path == "/*" {
+	} else if strings.Contains(phost, `*`) && ppath == "/*" {
 		// meta.*yodeya.com/* (wildcard in host)
-		h := simpleGlobToRegex(host)
-		matcher = fmt.Sprintf(`http.host matches r###"%s"###`, h)
+		h := simpleGlobToRegex(phost)
+		srWhen = fmt.Sprintf(`http.host matches r###"%s"###`, h)
 
-	} else if !strings.Contains(host, `*`) && strings.Count(path, `*`) == 1 && strings.HasSuffix(path, "*") {
+	} else if !strings.Contains(phost, `*`) && strings.Count(ppath, `*`) == 1 && strings.HasSuffix(ppath, "*") {
 		// domain.tld/.well-known* (wildcard in path)
-		matcher = fmt.Sprintf(`(starts_with(http.request.uri.path, "%s") and http.host eq "%s")`,
-			path[0:len(path)-1],
-			host)
+		srWhen = fmt.Sprintf(`(starts_with(http.request.uri.path, "%s") and http.host eq "%s")`,
+			ppath[0:len(ppath)-1],
+			phost)
 
 	}
 
@@ -135,40 +124,51 @@ func makeRuleFromPattern(pattern, replacement string, temporary bool) (string, s
 
 	if !strings.Contains(replacement, `$`) {
 		//  https://stackexchange.com/ (no substitutions)
-		expr = fmt.Sprintf(`concat("%s", "")`, replacement)
+		srThen = fmt.Sprintf(`concat("%s", "")`, replacement)
+
+	} else if phost[0] == '*' && strings.Count(phost, `*`) == 1 && strings.Count(replacement, `$`) == 1 && len(rpath) > 3 && strings.HasSuffix(rpath, "/$2") {
+		// *stackoverflowenterprise.com/* -> https://www.stackoverflowbusiness.com/enterprise/$2
+		srThen = fmt.Sprintf(`concat("https://%s", "%s", http.request.uri.path)`,
+			rhost,
+			rpath[0:len(rpath)-3],
+		)
 
-	} else if host[0] == '*' && strings.Count(host, `*`) == 1 && strings.Count(replacement, `$`) == 1 && len(rpath) > 3 && strings.HasSuffix(rpath, "/$2") {
+	} else if phost[0] == '*' && strings.Count(phost, `*`) == 1 && strings.Count(replacement, `$`) == 1 && len(rpath) > 3 && strings.HasSuffix(rpath, "/$2") {
 		// *stackoverflowenterprise.com/* -> https://www.stackoverflowbusiness.com/enterprise/$2
-		expr = fmt.Sprintf(`concat("https://%s", "%s", http.request.uri.path)`,
+		srThen = fmt.Sprintf(`concat("https://%s", "%s", http.request.uri.path)`,
 			rhost,
 			rpath[0:len(rpath)-3],
 		)
 
 	} else if strings.Count(replacement, `$`) == 1 && rpath == `/$1` {
 		// https://i.sstatic.net/$1 ($1 at end)
-		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
+		srThen = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
-	} else if strings.Count(host, `*`) == 1 && strings.Count(path, `*`) == 1 &&
+	} else if strings.Count(phost, `*`) == 1 && strings.Count(ppath, `*`) == 1 &&
 		strings.Count(replacement, `$`) == 1 && strings.HasSuffix(rpath, `/$2`) {
 		// https://careers.stackoverflow.com/$2
-		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
+		srThen = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
+
+	} else if strings.Count(replacement, `$`) == 1 && strings.HasSuffix(replacement, `$1`) {
+		// https://social.domain.tld/.well-known$1
+		srThen = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	} else if strings.Count(replacement, `$`) == 1 && strings.HasSuffix(replacement, `$1`) {
 		// https://social.domain.tld/.well-known$1
-		expr = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
+		srThen = fmt.Sprintf(`concat("https://%s", http.request.uri.path)`, rhost)
 
 	}
 
 	// Not implemented
 
-	if matcher == "" {
+	if srWhen == "" {
 		return "", "", fmt.Errorf("conversion not implemented for pattern: %s", origPattern)
 	}
-	if expr == "" {
+	if srThen == "" {
 		return "", "", fmt.Errorf("conversion not implemented for replacement: %s", origReplacement)
 	}
 
-	return matcher, expr, nil
+	return srWhen, srThen, nil
 }
 
 // normalizeURL turns foo.com into https://foo.com and replaces HTTP with HTTPS.
diff --git a/providers/cloudflare/singleredirect_test.go b/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
similarity index 99%
rename from providers/cloudflare/singleredirect_test.go
rename to providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
index 3ca1941c49..88f328edae 100644
--- a/providers/cloudflare/singleredirect_test.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
@@ -1,4 +1,4 @@
-package cloudflare
+package cfsingleredirect
 
 import (
 	"regexp"
@@ -224,7 +224,7 @@ func Test_makeSingleDirectRule(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotMatch, gotExpr, err := makeRuleFromPattern(tt.pattern, tt.replace, true)
+			gotMatch, gotExpr, err := makeRuleFromPattern(tt.pattern, tt.replace)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("makeSingleDirectRule() error = %v, wantErr %v", err, tt.wantErr)
 				return
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/native.go b/providers/cloudflare/rtypes/cfsingleredirect/native.go
new file mode 100644
index 0000000000..bcc1d3dff4
--- /dev/null
+++ b/providers/cloudflare/rtypes/cfsingleredirect/native.go
@@ -0,0 +1,19 @@
+package cfsingleredirect
+
+import (
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+)
+
+func FromAPIData(sm, sr string, code int) *models.CloudflareSingleRedirectConfig {
+	r := &models.CloudflareSingleRedirectConfig{
+		PRWhen:    "UNKNOWABLE",
+		PRThen:    "UNKNOWABLE",
+		Code:      code,
+		SRDisplay: fmt.Sprintf("code=%03d when=(%v) then=(%v)", code, sm, sr),
+		SRWhen:    sm,
+		SRThen:    sr,
+	}
+	return r
+}

From ebf32bfb3b83fbdee5205959390a1c085fa2115f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jul 2024 13:21:29 -0400
Subject: [PATCH 304/438] Build(deps): Bump actions/upload-artifact from 4.3.3
 to 4.3.4 (#3037)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index edc62d9faa..606940ab93 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.3
+    - uses: actions/upload-artifact@v4.3.4
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -206,7 +206,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.3
+    - uses: actions/upload-artifact@v4.3.4
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From 7b286091d5d15c771dc27428729e7f47db082622 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 8 Jul 2024 22:35:35 +0200
Subject: [PATCH 305/438] DOCS: CLOUDFLAREAPI - CF_SINGLE_REDIRECT (#3038)

---
 documentation/SUMMARY.md                                   | 2 +-
 .../domain-modifiers/CF_SINGLE_REDIRECT.md                 | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index e220a0b4de..f96c362273 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -84,8 +84,8 @@
         * Azure DNS
             * [AZURE_ALIAS](language-reference/domain-modifiers/AZURE_ALIAS.md)
         * Cloudflare DNS
-            * [CF_SINGLE_REDIRECT](language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md)
             * [CF_REDIRECT](language-reference/domain-modifiers/CF_REDIRECT.md)
+            * [CF_SINGLE_REDIRECT](language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md)
             * [CF_TEMP_REDIRECT](language-reference/domain-modifiers/CF_TEMP_REDIRECT.md)
             * [CF_WORKER_ROUTE](language-reference/domain-modifiers/CF_WORKER_ROUTE.md)
         * ClouDNS
diff --git a/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
index bfc3561ab4..47e296edd5 100644
--- a/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
@@ -21,7 +21,7 @@ parameter_types:
 This feature manages dynamic "Single Redirects". (Single Redirects can be
 static or dynamic but DNSControl only maintains dynamic redirects).
 
-Cloudflare documentation: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/
+Cloudflare documentation: <https://developers.cloudflare.com/rules/url-forwarding/single-redirects/>
 
 {% code title="dnsconfig.js" %}
 ```javascript
@@ -40,5 +40,6 @@ The fields are:
 * when: What Cloudflare sometimes calls the "rule expression".
 * then: The replacement expression.
 
-NOTE:
-The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
+{% hint style="info" %}
+**NOTE**: The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
+{% endhint %}

From cff63b5d75520d6bbcfbc0f1ce2830d16b57556e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 9 Jul 2024 14:29:27 -0400
Subject: [PATCH 306/438] BUGFIX: Remove debug statement left in by mistake
 (#3041)

---
 commands/types/dnscontrol.d.ts | 5 ++---
 pkg/rtypes/postprocess.go      | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 169073da02..c3b6e70843 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -509,7 +509,7 @@ declare function CF_REDIRECT(source: string, destination: string, ...modifiers:
  * This feature manages dynamic "Single Redirects". (Single Redirects can be
  * static or dynamic but DNSControl only maintains dynamic redirects).
  *
- * Cloudflare documentation: https://developers.cloudflare.com/rules/url-forwarding/single-redirects/
+ * Cloudflare documentation: <https://developers.cloudflare.com/rules/url-forwarding/single-redirects/>
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
@@ -526,8 +526,7 @@ declare function CF_REDIRECT(source: string, destination: string, ...modifiers:
  * * when: What Cloudflare sometimes calls the "rule expression".
  * * then: The replacement expression.
  *
- * NOTE:
- * The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
+ * NOTE: The features [`CF_REDIRECT`](CF_REDIRECT.md) and [`CF_TEMP_REDIRECT`](CF_TEMP_REDIRECT.md) generate `CF_SINGLE_REDIRECT` if enabled in [`CLOUDFLAREAPI`](../../provider/cloudflareapi.md).
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_single_redirect
  */
diff --git a/pkg/rtypes/postprocess.go b/pkg/rtypes/postprocess.go
index c38abc6ba0..bdc5ee6b1e 100644
--- a/pkg/rtypes/postprocess.go
+++ b/pkg/rtypes/postprocess.go
@@ -12,7 +12,7 @@ func PostProcess(domains []*models.DomainConfig) error {
 	var err error
 
 	for _, dc := range domains {
-		fmt.Printf("DOMAIN: %d %s\n", len(dc.Records), dc.Name)
+		//fmt.Printf("DOMAIN: %d %s\n", len(dc.Records), dc.Name)
 
 		for _, rawRec := range dc.RawRecords {
 			rec := &models.RecordConfig{

From 571eaf0244ed45cc794bd586026b01d4c65a5bd5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 9 Jul 2024 14:32:37 -0400
Subject: [PATCH 307/438] CLOUDFLAREAPI: Bugfix: Fix misaligned
 CF_SINGLE_REDIRECT validation (#3042)

---
 pkg/normalize/validate.go                  | 3 +--
 pkg/rtypecontrol/rtypecontrol.go           | 3 +++
 pkg/rtypes/postprocess.go                  | 2 --
 providers/cloudflare/cloudflareProvider.go | 2 --
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 06d9d5b9a0..acff2857f8 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -7,7 +7,6 @@ import (
 	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
-	"github.com/StackExchange/dnscontrol/v4/pkg/rtypecontrol"
 	"github.com/StackExchange/dnscontrol/v4/pkg/transform"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns"
@@ -79,7 +78,7 @@ func validateRecordTypes(rec *models.RecordConfig, domain string, pTypes []strin
 		"TXT":              true,
 	}
 	_, ok := validTypes[rec.Type]
-	if !ok || rtypecontrol.IsValid(rec.Type) {
+	if !ok {
 		cType := providers.GetCustomRecordType(rec.Type)
 		if cType == nil {
 			return fmt.Errorf("unsupported record type (%v) domain=%v name=%v", rec.Type, domain, rec.GetLabel())
diff --git a/pkg/rtypecontrol/rtypecontrol.go b/pkg/rtypecontrol/rtypecontrol.go
index 83e8a579e4..f40fdf48bf 100644
--- a/pkg/rtypecontrol/rtypecontrol.go
+++ b/pkg/rtypecontrol/rtypecontrol.go
@@ -1,5 +1,7 @@
 package rtypecontrol
 
+import "github.com/StackExchange/dnscontrol/v4/providers"
+
 var validTypes = map[string]struct{}{}
 
 func Register(t string) {
@@ -10,6 +12,7 @@ func Register(t string) {
 
 	validTypes[t] = struct{}{}
 
+	providers.RegisterCustomRecordType(t, "", "")
 }
 
 func IsValid(t string) bool {
diff --git a/pkg/rtypes/postprocess.go b/pkg/rtypes/postprocess.go
index bdc5ee6b1e..5f468b9a80 100644
--- a/pkg/rtypes/postprocess.go
+++ b/pkg/rtypes/postprocess.go
@@ -12,7 +12,6 @@ func PostProcess(domains []*models.DomainConfig) error {
 	var err error
 
 	for _, dc := range domains {
-		//fmt.Printf("DOMAIN: %d %s\n", len(dc.Records), dc.Name)
 
 		for _, rawRec := range dc.RawRecords {
 			rec := &models.RecordConfig{
@@ -38,7 +37,6 @@ func PostProcess(domains []*models.DomainConfig) error {
 			switch rawRec.Type {
 
 			case "CLOUDFLAREAPI_SINGLE_REDIRECT":
-				rec.Name = rawRec.Args[0].(string)
 				err = cfsingleredirect.FromRaw(rec, rawRec.Args)
 
 			default:
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 82a90a237b..eb1e0ccdea 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -69,8 +69,6 @@ func init() {
 		RecordAuditor: AuditRecords,
 	}
 	providers.RegisterDomainServiceProviderType("CLOUDFLAREAPI", fns, features)
-	providers.RegisterCustomRecordType("rtype", "CLOUDFLAREAPI", "")
-	//providers.RegisterCustomRecordType("CF_SINGLE_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_TEMP_REDIRECT", "CLOUDFLAREAPI", "")
 	providers.RegisterCustomRecordType("CF_WORKER_ROUTE", "CLOUDFLAREAPI", "")

From f2a709fca016e9c9d07749e9a48d58d67f58f2e0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 9 Jul 2024 14:36:03 -0400
Subject: [PATCH 308/438] CLOUDFLAREAPI: Bugfix: Fix misaligned
 CF_SINGLE_REDIRECT validation (#3044)


From 0ed31efdc9276d423e7832813255ada467816d8e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 9 Jul 2024 15:12:37 -0400
Subject: [PATCH 309/438] CHORE: go generate (#3043)

---
 go.mod | 33 ++++++++++++++--------------
 go.sum | 69 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/go.mod b/go.mod
index ee74ffda6d..e36197c4b4 100644
--- a/go.mod
+++ b/go.mod
@@ -19,13 +19,13 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.30.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.23
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.23
+	github.com/aws/aws-sdk-go-v2/config v1.27.24
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.24
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5
 	github.com/cloudflare/cloudflare-go v0.97.0
 	github.com/digitalocean/godo v1.118.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
@@ -38,7 +38,7 @@ require (
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.61
-	github.com/mittwald/go-powerdns v0.6.2
+	github.com/mittwald/go-powerdns v0.6.3
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
@@ -53,10 +53,10 @@ require (
 	github.com/transip/gotransip/v6 v6.24.0
 	github.com/urfave/cli/v2 v2.27.2
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/net v0.26.0
+	golang.org/x/crypto v0.25.0 // indirect
+	golang.org/x/net v0.27.0
 	golang.org/x/oauth2 v0.21.0
-	google.golang.org/api v0.186.0
+	google.golang.org/api v0.188.0
 	gopkg.in/ns1/ns1-go.v2 v2.11.0
 )
 
@@ -72,15 +72,15 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
+	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
 	golang.org/x/text v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.6.0 // indirect
+	cloud.google.com/go/auth v0.7.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute/metadata v0.4.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
@@ -92,7 +92,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
 	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
@@ -155,13 +155,14 @@ require (
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.22.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
-	google.golang.org/grpc v1.64.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect
+	google.golang.org/grpc v1.64.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 526ae760eb..1bdb3e00b5 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,10 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g=
-cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g=
+cloud.google.com/go/auth v0.7.0 h1:kf/x9B3WTbBUHkC+1VS8wwwli9TzhSt0vSTVBmMR8Ts=
+cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
-cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
-cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c=
+cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
@@ -43,10 +43,10 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o=
 github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
-github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac=
-github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY=
+github.com/aws/aws-sdk-go-v2/config v1.27.24 h1:NM9XicZ5o1CBU/MZaHwFtimRpWx9ohAUAqkG6AqSqPo=
+github.com/aws/aws-sdk-go-v2/config v1.27.24/go.mod h1:aXzi6QJTuQRVVusAO8/NxpdTeTyr/wRcybdDtfUwJSs=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.24 h1:YclAsrnb1/GTQNt2nzv+756Iw4mF8AOzcDfweWwwm/M=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.24/go.mod h1:Hld7tmnAkoBQdTMNYZGzztzKRdA4fCdn9L83LOoigac=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc=
@@ -65,8 +65,8 @@ github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1 h1:uZaxAiNNMPjG+e62A
 github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1/go.mod h1:RtjKHdAJsjzeadr5jgXgKPMn6GXF8y1eXs/VXVYAfrE=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
 github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 h1:ORnrOK0C4WmYV/uYt3koHEWBLYsRDwk2Np+eEoyV4Z0=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
 github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ=
 github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ=
 github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4 h1:KBCS1XYHLlhCdF0w78TRrICzrnWY7WXZnf3QlN+6R+s=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.4/go.mod h1:Q1sepvresNmUKT9CBheBm+7J5jzd/ApD0Ha0VGm/nQ0=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5 h1:z1yCHpDCxChsS8xZRb/7E4XKW3OfGO8IRpS/msnOfYY=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5/go.mod h1:VEvVb1+MamCz0hZrwOCDNK3L6RArOazyKF4ZjWVA2Y0=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -311,8 +311,8 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mittwald/go-powerdns v0.6.2 h1:jNZoW5vPzsQvUQ3BzXEWteHPWoJ1GwcHyF4mSh4YZ7Y=
-github.com/mittwald/go-powerdns v0.6.2/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
+github.com/mittwald/go-powerdns v0.6.3 h1:t7HhWNosL+To+gJ+K4TRh1sZiFtB64ZrRlVvKPkpRGw=
+github.com/mittwald/go-powerdns v0.6.3/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -449,11 +449,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY=
-golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w=
+golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -461,8 +461,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0=
-golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -481,8 +481,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
 golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -522,8 +522,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -558,32 +558,31 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
-golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug=
-google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc=
+google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw=
+google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
-google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 95c7a704344283de0d621ecf4f669d5b3c338cfc Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 9 Jul 2024 21:44:38 -0400
Subject: [PATCH 310/438] REFACTOR: Pave args (not validate) (#3045)

---
 models/record.go                              |  2 +-
 pkg/rtypecontrol/pave.go                      | 50 +++++++++++++++++++
 .../{validate_test.go => pave_test.go}        | 28 ++++++++---
 pkg/rtypecontrol/validate.go                  | 43 ----------------
 providers/cloudflare/cloudflareProvider.go    | 10 ++--
 providers/cloudflare/rest.go                  | 13 +----
 .../cfsingleredirect/cfsingleredirect.go      | 23 ++-------
 .../rtypes/cfsingleredirect/convert.go        |  2 +-
 .../rtypes/cfsingleredirect/native.go         |  2 +-
 9 files changed, 83 insertions(+), 90 deletions(-)
 create mode 100644 pkg/rtypecontrol/pave.go
 rename pkg/rtypecontrol/{validate_test.go => pave_test.go} (52%)
 delete mode 100644 pkg/rtypecontrol/validate.go

diff --git a/models/record.go b/models/record.go
index 0de836535e..efe98dcbd5 100644
--- a/models/record.go
+++ b/models/record.go
@@ -152,7 +152,7 @@ type RecordConfig struct {
 //	When these are used, .target is set to a human-readable version (only to be used for display purposes).
 type CloudflareSingleRedirectConfig struct {
 	//
-	Code int `json:"code,omitempty"` // 301 or 302
+	Code uint16 `json:"code,omitempty"` // 301 or 302
 	// PR == PageRule
 	PRDisplay  string `json:"pr_display,omitempty"` // How is this displayed to the user
 	PRWhen     string `json:"pr_when,omitempty"`
diff --git a/pkg/rtypecontrol/pave.go b/pkg/rtypecontrol/pave.go
new file mode 100644
index 0000000000..871eaab654
--- /dev/null
+++ b/pkg/rtypecontrol/pave.go
@@ -0,0 +1,50 @@
+package rtypecontrol
+
+import (
+	"fmt"
+	"strconv"
+)
+
+// PaveArgs converts each arg to its desired type, or returns an error if conversion fails or if the number of arguments is wrong.
+// argTypes is a string where each rune specifies the desired type of the arg in the same position:
+// 'i': uinet16 (will convert strings, truncate floats, etc)
+// 's': Valid only if string.
+func PaveArgs(args []any, argTypes string) error {
+
+	if len(args) != len(argTypes) {
+		return fmt.Errorf("wrong number of arguments. Expected %v, got %v", len(argTypes), len(args))
+	}
+
+	for i, at := range argTypes {
+		arg := args[i]
+		switch at {
+
+		case 'i': // uint16
+			if s, ok := arg.(string); ok { // Is this a string-encoded int?
+				ni, err := strconv.Atoi(s)
+				if err != nil {
+					return fmt.Errorf("value %q is not a number (uint16 wanted)", arg)
+				}
+				args[i] = uint16(ni)
+			} else if _, ok := arg.(float64); ok {
+				args[i] = uint16(arg.(float64))
+			} else if _, ok := arg.(uint16); ok {
+				args[i] = arg.(uint16)
+			} else if _, ok := arg.(int); ok {
+				args[i] = uint16(arg.(int))
+			} else {
+				return fmt.Errorf("value %q is type %T, expected uint16", arg, arg)
+			}
+
+		case 's':
+			if _, ok := arg.(string); ok {
+				args[i] = arg.(string)
+			} else {
+				args[i] = fmt.Sprintf("%v", arg)
+			}
+
+		}
+	}
+
+	return nil
+}
diff --git a/pkg/rtypecontrol/validate_test.go b/pkg/rtypecontrol/pave_test.go
similarity index 52%
rename from pkg/rtypecontrol/validate_test.go
rename to pkg/rtypecontrol/pave_test.go
index f803d6f584..bee5f80b84 100644
--- a/pkg/rtypecontrol/validate_test.go
+++ b/pkg/rtypecontrol/pave_test.go
@@ -2,7 +2,7 @@ package rtypecontrol
 
 import "testing"
 
-func TestValidateArgs(t *testing.T) {
+func TestPaveArgs(t *testing.T) {
 	tests := []struct {
 		name     string
 		dataArgs []any
@@ -19,23 +19,35 @@ func TestValidateArgs(t *testing.T) {
 			name:     "int to string",
 			dataArgs: []any{100},
 			dataRule: "s",
-			wantErr:  true,
+			wantErr:  false,
 		},
 
 		{
-			name:     "int",
-			dataArgs: []any{int(1)},
+			name:     "uint16",
+			dataArgs: []any{uint16(1)},
+			dataRule: "i",
+			wantErr:  false,
+		},
+		{
+			name:     "float to uint16",
+			dataArgs: []any{float64(2)},
+			dataRule: "i",
+			wantErr:  false,
+		},
+		{
+			name:     "int uint16",
+			dataArgs: []any{int(3)},
 			dataRule: "i",
 			wantErr:  false,
 		},
 		{
-			name:     "string to int",
+			name:     "string to uint16",
 			dataArgs: []any{"111"},
 			dataRule: "i",
 			wantErr:  false,
 		},
 		{
-			name:     "txt to int",
+			name:     "txt to uint16",
 			dataArgs: []any{"one"},
 			dataRule: "i",
 			wantErr:  true,
@@ -43,8 +55,8 @@ func TestValidateArgs(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if err := CheckArgTypes(tt.dataArgs, tt.dataRule); (err != nil) != tt.wantErr {
-				t.Errorf("ValidateArgs() error = %v, wantErr %v", err, tt.wantErr)
+			if err := PaveArgs(tt.dataArgs, tt.dataRule); (err != nil) != tt.wantErr {
+				t.Errorf("PaveArgs() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
 	}
diff --git a/pkg/rtypecontrol/validate.go b/pkg/rtypecontrol/validate.go
deleted file mode 100644
index b4d649a7bf..0000000000
--- a/pkg/rtypecontrol/validate.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package rtypecontrol
-
-import (
-	"fmt"
-	"strconv"
-)
-
-// CheckArgTypes validates that the items in args are of appropriate types. argTypes is a string: "ssi" means the args should be string, string, int.
-// 's': Valid only if string.
-// 'i': Valid only if int, float64, or a string that Atoi() can convert to an int.
-func CheckArgTypes(args []any, argTypes string) error {
-
-	if len(args) != len(argTypes) {
-		return fmt.Errorf("wrong number of arguments. Expected %v, got %v", len(argTypes), len(args))
-	}
-
-	for i, at := range argTypes {
-		arg := args[i]
-		switch at {
-
-		case 'i':
-			if s, ok := arg.(string); ok { // Is this a string-encoded int?
-				ni, err := strconv.Atoi(s)
-				if err != nil {
-					return fmt.Errorf("value %q is type %T, expected INT", arg, arg)
-				}
-				args[i] = ni
-			} else if _, ok := arg.(float64); ok {
-				args[i] = int(arg.(float64))
-			} else if _, ok := arg.(int); !ok {
-				return fmt.Errorf("value %q is type %T, expected INT", arg, arg)
-			}
-
-		case 's':
-			if _, ok := arg.(string); !ok {
-				return fmt.Errorf("value %q is type %T, expected STRING", arg, arg)
-			}
-
-		}
-	}
-
-	return nil
-}
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index eb1e0ccdea..11fa80b07a 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -568,7 +568,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 			if !c.manageRedirects && !c.manageSingleRedirects {
 				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_REDIRECT/CF_TEMP_REDIRECT records")
 			}
-			code := 301
+			code := uint16(301)
 			if rec.Type == "CF_TEMP_REDIRECT" {
 				code = 302
 			}
@@ -844,13 +844,13 @@ func uint16Zero(value interface{}) uint16 {
 	return 0
 }
 
-// intZero converts value to int or returns 0.
-func intZero(value interface{}) int {
+// intZero converts value to uint16 or returns 0.
+func intZero(value interface{}) uint16 {
 	switch v := value.(type) {
 	case float64:
-		return int(v)
+		return uint16(v)
 	case int:
-		return v
+		return uint16(v)
 	case nil:
 	}
 	return 0
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index bb6fb5ed80..70d3bea187 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -306,7 +306,7 @@ func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*mo
 		// Extract the valuables from the rule, use it to make the sr:
 		srWhen := pr.Expression
 		srThen := pr.ActionParameters.FromValue.TargetURL.Expression
-		code := int(pr.ActionParameters.FromValue.StatusCode)
+		code := uint16(pr.ActionParameters.FromValue.StatusCode)
 		sr := cfsingleredirect.FromAPIData(srWhen, srThen, code)
 		//sr.SRRRuleList = rulelist
 		//printer.Printf("DEBUG: DESCRIPTION = %v\n", pr.Description)
@@ -475,15 +475,6 @@ func (c *cloudflareProvider) updatePageRule(recordID, domainID string, cfr model
 }
 
 func (c *cloudflareProvider) createPageRule(domainID string, cfr models.CloudflareSingleRedirectConfig) error {
-	//printer.Printf("DEBUG: called createPageRule(%s, %+v)\n", domainID, cfr)
-	// from to priority code
-	// parts := strings.Split(target, ",")
-	// priority, _ := strconv.Atoi(parts[2])
-	// code, _ := strconv.Atoi(parts[3])
-	// printer.Printf("DEBUG: pr.PageRule target = %v\n", target)
-	// printer.Printf("DEBUG: pr.PageRule target = %v\n", parts[0])
-	// printer.Printf("DEBUG: pr.PageRule url    = %v\n", parts[1])
-	// printer.Printf("DEBUG: pr.PageRule code   = %v\n", code)
 	priority := cfr.PRPriority
 	code := cfr.Code
 	prWhen := cfr.PRWhen
@@ -570,5 +561,5 @@ type pageRuleConstraint struct {
 
 type pageRuleFwdInfo struct {
 	URL        string `json:"url"`
-	StatusCode int    `json:"status_code"`
+	StatusCode uint16 `json:"status_code"`
 }
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
index 938e8ca742..792514a51a 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
@@ -2,7 +2,6 @@ package cfsingleredirect
 
 import (
 	"fmt"
-	"strconv"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/rtypecontrol"
@@ -14,34 +13,18 @@ func init() {
 
 func FromRaw(rc *models.RecordConfig, items []any) error {
 
-	var err error
-
 	// Validate types.
-	if err := rtypecontrol.CheckArgTypes(items, "siss"); err != nil {
+	if err := rtypecontrol.PaveArgs(items, "siss"); err != nil {
 		return err
 	}
 
 	// Unpack the args:
 	var name, when, then string
-	var code int
+	var code uint16
 
 	name = items[0].(string)
 
-	ucode := items[1]
-	switch v := ucode.(type) {
-	case int:
-		code = v
-	case float64:
-		code = int(v)
-	case string:
-		code, err = strconv.Atoi(v)
-		if err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("code %q unexpected type %T", ucode, v)
-	}
-
+	code = items[1].(uint16)
 	if code != 301 && code != 302 {
 		return fmt.Errorf("code (%03d) is not 301 or 302", code)
 	}
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/convert.go b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
index 7a16ba27e7..078add236f 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/convert.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
@@ -9,7 +9,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 )
 
-func FromUserInput(target string, code int, priority int) (*models.CloudflareSingleRedirectConfig, error) {
+func FromUserInput(target string, code uint16, priority int) (*models.CloudflareSingleRedirectConfig, error) {
 	// target: matcher,replacement,priority,code
 	// target: cable.slackoverflow.com/*,https://change.cnn.com/$1,1,302
 
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/native.go b/providers/cloudflare/rtypes/cfsingleredirect/native.go
index bcc1d3dff4..fcfd22d568 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/native.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/native.go
@@ -6,7 +6,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 )
 
-func FromAPIData(sm, sr string, code int) *models.CloudflareSingleRedirectConfig {
+func FromAPIData(sm, sr string, code uint16) *models.CloudflareSingleRedirectConfig {
 	r := &models.CloudflareSingleRedirectConfig{
 		PRWhen:    "UNKNOWABLE",
 		PRThen:    "UNKNOWABLE",

From cf49ec871f0264eb048ac024795be8cf5460a021 Mon Sep 17 00:00:00 2001
From: Sven Luijten <11269635+svenluijten@users.noreply.github.com>
Date: Wed, 10 Jul 2024 13:38:13 +0200
Subject: [PATCH 311/438] DOCS: Fix markdown links in Cloudflare provider docs
 (#3046)

---
 documentation/provider/cloudflareapi.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index 6a028371ad..3f84b1210d 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -204,7 +204,7 @@ will automatically add it when `dnscontrol push` is executed.
 
 ## Old-style vs new-style redirects
 
-Old-style redirects uses the [Page Rules][https://developers.cloudflare.com/rules/page-rules/] product feature, which is [going away](https://developers.cloudflare.com/rules/reference/page-rules-migration/).  In this mode,
+Old-style redirects uses the [Page Rules](https://developers.cloudflare.com/rules/page-rules/) product feature, which is [going away](https://developers.cloudflare.com/rules/reference/page-rules-migration/).  In this mode,
 `CF_REDIRECT` and `CF_TEMP_REDIRECT` functions generate Page Rules.
 
 Enable it using:
@@ -215,7 +215,7 @@ var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
 });
 ```
 
-New redirects uses the [Single Redirects][https://developers.cloudflare.com/rules/url-forwarding/] product feature.  In this mode,
+New redirects uses the [Single Redirects](https://developers.cloudflare.com/rules/url-forwarding/) product feature.  In this mode,
 `CF_REDIRECT` and `CF_TEMP_REDIRECT` functions generates Single Redirects.
 
 Enable it using:

From 8fa1a8d7d61c49e43c537ae04a58189d6014fa00 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Wed, 10 Jul 2024 21:53:50 +0200
Subject: [PATCH 312/438] BUILD: Generate OWNERS files (#2997)

---
 build/generate/generate.go                    |  3 +
 build/generate/ownersFile.go                  | 68 +++++++++++++++++++
 documentation/writing-providers.md            |  2 -
 main.go                                       |  2 +-
 .../akamaiedgedns/akamaiEdgeDnsProvider.go    |  7 +-
 providers/autodns/autoDnsProvider.go          |  5 +-
 providers/axfrddns/axfrddnsProvider.go        |  5 +-
 providers/azuredns/azureDnsProvider.go        |  7 +-
 .../azurePrivateDnsProvider.go                |  7 +-
 providers/bind/bindProvider.go                |  5 +-
 providers/bunnydns/bunnydnsProvider.go        |  5 +-
 providers/cloudflare/cloudflareProvider.go    | 11 +--
 providers/cloudns/cloudnsProvider.go          |  7 +-
 providers/cscglobal/cscglobalProvider.go      |  7 +-
 providers/desec/desecProvider.go              |  5 +-
 .../digitalocean/digitaloceanProvider.go      |  5 +-
 providers/dnsimple/dnsimpleProvider.go        |  7 +-
 providers/dnsmadeeasy/dnsMadeEasyProvider.go  |  5 +-
 providers/doh/dohProvider.go                  |  5 +-
 .../domainnameshop/domainnameshopProvider.go  |  5 +-
 providers/dynadot/dynadotProvider.go          |  5 +-
 providers/easyname/easynameProvider.go        |  5 +-
 providers/exoscale/exoscaleProvider.go        |  5 +-
 providers/gandiv5/gandi_v5Provider.go         |  7 +-
 providers/gcloud/gcloudProvider.go            |  5 +-
 providers/gcore/gcoreProvider.go              |  5 +-
 providers/hedns/hednsProvider.go              |  5 +-
 providers/hetzner/hetznerProvider.go          |  5 +-
 providers/hexonet/hexonetProvider.go          |  7 +-
 providers/hostingde/hostingdeProvider.go      |  7 +-
 providers/huaweicloud/huaweicloudProvider.go  |  5 +-
 providers/internetbs/internetbsProvider.go    |  5 +-
 providers/inwx/inwxProvider.go                |  7 +-
 providers/linode/linodeProvider.go            |  5 +-
 providers/loopia/loopiaProvider.go            |  7 +-
 providers/luadns/luadnsProvider.go            |  5 +-
 providers/msdns/msdnsProvider.go              |  5 +-
 .../mythicbeasts/mythicbeastsProvider.go      |  5 +-
 providers/namecheap/namecheapProvider.go      | 13 ++--
 providers/namedotcom/namedotcomProvider.go    |  5 +-
 providers/netcup/netcupProvider.go            |  5 +-
 providers/netlify/netlifyProvider.go          |  9 ++-
 providers/ns1/ns1Provider.go                  |  7 +-
 providers/opensrs/opensrsProvider.go          |  5 +-
 providers/oracle/oracleProvider.go            |  5 +-
 providers/ovh/ovhProvider.go                  |  7 +-
 providers/packetframe/packetframeProvider.go  |  5 +-
 providers/porkbun/porkbunProvider.go          |  7 +-
 providers/powerdns/powerdnsProvider.go        |  5 +-
 providers/providers.go                        |  9 +++
 .../realtimeregisterProvider.go               |  7 +-
 providers/route53/route53Provider.go          |  9 ++-
 providers/rwth/rwthProvider.go                |  5 +-
 providers/softlayer/softlayerProvider.go      |  5 +-
 providers/transip/transipProvider.go          |  5 +-
 providers/vultr/vultrProvider.go              |  5 +-
 56 files changed, 311 insertions(+), 80 deletions(-)
 create mode 100644 build/generate/ownersFile.go

diff --git a/build/generate/generate.go b/build/generate/generate.go
index 4753aed486..ec505c3e9b 100644
--- a/build/generate/generate.go
+++ b/build/generate/generate.go
@@ -6,6 +6,9 @@ func main() {
 	if err := generateFeatureMatrix(); err != nil {
 		log.Fatal(err)
 	}
+	if err := generateOwnersFile(); err != nil {
+		log.Fatal(err)
+	}
 	funcs, err := generateFunctionTypes()
 	if err != nil {
 		log.Fatal(err)
diff --git a/build/generate/ownersFile.go b/build/generate/ownersFile.go
new file mode 100644
index 0000000000..b9c9009ea0
--- /dev/null
+++ b/build/generate/ownersFile.go
@@ -0,0 +1,68 @@
+package main
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	"os"
+	"sort"
+	"strings"
+)
+
+func generateOwnersFile() error {
+	maintainers := providers.ProviderMaintainers
+	sortedProviderNames := getSortedProviderNames(maintainers)
+
+	var ownersData strings.Builder
+	for _, providerName := range sortedProviderNames {
+		providerMaintainer := maintainers[providerName]
+		if providerMaintainer == "NEEDS VOLUNTEER" {
+			ownersData.WriteString("# ")
+		}
+		ownersData.WriteString("providers/")
+		ownersData.WriteString(getProviderDirectory(providerName))
+		ownersData.WriteString(" ")
+		ownersData.WriteString(providerMaintainer)
+		ownersData.WriteString("\n")
+	}
+
+	file, err := os.Create("OWNERS")
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	_, err = file.WriteString(ownersData.String())
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func getProviderDirectory(providerName string) string {
+	// Strip the underscores from the providerName constants
+	providerDirectory := strings.ToLower(
+		strings.ReplaceAll(
+			providerName, "_", "",
+		),
+	)
+
+	// These providers use a different directory name
+	if providerDirectory == "cloudflareapi" {
+		providerDirectory = "cloudflare"
+	}
+	if providerDirectory == "dnsoverhttps" {
+		providerDirectory = "doh"
+	}
+
+	return providerDirectory
+}
+
+func getSortedProviderNames(maintainers map[string]string) []string {
+	providerNameSorted := make([]string, 0, len(maintainers))
+	for providerNameKey := range maintainers {
+		providerNameSorted = append(providerNameSorted, providerNameKey)
+	}
+	sort.Strings(providerNameSorted)
+
+	return providerNameSorted
+}
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 81f4aadede..663f79e889 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -224,8 +224,6 @@ an automated way to test for this bug.  The manual steps are here in
   * Add the provider to the "Providers" list.
 * Create `documentation/provider/PROVIDERNAME.md`:
   * Use one of the other files in that directory as a base.
-* Edit `OWNERS`:
-  * Add the directory name and your GitHub username.
 
 {% hint style="success" %}
 **Need feedback?** Submit a draft PR!  It's a great way to get early feedback, ask about fixing
diff --git a/main.go b/main.go
index b0737bc5ab..02ee05b8d7 100644
--- a/main.go
+++ b/main.go
@@ -10,7 +10,7 @@ import (
 	"github.com/fatih/color"
 )
 
-//go:generate go run build/generate/generate.go build/generate/featureMatrix.go build/generate/functionTypes.go build/generate/dtsFile.go
+//go:generate go run build/generate/generate.go build/generate/featureMatrix.go build/generate/functionTypes.go build/generate/dtsFile.go build/generate/ownersFile.go
 
 // Version management. Goals:
 // 1. Someone who just does "go get" has at least some information.
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index 59da28e5ec..dbe6fb5f76 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -49,12 +49,15 @@ type edgeDNSProvider struct {
 }
 
 func init() {
+	const providerName = "AKAMAIEDGEDNS"
+	const providerMaintainer = "@edglynes"
 	fns := providers.DspFuncs{
 		Initializer:   newEdgeDNSDSP,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("AKAMAIEDGEDNS", fns, features)
-	providers.RegisterCustomRecordType("AKAMAICDN", "AKAMAIEDGEDNS", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("AKAMAICDN", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // DnsServiceProvider
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 6dfb1d341e..38a7184c74 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -37,11 +37,14 @@ type autoDNSProvider struct {
 }
 
 func init() {
+	const providerName = "AUTODNS"
+	const providerMaintainer = "@arnoschoon"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("AUTODNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // New creates a new API handle.
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 5408e24fdf..3033df4bef 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -172,11 +172,14 @@ func initAxfrDdns(config map[string]string, providermeta json.RawMessage) (provi
 }
 
 func init() {
+	const providerName = "AXFRDDNS"
+	const providerMaintainer = "@hnrgrgr"
 	fns := providers.DspFuncs{
 		Initializer:   initAxfrDdns,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("AXFRDDNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // Param is used to decode extra parameters sent to provider.
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 916cc56b67..0ab74a72a6 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -78,12 +78,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "AZURE_DNS"
+	const providerMaintainer = "@vatsalyagoel"
 	fns := providers.DspFuncs{
 		Initializer:   newAzureDNSDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("AZURE_DNS", fns, features)
-	providers.RegisterCustomRecordType("AZURE_ALIAS", "AZURE_DNS", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("AZURE_ALIAS", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func (a *azurednsProvider) getExistingZones() ([]*adns.Zone, error) {
diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index 6e72bec7b2..5a901380e8 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -82,12 +82,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "AZURE_PRIVATE_DNS"
+	const providerMaintainer = "@matthewmgamble"
 	fns := providers.DspFuncs{
 		Initializer:   newAzureDNSDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("AZURE_PRIVATE_DNS", fns, features)
-	providers.RegisterCustomRecordType("AZURE_ALIAS", "AZURE_PRIVATE_DNS", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("AZURE_ALIAS", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func (a *azurednsProvider) getExistingZones() ([]*adns.PrivateZone, error) {
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 27dbb1598b..a8509542d6 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -93,11 +93,14 @@ func initBind(config map[string]string, providermeta json.RawMessage) (providers
 }
 
 func init() {
+	const providerName = "BIND"
+	const providerMaintainer = "@tlimoncelli"
 	fns := providers.DspFuncs{
 		Initializer:   initBind,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("BIND", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // SoaDefaults contains the parts of the default SOA settings.
diff --git a/providers/bunnydns/bunnydnsProvider.go b/providers/bunnydns/bunnydnsProvider.go
index 3450b71a4c..aa797b2886 100644
--- a/providers/bunnydns/bunnydnsProvider.go
+++ b/providers/bunnydns/bunnydnsProvider.go
@@ -37,11 +37,14 @@ type bunnydnsProvider struct {
 }
 
 func init() {
+	const providerName = "BUNNY_DNS"
+	const providerMaintainer = "@ppmathis"
 	fns := providers.DspFuncs{
 		Initializer:   newBunnydns,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("BUNNY_DNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newBunnydns(settings map[string]string, _ json.RawMessage) (providers.DNSServiceProvider, error) {
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 11fa80b07a..bb79575cab 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -64,14 +64,17 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "CLOUDFLAREAPI"
+	const providerMaintainer = "@tresni"
 	fns := providers.DspFuncs{
 		Initializer:   newCloudflare,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("CLOUDFLAREAPI", fns, features)
-	providers.RegisterCustomRecordType("CF_REDIRECT", "CLOUDFLAREAPI", "")
-	providers.RegisterCustomRecordType("CF_TEMP_REDIRECT", "CLOUDFLAREAPI", "")
-	providers.RegisterCustomRecordType("CF_WORKER_ROUTE", "CLOUDFLAREAPI", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("CF_REDIRECT", providerName, "")
+	providers.RegisterCustomRecordType("CF_TEMP_REDIRECT", providerName, "")
+	providers.RegisterCustomRecordType("CF_WORKER_ROUTE", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // cloudflareProvider is the handle for API calls.
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 2e71a3ec37..d3f7952e53 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -57,12 +57,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "CLOUDNS"
+	const providerMaintainer = "@pragmaton"
 	fns := providers.DspFuncs{
 		Initializer:   NewCloudns,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("CLOUDNS", fns, features)
-	providers.RegisterCustomRecordType("CLOUDNS_WR", "CLOUDNS", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("CLOUDNS_WR", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/cscglobal/cscglobalProvider.go b/providers/cscglobal/cscglobalProvider.go
index e52c2a5265..8b0d431f9b 100644
--- a/providers/cscglobal/cscglobalProvider.go
+++ b/providers/cscglobal/cscglobalProvider.go
@@ -61,11 +61,14 @@ func newProvider(m map[string]string) (*providerClient, error) {
 }
 
 func init() {
-	providers.RegisterRegistrarType("CSCGLOBAL", newReg)
+	const providerName = "CSCGLOBAL"
+	const providerMaintainer = "@mikenz"
+	providers.RegisterRegistrarType(providerName, newReg)
 
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("CSCGLOBAL", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index dee3f4fb1f..1e08d6c29c 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -58,11 +58,14 @@ var defaultNameServerNames = []string{
 }
 
 func init() {
+	const providerName = "DESEC"
+	const providerMaintainer = "@D3luxee"
 	fns := providers.DspFuncs{
 		Initializer:   NewDeSec,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("DESEC", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 409776b450..1d4d4c2ddb 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -82,11 +82,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "DIGITALOCEAN"
+	const providerMaintainer = "@Deraen"
 	fns := providers.DspFuncs{
 		Initializer:   NewDo,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("DIGITALOCEAN", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // EnsureZoneExists creates a zone if it does not exist
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index cf1acf3189..68ef7a0055 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -41,12 +41,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("DNSIMPLE", newReg)
+	const providerName = "DNSIMPLE"
+	const providerMaintainer = "@onlyhavecans"
+	providers.RegisterRegistrarType(providerName, newReg)
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("DNSIMPLE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 const stateRegistered = "registered"
diff --git a/providers/dnsmadeeasy/dnsMadeEasyProvider.go b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
index 1b1a96bcd1..4364ab5eef 100644
--- a/providers/dnsmadeeasy/dnsMadeEasyProvider.go
+++ b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
@@ -31,12 +31,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "DNSMADEEASY"
+	const providerMaintainer = "@vojtad"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
 
-	providers.RegisterDomainServiceProviderType("DNSMADEEASY", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // New creates a new API handle.
diff --git a/providers/doh/dohProvider.go b/providers/doh/dohProvider.go
index c8e4d62b1a..2cc91e1680 100644
--- a/providers/doh/dohProvider.go
+++ b/providers/doh/dohProvider.go
@@ -24,7 +24,10 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("DNSOVERHTTPS", newDNSOverHTTPS, features)
+	const providerName = "DNSOVERHTTPS"
+	const providerMaintainer = "@mikenz"
+	providers.RegisterRegistrarType(providerName, newDNSOverHTTPS, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newDNSOverHTTPS(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/domainnameshop/domainnameshopProvider.go b/providers/domainnameshop/domainnameshopProvider.go
index af8fed0a7a..ed92f38163 100644
--- a/providers/domainnameshop/domainnameshopProvider.go
+++ b/providers/domainnameshop/domainnameshopProvider.go
@@ -47,12 +47,15 @@ var features = providers.DocumentationNotes{
 // Register with the dnscontrol system.
 // This establishes the name (all caps), and the function to call to initialize it.
 func init() {
+	const providerName = "DOMAINNAMESHOP"
+	const providerMaintainer = "@SimenBai"
 	fns := providers.DspFuncs{
 		Initializer:   newDomainNameShopProvider,
 		RecordAuditor: AuditRecords,
 	}
 
-	providers.RegisterDomainServiceProviderType("DOMAINNAMESHOP", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // newDomainNameShopProvider creates a Domainnameshop specific DNS provider.
diff --git a/providers/dynadot/dynadotProvider.go b/providers/dynadot/dynadotProvider.go
index 46d6885732..23da0ec34a 100644
--- a/providers/dynadot/dynadotProvider.go
+++ b/providers/dynadot/dynadotProvider.go
@@ -25,7 +25,10 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("DYNADOT", newDynadot, features)
+	const providerName = "DYNADOT"
+	const providerMaintainer = "@e-im"
+	providers.RegisterRegistrarType(providerName, newDynadot, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newDynadot(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/easyname/easynameProvider.go b/providers/easyname/easynameProvider.go
index d6625bc24c..3c4ec58f08 100644
--- a/providers/easyname/easynameProvider.go
+++ b/providers/easyname/easynameProvider.go
@@ -23,7 +23,10 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("EASYNAME", newEasyname, features)
+	const providerName = "EASYNAME"
+	const providerMaintainer = "@tresni"
+	providers.RegisterRegistrarType(providerName, newEasyname, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newEasyname(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/exoscale/exoscaleProvider.go b/providers/exoscale/exoscaleProvider.go
index ff726bee90..7d77a1daf1 100644
--- a/providers/exoscale/exoscaleProvider.go
+++ b/providers/exoscale/exoscaleProvider.go
@@ -70,11 +70,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "EXOSCALE"
+	const providerMaintainer = "@pierre-emmanuelJ"
 	fns := providers.DspFuncs{
 		Initializer:   NewExoscale,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("EXOSCALE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // EnsureZoneExists creates a zone if it does not exist
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 4495239486..4385e3627d 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -34,12 +34,15 @@ import (
 
 // init registers the provider to dnscontrol.
 func init() {
+	const providerName = "GANDI_V5"
+	const providerMaintainer = "@TomOnTime"
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("GANDI_V5", fns, features)
-	providers.RegisterRegistrarType("GANDI_V5", newReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterRegistrarType(providerName, newReg)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // features declares which features and options are available.
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 1f429d0b89..026103f44d 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -53,11 +53,14 @@ func sPtr(s string) *string {
 }
 
 func init() {
+	const providerName = "GCLOUD"
+	const providerMaintainer = "@riyadhalnur"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("GCLOUD", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 type gcloudProvider struct {
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index f984e9dda3..14123c94d1 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -68,11 +68,14 @@ var defaultNameServerNames = []string{
 }
 
 func init() {
+	const providerName = "GCORE"
+	const providerMaintainer = "@xddxdd"
 	fns := providers.DspFuncs{
 		Initializer:   NewGCore,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("GCORE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index 3201a58ba9..d5e3f72765 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -66,11 +66,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "HEDNS"
+	const providerMaintainer = "@rblenkinsopp"
 	fns := providers.DspFuncs{
 		Initializer:   newHEDNSProvider,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("HEDNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 var defaultNameservers = []string{
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index 3ccea1787a..242c826f33 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -33,11 +33,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "HETZNER"
+	const providerMaintainer = "@das7pad"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("HETZNER", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // New creates a new API handle.
diff --git a/providers/hexonet/hexonetProvider.go b/providers/hexonet/hexonetProvider.go
index 98f3742bff..3b24e1b0b7 100644
--- a/providers/hexonet/hexonetProvider.go
+++ b/providers/hexonet/hexonetProvider.go
@@ -72,10 +72,13 @@ func newDsp(conf map[string]string, meta json.RawMessage) (providers.DNSServiceP
 }
 
 func init() {
+	const providerName = "HEXONET"
+	const providerMaintainer = "@KaiSchwarz-cnic"
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterRegistrarType("HEXONET", newReg)
-	providers.RegisterDomainServiceProviderType("HEXONET", fns, features)
+	providers.RegisterRegistrarType(providerName, newReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index 38ee265b8b..80a0fabed2 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -37,12 +37,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("HOSTINGDE", newHostingdeReg)
+	const providerName = "HOSTINGDE"
+	const providerMaintainer = "@juliusrickert"
+	providers.RegisterRegistrarType(providerName, newHostingdeReg)
 	fns := providers.DspFuncs{
 		Initializer:   newHostingdeDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("HOSTINGDE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 type providerMeta struct {
diff --git a/providers/huaweicloud/huaweicloudProvider.go b/providers/huaweicloud/huaweicloudProvider.go
index aa73fa12dc..11c3eba82f 100644
--- a/providers/huaweicloud/huaweicloudProvider.go
+++ b/providers/huaweicloud/huaweicloudProvider.go
@@ -111,11 +111,14 @@ var defaultNameServerNames = []string{
 }
 
 func init() {
+	const providerName = "HUAWEICLOUD"
+	const providerMaintainer = "@huihuimoe"
 	fns := providers.DspFuncs{
 		Initializer:   newHuaweicloud,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("HUAWEICLOUD", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // huaweicloud has request limiting like above.
diff --git a/providers/internetbs/internetbsProvider.go b/providers/internetbs/internetbsProvider.go
index df7641bf50..a1224ff206 100644
--- a/providers/internetbs/internetbsProvider.go
+++ b/providers/internetbs/internetbsProvider.go
@@ -26,7 +26,10 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("INTERNETBS", newInternetBs, features)
+	const providerName = "INTERNETBS"
+	const providerMaintainer = "@pragmaton"
+	providers.RegisterRegistrarType(providerName, newInternetBs, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newInternetBs(m map[string]string) (providers.Registrar, error) {
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 224406d25d..020460814e 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -71,12 +71,15 @@ type inwxAPI struct {
 
 // init registers the registrar and the domain service provider with dnscontrol.
 func init() {
-	providers.RegisterRegistrarType("INWX", newInwxReg)
+	const providerName = "INWX"
+	const providerMaintainer = "@patschi"
+	providers.RegisterRegistrarType(providerName, newInwxReg)
 	fns := providers.DspFuncs{
 		Initializer:   newInwxDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("INWX", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // getOTP either returns the TOTPValue or uses TOTPKey and the current time to generate a valid TOTPValue.
diff --git a/providers/linode/linodeProvider.go b/providers/linode/linodeProvider.go
index 9e25e82fef..efa45980ca 100644
--- a/providers/linode/linodeProvider.go
+++ b/providers/linode/linodeProvider.go
@@ -99,12 +99,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "LINODE"
+	const providerMaintainer = "@koesie10"
 	// SRV support is in this provider, but Linode doesn't seem to support it properly
 	fns := providers.DspFuncs{
 		Initializer:   NewLinode,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("LINODE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index 3862bfaa70..8e6d1dc2ff 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -33,12 +33,15 @@ import (
 
 // init registers the provider to dnscontrol.
 func init() {
+	const providerName = "LOOPIA"
+	const providerMaintainer = "@systemcrash"
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("LOOPIA", fns, features)
-	providers.RegisterRegistrarType("LOOPIA", newReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterRegistrarType(providerName, newReg)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // features declares which features and options are available.
diff --git a/providers/luadns/luadnsProvider.go b/providers/luadns/luadnsProvider.go
index 4086f8ab28..ac301c14eb 100644
--- a/providers/luadns/luadnsProvider.go
+++ b/providers/luadns/luadnsProvider.go
@@ -36,11 +36,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "LUADNS"
+	const providerMaintainer = "@riku22"
 	fns := providers.DspFuncs{
 		Initializer:   NewLuaDNS,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("LUADNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // NewLuaDNS creates the provider.
diff --git a/providers/msdns/msdnsProvider.go b/providers/msdns/msdnsProvider.go
index 65880b214a..c543f7eb77 100644
--- a/providers/msdns/msdnsProvider.go
+++ b/providers/msdns/msdnsProvider.go
@@ -40,11 +40,14 @@ var features = providers.DocumentationNotes{
 //
 //	This establishes the name (all caps), and the function to call to initialize it.
 func init() {
+	const providerName = "MSDNS"
+	const providerMaintainer = "@tlimoncelli"
 	fns := providers.DspFuncs{
 		Initializer:   newDNS,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("MSDNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newDNS(config map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index e55470d915..9bef9de878 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -47,11 +47,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "MYTHICBEASTS"
+	const providerMaintainer = "@tomfitzhenry"
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("MYTHICBEASTS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
diff --git a/providers/namecheap/namecheapProvider.go b/providers/namecheap/namecheapProvider.go
index 7171789805..a69dfe6f97 100644
--- a/providers/namecheap/namecheapProvider.go
+++ b/providers/namecheap/namecheapProvider.go
@@ -42,15 +42,18 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("NAMECHEAP", newReg)
+	const providerName = "NAMECHEAP"
+	const providerMaintainer = "@willpower232"
+	providers.RegisterRegistrarType(providerName, newReg)
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("NAMECHEAP", fns, features)
-	providers.RegisterCustomRecordType("URL", "NAMECHEAP", "")
-	providers.RegisterCustomRecordType("URL301", "NAMECHEAP", "")
-	providers.RegisterCustomRecordType("FRAME", "NAMECHEAP", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType("URL", providerName, "")
+	providers.RegisterCustomRecordType("URL301", providerName, "")
+	providers.RegisterCustomRecordType("FRAME", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
diff --git a/providers/namedotcom/namedotcomProvider.go b/providers/namedotcom/namedotcomProvider.go
index b7b820b983..a4f8c5fd03 100644
--- a/providers/namedotcom/namedotcomProvider.go
+++ b/providers/namedotcom/namedotcomProvider.go
@@ -65,10 +65,13 @@ func newProvider(conf map[string]string) (*namedotcomProvider, error) {
 }
 
 func init() {
-	providers.RegisterRegistrarType("NAMEDOTCOM", newReg)
+	const providerName = "NAMEDOTCOM"
+	const providerMaintainer = "NEEDS VOLUNTEER"
+	providers.RegisterRegistrarType(providerName, newReg)
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
 	providers.RegisterDomainServiceProviderType("NAMEDOTCOM", fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
diff --git a/providers/netcup/netcupProvider.go b/providers/netcup/netcupProvider.go
index 846dd154d1..3483b387b3 100644
--- a/providers/netcup/netcupProvider.go
+++ b/providers/netcup/netcupProvider.go
@@ -24,11 +24,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "NETCUP"
+	const providerMaintainer = "@kordianbruck"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("NETCUP", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // New creates a new API handle.
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index fe83a5cfea..ad90aac5b7 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -33,13 +33,16 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "NETLIFY"
+	const providerMaintainer = "@SphericalKat"
 	fns := providers.DspFuncs{
 		Initializer:   newNetlify,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("NETLIFY", fns, features)
-	providers.RegisterCustomRecordType("NETLIFY", "NETLIFY", "")
-	providers.RegisterCustomRecordType("NETLIFYv6", "NETLIFY", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterCustomRecordType(providerName, providerName, "")
+	providers.RegisterCustomRecordType("NETLIFYv6", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 type netlifyProvider struct {
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index f195fb1f4b..bde47e02dc 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -42,12 +42,15 @@ var docNotes = providers.DocumentationNotes{
 const clientRetries = 10
 
 func init() {
+	const providerName = "NS1"
+	const providerMaintainer = "@costasd"
 	fns := providers.DspFuncs{
 		Initializer:   newProvider,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("NS1", fns, providers.CanUseSRV, docNotes)
-	providers.RegisterCustomRecordType("NS1_URLFWD", "NS1", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, providers.CanUseSRV, docNotes)
+	providers.RegisterCustomRecordType("NS1_URLFWD", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 type nsone struct {
diff --git a/providers/opensrs/opensrsProvider.go b/providers/opensrs/opensrsProvider.go
index a74d676193..3f9f41c8fc 100644
--- a/providers/opensrs/opensrsProvider.go
+++ b/providers/opensrs/opensrsProvider.go
@@ -19,7 +19,10 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("OPENSRS", newReg, features)
+	const providerName = "OPENSRS"
+	const providerMaintainer = "@philhug"
+	providers.RegisterRegistrarType(providerName, newReg, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 var defaultNameServerNames = []string{
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 0a560919a3..1bcca0e5e5 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -35,11 +35,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "ORACLE"
+	const providerMaintainer = "@kallsyms"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("ORACLE", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 type oracleProvider struct {
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index 5722508062..c78a5e3e15 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -74,12 +74,15 @@ func newReg(conf map[string]string) (providers.Registrar, error) {
 }
 
 func init() {
+	const providerName = "OVH"
+	const providerMaintainer = "@masterzen"
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterRegistrarType("OVH", newReg)
-	providers.RegisterDomainServiceProviderType("OVH", fns, features)
+	providers.RegisterRegistrarType(providerName, newReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func (c *ovhProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
diff --git a/providers/packetframe/packetframeProvider.go b/providers/packetframe/packetframeProvider.go
index b0aae570c2..7a9342a018 100644
--- a/providers/packetframe/packetframeProvider.go
+++ b/providers/packetframe/packetframeProvider.go
@@ -50,11 +50,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "PACKETFRAME"
+	const providerMaintainer = "@hamptonmoore"
 	fns := providers.DspFuncs{
 		Initializer:   newPacketframe,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("PACKETFRAME", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 7b3d47bf1a..7b21c602c4 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -69,12 +69,15 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
-	providers.RegisterRegistrarType("PORKBUN", newReg)
+	const providerName = "PORKBUN"
+	const providerMaintainer = "@imlonghao"
+	providers.RegisterRegistrarType(providerName, newReg)
 	fns := providers.DspFuncs{
 		Initializer:   newDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("PORKBUN", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/powerdns/powerdnsProvider.go b/providers/powerdns/powerdnsProvider.go
index 0f386d9033..4e4c49f71d 100644
--- a/providers/powerdns/powerdnsProvider.go
+++ b/providers/powerdns/powerdnsProvider.go
@@ -33,11 +33,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "POWERDNS"
+	const providerMaintainer = "@jpbede"
 	fns := providers.DspFuncs{
 		Initializer:   newDSP,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("POWERDNS", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // powerdnsProvider represents the powerdnsProvider DNSServiceProvider.
diff --git a/providers/providers.go b/providers/providers.go
index 79f86523b5..fd36c2d8df 100644
--- a/providers/providers.go
+++ b/providers/providers.go
@@ -72,6 +72,15 @@ func RegisterDomainServiceProviderType(name string, fns DspFuncs, pm ...Provider
 	unwrapProviderCapabilities(name, pm)
 }
 
+var ProviderMaintainers = map[string]string{}
+
+func RegisterMaintainer(
+	providerName string,
+	gitHubUsername string,
+) {
+	ProviderMaintainers[providerName] = gitHubUsername
+}
+
 // CreateRegistrar initializes a registrar instance from given credentials.
 func CreateRegistrar(rType string, config map[string]string) (Registrar, error) {
 	var err error
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index 4cb3a3b336..807b2d98d7 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -50,12 +50,15 @@ var features = providers.DocumentationNotes{
 
 // init registers the domain service provider with dnscontrol.
 func init() {
+	const providerName = "REALTIMEREGISTER"
+	const providerMaintainer = "@PJEilers"
 	fns := providers.DspFuncs{
 		Initializer:   newRtrDsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("REALTIMEREGISTER", fns, features)
-	providers.RegisterRegistrarType("REALTIMEREGISTER", newRtrReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterRegistrarType(providerName, newRtrReg)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newRtr(config map[string]string, _ json.RawMessage) (*realtimeregisterAPI, error) {
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index d88658f170..ad2c1c598c 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -91,13 +91,16 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "ROUTE53"
+	const providerMaintainer = "@tresni"
 	fns := providers.DspFuncs{
 		Initializer:   newRoute53Dsp,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("ROUTE53", fns, features)
-	providers.RegisterRegistrarType("ROUTE53", newRoute53Reg)
-	providers.RegisterCustomRecordType("R53_ALIAS", "ROUTE53", "")
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterRegistrarType(providerName, newRoute53Reg)
+	providers.RegisterCustomRecordType("R53_ALIAS", providerName, "")
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func withRetry(f func() error) {
diff --git a/providers/rwth/rwthProvider.go b/providers/rwth/rwthProvider.go
index 3a6a56bf26..69468587fb 100644
--- a/providers/rwth/rwthProvider.go
+++ b/providers/rwth/rwthProvider.go
@@ -35,11 +35,14 @@ var features = providers.DocumentationNotes{
 
 // init registers the registrar and the domain service provider with dnscontrol.
 func init() {
+	const providerName = "RWTH"
+	const providerMaintainer = "@mistererwin"
 	fns := providers.DspFuncs{
 		Initializer:   New,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("RWTH", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // New allocates a DNS service provider.
diff --git a/providers/softlayer/softlayerProvider.go b/providers/softlayer/softlayerProvider.go
index 41775f09f3..81e4446f3a 100644
--- a/providers/softlayer/softlayerProvider.go
+++ b/providers/softlayer/softlayerProvider.go
@@ -31,11 +31,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "SOFTLAYER"
+	const providerMaintainer = "NEEDS VOLUNTEER"
 	fns := providers.DspFuncs{
 		Initializer:   newReg,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("SOFTLAYER", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func newReg(conf map[string]string, _ json.RawMessage) (providers.DNSServiceProvider, error) {
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index ad9882b467..a2e7154734 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -87,11 +87,14 @@ func NewTransip(m map[string]string, metadata json.RawMessage) (providers.DNSSer
 }
 
 func init() {
+	const providerName = "TRANSIP"
+	const providerMaintainer = "@blackshadev"
 	fns := providers.DspFuncs{
 		Initializer:   NewTransip,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("TRANSIP", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 func (n *transipProvider) ListZones() ([]string, error) {
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index 2d75d092b0..0c6151945a 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -42,11 +42,14 @@ var features = providers.DocumentationNotes{
 }
 
 func init() {
+	const providerName = "VULTR"
+	const providerMaintainer = "@pgaskin"
 	fns := providers.DspFuncs{
 		Initializer:   NewProvider,
 		RecordAuditor: AuditRecords,
 	}
-	providers.RegisterDomainServiceProviderType("VULTR", fns, features)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
 }
 
 // vultrProvider represents the Vultr DNSServiceProvider.

From d160b828ff29fe3c00217c59e4e6f7655feff72f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 10 Jul 2024 17:31:04 -0400
Subject: [PATCH 313/438] fmt helpers.js (#3048)

---
 pkg/js/helpers.js | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index ab6870c0e5..a85a3b46c4 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1936,9 +1936,7 @@ var DISABLE_REPEATED_DOMAIN_CHECK = { skip_fqdn_check: 'true' };
 // Go.
 
 function rawrecordBuilder(type) {
-
     return function () {
-
         // Copy the raw args:
         var rawArgs = [];
         for (var i = 0; i < arguments.length; i++) {
@@ -1946,10 +1944,9 @@ function rawrecordBuilder(type) {
         }
 
         return function (d) {
-
-             var record = {
-                 type: type,
-             };
+            var record = {
+                type: type,
+            };
 
             // Process the args: Functions are executed, objects are assumed to
             // be meta and stored, strings are assumed to be args and are
@@ -1964,13 +1961,13 @@ function rawrecordBuilder(type) {
             for (var i = 0; i < rawArgs.length; i++) {
                 var r = rawArgs[i];
                 if (_.isFunction(r)) {
-                  r(record);
+                    r(record);
                 } else if (_.isObject(r)) {
-                  processedMetas.push(r);
+                    processedMetas.push(r);
                 } else {
-                  processedArgs.push(r);
+                    processedArgs.push(r);
                 }
-            };
+            }
             // Store the processed args.
             record.args = processedArgs;
             record.metas = processedMetas;

From 1d348de91ca77689f56e96ba4a549f98a5ecb87b Mon Sep 17 00:00:00 2001
From: Nikola Milekic <nikolamilekic@hey.com>
Date: Thu, 18 Jul 2024 17:16:03 +0200
Subject: [PATCH 314/438] DOCS: Fix M365_BUILDER examples (#3009)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .../language-reference/domain-modifiers/M365_BUILDER.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/language-reference/domain-modifiers/M365_BUILDER.md b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
index 985268cc2e..13ef4d1b37 100644
--- a/documentation/language-reference/domain-modifiers/M365_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
@@ -33,7 +33,7 @@ It doesn't set up SPF or DMARC. See [`SPF_BUILDER`](SPF_BUILDER.md) and [`DMARC_
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  M365_BUILDER({
+  M365_BUILDER("example.com", {
       initialDomain: "example.onmicrosoft.com",
   }),
 END);
@@ -47,7 +47,7 @@ This sets up `MX` records, Autodiscover, and DKIM.
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  M365_BUILDER({
+  M365_BUILDER("example.com", {
       label: "test",
       mx: false,
       autodiscover: false,

From 086905241969ebd7cf28c1a43157b81291da4eb2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 18 Jul 2024 12:10:46 -0400
Subject: [PATCH 315/438] CLOUDFLAREAPI: CF_SINGLE_REDIRECT improvements: fix
 bugs, log translated redirects (#3051)

---
 commands/types/dnscontrol.d.ts                |  14 +-
 .../domain-modifiers/CF_REDIRECT.md           |   7 +
 .../domain-modifiers/CF_TEMP_REDIRECT.md      |   7 +
 documentation/provider/cloudflareapi.md       |  56 +++++-
 integrationTest/integration_test.go           |   3 +-
 models/record.go                              |   5 +-
 pkg/rtypes/postprocess.go                     |   1 +
 providers/cloudflare/cloudflareProvider.go    | 160 +++++++-----------
 providers/cloudflare/rest.go                  |  62 +++----
 .../cfsingleredirect/cfsingleredirect.go      |  15 +-
 .../rtypes/cfsingleredirect/convert.go        |  46 ++---
 .../rtypes/cfsingleredirect/convert_test.go   |   9 -
 .../rtypes/cfsingleredirect/from.go           | 122 +++++++++++++
 .../rtypes/cfsingleredirect/native.go         |  19 ---
 14 files changed, 309 insertions(+), 217 deletions(-)
 create mode 100644 providers/cloudflare/rtypes/cfsingleredirect/from.go
 delete mode 100644 providers/cloudflare/rtypes/cfsingleredirect/native.go

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index c3b6e70843..dbaa705ba3 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -472,6 +472,11 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
 declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critical?: boolean; issue: string[]; issue_critical?: boolean; issuewild: string[]; issuewild_critical?: boolean; ttl?: Duration }): DomainModifier;
 
 /**
+ * WARNING: Cloudflare is removing this feature and replacing it with a new
+ * feature called "Dynamic Single Redirect". DNSControl will automatically
+ * generate "Dynamic Single Redirects" for a limited number of use cases. See
+ * [`CLOUDFLAREAPI`](../provider/cloudflareapi.md) for details.
+ *
  * `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
  * generate a HTTP 301 permanent redirect.
  *
@@ -533,6 +538,11 @@ declare function CF_REDIRECT(source: string, destination: string, ...modifiers:
 declare function CF_SINGLE_REDIRECT(name: string, code: number, when: string, then: string, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
+ * WARNING: Cloudflare is removing this feature and replacing it with a new
+ * feature called "Dynamic Single Redirect". DNSControl will automatically
+ * generate "Dynamic Single Redirects" for a limited number of use cases. See
+ * [`CLOUDFLAREAPI`](../provider/cloudflareapi.md) for details.
+ *
  * `CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
  * Rules) to generate a HTTP 302 temporary redirect.
  *
@@ -1810,7 +1820,7 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   M365_BUILDER({
+ *   M365_BUILDER("example.com", {
  *       initialDomain: "example.onmicrosoft.com",
  *   }),
  * END);
@@ -1822,7 +1832,7 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
- *   M365_BUILDER({
+ *   M365_BUILDER("example.com", {
  *       label: "test",
  *       mx: false,
  *       autodiscover: false,
diff --git a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
index f530aafbb7..95aacf5e35 100644
--- a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
@@ -11,6 +11,13 @@ parameter_types:
   "modifiers...": RecordModifier[]
 ---
 
+{% hint style="warning" %}
+WARNING: Cloudflare is removing this feature and replacing it with a new
+feature called "Dynamic Single Redirect". DNSControl will automatically
+generate "Dynamic Single Redirects" for a limited number of use cases. See
+[`CLOUDFLAREAPI`](../provider/cloudflareapi.md) for details.
+{% endhint %}
+
 `CF_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page Rules) to
 generate a HTTP 301 permanent redirect.
 
diff --git a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
index 6578ba2364..6b97fc454f 100644
--- a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
@@ -11,6 +11,13 @@ parameter_types:
   "modifiers...": RecordModifier[]
 ---
 
+{% hint style="warning" %}
+**WARNING**: Cloudflare is removing this feature and replacing it with a new
+feature called "Dynamic Single Redirect". DNSControl will automatically
+generate "Dynamic Single Redirects" for a limited number of use cases. See
+[`CLOUDFLAREAPI`](../provider/cloudflareapi.md) for details.
+{% endhint %}
+
 `CF_TEMP_REDIRECT` uses Cloudflare-specific features ("Forwarding URL" Page
 Rules) to generate a HTTP 302 temporary redirect.
 
diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index 3f84b1210d..f9bd347a31 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -211,7 +211,8 @@ Enable it using:
 
 ```javascript
 var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
-    "manage_redirects": true
+    "manage_redirects": true,
+    "transcode_log": "transcode.log",
 });
 ```
 
@@ -231,8 +232,7 @@ New-style redirects ("Single Redirect Rules") are a new feature of DNSControl
 as of v4.12.0 and may have bugs.  Please test carefully.
 {% endhint %}
 
-
-Conversion mode:
+### Conversion mode:
 
 DNSControl can convert from old-style redirects (Page Rules) to new-style
 redirect (Single Redirects). To enable this mode, set both `manage_redirects`
@@ -268,7 +268,7 @@ via the CloudFlare control panel or wait for Cloudflare to remove support for th
 
 {% hint style="warning" %}
 Cloudflare's announcement says that they will convert old-style redirects (Page Rules) to new-style
-redirect (Single Redirects) but they do not give a date for when this will happen.  DNSControl
+redirect (Single Redirects) but they do not give an exact date for when this will happen.  DNSControl
 will probably see these new redirects as foreign and delete them.
 
 Therefore it is probably safer to do the conversion ahead of them.
@@ -279,6 +279,54 @@ than DNSControl's.  However there's no way for DNSControl to manage them since t
 If you have suggestions on how to handle this better please file a bug.
 {% endhint %}
 
+### Converting to CF_SINGLE_REDIRECT permanently
+
+DNSControl will help convert `CF_REDIRECT`/`CF_TEMP_REDIRECT` statements into
+`CF_SINGLE_REDIRECT` statements. You might choose to do this if you do not want
+to rely on the automatic translation, or if you want to edit the results of the
+translation.
+
+DNSControl will generate a file of the translated statements if you specify
+a filename using the `transcode_log` meta option.
+
+```javascript
+var DSP_CLOUDFLARE = NewDnsProvider("cloudflare", {
+    "manage_single_redirects": true,
+    "transcode_log": "transcode.log",
+});
+```
+
+After running `dnscontrol preview` the contents will look something like this:
+
+{% code title="transcode.log" %}
+```text
+D("example.com", ...
+    CF_SINGLE_REDIRECT("1,302,https://example.com/*,https://replacement.example.com/$1",
+                       302,
+                       'http.host eq "example.com"',
+                       'concat("https://replacement.example.com", http.request.uri.path)'
+    ),
+    CF_SINGLE_REDIRECT("2,302,https://img.example.com/*,https://replacement.example.com/$1",
+                       302,
+                       'http.host eq "img.example.com"',
+                       'concat("https://replacement.example.com", http.request.uri.path)'
+    ),
+    CF_SINGLE_REDIRECT("3,302,https://i.example.com/*,https://replacement.example.com/$1",
+                       302,
+                       'http.host eq "i.example.com"',
+                       'concat("https://replacement.example.com", http.request.uri.path)'
+    ),
+D("otherdomain.com", ...
+    CF_SINGLE_REDIRECT("1,301,https://one.otherdomain.com/,https://www.google.com/",
+                       301,
+                       'http.host eq "one.otherdomain.com" and http.request.uri.path eq "/"',
+                       'concat("https://www.google.com/", "")'
+    ),
+```
+{% endcode %}
+
+Copying the statements to the proper place in `dnsconfig.js` is manual.
+
 
 ## Redirects
 The Cloudflare provider can manage "Forwarding URL" Page Rules (redirects) for your domains. Simply use the `CF_REDIRECT` and `CF_TEMP_REDIRECT` functions to make redirects:
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 02ea3129be..36d3cacadb 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -503,7 +503,7 @@ func cfSingleRedirectEnabled() bool {
 }
 
 func cfSingleRedirect(name string, code any, when, then string) *models.RecordConfig {
-	r := makeRec("@", name, "CLOUDFLAREAPI_SINGLE_REDIRECT")
+	r := makeRec("@", name, cfsingleredirect.SINGLEREDIRECT)
 	err := cfsingleredirect.FromRaw(r, []any{name, code, when, then})
 	if err != nil {
 		panic("Should not happen... cfSingleRedirect")
@@ -1947,6 +1947,7 @@ func makeTests() []*TestGroup {
 			tc("changecode", cfSingleRedirect(`name1`, `302`, `http.host eq "cnn.slackoverflow.com"`, `concat("https://www.cnn.com", http.request.uri.path)`)),
 			tc("changewhen", cfSingleRedirect(`name1`, `302`, `http.host eq "msnbc.slackoverflow.com"`, `concat("https://www.cnn.com", http.request.uri.path)`)),
 			tc("changethen", cfSingleRedirect(`name1`, `302`, `http.host eq "msnbc.slackoverflow.com"`, `concat("https://www.msnbc.com", http.request.uri.path)`)),
+			tc("changename", cfSingleRedirect(`name1bis`, `302`, `http.host eq "msnbc.slackoverflow.com"`, `concat("https://www.msnbc.com", http.request.uri.path)`)),
 		),
 
 		// CLOUDFLAREAPI: PROXY
diff --git a/models/record.go b/models/record.go
index efe98dcbd5..a00c92654a 100644
--- a/models/record.go
+++ b/models/record.go
@@ -154,17 +154,18 @@ type CloudflareSingleRedirectConfig struct {
 	//
 	Code uint16 `json:"code,omitempty"` // 301 or 302
 	// PR == PageRule
-	PRDisplay  string `json:"pr_display,omitempty"` // How is this displayed to the user
 	PRWhen     string `json:"pr_when,omitempty"`
 	PRThen     string `json:"pr_then,omitempty"`
 	PRPriority int    `json:"pr_priority,omitempty"` // Really an identifier for the rule.
+	PRDisplay  string `json:"pr_display,omitempty"`  // How is this displayed to the user (SetTarget) for CF_REDIRECT/CF_TEMP_REDIRECT
 	//
 	// SR == SingleRedirect
-	SRDisplay        string `json:"sr_display,omitempty"` // How is this displayed to the user
+	SRName           string `json:"sr_name,omitempty"` // How is this displayed to the user
 	SRWhen           string `json:"sr_when,omitempty"`
 	SRThen           string `json:"sr_then,omitempty"`
 	SRRRulesetID     string `json:"sr_rulesetid,omitempty"`
 	SRRRulesetRuleID string `json:"sr_rulesetruleid,omitempty"`
+	SRDisplay        string `json:"sr_display,omitempty"` // How is this displayed to the user (SetTarget) for CF_SINGLE_REDIRECT
 }
 
 // MarshalJSON marshals RecordConfig.
diff --git a/pkg/rtypes/postprocess.go b/pkg/rtypes/postprocess.go
index 5f468b9a80..91a14ddad7 100644
--- a/pkg/rtypes/postprocess.go
+++ b/pkg/rtypes/postprocess.go
@@ -38,6 +38,7 @@ func PostProcess(domains []*models.DomainConfig) error {
 
 			case "CLOUDFLAREAPI_SINGLE_REDIRECT":
 				err = cfsingleredirect.FromRaw(rec, rawRec.Args)
+				rec.SetLabel("@", dc.Name)
 
 			default:
 				err = fmt.Errorf("unknown rawrec type=%q", rawRec.Type)
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index bb79575cab..0188aa36c4 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -87,23 +87,17 @@ type cloudflareProvider struct {
 	cfClient        *cloudflare.API
 	//
 	manageSingleRedirects bool // New "Single Redirects"-style redirects.
+	//
+	// Used by
+	tcLogFilename string   // Transcode Log file name
+	tcLogFh       *os.File // Transcode Log file handle
+	tcZone        string   // Transcode Current zone
 
 	sync.Mutex                      // Protects all access to the following fields:
 	domainIndex map[string]string   // Cache of zone name to zone ID.
 	nameservers map[string][]string // Cache of zone name to list of nameservers.
 }
 
-// TODO(dlemenkov): remove this function after deleting all commented code referecing it
-//func labelMatches(label string, matches []string) bool {
-//	printer.Debugf("DEBUG: labelMatches(%#v, %#v)\n", label, matches)
-//	for _, tst := range matches {
-//		if label == tst {
-//			return true
-//		}
-//	}
-//	return false
-//}
-
 // GetNameservers returns the nameservers for a domain.
 func (c *cloudflareProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
 
@@ -162,17 +156,6 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 		}
 	}
 
-	// // FIXME(tlim) Why is this needed???
-	// // I don't know. Let's comment it out and see if anything breaks.
-	// for i := len(records) - 1; i >= 0; i-- {
-	// 	rec := records[i]
-	// 	// Delete ignore labels
-	// 	if labelMatches(dnsutil.TrimDomainName(rec.Original.(cloudflare.DNSRecord).Name, dc.Name), c.ignoredLabels) {
-	// 		printer.Debugf("ignored_label: %s\n", rec.Original.(cloudflare.DNSRecord).Name)
-	// 		records = append(records[:i], records[i+1:]...)
-	// 	}
-	// }
-
 	if c.manageRedirects { // if old
 		prs, err := c.getPageRules(domainID, domain)
 		if err != nil {
@@ -183,14 +166,11 @@ func (c *cloudflareProvider) GetZoneRecords(domain string, meta map[string]strin
 
 	if c.manageSingleRedirects { // if new xor old
 		// Download the list of Single Redirects.
-		// For each one, generate a CLOUDFLAREAPI_SINGLE_REDIRECT record
-		// Append these records to `records`
+		// For each one, generate a SINGLEREDIRECT record
 		prs, err := c.getSingleRedirects(domainID, domain)
 		if err != nil {
 			return nil, err
 		}
-		//printer.Printf("DEBUG: Single Redirects")
-		//fmt.Fprintf(os.Stdout, "DEBUG: Single Redirects")
 		records = append(records, prs...)
 	}
 
@@ -284,8 +264,6 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		case diff2.DELETE:
 			deleteRec := inst.Old[0]
 			deleteRecType := deleteRec.Type
-			//deleteRecOrig := deleteRec.Original
-			//corrs = c.mkDeleteCorrection(deleteRecType, deleteRecOrig, domainID, msg)
 			corrs = c.mkDeleteCorrection(deleteRecType, deleteRec, domainID, msg)
 			// DS records must always have a corresponding NS record.
 			// Therefore, we remove DS records before any NS records.
@@ -344,10 +322,7 @@ func (c *cloudflareProvider) mkCreateCorrection(newrec *models.RecordConfig, dom
 			Msg: msg,
 			F:   func() error { return c.createWorkerRoute(domainID, newrec.GetTargetField()) },
 		}}
-	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
-		//fmt.Printf("DEBUG: mkCreateSingleRedir: newrec=%+v\n", *newrec)
-		//fmt.Printf("DEBUG: mkCreateSingleRedir: crn=%+v\n", (*newrec).CloudflareRedirect)
-		//fmt.Printf("DEBUG: mkCreateSingleRedir: cr=%+v\n", (*newrec).CloudflareRedirect)
+	case cfsingleredirect.SINGLEREDIRECT:
 		return []*models.Correction{{
 			Msg: msg,
 			F: func() error {
@@ -367,8 +342,7 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 		idTxt = oldrec.Original.(cloudflare.PageRule).ID
 	case "WORKER_ROUTE":
 		idTxt = oldrec.Original.(cloudflare.WorkerRoute).ID
-	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
-		//idTxt = oldrec.Original.(cloudflare.RulesetRule).ID
+	case cfsingleredirect.SINGLEREDIRECT:
 		idTxt = oldrec.CloudflareRedirect.SRRRulesetID
 	default:
 		idTxt = oldrec.Original.(cloudflare.DNSRecord).ID
@@ -383,7 +357,7 @@ func (c *cloudflareProvider) mkChangeCorrection(oldrec, newrec *models.RecordCon
 				return c.updatePageRule(idTxt, domainID, *newrec.CloudflareRedirect)
 			},
 		}}
-	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+	case cfsingleredirect.SINGLEREDIRECT:
 		return []*models.Correction{{
 			Msg: msg,
 			F: func() error {
@@ -416,7 +390,7 @@ func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec *models.
 		idTxt = origRec.Original.(cloudflare.PageRule).ID
 	case "WORKER_ROUTE":
 		idTxt = origRec.Original.(cloudflare.WorkerRoute).ID
-	case "CLOUDFLAREAPI_SINGLE_REDIRECT":
+	case cfsingleredirect.SINGLEREDIRECT:
 		idTxt = origRec.Original.(cloudflare.RulesetRule).ID
 	default:
 		idTxt = origRec.Original.(cloudflare.DNSRecord).ID
@@ -431,12 +405,7 @@ func (c *cloudflareProvider) mkDeleteCorrection(recType string, origRec *models.
 				return c.deletePageRule(origRec.Original.(cloudflare.PageRule).ID, domainID)
 			case "WORKER_ROUTE":
 				return c.deleteWorkerRoute(origRec.Original.(cloudflare.WorkerRoute).ID, domainID)
-			case "CLOUDFLAREAPI_SINGLE_REDIRECT":
-				//o := origRec.Original.(cloudflare.Ruleset)
-				//printer.Printf("DEBUG: DELETE %+v\n", o)
-				// printer.Printf("DEBUG: DELETE ID = %+v\n", o.ID)
-				// printer.Printf("DEBUG: DELETE ACTION %+v\n", o.ActionParameters)
-				// printer.Printf("DEBUG: DELETE FROMVALUE %+v\n", o.ActionParameters.FromValue)
+			case cfsingleredirect.SINGLEREDIRECT:
 				return c.deleteSingleRedirects(domainID, *origRec.CloudflareRedirect)
 			default:
 				return c.deleteDNSRecord(origRec.Original.(cloudflare.DNSRecord), domainID)
@@ -530,7 +499,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 	// A and CNAMEs: Validate. If null, set to default.
 	// else: Make sure it wasn't set.  Set to default.
 	// iterate backwards so first defined page rules have highest priority
-	currentPrPrio := 1
+	prPriority := 0
 	for i := len(dc.Records) - 1; i >= 0; i-- {
 		rec := dc.Records[i]
 		if rec.Metadata == nil {
@@ -564,9 +533,7 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 			}
 		}
 
-		// CF_REDIRECT record types. Encode target as
-		// $FROM,$TO,$PRIO,$CODE or build Cfsr struct for new-style
-		// (Single Redirect) versions.
+		// CF_REDIRECT record types:
 		if rec.Type == "CF_REDIRECT" || rec.Type == "CF_TEMP_REDIRECT" {
 			if !c.manageRedirects && !c.manageSingleRedirects {
 				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_REDIRECT/CF_TEMP_REDIRECT records")
@@ -576,65 +543,49 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 				code = 302
 			}
 
+			part := strings.SplitN(rec.GetTargetField(), ",", 2)
+			prWhen, prThen := part[0], part[1]
+			prPriority++
+
+			// Convert this record to a PAGE_RULE.
+			cfsingleredirect.MakePageRule(rec, prPriority, code, prWhen, prThen)
+			rec.SetLabel("@", dc.Name)
+
 			if c.manageRedirects && !c.manageSingleRedirects {
-				// Old-Style only.  Convert this record to PAGE_RULE.
-				//printer.Printf("DEBUG: prepro() target=%q\n", rec.GetTargetField())
-				sr, err := cfsingleredirect.FromUserInput(rec.GetTargetField(), code, currentPrPrio)
-				if err != nil {
-					return err
-				}
-				fixPageRule(rec, sr)
-				currentPrPrio++
+				// Old-Style only.  No additional work needed.
+
 			} else if !c.manageRedirects && c.manageSingleRedirects {
-				// New-Style only.  Convert this record to a CLOUDFLAREAPI_SINGLE_REDIRECT.
-				sr, err := cfsingleredirect.FromUserInput(rec.GetTargetField(), code, currentPrPrio)
-				if err != nil {
-					return err
-				}
-				err = fixSingleRedirect(rec, sr)
-				if err != nil {
+				// New-Style only.  Convert PAGE_RULE to SINGLEREDIRECT.
+				cfsingleredirect.TranscodePRtoSR(rec)
+				if err := c.LogTranscode(dc.Name, rec.CloudflareRedirect); err != nil {
 					return err
 				}
-			} else {
-				// Both!  Convert this record to PAGE_RULE and append an additional CLOUDFLAREAPI_SINGLE_REDIRECT.
 
-				target := rec.GetTargetField()
+			} else {
+				// Both old-style and new-style enabled!
+				// Retain the PAGE_RULE and append an additional SINGLEREDIRECT.
 
 				// make a copy:
 				newRec, err := rec.Copy()
 				if err != nil {
 					return err
 				}
-
 				// The copy becomes the CF SingleRedirect
-				sr, err := cfsingleredirect.FromUserInput(target, code, currentPrPrio)
-				if err != nil {
+				cfsingleredirect.TranscodePRtoSR(rec)
+				if err := c.LogTranscode(dc.Name, rec.CloudflareRedirect); err != nil {
 					return err
 				}
-				err = fixSingleRedirect(newRec, sr)
-				if err != nil {
-					return err
-				}
-
 				// Append the copy to the end of the list.
 				dc.Records = append(dc.Records, newRec)
 
-				// The original becomes the PAGE_RULE:
-				sr, err = cfsingleredirect.FromUserInput(target, code, currentPrPrio)
-				if err != nil {
-					return err
-				}
-				fixPageRule(rec, sr)
-				currentPrPrio++
-
+				// The original PAGE_RULE remains untouched.
 			}
 
-		} else if rec.Type == "CLOUDFLAREAPI_SINGLE_REDIRECT" {
-			// CLOUDFLAREAPI_SINGLE_REDIRECT record types.
+		} else if rec.Type == cfsingleredirect.SINGLEREDIRECT {
+			// SINGLEREDIRECT record types. Verify they are enabled.
 			if !c.manageSingleRedirects {
 				return fmt.Errorf("you must add 'manage_single_redirects: true' metadata to cloudflare provider to use CF_SINGLE__REDIRECT records")
 			}
-			// Nothing needs to be done.
 
 		} else if rec.Type == "CF_WORKER_ROUTE" {
 			// CF_WORKER_ROUTE record types. Encode target as $PATTERN,$SCRIPT
@@ -672,20 +623,35 @@ func (c *cloudflareProvider) preprocessConfig(dc *models.DomainConfig) error {
 	return nil
 }
 
-func fixPageRule(rc *models.RecordConfig, sr *models.CloudflareSingleRedirectConfig) {
-	rc.Type = "PAGE_RULE"
-	rc.TTL = 1
-	rc.SetTarget(sr.PRDisplay)
-	rc.CloudflareRedirect = sr
-}
+func (c *cloudflareProvider) LogTranscode(zone string, redirect *models.CloudflareSingleRedirectConfig) error {
+	// No filename? Don't log anything.
+	filename := c.tcLogFilename
+	if filename == "" {
+		return nil
+	}
+
+	// File not opened already? Open it.
+	if c.tcLogFh == nil {
+		f, err := os.OpenFile(filename, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
+		if err != nil {
+			return err
+		}
+		c.tcLogFh = f
+	}
+	fh := c.tcLogFh
 
-func fixSingleRedirect(rc *models.RecordConfig, sr *models.CloudflareSingleRedirectConfig) error {
-	rc.Type = "CLOUDFLAREAPI_SINGLE_REDIRECT"
-	rc.TTL = 1
-	rc.SetTarget(sr.SRDisplay)
-	rc.CloudflareRedirect = sr
+	// Output "D(zone)"  if needed.
+	var text string
+	if c.tcZone != zone {
+		text = fmt.Sprintf("D(%q, ...\n", zone)
+	}
+	c.tcZone = zone
 
-	err := cfsingleredirect.AddNewStyleFields(sr)
+	// Generate the new command and output.
+	text = text + fmt.Sprintf("    CF_SINGLE_REDIRECT(%q,\n                       %03d,\n                       '%s',\n                       '%s'\n    ),\n",
+		redirect.SRName, redirect.Code,
+		redirect.SRWhen, redirect.SRThen)
+	_, err := fh.WriteString(text)
 	return err
 }
 
@@ -732,7 +698,8 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 			ManageRedirects bool     `json:"manage_redirects"` // Old-style PAGE_RULE-based redirects
 			ManageWorkers   bool     `json:"manage_workers"`
 			//
-			ManageSingleRedirects bool `json:"manage_single_redirects"` // New-style Dynamic "Single Redirects"
+			ManageSingleRedirects bool   `json:"manage_single_redirects"` // New-style Dynamic "Single Redirects"
+			TranscodeLogFilename  string `json:"transcode_log"`           // Log the PAGE_RULE conversions.
 		}{}
 		err := json.Unmarshal([]byte(metadata), parsedMeta)
 		if err != nil {
@@ -740,6 +707,7 @@ func newCloudflare(m map[string]string, metadata json.RawMessage) (providers.DNS
 		}
 		api.manageSingleRedirects = parsedMeta.ManageSingleRedirects
 		api.manageRedirects = parsedMeta.ManageRedirects
+		api.tcLogFilename = parsedMeta.TranscodeLogFilename
 		api.manageWorkers = parsedMeta.ManageWorkers
 		// ignored_labels:
 		api.ignoredLabels = append(api.ignoredLabels, parsedMeta.IgnoredLabels...)
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 70d3bea187..6280c2393b 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -286,38 +286,28 @@ func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*mo
 		}
 		return nil, fmt.Errorf("failed fetching redirect rule list cloudflare: %s (%T)", err, err)
 	}
-	//var rulelist []cloudflare.RulesetRule
-	//rulelist = rules.Rules
-	//rulelist := rules.Rules
 
-	//printer.Printf("DEBUG: rules %+v\n", rules)
 	recs := []*models.RecordConfig{}
 	for _, pr := range rules.Rules {
-		//printer.Printf("DEBUG: %+v\n", pr)
 
 		var thisPr = pr
 		r := &models.RecordConfig{
-			Type:     "CLOUDFLAREAPI_SINGLE_REDIRECT",
 			Original: thisPr,
-			TTL:      1,
 		}
-		r.SetLabel("@", domain)
 
 		// Extract the valuables from the rule, use it to make the sr:
+		srName := pr.Description
 		srWhen := pr.Expression
 		srThen := pr.ActionParameters.FromValue.TargetURL.Expression
 		code := uint16(pr.ActionParameters.FromValue.StatusCode)
-		sr := cfsingleredirect.FromAPIData(srWhen, srThen, code)
-		//sr.SRRRuleList = rulelist
-		//printer.Printf("DEBUG: DESCRIPTION = %v\n", pr.Description)
-		sr.SRDisplay = pr.Description
-		// printer.Printf("DEBUG: PR = %+v\n", pr)
-		// printer.Printf("DEBUG: rules = %+v\n", rules)
-		sr.SRRRulesetID = rules.ID
-		sr.SRRRulesetRuleID = pr.ID //correct
 
-		r.CloudflareRedirect = sr
-		r.SetTarget(pr.Description)
+		cfsingleredirect.MakeSingleRedirectFromAPI(r, code, srName, srWhen, srThen)
+		r.SetLabel("@", domain)
+
+		// Store the IDs
+		sr := r.CloudflareRedirect
+		sr.SRRRulesetID = rules.ID
+		sr.SRRRulesetRuleID = pr.ID
 
 		recs = append(recs, r)
 	}
@@ -327,9 +317,6 @@ func (c *cloudflareProvider) getSingleRedirects(id string, domain string) ([]*mo
 
 func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.CloudflareSingleRedirectConfig) error {
 
-	//printer.Printf("DEBUG: createSingleRedir: d=%v crf=%+v\n", domainID, cfr)
-	// Asumption for target:
-
 	newSingleRedirectRulesActionParameters := cloudflare.RulesetRuleActionParameters{}
 	newSingleRedirectRule := cloudflare.RulesetRule{}
 	newSingleRedirectRules := []cloudflare.RulesetRule{}
@@ -347,7 +334,8 @@ func (c *cloudflareProvider) createSingleRedirect(domainID string, cfr models.Cl
 	// Redirect expression
 	newSingleRedirectRulesActionParameters.FromValue.TargetURL.Expression = cfr.SRThen
 	// Redirect name
-	newSingleRedirectRules[0].Description = cfr.SRDisplay
+	newSingleRedirectRules[0].Description = cfr.SRName
+
 	// Rule action, should always be redirect in this case
 	newSingleRedirectRules[0].Action = "redirect"
 	// Phase should always be http_request_dynamic_redirect
@@ -401,7 +389,7 @@ func (c *cloudflareProvider) deleteSingleRedirects(domainID string, cfr models.C
 	//printer.Printf("DEBUG: CALLING API DeleteRulesetRule: SRRRulesetID=%v, cfr.SRRRulesetRuleID=%v\n", cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
 
 	err := c.cfClient.DeleteRulesetRule(context.Background(), cloudflare.ZoneIdentifier(domainID), cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
-	// TODO(tlim): This is terrible.  It returns an error even when it is successful.
+	// NB(tlim): Yuck. This returns an error even when it is successful. Dig into the JSON for the real status.
 	if strings.Contains(err.Error(), `"success": true,`) {
 		return nil
 	}
@@ -410,13 +398,9 @@ func (c *cloudflareProvider) deleteSingleRedirects(domainID string, cfr models.C
 }
 
 func (c *cloudflareProvider) updateSingleRedirect(domainID string, oldrec, newrec *models.RecordConfig) error {
-	// rulesetID := cfr.SRRRulesetID
-	// rulesetRuleID := cfr.SRRRulesetRuleID
-	//printer.Printf("DEBUG: UPDATE-DEL domID=%v sr=%+v\n", domainID, cfr)
 	if err := c.deleteSingleRedirects(domainID, *oldrec.CloudflareRedirect); err != nil {
 		return err
 	}
-	//printer.Printf("DEBUG: UPDATE-CREATE domID=%v sr=%+v\n", domainID, newrec.CloudflareRedirect)
 	return c.createSingleRedirect(domainID, *newrec.CloudflareRedirect)
 }
 
@@ -437,24 +421,17 @@ func (c *cloudflareProvider) getPageRules(id string, domain string) ([]*models.R
 		value := pr.Actions[0].Value.(map[string]interface{})
 		var thisPr = pr
 		r := &models.RecordConfig{
-			Type:     "PAGE_RULE",
 			Original: thisPr,
-			TTL:      1,
 		}
-		r.SetLabel("@", domain)
+
 		code := intZero(value["status_code"])
-		raw := fmt.Sprintf("%s,%s,%d,%d", // $FROM,$TO,$PRIO,$CODE
-			pr.Targets[0].Constraint.Value,
-			value["url"],
-			pr.Priority,
-			code)
-		r.SetTarget(raw)
-
-		cr, err := cfsingleredirect.FromUserInput(raw, code, pr.Priority)
-		if err != nil {
-			return nil, err
-		}
-		r.CloudflareRedirect = cr
+
+		when := pr.Targets[0].Constraint.Value
+		then := value["url"].(string)
+		currentPrPrio := pr.Priority
+
+		cfsingleredirect.MakePageRule(r, currentPrPrio, code, when, then)
+		r.SetLabel("@", domain)
 
 		recs = append(recs, r)
 	}
@@ -492,7 +469,6 @@ func (c *cloudflareProvider) createPageRule(domainID string, cfr models.Cloudfla
 			}},
 		},
 	}
-	//printer.Printf("DEBUG: createPageRule pr=%+v\n", pr)
 	_, err := c.cfClient.CreatePageRule(context.Background(), domainID, pr)
 	return err
 }
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
index 792514a51a..a00ca4a5dc 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/cfsingleredirect.go
@@ -7,10 +7,14 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/rtypecontrol"
 )
 
+// SINGLEREDIRECT is the string name for this rType.
+const SINGLEREDIRECT = "CLOUDFLAREAPI_SINGLE_REDIRECT"
+
 func init() {
-	rtypecontrol.Register("CLOUDFLAREAPI_SINGLE_REDIRECT")
+	rtypecontrol.Register(SINGLEREDIRECT)
 }
 
+// FromRaw convert RecordConfig using data from a RawRecordConfig's parameters.
 func FromRaw(rc *models.RecordConfig, items []any) error {
 
 	// Validate types.
@@ -23,17 +27,14 @@ func FromRaw(rc *models.RecordConfig, items []any) error {
 	var code uint16
 
 	name = items[0].(string)
-
 	code = items[1].(uint16)
 	if code != 301 && code != 302 {
 		return fmt.Errorf("code (%03d) is not 301 or 302", code)
 	}
+	when = items[2].(string)
+	then = items[3].(string)
 
-	when, then = items[2].(string), items[3].(string)
-
-	rc.Name = name
-	rc.CloudflareRedirect = FromAPIData(when, then, code)
-	rc.SetTarget(rc.CloudflareRedirect.SRDisplay)
+	makeSingleRedirectFromRawRec(rc, code, name, when, then)
 
 	return nil
 }
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/convert.go b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
index 078add236f..40ada49867 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/convert.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/convert.go
@@ -9,51 +9,29 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 )
 
-func FromUserInput(target string, code uint16, priority int) (*models.CloudflareSingleRedirectConfig, error) {
-	// target: matcher,replacement,priority,code
-	// target: cable.slackoverflow.com/*,https://change.cnn.com/$1,1,302
-
-	r := &models.CloudflareSingleRedirectConfig{}
-
-	// Break apart the 4-part string and store into the individual fields:
-	parts := strings.Split(target, ",")
-	//printer.Printf("DEBUG: cfsrFromOldStyle: parts=%v\n", parts)
-	r.PRDisplay = fmt.Sprintf("%s,%d,%03d", target, priority, code)
-	r.PRWhen = parts[0]
-	r.PRThen = parts[1]
-	r.PRPriority = priority
-	r.Code = code
-
-	// Convert old-style to new-style:
-	if err := AddNewStyleFields(r); err != nil {
-		return nil, err
-	}
-	return r, nil
-}
-
-// AddNewStyleFields takes a PAGE_RULE-style target and populates the CFSRC.
-func AddNewStyleFields(sr *models.CloudflareSingleRedirectConfig) error {
+// TranscodePRtoSR takes a PAGE_RULE record, stores transcoded versions of the fields, and makes the record a CLOUDFLAREAPI_SINGLE_REDDIRECT.
+func TranscodePRtoSR(rec *models.RecordConfig) error {
+	rec.Type = SINGLEREDIRECT // This record is now a CLOUDFLAREAPI_SINGLE_REDIRECT
 
 	// Extract the fields we're reading from:
+	sr := rec.CloudflareRedirect
+	code := sr.Code
 	prWhen := sr.PRWhen
 	prThen := sr.PRThen
-	code := sr.Code
+	srName := sr.PRDisplay
 
 	// Convert old-style patterns to new-style rules:
 	srWhen, srThen, err := makeRuleFromPattern(prWhen, prThen)
 	if err != nil {
 		return err
 	}
-	display := fmt.Sprintf(`%s,%s,%d,%03d matcher=%s replacement=%s`,
+
+	// Fix the RecordConfig
+	makeSingleRedirectFromConvert(rec,
+		sr.PRPriority,
 		prWhen, prThen,
-		sr.PRPriority, code,
-		srWhen, srThen,
-	)
-
-	// Store the results in the fields we're writing to:
-	sr.SRWhen = srWhen
-	sr.SRThen = srThen
-	sr.SRDisplay = display
+		code,
+		srName, srWhen, srThen)
 
 	return nil
 }
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go b/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
index 88f328edae..54e9bef7e2 100644
--- a/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
+++ b/providers/cloudflare/rtypes/cfsingleredirect/convert_test.go
@@ -94,15 +94,6 @@ func Test_makeSingleDirectRule(t *testing.T) {
 			wantExpr:  `concat("https://survey.stackoverflow.co/2021", "")`,
 			wantErr:   false,
 		},
-		// {
-		// 	name:      "27",
-		// 	pattern:   "*www.stackoverflow.help/*",
-		// 	replace:   "https://stackoverflow.help/$1",
-		/// FIXME(tlim): Should "$1" should be a "$2"?   See dnsconfig.js:4344
-		// 	wantMatch: `FIXME`,
-		// 	wantExpr:  `FIXME`,
-		// 	wantErr:   false,
-		// },
 		{
 			name:      "28",
 			pattern:   "*stackoverflow.help/support/solutions/articles/36000241656-write-an-article",
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/from.go b/providers/cloudflare/rtypes/cfsingleredirect/from.go
new file mode 100644
index 0000000000..f1bd3f71f0
--- /dev/null
+++ b/providers/cloudflare/rtypes/cfsingleredirect/from.go
@@ -0,0 +1,122 @@
+package cfsingleredirect
+
+import (
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+)
+
+// MakePageRule updates a RecordConfig to be a PAGE_RULE using PAGE_RULE data.
+func MakePageRule(rc *models.RecordConfig, priority int, code uint16, when, then string) {
+	display := mkPageRuleBlob(priority, code, when, then)
+
+	rc.Type = "PAGE_RULE"
+	rc.TTL = 1
+	rc.CloudflareRedirect = &models.CloudflareSingleRedirectConfig{
+		Code: code,
+		//
+		PRWhen:     when,
+		PRThen:     then,
+		PRPriority: priority,
+		PRDisplay:  display,
+	}
+	rc.SetTarget(display)
+}
+
+// mkPageRuleBlob creates the 1,301,when,then string used in displays.
+func mkPageRuleBlob(priority int, code uint16, when, then string) string {
+	return fmt.Sprintf("%d,%03d,%s,%s", priority, code, when, then)
+}
+
+// makeSingleRedirectFromRawRec updates a RecordConfig to be a
+// SINGLEREDIRECT using the data from a RawRecord.
+func makeSingleRedirectFromRawRec(rc *models.RecordConfig, code uint16, name, when, then string) {
+	target := targetFromRaw(name, code, when, then)
+
+	rc.Type = SINGLEREDIRECT
+	rc.TTL = 1
+	rc.CloudflareRedirect = &models.CloudflareSingleRedirectConfig{
+		Code: code,
+		//
+		PRWhen:     "UNKNOWABLE",
+		PRThen:     "UNKNOWABLE",
+		PRPriority: 0,
+		PRDisplay:  "UNKNOWABLE",
+		//
+		SRName:    name,
+		SRWhen:    when,
+		SRThen:    then,
+		SRDisplay: target,
+	}
+	rc.SetTarget(rc.CloudflareRedirect.SRDisplay)
+}
+
+// targetFromRaw create the display text used for a normal Redirect.
+func targetFromRaw(name string, code uint16, when, then string) string {
+	return fmt.Sprintf("%s code=(%03d) when=(%s) then=(%s)",
+		name,
+		code,
+		when,
+		then,
+	)
+}
+
+// MakeSingleRedirectFromAPI updatese a RecordConfig to be a SINGLEREDIRECT using data downloaded via the API.
+func MakeSingleRedirectFromAPI(rc *models.RecordConfig, code uint16, name, when, then string) {
+	// The target is the same as the name. It is the responsibility of the record creator to name it something diffable.
+	target := targetFromAPIData(name, code, when, then)
+
+	rc.Type = SINGLEREDIRECT
+	rc.TTL = 1
+	rc.CloudflareRedirect = &models.CloudflareSingleRedirectConfig{
+		Code: code,
+		//
+		PRWhen:     "UNKNOWABLE",
+		PRThen:     "UNKNOWABLE",
+		PRPriority: 0,
+		PRDisplay:  "UNKNOWABLE",
+		//
+		SRName:    name,
+		SRWhen:    when,
+		SRThen:    then,
+		SRDisplay: target,
+	}
+	rc.SetTarget(rc.CloudflareRedirect.SRDisplay)
+}
+
+// targetFromAPIData creates the display text used for a Redirect as received from Cloudflare's API.
+func targetFromAPIData(name string, code uint16, when, then string) string {
+	return fmt.Sprintf("%s code=(%03d) when=(%s) then=(%s)",
+		name,
+		code,
+		when,
+		then,
+	)
+}
+
+// makeSingleRedirectFromConvert updates a RecordConfig to be a SINGLEREDIRECT using data from a PAGE_RULE conversion.
+func makeSingleRedirectFromConvert(rc *models.RecordConfig,
+	priority int,
+	prWhen, prThen string,
+	code uint16,
+	srName, srWhen, srThen string) {
+
+	srDisplay := targetFromConverted(priority, code, prWhen, prThen, srWhen, srThen)
+
+	rc.Type = SINGLEREDIRECT
+	rc.TTL = 1
+	sr := rc.CloudflareRedirect
+	sr.Code = code
+
+	sr.SRName = srName
+	sr.SRWhen = srWhen
+	sr.SRThen = srThen
+	sr.SRDisplay = srDisplay
+
+	rc.SetTarget(rc.CloudflareRedirect.SRDisplay)
+}
+
+// targetFromConverted makes the display text used when a redirect was the result of converting a PAGE_RULE.
+func targetFromConverted(prPriority int, code uint16, prWhen, prThen, srWhen, srThen string) string {
+	return fmt.Sprintf("%d,%03d,%s,%s code=(%03d) when=(%s) then=(%s)", prPriority, code, prWhen, prThen, code, srWhen, srThen)
+}
diff --git a/providers/cloudflare/rtypes/cfsingleredirect/native.go b/providers/cloudflare/rtypes/cfsingleredirect/native.go
deleted file mode 100644
index fcfd22d568..0000000000
--- a/providers/cloudflare/rtypes/cfsingleredirect/native.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package cfsingleredirect
-
-import (
-	"fmt"
-
-	"github.com/StackExchange/dnscontrol/v4/models"
-)
-
-func FromAPIData(sm, sr string, code uint16) *models.CloudflareSingleRedirectConfig {
-	r := &models.CloudflareSingleRedirectConfig{
-		PRWhen:    "UNKNOWABLE",
-		PRThen:    "UNKNOWABLE",
-		Code:      code,
-		SRDisplay: fmt.Sprintf("code=%03d when=(%v) then=(%v)", code, sm, sr),
-		SRWhen:    sm,
-		SRThen:    sr,
-	}
-	return r
-}

From e03c5cb7e9b7cd441c0674f89e30b0fac825dd74 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Mon, 5 Aug 2024 19:37:14 +0200
Subject: [PATCH 316/438] Gitter - Drop communication channel (#3066)

---
 README.md                            |  1 -
 documentation/release-engineering.md | 10 +---------
 2 files changed, 1 insertion(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 8fd972e2bb..0a1bc05893 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,6 @@
 # DNSControl
 
 [![StackExchange/dnscontrol/build](https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml/badge.svg)](https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml)
-[![Gitter chat](https://badges.gitter.im/dnscontrol/Lobby.png)](https://gitter.im/dnscontrol/Lobby)
 [![Google Group](https://img.shields.io/badge/google%20group-chat-green.svg)](https://groups.google.com/forum/#!forum/dnscontrol-discuss)
 [![PkgGoDev](https://pkg.go.dev/badge/github.com/StackExchange/dnscontrol)](https://pkg.go.dev/github.com/StackExchange/dnscontrol/v4)
 
diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index 40f1c48715..e021fce1d7 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -74,15 +74,7 @@ https://github.com/StackExchange/dnscontrol/releases/tag/v$VERSION
 it.  [Click here to join](https://groups.google.com/g/dnscontrol-discuss).
 {% endhint %}
 
-## Step 5. Announce it via chat
-
-Mention on [https://gitter.im/dnscontrol/Lobby](https://gitter.im/dnscontrol/Lobby) that the new release has shipped.
-
-```text
-ANNOUNCEMENT: dnscontrol v$VERSION has been released! https://github.com/StackExchange/dnscontrol/releases/tag/v$VERSION
-```
-
-## Step 6. Get credit
+## Step 5. Get credit
 
 Mention the fact that you did this release in your weekly accomplishments.
 

From 62112d15a618f8e772abf21601d9726e94d51ba4 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 5 Aug 2024 15:37:45 -0400
Subject: [PATCH 317/438] update deps (#3068)

---
 go.mod |  65 +++++++++++++++--------------
 go.sum | 126 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 94 insertions(+), 97 deletions(-)

diff --git a/go.mod b/go.mod
index e36197c4b4..461d841d5c 100644
--- a/go.mod
+++ b/go.mod
@@ -18,16 +18,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.30.1
-	github.com/aws/aws-sdk-go-v2/config v1.27.24
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.24
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1
+	github.com/aws/aws-sdk-go-v2 v1.30.3
+	github.com/aws/aws-sdk-go-v2/config v1.27.27
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.27
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5
-	github.com/cloudflare/cloudflare-go v0.97.0
-	github.com/digitalocean/godo v1.118.0
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6
+	github.com/cloudflare/cloudflare-go v0.101.0
+	github.com/digitalocean/godo v1.119.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -38,7 +38,7 @@ require (
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.61
-	github.com/mittwald/go-powerdns v0.6.3
+	github.com/mittwald/go-powerdns v0.6.4
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
 	github.com/oracle/oci-go-sdk/v32 v32.0.0
@@ -50,18 +50,18 @@ require (
 	github.com/robertkrimen/otto v0.4.0
 	github.com/softlayer/softlayer-go v1.1.5
 	github.com/stretchr/testify v1.9.0
-	github.com/transip/gotransip/v6 v6.24.0
-	github.com/urfave/cli/v2 v2.27.2
+	github.com/transip/gotransip/v6 v6.25.0
+	github.com/urfave/cli/v2 v2.27.3
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/net v0.27.0
-	golang.org/x/oauth2 v0.21.0
-	google.golang.org/api v0.188.0
+	golang.org/x/oauth2 v0.22.0
+	google.golang.org/api v0.190.0
 	gopkg.in/ns1/ns1-go.v2 v2.11.0
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
@@ -72,28 +72,28 @@ require (
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240707233637-46b078467d37
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/text v0.16.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.7.0 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
-	cloud.google.com/go/compute/metadata v0.4.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect
+	cloud.google.com/go/auth v0.7.3 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect
+	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
 	github.com/aws/smithy-go v1.20.3 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -104,19 +104,18 @@ require (
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -148,7 +147,7 @@ require (
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
-	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
+	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	go.mongodb.org/mongo-driver v1.12.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
@@ -160,8 +159,8 @@ require (
 	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
 	google.golang.org/grpc v1.64.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 1bdb3e00b5..c065151d55 100644
--- a/go.sum
+++ b/go.sum
@@ -1,16 +1,16 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.7.0 h1:kf/x9B3WTbBUHkC+1VS8wwwli9TzhSt0vSTVBmMR8Ts=
-cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw=
-cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
-cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
-cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c=
-cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI=
+cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY=
+cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA=
+cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI=
+cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I=
+cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
+cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o=
-github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
+github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
@@ -41,34 +41,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o=
-github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
-github.com/aws/aws-sdk-go-v2/config v1.27.24 h1:NM9XicZ5o1CBU/MZaHwFtimRpWx9ohAUAqkG6AqSqPo=
-github.com/aws/aws-sdk-go-v2/config v1.27.24/go.mod h1:aXzi6QJTuQRVVusAO8/NxpdTeTyr/wRcybdDtfUwJSs=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.24 h1:YclAsrnb1/GTQNt2nzv+756Iw4mF8AOzcDfweWwwm/M=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.24/go.mod h1:Hld7tmnAkoBQdTMNYZGzztzKRdA4fCdn9L83LOoigac=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8=
+github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
+github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
+github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90=
+github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1 h1:nsqHenlmW2rjUgMTiA58YhVAEooFA4IaXdzB6Y7WOpc=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.42.1/go.mod h1:FL7amoKYyP0gYGOvg2ea5kGW5mh0NsBS9AGWR11LMVo=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1 h1:uZaxAiNNMPjG+e62AkoAQC741a1qZn3ykSguq4uWusg=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.1/go.mod h1:RtjKHdAJsjzeadr5jgXgKPMn6GXF8y1eXs/VXVYAfrE=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 h1:ORnrOK0C4WmYV/uYt3koHEWBLYsRDwk2Np+eEoyV4Z0=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3 h1:MmLCRqP4U4Cw9gJ4bNrCG0mWqEtBlmAVleyelcHARMU=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3/go.mod h1:AMPjK2YnRh0YgOID3PqhJA1BRNfXDfGOnSsKHtAe8yA=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3 h1:VGLIgiClxmwxBpGzHERgNgwJMukHZpLcQZqJuQYjAiM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3/go.mod h1:Kgq5O7ZaDk0mTZmX6YCL+ZtZ1YcJHtGsVubp0OT77MA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ=
 github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
 github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5 h1:z1yCHpDCxChsS8xZRb/7E4XKW3OfGO8IRpS/msnOfYY=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.5/go.mod h1:VEvVb1+MamCz0hZrwOCDNK3L6RArOazyKF4ZjWVA2Y0=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6 h1:Y/ysEHH/jbcxiH23ho8+lqWolf8PJEvMfwBlFZkbY3E=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6/go.mod h1:VEvVb1+MamCz0hZrwOCDNK3L6RArOazyKF4ZjWVA2Y0=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -101,8 +101,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.118.0 h1:lkzGFQmACrVCp7UqH1sAi4JK/PWwlc5aaxubgorKmC4=
-github.com/digitalocean/godo v1.118.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo=
+github.com/digitalocean/godo v1.119.0 h1:dmFNQwSIAcH3z+FVovHLkazKDC2uA8oOlGvg5+H4vRw=
+github.com/digitalocean/godo v1.119.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -134,8 +134,8 @@ github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT
 github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
 github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -179,8 +179,6 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
-github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -199,8 +197,8 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
-github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
+github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
+github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -209,8 +207,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
 github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
-github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA=
-github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E=
+github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
+github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -311,8 +309,8 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mittwald/go-powerdns v0.6.3 h1:t7HhWNosL+To+gJ+K4TRh1sZiFtB64ZrRlVvKPkpRGw=
-github.com/mittwald/go-powerdns v0.6.3/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
+github.com/mittwald/go-powerdns v0.6.4 h1:cVDp+5HtL21YZ1XasbMHWa2eZyCzbvQO8NPZrguVx9Y=
+github.com/mittwald/go-powerdns v0.6.4/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -401,14 +399,14 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
-github.com/transip/gotransip/v6 v6.24.0 h1:QaHgRT3ikpMCXr8Ntojiced/W4izd9ra9PNE/i+7qTE=
-github.com/transip/gotransip/v6 v6.24.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
+github.com/transip/gotransip/v6 v6.25.0 h1:/H+SjMq/9HNZ0/maE1OLhJpxLaCGHsxq0PWaMPJHxK4=
+github.com/transip/gotransip/v6 v6.25.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
-github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
+github.com/urfave/cli/v2 v2.27.3 h1:/POWahRmdh7uztQ3CYnaDddk0Rm90PyOgIxgW2rr41M=
+github.com/urfave/cli/v2 v2.27.3/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -421,8 +419,8 @@ github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gi
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
-github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
-github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -452,8 +450,8 @@ golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOM
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w=
-golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -484,8 +482,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
-golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
+golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -564,17 +562,17 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw=
-google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag=
+google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q=
+google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk=
+google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From 2944eded30e003e1b0339c121677cd1c7d64fb02 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 5 Aug 2024 16:12:20 -0400
Subject: [PATCH 318/438] TESTING: Fix reversed got/want output in
 compareconfig_test.go (#3070)

---
 pkg/diff2/compareconfig_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/diff2/compareconfig_test.go b/pkg/diff2/compareconfig_test.go
index de7fc0912b..0c221a8158 100644
--- a/pkg/diff2/compareconfig_test.go
+++ b/pkg/diff2/compareconfig_test.go
@@ -235,7 +235,7 @@ compFn: <nil>
 			got := strings.TrimSpace(cc.String())
 			tt.want = strings.TrimSpace(tt.want)
 			if got != tt.want {
-				d := diff.Diff(got, tt.want)
+				d := diff.Diff(tt.want, got)
 				t.Errorf("NewCompareConfig() = \n%s\n", d)
 			}
 		})

From 3102ec4060342dc22b65333bbea5fe6f7eb2ecb0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 5 Aug 2024 16:33:24 -0400
Subject: [PATCH 319/438] CHORE: gitignore should include *.ACTUAL (#3069)

---
 .gitignore | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitignore b/.gitignore
index 70089b4c2e..88410ef519 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,6 @@ stack.sh
 types-dnscontrol.d.ts
 
 dist/
+
+// Test artifact:
+*.ACTUAL

From 411a1ed1c73142995a40c1dfabc03fe5550ed73b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 16:34:03 -0400
Subject: [PATCH 320/438] Build(deps): Bump actions/upload-artifact from 4.3.4
 to 4.3.5 (#3067)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 606940ab93..e0f8c3e210 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.4
+    - uses: actions/upload-artifact@v4.3.5
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -206,7 +206,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.4
+    - uses: actions/upload-artifact@v4.3.5
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From dedf3989d758d63e757898b06ef5bdff0b2f5d55 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 5 Aug 2024 16:36:04 -0400
Subject: [PATCH 321/438] Build(deps): Bump alpine from 3.20.1 to 3.20.2
 (#3063)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 72e47cb9fd..b78f175eb3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 as RUN
+FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From 69533fca2399a59084f9e2f669311477dec6d576 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 5 Aug 2024 16:38:40 -0400
Subject: [PATCH 322/438] BUNNY_DNS: run goimports on convert.go (#3071)

---
 providers/bunnydns/convert.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/providers/bunnydns/convert.go b/providers/bunnydns/convert.go
index 617e9a2808..97a40c946b 100644
--- a/providers/bunnydns/convert.go
+++ b/providers/bunnydns/convert.go
@@ -2,10 +2,11 @@ package bunnydns
 
 import (
 	"fmt"
+	"strings"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/miekg/dns/dnsutil"
 	"golang.org/x/exp/slices"
-	"strings"
 )
 
 var fqdnTypes = []recordType{recordTypeCNAME, recordTypeMX, recordTypeNS, recordTypePTR, recordTypeSRV}

From e86c666942c155125f1b05e03e76398fe6767e21 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 6 Aug 2024 10:48:04 -0400
Subject: [PATCH 323/438] PORKBUN: Remove unused function (#3072)

---
 providers/porkbun/api.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 70dc7d6ba5..d101a27c79 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -4,12 +4,13 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"io"
 	"net/http"
 	"sort"
 	"strings"
 	"time"
+
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 )
 
 const (
@@ -100,12 +101,6 @@ retry:
 	return bodyString, nil
 }
 
-func (c *porkbunProvider) ping() error {
-	params := requestParams{}
-	_, err := c.post("/ping", params)
-	return err
-}
-
 func (c *porkbunProvider) createRecord(domain string, rec requestParams) error {
 	if _, err := c.post("/dns/create/"+domain, rec); err != nil {
 		return fmt.Errorf("failed create record (porkbun): %w", err)

From 24b5c4b0e421942a65eb2e8df63329046e983048 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 6 Aug 2024 21:05:51 +0200
Subject: [PATCH 324/438] CICD: Removed CodeQL workflow (#3073)

---
 .github/workflows/codeql.yml | 76 ------------------------------------
 1 file changed, 76 deletions(-)
 delete mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index dc724f155f..0000000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "main" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
-  schedule:
-    - cron: '32 19 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"

From 663be6e26864216570f575c494cfd88f788618ba Mon Sep 17 00:00:00 2001
From: llange <llange@users.noreply.github.com>
Date: Fri, 9 Aug 2024 14:58:54 +0200
Subject: [PATCH 325/438] GANDI: Adopt new Gandi v5 auth changes (#2726)

---
 documentation/provider/gandi_v5.md    | 54 +++++++++++++++++++++++----
 integrationTest/providers.json        |  3 +-
 providers/gandiv5/gandi_v5Provider.go | 54 ++++++++++++++-------------
 3 files changed, 78 insertions(+), 33 deletions(-)

diff --git a/documentation/provider/gandi_v5.md b/documentation/provider/gandi_v5.md
index 856471d5d6..4f1942d000 100644
--- a/documentation/provider/gandi_v5.md
+++ b/documentation/provider/gandi_v5.md
@@ -1,19 +1,31 @@
 `GANDI_V5` uses the v5 API and can act as a registrar provider
 or a DNS provider. It is only able to work with domains
 migrated to the new LiveDNS API, which should be all domains.
-API keys are assigned to particular users.  Go to User Settings,
-"Manage the user account and security settings", the "Security"
-tab, then regenerate the "Production API key".
 
 * API Documentation: https://api.gandi.net/docs
 * API Endpoint: https://api.gandi.net/
+* Sandbox API Documentation: https://api.sandbox.gandi.net/docs/
+* Sandbox API Endpoint: https://api.sandbox.gandi.net/
 
 ## Configuration
 
 To use this provider, add an entry to `creds.json` with `TYPE` set to `GANDI_V5`
-along your Gandi.net API key. The [sharing_id](https://api.gandi.net/docs/reference/) is optional.
+along with other settings:
 
-The `sharing_id` selects between different organizations which your account is
+* (mandatory, string) your Gandi.net access credentials (see below) - one of:
+  * `token`: Personal Access Token (PAT)
+  * `apikey` API Key (deprecated)
+* `apiurl`: (optional, string) the endpoint of the API. When empty or absent the production
+endpoint is used (default) ; you can use it to select the Sandbox API Endpoint instead.
+* `sharing_id`: (optional, string) let you scope to a specific organization. When empty or absent
+calls are not scoped to a specific organization.
+
+When both `token` and `apikey` are defined, the priority is given to `token` which will
+be used for API communication (as if `apikey` was not set).
+See [the Authentication section](#authentication) for details on obtaining these credentials.
+
+
+The [sharing_id](https://api.gandi.net/docs/reference/#Sharing-ID) selects between different organizations which your account is
 a member of; to manage domains in multiple organizations, you can use multiple
 `creds.json` entries.
 
@@ -33,13 +45,32 @@ Example:
 {
   "gandi": {
     "TYPE": "GANDI_V5",
-    "apikey": "your-gandi-key",
+    "token": "your-gandi-personal-access-token",
     "sharing_id": "your-sharing_id"
   }
 }
 ```
 {% endcode %}
 
+## Authentication
+
+(Cf [official documentation of the API](https://api.gandi.net/docs/authentication/)
+The **Personal Access Token** (PAT) is configured in the [Account Settings of the
+Gandi Admin application](https://admin.gandi.net/organizations/account/pat), then
+click on "Create a token" button.
+Choose an organisation (if your account happens to have multiple ones).
+Then, choose a name (limited to 42 chars), an expiration date.
+You can choose to limit the scope to a select number of products (domain names).
+Finally, choose the permissions : the needed one is "Manage domain name technical configurations"
+(in French: "Gérer la configuration technique des domaines"), which automatically
+implies "See and renew domain names" (in French: "Voir et renouveler les domaines").
+You then have only one (1) chance to copy and save the token somewhere.
+
+The **API Key** is the previous (deprecated) mechanism used to do api calls.
+To generate or delete your API key, go to User Settings,
+"Manage the user account and security settings", the "Authentication options"
+tab, then regenerate the "Production API key" under "Developer access"
+
 ## Metadata
 This provider does not recognize any special metadata fields unique to Gandi.
 
@@ -80,7 +111,7 @@ If a domain does not exist in your Gandi account, DNSControl will *not* automati
 Error getting corrections: 401: The server could not verify that you authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad api key), or your access token has expired
 ```
 
-This is the error you'll see if your `apikey` in `creds.json` is wrong or invalid.
+This is the error you'll see if your `token` (or (deprecated) `apikey`) in `creds.json` is wrong or invalid.
 
 #### Domain does not exist in profile
 
@@ -97,3 +128,12 @@ If a `dnscontrol get-zones --format=nameonly CredId - all` returns nothing,
 this is usually because your `creds.json`  information is pointing at an empty
 organization or no organization.  The solution is to set `sharing_id` in
 `creds.json`.
+
+
+## Development
+
+### Debugging
+Set `GANDI_V5_DEBUG` environment variable to a [boolean-compatible](https://pkg.go.dev/strconv#ParseBool) value to dump all API calls made by this provider.
+
+### Testing
+Set `apiurl` key to the endpoint url for the sandbox (https://api.sandbox.gandi.net/), along with corresponding `token` (or (deprecated) `apikey`) created in this sandbox environment (Cf https://api.sandbox.gandi.net/docs/sandbox/) to make all API calls against Gandi sandbox environment.
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index 60dbca7f3f..cf2550512f 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -112,7 +112,8 @@
   "GANDI_V5": {
     "TYPE": "GANDI_V5",
     "apikey": "$GANDI_V5_APIKEY",
-    "domain": "$GANDI_V5_DOMAIN"
+    "domain": "$GANDI_V5_DOMAIN",
+    "token": "$GANDI_V5_TOKEN"
   },
   "GCLOUD": {
     "TYPE": "GCLOUD",
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 4385e3627d..06e0ca92a0 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -27,6 +27,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/go-gandi/go-gandi"
 	"github.com/go-gandi/go-gandi/config"
+	"github.com/go-gandi/go-gandi/livedns"
 	"github.com/miekg/dns/dnsutil"
 )
 
@@ -72,8 +73,10 @@ var features = providers.DocumentationNotes{
 // gandiv5Provider is the gandiv5Provider handle used to store any client-related state.
 type gandiv5Provider struct {
 	apikey    string
+	token     string
 	sharingid string
 	debug     bool
+	apiurl    string
 }
 
 // newDsp generates a DNS Service Provider client handle.
@@ -90,10 +93,12 @@ func newReg(conf map[string]string) (providers.Registrar, error) {
 func newHelper(m map[string]string, _ json.RawMessage) (*gandiv5Provider, error) {
 	api := &gandiv5Provider{}
 	api.apikey = m["apikey"]
-	if api.apikey == "" {
-		return nil, fmt.Errorf("missing Gandi apikey")
+	api.token = m["token"]
+	if (api.apikey == "") && (api.token == "") {
+		return nil, fmt.Errorf("missing Gandi personal access token (or apikey - deprecated)")
 	}
 	api.sharingid = m["sharing_id"]
+	api.apiurl = m["apiurl"]
 	debug, err := strconv.ParseBool(os.Getenv("GANDI_V5_DEBUG"))
 	if err == nil {
 		api.debug = debug
@@ -104,15 +109,24 @@ func newHelper(m map[string]string, _ json.RawMessage) (*gandiv5Provider, error)
 
 // Section 3: Domain Service Provider (DSP) related functions
 
+// newLiveDNSClient returns a client to the Gandi Domains API
+// It expects an API key, available from https://account.gandi.net/en/
+func newLiveDNSClient(client *gandiv5Provider) *livedns.LiveDNS {
+	g := gandi.NewLiveDNSClient(config.Config{
+		APIKey:              client.apikey,
+		PersonalAccessToken: client.token,
+		SharingID:           client.sharingid,
+		Debug:               client.debug,
+		APIURL:              client.apiurl,
+	})
+	return g
+}
+
 // // ListZones lists the zones on this account.
 // This no longer works. Until we can figure out why, we're removing this
 // feature for Gandi.
 // func (client *gandiv5Provider) ListZones() ([]string, error) {
-// 	g := gandi.NewLiveDNSClient(config.Config{
-// 		APIKey:    client.apikey,
-// 		SharingID: client.sharingid,
-// 		Debug:     client.debug,
-// 	})
+// g := newLiveDNSClient(client)
 
 // 	listResp, err := g.ListDomains()
 // 	if err != nil {
@@ -133,11 +147,7 @@ func newHelper(m map[string]string, _ json.RawMessage) (*gandiv5Provider, error)
 // GetZoneRecords gathers the DNS records and converts them to
 // dnscontrol's format.
 func (client *gandiv5Provider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
-	g := gandi.NewLiveDNSClient(config.Config{
-		APIKey:    client.apikey,
-		SharingID: client.sharingid,
-		Debug:     client.debug,
-	})
+	g := newLiveDNSClient(client)
 
 	// Get all the existing records:
 	records, err := g.GetDomainRecords(domain)
@@ -200,11 +210,7 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 
 	PrepDesiredRecords(dc)
 
-	g := gandi.NewLiveDNSClient(config.Config{
-		APIKey:    client.apikey,
-		SharingID: client.sharingid,
-		Debug:     client.debug,
-	})
+	g := newLiveDNSClient(client)
 
 	// Gandi is a "ByLabel" API with the odd exception that changes must be
 	// done one label:rtype at a time.
@@ -301,11 +307,7 @@ func debugRecords(note string, recs []*models.RecordConfig) {
 
 // GetNameservers returns a list of nameservers for domain.
 func (client *gandiv5Provider) GetNameservers(domain string) ([]*models.Nameserver, error) {
-	g := gandi.NewLiveDNSClient(config.Config{
-		APIKey:    client.apikey,
-		SharingID: client.sharingid,
-		Debug:     client.debug,
-	})
+	g := newLiveDNSClient(client)
 	nameservers, err := g.GetDomainNS(domain)
 	if err != nil {
 		return nil, err
@@ -316,9 +318,11 @@ func (client *gandiv5Provider) GetNameservers(domain string) ([]*models.Nameserv
 // GetRegistrarCorrections returns a list of corrections for this registrar.
 func (client *gandiv5Provider) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
 	gd := gandi.NewDomainClient(config.Config{
-		APIKey:    client.apikey,
-		SharingID: client.sharingid,
-		Debug:     client.debug,
+		APIKey:              client.apikey,
+		PersonalAccessToken: client.token,
+		SharingID:           client.sharingid,
+		Debug:               client.debug,
+		APIURL:              client.apiurl,
 	})
 
 	existingNs, err := gd.GetNameServers(dc.Name)

From 1738c6ea542a0d5686af630186312e324f0a548c Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Fri, 9 Aug 2024 15:35:38 +0200
Subject: [PATCH 326/438] NS1: update ns1-go to 2.12.0 (#3074)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 461d841d5c..04cf888d98 100644
--- a/go.mod
+++ b/go.mod
@@ -57,7 +57,7 @@ require (
 	golang.org/x/net v0.27.0
 	golang.org/x/oauth2 v0.22.0
 	google.golang.org/api v0.190.0
-	gopkg.in/ns1/ns1-go.v2 v2.11.0
+	gopkg.in/ns1/ns1-go.v2 v2.12.0
 )
 
 require (
diff --git a/go.sum b/go.sum
index c065151d55..39a5811cbc 100644
--- a/go.sum
+++ b/go.sum
@@ -607,8 +607,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.11.0 h1:T+rMHhQsQ58bSgGZwX8INxU0sjDO7cWieX9xPr/UEY4=
-gopkg.in/ns1/ns1-go.v2 v2.11.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.12.0 h1:cqdqQoTx17JmTusfxh5m3e2b36jfUzFAZedv89pFX18=
+gopkg.in/ns1/ns1-go.v2 v2.12.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From 5a20c6609ef23b4926adc35cfbad46a6603809cc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Aug 2024 09:10:50 -0400
Subject: [PATCH 327/438] Build(deps): Bump actions/upload-artifact from 4.3.5
 to 4.3.6 (#3077)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index e0f8c3e210..f0798e7e5a 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.5
+    - uses: actions/upload-artifact@v4.3.6
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -206,7 +206,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.5
+    - uses: actions/upload-artifact@v4.3.6
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From 2b1aa5fb6d5c3560a2994646ae2c67c342d1b37a Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Tue, 13 Aug 2024 15:43:23 +0200
Subject: [PATCH 328/438] DOCS: add docs for NS1_URLFWD (#3075)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .../domain-modifiers/NS1_URLFWD.md            | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/documentation/language-reference/domain-modifiers/NS1_URLFWD.md b/documentation/language-reference/domain-modifiers/NS1_URLFWD.md
index f097e59f5a..626a009383 100644
--- a/documentation/language-reference/domain-modifiers/NS1_URLFWD.md
+++ b/documentation/language-reference/domain-modifiers/NS1_URLFWD.md
@@ -11,6 +11,28 @@ parameter_types:
   "modifiers...": RecordModifier[]
 ---
 
-{% hint style="info" %}
-Documentation needed.
+`NS1_URLFWD` is an NS1-specific feature that maps to NS1's URLFWD record, which creates HTTP 301 (permanent) or 302 (temporary) redirects.
+
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  NS1_URLFWD("urlfwd", "/ http://example.com 302 2 0")
+);
+```
+{% endcode %}
+
+The fields are:
+* name: the record name
+* target: a complex field containing the following, space separated:
+    * from - the path to match
+    * to - the url to redirect to
+    * redirectType - (0 - masking, 301, 302)
+    * pathForwardingMode - (0 - All, 1 - Capture, 2 - None)
+    * queryForwardingMode - (0 - disabled, 1 - enabled)
+
+{% hint style="warning" %}
+**WARNING**: According to NS1, this type of record is deprecated and in the process
+of being replaced by the premium-only `REDIRECT` record type. While still able to be
+configured through the API, as suggested by NS1, please try not to use it, going forward.
 {% endhint %}

From fe7370b9a6e4bf82eac49f6d0cd38055cf011a71 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 13 Aug 2024 10:57:31 -0400
Subject: [PATCH 329/438] CHORE: go generate (#3079)

---
 commands/types/dnscontrol.d.ts | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index dbaa705ba3..c38198d226 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2259,7 +2259,26 @@ declare const NO_PURGE: DomainModifier;
 declare function NS(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
- * Documentation needed.
+ * `NS1_URLFWD` is an NS1-specific feature that maps to NS1's URLFWD record, which creates HTTP 301 (permanent) or 302 (temporary) redirects.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *   NS1_URLFWD("urlfwd", "/ http://example.com 302 2 0")
+ * );
+ * ```
+ *
+ * The fields are:
+ * * name: the record name
+ * * target: a complex field containing the following, space separated:
+ *     * from - the path to match
+ *     * to - the url to redirect to
+ *     * redirectType - (0 - masking, 301, 302)
+ *     * pathForwardingMode - (0 - All, 1 - Capture, 2 - None)
+ *     * queryForwardingMode - (0 - disabled, 1 - enabled)
+ *
+ * WARNING: According to NS1, this type of record is deprecated and in the process
+ * of being replaced by the premium-only `REDIRECT` record type. While still able to be
+ * configured through the API, as suggested by NS1, please try not to use it, going forward.
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/ns1/ns1_urlfwd
  */

From 1a3d6a37bbe3022cf23293b233759442f82f9580 Mon Sep 17 00:00:00 2001
From: Costas Drogos <costas.drogos@gmail.com>
Date: Tue, 13 Aug 2024 19:18:42 +0200
Subject: [PATCH 330/438] NS1: add warning for deprecated record (#3078)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/ns1/ns1Provider.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index bde47e02dc..d62b244b88 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"gopkg.in/ns1/ns1-go.v2/rest"
 	"gopkg.in/ns1/ns1-go.v2/rest/model/dns"
@@ -338,6 +339,7 @@ func buildRecord(recs models.Records, domain string, id string) *dns.Record {
 				strconv.Itoa(int(r.DsDigestType)),
 				r.DsDigest}})
 		} else if r.Type == "NS1_URLFWD" {
+			printer.Warnf("NS1_URLFWD is deprecated and may stop working anytime now. Please avoid such records going forward.\n")
 			rec.Type = "URLFWD"
 			rec.AddAnswer(&dns.Answer{Rdata: strings.Fields(r.GetTargetField())})
 		} else if r.Type == "SVCB" || r.Type == "HTTPS" {

From 8899f45816984de256b7149e17ec909fb85e14f3 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 14 Aug 2024 10:22:42 -0400
Subject: [PATCH 331/438] CLOUDFLAREAPI: Upgrade to cloudflare-go v0.102.0
 (#3081)

---
 go.mod                                        |   14 +-
 go.sum                                        |   22 +-
 pkg/cloudflare-go/.changelog/1001.txt         |    3 -
 pkg/cloudflare-go/.changelog/1002.txt         |    3 -
 pkg/cloudflare-go/.changelog/1003.txt         |    3 -
 pkg/cloudflare-go/.changelog/1004.txt         |    7 -
 pkg/cloudflare-go/.changelog/1005.txt         |    3 -
 pkg/cloudflare-go/.changelog/1006.txt         |    3 -
 pkg/cloudflare-go/.changelog/1008.txt         |    3 -
 pkg/cloudflare-go/.changelog/1010.txt         |    3 -
 pkg/cloudflare-go/.changelog/1014.txt         |    3 -
 pkg/cloudflare-go/.changelog/1016.txt         |    7 -
 pkg/cloudflare-go/.changelog/1017.txt         |    3 -
 pkg/cloudflare-go/.changelog/1020.txt         |    3 -
 pkg/cloudflare-go/.changelog/1026.txt         |    3 -
 pkg/cloudflare-go/.changelog/1027.txt         |    3 -
 pkg/cloudflare-go/.changelog/1028.txt         |    3 -
 pkg/cloudflare-go/.changelog/1030.txt         |    3 -
 pkg/cloudflare-go/.changelog/1031.txt         |    3 -
 pkg/cloudflare-go/.changelog/1032.txt         |    3 -
 pkg/cloudflare-go/.changelog/1034.txt         |    9 -
 pkg/cloudflare-go/.changelog/1035.txt         |    3 -
 pkg/cloudflare-go/.changelog/1036.txt         |    3 -
 pkg/cloudflare-go/.changelog/1037.txt         |    3 -
 pkg/cloudflare-go/.changelog/1038.txt         |    9 -
 pkg/cloudflare-go/.changelog/1039.txt         |    3 -
 pkg/cloudflare-go/.changelog/1040.txt         |    3 -
 pkg/cloudflare-go/.changelog/1042.txt         |    3 -
 pkg/cloudflare-go/.changelog/1043.txt         |    3 -
 pkg/cloudflare-go/.changelog/1044.txt         |    3 -
 pkg/cloudflare-go/.changelog/1046.txt         |    3 -
 pkg/cloudflare-go/.changelog/1047.txt         |    3 -
 pkg/cloudflare-go/.changelog/1048.txt         |    3 -
 pkg/cloudflare-go/.changelog/1049.txt         |    3 -
 pkg/cloudflare-go/.changelog/1051.txt         |    3 -
 pkg/cloudflare-go/.changelog/1052.txt         |    3 -
 pkg/cloudflare-go/.changelog/1053.txt         |    3 -
 pkg/cloudflare-go/.changelog/1059.txt         |    3 -
 pkg/cloudflare-go/.changelog/1060.txt         |    3 -
 pkg/cloudflare-go/.changelog/1063.txt         |    3 -
 pkg/cloudflare-go/.changelog/1065.txt         |    9 -
 pkg/cloudflare-go/.changelog/1066.txt         |    3 -
 pkg/cloudflare-go/.changelog/1067.txt         |    3 -
 pkg/cloudflare-go/.changelog/1068.txt         |    3 -
 pkg/cloudflare-go/.changelog/1070.txt         |    3 -
 pkg/cloudflare-go/.changelog/1071.txt         |    3 -
 pkg/cloudflare-go/.changelog/1072.txt         |    3 -
 pkg/cloudflare-go/.changelog/1073.txt         |    3 -
 pkg/cloudflare-go/.changelog/1074.txt         |    3 -
 pkg/cloudflare-go/.changelog/1075.txt         |    3 -
 pkg/cloudflare-go/.changelog/1077.txt         |    3 -
 pkg/cloudflare-go/.changelog/1080.txt         |    3 -
 pkg/cloudflare-go/.changelog/1081.txt         |    3 -
 pkg/cloudflare-go/.changelog/1082.txt         |    3 -
 pkg/cloudflare-go/.changelog/1084.txt         |    3 -
 pkg/cloudflare-go/.changelog/1085.txt         |    3 -
 pkg/cloudflare-go/.changelog/1086.txt         |    3 -
 pkg/cloudflare-go/.changelog/1087.txt         |    3 -
 pkg/cloudflare-go/.changelog/1088.txt         |    3 -
 pkg/cloudflare-go/.changelog/1089.txt         |    3 -
 pkg/cloudflare-go/.changelog/1090.txt         |    3 -
 pkg/cloudflare-go/.changelog/1091.txt         |    3 -
 pkg/cloudflare-go/.changelog/1093.txt         |    3 -
 pkg/cloudflare-go/.changelog/1094.txt         |    3 -
 pkg/cloudflare-go/.changelog/1095.txt         |    7 -
 pkg/cloudflare-go/.changelog/1097.txt         |    3 -
 pkg/cloudflare-go/.changelog/1102.txt         |    3 -
 pkg/cloudflare-go/.changelog/1103.txt         |    3 -
 pkg/cloudflare-go/.changelog/1104.txt         |    3 -
 pkg/cloudflare-go/.changelog/1105.txt         |    3 -
 pkg/cloudflare-go/.changelog/1106.txt         |    3 -
 pkg/cloudflare-go/.changelog/1108.txt         |    3 -
 pkg/cloudflare-go/.changelog/1111.txt         |    3 -
 pkg/cloudflare-go/.changelog/1112.txt         |    3 -
 pkg/cloudflare-go/.changelog/1114.txt         |    7 -
 pkg/cloudflare-go/.changelog/1115.txt         |   47 -
 pkg/cloudflare-go/.changelog/1116.txt         |    3 -
 pkg/cloudflare-go/.changelog/1117.txt         |    3 -
 pkg/cloudflare-go/.changelog/1118.txt         |    3 -
 pkg/cloudflare-go/.changelog/1119.txt         |    3 -
 pkg/cloudflare-go/.changelog/1120.txt         |    3 -
 pkg/cloudflare-go/.changelog/1121.txt         |    3 -
 pkg/cloudflare-go/.changelog/1122.txt         |    3 -
 pkg/cloudflare-go/.changelog/1123.txt         |    3 -
 pkg/cloudflare-go/.changelog/1124.txt         |    3 -
 pkg/cloudflare-go/.changelog/1125.txt         |    3 -
 pkg/cloudflare-go/.changelog/1126.txt         |    3 -
 pkg/cloudflare-go/.changelog/1127.txt         |    3 -
 pkg/cloudflare-go/.changelog/1130.txt         |    3 -
 pkg/cloudflare-go/.changelog/1131.txt         |    3 -
 pkg/cloudflare-go/.changelog/1133.txt         |    3 -
 pkg/cloudflare-go/.changelog/1135.txt         |    3 -
 pkg/cloudflare-go/.changelog/1136.txt         |    7 -
 pkg/cloudflare-go/.changelog/1137.txt         |   39 -
 pkg/cloudflare-go/.changelog/1138.txt         |    3 -
 pkg/cloudflare-go/.changelog/1139.txt         |    3 -
 pkg/cloudflare-go/.changelog/1140.txt         |    3 -
 pkg/cloudflare-go/.changelog/1142.txt         |    3 -
 pkg/cloudflare-go/.changelog/1146.txt         |    3 -
 pkg/cloudflare-go/.changelog/1148.txt         |    3 -
 pkg/cloudflare-go/.changelog/1149.txt         |    3 -
 pkg/cloudflare-go/.changelog/1150.txt         |    3 -
 pkg/cloudflare-go/.changelog/1151.txt         |   15 -
 pkg/cloudflare-go/.changelog/1155.txt         |    3 -
 pkg/cloudflare-go/.changelog/1156.txt         |   31 -
 pkg/cloudflare-go/.changelog/1159.txt         |    3 -
 pkg/cloudflare-go/.changelog/1160.txt         |    3 -
 pkg/cloudflare-go/.changelog/1161.txt         |   23 -
 pkg/cloudflare-go/.changelog/1162.txt         |    3 -
 pkg/cloudflare-go/.changelog/1164.txt         |    3 -
 pkg/cloudflare-go/.changelog/1167.txt         |    3 -
 pkg/cloudflare-go/.changelog/1170.txt         |    7 -
 pkg/cloudflare-go/.changelog/1171.txt         |    3 -
 pkg/cloudflare-go/.changelog/1172.txt         |    3 -
 pkg/cloudflare-go/.changelog/1173.txt         |   11 -
 pkg/cloudflare-go/.changelog/1174.txt         |    3 -
 pkg/cloudflare-go/.changelog/1176.txt         |    3 -
 pkg/cloudflare-go/.changelog/1177.txt         |    3 -
 pkg/cloudflare-go/.changelog/1178.txt         |    3 -
 pkg/cloudflare-go/.changelog/1180.txt         |    3 -
 pkg/cloudflare-go/.changelog/1181.txt         |    3 -
 pkg/cloudflare-go/.changelog/1183.txt         |    3 -
 pkg/cloudflare-go/.changelog/1184.txt         |    3 -
 pkg/cloudflare-go/.changelog/1185.txt         |    3 -
 pkg/cloudflare-go/.changelog/1188.txt         |    3 -
 pkg/cloudflare-go/.changelog/1190.txt         |    7 -
 pkg/cloudflare-go/.changelog/1191.txt         |    3 -
 pkg/cloudflare-go/.changelog/1192.txt         |    3 -
 pkg/cloudflare-go/.changelog/1193.txt         |    3 -
 pkg/cloudflare-go/.changelog/1195.txt         |    3 -
 pkg/cloudflare-go/.changelog/1196.txt         |    3 -
 pkg/cloudflare-go/.changelog/1197.txt         |    3 -
 pkg/cloudflare-go/.changelog/1199.txt         |    3 -
 pkg/cloudflare-go/.changelog/1200.txt         |    3 -
 pkg/cloudflare-go/.changelog/1202.txt         |    3 -
 pkg/cloudflare-go/.changelog/1205.txt         |    3 -
 pkg/cloudflare-go/.changelog/1206.txt         |    3 -
 pkg/cloudflare-go/.changelog/1207.txt         |    3 -
 pkg/cloudflare-go/.changelog/1208.txt         |    3 -
 pkg/cloudflare-go/.changelog/1209.txt         |    3 -
 pkg/cloudflare-go/.changelog/1210.txt         |    3 -
 pkg/cloudflare-go/.changelog/1212.txt         |    3 -
 pkg/cloudflare-go/.changelog/1213.txt         |    3 -
 pkg/cloudflare-go/.changelog/1214.txt         |    3 -
 pkg/cloudflare-go/.changelog/1215.txt         |    3 -
 pkg/cloudflare-go/.changelog/1216.txt         |    3 -
 pkg/cloudflare-go/.changelog/1217.txt         |    3 -
 pkg/cloudflare-go/.changelog/1218.txt         |    3 -
 pkg/cloudflare-go/.changelog/1219.txt         |    3 -
 pkg/cloudflare-go/.changelog/1220.txt         |    3 -
 pkg/cloudflare-go/.changelog/1222.txt         |    3 -
 pkg/cloudflare-go/.changelog/1223.txt         |    3 -
 pkg/cloudflare-go/.changelog/1226.txt         |    3 -
 pkg/cloudflare-go/.changelog/1227.txt         |   10 -
 pkg/cloudflare-go/.changelog/1228.txt         |    3 -
 pkg/cloudflare-go/.changelog/1229.txt         |    3 -
 pkg/cloudflare-go/.changelog/1232.txt         |    3 -
 pkg/cloudflare-go/.changelog/1236.txt         |    3 -
 pkg/cloudflare-go/.changelog/1237.txt         |    3 -
 pkg/cloudflare-go/.changelog/1238.txt         |    3 -
 pkg/cloudflare-go/.changelog/1242.txt         |    7 -
 pkg/cloudflare-go/.changelog/1243.txt         |    3 -
 pkg/cloudflare-go/.changelog/1244.txt         |    3 -
 pkg/cloudflare-go/.changelog/1246.txt         |    3 -
 pkg/cloudflare-go/.changelog/1249.txt         |    3 -
 pkg/cloudflare-go/.changelog/1250.txt         |    3 -
 pkg/cloudflare-go/.changelog/1251.txt         |   11 -
 pkg/cloudflare-go/.changelog/1253.txt         |    3 -
 pkg/cloudflare-go/.changelog/1258.txt         |    3 -
 pkg/cloudflare-go/.changelog/1260.txt         |    3 -
 pkg/cloudflare-go/.changelog/1261.txt         |    7 -
 pkg/cloudflare-go/.changelog/1263.txt         |    3 -
 pkg/cloudflare-go/.changelog/1264.txt         |   19 -
 pkg/cloudflare-go/.changelog/1265.txt         |    7 -
 pkg/cloudflare-go/.changelog/1266.txt         |    3 -
 pkg/cloudflare-go/.changelog/1267.txt         |    3 -
 pkg/cloudflare-go/.changelog/1268.txt         |    3 -
 pkg/cloudflare-go/.changelog/1269.txt         |    3 -
 pkg/cloudflare-go/.changelog/1270.txt         |    3 -
 pkg/cloudflare-go/.changelog/1271.txt         |    3 -
 pkg/cloudflare-go/.changelog/1272.txt         |    3 -
 pkg/cloudflare-go/.changelog/1274.txt         |    3 -
 pkg/cloudflare-go/.changelog/1275.txt         |    3 -
 pkg/cloudflare-go/.changelog/1276.txt         |    3 -
 pkg/cloudflare-go/.changelog/1278.txt         |    3 -
 pkg/cloudflare-go/.changelog/1279.txt         |    7 -
 pkg/cloudflare-go/.changelog/1280.txt         |    3 -
 pkg/cloudflare-go/.changelog/1281.txt         |    3 -
 pkg/cloudflare-go/.changelog/1284.txt         |    3 -
 pkg/cloudflare-go/.changelog/1285.txt         |    3 -
 pkg/cloudflare-go/.changelog/1286.txt         |    3 -
 pkg/cloudflare-go/.changelog/1287.txt         |    3 -
 pkg/cloudflare-go/.changelog/1288.txt         |    3 -
 pkg/cloudflare-go/.changelog/1289.txt         |    3 -
 pkg/cloudflare-go/.changelog/1290.txt         |    3 -
 pkg/cloudflare-go/.changelog/1291.txt         |    3 -
 pkg/cloudflare-go/.changelog/1292.txt         |    3 -
 pkg/cloudflare-go/.changelog/1293.txt         |    3 -
 pkg/cloudflare-go/.changelog/1294.txt         |    3 -
 pkg/cloudflare-go/.changelog/1295.txt         |    3 -
 pkg/cloudflare-go/.changelog/1296.txt         |    3 -
 pkg/cloudflare-go/.changelog/1297.txt         |    3 -
 pkg/cloudflare-go/.changelog/1298.txt         |    3 -
 pkg/cloudflare-go/.changelog/1300.txt         |    3 -
 pkg/cloudflare-go/.changelog/1301.txt         |    3 -
 pkg/cloudflare-go/.changelog/1302.txt         |    3 -
 pkg/cloudflare-go/.changelog/1303.txt         |    3 -
 pkg/cloudflare-go/.changelog/1304.txt         |    3 -
 pkg/cloudflare-go/.changelog/1305.txt         |    3 -
 pkg/cloudflare-go/.changelog/1306.txt         |    3 -
 pkg/cloudflare-go/.changelog/1307.txt         |    3 -
 pkg/cloudflare-go/.changelog/1311.txt         |    3 -
 pkg/cloudflare-go/.changelog/1312.txt         |    3 -
 pkg/cloudflare-go/.changelog/1313.txt         |    7 -
 pkg/cloudflare-go/.changelog/1314.txt         |    3 -
 pkg/cloudflare-go/.changelog/1315.txt         |    7 -
 pkg/cloudflare-go/.changelog/1316.txt         |    3 -
 pkg/cloudflare-go/.changelog/1317.txt         |    3 -
 pkg/cloudflare-go/.changelog/1319.txt         |   59 -
 pkg/cloudflare-go/.changelog/1320.txt         |    3 -
 pkg/cloudflare-go/.changelog/1322.txt         |   31 -
 pkg/cloudflare-go/.changelog/1325.txt         |    3 -
 pkg/cloudflare-go/.changelog/1326.txt         |   83 -
 pkg/cloudflare-go/.changelog/1328.txt         |    3 -
 pkg/cloudflare-go/.changelog/1330.txt         |   15 -
 pkg/cloudflare-go/.changelog/1333.txt         |   47 -
 pkg/cloudflare-go/.changelog/1335.txt         |    3 -
 pkg/cloudflare-go/.changelog/1336.txt         |    3 -
 pkg/cloudflare-go/.changelog/1338.txt         |    3 -
 pkg/cloudflare-go/.changelog/1339.txt         |    7 -
 pkg/cloudflare-go/.changelog/1340.txt         |    3 -
 pkg/cloudflare-go/.changelog/1341.txt         |    3 -
 pkg/cloudflare-go/.changelog/1343.txt         |   11 -
 pkg/cloudflare-go/.changelog/1344.txt         |   11 -
 pkg/cloudflare-go/.changelog/1345.txt         |    3 -
 pkg/cloudflare-go/.changelog/1346.txt         |   11 -
 pkg/cloudflare-go/.changelog/1347.txt         |    3 -
 pkg/cloudflare-go/.changelog/1348.txt         |    3 -
 pkg/cloudflare-go/.changelog/1353.txt         |    3 -
 pkg/cloudflare-go/.changelog/1355.txt         |    3 -
 pkg/cloudflare-go/.changelog/1356.txt         |    3 -
 pkg/cloudflare-go/.changelog/1357.txt         |    3 -
 pkg/cloudflare-go/.changelog/1359.txt         |    3 -
 pkg/cloudflare-go/.changelog/1360.txt         |    7 -
 pkg/cloudflare-go/.changelog/1361.txt         |    7 -
 pkg/cloudflare-go/.changelog/1362.txt         |    3 -
 pkg/cloudflare-go/.changelog/1363.txt         |    3 -
 pkg/cloudflare-go/.changelog/1365.txt         |    3 -
 pkg/cloudflare-go/.changelog/1366.txt         |    3 -
 pkg/cloudflare-go/.changelog/1367.txt         |   23 -
 pkg/cloudflare-go/.changelog/1368.txt         |    3 -
 pkg/cloudflare-go/.changelog/1369.txt         |    3 -
 pkg/cloudflare-go/.changelog/1372.txt         |   23 -
 pkg/cloudflare-go/.changelog/1373.txt         |    3 -
 pkg/cloudflare-go/.changelog/1374.txt         |    3 -
 pkg/cloudflare-go/.changelog/1375.txt         |    3 -
 pkg/cloudflare-go/.changelog/1376.txt         |    3 -
 pkg/cloudflare-go/.changelog/1377.txt         |    3 -
 pkg/cloudflare-go/.changelog/1379.txt         |    7 -
 pkg/cloudflare-go/.changelog/1380.txt         |    3 -
 pkg/cloudflare-go/.changelog/1382.txt         |    3 -
 pkg/cloudflare-go/.changelog/1384.txt         |    3 -
 pkg/cloudflare-go/.changelog/1385.txt         |    3 -
 pkg/cloudflare-go/.changelog/1386.txt         |    3 -
 pkg/cloudflare-go/.changelog/1387.txt         |    3 -
 pkg/cloudflare-go/.changelog/1388.txt         |    3 -
 pkg/cloudflare-go/.changelog/1389.txt         |    3 -
 pkg/cloudflare-go/.changelog/1390.txt         |    3 -
 pkg/cloudflare-go/.changelog/1391.txt         |    3 -
 pkg/cloudflare-go/.changelog/1393.txt         |    3 -
 pkg/cloudflare-go/.changelog/1394.txt         |    3 -
 pkg/cloudflare-go/.changelog/1396.txt         |    3 -
 pkg/cloudflare-go/.changelog/1397.txt         |    3 -
 pkg/cloudflare-go/.changelog/1401.txt         |    3 -
 pkg/cloudflare-go/.changelog/1402.txt         |    3 -
 pkg/cloudflare-go/.changelog/1403.txt         |    7 -
 pkg/cloudflare-go/.changelog/1405.txt         |   11 -
 pkg/cloudflare-go/.changelog/1406.txt         |    3 -
 pkg/cloudflare-go/.changelog/1407.txt         |    3 -
 pkg/cloudflare-go/.changelog/1409.txt         |    3 -
 pkg/cloudflare-go/.changelog/1410.txt         |    3 -
 pkg/cloudflare-go/.changelog/1412.txt         |    3 -
 pkg/cloudflare-go/.changelog/1413.txt         |    3 -
 pkg/cloudflare-go/.changelog/1414.txt         |    3 -
 pkg/cloudflare-go/.changelog/1415.txt         |    7 -
 pkg/cloudflare-go/.changelog/1416.txt         |    3 -
 pkg/cloudflare-go/.changelog/1417.txt         |    3 -
 pkg/cloudflare-go/.changelog/1418.txt         |    3 -
 pkg/cloudflare-go/.changelog/1419.txt         |    3 -
 pkg/cloudflare-go/.changelog/1420.txt         |    3 -
 pkg/cloudflare-go/.changelog/1421.txt         |    3 -
 pkg/cloudflare-go/.changelog/1422.txt         |    3 -
 pkg/cloudflare-go/.changelog/1423.txt         |    3 -
 pkg/cloudflare-go/.changelog/1424.txt         |    7 -
 pkg/cloudflare-go/.changelog/1427.txt         |   23 -
 pkg/cloudflare-go/.changelog/1428.txt         |    3 -
 pkg/cloudflare-go/.changelog/1433.txt         |   43 -
 pkg/cloudflare-go/.changelog/1434.txt         |    3 -
 pkg/cloudflare-go/.changelog/1436.txt         |    3 -
 pkg/cloudflare-go/.changelog/1438.txt         |    3 -
 pkg/cloudflare-go/.changelog/1439.txt         |    3 -
 pkg/cloudflare-go/.changelog/1440.txt         |    3 -
 pkg/cloudflare-go/.changelog/1441.txt         |    3 -
 pkg/cloudflare-go/.changelog/1442.txt         |    3 -
 pkg/cloudflare-go/.changelog/1444.txt         |    3 -
 pkg/cloudflare-go/.changelog/1445.txt         |    3 -
 pkg/cloudflare-go/.changelog/1446.txt         |    3 -
 pkg/cloudflare-go/.changelog/1449.txt         |    3 -
 pkg/cloudflare-go/.changelog/1450.txt         |    3 -
 pkg/cloudflare-go/.changelog/1452.txt         |    3 -
 pkg/cloudflare-go/.changelog/1453.txt         |    3 -
 pkg/cloudflare-go/.changelog/1454.txt         |    3 -
 pkg/cloudflare-go/.changelog/1456.txt         |    3 -
 pkg/cloudflare-go/.changelog/1457.txt         |   15 -
 pkg/cloudflare-go/.changelog/1459.txt         |    3 -
 pkg/cloudflare-go/.changelog/1460.txt         |    3 -
 pkg/cloudflare-go/.changelog/1462.txt         |    3 -
 pkg/cloudflare-go/.changelog/1463.txt         |    3 -
 pkg/cloudflare-go/.changelog/1464.txt         |    3 -
 pkg/cloudflare-go/.changelog/1466.txt         |    3 -
 pkg/cloudflare-go/.changelog/1468.txt         |    3 -
 pkg/cloudflare-go/.changelog/1470.txt         |    3 -
 pkg/cloudflare-go/.changelog/1471.txt         |    3 -
 pkg/cloudflare-go/.changelog/1472.txt         |    3 -
 pkg/cloudflare-go/.changelog/1473.txt         |    3 -
 pkg/cloudflare-go/.changelog/1474.txt         |    3 -
 pkg/cloudflare-go/.changelog/1475.txt         |    3 -
 pkg/cloudflare-go/.changelog/1476.txt         |    3 -
 pkg/cloudflare-go/.changelog/1477.txt         |    3 -
 pkg/cloudflare-go/.changelog/1480.txt         |    7 -
 pkg/cloudflare-go/.changelog/1482.txt         |    3 -
 pkg/cloudflare-go/.changelog/1483.txt         |    3 -
 pkg/cloudflare-go/.changelog/1484.txt         |    3 -
 pkg/cloudflare-go/.changelog/1485.txt         |    3 -
 pkg/cloudflare-go/.changelog/1486.txt         |    3 -
 pkg/cloudflare-go/.changelog/1489.txt         |    3 -
 pkg/cloudflare-go/.changelog/1490.txt         |    3 -
 pkg/cloudflare-go/.changelog/1492.txt         |    3 -
 pkg/cloudflare-go/.changelog/1494.txt         |    3 -
 pkg/cloudflare-go/.changelog/1496.txt         |    7 -
 pkg/cloudflare-go/.changelog/1497.txt         |    3 -
 pkg/cloudflare-go/.changelog/1499.txt         |    3 -
 pkg/cloudflare-go/.changelog/1500.txt         |    3 -
 pkg/cloudflare-go/.changelog/1501.txt         |    3 -
 pkg/cloudflare-go/.changelog/1502.txt         |    3 -
 pkg/cloudflare-go/.changelog/1503.txt         |    3 -
 pkg/cloudflare-go/.changelog/1504.txt         |    3 -
 pkg/cloudflare-go/.changelog/1505.txt         |    3 -
 pkg/cloudflare-go/.changelog/1506.txt         |    3 -
 pkg/cloudflare-go/.changelog/1508.txt         |    7 -
 pkg/cloudflare-go/.changelog/1509.txt         |    3 -
 pkg/cloudflare-go/.changelog/1510.txt         |    3 -
 pkg/cloudflare-go/.changelog/1511.txt         |    3 -
 pkg/cloudflare-go/.changelog/1513.txt         |    3 -
 pkg/cloudflare-go/.changelog/1516.txt         |    3 -
 pkg/cloudflare-go/.changelog/1558.txt         |    3 -
 pkg/cloudflare-go/.changelog/1562.txt         |    3 -
 pkg/cloudflare-go/.changelog/1573.txt         |    3 -
 pkg/cloudflare-go/.changelog/1593.txt         |    3 -
 pkg/cloudflare-go/.changelog/1600.txt         |    3 -
 pkg/cloudflare-go/.changelog/1607.txt         |    3 -
 pkg/cloudflare-go/.changelog/1615.txt         |    3 -
 pkg/cloudflare-go/.changelog/1618.txt         |    3 -
 pkg/cloudflare-go/.changelog/1688.txt         |    3 -
 pkg/cloudflare-go/.changelog/1710.txt         |    3 -
 pkg/cloudflare-go/.changelog/1737.txt         |    3 -
 pkg/cloudflare-go/.changelog/1790.txt         |    3 -
 pkg/cloudflare-go/.changelog/1811.txt         |    3 -
 pkg/cloudflare-go/.changelog/1825.txt         |    3 -
 pkg/cloudflare-go/.changelog/1826.txt         |    3 -
 pkg/cloudflare-go/.changelog/1832.txt         |    3 -
 pkg/cloudflare-go/.changelog/1839.txt         |    3 -
 pkg/cloudflare-go/.changelog/1845.txt         |    3 -
 pkg/cloudflare-go/.changelog/1861.txt         |    3 -
 pkg/cloudflare-go/.changelog/1887.txt         |    3 -
 pkg/cloudflare-go/.changelog/1921.txt         |    3 -
 pkg/cloudflare-go/.changelog/1956.txt         |    7 -
 pkg/cloudflare-go/.changelog/1959.txt         |    3 -
 pkg/cloudflare-go/.changelog/1974.txt         |    3 -
 pkg/cloudflare-go/.changelog/1975.txt         |    3 -
 pkg/cloudflare-go/.changelog/1981.txt         |    3 -
 pkg/cloudflare-go/.changelog/1991.txt         |    3 -
 pkg/cloudflare-go/.changelog/1992.txt         |    3 -
 pkg/cloudflare-go/.changelog/1993.txt         |    3 -
 pkg/cloudflare-go/.changelog/2107.txt         |    3 -
 pkg/cloudflare-go/.changelog/2126.txt         |    3 -
 pkg/cloudflare-go/.changelog/2131.txt         |    3 -
 pkg/cloudflare-go/.changelog/2165.txt         |    3 -
 pkg/cloudflare-go/.changelog/2249.txt         |    3 -
 pkg/cloudflare-go/.changelog/2364.txt         |    3 -
 pkg/cloudflare-go/.changelog/2365.txt         |    3 -
 pkg/cloudflare-go/.changelog/2455.txt         |    3 -
 pkg/cloudflare-go/.changelog/998.txt          |    7 -
 pkg/cloudflare-go/.devcontainer/Dockerfile    |    1 -
 .../.devcontainer/devcontainer.json           |   36 -
 pkg/cloudflare-go/.github/CODEOWNERS          |    5 -
 .../.github/ISSUE_TEMPLATE/bug.yml            |   66 -
 .../.github/ISSUE_TEMPLATE/config.yml         |   11 -
 .../.github/PULL_REQUEST_TEMPLATE.md          |   45 -
 pkg/cloudflare-go/.github/dependabot.yml      |   14 -
 pkg/cloudflare-go/.github/labels.yml          |  208 --
 pkg/cloudflare-go/.github/stale.yml           |   17 -
 .../.github/workflows/changelog-check.yml     |   19 -
 .../.github/workflows/codeql-analysis.yml     |   70 -
 .../workflows/dependabot-changelog.yml        |   35 -
 .../.github/workflows/generate-changelog.yml  |   31 -
 pkg/cloudflare-go/.github/workflows/lint.yml  |   50 -
 .../workflows/lock-released-issues.yml        |   29 -
 .../.github/workflows/milestone-closed.yml    |   40 -
 .../.github/workflows/milestones.yml          |   25 -
 .../.github/workflows/release.yml             |   26 -
 .../.github/workflows/sync-labels.yml         |   18 -
 pkg/cloudflare-go/.github/workflows/test.yml  |   22 -
 pkg/cloudflare-go/.gitignore                  |    6 -
 pkg/cloudflare-go/.golintci.yaml              |   33 -
 pkg/cloudflare-go/.semgrep.yml                |   88 -
 pkg/cloudflare-go/.semgrepignore              |   22 -
 pkg/cloudflare-go/CHANGELOG.md                | 1140 ---------
 pkg/cloudflare-go/CODE_OF_CONDUCT.md          |   77 -
 pkg/cloudflare-go/LICENSE                     |   26 -
 pkg/cloudflare-go/README.md                   |   85 -
 pkg/cloudflare-go/access_application.go       |  510 ----
 pkg/cloudflare-go/access_application_test.go  | 1545 ------------
 pkg/cloudflare-go/access_audit_log.go         |   86 -
 .../access_audit_log_example_test.go          |   26 -
 pkg/cloudflare-go/access_audit_log_test.go    |   93 -
 pkg/cloudflare-go/access_bookmark.go          |  206 --
 pkg/cloudflare-go/access_bookmark_test.go     |  283 ---
 pkg/cloudflare-go/access_ca_certificate.go    |  153 --
 .../access_ca_certificate_test.go             |  170 --
 pkg/cloudflare-go/access_custom_page.go       |  127 -
 pkg/cloudflare-go/access_custom_page_test.go  |  196 --
 pkg/cloudflare-go/access_group.go             |  405 ----
 pkg/cloudflare-go/access_group_test.go        |  471 ----
 pkg/cloudflare-go/access_identity_provider.go |  306 ---
 .../access_identity_provider_test.go          |  416 ----
 pkg/cloudflare-go/access_keys.go              |   64 -
 pkg/cloudflare-go/access_keys_test.go         |  124 -
 .../access_mutual_tls_certificates.go         |  279 ---
 .../access_mutual_tls_certificates_test.go    |  405 ----
 pkg/cloudflare-go/access_organization.go      |  143 --
 pkg/cloudflare-go/access_organization_test.go |  281 ---
 pkg/cloudflare-go/access_policy.go            |  356 ---
 pkg/cloudflare-go/access_policy_test.go       |  693 ------
 pkg/cloudflare-go/access_seats.go             |  111 -
 pkg/cloudflare-go/access_seats_test.go        |  182 --
 pkg/cloudflare-go/access_service_tokens.go    |  257 --
 .../access_service_tokens_test.go             |  313 ---
 pkg/cloudflare-go/access_tag.go               |   85 -
 pkg/cloudflare-go/access_tag_test.go          |  136 --
 pkg/cloudflare-go/access_user_tokens.go       |   24 -
 pkg/cloudflare-go/access_user_tokens_test.go  |   52 -
 pkg/cloudflare-go/access_users.go             |  362 ---
 pkg/cloudflare-go/access_users_test.go        |  616 -----
 pkg/cloudflare-go/account_members.go          |  245 --
 pkg/cloudflare-go/account_members_test.go     |  633 -----
 pkg/cloudflare-go/account_roles.go            |  111 -
 pkg/cloudflare-go/account_roles_test.go       |  121 -
 pkg/cloudflare-go/accounts.go                 |  151 --
 pkg/cloudflare-go/accounts_test.go            |  227 --
 pkg/cloudflare-go/addressing_address_map.go   |  285 ---
 .../addressing_address_map_test.go            |  384 ---
 pkg/cloudflare-go/addressing_ip_prefix.go     |  149 --
 .../addressing_ip_prefix_test.go              |  237 --
 pkg/cloudflare-go/api_shield.go               |   71 -
 pkg/cloudflare-go/api_shield_api_discovery.go |  190 --
 .../api_shield_api_discovery_test.go          |  383 ---
 pkg/cloudflare-go/api_shield_operations.go    |  185 --
 .../api_shield_operations_test.go             |  491 ----
 pkg/cloudflare-go/api_shield_schemas.go       |  505 ----
 pkg/cloudflare-go/api_shield_schemas_test.go  |  669 -----
 pkg/cloudflare-go/api_shield_test.go          |   84 -
 pkg/cloudflare-go/api_token.go                |  238 --
 pkg/cloudflare-go/api_token_test.go           |  522 ----
 pkg/cloudflare-go/argo.go                     |  121 -
 pkg/cloudflare-go/argo_example_test.go        |   65 -
 pkg/cloudflare-go/argo_test.go                |  179 --
 pkg/cloudflare-go/argo_tunnel.go              |  162 --
 pkg/cloudflare-go/argo_tunnel_test.go         |  221 --
 pkg/cloudflare-go/auditlogs.go                |  158 --
 pkg/cloudflare-go/auditlogs_test.go           |   60 -
 .../authenticated_origin_pulls.go             |   67 -
 ...authenticated_origin_pulls_per_hostname.go |  175 --
 ...nticated_origin_pulls_per_hostname_test.go |  360 ---
 .../authenticated_origin_pulls_per_zone.go    |  151 --
 ...uthenticated_origin_pulls_per_zone_test.go |  230 --
 .../authenticated_origin_pulls_test.go        |  111 -
 pkg/cloudflare-go/bot_management.go           |   91 -
 pkg/cloudflare-go/bot_management_test.go      |   87 -
 pkg/cloudflare-go/cache_reserve.go            |   83 -
 pkg/cloudflare-go/cache_reserve_test.go       |   82 -
 pkg/cloudflare-go/catalog.json                |   67 -
 pkg/cloudflare-go/certificate_packs.go        |  163 --
 pkg/cloudflare-go/certificate_packs_test.go   |  285 ---
 pkg/cloudflare-go/cloudflare.go               |  593 -----
 pkg/cloudflare-go/cloudflare_experimental.go  |  343 ---
 pkg/cloudflare-go/cloudflare_test.go          |  549 -----
 .../cmd/flarectl/.goreleaser.yml              |   23 -
 pkg/cloudflare-go/cmd/flarectl/README.md      |  108 -
 pkg/cloudflare-go/cmd/flarectl/dns.go         |  201 --
 pkg/cloudflare-go/cmd/flarectl/firewall.go    |  380 ---
 pkg/cloudflare-go/cmd/flarectl/flarectl.go    |  720 ------
 pkg/cloudflare-go/cmd/flarectl/misc.go        |  213 --
 pkg/cloudflare-go/cmd/flarectl/user_agent.go  |  147 --
 pkg/cloudflare-go/cmd/flarectl/zone.go        |  367 ---
 pkg/cloudflare-go/consts.go                   |   27 -
 pkg/cloudflare-go/convert_types.go            |  932 -------
 pkg/cloudflare-go/custom_hostname.go          |  330 ---
 pkg/cloudflare-go/custom_hostname_test.go     | 1114 ---------
 pkg/cloudflare-go/custom_nameservers.go       |  207 --
 pkg/cloudflare-go/custom_nameservers_test.go  |  223 --
 pkg/cloudflare-go/custom_pages.go             |  177 --
 pkg/cloudflare-go/custom_pages_test.go        |  351 ---
 pkg/cloudflare-go/d1.go                       |  199 --
 pkg/cloudflare-go/d1_test.go                  |  238 --
 pkg/cloudflare-go/dcv_delegation.go           |   41 -
 pkg/cloudflare-go/dcv_delegation_test.go      |   43 -
 pkg/cloudflare-go/device_posture_rule.go      |  331 ---
 pkg/cloudflare-go/device_posture_rule_test.go |  788 ------
 pkg/cloudflare-go/devices_dex.go              |  174 --
 pkg/cloudflare-go/devices_dex_test.go         |  283 ---
 pkg/cloudflare-go/devices_managed_networks.go |  165 --
 .../devices_managed_networks_test.go          |  245 --
 pkg/cloudflare-go/devices_policy.go           |  377 ---
 pkg/cloudflare-go/devices_policy_test.go      |  423 ----
 pkg/cloudflare-go/diagnostics.go              |  102 -
 pkg/cloudflare-go/diagnostics_test.go         |  236 --
 pkg/cloudflare-go/dlp_dataset.go              |  278 ---
 pkg/cloudflare-go/dlp_dataset_test.go         |  422 ----
 pkg/cloudflare-go/dlp_payload_log.go          |   72 -
 pkg/cloudflare-go/dlp_payload_log_test.go     |   85 -
 pkg/cloudflare-go/dlp_profile.go              |  234 --
 pkg/cloudflare-go/dlp_profile_test.go         |  636 -----
 pkg/cloudflare-go/dns.go                      |  423 ----
 pkg/cloudflare-go/dns_example_test.go         |   94 -
 pkg/cloudflare-go/dns_firewall.go             |  220 --
 pkg/cloudflare-go/dns_firewall_test.go        |  145 --
 pkg/cloudflare-go/dns_test.go                 |  700 ------
 pkg/cloudflare-go/docs/changelog-process.md   |   96 -
 pkg/cloudflare-go/docs/conventions.md         |   40 -
 pkg/cloudflare-go/docs/experimental.md        |  119 -
 .../docs/public-api-documentation.md          |   28 -
 pkg/cloudflare-go/docs/release-process.md     |   40 -
 pkg/cloudflare-go/duration.go                 |   41 -
 pkg/cloudflare-go/duration_test.go            |   28 -
 .../email_routing_destination.go              |  156 --
 .../email_routing_destination_test.go         |  171 --
 pkg/cloudflare-go/email_routing_rules.go      |  274 ---
 pkg/cloudflare-go/email_routing_rules_test.go |  395 ---
 pkg/cloudflare-go/email_routing_settings.go   |  118 -
 .../email_routing_settings_test.go            |  178 --
 pkg/cloudflare-go/errors.go                   |  391 ---
 pkg/cloudflare-go/errors_external_test.go     |   28 -
 pkg/cloudflare-go/errors_test.go              |   52 -
 pkg/cloudflare-go/example_test.go             |   40 -
 pkg/cloudflare-go/fallback_domain.go          |  133 -
 pkg/cloudflare-go/fallback_domain_test.go     |  236 --
 pkg/cloudflare-go/filter.go                   |  290 ---
 pkg/cloudflare-go/filter_test.go              |  391 ---
 pkg/cloudflare-go/firewall.go                 |  281 ---
 pkg/cloudflare-go/firewall_example_test.go    |  106 -
 pkg/cloudflare-go/firewall_rules.go           |  244 --
 pkg/cloudflare-go/firewall_rules_test.go      |  630 -----
 pkg/cloudflare-go/firewall_test.go            |  406 ----
 pkg/cloudflare-go/flake.lock                  |  540 -----
 pkg/cloudflare-go/flake.nix                   |    7 -
 pkg/cloudflare-go/flox.nix                    |    3 -
 pkg/cloudflare-go/go.mod                      |   32 -
 pkg/cloudflare-go/go.sum                      |   64 -
 pkg/cloudflare-go/healthchecks.go             |  199 --
 pkg/cloudflare-go/healthchecks_test.go        |  309 ---
 pkg/cloudflare-go/hyperdrive.go               |  214 --
 pkg/cloudflare-go/hyperdrive_test.go          |  280 ---
 pkg/cloudflare-go/images.go                   |  401 ---
 pkg/cloudflare-go/images_test.go              |  539 -----
 pkg/cloudflare-go/images_variants.go          |  163 --
 pkg/cloudflare-go/images_variants_test.go     |  195 --
 pkg/cloudflare-go/intelligence_asn.go         |  101 -
 pkg/cloudflare-go/intelligence_asn_test.go    |  111 -
 pkg/cloudflare-go/intelligence_domain.go      |  177 --
 pkg/cloudflare-go/intelligence_domain_test.go |  227 --
 pkg/cloudflare-go/intelligence_ip.go          |  156 --
 pkg/cloudflare-go/intelligence_ip_test.go     |  163 --
 pkg/cloudflare-go/intelligence_phishing.go    |   52 -
 .../intelligence_phishing_test.go             |   51 -
 pkg/cloudflare-go/intelligence_whois.go       |   60 -
 pkg/cloudflare-go/intelligence_whois_test.go  |   77 -
 .../tools/cmd/changelog-check/main.go         |  134 -
 pkg/cloudflare-go/internal/tools/go.mod       |  249 --
 pkg/cloudflare-go/internal/tools/go.sum       | 1444 -----------
 pkg/cloudflare-go/internal/tools/tools.go     |   45 -
 pkg/cloudflare-go/ip_access_rules.go          |   89 -
 pkg/cloudflare-go/ip_access_rules_test.go     |  311 ---
 pkg/cloudflare-go/ip_list.go                  |  507 ----
 pkg/cloudflare-go/ip_list_test.go             |  474 ----
 pkg/cloudflare-go/ips.go                      |   72 -
 pkg/cloudflare-go/ips_test.go                 |   72 -
 pkg/cloudflare-go/keyless.go                  |  146 --
 pkg/cloudflare-go/keyless_test.go             |  262 --
 pkg/cloudflare-go/list.go                     |  629 -----
 pkg/cloudflare-go/list_test.go                | 1045 --------
 pkg/cloudflare-go/load_balancing.go           |  821 -------
 .../load_balancing_example_test.go            |   42 -
 pkg/cloudflare-go/load_balancing_test.go      | 2147 -----------------
 pkg/cloudflare-go/lockdown.go                 |  192 --
 pkg/cloudflare-go/lockdown_example_test.go    |   64 -
 pkg/cloudflare-go/lockdown_test.go            |  303 ---
 pkg/cloudflare-go/logger.go                   |  130 -
 pkg/cloudflare-go/logpull.go                  |   58 -
 pkg/cloudflare-go/logpull_test.go             |   62 -
 pkg/cloudflare-go/logpush.go                  |  572 -----
 pkg/cloudflare-go/logpush_example_test.go     |  201 --
 pkg/cloudflare-go/logpush_test.go             |  686 ------
 pkg/cloudflare-go/magic_firewall_rulesets.go  |  206 --
 .../magic_firewall_rulesets_test.go           |  318 ---
 pkg/cloudflare-go/magic_transit_gre_tunnel.go |  181 --
 .../magic_transit_gre_tunnel_test.go          |  331 ---
 .../magic_transit_ipsec_tunnel.go             |  216 --
 .../magic_transit_ipsec_tunnel_test.go        |  418 ----
 .../magic_transit_static_routes.go            |  180 --
 .../magic_transit_static_routes_test.go       |  341 ---
 .../magic_transit_tunnel_healthcheck.go       |   10 -
 pkg/cloudflare-go/managed_headers.go          |   78 -
 pkg/cloudflare-go/managed_headers_test.go     |  234 --
 pkg/cloudflare-go/miscategorization.go        |   50 -
 pkg/cloudflare-go/miscategorization_test.go   |   62 -
 pkg/cloudflare-go/mtls_certificates.go        |  215 --
 pkg/cloudflare-go/mtls_certificates_test.go   |  245 --
 pkg/cloudflare-go/notifications.go            |  447 ----
 pkg/cloudflare-go/notifications_test.go       |  574 -----
 pkg/cloudflare-go/observatory.go              |  401 ---
 pkg/cloudflare-go/observatory_test.go         |  464 ----
 pkg/cloudflare-go/options.go                  |  106 -
 pkg/cloudflare-go/origin_ca.go                |  233 --
 pkg/cloudflare-go/origin_ca_test.go           |  259 --
 pkg/cloudflare-go/page_rules.go               |  240 --
 pkg/cloudflare-go/page_rules_example_test.go  |  110 -
 pkg/cloudflare-go/page_rules_test.go          |  198 --
 pkg/cloudflare-go/page_shield.go              |   76 -
 pkg/cloudflare-go/page_shield_connections.go  |   88 -
 .../page_shield_connections_test.go           |   90 -
 pkg/cloudflare-go/page_shield_policies.go     |  140 --
 .../page_shield_policies_test.go              |  151 --
 pkg/cloudflare-go/page_shield_scripts.go      |  107 -
 pkg/cloudflare-go/page_shield_scripts_test.go |   78 -
 pkg/cloudflare-go/page_shield_test.go         |   77 -
 pkg/cloudflare-go/pages_deployment.go         |  343 ---
 pkg/cloudflare-go/pages_deployment_test.go    |  500 ----
 pkg/cloudflare-go/pages_domain.go             |  194 --
 pkg/cloudflare-go/pages_domain_test.go        |  277 ---
 pkg/cloudflare-go/pages_project.go            |  333 ---
 pkg/cloudflare-go/pages_project_test.go       |  671 ------
 pkg/cloudflare-go/pagination.go               |   59 -
 pkg/cloudflare-go/pagination_test.go          |  130 -
 .../per_hostname_tls_settings.go              |  251 --
 .../per_hostname_tls_settings_test.go         |  273 ---
 pkg/cloudflare-go/permission_group.go         |   99 -
 pkg/cloudflare-go/permission_group_test.go    |  152 --
 pkg/cloudflare-go/policy.go                   |    8 -
 pkg/cloudflare-go/queue.go                    |  378 ---
 pkg/cloudflare-go/queue_test.go               |  485 ----
 pkg/cloudflare-go/r2_bucket.go                |  147 --
 pkg/cloudflare-go/r2_bucket_test.go           |  160 --
 pkg/cloudflare-go/rate_limiting.go            |  199 --
 .../rate_limiting_example_test.go             |  108 -
 pkg/cloudflare-go/rate_limiting_test.go       |  361 ---
 pkg/cloudflare-go/regional_hostnames.go       |  191 --
 pkg/cloudflare-go/regional_hostnames_test.go  |  219 --
 pkg/cloudflare-go/regional_tiered_cache.go    |   85 -
 .../regional_tiered_cache_test.go             |   90 -
 pkg/cloudflare-go/registrar.go                |  176 --
 pkg/cloudflare-go/registrar_example_test.go   |   85 -
 pkg/cloudflare-go/registrar_test.go           |  375 ---
 pkg/cloudflare-go/resource.go                 |  114 -
 pkg/cloudflare-go/resource_group.go           |   53 -
 pkg/cloudflare-go/resource_group_test.go      |   47 -
 pkg/cloudflare-go/resource_test.go            |   66 -
 pkg/cloudflare-go/rulesets.go                 |  889 -------
 pkg/cloudflare-go/rulesets_test.go            |  870 -------
 pkg/cloudflare-go/scripts/changelog.tmpl      |   39 -
 .../scripts/generate-changelog-entry.sh       |   36 -
 .../scripts/generate-changelog.sh             |   53 -
 pkg/cloudflare-go/scripts/release-note.tmpl   |    3 -
 pkg/cloudflare-go/secondary_dns_primaries.go  |  165 --
 .../secondary_dns_primaries_test.go           |  204 --
 pkg/cloudflare-go/secondary_dns_tsig.go       |  132 -
 pkg/cloudflare-go/secondary_dns_tsig_test.go  |  186 --
 pkg/cloudflare-go/secondary_dns_zone.go       |  172 --
 pkg/cloudflare-go/secondary_zone_dns_test.go  |  249 --
 pkg/cloudflare-go/spectrum.go                 |  368 ---
 pkg/cloudflare-go/spectrum_test.go            |  549 -----
 pkg/cloudflare-go/split_tunnel.go             |  107 -
 pkg/cloudflare-go/split_tunnel_test.go        |  300 ---
 pkg/cloudflare-go/ssl.go                      |  173 --
 pkg/cloudflare-go/ssl_test.go                 |  390 ---
 pkg/cloudflare-go/stack_rulesest.go           |   29 -
 pkg/cloudflare-go/stream.go                   |  574 -----
 pkg/cloudflare-go/stream_test.go              |  659 -----
 pkg/cloudflare-go/sts.go                      |  101 -
 pkg/cloudflare-go/teams_accounts.go           |  338 ---
 pkg/cloudflare-go/teams_accounts_test.go      |  399 ---
 pkg/cloudflare-go/teams_audit_ssh_settings.go |   86 -
 .../teams_audit_ssh_settings_test.go          |   91 -
 pkg/cloudflare-go/teams_devices.go            |  107 -
 pkg/cloudflare-go/teams_devices_test.go       |  190 --
 pkg/cloudflare-go/teams_list.go               |  330 ---
 pkg/cloudflare-go/teams_list_test.go          |  356 ---
 pkg/cloudflare-go/teams_locations.go          |  155 --
 pkg/cloudflare-go/teams_locations_test.go     |  278 ---
 pkg/cloudflare-go/teams_proxy_endpoints.go    |  137 --
 .../teams_proxy_endpoints_test.go             |  203 --
 pkg/cloudflare-go/teams_rules.go              |  356 ---
 pkg/cloudflare-go/teams_rules_test.go         |  770 ------
 .../testdata/fixtures/dns/list_page_1.json    |   80 -
 .../testdata/fixtures/dns/list_page_2.json    |   58 -
 .../fixtures/images_variants/single_full.json |   17 -
 .../fixtures/images_variants/single_list.json |   19 -
 .../fixtures/tunnel/configuration.json        |   18 -
 .../testdata/fixtures/tunnel/empty.json       |    5 -
 .../fixtures/tunnel/multiple_full.json        |   30 -
 .../testdata/fixtures/tunnel/single_full.json |   25 -
 .../testdata/fixtures/tunnel/token.json       |    6 -
 pkg/cloudflare-go/tiered_cache.go             |  317 ---
 pkg/cloudflare-go/tiered_cache_test.go        |  321 ---
 pkg/cloudflare-go/total_tls.go                |   64 -
 pkg/cloudflare-go/total_tls_test.go           |   74 -
 pkg/cloudflare-go/tunnel.go                   |  536 ----
 pkg/cloudflare-go/tunnel_routes.go            |  214 --
 pkg/cloudflare-go/tunnel_routes_test.go       |  222 --
 pkg/cloudflare-go/tunnel_test.go              |  410 ----
 pkg/cloudflare-go/tunnel_virtual_networks.go  |  159 --
 .../tunnel_virtual_networks_test.go           |  185 --
 pkg/cloudflare-go/turnstile.go                |  245 --
 pkg/cloudflare-go/turnstile_test.go           |  334 ---
 pkg/cloudflare-go/universal_ssl.go            |  108 -
 pkg/cloudflare-go/universal_ssl_test.go       |  164 --
 .../url_normalization_settings.go             |   60 -
 .../url_normalization_settings_test.go        |   86 -
 pkg/cloudflare-go/user.go                     |  161 --
 pkg/cloudflare-go/user_agent.go               |  151 --
 pkg/cloudflare-go/user_agent_example_test.go  |   31 -
 pkg/cloudflare-go/user_test.go                |  244 --
 pkg/cloudflare-go/utils.go                    |   28 -
 pkg/cloudflare-go/utils_test.go               |   38 -
 pkg/cloudflare-go/waf.go                      |  352 ---
 pkg/cloudflare-go/waf_overrides.go            |  138 --
 pkg/cloudflare-go/waf_overrides_test.go       |  238 --
 pkg/cloudflare-go/waf_test.go                 |  794 ------
 pkg/cloudflare-go/waiting_room.go             |  629 -----
 pkg/cloudflare-go/waiting_room_test.go        |  886 -------
 pkg/cloudflare-go/web3.go                     |  198 --
 pkg/cloudflare-go/web3_test.go                |  228 --
 pkg/cloudflare-go/web_analytics.go            |  411 ----
 pkg/cloudflare-go/web_analytics_test.go       |  385 ---
 pkg/cloudflare-go/workers.go                  |  631 -----
 pkg/cloudflare-go/workers_account_settings.go |   83 -
 .../workers_account_settings_test.go          |   67 -
 pkg/cloudflare-go/workers_bindings.go         |  617 -----
 pkg/cloudflare-go/workers_bindings_test.go    |  237 --
 pkg/cloudflare-go/workers_cron_triggers.go    |   91 -
 .../workers_cron_triggers_test.go             |   87 -
 pkg/cloudflare-go/workers_domain.go           |  151 --
 pkg/cloudflare-go/workers_domain_test.go      |  181 --
 pkg/cloudflare-go/workers_for_platforms.go    |  139 --
 .../workers_for_platforms_test.go             |  140 --
 pkg/cloudflare-go/workers_kv.go               |  378 ---
 pkg/cloudflare-go/workers_kv_example_test.go  |  210 --
 pkg/cloudflare-go/workers_kv_test.go          |  506 ----
 pkg/cloudflare-go/workers_routes.go           |  162 --
 pkg/cloudflare-go/workers_routes_test.go      |  121 -
 pkg/cloudflare-go/workers_secrets.go          |  125 -
 pkg/cloudflare-go/workers_secrets_test.go     |  111 -
 pkg/cloudflare-go/workers_subdomain.go        |   58 -
 pkg/cloudflare-go/workers_subdomain_test.go   |   72 -
 pkg/cloudflare-go/workers_tail.go             |  114 -
 pkg/cloudflare-go/workers_tail_test.go        |  118 -
 pkg/cloudflare-go/workers_test.go             | 1451 -----------
 pkg/cloudflare-go/zaraz.go                    |  430 ----
 pkg/cloudflare-go/zaraz_test.go               |  996 --------
 pkg/cloudflare-go/zone.go                     | 1077 ---------
 pkg/cloudflare-go/zone_cache_variants.go      |   89 -
 pkg/cloudflare-go/zone_cache_variants_test.go |  168 --
 pkg/cloudflare-go/zone_example_test.go        |   43 -
 pkg/cloudflare-go/zone_hold.go                |  111 -
 pkg/cloudflare-go/zone_hold_test.go           |  124 -
 pkg/cloudflare-go/zone_test.go                | 1612 -------------
 pkg/cloudflare-go/zones.go                    |  144 --
 pkg/cloudflare-go/zt_risk_behaviors.go        |  126 -
 pkg/cloudflare-go/zt_risk_behaviors_test.go   |  159 --
 providers/cloudflare/rest.go                  |    5 +-
 790 files changed, 22 insertions(+), 99317 deletions(-)
 delete mode 100644 pkg/cloudflare-go/.changelog/1001.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1002.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1003.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1004.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1005.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1006.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1008.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1010.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1014.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1016.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1017.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1020.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1026.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1027.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1028.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1030.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1031.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1032.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1034.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1035.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1036.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1037.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1038.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1039.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1040.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1042.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1043.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1044.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1046.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1047.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1048.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1049.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1051.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1052.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1053.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1059.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1060.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1063.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1065.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1066.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1067.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1068.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1070.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1071.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1072.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1073.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1074.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1075.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1077.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1080.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1081.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1082.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1084.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1085.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1086.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1087.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1088.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1089.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1090.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1091.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1093.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1094.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1095.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1097.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1102.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1103.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1104.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1105.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1106.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1108.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1111.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1112.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1114.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1115.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1116.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1117.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1118.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1119.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1120.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1121.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1122.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1123.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1124.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1125.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1126.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1127.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1130.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1131.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1133.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1135.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1136.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1137.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1138.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1139.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1140.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1142.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1146.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1148.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1149.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1150.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1151.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1155.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1156.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1159.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1160.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1161.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1162.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1164.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1167.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1170.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1171.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1172.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1173.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1174.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1176.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1177.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1178.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1180.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1181.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1183.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1184.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1185.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1188.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1190.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1191.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1192.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1193.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1195.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1196.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1197.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1199.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1200.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1202.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1205.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1206.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1207.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1208.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1209.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1210.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1212.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1213.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1214.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1215.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1216.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1217.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1218.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1219.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1220.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1222.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1223.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1226.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1227.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1228.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1229.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1232.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1236.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1237.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1238.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1242.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1243.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1244.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1246.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1249.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1250.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1251.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1253.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1258.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1260.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1261.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1263.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1264.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1265.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1266.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1267.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1268.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1269.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1270.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1271.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1272.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1274.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1275.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1276.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1278.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1279.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1280.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1281.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1284.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1285.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1286.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1287.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1288.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1289.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1290.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1291.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1292.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1293.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1294.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1295.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1296.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1297.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1298.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1300.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1301.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1302.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1303.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1304.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1305.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1306.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1307.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1311.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1312.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1313.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1314.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1315.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1316.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1317.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1319.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1320.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1322.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1325.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1326.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1328.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1330.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1333.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1335.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1336.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1338.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1339.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1340.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1341.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1343.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1344.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1345.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1346.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1347.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1348.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1353.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1355.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1356.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1357.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1359.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1360.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1361.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1362.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1363.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1365.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1366.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1367.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1368.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1369.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1372.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1373.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1374.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1375.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1376.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1377.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1379.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1380.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1382.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1384.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1385.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1386.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1387.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1388.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1389.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1390.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1391.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1393.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1394.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1396.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1397.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1401.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1402.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1403.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1405.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1406.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1407.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1409.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1410.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1412.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1413.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1414.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1415.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1416.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1417.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1418.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1419.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1420.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1421.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1422.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1423.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1424.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1427.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1428.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1433.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1434.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1436.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1438.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1439.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1440.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1441.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1442.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1444.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1445.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1446.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1449.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1450.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1452.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1453.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1454.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1456.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1457.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1459.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1460.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1462.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1463.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1464.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1466.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1468.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1470.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1471.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1472.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1473.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1474.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1475.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1476.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1477.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1480.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1482.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1483.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1484.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1485.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1486.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1489.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1490.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1492.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1494.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1496.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1497.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1499.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1500.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1501.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1502.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1503.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1504.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1505.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1506.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1508.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1509.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1510.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1511.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1513.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1516.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1558.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1562.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1573.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1593.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1600.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1607.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1615.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1618.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1688.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1710.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1737.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1790.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1811.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1825.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1826.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1832.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1839.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1845.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1861.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1887.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1921.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1956.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1959.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1974.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1975.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1981.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1991.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1992.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/1993.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2107.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2126.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2131.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2165.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2249.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2364.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2365.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/2455.txt
 delete mode 100644 pkg/cloudflare-go/.changelog/998.txt
 delete mode 100644 pkg/cloudflare-go/.devcontainer/Dockerfile
 delete mode 100644 pkg/cloudflare-go/.devcontainer/devcontainer.json
 delete mode 100644 pkg/cloudflare-go/.github/CODEOWNERS
 delete mode 100644 pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
 delete mode 100644 pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
 delete mode 100644 pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
 delete mode 100644 pkg/cloudflare-go/.github/dependabot.yml
 delete mode 100644 pkg/cloudflare-go/.github/labels.yml
 delete mode 100644 pkg/cloudflare-go/.github/stale.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/changelog-check.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/generate-changelog.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/lint.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/milestone-closed.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/milestones.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/release.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/sync-labels.yml
 delete mode 100644 pkg/cloudflare-go/.github/workflows/test.yml
 delete mode 100644 pkg/cloudflare-go/.gitignore
 delete mode 100644 pkg/cloudflare-go/.golintci.yaml
 delete mode 100644 pkg/cloudflare-go/.semgrep.yml
 delete mode 100644 pkg/cloudflare-go/.semgrepignore
 delete mode 100644 pkg/cloudflare-go/CHANGELOG.md
 delete mode 100644 pkg/cloudflare-go/CODE_OF_CONDUCT.md
 delete mode 100644 pkg/cloudflare-go/LICENSE
 delete mode 100644 pkg/cloudflare-go/README.md
 delete mode 100644 pkg/cloudflare-go/access_application.go
 delete mode 100644 pkg/cloudflare-go/access_application_test.go
 delete mode 100644 pkg/cloudflare-go/access_audit_log.go
 delete mode 100644 pkg/cloudflare-go/access_audit_log_example_test.go
 delete mode 100644 pkg/cloudflare-go/access_audit_log_test.go
 delete mode 100644 pkg/cloudflare-go/access_bookmark.go
 delete mode 100644 pkg/cloudflare-go/access_bookmark_test.go
 delete mode 100644 pkg/cloudflare-go/access_ca_certificate.go
 delete mode 100644 pkg/cloudflare-go/access_ca_certificate_test.go
 delete mode 100644 pkg/cloudflare-go/access_custom_page.go
 delete mode 100644 pkg/cloudflare-go/access_custom_page_test.go
 delete mode 100644 pkg/cloudflare-go/access_group.go
 delete mode 100644 pkg/cloudflare-go/access_group_test.go
 delete mode 100644 pkg/cloudflare-go/access_identity_provider.go
 delete mode 100644 pkg/cloudflare-go/access_identity_provider_test.go
 delete mode 100644 pkg/cloudflare-go/access_keys.go
 delete mode 100644 pkg/cloudflare-go/access_keys_test.go
 delete mode 100644 pkg/cloudflare-go/access_mutual_tls_certificates.go
 delete mode 100644 pkg/cloudflare-go/access_mutual_tls_certificates_test.go
 delete mode 100644 pkg/cloudflare-go/access_organization.go
 delete mode 100644 pkg/cloudflare-go/access_organization_test.go
 delete mode 100644 pkg/cloudflare-go/access_policy.go
 delete mode 100644 pkg/cloudflare-go/access_policy_test.go
 delete mode 100644 pkg/cloudflare-go/access_seats.go
 delete mode 100644 pkg/cloudflare-go/access_seats_test.go
 delete mode 100644 pkg/cloudflare-go/access_service_tokens.go
 delete mode 100644 pkg/cloudflare-go/access_service_tokens_test.go
 delete mode 100644 pkg/cloudflare-go/access_tag.go
 delete mode 100644 pkg/cloudflare-go/access_tag_test.go
 delete mode 100644 pkg/cloudflare-go/access_user_tokens.go
 delete mode 100644 pkg/cloudflare-go/access_user_tokens_test.go
 delete mode 100644 pkg/cloudflare-go/access_users.go
 delete mode 100644 pkg/cloudflare-go/access_users_test.go
 delete mode 100644 pkg/cloudflare-go/account_members.go
 delete mode 100644 pkg/cloudflare-go/account_members_test.go
 delete mode 100644 pkg/cloudflare-go/account_roles.go
 delete mode 100644 pkg/cloudflare-go/account_roles_test.go
 delete mode 100644 pkg/cloudflare-go/accounts.go
 delete mode 100644 pkg/cloudflare-go/accounts_test.go
 delete mode 100644 pkg/cloudflare-go/addressing_address_map.go
 delete mode 100644 pkg/cloudflare-go/addressing_address_map_test.go
 delete mode 100644 pkg/cloudflare-go/addressing_ip_prefix.go
 delete mode 100644 pkg/cloudflare-go/addressing_ip_prefix_test.go
 delete mode 100644 pkg/cloudflare-go/api_shield.go
 delete mode 100644 pkg/cloudflare-go/api_shield_api_discovery.go
 delete mode 100644 pkg/cloudflare-go/api_shield_api_discovery_test.go
 delete mode 100644 pkg/cloudflare-go/api_shield_operations.go
 delete mode 100644 pkg/cloudflare-go/api_shield_operations_test.go
 delete mode 100644 pkg/cloudflare-go/api_shield_schemas.go
 delete mode 100644 pkg/cloudflare-go/api_shield_schemas_test.go
 delete mode 100644 pkg/cloudflare-go/api_shield_test.go
 delete mode 100644 pkg/cloudflare-go/api_token.go
 delete mode 100644 pkg/cloudflare-go/api_token_test.go
 delete mode 100644 pkg/cloudflare-go/argo.go
 delete mode 100644 pkg/cloudflare-go/argo_example_test.go
 delete mode 100644 pkg/cloudflare-go/argo_test.go
 delete mode 100644 pkg/cloudflare-go/argo_tunnel.go
 delete mode 100644 pkg/cloudflare-go/argo_tunnel_test.go
 delete mode 100644 pkg/cloudflare-go/auditlogs.go
 delete mode 100644 pkg/cloudflare-go/auditlogs_test.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
 delete mode 100644 pkg/cloudflare-go/authenticated_origin_pulls_test.go
 delete mode 100644 pkg/cloudflare-go/bot_management.go
 delete mode 100644 pkg/cloudflare-go/bot_management_test.go
 delete mode 100644 pkg/cloudflare-go/cache_reserve.go
 delete mode 100644 pkg/cloudflare-go/cache_reserve_test.go
 delete mode 100644 pkg/cloudflare-go/catalog.json
 delete mode 100644 pkg/cloudflare-go/certificate_packs.go
 delete mode 100644 pkg/cloudflare-go/certificate_packs_test.go
 delete mode 100644 pkg/cloudflare-go/cloudflare.go
 delete mode 100644 pkg/cloudflare-go/cloudflare_experimental.go
 delete mode 100644 pkg/cloudflare-go/cloudflare_test.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/README.md
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/dns.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/firewall.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/flarectl.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/misc.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/user_agent.go
 delete mode 100644 pkg/cloudflare-go/cmd/flarectl/zone.go
 delete mode 100644 pkg/cloudflare-go/consts.go
 delete mode 100644 pkg/cloudflare-go/convert_types.go
 delete mode 100644 pkg/cloudflare-go/custom_hostname.go
 delete mode 100644 pkg/cloudflare-go/custom_hostname_test.go
 delete mode 100644 pkg/cloudflare-go/custom_nameservers.go
 delete mode 100644 pkg/cloudflare-go/custom_nameservers_test.go
 delete mode 100644 pkg/cloudflare-go/custom_pages.go
 delete mode 100644 pkg/cloudflare-go/custom_pages_test.go
 delete mode 100644 pkg/cloudflare-go/d1.go
 delete mode 100644 pkg/cloudflare-go/d1_test.go
 delete mode 100644 pkg/cloudflare-go/dcv_delegation.go
 delete mode 100644 pkg/cloudflare-go/dcv_delegation_test.go
 delete mode 100644 pkg/cloudflare-go/device_posture_rule.go
 delete mode 100644 pkg/cloudflare-go/device_posture_rule_test.go
 delete mode 100644 pkg/cloudflare-go/devices_dex.go
 delete mode 100644 pkg/cloudflare-go/devices_dex_test.go
 delete mode 100644 pkg/cloudflare-go/devices_managed_networks.go
 delete mode 100644 pkg/cloudflare-go/devices_managed_networks_test.go
 delete mode 100644 pkg/cloudflare-go/devices_policy.go
 delete mode 100644 pkg/cloudflare-go/devices_policy_test.go
 delete mode 100644 pkg/cloudflare-go/diagnostics.go
 delete mode 100644 pkg/cloudflare-go/diagnostics_test.go
 delete mode 100644 pkg/cloudflare-go/dlp_dataset.go
 delete mode 100644 pkg/cloudflare-go/dlp_dataset_test.go
 delete mode 100644 pkg/cloudflare-go/dlp_payload_log.go
 delete mode 100644 pkg/cloudflare-go/dlp_payload_log_test.go
 delete mode 100644 pkg/cloudflare-go/dlp_profile.go
 delete mode 100644 pkg/cloudflare-go/dlp_profile_test.go
 delete mode 100644 pkg/cloudflare-go/dns.go
 delete mode 100644 pkg/cloudflare-go/dns_example_test.go
 delete mode 100644 pkg/cloudflare-go/dns_firewall.go
 delete mode 100644 pkg/cloudflare-go/dns_firewall_test.go
 delete mode 100644 pkg/cloudflare-go/dns_test.go
 delete mode 100644 pkg/cloudflare-go/docs/changelog-process.md
 delete mode 100644 pkg/cloudflare-go/docs/conventions.md
 delete mode 100644 pkg/cloudflare-go/docs/experimental.md
 delete mode 100644 pkg/cloudflare-go/docs/public-api-documentation.md
 delete mode 100644 pkg/cloudflare-go/docs/release-process.md
 delete mode 100644 pkg/cloudflare-go/duration.go
 delete mode 100644 pkg/cloudflare-go/duration_test.go
 delete mode 100644 pkg/cloudflare-go/email_routing_destination.go
 delete mode 100644 pkg/cloudflare-go/email_routing_destination_test.go
 delete mode 100644 pkg/cloudflare-go/email_routing_rules.go
 delete mode 100644 pkg/cloudflare-go/email_routing_rules_test.go
 delete mode 100644 pkg/cloudflare-go/email_routing_settings.go
 delete mode 100644 pkg/cloudflare-go/email_routing_settings_test.go
 delete mode 100644 pkg/cloudflare-go/errors.go
 delete mode 100644 pkg/cloudflare-go/errors_external_test.go
 delete mode 100644 pkg/cloudflare-go/errors_test.go
 delete mode 100644 pkg/cloudflare-go/example_test.go
 delete mode 100644 pkg/cloudflare-go/fallback_domain.go
 delete mode 100644 pkg/cloudflare-go/fallback_domain_test.go
 delete mode 100644 pkg/cloudflare-go/filter.go
 delete mode 100644 pkg/cloudflare-go/filter_test.go
 delete mode 100644 pkg/cloudflare-go/firewall.go
 delete mode 100644 pkg/cloudflare-go/firewall_example_test.go
 delete mode 100644 pkg/cloudflare-go/firewall_rules.go
 delete mode 100644 pkg/cloudflare-go/firewall_rules_test.go
 delete mode 100644 pkg/cloudflare-go/firewall_test.go
 delete mode 100644 pkg/cloudflare-go/flake.lock
 delete mode 100644 pkg/cloudflare-go/flake.nix
 delete mode 100644 pkg/cloudflare-go/flox.nix
 delete mode 100644 pkg/cloudflare-go/go.mod
 delete mode 100644 pkg/cloudflare-go/go.sum
 delete mode 100644 pkg/cloudflare-go/healthchecks.go
 delete mode 100644 pkg/cloudflare-go/healthchecks_test.go
 delete mode 100644 pkg/cloudflare-go/hyperdrive.go
 delete mode 100644 pkg/cloudflare-go/hyperdrive_test.go
 delete mode 100644 pkg/cloudflare-go/images.go
 delete mode 100644 pkg/cloudflare-go/images_test.go
 delete mode 100644 pkg/cloudflare-go/images_variants.go
 delete mode 100644 pkg/cloudflare-go/images_variants_test.go
 delete mode 100644 pkg/cloudflare-go/intelligence_asn.go
 delete mode 100644 pkg/cloudflare-go/intelligence_asn_test.go
 delete mode 100644 pkg/cloudflare-go/intelligence_domain.go
 delete mode 100644 pkg/cloudflare-go/intelligence_domain_test.go
 delete mode 100644 pkg/cloudflare-go/intelligence_ip.go
 delete mode 100644 pkg/cloudflare-go/intelligence_ip_test.go
 delete mode 100644 pkg/cloudflare-go/intelligence_phishing.go
 delete mode 100644 pkg/cloudflare-go/intelligence_phishing_test.go
 delete mode 100644 pkg/cloudflare-go/intelligence_whois.go
 delete mode 100644 pkg/cloudflare-go/intelligence_whois_test.go
 delete mode 100644 pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
 delete mode 100644 pkg/cloudflare-go/internal/tools/go.mod
 delete mode 100644 pkg/cloudflare-go/internal/tools/go.sum
 delete mode 100644 pkg/cloudflare-go/internal/tools/tools.go
 delete mode 100644 pkg/cloudflare-go/ip_access_rules.go
 delete mode 100644 pkg/cloudflare-go/ip_access_rules_test.go
 delete mode 100644 pkg/cloudflare-go/ip_list.go
 delete mode 100644 pkg/cloudflare-go/ip_list_test.go
 delete mode 100644 pkg/cloudflare-go/ips.go
 delete mode 100644 pkg/cloudflare-go/ips_test.go
 delete mode 100644 pkg/cloudflare-go/keyless.go
 delete mode 100644 pkg/cloudflare-go/keyless_test.go
 delete mode 100644 pkg/cloudflare-go/list.go
 delete mode 100644 pkg/cloudflare-go/list_test.go
 delete mode 100644 pkg/cloudflare-go/load_balancing.go
 delete mode 100644 pkg/cloudflare-go/load_balancing_example_test.go
 delete mode 100644 pkg/cloudflare-go/load_balancing_test.go
 delete mode 100644 pkg/cloudflare-go/lockdown.go
 delete mode 100644 pkg/cloudflare-go/lockdown_example_test.go
 delete mode 100644 pkg/cloudflare-go/lockdown_test.go
 delete mode 100644 pkg/cloudflare-go/logger.go
 delete mode 100644 pkg/cloudflare-go/logpull.go
 delete mode 100644 pkg/cloudflare-go/logpull_test.go
 delete mode 100644 pkg/cloudflare-go/logpush.go
 delete mode 100644 pkg/cloudflare-go/logpush_example_test.go
 delete mode 100644 pkg/cloudflare-go/logpush_test.go
 delete mode 100644 pkg/cloudflare-go/magic_firewall_rulesets.go
 delete mode 100644 pkg/cloudflare-go/magic_firewall_rulesets_test.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_gre_tunnel.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_static_routes.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_static_routes_test.go
 delete mode 100644 pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
 delete mode 100644 pkg/cloudflare-go/managed_headers.go
 delete mode 100644 pkg/cloudflare-go/managed_headers_test.go
 delete mode 100644 pkg/cloudflare-go/miscategorization.go
 delete mode 100644 pkg/cloudflare-go/miscategorization_test.go
 delete mode 100644 pkg/cloudflare-go/mtls_certificates.go
 delete mode 100644 pkg/cloudflare-go/mtls_certificates_test.go
 delete mode 100644 pkg/cloudflare-go/notifications.go
 delete mode 100644 pkg/cloudflare-go/notifications_test.go
 delete mode 100644 pkg/cloudflare-go/observatory.go
 delete mode 100644 pkg/cloudflare-go/observatory_test.go
 delete mode 100644 pkg/cloudflare-go/options.go
 delete mode 100644 pkg/cloudflare-go/origin_ca.go
 delete mode 100644 pkg/cloudflare-go/origin_ca_test.go
 delete mode 100644 pkg/cloudflare-go/page_rules.go
 delete mode 100644 pkg/cloudflare-go/page_rules_example_test.go
 delete mode 100644 pkg/cloudflare-go/page_rules_test.go
 delete mode 100644 pkg/cloudflare-go/page_shield.go
 delete mode 100644 pkg/cloudflare-go/page_shield_connections.go
 delete mode 100644 pkg/cloudflare-go/page_shield_connections_test.go
 delete mode 100644 pkg/cloudflare-go/page_shield_policies.go
 delete mode 100644 pkg/cloudflare-go/page_shield_policies_test.go
 delete mode 100644 pkg/cloudflare-go/page_shield_scripts.go
 delete mode 100644 pkg/cloudflare-go/page_shield_scripts_test.go
 delete mode 100644 pkg/cloudflare-go/page_shield_test.go
 delete mode 100644 pkg/cloudflare-go/pages_deployment.go
 delete mode 100644 pkg/cloudflare-go/pages_deployment_test.go
 delete mode 100644 pkg/cloudflare-go/pages_domain.go
 delete mode 100644 pkg/cloudflare-go/pages_domain_test.go
 delete mode 100644 pkg/cloudflare-go/pages_project.go
 delete mode 100644 pkg/cloudflare-go/pages_project_test.go
 delete mode 100644 pkg/cloudflare-go/pagination.go
 delete mode 100644 pkg/cloudflare-go/pagination_test.go
 delete mode 100644 pkg/cloudflare-go/per_hostname_tls_settings.go
 delete mode 100644 pkg/cloudflare-go/per_hostname_tls_settings_test.go
 delete mode 100644 pkg/cloudflare-go/permission_group.go
 delete mode 100644 pkg/cloudflare-go/permission_group_test.go
 delete mode 100644 pkg/cloudflare-go/policy.go
 delete mode 100644 pkg/cloudflare-go/queue.go
 delete mode 100644 pkg/cloudflare-go/queue_test.go
 delete mode 100644 pkg/cloudflare-go/r2_bucket.go
 delete mode 100644 pkg/cloudflare-go/r2_bucket_test.go
 delete mode 100644 pkg/cloudflare-go/rate_limiting.go
 delete mode 100644 pkg/cloudflare-go/rate_limiting_example_test.go
 delete mode 100644 pkg/cloudflare-go/rate_limiting_test.go
 delete mode 100644 pkg/cloudflare-go/regional_hostnames.go
 delete mode 100644 pkg/cloudflare-go/regional_hostnames_test.go
 delete mode 100644 pkg/cloudflare-go/regional_tiered_cache.go
 delete mode 100644 pkg/cloudflare-go/regional_tiered_cache_test.go
 delete mode 100644 pkg/cloudflare-go/registrar.go
 delete mode 100644 pkg/cloudflare-go/registrar_example_test.go
 delete mode 100644 pkg/cloudflare-go/registrar_test.go
 delete mode 100644 pkg/cloudflare-go/resource.go
 delete mode 100644 pkg/cloudflare-go/resource_group.go
 delete mode 100644 pkg/cloudflare-go/resource_group_test.go
 delete mode 100644 pkg/cloudflare-go/resource_test.go
 delete mode 100644 pkg/cloudflare-go/rulesets.go
 delete mode 100644 pkg/cloudflare-go/rulesets_test.go
 delete mode 100644 pkg/cloudflare-go/scripts/changelog.tmpl
 delete mode 100755 pkg/cloudflare-go/scripts/generate-changelog-entry.sh
 delete mode 100755 pkg/cloudflare-go/scripts/generate-changelog.sh
 delete mode 100644 pkg/cloudflare-go/scripts/release-note.tmpl
 delete mode 100644 pkg/cloudflare-go/secondary_dns_primaries.go
 delete mode 100644 pkg/cloudflare-go/secondary_dns_primaries_test.go
 delete mode 100644 pkg/cloudflare-go/secondary_dns_tsig.go
 delete mode 100644 pkg/cloudflare-go/secondary_dns_tsig_test.go
 delete mode 100644 pkg/cloudflare-go/secondary_dns_zone.go
 delete mode 100644 pkg/cloudflare-go/secondary_zone_dns_test.go
 delete mode 100644 pkg/cloudflare-go/spectrum.go
 delete mode 100644 pkg/cloudflare-go/spectrum_test.go
 delete mode 100644 pkg/cloudflare-go/split_tunnel.go
 delete mode 100644 pkg/cloudflare-go/split_tunnel_test.go
 delete mode 100644 pkg/cloudflare-go/ssl.go
 delete mode 100644 pkg/cloudflare-go/ssl_test.go
 delete mode 100644 pkg/cloudflare-go/stack_rulesest.go
 delete mode 100644 pkg/cloudflare-go/stream.go
 delete mode 100644 pkg/cloudflare-go/stream_test.go
 delete mode 100644 pkg/cloudflare-go/sts.go
 delete mode 100644 pkg/cloudflare-go/teams_accounts.go
 delete mode 100644 pkg/cloudflare-go/teams_accounts_test.go
 delete mode 100644 pkg/cloudflare-go/teams_audit_ssh_settings.go
 delete mode 100644 pkg/cloudflare-go/teams_audit_ssh_settings_test.go
 delete mode 100644 pkg/cloudflare-go/teams_devices.go
 delete mode 100644 pkg/cloudflare-go/teams_devices_test.go
 delete mode 100644 pkg/cloudflare-go/teams_list.go
 delete mode 100644 pkg/cloudflare-go/teams_list_test.go
 delete mode 100644 pkg/cloudflare-go/teams_locations.go
 delete mode 100644 pkg/cloudflare-go/teams_locations_test.go
 delete mode 100644 pkg/cloudflare-go/teams_proxy_endpoints.go
 delete mode 100644 pkg/cloudflare-go/teams_proxy_endpoints_test.go
 delete mode 100644 pkg/cloudflare-go/teams_rules.go
 delete mode 100644 pkg/cloudflare-go/teams_rules_test.go
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
 delete mode 100644 pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
 delete mode 100644 pkg/cloudflare-go/tiered_cache.go
 delete mode 100644 pkg/cloudflare-go/tiered_cache_test.go
 delete mode 100644 pkg/cloudflare-go/total_tls.go
 delete mode 100644 pkg/cloudflare-go/total_tls_test.go
 delete mode 100644 pkg/cloudflare-go/tunnel.go
 delete mode 100644 pkg/cloudflare-go/tunnel_routes.go
 delete mode 100644 pkg/cloudflare-go/tunnel_routes_test.go
 delete mode 100644 pkg/cloudflare-go/tunnel_test.go
 delete mode 100644 pkg/cloudflare-go/tunnel_virtual_networks.go
 delete mode 100644 pkg/cloudflare-go/tunnel_virtual_networks_test.go
 delete mode 100644 pkg/cloudflare-go/turnstile.go
 delete mode 100644 pkg/cloudflare-go/turnstile_test.go
 delete mode 100644 pkg/cloudflare-go/universal_ssl.go
 delete mode 100644 pkg/cloudflare-go/universal_ssl_test.go
 delete mode 100644 pkg/cloudflare-go/url_normalization_settings.go
 delete mode 100644 pkg/cloudflare-go/url_normalization_settings_test.go
 delete mode 100644 pkg/cloudflare-go/user.go
 delete mode 100644 pkg/cloudflare-go/user_agent.go
 delete mode 100644 pkg/cloudflare-go/user_agent_example_test.go
 delete mode 100644 pkg/cloudflare-go/user_test.go
 delete mode 100644 pkg/cloudflare-go/utils.go
 delete mode 100644 pkg/cloudflare-go/utils_test.go
 delete mode 100644 pkg/cloudflare-go/waf.go
 delete mode 100644 pkg/cloudflare-go/waf_overrides.go
 delete mode 100644 pkg/cloudflare-go/waf_overrides_test.go
 delete mode 100644 pkg/cloudflare-go/waf_test.go
 delete mode 100644 pkg/cloudflare-go/waiting_room.go
 delete mode 100644 pkg/cloudflare-go/waiting_room_test.go
 delete mode 100644 pkg/cloudflare-go/web3.go
 delete mode 100644 pkg/cloudflare-go/web3_test.go
 delete mode 100644 pkg/cloudflare-go/web_analytics.go
 delete mode 100644 pkg/cloudflare-go/web_analytics_test.go
 delete mode 100644 pkg/cloudflare-go/workers.go
 delete mode 100644 pkg/cloudflare-go/workers_account_settings.go
 delete mode 100644 pkg/cloudflare-go/workers_account_settings_test.go
 delete mode 100644 pkg/cloudflare-go/workers_bindings.go
 delete mode 100644 pkg/cloudflare-go/workers_bindings_test.go
 delete mode 100644 pkg/cloudflare-go/workers_cron_triggers.go
 delete mode 100644 pkg/cloudflare-go/workers_cron_triggers_test.go
 delete mode 100644 pkg/cloudflare-go/workers_domain.go
 delete mode 100644 pkg/cloudflare-go/workers_domain_test.go
 delete mode 100644 pkg/cloudflare-go/workers_for_platforms.go
 delete mode 100644 pkg/cloudflare-go/workers_for_platforms_test.go
 delete mode 100644 pkg/cloudflare-go/workers_kv.go
 delete mode 100644 pkg/cloudflare-go/workers_kv_example_test.go
 delete mode 100644 pkg/cloudflare-go/workers_kv_test.go
 delete mode 100644 pkg/cloudflare-go/workers_routes.go
 delete mode 100644 pkg/cloudflare-go/workers_routes_test.go
 delete mode 100644 pkg/cloudflare-go/workers_secrets.go
 delete mode 100644 pkg/cloudflare-go/workers_secrets_test.go
 delete mode 100644 pkg/cloudflare-go/workers_subdomain.go
 delete mode 100644 pkg/cloudflare-go/workers_subdomain_test.go
 delete mode 100644 pkg/cloudflare-go/workers_tail.go
 delete mode 100644 pkg/cloudflare-go/workers_tail_test.go
 delete mode 100644 pkg/cloudflare-go/workers_test.go
 delete mode 100644 pkg/cloudflare-go/zaraz.go
 delete mode 100644 pkg/cloudflare-go/zaraz_test.go
 delete mode 100644 pkg/cloudflare-go/zone.go
 delete mode 100644 pkg/cloudflare-go/zone_cache_variants.go
 delete mode 100644 pkg/cloudflare-go/zone_cache_variants_test.go
 delete mode 100644 pkg/cloudflare-go/zone_example_test.go
 delete mode 100644 pkg/cloudflare-go/zone_hold.go
 delete mode 100644 pkg/cloudflare-go/zone_hold_test.go
 delete mode 100644 pkg/cloudflare-go/zone_test.go
 delete mode 100644 pkg/cloudflare-go/zones.go
 delete mode 100644 pkg/cloudflare-go/zt_risk_behaviors.go
 delete mode 100644 pkg/cloudflare-go/zt_risk_behaviors_test.go

diff --git a/go.mod b/go.mod
index 04cf888d98..e35fefb20f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,8 +6,6 @@ retract v4.8.0
 
 require google.golang.org/protobuf v1.34.2 // indirect
 
-replace github.com/cloudflare/cloudflare-go => ./pkg/cloudflare-go
-
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
@@ -26,7 +24,7 @@ require (
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6
-	github.com/cloudflare/cloudflare-go v0.101.0
+	github.com/cloudflare/cloudflare-go v0.102.0
 	github.com/digitalocean/godo v1.119.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -53,8 +51,8 @@ require (
 	github.com/transip/gotransip/v6 v6.25.0
 	github.com/urfave/cli/v2 v2.27.3
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.25.0 // indirect
-	golang.org/x/net v0.27.0
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.22.0
 	google.golang.org/api v0.190.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.0
@@ -73,7 +71,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
-	golang.org/x/text v0.16.0
+	golang.org/x/text v0.17.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -155,8 +153,8 @@ require (
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	golang.org/x/mod v0.19.0 // indirect
-	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	golang.org/x/tools v0.23.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect
diff --git a/go.sum b/go.sum
index 39a5811cbc..53f2bee059 100644
--- a/go.sum
+++ b/go.sum
@@ -89,6 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cloudflare/cloudflare-go v0.102.0 h1:+0MGbkirM/yzVLOYpWMgW7CDdKzesSbdwA2Y+rABrWI=
+github.com/cloudflare/cloudflare-go v0.102.0/go.mod h1:BOB41tXf31ti/qtBO9paYhyapotQbGRDbQoLOAF7pSg=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -447,8 +449,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
-golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
+golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
@@ -479,8 +481,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
-golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
 golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -491,8 +493,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
+golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -520,8 +522,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
-golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
+golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -539,8 +541,8 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
+golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
diff --git a/pkg/cloudflare-go/.changelog/1001.txt b/pkg/cloudflare-go/.changelog/1001.txt
deleted file mode 100644
index 8893559c6c..0000000000
--- a/pkg/cloudflare-go/.changelog/1001.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:note
-docs: add release notes
-```
diff --git a/pkg/cloudflare-go/.changelog/1002.txt b/pkg/cloudflare-go/.changelog/1002.txt
deleted file mode 100644
index a601dd904c..0000000000
--- a/pkg/cloudflare-go/.changelog/1002.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-rulesets: fix sni action parameter
-```
diff --git a/pkg/cloudflare-go/.changelog/1003.txt b/pkg/cloudflare-go/.changelog/1003.txt
deleted file mode 100644
index 2671840cc5..0000000000
--- a/pkg/cloudflare-go/.changelog/1003.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps github.com/urfave/cli/v2 from 2.11.0 to 2.11.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1004.txt b/pkg/cloudflare-go/.changelog/1004.txt
deleted file mode 100644
index 3e5f12334b..0000000000
--- a/pkg/cloudflare-go/.changelog/1004.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-firewall_rule: automatically paginate `List` results unless `Page` and `PerPage` are provided
-```
-
-```release-note:enhancement
-filter: automatically paginate `List` results unless `Page` and `PerPage` are provided
-```
diff --git a/pkg/cloudflare-go/.changelog/1005.txt b/pkg/cloudflare-go/.changelog/1005.txt
deleted file mode 100644
index c6666cccaf..0000000000
--- a/pkg/cloudflare-go/.changelog/1005.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1006.txt b/pkg/cloudflare-go/.changelog/1006.txt
deleted file mode 100644
index 334c03dba6..0000000000
--- a/pkg/cloudflare-go/.changelog/1006.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-access_application: fix inability to set bool values to false
-```
diff --git a/pkg/cloudflare-go/.changelog/1008.txt b/pkg/cloudflare-go/.changelog/1008.txt
deleted file mode 100644
index 272bb6e8bc..0000000000
--- a/pkg/cloudflare-go/.changelog/1008.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1010.txt b/pkg/cloudflare-go/.changelog/1010.txt
deleted file mode 100644
index df85b31f4f..0000000000
--- a/pkg/cloudflare-go/.changelog/1010.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Add support to upload module workers
-```
diff --git a/pkg/cloudflare-go/.changelog/1014.txt b/pkg/cloudflare-go/.changelog/1014.txt
deleted file mode 100644
index a9bbb904de..0000000000
--- a/pkg/cloudflare-go/.changelog/1014.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Add support for attaching a worker to a domain
-```
diff --git a/pkg/cloudflare-go/.changelog/1016.txt b/pkg/cloudflare-go/.changelog/1016.txt
deleted file mode 100644
index 753e4646bf..0000000000
--- a/pkg/cloudflare-go/.changelog/1016.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-firewall_rule: fix double endpoint calls & moving towards common method signature
-```
-
-```release-note:enhancement
-filter: fix double endpoint calls & moving towards common method signature
-```
diff --git a/pkg/cloudflare-go/.changelog/1017.txt b/pkg/cloudflare-go/.changelog/1017.txt
deleted file mode 100644
index 56bd303867..0000000000
--- a/pkg/cloudflare-go/.changelog/1017.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-lockdown: automatically paginate `List` results unless `Page` and `PerPage` are provided
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1020.txt b/pkg/cloudflare-go/.changelog/1020.txt
deleted file mode 100644
index 051b9e79d7..0000000000
--- a/pkg/cloudflare-go/.changelog/1020.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1026.txt b/pkg/cloudflare-go/.changelog/1026.txt
deleted file mode 100644
index 3a43ce2de6..0000000000
--- a/pkg/cloudflare-go/.changelog/1026.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers-tail: Add in support for Workers tail API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1027.txt b/pkg/cloudflare-go/.changelog/1027.txt
deleted file mode 100644
index 4661228cdc..0000000000
--- a/pkg/cloudflare-go/.changelog/1027.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers-account-settings: Add in support for Workers account settings API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1028.txt b/pkg/cloudflare-go/.changelog/1028.txt
deleted file mode 100644
index f76d16ff35..0000000000
--- a/pkg/cloudflare-go/.changelog/1028.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-r2: Add in support for creating and deleting R2 buckets
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1030.txt b/pkg/cloudflare-go/.changelog/1030.txt
deleted file mode 100644
index 7a5ff365ac..0000000000
--- a/pkg/cloudflare-go/.changelog/1030.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-tunnel_routes: Fix not removing route when it contains virtual network
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1031.txt b/pkg/cloudflare-go/.changelog/1031.txt
deleted file mode 100644
index 3d039fe454..0000000000
--- a/pkg/cloudflare-go/.changelog/1031.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers-subdomain: Add in support Workers Subdomain API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1032.txt b/pkg/cloudflare-go/.changelog/1032.txt
deleted file mode 100644
index f87cc851e7..0000000000
--- a/pkg/cloudflare-go/.changelog/1032.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-certificate_packs: deprecate "custom" configuration for ACM everywhere
-```
diff --git a/pkg/cloudflare-go/.changelog/1034.txt b/pkg/cloudflare-go/.changelog/1034.txt
deleted file mode 100644
index bd57aca220..0000000000
--- a/pkg/cloudflare-go/.changelog/1034.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-```release-note:enhancement
-email_routing_destination: Adds support for the email routing destination API
-```
-```release-note:enhancement
-email_routing_rules: Adds support for the email routing rules API
-```
-```release-note:enhancement
-email_routing_settings: Adds support for the email routing settings API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1035.txt b/pkg/cloudflare-go/.changelog/1035.txt
deleted file mode 100644
index 4de54becec..0000000000
--- a/pkg/cloudflare-go/.changelog/1035.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-r2: fix create bucket endpoint
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1036.txt b/pkg/cloudflare-go/.changelog/1036.txt
deleted file mode 100644
index a8a4d61cb2..0000000000
--- a/pkg/cloudflare-go/.changelog/1036.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-rulesets: add support for `http_config_settings` phase and supporting actions
-```
diff --git a/pkg/cloudflare-go/.changelog/1037.txt b/pkg/cloudflare-go/.changelog/1037.txt
deleted file mode 100644
index 3159870ac1..0000000000
--- a/pkg/cloudflare-go/.changelog/1037.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps golang.org/x/tools/gopls from 0.9.1 to 0.9.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1038.txt b/pkg/cloudflare-go/.changelog/1038.txt
deleted file mode 100644
index 23286c802d..0000000000
--- a/pkg/cloudflare-go/.changelog/1038.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-```release-note:bug
-email_routing_destination: Update API reference URLs
-```
-```release-note:bug
-email_routing_rules: Update API reference URLs
-```
-```release-note:bug
-email_routing_settings: Update API reference URLs
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1039.txt b/pkg/cloudflare-go/.changelog/1039.txt
deleted file mode 100644
index b98e8ddc9f..0000000000
--- a/pkg/cloudflare-go/.changelog/1039.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps golang.org/x/tools/gopls from 0.9.2 to 0.9.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1040.txt b/pkg/cloudflare-go/.changelog/1040.txt
deleted file mode 100644
index 5f3402d355..0000000000
--- a/pkg/cloudflare-go/.changelog/1040.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Support for multipart encoding for DownloadWorker on a module-format Worker script
-```
diff --git a/pkg/cloudflare-go/.changelog/1042.txt b/pkg/cloudflare-go/.changelog/1042.txt
deleted file mode 100644
index ec8f7cac1b..0000000000
--- a/pkg/cloudflare-go/.changelog/1042.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-provider: bumps github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1043.txt b/pkg/cloudflare-go/.changelog/1043.txt
deleted file mode 100644
index 68ab4727c8..0000000000
--- a/pkg/cloudflare-go/.changelog/1043.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cloudflare: make it clear when the rate limit retries have been exhausted
-```
diff --git a/pkg/cloudflare-go/.changelog/1044.txt b/pkg/cloudflare-go/.changelog/1044.txt
deleted file mode 100644
index f6a1207058..0000000000
--- a/pkg/cloudflare-go/.changelog/1044.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/tools/gopls from 0.9.3 to 0.9.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1046.txt b/pkg/cloudflare-go/.changelog/1046.txt
deleted file mode 100644
index efe78ee9fb..0000000000
--- a/pkg/cloudflare-go/.changelog/1046.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-tunnel_configuration: Remove unnecessary double-unmarshalling due to changes in the API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1047.txt b/pkg/cloudflare-go/.changelog/1047.txt
deleted file mode 100644
index 3b368ea25a..0000000000
--- a/pkg/cloudflare-go/.changelog/1047.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-errors: add some error type convenience functions for mocking and inspection
-```
diff --git a/pkg/cloudflare-go/.changelog/1048.txt b/pkg/cloudflare-go/.changelog/1048.txt
deleted file mode 100644
index 2e671e9a40..0000000000
--- a/pkg/cloudflare-go/.changelog/1048.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-workers_test: Fix incorrect test from PR #1014
-```
diff --git a/pkg/cloudflare-go/.changelog/1049.txt b/pkg/cloudflare-go/.changelog/1049.txt
deleted file mode 100644
index 30e3872323..0000000000
--- a/pkg/cloudflare-go/.changelog/1049.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-workers_test: Use application/json mime-type in headers
-```
diff --git a/pkg/cloudflare-go/.changelog/1051.txt b/pkg/cloudflare-go/.changelog/1051.txt
deleted file mode 100644
index 817fe1bcd1..0000000000
--- a/pkg/cloudflare-go/.changelog/1051.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-pages_project: Add compatibility date and compatibility_flags to pages deployment configs
-```
diff --git a/pkg/cloudflare-go/.changelog/1052.txt b/pkg/cloudflare-go/.changelog/1052.txt
deleted file mode 100644
index e974a16c3c..0000000000
--- a/pkg/cloudflare-go/.changelog/1052.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-zonelockdown: add `Priority` to `ZoneLockdownCreateParams` and `ZoneLockdownUpdateParams`
-```
diff --git a/pkg/cloudflare-go/.changelog/1053.txt b/pkg/cloudflare-go/.changelog/1053.txt
deleted file mode 100644
index b57695a3e3..0000000000
--- a/pkg/cloudflare-go/.changelog/1053.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_account: add support for `suppress_footer`
-```
diff --git a/pkg/cloudflare-go/.changelog/1059.txt b/pkg/cloudflare-go/.changelog/1059.txt
deleted file mode 100644
index 3b9017858a..0000000000
--- a/pkg/cloudflare-go/.changelog/1059.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api_shield: add GET/PUT for API Shield Configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1060.txt b/pkg/cloudflare-go/.changelog/1060.txt
deleted file mode 100644
index 54ec6e02fc..0000000000
--- a/pkg/cloudflare-go/.changelog/1060.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-email_routing_settings: change enable endpoint from `enabled` to `enable`
-```
diff --git a/pkg/cloudflare-go/.changelog/1063.txt b/pkg/cloudflare-go/.changelog/1063.txt
deleted file mode 100644
index e27d99dd19..0000000000
--- a/pkg/cloudflare-go/.changelog/1063.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-r2: Add support for listing R2 buckets
-```
diff --git a/pkg/cloudflare-go/.changelog/1065.txt b/pkg/cloudflare-go/.changelog/1065.txt
deleted file mode 100644
index 9dfbfcc4f5..0000000000
--- a/pkg/cloudflare-go/.changelog/1065.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-```release-note:enhancement
-pages_project: Add `production_branch` field
-```
-```release-note:enhancement
-pages_project: Add `kv_namespaces`, `durable_object_namespaces`, `r2_buckets`, and `d1_databases` bindings to deployment config
-```
-```release-note:enhancement
-pages_project: Add `preview_deployment_setting`, `preview_branch_includes`, and `preview_branch_excludes` to source config
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1066.txt b/pkg/cloudflare-go/.changelog/1066.txt
deleted file mode 100644
index 9e0282172d..0000000000
--- a/pkg/cloudflare-go/.changelog/1066.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-stream: Update pctComplete to string from int
-```
diff --git a/pkg/cloudflare-go/.changelog/1067.txt b/pkg/cloudflare-go/.changelog/1067.txt
deleted file mode 100644
index a560e4ad67..0000000000
--- a/pkg/cloudflare-go/.changelog/1067.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1068.txt b/pkg/cloudflare-go/.changelog/1068.txt
deleted file mode 100644
index fa7259c79a..0000000000
--- a/pkg/cloudflare-go/.changelog/1068.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api: addded context and headers to Raw method
-```
diff --git a/pkg/cloudflare-go/.changelog/1070.txt b/pkg/cloudflare-go/.changelog/1070.txt
deleted file mode 100644
index d3586c87e3..0000000000
--- a/pkg/cloudflare-go/.changelog/1070.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-email_routing_rules: Fix response for email routing catch all rule.
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1071.txt b/pkg/cloudflare-go/.changelog/1071.txt
deleted file mode 100644
index 124a8d7943..0000000000
--- a/pkg/cloudflare-go/.changelog/1071.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-url_normalization_settings: Add APIs to get and update URL normalization settings
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1072.txt b/pkg/cloudflare-go/.changelog/1072.txt
deleted file mode 100644
index 997e350707..0000000000
--- a/pkg/cloudflare-go/.changelog/1072.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-cloudflare: fix nil dereference error in makeRequestWithAuthTypeAndHeaders
-```
diff --git a/pkg/cloudflare-go/.changelog/1073.txt b/pkg/cloudflare-go/.changelog/1073.txt
deleted file mode 100644
index 54216744a6..0000000000
--- a/pkg/cloudflare-go/.changelog/1073.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_account: add support for `os_distro_name` and `os_distro_revision`
-```
diff --git a/pkg/cloudflare-go/.changelog/1074.txt b/pkg/cloudflare-go/.changelog/1074.txt
deleted file mode 100644
index 1ecbf32289..0000000000
--- a/pkg/cloudflare-go/.changelog/1074.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_service_token: add support for refreshing an existing token in place
-```
diff --git a/pkg/cloudflare-go/.changelog/1075.txt b/pkg/cloudflare-go/.changelog/1075.txt
deleted file mode 100644
index 28ef11693c..0000000000
--- a/pkg/cloudflare-go/.changelog/1075.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-auditlogs: add support for hide_user_logs filter parameter
-```
diff --git a/pkg/cloudflare-go/.changelog/1077.txt b/pkg/cloudflare-go/.changelog/1077.txt
deleted file mode 100644
index 1bd73e23ce..0000000000
--- a/pkg/cloudflare-go/.changelog/1077.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.11.2 to 2.14.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1080.txt b/pkg/cloudflare-go/.changelog/1080.txt
deleted file mode 100644
index be26158692..0000000000
--- a/pkg/cloudflare-go/.changelog/1080.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-cloudflare: exiting closer to the source on context timeouts to improve error messaging and better defend from potential edge cases
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1081.txt b/pkg/cloudflare-go/.changelog/1081.txt
deleted file mode 100644
index f513a4d12a..0000000000
--- a/pkg/cloudflare-go/.changelog/1081.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.14.0 to 2.14.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1082.txt b/pkg/cloudflare-go/.changelog/1082.txt
deleted file mode 100644
index 4862971105..0000000000
--- a/pkg/cloudflare-go/.changelog/1082.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-origin certificate: Fix API auth type used
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1084.txt b/pkg/cloudflare-go/.changelog/1084.txt
deleted file mode 100644
index 6599587b71..0000000000
--- a/pkg/cloudflare-go/.changelog/1084.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-load_balancing: update method signatures to match experimental conventions
-```
diff --git a/pkg/cloudflare-go/.changelog/1085.txt b/pkg/cloudflare-go/.changelog/1085.txt
deleted file mode 100644
index bfc984fcbb..0000000000
--- a/pkg/cloudflare-go/.changelog/1085.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.14.1 to 2.15.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1086.txt b/pkg/cloudflare-go/.changelog/1086.txt
deleted file mode 100644
index d62b6d6bed..0000000000
--- a/pkg/cloudflare-go/.changelog/1086.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.15.0 to 2.16.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1087.txt b/pkg/cloudflare-go/.changelog/1087.txt
deleted file mode 100644
index 7a46321d6e..0000000000
--- a/pkg/cloudflare-go/.changelog/1087.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: add input fields for linux OS
-```
diff --git a/pkg/cloudflare-go/.changelog/1088.txt b/pkg/cloudflare-go/.changelog/1088.txt
deleted file mode 100644
index ac1759d7a4..0000000000
--- a/pkg/cloudflare-go/.changelog/1088.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-stream: added metadata support
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1089.txt b/pkg/cloudflare-go/.changelog/1089.txt
deleted file mode 100644
index f0f86c220d..0000000000
--- a/pkg/cloudflare-go/.changelog/1089.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1090.txt b/pkg/cloudflare-go/.changelog/1090.txt
deleted file mode 100644
index 10d1d303fc..0000000000
--- a/pkg/cloudflare-go/.changelog/1090.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-devices_policy: Add support for additional device settings policies
-```
diff --git a/pkg/cloudflare-go/.changelog/1091.txt b/pkg/cloudflare-go/.changelog/1091.txt
deleted file mode 100644
index 3bef7aba3e..0000000000
--- a/pkg/cloudflare-go/.changelog/1091.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancing: support adaptive_routing and location_strategy
-```
diff --git a/pkg/cloudflare-go/.changelog/1093.txt b/pkg/cloudflare-go/.changelog/1093.txt
deleted file mode 100644
index b9ebd562f1..0000000000
--- a/pkg/cloudflare-go/.changelog/1093.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-rulesets: add support for `sensitivity_level` to override all rule sensitivity
-```
diff --git a/pkg/cloudflare-go/.changelog/1094.txt b/pkg/cloudflare-go/.changelog/1094.txt
deleted file mode 100644
index 844eb36ff6..0000000000
--- a/pkg/cloudflare-go/.changelog/1094.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1095.txt b/pkg/cloudflare-go/.changelog/1095.txt
deleted file mode 100644
index aeab97d4af..0000000000
--- a/pkg/cloudflare-go/.changelog/1095.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-account_member: add support for domain scoped roles
-```
-
-```release-note:breaking-change
-account_member: `CreateAccountMember` has been updated to accept a `CreateAccountMemberParams` struct instead of multiple parameters
-```
diff --git a/pkg/cloudflare-go/.changelog/1097.txt b/pkg/cloudflare-go/.changelog/1097.txt
deleted file mode 100644
index b8d6ed8d04..0000000000
--- a/pkg/cloudflare-go/.changelog/1097.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1102.txt b/pkg/cloudflare-go/.changelog/1102.txt
deleted file mode 100644
index 4a7d41aae4..0000000000
--- a/pkg/cloudflare-go/.changelog/1102.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-waiting_room: add support for waiting room rules
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1103.txt b/pkg/cloudflare-go/.changelog/1103.txt
deleted file mode 100644
index 887b42adeb..0000000000
--- a/pkg/cloudflare-go/.changelog/1103.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1104.txt b/pkg/cloudflare-go/.changelog/1104.txt
deleted file mode 100644
index f9b589d0ff..0000000000
--- a/pkg/cloudflare-go/.changelog/1104.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access: add UI read-only field to organizations
-```
diff --git a/pkg/cloudflare-go/.changelog/1105.txt b/pkg/cloudflare-go/.changelog/1105.txt
deleted file mode 100644
index a8631dec87..0000000000
--- a/pkg/cloudflare-go/.changelog/1105.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-total_tls: adds support for TotalTLS
-```
diff --git a/pkg/cloudflare-go/.changelog/1106.txt b/pkg/cloudflare-go/.changelog/1106.txt
deleted file mode 100644
index da158169d9..0000000000
--- a/pkg/cloudflare-go/.changelog/1106.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cloudflare: expose `Messages` from the `Response` object
-```
diff --git a/pkg/cloudflare-go/.changelog/1108.txt b/pkg/cloudflare-go/.changelog/1108.txt
deleted file mode 100644
index 76a58babeb..0000000000
--- a/pkg/cloudflare-go/.changelog/1108.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1111.txt b/pkg/cloudflare-go/.changelog/1111.txt
deleted file mode 100644
index 330d7370ee..0000000000
--- a/pkg/cloudflare-go/.changelog/1111.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: Adds support for DLP resources
-```
diff --git a/pkg/cloudflare-go/.changelog/1112.txt b/pkg/cloudflare-go/.changelog/1112.txt
deleted file mode 100644
index 07aa7b3ccd..0000000000
--- a/pkg/cloudflare-go/.changelog/1112.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1114.txt b/pkg/cloudflare-go/.changelog/1114.txt
deleted file mode 100644
index afef666731..0000000000
--- a/pkg/cloudflare-go/.changelog/1114.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:breaking-change
-teams_list: updated methods to match the experimental client format
-```
-
-```release-note:enhancement
-teams_list: `List` operations now automatically paginate
-```
diff --git a/pkg/cloudflare-go/.changelog/1115.txt b/pkg/cloudflare-go/.changelog/1115.txt
deleted file mode 100644
index b77fa0e558..0000000000
--- a/pkg/cloudflare-go/.changelog/1115.txt
+++ /dev/null
@@ -1,47 +0,0 @@
-```release-note:breaking-change
-workers_kv: `CreateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
-```
-
-```release-note:breaking-change
-workers_kv: `ListWorkersKVNamespaces` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
-```
-
-```release-note:enhancement
-workers_kv: `ListWorkersKVNamespaces` automatically paginates all results unless `PerPage` is defined.
-```
-
-```release-note:breaking-change
-workers_kv: `DeleteWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
-```
-
-```release-note:breaking-change
-workers_kv: `UpdateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md).
-```
-
-```release-note:breaking-change
-workers_kv: `WriteWorkersKV` has been renamed to `WriteWorkersKVEntry`.
-```
-
-```release-note:breaking-change
-workers_kv: `WriteWorkersKVBulk` has been renamed to `WriteWorkersKVEntries`.
-```
-
-```release-note:breaking-change
-workers_kv: `ReadWorkersKV` has been renamed to `GetWorkersKV`.
-```
-
-```release-note:breaking-change
-workers_kv: `DeleteWorkersKV` has been renamed to `DeleteWorkersKVEntry`.
-```
-
-```release-note:breaking-change
-workers_kv: `DeleteWorkersKVBulk` has been renamed to `DeleteWorkersKVEntries`.
-```
-
-```release-note:breaking-change
-workers_kv: `ListWorkersKVs` has been renamed to `ListWorkersKVKeys`.
-```
-
-```release-note:breaking-change
-workers_kv: `ListWorkersKVsWithOptions` has been removed. Use `ListWorkersKVKeys` instead and pass in the options.
-```
diff --git a/pkg/cloudflare-go/.changelog/1116.txt b/pkg/cloudflare-go/.changelog/1116.txt
deleted file mode 100644
index 9e77f42367..0000000000
--- a/pkg/cloudflare-go/.changelog/1116.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: `ioutil` package is being deprecated in favor of `io`
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1117.txt b/pkg/cloudflare-go/.changelog/1117.txt
deleted file mode 100644
index d369999a2e..0000000000
--- a/pkg/cloudflare-go/.changelog/1117.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: remove `github.com/pkg/errors` in favor of `errors`
-```
diff --git a/pkg/cloudflare-go/.changelog/1118.txt b/pkg/cloudflare-go/.changelog/1118.txt
deleted file mode 100644
index 0dbd2bd0d6..0000000000
--- a/pkg/cloudflare-go/.changelog/1118.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.20.2 to 2.20.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1119.txt b/pkg/cloudflare-go/.changelog/1119.txt
deleted file mode 100644
index ec5e9d33ce..0000000000
--- a/pkg/cloudflare-go/.changelog/1119.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1120.txt b/pkg/cloudflare-go/.changelog/1120.txt
deleted file mode 100644
index ca0c26758c..0000000000
--- a/pkg/cloudflare-go/.changelog/1120.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access: add support for service token rotation
-```
diff --git a/pkg/cloudflare-go/.changelog/1121.txt b/pkg/cloudflare-go/.changelog/1121.txt
deleted file mode 100644
index 75e087cdf7..0000000000
--- a/pkg/cloudflare-go/.changelog/1121.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-deps: fix import grouping, code formatting and enable goimports linter
-```
diff --git a/pkg/cloudflare-go/.changelog/1122.txt b/pkg/cloudflare-go/.changelog/1122.txt
deleted file mode 100644
index c5b87f3397..0000000000
--- a/pkg/cloudflare-go/.changelog/1122.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.20.3 to 2.23.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1123.txt b/pkg/cloudflare-go/.changelog/1123.txt
deleted file mode 100644
index 55ad335a0d..0000000000
--- a/pkg/cloudflare-go/.changelog/1123.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5
-```
diff --git a/pkg/cloudflare-go/.changelog/1124.txt b/pkg/cloudflare-go/.changelog/1124.txt
deleted file mode 100644
index a038d1ba01..0000000000
--- a/pkg/cloudflare-go/.changelog/1124.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.23.0 to 2.23.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1125.txt b/pkg/cloudflare-go/.changelog/1125.txt
deleted file mode 100644
index a4bf8cc9e4..0000000000
--- a/pkg/cloudflare-go/.changelog/1125.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.23.2 to 2.23.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1126.txt b/pkg/cloudflare-go/.changelog/1126.txt
deleted file mode 100644
index b6620125fc..0000000000
--- a/pkg/cloudflare-go/.changelog/1126.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: add input fields crowdstrike
-```
diff --git a/pkg/cloudflare-go/.changelog/1127.txt b/pkg/cloudflare-go/.changelog/1127.txt
deleted file mode 100644
index 36d4124da5..0000000000
--- a/pkg/cloudflare-go/.changelog/1127.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.23.4 to 2.23.5
-```
diff --git a/pkg/cloudflare-go/.changelog/1130.txt b/pkg/cloudflare-go/.changelog/1130.txt
deleted file mode 100644
index 229e12b783..0000000000
--- a/pkg/cloudflare-go/.changelog/1130.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers_domain: add support for workers domain API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1131.txt b/pkg/cloudflare-go/.changelog/1131.txt
deleted file mode 100644
index 1434c51d66..0000000000
--- a/pkg/cloudflare-go/.changelog/1131.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-queue: add support queue API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1133.txt b/pkg/cloudflare-go/.changelog/1133.txt
deleted file mode 100644
index 9ebbd785e0..0000000000
--- a/pkg/cloudflare-go/.changelog/1133.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Support for Workers Analytics Engine bindings
-```
diff --git a/pkg/cloudflare-go/.changelog/1135.txt b/pkg/cloudflare-go/.changelog/1135.txt
deleted file mode 100644
index 8b98f7cb68..0000000000
--- a/pkg/cloudflare-go/.changelog/1135.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:note
-pages: removed the v1 logs endpoint for Pages deployments. Please switch to v2: https://developers.cloudflare.com/api/operations/pages-deployment-get-deployment-logs
-```
diff --git a/pkg/cloudflare-go/.changelog/1136.txt b/pkg/cloudflare-go/.changelog/1136.txt
deleted file mode 100644
index 976f76ea7c..0000000000
--- a/pkg/cloudflare-go/.changelog/1136.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-pages: Updates bindings and other Functions related propreties. Service bindings, secrets, fail open/close and usage model are all now supported.
-```
-
-```release-note:breaking-change
-pages: Changed the type of EnvVars in PagesProjectDeploymentConfigEnvironment & PagesProjectDeployment in order to properly support secrets.
-```
diff --git a/pkg/cloudflare-go/.changelog/1137.txt b/pkg/cloudflare-go/.changelog/1137.txt
deleted file mode 100644
index b479d14d44..0000000000
--- a/pkg/cloudflare-go/.changelog/1137.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-```release-note:note
-workers: all worker methods have been split into product ownership(-ish) files
-```
-
-```release-note:note
-workers: all worker methods now require an explicit `ResourceContainer` for endpoints instead of relying on the globally defined `api.AccountID`
-```
-
-```release-note:breaking-change
-workers: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers: API operations now target account level resources instead of older zone level resources (these are a 1:1 now)
-```
-
-```release-note:breaking-change
-workers_bindings: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers_kv: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers_tails: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers_secrets: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers_routes: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-workers_cron_triggers: method signatures have been updated to align with the upcoming client conventions
-```
diff --git a/pkg/cloudflare-go/.changelog/1138.txt b/pkg/cloudflare-go/.changelog/1138.txt
deleted file mode 100644
index 69b22055c3..0000000000
--- a/pkg/cloudflare-go/.changelog/1138.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-adds OriginRequest field to UnvalidatedIngressRule struct.
-```
diff --git a/pkg/cloudflare-go/.changelog/1139.txt b/pkg/cloudflare-go/.changelog/1139.txt
deleted file mode 100644
index 71f26a2e88..0000000000
--- a/pkg/cloudflare-go/.changelog/1139.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.23.5 to 2.23.6
-```
diff --git a/pkg/cloudflare-go/.changelog/1140.txt b/pkg/cloudflare-go/.changelog/1140.txt
deleted file mode 100644
index f6b31ad5a8..0000000000
--- a/pkg/cloudflare-go/.changelog/1140.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cache_rules: add ignore option to query string struct
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1142.txt b/pkg/cloudflare-go/.changelog/1142.txt
deleted file mode 100644
index 48f9efbcd7..0000000000
--- a/pkg/cloudflare-go/.changelog/1142.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_rules: adds support for Egress Policies
-```
diff --git a/pkg/cloudflare-go/.changelog/1146.txt b/pkg/cloudflare-go/.changelog/1146.txt
deleted file mode 100644
index 76ce4035d9..0000000000
--- a/pkg/cloudflare-go/.changelog/1146.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1148.txt b/pkg/cloudflare-go/.changelog/1148.txt
deleted file mode 100644
index 55149599e0..0000000000
--- a/pkg/cloudflare-go/.changelog/1148.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-managed_networks: add CRUD functionality for managednetworks
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1149.txt b/pkg/cloudflare-go/.changelog/1149.txt
deleted file mode 100644
index c6c40af07d..0000000000
--- a/pkg/cloudflare-go/.changelog/1149.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-tiered_cache: Add support for Tiered Caching interactions for setting Smart and Generic topologies
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1150.txt b/pkg/cloudflare-go/.changelog/1150.txt
deleted file mode 100644
index ef7d48cd3c..0000000000
--- a/pkg/cloudflare-go/.changelog/1150.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-mtls_certificate: add support for managing mTLS certificates and assocations
-```
diff --git a/pkg/cloudflare-go/.changelog/1151.txt b/pkg/cloudflare-go/.changelog/1151.txt
deleted file mode 100644
index 5482d72f8e..0000000000
--- a/pkg/cloudflare-go/.changelog/1151.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-```release-note:enhancement
-dns: add support for tags and comments
-```
-
-```release-note:breaking-change
-dns: method signatures have been updated to align with the upcoming client conventions
-```
-
-```release-note:breaking-change
-dns: `DNSRecords` has been renamed to `ListDNSRecords`
-```
-
-```release-note:breaking-change
-dns: `DNSRecord` has been renamed to `GetDNSRecord`
-```
diff --git a/pkg/cloudflare-go/.changelog/1155.txt b/pkg/cloudflare-go/.changelog/1155.txt
deleted file mode 100644
index d2572b3dfa..0000000000
--- a/pkg/cloudflare-go/.changelog/1155.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-workers: correctly set `body` value for non-ES module uploads
-```
diff --git a/pkg/cloudflare-go/.changelog/1156.txt b/pkg/cloudflare-go/.changelog/1156.txt
deleted file mode 100644
index 2a19167b7d..0000000000
--- a/pkg/cloudflare-go/.changelog/1156.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-```release-note:bug
-firewall_rules: use empty reponse struct on each page call
-```
-
-```release-note:bug
-filter: use empty reponse struct on each page call
-```
-
-```release-note:bug
-email_routing_destination: use empty reponse struct on each page call
-```
-
-```release-note:bug
-email_routing_rules: use empty reponse struct on each page call
-```
-
-```release-note:bug
-lockdown: use empty reponse struct on each page call
-```
-
-```release-note:bug
-queue: use empty reponse struct on each page call
-```
-
-```release-note:bug
-teams_list: use empty reponse struct on each page call
-```
-
-```release-note:bug
-workers_kv: use empty reponse struct on each page call
-```
diff --git a/pkg/cloudflare-go/.changelog/1159.txt b/pkg/cloudflare-go/.changelog/1159.txt
deleted file mode 100644
index 5aca5dc5ba..0000000000
--- a/pkg/cloudflare-go/.changelog/1159.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_organization: add user_seat_expiration_inactive_time field
-```
diff --git a/pkg/cloudflare-go/.changelog/1160.txt b/pkg/cloudflare-go/.changelog/1160.txt
deleted file mode 100644
index b4893dc46b..0000000000
--- a/pkg/cloudflare-go/.changelog/1160.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Add support for workers logpush enablement on script upload
-```
diff --git a/pkg/cloudflare-go/.changelog/1161.txt b/pkg/cloudflare-go/.changelog/1161.txt
deleted file mode 100644
index 5578937b36..0000000000
--- a/pkg/cloudflare-go/.changelog/1161.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-```release-note:enhancement
-origin_ca: add support for using API keys, API tokens or API User service keys for interacting with Origin CA endpoints
-```
-
-```release-note:breaking-change
-origin_ca: renamed to `CreateOriginCertificate` to `CreateOriginCACertificate`
-```
-
-```release-note:breaking-change
-origin_ca: renamed to `OriginCertificates` to `ListOriginCACertificates`
-```
-
-```release-note:breaking-change
-origin_ca: renamed to `OriginCertificate` to `GetOriginCACertificate`
-```
-
-```release-note:breaking-change
-origin_ca: renamed to `RevokeOriginCertificate` to `RevokeOriginCACertificate`
-```
-
-```release-note:breaking-change
-origin_ca: renamed to `OriginCARootCertificate` to `GetOriginCARootCertificate`
-```
diff --git a/pkg/cloudflare-go/.changelog/1162.txt b/pkg/cloudflare-go/.changelog/1162.txt
deleted file mode 100644
index 871465c057..0000000000
--- a/pkg/cloudflare-go/.changelog/1162.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1164.txt b/pkg/cloudflare-go/.changelog/1164.txt
deleted file mode 100644
index 72272d5df3..0000000000
--- a/pkg/cloudflare-go/.changelog/1164.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cloudflare: automatically redact sensitive values from HTTP interactions
-```
diff --git a/pkg/cloudflare-go/.changelog/1167.txt b/pkg/cloudflare-go/.changelog/1167.txt
deleted file mode 100644
index 6dacacf5e7..0000000000
--- a/pkg/cloudflare-go/.changelog/1167.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dns: don't send "priority" for list operations as it isn't supported and is only used for internal filtering
-```
diff --git a/pkg/cloudflare-go/.changelog/1170.txt b/pkg/cloudflare-go/.changelog/1170.txt
deleted file mode 100644
index 0a3b278ea8..0000000000
--- a/pkg/cloudflare-go/.changelog/1170.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:note
-dns: remove additional lookup from `Update` operations when `Name` or `Type` was omitted
-```
-
-```release-note:breaking-change
-dns: remove these read-only fields from `UpdateDNSRecordParams`: `CreatedOn`, `ModifiedOn`, `Meta`, `ZoneID`, `ZoneName`, `Proxiable`, and `Locked`
-```
diff --git a/pkg/cloudflare-go/.changelog/1171.txt b/pkg/cloudflare-go/.changelog/1171.txt
deleted file mode 100644
index 174071f005..0000000000
--- a/pkg/cloudflare-go/.changelog/1171.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dns: update default `per_page` attribute to 100 records
-```
diff --git a/pkg/cloudflare-go/.changelog/1172.txt b/pkg/cloudflare-go/.changelog/1172.txt
deleted file mode 100644
index 9b4a5bff22..0000000000
--- a/pkg/cloudflare-go/.changelog/1172.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-managednetworks: Update should be PUT
-```
diff --git a/pkg/cloudflare-go/.changelog/1173.txt b/pkg/cloudflare-go/.changelog/1173.txt
deleted file mode 100644
index 403a2feff3..0000000000
--- a/pkg/cloudflare-go/.changelog/1173.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:bug
-dns: the field `Tags` in `ListDNSRecordsParams` was not correctly serialized into URL queries
-```
-
-```release-note:enhancement
-dns: the URL parameter `tag-match` for listing DNS records is now supported as the field `TagMatch` in `ListDNSRecordsParams`
-```
-
-```release-note:breaking-change
-dns: the fields `CreatedOn` and `ModifiedOn` are removed from `ListDNSRecordsParams`
-```
diff --git a/pkg/cloudflare-go/.changelog/1174.txt b/pkg/cloudflare-go/.changelog/1174.txt
deleted file mode 100644
index 686be2ad19..0000000000
--- a/pkg/cloudflare-go/.changelog/1174.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dns: `GetDNSRecord`, `UpdateDNSRecord` and `DeleteDNSRecord` now return the new, dedicated error `ErrMissingDNSRecordID` when an empty DNS record ID is given.
-```
diff --git a/pkg/cloudflare-go/.changelog/1176.txt b/pkg/cloudflare-go/.changelog/1176.txt
deleted file mode 100644
index 4d3e6d894d..0000000000
--- a/pkg/cloudflare-go/.changelog/1176.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: script upload now supports Queues bindings
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1177.txt b/pkg/cloudflare-go/.changelog/1177.txt
deleted file mode 100644
index bb9f8d81e3..0000000000
--- a/pkg/cloudflare-go/.changelog/1177.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Add support for compatibility_date and compatibility_flags when upoading a worker script
-```
diff --git a/pkg/cloudflare-go/.changelog/1178.txt b/pkg/cloudflare-go/.changelog/1178.txt
deleted file mode 100644
index 08101c917d..0000000000
--- a/pkg/cloudflare-go/.changelog/1178.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_identity_provider: add scim_config field
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1180.txt b/pkg/cloudflare-go/.changelog/1180.txt
deleted file mode 100644
index 8d21a99d74..0000000000
--- a/pkg/cloudflare-go/.changelog/1180.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.23.7 to 2.24.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1181.txt b/pkg/cloudflare-go/.changelog/1181.txt
deleted file mode 100644
index 355b67584b..0000000000
--- a/pkg/cloudflare-go/.changelog/1181.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_organization: add ui_read_only_toggle_reason field
-```
diff --git a/pkg/cloudflare-go/.changelog/1183.txt b/pkg/cloudflare-go/.changelog/1183.txt
deleted file mode 100644
index 01e3947686..0000000000
--- a/pkg/cloudflare-go/.changelog/1183.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-rulesets: add support for `score_per_period` and `score_response_header_name`
-```
diff --git a/pkg/cloudflare-go/.changelog/1184.txt b/pkg/cloudflare-go/.changelog/1184.txt
deleted file mode 100644
index 7e721c577b..0000000000
--- a/pkg/cloudflare-go/.changelog/1184.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6
-```
diff --git a/pkg/cloudflare-go/.changelog/1185.txt b/pkg/cloudflare-go/.changelog/1185.txt
deleted file mode 100644
index 5cf8562005..0000000000
--- a/pkg/cloudflare-go/.changelog/1185.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-magic_transit_ipsec_tunnel: makes customer endpoint an optional field for ipsec tunnel creation
-```
diff --git a/pkg/cloudflare-go/.changelog/1188.txt b/pkg/cloudflare-go/.changelog/1188.txt
deleted file mode 100644
index b478f060d3..0000000000
--- a/pkg/cloudflare-go/.changelog/1188.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-queues: UpdateQueue has been updated to match the API and now correctly updates a Queue's name
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1190.txt b/pkg/cloudflare-go/.changelog/1190.txt
deleted file mode 100644
index 6e12a08b1d..0000000000
--- a/pkg/cloudflare-go/.changelog/1190.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:bug
-stream: Fix a bug that cannot unmarshal video duration number.
-```
-
-```release-note:breaking-change
-stream: StreamVideo.Duration has changed from int to float64.
-```
diff --git a/pkg/cloudflare-go/.changelog/1191.txt b/pkg/cloudflare-go/.changelog/1191.txt
deleted file mode 100644
index f42bc3663c..0000000000
--- a/pkg/cloudflare-go/.changelog/1191.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.24.1 to 2.24.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1192.txt b/pkg/cloudflare-go/.changelog/1192.txt
deleted file mode 100644
index 23cd06d801..0000000000
--- a/pkg/cloudflare-go/.changelog/1192.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1193.txt b/pkg/cloudflare-go/.changelog/1193.txt
deleted file mode 100644
index 461d746f78..0000000000
--- a/pkg/cloudflare-go/.changelog/1193.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp_profile: Add new allowed_match_count field to profiles
-```
diff --git a/pkg/cloudflare-go/.changelog/1195.txt b/pkg/cloudflare-go/.changelog/1195.txt
deleted file mode 100644
index 4642d151ee..0000000000
--- a/pkg/cloudflare-go/.changelog/1195.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dns: allow sending empty strings to remove comments
-```
diff --git a/pkg/cloudflare-go/.changelog/1196.txt b/pkg/cloudflare-go/.changelog/1196.txt
deleted file mode 100644
index fba5681f28..0000000000
--- a/pkg/cloudflare-go/.changelog/1196.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dns: always send `tags` to allow clearing
-```
diff --git a/pkg/cloudflare-go/.changelog/1197.txt b/pkg/cloudflare-go/.changelog/1197.txt
deleted file mode 100644
index 9535b0baeb..0000000000
--- a/pkg/cloudflare-go/.changelog/1197.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_account: add support for `check_disks`
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1199.txt b/pkg/cloudflare-go/.changelog/1199.txt
deleted file mode 100644
index f7cb743b3a..0000000000
--- a/pkg/cloudflare-go/.changelog/1199.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.24.2 to 2.24.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1200.txt b/pkg/cloudflare-go/.changelog/1200.txt
deleted file mode 100644
index 40d4ec4b78..0000000000
--- a/pkg/cloudflare-go/.changelog/1200.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp_profile: Use int rather than uint for allowed_match_count field
-```
diff --git a/pkg/cloudflare-go/.changelog/1202.txt b/pkg/cloudflare-go/.changelog/1202.txt
deleted file mode 100644
index 58c21d62c2..0000000000
--- a/pkg/cloudflare-go/.changelog/1202.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-stream: renamed `RequiredSignedURLs` to `RequireSignedURLs`
-```
diff --git a/pkg/cloudflare-go/.changelog/1205.txt b/pkg/cloudflare-go/.changelog/1205.txt
deleted file mode 100644
index 2573522809..0000000000
--- a/pkg/cloudflare-go/.changelog/1205.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-devices_policy: Add new exclude_office_ips field to policy
-```
diff --git a/pkg/cloudflare-go/.changelog/1206.txt b/pkg/cloudflare-go/.changelog/1206.txt
deleted file mode 100644
index fb12a08ebe..0000000000
--- a/pkg/cloudflare-go/.changelog/1206.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-tunnels: automatically paginate `ListTunnels`
-```
diff --git a/pkg/cloudflare-go/.changelog/1207.txt b/pkg/cloudflare-go/.changelog/1207.txt
deleted file mode 100644
index 7dd4bc7046..0000000000
--- a/pkg/cloudflare-go/.changelog/1207.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cloudflare: make it clearer when we hit a server error and to retry later
-```
diff --git a/pkg/cloudflare-go/.changelog/1208.txt b/pkg/cloudflare-go/.changelog/1208.txt
deleted file mode 100644
index 8075ecc793..0000000000
--- a/pkg/cloudflare-go/.changelog/1208.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_accounts: Add new root_certificate_installation_enabled field
-```
diff --git a/pkg/cloudflare-go/.changelog/1209.txt b/pkg/cloudflare-go/.changelog/1209.txt
deleted file mode 100644
index bc83d55374..0000000000
--- a/pkg/cloudflare-go/.changelog/1209.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dex_test: add CRUD functionality for DEX test configurations
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1210.txt b/pkg/cloudflare-go/.changelog/1210.txt
deleted file mode 100644
index a05f5531d1..0000000000
--- a/pkg/cloudflare-go/.changelog/1210.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.24.3 to 2.24.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1212.txt b/pkg/cloudflare-go/.changelog/1212.txt
deleted file mode 100644
index 8656a47b4a..0000000000
--- a/pkg/cloudflare-go/.changelog/1212.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: Adds support for partial payload logging
-```
diff --git a/pkg/cloudflare-go/.changelog/1213.txt b/pkg/cloudflare-go/.changelog/1213.txt
deleted file mode 100644
index 124db5e916..0000000000
--- a/pkg/cloudflare-go/.changelog/1213.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dex_test: use dex test types and json struct mappings instead of managed networks
-```
diff --git a/pkg/cloudflare-go/.changelog/1214.txt b/pkg/cloudflare-go/.changelog/1214.txt
deleted file mode 100644
index e41d1a146d..0000000000
--- a/pkg/cloudflare-go/.changelog/1214.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_rules: Add `untrusted_cert` rule setting
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1215.txt b/pkg/cloudflare-go/.changelog/1215.txt
deleted file mode 100644
index 44307cf98b..0000000000
--- a/pkg/cloudflare-go/.changelog/1215.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/text from 0.3.7 to 0.3.8
-```
diff --git a/pkg/cloudflare-go/.changelog/1216.txt b/pkg/cloudflare-go/.changelog/1216.txt
deleted file mode 100644
index 44307cf98b..0000000000
--- a/pkg/cloudflare-go/.changelog/1216.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/text from 0.3.7 to 0.3.8
-```
diff --git a/pkg/cloudflare-go/.changelog/1217.txt b/pkg/cloudflare-go/.changelog/1217.txt
deleted file mode 100644
index 0fc959900b..0000000000
--- a/pkg/cloudflare-go/.changelog/1217.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/time from 0.0.0-20220224211638-0e9765cccd65 to 0.3.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1218.txt b/pkg/cloudflare-go/.changelog/1218.txt
deleted file mode 100644
index 148e60cca6..0000000000
--- a/pkg/cloudflare-go/.changelog/1218.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1219.txt b/pkg/cloudflare-go/.changelog/1219.txt
deleted file mode 100644
index 148e60cca6..0000000000
--- a/pkg/cloudflare-go/.changelog/1219.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1220.txt b/pkg/cloudflare-go/.changelog/1220.txt
deleted file mode 100644
index 6f31f37add..0000000000
--- a/pkg/cloudflare-go/.changelog/1220.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1222.txt b/pkg/cloudflare-go/.changelog/1222.txt
deleted file mode 100644
index 5d9a668a01..0000000000
--- a/pkg/cloudflare-go/.changelog/1222.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dns: dont reuse DNSListResponse when using pagination to avoid Proxied pointer overwrite
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1223.txt b/pkg/cloudflare-go/.changelog/1223.txt
deleted file mode 100644
index e046c338bc..0000000000
--- a/pkg/cloudflare-go/.changelog/1223.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add `path_cookie_attribute` app setting
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1226.txt b/pkg/cloudflare-go/.changelog/1226.txt
deleted file mode 100644
index 167b1e6f78..0000000000
--- a/pkg/cloudflare-go/.changelog/1226.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-added audit_ssh to gateway actions, updated gateway rule settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1227.txt b/pkg/cloudflare-go/.changelog/1227.txt
deleted file mode 100644
index 96c1ce0524..0000000000
--- a/pkg/cloudflare-go/.changelog/1227.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-```release-note:breaking-change
-tunnel: renamed `Tunnels` to `ListTunnels`
-```
-
-```release-note:breaking-change
-tunnel: renamed `Tunnel` to `GetTunnel`
-```
-```release-note:enhancement
-tunnel: updated parameters to latest API docs
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1228.txt b/pkg/cloudflare-go/.changelog/1228.txt
deleted file mode 100644
index 72816b5f3d..0000000000
--- a/pkg/cloudflare-go/.changelog/1228.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.7.0 to 0.8.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1229.txt b/pkg/cloudflare-go/.changelog/1229.txt
deleted file mode 100644
index a4b655ccb5..0000000000
--- a/pkg/cloudflare-go/.changelog/1229.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.24.4 to 2.25.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1232.txt b/pkg/cloudflare-go/.changelog/1232.txt
deleted file mode 100644
index c8e3ce2bdd..0000000000
--- a/pkg/cloudflare-go/.changelog/1232.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-addressing: Add `Address Map` support
-```
diff --git a/pkg/cloudflare-go/.changelog/1236.txt b/pkg/cloudflare-go/.changelog/1236.txt
deleted file mode 100644
index bf5b7c4ace..0000000000
--- a/pkg/cloudflare-go/.changelog/1236.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps actions/setup-go from 3 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1237.txt b/pkg/cloudflare-go/.changelog/1237.txt
deleted file mode 100644
index 1c87f2721b..0000000000
--- a/pkg/cloudflare-go/.changelog/1237.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_identity_provider: add `claims` and `scopes` fields
-```
diff --git a/pkg/cloudflare-go/.changelog/1238.txt b/pkg/cloudflare-go/.changelog/1238.txt
deleted file mode 100644
index e01bf64532..0000000000
--- a/pkg/cloudflare-go/.changelog/1238.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-tunnel: Fix 'CreateTunnel' for tunnels using config_src
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1242.txt b/pkg/cloudflare-go/.changelog/1242.txt
deleted file mode 100644
index f847da86f8..0000000000
--- a/pkg/cloudflare-go/.changelog/1242.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:bug
-teams_rules: `AllowChildBypass` changes from a `bool` to `*bool`
-```
-
-```release-note:bug
-teams_rules: `BypassParentRule` changes from a `bool` to `*bool`
-```
diff --git a/pkg/cloudflare-go/.changelog/1243.txt b/pkg/cloudflare-go/.changelog/1243.txt
deleted file mode 100644
index f5c0728ec9..0000000000
--- a/pkg/cloudflare-go/.changelog/1243.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-dns: Changed Create/UpdateDNSRecord method signatures to return (DNSRecord, error)
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1244.txt b/pkg/cloudflare-go/.changelog/1244.txt
deleted file mode 100644
index fa7858c06f..0000000000
--- a/pkg/cloudflare-go/.changelog/1244.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-ssl: make `GeoRestrictions` a pointer inside of ZoneCustomSSL
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1246.txt b/pkg/cloudflare-go/.changelog/1246.txt
deleted file mode 100644
index 678b27fd5e..0000000000
--- a/pkg/cloudflare-go/.changelog/1246.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:note
-dns_firewall: The `OriginIPs` field has been renamed to `UpstreamIPs`.
-```
diff --git a/pkg/cloudflare-go/.changelog/1249.txt b/pkg/cloudflare-go/.changelog/1249.txt
deleted file mode 100644
index 0f2cbedf95..0000000000
--- a/pkg/cloudflare-go/.changelog/1249.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-devices_policy: update `Mode` field to use new `ServiceMode` string type with explicit const service mode values
-```
diff --git a/pkg/cloudflare-go/.changelog/1250.txt b/pkg/cloudflare-go/.changelog/1250.txt
deleted file mode 100644
index 8f1a611d51..0000000000
--- a/pkg/cloudflare-go/.changelog/1250.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.0 to 2.25.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1251.txt b/pkg/cloudflare-go/.changelog/1251.txt
deleted file mode 100644
index b750d6ebf6..0000000000
--- a/pkg/cloudflare-go/.changelog/1251.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:breaking-change
-zone: `ZoneSingleSetting` has been renamed to `GetZoneSetting` and updated method signature inline with our expected conventions
-```
-
-```release-note:breaking-change
-zone: `UpdateZoneSingleSetting` has been renamed to `UpdateZoneSetting` and updated method signature inline with our expected conventions
-```
-
-```release-note:enhancement
-zone: `GetZoneSetting` and `UpdateZoneSetting` now allow configuring the path for where a setting resides instead of assuming `settings`
-```
diff --git a/pkg/cloudflare-go/.changelog/1253.txt b/pkg/cloudflare-go/.changelog/1253.txt
deleted file mode 100644
index a43f5d8cb7..0000000000
--- a/pkg/cloudflare-go/.changelog/1253.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-rulesets: add support for add operation to HTTP header configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1258.txt b/pkg/cloudflare-go/.changelog/1258.txt
deleted file mode 100644
index 09748a6ecf..0000000000
--- a/pkg/cloudflare-go/.changelog/1258.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access: Add `isolation_required` flag to Access policies
-```
diff --git a/pkg/cloudflare-go/.changelog/1260.txt b/pkg/cloudflare-go/.changelog/1260.txt
deleted file mode 100644
index 806345d464..0000000000
--- a/pkg/cloudflare-go/.changelog/1260.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access: Add `auto_redirect_to_identity` flag to Access organizations
-```
diff --git a/pkg/cloudflare-go/.changelog/1261.txt b/pkg/cloudflare-go/.changelog/1261.txt
deleted file mode 100644
index efa0a01bad..0000000000
--- a/pkg/cloudflare-go/.changelog/1261.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-rulesets: add support for the `http_response_compression` phase
-```
-
-```release-note:enhancement
-rulesets: add support for the `compress_response` action
-```
diff --git a/pkg/cloudflare-go/.changelog/1263.txt b/pkg/cloudflare-go/.changelog/1263.txt
deleted file mode 100644
index 785f7c0c13..0000000000
--- a/pkg/cloudflare-go/.changelog/1263.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.8.0 to 0.9.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1264.txt b/pkg/cloudflare-go/.changelog/1264.txt
deleted file mode 100644
index 8c3fff3579..0000000000
--- a/pkg/cloudflare-go/.changelog/1264.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-```release-note:breaking-change
-pages_deployment: add support for auto pagination
-```
-
-```release-note:enchancement
-pages_deployment: add Force to DeletePagesDeploymentParams
-```
-
-```release-note:breaking-change
-pages_deployment: change DeletePagesDeploymentParams to contain all parameters
-```
-
-```release-note:breaking-change
-pages_project: rename PagesProject to GetPagesProject
-```
-
-```release-note:breaking-change
-pages_project: change to use ResourceContainer for account ID
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1265.txt b/pkg/cloudflare-go/.changelog/1265.txt
deleted file mode 100644
index a001f26c5d..0000000000
--- a/pkg/cloudflare-go/.changelog/1265.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-r2_bucket: add support for getting a bucket
-```
-
-```release-note:breaking-change
-r2_bucket: change creation time from string to *time.Time
-```
diff --git a/pkg/cloudflare-go/.changelog/1266.txt b/pkg/cloudflare-go/.changelog/1266.txt
deleted file mode 100644
index 749e3b8c8a..0000000000
--- a/pkg/cloudflare-go/.changelog/1266.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dns: add support for importing and exporting DNS records using BIND file configurations
-```
diff --git a/pkg/cloudflare-go/.changelog/1267.txt b/pkg/cloudflare-go/.changelog/1267.txt
deleted file mode 100644
index 33e3526ec0..0000000000
--- a/pkg/cloudflare-go/.changelog/1267.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-turnstile: add support for turnstile
-```
diff --git a/pkg/cloudflare-go/.changelog/1268.txt b/pkg/cloudflare-go/.changelog/1268.txt
deleted file mode 100644
index 586bac29d8..0000000000
--- a/pkg/cloudflare-go/.changelog/1268.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: add input fields tanium, intune and kolide
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1269.txt b/pkg/cloudflare-go/.changelog/1269.txt
deleted file mode 100644
index 686ac6a9af..0000000000
--- a/pkg/cloudflare-go/.changelog/1269.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1270.txt b/pkg/cloudflare-go/.changelog/1270.txt
deleted file mode 100644
index 4c09f1f51d..0000000000
--- a/pkg/cloudflare-go/.changelog/1270.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-data localization: add support for regional hostnames API
-```
diff --git a/pkg/cloudflare-go/.changelog/1271.txt b/pkg/cloudflare-go/.changelog/1271.txt
deleted file mode 100644
index 664212a1e7..0000000000
--- a/pkg/cloudflare-go/.changelog/1271.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-certificate_packs: add `Status` field to indicate the status of certificate pack
-```
diff --git a/pkg/cloudflare-go/.changelog/1272.txt b/pkg/cloudflare-go/.changelog/1272.txt
deleted file mode 100644
index dfa3888383..0000000000
--- a/pkg/cloudflare-go/.changelog/1272.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-logpush: add support for max upload parameters
-```
diff --git a/pkg/cloudflare-go/.changelog/1274.txt b/pkg/cloudflare-go/.changelog/1274.txt
deleted file mode 100644
index 51deac303d..0000000000
--- a/pkg/cloudflare-go/.changelog/1274.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.1 to 2.25.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1275.txt b/pkg/cloudflare-go/.changelog/1275.txt
deleted file mode 100644
index 718b80065f..0000000000
--- a/pkg/cloudflare-go/.changelog/1275.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-rulesets: allow `PreserveQueryString` to be nullable
-```
diff --git a/pkg/cloudflare-go/.changelog/1276.txt b/pkg/cloudflare-go/.changelog/1276.txt
deleted file mode 100644
index 713898c8db..0000000000
--- a/pkg/cloudflare-go/.changelog/1276.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-waiting_room: add support for zone-level settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1278.txt b/pkg/cloudflare-go/.changelog/1278.txt
deleted file mode 100644
index 64e605cf14..0000000000
--- a/pkg/cloudflare-go/.changelog/1278.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-zone: Added `GetCacheReserve` and `UpdateacheReserve` to allow setting Cache Reserve for a zone.
-```
diff --git a/pkg/cloudflare-go/.changelog/1279.txt b/pkg/cloudflare-go/.changelog/1279.txt
deleted file mode 100644
index 08cd4cab05..0000000000
--- a/pkg/cloudflare-go/.changelog/1279.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-pages: add support for Smart Placement. Added `Placement` in `PagesProjectDeploymentConfigEnvironment`.
-```
-
-```release-note:enhancement
-workers: add support for Smart Placement. Added `Placement` in `CreateWorkerParams`.
-```
diff --git a/pkg/cloudflare-go/.changelog/1280.txt b/pkg/cloudflare-go/.changelog/1280.txt
deleted file mode 100644
index 7f690ce831..0000000000
--- a/pkg/cloudflare-go/.changelog/1280.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.9.0 to 0.10.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1281.txt b/pkg/cloudflare-go/.changelog/1281.txt
deleted file mode 100644
index c11f54ae4d..0000000000
--- a/pkg/cloudflare-go/.changelog/1281.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access: Added `self_hosted_domains` support to access applications
-```
diff --git a/pkg/cloudflare-go/.changelog/1284.txt b/pkg/cloudflare-go/.changelog/1284.txt
deleted file mode 100644
index 0da545211a..0000000000
--- a/pkg/cloudflare-go/.changelog/1284.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-turnstile: remove `SiteKey`/`Secret` being sent in update request body
-```
diff --git a/pkg/cloudflare-go/.changelog/1285.txt b/pkg/cloudflare-go/.changelog/1285.txt
deleted file mode 100644
index 75140aed1b..0000000000
--- a/pkg/cloudflare-go/.changelog/1285.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-turnstile: remove `SiteKey` being sent in rotate secret's request body
-```
diff --git a/pkg/cloudflare-go/.changelog/1286.txt b/pkg/cloudflare-go/.changelog/1286.txt
deleted file mode 100644
index 380cc29730..0000000000
--- a/pkg/cloudflare-go/.changelog/1286.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1287.txt b/pkg/cloudflare-go/.changelog/1287.txt
deleted file mode 100644
index 3e78c82109..0000000000
--- a/pkg/cloudflare-go/.changelog/1287.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1288.txt b/pkg/cloudflare-go/.changelog/1288.txt
deleted file mode 100644
index 7401823441..0000000000
--- a/pkg/cloudflare-go/.changelog/1288.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-lists: add support for hostname and ASN lists.
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1289.txt b/pkg/cloudflare-go/.changelog/1289.txt
deleted file mode 100644
index 1c9e25e7aa..0000000000
--- a/pkg/cloudflare-go/.changelog/1289.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-flarectl/dns: ensure MX priority value is dereferenced
-```
diff --git a/pkg/cloudflare-go/.changelog/1290.txt b/pkg/cloudflare-go/.changelog/1290.txt
deleted file mode 100644
index 70224ff8f5..0000000000
--- a/pkg/cloudflare-go/.changelog/1290.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dns: fix MX record priority not set by UpdateDNSRecord
-```
diff --git a/pkg/cloudflare-go/.changelog/1291.txt b/pkg/cloudflare-go/.changelog/1291.txt
deleted file mode 100644
index 60c5bf456c..0000000000
--- a/pkg/cloudflare-go/.changelog/1291.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-tunnels: add support for `access` and `http2Origin` keys
-```
diff --git a/pkg/cloudflare-go/.changelog/1292.txt b/pkg/cloudflare-go/.changelog/1292.txt
deleted file mode 100644
index 9bd62ebe8f..0000000000
--- a/pkg/cloudflare-go/.changelog/1292.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1293.txt b/pkg/cloudflare-go/.changelog/1293.txt
deleted file mode 100644
index 4c865f5bf5..0000000000
--- a/pkg/cloudflare-go/.changelog/1293.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancing: extend documentation for least_outstanding_requests steering policy
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1294.txt b/pkg/cloudflare-go/.changelog/1294.txt
deleted file mode 100644
index fa92441923..0000000000
--- a/pkg/cloudflare-go/.changelog/1294.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-devices_policy: Add missing description field to policy
-```
diff --git a/pkg/cloudflare-go/.changelog/1295.txt b/pkg/cloudflare-go/.changelog/1295.txt
deleted file mode 100644
index feff3ce194..0000000000
--- a/pkg/cloudflare-go/.changelog/1295.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.3 to 2.25.5
-```
diff --git a/pkg/cloudflare-go/.changelog/1296.txt b/pkg/cloudflare-go/.changelog/1296.txt
deleted file mode 100644
index 5eb7ddda1b..0000000000
--- a/pkg/cloudflare-go/.changelog/1296.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1297.txt b/pkg/cloudflare-go/.changelog/1297.txt
deleted file mode 100644
index cee310173a..0000000000
--- a/pkg/cloudflare-go/.changelog/1297.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-email_routing_destination: return encountered error, not `ErrMissingAccountID` all the time
-```
diff --git a/pkg/cloudflare-go/.changelog/1298.txt b/pkg/cloudflare-go/.changelog/1298.txt
deleted file mode 100644
index fff1d2a2b9..0000000000
--- a/pkg/cloudflare-go/.changelog/1298.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-custom_hostname: add support for `bundle_method` TLS configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1300.txt b/pkg/cloudflare-go/.changelog/1300.txt
deleted file mode 100644
index b065b8252b..0000000000
--- a/pkg/cloudflare-go/.changelog/1300.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.3
-```
diff --git a/pkg/cloudflare-go/.changelog/1301.txt b/pkg/cloudflare-go/.changelog/1301.txt
deleted file mode 100644
index a0982af621..0000000000
--- a/pkg/cloudflare-go/.changelog/1301.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.3 to 0.7.4
-```
diff --git a/pkg/cloudflare-go/.changelog/1302.txt b/pkg/cloudflare-go/.changelog/1302.txt
deleted file mode 100644
index 9be4caa82e..0000000000
--- a/pkg/cloudflare-go/.changelog/1302.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancing: support header session affinity policy
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1303.txt b/pkg/cloudflare-go/.changelog/1303.txt
deleted file mode 100644
index 50a9b97a30..0000000000
--- a/pkg/cloudflare-go/.changelog/1303.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-tunnel: swap `ConnectTimeout`, `TLSTimeout`, `TCPKeepAlive` and `KeepAliveTimeout` to `TunnelDuration` instead of `time.Duration`
-```
diff --git a/pkg/cloudflare-go/.changelog/1304.txt b/pkg/cloudflare-go/.changelog/1304.txt
deleted file mode 100644
index f3e8693e2a..0000000000
--- a/pkg/cloudflare-go/.changelog/1304.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-custom_nameservers: add support for managing custom nameservers
-```
diff --git a/pkg/cloudflare-go/.changelog/1305.txt b/pkg/cloudflare-go/.changelog/1305.txt
deleted file mode 100644
index 1919a14e3f..0000000000
--- a/pkg/cloudflare-go/.changelog/1305.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.5 to 2.25.6
-```
diff --git a/pkg/cloudflare-go/.changelog/1306.txt b/pkg/cloudflare-go/.changelog/1306.txt
deleted file mode 100644
index a655ab47bd..0000000000
--- a/pkg/cloudflare-go/.changelog/1306.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1307.txt b/pkg/cloudflare-go/.changelog/1307.txt
deleted file mode 100644
index ce939ea0c5..0000000000
--- a/pkg/cloudflare-go/.changelog/1307.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.10.0 to 0.11.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1311.txt b/pkg/cloudflare-go/.changelog/1311.txt
deleted file mode 100644
index 46639f877c..0000000000
--- a/pkg/cloudflare-go/.changelog/1311.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-waiting_room: add support for `additional_routes` and `cookie_suffix`
-```
diff --git a/pkg/cloudflare-go/.changelog/1312.txt b/pkg/cloudflare-go/.changelog/1312.txt
deleted file mode 100644
index 9d3d216d11..0000000000
--- a/pkg/cloudflare-go/.changelog/1312.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-railgun: remove support for railgun
-```
diff --git a/pkg/cloudflare-go/.changelog/1313.txt b/pkg/cloudflare-go/.changelog/1313.txt
deleted file mode 100644
index ace0376ab4..0000000000
--- a/pkg/cloudflare-go/.changelog/1313.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:breaking-change
-virtualdns: remove support in favour of newer DNS firewall methods
-```
-
-```release-note:breaking-change
-dns_firewall: modernise method signatures and conventions to align with the experimental client
-```
diff --git a/pkg/cloudflare-go/.changelog/1314.txt b/pkg/cloudflare-go/.changelog/1314.txt
deleted file mode 100644
index 4eb0d0acb6..0000000000
--- a/pkg/cloudflare-go/.changelog/1314.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.6 to 2.25.7
-```
diff --git a/pkg/cloudflare-go/.changelog/1315.txt b/pkg/cloudflare-go/.changelog/1315.txt
deleted file mode 100644
index c5dedfd9a4..0000000000
--- a/pkg/cloudflare-go/.changelog/1315.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:breaking-change
-cloudflare: remove `api.AccountID` from client struct
-```
-
-```release-note:breaking-change
-cloudflare: remove `UsingAccount` in favour of resource specific attributes
-```
diff --git a/pkg/cloudflare-go/.changelog/1316.txt b/pkg/cloudflare-go/.changelog/1316.txt
deleted file mode 100644
index d2588ba25b..0000000000
--- a/pkg/cloudflare-go/.changelog/1316.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: support os_version_extra
-```
diff --git a/pkg/cloudflare-go/.changelog/1317.txt b/pkg/cloudflare-go/.changelog/1317.txt
deleted file mode 100644
index 722e04c20d..0000000000
--- a/pkg/cloudflare-go/.changelog/1317.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: Add ability to specify tail Workers in script metadata
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1319.txt b/pkg/cloudflare-go/.changelog/1319.txt
deleted file mode 100644
index 4235c885cf..0000000000
--- a/pkg/cloudflare-go/.changelog/1319.txt
+++ /dev/null
@@ -1,59 +0,0 @@
-```release-note:breaking-change
-access_application: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_application: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_ca_certificate: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_ca_certificate: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_group: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_group: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_identity_provider: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_identity_provider: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_mutual_tls_certificates: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_mutual_tls_certificates: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_organization: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:breaking-change
-access_policy: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:enhancement
-access_policy: add support for auto pagination
-```
-
-```release-note:breaking-change
-access_service_tokens: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
-
-```release-note:breaking-change
-access_user_token: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods
-```
diff --git a/pkg/cloudflare-go/.changelog/1320.txt b/pkg/cloudflare-go/.changelog/1320.txt
deleted file mode 100644
index 6fe1268d13..0000000000
--- a/pkg/cloudflare-go/.changelog/1320.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.5.1 to 1.6.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1322.txt b/pkg/cloudflare-go/.changelog/1322.txt
deleted file mode 100644
index 9f5c710fec..0000000000
--- a/pkg/cloudflare-go/.changelog/1322.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-```release-note:enhancement
-images: adds support for v2 when uploading images directly
-```
-
-```release-note:breaking-change
-images: updated method signatures of `UploadImage` to match newer conventions and standards
-```
-
-```release-note:breaking-change
-images: updated method signatures of `UpdateImage` to match newer conventions and standards
-```
-
-```release-note:breaking-change
-images: updated method signatures of `ListImages` to match newer conventions and standards
-```
-
-```release-note:breaking-change
-images: updated method signatures of `DeleteImage` to match newer conventions and standards
-```
-
-```release-note:breaking-change
-images: renamed `ImageDetails` to `GetImage` to match library conventions
-```
-
-```release-note:breaking-change
-images: renamed `BaseImage` to `GetBaseImage` to match library conventions
-```
-
-```release-note:breaking-change
-images: renamed `ImagesStats` to `GetImagesStats` to match library conventions
-```
diff --git a/pkg/cloudflare-go/.changelog/1325.txt b/pkg/cloudflare-go/.changelog/1325.txt
deleted file mode 100644
index 0742b1f7fc..0000000000
--- a/pkg/cloudflare-go/.changelog/1325.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-resource_container: expose `Type` on `*ResourceContainer` to explicitly denote what type of resource it is instead of inferring from `Level`.
-```
diff --git a/pkg/cloudflare-go/.changelog/1326.txt b/pkg/cloudflare-go/.changelog/1326.txt
deleted file mode 100644
index fd85096d05..0000000000
--- a/pkg/cloudflare-go/.changelog/1326.txt
+++ /dev/null
@@ -1,83 +0,0 @@
-```release-note:breaking-change
-logpush: all methods are updated to use the newer client conventions for method signatures
-```
-
-```release-note:breaking-change
-logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
-```
-
-```release-note:breaking-change
-logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
-```
diff --git a/pkg/cloudflare-go/.changelog/1328.txt b/pkg/cloudflare-go/.changelog/1328.txt
deleted file mode 100644
index 51d73f8308..0000000000
--- a/pkg/cloudflare-go/.changelog/1328.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.11.0 to 0.12.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1330.txt b/pkg/cloudflare-go/.changelog/1330.txt
deleted file mode 100644
index 630d7ee253..0000000000
--- a/pkg/cloudflare-go/.changelog/1330.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-```release-note:enhancement
-workers: Add support for uploading scripts to a Workers for Platforms namespace.
-```
-
-```release-note:enhancement
-workers: Add support for declaring arbitrary bindings with UnsafeBinding.
-```
-
-```release-note:enhancement
-workers: Add support for uploading workers with Workers for Platforms namespace bindings.
-```
-
-```release-note:enhancement
-workers: Add `pipeline_hash` field to Workers script response struct.
-```
diff --git a/pkg/cloudflare-go/.changelog/1333.txt b/pkg/cloudflare-go/.changelog/1333.txt
deleted file mode 100644
index 81026e8158..0000000000
--- a/pkg/cloudflare-go/.changelog/1333.txt
+++ /dev/null
@@ -1,47 +0,0 @@
-```release-note:breaking-change
-rulesets: `GetZoneRuleset` is removed in favour of `GetRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `GetAccountRuleset` is removed in favour of `GetRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `CreateZoneRuleset` is removed in favour of `CreateRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `CreateAccountRuleset` is removed in favour of `CreateRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `DeleteZoneRuleset` is removed in favour of `DeleteRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `DeleteAccountRuleset` is removed in favour of `DeleteRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `UpdateZoneRuleset` is removed in favour of `UpdateRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `UpdateAccountRuleset` is removed in favour of `UpdateRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `GetZoneRulesetPhase` is removed in favour of `GetEntrypointRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `GetAccountRulesetPhase` is removed in favour of `GetEntrypointRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `UpdateZoneRulesetPhase` is removed in favour of `UpdateEntrypointRuleset`
-```
-
-```release-note:breaking-change
-rulesets: `UpdateAccountRulesetPhase` is removed in favour of `UpdateEntrypointRuleset`
-```
diff --git a/pkg/cloudflare-go/.changelog/1335.txt b/pkg/cloudflare-go/.changelog/1335.txt
deleted file mode 100644
index 13b520854a..0000000000
--- a/pkg/cloudflare-go/.changelog/1335.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-images: adds ability to upload image by url
-```
diff --git a/pkg/cloudflare-go/.changelog/1336.txt b/pkg/cloudflare-go/.changelog/1336.txt
deleted file mode 100644
index f949bdc25e..0000000000
--- a/pkg/cloudflare-go/.changelog/1336.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-zone: Added `GetRegionalTieredCache` and `UpdateRegionalTieredCache` to allow setting Regional Tiered Cache for a zone.
-```
diff --git a/pkg/cloudflare-go/.changelog/1338.txt b/pkg/cloudflare-go/.changelog/1338.txt
deleted file mode 100644
index ce00f1f986..0000000000
--- a/pkg/cloudflare-go/.changelog/1338.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-load_balancing: Fix pool creation with MinimumOrigins set to 0
-```
diff --git a/pkg/cloudflare-go/.changelog/1339.txt b/pkg/cloudflare-go/.changelog/1339.txt
deleted file mode 100644
index 7326b4ede3..0000000000
--- a/pkg/cloudflare-go/.changelog/1339.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-device_posture_rule: support certificate_id and cn for client_certificate posture rule
-```
-
-```release-note:enhancement
-device_posture_rule: support active_threats, network_status, infected, and is_active for sentinelone_s2s posture rule
-```
diff --git a/pkg/cloudflare-go/.changelog/1340.txt b/pkg/cloudflare-go/.changelog/1340.txt
deleted file mode 100644
index beb3997808..0000000000
--- a/pkg/cloudflare-go/.changelog/1340.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams-accounts: Adds support for protocol detection
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1341.txt b/pkg/cloudflare-go/.changelog/1341.txt
deleted file mode 100644
index 8ba43549f9..0000000000
--- a/pkg/cloudflare-go/.changelog/1341.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-flarectl: allow for create or update to actually create the record
-```
diff --git a/pkg/cloudflare-go/.changelog/1343.txt b/pkg/cloudflare-go/.changelog/1343.txt
deleted file mode 100644
index df6721b237..0000000000
--- a/pkg/cloudflare-go/.changelog/1343.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:enhancement
-access_application: Add support for custom pages
-```
-
-```release-note:enhancement
-access_custom_page: Add support for custom pages
-```
-
-```release-note:enhancement
-access_organization: add support for custom pages
-```
diff --git a/pkg/cloudflare-go/.changelog/1344.txt b/pkg/cloudflare-go/.changelog/1344.txt
deleted file mode 100644
index f800df64e0..0000000000
--- a/pkg/cloudflare-go/.changelog/1344.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:enhancement
-access_identity_provider: add attr conditional_access_enabled
-```
-
-```release-note:enhancement
-access_group: add auth_context group ruletype
-```
-
-```release-note:enhancement
-access_identity_provider: add auth context list/put endpoint
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1345.txt b/pkg/cloudflare-go/.changelog/1345.txt
deleted file mode 100644
index 4e748a75c8..0000000000
--- a/pkg/cloudflare-go/.changelog/1345.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-workers: Fix namespace dispatch upload API path
-```
diff --git a/pkg/cloudflare-go/.changelog/1346.txt b/pkg/cloudflare-go/.changelog/1346.txt
deleted file mode 100644
index d9826d0f67..0000000000
--- a/pkg/cloudflare-go/.changelog/1346.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:enhancement
-rulesets: Update API reference links
-```
-
-```release-note:enhancement
-rulesets: Remove internal-only schema kind
-```
-
-```release-note:enhancement
-rulesets: Remove some request parameters that are not allowed or have no effect
-```
diff --git a/pkg/cloudflare-go/.changelog/1347.txt b/pkg/cloudflare-go/.changelog/1347.txt
deleted file mode 100644
index 0271db293b..0000000000
--- a/pkg/cloudflare-go/.changelog/1347.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_service_token: add support for managing `Duration`
-```
diff --git a/pkg/cloudflare-go/.changelog/1348.txt b/pkg/cloudflare-go/.changelog/1348.txt
deleted file mode 100644
index 19eca269ef..0000000000
--- a/pkg/cloudflare-go/.changelog/1348.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-web_analytics: add support for web_analytics API
-```
diff --git a/pkg/cloudflare-go/.changelog/1353.txt b/pkg/cloudflare-go/.changelog/1353.txt
deleted file mode 100644
index e7a0f4024a..0000000000
--- a/pkg/cloudflare-go/.changelog/1353.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.12.0 to 0.13.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1355.txt b/pkg/cloudflare-go/.changelog/1355.txt
deleted file mode 100644
index d19977c085..0000000000
--- a/pkg/cloudflare-go/.changelog/1355.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-cloudflare: `Raw` method now returns a RawResponse rather than the raw JSON `Result` message
-```
diff --git a/pkg/cloudflare-go/.changelog/1356.txt b/pkg/cloudflare-go/.changelog/1356.txt
deleted file mode 100644
index dd94e72a35..0000000000
--- a/pkg/cloudflare-go/.changelog/1356.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-per_hostname_tls_settings: add support for managing hostname level TLS settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1357.txt b/pkg/cloudflare-go/.changelog/1357.txt
deleted file mode 100644
index e6f1f3b8ac..0000000000
--- a/pkg/cloudflare-go/.changelog/1357.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-waiting_room: add support for `queueing_status_code`
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1359.txt b/pkg/cloudflare-go/.changelog/1359.txt
deleted file mode 100644
index 982b4884c0..0000000000
--- a/pkg/cloudflare-go/.changelog/1359.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-streams: adds support to initiate tus upload
-```
diff --git a/pkg/cloudflare-go/.changelog/1360.txt b/pkg/cloudflare-go/.changelog/1360.txt
deleted file mode 100644
index 6b2bbae588..0000000000
--- a/pkg/cloudflare-go/.changelog/1360.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-cloudflare: swap `encoding/json` for `github.com/goccy/go-json`
-```
-
-```release-note:bug
-cache_purge: don't escape HTML entity values in URLs for cache keys
-```
diff --git a/pkg/cloudflare-go/.changelog/1361.txt b/pkg/cloudflare-go/.changelog/1361.txt
deleted file mode 100644
index 0a8293a548..0000000000
--- a/pkg/cloudflare-go/.changelog/1361.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-workers: Add support for retrieving and uploading only script content.
-```
-
-```release-note:enhancement
-workers: Add support for retrieving and uploading only script metadata.
-```
diff --git a/pkg/cloudflare-go/.changelog/1362.txt b/pkg/cloudflare-go/.changelog/1362.txt
deleted file mode 100644
index 6268fe248f..0000000000
--- a/pkg/cloudflare-go/.changelog/1362.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.13.0 to 0.14.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1363.txt b/pkg/cloudflare-go/.changelog/1363.txt
deleted file mode 100644
index e538706f3d..0000000000
--- a/pkg/cloudflare-go/.changelog/1363.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-bot_management: add support for bot_management API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1365.txt b/pkg/cloudflare-go/.changelog/1365.txt
deleted file mode 100644
index 05cd13708c..0000000000
--- a/pkg/cloudflare-go/.changelog/1365.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-zone_hold: add support for zone hold API
-```
diff --git a/pkg/cloudflare-go/.changelog/1366.txt b/pkg/cloudflare-go/.changelog/1366.txt
deleted file mode 100644
index 0590b8e738..0000000000
--- a/pkg/cloudflare-go/.changelog/1366.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: support eid_last_seen and risk_level and correct total_score for Tanium posture rule
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1367.txt b/pkg/cloudflare-go/.changelog/1367.txt
deleted file mode 100644
index 7f86273575..0000000000
--- a/pkg/cloudflare-go/.changelog/1367.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-```release-note:note
-rulesets: Remove non-existent `allow` action
-```
-
-```release-note:enhancement
-rulesets: Add the `ddos_mitigation` action
-```
-
-```release-note:note
-rulesets: Remove non-existent `http_request_main` phase
-```
-
-```release-note:note
-rulesets: Remove non-public `http_response_headers_transform_managed` and `http_request_late_transform_managed` phases
-```
-
-```release-note:breaking-change
-rulesets: Rename `RulesetPhaseRateLimit` to `RulesetPhaseHTTPRatelimit`, to match the phase name
-```
-
-```release-note:breaking-change
-rulesets: Rename `RulesetPhaseSuperBotFightMode` to `RulesetPhaseHTTPRequestSBFM`, to match the phase name
-```
diff --git a/pkg/cloudflare-go/.changelog/1368.txt b/pkg/cloudflare-go/.changelog/1368.txt
deleted file mode 100644
index c58d12c33d..0000000000
--- a/pkg/cloudflare-go/.changelog/1368.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: add support for tagging Worker scripts
-```
diff --git a/pkg/cloudflare-go/.changelog/1369.txt b/pkg/cloudflare-go/.changelog/1369.txt
deleted file mode 100644
index a523c1c9fc..0000000000
--- a/pkg/cloudflare-go/.changelog/1369.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 4.3.0 to 4.4.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1372.txt b/pkg/cloudflare-go/.changelog/1372.txt
deleted file mode 100644
index ec3f514081..0000000000
--- a/pkg/cloudflare-go/.changelog/1372.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-```release-note:bug
-pagination: Will look at `total_count` and `per_page` to calculate `total_pages` if `total_pages` is zero
-```
-
-```release-note:bug
-access_application: Use autopaginate flag as expected
-```
-
-```release-note:bug
-access_ca_certificate: Use autopaginate flag as expected
-```
-
-```release-note:bug
-access_group: Use autopaginate flag as expected
-```
-
-```release-note:bug
-access_mutual_tls_certifcate: Use autopaginate flag as expected
-```
-
-```release-note:bug
-access_policy: Use autopaginate flag as expected
-```
diff --git a/pkg/cloudflare-go/.changelog/1373.txt b/pkg/cloudflare-go/.changelog/1373.txt
deleted file mode 100644
index 9276016d9e..0000000000
--- a/pkg/cloudflare-go/.changelog/1373.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: added custom_non_identity_deny_url
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1374.txt b/pkg/cloudflare-go/.changelog/1374.txt
deleted file mode 100644
index 07bc895bb2..0000000000
--- a/pkg/cloudflare-go/.changelog/1374.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release_note:enhancement
-rulesets: Add support for Proxy Read Timeout configuration via the Rulesets/Cache Rules API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1375.txt b/pkg/cloudflare-go/.changelog/1375.txt
deleted file mode 100644
index a7d2ae9c79..0000000000
--- a/pkg/cloudflare-go/.changelog/1375.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release_note:enhancement
-rulesets: Add support for Additional Cacheable Ports configuration via the Rulesets/Cache Rules API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1376.txt b/pkg/cloudflare-go/.changelog/1376.txt
deleted file mode 100644
index d2881fce35..0000000000
--- a/pkg/cloudflare-go/.changelog/1376.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release_note:enhancement
-rulesets: Add support for Origin Cache Control configuration via the Rulesets/Cache Rules API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1377.txt b/pkg/cloudflare-go/.changelog/1377.txt
deleted file mode 100644
index 0a986b0202..0000000000
--- a/pkg/cloudflare-go/.changelog/1377.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: allow namespaced scripts to be used as Worker tail consumers
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1379.txt b/pkg/cloudflare-go/.changelog/1379.txt
deleted file mode 100644
index d3d637aa9a..0000000000
--- a/pkg/cloudflare-go/.changelog/1379.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:bug
-images: Fix issue parsing Image Details from API due to incorrect struct json field
-```
-
-```release-note:breaking-change
-images: Renamed Image struct "Metadata" field to "Meta"
-```
diff --git a/pkg/cloudflare-go/.changelog/1380.txt b/pkg/cloudflare-go/.changelog/1380.txt
deleted file mode 100644
index 9c00e73ad3..0000000000
--- a/pkg/cloudflare-go/.changelog/1380.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancer_monitor: add support for `consecutive_up`, `consecutive_down`
-```
diff --git a/pkg/cloudflare-go/.changelog/1382.txt b/pkg/cloudflare-go/.changelog/1382.txt
deleted file mode 100644
index 6074328c94..0000000000
--- a/pkg/cloudflare-go/.changelog/1382.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-semgrep: Improved IPv4 validation by implementing a new pattern to handle cases where non-IPv4 addresses were previously accepted.
-```
diff --git a/pkg/cloudflare-go/.changelog/1384.txt b/pkg/cloudflare-go/.changelog/1384.txt
deleted file mode 100644
index 83a5c51b8e..0000000000
--- a/pkg/cloudflare-go/.changelog/1384.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dcv_delegation: add GET for DCV Delegation UUID
-```
diff --git a/pkg/cloudflare-go/.changelog/1385.txt b/pkg/cloudflare-go/.changelog/1385.txt
deleted file mode 100644
index 64d8b965e0..0000000000
--- a/pkg/cloudflare-go/.changelog/1385.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-tunnel: add support for `include_prefix`, `exclude_prefix` in list operations
-```
diff --git a/pkg/cloudflare-go/.changelog/1386.txt b/pkg/cloudflare-go/.changelog/1386.txt
deleted file mode 100644
index 64d0db476a..0000000000
--- a/pkg/cloudflare-go/.changelog/1386.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-streams: adds support for stream create parameters for tus upload initiate
-```
diff --git a/pkg/cloudflare-go/.changelog/1387.txt b/pkg/cloudflare-go/.changelog/1387.txt
deleted file mode 100644
index 10f721589e..0000000000
--- a/pkg/cloudflare-go/.changelog/1387.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps actions/checkout from 3 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1388.txt b/pkg/cloudflare-go/.changelog/1388.txt
deleted file mode 100644
index 1969407f4d..0000000000
--- a/pkg/cloudflare-go/.changelog/1388.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 4.4.0 to 4.6.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1389.txt b/pkg/cloudflare-go/.changelog/1389.txt
deleted file mode 100644
index 0a89e8cd5f..0000000000
--- a/pkg/cloudflare-go/.changelog/1389.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.14.0 to 0.15.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1390.txt b/pkg/cloudflare-go/.changelog/1390.txt
deleted file mode 100644
index 0bfd9e0537..0000000000
--- a/pkg/cloudflare-go/.changelog/1390.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_identity_provider: add support for email_claim_name and authorization_server_id
-```
diff --git a/pkg/cloudflare-go/.changelog/1391.txt b/pkg/cloudflare-go/.changelog/1391.txt
deleted file mode 100644
index 5d14c004e8..0000000000
--- a/pkg/cloudflare-go/.changelog/1391.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_identity_provider: add support for ping_env_id
-```
diff --git a/pkg/cloudflare-go/.changelog/1393.txt b/pkg/cloudflare-go/.changelog/1393.txt
deleted file mode 100644
index a3ef6c8ae6..0000000000
--- a/pkg/cloudflare-go/.changelog/1393.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dns: keep comments when calling UpdateDNSRecord with zero values of UpdateDNSRecordParams
-```
diff --git a/pkg/cloudflare-go/.changelog/1394.txt b/pkg/cloudflare-go/.changelog/1394.txt
deleted file mode 100644
index c2afb6cf7d..0000000000
--- a/pkg/cloudflare-go/.changelog/1394.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release_note:enhancement
-rulesets: Add support for Cache Reserve configuration via the Rulesets/Cache Rules API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1396.txt b/pkg/cloudflare-go/.changelog/1396.txt
deleted file mode 100644
index 8511d4e9c9..0000000000
--- a/pkg/cloudflare-go/.changelog/1396.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 4.6.0 to 5.0.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1397.txt b/pkg/cloudflare-go/.changelog/1397.txt
deleted file mode 100644
index a3954f4473..0000000000
--- a/pkg/cloudflare-go/.changelog/1397.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release_note:enhancement
-api_shield: Add support for Get/Post/Delete operations in API Shield Endpoint Management
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1401.txt b/pkg/cloudflare-go/.changelog/1401.txt
deleted file mode 100644
index b1ef19e847..0000000000
--- a/pkg/cloudflare-go/.changelog/1401.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-observatory: add support for observatory API
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1402.txt b/pkg/cloudflare-go/.changelog/1402.txt
deleted file mode 100644
index 476979377c..0000000000
--- a/pkg/cloudflare-go/.changelog/1402.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps codecov/codecov-action from 3 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1403.txt b/pkg/cloudflare-go/.changelog/1403.txt
deleted file mode 100644
index 92568c8807..0000000000
--- a/pkg/cloudflare-go/.changelog/1403.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-access_application: Add support for tags
-```
-
-```release-note:enhancement
-access_tag: Add support for tags
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1405.txt b/pkg/cloudflare-go/.changelog/1405.txt
deleted file mode 100644
index 353994093b..0000000000
--- a/pkg/cloudflare-go/.changelog/1405.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-```release-note:bug
-account_role: autopaginate all available results instead of a static number
-```
-
-```release-note:breaking-change
-account_role: `AccountRoles` has been renamed to `ListAccountRoles` to align with the updated method conventions
-```
-
-```release-note:breaking-change
-account_role: `AccountRole` has been renamed to `GetAccountRole` to align with the updated method conventions
-```
diff --git a/pkg/cloudflare-go/.changelog/1406.txt b/pkg/cloudflare-go/.changelog/1406.txt
deleted file mode 100644
index 248b681c56..0000000000
--- a/pkg/cloudflare-go/.changelog/1406.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api_shield_schema: Add support for managing schemas for API Shield Schema Validation 2.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1407.txt b/pkg/cloudflare-go/.changelog/1407.txt
deleted file mode 100644
index 7832770815..0000000000
--- a/pkg/cloudflare-go/.changelog/1407.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add support for app launcher customization fields
-```
diff --git a/pkg/cloudflare-go/.changelog/1409.txt b/pkg/cloudflare-go/.changelog/1409.txt
deleted file mode 100644
index 3132d3b0d4..0000000000
--- a/pkg/cloudflare-go/.changelog/1409.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-list_item: allow filtering by search term, cursor and per page attributes
-```
diff --git a/pkg/cloudflare-go/.changelog/1410.txt b/pkg/cloudflare-go/.changelog/1410.txt
deleted file mode 100644
index 589d96d96a..0000000000
--- a/pkg/cloudflare-go/.changelog/1410.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-custom_nameservers: change `NSSet` from string to int to match API response
-```
diff --git a/pkg/cloudflare-go/.changelog/1412.txt b/pkg/cloudflare-go/.changelog/1412.txt
deleted file mode 100644
index fa44dd47e3..0000000000
--- a/pkg/cloudflare-go/.changelog/1412.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-observatory: fix double url encoding
-```
diff --git a/pkg/cloudflare-go/.changelog/1413.txt b/pkg/cloudflare-go/.changelog/1413.txt
deleted file mode 100644
index 9030b0c29c..0000000000
--- a/pkg/cloudflare-go/.changelog/1413.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api_shield_discovery: Add support for Get/Patch API Shield API Discovery Operations
-```
diff --git a/pkg/cloudflare-go/.changelog/1414.txt b/pkg/cloudflare-go/.changelog/1414.txt
deleted file mode 100644
index 4af5cf907a..0000000000
--- a/pkg/cloudflare-go/.changelog/1414.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancing: extend documentation for least_connections steering policy
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1415.txt b/pkg/cloudflare-go/.changelog/1415.txt
deleted file mode 100644
index 13ecd44289..0000000000
--- a/pkg/cloudflare-go/.changelog/1415.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-access_organization: Add support for session_duration
-```
-
-```release-note:enhancement
-access_policy: Add support for session_duration
-```
diff --git a/pkg/cloudflare-go/.changelog/1416.txt b/pkg/cloudflare-go/.changelog/1416.txt
deleted file mode 100644
index 63f14fe519..0000000000
--- a/pkg/cloudflare-go/.changelog/1416.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.15.0 to 0.16.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1417.txt b/pkg/cloudflare-go/.changelog/1417.txt
deleted file mode 100644
index 03e4787980..0000000000
--- a/pkg/cloudflare-go/.changelog/1417.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-d1: adds support for d1
-```
diff --git a/pkg/cloudflare-go/.changelog/1418.txt b/pkg/cloudflare-go/.changelog/1418.txt
deleted file mode 100644
index 4cc578265d..0000000000
--- a/pkg/cloudflare-go/.changelog/1418.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api_shield_schema: Add support for Get/Update API Shield Schema Validation Settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1419.txt b/pkg/cloudflare-go/.changelog/1419.txt
deleted file mode 100644
index a17415283d..0000000000
--- a/pkg/cloudflare-go/.changelog/1419.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams: Add `audit_ssh_settings` endpoints
-```
diff --git a/pkg/cloudflare-go/.changelog/1420.txt b/pkg/cloudflare-go/.changelog/1420.txt
deleted file mode 100644
index 109580539b..0000000000
--- a/pkg/cloudflare-go/.changelog/1420.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.16.0 to 0.17.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1421.txt b/pkg/cloudflare-go/.changelog/1421.txt
deleted file mode 100644
index 8607549779..0000000000
--- a/pkg/cloudflare-go/.changelog/1421.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.7.0 to 0.17.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1422.txt b/pkg/cloudflare-go/.changelog/1422.txt
deleted file mode 100644
index 20d26bcc19..0000000000
--- a/pkg/cloudflare-go/.changelog/1422.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-api_shield_schema: Add support for Get/Update API Shield Operation Schema Validation Settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1423.txt b/pkg/cloudflare-go/.changelog/1423.txt
deleted file mode 100644
index 6a668eb11d..0000000000
--- a/pkg/cloudflare-go/.changelog/1423.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams: Add support for body_scanning (Enhanced File Detection) in teams account configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1424.txt b/pkg/cloudflare-go/.changelog/1424.txt
deleted file mode 100644
index f4659f00bb..0000000000
--- a/pkg/cloudflare-go/.changelog/1424.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-teams: Add `non_identity_enabled` boolean in browser isolation settings
-```
-
-```release-note:breaking-change
-teams: `BrowserIsolation.UrlBrowserIsolationEnabled` has changed from `bool` to `*bool` to meet the library conventions
-```
diff --git a/pkg/cloudflare-go/.changelog/1427.txt b/pkg/cloudflare-go/.changelog/1427.txt
deleted file mode 100644
index d948ad913e..0000000000
--- a/pkg/cloudflare-go/.changelog/1427.txt
+++ /dev/null
@@ -1,23 +0,0 @@
-```release-note:enhancement
-access_seats: Add UpdateAccessUserSeat() to list IP Access Rules
-```
-
-```release-note:enhancement
-access_user: Add GetAccessUserActiveSessions() to get all active sessions for a Access/Zero-Trust user.
-```
-
-```release-note:enhancement
-access_user: Add GetAccessUserSingleActiveSession() to get an active session for a Access/Zero-Trust user.
-```
-
-```release-note:enhancement
-access_user: Add GetAccessUserFailedLogins() to get all failed login attempts for a Access/Zero-Trust user.
-```
-
-```release-note:enhancement
-access_user: Add GetAccessUserLastSeenIdentity() to get last seen identity for a Access/Zero-Trust user.
-```
-
-```release-note:enhancement
-access_user: Add ListAccessUsers() to get a list of users for a Access/Zero-Trust account.
-```
diff --git a/pkg/cloudflare-go/.changelog/1428.txt b/pkg/cloudflare-go/.changelog/1428.txt
deleted file mode 100644
index f0c3236eac..0000000000
--- a/pkg/cloudflare-go/.changelog/1428.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-ip_access_rules: Add ListIPAccessRules() to list IP Access Rules
-```
diff --git a/pkg/cloudflare-go/.changelog/1433.txt b/pkg/cloudflare-go/.changelog/1433.txt
deleted file mode 100644
index b8cbacb051..0000000000
--- a/pkg/cloudflare-go/.changelog/1433.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-```release-note:breaking-change
-devices_policy: `UpdateDeviceClientCertificatesZone` is renamed to `UpdateDeviceClientCertificates` with updated method signatures
-```
-
-```release-note:breaking-change
-devices_policy: `GetDeviceClientCertificatesZone` is renamed to `GetDeviceClientCertificates` with updated method signatures
-```
-
-```release-note:breaking-change
-devices_policy: `DeviceClientCertificates` is renamed to `DeviceClientCertificates`
-```
-
-```release-note:breaking-change
-devices_policy: `GetDeviceClientCertificates` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `CreateDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `UpdateDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `UpdateDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `DeleteDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `GetDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:breaking-change
-devices_policy: `GetDeviceSettingsPolicy` is updated with method signatures matching the library conventions
-```
-
-```release-note:enhancement
-devices_policy: Add support for listing device settings policies
-```
diff --git a/pkg/cloudflare-go/.changelog/1434.txt b/pkg/cloudflare-go/.changelog/1434.txt
deleted file mode 100644
index ef9d30dada..0000000000
--- a/pkg/cloudflare-go/.changelog/1434.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/time from 0.3.0 to 0.4.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1436.txt b/pkg/cloudflare-go/.changelog/1436.txt
deleted file mode 100644
index a3b6264dcb..0000000000
--- a/pkg/cloudflare-go/.changelog/1436.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_rules: Add support for resolver policies
-```
diff --git a/pkg/cloudflare-go/.changelog/1438.txt b/pkg/cloudflare-go/.changelog/1438.txt
deleted file mode 100644
index 07af199d65..0000000000
--- a/pkg/cloudflare-go/.changelog/1438.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.5
-```
diff --git a/pkg/cloudflare-go/.changelog/1439.txt b/pkg/cloudflare-go/.changelog/1439.txt
deleted file mode 100644
index 372b541727..0000000000
--- a/pkg/cloudflare-go/.changelog/1439.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.17.0 to 0.18.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1440.txt b/pkg/cloudflare-go/.changelog/1440.txt
deleted file mode 100644
index f919f069a3..0000000000
--- a/pkg/cloudflare-go/.changelog/1440.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-per_hostname_tls_setting: use `buildURI` for defining the query parameters when sorting
-```
diff --git a/pkg/cloudflare-go/.changelog/1441.txt b/pkg/cloudflare-go/.changelog/1441.txt
deleted file mode 100644
index 0901f1c8cf..0000000000
--- a/pkg/cloudflare-go/.changelog/1441.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-load_balancing: Add support for virtual network id in origins
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1442.txt b/pkg/cloudflare-go/.changelog/1442.txt
deleted file mode 100644
index 7cb0d23735..0000000000
--- a/pkg/cloudflare-go/.changelog/1442.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-load_balancing: add healthy field to LoadBalancerPool
-```
diff --git a/pkg/cloudflare-go/.changelog/1444.txt b/pkg/cloudflare-go/.changelog/1444.txt
deleted file mode 100644
index b6edff2ecb..0000000000
--- a/pkg/cloudflare-go/.changelog/1444.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enchancement
-pages_project: Add standard as a usage model
-```
diff --git a/pkg/cloudflare-go/.changelog/1445.txt b/pkg/cloudflare-go/.changelog/1445.txt
deleted file mode 100644
index 664bb2d3e9..0000000000
--- a/pkg/cloudflare-go/.changelog/1445.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_group: Add support for email lists
-```
diff --git a/pkg/cloudflare-go/.changelog/1446.txt b/pkg/cloudflare-go/.changelog/1446.txt
deleted file mode 100644
index a324d9ebb9..0000000000
--- a/pkg/cloudflare-go/.changelog/1446.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-worker_bindings: add support for `d1` bindings
-```
diff --git a/pkg/cloudflare-go/.changelog/1449.txt b/pkg/cloudflare-go/.changelog/1449.txt
deleted file mode 100644
index 855b2a5e31..0000000000
--- a/pkg/cloudflare-go/.changelog/1449.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/time from 0.4.0 to 0.5.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1450.txt b/pkg/cloudflare-go/.changelog/1450.txt
deleted file mode 100644
index 660b97d1cd..0000000000
--- a/pkg/cloudflare-go/.changelog/1450.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-worker_bindings: Fixing form element name for d1 binding
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1452.txt b/pkg/cloudflare-go/.changelog/1452.txt
deleted file mode 100644
index 944eea80a5..0000000000
--- a/pkg/cloudflare-go/.changelog/1452.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.18.0 to 0.19.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1453.txt b/pkg/cloudflare-go/.changelog/1453.txt
deleted file mode 100644
index c50362f14d..0000000000
--- a/pkg/cloudflare-go/.changelog/1453.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-cloudflare: Add ResultInfo to RawResponse
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1454.txt b/pkg/cloudflare-go/.changelog/1454.txt
deleted file mode 100644
index b0d74dbef7..0000000000
--- a/pkg/cloudflare-go/.changelog/1454.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-devices_policy: add fields for Opt-In Split Tunnel Overlapping IPs feature.
-```
diff --git a/pkg/cloudflare-go/.changelog/1456.txt b/pkg/cloudflare-go/.changelog/1456.txt
deleted file mode 100644
index d8198fe444..0000000000
--- a/pkg/cloudflare-go/.changelog/1456.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.25.7 to 2.26.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1457.txt b/pkg/cloudflare-go/.changelog/1457.txt
deleted file mode 100644
index 86f0914cb1..0000000000
--- a/pkg/cloudflare-go/.changelog/1457.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-```release-note:enhancement
-stream: Add ScheduledDeletion to StreamVideo
-```
-
-```release-note:enhancement
-stream: Add ScheduledDeletion to StreamUploadFromURLParameters
-```
-
-```release-note:enhancement
-stream: Add ScheduledDeletion to StreamCreateVideoParameters
-```
-
-```release-note:enhancement
-stream: Add ScheduledDeletion to StreamVideoCreate
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1459.txt b/pkg/cloudflare-go/.changelog/1459.txt
deleted file mode 100644
index b7d1a74e41..0000000000
--- a/pkg/cloudflare-go/.changelog/1459.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-page_shield: added support for page shield
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1460.txt b/pkg/cloudflare-go/.changelog/1460.txt
deleted file mode 100644
index 0bf5ed5f59..0000000000
--- a/pkg/cloudflare-go/.changelog/1460.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps actions/setup-go from 4 to 5
-```
diff --git a/pkg/cloudflare-go/.changelog/1462.txt b/pkg/cloudflare-go/.changelog/1462.txt
deleted file mode 100644
index 179a03ba60..0000000000
--- a/pkg/cloudflare-go/.changelog/1462.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github/codeql-action from 2 to 3
-```
diff --git a/pkg/cloudflare-go/.changelog/1463.txt b/pkg/cloudflare-go/.changelog/1463.txt
deleted file mode 100644
index a6b8e2e2d6..0000000000
--- a/pkg/cloudflare-go/.changelog/1463.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_rules: Added support for notification settings in a gateway rule
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1464.txt b/pkg/cloudflare-go/.changelog/1464.txt
deleted file mode 100644
index d2bb00b157..0000000000
--- a/pkg/cloudflare-go/.changelog/1464.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rules: add support for Access client fields in device posture integrations
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1466.txt b/pkg/cloudflare-go/.changelog/1466.txt
deleted file mode 100644
index c7e1d56aa5..0000000000
--- a/pkg/cloudflare-go/.changelog/1466.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/crypto from 0.14.0 to 0.17.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1468.txt b/pkg/cloudflare-go/.changelog/1468.txt
deleted file mode 100644
index 3c91f64012..0000000000
--- a/pkg/cloudflare-go/.changelog/1468.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-logpush: Add support for Output Options
-```
diff --git a/pkg/cloudflare-go/.changelog/1470.txt b/pkg/cloudflare-go/.changelog/1470.txt
deleted file mode 100644
index b4ab0eaec0..0000000000
--- a/pkg/cloudflare-go/.changelog/1470.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1471.txt b/pkg/cloudflare-go/.changelog/1471.txt
deleted file mode 100644
index 8fb73896ea..0000000000
--- a/pkg/cloudflare-go/.changelog/1471.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.26.0 to 2.27.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1472.txt b/pkg/cloudflare-go/.changelog/1472.txt
deleted file mode 100644
index 7a5fd1c698..0000000000
--- a/pkg/cloudflare-go/.changelog/1472.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.27.0 to 2.27.1
-```
diff --git a/pkg/cloudflare-go/.changelog/1473.txt b/pkg/cloudflare-go/.changelog/1473.txt
deleted file mode 100644
index 9070d9eeb1..0000000000
--- a/pkg/cloudflare-go/.changelog/1473.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:internal
-cloudflare: bump minimum Go version to 1.19
-```
diff --git a/pkg/cloudflare-go/.changelog/1474.txt b/pkg/cloudflare-go/.changelog/1474.txt
deleted file mode 100644
index 6c275e3ec4..0000000000
--- a/pkg/cloudflare-go/.changelog/1474.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-zaraz: Add support for CRUD APIs
-```
diff --git a/pkg/cloudflare-go/.changelog/1475.txt b/pkg/cloudflare-go/.changelog/1475.txt
deleted file mode 100644
index 80b3e1bb3e..0000000000
--- a/pkg/cloudflare-go/.changelog/1475.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/cloudflare/circl from 1.3.3 to 1.3.7
-```
diff --git a/pkg/cloudflare-go/.changelog/1476.txt b/pkg/cloudflare-go/.changelog/1476.txt
deleted file mode 100644
index 4320d392e4..0000000000
--- a/pkg/cloudflare-go/.changelog/1476.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.19.0 to 0.20.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1477.txt b/pkg/cloudflare-go/.changelog/1477.txt
deleted file mode 100644
index fad08d0c6c..0000000000
--- a/pkg/cloudflare-go/.changelog/1477.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add support for default_relay_state in saas apps
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1480.txt b/pkg/cloudflare-go/.changelog/1480.txt
deleted file mode 100644
index 0fdf1bfecb..0000000000
--- a/pkg/cloudflare-go/.changelog/1480.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:bug
-access_seats: UpdateAccessUserSeat: fix parameters not being an array when sending to the api. This caused an error when updating a user's seat
-```
-
-```release-note:enhancement
-access_seats: Add `UpdateAccessUsersSeats` with an array as input for multiple operations
-```
diff --git a/pkg/cloudflare-go/.changelog/1482.txt b/pkg/cloudflare-go/.changelog/1482.txt
deleted file mode 100644
index 54712fef46..0000000000
--- a/pkg/cloudflare-go/.changelog/1482.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-access_users: ListAccessUsers was returning wrong values in pointer fields due to variable missused in loop
-```
diff --git a/pkg/cloudflare-go/.changelog/1483.txt b/pkg/cloudflare-go/.changelog/1483.txt
deleted file mode 100644
index 9b8b9cdfac..0000000000
--- a/pkg/cloudflare-go/.changelog/1483.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps actions/cache from 3 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1484.txt b/pkg/cloudflare-go/.changelog/1484.txt
deleted file mode 100644
index 980618dc11..0000000000
--- a/pkg/cloudflare-go/.changelog/1484.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-flarectl: alias zone certs to "ct" instead of duplicating the "c" alias
-```
diff --git a/pkg/cloudflare-go/.changelog/1485.txt b/pkg/cloudflare-go/.changelog/1485.txt
deleted file mode 100644
index e8a177e2e2..0000000000
--- a/pkg/cloudflare-go/.changelog/1485.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: add support for EDM and CWL datasets
-```
diff --git a/pkg/cloudflare-go/.changelog/1486.txt b/pkg/cloudflare-go/.changelog/1486.txt
deleted file mode 100644
index b1da4b5a80..0000000000
--- a/pkg/cloudflare-go/.changelog/1486.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_accounts: add support for extended email matching
-```
diff --git a/pkg/cloudflare-go/.changelog/1489.txt b/pkg/cloudflare-go/.changelog/1489.txt
deleted file mode 100644
index 00fd540ecc..0000000000
--- a/pkg/cloudflare-go/.changelog/1489.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-pages_project: Add `build_caching` attribute
-```
diff --git a/pkg/cloudflare-go/.changelog/1490.txt b/pkg/cloudflare-go/.changelog/1490.txt
deleted file mode 100644
index 20f833089c..0000000000
--- a/pkg/cloudflare-go/.changelog/1490.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:note
-zaraz: replace deprecated neoEvents with Actions on Zaraz Config tools schema
-```
diff --git a/pkg/cloudflare-go/.changelog/1492.txt b/pkg/cloudflare-go/.changelog/1492.txt
deleted file mode 100644
index f46c87416b..0000000000
--- a/pkg/cloudflare-go/.changelog/1492.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-hyperdrive: Add support for hyperdrive CRUD operations
-```
diff --git a/pkg/cloudflare-go/.changelog/1494.txt b/pkg/cloudflare-go/.changelog/1494.txt
deleted file mode 100644
index ad6abdd66a..0000000000
--- a/pkg/cloudflare-go/.changelog/1494.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-images_variants: Add support for Images Variants CRUD operations
-```
diff --git a/pkg/cloudflare-go/.changelog/1496.txt b/pkg/cloudflare-go/.changelog/1496.txt
deleted file mode 100644
index 5d3ea28574..0000000000
--- a/pkg/cloudflare-go/.changelog/1496.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-access_application: Add support for `allow_authenticate_via_warp`
-```
-
-```release-note:enhancement
-access_organization: Add support for `allow_authenticate_via_warp` and `warp_auth_session_duration`
-```
diff --git a/pkg/cloudflare-go/.changelog/1497.txt b/pkg/cloudflare-go/.changelog/1497.txt
deleted file mode 100644
index 7bcaa6101a..0000000000
--- a/pkg/cloudflare-go/.changelog/1497.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: add support for Context Awareness in DLP profiles
-```
diff --git a/pkg/cloudflare-go/.changelog/1499.txt b/pkg/cloudflare-go/.changelog/1499.txt
deleted file mode 100644
index 8272eb845b..0000000000
--- a/pkg/cloudflare-go/.changelog/1499.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_rules: `AntiVirus` settings includes notification settings
-```
diff --git a/pkg/cloudflare-go/.changelog/1500.txt b/pkg/cloudflare-go/.changelog/1500.txt
deleted file mode 100644
index af3eba15b8..0000000000
--- a/pkg/cloudflare-go/.changelog/1500.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add support for OIDC SaaS Applications 
-```
diff --git a/pkg/cloudflare-go/.changelog/1501.txt b/pkg/cloudflare-go/.changelog/1501.txt
deleted file mode 100644
index 91b8d37a4b..0000000000
--- a/pkg/cloudflare-go/.changelog/1501.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-hyperdrive: password should be nested in origin
-```
diff --git a/pkg/cloudflare-go/.changelog/1502.txt b/pkg/cloudflare-go/.changelog/1502.txt
deleted file mode 100644
index 09eb13b858..0000000000
--- a/pkg/cloudflare-go/.changelog/1502.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.20.0 to 0.21.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1503.txt b/pkg/cloudflare-go/.changelog/1503.txt
deleted file mode 100644
index 4798139e04..0000000000
--- a/pkg/cloudflare-go/.changelog/1503.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-magic-transit: Adds IPsec tunnel healthcheck direction & rate parameters
-```
diff --git a/pkg/cloudflare-go/.changelog/1504.txt b/pkg/cloudflare-go/.changelog/1504.txt
deleted file mode 100644
index c7a53d1b26..0000000000
--- a/pkg/cloudflare-go/.changelog/1504.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golangci/golangci-lint-action from 3 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1505.txt b/pkg/cloudflare-go/.changelog/1505.txt
deleted file mode 100644
index 4e307037a6..0000000000
--- a/pkg/cloudflare-go/.changelog/1505.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: add support for `name_id_transform_jsonata` in saas apps
-```
diff --git a/pkg/cloudflare-go/.changelog/1506.txt b/pkg/cloudflare-go/.changelog/1506.txt
deleted file mode 100644
index cafcb8de1c..0000000000
--- a/pkg/cloudflare-go/.changelog/1506.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-registrar: Fix request method to call domain list endpoint from POST to GET
-```
diff --git a/pkg/cloudflare-go/.changelog/1508.txt b/pkg/cloudflare-go/.changelog/1508.txt
deleted file mode 100644
index c5be0a4489..0000000000
--- a/pkg/cloudflare-go/.changelog/1508.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-workers_for_platforms: Add ability to list Workers for Platforms namespaces, get a namespace, create a new namespace or delete a namespace.
-```
-
-```release-note:enhancement
-workers: Add Workers for Platforms support for getting a Worker, content and bindings
-```
diff --git a/pkg/cloudflare-go/.changelog/1509.txt b/pkg/cloudflare-go/.changelog/1509.txt
deleted file mode 100644
index ce5c97d109..0000000000
--- a/pkg/cloudflare-go/.changelog/1509.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-device_posture_rule: support last_seen and state for crowdstrike_s2s posture rule
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1510.txt b/pkg/cloudflare-go/.changelog/1510.txt
deleted file mode 100644
index 7f3d44bb1a..0000000000
--- a/pkg/cloudflare-go/.changelog/1510.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-dlp: added optional ContextAwareness support
-```
diff --git a/pkg/cloudflare-go/.changelog/1511.txt b/pkg/cloudflare-go/.changelog/1511.txt
deleted file mode 100644
index dac7f2cd05..0000000000
--- a/pkg/cloudflare-go/.changelog/1511.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/stretchr/testify from 1.8.4 to 1.9.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1513.txt b/pkg/cloudflare-go/.changelog/1513.txt
deleted file mode 100644
index e08c538162..0000000000
--- a/pkg/cloudflare-go/.changelog/1513.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.21.0 to 0.22.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1516.txt b/pkg/cloudflare-go/.changelog/1516.txt
deleted file mode 100644
index 87346e8cae..0000000000
--- a/pkg/cloudflare-go/.changelog/1516.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_mutual_tls_certificates: add support for mutual tls hostname settings
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1558.txt b/pkg/cloudflare-go/.changelog/1558.txt
deleted file mode 100644
index a297d72ea8..0000000000
--- a/pkg/cloudflare-go/.changelog/1558.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps google.golang.org/protobuf from 1.28.0 to 1.33.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1562.txt b/pkg/cloudflare-go/.changelog/1562.txt
deleted file mode 100644
index e135f681d3..0000000000
--- a/pkg/cloudflare-go/.changelog/1562.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: add support for `saml_attribute_transform_jsonata` in saas apps
-```
diff --git a/pkg/cloudflare-go/.changelog/1573.txt b/pkg/cloudflare-go/.changelog/1573.txt
deleted file mode 100644
index 57d4e8c776..0000000000
--- a/pkg/cloudflare-go/.changelog/1573.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps actions/checkout from 2 to 4
-```
diff --git a/pkg/cloudflare-go/.changelog/1593.txt b/pkg/cloudflare-go/.changelog/1593.txt
deleted file mode 100644
index 8933672912..0000000000
--- a/pkg/cloudflare-go/.changelog/1593.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1600.txt b/pkg/cloudflare-go/.changelog/1600.txt
deleted file mode 100644
index eee34a8637..0000000000
--- a/pkg/cloudflare-go/.changelog/1600.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: Adds support for ocr_enabled boolean flag
-```
diff --git a/pkg/cloudflare-go/.changelog/1607.txt b/pkg/cloudflare-go/.changelog/1607.txt
deleted file mode 100644
index 7fee8ceb11..0000000000
--- a/pkg/cloudflare-go/.changelog/1607.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1615.txt b/pkg/cloudflare-go/.changelog/1615.txt
deleted file mode 100644
index 3025209f59..0000000000
--- a/pkg/cloudflare-go/.changelog/1615.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-teams_rules: add "resolve" to allowable actions
-```
diff --git a/pkg/cloudflare-go/.changelog/1618.txt b/pkg/cloudflare-go/.changelog/1618.txt
deleted file mode 100644
index eae139f30a..0000000000
--- a/pkg/cloudflare-go/.changelog/1618.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:breaking-change
-dns: Remove "locked" flag which is always false
-```
diff --git a/pkg/cloudflare-go/.changelog/1688.txt b/pkg/cloudflare-go/.changelog/1688.txt
deleted file mode 100644
index c9a9d3615e..0000000000
--- a/pkg/cloudflare-go/.changelog/1688.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.22.0 to 0.24.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1710.txt b/pkg/cloudflare-go/.changelog/1710.txt
deleted file mode 100644
index 86b05e3512..0000000000
--- a/pkg/cloudflare-go/.changelog/1710.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-magic_transit_ipsec_tunnel: Adds support for replay_protection boolean flag
-```
diff --git a/pkg/cloudflare-go/.changelog/1737.txt b/pkg/cloudflare-go/.changelog/1737.txt
deleted file mode 100644
index e8538c8340..0000000000
--- a/pkg/cloudflare-go/.changelog/1737.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-workers: support deleting namespaced Workers
-```
diff --git a/pkg/cloudflare-go/.changelog/1790.txt b/pkg/cloudflare-go/.changelog/1790.txt
deleted file mode 100644
index d5ac346dd5..0000000000
--- a/pkg/cloudflare-go/.changelog/1790.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: support options_preflight_bypass for access_application
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1811.txt b/pkg/cloudflare-go/.changelog/1811.txt
deleted file mode 100644
index 86b6399a22..0000000000
--- a/pkg/cloudflare-go/.changelog/1811.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_account: adds custom certificate setting to teams account configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1825.txt b/pkg/cloudflare-go/.changelog/1825.txt
deleted file mode 100644
index c0bf7ae54c..0000000000
--- a/pkg/cloudflare-go/.changelog/1825.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.19.0 to 0.23.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1826.txt b/pkg/cloudflare-go/.changelog/1826.txt
deleted file mode 100644
index 7538106f32..0000000000
--- a/pkg/cloudflare-go/.changelog/1826.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-gateway: added ecs_support field to teams_location resource
-```
diff --git a/pkg/cloudflare-go/.changelog/1832.txt b/pkg/cloudflare-go/.changelog/1832.txt
deleted file mode 100644
index 4f09ea2c1b..0000000000
--- a/pkg/cloudflare-go/.changelog/1832.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-ruleset: add support for action parameters `fonts` and `disable_rum`
-```
diff --git a/pkg/cloudflare-go/.changelog/1839.txt b/pkg/cloudflare-go/.changelog/1839.txt
deleted file mode 100644
index 3cecfe483c..0000000000
--- a/pkg/cloudflare-go/.changelog/1839.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1845.txt b/pkg/cloudflare-go/.changelog/1845.txt
deleted file mode 100644
index ec93701491..0000000000
--- a/pkg/cloudflare-go/.changelog/1845.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golangci/golangci-lint-action from 4 to 5
-```
diff --git a/pkg/cloudflare-go/.changelog/1861.txt b/pkg/cloudflare-go/.changelog/1861.txt
deleted file mode 100644
index a904c2c185..0000000000
--- a/pkg/cloudflare-go/.changelog/1861.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2
-```
diff --git a/pkg/cloudflare-go/.changelog/1887.txt b/pkg/cloudflare-go/.changelog/1887.txt
deleted file mode 100644
index cb86d3beb6..0000000000
--- a/pkg/cloudflare-go/.changelog/1887.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-dlp: add support for zt risk behavior configuration
-```
diff --git a/pkg/cloudflare-go/.changelog/1921.txt b/pkg/cloudflare-go/.changelog/1921.txt
deleted file mode 100644
index a36bc61f6d..0000000000
--- a/pkg/cloudflare-go/.changelog/1921.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: add support for `scim_config`
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1956.txt b/pkg/cloudflare-go/.changelog/1956.txt
deleted file mode 100644
index 2f149db7d0..0000000000
--- a/pkg/cloudflare-go/.changelog/1956.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-access_policy: add support for reusable policies
-```
-
-```release-note:enhancement
-access_application: add support for `policies` array
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1959.txt b/pkg/cloudflare-go/.changelog/1959.txt
deleted file mode 100644
index a5ab17228e..0000000000
--- a/pkg/cloudflare-go/.changelog/1959.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:bug
-access_application: fix scim configuration authentication json marshalling
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/1974.txt b/pkg/cloudflare-go/.changelog/1974.txt
deleted file mode 100644
index 15e7a6af0f..0000000000
--- a/pkg/cloudflare-go/.changelog/1974.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.24.0 to 0.25.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1975.txt b/pkg/cloudflare-go/.changelog/1975.txt
deleted file mode 100644
index a44e191529..0000000000
--- a/pkg/cloudflare-go/.changelog/1975.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golangci/golangci-lint-action from 5 to 6
-```
diff --git a/pkg/cloudflare-go/.changelog/1981.txt b/pkg/cloudflare-go/.changelog/1981.txt
deleted file mode 100644
index 71d4d074ef..0000000000
--- a/pkg/cloudflare-go/.changelog/1981.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations
-```
diff --git a/pkg/cloudflare-go/.changelog/1991.txt b/pkg/cloudflare-go/.changelog/1991.txt
deleted file mode 100644
index d011b75902..0000000000
--- a/pkg/cloudflare-go/.changelog/1991.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps bflad/action-milestone-comment from 1 to 2
-```
diff --git a/pkg/cloudflare-go/.changelog/1992.txt b/pkg/cloudflare-go/.changelog/1992.txt
deleted file mode 100644
index d72844282c..0000000000
--- a/pkg/cloudflare-go/.changelog/1992.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0
-```
diff --git a/pkg/cloudflare-go/.changelog/1993.txt b/pkg/cloudflare-go/.changelog/1993.txt
deleted file mode 100644
index 86356e9429..0000000000
--- a/pkg/cloudflare-go/.changelog/1993.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6
-```
diff --git a/pkg/cloudflare-go/.changelog/2107.txt b/pkg/cloudflare-go/.changelog/2107.txt
deleted file mode 100644
index f76e36eeb7..0000000000
--- a/pkg/cloudflare-go/.changelog/2107.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3
-```
diff --git a/pkg/cloudflare-go/.changelog/2126.txt b/pkg/cloudflare-go/.changelog/2126.txt
deleted file mode 100644
index 47770bd2ea..0000000000
--- a/pkg/cloudflare-go/.changelog/2126.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_accounts: Add `use_zt_virtual_ip` attribute
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/2131.txt b/pkg/cloudflare-go/.changelog/2131.txt
deleted file mode 100644
index d32928a2d0..0000000000
--- a/pkg/cloudflare-go/.changelog/2131.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add support for Hybrid/Implicit flows and options
-```
diff --git a/pkg/cloudflare-go/.changelog/2165.txt b/pkg/cloudflare-go/.changelog/2165.txt
deleted file mode 100644
index d053fdc624..0000000000
--- a/pkg/cloudflare-go/.changelog/2165.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-teams_account: Add Zero Trust connectivity settings
-```
\ No newline at end of file
diff --git a/pkg/cloudflare-go/.changelog/2249.txt b/pkg/cloudflare-go/.changelog/2249.txt
deleted file mode 100644
index 4130a0f668..0000000000
--- a/pkg/cloudflare-go/.changelog/2249.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7
-```
diff --git a/pkg/cloudflare-go/.changelog/2364.txt b/pkg/cloudflare-go/.changelog/2364.txt
deleted file mode 100644
index 3e6fdd72ad..0000000000
--- a/pkg/cloudflare-go/.changelog/2364.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps golang.org/x/net from 0.25.0 to 0.26.0
-```
diff --git a/pkg/cloudflare-go/.changelog/2365.txt b/pkg/cloudflare-go/.changelog/2365.txt
deleted file mode 100644
index ddf0506c9c..0000000000
--- a/pkg/cloudflare-go/.changelog/2365.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:dependency
-deps: bumps goreleaser/goreleaser-action from 5.1.0 to 6.0.0
-```
diff --git a/pkg/cloudflare-go/.changelog/2455.txt b/pkg/cloudflare-go/.changelog/2455.txt
deleted file mode 100644
index a3908aeb00..0000000000
--- a/pkg/cloudflare-go/.changelog/2455.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-```release-note:enhancement
-access_application: Add support for SaaS OIDC Access Token Lifetime
-```
diff --git a/pkg/cloudflare-go/.changelog/998.txt b/pkg/cloudflare-go/.changelog/998.txt
deleted file mode 100644
index 0b3aa66338..0000000000
--- a/pkg/cloudflare-go/.changelog/998.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-```release-note:enhancement
-rulesets: add support for `http_custom_errors` phase
-```
-
-```release-note:enhancement
-rulesets: add support for `serve_error` action
-```
diff --git a/pkg/cloudflare-go/.devcontainer/Dockerfile b/pkg/cloudflare-go/.devcontainer/Dockerfile
deleted file mode 100644
index 28b19a666a..0000000000
--- a/pkg/cloudflare-go/.devcontainer/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-FROM golang:1.19
diff --git a/pkg/cloudflare-go/.devcontainer/devcontainer.json b/pkg/cloudflare-go/.devcontainer/devcontainer.json
deleted file mode 100644
index 691cbd1c53..0000000000
--- a/pkg/cloudflare-go/.devcontainer/devcontainer.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
-  "name": "Go",
-  "build": {
-    "dockerfile": "Dockerfile"
-  },
-  "runArgs": ["--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"],
-  "containerEnv": {
-    "GOPATH": "/go"
-  },
-  "remoteEnv": {
-    "GOPATH": "${containerEnv:GOPATH}"
-  },
-  "onCreateCommand": "go generate -tags tools internal/tools/tools.go",
-  "customizations": {
-    "vscode": {
-      "settings": {
-        "go.toolsManagement.checkForUpdates": "local",
-        "go.useLanguageServer": true,
-        "go.gopath": "/go",
-        "[go]": {
-          "editor.formatOnSave": true
-        },
-        "go.formatTool": "gofmt",
-        "go.formatFlags": ["-w", "-s"],
-        "go.toolsManagement.autoUpdate": true,
-        "go.lintTool": "golangci-lint",
-        "go.lintFlags": ["--fast"],
-        "gopls": {
-          "ui.semanticTokens": true
-        },
-        "go.survey.prompt": false
-      },
-      "extensions": ["golang.Go"]
-    }
-  }
-}
diff --git a/pkg/cloudflare-go/.github/CODEOWNERS b/pkg/cloudflare-go/.github/CODEOWNERS
deleted file mode 100644
index a5d8a3a9b9..0000000000
--- a/pkg/cloudflare-go/.github/CODEOWNERS
+++ /dev/null
@@ -1,5 +0,0 @@
-
-# Own a service and want to be defined as an owner here? Open a PR or 
-# hit up @jacobbednarz to add your team.
-
-*  @jacobbednarz
diff --git a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
deleted file mode 100644
index 0a836baac7..0000000000
--- a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/bug.yml
+++ /dev/null
@@ -1,66 +0,0 @@
-name: "\U0001F41B Bug report"
-description: "When something isn't working as expected or documented"
-labels: ["kind/bug", "needs-triage"]
-body:
-- type: checkboxes
-  attributes:
-    label: Confirmation
-    description: Please make sure to have followed the following checks.
-    options:
-      - label: My issue isn't already found on the issue tracker.
-        required: true
-      - label: I have replicated my issue using the latest version of the library and it is still present.
-        required: true
-- type: input
-  attributes:
-    label: cloudflare-go version
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: Go environment
-    description: Output from `go env`.
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: Expected output
-    description: What did you expect to happen?
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: Actual output
-    description: What actually happened?
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: Code demonstrating the issue
-    description: |
-      No need to wrap the code in backticks, it will be automatically rendered 
-      as Go in the final issue.
-    placeholder: |
-      1. ...
-      2. ...
-      3. ...
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: Steps to reproduce
-    description: How can your issue be replicated?
-    placeholder: |
-      1. ...
-      2. ...
-      3. ...
-  validations:
-    required: true
-- type: textarea
-  attributes:
-    label: References
-    description: |
-      Are there any other GitHub issues (open or closed) or Pull Requests that 
-      should be linked here? 
-  validations:
-    required: false
diff --git a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml b/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
deleted file mode 100644
index 0002ca53c2..0000000000
--- a/pkg/cloudflare-go/.github/ISSUE_TEMPLATE/config.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: v2.0.0 Beta feedback
-    url: https://github.com/cloudflare/cloudflare-go/discussions/1538
-    about: |
-      If you have a feature request or feedback on our new v2 library, please comment in our discussion page.
-  - name: Cloudflare support
-    url: https://developers.cloudflare.com/support/contacting-cloudflare-support
-    about: |
-      Please only file issues here that you believe represent actual bugs for the Cloudflare Go library.
-      If you're having general trouble with the Cloudflare API, please visit our help center to get support.
diff --git a/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md b/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
deleted file mode 100644
index 5e7ad42526..0000000000
--- a/pkg/cloudflare-go/.github/PULL_REQUEST_TEMPLATE.md
+++ /dev/null
@@ -1,45 +0,0 @@
-<!-- 
-Provide a general summary of your changes in the title above. You should
-remove this overview, any sections and any section descriptions you
-don't need below before submitting. There isn't a strict requirement to
-use this template if you can structure your description and still cover
-these points. 
--->
-
-## Description
-
-<!--
-Describe your changes in detail through motivation and context. Why is
-this change required? What problem does it solve? If it fixes an open
-issue, link to the issue using GitHub's closing issues keywords[1].
--->
-## Has your change been tested?
-
-<!--
-Explain how the change has been tested and what you ran to confirm your
-change affects other parts of the code. Automated tests are generally
-expected and changes without tests should explain why they aren't
-required.
--->
-
-## Screenshots (if appropriate):
-
-## Types of changes
-
-What sort of change does your code introduce/modify?
-
-- [ ] Bug fix (non-breaking change which fixes an issue)
-- [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to change)
-
-## Checklist:
-
-- [ ] My code follows the code style of this project.
-- [ ] My change requires a change to the documentation.
-- [ ] I have updated the documentation accordingly.
-- [ ] I have added tests to cover my changes.
-- [ ] All new and existing tests passed.
-- [ ] This change is using publicly documented in [cloudflare/api-schemas](https://github.com/cloudflare/api-schemas) 
-      and relies on stable APIs.
-
-[1]: https://help.github.com/articles/closing-issues-using-keywords/
diff --git a/pkg/cloudflare-go/.github/dependabot.yml b/pkg/cloudflare-go/.github/dependabot.yml
deleted file mode 100644
index 6d349bc3ca..0000000000
--- a/pkg/cloudflare-go/.github/dependabot.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-version: 2
-updates:
-- package-ecosystem: "gomod"
-  directory: "/"
-  schedule:
-    interval: "daily"
-- package-ecosystem: "github-actions"
-  directory: "/"
-  schedule:
-    interval: "daily"
-- package-ecosystem: "docker"
-  directory: "/"
-  schedule:
-    interval: "daily"
diff --git a/pkg/cloudflare-go/.github/labels.yml b/pkg/cloudflare-go/.github/labels.yml
deleted file mode 100644
index f31c97f0e8..0000000000
--- a/pkg/cloudflare-go/.github/labels.yml
+++ /dev/null
@@ -1,208 +0,0 @@
-- name: "kind: breaking-change"
-  description: ""
-  color: e11d21
-- name: "kind: bug"
-  description: Categorizes issue or PR as related to a bug.
-  color: e11d21
-- name: 'kind: generation-issue'
-  description: Categorizes issue or PR as related to the generation pipeline.
-  color: e11d21
-- name: "kind: documentation"
-  description: Categorizes issue or PR as related to documentation.
-  color: d4c5f9
-- name: "kind: enhancement"
-  description: Categorizes issue or PR as related to improving an existing feature.
-  color: d4c5f9
-- name: "kind: failing-test"
-  description: |
-    Categorizes issue or PR as related to a consistently or frequently failing
-    test.
-  color: e11d21
-- name: "kind: flakey"
-  description: Categorizes issue or PR as related to a flaky test.
-  color: e11d21
-- name: "kind: regression"
-  description: Categorizes issue or PR as related to a regression from a prior release.
-  color: e11d21
-- name: "kind: support"
-  description: Categorizes issue or PR as related to user support.
-  color: e11d21
-- name: "lifecycle: stale"
-  description: ""
-  color: e11d21
-- name: "likelihood: all"
-  description: Categorizes issue or PR as impacting all users.
-  color: F7D2B6
-- name: "likelihood: few"
-  description: Categorizes issue or PR as impacting a small portion of users.
-  color: F7D2B6
-- name: "likelihood: low"
-  description: Categorizes issue or PR as impacting a low portion of users.
-  color: F7D2B6
-- name: "likelihood: many"
-  description: Categorizes issue or PR as impacting many users.
-  color: F7D2B6
-- name: "likelihood: most"
-  description: Categorizes issue or PR as impacting most users.
-  color: F7D2B6
-- name: needs-triage
-  description: "Indicates an issue or PR lacks a `triage: foo` label and requires one."
-  color: ef9ed3
-- name: "service: access"
-  description: Categorizes issue or PR as related to the Access service.
-  color: 98D063
-- name: "service: addressing"
-  description: Categorizes issue or PR as related to the Addressing service.
-  color: 98D063
-- name: "service: api-shield"
-  description: Categorizes issue or PR as related to the API shield service.
-  color: 98D063
-- name: "service: argo"
-  description: Categorizes issue or PR as related to the Argo service.
-  color: 98D063
-- name: "service: bot-management"
-  description: Categorizes issue or PR as related to the Bot Management service.
-  color: 98D063
-- name: "service: byoip"
-  description: Categorizes issue or PR as related to the BYOIP service.
-  color: 98D063
-- name: "service: cache"
-  description: Categorizes issue or PR as related to the Content Delivery service.
-  color: 98D063
-- name: "service: custom-pages"
-  description: Categorizes issue or PR as related to the custom pages service.
-  color: 98D063
-- name: "service: d1"
-  description: Categorizes issue or PR as related to the D1 service.
-  color: 98D063
-- name: "service: dns"
-  description: Categorizes issue or PR as related to the DNS service.
-  color: 98D063
-- name: "service: durable-objects"
-  description: Categorizes issue or PR as related to the Durable Objects service.
-  color: 98D063
-- name: "service: firewall"
-  description: Categorizes issue or PR as related to the Firewall service.
-  color: 98D063
-- name: "service: gateway"
-  description: Categorizes issue or PR as related to the Zero Trust Gateway service.
-  color: 98D063
-- name: "service: iam"
-  description: Categorizes issue or PR as related to the IAM service.
-  color: 98D063
-- name: "service: kv"
-  description: Categorizes issue or PR as related to the KV service.
-  color: 98D063
-- name: "service: list"
-  description: Categorizes issue or PR as related to the List service.
-  color: 98D063
-- name: "service: lists"
-  description: Categorizes issue or PR as related to the Lists service.
-  color: 98D063
-- name: "service: load-balancing"
-  description: Categorizes issue or PR as related to the Load Balancing service.
-  color: 98D063
-- name: "service: logs"
-  description: Categorizes issue or PR as related to the Logging services.
-  color: 98D063
-- name: "service: magic-transit"
-  description: Categorizes issue or PR as related to Magic Transit services.
-  color: 98D063
-- name: "service: magic-wan"
-  description: Categorizes issue or PR as related to the Magic WAN service.
-  color: 98D063
-- name: "service: notifications"
-  description: Categorizes issue or PR as related to the notification service.
-  color: 98D063
-- name: "service: page-rules"
-  description: Categorizes issue or PR as related to the Page Rules service.
-  color: 98D063
-- name: "service: pages"
-  description: Categorizes issue or PR as related to the Pages service.
-  color: 98D063
-- name: "service: r2"
-  description: Categorizes issue or PR as related to the R2 service.
-  color: 98D063
-- name: "service: rulesets"
-  description: Categorizes issue or PR as related to the Rulesets service.
-  color: 98D063
-- name: "service: spectrum"
-  description: Categorizes issue or PR as related to the Spectrum service.
-  color: 98D063
-- name: "service: tls"
-  description: Categorizes issue or PR as related to the TLS services.
-  color: 98D063
-- name: "service: tunnel"
-  description: Categorizes issue or PR as related to the Tunnel service.
-  color: 98D063
-- name: "service: turnstile"
-  description: |
-    Categorizes issue or PR as related to Turnstile and the Challenge Platform
-    service.
-  color: 98D063
-- name: "service: workers"
-  description: Categorizes issue or PR as related to the Workers service.
-  color: 98D063
-- name: "service: zero-trust-devices"
-  description: Categorizes issue or PR as related to the Zero Trust Devices service.
-  color: 98D063
-- name: "service: zones"
-  description: Categorizes issue or PR as related to the Zones service.
-  color: 98D063
-- name: spam
-  description: ""
-  color: e6f99f
-- name: "triage: accepted"
-  description: Indicates an issue or PR is ready to be actively worked on.
-  color: fbca04
-- name: "triage: duplicate"
-  description: Indicates an issue is a duplicate of other open issue.
-  color: fbca04
-- name: "triage: needs-information"
-  description: Indicates an issue needs more information in order to work on it.
-  color: fbca04
-- name: "triage: not-reproducible"
-  description: Indicates an issue can not be reproduced as described.
-  color: fbca04
-- name: "triage: unresolved"
-  description: Indicates an issue that can not or will not be resolved.
-  color: fbca04
-- name: "workflow: needs-review"
-  description: Indicates an issue or PR needs review or feedback.
-  color: 006b75
-- name: "workflow: pending-cloudflare-response"
-  description: Indicates an issue or PR requires a response from the Cloudflare team.
-  color: 006b75
-- name: "workflow: pending-contributor-response"
-  description: Indicates an issue or PR requires a response from a contributor.
-  color: 006b75
-- name: "workflow: pending-maintainer-response"
-  description: Indicates an issue or PR requires a response from the maintainer team.
-  color: 006b75
-- name: "workflow: pending-op-response"
-  description: Indicates an issue or PR requires a response from the original poster.
-  color: 006b75
-- name: "workflow: pending-public-documentation"
-  description: |
-    Indicates an issue or PR requires changes to public documentation confirming
-    suitability for use.
-  color: 006b75
-- name: "workflow: pending-upstream-library"
-  description: Indicates an issue or PR requires changes from an upstream library.
-  color: 006b75
-- name: "workflow: pending-schemas"
-  description: Indicates an issue or PR requires changes from an upstream library.
-  color: 006b75
-- name: "workflow: synced"
-  description: ""
-  color: 006b75
-
-# autorelease management
-- name: "autorelease: custom version"
-  color: ededed
-- name: "autorelease: pending"
-  color: ededed
-- name: "autorelease: pre-release"
-  color: ededed
-- name: "autorelease: tagged"
-  color: ededed
diff --git a/pkg/cloudflare-go/.github/stale.yml b/pkg/cloudflare-go/.github/stale.yml
deleted file mode 100644
index 3cb76e8841..0000000000
--- a/pkg/cloudflare-go/.github/stale.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 180
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 30
-# Issues with these labels will never be considered stale
-exemptLabels:
-  - pinned
-  - security
-# Label to use when marking an issue as stale
-staleLabel: wontfix
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no further activity occurs. Thank you
-  for your contributions.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false
diff --git a/pkg/cloudflare-go/.github/workflows/changelog-check.yml b/pkg/cloudflare-go/.github/workflows/changelog-check.yml
deleted file mode 100644
index fe273f2358..0000000000
--- a/pkg/cloudflare-go/.github/workflows/changelog-check.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-name: Changelog check
-on: [pull_request_target]
-
-jobs:
-  changelog-check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version-file: 'internal/tools/go.mod'
-      - run: go generate -tags tools internal/tools/tools.go
-      - run: go run cmd/changelog-check/main.go ${{ github.event.pull_request.number }}
-        working-directory: ./internal/tools
-        env:
-          GITHUB_OWNER: cloudflare
-          GITHUB_REPO: cloudflare-go
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml b/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index 8321177b3c..0000000000
--- a/pkg/cloudflare-go/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ master ]
-  schedule:
-    - cron: '41 2 * * 6'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
diff --git a/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml b/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
deleted file mode 100644
index 8c8d83877d..0000000000
--- a/pkg/cloudflare-go/.github/workflows/dependabot-changelog.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-name: Add CHANGELOG for dependabot changes
-on: pull_request_target
-permissions:
-  pull-requests: write
-  issues: write
-  repository-projects: write
-  contents: write
-jobs:
-  dependabot:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
-    steps:
-      - name: Fetch dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v2.1.0
-      - uses: actions/checkout@v4
-      - run: |
-          gh pr checkout $PR_URL
-          cat << EOF > .changelog/$PR_NUMBER.txt
-          \`\`\`release-note:dependency
-          deps: bumps $DEP_NAME from $DEP_PREV_VERSION to $DEP_NEXT_VERSION
-          \`\`\`
-          EOF
-          git config user.name github-actions[bot]
-          git config user.email github-actions[bot]@users.noreply.github.com
-          git add .changelog/$PR_NUMBER.txt
-          git commit -m "add CHANGELOG for #$PR_NUMBER"
-          git push
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          DEP_NAME: ${{ steps.dependabot-metadata.outputs.dependency-names }}
-          DEP_PREV_VERSION: ${{ steps.dependabot-metadata.outputs.previous-version }}
-          DEP_NEXT_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }}
diff --git a/pkg/cloudflare-go/.github/workflows/generate-changelog.yml b/pkg/cloudflare-go/.github/workflows/generate-changelog.yml
deleted file mode 100644
index 73de291827..0000000000
--- a/pkg/cloudflare-go/.github/workflows/generate-changelog.yml
+++ /dev/null
@@ -1,31 +0,0 @@
-name: Generate CHANGELOG
-on:
-  pull_request_target:
-    types: [closed]
-  workflow_dispatch:
-jobs:
-  GenerateChangelog:
-    if: github.event.pull_request.merged || github.event_name == 'workflow_dispatch'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'internal/tools/go.mod'
-      - run: go generate -tags tools internal/tools/tools.go
-      - run: ./scripts/generate-changelog.sh
-      - run: |
-          if [[ `git status --porcelain` ]]; then
-            if ${{github.event_name == 'workflow_dispatch'}}; then
-              MSG="Update CHANGELOG.md (Manual Trigger)"
-            else
-              MSG="Update CHANGELOG.md for #${{ github.event.pull_request.number }}"
-            fi
-            git config --local user.email changelogbot@cloudflare.com
-            git config --local user.name changelogbot
-            git add CHANGELOG.md
-            git commit -m "$MSG"
-            git push
-          fi
diff --git a/pkg/cloudflare-go/.github/workflows/lint.yml b/pkg/cloudflare-go/.github/workflows/lint.yml
deleted file mode 100644
index ea44260830..0000000000
--- a/pkg/cloudflare-go/.github/workflows/lint.yml
+++ /dev/null
@@ -1,50 +0,0 @@
-name: Lint
-on:
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
-jobs:
-  golangci-lint:
-    name: lint
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/cache@v4
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go${{ matrix.go-version }}-${{ hashFiles('**/go.mod') }}-${{ hashFiles('**/go.sum') }}
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
-        with:
-          version: latest
-          args: "--config .golintci.yaml"
-          only-new-issues: true # only show new issues in the PR, not all.
-
-  semgrep:
-    name: semgrep
-    runs-on: ubuntu-latest
-    container:
-      image: returntocorp/semgrep
-    if: (github.actor != 'dependabot[bot]')
-    steps:
-      - uses: actions/checkout@v4
-      - run: semgrep ci --config .semgrep.yml
-        env:
-          # only trigger for files in this change
-          SEMGREP_BASELINE_BRANCH: ${{ github.head_ref }}
-
-  # structslop:
-  #  name: structslop
-  #  runs-on: ubuntu-latest
-  #  steps:
-  #    - uses: actions/checkout@v4
-  #    - uses: actions/setup-go@v3
-  #      with:
-  #        go-version: "1.18"
-  #    - name: structslop
-  #      run: |
-  #        go generate -tags tools tools/tools.go
-  #        $(go env GOPATH)/bin/structslop .
diff --git a/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml b/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
deleted file mode 100644
index f44571e650..0000000000
--- a/pkg/cloudflare-go/.github/workflows/lock-released-issues.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: Lock released issues and PRs
-
-on:
-  workflow_dispatch:
-    inputs:
-      issue_list:
-        description: Comma seperated (no spaces) list of issues/PRs to lock
-        required: true
-
-permissions:
-  issues: write
-  pull-requests: write
-
-jobs:
-  lock-closed-issues:
-    runs-on: ubuntu-latest
-    steps: 
-      - uses: actions/checkout@v4
-      - run: |
-          IFS=',' read -r -a issues <<< "$ISSUES"
-          for element in "${issues[@]}"
-          do
-              echo "Locking $element"
-              echo "no" | gh pr lock -r resolved $element || true
-              echo "no" | gh issue lock -r resolved $element || true
-          done
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ISSUES: ${{ github.event.inputs.issue_list }}
diff --git a/pkg/cloudflare-go/.github/workflows/milestone-closed.yml b/pkg/cloudflare-go/.github/workflows/milestone-closed.yml
deleted file mode 100644
index bea4e2f766..0000000000
--- a/pkg/cloudflare-go/.github/workflows/milestone-closed.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: Closed Milestones
-
-on:
-  milestone:
-    types: [closed]
-
-permissions:
-  issues: write
-  pull-requests: write
-
-jobs:
-  comment-on-closed-milestone:
-    runs-on: ubuntu-latest
-    outputs:
-      ids: ${{ steps.milestone-comment.outputs.ids }}
-    steps:
-      - id: milestone-comment
-        uses: bflad/action-milestone-comment@v2
-        with:
-          body: |
-            This functionality has been released in [${{ github.event.milestone.title }}](https://github.com/${{ github.repository }}/releases/tag/${{ github.event.milestone.title }}).
-
-            For further feature requests or bug reports with this functionality, please create a [new GitHub issue](https://github.com/${{ github.repository }}/issues/new/choose) following the template. Thank you!
-  
-  lock-closed-issues:
-    runs-on: ubuntu-latest
-    needs: comment-on-closed-milestone
-    steps:
-      - uses: actions/checkout@v4
-      - run: |
-          IFS=',' read -r -a issues <<< "$ISSUES"
-          for element in "${issues[@]}"
-          do
-              echo "Locking $element"
-              echo "no" | gh pr lock -r resolved $element || true
-              echo "no" | gh issue lock -r resolved $element || true
-          done
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          ISSUES: ${{ needs.comment-on-closed-milestone.outputs.ids }}
diff --git a/pkg/cloudflare-go/.github/workflows/milestones.yml b/pkg/cloudflare-go/.github/workflows/milestones.yml
deleted file mode 100644
index d161b09550..0000000000
--- a/pkg/cloudflare-go/.github/workflows/milestones.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-on:
-  pull_request_target:
-    types: [closed]
-name: Add merged PR and linked issues to current milestone of target branch
-jobs:
-  add-merged-to-current-milestone:
-    if: github.event.pull_request.merged
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.base.ref }}
-      - id: get-current-milestone
-        run: |
-            echo ::set-output name=current_milestone::v$(head -1 CHANGELOG.md | cut -d " " -f 2)
-      - run: echo ${{ steps.get-current-milestone.outputs.current_milestone }}
-      - id: get-milestone-id
-        run: |
-          echo ::set-output name=milestone_id::$(curl -H "Authorization: Bearer ${{secrets.GITHUB_TOKEN}}" https://api.github.com/repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/milestones | jq 'map(select(.title == "${{ steps.get-current-milestone.outputs.current_milestone }}"))[0].number')
-      - run: echo ${{ steps.get-milestone-id.outputs.milestone_id }}
-      - uses: breathingdust/current-milestone-action@v4
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          pull_number: ${{ github.event.pull_request.number }}
-          milestone_number: ${{ steps.get-milestone-id.outputs.milestone_id }}
diff --git a/pkg/cloudflare-go/.github/workflows/release.yml b/pkg/cloudflare-go/.github/workflows/release.yml
deleted file mode 100644
index 7abfac5e12..0000000000
--- a/pkg/cloudflare-go/.github/workflows/release.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Release
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: actions/setup-go@v5
-        with:
-          go-version-file: 'go.mod'
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6.0.0
-        with:
-          version: latest
-          args: release --clean
-          workdir: cmd/flarectl
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/pkg/cloudflare-go/.github/workflows/sync-labels.yml b/pkg/cloudflare-go/.github/workflows/sync-labels.yml
deleted file mode 100644
index fd69921cfc..0000000000
--- a/pkg/cloudflare-go/.github/workflows/sync-labels.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-name: Sync labels
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - master
-    paths:
-      - .github/labels.yml
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: micnncim/action-label-syncer@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          manifest: .github/labels.yml
diff --git a/pkg/cloudflare-go/.github/workflows/test.yml b/pkg/cloudflare-go/.github/workflows/test.yml
deleted file mode 100644
index 1405737f7f..0000000000
--- a/pkg/cloudflare-go/.github/workflows/test.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-on: [pull_request]
-name: Test
-jobs:
-  test:
-    strategy:
-      matrix:
-        go-version: ["1.20", "1.21", "1.22"]
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ matrix.go-version }}
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - uses: actions/cache@v4
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go${{ matrix.go-version }}-${{ hashFiles('**/go.mod') }}-${{ hashFiles('**/go.sum') }}
-      - name: Vet
-        run: go vet ./...
-      - name: Test
-        run: go test -v -race ./...
diff --git a/pkg/cloudflare-go/.gitignore b/pkg/cloudflare-go/.gitignore
deleted file mode 100644
index 0953e13b27..0000000000
--- a/pkg/cloudflare-go/.gitignore
+++ /dev/null
@@ -1,6 +0,0 @@
-.idea
-.vscode/
-cmd/flarectl/dist/
-cmd/flarectl/flarectl
-cmd/flarectl/flarectl.exe
-.flox/
diff --git a/pkg/cloudflare-go/.golintci.yaml b/pkg/cloudflare-go/.golintci.yaml
deleted file mode 100644
index d5d1c93978..0000000000
--- a/pkg/cloudflare-go/.golintci.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-run:
-  timeout: 5m
-  issues-exit-code: 1
-  tests: true
-  skip-dirs-use-default: true
-  modules-download-mode: readonly
-
-linters:
-  enable:
-    - bodyclose      # ensure HTTP response bodies are successfully closed.
-    - contextcheck   # check we are passing context an inherited context.
-    - gofmt          # checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification.
-    - errname        # checks that sentinel errors are prefixed with the `Err`` and error types are suffixed with the `Error``.
-    - errorlint      # used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    - godot          # check if comments end in a period.
-    - misspell       # finds commonly misspelled English words in comments.
-    - nilerr         # checks that there is no simultaneous return of nil error and an invalid value.
-    - tparallel      # detects inappropriate usage of t.Parallel() method in your Go test codes.
-    - unparam        # reports unused function parameters.
-    - whitespace     # detection of leading and trailing whitespace.
-    - gosec          # inspects source code for security problems.
-    - bidichk        # checks for dangerous unicode character sequences.
-    - exportloopref  # prevent scope issues with pointers in loops.
-    - goconst        # use constants where values are repeated.
-    - reassign       # checks that package variables are not reassigned.
-    - goimports      # checks import grouping and code formatting.
-
-output:
-  format: colored-line-number
-
-linters-settings:
-  goconst:
-    ignore-tests: true
diff --git a/pkg/cloudflare-go/.semgrep.yml b/pkg/cloudflare-go/.semgrep.yml
deleted file mode 100644
index e0a6dc4a51..0000000000
--- a/pkg/cloudflare-go/.semgrep.yml
+++ /dev/null
@@ -1,88 +0,0 @@
-rules:
-  - id: rfc-5737-ip-address
-    languages:
-      - go
-    message: Where a real IPv4 address isn't needed, use IPv4 addresses from RFC5737.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: '(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
-      - pattern-not-regex: '10\.\d+\.\d+.\d+'
-      - pattern-not-regex: '192\.168\.\d+.\d+'
-      - pattern-not-regex: '192\.0\.2\.\d+'    # 192.0.2.0/24 (TEST-NET-1, rfc5737)
-      - pattern-not-regex: '198\.51\.100\.\d+' # 198.51.100.0/24 (TEST-NET-2, rfc5737)
-      - pattern-not-regex: '203\.0\.113\.\d+'  # 203.0.113.0/24 (TEST-NET-3, rfc5737)
-    severity: WARNING
-  - id: rfc-3849-ip-address
-    languages:
-      - generic
-    message: Where a real IPv6 address isn't needed, use IPv6 addresses from RFC3849.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
-    severity: WARNING
-
-  - id: calling-errors-wrap
-    languages: [go]
-    message: 'Do not call `errors.Wrap`. Use `fmt.Errorf(".. : %w", err)` instead.'
-    patterns:
-      - pattern-either:
-        - pattern: |
-            errors.Wrap(...)
-    severity: WARNING
-  - id: no-use-of-stdlib-json
-    languages:
-      - go
-    message: Favour "github.com/goccy/go-json" instead of "encoding/json" to allow better customisation of marshaling and unmarshaling JSON attributes. See https://github.com/cloudflare/cloudflare-go/pull/1360 for full details.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: '\"encoding\/json\"'
-    fix-regex:
-      regex: \".*\"
-      replacement: '"github.com/goccy/go-json"'
-    severity: WARNING
-  - id: use-pointers-for-booleans
-    languages:
-      - go
-    message: |
-      Booleans should always be represented as pointers in structs with an omitempty marshaling tag (most commonly as JSON). This ensures you can determine unset, false and truthy values.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: "bool"
-      - pattern-not-regex: "\\*bool"
-      - pattern-either:
-        - pattern-inside: |
-            type $STRUCTNAME struct {
-                ...
-            }
-    severity: WARNING
-    metadata:
-      references:
-        - https://github.com/cloudflare/cloudflare-go/blob/master/docs/conventions.md#booleans
-  - id: use-pointers-for-time
-    languages:
-      - go
-    message: |
-      time.Time should always be represented as pointers in structs.
-    paths:
-      include:
-        - '*.go'
-    patterns:
-      - pattern-regex: "time\\.Time"
-      - pattern-not-regex: "\\*time\\.Time"
-      - pattern-either:
-        - pattern-inside: |
-            type $STRUCTNAME struct {
-                ...
-            }
-    severity: WARNING
-    metadata:
-      references:
-        - https://github.com/cloudflare/cloudflare-go/blob/master/docs/conventions.md#timetime
diff --git a/pkg/cloudflare-go/.semgrepignore b/pkg/cloudflare-go/.semgrepignore
deleted file mode 100644
index e12718f031..0000000000
--- a/pkg/cloudflare-go/.semgrepignore
+++ /dev/null
@@ -1,22 +0,0 @@
-# Based on the default .semgrepignore documented here:
-
-# https://semgrep.dev/docs/ignoring-files-folders-code/#understanding-semgrep-defaults
-
-# but not ignoring '\*\_test.go'.
-
-# Ignore git items
-
-.gitignore
-.git/
-:include .gitignore
-
-.semgrep
-.semgrep_logs/
-
-.github/
-.vscode/
-.changelog/
-CHANGELOG.md
-go.mod
-go.sum
-README.md
diff --git a/pkg/cloudflare-go/CHANGELOG.md b/pkg/cloudflare-go/CHANGELOG.md
deleted file mode 100644
index 7c85aa3400..0000000000
--- a/pkg/cloudflare-go/CHANGELOG.md
+++ /dev/null
@@ -1,1140 +0,0 @@
-## 0.98.0 (Unreleased)
-
-## 0.97.0 (June 5th, 2024)
-
-ENHANCEMENTS:
-
-* access_application: Add support for Hybrid/Implicit flows and options ([#2131](https://github.com/cloudflare/cloudflare-go/issues/2131))
-* teams_account: Add Zero Trust connectivity settings ([#2165](https://github.com/cloudflare/cloudflare-go/issues/2165))
-* teams_accounts: Add `use_zt_virtual_ip` attribute ([#2126](https://github.com/cloudflare/cloudflare-go/issues/2126))
-
-DEPENDENCIES:
-
-* deps: bumps `github.com/goccy/go-json` from 0.10.2 to 0.10.3 ([#2107](https://github.com/cloudflare/cloudflare-go/issues/2107))
-* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.6 to 0.7.7 ([#2249](https://github.com/cloudflare/cloudflare-go/issues/2249))
-
-## 0.96.0 (May 22nd, 2024)
-
-ENHANCEMENTS:
-
-* access_application: Add Refresh Token, Custom Claims, and PKCE Without Client Secret support for OIDC SaaS configurations ([#1981](https://github.com/cloudflare/cloudflare-go/issues/1981))
-* ruleset: add support for action parameters `fonts` and `disable_rum` ([#1832](https://github.com/cloudflare/cloudflare-go/issues/1832))
-
-DEPENDENCIES:
-
-* deps: bumps bflad/action-milestone-comment from 1 to 2 ([#1991](https://github.com/cloudflare/cloudflare-go/issues/1991))
-* deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.6 ([#1993](https://github.com/cloudflare/cloudflare-go/issues/1993))
-* deps: bumps goreleaser/goreleaser-action from 5.0.0 to 5.1.0 ([#1992](https://github.com/cloudflare/cloudflare-go/issues/1992))
-
-## 0.95.0 (May 8th, 2024)
-
-ENHANCEMENTS:
-
-* access_application: add support for `policies` array ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
-* access_application: add support for `scim_config` ([#1921](https://github.com/cloudflare/cloudflare-go/issues/1921))
-* access_policy: add support for reusable policies ([#1956](https://github.com/cloudflare/cloudflare-go/issues/1956))
-* dlp: add support for zt risk behavior configuration ([#1887](https://github.com/cloudflare/cloudflare-go/issues/1887))
-
-BUG FIXES:
-
-* access_application: fix scim configuration authentication json marshalling ([#1959](https://github.com/cloudflare/cloudflare-go/issues/1959))
-
-DEPENDENCIES:
-
-* deps: bumps dependabot/fetch-metadata from 2.0.0 to 2.1.0 ([#1839](https://github.com/cloudflare/cloudflare-go/issues/1839))
-* deps: bumps github.com/urfave/cli/v2 from 2.27.1 to 2.27.2 ([#1861](https://github.com/cloudflare/cloudflare-go/issues/1861))
-* deps: bumps golang.org/x/net from 0.24.0 to 0.25.0 ([#1974](https://github.com/cloudflare/cloudflare-go/issues/1974))
-* deps: bumps golangci/golangci-lint-action from 4 to 5 ([#1845](https://github.com/cloudflare/cloudflare-go/issues/1845))
-* deps: bumps golangci/golangci-lint-action from 5 to 6 ([#1975](https://github.com/cloudflare/cloudflare-go/issues/1975))
-
-## 0.94.0 (April 24th, 2024)
-
-ENHANCEMENTS:
-
-* access_application: support options_preflight_bypass for access_application ([#1790](https://github.com/cloudflare/cloudflare-go/issues/1790))
-* gateway: added ecs_support field to teams_location resource ([#1826](https://github.com/cloudflare/cloudflare-go/issues/1826))
-* teams_account: adds custom certificate setting to teams account configuration ([#1811](https://github.com/cloudflare/cloudflare-go/issues/1811))
-* workers: support deleting namespaced Workers ([#1737](https://github.com/cloudflare/cloudflare-go/issues/1737))
-
-DEPENDENCIES:
-
-* deps: bumps golang.org/x/net from 0.19.0 to 0.23.0 ([#1825](https://github.com/cloudflare/cloudflare-go/issues/1825))
-
-## 0.93.0 (April 10th, 2024)
-
-BREAKING CHANGES:
-
-* dns: Remove "locked" flag which is always false ([#1618](https://github.com/cloudflare/cloudflare-go/issues/1618))
-
-ENHANCEMENTS:
-
-* magic_transit_ipsec_tunnel: Adds support for replay_protection boolean flag ([#1710](https://github.com/cloudflare/cloudflare-go/issues/1710))
-
-DEPENDENCIES:
-
-* deps: bumps golang.org/x/net from 0.22.0 to 0.24.0 ([#1688](https://github.com/cloudflare/cloudflare-go/issues/1688))
-
-## 0.92.0 (March 27th, 2024)
-
-ENHANCEMENTS:
-
-- dlp: Adds support for ocr_enabled boolean flag ([#1600](https://github.com/cloudflare/cloudflare-go/issues/1600))
-
-BUG FIXES:
-
-- teams_rules: add "resolve" to allowable actions ([#1615](https://github.com/cloudflare/cloudflare-go/issues/1615))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0 ([#1593](https://github.com/cloudflare/cloudflare-go/issues/1593))
-- deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0 ([#1607](https://github.com/cloudflare/cloudflare-go/issues/1607))
-
-## 0.91.0 (March 22nd, 2024)
-
-ENHANCEMENTS:
-
-- access_application: add support for `saml_attribute_transform_jsonata` in saas apps ([#1562](https://github.com/cloudflare/cloudflare-go/issues/1562))
-- dlp: Adds support for ocr_enabled boolean flag ([#1600](https://github.com/cloudflare/cloudflare-go/issues/1600))
-
-BUG FIXES:
-
-- teams_rules: add "resolve" to allowable actions ([#1615](https://github.com/cloudflare/cloudflare-go/issues/1615))
-
-DEPENDENCIES:
-
-- deps: bumps actions/checkout from 2 to 4 ([#1573](https://github.com/cloudflare/cloudflare-go/issues/1573))
-- deps: bumps dependabot/fetch-metadata from 1.6.0 to 1.7.0 ([#1593](https://github.com/cloudflare/cloudflare-go/issues/1593))
-- deps: bumps dependabot/fetch-metadata from 1.7.0 to 2.0.0 ([#1607](https://github.com/cloudflare/cloudflare-go/issues/1607))
-- deps: bumps google.golang.org/protobuf from 1.28.0 to 1.33.0 ([#1558](https://github.com/cloudflare/cloudflare-go/issues/1558))
-
-## 0.90.0 (March 13th, 2024)
-
-ENHANCEMENTS:
-
-- access_mutual_tls_certificates: add support for mutual tls hostname settings ([#1516](https://github.com/cloudflare/cloudflare-go/issues/1516))
-- device_posture_rule: support last_seen and state for crowdstrike_s2s posture rule ([#1509](https://github.com/cloudflare/cloudflare-go/issues/1509))
-- dlp: add support for Context Awareness in DLP profiles ([#1497](https://github.com/cloudflare/cloudflare-go/issues/1497))
-- workers: Add Workers for Platforms support for getting a Worker, content and bindings ([#1508](https://github.com/cloudflare/cloudflare-go/issues/1508))
-- workers_for_platforms: Add ability to list Workers for Platforms namespaces, get a namespace, create a new namespace or delete a namespace. ([#1508](https://github.com/cloudflare/cloudflare-go/issues/1508))
-
-BUG FIXES:
-
-- dlp: added optional ContextAwareness support ([#1510](https://github.com/cloudflare/cloudflare-go/issues/1510))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/stretchr/testify from 1.8.4 to 1.9.0 ([#1511](https://github.com/cloudflare/cloudflare-go/issues/1511))
-- deps: bumps golang.org/x/net from 0.21.0 to 0.22.0 ([#1513](https://github.com/cloudflare/cloudflare-go/issues/1513))
-
-## 0.89.0 (February 28th, 2024)
-
-NOTES:
-
-- zaraz: replace deprecated neoEvents with Actions on Zaraz Config tools schema ([#1490](https://github.com/cloudflare/cloudflare-go/issues/1490))
-
-ENHANCEMENTS:
-
-- magic-transit: Adds IPsec tunnel healthcheck direction & rate parameters ([#1503](https://github.com/cloudflare/cloudflare-go/issues/1503))
-
-BUG FIXES:
-
-- registrar: Fix request method to call domain list endpoint from POST to GET ([#1506](https://github.com/cloudflare/cloudflare-go/issues/1506))
-
-## 0.88.0 (February 14th, 2024)
-
-ENHANCEMENTS:
-
-- access_application: Add support for OIDC SaaS Applications ([#1500](https://github.com/cloudflare/cloudflare-go/issues/1500))
-- access_application: Add support for `allow_authenticate_via_warp` ([#1496](https://github.com/cloudflare/cloudflare-go/issues/1496))
-- access_application: add support for `name_id_transform_jsonata` in saas apps ([#1505](https://github.com/cloudflare/cloudflare-go/issues/1505))
-- access_organization: Add support for `allow_authenticate_via_warp` and `warp_auth_session_duration` ([#1496](https://github.com/cloudflare/cloudflare-go/issues/1496))
-- hyperdrive: Add support for hyperdrive CRUD operations ([#1492](https://github.com/cloudflare/cloudflare-go/issues/1492))
-- images_variants: Add support for Images Variants CRUD operations ([#1494](https://github.com/cloudflare/cloudflare-go/issues/1494))
-- teams_rules: `AntiVirus` settings includes notification settings ([#1499](https://github.com/cloudflare/cloudflare-go/issues/1499))
-
-BUG FIXES:
-
-- hyperdrive: password should be nested in origin ([#1501](https://github.com/cloudflare/cloudflare-go/issues/1501))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.20.0 to 0.21.0 ([#1502](https://github.com/cloudflare/cloudflare-go/issues/1502))
-- deps: bumps golangci/golangci-lint-action from 3 to 4 ([#1504](https://github.com/cloudflare/cloudflare-go/issues/1504))
-
-## 0.87.0 (January 31st, 2024)
-
-ENHANCEMENTS:
-
-- access_seats: Add `UpdateAccessUsersSeats` with an array as input for multiple operations ([#1480](https://github.com/cloudflare/cloudflare-go/issues/1480))
-- dlp: add support for EDM and CWL datasets ([#1485](https://github.com/cloudflare/cloudflare-go/issues/1485))
-- logpush: Add support for Output Options ([#1468](https://github.com/cloudflare/cloudflare-go/issues/1468))
-- pages_project: Add `build_caching` attribute ([#1489](https://github.com/cloudflare/cloudflare-go/issues/1489))
-- streams: adds support for stream create parameters for tus upload initiate ([#1386](https://github.com/cloudflare/cloudflare-go/issues/1386))
-- teams_accounts: add support for extended email matching ([#1486](https://github.com/cloudflare/cloudflare-go/issues/1486))
-
-BUG FIXES:
-
-- access_seats: UpdateAccessUserSeat: fix parameters not being an array when sending to the api. This caused an error when updating a user's seat ([#1480](https://github.com/cloudflare/cloudflare-go/issues/1480))
-- access_users: ListAccessUsers was returning wrong values in pointer fields due to variable missused in loop ([#1482](https://github.com/cloudflare/cloudflare-go/issues/1482))
-- flarectl: alias zone certs to "ct" instead of duplicating the "c" alias ([#1484](https://github.com/cloudflare/cloudflare-go/issues/1484))
-
-DEPENDENCIES:
-
-- deps: bumps actions/cache from 3 to 4 ([#1483](https://github.com/cloudflare/cloudflare-go/issues/1483))
-
-## 0.86.0 (January 17, 2024)
-
-ENHANCEMENTS:
-
-- access_application: Add support for default_relay_state in saas apps ([#1477](https://github.com/cloudflare/cloudflare-go/issues/1477))
-- zaraz: Add support for CRUD APIs ([#1474](https://github.com/cloudflare/cloudflare-go/issues/1474))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/cloudflare/circl from 1.3.3 to 1.3.7 ([#1475](https://github.com/cloudflare/cloudflare-go/issues/1475))
-- deps: bumps golang.org/x/net from 0.19.0 to 0.20.0 ([#1476](https://github.com/cloudflare/cloudflare-go/issues/1476))
-
-## 0.85.0 (January 3rd, 2024)
-
-DEPENDENCIES:
-
-- deps: bumps github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 ([#1470](https://github.com/cloudflare/cloudflare-go/issues/1470))
-- deps: bumps github.com/urfave/cli/v2 from 2.26.0 to 2.27.0 ([#1471](https://github.com/cloudflare/cloudflare-go/issues/1471))
-- deps: bumps github.com/urfave/cli/v2 from 2.27.0 to 2.27.1 ([#1472](https://github.com/cloudflare/cloudflare-go/issues/1472))
-
-## 0.84.0 (December 20th, 2023)
-
-ENHANCEMENTS:
-
-- access_group: Add support for email lists ([#1445](https://github.com/cloudflare/cloudflare-go/issues/1445))
-- device_posture_rules: add support for Access client fields in device posture integrations ([#1464](https://github.com/cloudflare/cloudflare-go/issues/1464))
-- page_shield: added support for page shield ([#1459](https://github.com/cloudflare/cloudflare-go/issues/1459))
-
-DEPENDENCIES:
-
-- deps: bumps actions/setup-go from 4 to 5 ([#1460](https://github.com/cloudflare/cloudflare-go/issues/1460))
-- deps: bumps github/codeql-action from 2 to 3 ([#1462](https://github.com/cloudflare/cloudflare-go/issues/1462))
-- deps: bumps golang.org/x/crypto from 0.14.0 to 0.17.0 ([#1466](https://github.com/cloudflare/cloudflare-go/issues/1466))
-
-## 0.83.0 (December 6th, 2023)
-
-ENHANCEMENTS:
-
-- cloudflare: Add ResultInfo to RawResponse ([#1453](https://github.com/cloudflare/cloudflare-go/issues/1453))
-- devices_policy: add fields for Opt-In Split Tunnel Overlapping IPs feature. ([#1454](https://github.com/cloudflare/cloudflare-go/issues/1454))
-- stream: Add ScheduledDeletion to StreamCreateVideoParameters ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
-- stream: Add ScheduledDeletion to StreamUploadFromURLParameters ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
-- stream: Add ScheduledDeletion to StreamVideo ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
-- stream: Add ScheduledDeletion to StreamVideoCreate ([#1457](https://github.com/cloudflare/cloudflare-go/issues/1457))
-- worker_bindings: Fixing form element name for d1 binding ([#1450](https://github.com/cloudflare/cloudflare-go/issues/1450))
-- worker_bindings: add support for `d1` bindings ([#1446](https://github.com/cloudflare/cloudflare-go/issues/1446))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.25.7 to 2.26.0 ([#1456](https://github.com/cloudflare/cloudflare-go/issues/1456))
-- deps: bumps golang.org/x/net from 0.18.0 to 0.19.0 ([#1452](https://github.com/cloudflare/cloudflare-go/issues/1452))
-- deps: bumps golang.org/x/time from 0.4.0 to 0.5.0 ([#1449](https://github.com/cloudflare/cloudflare-go/issues/1449))
-
-## 0.82.0 (November 22nd, 2023)
-
-ENHANCEMENTS:
-
-- ip_access_rules: Add ListIPAccessRules() to list IP Access Rules ([#1428](https://github.com/cloudflare/cloudflare-go/issues/1428))
-- load_balancing: add healthy field to LoadBalancerPool ([#1442](https://github.com/cloudflare/cloudflare-go/issues/1442))
-
-BUG FIXES:
-
-- load_balancing: Add support for virtual network id in origins ([#1441](https://github.com/cloudflare/cloudflare-go/issues/1441))
-- per_hostname_tls_setting: use `buildURI` for defining the query parameters when sorting ([#1440](https://github.com/cloudflare/cloudflare-go/issues/1440))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.5 ([#1438](https://github.com/cloudflare/cloudflare-go/issues/1438))
-- deps: bumps golang.org/x/net from 0.17.0 to 0.18.0 ([#1439](https://github.com/cloudflare/cloudflare-go/issues/1439))
-
-## 0.81.0 (November 8th, 2023)
-
-BREAKING CHANGES:
-
-- devices_policy: `CreateDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `DeleteDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `DeviceClientCertificates` is renamed to `DeviceClientCertificates` ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `GetDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `GetDeviceClientCertificatesZone` is renamed to `GetDeviceClientCertificates` with updated method signatures ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `GetDeviceClientCertificates` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `GetDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `UpdateDefaultDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `UpdateDeviceClientCertificatesZone` is renamed to `UpdateDeviceClientCertificates` with updated method signatures ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- devices_policy: `UpdateDeviceSettingsPolicy` is updated with method signatures matching the library conventions ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-
-ENHANCEMENTS:
-
-- access_seats: Add UpdateAccessUserSeat() to list IP Access Rules ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- access_user: Add GetAccessUserActiveSessions() to get all active sessions for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- access_user: Add GetAccessUserFailedLogins() to get all failed login attempts for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- access_user: Add GetAccessUserLastSeenIdentity() to get last seen identity for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- access_user: Add GetAccessUserSingleActiveSession() to get an active session for a Access/Zero-Trust user. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- access_user: Add ListAccessUsers() to get a list of users for a Access/Zero-Trust account. ([#1427](https://github.com/cloudflare/cloudflare-go/issues/1427))
-- devices_policy: Add support for listing device settings policies ([#1433](https://github.com/cloudflare/cloudflare-go/issues/1433))
-- teams_rules: Add support for resolver policies ([#1436](https://github.com/cloudflare/cloudflare-go/issues/1436))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/time from 0.3.0 to 0.4.0 ([#1434](https://github.com/cloudflare/cloudflare-go/issues/1434))
-
-## 0.80.0 (October 25th, 2023)
-
-BREAKING CHANGES:
-
-- teams: `BrowserIsolation.UrlBrowserIsolationEnabled` has changed from `bool` to `*bool` to meet the library conventions ([#1424](https://github.com/cloudflare/cloudflare-go/issues/1424))
-
-ENHANCEMENTS:
-
-- access_application: Add support for app launcher customization fields ([#1407](https://github.com/cloudflare/cloudflare-go/issues/1407))
-- api_shield_schema: Add support for Get/Update API Shield Operation Schema Validation Settings ([#1422](https://github.com/cloudflare/cloudflare-go/issues/1422))
-- api_shield_schema: Add support for Get/Update API Shield Schema Validation Settings ([#1418](https://github.com/cloudflare/cloudflare-go/issues/1418))
-- teams: Add support for body_scanning (Enhanced File Detection) in teams account configuration ([#1423](https://github.com/cloudflare/cloudflare-go/issues/1423))
-- load_balancing: extend documentation for least_connections steering policy ([#1414](https://github.com/cloudflare/cloudflare-go/issues/1414))
-- teams: Add `non_identity_enabled` boolean in browser isolation settings ([#1424](https://github.com/cloudflare/cloudflare-go/issues/1424))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.7.0 to 0.17.0 ([#1421](https://github.com/cloudflare/cloudflare-go/issues/1421))
-
-## 0.79.0 (October 11th, 2023)
-
-ENHANCEMENTS:
-
-- access_organization: Add support for session_duration ([#1415](https://github.com/cloudflare/cloudflare-go/issues/1415))
-- access_policy: Add support for session_duration ([#1415](https://github.com/cloudflare/cloudflare-go/issues/1415))
-
-ENHANCEMENTS:
-
-- api_shield_discovery: Add support for Get/Patch API Shield API Discovery Operations ([#1413](https://github.com/cloudflare/cloudflare-go/issues/1413))
-- api_shield_schema: Add support for managing schemas for API Shield Schema Validation 2.0 ([#1406](https://github.com/cloudflare/cloudflare-go/issues/1406))
-- d1: adds support for d1 ([#1417](https://github.com/cloudflare/cloudflare-go/issues/1417))
-- teams: Add `audit_ssh_settings` endpoints ([#1419](https://github.com/cloudflare/cloudflare-go/issues/1419))
-
-BUG FIXES:
-
-- custom_nameservers: change `NSSet` from string to int to match API response ([#1410](https://github.com/cloudflare/cloudflare-go/issues/1410))
-- observatory: fix double url encoding ([#1412](https://github.com/cloudflare/cloudflare-go/issues/1412))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.15.0 to 0.16.0 ([#1416](https://github.com/cloudflare/cloudflare-go/issues/1416))
-- deps: bumps golang.org/x/net from 0.16.0 to 0.17.0 ([#1420](https://github.com/cloudflare/cloudflare-go/issues/1420))
-
-## 0.78.0 (September 27th, 2023)
-
-BREAKING CHANGES:
-
-- account_role: `AccountRole` has been renamed to `GetAccountRole` to align with the updated method conventions ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
-- account_role: `AccountRoles` has been renamed to `ListAccountRoles` to align with the updated method conventions ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
-
-ENHANCEMENTS:
-
-- access_application: Add support for tags ([#1403](https://github.com/cloudflare/cloudflare-go/issues/1403))
-- access_tag: Add support for tags ([#1403](https://github.com/cloudflare/cloudflare-go/issues/1403))
-- list_item: allow filtering by search term, cursor and per page attributes ([#1409](https://github.com/cloudflare/cloudflare-go/issues/1409))
-- observatory: add support for observatory API ([#1401](https://github.com/cloudflare/cloudflare-go/issues/1401))
-
-BUG FIXES:
-
-- account_role: autopaginate all available results instead of a static number ([#1405](https://github.com/cloudflare/cloudflare-go/issues/1405))
-- semgrep: Improved IPv4 validation by implementing a new pattern to handle cases where non-IPv4 addresses were previously accepted. ([#1382](https://github.com/cloudflare/cloudflare-go/issues/1382))
-
-DEPENDENCIES:
-
-- deps: bumps codecov/codecov-action from 3 to 4 ([#1402](https://github.com/cloudflare/cloudflare-go/issues/1402))
-
-## 0.77.0 (September 13th, 2023)
-
-ENHANCEMENTS:
-
-- access_identity_provider: add support for email_claim_name and authorization_server_id ([#1390](https://github.com/cloudflare/cloudflare-go/issues/1390))
-- access_identity_provider: add support for ping_env_id ([#1391](https://github.com/cloudflare/cloudflare-go/issues/1391))
-- dcv_delegation: add GET for DCV Delegation UUID ([#1384](https://github.com/cloudflare/cloudflare-go/issues/1384))
-- streams: adds support to initiate tus upload ([#1359](https://github.com/cloudflare/cloudflare-go/issues/1359))
-- tunnel: add support for `include_prefix`, `exclude_prefix` in list operations ([#1385](https://github.com/cloudflare/cloudflare-go/issues/1385))
-
-BUG FIXES:
-
-- dns: keep comments when calling UpdateDNSRecord with zero values of UpdateDNSRecordParams ([#1393](https://github.com/cloudflare/cloudflare-go/issues/1393))
-
-DEPENDENCIES:
-
-- deps: bumps actions/checkout from 3 to 4 ([#1387](https://github.com/cloudflare/cloudflare-go/issues/1387))
-- deps: bumps golang.org/x/net from 0.14.0 to 0.15.0 ([#1389](https://github.com/cloudflare/cloudflare-go/issues/1389))
-- deps: bumps goreleaser/goreleaser-action from 4.4.0 to 4.6.0 ([#1388](https://github.com/cloudflare/cloudflare-go/issues/1388))
-- deps: bumps goreleaser/goreleaser-action from 4.6.0 to 5.0.0 ([#1396](https://github.com/cloudflare/cloudflare-go/issues/1396))
-
-## 0.76.0 (August 30th, 2023)
-
-BREAKING CHANGES:
-
-- images: Renamed Image struct "Metadata" field to "Meta" ([#1379](https://github.com/cloudflare/cloudflare-go/issues/1379))
-
-ENHANCEMENTS:
-
-- access_application: added custom_non_identity_deny_url ([#1373](https://github.com/cloudflare/cloudflare-go/issues/1373))
-- load_balancer_monitor: add support for `consecutive_up`, `consecutive_down` ([#1380](https://github.com/cloudflare/cloudflare-go/issues/1380))
-- workers: Add support for retrieving and uploading only script content. ([#1361](https://github.com/cloudflare/cloudflare-go/issues/1361))
-- workers: Add support for retrieving and uploading only script metadata. ([#1361](https://github.com/cloudflare/cloudflare-go/issues/1361))
-- workers: allow namespaced scripts to be used as Worker tail consumers ([#1377](https://github.com/cloudflare/cloudflare-go/issues/1377))
-
-BUG FIXES:
-
-- access_application: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-- access_ca_certificate: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-- access_group: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-- access_mutual_tls_certifcate: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-- access_policy: Use autopaginate flag as expected ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-- images: Fix issue parsing Image Details from API due to incorrect struct json field ([#1379](https://github.com/cloudflare/cloudflare-go/issues/1379))
-- pagination: Will look at `total_count` and `per_page` to calculate `total_pages` if `total_pages` is zero ([#1372](https://github.com/cloudflare/cloudflare-go/issues/1372))
-
-## 0.75.0 (August 16th, 2023)
-
-BREAKING CHANGES:
-
-- cloudflare: `Raw` method now returns a RawResponse rather than the raw JSON `Result` message ([#1355](https://github.com/cloudflare/cloudflare-go/issues/1355))
-- rulesets: Rename `RulesetPhaseRateLimit` to `RulesetPhaseHTTPRatelimit`, to match the phase name ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-- rulesets: Rename `RulesetPhaseSuperBotFightMode` to `RulesetPhaseHTTPRequestSBFM`, to match the phase name ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-
-NOTES:
-
-- rulesets: Remove non-existent `allow` action ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-- rulesets: Remove non-existent `http_request_main` phase ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-- rulesets: Remove non-public `http_response_headers_transform_managed` and `http_request_late_transform_managed` phases ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-
-ENHANCEMENTS:
-
-- access_group: add auth_context group ruletype ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
-- access_identity_provider: add attr conditional_access_enabled ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
-- access_identity_provider: add auth context list/put endpoint ([#1344](https://github.com/cloudflare/cloudflare-go/issues/1344))
-- access_service_token: add support for managing `Duration` ([#1347](https://github.com/cloudflare/cloudflare-go/issues/1347))
-- bot_management: add support for bot_management API ([#1363](https://github.com/cloudflare/cloudflare-go/issues/1363))
-- cloudflare: swap `encoding/json` for `github.com/goccy/go-json` ([#1360](https://github.com/cloudflare/cloudflare-go/issues/1360))
-- device_posture_rule: support eid_last_seen and risk_level and correct total_score for Tanium posture rule ([#1366](https://github.com/cloudflare/cloudflare-go/issues/1366))
-- per_hostname_tls_settings: add support for managing hostname level TLS settings ([#1356](https://github.com/cloudflare/cloudflare-go/issues/1356))
-- rulesets: Add the `ddos_mitigation` action ([#1367](https://github.com/cloudflare/cloudflare-go/issues/1367))
-- waiting_room: add support for `queueing_status_code` ([#1357](https://github.com/cloudflare/cloudflare-go/issues/1357))
-- web_analytics: add support for web_analytics API ([#1348](https://github.com/cloudflare/cloudflare-go/issues/1348))
-- workers: add support for tagging Worker scripts ([#1368](https://github.com/cloudflare/cloudflare-go/issues/1368))
-- zone_hold: add support for zone hold API ([#1365](https://github.com/cloudflare/cloudflare-go/issues/1365))
-
-BUG FIXES:
-
-- cache_purge: don't escape HTML entity values in URLs for cache keys ([#1360](https://github.com/cloudflare/cloudflare-go/issues/1360))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.12.0 to 0.13.0 ([#1353](https://github.com/cloudflare/cloudflare-go/issues/1353))
-- deps: bumps golang.org/x/net from 0.13.0 to 0.14.0 ([#1362](https://github.com/cloudflare/cloudflare-go/issues/1362))
-- deps: bumps goreleaser/goreleaser-action from 4.3.0 to 4.4.0 ([#1369](https://github.com/cloudflare/cloudflare-go/issues/1369))
-
-## 0.74.0 (August 2nd, 2023)
-
-ENHANCEMENTS:
-
-- access_application: Add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
-- access_custom_page: Add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
-- access_organization: add support for custom pages ([#1343](https://github.com/cloudflare/cloudflare-go/issues/1343))
-- rulesets: Remove internal-only schema kind ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
-- rulesets: Remove some request parameters that are not allowed or have no effect ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
-- rulesets: Update API reference links ([#1346](https://github.com/cloudflare/cloudflare-go/issues/1346))
-- teams-accounts: Adds support for protocol detection ([#1340](https://github.com/cloudflare/cloudflare-go/issues/1340))
-- workers: Add `pipeline_hash` field to Workers script response struct. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
-- workers: Add support for declaring arbitrary bindings with UnsafeBinding. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
-- workers: Add support for uploading scripts to a Workers for Platforms namespace. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
-- workers: Add support for uploading workers with Workers for Platforms namespace bindings. ([#1330](https://github.com/cloudflare/cloudflare-go/issues/1330))
-
-BUG FIXES:
-
-- flarectl: allow for create or update to actually create the record ([#1341](https://github.com/cloudflare/cloudflare-go/issues/1341))
-- load_balancing: Fix pool creation with MinimumOrigins set to 0 ([#1338](https://github.com/cloudflare/cloudflare-go/issues/1338))
-- workers: Fix namespace dispatch upload API path ([#1345](https://github.com/cloudflare/cloudflare-go/issues/1345))
-
-## 0.73.0 (July 19th, 2023)
-
-BREAKING CHANGES:
-
-- pages_deployment: add support for auto pagination ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
-- pages_deployment: change DeletePagesDeploymentParams to contain all parameters ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
-- pages_project: change to use ResourceContainer for account ID ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
-- pages_project: rename PagesProject to GetPagesProject ([#1264](https://github.com/cloudflare/cloudflare-go/issues/1264))
-- rulesets: `CreateAccountRuleset` is removed in favour of `CreateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `CreateZoneRuleset` is removed in favour of `CreateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `DeleteAccountRuleset` is removed in favour of `DeleteRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `DeleteZoneRuleset` is removed in favour of `DeleteRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `GetAccountRulesetPhase` is removed in favour of `GetEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `GetAccountRuleset` is removed in favour of `GetRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `GetZoneRulesetPhase` is removed in favour of `GetEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `GetZoneRuleset` is removed in favour of `GetRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `UpdateAccountRulesetPhase` is removed in favour of `UpdateEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `UpdateAccountRuleset` is removed in favour of `UpdateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `UpdateZoneRulesetPhase` is removed in favour of `UpdateEntrypointRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-- rulesets: `UpdateZoneRuleset` is removed in favour of `UpdateRuleset` ([#1333](https://github.com/cloudflare/cloudflare-go/issues/1333))
-
-ENHANCEMENTS:
-
-- device_posture_rule: support active_threats, network_status, infected, and is_active for sentinelone_s2s posture rule ([#1339](https://github.com/cloudflare/cloudflare-go/issues/1339))
-- device_posture_rule: support certificate_id and cn for client_certificate posture rule ([#1339](https://github.com/cloudflare/cloudflare-go/issues/1339))
-- images: adds ability to upload image by url ([#1335](https://github.com/cloudflare/cloudflare-go/issues/1335))
-- load_balancing: support header session affinity policy ([#1302](https://github.com/cloudflare/cloudflare-go/issues/1302))
-- zone: Added `GetRegionalTieredCache` and `UpdateRegionalTieredCache` to allow setting Regional Tiered Cache for a zone. ([#1336](https://github.com/cloudflare/cloudflare-go/issues/1336))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.11.0 to 0.12.0 ([#1328](https://github.com/cloudflare/cloudflare-go/issues/1328))
-
-## 0.72.0 (July 5th, 2023)
-
-BREAKING CHANGES:
-
-- logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-- logpush: all methods are updated to use the newer client conventions for method signatures ([#1326](https://github.com/cloudflare/cloudflare-go/issues/1326))
-
-ENHANCEMENTS:
-
-- resource_container: expose `Type` on `*ResourceContainer` to explicitly denote what type of resource it is instead of inferring from `Level`. ([#1325](https://github.com/cloudflare/cloudflare-go/issues/1325))
-
-## 0.71.0 (July 5th, 2023)
-
-BREAKING CHANGES:
-
-- access_application: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_ca_certificate: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_group: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_identity_provider: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_mutual_tls_certificates: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_organization: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_policy: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_service_tokens: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_user_token: refactor methods to use `ResourceContainer` instead of dedicated account/zone methods ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- images: renamed `BaseImage` to `GetBaseImage` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: renamed `ImageDetails` to `GetImage` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: renamed `ImagesStats` to `GetImagesStats` to match library conventions ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: updated method signatures of `DeleteImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: updated method signatures of `ListImages` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: updated method signatures of `UpdateImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- images: updated method signatures of `UploadImage` to match newer conventions and standards ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-
-ENHANCEMENTS:
-
-- access_application: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_ca_certificate: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_group: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_identity_provider: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_mutual_tls_certificates: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- access_policy: add support for auto pagination ([#1319](https://github.com/cloudflare/cloudflare-go/issues/1319))
-- device_posture_rule: support os_version_extra ([#1316](https://github.com/cloudflare/cloudflare-go/issues/1316))
-- images: adds support for v2 when uploading images directly ([#1322](https://github.com/cloudflare/cloudflare-go/issues/1322))
-- workers: Add ability to specify tail Workers in script metadata ([#1317](https://github.com/cloudflare/cloudflare-go/issues/1317))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.5.1 to 1.6.0 ([#1320](https://github.com/cloudflare/cloudflare-go/issues/1320))
-
-## 0.70.0 (June 21st, 2023)
-
-BREAKING CHANGES:
-
-- cloudflare: remove `UsingAccount` in favour of resource specific attributes ([#1315](https://github.com/cloudflare/cloudflare-go/issues/1315))
-- cloudflare: remove `api.AccountID` from client struct ([#1315](https://github.com/cloudflare/cloudflare-go/issues/1315))
-- dns_firewall: modernise method signatures and conventions to align with the experimental client ([#1313](https://github.com/cloudflare/cloudflare-go/issues/1313))
-- railgun: remove support for railgun ([#1312](https://github.com/cloudflare/cloudflare-go/issues/1312))
-- tunnel: swap `ConnectTimeout`, `TLSTimeout`, `TCPKeepAlive` and `KeepAliveTimeout` to `TunnelDuration` instead of `time.Duration` ([#1303](https://github.com/cloudflare/cloudflare-go/issues/1303))
-- virtualdns: remove support in favour of newer DNS firewall methods ([#1313](https://github.com/cloudflare/cloudflare-go/issues/1313))
-
-ENHANCEMENTS:
-
-- custom_nameservers: add support for managing custom nameservers ([#1304](https://github.com/cloudflare/cloudflare-go/issues/1304))
-- load_balancing: extend documentation for least_outstanding_requests steering policy ([#1293](https://github.com/cloudflare/cloudflare-go/issues/1293))
-- waiting_room: add support for `additional_routes` and `cookie_suffix` ([#1311](https://github.com/cloudflare/cloudflare-go/issues/1311))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.3 to 0.7.4 ([#1301](https://github.com/cloudflare/cloudflare-go/issues/1301))
-- deps: bumps github.com/urfave/cli/v2 from 2.25.5 to 2.25.6 ([#1305](https://github.com/cloudflare/cloudflare-go/issues/1305))
-- deps: bumps github.com/urfave/cli/v2 from 2.25.6 to 2.25.7 ([#1314](https://github.com/cloudflare/cloudflare-go/issues/1314))
-- deps: bumps golang.org/x/net from 0.10.0 to 0.11.0 ([#1307](https://github.com/cloudflare/cloudflare-go/issues/1307))
-- deps: bumps goreleaser/goreleaser-action from 4.2.0 to 4.3.0 ([#1306](https://github.com/cloudflare/cloudflare-go/issues/1306))
-
-## 0.69.0 (June 7th, 2023)
-
-BREAKING CHANGES:
-
-- stream: StreamVideo.Duration has changed from int to float64. ([#1190](https://github.com/cloudflare/cloudflare-go/issues/1190))
-
-ENHANCEMENTS:
-
-- access: Added `self_hosted_domains` support to access applications ([#1281](https://github.com/cloudflare/cloudflare-go/issues/1281))
-- custom_hostname: add support for `bundle_method` TLS configuration ([#1298](https://github.com/cloudflare/cloudflare-go/issues/1298))
-- devices_policy: Add missing description field to policy ([#1294](https://github.com/cloudflare/cloudflare-go/issues/1294))
-- stream: added metadata support ([#1088](https://github.com/cloudflare/cloudflare-go/issues/1088))
-
-BUG FIXES:
-
-- email_routing_destination: return encountered error, not `ErrMissingAccountID` all the time ([#1297](https://github.com/cloudflare/cloudflare-go/issues/1297))
-- stream: Fix a bug that cannot unmarshal video duration number. ([#1190](https://github.com/cloudflare/cloudflare-go/issues/1190))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.5.0 to 1.5.1 ([#1292](https://github.com/cloudflare/cloudflare-go/issues/1292))
-- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.3 ([#1300](https://github.com/cloudflare/cloudflare-go/issues/1300))
-- deps: bumps github.com/stretchr/testify from 1.8.3 to 1.8.4 ([#1296](https://github.com/cloudflare/cloudflare-go/issues/1296))
-- deps: bumps github.com/urfave/cli/v2 from 2.25.3 to 2.25.5 ([#1295](https://github.com/cloudflare/cloudflare-go/issues/1295))
-
-## 0.68.0 (May 24th, 2023)
-
-BREAKING CHANGES:
-
-- r2_bucket: change creation time from string to \*time.Time ([#1265](https://github.com/cloudflare/cloudflare-go/issues/1265))
-
-ENHANCEMENTS:
-
-- adds OriginRequest field to UnvalidatedIngressRule struct. ([#1138](https://github.com/cloudflare/cloudflare-go/issues/1138))
-- lists: add support for hostname and ASN lists. ([#1288](https://github.com/cloudflare/cloudflare-go/issues/1288))
-- pages: add support for Smart Placement. Added `Placement` in `PagesProjectDeploymentConfigEnvironment`. ([#1279](https://github.com/cloudflare/cloudflare-go/issues/1279))
-- r2_bucket: add support for getting a bucket ([#1265](https://github.com/cloudflare/cloudflare-go/issues/1265))
-- tunnels: add support for `access` and `http2Origin` keys ([#1291](https://github.com/cloudflare/cloudflare-go/issues/1291))
-- workers: add support for Smart Placement. Added `Placement` in `CreateWorkerParams`. ([#1279](https://github.com/cloudflare/cloudflare-go/issues/1279))
-- zone: Added `GetCacheReserve` and `UpdateacheReserve` to allow setting Cache Reserve for a zone. ([#1278](https://github.com/cloudflare/cloudflare-go/issues/1278))
-
-BUG FIXES:
-
-- dns: fix MX record priority not set by UpdateDNSRecord ([#1290](https://github.com/cloudflare/cloudflare-go/issues/1290))
-- flarectl/dns: ensure MX priority value is dereferenced ([#1289](https://github.com/cloudflare/cloudflare-go/issues/1289))
-- turnstile: remove `SiteKey` being sent in rotate secret's request body ([#1285](https://github.com/cloudflare/cloudflare-go/issues/1285))
-- turnstile: remove `SiteKey`/`Secret` being sent in update request body ([#1284](https://github.com/cloudflare/cloudflare-go/issues/1284))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.4.0 to 1.5.0 ([#1287](https://github.com/cloudflare/cloudflare-go/issues/1287))
-- deps: bumps github.com/stretchr/testify from 1.8.2 to 1.8.3 ([#1286](https://github.com/cloudflare/cloudflare-go/issues/1286))
-
-## 0.67.0 (May 10th, 2023)
-
-NOTES:
-
-- dns_firewall: The `OriginIPs` field has been renamed to `UpstreamIPs`. ([#1246](https://github.com/cloudflare/cloudflare-go/issues/1246))
-
-ENHANCEMENTS:
-
-- device_posture_rule: add input fields tanium, intune and kolide ([#1268](https://github.com/cloudflare/cloudflare-go/issues/1268))
-- waiting_room: add support for zone-level settings ([#1276](https://github.com/cloudflare/cloudflare-go/issues/1276))
-
-BUG FIXES:
-
-- rulesets: allow `PreserveQueryString` to be nullable ([#1275](https://github.com/cloudflare/cloudflare-go/issues/1275))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.25.1 to 2.25.3 ([#1274](https://github.com/cloudflare/cloudflare-go/issues/1274))
-- deps: bumps golang.org/x/net from 0.9.0 to 0.10.0 ([#1280](https://github.com/cloudflare/cloudflare-go/issues/1280))
-
-## 0.66.0 (26th April, 2023)
-
-ENHANCEMENTS:
-
-- access_application: Add `path_cookie_attribute` app setting ([#1223](https://github.com/cloudflare/cloudflare-go/issues/1223))
-- certificate_packs: add `Status` field to indicate the status of certificate pack ([#1271](https://github.com/cloudflare/cloudflare-go/issues/1271))
-- data localization: add support for regional hostnames API ([#1270](https://github.com/cloudflare/cloudflare-go/issues/1270))
-- dns: add support for importing and exporting DNS records using BIND file configurations ([#1266](https://github.com/cloudflare/cloudflare-go/issues/1266))
-- logpush: add support for max upload parameters ([#1272](https://github.com/cloudflare/cloudflare-go/issues/1272))
-- turnstile: add support for turnstile ([#1267](https://github.com/cloudflare/cloudflare-go/issues/1267))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.3.6 to 1.4.0 ([#1269](https://github.com/cloudflare/cloudflare-go/issues/1269))
-
-## 0.65.0 (12th April, 2023)
-
-ENHANCEMENTS:
-
-- access: Add `auto_redirect_to_identity` flag to Access organizations ([#1260](https://github.com/cloudflare/cloudflare-go/issues/1260))
-- access: Add `isolation_required` flag to Access policies ([#1258](https://github.com/cloudflare/cloudflare-go/issues/1258))
-- rulesets: add support for add operation to HTTP header configuration ([#1253](https://github.com/cloudflare/cloudflare-go/issues/1253))
-- rulesets: add support for the `compress_response` action ([#1261](https://github.com/cloudflare/cloudflare-go/issues/1261))
-- rulesets: add support for the `http_response_compression` phase ([#1261](https://github.com/cloudflare/cloudflare-go/issues/1261))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/net from 0.8.0 to 0.9.0 ([#1263](https://github.com/cloudflare/cloudflare-go/issues/1263))
-
-## 0.64.0 (29th March, 2023)
-
-BREAKING CHANGES:
-
-- dns: Changed Create/UpdateDNSRecord method signatures to return (DNSRecord, error) ([#1243](https://github.com/cloudflare/cloudflare-go/issues/1243))
-- zone: `UpdateZoneSingleSetting` has been renamed to `UpdateZoneSetting` and updated method signature inline with our expected conventions ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
-- zone: `ZoneSingleSetting` has been renamed to `GetZoneSetting` and updated method signature inline with our expected conventions ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
-
-ENHANCEMENTS:
-
-- access_identity_provider: add `claims` and `scopes` fields ([#1237](https://github.com/cloudflare/cloudflare-go/issues/1237))
-- access_identity_provider: add scim_config field ([#1178](https://github.com/cloudflare/cloudflare-go/issues/1178))
-- devices_policy: update `Mode` field to use new `ServiceMode` string type with explicit const service mode values ([#1249](https://github.com/cloudflare/cloudflare-go/issues/1249))
-- ssl: make `GeoRestrictions` a pointer inside of ZoneCustomSSL ([#1244](https://github.com/cloudflare/cloudflare-go/issues/1244))
-- zone: `GetZoneSetting` and `UpdateZoneSetting` now allow configuring the path for where a setting resides instead of assuming `settings` ([#1251](https://github.com/cloudflare/cloudflare-go/issues/1251))
-
-BUG FIXES:
-
-- teams_rules: `AllowChildBypass` changes from a `bool` to `*bool` ([#1242](https://github.com/cloudflare/cloudflare-go/issues/1242))
-- teams_rules: `BypassParentRule` changes from a `bool` to `*bool` ([#1242](https://github.com/cloudflare/cloudflare-go/issues/1242))
-- tunnel: Fix 'CreateTunnel' for tunnels using config_src ([#1238](https://github.com/cloudflare/cloudflare-go/issues/1238))
-
-DEPENDENCIES:
-
-- deps: bumps actions/setup-go from 3 to 4 ([#1236](https://github.com/cloudflare/cloudflare-go/issues/1236))
-- deps: bumps github.com/urfave/cli/v2 from 2.25.0 to 2.25.1 ([#1250](https://github.com/cloudflare/cloudflare-go/issues/1250))
-
-## 0.63.0 (15th March, 2023)
-
-BREAKING CHANGES:
-
-- tunnel: renamed `Tunnel` to `GetTunnel` ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
-- tunnel: renamed `Tunnels` to `ListTunnels` ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
-
-ENHANCEMENTS:
-
-- access_organization: add ui_read_only_toggle_reason field ([#1181](https://github.com/cloudflare/cloudflare-go/issues/1181))
-- added audit_ssh to gateway actions, updated gateway rule settings ([#1226](https://github.com/cloudflare/cloudflare-go/issues/1226))
-- addressing: Add `Address Map` support ([#1232](https://github.com/cloudflare/cloudflare-go/issues/1232))
-- teams_account: add support for `check_disks` ([#1197](https://github.com/cloudflare/cloudflare-go/issues/1197))
-- tunnel: updated parameters to latest API docs ([#1227](https://github.com/cloudflare/cloudflare-go/issues/1227))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.24.4 to 2.25.0 ([#1229](https://github.com/cloudflare/cloudflare-go/issues/1229))
-- deps: bumps golang.org/x/net from 0.7.0 to 0.8.0 ([#1228](https://github.com/cloudflare/cloudflare-go/issues/1228))
-
-## 0.62.0 (1st March, 2023)
-
-ENHANCEMENTS:
-
-- dex_test: add CRUD functionality for DEX test configurations ([#1209](https://github.com/cloudflare/cloudflare-go/issues/1209))
-- dlp: Adds support for partial payload logging ([#1212](https://github.com/cloudflare/cloudflare-go/issues/1212))
-- teams_accounts: Add new root_certificate_installation_enabled field ([#1208](https://github.com/cloudflare/cloudflare-go/issues/1208))
-- teams_rules: Add `untrusted_cert` rule setting ([#1214](https://github.com/cloudflare/cloudflare-go/issues/1214))
-- tunnels: automatically paginate `ListTunnels` ([#1206](https://github.com/cloudflare/cloudflare-go/issues/1206))
-
-BUG FIXES:
-
-- dex_test: use dex test types and json struct mappings instead of managed networks ([#1213](https://github.com/cloudflare/cloudflare-go/issues/1213))
-- dns: dont reuse DNSListResponse when using pagination to avoid Proxied pointer overwrite ([#1222](https://github.com/cloudflare/cloudflare-go/issues/1222))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/stretchr/testify from 1.8.1 to 1.8.2 ([#1220](https://github.com/cloudflare/cloudflare-go/issues/1220))
-- deps: bumps github.com/urfave/cli/v2 from 2.24.3 to 2.24.4 ([#1210](https://github.com/cloudflare/cloudflare-go/issues/1210))
-- deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1218](https://github.com/cloudflare/cloudflare-go/issues/1218))
-- deps: bumps golang.org/x/net from 0.0.0-20220722155237-a158d28d115b to 0.7.0 ([#1219](https://github.com/cloudflare/cloudflare-go/issues/1219))
-- deps: bumps golang.org/x/text from 0.3.7 to 0.3.8 ([#1215](https://github.com/cloudflare/cloudflare-go/issues/1215))
-- deps: bumps golang.org/x/text from 0.3.7 to 0.3.8 ([#1216](https://github.com/cloudflare/cloudflare-go/issues/1216))
-- deps: bumps golang.org/x/time from 0.0.0-20220224211638-0e9765cccd65 to 0.3.0 ([#1217](https://github.com/cloudflare/cloudflare-go/issues/1217))
-
-## 0.61.0 (15th February, 2023)
-
-ENHANCEMENTS:
-
-- cloudflare: make it clearer when we hit a server error and to retry later ([#1207](https://github.com/cloudflare/cloudflare-go/issues/1207))
-- devices_policy: Add new exclude_office_ips field to policy ([#1205](https://github.com/cloudflare/cloudflare-go/issues/1205))
-- dlp_profile: Use int rather than uint for allowed_match_count field ([#1200](https://github.com/cloudflare/cloudflare-go/issues/1200))
-
-BUG FIXES:
-
-- dns: always send `tags` to allow clearing ([#1196](https://github.com/cloudflare/cloudflare-go/issues/1196))
-- stream: renamed `RequiredSignedURLs` to `RequireSignedURLs` ([#1202](https://github.com/cloudflare/cloudflare-go/issues/1202))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.24.2 to 2.24.3 ([#1199](https://github.com/cloudflare/cloudflare-go/issues/1199))
-
-## 0.60.0 (1st February, 2023)
-
-BREAKING CHANGES:
-
-- queues: UpdateQueue has been updated to match the API and now correctly updates a Queue's name ([#1188](https://github.com/cloudflare/cloudflare-go/issues/1188))
-
-ENHANCEMENTS:
-
-- dlp_profile: Add new allowed_match_count field to profiles ([#1193](https://github.com/cloudflare/cloudflare-go/issues/1193))
-- dns: allow sending empty strings to remove comments ([#1195](https://github.com/cloudflare/cloudflare-go/issues/1195))
-- magic_transit_ipsec_tunnel: makes customer endpoint an optional field for ipsec tunnel creation ([#1185](https://github.com/cloudflare/cloudflare-go/issues/1185))
-- rulesets: add support for `score_per_period` and `score_response_header_name` ([#1183](https://github.com/cloudflare/cloudflare-go/issues/1183))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.3.5 to 1.3.6 ([#1184](https://github.com/cloudflare/cloudflare-go/issues/1184))
-- deps: bumps github.com/urfave/cli/v2 from 2.23.7 to 2.24.1 ([#1180](https://github.com/cloudflare/cloudflare-go/issues/1180))
-- deps: bumps github.com/urfave/cli/v2 from 2.24.1 to 2.24.2 ([#1191](https://github.com/cloudflare/cloudflare-go/issues/1191))
-- deps: bumps goreleaser/goreleaser-action from 4.1.0 to 4.2.0 ([#1192](https://github.com/cloudflare/cloudflare-go/issues/1192))
-
-## 0.59.0 (January 18th, 2023)
-
-BREAKING CHANGES:
-
-- dns: remove these read-only fields from `UpdateDNSRecordParams`: `CreatedOn`, `ModifiedOn`, `Meta`, `ZoneID`, `ZoneName`, `Proxiable`, and `Locked` ([#1170](https://github.com/cloudflare/cloudflare-go/issues/1170))
-- dns: the fields `CreatedOn` and `ModifiedOn` are removed from `ListDNSRecordsParams` ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
-
-NOTES:
-
-- dns: remove additional lookup from `Update` operations when `Name` or `Type` was omitted ([#1170](https://github.com/cloudflare/cloudflare-go/issues/1170))
-
-ENHANCEMENTS:
-
-- access_organization: add user_seat_expiration_inactive_time field ([#1159](https://github.com/cloudflare/cloudflare-go/issues/1159))
-- dns: `GetDNSRecord`, `UpdateDNSRecord` and `DeleteDNSRecord` now return the new, dedicated error `ErrMissingDNSRecordID` when an empty DNS record ID is given. ([#1174](https://github.com/cloudflare/cloudflare-go/issues/1174))
-- dns: the URL parameter `tag-match` for listing DNS records is now supported as the field `TagMatch` in `ListDNSRecordsParams` ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
-- dns: update default `per_page` attribute to 100 records ([#1171](https://github.com/cloudflare/cloudflare-go/issues/1171))
-- teams_rules: adds support for Egress Policies ([#1142](https://github.com/cloudflare/cloudflare-go/issues/1142))
-- workers: Add support for compatibility_date and compatibility_flags when upoading a worker script ([#1177](https://github.com/cloudflare/cloudflare-go/issues/1177))
-- workers: script upload now supports Queues bindings ([#1176](https://github.com/cloudflare/cloudflare-go/issues/1176))
-
-BUG FIXES:
-
-- dns: don't send "priority" for list operations as it isn't supported and is only used for internal filtering ([#1167](https://github.com/cloudflare/cloudflare-go/issues/1167))
-- dns: the field `Tags` in `ListDNSRecordsParams` was not correctly serialized into URL queries ([#1173](https://github.com/cloudflare/cloudflare-go/issues/1173))
-- managednetworks: Update should be PUT ([#1172](https://github.com/cloudflare/cloudflare-go/issues/1172))
-
-## 0.58.1 (January 5th, 2023)
-
-ENHANCEMENTS:
-
-- cloudflare: automatically redact sensitive values from HTTP interactions ([#1164](https://github.com/cloudflare/cloudflare-go/issues/1164))
-
-## 0.58.0 (January 4th, 2023)
-
-BREAKING CHANGES:
-
-- dns: `DNSRecord` has been renamed to `GetDNSRecord` ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
-- dns: `DNSRecords` has been renamed to `ListDNSRecords` ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
-- dns: method signatures have been updated to align with the upcoming client conventions ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
-- origin_ca: renamed to `CreateOriginCertificate` to `CreateOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-- origin_ca: renamed to `OriginCARootCertificate` to `GetOriginCARootCertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-- origin_ca: renamed to `OriginCertificate` to `GetOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-- origin_ca: renamed to `OriginCertificates` to `ListOriginCACertificates` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-- origin_ca: renamed to `RevokeOriginCertificate` to `RevokeOriginCACertificate` ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-
-ENHANCEMENTS:
-
-- dns: add support for tags and comments ([#1151](https://github.com/cloudflare/cloudflare-go/issues/1151))
-- mtls_certificate: add support for managing mTLS certificates and assocations ([#1150](https://github.com/cloudflare/cloudflare-go/issues/1150))
-- origin_ca: add support for using API keys, API tokens or API User service keys for interacting with Origin CA endpoints ([#1161](https://github.com/cloudflare/cloudflare-go/issues/1161))
-- workers: Add support for workers logpush enablement on script upload ([#1160](https://github.com/cloudflare/cloudflare-go/issues/1160))
-
-BUG FIXES:
-
-- email_routing_destination: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- email_routing_rules: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- filter: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- firewall_rules: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- lockdown: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- queue: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- teams_list: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-- workers_kv: use empty reponse struct on each page call ([#1156](https://github.com/cloudflare/cloudflare-go/issues/1156))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/hashicorp/go-retryablehttp from 0.7.1 to 0.7.2 ([#1162](https://github.com/cloudflare/cloudflare-go/issues/1162))
-
-## 0.57.1 (December 23rd, 2022)
-
-ENHANCEMENTS:
-
-- tiered_cache: Add support for Tiered Caching interactions for setting Smart and Generic topologies ([#1149](https://github.com/cloudflare/cloudflare-go/issues/1149))
-
-BUG FIXES:
-
-- workers: correctly set `body` value for non-ES module uploads ([#1155](https://github.com/cloudflare/cloudflare-go/issues/1155))
-
-## 0.57.0 (December 22nd, 2022)
-
-BREAKING CHANGES:
-
-- workers: API operations now target account level resources instead of older zone level resources (these are a 1:1 now) ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_bindings: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_cron_triggers: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_kv: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_routes: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_secrets: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers_tails: method signatures have been updated to align with the upcoming client conventions ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-
-NOTES:
-
-- workers: all worker methods have been split into product ownership(-ish) files ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-- workers: all worker methods now require an explicit `ResourceContainer` for endpoints instead of relying on the globally defined `api.AccountID` ([#1137](https://github.com/cloudflare/cloudflare-go/issues/1137))
-
-ENHANCEMENTS:
-
-- managed_networks: add CRUD functionality for managednetworks ([#1148](https://github.com/cloudflare/cloudflare-go/issues/1148))
-
-DEPENDENCIES:
-
-- deps: bumps goreleaser/goreleaser-action from 3.2.0 to 4.1.0 ([#1146](https://github.com/cloudflare/cloudflare-go/issues/1146))
-
-## 0.56.0 (December 5th, 2022)
-
-BREAKING CHANGES:
-
-- pages: Changed the type of EnvVars in PagesProjectDeploymentConfigEnvironment & PagesProjectDeployment in order to properly support secrets. ([#1136](https://github.com/cloudflare/cloudflare-go/issues/1136))
-
-NOTES:
-
-- pages: removed the v1 logs endpoint for Pages deployments. Please switch to v2: https://developers.cloudflare.com/api/operations/pages-deployment-get-deployment-logs ([#1135](https://github.com/cloudflare/cloudflare-go/issues/1135))
-
-ENHANCEMENTS:
-
-- cache_rules: add ignore option to query string struct ([#1140](https://github.com/cloudflare/cloudflare-go/issues/1140))
-- pages: Updates bindings and other Functions related propreties. Service bindings, secrets, fail open/close and usage model are all now supported. ([#1136](https://github.com/cloudflare/cloudflare-go/issues/1136))
-- workers: Support for Workers Analytics Engine bindings ([#1133](https://github.com/cloudflare/cloudflare-go/issues/1133))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.23.5 to 2.23.6 ([#1139](https://github.com/cloudflare/cloudflare-go/issues/1139))
-
-## 0.55.0 (November 23th, 2022)
-
-BREAKING CHANGES:
-
-- workers_kv: `CreateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `DeleteWorkersKVBulk` has been renamed to `DeleteWorkersKVEntries`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `DeleteWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `DeleteWorkersKV` has been renamed to `DeleteWorkersKVEntry`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `ListWorkersKVNamespaces` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `ListWorkersKVsWithOptions` has been removed. Use `ListWorkersKVKeys` instead and pass in the options. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `ListWorkersKVs` has been renamed to `ListWorkersKVKeys`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `ReadWorkersKV` has been renamed to `GetWorkersKV`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `UpdateWorkersKVNamespace` has been updated to match the experimental client method signatures (https://github.com/cloudflare/cloudflare-go/blob/master/docs/experimental.md). ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `WriteWorkersKVBulk` has been renamed to `WriteWorkersKVEntries`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-- workers_kv: `WriteWorkersKV` has been renamed to `WriteWorkersKVEntry`. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-
-ENHANCEMENTS:
-
-- device_posture_rule: add input fields crowdstrike ([#1126](https://github.com/cloudflare/cloudflare-go/issues/1126))
-- queue: add support queue API ([#1131](https://github.com/cloudflare/cloudflare-go/issues/1131))
-- r2: Add support for listing R2 buckets ([#1063](https://github.com/cloudflare/cloudflare-go/issues/1063))
-- workers_domain: add support for workers domain API ([#1130](https://github.com/cloudflare/cloudflare-go/issues/1130))
-- workers_kv: `ListWorkersKVNamespaces` automatically paginates all results unless `PerPage` is defined. ([#1115](https://github.com/cloudflare/cloudflare-go/issues/1115))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.23.4 to 2.23.5 ([#1127](https://github.com/cloudflare/cloudflare-go/issues/1127))
-
-## 0.54.0 (November 9th, 2022)
-
-ENHANCEMENTS:
-
-- access: add support for service token rotation ([#1120](https://github.com/cloudflare/cloudflare-go/issues/1120))
-- deps: fix import grouping, code formatting and enable goimports linter ([#1121](https://github.com/cloudflare/cloudflare-go/issues/1121))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.3.4 to 1.3.5 ([#1123](https://github.com/cloudflare/cloudflare-go/issues/1123))
-- deps: bumps github.com/urfave/cli/v2 from 2.20.3 to 2.23.0 ([#1122](https://github.com/cloudflare/cloudflare-go/issues/1122))
-- deps: bumps github.com/urfave/cli/v2 from 2.23.0 to 2.23.2 ([#1124](https://github.com/cloudflare/cloudflare-go/issues/1124))
-- deps: bumps github.com/urfave/cli/v2 from 2.23.2 to 2.23.4 ([#1125](https://github.com/cloudflare/cloudflare-go/issues/1125))
-
-## 0.53.0 (October 26th, 2022)
-
-BREAKING CHANGES:
-
-- account_member: `CreateAccountMember` has been updated to accept a `CreateAccountMemberParams` struct instead of multiple parameters ([#1095](https://github.com/cloudflare/cloudflare-go/issues/1095))
-- teams_list: updated methods to match the experimental client format ([#1114](https://github.com/cloudflare/cloudflare-go/issues/1114))
-
-ENHANCEMENTS:
-
-- account_member: add support for domain scoped roles ([#1095](https://github.com/cloudflare/cloudflare-go/issues/1095))
-- cloudflare: expose `Messages` from the `Response` object ([#1106](https://github.com/cloudflare/cloudflare-go/issues/1106))
-- dlp: Adds support for DLP resources ([#1111](https://github.com/cloudflare/cloudflare-go/issues/1111))
-- teams_list: `List` operations now automatically paginate ([#1114](https://github.com/cloudflare/cloudflare-go/issues/1114))
-- total_tls: adds support for TotalTLS ([#1105](https://github.com/cloudflare/cloudflare-go/issues/1105))
-- waiting_room: add support for waiting room rules ([#1102](https://github.com/cloudflare/cloudflare-go/issues/1102))
-
-DEPENDENCIES:
-
-- deps: `ioutil` package is being deprecated in favor of `io` ([#1116](https://github.com/cloudflare/cloudflare-go/issues/1116))
-- deps: bumps github.com/stretchr/testify from 1.8.0 to 1.8.1 ([#1119](https://github.com/cloudflare/cloudflare-go/issues/1119))
-- deps: bumps github.com/urfave/cli/v2 from 2.19.2 to 2.20.2 ([#1108](https://github.com/cloudflare/cloudflare-go/issues/1108))
-- deps: bumps github.com/urfave/cli/v2 from 2.20.2 to 2.20.3 ([#1118](https://github.com/cloudflare/cloudflare-go/issues/1118))
-- deps: bumps goreleaser/goreleaser-action from 3.1.0 to 3.2.0 ([#1112](https://github.com/cloudflare/cloudflare-go/issues/1112))
-- deps: remove `github.com/pkg/errors` in favor of `errors` ([#1117](https://github.com/cloudflare/cloudflare-go/issues/1117))
-
-## 0.52.0 (October 12th, 2022)
-
-ENHANCEMENTS:
-
-- access: add UI read-only field to organizations ([#1104](https://github.com/cloudflare/cloudflare-go/issues/1104))
-- devices_policy: Add support for additional device settings policies ([#1090](https://github.com/cloudflare/cloudflare-go/issues/1090))
-- rulesets: add support for `sensitivity_level` to override all rule sensitivity ([#1093](https://github.com/cloudflare/cloudflare-go/issues/1093))
-
-DEPENDENCIES:
-
-- deps: bumps dependabot/fetch-metadata from 1.3.3 to 1.3.4 ([#1097](https://github.com/cloudflare/cloudflare-go/issues/1097))
-- deps: bumps github.com/urfave/cli/v2 from 2.16.3 to 2.17.1 ([#1094](https://github.com/cloudflare/cloudflare-go/issues/1094))
-- deps: bumps github.com/urfave/cli/v2 from 2.17.1 to 2.19.2 ([#1103](https://github.com/cloudflare/cloudflare-go/issues/1103))
-
-## 0.51.0 (September 28th, 2022)
-
-BREAKING CHANGES:
-
-- load_balancing: update method signatures to match experimental conventions ([#1084](https://github.com/cloudflare/cloudflare-go/issues/1084))
-
-ENHANCEMENTS:
-
-- device_posture_rule: add input fields for linux OS ([#1087](https://github.com/cloudflare/cloudflare-go/issues/1087))
-- load_balancing: support adaptive_routing and location_strategy ([#1091](https://github.com/cloudflare/cloudflare-go/issues/1091))
-
-BUG FIXES:
-
-- user-agent-blocking-rules: add missing managed_challenge validation and removed the deprecated whitelist one ([#1089](https://github.com/cloudflare/cloudflare-go/issues/1089))
-
-## 0.50.0 (September 14, 2022)
-
-ENHANCEMENTS:
-
-- auditlogs: add support for hide_user_logs filter parameter ([#1075](https://github.com/cloudflare/cloudflare-go/issues/1075))
-
-BUG FIXES:
-
-- cloudflare: exiting closer to the source on context timeouts to improve error messaging and better defend from potential edge cases ([#1080](https://github.com/cloudflare/cloudflare-go/issues/1080))
-- origin certificate: Fix API auth type used ([#1082](https://github.com/cloudflare/cloudflare-go/issues/1082))
-
-DEPENDENCIES:
-
-- deps: bumps github.com/urfave/cli/v2 from 2.11.2 to 2.14.0 ([#1077](https://github.com/cloudflare/cloudflare-go/issues/1077))
-- deps: bumps github.com/urfave/cli/v2 from 2.14.0 to 2.14.1 ([#1081](https://github.com/cloudflare/cloudflare-go/issues/1081))
-- deps: bumps github.com/urfave/cli/v2 from 2.14.1 to 2.15.0 ([#1085](https://github.com/cloudflare/cloudflare-go/issues/1085))
-- deps: bumps github.com/urfave/cli/v2 from 2.15.0 to 2.16.3 ([#1086](https://github.com/cloudflare/cloudflare-go/issues/1086))
-
-## 0.49.0 (August 31st, 2022)
-
-ENHANCEMENTS:
-
-- access_service_token: add support for refreshing an existing token in place ([#1074](https://github.com/cloudflare/cloudflare-go/issues/1074))
-- api: addded context and headers to Raw method ([#1068](https://github.com/cloudflare/cloudflare-go/issues/1068))
-- api_shield: add GET/PUT for API Shield Configuration ([#1059](https://github.com/cloudflare/cloudflare-go/issues/1059))
-- pages_project: Add `kv_namespaces`, `durable_object_namespaces`, `r2_buckets`, and `d1_databases` bindings to deployment config ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
-- pages_project: Add `preview_deployment_setting`, `preview_branch_includes`, and `preview_branch_excludes` to source config ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
-- pages_project: Add `production_branch` field ([#1065](https://github.com/cloudflare/cloudflare-go/issues/1065))
-- teams_account: add support for `os_distro_name` and `os_distro_revision` ([#1073](https://github.com/cloudflare/cloudflare-go/issues/1073))
-- url_normalization_settings: Add APIs to get and update URL normalization settings ([#1071](https://github.com/cloudflare/cloudflare-go/issues/1071))
-- workers: Support for multipart encoding for DownloadWorker on a module-format Worker script ([#1040](https://github.com/cloudflare/cloudflare-go/issues/1040))
-
-BUG FIXES:
-
-- cloudflare: fix nil dereference error in makeRequestWithAuthTypeAndHeaders ([#1072](https://github.com/cloudflare/cloudflare-go/issues/1072))
-- email_routing_rules: Fix response for email routing catch all rule. ([#1070](https://github.com/cloudflare/cloudflare-go/issues/1070))
-- email_routing_settings: change enable endpoint from `enabled` to `enable` ([#1060](https://github.com/cloudflare/cloudflare-go/issues/1060))
-- stream: Update pctComplete to string from int ([#1066](https://github.com/cloudflare/cloudflare-go/issues/1066))
-
-DEPENDENCIES:
-
-- deps: bumps goreleaser/goreleaser-action from 3.0.0 to 3.1.0 ([#1067](https://github.com/cloudflare/cloudflare-go/issues/1067))
-
-## 0.48.0 (August 22nd, 2022)
-
-ENHANCEMENTS:
-
-- errors: add some error type convenience functions for mocking and inspection ([#1047](https://github.com/cloudflare/cloudflare-go/issues/1047))
-- pages_project: Add compatibility date and compatibility_flags to pages deployment configs ([#1051](https://github.com/cloudflare/cloudflare-go/issues/1051))
-- teams_account: add support for `suppress_footer` ([#1053](https://github.com/cloudflare/cloudflare-go/issues/1053))
-
-BUG FIXES:
-
-- r2: fix create bucket endpoint ([#1035](https://github.com/cloudflare/cloudflare-go/issues/1035))
-- tunnel_configuration: Remove unnecessary double-unmarshalling due to changes in the API ([#1046](https://github.com/cloudflare/cloudflare-go/issues/1046))
-
-## 0.47.1 (August 18th, 2022)
-
-BUG FIXES:
-
-- zonelockdown: add `Priority` to `ZoneLockdownCreateParams` and `ZoneLockdownUpdateParams` ([#1052](https://github.com/cloudflare/cloudflare-go/issues/1052))
-
-## 0.47.0 (August 17th, 2022)
-
-BREAKING CHANGES:
-
-- certificate_packs: deprecate "custom" configuration for ACM everywhere ([#1032](https://github.com/cloudflare/cloudflare-go/issues/1032))
-
-ENHANCEMENTS:
-
-- cloudflare: make it clear when the rate limit retries have been exhausted ([#1043](https://github.com/cloudflare/cloudflare-go/issues/1043))
-- email_routing_destination: Adds support for the email routing destination API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
-- email_routing_rules: Adds support for the email routing rules API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
-- email_routing_settings: Adds support for the email routing settings API ([#1034](https://github.com/cloudflare/cloudflare-go/issues/1034))
-- filter: fix double endpoint calls & moving towards common method signature ([#1016](https://github.com/cloudflare/cloudflare-go/issues/1016))
-- firewall_rule: fix double endpoint calls & moving towards common method signature ([#1016](https://github.com/cloudflare/cloudflare-go/issues/1016))
-- lockdown: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1017](https://github.com/cloudflare/cloudflare-go/issues/1017))
-- r2: Add in support for creating and deleting R2 buckets ([#1028](https://github.com/cloudflare/cloudflare-go/issues/1028))
-- rulesets: add support for `http_config_settings` phase and supporting actions ([#1036](https://github.com/cloudflare/cloudflare-go/issues/1036))
-- workers-account-settings: Add in support for Workers account settings API ([#1027](https://github.com/cloudflare/cloudflare-go/issues/1027))
-- workers-subdomain: Add in support Workers Subdomain API ([#1031](https://github.com/cloudflare/cloudflare-go/issues/1031))
-- workers-tail: Add in support for Workers tail API ([#1026](https://github.com/cloudflare/cloudflare-go/issues/1026))
-- workers: Add support for attaching a worker to a domain ([#1014](https://github.com/cloudflare/cloudflare-go/issues/1014))
-- workers: Add support to upload module workers ([#1010](https://github.com/cloudflare/cloudflare-go/issues/1010))
-
-BUG FIXES:
-
-- email_routing_destination: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
-- email_routing_rules: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
-- email_routing_settings: Update API reference URLs ([#1038](https://github.com/cloudflare/cloudflare-go/issues/1038))
-- tunnel_routes: Fix not removing route when it contains virtual network ([#1030](https://github.com/cloudflare/cloudflare-go/issues/1030))
-- workers_test: Fix incorrect test from PR #1014 ([#1048](https://github.com/cloudflare/cloudflare-go/issues/1048))
-- workers_test: Use application/json mime-type in headers ([#1049](https://github.com/cloudflare/cloudflare-go/issues/1049))
-
-DEPENDENCIES:
-
-- deps: bumps golang.org/x/tools/gopls from 0.9.3 to 0.9.4 ([#1044](https://github.com/cloudflare/cloudflare-go/issues/1044))
-- deps: bumps github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 ([#1020](https://github.com/cloudflare/cloudflare-go/issues/1020))
-- deps: bumps github.com/urfave/cli/v2 from 2.11.1 to 2.11.2 ([#1042](https://github.com/cloudflare/cloudflare-go/issues/1042))
-- deps: bumps golang.org/x/tools/gopls from 0.9.1 to 0.9.2 ([#1037](https://github.com/cloudflare/cloudflare-go/issues/1037))
-- deps: bumps golang.org/x/tools/gopls from 0.9.2 to 0.9.3 ([#1039](https://github.com/cloudflare/cloudflare-go/issues/1039))
-
-## 0.46.0 (3rd August, 2022)
-
-NOTES:
-
-- docs: add release notes ([#1001](https://github.com/cloudflare/cloudflare-go/issues/1001))
-
-ENHANCEMENTS:
-
-- filter: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1004](https://github.com/cloudflare/cloudflare-go/issues/1004))
-- firewall_rule: automatically paginate `List` results unless `Page` and `PerPage` are provided ([#1004](https://github.com/cloudflare/cloudflare-go/issues/1004))
-- rulesets: add support for `http_custom_errors` phase ([#998](https://github.com/cloudflare/cloudflare-go/issues/998))
-- rulesets: add support for `serve_error` action ([#998](https://github.com/cloudflare/cloudflare-go/issues/998))
-
-BUG FIXES:
-
-- access_application: fix inability to set bool values to false ([#1006](https://github.com/cloudflare/cloudflare-go/issues/1006))
-- rulesets: fix sni action parameter ([#1002](https://github.com/cloudflare/cloudflare-go/issues/1002))
-
-DEPENDENCIES:
-
-- provider: bumps github.com/golangci/golangci-lint from 1.47.1 to 1.47.2 ([#1005](https://github.com/cloudflare/cloudflare-go/issues/1005))
-- provider: bumps github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 ([#1008](https://github.com/cloudflare/cloudflare-go/issues/1008))
-- provider: bumps github.com/urfave/cli/v2 from 2.11.0 to 2.11.1 ([#1003](https://github.com/cloudflare/cloudflare-go/issues/1003))
-
-## 0.45.0 (July 20th, 2022)
diff --git a/pkg/cloudflare-go/CODE_OF_CONDUCT.md b/pkg/cloudflare-go/CODE_OF_CONDUCT.md
deleted file mode 100644
index bfbc69d229..0000000000
--- a/pkg/cloudflare-go/CODE_OF_CONDUCT.md
+++ /dev/null
@@ -1,77 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, sex characteristics, gender identity and expression,
-level of experience, education, socio-economic status, nationality, personal
-appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-  advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at ggalow@cloudflare.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see
-https://www.contributor-covenant.org/faq
-
diff --git a/pkg/cloudflare-go/LICENSE b/pkg/cloudflare-go/LICENSE
deleted file mode 100644
index 39e4ddc276..0000000000
--- a/pkg/cloudflare-go/LICENSE
+++ /dev/null
@@ -1,26 +0,0 @@
-Copyright (c) 2015-2022, Cloudflare. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation and/or
-other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its contributors
-may be used to endorse or promote products derived from this software without
-specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/pkg/cloudflare-go/README.md b/pkg/cloudflare-go/README.md
deleted file mode 100644
index dc93558467..0000000000
--- a/pkg/cloudflare-go/README.md
+++ /dev/null
@@ -1,85 +0,0 @@
-# cloudflare-go
-
-[![Go Reference](https://pkg.go.dev/badge/github.com/cloudflare/cloudflare-go.svg)](https://pkg.go.dev/github.com/cloudflare/cloudflare-go)
-![Test](https://github.com/cloudflare/cloudflare-go/workflows/Test/badge.svg)
-[![Go Report Card](https://goreportcard.com/badge/github.com/cloudflare/cloudflare-go?style=flat-square)](https://goreportcard.com/report/github.com/cloudflare/cloudflare-go)
-
-> **Note**: This library is under active development as we expand it to cover
-> our (expanding!) API. Consider the public API of this package a little
-> unstable as we work towards a v1.0.
-
-A Go library for interacting with
-[Cloudflare's API v4](https://api.cloudflare.com/). This library allows you to:
-
-- Manage and automate changes to your DNS records within Cloudflare
-- Manage and automate changes to your zones (domains) on Cloudflare, including
-  adding new zones to your account
-- List and modify the status of WAF (Web Application Firewall) rules for your
-  zones
-- Fetch Cloudflare's IP ranges for automating your firewall whitelisting
-
-A command-line client, [flarectl](cmd/flarectl), is also available as part of
-this project.
-
-## Installation
-
-You need a working Go environment. We officially support only currently supported Go versions according to [Go project's release policy](https://go.dev/doc/devel/release#policy).
-
-```
-go get github.com/cloudflare/cloudflare-go
-```
-
-## Getting Started
-
-```go
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"os"
-
-	"github.com/cloudflare/cloudflare-go"
-)
-
-func main() {
-	// Construct a new API object using a global API key
-	api, err := cloudflare.New(os.Getenv("CLOUDFLARE_API_KEY"), os.Getenv("CLOUDFLARE_API_EMAIL"))
-	// alternatively, you can use a scoped API token
-	// api, err := cloudflare.NewWithAPIToken(os.Getenv("CLOUDFLARE_API_TOKEN"))
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Most API calls require a Context
-	ctx := context.Background()
-
-	// Fetch user details on the account
-	u, err := api.UserDetails(ctx)
-	if err != nil {
-		log.Fatal(err)
-	}
-	// Print user details
-	fmt.Println(u)
-}
-```
-
-Also refer to the
-[API documentation](https://pkg.go.dev/github.com/cloudflare/cloudflare-go) for
-how to use this package in-depth.
-
-## Experimental improvements
-
-This library is starting to ship with experimental improvements that are not yet
-ready for production but will be introduced before the next major version. See
-[experimental README](/docs/experimental.md) for full details.
-
-## Contributing
-
-Pull Requests are welcome, but please open an issue (or comment in an existing
-issue) to discuss any non-trivial changes before submitting code.
-
-## License
-
-BSD licensed. See the [LICENSE](LICENSE) file for details.
diff --git a/pkg/cloudflare-go/access_application.go b/pkg/cloudflare-go/access_application.go
deleted file mode 100644
index bdeaf79cd8..0000000000
--- a/pkg/cloudflare-go/access_application.go
+++ /dev/null
@@ -1,510 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessApplicationType represents the application type.
-type AccessApplicationType string
-
-// These constants represent all valid application types.
-const (
-	SelfHosted  AccessApplicationType = "self_hosted"
-	SSH         AccessApplicationType = "ssh"
-	VNC         AccessApplicationType = "vnc"
-	Biso        AccessApplicationType = "biso"
-	AppLauncher AccessApplicationType = "app_launcher"
-	Warp        AccessApplicationType = "warp"
-	Bookmark    AccessApplicationType = "bookmark"
-	Saas        AccessApplicationType = "saas"
-)
-
-// AccessApplication represents an Access application.
-type AccessApplication struct {
-	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
-	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
-	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
-	LogoURL                  string                         `json:"logo_url,omitempty"`
-	AUD                      string                         `json:"aud,omitempty"`
-	Domain                   string                         `json:"domain"`
-	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
-	Type                     AccessApplicationType          `json:"type,omitempty"`
-	SessionDuration          string                         `json:"session_duration,omitempty"`
-	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
-	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
-	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
-	Name                     string                         `json:"name"`
-	ID                       string                         `json:"id,omitempty"`
-	PrivateAddress           string                         `json:"private_address"`
-	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
-	CreatedAt                *time.Time                     `json:"created_at,omitempty"`
-	UpdatedAt                *time.Time                     `json:"updated_at,omitempty"`
-	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
-	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
-	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
-	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
-	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
-	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
-	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
-	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
-	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
-	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
-	CustomPages              []string                       `json:"custom_pages,omitempty"`
-	Tags                     []string                       `json:"tags,omitempty"`
-	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
-	Policies                 []AccessPolicy                 `json:"policies,omitempty"`
-	AccessAppLauncherCustomization
-}
-
-type AccessApplicationGatewayRule struct {
-	ID string `json:"id,omitempty"`
-}
-
-// AccessApplicationCorsHeaders represents the CORS HTTP headers for an Access
-// Application.
-type AccessApplicationCorsHeaders struct {
-	AllowedMethods   []string `json:"allowed_methods,omitempty"`
-	AllowedOrigins   []string `json:"allowed_origins,omitempty"`
-	AllowedHeaders   []string `json:"allowed_headers,omitempty"`
-	AllowAllMethods  bool     `json:"allow_all_methods,omitempty"`
-	AllowAllHeaders  bool     `json:"allow_all_headers,omitempty"`
-	AllowAllOrigins  bool     `json:"allow_all_origins,omitempty"`
-	AllowCredentials bool     `json:"allow_credentials,omitempty"`
-	MaxAge           int      `json:"max_age,omitempty"`
-}
-
-// AccessApplicationSCIMConfig represents the configuration for provisioning to an Access Application via SCIM.
-type AccessApplicationSCIMConfig struct {
-	Enabled            *bool                                    `json:"enabled,omitempty"`
-	RemoteURI          string                                   `json:"remote_uri,omitempty"`
-	Authentication     *AccessApplicationScimAuthenticationJson `json:"authentication,omitempty"`
-	IdPUID             string                                   `json:"idp_uid,omitempty"`
-	DeactivateOnDelete *bool                                    `json:"deactivate_on_delete,omitempty"`
-	Mappings           []*AccessApplicationScimMapping          `json:"mappings,omitempty"`
-}
-
-type AccessApplicationScimAuthenticationScheme string
-
-const (
-	AccessApplicationScimAuthenticationSchemeHttpBasic        AccessApplicationScimAuthenticationScheme = "httpbasic"
-	AccessApplicationScimAuthenticationSchemeOauthBearerToken AccessApplicationScimAuthenticationScheme = "oauthbearertoken"
-	AccessApplicationScimAuthenticationSchemeOauth2           AccessApplicationScimAuthenticationScheme = "oauth2"
-)
-
-type AccessApplicationScimAuthenticationJson struct {
-	Value AccessApplicationScimAuthentication
-}
-
-func (a *AccessApplicationScimAuthenticationJson) UnmarshalJSON(buf []byte) error {
-	var scheme baseScimAuthentication
-	if err := json.Unmarshal(buf, &scheme); err != nil {
-		return err
-	}
-
-	switch scheme.Scheme {
-	case AccessApplicationScimAuthenticationSchemeHttpBasic:
-		a.Value = new(AccessApplicationScimAuthenticationHttpBasic)
-	case AccessApplicationScimAuthenticationSchemeOauthBearerToken:
-		a.Value = new(AccessApplicationScimAuthenticationOauthBearerToken)
-	case AccessApplicationScimAuthenticationSchemeOauth2:
-		a.Value = new(AccessApplicationScimAuthenticationOauth2)
-	default:
-		return errors.New("invalid authentication scheme")
-	}
-
-	return json.Unmarshal(buf, a.Value)
-}
-
-func (a *AccessApplicationScimAuthenticationJson) MarshalJSON() ([]byte, error) {
-	return json.Marshal(a.Value)
-}
-
-type AccessApplicationScimAuthentication interface {
-	isScimAuthentication()
-}
-
-type baseScimAuthentication struct {
-	Scheme AccessApplicationScimAuthenticationScheme `json:"scheme"`
-}
-
-func (baseScimAuthentication) isScimAuthentication() {}
-
-type AccessApplicationScimAuthenticationHttpBasic struct {
-	baseScimAuthentication
-	User     string `json:"user"`
-	Password string `json:"password"`
-}
-
-type AccessApplicationScimAuthenticationOauthBearerToken struct {
-	baseScimAuthentication
-	Token string `json:"token"`
-}
-
-type AccessApplicationScimAuthenticationOauth2 struct {
-	baseScimAuthentication
-	ClientID         string   `json:"client_id"`
-	ClientSecret     string   `json:"client_secret"`
-	AuthorizationURL string   `json:"authorization_url"`
-	TokenURL         string   `json:"token_url"`
-	Scopes           []string `json:"scopes,omitempty"`
-}
-
-type AccessApplicationScimMapping struct {
-	Schema           string                                  `json:"schema"`
-	Enabled          *bool                                   `json:"enabled,omitempty"`
-	Filter           string                                  `json:"filter,omitempty"`
-	TransformJsonata string                                  `json:"transform_jsonata,omitempty"`
-	Operations       *AccessApplicationScimMappingOperations `json:"operations,omitempty"`
-}
-
-type AccessApplicationScimMappingOperations struct {
-	Create *bool `json:"create,omitempty"`
-	Update *bool `json:"update,omitempty"`
-	Delete *bool `json:"delete,omitempty"`
-}
-
-// AccessApplicationListResponse represents the response from the list
-// access applications endpoint.
-type AccessApplicationListResponse struct {
-	Result []AccessApplication `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessApplicationDetailResponse is the API response, containing a single
-// access application.
-type AccessApplicationDetailResponse struct {
-	Success  bool              `json:"success"`
-	Errors   []string          `json:"errors"`
-	Messages []string          `json:"messages"`
-	Result   AccessApplication `json:"result"`
-}
-
-type SourceConfig struct {
-	Name      string            `json:"name,omitempty"`
-	NameByIDP map[string]string `json:"name_by_idp,omitempty"`
-}
-
-type SAMLAttributeConfig struct {
-	Name         string       `json:"name,omitempty"`
-	NameFormat   string       `json:"name_format,omitempty"`
-	FriendlyName string       `json:"friendly_name,omitempty"`
-	Required     bool         `json:"required,omitempty"`
-	Source       SourceConfig `json:"source"`
-}
-
-type OIDCClaimConfig struct {
-	Name     string       `json:"name,omitempty"`
-	Source   SourceConfig `json:"source"`
-	Required *bool        `json:"required,omitempty"`
-	Scope    string       `json:"scope,omitempty"`
-}
-
-type RefreshTokenOptions struct {
-	Lifetime string `json:"lifetime,omitempty"`
-}
-
-type AccessApplicationHybridAndImplicitOptions struct {
-	ReturnIDTokenFromAuthorizationEndpoint     *bool `json:"return_id_token_from_authorization_endpoint,omitempty"`
-	ReturnAccessTokenFromAuthorizationEndpoint *bool `json:"return_access_token_from_authorization_endpoint,omitempty"`
-}
-
-type SaasApplication struct {
-	// Items common to both SAML and OIDC
-	AppID     string     `json:"app_id,omitempty"`
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	PublicKey string     `json:"public_key,omitempty"`
-	AuthType  string     `json:"auth_type,omitempty"`
-
-	// SAML saas app
-	ConsumerServiceUrl            string                `json:"consumer_service_url,omitempty"`
-	SPEntityID                    string                `json:"sp_entity_id,omitempty"`
-	IDPEntityID                   string                `json:"idp_entity_id,omitempty"`
-	NameIDFormat                  string                `json:"name_id_format,omitempty"`
-	SSOEndpoint                   string                `json:"sso_endpoint,omitempty"`
-	DefaultRelayState             string                `json:"default_relay_state,omitempty"`
-	CustomAttributes              []SAMLAttributeConfig `json:"custom_attributes,omitempty"`
-	NameIDTransformJsonata        string                `json:"name_id_transform_jsonata,omitempty"`
-	SamlAttributeTransformJsonata string                `json:"saml_attribute_transform_jsonata"`
-
-	// OIDC saas app
-	ClientID                     string                                     `json:"client_id,omitempty"`
-	ClientSecret                 string                                     `json:"client_secret,omitempty"`
-	RedirectURIs                 []string                                   `json:"redirect_uris,omitempty"`
-	GrantTypes                   []string                                   `json:"grant_types,omitempty"`
-	Scopes                       []string                                   `json:"scopes,omitempty"`
-	AppLauncherURL               string                                     `json:"app_launcher_url,omitempty"`
-	GroupFilterRegex             string                                     `json:"group_filter_regex,omitempty"`
-	CustomClaims                 []OIDCClaimConfig                          `json:"custom_claims,omitempty"`
-	AllowPKCEWithoutClientSecret *bool                                      `json:"allow_pkce_without_client_secret,omitempty"`
-	RefreshTokenOptions          *RefreshTokenOptions                       `json:"refresh_token_options,omitempty"`
-	HybridAndImplicitOptions     *AccessApplicationHybridAndImplicitOptions `json:"hybrid_and_implicit_options,omitempty"`
-	AccessTokenLifetime          string                                     `json:"access_token_lifetime,omitempty"`
-}
-
-type AccessAppLauncherCustomization struct {
-	LandingPageDesign     AccessLandingPageDesign `json:"landing_page_design"`
-	LogoURL               string                  `json:"app_launcher_logo_url"`
-	HeaderBackgroundColor string                  `json:"header_bg_color"`
-	BackgroundColor       string                  `json:"bg_color"`
-	FooterLinks           []AccessFooterLink      `json:"footer_links"`
-}
-
-type AccessFooterLink struct {
-	Name string `json:"name"`
-	URL  string `json:"url"`
-}
-
-type AccessLandingPageDesign struct {
-	Title           string `json:"title"`
-	Message         string `json:"message"`
-	ImageURL        string `json:"image_url"`
-	ButtonColor     string `json:"button_color"`
-	ButtonTextColor string `json:"button_text_color"`
-}
-
-type ListAccessApplicationsParams struct {
-	ResultInfo
-}
-
-type CreateAccessApplicationParams struct {
-	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
-	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
-	AUD                      string                         `json:"aud,omitempty"`
-	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
-	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
-	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
-	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
-	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
-	Domain                   string                         `json:"domain"`
-	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
-	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
-	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
-	LogoURL                  string                         `json:"logo_url,omitempty"`
-	Name                     string                         `json:"name"`
-	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
-	PrivateAddress           string                         `json:"private_address"`
-	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
-	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
-	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
-	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
-	SessionDuration          string                         `json:"session_duration,omitempty"`
-	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
-	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
-	Type                     AccessApplicationType          `json:"type,omitempty"`
-	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
-	CustomPages              []string                       `json:"custom_pages,omitempty"`
-	Tags                     []string                       `json:"tags,omitempty"`
-	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
-	// List of policy ids to link to this application in ascending order of precedence.
-	Policies []string `json:"policies,omitempty"`
-	AccessAppLauncherCustomization
-}
-
-type UpdateAccessApplicationParams struct {
-	ID                       string                         `json:"id,omitempty"`
-	AllowedIdps              []string                       `json:"allowed_idps,omitempty"`
-	AppLauncherVisible       *bool                          `json:"app_launcher_visible,omitempty"`
-	AUD                      string                         `json:"aud,omitempty"`
-	AutoRedirectToIdentity   *bool                          `json:"auto_redirect_to_identity,omitempty"`
-	CorsHeaders              *AccessApplicationCorsHeaders  `json:"cors_headers,omitempty"`
-	CustomDenyMessage        string                         `json:"custom_deny_message,omitempty"`
-	CustomDenyURL            string                         `json:"custom_deny_url,omitempty"`
-	CustomNonIdentityDenyURL string                         `json:"custom_non_identity_deny_url,omitempty"`
-	Domain                   string                         `json:"domain"`
-	EnableBindingCookie      *bool                          `json:"enable_binding_cookie,omitempty"`
-	GatewayRules             []AccessApplicationGatewayRule `json:"gateway_rules,omitempty"`
-	HttpOnlyCookieAttribute  *bool                          `json:"http_only_cookie_attribute,omitempty"`
-	LogoURL                  string                         `json:"logo_url,omitempty"`
-	Name                     string                         `json:"name"`
-	PathCookieAttribute      *bool                          `json:"path_cookie_attribute,omitempty"`
-	PrivateAddress           string                         `json:"private_address"`
-	SaasApplication          *SaasApplication               `json:"saas_app,omitempty"`
-	SameSiteCookieAttribute  string                         `json:"same_site_cookie_attribute,omitempty"`
-	SelfHostedDomains        []string                       `json:"self_hosted_domains"`
-	ServiceAuth401Redirect   *bool                          `json:"service_auth_401_redirect,omitempty"`
-	SessionDuration          string                         `json:"session_duration,omitempty"`
-	SkipInterstitial         *bool                          `json:"skip_interstitial,omitempty"`
-	Type                     AccessApplicationType          `json:"type,omitempty"`
-	AllowAuthenticateViaWarp *bool                          `json:"allow_authenticate_via_warp,omitempty"`
-	OptionsPreflightBypass   *bool                          `json:"options_preflight_bypass,omitempty"`
-	CustomPages              []string                       `json:"custom_pages,omitempty"`
-	Tags                     []string                       `json:"tags,omitempty"`
-	SCIMConfig               *AccessApplicationSCIMConfig   `json:"scim_config,omitempty"`
-	// List of policy ids to link to this application in ascending order of precedence.
-	// Can reference reusable policies and policies specific to this application.
-	// If this field is not provided, the existing policies will not be modified.
-	Policies *[]string `json:"policies,omitempty"`
-	AccessAppLauncherCustomization
-}
-
-// ListAccessApplications returns all applications within an account or zone.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-list-access-applications
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-list-access-applications
-func (api *API) ListAccessApplications(ctx context.Context, rc *ResourceContainer, params ListAccessApplicationsParams) ([]AccessApplication, *ResultInfo, error) {
-	baseURL := fmt.Sprintf("/%s/%s/access/apps", rc.Level, rc.Identifier)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var applications []AccessApplication
-	var r AccessApplicationListResponse
-
-	for {
-		uri := buildURI(baseURL, params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessApplication{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessApplication{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		applications = append(applications, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return applications, &r.ResultInfo, nil
-}
-
-// GetAccessApplication returns a single application based on the application
-// ID for either account or zone.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-get-an-access-application
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-get-an-access-application
-func (api *API) GetAccessApplication(ctx context.Context, rc *ResourceContainer, applicationID string) (AccessApplication, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s",
-		rc.Level,
-		rc.Identifier,
-		applicationID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessApplicationDetailResponse AccessApplicationDetailResponse
-	err = json.Unmarshal(res, &accessApplicationDetailResponse)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessApplicationDetailResponse.Result, nil
-}
-
-// CreateAccessApplication creates a new access application.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-add-an-application
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-add-a-bookmark-application
-func (api *API) CreateAccessApplication(ctx context.Context, rc *ResourceContainer, params CreateAccessApplicationParams) (AccessApplication, error) {
-	uri := fmt.Sprintf("/%s/%s/access/apps", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessApplicationDetailResponse AccessApplicationDetailResponse
-	err = json.Unmarshal(res, &accessApplicationDetailResponse)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessApplicationDetailResponse.Result, nil
-}
-
-// UpdateAccessApplication updates an existing access application.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-update-a-bookmark-application
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-update-a-bookmark-application
-func (api *API) UpdateAccessApplication(ctx context.Context, rc *ResourceContainer, params UpdateAccessApplicationParams) (AccessApplication, error) {
-	if params.ID == "" {
-		return AccessApplication{}, fmt.Errorf("access application ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s",
-		rc.Level,
-		rc.Identifier,
-		params.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessApplicationDetailResponse AccessApplicationDetailResponse
-	err = json.Unmarshal(res, &accessApplicationDetailResponse)
-	if err != nil {
-		return AccessApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessApplicationDetailResponse.Result, nil
-}
-
-// DeleteAccessApplication deletes an access application.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-delete-an-access-application
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-delete-an-access-application
-func (api *API) DeleteAccessApplication(ctx context.Context, rc *ResourceContainer, applicationID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s",
-		rc.Level,
-		rc.Identifier,
-		applicationID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
-
-// RevokeAccessApplicationTokens revokes tokens associated with an
-// access application.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-applications-revoke-service-tokens
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-applications-revoke-service-tokens
-func (api *API) RevokeAccessApplicationTokens(ctx context.Context, rc *ResourceContainer, applicationID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s/revoke-tokens",
-		rc.Level,
-		rc.Identifier,
-		applicationID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_application_test.go b/pkg/cloudflare-go/access_application_test.go
deleted file mode 100644
index 1783863950..0000000000
--- a/pkg/cloudflare-go/access_application_test.go
+++ /dev/null
@@ -1,1545 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testAccessApplicationID = "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-)
-
-func TestAccessApplications(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z",
-					"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-					"name": "Admin Site",
-					"domain": "test.example.com/admin",
-					"type": "self_hosted",
-					"session_duration": "24h",
-					"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-					"auto_redirect_to_identity": false,
-					"enable_binding_cookie": false,
-					"custom_deny_url": "https://www.example.com",
-					"custom_non_identity_deny_url": "https://blocked.com",
-					"custom_deny_message": "denied!",
-					"http_only_cookie_attribute": true,
-					"same_site_cookie_attribute": "strict",
-					"logo_url": "https://www.example.com/example.png",
-					"skip_interstitial": true,
-					"app_launcher_visible": true,
-					"service_auth_401_redirect": true,
-					"path_cookie_attribute": true,
-					"custom_pages": ["480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"],
-					"tags": ["engineers"],
-					"allow_authenticate_via_warp": true,
-					"options_preflight_bypass": false,
-					"policies": [
-						{
-							"id": "699d98642c564d2e855e9661899b7252",
-							"precedence": 1,
-							"reusable": true,
-							"decision": "allow",
-							"created_at": "2014-01-01T05:20:00.12345Z",
-							"updated_at": "2014-01-01T05:20:00.12345Z",
-							"name": "Allow devs",
-							"include": [
-								{
-									"email": {
-										"email": "test@example.com"
-									}
-								}
-							]
-						}
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []AccessApplication{{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		SameSiteCookieAttribute:  "strict",
-		HttpOnlyCookieAttribute:  BoolPtr(true),
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		PathCookieAttribute:      BoolPtr(true),
-		CustomPages:              []string{"480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"},
-		Tags:                     []string{"engineers"},
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		OptionsPreflightBypass:   BoolPtr(false),
-		Policies: []AccessPolicy{
-			{
-				ID:         "699d98642c564d2e855e9661899b7252",
-				Precedence: 1,
-				Reusable:   BoolPtr(true),
-				Decision:   "allow",
-				CreatedAt:  &createdAt,
-				UpdatedAt:  &updatedAt,
-				Name:       "Allow devs",
-				Include: []any{
-					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-				},
-			},
-		},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, _, err := client.ListAccessApplications(context.Background(), AccountIdentifier(testAccountID), ListAccessApplicationsParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
-
-	actual, _, err = client.ListAccessApplications(context.Background(), ZoneIdentifier(testZoneID), ListAccessApplicationsParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin Site",
-				"domain": "test.example.com/admin",
-				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
-				"type": "self_hosted",
-				"session_duration": "24h",
-				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"http_only_cookie_attribute": false,
-				"path_cookie_attribute": false,
-				"allow_authenticate_via_warp": false,
-				"options_preflight_bypass": false,
-				"policies": [
-					{
-						"id": "699d98642c564d2e855e9661899b7252",
-						"precedence": 1,
-						"reusable": true,
-						"decision": "allow",
-						"created_at": "2014-01-01T05:20:00.12345Z",
-						"updated_at": "2014-01-01T05:20:00.12345Z",
-						"name": "Allow devs",
-						"include": [
-							{
-								"email": {
-									"email": "test@example.com"
-								}
-							}
-						]
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessApplication{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		HttpOnlyCookieAttribute:  BoolPtr(false),
-		PathCookieAttribute:      BoolPtr(false),
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		AllowAuthenticateViaWarp: BoolPtr(false),
-		OptionsPreflightBypass:   BoolPtr(false),
-		Policies: []AccessPolicy{
-			{
-				ID:         "699d98642c564d2e855e9661899b7252",
-				Precedence: 1,
-				Reusable:   BoolPtr(true),
-				Decision:   "allow",
-				CreatedAt:  &createdAt,
-				UpdatedAt:  &updatedAt,
-				Name:       "Allow devs",
-				Include: []any{
-					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.GetAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.GetAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessApplications(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin Site",
-				"domain": "test.example.com/admin",
-				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
-				"type": "self_hosted",
-				"session_duration": "24h",
-				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"tags": ["engineers"],
-				"allow_authenticate_via_warp": false,
-				"options_preflight_bypass": true,
-				"policies": [
-					{
-						"id": "699d98642c564d2e855e9661899b7252",
-						"precedence": 1,
-						"reusable": true,
-						"decision": "allow",
-						"created_at": "2014-01-01T05:20:00.12345Z",
-						"updated_at": "2014-01-01T05:20:00.12345Z",
-						"name": "Allow devs",
-						"include": [
-							{
-								"email": {
-									"email": "test@example.com"
-								}
-							}
-						]
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		AllowAuthenticateViaWarp: BoolPtr(false),
-		OptionsPreflightBypass:   BoolPtr(true),
-		Policies: []AccessPolicy{
-			{
-				ID:         "699d98642c564d2e855e9661899b7252",
-				Precedence: 1,
-				Reusable:   BoolPtr(true),
-				Decision:   "allow",
-				CreatedAt:  &createdAt,
-				UpdatedAt:  &updatedAt,
-				Name:       "Allow devs",
-				Include: []any{
-					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name:            "Admin Site",
-		Domain:          "test.example.com/admin",
-		SessionDuration: "24h",
-		Policies:        []string{"699d98642c564d2e855e9661899b7252"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
-
-	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
-		Name:            "Admin Site",
-		Domain:          "test.example.com/admin",
-		SessionDuration: "24h",
-		Policies:        []string{"699d98642c564d2e855e9661899b7252"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestUpdateAccessApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin Site",
-				"domain": "test.example.com/admin",
-				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
-				"type": "self_hosted",
-				"session_duration": "24h",
-				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"tags": ["engineers"],
-				"allow_authenticate_via_warp": true,
-				"options_preflight_bypass": true,
-				"policies": [
-					{
-						"id": "699d98642c564d2e855e9661899b7252",
-						"precedence": 1,
-						"reusable": true,
-						"decision": "allow",
-						"created_at": "2014-01-01T05:20:00.12345Z",
-						"updated_at": "2014-01-01T05:20:00.12345Z",
-						"name": "Allow devs",
-						"include": [
-							{
-								"email": {
-									"email": "test@example.com"
-								}
-							}
-						]
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	fullAccessApplication := AccessApplication{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		SkipInterstitial:         BoolPtr(true),
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		OptionsPreflightBypass:   BoolPtr(true),
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		Policies: []AccessPolicy{
-			{
-				ID:         "699d98642c564d2e855e9661899b7252",
-				Precedence: 1,
-				Reusable:   BoolPtr(true),
-				Decision:   "allow",
-				CreatedAt:  &createdAt,
-				UpdatedAt:  &updatedAt,
-				Name:       "Allow devs",
-				Include: []any{
-					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-				},
-			},
-		},
-	}
-
-	params := UpdateAccessApplicationParams{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		OptionsPreflightBypass:   BoolPtr(true),
-		Policies:                 &[]string{"699d98642c564d2e855e9661899b7252"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.UpdateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), UpdateAccessApplicationParams{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		OptionsPreflightBypass:   BoolPtr(true),
-		Policies:                 &[]string{"699d98642c564d2e855e9661899b7252"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestUpdateAccessApplicationOmitPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		reqBody, err := io.ReadAll(r.Body)
-		assert.NoError(t, err)
-		assert.NotContains(t, string(reqBody), "policies")
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin Site",
-				"domain": "test.example.com/admin",
-				"self_hosted_domains": ["test.example.com/admin", "test.example.com/admin2"],
-				"type": "self_hosted",
-				"session_duration": "24h",
-				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"tags": ["engineers"],
-				"allow_authenticate_via_warp": true,
-				"options_preflight_bypass": true,
-				"policies": [
-					{
-						"id": "699d98642c564d2e855e9661899b7252",
-						"precedence": 1,
-						"reusable": true,
-						"decision": "allow",
-						"created_at": "2014-01-01T05:20:00.12345Z",
-						"updated_at": "2014-01-01T05:20:00.12345Z",
-						"name": "Allow devs",
-						"include": [
-							{
-								"email": {
-									"email": "test@example.com"
-								}
-							}
-						]
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	fullAccessApplication := AccessApplication{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		SkipInterstitial:         BoolPtr(true),
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		OptionsPreflightBypass:   BoolPtr(true),
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		Policies: []AccessPolicy{
-			{
-				ID:         "699d98642c564d2e855e9661899b7252",
-				Precedence: 1,
-				Reusable:   BoolPtr(true),
-				Decision:   "allow",
-				CreatedAt:  &createdAt,
-				UpdatedAt:  &updatedAt,
-				Name:       "Allow devs",
-				Include: []any{
-					map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-				},
-			},
-		},
-	}
-
-	params := UpdateAccessApplicationParams{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		OptionsPreflightBypass:   BoolPtr(true),
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.UpdateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), UpdateAccessApplicationParams{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin Site",
-		Domain:                   "test.example.com/admin",
-		SelfHostedDomains:        []string{"test.example.com/admin", "test.example.com/admin2"},
-		Type:                     "self_hosted",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		OptionsPreflightBypass:   BoolPtr(true),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestUpdateAccessApplicationWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), UpdateAccessApplicationParams{})
-	assert.EqualError(t, err, "access application ID cannot be empty")
-
-	_, err = client.UpdateAccessApplication(context.Background(), AccountIdentifier(testAccountID), UpdateAccessApplicationParams{})
-	assert.EqualError(t, err, "access application ID cannot be empty")
-}
-
-func TestDeleteAccessApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "699d98642c564d2e855e9661899b7252"
-      }
-    }
-    `)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err := client.DeleteAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err = client.DeleteAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-}
-
-func TestRevokeAccessApplicationTokens(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": []
-    }
-    `)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/revoke-tokens", handler)
-	err := client.RevokeAccessApplicationTokens(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/revoke-tokens", handler)
-	err = client.RevokeAccessApplicationTokens(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-}
-
-func TestAccessApplicationWithCORS(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [
-
-      ],
-      "result":{
-        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-        "created_at": "2014-01-01T05:20:00.12345Z",
-        "updated_at": "2014-01-01T05:20:00.12345Z",
-        "aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-        "name": "Admin Site",
-        "domain": "test.example.com/admin",
-        "type": "self_hosted",
-        "session_duration": "24h",
-        "cors_headers": {
-          "allowed_methods": [
-            "GET"
-          ],
-          "allowed_origins": [
-            "https://example.com"
-          ],
-          "allow_all_headers": true,
-          "max_age": -1
-        }
-      }
-    }
-    `)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessApplication{
-		ID:              "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		CreatedAt:       &createdAt,
-		UpdatedAt:       &updatedAt,
-		AUD:             "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Name:            "Admin Site",
-		Domain:          "test.example.com/admin",
-		Type:            "self_hosted",
-		SessionDuration: "24h",
-		CorsHeaders: &AccessApplicationCorsHeaders{
-			AllowedMethods:  []string{http.MethodGet},
-			AllowedOrigins:  []string{"https://example.com"},
-			AllowAllHeaders: true,
-			MaxAge:          -1,
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.GetAccessApplication(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.GetAccessApplication(context.Background(), ZoneIdentifier(testZoneID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreatePrivateAccessApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Private Admin Site",
-				"private_address": "198.51.100.0",
-				"type": "private_ip",
-		    "gateway_rules": [
-					{"id": "d9c61460-6f4d-4c40-89ea-2f552c9a8466"},
-					{"id": "bc5ee7e7-9773-47a3-835e-b9b9799ebb92"}
-				],
-				"session_duration": "24h",
-				"allowed_idps": ["f174e90a-fafe-4643-bbbc-4a0ed4fc8415"],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": false,
-				"service_auth_401_redirect": false
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:             "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:           "Private Admin Site",
-		PrivateAddress: "198.51.100.0",
-		Type:           "private_ip",
-		GatewayRules: []AccessApplicationGatewayRule{
-			{ID: "d9c61460-6f4d-4c40-89ea-2f552c9a8466"},
-			{ID: "bc5ee7e7-9773-47a3-835e-b9b9799ebb92"},
-		},
-		SessionDuration:        "24h",
-		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:            []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415"},
-		AutoRedirectToIdentity: BoolPtr(false),
-		EnableBindingCookie:    BoolPtr(false),
-		AppLauncherVisible:     BoolPtr(false),
-		ServiceAuth401Redirect: BoolPtr(false),
-		CustomDenyMessage:      "denied!",
-		CustomDenyURL:          "https://www.example.com",
-		LogoURL:                "https://www.example.com/example.png",
-		SkipInterstitial:       BoolPtr(true),
-		CreatedAt:              &createdAt,
-		UpdatedAt:              &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name:            "Admin Site",
-		PrivateAddress:  "198.51.100.0",
-		SessionDuration: "24h",
-		Type:            "private_ip",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestCreateSAMLSaasAccessApplications(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin Saas App",
-				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/saml/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"type": "saas",
-				"session_duration": "24h",
-				"allowed_idps": [],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"tags": ["engineers"],
-				"saas_app": {
-					"consumer_service_url": "https://saas.example.com",
-					"sp_entity_id": "dash.example.com",
-					"name_id_format": "id",
-					"default_relay_state": "https://saas.example.com",
-					"custom_attributes": [
-						{
-							"name": "test1",
-							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
-							"source": {
-								"name": "test1"
-							}
-						},
-						{
-							"name": "test2",
-							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
-							"source": {
-								"name": "test2"
-							}
-						},
-						{
-							"name": "test3",
-							"name_format": "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
-							"source": {
-								"name": "test3"
-							}
-						}
-					],
-					"name_id_transform_jsonata": "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
-					"saml_attribute_transform_jsonata": "$ ~>| groups | {'group_name': name} |"
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                   "Admin Saas App",
-		Domain:                 "example.cloudflareaccess.com/cdn-cgi/access/sso/saml/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Type:                   "saas",
-		SessionDuration:        "24h",
-		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:            []string{},
-		AutoRedirectToIdentity: BoolPtr(false),
-		EnableBindingCookie:    BoolPtr(false),
-		AppLauncherVisible:     BoolPtr(true),
-		ServiceAuth401Redirect: BoolPtr(true),
-		CustomDenyMessage:      "denied!",
-		CustomDenyURL:          "https://www.example.com",
-		LogoURL:                "https://www.example.com/example.png",
-		SkipInterstitial:       BoolPtr(true),
-		SaasApplication: &SaasApplication{
-			ConsumerServiceUrl: "https://saas.example.com",
-			SPEntityID:         "dash.example.com",
-			NameIDFormat:       "id",
-			DefaultRelayState:  "https://saas.example.com",
-			CustomAttributes: []SAMLAttributeConfig{
-				{
-					Name:       "test1",
-					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified",
-					Source: SourceConfig{
-						Name: "test1",
-					},
-				},
-				{
-					Name:       "test2",
-					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:basic",
-					Source: SourceConfig{
-						Name: "test2",
-					},
-				},
-				{
-					Name:       "test3",
-					NameFormat: "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
-					Source: SourceConfig{
-						Name: "test3",
-					},
-				},
-			},
-			NameIDTransformJsonata:        "$substringBefore(email, '@') & '+sandbox@' & $substringAfter(email, '@')",
-			SamlAttributeTransformJsonata: "$ ~>| groups | {'group_name': name} |",
-		},
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name: "Admin Saas Site",
-		SaasApplication: &SaasApplication{
-			ConsumerServiceUrl: "https://examplesaas.com",
-			SPEntityID:         "TEST12345678",
-			NameIDFormat:       "id",
-		},
-		SessionDuration: "24h",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
-
-	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
-		Name: "Admin Saas Site",
-		SaasApplication: &SaasApplication{
-			ConsumerServiceUrl: "https://saas.example.com",
-			SPEntityID:         "TEST12345678",
-			NameIDFormat:       "id",
-		},
-		SessionDuration: "24h",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestCreateOIDCSaasAccessApplications(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin OIDC Saas App",
-				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"type": "saas",
-				"session_duration": "24h",
-				"allowed_idps": [],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"tags": ["engineers"],
-				"saas_app": {
-					"auth_type": "oidc",
-					"client_id": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-					"client_secret": "secret",
-					"redirect_uris": ["https://saas.example.com"],
-					"grant_types": ["authorization_code", "hybrid", "implicit"],
-					"scopes": ["openid", "email", "profile", "groups"],
-					"app_launcher_url": "https://saas.example.com",
-					"group_filter_regex": ".*",
-					"allow_pkce_without_client_secret": false,
-					"custom_claims": [
-						{
-							"name": "test1",
-							"source": {
-								"name": "test1"
-							},
-							"required": true,
-							"scope": "profile"
-						}
-					],
-					"hybrid_and_implicit_options": {
-						"return_id_token_from_authorization_endpoint": true,
-						"return_access_token_from_authorization_endpoint": true
-					},
-					"access_token_lifetime": "1m"
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                   "Admin OIDC Saas App",
-		Domain:                 "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Type:                   "saas",
-		SessionDuration:        "24h",
-		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:            []string{},
-		AutoRedirectToIdentity: BoolPtr(false),
-		EnableBindingCookie:    BoolPtr(false),
-		AppLauncherVisible:     BoolPtr(true),
-		ServiceAuth401Redirect: BoolPtr(true),
-		CustomDenyMessage:      "denied!",
-		CustomDenyURL:          "https://www.example.com",
-		LogoURL:                "https://www.example.com/example.png",
-		SkipInterstitial:       BoolPtr(true),
-		SaasApplication: &SaasApplication{
-			AuthType:                     "oidc",
-			ClientID:                     "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-			ClientSecret:                 "secret",
-			RedirectURIs:                 []string{"https://saas.example.com"},
-			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
-			Scopes:                       []string{"openid", "email", "profile", "groups"},
-			AppLauncherURL:               "https://saas.example.com",
-			GroupFilterRegex:             ".*",
-			AllowPKCEWithoutClientSecret: BoolPtr(false),
-			CustomClaims: []OIDCClaimConfig{
-				{
-					Name:     "test1",
-					Source:   SourceConfig{Name: "test1"},
-					Required: BoolPtr(true),
-					Scope:    "profile",
-				},
-			},
-			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
-				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
-				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
-			},
-			AccessTokenLifetime: "1m",
-		},
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name: "Admin Saas Site",
-		SaasApplication: &SaasApplication{
-			AuthType:                     "oidc",
-			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
-			RedirectURIs:                 []string{"https://saas.example.com"},
-			AppLauncherURL:               "https://saas.example.com",
-			GroupFilterRegex:             ".*",
-			AllowPKCEWithoutClientSecret: BoolPtr(false),
-			CustomClaims: []OIDCClaimConfig{
-				{
-					Name:     "test1",
-					Source:   SourceConfig{Name: "test1"},
-					Required: BoolPtr(true),
-					Scope:    "profile",
-				},
-			},
-			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
-				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
-				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
-			},
-			AccessTokenLifetime: "1m",
-		},
-		SessionDuration: "24h",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
-
-	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
-		Name: "Admin Saas Site",
-		SaasApplication: &SaasApplication{
-			AuthType:                     "oidc",
-			GrantTypes:                   []string{"authorization_code", "hybrid", "implicit"},
-			RedirectURIs:                 []string{"https://saas.example.com"},
-			AppLauncherURL:               "https://saas.example.com",
-			GroupFilterRegex:             ".*",
-			AllowPKCEWithoutClientSecret: BoolPtr(false),
-			CustomClaims: []OIDCClaimConfig{
-				{
-					Name:     "test1",
-					Source:   SourceConfig{Name: "test1"},
-					Required: BoolPtr(true),
-					Scope:    "profile",
-				},
-			},
-			HybridAndImplicitOptions: &AccessApplicationHybridAndImplicitOptions{
-				ReturnIDTokenFromAuthorizationEndpoint:     BoolPtr(true),
-				ReturnAccessTokenFromAuthorizationEndpoint: BoolPtr(true),
-			},
-			AccessTokenLifetime: "1m",
-		},
-		SessionDuration: "24h",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestCreateApplicationWithAccessAppLauncherCustomization(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "App Launcher",
-				"type": "app_launcher",
-				"session_duration": "24h",
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": false,
-				"service_auth_401_redirect": false,
-				"landing_page_design": {
-					"title": "A title",
-					"message": "a message",
-					"image_url": "https://www.example.com/example.png",
-					"button_color": "green",
-					"button_text_color": "red"
-				},
-				"header_bg_color": "red",
-				"bg_color": "blue",
-				"footer_links": [
-					{
-						"url": "https://somesite.com",
-						"name": "bug"
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:                     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                   "App Launcher",
-		Type:                   "app_launcher",
-		SessionDuration:        "24h",
-		AUD:                    "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AutoRedirectToIdentity: BoolPtr(false),
-		EnableBindingCookie:    BoolPtr(false),
-		AppLauncherVisible:     BoolPtr(false),
-		ServiceAuth401Redirect: BoolPtr(false),
-		CustomDenyMessage:      "denied!",
-		CustomDenyURL:          "https://www.example.com",
-		LogoURL:                "https://www.example.com/example.png",
-		SkipInterstitial:       BoolPtr(true),
-		CreatedAt:              &createdAt,
-		UpdatedAt:              &updatedAt,
-		AccessAppLauncherCustomization: AccessAppLauncherCustomization{
-			LandingPageDesign: AccessLandingPageDesign{
-				Title:           "A title",
-				Message:         "a message",
-				ImageURL:        "https://www.example.com/example.png",
-				ButtonColor:     "green",
-				ButtonTextColor: "red",
-			},
-			HeaderBackgroundColor: "red",
-			BackgroundColor:       "blue",
-			FooterLinks: []AccessFooterLink{
-				{
-					URL:  "https://somesite.com",
-					Name: "bug",
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name:            "Admin Site",
-		SessionDuration: "24h",
-		Type:            "app_launcher",
-		AccessAppLauncherCustomization: AccessAppLauncherCustomization{
-			LandingPageDesign: AccessLandingPageDesign{
-				Title:           "A title",
-				Message:         "a message",
-				ImageURL:        "https://www.example.com/example.png",
-				ButtonColor:     "green",
-				ButtonTextColor: "red",
-			},
-			HeaderBackgroundColor: "red",
-			BackgroundColor:       "blue",
-			FooterLinks: []AccessFooterLink{
-				{
-					URL:  "https://somesite.com",
-					Name: "bug",
-				},
-			},
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
-
-func TestCreateAccessApplicationWithSCIMProvisioning(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"aud": "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"name": "Admin SCIM App",
-				"domain": "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-				"type": "saas",
-				"session_duration": "24h",
-				"allowed_idps": [],
-				"auto_redirect_to_identity": false,
-				"enable_binding_cookie": false,
-				"custom_deny_url": "https://www.example.com",
-				"custom_deny_message": "denied!",
-				"logo_url": "https://www.example.com/example.png",
-				"skip_interstitial": true,
-				"app_launcher_visible": true,
-				"service_auth_401_redirect": true,
-				"custom_non_identity_deny_url": "https://blocked.com",
-				"tags": ["engineers"],
-				"scim_config": {
-					"enabled": true,
-					"remote_uri": "https://scim.com",
-					"authentication": {
-						 "scheme": "oauthbearertoken",
-						 "token": "1234567890"
-					},
-					"idp_uid": "1234567",
-					"deactivate_on_delete": true,
-					"mappings": [
-						{
-							"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
-							"enabled": true,
-							"filter": "title pr or userType eq \"Intern\"",
-							"transform_jsonata": "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
-							"operations": {
-								"create": true,
-								"update": true,
-								"delete": true
-							}
-						}
-					]
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessApplication := AccessApplication{
-		ID:                       "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:                     "Admin SCIM App",
-		Domain:                   "example.cloudflareaccess.com/cdn-cgi/access/sso/oidc/737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		Type:                     "saas",
-		SessionDuration:          "24h",
-		AUD:                      "737646a56ab1df6ec9bddc7e5ca84eaf3b0768850f3ffb5d74f1534911fe3893",
-		AllowedIdps:              []string{},
-		AutoRedirectToIdentity:   BoolPtr(false),
-		EnableBindingCookie:      BoolPtr(false),
-		AppLauncherVisible:       BoolPtr(true),
-		ServiceAuth401Redirect:   BoolPtr(true),
-		CustomDenyMessage:        "denied!",
-		CustomDenyURL:            "https://www.example.com",
-		LogoURL:                  "https://www.example.com/example.png",
-		SkipInterstitial:         BoolPtr(true),
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		CustomNonIdentityDenyURL: "https://blocked.com",
-		Tags:                     []string{"engineers"},
-		SCIMConfig: &AccessApplicationSCIMConfig{
-			Enabled:   BoolPtr(true),
-			RemoteURI: "https://scim.com",
-			Authentication: &AccessApplicationScimAuthenticationJson{
-				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
-					Token:                  "1234567890",
-					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
-				},
-			},
-			IdPUID:             "1234567",
-			DeactivateOnDelete: BoolPtr(true),
-			Mappings: []*AccessApplicationScimMapping{
-				{
-					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
-					Enabled:          BoolPtr(true),
-					Filter:           "title pr or userType eq \"Intern\"",
-					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
-					Operations: &AccessApplicationScimMappingOperations{
-						Create: BoolPtr(true),
-						Update: BoolPtr(true),
-						Delete: BoolPtr(true),
-					},
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps", handler)
-
-	actual, err := client.CreateAccessApplication(context.Background(), AccountIdentifier(testAccountID), CreateAccessApplicationParams{
-		Name: "Admin Saas Site",
-		SCIMConfig: &AccessApplicationSCIMConfig{
-			Enabled:   BoolPtr(true),
-			RemoteURI: "https://scim.com",
-			Authentication: &AccessApplicationScimAuthenticationJson{
-				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
-					Token:                  "1234567890",
-					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
-				},
-			},
-			IdPUID:             "1234567",
-			DeactivateOnDelete: BoolPtr(true),
-			Mappings: []*AccessApplicationScimMapping{
-				{
-					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
-					Enabled:          BoolPtr(true),
-					Filter:           "title pr or userType eq \"Intern\"",
-					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
-					Operations: &AccessApplicationScimMappingOperations{
-						Create: BoolPtr(true),
-						Update: BoolPtr(true),
-						Delete: BoolPtr(true),
-					},
-				},
-			},
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps", handler)
-
-	actual, err = client.CreateAccessApplication(context.Background(), ZoneIdentifier(testZoneID), CreateAccessApplicationParams{
-		Name: "Admin SCIM Site",
-		SCIMConfig: &AccessApplicationSCIMConfig{
-			Enabled:   BoolPtr(true),
-			RemoteURI: "https://scim.com",
-			Authentication: &AccessApplicationScimAuthenticationJson{
-				Value: &AccessApplicationScimAuthenticationOauthBearerToken{
-					Token:                  "1234567890",
-					baseScimAuthentication: baseScimAuthentication{Scheme: AccessApplicationScimAuthenticationSchemeOauthBearerToken},
-				},
-			},
-			IdPUID:             "1234567",
-			DeactivateOnDelete: BoolPtr(true),
-			Mappings: []*AccessApplicationScimMapping{
-				{
-					Schema:           "urn:ietf:params:scim:schemas:core:2.0:User",
-					Enabled:          BoolPtr(true),
-					Filter:           "title pr or userType eq \"Intern\"",
-					TransformJsonata: "$merge([$, {'userName': $substringBefore($.userName, '@') & '+test@' & $substringAfter($.userName, '@')}])",
-					Operations: &AccessApplicationScimMappingOperations{
-						Create: BoolPtr(true),
-						Update: BoolPtr(true),
-						Delete: BoolPtr(true),
-					},
-				},
-			},
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessApplication, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_audit_log.go b/pkg/cloudflare-go/access_audit_log.go
deleted file mode 100644
index 62658e3fa8..0000000000
--- a/pkg/cloudflare-go/access_audit_log.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessAuditLogRecord is the structure of a single Access Audit Log entry.
-type AccessAuditLogRecord struct {
-	UserEmail  string     `json:"user_email"`
-	IPAddress  string     `json:"ip_address"`
-	AppUID     string     `json:"app_uid"`
-	AppDomain  string     `json:"app_domain"`
-	Action     string     `json:"action"`
-	Connection string     `json:"connection"`
-	Allowed    bool       `json:"allowed"`
-	CreatedAt  *time.Time `json:"created_at"`
-	RayID      string     `json:"ray_id"`
-}
-
-// AccessAuditLogListResponse represents the response from the list
-// access applications endpoint.
-type AccessAuditLogListResponse struct {
-	Result []AccessAuditLogRecord `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessAuditLogFilterOptions provides the structure of available audit log
-// filters.
-type AccessAuditLogFilterOptions struct {
-	Direction string
-	Since     *time.Time
-	Until     *time.Time
-	Limit     int
-}
-
-// AccessAuditLogs retrieves all audit logs for the Access service.
-//
-// API reference: https://api.cloudflare.com/#access-requests-access-requests-audit
-func (api *API) AccessAuditLogs(ctx context.Context, accountID string, opts AccessAuditLogFilterOptions) ([]AccessAuditLogRecord, error) {
-	uri := fmt.Sprintf("/accounts/%s/access/logs/access-requests?%s", accountID, opts.Encode())
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessAuditLogRecord{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessAuditLogListResponse AccessAuditLogListResponse
-	err = json.Unmarshal(res, &accessAuditLogListResponse)
-	if err != nil {
-		return []AccessAuditLogRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessAuditLogListResponse.Result, nil
-}
-
-// Encode is a custom method for encoding the filter options into a usable HTTP
-// query parameter string.
-func (a AccessAuditLogFilterOptions) Encode() string {
-	v := url.Values{}
-
-	if a.Direction != "" {
-		v.Set("direction", a.Direction)
-	}
-
-	if a.Limit > 0 {
-		v.Set("limit", strconv.Itoa(a.Limit))
-	}
-
-	if a.Since != nil {
-		v.Set("since", a.Since.Format(time.RFC3339))
-	}
-
-	if a.Until != nil {
-		v.Set("until", a.Until.Format(time.RFC3339))
-	}
-
-	return v.Encode()
-}
diff --git a/pkg/cloudflare-go/access_audit_log_example_test.go b/pkg/cloudflare-go/access_audit_log_example_test.go
deleted file mode 100644
index 1c44de5ab2..0000000000
--- a/pkg/cloudflare-go/access_audit_log_example_test.go
+++ /dev/null
@@ -1,26 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	"github.com/goccy/go-json"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_AccessAuditLogs() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	filterOpts := cloudflare.AccessAuditLogFilterOptions{}
-	results, _ := api.AccessAuditLogs(context.Background(), "someaccountid", filterOpts)
-
-	for _, record := range results {
-		b, _ := json.Marshal(record)
-		fmt.Println(string(b))
-	}
-}
diff --git a/pkg/cloudflare-go/access_audit_log_test.go b/pkg/cloudflare-go/access_audit_log_test.go
deleted file mode 100644
index b71c3f99b2..0000000000
--- a/pkg/cloudflare-go/access_audit_log_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessAuditLogs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "user_email": "michelle@example.com",
-      "ip_address": "198.51.100.1",
-      "app_uid": "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
-      "app_domain": "test.example.com/admin",
-      "action": "login",
-      "connection": "saml",
-      "allowed": false,
-      "created_at": "2014-01-01T05:20:00.12345Z",
-      "ray_id": "187d944c61940c77"
-    }
-  ]
-}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/access/logs/access-requests", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []AccessAuditLogRecord{{
-		UserEmail:  "michelle@example.com",
-		IPAddress:  "198.51.100.1",
-		AppUID:     "df7e2w5f-02b7-4d9d-af26-8d1988fca630",
-		AppDomain:  "test.example.com/admin",
-		Action:     "login",
-		Connection: "saml",
-		Allowed:    false,
-		CreatedAt:  &createdAt,
-		RayID:      "187d944c61940c77",
-	}}
-
-	actual, err := client.AccessAuditLogs(context.Background(), "01a7362d577a6c3019a474fd6f485823", AccessAuditLogFilterOptions{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessAuditLogsEncodeAllParametersDefined(t *testing.T) {
-	since, _ := time.Parse(time.RFC3339, "2020-07-01T00:00:00Z")
-	until, _ := time.Parse(time.RFC3339, "2020-07-02T00:00:00Z")
-
-	opts := AccessAuditLogFilterOptions{
-		Direction: "desc",
-		Since:     &since,
-		Until:     &until,
-		Limit:     10,
-	}
-
-	assert.Equal(t, "direction=desc&limit=10&since=2020-07-01T00%3A00%3A00Z&until=2020-07-02T00%3A00%3A00Z", opts.Encode())
-}
-
-func TestAccessAuditLogsEncodeOnlyDatesDefined(t *testing.T) {
-	since, _ := time.Parse(time.RFC3339, "2020-07-01T00:00:00Z")
-	until, _ := time.Parse(time.RFC3339, "2020-07-02T00:00:00Z")
-
-	opts := AccessAuditLogFilterOptions{
-		Since: &since,
-		Until: &until,
-	}
-
-	assert.Equal(t, "since=2020-07-01T00%3A00%3A00Z&until=2020-07-02T00%3A00%3A00Z", opts.Encode())
-}
-
-func TestAccessAuditLogsEncodeEmptyValues(t *testing.T) {
-	opts := AccessAuditLogFilterOptions{}
-
-	assert.Equal(t, "", opts.Encode())
-}
diff --git a/pkg/cloudflare-go/access_bookmark.go b/pkg/cloudflare-go/access_bookmark.go
deleted file mode 100644
index 769c861da9..0000000000
--- a/pkg/cloudflare-go/access_bookmark.go
+++ /dev/null
@@ -1,206 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessBookmark represents an Access bookmark application.
-type AccessBookmark struct {
-	ID                 string     `json:"id,omitempty"`
-	Domain             string     `json:"domain"`
-	Name               string     `json:"name"`
-	LogoURL            string     `json:"logo_url,omitempty"`
-	AppLauncherVisible *bool      `json:"app_launcher_visible,omitempty"`
-	CreatedAt          *time.Time `json:"created_at,omitempty"`
-	UpdatedAt          *time.Time `json:"updated_at,omitempty"`
-}
-
-// AccessBookmarkListResponse represents the response from the list
-// access bookmarks endpoint.
-type AccessBookmarkListResponse struct {
-	Result []AccessBookmark `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessBookmarkDetailResponse is the API response, containing a single
-// access bookmark.
-type AccessBookmarkDetailResponse struct {
-	Response
-	Result AccessBookmark `json:"result"`
-}
-
-// AccessBookmarks returns all bookmarks within an account.
-//
-// API reference: https://api.cloudflare.com/#access-bookmarks-list-access-bookmarks
-func (api *API) AccessBookmarks(ctx context.Context, accountID string, pageOpts PaginationOptions) ([]AccessBookmark, ResultInfo, error) {
-	return api.accessBookmarks(ctx, accountID, pageOpts, AccountRouteRoot)
-}
-
-// ZoneLevelAccessBookmarks returns all bookmarks within a zone.
-//
-// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-list-access-bookmarks
-func (api *API) ZoneLevelAccessBookmarks(ctx context.Context, zoneID string, pageOpts PaginationOptions) ([]AccessBookmark, ResultInfo, error) {
-	return api.accessBookmarks(ctx, zoneID, pageOpts, ZoneRouteRoot)
-}
-
-func (api *API) accessBookmarks(ctx context.Context, id string, pageOpts PaginationOptions, routeRoot RouteRoot) ([]AccessBookmark, ResultInfo, error) {
-	uri := buildURI(fmt.Sprintf("/%s/%s/access/bookmarks", routeRoot, id), pageOpts)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessBookmark{}, ResultInfo{}, err
-	}
-
-	var accessBookmarkListResponse AccessBookmarkListResponse
-	err = json.Unmarshal(res, &accessBookmarkListResponse)
-	if err != nil {
-		return []AccessBookmark{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessBookmarkListResponse.Result, accessBookmarkListResponse.ResultInfo, nil
-}
-
-// AccessBookmark returns a single bookmark based on the
-// bookmark ID.
-//
-// API reference: https://api.cloudflare.com/#access-bookmarks-access-bookmarks-details
-func (api *API) AccessBookmark(ctx context.Context, accountID, bookmarkID string) (AccessBookmark, error) {
-	return api.accessBookmark(ctx, accountID, bookmarkID, AccountRouteRoot)
-}
-
-// ZoneLevelAccessBookmark returns a single zone level bookmark based on the
-// bookmark ID.
-//
-// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-access-bookmarks-details
-func (api *API) ZoneLevelAccessBookmark(ctx context.Context, zoneID, bookmarkID string) (AccessBookmark, error) {
-	return api.accessBookmark(ctx, zoneID, bookmarkID, ZoneRouteRoot)
-}
-
-func (api *API) accessBookmark(ctx context.Context, id, bookmarkID string, routeRoot RouteRoot) (AccessBookmark, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/bookmarks/%s",
-		routeRoot,
-		id,
-		bookmarkID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessBookmark{}, err
-	}
-
-	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
-	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
-	if err != nil {
-		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessBookmarkDetailResponse.Result, nil
-}
-
-// CreateAccessBookmark creates a new access bookmark.
-//
-// API reference: https://api.cloudflare.com/#access-bookmarks-create-access-bookmark
-func (api *API) CreateAccessBookmark(ctx context.Context, accountID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
-	return api.createAccessBookmark(ctx, accountID, accessBookmark, AccountRouteRoot)
-}
-
-// CreateZoneLevelAccessBookmark creates a new zone level access bookmark.
-//
-// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-create-access-bookmark
-func (api *API) CreateZoneLevelAccessBookmark(ctx context.Context, zoneID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
-	return api.createAccessBookmark(ctx, zoneID, accessBookmark, ZoneRouteRoot)
-}
-
-func (api *API) createAccessBookmark(ctx context.Context, id string, accessBookmark AccessBookmark, routeRoot RouteRoot) (AccessBookmark, error) {
-	uri := fmt.Sprintf("/%s/%s/access/bookmarks", routeRoot, id)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, accessBookmark)
-	if err != nil {
-		return AccessBookmark{}, err
-	}
-
-	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
-	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
-	if err != nil {
-		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessBookmarkDetailResponse.Result, nil
-}
-
-// UpdateAccessBookmark updates an existing access bookmark.
-//
-// API reference: https://api.cloudflare.com/#access-bookmarks-update-access-bookmark
-func (api *API) UpdateAccessBookmark(ctx context.Context, accountID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
-	return api.updateAccessBookmark(ctx, accountID, accessBookmark, AccountRouteRoot)
-}
-
-// UpdateZoneLevelAccessBookmark updates an existing zone level access bookmark.
-//
-// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-update-access-bookmark
-func (api *API) UpdateZoneLevelAccessBookmark(ctx context.Context, zoneID string, accessBookmark AccessBookmark) (AccessBookmark, error) {
-	return api.updateAccessBookmark(ctx, zoneID, accessBookmark, ZoneRouteRoot)
-}
-
-func (api *API) updateAccessBookmark(ctx context.Context, id string, accessBookmark AccessBookmark, routeRoot RouteRoot) (AccessBookmark, error) {
-	if accessBookmark.ID == "" {
-		return AccessBookmark{}, fmt.Errorf("access bookmark ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/bookmarks/%s",
-		routeRoot,
-		id,
-		accessBookmark.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, accessBookmark)
-	if err != nil {
-		return AccessBookmark{}, err
-	}
-
-	var accessBookmarkDetailResponse AccessBookmarkDetailResponse
-	err = json.Unmarshal(res, &accessBookmarkDetailResponse)
-	if err != nil {
-		return AccessBookmark{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessBookmarkDetailResponse.Result, nil
-}
-
-// DeleteAccessBookmark deletes an access bookmark.
-//
-// API reference: https://api.cloudflare.com/#access-bookmarks-delete-access-bookmark
-func (api *API) DeleteAccessBookmark(ctx context.Context, accountID, bookmarkID string) error {
-	return api.deleteAccessBookmark(ctx, accountID, bookmarkID, AccountRouteRoot)
-}
-
-// DeleteZoneLevelAccessBookmark deletes a zone level access bookmark.
-//
-// API reference: https://api.cloudflare.com/#zone-level-access-bookmarks-delete-access-bookmark
-func (api *API) DeleteZoneLevelAccessBookmark(ctx context.Context, zoneID, bookmarkID string) error {
-	return api.deleteAccessBookmark(ctx, zoneID, bookmarkID, ZoneRouteRoot)
-}
-
-func (api *API) deleteAccessBookmark(ctx context.Context, id, bookmarkID string, routeRoot RouteRoot) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/bookmarks/%s",
-		routeRoot,
-		id,
-		bookmarkID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_bookmark_test.go b/pkg/cloudflare-go/access_bookmark_test.go
deleted file mode 100644
index 7b082b1409..0000000000
--- a/pkg/cloudflare-go/access_bookmark_test.go
+++ /dev/null
@@ -1,283 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessBookmarks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-					"name": "Example Site",
-					"domain": "example.com",
-					"logo_url": "https://www.example.com/example.png",
-					"app_launcher_visible": true,
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []AccessBookmark{{
-		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-		CreatedAt:          &createdAt,
-		UpdatedAt:          &updatedAt,
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks", handler)
-
-	actual, _, err := client.AccessBookmarks(context.Background(), testAccountID, PaginationOptions{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks", handler)
-
-	actual, _, err = client.ZoneLevelAccessBookmarks(context.Background(), testZoneID, PaginationOptions{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessBookmark(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "Example Site",
-				"domain": "example.com",
-				"logo_url": "https://www.example.com/example.png",
-				"app_launcher_visible": true,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessBookmark{
-		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-		CreatedAt:          &createdAt,
-		UpdatedAt:          &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.AccessBookmark(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.ZoneLevelAccessBookmark(context.Background(), testZoneID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessBookmarks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "Example Site",
-				"domain": "example.com",
-				"logo_url": "https://www.example.com/example.png",
-				"app_launcher_visible": true,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessBookmark := AccessBookmark{
-		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-		CreatedAt:          &createdAt,
-		UpdatedAt:          &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks", handler)
-
-	actual, err := client.CreateAccessBookmark(context.Background(), testAccountID, AccessBookmark{
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessBookmark, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks", handler)
-
-	actual, err = client.CreateZoneLevelAccessBookmark(context.Background(), testZoneID, AccessBookmark{
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessBookmark, actual)
-	}
-}
-
-func TestUpdateAccessBookmark(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "Example Site",
-				"domain": "example.com",
-				"logo_url": "https://www.example.com/example.png",
-				"app_launcher_visible": true,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	fullAccessBookmark := AccessBookmark{
-		ID:                 "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:               "Example Site",
-		Domain:             "example.com",
-		LogoURL:            "https://www.example.com/example.png",
-		AppLauncherVisible: BoolPtr(true),
-		CreatedAt:          &createdAt,
-		UpdatedAt:          &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.UpdateAccessBookmark(context.Background(), testAccountID, fullAccessBookmark)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessBookmark, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err = client.UpdateZoneLevelAccessBookmark(context.Background(), testZoneID, fullAccessBookmark)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, fullAccessBookmark, actual)
-	}
-}
-
-func TestUpdateAccessBookmarkWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessBookmark(context.Background(), testZoneID, AccessBookmark{})
-	assert.EqualError(t, err, "access bookmark ID cannot be empty")
-
-	_, err = client.UpdateZoneLevelAccessBookmark(context.Background(), testZoneID, AccessBookmark{})
-	assert.EqualError(t, err, "access bookmark ID cannot be empty")
-}
-
-func TestDeleteAccessBookmark(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-      }
-    }
-    `)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err := client.DeleteAccessBookmark(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/bookmarks/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err = client.DeleteZoneLevelAccessBookmark(context.Background(), testZoneID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_ca_certificate.go b/pkg/cloudflare-go/access_ca_certificate.go
deleted file mode 100644
index 8f167875ed..0000000000
--- a/pkg/cloudflare-go/access_ca_certificate.go
+++ /dev/null
@@ -1,153 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessCACertificate is the structure of the CA certificate used for
-// short-lived certificates.
-type AccessCACertificate struct {
-	ID        string `json:"id"`
-	Aud       string `json:"aud"`
-	PublicKey string `json:"public_key"`
-}
-
-// AccessCACertificateListResponse represents the response of all CA
-// certificates within Access.
-type AccessCACertificateListResponse struct {
-	Response
-	Result []AccessCACertificate `json:"result"`
-	ResultInfo
-}
-
-// AccessCACertificateResponse represents the response of a single CA
-// certificate.
-type AccessCACertificateResponse struct {
-	Response
-	Result AccessCACertificate `json:"result"`
-}
-
-type ListAccessCACertificatesParams struct {
-	ResultInfo
-}
-
-type CreateAccessCACertificateParams struct {
-	ApplicationID string
-}
-
-// ListAccessCACertificates returns all AccessCACertificate within Access.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-list-short-lived-certificate-c-as
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-list-short-lived-certificate-c-as
-func (api *API) ListAccessCACertificates(ctx context.Context, rc *ResourceContainer, params ListAccessCACertificatesParams) ([]AccessCACertificate, *ResultInfo, error) {
-	baseURL := fmt.Sprintf("/%s/%s/access/apps/ca", rc.Level, rc.Identifier)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessCACertificates []AccessCACertificate
-	var r AccessCACertificateListResponse
-
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessCACertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessCACertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		accessCACertificates = append(accessCACertificates, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessCACertificates, &r.ResultInfo, nil
-}
-
-// GetAccessCACertificate returns a single CA certificate associated within
-// Access.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-get-a-short-lived-certificate-ca
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-get-a-short-lived-certificate-ca
-func (api *API) GetAccessCACertificate(ctx context.Context, rc *ResourceContainer, applicationID string) (AccessCACertificate, error) {
-	uri := fmt.Sprintf("/%s/%s/access/apps/%s/ca", rc.Level, rc.Identifier, applicationID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessCACertificate{}, err
-	}
-
-	var accessCAResponse AccessCACertificateResponse
-	err = json.Unmarshal(res, &accessCAResponse)
-	if err != nil {
-		return AccessCACertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessCAResponse.Result, nil
-}
-
-// CreateAccessCACertificate creates a new CA certificate for an AccessApplication.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-create-a-short-lived-certificate-ca
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-create-a-short-lived-certificate-ca
-func (api *API) CreateAccessCACertificate(ctx context.Context, rc *ResourceContainer, params CreateAccessCACertificateParams) (AccessCACertificate, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s/ca",
-		rc.Level,
-		rc.Identifier,
-		params.ApplicationID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return AccessCACertificate{}, err
-	}
-
-	var accessCACertificate AccessCACertificateResponse
-	err = json.Unmarshal(res, &accessCACertificate)
-	if err != nil {
-		return AccessCACertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessCACertificate.Result, nil
-}
-
-// DeleteAccessCACertificate deletes an Access CA certificate on a defined
-// AccessApplication.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-short-lived-certificate-c-as-delete-a-short-lived-certificate-ca
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-short-lived-certificate-c-as-delete-a-short-lived-certificate-ca
-func (api *API) DeleteAccessCACertificate(ctx context.Context, rc *ResourceContainer, applicationID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/apps/%s/ca",
-		rc.Level,
-		rc.Identifier,
-		applicationID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_ca_certificate_test.go b/pkg/cloudflare-go/access_ca_certificate_test.go
deleted file mode 100644
index bb75b90a10..0000000000
--- a/pkg/cloudflare-go/access_ca_certificate_test.go
+++ /dev/null
@@ -1,170 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessCACertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "result": {
-    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}
-		`)
-	}
-
-	want := AccessCACertificate{
-		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+testAccessApplicationID+"/ca", handler)
-
-	actual, err := client.GetAccessCACertificate(context.Background(), testAccountRC, testAccessApplicationID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+testAccessApplicationID+"/ca", handler)
-
-	actual, err = client.GetAccessCACertificate(context.Background(), testZoneRC, testAccessApplicationID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessCACertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "result": [{
-    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
-  }],
-  "success": true,
-  "errors": [],
-  "messages": []
-}
-		`)
-	}
-
-	want := []AccessCACertificate{{
-		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/ca", handler)
-
-	actual, _, err := client.ListAccessCACertificates(context.Background(), testAccountRC, ListAccessCACertificatesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/ca", handler)
-
-	actual, _, err = client.ListAccessCACertificates(context.Background(), testZoneRC, ListAccessCACertificatesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessCACertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "result": {
-    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-    "aud": "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-    "public_key": "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org"
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}
-		`)
-	}
-
-	want := AccessCACertificate{
-		ID:        "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4",
-		Aud:       "7d1996154eb606c19e31dd777fe6981f57a5ab66735c5c00fefd01b1200ba9d0",
-		PublicKey: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTI...3urg/XpGMdgaSs5ZdptUPw= open-ssh-ca@cloudflareaccess.org",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
-
-	actual, err := client.CreateAccessCACertificate(context.Background(), testAccountRC, CreateAccessCACertificateParams{ApplicationID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
-
-	actual, err = client.CreateAccessCACertificate(context.Background(), testZoneRC, CreateAccessCACertificateParams{ApplicationID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteAccessCACertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "result": {
-    "id": "4f74df465b2a53271d4219ac2ce2598e24b5e2c60c7924f4"
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
-
-	err := client.DeleteAccessCACertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/ca", handler)
-
-	err = client.DeleteAccessCACertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_custom_page.go b/pkg/cloudflare-go/access_custom_page.go
deleted file mode 100644
index cb7e2ccb2a..0000000000
--- a/pkg/cloudflare-go/access_custom_page.go
+++ /dev/null
@@ -1,127 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingUID = errors.New("required UID missing")
-
-type AccessCustomPageType string
-
-const (
-	Forbidden      AccessCustomPageType = "forbidden"
-	IdentityDenied AccessCustomPageType = "identity_denied"
-)
-
-type AccessCustomPage struct {
-	// The HTML content of the custom page.
-	CustomHTML string               `json:"custom_html,omitempty"`
-	Name       string               `json:"name,omitempty"`
-	AppCount   int                  `json:"app_count,omitempty"`
-	Type       AccessCustomPageType `json:"type,omitempty"`
-	UID        string               `json:"uid,omitempty"`
-}
-
-type AccessCustomPageListResponse struct {
-	Response
-	Result     []AccessCustomPage `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type AccessCustomPageResponse struct {
-	Response
-	Result AccessCustomPage `json:"result"`
-}
-
-type ListAccessCustomPagesParams struct{}
-
-type CreateAccessCustomPageParams struct {
-	CustomHTML string               `json:"custom_html,omitempty"`
-	Name       string               `json:"name,omitempty"`
-	Type       AccessCustomPageType `json:"type,omitempty"`
-}
-
-type UpdateAccessCustomPageParams struct {
-	CustomHTML string               `json:"custom_html,omitempty"`
-	Name       string               `json:"name,omitempty"`
-	Type       AccessCustomPageType `json:"type,omitempty"`
-	UID        string               `json:"uid,omitempty"`
-}
-
-func (api *API) ListAccessCustomPages(ctx context.Context, rc *ResourceContainer, params ListAccessCustomPagesParams) ([]AccessCustomPage, error) {
-	uri := buildURI(fmt.Sprintf("/%s/%s/access/custom_pages", rc.Level, rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessCustomPage{}, err
-	}
-
-	var customPagesResponse AccessCustomPageListResponse
-	err = json.Unmarshal(res, &customPagesResponse)
-	if err != nil {
-		return []AccessCustomPage{}, err
-	}
-	return customPagesResponse.Result, nil
-}
-
-func (api *API) GetAccessCustomPage(ctx context.Context, rc *ResourceContainer, id string) (AccessCustomPage, error) {
-	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-
-	var customPageResponse AccessCustomPageResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-	return customPageResponse.Result, nil
-}
-
-func (api *API) CreateAccessCustomPage(ctx context.Context, rc *ResourceContainer, params CreateAccessCustomPageParams) (AccessCustomPage, error) {
-	uri := fmt.Sprintf("/%s/%s/access/custom_pages", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-
-	var customPageResponse AccessCustomPageResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-	return customPageResponse.Result, nil
-}
-
-func (api *API) DeleteAccessCustomPage(ctx context.Context, rc *ResourceContainer, id string) error {
-	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, id)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-func (api *API) UpdateAccessCustomPage(ctx context.Context, rc *ResourceContainer, params UpdateAccessCustomPageParams) (AccessCustomPage, error) {
-	if params.UID == "" {
-		return AccessCustomPage{}, ErrMissingUID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/access/custom_pages/%s", rc.Level, rc.Identifier, params.UID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-
-	var customPageResponse AccessCustomPageResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return AccessCustomPage{}, err
-	}
-	return customPageResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_custom_page_test.go b/pkg/cloudflare-go/access_custom_page_test.go
deleted file mode 100644
index c81f034cd1..0000000000
--- a/pkg/cloudflare-go/access_custom_page_test.go
+++ /dev/null
@@ -1,196 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessCustomPages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"name": "Forbidden",
-					"app_count": 0,
-					"type": "forbidden",
-					"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	want := []AccessCustomPage{
-		{
-			Name:     "Forbidden",
-			AppCount: 0,
-			Type:     Forbidden,
-			UID:      "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
-		},
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages", handler)
-	actual, err := client.ListAccessCustomPages(context.Background(), AccountIdentifier(testAccountID), ListAccessCustomPagesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessCustomPage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
-				"name": "Forbidden",
-				"app_count": 0,
-				"type": "forbidden",
-				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
-			}
-		}`)
-	}
-
-	want := AccessCustomPage{
-		Name:       "Forbidden",
-		AppCount:   0,
-		Type:       Forbidden,
-		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
-		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
-	actual, err := client.GetAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessCustomPage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodPost, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
-				"name": "Forbidden",
-				"app_count": 0,
-				"type": "forbidden",
-				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
-			}
-		}`)
-	}
-
-	customPage := AccessCustomPage{
-		Name:       "Forbidden",
-		AppCount:   0,
-		Type:       Forbidden,
-		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
-		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages", handler)
-	actual, err := client.CreateAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), CreateAccessCustomPageParams{
-		Name:       "Forbidden",
-		Type:       Forbidden,
-		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, customPage, actual)
-	}
-}
-
-func TestUpdateAccessCustomPage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodPut, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"custom_html": "<html><body><h1>Forbidden</h1></body></html>",
-				"name": "Forbidden",
-				"app_count": 0,
-				"type": "forbidden",
-				"uid": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
-			}
-		}`)
-	}
-
-	customPage := AccessCustomPage{
-		Name:       "Forbidden",
-		AppCount:   0,
-		Type:       Forbidden,
-		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
-		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
-	actual, err := client.UpdateAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), UpdateAccessCustomPageParams{
-		UID:        "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc",
-		Name:       "Forbidden",
-		Type:       Forbidden,
-		CustomHTML: "<html><body><h1>Forbidden</h1></body></html>",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, customPage, actual)
-	}
-}
-
-func TestDeleteAccessCustomPage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodDelete, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			result: {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/custom_pages/480f4f69-1a28-4fdd-9240-1ed29f0ac1dc", handler)
-	err := client.DeleteAccessCustomPage(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1dc")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_group.go b/pkg/cloudflare-go/access_group.go
deleted file mode 100644
index a521db8e02..0000000000
--- a/pkg/cloudflare-go/access_group.go
+++ /dev/null
@@ -1,405 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessGroup defines a group for allowing or disallowing access to
-// one or more Access applications.
-type AccessGroup struct {
-	ID        string     `json:"id,omitempty"`
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-	Name      string     `json:"name"`
-
-	// The include group works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude group works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require group works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-// AccessGroupEmail is used for managing access based on the email.
-// For example, restrict access to users with the email addresses
-// `test@example.com` or `someone@example.com`.
-type AccessGroupEmail struct {
-	Email struct {
-		Email string `json:"email"`
-	} `json:"email"`
-}
-
-// AccessGroupEmailList is used for managing access based on the email
-// list. For example, restrict access to users with the email addresses
-// in the email list with the ID `1234567890abcdef1234567890abcdef`.
-type AccessGroupEmailList struct {
-	EmailList struct {
-		ID string `json:"id"`
-	} `json:"email_list"`
-}
-
-// AccessGroupEmailDomain is used for managing access based on an email
-// domain such as `example.com` instead of individual addresses.
-type AccessGroupEmailDomain struct {
-	EmailDomain struct {
-		Domain string `json:"domain"`
-	} `json:"email_domain"`
-}
-
-// AccessGroupIP is used for managing access based in the IP. It
-// accepts individual IPs or CIDRs.
-type AccessGroupIP struct {
-	IP struct {
-		IP string `json:"ip"`
-	} `json:"ip"`
-}
-
-// AccessGroupGeo is used for managing access based on the country code.
-type AccessGroupGeo struct {
-	Geo struct {
-		CountryCode string `json:"country_code"`
-	} `json:"geo"`
-}
-
-// AccessGroupEveryone is used for managing access to everyone.
-type AccessGroupEveryone struct {
-	Everyone struct{} `json:"everyone"`
-}
-
-// AccessGroupServiceToken is used for managing access based on a specific
-// service token.
-type AccessGroupServiceToken struct {
-	ServiceToken struct {
-		ID string `json:"token_id"`
-	} `json:"service_token"`
-}
-
-// AccessGroupAnyValidServiceToken is used for managing access for all valid
-// service tokens (not restricted).
-type AccessGroupAnyValidServiceToken struct {
-	AnyValidServiceToken struct{} `json:"any_valid_service_token"`
-}
-
-// AccessGroupAccessGroup is used for managing access based on an
-// access group.
-type AccessGroupAccessGroup struct {
-	Group struct {
-		ID string `json:"id"`
-	} `json:"group"`
-}
-
-// AccessGroupCertificate is used for managing access to based on a valid
-// mTLS certificate being presented.
-type AccessGroupCertificate struct {
-	Certificate struct{} `json:"certificate"`
-}
-
-// AccessGroupCertificateCommonName is used for managing access based on a
-// common name within a certificate.
-type AccessGroupCertificateCommonName struct {
-	CommonName struct {
-		CommonName string `json:"common_name"`
-	} `json:"common_name"`
-}
-
-// AccessGroupExternalEvaluation is used for passing user identity to an external url.
-type AccessGroupExternalEvaluation struct {
-	ExternalEvaluation struct {
-		EvaluateURL string `json:"evaluate_url"`
-		KeysURL     string `json:"keys_url"`
-	} `json:"external_evaluation"`
-}
-
-// AccessGroupGSuite is used to configure access based on GSuite group.
-type AccessGroupGSuite struct {
-	Gsuite struct {
-		Email              string `json:"email"`
-		IdentityProviderID string `json:"identity_provider_id"`
-	} `json:"gsuite"`
-}
-
-// AccessGroupGitHub is used to configure access based on a GitHub organisation.
-type AccessGroupGitHub struct {
-	GitHubOrganization struct {
-		Name               string `json:"name"`
-		Team               string `json:"team,omitempty"`
-		IdentityProviderID string `json:"identity_provider_id"`
-	} `json:"github-organization"`
-}
-
-// AccessGroupAzure is used to configure access based on a Azure group.
-type AccessGroupAzure struct {
-	AzureAD struct {
-		ID                 string `json:"id"`
-		IdentityProviderID string `json:"identity_provider_id"`
-	} `json:"azureAD"`
-}
-
-// AccessGroupOkta is used to configure access based on a Okta group.
-type AccessGroupOkta struct {
-	Okta struct {
-		Name               string `json:"name"`
-		IdentityProviderID string `json:"identity_provider_id"`
-	} `json:"okta"`
-}
-
-// AccessGroupSAML is used to allow SAML users with a specific attribute
-// configuration.
-type AccessGroupSAML struct {
-	Saml struct {
-		AttributeName      string `json:"attribute_name"`
-		AttributeValue     string `json:"attribute_value"`
-		IdentityProviderID string `json:"identity_provider_id"`
-	} `json:"saml"`
-}
-
-// AccessGroupAzureAuthContext is used to configure access based on Azure auth contexts.
-type AccessGroupAzureAuthContext struct {
-	AuthContext struct {
-		ID                 string `json:"id"`
-		IdentityProviderID string `json:"identity_provider_id"`
-		ACID               string `json:"ac_id"`
-	} `json:"auth_context"`
-}
-
-// AccessGroupAuthMethod is used for managing access by the "amr"
-// (Authentication Methods References) identifier. For example, an
-// application may want to require that users authenticate using a hardware
-// key by setting the "auth_method" to "swk". A list of values are listed
-// here: https://tools.ietf.org/html/rfc8176#section-2. Custom values are
-// supported as well.
-type AccessGroupAuthMethod struct {
-	AuthMethod struct {
-		AuthMethod string `json:"auth_method"`
-	} `json:"auth_method"`
-}
-
-// AccessGroupLoginMethod restricts the application to specific IdP instances.
-type AccessGroupLoginMethod struct {
-	LoginMethod struct {
-		ID string `json:"id"`
-	} `json:"login_method"`
-}
-
-// AccessGroupDevicePosture restricts the application to specific devices.
-type AccessGroupDevicePosture struct {
-	DevicePosture struct {
-		ID string `json:"integration_uid"`
-	} `json:"device_posture"`
-}
-
-// AccessGroupListResponse represents the response from the list
-// access group endpoint.
-type AccessGroupListResponse struct {
-	Result []AccessGroup `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessGroupIPList restricts the application to specific teams_list of ips.
-type AccessGroupIPList struct {
-	IPList struct {
-		ID string `json:"id"`
-	} `json:"ip_list"`
-}
-
-// AccessGroupDetailResponse is the API response, containing a single
-// access group.
-type AccessGroupDetailResponse struct {
-	Success  bool        `json:"success"`
-	Errors   []string    `json:"errors"`
-	Messages []string    `json:"messages"`
-	Result   AccessGroup `json:"result"`
-}
-
-type ListAccessGroupsParams struct {
-	ResultInfo
-}
-
-type CreateAccessGroupParams struct {
-	Name string `json:"name"`
-
-	// The include group works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude group works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require group works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-type UpdateAccessGroupParams struct {
-	ID   string `json:"id,omitempty"`
-	Name string `json:"name"`
-
-	// The include group works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude group works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require group works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-// ListAccessGroups returns all access groups for an access application.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-list-access-groups
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-list-access-groups
-func (api *API) ListAccessGroups(ctx context.Context, rc *ResourceContainer, params ListAccessGroupsParams) ([]AccessGroup, *ResultInfo, error) {
-	baseURL := fmt.Sprintf("/%s/%s/access/groups", rc.Level, rc.Identifier)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessGroups []AccessGroup
-	var r AccessGroupListResponse
-
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessGroup{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessGroup{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		accessGroups = append(accessGroups, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessGroups, &r.ResultInfo, nil
-}
-
-// GetAccessGroup returns a single group based on the group ID.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-get-an-access-group
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-get-an-access-group
-func (api *API) GetAccessGroup(ctx context.Context, rc *ResourceContainer, groupID string) (AccessGroup, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/groups/%s",
-		rc.Level,
-		rc.Identifier,
-		groupID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessGroup{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessGroupDetailResponse AccessGroupDetailResponse
-	err = json.Unmarshal(res, &accessGroupDetailResponse)
-	if err != nil {
-		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessGroupDetailResponse.Result, nil
-}
-
-// CreateAccessGroup creates a new access group.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-create-an-access-group
-// Zone API Reference:https://developers.cloudflare.com/api/operations/zone-level-access-groups-create-an-access-group
-func (api *API) CreateAccessGroup(ctx context.Context, rc *ResourceContainer, params CreateAccessGroupParams) (AccessGroup, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/groups",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessGroup{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessGroupDetailResponse AccessGroupDetailResponse
-	err = json.Unmarshal(res, &accessGroupDetailResponse)
-	if err != nil {
-		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessGroupDetailResponse.Result, nil
-}
-
-// UpdateAccessGroup updates an existing access group.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-update-an-access-group
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-update-an-access-group
-func (api *API) UpdateAccessGroup(ctx context.Context, rc *ResourceContainer, params UpdateAccessGroupParams) (AccessGroup, error) {
-	if params.ID == "" {
-		return AccessGroup{}, fmt.Errorf("access group ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/groups/%s",
-		rc.Level,
-		rc.Identifier,
-		params.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessGroup{}, err
-	}
-
-	var accessGroupDetailResponse AccessGroupDetailResponse
-	err = json.Unmarshal(res, &accessGroupDetailResponse)
-	if err != nil {
-		return AccessGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessGroupDetailResponse.Result, nil
-}
-
-// DeleteAccessGroup deletes an access group
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-groups-delete-an-access-group
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-groups-delete-an-access-group
-func (api *API) DeleteAccessGroup(ctx context.Context, rc *ResourceContainer, groupID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/groups/%s",
-		rc.Level,
-		rc.Identifier,
-		groupID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_group_test.go b/pkg/cloudflare-go/access_group_test.go
deleted file mode 100644
index 3acb9acaea..0000000000
--- a/pkg/cloudflare-go/access_group_test.go
+++ /dev/null
@@ -1,471 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	accessGroupID = "699d98642c564d2e855e9661899b7252"
-
-	expectedAccessGroup = AccessGroup{
-		ID:        "699d98642c564d2e855e9661899b7252",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		Name:      "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Require: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-	}
-
-	expectedAccessGroupIpList = AccessGroup{
-		ID:        "899d98642c564d2e855e9661899b7252",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		Name:      "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"ip_list": map[string]interface{}{"id": "989d98642c564d2e855e9661899b7252"}},
-		},
-	}
-
-	expectedAccessGroupEmailList = AccessGroup{
-		ID:        "a99d98642c564d2e855e9661899b7252",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		Name:      "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email_list": map[string]interface{}{"id": "8a9d98642c564d2e855e9661899b7252"}},
-		},
-	}
-)
-
-func TestAccessGroups(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "699d98642c564d2e855e9661899b7252",
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z",
-					"name": "Allow devs",
-					"include": [
-						{
-							"email": {
-								"email": "test@example.com"
-							}
-						}
-					],
-					"exclude": [
-						{
-							"email": {
-								"email": "test@example.com"
-							}
-						}
-					],
-					"require": [
-						{
-							"email": {
-								"email": "test@example.com"
-							}
-						}
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
-
-	actual, _, err := client.ListAccessGroups(context.Background(), testAccountRC, ListAccessGroupsParams{ResultInfo{}})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessGroup{expectedAccessGroup}, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
-
-	actual, _, err = client.ListAccessGroups(context.Background(), testZoneRC, ListAccessGroupsParams{ResultInfo{}})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessGroup{expectedAccessGroup}, actual)
-	}
-}
-
-func TestAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
-
-	actual, err := client.GetAccessGroup(context.Background(), testAccountRC, accessGroupID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
-
-	actual, err = client.GetAccessGroup(context.Background(), testZoneRC, accessGroupID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-}
-
-func TestCreateAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
-
-	params := CreateAccessGroupParams{
-		Name: "Allow devs",
-		Include: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Require: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-	}
-
-	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
-
-	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-}
-
-func TestUpdateAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	params := UpdateAccessGroupParams{
-		ID:   "699d98642c564d2e855e9661899b7252",
-		Name: "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Require: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
-	actual, err := client.UpdateAccessGroup(context.Background(), testAccountRC, params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
-	actual, err = client.UpdateAccessGroup(context.Background(), testZoneRC, params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroup, actual)
-	}
-}
-
-func TestUpdateAccessGroupWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessGroup(context.Background(), testAccountRC, UpdateAccessGroupParams{})
-	assert.EqualError(t, err, "access group ID cannot be empty")
-
-	_, err = client.UpdateAccessGroup(context.Background(), testZoneRC, UpdateAccessGroupParams{})
-	assert.EqualError(t, err, "access group ID cannot be empty")
-}
-
-func TestDeleteAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups/"+accessGroupID, handler)
-	err := client.DeleteAccessGroup(context.Background(), testAccountRC, accessGroupID)
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups/"+accessGroupID, handler)
-	err = client.DeleteAccessGroup(context.Background(), testZoneRC, accessGroupID)
-
-	assert.NoError(t, err)
-}
-
-func TestCreateIPListAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "899d98642c564d2e855e9661899b7252",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"ip_list": {
-							"id": "989d98642c564d2e855e9661899b7252"
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
-
-	accessGroup := CreateAccessGroupParams{
-		Name: "Allow devs by iplist",
-		Include: []interface{}{
-			AccessGroupIPList{struct {
-				ID string `json:"id"`
-			}{ID: "989d98642c564d2e855e9661899b7252"}},
-		},
-	}
-
-	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, accessGroup)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroupIpList, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
-
-	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, accessGroup)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroupIpList, actual)
-	}
-}
-
-func TestCreateEmailListAccessGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "a99d98642c564d2e855e9661899b7252",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email_list": {
-							"id": "8a9d98642c564d2e855e9661899b7252"
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/groups", handler)
-
-	accessGroup := CreateAccessGroupParams{
-		Name: "Allow devs by email_list",
-		Include: []interface{}{
-			AccessGroupEmailList{struct {
-				ID string `json:"id"`
-			}{ID: "989d98642c564d2e855e9661899b7252"}},
-		},
-	}
-
-	actual, err := client.CreateAccessGroup(context.Background(), testAccountRC, accessGroup)
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroupEmailList, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/groups", handler)
-
-	actual, err = client.CreateAccessGroup(context.Background(), testZoneRC, accessGroup)
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessGroupEmailList, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_identity_provider.go b/pkg/cloudflare-go/access_identity_provider.go
deleted file mode 100644
index a1ffc8ced5..0000000000
--- a/pkg/cloudflare-go/access_identity_provider.go
+++ /dev/null
@@ -1,306 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessIdentityProvider is the structure of the provider object.
-type AccessIdentityProvider struct {
-	ID         string                                  `json:"id,omitempty"`
-	Name       string                                  `json:"name"`
-	Type       string                                  `json:"type"`
-	Config     AccessIdentityProviderConfiguration     `json:"config"`
-	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
-}
-
-// AccessIdentityProviderConfiguration is the combined structure of *all*
-// identity provider configuration fields. This is done to simplify the use of
-// Access products and their relationship to each other.
-//
-// API reference: https://developers.cloudflare.com/access/configuring-identity-providers/
-type AccessIdentityProviderConfiguration struct {
-	APIToken                  string   `json:"api_token,omitempty"`
-	AppsDomain                string   `json:"apps_domain,omitempty"`
-	Attributes                []string `json:"attributes,omitempty"`
-	AuthURL                   string   `json:"auth_url,omitempty"`
-	CentrifyAccount           string   `json:"centrify_account,omitempty"`
-	CentrifyAppID             string   `json:"centrify_app_id,omitempty"`
-	CertsURL                  string   `json:"certs_url,omitempty"`
-	ClientID                  string   `json:"client_id,omitempty"`
-	ClientSecret              string   `json:"client_secret,omitempty"`
-	Claims                    []string `json:"claims,omitempty"`
-	Scopes                    []string `json:"scopes,omitempty"`
-	DirectoryID               string   `json:"directory_id,omitempty"`
-	EmailAttributeName        string   `json:"email_attribute_name,omitempty"`
-	EmailClaimName            string   `json:"email_claim_name,omitempty"`
-	IdpPublicCert             string   `json:"idp_public_cert,omitempty"`
-	IssuerURL                 string   `json:"issuer_url,omitempty"`
-	OktaAccount               string   `json:"okta_account,omitempty"`
-	OktaAuthorizationServerID string   `json:"authorization_server_id,omitempty"`
-	OneloginAccount           string   `json:"onelogin_account,omitempty"`
-	PingEnvID                 string   `json:"ping_env_id,omitempty"`
-	RedirectURL               string   `json:"redirect_url,omitempty"`
-	SignRequest               bool     `json:"sign_request,omitempty"`
-	SsoTargetURL              string   `json:"sso_target_url,omitempty"`
-	SupportGroups             bool     `json:"support_groups,omitempty"`
-	TokenURL                  string   `json:"token_url,omitempty"`
-	PKCEEnabled               *bool    `json:"pkce_enabled,omitempty"`
-	ConditionalAccessEnabled  bool     `json:"conditional_access_enabled,omitempty"`
-}
-
-type AccessIdentityProviderScimConfiguration struct {
-	Enabled                bool   `json:"enabled,omitempty"`
-	Secret                 string `json:"secret,omitempty"`
-	UserDeprovision        bool   `json:"user_deprovision,omitempty"`
-	SeatDeprovision        bool   `json:"seat_deprovision,omitempty"`
-	GroupMemberDeprovision bool   `json:"group_member_deprovision,omitempty"`
-}
-
-// AccessIdentityProvidersListResponse is the API response for multiple
-// Access Identity Providers.
-type AccessIdentityProvidersListResponse struct {
-	Response
-	Result     []AccessIdentityProvider `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// AccessIdentityProviderResponse is the API response for a single
-// Access Identity Provider.
-type AccessIdentityProviderResponse struct {
-	Response
-	Result AccessIdentityProvider `json:"result"`
-}
-
-type ListAccessIdentityProvidersParams struct {
-	ResultInfo
-}
-
-type CreateAccessIdentityProviderParams struct {
-	Name       string                                  `json:"name"`
-	Type       string                                  `json:"type"`
-	Config     AccessIdentityProviderConfiguration     `json:"config"`
-	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
-}
-
-type UpdateAccessIdentityProviderParams struct {
-	ID         string                                  `json:"-"`
-	Name       string                                  `json:"name"`
-	Type       string                                  `json:"type"`
-	Config     AccessIdentityProviderConfiguration     `json:"config"`
-	ScimConfig AccessIdentityProviderScimConfiguration `json:"scim_config"`
-}
-
-// AccessAuthContext represents an Access Azure Identity Provider Auth Context.
-type AccessAuthContext struct {
-	ID          string `json:"id"`
-	UID         string `json:"uid"`
-	ACID        string `json:"ac_id"`
-	DisplayName string `json:"display_name"`
-	Description string `json:"description"`
-}
-
-// AccessAuthContextsListResponse represents the response from the list
-// Access Auth Contexts endpoint.
-type AccessAuthContextsListResponse struct {
-	Result []AccessAuthContext `json:"result"`
-	Response
-}
-
-// ListAccessIdentityProviders returns all Access Identity Providers for an
-// account or zone.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-list-access-identity-providers
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-list-access-identity-providers
-func (api *API) ListAccessIdentityProviders(ctx context.Context, rc *ResourceContainer, params ListAccessIdentityProvidersParams) ([]AccessIdentityProvider, *ResultInfo, error) {
-	baseURL := fmt.Sprintf("/%s/%s/access/identity_providers", rc.Level, rc.Identifier)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessProviders []AccessIdentityProvider
-	var r AccessIdentityProvidersListResponse
-
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessIdentityProvider{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessIdentityProvider{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		accessProviders = append(accessProviders, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessProviders, &r.ResultInfo, nil
-}
-
-// GetAccessIdentityProvider returns a single Access Identity
-// Provider for an account or zone.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-get-an-access-identity-provider
-func (api *API) GetAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, identityProviderID string) (AccessIdentityProvider, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/identity_providers/%s",
-		rc.Level,
-		rc.Identifier,
-		identityProviderID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessIdentityProviderResponse AccessIdentityProviderResponse
-	err = json.Unmarshal(res, &accessIdentityProviderResponse)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessIdentityProviderResponse.Result, nil
-}
-
-// CreateAccessIdentityProvider creates a new Access Identity Provider.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-add-an-access-identity-provider
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-add-an-access-identity-provider
-func (api *API) CreateAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, params CreateAccessIdentityProviderParams) (AccessIdentityProvider, error) {
-	uri := fmt.Sprintf("/%s/%s/access/identity_providers", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessIdentityProviderResponse AccessIdentityProviderResponse
-	err = json.Unmarshal(res, &accessIdentityProviderResponse)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessIdentityProviderResponse.Result, nil
-}
-
-// UpdateAccessIdentityProvider updates an existing Access Identity
-// Provider.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-update-an-access-identity-provider
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-update-an-access-identity-provider
-func (api *API) UpdateAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, params UpdateAccessIdentityProviderParams) (AccessIdentityProvider, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/identity_providers/%s",
-		rc.Level,
-		rc.Identifier,
-		params.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessIdentityProvider{}, err
-	}
-
-	var accessIdentityProviderResponse AccessIdentityProviderResponse
-	err = json.Unmarshal(res, &accessIdentityProviderResponse)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessIdentityProviderResponse.Result, nil
-}
-
-// DeleteAccessIdentityProvider deletes an Access Identity Provider.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-delete-an-access-identity-provider
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-delete-an-access-identity-provider
-func (api *API) DeleteAccessIdentityProvider(ctx context.Context, rc *ResourceContainer, identityProviderUUID string) (AccessIdentityProvider, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/identity_providers/%s",
-		rc.Level,
-		rc.Identifier,
-		identityProviderUUID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessIdentityProviderResponse AccessIdentityProviderResponse
-	err = json.Unmarshal(res, &accessIdentityProviderResponse)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessIdentityProviderResponse.Result, nil
-}
-
-// ListAccessIdentityProviderAuthContexts returns an identity provider's auth contexts
-// AzureAD only
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-get-an-access-identity-provider
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-get-an-access-identity-provider
-func (api *API) ListAccessIdentityProviderAuthContexts(ctx context.Context, rc *ResourceContainer, identityProviderID string) ([]AccessAuthContext, error) {
-	uri := fmt.Sprintf("/%s/%s/access/identity_providers/%s/auth_context", rc.Level, rc.Identifier, identityProviderID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessAuthContext{}, err
-	}
-
-	var accessAuthContextListResponse AccessAuthContextsListResponse
-	err = json.Unmarshal(res, &accessAuthContextListResponse)
-	if err != nil {
-		return []AccessAuthContext{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessAuthContextListResponse.Result, nil
-}
-
-// UpdateAccessIdentityProviderAuthContexts updates an existing Access Identity
-// Provider.
-// AzureAD only
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-identity-providers-refresh-an-access-identity-provider-auth-contexts
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-identity-providers-update-an-access-identity-provider
-func (api *API) UpdateAccessIdentityProviderAuthContexts(ctx context.Context, rc *ResourceContainer, identityProviderID string) (AccessIdentityProvider, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/identity_providers/%s/auth_context",
-		rc.Level,
-		rc.Identifier,
-		identityProviderID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
-	if err != nil {
-		return AccessIdentityProvider{}, err
-	}
-
-	var accessIdentityProviderResponse AccessIdentityProviderResponse
-	err = json.Unmarshal(res, &accessIdentityProviderResponse)
-	if err != nil {
-		return AccessIdentityProvider{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessIdentityProviderResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_identity_provider_test.go b/pkg/cloudflare-go/access_identity_provider_test.go
deleted file mode 100644
index e928541517..0000000000
--- a/pkg/cloudflare-go/access_identity_provider_test.go
+++ /dev/null
@@ -1,416 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListAccessIdentityProviders(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "1", r.URL.Query().Get("page"))
-		assert.Equal(t, "25", r.URL.Query().Get("per_page"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-					"name": "Widget Corps OTP",
-					"type": "github",
-					"config": {
-						"client_id": "example_id",
-						"client_secret": "a-secret-key"
-					}
-				}
-			],
-			"result_info": {
-				"count": 1,
-				"page": 1,
-				"per_page": 20,
-				"total_count": 1
-		  	}
-		}
-		`)
-	}
-
-	want := []AccessIdentityProvider{
-		{
-			ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			Name: "Widget Corps OTP",
-			Type: "github",
-			Config: AccessIdentityProviderConfiguration{
-				ClientID:     "example_id",
-				ClientSecret: "a-secret-key",
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers", handler)
-
-	actual, _, err := client.ListAccessIdentityProviders(context.Background(), testAccountRC, ListAccessIdentityProvidersParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers", handler)
-
-	actual, _, err = client.ListAccessIdentityProviders(context.Background(), testZoneRC, ListAccessIdentityProvidersParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessIdentityProviderDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "Widget Corps OTP",
-				"type": "github",
-				"config": {
-					"client_id": "example_id",
-					"client_secret": "a-secret-key"
-				}
-			}
-		}
-		`)
-	}
-
-	want := AccessIdentityProvider{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:     "example_id",
-			ClientSecret: "a-secret-key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc841", handler)
-
-	actual, err := client.GetAccessIdentityProvider(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc841")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc841", handler)
-
-	actual, err = client.GetAccessIdentityProvider(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc841")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessIdentityProvider(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "Widget Corps OTP",
-				"type": "github",
-				"config": {
-					"client_id": "example_id",
-					"client_secret": "a-secret-key",
-					"conditional_access_enabled": true
-				}
-			}
-		}
-		`)
-	}
-
-	newIdentityProvider := CreateAccessIdentityProviderParams{
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:                 "example_id",
-			ClientSecret:             "a-secret-key",
-			ConditionalAccessEnabled: true,
-		},
-	}
-
-	want := AccessIdentityProvider{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:                 "example_id",
-			ClientSecret:             "a-secret-key",
-			ConditionalAccessEnabled: true,
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers", handler)
-
-	actual, err := client.CreateAccessIdentityProvider(context.Background(), testAccountRC, newIdentityProvider)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers", handler)
-
-	actual, err = client.CreateAccessIdentityProvider(context.Background(), testZoneRC, newIdentityProvider)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-func TestUpdateAccessIdentityProvider(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "Widget Corps OTP",
-				"type": "github",
-				"config": {
-					"client_id": "example_id",
-					"client_secret": "a-secret-key"
-				}
-			}
-		}
-		`)
-	}
-
-	updatedIdentityProvider := UpdateAccessIdentityProviderParams{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:     "example_id",
-			ClientSecret: "a-secret-key",
-		},
-	}
-
-	want := AccessIdentityProvider{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:     "example_id",
-			ClientSecret: "a-secret-key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.UpdateAccessIdentityProvider(context.Background(), testAccountRC, updatedIdentityProvider)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.UpdateAccessIdentityProvider(context.Background(), testZoneRC, updatedIdentityProvider)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteAccessIdentityProvider(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "Widget Corps OTP",
-				"type": "github",
-				"config": {
-					"client_id": "example_id",
-					"client_secret": "a-secret-key"
-				}
-			}
-		}
-		`)
-	}
-
-	want := AccessIdentityProvider{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps OTP",
-		Type: "github",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:     "example_id",
-			ClientSecret: "a-secret-key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.DeleteAccessIdentityProvider(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.DeleteAccessIdentityProvider(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListAccessIdentityProviderAuthContexts(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "04709095-568a-40c4-bf23-5d9edbefe21e",
-					"uid": "04709095-568a-40c4-bf23-5d9edbefe21e",
-					"ac_id": "c1",
-					"display_name": "test_c1",
-					"description": ""
-				},
-				{
-					"id": "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
-					"uid": "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
-					"ac_id": "c25",
-					"display_name": "test_c25",
-					"description": ""
-				}
-			]
-		}
-		`)
-	}
-
-	want := []AccessAuthContext{
-		{
-			ID:          "04709095-568a-40c4-bf23-5d9edbefe21e",
-			UID:         "04709095-568a-40c4-bf23-5d9edbefe21e",
-			ACID:        "c1",
-			DisplayName: "test_c1",
-			Description: "",
-		},
-		{
-			ID:          "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
-			UID:         "a6c9b024-8fd1-48b7-9a05-8bca3a43f758",
-			ACID:        "c25",
-			DisplayName: "test_c25",
-			Description: "",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
-
-	actual, err := client.ListAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
-
-	actual, err = client.ListAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessIdentityProviderAuthContext(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "Widget Corps",
-				"type": "AzureAD",
-				"config": {
-					"client_id": "example_id",
-					"client_secret": "a-secret-key",
-					"conditional_access_enabled": true
-				}
-			}
-		}
-		`)
-	}
-
-	want := AccessIdentityProvider{
-		ID:   "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name: "Widget Corps",
-		Type: "AzureAD",
-		Config: AccessIdentityProviderConfiguration{
-			ClientID:                 "example_id",
-			ClientSecret:             "a-secret-key",
-			ConditionalAccessEnabled: true,
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
-
-	actual, err := client.UpdateAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/identity_providers/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/auth_context", handler)
-
-	actual, err = client.UpdateAccessIdentityProviderAuthContexts(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_keys.go b/pkg/cloudflare-go/access_keys.go
deleted file mode 100644
index fbc714deff..0000000000
--- a/pkg/cloudflare-go/access_keys.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type AccessKeysConfig struct {
-	KeyRotationIntervalDays int       `json:"key_rotation_interval_days"`
-	LastKeyRotationAt       time.Time `json:"last_key_rotation_at"`
-	DaysUntilNextRotation   int       `json:"days_until_next_rotation"`
-}
-
-type AccessKeysConfigUpdateRequest struct {
-	KeyRotationIntervalDays int `json:"key_rotation_interval_days"`
-}
-
-type accessKeysConfigResponse struct {
-	Response
-	Result AccessKeysConfig `json:"result"`
-}
-
-// AccessKeysConfig returns the Access Keys Configuration for an account.
-//
-// API reference: https://api.cloudflare.com/#access-keys-configuration-get-access-keys-configuration
-func (api *API) AccessKeysConfig(ctx context.Context, accountID string) (AccessKeysConfig, error) {
-	uri := fmt.Sprintf("/%s/%s/access/keys", AccountRouteRoot, accountID)
-
-	return api.accessKeysRequest(ctx, http.MethodGet, uri, nil)
-}
-
-// UpdateAccessKeysConfig updates the Access Keys Configuration for an account.
-//
-// API reference: https://api.cloudflare.com/#access-keys-configuration-update-access-keys-configuration
-func (api *API) UpdateAccessKeysConfig(ctx context.Context, accountID string, request AccessKeysConfigUpdateRequest) (AccessKeysConfig, error) {
-	uri := fmt.Sprintf("/%s/%s/access/keys", AccountRouteRoot, accountID)
-
-	return api.accessKeysRequest(ctx, http.MethodPut, uri, request)
-}
-
-// RotateAccessKeys rotates the Access Keys for an account and returns the updated Access Keys Configuration
-//
-// API reference: https://api.cloudflare.com/#access-keys-configuration-rotate-access-keys
-func (api *API) RotateAccessKeys(ctx context.Context, accountID string) (AccessKeysConfig, error) {
-	uri := fmt.Sprintf("/%s/%s/access/keys/rotate", AccountRouteRoot, accountID)
-	return api.accessKeysRequest(ctx, http.MethodPost, uri, nil)
-}
-
-func (api *API) accessKeysRequest(ctx context.Context, method, uri string, params interface{}) (AccessKeysConfig, error) {
-	res, err := api.makeRequestContext(ctx, method, uri, params)
-	if err != nil {
-		return AccessKeysConfig{}, err
-	}
-
-	var keysConfigResponse accessKeysConfigResponse
-	if err := json.Unmarshal(res, &keysConfigResponse); err != nil {
-		return AccessKeysConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return keysConfigResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_keys_test.go b/pkg/cloudflare-go/access_keys_test.go
deleted file mode 100644
index 789bca638b..0000000000
--- a/pkg/cloudflare-go/access_keys_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessKeysConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"key_rotation_interval_days": 42,
-				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
-				"days_until_next_rotation": 3
-			}
-		}`)
-	}
-
-	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AccessKeysConfig{
-		KeyRotationIntervalDays: 42,
-		LastKeyRotationAt:       wantLastRotationAt,
-		DaysUntilNextRotation:   3,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys", handler)
-
-	actual, err := client.AccessKeysConfig(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessKeysConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	wantRequest := AccessKeysConfigUpdateRequest{
-		KeyRotationIntervalDays: 33,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		var gotRequest AccessKeysConfigUpdateRequest
-		assert.NoError(t, json.NewDecoder(r.Body).Decode(&gotRequest))
-		assert.Equal(t, wantRequest, gotRequest)
-
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"key_rotation_interval_days": 42,
-				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
-				"days_until_next_rotation": 3
-			}
-		}`)
-	}
-
-	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AccessKeysConfig{
-		KeyRotationIntervalDays: 42,
-		LastKeyRotationAt:       wantLastRotationAt,
-		DaysUntilNextRotation:   3,
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys", handler)
-
-	actual, err := client.UpdateAccessKeysConfig(context.Background(), testAccountID, wantRequest)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestRotateAccessKeys(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"key_rotation_interval_days": 42,
-				"last_key_rotation_at": "2014-01-01T05:20:00.12345Z",
-				"days_until_next_rotation": 3
-			}
-		}`)
-	}
-
-	wantLastRotationAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AccessKeysConfig{
-		KeyRotationIntervalDays: 42,
-		LastKeyRotationAt:       wantLastRotationAt,
-		DaysUntilNextRotation:   3,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/keys/rotate", handler)
-
-	actual, err := client.RotateAccessKeys(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_mutual_tls_certificates.go b/pkg/cloudflare-go/access_mutual_tls_certificates.go
deleted file mode 100644
index 9d4e413b17..0000000000
--- a/pkg/cloudflare-go/access_mutual_tls_certificates.go
+++ /dev/null
@@ -1,279 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessMutualTLSCertificate is the structure of a single Access Mutual TLS
-// certificate.
-type AccessMutualTLSCertificate struct {
-	ID                  string    `json:"id,omitempty"`
-	CreatedAt           time.Time `json:"created_at,omitempty"`
-	UpdatedAt           time.Time `json:"updated_at,omitempty"`
-	ExpiresOn           time.Time `json:"expires_on,omitempty"`
-	Name                string    `json:"name,omitempty"`
-	Fingerprint         string    `json:"fingerprint,omitempty"`
-	Certificate         string    `json:"certificate,omitempty"`
-	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
-}
-
-// AccessMutualTLSCertificateListResponse is the API response for all Access
-// Mutual TLS certificates.
-type AccessMutualTLSCertificateListResponse struct {
-	Response
-	Result     []AccessMutualTLSCertificate `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// AccessMutualTLSCertificateDetailResponse is the API response for a single
-// Access Mutual TLS certificate.
-type AccessMutualTLSCertificateDetailResponse struct {
-	Response
-	Result AccessMutualTLSCertificate `json:"result"`
-}
-
-type ListAccessMutualTLSCertificatesParams struct {
-	ResultInfo
-}
-
-type CreateAccessMutualTLSCertificateParams struct {
-	ExpiresOn           time.Time `json:"expires_on,omitempty"`
-	Name                string    `json:"name,omitempty"`
-	Fingerprint         string    `json:"fingerprint,omitempty"`
-	Certificate         string    `json:"certificate,omitempty"`
-	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
-}
-
-type UpdateAccessMutualTLSCertificateParams struct {
-	ID                  string    `json:"-"`
-	ExpiresOn           time.Time `json:"expires_on,omitempty"`
-	Name                string    `json:"name,omitempty"`
-	Fingerprint         string    `json:"fingerprint,omitempty"`
-	Certificate         string    `json:"certificate,omitempty"`
-	AssociatedHostnames []string  `json:"associated_hostnames,omitempty"`
-}
-
-type AccessMutualTLSHostnameSettings struct {
-	ChinaNetwork                *bool  `json:"china_network,omitempty"`
-	ClientCertificateForwarding *bool  `json:"client_certificate_forwarding,omitempty"`
-	Hostname                    string `json:"hostname,omitempty"`
-}
-
-type GetAccessMutualTLSHostnameSettingsResponse struct {
-	Response
-	Result []AccessMutualTLSHostnameSettings `json:"result"`
-}
-
-type UpdateAccessMutualTLSHostnameSettingsParams struct {
-	Settings []AccessMutualTLSHostnameSettings `json:"settings,omitempty"`
-}
-
-// ListAccessMutualTLSCertificates returns all Access TLS certificates
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-list-mtls-certificates
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates
-func (api *API) ListAccessMutualTLSCertificates(ctx context.Context, rc *ResourceContainer, params ListAccessMutualTLSCertificatesParams) ([]AccessMutualTLSCertificate, *ResultInfo, error) {
-	baseURL := fmt.Sprintf(
-		"/%s/%s/access/certificates",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessCertificates []AccessMutualTLSCertificate
-	var r AccessMutualTLSCertificateListResponse
-
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessMutualTLSCertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessMutualTLSCertificate{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		accessCertificates = append(accessCertificates, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessCertificates, &r.ResultInfo, nil
-}
-
-// GetAccessMutualTLSCertificate returns a single Access Mutual TLS
-// certificate.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-get-an-mtls-certificate
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-get-an-mtls-certificate
-func (api *API) GetAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (AccessMutualTLSCertificate, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates/%s",
-		rc.Level,
-		rc.Identifier,
-		certificateID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
-	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessMutualTLSCertificateDetailResponse.Result, nil
-}
-
-// CreateAccessMutualTLSCertificate creates an Access TLS Mutual
-// certificate.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-add-an-mtls-certificate
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-add-an-mtls-certificate
-func (api *API) CreateAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, params CreateAccessMutualTLSCertificateParams) (AccessMutualTLSCertificate, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
-	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessMutualTLSCertificateDetailResponse.Result, nil
-}
-
-// UpdateAccessMutualTLSCertificate updates an account level Access TLS Mutual
-// certificate.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate
-func (api *API) UpdateAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSCertificateParams) (AccessMutualTLSCertificate, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates/%s",
-		rc.Level,
-		rc.Identifier,
-		params.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
-	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
-	if err != nil {
-		return AccessMutualTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessMutualTLSCertificateDetailResponse.Result, nil
-}
-
-// DeleteAccessMutualTLSCertificate destroys an Access Mutual
-// TLS certificate.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-delete-an-mtls-certificate
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-delete-an-mtls-certificate
-func (api *API) DeleteAccessMutualTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates/%s",
-		rc.Level,
-		rc.Identifier,
-		certificateID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSCertificateDetailResponse AccessMutualTLSCertificateDetailResponse
-	err = json.Unmarshal(res, &accessMutualTLSCertificateDetailResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// GetAccessMutualTLSHostnameSettings returns all Access mTLS hostname settings.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-list-mtls-certificates-hostname-settings
-func (api *API) GetAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer) ([]AccessMutualTLSHostnameSettings, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates/settings",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
-	err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
-	if err != nil {
-		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessMutualTLSHostnameSettingsResponse.Result, nil
-}
-
-// UpdateAccessMutualTLSHostnameSettings updates Access mTLS certificate hostname settings.
-//
-// Account API Reference: https://developers.cloudflare.com/api/operations/access-mtls-authentication-update-an-mtls-certificate-settings
-// Zone API Reference: https://developers.cloudflare.com/api/operations/zone-level-access-mtls-authentication-update-an-mtls-certificate-settings
-func (api *API) UpdateAccessMutualTLSHostnameSettings(ctx context.Context, rc *ResourceContainer, params UpdateAccessMutualTLSHostnameSettingsParams) ([]AccessMutualTLSHostnameSettings, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/access/certificates/settings",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessMutualTLSHostnameSettingsResponse GetAccessMutualTLSHostnameSettingsResponse
-	err = json.Unmarshal(res, &accessMutualTLSHostnameSettingsResponse)
-	if err != nil {
-		return []AccessMutualTLSHostnameSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessMutualTLSHostnameSettingsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_mutual_tls_certificates_test.go b/pkg/cloudflare-go/access_mutual_tls_certificates_test.go
deleted file mode 100644
index a83a197da3..0000000000
--- a/pkg/cloudflare-go/access_mutual_tls_certificates_test.go
+++ /dev/null
@@ -1,405 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessMutualTLSCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z",
-					"expires_on": "2014-01-01T05:20:00.12345Z",
-					"name": "Allow devs",
-					"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-					"associated_hostnames": [
-						"admin.example.com"
-					]
-				}
-			]
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []AccessMutualTLSCertificate{{
-		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		CreatedAt:           createdAt,
-		UpdatedAt:           updatedAt,
-		ExpiresOn:           expiresOn,
-		Name:                "Allow devs",
-		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-		AssociatedHostnames: []string{"admin.example.com"},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates", handler)
-
-	actual, _, err := client.ListAccessMutualTLSCertificates(context.Background(), testAccountRC, ListAccessMutualTLSCertificatesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates", handler)
-
-	actual, _, err = client.ListAccessMutualTLSCertificates(context.Background(), testZoneRC, ListAccessMutualTLSCertificatesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessMutualTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_on": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-				"associated_hostnames": [
-					"admin.example.com"
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessMutualTLSCertificate{
-		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		CreatedAt:           createdAt,
-		UpdatedAt:           updatedAt,
-		ExpiresOn:           expiresOn,
-		Name:                "Allow devs",
-		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-		AssociatedHostnames: []string{"admin.example.com"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.GetAccessMutualTLSCertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.GetAccessMutualTLSCertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessMutualTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_on": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-				"associated_hostnames": [
-					"admin.example.com"
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	certificate := CreateAccessMutualTLSCertificateParams{
-		Name:        "Allow devs",
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\nDrUtmu/B\n-----END CERTIFICATE-----",
-	}
-
-	want := AccessMutualTLSCertificate{
-		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		CreatedAt:           createdAt,
-		UpdatedAt:           updatedAt,
-		ExpiresOn:           expiresOn,
-		Name:                "Allow devs",
-		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-		AssociatedHostnames: []string{"admin.example.com"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates", handler)
-
-	actual, err := client.CreateAccessMutualTLSCertificate(context.Background(), testAccountRC, certificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates", handler)
-
-	actual, err = client.CreateAccessMutualTLSCertificate(context.Background(), testZoneRC, certificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessMutualTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_on": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"fingerprint": "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-				"associated_hostnames": [
-					"admin.example.com"
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	certificate := UpdateAccessMutualTLSCertificateParams{
-		ID:          "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:        "Allow devs",
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIGAjCCA+qgAwIBAgIJAI7kymlF7CWT...N4RI7KKB7nikiuUf8vhULKy5IX10\nDrUtmu/B\n-----END CERTIFICATE-----",
-	}
-
-	want := AccessMutualTLSCertificate{
-		ID:                  "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		CreatedAt:           createdAt,
-		UpdatedAt:           updatedAt,
-		ExpiresOn:           expiresOn,
-		Name:                "Allow devs",
-		Fingerprint:         "MD5 Fingerprint=1E:80:0F:7A:FD:31:55:96:DE:D5:CB:E2:F0:91:F6:91",
-		AssociatedHostnames: []string{"admin.example.com"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.UpdateAccessMutualTLSCertificate(context.Background(), testAccountRC, certificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.UpdateAccessMutualTLSCertificate(context.Background(), testZoneRC, certificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteAccessMutualTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	err := client.DeleteAccessMutualTLSCertificate(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	err = client.DeleteAccessMutualTLSCertificate(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	assert.NoError(t, err)
-}
-
-func TestGetAccessMutualTLSHostnameSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"china_network": false,
-					"client_certificate_forwarding": true,
-					"hostname": "admin.example.com"
-				},
-				{
-					"china_network": true,
-					"client_certificate_forwarding": false,
-					"hostname": "foobar.example.com"
-				}
-			]
-		}`)
-	}
-
-	want := []AccessMutualTLSHostnameSettings{
-		{
-			ChinaNetwork:                BoolPtr(false),
-			ClientCertificateForwarding: BoolPtr(true),
-			Hostname:                    "admin.example.com",
-		},
-		{
-			ChinaNetwork:                BoolPtr(true),
-			ClientCertificateForwarding: BoolPtr(false),
-			Hostname:                    "foobar.example.com",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)
-
-	actual, err := client.GetAccessMutualTLSHostnameSettings(context.Background(), testAccountRC)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)
-
-	actual, err = client.GetAccessMutualTLSHostnameSettings(context.Background(), testZoneRC)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessMutualTLSHostnameSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"china_network": false,
-					"client_certificate_forwarding": true,
-					"hostname": "admin.example.com"
-				},
-				{
-					"china_network": true,
-					"client_certificate_forwarding": false,
-					"hostname": "foobar.example.com"
-				}
-			]
-		}`)
-	}
-
-	certificateSettings := UpdateAccessMutualTLSHostnameSettingsParams{
-		Settings: []AccessMutualTLSHostnameSettings{
-			{
-				ChinaNetwork:                BoolPtr(false),
-				ClientCertificateForwarding: BoolPtr(true),
-				Hostname:                    "admin.example.com",
-			},
-			{
-				ChinaNetwork:                BoolPtr(true),
-				ClientCertificateForwarding: BoolPtr(false),
-				Hostname:                    "foobar.example.com",
-			},
-		},
-	}
-
-	want := []AccessMutualTLSHostnameSettings{
-		{
-			ChinaNetwork:                BoolPtr(false),
-			ClientCertificateForwarding: BoolPtr(true),
-			Hostname:                    "admin.example.com",
-		},
-		{
-			ChinaNetwork:                BoolPtr(true),
-			ClientCertificateForwarding: BoolPtr(false),
-			Hostname:                    "foobar.example.com",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/certificates/settings", handler)
-
-	actual, err := client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testAccountRC, certificateSettings)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/certificates/settings", handler)
-
-	actual, err = client.UpdateAccessMutualTLSHostnameSettings(context.Background(), testZoneRC, certificateSettings)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_organization.go b/pkg/cloudflare-go/access_organization.go
deleted file mode 100644
index f7eea16af7..0000000000
--- a/pkg/cloudflare-go/access_organization.go
+++ /dev/null
@@ -1,143 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessOrganization represents an Access organization.
-type AccessOrganization struct {
-	CreatedAt                      *time.Time                    `json:"created_at"`
-	UpdatedAt                      *time.Time                    `json:"updated_at"`
-	Name                           string                        `json:"name"`
-	AuthDomain                     string                        `json:"auth_domain"`
-	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
-	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
-	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
-	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
-	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
-	SessionDuration                *string                       `json:"session_duration,omitempty"`
-	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
-	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
-	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
-}
-
-// AccessOrganizationLoginDesign represents the login design options.
-type AccessOrganizationLoginDesign struct {
-	BackgroundColor string `json:"background_color"`
-	LogoPath        string `json:"logo_path"`
-	TextColor       string `json:"text_color"`
-	HeaderText      string `json:"header_text"`
-	FooterText      string `json:"footer_text"`
-}
-
-type AccessOrganizationCustomPages struct {
-	Forbidden      AccessCustomPageType `json:"forbidden,omitempty"`
-	IdentityDenied AccessCustomPageType `json:"identity_denied,omitempty"`
-}
-
-// AccessOrganizationListResponse represents the response from the list
-// access organization endpoint.
-type AccessOrganizationListResponse struct {
-	Result AccessOrganization `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessOrganizationDetailResponse is the API response, containing a
-// single access organization.
-type AccessOrganizationDetailResponse struct {
-	Success  bool               `json:"success"`
-	Errors   []string           `json:"errors"`
-	Messages []string           `json:"messages"`
-	Result   AccessOrganization `json:"result"`
-}
-
-type GetAccessOrganizationParams struct{}
-
-type CreateAccessOrganizationParams struct {
-	Name                           string                        `json:"name"`
-	AuthDomain                     string                        `json:"auth_domain"`
-	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
-	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
-	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
-	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
-	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
-	SessionDuration                *string                       `json:"session_duration,omitempty"`
-	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
-	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
-	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
-}
-
-type UpdateAccessOrganizationParams struct {
-	Name                           string                        `json:"name"`
-	AuthDomain                     string                        `json:"auth_domain"`
-	LoginDesign                    AccessOrganizationLoginDesign `json:"login_design"`
-	IsUIReadOnly                   *bool                         `json:"is_ui_read_only,omitempty"`
-	UIReadOnlyToggleReason         string                        `json:"ui_read_only_toggle_reason,omitempty"`
-	UserSeatExpirationInactiveTime string                        `json:"user_seat_expiration_inactive_time,omitempty"`
-	AutoRedirectToIdentity         *bool                         `json:"auto_redirect_to_identity,omitempty"`
-	SessionDuration                *string                       `json:"session_duration,omitempty"`
-	CustomPages                    AccessOrganizationCustomPages `json:"custom_pages,omitempty"`
-	WarpAuthSessionDuration        *string                       `json:"warp_auth_session_duration,omitempty"`
-	AllowAuthenticateViaWarp       *bool                         `json:"allow_authenticate_via_warp,omitempty"`
-}
-
-func (api *API) GetAccessOrganization(ctx context.Context, rc *ResourceContainer, params GetAccessOrganizationParams) (AccessOrganization, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessOrganization{}, ResultInfo{}, err
-	}
-
-	var accessOrganizationListResponse AccessOrganizationListResponse
-	err = json.Unmarshal(res, &accessOrganizationListResponse)
-	if err != nil {
-		return AccessOrganization{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessOrganizationListResponse.Result, accessOrganizationListResponse.ResultInfo, nil
-}
-
-func (api *API) CreateAccessOrganization(ctx context.Context, rc *ResourceContainer, params CreateAccessOrganizationParams) (AccessOrganization, error) {
-	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessOrganization{}, err
-	}
-
-	var accessOrganizationDetailResponse AccessOrganizationDetailResponse
-	err = json.Unmarshal(res, &accessOrganizationDetailResponse)
-	if err != nil {
-		return AccessOrganization{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessOrganizationDetailResponse.Result, nil
-}
-
-// UpdateAccessOrganization updates the Access organisation details.
-//
-// Account API reference: https://api.cloudflare.com/#access-organizations-update-access-organization
-// Zone API reference: https://api.cloudflare.com/#zone-level-access-organizations-update-access-organization
-func (api *API) UpdateAccessOrganization(ctx context.Context, rc *ResourceContainer, params UpdateAccessOrganizationParams) (AccessOrganization, error) {
-	uri := fmt.Sprintf("/%s/%s/access/organizations", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessOrganization{}, err
-	}
-
-	var accessOrganizationDetailResponse AccessOrganizationDetailResponse
-	err = json.Unmarshal(res, &accessOrganizationDetailResponse)
-	if err != nil {
-		return AccessOrganization{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessOrganizationDetailResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_organization_test.go b/pkg/cloudflare-go/access_organization_test.go
deleted file mode 100644
index fc9cfb4bf3..0000000000
--- a/pkg/cloudflare-go/access_organization_test.go
+++ /dev/null
@@ -1,281 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessOrganization(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Widget Corps Internal Applications",
-				"auth_domain": "test.cloudflareaccess.com",
-				"is_ui_read_only": false,
-				"user_seat_expiration_inactive_time": "720h",
-				"auto_redirect_to_identity": true,
-				"allow_authenticate_via_warp": true,
-				"warp_auth_session_duration": "24h",
-				"session_duration": "12h",
-				"login_design": {
-					"background_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png",
-					"text_color": "#c5ed1b",
-					"header_text": "Widget Corp",
-					"footer_text": "© Widget Corp"
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessOrganization{
-		Name:                     "Widget Corps Internal Applications",
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		AuthDomain:               "test.cloudflareaccess.com",
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		WarpAuthSessionDuration:  StringPtr("24h"),
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		IsUIReadOnly:                   BoolPtr(false),
-		SessionDuration:                StringPtr("12h"),
-		UserSeatExpirationInactiveTime: "720h",
-		AutoRedirectToIdentity:         BoolPtr(true),
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
-
-	actual, _, err := client.GetAccessOrganization(context.Background(), testAccountRC, GetAccessOrganizationParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
-
-	actual, _, err = client.GetAccessOrganization(context.Background(), testZoneRC, GetAccessOrganizationParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessOrganization(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Widget Corps Internal Applications",
-				"auth_domain": "test.cloudflareaccess.com",
-				"allow_authenticate_via_warp": true,
-				"warp_auth_session_duration": "24h",
-				"is_ui_read_only": true,
-				"session_duration": "12h",
-				"login_design": {
-					"background_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png",
-					"text_color": "#c5ed1b",
-					"header_text": "Widget Corp",
-					"footer_text": "© Widget Corp"
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessOrganization{
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		Name:                     "Widget Corps Internal Applications",
-		AuthDomain:               "test.cloudflareaccess.com",
-		AllowAuthenticateViaWarp: BoolPtr(true),
-		WarpAuthSessionDuration:  StringPtr("24h"),
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		IsUIReadOnly:    BoolPtr(true),
-		SessionDuration: StringPtr("12h"),
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
-
-	actual, err := client.CreateAccessOrganization(context.Background(), testAccountRC, CreateAccessOrganizationParams{
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		IsUIReadOnly:    BoolPtr(true),
-		SessionDuration: StringPtr("12h"),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
-
-	actual, err = client.CreateAccessOrganization(context.Background(), testZoneRC, CreateAccessOrganizationParams{
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		IsUIReadOnly:    BoolPtr(true),
-		SessionDuration: StringPtr("12h"),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessOrganization(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Widget Corps Internal Applications",
-				"auth_domain": "test.cloudflareaccess.com",
-				"allow_authenticate_via_warp": false,
-				"warp_auth_session_duration": "18h",
-				"login_design": {
-					"background_color": "#c5ed1b",
-					"logo_path": "https://example.com/logo.png",
-					"text_color": "#c5ed1b",
-					"header_text": "Widget Corp",
-					"footer_text": "© Widget Corp"
-				},
-				"is_ui_read_only": false,
-				"ui_read_only_toggle_reason": "this is my reason",
-				"session_duration": "12h"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AccessOrganization{
-		CreatedAt:                &createdAt,
-		UpdatedAt:                &updatedAt,
-		Name:                     "Widget Corps Internal Applications",
-		AuthDomain:               "test.cloudflareaccess.com",
-		WarpAuthSessionDuration:  StringPtr("18h"),
-		AllowAuthenticateViaWarp: BoolPtr(false),
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		IsUIReadOnly:           BoolPtr(false),
-		UIReadOnlyToggleReason: "this is my reason",
-		SessionDuration:        StringPtr("12h"),
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations", handler)
-
-	actual, err := client.UpdateAccessOrganization(context.Background(), testAccountRC, UpdateAccessOrganizationParams{
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		WarpAuthSessionDuration:  StringPtr("18h"),
-		AllowAuthenticateViaWarp: BoolPtr(false),
-		IsUIReadOnly:             BoolPtr(false),
-		SessionDuration:          StringPtr("12h"),
-		UIReadOnlyToggleReason:   "this is my reason",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations", handler)
-
-	actual, err = client.UpdateAccessOrganization(context.Background(), testZoneRC, UpdateAccessOrganizationParams{
-		Name:       "Widget Corps Internal Applications",
-		AuthDomain: "test.cloudflareaccess.com",
-		LoginDesign: AccessOrganizationLoginDesign{
-			BackgroundColor: "#c5ed1b",
-			LogoPath:        "https://example.com/logo.png",
-			TextColor:       "#c5ed1b",
-			HeaderText:      "Widget Corp",
-			FooterText:      "© Widget Corp",
-		},
-		WarpAuthSessionDuration:  StringPtr("18h"),
-		AllowAuthenticateViaWarp: BoolPtr(false),
-		IsUIReadOnly:             BoolPtr(false),
-		UIReadOnlyToggleReason:   "this is my reason",
-		SessionDuration:          StringPtr("12h"),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_policy.go b/pkg/cloudflare-go/access_policy.go
deleted file mode 100644
index a70ceede50..0000000000
--- a/pkg/cloudflare-go/access_policy.go
+++ /dev/null
@@ -1,356 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type AccessApprovalGroup struct {
-	EmailListUuid   string   `json:"email_list_uuid,omitempty"`
-	EmailAddresses  []string `json:"email_addresses,omitempty"`
-	ApprovalsNeeded int      `json:"approvals_needed,omitempty"`
-}
-
-// AccessPolicy defines a policy for allowing or disallowing access to
-// one or more Access applications.
-type AccessPolicy struct {
-	ID string `json:"id,omitempty"`
-	// Precedence is the order in which the policy is executed in an Access application.
-	// As a general rule, lower numbers take precedence over higher numbers.
-	// This field can only be zero when a reusable policy is requested outside the context
-	// of an Access application.
-	Precedence int        `json:"precedence"`
-	Decision   string     `json:"decision"`
-	CreatedAt  *time.Time `json:"created_at"`
-	UpdatedAt  *time.Time `json:"updated_at"`
-	Reusable   *bool      `json:"reusable,omitempty"`
-	Name       string     `json:"name"`
-
-	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
-	SessionDuration              *string               `json:"session_duration,omitempty"`
-	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
-	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
-	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
-	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
-
-	// The include policy works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude policy works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require policy works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-// AccessPolicyListResponse represents the response from the list
-// access policies endpoint.
-type AccessPolicyListResponse struct {
-	Result []AccessPolicy `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessPolicyDetailResponse is the API response, containing a single
-// access policy.
-type AccessPolicyDetailResponse struct {
-	Success  bool         `json:"success"`
-	Errors   []string     `json:"errors"`
-	Messages []string     `json:"messages"`
-	Result   AccessPolicy `json:"result"`
-}
-
-type ListAccessPoliciesParams struct {
-	// ApplicationID is the application ID to list attached access policies for.
-	// If omitted, only reusable policies for the account are returned.
-	ApplicationID string `json:"-"`
-	ResultInfo
-}
-
-type GetAccessPolicyParams struct {
-	PolicyID string `json:"-"`
-	// ApplicationID is the application ID for which to scope the policy for.
-	// Optional, but if included, the policy returned will include its execution precedence within the application.
-	ApplicationID string `json:"-"`
-}
-
-type CreateAccessPolicyParams struct {
-	// ApplicationID is the application ID for which to create the policy for.
-	// Pass an empty value to create a reusable policy.
-	ApplicationID string `json:"-"`
-
-	// Precedence is the order in which the policy is executed in an Access application.
-	// As a general rule, lower numbers take precedence over higher numbers.
-	// This field is ignored when creating a reusable policy.
-	// Read more here https://developers.cloudflare.com/cloudflare-one/policies/access/#order-of-execution
-	Precedence int    `json:"precedence"`
-	Decision   string `json:"decision"`
-	Name       string `json:"name"`
-
-	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
-	SessionDuration              *string               `json:"session_duration,omitempty"`
-	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
-	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
-	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
-	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
-
-	// The include policy works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude policy works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require policy works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-type UpdateAccessPolicyParams struct {
-	// ApplicationID is the application ID that owns the existing policy.
-	// Pass an empty value if the existing policy is reusable.
-	ApplicationID string `json:"-"`
-	PolicyID      string `json:"-"`
-
-	// Precedence is the order in which the policy is executed in an Access application.
-	// As a general rule, lower numbers take precedence over higher numbers.
-	// This field is ignored when updating a reusable policy.
-	Precedence int    `json:"precedence"`
-	Decision   string `json:"decision"`
-	Name       string `json:"name"`
-
-	IsolationRequired            *bool                 `json:"isolation_required,omitempty"`
-	SessionDuration              *string               `json:"session_duration,omitempty"`
-	PurposeJustificationRequired *bool                 `json:"purpose_justification_required,omitempty"`
-	PurposeJustificationPrompt   *string               `json:"purpose_justification_prompt,omitempty"`
-	ApprovalRequired             *bool                 `json:"approval_required,omitempty"`
-	ApprovalGroups               []AccessApprovalGroup `json:"approval_groups"`
-
-	// The include policy works like an OR logical operator. The user must
-	// satisfy one of the rules.
-	Include []interface{} `json:"include"`
-
-	// The exclude policy works like a NOT logical operator. The user must
-	// not satisfy all the rules in exclude.
-	Exclude []interface{} `json:"exclude"`
-
-	// The require policy works like a AND logical operator. The user must
-	// satisfy all the rules in require.
-	Require []interface{} `json:"require"`
-}
-
-type DeleteAccessPolicyParams struct {
-	// ApplicationID is the application ID the policy belongs to.
-	// If the existing policy is reusable, this field must be omitted. Otherwise, it is required.
-	ApplicationID string `json:"-"`
-	PolicyID      string `json:"-"`
-}
-
-// ListAccessPolicies returns all access policies that match the parameters.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-list-access-policies
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-list-access-policies
-func (api *API) ListAccessPolicies(ctx context.Context, rc *ResourceContainer, params ListAccessPoliciesParams) ([]AccessPolicy, *ResultInfo, error) {
-	var baseURL string
-	if params.ApplicationID != "" {
-		baseURL = fmt.Sprintf(
-			"/%s/%s/access/apps/%s/policies",
-			rc.Level,
-			rc.Identifier,
-			params.ApplicationID,
-		)
-	} else {
-		baseURL = fmt.Sprintf(
-			"/%s/%s/access/policies",
-			rc.Level,
-			rc.Identifier,
-		)
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessPolicies []AccessPolicy
-	var r AccessPolicyListResponse
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessPolicy{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessPolicy{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		accessPolicies = append(accessPolicies, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessPolicies, &r.ResultInfo, nil
-}
-
-// GetAccessPolicy returns a single policy based on the policy ID.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-get-an-access-policy
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-get-an-access-policy
-func (api *API) GetAccessPolicy(ctx context.Context, rc *ResourceContainer, params GetAccessPolicyParams) (AccessPolicy, error) {
-	var uri string
-	if params.ApplicationID != "" {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/apps/%s/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.ApplicationID,
-			params.PolicyID,
-		)
-	} else {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.PolicyID,
-		)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessPolicyDetailResponse AccessPolicyDetailResponse
-	err = json.Unmarshal(res, &accessPolicyDetailResponse)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessPolicyDetailResponse.Result, nil
-}
-
-// CreateAccessPolicy creates a new access policy.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-create-an-access-policy
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-create-an-access-policy
-func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, params CreateAccessPolicyParams) (AccessPolicy, error) {
-	var uri string
-	if params.ApplicationID != "" {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/apps/%s/policies",
-			rc.Level,
-			rc.Identifier,
-			params.ApplicationID,
-		)
-	} else {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/policies",
-			rc.Level,
-			rc.Identifier,
-		)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessPolicyDetailResponse AccessPolicyDetailResponse
-	err = json.Unmarshal(res, &accessPolicyDetailResponse)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessPolicyDetailResponse.Result, nil
-}
-
-// UpdateAccessPolicy updates an existing access policy.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-update-an-access-policy
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-update-an-access-policy
-func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, params UpdateAccessPolicyParams) (AccessPolicy, error) {
-	if params.PolicyID == "" {
-		return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty")
-	}
-
-	var uri string
-	if params.ApplicationID != "" {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/apps/%s/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.ApplicationID,
-			params.PolicyID,
-		)
-	} else {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.PolicyID,
-		)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accessPolicyDetailResponse AccessPolicyDetailResponse
-	err = json.Unmarshal(res, &accessPolicyDetailResponse)
-	if err != nil {
-		return AccessPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessPolicyDetailResponse.Result, nil
-}
-
-// DeleteAccessPolicy deletes an access policy.
-//
-// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-delete-an-access-policy
-// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-delete-an-access-policy
-func (api *API) DeleteAccessPolicy(ctx context.Context, rc *ResourceContainer, params DeleteAccessPolicyParams) error {
-	var uri string
-	if params.ApplicationID != "" {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/apps/%s/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.ApplicationID,
-			params.PolicyID,
-		)
-	} else {
-		uri = fmt.Sprintf(
-			"/%s/%s/access/policies/%s",
-			rc.Level,
-			rc.Identifier,
-			params.PolicyID,
-		)
-	}
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_policy_test.go b/pkg/cloudflare-go/access_policy_test.go
deleted file mode 100644
index 7564213820..0000000000
--- a/pkg/cloudflare-go/access_policy_test.go
+++ /dev/null
@@ -1,693 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	pageOptions         = PaginationOptions{}
-	accessApplicationID = "6e1c88f1-6b06-4b8a-a9e9-3ec7da2ee0c1"
-	accessPolicyID      = "699d98642c564d2e855e9661899b7252"
-
-	createdAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresAt, _ = time.Parse(time.RFC3339, "2015-01-01T05:20:00.12345Z")
-
-	isolationRequired            = true
-	purposeJustificationRequired = true
-	purposeJustificationPrompt   = "Please provide a business reason for your need to access before continuing."
-	approvalRequired             = true
-
-	expectedAccessPolicy = AccessPolicy{
-		ID:         "699d98642c564d2e855e9661899b7252",
-		Precedence: 1,
-		Decision:   "allow",
-		CreatedAt:  &createdAt,
-		UpdatedAt:  &updatedAt,
-		Name:       "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Require: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		IsolationRequired:            &isolationRequired,
-		SessionDuration:              StringPtr("12h"),
-		PurposeJustificationRequired: &purposeJustificationRequired,
-		ApprovalRequired:             &approvalRequired,
-		PurposeJustificationPrompt:   &purposeJustificationPrompt,
-		ApprovalGroups: []AccessApprovalGroup{
-			{
-				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-				ApprovalsNeeded: 3,
-			},
-			{
-				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
-				ApprovalsNeeded: 1,
-			},
-		},
-	}
-)
-
-func TestAccessPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"precedence": 1,
-				"decision": "allow",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-				  {
-					"email": {
-					  "email": "test@example.com"
-					}
-				  }
-				],
-				"exclude": [
-				  {
-					"email": {
-					  "email": "test@example.com"
-					}
-				  }
-				],
-				"require": [
-				  {
-					"email": {
-					  "email": "test@example.com"
-					}
-				  }
-				],
-				"isolation_required": true,
-				"purpose_justification_required": true,
-				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
-				"approval_required": true,
-				"session_duration": "12h",
-				"approval_groups": [
-				  {
-					"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-					"approvals_needed": 3
-				  },
-				  {
-					"email_addresses": [
-					  "email1@example.com",
-					  "email2@example.com"
-					],
-					"approvals_needed": 1
-				  }
-				]
-			  }
-			],
-			"result_info": {
-			  "page": 1,
-			  "per_page": 20,
-			  "count": 1,
-			  "total_count": 20
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, _, err := client.ListAccessPolicies(context.Background(), testAccountRC, ListAccessPoliciesParams{ApplicationID: accessApplicationID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, _, err = client.ListAccessPolicies(context.Background(), testZoneRC, ListAccessPoliciesParams{ApplicationID: accessApplicationID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
-	}
-
-	// Test Listing reusable policies
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies", handler)
-
-	actual, _, err = client.ListAccessPolicies(context.Background(), testAccountRC, ListAccessPoliciesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/policies", handler)
-
-	actual, _, err = client.ListAccessPolicies(context.Background(), testZoneRC, ListAccessPoliciesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessPolicy{expectedAccessPolicy}, actual)
-	}
-}
-
-func TestAccessPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"precedence": 1,
-				"decision": "allow",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"isolation_required": true,
-				"purpose_justification_required": true,
-				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
-				"approval_required": true,
-				"session_duration": "12h",
-				"approval_groups": [
-					{
-						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-						"approvals_needed": 3
-					},
-					{
-						"email_addresses": ["email1@example.com", "email2@example.com"],
-						"approvals_needed": 1
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-
-	actual, err := client.GetAccessPolicy(context.Background(), testAccountRC, GetAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-
-	actual, err = client.GetAccessPolicy(context.Background(), testZoneRC, GetAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	// Test getting a reusable policy
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
-
-	actual, err = client.GetAccessPolicy(context.Background(), testAccountRC, GetAccessPolicyParams{PolicyID: accessPolicyID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
-
-	actual, err = client.GetAccessPolicy(context.Background(), testZoneRC, GetAccessPolicyParams{PolicyID: accessPolicyID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-}
-
-func TestCreateAccessPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"precedence": 1,
-				"decision": "allow",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"isolation_required": true,
-				"purpose_justification_required": true,
-				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
-				"approval_required": true,
-				"session_duration": "12h",
-				"approval_groups": [
-					{
-						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-						"approvals_needed": 3
-					},
-					{
-						"email_addresses": ["email1@example.com", "email2@example.com"],
-						"approvals_needed": 1
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	accessPolicy := CreateAccessPolicyParams{
-		ApplicationID: accessApplicationID,
-		Name:          "Allow devs",
-		Include: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Require: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Decision:                     "allow",
-		PurposeJustificationRequired: &purposeJustificationRequired,
-		PurposeJustificationPrompt:   &purposeJustificationPrompt,
-		SessionDuration:              StringPtr("12h"),
-		ApprovalGroups: []AccessApprovalGroup{
-			{
-				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-				ApprovalsNeeded: 3,
-			},
-			{
-				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
-				ApprovalsNeeded: 1,
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, err := client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	// Test creating a reusable policy
-	accessPolicy.ApplicationID = ""
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies", handler)
-
-	actual, err = client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/policies", handler)
-
-	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-}
-
-func TestCreateAccessPolicyAuthContextRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expectedAccessPolicyAuthContext := AccessPolicy{
-		ID:         "699d98642c564d2e855e9661899b7252",
-		Precedence: 1,
-		Decision:   "allow",
-		CreatedAt:  &createdAt,
-		UpdatedAt:  &updatedAt,
-		Name:       "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Exclude: []interface{}{},
-		Require: []interface{}{
-			map[string]interface{}{"auth_context": map[string]interface{}{"id": "authContextID123", "identity_provider_id": "IDPIDtest123", "ac_id": "c1"}},
-		},
-		IsolationRequired:            &isolationRequired,
-		PurposeJustificationRequired: &purposeJustificationRequired,
-		ApprovalRequired:             &approvalRequired,
-		PurposeJustificationPrompt:   &purposeJustificationPrompt,
-		SessionDuration:              StringPtr("12h"),
-		ApprovalGroups: []AccessApprovalGroup{
-			{
-				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-				ApprovalsNeeded: 3,
-			},
-			{
-				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
-				ApprovalsNeeded: 1,
-			},
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"precedence": 1,
-				"decision": "allow",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [],
-				"require": [
-					{
-						"auth_context": {
-							"id": "authContextID123",
-							"identity_provider_id": "IDPIDtest123",
-							"ac_id": "c1"
-						}
-					}
-				],
-				"isolation_required": true,
-				"purpose_justification_required": true,
-				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
-				"approval_required": true,
-				"session_duration": "12h",
-				"approval_groups": [
-					{
-						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-						"approvals_needed": 3
-					},
-					{
-						"email_addresses": ["email1@example.com", "email2@example.com"],
-						"approvals_needed": 1
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	accessPolicy := CreateAccessPolicyParams{
-		ApplicationID: accessApplicationID,
-		Name:          "Allow devs",
-		Include: []interface{}{
-			AccessGroupEmail{struct {
-				Email string `json:"email"`
-			}{Email: "test@example.com"}},
-		},
-		Exclude: []interface{}{},
-		Require: []interface{}{
-			AccessGroupAzureAuthContext{struct {
-				ID                 string `json:"id"`
-				IdentityProviderID string `json:"identity_provider_id"`
-				ACID               string `json:"ac_id"`
-			}{
-				ID:                 "authContextID123",
-				IdentityProviderID: "IDPIDtest123",
-				ACID:               "c1",
-			}},
-		},
-		Decision:                     "allow",
-		PurposeJustificationRequired: &purposeJustificationRequired,
-		PurposeJustificationPrompt:   &purposeJustificationPrompt,
-		ApprovalGroups: []AccessApprovalGroup{
-			{
-				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-				ApprovalsNeeded: 3,
-			},
-			{
-				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
-				ApprovalsNeeded: 1,
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, err := client.CreateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicyAuthContext, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies", handler)
-
-	actual, err = client.CreateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicyAuthContext, actual)
-	}
-}
-
-func TestUpdateAccessPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	accessPolicy := UpdateAccessPolicyParams{
-		ApplicationID: accessApplicationID,
-		PolicyID:      accessPolicyID,
-		Precedence:    1,
-		Decision:      "allow",
-		Name:          "Allow devs",
-		Include: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Exclude: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		Require: []interface{}{
-			map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
-		},
-		IsolationRequired:            &isolationRequired,
-		PurposeJustificationRequired: &purposeJustificationRequired,
-		ApprovalRequired:             &approvalRequired,
-		PurposeJustificationPrompt:   &purposeJustificationPrompt,
-		SessionDuration:              StringPtr("12h"),
-		ApprovalGroups: []AccessApprovalGroup{
-			{
-				EmailListUuid:   "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-				ApprovalsNeeded: 3,
-			},
-			{
-				EmailAddresses:  []string{"email1@example.com", "email2@example.com"},
-				ApprovalsNeeded: 1,
-			},
-		},
-	}
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252",
-				"precedence": 1,
-				"decision": "allow",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"name": "Allow devs",
-				"session_duration": "12h",
-				"include": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"exclude": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"require": [
-					{
-						"email": {
-							"email": "test@example.com"
-						}
-					}
-				],
-				"isolation_required": true,
-				"purpose_justification_required": true,
-				"purpose_justification_prompt": "Please provide a business reason for your need to access before continuing.",
-				"approval_required": true,
-				"approval_groups": [
-					{
-						"email_list_uuid": "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
-						"approvals_needed": 3
-					},
-					{
-						"email_addresses": ["email1@example.com", "email2@example.com"],
-						"approvals_needed": 1
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	// Test updating reusable policies
-	accessPolicy.ApplicationID = ""
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
-	actual, err = client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
-	actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccessPolicy, actual)
-	}
-}
-
-func TestUpdateAccessPolicyWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
-	assert.EqualError(t, err, "access policy ID cannot be empty")
-
-	_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
-	assert.EqualError(t, err, "access policy ID cannot be empty")
-}
-
-func TestDeleteAccessPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "699d98642c564d2e855e9661899b7252"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	err := client.DeleteAccessPolicy(context.Background(), testAccountRC, DeleteAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
-	err = client.DeleteAccessPolicy(context.Background(), testZoneRC, DeleteAccessPolicyParams{ApplicationID: accessApplicationID, PolicyID: accessPolicyID})
-
-	assert.NoError(t, err)
-
-	// Test deleting a reusable policy
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/policies/"+accessPolicyID, handler)
-	err = client.DeleteAccessPolicy(context.Background(), testAccountRC, DeleteAccessPolicyParams{PolicyID: accessPolicyID})
-
-	assert.NoError(t, err)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/policies/"+accessPolicyID, handler)
-	err = client.DeleteAccessPolicy(context.Background(), testZoneRC, DeleteAccessPolicyParams{PolicyID: accessPolicyID})
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_seats.go b/pkg/cloudflare-go/access_seats.go
deleted file mode 100644
index ea44eebc7b..0000000000
--- a/pkg/cloudflare-go/access_seats.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var errMissingAccessSeatUID = errors.New("missing required access seat UID")
-
-// AccessUpdateAccessUserSeatResult represents a Access User Seat.
-type AccessUpdateAccessUserSeatResult struct {
-	AccessSeat  *bool      `json:"access_seat"`
-	CreatedAt   *time.Time `json:"created_at"`
-	UpdatedAt   *time.Time `json:"updated_at"`
-	GatewaySeat *bool      `json:"gateway_seat"`
-	SeatUID     string     `json:"seat_uid,omitempty"`
-}
-
-// UpdateAccessUserSeatParams represents the update payload for access seats.
-type UpdateAccessUserSeatParams struct {
-	SeatUID     string `json:"seat_uid,omitempty"`
-	AccessSeat  *bool  `json:"access_seat"`
-	GatewaySeat *bool  `json:"gateway_seat"`
-}
-
-// UpdateAccessUsersSeatsParams represents the update payload for multiple access seats.
-type UpdateAccessUsersSeatsParams []struct {
-	SeatUID     string `json:"seat_uid,omitempty"`
-	AccessSeat  *bool  `json:"access_seat"`
-	GatewaySeat *bool  `json:"gateway_seat"`
-}
-
-// AccessUserSeatResponse represents the response from the access user seat endpoints.
-type UpdateAccessUserSeatResponse struct {
-	Response
-	Result     []AccessUpdateAccessUserSeatResult `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// UpdateAccessUserSeat updates a single Access User Seat.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-seats-update-a-user-seat
-func (api *API) UpdateAccessUserSeat(ctx context.Context, rc *ResourceContainer, params UpdateAccessUserSeatParams) ([]AccessUpdateAccessUserSeatResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if params.SeatUID == "" {
-		return []AccessUpdateAccessUserSeatResult{}, errMissingAccessSeatUID
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/seats",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	// this requests expects an array of params, but this method only accepts a single param
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, []UpdateAccessUserSeatParams{params})
-	if err != nil {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var updateAccessUserSeatResponse UpdateAccessUserSeatResponse
-	err = json.Unmarshal(res, &updateAccessUserSeatResponse)
-	if err != nil {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return updateAccessUserSeatResponse.Result, nil
-}
-
-// UpdateAccessUsersSeats updates many Access User Seats.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-seats-update-a-user-seat
-func (api *API) UpdateAccessUsersSeats(ctx context.Context, rc *ResourceContainer, params UpdateAccessUsersSeatsParams) ([]AccessUpdateAccessUserSeatResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	for _, param := range params {
-		if param.SeatUID == "" {
-			return []AccessUpdateAccessUserSeatResult{}, errMissingAccessSeatUID
-		}
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/seats",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	// this requests expects an array of params, but this method only accepts a single param
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var updateAccessUserSeatResponse UpdateAccessUserSeatResponse
-	err = json.Unmarshal(res, &updateAccessUserSeatResponse)
-	if err != nil {
-		return []AccessUpdateAccessUserSeatResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return updateAccessUserSeatResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_seats_test.go b/pkg/cloudflare-go/access_seats_test.go
deleted file mode 100644
index 90ef47511d..0000000000
--- a/pkg/cloudflare-go/access_seats_test.go
+++ /dev/null
@@ -1,182 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var testAccessGroupSeatUID = "access-group-seat-uid"
-var testAccessGroupSeatUID2 = "access-group-seat-uid2"
-
-func TestUpdateAccessUserSeat_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessUserSeat(context.Background(), testZoneRC, UpdateAccessUserSeatParams{})
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestUpdateAccessUserSeat_MissingUID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessUserSeat(context.Background(), testAccountRC, UpdateAccessUserSeatParams{})
-	assert.EqualError(t, err, "missing required access seat UID")
-}
-
-func TestUpdateAccessUsersSeats_MissingUID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccessUsersSeats(context.Background(), testAccountRC, UpdateAccessUsersSeatsParams{{GatewaySeat: BoolPtr(false), SeatUID: "seat_id"}, {SeatUID: "", AccessSeat: BoolPtr(true)}})
-	assert.EqualError(t, err, "missing required access seat UID")
-}
-
-func TestUpdateAccessUserSeat(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		req := []UpdateAccessUserSeatParams{}
-
-		// Try to decode the request body into the struct.
-		err := json.NewDecoder(r.Body).Decode(&req)
-		assert.NoError(t, err, "Failed to decode request body into UpdateAccessUserSeatParams")
-		assert.Equal(t, len(req), 1, "Expected 1 seat to be updated, got %d", len(req))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"access_seat": false,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"gateway_seat": false,
-				"seat_uid": null,
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			  }
-			],
-			"success": true,
-			"result_info": {
-			  "count": 1,
-			  "page": 1,
-			  "per_page": 20,
-			  "total_count": 2000
-			}
-		  }
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/seats", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := []AccessUpdateAccessUserSeatResult{
-		{
-			AccessSeat:  BoolPtr(false),
-			CreatedAt:   &createdAt,
-			GatewaySeat: BoolPtr(false),
-			SeatUID:     "",
-			UpdatedAt:   &updatedAt,
-		},
-	}
-
-	actual, err := client.UpdateAccessUserSeat(context.Background(), testAccountRC, UpdateAccessUserSeatParams{
-		SeatUID:     testAccessGroupSeatUID,
-		AccessSeat:  BoolPtr(false),
-		GatewaySeat: BoolPtr(false),
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccessUsersSeats(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		req := []UpdateAccessUserSeatParams{}
-
-		// Try to decode the request body into the struct.
-		err := json.NewDecoder(r.Body).Decode(&req)
-		assert.NoError(t, err, "Failed to decode request body into UpdateAccessUserSeatParams")
-		assert.Equal(t, len(req), 2, "Expected 2 seat to be updated, got %d", len(req))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"access_seat": false,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"gateway_seat": false,
-				"seat_uid": "%s",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			  },
-			  {
-				"access_seat": false,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"gateway_seat": false,
-				"seat_uid": "%s",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			  }
-			],
-			"success": true,
-			"result_info": {
-			  "count": 1,
-			  "page": 1,
-			  "per_page": 20,
-			  "total_count": 2000
-			}
-		  }
-		`, testAccessGroupSeatUID, testAccessGroupSeatUID2)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/seats", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := []AccessUpdateAccessUserSeatResult{
-		{
-			AccessSeat:  BoolPtr(false),
-			CreatedAt:   &createdAt,
-			GatewaySeat: BoolPtr(false),
-			SeatUID:     testAccessGroupSeatUID,
-			UpdatedAt:   &updatedAt,
-		},
-		{
-			AccessSeat:  BoolPtr(false),
-			CreatedAt:   &createdAt,
-			GatewaySeat: BoolPtr(false),
-			SeatUID:     testAccessGroupSeatUID2,
-			UpdatedAt:   &updatedAt,
-		},
-	}
-
-	actual, err := client.UpdateAccessUsersSeats(context.Background(), testAccountRC, UpdateAccessUsersSeatsParams{
-		{
-			SeatUID:     testAccessGroupSeatUID,
-			AccessSeat:  BoolPtr(false),
-			GatewaySeat: BoolPtr(false),
-		},
-		{
-			SeatUID:     testAccessGroupSeatUID2,
-			AccessSeat:  BoolPtr(false),
-			GatewaySeat: BoolPtr(false),
-		},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_service_tokens.go b/pkg/cloudflare-go/access_service_tokens.go
deleted file mode 100644
index 5202b24919..0000000000
--- a/pkg/cloudflare-go/access_service_tokens.go
+++ /dev/null
@@ -1,257 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingServiceTokenUUID = errors.New("missing required service token UUID")
-)
-
-// AccessServiceToken represents an Access Service Token.
-type AccessServiceToken struct {
-	ClientID  string     `json:"client_id"`
-	CreatedAt *time.Time `json:"created_at"`
-	ExpiresAt *time.Time `json:"expires_at"`
-	ID        string     `json:"id"`
-	Name      string     `json:"name"`
-	UpdatedAt *time.Time `json:"updated_at"`
-	Duration  string     `json:"duration,omitempty"`
-}
-
-// AccessServiceTokenUpdateResponse represents the response from the API
-// when a new Service Token is updated. This base struct is also used in the
-// Create as they are very similar responses.
-type AccessServiceTokenUpdateResponse struct {
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-	ExpiresAt *time.Time `json:"expires_at"`
-	ID        string     `json:"id"`
-	Name      string     `json:"name"`
-	ClientID  string     `json:"client_id"`
-	Duration  string     `json:"duration,omitempty"`
-}
-
-// AccessServiceTokenRefreshResponse represents the response from the API
-// when an existing service token is refreshed to last longer.
-type AccessServiceTokenRefreshResponse struct {
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-	ExpiresAt *time.Time `json:"expires_at"`
-	ID        string     `json:"id"`
-	Name      string     `json:"name"`
-	ClientID  string     `json:"client_id"`
-	Duration  string     `json:"duration,omitempty"`
-}
-
-// AccessServiceTokenCreateResponse is the same API response as the Update
-// operation with the exception that the `ClientSecret` is present in a
-// Create operation.
-type AccessServiceTokenCreateResponse struct {
-	CreatedAt    *time.Time `json:"created_at"`
-	UpdatedAt    *time.Time `json:"updated_at"`
-	ExpiresAt    *time.Time `json:"expires_at"`
-	ID           string     `json:"id"`
-	Name         string     `json:"name"`
-	ClientID     string     `json:"client_id"`
-	ClientSecret string     `json:"client_secret"`
-	Duration     string     `json:"duration,omitempty"`
-}
-
-// AccessServiceTokenRotateResponse is the same API response as the Create
-// operation.
-type AccessServiceTokenRotateResponse struct {
-	CreatedAt    *time.Time `json:"created_at"`
-	UpdatedAt    *time.Time `json:"updated_at"`
-	ExpiresAt    *time.Time `json:"expires_at"`
-	ID           string     `json:"id"`
-	Name         string     `json:"name"`
-	ClientID     string     `json:"client_id"`
-	ClientSecret string     `json:"client_secret"`
-	Duration     string     `json:"duration,omitempty"`
-}
-
-// AccessServiceTokensListResponse represents the response from the list
-// Access Service Tokens endpoint.
-type AccessServiceTokensListResponse struct {
-	Result []AccessServiceToken `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessServiceTokensDetailResponse is the API response, containing a single
-// Access Service Token.
-type AccessServiceTokensDetailResponse struct {
-	Success  bool               `json:"success"`
-	Errors   []string           `json:"errors"`
-	Messages []string           `json:"messages"`
-	Result   AccessServiceToken `json:"result"`
-}
-
-// AccessServiceTokensCreationDetailResponse is the API response, containing a
-// single Access Service Token.
-type AccessServiceTokensCreationDetailResponse struct {
-	Success  bool                             `json:"success"`
-	Errors   []string                         `json:"errors"`
-	Messages []string                         `json:"messages"`
-	Result   AccessServiceTokenCreateResponse `json:"result"`
-}
-
-// AccessServiceTokensUpdateDetailResponse is the API response, containing a
-// single Access Service Token.
-type AccessServiceTokensUpdateDetailResponse struct {
-	Success  bool                             `json:"success"`
-	Errors   []string                         `json:"errors"`
-	Messages []string                         `json:"messages"`
-	Result   AccessServiceTokenUpdateResponse `json:"result"`
-}
-
-// AccessServiceTokensRefreshDetailResponse is the API response, containing a
-// single Access Service Token.
-type AccessServiceTokensRefreshDetailResponse struct {
-	Success  bool                              `json:"success"`
-	Errors   []string                          `json:"errors"`
-	Messages []string                          `json:"messages"`
-	Result   AccessServiceTokenRefreshResponse `json:"result"`
-}
-
-// AccessServiceTokensRotateSecretDetailResponse is the API response, containing a
-// single Access Service Token.
-type AccessServiceTokensRotateSecretDetailResponse struct {
-	Success  bool                             `json:"success"`
-	Errors   []string                         `json:"errors"`
-	Messages []string                         `json:"messages"`
-	Result   AccessServiceTokenRotateResponse `json:"result"`
-}
-
-type ListAccessServiceTokensParams struct{}
-
-type CreateAccessServiceTokenParams struct {
-	Name     string `json:"name"`
-	Duration string `json:"duration,omitempty"`
-}
-
-type UpdateAccessServiceTokenParams struct {
-	Name     string `json:"name"`
-	UUID     string `json:"-"`
-	Duration string `json:"duration,omitempty"`
-}
-
-func (api *API) ListAccessServiceTokens(ctx context.Context, rc *ResourceContainer, params ListAccessServiceTokensParams) ([]AccessServiceToken, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessServiceToken{}, ResultInfo{}, err
-	}
-
-	var accessServiceTokensListResponse AccessServiceTokensListResponse
-	err = json.Unmarshal(res, &accessServiceTokensListResponse)
-	if err != nil {
-		return []AccessServiceToken{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokensListResponse.Result, accessServiceTokensListResponse.ResultInfo, nil
-}
-
-func (api *API) CreateAccessServiceToken(ctx context.Context, rc *ResourceContainer, params CreateAccessServiceTokenParams) (AccessServiceTokenCreateResponse, error) {
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-
-	if err != nil {
-		return AccessServiceTokenCreateResponse{}, err
-	}
-
-	var accessServiceTokenCreation AccessServiceTokensCreationDetailResponse
-	err = json.Unmarshal(res, &accessServiceTokenCreation)
-	if err != nil {
-		return AccessServiceTokenCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokenCreation.Result, nil
-}
-
-func (api *API) UpdateAccessServiceToken(ctx context.Context, rc *ResourceContainer, params UpdateAccessServiceTokenParams) (AccessServiceTokenUpdateResponse, error) {
-	if params.UUID == "" {
-		return AccessServiceTokenUpdateResponse{}, ErrMissingServiceTokenUUID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s", rc.Level, rc.Identifier, params.UUID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AccessServiceTokenUpdateResponse{}, err
-	}
-
-	var accessServiceTokenUpdate AccessServiceTokensUpdateDetailResponse
-	err = json.Unmarshal(res, &accessServiceTokenUpdate)
-	if err != nil {
-		return AccessServiceTokenUpdateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokenUpdate.Result, nil
-}
-
-func (api *API) DeleteAccessServiceToken(ctx context.Context, rc *ResourceContainer, uuid string) (AccessServiceTokenUpdateResponse, error) {
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s", rc.Level, rc.Identifier, uuid)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return AccessServiceTokenUpdateResponse{}, err
-	}
-
-	var accessServiceTokenUpdate AccessServiceTokensUpdateDetailResponse
-	err = json.Unmarshal(res, &accessServiceTokenUpdate)
-	if err != nil {
-		return AccessServiceTokenUpdateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokenUpdate.Result, nil
-}
-
-// RefreshAccessServiceToken updates the expiry of an Access Service Token
-// in place.
-//
-// API reference: https://api.cloudflare.com/#access-service-tokens-refresh-a-service-token
-func (api *API) RefreshAccessServiceToken(ctx context.Context, rc *ResourceContainer, id string) (AccessServiceTokenRefreshResponse, error) {
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s/refresh", rc.Level, rc.Identifier, id)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return AccessServiceTokenRefreshResponse{}, err
-	}
-
-	var accessServiceTokenRefresh AccessServiceTokensRefreshDetailResponse
-	err = json.Unmarshal(res, &accessServiceTokenRefresh)
-	if err != nil {
-		return AccessServiceTokenRefreshResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokenRefresh.Result, nil
-}
-
-// RotateAccessServiceToken rotates the client secret of an Access Service
-// Token in place.
-// API reference: https://api.cloudflare.com/#access-service-tokens-rotate-a-service-token
-func (api *API) RotateAccessServiceToken(ctx context.Context, rc *ResourceContainer, id string) (AccessServiceTokenRotateResponse, error) {
-	uri := fmt.Sprintf("/%s/%s/access/service_tokens/%s/rotate", rc.Level, rc.Identifier, id)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return AccessServiceTokenRotateResponse{}, err
-	}
-
-	var accessServiceTokenRotate AccessServiceTokensRotateSecretDetailResponse
-	err = json.Unmarshal(res, &accessServiceTokenRotate)
-	if err != nil {
-		return AccessServiceTokenRotateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accessServiceTokenRotate.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_service_tokens_test.go b/pkg/cloudflare-go/access_service_tokens_test.go
deleted file mode 100644
index 1f9ed8120b..0000000000
--- a/pkg/cloudflare-go/access_service_tokens_test.go
+++ /dev/null
@@ -1,313 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessServiceTokens(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z",
-					"expires_at": "2015-01-01T05:20:00.12345Z",
-					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-					"name": "CI/CD token",
-					"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-					"duration": "8760h"
-				}
-			]
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expiresAt, _ := time.Parse(time.RFC3339, "2015-01-01T05:20:00.12345Z")
-
-	want := []AccessServiceToken{
-		{
-			CreatedAt: &createdAt,
-			UpdatedAt: &updatedAt,
-			ExpiresAt: &expiresAt,
-			ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			Name:      "CI/CD token",
-			ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
-			Duration:  "8760h",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens", handler)
-
-	actual, _, err := client.ListAccessServiceTokens(context.Background(), testAccountRC, ListAccessServiceTokensParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens", handler)
-
-	actual, _, err = client.ListAccessServiceTokens(context.Background(), testZoneRC, ListAccessServiceTokensParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessServiceToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_at": "2015-01-01T05:20:00.12345Z",
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "CI/CD token",
-				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-				"client_secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
-				"duration": "8760h"
-			}
-		}
-		`)
-	}
-
-	expected := AccessServiceTokenCreateResponse{
-		CreatedAt:    &createdAt,
-		UpdatedAt:    &updatedAt,
-		ExpiresAt:    &expiresAt,
-		ID:           "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:         "CI/CD token",
-		ClientID:     "88bf3b6d86161464f6509f7219099e57.access.example.com",
-		ClientSecret: "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
-		Duration:     "8760h",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens", handler)
-
-	actual, err := client.CreateAccessServiceToken(context.Background(), testAccountRC, CreateAccessServiceTokenParams{Name: "CI/CD token"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens", handler)
-
-	actual, err = client.CreateAccessServiceToken(context.Background(), testZoneRC, CreateAccessServiceTokenParams{Name: "CI/CD token"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestUpdateAccessServiceToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_at": "2015-01-01T05:20:00.12345Z",
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "CI/CD token",
-				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-				"duration": "8760h"
-			}
-		}
-		`)
-	}
-
-	expected := AccessServiceTokenUpdateResponse{
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		ExpiresAt: &expiresAt,
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "CI/CD token",
-		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
-		Duration:  "8760h",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.UpdateAccessServiceToken(context.Background(), testAccountRC, UpdateAccessServiceTokenParams{UUID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", Name: "CI/CD token"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.UpdateAccessServiceToken(context.Background(), testZoneRC, UpdateAccessServiceTokenParams{UUID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415", Name: "CI/CD token"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestRefreshAccessServiceToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_at": "2015-01-01T05:20:00.12345Z",
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "CI/CD token",
-				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-				"duration": "8760h"
-			}
-		}
-		`)
-	}
-
-	expected := AccessServiceTokenRefreshResponse{
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		ExpiresAt: &expiresAt,
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "CI/CD token",
-		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
-		Duration:  "8760h",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/refresh", handler)
-
-	actual, err := client.RefreshAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestRotateAccessServiceToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_at": "2015-01-01T05:20:00.12345Z",
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "CI/CD token",
-				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-				"client_secret": "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
-				"duration": "8760h"
-			}
-		}
-		`)
-	}
-
-	expected := AccessServiceTokenRotateResponse{
-		CreatedAt:    &createdAt,
-		UpdatedAt:    &updatedAt,
-		ExpiresAt:    &expiresAt,
-		ID:           "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:         "CI/CD token",
-		ClientID:     "88bf3b6d86161464f6509f7219099e57.access.example.com",
-		ClientSecret: "bdd31cbc4dec990953e39163fbbb194c93313ca9f0a6e420346af9d326b1d2a5",
-		Duration:     "8760h",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/rotate", handler)
-
-	actual, err := client.RotateAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestDeleteAccessServiceToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"expires_at": "2015-01-01T05:20:00.12345Z",
-				"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "CI/CD token",
-				"client_id": "88bf3b6d86161464f6509f7219099e57.access.example.com",
-				"duration": "8760h"
-			}
-		}
-		`)
-	}
-
-	expected := AccessServiceTokenUpdateResponse{
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		ExpiresAt: &expiresAt,
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "CI/CD token",
-		ClientID:  "88bf3b6d86161464f6509f7219099e57.access.example.com",
-		Duration:  "8760h",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err := client.DeleteAccessServiceToken(context.Background(), testAccountRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/service_tokens/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	actual, err = client.DeleteAccessServiceToken(context.Background(), testZoneRC, "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/access_tag.go b/pkg/cloudflare-go/access_tag.go
deleted file mode 100644
index 9bba613d1e..0000000000
--- a/pkg/cloudflare-go/access_tag.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type AccessTag struct {
-	Name     string `json:"name,omitempty"`
-	AppCount int    `json:"app_count,omitempty"`
-}
-
-type AccessTagListResponse struct {
-	Response
-	Result     []AccessTag `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type AccessTagResponse struct {
-	Response
-	Result AccessTag `json:"result"`
-}
-
-type ListAccessTagsParams struct{}
-
-type CreateAccessTagParams struct {
-	Name string `json:"name,omitempty"`
-}
-
-func (api *API) ListAccessTags(ctx context.Context, rc *ResourceContainer, params ListAccessTagsParams) ([]AccessTag, error) {
-	uri := buildURI(fmt.Sprintf("/%s/%s/access/tags", rc.Level, rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessTag{}, err
-	}
-
-	var TagsResponse AccessTagListResponse
-	err = json.Unmarshal(res, &TagsResponse)
-	if err != nil {
-		return []AccessTag{}, err
-	}
-	return TagsResponse.Result, nil
-}
-
-func (api *API) GetAccessTag(ctx context.Context, rc *ResourceContainer, tagName string) (AccessTag, error) {
-	uri := fmt.Sprintf("/%s/%s/access/tags/%s", rc.Level, rc.Identifier, tagName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccessTag{}, err
-	}
-
-	var TagResponse AccessTagResponse
-	err = json.Unmarshal(res, &TagResponse)
-	if err != nil {
-		return AccessTag{}, err
-	}
-	return TagResponse.Result, nil
-}
-
-func (api *API) CreateAccessTag(ctx context.Context, rc *ResourceContainer, params CreateAccessTagParams) (AccessTag, error) {
-	uri := fmt.Sprintf("/%s/%s/access/tags", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AccessTag{}, err
-	}
-
-	var TagResponse AccessTagResponse
-	err = json.Unmarshal(res, &TagResponse)
-	if err != nil {
-		return AccessTag{}, err
-	}
-	return TagResponse.Result, nil
-}
-
-func (api *API) DeleteAccessTag(ctx context.Context, rc *ResourceContainer, tagName string) error {
-	uri := fmt.Sprintf("/%s/%s/access/tags/%s", rc.Level, rc.Identifier, tagName)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_tag_test.go b/pkg/cloudflare-go/access_tag_test.go
deleted file mode 100644
index 612a9e6c51..0000000000
--- a/pkg/cloudflare-go/access_tag_test.go
+++ /dev/null
@@ -1,136 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccessTags(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"name": "engineers",
-					"app_count": 0
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	want := []AccessTag{
-		{
-			Name:     "engineers",
-			AppCount: 0,
-		},
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags", handler)
-	actual, err := client.ListAccessTags(context.Background(), AccountIdentifier(testAccountID), ListAccessTagsParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccessTag(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodGet, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "engineers",
-				"app_count": 0
-			}
-		}`)
-	}
-
-	want := AccessTag{
-		Name:     "engineers",
-		AppCount: 0,
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags/engineers", handler)
-	actual, err := client.GetAccessTag(context.Background(), AccountIdentifier(testAccountID), "engineers")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateAccessTag(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodPost, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "sales",
-				"app_count": 0
-			}
-		}`)
-	}
-
-	Tag := AccessTag{
-		Name:     "sales",
-		AppCount: 0,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags", handler)
-	actual, err := client.CreateAccessTag(context.Background(), AccountIdentifier(testAccountID), CreateAccessTagParams{
-		Name: "sales",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, Tag, actual)
-	}
-}
-
-func TestDeleteAccessTag(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodDelete, "HTTP method")
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			result: {
-				"id": "engineers"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/tags/engineers", handler)
-	err := client.DeleteAccessTag(context.Background(), AccountIdentifier(testAccountID), "engineers")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_user_tokens.go b/pkg/cloudflare-go/access_user_tokens.go
deleted file mode 100644
index ba32d7fbfe..0000000000
--- a/pkg/cloudflare-go/access_user_tokens.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-)
-
-type RevokeAccessUserTokensParams struct {
-	Email string `json:"email"`
-}
-
-// RevokeAccessUserTokens revokes any outstanding tokens issued for a specific user
-// Access User.
-func (api *API) RevokeAccessUserTokens(ctx context.Context, rc *ResourceContainer, params RevokeAccessUserTokensParams) error {
-	uri := fmt.Sprintf("/%s/%s/access/organizations/revoke_user", rc.Level, rc.Identifier)
-
-	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/access_user_tokens_test.go b/pkg/cloudflare-go/access_user_tokens_test.go
deleted file mode 100644
index 921c9b85cf..0000000000
--- a/pkg/cloudflare-go/access_user_tokens_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestRevokeAccessUserTokens(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"result": true
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/organizations/revoke_user", handler)
-
-	err := client.RevokeAccessUserTokens(context.Background(), testAccountRC, RevokeAccessUserTokensParams{Email: "test@example.com"})
-
-	assert.NoError(t, err)
-}
-
-func TestRevokeZoneLevelAccessUserTokens(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"result": true
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/access/organizations/revoke_user", handler)
-
-	err := client.RevokeAccessUserTokens(context.Background(), testZoneRC, RevokeAccessUserTokensParams{Email: "test@example.com"})
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/access_users.go b/pkg/cloudflare-go/access_users.go
deleted file mode 100644
index 233ceb2bb6..0000000000
--- a/pkg/cloudflare-go/access_users.go
+++ /dev/null
@@ -1,362 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type AccessUserActiveSessionsResponse struct {
-	Result     []AccessUserActiveSessionResult `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-type AccessUserActiveSessionResult struct {
-	Expiration int64                           `json:"expiration"`
-	Metadata   AccessUserActiveSessionMetadata `json:"metadata"`
-	Name       string                          `json:"name"`
-}
-
-type AccessUserActiveSessionMetadata struct {
-	Apps    map[string]AccessUserActiveSessionMetadataApp `json:"apps"`
-	Expires int64                                         `json:"expires"`
-	IAT     int64                                         `json:"iat"`
-	Nonce   string                                        `json:"nonce"`
-	TTL     int64                                         `json:"ttl"`
-}
-
-type AccessUserActiveSessionMetadataApp struct {
-	Hostname string `json:"hostname"`
-	Name     string `json:"name"`
-	Type     string `json:"type"`
-	UID      string `json:"uid"`
-}
-
-type AccessUserDevicePosture struct {
-	Check       AccessUserDevicePostureCheck `json:"check"`
-	Data        map[string]interface{}       `json:"data"`
-	Description string                       `json:"description"`
-	Error       string                       `json:"error"`
-	ID          string                       `json:"id"`
-	RuleName    string                       `json:"rule_name"`
-	Success     *bool                        `json:"success"`
-	Timestamp   string                       `json:"timestamp"`
-	Type        string                       `json:"type"`
-}
-
-type AccessUserDeviceSession struct {
-	LastAuthenticated int64 `json:"last_authenticated"`
-}
-
-type AccessUserFailedLoginsResponse struct {
-	Result     []AccessUserFailedLoginResult `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-type AccessUserFailedLoginResult struct {
-	Expiration int64                         `json:"expiration"`
-	Metadata   AccessUserFailedLoginMetadata `json:"metadata"`
-}
-
-type AccessUserFailedLoginMetadata struct {
-	AppName   string `json:"app_name"`
-	Aud       string `json:"aud"`
-	Datetime  string `json:"datetime"`
-	RayID     string `json:"ray_id"`
-	UserEmail string `json:"user_email"`
-	UserUUID  string `json:"user_uuid"`
-}
-
-type AccessUserLastSeenIdentityResponse struct {
-	Result     AccessUserLastSeenIdentityResult `json:"result"`
-	ResultInfo ResultInfo                       `json:"result_info"`
-	Response
-}
-
-type AccessUserLastSeenIdentityResult struct {
-	AccountID          string                             `json:"account_id"`
-	AuthStatus         string                             `json:"auth_status"`
-	CommonName         string                             `json:"common_name"`
-	DeviceID           string                             `json:"device_id"`
-	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
-	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
-	Email              string                             `json:"email"`
-	Geo                AccessUserIdentityGeo              `json:"geo"`
-	IAT                int64                              `json:"iat"`
-	IDP                AccessUserIDP                      `json:"idp"`
-	IP                 string                             `json:"ip"`
-	IsGateway          *bool                              `json:"is_gateway"`
-	IsWarp             *bool                              `json:"is_warp"`
-	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
-	ServiceTokenID     string                             `json:"service_token_id"`
-	ServiceTokenStatus *bool                              `json:"service_token_status"`
-	UserUUID           string                             `json:"user_uuid"`
-	Version            int                                `json:"version"`
-}
-
-type AccessUserLastSeenIdentitySessionResponse struct {
-	Result     GetAccessUserLastSeenIdentityResult `json:"result"`
-	ResultInfo ResultInfo                          `json:"result_info"`
-	Response
-}
-
-type GetAccessUserLastSeenIdentityResult struct {
-	AccountID          string                             `json:"account_id"`
-	AuthStatus         string                             `json:"auth_status"`
-	CommonName         string                             `json:"common_name"`
-	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
-	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
-	DeviceID           string                             `json:"device_id"`
-	Email              string                             `json:"email"`
-	Geo                AccessUserIdentityGeo              `json:"geo"`
-	IAT                int64                              `json:"iat"`
-	IDP                AccessUserIDP                      `json:"idp"`
-	IP                 string                             `json:"ip"`
-	IsGateway          *bool                              `json:"is_gateway"`
-	IsWarp             *bool                              `json:"is_warp"`
-	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
-	ServiceTokenID     string                             `json:"service_token_id"`
-	ServiceTokenStatus *bool                              `json:"service_token_status"`
-	UserUUID           string                             `json:"user_uuid"`
-	Version            int                                `json:"version"`
-}
-
-type AccessUserDevicePostureCheck struct {
-	Exists *bool  `json:"exists"`
-	Path   string `json:"path"`
-}
-
-type AccessUserIdentityGeo struct {
-	Country string `json:"country"`
-}
-
-type AccessUserIDP struct {
-	ID   string `json:"id"`
-	Type string `json:"type"`
-}
-
-type AccessUserMTLSAuth struct {
-	AuthStatus    string `json:"auth_status"`
-	CertIssuerDN  string `json:"cert_issuer_dn"`
-	CertIssuerSKI string `json:"cert_issuer_ski"`
-	CertPresented *bool  `json:"cert_presented"`
-	CertSerial    string `json:"cert_serial"`
-}
-
-type AccessUserListResponse struct {
-	Result     []AccessUser `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-type AccessUser struct {
-	ID                  string `json:"id"`
-	AccessSeat          *bool  `json:"access_seat"`
-	ActiveDeviceCount   int    `json:"active_device_count"`
-	CreatedAt           string `json:"created_at"`
-	Email               string `json:"email"`
-	GatewaySeat         *bool  `json:"gateway_seat"`
-	LastSuccessfulLogin string `json:"last_successful_login"`
-	Name                string `json:"name"`
-	SeatUID             string `json:"seat_uid"`
-	UID                 string `json:"uid"`
-	UpdatedAt           string `json:"updated_at"`
-}
-
-type AccessUserParams struct {
-	ResultInfo
-}
-
-type GetAccessUserSingleActiveSessionResponse struct {
-	Result     GetAccessUserSingleActiveSessionResult `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-type GetAccessUserSingleActiveSessionResult struct {
-	AccountID          string                             `json:"account_id"`
-	AuthStatus         string                             `json:"auth_status"`
-	CommonName         string                             `json:"common_name"`
-	DevicePosture      map[string]AccessUserDevicePosture `json:"devicePosture"`
-	DeviceSessions     map[string]AccessUserDeviceSession `json:"device_sessions"`
-	DeviceID           string                             `json:"device_id"`
-	Email              string                             `json:"email"`
-	Geo                AccessUserIdentityGeo              `json:"geo"`
-	IAT                int64                              `json:"iat"`
-	IDP                AccessUserIDP                      `json:"idp"`
-	IP                 string                             `json:"ip"`
-	IsGateway          *bool                              `json:"is_gateway"`
-	IsWarp             *bool                              `json:"is_warp"`
-	MtlsAuth           AccessUserMTLSAuth                 `json:"mtls_auth"`
-	ServiceTokenID     string                             `json:"service_token_id"`
-	ServiceTokenStatus *bool                              `json:"service_token_status"`
-	UserUUID           string                             `json:"user_uuid"`
-	Version            int                                `json:"version"`
-	IsActive           *bool                              `json:"isActive"`
-}
-
-// ListAccessUsers returns a list of users for a single cloudflare access/zerotrust account.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-users
-func (api *API) ListAccessUsers(ctx context.Context, rc *ResourceContainer, params AccessUserParams) ([]AccessUser, *ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AccessUser{}, &ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	baseURL := fmt.Sprintf("/%s/%s/access/users", rc.Level, rc.Identifier)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var accessUsers []AccessUser
-	var resultInfo *ResultInfo = nil
-
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccessUser{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-		var r AccessUserListResponse
-		resultInfo = &r.ResultInfo
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccessUser{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		accessUsers = append(accessUsers, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return accessUsers, resultInfo, nil
-}
-
-// GetAccessUserActiveSessions returns a list of active sessions for an user.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-active-sessions
-func (api *API) GetAccessUserActiveSessions(ctx context.Context, rc *ResourceContainer, userID string) ([]AccessUserActiveSessionResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AccessUserActiveSessionResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/users/%s/active_sessions",
-		rc.Level,
-		rc.Identifier,
-		userID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessUserActiveSessionResult{}, err
-	}
-
-	var accessUserActiveSessionsResponse AccessUserActiveSessionsResponse
-	err = json.Unmarshal(res, &accessUserActiveSessionsResponse)
-	if err != nil {
-		return []AccessUserActiveSessionResult{}, err
-	}
-	return accessUserActiveSessionsResponse.Result, nil
-}
-
-// GetAccessUserSingleActiveSession returns a single active session for a user.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-active-session
-func (api *API) GetAccessUserSingleActiveSession(ctx context.Context, rc *ResourceContainer, userID string, sessionID string) (GetAccessUserSingleActiveSessionResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return GetAccessUserSingleActiveSessionResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/users/%s/active_sessions/%s",
-		rc.Level,
-		rc.Identifier,
-		userID,
-		sessionID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return GetAccessUserSingleActiveSessionResult{}, err
-	}
-
-	var accessUserActiveSingleSessionsResponse GetAccessUserSingleActiveSessionResponse
-	err = json.Unmarshal(res, &accessUserActiveSingleSessionsResponse)
-	if err != nil {
-		return GetAccessUserSingleActiveSessionResult{}, err
-	}
-	return accessUserActiveSingleSessionsResponse.Result, nil
-}
-
-// GetAccessUserFailedLogins returns a list of failed logins for a user.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-failed-logins
-func (api *API) GetAccessUserFailedLogins(ctx context.Context, rc *ResourceContainer, userID string) ([]AccessUserFailedLoginResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AccessUserFailedLoginResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/users/%s/failed_logins",
-		rc.Level,
-		rc.Identifier,
-		userID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccessUserFailedLoginResult{}, err
-	}
-
-	var accessUserFailedLoginsResponse AccessUserFailedLoginsResponse
-	err = json.Unmarshal(res, &accessUserFailedLoginsResponse)
-	if err != nil {
-		return []AccessUserFailedLoginResult{}, err
-	}
-	return accessUserFailedLoginsResponse.Result, nil
-}
-
-// GetAccessUserLastSeenIdentity returns the last seen identity for a user.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/zero-trust-users-get-last-seen-identity
-func (api *API) GetAccessUserLastSeenIdentity(ctx context.Context, rc *ResourceContainer, userID string) (GetAccessUserLastSeenIdentityResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return GetAccessUserLastSeenIdentityResult{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/access/users/%s/last_seen_identity",
-		rc.Level,
-		rc.Identifier,
-		userID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return GetAccessUserLastSeenIdentityResult{}, err
-	}
-
-	var accessUserLastSeenIdentityResponse AccessUserLastSeenIdentitySessionResponse
-	err = json.Unmarshal(res, &accessUserLastSeenIdentityResponse)
-	if err != nil {
-		return GetAccessUserLastSeenIdentityResult{}, err
-	}
-	return accessUserLastSeenIdentityResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/access_users_test.go b/pkg/cloudflare-go/access_users_test.go
deleted file mode 100644
index dd24d3f1f3..0000000000
--- a/pkg/cloudflare-go/access_users_test.go
+++ /dev/null
@@ -1,616 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	testAccessUserID        = "access-user-id"
-	testAccessUserSessionID = "access-user-session-id"
-
-	expectedListAccessUserResult = []AccessUser{
-		{
-			AccessSeat:          BoolPtr(false),
-			ActiveDeviceCount:   2,
-			CreatedAt:           "2014-01-01T05:20:00.12345Z",
-			Email:               "jdoe@example.com",
-			GatewaySeat:         BoolPtr(false),
-			ID:                  "f3b12456-80dd-4e89-9f5f-ba3dfff12365",
-			LastSuccessfulLogin: "2020-07-01T05:20:00Z",
-			Name:                "Jane Doe",
-			SeatUID:             "",
-			UID:                 "",
-			UpdatedAt:           "2014-01-01T05:20:00.12345Z",
-		},
-		{
-			AccessSeat:          BoolPtr(true),
-			ActiveDeviceCount:   2,
-			CreatedAt:           "2024-01-01T05:20:00.12345Z",
-			Email:               "jhondoe@example.com",
-			GatewaySeat:         BoolPtr(true),
-			ID:                  "c3b12456-80dd-4e89-9f5f-ba3dfff12367",
-			LastSuccessfulLogin: "2020-07-01T05:20:00Z",
-			Name:                "Jhon Doe",
-			SeatUID:             "",
-			UID:                 "",
-			UpdatedAt:           "2014-01-01T05:20:00.12345Z",
-		},
-	}
-
-	expectedGetAccessUserActiveSessionsResult = AccessUserActiveSessionResult{
-		Expiration: 1694813506,
-		Metadata: AccessUserActiveSessionMetadata{
-			Apps: map[string]AccessUserActiveSessionMetadataApp{
-				"property1": {
-					Hostname: "test.example.com",
-					Name:     "app name",
-					Type:     "self_hosted",
-					UID:      "cc2a8145-0128-4429-87f3-872c4d380c4e",
-				},
-				"property2": {
-					Hostname: "test.example.com",
-					Name:     "app name",
-					Type:     "self_hosted",
-					UID:      "cc2a8145-0128-4429-87f3-872c4d380c4e",
-				},
-			},
-			Expires: 1694813506,
-			IAT:     1694791905,
-			Nonce:   "X1aXj1lFVcqqyoXF",
-			TTL:     21600,
-		},
-		Name: "string",
-	}
-
-	expectedGetAccessUserFailedLoginsResult = AccessUserFailedLoginResult{
-		Expiration: 0,
-		Metadata: AccessUserFailedLoginMetadata{
-			AppName:   "Test App",
-			Aud:       "39691c1480a2352a18ece567debc2b32552686cbd38eec0887aa18d5d3f00c04",
-			Datetime:  "2022-02-02T21:54:34.914Z",
-			RayID:     "6d76a8a42ead4133",
-			UserEmail: "test@cloudflare.com",
-			UserUUID:  "57171132-e453-4ee8-b2a5-8cbaad333207",
-		},
-	}
-
-	expectedGetAccessUserLastSeenIdentityResult = GetAccessUserLastSeenIdentityResult{
-		AccountID:  "1234567890",
-		AuthStatus: "NONE",
-		CommonName: "",
-		DevicePosture: map[string]AccessUserDevicePosture{
-			"property1": {
-				Check: AccessUserDevicePostureCheck{
-					Exists: BoolPtr(true),
-					Path:   "string",
-				},
-				Data:        map[string]interface{}{},
-				Description: "string",
-				Error:       "string",
-				ID:          "string",
-				RuleName:    "string",
-				Success:     BoolPtr(true),
-				Timestamp:   "string",
-				Type:        "string",
-			},
-			"property2": {
-				Check: AccessUserDevicePostureCheck{
-					Exists: BoolPtr(true),
-					Path:   "string",
-				},
-				Data:        map[string]interface{}{},
-				Description: "string",
-				Error:       "string",
-				ID:          "string",
-				RuleName:    "string",
-				Success:     BoolPtr(true),
-				Timestamp:   "string",
-				Type:        "string",
-			},
-		},
-		DeviceID: "",
-		DeviceSessions: map[string]AccessUserDeviceSession{
-			"property1": {
-				LastAuthenticated: 1638832687,
-			},
-			"property2": {
-				LastAuthenticated: 1638832687,
-			},
-		},
-		Email: "test@cloudflare.com",
-		Geo: AccessUserIdentityGeo{
-			Country: "US",
-		},
-		IAT: 1694791905,
-		IDP: AccessUserIDP{
-			ID:   "string",
-			Type: "string",
-		},
-		IP:        "127.0.0.0",
-		IsGateway: BoolPtr(false),
-		IsWarp:    BoolPtr(false),
-		MtlsAuth: AccessUserMTLSAuth{
-			AuthStatus:    "string",
-			CertIssuerDN:  "string",
-			CertIssuerSKI: "string",
-			CertPresented: BoolPtr(true),
-			CertSerial:    "string",
-		},
-		ServiceTokenID:     "",
-		ServiceTokenStatus: BoolPtr(false),
-		UserUUID:           "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
-		Version:            2,
-	}
-
-	expectedGetAccessUserSingleActiveSessionResult = GetAccessUserSingleActiveSessionResult{
-		AccountID:  "1234567890",
-		AuthStatus: "NONE",
-		CommonName: "",
-		DevicePosture: map[string]AccessUserDevicePosture{
-			"property1": {
-				Check: AccessUserDevicePostureCheck{
-					Exists: BoolPtr(true),
-					Path:   "string",
-				},
-				Data:        map[string]interface{}{},
-				Description: "string",
-				Error:       "string",
-				ID:          "string",
-				RuleName:    "string",
-				Success:     BoolPtr(true),
-				Timestamp:   "string",
-				Type:        "string",
-			},
-			"property2": {
-				Check: AccessUserDevicePostureCheck{
-					Exists: BoolPtr(true),
-					Path:   "string",
-				},
-				Data:        map[string]interface{}{},
-				Description: "string",
-				Error:       "string",
-				ID:          "string",
-				RuleName:    "string",
-				Success:     BoolPtr(true),
-				Timestamp:   "string",
-				Type:        "string",
-			},
-		},
-		DeviceID: "",
-		DeviceSessions: map[string]AccessUserDeviceSession{
-			"property1": {
-				LastAuthenticated: 1638832687,
-			},
-			"property2": {
-				LastAuthenticated: 1638832687,
-			},
-		},
-		Email: "test@cloudflare.com",
-		Geo: AccessUserIdentityGeo{
-			Country: "US",
-		},
-		IAT: 1694791905,
-		IDP: AccessUserIDP{
-			ID:   "string",
-			Type: "string",
-		},
-		IP:        "127.0.0.0",
-		IsGateway: BoolPtr(false),
-		IsWarp:    BoolPtr(false),
-		MtlsAuth: AccessUserMTLSAuth{
-			AuthStatus:    "string",
-			CertIssuerDN:  "string",
-			CertIssuerSKI: "string",
-			CertPresented: BoolPtr(true),
-			CertSerial:    "string",
-		},
-		ServiceTokenID:     "",
-		ServiceTokenStatus: BoolPtr(false),
-		UserUUID:           "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
-		Version:            2,
-		IsActive:           BoolPtr(true),
-	}
-)
-
-func TestListAccessUsers_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, _, err := client.ListAccessUsers(context.Background(), testZoneRC, AccessUserParams{})
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestListAccessUsers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		userList, err := json.Marshal(expectedListAccessUserResult)
-		assert.NoError(t, err, "Error marshaling expectedListAccessUserResult")
-
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": %s,
-			"success": true,
-			"result_info": {
-			  "count": 2,
-			  "page": 1,
-			  "per_page": 100,
-			  "total_count": 2
-			}
-		  }`, string(userList))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users", handler)
-
-	actual, _, err := client.ListAccessUsers(context.Background(), testAccountRC, AccessUserParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedListAccessUserResult, actual)
-	}
-}
-
-func TestListAccessUsersWithPagination(t *testing.T) {
-	setup()
-	defer teardown()
-	// page 1 of 2
-	page := 1
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		userList, err := json.Marshal(expectedListAccessUserResult)
-		assert.NoError(t, err, "Error marshaling expectedListAccessUserResult")
-
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": %s,
-			"success": true,
-			"result_info": {
-			  "count": 2,
-			  "page": %d,
-			  "per_page": 2,
-			  "total_count": 4
-			}
-		  }`, string(userList), page)
-		// increment page for the next call
-		page++
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users", handler)
-
-	actual, _, err := client.ListAccessUsers(context.Background(), testAccountRC, AccessUserParams{})
-	expected := []AccessUser{}
-	// two pages of the same expectedResult
-	expected = append(expected, expectedListAccessUserResult...)
-	expected = append(expected, expectedListAccessUserResult...)
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestGetGetAccessUserActiveSessions_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetAccessUserActiveSessions(context.Background(), testZoneRC, testAccessUserID)
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestGetGetAccessUserActiveSessions(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"expiration": 1694813506,
-				"metadata": {
-				  "apps": {
-					"property1": {
-					  "hostname": "test.example.com",
-					  "name": "app name",
-					  "type": "self_hosted",
-					  "uid": "cc2a8145-0128-4429-87f3-872c4d380c4e"
-					},
-					"property2": {
-					  "hostname": "test.example.com",
-					  "name": "app name",
-					  "type": "self_hosted",
-					  "uid": "cc2a8145-0128-4429-87f3-872c4d380c4e"
-					}
-				  },
-				  "expires": 1694813506,
-				  "iat": 1694791905,
-				  "nonce": "X1aXj1lFVcqqyoXF",
-				  "ttl": 21600
-				},
-				"name": "string"
-			  }
-			],
-			"success": true,
-			"result_info": {
-			  "count": 1,
-			  "page": 1,
-			  "per_page": 20,
-			  "total_count": 2000
-			}
-		  }
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/active_sessions", handler)
-
-	actual, err := client.GetAccessUserActiveSessions(context.Background(), testAccountRC, testAccessUserID)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessUserActiveSessionResult{expectedGetAccessUserActiveSessionsResult}, actual)
-	}
-}
-
-func TestGetAccessUserSingleActiveSession_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetAccessUserSingleActiveSession(context.Background(), testZoneRC, testAccessUserID, testAccessUserSessionID)
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestGetAccessUserSingleActiveSession(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "account_id": "1234567890",
-			  "auth_status": "NONE",
-			  "common_name": "",
-			  "devicePosture": {
-				"property1": {
-				  "check": {
-					"exists": true,
-					"path": "string"
-				  },
-				  "data": {},
-				  "description": "string",
-				  "error": "string",
-				  "id": "string",
-				  "rule_name": "string",
-				  "success": true,
-				  "timestamp": "string",
-				  "type": "string"
-				},
-				"property2": {
-				  "check": {
-					"exists": true,
-					"path": "string"
-				  },
-				  "data": {},
-				  "description": "string",
-				  "error": "string",
-				  "id": "string",
-				  "rule_name": "string",
-				  "success": true,
-				  "timestamp": "string",
-				  "type": "string"
-				}
-			  },
-			  "device_id": "",
-			  "device_sessions": {
-				"property1": {
-				  "last_authenticated": 1638832687
-				},
-				"property2": {
-				  "last_authenticated": 1638832687
-				}
-			  },
-			  "email": "test@cloudflare.com",
-			  "geo": {
-				"country": "US"
-			  },
-			  "iat": 1694791905,
-			  "idp": {
-				"id": "string",
-				"type": "string"
-			  },
-			  "ip": "127.0.0.0",
-			  "is_gateway": false,
-			  "is_warp": false,
-			  "mtls_auth": {
-				"auth_status": "string",
-				"cert_issuer_dn": "string",
-				"cert_issuer_ski": "string",
-				"cert_presented": true,
-				"cert_serial": "string"
-			  },
-			  "service_token_id": "",
-			  "service_token_status": false,
-			  "user_uuid": "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
-			  "version": 2,
-			  "isActive": true
-			},
-			"success": true
-		  }
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/active_sessions/"+testAccessUserSessionID, handler)
-
-	actual, err := client.GetAccessUserSingleActiveSession(context.Background(), testAccountRC, testAccessUserID, testAccessUserSessionID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedGetAccessUserSingleActiveSessionResult, actual)
-	}
-}
-
-func TestGetAccessUserFailedLogins_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetAccessUserFailedLogins(context.Background(), testZoneRC, testAccessUserID)
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestGetAccessUserFailedLogins(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"expiration": 0,
-				"metadata": {
-				  "app_name": "Test App",
-				  "aud": "39691c1480a2352a18ece567debc2b32552686cbd38eec0887aa18d5d3f00c04",
-				  "datetime": "2022-02-02T21:54:34.914Z",
-				  "ray_id": "6d76a8a42ead4133",
-				  "user_email": "test@cloudflare.com",
-				  "user_uuid": "57171132-e453-4ee8-b2a5-8cbaad333207"
-				}
-			  }
-			],
-			"success": true,
-			"result_info": {
-			  "count": 1,
-			  "page": 1,
-			  "per_page": 20,
-			  "total_count": 2000
-			}
-		  }
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/failed_logins", handler)
-
-	actual, err := client.GetAccessUserFailedLogins(context.Background(), testAccountRC, testAccessUserID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []AccessUserFailedLoginResult{expectedGetAccessUserFailedLoginsResult}, actual)
-	}
-}
-
-func TestGetAccessUserLastSeenIdentity_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetAccessUserLastSeenIdentity(context.Background(), testZoneRC, testAccessUserID)
-	assert.EqualError(t, err, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel))
-}
-
-func TestGetAccessUserLastSeenIdentity(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "errors": [],
-  "messages": [],
-  "result": {
-    "account_id": "1234567890",
-    "auth_status": "NONE",
-    "common_name": "",
-    "devicePosture": {
-      "property1": {
-        "check": {
-          "exists": true,
-          "path": "string"
-        },
-        "data": {},
-        "description": "string",
-        "error": "string",
-        "id": "string",
-        "rule_name": "string",
-        "success": true,
-        "timestamp": "string",
-        "type": "string"
-      },
-      "property2": {
-        "check": {
-          "exists": true,
-          "path": "string"
-        },
-        "data": {},
-        "description": "string",
-        "error": "string",
-        "id": "string",
-        "rule_name": "string",
-        "success": true,
-        "timestamp": "string",
-        "type": "string"
-      }
-    },
-    "device_id": "",
-    "device_sessions": {
-      "property1": {
-        "last_authenticated": 1638832687
-      },
-      "property2": {
-        "last_authenticated": 1638832687
-      }
-    },
-    "email": "test@cloudflare.com",
-    "geo": {
-      "country": "US"
-    },
-    "iat": 1694791905,
-    "idp": {
-      "id": "string",
-      "type": "string"
-    },
-    "ip": "127.0.0.0",
-    "is_gateway": false,
-    "is_warp": false,
-    "mtls_auth": {
-      "auth_status": "string",
-      "cert_issuer_dn": "string",
-      "cert_issuer_ski": "string",
-      "cert_presented": true,
-      "cert_serial": "string"
-    },
-    "service_token_id": "",
-    "service_token_status": false,
-    "user_uuid": "57cf8cf2-f55a-4588-9ac9-f5e41e9f09b4",
-    "version": 2
-  },
-  "success": true
-}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/access/users/"+testAccessUserID+"/last_seen_identity", handler)
-
-	actual, err := client.GetAccessUserLastSeenIdentity(context.Background(), testAccountRC, testAccessUserID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedGetAccessUserLastSeenIdentityResult, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/account_members.go b/pkg/cloudflare-go/account_members.go
deleted file mode 100644
index d6ecab560d..0000000000
--- a/pkg/cloudflare-go/account_members.go
+++ /dev/null
@@ -1,245 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// AccountMember is the definition of a member of an account.
-type AccountMember struct {
-	ID       string                   `json:"id"`
-	Code     string                   `json:"code"`
-	User     AccountMemberUserDetails `json:"user"`
-	Status   string                   `json:"status"`
-	Roles    []AccountRole            `json:"roles,omitempty"`
-	Policies []Policy                 `json:"policies,omitempty"`
-}
-
-// AccountMemberUserDetails outlines all the personal information about
-// a member.
-type AccountMemberUserDetails struct {
-	ID                             string `json:"id"`
-	FirstName                      string `json:"first_name"`
-	LastName                       string `json:"last_name"`
-	Email                          string `json:"email"`
-	TwoFactorAuthenticationEnabled bool   `json:"two_factor_authentication_enabled"`
-}
-
-// AccountMembersListResponse represents the response from the list
-// account members endpoint.
-type AccountMembersListResponse struct {
-	Result []AccountMember `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccountMemberDetailResponse is the API response, containing a single
-// account member.
-type AccountMemberDetailResponse struct {
-	Success  bool          `json:"success"`
-	Errors   []string      `json:"errors"`
-	Messages []string      `json:"messages"`
-	Result   AccountMember `json:"result"`
-}
-
-// AccountMemberInvitation represents the invitation for a new member to
-// the account.
-type AccountMemberInvitation struct {
-	Email    string   `json:"email"`
-	Roles    []string `json:"roles,omitempty"`
-	Policies []Policy `json:"policies,omitempty"`
-	Status   string   `json:"status,omitempty"`
-}
-
-const errMissingMemberRolesOrPolicies = "account member must be created with roles or policies (not both)"
-
-var ErrMissingMemberRolesOrPolicies = errors.New(errMissingMemberRolesOrPolicies)
-
-type CreateAccountMemberParams struct {
-	EmailAddress string
-	Roles        []string
-	Policies     []Policy
-	Status       string
-}
-
-// AccountMembers returns all members of an account.
-//
-// API reference: https://api.cloudflare.com/#accounts-list-accounts
-func (api *API) AccountMembers(ctx context.Context, accountID string, pageOpts PaginationOptions) ([]AccountMember, ResultInfo, error) {
-	if accountID == "" {
-		return []AccountMember{}, ResultInfo{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/members", accountID), pageOpts)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AccountMember{}, ResultInfo{}, err
-	}
-
-	var accountMemberListresponse AccountMembersListResponse
-	err = json.Unmarshal(res, &accountMemberListresponse)
-	if err != nil {
-		return []AccountMember{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accountMemberListresponse.Result, accountMemberListresponse.ResultInfo, nil
-}
-
-// CreateAccountMemberWithStatus invites a new member to join an account, allowing setting the status.
-//
-// Refer to the API reference for valid statuses.
-//
-// Deprecated: Use `CreateAccountMember` with a `Status` field instead.
-//
-// API reference: https://api.cloudflare.com/#account-members-add-member
-func (api *API) CreateAccountMemberWithStatus(ctx context.Context, accountID string, emailAddress string, roles []string, status string) (AccountMember, error) {
-	return api.CreateAccountMember(ctx, AccountIdentifier(accountID), CreateAccountMemberParams{
-		EmailAddress: emailAddress,
-		Roles:        roles,
-		Status:       status,
-	})
-}
-
-// CreateAccountMember invites a new member to join an account with roles.
-// The member will be placed into "pending" status and receive an email confirmation.
-// NOTE: If you are currently enrolled in Domain Scoped Roles, your roles will
-// be converted to policies upon member invitation.
-//
-// API reference: https://api.cloudflare.com/#account-members-add-member
-func (api *API) CreateAccountMember(ctx context.Context, rc *ResourceContainer, params CreateAccountMemberParams) (AccountMember, error) {
-	if rc.Level != AccountRouteLevel {
-		return AccountMember{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return AccountMember{}, ErrMissingAccountID
-	}
-
-	invite := AccountMemberInvitation{
-		Email:  params.EmailAddress,
-		Status: params.Status,
-	}
-
-	roles := []AccountRole{}
-	for i := 0; i < len(params.Roles); i++ {
-		roles = append(roles, AccountRole{ID: params.Roles[i]})
-	}
-	err := validateRolesAndPolicies(roles, params.Policies)
-	if err != nil {
-		return AccountMember{}, err
-	}
-
-	if params.Roles != nil {
-		invite.Roles = params.Roles
-	} else if params.Policies != nil {
-		invite.Policies = params.Policies
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/members", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, invite)
-	if err != nil {
-		return AccountMember{}, err
-	}
-
-	var accountMemberListResponse AccountMemberDetailResponse
-	err = json.Unmarshal(res, &accountMemberListResponse)
-	if err != nil {
-		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accountMemberListResponse.Result, nil
-}
-
-// DeleteAccountMember removes a member from an account.
-//
-// API reference: https://api.cloudflare.com/#account-members-remove-member
-func (api *API) DeleteAccountMember(ctx context.Context, accountID string, userID string) error {
-	if accountID == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/members/%s", accountID, userID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// UpdateAccountMember modifies an existing account member.
-//
-// API reference: https://api.cloudflare.com/#account-members-update-member
-func (api *API) UpdateAccountMember(ctx context.Context, accountID string, userID string, member AccountMember) (AccountMember, error) {
-	if accountID == "" {
-		return AccountMember{}, ErrMissingAccountID
-	}
-
-	err := validateRolesAndPolicies(member.Roles, member.Policies)
-	if err != nil {
-		return AccountMember{}, err
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/members/%s", accountID, userID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, member)
-	if err != nil {
-		return AccountMember{}, err
-	}
-
-	var accountMemberListResponse AccountMemberDetailResponse
-	err = json.Unmarshal(res, &accountMemberListResponse)
-	if err != nil {
-		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accountMemberListResponse.Result, nil
-}
-
-// AccountMember returns details of a single account member.
-//
-// API reference: https://api.cloudflare.com/#account-members-member-details
-func (api *API) AccountMember(ctx context.Context, accountID string, memberID string) (AccountMember, error) {
-	if accountID == "" {
-		return AccountMember{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf(
-		"/accounts/%s/members/%s",
-		accountID,
-		memberID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccountMember{}, err
-	}
-
-	var accountMemberResponse AccountMemberDetailResponse
-	err = json.Unmarshal(res, &accountMemberResponse)
-	if err != nil {
-		return AccountMember{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accountMemberResponse.Result, nil
-}
-
-// validateRolesAndPolicies ensures either roles or policies are provided in
-// CreateAccountMember requests, but not both.
-func validateRolesAndPolicies(roles []AccountRole, policies []Policy) error {
-	hasRoles := len(roles) > 0
-	hasPolicies := len(policies) > 0
-	hasRolesOrPolicies := hasRoles || hasPolicies
-	hasRolesAndPolicies := hasRoles && hasPolicies
-	hasCorrectPermissions := hasRolesOrPolicies && !hasRolesAndPolicies
-	if !hasCorrectPermissions {
-		return ErrMissingMemberRolesOrPolicies
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/account_members_test.go b/pkg/cloudflare-go/account_members_test.go
deleted file mode 100644
index 0834c110cb..0000000000
--- a/pkg/cloudflare-go/account_members_test.go
+++ /dev/null
@@ -1,633 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var expectedAccountMemberStruct = AccountMember{
-	ID:   "4536bcfad5faccb111b47003c79917fa",
-	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-	User: AccountMemberUserDetails{
-		ID:                             "7c5dae5552338874e5053f2534d2767a",
-		FirstName:                      "John",
-		LastName:                       "Appleseed",
-		Email:                          "user@example.com",
-		TwoFactorAuthenticationEnabled: false,
-	},
-	Status: "accepted",
-	Roles: []AccountRole{
-		{
-			ID:          "3536bcfad5faccb999b47003c79917fb",
-			Name:        "Account Administrator",
-			Description: "Administrative access to the entire Account",
-			Permissions: map[string]AccountRolePermission{
-				"analytics": {Read: true, Edit: true},
-				"billing":   {Read: true, Edit: false},
-			},
-		},
-	},
-}
-
-var expectedNewAccountMemberStruct = AccountMember{
-	ID:   "4536bcfad5faccb111b47003c79917fa",
-	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-	User: AccountMemberUserDetails{
-		Email:                          "user@example.com",
-		TwoFactorAuthenticationEnabled: false,
-	},
-	Status: "pending",
-	Roles: []AccountRole{
-		{
-			ID:          "3536bcfad5faccb999b47003c79917fb",
-			Name:        "Account Administrator",
-			Description: "Administrative access to the entire Account",
-			Permissions: map[string]AccountRolePermission{
-				"analytics": {Read: true, Edit: true},
-				"billing":   {Read: true, Edit: true},
-			},
-		},
-	},
-}
-
-var expectedNewAccountMemberAcceptedStruct = AccountMember{
-	ID:   "4536bcfad5faccb111b47003c79917fa",
-	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-	User: AccountMemberUserDetails{
-		Email:                          "user@example.com",
-		TwoFactorAuthenticationEnabled: false,
-	},
-	Status: "accepted",
-	Roles: []AccountRole{
-		{
-			ID:          "3536bcfad5faccb999b47003c79917fb",
-			Name:        "Account Administrator",
-			Description: "Administrative access to the entire Account",
-			Permissions: map[string]AccountRolePermission{
-				"analytics": {Read: true, Edit: true},
-				"billing":   {Read: true, Edit: true},
-			},
-		},
-	},
-}
-
-var newUpdatedAccountMemberStruct = AccountMember{
-	ID:   "4536bcfad5faccb111b47003c79917fa",
-	Code: "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-	User: AccountMemberUserDetails{
-		ID:                             "7c5dae5552338874e5053f2534d2767a",
-		FirstName:                      "John",
-		LastName:                       "Appleseeds",
-		Email:                          "new-user@example.com",
-		TwoFactorAuthenticationEnabled: false,
-	},
-	Status: "accepted",
-	Roles: []AccountRole{
-		{
-			ID:          "3536bcfad5faccb999b47003c79917fb",
-			Name:        "Account Administrator",
-			Description: "Administrative access to the entire Account",
-			Permissions: map[string]AccountRolePermission{
-				"analytics": {Read: true, Edit: true},
-				"billing":   {Read: true, Edit: true},
-			},
-		},
-	},
-}
-
-var mockPolicy = Policy{
-	ID: "mock-policy-id",
-	PermissionGroups: []PermissionGroup{{
-		ID:   "mock-permission-group-id",
-		Name: "mock-permission-group-name",
-		Permissions: []Permission{{
-			ID:  "mock-permission-id",
-			Key: "mock-permission-key",
-		}},
-	}},
-	ResourceGroups: []ResourceGroup{{
-		ID:   "mock-resource-group-id",
-		Name: "mock-resource-group-name",
-		Scope: Scope{
-			Key: "mock-resource-group-name",
-			ScopeObjects: []ScopeObject{{
-				Key: "*",
-			}},
-		},
-	}},
-	Access: "allow",
-}
-
-var expectedNewAccountMemberWithPoliciesStruct = AccountMember{
-	ID:   "new-member-with-polcies-id",
-	Code: "new-member-with-policies-code",
-	User: AccountMemberUserDetails{
-		ID:                             "new-member-with-policies-user-id",
-		FirstName:                      "John",
-		LastName:                       "Appleseed",
-		Email:                          "user@example.com",
-		TwoFactorAuthenticationEnabled: false,
-	},
-	Status:   "accepted",
-	Policies: []Policy{mockPolicy},
-}
-
-func TestAccountMembers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "4536bcfad5faccb111b47003c79917fa",
-					"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-					"user": {
-						"id": "7c5dae5552338874e5053f2534d2767a",
-						"first_name": "John",
-						"last_name": "Appleseed",
-						"email": "user@example.com",
-						"two_factor_authentication_enabled": false
-					},
-					"status": "accepted",
-					"roles": [
-						{
-							"id": "3536bcfad5faccb999b47003c79917fb",
-							"name": "Account Administrator",
-							"description": "Administrative access to the entire Account",
-							"permissions": {
-								"analytics": {
-									"read": true,
-									"edit": true
-								},
-								"billing": {
-									"read": true,
-									"edit": false
-								}
-							}
-						}
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
-	want := []AccountMember{expectedAccountMemberStruct}
-
-	actual, _, err := client.AccountMembers(context.Background(), "01a7362d577a6c3019a474fd6f485823", PaginationOptions{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccountMembersWithoutAccountID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, _, err := client.AccountMembers(context.Background(), "", PaginationOptions{})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-}
-
-func TestCreateAccountMemberWithStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "4536bcfad5faccb111b47003c79917fa",
-				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-				"user": {
-					"id": null,
-					"first_name": null,
-					"last_name": null,
-					"email": "user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "accepted",
-				"roles": [{
-					"id": "3536bcfad5faccb999b47003c79917fb",
-					"name": "Account Administrator",
-					"description": "Administrative access to the entire Account",
-					"permissions": {
-						"analytics": {
-							"read": true,
-							"edit": true
-						},
-						"billing": {
-							"read": true,
-							"edit": true
-						}
-					}
-				}]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
-
-	actual, err := client.CreateAccountMemberWithStatus(context.Background(), "01a7362d577a6c3019a474fd6f485823", "user@example.com", []string{"3536bcfad5faccb999b47003c79917fb"}, "accepted")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedNewAccountMemberAcceptedStruct, actual)
-	}
-}
-
-func TestCreateAccountMember(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "4536bcfad5faccb111b47003c79917fa",
-				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-				"user": {
-					"id": null,
-					"first_name": null,
-					"last_name": null,
-					"email": "user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "pending",
-				"roles": [{
-					"id": "3536bcfad5faccb999b47003c79917fb",
-					"name": "Account Administrator",
-					"description": "Administrative access to the entire Account",
-					"permissions": {
-						"analytics": {
-							"read": true,
-							"edit": true
-						},
-						"billing": {
-							"read": true,
-							"edit": true
-						}
-					}
-				}]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
-
-	createAccountParams := CreateAccountMemberParams{
-		EmailAddress: "user@example.com",
-		Roles:        []string{"3536bcfad5faccb999b47003c79917fb"},
-	}
-
-	actual, err := client.CreateAccountMember(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), createAccountParams)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedNewAccountMemberStruct, actual)
-	}
-}
-
-func TestCreateAccountMemberWithPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "new-member-with-polcies-id",
-				"code": "new-member-with-policies-code",
-				"user": {
-					"id": "new-member-with-policies-user-id",
-					"first_name": "John",
-					"last_name": "Appleseed",
-					"email": "user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "accepted",
-				"policies": [{
-					"id": "mock-policy-id",
-					"permission_groups": [{
-						"id": "mock-permission-group-id",
-						"name": "mock-permission-group-name",
-						"permissions": [{
-							"id": "mock-permission-id",
-							"key": "mock-permission-key"
-						}]
-					}],
-					"resource_groups": [{
-						"id": "mock-resource-group-id",
-						"name": "mock-resource-group-name",
-						"scope": {
-							"key": "mock-resource-group-name",
-							"objects": [{
-								"key": "*"
-							}]
-						}
-					}],
-					"access": "allow"
-				}]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members", handler)
-	actual, err := client.CreateAccountMember(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), CreateAccountMemberParams{
-		EmailAddress: "user@example.com",
-		Roles:        nil,
-		Policies:     []Policy{mockPolicy},
-		Status:       "",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedNewAccountMemberWithPoliciesStruct, actual)
-	}
-}
-
-func TestCreateAccountMemberWithRolesAndPoliciesErr(t *testing.T) {
-	setup()
-	defer teardown()
-
-	accountResource := &ResourceContainer{
-		Level:      AccountRouteLevel,
-		Identifier: "01a7362d577a6c3019a474fd6f485823",
-	}
-	_, err := client.CreateAccountMember(context.Background(), accountResource, CreateAccountMemberParams{
-		EmailAddress: "user@example.com",
-		Roles:        []string{"fake-role-id"},
-		Policies:     []Policy{mockPolicy},
-		Status:       "active",
-	})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err, ErrMissingMemberRolesOrPolicies)
-	}
-}
-
-func TestCreateAccountMemberWithoutAccountID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	accountResource := &ResourceContainer{
-		Level:      AccountRouteLevel,
-		Identifier: "",
-	}
-	_, err := client.CreateAccountMember(context.Background(), accountResource, CreateAccountMemberParams{
-		EmailAddress: "user@example.com",
-		Roles:        []string{"fake-role-id"},
-		Status:       "active",
-	})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-}
-
-func TestUpdateAccountMember(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "4536bcfad5faccb111b47003c79917fa",
-				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-				"user": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"first_name": "John",
-					"last_name": "Appleseeds",
-					"email": "new-user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "accepted",
-				"roles": [{
-					"id": "3536bcfad5faccb999b47003c79917fb",
-					"name": "Account Administrator",
-					"description": "Administrative access to the entire Account",
-					"permissions": {
-						"analytics": {
-							"read": true,
-							"edit": true
-						},
-						"billing": {
-							"read": true,
-							"edit": true
-						}
-					}
-				}]
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members/4536bcfad5faccb111b47003c79917fa", handler)
-
-	actual, err := client.UpdateAccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "4536bcfad5faccb111b47003c79917fa", newUpdatedAccountMemberStruct)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, newUpdatedAccountMemberStruct, actual)
-	}
-}
-
-func TestUpdateAccountMemberWithPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "new-member-with-polcies-id",
-				"code": "new-member-with-policies-code",
-				"user": {
-					"id": "new-member-with-policies-user-id",
-					"first_name": "John",
-					"last_name": "Appleseed",
-					"email": "user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "accepted",
-				"policies": [{
-					"id": "mock-policy-id",
-					"permission_groups": [{
-						"id": "mock-permission-group-id",
-						"name": "mock-permission-group-name",
-						"permissions": [{
-							"id": "mock-permission-id",
-							"key": "mock-permission-key"
-						}]
-					}],
-					"resource_groups": [{
-						"id": "mock-resource-group-id",
-						"name": "mock-resource-group-name",
-						"scope": {
-							"key": "mock-resource-group-name",
-							"objects": [{
-								"key": "*"
-							}]
-						}
-					}],
-					"access": "allow"
-				}]
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members/new-member-with-polcies-id", handler)
-
-	actual, err := client.UpdateAccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "new-member-with-polcies-id", expectedNewAccountMemberWithPoliciesStruct)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedNewAccountMemberWithPoliciesStruct, actual)
-	}
-}
-
-func UpdateAccountMemberWithRolesAndPoliciesErr(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccountMember(context.Background(),
-		"01a7362d577a6c3019a474fd6f485823",
-		"",
-		AccountMember{
-			Roles: []AccountRole{{
-				ID: "some-role",
-			}},
-			Policies: []Policy{mockPolicy},
-		},
-	)
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err, ErrMissingMemberRolesOrPolicies)
-	}
-}
-
-func TestUpdateAccountMemberWithoutAccountID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateAccountMember(context.Background(), "", "4536bcfad5faccb111b47003c79917fa", newUpdatedAccountMemberStruct)
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-}
-
-func TestAccountMember(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "4536bcfad5faccb111b47003c79917fa",
-				"code": "05dd05cce12bbed97c0d87cd78e89bc2fd41a6cee72f27f6fc84af2e45c0fac0",
-				"user": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"first_name": "John",
-					"last_name": "Appleseed",
-					"email": "user@example.com",
-					"two_factor_authentication_enabled": false
-				},
-				"status": "accepted",
-				"roles": [
-					{
-						"id": "3536bcfad5faccb999b47003c79917fb",
-						"name": "Account Administrator",
-						"description": "Administrative access to the entire Account",
-						"permissions": {
-							"analytics": {
-								"read": true,
-								"edit": true
-							},
-							"billing": {
-								"read": true,
-								"edit": false
-							}
-						}
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/members/4536bcfad5faccb111b47003c79917fa", handler)
-
-	actual, err := client.AccountMember(context.Background(), "01a7362d577a6c3019a474fd6f485823", "4536bcfad5faccb111b47003c79917fa")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccountMemberStruct, actual)
-	}
-}
-
-func TestAccountMemberWithoutAccountID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.AccountMember(context.Background(), "", "4536bcfad5faccb111b47003c79917fa")
-
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-}
diff --git a/pkg/cloudflare-go/account_roles.go b/pkg/cloudflare-go/account_roles.go
deleted file mode 100644
index d216ae3105..0000000000
--- a/pkg/cloudflare-go/account_roles.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// AccountRole defines the roles that a member can have attached.
-type AccountRole struct {
-	ID          string                           `json:"id"`
-	Name        string                           `json:"name"`
-	Description string                           `json:"description"`
-	Permissions map[string]AccountRolePermission `json:"permissions"`
-}
-
-// AccountRolePermission is the shared structure for all permissions
-// that can be assigned to a member.
-type AccountRolePermission struct {
-	Read bool `json:"read"`
-	Edit bool `json:"edit"`
-}
-
-// AccountRolesListResponse represents the list response from the
-// account roles.
-type AccountRolesListResponse struct {
-	Result []AccountRole `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccountRoleDetailResponse is the API response, containing a single
-// account role.
-type AccountRoleDetailResponse struct {
-	Success  bool        `json:"success"`
-	Errors   []string    `json:"errors"`
-	Messages []string    `json:"messages"`
-	Result   AccountRole `json:"result"`
-}
-
-type ListAccountRolesParams struct {
-	ResultInfo
-}
-
-// ListAccountRoles returns all roles of an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/account-roles-list-roles
-func (api *API) ListAccountRoles(ctx context.Context, rc *ResourceContainer, params ListAccountRolesParams) ([]AccountRole, error) {
-	if rc.Identifier == "" {
-		return []AccountRole{}, ErrMissingAccountID
-	}
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-	var roles []AccountRole
-	var r AccountRolesListResponse
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/roles", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []AccountRole{}, err
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []AccountRole{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		roles = append(roles, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return roles, nil
-}
-
-// GetAccountRole returns the details of a single account role.
-//
-// API reference: https://developers.cloudflare.com/api/operations/account-roles-role-details
-func (api *API) GetAccountRole(ctx context.Context, rc *ResourceContainer, roleID string) (AccountRole, error) {
-	if rc.Identifier == "" {
-		return AccountRole{}, ErrMissingAccountID
-	}
-	uri := fmt.Sprintf("/accounts/%s/roles/%s", rc.Identifier, roleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AccountRole{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var accountRole AccountRoleDetailResponse
-	err = json.Unmarshal(res, &accountRole)
-	if err != nil {
-		return AccountRole{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accountRole.Result, nil
-}
diff --git a/pkg/cloudflare-go/account_roles_test.go b/pkg/cloudflare-go/account_roles_test.go
deleted file mode 100644
index 22d0ac9055..0000000000
--- a/pkg/cloudflare-go/account_roles_test.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var expectedAccountRole = AccountRole{
-	ID:          "3536bcfad5faccb999b47003c79917fb",
-	Name:        "Account Administrator",
-	Description: "Administrative access to the entire Account",
-	Permissions: map[string]AccountRolePermission{
-		"dns_records": {Read: true, Edit: true},
-		"lb":          {Read: true, Edit: false},
-	},
-}
-
-func TestAccountRoles(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "3536bcfad5faccb999b47003c79917fb",
-					"name": "Account Administrator",
-					"description": "Administrative access to the entire Account",
-					"permissions": {
-						"dns_records": {
-							"read": true,
-							"edit": true
-						},
-						"lb": {
-							"read": true,
-							"edit": false
-						}
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/roles", testAccountID), handler)
-	want := []AccountRole{expectedAccountRole}
-	_, err := client.ListAccountRoles(context.Background(), AccountIdentifier(""), ListAccountRolesParams{})
-	if assert.Error(t, err, "Expected error when no account ID is provided") {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	actual, err := client.ListAccountRoles(context.Background(), testAccountRC, ListAccountRolesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccountRole(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "3536bcfad5faccb999b47003c79917fb",
-				"name": "Account Administrator",
-				"description": "Administrative access to the entire Account",
-				"permissions": {
-					"dns_records": {
-						"read": true,
-						"edit": true
-					},
-					"lb": {
-						"read": true,
-						"edit": false
-					}
-				}
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/roles/3536bcfad5faccb999b47003c79917fb", testAccountID), handler)
-	_, err := client.GetAccountRole(context.Background(), AccountIdentifier(""), "3536bcfad5faccb999b47003c79917fb")
-	if assert.Error(t, err, "Expected error when no account ID is provided") {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	actual, err := client.GetAccountRole(context.Background(), testAccountRC, "3536bcfad5faccb999b47003c79917fb")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAccountRole, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/accounts.go b/pkg/cloudflare-go/accounts.go
deleted file mode 100644
index aee3c6aef2..0000000000
--- a/pkg/cloudflare-go/accounts.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccountSettings outlines the available options for an account.
-type AccountSettings struct {
-	EnforceTwoFactor bool `json:"enforce_twofactor"`
-}
-
-// Account represents the root object that owns resources.
-type Account struct {
-	ID        string           `json:"id,omitempty"`
-	Name      string           `json:"name,omitempty"`
-	Type      string           `json:"type,omitempty"`
-	CreatedOn time.Time        `json:"created_on,omitempty"`
-	Settings  *AccountSettings `json:"settings,omitempty"`
-}
-
-// AccountResponse represents the response from the accounts endpoint for a
-// single account ID.
-type AccountResponse struct {
-	Result Account `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccountListResponse represents the response from the list accounts endpoint.
-type AccountListResponse struct {
-	Result []Account `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccountDetailResponse is the API response, containing a single Account.
-type AccountDetailResponse struct {
-	Success  bool     `json:"success"`
-	Errors   []string `json:"errors"`
-	Messages []string `json:"messages"`
-	Result   Account  `json:"result"`
-}
-
-// AccountsListParams holds the filterable options for Accounts.
-type AccountsListParams struct {
-	Name string `url:"name,omitempty"`
-
-	PaginationOptions
-}
-
-// Accounts returns all accounts the logged in user has access to.
-//
-// API reference: https://api.cloudflare.com/#accounts-list-accounts
-func (api *API) Accounts(ctx context.Context, params AccountsListParams) ([]Account, ResultInfo, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, buildURI("/accounts", params), nil)
-	if err != nil {
-		return []Account{}, ResultInfo{}, err
-	}
-
-	var accListResponse AccountListResponse
-	err = json.Unmarshal(res, &accListResponse)
-	if err != nil {
-		return []Account{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return accListResponse.Result, accListResponse.ResultInfo, nil
-}
-
-// Account returns a single account based on the ID.
-//
-// API reference: https://api.cloudflare.com/#accounts-account-details
-func (api *API) Account(ctx context.Context, accountID string) (Account, ResultInfo, error) {
-	uri := fmt.Sprintf("/accounts/%s", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Account{}, ResultInfo{}, err
-	}
-
-	var accResponse AccountResponse
-	err = json.Unmarshal(res, &accResponse)
-	if err != nil {
-		return Account{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return accResponse.Result, accResponse.ResultInfo, nil
-}
-
-// UpdateAccount allows management of an account using the account ID.
-//
-// API reference: https://api.cloudflare.com/#accounts-update-account
-func (api *API) UpdateAccount(ctx context.Context, accountID string, account Account) (Account, error) {
-	uri := fmt.Sprintf("/accounts/%s", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, account)
-	if err != nil {
-		return Account{}, err
-	}
-
-	var a AccountDetailResponse
-	err = json.Unmarshal(res, &a)
-	if err != nil {
-		return Account{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return a.Result, nil
-}
-
-// CreateAccount creates a new account. Note: This requires the Tenant
-// entitlement.
-//
-// API reference: https://developers.cloudflare.com/tenant/tutorial/provisioning-resources#creating-an-account
-func (api *API) CreateAccount(ctx context.Context, account Account) (Account, error) {
-	uri := "/accounts"
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, account)
-	if err != nil {
-		return Account{}, err
-	}
-
-	var a AccountDetailResponse
-	err = json.Unmarshal(res, &a)
-	if err != nil {
-		return Account{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return a.Result, nil
-}
-
-// DeleteAccount removes an account. Note: This requires the Tenant
-// entitlement.
-//
-// API reference: https://developers.cloudflare.com/tenant/tutorial/provisioning-resources#optional-deleting-accounts
-func (api *API) DeleteAccount(ctx context.Context, accountID string) error {
-	if accountID == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s", accountID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/accounts_test.go b/pkg/cloudflare-go/accounts_test.go
deleted file mode 100644
index 0f0fecc9c7..0000000000
--- a/pkg/cloudflare-go/accounts_test.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	accountCreatedOn, _   = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	expectedAccountStruct = Account{
-		ID:        "01a7362d577a6c3019a474fd6f485823",
-		Name:      "Cloudflare Demo",
-		CreatedOn: accountCreatedOn,
-		Settings: &AccountSettings{
-			EnforceTwoFactor: false,
-		},
-	}
-)
-
-func TestAccounts(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "01a7362d577a6c3019a474fd6f485823",
-					"name": "Cloudflare Demo",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"settings": {
-						"enforce_twofactor": false
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts", handler)
-	want := []Account{expectedAccountStruct}
-
-	actual, _, err := client.Accounts(context.Background(), AccountsListParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "01a7362d577a6c3019a474fd6f485823",
-				"name": "Cloudflare Demo",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"settings": {
-					"enforce_twofactor": false
-				}
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823", handler)
-	want := expectedAccountStruct
-
-	actual, _, err := client.Account(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-				"id":"01a7362d577a6c3019a474fd6f485823",
-				"name":"Cloudflare Demo - New",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"settings":{
-					"enforce_twofactor":false
-					}
-				}`, string(b), "JSON payload not equal")
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "01a7362d577a6c3019a474fd6f485823",
-				"name": "Cloudflare Demo - New",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"settings": {
-					"enforce_twofactor": false
-				}
-			}
-		}`)
-	})
-
-	oldAccountDetails := Account{
-		ID:        "01a7362d577a6c3019a474fd6f485823",
-		Name:      "Cloudflare Demo - Old",
-		CreatedOn: accountCreatedOn,
-		Settings: &AccountSettings{
-			EnforceTwoFactor: false,
-		},
-	}
-
-	newAccountDetails := Account{
-		ID:        "01a7362d577a6c3019a474fd6f485823",
-		Name:      "Cloudflare Demo - New",
-		CreatedOn: accountCreatedOn,
-		Settings: &AccountSettings{
-			EnforceTwoFactor: false,
-		},
-	}
-
-	account, err := client.UpdateAccount(context.Background(), newAccountDetails.ID, newAccountDetails)
-	if assert.NoError(t, err) {
-		assert.NotEqual(t, oldAccountDetails.Name, account.Name)
-		assert.Equal(t, account.Name, "Cloudflare Demo - New")
-	}
-}
-
-func TestCreateAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "Cloudflare Demo",
-				"type": "standard"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts", handler)
-	newAccount := Account{
-		Name: "Cloudflare Demo",
-		Type: "standard",
-	}
-
-	actual, err := client.CreateAccount(context.Background(), newAccount)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, newAccount, actual)
-	}
-}
-
-func TestDeleteAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "1b16db169c9cb7853009857198fae1b9"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID, handler)
-	err := client.DeleteAccount(context.Background(), testAccountID)
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/addressing_address_map.go b/pkg/cloudflare-go/addressing_address_map.go
deleted file mode 100644
index 0109e79bb8..0000000000
--- a/pkg/cloudflare-go/addressing_address_map.go
+++ /dev/null
@@ -1,285 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AddressMap contains information about an address map.
-type AddressMap struct {
-	ID           string                 `json:"id"`
-	Description  *string                `json:"description,omitempty"`
-	DefaultSNI   *string                `json:"default_sni"`
-	Enabled      *bool                  `json:"enabled"`
-	Deletable    *bool                  `json:"can_delete"`
-	CanModifyIPs *bool                  `json:"can_modify_ips"`
-	Memberships  []AddressMapMembership `json:"memberships"`
-	IPs          []AddressMapIP         `json:"ips"`
-	CreatedAt    time.Time              `json:"created_at"`
-	ModifiedAt   time.Time              `json:"modified_at"`
-}
-
-type AddressMapIP struct {
-	IP        string    `json:"ip"`
-	CreatedAt time.Time `json:"created_at"`
-}
-
-type AddressMapMembershipContainer struct {
-	Identifier string                   `json:"identifier"`
-	Kind       AddressMapMembershipKind `json:"kind"`
-}
-
-type AddressMapMembership struct {
-	Identifier string                   `json:"identifier"`
-	Kind       AddressMapMembershipKind `json:"kind"`
-	Deletable  *bool                    `json:"can_delete"`
-	CreatedAt  time.Time                `json:"created_at"`
-}
-
-func (ammb *AddressMapMembershipContainer) URLFragment() string {
-	switch ammb.Kind {
-	case AddressMapMembershipAccount:
-		return fmt.Sprintf("accounts/%s", ammb.Identifier)
-	case AddressMapMembershipZone:
-		return fmt.Sprintf("zones/%s", ammb.Identifier)
-	default:
-		return fmt.Sprintf("%s/%s", ammb.Kind, ammb.Identifier)
-	}
-}
-
-type AddressMapMembershipKind string
-
-const (
-	AddressMapMembershipZone    AddressMapMembershipKind = "zone"
-	AddressMapMembershipAccount AddressMapMembershipKind = "account"
-)
-
-// ListAddressMapResponse contains a slice of address maps.
-type ListAddressMapResponse struct {
-	Response
-	Result []AddressMap `json:"result"`
-}
-
-// GetAddressMapResponse contains a specific address map's API Response.
-type GetAddressMapResponse struct {
-	Response
-	Result AddressMap `json:"result"`
-}
-
-// CreateAddressMapParams contains information about an address map to be created.
-type CreateAddressMapParams struct {
-	Description *string                         `json:"description"`
-	Enabled     *bool                           `json:"enabled"`
-	IPs         []string                        `json:"ips"`
-	Memberships []AddressMapMembershipContainer `json:"memberships"`
-}
-
-// UpdateAddressMapParams contains information about an address map to be updated.
-type UpdateAddressMapParams struct {
-	ID          string  `json:"-"`
-	Description *string `json:"description,omitempty"`
-	Enabled     *bool   `json:"enabled,omitempty"`
-	DefaultSNI  *string `json:"default_sni,omitempty"`
-}
-
-// AddressMapFilter contains filter parameters for finding a list of address maps.
-type ListAddressMapsParams struct {
-	IP   *string `url:"ip,omitempty"`
-	CIDR *string `url:"cidr,omitempty"`
-}
-
-// CreateIPAddressToAddressMapParams contains request parameters to add/remove IP address to/from an address map.
-type CreateIPAddressToAddressMapParams struct {
-	// ID represents the target address map for adding the IP address.
-	ID string
-	// The IP address.
-	IP string
-}
-
-// CreateMembershipToAddressMapParams contains request parameters to add/remove membership from an address map.
-type CreateMembershipToAddressMapParams struct {
-	// ID represents the target address map for adding the membershp.
-	ID         string
-	Membership AddressMapMembershipContainer
-}
-
-type DeleteMembershipFromAddressMapParams struct {
-	// ID represents the target address map for removing the IP address.
-	ID         string
-	Membership AddressMapMembershipContainer
-}
-
-type DeleteIPAddressFromAddressMapParams struct {
-	// ID represents the target address map for adding the membershp.
-	ID string
-	IP string
-}
-
-// ListAddressMaps lists all address maps owned by the account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-list-address-maps
-func (api *API) ListAddressMaps(ctx context.Context, rc *ResourceContainer, params ListAddressMapsParams) ([]AddressMap, error) {
-	if rc.Level != AccountRouteLevel {
-		return []AddressMap{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/addressing/address_maps", rc.URLFragment()), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []AddressMap{}, err
-	}
-
-	result := ListAddressMapResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// CreateAddressMap creates a new address map under the account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-create-address-map
-func (api *API) CreateAddressMap(ctx context.Context, rc *ResourceContainer, params CreateAddressMapParams) (AddressMap, error) {
-	if rc.Level != AccountRouteLevel {
-		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps", rc.URLFragment())
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return AddressMap{}, err
-	}
-
-	result := GetAddressMapResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetAddressMap returns a specific address map.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-address-map-details
-func (api *API) GetAddressMap(ctx context.Context, rc *ResourceContainer, id string) (AddressMap, error) {
-	if rc.Level != AccountRouteLevel {
-		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AddressMap{}, err
-	}
-
-	result := GetAddressMapResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateAddressMap modifies properties of an address map owned by the account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-update-address-map
-func (api *API) UpdateAddressMap(ctx context.Context, rc *ResourceContainer, params UpdateAddressMapParams) (AddressMap, error) {
-	if rc.Level != AccountRouteLevel {
-		return AddressMap{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return AddressMap{}, err
-	}
-
-	result := GetAddressMapResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return AddressMap{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteAddressMap deletes a particular address map owned by the account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-delete-address-map
-func (api *API) DeleteAddressMap(ctx context.Context, rc *ResourceContainer, id string) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s", rc.URLFragment(), id)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	return err
-}
-
-// CreateIPAddressToAddressMap adds an IP address from a prefix owned by the account to a particular address map.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-an-ip-to-an-address-map
-func (api *API) CreateIPAddressToAddressMap(ctx context.Context, rc *ResourceContainer, params CreateIPAddressToAddressMapParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/ips/%s", rc.URLFragment(), params.ID, params.IP)
-	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
-	return err
-}
-
-// DeleteIPAddressFromAddressMap removes an IP address from a particular address map.
-//
-// API reference: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-an-ip-from-an-address-map
-func (api *API) DeleteIPAddressFromAddressMap(ctx context.Context, rc *ResourceContainer, params DeleteIPAddressFromAddressMapParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/ips/%s", rc.URLFragment(), params.ID, params.IP)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	return err
-}
-
-// CreateMembershipToAddressMap adds a zone/account as a member of a particular address map.
-//
-// API reference:
-//   - account: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-an-account-membership-to-an-address-map
-//   - zone: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-add-a-zone-membership-to-an-address-map
-func (api *API) CreateMembershipToAddressMap(ctx context.Context, rc *ResourceContainer, params CreateMembershipToAddressMapParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	if params.Membership.Kind != AddressMapMembershipZone && params.Membership.Kind != AddressMapMembershipAccount {
-		return fmt.Errorf("requested membershp kind (%q) is not supported", params.Membership.Kind)
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/%s", rc.URLFragment(), params.ID, params.Membership.URLFragment())
-	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
-	return err
-}
-
-// DeleteMembershipFromAddressMap removes a zone/account as a member of a particular address map.
-//
-// API reference:
-//   - account: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-an-account-membership-from-an-address-map
-//   - zone: https://developers.cloudflare.com/api/operations/ip-address-management-address-maps-remove-a-zone-membership-from-an-address-map
-func (api *API) DeleteMembershipFromAddressMap(ctx context.Context, rc *ResourceContainer, params DeleteMembershipFromAddressMapParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	if params.Membership.Kind != AddressMapMembershipZone && params.Membership.Kind != AddressMapMembershipAccount {
-		return fmt.Errorf("requested membershp kind (%q) is not supported", params.Membership.Kind)
-	}
-
-	uri := fmt.Sprintf("/%s/addressing/address_maps/%s/%s", rc.URLFragment(), params.ID, params.Membership.URLFragment())
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	return err
-}
diff --git a/pkg/cloudflare-go/addressing_address_map_test.go b/pkg/cloudflare-go/addressing_address_map_test.go
deleted file mode 100644
index 0bbb3dd606..0000000000
--- a/pkg/cloudflare-go/addressing_address_map_test.go
+++ /dev/null
@@ -1,384 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	addressMapDesc       = "My Ecommerce zones"
-	addressMapDefaultSNI = "*.example.com"
-)
-
-func TestListAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expectedIP := "127.0.0.1"
-	expectedCIDR := "127.0.0.1/24"
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		actualIP := r.URL.Query().Get("ip")
-		assert.Equal(t, expectedIP, actualIP, "Expected ip %q, got %q", expectedIP, actualIP)
-
-		actualCIDR := r.URL.Query().Get("cidr")
-		assert.Equal(t, expectedCIDR, actualCIDR, "Expected cidr %q, got %q", expectedCIDR, actualCIDR)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [{
-			  "id": "9a7806061c88ada191ed06f989cc3dac",
-			  "description": "My Ecommerce zones",
-			  "can_delete": true,
-			  "can_modify_ips": true,
-			  "default_sni": "*.example.com",
-			  "created_at": "2023-01-01T05:20:00.12345Z",
-			  "modified_at": "2023-01-05T05:20:00.12345Z",
-			  "enabled": true,
-			  "ips": [
-				{
-				  "ip": "192.0.2.1",
-				  "created_at": "2023-01-02T05:20:00.12345Z"
-				}
-			  ],
-			  "memberships": [
-				{
-				  "kind": "zone",
-				  "identifier": "01a7362d577a6c3019a474fd6f485823",
-				  "can_delete": true,
-				  "created_at": "2023-01-03T05:20:00.12345Z"
-				}
-			  ]
-			}]
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
-	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
-	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
-
-	want := []AddressMap{
-		{
-			ID:           "9a7806061c88ada191ed06f989cc3dac",
-			CreatedAt:    createdAt,
-			ModifiedAt:   modifiedAt,
-			Description:  &addressMapDesc,
-			Deletable:    BoolPtr(true),
-			CanModifyIPs: BoolPtr(true),
-			DefaultSNI:   &addressMapDefaultSNI,
-			Enabled:      BoolPtr(true),
-			IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
-			Memberships: []AddressMapMembership{{
-				Identifier: "01a7362d577a6c3019a474fd6f485823",
-				Kind:       AddressMapMembershipZone,
-				Deletable:  BoolPtr(true),
-				CreatedAt:  membershipCreatedAt,
-			}},
-		},
-	}
-
-	actual, err := client.ListAddressMaps(context.Background(), AccountIdentifier(testAccountID), ListAddressMapsParams{&expectedIP, &expectedCIDR})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "9a7806061c88ada191ed06f989cc3dac",
-			  "description": "My Ecommerce zones",
-			  "can_delete": true,
-			  "can_modify_ips": true,
-			  "default_sni": "*.example.com",
-			  "created_at": "2023-01-01T05:20:00.12345Z",
-			  "modified_at": "2023-01-05T05:20:00.12345Z",
-			  "enabled": true,
-			  "ips": [
-				{
-				  "ip": "192.0.2.1",
-				  "created_at": "2023-01-02T05:20:00.12345Z"
-				}
-			  ],
-			  "memberships": [
-				{
-				  "kind": "zone",
-				  "identifier": "01a7362d577a6c3019a474fd6f485823",
-				  "can_delete": true,
-				  "created_at": "2023-01-03T05:20:00.12345Z"
-				}
-			  ]
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
-	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
-	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
-
-	want := AddressMap{
-		ID:           "9a7806061c88ada191ed06f989cc3dac",
-		CreatedAt:    createdAt,
-		ModifiedAt:   modifiedAt,
-		Description:  &addressMapDesc,
-		Deletable:    BoolPtr(true),
-		CanModifyIPs: BoolPtr(true),
-		DefaultSNI:   &addressMapDefaultSNI,
-		Enabled:      BoolPtr(true),
-		IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
-		Memberships: []AddressMapMembership{{
-			Identifier: "01a7362d577a6c3019a474fd6f485823",
-			Kind:       AddressMapMembershipZone,
-			Deletable:  BoolPtr(true),
-			CreatedAt:  membershipCreatedAt,
-		}},
-	}
-
-	actual, err := client.GetAddressMap(context.Background(), AccountIdentifier(testAccountID), "9a7806061c88ada191ed06f989cc3dac")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "9a7806061c88ada191ed06f989cc3dac",
-			  "description": "My Ecommerce zones",
-			  "can_delete": true,
-			  "can_modify_ips": true,
-			  "default_sni": "*.example.com",
-			  "created_at": "2023-01-01T05:20:00.12345Z",
-			  "modified_at": "2023-01-05T05:20:00.12345Z",
-			  "enabled": true,
-			  "ips": [
-				{
-				  "ip": "192.0.2.1",
-				  "created_at": "2023-01-02T05:20:00.12345Z"
-				}
-			  ],
-			  "memberships": [
-				{
-				  "kind": "zone",
-				  "identifier": "01a7362d577a6c3019a474fd6f485823",
-				  "can_delete": true,
-				  "created_at": "2023-01-03T05:20:00.12345Z"
-				}
-			  ]
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00.12345Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2023-01-05T05:20:00.12345Z")
-	ipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-02T05:20:00.12345Z")
-	membershipCreatedAt, _ := time.Parse(time.RFC3339, "2023-01-03T05:20:00.12345Z")
-
-	want := AddressMap{
-		ID:           "9a7806061c88ada191ed06f989cc3dac",
-		CreatedAt:    createdAt,
-		ModifiedAt:   modifiedAt,
-		Description:  &addressMapDesc,
-		Deletable:    BoolPtr(true),
-		CanModifyIPs: BoolPtr(true),
-		DefaultSNI:   &addressMapDefaultSNI,
-		Enabled:      BoolPtr(true),
-		IPs:          []AddressMapIP{{"192.0.2.1", ipCreatedAt}},
-		Memberships: []AddressMapMembership{{
-			Identifier: "01a7362d577a6c3019a474fd6f485823",
-			Kind:       AddressMapMembershipZone,
-			Deletable:  BoolPtr(true),
-			CreatedAt:  membershipCreatedAt,
-		}},
-	}
-
-	actual, err := client.UpdateAddressMap(context.Background(), AccountIdentifier(testAccountID), UpdateAddressMapParams{ID: "9a7806061c88ada191ed06f989cc3dac"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "9a7806061c88ada191ed06f989cc3dac"
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac", handler)
-
-	err := client.DeleteAddressMap(context.Background(), AccountIdentifier(testAccountID), "9a7806061c88ada191ed06f989cc3dac")
-	assert.NoError(t, err)
-}
-
-func TestAddIPAddressToAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/ips/192.0.2.1", handler)
-
-	err := client.CreateIPAddressToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateIPAddressToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", "192.0.2.1"})
-	assert.NoError(t, err)
-}
-
-func TestRemoveIPAddressFromAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/ips/192.0.2.1", handler)
-
-	err := client.DeleteIPAddressFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteIPAddressFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", "192.0.2.1"})
-	assert.NoError(t, err)
-}
-
-func TestAddZoneToAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/zones/01a7362d577a6c3019a474fd6f485823", handler)
-
-	err := client.CreateMembershipToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateMembershipToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipZone}})
-	assert.NoError(t, err)
-}
-
-func TestRemoveZoneFromAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/zones/01a7362d577a6c3019a474fd6f485823", handler)
-
-	err := client.DeleteMembershipFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteMembershipFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipZone}})
-	assert.NoError(t, err)
-}
-
-func TestAddAccountToAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/accounts/01a7362d577a6c3019a474fd6f485823", handler)
-
-	err := client.CreateMembershipToAddressMap(context.Background(), AccountIdentifier(testAccountID), CreateMembershipToAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipAccount}})
-	assert.NoError(t, err)
-}
-
-func TestRemoveAccountFromAddressMap(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": []
-		  }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/address_maps/9a7806061c88ada191ed06f989cc3dac/accounts/01a7362d577a6c3019a474fd6f485823", handler)
-
-	err := client.DeleteMembershipFromAddressMap(context.Background(), AccountIdentifier(testAccountID), DeleteMembershipFromAddressMapParams{"9a7806061c88ada191ed06f989cc3dac", AddressMapMembershipContainer{"01a7362d577a6c3019a474fd6f485823", AddressMapMembershipAccount}})
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/addressing_ip_prefix.go b/pkg/cloudflare-go/addressing_ip_prefix.go
deleted file mode 100644
index a2e686c3b2..0000000000
--- a/pkg/cloudflare-go/addressing_ip_prefix.go
+++ /dev/null
@@ -1,149 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// IPPrefix contains information about an IP prefix.
-type IPPrefix struct {
-	ID                   string     `json:"id"`
-	CreatedAt            *time.Time `json:"created_at"`
-	ModifiedAt           *time.Time `json:"modified_at"`
-	CIDR                 string     `json:"cidr"`
-	AccountID            string     `json:"account_id"`
-	Description          string     `json:"description"`
-	Approved             string     `json:"approved"`
-	OnDemandEnabled      bool       `json:"on_demand_enabled"`
-	OnDemandLocked       bool       `json:"on_demand_locked"`
-	Advertised           bool       `json:"advertised"`
-	AdvertisedModifiedAt *time.Time `json:"advertised_modified_at"`
-}
-
-// AdvertisementStatus contains information about the BGP status of an IP prefix.
-type AdvertisementStatus struct {
-	Advertised           bool       `json:"advertised"`
-	AdvertisedModifiedAt *time.Time `json:"advertised_modified_at"`
-}
-
-// ListIPPrefixResponse contains a slice of IP prefixes.
-type ListIPPrefixResponse struct {
-	Response
-	Result []IPPrefix `json:"result"`
-}
-
-// GetIPPrefixResponse contains a specific IP prefix's API Response.
-type GetIPPrefixResponse struct {
-	Response
-	Result IPPrefix `json:"result"`
-}
-
-// GetAdvertisementStatusResponse contains an API Response for the BGP status of the IP Prefix.
-type GetAdvertisementStatusResponse struct {
-	Response
-	Result AdvertisementStatus `json:"result"`
-}
-
-// IPPrefixUpdateRequest contains information about prefix updates.
-type IPPrefixUpdateRequest struct {
-	Description string `json:"description"`
-}
-
-// AdvertisementStatusUpdateRequest contains information about bgp status updates.
-type AdvertisementStatusUpdateRequest struct {
-	Advertised bool `json:"advertised"`
-}
-
-// ListPrefixes lists all IP prefixes for a given account
-//
-// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-list-prefixes
-func (api *API) ListPrefixes(ctx context.Context, accountID string) ([]IPPrefix, error) {
-	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []IPPrefix{}, err
-	}
-
-	result := ListIPPrefixResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetPrefix returns a specific IP prefix
-//
-// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-prefix-details
-func (api *API) GetPrefix(ctx context.Context, accountID, ID string) (IPPrefix, error) {
-	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IPPrefix{}, err
-	}
-
-	result := GetIPPrefixResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdatePrefixDescription edits the description of the IP prefix
-//
-// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
-func (api *API) UpdatePrefixDescription(ctx context.Context, accountID, ID string, description string) (IPPrefix, error) {
-	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, IPPrefixUpdateRequest{Description: description})
-	if err != nil {
-		return IPPrefix{}, err
-	}
-
-	result := GetIPPrefixResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPPrefix{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetAdvertisementStatus returns the BGP status of the IP prefix
-//
-// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
-func (api *API) GetAdvertisementStatus(ctx context.Context, accountID, ID string) (AdvertisementStatus, error) {
-	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s/bgp/status", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AdvertisementStatus{}, err
-	}
-
-	result := GetAdvertisementStatusResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return AdvertisementStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateAdvertisementStatus changes the BGP status of an IP prefix
-//
-// API reference: https://api.cloudflare.com/#ip-address-management-prefixes-update-prefix-description
-func (api *API) UpdateAdvertisementStatus(ctx context.Context, accountID, ID string, advertised bool) (AdvertisementStatus, error) {
-	uri := fmt.Sprintf("/accounts/%s/addressing/prefixes/%s/bgp/status", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, AdvertisementStatusUpdateRequest{Advertised: advertised})
-	if err != nil {
-		return AdvertisementStatus{}, err
-	}
-
-	result := GetAdvertisementStatusResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return AdvertisementStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
diff --git a/pkg/cloudflare-go/addressing_ip_prefix_test.go b/pkg/cloudflare-go/addressing_ip_prefix_test.go
deleted file mode 100644
index 0b7bd8cabf..0000000000
--- a/pkg/cloudflare-go/addressing_ip_prefix_test.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListIPPrefix(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-				{
-					"id": "f68579455bd947efb65ffa1bcf33b52c",
-					"created_at": "2020-04-24T21:25:55.643771Z",
-					"modified_at": "2020-04-24T21:25:55.643771Z",
-					"cidr": "10.1.2.3/24",
-					"account_id": "foo",
-					"description": "Sample Prefix",
-					"approved": "V",
-					"on_demand_enabled": true,
-					"on_demand_locked": false,
-					"advertised": true,
-					"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-
-	want := []IPPrefix{
-		{
-			ID:                   "f68579455bd947efb65ffa1bcf33b52c",
-			CreatedAt:            &createdAt,
-			ModifiedAt:           &modifiedAt,
-			CIDR:                 "10.1.2.3/24",
-			AccountID:            "foo",
-			Description:          "Sample Prefix",
-			Approved:             "V",
-			OnDemandEnabled:      true,
-			Advertised:           true,
-			AdvertisedModifiedAt: &advertisedModifiedAt,
-		},
-	}
-
-	actual, err := client.ListPrefixes(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetIPPrefix(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"created_at": "2020-04-24T21:25:55.643771Z",
-				"modified_at": "2020-04-24T21:25:55.643771Z",
-				"cidr": "10.1.2.3/24",
-				"account_id": "foo",
-				"description": "Sample Prefix",
-				"approved": "V",
-				"on_demand_enabled": true,
-				"on_demand_locked": false,
-				"advertised": true,
-				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-
-	want := IPPrefix{
-		ID:                   "f68579455bd947efb65ffa1bcf33b52c",
-		CreatedAt:            &createdAt,
-		ModifiedAt:           &modifiedAt,
-		CIDR:                 "10.1.2.3/24",
-		AccountID:            "foo",
-		Description:          "Sample Prefix",
-		Approved:             "V",
-		OnDemandEnabled:      true,
-		Advertised:           true,
-		AdvertisedModifiedAt: &advertisedModifiedAt,
-	}
-
-	actual, err := client.GetPrefix(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdatePrefixDescription(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"created_at": "2020-04-24T21:25:55.643771Z",
-				"modified_at": "2020-04-24T21:25:55.643771Z",
-				"cidr": "10.1.2.3/24",
-				"account_id": "foo",
-				"description": "My IP Prefix",
-				"approved": "V",
-				"on_demand_enabled": true,
-				"on_demand_locked": false,
-				"advertised": true,
-				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	modifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-
-	want := IPPrefix{
-		ID:                   "f68579455bd947efb65ffa1bcf33b52c",
-		CreatedAt:            &createdAt,
-		ModifiedAt:           &modifiedAt,
-		CIDR:                 "10.1.2.3/24",
-		AccountID:            "foo",
-		Description:          "My IP Prefix",
-		Approved:             "V",
-		OnDemandEnabled:      true,
-		Advertised:           true,
-		AdvertisedModifiedAt: &advertisedModifiedAt,
-	}
-
-	actual, err := client.UpdatePrefixDescription(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c", "My IP Prefix")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetAdvertisementStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"advertised": true,
-				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c/bgp/status", handler)
-
-	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-
-	want := AdvertisementStatus{
-		Advertised:           true,
-		AdvertisedModifiedAt: &advertisedModifiedAt,
-	}
-
-	actual, err := client.GetAdvertisementStatus(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAdvertisementStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"advertised": false,
-				"advertised_modified_at": "2020-04-24T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/prefixes/f68579455bd947efb65ffa1bcf33b52c/bgp/status", handler)
-
-	advertisedModifiedAt, _ := time.Parse(time.RFC3339, "2020-04-24T21:25:55.643771Z")
-
-	want := AdvertisementStatus{
-		Advertised:           false,
-		AdvertisedModifiedAt: &advertisedModifiedAt,
-	}
-
-	actual, err := client.UpdateAdvertisementStatus(context.Background(), testAccountID, "f68579455bd947efb65ffa1bcf33b52c", false)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/api_shield.go b/pkg/cloudflare-go/api_shield.go
deleted file mode 100644
index 622631c269..0000000000
--- a/pkg/cloudflare-go/api_shield.go
+++ /dev/null
@@ -1,71 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// AuthIdCharacteristics a single option from
-// configuration?properties=auth_id_characteristics.
-type AuthIdCharacteristics struct {
-	Type string `json:"type"`
-	Name string `json:"name"`
-}
-
-// APIShield is all the available options under
-// configuration?properties=auth_id_characteristics.
-type APIShield struct {
-	AuthIdCharacteristics []AuthIdCharacteristics `json:"auth_id_characteristics"`
-}
-
-// APIShieldResponse represents the response from the api_gateway/configuration endpoint.
-type APIShieldResponse struct {
-	Result APIShield `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type UpdateAPIShieldParams struct {
-	AuthIdCharacteristics []AuthIdCharacteristics `json:"auth_id_characteristics"`
-}
-
-// GetAPIShieldConfiguration gets a zone API shield configuration.
-//
-// API documentation: https://api.cloudflare.com/#api-shield-settings-retrieve-information-about-specific-configuration-properties
-func (api *API) GetAPIShieldConfiguration(ctx context.Context, rc *ResourceContainer) (APIShield, ResultInfo, error) {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/configuration?properties=auth_id_characteristics", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return APIShield{}, ResultInfo{}, err
-	}
-	var asResponse APIShieldResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return APIShield{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse.Result, asResponse.ResultInfo, nil
-}
-
-// UpdateAPIShieldConfiguration sets a zone API shield configuration.
-//
-// API documentation: https://api.cloudflare.com/#api-shield-settings-set-configuration-properties
-func (api *API) UpdateAPIShieldConfiguration(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldParams) (Response, error) {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/configuration", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Response{}, err
-	}
-	var asResponse Response
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return Response{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse, nil
-}
diff --git a/pkg/cloudflare-go/api_shield_api_discovery.go b/pkg/cloudflare-go/api_shield_api_discovery.go
deleted file mode 100644
index 69b3ad2433..0000000000
--- a/pkg/cloudflare-go/api_shield_api_discovery.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// APIShieldDiscoveryOrigin is an enumeration on what discovery engine an operation was discovered by.
-type APIShieldDiscoveryOrigin string
-
-const (
-
-	// APIShieldDiscoveryOriginML discovered operations that were sourced using ML API Discovery.
-	APIShieldDiscoveryOriginML APIShieldDiscoveryOrigin = "ML"
-	// APIShieldDiscoveryOriginSessionIdentifier discovered operations that were sourced using Session Identifier
-	// API Discovery.
-	APIShieldDiscoveryOriginSessionIdentifier APIShieldDiscoveryOrigin = "SessionIdentifier"
-)
-
-// APIShieldDiscoveryState is an enumeration on states a discovery operation can be in.
-type APIShieldDiscoveryState string
-
-const (
-	// APIShieldDiscoveryStateReview discovered operations that are not saved into API Shield Endpoint Management.
-	APIShieldDiscoveryStateReview APIShieldDiscoveryState = "review"
-	// APIShieldDiscoveryStateSaved discovered operations that are already saved into API Shield Endpoint Management.
-	APIShieldDiscoveryStateSaved APIShieldDiscoveryState = "saved"
-	// APIShieldDiscoveryStateIgnored discovered operations that have been marked as ignored.
-	APIShieldDiscoveryStateIgnored APIShieldDiscoveryState = "ignored"
-)
-
-// APIShieldDiscoveryOperation is an operation that was discovered by API Discovery.
-type APIShieldDiscoveryOperation struct {
-	// ID represents the ID of the operation, formatted as UUID
-	ID string `json:"id"`
-	// Origin represents the API discovery engine(s) that discovered this operation
-	Origin []APIShieldDiscoveryOrigin `json:"origin"`
-	// State represents the state of operation in API Discovery
-	State APIShieldDiscoveryState `json:"state"`
-	// LastUpdated timestamp of when this operation was last updated
-	LastUpdated *time.Time `json:"last_updated"`
-	// Features are additional data about the operation
-	Features map[string]any `json:"features,omitempty"`
-
-	Method   string `json:"method"`
-	Host     string `json:"host"`
-	Endpoint string `json:"endpoint"`
-}
-
-// ListAPIShieldDiscoveryOperationsParams represents the parameters to pass when retrieving discovered operations.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-discovery-retrieve-discovered-operations-on-a-zone
-type ListAPIShieldDiscoveryOperationsParams struct {
-	// Direction to order results.
-	Direction string `url:"direction,omitempty"`
-	// OrderBy when requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.
-	OrderBy string `url:"order,omitempty"`
-	// Hosts filters results to only include the specified hosts.
-	Hosts []string `url:"host,omitempty"`
-	// Methods filters results to only include the specified methods.
-	Methods []string `url:"method,omitempty"`
-	// Endpoint filters results to only include endpoints containing this pattern.
-	Endpoint string `url:"endpoint,omitempty"`
-	// Diff when true, only return API Discovery results that are not saved into API Shield Endpoint Management
-	Diff bool `url:"diff,omitempty"`
-	// Origin filters results to only include discovery results sourced from a particular discovery engine
-	// See APIShieldDiscoveryOrigin for valid values.
-	Origin APIShieldDiscoveryOrigin `url:"origin,omitempty"`
-	// State filters results to only include discovery results in a particular state
-	// See APIShieldDiscoveryState for valid values.
-	State APIShieldDiscoveryState `url:"state,omitempty"`
-
-	// Pagination options to apply to the request.
-	PaginationOptions
-}
-
-// UpdateAPIShieldDiscoveryOperationParams represents the parameters to pass to patch a discovery operation
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operation
-type UpdateAPIShieldDiscoveryOperationParams struct {
-	// OperationID is the ID, formatted as UUID, of the operation to be updated
-	OperationID string                  `json:"-" url:"-"`
-	State       APIShieldDiscoveryState `json:"state" url:"-"`
-}
-
-// UpdateAPIShieldDiscoveryOperationsParams maps discovery operation IDs to PatchAPIShieldDiscoveryOperation structs
-//
-// Example:
-//
-//	UpdateAPIShieldDiscoveryOperations{
-//			"99522293-a505-45e5-bbad-bbc339f5dc40": PatchAPIShieldDiscoveryOperation{ State: "review" },
-//	}
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operations
-type UpdateAPIShieldDiscoveryOperationsParams map[string]UpdateAPIShieldDiscoveryOperation
-
-// UpdateAPIShieldDiscoveryOperation represents the state to set on a discovery operation.
-type UpdateAPIShieldDiscoveryOperation struct {
-	// State is the state to set on the operation
-	State APIShieldDiscoveryState `json:"state" url:"-"`
-}
-
-// APIShieldListDiscoveryOperationsResponse represents the response from the api_gateway/discovery/operations endpoint.
-type APIShieldListDiscoveryOperationsResponse struct {
-	Result     []APIShieldDiscoveryOperation `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// APIShieldPatchDiscoveryOperationResponse represents the response from the PATCH api_gateway/discovery/operations/{id} endpoint.
-type APIShieldPatchDiscoveryOperationResponse struct {
-	Result UpdateAPIShieldDiscoveryOperation `json:"result"`
-	Response
-}
-
-// APIShieldPatchDiscoveryOperationsResponse represents the response from the PATCH api_gateway/discovery/operations endpoint.
-type APIShieldPatchDiscoveryOperationsResponse struct {
-	Result UpdateAPIShieldDiscoveryOperationsParams `json:"result"`
-	Response
-}
-
-// ListAPIShieldDiscoveryOperations retrieve the most up to date view of discovered operations.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-discovery-retrieve-discovered-operations-on-a-zone
-func (api *API) ListAPIShieldDiscoveryOperations(ctx context.Context, rc *ResourceContainer, params ListAPIShieldDiscoveryOperationsParams) ([]APIShieldDiscoveryOperation, ResultInfo, error) {
-	uri := buildURI(fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", rc.Identifier), params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var asResponse APIShieldListDiscoveryOperationsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse.Result, asResponse.ResultInfo, nil
-}
-
-// UpdateAPIShieldDiscoveryOperation updates certain fields on a discovered operation.
-//
-// API Documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operation
-func (api *API) UpdateAPIShieldDiscoveryOperation(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldDiscoveryOperationParams) (*UpdateAPIShieldDiscoveryOperation, error) {
-	if params.OperationID == "" {
-		return nil, fmt.Errorf("operation ID must be provided")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations/%s", rc.Identifier, params.OperationID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	// Result should be the updated schema that was patched
-	var asResponse APIShieldPatchDiscoveryOperationResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// UpdateAPIShieldDiscoveryOperations bulk updates certain fields on multiple discovered operations
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-api-patch-discovered-operations
-func (api *API) UpdateAPIShieldDiscoveryOperations(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldDiscoveryOperationsParams) (*UpdateAPIShieldDiscoveryOperationsParams, error) {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	// Result should be the updated schema that was patched
-	var asResponse APIShieldPatchDiscoveryOperationsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/api_shield_api_discovery_test.go b/pkg/cloudflare-go/api_shield_api_discovery_test.go
deleted file mode 100644
index 3344c49344..0000000000
--- a/pkg/cloudflare-go/api_shield_api_discovery_test.go
+++ /dev/null
@@ -1,383 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const testAPIShieldDiscoveryOperationID = "d3f614c0-7d73-4e4f-8d17-4215e7d78b77"
-
-func TestListAPIShieldDiscoveryOperations(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				"method": "POST",
-				"host": "api.cloudflare.com",
-				"endpoint": "/client/v4/zones",
-				"last_updated": "2023-03-02T15:46:06.000000Z",
-				"origin": ["ML"],
-				"state": "review"
-			}
-		],
-		"result_info": {
-			"page": 3,
-			"per_page": 20,
-			"count": 1,
-			"total_count": 2000
-		}
-	}`
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, actualResultInfo, err := client.ListAPIShieldDiscoveryOperations(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		ListAPIShieldDiscoveryOperationsParams{},
-	)
-
-	lastUpdated := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-	expectedOps := []APIShieldDiscoveryOperation{
-		{
-			Method:      "POST",
-			Host:        "api.cloudflare.com",
-			Endpoint:    "/client/v4/zones",
-			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-			LastUpdated: &lastUpdated,
-			Origin:      []APIShieldDiscoveryOrigin{APIShieldDiscoveryOriginML},
-			State:       APIShieldDiscoveryStateReview,
-		},
-	}
-
-	expectedResultInfo := ResultInfo{
-		Page:    3,
-		PerPage: 20,
-		Count:   1,
-		Total:   2000,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedOps, actual)
-		assert.Equal(t, expectedResultInfo, actualResultInfo)
-	}
-}
-
-func TestListAPIShieldDiscoveryOperationsWithParams(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				"method": "POST",
-				"host": "api.cloudflare.com",
-				"endpoint": "/client/v4/zones",
-				"last_updated": "2023-03-02T15:46:06.000000Z",
-				"origin": ["SessionIdentifier"],
-				"state": "saved",
-				"features": {
-					"traffic_stats": {}
-				}
-			}
-		],
-		"result_info": {
-			"page": 3,
-			"per_page": 20,
-			"count": 1,
-			"total_count": 2000
-		}
-	}`
-
-	tests := []struct {
-		name           string
-		params         ListAPIShieldDiscoveryOperationsParams
-		expectedParams url.Values
-	}{
-		{
-			name: "all params",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Direction: "desc",
-				OrderBy:   "host",
-				Hosts:     []string{"api.cloudflare.com", "developers.cloudflare.com"},
-				Methods:   []string{"GET", "PUT"},
-				Endpoint:  "/client",
-				Origin:    APIShieldDiscoveryOriginSessionIdentifier,
-				State:     APIShieldDiscoveryStateSaved,
-				Diff:      true,
-				PaginationOptions: PaginationOptions{
-					Page:    1,
-					PerPage: 25,
-				},
-			},
-			expectedParams: url.Values{
-				"direction": []string{"desc"},
-				"order":     []string{"host"},
-				"host":      []string{"api.cloudflare.com", "developers.cloudflare.com"},
-				"method":    []string{"GET", "PUT"},
-				"endpoint":  []string{"/client"},
-				"origin":    []string{"SessionIdentifier"},
-				"state":     []string{"saved"},
-				"diff":      []string{"true"},
-				"page":      []string{"1"},
-				"per_page":  []string{"25"},
-			},
-		},
-		{
-			name: "direction only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Direction: "desc",
-			},
-			expectedParams: url.Values{
-				"direction": []string{"desc"},
-			},
-		},
-		{
-			name: "order only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				OrderBy: "host",
-			},
-			expectedParams: url.Values{
-				"order": []string{"host"},
-			},
-		},
-		{
-			name: "hosts only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"},
-			},
-			expectedParams: url.Values{
-				"host": []string{"api.cloudflare.com", "developers.cloudflare.com"},
-			},
-		},
-		{
-			name: "methods only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Methods: []string{"GET", "PUT"},
-			},
-			expectedParams: url.Values{
-				"method": []string{"GET", "PUT"},
-			},
-		},
-		{
-			name: "endpoint only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Endpoint: "/client",
-			},
-			expectedParams: url.Values{
-				"endpoint": []string{"/client"},
-			},
-		},
-		{
-			name: "origin only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Origin: APIShieldDiscoveryOriginSessionIdentifier,
-			},
-			expectedParams: url.Values{
-				"origin": []string{"SessionIdentifier"},
-			},
-		},
-		{
-			name: "state only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				State: APIShieldDiscoveryStateSaved,
-			},
-			expectedParams: url.Values{
-				"state": []string{"saved"},
-			},
-		},
-		{
-			name: "diff only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				Diff: true,
-			},
-			expectedParams: url.Values{
-				"diff": []string{"true"},
-			},
-		},
-		{
-			name: "pagination only",
-			params: ListAPIShieldDiscoveryOperationsParams{
-				PaginationOptions: PaginationOptions{
-					Page:    1,
-					PerPage: 25,
-				},
-			},
-			expectedParams: url.Values{
-				"page":     []string{"1"},
-				"per_page": []string{"25"},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			setup()
-			t.Cleanup(teardown)
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				require.Equal(t, test.expectedParams, r.URL.Query())
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprint(w, response)
-			}
-
-			mux.HandleFunc(endpoint, handler)
-
-			actual, _, err := client.ListAPIShieldDiscoveryOperations(
-				context.Background(),
-				ZoneIdentifier(testZoneID),
-				test.params,
-			)
-
-			lastUpdated := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-			expected := []APIShieldDiscoveryOperation{
-				{
-					Method:      "POST",
-					Host:        "api.cloudflare.com",
-					Endpoint:    "/client/v4/zones",
-					ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-					LastUpdated: &lastUpdated,
-					Origin:      []APIShieldDiscoveryOrigin{APIShieldDiscoveryOriginSessionIdentifier},
-					State:       APIShieldDiscoveryStateSaved,
-					Features: map[string]any{
-						"traffic_stats": map[string]any{},
-					},
-				},
-			}
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, expected, actual)
-			}
-		})
-	}
-}
-
-func TestUpdateAPIShieldDiscoveryOperation(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations/%s", testZoneID, testAPIShieldDiscoveryOperationID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"state": "ignored"
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		require.Equal(t, `{"state":"ignored"}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.UpdateAPIShieldDiscoveryOperation(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateAPIShieldDiscoveryOperationParams{
-			OperationID: testAPIShieldDiscoveryOperationID,
-			State:       APIShieldDiscoveryStateIgnored,
-		},
-	)
-
-	// patch result is a cut down representation of the schema
-	// so metadata like created date is not populated
-	expected := &UpdateAPIShieldDiscoveryOperation{
-		State: APIShieldDiscoveryStateIgnored,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	assert.NoError(t, err)
-}
-
-func TestUpdateAPIShieldDiscoveryOperations(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/discovery/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"9b16ce22-d1bf-425d-869f-a11f8240fafb": { "state": "ignored" },
-			"c51c2ea1-a690-48fd-8e3f-7fc79b269947": { "state": "review" }
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		require.Equal(t, `{"9b16ce22-d1bf-425d-869f-a11f8240fafb":{"state":"ignored"},"c51c2ea1-a690-48fd-8e3f-7fc79b269947":{"state":"review"}}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.UpdateAPIShieldDiscoveryOperations(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateAPIShieldDiscoveryOperationsParams{
-			"9b16ce22-d1bf-425d-869f-a11f8240fafb": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateIgnored},
-			"c51c2ea1-a690-48fd-8e3f-7fc79b269947": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateReview},
-		},
-	)
-
-	expected := &UpdateAPIShieldDiscoveryOperationsParams{
-		"9b16ce22-d1bf-425d-869f-a11f8240fafb": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateIgnored},
-		"c51c2ea1-a690-48fd-8e3f-7fc79b269947": UpdateAPIShieldDiscoveryOperation{State: APIShieldDiscoveryStateReview},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	assert.NoError(t, err)
-}
-
-func TestMustProvideDiscoveryOperationID(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	_, err := client.UpdateAPIShieldDiscoveryOperation(context.Background(), ZoneIdentifier(testZoneID), UpdateAPIShieldDiscoveryOperationParams{})
-	require.ErrorContains(t, err, "operation ID must be provided")
-}
diff --git a/pkg/cloudflare-go/api_shield_operations.go b/pkg/cloudflare-go/api_shield_operations.go
deleted file mode 100644
index 1d89a1754b..0000000000
--- a/pkg/cloudflare-go/api_shield_operations.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// APIShieldOperation represents an operation stored in API Shield Endpoint Management.
-type APIShieldOperation struct {
-	APIShieldBasicOperation
-	ID          string         `json:"operation_id"`
-	LastUpdated *time.Time     `json:"last_updated"`
-	Features    map[string]any `json:"features,omitempty"`
-}
-
-// GetAPIShieldOperationParams represents the parameters to pass when retrieving an operation.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation
-type GetAPIShieldOperationParams struct {
-	// The Operation ID to retrieve
-	OperationID string `url:"-"`
-	// Features represents a set of features to return in `features` object when
-	// performing making read requests against an Operation or listing operations.
-	Features []string `url:"feature,omitempty"`
-}
-
-// CreateAPIShieldOperationsParams represents the parameters to pass when adding one or more operations.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-add-operations-to-a-zone
-type CreateAPIShieldOperationsParams struct {
-	// Operations are a slice of operations to be created in API Shield Endpoint Management
-	Operations []APIShieldBasicOperation `url:"-"`
-}
-
-// APIShieldBasicOperation should be used when creating an operation in API Shield Endpoint Management.
-type APIShieldBasicOperation struct {
-	Method   string `json:"method"`
-	Host     string `json:"host"`
-	Endpoint string `json:"endpoint"`
-}
-
-// DeleteAPIShieldOperationParams represents the parameters to pass to delete an operation.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-delete-an-operation
-type DeleteAPIShieldOperationParams struct {
-	// OperationID is the operation to be deleted
-	OperationID string `url:"-"`
-}
-
-// ListAPIShieldOperationsParams represents the parameters to pass when retrieving operations
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
-type ListAPIShieldOperationsParams struct {
-	// Features represents a set of features to return in `features` object when
-	// performing making read requests against an Operation or listing operations.
-	Features []string `url:"feature,omitempty"`
-	// Direction to order results.
-	Direction string `url:"direction,omitempty"`
-	// OrderBy when requesting a feature, the feature keys are available for ordering as well, e.g., thresholds.suggested_threshold.
-	OrderBy string `url:"order,omitempty"`
-	// Filters to only return operations that match filtering criteria, see APIShieldGetOperationsFilters
-	APIShieldListOperationsFilters
-	// Pagination options to apply to the request.
-	PaginationOptions
-}
-
-// APIShieldListOperationsFilters represents the filtering query parameters to set when retrieving operations
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
-type APIShieldListOperationsFilters struct {
-	// Hosts filters results to only include the specified hosts.
-	Hosts []string `url:"host,omitempty"`
-	// Methods filters results to only include the specified methods.
-	Methods []string `url:"method,omitempty"`
-	// Endpoint filter results to only include endpoints containing this pattern.
-	Endpoint string `url:"endpoint,omitempty"`
-}
-
-// APIShieldGetOperationResponse represents the response from the api_gateway/operations/{id} endpoint.
-type APIShieldGetOperationResponse struct {
-	Result APIShieldOperation `json:"result"`
-	Response
-}
-
-// APIShieldGetOperationsResponse represents the response from the api_gateway/operations endpoint.
-type APIShieldGetOperationsResponse struct {
-	Result     []APIShieldOperation `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// APIShieldDeleteOperationResponse represents the response from the api_gateway/operations/{id} endpoint (DELETE).
-type APIShieldDeleteOperationResponse struct {
-	Result interface{} `json:"result"`
-	Response
-}
-
-// GetAPIShieldOperation returns information about an operation
-//
-// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-an-operation
-func (api *API) GetAPIShieldOperation(ctx context.Context, rc *ResourceContainer, params GetAPIShieldOperationParams) (*APIShieldOperation, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, params.OperationID)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldGetOperationResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// ListAPIShieldOperations retrieve information about all operations on a zone
-//
-// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-retrieve-information-about-all-operations-on-a-zone
-func (api *API) ListAPIShieldOperations(ctx context.Context, rc *ResourceContainer, params ListAPIShieldOperationsParams) ([]APIShieldOperation, ResultInfo, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var asResponse APIShieldGetOperationsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse.Result, asResponse.ResultInfo, nil
-}
-
-// CreateAPIShieldOperations add one or more operations to a zone.
-//
-// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-add-operations-to-a-zone
-func (api *API) CreateAPIShieldOperations(ctx context.Context, rc *ResourceContainer, params CreateAPIShieldOperationsParams) ([]APIShieldOperation, error) {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/operations", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Operations)
-	if err != nil {
-		return nil, err
-	}
-
-	// Result should be all the operations added to the zone, similar to doing GetAPIShieldOperations
-	var asResponse APIShieldGetOperationsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse.Result, nil
-}
-
-// DeleteAPIShieldOperation deletes a single operation
-//
-// API documentation https://developers.cloudflare.com/api/operations/api-shield-endpoint-management-delete-an-operation
-func (api *API) DeleteAPIShieldOperation(ctx context.Context, rc *ResourceContainer, params DeleteAPIShieldOperationParams) error {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", rc.Identifier, params.OperationID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var asResponse APIShieldDeleteOperationResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/api_shield_operations_test.go b/pkg/cloudflare-go/api_shield_operations_test.go
deleted file mode 100644
index fdcc25cc85..0000000000
--- a/pkg/cloudflare-go/api_shield_operations_test.go
+++ /dev/null
@@ -1,491 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const testAPIShieldOperationId = "9def2cb0-3ed0-4737-92ca-f09efa4718fd"
-
-func TestGetAPIShieldOperation(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-			"method": "POST",
-			"host": "api.cloudflare.com",
-			"endpoint": "/client/v4/zones",
-			"last_updated": "2023-03-02T15:46:06.000000Z"
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.GetAPIShieldOperation(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		GetAPIShieldOperationParams{
-			OperationID: testAPIShieldOperationId,
-		},
-	)
-
-	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-	expected := &APIShieldOperation{
-		APIShieldBasicOperation: APIShieldBasicOperation{
-			Method:   "POST",
-			Host:     "api.cloudflare.com",
-			Endpoint: "/client/v4/zones",
-		},
-		ID:          testAPIShieldOperationId,
-		LastUpdated: &time,
-		Features:    nil,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestGetAPIShieldOperationWithParams(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-			"method": "POST",
-			"host": "api.cloudflare.com",
-			"endpoint": "/client/v4/zones",
-			"last_updated": "2023-03-02T15:46:06.000000Z",
-			"features":{
-				"thresholds":{},
-				"parameter_schemas":{}
-			}
-		}
-	}`
-
-	tests := []struct {
-		name           string
-		getParams      GetAPIShieldOperationParams
-		expectedParams url.Values
-	}{
-		{
-			name: "one feature",
-			getParams: GetAPIShieldOperationParams{
-				OperationID: testAPIShieldOperationId,
-				Features:    []string{"thresholds"},
-			},
-			expectedParams: url.Values{
-				"feature": []string{"thresholds"},
-			},
-		},
-		{
-			name: "more than one feature",
-			getParams: GetAPIShieldOperationParams{
-				OperationID: testAPIShieldOperationId,
-				Features:    []string{"thresholds", "parameter_schemas"},
-			},
-			expectedParams: url.Values{
-				"feature": []string{"thresholds", "parameter_schemas"},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			setup()
-			t.Cleanup(teardown)
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				require.Equal(t, test.expectedParams, r.URL.Query())
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprint(w, response)
-			}
-
-			mux.HandleFunc(endpoint, handler)
-
-			actual, err := client.GetAPIShieldOperation(
-				context.Background(),
-				ZoneIdentifier(testZoneID),
-				test.getParams,
-			)
-
-			time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-			expected := &APIShieldOperation{
-				APIShieldBasicOperation: APIShieldBasicOperation{
-					Method:   "POST",
-					Host:     "api.cloudflare.com",
-					Endpoint: "/client/v4/zones",
-				},
-				ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				LastUpdated: &time,
-				Features: map[string]any{
-					"thresholds":        map[string]any{},
-					"parameter_schemas": map[string]any{},
-				},
-			}
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, expected, actual)
-			}
-		})
-	}
-}
-
-func TestListAPIShieldOperations(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				"method": "POST",
-				"host": "api.cloudflare.com",
-				"endpoint": "/client/v4/zones",
-				"last_updated": "2023-03-02T15:46:06.000000Z"
-			}
-
-		],
-		"result_info": {
-			"page": 3,
-			"per_page": 20,
-			"count": 1,
-			"total_count": 2000
-		}
-	}`
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, actualResultInfo, err := client.ListAPIShieldOperations(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		ListAPIShieldOperationsParams{},
-	)
-
-	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-	expectedOps := []APIShieldOperation{
-		{
-			APIShieldBasicOperation: APIShieldBasicOperation{
-				Method:   "POST",
-				Host:     "api.cloudflare.com",
-				Endpoint: "/client/v4/zones",
-			},
-			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-			LastUpdated: &time,
-			Features:    nil,
-		},
-	}
-
-	expectedResultInfo := ResultInfo{
-		Page:    3,
-		PerPage: 20,
-		Count:   1,
-		Total:   2000,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedOps, actual)
-		assert.Equal(t, expectedResultInfo, actualResultInfo)
-	}
-}
-
-func TestListAPIShieldOperationsWithParams(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				"method": "POST",
-				"host": "api.cloudflare.com",
-				"endpoint": "/client/v4/zones",
-				"last_updated": "2023-03-02T15:46:06.000000Z",
-				"features": {
-					"thresholds": {}
-                }
-			}
-		],
-		"result_info": {
-			"page": 3,
-			"per_page": 20,
-			"count": 1,
-			"total_count": 2000
-		}
-	}`
-
-	tests := []struct {
-		name           string
-		params         ListAPIShieldOperationsParams
-		expectedParams url.Values
-	}{
-		{
-			name: "all params",
-			params: ListAPIShieldOperationsParams{
-				Features:  []string{"thresholds", "parameter_schemas"},
-				Direction: "desc",
-				OrderBy:   "host",
-				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
-					Hosts:    []string{"api.cloudflare.com", "developers.cloudflare.com"},
-					Methods:  []string{"GET", "PUT"},
-					Endpoint: "/client",
-				},
-				PaginationOptions: PaginationOptions{
-					Page:    1,
-					PerPage: 25,
-				},
-			},
-			expectedParams: url.Values{
-				"feature":   []string{"thresholds", "parameter_schemas"},
-				"direction": []string{"desc"},
-				"order":     []string{"host"},
-				"host":      []string{"api.cloudflare.com", "developers.cloudflare.com"},
-				"method":    []string{"GET", "PUT"},
-				"endpoint":  []string{"/client"},
-				"page":      []string{"1"},
-				"per_page":  []string{"25"},
-			},
-		},
-		{
-			name: "features only",
-			params: ListAPIShieldOperationsParams{
-				Features: []string{"thresholds", "parameter_schemas"},
-			},
-			expectedParams: url.Values{
-				"feature": []string{"thresholds", "parameter_schemas"},
-			},
-		},
-		{
-			name: "direction only",
-			params: ListAPIShieldOperationsParams{
-				Direction: "desc",
-			},
-			expectedParams: url.Values{
-				"direction": []string{"desc"},
-			},
-		},
-		{
-			name: "order only",
-			params: ListAPIShieldOperationsParams{
-				OrderBy: "host",
-			},
-			expectedParams: url.Values{
-				"order": []string{"host"},
-			},
-		},
-		{
-			name: "hosts only",
-			params: ListAPIShieldOperationsParams{
-				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
-					Hosts: []string{"api.cloudflare.com", "developers.cloudflare.com"},
-				},
-			},
-			expectedParams: url.Values{
-				"host": []string{"api.cloudflare.com", "developers.cloudflare.com"},
-			},
-		},
-		{
-			name: "methods only",
-			params: ListAPIShieldOperationsParams{
-				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
-					Methods: []string{"GET", "PUT"},
-				},
-			},
-			expectedParams: url.Values{
-				"method": []string{"GET", "PUT"},
-			},
-		},
-		{
-			name: "endpoint only",
-			params: ListAPIShieldOperationsParams{
-				APIShieldListOperationsFilters: APIShieldListOperationsFilters{
-					Endpoint: "/client",
-				},
-			},
-			expectedParams: url.Values{
-				"endpoint": []string{"/client"},
-			},
-		},
-		{
-			name: "pagination only",
-			params: ListAPIShieldOperationsParams{
-				PaginationOptions: PaginationOptions{
-					Page:    1,
-					PerPage: 25,
-				},
-			},
-			expectedParams: url.Values{
-				"page":     []string{"1"},
-				"per_page": []string{"25"},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			setup()
-			t.Cleanup(teardown)
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				require.Equal(t, test.expectedParams, r.URL.Query())
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprint(w, response)
-			}
-
-			mux.HandleFunc(endpoint, handler)
-
-			actual, _, err := client.ListAPIShieldOperations(
-				context.Background(),
-				ZoneIdentifier(testZoneID),
-				test.params,
-			)
-
-			time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-			expected := []APIShieldOperation{
-				{
-					APIShieldBasicOperation: APIShieldBasicOperation{
-						Method:   "POST",
-						Host:     "api.cloudflare.com",
-						Endpoint: "/client/v4/zones",
-					},
-					ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-					LastUpdated: &time,
-					Features: map[string]any{
-						"thresholds": map[string]any{},
-					},
-				},
-			}
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, expected, actual)
-			}
-		})
-	}
-}
-
-func TestCreateAPIShieldOperations(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"operation_id": "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-				"method": "POST",
-				"host": "api.cloudflare.com",
-				"endpoint": "/client/v4/zones",
-				"last_updated": "2023-03-02T15:46:06.000000Z"
-			}
-		]
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		require.Equal(t, []byte(`[{"method":"POST","host":"api.cloudflare.com","endpoint":"/client/v4/zones"}]`), body)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.CreateAPIShieldOperations(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		CreateAPIShieldOperationsParams{
-			Operations: []APIShieldBasicOperation{
-				{
-					Method:   "POST",
-					Host:     "api.cloudflare.com",
-					Endpoint: "/client/v4/zones",
-				},
-			},
-		},
-	)
-
-	time := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-	expected := []APIShieldOperation{
-		{
-			APIShieldBasicOperation: APIShieldBasicOperation{
-				Method:   "POST",
-				Host:     "api.cloudflare.com",
-				Endpoint: "/client/v4/zones",
-			},
-			ID:          "9def2cb0-3ed0-4737-92ca-f09efa4718fd",
-			LastUpdated: &time,
-			Features:    nil,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestDeleteAPIShieldOperation(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s", testZoneID, testAPIShieldOperationId)
-	response := `{"result":{},"success":true,"errors":[],"messages":[]}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	err := client.DeleteAPIShieldOperation(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		DeleteAPIShieldOperationParams{
-			OperationID: testAPIShieldOperationId,
-		},
-	)
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/api_shield_schemas.go b/pkg/cloudflare-go/api_shield_schemas.go
deleted file mode 100644
index 804181d866..0000000000
--- a/pkg/cloudflare-go/api_shield_schemas.go
+++ /dev/null
@@ -1,505 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// APIShieldSchema represents a schema stored in API Shield Schema Validation 2.0.
-type APIShieldSchema struct {
-	// ID represents the ID of the schema
-	ID string `json:"schema_id"`
-	// Name represents the name of the schema
-	Name string `json:"name"`
-	// Kind of the schema
-	Kind string `json:"kind"`
-	// Source is the contents of the schema
-	Source string `json:"source,omitempty"`
-	// CreatedAt is the time the schema was created
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	// ValidationEnabled controls if schema is used for validation
-	ValidationEnabled bool `json:"validation_enabled,omitempty"`
-}
-
-// CreateAPIShieldSchemaParams represents the parameters to pass when creating a schema in Schema Validation 2.0.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-post-schema
-type CreateAPIShieldSchemaParams struct {
-	// Source is a io.Reader containing the contents of the schema
-	Source io.Reader
-	// Name represents the name of the schema.
-	Name string
-	// Kind of the schema. This is always set to openapi_v3.
-	Kind string
-	// ValidationEnabled controls if schema is used for validation
-	ValidationEnabled *bool
-}
-
-// GetAPIShieldSchemaParams represents the parameters to pass when retrieving a schema with a given schema ID.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-specific-schema
-type GetAPIShieldSchemaParams struct {
-	// SchemaID is the ID of the schema to retrieve
-	SchemaID string `url:"-"`
-
-	// OmitSource specifies whether the contents of the schema should be returned in the "Source" field.
-	OmitSource *bool `url:"omit_source,omitempty"`
-}
-
-// ListAPIShieldSchemasParams represents the parameters to pass when retrieving all schemas.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-all-schemas
-type ListAPIShieldSchemasParams struct {
-	// OmitSource specifies whether the contents of the schema should be returned in the "Source" field.
-	OmitSource *bool `url:"omit_source,omitempty"`
-
-	// ValidationEnabled specifies whether to return only schemas that have validation enabled.
-	ValidationEnabled *bool `url:"validation_enabled,omitempty"`
-
-	// PaginationOptions to apply to the request.
-	PaginationOptions
-}
-
-// DeleteAPIShieldSchemaParams represents the parameters to pass to delete a schema.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-delete-a-schema
-type DeleteAPIShieldSchemaParams struct {
-	// SchemaID is the schema to be deleted
-	SchemaID string `url:"-"`
-}
-
-// UpdateAPIShieldSchemaParams represents the parameters to pass to patch certain fields on an existing schema
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-enable-validation-for-a-schema
-type UpdateAPIShieldSchemaParams struct {
-	// SchemaID is the schema to be patched
-	SchemaID string `json:"-" url:"-"`
-
-	// ValidationEnabled controls if schema is used for validation
-	ValidationEnabled *bool `json:"validation_enabled" url:"-"`
-}
-
-// APIShieldGetSchemaResponse represents the response from the GET api_gateway/user_schemas/{id} endpoint.
-type APIShieldGetSchemaResponse struct {
-	Result APIShieldSchema `json:"result"`
-	Response
-}
-
-// APIShieldListSchemasResponse represents the response from the GET api_gateway/user_schemas endpoint.
-type APIShieldListSchemasResponse struct {
-	Result     []APIShieldSchema `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// APIShieldCreateSchemaResponse represents the response from the POST api_gateway/user_schemas endpoint.
-type APIShieldCreateSchemaResponse struct {
-	Result APIShieldCreateSchemaResult `json:"result"`
-	Response
-}
-
-// APIShieldDeleteSchemaResponse represents the response from the DELETE api_gateway/user_schemas/{id} endpoint.
-type APIShieldDeleteSchemaResponse struct {
-	Result interface{} `json:"result"`
-	Response
-}
-
-// APIShieldPatchSchemaResponse represents the response from the PATCH api_gateway/user_schemas/{id} endpoint.
-type APIShieldPatchSchemaResponse struct {
-	Result APIShieldSchema `json:"result"`
-	Response
-}
-
-// APIShieldCreateSchemaResult represents the successful result of creating a schema in Schema Validation 2.0.
-type APIShieldCreateSchemaResult struct {
-	// APIShieldSchema is the schema that was created
-	Schema APIShieldSchema `json:"schema"`
-	// APIShieldCreateSchemaEvents are non-critical event logs that occurred during processing.
-	Events APIShieldCreateSchemaEvents `json:"upload_details"`
-}
-
-// APIShieldCreateSchemaEvents are event logs that occurred during processing.
-//
-// The logs are separated into levels of severity.
-type APIShieldCreateSchemaEvents struct {
-	Critical *APIShieldCreateSchemaEventWithLocation   `json:"critical,omitempty"`
-	Errors   []APIShieldCreateSchemaEventWithLocations `json:"errors,omitempty"`
-	Warnings []APIShieldCreateSchemaEventWithLocations `json:"warnings,omitempty"`
-}
-
-// APIShieldCreateSchemaEvent is an event log that occurred during processing.
-type APIShieldCreateSchemaEvent struct {
-	// Code identifies the event that occurred
-	Code uint `json:"code"`
-	// Message describes the event that occurred
-	Message string `json:"message"`
-}
-
-// APIShieldCreateSchemaEventWithLocation is an event log that occurred during processing, with the location
-// in the schema where the event occurred.
-type APIShieldCreateSchemaEventWithLocation struct {
-	APIShieldCreateSchemaEvent
-
-	// Location is where the event occurred
-	// See https://goessner.net/articles/JsonPath/ for JSONPath specification.
-	Location string `json:"location,omitempty"`
-}
-
-// APIShieldCreateSchemaEventWithLocations is an event log that occurred during processing, with the location(s)
-// in the schema where the event occurred.
-type APIShieldCreateSchemaEventWithLocations struct {
-	APIShieldCreateSchemaEvent
-
-	// Locations lists JSONPath locations where the event occurred
-	// See https://goessner.net/articles/JsonPath/ for JSONPath specification
-	Locations []string `json:"locations"`
-}
-
-func (cse APIShieldCreateSchemaEventWithLocations) String() string {
-	var s string
-	s += cse.Message
-
-	if len(cse.Locations) == 0 || (len(cse.Locations) == 1 && cse.Locations[0] == "") {
-		// append nothing
-	} else if len(cse.Locations) == 1 {
-		s += fmt.Sprintf(" (%s)", cse.Locations[0])
-	} else {
-		s += " (multiple locations)"
-	}
-
-	return s
-}
-
-// GetAPIShieldSchema retrieves information about a specific schema on a zone
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-specific-schema
-func (api *API) GetAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params GetAPIShieldSchemaParams) (*APIShieldSchema, error) {
-	if params.SchemaID == "" {
-		return nil, fmt.Errorf("schema ID must be provided")
-	}
-
-	path := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldGetSchemaResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// ListAPIShieldSchemas retrieves all schemas for a zone
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-information-about-all-schemas
-func (api *API) ListAPIShieldSchemas(ctx context.Context, rc *ResourceContainer, params ListAPIShieldSchemasParams) ([]APIShieldSchema, ResultInfo, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", rc.Identifier)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var asResponse APIShieldListSchemasResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return asResponse.Result, asResponse.ResultInfo, nil
-}
-
-// CreateAPIShieldSchema uploads a schema to a zone
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-post-schema
-func (api *API) CreateAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params CreateAPIShieldSchemaParams) (*APIShieldCreateSchemaResult, error) {
-	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", rc.Identifier)
-
-	if params.Name == "" {
-		return nil, fmt.Errorf("name must not be empty")
-	}
-
-	if params.Source == nil {
-		return nil, fmt.Errorf("source must not be nil")
-	}
-
-	// Prepare the form to be submitted
-	var b bytes.Buffer
-	w := multipart.NewWriter(&b)
-	// write fields
-	if err := w.WriteField("name", params.Name); err != nil {
-		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-	}
-	if err := w.WriteField("kind", params.Kind); err != nil {
-		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-	}
-
-	if params.ValidationEnabled != nil {
-		if err := w.WriteField("validation_enabled", strconv.FormatBool(*params.ValidationEnabled)); err != nil {
-			return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-		}
-	}
-
-	// write schema contents
-	part, err := w.CreateFormFile("file", params.Name)
-	if err != nil {
-		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-	}
-	if _, err := io.Copy(part, params.Source); err != nil {
-		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-	}
-	if err := w.Close(); err != nil {
-		return nil, fmt.Errorf("error during multi-part form construction: %w", err)
-	}
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, &b, http.Header{
-		"Content-Type": []string{w.FormDataContentType()},
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldCreateSchemaResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// DeleteAPIShieldSchema deletes a single schema
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-delete-a-schema
-func (api *API) DeleteAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params DeleteAPIShieldSchemaParams) error {
-	if params.SchemaID == "" {
-		return fmt.Errorf("schema ID must be provided")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var asResponse APIShieldDeleteSchemaResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// UpdateAPIShieldSchema updates certain fields on an existing schema.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-enable-validation-for-a-schema
-func (api *API) UpdateAPIShieldSchema(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldSchemaParams) (*APIShieldSchema, error) {
-	if params.SchemaID == "" {
-		return nil, fmt.Errorf("schema ID must be provided")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", rc.Identifier, params.SchemaID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	// Result should be the updated schema that was patched
-	var asResponse APIShieldPatchSchemaResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// Schema Validation Settings
-
-// APIShieldSchemaValidationSettings represents zone level schema validation settings for
-// API Shield Schema Validation 2.0.
-type APIShieldSchemaValidationSettings struct {
-	// DefaultMitigationAction is the mitigation to apply when there is no operation-level
-	// mitigation action defined
-	DefaultMitigationAction string `json:"validation_default_mitigation_action" url:"-"`
-	// OverrideMitigationAction when set, will apply to all requests regardless of
-	// zone-level/operation-level setting
-	OverrideMitigationAction *string `json:"validation_override_mitigation_action" url:"-"`
-}
-
-// UpdateAPIShieldSchemaValidationSettingsParams represents the parameters to pass to update certain fields
-// on schema validation settings on the zone
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-patch-zone-level-settings
-type UpdateAPIShieldSchemaValidationSettingsParams struct {
-	// DefaultMitigationAction is the mitigation to apply when there is no operation-level
-	// mitigation action defined
-	//
-	// passing a `nil` value will have no effect on this setting
-	DefaultMitigationAction *string `json:"validation_default_mitigation_action" url:"-"`
-
-	// OverrideMitigationAction when set, will apply to all requests regardless of
-	// zone-level/operation-level setting
-	//
-	// passing a `nil` value will have no effect on this setting
-	OverrideMitigationAction *string `json:"validation_override_mitigation_action" url:"-"`
-}
-
-// APIShieldSchemaValidationSettingsResponse represents the response from the GET api_gateway/settings/schema_validation endpoint.
-type APIShieldSchemaValidationSettingsResponse struct {
-	Result APIShieldSchemaValidationSettings `json:"result"`
-	Response
-}
-
-// GetAPIShieldSchemaValidationSettings retrieves zone level schema validation settings
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-zone-level-settings
-func (api *API) GetAPIShieldSchemaValidationSettings(ctx context.Context, rc *ResourceContainer) (*APIShieldSchemaValidationSettings, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", rc.Identifier)
-
-	uri := buildURI(path, nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldSchemaValidationSettingsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// UpdateAPIShieldSchemaValidationSettings updates certain fields on zone level schema validation settings
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-patch-zone-level-settings
-func (api *API) UpdateAPIShieldSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldSchemaValidationSettingsParams) (*APIShieldSchemaValidationSettings, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", rc.Identifier)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldSchemaValidationSettingsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// APIShieldOperationSchemaValidationSettings represents operation level schema validation settings for
-// API Shield Schema Validation 2.0.
-type APIShieldOperationSchemaValidationSettings struct {
-	// MitigationAction is the mitigation to apply to the operation
-	MitigationAction *string `json:"mitigation_action" url:"-"`
-}
-
-// GetAPIShieldOperationSchemaValidationSettingsParams represents the parameters to pass to retrieve
-// the schema validation settings set on the operation.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-operation-level-settings
-type GetAPIShieldOperationSchemaValidationSettingsParams struct {
-	// The Operation ID to apply the mitigation action to
-	OperationID string `url:"-"`
-}
-
-// UpdateAPIShieldOperationSchemaValidationSettings maps operation IDs to APIShieldOperationSchemaValidationSettings
-//
-// # This can be used to bulk update operations in one call
-//
-// Example:
-//
-//	UpdateAPIShieldOperationSchemaValidationSettings{
-//			"99522293-a505-45e5-bbad-bbc339f5dc40": APIShieldOperationSchemaValidationSettings{ MitigationAction: nil },
-//	}
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-update-multiple-operation-level-settings
-type UpdateAPIShieldOperationSchemaValidationSettings map[string]APIShieldOperationSchemaValidationSettings
-
-// APIShieldOperationSchemaValidationSettingsResponse represents the response from the GET api_gateway/operation/{operationID}/schema_validation endpoint.
-type APIShieldOperationSchemaValidationSettingsResponse struct {
-	Result APIShieldOperationSchemaValidationSettings `json:"result"`
-	Response
-}
-
-// UpdateAPIShieldOperationSchemaValidationSettingsResponse represents the response from the PATCH api_gateway/operations/schema_validation endpoint.
-type UpdateAPIShieldOperationSchemaValidationSettingsResponse struct {
-	Result UpdateAPIShieldOperationSchemaValidationSettings `json:"result"`
-	Response
-}
-
-// GetAPIShieldOperationSchemaValidationSettings retrieves operation level schema validation settings
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-retrieve-operation-level-settings
-func (api *API) GetAPIShieldOperationSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params GetAPIShieldOperationSchemaValidationSettingsParams) (*APIShieldOperationSchemaValidationSettings, error) {
-	if params.OperationID == "" {
-		return nil, fmt.Errorf("operation ID must be provided")
-	}
-
-	path := fmt.Sprintf("/zones/%s/api_gateway/operations/%s/schema_validation", rc.Identifier, params.OperationID)
-
-	uri := buildURI(path, nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse APIShieldOperationSchemaValidationSettingsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
-
-// UpdateAPIShieldOperationSchemaValidationSettings update multiple operation level schema validation settings
-//
-// API documentation: https://developers.cloudflare.com/api/operations/api-shield-schema-validation-update-multiple-operation-level-settings
-func (api *API) UpdateAPIShieldOperationSchemaValidationSettings(ctx context.Context, rc *ResourceContainer, params UpdateAPIShieldOperationSchemaValidationSettings) (*UpdateAPIShieldOperationSchemaValidationSettings, error) {
-	path := fmt.Sprintf("/zones/%s/api_gateway/operations/schema_validation", rc.Identifier)
-
-	uri := buildURI(path, nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var asResponse UpdateAPIShieldOperationSchemaValidationSettingsResponse
-	err = json.Unmarshal(res, &asResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &asResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/api_shield_schemas_test.go b/pkg/cloudflare-go/api_shield_schemas_test.go
deleted file mode 100644
index 00514eaa60..0000000000
--- a/pkg/cloudflare-go/api_shield_schemas_test.go
+++ /dev/null
@@ -1,669 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"mime"
-	"mime/multipart"
-	"net/http"
-	"net/url"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const testAPIShieldSchemaId = "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e"
-
-func TestGetAPIShieldSchema(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
-			"name": "petstore.json",
-			"kind": "openapi_v3",
-			"created_at": "2023-03-02T15:46:06.000000Z",
-			"validation_enabled": true,
-			"source": "{}"
-		}
-	}`
-
-	tests := []struct {
-		name           string
-		getParams      GetAPIShieldSchemaParams
-		expectedParams url.Values
-	}{
-		{
-			name: "without omit source",
-			getParams: GetAPIShieldSchemaParams{
-				SchemaID: testAPIShieldSchemaId,
-			},
-			expectedParams: url.Values{},
-		},
-		{
-			name: "with omit source=true",
-			getParams: GetAPIShieldSchemaParams{
-				SchemaID:   testAPIShieldSchemaId,
-				OmitSource: BoolPtr(true),
-			},
-			expectedParams: url.Values{
-				"omit_source": []string{"true"},
-			},
-		},
-		{
-			name: "with omit source=false",
-			getParams: GetAPIShieldSchemaParams{
-				SchemaID:   testAPIShieldSchemaId,
-				OmitSource: BoolPtr(false),
-			},
-			expectedParams: url.Values{
-				"omit_source": []string{"false"},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			setup()
-			t.Cleanup(teardown)
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				require.Equal(t, test.expectedParams, r.URL.Query())
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprint(w, response)
-			}
-
-			mux.HandleFunc(endpoint, handler)
-
-			actual, err := client.GetAPIShieldSchema(
-				context.Background(),
-				ZoneIdentifier(testZoneID),
-				test.getParams,
-			)
-
-			createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-			expected := &APIShieldSchema{
-				ID:                testAPIShieldSchemaId,
-				Name:              "petstore.json",
-				Kind:              "openapi_v3",
-				Source:            "{}",
-				CreatedAt:         &createdAt,
-				ValidationEnabled: true,
-			}
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, expected, actual)
-			}
-		})
-	}
-}
-
-func TestListAPIShieldSchemas(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": [
-			{
-				"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
-				"name": "petstore.json",
-				"kind": "openapi_v3",
-				"created_at": "2023-03-02T15:46:06.000000Z",
-				"validation_enabled": true,
-				"source": "{}"
-			}
-		],
-		"result_info": {
-			"page": 3,
-			"per_page": 20,
-			"count": 1,
-			"total_count": 2000
-		}
-	}`
-
-	tests := []struct {
-		name           string
-		getParams      ListAPIShieldSchemasParams
-		expectedParams url.Values
-	}{
-		{
-			name:           "with empty params",
-			getParams:      ListAPIShieldSchemasParams{},
-			expectedParams: url.Values{},
-		},
-		{
-			name: "all params",
-			getParams: ListAPIShieldSchemasParams{
-				OmitSource:        BoolPtr(true),
-				ValidationEnabled: BoolPtr(false),
-				PaginationOptions: PaginationOptions{
-					Page:    1,
-					PerPage: 25,
-				},
-			},
-			expectedParams: url.Values{
-				"omit_source":        []string{"true"},
-				"validation_enabled": []string{"false"},
-				"page":               []string{"1"},
-				"per_page":           []string{"25"},
-			},
-		},
-		{
-			name: "with omit source",
-			getParams: ListAPIShieldSchemasParams{
-				OmitSource: BoolPtr(true),
-			},
-			expectedParams: url.Values{
-				"omit_source": []string{"true"},
-			},
-		},
-		{
-			name: "with validation enabled",
-			getParams: ListAPIShieldSchemasParams{
-				ValidationEnabled: BoolPtr(true),
-			},
-			expectedParams: url.Values{
-				"validation_enabled": []string{"true"},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			setup()
-			t.Cleanup(teardown)
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				require.Equal(t, test.expectedParams, r.URL.Query())
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprint(w, response)
-			}
-
-			mux.HandleFunc(endpoint, handler)
-
-			actual, resultInfo, err := client.ListAPIShieldSchemas(
-				context.Background(),
-				ZoneIdentifier(testZoneID),
-				test.getParams,
-			)
-
-			createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-			expected := []APIShieldSchema{
-				{
-					ID:                testAPIShieldSchemaId,
-					Name:              "petstore.json",
-					Kind:              "openapi_v3",
-					Source:            "{}",
-					CreatedAt:         &createdAt,
-					ValidationEnabled: true,
-				},
-			}
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, expected, actual)
-
-				expectedResultInfo := ResultInfo{
-					Page:    3,
-					PerPage: 20,
-					Count:   1,
-					Total:   2000,
-				}
-				assert.Equal(t, expectedResultInfo, resultInfo)
-			}
-		})
-	}
-}
-
-func TestDeleteAPIShieldSchema(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
-	response := `{"result":{},"success":true,"errors":[],"messages":[]}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	err := client.DeleteAPIShieldSchema(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		DeleteAPIShieldSchemaParams{
-			SchemaID: testAPIShieldSchemaId,
-		},
-	)
-
-	assert.NoError(t, err)
-}
-
-func TestUpdateAPIShieldSchema(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas/%s", testZoneID, testAPIShieldSchemaId)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
-			"name": "petstore.json",
-			"kind": "openapi_v3",
-			"validation_enabled": true
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		require.Equal(t, `{"validation_enabled":true}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.UpdateAPIShieldSchema(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateAPIShieldSchemaParams{
-			SchemaID:          testAPIShieldSchemaId,
-			ValidationEnabled: BoolPtr(true),
-		},
-	)
-
-	// patch result is a cut down representation of the schema
-	// so metadata like created date is not populated
-	expected := &APIShieldSchema{
-		ID:                testAPIShieldSchemaId,
-		Name:              "petstore.json",
-		Kind:              "openapi_v3",
-		ValidationEnabled: true,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-
-	assert.NoError(t, err)
-}
-
-func TestCreateAPIShieldSchema(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"schema": {
-				"schema_id": "0f05e4fc-1c36-4bd2-a5e7-b29d32d3dc8e",
-				"name": "petstore.json",
-				"kind": "openapi_v3",
-				"created_at": "2023-03-02T15:46:06.000000Z",
-				"validation_enabled": true,
-				"source": "{}"
-			},
-			"upload_details": {
-				"warnings": [
-					{
-						"code": 28,
-						"message": "unsupported media type: application/octet-stream",
-						"locations": [
-							".paths[\"/user/{username}\"].put"
-						]
-					}
-				]
-			}
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		// Check that form data has been sent correctly.
-		mediaType, params, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
-		require.NoError(t, err)
-		require.True(t, strings.HasPrefix(mediaType, "multipart/form-data"))
-
-		expectedParts := []struct {
-			partKeys map[string]string
-			data     []byte
-		}{
-			{
-				partKeys: map[string]string{"name": "name"},
-				data:     []byte("petstore.json"),
-			},
-			{
-				partKeys: map[string]string{"name": "kind"},
-				data:     []byte("openapi_v3"),
-			},
-			{
-				partKeys: map[string]string{"name": "validation_enabled"},
-				data:     []byte("true"),
-			},
-			{
-				partKeys: map[string]string{"filename": "petstore.json", "name": "file"},
-				data:     []byte("{}"),
-			},
-		}
-
-		multiPartReader := multipart.NewReader(r.Body, params["boundary"])
-		partNum := 0
-		for {
-			part, err := multiPartReader.NextPart()
-			if errors.Is(err, io.EOF) {
-				break
-			}
-			require.NoError(t, err)
-
-			// more parts found - this is unexpected
-			require.Less(t, partNum, len(expectedParts))
-
-			value, err := io.ReadAll(part)
-			require.NoError(t, err)
-
-			_, dParams, err := mime.ParseMediaType(part.Header.Get("Content-Disposition"))
-			require.NoError(t, err)
-
-			require.Equal(t, expectedParts[partNum].partKeys, dParams)
-			require.Equal(t, expectedParts[partNum].data, value)
-			partNum++
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.CreateAPIShieldSchema(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		CreateAPIShieldSchemaParams{
-			Name:              "petstore.json",
-			Kind:              "openapi_v3",
-			Source:            strings.NewReader("{}"),
-			ValidationEnabled: BoolPtr(true),
-		},
-	)
-
-	createdAt := time.Date(2023, time.March, 2, 15, 46, 6, 0, time.UTC)
-	expected := &APIShieldCreateSchemaResult{
-		Schema: APIShieldSchema{
-			ID:                testAPIShieldSchemaId,
-			Name:              "petstore.json",
-			Kind:              "openapi_v3",
-			Source:            "{}",
-			CreatedAt:         &createdAt,
-			ValidationEnabled: true,
-		},
-		Events: APIShieldCreateSchemaEvents{
-			Warnings: []APIShieldCreateSchemaEventWithLocations{
-				{
-					APIShieldCreateSchemaEvent: APIShieldCreateSchemaEvent{
-						Code:    28,
-						Message: "unsupported media type: application/octet-stream",
-					},
-					Locations: []string{
-						".paths[\"/user/{username}\"].put",
-					},
-				},
-			},
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestCreateAPIShieldSchemaError(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/user_schemas", testZoneID)
-	response := `{
-		"success" : false,
-		"errors": [
-			{
-			  "code": 21400,
-			  "message": "only default parameter styles are supported: path, form (.paths[\"/pet/{petId}\"].get.parameters[0])"
-			}
-		],
-		"messages": [],
-		"result": {
-			"upload_details": {
-				"errors": [
-					{
-						"code": 22,
-						"message": "only default parameter styles are supported: path, form",
-						"locations": [
-							".paths[\"/pet/{petId}\"].get.parameters[0]"
-						]
-					}
-				]
-			}
-		}
-	}`
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(400)
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	_, err := client.CreateAPIShieldSchema(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		CreateAPIShieldSchemaParams{
-			Name:              "petstore.json",
-			Kind:              "openapi_v3",
-			Source:            strings.NewReader("{}"),
-			ValidationEnabled: BoolPtr(true),
-		},
-	)
-
-	require.ErrorContains(t, err, "only default parameter styles are supported: path, form (.paths[\"/pet/{petId}\"].get.parameters[0]) (21400)")
-}
-
-func TestMustProvideSchemaID(t *testing.T) {
-	setup()
-	t.Cleanup(teardown)
-
-	_, err := client.GetAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), GetAPIShieldSchemaParams{})
-	require.ErrorContains(t, err, "schema ID must be provided")
-
-	_, err = client.UpdateAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), UpdateAPIShieldSchemaParams{})
-	require.ErrorContains(t, err, "schema ID must be provided")
-
-	err = client.DeleteAPIShieldSchema(context.Background(), ZoneIdentifier(testZoneID), DeleteAPIShieldSchemaParams{})
-	require.ErrorContains(t, err, "schema ID must be provided")
-}
-
-func TestGetAPIShieldSchemaValidationSettings(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"validation_default_mitigation_action": "log",
-			"validation_override_mitigation_action": "none"
-		}
-	}`
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.GetAPIShieldSchemaValidationSettings(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-	)
-
-	none := "none"
-	expected := &APIShieldSchemaValidationSettings{
-		DefaultMitigationAction:  "log",
-		OverrideMitigationAction: &none,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestUpdateAPIShieldSchemaValidationSettings(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/settings/schema_validation", testZoneID)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"validation_default_mitigation_action": "log",
-			"validation_override_mitigation_action": null
-		}
-	}`
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.UpdateAPIShieldSchemaValidationSettings(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateAPIShieldSchemaValidationSettingsParams{}, // specifying nil is ok for fields
-	)
-
-	expected := &APIShieldSchemaValidationSettings{
-		DefaultMitigationAction:  "log",
-		OverrideMitigationAction: nil,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestGetAPIShieldOperationSchemaValidationSettings(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/%s/schema_validation", testZoneID, testAPIShieldOperationId)
-	response := `{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"mitigation_action": "log"
-		}
-	}`
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.GetAPIShieldOperationSchemaValidationSettings(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		GetAPIShieldOperationSchemaValidationSettingsParams{OperationID: testAPIShieldOperationId},
-	)
-
-	log := "log"
-	expected := &APIShieldOperationSchemaValidationSettings{
-		MitigationAction: &log,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
-
-func TestUpdateAPIShieldOperationSchemaValidationSettings(t *testing.T) {
-	endpoint := fmt.Sprintf("/zones/%s/api_gateway/operations/schema_validation", testZoneID)
-	response := fmt.Sprintf(`{
-		"success" : true,
-		"errors": [],
-		"messages": [],
-		"result": {
-			"%s": null
-		}
-	}`, testAPIShieldOperationId)
-
-	setup()
-	t.Cleanup(teardown)
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		require.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		require.Empty(t, r.URL.Query())
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		expected := fmt.Sprintf(`{"%s":{"mitigation_action":null}}`, testAPIShieldOperationId)
-		require.Equal(t, expected, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc(endpoint, handler)
-
-	actual, err := client.UpdateAPIShieldOperationSchemaValidationSettings(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateAPIShieldOperationSchemaValidationSettings{
-			testAPIShieldOperationId: APIShieldOperationSchemaValidationSettings{
-				MitigationAction: nil,
-			},
-		},
-	)
-
-	expected := &UpdateAPIShieldOperationSchemaValidationSettings{
-		testAPIShieldOperationId: APIShieldOperationSchemaValidationSettings{
-			MitigationAction: nil,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expected, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/api_shield_test.go b/pkg/cloudflare-go/api_shield_test.go
deleted file mode 100644
index 9644ad7b0b..0000000000
--- a/pkg/cloudflare-go/api_shield_test.go
+++ /dev/null
@@ -1,84 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetAPIShield(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success" : true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"auth_id_characteristics": [
-			{
-				"type": "header",
-				"name": "test-header"
-			},
-			{
-				"type": "cookie",
-				"name": "test-cookie"
-			}
-		]
-	}
-}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/api_gateway/configuration", handler)
-
-	var authChars []AuthIdCharacteristics
-	authChars = append(authChars, AuthIdCharacteristics{Type: "header", Name: "test-header"})
-	authChars = append(authChars, AuthIdCharacteristics{Type: "cookie", Name: "test-cookie"})
-
-	want := APIShield{
-		AuthIdCharacteristics: authChars,
-	}
-
-	actual, _, err := client.GetAPIShieldConfiguration(context.Background(), ZoneIdentifier(testZoneID))
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestPutAPIShield(t *testing.T) {
-	setup()
-	defer teardown()
-
-	// now lets do a PUT
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success" : true,
-	"errors": [],
-	"messages": [],
-	"result": []
-}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/api_gateway/configuration", handler)
-
-	apiShieldData := UpdateAPIShieldParams{AuthIdCharacteristics: []AuthIdCharacteristics{{Type: "header", Name: "different-header"}, {Type: "cookie", Name: "different-cookie"}}}
-
-	want := Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
-
-	actual, err := client.UpdateAPIShieldConfiguration(context.Background(), ZoneIdentifier(testZoneID), apiShieldData)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/api_token.go b/pkg/cloudflare-go/api_token.go
deleted file mode 100644
index 92554774d6..0000000000
--- a/pkg/cloudflare-go/api_token.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// APIToken is the full API token.
-type APIToken struct {
-	ID         string             `json:"id,omitempty"`
-	Name       string             `json:"name,omitempty"`
-	Status     string             `json:"status,omitempty"`
-	IssuedOn   *time.Time         `json:"issued_on,omitempty"`
-	ModifiedOn *time.Time         `json:"modified_on,omitempty"`
-	NotBefore  *time.Time         `json:"not_before,omitempty"`
-	ExpiresOn  *time.Time         `json:"expires_on,omitempty"`
-	Policies   []APITokenPolicies `json:"policies,omitempty"`
-	Condition  *APITokenCondition `json:"condition,omitempty"`
-	Value      string             `json:"value,omitempty"`
-}
-
-// APITokenPermissionGroups is the permission groups associated with API tokens.
-type APITokenPermissionGroups struct {
-	ID     string   `json:"id"`
-	Name   string   `json:"name,omitempty"`
-	Scopes []string `json:"scopes,omitempty"`
-}
-
-// APITokenPolicies are policies attached to an API token.
-type APITokenPolicies struct {
-	ID               string                     `json:"id,omitempty"`
-	Effect           string                     `json:"effect"`
-	Resources        map[string]interface{}     `json:"resources"`
-	PermissionGroups []APITokenPermissionGroups `json:"permission_groups"`
-}
-
-// APITokenRequestIPCondition is the struct for adding an IP restriction to an
-// API token.
-type APITokenRequestIPCondition struct {
-	In    []string `json:"in,omitempty"`
-	NotIn []string `json:"not_in,omitempty"`
-}
-
-// APITokenCondition is the outer structure for request conditions (currently
-// only IPs).
-type APITokenCondition struct {
-	RequestIP *APITokenRequestIPCondition `json:"request.ip,omitempty"`
-}
-
-// APITokenResponse is the API response for a single API token.
-type APITokenResponse struct {
-	Response
-	Result APIToken `json:"result"`
-}
-
-// APITokenListResponse is the API response for multiple API tokens.
-type APITokenListResponse struct {
-	Response
-	Result []APIToken `json:"result"`
-}
-
-// APITokenRollResponse is the API response when rolling the token.
-type APITokenRollResponse struct {
-	Response
-	Result string `json:"result"`
-}
-
-// APITokenVerifyResponse is the API response for verifying a token.
-type APITokenVerifyResponse struct {
-	Response
-	Result APITokenVerifyBody `json:"result"`
-}
-
-// APITokenPermissionGroupsResponse is the API response for the available
-// permission groups.
-type APITokenPermissionGroupsResponse struct {
-	Response
-	Result []APITokenPermissionGroups `json:"result"`
-}
-
-// APITokenVerifyBody is the API body for verifying a token.
-type APITokenVerifyBody struct {
-	ID        string    `json:"id"`
-	Status    string    `json:"status"`
-	NotBefore time.Time `json:"not_before"`
-	ExpiresOn time.Time `json:"expires_on"`
-}
-
-// GetAPIToken returns a single API token based on the ID.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-token-details
-func (api *API) GetAPIToken(ctx context.Context, tokenID string) (APIToken, error) {
-	uri := fmt.Sprintf("/user/tokens/%s", tokenID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return APIToken{}, err
-	}
-
-	var apiTokenResponse APITokenResponse
-	err = json.Unmarshal(res, &apiTokenResponse)
-	if err != nil {
-		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return apiTokenResponse.Result, nil
-}
-
-// APITokens returns all available API tokens.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-list-tokens
-func (api *API) APITokens(ctx context.Context) ([]APIToken, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens", nil)
-	if err != nil {
-		return []APIToken{}, err
-	}
-
-	var apiTokenListResponse APITokenListResponse
-	err = json.Unmarshal(res, &apiTokenListResponse)
-	if err != nil {
-		return []APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return apiTokenListResponse.Result, nil
-}
-
-// CreateAPIToken creates a new token. Returns the API token that has been
-// generated.
-//
-// The token value itself is only shown once (post create) and will present as
-// `Value` from this method. If you fail to capture it at this point, you will
-// need to roll the token in order to get a new value.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-create-token
-func (api *API) CreateAPIToken(ctx context.Context, token APIToken) (APIToken, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPost, "/user/tokens", token)
-	if err != nil {
-		return APIToken{}, err
-	}
-
-	var createTokenAPIResponse APITokenResponse
-	err = json.Unmarshal(res, &createTokenAPIResponse)
-	if err != nil {
-		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return createTokenAPIResponse.Result, nil
-}
-
-// UpdateAPIToken updates an existing API token.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-update-token
-func (api *API) UpdateAPIToken(ctx context.Context, tokenID string, token APIToken) (APIToken, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPut, "/user/tokens/"+tokenID, token)
-	if err != nil {
-		return APIToken{}, err
-	}
-
-	var updatedTokenResponse APITokenResponse
-	err = json.Unmarshal(res, &updatedTokenResponse)
-	if err != nil {
-		return APIToken{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return updatedTokenResponse.Result, nil
-}
-
-// RollAPIToken rolls the credential associated with the token.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-roll-token
-func (api *API) RollAPIToken(ctx context.Context, tokenID string) (string, error) {
-	uri := fmt.Sprintf("/user/tokens/%s/value", tokenID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, nil)
-	if err != nil {
-		return "", err
-	}
-
-	var apiTokenRollResponse APITokenRollResponse
-	err = json.Unmarshal(res, &apiTokenRollResponse)
-	if err != nil {
-		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return apiTokenRollResponse.Result, nil
-}
-
-// VerifyAPIToken tests the validity of the token.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-verify-token
-func (api *API) VerifyAPIToken(ctx context.Context) (APITokenVerifyBody, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens/verify", nil)
-	if err != nil {
-		return APITokenVerifyBody{}, err
-	}
-
-	var apiTokenVerifyResponse APITokenVerifyResponse
-	err = json.Unmarshal(res, &apiTokenVerifyResponse)
-	if err != nil {
-		return APITokenVerifyBody{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return apiTokenVerifyResponse.Result, nil
-}
-
-// DeleteAPIToken deletes a single API token.
-//
-// API reference: https://api.cloudflare.com/#user-api-tokens-delete-token
-func (api *API) DeleteAPIToken(ctx context.Context, tokenID string) error {
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, "/user/tokens/"+tokenID, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ListAPITokensPermissionGroups returns all available API token permission groups.
-//
-// API reference: https://api.cloudflare.com/#permission-groups-list-permission-groups
-func (api *API) ListAPITokensPermissionGroups(ctx context.Context) ([]APITokenPermissionGroups, error) {
-	var r APITokenPermissionGroupsResponse
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/tokens/permission_groups", nil)
-	if err != nil {
-		return []APITokenPermissionGroups{}, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []APITokenPermissionGroups{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/api_token_test.go b/pkg/cloudflare-go/api_token_test.go
deleted file mode 100644
index a48759832a..0000000000
--- a/pkg/cloudflare-go/api_token_test.go
+++ /dev/null
@@ -1,522 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAPITokens(t *testing.T) {
-	setup()
-	defer teardown()
-
-	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
-	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "id": "ed17574386854bf78a67040be0a770b0",
-          "name": "readonly token",
-          "status": "active",
-          "issued_on": "2018-07-01T05:20:00Z",
-          "modified_on": "2018-07-02T05:20:00Z",
-          "not_before": "2018-07-01T05:20:00Z",
-          "expires_on": "2020-01-01T00:00:00Z",
-          "policies": [
-            {
-              "id": "f267e341f3dd4697bd3b9f71dd96247f",
-              "effect": "allow",
-              "resources": {
-                "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
-                "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
-              },
-              "permission_groups": [
-                {
-                  "id": "c8fed203ed3043cba015a93ad1616f1f",
-                  "name": "Zone Read"
-                },
-                {
-                  "id": "82e64a83756745bbbb1c9c2701bf816b",
-                  "name": "DNS Read"
-                }
-              ]
-            }
-          ],
-          "condition": {
-            "request.ip": {
-              "in": [
-                "192.0.2.0/24",
-                "2001:db8::/48"
-              ],
-              "not_in": [
-                "198.51.100.0/24",
-                "2001:db8:1::/48"
-              ]
-            }
-          }
-        }
-      ]
-    }`)
-	}
-
-	mux.HandleFunc("/user/tokens", handler)
-
-	resources := make(map[string]interface{})
-	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
-	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
-
-	expectedAPIToken := APIToken{
-		ID:         "ed17574386854bf78a67040be0a770b0",
-		Name:       "readonly token",
-		Status:     "active",
-		IssuedOn:   &issuedOn,
-		ModifiedOn: &modifiedOn,
-		NotBefore:  &notBefore,
-		ExpiresOn:  &expiresOn,
-		Policies: []APITokenPolicies{{
-			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
-			Effect:    "allow",
-			Resources: resources,
-			PermissionGroups: []APITokenPermissionGroups{
-				{
-					ID:   "c8fed203ed3043cba015a93ad1616f1f",
-					Name: "Zone Read",
-				},
-				{
-					ID:   "82e64a83756745bbbb1c9c2701bf816b",
-					Name: "DNS Read",
-				},
-			},
-		}},
-		Condition: &APITokenCondition{
-			RequestIP: &APITokenRequestIPCondition{
-				In:    []string{"192.0.2.0/24", "2001:db8::/48"},
-				NotIn: []string{"198.51.100.0/24", "2001:db8:1::/48"},
-			},
-		},
-	}
-
-	actual, err := client.APITokens(context.Background())
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []APIToken{expectedAPIToken}, actual)
-	}
-}
-
-func TestGetAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
-	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-          "id": "ed17574386854bf78a67040be0a770b0",
-          "name": "readonly token",
-          "status": "active",
-          "issued_on": "2018-07-01T05:20:00Z",
-          "modified_on": "2018-07-02T05:20:00Z",
-          "not_before": "2018-07-01T05:20:00Z",
-          "expires_on": "2020-01-01T00:00:00Z",
-          "policies": [
-            {
-              "id": "f267e341f3dd4697bd3b9f71dd96247f",
-              "effect": "allow",
-              "resources": {
-                "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
-                "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
-              },
-              "permission_groups": [
-                {
-                  "id": "c8fed203ed3043cba015a93ad1616f1f",
-                  "name": "Zone Read"
-                },
-                {
-                  "id": "82e64a83756745bbbb1c9c2701bf816b",
-                  "name": "DNS Read"
-                }
-              ]
-            }
-          ],
-          "condition": {
-            "request.ip": {
-              "in": [
-                "192.0.2.0/24",
-                "2001:db8::/48"
-              ],
-              "not_in": [
-                "198.51.100.0/24",
-                "2001:db8:1::/48"
-              ]
-            }
-          }
-        }
-      }`)
-	}
-
-	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
-
-	resources := make(map[string]interface{})
-	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
-	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
-
-	expectedAPIToken := APIToken{
-		ID:         "ed17574386854bf78a67040be0a770b0",
-		Name:       "readonly token",
-		Status:     "active",
-		IssuedOn:   &issuedOn,
-		ModifiedOn: &modifiedOn,
-		NotBefore:  &notBefore,
-		ExpiresOn:  &expiresOn,
-		Policies: []APITokenPolicies{{
-			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
-			Effect:    "allow",
-			Resources: resources,
-			PermissionGroups: []APITokenPermissionGroups{
-				{
-					ID:   "c8fed203ed3043cba015a93ad1616f1f",
-					Name: "Zone Read",
-				},
-				{
-					ID:   "82e64a83756745bbbb1c9c2701bf816b",
-					Name: "DNS Read",
-				},
-			},
-		}},
-		Condition: &APITokenCondition{
-			RequestIP: &APITokenRequestIPCondition{
-				In:    []string{"192.0.2.0/24", "2001:db8::/48"},
-				NotIn: []string{"198.51.100.0/24", "2001:db8:1::/48"},
-			},
-		},
-	}
-
-	actual, err := client.GetAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAPIToken, actual)
-	}
-}
-
-func TestCreateAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	// issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	// modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
-	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-    "success":true,
-    "errors":[],
-    "messages":[],
-    "result":{
-      "id":"ed17574386854bf78a67040be0a770b0",
-      "name":"readonly token",
-      "status":"active",
-      "issued_on":"2018-07-01T05:20:00Z",
-      "modified_on":"2018-07-02T05:20:00Z",
-      "not_before":"2018-07-01T05:20:00Z",
-      "expires_on":"2020-01-01T00:00:00Z",
-      "policies":[
-        {
-          "id":"f267e341f3dd4697bd3b9f71dd96247f",
-          "effect":"allow",
-          "resources":{
-            "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4":"*",
-            "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43":"*"
-          },
-          "permission_groups":[
-            {
-              "id":"c8fed203ed3043cba015a93ad1616f1f",
-              "name":"Zone Read"
-            },
-            {
-              "id":"82e64a83756745bbbb1c9c2701bf816b",
-              "name":"DNS Read"
-            }
-          ]
-        }
-      ]
-    }
-  }`)
-	}
-
-	mux.HandleFunc("/user/tokens", handler)
-
-	resources := make(map[string]interface{})
-	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
-	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
-
-	tokenToCreate := APIToken{
-		Name:      "readonly token",
-		NotBefore: &notBefore,
-		ExpiresOn: &expiresOn,
-		Policies: []APITokenPolicies{{
-			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
-			Effect:    "allow",
-			Resources: resources,
-			PermissionGroups: []APITokenPermissionGroups{
-				{
-					ID:   "c8fed203ed3043cba015a93ad1616f1f",
-					Name: "Zone Read",
-				},
-				{
-					ID:   "82e64a83756745bbbb1c9c2701bf816b",
-					Name: "DNS Read",
-				},
-			},
-		}},
-	}
-
-	actual, err := client.CreateAPIToken(context.Background(), tokenToCreate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, tokenToCreate.Name, actual.Name)
-		assert.Equal(t, tokenToCreate.Policies, actual.Policies)
-	}
-}
-
-func TestUpdateAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	issuedOn, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-07-02T05:20:00Z")
-	notBefore, _ := time.Parse(time.RFC3339, "2018-07-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2020-01-01T00:00:00Z")
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "ed17574386854bf78a67040be0a770b0",
-    "name": "readonly token",
-    "status": "active",
-    "issued_on": "2018-07-01T05:20:00Z",
-    "modified_on": "2018-07-02T05:20:00Z",
-    "not_before": "2018-07-01T05:20:00Z",
-    "expires_on": "2020-01-01T00:00:00Z",
-    "policies": [
-      {
-        "id": "f267e341f3dd4697bd3b9f71dd96247f",
-        "effect": "allow",
-        "resources": {
-          "com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4": "*",
-          "com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43": "*"
-        },
-        "permission_groups": [
-          {
-            "id": "c8fed203ed3043cba015a93ad1616f1f",
-            "name": "Zone Read"
-          },
-          {
-            "id": "82e64a83756745bbbb1c9c2701bf816b",
-            "name": "DNS Read"
-          }
-        ]
-      }
-    ],
-    "condition": {
-      "request.ip": {
-        "in": [
-          "198.51.100.0/24",
-          "2400:cb00::/32"
-        ],
-        "not_in": [
-          "198.51.100.0/24",
-          "2400:cb00::/32"
-        ]
-      }
-    }
-  }
-}`)
-	}
-
-	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
-
-	resources := make(map[string]interface{})
-	resources["com.cloudflare.api.account.zone.eb78d65290b24279ba6f44721b3ea3c4"] = "*"
-	resources["com.cloudflare.api.account.zone.22b1de5f1c0e4b3ea97bb1e963b06a43"] = "*"
-
-	expectedAPIToken := APIToken{
-		ID:         "ed17574386854bf78a67040be0a770b0",
-		Name:       "readonly token",
-		Status:     "active",
-		IssuedOn:   &issuedOn,
-		ModifiedOn: &modifiedOn,
-		NotBefore:  &notBefore,
-		ExpiresOn:  &expiresOn,
-		Policies: []APITokenPolicies{{
-			ID:        "f267e341f3dd4697bd3b9f71dd96247f",
-			Effect:    "allow",
-			Resources: resources,
-			PermissionGroups: []APITokenPermissionGroups{
-				{
-					ID:   "c8fed203ed3043cba015a93ad1616f1f",
-					Name: "Zone Read",
-				},
-				{
-					ID:   "82e64a83756745bbbb1c9c2701bf816b",
-					Name: "DNS Read",
-				},
-			},
-		},
-		},
-		Condition: &APITokenCondition{
-			RequestIP: &APITokenRequestIPCondition{
-				In:    []string{"198.51.100.0/24", "2400:cb00::/32"},
-				NotIn: []string{"198.51.100.0/24", "2400:cb00::/32"},
-			},
-		},
-	}
-
-	actual, err := client.UpdateAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0", APIToken{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedAPIToken, actual)
-	}
-}
-
-func TestRollAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T"
-    }
-    `)
-	}
-
-	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0/value", handler)
-
-	actual, err := client.RollAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, "8M7wS6hCpXVc-DoRnPPY_UCWPgy8aea4Wy6kCe5T", actual)
-	}
-}
-
-func TestVerifyAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "ed17574386854bf78a67040be0a770b0",
-        "status": "active",
-        "not_before": "2018-07-01T05:20:00Z",
-        "expires_on": "2020-01-01T00:00:00Z"
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/user/tokens/verify", handler)
-
-	actual, err := client.VerifyAPIToken(context.Background())
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, "active", actual.Status)
-	}
-}
-
-func TestDeleteAPIToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "9a7806061c88ada191ed06f989cc3dac"
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/user/tokens/ed17574386854bf78a67040be0a770b0", handler)
-
-	err := client.DeleteAPIToken(context.Background(), "ed17574386854bf78a67040be0a770b0")
-	assert.NoError(t, err)
-}
-
-func TestListAPITokensPermissionGroups(t *testing.T) {
-	setup()
-	defer teardown()
-
-	var pgID = "47aa30b6eb97ecae0518b750d6b142b6"
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": [
-			{
-				"id": %q,
-				"name": "DNS Read",
-				"scopes": ["com.cloudflare.api.account.zone"]
-			}
-		  ]
-		}
-		`, pgID)
-	}
-
-	mux.HandleFunc("/user/tokens/permission_groups", handler)
-	want := []APITokenPermissionGroups{{
-		ID:     pgID,
-		Name:   "DNS Read",
-		Scopes: []string{"com.cloudflare.api.account.zone"},
-	}}
-	actual, err := client.ListAPITokensPermissionGroups(context.Background())
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/argo.go b/pkg/cloudflare-go/argo.go
deleted file mode 100644
index d789257a4d..0000000000
--- a/pkg/cloudflare-go/argo.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var validSettingValues = []string{"on", "off"}
-
-// ArgoFeatureSetting is the structure of the API object for the
-// argo smart routing and tiered caching settings.
-type ArgoFeatureSetting struct {
-	Editable   bool      `json:"editable,omitempty"`
-	ID         string    `json:"id,omitempty"`
-	ModifiedOn time.Time `json:"modified_on,omitempty"`
-	Value      string    `json:"value"`
-}
-
-// ArgoDetailsResponse is the API response for the argo smart routing
-// and tiered caching response.
-type ArgoDetailsResponse struct {
-	Result ArgoFeatureSetting `json:"result"`
-	Response
-}
-
-// ArgoSmartRouting returns the current settings for smart routing.
-//
-// API reference: https://api.cloudflare.com/#argo-smart-routing-get-argo-smart-routing-setting
-func (api *API) ArgoSmartRouting(ctx context.Context, zoneID string) (ArgoFeatureSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/argo/smart_routing", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ArgoFeatureSetting{}, err
-	}
-
-	var argoDetailsResponse ArgoDetailsResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// UpdateArgoSmartRouting updates the setting for smart routing.
-//
-// API reference: https://api.cloudflare.com/#argo-smart-routing-patch-argo-smart-routing-setting
-func (api *API) UpdateArgoSmartRouting(ctx context.Context, zoneID, settingValue string) (ArgoFeatureSetting, error) {
-	if !contains(validSettingValues, settingValue) {
-		return ArgoFeatureSetting{}, fmt.Errorf("invalid setting value '%s'. must be 'on' or 'off'", settingValue)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/argo/smart_routing", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ArgoFeatureSetting{Value: settingValue})
-	if err != nil {
-		return ArgoFeatureSetting{}, err
-	}
-
-	var argoDetailsResponse ArgoDetailsResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// ArgoTieredCaching returns the current settings for tiered caching.
-//
-// API reference: TBA.
-func (api *API) ArgoTieredCaching(ctx context.Context, zoneID string) (ArgoFeatureSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ArgoFeatureSetting{}, err
-	}
-
-	var argoDetailsResponse ArgoDetailsResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// UpdateArgoTieredCaching updates the setting for tiered caching.
-//
-// API reference: TBA.
-func (api *API) UpdateArgoTieredCaching(ctx context.Context, zoneID, settingValue string) (ArgoFeatureSetting, error) {
-	if !contains(validSettingValues, settingValue) {
-		return ArgoFeatureSetting{}, fmt.Errorf("invalid setting value '%s'. must be 'on' or 'off'", settingValue)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ArgoFeatureSetting{Value: settingValue})
-	if err != nil {
-		return ArgoFeatureSetting{}, err
-	}
-
-	var argoDetailsResponse ArgoDetailsResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoFeatureSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-func contains(s []string, e string) bool {
-	for _, a := range s {
-		if a == e {
-			return true
-		}
-	}
-	return false
-}
diff --git a/pkg/cloudflare-go/argo_example_test.go b/pkg/cloudflare-go/argo_example_test.go
deleted file mode 100644
index 720b6de47c..0000000000
--- a/pkg/cloudflare-go/argo_example_test.go
+++ /dev/null
@@ -1,65 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ArgoSmartRouting() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	smartRoutingSettings, err := api.ArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("smart routing is %s", smartRoutingSettings.Value)
-}
-
-func ExampleAPI_ArgoTieredCaching() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	tieredCachingSettings, err := api.ArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("tiered caching is %s", tieredCachingSettings.Value)
-}
-
-func ExampleAPI_UpdateArgoSmartRouting() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	smartRoutingSettings, err := api.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "on")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("smart routing is %s", smartRoutingSettings.Value)
-}
-
-func ExampleAPI_UpdateArgoTieredCaching() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	tieredCachingSettings, err := api.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "on")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("tiered caching is %s", tieredCachingSettings.Value)
-}
diff --git a/pkg/cloudflare-go/argo_test.go b/pkg/cloudflare-go/argo_test.go
deleted file mode 100644
index 8f5f28507d..0000000000
--- a/pkg/cloudflare-go/argo_test.go
+++ /dev/null
@@ -1,179 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var argoTimestamp, _ = time.Parse(time.RFC3339Nano, "2019-02-20T22:37:07.107449Z")
-
-func TestArgoSmartRouting(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "smart_routing",
-				"value": "on",
-				"editable": true,
-				"modified_on": "2019-02-20T22:37:07.107449Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/smart_routing", handler)
-	want := ArgoFeatureSetting{
-		ID:         "smart_routing",
-		Value:      "on",
-		Editable:   true,
-		ModifiedOn: argoTimestamp,
-	}
-
-	actual, err := client.ArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateArgoSmartRouting(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "smart_routing",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2019-02-20T22:37:07.107449Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/smart_routing", handler)
-	want := ArgoFeatureSetting{
-		ID:         "smart_routing",
-		Value:      "off",
-		Editable:   true,
-		ModifiedOn: argoTimestamp,
-	}
-
-	actual, err := client.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "off")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateArgoSmartRoutingWithInvalidValue(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateArgoSmartRouting(context.Background(), "01a7362d577a6c3019a474fd6f485823", "notreal")
-
-	if assert.Error(t, err) {
-		assert.Equal(t, "invalid setting value 'notreal'. must be 'on' or 'off'", err.Error())
-	}
-}
-
-func TestArgoTieredCaching(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "tiered_caching",
-				"value": "on",
-				"editable": true,
-				"modified_on": "2019-02-20T22:37:07.107449Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/tiered_caching", handler)
-	want := ArgoFeatureSetting{
-		ID:         "tiered_caching",
-		Value:      "on",
-		Editable:   true,
-		ModifiedOn: argoTimestamp,
-	}
-
-	actual, err := client.ArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateArgoTieredCaching(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "tiered_caching",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2019-02-20T22:37:07.107449Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/argo/tiered_caching", handler)
-	want := ArgoFeatureSetting{
-		ID:         "tiered_caching",
-		Value:      "off",
-		Editable:   true,
-		ModifiedOn: argoTimestamp,
-	}
-
-	actual, err := client.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "off")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateArgoTieredCachingWithInvalidValue(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateArgoTieredCaching(context.Background(), "01a7362d577a6c3019a474fd6f485823", "notreal")
-
-	if assert.Error(t, err) {
-		assert.Equal(t, "invalid setting value 'notreal'. must be 'on' or 'off'", err.Error())
-	}
-}
diff --git a/pkg/cloudflare-go/argo_tunnel.go b/pkg/cloudflare-go/argo_tunnel.go
deleted file mode 100644
index fa444f0ead..0000000000
--- a/pkg/cloudflare-go/argo_tunnel.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// ArgoTunnel is the struct definition of a tunnel.
-type ArgoTunnel struct {
-	ID          string                 `json:"id,omitempty"`
-	Name        string                 `json:"name,omitempty"`
-	Secret      string                 `json:"tunnel_secret,omitempty"`
-	CreatedAt   *time.Time             `json:"created_at,omitempty"`
-	DeletedAt   *time.Time             `json:"deleted_at,omitempty"`
-	Connections []ArgoTunnelConnection `json:"connections,omitempty"`
-}
-
-// ArgoTunnelConnection represents the connections associated with a tunnel.
-type ArgoTunnelConnection struct {
-	ColoName           string `json:"colo_name"`
-	UUID               string `json:"uuid"`
-	IsPendingReconnect bool   `json:"is_pending_reconnect"`
-}
-
-// ArgoTunnelsDetailResponse is used for representing the API response payload for
-// multiple tunnels.
-type ArgoTunnelsDetailResponse struct {
-	Result []ArgoTunnel `json:"result"`
-	Response
-}
-
-// ArgoTunnelDetailResponse is used for representing the API response payload for
-// a single tunnel.
-type ArgoTunnelDetailResponse struct {
-	Result ArgoTunnel `json:"result"`
-	Response
-}
-
-// ArgoTunnels lists all tunnels.
-//
-// API reference: https://api.cloudflare.com/#argo-tunnel-list-argo-tunnels
-//
-// Deprecated: Use `Tunnels` instead.
-func (api *API) ArgoTunnels(ctx context.Context, accountID string) ([]ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
-	if err != nil {
-		return []ArgoTunnel{}, err
-	}
-
-	var argoDetailsResponse ArgoTunnelsDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return []ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// ArgoTunnel returns a single Argo tunnel.
-//
-// API reference: https://api.cloudflare.com/#argo-tunnel-get-argo-tunnel
-//
-// Deprecated: Use `Tunnel` instead.
-func (api *API) ArgoTunnel(ctx context.Context, accountID, tunnelUUID string) (ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, argoV1Header())
-	if err != nil {
-		return ArgoTunnel{}, err
-	}
-
-	var argoDetailsResponse ArgoTunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// CreateArgoTunnel creates a new tunnel for the account.
-//
-// API reference: https://api.cloudflare.com/#argo-tunnel-create-argo-tunnel
-//
-// Deprecated: Use `CreateTunnel` instead.
-func (api *API) CreateArgoTunnel(ctx context.Context, accountID, name, secret string) (ArgoTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", accountID)
-
-	tunnel := ArgoTunnel{Name: name, Secret: secret}
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, tunnel, argoV1Header())
-	if err != nil {
-		return ArgoTunnel{}, err
-	}
-
-	var argoDetailsResponse ArgoTunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return ArgoTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return argoDetailsResponse.Result, nil
-}
-
-// DeleteArgoTunnel removes a single Argo tunnel.
-//
-// API reference: https://api.cloudflare.com/#argo-tunnel-delete-argo-tunnel
-//
-// Deprecated: Use `DeleteTunnel` instead.
-func (api *API) DeleteArgoTunnel(ctx context.Context, accountID, tunnelUUID string) error {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", accountID, tunnelUUID)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
-	if err != nil {
-		return err
-	}
-
-	var argoDetailsResponse ArgoTunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// CleanupArgoTunnelConnections deletes any inactive connections on a tunnel.
-//
-// API reference: https://api.cloudflare.com/#argo-tunnel-clean-up-argo-tunnel-connections
-//
-// Deprecated: Use `CleanupTunnelConnections` instead.
-func (api *API) CleanupArgoTunnelConnections(ctx context.Context, accountID, tunnelUUID string) error {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", accountID, tunnelUUID)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodDelete, uri, nil, argoV1Header())
-	if err != nil {
-		return err
-	}
-
-	var argoDetailsResponse ArgoTunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// The early implementation of Argo Tunnel endpoints didn't conform to the V4
-// API standard response structure. This has been remedied going forward however
-// to support older clients this isn't yet the default. An explicit `Accept`
-// header is used to get the V4 compatible version.
-func argoV1Header() http.Header {
-	header := make(http.Header)
-	header.Set("Accept", "application/json;version=1")
-
-	return header
-}
diff --git a/pkg/cloudflare-go/argo_tunnel_test.go b/pkg/cloudflare-go/argo_tunnel_test.go
deleted file mode 100644
index 29f29e1002..0000000000
--- a/pkg/cloudflare-go/argo_tunnel_test.go
+++ /dev/null
@@ -1,221 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestArgoTunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-					"name": "blog",
-					"created_at": "2009-11-10T23:00:00Z",
-					"deleted_at": "2009-11-10T23:00:00Z",
-					"connections": [
-						{
-							"colo_name": "DFW",
-							"uuid": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-							"is_pending_reconnect": false
-						}
-					]
-				}
-			]
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := []ArgoTunnel{{
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []ArgoTunnelConnection{{
-			ColoName:           "DFW",
-			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			IsPendingReconnect: false,
-		}},
-	}}
-
-	actual, err := client.ArgoTunnels(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestArgoTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name":"blog",
-				"created_at":"2009-11-10T23:00:00Z",
-				"deleted_at":"2009-11-10T23:00:00Z",
-				"connections":[
-					{
-						"colo_name":"DFW",
-						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-						"is_pending_reconnect":false
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := ArgoTunnel{
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []ArgoTunnelConnection{{
-			ColoName:           "DFW",
-			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			IsPendingReconnect: false,
-		}},
-	}
-
-	actual, err := client.ArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateArgoTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name":"blog",
-				"created_at":"2009-11-10T23:00:00Z",
-				"deleted_at":"2009-11-10T23:00:00Z",
-				"connections":[
-					{
-						"colo_name":"DFW",
-						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-						"is_pending_reconnect":false
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := ArgoTunnel{
-		ID:        "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []ArgoTunnelConnection{{
-			ColoName:           "DFW",
-			UUID:               "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			IsPendingReconnect: false,
-		}},
-	}
-
-	actual, err := client.CreateArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "blog", "notarealsecret")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteArgoTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-				"id":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name":"blog",
-				"created_at":"2009-11-10T23:00:00Z",
-				"deleted_at":"2009-11-10T23:00:00Z",
-				"connections":[
-					{
-						"colo_name":"DFW",
-						"uuid":"f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-						"is_pending_reconnect":false
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415", handler)
-
-	err := client.DeleteArgoTunnel(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-	assert.NoError(t, err)
-}
-
-func TestCleanupArgoTunnelConnections(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": []
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/cfd_tunnel/f174e90a-fafe-4643-bbbc-4a0ed4fc8415/connections", handler)
-
-	err := client.CleanupArgoTunnelConnections(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f174e90a-fafe-4643-bbbc-4a0ed4fc8415")
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/auditlogs.go b/pkg/cloudflare-go/auditlogs.go
deleted file mode 100644
index c21398a26a..0000000000
--- a/pkg/cloudflare-go/auditlogs.go
+++ /dev/null
@@ -1,158 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"net/http"
-	"net/url"
-	"path"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AuditLogAction is a member of AuditLog, the action that was taken.
-type AuditLogAction struct {
-	Result bool   `json:"result"`
-	Type   string `json:"type"`
-}
-
-// AuditLogActor is a member of AuditLog, who performed the action.
-type AuditLogActor struct {
-	Email string `json:"email"`
-	ID    string `json:"id"`
-	IP    string `json:"ip"`
-	Type  string `json:"type"`
-}
-
-// AuditLogOwner is a member of AuditLog, who owns this audit log.
-type AuditLogOwner struct {
-	ID string `json:"id"`
-}
-
-// AuditLogResource is a member of AuditLog, what was the action performed on.
-type AuditLogResource struct {
-	ID   string `json:"id"`
-	Type string `json:"type"`
-}
-
-// AuditLog is an resource that represents an update in the cloudflare dash.
-type AuditLog struct {
-	Action       AuditLogAction         `json:"action"`
-	Actor        AuditLogActor          `json:"actor"`
-	ID           string                 `json:"id"`
-	Metadata     map[string]interface{} `json:"metadata"`
-	NewValue     string                 `json:"newValue"`
-	NewValueJSON map[string]interface{} `json:"newValueJson"`
-	OldValue     string                 `json:"oldValue"`
-	OldValueJSON map[string]interface{} `json:"oldValueJson"`
-	Owner        AuditLogOwner          `json:"owner"`
-	Resource     AuditLogResource       `json:"resource"`
-	When         time.Time              `json:"when"`
-}
-
-// AuditLogResponse is the response returned from the cloudflare v4 api.
-type AuditLogResponse struct {
-	Response   Response
-	Result     []AuditLog `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// AuditLogFilter is an object for filtering the audit log response from the api.
-type AuditLogFilter struct {
-	ID           string
-	ActorIP      string
-	ActorEmail   string
-	HideUserLogs bool
-	Direction    string
-	ZoneName     string
-	Since        string
-	Before       string
-	PerPage      int
-	Page         int
-}
-
-// ToQuery turns an audit log filter in to an HTTP Query Param
-// list, suitable for use in a url.URL.RawQuery. It will not include empty
-// members of the struct in the query parameters.
-func (a AuditLogFilter) ToQuery() url.Values {
-	v := url.Values{}
-
-	if a.ID != "" {
-		v.Add("id", a.ID)
-	}
-	if a.ActorIP != "" {
-		v.Add("actor.ip", a.ActorIP)
-	}
-	if a.ActorEmail != "" {
-		v.Add("actor.email", a.ActorEmail)
-	}
-	if a.HideUserLogs {
-		v.Add("hide_user_logs", "true")
-	}
-	if a.ZoneName != "" {
-		v.Add("zone.name", a.ZoneName)
-	}
-	if a.Direction != "" {
-		v.Add("direction", a.Direction)
-	}
-	if a.Since != "" {
-		v.Add("since", a.Since)
-	}
-	if a.Before != "" {
-		v.Add("before", a.Before)
-	}
-	if a.PerPage > 0 {
-		v.Add("per_page", strconv.Itoa(a.PerPage))
-	}
-	if a.Page > 0 {
-		v.Add("page", strconv.Itoa(a.Page))
-	}
-
-	return v
-}
-
-// GetOrganizationAuditLogs will return the audit logs of a specific
-// organization, based on the ID passed in. The audit logs can be
-// filtered based on any argument in the AuditLogFilter.
-//
-// API Reference: https://api.cloudflare.com/#audit-logs-list-organization-audit-logs
-func (api *API) GetOrganizationAuditLogs(ctx context.Context, organizationID string, a AuditLogFilter) (AuditLogResponse, error) {
-	uri := url.URL{
-		Path:       path.Join("/accounts", organizationID, "audit_logs"),
-		ForceQuery: true,
-		RawQuery:   a.ToQuery().Encode(),
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri.String(), nil)
-	if err != nil {
-		return AuditLogResponse{}, err
-	}
-	return unmarshalReturn(res)
-}
-
-// unmarshalReturn will unmarshal bytes and return an auditlogresponse.
-func unmarshalReturn(res []byte) (AuditLogResponse, error) {
-	var auditResponse AuditLogResponse
-	err := json.Unmarshal(res, &auditResponse)
-	if err != nil {
-		return auditResponse, err
-	}
-	return auditResponse, nil
-}
-
-// GetUserAuditLogs will return your user's audit logs. The audit logs can be
-// filtered based on any argument in the AuditLogFilter.
-//
-// API Reference: https://api.cloudflare.com/#audit-logs-list-user-audit-logs
-func (api *API) GetUserAuditLogs(ctx context.Context, a AuditLogFilter) (AuditLogResponse, error) {
-	uri := url.URL{
-		Path:       path.Join("/user", "audit_logs"),
-		ForceQuery: true,
-		RawQuery:   a.ToQuery().Encode(),
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri.String(), nil)
-	if err != nil {
-		return AuditLogResponse{}, err
-	}
-	return unmarshalReturn(res)
-}
diff --git a/pkg/cloudflare-go/auditlogs_test.go b/pkg/cloudflare-go/auditlogs_test.go
deleted file mode 100644
index a7f7fc2074..0000000000
--- a/pkg/cloudflare-go/auditlogs_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package cloudflare
-
-import (
-	"strings"
-	"testing"
-)
-
-func TestAuditLogFilterToQuery(t *testing.T) {
-	filter := AuditLogFilter{
-		ID: "aaaa",
-	}
-	if !strings.Contains(filter.ToQuery().Encode(), "id=aaaa") {
-		t.Fatalf("Did not properly stringify the id field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.ActorEmail = "admin@example.com"
-	if !strings.Contains(filter.ToQuery().Encode(), "actor.email=admin%40example.com") {
-		t.Fatalf("Did not properly stringify the actor.email field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.HideUserLogs = true
-	if !strings.Contains(filter.ToQuery().Encode(), "hide_user_logs=true") {
-		t.Fatalf("Did not properly stringify the hide_user_logs field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.ActorIP = "192.0.2.0"
-	if !strings.Contains(filter.ToQuery().Encode(), "&actor.ip=192.0.2.0") {
-		t.Fatalf("Did not properly stringify the actorip field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.ZoneName = "example.com"
-	if !strings.Contains(filter.ToQuery().Encode(), "&zone.name=example.com") {
-		t.Fatalf("Did not properly stringify the zone.name field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.Direction = "direction"
-	if !strings.Contains(filter.ToQuery().Encode(), "&direction=direction") {
-		t.Fatalf("Did not properly stringify the direction field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.Since = "10-2-2018"
-	if !strings.Contains(filter.ToQuery().Encode(), "&since=10-2-2018") {
-		t.Fatalf("Did not properly stringify the since field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.Before = "10-2-2018"
-	if !strings.Contains(filter.ToQuery().Encode(), "&before=10-2-2018") {
-		t.Fatalf("Did not properly stringify the before field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.PerPage = 10000
-	if !strings.Contains(filter.ToQuery().Encode(), "&per_page=10000") {
-		t.Fatalf("Did not properly stringify the per_page field: %s", filter.ToQuery().Encode())
-	}
-
-	filter.Page = 3
-	if !strings.Contains(filter.ToQuery().Encode(), "&page=3") {
-		t.Fatalf("Did not properly stringify the page field: %s", filter.ToQuery().Encode())
-	}
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls.go b/pkg/cloudflare-go/authenticated_origin_pulls.go
deleted file mode 100644
index ff46549cea..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AuthenticatedOriginPulls represents global AuthenticatedOriginPulls (tls_client_auth) metadata.
-type AuthenticatedOriginPulls struct {
-	ID         string    `json:"id"`
-	Value      string    `json:"value"`
-	Editable   bool      `json:"editable"`
-	ModifiedOn time.Time `json:"modified_on"`
-}
-
-// AuthenticatedOriginPullsResponse represents the response from the global AuthenticatedOriginPulls (tls_client_auth) details endpoint.
-type AuthenticatedOriginPullsResponse struct {
-	Response
-	Result AuthenticatedOriginPulls `json:"result"`
-}
-
-// GetAuthenticatedOriginPullsStatus returns the configuration details for global AuthenticatedOriginPulls (tls_client_auth).
-//
-// API reference: https://api.cloudflare.com/#zone-settings-get-tls-client-auth-setting
-func (api *API) GetAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string) (AuthenticatedOriginPulls, error) {
-	uri := fmt.Sprintf("/zones/%s/settings/tls_client_auth", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AuthenticatedOriginPulls{}, err
-	}
-	var r AuthenticatedOriginPullsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return AuthenticatedOriginPulls{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// SetAuthenticatedOriginPullsStatus toggles whether global AuthenticatedOriginPulls is enabled for the zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-change-tls-client-auth-setting
-func (api *API) SetAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string, enable bool) (AuthenticatedOriginPulls, error) {
-	uri := fmt.Sprintf("/zones/%s/settings/tls_client_auth", zoneID)
-	var val string
-	if enable {
-		val = "on"
-	} else {
-		val = "off"
-	}
-	params := struct {
-		Value string `json:"value"`
-	}{
-		Value: val,
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return AuthenticatedOriginPulls{}, err
-	}
-	var r AuthenticatedOriginPullsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return AuthenticatedOriginPulls{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
deleted file mode 100644
index c8ea3eccb4..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname.go
+++ /dev/null
@@ -1,175 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// PerHostnameAuthenticatedOriginPullsCertificateDetails represents the metadata for a Per Hostname AuthenticatedOriginPulls certificate.
-type PerHostnameAuthenticatedOriginPullsCertificateDetails struct {
-	ID           string    `json:"id"`
-	Certificate  string    `json:"certificate"`
-	Issuer       string    `json:"issuer"`
-	Signature    string    `json:"signature"`
-	SerialNumber string    `json:"serial_number"`
-	ExpiresOn    time.Time `json:"expires_on"`
-	Status       string    `json:"status"`
-	UploadedOn   time.Time `json:"uploaded_on"`
-}
-
-// PerHostnameAuthenticatedOriginPullsCertificateResponse represents the response from endpoints relating to creating and deleting a Per Hostname AuthenticatedOriginPulls certificate.
-type PerHostnameAuthenticatedOriginPullsCertificateResponse struct {
-	Response
-	Result PerHostnameAuthenticatedOriginPullsCertificateDetails `json:"result"`
-}
-
-// PerHostnameAuthenticatedOriginPullsDetails contains metadata about the Per Hostname AuthenticatedOriginPulls configuration on a hostname.
-type PerHostnameAuthenticatedOriginPullsDetails struct {
-	Hostname       string    `json:"hostname"`
-	CertID         string    `json:"cert_id"`
-	Enabled        bool      `json:"enabled"`
-	Status         string    `json:"status"`
-	CreatedAt      time.Time `json:"created_at"`
-	UpdatedAt      time.Time `json:"updated_at"`
-	CertStatus     string    `json:"cert_status"`
-	Issuer         string    `json:"issuer"`
-	Signature      string    `json:"signature"`
-	SerialNumber   string    `json:"serial_number"`
-	Certificate    string    `json:"certificate"`
-	CertUploadedOn time.Time `json:"cert_uploaded_on"`
-	CertUpdatedAt  time.Time `json:"cert_updated_at"`
-	ExpiresOn      time.Time `json:"expires_on"`
-}
-
-// PerHostnameAuthenticatedOriginPullsDetailsResponse represents Per Hostname AuthenticatedOriginPulls configuration metadata for a single hostname.
-type PerHostnameAuthenticatedOriginPullsDetailsResponse struct {
-	Response
-	Result PerHostnameAuthenticatedOriginPullsDetails `json:"result"`
-}
-
-// PerHostnamesAuthenticatedOriginPullsDetailsResponse represents Per Hostname AuthenticatedOriginPulls configuration metadata for multiple hostnames.
-type PerHostnamesAuthenticatedOriginPullsDetailsResponse struct {
-	Response
-	Result []PerHostnameAuthenticatedOriginPullsDetails `json:"result"`
-}
-
-// PerHostnameAuthenticatedOriginPullsCertificateParams represents the required data related to the client certificate being uploaded to be used in Per Hostname AuthenticatedOriginPulls.
-type PerHostnameAuthenticatedOriginPullsCertificateParams struct {
-	Certificate string `json:"certificate"`
-	PrivateKey  string `json:"private_key"`
-}
-
-// PerHostnameAuthenticatedOriginPullsConfig represents the config state for Per Hostname AuthenticatedOriginPulls applied on a hostname.
-type PerHostnameAuthenticatedOriginPullsConfig struct {
-	Hostname string `json:"hostname"`
-	CertID   string `json:"cert_id"`
-	Enabled  bool   `json:"enabled"`
-}
-
-// PerHostnameAuthenticatedOriginPullsConfigParams represents the expected config param format for Per Hostname AuthenticatedOriginPulls applied on a hostname.
-type PerHostnameAuthenticatedOriginPullsConfigParams struct {
-	Config []PerHostnameAuthenticatedOriginPullsConfig `json:"config"`
-}
-
-// ListPerHostnameAuthenticatedOriginPullsCertificates will get all certificate under Per Hostname AuthenticatedOriginPulls zone.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-list-certificates
-func (api *API) ListPerHostnameAuthenticatedOriginPullsCertificates(ctx context.Context, zoneID string) ([]PerHostnameAuthenticatedOriginPullsDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PerHostnameAuthenticatedOriginPullsDetails{}, err
-	}
-	var r PerHostnamesAuthenticatedOriginPullsDetailsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UploadPerHostnameAuthenticatedOriginPullsCertificate will upload the provided certificate and private key to the edge under Per Hostname AuthenticatedOriginPulls.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-upload-a-hostname-client-certificate
-func (api *API) UploadPerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID string, params PerHostnameAuthenticatedOriginPullsCertificateParams) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetPerHostnameAuthenticatedOriginPullsCertificate retrieves certificate metadata about the requested Per Hostname certificate.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-get-the-hostname-client-certificate
-func (api *API) GetPerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeletePerHostnameAuthenticatedOriginPullsCertificate will remove the requested Per Hostname certificate from the edge.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-delete-hostname-client-certificate
-func (api *API) DeletePerHostnameAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerHostnameAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/certificates/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerHostnameAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerHostnameAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// EditPerHostnameAuthenticatedOriginPullsConfig applies the supplied Per Hostname AuthenticatedOriginPulls config onto a hostname(s) in the edge.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-enable-or-disable-a-hostname-for-client-authentication
-func (api *API) EditPerHostnameAuthenticatedOriginPullsConfig(ctx context.Context, zoneID string, config []PerHostnameAuthenticatedOriginPullsConfig) ([]PerHostnameAuthenticatedOriginPullsDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames", zoneID)
-	conf := PerHostnameAuthenticatedOriginPullsConfigParams{
-		Config: config,
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, conf)
-	if err != nil {
-		return []PerHostnameAuthenticatedOriginPullsDetails{}, err
-	}
-	var r PerHostnamesAuthenticatedOriginPullsDetailsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetPerHostnameAuthenticatedOriginPullsConfig returns the config state of Per Hostname AuthenticatedOriginPulls of the provided hostname within a zone.
-//
-// API reference: https://api.cloudflare.com/#per-hostname-authenticated-origin-pull-get-the-hostname-status-for-client-authentication
-func (api *API) GetPerHostnameAuthenticatedOriginPullsConfig(ctx context.Context, zoneID, hostname string) (PerHostnameAuthenticatedOriginPullsDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/hostnames/%s", zoneID, hostname)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PerHostnameAuthenticatedOriginPullsDetails{}, err
-	}
-	var r PerHostnameAuthenticatedOriginPullsDetailsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerHostnameAuthenticatedOriginPullsDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
deleted file mode 100644
index 635ceb1011..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls_per_hostname_test.go
+++ /dev/null
@@ -1,360 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"hostname": "app.example.com",
-					"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-					"enabled": true,
-					"status": "active",
-					"created_at": "2019-10-28T18:11:23.37411Z",
-					"updated_at": "2019-10-28T18:11:23.37411Z",
-					"cert_status": "active",
-					"issuer": "GlobalSign",
-					"signature": "SHA256WithRSA",
-					"serial_number": "6743787633689793699141714808227354901",
-					"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-					"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
-					"cert_updated_at": "2019-10-28T18:11:23.37411Z",
-					"expires_on": "2100-01-01T05:20:00Z"
-				},
-				{
-					"hostname": "anotherapp.example.com",
-					"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff61",
-					"enabled": true,
-					"status": "active",
-					"created_at": "2019-10-28T18:11:23.37411Z",
-					"updated_at": "2019-10-28T18:11:23.37411Z",
-					"cert_status": "active",
-					"issuer": "GlobalSign",
-					"signature": "SHA256WithRSA",
-					"serial_number": "6743787633689793699141714808227354921",
-					"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-					"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
-					"cert_updated_at": "2019-10-28T18:11:23.37411Z",
-					"expires_on": "2100-01-01T05:20:00Z"
-				  }
-			  ]
-		}`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	createdAt, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-
-	want := []PerHostnameAuthenticatedOriginPullsDetails{
-		{
-			Hostname:       "app.example.com",
-			Enabled:        true,
-			CertStatus:     "active",
-			CreatedAt:      createdAt,
-			UpdatedAt:      updatedAt,
-			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			Issuer:         "GlobalSign",
-			Signature:      "SHA256WithRSA",
-			SerialNumber:   "6743787633689793699141714808227354901",
-			ExpiresOn:      expiresOn,
-			Status:         "active",
-			CertUploadedOn: updatedAt,
-			CertUpdatedAt:  updatedAt,
-		}, {
-			Hostname:       "anotherapp.example.com",
-			Enabled:        true,
-			CertStatus:     "active",
-			CreatedAt:      createdAt,
-			UpdatedAt:      updatedAt,
-			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff61",
-			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			Issuer:         "GlobalSign",
-			Signature:      "SHA256WithRSA",
-			SerialNumber:   "6743787633689793699141714808227354921",
-			ExpiresOn:      expiresOn,
-			Status:         "active",
-			CertUploadedOn: updatedAt,
-			CertUpdatedAt:  updatedAt,
-		},
-	}
-	actual, err := client.ListPerHostnameAuthenticatedOriginPullsCertificates(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUploadPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "serial_number": "6743787633689793699141714808227354901",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "6743787633689793699141714808227354901",
-		ExpiresOn:    expiresOn,
-		Status:       "active",
-		UploadedOn:   uploadedOn,
-	}
-
-	clientCert := PerHostnameAuthenticatedOriginPullsCertificateParams{
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		PrivateKey:  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
-	}
-	actual, err := client.UploadPerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", clientCert)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetPerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "serial_number": "6743787633689793699141714808227354901",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-
-	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "6743787633689793699141714808227354901",
-		ExpiresOn:    expiresOn,
-		Status:       "active",
-		UploadedOn:   uploadedOn,
-	}
-	actual, err := client.GetPerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-func TestDeletePerHostnameAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "serial_number": "6743787633689793699141714808227354901",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-
-	want := PerHostnameAuthenticatedOriginPullsCertificateDetails{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate:  "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "6743787633689793699141714808227354901",
-		ExpiresOn:    expiresOn,
-		Status:       "active",
-		UploadedOn:   uploadedOn,
-	}
-	actual, err := client.DeletePerHostnameAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestEditPerHostnameAuthenticatedOriginPullsConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"hostname": "app.example.com",
-				"cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-				"enabled": true,
-				"status": "active",
-				"created_at": "2100-01-01T05:20:00Z",
-				"updated_at": "2100-01-01T05:20:00Z",
-				"cert_status": "active",
-				"issuer": "GlobalSign",
-				"signature": "SHA256WithRSA",
-				"serial_number": "6743787633689793699141714808227354901",
-				"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-				"cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
-				"cert_updated_at": "2100-01-01T05:20:00Z",
-				"expires_on": "2100-01-01T05:20:00Z"
-			  }
-			]
-		  }`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	certUploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	certUpdatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-
-	want := []PerHostnameAuthenticatedOriginPullsDetails{
-		{
-			Hostname:       "app.example.com",
-			CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			Enabled:        true,
-			Status:         "active",
-			CreatedAt:      createdAt,
-			UpdatedAt:      updatedAt,
-			CertStatus:     "active",
-			Issuer:         "GlobalSign",
-			Signature:      "SHA256WithRSA",
-			SerialNumber:   "6743787633689793699141714808227354901",
-			Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			CertUploadedOn: certUploadedOn,
-			CertUpdatedAt:  certUpdatedAt,
-			ExpiresOn:      expiresOn,
-		},
-	}
-
-	config := []PerHostnameAuthenticatedOriginPullsConfig{
-		{
-			Hostname: "app.example.com",
-			CertID:   "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			Enabled:  true,
-		},
-	}
-	actual, err := client.EditPerHostnameAuthenticatedOriginPullsConfig(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", config)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetPerHostnameAuthenticatedOriginPullsConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "hostname": "app.example.com",
-			  "cert_id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "enabled": true,
-			  "status": "active",
-			  "created_at": "2100-01-01T05:20:00Z",
-			  "updated_at": "2100-01-01T05:20:00Z",
-			  "cert_status": "active",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "serial_number": "6743787633689793699141714808227354901",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "cert_uploaded_on": "2019-10-28T18:11:23.37411Z",
-			  "cert_updated_at": "2100-01-01T05:20:00Z",
-			  "expires_on": "2100-01-01T05:20:00Z"
-			}
-		  }`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/hostnames/app.example.com", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	certUploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	certUpdatedAt, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-
-	want := PerHostnameAuthenticatedOriginPullsDetails{
-		Hostname:       "app.example.com",
-		CertID:         "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Enabled:        true,
-		Status:         "active",
-		CreatedAt:      createdAt,
-		UpdatedAt:      updatedAt,
-		CertStatus:     "active",
-		Issuer:         "GlobalSign",
-		Signature:      "SHA256WithRSA",
-		SerialNumber:   "6743787633689793699141714808227354901",
-		Certificate:    "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		CertUploadedOn: certUploadedOn,
-		CertUpdatedAt:  certUpdatedAt,
-		ExpiresOn:      expiresOn,
-	}
-	actual, err := client.GetPerHostnameAuthenticatedOriginPullsConfig(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "app.example.com")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
deleted file mode 100644
index a72b34e0c2..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// PerZoneAuthenticatedOriginPullsSettings represents the settings for Per Zone AuthenticatedOriginPulls.
-type PerZoneAuthenticatedOriginPullsSettings struct {
-	Enabled bool `json:"enabled"`
-}
-
-// PerZoneAuthenticatedOriginPullsSettingsResponse represents the response from the Per Zone AuthenticatedOriginPulls settings endpoint.
-type PerZoneAuthenticatedOriginPullsSettingsResponse struct {
-	Response
-	Result PerZoneAuthenticatedOriginPullsSettings `json:"result"`
-}
-
-// PerZoneAuthenticatedOriginPullsCertificateDetails represents the metadata for a Per Zone AuthenticatedOriginPulls client certificate.
-type PerZoneAuthenticatedOriginPullsCertificateDetails struct {
-	ID          string    `json:"id"`
-	Certificate string    `json:"certificate"`
-	Issuer      string    `json:"issuer"`
-	Signature   string    `json:"signature"`
-	ExpiresOn   time.Time `json:"expires_on"`
-	Status      string    `json:"status"`
-	UploadedOn  time.Time `json:"uploaded_on"`
-}
-
-// PerZoneAuthenticatedOriginPullsCertificateResponse represents the response from endpoints relating to creating and deleting a per zone AuthenticatedOriginPulls certificate.
-type PerZoneAuthenticatedOriginPullsCertificateResponse struct {
-	Response
-	Result PerZoneAuthenticatedOriginPullsCertificateDetails `json:"result"`
-}
-
-// PerZoneAuthenticatedOriginPullsCertificatesResponse represents the response from the per zone AuthenticatedOriginPulls certificate list endpoint.
-type PerZoneAuthenticatedOriginPullsCertificatesResponse struct {
-	Response
-	Result []PerZoneAuthenticatedOriginPullsCertificateDetails `json:"result"`
-}
-
-// PerZoneAuthenticatedOriginPullsCertificateParams represents the required data related to the client certificate being uploaded to be used in Per Zone AuthenticatedOriginPulls.
-type PerZoneAuthenticatedOriginPullsCertificateParams struct {
-	Certificate string `json:"certificate"`
-	PrivateKey  string `json:"private_key"`
-}
-
-// GetPerZoneAuthenticatedOriginPullsStatus returns whether per zone AuthenticatedOriginPulls is enabled or not. It is false by default.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-get-enablement-setting-for-zone
-func (api *API) GetPerZoneAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string) (PerZoneAuthenticatedOriginPullsSettings, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/settings", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PerZoneAuthenticatedOriginPullsSettings{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsSettingsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerZoneAuthenticatedOriginPullsSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// SetPerZoneAuthenticatedOriginPullsStatus will update whether Per Zone AuthenticatedOriginPulls is enabled for the zone.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-set-enablement-for-zone
-func (api *API) SetPerZoneAuthenticatedOriginPullsStatus(ctx context.Context, zoneID string, enable bool) (PerZoneAuthenticatedOriginPullsSettings, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/settings", zoneID)
-	params := struct {
-		Enabled bool `json:"enabled"`
-	}{
-		Enabled: enable,
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return PerZoneAuthenticatedOriginPullsSettings{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsSettingsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerZoneAuthenticatedOriginPullsSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UploadPerZoneAuthenticatedOriginPullsCertificate will upload a provided client certificate and enable it to be used in all AuthenticatedOriginPulls requests for the zone.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-upload-certificate
-func (api *API) UploadPerZoneAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID string, params PerZoneAuthenticatedOriginPullsCertificateParams) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListPerZoneAuthenticatedOriginPullsCertificates returns a list of all user uploaded client certificates to Per Zone AuthenticatedOriginPulls.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-list-certificates
-func (api *API) ListPerZoneAuthenticatedOriginPullsCertificates(ctx context.Context, zoneID string) ([]PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsCertificatesResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetPerZoneAuthenticatedOriginPullsCertificateDetails returns the metadata associated with a user uploaded client certificate to Per Zone AuthenticatedOriginPulls.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-get-certificate-details
-func (api *API) GetPerZoneAuthenticatedOriginPullsCertificateDetails(ctx context.Context, zoneID, certificateID string) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeletePerZoneAuthenticatedOriginPullsCertificate removes the specified client certificate from the edge.
-//
-// API reference: https://api.cloudflare.com/#zone-level-authenticated-origin-pulls-delete-certificate
-func (api *API) DeletePerZoneAuthenticatedOriginPullsCertificate(ctx context.Context, zoneID, certificateID string) (PerZoneAuthenticatedOriginPullsCertificateDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/origin_tls_client_auth/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, err
-	}
-	var r PerZoneAuthenticatedOriginPullsCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return PerZoneAuthenticatedOriginPullsCertificateDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
deleted file mode 100644
index 26d2567331..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls_per_zone_test.go
+++ /dev/null
@@ -1,230 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetPerZoneAuthenticatedOriginPullsStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "enabled": true
-			}
-		  }`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/settings", handler)
-	want := PerZoneAuthenticatedOriginPullsSettings{
-		Enabled: true,
-	}
-	actual, err := client.GetPerZoneAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSetPerZoneAuthenticatedOriginPullsStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "enabled": true
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/settings", handler)
-	want := PerZoneAuthenticatedOriginPullsSettings{
-		Enabled: true,
-	}
-	actual, err := client.SetPerZoneAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", true)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUploadPerZoneAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
-		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:      "GlobalSign",
-		Signature:   "SHA256WithRSA",
-		ExpiresOn:   expiresOn,
-		Status:      "active",
-		UploadedOn:  uploadedOn,
-	}
-
-	clientCert := PerZoneAuthenticatedOriginPullsCertificateParams{
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		PrivateKey:  "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmG\ndtcGbg/1CGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKn\nabIRuGvBKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpid\ntnKX/a+50GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+py\nFxIXjbEIdZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pE\newooaeO2izNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABAoIBACbhTYXBZYKmYPCb\nHBR1IBlCQA2nLGf0qRuJNJZg5iEzXows/6tc8YymZkQE7nolapWsQ+upk2y5Xdp/\naxiuprIs9JzkYK8Ox0r+dlwCG1kSW+UAbX0bQ/qUqlsTvU6muVuMP8vZYHxJ3wmb\n+ufRBKztPTQ/rYWaYQcgC0RWI20HTFBMxlTAyNxYNWzX7RKFkGVVyB9RsAtmcc8g\n+j4OdosbfNoJPS0HeIfNpAznDfHKdxDk2Yc1tV6RHBrC1ynyLE9+TaflIAdo2MVv\nKLMLq51GqYKtgJFIlBRPQqKoyXdz3fGvXrTkf/WY9QNq0J1Vk5ERePZ54mN8iZB7\n9lwy/AkCgYEA6FXzosxswaJ2wQLeoYc7ceaweX/SwTvxHgXzRyJIIT0eJWgx13Wo\n/WA3Iziimsjf6qE+SI/8laxPp2A86VMaIt3Z3mJN/CqSVGw8LK2AQst+OwdPyDMu\niacE8lj/IFGC8mwNUAb9CzGU3JpU4PxxGFjS/eMtGeRXCWkK4NE+G08CgYEA1Kp9\nN2JrVlqUz+gAX+LPmE9OEMAS9WQSQsfCHGogIFDGGcNf7+uwBM7GAaSJIP01zcoe\nVAgWdzXCv3FLhsaZoJ6RyLOLay5phbu1iaTr4UNYm5WtYTzMzqh8l1+MFFDl9xDB\nvULuCIIrglM5MeS/qnSg1uMoH2oVPj9TVst/ir8CgYEAxrI7Ws9Zc4Bt70N1As+U\nlySjaEVZCMkqvHJ6TCuVZFfQoE0r0whdLdRLU2PsLFP+q7qaeZQqgBaNSKeVcDYR\n9B+nY/jOmQoPewPVsp/vQTCnE/R81spu0mp0YI6cIheT1Z9zAy322svcc43JaWB7\nmEbeqyLOP4Z4qSOcmghZBSECgYACvR9Xs0DGn+wCsW4vze/2ei77MD4OQvepPIFX\ndFZtlBy5ADcgE9z0cuVB6CiL8DbdK5kwY9pGNr8HUCI03iHkW6Zs+0L0YmihfEVe\nPG19PSzK9CaDdhD9KFZSbLyVFmWfxOt50H7YRTTiPMgjyFpfi5j2q348yVT0tEQS\nfhRqaQKBgAcWPokmJ7EbYQGeMbS7HC8eWO/RyamlnSffdCdSc7ue3zdVJxpAkQ8W\nqu80pEIF6raIQfAf8MXiiZ7auFOSnHQTXUbhCpvDLKi0Mwq3G8Pl07l+2s6dQG6T\nlv6XTQaMyf6n1yjzL+fzDrH3qXMxHMO/b13EePXpDMpY7HQpoLDi\n-----END RSA PRIVATE KEY-----\n",
-	}
-	actual, err := client.UploadPerZoneAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", clientCert)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListPerZoneAuthenticatedOriginPullsCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-				"certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-				"issuer": "GlobalSign",
-				"signature": "SHA256WithRSA",
-				"expires_on": "2100-01-01T05:20:00Z",
-				"status": "active",
-				"uploaded_on": "2019-10-28T18:11:23.37411Z"
-			  }
-			]
-		  }
-		`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	want := []PerZoneAuthenticatedOriginPullsCertificateDetails{
-		{
-			ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			Issuer:      "GlobalSign",
-			Signature:   "SHA256WithRSA",
-			ExpiresOn:   expiresOn,
-			Status:      "active",
-			UploadedOn:  uploadedOn,
-		},
-	}
-	actual, err := client.ListPerZoneAuthenticatedOriginPullsCertificates(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetPerZoneAuthenticatedOriginPullsCertificateDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		  }		  
-		`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
-		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:      "GlobalSign",
-		Signature:   "SHA256WithRSA",
-		ExpiresOn:   expiresOn,
-		Status:      "active",
-		UploadedOn:  uploadedOn,
-	}
-	actual, err := client.GetPerZoneAuthenticatedOriginPullsCertificateDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeletePerZoneAuthenticatedOriginPullsCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-			  "issuer": "GlobalSign",
-			  "signature": "SHA256WithRSA",
-			  "expires_on": "2100-01-01T05:20:00Z",
-			  "status": "active",
-			  "uploaded_on": "2019-10-28T18:11:23.37411Z"
-			}
-		  }		  
-		`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/origin_tls_client_auth/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2100-01-01T05:20:00Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2019-10-28T18:11:23.37411Z")
-	want := PerZoneAuthenticatedOriginPullsCertificateDetails{
-		ID:          "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Certificate: "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIJAMHAwfXZ5/PWMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\nBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX\naWRnaXRzIFB0eSBMdGQwHhcNMTYwODI0MTY0MzAxWhcNMTYxMTIyMTY0MzAxWjBF\nMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50\nZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\nCgKCAQEAwQHoetcl9+5ikGzV6cMzWtWPJHqXT3wpbEkRU9Yz7lgvddmGdtcGbg/1\nCGZu0jJGkMoppoUo4c3dts3iwqRYmBikUP77wwY2QGmDZw2FvkJCJlKnabIRuGvB\nKwzESIXgKk2016aTP6/dAjEHyo6SeoK8lkIySUvK0fyOVlsiEsCmOpidtnKX/a+5\n0GjB79CJH4ER2lLVZnhePFR/zUOyPxZQQ4naHf7yu/b5jhO0f8fwt+pyFxIXjbEI\ndZliWRkRMtzrHOJIhrmJ2A1J7iOrirbbwillwjjNVUWPf3IJ3M12S9pEewooaeO2\nizNTERcG9HzAacbVRn2Y2SWIyT/18QIDAQABo4GnMIGkMB0GA1UdDgQWBBT/LbE4\n9rWf288N6sJA5BRb6FJIGDB1BgNVHSMEbjBsgBT/LbE49rWf288N6sJA5BRb6FJI\nGKFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV\nBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAMHAwfXZ5/PWMAwGA1UdEwQF\nMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHHFwl0tH0quUYZYO0dZYt4R7SJ0pCm2\n2satiyzHl4OnXcHDpekAo7/a09c6Lz6AU83cKy/+x3/djYHXWba7HpEu0dR3ugQP\nMlr4zrhd9xKZ0KZKiYmtJH+ak4OM4L3FbT0owUZPyjLSlhMtJVcoRp5CJsjAMBUG\nSvD8RX+T01wzox/Qb+lnnNnOlaWpqu8eoOenybxKp1a9ULzIVvN/LAcc+14vioFq\n2swRWtmocBAs8QR9n4uvbpiYvS8eYueDCWMM4fvFfBhaDZ3N9IbtySh3SpFdQDhw\nYbjM2rxXiyLGxB4Bol7QTv4zHif7Zt89FReT/NBy4rzaskDJY5L6xmY=\n-----END CERTIFICATE-----\n",
-		Issuer:      "GlobalSign",
-		Signature:   "SHA256WithRSA",
-		ExpiresOn:   expiresOn,
-		Status:      "active",
-		UploadedOn:  uploadedOn,
-	}
-	actual, err := client.DeletePerZoneAuthenticatedOriginPullsCertificate(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/authenticated_origin_pulls_test.go b/pkg/cloudflare-go/authenticated_origin_pulls_test.go
deleted file mode 100644
index 1e3caa8642..0000000000
--- a/pkg/cloudflare-go/authenticated_origin_pulls_test.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAuthenticatedOriginPullsDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-		    "id": "tls_client_auth",
-		    "value": "on",
-		    "editable": true,
-		    "modified_on": "2014-01-01T05:20:00.12345Z"
-		  }
-		}`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
-
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AuthenticatedOriginPulls{
-		ID:         "tls_client_auth",
-		Value:      "on",
-		Editable:   true,
-		ModifiedOn: modifiedOn,
-	}
-
-	actual, err := client.GetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSetAuthenticatedOriginPullsStatusEnabled(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "tls_client_auth",
-			  "value": "on",
-			  "editable": true,
-			  "modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		  }`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AuthenticatedOriginPulls{
-		ID:         "tls_client_auth",
-		Value:      "on",
-		Editable:   true,
-		ModifiedOn: modifiedOn,
-	}
-
-	actual, err := client.SetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", true)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSetAuthenticatedOriginPullsStatusDisabled(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "tls_client_auth",
-			  "value": "off",
-			  "editable": true,
-			  "modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		  }`)
-	}
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/settings/tls_client_auth", handler)
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := AuthenticatedOriginPulls{
-		ID:         "tls_client_auth",
-		Value:      "off",
-		Editable:   true,
-		ModifiedOn: modifiedOn,
-	}
-
-	actual, err := client.SetAuthenticatedOriginPullsStatus(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", false)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/bot_management.go b/pkg/cloudflare-go/bot_management.go
deleted file mode 100644
index f77968f459..0000000000
--- a/pkg/cloudflare-go/bot_management.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// BotManagement represents the bots config for a zone.
-type BotManagement struct {
-	EnableJS                     *bool   `json:"enable_js,omitempty"`
-	FightMode                    *bool   `json:"fight_mode,omitempty"`
-	SBFMDefinitelyAutomated      *string `json:"sbfm_definitely_automated,omitempty"`
-	SBFMLikelyAutomated          *string `json:"sbfm_likely_automated,omitempty"`
-	SBFMVerifiedBots             *string `json:"sbfm_verified_bots,omitempty"`
-	SBFMStaticResourceProtection *bool   `json:"sbfm_static_resource_protection,omitempty"`
-	OptimizeWordpress            *bool   `json:"optimize_wordpress,omitempty"`
-	SuppressSessionScore         *bool   `json:"suppress_session_score,omitempty"`
-	AutoUpdateModel              *bool   `json:"auto_update_model,omitempty"`
-	UsingLatestModel             *bool   `json:"using_latest_model,omitempty"`
-}
-
-// BotManagementResponse represents the response from the bot_management endpoint.
-type BotManagementResponse struct {
-	Result BotManagement `json:"result"`
-	Response
-}
-
-type UpdateBotManagementParams struct {
-	EnableJS                     *bool   `json:"enable_js,omitempty"`
-	FightMode                    *bool   `json:"fight_mode,omitempty"`
-	SBFMDefinitelyAutomated      *string `json:"sbfm_definitely_automated,omitempty"`
-	SBFMLikelyAutomated          *string `json:"sbfm_likely_automated,omitempty"`
-	SBFMVerifiedBots             *string `json:"sbfm_verified_bots,omitempty"`
-	SBFMStaticResourceProtection *bool   `json:"sbfm_static_resource_protection,omitempty"`
-	OptimizeWordpress            *bool   `json:"optimize_wordpress,omitempty"`
-	SuppressSessionScore         *bool   `json:"suppress_session_score,omitempty"`
-	AutoUpdateModel              *bool   `json:"auto_update_model,omitempty"`
-}
-
-// GetBotManagement gets a zone API shield configuration.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/bot-management-for-a-zone-get-config
-func (api *API) GetBotManagement(ctx context.Context, rc *ResourceContainer) (BotManagement, error) {
-	uri := fmt.Sprintf("/zones/%s/bot_management", rc.Identifier)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, botV2Header())
-	if err != nil {
-		return BotManagement{}, err
-	}
-	var bmResponse BotManagementResponse
-	err = json.Unmarshal(res, &bmResponse)
-	if err != nil {
-		return BotManagement{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return bmResponse.Result, nil
-}
-
-// UpdateBotManagement sets a zone API shield configuration.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/bot-management-for-a-zone-update-config
-func (api *API) UpdateBotManagement(ctx context.Context, rc *ResourceContainer, params UpdateBotManagementParams) (BotManagement, error) {
-	uri := fmt.Sprintf("/zones/%s/bot_management", rc.Identifier)
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, params, botV2Header())
-	if err != nil {
-		return BotManagement{}, err
-	}
-
-	var bmResponse BotManagementResponse
-	err = json.Unmarshal(res, &bmResponse)
-	if err != nil {
-		return BotManagement{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return bmResponse.Result, nil
-}
-
-// We are currently undergoing the process of updating the bot management API.
-// The older 1.0.0 version of the is still the default version, so we will need
-// to explicitly set this special header on all requests. We will eventually
-// make 2.0.0 the default version, and later we will remove the 1.0.0 entirely.
-func botV2Header() http.Header {
-	header := make(http.Header)
-	header.Set("Cloudflare-Version", "2.0.0")
-
-	return header
-}
diff --git a/pkg/cloudflare-go/bot_management_test.go b/pkg/cloudflare-go/bot_management_test.go
deleted file mode 100644
index e0837804e5..0000000000
--- a/pkg/cloudflare-go/bot_management_test.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetBotManagement(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "2.0.0", r.Header.Get("Cloudflare-Version"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success" : true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"enable_js": false,
-		"fight_mode": true,
-		"using_latest_model": true
-	}
-}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/bot_management", handler)
-
-	want := BotManagement{
-		EnableJS:         BoolPtr(false),
-		FightMode:        BoolPtr(true),
-		UsingLatestModel: BoolPtr(true),
-	}
-
-	actual, err := client.GetBotManagement(context.Background(), ZoneIdentifier(testZoneID))
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateBotManagement(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		assert.Equal(t, "2.0.0", r.Header.Get("Cloudflare-Version"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success" : true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"enable_js": false,
-		"fight_mode": true,
-		"using_latest_model": true
-	}
-}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/bot_management", handler)
-
-	bmData := UpdateBotManagementParams{
-		EnableJS:  BoolPtr(false),
-		FightMode: BoolPtr(true),
-	}
-
-	want := BotManagement{
-		EnableJS:         BoolPtr(false),
-		FightMode:        BoolPtr(true),
-		UsingLatestModel: BoolPtr(true),
-	}
-
-	actual, err := client.UpdateBotManagement(context.Background(), ZoneIdentifier(testZoneID), bmData)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/cache_reserve.go b/pkg/cloudflare-go/cache_reserve.go
deleted file mode 100644
index 64e74b39a9..0000000000
--- a/pkg/cloudflare-go/cache_reserve.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// CacheReserve is the structure of the API object for the cache reserve
-// setting.
-type CacheReserve struct {
-	ID         string    `json:"id,omitempty"`
-	ModifiedOn time.Time `json:"modified_on,omitempty"`
-	Value      string    `json:"value"`
-}
-
-// CacheReserveDetailsResponse is the API response for the cache reserve
-// setting.
-type CacheReserveDetailsResponse struct {
-	Result CacheReserve `json:"result"`
-	Response
-}
-
-type zoneCacheReserveSingleResponse struct {
-	Response
-	Result CacheReserve `json:"result"`
-}
-
-type GetCacheReserveParams struct{}
-
-type UpdateCacheReserveParams struct {
-	Value string `json:"value"`
-}
-
-// GetCacheReserve returns information about the current cache reserve settings.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-get-cache-reserve-setting
-func (api *API) GetCacheReserve(ctx context.Context, rc *ResourceContainer, params GetCacheReserveParams) (CacheReserve, error) {
-	if rc.Level != ZoneRouteLevel {
-		return CacheReserve{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/cache/cache_reserve", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CacheReserve{}, err
-	}
-
-	var cacheReserveDetailsResponse CacheReserveDetailsResponse
-	err = json.Unmarshal(res, &cacheReserveDetailsResponse)
-	if err != nil {
-		return CacheReserve{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return cacheReserveDetailsResponse.Result, nil
-}
-
-// UpdateCacheReserve updates the cache reserve setting for a zone
-//
-// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-change-cache-reserve-setting
-func (api *API) UpdateCacheReserve(ctx context.Context, rc *ResourceContainer, params UpdateCacheReserveParams) (CacheReserve, error) {
-	if rc.Level != ZoneRouteLevel {
-		return CacheReserve{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/cache/cache_reserve", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return CacheReserve{}, err
-	}
-
-	response := &zoneCacheReserveSingleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return CacheReserve{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/cache_reserve_test.go b/pkg/cloudflare-go/cache_reserve_test.go
deleted file mode 100644
index 4434c9cf28..0000000000
--- a/pkg/cloudflare-go/cache_reserve_test.go
+++ /dev/null
@@ -1,82 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var cacheReserveTimestampString = "2019-02-20T22:37:07.107449Z"
-var cacheReserveTimestamp, _ = time.Parse(time.RFC3339Nano, cacheReserveTimestampString)
-
-func TestCacheReserve(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "cache_reserve",
-				"value": "on",
-				"modified_on": "%s"
-			}
-		}
-		`, cacheReserveTimestampString)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/cache/cache_reserve", handler)
-	want := CacheReserve{
-		ID:         "cache_reserve",
-		Value:      "on",
-		ModifiedOn: cacheReserveTimestamp,
-	}
-
-	actual, err := client.GetCacheReserve(context.Background(), ZoneIdentifier("01a7362d577a6c3019a474fd6f485823"), GetCacheReserveParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateCacheReserve(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "cache_reserve",
-				"value": "off",
-				"modified_on": "%s"
-			}
-		}
-		`, cacheReserveTimestampString)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/cache/cache_reserve", handler)
-	want := CacheReserve{
-		ID:         "cache_reserve",
-		Value:      "off",
-		ModifiedOn: cacheReserveTimestamp,
-	}
-
-	actual, err := client.UpdateCacheReserve(context.Background(), ZoneIdentifier("01a7362d577a6c3019a474fd6f485823"), UpdateCacheReserveParams{Value: "off"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/catalog.json b/pkg/cloudflare-go/catalog.json
deleted file mode 100644
index 97847246e4..0000000000
--- a/pkg/cloudflare-go/catalog.json
+++ /dev/null
@@ -1,67 +0,0 @@
-{
-  "nixpkgs-flox": {
-    "x86_64-darwin": {
-      "stable": {
-        "go_1_20": {
-          "latest": {
-            "cache": {
-              "out": {
-                "https://cache.nixos.org": {}
-              }
-            },
-            "element": {
-              "attrPath": [
-                "legacyPackages",
-                "x86_64-darwin",
-                "go_1_20"
-              ],
-              "originalUrl": "flake:nixpkgs",
-              "storePaths": [
-                "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
-              ],
-              "url": "github:flox/nixpkgs/d0d55259081f0b97c828f38559cad899d351cad1"
-            },
-            "eval": {
-              "meta": {
-                "description": "The Go Programming language",
-                "outputsToInstall": [
-                  "out"
-                ],
-                "position": "/nix/store/32cp7y0cf36h3xp0fqwy2nf432fpcaci-source/pkgs/development/compilers/go/1.20.nix:176",
-                "unfree": false
-              },
-              "name": "go-1.20.1",
-              "outputs": {
-                "out": "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
-              },
-              "pname": "go",
-              "system": "x86_64-darwin",
-              "version": "1.20.1"
-            },
-            "publish_element": {
-              "attrPath": [
-                "evalCatalog",
-                "x86_64-darwin",
-                "stable",
-                "go_1_20"
-              ],
-              "originalUrl": "flake:nixpkgs-flox",
-              "storePaths": [
-                "/nix/store/0pp0svlrkdls28dixb6a7kqa567gs59v-go-1.20.1"
-              ],
-              "url": "flake:nixpkgs-flox/b7e7e40e2aa1ca2a44db440f5dc52213564af02f"
-            },
-            "source": {
-              "locked": {
-                "lastModified": 1676973346,
-                "revCount": 456418
-              }
-            },
-            "type": "catalogRender",
-            "version": 1
-          }
-        }
-      }
-    }
-  }
-}
diff --git a/pkg/cloudflare-go/certificate_packs.go b/pkg/cloudflare-go/certificate_packs.go
deleted file mode 100644
index 2fee1d6746..0000000000
--- a/pkg/cloudflare-go/certificate_packs.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// CertificatePackGeoRestrictions is for the structure of the geographic
-// restrictions for a TLS certificate.
-type CertificatePackGeoRestrictions struct {
-	Label string `json:"label"`
-}
-
-// CertificatePackCertificate is the base structure of a TLS certificate that is
-// contained within a certificate pack.
-type CertificatePackCertificate struct {
-	ID              string                         `json:"id"`
-	Hosts           []string                       `json:"hosts"`
-	Issuer          string                         `json:"issuer"`
-	Signature       string                         `json:"signature"`
-	Status          string                         `json:"status"`
-	BundleMethod    string                         `json:"bundle_method"`
-	GeoRestrictions CertificatePackGeoRestrictions `json:"geo_restrictions"`
-	ZoneID          string                         `json:"zone_id"`
-	UploadedOn      time.Time                      `json:"uploaded_on"`
-	ModifiedOn      time.Time                      `json:"modified_on"`
-	ExpiresOn       time.Time                      `json:"expires_on"`
-	Priority        int                            `json:"priority"`
-}
-
-// CertificatePack is the overarching structure of a certificate pack response.
-type CertificatePack struct {
-	ID                   string                       `json:"id"`
-	Type                 string                       `json:"type"`
-	Hosts                []string                     `json:"hosts"`
-	Certificates         []CertificatePackCertificate `json:"certificates"`
-	PrimaryCertificate   string                       `json:"primary_certificate"`
-	Status               string                       `json:"status"`
-	ValidationRecords    []SSLValidationRecord        `json:"validation_records,omitempty"`
-	ValidationErrors     []SSLValidationError         `json:"validation_errors,omitempty"`
-	ValidationMethod     string                       `json:"validation_method"`
-	ValidityDays         int                          `json:"validity_days"`
-	CertificateAuthority string                       `json:"certificate_authority"`
-	CloudflareBranding   bool                         `json:"cloudflare_branding"`
-}
-
-// CertificatePackRequest is used for requesting a new certificate.
-type CertificatePackRequest struct {
-	Type                 string   `json:"type"`
-	Hosts                []string `json:"hosts"`
-	ValidationMethod     string   `json:"validation_method"`
-	ValidityDays         int      `json:"validity_days"`
-	CertificateAuthority string   `json:"certificate_authority"`
-	CloudflareBranding   bool     `json:"cloudflare_branding"`
-}
-
-// CertificatePacksResponse is for responses where multiple certificates are
-// expected.
-type CertificatePacksResponse struct {
-	Response
-	Result []CertificatePack `json:"result"`
-}
-
-// CertificatePacksDetailResponse contains a single certificate pack in the
-// response.
-type CertificatePacksDetailResponse struct {
-	Response
-	Result CertificatePack `json:"result"`
-}
-
-// ListCertificatePacks returns all available TLS certificate packs for a zone.
-//
-// API Reference: https://api.cloudflare.com/#certificate-packs-list-certificate-packs
-func (api *API) ListCertificatePacks(ctx context.Context, zoneID string) ([]CertificatePack, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs?status=all", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []CertificatePack{}, err
-	}
-
-	var certificatePacksResponse CertificatePacksResponse
-	err = json.Unmarshal(res, &certificatePacksResponse)
-	if err != nil {
-		return []CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return certificatePacksResponse.Result, nil
-}
-
-// CertificatePack returns a single TLS certificate pack on a zone.
-//
-// API Reference: https://api.cloudflare.com/#certificate-packs-get-certificate-pack
-func (api *API) CertificatePack(ctx context.Context, zoneID, certificatePackID string) (CertificatePack, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificatePackID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CertificatePack{}, err
-	}
-
-	var certificatePacksDetailResponse CertificatePacksDetailResponse
-	err = json.Unmarshal(res, &certificatePacksDetailResponse)
-	if err != nil {
-		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return certificatePacksDetailResponse.Result, nil
-}
-
-// CreateCertificatePack creates a new certificate pack associated with a zone.
-//
-// API Reference: https://api.cloudflare.com/#certificate-packs-order-advanced-certificate-manager-certificate-pack
-func (api *API) CreateCertificatePack(ctx context.Context, zoneID string, cert CertificatePackRequest) (CertificatePack, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/order", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, cert)
-	if err != nil {
-		return CertificatePack{}, err
-	}
-
-	var certificatePacksDetailResponse CertificatePacksDetailResponse
-	err = json.Unmarshal(res, &certificatePacksDetailResponse)
-	if err != nil {
-		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return certificatePacksDetailResponse.Result, nil
-}
-
-// DeleteCertificatePack removes a certificate pack associated with a zone.
-//
-// API Reference: https://api.cloudflare.com/#certificate-packs-delete-advanced-certificate-manager-certificate-pack
-func (api *API) DeleteCertificatePack(ctx context.Context, zoneID, certificateID string) error {
-	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificateID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RestartCertificateValidation kicks off the validation process for a
-// pending certificate pack.
-//
-// API Reference: https://api.cloudflare.com/#certificate-packs-restart-validation-for-advanced-certificate-manager-certificate-pack
-func (api *API) RestartCertificateValidation(ctx context.Context, zoneID, certificateID string) (CertificatePack, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/certificate_packs/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, nil)
-	if err != nil {
-		return CertificatePack{}, err
-	}
-
-	var certificatePackResponse CertificatePacksDetailResponse
-	err = json.Unmarshal(res, &certificatePackResponse)
-	if err != nil {
-		return CertificatePack{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return certificatePackResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/certificate_packs_test.go b/pkg/cloudflare-go/certificate_packs_test.go
deleted file mode 100644
index 6dc9758247..0000000000
--- a/pkg/cloudflare-go/certificate_packs_test.go
+++ /dev/null
@@ -1,285 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	uploadedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _  = time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-
-	desiredCertificatePack = CertificatePack{
-		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
-		Type:                 "advanced",
-		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
-		PrimaryCertificate:   "b2cfa4183267af678ea06c7407d4d6d8",
-		ValidationMethod:     "txt",
-		ValidityDays:         90,
-		CertificateAuthority: "lets_encrypt",
-		Certificates: []CertificatePackCertificate{{
-			ID:              "3822ff90-ea29-44df-9e55-21300bb9419b",
-			Hosts:           []string{"example.com"},
-			Issuer:          "GlobalSign",
-			Signature:       "SHA256WithRSA",
-			Status:          "active",
-			BundleMethod:    "ubiquitous",
-			GeoRestrictions: CertificatePackGeoRestrictions{Label: "us"},
-			ZoneID:          testZoneID,
-			UploadedOn:      uploadedOn,
-			ModifiedOn:      uploadedOn,
-			ExpiresOn:       expiresOn,
-			Priority:        1,
-		}},
-	}
-
-	pendingCertificatePack = CertificatePack{
-		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
-		Type:                 "advanced",
-		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
-		Status:               "initializing",
-		ValidationMethod:     "txt",
-		ValidityDays:         90,
-		CertificateAuthority: "lets_encrypt",
-	}
-)
-
-func TestListCertificatePacks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-      "type": "advanced",
-      "hosts": [
-        "example.com",
-        "*.example.com",
-        "www.example.com"
-      ],
-      "validity_days": 90,
-      "validation_method": "txt",
-      "certificate_authority": "lets_encrypt",
-      "certificates": [
-        {
-          "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-          "hosts": [
-            "example.com"
-          ],
-          "issuer": "GlobalSign",
-          "signature": "SHA256WithRSA",
-          "status": "active",
-          "bundle_method": "ubiquitous",
-          "geo_restrictions": {
-            "label": "us"
-          },
-          "zone_id": "%[1]s",
-          "uploaded_on": "2014-01-01T05:20:00Z",
-          "modified_on": "2014-01-01T05:20:00Z",
-          "expires_on": "2016-01-01T05:20:00Z",
-          "priority": 1
-        }
-      ],
-      "primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
-    }
-  ]
-}
-		`, testZoneID)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs", handler)
-
-	want := []CertificatePack{desiredCertificatePack}
-	actual, err := client.ListCertificatePacks(context.Background(), testZoneID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListCertificatePack(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-    "type": "advanced",
-    "validity_days": 90,
-    "validation_method": "txt",
-    "certificate_authority": "lets_encrypt",
-    "hosts": [
-      "example.com",
-      "*.example.com",
-      "www.example.com"
-    ],
-    "certificates": [
-      {
-        "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-        "hosts": [
-          "example.com"
-        ],
-        "issuer": "GlobalSign",
-        "signature": "SHA256WithRSA",
-        "status": "active",
-        "bundle_method": "ubiquitous",
-        "geo_restrictions": {
-          "label": "us"
-        },
-        "zone_id": "%[1]s",
-        "uploaded_on": "2014-01-01T05:20:00Z",
-        "modified_on": "2014-01-01T05:20:00Z",
-        "expires_on": "2016-01-01T05:20:00Z",
-        "priority": 1
-      }
-    ],
-    "primary_certificate": "b2cfa4183267af678ea06c7407d4d6d8"
-  }
-}
-		`, testZoneID)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
-
-	actual, err := client.CertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, desiredCertificatePack, actual)
-	}
-}
-
-func TestCreateCertificatePack(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-        "type": "advanced",
-        "hosts": [
-          "example.com",
-          "*.example.com",
-          "www.example.com"
-        ],
-        "status": "initializing",
-        "validation_method": "txt",
-        "validity_days": 90,
-        "certificate_authority": "lets_encrypt",
-        "cloudflare_branding": false
-      }
-    }
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/order", handler)
-
-	certificate := CertificatePackRequest{
-		Type:                 "advanced",
-		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
-		ValidationMethod:     "txt",
-		ValidityDays:         90,
-		CertificateAuthority: "lets_encrypt",
-	}
-	actual, err := client.CreateCertificatePack(context.Background(), testZoneID, certificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, pendingCertificatePack, actual)
-	}
-}
-
-func TestRestartAdvancedCertificateValidation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "3822ff90-ea29-44df-9e55-21300bb9419b",
-    "type": "advanced",
-    "hosts": [
-      "example.com",
-      "*.example.com",
-      "www.example.com"
-    ],
-    "status": "initializing",
-    "validation_method": "txt",
-    "validity_days": 365,
-    "certificate_authority": "lets_encrypt",
-    "cloudflare_branding": false
-  }
-}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
-
-	certificate := CertificatePack{
-		ID:                   "3822ff90-ea29-44df-9e55-21300bb9419b",
-		Type:                 "advanced",
-		Hosts:                []string{"example.com", "*.example.com", "www.example.com"},
-		Status:               "initializing",
-		ValidityDays:         365,
-		ValidationMethod:     "txt",
-		CertificateAuthority: "lets_encrypt",
-		CloudflareBranding:   false,
-	}
-
-	actual, err := client.RestartCertificateValidation(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, certificate, actual)
-	}
-}
-
-func TestDeleteCertificatePack(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "3822ff90-ea29-44df-9e55-21300bb9419b"
-  }
-}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/certificate_packs/3822ff90-ea29-44df-9e55-21300bb9419b", handler)
-
-	err := client.DeleteCertificatePack(context.Background(), testZoneID, "3822ff90-ea29-44df-9e55-21300bb9419b")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/cloudflare.go b/pkg/cloudflare-go/cloudflare.go
deleted file mode 100644
index b228981011..0000000000
--- a/pkg/cloudflare-go/cloudflare.go
+++ /dev/null
@@ -1,593 +0,0 @@
-// Package cloudflare implements the Cloudflare v4 API.
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"math"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"golang.org/x/time/rate"
-)
-
-var (
-	Version string = "v4"
-
-	// Deprecated: Use `client.New` configuration instead.
-	apiURL = fmt.Sprintf("%s://%s%s", defaultScheme, defaultHostname, defaultBasePath)
-)
-
-const (
-	// AuthKeyEmail specifies that we should authenticate with API key and email address.
-	AuthKeyEmail = 1 << iota
-	// AuthUserService specifies that we should authenticate with a User-Service key.
-	AuthUserService
-	// AuthToken specifies that we should authenticate with an API Token.
-	AuthToken
-)
-
-// API holds the configuration for the current API client. A client should not
-// be modified concurrently.
-type API struct {
-	APIKey            string
-	APIEmail          string
-	APIUserServiceKey string
-	APIToken          string
-	BaseURL           string
-	UserAgent         string
-	headers           http.Header
-	httpClient        *http.Client
-	authType          int
-	rateLimiter       *rate.Limiter
-	retryPolicy       RetryPolicy
-	logger            Logger
-	Debug             bool
-}
-
-// newClient provides shared logic for New and NewWithUserServiceKey.
-func newClient(opts ...Option) (*API, error) {
-	silentLogger := log.New(io.Discard, "", log.LstdFlags)
-
-	api := &API{
-		BaseURL:     fmt.Sprintf("%s://%s%s", defaultScheme, defaultHostname, defaultBasePath),
-		UserAgent:   userAgent + "/" + Version,
-		headers:     make(http.Header),
-		rateLimiter: rate.NewLimiter(rate.Limit(4), 1), // 4rps equates to default api limit (1200 req/5 min)
-		retryPolicy: RetryPolicy{
-			MaxRetries:    3,
-			MinRetryDelay: 1 * time.Second,
-			MaxRetryDelay: 30 * time.Second,
-		},
-		logger: silentLogger,
-	}
-
-	err := api.parseOptions(opts...)
-	if err != nil {
-		return nil, fmt.Errorf("options parsing failed: %w", err)
-	}
-
-	// Fall back to http.DefaultClient if the package user does not provide
-	// their own.
-	if api.httpClient == nil {
-		api.httpClient = http.DefaultClient
-	}
-
-	return api, nil
-}
-
-// New creates a new Cloudflare v4 API client.
-func New(key, email string, opts ...Option) (*API, error) {
-	if key == "" || email == "" {
-		return nil, errors.New(errEmptyCredentials)
-	}
-
-	api, err := newClient(opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	api.APIKey = key
-	api.APIEmail = email
-	api.authType = AuthKeyEmail
-
-	return api, nil
-}
-
-// NewWithAPIToken creates a new Cloudflare v4 API client using API Tokens.
-func NewWithAPIToken(token string, opts ...Option) (*API, error) {
-	if token == "" {
-		return nil, errors.New(errEmptyAPIToken)
-	}
-
-	api, err := newClient(opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	api.APIToken = token
-	api.authType = AuthToken
-
-	return api, nil
-}
-
-// NewWithUserServiceKey creates a new Cloudflare v4 API client using service key authentication.
-func NewWithUserServiceKey(key string, opts ...Option) (*API, error) {
-	if key == "" {
-		return nil, errors.New(errEmptyCredentials)
-	}
-
-	api, err := newClient(opts...)
-	if err != nil {
-		return nil, err
-	}
-
-	api.APIUserServiceKey = key
-	api.authType = AuthUserService
-
-	return api, nil
-}
-
-// SetAuthType sets the authentication method (AuthKeyEmail, AuthToken, or AuthUserService).
-func (api *API) SetAuthType(authType int) {
-	api.authType = authType
-}
-
-// ZoneIDByName retrieves a zone's ID from the name.
-func (api *API) ZoneIDByName(zoneName string) (string, error) {
-	zoneName = normalizeZoneName(zoneName)
-	res, err := api.ListZonesContext(context.Background(), WithZoneFilters(zoneName, "", ""))
-	if err != nil {
-		return "", fmt.Errorf("ListZonesContext command failed: %w", err)
-	}
-
-	switch len(res.Result) {
-	case 0:
-		return "", errors.New("zone could not be found")
-	case 1:
-		return res.Result[0].ID, nil
-	default:
-		return "", errors.New("ambiguous zone name; an account ID might help")
-	}
-}
-
-// makeRequest makes a HTTP request and returns the body as a byte slice,
-// closing it before returning. params will be serialized to JSON.
-func (api *API) makeRequest(method, uri string, params interface{}) ([]byte, error) {
-	return api.makeRequestWithAuthType(context.Background(), method, uri, params, api.authType)
-}
-
-func (api *API) makeRequestContext(ctx context.Context, method, uri string, params interface{}) ([]byte, error) {
-	return api.makeRequestWithAuthType(ctx, method, uri, params, api.authType)
-}
-
-func (api *API) makeRequestContextWithHeaders(ctx context.Context, method, uri string, params interface{}, headers http.Header) ([]byte, error) {
-	return api.makeRequestWithAuthTypeAndHeaders(ctx, method, uri, params, api.authType, headers)
-}
-
-func (api *API) makeRequestWithAuthType(ctx context.Context, method, uri string, params interface{}, authType int) ([]byte, error) {
-	return api.makeRequestWithAuthTypeAndHeaders(ctx, method, uri, params, authType, nil)
-}
-
-// APIResponse holds the structure for a response from the API. It looks alot
-// like `http.Response` however, uses a `[]byte` for the `Body` instead of a
-// `io.ReadCloser`.
-//
-// This may go away in the experimental client in favour of `http.Response`.
-type APIResponse struct {
-	Body       []byte
-	Status     string
-	StatusCode int
-	Headers    http.Header
-}
-
-func (api *API) makeRequestWithAuthTypeAndHeaders(ctx context.Context, method, uri string, params interface{}, authType int, headers http.Header) ([]byte, error) {
-	res, err := api.makeRequestWithAuthTypeAndHeadersComplete(ctx, method, uri, params, authType, headers)
-	if err != nil {
-		return nil, err
-	}
-	return res.Body, err
-}
-
-// Use this method if an API response can have different Content-Type headers and different body formats.
-func (api *API) makeRequestContextWithHeadersComplete(ctx context.Context, method, uri string, params interface{}, headers http.Header) (*APIResponse, error) {
-	return api.makeRequestWithAuthTypeAndHeadersComplete(ctx, method, uri, params, api.authType, headers)
-}
-
-func (api *API) makeRequestWithAuthTypeAndHeadersComplete(ctx context.Context, method, uri string, params interface{}, authType int, headers http.Header) (*APIResponse, error) {
-	var err error
-	var resp *http.Response
-	var respErr error
-	var respBody []byte
-
-	for i := 0; i <= api.retryPolicy.MaxRetries; i++ {
-		var reqBody io.Reader
-		if params != nil {
-			if r, ok := params.(io.Reader); ok {
-				reqBody = r
-			} else if paramBytes, ok := params.([]byte); ok {
-				reqBody = bytes.NewReader(paramBytes)
-			} else {
-				var jsonBody []byte
-				jsonBody, err = json.Marshal(params)
-				if err != nil {
-					return nil, fmt.Errorf("error marshalling params to JSON: %w", err)
-				}
-				reqBody = bytes.NewReader(jsonBody)
-			}
-		}
-
-		if i > 0 {
-			// expect the backoff introduced here on errored requests to dominate the effect of rate limiting
-			// don't need a random component here as the rate limiter should do something similar
-			// nb time duration could truncate an arbitrary float. Since our inputs are all ints, we should be ok
-			sleepDuration := time.Duration(math.Pow(2, float64(i-1)) * float64(api.retryPolicy.MinRetryDelay))
-
-			if sleepDuration > api.retryPolicy.MaxRetryDelay {
-				sleepDuration = api.retryPolicy.MaxRetryDelay
-			}
-			// useful to do some simple logging here, maybe introduce levels later
-			api.logger.Printf("Sleeping %s before retry attempt number %d for request %s %s", sleepDuration.String(), i, method, uri)
-
-			select {
-			case <-time.After(sleepDuration):
-			case <-ctx.Done():
-				return nil, fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
-			}
-		}
-
-		err = api.rateLimiter.Wait(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("error caused by request rate limiting: %w", err)
-		}
-
-		resp, respErr = api.request(ctx, method, uri, reqBody, authType, headers)
-
-		// short circuit processing on context timeouts
-		if respErr != nil && errors.Is(respErr, context.DeadlineExceeded) {
-			return nil, respErr
-		}
-
-		// retry if the server is rate limiting us or if it failed
-		// assumes server operations are rolled back on failure
-		if respErr != nil || resp.StatusCode == http.StatusTooManyRequests || resp.StatusCode >= 500 {
-			if resp != nil && resp.StatusCode == http.StatusTooManyRequests {
-				respErr = errors.New("exceeded available rate limit retries")
-			}
-
-			if respErr == nil {
-				respErr = fmt.Errorf("received %s response (HTTP %d), please try again later", strings.ToLower(http.StatusText(resp.StatusCode)), resp.StatusCode)
-			}
-			continue
-		} else {
-			respBody, err = io.ReadAll(resp.Body)
-			defer resp.Body.Close()
-			if err != nil {
-				return nil, fmt.Errorf("could not read response body: %w", err)
-			}
-
-			break
-		}
-	}
-
-	// still had an error after all retries
-	if respErr != nil {
-		return nil, respErr
-	}
-
-	if resp.StatusCode >= http.StatusBadRequest {
-		if strings.HasSuffix(resp.Request.URL.Path, "/filters/validate-expr") {
-			return nil, fmt.Errorf("%s", respBody)
-		}
-
-		if resp.StatusCode >= http.StatusInternalServerError {
-			return nil, &ServiceError{cloudflareError: &Error{
-				StatusCode: resp.StatusCode,
-				RayID:      resp.Header.Get("cf-ray"),
-				Errors: []ResponseInfo{{
-					Message: errInternalServiceError,
-				}},
-			}}
-		}
-
-		errBody := &Response{}
-		err = json.Unmarshal(respBody, &errBody)
-		if err != nil {
-			return nil, fmt.Errorf(errUnmarshalErrorBody+": %w", err)
-		}
-
-		errCodes := make([]int, 0, len(errBody.Errors))
-		errMsgs := make([]string, 0, len(errBody.Errors))
-		for _, e := range errBody.Errors {
-			errCodes = append(errCodes, e.Code)
-			errMsgs = append(errMsgs, e.Message)
-		}
-
-		err := &Error{
-			StatusCode:    resp.StatusCode,
-			RayID:         resp.Header.Get("cf-ray"),
-			Errors:        errBody.Errors,
-			ErrorCodes:    errCodes,
-			ErrorMessages: errMsgs,
-			Messages:      errBody.Messages,
-		}
-
-		switch resp.StatusCode {
-		case http.StatusUnauthorized:
-			err.Type = ErrorTypeAuthorization
-			return nil, &AuthorizationError{cloudflareError: err}
-		case http.StatusForbidden:
-			err.Type = ErrorTypeAuthentication
-			return nil, &AuthenticationError{cloudflareError: err}
-		case http.StatusNotFound:
-			err.Type = ErrorTypeNotFound
-			return nil, &NotFoundError{cloudflareError: err}
-		case http.StatusTooManyRequests:
-			err.Type = ErrorTypeRateLimit
-			return nil, &RatelimitError{cloudflareError: err}
-		default:
-			err.Type = ErrorTypeRequest
-			return nil, &RequestError{cloudflareError: err}
-		}
-	}
-
-	return &APIResponse{
-		Body:       respBody,
-		StatusCode: resp.StatusCode,
-		Status:     resp.Status,
-		Headers:    resp.Header,
-	}, nil
-}
-
-// request makes a HTTP request to the given API endpoint, returning the raw
-// *http.Response, or an error if one occurred. The caller is responsible for
-// closing the response body.
-func (api *API) request(ctx context.Context, method, uri string, reqBody io.Reader, authType int, headers http.Header) (*http.Response, error) {
-	req, err := http.NewRequestWithContext(ctx, method, api.BaseURL+uri, reqBody)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP request creation failed: %w", err)
-	}
-
-	combinedHeaders := make(http.Header)
-	copyHeader(combinedHeaders, api.headers)
-	copyHeader(combinedHeaders, headers)
-	req.Header = combinedHeaders
-
-	if authType&AuthKeyEmail != 0 {
-		req.Header.Set("X-Auth-Key", api.APIKey)
-		req.Header.Set("X-Auth-Email", api.APIEmail)
-	}
-	if authType&AuthUserService != 0 {
-		req.Header.Set("X-Auth-User-Service-Key", api.APIUserServiceKey)
-	}
-	if authType&AuthToken != 0 {
-		req.Header.Set("Authorization", "Bearer "+api.APIToken)
-	}
-
-	if api.UserAgent != "" {
-		req.Header.Set("User-Agent", api.UserAgent)
-	}
-
-	if req.Header.Get("Content-Type") == "" {
-		req.Header.Set("Content-Type", "application/json")
-	}
-
-	if api.Debug {
-		dump, err := httputil.DumpRequestOut(req, true)
-		if err != nil {
-			return nil, err
-		}
-
-		// Strip out any sensitive information from the request payload.
-		sensitiveKeys := []string{api.APIKey, api.APIEmail, api.APIToken, api.APIUserServiceKey}
-		for _, key := range sensitiveKeys {
-			if key != "" {
-				valueRegex := regexp.MustCompile(fmt.Sprintf("(?m)%s", key))
-				dump = valueRegex.ReplaceAll(dump, []byte("[redacted]"))
-			}
-		}
-		log.Printf("\n%s", string(dump))
-	}
-
-	resp, err := api.httpClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP request failed: %w", err)
-	}
-
-	if api.Debug {
-		dump, err := httputil.DumpResponse(resp, true)
-		if err != nil {
-			return resp, err
-		}
-		log.Printf("\n%s", string(dump))
-	}
-
-	return resp, nil
-}
-
-// copyHeader copies all headers for `source` and sets them on `target`.
-// based on https://godoc.org/github.com/golang/gddo/httputil/header#Copy
-func copyHeader(target, source http.Header) {
-	for k, vs := range source {
-		target[k] = vs
-	}
-}
-
-// ResponseInfo contains a code and message returned by the API as errors or
-// informational messages inside the response.
-type ResponseInfo struct {
-	Code    int    `json:"code"`
-	Message string `json:"message"`
-}
-
-// Response is a template.  There will also be a result struct.  There will be a
-// unique response type for each response, which will include this type.
-type Response struct {
-	Success  bool           `json:"success"`
-	Errors   []ResponseInfo `json:"errors"`
-	Messages []ResponseInfo `json:"messages"`
-}
-
-// ResultInfoCursors contains information about cursors.
-type ResultInfoCursors struct {
-	Before string `json:"before" url:"before,omitempty"`
-	After  string `json:"after" url:"after,omitempty"`
-}
-
-// ResultInfo contains metadata about the Response.
-type ResultInfo struct {
-	Page       int               `json:"page" url:"page,omitempty"`
-	PerPage    int               `json:"per_page" url:"per_page,omitempty"`
-	TotalPages int               `json:"total_pages" url:"-"`
-	Count      int               `json:"count" url:"-"`
-	Total      int               `json:"total_count" url:"-"`
-	Cursor     string            `json:"cursor" url:"cursor,omitempty"`
-	Cursors    ResultInfoCursors `json:"cursors" url:"cursors,omitempty"`
-}
-
-// RawResponse keeps the result as JSON form.
-type RawResponse struct {
-	Response
-	Result     json.RawMessage `json:"result"`
-	ResultInfo *ResultInfo     `json:"result_info,omitempty"`
-}
-
-// Raw makes a HTTP request with user provided params and returns the
-// result as a RawResponse, which contains the untouched JSON result.
-func (api *API) Raw(ctx context.Context, method, endpoint string, data interface{}, headers http.Header) (RawResponse, error) {
-	var r RawResponse
-	res, err := api.makeRequestContextWithHeaders(ctx, method, endpoint, data, headers)
-	if err != nil {
-		return r, err
-	}
-
-	if err := json.Unmarshal(res, &r); err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// PaginationOptions can be passed to a list request to configure paging
-// These values will be defaulted if omitted, and PerPage has min/max limits set by resource.
-type PaginationOptions struct {
-	Page    int `json:"page,omitempty" url:"page,omitempty"`
-	PerPage int `json:"per_page,omitempty" url:"per_page,omitempty"`
-}
-
-// RetryPolicy specifies number of retries and min/max retry delays
-// This config is used when the client exponentially backs off after errored requests.
-type RetryPolicy struct {
-	MaxRetries    int
-	MinRetryDelay time.Duration
-	MaxRetryDelay time.Duration
-}
-
-// Logger defines the interface this library needs to use logging
-// This is a subset of the methods implemented in the log package.
-type Logger interface {
-	Printf(format string, v ...interface{})
-}
-
-// ReqOption is a functional option for configuring API requests.
-type ReqOption func(opt *reqOption)
-
-type reqOption struct {
-	params url.Values
-}
-
-// WithZoneFilters applies a filter based on zone properties.
-func WithZoneFilters(zoneName, accountID, status string) ReqOption {
-	return func(opt *reqOption) {
-		if zoneName != "" {
-			opt.params.Set("name", normalizeZoneName(zoneName))
-		}
-
-		if accountID != "" {
-			opt.params.Set("account.id", accountID)
-		}
-
-		if status != "" {
-			opt.params.Set("status", status)
-		}
-	}
-}
-
-// WithPagination configures the pagination for a response.
-func WithPagination(opts PaginationOptions) ReqOption {
-	return func(opt *reqOption) {
-		if opts.Page > 0 {
-			opt.params.Set("page", strconv.Itoa(opts.Page))
-		}
-
-		if opts.PerPage > 0 {
-			opt.params.Set("per_page", strconv.Itoa(opts.PerPage))
-		}
-	}
-}
-
-// checkResultInfo checks whether ResultInfo is reasonable except that it currently
-// ignores the cursor information. perPage, page, and count are the requested #items
-// per page, the requested page number, and the actual length of the Result array.
-//
-// Responses from the actual Cloudflare servers should pass all these checks (or we
-// discover a serious bug in the Cloudflare servers). However, the unit tests can
-// easily violate these constraints and this utility function can help debugging.
-// Correct pagination information is crucial for more advanced List* functions that
-// handle pagination automatically and fetch different pages in parallel.
-//
-// TODO: check cursors as well.
-func checkResultInfo(perPage, page, count int, info *ResultInfo) bool {
-	if info.Cursor != "" || info.Cursors.Before != "" || info.Cursors.After != "" {
-		panic("checkResultInfo could not handle cursors yet.")
-	}
-
-	switch {
-	case info.PerPage != perPage || info.Page != page || info.Count != count:
-		return false
-
-	case info.PerPage <= 0:
-		return false
-
-	case info.Total == 0 && info.TotalPages == 0 && info.Page == 1 && info.Count == 0:
-		return true
-
-	case info.Total <= 0 || info.TotalPages <= 0:
-		return false
-
-	case info.Total > info.PerPage*info.TotalPages || info.Total <= info.PerPage*(info.TotalPages-1):
-		return false
-	}
-
-	switch {
-	case info.Page > info.TotalPages || info.Page <= 0:
-		return false
-
-	case info.Page < info.TotalPages:
-		return info.Count == info.PerPage
-
-	case info.Page == info.TotalPages:
-		return info.Count == info.Total-info.PerPage*(info.TotalPages-1)
-
-	default:
-		// This is actually impossible, but Go compiler does not know trichotomy
-		panic("checkResultInfo: impossible")
-	}
-}
-
-type OrderDirection string
-
-const (
-	OrderDirectionAsc  OrderDirection = "asc"
-	OrderDirectionDesc OrderDirection = "desc"
-)
diff --git a/pkg/cloudflare-go/cloudflare_experimental.go b/pkg/cloudflare-go/cloudflare_experimental.go
deleted file mode 100644
index c09e803a5d..0000000000
--- a/pkg/cloudflare-go/cloudflare_experimental.go
+++ /dev/null
@@ -1,343 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/hashicorp/go-retryablehttp"
-)
-
-type service struct {
-	client *Client
-}
-
-type ClientParams struct {
-	Key            string
-	Email          string
-	UserServiceKey string
-	Token          string
-	STS            *SecurityTokenConfiguration
-	BaseURL        *url.URL
-	UserAgent      string
-	Headers        http.Header
-	HTTPClient     *http.Client
-	RetryPolicy    RetryPolicy
-	Logger         LeveledLoggerInterface
-	Debug          bool
-}
-
-// A Client manages communication with the Cloudflare API.
-type Client struct {
-	clientMu sync.Mutex
-
-	*ClientParams
-
-	common service // Reuse a single struct instead of allocating one for each service on the heap.
-
-	Zones *ZonesService
-}
-
-// Client returns the http.Client used by this Cloudflare client.
-func (c *Client) Client() *http.Client {
-	c.clientMu.Lock()
-	defer c.clientMu.Unlock()
-	clientCopy := *c.HTTPClient
-	return &clientCopy
-}
-
-// Call is the entrypoint to making API calls with the correct request setup.
-func (c *Client) Call(ctx context.Context, method, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, method, path, payload, nil)
-}
-
-// CallWithHeaders is the entrypoint to making API calls with the correct
-// request setup (like `Call`) but allows passing in additional HTTP headers
-// with the request.
-func (c *Client) CallWithHeaders(ctx context.Context, method, path string, payload interface{}, headers http.Header) ([]byte, error) {
-	return c.makeRequest(ctx, method, path, payload, headers)
-}
-
-// New creates a new instance of the API client by merging ClientParams with the
-// default values.
-func NewExperimental(config *ClientParams) (*Client, error) {
-	c := &Client{ClientParams: &ClientParams{}}
-	c.common.client = c
-
-	defaultURL, _ := url.Parse(defaultScheme + "://" + defaultHostname + defaultBasePath)
-	if config.BaseURL != nil {
-		c.ClientParams.BaseURL = config.BaseURL
-	} else {
-		c.ClientParams.BaseURL = defaultURL
-	}
-
-	if config.UserAgent != "" {
-		c.ClientParams.UserAgent = config.UserAgent
-	} else {
-		c.ClientParams.UserAgent = userAgent + "/" + Version
-	}
-
-	if config.HTTPClient != nil {
-		c.ClientParams.HTTPClient = config.HTTPClient
-	} else {
-		retryClient := retryablehttp.NewClient()
-
-		if c.RetryPolicy.MaxRetries > 0 {
-			retryClient.RetryMax = c.RetryPolicy.MaxRetries
-		} else {
-			retryClient.RetryMax = 4
-		}
-
-		if c.RetryPolicy.MinRetryDelay > 0 {
-			retryClient.RetryWaitMin = c.RetryPolicy.MinRetryDelay
-		} else {
-			retryClient.RetryWaitMin = 1 * time.Second
-		}
-
-		if c.RetryPolicy.MaxRetryDelay > 0 {
-			retryClient.RetryWaitMax = c.RetryPolicy.MaxRetryDelay
-		} else {
-			retryClient.RetryWaitMax = 30 * time.Second
-		}
-
-		retryClient.Logger = silentRetryLogger
-		c.ClientParams.HTTPClient = retryClient.StandardClient()
-	}
-
-	if config.Headers != nil {
-		c.ClientParams.Headers = config.Headers
-	} else {
-		c.ClientParams.Headers = make(http.Header)
-	}
-
-	if config.Key != "" && config.Token != "" {
-		return nil, ErrAPIKeysAndTokensAreMutuallyExclusive
-	}
-
-	if config.Key != "" {
-		c.ClientParams.Key = config.Key
-		c.ClientParams.Email = config.Email
-	}
-
-	if config.Token != "" {
-		c.ClientParams.Token = config.Token
-	}
-
-	if config.UserServiceKey != "" {
-		c.ClientParams.UserServiceKey = config.UserServiceKey
-	}
-
-	c.ClientParams.Debug = config.Debug
-	if c.ClientParams.Debug {
-		c.ClientParams.Logger = &LeveledLogger{Level: 4}
-	} else {
-		c.ClientParams.Logger = SilentLeveledLogger
-	}
-
-	if config.STS != nil {
-		stsToken, err := fetchSTSCredentials(config.STS)
-		if err != nil {
-			return nil, ErrSTSFailure
-		}
-		c.ClientParams.Token = stsToken
-	}
-
-	c.Zones = (*ZonesService)(&c.common)
-
-	return c, nil
-}
-
-// request makes a HTTP request to the given API endpoint, returning the raw
-// *http.Response, or an error if one occurred. The caller is responsible for
-// closing the response body.
-func (c *Client) request(ctx context.Context, method, uri string, reqBody io.Reader, headers http.Header) (*http.Response, error) {
-	req, err := http.NewRequestWithContext(ctx, method, c.BaseURL.String()+uri, reqBody)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP request creation failed: %w", err)
-	}
-
-	combinedHeaders := make(http.Header)
-	copyHeader(combinedHeaders, c.Headers)
-	copyHeader(combinedHeaders, headers)
-	req.Header = combinedHeaders
-
-	if c.Key == "" && c.Email == "" && c.Token == "" && c.UserServiceKey == "" {
-		return nil, ErrMissingCredentials
-	}
-
-	if c.Key != "" {
-		req.Header.Set("X-Auth-Key", c.ClientParams.Key)
-		req.Header.Set("X-Auth-Email", c.ClientParams.Email)
-	}
-
-	if c.UserServiceKey != "" {
-		req.Header.Set("X-Auth-User-Service-Key", c.ClientParams.UserServiceKey)
-	}
-
-	if c.Token != "" {
-		req.Header.Set("Authorization", "Bearer "+c.ClientParams.Token)
-	}
-
-	if c.UserAgent != "" {
-		req.Header.Set("User-Agent", c.ClientParams.UserAgent)
-	}
-
-	if req.Header.Get("Content-Type") == "" {
-		req.Header.Set("Content-Type", "application/json")
-	}
-
-	if c.Debug {
-		dump, err := httputil.DumpRequestOut(req, true)
-		if err != nil {
-			return nil, err
-		}
-
-		// Strip out any sensitive information from the request payload.
-		sensitiveKeys := []string{c.Key, c.Email, c.Token, c.UserServiceKey}
-		for _, key := range sensitiveKeys {
-			if key != "" {
-				valueRegex := regexp.MustCompile(fmt.Sprintf("(?m)%s", key))
-				dump = valueRegex.ReplaceAll(dump, []byte("[redacted]"))
-			}
-		}
-		log.Printf("\n%s", string(dump))
-	}
-
-	resp, err := c.HTTPClient.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("HTTP request failed: %w", err)
-	}
-
-	if c.Debug {
-		dump, err := httputil.DumpResponse(resp, true)
-		if err != nil {
-			return resp, err
-		}
-		log.Printf("\n%s", string(dump))
-	}
-
-	return resp, nil
-}
-
-func (c *Client) makeRequest(ctx context.Context, method, uri string, params interface{}, headers http.Header) ([]byte, error) {
-	var reqBody io.Reader
-	var err error
-
-	if params != nil {
-		if r, ok := params.(io.Reader); ok {
-			reqBody = r
-		} else if paramBytes, ok := params.([]byte); ok {
-			reqBody = bytes.NewReader(paramBytes)
-		} else {
-			var jsonBody []byte
-			jsonBody, err = json.Marshal(params)
-			if err != nil {
-				return nil, fmt.Errorf("error marshalling params to JSON: %w", err)
-			}
-			reqBody = bytes.NewReader(jsonBody)
-		}
-	}
-
-	var resp *http.Response
-	var respErr error
-	var respBody []byte
-
-	resp, respErr = c.request(ctx, method, uri, reqBody, headers)
-	if respErr != nil {
-		return nil, respErr
-	}
-
-	respBody, err = io.ReadAll(resp.Body)
-	resp.Body.Close()
-	if err != nil {
-		return nil, fmt.Errorf("could not read response body: %w", err)
-	}
-
-	if resp.StatusCode >= http.StatusBadRequest {
-		if strings.HasSuffix(resp.Request.URL.Path, "/filters/validate-expr") {
-			return nil, fmt.Errorf("%s", respBody)
-		}
-
-		if resp.StatusCode >= http.StatusInternalServerError {
-			return nil, &ServiceError{cloudflareError: &Error{
-				StatusCode: resp.StatusCode,
-				RayID:      resp.Header.Get("cf-ray"),
-				Errors: []ResponseInfo{{
-					Message: errInternalServiceError,
-				}},
-			}}
-		}
-
-		errBody := &Response{}
-		err = json.Unmarshal(respBody, &errBody)
-		if err != nil {
-			return nil, fmt.Errorf("failed to unmarshal response body: %w", err)
-		}
-
-		errCodes := make([]int, 0, len(errBody.Errors))
-		errMsgs := make([]string, 0, len(errBody.Errors))
-		for _, e := range errBody.Errors {
-			errCodes = append(errCodes, e.Code)
-			errMsgs = append(errMsgs, e.Message)
-		}
-
-		err := &Error{
-			StatusCode:    resp.StatusCode,
-			RayID:         resp.Header.Get("cf-ray"),
-			Errors:        errBody.Errors,
-			ErrorCodes:    errCodes,
-			ErrorMessages: errMsgs,
-		}
-
-		switch resp.StatusCode {
-		case http.StatusUnauthorized:
-			err.Type = ErrorTypeAuthorization
-			return nil, &AuthorizationError{cloudflareError: err}
-		case http.StatusForbidden:
-			err.Type = ErrorTypeAuthentication
-			return nil, &AuthenticationError{cloudflareError: err}
-		case http.StatusNotFound:
-			err.Type = ErrorTypeNotFound
-			return nil, &NotFoundError{cloudflareError: err}
-		case http.StatusTooManyRequests:
-			err.Type = ErrorTypeRateLimit
-			return nil, &RatelimitError{cloudflareError: err}
-		default:
-			err.Type = ErrorTypeRequest
-			return nil, &RequestError{cloudflareError: err}
-		}
-	}
-
-	return respBody, nil
-}
-
-func (c *Client) get(ctx context.Context, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, http.MethodGet, path, payload, nil)
-}
-
-func (c *Client) post(ctx context.Context, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, http.MethodPost, path, payload, nil)
-}
-
-func (c *Client) patch(ctx context.Context, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, http.MethodPatch, path, payload, nil)
-}
-
-func (c *Client) put(ctx context.Context, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, http.MethodPut, path, payload, nil)
-}
-
-func (c *Client) delete(ctx context.Context, path string, payload interface{}) ([]byte, error) {
-	return c.makeRequest(ctx, http.MethodDelete, path, payload, nil)
-}
diff --git a/pkg/cloudflare-go/cloudflare_test.go b/pkg/cloudflare-go/cloudflare_test.go
deleted file mode 100644
index e7ffb09f66..0000000000
--- a/pkg/cloudflare-go/cloudflare_test.go
+++ /dev/null
@@ -1,549 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	// mux is the HTTP request multiplexer used with the test server.
-	mux *http.ServeMux
-
-	// client is the API client being tested.
-	client *API
-
-	// server is a test HTTP server used to provide mock API responses.
-	server *httptest.Server
-
-	// testAccountRC is a test account resource container.
-	testAccountRC = AccountIdentifier(testAccountID)
-
-	// testZoneRC is a test zone resource container.
-	testZoneRC = ZoneIdentifier(testZoneID)
-)
-
-func setup(opts ...Option) {
-	// test server
-	mux = http.NewServeMux()
-	server = httptest.NewServer(mux)
-
-	// disable rate limits and retries in testing - prepended so any provided value overrides this
-	opts = append([]Option{UsingRateLimit(100000), UsingRetryPolicy(0, 0, 0)}, opts...)
-
-	// Cloudflare client configured to use test server
-	client, _ = New("deadbeef", "cloudflare@example.org", opts...)
-	client.BaseURL = server.URL
-}
-
-func teardown() {
-	server.Close()
-}
-
-func TestClient_Headers(t *testing.T) {
-	// it should set default headers
-	setup()
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "cloudflare@example.org", r.Header.Get("X-Auth-Email"))
-		assert.Equal(t, "deadbeef", r.Header.Get("X-Auth-Key"))
-		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
-	})
-	client.UserDetails(context.Background()) //nolint
-	teardown()
-
-	// it should override appropriate default headers when custom headers given
-	headers := make(http.Header)
-	headers.Set("Content-Type", "application/xhtml+xml")
-	headers.Add("X-Random", "a random header")
-	setup(Headers(headers))
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "cloudflare@example.org", r.Header.Get("X-Auth-Email"))
-		assert.Equal(t, "deadbeef", r.Header.Get("X-Auth-Key"))
-		assert.Equal(t, "application/xhtml+xml", r.Header.Get("Content-Type"))
-		assert.Equal(t, "a random header", r.Header.Get("X-Random"))
-	})
-	client.UserDetails(context.Background()) //nolint
-	teardown()
-
-	// it should set X-Auth-User-Service-Key and omit X-Auth-Email and X-Auth-Key when client.authType is AuthUserService
-	setup()
-	client.SetAuthType(AuthUserService)
-	client.APIUserServiceKey = "userservicekey"
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Empty(t, r.Header.Get("X-Auth-Email"))
-		assert.Empty(t, r.Header.Get("X-Auth-Key"))
-		assert.Empty(t, r.Header.Get("Authorization"))
-		assert.Equal(t, "userservicekey", r.Header.Get("X-Auth-User-Service-Key"))
-		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
-	})
-	client.UserDetails(context.Background()) //nolint
-	teardown()
-
-	// it should set X-Auth-User-Service-Key and omit X-Auth-Email and X-Auth-Key when using NewWithUserServiceKey
-	setup()
-	client, err := NewWithUserServiceKey("userservicekey")
-	assert.NoError(t, err)
-	client.BaseURL = server.URL
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Empty(t, r.Header.Get("X-Auth-Email"))
-		assert.Empty(t, r.Header.Get("X-Auth-Key"))
-		assert.Empty(t, r.Header.Get("Authorization"))
-		assert.Equal(t, "userservicekey", r.Header.Get("X-Auth-User-Service-Key"))
-		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
-	})
-	client.UserDetails(context.Background()) //nolint
-	teardown()
-
-	// it should set Authorization and omit others credential headers when using NewWithAPIToken
-	setup()
-	client, err = NewWithAPIToken("my-api-token")
-	assert.NoError(t, err)
-	client.BaseURL = server.URL
-	mux.HandleFunc("/zones/123456", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Empty(t, r.Header.Get("X-Auth-Email"))
-		assert.Empty(t, r.Header.Get("X-Auth-Key"))
-		assert.Empty(t, r.Header.Get("X-Auth-User-Service-Key"))
-		assert.Equal(t, "Bearer my-api-token", r.Header.Get("Authorization"))
-		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
-	})
-	client.UserDetails(context.Background()) //nolint
-	teardown()
-}
-
-func TestClient_RetryCanSucceedAfterErrors(t *testing.T) {
-	setup(UsingRetryPolicy(2, 0, 1))
-	defer teardown()
-
-	requestsReceived := 0
-	// could test any function, using ListLoadBalancerPools
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		actual := LoadBalancerPool{}
-		assert.NoError(t, json.NewDecoder(r.Body).Decode(&actual))
-		assert.Equal(t, "123", actual.ID)
-		w.Header().Set("content-type", "application/json")
-
-		// we are doing three *retries*
-		if requestsReceived == 0 {
-			// return error causing client to retry
-			w.WriteHeader(500)
-			fmt.Fprint(w, `{
-				"success": false,
-				"errors": [ "server created some error"],
-				"messages": [],
-				"result": []
-			}`)
-		} else if requestsReceived == 1 {
-			// return error causing client to retry
-			w.WriteHeader(429)
-			fmt.Fprint(w, `{
-				"success": false,
-				"errors": [ "this is a rate limiting error"],
-				"messages": [],
-				"result": []
-			}`)
-		} else {
-			// return success response
-			fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result":
-                {
-                    "id": "17b5962d775c646f3f9725cbc7a53df4",
-                    "created_on": "2014-01-01T05:20:00.12345Z",
-                    "modified_on": "2014-02-01T05:20:00.12345Z",
-                    "description": "Primary data center - Provider XYZ",
-                    "name": "primary-dc-1",
-                    "enabled": true,
-                    "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                    "origins": [
-                      {
-                        "name": "app-server-1",
-                        "address": "198.51.100.1",
-                        "enabled": true
-                      }
-                    ],
-                    "notification_email": "someone@example.com"
-                },
-            "result_info": {
-                "page": 1,
-                "per_page": 20,
-                "count": 1,
-                "total_count": 1
-            }
-        }`)
-		}
-		requestsReceived++
-	}
-
-	mux.HandleFunc("/user/load_balancers/pools", handler)
-
-	_, err := client.CreateLoadBalancerPool(context.Background(), UserIdentifier(testUserID), CreateLoadBalancerPoolParams{LoadBalancerPool: LoadBalancerPool{ID: "123"}})
-	assert.NoError(t, err)
-}
-
-func TestClient_RetryReturnsPersistentErrorResponse(t *testing.T) {
-	setup(UsingRetryPolicy(2, 0, 1))
-	defer teardown()
-
-	// could test any function, using ListLoadBalancerPools
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		// return error causing client to retry
-		w.WriteHeader(500)
-		fmt.Fprint(w, `{
-			"success": false,
-			"errors": [ "server created some error"],
-			"messages": [],
-			"result": []
-		}`)
-	}
-
-	mux.HandleFunc("/user/load_balancers/pools", handler)
-
-	_, err := client.ListLoadBalancerPools(context.Background(), UserIdentifier(testUserID), ListLoadBalancerPoolParams{})
-	assert.Error(t, err)
-}
-
-func TestZoneIDByNameWithNonUniqueZonesWithoutOrgID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "023e105f4ecef8ad9ca31a8372d0c353",
-					"name": "example.com",
-					"development_mode": 7200,
-					"original_name_servers": [
-						"ns1.originaldnshost.com",
-						"ns2.originaldnshost.com"
-					],
-					"original_registrar": "GoDaddy",
-					"original_dnshost": "NameCheap",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"modified_on": "2014-01-01T05:20:00.12345Z",
-					"owner": {
-						"id": "7c5dae5552338874e5053f2534d2767a",
-						"email": "user@example.com",
-						"owner_type": "user"
-					},
-					"account": {
-						"id": "01a7362d577a6c3019a474fd6f485823",
-						"name": "Demo Account"
-					},
-					"permissions": [
-						"#zone:read",
-						"#zone:edit"
-					],
-					"plan": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"plan_pending": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"status": "active",
-					"paused": false,
-					"type": "full",
-					"name_servers": [
-						"tony.ns.cloudflare.com",
-						"woz.ns.cloudflare.com"
-					]
-				},
-				{
-					"id": "023e105f4ecef8ad9ca31a8372d0c353",
-					"name": "example.com",
-					"development_mode": 7200,
-					"original_name_servers": [
-						"ns1.originaldnshost.com",
-						"ns2.originaldnshost.com"
-					],
-					"original_registrar": "GoDaddy",
-					"original_dnshost": "NameCheap",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"modified_on": "2014-01-01T05:20:00.12345Z",
-					"owner": {
-						"id": "7c5dae5552338874e5053f2534d2767a",
-						"email": "user@example.com",
-						"owner_type": "user"
-					},
-					"account": {
-						"id": "01a7362d577a6c3019a474fd6f485823",
-						"name": "Demo Account"
-					},
-					"permissions": [
-						"#zone:read",
-						"#zone:edit"
-					],
-					"plan": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"plan_pending": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"status": "active",
-					"paused": false,
-					"type": "full",
-					"name_servers": [
-						"tony.ns.cloudflare.com",
-						"woz.ns.cloudflare.com"
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 50,
-				"count": 2,
-				"total_count": 2,
-				"total_pages": 1
-			}
-		}
-		`)
-	}
-
-	// `HandleFunc` doesn't handle query parameters so we just need to
-	// handle the `/zones` endpoint instead.
-	mux.HandleFunc("/zones", handler)
-
-	_, err := client.ZoneIDByName("example.com")
-	assert.EqualError(t, err, "ambiguous zone name; an account ID might help")
-}
-
-func TestZoneIDByNameWithIDN(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"name": "exämple.com",
-					"development_mode": 7200,
-					"original_name_servers": [
-						"ns1.originaldnshost.com",
-						"ns2.originaldnshost.com"
-					],
-					"original_registrar": "GoDaddy",
-					"original_dnshost": "NameCheap",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"modified_on": "2014-01-01T05:20:00.12345Z",
-					"owner": {
-						"id": "7c5dae5552338874e5053f2534d2767a",
-						"email": "user@exämple.com",
-						"owner_type": "user"
-					},
-					"account": {
-						"id": "01a7362d577a6c3019a474fd6f485823",
-						"name": "Demo Account"
-					},
-					"permissions": [
-						"#zone:read",
-						"#zone:edit"
-					],
-					"plan": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"plan_pending": {
-						"id": "e592fd9519420ba7405e1307bff33214",
-						"name": "Pro Plan",
-						"price": 20,
-						"currency": "USD",
-						"frequency": "monthly",
-						"legacy_id": "pro",
-						"is_subscribed": true,
-						"can_subscribe": true
-					},
-					"status": "active",
-					"paused": false,
-					"type": "full",
-					"name_servers": [
-						"tony.ns.cloudflare.com",
-						"woz.ns.cloudflare.com"
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 50,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}
-		`)
-	}
-
-	// `HandleFunc` doesn't handle query parameters so we just need to
-	// handle the `/zones` endpoint instead.
-	mux.HandleFunc("/zones", handler)
-
-	actual, err := client.ZoneIDByName("exämple.com")
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, "7c5dae5552338874e5053f2534d2767a")
-	}
-
-	actual, err = client.ZoneIDByName("xn--exmple-cua.com")
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, "7c5dae5552338874e5053f2534d2767a")
-	}
-}
-
-func TestClient_ContextIsPassedToRequest(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-	defer cancel()
-
-	httpClient := &http.Client{
-		Transport: RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-			assert.Equal(t, ctx, r.Context())
-
-			rec := httptest.NewRecorder()
-			rec.WriteHeader(http.StatusOK)
-			return rec.Result(), nil
-		}),
-	}
-
-	cfClient, _ := New("deadbeef", "cloudflare@example.org", HTTPClient(httpClient))
-
-	cfClient.ListZonesContext(ctx) //nolint
-}
-
-func TestErrorFromResponseWithUnmarshalingError(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(400)
-		fmt.Fprintf(w, `{ not valid json`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/access/apps", handler)
-
-	_, err := client.CreateAccessApplication(context.Background(), AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), CreateAccessApplicationParams{
-		Name:            "Admin Site",
-		Domain:          "test.example.com/admin",
-		SessionDuration: "24h",
-	})
-
-	assert.Regexp(t, "error unmarshalling the JSON response error body: ", err)
-}
-
-type RoundTripperFunc func(*http.Request) (*http.Response, error)
-
-func (t RoundTripperFunc) RoundTrip(request *http.Request) (*http.Response, error) {
-	return t(request)
-}
-
-func TestContextTimeout(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		time.Sleep(3 * time.Second)
-	}
-
-	mux.HandleFunc("/timeout", handler)
-
-	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
-	defer cancel()
-
-	start := time.Now()
-	_, err := client.makeRequestContext(ctx, http.MethodHead, "/timeout", nil)
-	assert.ErrorIs(t, err, context.DeadlineExceeded)
-	assert.WithinDuration(t, start, time.Now(), 2*time.Second,
-		"makeRequestContext took too much time with an expiring context")
-}
-
-func TestCheckResultInfo(t *testing.T) {
-	for _, c := range [...]struct {
-		TestName   string
-		PerPage    int
-		Page       int
-		Count      int
-		ResultInfo ResultInfo
-		Verdict    bool
-	}{
-		{"per_page do not match", 20, 1, 0, ResultInfo{Page: 1, PerPage: 30, TotalPages: 0, Count: 0, Total: 0}, false},
-		{"page counts do not match", 20, 2, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 40}, false},
-		{"counts do not match", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 19, Total: 21}, false},
-		{"counts do not match", 20, 1, 19, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 21}, false},
-		{"per_page 0", 0, 1, 0, ResultInfo{Page: 1, PerPage: 0, TotalPages: 1, Count: 0, Total: 0}, false},
-		{"number of items is zero", 20, 1, 0, ResultInfo{Page: 1, PerPage: 20, TotalPages: 0, Count: 0, Total: 0}, true},
-		{"number of items is 0 but number of pages is greater than 0", 20, 1, 0, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 0, Total: 0}, false},
-		{"total number of items greater than 0 but number of pages is 0", 20, 1, 1, ResultInfo{Page: 1, PerPage: 20, TotalPages: 0, Count: 1, Total: 1}, false},
-		{"too many total number of items (one more page is needed)", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 20, Total: 21}, false},
-		{"too few total number of items (the second page would be empty)", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 20, Total: 20}, false},
-		{"page number cannot be zero", 20, 0, 20, ResultInfo{Page: 0, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, false},
-		{"page number cannot go beyond number of pages", 20, 2, 20, ResultInfo{Page: 2, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, false},
-		{"the last page is full of results", 20, 1, 20, ResultInfo{Page: 1, PerPage: 20, TotalPages: 1, Count: 20, Total: 20}, true},
-		{"we are not on the last page so it should be full of results", 20, 1, 19, ResultInfo{Page: 1, PerPage: 20, TotalPages: 2, Count: 19, Total: 39}, false},
-		{"last page only has 19 items not 20", 20, 2, 20, ResultInfo{Page: 2, PerPage: 20, TotalPages: 2, Count: 20, Total: 39}, false},
-		{"fully working result info", 20, 2, 19, ResultInfo{Page: 2, PerPage: 20, TotalPages: 2, Count: 19, Total: 39}, true},
-	} {
-		t.Run(c.TestName, func(t *testing.T) {
-			assert.Equal(t, c.Verdict, checkResultInfo(c.PerPage, c.Page, c.Count, &c.ResultInfo))
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml b/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
deleted file mode 100644
index 131b233f2b..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/.goreleaser.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-before:
-  hooks:
-    - cp ../../LICENSE .
-    - go mod download
-builds:
-  - env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-      - windows
-      - darwin
-    goarch:
-      - amd64
-      - arm
-      - arm64
-    binary: flarectl
-    mod_timestamp: '{{ .CommitTimestamp }}'
-archives:
-  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}"
-checksum:
-  disable: true
-changelog:
-  disable: true
diff --git a/pkg/cloudflare-go/cmd/flarectl/README.md b/pkg/cloudflare-go/cmd/flarectl/README.md
deleted file mode 100644
index 8bbdce4cad..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/README.md
+++ /dev/null
@@ -1,108 +0,0 @@
-# flarectl
-
-A CLI application for interacting with a Cloudflare account. Powered by [cloudflare-go](https://github.com/cloudflare/cloudflare-go).
-
-## Installation 
-
-Install it when you install our command-line library:
-
-```sh
-go install github.com/cloudflare/cloudflare-go/cmd/flarectl@latest
-```
-
-# Usage
-
-You must authenticate with Cloudflare using either an API Token or API Key.
-
-To use an API Token, set the `CF_API_TOKEN` environment variable:
-
-```
-$ export CF_API_TOKEN=Abc123Xyz
-```
-
-To use an API Key, set the `CF_API_KEY` and `CF_API_EMAIL` environment variables:
-
-```
-$ export CF_API_KEY=abcdef1234567890
-$ export CF_API_EMAIL=someone@example.com
-```
-
-Once authenticated, you can run flarectl commands:
-
-```
-$ flarectl:
-
-   flarectl - Cloudflare CLI
-
-USAGE:
-   flarectl [global options] command [command options] [arguments...]
-   
-VERSION:
-   2017.10.0
-   
-COMMANDS:
-   ips, i                     Print Cloudflare IP ranges
-   user, u                    User information
-   zone, z                    Zone information
-   dns, d                     DNS records
-   user-agents, ua            User-Agent blocking
-   pagerules, p               Page Rules
-   railgun, r                 Railgun information
-   firewall, f                Firewall
-   origin-ca-root-cert, ocrc  Print Origin CA Root Certificate (in PEM format)
-   help, h                    Shows a list of commands or help for one command
-   
-GLOBAL OPTIONS:
-   --help, -h		show help
-   --version, -v	print the version
-   
-```
-
-## Examples
-
-## Block an IP via the IP Firewall
-
-```sh
-flarectl firewall rules create --zone="example.com" --value="8.8.8.8" --mode="block" --notes="Block bad actor"
-
-ID                               Value   Scope Mode  Notes
--------------------------------- ------- ----- ----- ----------------
-7bc6fa4569f78777039ef5ebd7b4cedd 8.8.8.8 zone  block Block bad actor
-```
-
-### List Firewall Rules
-
-```sh
-~ flarectl firewall rules list
-
-ID                               Value           Scope Mode      Notes 
--------------------------------- --------------- ----- --------- ----- 
-210173b610198c8ce3dfe39987e4df78 8.8.8.8         user  whitelist       
-36e86aebff4cb8cb2020e622c2ff2b90 8.8.4.4         user  whitelist       
-ba6bea6e646e2d453c394a41c6ab931a 45.55.2.6       user  whitelist       
-edff311e3f81b35e9cd64e4fa9d18465 45.55.2.5       user  whitelist       
-```
-
-### Challenge All Requests for a specific User-Agent
-
-```
-~ flarectl ua create --zone="example.com" --mode="challenge" --description="Challenge Chrome v61" --value="Mozilla/5.0 (Macintosh Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML like Gecko) Chrome/61.0.3163.100 Safari/537.36"
-
-ID                               Description          Mode      Value                                                                                                                 Paused 
--------------------------------- -------------------- --------- --------------------------------------------------------------------------------------------------------------------- ------ 
-a23b50de3c064a5a860e8b84cd2b382c Challenge Chrome v61 challenge Mozilla/5.0 (Macintosh Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML like Gecko) Chrome/61.0.3163.100 Safari/537.36 false  
-```
-
-### Add a DNS record
-
-```sh
-~ flarectl dns create --zone="example.com" --name="app" --type="CNAME" --content="myapp.herokuapp.com" --proxy
-
-ID                               Name                      Type  Content             TTL Proxiable Proxy
--------------------------------- ------------------------- ----- ------------------- --- --------- -----
-5c5d051f7944cf4715127270dd4d05f4 app.questionable.services CNAME myapp.herokuapp.com 1   true      true
-```
-
-## License
-
-BSD licensed. See the [LICENSE](LICENSE) file for details.
diff --git a/pkg/cloudflare-go/cmd/flarectl/dns.go b/pkg/cloudflare-go/cmd/flarectl/dns.go
deleted file mode 100644
index 84c57095d1..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/dns.go
+++ /dev/null
@@ -1,201 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/cloudflare/cloudflare-go"
-	"github.com/urfave/cli/v2"
-)
-
-func formatDNSRecord(record cloudflare.DNSRecord) []string {
-	return []string{
-		record.ID,
-		record.Name,
-		record.Type,
-		record.Content,
-		strconv.FormatInt(int64(record.TTL), 10),
-		strconv.FormatBool(record.Proxiable),
-		strconv.FormatBool(*record.Proxied),
-	}
-}
-
-func dnsCreate(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "name", "type", "content"); err != nil {
-		return err
-	}
-	zone := c.String("zone")
-	name := c.String("name")
-	rtype := c.String("type")
-	content := c.String("content")
-	ttl := c.Int("ttl")
-	proxy := c.Bool("proxy")
-	priority := uint16(c.Uint("priority"))
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	record := cloudflare.CreateDNSRecordParams{
-		Name:     name,
-		Type:     strings.ToUpper(rtype),
-		Content:  content,
-		TTL:      ttl,
-		Proxied:  &proxy,
-		Priority: &priority,
-	}
-	result, err := api.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), record)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error creating DNS record: ", err)
-		return err
-	}
-
-	output := [][]string{
-		formatDNSRecord(result),
-	}
-
-	writeTable(c, output, "ID", "Name", "Type", "Content", "TTL", "Proxiable", "Proxy")
-
-	return nil
-}
-
-func dnsCreateOrUpdate(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "name", "type", "content"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	zone := c.String("zone")
-	name := c.String("name")
-	rtype := strings.ToUpper(c.String("type"))
-	content := c.String("content")
-	ttl := c.Int("ttl")
-	proxy := c.Bool("proxy")
-	priority := uint16(c.Uint("priority"))
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error updating DNS record: ", err)
-		return err
-	}
-
-	records, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Name: name + "." + zone})
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error fetching DNS records: ", err)
-		return err
-	}
-
-	var result cloudflare.DNSRecord
-	if len(records) > 0 {
-		// Record exists - find the ID and update it.
-		// This is imprecise without knowing the original content; if a label
-		// has multiple RRs we'll just update the first one.
-		for _, r := range records {
-			if r.Type == rtype {
-				rr := cloudflare.UpdateDNSRecordParams{}
-				rr.ID = r.ID
-				rr.Type = r.Type
-				rr.Content = content
-				rr.TTL = ttl
-				rr.Proxied = &proxy
-				rr.Priority = &priority
-
-				result, err = api.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
-				if err != nil {
-					fmt.Println("Error updating DNS record:", err)
-					return err
-				}
-			}
-		}
-	} else {
-		// Record doesn't exist - create it
-		rr := cloudflare.CreateDNSRecordParams{
-			Name:     name,
-			Type:     rtype,
-			Content:  content,
-			TTL:      ttl,
-			Proxied:  &proxy,
-			Priority: &priority,
-		}
-
-		// TODO: Print the response.
-		result, err = api.CreateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
-		if err != nil {
-			fmt.Println("Error creating DNS record:", err)
-			return err
-		}
-	}
-
-	output := [][]string{
-		formatDNSRecord(result),
-	}
-
-	writeTable(c, output, "ID", "Name", "Type", "Content", "TTL", "Proxiable", "Proxy")
-
-	return nil
-}
-
-func dnsUpdate(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "id"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	zone := c.String("zone")
-	recordID := c.String("id")
-	name := c.String("name")
-	rtype := c.String("type")
-	content := c.String("content")
-	ttl := c.Int("ttl")
-	proxy := c.Bool("proxy")
-	priority := uint16(c.Uint("priority"))
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	record := cloudflare.UpdateDNSRecordParams{
-		ID:       recordID,
-		Name:     name,
-		Type:     strings.ToUpper(rtype),
-		Content:  content,
-		TTL:      ttl,
-		Proxied:  &proxy,
-		Priority: &priority,
-	}
-	_, err = api.UpdateDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), record)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error updating DNS record: ", err)
-		return err
-	}
-
-	return nil
-}
-
-func dnsDelete(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "id"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	zone := c.String("zone")
-	recordID := c.String("id")
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	err = api.DeleteDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), recordID)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error deleting DNS record: ", err)
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/firewall.go b/pkg/cloudflare-go/cmd/flarectl/firewall.go
deleted file mode 100644
index 8003ee78fe..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/firewall.go
+++ /dev/null
@@ -1,380 +0,0 @@
-package main
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-	"os"
-	"strconv"
-
-	"github.com/cloudflare/cloudflare-go"
-	"github.com/urfave/cli/v2"
-)
-
-func formatAccessRule(rule cloudflare.AccessRule) []string {
-	return []string{
-		rule.ID,
-		rule.Configuration.Value,
-		rule.Scope.Type,
-		rule.Mode,
-		rule.Notes,
-	}
-}
-
-func firewallAccessRules(c *cli.Context) error {
-	accountID, zoneID, err := getScope(c)
-	if err != nil {
-		return err
-	}
-
-	// Create an empty access rule for searching for rules
-	rule := cloudflare.AccessRule{
-		Configuration: getConfiguration(c),
-	}
-	if c.String("scope-type") != "" {
-		rule.Scope.Type = c.String("scope-type")
-	}
-	if c.String("notes") != "" {
-		rule.Notes = c.String("notes")
-	}
-	if c.String("mode") != "" {
-		rule.Mode = c.String("mode")
-	}
-
-	var response *cloudflare.AccessRuleListResponse
-	switch {
-	case accountID != "":
-		response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, 1)
-	case zoneID != "":
-		response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, 1)
-	default:
-		response, err = api.ListUserAccessRules(context.Background(), rule, 1)
-	}
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	totalPages := response.ResultInfo.TotalPages
-	rules := make([]cloudflare.AccessRule, 0, response.ResultInfo.Total)
-	rules = append(rules, response.Result...)
-	if totalPages > 1 {
-		for page := 2; page <= totalPages; page++ {
-			switch {
-			case accountID != "":
-				response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, page)
-			case zoneID != "":
-				response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, page)
-			default:
-				response, err = api.ListUserAccessRules(context.Background(), rule, page)
-			}
-			if err != nil {
-				fmt.Println(err)
-				return err
-			}
-			rules = append(rules, response.Result...)
-		}
-	}
-
-	output := make([][]string, 0, len(rules))
-	for _, rule := range rules {
-		output = append(output, formatAccessRule(rule))
-	}
-	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
-
-	return nil
-}
-
-func firewallAccessRuleCreate(c *cli.Context) error {
-	if err := checkFlags(c, "mode", "value"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	accountID, zoneID, err := getScope(c)
-	if err != nil {
-		return err
-	}
-	configuration := getConfiguration(c)
-	mode := c.String("mode")
-	notes := c.String("notes")
-
-	rule := cloudflare.AccessRule{
-		Configuration: configuration,
-		Mode:          mode,
-		Notes:         notes,
-	}
-
-	var (
-		rules []cloudflare.AccessRule
-	)
-
-	switch {
-	case accountID != "":
-		resp, err := api.CreateAccountAccessRule(context.Background(), accountID, rule)
-		if err != nil {
-			fmt.Fprintln(os.Stderr, "error creating account access rule: ", err)
-			return err
-		}
-		rules = append(rules, resp.Result)
-	case zoneID != "":
-		resp, err := api.CreateZoneAccessRule(context.Background(), zoneID, rule)
-		if err != nil {
-			fmt.Fprintln(os.Stderr, "error creating zone access rule: ", err)
-			return err
-		}
-		rules = append(rules, resp.Result)
-	default:
-		resp, err := api.CreateUserAccessRule(context.Background(), rule)
-		if err != nil {
-			fmt.Fprintln(os.Stderr, "error creating user access rule: ", err)
-			return err
-		}
-		rules = append(rules, resp.Result)
-	}
-
-	output := make([][]string, 0, len(rules))
-	for _, rule := range rules {
-		output = append(output, formatAccessRule(rule))
-	}
-	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
-
-	return nil
-}
-
-func firewallAccessRuleUpdate(c *cli.Context) error {
-	if err := checkFlags(c, "id"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	id := c.String("id")
-	accountID, zoneID, err := getScope(c)
-	if err != nil {
-		return err
-	}
-	mode := c.String("mode")
-	notes := c.String("notes")
-
-	rule := cloudflare.AccessRule{
-		Mode:  mode,
-		Notes: notes,
-	}
-
-	var (
-		rules       []cloudflare.AccessRule
-		errUpdating = "error updating firewall access rule"
-	)
-	switch {
-	case accountID != "":
-		resp, err := api.UpdateAccountAccessRule(context.Background(), accountID, id, rule)
-		if err != nil {
-			return fmt.Errorf(errUpdating+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	case zoneID != "":
-		resp, err := api.UpdateZoneAccessRule(context.Background(), zoneID, id, rule)
-		if err != nil {
-			return fmt.Errorf(errUpdating+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	default:
-		resp, err := api.UpdateUserAccessRule(context.Background(), id, rule)
-		if err != nil {
-			return fmt.Errorf(errUpdating+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	}
-
-	output := make([][]string, 0, len(rules))
-	for _, rule := range rules {
-		output = append(output, formatAccessRule(rule))
-	}
-	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
-
-	return nil
-}
-
-func firewallAccessRuleCreateOrUpdate(c *cli.Context) error {
-	if err := checkFlags(c, "mode", "value"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	accountID, zoneID, err := getScope(c)
-	if err != nil {
-		return err
-	}
-	configuration := getConfiguration(c)
-	mode := c.String("mode")
-	notes := c.String("notes")
-
-	// Look for an existing record
-	rule := cloudflare.AccessRule{
-		Configuration: configuration,
-	}
-	var response *cloudflare.AccessRuleListResponse
-	switch {
-	case accountID != "":
-		response, err = api.ListAccountAccessRules(context.Background(), accountID, rule, 1)
-	case zoneID != "":
-		response, err = api.ListZoneAccessRules(context.Background(), zoneID, rule, 1)
-	default:
-		response, err = api.ListUserAccessRules(context.Background(), rule, 1)
-	}
-	if err != nil {
-		fmt.Println("Error creating or updating firewall access rule:", err)
-		return err
-	}
-
-	rule.Mode = mode
-	rule.Notes = notes
-	if len(response.Result) > 0 {
-		for _, r := range response.Result {
-			if mode == "" {
-				rule.Mode = r.Mode
-			}
-			if notes == "" {
-				rule.Notes = r.Notes
-			}
-			switch {
-			case accountID != "":
-				_, err = api.UpdateAccountAccessRule(context.Background(), accountID, r.ID, rule)
-			case zoneID != "":
-				_, err = api.UpdateZoneAccessRule(context.Background(), zoneID, r.ID, rule)
-			default:
-				_, err = api.UpdateUserAccessRule(context.Background(), r.ID, rule)
-			}
-			if err != nil {
-				fmt.Println("Error updating firewall access rule:", err)
-			}
-		}
-	} else {
-		switch {
-		case accountID != "":
-			_, err = api.CreateAccountAccessRule(context.Background(), accountID, rule)
-		case zoneID != "":
-			_, err = api.CreateZoneAccessRule(context.Background(), zoneID, rule)
-		default:
-			_, err = api.CreateUserAccessRule(context.Background(), rule)
-		}
-		if err != nil {
-			fmt.Println("Error creating firewall access rule:", err)
-		}
-	}
-
-	return nil
-}
-
-func firewallAccessRuleDelete(c *cli.Context) error {
-	if err := checkFlags(c, "id"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-	ruleID := c.String("id")
-
-	accountID, zoneID, err := getScope(c)
-	if err != nil {
-		return err
-	}
-
-	var (
-		rules       []cloudflare.AccessRule
-		errDeleting = "error deleting firewall access rule"
-	)
-	switch {
-	case accountID != "":
-		resp, err := api.DeleteAccountAccessRule(context.Background(), accountID, ruleID)
-		if err != nil {
-			return fmt.Errorf(errDeleting+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	case zoneID != "":
-		resp, err := api.DeleteZoneAccessRule(context.Background(), zoneID, ruleID)
-		if err != nil {
-			return fmt.Errorf(errDeleting+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	default:
-		resp, err := api.DeleteUserAccessRule(context.Background(), ruleID)
-		if err != nil {
-			return fmt.Errorf(errDeleting+": %w", err)
-		}
-		rules = append(rules, resp.Result)
-	}
-	if err != nil {
-		fmt.Println("Error deleting firewall access rule:", err)
-	}
-
-	output := make([][]string, 0, len(rules))
-	for _, rule := range rules {
-		output = append(output, formatAccessRule(rule))
-	}
-	writeTable(c, output, "ID", "Value", "Scope", "Mode", "Notes")
-
-	return nil
-}
-
-func getScope(c *cli.Context) (string, string, error) {
-	var account, accountID string
-	if c.String("account") != "" {
-		account = c.String("account")
-		params := cloudflare.AccountsListParams{}
-		accounts, _, err := api.Accounts(context.Background(), params)
-		if err != nil {
-			fmt.Println(err)
-			return "", "", err
-		}
-		for _, acc := range accounts {
-			if acc.Name == account {
-				accountID = acc.ID
-				break
-			}
-		}
-		if accountID == "" {
-			err := errors.New("account could not be found")
-			fmt.Println(err)
-			return "", "", err
-		}
-	}
-
-	var zone, zoneID string
-	if c.String("zone") != "" {
-		zone = c.String("zone")
-		id, err := api.ZoneIDByName(zone)
-		if err != nil {
-			fmt.Println(err)
-			return "", "", err
-		}
-		zoneID = id
-	}
-
-	if zoneID != "" && accountID != "" {
-		err := errors.New("Cannot specify both --zone and --account")
-		fmt.Println(err)
-		return "", "", err
-	}
-
-	return accountID, zoneID, nil
-}
-
-func getConfiguration(c *cli.Context) cloudflare.AccessRuleConfiguration {
-	configuration := cloudflare.AccessRuleConfiguration{}
-	if c.String("value") != "" {
-		ip := net.ParseIP(c.String("value"))
-		_, cidr, cidrErr := net.ParseCIDR(c.String("value"))
-		_, asnErr := strconv.ParseInt(c.String("value"), 10, 32)
-		if ip != nil {
-			configuration.Target = "ip"
-			configuration.Value = ip.String()
-		} else if cidrErr == nil {
-			cidr.IP = cidr.IP.Mask(cidr.Mask)
-			configuration.Target = "ip_range"
-			configuration.Value = cidr.String()
-		} else if asnErr == nil {
-			configuration.Target = "asn"
-			configuration.Value = c.String("value")
-		} else {
-			configuration.Target = "country"
-			configuration.Value = c.String("value")
-		}
-	}
-	return configuration
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/flarectl.go b/pkg/cloudflare-go/cmd/flarectl/flarectl.go
deleted file mode 100644
index 5cec7e3963..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/flarectl.go
+++ /dev/null
@@ -1,720 +0,0 @@
-package main
-
-import (
-	"os"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-	"github.com/urfave/cli/v2"
-)
-
-var (
-	version = "dev"     //nolint
-	commit  = "none"    //nolint
-	date    = "unknown" //nolint
-	builtBy = "unknown" //nolint
-)
-
-var api *cloudflare.API
-
-func main() {
-	app := cli.NewApp()
-	app.Name = "flarectl"
-	app.Usage = "Cloudflare CLI"
-	app.Version = version
-	app.Flags = []cli.Flag{
-		&cli.StringFlag{
-			Name:    "account-id",
-			Usage:   "Optional account ID",
-			Value:   "",
-			EnvVars: []string{"CF_ACCOUNT_ID"},
-		},
-		&cli.BoolFlag{
-			Name:  "json",
-			Usage: "show output as JSON instead of as a table",
-		},
-	}
-	app.Commands = []*cli.Command{
-		{
-			Name:    "ips",
-			Aliases: []string{"i"},
-			Action:  ips,
-			Usage:   "Print Cloudflare IP ranges",
-			Flags: []cli.Flag{
-				&cli.StringFlag{
-					Name:  "ip-type",
-					Usage: "type of IPs ( ipv4 | ipv6 | all )",
-					Value: "all",
-				},
-				&cli.BoolFlag{
-					Name:  "ip-only",
-					Usage: "show only addresses",
-				},
-			},
-		},
-		{
-			Name:    "user",
-			Aliases: []string{"u"},
-			Usage:   "User information",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "info",
-					Aliases: []string{"i"},
-					Action:  userInfo,
-					Usage:   "User details",
-				},
-				{
-					Name:    "update",
-					Aliases: []string{"u"},
-					Action:  userUpdate,
-					Usage:   "Update user details",
-				},
-			},
-		},
-
-		{
-			Name:    "zone",
-			Aliases: []string{"z"},
-			Usage:   "Zone information",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "list",
-					Aliases: []string{"l"},
-					Action:  zoneList,
-					Usage:   "List all zones on an account",
-				},
-				{
-					Name:    "create",
-					Aliases: []string{"c"},
-					Action:  zoneCreate,
-					Usage:   "Create a new zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.BoolFlag{
-							Name:  "jumpstart",
-							Usage: "automatically fetch DNS records",
-						},
-						&cli.StringFlag{
-							Name:  "account-id",
-							Usage: "account ID",
-						},
-					},
-				},
-				{
-					Name:   "delete",
-					Action: zoneDelete,
-					Usage:  "Delete a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-				{
-					Name:   "check",
-					Action: zoneCheck,
-					Usage:  "Initiate a zone activation check",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-				{
-					Name:    "info",
-					Aliases: []string{"i"},
-					Action:  zoneInfo,
-					Usage:   "Information on one zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-				{
-					Name:    "lockdown",
-					Aliases: []string{"lo"},
-					Action:  zoneCreateLockdown,
-					Usage:   "Lockdown a zone based on config",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringSliceFlag{
-							Name:  "urls",
-							Usage: "a list of [exact] URLs to lockdown",
-						},
-						&cli.StringSliceFlag{
-							Name:  "targets",
-							Usage: "a list of targets type",
-						},
-						&cli.StringSliceFlag{
-							Name:  "values",
-							Usage: "a list of values such as ip, ip_range etc.",
-						},
-					},
-				},
-				{
-					Name:    "plan",
-					Aliases: []string{"p"},
-					Action:  zonePlan,
-					Usage:   "Plan information for one zone",
-				},
-				{
-					Name:    "settings",
-					Aliases: []string{"s"},
-					Action:  zoneSettings,
-					Usage:   "Settings for one zone",
-				},
-				{
-					Name:   "purge",
-					Action: zoneCachePurge,
-					Usage:  "(Selectively) Purge the cache for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.BoolFlag{
-							Name:  "everything",
-							Usage: "purge everything from cache for the zone",
-						},
-						&cli.StringSliceFlag{
-							Name:  "hosts",
-							Usage: "a list of hostnames to purge the cache for",
-						},
-						&cli.StringSliceFlag{
-							Name:  "tags",
-							Usage: "the cache tags to purge (Enterprise only)",
-						},
-						&cli.StringSliceFlag{
-							Name:  "files",
-							Usage: "a list of [exact] URLs to purge",
-						},
-						&cli.StringSliceFlag{
-							Name:  "prefixes",
-							Usage: "a list of host/path prefixes to purge",
-						},
-					},
-				},
-				{
-					Name:    "dns",
-					Aliases: []string{"d"},
-					Action:  zoneRecords,
-					Usage:   "DNS records for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-				{
-					Name:    "railgun",
-					Aliases: []string{"r"},
-					Action:  zoneRailgun,
-					Usage:   "Railguns for a zone",
-				},
-				{
-					Name:    "certs",
-					Aliases: []string{"ct"},
-					Action:  zoneCerts,
-					Usage:   "Custom SSL certificates for a zone",
-				},
-				{
-					Name:    "keyless",
-					Aliases: []string{"k"},
-					Action:  zoneKeyless,
-					Usage:   "Keyless SSL for a zone",
-				},
-				{
-					Name:    "export",
-					Aliases: []string{"x"},
-					Action:  zoneExport,
-					Usage:   "Export DNS records for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-			},
-		},
-
-		{
-			Name:    "dns",
-			Aliases: []string{"d"},
-			Usage:   "DNS records",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "list",
-					Aliases: []string{"l"},
-					Action:  zoneRecords,
-					Usage:   "List DNS records for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "id",
-							Usage: "record id",
-						},
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "type",
-							Usage: "record type",
-						},
-						&cli.StringFlag{
-							Name:  "name",
-							Usage: "record name",
-						},
-						&cli.StringFlag{
-							Name:  "content",
-							Usage: "record content",
-						},
-					},
-				},
-				{
-					Name:    "create",
-					Aliases: []string{"c"},
-					Action:  dnsCreate,
-					Usage:   "Create a DNS record",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "name",
-							Usage: "record name",
-						},
-						&cli.StringFlag{
-							Name:  "type",
-							Usage: "record type",
-						},
-						&cli.StringFlag{
-							Name:  "content",
-							Usage: "record content",
-						},
-						&cli.IntFlag{
-							Name:  "ttl",
-							Usage: "TTL (1 = automatic)",
-							Value: 1,
-						},
-						&cli.BoolFlag{
-							Name:  "proxy",
-							Usage: "proxy through Cloudflare (orange cloud)",
-						},
-						&cli.UintFlag{
-							Name:  "priority",
-							Usage: "priority for an MX record. Only used for MX",
-						},
-					},
-				},
-				{
-					Name:    "update",
-					Aliases: []string{"u"},
-					Action:  dnsUpdate,
-					Usage:   "Update a DNS record",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "id",
-							Usage: "record id",
-						},
-						&cli.StringFlag{
-							Name:  "name",
-							Usage: "record name",
-						},
-						&cli.StringFlag{
-							Name:  "content",
-							Usage: "record content",
-						},
-						&cli.StringFlag{
-							Name:  "type",
-							Usage: "record type",
-						},
-						&cli.IntFlag{
-							Name:  "ttl",
-							Usage: "TTL (1 = automatic)",
-							Value: 1,
-						},
-						&cli.BoolFlag{
-							Name:  "proxy",
-							Usage: "proxy through Cloudflare (orange cloud)",
-						},
-						&cli.UintFlag{
-							Name:  "priority",
-							Usage: "priority for an MX record. Only used for MX",
-						},
-					},
-				},
-				{
-					Name:    "create-or-update",
-					Aliases: []string{"o"},
-					Action:  dnsCreateOrUpdate,
-					Usage:   "Create a DNS record, or update if it exists",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "name",
-							Usage: "record name",
-						},
-						&cli.StringFlag{
-							Name:  "content",
-							Usage: "record content",
-						},
-						&cli.StringFlag{
-							Name:  "type",
-							Usage: "record type",
-						},
-						&cli.IntFlag{
-							Name:  "ttl",
-							Usage: "TTL (1 = automatic)",
-							Value: 1,
-						},
-						&cli.BoolFlag{
-							Name:  "proxy",
-							Usage: "proxy through Cloudflare (orange cloud)",
-						},
-						&cli.UintFlag{
-							Name:  "priority",
-							Usage: "priority for an MX record. Only used for MX",
-						},
-					},
-				},
-				{
-					Name:    "delete",
-					Aliases: []string{"d"},
-					Action:  dnsDelete,
-					Usage:   "Delete a DNS record",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "id",
-							Usage: "record id",
-						},
-					},
-				},
-			},
-		},
-		{
-			Name:    "user-agents",
-			Aliases: []string{"ua"},
-			Usage:   "User-Agent blocking",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "list",
-					Aliases: []string{"l"},
-					Action:  userAgentList,
-					Usage:   "List User-Agent blocks for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.IntFlag{
-							Name:  "page",
-							Usage: "result page to return",
-						},
-					},
-				},
-				{
-					Name:    "create",
-					Aliases: []string{"c"},
-					Action:  userAgentCreate,
-					Usage:   "Create a User-Agent blocking rule",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "mode",
-							Usage: "the blocking mode: block, challenge, js_challenge, whitelist",
-						},
-						&cli.StringFlag{
-							Name:  "value",
-							Usage: "the exact User-Agent to block",
-						},
-						&cli.BoolFlag{
-							Name:  "paused",
-							Usage: "whether the rule should be paused (default: false)",
-						},
-						&cli.StringFlag{
-							Name:  "description",
-							Usage: "a description for the rule",
-						},
-					},
-				},
-				{
-					Name:    "update",
-					Aliases: []string{"u"},
-					Action:  userAgentUpdate,
-					Usage:   "Update an existing User-Agent block",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "id",
-							Usage: "User-Agent blocking rule ID",
-						},
-						&cli.StringFlag{
-							Name:  "mode",
-							Usage: "the blocking mode: block, challenge, js_challenge, whitelist",
-						},
-						&cli.StringFlag{
-							Name:  "value",
-							Usage: "the exact User-Agent to block",
-						},
-						&cli.BoolFlag{
-							Name:  "paused",
-							Usage: "whether the rule should be paused (default: false)",
-						},
-						&cli.StringFlag{
-							Name:  "description",
-							Usage: "a description for the rule",
-						},
-					},
-				},
-				{
-					Name:    "delete",
-					Aliases: []string{"d"},
-					Action:  userAgentDelete,
-					Usage:   "Delete a User-Agent block",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-						&cli.StringFlag{
-							Name:  "id",
-							Usage: "User-Agent blocking rule ID",
-						},
-					},
-				},
-			},
-		},
-		{
-			Name:    "pagerules",
-			Aliases: []string{"p"},
-			Usage:   "Page Rules",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "list",
-					Aliases: []string{"l"},
-					Action:  pageRules,
-					Usage:   "List Page Rules for a zone",
-					Flags: []cli.Flag{
-						&cli.StringFlag{
-							Name:  "zone",
-							Usage: "zone name",
-						},
-					},
-				},
-			},
-		},
-
-		{
-			Name:    "railgun",
-			Aliases: []string{"r"},
-			Usage:   "Railgun information",
-			Before:  initializeAPI,
-			Action:  railgun,
-		},
-
-		{
-			Name:    "firewall",
-			Aliases: []string{"f"},
-			Usage:   "Firewall",
-			Before:  initializeAPI,
-			Subcommands: []*cli.Command{
-				{
-					Name:    "rules",
-					Aliases: []string{"r"},
-					Usage:   "Access Rules",
-					Subcommands: []*cli.Command{
-						{
-							Name:    "list",
-							Aliases: []string{"l"},
-							Action:  firewallAccessRules,
-							Usage:   "List firewall access rules",
-							Flags: []cli.Flag{
-								&cli.StringFlag{
-									Name:  "zone",
-									Usage: "zone name",
-								},
-								&cli.StringFlag{
-									Name:  "account",
-									Usage: "account name",
-								},
-								&cli.StringFlag{
-									Name:  "value",
-									Usage: "rule value",
-								},
-								&cli.StringFlag{
-									Name:  "scope-type",
-									Usage: "rule scope",
-								},
-
-								&cli.StringFlag{
-									Name:  "mode",
-									Usage: "rule mode",
-								},
-								&cli.StringFlag{
-									Name:  "notes",
-									Usage: "rule notes",
-								},
-							},
-						},
-						{
-							Name:    "create",
-							Aliases: []string{"c"},
-							Action:  firewallAccessRuleCreate,
-							Usage:   "Create a firewall access rule",
-							Flags: []cli.Flag{
-								&cli.StringFlag{
-									Name:  "zone",
-									Usage: "zone name",
-								},
-								&cli.StringFlag{
-									Name:  "account",
-									Usage: "account name",
-								},
-								&cli.StringFlag{
-									Name:  "value",
-									Usage: "rule value",
-								},
-								&cli.StringFlag{
-									Name:  "mode",
-									Usage: "rule mode",
-								},
-								&cli.StringFlag{
-									Name:  "notes",
-									Usage: "rule notes",
-								},
-							},
-						},
-						{
-							Name:    "update",
-							Aliases: []string{"u"},
-							Action:  firewallAccessRuleUpdate,
-							Usage:   "Update a firewall access rule",
-							Flags: []cli.Flag{
-								&cli.StringFlag{
-									Name:  "id",
-									Usage: "rule id",
-								},
-								&cli.StringFlag{
-									Name:  "zone",
-									Usage: "zone name",
-								},
-								&cli.StringFlag{
-									Name:  "account",
-									Usage: "account name",
-								},
-								&cli.StringFlag{
-									Name:  "mode",
-									Usage: "rule mode",
-								},
-								&cli.StringFlag{
-									Name:  "notes",
-									Usage: "rule notes",
-								},
-							},
-						},
-						{
-							Name:    "create-or-update",
-							Aliases: []string{"o"},
-							Action:  firewallAccessRuleCreateOrUpdate,
-							Usage:   "Create a firewall access rule, or update it if it exists",
-							Flags: []cli.Flag{
-								&cli.StringFlag{
-									Name:  "zone",
-									Usage: "zone name",
-								},
-								&cli.StringFlag{
-									Name:  "account",
-									Usage: "account name",
-								},
-								&cli.StringFlag{
-									Name:  "value",
-									Usage: "rule value",
-								},
-								&cli.StringFlag{
-									Name:  "mode",
-									Usage: "rule mode",
-								},
-								&cli.StringFlag{
-									Name:  "notes",
-									Usage: "rule notes",
-								},
-							},
-						},
-						{
-							Name:    "delete",
-							Aliases: []string{"d"},
-							Action:  firewallAccessRuleDelete,
-							Usage:   "Delete a firewall access rule",
-							Flags: []cli.Flag{
-								&cli.StringFlag{
-									Name:  "id",
-									Usage: "rule id",
-								},
-								&cli.StringFlag{
-									Name:  "zone",
-									Usage: "zone name",
-								},
-								&cli.StringFlag{
-									Name:  "account",
-									Usage: "account name",
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			Name:    "origin-ca-root-cert",
-			Aliases: []string{"ocrc"},
-			Action:  originCARootCertificate,
-			Usage:   "Print Origin CA Root Certificate (in PEM format)",
-			Flags: []cli.Flag{
-				&cli.StringFlag{
-					Name:     "algorithm",
-					Usage:    "certificate algorithm ( ecc | rsa )",
-					Required: true,
-				},
-			},
-		},
-	}
-	err := app.Run(os.Args)
-	if err != nil {
-		os.Exit(1)
-	}
-	os.Exit(0)
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/misc.go b/pkg/cloudflare-go/cmd/flarectl/misc.go
deleted file mode 100644
index d6d4357c33..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/misc.go
+++ /dev/null
@@ -1,213 +0,0 @@
-package main
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"os"
-	"strings"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-	"github.com/goccy/go-json"
-	"github.com/olekukonko/tablewriter"
-	"github.com/urfave/cli/v2"
-)
-
-func initializeAPI(c *cli.Context) error {
-	apiToken := os.Getenv("CF_API_TOKEN")
-	apiKey := os.Getenv("CF_API_KEY")
-	apiEmail := os.Getenv("CF_API_EMAIL")
-
-	// Be aware the following code sets the global package `api` variable
-	var err error
-
-	if apiToken != "" {
-		api, err = cloudflare.NewWithAPIToken(apiToken)
-	} else {
-		if apiKey == "" {
-			err := errors.New("No CF_API_KEY or CF_API_TOKEN environment set")
-			fmt.Fprintln(os.Stderr, err)
-			return err
-		}
-
-		if apiEmail == "" {
-			err := errors.New("No CF_API_EMAIL environment set")
-			fmt.Fprintln(os.Stderr, err)
-			return err
-		}
-
-		api, err = cloudflare.New(apiKey, apiEmail)
-	}
-
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "cloudflare api: %s", err)
-		return err
-	}
-
-	return nil
-}
-
-// writeTableTabular outputs tabular data to STDOUT.
-func writeTableTabular(data [][]string, cols ...string) {
-	table := tablewriter.NewWriter(os.Stdout)
-	table.SetHeader(cols)
-	table.SetBorder(false)
-	table.AppendBulk(data)
-
-	table.Render()
-}
-
-// writeTableJSON outputs JSON data to STDOUT.
-func writeTableJSON(data [][]string, cols ...string) {
-	mappedData := make([]map[string]string, 0)
-	for i := range data {
-		rowData := make(map[string]string)
-		for j := range data[i] {
-			rowData[cols[j]] = data[i][j]
-		}
-		mappedData = append(mappedData, rowData)
-	}
-	jsonData, err := json.Marshal(mappedData)
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-	fmt.Println(string(jsonData))
-}
-
-// writeTable outputs JSON or tabular data to STDOUT.
-func writeTable(c *cli.Context, data [][]string, cols ...string) {
-	if c.Bool("json") {
-		writeTableJSON(data, cols...)
-	} else {
-		writeTableTabular(data, cols...)
-	}
-}
-
-// Utility function to check if CLI flags were given.
-func checkFlags(c *cli.Context, flags ...string) error {
-	for _, flag := range flags {
-		if c.String(flag) == "" {
-			cli.ShowSubcommandHelp(c) // nolint
-			err := fmt.Errorf("error: the required flag %q was empty or not provided", flag)
-			fmt.Fprintln(os.Stderr, err)
-			return err
-		}
-	}
-
-	return nil
-}
-
-func ips(c *cli.Context) error {
-	if c.String("ip-type") == "all" {
-		_getIps("ipv4", c.Bool("ip-only"))
-		_getIps("ipv6", c.Bool("ip-only"))
-	} else {
-		_getIps(c.String("ip-type"), c.Bool("ip-only"))
-	}
-
-	return nil
-}
-
-func _getIps(ipType string, showMsgType bool) {
-	ips, _ := cloudflare.IPs()
-
-	switch ipType {
-	case "ipv4":
-		if showMsgType {
-			fmt.Println("IPv4 ranges:")
-		}
-		for _, r := range ips.IPv4CIDRs {
-			fmt.Println(" ", r)
-		}
-	case "ipv6":
-		if showMsgType {
-			fmt.Println("IPv6 ranges:")
-		}
-		for _, r := range ips.IPv6CIDRs {
-			fmt.Println(" ", r)
-		}
-	}
-}
-
-func userInfo(c *cli.Context) error {
-	user, err := api.UserDetails(context.Background())
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	var output [][]string
-	output = append(output, []string{
-		user.ID,
-		user.Email,
-		user.Username,
-		user.FirstName + " " + user.LastName,
-		fmt.Sprintf("%t", user.TwoFA),
-	})
-	writeTable(c, output, "ID", "Email", "Username", "Name", "2FA")
-
-	return nil
-}
-
-func userUpdate(*cli.Context) error {
-	return nil
-}
-
-func pageRules(c *cli.Context) error {
-	if err := checkFlags(c, "zone"); err != nil {
-		return err
-	}
-	zone := c.String("zone")
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	rules, err := api.ListPageRules(context.Background(), zoneID)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	fmt.Printf("%3s %-32s %-8s %s\n", "Pri", "ID", "Status", "URL")
-	for _, r := range rules {
-		var settings []string
-		fmt.Printf("%3d %s %-8s %s\n", r.Priority, r.ID, r.Status, r.Targets[0].Constraint.Value)
-		for _, a := range r.Actions {
-			var s string
-			switch v := a.Value.(type) {
-			case int:
-				s = fmt.Sprintf("%s: %d", cloudflare.PageRuleActions[a.ID], v)
-			case float64:
-				s = fmt.Sprintf("%s: %.f", cloudflare.PageRuleActions[a.ID], v)
-			case map[string]interface{}:
-				s = fmt.Sprintf("%s: %.f - %s", cloudflare.PageRuleActions[a.ID], v["status_code"], v["url"])
-			case nil:
-				s = cloudflare.PageRuleActions[a.ID]
-			default:
-				vs := fmt.Sprintf("%s", v)
-				s = fmt.Sprintf("%s: %s", cloudflare.PageRuleActions[a.ID], strings.Title(strings.Replace(vs, "_", " ", -1)))
-			}
-			settings = append(settings, s)
-		}
-		fmt.Println("   ", strings.Join(settings, ", "))
-	}
-
-	return nil
-}
-
-func originCARootCertificate(c *cli.Context) error {
-	cert, err := cloudflare.GetOriginCARootCertificate(c.String("algorithm"))
-	if err != nil {
-		return err
-	}
-
-	fmt.Println(string(cert[:]))
-	return nil
-}
-
-func railgun(*cli.Context) error {
-	return nil
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/user_agent.go b/pkg/cloudflare-go/cmd/flarectl/user_agent.go
deleted file mode 100644
index a00bb40d99..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/user_agent.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"strconv"
-
-	"github.com/cloudflare/cloudflare-go"
-	"github.com/urfave/cli/v2"
-)
-
-func formatUserAgentRule(rule cloudflare.UserAgentRule) []string {
-	return []string{
-		rule.ID,
-		rule.Description,
-		rule.Mode,
-		rule.Configuration.Value,
-		strconv.FormatBool(rule.Paused),
-	}
-}
-
-func userAgentCreate(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "mode", "value"); err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	userAgentRule := cloudflare.UserAgentRule{
-		Description: c.String("description"),
-		Mode:        c.String("mode"),
-		Paused:      c.Bool("paused"),
-		Configuration: cloudflare.UserAgentRuleConfig{
-			Target: "ua",
-			Value:  c.String("value"),
-		},
-	}
-
-	resp, err := api.CreateUserAgentRule(context.Background(), zoneID, userAgentRule)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error creating User-Agent block rule: ", err)
-		return err
-	}
-
-	output := [][]string{
-		formatUserAgentRule(resp.Result),
-	}
-
-	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
-
-	return nil
-}
-
-func userAgentUpdate(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "id", "mode", "value"); err != nil {
-		return err
-	}
-
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return err
-	}
-
-	userAgentRule := cloudflare.UserAgentRule{
-		Description: c.String("description"),
-		Mode:        c.String("mode"),
-		Paused:      c.Bool("paused"),
-		Configuration: cloudflare.UserAgentRuleConfig{
-			Target: "ua",
-			Value:  c.String("value"),
-		},
-	}
-
-	resp, err := api.UpdateUserAgentRule(context.Background(), zoneID, c.String("id"), userAgentRule)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error updating User-Agent block rule: ", err)
-		return err
-	}
-
-	output := [][]string{
-		formatUserAgentRule(resp.Result),
-	}
-
-	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
-
-	return nil
-}
-
-func userAgentDelete(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "id"); err != nil {
-		return err
-	}
-
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return err
-	}
-
-	resp, err := api.DeleteUserAgentRule(context.Background(), zoneID, c.String("id"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error deleting User-Agent block rule: ", err)
-		return err
-	}
-
-	output := [][]string{
-		formatUserAgentRule(resp.Result),
-	}
-
-	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
-
-	return nil
-}
-
-func userAgentList(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "page"); err != nil {
-		return err
-	}
-
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return err
-	}
-
-	resp, err := api.ListUserAgentRules(context.Background(), zoneID, c.Int("page"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error listing User-Agent block rules: ", err)
-		return err
-	}
-
-	output := make([][]string, 0, len(resp.Result))
-	for _, rule := range resp.Result {
-		output = append(output, formatUserAgentRule(rule))
-	}
-
-	writeTable(c, output, "ID", "Description", "Mode", "Value", "Paused")
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/cmd/flarectl/zone.go b/pkg/cloudflare-go/cmd/flarectl/zone.go
deleted file mode 100644
index 5ab4e24b43..0000000000
--- a/pkg/cloudflare-go/cmd/flarectl/zone.go
+++ /dev/null
@@ -1,367 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"strconv"
-	"strings"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-	"github.com/urfave/cli/v2"
-)
-
-func zoneCerts(*cli.Context) error {
-	return nil
-}
-
-func zoneKeyless(*cli.Context) error {
-	return nil
-}
-
-func zoneRailgun(*cli.Context) error {
-	return nil
-}
-
-func zoneCreate(c *cli.Context) error {
-	if err := checkFlags(c, "zone"); err != nil {
-		return err
-	}
-	zone := c.String("zone")
-	jumpstart := c.Bool("jumpstart")
-	accountID := c.String("account-id")
-	zoneType := c.String("type")
-	var account cloudflare.Account
-	if accountID != "" {
-		account.ID = accountID
-	}
-
-	if zoneType != "partial" {
-		zoneType = "full"
-	}
-
-	_, err := api.CreateZone(context.Background(), zone, jumpstart, account, zoneType)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error()+"\n")
-		return err
-	}
-
-	return nil
-}
-
-func zoneCheck(c *cli.Context) error {
-	if err := checkFlags(c, "zone"); err != nil {
-		return err
-	}
-	zone := c.String("zone")
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	res, err := api.ZoneActivationCheck(context.Background(), zoneID)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	fmt.Printf("%s\n", res.Messages[0].Message)
-
-	return nil
-}
-
-func zoneList(c *cli.Context) error {
-	zones, err := api.ListZones(context.Background())
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	output := make([][]string, 0, len(zones))
-	for _, z := range zones {
-		output = append(output, []string{
-			z.ID,
-			z.Name,
-			z.Plan.Name,
-			z.Status,
-		})
-	}
-	writeTable(c, output, "ID", "Name", "Plan", "Status")
-
-	return nil
-}
-
-func zoneDelete(c *cli.Context) error {
-	if err := checkFlags(c, "zone"); err != nil {
-		return err
-	}
-
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return err
-	}
-
-	_, err = api.DeleteZone(context.Background(), zoneID)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, err.Error()+"\n")
-		return err
-	}
-
-	return nil
-}
-
-func zoneCreateLockdown(c *cli.Context) error {
-	if err := checkFlags(c, "zone", "urls", "targets", "values"); err != nil {
-		return err
-	}
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	targets := c.StringSlice("targets")
-	values := c.StringSlice("values")
-	if len(targets) != len(values) {
-		cli.ShowCommandHelp(c, "targets and values does not match") //nolint
-		return nil
-	}
-	var zonelockdownconfigs = []cloudflare.ZoneLockdownConfig{}
-	for index := 0; index < len(targets); index++ {
-		zonelockdownconfigs = append(zonelockdownconfigs, cloudflare.ZoneLockdownConfig{
-			Target: c.StringSlice("targets")[index],
-			Value:  c.StringSlice("values")[index],
-		})
-	}
-	params := cloudflare.ZoneLockdownCreateParams{
-		Description:    c.String("description"),
-		URLs:           c.StringSlice("urls"),
-		Configurations: zonelockdownconfigs,
-	}
-
-	resp, err := api.CreateZoneLockdown(context.Background(), cloudflare.ZoneIdentifier(zoneID), params)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, "Error creating ZONE lock down: ", err)
-		return err
-	}
-
-	output := make([][]string, 0, 1)
-
-	format := []string{
-		resp.ID,
-	}
-
-	output = append(output, format)
-
-	writeTable(c, output, "ID")
-
-	return nil
-}
-
-func zoneInfo(c *cli.Context) error {
-	var zone string
-	if c.NArg() > 0 {
-		zone = c.Args().First()
-	} else if c.String("zone") != "" {
-		zone = c.String("zone")
-	} else {
-		cli.ShowSubcommandHelp(c) //nolint
-		return nil
-	}
-	zones, err := api.ListZones(context.Background(), zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	output := make([][]string, 0, len(zones))
-	for _, z := range zones {
-		var nameservers []string
-		if len(z.VanityNS) > 0 {
-			nameservers = z.VanityNS
-		} else {
-			nameservers = z.NameServers
-		}
-		output = append(output, []string{
-			z.ID,
-			z.Name,
-			z.Plan.Name,
-			z.Status,
-			strings.Join(nameservers, ", "),
-			fmt.Sprintf("%t", z.Paused),
-			z.Type,
-		})
-	}
-	writeTable(c, output, "ID", "Zone", "Plan", "Status", "Name Servers", "Paused", "Type")
-
-	return nil
-}
-
-func zonePlan(*cli.Context) error {
-	return nil
-}
-
-func zoneSettings(*cli.Context) error {
-	return nil
-}
-
-func zoneCachePurge(c *cli.Context) error {
-	if err := checkFlags(c, "zone"); err != nil {
-		cli.ShowSubcommandHelp(c) //nolint
-		return err
-	}
-
-	zoneName := c.String("zone")
-	zoneID, err := api.ZoneIDByName(c.String("zone"))
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return err
-	}
-
-	var resp cloudflare.PurgeCacheResponse
-
-	// Purge everything
-	if c.Bool("everything") {
-		resp, err = api.PurgeEverything(context.Background(), zoneID)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Error purging all from zone %q: %s\n", zoneName, err)
-			return err
-		}
-	} else {
-		var (
-			files    = c.StringSlice("files")
-			tags     = c.StringSlice("tags")
-			hosts    = c.StringSlice("hosts")
-			prefixes = c.StringSlice("prefixes")
-		)
-
-		if len(files) == 0 && len(tags) == 0 && len(hosts) == 0 && len(prefixes) == 0 {
-			fmt.Fprintln(os.Stderr, "You must provide at least one of the --files, --tags, --prefixes or --hosts flags")
-			return nil
-		}
-
-		// Purge selectively
-		purgeReq := cloudflare.PurgeCacheRequest{
-			Files:    c.StringSlice("files"),
-			Tags:     c.StringSlice("tags"),
-			Hosts:    c.StringSlice("hosts"),
-			Prefixes: c.StringSlice("prefixes"),
-		}
-
-		resp, err = api.PurgeCache(context.Background(), zoneID, purgeReq)
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "Error purging the cache from zone %q: %s\n", zoneName, err)
-			return err
-		}
-	}
-
-	output := make([][]string, 0, 1)
-	output = append(output, formatCacheResponse(resp))
-
-	writeTable(c, output, "ID")
-
-	return nil
-}
-
-func zoneRecords(c *cli.Context) error {
-	var zone string
-	if c.NArg() > 0 {
-		zone = c.Args().First()
-	} else if c.String("zone") != "" {
-		zone = c.String("zone")
-	} else {
-		cli.ShowSubcommandHelp(c) //nolint
-		return nil
-	}
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	// Create an empty record for searching for records
-	rr := cloudflare.ListDNSRecordsParams{}
-	var records []cloudflare.DNSRecord
-	if c.String("id") != "" {
-		rec, err := api.GetDNSRecord(context.Background(), cloudflare.ZoneIdentifier(zoneID), c.String("id"))
-		if err != nil {
-			fmt.Println(err)
-			return err
-		}
-		records = append(records, rec)
-	} else {
-		if c.String("type") != "" {
-			rr.Type = c.String("type")
-		}
-		if c.String("name") != "" {
-			rr.Name = c.String("name")
-		}
-		if c.String("content") != "" {
-			rr.Content = c.String("content")
-		}
-		var err error
-		records, _, err = api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), rr)
-		if err != nil {
-			fmt.Println(err)
-			return err
-		}
-	}
-	output := make([][]string, 0, len(records))
-	for _, r := range records {
-		switch r.Type {
-		case "MX":
-			r.Content = fmt.Sprintf("%d %s", *r.Priority, r.Content)
-		case "SRV":
-			dp := r.Data.(map[string]interface{})
-			r.Content = fmt.Sprintf("%.f %s", dp["priority"], r.Content)
-			// Cloudflare's API, annoyingly, automatically prepends the weight
-			// and port into content, separated by tabs.
-			// XXX: File this as a bug. LOC doesn't do this.
-			r.Content = strings.Replace(r.Content, "\t", " ", -1)
-		}
-		output = append(output, []string{
-			r.ID,
-			r.Type,
-			r.Name,
-			r.Content,
-			strconv.FormatBool(*r.Proxied),
-			fmt.Sprintf("%d", r.TTL),
-		})
-	}
-	writeTable(c, output, "ID", "Type", "Name", "Content", "Proxied", "TTL")
-
-	return nil
-}
-
-func formatCacheResponse(resp cloudflare.PurgeCacheResponse) []string {
-	return []string{
-		resp.Result.ID,
-	}
-}
-
-func zoneExport(c *cli.Context) error {
-	var zone string
-	if c.NArg() > 0 {
-		zone = c.Args().First()
-	} else if c.String("zone") != "" {
-		zone = c.String("zone")
-	} else {
-		cli.ShowSubcommandHelp(c) //nolint
-		return nil
-	}
-
-	zoneID, err := api.ZoneIDByName(zone)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	res, err := api.ZoneExport(context.Background(), zoneID)
-	if err != nil {
-		fmt.Println(err)
-		return err
-	}
-	fmt.Print(res)
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/consts.go b/pkg/cloudflare-go/consts.go
deleted file mode 100644
index 668ddc3152..0000000000
--- a/pkg/cloudflare-go/consts.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package cloudflare
-
-// RouteRoot represents the name of the route namespace.
-type RouteRoot string
-
-const (
-	defaultScheme   = "https"
-	defaultHostname = "api.cloudflare.com"
-	defaultBasePath = "/client/v4"
-	userAgent       = "cloudflare-go"
-
-	// AccountRouteRoot is the accounts route namespace.
-	AccountRouteRoot RouteRoot = "accounts"
-
-	// ZoneRouteRoot is the zones route namespace.
-	ZoneRouteRoot RouteRoot = "zones"
-
-	originCARootCertEccURL = "https://developers.cloudflare.com/ssl/static/origin_ca_ecc_root.pem"
-	originCARootCertRsaURL = "https://developers.cloudflare.com/ssl/static/origin_ca_rsa_root.pem"
-
-	// Used for testing.
-	testAccountID    = "01a7362d577a6c3019a474fd6f485823"
-	testZoneID       = "d56084adb405e0b7e32c52321bf07be6"
-	testUserID       = "a81be4e9b20632860d20a64c054c4150"
-	testCertPackUUID = "a77f8bd7-3b47-46b4-a6f1-75cf98109948"
-	testTunnelID     = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-)
diff --git a/pkg/cloudflare-go/convert_types.go b/pkg/cloudflare-go/convert_types.go
deleted file mode 100644
index f3ebc83d0d..0000000000
--- a/pkg/cloudflare-go/convert_types.go
+++ /dev/null
@@ -1,932 +0,0 @@
-// File contains helper methods for accepting variants (pointers, values,
-// slices, etc) of a particular type and returning them in another. A common use
-// is pointer to values and back.
-//
-// _Most_ follow the convention of (where <type> is a Golang type such as Bool):
-//
-// <type>Ptr: Accepts a value and returns a pointer.
-// <type>: Accepts a pointer and returns a value.
-// <type>PtrSlice: Accepts a slice of values and returns a slice of pointers.
-// <type>Slice: Accepts a slice of pointers and returns a slice of values.
-// <type>PtrMap: Accepts a string map of values into a string map of pointers.
-// <type>Map: Accepts a string map of pointers into a string map of values.
-//
-// Not all Golang types are covered here, only those that are commonly used.
-package cloudflare
-
-import (
-	"reflect"
-	"time"
-)
-
-// AnyPtr is a helper routine that allocates a new interface value
-// to store v and returns a pointer to it.
-//
-// Usage: var _ *Type = AnyPtr(Type(value) | value).(*Type)
-//
-//	var _ *bool = AnyPtr(true).(*bool)
-//	var _ *byte = AnyPtr(byte(1)).(*byte)
-//	var _ *complex64 = AnyPtr(complex64(1.1)).(*complex64)
-//	var _ *complex128 = AnyPtr(complex128(1.1)).(*complex128)
-//	var _ *float32 = AnyPtr(float32(1.1)).(*float32)
-//	var _ *float64 = AnyPtr(float64(1.1)).(*float64)
-//	var _ *int = AnyPtr(int(1)).(*int)
-//	var _ *int8 = AnyPtr(int8(8)).(*int8)
-//	var _ *int16 = AnyPtr(int16(16)).(*int16)
-//	var _ *int32 = AnyPtr(int32(32)).(*int32)
-//	var _ *int64 = AnyPtr(int64(64)).(*int64)
-//	var _ *rune = AnyPtr(rune(1)).(*rune)
-//	var _ *string = AnyPtr("ptr").(*string)
-//	var _ *uint = AnyPtr(uint(1)).(*uint)
-//	var _ *uint8 = AnyPtr(uint8(8)).(*uint8)
-//	var _ *uint16 = AnyPtr(uint16(16)).(*uint16)
-//	var _ *uint32 = AnyPtr(uint32(32)).(*uint32)
-//	var _ *uint64 = AnyPtr(uint64(64)).(*uint64)
-func AnyPtr(v interface{}) interface{} {
-	r := reflect.New(reflect.TypeOf(v))
-	reflect.ValueOf(r.Interface()).Elem().Set(reflect.ValueOf(v))
-	return r.Interface()
-}
-
-// BytePtr is a helper routine that allocates a new byte value to store v and
-// returns a pointer to it.
-func BytePtr(v byte) *byte { return &v }
-
-// Complex64Ptr is a helper routine that allocates a new complex64 value to
-// store v and returns a pointer to it.
-func Complex64Ptr(v complex64) *complex64 { return &v }
-
-// Complex128Ptr is a helper routine that allocates a new complex128 value
-// to store v and returns a pointer to it.
-func Complex128Ptr(v complex128) *complex128 { return &v }
-
-// RunePtr is a helper routine that allocates a new rune value to store v
-// and returns a pointer to it.
-func RunePtr(v rune) *rune { return &v }
-
-// TimePtr is a helper routine that allocates a new time.Time value
-// to store v and returns a pointer to it.
-func TimePtr(v time.Time) *time.Time { return &v }
-
-// DurationPtr is a helper routine that allocates a new time.Duration value
-// to store v and returns a pointer to it.
-func DurationPtr(v time.Duration) *time.Duration { return &v }
-
-// BoolPtr is a helper routine that allocates a new bool value to store v and
-// returns a pointer to it.
-func BoolPtr(v bool) *bool { return &v }
-
-// Bool is a helper routine that accepts a bool pointer and returns a value
-// to it.
-func Bool(v *bool) bool {
-	if v != nil {
-		return *v
-	}
-	return false
-}
-
-// BoolPtrSlice converts a slice of bool values into a slice of bool pointers.
-func BoolPtrSlice(src []bool) []*bool {
-	dst := make([]*bool, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// BoolSlice converts a slice of bool pointers into a slice of bool values.
-func BoolSlice(src []*bool) []bool {
-	dst := make([]bool, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// BoolPtrMap converts a string map of bool values into a string map of bool
-// pointers.
-func BoolPtrMap(src map[string]bool) map[string]*bool {
-	dst := make(map[string]*bool)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// BoolMap converts a string map of bool pointers into a string map of bool
-// values.
-func BoolMap(src map[string]*bool) map[string]bool {
-	dst := make(map[string]bool)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Byte is a helper routine that accepts a byte pointer and returns a
-// value to it.
-func Byte(v *byte) byte {
-	if v != nil {
-		return *v
-	}
-	return byte(0)
-}
-
-// Complex64 is a helper routine that accepts a complex64 pointer and
-// returns a value to it.
-func Complex64(v *complex64) complex64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Complex128 is a helper routine that accepts a complex128 pointer and
-// returns a value to it.
-func Complex128(v *complex128) complex128 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Float32Ptr is a helper routine that allocates a new float32 value to store v
-// and returns a pointer to it.
-func Float32Ptr(v float32) *float32 { return &v }
-
-// Float32 is a helper routine that accepts a float32 pointer and returns a
-// value to it.
-func Float32(v *float32) float32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Float32PtrSlice converts a slice of float32 values into a slice of float32
-// pointers.
-func Float32PtrSlice(src []float32) []*float32 {
-	dst := make([]*float32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Float32Slice converts a slice of float32 pointers into a slice of
-// float32 values.
-func Float32Slice(src []*float32) []float32 {
-	dst := make([]float32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Float32PtrMap converts a string map of float32 values into a string map of
-// float32 pointers.
-func Float32PtrMap(src map[string]float32) map[string]*float32 {
-	dst := make(map[string]*float32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Float32Map converts a string map of float32 pointers into a string
-// map of float32 values.
-func Float32Map(src map[string]*float32) map[string]float32 {
-	dst := make(map[string]float32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Float64Ptr is a helper routine that allocates a new float64 value to store v
-// and returns a pointer to it.
-func Float64Ptr(v float64) *float64 { return &v }
-
-// Float64 is a helper routine that accepts a float64 pointer and returns a
-// value to it.
-func Float64(v *float64) float64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Float64PtrSlice converts a slice of float64 values into a slice of float64
-// pointers.
-func Float64PtrSlice(src []float64) []*float64 {
-	dst := make([]*float64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Float64Slice converts a slice of float64 pointers into a slice of
-// float64 values.
-func Float64Slice(src []*float64) []float64 {
-	dst := make([]float64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Float64PtrMap converts a string map of float64 values into a string map of
-// float64 pointers.
-func Float64PtrMap(src map[string]float64) map[string]*float64 {
-	dst := make(map[string]*float64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Float64Map converts a string map of float64 pointers into a string
-// map of float64 values.
-func Float64Map(src map[string]*float64) map[string]float64 {
-	dst := make(map[string]float64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// IntPtr is a helper routine that allocates a new int value to store v and
-// returns a pointer to it.
-func IntPtr(v int) *int { return &v }
-
-// Int is a helper routine that accepts a int pointer and returns a value
-// to it.
-func Int(v *int) int {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// IntPtrSlice converts a slice of int values into a slice of int pointers.
-func IntPtrSlice(src []int) []*int {
-	dst := make([]*int, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// IntSlice converts a slice of int pointers into a slice of int values.
-func IntSlice(src []*int) []int {
-	dst := make([]int, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// IntPtrMap converts a string map of int values into a string map of int
-// pointers.
-func IntPtrMap(src map[string]int) map[string]*int {
-	dst := make(map[string]*int)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// IntMap converts a string map of int pointers into a string map of int
-// values.
-func IntMap(src map[string]*int) map[string]int {
-	dst := make(map[string]int)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int8Ptr is a helper routine that allocates a new int8 value to store v and
-// returns a pointer to it.
-func Int8Ptr(v int8) *int8 { return &v }
-
-// Int8 is a helper routine that accepts a int8 pointer and returns a value
-// to it.
-func Int8(v *int8) int8 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int8PtrSlice converts a slice of int8 values into a slice of int8 pointers.
-func Int8PtrSlice(src []int8) []*int8 {
-	dst := make([]*int8, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int8Slice converts a slice of int8 pointers into a slice of int8 values.
-func Int8Slice(src []*int8) []int8 {
-	dst := make([]int8, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int8PtrMap converts a string map of int8 values into a string map of int8
-// pointers.
-func Int8PtrMap(src map[string]int8) map[string]*int8 {
-	dst := make(map[string]*int8)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int8Map converts a string map of int8 pointers into a string map of int8
-// values.
-func Int8Map(src map[string]*int8) map[string]int8 {
-	dst := make(map[string]int8)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int16Ptr is a helper routine that allocates a new int16 value to store v
-// and returns a pointer to it.
-func Int16Ptr(v int16) *int16 { return &v }
-
-// Int16 is a helper routine that accepts a int16 pointer and returns a
-// value to it.
-func Int16(v *int16) int16 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int16PtrSlice converts a slice of int16 values into a slice of int16
-// pointers.
-func Int16PtrSlice(src []int16) []*int16 {
-	dst := make([]*int16, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int16Slice converts a slice of int16 pointers into a slice of int16
-// values.
-func Int16Slice(src []*int16) []int16 {
-	dst := make([]int16, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int16PtrMap converts a string map of int16 values into a string map of int16
-// pointers.
-func Int16PtrMap(src map[string]int16) map[string]*int16 {
-	dst := make(map[string]*int16)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int16Map converts a string map of int16 pointers into a string map of
-// int16 values.
-func Int16Map(src map[string]*int16) map[string]int16 {
-	dst := make(map[string]int16)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int32Ptr is a helper routine that allocates a new int32 value to store v
-// and returns a pointer to it.
-func Int32Ptr(v int32) *int32 { return &v }
-
-// Int32 is a helper routine that accepts a int32 pointer and returns a
-// value to it.
-func Int32(v *int32) int32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int32PtrSlice converts a slice of int32 values into a slice of int32
-// pointers.
-func Int32PtrSlice(src []int32) []*int32 {
-	dst := make([]*int32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int32Slice converts a slice of int32 pointers into a slice of int32
-// values.
-func Int32Slice(src []*int32) []int32 {
-	dst := make([]int32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int32PtrMap converts a string map of int32 values into a string map of int32
-// pointers.
-func Int32PtrMap(src map[string]int32) map[string]*int32 {
-	dst := make(map[string]*int32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int32Map converts a string map of int32 pointers into a string map of
-// int32 values.
-func Int32Map(src map[string]*int32) map[string]int32 {
-	dst := make(map[string]int32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Int64Ptr is a helper routine that allocates a new int64 value to store v
-// and returns a pointer to it.
-func Int64Ptr(v int64) *int64 { return &v }
-
-// Int64 is a helper routine that accepts a int64 pointer and returns a
-// value to it.
-func Int64(v *int64) int64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Int64PtrSlice converts a slice of int64 values into a slice of int64
-// pointers.
-func Int64PtrSlice(src []int64) []*int64 {
-	dst := make([]*int64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Int64Slice converts a slice of int64 pointers into a slice of int64
-// values.
-func Int64Slice(src []*int64) []int64 {
-	dst := make([]int64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Int64PtrMap converts a string map of int64 values into a string map of int64
-// pointers.
-func Int64PtrMap(src map[string]int64) map[string]*int64 {
-	dst := make(map[string]*int64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Int64Map converts a string map of int64 pointers into a string map of
-// int64 values.
-func Int64Map(src map[string]*int64) map[string]int64 {
-	dst := make(map[string]int64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Rune is a helper routine that accepts a rune pointer and returns a value
-// to it.
-func Rune(v *rune) rune {
-	if v != nil {
-		return *v
-	}
-	return rune(0)
-}
-
-// StringPtr is a helper routine that allocates a new string value to store v
-// and returns a pointer to it.
-func StringPtr(v string) *string { return &v }
-
-// String is a helper routine that accepts a string pointer and returns a
-// value to it.
-func String(v *string) string {
-	if v != nil {
-		return *v
-	}
-	return ""
-}
-
-// StringPtrSlice converts a slice of string values into a slice of string
-// pointers.
-func StringPtrSlice(src []string) []*string {
-	dst := make([]*string, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// StringSlice converts a slice of string pointers into a slice of string
-// values.
-func StringSlice(src []*string) []string {
-	dst := make([]string, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// StringPtrMap converts a string map of string values into a string map of
-// string pointers.
-func StringPtrMap(src map[string]string) map[string]*string {
-	dst := make(map[string]*string)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// StringMap converts a string map of string pointers into a string map of
-// string values.
-func StringMap(src map[string]*string) map[string]string {
-	dst := make(map[string]string)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// UintPtr is a helper routine that allocates a new uint value to store v
-// and returns a pointer to it.
-func UintPtr(v uint) *uint { return &v }
-
-// Uint is a helper routine that accepts a uint pointer and returns a value
-// to it.
-func Uint(v *uint) uint {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// UintPtrSlice converts a slice of uint values uinto a slice of uint pointers.
-func UintPtrSlice(src []uint) []*uint {
-	dst := make([]*uint, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// UintSlice converts a slice of uint pointers uinto a slice of uint
-// values.
-func UintSlice(src []*uint) []uint {
-	dst := make([]uint, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// UintPtrMap converts a string map of uint values uinto a string map of uint
-// pointers.
-func UintPtrMap(src map[string]uint) map[string]*uint {
-	dst := make(map[string]*uint)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// UintMap converts a string map of uint pointers uinto a string map of
-// uint values.
-func UintMap(src map[string]*uint) map[string]uint {
-	dst := make(map[string]uint)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint8Ptr is a helper routine that allocates a new uint8 value to store v
-// and returns a pointer to it.
-func Uint8Ptr(v uint8) *uint8 { return &v }
-
-// Uint8 is a helper routine that accepts a uint8 pointer and returns a
-// value to it.
-func Uint8(v *uint8) uint8 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint8PtrSlice converts a slice of uint8 values into a slice of uint8
-// pointers.
-func Uint8PtrSlice(src []uint8) []*uint8 {
-	dst := make([]*uint8, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint8Slice converts a slice of uint8 pointers into a slice of uint8
-// values.
-func Uint8Slice(src []*uint8) []uint8 {
-	dst := make([]uint8, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint8PtrMap converts a string map of uint8 values into a string map of uint8
-// pointers.
-func Uint8PtrMap(src map[string]uint8) map[string]*uint8 {
-	dst := make(map[string]*uint8)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint8Map converts a string map of uint8 pointers into a string
-// map of uint8 values.
-func Uint8Map(src map[string]*uint8) map[string]uint8 {
-	dst := make(map[string]uint8)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint16Ptr is a helper routine that allocates a new uint16 value to store v
-// and returns a pointer to it.
-func Uint16Ptr(v uint16) *uint16 { return &v }
-
-// Uint16 is a helper routine that accepts a uint16 pointer and returns a
-// value to it.
-func Uint16(v *uint16) uint16 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint16PtrSlice converts a slice of uint16 values into a slice of uint16
-// pointers.
-func Uint16PtrSlice(src []uint16) []*uint16 {
-	dst := make([]*uint16, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint16Slice converts a slice of uint16 pointers into a slice of uint16
-// values.
-func Uint16Slice(src []*uint16) []uint16 {
-	dst := make([]uint16, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint16PtrMap converts a string map of uint16 values into a string map of
-// uint16 pointers.
-func Uint16PtrMap(src map[string]uint16) map[string]*uint16 {
-	dst := make(map[string]*uint16)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint16Map converts a string map of uint16 pointers into a string map of
-// uint16 values.
-func Uint16Map(src map[string]*uint16) map[string]uint16 {
-	dst := make(map[string]uint16)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint32Ptr is a helper routine that allocates a new uint32 value to store v
-// and returns a pointer to it.
-func Uint32Ptr(v uint32) *uint32 { return &v }
-
-// Uint32 is a helper routine that accepts a uint32 pointer and returns a
-// value to it.
-func Uint32(v *uint32) uint32 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint32PtrSlice converts a slice of uint32 values into a slice of uint32
-// pointers.
-func Uint32PtrSlice(src []uint32) []*uint32 {
-	dst := make([]*uint32, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint32Slice converts a slice of uint32 pointers into a slice of uint32
-// values.
-func Uint32Slice(src []*uint32) []uint32 {
-	dst := make([]uint32, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint32PtrMap converts a string map of uint32 values into a string map of
-// uint32 pointers.
-func Uint32PtrMap(src map[string]uint32) map[string]*uint32 {
-	dst := make(map[string]*uint32)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint32Map converts a string map of uint32 pointers into a string
-// map of uint32 values.
-func Uint32Map(src map[string]*uint32) map[string]uint32 {
-	dst := make(map[string]uint32)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Uint64Ptr is a helper routine that allocates a new uint64 value to store v
-// and returns a pointer to it.
-func Uint64Ptr(v uint64) *uint64 { return &v }
-
-// Uint64 is a helper routine that accepts a uint64 pointer and returns a
-// value to it.
-func Uint64(v *uint64) uint64 {
-	if v != nil {
-		return *v
-	}
-	return 0
-}
-
-// Uint64PtrSlice converts a slice of uint64 values into a slice of uint64
-// pointers.
-func Uint64PtrSlice(src []uint64) []*uint64 {
-	dst := make([]*uint64, len(src))
-	for i := 0; i < len(src); i++ {
-		dst[i] = &(src[i])
-	}
-	return dst
-}
-
-// Uint64Slice converts a slice of uint64 pointers into a slice of uint64
-// values.
-func Uint64Slice(src []*uint64) []uint64 {
-	dst := make([]uint64, len(src))
-	for i := 0; i < len(src); i++ {
-		if src[i] != nil {
-			dst[i] = *(src[i])
-		}
-	}
-	return dst
-}
-
-// Uint64PtrMap converts a string map of uint64 values into a string map of
-// uint64 pointers.
-func Uint64PtrMap(src map[string]uint64) map[string]*uint64 {
-	dst := make(map[string]*uint64)
-	for k, val := range src {
-		v := val
-		dst[k] = &v
-	}
-	return dst
-}
-
-// Uint64Map converts a string map of uint64 pointers into a string map of
-// uint64 values.
-func Uint64Map(src map[string]*uint64) map[string]uint64 {
-	dst := make(map[string]uint64)
-	for k, val := range src {
-		if val != nil {
-			dst[k] = *val
-		}
-	}
-	return dst
-}
-
-// Time is a helper routine that accepts a time pointer value and returns a
-// value to it.
-func Time(v *time.Time) time.Time {
-	if v != nil {
-		return *v
-	}
-	return time.Time{}
-}
-
-// Duration is a helper routine that accepts a time pointer ion value
-// and returns a value to it.
-// func Duration(v *time.Duration) time.Duration {
-// 	if v != nil {
-// 		return *v
-// 	}
-// 	return time.Duration(0)
-// }
diff --git a/pkg/cloudflare-go/custom_hostname.go b/pkg/cloudflare-go/custom_hostname.go
deleted file mode 100644
index b625b72326..0000000000
--- a/pkg/cloudflare-go/custom_hostname.go
+++ /dev/null
@@ -1,330 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// CustomHostnameStatus is the enumeration of valid state values in the CustomHostnameSSL.
-type CustomHostnameStatus string
-
-const (
-	// PENDING status represents state of CustomHostname is pending.
-	PENDING CustomHostnameStatus = "pending"
-	// ACTIVE status represents state of CustomHostname is active.
-	ACTIVE CustomHostnameStatus = "active"
-	// MOVED status represents state of CustomHostname is moved.
-	MOVED CustomHostnameStatus = "moved"
-	// DELETED status represents state of CustomHostname is deleted.
-	DELETED CustomHostnameStatus = "deleted"
-	// BLOCKED status represents state of CustomHostname is blocked from going active.
-	BLOCKED CustomHostnameStatus = "blocked"
-)
-
-// CustomHostnameSSLSettings represents the SSL settings for a custom hostname.
-type CustomHostnameSSLSettings struct {
-	HTTP2         string   `json:"http2,omitempty"`
-	HTTP3         string   `json:"http3,omitempty"`
-	TLS13         string   `json:"tls_1_3,omitempty"`
-	MinTLSVersion string   `json:"min_tls_version,omitempty"`
-	Ciphers       []string `json:"ciphers,omitempty"`
-	EarlyHints    string   `json:"early_hints,omitempty"`
-}
-
-// CustomHostnameOwnershipVerification represents ownership verification status of a given custom hostname.
-type CustomHostnameOwnershipVerification struct {
-	Type  string `json:"type,omitempty"`
-	Name  string `json:"name,omitempty"`
-	Value string `json:"value,omitempty"`
-}
-
-// SSLValidationError represents errors that occurred during SSL validation.
-type SSLValidationError struct {
-	Message string `json:"message,omitempty"`
-}
-
-// CustomHostnameSSLCertificates represent certificate properties like issuer, expires date and etc.
-type CustomHostnameSSLCertificates struct {
-	Issuer            string     `json:"issuer"`
-	SerialNumber      string     `json:"serial_number"`
-	Signature         string     `json:"signature"`
-	ExpiresOn         *time.Time `json:"expires_on"`
-	IssuedOn          *time.Time `json:"issued_on"`
-	FingerprintSha256 string     `json:"fingerprint_sha256"`
-	ID                string     `json:"id"`
-}
-
-// CustomHostnameSSL represents the SSL section in a given custom hostname.
-type CustomHostnameSSL struct {
-	ID                   string                          `json:"id,omitempty"`
-	Status               string                          `json:"status,omitempty"`
-	Method               string                          `json:"method,omitempty"`
-	Type                 string                          `json:"type,omitempty"`
-	Wildcard             *bool                           `json:"wildcard,omitempty"`
-	CustomCertificate    string                          `json:"custom_certificate,omitempty"`
-	CustomKey            string                          `json:"custom_key,omitempty"`
-	CertificateAuthority string                          `json:"certificate_authority,omitempty"`
-	Issuer               string                          `json:"issuer,omitempty"`
-	SerialNumber         string                          `json:"serial_number,omitempty"`
-	Settings             CustomHostnameSSLSettings       `json:"settings,omitempty"`
-	Certificates         []CustomHostnameSSLCertificates `json:"certificates,omitempty"`
-	// Deprecated: use ValidationRecords.
-	// If there a single validation record, this will equal ValidationRecords[0] for backwards compatibility.
-	SSLValidationRecord
-	ValidationRecords []SSLValidationRecord `json:"validation_records,omitempty"`
-	ValidationErrors  []SSLValidationError  `json:"validation_errors,omitempty"`
-	BundleMethod      string                `json:"bundle_method,omitempty"`
-}
-
-// CustomMetadata defines custom metadata for the hostname. This requires logic to be implemented by Cloudflare to act on the data provided.
-type CustomMetadata map[string]interface{}
-
-// CustomHostname represents a custom hostname in a zone.
-type CustomHostname struct {
-	ID                        string                                  `json:"id,omitempty"`
-	Hostname                  string                                  `json:"hostname,omitempty"`
-	CustomOriginServer        string                                  `json:"custom_origin_server,omitempty"`
-	CustomOriginSNI           string                                  `json:"custom_origin_sni,omitempty"`
-	SSL                       *CustomHostnameSSL                      `json:"ssl,omitempty"`
-	CustomMetadata            *CustomMetadata                         `json:"custom_metadata,omitempty"`
-	Status                    CustomHostnameStatus                    `json:"status,omitempty"`
-	VerificationErrors        []string                                `json:"verification_errors,omitempty"`
-	OwnershipVerification     CustomHostnameOwnershipVerification     `json:"ownership_verification,omitempty"`
-	OwnershipVerificationHTTP CustomHostnameOwnershipVerificationHTTP `json:"ownership_verification_http,omitempty"`
-	CreatedAt                 *time.Time                              `json:"created_at,omitempty"`
-}
-
-// CustomHostnameOwnershipVerificationHTTP represents a response from the Custom Hostnames endpoints.
-type CustomHostnameOwnershipVerificationHTTP struct {
-	HTTPUrl  string `json:"http_url,omitempty"`
-	HTTPBody string `json:"http_body,omitempty"`
-}
-
-// CustomHostnameResponse represents a response from the Custom Hostnames endpoints.
-type CustomHostnameResponse struct {
-	Result CustomHostname `json:"result"`
-	Response
-}
-
-// CustomHostnameListResponse represents a response from the Custom Hostnames endpoints.
-type CustomHostnameListResponse struct {
-	Result []CustomHostname `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// CustomHostnameFallbackOrigin represents a Custom Hostnames Fallback Origin.
-type CustomHostnameFallbackOrigin struct {
-	Origin string   `json:"origin,omitempty"`
-	Status string   `json:"status,omitempty"`
-	Errors []string `json:"errors,omitempty"`
-}
-
-// CustomHostnameFallbackOriginResponse represents a response from the Custom Hostnames Fallback Origin endpoint.
-type CustomHostnameFallbackOriginResponse struct {
-	Result CustomHostnameFallbackOrigin `json:"result"`
-	Response
-}
-
-// UpdateCustomHostnameSSL modifies SSL configuration for the given custom
-// hostname in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-update-custom-hostname-configuration
-func (api *API) UpdateCustomHostnameSSL(ctx context.Context, zoneID string, customHostnameID string, ssl *CustomHostnameSSL) (*CustomHostnameResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
-	ch := CustomHostname{
-		SSL: ssl,
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ch)
-	if err != nil {
-		return nil, err
-	}
-
-	var response *CustomHostnameResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response, nil
-}
-
-// UpdateCustomHostname modifies configuration for the given custom
-// hostname in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-update-custom-hostname-configuration
-func (api *API) UpdateCustomHostname(ctx context.Context, zoneID string, customHostnameID string, ch CustomHostname) (*CustomHostnameResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ch)
-	if err != nil {
-		return nil, err
-	}
-
-	var response *CustomHostnameResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response, nil
-}
-
-// DeleteCustomHostname deletes a custom hostname (and any issued SSL
-// certificates).
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-delete-a-custom-hostname-and-any-issued-ssl-certificates-
-func (api *API) DeleteCustomHostname(ctx context.Context, zoneID string, customHostnameID string) error {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var response *CustomHostnameResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// CreateCustomHostname creates a new custom hostname and requests that an SSL certificate be issued for it.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-create-custom-hostname
-func (api *API) CreateCustomHostname(ctx context.Context, zoneID string, ch CustomHostname) (*CustomHostnameResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ch)
-	if err != nil {
-		return nil, err
-	}
-
-	var response *CustomHostnameResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// CustomHostnames fetches custom hostnames for the given zone,
-// by applying filter.Hostname if not empty and scoping the result to page'th 50 items.
-//
-// The returned ResultInfo can be used to implement pagination.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-list-custom-hostnames
-func (api *API) CustomHostnames(ctx context.Context, zoneID string, page int, filter CustomHostname) ([]CustomHostname, ResultInfo, error) {
-	v := url.Values{}
-	v.Set("per_page", "50")
-	v.Set("page", strconv.Itoa(page))
-	if filter.Hostname != "" {
-		v.Set("hostname", filter.Hostname)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames?%s", zoneID, v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []CustomHostname{}, ResultInfo{}, err
-	}
-	var customHostnameListResponse CustomHostnameListResponse
-	err = json.Unmarshal(res, &customHostnameListResponse)
-	if err != nil {
-		return []CustomHostname{}, ResultInfo{}, err
-	}
-
-	return customHostnameListResponse.Result, customHostnameListResponse.ResultInfo, nil
-}
-
-// CustomHostname inspects the given custom hostname in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-for-a-zone-custom-hostname-configuration-details
-func (api *API) CustomHostname(ctx context.Context, zoneID string, customHostnameID string) (CustomHostname, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/%s", zoneID, customHostnameID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CustomHostname{}, err
-	}
-
-	var response CustomHostnameResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return CustomHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// CustomHostnameIDByName retrieves the ID for the given hostname in the given zone.
-func (api *API) CustomHostnameIDByName(ctx context.Context, zoneID string, hostname string) (string, error) {
-	customHostnames, _, err := api.CustomHostnames(ctx, zoneID, 1, CustomHostname{Hostname: hostname})
-	if err != nil {
-		return "", fmt.Errorf("CustomHostnames command failed: %w", err)
-	}
-	for _, ch := range customHostnames {
-		if ch.Hostname == hostname {
-			return ch.ID, nil
-		}
-	}
-	return "", errors.New("CustomHostname could not be found")
-}
-
-// UpdateCustomHostnameFallbackOrigin modifies the Custom Hostname Fallback origin in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-update-fallback-origin-for-custom-hostnames
-func (api *API) UpdateCustomHostnameFallbackOrigin(ctx context.Context, zoneID string, chfo CustomHostnameFallbackOrigin) (*CustomHostnameFallbackOriginResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, chfo)
-	if err != nil {
-		return nil, err
-	}
-
-	var response *CustomHostnameFallbackOriginResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response, nil
-}
-
-// DeleteCustomHostnameFallbackOrigin deletes the Custom Hostname Fallback origin in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-delete-fallback-origin-for-custom-hostnames
-func (api *API) DeleteCustomHostnameFallbackOrigin(ctx context.Context, zoneID string) error {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var response *CustomHostnameFallbackOriginResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// CustomHostnameFallbackOrigin inspects the Custom Hostname Fallback origin in the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-hostname-fallback-origin-for-a-zone-properties
-func (api *API) CustomHostnameFallbackOrigin(ctx context.Context, zoneID string) (CustomHostnameFallbackOrigin, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_hostnames/fallback_origin", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CustomHostnameFallbackOrigin{}, err
-	}
-
-	var response CustomHostnameFallbackOriginResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return CustomHostnameFallbackOrigin{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/custom_hostname_test.go b/pkg/cloudflare-go/custom_hostname_test.go
deleted file mode 100644
index c38bbbee34..0000000000
--- a/pkg/cloudflare-go/custom_hostname_test.go
+++ /dev/null
@@ -1,1114 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCustomHostname_DeleteCustomHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-{
-  "id": "bar"
-}`)
-	})
-
-	err := client.DeleteCustomHostname(context.Background(), "foo", "bar")
-
-	assert.NoError(t, err)
-}
-
-func TestCustomHostname_CreateCustomHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"validation_records": [{
-				"cname_target": "dcv.digicert.com",
-				"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com"
-			}],
-			"settings": {
-			"http2": "on"
-			}
-		},
-		"status": "pending",
-		"verification_errors": [
-		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-		],
-		"ownership_verification": {
-		  "type": "txt",
-		  "name": "_cf-custom-hostname.app.example.com",
-		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"ownership_verification_http": {
-		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"created_at": "2020-02-06T18:11:23.531995Z"
-	}
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv"}})
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
-
-	validationRec := SSLValidationRecord{
-		CnameTarget: "dcv.digicert.com",
-		CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-	}
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:                "dv",
-				Method:              "cname",
-				Status:              "pending_validation",
-				SSLValidationRecord: validationRec,
-				ValidationRecords:   []SSLValidationRecord{validationRec},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "on",
-				},
-			},
-			Status:             "pending",
-			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
-			OwnershipVerification: CustomHostnameOwnershipVerification{
-				Type:  "txt",
-				Name:  "_cf-custom-hostname.app.example.com",
-				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
-				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			CreatedAt: &createdAt,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CreateCustomHostname_MethodTxt(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "txt",
-			"type": "dv",
-			"txt_name": "app.example.com",
-			"txt_value": "ca3-f8db94da174g4c409b17fcaa5470deb2",
-			"settings": {
-			"http2": "on"
-			}
-		},
-		"status": "pending",
-		"verification_errors": [
-		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-		],
-		"ownership_verification": {
-		  "type": "txt",
-		  "name": "_cf-custom-hostname.app.example.com",
-		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"ownership_verification_http": {
-		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"created_at": "2020-02-06T18:11:23.531995Z"
-	}
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "txt", Type: "dv"}})
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "txt",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					TxtName:  "app.example.com",
-					TxtValue: "ca3-f8db94da174g4c409b17fcaa5470deb2",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "on",
-				},
-			},
-			Status:             "pending",
-			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
-			OwnershipVerification: CustomHostnameOwnershipVerification{
-				Type:  "txt",
-				Name:  "_cf-custom-hostname.app.example.com",
-				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
-				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			CreatedAt: &createdAt,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CreateCustomHostname_CustomOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"settings": {
-			"http2": "on"
-			}
-		}
-  	}
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv"}})
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "on",
-				},
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CreateCustomHostname_No_SSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"status": "pending",
-		"verification_errors": [
-		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-		],
-		"ownership_verification": {
-		  "type": "txt",
-		  "name": "_cf-custom-hostname.app.example.com",
-		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"ownership_verification_http": {
-		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"created_at": "2020-02-06T18:11:23.531995Z"
-	}
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com"})
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			Status:             "pending",
-			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
-			OwnershipVerification: CustomHostnameOwnershipVerification{
-				Type:  "txt",
-				Name:  "_cf-custom-hostname.app.example.com",
-				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
-				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			CreatedAt: &createdAt,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CreateCustomHostname_CustomOriginSNI(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"custom_origin_sni": "app.example.com",
-		"status": "pending",
-		"verification_errors": [
-		  "None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-		],
-		"ownership_verification": {
-		  "type": "txt",
-		  "name": "_cf-custom-hostname.app.example.com",
-		  "value": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"ownership_verification_http": {
-		  "http_url": "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-		  "http_body": "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0"
-		},
-		"created_at": "2020-02-06T18:11:23.531995Z"
-	}
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", CustomOriginSNI: "app.example.com"})
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-02-06T18:11:23.531995Z")
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			CustomOriginSNI:    "app.example.com",
-			Status:             "pending",
-			VerificationErrors: []string{"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."},
-			OwnershipVerification: CustomHostnameOwnershipVerification{
-				Type:  "txt",
-				Name:  "_cf-custom-hostname.app.example.com",
-				Value: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
-				HTTPUrl:  "http://app.example.com/.well-known/cf-custom-hostname-challenge/37c82d20-99fb-490e-ba0a-489fa483b776",
-				HTTPBody: "38ddbedc-6cc3-4a4c-af67-9c5b02344ce0",
-			},
-			CreatedAt: &createdAt,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CustomHostnames(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success": true,
-	"result": [
-		{
-			"id": "custom_host_1",
-			"hostname": "custom.host.one",
-			"ssl": {
-				"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-				"type": "dv",
-				"method": "cname",
-				"status": "pending_validation",
-				"cname_target": "dcv.digicert.com",
-				"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				"issuer": "DigiCertInc",
-				"serial_number": "6743787633689793699141714808227354901",
-				"http_url": "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
-      			"http_body": "ca3-574923932a82475cb8592200f1a2a23d"
-			},
-			"custom_metadata": {
-				"a_random_field": "random field value"
-			},
-			"status": "pending",
-			"verification_errors": [
-				"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-    		],
-			"ownership_verification": {
-				"type": "txt",
-      			"name": "_cf-custom-hostname.app.example.com",
-      			"value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
-    		}
-		}
-	],
-	"result_info": {
-		"page": 1,
-		"per_page": 20,
-		"count": 5,
-		"total_count": 5
-	}
-}`)
-	})
-
-	customHostnames, _, err := client.CustomHostnames(context.Background(), "foo", 1, CustomHostname{})
-
-	want := []CustomHostname{
-		{
-			ID:       "custom_host_1",
-			Hostname: "custom.host.one",
-			SSL: &CustomHostnameSSL{
-				ID:     "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-					HTTPUrl:     "http://app.example.com/.well-known/pki-validation/ca3-da12a1c25e7b48cf80408c6c1763b8a2.txt",
-					HTTPBody:    "ca3-574923932a82475cb8592200f1a2a23d",
-				},
-				Issuer:       "DigiCertInc",
-				SerialNumber: "6743787633689793699141714808227354901",
-			},
-			CustomMetadata: &CustomMetadata{"a_random_field": "random field value"},
-			Status:         PENDING,
-			VerificationErrors: []string{"None of the A or AAAA records are owned " +
-				"by this account and the pre-generated ownership verification token was not found."},
-			OwnershipVerification: CustomHostnameOwnershipVerification{
-				Type:  "txt",
-				Name:  "_cf-custom-hostname.app.example.com",
-				Value: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
-			},
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, customHostnames)
-	}
-}
-
-func TestCustomHostname_CustomHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-"success": true,
-"result": {
-    "id": "bar",
-    "hostname": "foo.bar.com",
-    "ssl": {
-      "id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-      "type": "dv",
-      "method": "http",
-      "status": "active",
-      "issuer": "DigiCertInc",
-      "serial_number": "6743787633689793699141714808227354901",
-      "settings": {
-        "ciphers": ["ECDHE-RSA-AES128-GCM-SHA256","AES128-SHA"],
-        "http2": "on",
-        "min_tls_version": "1.2"
-      }
-    },
-    "custom_metadata": {
-      "origin": "a.custom.origin"
-    },
-	"status": "pending",
-	"verification_errors": [
-		"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-    ],
-	"ownership_verification": {
-		"type": "txt",
-     	"name": "_cf-custom-hostname.app.example.com",
-    	"value": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
-    }
-  }
-}`)
-	})
-
-	customHostname, err := client.CustomHostname(context.Background(), "foo", "bar")
-
-	want := CustomHostname{
-		ID:       "bar",
-		Hostname: "foo.bar.com",
-		SSL: &CustomHostnameSSL{
-			ID:           "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Status:       "active",
-			Method:       "http",
-			Type:         "dv",
-			Issuer:       "DigiCertInc",
-			SerialNumber: "6743787633689793699141714808227354901",
-			Settings: CustomHostnameSSLSettings{
-				HTTP2:         "on",
-				MinTLSVersion: "1.2",
-				Ciphers:       []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES128-SHA"},
-			},
-		},
-		CustomMetadata: &CustomMetadata{"origin": "a.custom.origin"},
-		Status:         PENDING,
-		VerificationErrors: []string{"None of the A or AAAA records are owned " +
-			"by this account and the pre-generated ownership verification token was not found."},
-		OwnershipVerification: CustomHostnameOwnershipVerification{
-			Type:  "txt",
-			Name:  "_cf-custom-hostname.app.example.com",
-			Value: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, customHostname)
-	}
-}
-
-func TestCustomHostname_CustomHostname_WithSSLError(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-"success": true,
-"result": {
-	"id": "bar",
-	"hostname": "example.com",
-	"ssl": {
-		"type": "dv",
-		"method": "cname",
-		"status": "pending_validation",
-		"cname_target": "dcv.digicert.com",
-		"cname": "810b7d5f01154524b961ba0cd578acc2.example.com",
-		"validation_errors": [{
-			"message": "SERVFAIL looking up CAA for example.com"
-		}]
-	},
-	"status": "pending",
-	"verification_errors": [
-		"None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found."
-	],
-	"ownership_verification_http": {
-		"http_url": "http://example.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"http_body": "5cc07c04-ea62-4a5a-95f0-419334a875a4"
-	}
-}
-}`)
-	})
-
-	customHostname, err := client.CustomHostname(context.Background(), "foo", "bar")
-
-	want := CustomHostname{
-		ID:       "bar",
-		Hostname: "example.com",
-		SSL: &CustomHostnameSSL{
-			Type:   "dv",
-			Method: "cname",
-			Status: "pending_validation",
-			SSLValidationRecord: SSLValidationRecord{
-				CnameName:   "810b7d5f01154524b961ba0cd578acc2.example.com",
-				CnameTarget: "dcv.digicert.com",
-			},
-			ValidationErrors: []SSLValidationError{
-				{
-					Message: "SERVFAIL looking up CAA for example.com",
-				},
-			},
-		},
-		Status: PENDING,
-		VerificationErrors: []string{"None of the A or AAAA records are owned " +
-			"by this account and the pre-generated ownership verification token was not found."},
-		OwnershipVerificationHTTP: CustomHostnameOwnershipVerificationHTTP{
-			HTTPBody: "5cc07c04-ea62-4a5a-95f0-419334a875a4",
-			HTTPUrl:  "http://example.com/.well-known/cf-custom-hostname-challenge/0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, customHostname)
-	}
-}
-
-func TestCustomHostname_UpdateCustomHostnameSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"settings": {
-			"http2": "off",
-			"tls_1_3": "on"
-			}
-		}
-  	}
-}`)
-	})
-
-	response, err := client.UpdateCustomHostnameSSL(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", &CustomHostnameSSL{Method: "cname", Type: "dv", Settings: CustomHostnameSSLSettings{HTTP2: "off", TLS13: "on"}})
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "off",
-					TLS13: "on",
-				},
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_UpdateCustomHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		defer r.Body.Close()
-		reqBody, err := io.ReadAll(r.Body)
-		assert.NoError(t, err, "Reading request body")
-		assert.JSONEq(t, `
-{
-	"hostname": "app.example.com",
-	"custom_origin_server": "example.app.com",
-	"ssl": {
-		"method": "cname",
-		"type": "dv",
-		"wildcard": false,
-		"settings": {}
-	},
-	"ownership_verification": {},
-	"ownership_verification_http": {}
-}`, string(reqBody), "Unexpected request body")
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"settings": {
-				"http2": "off",
-				"tls_1_3": "on"
-			}
-		}
-  	}
-}`)
-	})
-
-	wildcard := false
-	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}})
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "off",
-					TLS13: "on",
-				},
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_UpdateCustomHostnameWithCustomMetadata(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		defer r.Body.Close()
-		reqBody, err := io.ReadAll(r.Body)
-		assert.NoError(t, err, "Reading request body")
-		assert.JSONEq(t, `
-{
-	"hostname": "app.example.com",
-	"custom_origin_server": "example.app.com",
-	"ssl": {
-		"method": "cname",
-		"type": "dv",
-		"wildcard": false,
-		"settings": {}
-	},
-	"custom_metadata": {
-		"a_random_field": "updated field value"
-	},
-	"ownership_verification": {},
-	"ownership_verification_http": {}
-}`, string(reqBody), "Unexpected request body")
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"settings": {
-				"http2": "off",
-				"tls_1_3": "on"
-			}
-		},
-		"custom_metadata": {
-			"a_random_field": "updated field value"
-		}
-	}
-}`)
-	})
-
-	wildcard := false
-	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}, CustomMetadata: &CustomMetadata{"a_random_field": "updated field value"}})
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "off",
-					TLS13: "on",
-				},
-			},
-			CustomMetadata: &CustomMetadata{
-				"a_random_field": "updated field value",
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_UpdateCustomHostnameWithEmptyCustomMetadata(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/0d89c70d-ad9f-4843-b99f-6cc0252067e9", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		defer r.Body.Close()
-		reqBody, err := io.ReadAll(r.Body)
-		assert.NoError(t, err, "Reading request body")
-		assert.JSONEq(t, `
-{
-	"hostname": "app.example.com",
-	"custom_origin_server": "example.app.com",
-	"ssl": {
-		"method": "cname",
-		"type": "dv",
-		"wildcard": false,
-		"settings": {}
-	},
-	"custom_metadata": {},
-	"ownership_verification": {},
-	"ownership_verification_http": {}
-}`, string(reqBody), "Unexpected request body")
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-	"success": true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"id": "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-		"hostname": "app.example.com",
-		"custom_origin_server": "example.app.com",
-		"ssl": {
-			"status": "pending_validation",
-			"method": "cname",
-			"type": "dv",
-			"cname_target": "dcv.digicert.com",
-			"cname": "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-			"settings": {
-				"http2": "off",
-				"tls_1_3": "on"
-			}
-		},
-		"custom_metadata": {}
-	}
-}`)
-	})
-
-	wildcard := false
-	response, err := client.UpdateCustomHostname(context.Background(), "foo", "0d89c70d-ad9f-4843-b99f-6cc0252067e9", CustomHostname{Hostname: "app.example.com", CustomOriginServer: "example.app.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", Wildcard: &wildcard}, CustomMetadata: &CustomMetadata{}})
-
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "0d89c70d-ad9f-4843-b99f-6cc0252067e9",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "example.app.com",
-			SSL: &CustomHostnameSSL{
-				Type:   "dv",
-				Method: "cname",
-				Status: "pending_validation",
-				SSLValidationRecord: SSLValidationRecord{
-					CnameTarget: "dcv.digicert.com",
-					CnameName:   "810b7d5f01154524b961ba0cd578acc2.app.example.com",
-				},
-				Settings: CustomHostnameSSLSettings{
-					HTTP2: "off",
-					TLS13: "on",
-				},
-			},
-			CustomMetadata: &CustomMetadata{},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CustomHostnameFallbackOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "origin": "fallback.example.com",
-    "status": "pending_deployment",
-    "errors": [
-      "DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"
-    ],
-    "created_at": "2019-10-28T18:11:23.37411Z",
-    "updated_at": "2020-03-16T18:11:23.531995Z"
-  }
-}`)
-	})
-
-	customHostnameFallbackOrigin, err := client.CustomHostnameFallbackOrigin(context.Background(), "foo")
-
-	want := CustomHostnameFallbackOrigin{
-		Origin: "fallback.example.com",
-		Status: "pending_deployment",
-		Errors: []string{"DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, customHostnameFallbackOrigin)
-	}
-}
-
-func TestCustomHostname_DeleteCustomHostnameFallbackOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-{
-  "id": "bar"
-}`)
-	})
-
-	err := client.DeleteCustomHostnameFallbackOrigin(context.Background(), "foo")
-
-	assert.NoError(t, err)
-}
-
-func TestCustomHostname_UpdateCustomHostnameFallbackOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "origin": "fallback.example.com",
-    "status": "pending_deployment",
-    "errors": [
-      "DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"
-    ],
-    "created_at": "2019-10-28T18:11:23.37411Z",
-    "updated_at": "2020-03-16T18:11:23.531995Z"
-  }
-}`)
-	})
-
-	response, err := client.UpdateCustomHostnameFallbackOrigin(context.Background(), "foo", CustomHostnameFallbackOrigin{Origin: "fallback.example.com"})
-
-	want := &CustomHostnameFallbackOriginResponse{
-		Result: CustomHostnameFallbackOrigin{
-			Origin: "fallback.example.com",
-			Status: "pending_deployment",
-			Errors: []string{"DNS records are not setup correctly. Origin should be a proxied A/AAAA/CNAME dns record"},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func TestCustomHostname_CreateCustomHostnameCustomCertificateAuthority(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/custom_hostnames", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-  "result": {
-    "id": "614b3124-cd57-42f0-8307-000000000000",
-    "hostname": "app.example.com",
-    "ssl": {
-      "id": "d9ae4881-34d2-4820-8e28-000000000000",
-      "type": "dv",
-      "method": "http",
-      "status": "initializing",
-      "settings": {
-        "min_tls_version": "1.2"
-      },
-      "wildcard": false,
-      "certificate_authority": "lets_encrypt"
-    },
-    "custom_origin_server": "origin.example.com",
-    "created_at": "2020-06-30T21:37:36.563495Z"
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}`)
-	})
-
-	response, err := client.CreateCustomHostname(context.Background(), "foo", CustomHostname{Hostname: "app.example.com", SSL: &CustomHostnameSSL{Method: "cname", Type: "dv", CertificateAuthority: "lets_encrypt"}})
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-06-30T21:37:36.563495Z")
-
-	wildcard := false
-	want := &CustomHostnameResponse{
-		Result: CustomHostname{
-			ID:                 "614b3124-cd57-42f0-8307-000000000000",
-			Hostname:           "app.example.com",
-			CustomOriginServer: "origin.example.com",
-			SSL: &CustomHostnameSSL{
-				ID:     "d9ae4881-34d2-4820-8e28-000000000000",
-				Type:   "dv",
-				Method: "http",
-				Status: "initializing",
-				Settings: CustomHostnameSSLSettings{
-					MinTLSVersion: "1.2",
-				},
-				Wildcard:             &wildcard,
-				CertificateAuthority: "lets_encrypt",
-			},
-			CreatedAt: &createdAt,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
diff --git a/pkg/cloudflare-go/custom_nameservers.go b/pkg/cloudflare-go/custom_nameservers.go
deleted file mode 100644
index dda3003c57..0000000000
--- a/pkg/cloudflare-go/custom_nameservers.go
+++ /dev/null
@@ -1,207 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type CustomNameserverRecord struct {
-	Type  string `json:"type"`
-	Value string `json:"value"`
-}
-
-type CustomNameserver struct {
-	NSName string `json:"ns_name"`
-	NSSet  int    `json:"ns_set"`
-}
-
-type CustomNameserverResult struct {
-	DNSRecords []CustomNameserverRecord `json:"dns_records"`
-	NSName     string                   `json:"ns_name"`
-	NSSet      int                      `json:"ns_set"`
-	Status     string                   `json:"status"`
-	ZoneTag    string                   `json:"zone_tag"`
-}
-
-type CustomNameserverZoneMetadata struct {
-	NSSet   int  `json:"ns_set"`
-	Enabled bool `json:"enabled"`
-}
-
-type customNameserverListResponse struct {
-	Response
-	Result []CustomNameserverResult `json:"result"`
-}
-
-type customNameserverCreateResponse struct {
-	Response
-	Result CustomNameserverResult `json:"result"`
-}
-
-type getEligibleZonesAccountCustomNameserversResponse struct {
-	Result []string `json:"result"`
-}
-
-type customNameserverZoneMetadata struct {
-	Response
-	Result CustomNameserverZoneMetadata
-}
-
-type GetCustomNameserversParams struct{}
-
-type CreateCustomNameserversParams struct {
-	NSName string `json:"ns_name"`
-	NSSet  int    `json:"ns_set"`
-}
-
-type DeleteCustomNameserversParams struct {
-	NSName string
-}
-
-type GetEligibleZonesAccountCustomNameserversParams struct{}
-
-type GetCustomNameserverZoneMetadataParams struct{}
-
-type UpdateCustomNameserverZoneMetadataParams struct {
-	NSSet   int  `json:"ns_set"`
-	Enabled bool `json:"enabled"`
-}
-
-// GetCustomNameservers lists custom nameservers.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-list-account-custom-nameservers
-func (api *API) GetCustomNameservers(ctx context.Context, rc *ResourceContainer, params GetCustomNameserversParams) ([]CustomNameserverResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return []CustomNameserverResult{}, ErrRequiredAccountLevelResourceContainer
-	}
-	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var response customNameserverListResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// CreateCustomNameservers adds a custom nameserver.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-add-account-custom-nameserver
-func (api *API) CreateCustomNameservers(ctx context.Context, rc *ResourceContainer, params CreateCustomNameserversParams) (CustomNameserverResult, error) {
-	if rc.Level != AccountRouteLevel {
-		return CustomNameserverResult{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return CustomNameserverResult{}, err
-	}
-
-	response := &customNameserverCreateResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return CustomNameserverResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// DeleteCustomNameservers removes a custom nameserver.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-delete-account-custom-nameserver
-func (api *API) DeleteCustomNameservers(ctx context.Context, rc *ResourceContainer, params DeleteCustomNameserversParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	if params.NSName == "" {
-		return errors.New("missing required NSName parameter")
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_ns/%s", rc.Level, rc.Identifier, params.NSName)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// GetEligibleZonesAccountCustomNameservers lists zones eligible for custom nameservers.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-get-eligible-zones-for-account-custom-nameservers
-func (api *API) GetEligibleZonesAccountCustomNameservers(ctx context.Context, rc *ResourceContainer, params GetEligibleZonesAccountCustomNameserversParams) ([]string, error) {
-	if rc.Level != AccountRouteLevel {
-		return []string{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_ns/availability", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var response getEligibleZonesAccountCustomNameserversResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// GetCustomNameserverZoneMetadata get metadata for custom nameservers on a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-usage-for-a-zone-get-account-custom-nameserver-related-zone-metadata
-func (api *API) GetCustomNameserverZoneMetadata(ctx context.Context, rc *ResourceContainer, params GetCustomNameserverZoneMetadataParams) (CustomNameserverZoneMetadata, error) {
-	if rc.Level != ZoneRouteLevel {
-		return CustomNameserverZoneMetadata{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CustomNameserverZoneMetadata{}, err
-	}
-
-	var response customNameserverZoneMetadata
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return CustomNameserverZoneMetadata{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// UpdateCustomNameserverZoneMetadata set metadata for custom nameservers on a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/account-level-custom-nameservers-usage-for-a-zone-set-account-custom-nameserver-related-zone-metadata
-func (api *API) UpdateCustomNameserverZoneMetadata(ctx context.Context, rc *ResourceContainer, params UpdateCustomNameserverZoneMetadataParams) error {
-	if rc.Level != ZoneRouteLevel {
-		return ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_ns", rc.Level, rc.Identifier)
-
-	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/custom_nameservers_test.go b/pkg/cloudflare-go/custom_nameservers_test.go
deleted file mode 100644
index 423205cac6..0000000000
--- a/pkg/cloudflare-go/custom_nameservers_test.go
+++ /dev/null
@@ -1,223 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAccountCustomNameserver_Get(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"ns_name": "ns1.example.com",
-					"ns_set": 1,
-					"dns_records": [
-						{
-							"type": "A",
-							"value": "192.0.2.1"
-						},
-						{
-							"type": "AAAA",
-							"value": "2400:cb00:2049:1::ffff:ffee"
-						}
-					]
-				},
-				{
-					"ns_name": "ns2.example.com",
-					"ns_set": 1,
-					"dns_records": [
-						{
-							"type": "A",
-							"value": "192.0.2.2"
-						},
-						{
-							"type": "AAAA",
-							"value": "2400:cb00:2049:1::ffff:fffe"
-						}
-					]
-				}
-			]
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns", handler)
-	want := []CustomNameserverResult{
-		{
-			DNSRecords: []CustomNameserverRecord{
-				{
-					Type:  "A",
-					Value: "192.0.2.1",
-				},
-				{
-					Type:  "AAAA",
-					Value: "2400:cb00:2049:1::ffff:ffee",
-				},
-			},
-			NSName: "ns1.example.com",
-			NSSet:  1,
-		},
-		{
-			DNSRecords: []CustomNameserverRecord{
-				{
-					Type:  "A",
-					Value: "192.0.2.2",
-				},
-				{
-					Type:  "AAAA",
-					Value: "2400:cb00:2049:1::ffff:fffe",
-				},
-			},
-			NSName: "ns2.example.com",
-			NSSet:  1,
-		},
-	}
-
-	actual, err := client.GetCustomNameservers(context.Background(), AccountIdentifier(testAccountID), GetCustomNameserversParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccountCustomNameserver_Create(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"ns_name": "ns1.example.com",
-				"ns_set": 1,
-				"dns_records": [
-					{
-						"type": "A",
-						"value": "192.0.2.1"
-					},
-					{
-						"type": "AAAA",
-						"value": "2400:cb00:2049:1::ffff:ffee"
-					}
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns", handler)
-	want := CustomNameserverResult{
-		DNSRecords: []CustomNameserverRecord{
-			{
-				Type:  "A",
-				Value: "192.0.2.1",
-			},
-			{
-				Type:  "AAAA",
-				Value: "2400:cb00:2049:1::ffff:ffee",
-			},
-		},
-		NSName: "ns1.example.com",
-		NSSet:  1,
-	}
-
-	actual, err := client.CreateCustomNameservers(
-		context.Background(),
-		AccountIdentifier(testAccountID),
-		CreateCustomNameserversParams{
-			NSName: "ns1.example.com",
-			NSSet:  1,
-		},
-	)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccountCustomNameserver_GetEligibleZones(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-    "result": [
-        "example.com",
-        "example2.com",
-        "example3.com"
-    ],
-    "success": true,
-    "errors": [],
-    "messages": []
-}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/custom_ns/availability", handler)
-	want := []string{
-		"example.com",
-		"example2.com",
-		"example3.com",
-	}
-
-	actual, err := client.GetEligibleZonesAccountCustomNameservers(
-		context.Background(),
-		AccountIdentifier(testAccountID),
-		GetEligibleZonesAccountCustomNameserversParams{},
-	)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestAccountCustomNameserver_GetAccountCustomNameserverZoneMetadata(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"ns_set": 1,
-				"enabled": true
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/custom_ns", handler)
-	want := CustomNameserverZoneMetadata{
-		NSSet:   1,
-		Enabled: true,
-	}
-
-	actual, err := client.GetCustomNameserverZoneMetadata(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		GetCustomNameserverZoneMetadataParams{},
-	)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/custom_pages.go b/pkg/cloudflare-go/custom_pages.go
deleted file mode 100644
index ae68d680fd..0000000000
--- a/pkg/cloudflare-go/custom_pages.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// CustomPage represents a custom page configuration.
-type CustomPage struct {
-	CreatedOn      time.Time   `json:"created_on"`
-	ModifiedOn     time.Time   `json:"modified_on"`
-	URL            interface{} `json:"url"`
-	State          string      `json:"state"`
-	RequiredTokens []string    `json:"required_tokens"`
-	PreviewTarget  string      `json:"preview_target"`
-	Description    string      `json:"description"`
-	ID             string      `json:"id"`
-}
-
-// CustomPageResponse represents the response from the custom pages endpoint.
-type CustomPageResponse struct {
-	Response
-	Result []CustomPage `json:"result"`
-}
-
-// CustomPageDetailResponse represents the response from the custom page endpoint.
-type CustomPageDetailResponse struct {
-	Response
-	Result CustomPage `json:"result"`
-}
-
-// CustomPageOptions is used to determine whether or not the operation
-// should take place on an account or zone level based on which is
-// provided to the function.
-//
-// A non-empty value denotes desired use.
-type CustomPageOptions struct {
-	AccountID string
-	ZoneID    string
-}
-
-// CustomPageParameters is used to update a particular custom page with
-// the values provided.
-type CustomPageParameters struct {
-	URL   interface{} `json:"url"`
-	State string      `json:"state"`
-}
-
-// CustomPages lists custom pages for a zone or account.
-//
-// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-list-available-custom-pages
-// Account API reference: https://api.cloudflare.com/#custom-pages-account--list-custom-pages
-func (api *API) CustomPages(ctx context.Context, options *CustomPageOptions) ([]CustomPage, error) {
-	var (
-		pageType, identifier string
-	)
-
-	if options.AccountID == "" && options.ZoneID == "" {
-		return nil, ErrAccountIDOrZoneIDAreRequired
-	}
-
-	if options.AccountID != "" && options.ZoneID != "" {
-		return nil, ErrAccountIDAndZoneIDAreMutuallyExclusive
-	}
-
-	// Should the account ID be defined, treat this as an account level operation.
-	if options.AccountID != "" {
-		pageType = "accounts"
-		identifier = options.AccountID
-	} else {
-		pageType = "zones"
-		identifier = options.ZoneID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_pages", pageType, identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var customPageResponse CustomPageResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return customPageResponse.Result, nil
-}
-
-// CustomPage lists a single custom page based on the ID.
-//
-// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-custom-page-details
-// Account API reference: https://api.cloudflare.com/#custom-pages-account--custom-page-details
-func (api *API) CustomPage(ctx context.Context, options *CustomPageOptions, customPageID string) (CustomPage, error) {
-	var (
-		pageType, identifier string
-	)
-
-	if options.AccountID == "" && options.ZoneID == "" {
-		return CustomPage{}, ErrAccountIDOrZoneIDAreRequired
-	}
-
-	if options.AccountID != "" && options.ZoneID != "" {
-		return CustomPage{}, ErrAccountIDAndZoneIDAreMutuallyExclusive
-	}
-
-	// Should the account ID be defined, treat this as an account level operation.
-	if options.AccountID != "" {
-		pageType = "accounts"
-		identifier = options.AccountID
-	} else {
-		pageType = "zones"
-		identifier = options.ZoneID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_pages/%s", pageType, identifier, customPageID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return CustomPage{}, err
-	}
-
-	var customPageResponse CustomPageDetailResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return CustomPage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return customPageResponse.Result, nil
-}
-
-// UpdateCustomPage updates a single custom page setting.
-//
-// Zone API reference: https://api.cloudflare.com/#custom-pages-for-a-zone-update-custom-page-url
-// Account API reference: https://api.cloudflare.com/#custom-pages-account--update-custom-page
-func (api *API) UpdateCustomPage(ctx context.Context, options *CustomPageOptions, customPageID string, pageParameters CustomPageParameters) (CustomPage, error) {
-	var (
-		pageType, identifier string
-	)
-
-	if options.AccountID == "" && options.ZoneID == "" {
-		return CustomPage{}, ErrAccountIDOrZoneIDAreRequired
-	}
-
-	if options.AccountID != "" && options.ZoneID != "" {
-		return CustomPage{}, ErrAccountIDAndZoneIDAreMutuallyExclusive
-	}
-
-	// Should the account ID be defined, treat this as an account level operation.
-	if options.AccountID != "" {
-		pageType = "accounts"
-		identifier = options.AccountID
-	} else {
-		pageType = "zones"
-		identifier = options.ZoneID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/custom_pages/%s", pageType, identifier, customPageID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, pageParameters)
-	if err != nil {
-		return CustomPage{}, err
-	}
-
-	var customPageResponse CustomPageDetailResponse
-	err = json.Unmarshal(res, &customPageResponse)
-	if err != nil {
-		return CustomPage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return customPageResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/custom_pages_test.go b/pkg/cloudflare-go/custom_pages_test.go
deleted file mode 100644
index a8d28beed9..0000000000
--- a/pkg/cloudflare-go/custom_pages_test.go
+++ /dev/null
@@ -1,351 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var timestamp, _ = time.Parse(time.RFC3339Nano, "2014-01-01T05:20:00.12345Z")
-var expectedCustomPage = CustomPage{
-	ID:             "basic_challenge",
-	CreatedOn:      timestamp,
-	ModifiedOn:     timestamp,
-	URL:            "http://www.example.com",
-	State:          "default",
-	RequiredTokens: []string{"::CAPTCHA_BOX::"},
-	PreviewTarget:  "preview:target",
-	Description:    "Basic challenge",
-}
-var updatedCustomPage = CustomPage{
-	ID:             "basic_challenge",
-	CreatedOn:      timestamp,
-	ModifiedOn:     timestamp,
-	URL:            "https://mytestexample.com",
-	State:          "customized",
-	RequiredTokens: []string{"::CAPTCHA_BOX::"},
-	PreviewTarget:  "preview:target",
-	Description:    "Basic challenge",
-}
-var defaultCustomPage = CustomPage{
-	ID:             "basic_challenge",
-	CreatedOn:      timestamp,
-	ModifiedOn:     timestamp,
-	URL:            nil,
-	State:          "default",
-	RequiredTokens: []string{"::CAPTCHA_BOX::"},
-	PreviewTarget:  "preview:target",
-	Description:    "Basic challenge",
-}
-
-func TestCustomPagesWithoutZoneIDOrAccountID(t *testing.T) {
-	_, err := client.CustomPages(context.Background(), &CustomPageOptions{})
-	assert.EqualError(t, err, "either account ID or zone ID must be provided")
-}
-
-func TestCustomPagesWithZoneIDAndAccountID(t *testing.T) {
-	_, err := client.CustomPages(context.Background(), &CustomPageOptions{ZoneID: "abc123", AccountID: "321cba"})
-	assert.EqualError(t, err, "account ID and zone ID are mutually exclusive")
-}
-
-func TestCustomPagesForZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "basic_challenge",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"modified_on": "2014-01-01T05:20:00.12345Z",
-					"url": "http://www.example.com",
-					"state": "default",
-					"required_tokens": [
-						"::CAPTCHA_BOX::"
-					],
-					"preview_target": "preview:target",
-					"description": "Basic challenge"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages", handler)
-	want := []CustomPage{expectedCustomPage}
-
-	pages, err := client.CustomPages(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, pages)
-	}
-}
-
-func TestCustomPagesForAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "basic_challenge",
-					"created_on": "2014-01-01T05:20:00.12345Z",
-					"modified_on": "2014-01-01T05:20:00.12345Z",
-					"url": "http://www.example.com",
-					"state": "default",
-					"required_tokens": [
-						"::CAPTCHA_BOX::"
-					],
-					"preview_target": "preview:target",
-					"description": "Basic challenge"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages", handler)
-	want := []CustomPage{expectedCustomPage}
-
-	pages, err := client.CustomPages(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, pages)
-	}
-}
-
-func TestCustomPageForZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "basic_challenge",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"url": "http://www.example.com",
-				"state": "default",
-				"required_tokens": [
-					"::CAPTCHA_BOX::"
-				],
-				"preview_target": "preview:target",
-				"description": "Basic challenge"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
-
-	page, err := client.CustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedCustomPage, page)
-	}
-}
-
-func TestCustomPageForAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "basic_challenge",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"url": "http://www.example.com",
-				"state": "default",
-				"required_tokens": [
-					"::CAPTCHA_BOX::"
-				],
-				"preview_target": "preview:target",
-				"description": "Basic challenge"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages/basic_challenge", handler)
-
-	page, err := client.CustomPage(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"}, "basic_challenge")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedCustomPage, page)
-	}
-}
-
-func TestUpdateCustomPagesForAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "basic_challenge",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"url": "https://mytestexample.com",
-				"state": "customized",
-				"required_tokens": [
-					"::CAPTCHA_BOX::"
-				],
-				"preview_target": "preview:target",
-				"description": "Basic challenge"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/custom_pages/basic_challenge", handler)
-	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{AccountID: "01a7362d577a6c3019a474fd6f485823"}, "basic_challenge", CustomPageParameters{URL: "https://mytestexample.com", State: "customized"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, updatedCustomPage, actual)
-	}
-}
-
-func TestUpdateCustomPagesForZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "basic_challenge",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"url": "https://mytestexample.com",
-				"state": "customized",
-				"required_tokens": [
-					"::CAPTCHA_BOX::"
-				],
-				"preview_target": "preview:target",
-				"description": "Basic challenge"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
-	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge", CustomPageParameters{URL: "https://mytestexample.com", State: "customized"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, updatedCustomPage, actual)
-	}
-}
-
-func TestUpdateCustomPagesToDefault(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-			"result":{
-				"id":"basic_challenge",
-				"description":"Basic challenge",
-				"required_tokens":[
-					"::CAPTCHA_BOX::"
-				],
-				"preview_target":"preview:target",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"url":null,
-				"state":"default"
-			},
-			"success":true,
-			"errors":[],
-			"messages":[]
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d992d6de698eaf2d8cf8fd53b89b18a4/custom_pages/basic_challenge", handler)
-	actual, err := client.UpdateCustomPage(context.Background(), &CustomPageOptions{ZoneID: "d992d6de698eaf2d8cf8fd53b89b18a4"}, "basic_challenge", CustomPageParameters{URL: nil, State: "default"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, defaultCustomPage, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/d1.go b/pkg/cloudflare-go/d1.go
deleted file mode 100644
index 08a3ecc51f..0000000000
--- a/pkg/cloudflare-go/d1.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingDatabaseID = fmt.Errorf("required missing database ID")
-)
-
-type D1Database struct {
-	Name      string     `json:"name"`
-	NumTables int        `json:"num_tables"`
-	UUID      string     `json:"uuid"`
-	Version   string     `json:"version"`
-	CreatedAt *time.Time `json:"created_at"`
-	FileSize  int64      `json:"file_size"`
-}
-
-type ListD1DatabasesParams struct {
-	Name string `url:"name,omitempty"`
-	ResultInfo
-}
-
-type ListD1Response struct {
-	Result []D1Database `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type CreateD1DatabaseParams struct {
-	Name string `json:"name"`
-}
-
-type D1DatabaseResponse struct {
-	Result D1Database `json:"result"`
-	Response
-}
-
-type QueryD1DatabaseParams struct {
-	DatabaseID string   `json:"-"`
-	SQL        string   `json:"sql"`
-	Parameters []string `json:"params"`
-}
-
-type D1DatabaseMetadata struct {
-	ChangedDB   *bool   `json:"changed_db,omitempty"`
-	Changes     int     `json:"changes"`
-	Duration    float64 `json:"duration"`
-	LastRowID   int     `json:"last_row_id"`
-	RowsRead    int     `json:"rows_read"`
-	RowsWritten int     `json:"rows_written"`
-	SizeAfter   int     `json:"size_after"`
-}
-
-type D1Result struct {
-	Success *bool              `json:"success"`
-	Results []map[string]any   `json:"results"`
-	Meta    D1DatabaseMetadata `json:"meta"`
-}
-
-type QueryD1Response struct {
-	Result []D1Result `json:"result"`
-	Response
-}
-
-// ListD1Databases returns all databases for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-list-databases
-func (api *API) ListD1Databases(ctx context.Context, rc *ResourceContainer, params ListD1DatabasesParams) ([]D1Database, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []D1Database{}, &ResultInfo{}, ErrMissingAccountID
-	}
-	baseURL := fmt.Sprintf("/accounts/%s/d1/database", rc.Identifier)
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 100
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-	var databases []D1Database
-	var r ListD1Response
-	for {
-		uri := buildURI(baseURL, params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []D1Database{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []D1Database{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		databases = append(databases, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return databases, &r.ResultInfo, nil
-}
-
-// CreateD1Database creates a new database for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-create-database
-func (api *API) CreateD1Database(ctx context.Context, rc *ResourceContainer, params CreateD1DatabaseParams) (D1Database, error) {
-	if rc.Identifier == "" {
-		return D1Database{}, ErrMissingAccountID
-	}
-	uri := fmt.Sprintf("/accounts/%s/d1/database", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return D1Database{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r D1DatabaseResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return D1Database{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteD1Database deletes a database for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-delete-database
-func (api *API) DeleteD1Database(ctx context.Context, rc *ResourceContainer, databaseID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-	if databaseID == "" {
-		return ErrMissingDatabaseID
-	}
-	uri := fmt.Sprintf("/accounts/%s/d1/database/%s", rc.Identifier, databaseID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-	return nil
-}
-
-// GetD1Database returns a database for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-get-database
-func (api *API) GetD1Database(ctx context.Context, rc *ResourceContainer, databaseID string) (D1Database, error) {
-	if rc.Identifier == "" {
-		return D1Database{}, ErrMissingAccountID
-	}
-	uri := fmt.Sprintf("/accounts/%s/d1/database/%s", rc.Identifier, databaseID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return D1Database{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r D1DatabaseResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return D1Database{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// QueryD1Database queries a database for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/cloudflare-d1-query-database
-func (api *API) QueryD1Database(ctx context.Context, rc *ResourceContainer, params QueryD1DatabaseParams) ([]D1Result, error) {
-	if rc.Identifier == "" {
-		return []D1Result{}, ErrMissingAccountID
-	}
-	if params.DatabaseID == "" {
-		return []D1Result{}, ErrMissingDatabaseID
-	}
-	uri := fmt.Sprintf("/accounts/%s/d1/database/%s/query", rc.Identifier, params.DatabaseID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return []D1Result{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueryD1Response
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []D1Result{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/d1_test.go b/pkg/cloudflare-go/d1_test.go
deleted file mode 100644
index 1f3c5399ae..0000000000
--- a/pkg/cloudflare-go/d1_test.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testD1DatabaseID = "480f4f691a284fdd92401ed29f0ac1df"
-	testD1Result     = `{
-		  "created_at": "2014-01-01T05:20:00.12345Z",
-		  "name": "my-database",
-		  "uuid": "480f4f691a284fdd92401ed29f0ac1df",
-		  "version": "beta",
-		  "num_tables": 1,
-		  "file_size": 100
-		}
-`
-)
-
-var (
-	d1CreatedAt, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	testD1Database = D1Database{
-		Name:      "my-database",
-		NumTables: 1,
-		UUID:      testD1DatabaseID,
-		Version:   "beta",
-		CreatedAt: &d1CreatedAt,
-		FileSize:  100,
-	}
-)
-
-func TestListD1Databases(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": [
-                %s
-            ],
-            "result_info": {
-                "page": 1,
-                "per_page": 100,
-                "count": 1,
-                "total_count": 1
-            }
-        }`, testD1Result)
-	})
-
-	_, _, err := client.ListD1Databases(context.Background(), AccountIdentifier(""), ListD1DatabasesParams{})
-	if assert.Error(t, err, "Didn't get error for missing Account ID get listing D1 Database") {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-	actual, _, err := client.ListD1Databases(context.Background(), testAccountRC, ListD1DatabasesParams{})
-	if assert.NoError(t, err, "ListD1Databases returned error: %v", err) {
-		expected := []D1Database{testD1Database}
-		if !assert.Equal(t, expected, actual) {
-			t.Errorf("ListD1Databases returned %+v, expected %+v", actual, expected)
-		}
-	}
-}
-
-func TestGetD1Databases(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": %s
-        }`, testD1Result)
-	})
-
-	_, err := client.GetD1Database(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err, "Didn't get error for missing Account ID get getting D1 Database") {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-	actual, err := client.GetD1Database(context.Background(), testAccountRC, testD1DatabaseID)
-	if assert.NoError(t, err, "GetD1Database returned error: %v", err) {
-		if !assert.Equal(t, testD1Database, actual) {
-			t.Errorf("GetD1Database returned %+v, expected %+v", actual, testD1Database)
-		}
-	}
-}
-
-func TestCreateD1Database(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testD1Result)
-	})
-
-	_, err := client.CreateD1Database(context.Background(), AccountIdentifier(""), CreateD1DatabaseParams{})
-	if assert.Error(t, err, "Didn't get error for missing Account ID get creating D1 Database") {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-	actual, err := client.CreateD1Database(context.Background(), testAccountRC, CreateD1DatabaseParams{
-		Name: "my-database",
-	})
-	if assert.NoError(t, err, "CreateD1Database returned error: %v", err) {
-		if !assert.Equal(t, testD1Database, actual) {
-			t.Errorf("CreateD1Database returned %+v, expected %+v", actual, testD1Database)
-		}
-	}
-}
-
-func TestDeleteD1Database(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	})
-
-	err := client.DeleteD1Database(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err, "Didn't get error for missing Account ID get deleting D1 Database") {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-	err = client.DeleteD1Database(context.Background(), testAccountRC, testD1DatabaseID)
-	assert.NoError(t, err, "DeleteD1Database returned error: %v", err)
-}
-
-func TestQueryD1Database(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/d1/database/"+testD1DatabaseID+"/query", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		if err != nil {
-			t.Errorf("Error reading request body: %v", err)
-		}
-		if got := string(b); got != `{"sql":"SELECT * FROM my-database","params":["param1","param2"]}` {
-			t.Errorf("request Body is %s, want %s", got, `{"sql":"SELECT * FROM my-database","params":["param1","param2"]}`)
-		}
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"success": true,
-					"meta": {
-						"changed_db": false,
-						"changes": 0,
-						"duration": 3.3,
-						"last_row_id": 3,
-						"rows_read": 3,
-						"rows_written": 0,
-						"size_after": 10
-					},
-					"results": [
-						{
-							"id": 1,
-							"name": "test user"
-						},
-						{
-							"id": 2,
-							"name": "test user 2"
-						}
-					]
-				}
-			]
-		}`)
-	})
-
-	_, err := client.QueryD1Database(context.Background(), AccountIdentifier(""), QueryD1DatabaseParams{})
-	if assert.Error(t, err, "Didn't get error for missing Account ID get querying D1 Database") {
-		assert.Equal(t, err, ErrMissingAccountID)
-	}
-	_, err = client.QueryD1Database(context.Background(), testAccountRC, QueryD1DatabaseParams{})
-	if assert.Error(t, err, "Didn't get error for missing D1 Database ID get querying D1 Database") {
-		assert.Equal(t, err, ErrMissingDatabaseID)
-	}
-	actual, err := client.QueryD1Database(context.Background(), testAccountRC, QueryD1DatabaseParams{
-		DatabaseID: testD1DatabaseID,
-		SQL:        "SELECT * FROM my-database",
-		Parameters: []string{"param1", "param2"},
-	})
-	if assert.NoError(t, err, "QueryD1Database returned error: %v", err) {
-		expected := D1Result{
-			Success: BoolPtr(true),
-			Meta: D1DatabaseMetadata{
-				ChangedDB:   BoolPtr(false),
-				Changes:     0,
-				Duration:    3.3,
-				LastRowID:   3,
-				RowsRead:    3,
-				RowsWritten: 0,
-				SizeAfter:   10,
-			},
-			Results: []map[string]any{
-				{
-					"id":   float64(1),
-					"name": "test user",
-				},
-				{
-					"id":   float64(2),
-					"name": "test user 2",
-				},
-			},
-		}
-		if !assert.Equal(t, expected, actual[0]) {
-			t.Errorf("QueryD1Database returned %+v, expected %+v", actual, expected)
-		}
-	}
-}
diff --git a/pkg/cloudflare-go/dcv_delegation.go b/pkg/cloudflare-go/dcv_delegation.go
deleted file mode 100644
index db66db2736..0000000000
--- a/pkg/cloudflare-go/dcv_delegation.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type DCVDelegation struct {
-	UUID string `json:"uuid"`
-}
-
-// DCVDelegationResponse represents the response from the dcv_delegation/uuid endpoint.
-type DCVDelegationResponse struct {
-	Result DCVDelegation `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type GetDCVDelegationParams struct{}
-
-// GetDCVDelegation gets a zone DCV Delegation UUID.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/dcv-delegation-uuid-get
-func (api *API) GetDCVDelegation(ctx context.Context, rc *ResourceContainer, params GetDCVDelegationParams) (DCVDelegation, ResultInfo, error) {
-	uri := fmt.Sprintf("/zones/%s/dcv_delegation/uuid", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DCVDelegation{}, ResultInfo{}, err
-	}
-	var dcvResponse DCVDelegationResponse
-	err = json.Unmarshal(res, &dcvResponse)
-	if err != nil {
-		return DCVDelegation{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dcvResponse.Result, dcvResponse.ResultInfo, nil
-}
diff --git a/pkg/cloudflare-go/dcv_delegation_test.go b/pkg/cloudflare-go/dcv_delegation_test.go
deleted file mode 100644
index a7a0350b23..0000000000
--- a/pkg/cloudflare-go/dcv_delegation_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetDCVDelegation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	testUuid := "b9ab465427f949ed"
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	"success" : true,
-	"errors": [],
-	"messages": [],
-	"result": {
-		"uuid": "%s"
-	}
-}
-		`, testUuid)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dcv_delegation/uuid", handler)
-
-	want := DCVDelegation{
-		UUID: testUuid,
-	}
-
-	actual, _, err := client.GetDCVDelegation(context.Background(), ZoneIdentifier(testZoneID), GetDCVDelegationParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/device_posture_rule.go b/pkg/cloudflare-go/device_posture_rule.go
deleted file mode 100644
index 4768b77048..0000000000
--- a/pkg/cloudflare-go/device_posture_rule.go
+++ /dev/null
@@ -1,331 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// DevicePostureIntegrationConfig contains authentication information
-// for a device posture integration.
-type DevicePostureIntegrationConfig struct {
-	ClientID           string `json:"client_id,omitempty"`
-	ClientSecret       string `json:"client_secret,omitempty"`
-	AuthUrl            string `json:"auth_url,omitempty"`
-	ApiUrl             string `json:"api_url,omitempty"`
-	ClientKey          string `json:"client_key,omitempty"`
-	CustomerID         string `json:"customer_id,omitempty"`
-	AccessClientID     string `json:"access_client_id,omitempty"`
-	AccessClientSecret string `json:"access_client_secret,omitempty"`
-}
-
-// DevicePostureIntegration represents a device posture integration.
-type DevicePostureIntegration struct {
-	IntegrationID string                         `json:"id,omitempty"`
-	Name          string                         `json:"name,omitempty"`
-	Type          string                         `json:"type,omitempty"`
-	Interval      string                         `json:"interval,omitempty"`
-	Config        DevicePostureIntegrationConfig `json:"config,omitempty"`
-}
-
-// DevicePostureIntegrationResponse represents the response from the get
-// device posture integrations endpoint.
-type DevicePostureIntegrationResponse struct {
-	Result DevicePostureIntegration `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// DevicePostureIntegrationListResponse represents the response from the list
-// device posture integrations endpoint.
-type DevicePostureIntegrationListResponse struct {
-	Result []DevicePostureIntegration `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// CreateDevicePostureIntegration creates a device posture integration within an account.
-//
-// API reference: https://api.cloudflare.com/#device-posture-integrations-create-device-posture-integration
-func (api *API) CreateDevicePostureIntegration(ctx context.Context, accountID string, integration DevicePostureIntegration) (DevicePostureIntegration, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture/integration", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, integration)
-	if err != nil {
-		fmt.Printf("err:%+v res:%+v\n", err, res)
-		return DevicePostureIntegration{}, err
-	}
-
-	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
-	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
-	if err != nil {
-		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureIntegrationResponse.Result, nil
-}
-
-// UpdateDevicePostureIntegration updates a device posture integration within an account.
-//
-// API reference: https://api.cloudflare.com/#device-posture-integrations-update-device-posture-integration
-func (api *API) UpdateDevicePostureIntegration(ctx context.Context, accountID string, integration DevicePostureIntegration) (DevicePostureIntegration, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture/integration/%s", AccountRouteRoot, accountID, integration.IntegrationID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, integration)
-	if err != nil {
-		return DevicePostureIntegration{}, err
-	}
-
-	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
-	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
-	if err != nil {
-		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureIntegrationResponse.Result, nil
-}
-
-// DevicePostureIntegration returns a specific device posture integrations within an account.
-//
-// API reference: https://api.cloudflare.com/#device-posture-integrations-device-posture-integration-details
-func (api *API) DevicePostureIntegration(ctx context.Context, accountID, integrationID string) (DevicePostureIntegration, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture/integration/%s", AccountRouteRoot, accountID, integrationID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DevicePostureIntegration{}, err
-	}
-
-	var devicePostureIntegrationResponse DevicePostureIntegrationResponse
-	err = json.Unmarshal(res, &devicePostureIntegrationResponse)
-	if err != nil {
-		return DevicePostureIntegration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureIntegrationResponse.Result, nil
-}
-
-// DevicePostureIntegrations returns all device posture integrations within an account.
-//
-// API reference: https://api.cloudflare.com/#device-posture-integrations-list-device-posture-integrations
-func (api *API) DevicePostureIntegrations(ctx context.Context, accountID string) ([]DevicePostureIntegration, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture/integration", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DevicePostureIntegration{}, ResultInfo{}, err
-	}
-
-	var devicePostureIntegrationListResponse DevicePostureIntegrationListResponse
-	err = json.Unmarshal(res, &devicePostureIntegrationListResponse)
-	if err != nil {
-		return []DevicePostureIntegration{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureIntegrationListResponse.Result, devicePostureIntegrationListResponse.ResultInfo, nil
-}
-
-// DeleteDevicePostureIntegration deletes a device posture integration.
-//
-// API reference: https://api.cloudflare.com/#device-posture-integrations-delete-device-posture-integration
-func (api *API) DeleteDevicePostureIntegration(ctx context.Context, accountID, ruleID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/devices/posture/integration/%s",
-		AccountRouteRoot,
-		accountID,
-		ruleID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// DevicePostureRule represents a device posture rule.
-type DevicePostureRule struct {
-	ID          string                   `json:"id,omitempty"`
-	Type        string                   `json:"type"`
-	Name        string                   `json:"name"`
-	Description string                   `json:"description,omitempty"`
-	Schedule    string                   `json:"schedule,omitempty"`
-	Match       []DevicePostureRuleMatch `json:"match,omitempty"`
-	Input       DevicePostureRuleInput   `json:"input,omitempty"`
-	Expiration  string                   `json:"expiration,omitempty"`
-}
-
-// DevicePostureRuleMatch represents the conditions that the client must match to run the rule.
-type DevicePostureRuleMatch struct {
-	Platform string `json:"platform,omitempty"`
-}
-
-// DevicePostureRuleInput represents the value to be checked against.
-type DevicePostureRuleInput struct {
-	ID               string   `json:"id,omitempty"`
-	Path             string   `json:"path,omitempty"`
-	Exists           bool     `json:"exists,omitempty"`
-	Thumbprint       string   `json:"thumbprint,omitempty"`
-	Sha256           string   `json:"sha256,omitempty"`
-	Running          bool     `json:"running,omitempty"`
-	RequireAll       bool     `json:"requireAll,omitempty"`
-	CheckDisks       []string `json:"checkDisks,omitempty"`
-	Enabled          bool     `json:"enabled,omitempty"`
-	Version          string   `json:"version,omitempty"`
-	VersionOperator  string   `json:"versionOperator,omitempty"`
-	Overall          string   `json:"overall,omitempty"`
-	SensorConfig     string   `json:"sensor_config,omitempty"`
-	Os               string   `json:"os,omitempty"`
-	OsDistroName     string   `json:"os_distro_name,omitempty"`
-	OsDistroRevision string   `json:"os_distro_revision,omitempty"`
-	OSVersionExtra   string   `json:"os_version_extra,omitempty"`
-	Operator         string   `json:"operator,omitempty"`
-	Domain           string   `json:"domain,omitempty"`
-	ComplianceStatus string   `json:"compliance_status,omitempty"`
-	ConnectionID     string   `json:"connection_id,omitempty"`
-	IssueCount       string   `json:"issue_count,omitempty"`
-	CountOperator    string   `json:"countOperator,omitempty"`
-	TotalScore       int      `json:"total_score,omitempty"`
-	ScoreOperator    string   `json:"scoreOperator,omitempty"`
-	CertificateID    string   `json:"certificate_id,omitempty"`
-	CommonName       string   `json:"cn,omitempty"`
-	ActiveThreats    int      `json:"active_threats,omitempty"`
-	NetworkStatus    string   `json:"network_status,omitempty"`
-	Infected         bool     `json:"infected,omitempty"`
-	IsActive         bool     `json:"is_active,omitempty"`
-	EidLastSeen      string   `json:"eid_last_seen,omitempty"`
-	RiskLevel        string   `json:"risk_level,omitempty"`
-	State            string   `json:"state,omitempty"`
-	LastSeen         string   `json:"last_seen,omitempty"`
-}
-
-// DevicePostureRuleListResponse represents the response from the list
-// device posture rules endpoint.
-type DevicePostureRuleListResponse struct {
-	Result []DevicePostureRule `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// DevicePostureRuleDetailResponse is the API response, containing a single
-// device posture rule.
-type DevicePostureRuleDetailResponse struct {
-	Response
-	Result DevicePostureRule `json:"result"`
-}
-
-// DevicePostureRules returns all device posture rules within an account.
-//
-// API reference: https://api.cloudflare.com/#device-posture-rules-list-device-posture-rules
-func (api *API) DevicePostureRules(ctx context.Context, accountID string) ([]DevicePostureRule, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DevicePostureRule{}, ResultInfo{}, err
-	}
-
-	var devicePostureRuleListResponse DevicePostureRuleListResponse
-	err = json.Unmarshal(res, &devicePostureRuleListResponse)
-	if err != nil {
-		return []DevicePostureRule{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureRuleListResponse.Result, devicePostureRuleListResponse.ResultInfo, nil
-}
-
-// DevicePostureRule returns a single device posture rule based on the rule ID.
-//
-// API reference: https://api.cloudflare.com/#device-posture-rules-device-posture-rules-details
-func (api *API) DevicePostureRule(ctx context.Context, accountID, ruleID string) (DevicePostureRule, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/devices/posture/%s",
-		AccountRouteRoot,
-		accountID,
-		ruleID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DevicePostureRule{}, err
-	}
-
-	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
-	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
-	if err != nil {
-		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureRuleDetailResponse.Result, nil
-}
-
-// CreateDevicePostureRule creates a new device posture rule.
-//
-// API reference: https://api.cloudflare.com/#device-posture-rules-create-device-posture-rule
-func (api *API) CreateDevicePostureRule(ctx context.Context, accountID string, rule DevicePostureRule) (DevicePostureRule, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/posture", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
-	if err != nil {
-		return DevicePostureRule{}, err
-	}
-
-	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
-	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
-	if err != nil {
-		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureRuleDetailResponse.Result, nil
-}
-
-// UpdateDevicePostureRule updates an existing device posture rule.
-//
-// API reference: https://api.cloudflare.com/#device-posture-rules-update-device-posture-rule
-func (api *API) UpdateDevicePostureRule(ctx context.Context, accountID string, rule DevicePostureRule) (DevicePostureRule, error) {
-	if rule.ID == "" {
-		return DevicePostureRule{}, fmt.Errorf("device posture rule ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/devices/posture/%s",
-		AccountRouteRoot,
-		accountID,
-		rule.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
-	if err != nil {
-		return DevicePostureRule{}, err
-	}
-
-	var devicePostureRuleDetailResponse DevicePostureRuleDetailResponse
-	err = json.Unmarshal(res, &devicePostureRuleDetailResponse)
-	if err != nil {
-		return DevicePostureRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return devicePostureRuleDetailResponse.Result, nil
-}
-
-// DeleteDevicePostureRule deletes a device posture rule.
-//
-// API reference: https://api.cloudflare.com/#device-posture-rules-delete-device-posture-rule
-func (api *API) DeleteDevicePostureRule(ctx context.Context, accountID, ruleID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/devices/posture/%s",
-		AccountRouteRoot,
-		accountID,
-		ruleID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/device_posture_rule_test.go b/pkg/cloudflare-go/device_posture_rule_test.go
deleted file mode 100644
index b9b72b2b82..0000000000
--- a/pkg/cloudflare-go/device_posture_rule_test.go
+++ /dev/null
@@ -1,788 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDevicePostureIntegrations(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-					"interval": "1h",
-					"type": "workspace_one",
-					"name": "My integration name",
-					"config": {
-						"auth_url":      "https://auth_url.example.com",
-						"api_url":       "https://api_url.example.com",
-						"client_id":     "test_client_id",
-						"client_secret": "test_client_secret",
-						"customer_id":   "test_customer_id",
-						"client_key": 	 "test_client_key"
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	want := []DevicePostureIntegration{{
-		IntegrationID: "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:          "My integration name",
-		Type:          "workspace_one",
-		Interval:      "1h",
-		Config: DevicePostureIntegrationConfig{
-			AuthUrl:      "https://auth_url.example.com",
-			ApiUrl:       "https://api_url.example.com",
-			ClientID:     "test_client_id",
-			ClientSecret: "test_client_secret",
-			CustomerID:   "test_customer_id",
-			ClientKey:    "test_client_key",
-		},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
-
-	actual, _, err := client.DevicePostureIntegrations(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureIntegration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"interval": "1h",
-				"type": "workspace_one",
-				"name": "My integration name",
-				"config": {
-					"auth_url":      "https://auth_url.example.com",
-					"api_url":       "https://api_url.example.com",
-					"client_id":     "test_client_id",
-					"client_secret": "test_client_secret",
-					"customer_id":   "test_customer_id",
-					"client_key": 	 "test_client_key"
-				}
-			}
-		}`, id)
-	}
-
-	want := DevicePostureIntegration{
-		IntegrationID: id,
-		Name:          "My integration name",
-		Type:          "workspace_one",
-		Interval:      "1h",
-		Config: DevicePostureIntegrationConfig{
-			AuthUrl:      "https://auth_url.example.com",
-			ApiUrl:       "https://api_url.example.com",
-			ClientID:     "test_client_id",
-			ClientSecret: "test_client_secret",
-			CustomerID:   "test_customer_id",
-			ClientKey:    "test_client_key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
-
-	actual, err := client.DevicePostureIntegration(context.Background(), testAccountID, id)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureIntegrationUpdate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"interval": "1h",
-				"type": "workspace_one",
-				"name": "My integration name",
-				"config": {
-					"auth_url":      "https://auth_url.example.com",
-					"api_url":       "https://api_url.example.com",
-					"client_id":     "test_client_id",
-					"client_secret": "test_client_secret",
-					"customer_id":   "test_customer_id",
-					"client_key": 	 "test_client_key"
-				}
-			}
-		}`, id)
-	}
-
-	want := DevicePostureIntegration{
-		IntegrationID: id,
-		Name:          "My integration name",
-		Type:          "workspace_one",
-		Interval:      "1h",
-		Config: DevicePostureIntegrationConfig{
-			AuthUrl:      "https://auth_url.example.com",
-			ApiUrl:       "https://api_url.example.com",
-			ClientID:     "test_client_id",
-			ClientSecret: "test_client_secret",
-			CustomerID:   "test_customer_id",
-			ClientKey:    "test_client_key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
-
-	actual, err := client.UpdateDevicePostureIntegration(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureIntegrationCreate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"interval": "1h",
-				"type": "workspace_one",
-				"name": "My integration name",
-				"config": {
-					"auth_url":      "https://auth_url.example.com",
-					"api_url":       "https://api_url.example.com",
-					"client_id":     "test_client_id",
-					"client_secret": "test_client_secret",
-					"customer_id":   "test_customer_id",
-					"client_key": 	 "test_client_key"
-				}
-			}
-		}`, id)
-	}
-
-	want := DevicePostureIntegration{
-		IntegrationID: id,
-		Name:          "My integration name",
-		Type:          "workspace_one",
-		Interval:      "1h",
-		Config: DevicePostureIntegrationConfig{
-			AuthUrl:      "https://auth_url.example.com",
-			ApiUrl:       "https://api_url.example.com",
-			ClientID:     "test_client_id",
-			ClientSecret: "test_client_secret",
-			CustomerID:   "test_customer_id",
-			ClientKey:    "test_client_key",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
-
-	actual, err := client.CreateDevicePostureIntegration(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureIntegrationTaniumCreate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"interval": "1h",
-				"type": "tanium_s2s",
-				"name": "My Tanium integration",
-				"config": {
-					"api_url":              "https://api_url.example.com",
-					"client_secret":        "test_client_secret",
-					"access_client_id":     "test_access_client_id",
-					"access_client_secret": "test_access_client_secret"
-				}
-			}
-		}`, id)
-	}
-
-	want := DevicePostureIntegration{
-		IntegrationID: id,
-		Name:          "My Tanium integration",
-		Type:          "tanium_s2s",
-		Interval:      "1h",
-		Config: DevicePostureIntegrationConfig{
-			ApiUrl:             "https://api_url.example.com",
-			ClientSecret:       "test_client_secret",
-			AccessClientID:     "test_access_client_id",
-			AccessClientSecret: "test_access_client_secret",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration", handler)
-
-	actual, err := client.CreateDevicePostureIntegration(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureIntegrationDelete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": null
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/integration/"+id, handler)
-
-	err := client.DeleteDevicePostureIntegration(context.Background(), testAccountID, id)
-	assert.NoError(t, err)
-}
-
-func TestDevicePostureRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-					"schedule": "1h",
-					"type": "file",
-					"name": "My rule name",
-					"description": "My description",
-					"expiration": "1h",
-					"match": [
-						{
-							"platform": "ios"
-						}
-					],
-					"input": {
-						"id": "9e597887-345e-4a32-a09c-68811b129768",
-						"path": "/tmp/data.zta",
-						"exists": true,
-						"thumbprint": "asdfasdfasdfasdf",
-						"sha256": "D75398FC796D659DEB4170569DCFEC63E3897C71E3AE8642FD3139A554AEE21E",
-						"running": true
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	want := []DevicePostureRule{{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "file",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input: DevicePostureRuleInput{
-			ID:         "9e597887-345e-4a32-a09c-68811b129768",
-			Path:       "/tmp/data.zta",
-			Exists:     true,
-			Thumbprint: "asdfasdfasdfasdf",
-			Sha256:     "D75398FC796D659DEB4170569DCFEC63E3897C71E3AE8642FD3139A554AEE21E",
-			Running:    true,
-		},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture", handler)
-
-	actual, _, err := client.DevicePostureRules(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureFileRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "file",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"path": "/tmp/test",
-					"exists": true,
-					"sha256": "42b4daec3962691f5893a966245e5ea30f9f8df7254e7b7af43a171e3e29c857"
-				}
-			}
-		}
-		`)
-	}
-
-	want := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "file",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input: DevicePostureRuleInput{
-			Path:   "/tmp/test",
-			Exists: true,
-			Sha256: "42b4daec3962691f5893a966245e5ea30f9f8df7254e7b7af43a171e3e29c857",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureDiskEncryptionRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "disk_encryption",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"requireAll": true,
-					"checkDisks": ["C", "D"]
-				}
-			}
-		}
-		`)
-	}
-
-	want := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "disk_encryption",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input: DevicePostureRuleInput{
-			RequireAll: true,
-			CheckDisks: []string{"C", "D"},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureOsVersionRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "os_version",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"version": "10.0.1",
-					"operator": ">="
-				}
-			}
-		}
-		`)
-	}
-
-	want := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "os_version",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input: DevicePostureRuleInput{
-			Version:  "10.0.1",
-			Operator: ">=",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureDomainJoinedRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "domain_joined",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"domain": "example.com"
-				}
-			}
-		}
-		`)
-	}
-
-	want := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "domain_joined",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input: DevicePostureRuleInput{
-			Domain: "example.com",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDevicePostureClientCertificateRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "client_certificate",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "windows"
-					}
-				],
-				"input": {
-					"certificate_id": "d2c04b78-3ba2-4294-8efa-4e85aef0777f",
-					"cn": "example.com"
-				}
-			}
-		}
-		`)
-	}
-
-	want := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "client_certificate",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "windows"}},
-		Input: DevicePostureRuleInput{
-			CertificateID: "d2c04b78-3ba2-4294-8efa-4e85aef0777f",
-			CommonName:    "example.com",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.DevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateDevicePostureRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "file",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"id": "9e597887-345e-4a32-a09c-68811b129768"
-				}
-			}
-		}
-		`)
-	}
-
-	rule := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "file",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture", handler)
-
-	actual, err := client.CreateDevicePostureRule(context.Background(), testAccountID, DevicePostureRule{
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "file",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, rule, actual)
-	}
-}
-
-func TestUpdateDevicePostureRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"schedule": "1h",
-				"expiration": "1h",
-				"type": "file",
-				"name": "My rule name",
-				"description": "My description",
-				"match": [
-					{
-						"platform": "ios"
-					}
-				],
-				"input": {
-					"id": "9e597887-345e-4a32-a09c-68811b129768"
-				}
-			}
-		}
-		`)
-	}
-
-	rule := DevicePostureRule{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My rule name",
-		Description: "My description",
-		Type:        "file",
-		Schedule:    "1h",
-		Expiration:  "1h",
-		Match:       []DevicePostureRuleMatch{{Platform: "ios"}},
-		Input:       DevicePostureRuleInput{ID: "9e597887-345e-4a32-a09c-68811b129768"},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.UpdateDevicePostureRule(context.Background(), testAccountID, rule)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, rule, actual)
-	}
-}
-
-func TestUpdateDevicePostureRuleWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateDevicePostureRule(context.Background(), testZoneID, DevicePostureRule{})
-	assert.EqualError(t, err, "device posture rule ID cannot be empty")
-}
-
-func TestDeleteDevicePostureRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-      }
-    }
-    `)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/posture/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err := client.DeleteDevicePostureRule(context.Background(), testAccountID, "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/devices_dex.go b/pkg/cloudflare-go/devices_dex.go
deleted file mode 100644
index 4c9ef5070e..0000000000
--- a/pkg/cloudflare-go/devices_dex.go
+++ /dev/null
@@ -1,174 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type DeviceDexTestData map[string]interface{}
-
-type DeviceDexTest struct {
-	TestID      string             `json:"test_id"`
-	Name        string             `json:"name"`
-	Description string             `json:"description,omitempty"`
-	Interval    string             `json:"interval"`
-	Enabled     bool               `json:"enabled"`
-	Updated     time.Time          `json:"updated"`
-	Created     time.Time          `json:"created"`
-	Data        *DeviceDexTestData `json:"data"`
-}
-
-type DeviceDexTests struct {
-	DexTests []DeviceDexTest `json:"dex_tests"`
-}
-
-type DeviceDexTestResponse struct {
-	Response
-	Result DeviceDexTest `json:"result"`
-}
-
-type DeviceDexTestListResponse struct {
-	Response
-	Result DeviceDexTests `json:"result"`
-}
-
-type ListDeviceDexTestParams struct{}
-
-type CreateDeviceDexTestParams struct {
-	TestID      string             `json:"test_id,omitempty"`
-	Name        string             `json:"name"`
-	Description string             `json:"description,omitempty"`
-	Interval    string             `json:"interval"`
-	Enabled     bool               `json:"enabled"`
-	Data        *DeviceDexTestData `json:"data"`
-}
-
-type UpdateDeviceDexTestParams struct {
-	TestID      string             `json:"test_id,omitempty"`
-	Name        string             `json:"name"`
-	Description string             `json:"description,omitempty"`
-	Interval    string             `json:"interval"`
-	Enabled     bool               `json:"enabled"`
-	Data        *DeviceDexTestData `json:"data"`
-}
-
-// ListDexTests returns all Device Dex Tests for a given account.
-//
-// API reference : https://developers.cloudflare.com/api/operations/device-dex-test-details
-func (api *API) ListDexTests(ctx context.Context, rc *ResourceContainer, params ListDeviceDexTestParams) (DeviceDexTests, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceDexTests{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/dex_tests", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DeviceDexTests{}, err
-	}
-
-	var response DeviceDexTestListResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return DeviceDexTests{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// CreateDeviceDexTest created a new Device Dex Test
-//
-// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-create-device-dex-test
-func (api *API) CreateDeviceDexTest(ctx context.Context, rc *ResourceContainer, params CreateDeviceDexTestParams) (DeviceDexTest, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/dex_tests", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return DeviceDexTest{}, err
-	}
-
-	var deviceDexTestResponse DeviceDexTestResponse
-	if err := json.Unmarshal(res, &deviceDexTestResponse); err != nil {
-		return DeviceDexTest{}, fmt.Errorf("%s: %w\n\nres: %s", errUnmarshalError, err, string(res))
-	}
-
-	return deviceDexTestResponse.Result, err
-}
-
-// UpdateDeviceDexTest Updates a Device Dex Test.
-//
-// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-update-device-dex-test
-func (api *API) UpdateDeviceDexTest(ctx context.Context, rc *ResourceContainer, params UpdateDeviceDexTestParams) (DeviceDexTest, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, params.TestID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return DeviceDexTest{}, err
-	}
-
-	var deviceDexTestsResponse DeviceDexTestResponse
-
-	if err := json.Unmarshal(res, &deviceDexTestsResponse); err != nil {
-		return DeviceDexTest{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return deviceDexTestsResponse.Result, err
-}
-
-// GetDeviceDexTest gets a single Device Dex Test.
-//
-// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-get-device-dex-test
-func (api *API) GetDeviceDexTest(ctx context.Context, rc *ResourceContainer, testID string) (DeviceDexTest, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceDexTest{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, testID)
-
-	deviceDexTestResponse := DeviceDexTestResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DeviceDexTest{}, err
-	}
-
-	if err := json.Unmarshal(res, &deviceDexTestResponse); err != nil {
-		return DeviceDexTest{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return deviceDexTestResponse.Result, err
-}
-
-// DeleteDexTest deletes a Device Dex Test.
-//
-// API reference: https://developers.cloudflare.com/api/operations/device-dex-test-delete-device-dex-test
-func (api *API) DeleteDexTest(ctx context.Context, rc *ResourceContainer, testID string) (DeviceDexTests, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceDexTests{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/dex_tests/%s", rc.Level, rc.Identifier, testID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return DeviceDexTests{}, err
-	}
-
-	var response DeviceDexTestListResponse
-	if err := json.Unmarshal(res, &response); err != nil {
-		return DeviceDexTests{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, err
-}
diff --git a/pkg/cloudflare-go/devices_dex_test.go b/pkg/cloudflare-go/devices_dex_test.go
deleted file mode 100644
index f5901f7916..0000000000
--- a/pkg/cloudflare-go/devices_dex_test.go
+++ /dev/null
@@ -1,283 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testID = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-
-var dexTimestamp, _ = time.Parse(time.RFC3339, "2023-01-30T19:59:44.401278Z")
-
-func TestGetDeviceDexTests(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"dex_tests": [
-					{
-						"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-						"name": "http test dash",
-						"description": "dex test description",
-						"interval": "0h30m0s",
-						"enabled": true,
-						"data": {
-						"host": "https://dash.cloudflare.com",
-						"kind": "http",
-						"method": "GET"
-						},
-						"updated": "2023-01-30T19:59:44.401278Z",
-						"created": "2023-01-30T19:59:44.401278Z"
-					}
-				]
-			}
-		  }`)
-	}
-
-	dexTest := []DeviceDexTest{{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-		Updated: dexTimestamp,
-		Created: dexTimestamp,
-	}}
-
-	want := DeviceDexTests{
-		DexTests: dexTest,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests", handler)
-
-	actual, err := client.ListDexTests(context.Background(), AccountIdentifier(testAccountID), ListDeviceDexTestParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeviceDexTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "http test dash",
-				"description": "dex test description",
-				"interval": "0h30m0s",
-				"enabled": true,
-				"data": {
-				"host": "https://dash.cloudflare.com",
-				"kind": "http",
-				"method": "GET"
-				},
-				"updated": "2023-01-30T19:59:44.401278Z",
-				"created": "2023-01-30T19:59:44.401278Z"
-			}
-		  }`)
-	}
-
-	want := DeviceDexTest{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-		Updated: dexTimestamp,
-		Created: dexTimestamp,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
-
-	actual, err := client.GetDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), testID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateDeviceDexTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "http test dash",
-				"description": "dex test description",
-				"interval": "0h30m0s",
-				"enabled": true,
-				"data": {
-				"host": "https://dash.cloudflare.com",
-				"kind": "http",
-				"method": "GET"
-				},
-				"updated": "2023-01-30T19:59:44.401278Z",
-				"created": "2023-01-30T19:59:44.401278Z"
-			}
-		  }`)
-	}
-
-	want := DeviceDexTest{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-		Updated: dexTimestamp,
-		Created: dexTimestamp,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests", handler)
-
-	actual, err := client.CreateDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), CreateDeviceDexTestParams{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateDeviceDexTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"test_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"name": "http test dash",
-				"description": "dex test description",
-				"interval": "0h30m0s",
-				"enabled": true,
-				"data": {
-				"host": "https://dash.cloudflare.com",
-				"kind": "http",
-				"method": "GET"
-				},
-				"updated": "2023-01-30T19:59:44.401278Z",
-				"created": "2023-01-30T19:59:44.401278Z"
-			}
-		  }`)
-	}
-
-	want := DeviceDexTest{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-		Updated: dexTimestamp,
-		Created: dexTimestamp,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
-
-	actual, err := client.UpdateDeviceDexTest(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceDexTestParams{
-		TestID:      testID,
-		Name:        "http test dash",
-		Description: "dex test description",
-		Interval:    "0h30m0s",
-		Enabled:     true,
-		Data: &DeviceDexTestData{
-			"kind":   "http",
-			"method": "GET",
-			"host":   "https://dash.cloudflare.com",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteDeviceDexTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"dex_tests": []
-			}
-		  }`)
-	}
-
-	want := DeviceDexTests{
-		DexTests: []DeviceDexTest{},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/dex_tests/"+testID, handler)
-
-	actual, err := client.DeleteDexTest(context.Background(), AccountIdentifier(testAccountID), testID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/devices_managed_networks.go b/pkg/cloudflare-go/devices_managed_networks.go
deleted file mode 100644
index 11fc7ea10a..0000000000
--- a/pkg/cloudflare-go/devices_managed_networks.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type Config struct {
-	TlsSockAddr string `json:"tls_sockaddr,omitempty"`
-	Sha256      string `json:"sha256,omitempty"`
-}
-
-type DeviceManagedNetwork struct {
-	NetworkID string  `json:"network_id,omitempty"`
-	Type      string  `json:"type"`
-	Name      string  `json:"name"`
-	Config    *Config `json:"config"`
-}
-
-type DeviceManagedNetworkResponse struct {
-	Response
-	Result DeviceManagedNetwork `json:"result"`
-}
-
-type DeviceManagedNetworkListResponse struct {
-	Response
-	Result []DeviceManagedNetwork `json:"result"`
-}
-
-type ListDeviceManagedNetworksParams struct{}
-
-type CreateDeviceManagedNetworkParams struct {
-	NetworkID string  `json:"network_id,omitempty"`
-	Type      string  `json:"type"`
-	Name      string  `json:"name"`
-	Config    *Config `json:"config"`
-}
-
-type UpdateDeviceManagedNetworkParams struct {
-	NetworkID string  `json:"network_id,omitempty"`
-	Type      string  `json:"type"`
-	Name      string  `json:"name"`
-	Config    *Config `json:"config"`
-}
-
-// ListDeviceManagedNetwork returns all Device Managed Networks for a given
-// account.
-//
-// API reference : https://api.cloudflare.com/#device-managed-networks-list-device-managed-networks
-func (api *API) ListDeviceManagedNetworks(ctx context.Context, rc *ResourceContainer, params ListDeviceManagedNetworksParams) ([]DeviceManagedNetwork, error) {
-	if rc.Level != AccountRouteLevel {
-		return []DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/networks", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DeviceManagedNetwork{}, err
-	}
-
-	var response DeviceManagedNetworkListResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return []DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// CreateDeviceManagedNetwork creates a new Device Managed Network.
-//
-// API reference: https://api.cloudflare.com/#device-managed-networks-create-device-managed-network
-func (api *API) CreateDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, params CreateDeviceManagedNetworkParams) (DeviceManagedNetwork, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/networks", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return DeviceManagedNetwork{}, err
-	}
-
-	var deviceManagedNetworksResponse DeviceManagedNetworkResponse
-	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
-		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return deviceManagedNetworksResponse.Result, err
-}
-
-// UpdateDeviceManagedNetwork Update a Device Managed Network.
-//
-// API reference: https://api.cloudflare.com/#device-managed-networks-update-device-managed-network
-func (api *API) UpdateDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, params UpdateDeviceManagedNetworkParams) (DeviceManagedNetwork, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, params.NetworkID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return DeviceManagedNetwork{}, err
-	}
-
-	var deviceManagedNetworksResponse DeviceManagedNetworkResponse
-
-	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
-		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return deviceManagedNetworksResponse.Result, err
-}
-
-// GetDeviceManagedNetwork gets a single Device Managed Network.
-//
-// API reference: https://api.cloudflare.com/#device-managed-networks-device-managed-network-details
-func (api *API) GetDeviceManagedNetwork(ctx context.Context, rc *ResourceContainer, networkID string) (DeviceManagedNetwork, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, networkID)
-
-	deviceManagedNetworksResponse := DeviceManagedNetworkResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DeviceManagedNetwork{}, err
-	}
-
-	if err := json.Unmarshal(res, &deviceManagedNetworksResponse); err != nil {
-		return DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return deviceManagedNetworksResponse.Result, err
-}
-
-// DeleteManagedNetworks deletes a Device Managed Network.
-//
-// API reference: https://api.cloudflare.com/#device-managed-networks-delete-device-managed-network
-func (api *API) DeleteManagedNetworks(ctx context.Context, rc *ResourceContainer, networkID string) ([]DeviceManagedNetwork, error) {
-	if rc.Level != AccountRouteLevel {
-		return []DeviceManagedNetwork{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/networks/%s", rc.Level, rc.Identifier, networkID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return []DeviceManagedNetwork{}, err
-	}
-
-	var response DeviceManagedNetworkListResponse
-	if err := json.Unmarshal(res, &response); err != nil {
-		return []DeviceManagedNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, err
-}
diff --git a/pkg/cloudflare-go/devices_managed_networks_test.go b/pkg/cloudflare-go/devices_managed_networks_test.go
deleted file mode 100644
index c62c7c6792..0000000000
--- a/pkg/cloudflare-go/devices_managed_networks_test.go
+++ /dev/null
@@ -1,245 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testNetworkID = "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-
-func TestGetDeviceManagedNetworks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"type": "tls",
-				"name": "managed-network-1",
-				"config": {
-				  "tls_sockaddr": "foobar:1234",
-				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
-				}
-			  }
-			]
-		  }`)
-	}
-
-	want := []DeviceManagedNetwork{{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks", handler)
-
-	actual, err := client.ListDeviceManagedNetworks(context.Background(), AccountIdentifier(testAccountID), ListDeviceManagedNetworksParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeviceManagedNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result":
-			  {
-				"network_id": "%s",
-				"type": "tls",
-				"name": "managed-network-1",
-				"config": {
-				  "tls_sockaddr": "foobar:1234",
-				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
-				}
-			  }
-		  }`, testNetworkID)
-	}
-
-	want := DeviceManagedNetwork{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
-
-	actual, err := client.GetDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), testNetworkID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateDeviceManagedNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result":
-			  {
-				"network_id": "%s",
-				"type": "tls",
-				"name": "managed-network-1",
-				"config": {
-				  "tls_sockaddr": "foobar:1234",
-				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
-				}
-			  }
-		  }`, testNetworkID)
-	}
-
-	want := DeviceManagedNetwork{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks", handler)
-
-	actual, err := client.CreateDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), CreateDeviceManagedNetworkParams{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateDeviceManagedNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result":
-			  {
-				"network_id": "%s",
-				"type": "tls",
-				"name": "managed-network-1",
-				"config": {
-				  "tls_sockaddr": "foobar:1234",
-				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
-				}
-			  }
-		  }`, testNetworkID)
-	}
-
-	want := DeviceManagedNetwork{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
-
-	actual, err := client.UpdateDeviceManagedNetwork(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceManagedNetworkParams{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteDeviceManagedNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				"network_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-				"type": "tls",
-				"name": "managed-network-1",
-				"config": {
-				  "tls_sockaddr": "foobar:1234",
-				  "sha256": "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c"
-				}
-			  }
-			]
-		  }`)
-	}
-
-	want := []DeviceManagedNetwork{{
-		NetworkID: testNetworkID,
-		Type:      "tls",
-		Name:      "managed-network-1",
-		Config: &Config{
-			TlsSockAddr: "foobar:1234",
-			Sha256:      "b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c",
-		},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/networks/"+testNetworkID, handler)
-
-	actual, err := client.DeleteManagedNetworks(context.Background(), AccountIdentifier(testAccountID), testNetworkID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/devices_policy.go b/pkg/cloudflare-go/devices_policy.go
deleted file mode 100644
index 1a8b03b9d5..0000000000
--- a/pkg/cloudflare-go/devices_policy.go
+++ /dev/null
@@ -1,377 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type Enabled struct {
-	Enabled bool `json:"enabled"`
-}
-
-// DeviceClientCertificates identifies if the zero trust zone is configured for an account.
-type DeviceClientCertificates struct {
-	Response
-	Result Enabled
-}
-
-type ServiceMode string
-
-const (
-	oneDotOne      ServiceMode = "1dot1"
-	warp           ServiceMode = "warp"
-	proxy          ServiceMode = "proxy"
-	postureOnly    ServiceMode = "posture_only"
-	warpTunnelOnly ServiceMode = "warp_tunnel_only"
-
-	listDeviceSettingsPoliciesDefaultPageSize = 20
-)
-
-type ServiceModeV2 struct {
-	Mode ServiceMode `json:"mode,omitempty"`
-	Port int         `json:"port,omitempty"`
-}
-
-type DeviceSettingsPolicy struct {
-	ServiceModeV2       *ServiceModeV2    `json:"service_mode_v2"`
-	DisableAutoFallback *bool             `json:"disable_auto_fallback"`
-	FallbackDomains     *[]FallbackDomain `json:"fallback_domains"`
-	Include             *[]SplitTunnel    `json:"include"`
-	Exclude             *[]SplitTunnel    `json:"exclude"`
-	GatewayUniqueID     *string           `json:"gateway_unique_id"`
-	SupportURL          *string           `json:"support_url"`
-	CaptivePortal       *int              `json:"captive_portal"`
-	AllowModeSwitch     *bool             `json:"allow_mode_switch"`
-	SwitchLocked        *bool             `json:"switch_locked"`
-	AllowUpdates        *bool             `json:"allow_updates"`
-	AutoConnect         *int              `json:"auto_connect"`
-	AllowedToLeave      *bool             `json:"allowed_to_leave"`
-	PolicyID            *string           `json:"policy_id"`
-	Enabled             *bool             `json:"enabled"`
-	Name                *string           `json:"name"`
-	Match               *string           `json:"match"`
-	Precedence          *int              `json:"precedence"`
-	Default             bool              `json:"default"`
-	ExcludeOfficeIps    *bool             `json:"exclude_office_ips"`
-	Description         *string           `json:"description"`
-	LANAllowMinutes     *uint             `json:"lan_allow_minutes"`
-	LANAllowSubnetSize  *uint             `json:"lan_allow_subnet_size"`
-}
-
-type DeviceSettingsPolicyResponse struct {
-	Response
-	Result DeviceSettingsPolicy
-}
-
-type DeleteDeviceSettingsPolicyResponse struct {
-	Response
-	Result []DeviceSettingsPolicy
-}
-
-type CreateDeviceSettingsPolicyParams struct {
-	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
-	CaptivePortal       *int           `json:"captive_portal,omitempty"`
-	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
-	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
-	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
-	AutoConnect         *int           `json:"auto_connect,omitempty"`
-	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
-	SupportURL          *string        `json:"support_url,omitempty"`
-	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
-	Precedence          *int           `json:"precedence,omitempty"`
-	Name                *string        `json:"name,omitempty"`
-	Match               *string        `json:"match,omitempty"`
-	Enabled             *bool          `json:"enabled,omitempty"`
-	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
-	Description         *string        `json:"description,omitempty"`
-	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
-	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
-}
-
-type UpdateDefaultDeviceSettingsPolicyParams struct {
-	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
-	CaptivePortal       *int           `json:"captive_portal,omitempty"`
-	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
-	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
-	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
-	AutoConnect         *int           `json:"auto_connect,omitempty"`
-	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
-	SupportURL          *string        `json:"support_url,omitempty"`
-	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
-	Precedence          *int           `json:"precedence,omitempty"`
-	Name                *string        `json:"name,omitempty"`
-	Match               *string        `json:"match,omitempty"`
-	Enabled             *bool          `json:"enabled,omitempty"`
-	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
-	Description         *string        `json:"description,omitempty"`
-	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
-	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
-}
-
-type UpdateDeviceSettingsPolicyParams struct {
-	PolicyID            *string        `json:"-"`
-	DisableAutoFallback *bool          `json:"disable_auto_fallback,omitempty"`
-	CaptivePortal       *int           `json:"captive_portal,omitempty"`
-	AllowModeSwitch     *bool          `json:"allow_mode_switch,omitempty"`
-	SwitchLocked        *bool          `json:"switch_locked,omitempty"`
-	AllowUpdates        *bool          `json:"allow_updates,omitempty"`
-	AutoConnect         *int           `json:"auto_connect,omitempty"`
-	AllowedToLeave      *bool          `json:"allowed_to_leave,omitempty"`
-	SupportURL          *string        `json:"support_url,omitempty"`
-	ServiceModeV2       *ServiceModeV2 `json:"service_mode_v2,omitempty"`
-	Precedence          *int           `json:"precedence,omitempty"`
-	Name                *string        `json:"name,omitempty"`
-	Match               *string        `json:"match,omitempty"`
-	Enabled             *bool          `json:"enabled,omitempty"`
-	ExcludeOfficeIps    *bool          `json:"exclude_office_ips"`
-	Description         *string        `json:"description,omitempty"`
-	LANAllowMinutes     *uint          `json:"lan_allow_minutes,omitempty"`
-	LANAllowSubnetSize  *uint          `json:"lan_allow_subnet_size,omitempty"`
-}
-
-type ListDeviceSettingsPoliciesResponse struct {
-	Response
-	ResultInfo ResultInfo             `json:"result_info"`
-	Result     []DeviceSettingsPolicy `json:"result"`
-}
-
-type UpdateDeviceClientCertificatesParams struct {
-	Enabled *bool `json:"enabled"`
-}
-
-type GetDeviceClientCertificatesParams struct{}
-
-type GetDefaultDeviceSettingsPolicyParams struct{}
-
-type GetDeviceSettingsPolicyParams struct {
-	PolicyID *string `json:"-"`
-}
-
-// UpdateDeviceClientCertificates controls the zero trust zone used to provision client certificates.
-//
-// API reference: https://api.cloudflare.com/#device-client-certificates
-func (api *API) UpdateDeviceClientCertificates(ctx context.Context, rc *ResourceContainer, params UpdateDeviceClientCertificatesParams) (DeviceClientCertificates, error) {
-	if rc.Level != ZoneRouteLevel {
-		return DeviceClientCertificates{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy/certificates", rc.Level, rc.Identifier)
-
-	result := DeviceClientCertificates{Result: Enabled{false}}
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return result, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// GetDeviceClientCertificates controls the zero trust zone used to provision
-// client certificates.
-//
-// API reference: https://api.cloudflare.com/#device-client-certificates
-func (api *API) GetDeviceClientCertificates(ctx context.Context, rc *ResourceContainer, params GetDeviceClientCertificatesParams) (DeviceClientCertificates, error) {
-	if rc.Level != ZoneRouteLevel {
-		return DeviceClientCertificates{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy/certificates", rc.Level, rc.Identifier)
-
-	result := DeviceClientCertificates{}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return result, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// CreateDeviceSettingsPolicy creates a settings policy against devices that
-// match the policy.
-//
-// API reference: https://api.cloudflare.com/#devices-create-device-settings-policy
-func (api *API) CreateDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params CreateDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
-
-	result := DeviceSettingsPolicyResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-// UpdateDefaultDeviceSettingsPolicy updates the default settings policy for an account
-//
-// API reference: https://api.cloudflare.com/#devices-update-default-device-settings-policy
-func (api *API) UpdateDefaultDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params UpdateDefaultDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	result := DeviceSettingsPolicyResponse{}
-	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-// UpdateDeviceSettingsPolicy updates a settings policy
-//
-// API reference: https://api.cloudflare.com/#devices-update-device-settings-policy
-func (api *API) UpdateDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params UpdateDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, *params.PolicyID)
-
-	result := DeviceSettingsPolicyResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-// DeleteDeviceSettingsPolicy deletes a settings policy and returns a list
-// of all of the other policies in the account.
-//
-// API reference: https://api.cloudflare.com/#devices-delete-device-settings-policy
-func (api *API) DeleteDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, policyID string) ([]DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return []DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, policyID)
-
-	result := DeleteDeviceSettingsPolicyResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return []DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-// GetDefaultDeviceSettings gets the default device settings policy.
-//
-// API reference: https://api.cloudflare.com/#devices-get-default-device-settings-policy
-func (api *API) GetDefaultDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params GetDefaultDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy", rc.Level, rc.Identifier)
-
-	result := DeviceSettingsPolicyResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-// GetDefaultDeviceSettings gets the device settings policy by its policyID.
-//
-// API reference: https://api.cloudflare.com/#devices-get-device-settings-policy-by-id
-func (api *API) GetDeviceSettingsPolicy(ctx context.Context, rc *ResourceContainer, params GetDeviceSettingsPolicyParams) (DeviceSettingsPolicy, error) {
-	if rc.Level != AccountRouteLevel {
-		return DeviceSettingsPolicy{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", rc.Level, rc.Identifier, *params.PolicyID)
-
-	result := DeviceSettingsPolicyResponse{}
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DeviceSettingsPolicy{}, err
-	}
-
-	if err := json.Unmarshal(res, &result); err != nil {
-		return DeviceSettingsPolicy{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, err
-}
-
-type ListDeviceSettingsPoliciesParams struct {
-	ResultInfo
-}
-
-// ListDeviceSettingsPolicies returns all device settings policies for an account
-//
-// API reference: https://api.cloudflare.com/#devices-list-device-settings-policies
-func (api *API) ListDeviceSettingsPolicies(ctx context.Context, rc *ResourceContainer, params ListDeviceSettingsPoliciesParams) ([]DeviceSettingsPolicy, *ResultInfo, error) {
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = listDeviceSettingsPoliciesDefaultPageSize
-	}
-
-	var policies []DeviceSettingsPolicy
-	var lastResultInfo ResultInfo
-	for {
-		uri := buildURI(fmt.Sprintf("/%s/%s/devices/policies", rc.Level, rc.Identifier), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return nil, nil, err
-		}
-		var r ListDeviceSettingsPoliciesResponse
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		policies = append(policies, r.Result...)
-		lastResultInfo = r.ResultInfo
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return policies, &lastResultInfo, nil
-}
diff --git a/pkg/cloudflare-go/devices_policy_test.go b/pkg/cloudflare-go/devices_policy_test.go
deleted file mode 100644
index c78a13838e..0000000000
--- a/pkg/cloudflare-go/devices_policy_test.go
+++ /dev/null
@@ -1,423 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	deviceSettingsPolicyID         = "a842fa8a-a583-482e-9cd9-eb43362949fd"
-	deviceSettingsPolicyMatch      = "identity.email == \"test@example.com\""
-	deviceSettingsPolicyPrecedence = 10
-
-	defaultDeviceSettingsPolicy = DeviceSettingsPolicy{
-		ServiceModeV2: &ServiceModeV2{
-			Mode: "warp",
-		},
-		DisableAutoFallback: BoolPtr(false),
-		FallbackDomains: &[]FallbackDomain{
-			{Suffix: "invalid"},
-			{Suffix: "test"},
-		},
-		Exclude: &[]SplitTunnel{
-			{Address: "10.0.0.0/8"},
-			{Address: "100.64.0.0/10"},
-		},
-		GatewayUniqueID:    StringPtr("t1235"),
-		SupportURL:         StringPtr(""),
-		CaptivePortal:      IntPtr(180),
-		AllowModeSwitch:    BoolPtr(false),
-		SwitchLocked:       BoolPtr(false),
-		AllowUpdates:       BoolPtr(false),
-		AutoConnect:        IntPtr(0),
-		AllowedToLeave:     BoolPtr(true),
-		Enabled:            BoolPtr(true),
-		PolicyID:           nil,
-		Name:               nil,
-		Match:              nil,
-		Precedence:         nil,
-		Default:            true,
-		ExcludeOfficeIps:   BoolPtr(false),
-		Description:        nil,
-		LANAllowMinutes:    nil,
-		LANAllowSubnetSize: nil,
-	}
-
-	nonDefaultDeviceSettingsPolicy = DeviceSettingsPolicy{
-		ServiceModeV2: &ServiceModeV2{
-			Mode: "warp",
-		},
-		DisableAutoFallback: BoolPtr(false),
-		FallbackDomains: &[]FallbackDomain{
-			{Suffix: "invalid"},
-			{Suffix: "test"},
-		},
-		Exclude: &[]SplitTunnel{
-			{Address: "10.0.0.0/8"},
-			{Address: "100.64.0.0/10"},
-		},
-		GatewayUniqueID:    StringPtr("t1235"),
-		SupportURL:         StringPtr(""),
-		CaptivePortal:      IntPtr(180),
-		AllowModeSwitch:    BoolPtr(false),
-		SwitchLocked:       BoolPtr(false),
-		AllowUpdates:       BoolPtr(false),
-		AutoConnect:        IntPtr(0),
-		AllowedToLeave:     BoolPtr(true),
-		PolicyID:           &deviceSettingsPolicyID,
-		Enabled:            BoolPtr(true),
-		Name:               StringPtr("test"),
-		Match:              &deviceSettingsPolicyMatch,
-		Precedence:         &deviceSettingsPolicyPrecedence,
-		Default:            false,
-		ExcludeOfficeIps:   BoolPtr(true),
-		Description:        StringPtr("Test Description"),
-		LANAllowMinutes:    UintPtr(120),
-		LANAllowSubnetSize: UintPtr(31),
-	}
-
-	defaultDeviceSettingsPolicyJson = `{
-		"service_mode_v2": {
-			"mode": "warp"
-		},
-		"disable_auto_fallback": false,
-		"fallback_domains": [
-			{
-				"suffix": "invalid"
-			},
-			{
-				"suffix": "test"
-			}
-		],
-		"exclude": [
-			{
-				"address": "10.0.0.0/8"
-			},
-			{
-				"address": "100.64.0.0/10"
-			}
-		],
-		"gateway_unique_id": "t1235",
-		"support_url": "",
-		"captive_portal": 180,
-		"allow_mode_switch": false,
-		"switch_locked": false,
-		"allow_updates": false,
-		"auto_connect": 0,
-		"allowed_to_leave": true,
-		"enabled": true,
-		"default": true,
-		"exclude_office_ips":false
-	}`
-
-	nonDefaultDeviceSettingsPolicyJson = fmt.Sprintf(`{
-		"service_mode_v2": {
-			"mode": "warp"
-		},
-		"disable_auto_fallback": false,
-		"fallback_domains": [
-			{
-				"suffix": "invalid"
-			},
-			{
-				"suffix": "test"
-			}
-		],
-		"exclude": [
-			{
-				"address": "10.0.0.0/8"
-			},
-			{
-				"address": "100.64.0.0/10"
-			}
-		],
-		"gateway_unique_id": "t1235",
-		"support_url": "",
-		"captive_portal": 180,
-		"allow_mode_switch": false,
-		"switch_locked": false,
-		"allow_updates": false,
-		"auto_connect": 0,
-		"allowed_to_leave": true,
-		"policy_id": "%s",
-		"enabled": true,
-		"name": "test",
-		"match": %#v,
-		"precedence": 10,
-		"default": false,
-		"exclude_office_ips":true,
-		"description":"Test Description",
-		"lan_allow_minutes": 120,
-		"lan_allow_subnet_size": 31
-	}`, deviceSettingsPolicyID, deviceSettingsPolicyMatch)
-)
-
-func TestUpdateDeviceClientCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": {"enabled": true}
-		}`)
-	}
-
-	want := DeviceClientCertificates{
-		Response: Response{
-			Success:  true,
-			Errors:   nil,
-			Messages: nil,
-		},
-		Result: Enabled{true},
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/devices/policy/certificates", handler)
-
-	actual, err := client.UpdateDeviceClientCertificates(context.Background(), ZoneIdentifier(testZoneID), UpdateDeviceClientCertificatesParams{Enabled: BoolPtr(true)})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetDeviceClientCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": {"enabled": false}
-		}`)
-	}
-
-	want := DeviceClientCertificates{
-		Response: Response{
-			Success:  true,
-			Errors:   nil,
-			Messages: nil,
-		},
-		Result: Enabled{false},
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/devices/policy/certificates", handler)
-
-	actual, err := client.GetDeviceClientCertificates(context.Background(), ZoneIdentifier(testZoneID), GetDeviceClientCertificatesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": %s
-		}`, nonDefaultDeviceSettingsPolicyJson)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
-
-	actual, err := client.CreateDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), CreateDeviceSettingsPolicyParams{
-		Precedence:         IntPtr(10),
-		Match:              &deviceSettingsPolicyMatch,
-		Name:               StringPtr("test"),
-		Description:        StringPtr("Test Description"),
-		LANAllowMinutes:    UintPtr(120),
-		LANAllowSubnetSize: UintPtr(31),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
-	}
-}
-
-func TestUpdateDefaultDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": %s
-		}`, defaultDeviceSettingsPolicyJson)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
-
-	actual, err := client.UpdateDefaultDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), UpdateDefaultDeviceSettingsPolicyParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, defaultDeviceSettingsPolicy, actual)
-	}
-}
-
-func TestUpdateDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": %s
-		}`, nonDefaultDeviceSettingsPolicyJson)
-	}
-
-	precedence := 10
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
-
-	actual, err := client.UpdateDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), UpdateDeviceSettingsPolicyParams{
-		PolicyID:   &deviceSettingsPolicyID,
-		Precedence: &precedence,
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
-	}
-}
-
-func TestDeleteDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": [ %s ]
-		}`, defaultDeviceSettingsPolicyJson)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
-
-	actual, err := client.DeleteDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), deviceSettingsPolicyID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []DeviceSettingsPolicy{defaultDeviceSettingsPolicy}, actual)
-	}
-}
-
-func TestGetDefaultDeviceSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": %s
-		}`, defaultDeviceSettingsPolicyJson)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy", handler)
-
-	actual, err := client.GetDefaultDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), GetDefaultDeviceSettingsPolicyParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, defaultDeviceSettingsPolicy, actual)
-	}
-}
-
-func TestGetDeviceSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": %s
-		}`, nonDefaultDeviceSettingsPolicyJson)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+deviceSettingsPolicyID, handler)
-
-	actual, err := client.GetDeviceSettingsPolicy(context.Background(), AccountIdentifier(testAccountID), GetDeviceSettingsPolicyParams{PolicyID: &deviceSettingsPolicyID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, nonDefaultDeviceSettingsPolicy, actual)
-	}
-}
-
-func TestListDeviceSettingsPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": null,
-			"messages": null,
-			"result": [%s],
-			"result_info": {
-  				"count": 1,
-  				"page": 1,
-  				"per_page": 20,
-  				"total_count": 1
-			}
-		}`, nonDefaultDeviceSettingsPolicyJson)
-	}
-
-	want := []DeviceSettingsPolicy{nonDefaultDeviceSettingsPolicy}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policies", handler)
-
-	actual, resultInfo, err := client.ListDeviceSettingsPolicies(context.Background(), AccountIdentifier(testAccountID), ListDeviceSettingsPoliciesParams{
-		ResultInfo: ResultInfo{
-			Page:    1,
-			PerPage: 20,
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-		assert.Equal(t, &ResultInfo{
-			Count:   1,
-			Page:    1,
-			PerPage: 20,
-			Total:   1,
-		}, resultInfo)
-		assert.Len(t, actual, 1)
-	}
-}
diff --git a/pkg/cloudflare-go/diagnostics.go b/pkg/cloudflare-go/diagnostics.go
deleted file mode 100644
index 4eb8e71655..0000000000
--- a/pkg/cloudflare-go/diagnostics.go
+++ /dev/null
@@ -1,102 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// DiagnosticsTracerouteConfiguration is the overarching structure of the
-// diagnostics traceroute requests.
-type DiagnosticsTracerouteConfiguration struct {
-	Targets []string                                  `json:"targets"`
-	Colos   []string                                  `json:"colos,omitempty"`
-	Options DiagnosticsTracerouteConfigurationOptions `json:"options,omitempty"`
-}
-
-// DiagnosticsTracerouteConfigurationOptions contains the options for performing
-// traceroutes.
-type DiagnosticsTracerouteConfigurationOptions struct {
-	PacketsPerTTL int    `json:"packets_per_ttl"`
-	PacketType    string `json:"packet_type"`
-	MaxTTL        int    `json:"max_ttl"`
-	WaitTime      int    `json:"wait_time"`
-}
-
-// DiagnosticsTracerouteResponse is the outer response of the API response.
-type DiagnosticsTracerouteResponse struct {
-	Response
-	Result []DiagnosticsTracerouteResponseResult `json:"result"`
-}
-
-// DiagnosticsTracerouteResponseResult is the inner API response for the
-// traceroute request.
-type DiagnosticsTracerouteResponseResult struct {
-	Target string                               `json:"target"`
-	Colos  []DiagnosticsTracerouteResponseColos `json:"colos"`
-}
-
-// DiagnosticsTracerouteResponseColo contains the Name and City of a colocation.
-type DiagnosticsTracerouteResponseColo struct {
-	Name string `json:"name"`
-	City string `json:"city"`
-}
-
-// DiagnosticsTracerouteResponseNodes holds a summary of nodes contacted in the
-// traceroute.
-type DiagnosticsTracerouteResponseNodes struct {
-	Asn         string  `json:"asn"`
-	IP          string  `json:"ip"`
-	Name        string  `json:"name"`
-	PacketCount int     `json:"packet_count"`
-	MeanRttMs   float64 `json:"mean_rtt_ms"`
-	StdDevRttMs float64 `json:"std_dev_rtt_ms"`
-	MinRttMs    float64 `json:"min_rtt_ms"`
-	MaxRttMs    float64 `json:"max_rtt_ms"`
-}
-
-// DiagnosticsTracerouteResponseHops holds packet and node information of the
-// hops.
-type DiagnosticsTracerouteResponseHops struct {
-	PacketsTTL  int                                  `json:"packets_ttl"`
-	PacketsSent int                                  `json:"packets_sent"`
-	PacketsLost int                                  `json:"packets_lost"`
-	Nodes       []DiagnosticsTracerouteResponseNodes `json:"nodes"`
-}
-
-// DiagnosticsTracerouteResponseColos is the summary struct of a colocation test.
-type DiagnosticsTracerouteResponseColos struct {
-	Error            string                              `json:"error"`
-	Colo             DiagnosticsTracerouteResponseColo   `json:"colo"`
-	TracerouteTimeMs int                                 `json:"traceroute_time_ms"`
-	TargetSummary    DiagnosticsTracerouteResponseNodes  `json:"target_summary"`
-	Hops             []DiagnosticsTracerouteResponseHops `json:"hops"`
-}
-
-// PerformTraceroute initiates a traceroute from the Cloudflare network to the
-// requested targets.
-//
-// API documentation: https://api.cloudflare.com/#diagnostics-traceroute
-func (api *API) PerformTraceroute(ctx context.Context, accountID string, targets, colos []string, tracerouteOptions DiagnosticsTracerouteConfigurationOptions) ([]DiagnosticsTracerouteResponseResult, error) {
-	uri := fmt.Sprintf("/accounts/%s/diagnostics/traceroute", accountID)
-	diagnosticsPayload := DiagnosticsTracerouteConfiguration{
-		Targets: targets,
-		Colos:   colos,
-		Options: tracerouteOptions,
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, diagnosticsPayload)
-	if err != nil {
-		return []DiagnosticsTracerouteResponseResult{}, err
-	}
-
-	var diagnosticsResponse DiagnosticsTracerouteResponse
-	err = json.Unmarshal(res, &diagnosticsResponse)
-	if err != nil {
-		return []DiagnosticsTracerouteResponseResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return diagnosticsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/diagnostics_test.go b/pkg/cloudflare-go/diagnostics_test.go
deleted file mode 100644
index 0662c006ba..0000000000
--- a/pkg/cloudflare-go/diagnostics_test.go
+++ /dev/null
@@ -1,236 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDiagnosticsPerformTraceroute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		var request DiagnosticsTracerouteConfiguration
-		var err error
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		err = json.NewDecoder(r.Body).Decode(&request)
-		assert.NoError(t, err)
-		assert.Equal(t, request.Colos, []string{"den01"}, "Exepected key 'colos' to be [\"den01\"], got %+v", request.Colos)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "target": "1.1.1.1",
-      "colos": [
-        {
-          "error": "",
-          "colo": {
-            "name": "den01",
-            "city": "Denver, CO, US"
-          },
-          "traceroute_time_ms": 969,
-          "target_summary": {
-            "asn": "",
-            "ip": "1.1.1.1",
-            "name": "1.1.1.1",
-            "packet_count": 3,
-            "mean_rtt_ms": 0.021,
-            "std_dev_rtt_ms": 0.011269427669584647,
-            "min_rtt_ms": 0.014,
-            "max_rtt_ms": 0.034
-          },
-          "hops": [
-            {
-              "packets_ttl": 1,
-              "packets_sent": 3,
-              "packets_lost": 0,
-              "nodes": [
-                {
-                  "asn": "AS13335",
-                  "ip": "1.1.1.1",
-                  "name": "one.one.one.one",
-                  "packet_count": 3,
-                  "mean_rtt_ms": 0.021,
-                  "std_dev_rtt_ms": 0.011269427669584647,
-                  "min_rtt_ms": 0.014,
-                  "max_rtt_ms": 0.034
-                }
-              ]
-            }
-          ]
-        }
-      ]
-    }
-  ]
-}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/diagnostics/traceroute", handler)
-
-	want := []DiagnosticsTracerouteResponseResult{{
-		Target: "1.1.1.1",
-		Colos: []DiagnosticsTracerouteResponseColos{{
-			Error: "",
-			Colo: DiagnosticsTracerouteResponseColo{
-				Name: "den01", City: "Denver, CO, US",
-			},
-			TracerouteTimeMs: 969,
-			TargetSummary: DiagnosticsTracerouteResponseNodes{
-				Asn:         "",
-				IP:          "1.1.1.1",
-				Name:        "1.1.1.1",
-				PacketCount: 3,
-				MeanRttMs:   0.021,
-				StdDevRttMs: 0.011269427669584647,
-				MinRttMs:    0.014,
-				MaxRttMs:    0.034,
-			},
-			Hops: []DiagnosticsTracerouteResponseHops{{
-				PacketsTTL:  1,
-				PacketsSent: 3,
-				PacketsLost: 0,
-				Nodes: []DiagnosticsTracerouteResponseNodes{{
-					Asn:         "AS13335",
-					IP:          "1.1.1.1",
-					Name:        "one.one.one.one",
-					PacketCount: 3,
-					MeanRttMs:   0.021,
-					StdDevRttMs: 0.011269427669584647,
-					MinRttMs:    0.014,
-					MaxRttMs:    0.034,
-				}},
-			}},
-		}},
-	},
-	}
-
-	opts := DiagnosticsTracerouteConfigurationOptions{PacketsPerTTL: 1, PacketType: "imcp", MaxTTL: 1, WaitTime: 1}
-	trace, err := client.PerformTraceroute(context.Background(), "01a7362d577a6c3019a474fd6f485823", []string{"1.1.1.1"}, []string{"den01"}, opts)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, trace)
-	}
-}
-
-func TestDiagnosticsPerformTracerouteEmptyColos(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		var request DiagnosticsTracerouteConfiguration
-		var err error
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		err = json.NewDecoder(r.Body).Decode(&request)
-		assert.NoError(t, err)
-		assert.Nil(t, request.Colos, "Exepected key 'colos' to be nil, got %+v", request.Colos)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "target": "1.1.1.1",
-      "colos": [
-        {
-          "error": "",
-          "colo": {
-            "name": "den01",
-            "city": "Denver, CO, US"
-          },
-          "traceroute_time_ms": 969,
-          "target_summary": {
-            "asn": "",
-            "ip": "1.1.1.1",
-            "name": "1.1.1.1",
-            "packet_count": 3,
-            "mean_rtt_ms": 0.021,
-            "std_dev_rtt_ms": 0.011269427669584647,
-            "min_rtt_ms": 0.014,
-            "max_rtt_ms": 0.034
-          },
-          "hops": [
-            {
-              "packets_ttl": 1,
-              "packets_sent": 3,
-              "packets_lost": 0,
-              "nodes": [
-                {
-                  "asn": "AS13335",
-                  "ip": "1.1.1.1",
-                  "name": "one.one.one.one",
-                  "packet_count": 3,
-                  "mean_rtt_ms": 0.021,
-                  "std_dev_rtt_ms": 0.011269427669584647,
-                  "min_rtt_ms": 0.014,
-                  "max_rtt_ms": 0.034
-                }
-              ]
-            }
-          ]
-        }
-      ]
-    }
-  ]
-}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/diagnostics/traceroute", handler)
-
-	want := []DiagnosticsTracerouteResponseResult{{
-		Target: "1.1.1.1",
-		Colos: []DiagnosticsTracerouteResponseColos{{
-			Error: "",
-			Colo: DiagnosticsTracerouteResponseColo{
-				Name: "den01", City: "Denver, CO, US",
-			},
-			TracerouteTimeMs: 969,
-			TargetSummary: DiagnosticsTracerouteResponseNodes{
-				Asn:         "",
-				IP:          "1.1.1.1",
-				Name:        "1.1.1.1",
-				PacketCount: 3,
-				MeanRttMs:   0.021,
-				StdDevRttMs: 0.011269427669584647,
-				MinRttMs:    0.014,
-				MaxRttMs:    0.034,
-			},
-			Hops: []DiagnosticsTracerouteResponseHops{{
-				PacketsTTL:  1,
-				PacketsSent: 3,
-				PacketsLost: 0,
-				Nodes: []DiagnosticsTracerouteResponseNodes{{
-					Asn:         "AS13335",
-					IP:          "1.1.1.1",
-					Name:        "one.one.one.one",
-					PacketCount: 3,
-					MeanRttMs:   0.021,
-					StdDevRttMs: 0.011269427669584647,
-					MinRttMs:    0.014,
-					MaxRttMs:    0.034,
-				}},
-			}},
-		}},
-	},
-	}
-
-	opts := DiagnosticsTracerouteConfigurationOptions{PacketsPerTTL: 1, PacketType: "imcp", MaxTTL: 1, WaitTime: 1}
-	trace, err := client.PerformTraceroute(context.Background(), "01a7362d577a6c3019a474fd6f485823", []string{"1.1.1.1"}, []string{}, opts)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, trace)
-	}
-}
diff --git a/pkg/cloudflare-go/dlp_dataset.go b/pkg/cloudflare-go/dlp_dataset.go
deleted file mode 100644
index 09cf86416c..0000000000
--- a/pkg/cloudflare-go/dlp_dataset.go
+++ /dev/null
@@ -1,278 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingDatasetID = errors.New("missing required dataset ID")
-)
-
-// DLPDatasetUpload represents a single upload version attached to a DLP dataset.
-type DLPDatasetUpload struct {
-	NumCells int    `json:"num_cells"`
-	Status   string `json:"status,omitempty"`
-	Version  int    `json:"version"`
-}
-
-// DLPDataset represents a DLP Exact Data Match dataset or Custom Word List.
-type DLPDataset struct {
-	CreatedAt   *time.Time         `json:"created_at,omitempty"`
-	Description string             `json:"description,omitempty"`
-	ID          string             `json:"id,omitempty"`
-	Name        string             `json:"name,omitempty"`
-	NumCells    int                `json:"num_cells"`
-	Secret      *bool              `json:"secret,omitempty"`
-	Status      string             `json:"status,omitempty"`
-	UpdatedAt   *time.Time         `json:"updated_at,omitempty"`
-	Uploads     []DLPDatasetUpload `json:"uploads"`
-}
-
-type ListDLPDatasetsParams struct{}
-
-type DLPDatasetListResponse struct {
-	Result []DLPDataset `json:"result"`
-	Response
-}
-
-// ListDLPDatasets returns all the DLP datasets associated with an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-read-all
-func (api *API) ListDLPDatasets(ctx context.Context, rc *ResourceContainer, params ListDLPDatasetsParams) ([]DLPDataset, error) {
-	if rc.Identifier == "" {
-		return nil, nil
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets", rc.Level, rc.Identifier), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var dlpDatasetListResponse DLPDatasetListResponse
-	err = json.Unmarshal(res, &dlpDatasetListResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpDatasetListResponse.Result, nil
-}
-
-type DLPDatasetGetResponse struct {
-	Result DLPDataset `json:"result"`
-	Response
-}
-
-// GetDLPDataset returns a DLP dataset based on the dataset ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-read
-func (api *API) GetDLPDataset(ctx context.Context, rc *ResourceContainer, datasetID string) (DLPDataset, error) {
-	if rc.Identifier == "" {
-		return DLPDataset{}, nil
-	}
-
-	if datasetID == "" {
-		return DLPDataset{}, ErrMissingDatasetID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, datasetID), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DLPDataset{}, err
-	}
-
-	var dlpDatasetGetResponse DLPDatasetGetResponse
-	err = json.Unmarshal(res, &dlpDatasetGetResponse)
-	if err != nil {
-		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpDatasetGetResponse.Result, nil
-}
-
-type CreateDLPDatasetParams struct {
-	Description string `json:"description,omitempty"`
-	Name        string `json:"name"`
-	Secret      *bool  `json:"secret,omitempty"`
-}
-
-type CreateDLPDatasetResult struct {
-	MaxCells int        `json:"max_cells"`
-	Secret   string     `json:"secret"`
-	Version  int        `json:"version"`
-	Dataset  DLPDataset `json:"dataset"`
-}
-
-type CreateDLPDatasetResponse struct {
-	Result CreateDLPDatasetResult `json:"result"`
-	Response
-}
-
-// CreateDLPDataset creates a DLP dataset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-create
-func (api *API) CreateDLPDataset(ctx context.Context, rc *ResourceContainer, params CreateDLPDatasetParams) (CreateDLPDatasetResult, error) {
-	if rc.Identifier == "" {
-		return CreateDLPDatasetResult{}, nil
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets", rc.Level, rc.Identifier), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return CreateDLPDatasetResult{}, err
-	}
-
-	var CreateDLPDatasetResponse CreateDLPDatasetResponse
-	err = json.Unmarshal(res, &CreateDLPDatasetResponse)
-	if err != nil {
-		return CreateDLPDatasetResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return CreateDLPDatasetResponse.Result, nil
-}
-
-// DeleteDLPDataset deletes a DLP dataset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-delete
-func (api *API) DeleteDLPDataset(ctx context.Context, rc *ResourceContainer, datasetID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingResourceIdentifier
-	}
-
-	if datasetID == "" {
-		return ErrMissingDatasetID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, datasetID), nil)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	return err
-}
-
-type UpdateDLPDatasetParams struct {
-	DatasetID   string
-	Description *string `json:"description,omitempty"` // nil to leave descrption as-is
-	Name        *string `json:"name,omitempty"`        // nil to leave name as-is
-}
-
-type UpdateDLPDatasetResponse struct {
-	Result DLPDataset `json:"result"`
-	Response
-}
-
-// UpdateDLPDataset updates the details of a DLP dataset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-update
-func (api *API) UpdateDLPDataset(ctx context.Context, rc *ResourceContainer, params UpdateDLPDatasetParams) (DLPDataset, error) {
-	if rc.Identifier == "" {
-		return DLPDataset{}, nil
-	}
-
-	if params.DatasetID == "" {
-		return DLPDataset{}, ErrMissingDatasetID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s", rc.Level, rc.Identifier, params.DatasetID), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return DLPDataset{}, err
-	}
-
-	var updateDLPDatasetResponse UpdateDLPDatasetResponse
-	err = json.Unmarshal(res, &updateDLPDatasetResponse)
-	if err != nil {
-		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return updateDLPDatasetResponse.Result, nil
-}
-
-type CreateDLPDatasetUploadResult struct {
-	MaxCells int    `json:"max_cells"`
-	Secret   string `json:"secret"`
-	Version  int    `json:"version"`
-}
-
-type CreateDLPDatasetUploadResponse struct {
-	Result CreateDLPDatasetUploadResult `json:"result"`
-	Response
-}
-type CreateDLPDatasetUploadParams struct {
-	DatasetID string
-}
-
-// CreateDLPDatasetUpload creates a new upload version for the specified DLP dataset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-create-version
-func (api *API) CreateDLPDatasetUpload(ctx context.Context, rc *ResourceContainer, params CreateDLPDatasetUploadParams) (CreateDLPDatasetUploadResult, error) {
-	if rc.Identifier == "" {
-		return CreateDLPDatasetUploadResult{}, nil
-	}
-
-	if params.DatasetID == "" {
-		return CreateDLPDatasetUploadResult{}, ErrMissingDatasetID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s/upload", rc.Level, rc.Identifier, params.DatasetID), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return CreateDLPDatasetUploadResult{}, err
-	}
-
-	var dlpDatasetCreateUploadResponse CreateDLPDatasetUploadResponse
-	err = json.Unmarshal(res, &dlpDatasetCreateUploadResponse)
-	if err != nil {
-		return CreateDLPDatasetUploadResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpDatasetCreateUploadResponse.Result, nil
-}
-
-type UploadDLPDatasetVersionParams struct {
-	DatasetID string
-	Version   int
-	Body      interface{}
-}
-
-type UploadDLPDatasetVersionResponse struct {
-	Result DLPDataset `json:"result"`
-	Response
-}
-
-// UploadDLPDatasetVersion uploads a new version of the specified DLP dataset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-datasets-upload-version
-func (api *API) UploadDLPDatasetVersion(ctx context.Context, rc *ResourceContainer, params UploadDLPDatasetVersionParams) (DLPDataset, error) {
-	if rc.Identifier == "" {
-		return DLPDataset{}, nil
-	}
-
-	if params.DatasetID == "" {
-		return DLPDataset{}, ErrMissingDatasetID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/datasets/%s/upload/%d", rc.Level, rc.Identifier, params.DatasetID, params.Version), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Body)
-	if err != nil {
-		return DLPDataset{}, err
-	}
-
-	var dlpDatasetUploadVersionResponse UploadDLPDatasetVersionResponse
-	err = json.Unmarshal(res, &dlpDatasetUploadVersionResponse)
-	if err != nil {
-		return DLPDataset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpDatasetUploadVersionResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/dlp_dataset_test.go b/pkg/cloudflare-go/dlp_dataset_test.go
deleted file mode 100644
index 363163627f..0000000000
--- a/pkg/cloudflare-go/dlp_dataset_test.go
+++ /dev/null
@@ -1,422 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestListDLPDatasets(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"created_at": "2019-08-24T14:15:22Z",
-					"description": "string",
-					"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-					"name": "string",
-					"num_cells": 0,
-					"secret": true,
-					"status": "empty",
-					"updated_at": "2019-08-24T14:15:22Z",
-					"uploads": [
-					  {
-						"num_cells": 0,
-						"status": "empty",
-						"version": 0
-					  }
-					]
-				  }
-			]
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-
-	secret := true
-	want := []DLPDataset{
-		{
-			CreatedAt:   &createdAt,
-			Description: "string",
-			ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-			Name:        "string",
-			NumCells:    0,
-			Secret:      &secret,
-			Status:      "empty",
-			UpdatedAt:   &updatedAt,
-			Uploads: []DLPDatasetUpload{
-				{
-					NumCells: 0,
-					Status:   "empty",
-					Version:  0,
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets", handler)
-
-	actual, err := client.ListDLPDatasets(context.Background(), AccountIdentifier(testAccountID), ListDLPDatasetsParams{})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestGetDLPDataset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2019-08-24T14:15:22Z",
-				"description": "string",
-				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-				"name": "string",
-				"num_cells": 0,
-				"secret": true,
-				"status": "empty",
-				"updated_at": "2019-08-24T14:15:22Z",
-				"uploads": [
-					{
-						"num_cells": 0,
-						"status": "empty",
-						"version": 0
-					}
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-
-	secret := true
-	want := DLPDataset{
-		CreatedAt:   &createdAt,
-		Description: "string",
-		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-		Name:        "string",
-		NumCells:    0,
-		Secret:      &secret,
-		Status:      "empty",
-		UpdatedAt:   &updatedAt,
-		Uploads: []DLPDatasetUpload{
-			{
-				NumCells: 0,
-				Status:   "empty",
-				Version:  0,
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
-
-	actual, err := client.GetDLPDataset(context.Background(), AccountIdentifier(testAccountID), "497f6eca-6276-4993-bfeb-53cbbbba6f08")
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestCreateDLPDataset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var reqBody CreateDLPDatasetParams
-		err := json.NewDecoder(r.Body).Decode(&reqBody)
-		require.Nil(t, err)
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"max_cells": 0,
-				"secret": "1234",
-				"version": 0,
-				"dataset": {
-					"created_at": "2019-08-24T14:15:22Z",
-					"description": "`+reqBody.Description+`",
-					"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-					"name": "`+reqBody.Name+`",
-					"num_cells": 0,
-					"secret": `+fmt.Sprintf("%t", *reqBody.Secret)+`,
-					"status": "empty",
-					"updated_at": "2019-08-24T14:15:22Z",
-					"uploads": [
-						{
-							"num_cells": 0,
-							"status": "empty",
-							"version": 0
-						}
-					]
-				}
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-
-	secret := true
-	want := CreateDLPDatasetResult{
-		MaxCells: 0,
-		Secret:   "1234",
-		Version:  0,
-		Dataset: DLPDataset{
-			CreatedAt:   &createdAt,
-			Description: "string",
-			ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-			Name:        "string",
-			NumCells:    0,
-			Secret:      &secret,
-			Status:      "empty",
-			UpdatedAt:   &updatedAt,
-			Uploads: []DLPDatasetUpload{
-				{
-					NumCells: 0,
-					Status:   "empty",
-					Version:  0,
-				},
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets", handler)
-
-	actual, err := client.CreateDLPDataset(context.Background(), AccountIdentifier(testAccountID), CreateDLPDatasetParams{Description: "string", Name: "string", Secret: &secret})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestDeleteDLPDataset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": null
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
-
-	err := client.DeleteDLPDataset(context.Background(), AccountIdentifier(testAccountID), "497f6eca-6276-4993-bfeb-53cbbbba6f08")
-	require.NoError(t, err)
-}
-
-func TestUpdateDLPDataset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var reqBody UpdateDLPDatasetParams
-		err := json.NewDecoder(r.Body).Decode(&reqBody)
-		require.Nil(t, err)
-
-		var description string
-		if reqBody.Description == nil {
-			description = "string"
-		} else {
-			description = *reqBody.Description
-		}
-
-		var name string
-		if reqBody.Name == nil {
-			name = "string"
-		} else {
-			name = *reqBody.Name
-		}
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2019-08-24T14:15:22Z",
-				"description": "`+description+`",
-				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-				"name": "`+name+`",
-				"num_cells": 0,
-				"secret": true,
-				"status": "empty",
-				"updated_at": "2019-08-24T14:15:22Z",
-				"uploads": [
-					{
-						"num_cells": 0,
-						"status": "empty",
-						"version": 0
-					}
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-
-	secret := true
-	want := DLPDataset{
-		CreatedAt:   &createdAt,
-		Description: "new_desc",
-		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-		Name:        "string",
-		NumCells:    0,
-		Secret:      &secret,
-		Status:      "empty",
-		UpdatedAt:   &updatedAt,
-		Uploads: []DLPDatasetUpload{
-			{
-				NumCells: 0,
-				Status:   "empty",
-				Version:  0,
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08", handler)
-
-	description := "new_desc"
-	actual, err := client.UpdateDLPDataset(context.Background(), AccountIdentifier(testAccountID), UpdateDLPDatasetParams{Description: &description, Name: nil, DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08"})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestCreateDLPDatasetUpload(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"max_cells": 0,
-				"secret": "1234",
-				"version": 1
-			}
-		}`)
-	}
-
-	want := CreateDLPDatasetUploadResult{
-		MaxCells: 0,
-		Secret:   "1234",
-		Version:  1,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08/upload", handler)
-
-	actual, err := client.CreateDLPDatasetUpload(context.Background(), AccountIdentifier(testAccountID), CreateDLPDatasetUploadParams{DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08"})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestUploadDLPDatasetVersion(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		body, err := io.ReadAll(r.Body)
-		require.NoError(t, err)
-		require.Equal(t, []byte{1, 2, 3, 4}, body)
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"created_at": "2019-08-24T14:15:22Z",
-				"description": "string",
-				"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-				"name": "string",
-				"num_cells": 5,
-				"secret": true,
-				"status": "complete",
-				"updated_at": "2019-08-24T14:15:22Z",
-				"uploads": [
-					{
-						"num_cells": 0,
-						"status": "empty",
-						"version": 0
-					},
-					{
-						"num_cells": 5,
-						"status": "complete",
-						"version": 1
-					}
-				]
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2019-08-24T14:15:22Z")
-
-	secret := true
-	want := DLPDataset{
-		CreatedAt:   &createdAt,
-		Description: "string",
-		ID:          "497f6eca-6276-4993-bfeb-53cbbbba6f08",
-		Name:        "string",
-		NumCells:    5,
-		Secret:      &secret,
-		Status:      "complete",
-		UpdatedAt:   &updatedAt,
-		Uploads: []DLPDatasetUpload{
-			{
-				NumCells: 0,
-				Status:   "empty",
-				Version:  0,
-			},
-			{
-				NumCells: 5,
-				Status:   "complete",
-				Version:  1,
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/datasets/497f6eca-6276-4993-bfeb-53cbbbba6f08/upload/1", handler)
-
-	actual, err := client.UploadDLPDatasetVersion(context.Background(), AccountIdentifier(testAccountID), UploadDLPDatasetVersionParams{DatasetID: "497f6eca-6276-4993-bfeb-53cbbbba6f08", Version: 1, Body: []byte{1, 2, 3, 4}})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
diff --git a/pkg/cloudflare-go/dlp_payload_log.go b/pkg/cloudflare-go/dlp_payload_log.go
deleted file mode 100644
index 80123b459d..0000000000
--- a/pkg/cloudflare-go/dlp_payload_log.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type DLPPayloadLogSettings struct {
-	PublicKey string `json:"public_key,omitempty"`
-
-	// Only present in responses
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
-}
-
-type GetDLPPayloadLogSettingsParams struct{}
-
-type DLPPayloadLogSettingsResponse struct {
-	Response
-	Result DLPPayloadLogSettings `json:"result"`
-}
-
-// GetDLPPayloadLogSettings gets the current DLP payload logging settings.
-//
-// API reference: https://api.cloudflare.com/#dlp-payload-log-settings-get-settings
-func (api *API) GetDLPPayloadLogSettings(ctx context.Context, rc *ResourceContainer, params GetDLPPayloadLogSettingsParams) (DLPPayloadLogSettings, error) {
-	if rc.Identifier == "" {
-		return DLPPayloadLogSettings{}, ErrMissingResourceIdentifier
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/payload_log", rc.Level, rc.Identifier), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DLPPayloadLogSettings{}, err
-	}
-
-	var dlpPayloadLogSettingsResponse DLPPayloadLogSettingsResponse
-	err = json.Unmarshal(res, &dlpPayloadLogSettingsResponse)
-	if err != nil {
-		return DLPPayloadLogSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpPayloadLogSettingsResponse.Result, nil
-}
-
-// UpdateDLPPayloadLogSettings sets the current DLP payload logging settings to new values.
-//
-// API reference: https://api.cloudflare.com/#dlp-payload-log-settings-update-settings
-func (api *API) UpdateDLPPayloadLogSettings(ctx context.Context, rc *ResourceContainer, settings DLPPayloadLogSettings) (DLPPayloadLogSettings, error) {
-	if rc.Identifier == "" {
-		return DLPPayloadLogSettings{}, ErrMissingResourceIdentifier
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/payload_log", rc.Level, rc.Identifier), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
-	if err != nil {
-		return DLPPayloadLogSettings{}, err
-	}
-
-	var dlpPayloadLogSettingsResponse DLPPayloadLogSettingsResponse
-	err = json.Unmarshal(res, &dlpPayloadLogSettingsResponse)
-	if err != nil {
-		return DLPPayloadLogSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpPayloadLogSettingsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/dlp_payload_log_test.go b/pkg/cloudflare-go/dlp_payload_log_test.go
deleted file mode 100644
index 6cb86b54ac..0000000000
--- a/pkg/cloudflare-go/dlp_payload_log_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestGetDLPPayloadLogSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"public_key": "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
-				"updated_at": "2022-12-22T21:02:39Z"
-			}
-		}`)
-	}
-
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-12-22T21:02:39Z")
-
-	want := DLPPayloadLogSettings{
-		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/payload_log", handler)
-
-	actual, err := client.GetDLPPayloadLogSettings(context.Background(), AccountIdentifier(testAccountID), GetDLPPayloadLogSettingsParams{})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestPutDLPPayloadLogSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var requestSettings DLPPayloadLogSettings
-		err := json.NewDecoder(r.Body).Decode(&requestSettings)
-		require.Nil(t, err)
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"public_key": "`+requestSettings.PublicKey+`",
-				"updated_at": "2022-12-22T21:02:39Z"
-			}
-		}`)
-	}
-
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-12-22T21:02:39Z")
-
-	want := DLPPayloadLogSettings{
-		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/payload_log", handler)
-
-	actual, err := client.UpdateDLPPayloadLogSettings(context.Background(), AccountIdentifier(testAccountID), DLPPayloadLogSettings{
-		PublicKey: "3NP5MGKjzBLLceVxNZrF+LyithbWX+AVFBMRAA0Xl2A=",
-	})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
diff --git a/pkg/cloudflare-go/dlp_profile.go b/pkg/cloudflare-go/dlp_profile.go
deleted file mode 100644
index 25e78e9c44..0000000000
--- a/pkg/cloudflare-go/dlp_profile.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingProfileID = errors.New("missing required profile ID")
-)
-
-// DLPPattern represents a DLP Pattern that matches an entry.
-type DLPPattern struct {
-	Regex      string `json:"regex,omitempty"`
-	Validation string `json:"validation,omitempty"`
-}
-
-// DLPEntry represents a DLP Entry, which can be matched in HTTP bodies or files.
-type DLPEntry struct {
-	ID        string `json:"id,omitempty"`
-	Name      string `json:"name,omitempty"`
-	ProfileID string `json:"profile_id,omitempty"`
-	Enabled   *bool  `json:"enabled,omitempty"`
-	Type      string `json:"type,omitempty"`
-
-	// The following fields are only present for custom entries.
-
-	Pattern   *DLPPattern `json:"pattern,omitempty"`
-	CreatedAt *time.Time  `json:"created_at,omitempty"`
-	UpdatedAt *time.Time  `json:"updated_at,omitempty"`
-}
-
-// Content types to exclude from context analysis and return all matches.
-type DLPContextAwarenessSkip struct {
-	// Return all matches, regardless of context analysis result, if the data is a file.
-	Files *bool `json:"files,omitempty"`
-}
-
-// Scan the context of predefined entries to only return matches surrounded by keywords.
-type DLPContextAwareness struct {
-	Enabled *bool                   `json:"enabled,omitempty"`
-	Skip    DLPContextAwarenessSkip `json:"skip"`
-}
-
-// DLPProfile represents a DLP Profile, which contains a set
-// of entries.
-type DLPProfile struct {
-	ID                string `json:"id,omitempty"`
-	Name              string `json:"name,omitempty"`
-	Type              string `json:"type,omitempty"`
-	Description       string `json:"description,omitempty"`
-	AllowedMatchCount int    `json:"allowed_match_count"`
-	OCREnabled        *bool  `json:"ocr_enabled,omitempty"`
-
-	ContextAwareness *DLPContextAwareness `json:"context_awareness,omitempty"`
-
-	// The following fields are omitted for predefined DLP
-	// profiles.
-	Entries   []DLPEntry `json:"entries,omitempty"`
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
-}
-
-// DLPProfilesCreateRequest represents a request to create a
-// set of profiles.
-type DLPProfilesCreateRequest struct {
-	Profiles []DLPProfile `json:"profiles"`
-}
-
-// DLPProfileListResponse represents the response from the list
-// dlp profiles endpoint.
-type DLPProfileListResponse struct {
-	Result []DLPProfile `json:"result"`
-	Response
-}
-
-// DLPProfileResponse is the API response, containing a single
-// access application.
-type DLPProfileResponse struct {
-	Success  bool       `json:"success"`
-	Errors   []string   `json:"errors"`
-	Messages []string   `json:"messages"`
-	Result   DLPProfile `json:"result"`
-}
-
-type ListDLPProfilesParams struct{}
-
-type CreateDLPProfilesParams struct {
-	Profiles []DLPProfile `json:"profiles"`
-	Type     string
-}
-
-type UpdateDLPProfileParams struct {
-	ProfileID string
-	Profile   DLPProfile
-	Type      string
-}
-
-// ListDLPProfiles returns all DLP profiles within an account.
-//
-// API reference: https://api.cloudflare.com/#dlp-profiles-list-all-profiles
-func (api *API) ListDLPProfiles(ctx context.Context, rc *ResourceContainer, params ListDLPProfilesParams) ([]DLPProfile, error) {
-	if rc.Identifier == "" {
-		return []DLPProfile{}, ErrMissingResourceIdentifier
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles", rc.Level, rc.Identifier), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DLPProfile{}, err
-	}
-
-	var dlpProfilesListResponse DLPProfileListResponse
-	err = json.Unmarshal(res, &dlpProfilesListResponse)
-	if err != nil {
-		return []DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpProfilesListResponse.Result, nil
-}
-
-// GetDLPProfile returns a single DLP profile (custom or predefined) based on
-// the profile ID.
-//
-// API reference: https://api.cloudflare.com/#dlp-profiles-get-dlp-profile
-func (api *API) GetDLPProfile(ctx context.Context, rc *ResourceContainer, profileID string) (DLPProfile, error) {
-	if rc.Identifier == "" {
-		return DLPProfile{}, ErrMissingResourceIdentifier
-	}
-
-	if profileID == "" {
-		return DLPProfile{}, ErrMissingProfileID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s", rc.Level, rc.Identifier, profileID), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DLPProfile{}, err
-	}
-
-	var dlpProfileResponse DLPProfileResponse
-	err = json.Unmarshal(res, &dlpProfileResponse)
-	if err != nil {
-		return DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpProfileResponse.Result, nil
-}
-
-// CreateDLPProfiles creates a set of DLP Profile.
-//
-// API reference: https://api.cloudflare.com/#dlp-profiles-create-custom-profiles
-func (api *API) CreateDLPProfiles(ctx context.Context, rc *ResourceContainer, params CreateDLPProfilesParams) ([]DLPProfile, error) {
-	if rc.Identifier == "" {
-		return []DLPProfile{}, ErrMissingResourceIdentifier
-	}
-
-	if params.Type == "" || params.Type != "custom" {
-		return []DLPProfile{}, fmt.Errorf("unsupported DLP profile type: %q", params.Type)
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s", rc.Level, rc.Identifier, params.Type), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return []DLPProfile{}, err
-	}
-
-	var dLPCustomProfilesResponse DLPProfileListResponse
-	err = json.Unmarshal(res, &dLPCustomProfilesResponse)
-	if err != nil {
-		return []DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dLPCustomProfilesResponse.Result, nil
-}
-
-// DeleteDLPProfile deletes a DLP profile. Only custom profiles can be deleted.
-//
-// API reference: https://api.cloudflare.com/#dlp-profiles-delete-custom-profile
-func (api *API) DeleteDLPProfile(ctx context.Context, rc *ResourceContainer, profileID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingResourceIdentifier
-	}
-
-	if profileID == "" {
-		return ErrMissingProfileID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/custom/%s", rc.Level, rc.Identifier, profileID), nil)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	return err
-}
-
-// UpdateDLPProfile updates a DLP profile.
-//
-// API reference: https://api.cloudflare.com/#dlp-profiles-update-custom-profile
-// API reference: https://api.cloudflare.com/#dlp-profiles-update-predefined-profile
-func (api *API) UpdateDLPProfile(ctx context.Context, rc *ResourceContainer, params UpdateDLPProfileParams) (DLPProfile, error) {
-	if rc.Identifier == "" {
-		return DLPProfile{}, ErrMissingResourceIdentifier
-	}
-
-	if params.Type == "" {
-		params.Type = "custom"
-	}
-
-	if params.ProfileID == "" {
-		return DLPProfile{}, ErrMissingProfileID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/dlp/profiles/%s/%s", rc.Level, rc.Identifier, params.Type, params.ProfileID), nil)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Profile)
-	if err != nil {
-		return DLPProfile{}, err
-	}
-
-	var dlpProfileResponse DLPProfileResponse
-	err = json.Unmarshal(res, &dlpProfileResponse)
-	if err != nil {
-		return DLPProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return dlpProfileResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/dlp_profile_test.go b/pkg/cloudflare-go/dlp_profile_test.go
deleted file mode 100644
index 3345c3dd35..0000000000
--- a/pkg/cloudflare-go/dlp_profile_test.go
+++ /dev/null
@@ -1,636 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestDLPProfiles(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
-					"name": "U.S. Social Security Numbers",
-					"entries": [
-						{
-							"id": "111b9d4b-a5c6-40f0-957d-9d53b25dd84a",
-							"name": "SSN Numeric Detection",
-							"profile_id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
-							"enabled": false,
-							"type": "predefined"
-						},
-						{
-							"id": "aec08712-ee49-4109-9d9f-3b229c5b3dcd",
-							"name": "SSN Text",
-							"profile_id": "d658f520-6ecb-4a34-a725-ba37243c2d28",
-							"enabled": false,
-							"type": "predefined"
-						}
-					],
-					"type": "predefined",
-					"allowed_match_count": 0,
-					"context_awareness": {
-						"enabled": true,
-						"skip": {
-							"files": true
-						}
-					},
-					"ocr_enabled": false
-				},
-				{
-					"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-					"name": "Example Custom Profile",
-					"entries": [
-						{
-							"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-							"name": "matches credit card regex",
-							"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-							"created_at": "2022-10-18T08:00:56Z",
-							"updated_at": "2022-10-18T08:00:57Z",
-							"pattern": {
-								"regex": "^4[0-9]$",
-								"validation": "luhn"
-							},
-							"enabled": true,
-							"type": "custom"
-						}
-					],
-					"created_at": "2022-10-18T08:00:56Z",
-					"updated_at": "2022-10-18T08:00:57Z",
-					"type": "custom",
-					"description": "just a custom profile example",
-					"allowed_match_count": 1,
-					"ocr_enabled": true 
-				}
-			]
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
-
-	want := []DLPProfile{
-		{
-			ID:                "d658f520-6ecb-4a34-a725-ba37243c2d28",
-			Name:              "U.S. Social Security Numbers",
-			Type:              "predefined",
-			Description:       "",
-			AllowedMatchCount: 0,
-			ContextAwareness: &DLPContextAwareness{
-				Enabled: BoolPtr(true),
-				Skip: DLPContextAwarenessSkip{
-					Files: BoolPtr(true),
-				},
-			},
-			OCREnabled: BoolPtr(false),
-			Entries: []DLPEntry{
-				{
-					ID:        "111b9d4b-a5c6-40f0-957d-9d53b25dd84a",
-					Name:      "SSN Numeric Detection",
-					ProfileID: "d658f520-6ecb-4a34-a725-ba37243c2d28",
-					Type:      "predefined",
-					Enabled:   BoolPtr(false),
-				},
-				{
-					ID:   "aec08712-ee49-4109-9d9f-3b229c5b3dcd",
-					Name: "SSN Text", ProfileID: "d658f520-6ecb-4a34-a725-ba37243c2d28",
-					Type:    "predefined",
-					Enabled: BoolPtr(false),
-				},
-			},
-		},
-		{
-			ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
-			Name:              "Example Custom Profile",
-			Type:              "custom",
-			Description:       "just a custom profile example",
-			AllowedMatchCount: 1,
-			// Omit ContextAwareness to test ContextAwareness optionality
-			OCREnabled: BoolPtr(true),
-			Entries: []DLPEntry{
-				{
-					ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-					Name:      "matches credit card regex",
-					ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-					Enabled:   BoolPtr(true),
-					Type:      "custom",
-					Pattern: &DLPPattern{
-						Regex:      "^4[0-9]$",
-						Validation: "luhn",
-					},
-					CreatedAt: &createdAt,
-					UpdatedAt: &updatedAt,
-				},
-			},
-			CreatedAt: &createdAt,
-			UpdatedAt: &updatedAt,
-		}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles", handler)
-
-	actual, err := client.ListDLPProfiles(context.Background(), AccountIdentifier(testAccountID), ListDLPProfilesParams{})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestGetDLPProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-				"name": "Example Custom Profile",
-				"entries": [
-					{
-						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-						"name": "matches credit card regex",
-						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-						"created_at": "2022-10-18T08:00:56Z",
-						"updated_at": "2022-10-18T08:00:57Z",
-						"pattern": {
-							"regex": "^4[0-9]$",
-							"validation": "luhn"
-						},
-						"enabled": true,
-						"type": "custom"
-					}
-				],
-				"created_at": "2022-10-18T08:00:56Z",
-				"updated_at": "2022-10-18T08:00:57Z",
-				"type": "custom",
-				"description": "just a custom profile example",
-				"allowed_match_count": 42,
-				"context_awareness": {
-					"enabled": false,
-					"skip": {
-						"files": false
-					}
-				}
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
-
-	want := DLPProfile{
-		ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Name:              "Example Custom Profile",
-		Type:              "custom",
-		Description:       "just a custom profile example",
-		AllowedMatchCount: 42,
-		ContextAwareness: &DLPContextAwareness{
-			Enabled: BoolPtr(false),
-			Skip: DLPContextAwarenessSkip{
-				Files: BoolPtr(false),
-			},
-		},
-		Entries: []DLPEntry{
-			{
-				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-				Name:      "matches credit card regex",
-				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-				Enabled:   BoolPtr(true),
-				Pattern: &DLPPattern{
-					Regex:      "^4[0-9]$",
-					Validation: "luhn",
-				},
-				Type:      "custom",
-				CreatedAt: &createdAt,
-				UpdatedAt: &updatedAt,
-			},
-		},
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
-
-	actual, err := client.GetDLPProfile(context.Background(), AccountIdentifier(testAccountID), "29678c26-a191-428d-9f63-6e20a4a636a4")
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestCreateDLPCustomProfiles(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var reqBody DLPProfilesCreateRequest
-		err := json.NewDecoder(r.Body).Decode(&reqBody)
-		require.Nil(t, err)
-		requestProfile := reqBody.Profiles[0]
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [{
-				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-				"name": "`+requestProfile.Name+`",
-				"entries": [
-					{
-						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-						"name": "`+requestProfile.Entries[0].Name+`",
-						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-						"created_at": "2022-10-18T08:00:56Z",
-						"updated_at": "2022-10-18T08:00:57Z",
-						"pattern": {
-							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
-							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
-						},
-						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
-						"type": "custom"
-					}
-				],
-				"created_at": "2022-10-18T08:00:56Z",
-				"updated_at": "2022-10-18T08:00:57Z",
-				"type": "custom",
-				"description": "`+requestProfile.Description+`",
-				"allowed_match_count": 0,
-				"ocr_enabled": true
-			}]
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
-
-	want := []DLPProfile{
-		{
-			ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
-			Name:        "Example Custom Profile",
-			Type:        "custom",
-			Description: "just a custom profile example",
-			Entries: []DLPEntry{
-				{
-					ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-					Name:      "matches credit card regex",
-					ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-					Enabled:   BoolPtr(true),
-					Type:      "custom",
-					Pattern: &DLPPattern{
-						Regex:      "^4[0-9]$",
-						Validation: "luhn",
-					},
-					CreatedAt: &createdAt,
-					UpdatedAt: &updatedAt,
-				},
-			},
-			CreatedAt:         &createdAt,
-			UpdatedAt:         &updatedAt,
-			AllowedMatchCount: 0,
-			OCREnabled:        BoolPtr(true),
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom", handler)
-
-	profiles := []DLPProfile{
-		{
-			Name:        "Example Custom Profile",
-			Description: "just a custom profile example",
-			Type:        "custom",
-			Entries: []DLPEntry{
-				{
-					Name:    "matches credit card regex",
-					Enabled: BoolPtr(true),
-					Pattern: &DLPPattern{
-						Regex:      "^4[0-9]$",
-						Validation: "luhn",
-					},
-				},
-			},
-			AllowedMatchCount: 0,
-		},
-	}
-	actual, err := client.CreateDLPProfiles(context.Background(), AccountIdentifier(testAccountID), CreateDLPProfilesParams{Profiles: profiles, Type: "custom"})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestCreateDLPCustomProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var reqBody DLPProfilesCreateRequest
-		err := json.NewDecoder(r.Body).Decode(&reqBody)
-		require.Nil(t, err)
-		requestProfile := reqBody.Profiles[0]
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [{
-				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-				"name": "`+requestProfile.Name+`",
-				"entries": [
-					{
-						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-						"name": "`+requestProfile.Entries[0].Name+`",
-						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-						"created_at": "2022-10-18T08:00:56Z",
-						"updated_at": "2022-10-18T08:00:57Z",
-						"pattern": {
-							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
-							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
-						},
-						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
-						"type": "custom"
-					}
-				],
-				"created_at": "2022-10-18T08:00:56Z",
-				"updated_at": "2022-10-18T08:00:57Z",
-				"type": "custom",
-				"description": "`+requestProfile.Description+`",
-				"allowed_match_count": 0
-			}]
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
-
-	want := []DLPProfile{{
-
-		ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Name:        "Example Custom Profile",
-		Type:        "custom",
-		Description: "just a custom profile example",
-		Entries: []DLPEntry{
-			{
-				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-				Name:      "matches credit card regex",
-				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-				Type:      "custom",
-				Enabled:   BoolPtr(true),
-				Pattern: &DLPPattern{
-					Regex:      "^4[0-9]$",
-					Validation: "luhn",
-				},
-				CreatedAt: &createdAt,
-				UpdatedAt: &updatedAt,
-			},
-		},
-		CreatedAt:         &createdAt,
-		UpdatedAt:         &updatedAt,
-		AllowedMatchCount: 0,
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom", handler)
-
-	profiles := []DLPProfile{{
-		Name:        "Example Custom Profile",
-		Description: "just a custom profile example",
-		Entries: []DLPEntry{
-			{
-				Name:    "matches credit card regex",
-				Enabled: BoolPtr(true),
-				Pattern: &DLPPattern{
-					Regex:      "^4[0-9]$",
-					Validation: "luhn",
-				},
-			},
-		},
-		AllowedMatchCount: 0,
-	}}
-
-	actual, err := client.CreateDLPProfiles(context.Background(), AccountIdentifier(testAccountID), CreateDLPProfilesParams{
-		Profiles: profiles,
-		Type:     "custom",
-	})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestUpdateDLPCustomProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var requestProfile DLPProfile
-		err := json.NewDecoder(r.Body).Decode(&requestProfile)
-		require.Nil(t, err)
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-				"name": "`+requestProfile.Name+`",
-				"entries": [
-					{
-						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-						"name": "`+requestProfile.Entries[0].Name+`",
-						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-						"created_at": "2022-10-18T08:00:56Z",
-						"updated_at": "2022-10-18T08:00:57Z",
-						"pattern": {
-							"regex": "`+requestProfile.Entries[0].Pattern.Regex+`",
-							"validation": "`+requestProfile.Entries[0].Pattern.Validation+`"
-						},
-						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
-						"type": "custom"
-					}
-				],
-				"created_at": "2022-10-18T08:00:56Z",
-				"updated_at": "2022-10-18T08:00:57Z",
-				"type": "custom",
-				"description": "`+requestProfile.Description+`",
-				"allowed_match_count": 0
-			}
-		}`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:56Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2022-10-18T08:00:57Z")
-
-	want := DLPProfile{
-
-		ID:          "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Name:        "Example Custom Profile",
-		Type:        "custom",
-		Description: "just a custom profile example",
-		Entries: []DLPEntry{
-			{
-				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-				Name:      "matches credit card regex",
-				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-				Enabled:   BoolPtr(true),
-				Type:      "custom",
-				Pattern: &DLPPattern{
-					Regex:      "^4[0-9]$",
-					Validation: "luhn",
-				},
-				CreatedAt: &createdAt,
-				UpdatedAt: &updatedAt,
-			},
-		},
-		CreatedAt:         &createdAt,
-		UpdatedAt:         &updatedAt,
-		AllowedMatchCount: 0,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
-
-	customProfile := DLPProfile{
-		Name:        "Example Custom Profile",
-		Description: "just a custom profile example",
-		Entries: []DLPEntry{
-			{
-				Name:    "matches credit card regex",
-				Enabled: BoolPtr(true),
-				Pattern: &DLPPattern{
-					Regex:      "^4[0-9]$",
-					Validation: "luhn",
-				},
-			},
-		},
-		AllowedMatchCount: 0,
-	}
-	actual, err := client.UpdateDLPProfile(context.Background(), AccountIdentifier(testAccountID), UpdateDLPProfileParams{
-		ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Type:      "custom",
-		Profile:   customProfile,
-	})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestUpdateDLPPredefinedProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var requestProfile DLPProfile
-		err := json.NewDecoder(r.Body).Decode(&requestProfile)
-		require.Nil(t, err)
-
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-				"name": "Example predefined profile",
-				"entries": [
-					{
-						"id": "ef79b054-12d4-4067-bb30-b85f6267b91c",
-						"name": "Example predefined entry",
-						"profile_id": "29678c26-a191-428d-9f63-6e20a4a636a4",
-						"enabled": `+fmt.Sprintf("%t", Bool(requestProfile.Entries[0].Enabled))+`,
-						"type": "predefined"
-					}
-				],
-				"type": "predefined",
-				"description": "example predefined profile",
-				"allowed_match_count": 0,
-				"context_awareness": {
-					"enabled": true,
-					"skip": {
-						"files": true
-					}
-				}
-			}
-		}`)
-	}
-
-	want := DLPProfile{
-		ID:                "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Name:              "Example predefined profile",
-		Type:              "predefined",
-		Description:       "example predefined profile",
-		AllowedMatchCount: 0,
-		ContextAwareness: &DLPContextAwareness{
-			Enabled: BoolPtr(true),
-			Skip: DLPContextAwarenessSkip{
-				Files: BoolPtr(true),
-			},
-		},
-		Entries: []DLPEntry{
-			{
-				ID:        "ef79b054-12d4-4067-bb30-b85f6267b91c",
-				Name:      "Example predefined entry",
-				ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-				Type:      "predefined",
-				Enabled:   BoolPtr(true),
-			},
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/predefined/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
-
-	actual, err := client.UpdateDLPProfile(context.Background(), AccountIdentifier(testAccountID), UpdateDLPProfileParams{
-		ProfileID: "29678c26-a191-428d-9f63-6e20a4a636a4",
-		Type:      "predefined",
-		Profile: DLPProfile{
-			Entries: []DLPEntry{
-				{
-					ID:      "29678c26-a191-428d-9f63-6e20a4a636a4",
-					Enabled: BoolPtr(true),
-				},
-			},
-		}})
-	require.NoError(t, err)
-	require.Equal(t, want, actual)
-}
-
-func TestDeleteDLPCustomProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dlp/profiles/custom/29678c26-a191-428d-9f63-6e20a4a636a4", handler)
-
-	err := client.DeleteDLPProfile(context.Background(), AccountIdentifier(testAccountID), "29678c26-a191-428d-9f63-6e20a4a636a4")
-	require.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/dns.go b/pkg/cloudflare-go/dns.go
deleted file mode 100644
index 14dbe2d4b3..0000000000
--- a/pkg/cloudflare-go/dns.go
+++ /dev/null
@@ -1,423 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"regexp"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-	"golang.org/x/net/idna"
-)
-
-// ErrMissingBINDContents is for when the BIND file contents is required but not set.
-var ErrMissingBINDContents = errors.New("required BIND config contents missing")
-
-// DNSRecord represents a DNS record in a zone.
-type DNSRecord struct {
-	CreatedOn  time.Time   `json:"created_on,omitempty"`
-	ModifiedOn time.Time   `json:"modified_on,omitempty"`
-	Type       string      `json:"type,omitempty"`
-	Name       string      `json:"name,omitempty"`
-	Content    string      `json:"content,omitempty"`
-	Meta       interface{} `json:"meta,omitempty"`
-	Data       interface{} `json:"data,omitempty"` // data returned by: SRV, LOC
-	ID         string      `json:"id,omitempty"`
-	ZoneID     string      `json:"zone_id,omitempty"`
-	ZoneName   string      `json:"zone_name,omitempty"`
-	Priority   *uint16     `json:"priority,omitempty"`
-	TTL        int         `json:"ttl,omitempty"`
-	Proxied    *bool       `json:"proxied,omitempty"`
-	Proxiable  bool        `json:"proxiable,omitempty"`
-	Comment    string      `json:"comment,omitempty"` // the server will omit the comment field when the comment is empty
-	Tags       []string    `json:"tags,omitempty"`
-}
-
-// DNSRecordResponse represents the response from the DNS endpoint.
-type DNSRecordResponse struct {
-	Result DNSRecord `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type ListDirection string
-
-const (
-	ListDirectionAsc  ListDirection = "asc"
-	ListDirectionDesc ListDirection = "desc"
-)
-
-type ListDNSRecordsParams struct {
-	Type      string        `url:"type,omitempty"`
-	Name      string        `url:"name,omitempty"`
-	Content   string        `url:"content,omitempty"`
-	Proxied   *bool         `url:"proxied,omitempty"`
-	Comment   string        `url:"comment,omitempty"` // currently, the server does not support searching for records with an empty comment
-	Tags      []string      `url:"tag,omitempty"`     // potentially multiple `tag=`
-	TagMatch  string        `url:"tag-match,omitempty"`
-	Order     string        `url:"order,omitempty"`
-	Direction ListDirection `url:"direction,omitempty"`
-	Match     string        `url:"match,omitempty"`
-	Priority  *uint16       `url:"-"`
-
-	ResultInfo
-}
-
-type UpdateDNSRecordParams struct {
-	Type     string      `json:"type,omitempty"`
-	Name     string      `json:"name,omitempty"`
-	Content  string      `json:"content,omitempty"`
-	Data     interface{} `json:"data,omitempty"` // data for: SRV, LOC
-	ID       string      `json:"-"`
-	Priority *uint16     `json:"priority,omitempty"`
-	TTL      int         `json:"ttl,omitempty"`
-	Proxied  *bool       `json:"proxied,omitempty"`
-	Comment  *string     `json:"comment,omitempty"` // nil will keep the current comment, while StringPtr("") will empty it
-	Tags     []string    `json:"tags"`
-}
-
-// DNSListResponse represents the response from the list DNS records endpoint.
-type DNSListResponse struct {
-	Result []DNSRecord `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// listDNSRecordsDefaultPageSize represents the default per_page size of the API.
-var listDNSRecordsDefaultPageSize int = 100
-
-// nontransitionalLookup implements the nontransitional processing as specified in
-// Unicode Technical Standard 46 with almost all checkings off to maximize user freedom.
-var nontransitionalLookup = idna.New(
-	idna.MapForLookup(),
-	idna.StrictDomainName(false),
-	idna.ValidateLabels(false),
-)
-
-// toUTS46ASCII tries to convert IDNs (international domain names)
-// from Unicode form to Punycode, using non-transitional process specified
-// in UTS 46.
-//
-// Note: conversion errors are silently discarded and partial conversion
-// results are used.
-func toUTS46ASCII(name string) string {
-	name, _ = nontransitionalLookup.ToASCII(name)
-	return name
-}
-
-// proxiedRecordsRe is the regular expression for determining if a DNS record
-// is proxied or not.
-var proxiedRecordsRe = regexp.MustCompile(`(?m)^.*\.\s+1\s+IN\s+CNAME.*$`)
-
-// proxiedRecordImportTemplate is the multipart template for importing *only*
-// proxied records. See `nonProxiedRecordImportTemplate` for importing records
-// that are not proxied.
-var proxiedRecordImportTemplate = `--------------------------BOUNDARY
-Content-Disposition: form-data; name="file"; filename="bind.txt"
-
-%s
---------------------------BOUNDARY
-Content-Disposition: form-data; name="proxied"
-
-true
---------------------------BOUNDARY--`
-
-// nonProxiedRecordImportTemplate is the multipart template for importing DNS
-// records that are not proxed. For importing proxied records, use
-// `proxiedRecordImportTemplate`.
-var nonProxiedRecordImportTemplate = `--------------------------BOUNDARY
-Content-Disposition: form-data; name="file"; filename="bind.txt"
-
-%s
---------------------------BOUNDARY--`
-
-// sanitiseBINDFileInput accepts the BIND file as a string and removes parts
-// that are not required for importing or would break the import (like SOA
-// records).
-func sanitiseBINDFileInput(s string) string {
-	// Remove SOA records.
-	soaRe := regexp.MustCompile(`(?m)[\r\n]+^.*IN\s+SOA.*$`)
-	s = soaRe.ReplaceAllString(s, "")
-
-	// Remove all comments.
-	commentRe := regexp.MustCompile(`(?m)[\r\n]+^.*;;.*$`)
-	s = commentRe.ReplaceAllString(s, "")
-
-	// Swap all the tabs to spaces.
-	r := strings.NewReplacer(
-		"\t", " ",
-		"\n\n", "\n",
-	)
-	s = r.Replace(s)
-	s = strings.TrimSpace(s)
-
-	return s
-}
-
-// extractProxiedRecords accepts a BIND file (as a string) and returns only the
-// proxied DNS records.
-func extractProxiedRecords(s string) string {
-	proxiedOnlyRecords := proxiedRecordsRe.FindAllString(s, -1)
-	return strings.Join(proxiedOnlyRecords, "\n")
-}
-
-// removeProxiedRecords accepts a BIND file (as a string) and returns the file
-// contents without any proxied records included.
-func removeProxiedRecords(s string) string {
-	return proxiedRecordsRe.ReplaceAllString(s, "")
-}
-
-type ExportDNSRecordsParams struct{}
-type ImportDNSRecordsParams struct {
-	BINDContents string
-}
-
-type CreateDNSRecordParams struct {
-	CreatedOn  time.Time   `json:"created_on,omitempty" url:"created_on,omitempty"`
-	ModifiedOn time.Time   `json:"modified_on,omitempty" url:"modified_on,omitempty"`
-	Type       string      `json:"type,omitempty" url:"type,omitempty"`
-	Name       string      `json:"name,omitempty" url:"name,omitempty"`
-	Content    string      `json:"content,omitempty" url:"content,omitempty"`
-	Meta       interface{} `json:"meta,omitempty"`
-	Data       interface{} `json:"data,omitempty"` // data returned by: SRV, LOC
-	ID         string      `json:"id,omitempty"`
-	ZoneID     string      `json:"zone_id,omitempty"`
-	ZoneName   string      `json:"zone_name,omitempty"`
-	Priority   *uint16     `json:"priority,omitempty"`
-	TTL        int         `json:"ttl,omitempty"`
-	Proxied    *bool       `json:"proxied,omitempty" url:"proxied,omitempty"`
-	Proxiable  bool        `json:"proxiable,omitempty"`
-	Comment    string      `json:"comment,omitempty" url:"comment,omitempty"` // to the server, there's no difference between "no comment" and "empty comment"
-	Tags       []string    `json:"tags,omitempty"`
-}
-
-// CreateDNSRecord creates a DNS record for the zone identifier.
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-create-dns-record
-func (api *API) CreateDNSRecord(ctx context.Context, rc *ResourceContainer, params CreateDNSRecordParams) (DNSRecord, error) {
-	if rc.Identifier == "" {
-		return DNSRecord{}, ErrMissingZoneID
-	}
-	params.Name = toUTS46ASCII(params.Name)
-
-	uri := fmt.Sprintf("/zones/%s/dns_records", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return DNSRecord{}, err
-	}
-
-	var recordResp *DNSRecordResponse
-	err = json.Unmarshal(res, &recordResp)
-	if err != nil {
-		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return recordResp.Result, nil
-}
-
-// ListDNSRecords returns a slice of DNS records for the given zone identifier.
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-list-dns-records
-func (api *API) ListDNSRecords(ctx context.Context, rc *ResourceContainer, params ListDNSRecordsParams) ([]DNSRecord, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return nil, nil, ErrMissingZoneID
-	}
-
-	params.Name = toUTS46ASCII(params.Name)
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = listDNSRecordsDefaultPageSize
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var records []DNSRecord
-	var lastResultInfo ResultInfo
-
-	for {
-		uri := buildURI(fmt.Sprintf("/zones/%s/dns_records", rc.Identifier), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []DNSRecord{}, &ResultInfo{}, err
-		}
-		var listResponse DNSListResponse
-		err = json.Unmarshal(res, &listResponse)
-		if err != nil {
-			return []DNSRecord{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		records = append(records, listResponse.Result...)
-		lastResultInfo = listResponse.ResultInfo
-		params.ResultInfo = listResponse.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return records, &lastResultInfo, nil
-}
-
-// ErrMissingDNSRecordID is for when DNS record ID is needed but not given.
-var ErrMissingDNSRecordID = errors.New("required DNS record ID missing")
-
-// GetDNSRecord returns a single DNS record for the given zone & record
-// identifiers.
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-dns-record-details
-func (api *API) GetDNSRecord(ctx context.Context, rc *ResourceContainer, recordID string) (DNSRecord, error) {
-	if rc.Identifier == "" {
-		return DNSRecord{}, ErrMissingZoneID
-	}
-	if recordID == "" {
-		return DNSRecord{}, ErrMissingDNSRecordID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, recordID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DNSRecord{}, err
-	}
-	var r DNSRecordResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateDNSRecord updates a single DNS record for the given zone & record
-// identifiers.
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-update-dns-record
-func (api *API) UpdateDNSRecord(ctx context.Context, rc *ResourceContainer, params UpdateDNSRecordParams) (DNSRecord, error) {
-	if rc.Identifier == "" {
-		return DNSRecord{}, ErrMissingZoneID
-	}
-
-	if params.ID == "" {
-		return DNSRecord{}, ErrMissingDNSRecordID
-	}
-
-	params.Name = toUTS46ASCII(params.Name)
-
-	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return DNSRecord{}, err
-	}
-
-	var recordResp *DNSRecordResponse
-	err = json.Unmarshal(res, &recordResp)
-	if err != nil {
-		return DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return recordResp.Result, nil
-}
-
-// DeleteDNSRecord deletes a single DNS record for the given zone & record
-// identifiers.
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-delete-dns-record
-func (api *API) DeleteDNSRecord(ctx context.Context, rc *ResourceContainer, recordID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingZoneID
-	}
-	if recordID == "" {
-		return ErrMissingDNSRecordID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/dns_records/%s", rc.Identifier, recordID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r DNSRecordResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// ExportDNSRecords returns all DNS records for a zone in the BIND format.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-export-dns-records
-func (api *API) ExportDNSRecords(ctx context.Context, rc *ResourceContainer, params ExportDNSRecordsParams) (string, error) {
-	if rc.Level != ZoneRouteLevel {
-		return "", ErrRequiredZoneLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return "", ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/dns_records/export", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return "", err
-	}
-
-	return string(res), nil
-}
-
-// ImportDNSRecords takes the contents of a BIND configuration file and imports
-// all records at once.
-//
-// The current state of the API doesn't allow the proxying field to be
-// automatically set on records where the TTL is 1. Instead you need to
-// explicitly tell the endpoint which records are proxied in the form data. To
-// achieve a simpler abstraction, we do the legwork in the method of making the
-// two separate API calls (one for proxied and one for non-proxied) instead of
-// making the end user know about this detail.
-//
-// API reference: https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-import-dns-records
-func (api *API) ImportDNSRecords(ctx context.Context, rc *ResourceContainer, params ImportDNSRecordsParams) error {
-	if rc.Level != ZoneRouteLevel {
-		return ErrRequiredZoneLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ErrMissingZoneID
-	}
-
-	if params.BINDContents == "" {
-		return ErrMissingBINDContents
-	}
-
-	sanitisedBindData := sanitiseBINDFileInput(params.BINDContents)
-	nonProxiedRecords := removeProxiedRecords(sanitisedBindData)
-	proxiedOnlyRecords := extractProxiedRecords(sanitisedBindData)
-
-	nonProxiedRecordPayload := []byte(fmt.Sprintf(nonProxiedRecordImportTemplate, nonProxiedRecords))
-	nonProxiedReqBody := bytes.NewReader(nonProxiedRecordPayload)
-
-	uri := fmt.Sprintf("/zones/%s/dns_records/import", rc.Identifier)
-	multipartUploadHeaders := http.Header{
-		"Content-Type": {"multipart/form-data; boundary=------------------------BOUNDARY"},
-	}
-
-	_, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, nonProxiedReqBody, multipartUploadHeaders)
-	if err != nil {
-		return err
-	}
-
-	proxiedRecordPayload := []byte(fmt.Sprintf(proxiedRecordImportTemplate, proxiedOnlyRecords))
-	proxiedReqBody := bytes.NewReader(proxiedRecordPayload)
-
-	_, err = api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, proxiedReqBody, multipartUploadHeaders)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/dns_example_test.go b/pkg/cloudflare-go/dns_example_test.go
deleted file mode 100644
index e864a16fea..0000000000
--- a/pkg/cloudflare-go/dns_example_test.go
+++ /dev/null
@@ -1,94 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	"github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListDNSRecords_all() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch all records for a zone
-	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range recs {
-		fmt.Printf("%s: %s\n", r.Name, r.Content)
-	}
-}
-
-func ExampleAPI_ListDNSRecords_filterByContent() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Content: "198.51.100.1"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range recs {
-		fmt.Printf("%s: %s\n", r.Name, r.Content)
-	}
-}
-
-func ExampleAPI_ListDNSRecords_filterByName() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Name: "foo.example.com"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range recs {
-		fmt.Printf("%s: %s\n", r.Name, r.Content)
-	}
-}
-
-func ExampleAPI_ListDNSRecords_filterByType() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	recs, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{Type: "AAAA"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range recs {
-		fmt.Printf("%s: %s\n", r.Name, r.Content)
-	}
-}
diff --git a/pkg/cloudflare-go/dns_firewall.go b/pkg/cloudflare-go/dns_firewall.go
deleted file mode 100644
index 090b24c98a..0000000000
--- a/pkg/cloudflare-go/dns_firewall.go
+++ /dev/null
@@ -1,220 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingClusterID = errors.New("missing required cluster ID")
-
-// DNSFirewallCluster represents a DNS Firewall configuration.
-type DNSFirewallCluster struct {
-	ID                   string   `json:"id,omitempty"`
-	Name                 string   `json:"name"`
-	UpstreamIPs          []string `json:"upstream_ips"`
-	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
-	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
-	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
-	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
-	ModifiedOn           string   `json:"modified_on,omitempty"`
-}
-
-// DNSFirewallAnalyticsMetrics represents a group of aggregated DNS Firewall metrics.
-type DNSFirewallAnalyticsMetrics struct {
-	QueryCount         *int64   `json:"queryCount"`
-	UncachedCount      *int64   `json:"uncachedCount"`
-	StaleCount         *int64   `json:"staleCount"`
-	ResponseTimeAvg    *float64 `json:"responseTimeAvg"`
-	ResponseTimeMedian *float64 `json:"responseTimeMedian"`
-	ResponseTime90th   *float64 `json:"responseTime90th"`
-	ResponseTime99th   *float64 `json:"responseTime99th"`
-}
-
-// DNSFirewallAnalytics represents a set of aggregated DNS Firewall metrics.
-// TODO: Add the queried data and not only the aggregated values.
-type DNSFirewallAnalytics struct {
-	Totals DNSFirewallAnalyticsMetrics `json:"totals"`
-	Min    DNSFirewallAnalyticsMetrics `json:"min"`
-	Max    DNSFirewallAnalyticsMetrics `json:"max"`
-}
-
-// DNSFirewallUserAnalyticsOptions represents range and dimension selection on analytics endpoint.
-type DNSFirewallUserAnalyticsOptions struct {
-	Metrics []string   `url:"metrics,omitempty" del:","`
-	Since   *time.Time `url:"since,omitempty"`
-	Until   *time.Time `url:"until,omitempty"`
-}
-
-// dnsFirewallResponse represents a DNS Firewall response.
-type dnsFirewallResponse struct {
-	Response
-	Result *DNSFirewallCluster `json:"result"`
-}
-
-// dnsFirewallListResponse represents an array of DNS Firewall responses.
-type dnsFirewallListResponse struct {
-	Response
-	Result []*DNSFirewallCluster `json:"result"`
-}
-
-// dnsFirewallAnalyticsResponse represents a DNS Firewall analytics response.
-type dnsFirewallAnalyticsResponse struct {
-	Response
-	Result DNSFirewallAnalytics `json:"result"`
-}
-
-type CreateDNSFirewallClusterParams struct {
-	Name                 string   `json:"name"`
-	UpstreamIPs          []string `json:"upstream_ips"`
-	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
-	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
-	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
-	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
-}
-
-type GetDNSFirewallClusterParams struct {
-	ClusterID string `json:"-"`
-}
-
-type UpdateDNSFirewallClusterParams struct {
-	ClusterID            string   `json:"-"`
-	Name                 string   `json:"name"`
-	UpstreamIPs          []string `json:"upstream_ips"`
-	DNSFirewallIPs       []string `json:"dns_firewall_ips,omitempty"`
-	MinimumCacheTTL      uint     `json:"minimum_cache_ttl,omitempty"`
-	MaximumCacheTTL      uint     `json:"maximum_cache_ttl,omitempty"`
-	DeprecateAnyRequests bool     `json:"deprecate_any_requests"`
-}
-
-type ListDNSFirewallClustersParams struct{}
-
-type GetDNSFirewallUserAnalyticsParams struct {
-	ClusterID string `json:"-"`
-	DNSFirewallUserAnalyticsOptions
-}
-
-// CreateDNSFirewallCluster creates a new DNS Firewall cluster.
-//
-// API reference: https://api.cloudflare.com/#dns-firewall-create-dns-firewall-cluster
-func (api *API) CreateDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params CreateDNSFirewallClusterParams) (*DNSFirewallCluster, error) {
-	uri := fmt.Sprintf("/%s/dns_firewall", rc.URLFragment())
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &dnsFirewallResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// GetDNSFirewallCluster fetches a single DNS Firewall cluster.
-//
-// API reference: https://api.cloudflare.com/#dns-firewall-dns-firewall-cluster-details
-func (api *API) GetDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params GetDNSFirewallClusterParams) (*DNSFirewallCluster, error) {
-	if params.ClusterID == "" {
-		return &DNSFirewallCluster{}, ErrMissingClusterID
-	}
-
-	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), params.ClusterID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &dnsFirewallResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// ListDNSFirewallClusters lists the DNS Firewall clusters associated with an account.
-//
-// API reference: https://api.cloudflare.com/#dns-firewall-list-dns-firewall-clusters
-func (api *API) ListDNSFirewallClusters(ctx context.Context, rc *ResourceContainer, params ListDNSFirewallClustersParams) ([]*DNSFirewallCluster, error) {
-	uri := fmt.Sprintf("/%s/dns_firewall", rc.URLFragment())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &dnsFirewallListResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// UpdateDNSFirewallCluster updates a DNS Firewall cluster.
-//
-// API reference: https://api.cloudflare.com/#dns-firewall-update-dns-firewall-cluster
-func (api *API) UpdateDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, params UpdateDNSFirewallClusterParams) error {
-	if params.ClusterID == "" {
-		return ErrMissingClusterID
-	}
-
-	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), params.ClusterID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return err
-	}
-
-	response := &dnsFirewallResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// DeleteDNSFirewallCluster deletes a DNS Firewall cluster. Note that this cannot be
-// undone, and will stop all traffic to that cluster.
-//
-// API reference: https://api.cloudflare.com/#dns-firewall-delete-dns-firewall-cluster
-func (api *API) DeleteDNSFirewallCluster(ctx context.Context, rc *ResourceContainer, clusterID string) error {
-	uri := fmt.Sprintf("/%s/dns_firewall/%s", rc.URLFragment(), clusterID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	response := &dnsFirewallResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// GetDNSFirewallUserAnalytics retrieves analytics report for a specified dimension and time range.
-func (api *API) GetDNSFirewallUserAnalytics(ctx context.Context, rc *ResourceContainer, params GetDNSFirewallUserAnalyticsParams) (DNSFirewallAnalytics, error) {
-	uri := buildURI(fmt.Sprintf("/%s/dns_firewall/%s/dns_analytics/report", rc.URLFragment(), params.ClusterID), params.DNSFirewallUserAnalyticsOptions)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DNSFirewallAnalytics{}, err
-	}
-
-	response := dnsFirewallAnalyticsResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return DNSFirewallAnalytics{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/dns_firewall_test.go b/pkg/cloudflare-go/dns_firewall_test.go
deleted file mode 100644
index 5c85320cb3..0000000000
--- a/pkg/cloudflare-go/dns_firewall_test.go
+++ /dev/null
@@ -1,145 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestDNSFirewallUserAnalytics_UserLevel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	now := time.Now().UTC()
-	since := now.Add(-1 * time.Hour)
-	until := now
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		expectedMetrics := "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedia,responseTime90th,responseTime99th"
-
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET'")
-		assert.Equal(t, expectedMetrics, r.URL.Query().Get("metrics"), "Expected many metrics in URL parameter")
-		assert.Equal(t, since.Format(time.RFC3339), r.URL.Query().Get("since"), "Expected since parameter in URL")
-		assert.Equal(t, until.Format(time.RFC3339), r.URL.Query().Get("until"), "Expected until parameter in URL")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": {
-			"totals":{
-				"queryCount": 5,
-				"uncachedCount":6,
-				"staleCount":7,
-				"responseTimeAvg":1.0,
-				"responseTimeMedian":2.0,
-				"responseTime90th":3.0,
-				"responseTime99th":4.0
-			  }
-		  },
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}`)
-	}
-
-	mux.HandleFunc("/user/dns_firewall/12345/dns_analytics/report", handler)
-	want := DNSFirewallAnalytics{
-		Totals: DNSFirewallAnalyticsMetrics{
-			QueryCount:         Int64Ptr(5),
-			UncachedCount:      Int64Ptr(6),
-			StaleCount:         Int64Ptr(7),
-			ResponseTimeAvg:    Float64Ptr(1.0),
-			ResponseTimeMedian: Float64Ptr(2.0),
-			ResponseTime90th:   Float64Ptr(3.0),
-			ResponseTime99th:   Float64Ptr(4.0),
-		},
-	}
-
-	actual, err := client.GetDNSFirewallUserAnalytics(context.Background(), UserIdentifier("foo"), GetDNSFirewallUserAnalyticsParams{ClusterID: "12345", DNSFirewallUserAnalyticsOptions: DNSFirewallUserAnalyticsOptions{
-		Metrics: []string{
-			"queryCount",
-			"uncachedCount",
-			"staleCount",
-			"responseTimeAvg",
-			"responseTimeMedia",
-			"responseTime90th",
-			"responseTime99th",
-		},
-		Since: &since,
-		Until: &until,
-	}})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDNSFirewallUserAnalytics_AccountLevel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	now := time.Now().UTC()
-	since := now.Add(-1 * time.Hour)
-	until := now
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		expectedMetrics := "queryCount,uncachedCount,staleCount,responseTimeAvg,responseTimeMedia,responseTime90th,responseTime99th"
-
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET'")
-		assert.Equal(t, expectedMetrics, r.URL.Query().Get("metrics"), "Expected many metrics in URL parameter")
-		assert.Equal(t, since.Format(time.RFC3339), r.URL.Query().Get("since"), "Expected since parameter in URL")
-		assert.Equal(t, until.Format(time.RFC3339), r.URL.Query().Get("until"), "Expected until parameter in URL")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": {
-			"totals":{
-				"queryCount": 5,
-				"uncachedCount":6,
-				"staleCount":7,
-				"responseTimeAvg":1.0,
-				"responseTimeMedian":2.0,
-				"responseTime90th":3.0,
-				"responseTime99th":4.0
-			  }
-		  },
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/dns_firewall/12345/dns_analytics/report", handler)
-	want := DNSFirewallAnalytics{
-		Totals: DNSFirewallAnalyticsMetrics{
-			QueryCount:         Int64Ptr(5),
-			UncachedCount:      Int64Ptr(6),
-			StaleCount:         Int64Ptr(7),
-			ResponseTimeAvg:    Float64Ptr(1.0),
-			ResponseTimeMedian: Float64Ptr(2.0),
-			ResponseTime90th:   Float64Ptr(3.0),
-			ResponseTime99th:   Float64Ptr(4.0),
-		},
-	}
-
-	actual, err := client.GetDNSFirewallUserAnalytics(context.Background(), AccountIdentifier(testAccountID), GetDNSFirewallUserAnalyticsParams{ClusterID: "12345", DNSFirewallUserAnalyticsOptions: DNSFirewallUserAnalyticsOptions{
-		Metrics: []string{
-			"queryCount",
-			"uncachedCount",
-			"staleCount",
-			"responseTimeAvg",
-			"responseTimeMedia",
-			"responseTime90th",
-			"responseTime99th",
-		},
-		Since: &since,
-		Until: &until,
-	}})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/dns_test.go b/pkg/cloudflare-go/dns_test.go
deleted file mode 100644
index 43546dcc94..0000000000
--- a/pkg/cloudflare-go/dns_test.go
+++ /dev/null
@@ -1,700 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_toUTS46ASCII(t *testing.T) {
-	tests := map[string]struct {
-		domain   string
-		expected string
-	}{
-		"empty stays empty": {
-			domain:   "",
-			expected: "",
-		},
-		"unicode gets encoded": {
-			domain:   "😺.com",
-			expected: "xn--138h.com",
-		},
-		"unicode gets mapped and encoded": {
-			domain:   "ÖBB.at",
-			expected: "xn--bb-eka.at",
-		},
-		"punycode stays punycode": {
-			domain:   "xn--138h.com",
-			expected: "xn--138h.com",
-		},
-		"hyphens are not checked": {
-			domain:   "s3--s4.com",
-			expected: "s3--s4.com",
-		},
-		"STD3 rules are not enforced": {
-			domain:   "℀.com",
-			expected: "a/c.com",
-		},
-		"bidi check is disabled": {
-			domain:   "englishﻋﺮﺑﻲ.com",
-			expected: "xn--english-gqjzfwd1j.com",
-		},
-		"invalid joiners are allowed": {
-			domain:   "a\u200cb.com",
-			expected: "xn--ab-j1t.com",
-		},
-		"partial results are used despite errors": {
-			domain:   "xn--:D.xn--.😺.com",
-			expected: "xn--:d..xn--138h.com",
-		},
-	}
-	for name, tt := range tests {
-		t.Run(name, func(t *testing.T) {
-			actual := toUTS46ASCII(tt.domain)
-			assert.Equal(t, tt.expected, actual)
-		})
-	}
-}
-
-func TestCreateDNSRecord(t *testing.T) {
-	setup()
-	defer teardown()
-
-	priority := uint16(10)
-	proxied := false
-	asciiInput := DNSRecord{
-		Type:     "A",
-		Name:     "xn--138h.example.com",
-		Content:  "198.51.100.4",
-		TTL:      120,
-		Priority: &priority,
-		Proxied:  &proxied,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		var v DNSRecord
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, asciiInput, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"type": "A",
-				"name": "xn--138h.example.com",
-				"content": "198.51.100.4",
-				"proxiable": true,
-				"proxied": false,
-				"ttl": 120,
-				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-				"zone_name": "example.com",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"data": {},
-				"meta": {
-					"auto_added": true,
-					"source": "primary"
-				}
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := DNSRecord{
-		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
-		Type:       asciiInput.Type,
-		Name:       asciiInput.Name,
-		Content:    asciiInput.Content,
-		Proxiable:  true,
-		Proxied:    asciiInput.Proxied,
-		TTL:        asciiInput.TTL,
-		ZoneID:     testZoneID,
-		ZoneName:   "example.com",
-		CreatedOn:  createdOn,
-		ModifiedOn: modifiedOn,
-		Data:       map[string]interface{}{},
-		Meta: map[string]interface{}{
-			"auto_added": true,
-			"source":     "primary",
-		},
-	}
-
-	_, err := client.CreateDNSRecord(context.Background(), ZoneIdentifier(""), CreateDNSRecordParams{})
-	assert.ErrorIs(t, err, ErrMissingZoneID)
-
-	actual, err := client.CreateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), CreateDNSRecordParams{
-		Type:     "A",
-		Name:     "😺.example.com",
-		Content:  "198.51.100.4",
-		TTL:      120,
-		Priority: &priority,
-		Proxied:  &proxied})
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestListDNSRecords(t *testing.T) {
-	setup()
-	defer teardown()
-
-	asciiInput := DNSRecord{
-		Name:    "xn--138h.example.com",
-		Type:    "A",
-		Content: "198.51.100.4",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, asciiInput.Name, r.URL.Query().Get("name"))
-		assert.Equal(t, asciiInput.Type, r.URL.Query().Get("type"))
-		assert.Equal(t, asciiInput.Content, r.URL.Query().Get("content"))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "372e67954025e0ba6aaa6d586b9e0b59",
-					"type": "A",
-					"name": "xn--138h.example.com",
-					"content": "198.51.100.4",
-					"proxiable": true,
-					"proxied": false,
-					"ttl": 120,
-					"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-					"zone_name": "example.com",
-					"created_on": "2014-01-01T05:20:00Z",
-					"modified_on": "2014-01-01T05:20:00Z",
-					"data": {},
-					"meta": {
-						"auto_added": true,
-						"source": "primary"
-					}
-				}
-			],
-			"result_info": {
-				"count": 1,
-				"page": 1,
-				"per_page": 20,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
-
-	proxied := false
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := []DNSRecord{{
-		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
-		Type:       "A",
-		Name:       asciiInput.Name,
-		Content:    asciiInput.Content,
-		Proxiable:  true,
-		Proxied:    &proxied,
-		TTL:        120,
-		ZoneID:     testZoneID,
-		ZoneName:   "example.com",
-		CreatedOn:  createdOn,
-		ModifiedOn: modifiedOn,
-		Data:       map[string]interface{}{},
-		Meta: map[string]interface{}{
-			"auto_added": true,
-			"source":     "primary",
-		},
-	}}
-
-	_, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(""), ListDNSRecordsParams{})
-	assert.ErrorIs(t, err, ErrMissingZoneID)
-
-	actual, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{
-		Name:    "😺.example.com",
-		Type:    "A",
-		Content: "198.51.100.4",
-	})
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestListDNSRecordsSearch(t *testing.T) {
-	setup()
-	defer teardown()
-
-	recordInput := DNSRecord{
-		Name:    "example.com",
-		Type:    "A",
-		Content: "198.51.100.4",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, recordInput.Name, r.URL.Query().Get("name"))
-		assert.Equal(t, recordInput.Type, r.URL.Query().Get("type"))
-		assert.Equal(t, recordInput.Content, r.URL.Query().Get("content"))
-		assert.Equal(t, "all", r.URL.Query().Get("match"))
-		assert.Equal(t, "1", r.URL.Query().Get("page"))
-		assert.Equal(t, "type", r.URL.Query().Get("order"))
-		assert.Equal(t, "asc", r.URL.Query().Get("direction"))
-		assert.Equal(t, "any", r.URL.Query().Get("tag-match"))
-		assert.ElementsMatch(t, []string{"tag1", "tag2"}, r.URL.Query()["tag"])
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "372e67954025e0ba6aaa6d586b9e0b59",
-					"type": "A",
-					"name": "example.com",
-					"content": "198.51.100.4",
-					"proxiable": true,
-					"proxied": true,
-					"ttl": 120,
-					"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-					"zone_name": "example.com",
-					"created_on": "2014-01-01T05:20:00Z",
-					"modified_on": "2014-01-01T05:20:00Z",
-					"data": {},
-					"meta": {
-						"auto_added": true,
-						"source": "primary"
-					},
-					"tags": ["tag1", "tag2extended"]
-				}
-			],
-			"result_info": {
-				"count": 1,
-				"page": 1,
-				"per_page": 20,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
-
-	proxied := true
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := []DNSRecord{{
-		ID:         "372e67954025e0ba6aaa6d586b9e0b59",
-		Type:       "A",
-		Name:       recordInput.Name,
-		Content:    recordInput.Content,
-		Proxiable:  true,
-		Proxied:    &proxied,
-		TTL:        120,
-		ZoneID:     testZoneID,
-		ZoneName:   "example.com",
-		CreatedOn:  createdOn,
-		ModifiedOn: modifiedOn,
-		Data:       map[string]interface{}{},
-		Meta: map[string]interface{}{
-			"auto_added": true,
-			"source":     "primary",
-		},
-		Tags: []string{"tag1", "tag2extended"},
-	}}
-
-	actual, resultInfo, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{
-		ResultInfo: ResultInfo{
-			Page: 1,
-		},
-		Match:     "all",
-		Order:     "type",
-		Direction: ListDirectionAsc,
-		Name:      "example.com",
-		Type:      "A",
-		Content:   "198.51.100.4",
-		TagMatch:  "any",
-		Tags:      []string{"tag1", "tag2"},
-	})
-	require.NoError(t, err)
-	assert.Equal(t, 1, resultInfo.Total)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestListDNSRecordsPagination(t *testing.T) {
-	// change listDNSRecordsDefaultPageSize value to 1 to force pagination
-	listDNSRecordsDefaultPageSize = 3
-
-	setup()
-	defer teardown()
-
-	var page1Called, page2Called bool
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		page := r.URL.Query().Get("page")
-		w.Header().Set("content-type", "application/json")
-
-		var response string
-		switch page {
-		case "1":
-			response = loadFixture("dns", "list_page_1")
-			page1Called = true
-		case "2":
-			response = loadFixture("dns", "list_page_2")
-			page2Called = true
-		default:
-			assert.Failf(t, "Unexpeted page requested: %s", page)
-			return
-		}
-		fmt.Fprint(w, response)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records", handler)
-
-	actual, _, err := client.ListDNSRecords(context.Background(), ZoneIdentifier(testZoneID), ListDNSRecordsParams{})
-	require.NoError(t, err)
-	assert.True(t, page1Called)
-	assert.True(t, page2Called)
-	assert.Len(t, actual, 5)
-
-	type ls struct {
-		Results []map[string]interface{} `json:"result"`
-	}
-
-	expectedRecords := make(map[string]map[string]interface{})
-
-	response1 := loadFixture("dns", "list_page_1")
-	var fixtureDataPage1 ls
-	err = json.Unmarshal([]byte(response1), &fixtureDataPage1)
-	assert.NoError(t, err)
-	for _, record := range fixtureDataPage1.Results {
-		expectedRecords[record["id"].(string)] = record
-	}
-
-	response2 := loadFixture("dns", "list_page_2")
-	var fixtureDataPage2 ls
-	err = json.Unmarshal([]byte(response2), &fixtureDataPage2)
-	assert.NoError(t, err)
-	for _, record := range fixtureDataPage2.Results {
-		expectedRecords[record["id"].(string)] = record
-	}
-
-	for _, actualRecord := range actual {
-		expected, exist := expectedRecords[actualRecord.ID]
-		assert.True(t, exist, "DNS record doesn't exist in fixtures")
-		assert.Equal(t, expected["type"].(string), actualRecord.Type)
-		assert.Equal(t, expected["name"].(string), actualRecord.Name)
-		assert.Equal(t, expected["content"].(string), actualRecord.Content)
-		assert.Equal(t, expected["proxiable"].(bool), actualRecord.Proxiable)
-		assert.Equal(t, expected["proxied"].(bool), *actualRecord.Proxied)
-		assert.Equal(t, int(expected["ttl"].(float64)), actualRecord.TTL)
-		assert.Equal(t, expected["zone_id"].(string), actualRecord.ZoneID)
-		assert.Equal(t, expected["zone_name"].(string), actualRecord.ZoneName)
-		assert.Equal(t, expected["data"], actualRecord.Data)
-		assert.Equal(t, expected["meta"], actualRecord.Meta)
-	}
-}
-
-func TestGetDNSRecord(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"type": "A",
-				"name": "example.com",
-				"content": "198.51.100.4",
-				"proxiable": true,
-				"proxied": false,
-				"ttl": 120,
-				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-				"zone_name": "example.com",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"data": {},
-				"meta": {
-					"auto_added": true,
-					"source": "primary"
-				},
-				"comment": "This is a comment",
-				"tags": ["tag1", "tag2"]
-			}
-		}`)
-	}
-
-	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
-
-	proxied := false
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := DNSRecord{
-		ID:         dnsRecordID,
-		Type:       "A",
-		Name:       "example.com",
-		Content:    "198.51.100.4",
-		Proxiable:  true,
-		Proxied:    &proxied,
-		TTL:        120,
-		ZoneID:     testZoneID,
-		ZoneName:   "example.com",
-		CreatedOn:  createdOn,
-		ModifiedOn: modifiedOn,
-		Data:       map[string]interface{}{},
-		Meta: map[string]interface{}{
-			"auto_added": true,
-			"source":     "primary",
-		},
-		Comment: "This is a comment",
-		Tags:    []string{"tag1", "tag2"},
-	}
-
-	_, err := client.GetDNSRecord(context.Background(), ZoneIdentifier(""), dnsRecordID)
-	assert.ErrorIs(t, err, ErrMissingZoneID)
-
-	_, err = client.GetDNSRecord(context.Background(), ZoneIdentifier(testZoneID), "")
-	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
-
-	actual, err := client.GetDNSRecord(context.Background(), ZoneIdentifier(testZoneID), dnsRecordID)
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateDNSRecord(t *testing.T) {
-	setup()
-	defer teardown()
-
-	proxied := false
-	input := DNSRecord{
-		ID:      "372e67954025e0ba6aaa6d586b9e0b59",
-		Type:    "A",
-		Name:    "xn--138h.example.com",
-		Content: "198.51.100.4",
-		TTL:     120,
-		Proxied: &proxied,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v DNSRecord
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"type": "A",
-				"name": "example.com",
-				"content": "198.51.100.4",
-				"proxiable": true,
-				"proxied": false,
-				"ttl": 120,
-				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-				"zone_name": "example.com",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"data": {},
-				"meta": {
-					"auto_added": true,
-					"source": "primary"
-				}
-			}
-		}`)
-	}
-
-	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
-
-	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(""), UpdateDNSRecordParams{ID: dnsRecordID})
-	assert.ErrorIs(t, err, ErrMissingZoneID)
-
-	_, err = client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{})
-	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
-
-	_, err = client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
-		ID:      dnsRecordID,
-		Type:    "A",
-		Name:    "😺.example.com",
-		Content: "198.51.100.4",
-		TTL:     120,
-		Proxied: &proxied,
-	})
-	require.NoError(t, err)
-}
-
-func TestUpdateDNSRecord_ClearComment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := DNSRecord{
-		ID:      "372e67954025e0ba6aaa6d586b9e0b59",
-		Comment: "",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v DNSRecord
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"type": "A",
-				"name": "example.com",
-				"content": "198.51.100.4",
-				"proxiable": true,
-				"proxied": false,
-				"ttl": 120,
-				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-				"zone_name": "example.com",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"comment":null,
-				"tags":[],
-				"data": {},
-				"meta": {
-					"auto_added": true,
-					"source": "primary"
-				}
-			}
-		}`)
-	}
-
-	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
-
-	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
-		ID:      dnsRecordID,
-		Comment: StringPtr(""),
-	})
-	require.NoError(t, err)
-}
-
-func TestUpdateDNSRecord_KeepComment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := DNSRecord{
-		ID: "372e67954025e0ba6aaa6d586b9e0b59",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v DNSRecord
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		v.ID = "372e67954025e0ba6aaa6d586b9e0b59"
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"type": "A",
-				"name": "example.com",
-				"content": "198.51.100.4",
-				"proxiable": true,
-				"proxied": false,
-				"ttl": 120,
-				"zone_id": "d56084adb405e0b7e32c52321bf07be6",
-				"zone_name": "example.com",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"comment":null,
-				"tags":[],
-				"data": {},
-				"meta": {
-					"auto_added": true,
-					"source": "primary"
-				}
-			}
-		}`)
-	}
-
-	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
-
-	_, err := client.UpdateDNSRecord(context.Background(), ZoneIdentifier(testZoneID), UpdateDNSRecordParams{
-		ID: dnsRecordID,
-	})
-	require.NoError(t, err)
-}
-
-func TestDeleteDNSRecord(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59"
-			}
-		}`)
-	}
-
-	dnsRecordID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/dns_records/"+dnsRecordID, handler)
-
-	err := client.DeleteDNSRecord(context.Background(), ZoneIdentifier(""), dnsRecordID)
-	assert.ErrorIs(t, err, ErrMissingZoneID)
-
-	err = client.DeleteDNSRecord(context.Background(), ZoneIdentifier(testZoneID), "")
-	assert.ErrorIs(t, err, ErrMissingDNSRecordID)
-
-	err = client.DeleteDNSRecord(context.Background(), ZoneIdentifier(testZoneID), dnsRecordID)
-	require.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/docs/changelog-process.md b/pkg/cloudflare-go/docs/changelog-process.md
deleted file mode 100644
index 33bc59add7..0000000000
--- a/pkg/cloudflare-go/docs/changelog-process.md
+++ /dev/null
@@ -1,96 +0,0 @@
-## Changelog Process
-
-We use the [go-changelog](https://github.com/hashicorp/go-changelog) to generate and update the changelog from files created in the `.changelog/` directory. It is important that when you raise your Pull Request, there is a changelog entry which describes the changes your contribution makes. Not all changes require an entry in the CHANGELOG, guidance follows on what changes do.
-
-### Changelog Format
-
-The changelog format requires an entry in the following format, where HEADER corresponds to the changelog category, and the entry is the changelog entry itself. The entry should be included in a file in the `.changelog` directory with the naming convention `{PR-NUMBER}.txt`. For example, to create a changelog entry for pull request 1234, there should be a file named `.changelog/1234.txt`.
-
-````markdown
-```release-note:{HEADER}
-{ENTRY}
-```
-````
-
-If a pull request should contain multiple changelog entries, then multiple blocks can be added to the same changelog file. For example:
-
-````markdown
-```release-note:note
-foo: The `broken` attribute has been deprecated. All configurations using `broken` should be updated to use the new `not_broken` attribute instead.
-```
-
-```release-note:enhancement
-foo: Add `not_broken` attribute
-```
-````
-
-### Skipping changelog entries
-
-In order to skip/pass the automated checks where a CHANGELOG entry is not required, apply the `workflow/skip-changelog-entry` label.
-
-### Pull Request Types to CHANGELOG
-
-The CHANGELOG is intended to show operator-impacting changes to the codebase for a particular version. If every change or commit to the code resulted in an entry, the CHANGELOG would become less useful for operators. The lists below are general guidelines and examples for when a decision needs to be made to decide whether a change should have an entry.
-
-#### Changes that should have a CHANGELOG entry
-
-##### Resource and provider bug fixes
-
-A new bug entry should use the `release-note:bug` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
-
-````markdown
-```release-note:bug
-foo: Fix 'thing' being optional
-```
-````
-
-##### Resource and provider enhancements
-
-A new enhancement entry should use the `release-note:enhancement` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
-
-````markdown
-```release-note:enhancement
-foo: Add new capability
-```
-````
-
-##### Deprecations
-
-A breaking-change entry should use the `release-note:note` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
-
-````markdown
-```release-note:note
-foo: X attribute is being deprecated in favor of the new Y attribute
-```
-````
-
-##### Breaking Changes and Removals
-
-A breaking-change entry should use the `release-note:breaking-change` header and have a prefix indicating the file/service it corresponds to, a colon, then followed by a brief summary.
-
-````markdown
-```release-note:breaking-change
-foo: Resource no longer works for 'EXAMPLE' parameters
-```
-````
-
-#### Changes that may have a CHANGELOG entry
-
-Dependency updates: If the update contains relevant bug fixes or enhancements that affect operators, those should be called out.
-Any changes which do not fit into the above categories but warrant highlighting.
-
-````markdown
-```release-note:note
-foo: Example resource now does X slightly differently
-```
-
-```release-note:dependency
-`foo` v0.1.0 => v0.1.1
-```
-````
-
-#### Changes that should _not_ have a CHANGELOG entry
-
-- Resource and provider documentation updates
-- Testing updates
-- Code refactoring (context dependant)
diff --git a/pkg/cloudflare-go/docs/conventions.md b/pkg/cloudflare-go/docs/conventions.md
deleted file mode 100644
index acbe2fabb6..0000000000
--- a/pkg/cloudflare-go/docs/conventions.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Conventions
-
-This document aims to cover the conventions and guidance to consider when 
-making changes the Go SDK.
-
-## Methods
-
-- All methods should take a maximum of 3 parameter. See examples in [experimental](./experimental.md)
-- The first parameter is always `context.Context`.
-- The second is a `*ResourceContainer`.
-- The final is a struct of available parameters for the method. 
-  - The parameter naming convention should be `<MethodName>Params`. Example: 
-    method name of `GetDNSRecords` has a struct parameter name of 
-    `GetDNSRecordsParams`.
-  - Do not share parameter structs between methods. Each should have a dedicated
-    one.
-  - Even if you don't intend to have parameter configurations, you should add
-    the third parameter to your method signature for future flexibility.
-  
-## Types
-
-### Booleans
-
-- Should always be represented as pointers in structs with an `omitempty` 
-  marshaling tag (most commonly as JSON). This ensures you can determine unset, 
-  false and truthy values.
-
-### `time.Time`
-
-- Should always be represented as pointers in structs.
-
-### Ports (0-65535)
-
-- Should use `uint16` unless you have a reason to restrict the port range in 
-  which case, you should also provide a validator on the type.
-
-## Marshaling/unmarshaling
-
-- Avoid custom marshal/unmarshal handlers unless absolutely necessary. They can
-  be difficult to debug in a larger codebase.
diff --git a/pkg/cloudflare-go/docs/experimental.md b/pkg/cloudflare-go/docs/experimental.md
deleted file mode 100644
index 5ed9b308ca..0000000000
--- a/pkg/cloudflare-go/docs/experimental.md
+++ /dev/null
@@ -1,119 +0,0 @@
-# README (experimental)
-
-An experimental and incremental update of the library focusing on a more modern
-and consistent experience.
-
-## Improvements
-
-### Automatically paginate `List` operations by default
-
-`List()` methods will automatically paginate all resources **unless** 
-`PerPage` or `Page` is supplied as a part of the `$entityListParams`.
-
-This allows us the best of both worlds where if you need to explicitly 
-override the inbuilt pagination, you have the ability to.
-
-## Nested methods and services
-
-Not all methods are defined at the top level. Instead, they are nested under
-service objects.
-
-```golang
-// old
-client.ListZones(...)
-client.ZoneLevelAccessServiceTokens(...)
-
-// new
-client.Zones.List()
-client.Access.ServiceTokens(...)
-```
-
-This avoids polluting the global namespace and having more specific methods
-for services.
-
-### Consistent CRUD method signatures
-
-Majority of methods on an entity will follow a standard method signature.
-
-| Signature                                                                 | Purpose                                            | Return value                                                                                                                   |
-| ------------------------------------------------------------------------- | -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
-| `Get(ctx, *ResourceContainer, $entityID) ($entity, error)`                | Fetches a single entity by a `$entityID`.          | Returns the entity and `error` based on the listing parameters.                                                                |
-| `List(ctx, *ResourceContainer, params) ([]$entity, ResultInfo, error)` | Fetches all entities.                              | Returns the list of matching entities, the result information (pagination, fail/success and additional metadata), and `error`. |
-| `New(ctx, *ResourceContainer, params) ($entity, error)`                | Creates a new entity with the provided parameters. | Returns the newly created entity and `error`.                                                                                  |
-| `Update(ctx, *ResourceContainer, params) ($entity, error)`             | Updates an existing entity.                        | Returns the updated entity and `error`.                                                                                        |
-| `Delete(ctx, *ResourceContainer, $entityID) (error)`                      | Deletes a single entity by a `$entityID`.          | Returns `error`.                                                                                                               |
-
-- `*ResourceContainer` determines the "level" of the resource and where it will
-  operate at. Operated using `UserIdentifier`, `ZoneIdentifier`, and
-  `AccountIdentifier` respectively.
-- `$entityID` is the resource identifier.
-- `params` is a complex structure that allows filtering/finding resources
-  matching the struct fields. By providing a structure as the third argument
-  in all the methods that require it, we can add/remove fields without the 
-  need for a breaking change and instead can issue deprecation notices when
-  specific fields are used.
-- `$entity` the resource being operated on.
-
-Exceptions to this convention will be:
-
-- Methods outside of CRUD operations
-- Top level level concepts such as `Accounts` and `Zones`
-
-#### Examples
-
-`DNSRecord` is used below for the examples however, all entites will implement the
-same methods and interfaces.
-
-```go
-params := cloudflare.ClientParams{
-  Key: "3bc3be114fb6323adc5b0ad7422d193a",
-  Email: "someone@example.com",
-  HTTPClient: myCustomHTTPClient,
-  // ...
-}
-c, err := cloudflare.NewExperimental(params)
-```
-
-**Create a new DNS record**
-
-```go
-dParams := &cloudflare.DNSRecordParams{
-  Name: "@",
-  Content: "foo.example.com",
-  TTL: 300,
-}
-r, _ := c.DNSRecord.New(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), dParams)
-```
-
-**Fetching a known DNS record by ID**
-
-```go
-r, _ := c.DNSRecord.Get(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), "3e7705498e8be60520841409ebc69bc1")
-```
-
-**Listing all records matching a single account ID (filter option)**
-
-```go
-dParams := &cloudflare.DNSRecordListParams{
-  AccountID: "d8e8fca2dc0f896fd7cb4cb0031ba249"
-}
-r, _, _ := c.DNSRecord.List(context.TODO(), dParams)
-```
-
-**Update an existing DNS record**
-
-```go
-dParams := &cloudflare.DNSRecordParams{
-  ID: "b5163cf270a3fbac34827c4a2713eef4",
-  Name: "@",
-  Content: "bar.example.com",
-  TTL: 300,
-}
-r, _ := c.DNSRecord.Update(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), dParams)
-```
-
-**Delete a DNS Record**
-
-```go
-r, _ := c.DNSRecord.Delete(context.TODO(), cloudflare.ZoneIdentifier("b026324c6904b2a9cb4b88d6d61c81d1"), "b5163cf270a3fbac34827c4a2713eef4")
-```
diff --git a/pkg/cloudflare-go/docs/public-api-documentation.md b/pkg/cloudflare-go/docs/public-api-documentation.md
deleted file mode 100644
index a2b2c4b355..0000000000
--- a/pkg/cloudflare-go/docs/public-api-documentation.md
+++ /dev/null
@@ -1,28 +0,0 @@
-## Why is my PR labelled with `workflow/pending-public-api`?
-
-To ensure the public SDKs (including the [Cloudflare Terraform Provider]) are
-only using stable and intentionally exposed endpoints, we require that all API
-functionality is backed by public documentation. This can either be
-api.cloudflare.com or developers.cloudflare.com depending on the delivery medium.
-
-## But, wrangler/cloudflared/other project doesn't require public documentation?
-
-On occasion, Cloudflare teams release functionality or tooling specific to the
-systems they are responsible for. [Wrangler] and [cloudflared] are two prominent
-examples of this. In these situations, the teams may choose to use unstable or
-undocumented endpoints as they are able to maintain both internal and external
-compatibility for these tools should something need to change without notice or
-a deprecation period.
-
-Unfortunately, the SDKs are not in the same position and cannot make the same
-guarantees externally due to being an interface for external integrations; not
-an abstraction of the functionality. By only accepting documented API endpoints
-into the SDKs, we establish an API contract with the service teams that ensures
-consumers have a reliable and consistent experience when using them. Should an
-API contract be broken, or need fixing, the service team will be responsible to
-maintain it in such a time that a deprecation notice is issued and integrations
-have a migration period.
-
-[cloudflare terraform provider]: https://github.com/cloudflare/terraform-provider-cloudflare/
-[wrangler]: https://github.com/cloudflare/wrangler2
-[cloudflared]: https://github.com/cloudflare/cloudflared
diff --git a/pkg/cloudflare-go/docs/release-process.md b/pkg/cloudflare-go/docs/release-process.md
deleted file mode 100644
index d2ae372d8d..0000000000
--- a/pkg/cloudflare-go/docs/release-process.md
+++ /dev/null
@@ -1,40 +0,0 @@
-## Release Process
-
-We aim to release on a fortnightly cadence, alternating weeks with the [terraform-provider-cloudflare](https://github.com/cloudflare/terraform-provider-cloudflare).
-
-This is to accommodate downstream tools and allow changes from this library to
-be used in the other systems without a month long delay.
-
-To determine when the next release is due, you can either:
-
-- Review the latest [releases](https://github.com/cloudflare/cloudflare-go/releases); or
-- Review the [current milestones](https://github.com/cloudflare/cloudflare-go/milestones).
-
-If a hotfix is needed, the same process outlined below is used however only the
-semantic versioning patch version is bumped.
-
-- Ensure CI is passing for [`master` branch](https://github.com/cloudflare/cloudflare-go/actions?query=branch%3Amaster).
-- Remove "(Unreleased)" portion from the header for the version you are intending
-  to release (here, 2.27.0). Create a new H2 above for the next unreleased
-  version (here 2.28.0). Example diff:
-
-  ```diff
-  + ## 2.28.0 (Unreleased)
-
-  + ## 2.27.0
-  - ## 2.27.0 (Unreleased)
-
-  NOTES:
-
-  * dependency: Update foo to v0.0.2 ([#1184](https://github.com/cloudflare/cloudflare-go/issues/123))
-  ```
-
-  Bumping the minor version is usually fine here unless you are intending on
-  releasing a major version bump.
-
-- Create a new GitHub release with the release title exactly matching the tag
-  (e.g. `v2.27.0`) and copy the entries from the CHANGELOG to the release notes.
-- A GitHub Action will now build the binaries, documentation and create the release.
-- Once this is completed, close off the milestone for the current release and
-  open the next that matches the CHANGELOG additions from earlier. Example: close
-  v2.27.0 but open a v2.28.0.
diff --git a/pkg/cloudflare-go/duration.go b/pkg/cloudflare-go/duration.go
deleted file mode 100644
index 2e39d5ed4a..0000000000
--- a/pkg/cloudflare-go/duration.go
+++ /dev/null
@@ -1,41 +0,0 @@
-package cloudflare
-
-import (
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Duration implements json.Marshaler and json.Unmarshaler for time.Duration
-// using the fmt.Stringer interface of time.Duration and time.ParseDuration.
-type Duration struct {
-	time.Duration
-}
-
-// MarshalJSON encodes a Duration as a JSON string formatted using String.
-func (d Duration) MarshalJSON() ([]byte, error) {
-	return json.Marshal(d.Duration.String())
-}
-
-// UnmarshalJSON decodes a Duration from a JSON string parsed using time.ParseDuration.
-func (d *Duration) UnmarshalJSON(buf []byte) error {
-	var str string
-
-	err := json.Unmarshal(buf, &str)
-	if err != nil {
-		return err
-	}
-
-	dur, err := time.ParseDuration(str)
-	if err != nil {
-		return err
-	}
-
-	d.Duration = dur
-	return nil
-}
-
-var (
-	_ = json.Marshaler((*Duration)(nil))
-	_ = json.Unmarshaler((*Duration)(nil))
-)
diff --git a/pkg/cloudflare-go/duration_test.go b/pkg/cloudflare-go/duration_test.go
deleted file mode 100644
index c186955886..0000000000
--- a/pkg/cloudflare-go/duration_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package cloudflare
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-func ExampleDuration() {
-	d := Duration{1 * time.Second}
-	fmt.Println(d)
-
-	buf, err := json.Marshal(d)
-	fmt.Println(string(buf), err)
-
-	err = json.Unmarshal([]byte(`"5s"`), &d)
-	fmt.Println(d, err)
-
-	d.Duration += time.Second
-	fmt.Println(d, err)
-
-	// Output:
-	// 1s
-	// "1s" <nil>
-	// 5s <nil>
-	// 6s <nil>
-}
diff --git a/pkg/cloudflare-go/email_routing_destination.go b/pkg/cloudflare-go/email_routing_destination.go
deleted file mode 100644
index 3ad0284dcb..0000000000
--- a/pkg/cloudflare-go/email_routing_destination.go
+++ /dev/null
@@ -1,156 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type EmailRoutingDestinationAddress struct {
-	Tag      string     `json:"tag,omitempty"`
-	Email    string     `json:"email,omitempty"`
-	Verified *time.Time `json:"verified,omitempty"`
-	Created  *time.Time `json:"created,omitempty"`
-	Modified *time.Time `json:"modified,omitempty"`
-}
-
-type ListEmailRoutingAddressParameters struct {
-	ResultInfo
-	Direction string `url:"direction,omitempty"`
-	Verified  *bool  `url:"verified,omitempty"`
-}
-
-type ListEmailRoutingAddressResponse struct {
-	Result     []EmailRoutingDestinationAddress `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-type CreateEmailRoutingAddressParameters struct {
-	Email string `json:"email,omitempty"`
-}
-
-type CreateEmailRoutingAddressResponse struct {
-	Result EmailRoutingDestinationAddress `json:"result,omitempty"`
-	Response
-}
-
-// ListEmailRoutingDestinationAddresses Lists existing destination addresses.
-//
-// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-list-destination-addresses
-func (api *API) ListEmailRoutingDestinationAddresses(ctx context.Context, rc *ResourceContainer, params ListEmailRoutingAddressParameters) ([]EmailRoutingDestinationAddress, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []EmailRoutingDestinationAddress{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var addresses []EmailRoutingDestinationAddress
-	var eResponse ListEmailRoutingAddressResponse
-	for {
-		eResponse = ListEmailRoutingAddressResponse{}
-		uri := buildURI(fmt.Sprintf("/accounts/%s/email/routing/addresses", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []EmailRoutingDestinationAddress{}, &ResultInfo{}, err
-		}
-		err = json.Unmarshal(res, &eResponse)
-		if err != nil {
-			return []EmailRoutingDestinationAddress{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		addresses = append(addresses, eResponse.Result...)
-		params.ResultInfo = eResponse.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return addresses, &eResponse.ResultInfo, nil
-}
-
-// CreateEmailRoutingDestinationAddress Create a destination address to forward your emails to.
-// Destination addresses need to be verified before they become active.
-//
-// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-create-a-destination-address
-func (api *API) CreateEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, params CreateEmailRoutingAddressParameters) (EmailRoutingDestinationAddress, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, err
-	}
-
-	var r CreateEmailRoutingAddressResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// GetEmailRoutingDestinationAddress Gets information for a specific destination email already created.
-//
-// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-get-a-destination-address
-func (api *API) GetEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, addressID string) (EmailRoutingDestinationAddress, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses/%s", rc.Identifier, addressID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, err
-	}
-
-	var r CreateEmailRoutingAddressResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteEmailRoutingDestinationAddress Deletes a specific destination address.
-//
-// API reference: https://api.cloudflare.com/#email-routing-destination-addresses-delete-destination-address
-func (api *API) DeleteEmailRoutingDestinationAddress(ctx context.Context, rc *ResourceContainer, addressID string) (EmailRoutingDestinationAddress, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingDestinationAddress{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/email/routing/addresses/%s", rc.Identifier, addressID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, err
-	}
-
-	var r CreateEmailRoutingAddressResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingDestinationAddress{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/email_routing_destination_test.go b/pkg/cloudflare-go/email_routing_destination_test.go
deleted file mode 100644
index b4451d3660..0000000000
--- a/pkg/cloudflare-go/email_routing_destination_test.go
+++ /dev/null
@@ -1,171 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testEmailID = "ea95132c15732412d22c1476fa83f27a"
-
-func createTestDestinationAddress() EmailRoutingDestinationAddress {
-	verified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	return EmailRoutingDestinationAddress{
-		Tag:      testEmailID,
-		Email:    "user@example.com",
-		Verified: &verified,
-		Created:  &created,
-		Modified: &modified,
-	}
-}
-
-func TestEmailRouting_ListDestinationAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "tag": "ea95132c15732412d22c1476fa83f27a",
-      "email": "user@example.com",
-      "verified": "2014-01-02T02:20:00Z",
-      "created": "2014-01-02T02:20:00Z",
-      "modified": "2014-01-02T02:20:00Z"
-    }
-  ],
-  "result_info": {
-    "page": 1,
-    "per_page": 20,
-    "count": 1,
-    "total_count": 1
-  }
-}`)
-	})
-
-	_, _, err := client.ListEmailRoutingDestinationAddresses(context.Background(), AccountIdentifier(""), ListEmailRoutingAddressParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := createTestDestinationAddress()
-
-	res, resInfo, err := client.ListEmailRoutingDestinationAddresses(context.Background(), AccountIdentifier(testAccountID), ListEmailRoutingAddressParameters{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, resInfo.Page, 1)
-		assert.Equal(t, want, res[0])
-	}
-}
-
-func TestEmailRouting_CreateDestinationAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "ea95132c15732412d22c1476fa83f27a",
-    "email": "user@example.com",
-    "verified": "2014-01-02T02:20:00Z",
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z"
-  }
-}`)
-	})
-
-	_, err := client.CreateEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), CreateEmailRoutingAddressParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := createTestDestinationAddress()
-
-	res, err := client.CreateEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), CreateEmailRoutingAddressParameters{Email: "user@example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_GetDestinationAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses/"+testEmailID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "ea95132c15732412d22c1476fa83f27a",
-    "email": "user@example.com",
-    "verified": "2014-01-02T02:20:00Z",
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z"
-  }
-}`)
-	})
-
-	_, err := client.GetEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := createTestDestinationAddress()
-
-	res, err := client.GetEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), testEmailID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_DeleteDestinationAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/email/routing/addresses/"+testEmailID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "ea95132c15732412d22c1476fa83f27a",
-    "email": "user@example.com",
-    "verified": "2014-01-02T02:20:00Z",
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z"
-  }
-}`)
-	})
-
-	_, err := client.DeleteEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := createTestDestinationAddress()
-
-	res, err := client.DeleteEmailRoutingDestinationAddress(context.Background(), AccountIdentifier(testAccountID), testEmailID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/email_routing_rules.go b/pkg/cloudflare-go/email_routing_rules.go
deleted file mode 100644
index 736200d04d..0000000000
--- a/pkg/cloudflare-go/email_routing_rules.go
+++ /dev/null
@@ -1,274 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingRuleID = errors.New("required rule id missing")
-
-type EmailRoutingRuleMatcher struct {
-	Type  string `json:"type,omitempty"`
-	Field string `json:"field,omitempty"`
-	Value string `json:"value,omitempty"`
-}
-
-type EmailRoutingRuleAction struct {
-	Type  string   `json:"type,omitempty"`
-	Value []string `json:"value,omitempty"`
-}
-
-type EmailRoutingRule struct {
-	Tag      string                    `json:"tag,omitempty"`
-	Name     string                    `json:"name,omitempty"`
-	Priority int                       `json:"priority,omitempty"`
-	Enabled  *bool                     `json:"enabled,omitempty"`
-	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
-	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
-}
-
-type ListEmailRoutingRulesParameters struct {
-	Enabled *bool `url:"enabled,omitempty"`
-	ResultInfo
-}
-
-type ListEmailRoutingRuleResponse struct {
-	Result     []EmailRoutingRule `json:"result"`
-	ResultInfo `json:"result_info,omitempty"`
-	Response
-}
-
-type CreateEmailRoutingRuleParameters struct {
-	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
-	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
-	Name     string                    `json:"name,omitempty"`
-	Enabled  *bool                     `json:"enabled,omitempty"`
-	Priority int                       `json:"priority,omitempty"`
-}
-
-type CreateEmailRoutingRuleResponse struct {
-	Result EmailRoutingRule `json:"result"`
-	Response
-}
-
-type GetEmailRoutingRuleResponse struct {
-	Result EmailRoutingRule `json:"result"`
-	Response
-}
-
-type UpdateEmailRoutingRuleParameters struct {
-	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
-	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
-	Name     string                    `json:"name,omitempty"`
-	Enabled  *bool                     `json:"enabled,omitempty"`
-	Priority int                       `json:"priority,omitempty"`
-	RuleID   string
-}
-
-type EmailRoutingCatchAllRule struct {
-	Tag      string                    `json:"tag,omitempty"`
-	Name     string                    `json:"name,omitempty"`
-	Enabled  *bool                     `json:"enabled,omitempty"`
-	Matchers []EmailRoutingRuleMatcher `json:"matchers,omitempty"`
-	Actions  []EmailRoutingRuleAction  `json:"actions,omitempty"`
-}
-
-type EmailRoutingCatchAllRuleResponse struct {
-	Result EmailRoutingCatchAllRule `json:"result"`
-	Response
-}
-
-// ListEmailRoutingRules Lists existing routing rules.
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-list-routing-rules
-func (api *API) ListEmailRoutingRules(ctx context.Context, rc *ResourceContainer, params ListEmailRoutingRulesParameters) ([]EmailRoutingRule, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []EmailRoutingRule{}, &ResultInfo{}, ErrMissingZoneID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var rules []EmailRoutingRule
-	var rResponse ListEmailRoutingRuleResponse
-	for {
-		rResponse = ListEmailRoutingRuleResponse{}
-		uri := buildURI(fmt.Sprintf("/zones/%s/email/routing/rules", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []EmailRoutingRule{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &rResponse)
-		if err != nil {
-			return []EmailRoutingRule{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		rules = append(rules, rResponse.Result...)
-		params.ResultInfo = rResponse.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return rules, &rResponse.ResultInfo, nil
-}
-
-// CreateEmailRoutingRule Rules consist of a set of criteria for matching emails (such as an email being sent to a specific custom email address) plus a set of actions to take on the email (like forwarding it to a specific destination address).
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-create-routing-rule
-func (api *API) CreateEmailRoutingRule(ctx context.Context, rc *ResourceContainer, params CreateEmailRoutingRuleParameters) (EmailRoutingRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingRule{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return EmailRoutingRule{}, err
-	}
-
-	var r CreateEmailRoutingRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// GetEmailRoutingRule Get information for a specific routing rule already created.
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-get-routing-rule
-func (api *API) GetEmailRoutingRule(ctx context.Context, rc *ResourceContainer, ruleID string) (EmailRoutingRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingRule{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, ruleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return EmailRoutingRule{}, err
-	}
-
-	var r GetEmailRoutingRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateEmailRoutingRule Update actions, matches, or enable/disable specific routing rules
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-update-routing-rule
-func (api *API) UpdateEmailRoutingRule(ctx context.Context, rc *ResourceContainer, params UpdateEmailRoutingRuleParameters) (EmailRoutingRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingRule{}, ErrMissingZoneID
-	}
-
-	if params.RuleID == "" {
-		return EmailRoutingRule{}, ErrMissingRuleID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, params.RuleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return EmailRoutingRule{}, err
-	}
-
-	var r GetEmailRoutingRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteEmailRoutingRule Delete a specific routing rule.
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-delete-routing-rule
-func (api *API) DeleteEmailRoutingRule(ctx context.Context, rc *ResourceContainer, ruleID string) (EmailRoutingRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingRule{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules/%s", rc.Identifier, ruleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return EmailRoutingRule{}, err
-	}
-
-	var r GetEmailRoutingRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// GetEmailRoutingCatchAllRule Get information on the default catch-all routing rule.
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-get-catch-all-rule
-func (api *API) GetEmailRoutingCatchAllRule(ctx context.Context, rc *ResourceContainer) (EmailRoutingCatchAllRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingCatchAllRule{}, ErrMissingZoneID
-	}
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules/catch_all", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return EmailRoutingCatchAllRule{}, err
-	}
-
-	var r EmailRoutingCatchAllRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingCatchAllRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateEmailRoutingCatchAllRule Enable or disable catch-all routing rule, or change action to forward to specific destination address.
-//
-// API reference: https://api.cloudflare.com/#email-routing-routing-rules-update-catch-all-rule
-func (api *API) UpdateEmailRoutingCatchAllRule(ctx context.Context, rc *ResourceContainer, params EmailRoutingCatchAllRule) (EmailRoutingCatchAllRule, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingCatchAllRule{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/rules/catch_all", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return EmailRoutingCatchAllRule{}, err
-	}
-
-	var r EmailRoutingCatchAllRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingCatchAllRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/email_routing_rules_test.go b/pkg/cloudflare-go/email_routing_rules_test.go
deleted file mode 100644
index 5a3cdb4d7c..0000000000
--- a/pkg/cloudflare-go/email_routing_rules_test.go
+++ /dev/null
@@ -1,395 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var testEmailRoutingRule = EmailRoutingRule{
-	Tag:      "a7e6fb77503c41d8a7f3113c6918f10c",
-	Name:     "Rule send to user@example.net",
-	Priority: 0,
-	Enabled:  BoolPtr(true),
-	Matchers: []EmailRoutingRuleMatcher{
-		{
-			Type:  "literal",
-			Field: "to",
-			Value: "test@example.com",
-		},
-	},
-	Actions: []EmailRoutingRuleAction{
-		{
-			Type:  "forward",
-			Value: []string{"destinationaddress@example.net"},
-		},
-	},
-}
-
-func TestEmailRouting_ListRoutingRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-      "name": "Rule send to user@example.net",
-      "priority": 0,
-      "enabled": true,
-      "matchers": [
-        {
-          "type": "literal",
-          "field": "to",
-          "value": "test@example.com"
-        }
-      ],
-      "actions": [
-        {
-          "type": "forward",
-          "value": [
-            "destinationaddress@example.net"
-          ]
-        }
-      ]
-    }
-  ],
-  "result_info": {
-    "page": 1,
-    "per_page": 20,
-    "count": 1,
-    "total_count": 1
-  }
-}`)
-	})
-
-	_, _, err := client.ListEmailRoutingRules(context.Background(), AccountIdentifier(""), ListEmailRoutingRulesParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	res, resInfo, err := client.ListEmailRoutingRules(context.Background(), AccountIdentifier(testZoneID), ListEmailRoutingRulesParameters{Enabled: BoolPtr(true)})
-	if assert.NoError(t, err) {
-		assert.Equal(t, resInfo.Page, 1)
-		assert.Equal(t, testEmailRoutingRule, res[0])
-	}
-}
-
-func TestEmailRouting_CreateRoutingRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Rule send to user@example.net",
-    "priority": 0,
-    "enabled": true,
-    "matchers": [
-      {
-        "type": "literal",
-        "field": "to",
-        "value": "test@example.com"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ]
-  }
-}`)
-	})
-
-	_, err := client.CreateEmailRoutingRule(context.Background(), AccountIdentifier(""), CreateEmailRoutingRuleParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	res, err := client.CreateEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), CreateEmailRoutingRuleParameters{Enabled: BoolPtr(true)})
-	if assert.NoError(t, err) {
-		assert.Equal(t, testEmailRoutingRule, res)
-	}
-}
-
-func TestEmailRouting_GetRoutingRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Rule send to user@example.net",
-    "priority": 0,
-    "enabled": true,
-    "matchers": [
-      {
-        "type": "literal",
-        "field": "to",
-        "value": "test@example.com"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ]
-  }
-}`)
-	})
-
-	_, err := client.GetEmailRoutingRule(context.Background(), ZoneIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	res, err := client.GetEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), "a7e6fb77503c41d8a7f3113c6918f10c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, testEmailRoutingRule, res)
-	}
-}
-
-func TestEmailRouting_UpdateRoutingRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Rule send to user@example.net",
-    "priority": 0,
-    "enabled": true,
-    "matchers": [
-      {
-        "type": "literal",
-        "field": "to",
-        "value": "test@example.com"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ]
-  }
-}`)
-	})
-
-	_, err := client.UpdateEmailRoutingRule(context.Background(), ZoneIdentifier(""), UpdateEmailRoutingRuleParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-	_, err = client.UpdateEmailRoutingRule(context.Background(), ZoneIdentifier(testZoneID), UpdateEmailRoutingRuleParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingRuleID, err)
-	}
-
-	res, err := client.UpdateEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), UpdateEmailRoutingRuleParameters{RuleID: "a7e6fb77503c41d8a7f3113c6918f10c"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, testEmailRoutingRule, res)
-	}
-}
-
-func TestEmailRouting_DeleteRoutingRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/a7e6fb77503c41d8a7f3113c6918f10c", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Rule send to user@example.net",
-    "priority": 0,
-    "enabled": true,
-    "matchers": [
-      {
-        "type": "literal",
-        "field": "to",
-        "value": "test@example.com"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ]
-  }
-}`)
-	})
-
-	_, err := client.DeleteEmailRoutingRule(context.Background(), ZoneIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	res, err := client.DeleteEmailRoutingRule(context.Background(), AccountIdentifier(testZoneID), "a7e6fb77503c41d8a7f3113c6918f10c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, testEmailRoutingRule, res)
-	}
-}
-
-func TestEmailRouting_GetAllRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/catch_all", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Send to user@example.net rule.",
-    "matchers": [
-      {
-        "type": "all"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ],
-    "enabled": true,
-    "priority": 2147483647
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}`)
-	})
-
-	_, err := client.GetEmailRoutingCatchAllRule(context.Background(), ZoneIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := EmailRoutingCatchAllRule{
-		Tag:     "a7e6fb77503c41d8a7f3113c6918f10c",
-		Name:    "Send to user@example.net rule.",
-		Enabled: BoolPtr(true),
-		Matchers: []EmailRoutingRuleMatcher{
-			{
-				Type: "all",
-			},
-		},
-		Actions: []EmailRoutingRuleAction{
-			{
-				Type:  "forward",
-				Value: []string{"destinationaddress@example.net"},
-			},
-		},
-	}
-
-	res, err := client.GetEmailRoutingCatchAllRule(context.Background(), AccountIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_UpdateAllRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/rules/catch_all", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "result": {
-    "tag": "a7e6fb77503c41d8a7f3113c6918f10c",
-    "name": "Send to user@example.net rule.",
-    "matchers": [
-      {
-        "type": "all"
-      }
-    ],
-    "actions": [
-      {
-        "type": "forward",
-        "value": [
-          "destinationaddress@example.net"
-        ]
-      }
-    ],
-    "enabled": true,
-    "priority": 2147483647
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}`)
-	})
-
-	_, err := client.UpdateEmailRoutingCatchAllRule(context.Background(), ZoneIdentifier(""), EmailRoutingCatchAllRule{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := EmailRoutingCatchAllRule{
-		Tag:     "a7e6fb77503c41d8a7f3113c6918f10c",
-		Name:    "Send to user@example.net rule.",
-		Enabled: BoolPtr(true),
-		Matchers: []EmailRoutingRuleMatcher{
-			{
-				Type: "all",
-			},
-		},
-		Actions: []EmailRoutingRuleAction{
-			{
-				Type:  "forward",
-				Value: []string{"destinationaddress@example.net"},
-			},
-		},
-	}
-
-	res, err := client.UpdateEmailRoutingCatchAllRule(context.Background(), AccountIdentifier(testZoneID), EmailRoutingCatchAllRule{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/email_routing_settings.go b/pkg/cloudflare-go/email_routing_settings.go
deleted file mode 100644
index 20fc3eaf8a..0000000000
--- a/pkg/cloudflare-go/email_routing_settings.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type EmailRoutingSettings struct {
-	Tag        string     `json:"tag,omitempty"`
-	Name       string     `json:"name,omitempty"`
-	Enabled    bool       `json:"enabled,omitempty"`
-	Created    *time.Time `json:"created,omitempty"`
-	Modified   *time.Time `json:"modified,omitempty"`
-	SkipWizard *bool      `json:"skip_wizard,omitempty"`
-	Status     string     `json:"status,omitempty"`
-}
-
-type EmailRoutingSettingsResponse struct {
-	Result EmailRoutingSettings `json:"result,omitempty"`
-	Response
-}
-
-type EmailRoutingDNSSettingsResponse struct {
-	Result []DNSRecord `json:"result,omitempty"`
-	Response
-}
-
-// GetEmailRoutingSettings Get information about the settings for your Email Routing zone.
-//
-// API reference: https://api.cloudflare.com/#email-routing-settings-get-email-routing-settings
-func (api *API) GetEmailRoutingSettings(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingSettings{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return EmailRoutingSettings{}, err
-	}
-
-	var r EmailRoutingSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// EnableEmailRouting Enable you Email Routing zone. Add and lock the necessary MX and SPF records.
-//
-// API reference: https://api.cloudflare.com/#email-routing-settings-enable-email-routing
-func (api *API) EnableEmailRouting(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingSettings{}, ErrMissingZoneID
-	}
-	uri := fmt.Sprintf("/zones/%s/email/routing/enable", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return EmailRoutingSettings{}, err
-	}
-
-	var r EmailRoutingSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DisableEmailRouting Disable your Email Routing zone. Also removes additional MX records previously required for Email Routing to work.
-//
-// API reference: https://api.cloudflare.com/#email-routing-settings-disable-email-routing
-func (api *API) DisableEmailRouting(ctx context.Context, rc *ResourceContainer) (EmailRoutingSettings, error) {
-	if rc.Identifier == "" {
-		return EmailRoutingSettings{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/email/routing/disable", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return EmailRoutingSettings{}, err
-	}
-
-	var r EmailRoutingSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return EmailRoutingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetEmailRoutingDNSSettings Show the DNS records needed to configure your Email Routing zone.
-//
-// API reference: https://api.cloudflare.com/#email-routing-settings-email-routing---dns-settings
-func (api *API) GetEmailRoutingDNSSettings(ctx context.Context, rc *ResourceContainer) ([]DNSRecord, error) {
-	if rc.Identifier == "" {
-		return []DNSRecord{}, ErrMissingZoneID
-	}
-	uri := fmt.Sprintf("/zones/%s/email/routing/dns", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DNSRecord{}, err
-	}
-
-	var r EmailRoutingDNSSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []DNSRecord{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/email_routing_settings_test.go b/pkg/cloudflare-go/email_routing_settings_test.go
deleted file mode 100644
index 975e939806..0000000000
--- a/pkg/cloudflare-go/email_routing_settings_test.go
+++ /dev/null
@@ -1,178 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func createTestEmailRoutingSettings() EmailRoutingSettings {
-	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	return EmailRoutingSettings{
-		Tag:        "75610dab9e69410a82cf7e400a09ecec",
-		Name:       "example.net",
-		Enabled:    true,
-		Created:    &created,
-		Modified:   &modified,
-		SkipWizard: BoolPtr(true),
-		Status:     "read",
-	}
-}
-
-func TestEmailRouting_GetSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "75610dab9e69410a82cf7e400a09ecec",
-    "name": "example.net",
-    "enabled": true,
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z",
-    "skip_wizard": true,
-    "status": "read"
-  }
-}`)
-	})
-
-	_, err := client.GetEmailRoutingSettings(context.Background(), AccountIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := createTestEmailRoutingSettings()
-
-	res, err := client.GetEmailRoutingSettings(context.Background(), AccountIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_Enable(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/enable", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "75610dab9e69410a82cf7e400a09ecec",
-    "name": "example.net",
-    "enabled": true,
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z",
-    "skip_wizard": true,
-    "status": "read"
-  }
-}`)
-	})
-
-	_, err := client.EnableEmailRouting(context.Background(), AccountIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := createTestEmailRoutingSettings()
-
-	res, err := client.EnableEmailRouting(context.Background(), AccountIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_Disabled(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/disable", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "tag": "75610dab9e69410a82cf7e400a09ecec",
-    "name": "example.net",
-    "enabled": true,
-    "created": "2014-01-02T02:20:00Z",
-    "modified": "2014-01-02T02:20:00Z",
-    "skip_wizard": true,
-    "status": "read"
-  }
-}`)
-	})
-
-	_, err := client.DisableEmailRouting(context.Background(), AccountIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := createTestEmailRoutingSettings()
-
-	res, err := client.DisableEmailRouting(context.Background(), AccountIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestEmailRouting_DNSSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/email/routing/dns", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "type": "A",
-      "name": "example.com",
-      "content": "192.0.2.1",
-      "ttl": 3600,
-      "priority": 10
-    }
-  ]
-}`)
-	})
-
-	_, err := client.GetEmailRoutingDNSSettings(context.Background(), AccountIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	want := []DNSRecord{
-		{
-			Type:     "A",
-			Name:     "example.com",
-			Content:  "192.0.2.1",
-			TTL:      3600,
-			Priority: Uint16Ptr(10),
-		},
-	}
-
-	res, err := client.GetEmailRoutingDNSSettings(context.Background(), AccountIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Len(t, res, 1)
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/errors.go b/pkg/cloudflare-go/errors.go
deleted file mode 100644
index 85fdc3efac..0000000000
--- a/pkg/cloudflare-go/errors.go
+++ /dev/null
@@ -1,391 +0,0 @@
-package cloudflare
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-)
-
-const (
-	errEmptyCredentials                       = "invalid credentials: key & email must not be empty" //nolint:gosec,unused
-	errEmptyAPIToken                          = "invalid credentials: API Token must not be empty"   //nolint:gosec,unused
-	errInternalServiceError                   = "internal service error"
-	errMakeRequestError                       = "error from makeRequest"
-	errUnmarshalError                         = "error unmarshalling the JSON response"
-	errUnmarshalErrorBody                     = "error unmarshalling the JSON response error body"
-	errRequestNotSuccessful                   = "error reported by API"
-	errMissingAccountID                       = "required missing account ID"
-	errMissingZoneID                          = "required missing zone ID"
-	errMissingAccountOrZoneID                 = "either account ID or zone ID must be provided"
-	errAccountIDAndZoneIDAreMutuallyExclusive = "account ID and zone ID are mutually exclusive"
-	errMissingResourceIdentifier              = "required missing resource identifier"
-	errOperationStillRunning                  = "bulk operation did not finish before timeout"
-	errOperationUnexpectedStatus              = "bulk operation returned an unexpected status"
-	errResultInfo                             = "incorrect pagination info (result_info) in responses"
-	errManualPagination                       = "unexpected pagination options passed to functions that handle pagination automatically"
-	errInvalidResourceIdentifer               = "invalid resource identifier: %s"
-	errInvalidZoneIdentifer                   = "invalid zone identifier: %s"
-	errAPIKeysAndTokensAreMutuallyExclusive   = "API keys and tokens are mutually exclusive" //nolint:gosec
-	errMissingCredentials                     = "no credentials provided"
-
-	errInvalidResourceContainerAccess        = "requested resource container (%q) is not supported for this endpoint"
-	errRequiredAccountLevelResourceContainer = "this endpoint requires using an account level resource container and identifiers"
-	errRequiredZoneLevelResourceContainer    = "this endpoint requires using a zone level resource container and identifiers"
-)
-
-var (
-	ErrAPIKeysAndTokensAreMutuallyExclusive   = errors.New(errAPIKeysAndTokensAreMutuallyExclusive)
-	ErrMissingCredentials                     = errors.New(errMissingCredentials)
-	ErrMissingAccountID                       = errors.New(errMissingAccountID)
-	ErrMissingZoneID                          = errors.New(errMissingZoneID)
-	ErrAccountIDOrZoneIDAreRequired           = errors.New(errMissingAccountOrZoneID)
-	ErrAccountIDAndZoneIDAreMutuallyExclusive = errors.New(errAccountIDAndZoneIDAreMutuallyExclusive)
-	ErrMissingResourceIdentifier              = errors.New(errMissingResourceIdentifier)
-
-	ErrRequiredAccountLevelResourceContainer = errors.New(errRequiredAccountLevelResourceContainer)
-	ErrRequiredZoneLevelResourceContainer    = errors.New(errRequiredZoneLevelResourceContainer)
-)
-
-type ErrorType string
-
-const (
-	ErrorTypeRequest        ErrorType = "request"
-	ErrorTypeAuthentication ErrorType = "authentication"
-	ErrorTypeAuthorization  ErrorType = "authorization"
-	ErrorTypeNotFound       ErrorType = "not_found"
-	ErrorTypeRateLimit      ErrorType = "rate_limit"
-	ErrorTypeService        ErrorType = "service"
-)
-
-type Error struct {
-	// The classification of error encountered.
-	Type ErrorType
-
-	// StatusCode is the HTTP status code from the response.
-	StatusCode int
-
-	// Errors is all of the error messages and codes, combined.
-	Errors []ResponseInfo
-
-	// ErrorCodes is a list of all the error codes.
-	ErrorCodes []int
-
-	// ErrorMessages is a list of all the error codes.
-	ErrorMessages []string
-
-	// Messages is a list of informational messages provided by the endpoint.
-	Messages []ResponseInfo
-
-	// RayID is the internal identifier for the request that was made.
-	RayID string
-}
-
-func (e Error) Error() string {
-	var errString string
-	errMessages := []string{}
-	for _, err := range e.Errors {
-		m := ""
-		if err.Message != "" {
-			m += err.Message
-		}
-
-		if err.Code != 0 {
-			m += fmt.Sprintf(" (%d)", err.Code)
-		}
-
-		errMessages = append(errMessages, m)
-	}
-
-	msgs := []string{}
-	for _, m := range e.Messages {
-		msgs = append(msgs, m.Message)
-	}
-
-	errString += strings.Join(errMessages, ", ")
-
-	// `Messages` is primarily used for additional validation failure notes in
-	// page rules. This shouldn't be used going forward but instead, use the
-	// error fields appropriately.
-	if len(msgs) > 0 {
-		errString += "\n" + strings.Join(msgs, "  \n")
-	}
-
-	return errString
-}
-
-// RequestError is for 4xx errors that we encounter not covered elsewhere
-// (generally bad payloads).
-type RequestError struct {
-	cloudflareError *Error
-}
-
-func (e RequestError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e RequestError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e RequestError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e RequestError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e RequestError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e RequestError) Messages() []ResponseInfo {
-	return e.cloudflareError.Messages
-}
-
-func (e RequestError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e RequestError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewRequestError(e *Error) RequestError {
-	return RequestError{
-		cloudflareError: e,
-	}
-}
-
-// RatelimitError is for HTTP 429s where the service is telling the client to
-// slow down.
-type RatelimitError struct {
-	cloudflareError *Error
-}
-
-func (e RatelimitError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e RatelimitError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e RatelimitError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e RatelimitError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e RatelimitError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e RatelimitError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e RatelimitError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewRatelimitError(e *Error) RatelimitError {
-	return RatelimitError{
-		cloudflareError: e,
-	}
-}
-
-// ServiceError is a handler for 5xx errors returned to the client.
-type ServiceError struct {
-	cloudflareError *Error
-}
-
-func (e ServiceError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e ServiceError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e ServiceError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e ServiceError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e ServiceError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e ServiceError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e ServiceError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewServiceError(e *Error) ServiceError {
-	return ServiceError{
-		cloudflareError: e,
-	}
-}
-
-// AuthenticationError is for HTTP 401 responses.
-type AuthenticationError struct {
-	cloudflareError *Error
-}
-
-func (e AuthenticationError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e AuthenticationError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e AuthenticationError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e AuthenticationError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e AuthenticationError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e AuthenticationError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e AuthenticationError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewAuthenticationError(e *Error) AuthenticationError {
-	return AuthenticationError{
-		cloudflareError: e,
-	}
-}
-
-// AuthorizationError is for HTTP 403 responses.
-type AuthorizationError struct {
-	cloudflareError *Error
-}
-
-func (e AuthorizationError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e AuthorizationError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e AuthorizationError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e AuthorizationError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e AuthorizationError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e AuthorizationError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e AuthorizationError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewAuthorizationError(e *Error) AuthorizationError {
-	return AuthorizationError{
-		cloudflareError: e,
-	}
-}
-
-// NotFoundError is for HTTP 404 responses.
-type NotFoundError struct {
-	cloudflareError *Error
-}
-
-func (e NotFoundError) Error() string {
-	return e.cloudflareError.Error()
-}
-
-func (e NotFoundError) Errors() []ResponseInfo {
-	return e.cloudflareError.Errors
-}
-
-func (e NotFoundError) ErrorCodes() []int {
-	return e.cloudflareError.ErrorCodes
-}
-
-func (e NotFoundError) ErrorMessages() []string {
-	return e.cloudflareError.ErrorMessages
-}
-
-func (e NotFoundError) InternalErrorCodeIs(code int) bool {
-	return e.cloudflareError.InternalErrorCodeIs(code)
-}
-
-func (e NotFoundError) RayID() string {
-	return e.cloudflareError.RayID
-}
-
-func (e NotFoundError) Type() ErrorType {
-	return e.cloudflareError.Type
-}
-
-func NewNotFoundError(e *Error) NotFoundError {
-	return NotFoundError{
-		cloudflareError: e,
-	}
-}
-
-// ClientError returns a boolean whether or not the raised error was caused by
-// something client side.
-func (e *Error) ClientError() bool {
-	return e.StatusCode >= http.StatusBadRequest &&
-		e.StatusCode < http.StatusInternalServerError
-}
-
-// ClientRateLimited returns a boolean whether or not the raised error was
-// caused by too many requests from the client.
-func (e *Error) ClientRateLimited() bool {
-	return e.Type == ErrorTypeRateLimit
-}
-
-// InternalErrorCodeIs returns a boolean whether or not the desired internal
-// error code is present in `e.InternalErrorCodes`.
-func (e *Error) InternalErrorCodeIs(code int) bool {
-	for _, errCode := range e.ErrorCodes {
-		if errCode == code {
-			return true
-		}
-	}
-
-	return false
-}
-
-// ErrorMessageContains returns a boolean whether or not a substring exists in
-// any of the `e.ErrorMessages` slice entries.
-func (e *Error) ErrorMessageContains(s string) bool {
-	for _, errMsg := range e.ErrorMessages {
-		if strings.Contains(errMsg, s) {
-			return true
-		}
-	}
-	return false
-}
diff --git a/pkg/cloudflare-go/errors_external_test.go b/pkg/cloudflare-go/errors_external_test.go
deleted file mode 100644
index c9874106cd..0000000000
--- a/pkg/cloudflare-go/errors_external_test.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package cloudflare_test
-
-import (
-	"testing"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestError_CreateErrors(t *testing.T) {
-	baseErr := &cloudflare.Error{
-		StatusCode: 400,
-		ErrorCodes: []int{10000},
-	}
-
-	requestErr := cloudflare.NewRequestError(baseErr)
-	assert.True(t, requestErr.InternalErrorCodeIs(10000))
-	limitError := cloudflare.NewRatelimitError(baseErr)
-	assert.True(t, limitError.InternalErrorCodeIs(10000))
-	svcErr := cloudflare.NewServiceError(baseErr)
-	assert.True(t, svcErr.InternalErrorCodeIs(10000))
-	authErr := cloudflare.NewAuthenticationError(baseErr)
-	assert.True(t, authErr.InternalErrorCodeIs(10000))
-	authzErr := cloudflare.NewAuthorizationError(baseErr)
-	assert.True(t, authzErr.InternalErrorCodeIs(10000))
-	notFoundErr := cloudflare.NewNotFoundError(baseErr)
-	assert.True(t, notFoundErr.InternalErrorCodeIs(10000))
-}
diff --git a/pkg/cloudflare-go/errors_test.go b/pkg/cloudflare-go/errors_test.go
deleted file mode 100644
index f661990775..0000000000
--- a/pkg/cloudflare-go/errors_test.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package cloudflare
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestError_Error(t *testing.T) {
-	tests := map[string]struct {
-		response []ResponseInfo
-		want     string
-	}{
-		"basic complete response": {
-			response: []ResponseInfo{{
-				Code:    10000,
-				Message: "Authentication error",
-			}},
-			want: "Authentication error (10000)",
-		},
-		"multiple complete response": {
-			response: []ResponseInfo{
-				{
-					Code:    10000,
-					Message: "Authentication error",
-				},
-				{
-					Code:    10001,
-					Message: "Not authentication error",
-				},
-			},
-			want: "Authentication error (10000), Not authentication error (10001)",
-		},
-		"missing internal error code": {
-			response: []ResponseInfo{{
-				Message: "something is broke",
-			}},
-			want: "something is broke",
-		},
-	}
-
-	for name, tc := range tests {
-		t.Run(name, func(t *testing.T) {
-			got := &RequestError{cloudflareError: &Error{
-				StatusCode: 400,
-				Errors:     tc.response,
-			}}
-
-			assert.Equal(t, tc.want, got.Error())
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/example_test.go b/pkg/cloudflare-go/example_test.go
deleted file mode 100644
index 5c6cc83e4f..0000000000
--- a/pkg/cloudflare-go/example_test.go
+++ /dev/null
@@ -1,40 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-const (
-	user   = "cloudflare@example.org"
-	domain = "example.com"
-	apiKey = "deadbeef"
-)
-
-func Example() {
-	api, err := cloudflare.New("deadbeef", "cloudflare@example.org")
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-
-	// Fetch the zone ID for zone example.org
-	zoneID, err := api.ZoneIDByName("example.org")
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-
-	// Fetch all DNS records for example.org
-	records, _, err := api.ListDNSRecords(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListDNSRecordsParams{})
-	if err != nil {
-		fmt.Println(err)
-		return
-	}
-
-	for _, r := range records {
-		fmt.Printf("%s: %s\n", r.Name, r.Content)
-	}
-}
diff --git a/pkg/cloudflare-go/fallback_domain.go b/pkg/cloudflare-go/fallback_domain.go
deleted file mode 100644
index e8bdfc9379..0000000000
--- a/pkg/cloudflare-go/fallback_domain.go
+++ /dev/null
@@ -1,133 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// FallbackDomainResponse represents the response from the get fallback
-// domain endpoints.
-type FallbackDomainResponse struct {
-	Response
-	Result []FallbackDomain `json:"result"`
-}
-
-// FallbackDomain represents the individual domain struct.
-type FallbackDomain struct {
-	Suffix      string   `json:"suffix,omitempty"`
-	Description string   `json:"description,omitempty"`
-	DNSServer   []string `json:"dns_server,omitempty"`
-}
-
-// ListFallbackDomains returns all fallback domains within an account.
-//
-// API reference: https://api.cloudflare.com/#devices-get-local-domain-fallback-list
-func (api *API) ListFallbackDomains(ctx context.Context, accountID string) ([]FallbackDomain, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []FallbackDomain{}, err
-	}
-
-	var fallbackDomainResponse FallbackDomainResponse
-	err = json.Unmarshal(res, &fallbackDomainResponse)
-	if err != nil {
-		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return fallbackDomainResponse.Result, nil
-}
-
-// ListFallbackDomainsDeviceSettingsPolicy returns all fallback domains within an account for a specific device settings policy.
-//
-// API reference: https://api.cloudflare.com/#devices-get-local-domain-fallback-list
-func (api *API) ListFallbackDomainsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) ([]FallbackDomain, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains", AccountRouteRoot, accountID, policyID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []FallbackDomain{}, err
-	}
-
-	var fallbackDomainResponse FallbackDomainResponse
-	err = json.Unmarshal(res, &fallbackDomainResponse)
-	if err != nil {
-		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return fallbackDomainResponse.Result, nil
-}
-
-// UpdateFallbackDomain updates the existing fallback domain policy.
-//
-// API reference: https://api.cloudflare.com/#devices-set-local-domain-fallback-list
-func (api *API) UpdateFallbackDomain(ctx context.Context, accountID string, domains []FallbackDomain) ([]FallbackDomain, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domains)
-	if err != nil {
-		return []FallbackDomain{}, err
-	}
-
-	var fallbackDomainResponse FallbackDomainResponse
-	err = json.Unmarshal(res, &fallbackDomainResponse)
-	if err != nil {
-		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return fallbackDomainResponse.Result, nil
-}
-
-// UpdateFallbackDomainDeviceSettingsPolicy updates the existing fallback domain policy for a specific device settings policy.
-//
-// API reference: https://api.cloudflare.com/#devices-set-local-domain-fallback-list
-func (api *API) UpdateFallbackDomainDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, domains []FallbackDomain) ([]FallbackDomain, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains", AccountRouteRoot, accountID, policyID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domains)
-	if err != nil {
-		return []FallbackDomain{}, err
-	}
-
-	var fallbackDomainResponse FallbackDomainResponse
-	err = json.Unmarshal(res, &fallbackDomainResponse)
-	if err != nil {
-		return []FallbackDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return fallbackDomainResponse.Result, nil
-}
-
-// RestoreFallbackDomainDefaultsDeviceSettingsPolicy resets the domain fallback values to the default
-// list for a specific device settings policy.
-//
-// API reference: TBA.
-func (api *API) RestoreFallbackDomainDefaults(ctx context.Context, accountID string) error {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/fallback_domains?reset_defaults=true", AccountRouteRoot, accountID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, []string{})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// RestoreFallbackDomainDefaults resets the domain fallback values to the default
-// list.
-//
-// API reference: TBA.
-func (api *API) RestoreFallbackDomainDefaultsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string) error {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/fallback_domains?reset_defaults=true", AccountRouteRoot, accountID, policyID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, []string{})
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/fallback_domain_test.go b/pkg/cloudflare-go/fallback_domain_test.go
deleted file mode 100644
index 159e909e64..0000000000
--- a/pkg/cloudflare-go/fallback_domain_test.go
+++ /dev/null
@@ -1,236 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListFallbackDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "suffix": "example.com",
-          "description": "Domain bypass for local development"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []FallbackDomain{{
-		Suffix:      "example.com",
-		Description: "Domain bypass for local development",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
-
-	actual, err := client.ListFallbackDomains(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListFallbackDomainsDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "suffix": "example.com",
-          "description": "Domain bypass for local development"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []FallbackDomain{{
-		Suffix:      "example.com",
-		Description: "Domain bypass for local development",
-	}}
-
-	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/fallback_domains", handler)
-
-	actual, err := client.ListFallbackDomainsDeviceSettingsPolicy(context.Background(), testAccountID, policyID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestFallbackDomainDNSServer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "suffix": "example.com",
-          "description": "Domain bypass for local development",
-					"dns_server": ["192.168.0.1", "10.1.1.1"]
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []FallbackDomain{{
-		Suffix:      "example.com",
-		Description: "Domain bypass for local development",
-		DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
-
-	actual, err := client.ListFallbackDomains(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateFallbackDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "suffix": "example_one.com",
-          "description": "example one",
-					"dns_server": ["192.168.0.1", "10.1.1.1"]
-       },
-       {
-          "suffix": "example_two.com",
-          "description": "example two"
-       },
-       {
-          "suffix": "example_three.com",
-          "description": "example three"
-       }
-      ]
-    }
-    `)
-	}
-
-	domains := []FallbackDomain{
-		{
-			Suffix:      "example_one.com",
-			Description: "example one",
-			DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
-		},
-		{
-			Suffix:      "example_two.com",
-			Description: "example two",
-		},
-		{
-			Suffix:      "example_three.com",
-			Description: "example three",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/fallback_domains", handler)
-
-	actual, err := client.UpdateFallbackDomain(context.Background(), testAccountID, domains)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, domains, actual)
-	}
-}
-
-func TestUpdateFallbackDomainDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "suffix": "example_one.com",
-          "description": "example one",
-					"dns_server": ["192.168.0.1", "10.1.1.1"]
-       },
-       {
-          "suffix": "example_two.com",
-          "description": "example two"
-       },
-       {
-          "suffix": "example_three.com",
-          "description": "example three"
-       }
-      ]
-    }
-    `)
-	}
-
-	domains := []FallbackDomain{
-		{
-			Suffix:      "example_one.com",
-			Description: "example one",
-			DNSServer:   []string{"192.168.0.1", "10.1.1.1"},
-		},
-		{
-			Suffix:      "example_two.com",
-			Description: "example two",
-		},
-		{
-			Suffix:      "example_three.com",
-			Description: "example three",
-		},
-	}
-
-	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/fallback_domains", handler)
-
-	actual, err := client.UpdateFallbackDomainDeviceSettingsPolicy(context.Background(), testAccountID, policyID, domains)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, domains, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/filter.go b/pkg/cloudflare-go/filter.go
deleted file mode 100644
index 107cab5440..0000000000
--- a/pkg/cloudflare-go/filter.go
+++ /dev/null
@@ -1,290 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrNotEnoughFilterIDsProvided = errors.New("at least one filter ID must be provided.")
-
-// Filter holds the structure of the filter type.
-type Filter struct {
-	ID          string `json:"id,omitempty"`
-	Expression  string `json:"expression"`
-	Paused      bool   `json:"paused"`
-	Description string `json:"description"`
-
-	// Property is mentioned in documentation however isn't populated in
-	// any of the API requests. For now, let's just omit it unless it's
-	// provided.
-	Ref string `json:"ref,omitempty"`
-}
-
-// FiltersDetailResponse is the API response that is returned
-// for requesting all filters on a zone.
-type FiltersDetailResponse struct {
-	Result     []Filter `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// FilterDetailResponse is the API response that is returned
-// for requesting a single filter on a zone.
-type FilterDetailResponse struct {
-	Result     Filter `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// FilterValidateExpression represents the JSON payload for checking
-// an expression.
-type FilterValidateExpression struct {
-	Expression string `json:"expression"`
-}
-
-// FilterValidateExpressionResponse represents the API response for
-// checking the expression. It conforms to the JSON API approach however
-// we don't need all of the fields exposed.
-type FilterValidateExpressionResponse struct {
-	Success bool                                `json:"success"`
-	Errors  []FilterValidationExpressionMessage `json:"errors"`
-}
-
-// FilterValidationExpressionMessage represents the API error message.
-type FilterValidationExpressionMessage struct {
-	Message string `json:"message"`
-}
-
-// FilterCreateParams contains required and optional params
-// for creating a filter.
-type FilterCreateParams struct {
-	ID          string `json:"id,omitempty"`
-	Expression  string `json:"expression"`
-	Paused      bool   `json:"paused"`
-	Description string `json:"description"`
-	Ref         string `json:"ref,omitempty"`
-}
-
-// FilterUpdateParams contains required and optional params
-// for updating a filter.
-type FilterUpdateParams struct {
-	ID          string `json:"id"`
-	Expression  string `json:"expression"`
-	Paused      bool   `json:"paused"`
-	Description string `json:"description"`
-	Ref         string `json:"ref,omitempty"`
-}
-
-type FilterListParams struct {
-	ResultInfo
-}
-
-// Filter returns a single filter in a zone based on the filter ID.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-by-filter-id
-func (api *API) Filter(ctx context.Context, rc *ResourceContainer, filterID string) (Filter, error) {
-	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, filterID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Filter{}, err
-	}
-
-	var filterResponse FilterDetailResponse
-	err = json.Unmarshal(res, &filterResponse)
-	if err != nil {
-		return Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return filterResponse.Result, nil
-}
-
-// Filters returns filters for a zone.
-//
-// Automatically paginates all results unless `params.PerPage` and `params.Page`
-// is set.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/get/#get-all-filters
-func (api *API) Filters(ctx context.Context, rc *ResourceContainer, params FilterListParams) ([]Filter, *ResultInfo, error) {
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var filters []Filter
-	var fResponse FiltersDetailResponse
-	for {
-		fResponse = FiltersDetailResponse{}
-		uri := buildURI(fmt.Sprintf("/zones/%s/filters", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []Filter{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &fResponse)
-		if err != nil {
-			return []Filter{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-		}
-
-		filters = append(filters, fResponse.Result...)
-		params.ResultInfo = fResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return filters, &fResponse.ResultInfo, nil
-}
-
-// CreateFilters creates new filters.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/post/
-func (api *API) CreateFilters(ctx context.Context, rc *ResourceContainer, params []FilterCreateParams) ([]Filter, error) {
-	uri := fmt.Sprintf("/zones/%s/filters", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return []Filter{}, err
-	}
-
-	var filtersResponse FiltersDetailResponse
-	err = json.Unmarshal(res, &filtersResponse)
-	if err != nil {
-		return []Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return filtersResponse.Result, nil
-}
-
-// UpdateFilter updates a single filter.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/put/#update-a-single-filter
-func (api *API) UpdateFilter(ctx context.Context, rc *ResourceContainer, params FilterUpdateParams) (Filter, error) {
-	if params.ID == "" {
-		return Filter{}, fmt.Errorf("filter ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, params.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Filter{}, err
-	}
-
-	var filterResponse FilterDetailResponse
-	err = json.Unmarshal(res, &filterResponse)
-	if err != nil {
-		return Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return filterResponse.Result, nil
-}
-
-// UpdateFilters updates many filters at once.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/put/#update-multiple-filters
-func (api *API) UpdateFilters(ctx context.Context, rc *ResourceContainer, params []FilterUpdateParams) ([]Filter, error) {
-	for _, filter := range params {
-		if filter.ID == "" {
-			return []Filter{}, fmt.Errorf("filter ID cannot be empty")
-		}
-	}
-
-	uri := fmt.Sprintf("/zones/%s/filters", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return []Filter{}, err
-	}
-
-	var filtersResponse FiltersDetailResponse
-	err = json.Unmarshal(res, &filtersResponse)
-	if err != nil {
-		return []Filter{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return filtersResponse.Result, nil
-}
-
-// DeleteFilter deletes a single filter.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/delete/#delete-a-single-filter
-func (api *API) DeleteFilter(ctx context.Context, rc *ResourceContainer, filterID string) error {
-	if filterID == "" {
-		return fmt.Errorf("filter ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/filters/%s", rc.Identifier, filterID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// DeleteFilters deletes multiple filters.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/delete/#delete-multiple-filters
-func (api *API) DeleteFilters(ctx context.Context, rc *ResourceContainer, filterIDs []string) error {
-	if len(filterIDs) == 0 {
-		return ErrNotEnoughFilterIDsProvided
-	}
-
-	// Swap this to a typed struct and passing in all parameters together.
-	q := url.Values{}
-	for _, id := range filterIDs {
-		q.Add("id", id)
-	}
-
-	uri := (&url.URL{
-		Path:     fmt.Sprintf("/zones/%s/filters", rc.Identifier),
-		RawQuery: q.Encode(),
-	}).String()
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ValidateFilterExpression checks correctness of a filter expression.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-filters/validation/
-func (api *API) ValidateFilterExpression(ctx context.Context, expression string) error {
-	expressionPayload := FilterValidateExpression{Expression: expression}
-
-	_, err := api.makeRequestContext(ctx, http.MethodPost, "/filters/validate-expr", expressionPayload)
-	if err != nil {
-		var filterValidationResponse FilterValidateExpressionResponse
-
-		jsonErr := json.Unmarshal([]byte(err.Error()), &filterValidationResponse)
-		if jsonErr != nil {
-			return fmt.Errorf(errUnmarshalError+": %w", jsonErr)
-		}
-
-		if !filterValidationResponse.Success {
-			// Unsure why but the API returns `errors` as an array but it only
-			// ever shows the issue with one problem at a time ¯\_(ツ)_/¯
-			return fmt.Errorf(filterValidationResponse.Errors[0].Message)
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/filter_test.go b/pkg/cloudflare-go/filter_test.go
deleted file mode 100644
index b36c7cc8e5..0000000000
--- a/pkg/cloudflare-go/filter_test.go
+++ /dev/null
@@ -1,391 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFilter(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"id": "b7ff25282d394be7b945e23c7106ce8a",
-				"paused": false,
-				"description": "Login from office",
-				"expression": "ip.src eq 198.51.100.1"
-			},
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/b7ff25282d394be7b945e23c7106ce8a", handler)
-	want := Filter{
-		ID:          "b7ff25282d394be7b945e23c7106ce8a",
-		Paused:      false,
-		Description: "Login from office",
-		Expression:  "ip.src eq 198.51.100.1",
-	}
-
-	actual, err := client.Filter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "b7ff25282d394be7b945e23c7106ce8a")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestFilters(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-					{
-						"id": "b7ff25282d394be7b945e23c7106ce8a",
-						"paused": false,
-						"description": "Login from office",
-						"expression": "ip.src eq 93.184.216.0 and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")"
-					},
-					{
-						"id": "c218c536b2bd406f958f278cf0fa8c0f",
-						"paused": false,
-						"description": "Login",
-						"expression": "(http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")"
-					},
-					{
-						"id": "f2a64520581a4209aab12187a0081364",
-						"paused": false,
-						"description": "not /api",
-						"expression": "not http.request.uri.path matches \"^/api/.*$\""
-			}, {
-						"id": "14217d7bd5ab435e84b1bd468bf4fb9f",
-						"paused": false,
-						"description": "/api",
-						"expression": "http.request.uri.path matches \"^/api/.*$\""
-			}, {
-						"id": "60ee852f9cbb4802978d15600c7f3110",
-						"paused": false,
-						"expression": "ip.src eq 93.184.216.0"
-			} ],
-				"success": true,
-				"errors": null,
-				"messages": null,
-				"result_info": {
-					"page": 1,
-					"per_page": 25,
-					"count": 5,
-					"total_count": 5,
-					"total_pages": 1
-			} }
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
-	want := []Filter{
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from office",
-			Expression:  "ip.src eq 93.184.216.0 and (http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",
-		},
-		{
-			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-			Paused:      false,
-			Description: "Login",
-			Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\" or http.request.uri.path ~ \"^.*/xmlrpc.php$\")",
-		},
-		{
-			ID:          "f2a64520581a4209aab12187a0081364",
-			Paused:      false,
-			Description: "not /api",
-			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
-		},
-		{
-			ID:          "14217d7bd5ab435e84b1bd468bf4fb9f",
-			Paused:      false,
-			Description: "/api",
-			Expression:  "http.request.uri.path matches \"^/api/.*$\"",
-		}, {
-			ID:         "60ee852f9cbb4802978d15600c7f3110",
-			Paused:     false,
-			Expression: "ip.src eq 93.184.216.0",
-		},
-	}
-
-	actual, _, err := client.Filters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), FilterListParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSingleFilter(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-				{
-					"id": "b7ff25282d394be7b945e23c7106ce8a",
-					"paused": false,
-					"description": "Login from office",
-					"expression": "ip.src eq 198.51.100.1"
-				}
-			],
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
-	params := []FilterCreateParams{
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from office",
-			Expression:  "ip.src eq 198.51.100.1",
-		},
-	}
-
-	want := []Filter{
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from office",
-			Expression:  "ip.src eq 198.51.100.1",
-		},
-	}
-
-	actual, err := client.CreateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMultipleFilters(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-				{
-					"id": "b7ff25282d394be7b945e23c7106ce8a",
-					"paused": false,
-					"description": "Login from office",
-					"expression": "ip.src eq 198.51.100.1"
-				},
-				{
-					"id": "b7ff25282d394be7b945e23c7106ce8a",
-					"paused": false,
-					"description": "Login from second office",
-					"expression": "ip.src eq 10.0.0.1"
-				}
-			],
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
-	params := []FilterCreateParams{
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from office",
-			Expression:  "ip.src eq 198.51.100.1",
-		},
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from second office",
-			Expression:  "ip.src eq 10.0.0.1",
-		},
-	}
-
-	want := []Filter{
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from office",
-			Expression:  "ip.src eq 198.51.100.1",
-		},
-		{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Paused:      false,
-			Description: "Login from second office",
-			Expression:  "ip.src eq 10.0.0.1",
-		},
-	}
-
-	actual, err := client.CreateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSingleFilter(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-					"id": "60ee852f9cbb4802978d15600c7f3110",
-					"paused": false,
-					"description": "IP of example.org",
-					"expression": "ip.src eq 93.184.216.0"
-			},
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/60ee852f9cbb4802978d15600c7f3110", handler)
-	params := FilterUpdateParams{
-		ID:          "60ee852f9cbb4802978d15600c7f3110",
-		Paused:      false,
-		Description: "IP of example.org",
-		Expression:  "ip.src eq 93.184.216.0",
-	}
-
-	want := Filter{
-		ID:          "60ee852f9cbb4802978d15600c7f3110",
-		Paused:      false,
-		Description: "IP of example.org",
-		Expression:  "ip.src eq 93.184.216.0",
-	}
-
-	actual, err := client.UpdateFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateMultipleFilters(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-				{
-					"id": "60ee852f9cbb4802978d15600c7f3110",
-					"paused": false,
-					"description": "IP of example.org",
-					"expression": "ip.src eq 93.184.216.0"
-				},
-				{
-					"id": "c218c536b2bd406f958f278cf0fa8c0f",
-					"paused": false,
-					"description": "IP of example.com",
-					"expression": "ip.src ne 198.51.100.1"
-				}
-			],
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters", handler)
-	params := []FilterUpdateParams{
-		{
-			ID:          "60ee852f9cbb4802978d15600c7f3110",
-			Paused:      false,
-			Description: "IP of example.org",
-			Expression:  "ip.src eq 93.184.216.0",
-		},
-		{
-			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-			Paused:      false,
-			Description: "IP of example.com",
-			Expression:  "ip.src ne 198.51.100.1",
-		},
-	}
-
-	want := []Filter{
-		{
-			ID:          "60ee852f9cbb4802978d15600c7f3110",
-			Paused:      false,
-			Description: "IP of example.org",
-			Expression:  "ip.src eq 93.184.216.0",
-		},
-		{
-			ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-			Paused:      false,
-			Description: "IP of example.com",
-			Expression:  "ip.src ne 198.51.100.1",
-		},
-	}
-
-	actual, err := client.UpdateFilters(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteFilter(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [],
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/filters/60ee852f9cbb4802978d15600c7f3110", handler)
-
-	err := client.DeleteFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "60ee852f9cbb4802978d15600c7f3110")
-	assert.Nil(t, err)
-	assert.NoError(t, err)
-}
-
-func TestDeleteFilterWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	err := client.DeleteFilter(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "")
-	assert.EqualError(t, err, "filter ID cannot be empty")
-}
diff --git a/pkg/cloudflare-go/firewall.go b/pkg/cloudflare-go/firewall.go
deleted file mode 100644
index 893165c570..0000000000
--- a/pkg/cloudflare-go/firewall.go
+++ /dev/null
@@ -1,281 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// AccessRule represents a firewall access rule.
-type AccessRule struct {
-	ID            string                  `json:"id,omitempty"`
-	Notes         string                  `json:"notes,omitempty"`
-	AllowedModes  []string                `json:"allowed_modes,omitempty"`
-	Mode          string                  `json:"mode,omitempty"`
-	Configuration AccessRuleConfiguration `json:"configuration,omitempty"`
-	Scope         AccessRuleScope         `json:"scope,omitempty"`
-	CreatedOn     time.Time               `json:"created_on,omitempty"`
-	ModifiedOn    time.Time               `json:"modified_on,omitempty"`
-}
-
-// AccessRuleConfiguration represents the configuration of a firewall
-// access rule.
-type AccessRuleConfiguration struct {
-	Target string `json:"target,omitempty"`
-	Value  string `json:"value,omitempty"`
-}
-
-// AccessRuleScope represents the scope of a firewall access rule.
-type AccessRuleScope struct {
-	ID    string `json:"id,omitempty"`
-	Email string `json:"email,omitempty"`
-	Name  string `json:"name,omitempty"`
-	Type  string `json:"type,omitempty"`
-}
-
-// AccessRuleResponse represents the response from the firewall access
-// rule endpoint.
-type AccessRuleResponse struct {
-	Result AccessRule `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// AccessRuleListResponse represents the response from the list access rules
-// endpoint.
-type AccessRuleListResponse struct {
-	Result []AccessRule `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// ListUserAccessRules returns a slice of access rules for the logged-in user.
-//
-// This takes an AccessRule to allow filtering of the results returned.
-//
-// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
-func (api *API) ListUserAccessRules(ctx context.Context, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
-	return api.listAccessRules(ctx, "/user", accessRule, page)
-}
-
-// CreateUserAccessRule creates a firewall access rule for the logged-in user.
-//
-// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-create-access-rule
-func (api *API) CreateUserAccessRule(ctx context.Context, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.createAccessRule(ctx, "/user", accessRule)
-}
-
-// UserAccessRule returns the details of a user's account access rule.
-//
-// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules
-func (api *API) UserAccessRule(ctx context.Context, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.retrieveAccessRule(ctx, "/user", accessRuleID)
-}
-
-// UpdateUserAccessRule updates a single access rule for the logged-in user &
-// given access rule identifier.
-//
-// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
-func (api *API) UpdateUserAccessRule(ctx context.Context, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.updateAccessRule(ctx, "/user", accessRuleID, accessRule)
-}
-
-// DeleteUserAccessRule deletes a single access rule for the logged-in user and
-// access rule identifiers.
-//
-// API reference: https://api.cloudflare.com/#user-level-firewall-access-rule-update-access-rule
-func (api *API) DeleteUserAccessRule(ctx context.Context, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.deleteAccessRule(ctx, "/user", accessRuleID)
-}
-
-// ListZoneAccessRules returns a slice of access rules for the given zone
-// identifier.
-//
-// This takes an AccessRule to allow filtering of the results returned.
-//
-// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
-func (api *API) ListZoneAccessRules(ctx context.Context, zoneID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
-	return api.listAccessRules(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRule, page)
-}
-
-// CreateZoneAccessRule creates a firewall access rule for the given zone
-// identifier.
-//
-// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-create-access-rule
-func (api *API) CreateZoneAccessRule(ctx context.Context, zoneID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.createAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRule)
-}
-
-// ZoneAccessRule returns the details of a zone's access rule.
-//
-// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-list-access-rules
-func (api *API) ZoneAccessRule(ctx context.Context, zoneID string, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.retrieveAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID)
-}
-
-// UpdateZoneAccessRule updates a single access rule for the given zone &
-// access rule identifiers.
-//
-// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-update-access-rule
-func (api *API) UpdateZoneAccessRule(ctx context.Context, zoneID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.updateAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID, accessRule)
-}
-
-// DeleteZoneAccessRule deletes a single access rule for the given zone and
-// access rule identifiers.
-//
-// API reference: https://api.cloudflare.com/#firewall-access-rule-for-a-zone-delete-access-rule
-func (api *API) DeleteZoneAccessRule(ctx context.Context, zoneID, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.deleteAccessRule(ctx, fmt.Sprintf("/zones/%s", zoneID), accessRuleID)
-}
-
-// ListAccountAccessRules returns a slice of access rules for the given
-// account identifier.
-//
-// This takes an AccessRule to allow filtering of the results returned.
-//
-// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-list-access-rules
-func (api *API) ListAccountAccessRules(ctx context.Context, accountID string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
-	return api.listAccessRules(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRule, page)
-}
-
-// CreateAccountAccessRule creates a firewall access rule for the given
-// account identifier.
-//
-// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-create-access-rule
-func (api *API) CreateAccountAccessRule(ctx context.Context, accountID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.createAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRule)
-}
-
-// AccountAccessRule returns the details of an account's access rule.
-//
-// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-access-rule-details
-func (api *API) AccountAccessRule(ctx context.Context, accountID string, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.retrieveAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID)
-}
-
-// UpdateAccountAccessRule updates a single access rule for the given
-// account & access rule identifiers.
-//
-// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-update-access-rule
-func (api *API) UpdateAccountAccessRule(ctx context.Context, accountID, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	return api.updateAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID, accessRule)
-}
-
-// DeleteAccountAccessRule deletes a single access rule for the given
-// account and access rule identifiers.
-//
-// API reference: https://api.cloudflare.com/#account-level-firewall-access-rule-delete-access-rule
-func (api *API) DeleteAccountAccessRule(ctx context.Context, accountID, accessRuleID string) (*AccessRuleResponse, error) {
-	return api.deleteAccessRule(ctx, fmt.Sprintf("/accounts/%s", accountID), accessRuleID)
-}
-
-func (api *API) listAccessRules(ctx context.Context, prefix string, accessRule AccessRule, page int) (*AccessRuleListResponse, error) {
-	// Construct a query string
-	v := url.Values{}
-	if page <= 0 {
-		page = 1
-	}
-	v.Set("page", strconv.Itoa(page))
-	// Request as many rules as possible per page - API max is 100
-	v.Set("per_page", "100")
-	if accessRule.Notes != "" {
-		v.Set("notes", accessRule.Notes)
-	}
-	if accessRule.Mode != "" {
-		v.Set("mode", accessRule.Mode)
-	}
-	if accessRule.Scope.Type != "" {
-		v.Set("scope_type", accessRule.Scope.Type)
-	}
-	if accessRule.Configuration.Value != "" {
-		v.Set("configuration_value", accessRule.Configuration.Value)
-	}
-	if accessRule.Configuration.Target != "" {
-		v.Set("configuration_target", accessRule.Configuration.Target)
-	}
-	v.Set("page", strconv.Itoa(page))
-
-	uri := fmt.Sprintf("%s/firewall/access_rules/rules?%s", prefix, v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &AccessRuleListResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response, nil
-}
-
-func (api *API) createAccessRule(ctx context.Context, prefix string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	uri := fmt.Sprintf("%s/firewall/access_rules/rules", prefix)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, accessRule)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &AccessRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-func (api *API) retrieveAccessRule(ctx context.Context, prefix, accessRuleID string) (*AccessRuleResponse, error) {
-	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	if err != nil {
-		return nil, err
-	}
-
-	response := &AccessRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-func (api *API) updateAccessRule(ctx context.Context, prefix, accessRuleID string, accessRule AccessRule) (*AccessRuleResponse, error) {
-	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, accessRule)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &AccessRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response, nil
-}
-
-func (api *API) deleteAccessRule(ctx context.Context, prefix, accessRuleID string) (*AccessRuleResponse, error) {
-	uri := fmt.Sprintf("%s/firewall/access_rules/rules/%s", prefix, accessRuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &AccessRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
diff --git a/pkg/cloudflare-go/firewall_example_test.go b/pkg/cloudflare-go/firewall_example_test.go
deleted file mode 100644
index 571b617096..0000000000
--- a/pkg/cloudflare-go/firewall_example_test.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListZoneAccessRules_all() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch all access rules for a zone
-	response, err := api.ListZoneAccessRules(context.Background(), zoneID, cloudflare.AccessRule{}, 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range response.Result {
-		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
-	}
-}
-
-func ExampleAPI_ListZoneAccessRules_filterByIP() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch only access rules whose target is 198.51.100.1
-	localhost := cloudflare.AccessRule{
-		Configuration: cloudflare.AccessRuleConfiguration{Target: "198.51.100.1"},
-	}
-	response, err := api.ListZoneAccessRules(context.Background(), zoneID, localhost, 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range response.Result {
-		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
-	}
-}
-
-func ExampleAPI_ListZoneAccessRules_filterByMode() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch access rules with an action of "block"
-	foo := cloudflare.AccessRule{
-		Mode: "block",
-	}
-	response, err := api.ListZoneAccessRules(context.Background(), zoneID, foo, 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range response.Result {
-		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
-	}
-}
-
-func ExampleAPI_ListZoneAccessRules_filterByNote() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch only access rules with notes containing "example"
-	foo := cloudflare.AccessRule{
-		Notes: "example",
-	}
-	response, err := api.ListZoneAccessRules(context.Background(), zoneID, foo, 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range response.Result {
-		fmt.Printf("%s: %s\n", r.Configuration.Value, r.Mode)
-	}
-}
diff --git a/pkg/cloudflare-go/firewall_rules.go b/pkg/cloudflare-go/firewall_rules.go
deleted file mode 100644
index edcd2a0b93..0000000000
--- a/pkg/cloudflare-go/firewall_rules.go
+++ /dev/null
@@ -1,244 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// FirewallRule is the struct of the firewall rule.
-type FirewallRule struct {
-	ID          string      `json:"id,omitempty"`
-	Paused      bool        `json:"paused"`
-	Description string      `json:"description"`
-	Action      string      `json:"action"`
-	Priority    interface{} `json:"priority"`
-	Filter      Filter      `json:"filter"`
-	Products    []string    `json:"products,omitempty"`
-	Ref         string      `json:"ref,omitempty"`
-	CreatedOn   time.Time   `json:"created_on,omitempty"`
-	ModifiedOn  time.Time   `json:"modified_on,omitempty"`
-}
-
-// FirewallRulesDetailResponse is the API response for the firewall
-// rules.
-type FirewallRulesDetailResponse struct {
-	Result     []FirewallRule `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// FirewallRuleResponse is the API response that is returned
-// for requesting a single firewall rule on a zone.
-type FirewallRuleResponse struct {
-	Result     FirewallRule `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// FirewallRuleCreateParams contains required and optional params
-// for creating a firewall rule.
-type FirewallRuleCreateParams struct {
-	ID          string      `json:"id,omitempty"`
-	Paused      bool        `json:"paused"`
-	Description string      `json:"description"`
-	Action      string      `json:"action"`
-	Priority    interface{} `json:"priority"`
-	Filter      Filter      `json:"filter"`
-	Products    []string    `json:"products,omitempty"`
-	Ref         string      `json:"ref,omitempty"`
-}
-
-// FirewallRuleUpdateParams contains required and optional params
-// for updating a firewall rule.
-type FirewallRuleUpdateParams struct {
-	ID          string      `json:"id"`
-	Paused      bool        `json:"paused"`
-	Description string      `json:"description"`
-	Action      string      `json:"action"`
-	Priority    interface{} `json:"priority"`
-	Filter      Filter      `json:"filter"`
-	Products    []string    `json:"products,omitempty"`
-	Ref         string      `json:"ref,omitempty"`
-}
-
-type FirewallRuleListParams struct {
-	ResultInfo
-}
-
-// FirewallRules returns all firewall rules.
-//
-// Automatically paginates all results unless `params.PerPage` and `params.Page`
-// is set.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/get/#get-all-rules
-func (api *API) FirewallRules(ctx context.Context, rc *ResourceContainer, params FirewallRuleListParams) ([]FirewallRule, *ResultInfo, error) {
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var firewallRules []FirewallRule
-	var fResponse FirewallRulesDetailResponse
-	for {
-		fResponse = FirewallRulesDetailResponse{}
-		uri := buildURI(fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []FirewallRule{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &fResponse)
-		if err != nil {
-			return []FirewallRule{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-		}
-
-		firewallRules = append(firewallRules, fResponse.Result...)
-		params.ResultInfo = fResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return firewallRules, &fResponse.ResultInfo, nil
-}
-
-// FirewallRule returns a single firewall rule based on the ID.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/get/#get-by-rule-id
-func (api *API) FirewallRule(ctx context.Context, rc *ResourceContainer, firewallRuleID string) (FirewallRule, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, firewallRuleID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return FirewallRule{}, err
-	}
-
-	var firewallRuleResponse FirewallRuleResponse
-	err = json.Unmarshal(res, &firewallRuleResponse)
-	if err != nil {
-		return FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return firewallRuleResponse.Result, nil
-}
-
-// CreateFirewallRules creates new firewall rules.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/post/
-func (api *API) CreateFirewallRules(ctx context.Context, rc *ResourceContainer, params []FirewallRuleCreateParams) ([]FirewallRule, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return []FirewallRule{}, err
-	}
-
-	var firewallRulesDetailResponse FirewallRulesDetailResponse
-	err = json.Unmarshal(res, &firewallRulesDetailResponse)
-	if err != nil {
-		return []FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return firewallRulesDetailResponse.Result, nil
-}
-
-// UpdateFirewallRule updates a single firewall rule.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/put/#update-a-single-rule
-func (api *API) UpdateFirewallRule(ctx context.Context, rc *ResourceContainer, params FirewallRuleUpdateParams) (FirewallRule, error) {
-	if params.ID == "" {
-		return FirewallRule{}, fmt.Errorf("firewall rule ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, params.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return FirewallRule{}, err
-	}
-
-	var firewallRuleResponse FirewallRuleResponse
-	err = json.Unmarshal(res, &firewallRuleResponse)
-	if err != nil {
-		return FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return firewallRuleResponse.Result, nil
-}
-
-// UpdateFirewallRules updates a single firewall rule.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/put/#update-multiple-rules
-func (api *API) UpdateFirewallRules(ctx context.Context, rc *ResourceContainer, params []FirewallRuleUpdateParams) ([]FirewallRule, error) {
-	for _, firewallRule := range params {
-		if firewallRule.ID == "" {
-			return []FirewallRule{}, fmt.Errorf("firewall ID cannot be empty")
-		}
-	}
-
-	uri := fmt.Sprintf("/zones/%s/firewall/rules", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return []FirewallRule{}, err
-	}
-
-	var firewallRulesDetailResponse FirewallRulesDetailResponse
-	err = json.Unmarshal(res, &firewallRulesDetailResponse)
-	if err != nil {
-		return []FirewallRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return firewallRulesDetailResponse.Result, nil
-}
-
-// DeleteFirewallRule deletes a single firewall rule.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/delete/#delete-a-single-rule
-func (api *API) DeleteFirewallRule(ctx context.Context, rc *ResourceContainer, firewallRuleID string) error {
-	if firewallRuleID == "" {
-		return fmt.Errorf("firewall rule ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/firewall/rules/%s", rc.Identifier, firewallRuleID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// DeleteFirewallRules deletes multiple firewall rules at once.
-//
-// API reference: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/delete/#delete-multiple-rules
-func (api *API) DeleteFirewallRules(ctx context.Context, rc *ResourceContainer, firewallRuleIDs []string) error {
-	v := url.Values{}
-
-	for _, ruleID := range firewallRuleIDs {
-		v.Add("id", ruleID)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/firewall/rules?%s", rc.Identifier, v.Encode())
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/firewall_rules_test.go b/pkg/cloudflare-go/firewall_rules_test.go
deleted file mode 100644
index 42db16192e..0000000000
--- a/pkg/cloudflare-go/firewall_rules_test.go
+++ /dev/null
@@ -1,630 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFirewallRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-				{
-					"id":"2ae338944d6143383c3cf05a7c80d984",
-					"paused":false,
-					"description":"allow uploads without waf",
-					"action":"bypass",
-					"products": ["waf"],
-					"priority":null,
-					"filter":{
-						"id":"74217d7bd5ab435e84b1bd473bf4fb9f",
-						"expression":"http.request.uri.path matches \"^/upload$\"",
-						"paused":false,
-						"description":"/upload"
-					}
-				},
-				{
-					"id":"4ae338944d6143378c3cf05a7c77d983",
-					"paused":false,
-					"description":"allow API traffic without challenge",
-					"action":"allow",
-					"priority":null,
-					"filter":{
-						"id":"14217d7bd5ab435e84b1bd468bf4fb9f",
-						"expression":"http.request.uri.path matches \"^/api/.*$\"",
-						"paused":false,
-						"description":"/api"
-					}
-				},
-				{
-					"id":"f2d427378e7542acb295380d352e2ebd",
-					"paused":false,
-					"description":"do not challenge login from office",
-					"action":"allow",
-					"priority":null,
-					"filter":{
-						"id":"b7ff25282d394be7b945e23c7106ce8a",
-						"expression":"(http.request.uri.path ~ \"^.*/xmlrpc.php$\"",
-						"paused":false,
-						"description":"wordpress xmlrpc"
-					}
-				},
-				{
-					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
-					"paused":false,
-					"description":"challenge login",
-					"action":"challenge",
-					"priority":null,
-					"filter":{
-						"id":"c218c536b2bd406f958f278cf0fa8c0f",
-						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\"",
-						"paused":false,
-						"description":"Login"
-					}
-				},
-				{
-					"id":"52161eb6af4241bb9d4b32394be72fdf",
-					"paused":false,
-					"description":"JS challenge site",
-					"action":"js_challenge",
-					"priority":null,
-					"filter":{
-						"id":"f2a64520581a4209aab12187a0081364",
-						"expression":"not http.request.uri.path matches \"^/api/.*$\"",
-						"paused":false,
-						"description":"not /api"
-					}
-				}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null,
-			"result_info":{
-				"page":1,
-				"per_page":25,
-				"count":5,
-				"total_count":5
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
-	want := []FirewallRule{
-		{
-			ID:          "2ae338944d6143383c3cf05a7c80d984",
-			Paused:      false,
-			Description: "allow uploads without waf",
-			Action:      "bypass",
-			Priority:    nil,
-			Products:    []string{"waf"},
-			Filter: Filter{
-				ID:          "74217d7bd5ab435e84b1bd473bf4fb9f",
-				Expression:  "http.request.uri.path matches \"^/upload$\"",
-				Paused:      false,
-				Description: "/upload",
-			},
-		},
-		{
-			ID:          "4ae338944d6143378c3cf05a7c77d983",
-			Paused:      false,
-			Description: "allow API traffic without challenge",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "14217d7bd5ab435e84b1bd468bf4fb9f",
-				Expression:  "http.request.uri.path matches \"^/api/.*$\"",
-				Paused:      false,
-				Description: "/api",
-			},
-		},
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "(http.request.uri.path ~ \"^.*/xmlrpc.php$\"",
-				Paused:      false,
-				Description: "wordpress xmlrpc",
-			},
-		},
-		{
-			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Paused:      false,
-			Description: "challenge login",
-			Action:      "challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\"",
-				Paused:      false,
-				Description: "Login",
-			},
-		},
-		{
-			ID:          "52161eb6af4241bb9d4b32394be72fdf",
-			Paused:      false,
-			Description: "JS challenge site",
-			Action:      "js_challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "f2a64520581a4209aab12187a0081364",
-				Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
-				Paused:      false,
-				Description: "not /api",
-			},
-		},
-	}
-
-	actual, _, err := client.FirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), FirewallRuleListParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestFirewallRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":{
-				"id":"f2d427378e7542acb295380d352e2ebd",
-				"paused":false,
-				"description":"do not challenge login from office",
-				"action":"allow",
-				"priority":null,
-				"filter":{
-					"id":"b7ff25282d394be7b945e23c7106ce8a",
-					"expression":"ip.src in {198.51.100.1} ~ \"^.*/login.php$\")",
-					"paused":false,
-					"description":"Login from office"
-				}
-			},
-			"success":true,
-			"errors":null,
-			"messages":null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/f2d427378e7542acb295380d352e2ebd", handler)
-	want := FirewallRule{
-		ID:          "f2d427378e7542acb295380d352e2ebd",
-		Paused:      false,
-		Description: "do not challenge login from office",
-		Action:      "allow",
-		Priority:    nil,
-		Filter: Filter{
-			ID:          "b7ff25282d394be7b945e23c7106ce8a",
-			Expression:  "ip.src in {198.51.100.1} ~ \"^.*/login.php$\")",
-			Paused:      false,
-			Description: "Login from office",
-		},
-	}
-
-	actual, err := client.FirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "f2d427378e7542acb295380d352e2ebd")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSingleFirewallRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-				{
-					"id":"f2d427378e7542acb295380d352e2ebd",
-					"paused":false,
-					"description":"do not challenge login from office",
-					"action":"allow",
-					"priority":null,
-					"filter":{
-						"id":"b7ff25282d394be7b945e23c7106ce8a",
-						"expression":"ip.src in {198.51.100.0/24}",
-						"paused":false,
-						"description":"Login from office"
-					}
-				}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
-	params := []FirewallRuleCreateParams{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-	}
-
-	want := []FirewallRule{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-	}
-
-	actual, err := client.CreateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMultipleFirewallRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-				{
-					"id":"f2d427378e7542acb295380d352e2ebd",
-					"paused":false,
-					"description":"do not challenge login from office",
-					"action":"allow",
-					"priority":null,
-					"filter":{
-						"id":"b7ff25282d394be7b945e23c7106ce8a",
-						"expression":"ip.src in {198.51.100.0/24}",
-						"paused":false,
-						"description":"Login from office"
-					}
-				},
-				{
-					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
-					"paused":false,
-					"description":"challenge login",
-					"action":"challenge",
-					"priority":null,
-					"filter":{
-						"id":"c218c536b2bd406f958f278cf0fa8c0f",
-						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-						"paused":false,
-						"description":"Login"
-					}
-				}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
-	params := []FirewallRuleCreateParams{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-		{
-			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Paused:      false,
-			Description: "challenge login",
-			Action:      "challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-				Paused:      false,
-				Description: "Login",
-			},
-		},
-	}
-
-	want := []FirewallRule{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-		{
-			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Paused:      false,
-			Description: "challenge login",
-			Action:      "challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-				Paused:      false,
-				Description: "Login",
-			},
-		},
-	}
-
-	actual, err := client.CreateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateFirewallRuleWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	want := FirewallRuleUpdateParams{
-		ID:          "",
-		Paused:      false,
-		Description: "challenge site",
-		Action:      "challenge",
-		Priority:    nil,
-		Filter: Filter{
-			ID:          "f2a64520581a4209aab12187a0081364",
-			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
-			Paused:      false,
-			Description: "not /api",
-		},
-	}
-
-	_, err := client.UpdateFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), want)
-	assert.EqualError(t, err, "firewall rule ID cannot be empty")
-}
-
-func TestUpdateSingleFirewallRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":{
-				"id":"52161eb6af4241bb9d4b32394be72fdf",
-				"paused":false,
-				"description":"challenge site",
-				"action":"challenge",
-				"priority":null,
-				"filter":{
-					"id":"f2a64520581a4209aab12187a0081364",
-					"expression":"not http.request.uri.path matches \"^/api/.*$\"",
-					"paused":false,
-					"description":"not /api"
-				}
-			},
-			"success":true,
-			"errors":null,
-			"messages":null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/52161eb6af4241bb9d4b32394be72fdf", handler)
-	params := FirewallRuleUpdateParams{
-		ID:          "52161eb6af4241bb9d4b32394be72fdf",
-		Paused:      false,
-		Description: "challenge site",
-		Action:      "challenge",
-		Priority:    nil,
-		Filter: Filter{
-			ID:          "f2a64520581a4209aab12187a0081364",
-			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
-			Paused:      false,
-			Description: "not /api",
-		},
-	}
-
-	want := FirewallRule{
-		ID:          "52161eb6af4241bb9d4b32394be72fdf",
-		Paused:      false,
-		Description: "challenge site",
-		Action:      "challenge",
-		Priority:    nil,
-		Filter: Filter{
-			ID:          "f2a64520581a4209aab12187a0081364",
-			Expression:  "not http.request.uri.path matches \"^/api/.*$\"",
-			Paused:      false,
-			Description: "not /api",
-		},
-	}
-
-	actual, err := client.UpdateFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateMultipleFirewallRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-				{
-					"id":"f2d427378e7542acb295380d352e2ebd",
-					"paused":false,
-					"description":"do not challenge login from office",
-					"action":"allow",
-					"priority":null,
-					"filter":{
-						"id":"b7ff25282d394be7b945e23c7106ce8a",
-						"expression":"ip.src in {198.51.100.0/24}",
-						"paused":false,
-						"description":"Login from office"
-					}
-				},
-				{
-					"id":"cbf4b7a5a2a24e59a03044d6d44ceb09",
-					"paused":false,
-					"description":"challenge login",
-					"action":"challenge",
-					"priority":null,
-					"filter":{
-						"id":"c218c536b2bd406f958f278cf0fa8c0f",
-						"expression":"(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-						"paused":false,
-						"description":"Login"
-					}
-				}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules", handler)
-	params := []FirewallRuleUpdateParams{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-		{
-			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Paused:      false,
-			Description: "challenge login",
-			Action:      "challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-				Paused:      false,
-				Description: "Login",
-			},
-		},
-	}
-
-	want := []FirewallRule{
-		{
-			ID:          "f2d427378e7542acb295380d352e2ebd",
-			Paused:      false,
-			Description: "do not challenge login from office",
-			Action:      "allow",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "b7ff25282d394be7b945e23c7106ce8a",
-				Expression:  "ip.src in {198.51.100.0/24}",
-				Paused:      false,
-				Description: "Login from office",
-			},
-		},
-		{
-			ID:          "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Paused:      false,
-			Description: "challenge login",
-			Action:      "challenge",
-			Priority:    nil,
-			Filter: Filter{
-				ID:          "c218c536b2bd406f958f278cf0fa8c0f",
-				Expression:  "(http.request.uri.path ~ \"^.*/wp-login.php$\")",
-				Paused:      false,
-				Description: "Login",
-			},
-		},
-	}
-
-	actual, err := client.UpdateFirewallRules(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSingleFirewallRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [],
-			"success": true,
-			"errors": null,
-			"messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/rules/f2d427378e7542acb295380d352e2ebd", handler)
-
-	err := client.DeleteFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "f2d427378e7542acb295380d352e2ebd")
-	assert.NoError(t, err)
-}
-
-func TestDeleteFirewallRuleWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	err := client.DeleteFirewallRule(context.Background(), ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), "")
-	assert.EqualError(t, err, "firewall rule ID cannot be empty")
-}
diff --git a/pkg/cloudflare-go/firewall_test.go b/pkg/cloudflare-go/firewall_test.go
deleted file mode 100644
index b8a1bcb823..0000000000
--- a/pkg/cloudflare-go/firewall_test.go
+++ /dev/null
@@ -1,406 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestListAccessRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "92f17202ed8bd63d69a66b86a49a8f6b",
-					"notes": "This rule is on because of an event that occurred on date X",
-					"allowed_modes": [
-						"whitelist",
-						"block",
-						"challenge",
-						"js_challenge"
-					],
-					"mode": "challenge",
-					"configuration": {
-						"target": "ip",
-						"value": "198.51.100.4"
-					},
-					"created_on": "2014-01-01T05:20:00Z",
-					"modified_on": "2014-01-01T05:20:00Z",
-					"scope": {
-						"id": "7c5dae5552338874e5053f2534d2767a",
-						"email": "user@example.com",
-						"type": "user"
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 200
-			}
-		}`)
-	}
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := &AccessRuleListResponse{
-		Result: []AccessRule{{
-			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
-			Notes:        "This rule is on because of an event that occurred on date X",
-			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
-			Mode:         "challenge",
-			Configuration: AccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.4",
-			},
-			CreatedOn:  createdOn,
-			ModifiedOn: modifiedOn,
-			Scope: AccessRuleScope{
-				ID:    "7c5dae5552338874e5053f2534d2767a",
-				Email: "user@example.com",
-				Type:  "user",
-			},
-		}},
-		ResultInfo: ResultInfo{
-			Page:    1,
-			PerPage: 20,
-			Count:   1,
-			Total:   200,
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	accessRule := AccessRule{
-		Notes: "my note",
-		Mode:  "challenge",
-		Configuration: AccessRuleConfiguration{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		},
-	}
-
-	mux.HandleFunc("/user/firewall/access_rules/rules", handler)
-	actual, err := client.ListUserAccessRules(context.Background(), accessRule, 1)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules", handler)
-	actual, err = client.ListZoneAccessRules(context.Background(), testZoneID, accessRule, 1)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules", handler)
-	actual, err = client.ListAccountAccessRules(context.Background(), testAccountID, accessRule, 1)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestCreateAccessRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := AccessRule{
-		Mode: "challenge",
-		Configuration: AccessRuleConfiguration{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		},
-		Notes: "This rule is on because of an event that occurred on date X",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		var v AccessRule
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
-				"notes": "This rule is on because of an event that occurred on date X",
-				"allowed_modes": [
-					"whitelist",
-					"block",
-					"challenge",
-					"js_challenge"
-				],
-				"mode": "challenge",
-				"configuration": {
-					"target": "ip",
-					"value": "198.51.100.4"
-				},
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"scope": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"email": "user@example.com",
-					"type": "user"
-				}
-			}
-		}`)
-	}
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := &AccessRuleResponse{
-		Result: AccessRule{
-			ID:            "92f17202ed8bd63d69a66b86a49a8f6b",
-			Notes:         input.Notes,
-			AllowedModes:  []string{"whitelist", "block", "challenge", "js_challenge"},
-			Mode:          input.Mode,
-			Configuration: input.Configuration,
-			CreatedOn:     createdOn,
-			ModifiedOn:    modifiedOn,
-			Scope: AccessRuleScope{
-				ID:    "7c5dae5552338874e5053f2534d2767a",
-				Email: "user@example.com",
-				Type:  "user",
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	mux.HandleFunc("/user/firewall/access_rules/rules", handler)
-	actual, err := client.CreateUserAccessRule(context.Background(), input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules", handler)
-	actual, err = client.CreateZoneAccessRule(context.Background(), testZoneID, input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules", handler)
-	actual, err = client.CreateAccountAccessRule(context.Background(), testAccountID, input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestAccessRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
-				"notes": "This rule is on because of an event that occurred on date X",
-				"allowed_modes": [
-					"whitelist",
-					"block",
-					"challenge",
-					"js_challenge"
-				],
-				"mode": "challenge",
-				"configuration": {
-					"target": "ip",
-					"value": "198.51.100.4"
-				},
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"scope": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"email": "user@example.com",
-					"type": "user"
-				}
-			}
-		}`)
-	}
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := &AccessRuleResponse{
-		Result: AccessRule{
-			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
-			Notes:        "This rule is on because of an event that occurred on date X",
-			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
-			Mode:         "challenge",
-			Configuration: AccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.4",
-			},
-			CreatedOn:  createdOn,
-			ModifiedOn: modifiedOn,
-			Scope: AccessRuleScope{
-				ID:    "7c5dae5552338874e5053f2534d2767a",
-				Email: "user@example.com",
-				Type:  "user",
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
-
-	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err := client.UserAccessRule(context.Background(), accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.ZoneAccessRule(context.Background(), testZoneID, accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.AccountAccessRule(context.Background(), testAccountID, accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateAccessRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := AccessRule{
-		Mode:  "challenge",
-		Notes: "This rule is on because of an event that occurred on date X",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v AccessRule
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "92f17202ed8bd63d69a66b86a49a8f6b",
-				"notes": "This rule is on because of an event that occurred on date X",
-				"allowed_modes": [
-					"whitelist",
-					"block",
-					"challenge",
-					"js_challenge"
-				],
-				"mode": "challenge",
-				"configuration": {
-					"target": "ip",
-					"value": "198.51.100.4"
-				},
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"scope": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"email": "user@example.com",
-					"type": "user"
-				}
-			}
-		}`)
-	}
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := &AccessRuleResponse{
-		Result: AccessRule{
-			ID:           "92f17202ed8bd63d69a66b86a49a8f6b",
-			Notes:        "This rule is on because of an event that occurred on date X",
-			AllowedModes: []string{"whitelist", "block", "challenge", "js_challenge"},
-			Mode:         "challenge",
-			Configuration: AccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.4",
-			},
-			CreatedOn:  createdOn,
-			ModifiedOn: modifiedOn,
-			Scope: AccessRuleScope{
-				ID:    "7c5dae5552338874e5053f2534d2767a",
-				Email: "user@example.com",
-				Type:  "user",
-			},
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
-
-	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err := client.UpdateUserAccessRule(context.Background(), accessRuleID, input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.UpdateZoneAccessRule(context.Background(), testZoneID, accessRuleID, input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.UpdateAccountAccessRule(context.Background(), testAccountID, accessRuleID, input)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestDeleteAccessRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "92f17202ed8bd63d69a66b86a49a8f6b"
-			}
-		}`)
-	}
-
-	want := &AccessRuleResponse{
-		Result: AccessRule{
-			ID: "92f17202ed8bd63d69a66b86a49a8f6b",
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	accessRuleID := "92f17202ed8bd63d69a66b86a49a8f6b"
-
-	mux.HandleFunc("/user/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err := client.DeleteUserAccessRule(context.Background(), accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.DeleteZoneAccessRule(context.Background(), testZoneID, accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/firewall/access_rules/rules/"+accessRuleID, handler)
-	actual, err = client.DeleteAccountAccessRule(context.Background(), testAccountID, accessRuleID)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
diff --git a/pkg/cloudflare-go/flake.lock b/pkg/cloudflare-go/flake.lock
deleted file mode 100644
index 153b6ef7dd..0000000000
--- a/pkg/cloudflare-go/flake.lock
+++ /dev/null
@@ -1,540 +0,0 @@
-{
-  "nodes": {
-    "builtfilter": {
-      "inputs": {
-        "flox-floxpkgs": [
-          "flox-floxpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1679586988,
-        "narHash": "sha256-TkoF4E4yN40s042YG6DaOzk+vtbzsoey0lUO+tm03is=",
-        "owner": "flox",
-        "repo": "builtfilter",
-        "rev": "931a381bb96d909f51fcf25d7ca4fa9dcfb12aff",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "builtfilter-rs",
-        "repo": "builtfilter",
-        "type": "github"
-      }
-    },
-    "capacitor": {
-      "inputs": {
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-lib": "nixpkgs-lib"
-      },
-      "locked": {
-        "lastModified": 1675110136,
-        "narHash": "sha256-83n/ZLBMoIkgYGy12F1hNaqMUgJsfkno5P1+sm9liOU=",
-        "owner": "flox",
-        "repo": "capacitor",
-        "rev": "9d4b9bce0f439e01fe2c2b2a1bfe08592a6204c4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "v0",
-        "repo": "capacitor",
-        "type": "github"
-      }
-    },
-    "capacitor_2": {
-      "inputs": {
-        "nixpkgs": [
-          "flox-floxpkgs",
-          "nixpkgs",
-          "nixpkgs"
-        ],
-        "nixpkgs-lib": "nixpkgs-lib_2"
-      },
-      "locked": {
-        "lastModified": 1675110136,
-        "narHash": "sha256-83n/ZLBMoIkgYGy12F1hNaqMUgJsfkno5P1+sm9liOU=",
-        "owner": "flox",
-        "repo": "capacitor",
-        "rev": "9d4b9bce0f439e01fe2c2b2a1bfe08592a6204c4",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "repo": "capacitor",
-        "type": "github"
-      }
-    },
-    "catalog": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1665076737,
-        "narHash": "sha256-S0bD7Z434Lvm7U4VHwvmxdTMrexdr72Yk6z0ExE3j7s=",
-        "owner": "flox",
-        "repo": "floxpkgs",
-        "rev": "bd8326c2fea27d01933eacb922f5ae70f97140c6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "publish",
-        "repo": "floxpkgs",
-        "type": "github"
-      }
-    },
-    "commitizen-src": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1679149521,
-        "narHash": "sha256-F/fbBEwG7ijHELy4RnpvlXOPkTsXFxjALdK7UIGIzMo=",
-        "owner": "commitizen-tools",
-        "repo": "commitizen",
-        "rev": "378a42881891633d8a81939cb46426eb36ed01aa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "commitizen-tools",
-        "repo": "commitizen",
-        "type": "github"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flox": {
-      "inputs": {
-        "commitizen-src": "commitizen-src",
-        "flox-bash": [
-          "flox-floxpkgs",
-          "flox-bash"
-        ],
-        "flox-floxpkgs": [
-          "flox-floxpkgs"
-        ],
-        "shellHooks": "shellHooks"
-      },
-      "locked": {
-        "lastModified": 1679679655,
-        "narHash": "sha256-zug5lg3CqDMkmtbort6CHFJgUPyzRip0tg7t3dbSTWo=",
-        "ref": "main",
-        "rev": "98a44ab06d9f9f5e4824fd3add2d32aef95e606f",
-        "revCount": 427,
-        "type": "git",
-        "url": "ssh://git@github.com/flox/flox"
-      },
-      "original": {
-        "ref": "main",
-        "type": "git",
-        "url": "ssh://git@github.com/flox/flox"
-      }
-    },
-    "flox-bash": {
-      "inputs": {
-        "flox-floxpkgs": [
-          "flox-floxpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1679665116,
-        "narHash": "sha256-v1qgb6rOVa9q8oIlps/Z4kw7+YQqN3AsScNEgy5xwGQ=",
-        "ref": "main",
-        "rev": "db7efcacb5f5935b286006288f23f931a573a918",
-        "revCount": 216,
-        "type": "git",
-        "url": "ssh://git@github.com/flox/flox-bash"
-      },
-      "original": {
-        "ref": "main",
-        "type": "git",
-        "url": "ssh://git@github.com/flox/flox-bash"
-      }
-    },
-    "flox-floxpkgs": {
-      "inputs": {
-        "builtfilter": "builtfilter",
-        "capacitor": "capacitor",
-        "catalog": "catalog",
-        "flox": "flox",
-        "flox-bash": "flox-bash",
-        "nixpkgs": "nixpkgs_3",
-        "tracelinks": "tracelinks"
-      },
-      "locked": {
-        "lastModified": 1680131458,
-        "narHash": "sha256-B0xvpF2h5iotKAMP13l0VtsXRAPwKQLitmxKdBSWLQQ=",
-        "owner": "flox",
-        "repo": "floxpkgs",
-        "rev": "6d8216d24ce8959b599107ccff8b15c959540b1a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "repo": "floxpkgs",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "flox-floxpkgs",
-          "flox",
-          "shellHooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1676973346,
-        "narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
-        "owner": "flox",
-        "repo": "nixpkgs",
-        "rev": "d0d55259081f0b97c828f38559cad899d351cad1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "stable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1679791877,
-        "narHash": "sha256-tTV1Mf0hPWIMtqyU16Kd2JUBDWvfHlDC9pF57vcbgpQ=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "cc060ddbf652a532b54057081d5abd6144d01971",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixpkgs-lib_2": {
-      "locked": {
-        "lastModified": 1679791877,
-        "narHash": "sha256-tTV1Mf0hPWIMtqyU16Kd2JUBDWvfHlDC9pF57vcbgpQ=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "cc060ddbf652a532b54057081d5abd6144d01971",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1678872516,
-        "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-22.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable_2": {
-      "locked": {
-        "lastModified": 1676973346,
-        "narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
-        "owner": "flox",
-        "repo": "nixpkgs",
-        "rev": "d0d55259081f0b97c828f38559cad899d351cad1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "stable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-staging": {
-      "locked": {
-        "lastModified": 1679262748,
-        "narHash": "sha256-DQCrrAFrkxijC6haUzOC5ZoFqpcv/tg2WxnyW3np1Cc=",
-        "owner": "flox",
-        "repo": "nixpkgs",
-        "rev": "60c1d71f2ba4c80178ec84523c2ca0801522e0a6",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "staging",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1679944645,
-        "narHash": "sha256-e5Qyoe11UZjVfgRfwNoSU57ZeKuEmjYb77B9IVW7L/M=",
-        "owner": "flox",
-        "repo": "nixpkgs",
-        "rev": "4bb072f0a8b267613c127684e099a70e1f6ff106",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "ref": "unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1678898370,
-        "narHash": "sha256-xTICr1j+uat5hk9FyuPOFGxpWHdJRibwZC+ATi0RbtE=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "ac718d02867a84b42522a0ece52d841188208f2c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
-      "inputs": {
-        "capacitor": "capacitor_2",
-        "flox": [
-          "flox-floxpkgs",
-          "flox"
-        ],
-        "flox-bash": [
-          "flox-floxpkgs",
-          "flox-bash"
-        ],
-        "flox-floxpkgs": [
-          "flox-floxpkgs"
-        ],
-        "nixpkgs": [
-          "flox-floxpkgs",
-          "nixpkgs",
-          "nixpkgs-stable"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable_2",
-        "nixpkgs-staging": "nixpkgs-staging",
-        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nixpkgs__flox__aarch64-darwin": "nixpkgs__flox__aarch64-darwin",
-        "nixpkgs__flox__aarch64-linux": "nixpkgs__flox__aarch64-linux",
-        "nixpkgs__flox__i686-linux": "nixpkgs__flox__i686-linux",
-        "nixpkgs__flox__x86_64-darwin": "nixpkgs__flox__x86_64-darwin",
-        "nixpkgs__flox__x86_64-linux": "nixpkgs__flox__x86_64-linux"
-      },
-      "locked": {
-        "lastModified": 1680113891,
-        "narHash": "sha256-JiAmKV8ECf877cDbTum06NQ28n8FvwC4DYlCYzEVWxg=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "b7e7e40e2aa1ca2a44db440f5dc52213564af02f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "nixpkgs__flox__aarch64-darwin": {
-      "flake": false,
-      "locked": {
-        "host": "catalog.floxsdlc.com",
-        "lastModified": 1680113678,
-        "narHash": "sha256-rCkwbly3gyvNcw21VBMXcf6EmF7crKZAS8Ylh2B5H+I=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "31d3b5fafdf504842e1e47a0c9b5888cf5dbae06",
-        "type": "github"
-      },
-      "original": {
-        "host": "catalog.floxsdlc.com",
-        "owner": "flox",
-        "ref": "aarch64-darwin",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "nixpkgs__flox__aarch64-linux": {
-      "flake": false,
-      "locked": {
-        "host": "catalog.floxsdlc.com",
-        "lastModified": 1680113660,
-        "narHash": "sha256-ZofvvoatURsk1p5JvqajdrcO9iIT7UHjV2cb7io4FK0=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "8112f3ce4a227cd5088165d929761d877eea6709",
-        "type": "github"
-      },
-      "original": {
-        "host": "catalog.floxsdlc.com",
-        "owner": "flox",
-        "ref": "aarch64-linux",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "nixpkgs__flox__i686-linux": {
-      "flake": false,
-      "locked": {
-        "host": "catalog.floxsdlc.com",
-        "lastModified": 1680113793,
-        "narHash": "sha256-xbjWq4lOP+K2772K8kDF17+CPoVyalqXYWyoH3x8au8=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "c189975540c856ac025be398761788c118ff5733",
-        "type": "github"
-      },
-      "original": {
-        "host": "catalog.floxsdlc.com",
-        "owner": "flox",
-        "ref": "i686-linux",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "nixpkgs__flox__x86_64-darwin": {
-      "flake": false,
-      "locked": {
-        "host": "catalog.floxsdlc.com",
-        "lastModified": 1680113786,
-        "narHash": "sha256-HBNnTigb0MxCM6j6XmIH/0BRlUp7Rpe1et13TBf7xfM=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "5ab94a52855a10ad1ac0edd7277654bd587faf3e",
-        "type": "github"
-      },
-      "original": {
-        "host": "catalog.floxsdlc.com",
-        "owner": "flox",
-        "ref": "x86_64-darwin",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "nixpkgs__flox__x86_64-linux": {
-      "flake": false,
-      "locked": {
-        "host": "catalog.floxsdlc.com",
-        "lastModified": 1680113768,
-        "narHash": "sha256-YnzWsglWn0TAeg2xQaVg8UFgALVU0TYZ/PdKV32EEtk=",
-        "owner": "flox",
-        "repo": "nixpkgs-flox",
-        "rev": "50ecffffa7c51a92a7a6bb9eb105625ed8b8f18d",
-        "type": "github"
-      },
-      "original": {
-        "host": "catalog.floxsdlc.com",
-        "owner": "flox",
-        "ref": "x86_64-linux",
-        "repo": "nixpkgs-flox",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "flox-floxpkgs": "flox-floxpkgs"
-      }
-    },
-    "shellHooks": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
-        "gitignore": "gitignore",
-        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1678976941,
-        "narHash": "sha256-skNr08frCwN9NO+7I77MjOHHAw+L410/37JknNld+W4=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "32b1dbedfd77892a6e375737ef04d8efba634e9e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
-    "tracelinks": {
-      "inputs": {
-        "flox-floxpkgs": [
-          "flox-floxpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1674847293,
-        "narHash": "sha256-wPirp+8gIUpoAgE8zoXZalAJzCzcdDHKLEPOapJUtfs=",
-        "ref": "main",
-        "rev": "46108503f52bc2fcc948abb9b00fc65a13e5f5bd",
-        "revCount": 9,
-        "type": "git",
-        "url": "ssh://git@github.com/flox/tracelinks"
-      },
-      "original": {
-        "ref": "main",
-        "type": "git",
-        "url": "ssh://git@github.com/flox/tracelinks"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}
diff --git a/pkg/cloudflare-go/flake.nix b/pkg/cloudflare-go/flake.nix
deleted file mode 100644
index 3fd85dbded..0000000000
--- a/pkg/cloudflare-go/flake.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{
-  description = "A flox project";
-
-  inputs.flox-floxpkgs.url = "github:flox/floxpkgs";
-
-  outputs = args @ {flox-floxpkgs, ...}: flox-floxpkgs.project args (_: {});
-}
diff --git a/pkg/cloudflare-go/flox.nix b/pkg/cloudflare-go/flox.nix
deleted file mode 100644
index 3f82311a7e..0000000000
--- a/pkg/cloudflare-go/flox.nix
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  packages.nixpkgs-flox.go_1_20 = { };
-}
diff --git a/pkg/cloudflare-go/go.mod b/pkg/cloudflare-go/go.mod
deleted file mode 100644
index 5524d69758..0000000000
--- a/pkg/cloudflare-go/go.mod
+++ /dev/null
@@ -1,32 +0,0 @@
-module github.com/cloudflare/cloudflare-go
-
-go 1.19
-
-require (
-	github.com/goccy/go-json v0.10.3
-	github.com/google/go-querystring v1.1.0
-	github.com/hashicorp/go-retryablehttp v0.7.7
-	github.com/olekukonko/tablewriter v0.0.5
-	github.com/stretchr/testify v1.9.0
-	github.com/urfave/cli/v2 v2.27.2
-	golang.org/x/net v0.26.0
-	golang.org/x/time v0.5.0
-)
-
-require gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
-
-require (
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/kr/pretty v0.3.0 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/rogpeppe/go-internal v1.8.1 // indirect
-	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 // indirect
-	golang.org/x/text v0.16.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-)
diff --git a/pkg/cloudflare-go/go.sum b/pkg/cloudflare-go/go.sum
deleted file mode 100644
index b1a05597db..0000000000
--- a/pkg/cloudflare-go/go.sum
+++ /dev/null
@@ -1,64 +0,0 @@
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
-github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
-github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
-github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
-github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913 h1:+qGGcbkzsfDQNPPe9UDgpxAWQrhbbBXOYJFQDq/dtJw=
-github.com/xrash/smetrics v0.0.0-20240312152122-5f08fbb34913/go.mod h1:4aEEwZQutDLsQv2Deui4iYQ6DWTxR14g6m8Wv88+Xqk=
-golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
-golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/pkg/cloudflare-go/healthchecks.go b/pkg/cloudflare-go/healthchecks.go
deleted file mode 100644
index cd5acd154c..0000000000
--- a/pkg/cloudflare-go/healthchecks.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Healthcheck describes a Healthcheck object.
-type Healthcheck struct {
-	ID                   string                 `json:"id,omitempty"`
-	CreatedOn            *time.Time             `json:"created_on,omitempty"`
-	ModifiedOn           *time.Time             `json:"modified_on,omitempty"`
-	Name                 string                 `json:"name"`
-	Description          string                 `json:"description"`
-	Suspended            bool                   `json:"suspended"`
-	Address              string                 `json:"address"`
-	Retries              int                    `json:"retries,omitempty"`
-	Timeout              int                    `json:"timeout,omitempty"`
-	Interval             int                    `json:"interval,omitempty"`
-	ConsecutiveSuccesses int                    `json:"consecutive_successes,omitempty"`
-	ConsecutiveFails     int                    `json:"consecutive_fails,omitempty"`
-	Type                 string                 `json:"type,omitempty"`
-	CheckRegions         []string               `json:"check_regions"`
-	HTTPConfig           *HealthcheckHTTPConfig `json:"http_config,omitempty"`
-	TCPConfig            *HealthcheckTCPConfig  `json:"tcp_config,omitempty"`
-	Status               string                 `json:"status"`
-	FailureReason        string                 `json:"failure_reason"`
-}
-
-// HealthcheckHTTPConfig describes configuration for a HTTP healthcheck.
-type HealthcheckHTTPConfig struct {
-	Method          string              `json:"method"`
-	Port            uint16              `json:"port,omitempty"`
-	Path            string              `json:"path"`
-	ExpectedCodes   []string            `json:"expected_codes"`
-	ExpectedBody    string              `json:"expected_body"`
-	FollowRedirects bool                `json:"follow_redirects"`
-	AllowInsecure   bool                `json:"allow_insecure"`
-	Header          map[string][]string `json:"header"`
-}
-
-// HealthcheckTCPConfig describes configuration for a TCP healthcheck.
-type HealthcheckTCPConfig struct {
-	Method string `json:"method"`
-	Port   uint16 `json:"port,omitempty"`
-}
-
-// HealthcheckListResponse is the API response, containing an array of healthchecks.
-type HealthcheckListResponse struct {
-	Response
-	Result     []Healthcheck `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// HealthcheckResponse is the API response, containing a single healthcheck.
-type HealthcheckResponse struct {
-	Response
-	Result Healthcheck `json:"result"`
-}
-
-// Healthchecks returns all healthchecks for a zone.
-//
-// API reference: https://api.cloudflare.com/#health-checks-list-health-checks
-func (api *API) Healthchecks(ctx context.Context, zoneID string) ([]Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Healthcheck{}, err
-	}
-	var r HealthcheckListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// Healthcheck returns a single healthcheck by ID.
-//
-// API reference: https://api.cloudflare.com/#health-checks-health-check-details
-func (api *API) Healthcheck(ctx context.Context, zoneID, healthcheckID string) (Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Healthcheck{}, err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateHealthcheck creates a new healthcheck in a zone.
-//
-// API reference: https://api.cloudflare.com/#health-checks-create-health-check
-func (api *API) CreateHealthcheck(ctx context.Context, zoneID string, healthcheck Healthcheck) (Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, healthcheck)
-	if err != nil {
-		return Healthcheck{}, err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateHealthcheck updates an existing healthcheck.
-//
-// API reference: https://api.cloudflare.com/#health-checks-update-health-check
-func (api *API) UpdateHealthcheck(ctx context.Context, zoneID string, healthcheckID string, healthcheck Healthcheck) (Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, healthcheck)
-	if err != nil {
-		return Healthcheck{}, err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteHealthcheck deletes a healthcheck in a zone.
-//
-// API reference: https://api.cloudflare.com/#health-checks-delete-health-check
-func (api *API) DeleteHealthcheck(ctx context.Context, zoneID string, healthcheckID string) error {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/%s", zoneID, healthcheckID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// CreateHealthcheckPreview creates a new preview of a healthcheck in a zone.
-//
-// API reference: https://api.cloudflare.com/#health-checks-create-preview-health-check
-func (api *API) CreateHealthcheckPreview(ctx context.Context, zoneID string, healthcheck Healthcheck) (Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/preview", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, healthcheck)
-	if err != nil {
-		return Healthcheck{}, err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// HealthcheckPreview returns a single healthcheck preview by its ID.
-//
-// API reference: https://api.cloudflare.com/#health-checks-health-check-preview-details
-func (api *API) HealthcheckPreview(ctx context.Context, zoneID, id string) (Healthcheck, error) {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/preview/%s", zoneID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Healthcheck{}, err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Healthcheck{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteHealthcheckPreview deletes a healthcheck preview in a zone if it exists.
-//
-// API reference: https://api.cloudflare.com/#health-checks-delete-preview-health-check
-func (api *API) DeleteHealthcheckPreview(ctx context.Context, zoneID string, id string) error {
-	uri := fmt.Sprintf("/zones/%s/healthchecks/preview/%s", zoneID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r HealthcheckResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/healthchecks_test.go b/pkg/cloudflare-go/healthchecks_test.go
deleted file mode 100644
index 80c24a93c8..0000000000
--- a/pkg/cloudflare-go/healthchecks_test.go
+++ /dev/null
@@ -1,309 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	healthcheckID       = "314d6b003029433741b94a7c9284915a"
-	healthcheckResponse = `{
-		"id": "%s",
-		"name": "example-healthcheck",
-		"description": "Example Healthcheck",
-		"suspended": false,
-		"address": "www.example.com",
-		"retries": 2,
-		"timeout": 5,
-		"consecutive_successes": 2,
-		"consecutive_fails": 2,
-		"interval": 60,
-		"type": "HTTP",
-		"check_regions": [
-			"WNAM"
-		],
-		"http_config": {
-			"method": "GET",
-			"path": "/",
-			"port": 8443,
-			"expected_body": "",
-			"expected_codes": [
-				"200"
-			],
-			"follow_redirects": true,
-			"allow_insecure": false,
-			"header": {
-				"Host": [
-					"www.example.com"
-				]
-			}
-		},
-		"tcp_config": null,
-		"created_on": "2019-01-13T12:20:00.12345Z",
-		"modified_on": "2019-01-13T12:20:00.12345Z",
-		"status": "unknown",
-		"failure_reason": ""
-	}`
-)
-
-var (
-	createdOn, _  = time.Parse(time.RFC3339, "2019-01-13T12:20:00.12345Z")
-	modifiedOn, _ = time.Parse(time.RFC3339, "2019-01-13T12:20:00.12345Z")
-
-	expectedHealthcheck = Healthcheck{
-		ID:                   "314d6b003029433741b94a7c9284915a",
-		CreatedOn:            &createdOn,
-		ModifiedOn:           &modifiedOn,
-		Description:          "Example Healthcheck",
-		Name:                 "example-healthcheck",
-		Suspended:            false,
-		Address:              "www.example.com",
-		Retries:              2,
-		ConsecutiveSuccesses: 2,
-		ConsecutiveFails:     2,
-		Timeout:              5,
-		Interval:             60,
-		Type:                 "HTTP",
-		CheckRegions:         []string{"WNAM"},
-		HTTPConfig: &HealthcheckHTTPConfig{
-			Method:          http.MethodGet,
-			Path:            "/",
-			Port:            8443,
-			ExpectedBody:    "",
-			ExpectedCodes:   []string{"200"},
-			FollowRedirects: true,
-			AllowInsecure:   false,
-			Header: map[string][]string{
-				"Host": {"www.example.com"},
-			},
-		},
-		Status:        "unknown",
-		FailureReason: "",
-	}
-)
-
-func TestHealthchecks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-			%s
-			],
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result_info": {
-				"page": 1,
-				"per_page": 25,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-  		}
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks", handler)
-	want := []Healthcheck{expectedHealthcheck}
-
-	actual, err := client.Healthchecks(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestHealthcheck(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": %s,
-			"success": true,
-			"errors": [],
-			"messages": []
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
-	want := expectedHealthcheck
-
-	actual, err := client.Healthcheck(context.Background(), testZoneID, healthcheckID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateHealthcheck(t *testing.T) {
-	setup()
-	defer teardown()
-	newHealthcheck := Healthcheck{
-		Name:      "example-healthcheck",
-		Address:   "www.example.com",
-		Suspended: false,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks", handler)
-	want := expectedHealthcheck
-
-	actual, err := client.CreateHealthcheck(context.Background(), testZoneID, newHealthcheck)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateHealthcheck(t *testing.T) {
-	setup()
-	defer teardown()
-	updatedHealthcheck := Healthcheck{
-		Name:    "example-healthcheck",
-		Address: "www.example.com",
-		HTTPConfig: &HealthcheckHTTPConfig{
-			Path: "/newpath",
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
-	want := expectedHealthcheck
-
-	actual, err := client.UpdateHealthcheck(context.Background(), testZoneID, healthcheckID, updatedHealthcheck)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteHealthcheck(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/"+healthcheckID, handler)
-
-	err := client.DeleteHealthcheck(context.Background(), testZoneID, healthcheckID)
-	assert.NoError(t, err)
-}
-
-func TestCreateHealthcheckPreview(t *testing.T) {
-	setup()
-	defer teardown()
-	newHealthcheck := Healthcheck{
-		Name:      "example-healthcheck",
-		Address:   "www.example.com",
-		Suspended: false,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview", handler)
-	want := expectedHealthcheck
-
-	actual, err := client.CreateHealthcheckPreview(context.Background(), testZoneID, newHealthcheck)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestHealthcheckPreview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": %s,
-			"success": true,
-			"errors": [],
-			"messages": []
-		}
-		`, fmt.Sprintf(healthcheckResponse, healthcheckID))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview/"+healthcheckID, handler)
-	want := expectedHealthcheck
-
-	actual, err := client.HealthcheckPreview(context.Background(), testZoneID, healthcheckID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteHealthcheckPreview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/healthchecks/preview/"+healthcheckID, handler)
-
-	err := client.DeleteHealthcheckPreview(context.Background(), testZoneID, healthcheckID)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/hyperdrive.go b/pkg/cloudflare-go/hyperdrive.go
deleted file mode 100644
index c1ddbc9a5f..0000000000
--- a/pkg/cloudflare-go/hyperdrive.go
+++ /dev/null
@@ -1,214 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingHyperdriveConfigID             = errors.New("required hyperdrive config id is missing")
-	ErrMissingHyperdriveConfigName           = errors.New("required hyperdrive config name is missing")
-	ErrMissingHyperdriveConfigOriginDatabase = errors.New("required hyperdrive config origin database is missing")
-	ErrMissingHyperdriveConfigOriginPassword = errors.New("required hyperdrive config origin password is missing")
-	ErrMissingHyperdriveConfigOriginHost     = errors.New("required hyperdrive config origin host is missing")
-	ErrMissingHyperdriveConfigOriginScheme   = errors.New("required hyperdrive config origin scheme is missing")
-	ErrMissingHyperdriveConfigOriginUser     = errors.New("required hyperdrive config origin user is missing")
-)
-
-type HyperdriveConfig struct {
-	ID      string                  `json:"id,omitempty"`
-	Name    string                  `json:"name,omitempty"`
-	Origin  HyperdriveConfigOrigin  `json:"origin,omitempty"`
-	Caching HyperdriveConfigCaching `json:"caching,omitempty"`
-}
-
-type HyperdriveConfigOrigin struct {
-	Database string `json:"database,omitempty"`
-	Password string `json:"password"`
-	Host     string `json:"host,omitempty"`
-	Port     int    `json:"port,omitempty"`
-	Scheme   string `json:"scheme,omitempty"`
-	User     string `json:"user,omitempty"`
-}
-
-type HyperdriveConfigCaching struct {
-	Disabled             *bool `json:"disabled,omitempty"`
-	MaxAge               int   `json:"max_age,omitempty"`
-	StaleWhileRevalidate int   `json:"stale_while_revalidate,omitempty"`
-}
-
-type HyperdriveConfigListResponse struct {
-	Response
-	Result []HyperdriveConfig `json:"result"`
-}
-
-type CreateHyperdriveConfigParams struct {
-	Name    string                  `json:"name"`
-	Origin  HyperdriveConfigOrigin  `json:"origin"`
-	Caching HyperdriveConfigCaching `json:"caching,omitempty"`
-}
-
-type HyperdriveConfigResponse struct {
-	Response
-	Result HyperdriveConfig `json:"result"`
-}
-
-type UpdateHyperdriveConfigParams struct {
-	HyperdriveID string                  `json:"-"`
-	Name         string                  `json:"name"`
-	Origin       HyperdriveConfigOrigin  `json:"origin"`
-	Caching      HyperdriveConfigCaching `json:"caching,omitempty"`
-}
-
-type ListHyperdriveConfigParams struct{}
-
-// ListHyperdriveConfigs returns the Hyperdrive configs owned by an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/list-hyperdrive
-func (api *API) ListHyperdriveConfigs(ctx context.Context, rc *ResourceContainer, params ListHyperdriveConfigParams) ([]HyperdriveConfig, error) {
-	if rc.Identifier == "" {
-		return []HyperdriveConfig{}, ErrMissingAccountID
-	}
-
-	hResponse := HyperdriveConfigListResponse{}
-	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []HyperdriveConfig{}, err
-	}
-
-	err = json.Unmarshal(res, &hResponse)
-	if err != nil {
-		return []HyperdriveConfig{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-	}
-
-	return hResponse.Result, nil
-}
-
-// CreateHyperdriveConfig creates a new Hyperdrive config.
-//
-// API reference: https://developers.cloudflare.com/api/operations/create-hyperdrive
-func (api *API) CreateHyperdriveConfig(ctx context.Context, rc *ResourceContainer, params CreateHyperdriveConfigParams) (HyperdriveConfig, error) {
-	if rc.Identifier == "" {
-		return HyperdriveConfig{}, ErrMissingAccountID
-	}
-
-	if params.Name == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return HyperdriveConfig{}, err
-	}
-
-	var r HyperdriveConfigResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteHyperdriveConfig deletes a Hyperdrive config.
-//
-// API reference: https://developers.cloudflare.com/api/operations/delete-hyperdrive
-func (api *API) DeleteHyperdriveConfig(ctx context.Context, rc *ResourceContainer, hyperdriveID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-	if hyperdriveID == "" {
-		return ErrMissingHyperdriveConfigID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, hyperdriveID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
-
-// GetHyperdriveConfig returns a single Hyperdrive config based on the ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/get-hyperdrive
-func (api *API) GetHyperdriveConfig(ctx context.Context, rc *ResourceContainer, hyperdriveID string) (HyperdriveConfig, error) {
-	if rc.Identifier == "" {
-		return HyperdriveConfig{}, ErrMissingAccountID
-	}
-
-	if hyperdriveID == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, hyperdriveID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return HyperdriveConfig{}, err
-	}
-
-	var r HyperdriveConfigResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateHyperdriveConfig updates a Hyperdrive config.
-//
-// API reference: https://developers.cloudflare.com/api/operations/update-hyperdrive
-func (api *API) UpdateHyperdriveConfig(ctx context.Context, rc *ResourceContainer, params UpdateHyperdriveConfigParams) (HyperdriveConfig, error) {
-	if rc.Identifier == "" {
-		return HyperdriveConfig{}, ErrMissingAccountID
-	}
-
-	if params.HyperdriveID == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigID
-	}
-
-	if params.Origin.Database == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginDatabase
-	}
-
-	if params.Origin.Password == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginPassword
-	}
-
-	if params.Origin.Host == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginHost
-	}
-
-	if params.Origin.Scheme == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginScheme
-	}
-
-	if params.Origin.User == "" {
-		return HyperdriveConfig{}, ErrMissingHyperdriveConfigOriginUser
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", rc.Identifier, params.HyperdriveID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return HyperdriveConfig{}, err
-	}
-
-	var r HyperdriveConfigResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return HyperdriveConfig{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/hyperdrive_test.go b/pkg/cloudflare-go/hyperdrive_test.go
deleted file mode 100644
index c19378f149..0000000000
--- a/pkg/cloudflare-go/hyperdrive_test.go
+++ /dev/null
@@ -1,280 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testHyperdriveConfigId   = "6b7efc370ea34ded8327fa20698dfe3a"
-	testHyperdriveConfigName = "example-hyperdrive"
-)
-
-func testHyperdriveConfig() HyperdriveConfig {
-	return HyperdriveConfig{
-		ID:   testHyperdriveConfigId,
-		Name: testHyperdriveConfigName,
-		Origin: HyperdriveConfigOrigin{
-			Database: "postgres",
-			Host:     "database.example.com",
-			Port:     5432,
-			Scheme:   "postgres",
-			User:     "postgres",
-		},
-		Caching: HyperdriveConfigCaching{
-			Disabled:             BoolPtr(false),
-			MaxAge:               30,
-			StaleWhileRevalidate: 15,
-		},
-	}
-}
-
-func TestHyperdriveConfig_List(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [{
-				"id": "6b7efc370ea34ded8327fa20698dfe3a",
-				"caching": {
-					"disabled": false,
-					"max_age": 30,
-					"stale_while_revalidate": 15
-				},
-				"name": "example-hyperdrive",
-				"origin": {
-					"database": "postgres",
-					"host": "database.example.com",
-					"port": 5432,
-					"scheme": "postgres",
-					"user": "postgres"
-				}
-			}]
-		}`)
-	})
-
-	_, err := client.ListHyperdriveConfigs(context.Background(), AccountIdentifier(""), ListHyperdriveConfigParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	result, err := client.ListHyperdriveConfigs(context.Background(), AccountIdentifier(testAccountID), ListHyperdriveConfigParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(result))
-		assert.Equal(t, testHyperdriveConfig(), result[0])
-	}
-}
-
-func TestHyperdriveConfig_Get(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "6b7efc370ea34ded8327fa20698dfe3a",
-				"caching": {
-					"disabled": false,
-					"max_age": 30,
-					"stale_while_revalidate": 15
-				},
-				"name": "example-hyperdrive",
-				"origin": {
-					"database": "postgres",
-					"host": "database.example.com",
-					"port": 5432,
-					"scheme": "postgres",
-					"user": "postgres"
-				}
-			}
-		}`)
-	})
-
-	_, err := client.GetHyperdriveConfig(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.GetHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
-	}
-
-	result, err := client.GetHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), testHyperdriveConfigId)
-	if assert.NoError(t, err) {
-		assert.Equal(t, testHyperdriveConfig(), result)
-	}
-}
-
-func TestHyperdriveConfig_Create(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "6b7efc370ea34ded8327fa20698dfe3a",
-				"caching": {
-					"disabled": false,
-					"max_age": 30,
-					"stale_while_revalidate": 15
-				},
-				"name": "example-hyperdrive",
-				"origin": {
-					"database": "postgres",
-					"host": "database.example.com",
-					"port": 5432,
-					"scheme": "postgres",
-					"user": "postgres"
-				}
-			}
-		}`)
-	})
-
-	_, err := client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(""), CreateHyperdriveConfigParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), CreateHyperdriveConfigParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingHyperdriveConfigName, err)
-	}
-
-	result, err := client.CreateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), CreateHyperdriveConfigParams{
-		Name: "example-hyperdrive",
-		Origin: HyperdriveConfigOrigin{
-			Database: "postgres",
-			Password: "password",
-			Host:     "database.example.com",
-			Port:     5432,
-			Scheme:   "postgres",
-			User:     "postgres",
-		},
-		Caching: HyperdriveConfigCaching{
-			Disabled:             BoolPtr(false),
-			MaxAge:               30,
-			StaleWhileRevalidate: 15,
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, testHyperdriveConfig(), result)
-	}
-}
-
-func TestHyperdriveConfig_Delete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": null
-		}`)
-	})
-	err := client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
-	}
-
-	err = client.DeleteHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), testHyperdriveConfigId)
-	assert.NoError(t, err)
-}
-
-func TestHyperdriveConfig_Update(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/hyperdrive/configs/%s", testAccountID, testHyperdriveConfigId), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "6b7efc370ea34ded8327fa20698dfe3a",
-				"caching": {
-					"disabled": false,
-					"max_age": 30,
-					"stale_while_revalidate": 15
-				},
-				"name": "example-hyperdrive",
-				"origin": {
-					"database": "postgres",
-					"host": "database.example.com",
-					"port": 5432,
-					"scheme": "postgres",
-					"user": "postgres"
-				}
-			}
-		}`)
-	})
-
-	_, err := client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(""), UpdateHyperdriveConfigParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), UpdateHyperdriveConfigParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingHyperdriveConfigID, err)
-	}
-
-	result, err := client.UpdateHyperdriveConfig(context.Background(), AccountIdentifier(testAccountID), UpdateHyperdriveConfigParams{
-		HyperdriveID: "6b7efc370ea34ded8327fa20698dfe3a",
-		Name:         "example-hyperdrive",
-		Origin: HyperdriveConfigOrigin{
-			Database: "postgres",
-			Password: "password",
-			Host:     "database.example.com",
-			Port:     5432,
-			Scheme:   "postgres",
-			User:     "postgres",
-		},
-		Caching: HyperdriveConfigCaching{
-			Disabled:             BoolPtr(false),
-			MaxAge:               30,
-			StaleWhileRevalidate: 15,
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, testHyperdriveConfig(), result)
-	}
-}
diff --git a/pkg/cloudflare-go/images.go b/pkg/cloudflare-go/images.go
deleted file mode 100644
index 35208ea80e..0000000000
--- a/pkg/cloudflare-go/images.go
+++ /dev/null
@@ -1,401 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrInvalidImagesAPIVersion = errors.New("invalid images API version")
-	ErrMissingImageID          = errors.New("required image ID missing")
-)
-
-type ImagesAPIVersion string
-
-const (
-	ImagesAPIVersionV1 ImagesAPIVersion = "v1"
-	ImagesAPIVersionV2 ImagesAPIVersion = "v2"
-)
-
-// Image represents a Cloudflare Image.
-type Image struct {
-	ID                string                 `json:"id"`
-	Filename          string                 `json:"filename"`
-	Meta              map[string]interface{} `json:"meta,omitempty"`
-	RequireSignedURLs bool                   `json:"requireSignedURLs"`
-	Variants          []string               `json:"variants"`
-	Uploaded          time.Time              `json:"uploaded"`
-}
-
-// UploadImageParams is the data required for an Image Upload request.
-type UploadImageParams struct {
-	File              io.ReadCloser
-	URL               string
-	Name              string
-	RequireSignedURLs bool
-	Metadata          map[string]interface{}
-}
-
-// write writes the image upload data to a multipart writer, so
-// it can be used in an HTTP request.
-func (b UploadImageParams) write(mpw *multipart.Writer) error {
-	if b.File == nil && b.URL == "" {
-		return errors.New("a file or url to upload must be specified")
-	}
-
-	if b.File != nil {
-		name := b.Name
-		part, err := mpw.CreateFormFile("file", name)
-		if err != nil {
-			return err
-		}
-		_, err = io.Copy(part, b.File)
-		if err != nil {
-			_ = b.File.Close()
-			return err
-		}
-		_ = b.File.Close()
-	}
-
-	if b.URL != "" {
-		err := mpw.WriteField("url", b.URL)
-		if err != nil {
-			return err
-		}
-	}
-
-	// According to the Cloudflare docs, this field defaults to false.
-	// For simplicity, we will only send it if the value is true, however
-	// if the default is changed to true, this logic will need to be updated.
-	if b.RequireSignedURLs {
-		err := mpw.WriteField("requireSignedURLs", "true")
-		if err != nil {
-			return err
-		}
-	}
-
-	if b.Metadata != nil {
-		part, err := mpw.CreateFormField("metadata")
-		if err != nil {
-			return err
-		}
-		err = json.NewEncoder(part).Encode(b.Metadata)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// UpdateImageParams is the data required for an UpdateImage request.
-type UpdateImageParams struct {
-	ID                string                 `json:"-"`
-	RequireSignedURLs bool                   `json:"requireSignedURLs"`
-	Metadata          map[string]interface{} `json:"metadata,omitempty"`
-}
-
-// CreateImageDirectUploadURLParams is the data required for a CreateImageDirectUploadURL request.
-type CreateImageDirectUploadURLParams struct {
-	Version           ImagesAPIVersion       `json:"-"`
-	Expiry            *time.Time             `json:"expiry,omitempty"`
-	Metadata          map[string]interface{} `json:"metadata,omitempty"`
-	RequireSignedURLs *bool                  `json:"requireSignedURLs,omitempty"`
-}
-
-// ImageDirectUploadURLResponse is the API response for a direct image upload url.
-type ImageDirectUploadURLResponse struct {
-	Result ImageDirectUploadURL `json:"result"`
-	Response
-}
-
-// ImageDirectUploadURL .
-type ImageDirectUploadURL struct {
-	ID        string `json:"id"`
-	UploadURL string `json:"uploadURL"`
-}
-
-// ImagesListResponse is the API response for listing all images.
-type ImagesListResponse struct {
-	Result struct {
-		Images []Image `json:"images"`
-	} `json:"result"`
-	Response
-}
-
-// ImageDetailsResponse is the API response for getting an image's details.
-type ImageDetailsResponse struct {
-	Result Image `json:"result"`
-	Response
-}
-
-// ImagesStatsResponse is the API response for image stats.
-type ImagesStatsResponse struct {
-	Result struct {
-		Count ImagesStatsCount `json:"count"`
-	} `json:"result"`
-	Response
-}
-
-// ImagesStatsCount is the stats attached to a ImagesStatsResponse.
-type ImagesStatsCount struct {
-	Current int64 `json:"current"`
-	Allowed int64 `json:"allowed"`
-}
-
-type ListImagesParams struct {
-	ResultInfo
-}
-
-// UploadImage uploads a single image.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-upload-an-image-using-a-single-http-request
-func (api *API) UploadImage(ctx context.Context, rc *ResourceContainer, params UploadImageParams) (Image, error) {
-	if rc.Level != AccountRouteLevel {
-		return Image{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if params.File != nil && params.URL != "" {
-		return Image{}, errors.New("file and url uploads are mutually exclusive and can only be performed individually")
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1", rc.Identifier)
-
-	body := &bytes.Buffer{}
-	w := multipart.NewWriter(body)
-	if err := params.write(w); err != nil {
-		_ = w.Close()
-		return Image{}, fmt.Errorf("error writing multipart body: %w", err)
-	}
-	_ = w.Close()
-
-	res, err := api.makeRequestContextWithHeaders(
-		ctx,
-		http.MethodPost,
-		uri,
-		body,
-		http.Header{
-			"Accept":       []string{"application/json"},
-			"Content-Type": []string{w.FormDataContentType()},
-		},
-	)
-	if err != nil {
-		return Image{}, err
-	}
-
-	var imageDetailsResponse ImageDetailsResponse
-	err = json.Unmarshal(res, &imageDetailsResponse)
-	if err != nil {
-		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imageDetailsResponse.Result, nil
-}
-
-// UpdateImage updates an existing image's metadata.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-update-image
-func (api *API) UpdateImage(ctx context.Context, rc *ResourceContainer, params UpdateImageParams) (Image, error) {
-	if rc.Level != AccountRouteLevel {
-		return Image{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, params.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return Image{}, err
-	}
-
-	var imageDetailsResponse ImageDetailsResponse
-	err = json.Unmarshal(res, &imageDetailsResponse)
-	if err != nil {
-		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imageDetailsResponse.Result, nil
-}
-
-var imagesMultipartBoundary = "----CloudflareImagesGoClientBoundary"
-
-// CreateImageDirectUploadURL creates an authenticated direct upload url.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-create-authenticated-direct-upload-url
-func (api *API) CreateImageDirectUploadURL(ctx context.Context, rc *ResourceContainer, params CreateImageDirectUploadURLParams) (ImageDirectUploadURL, error) {
-	if rc.Level != AccountRouteLevel {
-		return ImageDirectUploadURL{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if params.Version != "" && params.Version != ImagesAPIVersionV1 && params.Version != ImagesAPIVersionV2 {
-		return ImageDirectUploadURL{}, ErrInvalidImagesAPIVersion
-	}
-
-	var err error
-	var uri string
-	var res []byte
-	switch params.Version {
-	case ImagesAPIVersionV2:
-		uri = fmt.Sprintf("/%s/%s/images/%s/direct_upload", rc.Level, rc.Identifier, params.Version)
-		body := &bytes.Buffer{}
-		writer := multipart.NewWriter(body)
-		if err := writer.SetBoundary(imagesMultipartBoundary); err != nil {
-			return ImageDirectUploadURL{}, fmt.Errorf("error setting multipart boundary")
-		}
-
-		if *params.RequireSignedURLs {
-			if err = writer.WriteField("requireSignedURLs", "true"); err != nil {
-				return ImageDirectUploadURL{}, fmt.Errorf("error writing requireSignedURLs field: %w", err)
-			}
-		}
-		if !params.Expiry.IsZero() {
-			if err = writer.WriteField("expiry", params.Expiry.Format(time.RFC3339)); err != nil {
-				return ImageDirectUploadURL{}, fmt.Errorf("error writing expiry field: %w", err)
-			}
-		}
-		if params.Metadata != nil {
-			var metadataBytes []byte
-			if metadataBytes, err = json.Marshal(params.Metadata); err != nil {
-				return ImageDirectUploadURL{}, fmt.Errorf("error marshalling metadata to JSON: %w", err)
-			}
-			if err = writer.WriteField("metadata", string(metadataBytes)); err != nil {
-				return ImageDirectUploadURL{}, fmt.Errorf("error writing metadata field: %w", err)
-			}
-		}
-		if err = writer.Close(); err != nil {
-			return ImageDirectUploadURL{}, fmt.Errorf("error closing multipart writer: %w", err)
-		}
-
-		res, err = api.makeRequestContextWithHeaders(
-			ctx,
-			http.MethodPost,
-			uri,
-			body,
-			http.Header{
-				"Accept":       []string{"application/json"},
-				"Content-Type": []string{writer.FormDataContentType()},
-			},
-		)
-	case ImagesAPIVersionV1:
-	case "":
-		uri = fmt.Sprintf("/%s/%s/images/%s/direct_upload", rc.Level, rc.Identifier, ImagesAPIVersionV1)
-		res, err = api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	default:
-		return ImageDirectUploadURL{}, ErrInvalidImagesAPIVersion
-	}
-
-	if err != nil {
-		return ImageDirectUploadURL{}, err
-	}
-
-	var imageDirectUploadURLResponse ImageDirectUploadURLResponse
-	err = json.Unmarshal(res, &imageDirectUploadURLResponse)
-	if err != nil {
-		return ImageDirectUploadURL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imageDirectUploadURLResponse.Result, nil
-}
-
-// ListImages lists all images.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-list-images
-func (api *API) ListImages(ctx context.Context, rc *ResourceContainer, params ListImagesParams) ([]Image, error) {
-	uri := buildURI(fmt.Sprintf("/accounts/%s/images/v1", rc.Identifier), params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Image{}, err
-	}
-
-	var imagesListResponse ImagesListResponse
-	err = json.Unmarshal(res, &imagesListResponse)
-	if err != nil {
-		return []Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imagesListResponse.Result.Images, nil
-}
-
-// GetImage gets the details of an uploaded image.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-image-details
-func (api *API) GetImage(ctx context.Context, rc *ResourceContainer, id string) (Image, error) {
-	if rc.Level != AccountRouteLevel {
-		return Image{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, id)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Image{}, err
-	}
-
-	var imageDetailsResponse ImageDetailsResponse
-	err = json.Unmarshal(res, &imageDetailsResponse)
-	if err != nil {
-		return Image{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imageDetailsResponse.Result, nil
-}
-
-// GetBaseImage gets the base image used to derive variants.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-base-image
-func (api *API) GetBaseImage(ctx context.Context, rc *ResourceContainer, id string) ([]byte, error) {
-	if rc.Level != AccountRouteLevel {
-		return []byte{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1/%s/blob", rc.Identifier, id)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-// DeleteImage deletes an image.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-delete-image
-func (api *API) DeleteImage(ctx context.Context, rc *ResourceContainer, id string) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1/%s", rc.Identifier, id)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// GetImagesStats gets an account's statistics for Cloudflare Images.
-//
-// API Reference: https://api.cloudflare.com/#cloudflare-images-images-usage-statistics
-func (api *API) GetImagesStats(ctx context.Context, rc *ResourceContainer) (ImagesStatsCount, error) {
-	if rc.Level != AccountRouteLevel {
-		return ImagesStatsCount{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/images/v1/stats", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ImagesStatsCount{}, err
-	}
-
-	var imagesStatsResponse ImagesStatsResponse
-	err = json.Unmarshal(res, &imagesStatsResponse)
-	if err != nil {
-		return ImagesStatsCount{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return imagesStatsResponse.Result.Count, nil
-}
diff --git a/pkg/cloudflare-go/images_test.go b/pkg/cloudflare-go/images_test.go
deleted file mode 100644
index f986a3e689..0000000000
--- a/pkg/cloudflare-go/images_test.go
+++ /dev/null
@@ -1,539 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func timeMustParse(layout, value string) time.Time {
-	t, err := time.Parse(layout, value)
-	if err != nil {
-		panic(err)
-	}
-	return t
-}
-
-var expectedImageStruct = Image{
-	ID:       "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-	Filename: "avatar.png",
-	Meta: map[string]interface{}{
-		"meta": "metaID",
-	},
-	RequireSignedURLs: true,
-	Variants: []string{
-		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-		"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail",
-	},
-	Uploaded: timeMustParse(time.RFC3339, "2014-01-02T02:20:00Z"),
-}
-
-func TestUploadImage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		u, err := parseImageMultipartUpload(r)
-		if !assert.NoError(t, err) {
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
-		assert.Equal(t, u.RequireSignedURLs, true)
-		assert.Equal(t, u.Metadata, map[string]interface{}{"meta": "metaID"})
-		assert.Equal(t, u.File, []byte("this is definitely an image"))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"filename": "avatar.png",
-				"meta": {
-					"meta": "metaID"
-				},
-				"requireSignedURLs": true,
-				"variants": [
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
-				],
-				"uploaded": "2014-01-02T02:20:00Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
-	want := expectedImageStruct
-
-	actual, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
-		File: fakeFile{
-			Buffer: bytes.NewBufferString("this is definitely an image"),
-		},
-		Name:              "avatar.png",
-		RequireSignedURLs: true,
-		Metadata: map[string]interface{}{
-			"meta": "metaID",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUploadImageByUrl(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		u, err := parseImageMultipartUpload(r)
-		if !assert.NoError(t, err) {
-			w.WriteHeader(http.StatusBadRequest)
-			return
-		}
-		assert.Equal(t, u.RequireSignedURLs, true)
-		assert.Equal(t, u.Metadata, map[string]interface{}{"meta": "metaID"})
-		assert.Equal(t, u.Url, "https://www.images-elsewhere.com/avatar.png")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"filename": "avatar.png",
-				"meta": {
-					"meta": "metaID"
-				},
-				"requireSignedURLs": true,
-				"variants": [
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
-				],
-				"uploaded": "2014-01-02T02:20:00Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
-	want := expectedImageStruct
-
-	actual, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
-		URL:               "https://www.images-elsewhere.com/avatar.png",
-		RequireSignedURLs: true,
-		Metadata: map[string]interface{}{
-			"meta": "metaID",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateImage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := UpdateImageParams{
-		RequireSignedURLs: true,
-		Metadata: map[string]interface{}{
-			"meta": "metaID",
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v UpdateImageParams
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"filename": "avatar.png",
-				"meta": {
-					"meta": "metaID"
-				},
-				"requireSignedURLs": true,
-				"variants": [
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
-				],
-				"uploaded": "2014-01-02T02:20:00Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
-	want := expectedImageStruct
-
-	actual, err := client.UpdateImage(context.Background(), AccountIdentifier(testAccountID), UpdateImageParams{
-		ID:                "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-		RequireSignedURLs: true,
-		Metadata: map[string]interface{}{
-			"meta": "metaID",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateImageDirectUploadURL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expiry := time.Now().UTC().Add(30 * time.Minute)
-	input := CreateImageDirectUploadURLParams{
-		Expiry: &expiry,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		var v CreateImageDirectUploadURLParams
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"uploadURL": "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/direct_upload", handler)
-	want := ImageDirectUploadURL{
-		ID:        "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-		UploadURL: "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383",
-	}
-
-	actual, err := client.CreateImageDirectUploadURL(context.Background(), AccountIdentifier(testAccountID), input)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateImageConflictingTypes(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UploadImage(context.Background(), AccountIdentifier(testAccountID), UploadImageParams{
-		URL: "https://example.com/foo.jpg",
-		File: fakeFile{
-			Buffer: bytes.NewBufferString("this is definitely an image"),
-		},
-	})
-
-	assert.Error(t, err)
-}
-
-func TestCreateImageDirectUploadURLV2(t *testing.T) {
-	setup()
-	defer teardown()
-
-	exp := time.Now().UTC().Add(30 * time.Minute)
-	metadata := map[string]interface{}{
-		"metaKey1": "metaValue1",
-		"metaKey2": "metaValue2",
-	}
-	requireSignedURLs := true
-	input := CreateImageDirectUploadURLParams{
-		Version:           ImagesAPIVersionV2,
-		Expiry:            &exp,
-		Metadata:          metadata,
-		RequireSignedURLs: &requireSignedURLs,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		require.Equal(t,
-			fmt.Sprintf("multipart/form-data; boundary=%s", imagesMultipartBoundary),
-			r.Header.Get("Content-Type"),
-		)
-		require.NoError(t, r.ParseMultipartForm(32<<20))
-		require.Equal(t, exp.Format(time.RFC3339), r.Form.Get("expiry"))
-		require.Equal(t, "true", r.Form.Get("requireSignedURLs"))
-		marshalledMetadata, err := json.Marshal(metadata)
-		require.NoError(t, err)
-		require.Equal(t, string(marshalledMetadata), r.Form.Get("metadata"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"uploadURL": "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v2/direct_upload", handler)
-	want := ImageDirectUploadURL{
-		ID:        "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-		UploadURL: "https://upload.imagedelivery.net/fgr33htrthytjtyereifjewoi338272s7w1383",
-	}
-
-	actual, err := client.CreateImageDirectUploadURL(context.Background(), AccountIdentifier(testAccountID), input)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListImages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"images": [
-					{
-						"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-						"filename": "avatar.png",
-						"meta": {
-							"meta": "metaID"
-						},
-						"requireSignedURLs": true,
-						"variants": [
-							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-							"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
-						],
-						"uploaded": "2014-01-02T02:20:00Z"
-					}
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1", handler)
-	want := []Image{expectedImageStruct}
-
-	actual, err := client.ListImages(context.Background(), AccountIdentifier(testAccountID), ListImagesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestImageDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ZxR0pLaXRldlBtaFhhO2FiZGVnaA",
-				"filename": "avatar.png",
-				"meta": {
-					"meta": "metaID"
-				},
-				"requireSignedURLs": true,
-				"variants": [
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/hero",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/original",
-					"https://imagedelivery.net/MTt4OTd0b0w5aj/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/thumbnail"
-				],
-				"uploaded": "2014-01-02T02:20:00Z"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
-	want := expectedImageStruct
-
-	actual, err := client.GetImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestBaseImage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "image/png")
-		_, _ = w.Write([]byte{})
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA/blob", handler)
-	want := []byte{}
-
-	actual, err := client.GetBaseImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteImage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/ZxR0pLaXRldlBtaFhhO2FiZGVnaA", handler)
-
-	err := client.DeleteImage(context.Background(), AccountIdentifier(testAccountID), "ZxR0pLaXRldlBtaFhhO2FiZGVnaA")
-	require.NoError(t, err)
-}
-
-type fakeFile struct {
-	*bytes.Buffer
-}
-
-func (f fakeFile) Close() error {
-	return nil
-}
-
-type imageMultipartUpload struct {
-	// this is for testing, never read an entire file into memory,
-	// especially when being done on a per-http request basis.
-	File              []byte
-	Url               string
-	RequireSignedURLs bool
-	Metadata          map[string]interface{}
-}
-
-func parseImageMultipartUpload(r *http.Request) (imageMultipartUpload, error) {
-	var u imageMultipartUpload
-	mdBytes, err := getImageFormValue(r, "metadata")
-	if err != nil {
-		if !strings.HasPrefix(err.Error(), "no value found for key") {
-			return u, err
-		}
-	}
-	if mdBytes != nil {
-		err = json.Unmarshal(mdBytes, &u.Metadata)
-		if err != nil {
-			return u, err
-		}
-	}
-
-	rsuBytes, err := getImageFormValue(r, "requireSignedURLs")
-	if err != nil {
-		if !strings.HasPrefix(err.Error(), "no value found for key") {
-			return u, err
-		}
-	}
-	if rsuBytes != nil {
-		if bytes.Equal(rsuBytes, []byte("true")) {
-			u.RequireSignedURLs = true
-		}
-	}
-
-	if _, ok := r.MultipartForm.Value["url"]; ok {
-		urlBytes, err := getImageFormValue(r, "url")
-		if err != nil {
-			if !strings.HasPrefix(err.Error(), "no value found for key") {
-				return u, err
-			}
-		}
-		if urlBytes != nil {
-			u.Url = string(urlBytes)
-		}
-	} else {
-		f, _, err := r.FormFile("file")
-		if err != nil {
-			return u, err
-		}
-		defer f.Close()
-
-		u.File, err = io.ReadAll(f)
-		if err != nil {
-			return u, err
-		}
-	}
-
-	return u, nil
-}
-
-// See getFormValue for more information, the only difference between
-// getFormValue and this one is the max memory.
-func getImageFormValue(r *http.Request, key string) ([]byte, error) {
-	err := r.ParseMultipartForm(10 * 1024 * 1024)
-	if err != nil {
-		return nil, err
-	}
-
-	if values, ok := r.MultipartForm.Value[key]; ok {
-		return []byte(values[0]), nil
-	}
-
-	if fileHeaders, ok := r.MultipartForm.File[key]; ok {
-		file, err := fileHeaders[0].Open()
-		if err != nil {
-			return nil, err
-		}
-		return io.ReadAll(file)
-	}
-
-	return nil, fmt.Errorf("no value found for key %v", key)
-}
diff --git a/pkg/cloudflare-go/images_variants.go b/pkg/cloudflare-go/images_variants.go
deleted file mode 100644
index 2949551166..0000000000
--- a/pkg/cloudflare-go/images_variants.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type ImagesVariant struct {
-	ID                     string                `json:"id,omitempty"`
-	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
-	Options                ImagesVariantsOptions `json:"options,omitempty"`
-}
-
-type ImagesVariantsOptions struct {
-	Fit      string `json:"fit,omitempty"`
-	Height   int    `json:"height,omitempty"`
-	Metadata string `json:"metadata,omitempty"`
-	Width    int    `json:"width,omitempty"`
-}
-
-type ListImageVariantsParams struct{}
-
-type ListImagesVariantsResponse struct {
-	Result ListImageVariantsResult `json:"result,omitempty"`
-	Response
-}
-
-type ListImageVariantsResult struct {
-	ImagesVariants map[string]ImagesVariant `json:"variants,omitempty"`
-}
-
-type CreateImagesVariantParams struct {
-	ID                     string                `json:"id,omitempty"`
-	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
-	Options                ImagesVariantsOptions `json:"options,omitempty"`
-}
-
-type UpdateImagesVariantParams struct {
-	ID                     string                `json:"-"`
-	NeverRequireSignedURLs *bool                 `json:"neverRequireSignedURLs,omitempty"`
-	Options                ImagesVariantsOptions `json:"options,omitempty"`
-}
-
-type ImagesVariantResult struct {
-	Variant ImagesVariant `json:"variant,omitempty"`
-}
-
-type ImagesVariantResponse struct {
-	Result ImagesVariantResult `json:"result,omitempty"`
-	Response
-}
-
-// Lists existing variants.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-list-variants
-func (api *API) ListImagesVariants(ctx context.Context, rc *ResourceContainer, params ListImageVariantsParams) (ListImageVariantsResult, error) {
-	if rc.Identifier == "" {
-		return ListImageVariantsResult{}, ErrMissingAccountID
-	}
-
-	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return ListImageVariantsResult{}, err
-	}
-
-	var listImageVariantsResponse ListImagesVariantsResponse
-	err = json.Unmarshal(res, &listImageVariantsResponse)
-	if err != nil {
-		return ListImageVariantsResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return listImageVariantsResponse.Result, nil
-}
-
-// Fetch details for a single variant.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
-func (api *API) GetImagesVariant(ctx context.Context, rc *ResourceContainer, variantID string) (ImagesVariant, error) {
-	if rc.Identifier == "" {
-		return ImagesVariant{}, ErrMissingAccountID
-	}
-
-	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, variantID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return ImagesVariant{}, err
-	}
-
-	var imagesVariantDetailResponse ImagesVariantResponse
-	err = json.Unmarshal(res, &imagesVariantDetailResponse)
-	if err != nil {
-		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return imagesVariantDetailResponse.Result.Variant, nil
-}
-
-// Specify variants that allow you to resize images for different use cases.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-create-a-variant
-func (api *API) CreateImagesVariant(ctx context.Context, rc *ResourceContainer, params CreateImagesVariantParams) (ImagesVariant, error) {
-	if rc.Identifier == "" {
-		return ImagesVariant{}, ErrMissingAccountID
-	}
-
-	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, params)
-	if err != nil {
-		return ImagesVariant{}, err
-	}
-
-	var createImagesVariantResponse ImagesVariantResponse
-	err = json.Unmarshal(res, &createImagesVariantResponse)
-	if err != nil {
-		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return createImagesVariantResponse.Result.Variant, nil
-}
-
-// Deleting a variant purges the cache for all images associated with the variant.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
-func (api *API) DeleteImagesVariant(ctx context.Context, rc *ResourceContainer, variantID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, variantID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
-
-// Updating a variant purges the cache for all images associated with the variant.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/cloudflare-images-variants-variant-details
-func (api *API) UpdateImagesVariant(ctx context.Context, rc *ResourceContainer, params UpdateImagesVariantParams) (ImagesVariant, error) {
-	if rc.Identifier == "" {
-		return ImagesVariant{}, ErrMissingAccountID
-	}
-
-	baseURL := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, baseURL, params)
-	if err != nil {
-		return ImagesVariant{}, err
-	}
-
-	var imagesVariantDetailResponse ImagesVariantResponse
-	err = json.Unmarshal(res, &imagesVariantDetailResponse)
-	if err != nil {
-		return ImagesVariant{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return imagesVariantDetailResponse.Result.Variant, nil
-}
diff --git a/pkg/cloudflare-go/images_variants_test.go b/pkg/cloudflare-go/images_variants_test.go
deleted file mode 100644
index 994eaad2c7..0000000000
--- a/pkg/cloudflare-go/images_variants_test.go
+++ /dev/null
@@ -1,195 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testImagesVariantID = "hero"
-)
-
-func TestImageVariants_List(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, loadFixture("images_variants", "single_list"))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/images/v1/variants", handler)
-
-	want := ListImageVariantsResult{
-		ImagesVariants: map[string]ImagesVariant{
-			"hero": {
-				ID:                     "hero",
-				NeverRequireSignedURLs: BoolPtr(true),
-				Options: ImagesVariantsOptions{
-					Fit:      "scale-down",
-					Height:   768,
-					Width:    1366,
-					Metadata: "none",
-				},
-			},
-		},
-	}
-
-	got, err := client.ListImagesVariants(context.Background(), AccountIdentifier(testAccountID), ListImageVariantsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestImageVariants_Delete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method '%s', got %s", http.MethodDelete, r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {}
-		}`)
-	}
-
-	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
-	mux.HandleFunc(url, handler)
-
-	err := client.DeleteImagesVariant(context.Background(), AccountIdentifier(testAccountID), testImagesVariantID)
-	assert.NoError(t, err)
-}
-
-func TestImagesVariants_Get(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method '%s', got %s", http.MethodGet, r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
-	}
-
-	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
-	mux.HandleFunc(url, handler)
-
-	want := ImagesVariant{
-		ID:                     "hero",
-		NeverRequireSignedURLs: BoolPtr(true),
-		Options: ImagesVariantsOptions{
-			Fit:      "scale-down",
-			Height:   768,
-			Width:    1366,
-			Metadata: "none",
-		},
-	}
-
-	got, err := client.GetImagesVariant(context.Background(), AccountIdentifier(testAccountID), testImagesVariantID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestImagesVariants_Create(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method '%s', got %s", http.MethodPost, r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
-	}
-
-	url := fmt.Sprintf("/accounts/%s/images/v1/variants", testAccountID)
-	mux.HandleFunc(url, handler)
-
-	want := ImagesVariant{
-		ID:                     "hero",
-		NeverRequireSignedURLs: BoolPtr(true),
-		Options: ImagesVariantsOptions{
-			Fit:      "scale-down",
-			Height:   768,
-			Width:    1366,
-			Metadata: "none",
-		},
-	}
-
-	got, err := client.CreateImagesVariant(context.Background(), AccountIdentifier(testAccountID), CreateImagesVariantParams{
-		ID:                     testImagesVariantID,
-		NeverRequireSignedURLs: BoolPtr(true),
-		Options: ImagesVariantsOptions{
-			Fit:      "scale-down",
-			Height:   768,
-			Width:    1366,
-			Metadata: "none",
-		},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestImagesVariants_Update(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method '%s', got %s", http.MethodPatch, r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("images_variants", "single_full"))
-	}
-
-	url := fmt.Sprintf("/accounts/%s/images/v1/variants/%s", testAccountID, testImagesVariantID)
-	mux.HandleFunc(url, handler)
-
-	want := ImagesVariant{
-		ID:                     "hero",
-		NeverRequireSignedURLs: BoolPtr(true),
-		Options: ImagesVariantsOptions{
-			Fit:      "scale-down",
-			Height:   768,
-			Width:    1366,
-			Metadata: "none",
-		},
-	}
-
-	got, err := client.UpdateImagesVariant(context.Background(), AccountIdentifier(testAccountID), UpdateImagesVariantParams{
-		ID:                     "hero",
-		NeverRequireSignedURLs: BoolPtr(true),
-		Options: ImagesVariantsOptions{
-			Fit:      "scale-down",
-			Height:   768,
-			Width:    1366,
-			Metadata: "none",
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestImageVariants_MissingAccountId(t *testing.T) {
-	_, err := client.ListImagesVariants(context.Background(), AccountIdentifier(""), ListImageVariantsParams{})
-	assert.Equal(t, ErrMissingAccountID, err)
-
-	_, err = client.GetImagesVariant(context.Background(), AccountIdentifier(""), testImagesVariantID)
-	assert.Equal(t, ErrMissingAccountID, err)
-
-	_, err = client.CreateImagesVariant(context.Background(), AccountIdentifier(""), CreateImagesVariantParams{})
-	assert.Equal(t, ErrMissingAccountID, err)
-
-	err = client.DeleteImagesVariant(context.Background(), AccountIdentifier(""), testImagesVariantID)
-	assert.Equal(t, ErrMissingAccountID, err)
-
-	_, err = client.UpdateImagesVariant(context.Background(), AccountIdentifier(""), UpdateImagesVariantParams{})
-	assert.Equal(t, ErrMissingAccountID, err)
-}
diff --git a/pkg/cloudflare-go/intelligence_asn.go b/pkg/cloudflare-go/intelligence_asn.go
deleted file mode 100644
index f66cdff682..0000000000
--- a/pkg/cloudflare-go/intelligence_asn.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// ErrMissingASN is for when ASN is required but not set.
-var ErrMissingASN = errors.New("required asn missing")
-
-// ASNInfo represents ASN information.
-type ASNInfo struct {
-	ASN         int      `json:"asn"`
-	Description string   `json:"description"`
-	Country     string   `json:"country"`
-	Type        string   `json:"type"`
-	DomainCount int      `json:"domain_count"`
-	TopDomains  []string `json:"top_domains"`
-}
-
-// IntelligenceASNOverviewParameters represents parameters for an ASN request.
-type IntelligenceASNOverviewParameters struct {
-	AccountID string
-	ASN       int
-}
-
-// IntelligenceASNResponse represents an API response for ASN info.
-type IntelligenceASNResponse struct {
-	Response
-	Result []ASNInfo `json:"result,omitempty"`
-}
-
-// IntelligenceASNSubnetsParameters represents parameters for an ASN subnet request.
-type IntelligenceASNSubnetsParameters struct {
-	AccountID string
-	ASN       int
-}
-
-// IntelligenceASNSubnetResponse represents an ASN subnet API response.
-type IntelligenceASNSubnetResponse struct {
-	ASN          int      `json:"asn,omitempty"`
-	IPCountTotal int      `json:"ip_count_total,omitempty"`
-	Subnets      []string `json:"subnets,omitempty"`
-	Count        int      `json:"count,omitempty"`
-	Page         int      `json:"page,omitempty"`
-	PerPage      int      `json:"per_page,omitempty"`
-}
-
-// IntelligenceASNOverview get overview for an ASN number
-//
-// API Reference: https://api.cloudflare.com/#asn-intelligence-get-asn-overview
-func (api *API) IntelligenceASNOverview(ctx context.Context, params IntelligenceASNOverviewParameters) ([]ASNInfo, error) {
-	if params.AccountID == "" {
-		return []ASNInfo{}, ErrMissingAccountID
-	}
-
-	if params.ASN == 0 {
-		return []ASNInfo{}, ErrMissingASN
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/intel/asn/%d", params.AccountID, params.ASN)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []ASNInfo{}, err
-	}
-
-	var asnInfoResponse IntelligenceASNResponse
-	if err := json.Unmarshal(res, &asnInfoResponse); err != nil {
-		return []ASNInfo{}, err
-	}
-	return asnInfoResponse.Result, nil
-}
-
-// IntelligenceASNSubnets gets all subnets of an ASN
-//
-// API Reference: https://api.cloudflare.com/#asn-intelligence-get-asn-subnets
-func (api *API) IntelligenceASNSubnets(ctx context.Context, params IntelligenceASNSubnetsParameters) (IntelligenceASNSubnetResponse, error) {
-	if params.AccountID == "" {
-		return IntelligenceASNSubnetResponse{}, ErrMissingAccountID
-	}
-
-	if params.ASN == 0 {
-		return IntelligenceASNSubnetResponse{}, ErrMissingASN
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/intel/asn/%d/subnets", params.AccountID, params.ASN)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IntelligenceASNSubnetResponse{}, err
-	}
-
-	var intelligenceASNSubnetResponse IntelligenceASNSubnetResponse
-	if err := json.Unmarshal(res, &intelligenceASNSubnetResponse); err != nil {
-		return IntelligenceASNSubnetResponse{}, err
-	}
-	return intelligenceASNSubnetResponse, nil
-}
diff --git a/pkg/cloudflare-go/intelligence_asn_test.go b/pkg/cloudflare-go/intelligence_asn_test.go
deleted file mode 100644
index f66fffbe8d..0000000000
--- a/pkg/cloudflare-go/intelligence_asn_test.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testASNNumber = "13335"
-
-func TestIntelligence_ASNOverview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/asn/"+testASNNumber, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "asn": 13335,
-      "description": "CLOUDFLARENET",
-      "country": "US",
-      "type": "hosting_provider",
-      "domain_count": 1,
-      "top_domains": [
-        "example.com"
-      ]
-    }
-  ]
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	// Make sure missing ASN is thrown
-	_, err = client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingASN, err)
-	}
-	want := ASNInfo{
-		ASN:         13335,
-		Description: "CLOUDFLARENET",
-		Country:     "US",
-		Type:        "hosting_provider",
-		DomainCount: 1,
-		TopDomains:  []string{"example.com"},
-	}
-
-	out, err := client.IntelligenceASNOverview(context.Background(), IntelligenceASNOverviewParameters{AccountID: testAccountID, ASN: 13335})
-	if assert.NoError(t, err) {
-		assert.Equal(t, len(out), 1, "Length of ASN overview not expected")
-		assert.Equal(t, out[0], want, "structs not equal")
-	}
-}
-
-func TestIntelligence_ASNSubnet(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/asn/"+testASNNumber+"/subnets", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "asn": 13335,
-  "ip_count_total": 1,
-  "subnets": [
-    "192.0.2.0/24",
-    "2001:DB8::/32"
-  ],
-  "count": 1,
-  "page": 1,
-  "per_page": 20
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing ASN is thrown
-	_, err = client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingASN, err)
-	}
-
-	want := IntelligenceASNSubnetResponse{
-		ASN:          13335,
-		IPCountTotal: 1,
-		Subnets:      []string{"192.0.2.0/24", "2001:DB8::/32"},
-		Count:        1,
-		Page:         1,
-		PerPage:      20,
-	}
-
-	out, err := client.IntelligenceASNSubnets(context.Background(), IntelligenceASNSubnetsParameters{AccountID: testAccountID, ASN: 13335})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/intelligence_domain.go b/pkg/cloudflare-go/intelligence_domain.go
deleted file mode 100644
index b12b2c8ee9..0000000000
--- a/pkg/cloudflare-go/intelligence_domain.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// ErrMissingDomain is for when domain is needed but not given.
-var ErrMissingDomain = errors.New("required domain missing")
-
-// DomainDetails represents details for a domain.
-type DomainDetails struct {
-	Domain                string                `json:"domain"`
-	ResolvesToRefs        []ResolvesToRefs      `json:"resolves_to_refs"`
-	PopularityRank        int                   `json:"popularity_rank"`
-	Application           Application           `json:"application"`
-	RiskTypes             []interface{}         `json:"risk_types"`
-	ContentCategories     []ContentCategories   `json:"content_categories"`
-	AdditionalInformation AdditionalInformation `json:"additional_information"`
-}
-
-// ResolvesToRefs what a domain resolves to.
-type ResolvesToRefs struct {
-	ID    string `json:"id"`
-	Value string `json:"value"`
-}
-
-type Application struct {
-	ID   int    `json:"id"`
-	Name string `json:"name"`
-}
-
-// ContentCategories represents the categories for a domain.
-type ContentCategories struct {
-	ID              int    `json:"id"`
-	SuperCategoryID int    `json:"super_category_id"`
-	Name            string `json:"name"`
-}
-
-// AdditionalInformation represents any additional information for a domain.
-type AdditionalInformation struct {
-	SuspectedMalwareFamily string `json:"suspected_malware_family"`
-}
-
-// DomainHistory represents the history for a domain.
-type DomainHistory struct {
-	Domain          string            `json:"domain"`
-	Categorizations []Categorizations `json:"categorizations"`
-}
-
-// Categories represents categories for a domain.
-type Categories struct {
-	ID   int    `json:"id"`
-	Name string `json:"name"`
-}
-
-// Categorizations represents the categories and when those categories were set.
-type Categorizations struct {
-	Categories []Categories `json:"categories"`
-	Start      string       `json:"start"`
-	End        string       `json:"end"`
-}
-
-// GetDomainDetailsParameters represent the parameters for a domain details request.
-type GetDomainDetailsParameters struct {
-	AccountID string `url:"-"`
-	Domain    string `url:"domain,omitempty"`
-}
-
-// DomainDetailsResponse represents an API response for domain details.
-type DomainDetailsResponse struct {
-	Response
-	Result DomainDetails `json:"result,omitempty"`
-}
-
-// GetBulkDomainDetailsParameters represents the parameters for bulk domain details request.
-type GetBulkDomainDetailsParameters struct {
-	AccountID string   `url:"-"`
-	Domains   []string `url:"domain"`
-}
-
-// GetBulkDomainDetailsResponse represents an API response for bulk domain details.
-type GetBulkDomainDetailsResponse struct {
-	Response
-	Result []DomainDetails `json:"result,omitempty"`
-}
-
-// GetDomainHistoryParameters represents the parameters for domain history request.
-type GetDomainHistoryParameters struct {
-	AccountID string `url:"-"`
-	Domain    string `url:"domain,omitempty"`
-}
-
-// GetDomainHistoryResponse represents an API response for domain history.
-type GetDomainHistoryResponse struct {
-	Response
-	Result []DomainHistory `json:"result,omitempty"`
-}
-
-// IntelligenceDomainDetails gets domain information.
-//
-// API Reference: https://api.cloudflare.com/#domain-intelligence-get-domain-details
-func (api *API) IntelligenceDomainDetails(ctx context.Context, params GetDomainDetailsParameters) (DomainDetails, error) {
-	if params.AccountID == "" {
-		return DomainDetails{}, ErrMissingAccountID
-	}
-
-	if params.Domain == "" {
-		return DomainDetails{}, ErrMissingDomain
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return DomainDetails{}, err
-	}
-
-	var domainDetails DomainDetailsResponse
-	if err := json.Unmarshal(res, &domainDetails); err != nil {
-		return DomainDetails{}, err
-	}
-	return domainDetails.Result, nil
-}
-
-// IntelligenceBulkDomainDetails gets domain information for a list of domains.
-//
-// API Reference: https://api.cloudflare.com/#domain-intelligence-get-multiple-domain-details
-func (api *API) IntelligenceBulkDomainDetails(ctx context.Context, params GetBulkDomainDetailsParameters) ([]DomainDetails, error) {
-	if params.AccountID == "" {
-		return []DomainDetails{}, ErrMissingAccountID
-	}
-
-	if len(params.Domains) == 0 {
-		return []DomainDetails{}, ErrMissingDomain
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain/bulk", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DomainDetails{}, err
-	}
-
-	var domainDetails GetBulkDomainDetailsResponse
-	if err := json.Unmarshal(res, &domainDetails); err != nil {
-		return []DomainDetails{}, err
-	}
-	return domainDetails.Result, nil
-}
-
-// IntelligenceDomainHistory get domain history for given domain
-//
-// API Reference: https://api.cloudflare.com/#domain-history-get-domain-history
-func (api *API) IntelligenceDomainHistory(ctx context.Context, params GetDomainHistoryParameters) ([]DomainHistory, error) {
-	if params.AccountID == "" {
-		return []DomainHistory{}, ErrMissingAccountID
-	}
-
-	if params.Domain == "" {
-		return []DomainHistory{}, ErrMissingDomain
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/domain-history", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []DomainHistory{}, err
-	}
-
-	var domainDetails GetDomainHistoryResponse
-	if err := json.Unmarshal(res, &domainDetails); err != nil {
-		return []DomainHistory{}, err
-	}
-	return domainDetails.Result, nil
-}
diff --git a/pkg/cloudflare-go/intelligence_domain_test.go b/pkg/cloudflare-go/intelligence_domain_test.go
deleted file mode 100644
index 185502bdb5..0000000000
--- a/pkg/cloudflare-go/intelligence_domain_test.go
+++ /dev/null
@@ -1,227 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestIntelligence_DomainDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "domain": "cloudflare.com",
-    "resolves_to_refs": [
-      {
-        "id": "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537",
-        "value": "192.0.2.0"
-      }
-    ],
-    "popularity_rank": 18,
-    "application": {
-      "id": 1370,
-      "name": "CLOUDFLARE"
-    },
-    "risk_types": [],
-    "content_categories": [
-      {
-        "id": 155,
-        "super_category_id": 26,
-        "name": "Technology"
-      }
-    ],
-    "additional_information": {
-      "suspected_malware_family": ""
-    }
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	// Make sure missing domain is thrown
-	_, err = client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-	want := DomainDetails{
-		Domain: "cloudflare.com",
-		ResolvesToRefs: []ResolvesToRefs{
-			{
-				ID:    "ipv4-addr--baa568ec-6efe-5902-be55-0663833db537",
-				Value: "192.0.2.0",
-			},
-		},
-		PopularityRank: 18,
-		Application: Application{
-			ID:   1370,
-			Name: "CLOUDFLARE",
-		},
-		RiskTypes: []interface{}{},
-		ContentCategories: []ContentCategories{
-			{
-				ID:              155,
-				SuperCategoryID: 26,
-				Name:            "Technology",
-			},
-		},
-		AdditionalInformation: AdditionalInformation{
-			SuspectedMalwareFamily: "",
-		},
-	}
-
-	out, err := client.IntelligenceDomainDetails(context.Background(), GetDomainDetailsParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
-
-func TestIntelligence_BulkDomainDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain/bulk", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "domain": "cloudflare.com",
-      "popularity_rank": 18,
-      "application": {
-        "id": 1370,
-        "name": "CLOUDFLARE"
-      },
-      "risk_types": [],
-      "content_categories": [
-        {
-          "id": 155,
-          "super_category_id": 26,
-          "name": "Technology"
-        }
-      ],
-      "additional_information": {
-        "suspected_malware_family": ""
-      }
-    }
-  ]
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	// Make sure missing domain is thrown
-	_, err = client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-	want := DomainDetails{
-		Domain:         "cloudflare.com",
-		PopularityRank: 18,
-		Application: Application{
-			ID:   1370,
-			Name: "CLOUDFLARE",
-		},
-		RiskTypes: []interface{}{},
-		ContentCategories: []ContentCategories{
-			{
-				ID:              155,
-				SuperCategoryID: 26,
-				Name:            "Technology",
-			},
-		},
-		AdditionalInformation: AdditionalInformation{
-			SuspectedMalwareFamily: "",
-		},
-	}
-
-	out, err := client.IntelligenceBulkDomainDetails(context.Background(), GetBulkDomainDetailsParameters{AccountID: testAccountID, Domains: []string{"cloudflare.com"}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, len(out), 1, "Length of ASN overview not expected")
-		assert.Equal(t, out[0], want, "structs not equal")
-	}
-}
-
-func TestIntelligence_DomainHistory(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/domain-history", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "domain": "cloudflare.com",
-      "categorizations": [
-        {
-          "categories": [
-            {
-              "id": 155,
-              "name": "Technology"
-            }
-          ],
-          "start": "2021-04-01",
-          "end": "2021-04-30"
-        }
-      ]
-    }
-  ]
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	// Make sure missing domain is thrown
-	_, err = client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-	want := DomainHistory{
-		Domain: "cloudflare.com",
-		Categorizations: []Categorizations{
-			{
-				Categories: []Categories{
-					{
-						ID:   155,
-						Name: "Technology",
-					},
-				},
-				Start: "2021-04-01",
-				End:   "2021-04-30",
-			},
-		},
-	}
-
-	out, err := client.IntelligenceDomainHistory(context.Background(), GetDomainHistoryParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, len(out), 1, "Length of Domain History not expected")
-		assert.Equal(t, out[0], want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/intelligence_ip.go b/pkg/cloudflare-go/intelligence_ip.go
deleted file mode 100644
index 47c74b30e5..0000000000
--- a/pkg/cloudflare-go/intelligence_ip.go
+++ /dev/null
@@ -1,156 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// IPIntelligence represents IP intelligence information.
-type IPIntelligence struct {
-	IP           string       `json:"ip"`
-	BelongsToRef BelongsToRef `json:"belongs_to_ref"`
-	RiskTypes    []RiskTypes  `json:"risk_types"`
-}
-
-// BelongsToRef represents information about who owns an IP address.
-type BelongsToRef struct {
-	ID          string `json:"id"`
-	Value       int    `json:"value"`
-	Type        string `json:"type"`
-	Country     string `json:"country"`
-	Description string `json:"description"`
-}
-
-// RiskTypes represent risk types for an IP.
-type RiskTypes struct {
-	ID              int    `json:"id"`
-	SuperCategoryID int    `json:"super_category_id"`
-	Name            string `json:"name"`
-}
-
-// IPPassiveDNS represent DNS response.
-type IPPassiveDNS struct {
-	ReverseRecords []ReverseRecords `json:"reverse_records,omitempty"`
-	Count          int              `json:"count,omitempty"`
-	Page           int              `json:"page,omitempty"`
-	PerPage        int              `json:"per_page,omitempty"`
-}
-
-// ReverseRecords represent records for passive DNS.
-type ReverseRecords struct {
-	FirstSeen string `json:"first_seen,omitempty"`
-	LastSeen  string `json:"last_seen,omitempty"`
-	Hostname  string `json:"hostname,omitempty"`
-}
-
-// IPIntelligenceParameters represents parameters for an IP Intelligence request.
-type IPIntelligenceParameters struct {
-	AccountID string `url:"-"`
-	IPv4      string `url:"ipv4,omitempty"`
-	IPv6      string `url:"ipv6,omitempty"`
-}
-
-// IPIntelligenceResponse represents an IP Intelligence API response.
-type IPIntelligenceResponse struct {
-	Response
-	Result []IPIntelligence `json:"result,omitempty"`
-}
-
-// IPIntelligenceListParameters represents the parameters for an IP list request.
-type IPIntelligenceListParameters struct {
-	AccountID string
-}
-
-// IPIntelligenceItem represents an item in an IP list.
-type IPIntelligenceItem struct {
-	ID   int    `json:"id,omitempty"`
-	Name string `json:"name,omitempty"`
-}
-
-// IPIntelligenceListResponse represents the response for an IP list API response.
-type IPIntelligenceListResponse struct {
-	Response
-	Result []IPIntelligenceItem `json:"result,omitempty"`
-}
-
-// IPIntelligencePassiveDNSParameters represents the parameters for a passive DNS request.
-type IPIntelligencePassiveDNSParameters struct {
-	AccountID string `url:"-"`
-	IPv4      string `url:"ipv4,omitempty"`
-	Start     string `url:"start,omitempty"`
-	End       string `url:"end,omitempty"`
-	Page      int    `url:"page,omitempty"`
-	PerPage   int    `url:"per_page,omitempty"`
-}
-
-// IPIntelligencePassiveDNSResponse represents a passive API response.
-type IPIntelligencePassiveDNSResponse struct {
-	Response
-	Result IPPassiveDNS `json:"result,omitempty"`
-}
-
-// IntelligenceGetIPOverview gets information about ipv4 or ipv6 address.
-//
-// API Reference: https://api.cloudflare.com/#ip-intelligence-get-ip-overview
-func (api *API) IntelligenceGetIPOverview(ctx context.Context, params IPIntelligenceParameters) ([]IPIntelligence, error) {
-	if params.AccountID == "" {
-		return []IPIntelligence{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/ip", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []IPIntelligence{}, err
-	}
-
-	var ipDetails IPIntelligenceResponse
-	if err := json.Unmarshal(res, &ipDetails); err != nil {
-		return []IPIntelligence{}, err
-	}
-	return ipDetails.Result, nil
-}
-
-// IntelligenceGetIPList gets intelligence ip-lists.
-//
-// API Reference: https://api.cloudflare.com/#ip-list-get-ip-lists
-func (api *API) IntelligenceGetIPList(ctx context.Context, params IPIntelligenceListParameters) ([]IPIntelligenceItem, error) {
-	if params.AccountID == "" {
-		return []IPIntelligenceItem{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/intel/ip-list", params.AccountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []IPIntelligenceItem{}, err
-	}
-
-	var ipListItem IPIntelligenceListResponse
-	if err := json.Unmarshal(res, &ipListItem); err != nil {
-		return []IPIntelligenceItem{}, err
-	}
-	return ipListItem.Result, nil
-}
-
-// IntelligencePassiveDNS gets a history of DNS for an ip.
-//
-// API Reference: https://api.cloudflare.com/#passive-dns-by-ip-get-passive-dns-by-ip
-func (api *API) IntelligencePassiveDNS(ctx context.Context, params IPIntelligencePassiveDNSParameters) (IPPassiveDNS, error) {
-	if params.AccountID == "" {
-		return IPPassiveDNS{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/dns", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IPPassiveDNS{}, err
-	}
-
-	var passiveDNS IPIntelligencePassiveDNSResponse
-	if err := json.Unmarshal(res, &passiveDNS); err != nil {
-		return IPPassiveDNS{}, err
-	}
-	return passiveDNS.Result, nil
-}
diff --git a/pkg/cloudflare-go/intelligence_ip_test.go b/pkg/cloudflare-go/intelligence_ip_test.go
deleted file mode 100644
index b8389fec53..0000000000
--- a/pkg/cloudflare-go/intelligence_ip_test.go
+++ /dev/null
@@ -1,163 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestIntelligence_GetIPOverview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/ip", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "ip": "192.0.2.0",
-      "belongs_to_ref": {
-        "id": "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8",
-        "value": 13335,
-        "type": "hosting_provider",
-        "country": "US",
-        "description": "CLOUDFLARENET"
-      },
-      "risk_types": [
-        {
-          "id": 131,
-          "super_category_id": 21,
-          "name": "Phishing"
-        }
-      ]
-    }
-  ]
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceGetIPOverview(context.Background(), IPIntelligenceParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := IPIntelligence{
-		IP: "192.0.2.0",
-		BelongsToRef: BelongsToRef{
-			ID:          "autonomous-system--2fa28d71-3549-5a38-af05-770b79ad6ea8",
-			Value:       13335,
-			Type:        "hosting_provider",
-			Country:     "US",
-			Description: "CLOUDFLARENET",
-		},
-		RiskTypes: []RiskTypes{
-			{
-				ID:              131,
-				SuperCategoryID: 21,
-				Name:            "Phishing",
-			},
-		},
-	}
-
-	out, err := client.IntelligenceGetIPOverview(context.Background(), IPIntelligenceParameters{AccountID: testAccountID, IPv4: "192.0.2.0", IPv6: "2001:0DB8::"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, len(out), 1, "IP overview length mismatch")
-		assert.Equal(t, out[0], want, "structs not equal")
-	}
-}
-
-func TestIntelligence_GetIPLists(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/ip-list", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": 3,
-      "name": "Malware"
-    }
-]
-}
-  `)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceGetIPList(context.Background(), IPIntelligenceListParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := []IPIntelligenceItem{
-		{
-			ID:   3,
-			Name: "Malware",
-		},
-	}
-
-	out, err := client.IntelligenceGetIPList(context.Background(), IPIntelligenceListParameters{AccountID: testAccountID})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
-
-func TestIntelligence_PassiveDNS(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/dns", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "reverse_records": [
-      {
-        "first_seen": "2021-04-01",
-        "last_seen": "2021-04-30",
-        "hostname": "cloudflare.com"
-      }
-    ],
-    "count": 1,
-    "page": 1,
-    "per_page": 20
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligencePassiveDNS(context.Background(), IPIntelligencePassiveDNSParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := IPPassiveDNS{
-		Count:   1,
-		Page:    1,
-		PerPage: 20,
-		ReverseRecords: []ReverseRecords{{
-			FirstSeen: "2021-04-01",
-			LastSeen:  "2021-04-30",
-			Hostname:  "cloudflare.com",
-		}},
-	}
-
-	out, err := client.IntelligencePassiveDNS(context.Background(), IPIntelligencePassiveDNSParameters{AccountID: testAccountID})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/intelligence_phishing.go b/pkg/cloudflare-go/intelligence_phishing.go
deleted file mode 100644
index ceb3f497ee..0000000000
--- a/pkg/cloudflare-go/intelligence_phishing.go
+++ /dev/null
@@ -1,52 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// PhishingScan represent information about a phishing scan.
-type PhishingScan struct {
-	URL        string  `json:"url"`
-	Phishing   bool    `json:"phishing"`
-	Verified   bool    `json:"verified"`
-	Score      float64 `json:"score"`
-	Classifier string  `json:"classifier"`
-}
-
-// PhishingScanParameters represent parameters for a phishing scan request.
-type PhishingScanParameters struct {
-	AccountID string `url:"-"`
-	URL       string `url:"url,omitempty"`
-	Skip      bool   `url:"skip,omitempty"`
-}
-
-// PhishingScanResponse represent an API response for a phishing scan.
-type PhishingScanResponse struct {
-	Response
-	Result PhishingScan `json:"result,omitempty"`
-}
-
-// IntelligencePhishingScan scans a URL for suspected phishing
-//
-// API Reference: https://api.cloudflare.com/#phishing-url-scanner-scan-suspicious-url
-func (api *API) IntelligencePhishingScan(ctx context.Context, params PhishingScanParameters) (PhishingScan, error) {
-	if params.AccountID == "" {
-		return PhishingScan{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel-phishing/predict", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PhishingScan{}, err
-	}
-
-	var phishingScanResponse PhishingScanResponse
-	if err := json.Unmarshal(res, &phishingScanResponse); err != nil {
-		return PhishingScan{}, err
-	}
-	return phishingScanResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/intelligence_phishing_test.go b/pkg/cloudflare-go/intelligence_phishing_test.go
deleted file mode 100644
index f394b5ba09..0000000000
--- a/pkg/cloudflare-go/intelligence_phishing_test.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestIntelligence_PhishingScan(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel-phishing/predict", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "url": "https://www.cloudflare.com",
-    "phishing": false,
-    "verified": false,
-    "score": 0.99,
-    "classifier": "MACHINE_LEARNING_v2"
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligencePhishingScan(context.Background(), PhishingScanParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	want := PhishingScan{
-		URL:        "https://www.cloudflare.com",
-		Phishing:   false,
-		Verified:   false,
-		Score:      0.99,
-		Classifier: "MACHINE_LEARNING_v2",
-	}
-
-	out, err := client.IntelligencePhishingScan(context.Background(), PhishingScanParameters{AccountID: testAccountID, URL: "https://www.cloudflare.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/intelligence_whois.go b/pkg/cloudflare-go/intelligence_whois.go
deleted file mode 100644
index 72a3a61364..0000000000
--- a/pkg/cloudflare-go/intelligence_whois.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// WHOIS represents whois information.
-type WHOIS struct {
-	Domain            string   `json:"domain,omitempty"`
-	CreatedDate       string   `json:"created_date,omitempty"`
-	UpdatedDate       string   `json:"updated_date,omitempty"`
-	Registrant        string   `json:"registrant,omitempty"`
-	RegistrantOrg     string   `json:"registrant_org,omitempty"`
-	RegistrantCountry string   `json:"registrant_country,omitempty"`
-	RegistrantEmail   string   `json:"registrant_email,omitempty"`
-	Registrar         string   `json:"registrar,omitempty"`
-	Nameservers       []string `json:"nameservers,omitempty"`
-}
-
-// WHOISParameters represents parameters for a who is request.
-type WHOISParameters struct {
-	AccountID string `url:"-"`
-	Domain    string `url:"domain"`
-}
-
-// WHOISResponse represents an API response for a whois request.
-type WHOISResponse struct {
-	Response
-	Result WHOIS `json:"result,omitempty"`
-}
-
-// IntelligenceWHOIS gets whois information for a domain.
-//
-// API Reference: https://api.cloudflare.com/#whois-record-get-whois-record
-func (api *API) IntelligenceWHOIS(ctx context.Context, params WHOISParameters) (WHOIS, error) {
-	if params.AccountID == "" {
-		return WHOIS{}, ErrMissingAccountID
-	}
-
-	if params.Domain == "" {
-		return WHOIS{}, ErrMissingDomain
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/intel/whois", params.AccountID), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WHOIS{}, err
-	}
-
-	var whoisResponse WHOISResponse
-	if err := json.Unmarshal(res, &whoisResponse); err != nil {
-		return WHOIS{}, err
-	}
-
-	return whoisResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/intelligence_whois_test.go b/pkg/cloudflare-go/intelligence_whois_test.go
deleted file mode 100644
index 819dcfa890..0000000000
--- a/pkg/cloudflare-go/intelligence_whois_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestIntelligence_WHOIS(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/intel/whois", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "domain": "cloudflare.com",
-    "created_date": "2009-02-17",
-    "updated_date": "2017-05-24",
-    "registrant": "DATA REDACTED",
-    "registrant_org": "DATA REDACTED",
-    "registrant_country": "United States",
-    "registrant_email": "https://domaincontact.cloudflareregistrar.com/cloudflare.com",
-    "registrar": "Cloudflare, Inc.",
-    "nameservers": [
-      "ns3.cloudflare.com",
-      "ns4.cloudflare.com",
-      "ns5.cloudflare.com",
-      "ns6.cloudflare.com",
-      "ns7.cloudflare.com"
-    ]
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.IntelligenceWHOIS(context.Background(), WHOISParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing domain is thrown
-	_, err = client.IntelligenceWHOIS(context.Background(), WHOISParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-
-	want := WHOIS{
-		Domain:            "cloudflare.com",
-		CreatedDate:       "2009-02-17",
-		UpdatedDate:       "2017-05-24",
-		Registrant:        "DATA REDACTED",
-		RegistrantOrg:     "DATA REDACTED",
-		RegistrantCountry: "United States",
-		RegistrantEmail:   "https://domaincontact.cloudflareregistrar.com/cloudflare.com",
-		Registrar:         "Cloudflare, Inc.",
-		Nameservers: []string{
-			"ns3.cloudflare.com",
-			"ns4.cloudflare.com",
-			"ns5.cloudflare.com",
-			"ns6.cloudflare.com",
-			"ns7.cloudflare.com",
-		},
-	}
-
-	out, err := client.IntelligenceWHOIS(context.Background(), WHOISParameters{AccountID: testAccountID, Domain: "cloudflare.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go b/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
deleted file mode 100644
index d52e5a355a..0000000000
--- a/pkg/cloudflare-go/internal/tools/cmd/changelog-check/main.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"os"
-	"strconv"
-	"strings"
-
-	"github.com/cloudflare/cloudflare-go"
-	"github.com/google/go-github/github"
-	"golang.org/x/oauth2"
-)
-
-const (
-	changelogEntryFileFormat      = ".changelog/%d.txt"
-	changelogProcessDocumentation = "https://github.com/cloudflare/cloudflare-go/blob/master/docs/changelog-process.md"
-	changelogDetectedMessage      = "changelog detected :white_check_mark:"
-)
-
-var (
-	changelogEntryPresent        = false
-	successMessageAlreadyPresent = false
-)
-
-func getSkipLabels() []string {
-	return []string{"workflow/skip-changelog-entry", "dependencies"}
-}
-
-func main() {
-	ctx := context.Background()
-	if len(os.Args) < 2 {
-		log.Fatalf("Usage: changelog-check PR#\n")
-	}
-	pr := os.Args[1]
-	prNo, err := strconv.Atoi(pr)
-	if err != nil {
-		log.Fatalf("error parsing PR %q as a number: %s", pr, err)
-	}
-
-	owner := os.Getenv("GITHUB_OWNER")
-	repo := os.Getenv("GITHUB_REPO")
-	token := os.Getenv("GITHUB_TOKEN")
-
-	if owner == "" {
-		log.Fatalf("GITHUB_OWNER not set")
-	}
-
-	if repo == "" {
-		log.Fatalf("GITHUB_REPO not set")
-	}
-
-	if token == "" {
-		log.Fatalf("GITHUB_TOKEN not set")
-	}
-
-	ts := oauth2.StaticTokenSource(
-		&oauth2.Token{AccessToken: token},
-	)
-	tc := oauth2.NewClient(ctx, ts)
-
-	client := github.NewClient(tc)
-
-	pullRequest, _, err := client.PullRequests.Get(ctx, owner, repo, prNo)
-	if err != nil {
-		log.Fatalf("error retrieving pull request %s/%s#%d: %s", owner, repo, prNo, err)
-	}
-
-	for _, label := range pullRequest.Labels {
-		for _, skipLabel := range getSkipLabels() {
-			if label.GetName() == skipLabel {
-				log.Printf("%s label found, exiting as changelog is not required\n", label.GetName())
-				os.Exit(0)
-			}
-		}
-	}
-
-	files, _, _ := client.PullRequests.ListFiles(ctx, owner, repo, prNo, &github.ListOptions{})
-	if err != nil {
-		log.Fatalf("error retrieving files on pull request %s/%s#%d: %s", owner, repo, prNo, err)
-	}
-
-	for _, file := range files {
-		if file.GetFilename() == fmt.Sprintf(changelogEntryFileFormat, prNo) {
-			changelogEntryPresent = true
-		}
-	}
-
-	comments, _, _ := client.Issues.ListComments(ctx, owner, repo, prNo, &github.IssueListCommentsOptions{})
-	for _, comment := range comments {
-		if strings.Contains(comment.GetBody(), "no changelog entry is attached to") {
-			if changelogEntryPresent {
-				client.Issues.EditComment(ctx, owner, repo, *comment.ID, &github.IssueComment{
-					Body: cloudflare.StringPtr(changelogDetectedMessage),
-				})
-				os.Exit(0)
-			}
-			log.Println("no change in status of changelog checks; exiting")
-			os.Exit(1)
-		}
-
-		if strings.Contains(comment.GetBody(), changelogDetectedMessage) {
-			successMessageAlreadyPresent = true
-		}
-	}
-
-	if changelogEntryPresent {
-		if !successMessageAlreadyPresent {
-			_, _, _ = client.Issues.CreateComment(ctx, owner, repo, prNo, &github.IssueComment{
-				Body: cloudflare.StringPtr(changelogDetectedMessage),
-			})
-		}
-		log.Printf("changelog found for %d, skipping remainder of checks\n", prNo)
-		os.Exit(0)
-	}
-
-	body := "Oops! It looks like no changelog entry is attached to" +
-		" this PR. Please include a release note as described in " +
-		changelogProcessDocumentation + ".\n\nExample: " +
-		"\n\n~~~\n```release-note:TYPE\nRelease note" +
-		"\n```\n~~~\n\n" +
-		"If you do not require a release note to be included, please add the `workflow/skip-changelog-entry` label."
-
-	_, _, err = client.Issues.CreateComment(ctx, owner, repo, prNo, &github.IssueComment{
-		Body: &body,
-	})
-
-	if err != nil {
-		log.Fatalf("failed to comment on pull request %s/%s#%d: %s", owner, repo, prNo, err)
-	}
-
-	os.Exit(1)
-}
diff --git a/pkg/cloudflare-go/internal/tools/go.mod b/pkg/cloudflare-go/internal/tools/go.mod
deleted file mode 100644
index bf856580de..0000000000
--- a/pkg/cloudflare-go/internal/tools/go.mod
+++ /dev/null
@@ -1,249 +0,0 @@
-module github.com/cloudflare/cloudflare-go/internal/tools
-
-go 1.19
-
-require (
-	github.com/breml/bidichk v0.2.3
-	github.com/cloudflare/cloudflare-go v0.48.0
-	github.com/curioswitch/go-reassign v0.2.0
-	github.com/cweill/gotests v1.6.0
-	github.com/go-delve/delve v1.9.0
-	github.com/golangci/golangci-lint v1.48.0
-	github.com/google/go-github v17.0.0+incompatible
-	github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8
-	github.com/jgautheron/goconst v1.5.1
-	github.com/kyoh86/exportloopref v0.1.8
-	github.com/orijtech/structslop v0.0.6
-	github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949
-	github.com/securego/gosec/v2 v2.13.1
-	github.com/uudashr/gopkgs/v2 v2.1.2
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
-	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094
-	golang.org/x/tools v0.13.0
-	golang.org/x/tools/gopls v0.9.4
-)
-
-require (
-	4d63.com/gochecknoglobals v0.1.0 // indirect
-	dario.cat/mergo v1.0.0 // indirect
-	github.com/Antonboom/errname v0.1.7 // indirect
-	github.com/Antonboom/nilnil v0.1.1 // indirect
-	github.com/BurntSushi/toml v1.2.0 // indirect
-	github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
-	github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2 // indirect
-	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver v1.5.0 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/OpenPeeDeeP/depguard v1.1.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
-	github.com/alexkohler/prealloc v1.0.0 // indirect
-	github.com/alingse/asasalint v0.0.11 // indirect
-	github.com/armon/go-radix v1.0.0 // indirect
-	github.com/ashanbrown/forbidigo v1.3.0 // indirect
-	github.com/ashanbrown/makezero v1.1.1 // indirect
-	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bflad/gopaniccheck v0.1.0 // indirect
-	github.com/bflad/tfproviderlint v0.28.1 // indirect
-	github.com/bgentry/speakeasy v0.1.0 // indirect
-	github.com/bkielbasa/cyclop v1.2.0 // indirect
-	github.com/blizzy78/varnamelen v0.8.0 // indirect
-	github.com/bombsimon/wsl/v3 v3.3.0 // indirect
-	github.com/breml/errchkjson v0.3.0 // indirect
-	github.com/butuzov/ireturn v0.1.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/charithe/durationcheck v0.0.9 // indirect
-	github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4 // indirect
-	github.com/cilium/ebpf v0.7.0 // indirect
-	github.com/client9/misspell v0.3.4 // indirect
-	github.com/cloudflare/circl v1.3.7 // indirect
-	github.com/cosiner/argv v0.1.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/daixiang0/gci v0.6.2 // indirect
-	github.com/dave/dst v0.26.2 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/denis-tingaikin/go-header v0.4.3 // indirect
-	github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/esimonov/ifshort v1.0.4 // indirect
-	github.com/ettle/strcase v0.1.1 // indirect
-	github.com/fatih/color v1.16.0 // indirect
-	github.com/fatih/structtag v1.2.0 // indirect
-	github.com/firefart/nonamedreturns v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.5.4 // indirect
-	github.com/fzipp/gocyclo v0.6.0 // indirect
-	github.com/go-critic/go-critic v0.6.3 // indirect
-	github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d // indirect
-	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
-	github.com/go-toolsmith/astcast v1.0.0 // indirect
-	github.com/go-toolsmith/astcopy v1.0.0 // indirect
-	github.com/go-toolsmith/astequal v1.0.1 // indirect
-	github.com/go-toolsmith/astfmt v1.0.0 // indirect
-	github.com/go-toolsmith/astp v1.0.0 // indirect
-	github.com/go-toolsmith/strparse v1.0.0 // indirect
-	github.com/go-toolsmith/typep v1.0.2 // indirect
-	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
-	github.com/gobwas/glob v0.2.3 // indirect
-	github.com/gofrs/flock v0.8.1 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
-	github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 // indirect
-	github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
-	github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe // indirect
-	github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a // indirect
-	github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 // indirect
-	github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca // indirect
-	github.com/golangci/misspell v0.3.5 // indirect
-	github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 // indirect
-	github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-dap v0.6.0 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
-	github.com/gookit/color v1.5.1 // indirect
-	github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 // indirect
-	github.com/gostaticanalysis/analysisutil v0.7.1 // indirect
-	github.com/gostaticanalysis/comment v1.4.2 // indirect
-	github.com/gostaticanalysis/forcetypeassert v0.1.0 // indirect
-	github.com/gostaticanalysis/nilerr v0.1.1 // indirect
-	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
-	github.com/hashicorp/go-uuid v1.0.3 // indirect
-	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hc-install v0.4.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/terraform-exec v0.17.2 // indirect
-	github.com/hashicorp/terraform-json v0.14.0 // indirect
-	github.com/hashicorp/terraform-plugin-docs v0.13.0 // indirect
-	github.com/hexops/gotextdiff v1.0.3 // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
-	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
-	github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
-	github.com/julz/importas v0.1.0 // indirect
-	github.com/karrick/godirwalk v1.12.0 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/kisielk/errcheck v1.6.2 // indirect
-	github.com/kisielk/gotool v1.0.0 // indirect
-	github.com/kulti/thelper v0.6.3 // indirect
-	github.com/kunwardeep/paralleltest v1.0.6 // indirect
-	github.com/ldez/gomoddirectives v0.2.3 // indirect
-	github.com/ldez/tagliatelle v0.3.1 // indirect
-	github.com/leonklingele/grouper v1.1.0 // indirect
-	github.com/lufeee/execinquery v1.2.1 // indirect
-	github.com/magiconair/properties v1.8.6 // indirect
-	github.com/maratori/testpackage v1.1.0 // indirect
-	github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.13 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
-	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
-	github.com/mgechev/revive v1.2.1 // indirect
-	github.com/mitchellh/cli v1.1.4 // indirect
-	github.com/mitchellh/copystructure v1.2.0 // indirect
-	github.com/mitchellh/go-homedir v1.1.0 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moricho/tparallel v0.2.1 // indirect
-	github.com/nakabonne/nestif v0.3.1 // indirect
-	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
-	github.com/nishanths/exhaustive v0.8.1 // indirect
-	github.com/nishanths/predeclared v0.2.2 // indirect
-	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.2 // indirect
-	github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d // indirect
-	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/polyfloyd/go-errorlint v1.0.0 // indirect
-	github.com/posener/complete v1.2.3 // indirect
-	github.com/prometheus/client_golang v1.12.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
-	github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a // indirect
-	github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5 // indirect
-	github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 // indirect
-	github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
-	github.com/rivo/uniseg v0.2.0 // indirect
-	github.com/russross/blackfriday v1.6.0 // indirect
-	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/ryancurrah/gomodguard v1.2.4 // indirect
-	github.com/ryanrolds/sqlclosecheck v0.3.0 // indirect
-	github.com/sanposhiho/wastedassign/v2 v2.0.6 // indirect
-	github.com/sashamelentyev/usestdlibvars v1.8.0 // indirect
-	github.com/sergi/go-diff v1.2.0 // indirect
-	github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
-	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
-	github.com/sivchari/containedctx v1.0.2 // indirect
-	github.com/sivchari/nosnakecase v1.7.0 // indirect
-	github.com/sivchari/tenv v1.7.0 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
-	github.com/sonatard/noctx v0.0.1 // indirect
-	github.com/sourcegraph/go-diff v0.6.1 // indirect
-	github.com/spf13/afero v1.8.2 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/cobra v1.5.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.12.0 // indirect
-	github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect
-	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
-	github.com/stretchr/objx v0.5.0 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
-	github.com/subosito/gotenv v1.4.0 // indirect
-	github.com/sylvia7788/contextcheck v1.0.4 // indirect
-	github.com/tdakkota/asciicheck v0.1.1 // indirect
-	github.com/tetafro/godot v1.4.11 // indirect
-	github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 // indirect
-	github.com/tomarrell/wrapcheck/v2 v2.6.2 // indirect
-	github.com/tommy-muehle/go-mnd/v2 v2.5.0 // indirect
-	github.com/ultraware/funlen v0.0.3 // indirect
-	github.com/ultraware/whitespace v0.0.5 // indirect
-	github.com/uudashr/gocognit v1.0.6 // indirect
-	github.com/xanzy/ssh-agent v0.3.3 // indirect
-	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
-	github.com/yagipy/maintidx v1.0.0 // indirect
-	github.com/yeya24/promlinter v0.2.0 // indirect
-	github.com/zclconf/go-cty v1.10.0 // indirect
-	gitlab.com/bosi/decorder v0.2.3 // indirect
-	go.starlark.net v0.0.0-20200821142938-949cc6f4b097 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.6.0 // indirect
-	go.uber.org/zap v1.17.0 // indirect
-	golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e // indirect
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
-	golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/protobuf v1.33.0 // indirect
-	gopkg.in/ini.v1 v1.66.6 // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
-	honnef.co/go/tools v0.3.3 // indirect
-	mvdan.cc/gofumpt v0.3.1 // indirect
-	mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect
-	mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect
-	mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 // indirect
-	mvdan.cc/xurls/v2 v2.4.0 // indirect
-)
diff --git a/pkg/cloudflare-go/internal/tools/go.sum b/pkg/cloudflare-go/internal/tools/go.sum
deleted file mode 100644
index 003cb032f9..0000000000
--- a/pkg/cloudflare-go/internal/tools/go.sum
+++ /dev/null
@@ -1,1444 +0,0 @@
-4d63.com/gochecknoglobals v0.1.0 h1:zeZSRqj5yCg28tCkIV/z/lWbwvNm5qnKVS15PI8nhD0=
-4d63.com/gochecknoglobals v0.1.0/go.mod h1:wfdC5ZjKSPr7CybKEcgJhUOgeAQW1+7WcyK8OvUilfo=
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.61.0/go.mod h1:XukKJg4Y7QsUu0Hxg3qQKUWR4VuWivmyMK2+rUyxAqw=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
-dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/Antonboom/errname v0.1.7 h1:mBBDKvEYwPl4WFFNwec1CZO096G6vzK9vvDQzAwkako=
-github.com/Antonboom/errname v0.1.7/go.mod h1:g0ONh16msHIPgJSGsecu1G/dcF2hlYR/0SddnIAGavU=
-github.com/Antonboom/nilnil v0.1.1 h1:PHhrh5ANKFWRBh7TdYmyyq2gyT2lotnvFvvFbylF81Q=
-github.com/Antonboom/nilnil v0.1.1/go.mod h1:L1jBqoWM7AOeTD+tSquifKSesRHs4ZdaxvZR+xdJEaI=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/toml v1.1.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/toml v1.2.0 h1:Rt8g24XnyGTyglgET/PRUNlrUeu9F5L+7FilkXfZgs0=
-github.com/BurntSushi/toml v1.2.0/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 h1:sHglBQTwgx+rWPdisA5ynNEsoARbiCBOyGcJM4/OzsM=
-github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs=
-github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2 h1:DGdS4FlsdM6OkluXOhgkvwx05ZjD3Idm9WqtYnOmSuY=
-github.com/GaijinEntertainment/go-exhaustruct/v2 v2.2.2/go.mod h1:xj0D2jwLdp6tOKLheyZCsfL0nz8DaicmJxSwj3VcHtY=
-github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
-github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
-github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
-github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
-github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
-github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI=
-github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8=
-github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk=
-github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
-github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/OpenPeeDeeP/depguard v1.1.0 h1:pjK9nLPS1FwQYGGpPxoMYpe7qACHOhAWQMQzV71i49o=
-github.com/OpenPeeDeeP/depguard v1.1.0/go.mod h1:JtAMzWkmFEzDPyAd+W0NHl1lvpQKTvT9jnRVsohBKpc=
-github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg=
-github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
-github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4=
-github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
-github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0=
-github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pOcUuw=
-github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE=
-github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw=
-github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I=
-github.com/andybalholm/crlf v0.0.0-20171020200849-670099aa064f/go.mod h1:k8feO4+kXDxro6ErPXBRTJ/ro2mf0SsFG8s7doP9kJE=
-github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
-github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
-github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
-github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
-github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
-github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM=
-github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
-github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
-github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
-github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/ashanbrown/forbidigo v1.3.0 h1:VkYIwb/xxdireGAdJNZoo24O4lmnEWkactplBlWTShc=
-github.com/ashanbrown/forbidigo v1.3.0/go.mod h1:vVW7PEdqEFqapJe95xHkTfB1+XvZXBFg8t0sG2FIxmI=
-github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
-github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
-github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
-github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bflad/gopaniccheck v0.1.0 h1:tJftp+bv42ouERmUMWLoUn/5bi/iQZjHPznM00cP/bU=
-github.com/bflad/gopaniccheck v0.1.0/go.mod h1:ZCj2vSr7EqVeDaqVsWN4n2MwdROx1YL+LFo47TSWtsA=
-github.com/bflad/tfproviderlint v0.28.1 h1:7f54/ynV6/lK5/1EyG7tHtc4sMdjJSEFGjZNRJKwBs8=
-github.com/bflad/tfproviderlint v0.28.1/go.mod h1:7Z9Pyl1Z1UWJcPBuyjN89D2NaJGpjReQb5NoaaQCthQ=
-github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
-github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
-github.com/bkielbasa/cyclop v1.2.0 h1:7Jmnh0yL2DjKfw28p86YTd/B4lRGcNuu12sKE35sM7A=
-github.com/bkielbasa/cyclop v1.2.0/go.mod h1:qOI0yy6A7dYC4Zgsa72Ppm9kONl0RoIlPbzot9mhmeI=
-github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M=
-github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k=
-github.com/bombsimon/wsl/v3 v3.3.0 h1:Mka/+kRLoQJq7g2rggtgQsjuI/K5Efd87WX96EWFxjM=
-github.com/bombsimon/wsl/v3 v3.3.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
-github.com/breml/bidichk v0.2.3 h1:qe6ggxpTfA8E75hdjWPZ581sY3a2lnl0IRxLQFelECI=
-github.com/breml/bidichk v0.2.3/go.mod h1:8u2C6DnAy0g2cEq+k/A2+tr9O1s+vHGxWn0LTc70T2A=
-github.com/breml/errchkjson v0.3.0 h1:YdDqhfqMT+I1vIxPSas44P+9Z9HzJwCeAzjB8PxP1xw=
-github.com/breml/errchkjson v0.3.0/go.mod h1:9Cogkyv9gcT8HREpzi3TiqBxCqDzo8awa92zSDFcofU=
-github.com/butuzov/ireturn v0.1.1 h1:QvrO2QF2+/Cx1WA/vETCIYBKtRjc30vesdoPUNo1EbY=
-github.com/butuzov/ireturn v0.1.1/go.mod h1:Wh6Zl3IMtTpaIKbmwzqi6olnM9ptYQxxVacMsOEFPoc=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/charithe/durationcheck v0.0.9 h1:mPP4ucLrf/rKZiIG/a9IPXHGlh8p4CzgpyTy6EEutYk=
-github.com/charithe/durationcheck v0.0.9/go.mod h1:SSbRIBVfMjCi/kEB6K65XEA83D6prSM8ap1UCpNKtgg=
-github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4 h1:tFXjAxje9thrTF4h57Ckik+scJjTWdwAtZqZPtOT48M=
-github.com/chavacava/garif v0.0.0-20220316182200-5cad0b5181d4/go.mod h1:W8EnPSQ8Nv4fUjc/v1/8tHFqhuOJXnRub0dTfuAQktU=
-github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/cilium/ebpf v0.7.0 h1:1k/q3ATgxSXRdrmPfH8d7YK0GfqVsEKZAX9dQZvs56k=
-github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA=
-github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
-github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
-github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
-github.com/cloudflare/cloudflare-go v0.48.0 h1:bg4mGzmR21+85p9qvwupje42IUqVK6ZSunrnY8lNGtE=
-github.com/cloudflare/cloudflare-go v0.48.0/go.mod h1:NTQPvombbf52QYX6YdY/oA15F7u9GNzeBhY3c3H49vA=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cosiner/argv v0.1.0 h1:BVDiEL32lwHukgJKP87btEPenzrrHUjajs/8yzaqcXg=
-github.com/cosiner/argv v0.1.0/go.mod h1:EusR6TucWKX+zFgtdUsKT2Cvg45K5rtpCcWz4hK06d8=
-github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
-github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/curioswitch/go-reassign v0.2.0 h1:G9UZyOcpk/d7Gd6mqYgd8XYWFMw/znxwGDUstnC9DIo=
-github.com/curioswitch/go-reassign v0.2.0/go.mod h1:x6OpXuWvgfQaMGks2BZybTngWjT84hqJfKoO8Tt/Roc=
-github.com/cweill/gotests v1.6.0 h1:KJx+/p4EweijYzqPb4Y/8umDCip1Cv6hEVyOx0mE9W8=
-github.com/cweill/gotests v1.6.0/go.mod h1:CaRYbxQZGQOxXDvM9l0XJVV2Tjb2E5H53vq+reR2GrA=
-github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
-github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/daixiang0/gci v0.6.2 h1:TXCP5RqjE/UupXO+p33MEhqdv7QxjKGw5MVkt9ATiMs=
-github.com/daixiang0/gci v0.6.2/go.mod h1:EpVfrztufwVgQRXjnX4zuNinEpLj5OmMjtu/+MB0V0c=
-github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY=
-github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
-github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
-github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
-github.com/dave/kerr v0.0.0-20170318121727-bc25dd6abe8e/go.mod h1:qZqlPyPvfsDJt+3wHJ1EvSXDuVjFTK0j2p/ca+gtsb8=
-github.com/dave/rebecca v0.9.1/go.mod h1:N6XYdMD/OKw3lkF3ywh8Z6wPGuwNFDNtWYEMFWEmXBA=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/denis-tingaikin/go-header v0.4.3 h1:tEaZKAlqql6SKCY++utLmkPLd6K8IBM20Ha7UVm+mtU=
-github.com/denis-tingaikin/go-header v0.4.3/go.mod h1:0wOCWuN71D5qIgE2nz9KrKmuYBAC2Mra5RassOIQ2/c=
-github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9 h1:G765iDCq7bP5opdrPkXk+4V3yfkgV9iGFuheWZ/X/zY=
-github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9/go.mod h1:D6ICZm05D9VN1n/8iOtBxLpXtoGp6HDFUJ1RNVieOSE=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
-github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU=
-github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
-github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
-github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/esimonov/ifshort v1.0.4 h1:6SID4yGWfRae/M7hkVDVVyppy8q/v9OuxNdmjLQStBA=
-github.com/esimonov/ifshort v1.0.4/go.mod h1:Pe8zjlRrJ80+q2CxHLfEOfTwxCZ4O+MuhcHcfgNWTk0=
-github.com/ettle/strcase v0.1.1 h1:htFueZyVeE1XNnMEfbqp5r67qAN/4r6ya1ysq8Q+Zcw=
-github.com/ettle/strcase v0.1.1/go.mod h1:hzDLsPC7/lwKyBOywSHEP89nt2pDgdy+No1NBA9o9VY=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=
-github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
-github.com/firefart/nonamedreturns v1.0.4 h1:abzI1p7mAEPYuR4A+VLKn4eNDOycjYo2phmY9sfv40Y=
-github.com/firefart/nonamedreturns v1.0.4/go.mod h1:TDhe/tjI1BXo48CmYbUduTV7BdIga8MAO/xbKdcVsGI=
-github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
-github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
-github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
-github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
-github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
-github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY=
-github.com/go-critic/go-critic v0.6.3 h1:abibh5XYBTASawfTQ0rA7dVtQT+6KzpGqb/J+DxRDaw=
-github.com/go-critic/go-critic v0.6.3/go.mod h1:c6b3ZP1MQ7o6lPR7Rv3lEf7pYQUmAcx8ABHgdZCQt/k=
-github.com/go-delve/delve v1.9.0 h1:+vW0r1vuwk5Fqv+89ZvLTUfx55PvlENvfW4DH3v+x48=
-github.com/go-delve/delve v1.9.0/go.mod h1:CMUUF5L5qeBI3DXz9K/vXOt+h+TycVegYuzq8vv2cOk=
-github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d h1:pxjSLshkZJGLVm0wv20f/H0oTWiq/egkoJQ2ja6LEvo=
-github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d/go.mod h1:biJCRbqp51wS+I92HMqn5H8/A0PAhxn2vyOT+JqhiGI=
-github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
-github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=
-github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow=
-github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
-github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0=
-github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
-github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM=
-github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc=
-github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4=
-github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/go-toolsmith/astcast v1.0.0 h1:JojxlmI6STnFVG9yOImLeGREv8W2ocNUM+iOhR6jE7g=
-github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
-github.com/go-toolsmith/astcopy v1.0.0 h1:OMgl1b1MEpjFQ1m5ztEO06rz5CUd3oBv9RF7+DyvdG8=
-github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
-github.com/go-toolsmith/astequal v1.0.0/go.mod h1:H+xSiq0+LtiDC11+h1G32h7Of5O3CYFJ99GVbS5lDKY=
-github.com/go-toolsmith/astequal v1.0.1 h1:JbSszi42Jiqu36Gnf363HWS9MTEAz67vTQLponh3Moc=
-github.com/go-toolsmith/astequal v1.0.1/go.mod h1:4oGA3EZXTVItV/ipGiOx7NWkY5veFfcsOJVS2YxltLw=
-github.com/go-toolsmith/astfmt v1.0.0 h1:A0vDDXt+vsvLEdbMFJAUBI/uTbRw1ffOPnxsILnFL6k=
-github.com/go-toolsmith/astfmt v1.0.0/go.mod h1:cnWmsOAuq4jJY6Ct5YWlVLmcmLMn1JUPuQIHCY7CJDw=
-github.com/go-toolsmith/astp v1.0.0 h1:alXE75TXgcmupDsMK1fRAy0YUzLzqPVvBKoyWV+KPXg=
-github.com/go-toolsmith/astp v1.0.0/go.mod h1:RSyrtpVlfTFGDYRbrjyWP1pYu//tSFcvdYrA8meBmLI=
-github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5 h1:eD9POs68PHkwrx7hAB78z1cb6PfGq/jyWn3wJywsH1o=
-github.com/go-toolsmith/pkgload v1.0.2-0.20220101231613-e814995d17c5/go.mod h1:3NAwwmD4uY/yggRxoEjk/S00MIV3A+H7rrE3i87eYxM=
-github.com/go-toolsmith/strparse v1.0.0 h1:Vcw78DnpCAKlM20kSbAyO4mPfJn/lyYA4BJUDxe2Jb4=
-github.com/go-toolsmith/strparse v1.0.0/go.mod h1:YI2nUKP9YGZnL/L1/DLFBfixrcjslWct4wyljWhSRy8=
-github.com/go-toolsmith/typep v1.0.2 h1:8xdsa1+FSIH/RhEkgnD1j2CJOy5mNllW1Q9tRiYwvlk=
-github.com/go-toolsmith/typep v1.0.2/go.mod h1:JSQCQMUPdRlMZFswiq3TGpNp1GMktqkR2Ns5AIQkATU=
-github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
-github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
-github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
-github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
-github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0=
-github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
-github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM=
-github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
-github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe h1:6RGUuS7EGotKx6J5HIP8ZtyMdiDscjMLfRBSPuzVVeo=
-github.com/golangci/go-misc v0.0.0-20220329215616-d24fe342adfe/go.mod h1:gjqyPShc/m8pEMpk0a3SeagVb0kaqvhscv+i9jI5ZhQ=
-github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a h1:iR3fYXUjHCR97qWS8ch1y9zPNsgXThGwjKPrYfqMPks=
-github.com/golangci/gofmt v0.0.0-20190930125516-244bba706f1a/go.mod h1:9qCChq59u/eW8im404Q2WWTrnBUQKjpNYKMbU4M7EFU=
-github.com/golangci/golangci-lint v1.48.0 h1:hRiBNk9iRqdAKMa06ntfEiLyza1/3IE9rHLNJaek4a8=
-github.com/golangci/golangci-lint v1.48.0/go.mod h1:5N+oxduCho+7yuccW69upg/O7cxjfR/d+IQeiNxGmKM=
-github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0 h1:MfyDlzVjl1hoaPzPD4Gpb/QgoRfSBR0jdhwGyAWwMSA=
-github.com/golangci/lint-1 v0.0.0-20191013205115-297bf364a8e0/go.mod h1:66R6K6P6VWk9I95jvqGxkqJxVWGFy9XlDwLwVz1RCFg=
-github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca h1:kNY3/svz5T29MYHubXix4aDDuE3RWHkPvopM/EDv/MA=
-github.com/golangci/maligned v0.0.0-20180506175553-b1d89398deca/go.mod h1:tvlJhZqDe4LMs4ZHD0oMUlt9G2LWuDGoisJTBzLMV9o=
-github.com/golangci/misspell v0.3.5 h1:pLzmVdl3VxTOncgzHcvLOKirdvcx/TydsClUQXTehjo=
-github.com/golangci/misspell v0.3.5/go.mod h1:dEbvlSfYbMQDtrpRMQU675gSDLDNa8sCPPChZ7PhiVA=
-github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6 h1:DIPQnGy2Gv2FSA4B/hh8Q7xx3B7AIDk3DAMeHclH1vQ=
-github.com/golangci/revgrep v0.0.0-20220804021717-745bb2f7c2e6/go.mod h1:0AKcRCkMoKvUvlf89F6O7H2LYdhr1zBh736mBItOdRs=
-github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4 h1:zwtduBRr5SSWhqsYNgcuWO2kFlpdOZbP0+yRjmvPGys=
-github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-dap v0.6.0 h1:Y1RHGUtv3R8y6sXq2dtGRMYrFB2hSqyFVws7jucrzX4=
-github.com/google/go-dap v0.6.0/go.mod h1:5q8aYQFnHOAZEMP+6vmq25HKYAEwE+LF5yh7JKrrhSQ=
-github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
-github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
-github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
-github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
-github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181127221834-b4f47329b966/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gookit/color v1.5.1 h1:Vjg2VEcdHpwq+oY63s/ksHrgJYCTo0bwWvmmYWdE9fQ=
-github.com/gookit/color v1.5.1/go.mod h1:wZFzea4X8qN6vHOSP2apMb4/+w/orMznEzYsIHPaqKM=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8 h1:PVRE9d4AQKmbelZ7emNig1+NT27DUmKZn5qXxfio54U=
-github.com/gordonklaus/ineffassign v0.0.0-20210914165742-4cc7213b9bc8/go.mod h1:Qcp2HIAYhR7mNUVSIxZww3Guk4it82ghYcEXIAk+QT0=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE=
-github.com/gostaticanalysis/analysisutil v0.1.0/go.mod h1:dMhHRU9KTiDcuLGdy87/2gTR8WruwYZrKdRq9m1O6uw=
-github.com/gostaticanalysis/analysisutil v0.7.1 h1:ZMCjoue3DtDWQ5WyU16YbjbQEQ3VuzwxALrpYd+HeKk=
-github.com/gostaticanalysis/analysisutil v0.7.1/go.mod h1:v21E3hY37WKMGSnbsw2S/ojApNWb6C1//mXO48CXbVc=
-github.com/gostaticanalysis/comment v1.3.0/go.mod h1:xMicKDx7XRXYdVwY9f9wQpDJVnqWxw9wCauCMKp+IBI=
-github.com/gostaticanalysis/comment v1.4.1/go.mod h1:ih6ZxzTHLdadaiSnF5WY3dxUoXfXAlTaRzuaNDlSado=
-github.com/gostaticanalysis/comment v1.4.2 h1:hlnx5+S2fY9Zo9ePo4AhgYsYHbM2+eAv8m/s1JiCd6Q=
-github.com/gostaticanalysis/comment v1.4.2/go.mod h1:KLUTGDv6HOCotCH8h2erHKmpci2ZoR8VPu34YA2uzdM=
-github.com/gostaticanalysis/forcetypeassert v0.1.0 h1:6eUflI3DiGusXGK6X7cCcIgVCpZ2CiZ1Q7jl6ZxNV70=
-github.com/gostaticanalysis/forcetypeassert v0.1.0/go.mod h1:qZEedyP/sY1lTGV1uJ3VhWZ2mqag3IkWsDHVbplHXak=
-github.com/gostaticanalysis/nilerr v0.1.1 h1:ThE+hJP0fEp4zWLkWHWcRyI2Od0p7DlgYG3Uqrmrcpk=
-github.com/gostaticanalysis/nilerr v0.1.1/go.mod h1:wZYb6YI5YAxxq0i1+VJbY0s2YONW0HU0GPE3+5PWN4A=
-github.com/gostaticanalysis/testutil v0.3.1-0.20210208050101-bfb5c8eec0e4/go.mod h1:D+FIZ+7OahH3ePw/izIEeH5I06eKs1IKI4Xr64/Am3M=
-github.com/gostaticanalysis/testutil v0.4.0 h1:nhdCmubdmDF6VEatUNjgUZBJKWRqugoISdUv3PPQgHY=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
-github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8 h1:9YDSbzqiU768LY0p5rAsifqaZ+wGOjBGtaW6GDH5tyg=
-github.com/hashicorp/go-changelog v0.0.0-20220419201213-5edfc0d651d8/go.mod h1:bYsOXLQjb/yhHHiZAfoiPzhNHVjiNTGryeeBwzn1Uak=
-github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
-github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
-github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
-github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs=
-github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY=
-github.com/hashicorp/go-getter v1.5.0/go.mod h1:a7z7NPPfNQpJWcn4rSWFtdrSldqLdLPEF3d8nFMsSLM=
-github.com/hashicorp/go-getter v1.5.2/go.mod h1:orNH3BTYLu/fIxGIdLjLoAJHWMDQ/UKQr5O4m3iBuoo=
-github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
-github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
-github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-github.com/hashicorp/go-plugin v1.3.0/go.mod h1:F9eH4LrE/ZsRdbwhfjs9k9HoDUwAHnYtXdgmf1AVNs0=
-github.com/hashicorp/go-plugin v1.4.0/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ=
-github.com/hashicorp/go-retryablehttp v0.7.1 h1:sUiuQAnLlbvmExtFQs72iFW/HXeUn8Z1aJLQ4LJJbTQ=
-github.com/hashicorp/go-retryablehttp v0.7.1/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
-github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
-github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
-github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.5.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
-github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
-github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
-github.com/hashicorp/hc-install v0.4.0 h1:cZkRFr1WVa0Ty6x5fTvL1TuO1flul231rWkGH92oYYk=
-github.com/hashicorp/hc-install v0.4.0/go.mod h1:5d155H8EC5ewegao9A4PUTMNPZaq+TbOzkJJZ4vrXeI=
-github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.0.0/go.mod h1:oVVDG71tEinNGYCxinCYadcmKU9bglqW9pV3txagJ90=
-github.com/hashicorp/hcl/v2 v2.3.0/go.mod h1:d+FwDBbOLvpAM3Z6J7gPj/VoAGkNe/gm352ZhjJ/Zv8=
-github.com/hashicorp/hcl/v2 v2.8.2/go.mod h1:bQTN5mpo+jewjJgh8jr0JUguIi7qPHUF6yIfAEN3jqY=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/terraform-config-inspect v0.0.0-20191212124732-c6ae6269b9d7/go.mod h1:p+ivJws3dpqbp1iP84+npOyAmTTOLMgCzrXd3GSdn/A=
-github.com/hashicorp/terraform-exec v0.10.0/go.mod h1:tOT8j1J8rP05bZBGWXfMyU3HkLi1LWyqL3Bzsc3CJjo=
-github.com/hashicorp/terraform-exec v0.13.0/go.mod h1:SGhto91bVRlgXQWcJ5znSz+29UZIa8kpBbkGwQ+g9E8=
-github.com/hashicorp/terraform-exec v0.17.2 h1:EU7i3Fh7vDUI9nNRdMATCEfnm9axzTnad8zszYZ73Go=
-github.com/hashicorp/terraform-exec v0.17.2/go.mod h1:tuIbsL2l4MlwwIZx9HPM+LOV9vVyEfBYu2GsO1uH3/8=
-github.com/hashicorp/terraform-json v0.5.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU=
-github.com/hashicorp/terraform-json v0.8.0/go.mod h1:3defM4kkMfttwiE7VakJDwCd4R+umhSQnvJwORXbprE=
-github.com/hashicorp/terraform-json v0.14.0 h1:sh9iZ1Y8IFJLx+xQiKHGud6/TSUCM0N8e17dKDpqV7s=
-github.com/hashicorp/terraform-json v0.14.0/go.mod h1:5A9HIWPkk4e5aeeXIBbkcOvaZbIYnAIkEyqP2pNSckM=
-github.com/hashicorp/terraform-plugin-docs v0.13.0 h1:6e+VIWsVGb6jYJewfzq2ok2smPzZrt1Wlm9koLeKazY=
-github.com/hashicorp/terraform-plugin-docs v0.13.0/go.mod h1:W0oCmHAjIlTHBbvtppWHe8fLfZ2BznQbuv8+UD8OucQ=
-github.com/hashicorp/terraform-plugin-go v0.2.1/go.mod h1:10V6F3taeDWVAoLlkmArKttR3IULlRWFAGtQIQTIDr4=
-github.com/hashicorp/terraform-plugin-sdk v1.16.1/go.mod h1:KSsGcuZ1JRqnmYzz+sWIiUwNvJkzXbGRIdefwFfOdyY=
-github.com/hashicorp/terraform-plugin-sdk/v2 v2.5.0/go.mod h1:z+cMZ0iswzZOahBJ3XmNWgWkVnAd2bl8g+FhyyuPDH4=
-github.com/hashicorp/terraform-plugin-test/v2 v2.1.3/go.mod h1:pmaUHiUtDL/8Mz3FuyZ/vRDb0LpaOWQjVRW9ORF7FHs=
-github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg=
-github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
-github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
-github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
-github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw=
-github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/imdario/mergo v0.3.13 h1:lFzP57bqS/wsqKssCGmtLAb8A0wKjLGrve2q3PPVcBk=
-github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK2O4oXg=
-github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
-github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
-github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jgautheron/goconst v1.5.1 h1:HxVbL1MhydKs8R8n/HE5NPvzfaYmQJA3o879lE4+WcM=
-github.com/jgautheron/goconst v1.5.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
-github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
-github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs=
-github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
-github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9BjwUk7KlCh6S9EAGWBt1oExIUv9WyNCiRz5amv48=
-github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
-github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
-github.com/jmoiron/sqlx v1.2.0/go.mod h1:1FEQNm3xlJgrMD+FBdI9+xvCksHtbpVBBw5dYhBSsks=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY=
-github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
-github.com/karrick/godirwalk v1.12.0 h1:nkS4xxsjiZMvVlazd0mFyiwD4BR9f3m6LXGhM2TUx3Y=
-github.com/karrick/godirwalk v1.12.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
-github.com/kisielk/errcheck v1.6.2 h1:uGQ9xI8/pgc9iOoCe7kWQgRE6SBTrCGmTSf0LrEtY7c=
-github.com/kisielk/errcheck v1.6.2/go.mod h1:nXw/i/MfnvRHqXa7XXmQMUB0oNFGuBrNI8d8NLy0LPw=
-github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
-github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kulti/thelper v0.6.3 h1:ElhKf+AlItIu+xGnI990no4cE2+XaSu1ULymV2Yulxs=
-github.com/kulti/thelper v0.6.3/go.mod h1:DsqKShOvP40epevkFrvIwkCMNYxMeTNjdWL4dqWHZ6I=
-github.com/kunwardeep/paralleltest v1.0.6 h1:FCKYMF1OF2+RveWlABsdnmsvJrei5aoyZoaGS+Ugg8g=
-github.com/kunwardeep/paralleltest v1.0.6/go.mod h1:Y0Y0XISdZM5IKm3TREQMZ6iteqn1YuwCsJO/0kL9Zes=
-github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/kyoh86/exportloopref v0.1.8 h1:5Ry/at+eFdkX9Vsdw3qU4YkvGtzuVfzT4X7S77LoN/M=
-github.com/kyoh86/exportloopref v0.1.8/go.mod h1:1tUcJeiioIs7VWe5gcOObrux3lb66+sBqGZrRkMwPgg=
-github.com/ldez/gomoddirectives v0.2.3 h1:y7MBaisZVDYmKvt9/l1mjNCiSA1BVn34U0ObUcJwlhA=
-github.com/ldez/gomoddirectives v0.2.3/go.mod h1:cpgBogWITnCfRq2qGoDkKMEVSaarhdBr6g8G04uz6d0=
-github.com/ldez/tagliatelle v0.3.1 h1:3BqVVlReVUZwafJUwQ+oxbx2BEX2vUG4Yu/NOfMiKiM=
-github.com/ldez/tagliatelle v0.3.1/go.mod h1:8s6WJQwEYHbKZDsp/LjArytKOG8qaMrKQQ3mFukHs88=
-github.com/leonklingele/grouper v1.1.0 h1:tC2y/ygPbMFSBOs3DcyaEMKnnwH7eYKzohOtRrf0SAg=
-github.com/leonklingele/grouper v1.1.0/go.mod h1:uk3I3uDfi9B6PeUjsCKi6ndcf63Uy7snXgR4yDYQVDY=
-github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM=
-github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM=
-github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
-github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
-github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
-github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
-github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ=
-github.com/maratori/testpackage v1.1.0 h1:GJY4wlzQhuBusMF1oahQCBtUV/AQ/k69IZ68vxaac2Q=
-github.com/maratori/testpackage v1.1.0/go.mod h1:PeAhzU8qkCwdGEMTEupsHJNlQu2gZopMC6RjbhmHeDc=
-github.com/matoous/godox v0.0.0-20210227103229-6504466cf951 h1:pWxk9e//NbPwfxat7RXkts09K+dEBJWakUWwICVqYbA=
-github.com/matoous/godox v0.0.0-20210227103229-6504466cf951/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s=
-github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
-github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
-github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
-github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
-github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mbilski/exhaustivestruct v1.2.0 h1:wCBmUnSYufAHO6J4AVWY6ff+oxWxsVFrwgOdMUQePUo=
-github.com/mbilski/exhaustivestruct v1.2.0/go.mod h1:OeTBVxQWoEmB2J2JCHmXWPJ0aksxSUOUy+nvtVEfzXc=
-github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
-github.com/mgechev/revive v1.2.1 h1:GjFml7ZsoR0IrQ2E2YIvWFNS5GPDV7xNwvA5GM1HZC4=
-github.com/mgechev/revive v1.2.1/go.mod h1:+Ro3wqY4vakcYNtkBWdZC7dBg1xSB6sp054wWwmeFm0=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/cli v1.1.1/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI=
-github.com/mitchellh/cli v1.1.4 h1:qj8czE26AU4PbiaPXK5uVmMSM+V5BYsFBiM9HhGRLUA=
-github.com/mitchellh/cli v1.1.4/go.mod h1:vTLESy5mRhKOs9KDp0/RATawxP1UqBmdrpVRMnpcvKQ=
-github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
-github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
-github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
-github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-testing-interface v1.0.4/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
-github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/moricho/tparallel v0.2.1 h1:95FytivzT6rYzdJLdtfn6m1bfFJylOJK41+lgv/EHf4=
-github.com/moricho/tparallel v0.2.1/go.mod h1:fXEIZxG2vdfl0ZF8b42f5a78EhjjD5mX8qUplsoSU4k=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nakabonne/nestif v0.3.1 h1:wm28nZjhQY5HyYPx+weN3Q65k6ilSBxDb8v5S81B81U=
-github.com/nakabonne/nestif v0.3.1/go.mod h1:9EtoZochLn5iUprVDmDjqGKPofoUEBL8U4Ngq6aY7OE=
-github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 h1:4kuARK6Y6FxaNu/BnU2OAaLF86eTVhP2hjTB6iMvItA=
-github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354/go.mod h1:KSVJerMDfblTH7p5MZaTt+8zaT2iEk3AkVb9PQdZuE8=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nishanths/exhaustive v0.8.1 h1:0QKNascWv9qIHY7zRoZSxeRr6kuk5aAT3YXLTiDmjTo=
-github.com/nishanths/exhaustive v0.8.1/go.mod h1:qj+zJJUgJ76tR92+25+03oYUhzF4R7/2Wk7fGTfCHmg=
-github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
-github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
-github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
-github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
-github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
-github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY=
-github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
-github.com/orijtech/structslop v0.0.6 h1:MAw4cRHkpNgr5+irv9R1sG07wdxjCe1hkd/ozVv9ugU=
-github.com/orijtech/structslop v0.0.6/go.mod h1:3zH7DQgjl7qvvnMni63/U82f+EjQ3MofOx9BRxanAiA=
-github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k=
-github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
-github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE=
-github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs=
-github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo=
-github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
-github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
-github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.2 h1:+jQXlF3scKIcSEKkdHzXhCTDLPFi5r1wnK6yPS+49Gw=
-github.com/pelletier/go-toml/v2 v2.0.2/go.mod h1:MovirKjgVRESsAvNZlAjtFwV867yGuwRkXbG66OzopI=
-github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d h1:CdDQnGF8Nq9ocOS/xlSptM1N3BbrA6/kmaep5ggwaIA=
-github.com/phayes/checkstyle v0.0.0-20170904204023-bfd46e6a821d/go.mod h1:3OzsM7FXDQlpCiw2j81fOmAwQLnZnLGXVKUzeKQXIAw=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
-github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/polyfloyd/go-errorlint v1.0.0 h1:pDrQG0lrh68e602Wfp68BlUTRFoHn8PZYAjLgt2LFsM=
-github.com/polyfloyd/go-errorlint v1.0.0/go.mod h1:KZy4xxPJyy88/gldCe5OdW6OQRtNO3EZE7hXzmnebgA=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E=
-github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
-github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
-github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
-github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
-github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
-github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
-github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
-github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
-github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/quasilyte/go-ruleguard v0.3.1-0.20210203134552-1b5a410e1cc8/go.mod h1:KsAh3x0e7Fkpgs+Q9pNLS5XpFSvYCEVl5gP9Pp1xp30=
-github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a h1:sWFavxtIctGrVs5SYZ5Ml1CvrDAs8Kf5kx2PI3C41dA=
-github.com/quasilyte/go-ruleguard v0.3.16-0.20220213074421-6aa060fab41a/go.mod h1:VMX+OnnSw4LicdiEGtRSD/1X8kW7GuEscjYNr4cOIT4=
-github.com/quasilyte/go-ruleguard/dsl v0.3.0/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
-github.com/quasilyte/go-ruleguard/dsl v0.3.16/go.mod h1:KeCP03KrjuSO0H1kTuZQCWlQPulDV6YMIXmpQss17rU=
-github.com/quasilyte/go-ruleguard/rules v0.0.0-20201231183845-9e62ed36efe1/go.mod h1:7JTjp89EGyU1d6XfBiXihJNG37wB2VRkd125Q1u7Plc=
-github.com/quasilyte/go-ruleguard/rules v0.0.0-20211022131956-028d6511ab71/go.mod h1:4cgAphtvu7Ftv7vOT2ZOYhC6CvBxZixcasr8qIOTA50=
-github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5 h1:PDWGei+Rf2bBiuZIbZmM20J2ftEy9IeUCHA8HbQqed8=
-github.com/quasilyte/gogrep v0.0.0-20220120141003-628d8b3623b5/go.mod h1:wSEyW6O61xRV6zb6My3HxrQ5/8ke7NE2OayqCHa3xRM=
-github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95 h1:L8QM9bvf68pVdQ3bCFZMDmnt9yqcMBro1pC7F+IPYMY=
-github.com/quasilyte/regex/syntax v0.0.0-20200407221936-30656e2c4a95/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
-github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs=
-github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ=
-github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949 h1:iaD+iVf9xGfajsJp+zYrg9Lrk6gMJ6/hZHO4cYq5D5o=
-github.com/ramya-rao-a/go-outline v0.0.0-20210608161538-9736a4bde949/go.mod h1:9V3eNbj9Z53yO7cKB6cSX9f0O7rYdIiuGBhjA1YsQuw=
-github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
-github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/russross/blackfriday v1.6.0 h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=
-github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
-github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
-github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryancurrah/gomodguard v1.2.4 h1:CpMSDKan0LtNGGhPrvupAoLeObRFjND8/tU1rEOtBp4=
-github.com/ryancurrah/gomodguard v1.2.4/go.mod h1:+Kem4VjWwvFpUJRJSwa16s1tBJe+vbv02+naTow2f6M=
-github.com/ryanrolds/sqlclosecheck v0.3.0 h1:AZx+Bixh8zdUBxUA1NxbxVAS78vTPq4rCb8OUZI9xFw=
-github.com/ryanrolds/sqlclosecheck v0.3.0/go.mod h1:1gREqxyTGR3lVtpngyFo3hZAgk0KCtEdgEkHwDbigdA=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/sanposhiho/wastedassign/v2 v2.0.6 h1:+6/hQIHKNJAUixEj6EmOngGIisyeI+T3335lYTyxRoA=
-github.com/sanposhiho/wastedassign/v2 v2.0.6/go.mod h1:KyZ0MWTwxxBmfwn33zh3k1dmsbF2ud9pAAGfoLfjhtI=
-github.com/sashamelentyev/usestdlibvars v1.8.0 h1:QnWP9IOEuRyYKH+IG0LlQIjuJlc0rfdo4K3/Zh3WRMw=
-github.com/sashamelentyev/usestdlibvars v1.8.0/go.mod h1:BFt7b5mSVHaaa26ZupiNRV2ODViQBxZZVhtAxAJRrjs=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
-github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4=
-github.com/securego/gosec/v2 v2.13.1 h1:7mU32qn2dyC81MH9L2kefnQyRMUarfDER3iQyMHcjYM=
-github.com/securego/gosec/v2 v2.13.1/go.mod h1:EO1sImBMBWFjOTFzMWfTRrZW6M15gm60ljzrmy/wtHo=
-github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
-github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
-github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
-github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU=
-github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
-github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
-github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
-github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
-github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/sivchari/containedctx v1.0.2 h1:0hLQKpgC53OVF1VT7CeoFHk9YKstur1XOgfYIc1yrHI=
-github.com/sivchari/containedctx v1.0.2/go.mod h1:PwZOeqm4/DLoJOqMSIJs3aKqXRX4YO+uXww087KZ7Bw=
-github.com/sivchari/nosnakecase v1.7.0 h1:7QkpWIRMe8x25gckkFd2A5Pi6Ymo0qgr4JrhGt95do8=
-github.com/sivchari/nosnakecase v1.7.0/go.mod h1:CwDzrzPea40/GB6uynrNLiorAlgFRvRbFSgJx2Gs+QY=
-github.com/sivchari/tenv v1.7.0 h1:d4laZMBK6jpe5PWepxlV9S+LC0yXqvYHiq8E6ceoVVE=
-github.com/sivchari/tenv v1.7.0/go.mod h1:64yStXKSOxDfX47NlhVwND4dHwfZDdbp2Lyl018Icvg=
-github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ=
-github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sonatard/noctx v0.0.1 h1:VC1Qhl6Oxx9vvWo3UDgrGXYCeKCe3Wbw7qAWL6FrmTY=
-github.com/sonatard/noctx v0.0.1/go.mod h1:9D2D/EoULe8Yy2joDHJj7bv3sZoq9AaSb8B4lqBjiZI=
-github.com/sourcegraph/go-diff v0.6.1 h1:hmA1LzxW0n1c3Q4YbrFgg4P99GSnebYa3x8gr0HZqLQ=
-github.com/sourcegraph/go-diff v0.6.1/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
-github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
-github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
-github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
-github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
-github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo=
-github.com/spf13/cobra v1.5.0 h1:X+jTBEBqF0bHN+9cSMgmfuvv2VHJ9ezmFNf9Y/XstYU=
-github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM=
-github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v1.0.2/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
-github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
-github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
-github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
-github.com/ssgreg/nlreturn/v2 v2.2.1 h1:X4XDI7jstt3ySqGU86YGAURbxw3oTDPK9sPEi6YEwQ0=
-github.com/ssgreg/nlreturn/v2 v2.2.1/go.mod h1:E/iiPB78hV7Szg2YfRgyIrk1AD6JVMTRkkxBiELzh2I=
-github.com/stbenjam/no-sprintf-host-port v0.1.1 h1:tYugd/yrm1O0dV+ThCbaKZh195Dfm07ysF0U6JQXczc=
-github.com/stbenjam/no-sprintf-host-port v0.1.1/go.mod h1:TLhvtIvONRzdmkFiio4O8LHsN9N74I+PhRquPsxpL0I=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
-github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.1.4/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
-github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
-github.com/subosito/gotenv v1.4.0 h1:yAzM1+SmVcz5R4tXGsNMu1jUl2aOJXoiWUCEwwnGrvs=
-github.com/subosito/gotenv v1.4.0/go.mod h1:mZd6rFysKEcUhUHXJk0C/08wAgyDBFuwEYL7vWWGaGo=
-github.com/sylvia7788/contextcheck v1.0.4 h1:MsiVqROAdr0efZc/fOCt0c235qm9XJqHtWwM+2h2B04=
-github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg6KO+IebVyQDedZQ=
-github.com/tdakkota/asciicheck v0.1.1 h1:PKzG7JUTUmVspQTDqtkX9eSiLGossXTybutHwTXuO0A=
-github.com/tdakkota/asciicheck v0.1.1/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
-github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA=
-github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
-github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=
-github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
-github.com/tetafro/godot v1.4.11 h1:BVoBIqAf/2QdbFmSwAWnaIqDivZdOV0ZRwEm6jivLKw=
-github.com/tetafro/godot v1.4.11/go.mod h1:LR3CJpxDVGlYOWn3ZZg1PgNZdTUvzsZWu8xaEohUpn8=
-github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144 h1:kl4KhGNsJIbDHS9/4U9yQo1UcPQM0kOMJHn29EoH/Ro=
-github.com/timakin/bodyclose v0.0.0-20210704033933-f49887972144/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
-github.com/tomarrell/wrapcheck/v2 v2.6.2 h1:3dI6YNcrJTQ/CJQ6M/DUkc0gnqYSIk6o0rChn9E/D0M=
-github.com/tomarrell/wrapcheck/v2 v2.6.2/go.mod h1:ao7l5p0aOlUNJKI0qVwB4Yjlqutd0IvAB9Rdwyilxvg=
-github.com/tommy-muehle/go-mnd/v2 v2.5.0 h1:iAj0a8e6+dXSL7Liq0aXPox36FiN1dBbjA6lt9fl65s=
-github.com/tommy-muehle/go-mnd/v2 v2.5.0/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw=
-github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
-github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ultraware/funlen v0.0.3 h1:5ylVWm8wsNwH5aWo9438pwvsK0QiqVuUrt9bn7S/iLA=
-github.com/ultraware/funlen v0.0.3/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
-github.com/ultraware/whitespace v0.0.5 h1:hh+/cpIcopyMYbZNVov9iSxvJU3OYQg78Sfaqzi/CzI=
-github.com/ultraware/whitespace v0.0.5/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/uudashr/gocognit v1.0.6 h1:2Cgi6MweCsdB6kpcVQp7EW4U23iBFQWfTXiWlyp842Y=
-github.com/uudashr/gocognit v1.0.6/go.mod h1:nAIUuVBnYU7pcninia3BHOvQkpQCeO76Uscky5BOwcY=
-github.com/uudashr/gopkgs/v2 v2.1.2 h1:A0+QH6wqNRHORJnxmqfeuBEsK4nYQ7pgcOHhqpqcrpo=
-github.com/uudashr/gopkgs/v2 v2.1.2/go.mod h1:O9VKOuPWrUpVhaxcg7N3QiTrlDhgJb/84Y7b3qaX1rI=
-github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
-github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
-github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
-github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
-github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0=
-github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
-github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
-github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
-github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
-github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=
-github.com/yagipy/maintidx v1.0.0/go.mod h1:0qNf/I/CCZXSMhsRsrEPDZ+DkekpKLXAJfsTACwgXLk=
-github.com/yeya24/promlinter v0.2.0 h1:xFKDQ82orCU5jQujdaD8stOHiv8UN68BSdn2a8u8Y3o=
-github.com/yeya24/promlinter v0.2.0/go.mod h1:u54lkmBOZrpEbQQ6gox2zWKKLKu2SGe+2KOiextY+IA=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
-github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
-github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
-github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
-github.com/zclconf/go-cty v1.7.1/go.mod h1:VDR4+I79ubFBGm1uJac1226K5yANQFHeauxPBoP54+o=
-github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
-github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
-github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-gitlab.com/bosi/decorder v0.2.3 h1:gX4/RgK16ijY8V+BRQHAySfQAb354T7/xQpDB2n10P0=
-gitlab.com/bosi/decorder v0.2.3/go.mod h1:9K1RB5+VPNQYtXtTDAzd2OEftsZb1oV0IrJrzChSdGE=
-go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.starlark.net v0.0.0-20200821142938-949cc6f4b097 h1:YiRMXXgG+Pg26t1fjq+iAjaauKWMC9cmGFrtOEuwDDg=
-go.starlark.net v0.0.0-20200821142938-949cc6f4b097/go.mod h1:f0znQkUKRrkk36XxWbGjMqQM8wGv/xHBVE2qc3B5oFU=
-go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
-go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
-go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
-go.uber.org/zap v1.17.0 h1:MTjgFu6ZLKvY6Pvaqk97GlxNBuMpV4Hy/3P6tRGlI2U=
-go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
-golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
-golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4 h1:QlVATYS7JBoZMVaf+cNjb90WD/beKVHnIxFKT4QaHVI=
-golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4/go.mod h1:flIaEI6LNU6xOCD5PaJvn9wGP0agmIOqjrtsKGRguv4=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200414173820-0848c9571904/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e h1:7Xs2YCOpMlNqSQSmrrnhlzBXIE/bpMecZplbLePTJvE=
-golang.org/x/exp/typeparams v0.0.0-20220722155223-a9213eeb770e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
-golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 h1:2o1E+E8TpNLklK9nHiPiK1uzIYrIHt+cQx3ynCwq9V8=
-golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211105183446-c75c47738b0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220702020025-31831981b65f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 h1:M73Iuj3xbbb9Uk1DYhzydthsj6oOd6l9bpuFcNoUvTs=
-golang.org/x/time v0.0.0-20220224211638-0e9765cccd65/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190307163923-6a08e3108db3/go.mod h1:25r3+/G6/xytQM8iWZKq3Hn0kr0rgFKPUNVEL/dr3z4=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190311215038-5c2858a9cfe5/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190321232350-e250d351ecad/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190322203728-c1a832b0ad89/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190916130336-e45ffcd953cc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191109212701-97ad0ed33101/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117220505-0cba7a3a9ee9/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200214201135-548b770e2dfa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200324003944-a576cf524670/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200414032229-332987a829c3/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200509030707-2212a7e161a5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200622203043-20e05c1c8ffa/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200624225443-88f3c62a19ff/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200625211823-6506e20df31f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200713011307-fd294ab11aed/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200812195022-5ae4c3c160a0/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200831203904-5a2aa26beb65/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20200917221617-d56e4e40bc9d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201001104356-43ebab892c4c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201002184944-ecd9fd270d5d/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
-golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201230224404-63754364767c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
-golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.1.9-0.20211228192929-ee1ca4ffc4da/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
-golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
-golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
-golang.org/x/tools/gopls v0.9.4 h1:YhHOxVi++ILnY+QnH9FGtRKZZrunSaR7OW8/dCp7bBk=
-golang.org/x/tools/gopls v0.9.4/go.mod h1:merWH6UwxKhBcAlppWCEC4kJDvHxmHdKNDftyHnMsjU=
-golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df h1:BkeW9/QJhcigekDUPS9N9bIb0v7gPKKmLYeczVAqr2s=
-golang.org/x/vuln v0.0.0-20220725105440-4151a5aca1df/go.mod h1:UZshlUPxXeGUM9I14UOawXQg6yosDE9cr1vKY/DzgWo=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.34.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.66.6 h1:LATuAqN/shcYAOkv3wl2L4rkaKqkcgTBQjOyYDvcPKI=
-gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
-gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.3.3 h1:oDx7VAwstgpYpb3wv0oxiZlxY+foCpRAwY7Vk6XpAgA=
-honnef.co/go/tools v0.3.3/go.mod h1:jzwdWgg7Jdq75wlfblQxO4neNaFFSvgc1tD5Wv8U0Yw=
-mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8=
-mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE=
-mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I=
-mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc=
-mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo=
-mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4=
-mvdan.cc/unparam v0.0.0-20220706161116-678bad134442 h1:seuXWbRB1qPrS3NQnHmFKLJLtskWyueeIzmLXghMGgk=
-mvdan.cc/unparam v0.0.0-20220706161116-678bad134442/go.mod h1:F/Cxw/6mVrNKqrR2YjFf5CaW0Bw4RL8RfbEf4GRggJk=
-mvdan.cc/xurls/v2 v2.4.0 h1:tzxjVAj+wSBmDcF6zBB7/myTy3gX9xvi8Tyr28AuQgc=
-mvdan.cc/xurls/v2 v2.4.0/go.mod h1:+GEjq9uNjqs8LQfM9nVnM8rff0OQ5Iash5rzX+N1CSg=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/pkg/cloudflare-go/internal/tools/tools.go b/pkg/cloudflare-go/internal/tools/tools.go
deleted file mode 100644
index 4a0baee4de..0000000000
--- a/pkg/cloudflare-go/internal/tools/tools.go
+++ /dev/null
@@ -1,45 +0,0 @@
-//go:build tools
-// +build tools
-
-package tools
-
-//go:generate go install github.com/breml/bidichk/cmd/bidichk
-//go:generate go install github.com/curioswitch/go-reassign
-//go:generate go install github.com/cweill/gotests/gotests
-//go:generate go install github.com/go-delve/delve/cmd/dlv
-//go:generate go install github.com/golangci/golangci-lint/cmd/golangci-lint
-//go:generate go install github.com/google/go-github/github
-//go:generate go install github.com/hashicorp/go-changelog/cmd/changelog-build
-//go:generate go install github.com/jgautheron/goconst/cmd/goconst
-//go:generate go install github.com/kyoh86/exportloopref/cmd/exportloopref
-//go:generate go install github.com/orijtech/structslop/cmd/structslop
-//go:generate go install github.com/ramya-rao-a/go-outline
-//go:generate go install github.com/securego/gosec/v2/cmd/gosec
-//go:generate go install github.com/uudashr/gopkgs/v2/cmd/gopkgs
-//go:generate go install golang.org/x/lint/golint
-//go:generate go install golang.org/x/oauth2
-//go:generate go install golang.org/x/tools/gopls@latest
-//go:generate go install golang.org/x/tools/cmd/goimports@latest
-
-import (
-	// local development tooling for linting and debugging.
-	_ "github.com/breml/bidichk/cmd/bidichk"
-	_ "github.com/curioswitch/go-reassign"
-	_ "github.com/cweill/gotests/gotests"
-	_ "github.com/go-delve/delve/cmd/dlv"
-	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
-	_ "github.com/hashicorp/go-changelog/cmd/changelog-build"
-	_ "github.com/jgautheron/goconst/cmd/goconst"
-	_ "github.com/kyoh86/exportloopref/cmd/exportloopref"
-	_ "github.com/orijtech/structslop/cmd/structslop"
-	_ "github.com/ramya-rao-a/go-outline"
-	_ "github.com/securego/gosec/v2/cmd/gosec"
-	_ "github.com/uudashr/gopkgs/v2/cmd/gopkgs"
-	_ "golang.org/x/lint/golint"
-	_ "golang.org/x/tools/cmd/goimports"
-	_ "golang.org/x/tools/gopls"
-
-	// used for changelog-check tooling
-	_ "github.com/google/go-github/github"
-	_ "golang.org/x/oauth2"
-)
diff --git a/pkg/cloudflare-go/ip_access_rules.go b/pkg/cloudflare-go/ip_access_rules.go
deleted file mode 100644
index 58d29cd084..0000000000
--- a/pkg/cloudflare-go/ip_access_rules.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type ListIPAccessRulesOrderOption string
-type ListIPAccessRulesMatchOption string
-type IPAccessRulesModeOption string
-
-const (
-	IPAccessRulesConfigurationTarget  ListIPAccessRulesOrderOption = "configuration.target"
-	IPAccessRulesConfigurationValue   ListIPAccessRulesOrderOption = "configuration.value"
-	IPAccessRulesMatchOptionAll       ListIPAccessRulesMatchOption = "all"
-	IPAccessRulesMatchOptionAny       ListIPAccessRulesMatchOption = "any"
-	IPAccessRulesModeBlock            IPAccessRulesModeOption      = "block"
-	IPAccessRulesModeChallenge        IPAccessRulesModeOption      = "challenge"
-	IPAccessRulesModeJsChallenge      IPAccessRulesModeOption      = "js_challenge"
-	IPAccessRulesModeManagedChallenge IPAccessRulesModeOption      = "managed_challenge"
-	IPAccessRulesModeWhitelist        IPAccessRulesModeOption      = "whitelist"
-)
-
-type ListIPAccessRulesFilters struct {
-	Configuration IPAccessRuleConfiguration    `json:"configuration,omitempty"`
-	Match         ListIPAccessRulesMatchOption `json:"match,omitempty"`
-	Mode          IPAccessRulesModeOption      `json:"mode,omitempty"`
-	Notes         string                       `json:"notes,omitempty"`
-}
-
-type ListIPAccessRulesParams struct {
-	Direction string                       `url:"direction,omitempty"`
-	Filters   ListIPAccessRulesFilters     `url:"filters,omitempty"`
-	Order     ListIPAccessRulesOrderOption `url:"order,omitempty"`
-	PaginationOptions
-}
-
-type IPAccessRuleConfiguration struct {
-	Target string `json:"target,omitempty"`
-	Value  string `json:"value,omitempty"`
-}
-
-type IPAccessRule struct {
-	AllowedModes  []IPAccessRulesModeOption `json:"allowed_modes"`
-	Configuration IPAccessRuleConfiguration `json:"configuration"`
-	CreatedOn     string                    `json:"created_on"`
-	ID            string                    `json:"id"`
-	Mode          IPAccessRulesModeOption   `json:"mode"`
-	ModifiedOn    string                    `json:"modified_on"`
-	Notes         string                    `json:"notes"`
-}
-
-type ListIPAccessRulesResponse struct {
-	Result     []IPAccessRule `json:"result"`
-	ResultInfo `json:"result_info"`
-	Response
-}
-
-// ListIPAccessRules fetches IP Access rules of a zone/user/account. You can
-// filter the results using several optional parameters.
-//
-// API references:
-//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-a-user-list-ip-access-rules
-//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-a-zone-list-ip-access-rules
-//   - https://developers.cloudflare.com/api/operations/ip-access-rules-for-an-account-list-ip-access-rules
-func (api *API) ListIPAccessRules(ctx context.Context, rc *ResourceContainer, params ListIPAccessRulesParams) ([]IPAccessRule, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []IPAccessRule{}, &ResultInfo{}, ErrMissingResourceIdentifier
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/firewall/access_rules/rules", rc.Level, rc.Identifier), params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []IPAccessRule{}, &ResultInfo{}, err
-	}
-
-	result := ListIPAccessRulesResponse{}
-
-	err = json.Unmarshal(res, &result)
-	if err != nil {
-		return []IPAccessRule{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, &result.ResultInfo, nil
-}
diff --git a/pkg/cloudflare-go/ip_access_rules_test.go b/pkg/cloudflare-go/ip_access_rules_test.go
deleted file mode 100644
index 4eba124433..0000000000
--- a/pkg/cloudflare-go/ip_access_rules_test.go
+++ /dev/null
@@ -1,311 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListIPAccessRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.1"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "f2d427378e7542acb295380d352e2ebd",
-							"mode": "whitelist",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "Whitelisting this IP."
-						},
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.2"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "92f17202ed8bd63d69a66b86a49a8f6b",
-							"mode": "block",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "This rule is enabled because of an event that occurred on date X."
-						},
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.3"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "4ae338944d6143378c3cf05a7c77d983",
-							"mode": "challenge",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "This rule is enabled because of an event that occurred on date Y."
-						},
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.4"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "52161eb6af4241bb9d4b32394be72fdf",
-							"mode": "js_challenge",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "This rule is enabled because of an event that occurred on date Z."
-						},
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.5"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "cbf4b7a5a2a24e59a03044d6d44ceb09",
-							"mode": "managed_challenge",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "This rule is enabled because we like the challenge page."
-						}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null,
-			"result_info":{
-				"page":1,
-				"per_page":25,
-				"count":5,
-				"total_count":5
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/access_rules/rules", handler)
-	want := []IPAccessRule{
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "f2d427378e7542acb295380d352e2ebd",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.1",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "whitelist",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "Whitelisting this IP.",
-		},
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "92f17202ed8bd63d69a66b86a49a8f6b",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.2",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "block",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "This rule is enabled because of an event that occurred on date X.",
-		},
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "4ae338944d6143378c3cf05a7c77d983",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.3",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "challenge",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "This rule is enabled because of an event that occurred on date Y.",
-		},
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "52161eb6af4241bb9d4b32394be72fdf",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.4",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "js_challenge",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "This rule is enabled because of an event that occurred on date Z.",
-		},
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.5",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "managed_challenge",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "This rule is enabled because we like the challenge page.",
-		},
-	}
-
-	actual, _, err := client.ListIPAccessRules(context.Background(),
-		ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), ListIPAccessRulesParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListIPAccessRulesWithParams(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result":[
-						{
-							"allowed_modes": [
-								"whitelist",
-								"block",
-								"challenge",
-								"js_challenge",
-								"managed_challenge"
-							],
-							"configuration": {
-								"target": "ip",
-								"value": "198.51.100.5"
-							},
-							"created_on": "2014-01-01T05:20:00.12345Z",
-							"id": "cbf4b7a5a2a24e59a03044d6d44ceb09",
-							"mode": "managed_challenge",
-							"modified_on": "2014-01-01T05:20:00.12345Z",
-							"notes": "This rule is enabled because we like the challenge page."
-						}
-			],
-			"success":true,
-			"errors":null,
-			"messages":null,
-			"result_info":{
-				"page":1,
-				"per_page":100,
-				"count":1,
-				"total_count":1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/firewall/access_rules/rules", handler)
-	want := []IPAccessRule{
-		{
-			AllowedModes: []IPAccessRulesModeOption{
-				IPAccessRulesModeWhitelist,
-				IPAccessRulesModeBlock,
-				IPAccessRulesModeChallenge,
-				IPAccessRulesModeJsChallenge,
-				IPAccessRulesModeManagedChallenge,
-			},
-			ID: "cbf4b7a5a2a24e59a03044d6d44ceb09",
-			Configuration: IPAccessRuleConfiguration{
-				Target: "ip",
-				Value:  "198.51.100.5",
-			},
-			CreatedOn:  "2014-01-01T05:20:00.12345Z",
-			Mode:       "managed_challenge",
-			ModifiedOn: "2014-01-01T05:20:00.12345Z",
-			Notes:      "This rule is enabled because we like the challenge page.",
-		},
-	}
-
-	actual, _, err := client.ListIPAccessRules(context.Background(),
-		ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), ListIPAccessRulesParams{
-			Direction: "asc",
-			Filters: ListIPAccessRulesFilters{
-				Configuration: IPAccessRuleConfiguration{
-					Target: "ip",
-				},
-				Match: "any",
-				Mode:  "manage_challenge",
-				Notes: "This rule is enabled because we like the challenge page.",
-			},
-			Order: IPAccessRulesConfigurationTarget,
-			PaginationOptions: PaginationOptions{
-				Page:    1,
-				PerPage: 100,
-			},
-		})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/ip_list.go b/pkg/cloudflare-go/ip_list.go
deleted file mode 100644
index a9c5e7151a..0000000000
--- a/pkg/cloudflare-go/ip_list.go
+++ /dev/null
@@ -1,507 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// The definitions in this file are deprecated and should be removed after
-// enough time is given for users to migrate. Use the more general `List`
-// methods instead.
-
-const (
-	// IPListTypeIP specifies a list containing IP addresses.
-	IPListTypeIP = "ip"
-)
-
-// IPListBulkOperation contains information about a Bulk Operation.
-type IPListBulkOperation struct {
-	ID        string     `json:"id"`
-	Status    string     `json:"status"`
-	Error     string     `json:"error"`
-	Completed *time.Time `json:"completed"`
-}
-
-// IPList contains information about an IP List.
-type IPList struct {
-	ID                    string     `json:"id"`
-	Name                  string     `json:"name"`
-	Description           string     `json:"description"`
-	Kind                  string     `json:"kind"`
-	NumItems              int        `json:"num_items"`
-	NumReferencingFilters int        `json:"num_referencing_filters"`
-	CreatedOn             *time.Time `json:"created_on"`
-	ModifiedOn            *time.Time `json:"modified_on"`
-}
-
-// IPListItem contains information about a single IP List Item.
-type IPListItem struct {
-	ID         string     `json:"id"`
-	IP         string     `json:"ip"`
-	Comment    string     `json:"comment"`
-	CreatedOn  *time.Time `json:"created_on"`
-	ModifiedOn *time.Time `json:"modified_on"`
-}
-
-// IPListCreateRequest contains data for a new IP List.
-type IPListCreateRequest struct {
-	Name        string `json:"name"`
-	Description string `json:"description"`
-	Kind        string `json:"kind"`
-}
-
-// IPListItemCreateRequest contains data for a new IP List Item.
-type IPListItemCreateRequest struct {
-	IP      string `json:"ip"`
-	Comment string `json:"comment"`
-}
-
-// IPListItemDeleteRequest wraps IP List Items that shall be deleted.
-type IPListItemDeleteRequest struct {
-	Items []IPListItemDeleteItemRequest `json:"items"`
-}
-
-// IPListItemDeleteItemRequest contains single IP List Items that shall be deleted.
-type IPListItemDeleteItemRequest struct {
-	ID string `json:"id"`
-}
-
-// IPListUpdateRequest contains data for an IP List update.
-type IPListUpdateRequest struct {
-	Description string `json:"description"`
-}
-
-// IPListResponse contains a single IP List.
-type IPListResponse struct {
-	Response
-	Result IPList `json:"result"`
-}
-
-// IPListItemCreateResponse contains information about the creation of an IP List Item.
-type IPListItemCreateResponse struct {
-	Response
-	Result struct {
-		OperationID string `json:"operation_id"`
-	} `json:"result"`
-}
-
-// IPListListResponse contains a slice of IP Lists.
-type IPListListResponse struct {
-	Response
-	Result []IPList `json:"result"`
-}
-
-// IPListBulkOperationResponse contains information about a Bulk Operation.
-type IPListBulkOperationResponse struct {
-	Response
-	Result IPListBulkOperation `json:"result"`
-}
-
-// IPListDeleteResponse contains information about the deletion of an IP List.
-type IPListDeleteResponse struct {
-	Response
-	Result struct {
-		ID string `json:"id"`
-	} `json:"result"`
-}
-
-// IPListItemsListResponse contains information about IP List Items.
-type IPListItemsListResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []IPListItem `json:"result"`
-}
-
-// IPListItemDeleteResponse contains information about the deletion of an IP List Item.
-type IPListItemDeleteResponse struct {
-	Response
-	Result struct {
-		OperationID string `json:"operation_id"`
-	} `json:"result"`
-}
-
-// IPListItemsGetResponse contains information about a single IP List Item.
-type IPListItemsGetResponse struct {
-	Response
-	Result IPListItem `json:"result"`
-}
-
-// ListIPLists lists all IP Lists.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-list-lists
-//
-// Deprecated: Use `ListLists` instead.
-func (api *API) ListIPLists(ctx context.Context, accountID string) ([]IPList, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []IPList{}, err
-	}
-
-	result := IPListListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// CreateIPList creates a new IP List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list
-//
-// Deprecated: Use `CreateList` instead.
-func (api *API) CreateIPList(ctx context.Context, accountID, name, description, kind string) (IPList,
-	error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
-		IPListCreateRequest{Name: name, Description: description, Kind: kind})
-	if err != nil {
-		return IPList{}, err
-	}
-
-	result := IPListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetIPList returns a single IP List
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-list
-//
-// Deprecated: Use `GetList` instead.
-func (api *API) GetIPList(ctx context.Context, accountID, ID string) (IPList, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IPList{}, err
-	}
-
-	result := IPListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateIPList updates the description of an existing IP List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-update-list
-//
-// Deprecated: Use `UpdateList` instead.
-func (api *API) UpdateIPList(ctx context.Context, accountID, ID, description string) (IPList, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, IPListUpdateRequest{Description: description})
-	if err != nil {
-		return IPList{}, err
-	}
-
-	result := IPListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteIPList deletes an IP List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-delete-list
-//
-// Deprecated: Use `DeleteList` instead.
-func (api *API) DeleteIPList(ctx context.Context, accountID, ID string) (IPListDeleteResponse, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return IPListDeleteResponse{}, err
-	}
-
-	result := IPListDeleteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// ListIPListItems returns a list with all items in an IP List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-list-list-items
-//
-// Deprecated: Use `ListListItems` instead.
-func (api *API) ListIPListItems(ctx context.Context, accountID, ID string) ([]IPListItem, error) {
-	var list []IPListItem
-	var cursor string
-	var cursorQuery string
-
-	for {
-		if len(cursor) > 0 {
-			cursorQuery = fmt.Sprintf("?cursor=%s", cursor)
-		}
-		uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items%s", accountID, ID, cursorQuery)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []IPListItem{}, err
-		}
-
-		result := IPListItemsListResponse{}
-		if err := json.Unmarshal(res, &result); err != nil {
-			return []IPListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		list = append(list, result.Result...)
-		if cursor = result.ResultInfo.Cursors.After; cursor == "" {
-			break
-		}
-	}
-
-	return list, nil
-}
-
-// CreateIPListItemAsync creates a new IP List Item asynchronously. Users have
-// to poll the operation status by using the operation_id returned by this
-// function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
-//
-// Deprecated: Use `CreateListItemAsync` instead.
-func (api *API) CreateIPListItemAsync(ctx context.Context, accountID, ID, ip, comment string) (IPListItemCreateResponse, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, []IPListItemCreateRequest{{IP: ip, Comment: comment}})
-	if err != nil {
-		return IPListItemCreateResponse{}, err
-	}
-
-	result := IPListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// CreateIPListItem creates a new IP List Item synchronously and returns the
-// current set of IP List Items.
-//
-// Deprecated: Use `CreateListItem` instead.
-func (api *API) CreateIPListItem(ctx context.Context, accountID, ID, ip, comment string) ([]IPListItem, error) {
-	result, err := api.CreateIPListItemAsync(ctx, accountID, ID, ip, comment)
-
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	return api.ListIPListItems(ctx, accountID, ID)
-}
-
-// CreateIPListItemsAsync bulk creates many IP List Items asynchronously. Users
-// have to poll the operation status by using the operation_id returned by this
-// function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
-//
-// Deprecated: Use `CreateListItemsAsync` instead.
-func (api *API) CreateIPListItemsAsync(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
-	IPListItemCreateResponse, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, items)
-	if err != nil {
-		return IPListItemCreateResponse{}, err
-	}
-
-	result := IPListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// CreateIPListItems bulk creates many IP List Items synchronously and returns
-// the current set of IP List Items.
-//
-// Deprecated: Use `CreateListItems` instead.
-func (api *API) CreateIPListItems(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
-	[]IPListItem, error) {
-	result, err := api.CreateIPListItemsAsync(ctx, accountID, ID, items)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	return api.ListIPListItems(ctx, accountID, ID)
-}
-
-// ReplaceIPListItemsAsync replaces all IP List Items asynchronously. Users have
-// to poll the operation status by using the operation_id returned by this
-// function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-replace-list-items
-//
-// Deprecated: Use `ReplaceListItemsAsync` instead.
-func (api *API) ReplaceIPListItemsAsync(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
-	IPListItemCreateResponse, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, items)
-	if err != nil {
-		return IPListItemCreateResponse{}, err
-	}
-
-	result := IPListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// ReplaceIPListItems replaces all IP List Items synchronously and returns the
-// current set of IP List Items.
-//
-// Deprecated: Use `ReplaceListItems` instead.
-func (api *API) ReplaceIPListItems(ctx context.Context, accountID, ID string, items []IPListItemCreateRequest) (
-	[]IPListItem, error) {
-	result, err := api.ReplaceIPListItemsAsync(ctx, accountID, ID, items)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	return api.ListIPListItems(ctx, accountID, ID)
-}
-
-// DeleteIPListItemsAsync removes specific Items of an IP List by their ID
-// asynchronously. Users have to poll the operation status by using the
-// operation_id returned by this function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-delete-list-items
-//
-// Deprecated: Use `DeleteListItemsAsync` instead.
-func (api *API) DeleteIPListItemsAsync(ctx context.Context, accountID, ID string, items IPListItemDeleteRequest) (
-	IPListItemDeleteResponse, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, items)
-	if err != nil {
-		return IPListItemDeleteResponse{}, err
-	}
-
-	result := IPListItemDeleteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListItemDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// DeleteIPListItems removes specific Items of an IP List by their ID
-// synchronously and returns the current set of IP List Items.
-//
-// Deprecated: Use `DeleteListItems` instead.
-func (api *API) DeleteIPListItems(ctx context.Context, accountID, ID string, items IPListItemDeleteRequest) (
-	[]IPListItem, error) {
-	result, err := api.DeleteIPListItemsAsync(ctx, accountID, ID, items)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	err = api.pollIPListBulkOperation(ctx, accountID, result.Result.OperationID)
-	if err != nil {
-		return []IPListItem{}, err
-	}
-
-	return api.ListIPListItems(ctx, accountID, ID)
-}
-
-// GetIPListItem returns a single IP List Item.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-list-item
-//
-// Deprecated: Use `GetListItem` instead.
-func (api *API) GetIPListItem(ctx context.Context, accountID, listID, id string) (IPListItem, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items/%s", accountID, listID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IPListItem{}, err
-	}
-
-	result := IPListItemsGetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetIPListBulkOperation returns the status of a bulk operation.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-bulk-operation
-//
-// Deprecated: Use `GetListBulkOperation` instead.
-func (api *API) GetIPListBulkOperation(ctx context.Context, accountID, ID string) (IPListBulkOperation, error) {
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/bulk_operations/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return IPListBulkOperation{}, err
-	}
-
-	result := IPListBulkOperationResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return IPListBulkOperation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// pollIPListBulkOperation implements synchronous behaviour for some
-// asynchronous endpoints. bulk-operation status can be either pending, running,
-// failed or completed.
-func (api *API) pollIPListBulkOperation(ctx context.Context, accountID, ID string) error {
-	for i := uint8(0); i < 16; i++ {
-		sleepDuration := 1 << (i / 2) * time.Second
-		select {
-		case <-time.After(sleepDuration):
-		case <-ctx.Done():
-			return fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
-		}
-
-		bulkResult, err := api.GetIPListBulkOperation(ctx, accountID, ID)
-		if err != nil {
-			return err
-		}
-
-		switch bulkResult.Status {
-		case "failed":
-			return errors.New(bulkResult.Error)
-		case "pending", "running":
-			continue
-		case "completed":
-			return nil
-		default:
-			return fmt.Errorf("%s: %s", errOperationUnexpectedStatus, bulkResult.Status)
-		}
-	}
-
-	return errors.New(errOperationStillRunning)
-}
diff --git a/pkg/cloudflare-go/ip_list_test.go b/pkg/cloudflare-go/ip_list_test.go
deleted file mode 100644
index 88369b8cd3..0000000000
--- a/pkg/cloudflare-go/ip_list_test.go
+++ /dev/null
@@ -1,474 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListIPLists(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-				{
-					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-					"name": "list1",
-					"description": "This is a note.",
-					"kind": "ip",
-					"num_items": 10,
-					"num_referencing_filters": 2,
-					"created_on": "2020-01-01T08:00:00Z",
-					"modified_on": "2020-01-10T14:00:00Z"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := []IPList{
-		{
-			ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			Name:                  "list1",
-			Description:           "This is a note.",
-			Kind:                  "ip",
-			NumItems:              10,
-			NumReferencingFilters: 2,
-			CreatedOn:             &createdOn,
-			ModifiedOn:            &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListIPLists(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateIPList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This is a note.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := IPList{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This is a note.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.CreateIPList(context.Background(), testAccountID, "list1", "This is a note.", "ip")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetIPList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This is a note.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := IPList{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This is a note.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.GetIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateIPList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This note was updated.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := IPList{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This note was updated.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.UpdateIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		"This note was updated.")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteIPList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "34b12448945f11eaa1b71c4d701ab86e"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	want := IPListDeleteResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.ID = "34b12448945f11eaa1b71c4d701ab86e"
-
-	actual, err := client.DeleteIPList(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListIPListsItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
-			fmt.Fprint(w, `{
-			"result": [
-    			{
-      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"ip": "192.0.2.2",
-      				"comment": "Another Private IP address",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		} else {
-			fmt.Fprint(w, `{
-			"result": [
-    			{
-      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"ip": "192.0.2.1",
-      				"comment": "Private IP address",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx",
-					"after": "yyy"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		}
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := []IPListItem{
-		{
-			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			IP:         "192.0.2.1",
-			Comment:    "Private IP address",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-		{
-			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			IP:         "192.0.2.2",
-			Comment:    "Another Private IP address",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListIPListItems(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateIPListItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := IPListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.CreateIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		[]IPListItemCreateRequest{{
-			IP:      "192.0.2.1",
-			Comment: "Private IP",
-		}, {
-			IP:      "192.0.2.2",
-			Comment: "Another Private IP",
-		}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceIPListItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := IPListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.ReplaceIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		[]IPListItemCreateRequest{{
-			IP:      "192.0.2.1",
-			Comment: "Private IP",
-		}, {
-			IP:      "192.0.2.2",
-			Comment: "Another Private IP",
-		}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteIPListItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := IPListItemDeleteResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.DeleteIPListItemsAsync(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		IPListItemDeleteRequest{[]IPListItemDeleteItemRequest{{
-			ID: "34b12448945f11eaa1b71c4d701ab86e",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetIPListItem(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"ip": "192.0.2.1",
-				"comment": "Private IP address",
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
-		"34b12448945f11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := IPListItem{
-		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		IP:         "192.0.2.1",
-		Comment:    "Private IP address",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	}
-
-	actual, err := client.GetIPListItem(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		"34b12448945f11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestPollIPListTimeout(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 0)
-	defer cancel()
-
-	start := time.Now()
-	err := client.pollIPListBulkOperation(ctx, testAccountID, "list1")
-	assert.ErrorIs(t, err, context.DeadlineExceeded)
-	assert.WithinDuration(t, start, time.Now(), time.Second,
-		"pollIPListBulkOperation took too much time with an expiring context")
-}
diff --git a/pkg/cloudflare-go/ips.go b/pkg/cloudflare-go/ips.go
deleted file mode 100644
index 3f181a79bb..0000000000
--- a/pkg/cloudflare-go/ips.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package cloudflare
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-
-	"github.com/goccy/go-json"
-)
-
-// IPRangesResponse contains the structure for the API response, not modified.
-type IPRangesResponse struct {
-	IPv4CIDRs  []string `json:"ipv4_cidrs"`
-	IPv6CIDRs  []string `json:"ipv6_cidrs"`
-	ChinaColos []string `json:"china_colos"`
-}
-
-// IPRanges contains lists of IPv4 and IPv6 CIDRs.
-type IPRanges struct {
-	IPv4CIDRs      []string `json:"ipv4_cidrs"`
-	IPv6CIDRs      []string `json:"ipv6_cidrs"`
-	ChinaIPv4CIDRs []string `json:"china_ipv4_cidrs"`
-	ChinaIPv6CIDRs []string `json:"china_ipv6_cidrs"`
-}
-
-// IPsResponse is the API response containing a list of IPs.
-type IPsResponse struct {
-	Response
-	Result IPRangesResponse `json:"result"`
-}
-
-// IPs gets a list of Cloudflare's IP ranges.
-//
-// This does not require logging in to the API.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ips
-func IPs() (IPRanges, error) {
-	uri := fmt.Sprintf("%s/ips?china_colo=1", apiURL)
-	resp, err := http.Get(uri) //nolint:gosec
-	if err != nil {
-		return IPRanges{}, fmt.Errorf("HTTP request failed: %w", err)
-	}
-	if resp.StatusCode != http.StatusOK {
-		return IPRanges{}, errors.New("HTTP request failed: status is not HTTP 200")
-	}
-	defer resp.Body.Close()
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return IPRanges{}, fmt.Errorf("Response body could not be read: %w", err)
-	}
-	var r IPsResponse
-	err = json.Unmarshal(body, &r)
-	if err != nil {
-		return IPRanges{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	var ips IPRanges
-	ips.IPv4CIDRs = r.Result.IPv4CIDRs
-	ips.IPv6CIDRs = r.Result.IPv6CIDRs
-
-	for _, ip := range r.Result.ChinaColos {
-		if strings.Contains(ip, ":") {
-			ips.ChinaIPv6CIDRs = append(ips.ChinaIPv6CIDRs, ip)
-		} else {
-			ips.ChinaIPv4CIDRs = append(ips.ChinaIPv4CIDRs, ip)
-		}
-	}
-
-	return ips, nil
-}
diff --git a/pkg/cloudflare-go/ips_test.go b/pkg/cloudflare-go/ips_test.go
deleted file mode 100644
index cc3b959307..0000000000
--- a/pkg/cloudflare-go/ips_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package cloudflare
-
-import (
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"net/url"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type MockTransport struct {
-	http.Transport
-	Server *httptest.Server
-	Path   string
-}
-
-func (m *MockTransport) RoundTrip(req *http.Request) (*http.Response, error) {
-	url, err := url.Parse(m.Server.URL + m.Path)
-	if err != nil {
-		return nil, err
-	}
-
-	req.URL = url
-
-	return m.Transport.RoundTrip(req)
-}
-
-func Test_IPs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux := http.NewServeMux()
-	server = httptest.NewServer(mux)
-	defer server.Close()
-
-	defaultTransport := http.DefaultTransport
-	http.DefaultTransport = &MockTransport{
-		Server: server,
-		Path:   "/ips",
-	}
-	defer func() { http.DefaultTransport = defaultTransport }()
-
-	mux.HandleFunc("/ips", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "ipv4_cidrs": ["198.51.100.0/24"],
-    "ipv6_cidrs": ["ffff:ffff::/32"],
-    "china_colos": ["42.81.6.0/25", "2408:871a:1801:7::/72"]
-  }
-}`)
-	})
-
-	ipRanges, err := IPs()
-
-	assert.NoError(t, err)
-
-	assert.Len(t, ipRanges.IPv4CIDRs, 1)
-	assert.Equal(t, "198.51.100.0/24", ipRanges.IPv4CIDRs[0])
-	assert.Len(t, ipRanges.IPv6CIDRs, 1)
-	assert.Equal(t, "ffff:ffff::/32", ipRanges.IPv6CIDRs[0])
-	assert.Len(t, ipRanges.ChinaIPv4CIDRs, 1)
-	assert.Equal(t, "42.81.6.0/25", ipRanges.ChinaIPv4CIDRs[0])
-	assert.Len(t, ipRanges.ChinaIPv6CIDRs, 1)
-	assert.Equal(t, "2408:871a:1801:7::/72", ipRanges.ChinaIPv6CIDRs[0])
-}
diff --git a/pkg/cloudflare-go/keyless.go b/pkg/cloudflare-go/keyless.go
deleted file mode 100644
index 39896af9b1..0000000000
--- a/pkg/cloudflare-go/keyless.go
+++ /dev/null
@@ -1,146 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// KeylessSSL represents Keyless SSL configuration.
-type KeylessSSL struct {
-	ID          string    `json:"id"`
-	Name        string    `json:"name"`
-	Host        string    `json:"host"`
-	Port        int       `json:"port"`
-	Status      string    `json:"status"`
-	Enabled     bool      `json:"enabled"`
-	Permissions []string  `json:"permissions"`
-	CreatedOn   time.Time `json:"created_on"`
-	ModifiedOn  time.Time `json:"modified_on"`
-}
-
-// KeylessSSLCreateRequest represents the request format made for creating KeylessSSL.
-type KeylessSSLCreateRequest struct {
-	Host         string `json:"host"`
-	Port         int    `json:"port"`
-	Certificate  string `json:"certificate"`
-	Name         string `json:"name,omitempty"`
-	BundleMethod string `json:"bundle_method,omitempty"`
-}
-
-// KeylessSSLDetailResponse is the API response, containing a single Keyless SSL.
-type KeylessSSLDetailResponse struct {
-	Response
-	Result KeylessSSL `json:"result"`
-}
-
-// KeylessSSLListResponse represents the response from the Keyless SSL list endpoint.
-type KeylessSSLListResponse struct {
-	Response
-	Result []KeylessSSL `json:"result"`
-}
-
-// KeylessSSLUpdateRequest represents the request for updating KeylessSSL.
-type KeylessSSLUpdateRequest struct {
-	Host    string `json:"host,omitempty"`
-	Name    string `json:"name,omitempty"`
-	Port    int    `json:"port,omitempty"`
-	Enabled *bool  `json:"enabled,omitempty"`
-}
-
-// CreateKeylessSSL creates a new Keyless SSL configuration for the zone.
-//
-// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-create-keyless-ssl-configuration
-func (api *API) CreateKeylessSSL(ctx context.Context, zoneID string, keylessSSL KeylessSSLCreateRequest) (KeylessSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/keyless_certificates", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, keylessSSL)
-	if err != nil {
-		return KeylessSSL{}, err
-	}
-
-	var keylessSSLDetailResponse KeylessSSLDetailResponse
-	err = json.Unmarshal(res, &keylessSSLDetailResponse)
-	if err != nil {
-		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return keylessSSLDetailResponse.Result, nil
-}
-
-// ListKeylessSSL lists Keyless SSL configurations for a zone.
-//
-// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-list-keyless-ssl-configurations
-func (api *API) ListKeylessSSL(ctx context.Context, zoneID string) ([]KeylessSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/keyless_certificates", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var keylessSSLListResponse KeylessSSLListResponse
-	err = json.Unmarshal(res, &keylessSSLListResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return keylessSSLListResponse.Result, nil
-}
-
-// KeylessSSL provides the configuration for a given Keyless SSL identifier.
-//
-// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-keyless-ssl-details
-func (api *API) KeylessSSL(ctx context.Context, zoneID, keylessSSLID string) (KeylessSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, keylessSSLID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return KeylessSSL{}, err
-	}
-
-	var keylessResponse KeylessSSLDetailResponse
-	err = json.Unmarshal(res, &keylessResponse)
-	if err != nil {
-		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return keylessResponse.Result, nil
-}
-
-// UpdateKeylessSSL updates an existing Keyless SSL configuration.
-//
-// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-edit-keyless-ssl-configuration
-func (api *API) UpdateKeylessSSL(ctx context.Context, zoneID, kelessSSLID string, keylessSSL KeylessSSLUpdateRequest) (KeylessSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, kelessSSLID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, keylessSSL)
-	if err != nil {
-		return KeylessSSL{}, err
-	}
-
-	var keylessSSLDetailResponse KeylessSSLDetailResponse
-	err = json.Unmarshal(res, &keylessSSLDetailResponse)
-	if err != nil {
-		return KeylessSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return keylessSSLDetailResponse.Result, nil
-}
-
-// DeleteKeylessSSL deletes an existing Keyless SSL configuration.
-//
-// API reference: https://api.cloudflare.com/#keyless-ssl-for-a-zone-delete-keyless-ssl-configuration
-func (api *API) DeleteKeylessSSL(ctx context.Context, zoneID, keylessSSLID string) error {
-	uri := fmt.Sprintf("/zones/%s/keyless_certificates/%s", zoneID, keylessSSLID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/keyless_test.go b/pkg/cloudflare-go/keyless_test.go
deleted file mode 100644
index 4b90601daa..0000000000
--- a/pkg/cloudflare-go/keyless_test.go
+++ /dev/null
@@ -1,262 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCreateKeylessSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := KeylessSSLCreateRequest{
-		Host:         "example.com",
-		Port:         24008,
-		Certificate:  "-----BEGIN CERTIFICATE----- MIIDtTCCAp2g1v2tdw= -----END CERTIFICATE-----",
-		Name:         "example.com Keyless SSL",
-		BundleMethod: "optimal",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		var v KeylessSSLCreateRequest
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "4d2844d2ce78891c34d0b6c0535a291e",
-				"name": "example.com Keyless SSL",
-				"host": "example.com",
-				"port": 24008,
-				"status": "active",
-				"enabled": false,
-				"permissions": [
-					"#ssl:read",
-					"#ssl:edit"
-				],
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates", handler)
-
-	actual, err := client.CreateKeylessSSL(context.Background(), testZoneID, input)
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := KeylessSSL{
-		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
-		Name:        input.Name,
-		Host:        input.Host,
-		Port:        input.Port,
-		Status:      "active",
-		Enabled:     false,
-		Permissions: []string{"#ssl:read", "#ssl:edit"},
-		CreatedOn:   createdOn,
-		ModifiedOn:  modifiedOn,
-	}
-	assert.Equal(t, want, actual)
-}
-
-func TestListKeylessSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":[
-			   {
-				  "id":"4d2844d2ce78891c34d0b6c0535a291e",
-				  "name":"example.com Keyless SSL",
-				  "host":"example.com",
-				  "port":24008,
-				  "status":"active",
-				  "enabled":false,
-				  "permissions":[
-					 "#ssl:read",
-					 "#ssl:edit"
-				  ],
-				  "created_on":"2014-01-01T05:20:00Z",
-				  "modified_on":"2014-01-01T05:20:00Z"
-			   }
-			]
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates", handler)
-
-	actual, err := client.ListKeylessSSL(context.Background(), testZoneID)
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := []KeylessSSL{{
-		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
-		Name:        "example.com Keyless SSL",
-		Host:        "example.com",
-		Port:        24008,
-		Status:      "active",
-		Enabled:     false,
-		Permissions: []string{"#ssl:read", "#ssl:edit"},
-		CreatedOn:   createdOn,
-		ModifiedOn:  modifiedOn,
-	}}
-	assert.Equal(t, want, actual)
-}
-
-func TestKeylessSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-			   "id":"4d2844d2ce78891c34d0b6c0535a291e",
-			   "name":"example.com Keyless SSL",
-			   "host":"example.com",
-			   "port":24008,
-			   "status":"active",
-			   "enabled":false,
-			   "permissions":[
-				  "#ssl:read",
-				  "#ssl:edit"
-			   ],
-			   "created_on":"2014-01-01T05:20:00Z",
-			   "modified_on":"2014-01-01T05:20:00Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
-
-	actual, err := client.KeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e")
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := KeylessSSL{
-		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
-		Name:        "example.com Keyless SSL",
-		Host:        "example.com",
-		Port:        24008,
-		Status:      "active",
-		Enabled:     false,
-		Permissions: []string{"#ssl:read", "#ssl:edit"},
-		CreatedOn:   createdOn,
-		ModifiedOn:  modifiedOn,
-	}
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateKeylessSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	enabled := false
-	input := KeylessSSLUpdateRequest{
-		Host:    "example.com",
-		Name:    "example.com Keyless SSL",
-		Port:    24008,
-		Enabled: &enabled,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		var v KeylessSSLUpdateRequest
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, input, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-			   "id":"4d2844d2ce78891c34d0b6c0535a291e",
-			   "name":"example.com Keyless SSL",
-			   "host":"example.com",
-			   "port":24008,
-			   "status":"active",
-			   "enabled":false,
-			   "permissions":[
-				  "#ssl:read",
-				  "#ssl:edit"
-			   ],
-			   "created_on":"2014-01-01T05:20:00Z",
-			   "modified_on":"2014-01-01T05:20:00Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
-
-	actual, err := client.UpdateKeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e", input)
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := KeylessSSL{
-		ID:          "4d2844d2ce78891c34d0b6c0535a291e",
-		Name:        input.Name,
-		Host:        input.Host,
-		Port:        input.Port,
-		Status:      "active",
-		Enabled:     enabled,
-		Permissions: []string{"#ssl:read", "#ssl:edit"},
-		CreatedOn:   createdOn,
-		ModifiedOn:  modifiedOn,
-	}
-	assert.Equal(t, want, actual)
-}
-
-func TestDeleteKeylessSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":{
-			   "id":"4d2844d2ce78891c34d0b6c0535a291e"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/keyless_certificates/"+"4d2844d2ce78891c34d0b6c0535a291e", handler)
-
-	err := client.DeleteKeylessSSL(context.Background(), testZoneID, "4d2844d2ce78891c34d0b6c0535a291e")
-	require.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/list.go b/pkg/cloudflare-go/list.go
deleted file mode 100644
index f7cef4aca6..0000000000
--- a/pkg/cloudflare-go/list.go
+++ /dev/null
@@ -1,629 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-const (
-	// ListTypeIP specifies a list containing IP addresses.
-	ListTypeIP = "ip"
-	// ListTypeRedirect specifies a list containing redirects.
-	ListTypeRedirect = "redirect"
-	// ListTypeHostname specifies a list containing hostnames.
-	ListTypeHostname = "hostname"
-	// ListTypeHostname specifies a list containing autonomous system numbers (ASNs).
-	ListTypeASN = "asn"
-)
-
-// ListBulkOperation contains information about a Bulk Operation.
-type ListBulkOperation struct {
-	ID        string     `json:"id"`
-	Status    string     `json:"status"`
-	Error     string     `json:"error"`
-	Completed *time.Time `json:"completed"`
-}
-
-// List contains information about a List.
-type List struct {
-	ID                    string     `json:"id"`
-	Name                  string     `json:"name"`
-	Description           string     `json:"description"`
-	Kind                  string     `json:"kind"`
-	NumItems              int        `json:"num_items"`
-	NumReferencingFilters int        `json:"num_referencing_filters"`
-	CreatedOn             *time.Time `json:"created_on"`
-	ModifiedOn            *time.Time `json:"modified_on"`
-}
-
-// Redirect represents a redirect item in a List.
-type Redirect struct {
-	SourceUrl           string `json:"source_url"`
-	IncludeSubdomains   *bool  `json:"include_subdomains,omitempty"`
-	TargetUrl           string `json:"target_url"`
-	StatusCode          *int   `json:"status_code,omitempty"`
-	PreserveQueryString *bool  `json:"preserve_query_string,omitempty"`
-	SubpathMatching     *bool  `json:"subpath_matching,omitempty"`
-	PreservePathSuffix  *bool  `json:"preserve_path_suffix,omitempty"`
-}
-
-type Hostname struct {
-	UrlHostname string `json:"url_hostname"`
-}
-
-// ListItem contains information about a single List Item.
-type ListItem struct {
-	ID         string     `json:"id"`
-	IP         *string    `json:"ip,omitempty"`
-	Redirect   *Redirect  `json:"redirect,omitempty"`
-	Hostname   *Hostname  `json:"hostname,omitempty"`
-	ASN        *uint32    `json:"asn,omitempty"`
-	Comment    string     `json:"comment"`
-	CreatedOn  *time.Time `json:"created_on"`
-	ModifiedOn *time.Time `json:"modified_on"`
-}
-
-// ListCreateRequest contains data for a new List.
-type ListCreateRequest struct {
-	Name        string `json:"name"`
-	Description string `json:"description"`
-	Kind        string `json:"kind"`
-}
-
-// ListItemCreateRequest contains data for a new List Item.
-type ListItemCreateRequest struct {
-	IP       *string   `json:"ip,omitempty"`
-	Redirect *Redirect `json:"redirect,omitempty"`
-	Hostname *Hostname `json:"hostname,omitempty"`
-	ASN      *uint32   `json:"asn,omitempty"`
-	Comment  string    `json:"comment"`
-}
-
-// ListItemDeleteRequest wraps List Items that shall be deleted.
-type ListItemDeleteRequest struct {
-	Items []ListItemDeleteItemRequest `json:"items"`
-}
-
-// ListItemDeleteItemRequest contains single List Items that shall be deleted.
-type ListItemDeleteItemRequest struct {
-	ID string `json:"id"`
-}
-
-// ListUpdateRequest contains data for a List update.
-type ListUpdateRequest struct {
-	Description string `json:"description"`
-}
-
-// ListResponse contains a single List.
-type ListResponse struct {
-	Response
-	Result List `json:"result"`
-}
-
-// ListItemCreateResponse contains information about the creation of a List Item.
-type ListItemCreateResponse struct {
-	Response
-	Result struct {
-		OperationID string `json:"operation_id"`
-	} `json:"result"`
-}
-
-// ListListResponse contains a slice of Lists.
-type ListListResponse struct {
-	Response
-	Result []List `json:"result"`
-}
-
-// ListBulkOperationResponse contains information about a Bulk Operation.
-type ListBulkOperationResponse struct {
-	Response
-	Result ListBulkOperation `json:"result"`
-}
-
-// ListDeleteResponse contains information about the deletion of a List.
-type ListDeleteResponse struct {
-	Response
-	Result struct {
-		ID string `json:"id"`
-	} `json:"result"`
-}
-
-// ListItemsListResponse contains information about List Items.
-type ListItemsListResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []ListItem `json:"result"`
-}
-
-// ListItemDeleteResponse contains information about the deletion of a List Item.
-type ListItemDeleteResponse struct {
-	Response
-	Result struct {
-		OperationID string `json:"operation_id"`
-	} `json:"result"`
-}
-
-// ListItemsGetResponse contains information about a single List Item.
-type ListItemsGetResponse struct {
-	Response
-	Result ListItem `json:"result"`
-}
-
-type ListListsParams struct {
-}
-
-type ListCreateParams struct {
-	Name        string
-	Description string
-	Kind        string
-}
-
-type ListGetParams struct {
-	ID string
-}
-
-type ListUpdateParams struct {
-	ID          string
-	Description string
-}
-
-type ListDeleteParams struct {
-	ID string
-}
-
-type ListListItemsParams struct {
-	ID      string `url:"-"`
-	Search  string `url:"search,omitempty"`
-	PerPage int    `url:"per_page,omitempty"`
-	Cursor  string `url:"cursor,omitempty"`
-}
-
-type ListCreateItemsParams struct {
-	ID    string
-	Items []ListItemCreateRequest
-}
-
-type ListCreateItemParams struct {
-	ID   string
-	Item ListItemCreateRequest
-}
-
-type ListReplaceItemsParams struct {
-	ID    string
-	Items []ListItemCreateRequest
-}
-
-type ListDeleteItemsParams struct {
-	ID    string
-	Items ListItemDeleteRequest
-}
-
-type ListGetItemParams struct {
-	ListID string
-	ID     string
-}
-
-type ListGetBulkOperationParams struct {
-	ID string
-}
-
-// ListLists lists all Lists.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-list-lists
-func (api *API) ListLists(ctx context.Context, rc *ResourceContainer, params ListListsParams) ([]List, error) {
-	if rc.Identifier == "" {
-		return []List{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []List{}, err
-	}
-
-	result := ListListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// CreateList creates a new List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list
-func (api *API) CreateList(ctx context.Context, rc *ResourceContainer, params ListCreateParams) (List, error) {
-	if rc.Identifier == "" {
-		return List{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ListCreateRequest{Name: params.Name, Description: params.Description, Kind: params.Kind})
-	if err != nil {
-		return List{}, err
-	}
-
-	result := ListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetList returns a single List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-list
-func (api *API) GetList(ctx context.Context, rc *ResourceContainer, listID string) (List, error) {
-	if rc.Identifier == "" {
-		return List{}, ErrMissingAccountID
-	}
-
-	if listID == "" {
-		return List{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, listID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return List{}, err
-	}
-
-	result := ListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateList updates the description of an existing List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-update-list
-func (api *API) UpdateList(ctx context.Context, rc *ResourceContainer, params ListUpdateParams) (List, error) {
-	if rc.Identifier == "" {
-		return List{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return List{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, ListUpdateRequest{Description: params.Description})
-	if err != nil {
-		return List{}, err
-	}
-
-	result := ListResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return List{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteList deletes a List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-delete-list
-func (api *API) DeleteList(ctx context.Context, rc *ResourceContainer, listID string) (ListDeleteResponse, error) {
-	if rc.Identifier == "" {
-		return ListDeleteResponse{}, ErrMissingAccountID
-	}
-
-	if listID == "" {
-		return ListDeleteResponse{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s", rc.Identifier, listID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return ListDeleteResponse{}, err
-	}
-
-	result := ListDeleteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// ListListItems returns a list with all items in a List.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-list-list-items
-func (api *API) ListListItems(ctx context.Context, rc *ResourceContainer, params ListListItemsParams) ([]ListItem, error) {
-	var list []ListItem
-
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []ListItem{}, err
-		}
-
-		result := ListItemsListResponse{}
-		if err := json.Unmarshal(res, &result); err != nil {
-			return []ListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		list = append(list, result.Result...)
-		if cursor := result.ResultInfo.Cursors.After; cursor == "" {
-			break
-		} else {
-			params.Cursor = cursor
-		}
-	}
-
-	return list, nil
-}
-
-// CreateListItemAsync creates a new List Item asynchronously. Users have to poll the operation status by
-// using the operation_id returned by this function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
-func (api *API) CreateListItemAsync(ctx context.Context, rc *ResourceContainer, params ListCreateItemParams) (ListItemCreateResponse, error) {
-	if rc.Identifier == "" {
-		return ListItemCreateResponse{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return ListItemCreateResponse{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, []ListItemCreateRequest{params.Item})
-	if err != nil {
-		return ListItemCreateResponse{}, err
-	}
-
-	result := ListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// CreateListItem creates a new List Item synchronously and returns the current set of List Items.
-func (api *API) CreateListItem(ctx context.Context, rc *ResourceContainer, params ListCreateItemParams) ([]ListItem, error) {
-	result, err := api.CreateListItemAsync(ctx, rc, params)
-
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
-}
-
-// CreateListItemsAsync bulk creates multiple List Items asynchronously. Users
-// have to poll the operation status by using the operation_id returned by this
-// function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-create-list-items
-func (api *API) CreateListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListCreateItemsParams) (ListItemCreateResponse, error) {
-	if rc.Identifier == "" {
-		return ListItemCreateResponse{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return ListItemCreateResponse{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Items)
-	if err != nil {
-		return ListItemCreateResponse{}, err
-	}
-
-	result := ListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// CreateListItems bulk creates multiple List Items synchronously and returns
-// the current set of List Items.
-func (api *API) CreateListItems(ctx context.Context, rc *ResourceContainer, params ListCreateItemsParams) ([]ListItem, error) {
-	result, err := api.CreateListItemsAsync(ctx, rc, params)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
-}
-
-// ReplaceListItemsAsync replaces all List Items asynchronously. Users have to
-// poll the operation status by using the operation_id returned by this
-// function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-replace-list-items
-func (api *API) ReplaceListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListReplaceItemsParams) (ListItemCreateResponse, error) {
-	if rc.Identifier == "" {
-		return ListItemCreateResponse{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return ListItemCreateResponse{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Items)
-	if err != nil {
-		return ListItemCreateResponse{}, err
-	}
-
-	result := ListItemCreateResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListItemCreateResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// ReplaceListItems replaces all List Items synchronously and returns the
-// current set of List Items.
-func (api *API) ReplaceListItems(ctx context.Context, rc *ResourceContainer, params ListReplaceItemsParams) (
-	[]ListItem, error) {
-	result, err := api.ReplaceListItemsAsync(ctx, rc, params)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	return api.ListListItems(ctx, rc, ListListItemsParams{ID: params.ID})
-}
-
-// DeleteListItemsAsync removes specific Items of a List by their ID
-// asynchronously. Users have to poll the operation status by using the
-// operation_id returned by this function.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-delete-list-items
-func (api *API) DeleteListItemsAsync(ctx context.Context, rc *ResourceContainer, params ListDeleteItemsParams) (ListItemDeleteResponse, error) {
-	if rc.Identifier == "" {
-		return ListItemDeleteResponse{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return ListItemDeleteResponse{}, ErrMissingListID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, params.Items)
-	if err != nil {
-		return ListItemDeleteResponse{}, err
-	}
-
-	result := ListItemDeleteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListItemDeleteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, nil
-}
-
-// DeleteListItems removes specific Items of a List by their ID synchronously
-// and returns the current set of List Items.
-func (api *API) DeleteListItems(ctx context.Context, rc *ResourceContainer, params ListDeleteItemsParams) ([]ListItem, error) {
-	result, err := api.DeleteListItemsAsync(ctx, rc, params)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	err = api.pollListBulkOperation(ctx, rc, result.Result.OperationID)
-	if err != nil {
-		return []ListItem{}, err
-	}
-
-	return api.ListListItems(ctx, AccountIdentifier(rc.Identifier), ListListItemsParams{ID: params.ID})
-}
-
-// GetListItem returns a single List Item.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-list-item
-func (api *API) GetListItem(ctx context.Context, rc *ResourceContainer, listID, itemID string) (ListItem, error) {
-	if rc.Identifier == "" {
-		return ListItem{}, ErrMissingAccountID
-	}
-
-	if listID == "" {
-		return ListItem{}, ErrMissingListID
-	}
-
-	if itemID == "" {
-		return ListItem{}, ErrMissingResourceIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/%s/items/%s", rc.Identifier, listID, itemID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ListItem{}, err
-	}
-
-	result := ListItemsGetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetListBulkOperation returns the status of a bulk operation.
-//
-// API reference: https://api.cloudflare.com/#rules-lists-get-bulk-operation
-func (api *API) GetListBulkOperation(ctx context.Context, rc *ResourceContainer, ID string) (ListBulkOperation, error) {
-	if rc.Identifier == "" {
-		return ListBulkOperation{}, ErrMissingAccountID
-	}
-
-	if ID == "" {
-		return ListBulkOperation{}, ErrMissingResourceIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/rules/lists/bulk_operations/%s", rc.Identifier, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ListBulkOperation{}, err
-	}
-
-	result := ListBulkOperationResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ListBulkOperation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// pollListBulkOperation implements synchronous behaviour for some asynchronous
-// endpoints. bulk-operation status can be either pending, running, failed or
-// completed.
-func (api *API) pollListBulkOperation(ctx context.Context, rc *ResourceContainer, ID string) error {
-	for i := uint8(0); i < 16; i++ {
-		sleepDuration := 1 << (i / 2) * time.Second
-		select {
-		case <-time.After(sleepDuration):
-		case <-ctx.Done():
-			return fmt.Errorf("operation aborted during backoff: %w", ctx.Err())
-		}
-
-		bulkResult, err := api.GetListBulkOperation(ctx, rc, ID)
-		if err != nil {
-			return err
-		}
-
-		switch bulkResult.Status {
-		case "failed":
-			return errors.New(bulkResult.Error)
-		case "pending", "running":
-			continue
-		case "completed":
-			return nil
-		default:
-			return fmt.Errorf("%s: %s", errOperationUnexpectedStatus, bulkResult.Status)
-		}
-	}
-
-	return errors.New(errOperationStillRunning)
-}
diff --git a/pkg/cloudflare-go/list_test.go b/pkg/cloudflare-go/list_test.go
deleted file mode 100644
index 0a622f8d1e..0000000000
--- a/pkg/cloudflare-go/list_test.go
+++ /dev/null
@@ -1,1045 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListLists(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-				{
-					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-					"name": "list1",
-					"description": "This is a note.",
-					"kind": "ip",
-					"num_items": 10,
-					"num_referencing_filters": 2,
-					"created_on": "2020-01-01T08:00:00Z",
-					"modified_on": "2020-01-10T14:00:00Z"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := []List{
-		{
-			ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			Name:                  "list1",
-			Description:           "This is a note.",
-			Kind:                  "ip",
-			NumItems:              10,
-			NumReferencingFilters: 2,
-			CreatedOn:             &createdOn,
-			ModifiedOn:            &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListLists(context.Background(), AccountIdentifier(testAccountID), ListListsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This is a note.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := List{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This is a note.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.CreateList(context.Background(), AccountIdentifier(testAccountID), ListCreateParams{
-		Name: "list1", Description: "This is a note.", Kind: "ip",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This is a note.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := List{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This is a note.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.GetList(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "list1",
-				"description": "This note was updated.",
-				"kind": "ip",
-				"num_items": 10,
-				"num_referencing_filters": 2,
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := List{
-		ID:                    "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:                  "list1",
-		Description:           "This note was updated.",
-		Kind:                  "ip",
-		NumItems:              10,
-		NumReferencingFilters: 2,
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-	}
-
-	actual, err := client.UpdateList(context.Background(), AccountIdentifier(testAccountID),
-		ListUpdateParams{
-			ID: "2c0fc9fa937b11eaa1b71c4d701ab86e", Description: "This note was updated.",
-		},
-	)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "34b12448945f11eaa1b71c4d701ab86e"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	want := ListDeleteResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.ID = "34b12448945f11eaa1b71c4d701ab86e"
-
-	actual, err := client.DeleteList(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListsItemsIP(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
-			fmt.Fprint(w, `{
-			"result": [
-    			{
-      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"ip": "192.0.2.2",
-      				"comment": "Another Private IP address",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		} else {
-			fmt.Fprint(w, `{
-			"result": [
-    			{
-      				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"ip": "192.0.2.1",
-      				"comment": "Private IP address",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx",
-					"after": "yyy"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		}
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := []ListItem{
-		{
-			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			IP:         StringPtr("192.0.2.1"),
-			Comment:    "Private IP address",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-		{
-			ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			IP:         StringPtr("192.0.2.2"),
-			Comment:    "Another Private IP address",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListListItems(context.Background(), AccountIdentifier(testAccountID), ListListItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListsItemsRedirect(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		if len(r.URL.Query().Get("cursor")) > 0 && r.URL.Query().Get("cursor") == "yyy" {
-			fmt.Fprint(w, `{
-			"result": [
-				{
-      				"id": "1c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"redirect": {
-						"source_url": "www.3fonteinen.be",
-						"target_url": "https://shop.3fonteinen.be"
-					},
-      				"comment": "3F redirect",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		} else {
-			fmt.Fprint(w, `{
-			"result": [
-				{
-      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"redirect": {
-						"source_url": "http://cloudflare.com",
-						"include_subdomains": true,
-						"target_url": "https://cloudflare.com",
-						"status_code": 302,
-						"preserve_query_string": true,
-						"subpath_matching": true,
-						"preserve_path_suffix": false
-					},
-      				"comment": "Cloudflare http redirect",
-      				"created_on": "2020-01-01T08:00:00Z",
-      				"modified_on": "2020-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx",
-					"after": "yyy"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-		}
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := []ListItem{
-		{
-			ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
-			Redirect: &Redirect{
-				SourceUrl:           "http://cloudflare.com",
-				IncludeSubdomains:   BoolPtr(true),
-				TargetUrl:           "https://cloudflare.com",
-				StatusCode:          IntPtr(302),
-				PreserveQueryString: BoolPtr(true),
-				SubpathMatching:     BoolPtr(true),
-				PreservePathSuffix:  BoolPtr(false),
-			},
-			Comment:    "Cloudflare http redirect",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-		{
-			ID: "1c0fc9fa937b11eaa1b71c4d701ab86e",
-			Redirect: &Redirect{
-				SourceUrl: "www.3fonteinen.be",
-				TargetUrl: "https://shop.3fonteinen.be",
-			},
-			Comment:    "3F redirect",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListListItems(
-		context.Background(),
-		AccountIdentifier(testAccountID),
-		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
-	)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListsItemsHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-				{
-      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"hostname": {
-						"url_hostname": "cloudflare.com"
-					},
-      				"comment": "CF hostname",
-      				"created_on": "2023-01-01T08:00:00Z",
-      				"modified_on": "2023-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
-
-	want := []ListItem{
-		{
-			ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
-			Hostname: &Hostname{
-				UrlHostname: "cloudflare.com",
-			},
-			Comment:    "CF hostname",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListListItems(
-		context.Background(),
-		AccountIdentifier(testAccountID),
-		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
-	)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListsItemsASN(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		fmt.Fprint(w, `{
-			"result": [
-				{
-      				"id": "0c0fc9fa937b11eaa1b71c4d701ab86e",
-      				"asn": 3456,
-      				"comment": "ASN",
-      				"created_on": "2023-01-01T08:00:00Z",
-      				"modified_on": "2023-01-10T14:00:00Z"
-    			}
-  			],
-  			"result_info": {
-    			"cursors": {
-					"before": "xxx"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
-
-	want := []ListItem{
-		{
-			ID:         "0c0fc9fa937b11eaa1b71c4d701ab86e",
-			ASN:        Uint32Ptr(3456),
-			Comment:    "ASN",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-		},
-	}
-
-	actual, err := client.ListListItems(
-		context.Background(),
-		AccountIdentifier(testAccountID),
-		ListListItemsParams{ID: "0c0fc9fa937b11eaa1b71c4d701ab86e"},
-	)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateListItemsIP(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			IP:      StringPtr("192.0.2.1"),
-			Comment: "Private IP",
-		}, {
-			IP:      StringPtr("192.0.2.2"),
-			Comment: "Another Private IP",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateListItemsRedirect(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
-		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			Redirect: &Redirect{
-				SourceUrl: "www.3fonteinen.be",
-				TargetUrl: "https://shop.3fonteinen.be",
-			},
-			Comment: "redirect 3F",
-		}, {
-			Redirect: &Redirect{
-				SourceUrl: "www.cf.com",
-				TargetUrl: "https://cloudflare.com",
-			},
-			Comment: "Redirect cf",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateListItemsHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
-		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			Hostname: &Hostname{
-				UrlHostname: "3fonteinen.be", // ie. only match 3fonteinen.be
-			},
-			Comment: "hostname 3F",
-		}, {
-			Hostname: &Hostname{
-				UrlHostname: "*.cf.com", // ie. match all subdomains of cf.com but not cf.com
-			},
-			Comment: "Hostname cf",
-		}, {
-			Hostname: &Hostname{
-				UrlHostname: "*.abc.com", // ie. equivalent to match all subdomains of abc.com excluding abc.com
-			},
-			Comment: "Hostname abc",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateListItemsASN(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/0c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.CreateListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListCreateItemsParams{
-		ID: "0c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			ASN:     Uint32Ptr(458),
-			Comment: "ASN 458",
-		}, {
-			ASN:     Uint32Ptr(789),
-			Comment: "ASN 789",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceListItemsIP(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			IP:      StringPtr("192.0.2.1"),
-			Comment: "Private IP",
-		}, {
-			IP:      StringPtr("192.0.2.2"),
-			Comment: "Another Private IP",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceListItemsRedirect(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			Redirect: &Redirect{
-				SourceUrl: "www.3fonteinen.be",
-				TargetUrl: "https://shop.3fonteinen.be",
-			},
-			Comment: "redirect 3F",
-		}, {
-			Redirect: &Redirect{
-				SourceUrl: "www.cf.com",
-				TargetUrl: "https://cloudflare.com",
-			},
-			Comment: "Redirect cf",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceListItemsHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			Hostname: &Hostname{
-				UrlHostname: "3fonteinen.be",
-			},
-			Comment: "hostname 3F",
-		}, {
-			Hostname: &Hostname{
-				UrlHostname: "cf.com",
-			},
-			Comment: "Hostname cf",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceListItemsASN(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemCreateResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.ReplaceListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListReplaceItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: []ListItemCreateRequest{{
-			ASN:     Uint32Ptr(4567),
-			Comment: "ASN 4567",
-		}, {
-			ASN:     Uint32Ptr(8901),
-			Comment: "ASN 8901",
-		}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteListItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"operation_id": "4da8780eeb215e6cb7f48dd981c4ea02"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items", handler)
-
-	want := ListItemDeleteResponse{}
-	want.Success = true
-	want.Errors = []ResponseInfo{}
-	want.Messages = []ResponseInfo{}
-	want.Result.OperationID = "4da8780eeb215e6cb7f48dd981c4ea02"
-
-	actual, err := client.DeleteListItemsAsync(context.Background(), AccountIdentifier(testAccountID), ListDeleteItemsParams{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Items: ListItemDeleteRequest{[]ListItemDeleteItemRequest{{
-			ID: "34b12448945f11eaa1b71c4d701ab86e",
-		}}}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetListItemIP(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"ip": "192.0.2.1",
-				"comment": "Private IP address",
-				"created_on": "2020-01-01T08:00:00Z",
-				"modified_on": "2020-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
-		"34b12448945f11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2020-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2020-01-10T14:00:00Z")
-
-	want := ListItem{
-		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		IP:         StringPtr("192.0.2.1"),
-		Comment:    "Private IP address",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	}
-
-	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetListItemHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"hostname": {
-					"url_hostname": "cloudflare.com"
-				},
-				"comment": "CF Hostname",
-				"created_on": "2023-01-01T08:00:00Z",
-				"modified_on": "2023-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
-		"34b12448945f11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
-
-	want := ListItem{
-		ID: "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Hostname: &Hostname{
-			UrlHostname: "cloudflare.com",
-		},
-		Comment:    "CF Hostname",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	}
-
-	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetListItemASN(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"asn": 5555,
-				"comment": "asn 5555",
-				"created_on": "2023-01-01T08:00:00Z",
-				"modified_on": "2023-01-10T14:00:00Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rules/lists/2c0fc9fa937b11eaa1b71c4d701ab86e/items/"+
-		"34b12448945f11eaa1b71c4d701ab86e", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-01T08:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2023-01-10T14:00:00Z")
-
-	want := ListItem{
-		ID:         "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		ASN:        Uint32Ptr(5555),
-		Comment:    "asn 5555",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	}
-
-	actual, err := client.GetListItem(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e", "34b12448945f11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestPollListTimeout(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 0)
-	defer cancel()
-
-	start := time.Now()
-	err := client.pollListBulkOperation(ctx, AccountIdentifier(testAccountID), "list1")
-	assert.ErrorIs(t, err, context.DeadlineExceeded)
-	assert.WithinDuration(t, start, time.Now(), time.Second,
-		"pollListBulkOperation took too much time with an expiring context")
-}
diff --git a/pkg/cloudflare-go/load_balancing.go b/pkg/cloudflare-go/load_balancing.go
deleted file mode 100644
index 44d7fd9fa3..0000000000
--- a/pkg/cloudflare-go/load_balancing.go
+++ /dev/null
@@ -1,821 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// LoadBalancerPool represents a load balancer pool's properties.
-type LoadBalancerPool struct {
-	ID                string                      `json:"id,omitempty"`
-	CreatedOn         *time.Time                  `json:"created_on,omitempty"`
-	ModifiedOn        *time.Time                  `json:"modified_on,omitempty"`
-	Description       string                      `json:"description"`
-	Name              string                      `json:"name"`
-	Enabled           bool                        `json:"enabled"`
-	MinimumOrigins    *int                        `json:"minimum_origins,omitempty"`
-	Monitor           string                      `json:"monitor,omitempty"`
-	Origins           []LoadBalancerOrigin        `json:"origins"`
-	NotificationEmail string                      `json:"notification_email,omitempty"`
-	Latitude          *float32                    `json:"latitude,omitempty"`
-	Longitude         *float32                    `json:"longitude,omitempty"`
-	LoadShedding      *LoadBalancerLoadShedding   `json:"load_shedding,omitempty"`
-	OriginSteering    *LoadBalancerOriginSteering `json:"origin_steering,omitempty"`
-	Healthy           *bool                       `json:"healthy,omitempty"`
-
-	// CheckRegions defines the geographic region(s) from where to run health-checks from - e.g. "WNAM", "WEU", "SAF", "SAM".
-	// Providing a null/empty value means "all regions", which may not be available to all plan types.
-	CheckRegions []string `json:"check_regions"`
-}
-
-// LoadBalancerOrigin represents a Load Balancer origin's properties.
-type LoadBalancerOrigin struct {
-	Name    string `json:"name"`
-	Address string `json:"address"`
-	Enabled bool   `json:"enabled"`
-	// Weight of this origin relative to other origins in the pool.
-	// Based on the configured weight the total traffic is distributed
-	// among origins within the pool.
-	//
-	// When LoadBalancerOriginSteering.Policy="least_outstanding_requests", this
-	// weight is used to scale the origin's outstanding requests.
-	// When LoadBalancerOriginSteering.Policy="least_connections", this
-	// weight is used to scale the origin's open connections.
-	Weight float64             `json:"weight"`
-	Header map[string][]string `json:"header"`
-	// The virtual network subnet ID the origin belongs in.
-	// Virtual network must also belong to the account.
-	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
-}
-
-// LoadBalancerOriginSteering controls origin selection for new sessions and traffic without session affinity.
-type LoadBalancerOriginSteering struct {
-	// Policy determines the type of origin steering policy to use.
-	// It defaults to "random" (weighted) when empty or unspecified.
-	//
-	// "random": Select an origin randomly.
-	//
-	// "hash": Select an origin by computing a hash over the CF-Connecting-IP address.
-	//
-	// "least_outstanding_requests": Select an origin by taking into consideration origin weights,
-	// as well as each origin's number of outstanding requests. Origins with more pending requests
-	// are weighted proportionately less relative to others.
-	//
-	// "least_connections": Select an origin by taking into consideration origin weights,
-	// as well as each origin's number of open connections. Origins with more open connections
-	// are weighted proportionately less relative to others. Supported for HTTP/1 and HTTP/2 connections.
-	Policy string `json:"policy,omitempty"`
-}
-
-// LoadBalancerMonitor represents a load balancer monitor's properties.
-type LoadBalancerMonitor struct {
-	ID              string              `json:"id,omitempty"`
-	CreatedOn       *time.Time          `json:"created_on,omitempty"`
-	ModifiedOn      *time.Time          `json:"modified_on,omitempty"`
-	Type            string              `json:"type"`
-	Description     string              `json:"description"`
-	Method          string              `json:"method"`
-	Path            string              `json:"path"`
-	Header          map[string][]string `json:"header"`
-	Timeout         int                 `json:"timeout"`
-	Retries         int                 `json:"retries"`
-	Interval        int                 `json:"interval"`
-	ConsecutiveUp   int                 `json:"consecutive_up"`
-	ConsecutiveDown int                 `json:"consecutive_down"`
-	Port            uint16              `json:"port,omitempty"`
-	ExpectedBody    string              `json:"expected_body"`
-	ExpectedCodes   string              `json:"expected_codes"`
-	FollowRedirects bool                `json:"follow_redirects"`
-	AllowInsecure   bool                `json:"allow_insecure"`
-	ProbeZone       string              `json:"probe_zone"`
-}
-
-// LoadBalancer represents a load balancer's properties.
-type LoadBalancer struct {
-	ID                        string                     `json:"id,omitempty"`
-	CreatedOn                 *time.Time                 `json:"created_on,omitempty"`
-	ModifiedOn                *time.Time                 `json:"modified_on,omitempty"`
-	Description               string                     `json:"description"`
-	Name                      string                     `json:"name"`
-	TTL                       int                        `json:"ttl,omitempty"`
-	FallbackPool              string                     `json:"fallback_pool"`
-	DefaultPools              []string                   `json:"default_pools"`
-	RegionPools               map[string][]string        `json:"region_pools"`
-	PopPools                  map[string][]string        `json:"pop_pools"`
-	CountryPools              map[string][]string        `json:"country_pools"`
-	Proxied                   bool                       `json:"proxied"`
-	Enabled                   *bool                      `json:"enabled,omitempty"`
-	Persistence               string                     `json:"session_affinity,omitempty"`
-	PersistenceTTL            int                        `json:"session_affinity_ttl,omitempty"`
-	SessionAffinityAttributes *SessionAffinityAttributes `json:"session_affinity_attributes,omitempty"`
-	Rules                     []*LoadBalancerRule        `json:"rules,omitempty"`
-	RandomSteering            *RandomSteering            `json:"random_steering,omitempty"`
-	AdaptiveRouting           *AdaptiveRouting           `json:"adaptive_routing,omitempty"`
-	LocationStrategy          *LocationStrategy          `json:"location_strategy,omitempty"`
-
-	// SteeringPolicy controls pool selection logic.
-	//
-	// "off": Select pools in DefaultPools order.
-	//
-	// "geo": Select pools based on RegionPools/PopPools/CountryPools.
-	// For non-proxied requests, the country for CountryPools is determined by LocationStrategy.
-	//
-	// "dynamic_latency": Select pools based on RTT (requires health checks).
-	//
-	// "random": Selects pools in a random order.
-	//
-	// "proximity": Use the pools' latitude and longitude to select the closest pool using
-	// the Cloudflare PoP location for proxied requests or the location determined by
-	// LocationStrategy for non-proxied requests.
-	//
-	// "least_outstanding_requests": Select a pool by taking into consideration
-	// RandomSteering weights, as well as each pool's number of outstanding requests.
-	// Pools with more pending requests are weighted proportionately less relative to others.
-	//
-	// "least_connections": Select a pool by taking into consideration
-	// RandomSteering weights, as well as each pool's number of open connections.
-	// Pools with more open connections are weighted proportionately less relative to others.
-	// Supported for HTTP/1 and HTTP/2 connections.
-	//
-	// "": Maps to "geo" if RegionPools or PopPools or CountryPools have entries otherwise "off".
-	SteeringPolicy string `json:"steering_policy,omitempty"`
-}
-
-// LoadBalancerLoadShedding contains the settings for controlling load shedding.
-type LoadBalancerLoadShedding struct {
-	DefaultPercent float32 `json:"default_percent,omitempty"`
-	DefaultPolicy  string  `json:"default_policy,omitempty"`
-	SessionPercent float32 `json:"session_percent,omitempty"`
-	SessionPolicy  string  `json:"session_policy,omitempty"`
-}
-
-// LoadBalancerRule represents a single rule entry for a Load Balancer. Each rules
-// is run one after the other in priority order. Disabled rules are skipped.
-type LoadBalancerRule struct {
-	Overrides LoadBalancerRuleOverrides `json:"overrides"`
-
-	// Name is required but is only used for human readability
-	Name string `json:"name"`
-
-	Condition string `json:"condition"`
-
-	// Priority controls the order of rule execution the lowest value will be invoked first
-	Priority int `json:"priority"`
-
-	// FixedResponse if set and the condition is true we will not run
-	// routing logic but rather directly respond with the provided fields.
-	// FixedResponse implies terminates.
-	FixedResponse *LoadBalancerFixedResponseData `json:"fixed_response,omitempty"`
-
-	Disabled bool `json:"disabled"`
-
-	// Terminates flag this rule as 'terminating'. No further rules will
-	// be executed after this one.
-	Terminates bool `json:"terminates,omitempty"`
-}
-
-// LoadBalancerFixedResponseData contains all the data needed to generate
-// a fixed response from a Load Balancer. This behavior can be enabled via Rules.
-type LoadBalancerFixedResponseData struct {
-	// MessageBody data to write into the http body
-	MessageBody string `json:"message_body,omitempty"`
-	// StatusCode the http status code to response with
-	StatusCode int `json:"status_code,omitempty"`
-	// ContentType value of the http 'content-type' header
-	ContentType string `json:"content_type,omitempty"`
-	// Location value of the http 'location' header
-	Location string `json:"location,omitempty"`
-}
-
-// LoadBalancerRuleOverrides are the set of field overridable by the rules system.
-type LoadBalancerRuleOverrides struct {
-	// session affinity
-	Persistence    string `json:"session_affinity,omitempty"`
-	PersistenceTTL *uint  `json:"session_affinity_ttl,omitempty"`
-
-	SessionAffinityAttrs *LoadBalancerRuleOverridesSessionAffinityAttrs `json:"session_affinity_attributes,omitempty"`
-
-	TTL uint `json:"ttl,omitempty"`
-
-	SteeringPolicy string `json:"steering_policy,omitempty"`
-	FallbackPool   string `json:"fallback_pool,omitempty"`
-
-	DefaultPools []string            `json:"default_pools,omitempty"`
-	PoPPools     map[string][]string `json:"pop_pools,omitempty"`
-	RegionPools  map[string][]string `json:"region_pools,omitempty"`
-	CountryPools map[string][]string `json:"country_pools,omitempty"`
-
-	RandomSteering   *RandomSteering   `json:"random_steering,omitempty"`
-	AdaptiveRouting  *AdaptiveRouting  `json:"adaptive_routing,omitempty"`
-	LocationStrategy *LocationStrategy `json:"location_strategy,omitempty"`
-}
-
-// RandomSteering configures pool weights.
-//
-// SteeringPolicy="random": A random pool is selected with probability
-// proportional to pool weights.
-//
-// SteeringPolicy="least_outstanding_requests": Use pool weights to
-// scale each pool's outstanding requests.
-//
-// SteeringPolicy="least_connections": Use pool weights to
-// scale each pool's open connections.
-type RandomSteering struct {
-	DefaultWeight float64            `json:"default_weight,omitempty"`
-	PoolWeights   map[string]float64 `json:"pool_weights,omitempty"`
-}
-
-// AdaptiveRouting controls features that modify the routing of requests
-// to pools and origins in response to dynamic conditions, such as during
-// the interval between active health monitoring requests.
-// For example, zero-downtime failover occurs immediately when an origin
-// becomes unavailable due to HTTP 521, 522, or 523 response codes.
-// If there is another healthy origin in the same pool, the request is
-// retried once against this alternate origin.
-type AdaptiveRouting struct {
-	// FailoverAcrossPools extends zero-downtime failover of requests to healthy origins
-	// from alternate pools, when no healthy alternate exists in the same pool, according
-	// to the failover order defined by traffic and origin steering.
-	// When set false (the default) zero-downtime failover will only occur between origins
-	// within the same pool. See SessionAffinityAttributes for control over when sessions
-	// are broken or reassigned.
-	FailoverAcrossPools *bool `json:"failover_across_pools,omitempty"`
-}
-
-// LocationStrategy controls location-based steering for non-proxied requests.
-// See SteeringPolicy to learn how steering is affected.
-type LocationStrategy struct {
-	// PreferECS determines whether the EDNS Client Subnet (ECS) GeoIP should
-	// be preferred as the authoritative location.
-	//
-	// "always": Always prefer ECS.
-	//
-	// "never": Never prefer ECS.
-	//
-	// "proximity": (default) Prefer ECS only when SteeringPolicy="proximity".
-	//
-	// "geo": Prefer ECS only when SteeringPolicy="geo".
-	PreferECS string `json:"prefer_ecs,omitempty"`
-	// Mode determines the authoritative location when ECS is not preferred,
-	// does not exist in the request, or its GeoIP lookup is unsuccessful.
-	//
-	// "pop": (default) Use the Cloudflare PoP location.
-	//
-	// "resolver_ip": Use the DNS resolver GeoIP location.
-	// If the GeoIP lookup is unsuccessful, use the Cloudflare PoP location.
-	Mode string `json:"mode,omitempty"`
-}
-
-// LoadBalancerRuleOverridesSessionAffinityAttrs mimics SessionAffinityAttributes without the
-// DrainDuration field as that field can not be overwritten via rules.
-type LoadBalancerRuleOverridesSessionAffinityAttrs struct {
-	SameSite             string   `json:"samesite,omitempty"`
-	Secure               string   `json:"secure,omitempty"`
-	ZeroDowntimeFailover string   `json:"zero_downtime_failover,omitempty"`
-	Headers              []string `json:"headers,omitempty"`
-	RequireAllHeaders    *bool    `json:"require_all_headers,omitempty"`
-}
-
-// SessionAffinityAttributes represents additional configuration options for session affinity.
-type SessionAffinityAttributes struct {
-	SameSite             string   `json:"samesite,omitempty"`
-	Secure               string   `json:"secure,omitempty"`
-	DrainDuration        int      `json:"drain_duration,omitempty"`
-	ZeroDowntimeFailover string   `json:"zero_downtime_failover,omitempty"`
-	Headers              []string `json:"headers,omitempty"`
-	RequireAllHeaders    bool     `json:"require_all_headers,omitempty"`
-}
-
-// LoadBalancerOriginHealth represents the health of the origin.
-type LoadBalancerOriginHealth struct {
-	Healthy       bool     `json:"healthy,omitempty"`
-	RTT           Duration `json:"rtt,omitempty"`
-	FailureReason string   `json:"failure_reason,omitempty"`
-	ResponseCode  int      `json:"response_code,omitempty"`
-}
-
-// LoadBalancerPoolPopHealth represents the health of the pool for given PoP.
-type LoadBalancerPoolPopHealth struct {
-	Healthy bool                                  `json:"healthy,omitempty"`
-	Origins []map[string]LoadBalancerOriginHealth `json:"origins,omitempty"`
-}
-
-// LoadBalancerPoolHealth represents the healthchecks from different PoPs for a pool.
-type LoadBalancerPoolHealth struct {
-	ID        string                               `json:"pool_id,omitempty"`
-	PopHealth map[string]LoadBalancerPoolPopHealth `json:"pop_health,omitempty"`
-}
-
-// loadBalancerPoolResponse represents the response from the load balancer pool endpoints.
-type loadBalancerPoolResponse struct {
-	Response
-	Result LoadBalancerPool `json:"result"`
-}
-
-// loadBalancerPoolListResponse represents the response from the List Pools endpoint.
-type loadBalancerPoolListResponse struct {
-	Response
-	Result     []LoadBalancerPool `json:"result"`
-	ResultInfo ResultInfo         `json:"result_info"`
-}
-
-// loadBalancerMonitorResponse represents the response from the load balancer monitor endpoints.
-type loadBalancerMonitorResponse struct {
-	Response
-	Result LoadBalancerMonitor `json:"result"`
-}
-
-// loadBalancerMonitorListResponse represents the response from the List Monitors endpoint.
-type loadBalancerMonitorListResponse struct {
-	Response
-	Result     []LoadBalancerMonitor `json:"result"`
-	ResultInfo ResultInfo            `json:"result_info"`
-}
-
-// loadBalancerResponse represents the response from the load balancer endpoints.
-type loadBalancerResponse struct {
-	Response
-	Result LoadBalancer `json:"result"`
-}
-
-// loadBalancerListResponse represents the response from the List Load Balancers endpoint.
-type loadBalancerListResponse struct {
-	Response
-	Result     []LoadBalancer `json:"result"`
-	ResultInfo ResultInfo     `json:"result_info"`
-}
-
-// loadBalancerPoolHealthResponse represents the response from the Pool Health Details endpoint.
-type loadBalancerPoolHealthResponse struct {
-	Response
-	Result LoadBalancerPoolHealth `json:"result"`
-}
-
-type CreateLoadBalancerPoolParams struct {
-	LoadBalancerPool LoadBalancerPool
-}
-
-type ListLoadBalancerPoolParams struct {
-	PaginationOptions
-}
-
-type UpdateLoadBalancerPoolParams struct {
-	LoadBalancer LoadBalancerPool
-}
-
-type CreateLoadBalancerMonitorParams struct {
-	LoadBalancerMonitor LoadBalancerMonitor
-}
-
-type ListLoadBalancerMonitorParams struct {
-	PaginationOptions
-}
-
-type UpdateLoadBalancerMonitorParams struct {
-	LoadBalancerMonitor LoadBalancerMonitor
-}
-
-type CreateLoadBalancerParams struct {
-	LoadBalancer LoadBalancer
-}
-
-type ListLoadBalancerParams struct {
-	PaginationOptions
-}
-
-type UpdateLoadBalancerParams struct {
-	LoadBalancer LoadBalancer
-}
-
-var (
-	ErrMissingPoolID         = errors.New("missing required pool ID")
-	ErrMissingMonitorID      = errors.New("missing required monitor ID")
-	ErrMissingLoadBalancerID = errors.New("missing required load balancer ID")
-)
-
-// CreateLoadBalancerPool creates a new load balancer pool.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-create-pool
-func (api *API) CreateLoadBalancerPool(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerPoolParams) (LoadBalancerPool, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = "/user/load_balancers/pools"
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools", rc.Identifier)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancerPool)
-	if err != nil {
-		return LoadBalancerPool{}, err
-	}
-	var r loadBalancerPoolResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListLoadBalancerPools lists load balancer pools connected to an account.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-list-pools
-func (api *API) ListLoadBalancerPools(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerPoolParams) ([]LoadBalancerPool, error) {
-	if rc.Level == ZoneRouteLevel {
-		return []LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = "/user/load_balancers/pools"
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools", rc.Identifier)
-	}
-
-	uri = buildURI(uri, params.PaginationOptions)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r loadBalancerPoolListResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetLoadBalancerPool returns the details for a load balancer pool.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-pool-details
-func (api *API) GetLoadBalancerPool(ctx context.Context, rc *ResourceContainer, poolID string) (LoadBalancerPool, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if poolID == "" {
-		return LoadBalancerPool{}, ErrMissingPoolID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/pools/%s", poolID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, poolID)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LoadBalancerPool{}, err
-	}
-	var r loadBalancerPoolResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteLoadBalancerPool disables and deletes a load balancer pool.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-delete-pool
-func (api *API) DeleteLoadBalancerPool(ctx context.Context, rc *ResourceContainer, poolID string) error {
-	if rc.Level == ZoneRouteLevel {
-		return fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if poolID == "" {
-		return ErrMissingPoolID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/pools/%s", poolID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, poolID)
-	}
-
-	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// UpdateLoadBalancerPool modifies a configured load balancer pool.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-update-pool
-func (api *API) UpdateLoadBalancerPool(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerPoolParams) (LoadBalancerPool, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerPool{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if params.LoadBalancer.ID == "" {
-		return LoadBalancerPool{}, ErrMissingPoolID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/pools/%s", params.LoadBalancer.ID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s", rc.Identifier, params.LoadBalancer.ID)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancer)
-	if err != nil {
-		return LoadBalancerPool{}, err
-	}
-	var r loadBalancerPoolResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerPool{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateLoadBalancerMonitor creates a new load balancer monitor.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-monitors-create-monitor
-func (api *API) CreateLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerMonitorParams) (LoadBalancerMonitor, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = "/user/load_balancers/monitors"
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors", rc.Identifier)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancerMonitor)
-	if err != nil {
-		return LoadBalancerMonitor{}, err
-	}
-	var r loadBalancerMonitorResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListLoadBalancerMonitors lists load balancer monitors connected to an account.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-monitors-list-monitors
-func (api *API) ListLoadBalancerMonitors(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerMonitorParams) ([]LoadBalancerMonitor, error) {
-	if rc.Level == ZoneRouteLevel {
-		return []LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = "/user/load_balancers/monitors"
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors", rc.Identifier)
-	}
-
-	uri = buildURI(uri, params.PaginationOptions)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r loadBalancerMonitorListResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetLoadBalancerMonitor returns the details for a load balancer monitor.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-monitors-monitor-details
-func (api *API) GetLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, monitorID string) (LoadBalancerMonitor, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if monitorID == "" {
-		return LoadBalancerMonitor{}, ErrMissingMonitorID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", monitorID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, monitorID)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LoadBalancerMonitor{}, err
-	}
-	var r loadBalancerMonitorResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteLoadBalancerMonitor disables and deletes a load balancer monitor.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-monitors-delete-monitor
-func (api *API) DeleteLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, monitorID string) error {
-	if rc.Level == ZoneRouteLevel {
-		return fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if monitorID == "" {
-		return ErrMissingMonitorID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", monitorID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, monitorID)
-	}
-
-	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
-		return err
-	}
-	return nil
-}
-
-// UpdateLoadBalancerMonitor modifies a configured load balancer monitor.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-monitors-update-monitor
-func (api *API) UpdateLoadBalancerMonitor(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerMonitorParams) (LoadBalancerMonitor, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerMonitor{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if params.LoadBalancerMonitor.ID == "" {
-		return LoadBalancerMonitor{}, ErrMissingMonitorID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/monitors/%s", params.LoadBalancerMonitor.ID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/monitors/%s", rc.Identifier, params.LoadBalancerMonitor.ID)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancerMonitor)
-	if err != nil {
-		return LoadBalancerMonitor{}, err
-	}
-	var r loadBalancerMonitorResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerMonitor{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateLoadBalancer creates a new load balancer.
-//
-// API reference: https://api.cloudflare.com/#load-balancers-create-load-balancer
-func (api *API) CreateLoadBalancer(ctx context.Context, rc *ResourceContainer, params CreateLoadBalancerParams) (LoadBalancer, error) {
-	if rc.Level != ZoneRouteLevel {
-		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/load_balancers", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.LoadBalancer)
-	if err != nil {
-		return LoadBalancer{}, err
-	}
-	var r loadBalancerResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListLoadBalancers lists load balancers configured on a zone.
-//
-// API reference: https://api.cloudflare.com/#load-balancers-list-load-balancers
-func (api *API) ListLoadBalancers(ctx context.Context, rc *ResourceContainer, params ListLoadBalancerParams) ([]LoadBalancer, error) {
-	if rc.Level != ZoneRouteLevel {
-		return []LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/load_balancers", rc.Identifier), params.PaginationOptions)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r loadBalancerListResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetLoadBalancer returns the details for a load balancer.
-//
-// API reference: https://api.cloudflare.com/#load-balancers-load-balancer-details
-func (api *API) GetLoadBalancer(ctx context.Context, rc *ResourceContainer, loadbalancerID string) (LoadBalancer, error) {
-	if rc.Level != ZoneRouteLevel {
-		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if loadbalancerID == "" {
-		return LoadBalancer{}, ErrMissingLoadBalancerID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, loadbalancerID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LoadBalancer{}, err
-	}
-	var r loadBalancerResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteLoadBalancer disables and deletes a load balancer.
-//
-// API reference: https://api.cloudflare.com/#load-balancers-delete-load-balancer
-func (api *API) DeleteLoadBalancer(ctx context.Context, rc *ResourceContainer, loadbalancerID string) error {
-	if rc.Level != ZoneRouteLevel {
-		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if loadbalancerID == "" {
-		return ErrMissingLoadBalancerID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, loadbalancerID)
-
-	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
-		return err
-	}
-	return nil
-}
-
-// UpdateLoadBalancer modifies a configured load balancer.
-//
-// API reference: https://api.cloudflare.com/#load-balancers-update-load-balancer
-func (api *API) UpdateLoadBalancer(ctx context.Context, rc *ResourceContainer, params UpdateLoadBalancerParams) (LoadBalancer, error) {
-	if rc.Level != ZoneRouteLevel {
-		return LoadBalancer{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if params.LoadBalancer.ID == "" {
-		return LoadBalancer{}, ErrMissingLoadBalancerID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/load_balancers/%s", rc.Identifier, params.LoadBalancer.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.LoadBalancer)
-	if err != nil {
-		return LoadBalancer{}, err
-	}
-	var r loadBalancerResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetLoadBalancerPoolHealth fetches the latest healtcheck details for a single
-// pool.
-//
-// API reference: https://api.cloudflare.com/#load-balancer-pools-pool-health-details
-func (api *API) GetLoadBalancerPoolHealth(ctx context.Context, rc *ResourceContainer, poolID string) (LoadBalancerPoolHealth, error) {
-	if rc.Level == ZoneRouteLevel {
-		return LoadBalancerPoolHealth{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if poolID == "" {
-		return LoadBalancerPoolHealth{}, ErrMissingPoolID
-	}
-
-	var uri string
-	if rc.Level == UserRouteLevel {
-		uri = fmt.Sprintf("/user/load_balancers/pools/%s/health", poolID)
-	} else {
-		uri = fmt.Sprintf("/accounts/%s/load_balancers/pools/%s/health", rc.Identifier, poolID)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LoadBalancerPoolHealth{}, err
-	}
-	var r loadBalancerPoolHealthResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return LoadBalancerPoolHealth{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/load_balancing_example_test.go b/pkg/cloudflare-go/load_balancing_example_test.go
deleted file mode 100644
index 2aaa8956ac..0000000000
--- a/pkg/cloudflare-go/load_balancing_example_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package cloudflare_test
-
-import (
-	context "context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListLoadBalancers() {
-	// Construct a new API object.
-	api, err := cloudflare.New("deadbeef", "test@example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// List LBs configured in zone.
-	lbList, err := api.ListLoadBalancers(context.Background(), cloudflare.ZoneIdentifier("d56084adb405e0b7e32c52321bf07be6"), cloudflare.ListLoadBalancerParams{})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, lb := range lbList {
-		fmt.Println(lb)
-	}
-}
-
-func ExampleAPI_GetLoadBalancerPoolHealth() {
-	// Construct a new API object.
-	api, err := cloudflare.New("deadbeef", "test@example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch pool health details.
-	healthInfo, err := api.GetLoadBalancerPoolHealth(context.Background(), cloudflare.AccountIdentifier("01a7362d577a6c3019a474fd6f485823"), "example-pool-id")
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Println(healthInfo)
-}
diff --git a/pkg/cloudflare-go/load_balancing_test.go b/pkg/cloudflare-go/load_balancing_test.go
deleted file mode 100644
index 3a9ab5afb5..0000000000
--- a/pkg/cloudflare-go/load_balancing_test.go
+++ /dev/null
@@ -1,2147 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCreateLoadBalancerPool(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-              "description": "Primary data center - Provider XYZ",
-              "name": "primary-dc-1",
-              "enabled": true,
-              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-              "latitude": 55,
-              "longitude": -12.5,
-              "load_shedding": {
-                "default_percent": 50,
-                "default_policy": "random",
-                "session_percent": 10,
-                "session_policy": "hash"
-              },
-              "origin_steering": {
-                "policy": "random"
-              },
-              "origins": [
-                {
-                  "name": "app-server-1",
-                  "address": "198.51.100.1",
-                  "enabled": true,
-                  "weight": 1,
-                  "header": {
-                      "Host": [
-                          "example.com"
-                      ]
-                  },
-			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                }
-              ],
-              "notification_email": "someone@example.com",
-              "check_regions": [
-                "WEU"
-              ]
-            }`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "17b5962d775c646f3f9725cbc7a53df4",
-              "created_on": "2014-01-01T05:20:00.12345Z",
-              "modified_on": "2014-02-01T05:20:00.12345Z",
-              "description": "Primary data center - Provider XYZ",
-              "name": "primary-dc-1",
-              "enabled": true,
-              "minimum_origins": 1,
-              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-              "latitude": 55,
-              "longitude": -12.5,
-              "load_shedding": {
-                "default_percent": 50,
-                "default_policy": "random",
-                "session_percent": 10,
-                "session_policy": "hash"
-              },
-              "origin_steering": {
-                "policy": "random"
-              },
-              "origins": [
-                {
-                  "name": "app-server-1",
-                  "address": "198.51.100.1",
-                  "enabled": true,
-                  "weight": 1,
-                  "header": {
-                      "Host": [
-                          "example.com"
-                      ]
-                  },
-			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                }
-              ],
-              "notification_email": "someone@example.com",
-              "check_regions": [
-                "WEU"
-              ],
-			  "healthy": true
-            }
-        }`)
-	}
-
-	fptr := func(f float32) *float32 {
-		return &f
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancerPool{
-		ID:             "17b5962d775c646f3f9725cbc7a53df4",
-		CreatedOn:      &createdOn,
-		ModifiedOn:     &modifiedOn,
-		Description:    "Primary data center - Provider XYZ",
-		Name:           "primary-dc-1",
-		Enabled:        true,
-		MinimumOrigins: IntPtr(1),
-		Monitor:        "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		Latitude:       fptr(55),
-		Longitude:      fptr(-12.5),
-		LoadShedding: &LoadBalancerLoadShedding{
-			DefaultPercent: 50,
-			DefaultPolicy:  "random",
-			SessionPercent: 10,
-			SessionPolicy:  "hash",
-		},
-		OriginSteering: &LoadBalancerOriginSteering{
-			Policy: "random",
-		},
-		Origins: []LoadBalancerOrigin{
-			{
-				Name:    "app-server-1",
-				Address: "198.51.100.1",
-				Enabled: true,
-				Weight:  1,
-				Header: map[string][]string{
-					"Host": {"example.com"},
-				},
-				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-			},
-		},
-		NotificationEmail: "someone@example.com",
-		CheckRegions: []string{
-			"WEU",
-		},
-		Healthy: BoolPtr(true),
-	}
-	request := LoadBalancerPool{
-		Description: "Primary data center - Provider XYZ",
-		Name:        "primary-dc-1",
-		Enabled:     true,
-		Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		Latitude:    fptr(55),
-		Longitude:   fptr(-12.5),
-		LoadShedding: &LoadBalancerLoadShedding{
-			DefaultPercent: 50,
-			DefaultPolicy:  "random",
-			SessionPercent: 10,
-			SessionPolicy:  "hash",
-		},
-		OriginSteering: &LoadBalancerOriginSteering{
-			Policy: "random",
-		},
-		Origins: []LoadBalancerOrigin{
-			{
-				Name:    "app-server-1",
-				Address: "198.51.100.1",
-				Enabled: true,
-				Weight:  1,
-				Header: map[string][]string{
-					"Host": {"example.com"},
-				},
-				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-			},
-		},
-		NotificationEmail: "someone@example.com",
-		CheckRegions: []string{
-			"WEU",
-		},
-	}
-
-	actual, err := client.CreateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerPoolParams{LoadBalancerPool: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateLoadBalancerPool_MinimumOriginsZero(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-              "description": "Primary data center - Provider XYZ",
-              "name": "primary-dc-2",
-              "minimum_origins": 0,
-              "enabled": true,
-              "check_regions": null,
-              "origins": null
-            }`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "description": "Primary data center - Provider XYZ",
-              "created_on": "2014-01-01T05:20:00.12345Z",
-              "modified_on": "2014-02-01T05:20:00.12345Z",
-              "id": "f6fea70e5154b4c563bd549ef405b7d7",
-              "enabled": true,
-              "minimum_origins": 0,
-              "name": "primary-dc-2",
-              "notification_email": "",
-              "check_regions": null,
-              "origins": []
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancerPool{
-		ID:                "f6fea70e5154b4c563bd549ef405b7d7",
-		CreatedOn:         &createdOn,
-		ModifiedOn:        &modifiedOn,
-		Description:       "Primary data center - Provider XYZ",
-		Name:              "primary-dc-2",
-		Enabled:           true,
-		MinimumOrigins:    IntPtr(0),
-		Origins:           []LoadBalancerOrigin{},
-		NotificationEmail: "",
-	}
-	request := LoadBalancerPool{
-		Description:    "Primary data center - Provider XYZ",
-		Name:           "primary-dc-2",
-		Enabled:        true,
-		MinimumOrigins: IntPtr(0),
-	}
-
-	actual, err := client.CreateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerPoolParams{LoadBalancerPool: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.CreateLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerPoolParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestListLoadBalancerPools(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": [
-                {
-                    "id": "17b5962d775c646f3f9725cbc7a53df4",
-                    "created_on": "2014-01-01T05:20:00.12345Z",
-                    "modified_on": "2014-02-01T05:20:00.12345Z",
-                    "description": "Primary data center - Provider XYZ",
-                    "name": "primary-dc-1",
-                    "enabled": true,
-                    "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                    "origin_steering": {
-                      "policy": "random"
-                    },
-                    "origins": [
-                      {
-                        "name": "app-server-1",
-                        "address": "198.51.100.1",
-                        "enabled": true,
-                        "weight": 1,
-					    "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                      }
-                    ],
-                    "notification_email": "someone@example.com"
-                }
-            ],
-            "result_info": {
-                "page": 1,
-                "per_page": 20,
-                "count": 1,
-                "total_count": 1
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := []LoadBalancerPool{
-		{
-			ID:          "17b5962d775c646f3f9725cbc7a53df4",
-			CreatedOn:   &createdOn,
-			ModifiedOn:  &modifiedOn,
-			Description: "Primary data center - Provider XYZ",
-			Name:        "primary-dc-1",
-			Enabled:     true,
-			Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
-			OriginSteering: &LoadBalancerOriginSteering{
-				Policy: "random",
-			},
-			Origins: []LoadBalancerOrigin{
-				{
-					Name:             "app-server-1",
-					Address:          "198.51.100.1",
-					Enabled:          true,
-					Weight:           1,
-					VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-				},
-			},
-			NotificationEmail: "someone@example.com",
-		},
-	}
-
-	actual, err := client.ListLoadBalancerPools(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerPoolParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.ListLoadBalancerPools(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerPoolParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestGetLoadBalancerPool(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "17b5962d775c646f3f9725cbc7a53df4",
-              "created_on": "2014-01-01T05:20:00.12345Z",
-              "modified_on": "2014-02-01T05:20:00.12345Z",
-              "description": "Primary data center - Provider XYZ",
-              "name": "primary-dc-1",
-              "enabled": true,
-              "monitor": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-              "origin_steering": {
-                "policy": "random"
-              },
-              "origins": [
-                {
-                  "name": "app-server-1",
-                  "address": "198.51.100.1",
-                  "enabled": true,
-                  "weight": 1,
-				  "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                }
-              ],
-              "notification_email": "someone@example.com"
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancerPool{
-		ID:          "17b5962d775c646f3f9725cbc7a53df4",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Description: "Primary data center - Provider XYZ",
-		Name:        "primary-dc-1",
-		Enabled:     true,
-		Monitor:     "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		OriginSteering: &LoadBalancerOriginSteering{
-			Policy: "random",
-		},
-		Origins: []LoadBalancerOrigin{
-			{
-				Name:             "app-server-1",
-				Address:          "198.51.100.1",
-				Enabled:          true,
-				Weight:           1,
-				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-			},
-		},
-		NotificationEmail: "someone@example.com",
-	}
-
-	actual, err := client.GetLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "17b5962d775c646f3f9725cbc7a53df4")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.GetLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "bar")
-	assert.Error(t, err)
-}
-
-func TestGetLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestDeleteLoadBalancerPool(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "17b5962d775c646f3f9725cbc7a53df4"
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
-	assert.NoError(t, client.DeleteLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "17b5962d775c646f3f9725cbc7a53df4"))
-	assert.Error(t, client.DeleteLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), "bar"))
-}
-
-func TestDeleteLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	err := client.DeleteLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestUpdateLoadBalancerPool(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-              "id": "17b5962d775c646f3f9725cbc7a53df4",
-              "description": "Primary data center - Provider XYZZY",
-              "name": "primary-dc-2",
-              "enabled": false,
-              "origin_steering": {
-                "policy": "random"
-              },
-              "origins": [
-                {
-                  "name": "app-server-2",
-                  "address": "198.51.100.2",
-                  "enabled": false,
-                  "weight": 1,
-                  "header": {
-                      "Host": [
-                          "example.com"
-                      ]
-                  },
-			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                }
-              ],
-              "notification_email": "nobody@example.com",
-              "check_regions": [
-                "WEU"
-              ]
-						}`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "17b5962d775c646f3f9725cbc7a53df4",
-              "created_on": "2014-01-01T05:20:00.12345Z",
-              "modified_on": "2017-02-01T05:20:00.12345Z",
-              "description": "Primary data center - Provider XYZZY",
-              "name": "primary-dc-2",
-              "enabled": false,
-              "origin_steering": {
-                "policy": "random"
-              },
-              "origins": [
-                {
-                  "name": "app-server-2",
-                  "address": "198.51.100.2",
-                  "enabled": false,
-                  "weight": 1,
-                  "header": {
-                      "Host": [
-                          "example.com"
-                      ]
-                  },
-			      "virtual_network_id":"a5624d4e-044a-4ff0-b3e1-e2465353d4b4"
-                }
-              ],
-              "notification_email": "nobody@example.com",
-              "check_regions": [
-                "WEU"
-              ]
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/17b5962d775c646f3f9725cbc7a53df4", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
-	want := LoadBalancerPool{
-		ID:          "17b5962d775c646f3f9725cbc7a53df4",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Description: "Primary data center - Provider XYZZY",
-		Name:        "primary-dc-2",
-		Enabled:     false,
-		OriginSteering: &LoadBalancerOriginSteering{
-			Policy: "random",
-		},
-		Origins: []LoadBalancerOrigin{
-			{
-				Name:    "app-server-2",
-				Address: "198.51.100.2",
-				Enabled: false,
-				Weight:  1,
-				Header: map[string][]string{
-					"Host": {"example.com"},
-				},
-				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-			},
-		},
-		NotificationEmail: "nobody@example.com",
-		CheckRegions: []string{
-			"WEU",
-		},
-	}
-	request := LoadBalancerPool{
-		ID:          "17b5962d775c646f3f9725cbc7a53df4",
-		Description: "Primary data center - Provider XYZZY",
-		Name:        "primary-dc-2",
-		Enabled:     false,
-		OriginSteering: &LoadBalancerOriginSteering{
-			Policy: "random",
-		},
-		Origins: []LoadBalancerOrigin{
-			{
-				Name:    "app-server-2",
-				Address: "198.51.100.2",
-				Enabled: false,
-				Weight:  1,
-				Header: map[string][]string{
-					"Host": {"example.com"},
-				},
-				VirtualNetworkID: "a5624d4e-044a-4ff0-b3e1-e2465353d4b4",
-			},
-		},
-		NotificationEmail: "nobody@example.com",
-		CheckRegions: []string{
-			"WEU",
-		},
-	}
-
-	actual, err := client.UpdateLoadBalancerPool(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerPoolParams{LoadBalancer: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateLoadBalancerPool_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateLoadBalancerPool(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerPoolParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestCreateLoadBalancerMonitor(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-              "type": "https",
-              "description": "Login page monitor",
-              "method": "GET",
-              "path": "/health",
-              "header": {
-                "Host": [
-                  "example.com"
-                ],
-                "X-App-ID": [
-                  "abc123"
-                ]
-              },
-              "timeout": 3,
-              "retries": 0,
-              "interval": 90,
-              "consecutive_up": 2,
-              "consecutive_down": 2,
-              "expected_body": "alive",
-              "expected_codes": "2xx",
-              "follow_redirects": true,
-              "allow_insecure": true,
-              "probe_zone": ""
-						}`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2014-02-01T05:20:00.12345Z",
-                "type": "https",
-                "description": "Login page monitor",
-                "method": "GET",
-                "path": "/health",
-                "header": {
-                  "Host": [
-                    "example.com"
-                  ],
-                  "X-App-ID": [
-                    "abc123"
-                  ]
-                },
-                "timeout": 3,
-                "retries": 0,
-                "interval": 90,
-                "consecutive_up": 2,
-                "consecutive_down": 2,
-                "expected_body": "alive",
-                "expected_codes": "2xx",
-                "follow_redirects": true,
-                "allow_insecure": true,
-                "probe_zone": ""
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancerMonitor{
-		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Type:        "https",
-		Description: "Login page monitor",
-		Method:      http.MethodGet,
-		Path:        "/health",
-		Header: map[string][]string{
-			"Host":     {"example.com"},
-			"X-App-ID": {"abc123"},
-		},
-		Timeout:         3,
-		Retries:         0,
-		Interval:        90,
-		ConsecutiveUp:   2,
-		ConsecutiveDown: 2,
-		ExpectedBody:    "alive",
-		ExpectedCodes:   "2xx",
-
-		FollowRedirects: true,
-		AllowInsecure:   true,
-	}
-	request := LoadBalancerMonitor{
-		Type:        "https",
-		Description: "Login page monitor",
-		Method:      http.MethodGet,
-		Path:        "/health",
-		Header: map[string][]string{
-			"Host":     {"example.com"},
-			"X-App-ID": {"abc123"},
-		},
-		Timeout:         3,
-		Retries:         0,
-		Interval:        90,
-		ConsecutiveUp:   2,
-		ConsecutiveDown: 2,
-		ExpectedBody:    "alive",
-		ExpectedCodes:   "2xx",
-
-		FollowRedirects: true,
-		AllowInsecure:   true,
-	}
-
-	actual, err := client.CreateLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerMonitorParams{LoadBalancerMonitor: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.CreateLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerMonitorParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestListLoadBalancerMonitors(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": [
-                {
-                    "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                    "created_on": "2014-01-01T05:20:00.12345Z",
-                    "modified_on": "2014-02-01T05:20:00.12345Z",
-                    "type": "https",
-                    "description": "Login page monitor",
-                    "method": "GET",
-                    "path": "/health",
-                    "header": {
-                      "Host": [
-                        "example.com"
-                      ],
-                      "X-App-ID": [
-                        "abc123"
-                      ]
-                    },
-                    "timeout": 3,
-                    "retries": 0,
-                    "interval": 90,
-                    "consecutive_up": 2,
-                    "consecutive_down": 2,
-                    "expected_body": "alive",
-                    "expected_codes": "2xx"
-                }
-            ],
-            "result_info": {
-                "page": 1,
-                "per_page": 20,
-                "count": 1,
-                "total_count": 1
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := []LoadBalancerMonitor{
-		{
-			ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
-			CreatedOn:   &createdOn,
-			ModifiedOn:  &modifiedOn,
-			Type:        "https",
-			Description: "Login page monitor",
-			Method:      http.MethodGet,
-			Path:        "/health",
-			Header: map[string][]string{
-				"Host":     {"example.com"},
-				"X-App-ID": {"abc123"},
-			},
-			Timeout:         3,
-			Retries:         0,
-			Interval:        90,
-			ConsecutiveUp:   2,
-			ConsecutiveDown: 2,
-			ExpectedBody:    "alive",
-			ExpectedCodes:   "2xx",
-		},
-	}
-
-	actual, err := client.ListLoadBalancerMonitors(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerMonitorParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListLoadBalancerMonitors_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.ListLoadBalancerMonitors(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerMonitorParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestGetLoadBalancerMonitor(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2014-02-01T05:20:00.12345Z",
-                "type": "https",
-                "description": "Login page monitor",
-                "method": "GET",
-                "path": "/health",
-                "header": {
-                  "Host": [
-                    "example.com"
-                  ],
-                  "X-App-ID": [
-                    "abc123"
-                  ]
-                },
-                "timeout": 3,
-                "retries": 0,
-                "interval": 90,
-                "consecutive_up": 2,
-                "consecutive_down": 2,
-                "expected_body": "alive",
-                "expected_codes": "2xx",
-                "follow_redirects": true,
-                "allow_insecure": true,
-                "probe_zone": ""
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancerMonitor{
-		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Type:        "https",
-		Description: "Login page monitor",
-		Method:      http.MethodGet,
-		Path:        "/health",
-		Header: map[string][]string{
-			"Host":     {"example.com"},
-			"X-App-ID": {"abc123"},
-		},
-		Timeout:         3,
-		Retries:         0,
-		Interval:        90,
-		ConsecutiveUp:   2,
-		ConsecutiveDown: 2,
-		ExpectedBody:    "alive",
-		ExpectedCodes:   "2xx",
-
-		FollowRedirects: true,
-		AllowInsecure:   true,
-	}
-
-	actual, err := client.GetLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "f1aba936b94213e5b8dca0c0dbf1f9cc")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.GetLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "bar")
-	assert.Error(t, err)
-}
-
-func TestGetLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestDeleteLoadBalancerMonitor(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "f1aba936b94213e5b8dca0c0dbf1f9cc"
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
-	assert.NoError(t, client.DeleteLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "f1aba936b94213e5b8dca0c0dbf1f9cc"))
-	assert.Error(t, client.DeleteLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), "bar"))
-}
-
-func TestDeleteLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	err := client.DeleteLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestUpdateLoadBalancerMonitor(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                "type": "http",
-                "description": "Login page monitor",
-                "method": "GET",
-                "path": "/status",
-                "header": {
-                  "Host": [
-                    "example.com"
-                  ],
-                  "X-App-ID": [
-                    "easy"
-                  ]
-                },
-                "timeout": 3,
-                "retries": 0,
-                "interval": 90,
-                "consecutive_up": 2,
-                "consecutive_down": 2,
-                "expected_body": "kicking",
-                "expected_codes": "200",
-                "follow_redirects": true,
-                "allow_insecure": true,
-                "probe_zone": ""
-						}`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "f1aba936b94213e5b8dca0c0dbf1f9cc",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2017-02-01T05:20:00.12345Z",
-                "type": "http",
-                "description": "Login page monitor",
-                "method": "GET",
-                "path": "/status",
-                "header": {
-                  "Host": [
-                    "example.com"
-                  ],
-                  "X-App-ID": [
-                    "easy"
-                  ]
-                },
-                "timeout": 3,
-                "retries": 0,
-                "interval": 90,
-                "consecutive_up": 2,
-                "consecutive_down": 2,
-                "expected_body": "kicking",
-                "expected_codes": "200",
-                "follow_redirects": true,
-                "allow_insecure": true,
-                "probe_zone": ""
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/monitors/f1aba936b94213e5b8dca0c0dbf1f9cc", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
-	want := LoadBalancerMonitor{
-		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Type:        "http",
-		Description: "Login page monitor",
-		Method:      http.MethodGet,
-		Path:        "/status",
-		Header: map[string][]string{
-			"Host":     {"example.com"},
-			"X-App-ID": {"easy"},
-		},
-		Timeout:         3,
-		Retries:         0,
-		Interval:        90,
-		ConsecutiveUp:   2,
-		ConsecutiveDown: 2,
-		ExpectedBody:    "kicking",
-		ExpectedCodes:   "200",
-
-		FollowRedirects: true,
-		AllowInsecure:   true,
-	}
-	request := LoadBalancerMonitor{
-		ID:          "f1aba936b94213e5b8dca0c0dbf1f9cc",
-		Type:        "http",
-		Description: "Login page monitor",
-		Method:      http.MethodGet,
-		Path:        "/status",
-		Header: map[string][]string{
-			"Host":     {"example.com"},
-			"X-App-ID": {"easy"},
-		},
-		Timeout:         3,
-		Retries:         0,
-		Interval:        90,
-		ConsecutiveUp:   2,
-		ConsecutiveDown: 2,
-		ExpectedBody:    "kicking",
-		ExpectedCodes:   "200",
-
-		FollowRedirects: true,
-		AllowInsecure:   true,
-	}
-
-	actual, err := client.UpdateLoadBalancerMonitor(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerMonitorParams{LoadBalancerMonitor: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateLoadBalancerMonitor_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateLoadBalancerMonitor(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerMonitorParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
-
-func TestCreateLoadBalancer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-              "description": "Load Balancer for www.example.com",
-              "name": "www.example.com",
-              "ttl": 30,
-              "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-              "default_pools": [
-                "de90f38ced07c2e2f4df50b1f61d4194",
-                "9290f38c5d07c2e2f4df57b1f61d4196",
-                "00920f38ce07c2e2f4df50b1f61d4194"
-              ],
-              "region_pools": {
-                "WNAM": [
-                  "de90f38ced07c2e2f4df50b1f61d4194",
-                  "9290f38c5d07c2e2f4df57b1f61d4196"
-                ],
-                "ENAM": [
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ]
-              },
-              "country_pools": {
-                "US": [
-                  "de90f38ced07c2e2f4df50b1f61d4194"
-                ],
-                "GB": [
-                  "abd90f38ced07c2e2f4df50b1f61d4194"
-                ]
-              },
-              "pop_pools": {
-                "LAX": [
-                  "de90f38ced07c2e2f4df50b1f61d4194",
-                  "9290f38c5d07c2e2f4df57b1f61d4196"
-                ],
-                "LHR": [
-                  "abd90f38ced07c2e2f4df50b1f61d4194",
-                  "f9138c5d07c2e2f4df57b1f61d4196"
-                ],
-                "SJC": [
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ]
-			  },
-			  "random_steering": {
-			    "default_weight": 0.2,
-			    "pool_weights": {
-			        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-			        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
-			    }
-			  },
-			  "adaptive_routing": {
-				"failover_across_pools": true
-			  },
-			  "location_strategy": {
-				"prefer_ecs": "always",
-				"mode": "resolver_ip"
-			  },
-			  "rules": [
-				  {
-					  "name": "example rule",
-					  "condition": "cf.load_balancer.region == \"SAF\"",
-					  "disabled": false,
-					  "priority": 0,
-					  "overrides": {
-						  "region_pools": {
-							  "SAF": ["de90f38ced07c2e2f4df50b1f61d4194"]
-						  },
-						  "adaptive_routing": {
-							"failover_across_pools": false
-						  },
-						  "location_strategy": {
-							"prefer_ecs": "never",
-							"mode": "pop"
-						  }
-					  }
-				  }
-			  ],
-              "proxied": true,
-              "session_affinity": "cookie",
-              "session_affinity_ttl": 5000,
-              "session_affinity_attributes": {
-                "samesite": "Strict",
-                "secure": "Always",
-                "drain_duration": 60,
-                "zero_downtime_failover": "sticky"
-              }
-            }`, string(b))
-		}
-
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "699d98642c564d2e855e9661899b7252",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2014-02-01T05:20:00.12345Z",
-                "description": "Load Balancer for www.example.com",
-                "name": "www.example.com",
-                "ttl": 30,
-                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-                "default_pools": [
-                  "de90f38ced07c2e2f4df50b1f61d4194",
-                  "9290f38c5d07c2e2f4df57b1f61d4196",
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ],
-                "region_pools": {
-                  "WNAM": [
-                    "de90f38ced07c2e2f4df50b1f61d4194",
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "ENAM": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "country_pools": {
-                  "US": [
-                    "de90f38ced07c2e2f4df50b1f61d4194"
-                  ],
-                  "GB": [
-                    "abd90f38ced07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "pop_pools": {
-                  "LAX": [
-                    "de90f38ced07c2e2f4df50b1f61d4194",
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "LHR": [
-                    "abd90f38ced07c2e2f4df50b1f61d4194",
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "SJC": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-				},
-				"random_steering": {
-				   "default_weight": 0.2,
-				    "pool_weights": {
-				        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-				        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
-				    }
-				},
-				"adaptive_routing": {
-					"failover_across_pools": true
-				},
-				"location_strategy": {
-					"prefer_ecs": "always",
-					"mode": "resolver_ip"
-				},
-				"rules": [
-				  {
-					  "name": "example rule",
-					  "condition": "cf.load_balancer.region == \"SAF\"",
-					  "overrides": {
-						  "region_pools": {
-							  "SAF": ["de90f38ced07c2e2f4df50b1f61d4194"]
-						  },
-						  "adaptive_routing": {
-							"failover_across_pools": false
-						  },
-						  "location_strategy": {
-							"prefer_ecs": "never",
-							"mode": "pop"
-						  }
-					  }
-				  }
-			  ],
-                "proxied": true,
-                "session_affinity": "cookie",
-                "session_affinity_ttl": 5000,
-                "session_affinity_attributes": {
-                    "samesite": "Strict",
-                    "secure": "Always",
-                    "drain_duration": 60,
-	                "zero_downtime_failover": "sticky"
-                }
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancer{
-		ID:           "699d98642c564d2e855e9661899b7252",
-		CreatedOn:    &createdOn,
-		ModifiedOn:   &modifiedOn,
-		Description:  "Load Balancer for www.example.com",
-		Name:         "www.example.com",
-		TTL:          30,
-		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-		DefaultPools: []string{
-			"de90f38ced07c2e2f4df50b1f61d4194",
-			"9290f38c5d07c2e2f4df57b1f61d4196",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		RegionPools: map[string][]string{
-			"WNAM": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"ENAM": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		CountryPools: map[string][]string{
-			"US": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-			},
-			"GB": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-			},
-		},
-		PopPools: map[string][]string{
-			"LAX": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"LHR": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-			"SJC": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		RandomSteering: &RandomSteering{
-			DefaultWeight: 0.2,
-			PoolWeights: map[string]float64{
-				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
-			},
-		},
-		AdaptiveRouting: &AdaptiveRouting{
-			FailoverAcrossPools: BoolPtr(true),
-		},
-		LocationStrategy: &LocationStrategy{
-			PreferECS: "always",
-			Mode:      "resolver_ip",
-		},
-		Rules: []*LoadBalancerRule{
-			{
-				Name:      "example rule",
-				Condition: "cf.load_balancer.region == \"SAF\"",
-				Overrides: LoadBalancerRuleOverrides{
-					RegionPools: map[string][]string{
-						"SAF": {"de90f38ced07c2e2f4df50b1f61d4194"},
-					},
-					AdaptiveRouting: &AdaptiveRouting{
-						FailoverAcrossPools: BoolPtr(false),
-					},
-					LocationStrategy: &LocationStrategy{
-						PreferECS: "never",
-						Mode:      "pop",
-					},
-				},
-			},
-		},
-		Proxied:        true,
-		Persistence:    "cookie",
-		PersistenceTTL: 5000,
-		SessionAffinityAttributes: &SessionAffinityAttributes{
-			SameSite:             "Strict",
-			Secure:               "Always",
-			DrainDuration:        60,
-			ZeroDowntimeFailover: "sticky",
-		},
-	}
-	request := LoadBalancer{
-		Description:  "Load Balancer for www.example.com",
-		Name:         "www.example.com",
-		TTL:          30,
-		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-		DefaultPools: []string{
-			"de90f38ced07c2e2f4df50b1f61d4194",
-			"9290f38c5d07c2e2f4df57b1f61d4196",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		RegionPools: map[string][]string{
-			"WNAM": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"ENAM": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		CountryPools: map[string][]string{
-			"US": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-			},
-			"GB": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-			},
-		},
-		PopPools: map[string][]string{
-			"LAX": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"LHR": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-			"SJC": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		RandomSteering: &RandomSteering{
-			DefaultWeight: 0.2,
-			PoolWeights: map[string]float64{
-				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
-			},
-		},
-		AdaptiveRouting: &AdaptiveRouting{
-			FailoverAcrossPools: BoolPtr(true),
-		},
-		LocationStrategy: &LocationStrategy{
-			PreferECS: "always",
-			Mode:      "resolver_ip",
-		},
-		Rules: []*LoadBalancerRule{
-			{
-				Name:      "example rule",
-				Condition: "cf.load_balancer.region == \"SAF\"",
-				Overrides: LoadBalancerRuleOverrides{
-					RegionPools: map[string][]string{
-						"SAF": {"de90f38ced07c2e2f4df50b1f61d4194"},
-					},
-					AdaptiveRouting: &AdaptiveRouting{
-						FailoverAcrossPools: BoolPtr(false),
-					},
-					LocationStrategy: &LocationStrategy{
-						PreferECS: "never",
-						Mode:      "pop",
-					},
-				},
-			},
-		},
-		Proxied:        true,
-		Persistence:    "cookie",
-		PersistenceTTL: 5000,
-		SessionAffinityAttributes: &SessionAffinityAttributes{
-			SameSite:             "Strict",
-			Secure:               "Always",
-			DrainDuration:        60,
-			ZeroDowntimeFailover: "sticky",
-		},
-	}
-
-	actual, err := client.CreateLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), CreateLoadBalancerParams{LoadBalancer: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateLoadBalancer_AccountIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.CreateLoadBalancer(context.Background(), AccountIdentifier(testAccountID), CreateLoadBalancerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
-	}
-}
-
-func TestListLoadBalancers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": [
-                {
-                    "id": "699d98642c564d2e855e9661899b7252",
-                    "created_on": "2014-01-01T05:20:00.12345Z",
-                    "modified_on": "2014-02-01T05:20:00.12345Z",
-                    "description": "Load Balancer for www.example.com",
-                    "name": "www.example.com",
-                    "ttl": 30,
-                    "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-                    "default_pools": [
-                      "de90f38ced07c2e2f4df50b1f61d4194",
-                      "9290f38c5d07c2e2f4df57b1f61d4196",
-                      "00920f38ce07c2e2f4df50b1f61d4194"
-                    ],
-                    "region_pools": {
-                      "WNAM": [
-                        "de90f38ced07c2e2f4df50b1f61d4194",
-                        "9290f38c5d07c2e2f4df57b1f61d4196"
-                      ],
-                      "ENAM": [
-                        "00920f38ce07c2e2f4df50b1f61d4194"
-                      ]
-                    },
-                    "country_pools": {
-                      "US": [
-                        "de90f38ced07c2e2f4df50b1f61d4194"
-                      ],
-                      "GB": [
-                        "abd90f38ced07c2e2f4df50b1f61d4194"
-                      ]
-                    },
-                    "pop_pools": {
-                      "LAX": [
-                        "de90f38ced07c2e2f4df50b1f61d4194",
-                        "9290f38c5d07c2e2f4df57b1f61d4196"
-                      ],
-                      "LHR": [
-                        "abd90f38ced07c2e2f4df50b1f61d4194",
-                        "f9138c5d07c2e2f4df57b1f61d4196"
-                      ],
-                      "SJC": [
-                        "00920f38ce07c2e2f4df50b1f61d4194"
-                      ]
-                    },
-                    "random_steering": {
-                        "default_weight": 0.2,
-                        "pool_weights": {
-                            "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-                            "de90f38ced07c2e2f4df50b1f61d4194": 0.4
-                        }
-                    },
-					"adaptive_routing": {
-						"failover_across_pools": true
-					},
-					"location_strategy": {
-						"prefer_ecs": "always",
-						"mode": "resolver_ip"
-					},
-                    "proxied": true
-                }
-            ],
-            "result_info": {
-                "page": 1,
-                "per_page": 20,
-                "count": 1,
-                "total_count": 1
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := []LoadBalancer{
-		{
-			ID:           "699d98642c564d2e855e9661899b7252",
-			CreatedOn:    &createdOn,
-			ModifiedOn:   &modifiedOn,
-			Description:  "Load Balancer for www.example.com",
-			Name:         "www.example.com",
-			TTL:          30,
-			FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-			DefaultPools: []string{
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-			RegionPools: map[string][]string{
-				"WNAM": {
-					"de90f38ced07c2e2f4df50b1f61d4194",
-					"9290f38c5d07c2e2f4df57b1f61d4196",
-				},
-				"ENAM": {
-					"00920f38ce07c2e2f4df50b1f61d4194",
-				},
-			},
-			CountryPools: map[string][]string{
-				"US": {
-					"de90f38ced07c2e2f4df50b1f61d4194",
-				},
-				"GB": {
-					"abd90f38ced07c2e2f4df50b1f61d4194",
-				},
-			},
-			PopPools: map[string][]string{
-				"LAX": {
-					"de90f38ced07c2e2f4df50b1f61d4194",
-					"9290f38c5d07c2e2f4df57b1f61d4196",
-				},
-				"LHR": {
-					"abd90f38ced07c2e2f4df50b1f61d4194",
-					"f9138c5d07c2e2f4df57b1f61d4196",
-				},
-				"SJC": {
-					"00920f38ce07c2e2f4df50b1f61d4194",
-				},
-			},
-			RandomSteering: &RandomSteering{
-				DefaultWeight: 0.2,
-				PoolWeights: map[string]float64{
-					"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-					"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
-				},
-			},
-			AdaptiveRouting: &AdaptiveRouting{
-				FailoverAcrossPools: BoolPtr(true),
-			},
-			LocationStrategy: &LocationStrategy{
-				PreferECS: "always",
-				Mode:      "resolver_ip",
-			},
-			Proxied: true,
-		},
-	}
-
-	actual, err := client.ListLoadBalancers(context.Background(), ZoneIdentifier(testZoneID), ListLoadBalancerParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListLoadBalancer_AccountIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.ListLoadBalancers(context.Background(), AccountIdentifier(testAccountID), ListLoadBalancerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
-	}
-}
-
-func TestGetLoadBalancer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "699d98642c564d2e855e9661899b7252",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2014-02-01T05:20:00.12345Z",
-                "description": "Load Balancer for www.example.com",
-                "name": "www.example.com",
-                "ttl": 30,
-                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-                "default_pools": [
-                  "de90f38ced07c2e2f4df50b1f61d4194",
-                  "9290f38c5d07c2e2f4df57b1f61d4196",
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ],
-                "region_pools": {
-                  "WNAM": [
-                    "de90f38ced07c2e2f4df50b1f61d4194",
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "ENAM": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "country_pools": {
-                  "US": [
-                    "de90f38ced07c2e2f4df50b1f61d4194"
-                  ],
-                  "GB": [
-                    "abd90f38ced07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "pop_pools": {
-                  "LAX": [
-                    "de90f38ced07c2e2f4df50b1f61d4194",
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "LHR": [
-                    "abd90f38ced07c2e2f4df50b1f61d4194",
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "SJC": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "random_steering": {
-                    "default_weight": 0.2,
-                    "pool_weights": {
-                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-                        "de90f38ced07c2e2f4df50b1f61d4194": 0.4
-                    }
-                },
-				"adaptive_routing": {
-					"failover_across_pools": true
-				},
-				"location_strategy": {
-					"prefer_ecs": "always",
-					"mode": "resolver_ip"
-				},
-                "proxied": true
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-	want := LoadBalancer{
-		ID:           "699d98642c564d2e855e9661899b7252",
-		CreatedOn:    &createdOn,
-		ModifiedOn:   &modifiedOn,
-		Description:  "Load Balancer for www.example.com",
-		Name:         "www.example.com",
-		TTL:          30,
-		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-		DefaultPools: []string{
-			"de90f38ced07c2e2f4df50b1f61d4194",
-			"9290f38c5d07c2e2f4df57b1f61d4196",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		RegionPools: map[string][]string{
-			"WNAM": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"ENAM": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		CountryPools: map[string][]string{
-			"US": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-			},
-			"GB": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-			},
-		},
-		PopPools: map[string][]string{
-			"LAX": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"LHR": {
-				"abd90f38ced07c2e2f4df50b1f61d4194",
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-			"SJC": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		RandomSteering: &RandomSteering{
-			DefaultWeight: 0.2,
-			PoolWeights: map[string]float64{
-				"9290f38c5d07c2e2f4df57b1f61d4196": 0.6,
-				"de90f38ced07c2e2f4df50b1f61d4194": 0.4,
-			},
-		},
-		AdaptiveRouting: &AdaptiveRouting{
-			FailoverAcrossPools: BoolPtr(true),
-		},
-		LocationStrategy: &LocationStrategy{
-			PreferECS: "always",
-			Mode:      "resolver_ip",
-		},
-		Proxied: true,
-	}
-
-	actual, err := client.GetLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.GetLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "bar")
-	assert.Error(t, err)
-}
-
-func TestGetLoadBalancer_AccountIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetLoadBalancer(context.Background(), AccountIdentifier(testAccountID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
-	}
-}
-
-func TestDeleteLoadBalancer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-              "id": "699d98642c564d2e855e9661899b7252"
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
-	assert.NoError(t, client.DeleteLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "699d98642c564d2e855e9661899b7252"))
-	assert.Error(t, client.DeleteLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), "bar"))
-}
-
-func TestDeleteLoadBalancer_AccountIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	err := client.DeleteLoadBalancer(context.Background(), AccountIdentifier(testAccountID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
-	}
-}
-
-func TestUpdateLoadBalancer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-                "id": "699d98642c564d2e855e9661899b7252",
-                "description": "Load Balancer for www.example.com",
-                "name": "www.example.com",
-                "ttl": 30,
-                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-                "default_pools": [
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ],
-                "region_pools": {
-                  "WNAM": [
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "ENAM": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "country_pools": {
-                  "US": [
-                    "de90f38ced07c2e2f4df50b1f61d4194"
-                  ],
-                  "GB": [
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ]
-                },
-                "pop_pools": {
-                  "LAX": [
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "LHR": [
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "SJC": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "random_steering": {
-                    "default_weight": 0.5,
-                    "pool_weights": {
-                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.2
-                    }
-                },
-				"adaptive_routing": {
-					"failover_across_pools": false
-				},
-				"location_strategy": {
-					"prefer_ecs": "never",
-					"mode": "pop"
-				},
-                "proxied": true,
-                "session_affinity": "none",
-                "session_affinity_attributes": {
-                  "samesite": "Strict",
-                  "secure": "Always",
-				  "zero_downtime_failover": "sticky"
-                }
-			}`, string(b))
-		}
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "id": "699d98642c564d2e855e9661899b7252",
-                "created_on": "2014-01-01T05:20:00.12345Z",
-                "modified_on": "2017-02-01T05:20:00.12345Z",
-                "description": "Load Balancer for www.example.com",
-                "name": "www.example.com",
-                "ttl": 30,
-                "fallback_pool": "17b5962d775c646f3f9725cbc7a53df4",
-                "default_pools": [
-                  "00920f38ce07c2e2f4df50b1f61d4194"
-                ],
-                "region_pools": {
-                  "WNAM": [
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "ENAM": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "country_pools": {
-                  "US": [
-                    "de90f38ced07c2e2f4df50b1f61d4194"
-                  ],
-                  "GB": [
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ]
-                },
-                "pop_pools": {
-                  "LAX": [
-                    "9290f38c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "LHR": [
-                    "f9138c5d07c2e2f4df57b1f61d4196"
-                  ],
-                  "SJC": [
-                    "00920f38ce07c2e2f4df50b1f61d4194"
-                  ]
-                },
-                "random_steering": {
-                    "default_weight": 0.5,
-                    "pool_weights": {
-                        "9290f38c5d07c2e2f4df57b1f61d4196": 0.2
-                    }
-                },
-				"adaptive_routing": {
-					"failover_across_pools": false
-				},
-				"location_strategy": {
-					"prefer_ecs": "never",
-					"mode": "pop"
-				},
-                "proxied": true,
-                "session_affinity": "none",
-                "session_affinity_attributes": {
-                  "samesite": "Strict",
-                  "secure": "Always",
-	              "zero_downtime_failover": "sticky"
-                }
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/load_balancers/699d98642c564d2e855e9661899b7252", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-02-01T05:20:00.12345Z")
-	want := LoadBalancer{
-		ID:           "699d98642c564d2e855e9661899b7252",
-		CreatedOn:    &createdOn,
-		ModifiedOn:   &modifiedOn,
-		Description:  "Load Balancer for www.example.com",
-		Name:         "www.example.com",
-		TTL:          30,
-		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-		DefaultPools: []string{
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		RegionPools: map[string][]string{
-			"WNAM": {
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"ENAM": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		CountryPools: map[string][]string{
-			"US": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-			},
-			"GB": {
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-		},
-		PopPools: map[string][]string{
-			"LAX": {
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"LHR": {
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-			"SJC": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		RandomSteering: &RandomSteering{
-			DefaultWeight: 0.5,
-			PoolWeights: map[string]float64{
-				"9290f38c5d07c2e2f4df57b1f61d4196": 0.2,
-			},
-		},
-		AdaptiveRouting: &AdaptiveRouting{
-			FailoverAcrossPools: BoolPtr(false),
-		},
-		LocationStrategy: &LocationStrategy{
-			PreferECS: "never",
-			Mode:      "pop",
-		},
-		Proxied:     true,
-		Persistence: "none",
-		SessionAffinityAttributes: &SessionAffinityAttributes{
-			SameSite:             "Strict",
-			Secure:               "Always",
-			ZeroDowntimeFailover: "sticky",
-		},
-	}
-	request := LoadBalancer{
-		ID:           "699d98642c564d2e855e9661899b7252",
-		Description:  "Load Balancer for www.example.com",
-		Name:         "www.example.com",
-		TTL:          30,
-		FallbackPool: "17b5962d775c646f3f9725cbc7a53df4",
-		DefaultPools: []string{
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		RegionPools: map[string][]string{
-			"WNAM": {
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"ENAM": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		CountryPools: map[string][]string{
-			"US": {
-				"de90f38ced07c2e2f4df50b1f61d4194",
-			},
-			"GB": {
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-		},
-		PopPools: map[string][]string{
-			"LAX": {
-				"9290f38c5d07c2e2f4df57b1f61d4196",
-			},
-			"LHR": {
-				"f9138c5d07c2e2f4df57b1f61d4196",
-			},
-			"SJC": {
-				"00920f38ce07c2e2f4df50b1f61d4194",
-			},
-		},
-		RandomSteering: &RandomSteering{
-			DefaultWeight: 0.5,
-			PoolWeights: map[string]float64{
-				"9290f38c5d07c2e2f4df57b1f61d4196": 0.2,
-			},
-		},
-		AdaptiveRouting: &AdaptiveRouting{
-			FailoverAcrossPools: BoolPtr(false),
-		},
-		LocationStrategy: &LocationStrategy{
-			PreferECS: "never",
-			Mode:      "pop",
-		},
-		Proxied:     true,
-		Persistence: "none",
-		SessionAffinityAttributes: &SessionAffinityAttributes{
-			SameSite:             "Strict",
-			Secure:               "Always",
-			ZeroDowntimeFailover: "sticky",
-		},
-	}
-
-	actual, err := client.UpdateLoadBalancer(context.Background(), ZoneIdentifier(testZoneID), UpdateLoadBalancerParams{LoadBalancer: request})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateLoadBalancer_AccountIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateLoadBalancer(context.Background(), AccountIdentifier(testAccountID), UpdateLoadBalancerParams{LoadBalancer: LoadBalancer{}})
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, AccountRouteLevel), err.Error())
-	}
-}
-
-func TestLoadBalancerPoolHealthDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": {
-                "pool_id": "699d98642c564d2e855e9661899b7252",
-                "pop_health": {
-                    "Amsterdam, NL": {
-                        "healthy": true,
-                        "origins": [
-                          {
-                            "2001:DB8::5": {
-                                "healthy": true,
-                                "rtt": "12.1ms",
-                                "failure_reason": "No failures",
-                                "response_code": 401
-                            }
-                          }
-                        ]
-                    }
-                }
-            }
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/load_balancers/pools/699d98642c564d2e855e9661899b7252/health", handler)
-	want := LoadBalancerPoolHealth{
-		ID: "699d98642c564d2e855e9661899b7252",
-		PopHealth: map[string]LoadBalancerPoolPopHealth{
-			"Amsterdam, NL": {
-				Healthy: true,
-				Origins: []map[string]LoadBalancerOriginHealth{
-					{
-						"2001:DB8::5": {
-							Healthy:       true,
-							RTT:           Duration{12*time.Millisecond + 100*time.Microsecond},
-							FailureReason: "No failures",
-							ResponseCode:  401,
-						},
-					},
-				},
-			},
-		},
-	}
-
-	actual, err := client.GetLoadBalancerPoolHealth(context.Background(), AccountIdentifier(testAccountID), "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestLoadBalancerPoolHealthDetails_ZoneIsNotSupported(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.GetLoadBalancerPoolHealth(context.Background(), ZoneIdentifier(testZoneID), "foo")
-	if assert.Error(t, err) {
-		assert.Equal(t, fmt.Sprintf(errInvalidResourceContainerAccess, ZoneRouteLevel), err.Error())
-	}
-}
diff --git a/pkg/cloudflare-go/lockdown.go b/pkg/cloudflare-go/lockdown.go
deleted file mode 100644
index b7c76320ef..0000000000
--- a/pkg/cloudflare-go/lockdown.go
+++ /dev/null
@@ -1,192 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// ZoneLockdown represents a Zone Lockdown rule. A rule only permits access to
-// the provided URL pattern(s) from the given IP address(es) or subnet(s).
-type ZoneLockdown struct {
-	ID             string               `json:"id"`
-	Description    string               `json:"description"`
-	URLs           []string             `json:"urls"`
-	Configurations []ZoneLockdownConfig `json:"configurations"`
-	Paused         bool                 `json:"paused"`
-	Priority       int                  `json:"priority,omitempty"`
-	CreatedOn      *time.Time           `json:"created_on,omitempty"`
-	ModifiedOn     *time.Time           `json:"modified_on,omitempty"`
-}
-
-// ZoneLockdownConfig represents a Zone Lockdown config, which comprises
-// a Target ("ip" or "ip_range") and a Value (an IP address or IP+mask,
-// respectively.)
-type ZoneLockdownConfig struct {
-	Target string `json:"target"`
-	Value  string `json:"value"`
-}
-
-// ZoneLockdownResponse represents a response from the Zone Lockdown endpoint.
-type ZoneLockdownResponse struct {
-	Result ZoneLockdown `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// ZoneLockdownListResponse represents a response from the List Zone Lockdown
-// endpoint.
-type ZoneLockdownListResponse struct {
-	Result []ZoneLockdown `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// ZoneLockdownCreateParams contains required and optional params
-// for creating a zone lockdown.
-type ZoneLockdownCreateParams struct {
-	Description    string               `json:"description"`
-	URLs           []string             `json:"urls"`
-	Configurations []ZoneLockdownConfig `json:"configurations"`
-	Paused         bool                 `json:"paused"`
-	Priority       int                  `json:"priority,omitempty"`
-}
-
-// ZoneLockdownUpdateParams contains required and optional params
-// for updating a zone lockdown.
-type ZoneLockdownUpdateParams struct {
-	ID             string               `json:"id"`
-	Description    string               `json:"description"`
-	URLs           []string             `json:"urls"`
-	Configurations []ZoneLockdownConfig `json:"configurations"`
-	Paused         bool                 `json:"paused"`
-	Priority       int                  `json:"priority,omitempty"`
-}
-
-type LockdownListParams struct {
-	ResultInfo
-}
-
-// CreateZoneLockdown creates a Zone ZoneLockdown rule for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-create-a-ZoneLockdown-rule
-func (api *API) CreateZoneLockdown(ctx context.Context, rc *ResourceContainer, params ZoneLockdownCreateParams) (ZoneLockdown, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return ZoneLockdown{}, err
-	}
-
-	response := &ZoneLockdownResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// UpdateZoneLockdown updates a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-update-ZoneLockdown-rule
-func (api *API) UpdateZoneLockdown(ctx context.Context, rc *ResourceContainer, params ZoneLockdownUpdateParams) (ZoneLockdown, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return ZoneLockdown{}, err
-	}
-
-	response := &ZoneLockdownResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// DeleteZoneLockdown deletes a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-delete-ZoneLockdown-rule
-func (api *API) DeleteZoneLockdown(ctx context.Context, rc *ResourceContainer, id string) (ZoneLockdown, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, id)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return ZoneLockdown{}, err
-	}
-
-	response := &ZoneLockdownResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// ZoneLockdown retrieves a Zone ZoneLockdown rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-ZoneLockdown-rule-details
-func (api *API) ZoneLockdown(ctx context.Context, rc *ResourceContainer, id string) (ZoneLockdown, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/lockdowns/%s", rc.Identifier, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneLockdown{}, err
-	}
-
-	response := &ZoneLockdownResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneLockdown{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// ListZoneLockdowns retrieves every Zone ZoneLockdown rules for a given zone ID.
-//
-// Automatically paginates all results unless `params.PerPage` and `params.Page`
-// is set.
-//
-// API reference: https://api.cloudflare.com/#zone-ZoneLockdown-list-ZoneLockdown-rules
-func (api *API) ListZoneLockdowns(ctx context.Context, rc *ResourceContainer, params LockdownListParams) ([]ZoneLockdown, *ResultInfo, error) {
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var zoneLockdowns []ZoneLockdown
-	var zResponse ZoneLockdownListResponse
-	for {
-		zResponse = ZoneLockdownListResponse{}
-		uri := buildURI(fmt.Sprintf("/zones/%s/firewall/lockdowns", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []ZoneLockdown{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &zResponse)
-		if err != nil {
-			return []ZoneLockdown{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-		}
-
-		zoneLockdowns = append(zoneLockdowns, zResponse.Result...)
-		params.ResultInfo = zResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return zoneLockdowns, &zResponse.ResultInfo, nil
-}
diff --git a/pkg/cloudflare-go/lockdown_example_test.go b/pkg/cloudflare-go/lockdown_example_test.go
deleted file mode 100644
index ffb1002f9b..0000000000
--- a/pkg/cloudflare-go/lockdown_example_test.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"strings"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListZoneLockdowns_all() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch all Zone Lockdown rules for a zone, by page.
-	rules, _, err := api.ListZoneLockdowns(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.LockdownListParams{})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range rules {
-		fmt.Printf("%s: %s\n", strings.Join(r.URLs, ", "), r.Configurations)
-	}
-}
-
-func ExampleAPI_CreateZoneLockdown() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	newZoneLockdown := cloudflare.ZoneLockdownCreateParams{
-		Description: "Test Zone Lockdown Rule",
-		URLs: []string{
-			"*.example.org/test",
-		},
-		Configurations: []cloudflare.ZoneLockdownConfig{
-			{
-				Target: "ip",
-				Value:  "198.51.100.1",
-			},
-		},
-		Paused: false,
-	}
-
-	response, err := api.CreateZoneLockdown(context.Background(), cloudflare.ZoneIdentifier(zoneID), newZoneLockdown)
-	if err != nil {
-		log.Fatal(err)
-	}
-	fmt.Println("Response: ", response)
-}
diff --git a/pkg/cloudflare-go/lockdown_test.go b/pkg/cloudflare-go/lockdown_test.go
deleted file mode 100644
index 470fca6bfb..0000000000
--- a/pkg/cloudflare-go/lockdown_test.go
+++ /dev/null
@@ -1,303 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestCreateZoneLockdown(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := ZoneLockdownCreateParams{
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused: false,
-	}
-
-	want := ZoneLockdown{
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused: false,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s")
-
-		var v ZoneLockdown
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, want, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"paused": false,
-				"description": "Restrict access to these endpoints to requests from a known IP address",
-				"urls": [
-					"api.mysite.com/some/endpoint*"
-				],
-				"configurations": [
-				  {
-					  "target": "ip",
-					  "value": "198.51.100.4"
-				  }
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns", handler)
-
-	actual, err := client.CreateZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), input)
-	require.NoError(t, err)
-
-	want.ID = "372e67954025e0ba6aaa6d586b9e0b59"
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want.CreatedOn = &createdOn
-	want.ModifiedOn = &modifiedOn
-
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateZoneLockdown(t *testing.T) {
-	setup()
-	defer teardown()
-
-	input := ZoneLockdownUpdateParams{
-		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused: false,
-	}
-
-	want := ZoneLockdown{
-		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused: false,
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s")
-
-		var v ZoneLockdown
-		err := json.NewDecoder(r.Body).Decode(&v)
-		require.NoError(t, err)
-		assert.Equal(t, want, v)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"paused": false,
-				"description": "Restrict access to these endpoints to requests from a known IP address",
-				"urls": [
-					"api.mysite.com/some/endpoint*"
-				],
-				"configurations": [
-				  {
-					  "target": "ip",
-					  "value": "198.51.100.4"
-				  }
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/372e67954025e0ba6aaa6d586b9e0b59", handler)
-
-	actual, err := client.UpdateZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), input)
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want.CreatedOn = &createdOn
-	want.ModifiedOn = &modifiedOn
-
-	assert.Equal(t, want, actual)
-}
-
-func TestDeleteZoneLockdown(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59"
-			}
-		}`)
-	}
-
-	zoneLockdownID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/"+zoneLockdownID, handler)
-
-	actual, err := client.DeleteZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), zoneLockdownID)
-	require.NoError(t, err)
-
-	want := ZoneLockdown{
-		ID: zoneLockdownID,
-	}
-	assert.Equal(t, want, actual)
-}
-
-func TestZoneLockdown(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "372e67954025e0ba6aaa6d586b9e0b59",
-				"created_on": "2014-01-01T05:20:00Z",
-				"modified_on": "2014-01-01T05:20:00Z",
-				"paused": false,
-				"description": "Restrict access to these endpoints to requests from a known IP address",
-				"urls": [
-					"api.mysite.com/some/endpoint*"
-				],
-				"configurations": [
-				  {
-					  "target": "ip",
-					  "value": "198.51.100.4"
-				  }
-				]
-			}
-		}`)
-	}
-
-	zoneLockdownID := "372e67954025e0ba6aaa6d586b9e0b59"
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns/"+zoneLockdownID, handler)
-
-	actual, err := client.ZoneLockdown(context.Background(), ZoneIdentifier(testZoneID), zoneLockdownID)
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := ZoneLockdown{
-		ID:          zoneLockdownID,
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused:     false,
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	}
-	assert.Equal(t, want, actual)
-}
-
-func TestListZoneLockdowns(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s")
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-				  "id": "372e67954025e0ba6aaa6d586b9e0b59",
-				  "created_on": "2014-01-01T05:20:00Z",
-				  "modified_on": "2014-01-01T05:20:00Z",
-				  "paused": false,
-				  "description": "Restrict access to these endpoints to requests from a known IP address",
-				  "urls": [
-					  "api.mysite.com/some/endpoint*"
-				  ],
-				  "configurations": [
-					{
-						"target": "ip",
-						"value": "198.51.100.4"
-					}
-				  ]
-			  }
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/lockdowns", handler)
-
-	actual, _, err := client.ListZoneLockdowns(context.Background(), ZoneIdentifier(testZoneID), LockdownListParams{})
-	require.NoError(t, err)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	want := []ZoneLockdown{{
-		ID:          "372e67954025e0ba6aaa6d586b9e0b59",
-		Description: "Restrict access to these endpoints to requests from a known IP address",
-		URLs:        []string{"api.mysite.com/some/endpoint*"},
-		Configurations: []ZoneLockdownConfig{{
-			Target: "ip",
-			Value:  "198.51.100.4",
-		}},
-		Paused:     false,
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-	},
-	}
-	assert.Equal(t, want, actual)
-}
diff --git a/pkg/cloudflare-go/logger.go b/pkg/cloudflare-go/logger.go
deleted file mode 100644
index b1bd9b4ef3..0000000000
--- a/pkg/cloudflare-go/logger.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package cloudflare
-
-import (
-	"fmt"
-	"io"
-	"log"
-	"os"
-)
-
-// silentRetryLogger is the logger provided with retryable client to stop it
-// displaying the retry attempts.
-var silentRetryLogger = log.New(io.Discard, "", log.LstdFlags)
-
-const (
-	// LevelNull sets a logger to show no messages at all.
-	LevelNull Level = 0
-
-	// LevelError sets a logger to show error messages only.
-	LevelError Level = 1
-
-	// LevelWarn sets a logger to show warning messages or anything more
-	// severe.
-	LevelWarn Level = 2
-
-	// LevelInfo sets a logger to show informational messages or anything more
-	// severe.
-	LevelInfo Level = 3
-
-	// LevelDebug sets a logger to show informational messages or anything more
-	// severe.
-	LevelDebug Level = 4
-)
-
-// DefaultLeveledLogger is the default logger that the library will use to log
-// errors, warnings, and informational messages.
-var DefaultLeveledLogger LeveledLoggerInterface = &LeveledLogger{
-	Level: LevelError,
-}
-
-// SilentLeveledLogger is a logger for disregarding all logs written.
-var SilentLeveledLogger LeveledLoggerInterface = &LeveledLogger{
-	Level: LevelNull,
-}
-
-// Level represents a logging level.
-type Level uint32
-
-// LeveledLogger is a leveled logger implementation.
-//
-// It prints warnings and errors to `os.Stderr` and other messages to
-// `os.Stdout`.
-type LeveledLogger struct {
-	// Level is the minimum logging level that will be emitted by this logger.
-	//
-	// For example, a Level set to LevelWarn will emit warnings and errors, but
-	// not informational or debug messages.
-	//
-	// Always set this with a constant like LevelWarn because the individual
-	// values are not guaranteed to be stable.
-	Level Level
-
-	// Internal testing use only.
-	stderrOverride io.Writer
-	stdoutOverride io.Writer
-}
-
-// Debugf logs a debug message using Printf conventions.
-func (l *LeveledLogger) Debugf(format string, v ...interface{}) {
-	if l.Level >= LevelDebug {
-		fmt.Fprintf(l.stdout(), "[debug] "+format, v...)
-	}
-}
-
-// Errorf logs a warning message using Printf conventions.
-func (l *LeveledLogger) Errorf(format string, v ...interface{}) {
-	// Infof logs a debug message using Printf conventions.
-	if l.Level >= LevelError {
-		fmt.Fprintf(l.stderr(), "[error] "+format, v...)
-	}
-}
-
-// Infof logs an informational message using Printf conventions.
-func (l *LeveledLogger) Infof(format string, v ...interface{}) {
-	if l.Level >= LevelInfo {
-		fmt.Fprintf(l.stdout(), "[info] "+format, v...)
-	}
-}
-
-// Warnf logs a warning message using Printf conventions.
-func (l *LeveledLogger) Warnf(format string, v ...interface{}) {
-	if l.Level >= LevelWarn {
-		fmt.Fprintf(l.stderr(), "[warn] "+format, v...)
-	}
-}
-
-func (l *LeveledLogger) stderr() io.Writer {
-	if l.stderrOverride != nil {
-		return l.stderrOverride
-	}
-
-	return os.Stderr
-}
-
-func (l *LeveledLogger) stdout() io.Writer {
-	if l.stdoutOverride != nil {
-		return l.stdoutOverride
-	}
-
-	return os.Stdout
-}
-
-// LeveledLoggerInterface provides a basic leveled logging interface for
-// printing debug, informational, warning, and error messages.
-//
-// It's implemented by LeveledLogger and also provides out-of-the-box
-// compatibility with a Logrus Logger, but may require a thin shim for use with
-// other logging libraries that you use less standard conventions like Zap.
-type LeveledLoggerInterface interface {
-	// Debugf logs a debug message using Printf conventions.
-	Debugf(format string, v ...interface{})
-
-	// Errorf logs a warning message using Printf conventions.
-	Errorf(format string, v ...interface{})
-
-	// Infof logs an informational message using Printf conventions.
-	Infof(format string, v ...interface{})
-
-	// Warnf logs a warning message using Printf conventions.
-	Warnf(format string, v ...interface{})
-}
diff --git a/pkg/cloudflare-go/logpull.go b/pkg/cloudflare-go/logpull.go
deleted file mode 100644
index d369115958..0000000000
--- a/pkg/cloudflare-go/logpull.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// LogpullRetentionConfiguration describes a the structure of a Logpull Retention
-// payload.
-type LogpullRetentionConfiguration struct {
-	Flag bool `json:"flag"`
-}
-
-// LogpullRetentionConfigurationResponse is the API response, containing the
-// Logpull retention result.
-type LogpullRetentionConfigurationResponse struct {
-	Response
-	Result LogpullRetentionConfiguration `json:"result"`
-}
-
-// GetLogpullRetentionFlag gets the current setting flag.
-//
-// API reference: https://developers.cloudflare.com/logs/logpull-api/enabling-log-retention/
-func (api *API) GetLogpullRetentionFlag(ctx context.Context, zoneID string) (*LogpullRetentionConfiguration, error) {
-	uri := fmt.Sprintf("/zones/%s/logs/control/retention/flag", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return &LogpullRetentionConfiguration{}, err
-	}
-	var r LogpullRetentionConfigurationResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-// SetLogpullRetentionFlag updates the retention flag to the defined boolean.
-//
-// API reference: https://developers.cloudflare.com/logs/logpull-api/enabling-log-retention/
-func (api *API) SetLogpullRetentionFlag(ctx context.Context, zoneID string, enabled bool) (*LogpullRetentionConfiguration, error) {
-	uri := fmt.Sprintf("/zones/%s/logs/control/retention/flag", zoneID)
-	flagPayload := LogpullRetentionConfiguration{Flag: enabled}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, flagPayload)
-	if err != nil {
-		return &LogpullRetentionConfiguration{}, err
-	}
-	var r LogpullRetentionConfigurationResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return &LogpullRetentionConfiguration{}, err
-	}
-	return &r.Result, nil
-}
diff --git a/pkg/cloudflare-go/logpull_test.go b/pkg/cloudflare-go/logpull_test.go
deleted file mode 100644
index ce9275d963..0000000000
--- a/pkg/cloudflare-go/logpull_test.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetLogpullRetentionFlag(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		"errors": [],
-		"messages": [],
-		"result": {
-			"flag": true
-		},
-		"success": true
-	}`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/logs/control/retention/flag", handler)
-	want := &LogpullRetentionConfiguration{Flag: true}
-
-	actual, err := client.GetLogpullRetentionFlag(context.Background(), "d56084adb405e0b7e32c52321bf07be6")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSetLogpullRetentionFlag(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		"errors": [],
-		"messages": [],
-		"result": {
-			"flag": false
-		},
-		"success": true
-	}`)
-	}
-
-	mux.HandleFunc("/zones/d56084adb405e0b7e32c52321bf07be6/logs/control/retention/flag", handler)
-	want := &LogpullRetentionConfiguration{Flag: false}
-
-	actual, err := client.SetLogpullRetentionFlag(context.Background(), "d56084adb405e0b7e32c52321bf07be6", false)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/logpush.go b/pkg/cloudflare-go/logpush.go
deleted file mode 100644
index 34e32e9cb5..0000000000
--- a/pkg/cloudflare-go/logpush.go
+++ /dev/null
@@ -1,572 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// LogpushJob describes a Logpush job.
-type LogpushJob struct {
-	ID                       int                   `json:"id,omitempty"`
-	Dataset                  string                `json:"dataset"`
-	Enabled                  bool                  `json:"enabled"`
-	Kind                     string                `json:"kind,omitempty"`
-	Name                     string                `json:"name"`
-	LogpullOptions           string                `json:"logpull_options,omitempty"`
-	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
-	DestinationConf          string                `json:"destination_conf"`
-	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
-	LastComplete             *time.Time            `json:"last_complete,omitempty"`
-	LastError                *time.Time            `json:"last_error,omitempty"`
-	ErrorMessage             string                `json:"error_message,omitempty"`
-	Frequency                string                `json:"frequency,omitempty"`
-	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
-	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
-	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
-	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
-}
-
-type LogpushJobFilters struct {
-	Where LogpushJobFilter `json:"where"`
-}
-
-type Operator string
-
-const (
-	Equal              Operator = "eq"
-	NotEqual           Operator = "!eq"
-	LessThan           Operator = "lt"
-	LessThanOrEqual    Operator = "leq"
-	GreaterThan        Operator = "gt"
-	GreaterThanOrEqual Operator = "geq"
-	StartsWith         Operator = "startsWith"
-	EndsWith           Operator = "endsWith"
-	NotStartsWith      Operator = "!startsWith"
-	NotEndsWith        Operator = "!endsWith"
-	Contains           Operator = "contains"
-	NotContains        Operator = "!contains"
-	ValueIsIn          Operator = "in"
-	ValueIsNotIn       Operator = "!in"
-)
-
-type LogpushJobFilter struct {
-	// either this
-	And []LogpushJobFilter `json:"and,omitempty"`
-	Or  []LogpushJobFilter `json:"or,omitempty"`
-	// or this
-	Key      string      `json:"key,omitempty"`
-	Operator Operator    `json:"operator,omitempty"`
-	Value    interface{} `json:"value,omitempty"`
-}
-
-type LogpushOutputOptions struct {
-	FieldNames      []string `json:"field_names"`
-	OutputType      string   `json:"output_type,omitempty"`
-	BatchPrefix     string   `json:"batch_prefix,omitempty"`
-	BatchSuffix     string   `json:"batch_suffix,omitempty"`
-	RecordPrefix    string   `json:"record_prefix,omitempty"`
-	RecordSuffix    string   `json:"record_suffix,omitempty"`
-	RecordTemplate  string   `json:"record_template,omitempty"`
-	RecordDelimiter string   `json:"record_delimiter,omitempty"`
-	FieldDelimiter  string   `json:"field_delimiter,omitempty"`
-	TimestampFormat string   `json:"timestamp_format,omitempty"`
-	SampleRate      float64  `json:"sample_rate,omitempty"`
-	CVE202144228    *bool    `json:"CVE-2021-44228,omitempty"`
-}
-
-// LogpushJobsResponse is the API response, containing an array of Logpush Jobs.
-type LogpushJobsResponse struct {
-	Response
-	Result []LogpushJob `json:"result"`
-}
-
-// LogpushJobDetailsResponse is the API response, containing a single Logpush Job.
-type LogpushJobDetailsResponse struct {
-	Response
-	Result LogpushJob `json:"result"`
-}
-
-// LogpushFieldsResponse is the API response for a datasets fields.
-type LogpushFieldsResponse struct {
-	Response
-	Result LogpushFields `json:"result"`
-}
-
-// LogpushFields is a map of available Logpush field names & descriptions.
-type LogpushFields map[string]string
-
-// LogpushGetOwnershipChallenge describes a ownership validation.
-type LogpushGetOwnershipChallenge struct {
-	Filename string `json:"filename"`
-	Valid    bool   `json:"valid"`
-	Message  string `json:"message"`
-}
-
-// LogpushGetOwnershipChallengeResponse is the API response, containing a ownership challenge.
-type LogpushGetOwnershipChallengeResponse struct {
-	Response
-	Result LogpushGetOwnershipChallenge `json:"result"`
-}
-
-// LogpushGetOwnershipChallengeRequest is the API request for get ownership challenge.
-type LogpushGetOwnershipChallengeRequest struct {
-	DestinationConf string `json:"destination_conf"`
-}
-
-// LogpushOwnershipChallengeValidationResponse is the API response,
-// containing a ownership challenge validation result.
-type LogpushOwnershipChallengeValidationResponse struct {
-	Response
-	Result struct {
-		Valid bool `json:"valid"`
-	}
-}
-
-// LogpushValidateOwnershipChallengeRequest is the API request for validate ownership challenge.
-type LogpushValidateOwnershipChallengeRequest struct {
-	DestinationConf    string `json:"destination_conf"`
-	OwnershipChallenge string `json:"ownership_challenge"`
-}
-
-// LogpushDestinationExistsResponse is the API response,
-// containing a destination exists check result.
-type LogpushDestinationExistsResponse struct {
-	Response
-	Result struct {
-		Exists bool `json:"exists"`
-	}
-}
-
-// LogpushDestinationExistsRequest is the API request for check destination exists.
-type LogpushDestinationExistsRequest struct {
-	DestinationConf string `json:"destination_conf"`
-}
-
-// Custom Marshaller for LogpushJob filter key.
-func (f LogpushJob) MarshalJSON() ([]byte, error) {
-	type Alias LogpushJob
-
-	var filter string
-
-	if f.Filter != nil {
-		b, err := json.Marshal(f.Filter)
-
-		if err != nil {
-			return nil, err
-		}
-
-		filter = string(b)
-	}
-
-	return json.Marshal(&struct {
-		Filter string `json:"filter,omitempty"`
-		Alias
-	}{
-		Filter: filter,
-		Alias:  (Alias)(f),
-	})
-}
-
-// Custom Unmarshaller for LogpushJob filter key.
-func (f *LogpushJob) UnmarshalJSON(data []byte) error {
-	type Alias LogpushJob
-	aux := &struct {
-		Filter string `json:"filter,omitempty"`
-		*Alias
-	}{
-		Alias: (*Alias)(f),
-	}
-	if err := json.Unmarshal(data, &aux); err != nil {
-		return err
-	}
-
-	if aux != nil && aux.Filter != "" {
-		var filter LogpushJobFilters
-		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
-			return err
-		}
-		if err := filter.Where.Validate(); err != nil {
-			return err
-		}
-		f.Filter = &filter
-	}
-	return nil
-}
-
-func (f CreateLogpushJobParams) MarshalJSON() ([]byte, error) {
-	type Alias CreateLogpushJobParams
-
-	var filter string
-
-	if f.Filter != nil {
-		b, err := json.Marshal(f.Filter)
-
-		if err != nil {
-			return nil, err
-		}
-
-		filter = string(b)
-	}
-
-	return json.Marshal(&struct {
-		Filter string `json:"filter,omitempty"`
-		Alias
-	}{
-		Filter: filter,
-		Alias:  (Alias)(f),
-	})
-}
-
-// Custom Unmarshaller for CreateLogpushJobParams filter key.
-func (f *CreateLogpushJobParams) UnmarshalJSON(data []byte) error {
-	type Alias CreateLogpushJobParams
-	aux := &struct {
-		Filter string `json:"filter,omitempty"`
-		*Alias
-	}{
-		Alias: (*Alias)(f),
-	}
-	if err := json.Unmarshal(data, &aux); err != nil {
-		return err
-	}
-
-	if aux != nil && aux.Filter != "" {
-		var filter LogpushJobFilters
-		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
-			return err
-		}
-		if err := filter.Where.Validate(); err != nil {
-			return err
-		}
-		f.Filter = &filter
-	}
-	return nil
-}
-
-func (f UpdateLogpushJobParams) MarshalJSON() ([]byte, error) {
-	type Alias UpdateLogpushJobParams
-
-	var filter string
-
-	if f.Filter != nil {
-		b, err := json.Marshal(f.Filter)
-
-		if err != nil {
-			return nil, err
-		}
-
-		filter = string(b)
-	}
-
-	return json.Marshal(&struct {
-		Filter string `json:"filter,omitempty"`
-		Alias
-	}{
-		Filter: filter,
-		Alias:  (Alias)(f),
-	})
-}
-
-// Custom Unmarshaller for UpdateLogpushJobParams filter key.
-func (f *UpdateLogpushJobParams) UnmarshalJSON(data []byte) error {
-	type Alias UpdateLogpushJobParams
-	aux := &struct {
-		Filter string `json:"filter,omitempty"`
-		*Alias
-	}{
-		Alias: (*Alias)(f),
-	}
-	if err := json.Unmarshal(data, &aux); err != nil {
-		return err
-	}
-
-	if aux != nil && aux.Filter != "" {
-		var filter LogpushJobFilters
-		if err := json.Unmarshal([]byte(aux.Filter), &filter); err != nil {
-			return err
-		}
-		if err := filter.Where.Validate(); err != nil {
-			return err
-		}
-		f.Filter = &filter
-	}
-	return nil
-}
-
-func (filter *LogpushJobFilter) Validate() error {
-	if filter.And != nil {
-		if filter.Or != nil || filter.Key != "" || filter.Operator != "" || filter.Value != nil {
-			return errors.New("And can't be set with Or, Key, Operator or Value")
-		}
-		for i, element := range filter.And {
-			err := element.Validate()
-			if err != nil {
-				return fmt.Errorf("element %v in And is invalid: %w", i, err)
-			}
-		}
-		return nil
-	}
-	if filter.Or != nil {
-		if filter.And != nil || filter.Key != "" || filter.Operator != "" || filter.Value != nil {
-			return errors.New("Or can't be set with And, Key, Operator or Value")
-		}
-		for i, element := range filter.Or {
-			err := element.Validate()
-			if err != nil {
-				return fmt.Errorf("element %v in Or is invalid: %w", i, err)
-			}
-		}
-		return nil
-	}
-	if filter.Key == "" {
-		return errors.New("Key is missing")
-	}
-
-	if filter.Operator == "" {
-		return errors.New("Operator is missing")
-	}
-
-	if filter.Value == nil {
-		return errors.New("Value is missing")
-	}
-
-	return nil
-}
-
-type CreateLogpushJobParams struct {
-	Dataset                  string                `json:"dataset"`
-	Enabled                  bool                  `json:"enabled"`
-	Kind                     string                `json:"kind,omitempty"`
-	Name                     string                `json:"name"`
-	LogpullOptions           string                `json:"logpull_options,omitempty"`
-	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
-	DestinationConf          string                `json:"destination_conf"`
-	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
-	ErrorMessage             string                `json:"error_message,omitempty"`
-	Frequency                string                `json:"frequency,omitempty"`
-	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
-	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
-	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
-	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
-}
-
-type ListLogpushJobsParams struct{}
-
-type ListLogpushJobsForDatasetParams struct {
-	Dataset string `json:"-"`
-}
-
-type GetLogpushFieldsParams struct {
-	Dataset string `json:"-"`
-}
-
-type UpdateLogpushJobParams struct {
-	ID                       int                   `json:"-"`
-	Dataset                  string                `json:"dataset"`
-	Enabled                  bool                  `json:"enabled"`
-	Kind                     string                `json:"kind,omitempty"`
-	Name                     string                `json:"name"`
-	LogpullOptions           string                `json:"logpull_options,omitempty"`
-	OutputOptions            *LogpushOutputOptions `json:"output_options,omitempty"`
-	DestinationConf          string                `json:"destination_conf"`
-	OwnershipChallenge       string                `json:"ownership_challenge,omitempty"`
-	LastComplete             *time.Time            `json:"last_complete,omitempty"`
-	LastError                *time.Time            `json:"last_error,omitempty"`
-	ErrorMessage             string                `json:"error_message,omitempty"`
-	Frequency                string                `json:"frequency,omitempty"`
-	Filter                   *LogpushJobFilters    `json:"filter,omitempty"`
-	MaxUploadBytes           int                   `json:"max_upload_bytes,omitempty"`
-	MaxUploadRecords         int                   `json:"max_upload_records,omitempty"`
-	MaxUploadIntervalSeconds int                   `json:"max_upload_interval_seconds,omitempty"`
-}
-
-type ValidateLogpushOwnershipChallengeParams struct {
-	DestinationConf    string `json:"destination_conf"`
-	OwnershipChallenge string `json:"ownership_challenge"`
-}
-
-type GetLogpushOwnershipChallengeParams struct {
-	DestinationConf string `json:"destination_conf"`
-}
-
-// CreateLogpushJob creates a new zone-level Logpush Job.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-create-logpush-job
-func (api *API) CreateLogpushJob(ctx context.Context, rc *ResourceContainer, params CreateLogpushJobParams) (*LogpushJob, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/jobs", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return nil, err
-	}
-	var r LogpushJobDetailsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-// ListAccountLogpushJobs returns all Logpush Jobs for all datasets.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs
-func (api *API) ListLogpushJobs(ctx context.Context, rc *ResourceContainer, params ListLogpushJobsParams) ([]LogpushJob, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/jobs", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []LogpushJob{}, err
-	}
-	var r LogpushJobsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// LogpushJobsForDataset returns all Logpush Jobs for a dataset.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs-for-a-dataset
-func (api *API) ListLogpushJobsForDataset(ctx context.Context, rc *ResourceContainer, params ListLogpushJobsForDatasetParams) ([]LogpushJob, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/datasets/%s/jobs", rc.Level, rc.Identifier, params.Dataset)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []LogpushJob{}, err
-	}
-	var r LogpushJobsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// LogpushFields returns fields for a given dataset.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-list-logpush-jobs
-func (api *API) GetLogpushFields(ctx context.Context, rc *ResourceContainer, params GetLogpushFieldsParams) (LogpushFields, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/datasets/%s/fields", rc.Level, rc.Identifier, params.Dataset)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LogpushFields{}, err
-	}
-	var r LogpushFieldsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return LogpushFields{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// LogpushJob fetches detail about one Logpush Job for a zone.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-logpush-job-details
-func (api *API) GetLogpushJob(ctx context.Context, rc *ResourceContainer, jobID int) (LogpushJob, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, jobID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return LogpushJob{}, err
-	}
-	var r LogpushJobDetailsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return LogpushJob{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateLogpushJob lets you update a Logpush Job.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-update-logpush-job
-func (api *API) UpdateLogpushJob(ctx context.Context, rc *ResourceContainer, params UpdateLogpushJobParams) error {
-	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return err
-	}
-	var r LogpushJobDetailsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// DeleteLogpushJob deletes a Logpush Job for a zone.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-delete-logpush-job
-func (api *API) DeleteLogpushJob(ctx context.Context, rc *ResourceContainer, jobID int) error {
-	uri := fmt.Sprintf("/%s/%s/logpush/jobs/%d", rc.Level, rc.Identifier, jobID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r LogpushJobDetailsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// GetLogpushOwnershipChallenge returns ownership challenge.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-get-ownership-challenge
-func (api *API) GetLogpushOwnershipChallenge(ctx context.Context, rc *ResourceContainer, params GetLogpushOwnershipChallengeParams) (*LogpushGetOwnershipChallenge, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/ownership", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return nil, err
-	}
-	var r LogpushGetOwnershipChallengeResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !r.Result.Valid {
-		return nil, errors.New(r.Result.Message)
-	}
-
-	return &r.Result, nil
-}
-
-// ValidateLogpushOwnershipChallenge returns zone-level ownership challenge validation result.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-validate-ownership-challenge
-func (api *API) ValidateLogpushOwnershipChallenge(ctx context.Context, rc *ResourceContainer, params ValidateLogpushOwnershipChallengeParams) (bool, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/ownership/validate", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return false, err
-	}
-	var r LogpushGetOwnershipChallengeResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return false, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result.Valid, nil
-}
-
-// CheckLogpushDestinationExists returns zone-level destination exists check result.
-//
-// API reference: https://api.cloudflare.com/#logpush-jobs-check-destination-exists
-func (api *API) CheckLogpushDestinationExists(ctx context.Context, rc *ResourceContainer, destinationConf string) (bool, error) {
-	uri := fmt.Sprintf("/%s/%s/logpush/validate/destination/exists", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, LogpushDestinationExistsRequest{
-		DestinationConf: destinationConf,
-	})
-	if err != nil {
-		return false, err
-	}
-	var r LogpushDestinationExistsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return false, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result.Exists, nil
-}
diff --git a/pkg/cloudflare-go/logpush_example_test.go b/pkg/cloudflare-go/logpush_example_test.go
deleted file mode 100644
index 3714ce74cf..0000000000
--- a/pkg/cloudflare-go/logpush_example_test.go
+++ /dev/null
@@ -1,201 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	"github.com/goccy/go-json"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_CreateLogpushJob() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	job, err := api.CreateLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.CreateLogpushJobParams{
-		Enabled:         false,
-		Name:            "example.com",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-		DestinationConf: "s3://mybucket/logs?region=us-west-2",
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", job)
-}
-
-func ExampleAPI_UpdateLogpushJob() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	err = api.UpdateLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.UpdateLogpushJobParams{
-		ID:              1,
-		Enabled:         true,
-		Name:            "updated.com",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp",
-		DestinationConf: "gs://mybucket/logs",
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-func ExampleAPI_ListLogpushJobs() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	jobs, err := api.ListLogpushJobs(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ListLogpushJobsParams{})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", jobs)
-	for _, r := range jobs {
-		fmt.Printf("%+v\n", r)
-	}
-}
-
-func ExampleAPI_GetLogpushJob() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	job, err := api.GetLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", job)
-}
-
-func ExampleAPI_DeleteLogpushJob() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	err = api.DeleteLogpushJob(context.Background(), cloudflare.ZoneIdentifier(zoneID), 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-func ExampleAPI_GetLogpushOwnershipChallenge() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	ownershipChallenge, err := api.GetLogpushOwnershipChallenge(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", ownershipChallenge)
-}
-
-func ExampleAPI_ValidateLogpushOwnershipChallenge() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	isValid, err := api.ValidateLogpushOwnershipChallenge(context.Background(), cloudflare.ZoneIdentifier(zoneID), cloudflare.ValidateLogpushOwnershipChallengeParams{
-		DestinationConf:    "destination_conf",
-		OwnershipChallenge: "ownership_challenge",
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", isValid)
-}
-
-func ExampleAPI_CheckLogpushDestinationExists() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	exists, err := api.CheckLogpushDestinationExists(context.Background(), cloudflare.ZoneIdentifier(zoneID), "destination_conf")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", exists)
-}
-
-func ExampleLogpushJob_MarshalJSON() {
-	job := cloudflare.LogpushJob{
-		Name:            "example.com static assets",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
-		Dataset:         "http_requests",
-		DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
-		Filter: &cloudflare.LogpushJobFilters{
-			Where: cloudflare.LogpushJobFilter{
-				And: []cloudflare.LogpushJobFilter{
-					{Key: "ClientRequestPath", Operator: cloudflare.Contains, Value: "/static\\"},
-					{Key: "ClientRequestHost", Operator: cloudflare.Equal, Value: "example.com"},
-				},
-			},
-		},
-	}
-
-	jobstring, err := json.Marshal(job)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%s", jobstring)
-	// Output: {"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\\\\\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}
-}
diff --git a/pkg/cloudflare-go/logpush_test.go b/pkg/cloudflare-go/logpush_test.go
deleted file mode 100644
index f0872c624a..0000000000
--- a/pkg/cloudflare-go/logpush_test.go
+++ /dev/null
@@ -1,686 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"strconv"
-	"testing"
-
-	"github.com/goccy/go-json"
-
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	jobID                       = 1
-	serverLogpushJobDescription = `{
-	"id": %d,
-	"dataset": "http_requests",
-	"kind": "",
-	"enabled": false,
-	"name": "example.com",
-	"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-	"destination_conf": "s3://mybucket/logs?region=us-west-2",
-	"last_complete": "%[2]s",
-	"last_error": "%[2]s",
-	"error_message": "test",
-	"frequency": "high",
-	"max_upload_bytes": 5000000
-  }
-`
-	serverLogpushJobWithOutputOptionsDescription = `{
-	"id": %d,
-	"dataset": "http_requests",
-	"kind": "",
-	"enabled": false,
-	"name": "example.com",
-	"output_options": {
-		"field_names":[
-			"RayID",
-			"ClientIP",
-			"EdgeStartTimestamp"
-		],
-		"timestamp_format": "rfc3339"
-	},
-	"destination_conf": "s3://mybucket/logs?region=us-west-2",
-	"last_complete": "%[2]s",
-	"last_error": "%[2]s",
-	"error_message": "test",
-	"frequency": "high",
-	"max_upload_bytes": 5000000
-  }
-`
-	serverEdgeLogpushJobDescription = `{
-	"id": %d,
-	"dataset": "http_requests",
-	"kind": "edge",
-	"enabled": true,
-	"name": "example.com",
-	"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-	"destination_conf": "s3://mybucket/logs?region=us-west-2",
-	"last_complete": "%[2]s",
-	"last_error": "%[2]s",
-	"error_message": "test",
-	"frequency": "high"
-  }
-`
-	serverLogpushGetOwnershipChallengeDescription = `{
-	"filename": "logs/challenge-filename.txt",
-	"valid": true,
-	"message": ""
-  }
-`
-	serverLogpushGetOwnershipChallengeInvalidResponseDescription = `{
-	"filename": "logs/challenge-filename.txt",
-	"valid": false,
-	"message": "destination is invalid"
-  }
-`
-)
-
-var (
-	testLogpushTimestamp     = time.Now().UTC()
-	expectedLogpushJobStruct = LogpushJob{
-		ID:              jobID,
-		Dataset:         "http_requests",
-		Enabled:         false,
-		Name:            "example.com",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-		DestinationConf: "s3://mybucket/logs?region=us-west-2",
-		LastComplete:    &testLogpushTimestamp,
-		LastError:       &testLogpushTimestamp,
-		ErrorMessage:    "test",
-		Frequency:       "high",
-		MaxUploadBytes:  5000000,
-	}
-	expectedLogpushJobWithOutputOptionsStruct = LogpushJob{
-		ID:      jobID,
-		Dataset: "http_requests",
-		Enabled: false,
-		Name:    "example.com",
-		OutputOptions: &LogpushOutputOptions{
-			FieldNames: []string{
-				"RayID",
-				"ClientIP",
-				"EdgeStartTimestamp",
-			},
-			TimestampFormat: "rfc3339",
-		},
-		DestinationConf: "s3://mybucket/logs?region=us-west-2",
-		LastComplete:    &testLogpushTimestamp,
-		LastError:       &testLogpushTimestamp,
-		ErrorMessage:    "test",
-		Frequency:       "high",
-		MaxUploadBytes:  5000000,
-	}
-	expectedEdgeLogpushJobStruct = LogpushJob{
-		ID:              jobID,
-		Dataset:         "http_requests",
-		Kind:            "edge",
-		Enabled:         true,
-		Name:            "example.com",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-		DestinationConf: "s3://mybucket/logs?region=us-west-2",
-		LastComplete:    &testLogpushTimestamp,
-		LastError:       &testLogpushTimestamp,
-		ErrorMessage:    "test",
-		Frequency:       "high",
-	}
-	expectedLogpushGetOwnershipChallengeStruct = LogpushGetOwnershipChallenge{
-		Filename: "logs/challenge-filename.txt",
-		Valid:    true,
-		Message:  "",
-	}
-)
-
-func TestLogpushJobs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 1,
-			"per_page": 25,
-			"count": 1,
-			"total_count": 1
-		  }
-		}
-		`, fmt.Sprintf(serverLogpushJobDescription, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs", handler)
-	want := []LogpushJob{expectedLogpushJobStruct}
-
-	actual, err := client.ListLogpushJobs(context.Background(), ZoneIdentifier(testZoneID), ListLogpushJobsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetLogpushJob(t *testing.T) {
-	testCases := map[string]struct {
-		result string
-		want   LogpushJob
-	}{
-		"core logpush job": {
-			result: serverLogpushJobDescription,
-			want:   expectedLogpushJobStruct,
-		},
-		"core logpush job with output options": {
-			result: serverLogpushJobWithOutputOptionsDescription,
-			want:   expectedLogpushJobWithOutputOptionsStruct,
-		},
-		"edge logpush job": {
-			result: serverEdgeLogpushJobDescription,
-			want:   expectedEdgeLogpushJobStruct,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprintf(w, `{
-				  "result": %s,
-				  "success": true,
-				  "errors": null,
-				  "messages": null
-				}
-				`, fmt.Sprintf(tc.result, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
-			}
-
-			mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
-
-			actual, err := client.GetLogpushJob(context.Background(), ZoneIdentifier(testZoneID), jobID)
-			if assert.NoError(t, err) {
-				assert.Equal(t, tc.want, actual)
-			}
-		})
-	}
-}
-
-func TestCreateLogpushJob(t *testing.T) {
-	testCases := map[string]struct {
-		newJob  CreateLogpushJobParams
-		payload string
-		result  string
-		want    LogpushJob
-	}{
-		"core logpush job": {
-			newJob: CreateLogpushJobParams{
-				Dataset:          "http_requests",
-				Enabled:          false,
-				Name:             "example.com",
-				LogpullOptions:   "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				DestinationConf:  "s3://mybucket/logs?region=us-west-2",
-				MaxUploadRecords: 1000,
-			},
-			payload: `{
-				"dataset": "http_requests",
-				"enabled":false,
-				"name":"example.com",
-				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				"destination_conf":"s3://mybucket/logs?region=us-west-2",
-				"max_upload_records": 1000
-			}`,
-			result: serverLogpushJobDescription,
-			want:   expectedLogpushJobStruct,
-		},
-		"core logpush job with output options": {
-			newJob: CreateLogpushJobParams{
-				Dataset: "http_requests",
-				Enabled: false,
-				Name:    "example.com",
-				OutputOptions: &LogpushOutputOptions{
-					FieldNames: []string{
-						"RayID",
-						"ClientIP",
-						"EdgeStartTimestamp",
-					},
-					TimestampFormat: "rfc3339",
-				},
-				DestinationConf:  "s3://mybucket/logs?region=us-west-2",
-				MaxUploadRecords: 1000,
-			},
-			payload: `{
-				"dataset": "http_requests",
-				"enabled":false,
-				"name":"example.com",
-				"output_options": {
-					"field_names":[
-						"RayID",
-						"ClientIP",
-						"EdgeStartTimestamp"
-					],
-					"timestamp_format": "rfc3339"
-				},
-				"destination_conf":"s3://mybucket/logs?region=us-west-2",
-				"max_upload_records": 1000
-			}`,
-			result: serverLogpushJobWithOutputOptionsDescription,
-			want:   expectedLogpushJobWithOutputOptionsStruct,
-		},
-		"edge logpush job": {
-			newJob: CreateLogpushJobParams{
-				Dataset:         "http_requests",
-				Enabled:         true,
-				Name:            "example.com",
-				Kind:            "edge",
-				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				DestinationConf: "s3://mybucket/logs?region=us-west-2",
-			},
-			payload: `{
-				"dataset": "http_requests",
-				"enabled":true,
-				"name":"example.com",
-				"kind":"edge",
-				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				"destination_conf":"s3://mybucket/logs?region=us-west-2"
-			}`,
-			result: serverEdgeLogpushJobDescription,
-			want:   expectedEdgeLogpushJobStruct,
-		},
-		"filtered edge logpush job": {
-			newJob: CreateLogpushJobParams{
-				Dataset:         "http_requests",
-				Enabled:         true,
-				Name:            "example.com",
-				Kind:            "edge",
-				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				DestinationConf: "s3://mybucket/logs?region=us-west-2",
-				Filter: &LogpushJobFilters{
-					Where: LogpushJobFilter{Key: "ClientRequestHost", Operator: "eq", Value: "example.com"},
-				},
-			},
-			payload: `{
-				"dataset": "http_requests",
-				"enabled":true,
-				"name":"example.com",
-				"kind":"edge",
-				"logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				"destination_conf":"s3://mybucket/logs?region=us-west-2",
-				"filter":"{\"where\":{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}}"
-			}`,
-			result: serverEdgeLogpushJobDescription,
-			want:   expectedEdgeLogpushJobStruct,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-				b, err := io.ReadAll(r.Body)
-				defer r.Body.Close()
-
-				if assert.NoError(t, err) {
-					assert.JSONEq(t, tc.payload, string(b), "JSON payload not equal")
-				}
-
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprintf(w, `{
-				"result": %s,
-				"success": true,
-				"errors": null,
-				"messages": null
-				}
-				`, fmt.Sprintf(tc.result, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
-			}
-
-			mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs", handler)
-
-			actual, err := client.CreateLogpushJob(context.Background(), ZoneIdentifier(testZoneID), tc.newJob)
-			if assert.NoError(t, err) {
-				assert.Equal(t, tc.want, *actual)
-			}
-		})
-	}
-}
-
-func TestUpdateLogpushJob(t *testing.T) {
-	setup()
-	defer teardown()
-	updatedJob := UpdateLogpushJobParams{
-		ID:              jobID,
-		Enabled:         true,
-		Name:            "updated.com",
-		LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp",
-		DestinationConf: "gs://mybucket/logs",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(serverLogpushJobDescription, jobID, testLogpushTimestamp.Format(time.RFC3339Nano)))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
-
-	err := client.UpdateLogpushJob(context.Background(), ZoneIdentifier(testZoneID), updatedJob)
-	assert.NoError(t, err)
-}
-
-func TestDeleteLogpushJob(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/logpush/jobs/"+strconv.Itoa(jobID), handler)
-
-	err := client.DeleteLogpushJob(context.Background(), ZoneIdentifier(testZoneID), jobID)
-	assert.NoError(t, err)
-}
-
-func TestGetLogpushOwnershipChallenge(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, serverLogpushGetOwnershipChallengeDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership", handler)
-
-	want := &expectedLogpushGetOwnershipChallengeStruct
-
-	actual, err := client.GetLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetLogpushOwnershipChallengeWithInvalidResponse(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, serverLogpushGetOwnershipChallengeInvalidResponseDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership", handler)
-	_, err := client.GetLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), GetLogpushOwnershipChallengeParams{DestinationConf: "destination_conf"})
-
-	assert.Error(t, err)
-}
-
-func TestValidateLogpushOwnershipChallenge(t *testing.T) {
-	testCases := map[string]struct {
-		isValid bool
-	}{
-		"ownership is valid": {
-			isValid: true,
-		},
-		"ownership is not valid": {
-			isValid: false,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprintf(w, `{
-				  "result": {
-					"valid": %v
-				  },
-				  "success": true,
-				  "errors": null,
-				  "messages": null
-				}
-				`, tc.isValid)
-			}
-
-			mux.HandleFunc("/zones/"+testZoneID+"/logpush/ownership/validate", handler)
-
-			actual, err := client.ValidateLogpushOwnershipChallenge(context.Background(), ZoneIdentifier(testZoneID), ValidateLogpushOwnershipChallengeParams{
-				DestinationConf:    "destination_conf",
-				OwnershipChallenge: "ownership_challenge",
-			})
-			if assert.NoError(t, err) {
-				assert.Equal(t, tc.isValid, actual)
-			}
-		})
-	}
-}
-
-func TestCheckLogpushDestinationExists(t *testing.T) {
-	testCases := map[string]struct {
-		exists bool
-	}{
-		"destination exists": {
-			exists: true,
-		},
-		"destination does not exists": {
-			exists: false,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			handler := func(w http.ResponseWriter, r *http.Request) {
-				assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-				w.Header().Set("content-type", "application/json")
-				fmt.Fprintf(w, `{
-				  "result": {
-					"exists": %v
-				  },
-				  "success": true,
-				  "errors": null,
-				  "messages": null
-				}
-				`, tc.exists)
-			}
-
-			mux.HandleFunc("/zones/"+testZoneID+"/logpush/validate/destination/exists", handler)
-
-			actual, err := client.CheckLogpushDestinationExists(context.Background(), ZoneIdentifier(testZoneID), "destination_conf")
-			if assert.NoError(t, err) {
-				assert.Equal(t, tc.exists, actual)
-			}
-		})
-	}
-}
-
-var (
-	validFilter LogpushJobFilter = LogpushJobFilter{Key: "ClientRequestPath", Operator: Contains, Value: "static"}
-)
-
-var logpushJobFiltersTest = []struct {
-	name                 string
-	input                LogpushJobFilter
-	haserror             bool
-	expectedErrorMessage string
-}{
-	// Tests without And or Or
-	{"Empty Filter", LogpushJobFilter{}, true, "Key is missing"},
-	{"Missing Operator", LogpushJobFilter{Key: "ClientRequestPath"}, true, "Operator is missing"},
-	{"Missing Value", LogpushJobFilter{Key: "ClientRequestPath", Operator: Contains}, true, "Value is missing"},
-	{"Valid Basic Filter", validFilter, false, ""},
-	// Tests with And
-	{"Valid And Filter", LogpushJobFilter{And: []LogpushJobFilter{validFilter}}, false, ""},
-	{"And and Or", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Or: []LogpushJobFilter{validFilter}}, true, "And can't be set with Or, Key, Operator or Value"},
-	{"And and Key", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Key: "Key"}, true, "And can't be set with Or, Key, Operator or Value"},
-	{"And and Operator", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Operator: Contains}, true, "And can't be set with Or, Key, Operator or Value"},
-	{"And and Value", LogpushJobFilter{And: []LogpushJobFilter{validFilter}, Value: "Value"}, true, "And can't be set with Or, Key, Operator or Value"},
-	{"And with nested error", LogpushJobFilter{And: []LogpushJobFilter{validFilter, {}}}, true, "element 1 in And is invalid: Key is missing"},
-	// Tests with Or
-	{"Valid Or Filter", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}}, false, ""},
-	{"Or and Key", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Key: "Key"}, true, "Or can't be set with And, Key, Operator or Value"},
-	{"Or and Operator", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Operator: Contains}, true, "Or can't be set with And, Key, Operator or Value"},
-	{"Or and Value", LogpushJobFilter{Or: []LogpushJobFilter{validFilter}, Value: "Value"}, true, "Or can't be set with And, Key, Operator or Value"},
-	{"Or with nested error", LogpushJobFilter{Or: []LogpushJobFilter{validFilter, {}}}, true, "element 1 in Or is invalid: Key is missing"},
-}
-
-func TestLogpushJobFilter_Validate(t *testing.T) {
-	for _, tt := range logpushJobFiltersTest {
-		t.Run(tt.name, func(t *testing.T) {
-			got := tt.input.Validate()
-			if tt.haserror {
-				assert.ErrorContains(t, got, tt.expectedErrorMessage)
-			} else {
-				assert.NoError(t, got)
-			}
-		})
-	}
-}
-
-func TestLogpushJob_Unmarshall(t *testing.T) {
-	t.Run("Valid Filter", func(t *testing.T) {
-		jsonstring := `{"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\",\"value\":\"/static\\\\\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
-		var job LogpushJob
-		if err := json.Unmarshal([]byte(jsonstring), &job); err != nil {
-			log.Fatal(err)
-		}
-
-		assert.Equal(t, LogpushJob{
-			Name:            "example.com static assets",
-			LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
-			Dataset:         "http_requests",
-			DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
-			Filter: &LogpushJobFilters{
-				Where: LogpushJobFilter{
-					And: []LogpushJobFilter{
-						{Key: "ClientRequestPath", Operator: Contains, Value: "/static\\"},
-						{Key: "ClientRequestHost", Operator: Equal, Value: "example.com"},
-					},
-				},
-			},
-		}, job)
-	})
-
-	t.Run("Invalid Filter", func(t *testing.T) {
-		jsonstring := `{"filter":"{\"where\":{\"and\":[{\"key\":\"ClientRequestPath\",\"operator\":\"contains\"},{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}]}}","dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
-		var job LogpushJob
-		err := json.Unmarshal([]byte(jsonstring), &job)
-
-		assert.ErrorContains(t, err, "element 0 in And is invalid: Value is missing")
-	})
-
-	t.Run("No Filter", func(t *testing.T) {
-		jsonstring := `{"dataset":"http_requests","enabled":false,"name":"example.com static assets","logpull_options":"fields=RayID,ClientIP,EdgeStartTimestamp\u0026timestamps=rfc3339\u0026CVE-2021-44228=true","destination_conf":"s3://\u003cBUCKET_PATH\u003e?region=us-west-2/"}`
-		var job LogpushJob
-		if err := json.Unmarshal([]byte(jsonstring), &job); err != nil {
-			log.Fatal(err)
-		}
-
-		assert.Equal(t, LogpushJob{
-			Name:            "example.com static assets",
-			LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339&CVE-2021-44228=true",
-			Dataset:         "http_requests",
-			DestinationConf: "s3://<BUCKET_PATH>?region=us-west-2/",
-		}, job)
-	})
-}
-
-func TestLogPushJob_Marshall(t *testing.T) {
-	testCases := []struct {
-		job  LogpushJob
-		want string
-	}{
-		{
-			job: LogpushJob{
-				Dataset:         "http_requests",
-				Name:            "valid filter",
-				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				DestinationConf: "https://example.com",
-				Filter: &LogpushJobFilters{
-					Where: LogpushJobFilter{Key: "ClientRequestHost", Operator: Equal, Value: "example.com"},
-				},
-			},
-			want: `{
-				"dataset": "http_requests",
-				"enabled": false,
-				"name": "valid filter",
-				"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				"destination_conf": "https://example.com",
-				"filter":"{\"where\":{\"key\":\"ClientRequestHost\",\"operator\":\"eq\",\"value\":\"example.com\"}}"
-			}`,
-		},
-		{
-			job: LogpushJob{
-				Dataset:         "http_requests",
-				Name:            "no filter",
-				LogpullOptions:  "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				DestinationConf: "https://example.com",
-			},
-			want: `{
-				"dataset": "http_requests",
-				"enabled": false,
-				"name": "no filter",
-				"logpull_options": "fields=RayID,ClientIP,EdgeStartTimestamp&timestamps=rfc3339",
-				"destination_conf": "https://example.com"
-			}`,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.job.Name, func(t *testing.T) {
-			got, err := json.Marshal(tc.job)
-
-			if assert.NoError(t, err) {
-				assert.JSONEq(t, tc.want, string(got))
-			}
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/magic_firewall_rulesets.go b/pkg/cloudflare-go/magic_firewall_rulesets.go
deleted file mode 100644
index 1851198be2..0000000000
--- a/pkg/cloudflare-go/magic_firewall_rulesets.go
+++ /dev/null
@@ -1,206 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-const (
-	// MagicFirewallRulesetKindRoot specifies a root Ruleset.
-	MagicFirewallRulesetKindRoot = "root"
-
-	// MagicFirewallRulesetPhaseMagicTransit specifies the Magic Transit Ruleset phase.
-	MagicFirewallRulesetPhaseMagicTransit = "magic_transit"
-
-	// MagicFirewallRulesetRuleActionSkip specifies a skip (allow) action.
-	MagicFirewallRulesetRuleActionSkip MagicFirewallRulesetRuleAction = "skip"
-
-	// MagicFirewallRulesetRuleActionBlock specifies a block action.
-	MagicFirewallRulesetRuleActionBlock MagicFirewallRulesetRuleAction = "block"
-)
-
-// MagicFirewallRulesetRuleAction specifies the action for a Firewall rule.
-type MagicFirewallRulesetRuleAction string
-
-// MagicFirewallRuleset contains information about a Firewall Ruleset.
-type MagicFirewallRuleset struct {
-	ID          string                     `json:"id"`
-	Name        string                     `json:"name"`
-	Description string                     `json:"description"`
-	Kind        string                     `json:"kind"`
-	Version     string                     `json:"version,omitempty"`
-	LastUpdated *time.Time                 `json:"last_updated,omitempty"`
-	Phase       string                     `json:"phase"`
-	Rules       []MagicFirewallRulesetRule `json:"rules"`
-}
-
-// MagicFirewallRulesetRuleActionParameters specifies the action parameters for a Firewall rule.
-type MagicFirewallRulesetRuleActionParameters struct {
-	Ruleset string `json:"ruleset,omitempty"`
-}
-
-// MagicFirewallRulesetRule contains information about a single Magic Firewall rule.
-type MagicFirewallRulesetRule struct {
-	ID               string                                    `json:"id,omitempty"`
-	Version          string                                    `json:"version,omitempty"`
-	Action           MagicFirewallRulesetRuleAction            `json:"action"`
-	ActionParameters *MagicFirewallRulesetRuleActionParameters `json:"action_parameters,omitempty"`
-	Expression       string                                    `json:"expression"`
-	Description      string                                    `json:"description"`
-	LastUpdated      *time.Time                                `json:"last_updated,omitempty"`
-	Ref              string                                    `json:"ref,omitempty"`
-	Enabled          bool                                      `json:"enabled"`
-}
-
-// CreateMagicFirewallRulesetRequest contains data for a new Firewall ruleset.
-type CreateMagicFirewallRulesetRequest struct {
-	Name        string                     `json:"name"`
-	Description string                     `json:"description"`
-	Kind        string                     `json:"kind"`
-	Phase       string                     `json:"phase"`
-	Rules       []MagicFirewallRulesetRule `json:"rules"`
-}
-
-// UpdateMagicFirewallRulesetRequest contains data for a Magic Firewall ruleset update.
-type UpdateMagicFirewallRulesetRequest struct {
-	Description string                     `json:"description"`
-	Rules       []MagicFirewallRulesetRule `json:"rules"`
-}
-
-// ListMagicFirewallRulesetResponse contains a list of Magic Firewall rulesets.
-type ListMagicFirewallRulesetResponse struct {
-	Response
-	Result []MagicFirewallRuleset `json:"result"`
-}
-
-// GetMagicFirewallRulesetResponse contains a single Magic Firewall Ruleset.
-type GetMagicFirewallRulesetResponse struct {
-	Response
-	Result MagicFirewallRuleset `json:"result"`
-}
-
-// CreateMagicFirewallRulesetResponse contains response data when creating a new Magic Firewall ruleset.
-type CreateMagicFirewallRulesetResponse struct {
-	Response
-	Result MagicFirewallRuleset `json:"result"`
-}
-
-// UpdateMagicFirewallRulesetResponse contains response data when updating an existing Magic Firewall ruleset.
-type UpdateMagicFirewallRulesetResponse struct {
-	Response
-	Result MagicFirewallRuleset `json:"result"`
-}
-
-// ListMagicFirewallRulesets lists all Rulesets for a given account
-//
-// API reference: https://api.cloudflare.com/#rulesets-list-rulesets
-//
-// Deprecated: Use `ListZoneRuleset` or `ListAccountRuleset` instead.
-func (api *API) ListMagicFirewallRulesets(ctx context.Context, accountID string) ([]MagicFirewallRuleset, error) {
-	uri := fmt.Sprintf("/accounts/%s/rulesets", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []MagicFirewallRuleset{}, err
-	}
-
-	result := ListMagicFirewallRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetMagicFirewallRuleset returns a specific Magic Firewall Ruleset
-//
-// API reference: https://api.cloudflare.com/#rulesets-get-a-ruleset
-//
-// Deprecated: Use `GetZoneRuleset` or `GetAccountRuleset` instead.
-func (api *API) GetMagicFirewallRuleset(ctx context.Context, accountID, ID string) (MagicFirewallRuleset, error) {
-	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return MagicFirewallRuleset{}, err
-	}
-
-	result := GetMagicFirewallRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// CreateMagicFirewallRuleset creates a Magic Firewall ruleset
-//
-// API reference: https://api.cloudflare.com/#rulesets-list-rulesets
-//
-// Deprecated: Use `CreateZoneRuleset` or `CreateAccountRuleset` instead.
-func (api *API) CreateMagicFirewallRuleset(ctx context.Context, accountID, name, description string, rules []MagicFirewallRulesetRule) (MagicFirewallRuleset, error) {
-	uri := fmt.Sprintf("/accounts/%s/rulesets", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
-		CreateMagicFirewallRulesetRequest{
-			Name:        name,
-			Description: description,
-			Kind:        MagicFirewallRulesetKindRoot,
-			Phase:       MagicFirewallRulesetPhaseMagicTransit,
-			Rules:       rules})
-	if err != nil {
-		return MagicFirewallRuleset{}, err
-	}
-
-	result := CreateMagicFirewallRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteMagicFirewallRuleset deletes a Magic Firewall ruleset
-//
-// API reference: https://api.cloudflare.com/#rulesets-delete-ruleset
-//
-// Deprecated: Use `DeleteZoneRuleset` or `DeleteAccountRuleset` instead.
-func (api *API) DeleteMagicFirewallRuleset(ctx context.Context, accountID, ID string) error {
-	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	// Firewall API is not implementing the standard response blob but returns an empty response (204) in case
-	// of a success. So we are checking for the response body size here
-	if len(res) > 0 {
-		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
-	}
-
-	return nil
-}
-
-// UpdateMagicFirewallRuleset updates a Magic Firewall ruleset
-//
-// API reference: https://api.cloudflare.com/#rulesets-update-ruleset
-//
-// Deprecated: Use `UpdateZoneRuleset` or `UpdateAccountRuleset` instead.
-func (api *API) UpdateMagicFirewallRuleset(ctx context.Context, accountID, ID string, description string, rules []MagicFirewallRulesetRule) (MagicFirewallRuleset, error) {
-	uri := fmt.Sprintf("/accounts/%s/rulesets/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri,
-		UpdateMagicFirewallRulesetRequest{Description: description, Rules: rules})
-	if err != nil {
-		return MagicFirewallRuleset{}, err
-	}
-
-	result := UpdateMagicFirewallRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicFirewallRuleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
diff --git a/pkg/cloudflare-go/magic_firewall_rulesets_test.go b/pkg/cloudflare-go/magic_firewall_rulesets_test.go
deleted file mode 100644
index 990da0e0a5..0000000000
--- a/pkg/cloudflare-go/magic_firewall_rulesets_test.go
+++ /dev/null
@@ -1,318 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListMagicFirewallRulesets(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-				{
-					"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-					"name": "ruleset1",
-					"description": "Test Firewall Ruleset",
-					"kind": "root",
-					"version": "1",
-					"last_updated": "2020-12-02T20:24:07.776073Z",
-					"phase": "magic_transit"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-
-	want := []MagicFirewallRuleset{
-		{
-			ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			Name:        "ruleset1",
-			Description: "Test Firewall Ruleset",
-			Kind:        "root",
-			Version:     "1",
-			LastUpdated: &lastUpdated,
-			Phase:       MagicFirewallRulesetPhaseMagicTransit,
-		},
-	}
-
-	actual, err := client.ListMagicFirewallRulesets(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetMagicFirewallRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "ruleset1",
-				"description": "Test Firewall Ruleset",
-				"kind": "root",
-				"version": "1",
-				"last_updated": "2020-12-02T20:24:07.776073Z",
-				"phase": "magic_transit",
-				"rules": [
-					{
-						"id": "62449e2e0de149619edb35e59c10d801",
-						"version": "1",
-						"action": "skip",
-						"action_parameters":{
-   							"ruleset":"current"
-						},
-						"expression": "tcp.dstport in { 32768..65535 }",
-						"description": "Allow TCP Ephemeral Ports",
-						"last_updated": "2020-12-02T20:24:07.776073Z",
-						"ref": "72449e2e0de149619edb35e59c10d801",
-						"enabled": true
-					}
-				]
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-	rules := []MagicFirewallRulesetRule{{
-		ID:      "62449e2e0de149619edb35e59c10d801",
-		Version: "1",
-		Action:  MagicFirewallRulesetRuleActionSkip,
-		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "tcp.dstport in { 32768..65535 }",
-		Description: "Allow TCP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     true,
-	}}
-
-	want := MagicFirewallRuleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "ruleset1",
-		Description: "Test Firewall Ruleset",
-		Kind:        "root",
-		Version:     "1",
-		LastUpdated: &lastUpdated,
-		Phase:       MagicFirewallRulesetPhaseMagicTransit,
-		Rules:       rules,
-	}
-
-	actual, err := client.GetMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicFirewallRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "ruleset1",
-				"description": "Test Firewall Ruleset",
-				"kind": "root",
-				"version": "1",
-				"last_updated": "2020-12-02T20:24:07.776073Z",
-				"phase": "magic_transit",
-				"rules": [
-					{
-						"id": "62449e2e0de149619edb35e59c10d801",
-						"version": "1",
-						"action": "skip",
-						"action_parameters":{
-   							"ruleset":"current"
-						},
-						"expression": "tcp.dstport in { 32768..65535 }",
-						"description": "Allow TCP Ephemeral Ports",
-						"last_updated": "2020-12-02T20:24:07.776073Z",
-						"ref": "72449e2e0de149619edb35e59c10d801",
-						"enabled": true
-					}
-				]
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-	rules := []MagicFirewallRulesetRule{{
-		ID:      "62449e2e0de149619edb35e59c10d801",
-		Version: "1",
-		Action:  MagicFirewallRulesetRuleActionSkip,
-		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "tcp.dstport in { 32768..65535 }",
-		Description: "Allow TCP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     true,
-	}}
-
-	want := MagicFirewallRuleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "ruleset1",
-		Description: "Test Firewall Ruleset",
-		Kind:        "root",
-		Version:     "1",
-		LastUpdated: &lastUpdated,
-		Phase:       MagicFirewallRulesetPhaseMagicTransit,
-		Rules:       rules,
-	}
-
-	actual, err := client.CreateMagicFirewallRuleset(context.Background(), testAccountID, "ruleset1", "Test Firewall Ruleset", rules)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateMagicFirewallRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-				"name": "ruleset1",
-				"description": "Test Firewall Ruleset Update",
-				"kind": "root",
-				"version": "1",
-				"last_updated": "2020-12-02T20:24:07.776073Z",
-				"phase": "magic_transit",
-				"rules": [
-					{
-						"id": "62449e2e0de149619edb35e59c10d801",
-						"version": "1",
-						"action": "skip",
-						"action_parameters":{
-   							"ruleset":"current"
-						},
-						"expression": "tcp.dstport in { 32768..65535 }",
-						"description": "Allow TCP Ephemeral Ports",
-						"last_updated": "2020-12-02T20:24:07.776073Z",
-						"ref": "72449e2e0de149619edb35e59c10d801",
-						"enabled": true
-					},
-					{
-						"id": "62449e2e0de149619edb35e59c10d802",
-						"version": "1",
-						"action": "skip",
-						"action_parameters":{
-   							"ruleset":"current"
-						},
-						"expression": "udp.dstport in { 32768..65535 }",
-						"description": "Allow UDP Ephemeral Ports",
-						"last_updated": "2020-12-02T20:24:07.776073Z",
-						"ref": "72449e2e0de149619edb35e59c10d801",
-						"enabled": true
-					}
-				]
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-	rules := []MagicFirewallRulesetRule{{
-		ID:      "62449e2e0de149619edb35e59c10d801",
-		Version: "1",
-		Action:  MagicFirewallRulesetRuleActionSkip,
-		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "tcp.dstport in { 32768..65535 }",
-		Description: "Allow TCP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     true,
-	}, {
-		ID:      "62449e2e0de149619edb35e59c10d802",
-		Version: "1",
-		Action:  MagicFirewallRulesetRuleActionSkip,
-		ActionParameters: &MagicFirewallRulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "udp.dstport in { 32768..65535 }",
-		Description: "Allow UDP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     true,
-	}}
-
-	want := MagicFirewallRuleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "ruleset1",
-		Description: "Test Firewall Ruleset Update",
-		Kind:        "root",
-		Version:     "1",
-		LastUpdated: &lastUpdated,
-		Phase:       MagicFirewallRulesetPhaseMagicTransit,
-		Rules:       rules,
-	}
-
-	actual, err := client.UpdateMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e", "Test Firewall Ruleset Update", rules)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-// Firewall API is not implementing the standard response blob but returns an empty response (204) in case
-// of a success. So we are checking for the response body size here
-// TODO, This is going to be changed by MFW-63.
-func TestDeleteMagicFirewallRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, ``)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	err := client.DeleteMagicFirewallRuleset(context.Background(), testAccountID, "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/magic_transit_gre_tunnel.go b/pkg/cloudflare-go/magic_transit_gre_tunnel.go
deleted file mode 100644
index 52e24d5f1e..0000000000
--- a/pkg/cloudflare-go/magic_transit_gre_tunnel.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Magic Transit GRE Tunnel Error messages.
-const (
-	errMagicTransitGRETunnelNotModified = "When trying to modify GRE tunnel, API returned modified: false"
-	errMagicTransitGRETunnelNotDeleted  = "When trying to delete GRE tunnel, API returned deleted: false"
-)
-
-// MagicTransitGRETunnel contains information about a GRE tunnel.
-type MagicTransitGRETunnel struct {
-	ID                    string                            `json:"id,omitempty"`
-	CreatedOn             *time.Time                        `json:"created_on,omitempty"`
-	ModifiedOn            *time.Time                        `json:"modified_on,omitempty"`
-	Name                  string                            `json:"name"`
-	CustomerGREEndpoint   string                            `json:"customer_gre_endpoint"`
-	CloudflareGREEndpoint string                            `json:"cloudflare_gre_endpoint"`
-	InterfaceAddress      string                            `json:"interface_address"`
-	Description           string                            `json:"description,omitempty"`
-	TTL                   uint8                             `json:"ttl,omitempty"`
-	MTU                   uint16                            `json:"mtu,omitempty"`
-	HealthCheck           *MagicTransitGRETunnelHealthcheck `json:"health_check,omitempty"`
-}
-
-// MagicTransitGRETunnelHealthcheck contains information about a GRE tunnel health check.
-type MagicTransitGRETunnelHealthcheck struct {
-	Enabled bool   `json:"enabled"`
-	Target  string `json:"target,omitempty"`
-	Type    string `json:"type,omitempty"`
-}
-
-// ListMagicTransitGRETunnelsResponse contains a response including GRE tunnels.
-type ListMagicTransitGRETunnelsResponse struct {
-	Response
-	Result struct {
-		GRETunnels []MagicTransitGRETunnel `json:"gre_tunnels"`
-	} `json:"result"`
-}
-
-// GetMagicTransitGRETunnelResponse contains a response including zero or one GRE tunnels.
-type GetMagicTransitGRETunnelResponse struct {
-	Response
-	Result struct {
-		GRETunnel MagicTransitGRETunnel `json:"gre_tunnel"`
-	} `json:"result"`
-}
-
-// CreateMagicTransitGRETunnelsRequest is an array of GRE tunnels to create.
-type CreateMagicTransitGRETunnelsRequest struct {
-	GRETunnels []MagicTransitGRETunnel `json:"gre_tunnels"`
-}
-
-// UpdateMagicTransitGRETunnelResponse contains a response after updating a GRE Tunnel.
-type UpdateMagicTransitGRETunnelResponse struct {
-	Response
-	Result struct {
-		Modified          bool                  `json:"modified"`
-		ModifiedGRETunnel MagicTransitGRETunnel `json:"modified_gre_tunnel"`
-	} `json:"result"`
-}
-
-// DeleteMagicTransitGRETunnelResponse contains a response after deleting a GRE Tunnel.
-type DeleteMagicTransitGRETunnelResponse struct {
-	Response
-	Result struct {
-		Deleted          bool                  `json:"deleted"`
-		DeletedGRETunnel MagicTransitGRETunnel `json:"deleted_gre_tunnel"`
-	} `json:"result"`
-}
-
-// ListMagicTransitGRETunnels lists all GRE tunnels for a given account.
-//
-// API reference: https://api.cloudflare.com/#magic-gre-tunnels-list-gre-tunnels
-func (api *API) ListMagicTransitGRETunnels(ctx context.Context, accountID string) ([]MagicTransitGRETunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []MagicTransitGRETunnel{}, err
-	}
-
-	result := ListMagicTransitGRETunnelsResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.GRETunnels, nil
-}
-
-// GetMagicTransitGRETunnel returns zero or one GRE tunnel.
-//
-// API reference: https://api.cloudflare.com/#magic-gre-tunnels-gre-tunnel-details
-func (api *API) GetMagicTransitGRETunnel(ctx context.Context, accountID string, id string) (MagicTransitGRETunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return MagicTransitGRETunnel{}, err
-	}
-
-	result := GetMagicTransitGRETunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.GRETunnel, nil
-}
-
-// CreateMagicTransitGRETunnels creates one or more GRE tunnels.
-//
-// API reference: https://api.cloudflare.com/#magic-gre-tunnels-create-gre-tunnels
-func (api *API) CreateMagicTransitGRETunnels(ctx context.Context, accountID string, tunnels []MagicTransitGRETunnel) ([]MagicTransitGRETunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitGRETunnelsRequest{
-		GRETunnels: tunnels,
-	})
-
-	if err != nil {
-		return []MagicTransitGRETunnel{}, err
-	}
-
-	result := ListMagicTransitGRETunnelsResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.GRETunnels, nil
-}
-
-// UpdateMagicTransitGRETunnel updates a GRE tunnel.
-//
-// API reference: https://api.cloudflare.com/#magic-gre-tunnels-update-gre-tunnel
-func (api *API) UpdateMagicTransitGRETunnel(ctx context.Context, accountID string, id string, tunnel MagicTransitGRETunnel) (MagicTransitGRETunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnel)
-
-	if err != nil {
-		return MagicTransitGRETunnel{}, err
-	}
-
-	result := UpdateMagicTransitGRETunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Modified {
-		return MagicTransitGRETunnel{}, errors.New(errMagicTransitGRETunnelNotModified)
-	}
-
-	return result.Result.ModifiedGRETunnel, nil
-}
-
-// DeleteMagicTransitGRETunnel deletes a GRE tunnel.
-//
-// API reference: https://api.cloudflare.com/#magic-gre-tunnels-delete-gre-tunnel
-func (api *API) DeleteMagicTransitGRETunnel(ctx context.Context, accountID string, id string) (MagicTransitGRETunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/gre_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return MagicTransitGRETunnel{}, err
-	}
-
-	result := DeleteMagicTransitGRETunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitGRETunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Deleted {
-		return MagicTransitGRETunnel{}, errors.New(errMagicTransitGRETunnelNotDeleted)
-	}
-
-	return result.Result.DeletedGRETunnel, nil
-}
diff --git a/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go b/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
deleted file mode 100644
index 412b6738a7..0000000000
--- a/pkg/cloudflare-go/magic_transit_gre_tunnel_test.go
+++ /dev/null
@@ -1,331 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListMagicTransitGRETunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "gre_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "GRE_1",
-            "customer_gre_endpoint": "203.0.113.1",
-            "cloudflare_gre_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X",
-            "ttl": 64,
-            "mtu": 1476,
-            "health_check": {
-              "enabled": true,
-              "target": "203.0.113.1",
-              "type": "request"
-            }
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitGRETunnel{
-		{
-			ID:                    "c4a7362d577a6c3019a474fd6f485821",
-			CreatedOn:             &createdOn,
-			ModifiedOn:            &modifiedOn,
-			Name:                  "GRE_1",
-			CustomerGREEndpoint:   "203.0.113.1",
-			CloudflareGREEndpoint: "203.0.113.2",
-			InterfaceAddress:      "192.0.2.0/31",
-			Description:           "Tunnel for ISP X",
-			TTL:                   64,
-			MTU:                   1476,
-			HealthCheck: &MagicTransitGRETunnelHealthcheck{
-				Enabled: true,
-				Target:  "203.0.113.1",
-				Type:    "request",
-			},
-		},
-	}
-
-	actual, err := client.ListMagicTransitGRETunnels(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetMagicTransitGRETunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "gre_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "GRE_1",
-          "customer_gre_endpoint": "203.0.113.1",
-          "cloudflare_gre_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X",
-          "ttl": 64,
-          "mtu": 1476,
-          "health_check": {
-            "enabled": true,
-            "target": "203.0.113.1",
-            "type": "request"
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitGRETunnel{
-		ID:                    "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-		Name:                  "GRE_1",
-		CustomerGREEndpoint:   "203.0.113.1",
-		CloudflareGREEndpoint: "203.0.113.2",
-		InterfaceAddress:      "192.0.2.0/31",
-		Description:           "Tunnel for ISP X",
-		TTL:                   64,
-		MTU:                   1476,
-		HealthCheck: &MagicTransitGRETunnelHealthcheck{
-			Enabled: true,
-			Target:  "203.0.113.1",
-			Type:    "request",
-		},
-	}
-
-	actual, err := client.GetMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicTransitGRETunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "gre_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "GRE_1",
-            "customer_gre_endpoint": "203.0.113.1",
-            "cloudflare_gre_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X",
-            "ttl": 64,
-            "mtu": 1476,
-            "health_check": {
-                  "enabled": true,
-                  "target": "203.0.113.1",
-                  "type": "request"
-            }
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitGRETunnel{
-		{
-			ID:                    "c4a7362d577a6c3019a474fd6f485821",
-			CreatedOn:             &createdOn,
-			ModifiedOn:            &modifiedOn,
-			Name:                  "GRE_1",
-			CustomerGREEndpoint:   "203.0.113.1",
-			CloudflareGREEndpoint: "203.0.113.2",
-			InterfaceAddress:      "192.0.2.0/31",
-			Description:           "Tunnel for ISP X",
-			TTL:                   64,
-			MTU:                   1476,
-			HealthCheck: &MagicTransitGRETunnelHealthcheck{
-				Enabled: true,
-				Target:  "203.0.113.1",
-				Type:    "request",
-			},
-		},
-	}
-
-	actual, err := client.CreateMagicTransitGRETunnels(context.Background(), testAccountID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateMagicTransitGRETunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "modified": true,
-        "modified_gre_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "GRE_1",
-          "customer_gre_endpoint": "203.0.113.1",
-          "cloudflare_gre_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X",
-          "ttl": 64,
-          "mtu": 1476,
-          "health_check": {
-            "enabled": true,
-            "target": "203.0.113.1",
-            "type": "request"
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitGRETunnel{
-		ID:                    "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-		Name:                  "GRE_1",
-		CustomerGREEndpoint:   "203.0.113.1",
-		CloudflareGREEndpoint: "203.0.113.2",
-		InterfaceAddress:      "192.0.2.0/31",
-		Description:           "Tunnel for ISP X",
-		TTL:                   64,
-		MTU:                   1476,
-		HealthCheck: &MagicTransitGRETunnelHealthcheck{
-			Enabled: true,
-			Target:  "203.0.113.1",
-			Type:    "request",
-		},
-	}
-
-	actual, err := client.UpdateMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteMagicTransitGRETunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "deleted": true,
-        "deleted_gre_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "GRE_1",
-          "customer_gre_endpoint": "203.0.113.1",
-          "cloudflare_gre_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X",
-          "ttl": 64,
-          "mtu": 1476,
-          "health_check": {
-            "enabled": true,
-            "target": "203.0.113.1",
-            "type": "request"
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/gre_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitGRETunnel{
-		ID:                    "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:             &createdOn,
-		ModifiedOn:            &modifiedOn,
-		Name:                  "GRE_1",
-		CustomerGREEndpoint:   "203.0.113.1",
-		CloudflareGREEndpoint: "203.0.113.2",
-		InterfaceAddress:      "192.0.2.0/31",
-		Description:           "Tunnel for ISP X",
-		TTL:                   64,
-		MTU:                   1476,
-		HealthCheck: &MagicTransitGRETunnelHealthcheck{
-			Enabled: true,
-			Target:  "203.0.113.1",
-			Type:    "request",
-		},
-	}
-
-	actual, err := client.DeleteMagicTransitGRETunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go b/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
deleted file mode 100644
index 6b13fe1295..0000000000
--- a/pkg/cloudflare-go/magic_transit_ipsec_tunnel.go
+++ /dev/null
@@ -1,216 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Magic Transit IPsec Tunnel Error messages.
-const (
-	errMagicTransitIPsecTunnelNotModified = "When trying to modify IPsec tunnel, API returned modified: false"
-	errMagicTransitIPsecTunnelNotDeleted  = "When trying to delete IPsec tunnel, API returned deleted: false"
-)
-
-type RemoteIdentities struct {
-	HexID  string `json:"hex_id"`
-	FQDNID string `json:"fqdn_id"`
-	UserID string `json:"user_id"`
-}
-
-// MagicTransitIPsecTunnelPskMetadata contains metadata associated with PSK.
-type MagicTransitIPsecTunnelPskMetadata struct {
-	LastGeneratedOn *time.Time `json:"last_generated_on,omitempty"`
-}
-
-// MagicTransitIPsecTunnel contains information about an IPsec tunnel.
-type MagicTransitIPsecTunnel struct {
-	ID                 string                              `json:"id,omitempty"`
-	CreatedOn          *time.Time                          `json:"created_on,omitempty"`
-	ModifiedOn         *time.Time                          `json:"modified_on,omitempty"`
-	Name               string                              `json:"name"`
-	CustomerEndpoint   string                              `json:"customer_endpoint,omitempty"`
-	CloudflareEndpoint string                              `json:"cloudflare_endpoint"`
-	InterfaceAddress   string                              `json:"interface_address"`
-	Description        string                              `json:"description,omitempty"`
-	HealthCheck        *MagicTransitTunnelHealthcheck      `json:"health_check,omitempty"`
-	Psk                string                              `json:"psk,omitempty"`
-	PskMetadata        *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata,omitempty"`
-	RemoteIdentities   *RemoteIdentities                   `json:"remote_identities,omitempty"`
-	AllowNullCipher    bool                                `json:"allow_null_cipher"`
-	ReplayProtection   *bool                               `json:"replay_protection,omitempty"`
-}
-
-// ListMagicTransitIPsecTunnelsResponse contains a response including IPsec tunnels.
-type ListMagicTransitIPsecTunnelsResponse struct {
-	Response
-	Result struct {
-		IPsecTunnels []MagicTransitIPsecTunnel `json:"ipsec_tunnels"`
-	} `json:"result"`
-}
-
-// GetMagicTransitIPsecTunnelResponse contains a response including zero or one IPsec tunnels.
-type GetMagicTransitIPsecTunnelResponse struct {
-	Response
-	Result struct {
-		IPsecTunnel MagicTransitIPsecTunnel `json:"ipsec_tunnel"`
-	} `json:"result"`
-}
-
-// CreateMagicTransitIPsecTunnelsRequest is an array of IPsec tunnels to create.
-type CreateMagicTransitIPsecTunnelsRequest struct {
-	IPsecTunnels []MagicTransitIPsecTunnel `json:"ipsec_tunnels"`
-}
-
-// UpdateMagicTransitIPsecTunnelResponse contains a response after updating an IPsec Tunnel.
-type UpdateMagicTransitIPsecTunnelResponse struct {
-	Response
-	Result struct {
-		Modified            bool                    `json:"modified"`
-		ModifiedIPsecTunnel MagicTransitIPsecTunnel `json:"modified_ipsec_tunnel"`
-	} `json:"result"`
-}
-
-// DeleteMagicTransitIPsecTunnelResponse contains a response after deleting an IPsec Tunnel.
-type DeleteMagicTransitIPsecTunnelResponse struct {
-	Response
-	Result struct {
-		Deleted            bool                    `json:"deleted"`
-		DeletedIPsecTunnel MagicTransitIPsecTunnel `json:"deleted_ipsec_tunnel"`
-	} `json:"result"`
-}
-
-// GenerateMagicTransitIPsecTunnelPSKResponse contains a response after generating IPsec Tunnel.
-type GenerateMagicTransitIPsecTunnelPSKResponse struct {
-	Response
-	Result struct {
-		Psk         string                              `json:"psk"`
-		PskMetadata *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata"`
-	} `json:"result"`
-}
-
-// ListMagicTransitIPsecTunnels lists all IPsec tunnels for a given account
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-list-ipsec-tunnels
-func (api *API) ListMagicTransitIPsecTunnels(ctx context.Context, accountID string) ([]MagicTransitIPsecTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []MagicTransitIPsecTunnel{}, err
-	}
-
-	result := ListMagicTransitIPsecTunnelsResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.IPsecTunnels, nil
-}
-
-// GetMagicTransitIPsecTunnel returns zero or one IPsec tunnel
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-ipsec-tunnel-details
-func (api *API) GetMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string) (MagicTransitIPsecTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return MagicTransitIPsecTunnel{}, err
-	}
-
-	result := GetMagicTransitIPsecTunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.IPsecTunnel, nil
-}
-
-// CreateMagicTransitIPsecTunnels creates one or more IPsec tunnels
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-create-ipsec-tunnels
-func (api *API) CreateMagicTransitIPsecTunnels(ctx context.Context, accountID string, tunnels []MagicTransitIPsecTunnel) ([]MagicTransitIPsecTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitIPsecTunnelsRequest{
-		IPsecTunnels: tunnels,
-	})
-
-	if err != nil {
-		return []MagicTransitIPsecTunnel{}, err
-	}
-
-	result := ListMagicTransitIPsecTunnelsResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.IPsecTunnels, nil
-}
-
-// UpdateMagicTransitIPsecTunnel updates an IPsec tunnel
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-update-ipsec-tunnel
-func (api *API) UpdateMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string, tunnel MagicTransitIPsecTunnel) (MagicTransitIPsecTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnel)
-
-	if err != nil {
-		return MagicTransitIPsecTunnel{}, err
-	}
-
-	result := UpdateMagicTransitIPsecTunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Modified {
-		return MagicTransitIPsecTunnel{}, errors.New(errMagicTransitIPsecTunnelNotModified)
-	}
-
-	return result.Result.ModifiedIPsecTunnel, nil
-}
-
-// DeleteMagicTransitIPsecTunnel deletes an IPsec Tunnel
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-delete-ipsec-tunnel
-func (api *API) DeleteMagicTransitIPsecTunnel(ctx context.Context, accountID string, id string) (MagicTransitIPsecTunnel, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return MagicTransitIPsecTunnel{}, err
-	}
-
-	result := DeleteMagicTransitIPsecTunnelResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitIPsecTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Deleted {
-		return MagicTransitIPsecTunnel{}, errors.New(errMagicTransitIPsecTunnelNotDeleted)
-	}
-
-	return result.Result.DeletedIPsecTunnel, nil
-}
-
-// GenerateMagicTransitIPsecTunnelPSK generates a pre shared key (psk) for an IPsec tunnel
-//
-// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-generate-pre-shared-key-psk-for-ipsec-tunnels
-func (api *API) GenerateMagicTransitIPsecTunnelPSK(ctx context.Context, accountID string, id string) (string, *MagicTransitIPsecTunnelPskMetadata, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s/psk_generate", accountID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-
-	if err != nil {
-		return "", nil, err
-	}
-
-	result := GenerateMagicTransitIPsecTunnelPSKResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return "", nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Psk, result.Result.PskMetadata, nil
-}
diff --git a/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go b/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
deleted file mode 100644
index ed93007d8c..0000000000
--- a/pkg/cloudflare-go/magic_transit_ipsec_tunnel_test.go
+++ /dev/null
@@ -1,418 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListMagicTransitIPsecTunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "ipsec_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "IPsec_1",
-            "customer_endpoint": "203.0.113.1",
-            "cloudflare_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X",
-			"replay_protection": true
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitIPsecTunnel{
-		{
-			ID:                 "c4a7362d577a6c3019a474fd6f485821",
-			CreatedOn:          &createdOn,
-			ModifiedOn:         &modifiedOn,
-			Name:               "IPsec_1",
-			CustomerEndpoint:   "203.0.113.1",
-			CloudflareEndpoint: "203.0.113.2",
-			InterfaceAddress:   "192.0.2.0/31",
-			Description:        "Tunnel for ISP X",
-			ReplayProtection:   BoolPtr(true),
-		},
-	}
-
-	actual, err := client.ListMagicTransitIPsecTunnels(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetMagicTransitIPsecTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "ipsec_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "IPsec_1",
-          "customer_endpoint": "203.0.113.1",
-          "cloudflare_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X",
-          "allow_null_cipher": true,
-		  "replay_protection": true
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitIPsecTunnel{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-		AllowNullCipher:    true,
-		ReplayProtection:   BoolPtr(true),
-	}
-
-	actual, err := client.GetMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicTransitIPsecTunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "ipsec_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "IPsec_1",
-            "customer_endpoint": "203.0.113.1",
-            "cloudflare_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X"
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitIPsecTunnel{{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-	}}
-
-	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicTransitIPsecTunnelsWithHealthcheck(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "ipsec_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "IPsec_1",
-            "customer_endpoint": "203.0.113.1",
-            "cloudflare_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X",
-            "health_check": {
-              "enabled": true,
-              "type": "reply",
-              "rate": "mid",
-              "direction": "bidirectional"
-            }
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitIPsecTunnel{{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-		HealthCheck: &MagicTransitTunnelHealthcheck{
-			Enabled:   true,
-			Type:      "reply",
-			Rate:      "mid",
-			Direction: "bidirectional",
-		},
-	}}
-
-	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicTransitIPsecTunnelsWithReplayProtection(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "ipsec_tunnels": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "name": "IPsec_1",
-            "customer_endpoint": "203.0.113.1",
-            "cloudflare_endpoint": "203.0.113.2",
-            "interface_address": "192.0.2.0/31",
-            "description": "Tunnel for ISP X",
-			"replay_protection": true
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitIPsecTunnel{{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-		ReplayProtection:   BoolPtr(true),
-	}}
-
-	actual, err := client.CreateMagicTransitIPsecTunnels(context.Background(), testAccountID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateMagicTransitIPsecTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "modified": true,
-        "modified_ipsec_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "IPsec_1",
-          "customer_endpoint": "203.0.113.1",
-          "cloudflare_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X",
-          "allow_null_cipher": true
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitIPsecTunnel{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-		AllowNullCipher:    true,
-	}
-
-	actual, err := client.UpdateMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteMagicTransitIPsecTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "deleted": true,
-        "deleted_ipsec_tunnel": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "name": "IPsec_1",
-          "customer_endpoint": "203.0.113.1",
-          "cloudflare_endpoint": "203.0.113.2",
-          "interface_address": "192.0.2.0/31",
-          "description": "Tunnel for ISP X"
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitIPsecTunnel{
-		ID:                 "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:          &createdOn,
-		ModifiedOn:         &modifiedOn,
-		Name:               "IPsec_1",
-		CustomerEndpoint:   "203.0.113.1",
-		CloudflareEndpoint: "203.0.113.2",
-		InterfaceAddress:   "192.0.2.0/31",
-		Description:        "Tunnel for ISP X",
-	}
-
-	actual, err := client.DeleteMagicTransitIPsecTunnel(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestMagicTransitIPsecTunnelGeneratePSK(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "psk": "itworks",
-				"psk_metadata": {
-		      "last_generated_on": "2017-06-14T05:20:00Z"
-		    }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821/psk_generate", handler)
-
-	lastGeneratedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitIPsecTunnelPskMetadata{
-		LastGeneratedOn: &lastGeneratedOn,
-	}
-
-	want_psk := "itworks"
-
-	psk, actual, err := client.GenerateMagicTransitIPsecTunnelPSK(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, *actual)
-		assert.Equal(t, want_psk, psk)
-	}
-}
diff --git a/pkg/cloudflare-go/magic_transit_static_routes.go b/pkg/cloudflare-go/magic_transit_static_routes.go
deleted file mode 100644
index 3554a9d162..0000000000
--- a/pkg/cloudflare-go/magic_transit_static_routes.go
+++ /dev/null
@@ -1,180 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Magic Transit Static Routes Error messages.
-const (
-	errMagicTransitStaticRouteNotModified = "When trying to modify static route, API returned modified: false"
-	errMagicTransitStaticRouteNotDeleted  = "When trying to delete static route, API returned deleted: false"
-)
-
-// MagicTransitStaticRouteScope contains information about a static route's scope.
-type MagicTransitStaticRouteScope struct {
-	ColoRegions []string `json:"colo_regions,omitempty"`
-	ColoNames   []string `json:"colo_names,omitempty"`
-}
-
-// MagicTransitStaticRoute contains information about a static route.
-type MagicTransitStaticRoute struct {
-	ID          string                       `json:"id,omitempty"`
-	Prefix      string                       `json:"prefix"`
-	CreatedOn   *time.Time                   `json:"created_on,omitempty"`
-	ModifiedOn  *time.Time                   `json:"modified_on,omitempty"`
-	Nexthop     string                       `json:"nexthop"`
-	Priority    int                          `json:"priority,omitempty"`
-	Description string                       `json:"description,omitempty"`
-	Weight      int                          `json:"weight,omitempty"`
-	Scope       MagicTransitStaticRouteScope `json:"scope,omitempty"`
-}
-
-// ListMagicTransitStaticRoutesResponse contains a response including Magic Transit static routes.
-type ListMagicTransitStaticRoutesResponse struct {
-	Response
-	Result struct {
-		Routes []MagicTransitStaticRoute `json:"routes"`
-	} `json:"result"`
-}
-
-// GetMagicTransitStaticRouteResponse contains a response including exactly one static route.
-type GetMagicTransitStaticRouteResponse struct {
-	Response
-	Result struct {
-		Route MagicTransitStaticRoute `json:"route"`
-	} `json:"result"`
-}
-
-// UpdateMagicTransitStaticRouteResponse contains a static route update response.
-type UpdateMagicTransitStaticRouteResponse struct {
-	Response
-	Result struct {
-		Modified      bool                    `json:"modified"`
-		ModifiedRoute MagicTransitStaticRoute `json:"modified_route"`
-	} `json:"result"`
-}
-
-// DeleteMagicTransitStaticRouteResponse contains a static route deletion response.
-type DeleteMagicTransitStaticRouteResponse struct {
-	Response
-	Result struct {
-		Deleted      bool                    `json:"deleted"`
-		DeletedRoute MagicTransitStaticRoute `json:"deleted_route"`
-	} `json:"result"`
-}
-
-// CreateMagicTransitStaticRoutesRequest is an array of static routes to create.
-type CreateMagicTransitStaticRoutesRequest struct {
-	Routes []MagicTransitStaticRoute `json:"routes"`
-}
-
-// ListMagicTransitStaticRoutes lists all static routes for a given account
-//
-// API reference: https://api.cloudflare.com/#magic-transit-static-routes-list-routes
-func (api *API) ListMagicTransitStaticRoutes(ctx context.Context, accountID string) ([]MagicTransitStaticRoute, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/routes", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []MagicTransitStaticRoute{}, err
-	}
-
-	result := ListMagicTransitStaticRoutesResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Routes, nil
-}
-
-// GetMagicTransitStaticRoute returns exactly one static route
-//
-// API reference: https://api.cloudflare.com/#magic-transit-static-routes-route-details
-func (api *API) GetMagicTransitStaticRoute(ctx context.Context, accountID, ID string) (MagicTransitStaticRoute, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return MagicTransitStaticRoute{}, err
-	}
-
-	result := GetMagicTransitStaticRouteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Route, nil
-}
-
-// CreateMagicTransitStaticRoute creates a new static route
-//
-// API reference: https://api.cloudflare.com/#magic-transit-static-routes-create-routes
-func (api *API) CreateMagicTransitStaticRoute(ctx context.Context, accountID string, route MagicTransitStaticRoute) ([]MagicTransitStaticRoute, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/routes", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, CreateMagicTransitStaticRoutesRequest{
-		Routes: []MagicTransitStaticRoute{
-			route,
-		},
-	})
-
-	if err != nil {
-		return []MagicTransitStaticRoute{}, err
-	}
-
-	result := ListMagicTransitStaticRoutesResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Routes, nil
-}
-
-// UpdateMagicTransitStaticRoute updates a static route
-//
-// API reference: https://api.cloudflare.com/#magic-transit-static-routes-update-route
-func (api *API) UpdateMagicTransitStaticRoute(ctx context.Context, accountID, ID string, route MagicTransitStaticRoute) (MagicTransitStaticRoute, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, route)
-
-	if err != nil {
-		return MagicTransitStaticRoute{}, err
-	}
-
-	result := UpdateMagicTransitStaticRouteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Modified {
-		return MagicTransitStaticRoute{}, errors.New(errMagicTransitStaticRouteNotModified)
-	}
-
-	return result.Result.ModifiedRoute, nil
-}
-
-// DeleteMagicTransitStaticRoute deletes a static route
-//
-// API reference: https://api.cloudflare.com/#magic-transit-static-routes-delete-route
-func (api *API) DeleteMagicTransitStaticRoute(ctx context.Context, accountID, ID string) (MagicTransitStaticRoute, error) {
-	uri := fmt.Sprintf("/accounts/%s/magic/routes/%s", accountID, ID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return MagicTransitStaticRoute{}, err
-	}
-
-	result := DeleteMagicTransitStaticRouteResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return MagicTransitStaticRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !result.Result.Deleted {
-		return MagicTransitStaticRoute{}, errors.New(errMagicTransitStaticRouteNotDeleted)
-	}
-
-	return result.Result.DeletedRoute, nil
-}
diff --git a/pkg/cloudflare-go/magic_transit_static_routes_test.go b/pkg/cloudflare-go/magic_transit_static_routes_test.go
deleted file mode 100644
index 5c8b0a090e..0000000000
--- a/pkg/cloudflare-go/magic_transit_static_routes_test.go
+++ /dev/null
@@ -1,341 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListMagicTransitStaticRoutes(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "routes": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "prefix": "192.0.2.0/24",
-            "nexthop": "203.0.113.1",
-            "priority": 100,
-            "description": "New route for new prefix 203.0.113.1",
-            "weight": 100,
-            "scope": {
-              "colo_regions": [
-                "APAC"
-              ],
-              "colo_names": [
-                "den01"
-              ]
-            }
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := []MagicTransitStaticRoute{
-		{
-			ID:          "c4a7362d577a6c3019a474fd6f485821",
-			CreatedOn:   &createdOn,
-			ModifiedOn:  &modifiedOn,
-			Prefix:      "192.0.2.0/24",
-			Nexthop:     "203.0.113.1",
-			Priority:    100,
-			Description: "New route for new prefix 203.0.113.1",
-			Weight:      100,
-			Scope: MagicTransitStaticRouteScope{
-				ColoRegions: []string{
-					"APAC",
-				},
-				ColoNames: []string{
-					"den01",
-				},
-			},
-		},
-	}
-
-	actual, err := client.ListMagicTransitStaticRoutes(context.Background(), testAccountID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetMagicTransitStaticRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "route": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "prefix": "192.0.2.0/24",
-          "nexthop": "203.0.113.1",
-          "priority": 100,
-          "description": "New route for new prefix 203.0.113.1",
-          "weight": 100,
-          "scope": {
-            "colo_regions": [
-              "APAC"
-            ],
-            "colo_names": [
-              "den01"
-            ]
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitStaticRoute{
-		ID:          "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Prefix:      "192.0.2.0/24",
-		Nexthop:     "203.0.113.1",
-		Priority:    100,
-		Description: "New route for new prefix 203.0.113.1",
-		Weight:      100,
-		Scope: MagicTransitStaticRouteScope{
-			ColoRegions: []string{
-				"APAC",
-			},
-			ColoNames: []string{
-				"den01",
-			},
-		},
-	}
-
-	actual, err := client.GetMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateMagicTransitStaticRoutes(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "routes": [
-          {
-            "id": "c4a7362d577a6c3019a474fd6f485821",
-            "created_on": "2017-06-14T00:00:00Z",
-            "modified_on": "2017-06-14T05:20:00Z",
-            "prefix": "192.0.2.0/24",
-            "nexthop": "203.0.113.1",
-            "priority": 100,
-            "description": "New route for new prefix 203.0.113.1",
-            "weight": 100,
-            "scope": {
-              "colo_regions": [
-                "APAC"
-              ],
-              "colo_names": [
-                "den01"
-              ]
-            }
-          }
-        ]
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitStaticRoute{
-		ID:          "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Prefix:      "192.0.2.0/24",
-		Nexthop:     "203.0.113.1",
-		Priority:    100,
-		Description: "New route for new prefix 203.0.113.1",
-		Weight:      100,
-		Scope: MagicTransitStaticRouteScope{
-			ColoRegions: []string{
-				"APAC",
-			},
-			ColoNames: []string{
-				"den01",
-			},
-		},
-	}
-
-	actual, err := client.CreateMagicTransitStaticRoute(context.Background(), testAccountID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, []MagicTransitStaticRoute{
-			want,
-		}, actual)
-	}
-}
-
-func TestUpdateMagicTransitStaticRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "modified": true,
-        "modified_route": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "prefix": "192.0.2.0/24",
-          "nexthop": "203.0.113.1",
-          "priority": 100,
-          "description": "New route for new prefix 203.0.113.1",
-          "weight": 100,
-          "scope": {
-            "colo_regions": [
-              "APAC"
-            ],
-            "colo_names": [
-              "den01"
-            ]
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitStaticRoute{
-		ID:          "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Prefix:      "192.0.2.0/24",
-		Nexthop:     "203.0.113.1",
-		Priority:    100,
-		Description: "New route for new prefix 203.0.113.1",
-		Weight:      100,
-		Scope: MagicTransitStaticRouteScope{
-			ColoRegions: []string{
-				"APAC",
-			},
-			ColoNames: []string{
-				"den01",
-			},
-		},
-	}
-
-	actual, err := client.UpdateMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteMagicTransitStaticRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "deleted": true,
-        "deleted_route": {
-          "id": "c4a7362d577a6c3019a474fd6f485821",
-          "created_on": "2017-06-14T00:00:00Z",
-          "modified_on": "2017-06-14T05:20:00Z",
-          "prefix": "192.0.2.0/24",
-          "nexthop": "203.0.113.1",
-          "priority": 100,
-          "description": "New route for new prefix 203.0.113.1",
-          "weight": 100,
-          "scope": {
-            "colo_regions": [
-              "APAC"
-            ],
-            "colo_names": [
-              "den01"
-            ]
-          }
-        }
-      }
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/magic/routes/c4a7362d577a6c3019a474fd6f485821", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2017-06-14T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z")
-
-	want := MagicTransitStaticRoute{
-		ID:          "c4a7362d577a6c3019a474fd6f485821",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-		Prefix:      "192.0.2.0/24",
-		Nexthop:     "203.0.113.1",
-		Priority:    100,
-		Description: "New route for new prefix 203.0.113.1",
-		Weight:      100,
-		Scope: MagicTransitStaticRouteScope{
-			ColoRegions: []string{
-				"APAC",
-			},
-			ColoNames: []string{
-				"den01",
-			},
-		},
-	}
-
-	actual, err := client.DeleteMagicTransitStaticRoute(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go b/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
deleted file mode 100644
index ced8a40f41..0000000000
--- a/pkg/cloudflare-go/magic_transit_tunnel_healthcheck.go
+++ /dev/null
@@ -1,10 +0,0 @@
-package cloudflare
-
-// MagicTransitTunnelHealthcheck contains information about a tunnel health check.
-type MagicTransitTunnelHealthcheck struct {
-	Enabled   bool   `json:"enabled"`
-	Target    string `json:"target,omitempty"`
-	Type      string `json:"type,omitempty"`
-	Rate      string `json:"rate,omitempty"`
-	Direction string `json:"direction,omitempty"`
-}
diff --git a/pkg/cloudflare-go/managed_headers.go b/pkg/cloudflare-go/managed_headers.go
deleted file mode 100644
index 54de0dd8e4..0000000000
--- a/pkg/cloudflare-go/managed_headers.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type ListManagedHeadersResponse struct {
-	Response
-	Result ManagedHeaders `json:"result"`
-}
-
-type UpdateManagedHeadersParams struct {
-	ManagedHeaders
-}
-
-type ManagedHeaders struct {
-	ManagedRequestHeaders  []ManagedHeader `json:"managed_request_headers"`
-	ManagedResponseHeaders []ManagedHeader `json:"managed_response_headers"`
-}
-
-type ManagedHeader struct {
-	ID            string   `json:"id"`
-	Enabled       bool     `json:"enabled"`
-	HasCoflict    bool     `json:"has_conflict,omitempty"`
-	ConflictsWith []string `json:"conflicts_with,omitempty"`
-}
-
-type ListManagedHeadersParams struct {
-	Status string `url:"status,omitempty"`
-}
-
-func (api *API) ListZoneManagedHeaders(ctx context.Context, rc *ResourceContainer, params ListManagedHeadersParams) (ManagedHeaders, error) {
-	if rc.Identifier == "" {
-		return ManagedHeaders{}, ErrMissingZoneID
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/managed_headers", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ManagedHeaders{}, err
-	}
-
-	result := ListManagedHeadersResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ManagedHeaders{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-func (api *API) UpdateZoneManagedHeaders(ctx context.Context, rc *ResourceContainer, params UpdateManagedHeadersParams) (ManagedHeaders, error) {
-	if rc.Identifier == "" {
-		return ManagedHeaders{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/managed_headers", rc.Identifier)
-
-	payload, err := json.Marshal(params.ManagedHeaders)
-	if err != nil {
-		return ManagedHeaders{}, err
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, payload)
-	if err != nil {
-		return ManagedHeaders{}, err
-	}
-
-	result := ListManagedHeadersResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return ManagedHeaders{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
diff --git a/pkg/cloudflare-go/managed_headers_test.go b/pkg/cloudflare-go/managed_headers_test.go
deleted file mode 100644
index a1c202ed74..0000000000
--- a/pkg/cloudflare-go/managed_headers_test.go
+++ /dev/null
@@ -1,234 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListManagedHeaders(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "managed_request_headers": [
-          {
-            "id": "add_true_client_ip_headers",
-            "enabled": false,
-            "has_conflict": false,
-            "conflicts_with": ["remove_visitor_ip_headers"]
-          },
-          {
-            "id": "add_visitor_location_headers",
-            "enabled": true,
-            "has_conflict": false
-          }
-        ],
-        "managed_response_headers": [
-          {
-            "id": "add_security_headers",
-            "enabled": false,
-            "has_conflict": false
-          },
-          {
-            "id": "remove_x-powered-by_header",
-            "enabled": true,
-            "has_conflict": false
-          }
-        ]
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
-
-	want := ManagedHeaders{
-		ManagedRequestHeaders: []ManagedHeader{
-			{
-				ID:            "add_true_client_ip_headers",
-				Enabled:       false,
-				HasCoflict:    false,
-				ConflictsWith: []string{"remove_visitor_ip_headers"},
-			},
-			{
-				ID:         "add_visitor_location_headers",
-				Enabled:    true,
-				HasCoflict: false,
-			},
-		},
-		ManagedResponseHeaders: []ManagedHeader{
-			{
-				ID:         "add_security_headers",
-				Enabled:    false,
-				HasCoflict: false,
-			},
-			{
-				ID:         "remove_x-powered-by_header",
-				Enabled:    true,
-				HasCoflict: false,
-			},
-		},
-	}
-
-	zoneActual, err := client.ListZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), ListManagedHeadersParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-}
-
-func TestFilterManagedHeaders(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, r.URL.Query().Get("status"), "enabled")
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "managed_request_headers": [
-          {
-            "id": "add_visitor_location_headers",
-            "enabled": true,
-            "has_conflict": false
-          }
-        ],
-        "managed_response_headers": [
-          {
-            "id": "remove_x-powered-by_header",
-            "enabled": true,
-            "has_conflict": false
-          }
-        ]
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
-
-	want := ManagedHeaders{
-		ManagedRequestHeaders: []ManagedHeader{
-			{
-				ID:         "add_visitor_location_headers",
-				Enabled:    true,
-				HasCoflict: false,
-			},
-		},
-		ManagedResponseHeaders: []ManagedHeader{
-			{
-				ID:         "remove_x-powered-by_header",
-				Enabled:    true,
-				HasCoflict: false,
-			},
-		},
-	}
-
-	zoneActual, err := client.ListZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), ListManagedHeadersParams{
-		Status: "enabled",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-}
-
-func TestUpdateManagedHeaders(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "managed_request_headers": [
-          {
-            "id": "add_true_client_ip_headers",
-            "enabled": true,
-            "has_conflict": false,
-            "conflicts_with": ["remove_visitor_ip_headers"]
-          },
-          {
-            "id": "add_visitor_location_headers",
-            "enabled": true,
-            "has_conflict": false
-          }
-        ],
-        "managed_response_headers": [
-          {
-            "id": "add_security_headers",
-            "enabled": false,
-            "has_conflict": false
-          },
-          {
-            "id": "remove_x-powered-by_header",
-            "enabled": false,
-            "has_conflict": false
-          }
-        ]
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/managed_headers", handler)
-	managedHeadersForUpdate := ManagedHeaders{
-		ManagedRequestHeaders: []ManagedHeader{
-			{
-				ID:      "add_visitor_location_headers",
-				Enabled: true,
-			},
-		},
-		ManagedResponseHeaders: []ManagedHeader{
-			{
-				ID:      "remove_x-powered-by_header",
-				Enabled: false,
-			},
-		},
-	}
-	want := ManagedHeaders{
-		ManagedRequestHeaders: []ManagedHeader{
-			{
-				ID:            "add_true_client_ip_headers",
-				Enabled:       true,
-				HasCoflict:    false,
-				ConflictsWith: []string{"remove_visitor_ip_headers"},
-			},
-			{
-				ID:         "add_visitor_location_headers",
-				Enabled:    true,
-				HasCoflict: false,
-			},
-		},
-		ManagedResponseHeaders: []ManagedHeader{
-			{
-				ID:         "add_security_headers",
-				Enabled:    false,
-				HasCoflict: false,
-			},
-			{
-				ID:         "remove_x-powered-by_header",
-				Enabled:    false,
-				HasCoflict: false,
-			},
-		},
-	}
-	zoneActual, err := client.UpdateZoneManagedHeaders(context.Background(), ZoneIdentifier(testZoneID), UpdateManagedHeadersParams{
-		ManagedHeaders: managedHeadersForUpdate,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-}
diff --git a/pkg/cloudflare-go/miscategorization.go b/pkg/cloudflare-go/miscategorization.go
deleted file mode 100644
index 5164c530db..0000000000
--- a/pkg/cloudflare-go/miscategorization.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-)
-
-var (
-	// ErrMissingIP is for when ipv4 or ipv6 indicator was given but ip is missing.
-	ErrMissingIP = errors.New("ip is required when using 'ipv4' or 'ipv6' indicator type and is missing")
-	// ErrMissingURL is for when url or domain indicator was given but url is missing.
-	ErrMissingURL = errors.New("url is required when using 'domain' or 'url' indicator type and is missing")
-)
-
-// MisCategorizationParameters represents the parameters for a miscategorization request.
-type MisCategorizationParameters struct {
-	AccountID       string
-	IndicatorType   string `json:"indicator_type,omitempty"`
-	IP              string `json:"ip,omitempty"`
-	URL             string `json:"url,omitempty"`
-	ContentAdds     []int  `json:"content_adds,omitempty"`
-	ContentRemoves  []int  `json:"content_removes,omitempty"`
-	SecurityAdds    []int  `json:"security_adds,omitempty"`
-	SecurityRemoves []int  `json:"security_removes,omitempty"`
-}
-
-// CreateMiscategorization creates a miscatergorization.
-//
-// API Reference: https://api.cloudflare.com/#miscategorization-create-miscategorization
-func (api *API) CreateMiscategorization(ctx context.Context, params MisCategorizationParameters) error {
-	if params.AccountID == "" {
-		return ErrMissingAccountID
-	}
-	if (params.IndicatorType == "ipv6" || params.IndicatorType == "ipv4") && params.IP == "" {
-		return ErrMissingIP
-	}
-	if (params.IndicatorType == "domain" || params.IndicatorType == "url") && params.URL == "" {
-		return ErrMissingURL
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/intel/miscategorization", params.AccountID)
-	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/miscategorization_test.go b/pkg/cloudflare-go/miscategorization_test.go
deleted file mode 100644
index 576b7dedf0..0000000000
--- a/pkg/cloudflare-go/miscategorization_test.go
+++ /dev/null
@@ -1,62 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCreateMiscategorization(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/intel/miscategorization", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": []
-}`)
-	})
-	ctx := context.Background()
-	err := client.CreateMiscategorization(ctx, MisCategorizationParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv4"})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingIP, err)
-	}
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv6"})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingIP, err)
-	}
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "url"})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingURL, err)
-	}
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "domain"})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingURL, err)
-	}
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv4", IP: "192.0.2.0"})
-	assert.NoError(t, err, "Got error for creating miscategorization for ipv4")
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "ipv6", IP: "2400:cb00::/32"})
-	assert.NoError(t, err, "Got error for creating miscategorization for ipv6")
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "domain", URL: "example.com"})
-	assert.NoError(t, err, "Got error for creating miscategorization for domain")
-
-	err = client.CreateMiscategorization(ctx, MisCategorizationParameters{AccountID: testAccountID, IndicatorType: "url", URL: "https://example.com/news/"})
-	assert.NoError(t, err, "Got error for creating miscategorization for url")
-}
diff --git a/pkg/cloudflare-go/mtls_certificates.go b/pkg/cloudflare-go/mtls_certificates.go
deleted file mode 100644
index 4ab8794f9b..0000000000
--- a/pkg/cloudflare-go/mtls_certificates.go
+++ /dev/null
@@ -1,215 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// MTLSAssociation represents the metadata for an existing association
-// between a user-uploaded mTLS certificate and a Cloudflare service.
-type MTLSAssociation struct {
-	Service string `json:"service"`
-	Status  string `json:"status"`
-}
-
-// MTLSAssociationResponse represents the response from the retrieval endpoint
-// for mTLS certificate associations.
-type MTLSAssociationResponse struct {
-	Response
-	Result []MTLSAssociation `json:"result"`
-}
-
-// MTLSCertificate represents the metadata for a user-uploaded mTLS
-// certificate.
-type MTLSCertificate struct {
-	ID           string    `json:"id"`
-	Name         string    `json:"name"`
-	Issuer       string    `json:"issuer"`
-	Signature    string    `json:"signature"`
-	SerialNumber string    `json:"serial_number"`
-	Certificates string    `json:"certificates"`
-	CA           bool      `json:"ca"`
-	UploadedOn   time.Time `json:"uploaded_on"`
-	UpdatedAt    time.Time `json:"updated_at"`
-	ExpiresOn    time.Time `json:"expires_on"`
-}
-
-// MTLSCertificateResponse represents the response from endpoints relating to
-// retrieving, creating, and deleting an mTLS certificate.
-type MTLSCertificateResponse struct {
-	Response
-	Result MTLSCertificate `json:"result"`
-}
-
-// MTLSCertificatesResponse represents the response from the mTLS certificate
-// list endpoint.
-type MTLSCertificatesResponse struct {
-	Response
-	Result     []MTLSCertificate `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// MTLSCertificateParams represents the data related to the mTLS certificate
-// being uploaded. Name is an optional field.
-type CreateMTLSCertificateParams struct {
-	Name         string `json:"name"`
-	Certificates string `json:"certificates"`
-	PrivateKey   string `json:"private_key"`
-	CA           bool   `json:"ca"`
-}
-
-type ListMTLSCertificatesParams struct {
-	PaginationOptions
-	Limit  int    `url:"limit,omitempty"`
-	Offset int    `url:"offset,omitempty"`
-	Name   string `url:"name,omitempty"`
-	CA     bool   `url:"ca,omitempty"`
-}
-
-type ListMTLSCertificateAssociationsParams struct {
-	CertificateID string
-}
-
-var (
-	ErrMissingCertificateID = errors.New("missing required certificate ID")
-)
-
-// ListMTLSCertificates returns a list of all user-uploaded mTLS certificates.
-//
-// API reference: https://api.cloudflare.com/#mtls-certificate-management-list-mtls-certificates
-func (api *API) ListMTLSCertificates(ctx context.Context, rc *ResourceContainer, params ListMTLSCertificatesParams) ([]MTLSCertificate, ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return []MTLSCertificate{}, ResultInfo{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []MTLSCertificate{}, ResultInfo{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/mtls_certificates", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
-	if err != nil {
-		return []MTLSCertificate{}, ResultInfo{}, err
-	}
-	var r MTLSCertificatesResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []MTLSCertificate{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, r.ResultInfo, err
-}
-
-// GetMTLSCertificate returns the metadata associated with a user-uploaded mTLS
-// certificate.
-//
-// API reference: https://api.cloudflare.com/#mtls-certificate-management-get-mtls-certificate
-func (api *API) GetMTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (MTLSCertificate, error) {
-	if rc.Level != AccountRouteLevel {
-		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return MTLSCertificate{}, ErrMissingAccountID
-	}
-
-	if certificateID == "" {
-		return MTLSCertificate{}, ErrMissingCertificateID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s", rc.Identifier, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return MTLSCertificate{}, err
-	}
-	var r MTLSCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListMTLSCertificateAssociations returns a list of all existing associations
-// between the mTLS certificate and Cloudflare services.
-//
-// API reference: https://api.cloudflare.com/#mtls-certificate-management-list-mtls-certificate-associations
-func (api *API) ListMTLSCertificateAssociations(ctx context.Context, rc *ResourceContainer, params ListMTLSCertificateAssociationsParams) ([]MTLSAssociation, error) {
-	if rc.Level != AccountRouteLevel {
-		return []MTLSAssociation{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []MTLSAssociation{}, ErrMissingAccountID
-	}
-
-	if params.CertificateID == "" {
-		return []MTLSAssociation{}, ErrMissingCertificateID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s/associations", rc.Identifier, params.CertificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []MTLSAssociation{}, err
-	}
-	var r MTLSAssociationResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []MTLSAssociation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateMTLSCertificate will create the provided certificate for use with mTLS
-// enabled Cloudflare services.
-//
-// API reference: https://api.cloudflare.com/#mtls-certificate-management-upload-mtls-certificate
-func (api *API) CreateMTLSCertificate(ctx context.Context, rc *ResourceContainer, params CreateMTLSCertificateParams) (MTLSCertificate, error) {
-	if rc.Level != AccountRouteLevel {
-		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return MTLSCertificate{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/mtls_certificates", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return MTLSCertificate{}, err
-	}
-	var r MTLSCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteMTLSCertificate will delete the specified mTLS certificate.
-//
-// API reference: https://api.cloudflare.com/#mtls-certificate-management-delete-mtls-certificate
-func (api *API) DeleteMTLSCertificate(ctx context.Context, rc *ResourceContainer, certificateID string) (MTLSCertificate, error) {
-	if rc.Level != AccountRouteLevel {
-		return MTLSCertificate{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return MTLSCertificate{}, ErrMissingAccountID
-	}
-
-	if certificateID == "" {
-		return MTLSCertificate{}, ErrMissingCertificateID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/mtls_certificates/%s", rc.Identifier, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return MTLSCertificate{}, err
-	}
-	var r MTLSCertificateResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return MTLSCertificate{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/mtls_certificates_test.go b/pkg/cloudflare-go/mtls_certificates_test.go
deleted file mode 100644
index 2652eae7b0..0000000000
--- a/pkg/cloudflare-go/mtls_certificates_test.go
+++ /dev/null
@@ -1,245 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetMTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-				"name": "example_ca_cert_5",
-				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
-				"signature": "SHA256WithRSA",
-				"serial_number": "235217144297995885180570755458463043449861756659",
-				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-				"ca": true,
-				"uploaded_on": "2022-11-22T17:32:30.467938Z",
-				"expires_on": "2122-10-29T16:59:47Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
-	want := MTLSCertificate{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Name:         "example_ca_cert_5",
-		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "235217144297995885180570755458463043449861756659",
-		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-		CA:           true,
-		UploadedOn:   uploadedOn,
-		ExpiresOn:    expiresOn,
-	}
-
-	actual, err := client.GetMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListMTLSCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-					"name": "example_ca_cert_5",
-					"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
-					"signature": "SHA256WithRSA",
-					"serial_number": "235217144297995885180570755458463043449861756659",
-					"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-					"ca": true,
-					"uploaded_on": "2022-11-22T17:32:30.467938Z",
-					"expires_on": "2122-10-29T16:59:47Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 50,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
-	want := []MTLSCertificate{
-		{
-			ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-			Name:         "example_ca_cert_5",
-			Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
-			Signature:    "SHA256WithRSA",
-			SerialNumber: "235217144297995885180570755458463043449861756659",
-			Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-			CA:           true,
-			UploadedOn:   uploadedOn,
-			ExpiresOn:    expiresOn,
-		},
-	}
-
-	actual, _, err := client.ListMTLSCertificates(context.Background(), AccountIdentifier(testAccountID), ListMTLSCertificatesParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListCertificateAssociations(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"service": "gateway",
-					"status": "pending_deployment"
-				}
-			]
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60/associations", handler)
-	want := []MTLSAssociation{
-		{
-			Service: "gateway",
-			Status:  "pending_deployment",
-		},
-	}
-
-	actual, err := client.ListMTLSCertificateAssociations(context.Background(), AccountIdentifier(testAccountID), ListMTLSCertificateAssociationsParams{
-		CertificateID: "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUploadMTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-				"name": "example_ca_cert_5",
-				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
-				"signature": "SHA256WithRSA",
-				"serial_number": "235217144297995885180570755458463043449861756659",
-				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-				"ca": true,
-				"uploaded_on": "2022-11-22T17:32:30.467938Z",
-				"updated_at": "2022-11-22T17:32:30.467938Z",
-				"expires_on": "2122-10-29T16:59:47Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
-	want := MTLSCertificate{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Name:         "example_ca_cert_5",
-		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "235217144297995885180570755458463043449861756659",
-		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-		CA:           true,
-		UploadedOn:   uploadedOn,
-		UpdatedAt:    uploadedOn,
-		ExpiresOn:    expiresOn,
-	}
-
-	cert := CreateMTLSCertificateParams{
-		Name:         "example_ca_cert_5",
-		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-		PrivateKey:   "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEXDkcICRU3XBv9hiiPnBWIjgTQyowmVFxDr11mONgZB/cMYjE/OvQjvnpwNcOaSK16MOpAjNbELKRx2lZiVJaLRDCccqCxXwP/CrdRChcqGzo7mbNksMlcidrErb0LlEBKLFC2QjRmRKqB+YOs4TD8WsZu2S667A2fZmjRlaqOxFi1h62ee0P+TLU628UC/nl41JifSt5Evt7hMDHakemdwZblNYr2p6T3NQjdhjYXTtP4UmOGJBhJ7i7Kicg3d3CIgdTMbggSeGWqjndr4ldVnD96FN3cVT5uDFsn2CJXTFgdeBWoUnMS4VnUZzPWGf4vSBXC8qV7Ls+w46yT7T1AgMBAAECggEAQZnp/oqCeNPOR6l5S2L+1tfx0gWjZ78hJVteUpZ0iHSK7F6kKeOxyOird7vUXV0kmo+cJq+0hp0Ke4eam640FCpwKfYoSQ4/R3vgujGWJnaihCN5tv5sMet0XeJPuz5qE7ALoKCvwI6aXLHs20aAeZIDTQJ9QbGSGnJVzOWn+JDTidIgZpN57RpXfSAwnJPTQK/PN8i5z108hsaDOdEgGmxYZ7kYqMqzX20KXmth58LDfPixs5JGtS60iiKC/wOcGzkB2/AdTSojR76oEU77cANP/3zO25NG//whUdYlW0t0d7PgXxIeJe+xgYnamDQJx3qonVyt4H77ha0ObRAj9QKBgQDicZr+VTwFMnELP3a+FXGnjehRiuS1i7MXGKxNweCD+dFlML0FplSQS8Ro2n+d8lu8BBXGx0qm6VXu8Rhn7TAUL6q+PCgfarzxfIhacb/TZCqfieIHsMlVBfhV5HCXnk+kis0tuC/PRArcWTwDHJUJXkBhvkUsNswvQzavDPI7KwKBgQDd/WgLkj7A3X5fgIHZH/GbDSBiXwzKb+rF4ZCT2XFgG/OAW7vapfcX/w+v+5lBLyrocmOAS3PGGAhM5T3HLnUCQfnK4qgps1Lqibkc9Tmnsn60LanUjuUMsYv/zSw70tozbzhJ0pioEpWfRxRZBztO2Rr8Ntm7h6Fk701EXGNAXwKBgQCD1xsjy2J3sCerIdcz0u5qXLAPkeuZW+34m4/ucdwTWwc0gEz9lhsULFj9p4G351zLuiEnq+7mAWLcDJlmIO3mQt6JhiLiL9Y0T4pgBmxmWqKKYtAsJB0EmMY+1BNN44mBRqMxZFTJu1cLdhT/xstrOeoIPqytknYNanfTMZlzIwKBgHrLXe5oq0XMP8dcMneEcAUwsaU4pr6kQd3L9EmUkl5zl7J9C+DaxWAEuwzBw/iGutlxzRB+rD/7szu14wJ29EqXbDGKRzMp+se5/yfBjm7xEZ1hVPw7PwBShfqt57X/4Ktq7lwHnmH6RcGhc+P7WBc5iO/S94YAdIp8xOT3pf9JAoGAE0QkqJUY+5Mgr+fBO0VNV72ZoPveGpW+De59uhKAOnu1zljQCUtk59m6+DXfm0tNYKtawa5n8iN71Zh+s62xXSt3pYi1Y5CCCmv8Y4BhwIcPwXKk3zEvLgSHVTpC0bayA9aSO4bbZgVXa5w+Z0w/vvfp9DWo1IS3EnQRrz6WMYA=\n-----END PRIVATE KEY-----",
-		CA:           true,
-	}
-	actual, err := client.CreateMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), cert)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteMTLSCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-				"name": "example_ca_cert_5",
-				"issuer": "O=Example Inc.,L=California,ST=San Francisco,C=US",
-				"signature": "SHA256WithRSA",
-				"serial_number": "235217144297995885180570755458463043449861756659",
-				"certificates": "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-				"ca": true,
-				"uploaded_on": "2022-11-22T17:32:30.467938Z",
-				"expires_on": "2122-10-29T16:59:47Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/mtls_certificates/2458ce5a-0c35-4c7f-82c7-8e9487d3ff60", handler)
-	expiresOn, _ := time.Parse(time.RFC3339, "2122-10-29T16:59:47Z")
-	uploadedOn, _ := time.Parse(time.RFC3339, "2022-11-22T17:32:30.467938Z")
-	want := MTLSCertificate{
-		ID:           "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60",
-		Name:         "example_ca_cert_5",
-		Issuer:       "O=Example Inc.,L=California,ST=San Francisco,C=US",
-		Signature:    "SHA256WithRSA",
-		SerialNumber: "235217144297995885180570755458463043449861756659",
-		Certificates: "-----BEGIN CERTIFICATE-----\nMIIDmDCCAoCgAwIBAgIUKTOAZNjcXVZRj4oQt0SHsl1c1vMwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjAgFw0yMjExMjIxNjU5NDdaGA8yMTIyMTAyOTE2NTk0N1owUTELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDVNhbiBGcmFuY2lzY28xEzARBgNVBAcMCkNhbGlmb3JuaWExFTATBgNVBAoMDEV4YW1wbGUgSW5jLjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMRcORwgJFTdcG/2GKI+cFYiOBNDKjCZUXEOvXWY42BkH9wxiMT869CO+enA1w5pIrXow6kCM1sQspHHaVmJUlotEMJxyoLFfA/8Kt1EKFyobOjuZs2SwyVyJ2sStvQuUQEosULZCNGZEqoH5g6zhMPxaxm7ZLrrsDZ9maNGVqo7EWLWHrZ57Q/5MtTrbxQL+eXjUmJ9K3kS+3uEwMdqR6Z3BluU1ivanpPc1CN2GNhdO0/hSY4YkGEnuLsqJyDd3cIiB1MxuCBJ4ZaqOd2viV1WcP3oU3dxVPm4MWyfYIldMWB14FahScxLhWdRnM9YZ/i9IFcLypXsuz7DjrJPtPUCAwEAAaNmMGQwHQYDVR0OBBYEFP5JzLUawNF+c3AXsYTEWHh7z2czMB8GA1UdIwQYMBaAFP5JzLUawNF+c3AXsYTEWHh7z2czMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBc+Be7NDhpE09y7hLPZGRPl1cSKBw4RI0XIv6rlbSTFs5EebpTGjhx/whNxwEZhB9HZ7111Oa1YlT8xkI9DshB78mjAHCKBAJ76moK8tkG0aqdYpJ4ZcJTVBB7l98Rvgc7zfTii7WemTy72deBbSeiEtXavm4EF0mWjHhQ5Nxpnp00Bqn5g1x8CyTDypgmugnep+xG+iFzNmTdsz7WI9T/7kDMXqB7M/FPWBORyS98OJqNDswCLF8bIZYwUBEe+bRHFomoShMzaC3tvim7WCb16noDkSTMlfKO4pnvKhpcVdSgwcruATV7y+W+Lvmz2OT/Gui4JhqeoTewsxndhDDE\n-----END CERTIFICATE-----",
-		CA:           true,
-		UploadedOn:   uploadedOn,
-		ExpiresOn:    expiresOn,
-	}
-
-	actual, err := client.DeleteMTLSCertificate(context.Background(), AccountIdentifier(testAccountID), "2458ce5a-0c35-4c7f-82c7-8e9487d3ff60")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/notifications.go b/pkg/cloudflare-go/notifications.go
deleted file mode 100644
index 7afd66f1f4..0000000000
--- a/pkg/cloudflare-go/notifications.go
+++ /dev/null
@@ -1,447 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// NotificationMechanismData holds a single public facing mechanism data
-// integation.
-type NotificationMechanismData struct {
-	Name string `json:"name"`
-	ID   string `json:"id"`
-}
-
-// NotificationMechanismIntegrations is a list of all the integrations of a
-// certain mechanism type e.g. all email integrations.
-type NotificationMechanismIntegrations []NotificationMechanismData
-
-// NotificationPolicy represents the notification policy created along with
-// the destinations.
-type NotificationPolicy struct {
-	ID          string                                       `json:"id"`
-	Name        string                                       `json:"name"`
-	Description string                                       `json:"description"`
-	Enabled     bool                                         `json:"enabled"`
-	AlertType   string                                       `json:"alert_type"`
-	Mechanisms  map[string]NotificationMechanismIntegrations `json:"mechanisms"`
-	Created     time.Time                                    `json:"created"`
-	Modified    time.Time                                    `json:"modified"`
-	Conditions  map[string]interface{}                       `json:"conditions"`
-	Filters     map[string][]string                          `json:"filters"`
-}
-
-// NotificationPoliciesResponse holds the response for listing all
-// notification policies for an account.
-type NotificationPoliciesResponse struct {
-	Response
-	ResultInfo
-	Result []NotificationPolicy
-}
-
-// NotificationPolicyResponse holds the response type when a single policy
-// is retrieved.
-type NotificationPolicyResponse struct {
-	Response
-	Result NotificationPolicy
-}
-
-// NotificationWebhookIntegration describes the webhook information along
-// with its status.
-type NotificationWebhookIntegration struct {
-	ID          string     `json:"id"`
-	Name        string     `json:"name"`
-	Type        string     `json:"type"`
-	URL         string     `json:"url"`
-	CreatedAt   time.Time  `json:"created_at"`
-	LastSuccess *time.Time `json:"last_success"`
-	LastFailure *time.Time `json:"last_failure"`
-}
-
-// NotificationWebhookResponse describes a single webhook retrieved.
-type NotificationWebhookResponse struct {
-	Response
-	ResultInfo
-	Result NotificationWebhookIntegration
-}
-
-// NotificationWebhooksResponse describes a list of webhooks retrieved.
-type NotificationWebhooksResponse struct {
-	Response
-	ResultInfo
-	Result []NotificationWebhookIntegration
-}
-
-// NotificationUpsertWebhooks describes a valid webhook request.
-type NotificationUpsertWebhooks struct {
-	Name   string `json:"name"`
-	URL    string `json:"url"`
-	Secret string `json:"secret"`
-}
-
-// NotificationPagerDutyResource describes a PagerDuty integration.
-type NotificationPagerDutyResource struct {
-	ID   string `json:"id"`
-	Name string `json:"name"`
-}
-
-// NotificationPagerDutyResponse describes the PagerDuty integration
-// retrieved.
-type NotificationPagerDutyResponse struct {
-	Response
-	ResultInfo
-	Result NotificationPagerDutyResource
-}
-
-// NotificationResource describes the id of an inserted/updated/deleted
-// resource.
-type NotificationResource struct {
-	ID string
-}
-
-// SaveResponse is returned when a resource is inserted/updated/deleted.
-type SaveResponse struct {
-	Response
-	Result NotificationResource
-}
-
-// NotificationMechanismMetaData represents the state of the delivery
-// mechanism.
-type NotificationMechanismMetaData struct {
-	Eligible bool   `json:"eligible"`
-	Ready    bool   `json:"ready"`
-	Type     string `json:"type"`
-}
-
-// NotificationMechanisms are the different possible delivery mechanisms.
-type NotificationMechanisms struct {
-	Email     NotificationMechanismMetaData `json:"email"`
-	PagerDuty NotificationMechanismMetaData `json:"pagerduty"`
-	Webhooks  NotificationMechanismMetaData `json:"webhooks,omitempty"`
-}
-
-// NotificationEligibilityResponse describes the eligible mechanisms that
-// can be configured for a notification.
-type NotificationEligibilityResponse struct {
-	Response
-	Result NotificationMechanisms
-}
-
-// NotificationsGroupedByProduct are grouped by products.
-type NotificationsGroupedByProduct map[string][]NotificationAlertWithDescription
-
-// NotificationAlertWithDescription represents the alert/notification
-// available.
-type NotificationAlertWithDescription struct {
-	DisplayName string `json:"display_name"`
-	Type        string `json:"type"`
-	Description string `json:"description"`
-}
-
-// NotificationAvailableAlertsResponse describes the available
-// alerts/notifications grouped by products.
-type NotificationAvailableAlertsResponse struct {
-	Response
-	Result NotificationsGroupedByProduct
-}
-
-// NotificationHistory describes the history
-// of notifications sent for an account.
-type NotificationHistory struct {
-	ID            string    `json:"id"`
-	Name          string    `json:"name"`
-	Description   string    `json:"description"`
-	AlertBody     string    `json:"alert_body"`
-	AlertType     string    `json:"alert_type"`
-	Mechanism     string    `json:"mechanism"`
-	MechanismType string    `json:"mechanism_type"`
-	Sent          time.Time `json:"sent"`
-}
-
-// NotificationHistoryResponse describes the notification history
-// response for an account for a specific time period.
-type NotificationHistoryResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []NotificationHistory
-}
-
-// ListNotificationPolicies will return the notification policies
-// created by a user for a specific account.
-//
-// API Reference: https://api.cloudflare.com/#notification-policies-properties
-func (api *API) ListNotificationPolicies(ctx context.Context, accountID string) (NotificationPoliciesResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationPoliciesResponse{}, err
-	}
-	var r NotificationPoliciesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// GetNotificationPolicy returns a specific created by a user, given the account
-// id and the policy id.
-//
-// API Reference: https://api.cloudflare.com/#notification-policies-properties
-func (api *API) GetNotificationPolicy(ctx context.Context, accountID, policyID string) (NotificationPolicyResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policyID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationPolicyResponse{}, err
-	}
-	var r NotificationPolicyResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// CreateNotificationPolicy creates a notification policy for an account.
-//
-// API Reference: https://api.cloudflare.com/#notification-policies-create-notification-policy
-func (api *API) CreateNotificationPolicy(ctx context.Context, accountID string, policy NotificationPolicy) (SaveResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, policy)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// UpdateNotificationPolicy updates a notification policy, given the
-// account id and the policy id and returns the policy id.
-//
-// API Reference: https://api.cloudflare.com/#notification-policies-update-notification-policy
-func (api *API) UpdateNotificationPolicy(ctx context.Context, accountID string, policy *NotificationPolicy) (SaveResponse, error) {
-	if policy == nil {
-		return SaveResponse{}, fmt.Errorf("policy cannot be nil")
-	}
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policy.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, baseURL, policy)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// DeleteNotificationPolicy deletes a notification policy for an account.
-//
-// API Reference: https://api.cloudflare.com/#notification-policies-delete-notification-policy
-func (api *API) DeleteNotificationPolicy(ctx context.Context, accountID, policyID string) (SaveResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/policies/%s", accountID, policyID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// ListNotificationWebhooks will return the webhook destinations configured
-// for an account.
-//
-// API Reference: https://api.cloudflare.com/#notification-webhooks-list-webhooks
-func (api *API) ListNotificationWebhooks(ctx context.Context, accountID string) (NotificationWebhooksResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationWebhooksResponse{}, err
-	}
-	var r NotificationWebhooksResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// CreateNotificationWebhooks will help connect a webhooks destination.
-// A test message will be sent to the webhooks endpoint during creation.
-// If added successfully, the webhooks can be setup as a destination mechanism
-// while creating policies.
-//
-// Notifications will be posted to this URL.
-//
-// API Reference: https://api.cloudflare.com/#notification-webhooks-create-webhook
-func (api *API) CreateNotificationWebhooks(ctx context.Context, accountID string, webhooks *NotificationUpsertWebhooks) (SaveResponse, error) {
-	if webhooks == nil {
-		return SaveResponse{}, fmt.Errorf("webhooks cannot be nil")
-	}
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, baseURL, webhooks)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// GetNotificationWebhooks will return a specific webhook destination,
-// given the account and webhooks ids.
-//
-// API Reference: https://api.cloudflare.com/#notification-webhooks-get-webhook
-func (api *API) GetNotificationWebhooks(ctx context.Context, accountID, webhookID string) (NotificationWebhookResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationWebhookResponse{}, err
-	}
-	var r NotificationWebhookResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// UpdateNotificationWebhooks will update a particular webhook's name,
-// given the account and webhooks ids.
-//
-// The webhook url and secret cannot be updated.
-//
-// API Reference: https://api.cloudflare.com/#notification-webhooks-update-webhook
-func (api *API) UpdateNotificationWebhooks(ctx context.Context, accountID, webhookID string, webhooks *NotificationUpsertWebhooks) (SaveResponse, error) {
-	if webhooks == nil {
-		return SaveResponse{}, fmt.Errorf("webhooks cannot be nil")
-	}
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, baseURL, webhooks)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// DeleteNotificationWebhooks will delete a webhook, given the account and
-// webhooks ids. Deleting the webhooks will remove it from any connected
-// notification policies.
-//
-// API Reference: https://api.cloudflare.com/#notification-webhooks-delete-webhook
-func (api *API) DeleteNotificationWebhooks(ctx context.Context, accountID, webhookID string) (SaveResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/webhooks/%s", accountID, webhookID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, baseURL, nil)
-	if err != nil {
-		return SaveResponse{}, err
-	}
-
-	return unmarshalNotificationSaveResponse(res)
-}
-
-// ListPagerDutyNotificationDestinations will return the pagerduty
-// destinations configured for an account.
-//
-// API Reference: https://api.cloudflare.com/#notification-destinations-with-pagerduty-list-pagerduty-services
-func (api *API) ListPagerDutyNotificationDestinations(ctx context.Context, accountID string) (NotificationPagerDutyResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/pagerduty", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationPagerDutyResponse{}, err
-	}
-	var r NotificationPagerDutyResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// GetEligibleNotificationDestinations will return the types of
-// destinations an account is eligible to configure.
-//
-// API Reference: https://api.cloudflare.com/#notification-mechanism-eligibility-properties
-func (api *API) GetEligibleNotificationDestinations(ctx context.Context, accountID string) (NotificationEligibilityResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/destinations/eligible", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationEligibilityResponse{}, err
-	}
-	var r NotificationEligibilityResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// GetAvailableNotificationTypes will return the alert types available for
-// a given account.
-//
-// API Reference: https://api.cloudflare.com/#notification-mechanism-eligibility-properties
-func (api *API) GetAvailableNotificationTypes(ctx context.Context, accountID string) (NotificationAvailableAlertsResponse, error) {
-	baseURL := fmt.Sprintf("/accounts/%s/alerting/v3/available_alerts", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, baseURL, nil)
-	if err != nil {
-		return NotificationAvailableAlertsResponse{}, err
-	}
-	var r NotificationAvailableAlertsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
-
-// TimeRange is an object for filtering the alert history based on timestamp.
-type TimeRange struct {
-	Since  string `json:"since,omitempty" url:"since,omitempty"`
-	Before string `json:"before,omitempty" url:"before,omitempty"`
-}
-
-// AlertHistoryFilter is an object for filtering the alert history response from the api.
-type AlertHistoryFilter struct {
-	TimeRange
-	PaginationOptions
-}
-
-// ListNotificationHistory will return the history of alerts sent for
-// a given account. The time period varies based on zone plan.
-// Free, Biz, Pro = 30 days
-// Ent = 90 days
-//
-// API Reference: https://api.cloudflare.com/#notification-history-list-history
-func (api *API) ListNotificationHistory(ctx context.Context, accountID string, alertHistoryFilter AlertHistoryFilter) ([]NotificationHistory, ResultInfo, error) {
-	uri := buildURI(fmt.Sprintf("/accounts/%s/alerting/v3/history", accountID), alertHistoryFilter)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []NotificationHistory{}, ResultInfo{}, err
-	}
-	var r NotificationHistoryResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []NotificationHistory{}, ResultInfo{}, err
-	}
-	return r.Result, r.ResultInfo, nil
-}
-
-// unmarshal will unmarshal bytes and return a SaveResponse.
-func unmarshalNotificationSaveResponse(res []byte) (SaveResponse, error) {
-	var r SaveResponse
-	err := json.Unmarshal(res, &r)
-	if err != nil {
-		return r, err
-	}
-	return r, nil
-}
diff --git a/pkg/cloudflare-go/notifications_test.go b/pkg/cloudflare-go/notifications_test.go
deleted file mode 100644
index 1b857d0163..0000000000
--- a/pkg/cloudflare-go/notifications_test.go
+++ /dev/null
@@ -1,574 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const (
-	testWebhookID = "fe49ee055d23404e9d58f9110b210c8d"
-	testPolicyID  = "6ec8a5145d0d2263a36fad55c03cb43d"
-)
-
-var (
-	notificationTimestamp = time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC)
-)
-
-func TestGetEligibleNotificationDestinations(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expected := NotificationMechanisms{
-		Email:     NotificationMechanismMetaData{true, true, "email"},
-		PagerDuty: NotificationMechanismMetaData{true, true, "pagerduty"},
-		Webhooks:  NotificationMechanismMetaData{true, true, "webhooks"},
-	}
-	b, err := json.Marshal(expected)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result":%s
-}`, string(b))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/eligible", handler)
-
-	actual, err := client.GetEligibleNotificationDestinations(context.Background(), testAccountID)
-	require.Nil(t, err)
-	require.NotNil(t, actual)
-	assert.Equal(t, expected, actual.Result)
-}
-func TestGetAvailableNotificationTypes(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expected := make(NotificationsGroupedByProduct, 1)
-	alert1 := NotificationAlertWithDescription{Type: "secondary_dns_zone_successfully_updated", DisplayName: "Secondary DNS Successfully Updated", Description: "Secondary zone transfers are succeeding, the zone has been updated."}
-	alert2 := NotificationAlertWithDescription{Type: "secondary_dns_zone_validation_warning", DisplayName: "Secondary DNSSEC Validation Warning", Description: "The transferred DNSSEC zone is incorrectly configured."}
-	expected["DNS"] = []NotificationAlertWithDescription{alert1, alert2}
-
-	b, err := json.Marshal(expected)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/available_alerts", handler)
-
-	actual, err := client.GetAvailableNotificationTypes(context.Background(), testAccountID)
-	require.Nil(t, err)
-	require.NotNil(t, actual)
-	assert.Equal(t, expected, actual.Result)
-}
-func TestListPagerDutyDestinations(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expected := NotificationPagerDutyResource{ID: "valid-uuid", Name: "my pagerduty connection"}
-	b, err := json.Marshal(expected)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/pagerduty", handler)
-
-	actual, err := client.ListPagerDutyNotificationDestinations(context.Background(), testAccountID)
-	require.Nil(t, err)
-	require.NotNil(t, actual)
-	assert.Equal(t, expected, actual.Result)
-}
-
-func TestCreateNotificationPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mechanisms := make(map[string]NotificationMechanismIntegrations)
-	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
-	policy := NotificationPolicy{
-		Description: "Notifies when my zones are under attack",
-		Name:        "CF DOS attack alert - L4",
-		Enabled:     true,
-		AlertType:   "dos_attack_l4",
-		Mechanisms:  mechanisms,
-		Conditions:  nil,
-		Filters:     nil,
-	}
-	b, err := json.Marshal(policy)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies", handler)
-	res, err := client.CreateNotificationPolicy(context.Background(), testAccountID, policy)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-}
-
-func TestGetNotificationPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mechanisms := make(map[string]NotificationMechanismIntegrations)
-	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
-	policy := NotificationPolicy{
-		ID:          testPolicyID,
-		Description: "Notifies when my zones are under attack",
-		Name:        "CF DOS attack alert - L4",
-		Enabled:     true,
-		AlertType:   "dos_attack_l4",
-		Mechanisms:  mechanisms,
-		Conditions:  nil,
-		Filters:     nil,
-		Created:     notificationTimestamp,
-		Modified:    notificationTimestamp,
-	}
-	b, err := json.Marshal(policy)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
-
-	res, err := client.GetNotificationPolicy(context.Background(), testAccountID, testPolicyID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, policy, res.Result)
-}
-
-func TestListNotificationPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mechanisms := make(map[string]NotificationMechanismIntegrations)
-	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
-	policy := NotificationPolicy{
-		ID:          testPolicyID,
-		Description: "Notifies when my zones are under attack",
-		Name:        "CF DOS attack alert - L4",
-		Enabled:     true,
-		AlertType:   "dos_attack_l4",
-		Mechanisms:  mechanisms,
-		Conditions:  nil,
-		Filters:     nil,
-		Created:     time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
-		Modified:    time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
-	}
-	policies := []NotificationPolicy{
-		policy,
-	}
-	b, err := json.Marshal(policies)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies", handler)
-
-	res, err := client.ListNotificationPolicies(context.Background(), testAccountID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, policies, res.Result)
-}
-
-func TestUpdateNotificationPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mechanisms := make(map[string]NotificationMechanismIntegrations)
-	mechanisms["email"] = []NotificationMechanismData{{Name: "email to send notification", ID: "test@gmail.com"}}
-	policy := NotificationPolicy{
-		ID:          testPolicyID,
-		Description: "Notifies when my zones are under attack",
-		Name:        "CF DOS attack alert - L4",
-		Enabled:     true,
-		AlertType:   "dos_attack_l4",
-		Mechanisms:  mechanisms,
-		Conditions:  nil,
-		Filters:     nil,
-		Created:     time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
-		Modified:    time.Date(2021, 05, 01, 10, 47, 01, 01, time.UTC),
-	}
-	b, err := json.Marshal(policy)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
-
-	res, err := client.UpdateNotificationPolicy(context.Background(), testAccountID, &policy)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, testPolicyID, res.Result.ID)
-}
-
-func TestDeleteNotificationPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	result := NotificationResource{ID: testPolicyID}
-	b, err := json.Marshal(result)
-	require.NoError(t, err)
-	require.NotNil(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/policies/"+testPolicyID, handler)
-
-	res, err := client.DeleteNotificationPolicy(context.Background(), testAccountID, testPolicyID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, testPolicyID, res.Result.ID)
-}
-
-func TestCreateNotificationWebhooks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	webhook := NotificationUpsertWebhooks{
-		Name:   "my test webhook",
-		URL:    "https://example.com",
-		Secret: "mischief-managed", // optional
-	}
-
-	result := NotificationResource{ID: testWebhookID}
-
-	b, err := json.Marshal(result)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks", handler)
-
-	res, err := client.CreateNotificationWebhooks(context.Background(), testAccountID, &webhook)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, testWebhookID, res.Result.ID)
-}
-
-func TestListNotificationWebhooks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	webhook := NotificationWebhookIntegration{
-		ID:          testWebhookID,
-		Name:        "my test webhook",
-		URL:         "https://example.com",
-		Type:        "generic",
-		CreatedAt:   notificationTimestamp,
-		LastSuccess: &notificationTimestamp,
-		LastFailure: &notificationTimestamp,
-	}
-	webhooks := []NotificationWebhookIntegration{webhook}
-	b, err := json.Marshal(webhooks)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks", handler)
-
-	res, err := client.ListNotificationWebhooks(context.Background(), testAccountID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, webhooks, res.Result)
-}
-
-func TestGetNotificationWebhooks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	webhook := NotificationWebhookIntegration{
-		ID:          testWebhookID,
-		Name:        "my test webhook",
-		URL:         "https://example.com",
-		Type:        "generic",
-		CreatedAt:   notificationTimestamp,
-		LastSuccess: &notificationTimestamp,
-		LastFailure: &notificationTimestamp,
-	}
-	b, err := json.Marshal(webhook)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
-
-	res, err := client.GetNotificationWebhooks(context.Background(), testAccountID, testWebhookID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, webhook, res.Result)
-}
-
-func TestUpdateNotificationWebhooks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	result := NotificationResource{ID: testWebhookID}
-	b, err := json.Marshal(result)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	webhook := NotificationUpsertWebhooks{
-		Name:   "my test webhook with a new name",
-		URL:    "https://example.com",
-		Secret: "mischief-managed",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
-
-	res, err := client.UpdateNotificationWebhooks(context.Background(), testAccountID, testWebhookID, &webhook)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, testWebhookID, res.Result.ID)
-}
-
-func TestDeleteNotificationWebhooks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	result := NotificationResource{ID: testWebhookID}
-	b, err := json.Marshal(result)
-	require.NoError(t, err)
-	require.NotEmpty(t, b)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-  									"result":%s
-								}`,
-			string(b))
-		require.NoError(t, err)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/destinations/webhooks/"+testWebhookID, handler)
-
-	res, err := client.DeleteNotificationWebhooks(context.Background(), testAccountID, testWebhookID)
-	require.NoError(t, err)
-	require.NotNil(t, res)
-
-	assert.Equal(t, testWebhookID, res.Result.ID)
-}
-
-func TestListNotificationHistory(t *testing.T) {
-	setup()
-	defer teardown()
-
-	expected := []NotificationHistory{
-		{
-			ID:            "some-id",
-			Name:          "some-name",
-			Description:   "some-description",
-			AlertBody:     "some-alert-body",
-			AlertType:     "some-alert-type",
-			Mechanism:     "some-mechanism",
-			MechanismType: "some-mechanism-type",
-			Sent:          notificationTimestamp,
-		},
-	}
-
-	expectedResultInfo := ResultInfo{
-		Page:    0,
-		PerPage: 25,
-		Count:   1,
-	}
-
-	pageOptions := PaginationOptions{
-		PerPage: 25,
-		Page:    1,
-	}
-
-	timeRange := TimeRange{
-		Since:  time.Now().Add(-15 * time.Minute).Format(time.RFC3339),
-		Before: time.Now().Format(time.RFC3339),
-	}
-
-	historyFilters := AlertHistoryFilter{TimeRange: timeRange, PaginationOptions: pageOptions}
-
-	alertHistory, err := json.Marshal(expected)
-	require.NoError(t, err)
-	require.NotNil(t, alertHistory)
-
-	resultInfo, err := json.Marshal(expectedResultInfo)
-	require.NoError(t, err)
-	require.NotNil(t, resultInfo)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err = fmt.Fprintf(w, `{
-  									"success": true,
-  									"errors": [],
-  									"messages": [],
-									"result_info": %s,
-  									"result": %s
-								}`,
-			string(resultInfo),
-			string(alertHistory))
-		if err != nil {
-			return
-		}
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/alerting/v3/history", handler)
-
-	actualResult, actualResultInfo, err := client.ListNotificationHistory(context.Background(), testAccountID, historyFilters)
-	require.Nil(t, err)
-	require.NotNil(t, actualResult)
-	require.Equal(t, expected, actualResult)
-	require.Equal(t, expectedResultInfo, actualResultInfo)
-}
diff --git a/pkg/cloudflare-go/observatory.go b/pkg/cloudflare-go/observatory.go
deleted file mode 100644
index d1f7d08ed7..0000000000
--- a/pkg/cloudflare-go/observatory.go
+++ /dev/null
@@ -1,401 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/google/go-querystring/query"
-)
-
-var (
-	ErrMissingObservatoryUrl    = errors.New("missing required page url")
-	ErrMissingObservatoryTestID = errors.New("missing required test id")
-)
-
-// ObservatoryPage describes all the tests for a web page.
-type ObservatoryPage struct {
-	URL               string                `json:"url"`
-	Region            labeledRegion         `json:"region"`
-	ScheduleFrequency string                `json:"scheduleFrequency"`
-	Tests             []ObservatoryPageTest `json:"tests"`
-}
-
-// ObservatoryPageTest describes a single test for a web page.
-type ObservatoryPageTest struct {
-	ID                string                      `json:"id"`
-	Date              *time.Time                  `json:"date"`
-	URL               string                      `json:"url"`
-	Region            labeledRegion               `json:"region"`
-	ScheduleFrequency *string                     `json:"scheduleFrequency"`
-	MobileReport      ObservatoryLighthouseReport `json:"mobileReport"`
-	DesktopReport     ObservatoryLighthouseReport `json:"desktopReport"`
-}
-
-// labeledRegion describes a region the test was run in.
-type labeledRegion struct {
-	Value string `json:"value"`
-	Label string `json:"label"`
-}
-
-// ObservatorySchedule describe a test schedule.
-type ObservatorySchedule struct {
-	URL       string `json:"url"`
-	Region    string `json:"region"`
-	Frequency string `json:"frequency"`
-}
-
-// ObservatoryLighthouseReport describes the web vital metrics result.
-type ObservatoryLighthouseReport struct {
-	PerformanceScore int    `json:"performanceScore"`
-	State            string `json:"state"`
-	DeviceType       string `json:"deviceType"`
-	// TTFB is time to first byte
-	TTFB int `json:"ttfb"`
-	// FCP is first contentful paint
-	FCP int `json:"fcp"`
-	// LCP is largest contentful pain
-	LCP int `json:"lcp"`
-	// TTI is time to interactive
-	TTI int `json:"tti"`
-	// TBT is total blocking time
-	TBT int `json:"tbt"`
-	// SI is speed index
-	SI int `json:"si"`
-	// CLS is cumulative layout shift
-	CLS   float64          `json:"cls"`
-	Error *lighthouseError `json:"error,omitempty"`
-}
-
-// lighthouseError describes the test error.
-type lighthouseError struct {
-	Code              string `json:"code"`
-	Detail            string `json:"detail"`
-	FinalDisplayedURL string `json:"finalDisplayedUrl"`
-}
-
-// ObservatoryPageTrend describes the web vital metrics trend.
-type ObservatoryPageTrend struct {
-	PerformanceScore []*int     `json:"performanceScore"`
-	TTFB             []*int     `json:"ttfb"`
-	FCP              []*int     `json:"fcp"`
-	LCP              []*int     `json:"lcp"`
-	TTI              []*int     `json:"tti"`
-	TBT              []*int     `json:"tbt"`
-	SI               []*int     `json:"si"`
-	CLS              []*float64 `json:"cls"`
-}
-
-type ListObservatoryPagesParams struct {
-}
-
-// ObservatoryPagesResponse is the API response, containing a list of ObservatoryPage.
-type ObservatoryPagesResponse struct {
-	Response
-	Result []ObservatoryPage `json:"result"`
-}
-
-// ListObservatoryPages returns a list of pages which have been tested.
-//
-// API reference: https://api.cloudflare.com/#speed-list-pages
-func (api *API) ListObservatoryPages(ctx context.Context, rc *ResourceContainer, params ListObservatoryPagesParams) ([]ObservatoryPage, error) {
-	uri := fmt.Sprintf("/zones/%s/speed_api/pages", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryPagesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-type GetObservatoryPageTrendParams struct {
-	URL        string     `url:"-"`
-	Region     string     `url:"region"`
-	DeviceType string     `url:"deviceType"`
-	Start      *time.Time `url:"start"`
-	End        *time.Time `url:"end,omitempty"`
-	Timezone   string     `url:"tz"`
-	Metrics    []string   `url:"metrics"`
-}
-
-type ObservatoryPageTrendResponse struct {
-	Response
-	Result ObservatoryPageTrend `json:"result"`
-}
-
-// GetObservatoryPageTrend returns a the trend of web vital metrics for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-list-page-trend
-func (api *API) GetObservatoryPageTrend(ctx context.Context, rc *ResourceContainer, params GetObservatoryPageTrendParams) (*ObservatoryPageTrend, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-	v, _ := query.Values(params)
-	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/trend?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryPageTrendResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-var listObservatoryPageTestDefaultPageSize = 20
-
-type ListObservatoryPageTestParams struct {
-	URL    string `url:"-"`
-	Region string `url:"region"`
-	ResultInfo
-}
-
-type ObservatoryPageTestsResponse struct {
-	Response
-	Result     []ObservatoryPageTest `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// ListObservatoryPageTests returns a list of tests for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-list-test-history
-func (api *API) ListObservatoryPageTests(ctx context.Context, rc *ResourceContainer, params ListObservatoryPageTestParams) ([]ObservatoryPageTest, *ResultInfo, error) {
-	if params.URL == "" {
-		return nil, nil, ErrMissingObservatoryUrl
-	}
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = listObservatoryPageTestDefaultPageSize
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-	var tests []ObservatoryPageTest
-	var lastResultInfo ResultInfo
-	for {
-		// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-		v, _ := query.Values(params)
-		uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return nil, nil, err
-		}
-		var r ObservatoryPageTestsResponse
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		tests = append(tests, r.Result...)
-		lastResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return tests, &lastResultInfo, nil
-}
-
-type CreateObservatoryPageTestParams struct {
-	URL      string
-	Settings CreateObservatoryPageTestSettings
-}
-type CreateObservatoryPageTestSettings struct {
-	Region string `json:"region"`
-}
-
-type ObservatoryPageTestResponse struct {
-	Response
-	Result ObservatoryPageTest `json:"result"`
-}
-
-// CreateObservatoryPageTest starts a test for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-create-test
-func (api *API) CreateObservatoryPageTest(ctx context.Context, rc *ResourceContainer, params CreateObservatoryPageTestParams) (*ObservatoryPageTest, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests", rc.Identifier, url.PathEscape(params.URL))
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Settings)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryPageTestResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type DeleteObservatoryPageTestsParams struct {
-	URL    string `url:"-"`
-	Region string `url:"region"`
-}
-
-type ObservatoryCountResponse struct {
-	Response
-	Result struct {
-		Count int `json:"count"`
-	} `json:"result"`
-}
-
-// DeleteObservatoryPageTests deletes all tests for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-delete-tests
-func (api *API) DeleteObservatoryPageTests(ctx context.Context, rc *ResourceContainer, params DeleteObservatoryPageTestsParams) (*int, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-	v, _ := query.Values(params)
-	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryCountResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result.Count, nil
-}
-
-type GetObservatoryPageTestParams struct {
-	URL    string
-	TestID string
-}
-
-// GetObservatoryPageTest returns a specific test for a page.
-//
-// API reference: https://api.cloudflare.com/#speed-get-test
-func (api *API) GetObservatoryPageTest(ctx context.Context, rc *ResourceContainer, params GetObservatoryPageTestParams) (*ObservatoryPageTest, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	if params.TestID == "" {
-		return nil, ErrMissingObservatoryTestID
-	}
-	uri := fmt.Sprintf("/zones/%s/speed_api/pages/%s/tests/%s", rc.Identifier, url.PathEscape(params.URL), params.TestID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryPageTestResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type CreateObservatoryScheduledPageTestParams struct {
-	URL       string `url:"-" json:"-"`
-	Region    string `url:"region" json:"-"`
-	Frequency string `url:"frequency" json:"-"`
-}
-
-type ObservatoryScheduledPageTest struct {
-	Schedule ObservatorySchedule `json:"schedule"`
-	Test     ObservatoryPageTest `json:"test"`
-}
-
-type CreateObservatoryScheduledPageTestResponse struct {
-	Response
-	Result ObservatoryScheduledPageTest `json:"result"`
-}
-
-// CreateObservatoryScheduledPageTest creates a scheduled test for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-create-scheduled-test
-func (api *API) CreateObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params CreateObservatoryScheduledPageTestParams) (*ObservatoryScheduledPageTest, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-	v, _ := query.Values(params)
-	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r CreateObservatoryScheduledPageTestResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type GetObservatoryScheduledPageTestParams struct {
-	URL    string `url:"-"`
-	Region string `url:"region"`
-}
-
-type ObservatoryScheduleResponse struct {
-	Response
-	Result ObservatorySchedule `json:"result"`
-}
-
-// GetObservatoryScheduledPageTest returns the test schedule for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-get-scheduled-test
-func (api *API) GetObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params GetObservatoryScheduledPageTestParams) (*ObservatorySchedule, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-	v, _ := query.Values(params)
-	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryScheduleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type DeleteObservatoryScheduledPageTestParams struct {
-	URL    string `url:"-"`
-	Region string `url:"region"`
-}
-
-// DeleteObservatoryScheduledPageTest deletes the test schedule for a page in a specific region.
-//
-// API reference: https://api.cloudflare.com/#speed-delete-scheduled-test
-func (api *API) DeleteObservatoryScheduledPageTest(ctx context.Context, rc *ResourceContainer, params DeleteObservatoryScheduledPageTestParams) (*int, error) {
-	if params.URL == "" {
-		return nil, ErrMissingObservatoryUrl
-	}
-	// cannot use buildURI because params.URL contains "/" that should be encoded and buildURI will double encode %2F into %252F
-	v, _ := query.Values(params)
-	uri := fmt.Sprintf("/zones/%s/speed_api/schedule/%s?%s", rc.Identifier, url.PathEscape(params.URL), v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r ObservatoryCountResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result.Count, nil
-}
diff --git a/pkg/cloudflare-go/observatory_test.go b/pkg/cloudflare-go/observatory_test.go
deleted file mode 100644
index fa897141d0..0000000000
--- a/pkg/cloudflare-go/observatory_test.go
+++ /dev/null
@@ -1,464 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var testURL = "example.com/a/b"
-var escapedTestURL = url.PathEscape(testURL)
-var region = "us-central1"
-var regionLabel = "Iowa, USA"
-var frequency = "DAILY"
-var observatoryTestID = "52cc96c9-b709-4ffe-9048-338853d3db46"
-var date = time.Now().UTC()
-
-var pageJSON = fmt.Sprintf(`
-{
-  "url": "%[1]s",
-  "region": {
-    "value": "%[2]s",
-    "label": "%[3]s"
-  },
-  "scheduleFrequency": "%[4]s",
-  "tests": [
-    {
-      "id": "%[5]s",
-      "date": "%[6]s",
-      "url": "%[1]s",
-      "scheduleFrequency": "%[4]s",
-      "region": {
-        "value": "%[2]s",
-        "label": "%[3]s"
-      },
-      "mobileReport": {
-        "performanceScore": 100,
-        "ttfb": 10,
-        "fcp": 10,
-        "lcp": 10,
-        "tti": 10,
-        "tbt": 10,
-        "si": 10,
-        "cls": 0.10,
-        "state": "COMPLETED",
-        "deviceType": "DESKTOP"
-      },
-      "desktopReport": {
-        "performanceScore": 100,
-        "ttfb": 10,
-        "fcp": 10,
-        "lcp": 10,
-        "tti": 10,
-        "tbt": 10,
-        "si": 10,
-        "cls": 0.10,
-        "state": "COMPLETED",
-        "deviceType": "DESKTOP"
-      }
-    }
-  ]
-}`, testURL, region, regionLabel, frequency, observatoryTestID, date.Format(time.RFC3339Nano))
-
-var scheduledPageTestJSON = fmt.Sprintf(`
-{
-  "schedule": {
-    "url": "%[1]s",
-    "region": "%[2]s",
-    "frequency": "%[3]s"
-  },
-  "test": %[4]s
-}
-`, testURL, region, frequency, pageTestJSON)
-
-var scheduleJSON = fmt.Sprintf(`
-{
-  "url": "%[1]s",
-  "region": "%[2]s",
-  "frequency": "%[3]s"
-}
-`, testURL, region, frequency)
-
-var pageTestJSON = fmt.Sprintf(`
-{
-  "id": "%[1]s",
-  "date": "%[2]s",
-  "url": "%[3]s",
-  "region": {
-    "value": "%[4]s",
-    "label": "%[5]s"
-  },
-  "scheduleFrequency": "%[6]s",
-  "mobileReport": %[7]s,
-  "desktopReport": %[7]s
-}`, observatoryTestID, date.Format(time.RFC3339Nano), testURL, region, regionLabel, frequency, reportJSON, reportJSON)
-
-var reportJSON = `
-{
-  "state": "COMPLETED",
-  "deviceType": "DESKTOP",
-  "performanceScore": 100,
-  "ttfb": 10,
-  "fcp": 10,
-  "lcp": 10,
-  "tti": 10,
-  "tbt": 10,
-  "si": 10,
-  "cls": 0.10
-}
-`
-
-var report = ObservatoryLighthouseReport{
-	PerformanceScore: 100,
-	State:            "COMPLETED",
-	DeviceType:       "DESKTOP",
-	TTFB:             10,
-	FCP:              10,
-	LCP:              10,
-	TTI:              10,
-	TBT:              10,
-	SI:               10,
-	CLS:              0.10,
-	Error:            nil,
-}
-
-var page = ObservatoryPage{
-	URL: testURL,
-	Region: labeledRegion{
-		Value: region,
-		Label: regionLabel,
-	},
-	ScheduleFrequency: frequency,
-	Tests: []ObservatoryPageTest{
-		pageTest,
-	},
-}
-var pageTest = ObservatoryPageTest{
-	ID:   observatoryTestID,
-	Date: &date,
-	URL:  testURL,
-	Region: labeledRegion{
-		Value: region,
-		Label: regionLabel,
-	},
-	ScheduleFrequency: &frequency,
-	MobileReport:      report,
-	DesktopReport:     report,
-}
-
-var scheduledPageTest = ObservatoryScheduledPageTest{
-	Schedule: ObservatorySchedule{
-		URL:       testURL,
-		Region:    region,
-		Frequency: frequency,
-	},
-	Test: pageTest,
-}
-
-var schedule = ObservatorySchedule{
-	URL:       testURL,
-	Region:    region,
-	Frequency: frequency,
-}
-
-func TestListObservatoryPages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages", r.URL.EscapedPath())
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, pageJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages", handler)
-	want := []ObservatoryPage{
-		page,
-	}
-	pages, err := client.ListObservatoryPages(context.Background(), ZoneIdentifier(testZoneID), ListObservatoryPagesParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, pages)
-	}
-}
-
-func TestObservatoryPageTrend(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "DESKTOP", r.URL.Query().Get("deviceType"))
-		assert.Equal(t, "America/Chicago", r.URL.Query().Get("tz"))
-		assert.Equal(t, "fcp,lcp", r.URL.Query().Get("metrics"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/trend", r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-			    "performanceScore": [null, 100],
-			    "ttfb": [null, 10],
-			    "fcp": [null, 10],
-			    "lcp": [null, 10],
-			    "tti": [null, 10],
-			    "tbt": [null, 10],
-			    "si": [null, 10],
-			    "cls": [null, 0.10]
-			  }
-			}
-		`)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/trend", handler)
-	want := ObservatoryPageTrend{
-		PerformanceScore: []*int{nil, IntPtr(100)},
-		TTFB:             []*int{nil, IntPtr(10)},
-		FCP:              []*int{nil, IntPtr(10)},
-		LCP:              []*int{nil, IntPtr(10)},
-		TTI:              []*int{nil, IntPtr(10)},
-		TBT:              []*int{nil, IntPtr(10)},
-		SI:               []*int{nil, IntPtr(10)},
-		CLS:              []*float64{nil, Float64Ptr(0.10)},
-	}
-	trend, err := client.GetObservatoryPageTrend(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryPageTrendParams{
-		URL:        testURL,
-		Region:     region,
-		DeviceType: "DESKTOP",
-		Start:      &date,
-		End:        &date,
-		Timezone:   "America/Chicago",
-		Metrics:    []string{"fcp,lcp"},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, trend)
-	}
-}
-
-func TestListObservatoryPageTests(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, region, r.URL.Query().Get("region"))
-		assert.Equal(t, "1", r.URL.Query().Get("page"))
-		assert.Equal(t, "10", r.URL.Query().Get("per_page"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [%s]
-			}
-		`, pageTestJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
-	want := []ObservatoryPageTest{
-		pageTest,
-	}
-	tests, _, err := client.ListObservatoryPageTests(context.Background(), ZoneIdentifier(testZoneID), ListObservatoryPageTestParams{
-		URL: testURL,
-		ResultInfo: ResultInfo{
-			Page:    1,
-			PerPage: 10,
-		},
-		Region: region,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, tests)
-	}
-}
-
-func TestCreateObservatoryPageTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		assert.NoError(t, err)
-		assert.True(t, strings.Contains(string(b), region))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, pageTestJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
-	want := pageTest
-	test, err := client.CreateObservatoryPageTest(context.Background(), ZoneIdentifier(testZoneID), CreateObservatoryPageTestParams{
-		URL: testURL,
-		Settings: CreateObservatoryPageTestSettings{
-			Region: region,
-		},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, test)
-	}
-}
-
-func TestDeleteObservatoryPageTests(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		assert.Equal(t, region, r.URL.Query().Get("region"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests", r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-                "count": 2
-              }
-			}
-		`)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests", handler)
-	want := 2
-	count, err := client.DeleteObservatoryPageTests(context.Background(), ZoneIdentifier(testZoneID), DeleteObservatoryPageTestsParams{
-		URL:    testURL,
-		Region: region,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, count)
-	}
-}
-
-func TestGetObservatoryPageTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/pages/"+escapedTestURL+"/tests/"+observatoryTestID, r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, pageTestJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/pages/"+testURL+"/tests/"+observatoryTestID, handler)
-	want := pageTest
-	test, err := client.GetObservatoryPageTest(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryPageTestParams{
-		TestID: observatoryTestID,
-		URL:    testURL,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, test)
-	}
-}
-
-func TestCreateObservatoryScheduledPageTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		assert.Equal(t, frequency, r.URL.Query().Get("frequency"))
-		assert.Equal(t, region, r.URL.Query().Get("region"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, scheduledPageTestJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
-	want := scheduledPageTest
-	pages, err := client.CreateObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), CreateObservatoryScheduledPageTestParams{
-		Frequency: frequency,
-		URL:       testURL,
-		Region:    region,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, pages)
-	}
-}
-
-func TestObservatoryScheduledPageTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, region, r.URL.Query().Get("region"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, scheduleJSON)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
-	want := schedule
-	schedule, err := client.GetObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), GetObservatoryScheduledPageTestParams{
-		URL:    testURL,
-		Region: region,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, schedule)
-	}
-}
-
-func TestDeleteObservatoryScheduledPageTest(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		assert.Equal(t, region, r.URL.Query().Get("region"))
-		assert.Equal(t, "/zones/"+testZoneID+"/speed_api/schedule/"+escapedTestURL, r.URL.EscapedPath())
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": { 
-                "count": 2
-              }
-			}
-		`)
-	}
-	mux.HandleFunc("/zones/"+testZoneID+"/speed_api/schedule/"+testURL, handler)
-	want := 2
-	count, err := client.DeleteObservatoryScheduledPageTest(context.Background(), ZoneIdentifier(testZoneID), DeleteObservatoryScheduledPageTestParams{
-		URL:    testURL,
-		Region: region,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, count)
-	}
-}
diff --git a/pkg/cloudflare-go/options.go b/pkg/cloudflare-go/options.go
deleted file mode 100644
index 0638a2d5c4..0000000000
--- a/pkg/cloudflare-go/options.go
+++ /dev/null
@@ -1,106 +0,0 @@
-package cloudflare
-
-import (
-	"net/http"
-	"time"
-
-	"golang.org/x/time/rate"
-)
-
-// Option is a functional option for configuring the API client.
-type Option func(*API) error
-
-// HTTPClient accepts a custom *http.Client for making API calls.
-func HTTPClient(client *http.Client) Option {
-	return func(api *API) error {
-		api.httpClient = client
-		return nil
-	}
-}
-
-// Headers allows you to set custom HTTP headers when making API calls (e.g. for
-// satisfying HTTP proxies, or for debugging).
-func Headers(headers http.Header) Option {
-	return func(api *API) error {
-		api.headers = headers
-		return nil
-	}
-}
-
-// UsingRateLimit applies a non-default rate limit to client API requests
-// If not specified the default of 4rps will be applied.
-func UsingRateLimit(rps float64) Option {
-	return func(api *API) error {
-		// because ratelimiter doesnt do any windowing
-		// setting burst makes it difficult to enforce a fixed rate
-		// so setting it equal to 1 this effectively disables bursting
-		// this doesn't check for sensible values, ultimately the api will enforce that the value is ok
-		api.rateLimiter = rate.NewLimiter(rate.Limit(rps), 1)
-		return nil
-	}
-}
-
-// UsingRetryPolicy applies a non-default number of retries and min/max retry delays
-// This will be used when the client exponentially backs off after errored requests.
-func UsingRetryPolicy(maxRetries int, minRetryDelaySecs int, maxRetryDelaySecs int) Option {
-	// seconds is very granular for a minimum delay - but this is only in case of failure
-	return func(api *API) error {
-		api.retryPolicy = RetryPolicy{
-			MaxRetries:    maxRetries,
-			MinRetryDelay: time.Duration(minRetryDelaySecs) * time.Second,
-			MaxRetryDelay: time.Duration(maxRetryDelaySecs) * time.Second,
-		}
-		return nil
-	}
-}
-
-// UsingLogger can be set if you want to get log output from this API instance
-// By default no log output is emitted.
-func UsingLogger(logger Logger) Option {
-	return func(api *API) error {
-		api.logger = logger
-		return nil
-	}
-}
-
-// UserAgent can be set if you want to send a software name and version for HTTP access logs.
-// It is recommended to set it in order to help future Customer Support diagnostics
-// and prevent collateral damage by sharing generic User-Agent string with abusive users.
-// E.g. "my-software/1.2.3". By default generic Go User-Agent is used.
-func UserAgent(userAgent string) Option {
-	return func(api *API) error {
-		api.UserAgent = userAgent
-		return nil
-	}
-}
-
-// BaseURL allows you to override the default HTTP base URL used for API calls.
-func BaseURL(baseURL string) Option {
-	return func(api *API) error {
-		api.BaseURL = baseURL
-		return nil
-	}
-}
-
-func Debug(debug bool) Option {
-	return func(api *API) error {
-		api.Debug = debug
-		return nil
-	}
-}
-
-// parseOptions parses the supplied options functions and returns a configured
-// *API instance.
-func (api *API) parseOptions(opts ...Option) error {
-	// Range over each options function and apply it to our API type to
-	// configure it. Options functions are applied in order, with any
-	// conflicting options overriding earlier calls.
-	for _, option := range opts {
-		err := option(api)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/origin_ca.go b/pkg/cloudflare-go/origin_ca.go
deleted file mode 100644
index ff8589a3c4..0000000000
--- a/pkg/cloudflare-go/origin_ca.go
+++ /dev/null
@@ -1,233 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// OriginCACertificate represents a Cloudflare-issued certificate.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ca
-type OriginCACertificate struct {
-	ID              string    `json:"id"`
-	Certificate     string    `json:"certificate"`
-	Hostnames       []string  `json:"hostnames"`
-	ExpiresOn       time.Time `json:"expires_on"`
-	RequestType     string    `json:"request_type"`
-	RequestValidity int       `json:"requested_validity"`
-	RevokedAt       time.Time `json:"revoked_at,omitempty"`
-	CSR             string    `json:"csr"`
-}
-
-type CreateOriginCertificateParams struct {
-	ID              string    `json:"id"`
-	Certificate     string    `json:"certificate"`
-	Hostnames       []string  `json:"hostnames"`
-	ExpiresOn       time.Time `json:"expires_on"`
-	RequestType     string    `json:"request_type"`
-	RequestValidity int       `json:"requested_validity"`
-	RevokedAt       time.Time `json:"revoked_at,omitempty"`
-	CSR             string    `json:"csr"`
-}
-
-// UnmarshalJSON handles custom parsing from an API response to an OriginCACertificate
-// http://choly.ca/post/go-json-marshalling/
-func (c *OriginCACertificate) UnmarshalJSON(data []byte) error {
-	type Alias OriginCACertificate
-
-	aux := &struct {
-		ExpiresOn string `json:"expires_on"`
-		*Alias
-	}{
-		Alias: (*Alias)(c),
-	}
-
-	var err error
-
-	if err = json.Unmarshal(data, &aux); err != nil {
-		return err
-	}
-
-	// This format comes from time.Time.String() source
-	c.ExpiresOn, err = time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", aux.ExpiresOn)
-
-	if err != nil {
-		c.ExpiresOn, err = time.Parse(time.RFC3339, aux.ExpiresOn)
-	}
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ListOriginCertificatesParams represents the parameters used to list
-// Cloudflare-issued certificates.
-type ListOriginCertificatesParams struct {
-	ZoneID string `url:"zone_id,omitempty"`
-}
-
-// OriginCACertificateID represents the ID of the revoked certificate from the Revoke Certificate endpoint.
-type OriginCACertificateID struct {
-	ID string `json:"id"`
-}
-
-// originCACertificateResponse represents the response from the Create Certificate and the Certificate Details endpoints.
-type originCACertificateResponse struct {
-	Response
-	Result OriginCACertificate `json:"result"`
-}
-
-// originCACertificateResponseList represents the response from the List Certificates endpoint.
-type originCACertificateResponseList struct {
-	Response
-	Result     []OriginCACertificate `json:"result"`
-	ResultInfo ResultInfo            `json:"result_info"`
-}
-
-// originCACertificateResponseRevoke represents the response from the Revoke Certificate endpoint.
-type originCACertificateResponseRevoke struct {
-	Response
-	Result OriginCACertificateID `json:"result"`
-}
-
-// CreateOriginCACertificate creates a Cloudflare-signed certificate.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ca-create-certificate
-func (api *API) CreateOriginCACertificate(ctx context.Context, params CreateOriginCertificateParams) (*OriginCACertificate, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPost, "/certificates", params)
-	if err != nil {
-		return &OriginCACertificate{}, err
-	}
-
-	var originResponse *originCACertificateResponse
-
-	err = json.Unmarshal(res, &originResponse)
-
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !originResponse.Success {
-		return nil, errors.New(errRequestNotSuccessful)
-	}
-
-	return &originResponse.Result, nil
-}
-
-// ListOriginCACertificates lists all Cloudflare-issued certificates.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ca-list-certificates
-func (api *API) ListOriginCACertificates(ctx context.Context, params ListOriginCertificatesParams) ([]OriginCACertificate, error) {
-	uri := buildURI("/certificates", params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	if err != nil {
-		return nil, err
-	}
-
-	var originResponse *originCACertificateResponseList
-
-	err = json.Unmarshal(res, &originResponse)
-
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !originResponse.Success {
-		return nil, errors.New(errRequestNotSuccessful)
-	}
-
-	return originResponse.Result, nil
-}
-
-// GetOriginCACertificate returns the details for a Cloudflare-issued
-// certificate.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ca-certificate-details
-func (api *API) GetOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificate, error) {
-	uri := fmt.Sprintf("/certificates/%s", certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	if err != nil {
-		return nil, err
-	}
-
-	var originResponse *originCACertificateResponse
-
-	err = json.Unmarshal(res, &originResponse)
-
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !originResponse.Success {
-		return nil, errors.New(errRequestNotSuccessful)
-	}
-
-	return &originResponse.Result, nil
-}
-
-// RevokeOriginCACertificate revokes a created certificate for a zone.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-ca-revoke-certificate
-func (api *API) RevokeOriginCACertificate(ctx context.Context, certificateID string) (*OriginCACertificateID, error) {
-	uri := fmt.Sprintf("/certificates/%s", certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return nil, err
-	}
-
-	var originResponse *originCACertificateResponseRevoke
-
-	err = json.Unmarshal(res, &originResponse)
-
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !originResponse.Success {
-		return nil, errors.New(errRequestNotSuccessful)
-	}
-
-	return &originResponse.Result, nil
-}
-
-// Gets the Cloudflare Origin CA Root Certificate for a given algorithm in PEM format.
-// Algorithm must be one of ['ecc', 'rsa'].
-func GetOriginCARootCertificate(algorithm string) ([]byte, error) {
-	var url string
-	switch algorithm {
-	case "ecc":
-		url = originCARootCertEccURL
-	case "rsa":
-		url = originCARootCertRsaURL
-	default:
-		return nil, fmt.Errorf("invalid algorithm: must be one of ['ecc', 'rsa']")
-	}
-
-	resp, err := http.Get(url) //nolint:gosec
-	if err != nil {
-		return nil, fmt.Errorf("HTTP request failed: %w", err)
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return nil, errors.New(errRequestNotSuccessful)
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return nil, fmt.Errorf("Response body could not be read: %w", err)
-	}
-
-	return body, nil
-}
diff --git a/pkg/cloudflare-go/origin_ca_test.go b/pkg/cloudflare-go/origin_ca_test.go
deleted file mode 100644
index df79ace0a2..0000000000
--- a/pkg/cloudflare-go/origin_ca_test.go
+++ /dev/null
@@ -1,259 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"encoding/pem"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	payloadTemplate = `{"expires_on":"%s"}`
-	unmarshalTime   = time.Now().UTC().Round(time.Second)
-)
-
-func TestOriginCA_UnmarshalRFC3339(t *testing.T) {
-	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.Format(time.RFC3339))
-
-	var cert OriginCACertificate
-	err := json.Unmarshal([]byte(payload), &cert)
-	if assert.NoError(t, err) {
-		assert.Equal(t, unmarshalTime, cert.ExpiresOn)
-	}
-}
-
-func TestOriginCA_UnmarshalString(t *testing.T) {
-	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.String())
-
-	var cert OriginCACertificate
-	err := json.Unmarshal([]byte(payload), &cert)
-	if assert.NoError(t, err) {
-		assert.Equal(t, unmarshalTime, cert.ExpiresOn)
-	}
-}
-
-func TestOriginCA_UnmarshalOther(t *testing.T) {
-	payload := fmt.Sprintf(payloadTemplate, unmarshalTime.Format(time.RFC1123))
-
-	var cert OriginCACertificate
-	err := json.Unmarshal([]byte(payload), &cert)
-	assert.Error(t, err)
-	assert.Equal(t, OriginCACertificate{}, cert)
-}
-
-func TestOriginCA_CreateOriginCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/certificates", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %ss", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "0x47530d8f561faa08",
-    "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-    "hostnames": [
-      "example.com",
-      "*.another.com"
-    ],
-    "expires_on": "2014-01-01T05:20:00.12345Z",
-    "request_type": "origin-rsa",
-    "requested_validity": 5475,
-    "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
-  }
-}`)
-	})
-
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	testCertificate := CreateOriginCertificateParams{
-		ID:              "0x47530d8f561faa08",
-		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-		Hostnames:       []string{"example.com", "*.another.com"},
-		ExpiresOn:       expiresOn,
-		RequestType:     "origin-rsa",
-		RequestValidity: 5475,
-		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
-	}
-
-	createdCertificate, err := client.CreateOriginCACertificate(context.Background(), testCertificate)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, &OriginCACertificate{
-			ID:              "0x47530d8f561faa08",
-			Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-			Hostnames:       []string{"example.com", "*.another.com"},
-			ExpiresOn:       expiresOn,
-			RequestType:     "origin-rsa",
-			RequestValidity: 5475,
-			CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
-		}, createdCertificate)
-	}
-}
-
-func TestOriginCA_OriginCertificates(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/certificates", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %ss", r.Method)
-		assert.Equal(t, testZoneID, r.URL.Query().Get("zone_id"), "Expected zone_id '', got %%s", testZoneID)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": "0x47530d8f561faa08",
-      "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-      "hostnames": [
-        "example.com",
-        "*.another.com"
-      ],
-      "expires_on": "2014-01-01T05:20:00.12345Z",
-      "request_type": "origin-rsa",
-      "requested_validity": 5475,
-      "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
-    }
-  ],
-  "result_info": {
-    "page": 1,
-    "per_page": 20,
-    "count": 1,
-    "total_count": 1
-  }
-}`)
-	})
-
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	testCertificate := OriginCACertificate{
-		ID:              "0x47530d8f561faa08",
-		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-		Hostnames:       []string{"example.com", "*.another.com"},
-		ExpiresOn:       expiresOn,
-		RequestType:     "origin-rsa",
-		RequestValidity: 5475,
-		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
-	}
-
-	certs, err := client.ListOriginCACertificates(context.Background(), ListOriginCertificatesParams{ZoneID: testZoneID})
-
-	if assert.NoError(t, err) {
-		assert.IsType(t, []OriginCACertificate{}, certs, "Expected type []OriginCACertificate and got %v", certs)
-		assert.Equal(t, certs[0], testCertificate)
-	}
-}
-
-func TestOriginCA_OriginCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/certificates/0x47530d8f561faa08", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %ss", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "0x47530d8f561faa08",
-    "certificate": "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-    "hostnames": [
-      "example.com",
-      "*.another.com"
-    ],
-    "expires_on": "2014-01-01T05:20:00.12345Z",
-    "request_type": "origin-rsa",
-    "requested_validity": 5475,
-    "revoked_at": "2014-01-02T05:20:00.12345Z",
-    "csr": "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----"
-  }
-}`)
-	})
-
-	expiresOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	revokedAt, _ := time.Parse(time.RFC3339, "2014-01-02T05:20:00.12345Z")
-
-	testCertificate := OriginCACertificate{
-		ID:              "0x47530d8f561faa08",
-		Certificate:     "-----BEGIN CERTIFICATE-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE-----",
-		Hostnames:       []string{"example.com", "*.another.com"},
-		ExpiresOn:       expiresOn,
-		RequestType:     "origin-rsa",
-		RequestValidity: 5475,
-		RevokedAt:       revokedAt,
-		CSR:             "-----BEGIN CERTIFICATE REQUEST-----MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNVBAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGlnaUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmowp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiIWDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZwIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPRBPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6DhJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpYQ4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO297Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=-----END CERTIFICATE REQUEST-----",
-	}
-
-	cert, err := client.GetOriginCACertificate(context.Background(), testCertificate.ID)
-
-	if assert.NoError(t, err) {
-		assert.IsType(t, &OriginCACertificate{}, cert, "Expected type &OriginCACertificate and got %v", cert)
-		assert.Equal(t, cert, &testCertificate)
-	}
-}
-
-func TestOriginCA_RevokeCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/certificates/0x47530d8f561faa08", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %ss", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "0x47530d8f561faa08"
-  }
-}`)
-	})
-
-	testCertificate := OriginCACertificateID{
-		ID: "0x47530d8f561faa08",
-	}
-
-	cert, err := client.RevokeOriginCACertificate(context.Background(), testCertificate.ID)
-
-	if assert.NoError(t, err) {
-		assert.IsType(t, &OriginCACertificateID{}, cert, "Expected type &OriginCACertificateID and got %v", cert)
-		assert.Equal(t, cert, &testCertificate)
-	}
-}
-
-func TestOriginCA_OriginCARootCertificate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	// This test intentionally hits the live endpoints to ensure these are
-	// - **active** (as they may change over time)
-	// - not subject to bot management
-	// - return the expected content (type)
-
-	algorithms := []string{"ecc", "rsa"}
-
-	for _, algorithm := range algorithms {
-		t.Logf("get origin CA root certificate for algorithm %s", algorithm)
-		rootCACert, err := GetOriginCARootCertificate(algorithm)
-
-		if assert.NoError(t, err) {
-			assert.NotNil(t, rootCACert)
-
-			// Asserts that the content returned is a PEM formatted certificate
-			p, _ := pem.Decode(rootCACert)
-			assert.NotNil(t, p)
-			assert.Equal(t, "CERTIFICATE", p.Type)
-		}
-	}
-}
diff --git a/pkg/cloudflare-go/page_rules.go b/pkg/cloudflare-go/page_rules.go
deleted file mode 100644
index c4fa391f50..0000000000
--- a/pkg/cloudflare-go/page_rules.go
+++ /dev/null
@@ -1,240 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// PageRuleTarget is the target to evaluate on a request.
-//
-// Currently Target must always be "url" and Operator must be "matches". Value
-// is the URL pattern to match against.
-type PageRuleTarget struct {
-	Target     string `json:"target"`
-	Constraint struct {
-		Operator string `json:"operator"`
-		Value    string `json:"value"`
-	} `json:"constraint"`
-}
-
-/*
-PageRuleAction is the action to take when the target is matched.
-
-Valid IDs are:
-
-	always_online
-	always_use_https
-	automatic_https_rewrites
-	browser_cache_ttl
-	browser_check
-	bypass_cache_on_cookie
-	cache_by_device_type
-	cache_deception_armor
-	cache_level
-	cache_key_fields
-	cache_on_cookie
-	disable_apps
-	disable_performance
-	disable_railgun
-	disable_security
-	edge_cache_ttl
-	email_obfuscation
-	explicit_cache_control
-	forwarding_url
-	host_header_override
-	ip_geolocation
-	minify
-	mirage
-	opportunistic_encryption
-	origin_error_page_pass_thru
-	polish
-	resolve_override
-	respect_strong_etag
-	response_buffering
-	rocket_loader
-	security_level
-	server_side_exclude
-	sort_query_string_for_cache
-	ssl
-	true_client_ip_header
-	waf
-*/
-type PageRuleAction struct {
-	ID    string      `json:"id"`
-	Value interface{} `json:"value"`
-}
-
-// PageRuleActions maps API action IDs to human-readable strings.
-var PageRuleActions = map[string]string{
-	"always_online":               "Always Online",               // Value of type string
-	"always_use_https":            "Always Use HTTPS",            // Value of type interface{}
-	"automatic_https_rewrites":    "Automatic HTTPS Rewrites",    // Value of type string
-	"browser_cache_ttl":           "Browser Cache TTL",           // Value of type int
-	"browser_check":               "Browser Integrity Check",     // Value of type string
-	"bypass_cache_on_cookie":      "Bypass Cache on Cookie",      // Value of type string
-	"cache_by_device_type":        "Cache By Device Type",        // Value of type string
-	"cache_deception_armor":       "Cache Deception Armor",       // Value of type string
-	"cache_level":                 "Cache Level",                 // Value of type string
-	"cache_key_fields":            "Custom Cache Key",            // Value of type map[string]interface
-	"cache_on_cookie":             "Cache On Cookie",             // Value of type string
-	"disable_apps":                "Disable Apps",                // Value of type interface{}
-	"disable_performance":         "Disable Performance",         // Value of type interface{}
-	"disable_railgun":             "Disable Railgun",             // Value of type string
-	"disable_security":            "Disable Security",            // Value of type interface{}
-	"edge_cache_ttl":              "Edge Cache TTL",              // Value of type int
-	"email_obfuscation":           "Email Obfuscation",           // Value of type string
-	"explicit_cache_control":      "Origin Cache Control",        // Value of type string
-	"forwarding_url":              "Forwarding URL",              // Value of type map[string]interface
-	"host_header_override":        "Host Header Override",        // Value of type string
-	"ip_geolocation":              "IP Geolocation Header",       // Value of type string
-	"minify":                      "Minify",                      // Value of type map[string]interface
-	"mirage":                      "Mirage",                      // Value of type string
-	"opportunistic_encryption":    "Opportunistic Encryption",    // Value of type string
-	"origin_error_page_pass_thru": "Origin Error Page Pass-thru", // Value of type string
-	"polish":                      "Polish",                      // Value of type string
-	"resolve_override":            "Resolve Override",            // Value of type string
-	"respect_strong_etag":         "Respect Strong ETags",        // Value of type string
-	"response_buffering":          "Response Buffering",          // Value of type string
-	"rocket_loader":               "Rocker Loader",               // Value of type string
-	"security_level":              "Security Level",              // Value of type string
-	"server_side_exclude":         "Server Side Excludes",        // Value of type string
-	"sort_query_string_for_cache": "Query String Sort",           // Value of type string
-	"ssl":                         "SSL",                         // Value of type string
-	"true_client_ip_header":       "True Client IP Header",       // Value of type string
-	"waf":                         "Web Application Firewall",    // Value of type string
-}
-
-// PageRule describes a Page Rule.
-type PageRule struct {
-	ID         string           `json:"id,omitempty"`
-	Targets    []PageRuleTarget `json:"targets"`
-	Actions    []PageRuleAction `json:"actions"`
-	Priority   int              `json:"priority"`
-	Status     string           `json:"status"`
-	ModifiedOn time.Time        `json:"modified_on,omitempty"`
-	CreatedOn  time.Time        `json:"created_on,omitempty"`
-}
-
-// PageRuleDetailResponse is the API response, containing a single PageRule.
-type PageRuleDetailResponse struct {
-	Success  bool     `json:"success"`
-	Errors   []string `json:"errors"`
-	Messages []string `json:"messages"`
-	Result   PageRule `json:"result"`
-}
-
-// PageRulesResponse is the API response, containing an array of PageRules.
-type PageRulesResponse struct {
-	Success  bool       `json:"success"`
-	Errors   []string   `json:"errors"`
-	Messages []string   `json:"messages"`
-	Result   []PageRule `json:"result"`
-}
-
-// CreatePageRule creates a new Page Rule for a zone.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-create-a-page-rule
-func (api *API) CreatePageRule(ctx context.Context, zoneID string, rule PageRule) (*PageRule, error) {
-	uri := fmt.Sprintf("/zones/%s/pagerules", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
-	if err != nil {
-		return nil, err
-	}
-	var r PageRuleDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-// ListPageRules returns all Page Rules for a zone.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-list-page-rules
-func (api *API) ListPageRules(ctx context.Context, zoneID string) ([]PageRule, error) {
-	uri := fmt.Sprintf("/zones/%s/pagerules", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PageRule{}, err
-	}
-	var r PageRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []PageRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// PageRule fetches detail about one Page Rule for a zone.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-page-rule-details
-func (api *API) PageRule(ctx context.Context, zoneID, ruleID string) (PageRule, error) {
-	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PageRule{}, err
-	}
-	var r PageRuleDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PageRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ChangePageRule lets you change individual settings for a Page Rule. This is
-// in contrast to UpdatePageRule which replaces the entire Page Rule.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-change-a-page-rule
-func (api *API) ChangePageRule(ctx context.Context, zoneID, ruleID string, rule PageRule) error {
-	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, rule)
-	if err != nil {
-		return err
-	}
-	var r PageRuleDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// UpdatePageRule lets you replace a Page Rule. This is in contrast to
-// ChangePageRule which lets you change individual settings.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-update-a-page-rule
-func (api *API) UpdatePageRule(ctx context.Context, zoneID, ruleID string, rule PageRule) error {
-	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
-	if err != nil {
-		return err
-	}
-	var r PageRuleDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// DeletePageRule deletes a Page Rule for a zone.
-//
-// API reference: https://api.cloudflare.com/#page-rules-for-a-zone-delete-a-page-rule
-func (api *API) DeletePageRule(ctx context.Context, zoneID, ruleID string) error {
-	uri := fmt.Sprintf("/zones/%s/pagerules/%s", zoneID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r PageRuleDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/page_rules_example_test.go b/pkg/cloudflare-go/page_rules_example_test.go
deleted file mode 100644
index 182f8c93b5..0000000000
--- a/pkg/cloudflare-go/page_rules_example_test.go
+++ /dev/null
@@ -1,110 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-var exampleNewPageRule = cloudflare.PageRule{
-	Actions: []cloudflare.PageRuleAction{
-		{
-			ID:    "always_online",
-			Value: "on",
-		},
-		{
-			ID:    "ssl",
-			Value: "flexible",
-		},
-	},
-	Targets: []cloudflare.PageRuleTarget{
-		{
-			Target: "url",
-			Constraint: struct {
-				Operator string "json:\"operator\""
-				Value    string "json:\"value\""
-			}{Operator: "matches", Value: fmt.Sprintf("example.%s", domain)},
-		},
-	},
-	Priority: 1,
-	Status:   "active",
-}
-
-func ExampleAPI_CreatePageRule() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	pageRule, err := api.CreatePageRule(context.Background(), zoneID, exampleNewPageRule)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", pageRule)
-}
-
-func ExampleAPI_ListPageRules() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	pageRules, err := api.ListPageRules(context.Background(), zoneID)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", pageRules)
-	for _, r := range pageRules {
-		fmt.Printf("%+v\n", r)
-	}
-}
-
-func ExampleAPI_PageRule() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	pageRules, err := api.PageRule(context.Background(), zoneID, "my_page_rule_id")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", pageRules)
-}
-
-func ExampleAPI_DeletePageRule() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	err = api.DeletePageRule(context.Background(), zoneID, "my_page_rule_id")
-	if err != nil {
-		log.Fatal(err)
-	}
-}
diff --git a/pkg/cloudflare-go/page_rules_test.go b/pkg/cloudflare-go/page_rules_test.go
deleted file mode 100644
index fd7a1fd45a..0000000000
--- a/pkg/cloudflare-go/page_rules_test.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	pageRuleID                = "15dae2fc158942f2adb1dd2a3d4273bc"
-	serverPageRuleDescription = `{
-    "id": "%s",
-    "targets": [
-      {
-        "target": "url",
-        "constraint": {
-          "operator": "matches",
-          "value": "example.%s"
-        }
-      }
-    ],
-    "actions": [
-      {
-        "id": "always_online",
-        "value": "on"
-      },
-      {
-        "id": "ssl",
-        "value": "flexible"
-      }
-    ],
-    "priority": 1,
-    "status": "active",
-    "created_on": "%[3]s",
-    "modified_on": "%[3]s"
-  }
-`
-)
-
-var testTimestamp = time.Now().UTC()
-var expectedPageRuleStruct = PageRule{
-	ID: pageRuleID,
-	Actions: []PageRuleAction{
-		{
-			ID:    "always_online",
-			Value: "on",
-		},
-		{
-			ID:    "ssl",
-			Value: "flexible",
-		},
-	},
-	Targets: []PageRuleTarget{
-		{
-			Target: "url",
-			Constraint: struct {
-				Operator string "json:\"operator\""
-				Value    string "json:\"value\""
-			}{Operator: "matches", Value: fmt.Sprintf("example.%s", testZoneID)},
-		},
-	},
-	Priority:   1,
-	Status:     "active",
-	CreatedOn:  testTimestamp,
-	ModifiedOn: testTimestamp,
-}
-
-func TestListPageRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 1,
-			"per_page": 25,
-			"count": 1,
-			"total_count": 1
-		  }
-		}
-		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/pagerules", handler)
-	want := []PageRule{expectedPageRuleStruct}
-
-	actual, err := client.ListPageRules(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetPageRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/pagerules/"+pageRuleID, handler)
-	want := expectedPageRuleStruct
-
-	actual, err := client.PageRule(context.Background(), testZoneID, pageRuleID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreatePageRule(t *testing.T) {
-	setup()
-	defer teardown()
-	newPageRule := PageRule{
-		Actions: []PageRuleAction{
-			{
-				ID:    "always_online",
-				Value: "on",
-			},
-			{
-				ID:    "ssl",
-				Value: "flexible",
-			},
-		},
-		Targets: []PageRuleTarget{
-			{
-				Target: "url",
-				Constraint: struct {
-					Operator string "json:\"operator\""
-					Value    string "json:\"value\""
-				}{Operator: "matches", Value: fmt.Sprintf("example.%s", testZoneID)},
-			},
-		},
-		Priority: 1,
-		Status:   "active",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, fmt.Sprintf(serverPageRuleDescription, pageRuleID, testZoneID, testTimestamp.Format(time.RFC3339Nano)))
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/pagerules", handler)
-	want := &expectedPageRuleStruct
-
-	actual, err := client.CreatePageRule(context.Background(), testZoneID, newPageRule)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeletePageRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/pagerules/"+pageRuleID, handler)
-
-	err := client.DeletePageRule(context.Background(), testZoneID, pageRuleID)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/page_shield.go b/pkg/cloudflare-go/page_shield.go
deleted file mode 100644
index d05c949722..0000000000
--- a/pkg/cloudflare-go/page_shield.go
+++ /dev/null
@@ -1,76 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// PageShield represents the page shield object minus any timestamps.
-type PageShield struct {
-	Enabled                        *bool `json:"enabled,omitempty"`
-	UseCloudflareReportingEndpoint *bool `json:"use_cloudflare_reporting_endpoint,omitempty"`
-	UseConnectionURLPath           *bool `json:"use_connection_url_path,omitempty"`
-}
-
-type UpdatePageShieldSettingsParams struct {
-	Enabled                        *bool `json:"enabled,omitempty"`
-	UseCloudflareReportingEndpoint *bool `json:"use_cloudflare_reporting_endpoint,omitempty"`
-	UseConnectionURLPath           *bool `json:"use_connection_url_path,omitempty"`
-}
-
-// PageShieldSettings represents the page shield settings for a zone.
-type PageShieldSettings struct {
-	PageShield
-	UpdatedAt string `json:"updated_at"`
-}
-
-// PageShieldSettingsResponse represents the response from the page shield settings endpoint.
-type PageShieldSettingsResponse struct {
-	PageShield PageShieldSettings `json:"result"`
-	Response
-}
-
-type GetPageShieldSettingsParams struct{}
-
-// GetPageShieldSettings returns the page shield settings for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-page-shield-settings
-func (api *API) GetPageShieldSettings(ctx context.Context, rc *ResourceContainer, params GetPageShieldSettingsParams) (*PageShieldSettingsResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/page_shield", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldSettingsResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
-
-// UpdatePageShieldSettings updates the page shield settings for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-update-page-shield-settings
-func (api *API) UpdatePageShieldSettings(ctx context.Context, rc *ResourceContainer, params UpdatePageShieldSettingsParams) (*PageShieldSettingsResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/page_shield", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldSettingsResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
diff --git a/pkg/cloudflare-go/page_shield_connections.go b/pkg/cloudflare-go/page_shield_connections.go
deleted file mode 100644
index 9046512769..0000000000
--- a/pkg/cloudflare-go/page_shield_connections.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// ListPageShieldConnectionsParams represents parameters for a page shield connection request.
-type ListPageShieldConnectionsParams struct {
-	Direction           string `url:"direction"`
-	ExcludeCdnCgi       *bool  `url:"exclude_cdn_cgi,omitempty"`
-	ExcludeUrls         string `url:"exclude_urls"`
-	Export              string `url:"export"`
-	Hosts               string `url:"hosts"`
-	OrderBy             string `url:"order_by"`
-	Page                string `url:"page"`
-	PageURL             string `url:"page_url"`
-	PerPage             int    `url:"per_page"`
-	PrioritizeMalicious *bool  `url:"prioritize_malicious,omitempty"`
-	Status              string `url:"status"`
-	URLs                string `url:"urls"`
-}
-
-// PageShieldConnection represents a page shield connection.
-type PageShieldConnection struct {
-	AddedAt                 string   `json:"added_at"`
-	DomainReportedMalicious *bool    `json:"domain_reported_malicious,omitempty"`
-	FirstPageURL            string   `json:"first_page_url"`
-	FirstSeenAt             string   `json:"first_seen_at"`
-	Host                    string   `json:"host"`
-	ID                      string   `json:"id"`
-	LastSeenAt              string   `json:"last_seen_at"`
-	PageURLs                []string `json:"page_urls"`
-	URL                     string   `json:"url"`
-	URLContainsCdnCgiPath   *bool    `json:"url_contains_cdn_cgi_path,omitempty"`
-}
-
-// ListPageShieldConnectionsResponse represents the response from the list page shield connections endpoint.
-type ListPageShieldConnectionsResponse struct {
-	Result []PageShieldConnection `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// ListPageShieldConnections lists all page shield connections for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-connections
-func (api *API) ListPageShieldConnections(ctx context.Context, rc *ResourceContainer, params ListPageShieldConnectionsParams) ([]PageShieldConnection, ResultInfo, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/connections", rc.Identifier)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var psResponse ListPageShieldConnectionsResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return psResponse.Result, psResponse.ResultInfo, nil
-}
-
-// GetPageShieldConnection gets a page shield connection for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-a-page-shield-connection
-func (api *API) GetPageShieldConnection(ctx context.Context, rc *ResourceContainer, connectionID string) (*PageShieldConnection, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/connections/%s", rc.Identifier, connectionID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldConnection
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
diff --git a/pkg/cloudflare-go/page_shield_connections_test.go b/pkg/cloudflare-go/page_shield_connections_test.go
deleted file mode 100644
index 42e78cc631..0000000000
--- a/pkg/cloudflare-go/page_shield_connections_test.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-// Mock data for PageShieldConnections.
-var mockPageShieldConnections = []PageShieldConnection{
-	{
-		AddedAt:                 "2021-08-18T10:51:10.09615Z",
-		DomainReportedMalicious: BoolPtr(false),
-		FirstPageURL:            "blog.cloudflare.com/page",
-		FirstSeenAt:             "2021-08-18T10:51:08Z",
-		Host:                    "blog.cloudflare.com",
-		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
-		LastSeenAt:              "2021-09-02T09:57:54Z",
-		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
-		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
-		URLContainsCdnCgiPath:   BoolPtr(false),
-	},
-	{
-		AddedAt:                 "2021-09-18T10:51:10.09615Z",
-		DomainReportedMalicious: BoolPtr(false),
-		FirstPageURL:            "blog.cloudflare.com/page02",
-		FirstSeenAt:             "2021-08-18T10:51:08Z",
-		Host:                    "blog.cloudflare.com",
-		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
-		LastSeenAt:              "2021-09-02T09:57:54Z",
-		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
-		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
-		URLContainsCdnCgiPath:   BoolPtr(false),
-	},
-	{
-		AddedAt:                 "2021-10-18T10:51:10.09615Z",
-		DomainReportedMalicious: BoolPtr(false),
-		FirstPageURL:            "blog.cloudflare.com/page03",
-		FirstSeenAt:             "2021-08-18T10:51:08Z",
-		Host:                    "blog.cloudflare.com",
-		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
-		LastSeenAt:              "2021-09-02T09:57:54Z",
-		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
-		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
-		URLContainsCdnCgiPath:   BoolPtr(false),
-	},
-}
-
-func TestListPageShieldConnections(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/connections", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := ListPageShieldConnectionsResponse{
-			Result: mockPageShieldConnections,
-		}
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, _, err := client.ListPageShieldConnections(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldConnectionsParams{})
-	assert.NoError(t, err)
-	assert.Equal(t, mockPageShieldConnections, result)
-}
-
-func TestGetPageShieldConnection(t *testing.T) {
-	setup()
-	defer teardown()
-
-	connectionID := "c9ef84a6bf5e47138c75d95e2f933e8f" //nolint
-	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/connections/%s", connectionID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := mockPageShieldConnections[0] // Assuming it's the first mock connection
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, err := client.GetPageShieldConnection(context.Background(), ZoneIdentifier(testZoneID), connectionID)
-	assert.NoError(t, err)
-	assert.Equal(t, &mockPageShieldConnections[0], result)
-}
diff --git a/pkg/cloudflare-go/page_shield_policies.go b/pkg/cloudflare-go/page_shield_policies.go
deleted file mode 100644
index 29ce64ad0e..0000000000
--- a/pkg/cloudflare-go/page_shield_policies.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// PageShieldPolicy represents a page shield policy.
-type PageShieldPolicy struct {
-	Action      string `json:"action"`
-	Description string `json:"description"`
-	Enabled     *bool  `json:"enabled,omitempty"`
-	Expression  string `json:"expression"`
-	ID          string `json:"id"`
-	Value       string `json:"value"`
-}
-
-type CreatePageShieldPolicyParams struct {
-	Action      string `json:"action"`
-	Description string `json:"description"`
-	Enabled     *bool  `json:"enabled,omitempty"`
-	Expression  string `json:"expression"`
-	ID          string `json:"id"`
-	Value       string `json:"value"`
-}
-
-type UpdatePageShieldPolicyParams struct {
-	Action      string `json:"action"`
-	Description string `json:"description"`
-	Enabled     *bool  `json:"enabled,omitempty"`
-	Expression  string `json:"expression"`
-	ID          string `json:"id"`
-	Value       string `json:"value"`
-}
-
-// ListPageShieldPoliciesResponse represents the response from the list page shield policies endpoint.
-type ListPageShieldPoliciesResponse struct {
-	Result []PageShieldPolicy `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type ListPageShieldPoliciesParams struct{}
-
-// ListPageShieldPolicies lists all page shield policies for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-policies
-func (api *API) ListPageShieldPolicies(ctx context.Context, rc *ResourceContainer, params ListPageShieldPoliciesParams) ([]PageShieldPolicy, ResultInfo, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/policies", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var psResponse ListPageShieldPoliciesResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return psResponse.Result, psResponse.ResultInfo, nil
-}
-
-// CreatePageShieldPolicy creates a page shield policy for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-create-page-shield-policy
-func (api *API) CreatePageShieldPolicy(ctx context.Context, rc *ResourceContainer, params CreatePageShieldPolicyParams) (*PageShieldPolicy, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/policies", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, path, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldPolicy
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
-
-// DeletePageShieldPolicy deletes a page shield policy for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-delete-page-shield-policy
-func (api *API) DeletePageShieldPolicy(ctx context.Context, rc *ResourceContainer, policyID string) error {
-	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, policyID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, path, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// GetPageShieldPolicy gets a page shield policy for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-get-page-shield-policy
-func (api *API) GetPageShieldPolicy(ctx context.Context, rc *ResourceContainer, policyID string) (*PageShieldPolicy, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, policyID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldPolicy
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
-
-// UpdatePageShieldPolicy updates a page shield policy for a zone.
-//
-// API documentation: https://developers.cloudflare.com/api/operations/page-shield-update-page-shield-policy
-func (api *API) UpdatePageShieldPolicy(ctx context.Context, rc *ResourceContainer, params UpdatePageShieldPolicyParams) (*PageShieldPolicy, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/policies/%s", rc.Identifier, params.ID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, path, params)
-	if err != nil {
-		return nil, err
-	}
-
-	var psResponse PageShieldPolicy
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse, nil
-}
diff --git a/pkg/cloudflare-go/page_shield_policies_test.go b/pkg/cloudflare-go/page_shield_policies_test.go
deleted file mode 100644
index 239c4639d0..0000000000
--- a/pkg/cloudflare-go/page_shield_policies_test.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-var mockPageShieldPolicies = []PageShieldPolicy{
-	{
-		Action:      "allow",
-		Description: "Checkout page CSP policy",
-		Enabled:     BoolPtr(true),
-		Expression:  "ends_with(http.request.uri.path, \"/checkout\")",
-		ID:          "c9ef84a6bf5e47138c75d95e2f933e8f",
-		Value:       "script-src 'none';",
-	},
-	{
-		Action:      "allow",
-		Description: "Checkout page CSP policy",
-		Enabled:     BoolPtr(true),
-		Expression:  "ends_with(http.request.uri.path, \"/login\")",
-		ID:          "c9ef84a6bf5e47138c75d95e2f933e82",
-		Value:       "script-src 'none';",
-	},
-	{
-		Action:      "allow",
-		Description: "Checkout page CSP policy",
-		Enabled:     BoolPtr(true),
-		Expression:  "ends_with(http.request.uri.path, \"/logout\")",
-		ID:          "c9ef84a6bf5e47138c75d95e2f933e83",
-		Value:       "script-src 'none';",
-	},
-}
-
-func TestListPageShieldPolicies(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/policies", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := ListPageShieldPoliciesResponse{
-			Result: mockPageShieldPolicies,
-		}
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, _, err := client.ListPageShieldPolicies(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldPoliciesParams{})
-	assert.NoError(t, err)
-	assert.Equal(t, mockPageShieldPolicies, result)
-}
-
-func TestCreatePageShieldPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/policies", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		var params PageShieldPolicy
-		err := json.NewDecoder(r.Body).Decode(&params)
-		assert.NoError(t, err)
-		params.ID = "newPolicyID"
-		err = json.NewEncoder(w).Encode(params)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	newPolicy := CreatePageShieldPolicyParams{
-		Action:      "block",
-		Description: "New policy",
-		Enabled:     BoolPtr(true),
-		Expression:  "ends_with(http.request.uri.path, \"/new\")",
-		Value:       "script-src 'self';",
-	}
-	result, err := client.CreatePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), newPolicy)
-	assert.NoError(t, err)
-	assert.Equal(t, "newPolicyID", result.ID)
-}
-
-func TestDeletePageShieldPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
-	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.WriteHeader(http.StatusOK) // Assuming successful deletion returns 200 OK
-	})
-	err := client.DeletePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), policyID)
-	assert.NoError(t, err)
-}
-
-func TestGetPageShieldPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
-	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		err := json.NewEncoder(w).Encode(mockPageShieldPolicies[0]) // Assuming the first mock policy
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, err := client.GetPageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), policyID)
-	assert.NoError(t, err)
-	assert.Equal(t, &mockPageShieldPolicies[0], result)
-}
-
-func TestUpdatePageShieldPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	policyID := "c9ef84a6bf5e47138c75d95e2f933e8f"
-	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/policies/%s", policyID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var params PageShieldPolicy
-		err := json.NewDecoder(r.Body).Decode(&params)
-		assert.NoError(t, err)
-		params.ID = policyID
-		err = json.NewEncoder(w).Encode(params)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	updatedPolicy := UpdatePageShieldPolicyParams{
-		ID:          policyID,
-		Action:      "block",
-		Description: "Updated policy",
-		Enabled:     BoolPtr(false),
-		Expression:  "ends_with(http.request.uri.path, \"/updated\")",
-		Value:       "script-src 'self';",
-	}
-	result, err := client.UpdatePageShieldPolicy(context.Background(), ZoneIdentifier(testZoneID), updatedPolicy)
-	assert.NoError(t, err)
-	assert.Equal(t, policyID, result.ID)
-	assert.Equal(t, "Updated policy", result.Description)
-}
diff --git a/pkg/cloudflare-go/page_shield_scripts.go b/pkg/cloudflare-go/page_shield_scripts.go
deleted file mode 100644
index 09559b59f9..0000000000
--- a/pkg/cloudflare-go/page_shield_scripts.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// PageShieldScript represents a Page Shield script.
-type PageShieldScript struct {
-	AddedAt                 string   `json:"added_at"`
-	DomainReportedMalicious *bool    `json:"domain_reported_malicious,omitempty"`
-	FetchedAt               string   `json:"fetched_at"`
-	FirstPageURL            string   `json:"first_page_url"`
-	FirstSeenAt             string   `json:"first_seen_at"`
-	Hash                    string   `json:"hash"`
-	Host                    string   `json:"host"`
-	ID                      string   `json:"id"`
-	JSIntegrityScore        int      `json:"js_integrity_score"`
-	LastSeenAt              string   `json:"last_seen_at"`
-	PageURLs                []string `json:"page_urls"`
-	URL                     string   `json:"url"`
-	URLContainsCdnCgiPath   *bool    `json:"url_contains_cdn_cgi_path,omitempty"`
-}
-
-// ListPageShieldScriptsParams represents a PageShield Script request parameters.
-//
-// API reference: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-scripts#Query-Parameters
-type ListPageShieldScriptsParams struct {
-	Direction           string `url:"direction"`
-	ExcludeCdnCgi       *bool  `url:"exclude_cdn_cgi,omitempty"`
-	ExcludeDuplicates   *bool  `url:"exclude_duplicates,omitempty"`
-	ExcludeUrls         string `url:"exclude_urls"`
-	Export              string `url:"export"`
-	Hosts               string `url:"hosts"`
-	OrderBy             string `url:"order_by"`
-	Page                string `url:"page"`
-	PageURL             string `url:"page_url"`
-	PerPage             int    `url:"per_page"`
-	PrioritizeMalicious *bool  `url:"prioritize_malicious,omitempty"`
-	Status              string `url:"status"`
-	URLs                string `url:"urls"`
-}
-
-// PageShieldScriptsResponse represents the response from the PageShield Script API.
-type PageShieldScriptsResponse struct {
-	Results []PageShieldScript `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// PageShieldScriptResponse represents the response from the PageShield Script API.
-type PageShieldScriptResponse struct {
-	Result   PageShieldScript          `json:"result"`
-	Versions []PageShieldScriptVersion `json:"versions"`
-}
-
-// PageShieldScriptVersion represents a Page Shield script version.
-type PageShieldScriptVersion struct {
-	FetchedAt        string `json:"fetched_at"`
-	Hash             string `json:"hash"`
-	JSIntegrityScore int    `json:"js_integrity_score"`
-}
-
-// ListPageShieldScripts returns a list of PageShield Scripts.
-//
-// API reference: https://developers.cloudflare.com/api/operations/page-shield-list-page-shield-scripts
-func (api *API) ListPageShieldScripts(ctx context.Context, rc *ResourceContainer, params ListPageShieldScriptsParams) ([]PageShieldScript, ResultInfo, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/scripts", rc.Identifier)
-
-	uri := buildURI(path, params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, ResultInfo{}, err
-	}
-
-	var psResponse PageShieldScriptsResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return psResponse.Results, psResponse.ResultInfo, nil
-}
-
-// GetPageShieldScript returns a PageShield Script.
-//
-// API reference: https://developers.cloudflare.com/api/operations/page-shield-get-a-page-shield-script
-func (api *API) GetPageShieldScript(ctx context.Context, rc *ResourceContainer, scriptID string) (*PageShieldScript, []PageShieldScriptVersion, error) {
-	path := fmt.Sprintf("/zones/%s/page_shield/scripts/%s", rc.Identifier, scriptID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	var psResponse PageShieldScriptResponse
-	err = json.Unmarshal(res, &psResponse)
-	if err != nil {
-		return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &psResponse.Result, psResponse.Versions, nil
-}
diff --git a/pkg/cloudflare-go/page_shield_scripts_test.go b/pkg/cloudflare-go/page_shield_scripts_test.go
deleted file mode 100644
index d6d430dcdc..0000000000
--- a/pkg/cloudflare-go/page_shield_scripts_test.go
+++ /dev/null
@@ -1,78 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-var mockPageShieldScripts = []PageShieldScript{
-	{
-		AddedAt:                 "2021-08-18T10:51:10.09615Z",
-		DomainReportedMalicious: BoolPtr(false),
-		FetchedAt:               "2021-09-02T10:17:54Z",
-		FirstPageURL:            "blog.cloudflare.com/page",
-		FirstSeenAt:             "2021-08-18T10:51:08Z",
-		Hash:                    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-		Host:                    "blog.cloudflare.com",
-		ID:                      "c9ef84a6bf5e47138c75d95e2f933e8f",
-		JSIntegrityScore:        10,
-		LastSeenAt:              "2021-09-02T09:57:54Z",
-		PageURLs:                []string{"blog.cloudflare.com/page1", "blog.cloudflare.com/page2"},
-		URL:                     "https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.6.0/js/bootstrap.min.js",
-		URLContainsCdnCgiPath:   BoolPtr(false),
-	},
-}
-
-var mockVersions = []PageShieldScriptVersion{
-	{
-		FetchedAt:        "2021-09-02T10:17:54Z",
-		Hash:             "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-		JSIntegrityScore: 10,
-	},
-}
-
-func TestListPageShieldScripts(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield/scripts", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := PageShieldScriptsResponse{Results: mockPageShieldScripts}
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, _, err := client.ListPageShieldScripts(context.Background(), ZoneIdentifier(testZoneID), ListPageShieldScriptsParams{})
-	assert.NoError(t, err)
-	assert.Equal(t, mockPageShieldScripts, result)
-}
-
-func TestGetPageShieldScript(t *testing.T) {
-	setup()
-	defer teardown()
-
-	scriptID := "c9ef84a6bf5e47138c75d95e2f933e8f"
-	mux.HandleFunc(fmt.Sprintf("/zones/"+testZoneID+"/page_shield/scripts/%s", scriptID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := PageShieldScriptResponse{
-			Result:   mockPageShieldScripts[0],
-			Versions: mockVersions,
-		}
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-	result, versions, err := client.GetPageShieldScript(context.Background(), ZoneIdentifier(testZoneID), scriptID)
-	assert.NoError(t, err)
-	assert.Equal(t, &mockPageShieldScripts[0], result)
-	assert.Equal(t, mockVersions, versions)
-}
diff --git a/pkg/cloudflare-go/page_shield_test.go b/pkg/cloudflare-go/page_shield_test.go
deleted file mode 100644
index a41e51e221..0000000000
--- a/pkg/cloudflare-go/page_shield_test.go
+++ /dev/null
@@ -1,77 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-// Mock PageShieldSettings data.
-var mockPageShieldSettings = PageShieldSettings{
-	PageShield: PageShield{
-		Enabled:                        BoolPtr(true),
-		UseCloudflareReportingEndpoint: BoolPtr(true),
-		UseConnectionURLPath:           BoolPtr(true),
-	},
-	UpdatedAt: "2022-10-12T17:56:52.083582+01:00",
-}
-
-func TestGetPageShieldSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		response := PageShieldSettingsResponse{
-			PageShield: mockPageShieldSettings,
-		}
-		err := json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	result, err := client.GetPageShieldSettings(context.Background(), ZoneIdentifier(testZoneID), GetPageShieldSettingsParams{})
-	assert.NoError(t, err)
-	assert.Equal(t, &PageShieldSettingsResponse{PageShield: mockPageShieldSettings}, result)
-}
-
-func TestUpdatePageShieldSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/page_shield", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-
-		var params PageShield
-		err := json.NewDecoder(r.Body).Decode(&params)
-		assert.NoError(t, err)
-
-		response := PageShieldSettingsResponse{
-			PageShield: PageShieldSettings{
-				PageShield: params,
-				UpdatedAt:  "2022-10-13T10:00:00.000Z",
-			},
-		}
-		err = json.NewEncoder(w).Encode(response)
-		if err != nil {
-			t.Fatal(err)
-		}
-	})
-
-	newSettings := UpdatePageShieldSettingsParams{
-		Enabled:                        BoolPtr(false),
-		UseCloudflareReportingEndpoint: BoolPtr(false),
-		UseConnectionURLPath:           BoolPtr(false),
-	}
-	result, err := client.UpdatePageShieldSettings(context.Background(), ZoneIdentifier(testZoneID), newSettings)
-	assert.NoError(t, err)
-	assert.Equal(t, false, *result.PageShield.Enabled)
-	assert.Equal(t, false, *result.PageShield.UseCloudflareReportingEndpoint)
-	assert.Equal(t, false, *result.PageShield.UseConnectionURLPath)
-}
diff --git a/pkg/cloudflare-go/pages_deployment.go b/pkg/cloudflare-go/pages_deployment.go
deleted file mode 100644
index b81a2c1b77..0000000000
--- a/pkg/cloudflare-go/pages_deployment.go
+++ /dev/null
@@ -1,343 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// SizeOptions can be passed to a list request to configure size and cursor location.
-// These values will be defaulted if omitted.
-//
-// This should be swapped to ResultInfoCursors once the types are corrected.
-type SizeOptions struct {
-	Size   int  `json:"size,omitempty" url:"size,omitempty"`
-	Before *int `json:"before,omitempty" url:"before,omitempty"`
-	After  *int `json:"after,omitempty" url:"after,omitempty"`
-}
-
-// PagesDeploymentStageLogs represents the logs for a Pages deployment stage.
-type PagesDeploymentStageLogs struct {
-	Name      string                         `json:"name"`
-	StartedOn *time.Time                     `json:"started_on"`
-	EndedOn   *time.Time                     `json:"ended_on"`
-	Status    string                         `json:"status"`
-	Start     int                            `json:"start"`
-	End       int                            `json:"end"`
-	Total     int                            `json:"total"`
-	Data      []PagesDeploymentStageLogEntry `json:"data"`
-}
-
-// PagesDeploymentStageLogEntry represents a single log entry in a Pages deployment stage.
-type PagesDeploymentStageLogEntry struct {
-	ID        int        `json:"id"`
-	Timestamp *time.Time `json:"timestamp"`
-	Message   string     `json:"message"`
-}
-
-// PagesDeploymentLogs represents the logs for a Pages deployment.
-type PagesDeploymentLogs struct {
-	Total                 int                       `json:"total"`
-	IncludesContainerLogs bool                      `json:"includes_container_logs"`
-	Data                  []PagesDeploymentLogEntry `json:"data"`
-}
-
-// PagesDeploymentLogEntry represents a single log entry in a Pages deployment.
-type PagesDeploymentLogEntry struct {
-	Timestamp *time.Time `json:"ts"`
-	Line      string     `json:"line"`
-}
-
-type pagesDeploymentListResponse struct {
-	Response
-	Result     []PagesProjectDeployment `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type pagesDeploymentResponse struct {
-	Response
-	Result PagesProjectDeployment `json:"result"`
-}
-
-type pagesDeploymentLogsResponse struct {
-	Response
-	Result     PagesDeploymentLogs `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type ListPagesDeploymentsParams struct {
-	ProjectName string `url:"-"`
-
-	ResultInfo
-}
-
-type GetPagesDeploymentInfoParams struct {
-	ProjectName  string
-	DeploymentID string
-}
-
-type GetPagesDeploymentStageLogsParams struct {
-	ProjectName  string
-	DeploymentID string
-	StageName    string
-
-	SizeOptions
-}
-
-type GetPagesDeploymentLogsParams struct {
-	ProjectName  string
-	DeploymentID string
-
-	SizeOptions
-}
-
-type DeletePagesDeploymentParams struct {
-	ProjectName  string `url:"-"`
-	DeploymentID string `url:"-"`
-	Force        bool   `url:"force,omitempty"`
-}
-
-type CreatePagesDeploymentParams struct {
-	ProjectName string `json:"-"`
-	Branch      string `json:"branch,omitempty"`
-}
-
-type RetryPagesDeploymentParams struct {
-	ProjectName  string
-	DeploymentID string
-}
-
-type RollbackPagesDeploymentParams struct {
-	ProjectName  string
-	DeploymentID string
-}
-
-var (
-	ErrMissingProjectName  = errors.New("required missing project name")
-	ErrMissingDeploymentID = errors.New("required missing deployment ID")
-)
-
-// ListPagesDeployments returns all deployments for a Pages project.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-get-deployments
-func (api *API) ListPagesDeployments(ctx context.Context, rc *ResourceContainer, params ListPagesDeploymentsParams) ([]PagesProjectDeployment, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []PagesProjectDeployment{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return []PagesProjectDeployment{}, &ResultInfo{}, ErrMissingProjectName
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var deployments []PagesProjectDeployment
-	var r pagesDeploymentListResponse
-
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments", rc.Identifier, params.ProjectName), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []PagesProjectDeployment{}, &ResultInfo{}, err
-		}
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []PagesProjectDeployment{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		deployments = append(deployments, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.Done() || !autoPaginate {
-			break
-		}
-	}
-	return deployments, &r.ResultInfo, nil
-}
-
-// GetPagesDeploymentInfo returns a deployment for a Pages project.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-get-deployment-info
-func (api *API) GetPagesDeploymentInfo(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
-	if rc.Identifier == "" {
-		return PagesProjectDeployment{}, ErrMissingAccountID
-	}
-
-	if projectName == "" {
-		return PagesProjectDeployment{}, ErrMissingProjectName
-	}
-
-	if deploymentID == "" {
-		return PagesProjectDeployment{}, ErrMissingDeploymentID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s", rc.Identifier, projectName, deploymentID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PagesProjectDeployment{}, err
-	}
-	var r pagesDeploymentResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// GetPagesDeploymentLogs returns the logs for a Pages deployment.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-get-deployment-logs
-func (api *API) GetPagesDeploymentLogs(ctx context.Context, rc *ResourceContainer, params GetPagesDeploymentLogsParams) (PagesDeploymentLogs, error) {
-	if rc.Identifier == "" {
-		return PagesDeploymentLogs{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return PagesDeploymentLogs{}, ErrMissingProjectName
-	}
-
-	if params.DeploymentID == "" {
-		return PagesDeploymentLogs{}, ErrMissingDeploymentID
-	}
-
-	uri := buildURI(
-		fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/history/logs", rc.Identifier, params.ProjectName, params.DeploymentID),
-		params.SizeOptions,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PagesDeploymentLogs{}, err
-	}
-	var r pagesDeploymentLogsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesDeploymentLogs{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeletePagesDeployment deletes a Pages deployment.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-delete-deployment
-func (api *API) DeletePagesDeployment(ctx context.Context, rc *ResourceContainer, params DeletePagesDeploymentParams) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return ErrMissingProjectName
-	}
-
-	if params.DeploymentID == "" {
-		return ErrMissingDeploymentID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s", rc.Identifier, params.ProjectName, params.DeploymentID), params)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// CreatePagesDeployment creates a Pages production deployment.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-create-deployment
-func (api *API) CreatePagesDeployment(ctx context.Context, rc *ResourceContainer, params CreatePagesDeploymentParams) (PagesProjectDeployment, error) {
-	if rc.Identifier == "" {
-		return PagesProjectDeployment{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return PagesProjectDeployment{}, ErrMissingProjectName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments", rc.Identifier, params.ProjectName)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return PagesProjectDeployment{}, err
-	}
-	var r pagesDeploymentResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// RetryPagesDeployment retries a specific Pages deployment.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-retry-deployment
-func (api *API) RetryPagesDeployment(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
-	if rc.Identifier == "" {
-		return PagesProjectDeployment{}, ErrMissingAccountID
-	}
-
-	if projectName == "" {
-		return PagesProjectDeployment{}, ErrMissingProjectName
-	}
-
-	if deploymentID == "" {
-		return PagesProjectDeployment{}, ErrMissingDeploymentID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/retry", rc.Identifier, projectName, deploymentID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return PagesProjectDeployment{}, err
-	}
-	var r pagesDeploymentResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// RollbackPagesDeployment rollbacks the Pages production deployment to a previous production deployment.
-//
-// API reference: https://api.cloudflare.com/#pages-deployment-rollback-deployment
-func (api *API) RollbackPagesDeployment(ctx context.Context, rc *ResourceContainer, projectName, deploymentID string) (PagesProjectDeployment, error) {
-	if rc.Identifier == "" {
-		return PagesProjectDeployment{}, ErrMissingAccountID
-	}
-
-	if projectName == "" {
-		return PagesProjectDeployment{}, ErrMissingProjectName
-	}
-
-	if deploymentID == "" {
-		return PagesProjectDeployment{}, ErrMissingDeploymentID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/deployments/%s/rollback", rc.Identifier, projectName, deploymentID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return PagesProjectDeployment{}, err
-	}
-	var r pagesDeploymentResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProjectDeployment{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/pages_deployment_test.go b/pkg/cloudflare-go/pages_deployment_test.go
deleted file mode 100644
index 7e7f3ee0e8..0000000000
--- a/pkg/cloudflare-go/pages_deployment_test.go
+++ /dev/null
@@ -1,500 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testPagesDeploymentResponse = `
-	{
-		"id": "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
-		"short_id": "0012e50b",
-		"project_id": "80776025-b1bd-4181-993f-8238c27d226f",
-		"project_name": "test",
-		"environment": "production",
-		"url": "https://0012e50b.test.pages.dev",
-		"created_on": "2021-01-01T00:00:00Z",
-		"modified_on": "2021-01-01T00:00:00Z",
-		"latest_stage": {
-			"name": "deploy",
-			"started_on": "2021-01-01T00:00:00Z",
-			"ended_on": "2021-01-01T00:00:00Z",
-			"status": "success"
-		},
-		"deployment_trigger": {
-			"type": "ad_hoc",
-			"metadata": {
-				"branch": "main",
-				"commit_hash": "20fb65fa9d7fd2a11f7fa3ebdc44137b263ee835",
-				"commit_message": "Test commit"
-			}
-		},
-		"stages": [
-			{
-				"name": "queued",
-				"started_on": "2021-01-01T00:00:00Z",
-				"ended_on": "2021-01-01T00:00:00Z",
-				"status": "success"
-			},
-			{
-				"name": "initialize",
-				"started_on": "2021-01-01T00:00:00Z",
-				"ended_on": "2021-01-01T00:00:00Z",
-				"status": "success"
-			},
-			{
-				"name": "clone_repo",
-				"started_on": "2021-01-01T00:00:00Z",
-				"ended_on": "2021-01-01T00:00:00Z",
-				"status": "success"
-			},
-			{
-				"name": "build",
-				"started_on": "2021-01-01T00:00:00Z",
-				"ended_on": "2021-01-01T00:00:00Z",
-				"status": "success"
-			},
-			{
-				"name": "deploy",
-				"started_on": "2021-01-01T00:00:00Z",
-				"ended_on": "2021-01-01T00:00:00Z",
-				"status": "success"
-			}
-		],
-		"build_config": {
-			"build_command": "bash test.sh",
-			"destination_dir": "",
-			"root_dir": "",
-			"web_analytics_tag": null,
-			"web_analytics_token": null
-		},
-		"source": {
-			"type": "github",
-			"config": {
-				"owner": "coudflare",
-				"repo_name": "Test",
-				"production_branch": "main",
-				"pr_comments_enabled": false
-			}
-		},
-		"env_vars": {
-			"NODE_VERSION": {
-				"value": "16"
-			}
-		},
-		"aliases": null
-	}`
-
-	testPagesDeploymentLogsResponse = `
-	{
-		"total": 6,
-		"includes_container_logs": true,
-		"data": [
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Installing dependencies"
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Verify run directory"
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Executing user command: bash test.sh"
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Finished"
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Building functions..."
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Validating asset output directory"
-			},
-			{
-				"ts": "2021-01-01T00:00:00Z",
-				"line": "Parsed 2 valid header rules."
-			}
-		]
-	}`
-)
-
-var (
-	pagesDeploymentDummyTime, _ = time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
-
-	expectedPagesDeployment = &PagesProjectDeployment{
-		ID:          "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
-		ShortID:     "0012e50b",
-		ProjectID:   "80776025-b1bd-4181-993f-8238c27d226f",
-		ProjectName: "test",
-		Environment: "production",
-		URL:         "https://0012e50b.test.pages.dev",
-		CreatedOn:   &pagesDeploymentDummyTime,
-		ModifiedOn:  &pagesDeploymentDummyTime,
-		Aliases:     nil,
-		LatestStage: *expectedPagesDeploymentLatestStage,
-		EnvVars: EnvironmentVariableMap{
-			"NODE_VERSION": &EnvironmentVariable{
-				Value: "16",
-			},
-		},
-		DeploymentTrigger: PagesProjectDeploymentTrigger{
-			Type: "ad_hoc",
-			Metadata: &PagesProjectDeploymentTriggerMetadata{
-				Branch:        "main",
-				CommitHash:    "20fb65fa9d7fd2a11f7fa3ebdc44137b263ee835",
-				CommitMessage: "Test commit",
-			},
-		},
-		Stages: expectedPagesDeploymentStages,
-		BuildConfig: PagesProjectBuildConfig{
-			BuildCommand:   "bash test.sh",
-			DestinationDir: "",
-			RootDir:        "",
-		},
-		Source: PagesProjectSource{
-			Type: "github",
-			Config: &PagesProjectSourceConfig{
-				Owner:             "coudflare",
-				RepoName:          "Test",
-				ProductionBranch:  "main",
-				PRCommentsEnabled: false,
-			},
-		},
-	}
-
-	expectedPagesDeploymentStages = []PagesProjectDeploymentStage{
-		{
-			Name:      "queued",
-			StartedOn: &pagesDeploymentDummyTime,
-			EndedOn:   &pagesDeploymentDummyTime,
-			Status:    "success",
-		},
-		{
-			Name:      "initialize",
-			StartedOn: &pagesDeploymentDummyTime,
-			EndedOn:   &pagesDeploymentDummyTime,
-			Status:    "success",
-		},
-		{
-			Name:      "clone_repo",
-			StartedOn: &pagesDeploymentDummyTime,
-			EndedOn:   &pagesDeploymentDummyTime,
-			Status:    "success",
-		},
-		{
-			Name:      "build",
-			StartedOn: &pagesDeploymentDummyTime,
-			EndedOn:   &pagesDeploymentDummyTime,
-			Status:    "success",
-		},
-		*expectedPagesDeploymentLatestStage,
-	}
-
-	expectedPagesDeploymentLatestStage = &PagesProjectDeploymentStage{
-		Name:      "deploy",
-		StartedOn: &pagesDeploymentDummyTime,
-		EndedOn:   &pagesDeploymentDummyTime,
-		Status:    "success",
-	}
-
-	expectedPagesDeploymentLogs = &PagesDeploymentLogs{
-		Total:                 6,
-		IncludesContainerLogs: true,
-		Data:                  expectedPagesDeploymentLogEntries,
-	}
-
-	expectedPagesDeploymentLogEntries = []PagesDeploymentLogEntry{
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Installing dependencies",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Verify run directory",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Executing user command: bash test.sh",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Finished",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Building functions...",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Validating asset output directory",
-		},
-		{
-			Timestamp: &pagesDeploymentDummyTime,
-			Line:      "Parsed 2 valid header rules.",
-		},
-	}
-)
-
-func TestListPagesDeployments(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "25", r.URL.Query().Get("per_page"))
-		assert.Equal(t, "1", r.URL.Query().Get("page"))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				%s
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 100,
-				"count": 1,
-				"total_count": 1
-			  }
-		}`, testPagesDeploymentResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
-
-	expectedPagesDeployments := []PagesProjectDeployment{
-		*expectedPagesDeployment,
-	}
-	expectedResultInfo := ResultInfo{
-		Page:    1,
-		PerPage: 100,
-		Count:   1,
-		Total:   1,
-	}
-	actual, resultInfo, err := client.ListPagesDeployments(context.Background(), AccountIdentifier(testAccountID), ListPagesDeploymentsParams{
-		ProjectName: "test",
-		ResultInfo:  ResultInfo{},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedPagesDeployments, actual)
-		assert.Equal(t, &expectedResultInfo, resultInfo)
-	}
-}
-
-func TestListPagesDeploymentsPagination(t *testing.T) {
-	setup()
-	defer teardown()
-	var page1Called, page2Called bool
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		page := r.URL.Query().Get("page")
-		w.Header().Set("content-type", "application/json")
-		switch page {
-		case "1":
-			page1Called = true
-			fmt.Fprintf(w, `{
-				"success": true,
-				"errors": [],
-				"messages": [],
-				"result": [
-					%s
-				],
-				"result_info": {
-					"page": 1,
-					"per_page": 25,
-					"total_count": 26,
-					"total_pages": 2
-				  }
-			}`, testPagesDeploymentResponse)
-		case "2":
-			page2Called = true
-			fmt.Fprintf(w, `{
-				"success": true,
-				"errors": [],
-				"messages": [],
-				"result": [
-					%s
-				],
-				"result_info": {
-					"page": 2,
-					"per_page": 25,
-					"total_count": 26,
-					"total_pages": 2
-				  }
-			}`, testPagesDeploymentResponse)
-		default:
-			assert.Failf(t, "Unexpected page number", "Expected page 1 or 2, got %s", page)
-			return
-		}
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
-	actual, resultInfo, err := client.ListPagesDeployments(context.Background(), AccountIdentifier(testAccountID), ListPagesDeploymentsParams{
-		ProjectName: "test",
-		ResultInfo:  ResultInfo{},
-	})
-	if assert.NoError(t, err) {
-		assert.True(t, page1Called)
-		assert.True(t, page2Called)
-		assert.Equal(t, 2, len(actual))
-		assert.Equal(t, 26, resultInfo.Total)
-	}
-}
-
-func TestGetPagesDeploymentInfo(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testPagesDeploymentResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe", handler)
-
-	actual, err := client.GetPagesDeploymentInfo(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesDeployment, actual)
-	}
-}
-
-func TestGetPagesDeploymentLogs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testPagesDeploymentLogsResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/history/logs", handler)
-
-	actual, err := client.GetPagesDeploymentLogs(context.Background(), AccountIdentifier(testAccountID), GetPagesDeploymentLogsParams{
-		ProjectName:  "test",
-		DeploymentID: "0012e50b-fa5d-44db-8cb5-1f372785dcbe",
-		SizeOptions:  SizeOptions{},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesDeploymentLogs, actual)
-	}
-}
-
-func TestDeletePagesDeployment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		assert.Equal(t, "true", r.URL.Query().Get("force"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": null
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe", handler)
-
-	err := client.DeletePagesDeployment(context.Background(), AccountIdentifier(testAccountID), DeletePagesDeploymentParams{ProjectName: "test", DeploymentID: "0012e50b-fa5d-44db-8cb5-1f372785dcbe", Force: true})
-	assert.NoError(t, err)
-}
-
-func TestCreatePagesDeployment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testPagesDeploymentResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments", handler)
-
-	actual, err := client.CreatePagesDeployment(context.Background(), AccountIdentifier(testAccountID), CreatePagesDeploymentParams{
-		ProjectName: "test",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesDeployment, actual)
-	}
-}
-
-func TestRetryPagesDeployment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testPagesDeploymentResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/retry", handler)
-
-	actual, err := client.RetryPagesDeployment(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesDeployment, actual)
-	}
-}
-
-func TestRollbackPagesDeployment(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": %s
-		}`, testPagesDeploymentResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/test/deployments/0012e50b-fa5d-44db-8cb5-1f372785dcbe/rollback", handler)
-
-	actual, err := client.RollbackPagesDeployment(context.Background(), AccountIdentifier(testAccountID), "test", "0012e50b-fa5d-44db-8cb5-1f372785dcbe")
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesDeployment, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/pages_domain.go b/pkg/cloudflare-go/pages_domain.go
deleted file mode 100644
index a6fa8ac9f1..0000000000
--- a/pkg/cloudflare-go/pages_domain.go
+++ /dev/null
@@ -1,194 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// PagesDomain represents a pages domain.
-type PagesDomain struct {
-	ID               string           `json:"id"`
-	Name             string           `json:"name"`
-	Status           string           `json:"status"`
-	VerificationData VerificationData `json:"verification_data"`
-	ValidationData   ValidationData   `json:"validation_data"`
-	ZoneTag          string           `json:"zone_tag"`
-	CreatedOn        *time.Time       `json:"created_on"`
-}
-
-// VerificationData represents verification data for a domain.
-type VerificationData struct {
-	Status string `json:"status"`
-}
-
-// ValidationData represents validation data for a domain.
-type ValidationData struct {
-	Status string `json:"status"`
-	Method string `json:"method"`
-}
-
-// PagesDomainsParameters represents parameters for a pages domains request.
-type PagesDomainsParameters struct {
-	AccountID   string
-	ProjectName string
-}
-
-// PagesDomainsResponse represents an API response for a pages domains request.
-type PagesDomainsResponse struct {
-	Response
-	Result []PagesDomain `json:"result,omitempty"`
-}
-
-// PagesDomainParameters represents parameters for a pages domain request.
-type PagesDomainParameters struct {
-	AccountID   string `json:"-"`
-	ProjectName string `json:"-"`
-	DomainName  string `json:"name,omitempty"`
-}
-
-// PagesDomainResponse represents an API response for a pages domain request.
-type PagesDomainResponse struct {
-	Response
-	Result PagesDomain `json:"result,omitempty"`
-}
-
-// GetPagesDomains gets all domains for a pages project.
-//
-// API Reference: https://api.cloudflare.com/#pages-domains-get-domains
-func (api *API) GetPagesDomains(ctx context.Context, params PagesDomainsParameters) ([]PagesDomain, error) {
-	if params.AccountID == "" {
-		return []PagesDomain{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return []PagesDomain{}, ErrMissingProjectName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains", params.AccountID, params.ProjectName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PagesDomain{}, err
-	}
-
-	var pageDomainResponse PagesDomainsResponse
-	if err := json.Unmarshal(res, &pageDomainResponse); err != nil {
-		return []PagesDomain{}, err
-	}
-	return pageDomainResponse.Result, nil
-}
-
-// GetPagesDomain gets a single domain.
-//
-// API Reference: https://api.cloudflare.com/#pages-domains-get-domains
-func (api *API) GetPagesDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
-	if params.AccountID == "" {
-		return PagesDomain{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return PagesDomain{}, ErrMissingProjectName
-	}
-
-	if params.DomainName == "" {
-		return PagesDomain{}, ErrMissingDomain
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PagesDomain{}, err
-	}
-
-	var pagesDomainResponse PagesDomainResponse
-	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
-		return PagesDomain{}, err
-	}
-	return pagesDomainResponse.Result, nil
-}
-
-// PagesPatchDomain retries the validation status of a single domain.
-//
-// API Reference: https://api.cloudflare.com/#pages-domains-patch-domain
-func (api *API) PagesPatchDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
-	if params.AccountID == "" {
-		return PagesDomain{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return PagesDomain{}, ErrMissingProjectName
-	}
-
-	if params.DomainName == "" {
-		return PagesDomain{}, ErrMissingDomain
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, nil)
-	if err != nil {
-		return PagesDomain{}, err
-	}
-
-	var pagesDomainResponse PagesDomainResponse
-	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
-		return PagesDomain{}, err
-	}
-	return pagesDomainResponse.Result, nil
-}
-
-// PagesAddDomain adds a domain to a pages project.
-//
-// API Reference: https://api.cloudflare.com/#pages-domains-add-domain
-func (api *API) PagesAddDomain(ctx context.Context, params PagesDomainParameters) (PagesDomain, error) {
-	if params.AccountID == "" {
-		return PagesDomain{}, ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return PagesDomain{}, ErrMissingProjectName
-	}
-
-	if params.DomainName == "" {
-		return PagesDomain{}, ErrMissingDomain
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains", params.AccountID, params.ProjectName)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return PagesDomain{}, err
-	}
-
-	var pagesDomainResponse PagesDomainResponse
-	if err := json.Unmarshal(res, &pagesDomainResponse); err != nil {
-		return PagesDomain{}, err
-	}
-	return pagesDomainResponse.Result, nil
-}
-
-// PagesDeleteDomain removes a domain from a pages project.
-//
-// API Reference: https://api.cloudflare.com/#pages-domains-delete-domain
-func (api *API) PagesDeleteDomain(ctx context.Context, params PagesDomainParameters) error {
-	if params.AccountID == "" {
-		return ErrMissingAccountID
-	}
-
-	if params.ProjectName == "" {
-		return ErrMissingProjectName
-	}
-
-	if params.DomainName == "" {
-		return ErrMissingDomain
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s/domains/%s", params.AccountID, params.ProjectName, params.DomainName)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, params)
-	if err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/pages_domain_test.go b/pkg/cloudflare-go/pages_domain_test.go
deleted file mode 100644
index 20e80e7b45..0000000000
--- a/pkg/cloudflare-go/pages_domain_test.go
+++ /dev/null
@@ -1,277 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testPagesProjectName = "page-project"
-
-var testCreatedOn, _ = time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
-
-var testPagesDomain = PagesDomain{
-	ID:     "8232210c-6818-4e34-8d95-cc386874b8d2",
-	Name:   "example.com",
-	Status: "pending",
-	VerificationData: VerificationData{
-		Status: "active",
-	},
-	ValidationData: ValidationData{
-		Status: "active",
-		Method: "http",
-	},
-	ZoneTag:   "023e105f4ecef8ad9ca31a8372d0c353",
-	CreatedOn: &testCreatedOn,
-}
-
-func TestPages_GetDomains(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
-      "name": "example.com",
-      "status": "pending",
-      "verification_data": {
-        "status": "active"
-      },
-      "validation_data": {
-        "status": "active",
-        "method": "http"
-      },
-      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
-      "created_on": "2017-01-01T00:00:00Z"
-    }
-  ]
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.GetPagesDomains(context.Background(), PagesDomainsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing project name is thrown
-	_, err = client.GetPagesDomains(context.Background(), PagesDomainsParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingProjectName, err)
-	}
-
-	out, err := client.GetPagesDomains(context.Background(), PagesDomainsParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(out), "Domains length not correct")
-		assert.Equal(t, out[0], testPagesDomain, "structs not equal")
-	}
-}
-
-func TestPages_GetDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
-      "name": "example.com",
-      "status": "pending",
-      "verification_data": {
-        "status": "active"
-      },
-      "validation_data": {
-        "status": "active",
-        "method": "http"
-      },
-      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
-      "created_on": "2017-01-01T00:00:00Z"
-    }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.GetPagesDomain(context.Background(), PagesDomainParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing project name is thrown
-	_, err = client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingProjectName, err)
-	}
-
-	// Make sure missing domain is thrown
-	_, err = client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-
-	out, err := client.GetPagesDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, testPagesDomain, "structs not equal")
-	}
-}
-
-func TestPages_PatchDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
-      "name": "example.com",
-      "status": "pending",
-      "verification_data": {
-        "status": "active"
-      },
-      "validation_data": {
-        "status": "active",
-        "method": "http"
-      },
-      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
-      "created_on": "2017-01-01T00:00:00Z"
-    }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.PagesPatchDomain(context.Background(), PagesDomainParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing project name is thrown
-	_, err = client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingProjectName, err)
-	}
-
-	// Make sure missing domain is thrown
-	_, err = client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-
-	out, err := client.PagesPatchDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, testPagesDomain, "structs not equal")
-	}
-}
-
-func TestPages_AddDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-      "id": "8232210c-6818-4e34-8d95-cc386874b8d2",
-      "name": "example.com",
-      "status": "pending",
-      "verification_data": {
-        "status": "active"
-      },
-      "validation_data": {
-        "status": "active",
-        "method": "http"
-      },
-      "zone_tag": "023e105f4ecef8ad9ca31a8372d0c353",
-      "created_on": "2017-01-01T00:00:00Z"
-    }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.PagesAddDomain(context.Background(), PagesDomainParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing project name is thrown
-	_, err = client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingProjectName, err)
-	}
-
-	// Make sure missing domain is thrown
-	_, err = client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-
-	out, err := client.PagesAddDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, testPagesDomain, "structs not equal")
-	}
-}
-
-func TestPages_DeleteDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/"+testPagesProjectName+"/domains/example.com", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": null
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	err := client.PagesDeleteDomain(context.Background(), PagesDomainParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing project name is thrown
-	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingProjectName, err)
-	}
-
-	// Make sure missing domain is thrown
-	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingDomain, err)
-	}
-
-	err = client.PagesDeleteDomain(context.Background(), PagesDomainParameters{AccountID: testAccountID, ProjectName: testPagesProjectName, DomainName: "example.com"})
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/pages_project.go b/pkg/cloudflare-go/pages_project.go
deleted file mode 100644
index 202846158a..0000000000
--- a/pkg/cloudflare-go/pages_project.go
+++ /dev/null
@@ -1,333 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type PagesPreviewDeploymentSetting string
-
-const (
-	PagesPreviewAllBranches    PagesPreviewDeploymentSetting = "all"
-	PagesPreviewNoBranches     PagesPreviewDeploymentSetting = "none"
-	PagesPreviewCustomBranches PagesPreviewDeploymentSetting = "custom"
-)
-
-// PagesProject represents a Pages project.
-type PagesProject struct {
-	Name                string                        `json:"name,omitempty"`
-	ID                  string                        `json:"id"`
-	CreatedOn           *time.Time                    `json:"created_on"`
-	SubDomain           string                        `json:"subdomain"`
-	Domains             []string                      `json:"domains,omitempty"`
-	Source              *PagesProjectSource           `json:"source,omitempty"`
-	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
-	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
-	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
-	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
-	ProductionBranch    string                        `json:"production_branch,omitempty"`
-}
-
-// PagesProjectSource represents the configuration of a Pages project source.
-type PagesProjectSource struct {
-	Type   string                    `json:"type"`
-	Config *PagesProjectSourceConfig `json:"config"`
-}
-
-// PagesProjectSourceConfig represents the properties use to configure a Pages project source.
-type PagesProjectSourceConfig struct {
-	Owner                        string                        `json:"owner"`
-	RepoName                     string                        `json:"repo_name"`
-	ProductionBranch             string                        `json:"production_branch"`
-	PRCommentsEnabled            bool                          `json:"pr_comments_enabled"`
-	DeploymentsEnabled           bool                          `json:"deployments_enabled"`
-	ProductionDeploymentsEnabled bool                          `json:"production_deployments_enabled"`
-	PreviewDeploymentSetting     PagesPreviewDeploymentSetting `json:"preview_deployment_setting"`
-	PreviewBranchIncludes        []string                      `json:"preview_branch_includes"`
-	PreviewBranchExcludes        []string                      `json:"preview_branch_excludes"`
-}
-
-// PagesProjectBuildConfig represents the configuration of a Pages project build process.
-type PagesProjectBuildConfig struct {
-	BuildCaching      *bool  `json:"build_caching,omitempty"`
-	BuildCommand      string `json:"build_command"`
-	DestinationDir    string `json:"destination_dir"`
-	RootDir           string `json:"root_dir"`
-	WebAnalyticsTag   string `json:"web_analytics_tag"`
-	WebAnalyticsToken string `json:"web_analytics_token"`
-}
-
-// PagesProjectDeploymentConfigs represents the configuration for deployments in a Pages project.
-type PagesProjectDeploymentConfigs struct {
-	Preview    PagesProjectDeploymentConfigEnvironment `json:"preview"`
-	Production PagesProjectDeploymentConfigEnvironment `json:"production"`
-}
-
-// PagesProjectDeploymentConfigEnvironment represents the configuration for preview or production deploys.
-type PagesProjectDeploymentConfigEnvironment struct {
-	EnvVars                          EnvironmentVariableMap `json:"env_vars,omitempty"`
-	KvNamespaces                     NamespaceBindingMap    `json:"kv_namespaces,omitempty"`
-	DoNamespaces                     NamespaceBindingMap    `json:"durable_object_namespaces,omitempty"`
-	D1Databases                      D1BindingMap           `json:"d1_databases,omitempty"`
-	R2Bindings                       R2BindingMap           `json:"r2_buckets,omitempty"`
-	ServiceBindings                  ServiceBindingMap      `json:"services,omitempty"`
-	CompatibilityDate                string                 `json:"compatibility_date,omitempty"`
-	CompatibilityFlags               []string               `json:"compatibility_flags,omitempty"`
-	FailOpen                         bool                   `json:"fail_open"`
-	AlwaysUseLatestCompatibilityDate bool                   `json:"always_use_latest_compatibility_date"`
-	UsageModel                       UsageModel             `json:"usage_model,omitempty"`
-	Placement                        *Placement             `json:"placement,omitempty"`
-}
-
-// PagesProjectDeployment represents a deployment to a Pages project.
-type PagesProjectDeployment struct {
-	ID                 string                        `json:"id"`
-	ShortID            string                        `json:"short_id"`
-	ProjectID          string                        `json:"project_id"`
-	ProjectName        string                        `json:"project_name"`
-	Environment        string                        `json:"environment"`
-	URL                string                        `json:"url"`
-	CreatedOn          *time.Time                    `json:"created_on"`
-	ModifiedOn         *time.Time                    `json:"modified_on"`
-	Aliases            []string                      `json:"aliases,omitempty"`
-	LatestStage        PagesProjectDeploymentStage   `json:"latest_stage"`
-	EnvVars            EnvironmentVariableMap        `json:"env_vars"`
-	KvNamespaces       NamespaceBindingMap           `json:"kv_namespaces,omitempty"`
-	DoNamespaces       NamespaceBindingMap           `json:"durable_object_namespaces,omitempty"`
-	D1Databases        D1BindingMap                  `json:"d1_databases,omitempty"`
-	R2Bindings         R2BindingMap                  `json:"r2_buckets,omitempty"`
-	ServiceBindings    ServiceBindingMap             `json:"services,omitempty"`
-	Placement          *Placement                    `json:"placement,omitempty"`
-	DeploymentTrigger  PagesProjectDeploymentTrigger `json:"deployment_trigger"`
-	Stages             []PagesProjectDeploymentStage `json:"stages"`
-	BuildConfig        PagesProjectBuildConfig       `json:"build_config"`
-	Source             PagesProjectSource            `json:"source"`
-	CompatibilityDate  string                        `json:"compatibility_date,omitempty"`
-	CompatibilityFlags []string                      `json:"compatibility_flags,omitempty"`
-	UsageModel         UsageModel                    `json:"usage_model,omitempty"`
-	IsSkipped          bool                          `json:"is_skipped"`
-	ProductionBranch   string                        `json:"production_branch,omitempty"`
-}
-
-// PagesProjectDeploymentStage represents an individual stage in a Pages project deployment.
-type PagesProjectDeploymentStage struct {
-	Name      string     `json:"name"`
-	StartedOn *time.Time `json:"started_on,omitempty"`
-	EndedOn   *time.Time `json:"ended_on,omitempty"`
-	Status    string     `json:"status"`
-}
-
-// PagesProjectDeploymentTrigger represents information about what caused a deployment.
-type PagesProjectDeploymentTrigger struct {
-	Type     string                                 `json:"type"`
-	Metadata *PagesProjectDeploymentTriggerMetadata `json:"metadata"`
-}
-
-// PagesProjectDeploymentTriggerMetadata represents additional information about the cause of a deployment.
-type PagesProjectDeploymentTriggerMetadata struct {
-	Branch        string `json:"branch"`
-	CommitHash    string `json:"commit_hash"`
-	CommitMessage string `json:"commit_message"`
-}
-
-type pagesProjectResponse struct {
-	Response
-	Result PagesProject `json:"result"`
-}
-
-type pagesProjectListResponse struct {
-	Response
-	Result     []PagesProject `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type EnvironmentVariableMap map[string]*EnvironmentVariable
-
-// PagesProjectDeploymentVar represents a deployment environment variable.
-type EnvironmentVariable struct {
-	Value string     `json:"value"`
-	Type  EnvVarType `json:"type"`
-}
-
-type EnvVarType string
-
-const (
-	PlainText  EnvVarType = "plain_text"
-	SecretText EnvVarType = "secret_text"
-)
-
-type NamespaceBindingMap map[string]*NamespaceBindingValue
-
-type NamespaceBindingValue struct {
-	Value string `json:"namespace_id"`
-}
-
-type R2BindingMap map[string]*R2BindingValue
-
-type R2BindingValue struct {
-	Name string `json:"name"`
-}
-
-type D1BindingMap map[string]*D1Binding
-
-type D1Binding struct {
-	ID string `json:"id"`
-}
-
-type ServiceBindingMap map[string]*ServiceBinding
-
-type ServiceBinding struct {
-	Service     string `json:"service"`
-	Environment string `json:"environment"`
-}
-
-type UsageModel string
-
-const (
-	Bundled  UsageModel = "bundled"
-	Unbound  UsageModel = "unbound"
-	Standard UsageModel = "standard"
-)
-
-type ListPagesProjectsParams struct {
-	PaginationOptions
-}
-
-type CreatePagesProjectParams struct {
-	Name                string                        `json:"name,omitempty"`
-	SubDomain           string                        `json:"subdomain"`
-	Domains             []string                      `json:"domains,omitempty"`
-	Source              *PagesProjectSource           `json:"source,omitempty"`
-	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
-	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
-	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
-	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
-	ProductionBranch    string                        `json:"production_branch,omitempty"`
-}
-
-type UpdatePagesProjectParams struct {
-	// `ID` is used for addressing the resource via the UI or a stable
-	// anchor whereas `Name` is used for updating the value.
-	ID                  string                        `json:"-"`
-	Name                string                        `json:"name,omitempty"`
-	SubDomain           string                        `json:"subdomain"`
-	Domains             []string                      `json:"domains,omitempty"`
-	Source              *PagesProjectSource           `json:"source,omitempty"`
-	BuildConfig         PagesProjectBuildConfig       `json:"build_config"`
-	DeploymentConfigs   PagesProjectDeploymentConfigs `json:"deployment_configs"`
-	LatestDeployment    PagesProjectDeployment        `json:"latest_deployment"`
-	CanonicalDeployment PagesProjectDeployment        `json:"canonical_deployment"`
-	ProductionBranch    string                        `json:"production_branch,omitempty"`
-}
-
-// ListPagesProjects returns all Pages projects for an account.
-//
-// API reference: https://api.cloudflare.com/#pages-project-get-projects
-func (api *API) ListPagesProjects(ctx context.Context, rc *ResourceContainer, params ListPagesProjectsParams) ([]PagesProject, ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []PagesProject{}, ResultInfo{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/pages/projects", rc.Identifier), params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PagesProject{}, ResultInfo{}, err
-	}
-	var r pagesProjectListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []PagesProject{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, r.ResultInfo, nil
-}
-
-// GetPagesProject returns a single Pages project by name.
-//
-// API reference: https://api.cloudflare.com/#pages-project-get-project
-func (api *API) GetPagesProject(ctx context.Context, rc *ResourceContainer, projectName string) (PagesProject, error) {
-	if rc.Identifier == "" {
-		return PagesProject{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, projectName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PagesProject{}, err
-	}
-	var r pagesProjectResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreatePagesProject creates a new Pages project in an account.
-//
-// API reference: https://api.cloudflare.com/#pages-project-create-project
-func (api *API) CreatePagesProject(ctx context.Context, rc *ResourceContainer, params CreatePagesProjectParams) (PagesProject, error) {
-	if rc.Identifier == "" {
-		return PagesProject{}, ErrMissingAccountID
-	}
-	uri := fmt.Sprintf("/accounts/%s/pages/projects", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return PagesProject{}, err
-	}
-	var r pagesProjectResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdatePagesProject updates an existing Pages project.
-//
-// API reference: https://api.cloudflare.com/#pages-project-update-project
-func (api *API) UpdatePagesProject(ctx context.Context, rc *ResourceContainer, params UpdatePagesProjectParams) (PagesProject, error) {
-	if rc.Identifier == "" {
-		return PagesProject{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return PagesProject{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return PagesProject{}, err
-	}
-	var r pagesProjectResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PagesProject{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeletePagesProject deletes a Pages project by name.
-//
-// API reference: https://api.cloudflare.com/#pages-project-delete-project
-func (api *API) DeletePagesProject(ctx context.Context, rc *ResourceContainer, projectName string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-	uri := fmt.Sprintf("/accounts/%s/pages/projects/%s", rc.Identifier, projectName)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r pagesProjectResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/pages_project_test.go b/pkg/cloudflare-go/pages_project_test.go
deleted file mode 100644
index 49861c0694..0000000000
--- a/pkg/cloudflare-go/pages_project_test.go
+++ /dev/null
@@ -1,671 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testPagesProjectResponse = `
-    {
-        "name": "Test Pages Project",
-        "id": "5a321fc7-3162-7d36-adce-1213996a7",
-        "created_on": "2021-01-01T00:00:00Z",
-        "subdomain": "test.pages.dev",
-        "domains": [
-          "testdomain.com",
-          "testdomain.org"
-        ],
-		"production_branch": "main",
-        "source": {
-          "type": "github",
-          "config": {
-            "owner": "cloudflare",
-            "repo_name": "pages-test",
-            "production_branch": "main",
-            "pr_comments_enabled": true,
-            "deployments_enabled": true,
-			"preview_deployment_setting": "custom",
-			"preview_branch_includes": [
-				"release/*",
-				"production",
-				"main"
-			],
-			"preview_branch_excludes": [
-				"dependabot/*",
-				"dev",
-				"*/ignore"
-			]
-          }
-        },
-        "build_config": {
-          "build_caching": true,
-          "build_command": "npm run build",
-          "destination_dir": "build",
-          "root_dir": "/",
-          "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
-          "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
-        },
-        "deployment_configs": {
-          "preview": {
-            "env_vars": {
-              "BUILD_VERSION": {
-                "value": "1.2"
-              },
-              "ENV": {
-                "value": "preview"
-              },
-			  "API_KEY": {
-				"value": "",
-				"type": "secret_text"
-			  }
-            },
-			"compatibility_date": "2022-08-15",
-			"compatibility_flags": ["preview_flag"]
-          },
-          "production": {
-            "env_vars": {
-              "BUILD_VERSION": {
-                "value": "1.2"
-              },
-              "ENV": {
-                "value": "production"
-              },
-			  "API_KEY": {
-				"value": "",
-				"type": "secret_text"
-			  }
-            },
-			"d1_databases": {
-				"D1_BINDING": {
-					"id": "a94509c6-0757-43f3-b053-474b0ab10935"
-				}
-			},
-			"kv_namespaces": {
-				"KV_BINDING": {
-				  "namespace_id": "5eb63bbbe01eeed093cb22bb8f5acdc3"
-				}
-			},
-		  	"durable_object_namespaces": {
-				"DO_BINDING": {
-			  		"namespace_id": "5eb63bbbe01eeed093cb22bb8f5acdc3"
-				}
-		  	},
-			"r2_buckets": {
-				"R2_BINDING": {
-					"name": "some-bucket"
-				}
-			},
-			"services": {
-				"SERVICE_BINDING": {
-					"service": "some-worker",
-					"environment": "production"
-				}
-			},
-			"compatibility_date": "2022-08-15",
-			"compatibility_flags": ["production_flag"],
-			"fail_open": false,
-			"always_use_latest_compatibility_date": false,
-			"usage_model": "bundled",
-			"placement": {
-				"mode": "smart"
-			}
-          }
-        },
-        "latest_deployment": {
-          "id": "c35216d1-ebac-1a3a-d56c-ad74e54e5",
-          "short_id": "c35216d1",
-          "project_id": "5a321fc7-3162-7d36-adce-1213996a7",
-          "project_name": "pages-test",
-          "environment": "preview",
-		  "production_branch": "main",
-          "url": "https://c35216d1.pages-test.pages.dev",
-          "created_on": "2021-03-09T00:55:03.923456Z",
-          "modified_on": "2021-03-09T00:58:59.045655Z",
-          "aliases": [
-            "https://branchname.pages-test.pages.dev"
-          ],
-          "latest_stage": {
-            "name": "deploy",
-            "started_on": "2021-03-09T00:55:03.923456Z",
-            "ended_on": "2021-03-09T00:58:59.045655Z",
-            "status": "success"
-          },
-          "env_vars": {
-            "BUILD_VERSION": {
-              "value": "1.2"
-            },
-            "ENV": {
-              "value": "STAGING"
-            },
-			"API_KEY": {
-			  "value": "",
-			  "type": "secret_text"
-			}
-          },
-		  "placement": {
-			"mode": "smart"
-		  },
-		  "compatibility_date": "2022-08-15",
-		  "compatibility_flags": ["deployment_flag"],
-		  "fail_open": false,
-		  "always_use_latest_compatibility_date": false,
-		  "usage_model": "bundled",
-          "deployment_trigger": {
-            "type": "ad_hoc",
-            "metadata": {
-              "branch": "main",
-              "commit_hash": "fa26be19de6bff93f70bc2308434e4a440bbad02",
-              "commit_message": "Update index.html"
-            }
-          },
-          "stages": [
-            {
-              "name": "queued",
-              "started_on": "2021-06-03T15:38:15.608194Z",
-              "ended_on": "2021-06-03T15:39:03.134378Z",
-              "status": "active"
-            },
-            {
-              "name": "test_stage_1",
-              "started_on": null,
-              "ended_on": null,
-              "status": "idle"
-            }
-          ],
-          "build_config": {
-            "build_caching": true,
-            "build_command": "npm run build",
-            "destination_dir": "build",
-            "root_dir": "/",
-            "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
-            "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
-          },
-          "source": {
-            "type": "github",
-            "config": {
-              "owner": "cloudflare",
-              "repo_name": "pages-test",
-              "production_branch": "main",
-              "pr_comments_enabled": true,
-              "deployments_enabled": true,
-			  "preview_deployment_setting": "custom",
-			  "preview_branch_includes": [
-				"release/*",
-				"production",
-				"main"
-			  ],
-			  "preview_branch_excludes": [
-				"dependabot/*",
-				"dev",
-				"*/ignore"
-			  ]
-            }
-          }
-        },
-        "canonical_deployment": {
-          "id": "c35216d1-ebac-1a3a-d56c-ad74e54e5",
-          "short_id": "c35216d1",
-          "project_id": "5a321fc7-3162-7d36-adce-1213996a7",
-          "project_name": "pages-test",
-          "environment": "preview",
-          "url": "https://c35216d1.pages-test.pages.dev",
-          "created_on": "2021-03-09T00:55:03.923456Z",
-          "modified_on": "2021-03-09T00:58:59.045655Z",
-		  "production_branch": "main",
-          "aliases": [
-            "https://branchname.pages-test.pages.dev"
-          ],
-          "latest_stage": {
-            "name": "deploy",
-            "started_on": "2021-03-09T00:55:03.923456Z",
-            "ended_on": "2021-03-09T00:58:59.045655Z",
-            "status": "success"
-          },
-          "env_vars": {
-            "BUILD_VERSION": {
-              "value": "1.2"
-            },
-            "ENV": {
-              "value": "STAGING"
-            },
-			"API_KEY": {
-			  "value": "",
-			  "type": "secret_text"
-			}
-          },
-		  "placement": {
-			"mode": "smart"
-		  },
-		  "compatibility_date": "2022-08-15",
-		  "compatibility_flags": ["deployment_flag"],
-		  "fail_open": false,
-		  "always_use_latest_compatibility_date": false,
-		  "build_image_major_version": 1,
-		  "usage_model": "bundled",
-          "deployment_trigger": {
-            "type": "ad_hoc",
-            "metadata": {
-              "branch": "main",
-              "commit_hash": "fa26be19de6bff93f70bc2308434e4a440bbad02",
-              "commit_message": "Update index.html"
-            }
-          },
-          "stages": [
-            {
-              "name": "queued",
-              "started_on": "2021-06-03T15:38:15.608194Z",
-              "ended_on": "2021-06-03T15:39:03.134378Z",
-              "status": "active"
-            },
-            {
-              "name": "test_stage_1",
-              "started_on": null,
-              "ended_on": null,
-              "status": "idle"
-            }
-          ],
-          "build_config": {
-            "build_caching": true,
-            "build_command": "npm run build",
-            "destination_dir": "build",
-            "root_dir": "/",
-            "web_analytics_tag": "0ee1d926cd60d2618a108d4232a75b73",
-            "web_analytics_token": "c05bb382259183db3a0a822b64c11459"
-          },
-          "source": {
-            "type": "github",
-            "config": {
-              "owner": "cloudflare",
-              "repo_name": "pages-test",
-              "production_branch": "main",
-              "pr_comments_enabled": true,
-              "deployments_enabled": true,
-			  "preview_deployment_setting": "custom",
-			  "preview_branch_includes": [
-				"release/*",
-				"production",
-				"main"
-			  ],
-			  "preview_branch_excludes": [
-				"dependabot/*",
-				"dev",
-				"*/ignore"
-			  ]
-            }
-          }
-        }
-      }`
-)
-
-var (
-	pagesProjectCreatedOn, _ = time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
-
-	expectedPagesProject = &PagesProject{
-		SubDomain: "test.pages.dev",
-		Name:      "Test Pages Project",
-		Domains: []string{
-			"testdomain.com",
-			"testdomain.org",
-		},
-		CanonicalDeployment: *expectedPagesProjectDeployment,
-		BuildConfig:         *expectedPagesProjectBuildConfig,
-		CreatedOn:           &pagesProjectCreatedOn,
-		DeploymentConfigs:   *expectedPagesProjectDeploymentConfigs,
-		Source:              expectedPagesProjectSource,
-		ID:                  "5a321fc7-3162-7d36-adce-1213996a7",
-		LatestDeployment:    *expectedPagesProjectDeployment,
-		ProductionBranch:    "main",
-	}
-
-	deploymentCreatedOn, _  = time.Parse(time.RFC3339, "2021-03-09T00:55:03.923456Z")
-	deploymentModifiedOn, _ = time.Parse(time.RFC3339, "2021-03-09T00:58:59.045655Z")
-
-	expectedPagesProjectDeployment = &PagesProjectDeployment{
-		ID:          "c35216d1-ebac-1a3a-d56c-ad74e54e5",
-		ShortID:     "c35216d1",
-		ProjectID:   "5a321fc7-3162-7d36-adce-1213996a7",
-		ProjectName: "pages-test",
-		Environment: "preview",
-		URL:         "https://c35216d1.pages-test.pages.dev",
-		CreatedOn:   &deploymentCreatedOn,
-		ModifiedOn:  &deploymentModifiedOn,
-		Aliases: []string{
-			"https://branchname.pages-test.pages.dev",
-		},
-		LatestStage: *expectedPagesProjectLatestDeploymentStage,
-		EnvVars: EnvironmentVariableMap{
-			"BUILD_VERSION": &EnvironmentVariable{
-				Value: "1.2",
-			},
-			"ENV": &EnvironmentVariable{
-				Value: "STAGING",
-			},
-			"API_KEY": &EnvironmentVariable{
-				Value: "",
-				Type:  SecretText,
-			},
-		},
-		Placement: &Placement{
-			Mode: PlacementModeSmart,
-		},
-		CompatibilityFlags: []string{"deployment_flag"},
-		CompatibilityDate:  "2022-08-15",
-		UsageModel:         Bundled,
-		DeploymentTrigger:  *expectedPagesProjectDeploymentTrigger,
-		Stages:             expectedStages,
-		BuildConfig:        *expectedPagesProjectBuildConfig,
-		Source:             *expectedPagesProjectSource,
-		ProductionBranch:   "main",
-	}
-
-	latestDeploymentStageStartedOn, _ = time.Parse(time.RFC3339, "2021-03-09T00:55:03.923456Z")
-	latestDeploymentStageEndedOn, _   = time.Parse(time.RFC3339, "2021-03-09T00:58:59.045655Z")
-
-	expectedPagesProjectLatestDeploymentStage = &PagesProjectDeploymentStage{
-		Name:      "deploy",
-		StartedOn: &latestDeploymentStageStartedOn,
-		EndedOn:   &latestDeploymentStageEndedOn,
-		Status:    "success",
-	}
-
-	expectedPagesProjectDeploymentTrigger = &PagesProjectDeploymentTrigger{
-		Type:     "ad_hoc",
-		Metadata: expectedPagesProjectDeploymentTriggerMetadata,
-	}
-
-	expectedPagesProjectDeploymentTriggerMetadata = &PagesProjectDeploymentTriggerMetadata{
-		Branch:        "main",
-		CommitHash:    "fa26be19de6bff93f70bc2308434e4a440bbad02",
-		CommitMessage: "Update index.html",
-	}
-
-	queuedStageStartedOn, _ = time.Parse(time.RFC3339, "2021-06-03T15:38:15.608194Z")
-	queuedStageEndedOn, _   = time.Parse(time.RFC3339, "2021-06-03T15:39:03.134378Z")
-
-	expectedStages = []PagesProjectDeploymentStage{
-		{
-			Name:      "queued",
-			StartedOn: &queuedStageStartedOn,
-			EndedOn:   &queuedStageEndedOn,
-			Status:    "active",
-		},
-		{
-			Name:   "test_stage_1",
-			Status: "idle",
-		},
-	}
-
-	expectedPagesProjectBuildConfig = &PagesProjectBuildConfig{
-		BuildCaching:      BoolPtr(true),
-		BuildCommand:      "npm run build",
-		DestinationDir:    "build",
-		RootDir:           "/",
-		WebAnalyticsTag:   "0ee1d926cd60d2618a108d4232a75b73",
-		WebAnalyticsToken: "c05bb382259183db3a0a822b64c11459",
-	}
-
-	expectedPagesProjectDeploymentConfigs = &PagesProjectDeploymentConfigs{
-		Preview:    *expectedPagesProjectDeploymentConfigPreview,
-		Production: *expectedPagesProjectDeploymentConfigProduction,
-	}
-
-	expectedPagesProjectDeploymentConfigPreview = &PagesProjectDeploymentConfigEnvironment{
-		EnvVars: EnvironmentVariableMap{
-			"BUILD_VERSION": &EnvironmentVariable{
-				Value: "1.2",
-			},
-			"ENV": &EnvironmentVariable{
-				Value: "preview",
-			},
-			"API_KEY": &EnvironmentVariable{
-				Value: "",
-				Type:  SecretText,
-			},
-		},
-		CompatibilityDate:  "2022-08-15",
-		CompatibilityFlags: []string{"preview_flag"},
-	}
-
-	expectedPagesProjectDeploymentConfigProduction = &PagesProjectDeploymentConfigEnvironment{
-		EnvVars: EnvironmentVariableMap{
-			"BUILD_VERSION": &EnvironmentVariable{
-				Value: "1.2",
-			},
-			"ENV": &EnvironmentVariable{
-				Value: "production",
-			},
-			"API_KEY": &EnvironmentVariable{
-				Value: "",
-				Type:  SecretText,
-			},
-		},
-		KvNamespaces: NamespaceBindingMap{
-			"KV_BINDING": &NamespaceBindingValue{Value: "5eb63bbbe01eeed093cb22bb8f5acdc3"},
-		},
-		D1Databases: D1BindingMap{
-			"D1_BINDING": &D1Binding{ID: "a94509c6-0757-43f3-b053-474b0ab10935"},
-		},
-		DoNamespaces: NamespaceBindingMap{
-			"DO_BINDING": &NamespaceBindingValue{Value: "5eb63bbbe01eeed093cb22bb8f5acdc3"},
-		},
-		R2Bindings: R2BindingMap{
-			"R2_BINDING": &R2BindingValue{Name: "some-bucket"},
-		},
-		ServiceBindings: ServiceBindingMap{
-			"SERVICE_BINDING": &ServiceBinding{
-				Service:     "some-worker",
-				Environment: "production",
-			},
-		},
-		CompatibilityDate:                "2022-08-15",
-		CompatibilityFlags:               []string{"production_flag"},
-		FailOpen:                         false,
-		AlwaysUseLatestCompatibilityDate: false,
-		UsageModel:                       Bundled,
-		Placement: &Placement{
-			Mode: PlacementModeSmart,
-		},
-	}
-
-	expectedPagesProjectSource = &PagesProjectSource{
-		Type:   "github",
-		Config: expectedPagesProjectSourceConfig,
-	}
-
-	expectedPagesProjectSourceConfig = &PagesProjectSourceConfig{
-		Owner:                    "cloudflare",
-		RepoName:                 "pages-test",
-		ProductionBranch:         "main",
-		PRCommentsEnabled:        true,
-		DeploymentsEnabled:       true,
-		PreviewDeploymentSetting: PagesPreviewCustomBranches,
-		PreviewBranchIncludes:    []string{"release/*", "production", "main"},
-		PreviewBranchExcludes:    []string{"dependabot/*", "dev", "*/ignore"},
-	}
-)
-
-func TestListPagesProjects(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": [
-                %s
-            ],
-            "result_info": {
-                "page": 1,
-                "per_page": 100,
-                "count": 1,
-                "total_count": 1
-            }
-        }`, testPagesProjectResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects", handler)
-
-	expectedPagesProjects := []PagesProject{
-		*expectedPagesProject,
-	}
-	expectedResultInfo := ResultInfo{
-		Page:    1,
-		PerPage: 100,
-		Count:   1,
-		Total:   1,
-	}
-
-	_, _, err := client.ListPagesProjects(context.Background(), AccountIdentifier(""), ListPagesProjectsParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-
-	actual, resultInfo, err := client.ListPagesProjects(context.Background(), AccountIdentifier(testAccountID), ListPagesProjectsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedPagesProjects, actual)
-		assert.Equal(t, expectedResultInfo, resultInfo)
-	}
-}
-
-func TestPagesProject(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": %s
-        }`, testPagesProjectResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
-
-	_, err := client.GetPagesProject(context.Background(), AccountIdentifier(""), "Test Pages Project")
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-
-	actual, err := client.GetPagesProject(context.Background(), AccountIdentifier(testAccountID), "Test Pages Project")
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesProject, actual)
-	}
-}
-
-func TestCreatePagesProject(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": %s
-        }`, testPagesProjectResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects", handler)
-
-	params := &CreatePagesProjectParams{
-		SubDomain: "test.pages.dev",
-		Name:      "Test Pages Project",
-		Domains: []string{
-			"testdomain.com",
-			"testdomain.org",
-		},
-		CanonicalDeployment: *expectedPagesProjectDeployment,
-		BuildConfig:         *expectedPagesProjectBuildConfig,
-		DeploymentConfigs:   *expectedPagesProjectDeploymentConfigs,
-		Source:              expectedPagesProjectSource,
-		LatestDeployment:    *expectedPagesProjectDeployment,
-		ProductionBranch:    "main",
-	}
-	_, err := client.CreatePagesProject(context.Background(), AccountIdentifier(""), *params)
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-
-	actual, err := client.CreatePagesProject(context.Background(), AccountIdentifier(testAccountID), *params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, *expectedPagesProject, actual)
-	}
-}
-
-func TestUpdatePagesProject(t *testing.T) {
-	setup()
-	defer teardown()
-
-	updateAttributes := &UpdatePagesProjectParams{
-		ID:   "Test Pages Project",
-		Name: "updated-project-name",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": %s
-        }`, testPagesProjectResponse)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
-
-	_, err := client.UpdatePagesProject(context.Background(), AccountIdentifier(""), *updateAttributes)
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-
-	_, err = client.UpdatePagesProject(context.Background(), AccountIdentifier(testAccountID), *updateAttributes)
-
-	assert.NoError(t, err)
-}
-
-func TestDeletePagesProject(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-            "success": true,
-            "errors": [],
-            "messages": [],
-            "result": null
-        }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/pages/projects/Test Pages Project", handler)
-
-	err := client.DeletePagesProject(context.Background(), AccountIdentifier(""), "Test Pages Project")
-	if assert.Error(t, err) {
-		assert.Equal(t, err.Error(), errMissingAccountID)
-	}
-
-	err = client.DeletePagesProject(context.Background(), AccountIdentifier(testAccountID), "Test Pages Project")
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/pagination.go b/pkg/cloudflare-go/pagination.go
deleted file mode 100644
index db06ff8a33..0000000000
--- a/pkg/cloudflare-go/pagination.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package cloudflare
-
-import (
-	"math"
-)
-
-// Look first for total_pages, but if total_count and per_page are set then use that to get page count.
-func (p ResultInfo) getTotalPages() int {
-	totalPages := p.TotalPages
-	if totalPages == 0 && p.Total > 0 && p.PerPage > 0 {
-		totalPages = int(math.Ceil(float64(p.Total) / float64(p.PerPage)))
-	}
-	return totalPages
-}
-
-// Done returns true for the last page and false otherwise.
-func (p ResultInfo) Done() bool {
-	// A little hacky but if the response body is lacking a defined `ResultInfo`
-	// object the page will be 1 however the counts will be empty so if we have
-	// that response, we just assume this is the only page.
-	totalPages := p.getTotalPages()
-	if p.Page == 1 && totalPages == 0 {
-		return true
-	}
-
-	return p.Page > 1 && p.Page > totalPages
-}
-
-// Next advances the page of a paginated API response, but does not fetch the
-// next page of results.
-func (p ResultInfo) Next() ResultInfo {
-	// A little hacky but if the response body is lacking a defined `ResultInfo`
-	// object the page will be 1 however the counts will be empty so if we have
-	// that response, we just assume this is the only page.
-	totalPages := p.getTotalPages()
-	if p.Page == 1 && totalPages == 0 {
-		return p
-	}
-
-	// This shouldn't happen normally however, when it does just return the
-	// current page.
-	if p.Page > totalPages {
-		return p
-	}
-
-	p.Page++
-	return p
-}
-
-// HasMorePages returns whether there is another page of results after the
-// current one.
-func (p ResultInfo) HasMorePages() bool {
-	totalPages := p.getTotalPages()
-	if totalPages == 0 {
-		return false
-	}
-
-	return p.Page >= 1 && p.Page < totalPages
-}
diff --git a/pkg/cloudflare-go/pagination_test.go b/pkg/cloudflare-go/pagination_test.go
deleted file mode 100644
index 2a045c6370..0000000000
--- a/pkg/cloudflare-go/pagination_test.go
+++ /dev/null
@@ -1,130 +0,0 @@
-package cloudflare
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestPagination_Done(t *testing.T) {
-	testCases := map[string]struct {
-		r        ResultInfo
-		expected bool
-	}{
-		"missing ResultInfo pagination information": {
-			r:        ResultInfo{Page: 1},
-			expected: true,
-		},
-		"total pages greater than page": {
-			r:        ResultInfo{Page: 1, TotalPages: 2},
-			expected: false,
-		},
-		"total pages greater than page (alot)": {
-			r:        ResultInfo{Page: 1, TotalPages: 200},
-			expected: false,
-		},
-		// this should never happen
-		"total pages less than page": {
-			r:        ResultInfo{Page: 3, TotalPages: 1},
-			expected: true,
-		},
-		"total pages missing but done": {
-			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
-			expected: true,
-		},
-		"total pages missing and not done": {
-			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
-			expected: false,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			assert.Equal(t, tc.r.Done(), tc.expected)
-		})
-	}
-}
-
-func TestPagination_Next(t *testing.T) {
-	testCases := map[string]struct {
-		r        ResultInfo
-		expected ResultInfo
-	}{
-		"missing ResultInfo pagination information": {
-			r:        ResultInfo{Page: 1},
-			expected: ResultInfo{Page: 1},
-		},
-		"total pages greater than page": {
-			r:        ResultInfo{Page: 1, TotalPages: 3},
-			expected: ResultInfo{Page: 2, TotalPages: 3},
-		},
-		"total pages greater than page (alot)": {
-			r:        ResultInfo{Page: 1, TotalPages: 3000},
-			expected: ResultInfo{Page: 2, TotalPages: 3000},
-		},
-		// bug, this should never happen
-		"total pages less than page": {
-			r:        ResultInfo{Page: 3, TotalPages: 1},
-			expected: ResultInfo{Page: 3, TotalPages: 1},
-		},
-		"use per page and greater than page": {
-			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
-			expected: ResultInfo{Page: 4, Total: 70, PerPage: 25},
-		},
-		"use per page and less than page": {
-			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
-			expected: ResultInfo{Page: 2, Total: 70, PerPage: 25},
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			assert.Equal(t, tc.r.Next(), tc.expected)
-		})
-	}
-}
-
-func TestPagination_HasMorePages(t *testing.T) {
-	testCases := map[string]struct {
-		r        ResultInfo
-		expected bool
-	}{
-		"missing ResultInfo pagination information": {
-			r:        ResultInfo{Page: 1},
-			expected: false,
-		},
-		"total pages greater than page": {
-			r:        ResultInfo{Page: 1, TotalPages: 3},
-			expected: true,
-		},
-		"total pages greater than page (alot)": {
-			r:        ResultInfo{Page: 1, TotalPages: 3000},
-			expected: true,
-		},
-		// bug, this should never happen
-		"total pages less than page": {
-			r:        ResultInfo{Page: 3, TotalPages: 1},
-			expected: false,
-		},
-		"use per page and greater than page": {
-			r:        ResultInfo{Page: 4, Total: 70, PerPage: 25},
-			expected: false,
-		},
-		"use per page and less than page": {
-			r:        ResultInfo{Page: 1, Total: 70, PerPage: 25},
-			expected: true,
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			assert.Equal(t, tc.r.HasMorePages(), tc.expected)
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/per_hostname_tls_settings.go b/pkg/cloudflare-go/per_hostname_tls_settings.go
deleted file mode 100644
index 19c159819c..0000000000
--- a/pkg/cloudflare-go/per_hostname_tls_settings.go
+++ /dev/null
@@ -1,251 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// HostnameTLSSetting represents the metadata for a user-created tls setting.
-type HostnameTLSSetting struct {
-	Hostname  string     `json:"hostname"`
-	Value     string     `json:"value"`
-	Status    string     `json:"status"`
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-}
-
-// HostnameTLSSettingResponse represents the response from the PUT and DELETE endpoints for per-hostname tls settings.
-type HostnameTLSSettingResponse struct {
-	Response
-	Result HostnameTLSSetting `json:"result"`
-}
-
-// HostnameTLSSettingsResponse represents the response from the retrieval endpoint for per-hostname tls settings.
-type HostnameTLSSettingsResponse struct {
-	Response
-	Result     []HostnameTLSSetting `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// ListHostnameTLSSettingsParams represents the data related to per-hostname tls settings being retrieved.
-type ListHostnameTLSSettingsParams struct {
-	Setting           string `json:"-" url:"setting,omitempty"`
-	PaginationOptions `json:"-"`
-	Limit             int      `json:"-" url:"limit,omitempty"`
-	Offset            int      `json:"-" url:"offset,omitempty"`
-	Hostname          []string `json:"-" url:"hostname,omitempty"`
-}
-
-// UpdateHostnameTLSSettingParams represents the data related to the per-hostname tls setting being updated.
-type UpdateHostnameTLSSettingParams struct {
-	Setting  string
-	Hostname string
-	Value    string `json:"value"`
-}
-
-// DeleteHostnameTLSSettingParams represents the data related to the per-hostname tls setting being deleted.
-type DeleteHostnameTLSSettingParams struct {
-	Setting  string
-	Hostname string
-}
-
-var (
-	ErrMissingHostnameTLSSettingName = errors.New("tls setting name required but missing")
-)
-
-// ListHostnameTLSSettings returns a list of all user-created tls setting values for the specified setting and hostnames.
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-list
-func (api *API) ListHostnameTLSSettings(ctx context.Context, rc *ResourceContainer, params ListHostnameTLSSettingsParams) ([]HostnameTLSSetting, ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []HostnameTLSSetting{}, ResultInfo{}, ErrMissingZoneID
-	}
-	if params.Setting == "" {
-		return []HostnameTLSSetting{}, ResultInfo{}, ErrMissingHostnameTLSSettingName
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/hostnames/settings/%s", rc.Identifier, params.Setting), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []HostnameTLSSetting{}, ResultInfo{}, err
-	}
-	var r HostnameTLSSettingsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []HostnameTLSSetting{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, r.ResultInfo, err
-}
-
-// UpdateHostnameTLSSetting will update the per-hostname tls setting for the specified hostname.
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put
-func (api *API) UpdateHostnameTLSSetting(ctx context.Context, rc *ResourceContainer, params UpdateHostnameTLSSettingParams) (HostnameTLSSetting, error) {
-	if rc.Identifier == "" {
-		return HostnameTLSSetting{}, ErrMissingZoneID
-	}
-	if params.Setting == "" {
-		return HostnameTLSSetting{}, ErrMissingHostnameTLSSettingName
-	}
-	if params.Hostname == "" {
-		return HostnameTLSSetting{}, ErrMissingHostname
-	}
-
-	uri := fmt.Sprintf("/zones/%s/hostnames/settings/%s/%s", rc.Identifier, params.Setting, params.Hostname)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return HostnameTLSSetting{}, err
-	}
-	var r HostnameTLSSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return HostnameTLSSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteHostnameTLSSetting will delete the specified per-hostname tls setting.
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-delete
-func (api *API) DeleteHostnameTLSSetting(ctx context.Context, rc *ResourceContainer, params DeleteHostnameTLSSettingParams) (HostnameTLSSetting, error) {
-	if rc.Identifier == "" {
-		return HostnameTLSSetting{}, ErrMissingZoneID
-	}
-	if params.Setting == "" {
-		return HostnameTLSSetting{}, ErrMissingHostnameTLSSettingName
-	}
-	if params.Hostname == "" {
-		return HostnameTLSSetting{}, ErrMissingHostname
-	}
-
-	uri := fmt.Sprintf("/zones/%s/hostnames/settings/%s/%s", rc.Identifier, params.Setting, params.Hostname)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return HostnameTLSSetting{}, err
-	}
-	var r HostnameTLSSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return HostnameTLSSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// HostnameTLSSettingCiphers represents the metadata for a user-created ciphers tls setting.
-type HostnameTLSSettingCiphers struct {
-	Hostname  string     `json:"hostname"`
-	Value     []string   `json:"value"`
-	Status    string     `json:"status"`
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-}
-
-// HostnameTLSSettingCiphersResponse represents the response from the PUT and DELETE endpoints for per-hostname ciphers tls settings.
-type HostnameTLSSettingCiphersResponse struct {
-	Response
-	Result HostnameTLSSettingCiphers `json:"result"`
-}
-
-// HostnameTLSSettingsCiphersResponse represents the response from the retrieval endpoint for per-hostname ciphers tls settings.
-type HostnameTLSSettingsCiphersResponse struct {
-	Response
-	Result     []HostnameTLSSettingCiphers `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// ListHostnameTLSSettingsCiphersParams represents the data related to per-hostname ciphers tls settings being retrieved.
-type ListHostnameTLSSettingsCiphersParams struct {
-	PaginationOptions
-	Limit    int      `json:"-" url:"limit,omitempty"`
-	Offset   int      `json:"-" url:"offset,omitempty"`
-	Hostname []string `json:"-" url:"hostname,omitempty"`
-}
-
-// UpdateHostnameTLSSettingCiphersParams represents the data related to the per-hostname ciphers tls setting being updated.
-type UpdateHostnameTLSSettingCiphersParams struct {
-	Hostname string
-	Value    []string `json:"value"`
-}
-
-// DeleteHostnameTLSSettingCiphersParams represents the data related to the per-hostname ciphers tls setting being deleted.
-type DeleteHostnameTLSSettingCiphersParams struct {
-	Hostname string
-}
-
-// ListHostnameTLSSettingsCiphers returns a list of all user-created tls setting ciphers values for the specified setting and hostnames.
-// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-list
-func (api *API) ListHostnameTLSSettingsCiphers(ctx context.Context, rc *ResourceContainer, params ListHostnameTLSSettingsCiphersParams) ([]HostnameTLSSettingCiphers, ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []HostnameTLSSettingCiphers{}, ResultInfo{}, ErrMissingZoneID
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/hostnames/settings/ciphers", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []HostnameTLSSettingCiphers{}, ResultInfo{}, err
-	}
-	var r HostnameTLSSettingsCiphersResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []HostnameTLSSettingCiphers{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, r.ResultInfo, err
-}
-
-// UpdateHostnameTLSSettingCiphers will update the per-hostname ciphers tls setting for the specified hostname.
-// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-put
-func (api *API) UpdateHostnameTLSSettingCiphers(ctx context.Context, rc *ResourceContainer, params UpdateHostnameTLSSettingCiphersParams) (HostnameTLSSettingCiphers, error) {
-	if rc.Identifier == "" {
-		return HostnameTLSSettingCiphers{}, ErrMissingZoneID
-	}
-	if params.Hostname == "" {
-		return HostnameTLSSettingCiphers{}, ErrMissingHostname
-	}
-
-	uri := fmt.Sprintf("/zones/%s/hostnames/settings/ciphers/%s", rc.Identifier, params.Hostname)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return HostnameTLSSettingCiphers{}, err
-	}
-	var r HostnameTLSSettingCiphersResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return HostnameTLSSettingCiphers{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteHostnameTLSSettingCiphers will delete the specified per-hostname ciphers tls setting value.
-// Ciphers functions are separate due to the API returning a list of strings as the value, rather than a string (as is the case for the other tls settings).
-//
-// API reference: https://developers.cloudflare.com/api/operations/per-hostname-tls-settings-delete
-func (api *API) DeleteHostnameTLSSettingCiphers(ctx context.Context, rc *ResourceContainer, params DeleteHostnameTLSSettingCiphersParams) (HostnameTLSSettingCiphers, error) {
-	if rc.Identifier == "" {
-		return HostnameTLSSettingCiphers{}, ErrMissingZoneID
-	}
-	if params.Hostname == "" {
-		return HostnameTLSSettingCiphers{}, ErrMissingHostname
-	}
-
-	uri := fmt.Sprintf("/zones/%s/hostnames/settings/ciphers/%s", rc.Identifier, params.Hostname)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return HostnameTLSSettingCiphers{}, err
-	}
-	// Unmarshal into HostnameTLSSettingResponse first because the API returns an empty string
-	var r HostnameTLSSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return HostnameTLSSettingCiphers{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return HostnameTLSSettingCiphers{
-		Hostname:  r.Result.Hostname,
-		Value:     []string{},
-		Status:    r.Result.Status,
-		CreatedAt: r.Result.CreatedAt,
-		UpdatedAt: r.Result.UpdatedAt,
-	}, nil
-}
diff --git a/pkg/cloudflare-go/per_hostname_tls_settings_test.go b/pkg/cloudflare-go/per_hostname_tls_settings_test.go
deleted file mode 100644
index b857d2eb6f..0000000000
--- a/pkg/cloudflare-go/per_hostname_tls_settings_test.go
+++ /dev/null
@@ -1,273 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListHostnameTLSSettingsMinTLSVersion(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"hostname": "app.example.com",
-					"value": "1.2",
-					"status": "active",
-					"created_at": "2023-07-26T21:12:55.56942Z",
-					"updated_at": "2023-07-31T22:06:44.739794Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 50,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-	want := []HostnameTLSSetting{
-		{
-			Hostname:  "app.example.com",
-			Value:     "1.2",
-			Status:    "active",
-			CreatedAt: &createdAt,
-			UpdatedAt: &updatedAt,
-		},
-	}
-
-	actual, _, err := client.ListHostnameTLSSettings(context.Background(), ZoneIdentifier(testZoneID), ListHostnameTLSSettingsParams{Setting: "min_tls_version"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateHostnameTLSSettingMinTLSVersion(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"hostname": "app.example.com",
-				"value": "1.2",
-				"status": "active",
-				"created_at": "2023-07-26T21:12:55.56942Z",
-				"updated_at": "2023-07-31T22:06:44.739794Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version/app.example.com", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-
-	want := HostnameTLSSetting{
-		Hostname:  "app.example.com",
-		Value:     "1.2",
-		Status:    "active",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	params := UpdateHostnameTLSSettingParams{
-		Setting:  "min_tls_version",
-		Hostname: "app.example.com",
-		Value:    "1.2",
-	}
-	actual, err := client.UpdateHostnameTLSSetting(context.Background(), ZoneIdentifier(testZoneID), params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteHostnameTLSSettingMinTLSVersion(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"hostname": "app.example.com",
-				"value": "",
-				"status": "active",
-				"created_at": "2023-07-26T21:12:55.56942Z",
-				"updated_at": "2023-07-31T22:06:44.739794Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/min_tls_version/app.example.com", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-	want := HostnameTLSSetting{
-		Hostname:  "app.example.com",
-		Value:     "",
-		Status:    "active",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	actual, err := client.DeleteHostnameTLSSetting(context.Background(), ZoneIdentifier(testZoneID), DeleteHostnameTLSSettingParams{Setting: "min_tls_version", Hostname: "app.example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListHostnameTLSSettingsCiphers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"hostname": "app.example.com",
-					"value": [
-						"AES128-GCM-SHA256",
-						"ECDHE-RSA-AES128-GCM-SHA256"
-					],
-					"status": "active",
-					"created_at": "2023-07-26T21:12:55.56942Z",
-					"updated_at": "2023-07-31T22:06:44.739794Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 50,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-
-	want := []HostnameTLSSettingCiphers{
-		{
-			Hostname:  "app.example.com",
-			Value:     []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
-			Status:    "active",
-			CreatedAt: &createdAt,
-			UpdatedAt: &updatedAt,
-		},
-	}
-
-	actual, _, err := client.ListHostnameTLSSettingsCiphers(context.Background(), ZoneIdentifier(testZoneID), ListHostnameTLSSettingsCiphersParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateHostnameTLSSettingCiphers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"hostname": "app.example.com",
-				"value": [
-					"AES128-GCM-SHA256",
-					"ECDHE-RSA-AES128-GCM-SHA256"
-				],
-				"status": "active",
-				"created_at": "2023-07-26T21:12:55.56942Z",
-				"updated_at": "2023-07-31T22:06:44.739794Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers/app.example.com", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-
-	want := HostnameTLSSettingCiphers{
-		Hostname:  "app.example.com",
-		Value:     []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
-		Status:    "active",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	params := UpdateHostnameTLSSettingCiphersParams{
-		Hostname: "app.example.com",
-		Value:    []string{"AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256"},
-	}
-	actual, err := client.UpdateHostnameTLSSettingCiphers(context.Background(), ZoneIdentifier(testZoneID), params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteHostnameTLSSettingCiphers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"hostname": "app.example.com",
-				"value": "",
-				"status": "active",
-				"created_at": "2023-07-26T21:12:55.56942Z",
-				"updated_at": "2023-07-31T22:06:44.739794Z"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/hostnames/settings/ciphers/app.example.com", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-07-26T21:12:55.56942Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-07-31T22:06:44.739794Z")
-	want := HostnameTLSSettingCiphers{
-		Hostname:  "app.example.com",
-		Value:     []string{},
-		Status:    "active",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	actual, err := client.DeleteHostnameTLSSettingCiphers(context.Background(), ZoneIdentifier(testZoneID), DeleteHostnameTLSSettingCiphersParams{Hostname: "app.example.com"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/permission_group.go b/pkg/cloudflare-go/permission_group.go
deleted file mode 100644
index 9fa7aa315c..0000000000
--- a/pkg/cloudflare-go/permission_group.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type PermissionGroup struct {
-	ID          string            `json:"id"`
-	Name        string            `json:"name"`
-	Meta        map[string]string `json:"meta"`
-	Permissions []Permission      `json:"permissions"`
-}
-
-type Permission struct {
-	ID         string            `json:"id"`
-	Key        string            `json:"key"`
-	Attributes map[string]string `json:"attributes,omitempty"` // same as Meta in other structs
-}
-
-type PermissionGroupListResponse struct {
-	Success  bool              `json:"success"`
-	Errors   []string          `json:"errors"`
-	Messages []string          `json:"messages"`
-	Result   []PermissionGroup `json:"result"`
-}
-
-type PermissionGroupDetailResponse struct {
-	Success  bool            `json:"success"`
-	Errors   []string        `json:"errors"`
-	Messages []string        `json:"messages"`
-	Result   PermissionGroup `json:"result"`
-}
-
-type ListPermissionGroupParams struct {
-	Depth    int    `url:"depth,omitempty"`
-	RoleName string `url:"name,omitempty"`
-}
-
-const errMissingPermissionGroupID = "missing required permission group ID"
-
-var ErrMissingPermissionGroupID = errors.New(errMissingPermissionGroupID)
-
-// GetPermissionGroup returns a specific permission group from the API given
-// the account ID and permission group ID.
-func (api *API) GetPermissionGroup(ctx context.Context, rc *ResourceContainer, permissionGroupId string) (PermissionGroup, error) {
-	if rc.Level != AccountRouteLevel {
-		return PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return PermissionGroup{}, ErrMissingAccountID
-	}
-
-	if permissionGroupId == "" {
-		return PermissionGroup{}, ErrMissingPermissionGroupID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/iam/permission_groups/%s?depth=2", rc.Identifier, permissionGroupId)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return PermissionGroup{}, err
-	}
-
-	var permissionGroupResponse PermissionGroupDetailResponse
-	err = json.Unmarshal(res, &permissionGroupResponse)
-	if err != nil {
-		return PermissionGroup{}, err
-	}
-
-	return permissionGroupResponse.Result, nil
-}
-
-// ListPermissionGroups returns all valid permission groups for the provided
-// parameters.
-func (api *API) ListPermissionGroups(ctx context.Context, rc *ResourceContainer, params ListPermissionGroupParams) ([]PermissionGroup, error) {
-	if rc.Level != AccountRouteLevel {
-		return []PermissionGroup{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	params.Depth = 2
-	uri := buildURI(fmt.Sprintf("/accounts/%s/iam/permission_groups", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []PermissionGroup{}, err
-	}
-
-	var permissionGroupResponse PermissionGroupListResponse
-	err = json.Unmarshal(res, &permissionGroupResponse)
-	if err != nil {
-		return []PermissionGroup{}, err
-	}
-
-	return permissionGroupResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/permission_group_test.go b/pkg/cloudflare-go/permission_group_test.go
deleted file mode 100644
index d3520db9e3..0000000000
--- a/pkg/cloudflare-go/permission_group_test.go
+++ /dev/null
@@ -1,152 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var mockPermissionGroup = PermissionGroup{
-	ID:   "f08020434ba14a0bb46bd9ff52f23b04",
-	Name: "Fake Permission Group",
-	Meta: map[string]string{
-		"description": "Can represent a permission group",
-	},
-	Permissions: []Permission{{
-		ID:  "7d42552322884d19bb63ed7f69b5ac21",
-		Key: "com.cloudflare.api.account.fake.permission",
-		Attributes: map[string]string{
-			"legacy_name": "#fake:permission",
-		},
-	}},
-}
-
-func TestListPermissionGroup_ByName(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "result": [
-				{
-				  "id": "f08020434ba14a0bb46bd9ff52f23b04",
-				  "name": "Fake Permission Group",
-				  "status": "V",
-				  "meta": {
-					"description": "Can represent a permission group"
-				  },
-				  "created_on": "2022-08-29T16:58:29.745574Z",
-				  "modified_on": "2022-09-12T08:26:37.255907Z",
-				  "permissions": [
-					{
-					  "id": "7d42552322884d19bb63ed7f69b5ac21",
-					  "key": "com.cloudflare.api.account.fake.permission",
-					  "attributes": {
-						"legacy_name": "#fake:permission"
-					  }
-					}
-				  ]
-				}
-			  ],
-			  "success": true,
-			  "errors": [],
-			  "messages": []
-			}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups", handler)
-
-	result, err := client.ListPermissionGroups(context.Background(), AccountIdentifier(testAccountID), ListPermissionGroupParams{RoleName: "fake-permission-group-name"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, result, []PermissionGroup{mockPermissionGroup})
-	}
-}
-
-func TestGetPermissionGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"id": "f08020434ba14a0bb46bd9ff52f23b04",
-				"name": "Fake Permission Group",
-				"status": "V",
-				"meta": {
-					"description": "Can represent a permission group"
-				},
-				"created_on": "2022-08-29T16:58:29.745574Z",
-				"modified_on": "2022-09-12T08:26:37.255907Z",
-				"permissions": [
-					{
-						"id": "7d42552322884d19bb63ed7f69b5ac21",
-						"key": "com.cloudflare.api.account.fake.permission",
-						"attributes": {
-							"legacy_name": "#fake:permission"
-						}
-					}
-				]
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-			}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups/fake-permission-group-id", handler)
-
-	result, err := client.GetPermissionGroup(context.Background(), AccountIdentifier(testAccountID), "fake-permission-group-id")
-	if assert.NoError(t, err) {
-		assert.Equal(t, result, mockPermissionGroup)
-	}
-}
-
-func TestPermissionGroups(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "result": [
-				{
-				  "id": "f08020434ba14a0bb46bd9ff52f23b04",
-				  "name": "Fake Permission Group",
-				  "status": "V",
-				  "meta": {
-					"description": "Can represent a permission group"
-				  },
-				  "created_on": "2022-08-29T16:58:29.745574Z",
-				  "modified_on": "2022-09-12T08:26:37.255907Z",
-				  "permissions": [
-					{
-					  "id": "7d42552322884d19bb63ed7f69b5ac21",
-					  "key": "com.cloudflare.api.account.fake.permission",
-					  "attributes": {
-						"legacy_name": "#fake:permission"
-					  }
-					}
-				  ]
-				}
-			  ],
-			  "success": true,
-			  "errors": [],
-			  "messages": []
-			}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/iam/permission_groups", handler)
-
-	result, err := client.ListPermissionGroups(context.Background(), AccountIdentifier(testAccountID), ListPermissionGroupParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, result, []PermissionGroup{mockPermissionGroup})
-	}
-}
diff --git a/pkg/cloudflare-go/policy.go b/pkg/cloudflare-go/policy.go
deleted file mode 100644
index 8077241201..0000000000
--- a/pkg/cloudflare-go/policy.go
+++ /dev/null
@@ -1,8 +0,0 @@
-package cloudflare
-
-type Policy struct {
-	ID               string            `json:"id"`
-	PermissionGroups []PermissionGroup `json:"permission_groups"`
-	ResourceGroups   []ResourceGroup   `json:"resource_groups"`
-	Access           string            `json:"access"`
-}
diff --git a/pkg/cloudflare-go/queue.go b/pkg/cloudflare-go/queue.go
deleted file mode 100644
index 9f6d6e1213..0000000000
--- a/pkg/cloudflare-go/queue.go
+++ /dev/null
@@ -1,378 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingQueueName         = errors.New("required queue name is missing")
-	ErrMissingQueueConsumerName = errors.New("required queue consumer name is missing")
-)
-
-type Queue struct {
-	ID                  string          `json:"queue_id,omitempty"`
-	Name                string          `json:"queue_name,omitempty"`
-	CreatedOn           *time.Time      `json:"created_on,omitempty"`
-	ModifiedOn          *time.Time      `json:"modified_on,omitempty"`
-	ProducersTotalCount int             `json:"producers_total_count,omitempty"`
-	Producers           []QueueProducer `json:"producers,omitempty"`
-	ConsumersTotalCount int             `json:"consumers_total_count,omitempty"`
-	Consumers           []QueueConsumer `json:"consumers,omitempty"`
-}
-
-type QueueProducer struct {
-	Service     string `json:"service,omitempty"`
-	Environment string `json:"environment,omitempty"`
-}
-
-type QueueConsumer struct {
-	Name            string                `json:"-"`
-	Service         string                `json:"service,omitempty"`
-	ScriptName      string                `json:"script_name,omitempty"`
-	Environment     string                `json:"environment,omitempty"`
-	Settings        QueueConsumerSettings `json:"settings,omitempty"`
-	QueueName       string                `json:"queue_name,omitempty"`
-	CreatedOn       *time.Time            `json:"created_on,omitempty"`
-	DeadLetterQueue string                `json:"dead_letter_queue,omitempty"`
-}
-
-type QueueConsumerSettings struct {
-	BatchSize   int `json:"batch_size,omitempty"`
-	MaxRetires  int `json:"max_retries,omitempty"`
-	MaxWaitTime int `json:"max_wait_time_ms,omitempty"`
-}
-
-type QueueListResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []Queue `json:"result"`
-}
-
-type CreateQueueParams struct {
-	Name string `json:"queue_name"`
-}
-
-type QueueResponse struct {
-	Response
-	Result Queue `json:"result"`
-}
-
-type ListQueueConsumersResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []QueueConsumer `json:"result"`
-}
-
-type ListQueuesParams struct {
-	ResultInfo
-}
-
-type QueueConsumerResponse struct {
-	Response
-	Result QueueConsumer `json:"result"`
-}
-
-type UpdateQueueParams struct {
-	Name        string `json:"-"`
-	UpdatedName string `json:"queue_name,omitempty"`
-}
-
-type ListQueueConsumersParams struct {
-	QueueName string `url:"-"`
-	ResultInfo
-}
-
-type CreateQueueConsumerParams struct {
-	QueueName string `json:"-"`
-	Consumer  QueueConsumer
-}
-
-type UpdateQueueConsumerParams struct {
-	QueueName string `json:"-"`
-	Consumer  QueueConsumer
-}
-
-type DeleteQueueConsumerParams struct {
-	QueueName, ConsumerName string
-}
-
-// ListQueues returns the queues owned by an account.
-//
-// API reference: https://api.cloudflare.com/#queue-list-queues
-func (api *API) ListQueues(ctx context.Context, rc *ResourceContainer, params ListQueuesParams) ([]Queue, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []Queue{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var queues []Queue
-	var qResponse QueueListResponse
-	for {
-		qResponse = QueueListResponse{}
-		uri := buildURI(fmt.Sprintf("/accounts/%s/workers/queues", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []Queue{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &qResponse)
-		if err != nil {
-			return []Queue{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-		}
-
-		queues = append(queues, qResponse.Result...)
-		params.ResultInfo = qResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return queues, &qResponse.ResultInfo, nil
-}
-
-// CreateQueue creates a new queue.
-//
-// API reference: https://api.cloudflare.com/#queue-create-queue
-func (api *API) CreateQueue(ctx context.Context, rc *ResourceContainer, queue CreateQueueParams) (Queue, error) {
-	if rc.Identifier == "" {
-		return Queue{}, ErrMissingAccountID
-	}
-
-	if queue.Name == "" {
-		return Queue{}, ErrMissingQueueName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, queue)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueueResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteQueue deletes a queue.
-//
-// API reference: https://api.cloudflare.com/#queue-delete-queue
-func (api *API) DeleteQueue(ctx context.Context, rc *ResourceContainer, queueName string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-	if queueName == "" {
-		return ErrMissingQueueName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, queueName)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-	return nil
-}
-
-// GetQueue returns a single queue based on the name.
-//
-// API reference: https://api.cloudflare.com/#queue-get-queue
-func (api *API) GetQueue(ctx context.Context, rc *ResourceContainer, queueName string) (Queue, error) {
-	if rc.Identifier == "" {
-		return Queue{}, ErrMissingAccountID
-	}
-
-	if queueName == "" {
-		return Queue{}, ErrMissingQueueName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, queueName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueueResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateQueue updates a queue.
-//
-// API reference: https://api.cloudflare.com/#queue-update-queue
-func (api *API) UpdateQueue(ctx context.Context, rc *ResourceContainer, params UpdateQueueParams) (Queue, error) {
-	if rc.Identifier == "" {
-		return Queue{}, ErrMissingAccountID
-	}
-
-	if params.Name == "" || params.UpdatedName == "" {
-		return Queue{}, ErrMissingQueueName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s", rc.Identifier, params.Name)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueueResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Queue{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListQueueConsumers returns the consumers of a queue.
-//
-// API reference: https://api.cloudflare.com/#queue-list-queue-consumers
-func (api *API) ListQueueConsumers(ctx context.Context, rc *ResourceContainer, params ListQueueConsumersParams) ([]QueueConsumer, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []QueueConsumer{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	if params.QueueName == "" {
-		return []QueueConsumer{}, &ResultInfo{}, ErrMissingQueueName
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var queuesConsumers []QueueConsumer
-	var qResponse ListQueueConsumersResponse
-	for {
-		qResponse = ListQueueConsumersResponse{}
-		uri := buildURI(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", rc.Identifier, params.QueueName), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []QueueConsumer{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &qResponse)
-		if err != nil {
-			return []QueueConsumer{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal filters JSON data: %w", err)
-		}
-
-		queuesConsumers = append(queuesConsumers, qResponse.Result...)
-		params.ResultInfo = qResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return queuesConsumers, &qResponse.ResultInfo, nil
-}
-
-// CreateQueueConsumer creates a new consumer for a queue.
-//
-// API reference: https://api.cloudflare.com/#queue-create-queue-consumer
-func (api *API) CreateQueueConsumer(ctx context.Context, rc *ResourceContainer, params CreateQueueConsumerParams) (QueueConsumer, error) {
-	if rc.Identifier == "" {
-		return QueueConsumer{}, ErrMissingAccountID
-	}
-
-	if params.QueueName == "" {
-		return QueueConsumer{}, ErrMissingQueueName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", rc.Identifier, params.QueueName)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Consumer)
-	if err != nil {
-		return QueueConsumer{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueueConsumerResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return QueueConsumer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteQueueConsumer deletes the consumer for a queue..
-//
-// API reference: https://api.cloudflare.com/#queue-delete-queue-consumer
-func (api *API) DeleteQueueConsumer(ctx context.Context, rc *ResourceContainer, params DeleteQueueConsumerParams) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if params.QueueName == "" {
-		return ErrMissingQueueName
-	}
-
-	if params.ConsumerName == "" {
-		return ErrMissingQueueConsumerName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", rc.Identifier, params.QueueName, params.ConsumerName)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
-
-// UpdateQueueConsumer updates the consumer for a queue, or creates one if it does not exist..
-//
-// API reference: https://api.cloudflare.com/#queue-update-queue-consumer
-func (api *API) UpdateQueueConsumer(ctx context.Context, rc *ResourceContainer, params UpdateQueueConsumerParams) (QueueConsumer, error) {
-	if rc.Identifier == "" {
-		return QueueConsumer{}, ErrMissingAccountID
-	}
-
-	if params.QueueName == "" {
-		return QueueConsumer{}, ErrMissingQueueName
-	}
-
-	if params.Consumer.Name == "" {
-		return QueueConsumer{}, ErrMissingQueueConsumerName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", rc.Identifier, params.QueueName, params.Consumer.Name)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Consumer)
-	if err != nil {
-		return QueueConsumer{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r QueueConsumerResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return QueueConsumer{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/queue_test.go b/pkg/cloudflare-go/queue_test.go
deleted file mode 100644
index b175a7045d..0000000000
--- a/pkg/cloudflare-go/queue_test.go
+++ /dev/null
@@ -1,485 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testQueueID           = "6b7efc370ea34ded8327fa20698dfe3a"
-	testQueueName         = "example-queue"
-	testQueueConsumerName = "example-consumer"
-)
-
-func testQueue() Queue {
-	CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-	ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-	return Queue{
-		ID:                  testQueueID,
-		Name:                testQueueName,
-		CreatedOn:           &CreatedOn,
-		ModifiedOn:          &ModifiedOn,
-		ProducersTotalCount: 1,
-		Producers: []QueueProducer{
-			{
-				Service:     "example-producer",
-				Environment: "production",
-			},
-		},
-		ConsumersTotalCount: 1,
-		Consumers: []QueueConsumer{
-			{
-				Service:     "example-consumer",
-				Environment: "production",
-				Settings: QueueConsumerSettings{
-					BatchSize:   10,
-					MaxRetires:  3,
-					MaxWaitTime: 5000,
-				},
-			},
-		},
-	}
-}
-
-func testQueueConsumer() QueueConsumer {
-	CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-	return QueueConsumer{
-		Service:     "example-consumer",
-		Environment: "production",
-		Settings: QueueConsumerSettings{
-			BatchSize:   10,
-			MaxRetires:  3,
-			MaxWaitTime: 5000,
-		},
-		QueueName: testQueueName,
-		CreatedOn: &CreatedOn,
-	}
-}
-
-func TestQueue_List(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": null,
-  "messages": null,
-  "result": [
-    {
-      "queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
-      "queue_name": "example-queue",
-      "created_on": "2023-01-01T00:00:00Z",
-      "modified_on": "2023-01-01T00:00:00Z",
-      "producers_total_count": 1,
-      "producers": [
-        {
-          "service": "example-producer",
-          "environment": "production"
-        }
-      ],
-      "consumers_total_count": 1,
-      "consumers": [
-        {
-          "service": "example-consumer",
-          "environment": "production",
-          "settings": {
-            "batch_size": 10,
-            "max_retries": 3,
-            "max_wait_time_ms": 5000
-          }
-        }
-      ]
-    }
-  ],
-  "result_info": {
-    "page": 1,
-    "per_page": 100,
-    "count": 1,
-    "total_count": 1,
-    "total_pages": 1
-  }
-}`)
-	})
-
-	_, _, err := client.ListQueues(context.Background(), AccountIdentifier(""), ListQueuesParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	result, _, err := client.ListQueues(context.Background(), AccountIdentifier(testAccountID), ListQueuesParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(result))
-		assert.Equal(t, testQueue(), result[0])
-	}
-}
-
-func TestQueue_Create(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result": {
-			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
-			"queue_name": "example-queue",
-			"created_on": "2023-01-01T00:00:00Z",
-			"modified_on": "2023-01-01T00:00:00Z"
-		}
-	}`)
-	})
-	_, err := client.CreateQueue(context.Background(), AccountIdentifier(""), CreateQueueParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.CreateQueue(context.Background(), AccountIdentifier(testAccountID), CreateQueueParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-	results, err := client.CreateQueue(context.Background(), AccountIdentifier(testAccountID), CreateQueueParams{Name: "example-queue"})
-	if assert.NoError(t, err) {
-		CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-		ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-		createdQueue := Queue{
-			ID:         testQueueID,
-			Name:       testQueueName,
-			CreatedOn:  &CreatedOn,
-			ModifiedOn: &ModifiedOn,
-		}
-
-		assert.Equal(t, createdQueue, results)
-	}
-}
-
-func TestQueue_Delete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": null
-		}`)
-	})
-	err := client.DeleteQueue(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.DeleteQueue(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	err = client.DeleteQueue(context.Background(), AccountIdentifier(testAccountID), testQueueName)
-	assert.NoError(t, err)
-}
-
-func TestQueue_Get(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-		{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
-			"queue_name": "example-queue",
-			"created_on": "2023-01-01T00:00:00Z",
-			"modified_on": "2023-01-01T00:00:00Z",
-			"producers_total_count": 1,
-			"producers": [
-			  {
-				"service": "example-producer",
-				"environment": "production"
-			  }
-			],
-			"consumers_total_count": 1,
-			"consumers": [
-			  {
-				"service": "example-consumer",
-				"environment": "production",
-				"settings": {
-				  "batch_size": 10,
-				  "max_retries": 3,
-				  "max_wait_time_ms": 5000
-				}
-			  }
-			]
-		  }
-		}`)
-	})
-
-	_, err := client.GetQueue(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.GetQueue(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	result, err := client.GetQueue(context.Background(), AccountIdentifier(testAccountID), testQueueID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, testQueue(), result)
-	}
-}
-
-func TestQueue_Update(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result": {
-			"queue_id": "6b7efc370ea34ded8327fa20698dfe3a",
-			"queue_name": "renamed-example-queue",
-			"created_on": "2023-01-01T00:00:00Z",
-			"modified_on": "2023-01-01T00:00:00Z"
-		}
-	}`)
-	})
-	_, err := client.UpdateQueue(context.Background(), AccountIdentifier(""), UpdateQueueParams{Name: testQueueName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.UpdateQueue(context.Background(), AccountIdentifier(testAccountID), UpdateQueueParams{Name: testQueueName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	results, err := client.UpdateQueue(context.Background(), AccountIdentifier(testAccountID), UpdateQueueParams{Name: testQueueName, UpdatedName: "renamed-example-queue"})
-	if assert.NoError(t, err) {
-		CreatedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-		ModifiedOn, _ := time.Parse(time.RFC3339, "2023-01-01T00:00:00Z")
-		createdQueue := Queue{
-			ID:         testQueueID,
-			Name:       "renamed-example-queue",
-			CreatedOn:  &CreatedOn,
-			ModifiedOn: &ModifiedOn,
-		}
-
-		assert.Equal(t, createdQueue, results)
-	}
-}
-
-func TestQueue_ListConsumers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-	{
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result": [
-			{
-			  "service": "example-consumer",
-			  "environment": "production",
-			  "settings": {
-				"batch_size": 10,
-				"max_retries": 3,
-				"max_wait_time_ms": 5000
-			  },
-			  "queue_name": "example-queue",
-			  "created_on": "2023-01-01T00:00:00Z"
-			}
-		  ],
-		  "result_info": {
-			"page": 1,
-			"per_page": 100,
-			"count": 1,
-			"total_count": 1,
-			"total_pages": 1
-		  }
-		}`)
-	})
-
-	_, _, err := client.ListQueueConsumers(context.Background(), AccountIdentifier(""), ListQueueConsumersParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, _, err = client.ListQueueConsumers(context.Background(), AccountIdentifier(testAccountID), ListQueueConsumersParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	result, _, err := client.ListQueueConsumers(context.Background(), AccountIdentifier(testAccountID), ListQueueConsumersParams{QueueName: testQueueName})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(result))
-		assert.Equal(t, testQueueConsumer(), result[0])
-	}
-}
-
-func TestQueue_CreateConsumer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers", testAccountID, testQueueName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"service": "example-consumer",
-			"environment": "production",
-			"settings": {
-			  "batch_size": 10,
-			  "max_retries": 3,
-			  "max_wait_time_ms": 5000
-			},
-			"dead_letter_queue": "example-dlq",
-			"queue_name": "example-queue",
-			"created_on": "2023-01-01T00:00:00Z"
-		  }
-		}`)
-	})
-
-	_, err := client.CreateQueueConsumer(context.Background(), AccountIdentifier(""), CreateQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.CreateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), CreateQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	result, err := client.CreateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), CreateQueueConsumerParams{QueueName: testQueueName, Consumer: QueueConsumer{
-		Service:     "example-consumer",
-		Environment: "production",
-	}})
-	if assert.NoError(t, err) {
-		expectedQueueConsumer := testQueueConsumer()
-		expectedQueueConsumer.DeadLetterQueue = "example-dlq"
-		assert.Equal(t, expectedQueueConsumer, result)
-	}
-}
-
-func TestQueue_DeleteConsumer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", testAccountID, testQueueName, testQueueConsumerName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": null
-		}`)
-	})
-
-	err := client.DeleteQueueConsumer(context.Background(), AccountIdentifier(""), DeleteQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{QueueName: testQueueName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueConsumerName, err)
-	}
-
-	err = client.DeleteQueueConsumer(context.Background(), AccountIdentifier(testAccountID), DeleteQueueConsumerParams{QueueName: testQueueName, ConsumerName: testQueueConsumerName})
-	assert.NoError(t, err)
-}
-
-func TestQueue_UpdateConsumer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/queues/%s/consumers/%s", testAccountID, testQueueName, testQueueConsumerName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"service": "example-consumer",
-			"environment": "production",
-			"settings": {
-			  "batch_size": 10,
-			  "max_retries": 3,
-			  "max_wait_time_ms": 5000
-			},
-			"queue_name": "example-queue",
-			"created_on": "2023-01-01T00:00:00Z"
-		  }
-		}`)
-	})
-
-	_, err := client.UpdateQueueConsumer(context.Background(), AccountIdentifier(""), UpdateQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueName, err)
-	}
-
-	_, err = client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{QueueName: testQueueName})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingQueueConsumerName, err)
-	}
-
-	result, err := client.UpdateQueueConsumer(context.Background(), AccountIdentifier(testAccountID), UpdateQueueConsumerParams{QueueName: testQueueName, Consumer: QueueConsumer{
-		Name:        testQueueConsumerName,
-		Service:     "example-consumer",
-		Environment: "production",
-	}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, testQueueConsumer(), result)
-	}
-}
diff --git a/pkg/cloudflare-go/r2_bucket.go b/pkg/cloudflare-go/r2_bucket.go
deleted file mode 100644
index c9ce8fe0f8..0000000000
--- a/pkg/cloudflare-go/r2_bucket.go
+++ /dev/null
@@ -1,147 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingBucketName = errors.New("require bucket name missing")
-)
-
-// R2Bucket defines a container for objects stored in R2 Storage.
-type R2Bucket struct {
-	Name         string     `json:"name"`
-	CreationDate *time.Time `json:"creation_date,omitempty"`
-	Location     string     `json:"location,omitempty"`
-}
-
-// R2Buckets represents the map of buckets response from
-// the R2 buckets endpoint.
-type R2Buckets struct {
-	Buckets []R2Bucket `json:"buckets"`
-}
-
-// R2BucketListResponse represents the response from the list
-// R2 buckets endpoint.
-type R2BucketListResponse struct {
-	Result R2Buckets `json:"result"`
-	Response
-}
-
-type ListR2BucketsParams struct {
-	Name       string `url:"name_contains,omitempty"`
-	StartAfter string `url:"start_after,omitempty"`
-	PerPage    int64  `url:"per_page,omitempty"`
-	Order      string `url:"order,omitempty"`
-	Direction  string `url:"direction,omitempty"`
-	Cursor     string `url:"cursor,omitempty"`
-}
-
-type CreateR2BucketParameters struct {
-	Name         string `json:"name,omitempty"`
-	LocationHint string `json:"locationHint,omitempty"`
-}
-
-type R2BucketResponse struct {
-	Result R2Bucket `json:"result"`
-	Response
-}
-
-// ListR2Buckets Lists R2 buckets.
-func (api *API) ListR2Buckets(ctx context.Context, rc *ResourceContainer, params ListR2BucketsParams) ([]R2Bucket, error) {
-	if rc.Identifier == "" {
-		return []R2Bucket{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/r2/buckets", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []R2Bucket{}, err
-	}
-
-	var r2BucketListResponse R2BucketListResponse
-	err = json.Unmarshal(res, &r2BucketListResponse)
-	if err != nil {
-		return []R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r2BucketListResponse.Result.Buckets, nil
-}
-
-// CreateR2Bucket Creates a new R2 bucket.
-//
-// API reference: https://api.cloudflare.com/#r2-bucket-create-bucket
-func (api *API) CreateR2Bucket(ctx context.Context, rc *ResourceContainer, params CreateR2BucketParameters) (R2Bucket, error) {
-	if rc.Identifier == "" {
-		return R2Bucket{}, ErrMissingAccountID
-	}
-
-	if params.Name == "" {
-		return R2Bucket{}, ErrMissingBucketName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/r2/buckets", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return R2Bucket{}, err
-	}
-
-	var r2BucketResponse R2BucketResponse
-	err = json.Unmarshal(res, &r2BucketResponse)
-	if err != nil {
-		return R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r2BucketResponse.Result, nil
-}
-
-// GetR2Bucket Gets an existing R2 bucket.
-//
-// API reference: https://api.cloudflare.com/#r2-bucket-get-bucket
-func (api *API) GetR2Bucket(ctx context.Context, rc *ResourceContainer, bucketName string) (R2Bucket, error) {
-	if rc.Identifier == "" {
-		return R2Bucket{}, ErrMissingAccountID
-	}
-
-	if bucketName == "" {
-		return R2Bucket{}, ErrMissingBucketName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/r2/buckets/%s", rc.Identifier, bucketName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return R2Bucket{}, err
-	}
-
-	var r2BucketResponse R2BucketResponse
-	err = json.Unmarshal(res, &r2BucketResponse)
-	if err != nil {
-		return R2Bucket{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r2BucketResponse.Result, nil
-}
-
-// DeleteR2Bucket Deletes an existing R2 bucket.
-//
-// API reference: https://api.cloudflare.com/#r2-bucket-delete-bucket
-func (api *API) DeleteR2Bucket(ctx context.Context, rc *ResourceContainer, bucketName string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if bucketName == "" {
-		return ErrMissingBucketName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/r2/buckets/%s", rc.Identifier, bucketName)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	return err
-}
diff --git a/pkg/cloudflare-go/r2_bucket_test.go b/pkg/cloudflare-go/r2_bucket_test.go
deleted file mode 100644
index ac9b2f9607..0000000000
--- a/pkg/cloudflare-go/r2_bucket_test.go
+++ /dev/null
@@ -1,160 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testBucketName = "example-bucket"
-
-func TestR2_ListBuckets(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-	"buckets": [
-		{
-			"name": "example-bucket",
-			"creation_date": "2022-06-24T19:58:49.477Z"
-		}
-	]
-  }
-}`)
-	})
-	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
-	want := []R2Bucket{
-		{
-			Name:         "example-bucket",
-			CreationDate: &createDate,
-		},
-	}
-	actual, err := client.ListR2Buckets(context.Background(), AccountIdentifier(testAccountID), ListR2BucketsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestR2_GetBucket(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets/%s", testAccountID, testBucketName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-			"name": "example-bucket",
-			"creation_date": "2022-06-24T19:58:49.477Z",
-			"location": "ENAM"
-	}
-}`)
-	})
-
-	_, err := client.GetR2Bucket(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.GetR2Bucket(context.Background(), AccountIdentifier(testAccountID), "")
-
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingBucketName, err)
-	}
-
-	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
-	want := R2Bucket{
-		Name:         testBucketName,
-		CreationDate: &createDate,
-		Location:     "ENAM",
-	}
-
-	actual, err := client.GetR2Bucket(context.Background(), AccountIdentifier(testAccountID), testBucketName)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestR2_CreateBucket(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-			"name": "example-bucket",
-			"creation_date": "2022-06-24T19:58:49.477Z",
-			"location": "ENAM"
-	}
-}`)
-	})
-
-	_, err := client.CreateR2Bucket(context.Background(), AccountIdentifier(""), CreateR2BucketParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.CreateR2Bucket(context.Background(), AccountIdentifier(testAccountID), CreateR2BucketParameters{Name: ""})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingBucketName, err)
-	}
-	createDate, _ := time.Parse(time.RFC3339, "2022-06-24T19:58:49.477Z")
-	want := R2Bucket{
-		Name:         testBucketName,
-		CreationDate: &createDate,
-		Location:     "ENAM",
-	}
-
-	actual, err := client.CreateR2Bucket(context.Background(), AccountIdentifier(testAccountID), CreateR2BucketParameters{Name: testBucketName, LocationHint: "ENAM"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestR2_DeleteBucket(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/r2/buckets/%s", testAccountID, testBucketName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {}
-}`)
-	})
-
-	err := client.DeleteR2Bucket(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.DeleteR2Bucket(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingBucketName, err)
-	}
-
-	err = client.DeleteR2Bucket(context.Background(), AccountIdentifier(testAccountID), "example-bucket")
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/rate_limiting.go b/pkg/cloudflare-go/rate_limiting.go
deleted file mode 100644
index 1a9f5cb44e..0000000000
--- a/pkg/cloudflare-go/rate_limiting.go
+++ /dev/null
@@ -1,199 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// RateLimit is a policy than can be applied to limit traffic within a customer domain.
-type RateLimit struct {
-	ID          string                  `json:"id,omitempty"`
-	Disabled    bool                    `json:"disabled,omitempty"`
-	Description string                  `json:"description,omitempty"`
-	Match       RateLimitTrafficMatcher `json:"match"`
-	Bypass      []RateLimitKeyValue     `json:"bypass,omitempty"`
-	Threshold   int                     `json:"threshold"`
-	Period      int                     `json:"period"`
-	Action      RateLimitAction         `json:"action"`
-	Correlate   *RateLimitCorrelate     `json:"correlate,omitempty"`
-}
-
-// RateLimitTrafficMatcher contains the rules that will be used to apply a rate limit to traffic.
-type RateLimitTrafficMatcher struct {
-	Request  RateLimitRequestMatcher  `json:"request"`
-	Response RateLimitResponseMatcher `json:"response"`
-}
-
-// RateLimitRequestMatcher contains the matching rules pertaining to requests.
-type RateLimitRequestMatcher struct {
-	Methods    []string `json:"methods,omitempty"`
-	Schemes    []string `json:"schemes,omitempty"`
-	URLPattern string   `json:"url,omitempty"`
-}
-
-// RateLimitResponseMatcher contains the matching rules pertaining to responses.
-type RateLimitResponseMatcher struct {
-	Statuses      []int                            `json:"status,omitempty"`
-	OriginTraffic *bool                            `json:"origin_traffic,omitempty"` // api defaults to true so we need an explicit empty value
-	Headers       []RateLimitResponseMatcherHeader `json:"headers,omitempty"`
-}
-
-// RateLimitResponseMatcherHeader contains the structure of the origin
-// HTTP headers used in request matcher checks.
-type RateLimitResponseMatcherHeader struct {
-	Name  string `json:"name"`
-	Op    string `json:"op"`
-	Value string `json:"value"`
-}
-
-// RateLimitKeyValue is k-v formatted as expected in the rate limit description.
-type RateLimitKeyValue struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-}
-
-// RateLimitAction is the action that will be taken when the rate limit threshold is reached.
-type RateLimitAction struct {
-	Mode     string                   `json:"mode"`
-	Timeout  int                      `json:"timeout"`
-	Response *RateLimitActionResponse `json:"response"`
-}
-
-// RateLimitActionResponse is the response that will be returned when rate limit action is triggered.
-type RateLimitActionResponse struct {
-	ContentType string `json:"content_type"`
-	Body        string `json:"body"`
-}
-
-// RateLimitCorrelate pertainings to NAT support.
-type RateLimitCorrelate struct {
-	By string `json:"by"`
-}
-
-type rateLimitResponse struct {
-	Response
-	Result RateLimit `json:"result"`
-}
-
-type rateLimitListResponse struct {
-	Response
-	Result     []RateLimit `json:"result"`
-	ResultInfo ResultInfo  `json:"result_info"`
-}
-
-// CreateRateLimit creates a new rate limit for a zone.
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-create-a-ratelimit
-func (api *API) CreateRateLimit(ctx context.Context, zoneID string, limit RateLimit) (RateLimit, error) {
-	uri := fmt.Sprintf("/zones/%s/rate_limits", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, limit)
-	if err != nil {
-		return RateLimit{}, err
-	}
-	var r rateLimitResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListRateLimits returns Rate Limits for a zone, paginated according to the provided options
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-list-rate-limits
-func (api *API) ListRateLimits(ctx context.Context, zoneID string, pageOpts PaginationOptions) ([]RateLimit, ResultInfo, error) {
-	uri := buildURI(fmt.Sprintf("/zones/%s/rate_limits", zoneID), pageOpts)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []RateLimit{}, ResultInfo{}, err
-	}
-
-	var r rateLimitListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []RateLimit{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, r.ResultInfo, nil
-}
-
-// ListAllRateLimits returns all Rate Limits for a zone.
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-list-rate-limits
-func (api *API) ListAllRateLimits(ctx context.Context, zoneID string) ([]RateLimit, error) {
-	pageOpts := PaginationOptions{
-		PerPage: 100, // this is the max page size allowed
-		Page:    1,
-	}
-
-	allRateLimits := make([]RateLimit, 0)
-	for {
-		rateLimits, resultInfo, err := api.ListRateLimits(ctx, zoneID, pageOpts)
-		if err != nil {
-			return []RateLimit{}, err
-		}
-		allRateLimits = append(allRateLimits, rateLimits...)
-		// total pages is not returned on this call
-		// if number of records is less than the max, this must be the last page
-		// in case TotalCount % PerPage = 0, the last request will return an empty list
-		if resultInfo.Count < resultInfo.PerPage {
-			break
-		}
-		// continue with the next page
-		pageOpts.Page = pageOpts.Page + 1
-	}
-
-	return allRateLimits, nil
-}
-
-// RateLimit fetches detail about one Rate Limit for a zone.
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-rate-limit-details
-func (api *API) RateLimit(ctx context.Context, zoneID, limitID string) (RateLimit, error) {
-	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return RateLimit{}, err
-	}
-	var r rateLimitResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateRateLimit lets you replace a Rate Limit for a zone.
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-update-rate-limit
-func (api *API) UpdateRateLimit(ctx context.Context, zoneID, limitID string, limit RateLimit) (RateLimit, error) {
-	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, limit)
-	if err != nil {
-		return RateLimit{}, err
-	}
-	var r rateLimitResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return RateLimit{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteRateLimit deletes a Rate Limit for a zone.
-//
-// API reference: https://api.cloudflare.com/#rate-limits-for-a-zone-delete-rate-limit
-func (api *API) DeleteRateLimit(ctx context.Context, zoneID, limitID string) error {
-	uri := fmt.Sprintf("/zones/%s/rate_limits/%s", zoneID, limitID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r rateLimitResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/rate_limiting_example_test.go b/pkg/cloudflare-go/rate_limiting_example_test.go
deleted file mode 100644
index a894d8b4e2..0000000000
--- a/pkg/cloudflare-go/rate_limiting_example_test.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-var exampleNewRateLimit = cloudflare.RateLimit{
-	Description: "test",
-	Match: cloudflare.RateLimitTrafficMatcher{
-		Request: cloudflare.RateLimitRequestMatcher{
-			URLPattern: "exampledomain.com/test-rate-limit",
-		},
-	},
-	Threshold: 0,
-	Period:    0,
-	Action: cloudflare.RateLimitAction{
-		Mode:    "ban",
-		Timeout: 60,
-	},
-	Correlate: &cloudflare.RateLimitCorrelate{
-		By: "nat",
-	},
-}
-
-func ExampleAPI_CreateRateLimit() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	rateLimit, err := api.CreateRateLimit(context.Background(), zoneID, exampleNewRateLimit)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", rateLimit)
-}
-
-func ExampleAPI_ListRateLimits() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	pageOpts := cloudflare.PaginationOptions{
-		PerPage: 5,
-		Page:    1,
-	}
-	rateLimits, _, err := api.ListRateLimits(context.Background(), zoneID, pageOpts)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", rateLimits)
-	for _, r := range rateLimits {
-		fmt.Printf("%+v\n", r)
-	}
-}
-
-func ExampleAPI_RateLimit() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	rateLimits, err := api.RateLimit(context.Background(), zoneID, "my_rate_limit_id")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", rateLimits)
-}
-
-func ExampleAPI_DeleteRateLimit() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName(domain)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	err = api.DeleteRateLimit(context.Background(), zoneID, "my_rate_limit_id")
-	if err != nil {
-		log.Fatal(err)
-	}
-}
diff --git a/pkg/cloudflare-go/rate_limiting_test.go b/pkg/cloudflare-go/rate_limiting_test.go
deleted file mode 100644
index 9af0650c60..0000000000
--- a/pkg/cloudflare-go/rate_limiting_test.go
+++ /dev/null
@@ -1,361 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	rateLimitID                = "72dae2fc158942f2adb1dd2a3d4143bc"
-	serverRateLimitDescription = `{
-	"id": "72dae2fc158942f2adb1dd2a3d4143bc",
-	"disabled": false,
-	"description": "test",
-	"match": {
-	"request": {
-	  "methods": [
-		"_ALL_"
-	  ],
-	  "schemes": [
-		"_ALL_"
-	  ],
-	  "url": "exampledomain.com/test-rate-limit"
-	},
-	"response": {
-	  "origin_traffic": true
-	}
-	},
-	"login_protect": false,
-	"threshold": 50,
-	"period": 1,
-	"action": {
-		"mode": "ban",
-		"timeout": 60
-	},
-	"correlate": {
-		"by": "nat"
-	}
-}
-`
-)
-
-var expectedOriginTraffic = true
-var expectedRateLimitStruct = RateLimit{
-	ID:          "72dae2fc158942f2adb1dd2a3d4143bc",
-	Disabled:    false,
-	Description: "test",
-	Match: RateLimitTrafficMatcher{
-		Request: RateLimitRequestMatcher{
-			Methods:    []string{"_ALL_"},
-			Schemes:    []string{"_ALL_"},
-			URLPattern: "exampledomain.com/test-rate-limit",
-		},
-		Response: RateLimitResponseMatcher{
-			OriginTraffic: &expectedOriginTraffic,
-		},
-	},
-	Threshold: 50,
-	Period:    1,
-	Action: RateLimitAction{
-		Mode:    "ban",
-		Timeout: 60,
-	},
-	Correlate: &RateLimitCorrelate{
-		By: "nat",
-	},
-}
-
-func TestListRateLimits(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 1,
-			"per_page": 25,
-			"count": 1,
-			"total_count": 1
-		  }
-		}
-		`, serverRateLimitDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
-	want := []RateLimit{expectedRateLimitStruct}
-
-	actual, _, err := client.ListRateLimits(context.Background(), testZoneID, PaginationOptions{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListRateLimitsWithPageOpts(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 1,
-			"per_page": 25,
-			"count": 1,
-			"total_count": 1
-		  }
-		}
-		`, serverRateLimitDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
-	want := []RateLimit{expectedRateLimitStruct}
-
-	pageOpts := PaginationOptions{
-		PerPage: 50,
-	}
-	actual, _, err := client.ListRateLimits(context.Background(), testZoneID, pageOpts)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListAllRateLimitsDoesPagination(t *testing.T) {
-	setup()
-	defer teardown()
-
-	oneHundredRateLimitRecords := strings.Repeat(serverRateLimitDescription+",", 99) + serverRateLimitDescription
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		if r.URL.Query().Get("page") == "1" {
-			fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 1,
-			"per_page": 100,
-			"count": 100,
-			"total_count": 101
-		  }
-		}
-		`, oneHundredRateLimitRecords)
-		} else if r.URL.Query().Get("page") == "2" {
-			fmt.Fprintf(w, `{
-		  "result": [
-			%s
-		  ],
-		  "success": true,
-		  "errors": null,
-		  "messages": null,
-		  "result_info": {
-			"page": 2,
-			"per_page": 100,
-			"count": 1,
-			"total_count": 101
-		  }
-		}
-		`, serverRateLimitDescription)
-		}
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
-	want := make([]RateLimit, 101)
-	for i := range want {
-		want[i] = expectedRateLimitStruct
-	}
-
-	actual, err := client.ListAllRateLimits(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetRateLimit(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, serverRateLimitDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
-	want := expectedRateLimitStruct
-
-	actual, err := client.RateLimit(context.Background(), testZoneID, rateLimitID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateRateLimit(t *testing.T) {
-	setup()
-	defer teardown()
-	newRateLimit := RateLimit{
-		Description: "test",
-		Match: RateLimitTrafficMatcher{
-			Request: RateLimitRequestMatcher{
-				URLPattern: "exampledomain.com/test-rate-limit",
-			},
-		},
-		Period:    1,
-		Threshold: 50,
-		Action: RateLimitAction{
-			Mode:    "ban",
-			Timeout: 60,
-		},
-		Correlate: &RateLimitCorrelate{
-			By: "nat",
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, serverRateLimitDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
-	want := expectedRateLimitStruct
-
-	actual, err := client.CreateRateLimit(context.Background(), testZoneID, newRateLimit)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateRateLimitWithZeroedThreshold(t *testing.T) {
-	setup()
-	defer teardown()
-	newRateLimit := RateLimit{
-		Description: "test",
-		Match: RateLimitTrafficMatcher{
-			Request: RateLimitRequestMatcher{
-				URLPattern: "exampledomain.com/test-rate-limit",
-			},
-		},
-		Period:    0, // 0 is the default values if int fields are not set
-		Threshold: 0,
-		Action: RateLimitAction{
-			Mode:    "ban",
-			Timeout: 60,
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.WriteHeader(400)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": false,
-		  "errors": [{ "message": "ratelimit.api.validation_error:threshold is too low and must be at least 2,sample_rate is too low and must be at least 1 second" } ],
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits", handler)
-
-	actual, err := client.CreateRateLimit(context.Background(), testZoneID, newRateLimit)
-	assert.Error(t, err)
-	assert.Equal(t, RateLimit{}, actual)
-}
-
-func TestUpdateRateLimit(t *testing.T) {
-	setup()
-	defer teardown()
-	newRateLimit := RateLimit{
-		Description: "test-2",
-		Match: RateLimitTrafficMatcher{
-			Request: RateLimitRequestMatcher{
-				URLPattern: "exampledomain.com/test-rate-limit-2",
-			},
-		},
-		Period:    2,
-		Threshold: 100,
-		Action: RateLimitAction{
-			Mode:    "ban",
-			Timeout: 600,
-		},
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": %s,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`, serverRateLimitDescription)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
-	want := expectedRateLimitStruct
-
-	actual, err := client.UpdateRateLimit(context.Background(), testZoneID, rateLimitID, newRateLimit)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteRateLimit(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-		  "result": null,
-		  "success": true,
-		  "errors": null,
-		  "messages": null
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/rate_limits/"+rateLimitID, handler)
-
-	err := client.DeleteRateLimit(context.Background(), testZoneID, rateLimitID)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/regional_hostnames.go b/pkg/cloudflare-go/regional_hostnames.go
deleted file mode 100644
index 51227709a1..0000000000
--- a/pkg/cloudflare-go/regional_hostnames.go
+++ /dev/null
@@ -1,191 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type Region struct {
-	Key   string `json:"key"`
-	Label string `json:"label"`
-}
-
-type RegionalHostname struct {
-	Hostname  string     `json:"hostname"`
-	RegionKey string     `json:"region_key"`
-	CreatedOn *time.Time `json:"created_on,omitempty"`
-}
-
-// regionalHostnameResponse contains an API Response from a Create, Get, Update, or Delete call.
-type regionalHostnameResponse struct {
-	Response
-	Result RegionalHostname `json:"result"`
-}
-
-type ListDataLocalizationRegionsParams struct{}
-type ListDataLocalizationRegionalHostnamesParams struct{}
-
-type CreateDataLocalizationRegionalHostnameParams struct {
-	Hostname  string `json:"hostname"`
-	RegionKey string `json:"region_key"`
-}
-
-type UpdateDataLocalizationRegionalHostnameParams struct {
-	Hostname  string `json:"-"`
-	RegionKey string `json:"region_key"`
-}
-
-// ListDataLocalizationRegions lists all available regions.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) ListDataLocalizationRegions(ctx context.Context, rc *ResourceContainer, params ListDataLocalizationRegionsParams) ([]Region, error) {
-	if rc.Level != AccountRouteLevel {
-		return []Region{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return []Region{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/addressing/regional_hostnames/regions", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Region{}, err
-	}
-	result := struct {
-		Result []Region `json:"result"`
-	}{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []Region{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result.Result, nil
-}
-
-// ListDataLocalizationRegionalHostnames lists all regional hostnames for a zone.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) ListDataLocalizationRegionalHostnames(ctx context.Context, rc *ResourceContainer, params ListDataLocalizationRegionalHostnamesParams) ([]RegionalHostname, error) {
-	if rc.Level != ZoneRouteLevel {
-		return []RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return []RegionalHostname{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []RegionalHostname{}, err
-	}
-	result := struct {
-		Result []RegionalHostname `json:"result"`
-	}{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result.Result, nil
-}
-
-// CreateDataLocalizationRegionalHostname lists all regional hostnames for a zone.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) CreateDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, params CreateDataLocalizationRegionalHostnameParams) (RegionalHostname, error) {
-	if rc.Level != ZoneRouteLevel {
-		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return RegionalHostname{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return RegionalHostname{}, err
-	}
-	result := regionalHostnameResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result.Result, nil
-}
-
-// GetDataLocalizationRegionalHostname returns the details of a specific regional hostname.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) GetDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, hostname string) (RegionalHostname, error) {
-	if rc.Level != ZoneRouteLevel {
-		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return RegionalHostname{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, hostname)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return RegionalHostname{}, err
-	}
-
-	result := regionalHostnameResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result.Result, nil
-}
-
-// UpdateDataLocalizationRegionalHostname returns the details of a specific regional hostname.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) UpdateDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, params UpdateDataLocalizationRegionalHostnameParams) (RegionalHostname, error) {
-	if rc.Level != ZoneRouteLevel {
-		return RegionalHostname{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return RegionalHostname{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, params.Hostname)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return RegionalHostname{}, err
-	}
-	result := regionalHostnameResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return RegionalHostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result.Result, nil
-}
-
-// DeleteDataLocalizationRegionalHostname deletes a regional hostname.
-//
-// API reference: https://developers.cloudflare.com/data-localization/regional-services/get-started/#configure-regional-services-via-api
-func (api *API) DeleteDataLocalizationRegionalHostname(ctx context.Context, rc *ResourceContainer, hostname string) error {
-	if rc.Level != ZoneRouteLevel {
-		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/addressing/regional_hostnames/%s", rc.Identifier, hostname)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/regional_hostnames_test.go b/pkg/cloudflare-go/regional_hostnames_test.go
deleted file mode 100644
index 0391d3ccbc..0000000000
--- a/pkg/cloudflare-go/regional_hostnames_test.go
+++ /dev/null
@@ -1,219 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const regionalHostname = "eu.example.com"
-
-func TestListRegions(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [
-				{
-				  "key": "ca",
-				  "label": "Canada"
-				},
-				{
-				  "key": "eu",
-				  "label": "Europe"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/addressing/regional_hostnames/regions", handler)
-
-	want := []Region{
-		{
-			Key:   "ca",
-			Label: "Canada",
-		},
-		{
-			Key:   "eu",
-			Label: "Europe",
-		},
-	}
-
-	actual, err := client.ListDataLocalizationRegions(context.Background(), AccountIdentifier(testAccountID), ListDataLocalizationRegionsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListRegionalHostnames(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": [
-			{
-			  "hostname": "%s",
-			  "region_key": "ca",
-			  "created_on": "2023-01-14T00:47:57.060267Z"
-			}
-		  ],
-		  "success": true,
-		  "errors": [],
-		  "messages": []
-		}`, regionalHostname)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
-	want := []RegionalHostname{
-		{
-			Hostname:  regionalHostname,
-			RegionKey: "ca",
-			CreatedOn: &createdOn,
-		},
-	}
-
-	actual, err := client.ListDataLocalizationRegionalHostnames(context.Background(), ZoneIdentifier(testZoneID), ListDataLocalizationRegionalHostnamesParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateRegionalHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": {
-			  "hostname": "%s",
-			  "region_key": "ca",
-			  "created_on": "2023-01-14T00:47:57.060267Z"
-		  },
-		  "success": true,
-		  "errors": [],
-		  "messages": []
-		}`, regionalHostname)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames", handler)
-
-	params := CreateDataLocalizationRegionalHostnameParams{
-		RegionKey: "ca",
-		Hostname:  regionalHostname,
-	}
-
-	want := RegionalHostname{
-		RegionKey: "ca",
-		Hostname:  regionalHostname,
-	}
-
-	actual, err := client.CreateDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), params)
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
-	want.CreatedOn = &createdOn
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetRegionalHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": {
-			  "hostname": "%s",
-			  "region_key": "ca",
-			  "created_on": "2023-01-14T00:47:57.060267Z"
-		  },
-		  "success": true,
-		  "errors": [],
-		  "messages": []
-		}`, regionalHostname)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
-
-	actual, err := client.GetDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), regionalHostname)
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
-	want := RegionalHostname{
-		RegionKey: "ca",
-		Hostname:  regionalHostname,
-		CreatedOn: &createdOn,
-	}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateRegionalHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "result": {
-			  "hostname": "%s",
-			  "region_key": "eu",
-			  "created_on": "2023-01-14T00:47:57.060267Z"
-		  },
-		  "success": true,
-		  "errors": [],
-		  "messages": []
-		}`, regionalHostname)
-	}
-
-	params := UpdateDataLocalizationRegionalHostnameParams{
-		RegionKey: "eu",
-		Hostname:  regionalHostname,
-	}
-
-	want := RegionalHostname{
-		RegionKey: "eu",
-		Hostname:  regionalHostname,
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
-
-	actual, err := client.UpdateDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), params)
-	createdOn, _ := time.Parse(time.RFC3339, "2023-01-14T00:47:57.060267Z")
-	want.CreatedOn = &createdOn
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteRegionalHostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/addressing/regional_hostnames/"+regionalHostname, handler)
-
-	err := client.DeleteDataLocalizationRegionalHostname(context.Background(), ZoneIdentifier(testZoneID), regionalHostname)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/regional_tiered_cache.go b/pkg/cloudflare-go/regional_tiered_cache.go
deleted file mode 100644
index eb3254be2b..0000000000
--- a/pkg/cloudflare-go/regional_tiered_cache.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// RegionalTieredCache is the structure of the API object for the regional tiered cache
-// setting.
-type RegionalTieredCache struct {
-	ID         string    `json:"id,omitempty"`
-	ModifiedOn time.Time `json:"modified_on,omitempty"`
-	Value      string    `json:"value"`
-}
-
-// RegionalTieredCacheDetailsResponse is the API response for the regional tiered cache
-// setting.
-type RegionalTieredCacheDetailsResponse struct {
-	Result RegionalTieredCache `json:"result"`
-	Response
-}
-
-type zoneRegionalTieredCacheSingleResponse struct {
-	Response
-	Result RegionalTieredCache `json:"result"`
-}
-
-type GetRegionalTieredCacheParams struct{}
-
-type UpdateRegionalTieredCacheParams struct {
-	Value string `json:"value"`
-}
-
-// GetRegionalTieredCache returns information about the current regional tiered
-// cache settings.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-get-regional-tiered-cache-setting
-func (api *API) GetRegionalTieredCache(ctx context.Context, rc *ResourceContainer, params GetRegionalTieredCacheParams) (RegionalTieredCache, error) {
-	if rc.Level != ZoneRouteLevel {
-		return RegionalTieredCache{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/cache/regional_tiered_cache", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return RegionalTieredCache{}, err
-	}
-
-	var RegionalTieredCacheDetailsResponse RegionalTieredCacheDetailsResponse
-	err = json.Unmarshal(res, &RegionalTieredCacheDetailsResponse)
-	if err != nil {
-		return RegionalTieredCache{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return RegionalTieredCacheDetailsResponse.Result, nil
-}
-
-// UpdateRegionalTieredCache updates the regional tiered cache setting for a
-// zone.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zone-cache-settings-change-regional-tiered-cache-setting
-func (api *API) UpdateRegionalTieredCache(ctx context.Context, rc *ResourceContainer, params UpdateRegionalTieredCacheParams) (RegionalTieredCache, error) {
-	if rc.Level != ZoneRouteLevel {
-		return RegionalTieredCache{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/%s/%s/cache/regional_tiered_cache", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return RegionalTieredCache{}, err
-	}
-
-	response := &zoneRegionalTieredCacheSingleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return RegionalTieredCache{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/regional_tiered_cache_test.go b/pkg/cloudflare-go/regional_tiered_cache_test.go
deleted file mode 100644
index df74f3bfe2..0000000000
--- a/pkg/cloudflare-go/regional_tiered_cache_test.go
+++ /dev/null
@@ -1,90 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var regionalTieredCacheTimestampString = "2019-02-20T22:37:07.107449Z"
-var regionalTieredCacheTimestamp, _ = time.Parse(time.RFC3339Nano, regionalTieredCacheTimestampString)
-
-func TestRegionalTieredCache(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "regional_tiered_cache",
-				"value": "on",
-				"modified_on": "%s"
-			}
-		}
-		`, regionalTieredCacheTimestampString)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/cache/regional_tiered_cache", handler)
-	want := RegionalTieredCache{
-		ID:         "regional_tiered_cache",
-		Value:      "on",
-		ModifiedOn: regionalTieredCacheTimestamp,
-	}
-
-	actual, err := client.GetRegionalTieredCache(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		GetRegionalTieredCacheParams{},
-	)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateRegionalTieredCache(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "regional_tiered_cache",
-				"value": "off",
-				"modified_on": "%s"
-			}
-		}
-		`, regionalTieredCacheTimestampString)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/cache/regional_tiered_cache", handler)
-	want := RegionalTieredCache{
-		ID:         "regional_tiered_cache",
-		Value:      "off",
-		ModifiedOn: regionalTieredCacheTimestamp,
-	}
-
-	actual, err := client.UpdateRegionalTieredCache(
-		context.Background(),
-		ZoneIdentifier(testZoneID),
-		UpdateRegionalTieredCacheParams{Value: "off"},
-	)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/registrar.go b/pkg/cloudflare-go/registrar.go
deleted file mode 100644
index 68144ac4a1..0000000000
--- a/pkg/cloudflare-go/registrar.go
+++ /dev/null
@@ -1,176 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// RegistrarDomain is the structure of the API response for a new
-// Cloudflare Registrar domain.
-type RegistrarDomain struct {
-	ID                string              `json:"id"`
-	Available         bool                `json:"available"`
-	SupportedTLD      bool                `json:"supported_tld"`
-	CanRegister       bool                `json:"can_register"`
-	TransferIn        RegistrarTransferIn `json:"transfer_in"`
-	CurrentRegistrar  string              `json:"current_registrar"`
-	ExpiresAt         time.Time           `json:"expires_at"`
-	RegistryStatuses  string              `json:"registry_statuses"`
-	Locked            bool                `json:"locked"`
-	CreatedAt         time.Time           `json:"created_at"`
-	UpdatedAt         time.Time           `json:"updated_at"`
-	RegistrantContact RegistrantContact   `json:"registrant_contact"`
-}
-
-// RegistrarTransferIn contains the structure for a domain transfer in
-// request.
-type RegistrarTransferIn struct {
-	UnlockDomain      string `json:"unlock_domain"`
-	DisablePrivacy    string `json:"disable_privacy"`
-	EnterAuthCode     string `json:"enter_auth_code"`
-	ApproveTransfer   string `json:"approve_transfer"`
-	AcceptFoa         string `json:"accept_foa"`
-	CanCancelTransfer bool   `json:"can_cancel_transfer"`
-}
-
-// RegistrantContact is the contact details for the domain registration.
-type RegistrantContact struct {
-	ID           string `json:"id"`
-	FirstName    string `json:"first_name"`
-	LastName     string `json:"last_name"`
-	Organization string `json:"organization"`
-	Address      string `json:"address"`
-	Address2     string `json:"address2"`
-	City         string `json:"city"`
-	State        string `json:"state"`
-	Zip          string `json:"zip"`
-	Country      string `json:"country"`
-	Phone        string `json:"phone"`
-	Email        string `json:"email"`
-	Fax          string `json:"fax"`
-}
-
-// RegistrarDomainConfiguration is the structure for making updates to
-// and existing domain.
-type RegistrarDomainConfiguration struct {
-	NameServers []string `json:"name_servers"`
-	Privacy     bool     `json:"privacy"`
-	Locked      bool     `json:"locked"`
-	AutoRenew   bool     `json:"auto_renew"`
-}
-
-// RegistrarDomainDetailResponse is the structure of the detailed
-// response from the API for a single domain.
-type RegistrarDomainDetailResponse struct {
-	Response
-	Result RegistrarDomain `json:"result"`
-}
-
-// RegistrarDomainsDetailResponse is the structure of the detailed
-// response from the API.
-type RegistrarDomainsDetailResponse struct {
-	Response
-	Result []RegistrarDomain `json:"result"`
-}
-
-// RegistrarDomain returns a single domain based on the account ID and
-// domain name.
-//
-// API reference: https://api.cloudflare.com/#registrar-domains-get-domain
-func (api *API) RegistrarDomain(ctx context.Context, accountID, domainName string) (RegistrarDomain, error) {
-	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s", accountID, domainName)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return RegistrarDomain{}, err
-	}
-
-	var r RegistrarDomainDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// RegistrarDomains returns all registrar domains based on the account
-// ID.
-//
-// API reference: https://api.cloudflare.com/#registrar-domains-list-domains
-func (api *API) RegistrarDomains(ctx context.Context, accountID string) ([]RegistrarDomain, error) {
-	uri := fmt.Sprintf("/accounts/%s/registrar/domains", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []RegistrarDomain{}, err
-	}
-
-	var r RegistrarDomainsDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// TransferRegistrarDomain initiates the transfer from another registrar
-// to Cloudflare Registrar.
-//
-// API reference: https://api.cloudflare.com/#registrar-domains-transfer-domain
-func (api *API) TransferRegistrarDomain(ctx context.Context, accountID, domainName string) ([]RegistrarDomain, error) {
-	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s/transfer", accountID, domainName)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return []RegistrarDomain{}, err
-	}
-
-	var r RegistrarDomainsDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CancelRegistrarDomainTransfer cancels a pending domain transfer.
-//
-// API reference: https://api.cloudflare.com/#registrar-domains-cancel-transfer
-func (api *API) CancelRegistrarDomainTransfer(ctx context.Context, accountID, domainName string) ([]RegistrarDomain, error) {
-	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s/cancel_transfer", accountID, domainName)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return []RegistrarDomain{}, err
-	}
-
-	var r RegistrarDomainsDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateRegistrarDomain updates an existing Registrar Domain configuration.
-//
-// API reference: https://api.cloudflare.com/#registrar-domains-update-domain
-func (api *API) UpdateRegistrarDomain(ctx context.Context, accountID, domainName string, domainConfiguration RegistrarDomainConfiguration) (RegistrarDomain, error) {
-	uri := fmt.Sprintf("/accounts/%s/registrar/domains/%s", accountID, domainName)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domainConfiguration)
-	if err != nil {
-		return RegistrarDomain{}, err
-	}
-
-	var r RegistrarDomainDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return RegistrarDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/registrar_example_test.go b/pkg/cloudflare-go/registrar_example_test.go
deleted file mode 100644
index 5e6229bc01..0000000000
--- a/pkg/cloudflare-go/registrar_example_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_RegistrarDomain() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	domain, err := api.RegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", domain)
-}
-
-func ExampleAPI_RegistrarDomains() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	domains, err := api.RegistrarDomains(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", domains)
-}
-
-func ExampleAPI_TransferRegistrarDomain() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	domain, err := api.TransferRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", domain)
-}
-
-func ExampleAPI_CancelRegistrarDomainTransfer() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	domains, err := api.CancelRegistrarDomainTransfer(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", domains)
-}
-
-func ExampleAPI_UpdateRegistrarDomain() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	domain, err := api.UpdateRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com", cloudflare.RegistrarDomainConfiguration{
-		NameServers: []string{"ns1.cloudflare.com", "ns2.cloudflare.com"},
-		Locked:      false,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", domain)
-}
diff --git a/pkg/cloudflare-go/registrar_test.go b/pkg/cloudflare-go/registrar_test.go
deleted file mode 100644
index 98590ac45a..0000000000
--- a/pkg/cloudflare-go/registrar_test.go
+++ /dev/null
@@ -1,375 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	createdAndModifiedTimestamp, _ = time.Parse(time.RFC3339, "2018-08-28T17:26:26Z")
-	expiresAtTimestamp, _          = time.Parse(time.RFC3339, "2019-08-28T23:59:59Z")
-	expectedRegistrarTransferIn    = RegistrarTransferIn{
-		UnlockDomain:      "ok",
-		DisablePrivacy:    "ok",
-		EnterAuthCode:     "needed",
-		ApproveTransfer:   "unknown",
-		AcceptFoa:         "needed",
-		CanCancelTransfer: true,
-	}
-	expectedRegistrarContact = RegistrantContact{
-		ID:           "ea95132c15732412d22c1476fa83f27a",
-		FirstName:    "John",
-		LastName:     "Appleseed",
-		Organization: "Cloudflare, Inc.",
-		Address:      "123 Sesame St.",
-		Address2:     "Suite 430",
-		City:         "Austin",
-		State:        "TX",
-		Zip:          "12345",
-		Country:      "US",
-		Phone:        "+1 123-123-1234",
-		Email:        "user@example.com",
-		Fax:          "123-867-5309",
-	}
-	expectedRegistrarDomain = RegistrarDomain{
-		ID:                "ea95132c15732412d22c1476fa83f27a",
-		Available:         false,
-		SupportedTLD:      true,
-		CanRegister:       false,
-		TransferIn:        expectedRegistrarTransferIn,
-		CurrentRegistrar:  "Cloudflare",
-		ExpiresAt:         expiresAtTimestamp,
-		RegistryStatuses:  "ok,serverTransferProhibited",
-		Locked:            false,
-		CreatedAt:         createdAndModifiedTimestamp,
-		UpdatedAt:         createdAndModifiedTimestamp,
-		RegistrantContact: expectedRegistrarContact,
-	}
-)
-
-func TestRegistrarDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ea95132c15732412d22c1476fa83f27a",
-				"available": false,
-				"supported_tld": true,
-				"can_register": false,
-				"transfer_in": {
-					"unlock_domain": "ok",
-					"disable_privacy": "ok",
-					"enter_auth_code": "needed",
-					"approve_transfer": "unknown",
-					"accept_foa": "needed",
-					"can_cancel_transfer": true
-				},
-				"current_registrar": "Cloudflare",
-				"expires_at": "2019-08-28T23:59:59Z",
-				"registry_statuses": "ok,serverTransferProhibited",
-				"locked": false,
-				"created_at": "2018-08-28T17:26:26Z",
-				"updated_at": "2018-08-28T17:26:26Z",
-				"registrant_contact": {
-					"id": "ea95132c15732412d22c1476fa83f27a",
-					"first_name": "John",
-					"last_name": "Appleseed",
-					"organization": "Cloudflare, Inc.",
-					"address": "123 Sesame St.",
-					"address2": "Suite 430",
-					"city": "Austin",
-					"state": "TX",
-					"zip": "12345",
-					"country": "US",
-					"phone": "+1 123-123-1234",
-					"email": "user@example.com",
-					"fax": "123-867-5309"
-				}
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com", handler)
-
-	actual, err := client.RegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedRegistrarDomain, actual)
-	}
-}
-
-func TestRegistrarDomains(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "ea95132c15732412d22c1476fa83f27a",
-					"available": false,
-					"supported_tld": true,
-					"can_register": false,
-					"transfer_in": {
-						"unlock_domain": "ok",
-						"disable_privacy": "ok",
-						"enter_auth_code": "needed",
-						"approve_transfer": "unknown",
-						"accept_foa": "needed",
-						"can_cancel_transfer": true
-					},
-					"current_registrar": "Cloudflare",
-					"expires_at": "2019-08-28T23:59:59Z",
-					"registry_statuses": "ok,serverTransferProhibited",
-					"locked": false,
-					"created_at": "2018-08-28T17:26:26Z",
-					"updated_at": "2018-08-28T17:26:26Z",
-					"registrant_contact": {
-						"id": "ea95132c15732412d22c1476fa83f27a",
-						"first_name": "John",
-						"last_name": "Appleseed",
-						"organization": "Cloudflare, Inc.",
-						"address": "123 Sesame St.",
-						"address2": "Suite 430",
-						"city": "Austin",
-						"state": "TX",
-						"zip": "12345",
-						"country": "US",
-						"phone": "+1 123-123-1234",
-						"email": "user@example.com",
-						"fax": "123-867-5309"
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains", handler)
-
-	actual, err := client.RegistrarDomains(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
-	}
-}
-
-func TestTransferRegistrarDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "ea95132c15732412d22c1476fa83f27a",
-					"available": false,
-					"supported_tld": true,
-					"can_register": false,
-					"transfer_in": {
-						"unlock_domain": "ok",
-						"disable_privacy": "ok",
-						"enter_auth_code": "needed",
-						"approve_transfer": "unknown",
-						"accept_foa": "needed",
-						"can_cancel_transfer": true
-					},
-					"current_registrar": "Cloudflare",
-					"expires_at": "2019-08-28T23:59:59Z",
-					"registry_statuses": "ok,serverTransferProhibited",
-					"locked": false,
-					"created_at": "2018-08-28T17:26:26Z",
-					"updated_at": "2018-08-28T17:26:26Z",
-					"registrant_contact": {
-						"id": "ea95132c15732412d22c1476fa83f27a",
-						"first_name": "John",
-						"last_name": "Appleseed",
-						"organization": "Cloudflare, Inc.",
-						"address": "123 Sesame St.",
-						"address2": "Suite 430",
-						"city": "Austin",
-						"state": "TX",
-						"zip": "12345",
-						"country": "US",
-						"phone": "+1 123-123-1234",
-						"email": "user@example.com",
-						"fax": "123-867-5309"
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com/transfer", handler)
-
-	actual, err := client.TransferRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
-	}
-}
-
-func TestCancelRegistrarDomainTransfer(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "ea95132c15732412d22c1476fa83f27a",
-					"available": false,
-					"supported_tld": true,
-					"can_register": false,
-					"transfer_in": {
-						"unlock_domain": "ok",
-						"disable_privacy": "ok",
-						"enter_auth_code": "needed",
-						"approve_transfer": "unknown",
-						"accept_foa": "needed",
-						"can_cancel_transfer": true
-					},
-					"current_registrar": "Cloudflare",
-					"expires_at": "2019-08-28T23:59:59Z",
-					"registry_statuses": "ok,serverTransferProhibited",
-					"locked": false,
-					"created_at": "2018-08-28T17:26:26Z",
-					"updated_at": "2018-08-28T17:26:26Z",
-					"registrant_contact": {
-						"id": "ea95132c15732412d22c1476fa83f27a",
-						"first_name": "John",
-						"last_name": "Appleseed",
-						"organization": "Cloudflare, Inc.",
-						"address": "123 Sesame St.",
-						"address2": "Suite 430",
-						"city": "Austin",
-						"state": "TX",
-						"zip": "12345",
-						"country": "US",
-						"phone": "+1 123-123-1234",
-						"email": "user@example.com",
-						"fax": "123-867-5309"
-					}
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com/cancel_transfer", handler)
-
-	actual, err := client.CancelRegistrarDomainTransfer(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, []RegistrarDomain{expectedRegistrarDomain}, actual)
-	}
-}
-
-func TestUpdateRegistrarDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "ea95132c15732412d22c1476fa83f27a",
-				"available": false,
-				"supported_tld": true,
-				"can_register": false,
-				"transfer_in": {
-					"unlock_domain": "ok",
-					"disable_privacy": "ok",
-					"enter_auth_code": "needed",
-					"approve_transfer": "unknown",
-					"accept_foa": "needed",
-					"can_cancel_transfer": true
-				},
-				"current_registrar": "Cloudflare",
-				"expires_at": "2019-08-28T23:59:59Z",
-				"registry_statuses": "ok,serverTransferProhibited",
-				"locked": false,
-				"created_at": "2018-08-28T17:26:26Z",
-				"updated_at": "2018-08-28T17:26:26Z",
-				"registrant_contact": {
-					"id": "ea95132c15732412d22c1476fa83f27a",
-					"first_name": "John",
-					"last_name": "Appleseed",
-					"organization": "Cloudflare, Inc.",
-					"address": "123 Sesame St.",
-					"address2": "Suite 430",
-					"city": "Austin",
-					"state": "TX",
-					"zip": "12345",
-					"country": "US",
-					"phone": "+1 123-123-1234",
-					"email": "user@example.com",
-					"fax": "123-867-5309"
-				}
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/registrar/domains/cloudflare.com", handler)
-
-	actual, err := client.UpdateRegistrarDomain(context.Background(), "01a7362d577a6c3019a474fd6f485823", "cloudflare.com", RegistrarDomainConfiguration{
-		NameServers: []string{"ns1.cloudflare.com", "ns2.cloudflare.com"},
-		Locked:      false,
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedRegistrarDomain, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/resource.go b/pkg/cloudflare-go/resource.go
deleted file mode 100644
index d781975930..0000000000
--- a/pkg/cloudflare-go/resource.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package cloudflare
-
-import "fmt"
-
-// RouteLevel holds the "level" where the resource resides. Commonly used in
-// routing configurations or builders.
-type RouteLevel string
-
-// ResourceType holds the type of the resource. This is similar to `RouteLevel`
-// however this is the singular version of `RouteLevel` and isn't suitable for
-// use in routing.
-type ResourceType string
-
-const (
-	user    = "user"
-	zone    = "zone"
-	account = "account"
-
-	zones    = zone + "s"
-	accounts = account + "s"
-
-	AccountRouteLevel RouteLevel = accounts
-	ZoneRouteLevel    RouteLevel = zones
-	UserRouteLevel    RouteLevel = user
-
-	AccountType ResourceType = account
-	ZoneType    ResourceType = zone
-	UserType    ResourceType = user
-)
-
-// ResourceContainer defines an API resource you wish to target. Should not be
-// used directly, use `UserIdentifier`, `ZoneIdentifier` and `AccountIdentifier`
-// instead.
-type ResourceContainer struct {
-	Level      RouteLevel
-	Identifier string
-	Type       ResourceType
-}
-
-func (r RouteLevel) String() string {
-	switch r {
-	case AccountRouteLevel:
-		return accounts
-	case ZoneRouteLevel:
-		return zones
-	case UserRouteLevel:
-		return user
-	default:
-		return "unknown"
-	}
-}
-
-func (r ResourceType) String() string {
-	switch r {
-	case AccountType:
-		return account
-	case ZoneType:
-		return zone
-	case UserType:
-		return user
-	default:
-		return "unknown"
-	}
-}
-
-// Returns a URL fragment of the endpoint scoped by the container.
-//
-// For example, a zone identifier would have a fragment like "zones/foobar" while
-// an account identifier would generate "accounts/foobar".
-func (rc *ResourceContainer) URLFragment() string {
-	if rc.Level == "" {
-		return rc.Identifier
-	}
-
-	if rc.Level == UserRouteLevel {
-		return user
-	}
-
-	return fmt.Sprintf("%s/%s", rc.Level, rc.Identifier)
-}
-
-// ResourceIdentifier returns a generic *ResourceContainer.
-func ResourceIdentifier(id string) *ResourceContainer {
-	return &ResourceContainer{
-		Identifier: id,
-	}
-}
-
-// UserIdentifier returns a user level *ResourceContainer.
-func UserIdentifier(id string) *ResourceContainer {
-	return &ResourceContainer{
-		Level:      UserRouteLevel,
-		Identifier: id,
-		Type:       UserType,
-	}
-}
-
-// ZoneIdentifier returns a zone level *ResourceContainer.
-func ZoneIdentifier(id string) *ResourceContainer {
-	return &ResourceContainer{
-		Level:      ZoneRouteLevel,
-		Identifier: id,
-		Type:       ZoneType,
-	}
-}
-
-// AccountIdentifier returns an account level *ResourceContainer.
-func AccountIdentifier(id string) *ResourceContainer {
-	return &ResourceContainer{
-		Level:      AccountRouteLevel,
-		Identifier: id,
-		Type:       AccountType,
-	}
-}
diff --git a/pkg/cloudflare-go/resource_group.go b/pkg/cloudflare-go/resource_group.go
deleted file mode 100644
index 6d25ffb5e8..0000000000
--- a/pkg/cloudflare-go/resource_group.go
+++ /dev/null
@@ -1,53 +0,0 @@
-package cloudflare
-
-import "fmt"
-
-type ResourceGroup struct {
-	ID    string            `json:"id"`
-	Name  string            `json:"name"`
-	Meta  map[string]string `json:"meta"`
-	Scope Scope             `json:"scope"`
-}
-
-type Scope struct {
-	Key          string        `json:"key"`
-	ScopeObjects []ScopeObject `json:"objects"`
-}
-
-type ScopeObject struct {
-	Key string `json:"key"`
-}
-
-// NewResourceGroupForZone takes an existing zone and provides a resource group
-// to be used within a Policy that allows access to that zone.
-func NewResourceGroupForZone(zone Zone) ResourceGroup {
-	return NewResourceGroup(fmt.Sprintf("com.cloudflare.api.account.zone.%s", zone.ID))
-}
-
-// NewResourceGroupForAccount takes an existing zone and provides a resource group
-// to be used within a Policy that allows access to that account.
-func NewResourceGroupForAccount(account Account) ResourceGroup {
-	return NewResourceGroup(fmt.Sprintf("com.cloudflare.api.account.%s", account.ID))
-}
-
-// NewResourceGroup takes a Cloudflare-formatted key (e.g. 'com.cloudflare.api.%s') and
-// returns a resource group to be used within a Policy to allow access to that resource.
-func NewResourceGroup(key string) ResourceGroup {
-	scope := Scope{
-		Key: key,
-		ScopeObjects: []ScopeObject{
-			{
-				Key: "*",
-			},
-		},
-	}
-	resourceGroup := ResourceGroup{
-		ID:   "",
-		Name: key,
-		Meta: map[string]string{
-			"editable": "false",
-		},
-		Scope: scope,
-	}
-	return resourceGroup
-}
diff --git a/pkg/cloudflare-go/resource_group_test.go b/pkg/cloudflare-go/resource_group_test.go
deleted file mode 100644
index 6f0ff3d366..0000000000
--- a/pkg/cloudflare-go/resource_group_test.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package cloudflare
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNewResourceGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	key := "com.cloudflare.test.1"
-	rg := NewResourceGroup(key)
-
-	assert.Equal(t, rg.Name, key)
-	assert.Equal(t, rg.Scope.Key, key)
-}
-
-func TestNewResourceGroupForAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "some-fake-account-id"
-	rg := NewResourceGroupForAccount(Account{
-		ID: id,
-	})
-
-	key := fmt.Sprintf("com.cloudflare.api.account.%s", id)
-	assert.Equal(t, rg.Name, key)
-	assert.Equal(t, rg.Scope.Key, key)
-}
-
-func TestNewResourceGroupForZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "some-fake-zone-id"
-	rg := NewResourceGroupForZone(Zone{
-		ID: id,
-	})
-
-	key := fmt.Sprintf("com.cloudflare.api.account.zone.%s", id)
-	assert.Equal(t, rg.Name, key)
-	assert.Equal(t, rg.Scope.Key, key)
-}
diff --git a/pkg/cloudflare-go/resource_test.go b/pkg/cloudflare-go/resource_test.go
deleted file mode 100644
index ad2e7295a3..0000000000
--- a/pkg/cloudflare-go/resource_test.go
+++ /dev/null
@@ -1,66 +0,0 @@
-package cloudflare
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestResourceProperties(t *testing.T) {
-	testCases := map[string]struct {
-		container          *ResourceContainer
-		expectedRoute      string
-		expectedType       string
-		expectedIdentifier string
-	}{
-		account: {
-			container:          AccountIdentifier("abcd1234"),
-			expectedRoute:      accounts,
-			expectedType:       account,
-			expectedIdentifier: "abcd1234",
-		},
-		zone: {
-			container:          ZoneIdentifier("abcd1234"),
-			expectedRoute:      zones,
-			expectedType:       zone,
-			expectedIdentifier: "abcd1234",
-		},
-		user: {
-			container:          UserIdentifier("abcd1234"),
-			expectedRoute:      user,
-			expectedType:       user,
-			expectedIdentifier: "abcd1234",
-		},
-	}
-
-	for name, tc := range testCases {
-		t.Run(name, func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			assert.Equal(t, tc.container.Level.String(), tc.expectedRoute)
-			assert.Equal(t, tc.container.Type.String(), tc.expectedType)
-			assert.Equal(t, tc.container.Identifier, tc.expectedIdentifier)
-		})
-	}
-}
-func TestResourcURLFragment(t *testing.T) {
-	tests := map[string]struct {
-		container *ResourceContainer
-		want      string
-	}{
-		"account resource": {container: AccountIdentifier("foo"), want: "accounts/foo"},
-		"zone resource":    {container: ZoneIdentifier("foo"), want: "zones/foo"},
-		// this is pretty well deprecated in favour of `AccountIdentifier` but
-		// here for completeness.
-		"user level resource":    {container: UserIdentifier("foo"), want: "user"},
-		"missing level resource": {container: &ResourceContainer{Level: "", Identifier: "foo"}, want: "foo"},
-	}
-
-	for name, tc := range tests {
-		t.Run(name, func(t *testing.T) {
-			got := tc.container.URLFragment()
-			assert.Equal(t, tc.want, got)
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/rulesets.go b/pkg/cloudflare-go/rulesets.go
deleted file mode 100644
index 2a960fc2c5..0000000000
--- a/pkg/cloudflare-go/rulesets.go
+++ /dev/null
@@ -1,889 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingRulesetPhase = errors.New("missing required phase")
-)
-
-const (
-	RulesetKindCustom  RulesetKind = "custom"
-	RulesetKindManaged RulesetKind = "managed"
-	RulesetKindRoot    RulesetKind = "root"
-	RulesetKindZone    RulesetKind = "zone"
-
-	RulesetPhaseDDoSL4                       RulesetPhase = "ddos_l4"
-	RulesetPhaseDDoSL7                       RulesetPhase = "ddos_l7"
-	RulesetPhaseHTTPConfigSettings           RulesetPhase = "http_config_settings"
-	RulesetPhaseHTTPCustomErrors             RulesetPhase = "http_custom_errors"
-	RulesetPhaseHTTPLogCustomFields          RulesetPhase = "http_log_custom_fields"
-	RulesetPhaseHTTPRatelimit                RulesetPhase = "http_ratelimit"
-	RulesetPhaseHTTPRequestCacheSettings     RulesetPhase = "http_request_cache_settings"
-	RulesetPhaseHTTPRequestDynamicRedirect   RulesetPhase = "http_request_dynamic_redirect" //nolint:gosec
-	RulesetPhaseHTTPRequestFirewallCustom    RulesetPhase = "http_request_firewall_custom"
-	RulesetPhaseHTTPRequestFirewallManaged   RulesetPhase = "http_request_firewall_managed"
-	RulesetPhaseHTTPRequestLateTransform     RulesetPhase = "http_request_late_transform"
-	RulesetPhaseHTTPRequestOrigin            RulesetPhase = "http_request_origin"
-	RulesetPhaseHTTPRequestRedirect          RulesetPhase = "http_request_redirect"
-	RulesetPhaseHTTPRequestSanitize          RulesetPhase = "http_request_sanitize"
-	RulesetPhaseHTTPRequestSBFM              RulesetPhase = "http_request_sbfm"
-	RulesetPhaseHTTPRequestTransform         RulesetPhase = "http_request_transform"
-	RulesetPhaseHTTPResponseCompression      RulesetPhase = "http_response_compression"
-	RulesetPhaseHTTPResponseFirewallManaged  RulesetPhase = "http_response_firewall_managed"
-	RulesetPhaseHTTPResponseHeadersTransform RulesetPhase = "http_response_headers_transform"
-	RulesetPhaseMagicTransit                 RulesetPhase = "magic_transit"
-
-	RulesetRuleActionBlock                RulesetRuleAction = "block"
-	RulesetRuleActionChallenge            RulesetRuleAction = "challenge"
-	RulesetRuleActionCompressResponse     RulesetRuleAction = "compress_response"
-	RulesetRuleActionDDoSDynamic          RulesetRuleAction = "ddos_dynamic"
-	RulesetRuleActionDDoSMitigation       RulesetRuleAction = "ddos_mitigation"
-	RulesetRuleActionExecute              RulesetRuleAction = "execute"
-	RulesetRuleActionForceConnectionClose RulesetRuleAction = "force_connection_close"
-	RulesetRuleActionJSChallenge          RulesetRuleAction = "js_challenge"
-	RulesetRuleActionLog                  RulesetRuleAction = "log"
-	RulesetRuleActionLogCustomField       RulesetRuleAction = "log_custom_field"
-	RulesetRuleActionManagedChallenge     RulesetRuleAction = "managed_challenge"
-	RulesetRuleActionRedirect             RulesetRuleAction = "redirect"
-	RulesetRuleActionRewrite              RulesetRuleAction = "rewrite"
-	RulesetRuleActionRoute                RulesetRuleAction = "route"
-	RulesetRuleActionScore                RulesetRuleAction = "score"
-	RulesetRuleActionServeError           RulesetRuleAction = "serve_error"
-	RulesetRuleActionSetCacheSettings     RulesetRuleAction = "set_cache_settings"
-	RulesetRuleActionSetConfig            RulesetRuleAction = "set_config"
-	RulesetRuleActionSkip                 RulesetRuleAction = "skip"
-
-	RulesetActionParameterProductBIC           RulesetActionParameterProduct = "bic"
-	RulesetActionParameterProductHOT           RulesetActionParameterProduct = "hot"
-	RulesetActionParameterProductRateLimit     RulesetActionParameterProduct = "ratelimit"
-	RulesetActionParameterProductSecurityLevel RulesetActionParameterProduct = "securityLevel"
-	RulesetActionParameterProductUABlock       RulesetActionParameterProduct = "uablock"
-	RulesetActionParameterProductWAF           RulesetActionParameterProduct = "waf"
-	RulesetActionParameterProductZoneLockdown  RulesetActionParameterProduct = "zonelockdown"
-
-	RulesetRuleActionParametersHTTPHeaderOperationRemove RulesetRuleActionParametersHTTPHeaderOperation = "remove"
-	RulesetRuleActionParametersHTTPHeaderOperationSet    RulesetRuleActionParametersHTTPHeaderOperation = "set"
-	RulesetRuleActionParametersHTTPHeaderOperationAdd    RulesetRuleActionParametersHTTPHeaderOperation = "add"
-)
-
-// RulesetKindValues exposes all the available `RulesetKind` values as a slice
-// of strings.
-func RulesetKindValues() []string {
-	return []string{
-		string(RulesetKindCustom),
-		string(RulesetKindManaged),
-		string(RulesetKindRoot),
-		string(RulesetKindZone),
-	}
-}
-
-// RulesetPhaseValues exposes all the available `RulesetPhase` values as a slice
-// of strings.
-func RulesetPhaseValues() []string {
-	return []string{
-		string(RulesetPhaseDDoSL4),
-		string(RulesetPhaseDDoSL7),
-		string(RulesetPhaseHTTPConfigSettings),
-		string(RulesetPhaseHTTPCustomErrors),
-		string(RulesetPhaseHTTPLogCustomFields),
-		string(RulesetPhaseHTTPRatelimit),
-		string(RulesetPhaseHTTPRequestCacheSettings),
-		string(RulesetPhaseHTTPRequestDynamicRedirect),
-		string(RulesetPhaseHTTPRequestFirewallCustom),
-		string(RulesetPhaseHTTPRequestFirewallManaged),
-		string(RulesetPhaseHTTPRequestLateTransform),
-		string(RulesetPhaseHTTPRequestOrigin),
-		string(RulesetPhaseHTTPRequestRedirect),
-		string(RulesetPhaseHTTPRequestSanitize),
-		string(RulesetPhaseHTTPRequestSBFM),
-		string(RulesetPhaseHTTPRequestTransform),
-		string(RulesetPhaseHTTPResponseCompression),
-		string(RulesetPhaseHTTPResponseFirewallManaged),
-		string(RulesetPhaseHTTPResponseHeadersTransform),
-		string(RulesetPhaseMagicTransit),
-	}
-}
-
-// RulesetRuleActionValues exposes all the available `RulesetRuleAction` values
-// as a slice of strings.
-func RulesetRuleActionValues() []string {
-	return []string{
-		string(RulesetRuleActionBlock),
-		string(RulesetRuleActionChallenge),
-		string(RulesetRuleActionCompressResponse),
-		string(RulesetRuleActionDDoSDynamic),
-		string(RulesetRuleActionDDoSMitigation),
-		string(RulesetRuleActionExecute),
-		string(RulesetRuleActionForceConnectionClose),
-		string(RulesetRuleActionJSChallenge),
-		string(RulesetRuleActionLog),
-		string(RulesetRuleActionLogCustomField),
-		string(RulesetRuleActionManagedChallenge),
-		string(RulesetRuleActionRedirect),
-		string(RulesetRuleActionRewrite),
-		string(RulesetRuleActionRoute),
-		string(RulesetRuleActionScore),
-		string(RulesetRuleActionServeError),
-		string(RulesetRuleActionSetCacheSettings),
-		string(RulesetRuleActionSetConfig),
-		string(RulesetRuleActionSkip),
-	}
-}
-
-// RulesetActionParameterProductValues exposes all the available
-// `RulesetActionParameterProduct` values as a slice of strings.
-func RulesetActionParameterProductValues() []string {
-	return []string{
-		string(RulesetActionParameterProductBIC),
-		string(RulesetActionParameterProductHOT),
-		string(RulesetActionParameterProductRateLimit),
-		string(RulesetActionParameterProductSecurityLevel),
-		string(RulesetActionParameterProductUABlock),
-		string(RulesetActionParameterProductWAF),
-		string(RulesetActionParameterProductZoneLockdown),
-	}
-}
-
-func RulesetRuleActionParametersHTTPHeaderOperationValues() []string {
-	return []string{
-		string(RulesetRuleActionParametersHTTPHeaderOperationRemove),
-		string(RulesetRuleActionParametersHTTPHeaderOperationSet),
-		string(RulesetRuleActionParametersHTTPHeaderOperationAdd),
-	}
-}
-
-// RulesetRuleAction defines a custom type that is used to express allowed
-// values for the rule action.
-type RulesetRuleAction string
-
-// RulesetKind is the custom type for allowed variances of rulesets.
-type RulesetKind string
-
-// RulesetPhase is the custom type for defining at what point the ruleset will
-// be applied in the request pipeline.
-type RulesetPhase string
-
-// RulesetActionParameterProduct is the custom type for defining what products
-// can be used within the action parameters of a ruleset.
-type RulesetActionParameterProduct string
-
-// RulesetRuleActionParametersHTTPHeaderOperation defines available options for
-// HTTP header operations in actions.
-type RulesetRuleActionParametersHTTPHeaderOperation string
-
-// Ruleset contains the structure of a Ruleset. Using `string` for Kind and
-// Phase is a developer nicety to support downstream clients like Terraform who
-// don't really have a strong and expansive type system. As always, the
-// recommendation is to use the types provided where possible to avoid
-// surprises.
-type Ruleset struct {
-	ID                       string        `json:"id,omitempty"`
-	Name                     string        `json:"name,omitempty"`
-	Description              string        `json:"description,omitempty"`
-	Kind                     string        `json:"kind,omitempty"`
-	Version                  *string       `json:"version,omitempty"`
-	LastUpdated              *time.Time    `json:"last_updated,omitempty"`
-	Phase                    string        `json:"phase,omitempty"`
-	Rules                    []RulesetRule `json:"rules"`
-	ShareableEntitlementName string        `json:"shareable_entitlement_name,omitempty"`
-}
-
-// RulesetActionParametersLogCustomField wraps an object that is part of
-// request_fields, response_fields or cookie_fields.
-type RulesetActionParametersLogCustomField struct {
-	Name string `json:"name,omitempty"`
-}
-
-// RulesetRuleActionParameters specifies the action parameters for a Ruleset
-// rule.
-type RulesetRuleActionParameters struct {
-	ID                       string                                            `json:"id,omitempty"`
-	Ruleset                  string                                            `json:"ruleset,omitempty"`
-	Rulesets                 []string                                          `json:"rulesets,omitempty"`
-	Rules                    map[string][]string                               `json:"rules,omitempty"`
-	Increment                int                                               `json:"increment,omitempty"`
-	URI                      *RulesetRuleActionParametersURI                   `json:"uri,omitempty"`
-	Headers                  map[string]RulesetRuleActionParametersHTTPHeader  `json:"headers,omitempty"`
-	Products                 []string                                          `json:"products,omitempty"`
-	Phases                   []string                                          `json:"phases,omitempty"`
-	Overrides                *RulesetRuleActionParametersOverrides             `json:"overrides,omitempty"`
-	MatchedData              *RulesetRuleActionParametersMatchedData           `json:"matched_data,omitempty"`
-	Version                  *string                                           `json:"version,omitempty"`
-	Response                 *RulesetRuleActionParametersBlockResponse         `json:"response,omitempty"`
-	HostHeader               string                                            `json:"host_header,omitempty"`
-	Origin                   *RulesetRuleActionParametersOrigin                `json:"origin,omitempty"`
-	SNI                      *RulesetRuleActionParametersSni                   `json:"sni,omitempty"`
-	RequestFields            []RulesetActionParametersLogCustomField           `json:"request_fields,omitempty"`
-	ResponseFields           []RulesetActionParametersLogCustomField           `json:"response_fields,omitempty"`
-	CookieFields             []RulesetActionParametersLogCustomField           `json:"cookie_fields,omitempty"`
-	Cache                    *bool                                             `json:"cache,omitempty"`
-	AdditionalCacheablePorts []int                                             `json:"additional_cacheable_ports,omitempty"`
-	EdgeTTL                  *RulesetRuleActionParametersEdgeTTL               `json:"edge_ttl,omitempty"`
-	BrowserTTL               *RulesetRuleActionParametersBrowserTTL            `json:"browser_ttl,omitempty"`
-	ServeStale               *RulesetRuleActionParametersServeStale            `json:"serve_stale,omitempty"`
-	Content                  string                                            `json:"content,omitempty"`
-	ContentType              string                                            `json:"content_type,omitempty"`
-	StatusCode               uint16                                            `json:"status_code,omitempty"`
-	RespectStrongETags       *bool                                             `json:"respect_strong_etags,omitempty"`
-	CacheKey                 *RulesetRuleActionParametersCacheKey              `json:"cache_key,omitempty"`
-	OriginCacheControl       *bool                                             `json:"origin_cache_control,omitempty"`
-	OriginErrorPagePassthru  *bool                                             `json:"origin_error_page_passthru,omitempty"`
-	CacheReserve             *RulesetRuleActionParametersCacheReserve          `json:"cache_reserve,omitempty"`
-	FromList                 *RulesetRuleActionParametersFromList              `json:"from_list,omitempty"`
-	FromValue                *RulesetRuleActionParametersFromValue             `json:"from_value,omitempty"`
-	AutomaticHTTPSRewrites   *bool                                             `json:"automatic_https_rewrites,omitempty"`
-	AutoMinify               *RulesetRuleActionParametersAutoMinify            `json:"autominify,omitempty"`
-	BrowserIntegrityCheck    *bool                                             `json:"bic,omitempty"`
-	DisableApps              *bool                                             `json:"disable_apps,omitempty"`
-	DisableZaraz             *bool                                             `json:"disable_zaraz,omitempty"`
-	DisableRailgun           *bool                                             `json:"disable_railgun,omitempty"`
-	DisableRUM               *bool                                             `json:"disable_rum,omitempty"`
-	EmailObfuscation         *bool                                             `json:"email_obfuscation,omitempty"`
-	Fonts                    *bool                                             `json:"fonts,omitempty"`
-	Mirage                   *bool                                             `json:"mirage,omitempty"`
-	OpportunisticEncryption  *bool                                             `json:"opportunistic_encryption,omitempty"`
-	Polish                   *Polish                                           `json:"polish,omitempty"`
-	ReadTimeout              *uint                                             `json:"read_timeout,omitempty"`
-	RocketLoader             *bool                                             `json:"rocket_loader,omitempty"`
-	SecurityLevel            *SecurityLevel                                    `json:"security_level,omitempty"`
-	ServerSideExcludes       *bool                                             `json:"server_side_excludes,omitempty"`
-	SSL                      *SSL                                              `json:"ssl,omitempty"`
-	SXG                      *bool                                             `json:"sxg,omitempty"`
-	HotLinkProtection        *bool                                             `json:"hotlink_protection,omitempty"`
-	Algorithms               []RulesetRuleActionParametersCompressionAlgorithm `json:"algorithms,omitempty"`
-}
-
-// RulesetRuleActionParametersFromList holds the FromList struct for
-// actions which pull data from a list.
-type RulesetRuleActionParametersFromList struct {
-	Name string `json:"name"`
-	Key  string `json:"key"`
-}
-
-type RulesetRuleActionParametersAutoMinify struct {
-	HTML bool `json:"html"`
-	CSS  bool `json:"css"`
-	JS   bool `json:"js"`
-}
-
-type RulesetRuleActionParametersFromValue struct {
-	StatusCode          uint16                               `json:"status_code,omitempty"`
-	TargetURL           RulesetRuleActionParametersTargetURL `json:"target_url"`
-	PreserveQueryString *bool                                `json:"preserve_query_string,omitempty"`
-}
-
-type RulesetRuleActionParametersTargetURL struct {
-	Value      string `json:"value,omitempty"`
-	Expression string `json:"expression,omitempty"`
-}
-
-type RulesetRuleActionParametersEdgeTTL struct {
-	Mode          string                                     `json:"mode,omitempty"`
-	Default       *uint                                      `json:"default,omitempty"`
-	StatusCodeTTL []RulesetRuleActionParametersStatusCodeTTL `json:"status_code_ttl,omitempty"`
-}
-
-type RulesetRuleActionParametersStatusCodeTTL struct {
-	StatusCodeRange *RulesetRuleActionParametersStatusCodeRange `json:"status_code_range,omitempty"`
-	StatusCodeValue *uint                                       `json:"status_code,omitempty"`
-	Value           *int                                        `json:"value,omitempty"`
-}
-
-type RulesetRuleActionParametersStatusCodeRange struct {
-	From *uint `json:"from,omitempty"`
-	To   *uint `json:"to,omitempty"`
-}
-
-type RulesetRuleActionParametersBrowserTTL struct {
-	Mode    string `json:"mode"`
-	Default *uint  `json:"default,omitempty"`
-}
-
-type RulesetRuleActionParametersServeStale struct {
-	DisableStaleWhileUpdating *bool `json:"disable_stale_while_updating,omitempty"`
-}
-
-type RulesetRuleActionParametersCacheKey struct {
-	CacheByDeviceType       *bool                                 `json:"cache_by_device_type,omitempty"`
-	IgnoreQueryStringsOrder *bool                                 `json:"ignore_query_strings_order,omitempty"`
-	CacheDeceptionArmor     *bool                                 `json:"cache_deception_armor,omitempty"`
-	CustomKey               *RulesetRuleActionParametersCustomKey `json:"custom_key,omitempty"`
-}
-
-type RulesetRuleActionParametersCacheReserve struct {
-	Eligible        *bool `json:"eligible,omitempty"`
-	MinimumFileSize *uint `json:"minimum_file_size,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKey struct {
-	Query  *RulesetRuleActionParametersCustomKeyQuery  `json:"query_string,omitempty"`
-	Header *RulesetRuleActionParametersCustomKeyHeader `json:"header,omitempty"`
-	Cookie *RulesetRuleActionParametersCustomKeyCookie `json:"cookie,omitempty"`
-	User   *RulesetRuleActionParametersCustomKeyUser   `json:"user,omitempty"`
-	Host   *RulesetRuleActionParametersCustomKeyHost   `json:"host,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKeyHeader struct {
-	RulesetRuleActionParametersCustomKeyFields
-	ExcludeOrigin *bool `json:"exclude_origin,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKeyCookie RulesetRuleActionParametersCustomKeyFields
-
-type RulesetRuleActionParametersCustomKeyFields struct {
-	Include       []string `json:"include,omitempty"`
-	CheckPresence []string `json:"check_presence,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKeyQuery struct {
-	Include *RulesetRuleActionParametersCustomKeyList `json:"include,omitempty"`
-	Exclude *RulesetRuleActionParametersCustomKeyList `json:"exclude,omitempty"`
-	Ignore  *bool                                     `json:"ignore,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKeyList struct {
-	List []string
-	All  bool
-}
-
-func (s *RulesetRuleActionParametersCustomKeyList) UnmarshalJSON(data []byte) error {
-	var all string
-	if err := json.Unmarshal(data, &all); err == nil {
-		s.All = all == "*"
-		return nil
-	}
-	var list []string
-	if err := json.Unmarshal(data, &list); err == nil {
-		s.List = list
-	}
-
-	return nil
-}
-
-func (s RulesetRuleActionParametersCustomKeyList) MarshalJSON() ([]byte, error) {
-	if s.All {
-		return json.Marshal("*")
-	}
-	return json.Marshal(s.List)
-}
-
-type RulesetRuleActionParametersCustomKeyUser struct {
-	DeviceType *bool `json:"device_type,omitempty"`
-	Geo        *bool `json:"geo,omitempty"`
-	Lang       *bool `json:"lang,omitempty"`
-}
-
-type RulesetRuleActionParametersCustomKeyHost struct {
-	Resolved *bool `json:"resolved,omitempty"`
-}
-
-// RulesetRuleActionParametersBlockResponse holds the BlockResponse struct
-// for an action parameter.
-type RulesetRuleActionParametersBlockResponse struct {
-	StatusCode  uint16 `json:"status_code"`
-	ContentType string `json:"content_type"`
-	Content     string `json:"content"`
-}
-
-// RulesetRuleActionParametersURI holds the URI struct for an action parameter.
-type RulesetRuleActionParametersURI struct {
-	Path   *RulesetRuleActionParametersURIPath  `json:"path,omitempty"`
-	Query  *RulesetRuleActionParametersURIQuery `json:"query,omitempty"`
-	Origin *bool                                `json:"origin,omitempty"`
-}
-
-// RulesetRuleActionParametersURIPath holds the path specific portion of a URI
-// action parameter.
-type RulesetRuleActionParametersURIPath struct {
-	Value      string `json:"value,omitempty"`
-	Expression string `json:"expression,omitempty"`
-}
-
-// RulesetRuleActionParametersURIQuery holds the query specific portion of a URI
-// action parameter.
-type RulesetRuleActionParametersURIQuery struct {
-	Value      *string `json:"value,omitempty"`
-	Expression string  `json:"expression,omitempty"`
-}
-
-// RulesetRuleActionParametersHTTPHeader is the definition for define action
-// parameters that involve HTTP headers.
-type RulesetRuleActionParametersHTTPHeader struct {
-	Operation  string `json:"operation,omitempty"`
-	Value      string `json:"value,omitempty"`
-	Expression string `json:"expression,omitempty"`
-}
-
-type RulesetRuleActionParametersOverrides struct {
-	Enabled          *bool                                   `json:"enabled,omitempty"`
-	Action           string                                  `json:"action,omitempty"`
-	SensitivityLevel string                                  `json:"sensitivity_level,omitempty"`
-	Categories       []RulesetRuleActionParametersCategories `json:"categories,omitempty"`
-	Rules            []RulesetRuleActionParametersRules      `json:"rules,omitempty"`
-}
-
-type RulesetRuleActionParametersCategories struct {
-	Category string `json:"category"`
-	Action   string `json:"action,omitempty"`
-	Enabled  *bool  `json:"enabled,omitempty"`
-}
-
-type RulesetRuleActionParametersRules struct {
-	ID               string `json:"id"`
-	Action           string `json:"action,omitempty"`
-	Enabled          *bool  `json:"enabled,omitempty"`
-	ScoreThreshold   int    `json:"score_threshold,omitempty"`
-	SensitivityLevel string `json:"sensitivity_level,omitempty"`
-}
-
-// RulesetRuleActionParametersMatchedData holds the structure for WAF based
-// payload logging.
-type RulesetRuleActionParametersMatchedData struct {
-	PublicKey string `json:"public_key,omitempty"`
-}
-
-// RulesetRuleActionParametersOrigin is the definition for route action
-// parameters that involve origin overrides.
-type RulesetRuleActionParametersOrigin struct {
-	Host string `json:"host,omitempty"`
-	Port uint16 `json:"port,omitempty"`
-}
-
-// RulesetRuleActionParametersSni is the definition for the route action
-// parameters that involve SNI overrides.
-type RulesetRuleActionParametersSni struct {
-	Value string `json:"value"`
-}
-
-// RulesetRuleActionParametersCompressionAlgorithm defines a compression
-// algorithm for the compress_response action.
-type RulesetRuleActionParametersCompressionAlgorithm struct {
-	Name string `json:"name"`
-}
-
-type Polish int
-
-const (
-	_ Polish = iota
-	PolishOff
-	PolishLossless
-	PolishLossy
-)
-
-func (p Polish) MarshalJSON() ([]byte, error) {
-	return json.Marshal(p.String())
-}
-
-func (p Polish) String() string {
-	return [...]string{"off", "lossless", "lossy"}[p-1]
-}
-
-func (p *Polish) UnmarshalJSON(data []byte) error {
-	var (
-		s   string
-		err error
-	)
-	err = json.Unmarshal(data, &s)
-	if err != nil {
-		return err
-	}
-	v, err := PolishFromString(s)
-	if err != nil {
-		return err
-	}
-	*p = *v
-	return nil
-}
-
-func PolishFromString(s string) (*Polish, error) {
-	s = strings.ToLower(s)
-	var v Polish
-	switch s {
-	case "off":
-		v = PolishOff
-	case "lossless":
-		v = PolishLossless
-	case "lossy":
-		v = PolishLossy
-	default:
-		return nil, fmt.Errorf("unknown variant for polish: %s", s)
-	}
-	return &v, nil
-}
-
-func (p Polish) IntoRef() *Polish {
-	return &p
-}
-
-type SecurityLevel int
-
-const (
-	_ SecurityLevel = iota
-	SecurityLevelOff
-	SecurityLevelEssentiallyOff
-	SecurityLevelLow
-	SecurityLevelMedium
-	SecurityLevelHigh
-	SecurityLevelHelp
-)
-
-func (p SecurityLevel) MarshalJSON() ([]byte, error) {
-	return json.Marshal(p.String())
-}
-
-func (p SecurityLevel) String() string {
-	return [...]string{"off", "essentially_off", "low", "medium", "high", "under_attack"}[p-1]
-}
-
-func (p *SecurityLevel) UnmarshalJSON(data []byte) error {
-	var (
-		s   string
-		err error
-	)
-	err = json.Unmarshal(data, &s)
-	if err != nil {
-		return err
-	}
-	v, err := SecurityLevelFromString(s)
-	if err != nil {
-		return err
-	}
-	*p = *v
-	return nil
-}
-
-func SecurityLevelFromString(s string) (*SecurityLevel, error) {
-	s = strings.ToLower(s)
-	var v SecurityLevel
-	switch s {
-	case "off":
-		v = SecurityLevelOff
-	case "essentially_off":
-		v = SecurityLevelEssentiallyOff
-	case "low":
-		v = SecurityLevelLow
-	case "medium":
-		v = SecurityLevelMedium
-	case "high":
-		v = SecurityLevelHigh
-	case "under_attack":
-		v = SecurityLevelHelp
-	default:
-		return nil, fmt.Errorf("unknown variant for security_level: %s", s)
-	}
-	return &v, nil
-}
-
-func (p SecurityLevel) IntoRef() *SecurityLevel {
-	return &p
-}
-
-type SSL int
-
-const (
-	_ SSL = iota
-	SSLOff
-	SSLFlexible
-	SSLFull
-	SSLStrict
-	SSLOriginPull
-)
-
-func (p SSL) MarshalJSON() ([]byte, error) {
-	return json.Marshal(p.String())
-}
-
-func (p SSL) String() string {
-	return [...]string{"off", "flexible", "full", "strict", "origin_pull"}[p-1]
-}
-
-func (p *SSL) UnmarshalJSON(data []byte) error {
-	var (
-		s   string
-		err error
-	)
-	err = json.Unmarshal(data, &s)
-	if err != nil {
-		return err
-	}
-	v, err := SSLFromString(s)
-	if err != nil {
-		return err
-	}
-	*p = *v
-	return nil
-}
-
-func SSLFromString(s string) (*SSL, error) {
-	s = strings.ToLower(s)
-	var v SSL
-	switch s {
-	case "off":
-		v = SSLOff
-	case "flexible":
-		v = SSLFlexible
-	case "full":
-		v = SSLFull
-	case "strict":
-		v = SSLStrict
-	case "origin_pull":
-		v = SSLOriginPull
-	default:
-		return nil, fmt.Errorf("unknown variant for ssl: %s", s)
-	}
-	return &v, nil
-}
-
-func (p SSL) IntoRef() *SSL {
-	return &p
-}
-
-// RulesetRule contains information about a single Ruleset Rule.
-type RulesetRule struct {
-	ID                     string                             `json:"id,omitempty"`
-	Version                *string                            `json:"version,omitempty"`
-	Action                 string                             `json:"action"`
-	ActionParameters       *RulesetRuleActionParameters       `json:"action_parameters,omitempty"`
-	Expression             string                             `json:"expression"`
-	Description            string                             `json:"description,omitempty"`
-	LastUpdated            *time.Time                         `json:"last_updated,omitempty"`
-	Ref                    string                             `json:"ref,omitempty"`
-	Enabled                *bool                              `json:"enabled,omitempty"`
-	ScoreThreshold         int                                `json:"score_threshold,omitempty"`
-	RateLimit              *RulesetRuleRateLimit              `json:"ratelimit,omitempty"`
-	ExposedCredentialCheck *RulesetRuleExposedCredentialCheck `json:"exposed_credential_check,omitempty"`
-	Logging                *RulesetRuleLogging                `json:"logging,omitempty"`
-}
-
-// RulesetRuleRateLimit contains the structure of a HTTP rate limit Ruleset Rule.
-type RulesetRuleRateLimit struct {
-	Characteristics         []string `json:"characteristics,omitempty"`
-	RequestsPerPeriod       int      `json:"requests_per_period,omitempty"`
-	ScorePerPeriod          int      `json:"score_per_period,omitempty"`
-	ScoreResponseHeaderName string   `json:"score_response_header_name,omitempty"`
-	Period                  int      `json:"period,omitempty"`
-	MitigationTimeout       int      `json:"mitigation_timeout,omitempty"`
-	CountingExpression      string   `json:"counting_expression,omitempty"`
-	RequestsToOrigin        bool     `json:"requests_to_origin,omitempty"`
-}
-
-// RulesetRuleExposedCredentialCheck contains the structure of an exposed
-// credential check Ruleset Rule.
-type RulesetRuleExposedCredentialCheck struct {
-	UsernameExpression string `json:"username_expression,omitempty"`
-	PasswordExpression string `json:"password_expression,omitempty"`
-}
-
-// RulesetRuleLogging contains the logging configuration for the rule.
-type RulesetRuleLogging struct {
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-// UpdateRulesetRequest is the representation of a Ruleset update.
-type UpdateRulesetRequest struct {
-	Description string        `json:"description"`
-	Rules       []RulesetRule `json:"rules"`
-}
-
-// ListRulesetResponse contains all Rulesets.
-type ListRulesetResponse struct {
-	Response
-	Result []Ruleset `json:"result"`
-}
-
-// GetRulesetResponse contains a single Ruleset.
-type GetRulesetResponse struct {
-	Response
-	Result Ruleset `json:"result"`
-}
-
-// CreateRulesetResponse contains response data when creating a new Ruleset.
-type CreateRulesetResponse struct {
-	Response
-	Result Ruleset `json:"result"`
-}
-
-// UpdateRulesetResponse contains response data when updating an existing
-// Ruleset.
-type UpdateRulesetResponse struct {
-	Response
-	Result Ruleset `json:"result"`
-}
-
-type ListRulesetsParams struct{}
-
-type CreateRulesetParams struct {
-	Name        string        `json:"name,omitempty"`
-	Description string        `json:"description,omitempty"`
-	Kind        string        `json:"kind,omitempty"`
-	Phase       string        `json:"phase,omitempty"`
-	Rules       []RulesetRule `json:"rules"`
-}
-
-type UpdateRulesetParams struct {
-	ID          string        `json:"-"`
-	Description string        `json:"description"`
-	Rules       []RulesetRule `json:"rules"`
-}
-
-type UpdateEntrypointRulesetParams struct {
-	Phase       string        `json:"-"`
-	Description string        `json:"description,omitempty"`
-	Rules       []RulesetRule `json:"rules"`
-}
-
-// ListRulesets lists all Rulesets in a given zone or account depending on the
-// ResourceContainer type provided.
-//
-// API reference: https://developers.cloudflare.com/api/operations/listAccountRulesets
-// API reference: https://developers.cloudflare.com/api/operations/listZoneRulesets
-func (api *API) ListRulesets(ctx context.Context, rc *ResourceContainer, params ListRulesetsParams) ([]Ruleset, error) {
-	uri := fmt.Sprintf("/%s/%s/rulesets", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Ruleset{}, err
-	}
-
-	result := ListRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetRuleset fetches a single ruleset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/getAccountRuleset
-// API reference: https://developers.cloudflare.com/api/operations/getZoneRuleset
-func (api *API) GetRuleset(ctx context.Context, rc *ResourceContainer, rulesetID string) (Ruleset, error) {
-	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, rulesetID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Ruleset{}, err
-	}
-
-	result := GetRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// CreateRuleset creates a new ruleset.
-//
-// API reference: https://developers.cloudflare.com/api/operations/createAccountRuleset
-// API reference: https://developers.cloudflare.com/api/operations/createZoneRuleset
-func (api *API) CreateRuleset(ctx context.Context, rc *ResourceContainer, params CreateRulesetParams) (Ruleset, error) {
-	uri := fmt.Sprintf("/%s/%s/rulesets", rc.Level, rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return Ruleset{}, err
-	}
-
-	result := CreateRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteRuleset removes a ruleset based on the ruleset ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/deleteAccountRuleset
-// API reference: https://developers.cloudflare.com/api/operations/deleteZoneRuleset
-func (api *API) DeleteRuleset(ctx context.Context, rc *ResourceContainer, rulesetID string) error {
-	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, rulesetID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	// The API is not implementing the standard response blob but returns an
-	// empty response (204) in case of a success. So we are checking for the
-	// response body size here.
-	if len(res) > 0 {
-		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
-	}
-
-	return nil
-}
-
-// UpdateRuleset updates a ruleset based on the ruleset ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/updateAccountRuleset
-// API reference: https://developers.cloudflare.com/api/operations/updateZoneRuleset
-func (api *API) UpdateRuleset(ctx context.Context, rc *ResourceContainer, params UpdateRulesetParams) (Ruleset, error) {
-	if params.ID == "" {
-		return Ruleset{}, ErrMissingResourceIdentifier
-	}
-
-	uri := fmt.Sprintf("/%s/%s/rulesets/%s", rc.Level, rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Ruleset{}, err
-	}
-
-	result := UpdateRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// GetEntrypointRuleset returns an entry point ruleset base on the phase.
-//
-// API reference: https://developers.cloudflare.com/api/operations/getAccountEntrypointRuleset
-// API reference: https://developers.cloudflare.com/api/operations/getZoneEntrypointRuleset
-func (api *API) GetEntrypointRuleset(ctx context.Context, rc *ResourceContainer, phase string) (Ruleset, error) {
-	uri := fmt.Sprintf("/%s/%s/rulesets/phases/%s/entrypoint", rc.Level, rc.Identifier, phase)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Ruleset{}, err
-	}
-
-	result := GetRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateEntrypointRuleset updates an entry point ruleset phase based on the
-// phase.
-//
-// API reference: https://developers.cloudflare.com/api/operations/updateAccountEntrypointRuleset
-// API reference: https://developers.cloudflare.com/api/operations/updateZoneEntrypointRuleset
-func (api *API) UpdateEntrypointRuleset(ctx context.Context, rc *ResourceContainer, params UpdateEntrypointRulesetParams) (Ruleset, error) {
-	if params.Phase == "" {
-		return Ruleset{}, ErrMissingRulesetPhase
-	}
-
-	uri := fmt.Sprintf("/%s/%s/rulesets/phases/%s/entrypoint", rc.Level, rc.Identifier, params.Phase)
-	//fmt.Printf("DEBUG: update: uri=%v\n", uri)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Ruleset{}, err
-	}
-
-	result := GetRulesetResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return Ruleset{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
diff --git a/pkg/cloudflare-go/rulesets_test.go b/pkg/cloudflare-go/rulesets_test.go
deleted file mode 100644
index dbaf2b4f13..0000000000
--- a/pkg/cloudflare-go/rulesets_test.go
+++ /dev/null
@@ -1,870 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListRulesets(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": [
-        {
-          "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-          "name": "my example ruleset",
-          "description": "Test magic transit ruleset",
-          "kind": "root",
-          "version": "1",
-          "last_updated": "2020-12-02T20:24:07.776073Z",
-          "phase": "magic_transit"
-        }
-      ],
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-
-	want := []Ruleset{
-		{
-			ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-			Name:        "my example ruleset",
-			Description: "Test magic transit ruleset",
-			Kind:        "root",
-			Version:     StringPtr("1"),
-			LastUpdated: &lastUpdated,
-			Phase:       string(RulesetPhaseMagicTransit),
-		},
-	}
-
-	zoneActual, err := client.ListRulesets(context.Background(), ZoneIdentifier(testZoneID), ListRulesetsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.ListRulesets(context.Background(), AccountIdentifier(testAccountID), ListRulesetsParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_MagicTransit(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-        "name": "my example ruleset",
-        "description": "Test magic transit ruleset",
-        "kind": "root",
-        "version": "1",
-        "last_updated": "2020-12-02T20:24:07.776073Z",
-        "phase": "magic_transit"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-
-	want := Ruleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "my example ruleset",
-		Description: "Test magic transit ruleset",
-		Kind:        "root",
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseMagicTransit),
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_WAF(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "70339d97bdb34195bbf054b1ebe81f76",
-        "name": "Cloudflare Normalization Ruleset",
-        "description": "Created by the Cloudflare security team, this ruleset provides normalization on the URL path",
-        "kind": "managed",
-        "version": "1",
-        "rules": [
-          {
-            "id": "78723a9e0c7c4c6dbec5684cb766231d",
-            "version": "1",
-            "action": "rewrite",
-            "action_parameters": {
-              "uri": {
-                "path": {
-                  "expression": "normalize_url_path(raw.http.request.uri.path)"
-                },
-                "origin": false
-              }
-            },
-            "description": "Normalization on the URL path, without propagating it to the origin",
-            "last_updated": "2020-12-18T09:28:09.655749Z",
-            "ref": "272936dc447b41fe976255ff6b768ec0",
-            "enabled": true
-          }
-        ],
-        "last_updated": "2020-12-18T09:28:09.655749Z",
-        "phase": "http_request_sanitize"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
-
-	rules := []RulesetRule{{
-		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionRewrite),
-		ActionParameters: &RulesetRuleActionParameters{
-			URI: &RulesetRuleActionParametersURI{
-				Path: &RulesetRuleActionParametersURIPath{
-					Expression: "normalize_url_path(raw.http.request.uri.path)",
-				},
-				Origin: BoolPtr(false),
-			},
-		},
-		Description: "Normalization on the URL path, without propagating it to the origin",
-		LastUpdated: &lastUpdated,
-		Ref:         "272936dc447b41fe976255ff6b768ec0",
-		Enabled:     BoolPtr(true),
-	}}
-
-	want := Ruleset{
-		ID:          "70339d97bdb34195bbf054b1ebe81f76",
-		Name:        "Cloudflare Normalization Ruleset",
-		Description: "Created by the Cloudflare security team, this ruleset provides normalization on the URL path",
-		Kind:        string(RulesetKindManaged),
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseHTTPRequestSanitize),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_SetCacheSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "70339d97bdb34195bbf054b1ebe81f76",
-        "name": "Cloudflare Cache Rules Ruleset",
-        "description": "This ruleset provides cache settings modifications",
-        "kind": "zone",
-        "version": "1",
-        "rules": [
-          {
-            "id": "78723a9e0c7c4c6dbec5684cb766231d",
-            "version": "1",
-            "action": "set_cache_settings",
-            "action_parameters": {
-				"cache": true,
-				"edge_ttl":{"mode":"respect_origin","default":60,"status_code_ttl":[{"status_code":200,"value":30},{"status_code_range":{"from":201,"to":300},"value":20}]},
-				"browser_ttl":{"mode":"override_origin","default":10},
-				"serve_stale":{"disable_stale_while_updating":true},
-				"respect_strong_etags":true,
-				"cache_key":{
-					"cache_deception_armor":true,
-					"ignore_query_strings_order":true,
-					"custom_key": {
-						"query_string":{"include":"*"},
-						"header":{"include":["habc","hdef"],"check_presence":["hfizz","hbuzz"],"exclude_origin":true},
-						"cookie":{"include":["cabc","cdef"],"check_presence":["cfizz","cbuzz"]},
-						"user":{
-							"device_type":true,
-							"geo":true,
-							"lang":true
-						},
-						"host":{
-							"resolved":true
-						}
-					}
-				},
-				"additional_cacheable_ports": [1,2,3,4],
-				"origin_cache_control": true,
-				"read_timeout": 1000,
-				"origin_error_page_passthru":true,
-				"cache_reserve": {
-					"eligible": true,
-					"minimum_file_size": 1000
-				}
-			},
-			"description": "Set all available cache settings in one rule",
-			"last_updated": "2020-12-18T09:28:09.655749Z",
-			"ref": "272936dc447b41fe976255ff6b768ec0",
-			"enabled": true
-          }
-        ],
-        "last_updated": "2020-12-18T09:28:09.655749Z",
-        "phase": "http_request_cache_settings"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
-
-	rules := []RulesetRule{{
-		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionSetCacheSettings),
-		ActionParameters: &RulesetRuleActionParameters{
-			Cache: BoolPtr(true),
-			EdgeTTL: &RulesetRuleActionParametersEdgeTTL{
-				Mode:    "respect_origin",
-				Default: UintPtr(60),
-				StatusCodeTTL: []RulesetRuleActionParametersStatusCodeTTL{
-					{
-						StatusCodeValue: UintPtr(200),
-						Value:           IntPtr(30),
-					},
-					{
-						StatusCodeRange: &RulesetRuleActionParametersStatusCodeRange{
-							From: UintPtr(201),
-							To:   UintPtr(300),
-						},
-						Value: IntPtr(20),
-					},
-				},
-			},
-			BrowserTTL: &RulesetRuleActionParametersBrowserTTL{
-				Mode:    "override_origin",
-				Default: UintPtr(10),
-			},
-			ServeStale: &RulesetRuleActionParametersServeStale{
-				DisableStaleWhileUpdating: BoolPtr(true),
-			},
-			RespectStrongETags: BoolPtr(true),
-			CacheKey: &RulesetRuleActionParametersCacheKey{
-				IgnoreQueryStringsOrder: BoolPtr(true),
-				CacheDeceptionArmor:     BoolPtr(true),
-				CustomKey: &RulesetRuleActionParametersCustomKey{
-					Query: &RulesetRuleActionParametersCustomKeyQuery{
-						Include: &RulesetRuleActionParametersCustomKeyList{
-							All: true,
-						},
-					},
-					Header: &RulesetRuleActionParametersCustomKeyHeader{
-						RulesetRuleActionParametersCustomKeyFields: RulesetRuleActionParametersCustomKeyFields{
-							Include:       []string{"habc", "hdef"},
-							CheckPresence: []string{"hfizz", "hbuzz"},
-						},
-						ExcludeOrigin: BoolPtr(true),
-					},
-					Cookie: &RulesetRuleActionParametersCustomKeyCookie{
-						Include:       []string{"cabc", "cdef"},
-						CheckPresence: []string{"cfizz", "cbuzz"},
-					},
-					User: &RulesetRuleActionParametersCustomKeyUser{
-						DeviceType: BoolPtr(true),
-						Geo:        BoolPtr(true),
-						Lang:       BoolPtr(true),
-					},
-					Host: &RulesetRuleActionParametersCustomKeyHost{
-						Resolved: BoolPtr(true),
-					},
-				},
-			},
-			AdditionalCacheablePorts: []int{1, 2, 3, 4},
-			OriginCacheControl:       BoolPtr(true),
-			ReadTimeout:              UintPtr(1000),
-			OriginErrorPagePassthru:  BoolPtr(true),
-			CacheReserve: &RulesetRuleActionParametersCacheReserve{
-				Eligible:        BoolPtr(true),
-				MinimumFileSize: UintPtr(1000),
-			},
-		},
-		Description: "Set all available cache settings in one rule",
-		LastUpdated: &lastUpdated,
-		Ref:         "272936dc447b41fe976255ff6b768ec0",
-		Enabled:     BoolPtr(true),
-	}}
-
-	want := Ruleset{
-		ID:          "70339d97bdb34195bbf054b1ebe81f76",
-		Name:        "Cloudflare Cache Rules Ruleset",
-		Description: "This ruleset provides cache settings modifications",
-		Kind:        string(RulesetKindZone),
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseHTTPRequestCacheSettings),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_SetConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "70339d97bdb34195bbf054b1ebe81f76",
-        "name": "Cloudflare Config Rules Ruleset",
-        "description": "This ruleset provides config rules modifications",
-        "kind": "zone",
-        "version": "1",
-        "rules": [
-          {
-            "id": "78723a9e0c7c4c6dbec5684cb766231d",
-            "version": "1",
-            "action": "set_config",
-            "action_parameters": {
-				"automatic_https_rewrites":true,
-				"autominify":{"html":true, "css":true, "js":true},
-				"bic":true,
-				"disable_apps":true,
-				"polish":"off",
-				"disable_zaraz":true,
-				"disable_railgun":true,
-				"email_obfuscation":true,
-				"mirage":true,
-				"opportunistic_encryption":true,
-				"rocket_loader":true,
-				"security_level":"off",
-				"server_side_excludes":true,
-				"ssl":"off",
-				"sxg":true,
-				"hotlink_protection":true,
-				"fonts":true,
-				"disable_rum":true
-            },
-			"description": "Set all available config rules in one rule",
-			"last_updated": "2020-12-18T09:28:09.655749Z",
-			"ref": "272936dc447b41fe976255ff6b768ec0",
-			"enabled": true
-          }
-        ],
-        "last_updated": "2020-12-18T09:28:09.655749Z",
-        "phase": "http_config_settings"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
-
-	rules := []RulesetRule{{
-		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionSetConfig),
-		ActionParameters: &RulesetRuleActionParameters{
-			AutomaticHTTPSRewrites: BoolPtr(true),
-			AutoMinify: &RulesetRuleActionParametersAutoMinify{
-				HTML: true,
-				CSS:  true,
-				JS:   true,
-			},
-			BrowserIntegrityCheck:   BoolPtr(true),
-			DisableApps:             BoolPtr(true),
-			DisableZaraz:            BoolPtr(true),
-			DisableRailgun:          BoolPtr(true),
-			DisableRUM:              BoolPtr(true),
-			EmailObfuscation:        BoolPtr(true),
-			Fonts:                   BoolPtr(true),
-			Mirage:                  BoolPtr(true),
-			OpportunisticEncryption: BoolPtr(true),
-			Polish:                  PolishOff.IntoRef(),
-			RocketLoader:            BoolPtr(true),
-			SecurityLevel:           SecurityLevelOff.IntoRef(),
-			ServerSideExcludes:      BoolPtr(true),
-			SSL:                     SSLOff.IntoRef(),
-			SXG:                     BoolPtr(true),
-			HotLinkProtection:       BoolPtr(true),
-		},
-		Description: "Set all available config rules in one rule",
-		LastUpdated: &lastUpdated,
-		Ref:         "272936dc447b41fe976255ff6b768ec0",
-		Enabled:     BoolPtr(true),
-	}}
-
-	want := Ruleset{
-		ID:          "70339d97bdb34195bbf054b1ebe81f76",
-		Name:        "Cloudflare Config Rules Ruleset",
-		Description: "This ruleset provides config rules modifications",
-		Kind:        string(RulesetKindZone),
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseHTTPConfigSettings),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_RedirectFromValue(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "70339d97bdb34195bbf054b1ebe81f76",
-        "name": "Cloudflare Redirect Rules Ruleset",
-        "description": "This ruleset provides redirect from value",
-        "kind": "zone",
-        "version": "1",
-        "rules": [
-          {
-            "id": "78723a9e0c7c4c6dbec5684cb766231d",
-            "version": "1",
-            "action": "redirect",
-            "action_parameters": {
-				"from_value": {
-					"status_code": 301,
-					"target_url": {
-						"value": "some_host.com"
-					},
-					"preserve_query_string": true
-				}
-			},
-			"description": "Set dynamic redirect from value",
-			"last_updated": "2020-12-18T09:28:09.655749Z",
-			"ref": "272936dc447b41fe976255ff6b768ec0",
-			"enabled": true
-          }
-        ],
-        "last_updated": "2020-12-18T09:28:09.655749Z",
-        "phase": "http_request_dynamic_redirect"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
-
-	rules := []RulesetRule{{
-		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionRedirect),
-		ActionParameters: &RulesetRuleActionParameters{
-			FromValue: &RulesetRuleActionParametersFromValue{
-				StatusCode: 301,
-				TargetURL: RulesetRuleActionParametersTargetURL{
-					Value: "some_host.com",
-				},
-				PreserveQueryString: BoolPtr(true),
-			},
-		},
-		Description: "Set dynamic redirect from value",
-		LastUpdated: &lastUpdated,
-		Ref:         "272936dc447b41fe976255ff6b768ec0",
-		Enabled:     BoolPtr(true),
-	}}
-
-	want := Ruleset{
-		ID:          "70339d97bdb34195bbf054b1ebe81f76",
-		Name:        "Cloudflare Redirect Rules Ruleset",
-		Description: "This ruleset provides redirect from value",
-		Kind:        string(RulesetKindZone),
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseHTTPRequestDynamicRedirect),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestGetRuleset_CompressResponse(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "70339d97bdb34195bbf054b1ebe81f76",
-        "name": "Cloudflare compress response ruleset",
-        "description": "This ruleset provides response compression rules",
-        "kind": "zone",
-        "version": "1",
-        "rules": [
-          {
-            "id": "78723a9e0c7c4c6dbec5684cb766231d",
-            "version": "1",
-            "action": "compress_response",
-            "action_parameters": {
-				"algorithms": [ { "name": "brotli" }, { "name": "default" } ]
-            },
-			"description": "Compress response rule",
-			"last_updated": "2020-12-18T09:28:09.655749Z",
-			"ref": "272936dc447b41fe976255ff6b768ec0",
-			"enabled": true
-          }
-        ],
-        "last_updated": "2020-12-18T09:28:09.655749Z",
-        "phase": "http_response_compression"
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/b232b534beea4e00a21dcbb7a8a545e9", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-18T09:28:09.655749Z")
-
-	rules := []RulesetRule{{
-		ID:      "78723a9e0c7c4c6dbec5684cb766231d",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionCompressResponse),
-		ActionParameters: &RulesetRuleActionParameters{
-			Algorithms: []RulesetRuleActionParametersCompressionAlgorithm{
-				{Name: "brotli"},
-				{Name: "default"},
-			},
-		},
-		Description: "Compress response rule",
-		LastUpdated: &lastUpdated,
-		Ref:         "272936dc447b41fe976255ff6b768ec0",
-		Enabled:     BoolPtr(true),
-	}}
-
-	want := Ruleset{
-		ID:          "70339d97bdb34195bbf054b1ebe81f76",
-		Name:        "Cloudflare compress response ruleset",
-		Description: "This ruleset provides response compression rules",
-		Kind:        string(RulesetKindZone),
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseHTTPResponseCompression),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.GetRuleset(context.Background(), ZoneIdentifier(testZoneID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.GetRuleset(context.Background(), AccountIdentifier(testAccountID), "b232b534beea4e00a21dcbb7a8a545e9")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestCreateRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-        "name": "my example ruleset",
-        "description": "Test magic transit ruleset",
-        "kind": "root",
-        "version": "1",
-        "last_updated": "2020-12-02T20:24:07.776073Z",
-        "phase": "magic_transit",
-        "rules": [
-          {
-            "id": "62449e2e0de149619edb35e59c10d801",
-            "version": "1",
-            "action": "skip",
-            "action_parameters":{
-              "ruleset":"current"
-            },
-            "expression": "tcp.dstport in { 32768..65535 }",
-            "description": "Allow TCP Ephemeral Ports",
-            "last_updated": "2020-12-02T20:24:07.776073Z",
-            "ref": "72449e2e0de149619edb35e59c10d801",
-            "enabled": true
-          }
-        ]
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-
-	rules := []RulesetRule{{
-		ID:      "62449e2e0de149619edb35e59c10d801",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionSkip),
-		ActionParameters: &RulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "tcp.dstport in { 32768..65535 }",
-		Description: "Allow TCP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     BoolPtr(true),
-	}}
-
-	newRuleset := CreateRulesetParams{
-		Name:        "my example ruleset",
-		Description: "Test magic transit ruleset",
-		Kind:        "root",
-		Phase:       string(RulesetPhaseMagicTransit),
-		Rules:       rules,
-	}
-
-	want := Ruleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "my example ruleset",
-		Description: "Test magic transit ruleset",
-		Kind:        "root",
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseMagicTransit),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.CreateRuleset(context.Background(), ZoneIdentifier(testZoneID), newRuleset)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.CreateRuleset(context.Background(), AccountIdentifier(testAccountID), newRuleset)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
-
-func TestDeleteRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, ``)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	zErr := client.DeleteRuleset(context.Background(), ZoneIdentifier(testZoneID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	assert.NoError(t, zErr)
-
-	aErr := client.DeleteRuleset(context.Background(), AccountIdentifier(testAccountID), "2c0fc9fa937b11eaa1b71c4d701ab86e")
-	assert.NoError(t, aErr)
-}
-
-func TestUpdateRuleset(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-      "result": {
-        "id": "2c0fc9fa937b11eaa1b71c4d701ab86e",
-        "name": "ruleset1",
-        "description": "Test Firewall Ruleset Update",
-        "kind": "root",
-        "version": "1",
-        "last_updated": "2020-12-02T20:24:07.776073Z",
-        "phase": "magic_transit",
-        "rules": [
-          {
-            "id": "62449e2e0de149619edb35e59c10d801",
-            "version": "1",
-            "action": "skip",
-            "action_parameters":{
-              "ruleset":"current"
-            },
-            "expression": "tcp.dstport in { 32768..65535 }",
-            "description": "Allow TCP Ephemeral Ports",
-            "last_updated": "2020-12-02T20:24:07.776073Z",
-            "ref": "72449e2e0de149619edb35e59c10d801",
-            "enabled": true
-          },
-          {
-            "id": "62449e2e0de149619edb35e59c10d802",
-            "version": "1",
-            "action": "skip",
-            "action_parameters":{
-              "ruleset":"current"
-            },
-            "expression": "udp.dstport in { 32768..65535 }",
-            "description": "Allow UDP Ephemeral Ports",
-            "last_updated": "2020-12-02T20:24:07.776073Z",
-            "ref": "72449e2e0de149619edb35e59c10d801",
-            "enabled": true
-          }
-        ]
-      },
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-	mux.HandleFunc("/zones/"+testZoneID+"/rulesets/2c0fc9fa937b11eaa1b71c4d701ab86e", handler)
-
-	lastUpdated, _ := time.Parse(time.RFC3339, "2020-12-02T20:24:07.776073Z")
-
-	rules := []RulesetRule{{
-		ID:      "62449e2e0de149619edb35e59c10d801",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionSkip),
-		ActionParameters: &RulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "tcp.dstport in { 32768..65535 }",
-		Description: "Allow TCP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     BoolPtr(true),
-	}, {
-		ID:      "62449e2e0de149619edb35e59c10d802",
-		Version: StringPtr("1"),
-		Action:  string(RulesetRuleActionSkip),
-		ActionParameters: &RulesetRuleActionParameters{
-			Ruleset: "current",
-		},
-		Expression:  "udp.dstport in { 32768..65535 }",
-		Description: "Allow UDP Ephemeral Ports",
-		LastUpdated: &lastUpdated,
-		Ref:         "72449e2e0de149619edb35e59c10d801",
-		Enabled:     BoolPtr(true),
-	}}
-
-	updated := UpdateRulesetParams{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Description: "Test Firewall Ruleset Update",
-		Rules:       rules,
-	}
-
-	want := Ruleset{
-		ID:          "2c0fc9fa937b11eaa1b71c4d701ab86e",
-		Name:        "ruleset1",
-		Description: "Test Firewall Ruleset Update",
-		Kind:        "root",
-		Version:     StringPtr("1"),
-		LastUpdated: &lastUpdated,
-		Phase:       string(RulesetPhaseMagicTransit),
-		Rules:       rules,
-	}
-
-	zoneActual, err := client.UpdateRuleset(context.Background(), ZoneIdentifier(testZoneID), updated)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, zoneActual)
-	}
-
-	accountActual, err := client.UpdateRuleset(context.Background(), AccountIdentifier(testAccountID), updated)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, accountActual)
-	}
-}
diff --git a/pkg/cloudflare-go/scripts/changelog.tmpl b/pkg/cloudflare-go/scripts/changelog.tmpl
deleted file mode 100644
index e5b8afa8b2..0000000000
--- a/pkg/cloudflare-go/scripts/changelog.tmpl
+++ /dev/null
@@ -1,39 +0,0 @@
-{{- if index .NotesByType "breaking-change" }}
-BREAKING CHANGES:
-
-{{range index .NotesByType "breaking-change" -}}
-{{ template "note" .}}
-{{ end -}}
-{{- end -}}
-
-{{- if .NotesByType.note }}
-NOTES:
-
-{{range .NotesByType.note -}}
-{{ template "note" .}}
-{{ end -}}
-{{- end -}}
-
-{{- if .NotesByType.enhancement }}
-ENHANCEMENTS:
-
-{{range .NotesByType.enhancement | sort -}}
-{{ template "note" .}}
-{{ end -}}
-{{- end -}}
-
-{{- if .NotesByType.bug }}
-BUG FIXES:
-
-{{range .NotesByType.bug | sort -}}
-{{ template "note" . }}
-{{ end -}}
-{{- end -}}
-
-{{- if .NotesByType.dependency }}
-DEPENDENCIES:
-
-{{range .NotesByType.dependency | sort -}}
-{{ template "note" . }}
-{{ end -}}
-{{- end -}}
diff --git a/pkg/cloudflare-go/scripts/generate-changelog-entry.sh b/pkg/cloudflare-go/scripts/generate-changelog-entry.sh
deleted file mode 100755
index cfe9583a3f..0000000000
--- a/pkg/cloudflare-go/scripts/generate-changelog-entry.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-#
-# Generate a changelog entry for a proposed PR by grabbing the next available
-# auto incrementing ID in GitHub.
-
-if ! command -v curl &> /dev/null
-then
-  echo "jq not be found"
-  exit 1
-fi
-
-if ! command -v jq &> /dev/null
-then
-  echo "jq not be found"
-  exit 1
-fi
-
-current_pr=$(curl -s "https://api.github.com/repos/cloudflare/cloudflare-go/issues?state=all&per_page=1" | jq -r ".[].number")
-next_pr=$(($current_pr + 1))
-changelog_path=".changelog/$next_pr.txt"
-
-echo "==> What type of change is this? (enhancement, bug, breaking-change)"
-read entry_type
-
-echo "==> What is the summary of this change? Example: dns: updated X to do Y"
-read entry_summary
-
-touch $(pwd)/$changelog_path
-cat > $(pwd)/$changelog_path <<EOF
-\`\`\`release-note:$entry_type
-$entry_summary
-\`\`\`
-EOF
-
-echo
-echo "Successfully created $changelog_path. Don't forget to commit it and open the PR!"
diff --git a/pkg/cloudflare-go/scripts/generate-changelog.sh b/pkg/cloudflare-go/scripts/generate-changelog.sh
deleted file mode 100755
index dbd0c3775f..0000000000
--- a/pkg/cloudflare-go/scripts/generate-changelog.sh
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/bash
-
-set -o errexit
-set -o nounset
-
-__dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-__parent="$(dirname "$__dir")"
-
-CHANGELOG_FILE_NAME="CHANGELOG.md"
-CHANGELOG_TMP_FILE_NAME="CHANGELOG.tmp"
-TARGET_SHA=$(git rev-parse HEAD)
-PREVIOUS_RELEASE_SHA=$(git rev-list -n 1 $(git describe --abbrev=0 --match='v*.*.*' --tags))
-
-if [ $TARGET_SHA == $PREVIOUS_RELEASE_SHA ]; then
-  echo "Nothing to do"
-  exit 0
-fi
-
-PREVIOUS_CHANGELOG=$(sed -n -e "/## $(git describe --abbrev=0 --match='v*.*.*' --tags | tr -d v)/,\$p" $__parent/$CHANGELOG_FILE_NAME)
-
-if [ -z "$PREVIOUS_CHANGELOG" ]
-then
-    echo "Unable to locate previous changelog contents."
-    exit 1
-fi
-
-CHANGELOG=$($(go env GOPATH)/bin/changelog-build -this-release $TARGET_SHA \
-                      -last-release $PREVIOUS_RELEASE_SHA \
-                      -git-dir $__parent \
-                      -entries-dir .changelog \
-                      -changelog-template $__dir/changelog.tmpl \
-                      -note-template $__dir/release-note.tmpl)
-
-if [ -z "$CHANGELOG" ]
-then
-    echo "No changelog generated."
-    exit 0
-fi
-
-rm -f $CHANGELOG_TMP_FILE_NAME
-
-sed -n -e "1{/## /p;}" $__parent/$CHANGELOG_FILE_NAME > $CHANGELOG_TMP_FILE_NAME
-echo "$CHANGELOG" >> $CHANGELOG_TMP_FILE_NAME
-echo >> $CHANGELOG_TMP_FILE_NAME
-echo "$PREVIOUS_CHANGELOG" >> $CHANGELOG_TMP_FILE_NAME
-
-cp $CHANGELOG_TMP_FILE_NAME $CHANGELOG_FILE_NAME
-
-rm $CHANGELOG_TMP_FILE_NAME
-
-echo "Successfully generated changelog."
-
-exit 0
diff --git a/pkg/cloudflare-go/scripts/release-note.tmpl b/pkg/cloudflare-go/scripts/release-note.tmpl
deleted file mode 100644
index de55697a25..0000000000
--- a/pkg/cloudflare-go/scripts/release-note.tmpl
+++ /dev/null
@@ -1,3 +0,0 @@
-{{- define "note" -}}
-* {{.Body}} ([#{{- .Issue -}}](https://github.com/cloudflare/cloudflare-go/issues/{{- .Issue -}}))
-{{- end -}}
diff --git a/pkg/cloudflare-go/secondary_dns_primaries.go b/pkg/cloudflare-go/secondary_dns_primaries.go
deleted file mode 100644
index 427a41aca9..0000000000
--- a/pkg/cloudflare-go/secondary_dns_primaries.go
+++ /dev/null
@@ -1,165 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-const (
-	errSecondaryDNSInvalidPrimaryID   = "secondary DNS primary ID is required"
-	errSecondaryDNSInvalidPrimaryIP   = "secondary DNS primary IP invalid"
-	errSecondaryDNSInvalidPrimaryPort = "secondary DNS primary port invalid"
-)
-
-// SecondaryDNSPrimary is the representation of the DNS Primary.
-type SecondaryDNSPrimary struct {
-	ID         string `json:"id,omitempty"`
-	IP         string `json:"ip"`
-	Port       int    `json:"port"`
-	IxfrEnable bool   `json:"ixfr_enable"`
-	TsigID     string `json:"tsig_id"`
-	Name       string `json:"name"`
-}
-
-// SecondaryDNSPrimaryDetailResponse is the API representation of a single
-// secondary DNS primary response.
-type SecondaryDNSPrimaryDetailResponse struct {
-	Response
-	Result SecondaryDNSPrimary `json:"result"`
-}
-
-// SecondaryDNSPrimaryListResponse is the API representation of all secondary DNS
-// primaries.
-type SecondaryDNSPrimaryListResponse struct {
-	Response
-	Result []SecondaryDNSPrimary `json:"result"`
-}
-
-// GetSecondaryDNSPrimary returns a single secondary DNS primary.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-primary--primary-details
-func (api *API) GetSecondaryDNSPrimary(ctx context.Context, accountID, primaryID string) (SecondaryDNSPrimary, error) {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries/%s", accountID, primaryID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return SecondaryDNSPrimary{}, err
-	}
-
-	var r SecondaryDNSPrimaryDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListSecondaryDNSPrimaries returns all secondary DNS primaries for an account.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-primary--list-primaries
-func (api *API) ListSecondaryDNSPrimaries(ctx context.Context, accountID string) ([]SecondaryDNSPrimary, error) {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []SecondaryDNSPrimary{}, err
-	}
-
-	var r SecondaryDNSPrimaryListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateSecondaryDNSPrimary creates a secondary DNS primary.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-primary--create-primary
-func (api *API) CreateSecondaryDNSPrimary(ctx context.Context, accountID string, primary SecondaryDNSPrimary) (SecondaryDNSPrimary, error) {
-	if err := validateRequiredSecondaryDNSPrimaries(primary); err != nil {
-		return SecondaryDNSPrimary{}, err
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, SecondaryDNSPrimary{
-		IP:         primary.IP,
-		Port:       primary.Port,
-		IxfrEnable: primary.IxfrEnable,
-		TsigID:     primary.TsigID,
-		Name:       primary.Name,
-	})
-	if err != nil {
-		return SecondaryDNSPrimary{}, err
-	}
-
-	var r SecondaryDNSPrimaryDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateSecondaryDNSPrimary creates a secondary DNS primary.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-primary--update-primary
-func (api *API) UpdateSecondaryDNSPrimary(ctx context.Context, accountID string, primary SecondaryDNSPrimary) (SecondaryDNSPrimary, error) {
-	if primary.ID == "" {
-		return SecondaryDNSPrimary{}, errors.New(errSecondaryDNSInvalidPrimaryID)
-	}
-
-	if err := validateRequiredSecondaryDNSPrimaries(primary); err != nil {
-		return SecondaryDNSPrimary{}, err
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/primaries/%s", accountID, primary.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, SecondaryDNSPrimary{
-		IP:         primary.IP,
-		Port:       primary.Port,
-		IxfrEnable: primary.IxfrEnable,
-		TsigID:     primary.TsigID,
-		Name:       primary.Name,
-	})
-	if err != nil {
-		return SecondaryDNSPrimary{}, err
-	}
-
-	var r SecondaryDNSPrimaryDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return SecondaryDNSPrimary{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteSecondaryDNSPrimary deletes a secondary DNS primary.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-primary--delete-primary
-func (api *API) DeleteSecondaryDNSPrimary(ctx context.Context, accountID, primaryID string) error {
-	uri := fmt.Sprintf("/zones/%s/secondary_dns/primaries/%s", accountID, primaryID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func validateRequiredSecondaryDNSPrimaries(p SecondaryDNSPrimary) error {
-	if p.IP == "" {
-		return errors.New(errSecondaryDNSInvalidPrimaryIP)
-	}
-
-	if p.Port == 0 {
-		return errors.New(errSecondaryDNSInvalidPrimaryPort)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/secondary_dns_primaries_test.go b/pkg/cloudflare-go/secondary_dns_primaries_test.go
deleted file mode 100644
index 594d4a28f3..0000000000
--- a/pkg/cloudflare-go/secondary_dns_primaries_test.go
+++ /dev/null
@@ -1,204 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetSecondaryDNSPrimary(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "23ff594956f20c2a721606e94745a8aa",
-				"ip": "192.0.2.53",
-				"port": 53,
-				"ixfr_enable": false,
-				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "my-primary-1"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
-	want := SecondaryDNSPrimary{
-		ID:         "23ff594956f20c2a721606e94745a8aa",
-		IP:         "192.0.2.53",
-		Port:       53,
-		IxfrEnable: false,
-		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:       "my-primary-1",
-	}
-
-	actual, err := client.GetSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", "23ff594956f20c2a721606e94745a8aa")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListSecondaryDNSPrimaries(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [{
-				"id": "23ff594956f20c2a721606e94745a8aa",
-				"ip": "192.0.2.53",
-				"port": 53,
-				"ixfr_enable": false,
-				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "my-primary-1"
-			}]
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries", handler)
-	want := []SecondaryDNSPrimary{{
-		ID:         "23ff594956f20c2a721606e94745a8aa",
-		IP:         "192.0.2.53",
-		Port:       53,
-		IxfrEnable: false,
-		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:       "my-primary-1",
-	}}
-
-	actual, err := client.ListSecondaryDNSPrimaries(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSecondaryDNSPrimary(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "23ff594956f20c2a721606e94745a8aa",
-				"ip": "192.0.2.53",
-				"port": 53,
-				"ixfr_enable": false,
-				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "my-primary-1"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries", handler)
-	want := SecondaryDNSPrimary{
-		ID:         "23ff594956f20c2a721606e94745a8aa",
-		IP:         "192.0.2.53",
-		Port:       53,
-		IxfrEnable: false,
-		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:       "my-primary-1",
-	}
-
-	actual, err := client.CreateSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSecondaryDNSPrimary(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "23ff594956f20c2a721606e94745a8aa",
-				"ip": "192.0.2.53",
-				"port": 53,
-				"ixfr_enable": false,
-				"tsig_id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "my-primary-1"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
-	want := SecondaryDNSPrimary{
-		ID:         "23ff594956f20c2a721606e94745a8aa",
-		IP:         "192.0.2.53",
-		Port:       53,
-		IxfrEnable: false,
-		TsigID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:       "my-primary-1",
-	}
-
-	actual, err := client.UpdateSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSecondaryDNSPrimary(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "23ff594956f20c2a721606e94745a8aa"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns/primaries/23ff594956f20c2a721606e94745a8aa", handler)
-
-	err := client.DeleteSecondaryDNSPrimary(context.Background(), "01a7362d577a6c3019a474fd6f485823", "23ff594956f20c2a721606e94745a8aa")
-	assert.NoError(t, err)
-}
-
-func TestValidateRequiredSecondaryDNSPrimaries(t *testing.T) {
-	p1 := SecondaryDNSPrimary{}
-	err1 := validateRequiredSecondaryDNSPrimaries(p1)
-	assert.EqualError(t, err1, errSecondaryDNSInvalidPrimaryIP)
-
-	p2 := SecondaryDNSPrimary{IP: "192.0.2.53"}
-	err2 := validateRequiredSecondaryDNSPrimaries(p2)
-	assert.EqualError(t, err2, errSecondaryDNSInvalidPrimaryPort)
-
-	p3 := SecondaryDNSPrimary{IP: "192.0.2.53", Port: 53}
-	err3 := validateRequiredSecondaryDNSPrimaries(p3)
-	assert.NoError(t, err3)
-}
diff --git a/pkg/cloudflare-go/secondary_dns_tsig.go b/pkg/cloudflare-go/secondary_dns_tsig.go
deleted file mode 100644
index 07b76bc096..0000000000
--- a/pkg/cloudflare-go/secondary_dns_tsig.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-const (
-	errSecondaryDNSTSIGMissingID = "secondary DNS TSIG ID is required"
-)
-
-// SecondaryDNSTSIG contains the structure for a secondary DNS TSIG.
-type SecondaryDNSTSIG struct {
-	ID     string `json:"id,omitempty"`
-	Name   string `json:"name"`
-	Secret string `json:"secret"`
-	Algo   string `json:"algo"`
-}
-
-// SecondaryDNSTSIGDetailResponse is the API response for a single secondary
-// DNS TSIG.
-type SecondaryDNSTSIGDetailResponse struct {
-	Response
-	Result SecondaryDNSTSIG `json:"result"`
-}
-
-// SecondaryDNSTSIGListResponse is the API response for all secondary DNS TSIGs.
-type SecondaryDNSTSIGListResponse struct {
-	Response
-	Result []SecondaryDNSTSIG `json:"result"`
-}
-
-// GetSecondaryDNSTSIG gets a single account level TSIG for a secondary DNS
-// configuration.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-tsig--tsig-details
-func (api *API) GetSecondaryDNSTSIG(ctx context.Context, accountID, tsigID string) (SecondaryDNSTSIG, error) {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsigID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return SecondaryDNSTSIG{}, err
-	}
-
-	var r SecondaryDNSTSIGDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListSecondaryDNSTSIGs gets all account level TSIG for a secondary DNS
-// configuration.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-tsig--list-tsigs
-func (api *API) ListSecondaryDNSTSIGs(ctx context.Context, accountID string) ([]SecondaryDNSTSIG, error) {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []SecondaryDNSTSIG{}, err
-	}
-
-	var r SecondaryDNSTSIGListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateSecondaryDNSTSIG creates a secondary DNS TSIG at the account level.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-tsig--create-tsig
-func (api *API) CreateSecondaryDNSTSIG(ctx context.Context, accountID string, tsig SecondaryDNSTSIG) (SecondaryDNSTSIG, error) {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs", accountID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, tsig)
-
-	if err != nil {
-		return SecondaryDNSTSIG{}, err
-	}
-
-	result := SecondaryDNSTSIGDetailResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateSecondaryDNSTSIG updates an existing secondary DNS TSIG at
-// the account level.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-tsig--update-tsig
-func (api *API) UpdateSecondaryDNSTSIG(ctx context.Context, accountID string, tsig SecondaryDNSTSIG) (SecondaryDNSTSIG, error) {
-	if tsig.ID == "" {
-		return SecondaryDNSTSIG{}, errors.New(errSecondaryDNSTSIGMissingID)
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsig.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tsig)
-
-	if err != nil {
-		return SecondaryDNSTSIG{}, err
-	}
-
-	result := SecondaryDNSTSIGDetailResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return SecondaryDNSTSIG{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteSecondaryDNSTSIG deletes a secondary DNS TSIG.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-tsig--delete-tsig
-func (api *API) DeleteSecondaryDNSTSIG(ctx context.Context, accountID, tsigID string) error {
-	uri := fmt.Sprintf("/accounts/%s/secondary_dns/tsigs/%s", accountID, tsigID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/secondary_dns_tsig_test.go b/pkg/cloudflare-go/secondary_dns_tsig_test.go
deleted file mode 100644
index 3f135e0468..0000000000
--- a/pkg/cloudflare-go/secondary_dns_tsig_test.go
+++ /dev/null
@@ -1,186 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetSecondaryDNSTSIG(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "tsig.customer.cf.",
-				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-				"algo": "hmac-sha512."
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
-
-	want := SecondaryDNSTSIG{
-		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:   "tsig.customer.cf.",
-		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-		Algo:   "hmac-sha512.",
-	}
-
-	actual, err := client.GetSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", "69cd1e104af3e6ed3cb344f263fd0d5a")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListSecondaryDNSTSIGs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-					"name": "tsig.customer.cf.",
-					"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-					"algo": "hmac-sha512."
-				}
-			]
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs", handler)
-
-	want := []SecondaryDNSTSIG{{
-		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:   "tsig.customer.cf.",
-		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-		Algo:   "hmac-sha512.",
-	}}
-
-	actual, err := client.ListSecondaryDNSTSIGs(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSecondaryDNSTSIG(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "tsig.customer.cf.",
-				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-				"algo": "hmac-sha512."
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs", handler)
-
-	want := SecondaryDNSTSIG{
-		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:   "tsig.customer.cf.",
-		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-		Algo:   "hmac-sha512.",
-	}
-
-	actual, err := client.CreateSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", SecondaryDNSTSIG{
-		Name:   "tsig.customer.cf.",
-		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-		Algo:   "hmac-sha512.",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSecondaryDNSTSIG(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "69cd1e104af3e6ed3cb344f263fd0d5a",
-				"name": "tsig.customer.cf.",
-				"secret": "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-				"algo": "hmac-sha512."
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
-
-	want := SecondaryDNSTSIG{
-		ID:     "69cd1e104af3e6ed3cb344f263fd0d5a",
-		Name:   "tsig.customer.cf.",
-		Secret: "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c",
-		Algo:   "hmac-sha512.",
-	}
-
-	actual, err := client.UpdateSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSecondaryDNSTSIG(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "269d8f4853475ca241c4e730be286b20"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/secondary_dns/tsigs/69cd1e104af3e6ed3cb344f263fd0d5a", handler)
-
-	err := client.DeleteSecondaryDNSTSIG(context.Background(), "01a7362d577a6c3019a474fd6f485823", "69cd1e104af3e6ed3cb344f263fd0d5a")
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/secondary_dns_zone.go b/pkg/cloudflare-go/secondary_dns_zone.go
deleted file mode 100644
index 2371366c4f..0000000000
--- a/pkg/cloudflare-go/secondary_dns_zone.go
+++ /dev/null
@@ -1,172 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-const (
-	errSecondaryDNSInvalidAutoRefreshValue = "secondary DNS auto refresh value is invalid"
-	errSecondaryDNSInvalidZoneName         = "secondary DNS zone name is invalid"
-	errSecondaryDNSInvalidPrimaries        = "secondary DNS primaries value is invalid"
-)
-
-// SecondaryDNSZone contains the high level structure of a secondary DNS zone.
-type SecondaryDNSZone struct {
-	ID                 string    `json:"id,omitempty"`
-	Name               string    `json:"name,omitempty"`
-	Primaries          []string  `json:"primaries,omitempty"`
-	AutoRefreshSeconds int       `json:"auto_refresh_seconds,omitempty"`
-	SoaSerial          int       `json:"soa_serial,omitempty"`
-	CreatedTime        time.Time `json:"created_time,omitempty"`
-	CheckedTime        time.Time `json:"checked_time,omitempty"`
-	ModifiedTime       time.Time `json:"modified_time,omitempty"`
-}
-
-// SecondaryDNSZoneDetailResponse is the API response for a single secondary
-// DNS zone.
-type SecondaryDNSZoneDetailResponse struct {
-	Response
-	Result SecondaryDNSZone `json:"result"`
-}
-
-// SecondaryDNSZoneAXFRResponse is the API response for a single secondary
-// DNS AXFR response.
-type SecondaryDNSZoneAXFRResponse struct {
-	Response
-	Result string `json:"result"`
-}
-
-// GetSecondaryDNSZone returns the secondary DNS zone configuration for a
-// single zone.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-secondary-zone-configuration-details
-func (api *API) GetSecondaryDNSZone(ctx context.Context, zoneID string) (SecondaryDNSZone, error) {
-	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return SecondaryDNSZone{}, err
-	}
-
-	var r SecondaryDNSZoneDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateSecondaryDNSZone creates a secondary DNS zone.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-create-secondary-zone-configuration
-func (api *API) CreateSecondaryDNSZone(ctx context.Context, zoneID string, zone SecondaryDNSZone) (SecondaryDNSZone, error) {
-	if err := validateRequiredSecondaryDNSZoneValues(zone); err != nil {
-		return SecondaryDNSZone{}, err
-	}
-
-	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri,
-		SecondaryDNSZone{
-			Name:               zone.Name,
-			AutoRefreshSeconds: zone.AutoRefreshSeconds,
-			Primaries:          zone.Primaries,
-		},
-	)
-
-	if err != nil {
-		return SecondaryDNSZone{}, err
-	}
-
-	result := SecondaryDNSZoneDetailResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// UpdateSecondaryDNSZone updates an existing secondary DNS zone.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-update-secondary-zone-configuration
-func (api *API) UpdateSecondaryDNSZone(ctx context.Context, zoneID string, zone SecondaryDNSZone) (SecondaryDNSZone, error) {
-	if err := validateRequiredSecondaryDNSZoneValues(zone); err != nil {
-		return SecondaryDNSZone{}, err
-	}
-
-	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri,
-		SecondaryDNSZone{
-			Name:               zone.Name,
-			AutoRefreshSeconds: zone.AutoRefreshSeconds,
-			Primaries:          zone.Primaries,
-		},
-	)
-
-	if err != nil {
-		return SecondaryDNSZone{}, err
-	}
-
-	result := SecondaryDNSZoneDetailResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return SecondaryDNSZone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result, nil
-}
-
-// DeleteSecondaryDNSZone deletes a secondary DNS zone.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-delete-secondary-zone-configuration
-func (api *API) DeleteSecondaryDNSZone(ctx context.Context, zoneID string) error {
-	uri := fmt.Sprintf("/zones/%s/secondary_dns", zoneID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ForceSecondaryDNSZoneAXFR requests an immediate AXFR request.
-//
-// API reference: https://api.cloudflare.com/#secondary-dns-update-secondary-zone-configuration
-func (api *API) ForceSecondaryDNSZoneAXFR(ctx context.Context, zoneID string) error {
-	uri := fmt.Sprintf("/zones/%s/secondary_dns/force_axfr", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	result := SecondaryDNSZoneAXFRResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// validateRequiredSecondaryDNSZoneValues ensures that the payload matches the
-// API requirements for required fields.
-func validateRequiredSecondaryDNSZoneValues(zone SecondaryDNSZone) error {
-	if zone.Name == "" {
-		return errors.New(errSecondaryDNSInvalidZoneName)
-	}
-
-	if zone.AutoRefreshSeconds == 0 || zone.AutoRefreshSeconds < 0 {
-		return errors.New(errSecondaryDNSInvalidAutoRefreshValue)
-	}
-
-	if len(zone.Primaries) == 0 {
-		return errors.New(errSecondaryDNSInvalidPrimaries)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/secondary_zone_dns_test.go b/pkg/cloudflare-go/secondary_zone_dns_test.go
deleted file mode 100644
index 4a7d94144b..0000000000
--- a/pkg/cloudflare-go/secondary_zone_dns_test.go
+++ /dev/null
@@ -1,249 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetSecondaryDNSZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "269d8f4853475ca241c4e730be286b20",
-				"name": "www.example.com.",
-				"primaries": [
-					"23ff594956f20c2a721606e94745a8aa",
-					"00920f38ce07c2e2f4df50b1f61d4194"
-				],
-				"auto_refresh_seconds": 86400,
-				"soa_serial": 2019102400,
-				"created_time": "2019-10-24T17:09:42.883908+01:00",
-				"checked_time": "2019-10-24T17:09:42.883908+01:00",
-				"modified_time": "2019-10-24T17:09:42.883908+01:00"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	want := SecondaryDNSZone{
-		ID:   "269d8f4853475ca241c4e730be286b20",
-		Name: "www.example.com.",
-		Primaries: []string{
-			"23ff594956f20c2a721606e94745a8aa",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		AutoRefreshSeconds: 86400,
-		SoaSerial:          2019102400,
-		CreatedTime:        createdOn,
-		CheckedTime:        checkedOn,
-		ModifiedTime:       modifiedOn,
-	}
-
-	actual, err := client.GetSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSecondaryDNSZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "269d8f4853475ca241c4e730be286b20",
-				"name": "www.example.com.",
-				"primaries": [
-					"23ff594956f20c2a721606e94745a8aa",
-					"00920f38ce07c2e2f4df50b1f61d4194"
-				],
-				"auto_refresh_seconds": 86400,
-				"soa_serial": 2019102400,
-				"created_time": "2019-10-24T17:09:42.883908+01:00",
-				"checked_time": "2019-10-24T17:09:42.883908+01:00",
-				"modified_time": "2019-10-24T17:09:42.883908+01:00"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	want := SecondaryDNSZone{
-		ID:   "269d8f4853475ca241c4e730be286b20",
-		Name: "www.example.com.",
-		Primaries: []string{
-			"23ff594956f20c2a721606e94745a8aa",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		AutoRefreshSeconds: 86400,
-		SoaSerial:          2019102400,
-		CreatedTime:        createdOn,
-		CheckedTime:        checkedOn,
-		ModifiedTime:       modifiedOn,
-	}
-
-	newSecondaryZone := SecondaryDNSZone{
-		Name: "www.example.com.",
-		Primaries: []string{
-			"23ff594956f20c2a721606e94745a8aa",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		AutoRefreshSeconds: 86400,
-	}
-
-	actual, err := client.CreateSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823", newSecondaryZone)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSecondaryDNSZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "269d8f4853475ca241c4e730be286b20",
-				"name": "www.example.com.",
-				"primaries": [
-					"23ff594956f20c2a721606e94745a8aa",
-					"00920f38ce07c2e2f4df50b1f61d4194"
-				],
-				"auto_refresh_seconds": 86400,
-				"soa_serial": 2019102400,
-				"created_time": "2019-10-24T17:09:42.883908+01:00",
-				"checked_time": "2019-10-24T17:09:42.883908+01:00",
-				"modified_time": "2019-10-24T17:09:42.883908+01:00"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	checkedOn, _ := time.Parse(time.RFC3339, "2019-10-24T17:09:42.883908+01:00")
-	want := SecondaryDNSZone{
-		ID:   "269d8f4853475ca241c4e730be286b20",
-		Name: "www.example.com.",
-		Primaries: []string{
-			"23ff594956f20c2a721606e94745a8aa",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		AutoRefreshSeconds: 86400,
-		SoaSerial:          2019102400,
-		CreatedTime:        createdOn,
-		CheckedTime:        checkedOn,
-		ModifiedTime:       modifiedOn,
-	}
-
-	updatedZone := SecondaryDNSZone{
-		Name: "www.example.com.",
-		Primaries: []string{
-			"23ff594956f20c2a721606e94745a8aa",
-			"00920f38ce07c2e2f4df50b1f61d4194",
-		},
-		AutoRefreshSeconds: 86400,
-	}
-
-	actual, err := client.UpdateSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823", updatedZone)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSecondaryDNSZone(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "269d8f4853475ca241c4e730be286b20"
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns", handler)
-
-	err := client.DeleteSecondaryDNSZone(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	assert.NoError(t, err)
-}
-
-func TestForceSecondaryDNSZoneAXFR(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": "OK"
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/secondary_dns/force_axfr", handler)
-
-	err := client.ForceSecondaryDNSZoneAXFR(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	assert.NoError(t, err)
-}
-
-func TestValidateRequiredSecondaryDNSZoneValues(t *testing.T) {
-	z1 := SecondaryDNSZone{}
-	err1 := validateRequiredSecondaryDNSZoneValues(z1)
-	assert.EqualError(t, err1, errSecondaryDNSInvalidZoneName)
-
-	z2 := SecondaryDNSZone{Name: "example.com."}
-	err2 := validateRequiredSecondaryDNSZoneValues(z2)
-	assert.EqualError(t, err2, errSecondaryDNSInvalidAutoRefreshValue)
-
-	z3 := SecondaryDNSZone{Name: "example.com.", AutoRefreshSeconds: 1}
-	err3 := validateRequiredSecondaryDNSZoneValues(z3)
-	assert.EqualError(t, err3, errSecondaryDNSInvalidPrimaries)
-
-	z4 := SecondaryDNSZone{Name: "example.com.", AutoRefreshSeconds: 1, Primaries: []string{"a", "b"}}
-	err4 := validateRequiredSecondaryDNSZoneValues(z4)
-	assert.NoError(t, err4)
-}
diff --git a/pkg/cloudflare-go/spectrum.go b/pkg/cloudflare-go/spectrum.go
deleted file mode 100644
index 2ebfb41d5f..0000000000
--- a/pkg/cloudflare-go/spectrum.go
+++ /dev/null
@@ -1,368 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// ProxyProtocol implements json.Unmarshaler in order to support deserializing of the deprecated boolean
-// value for `proxy_protocol`.
-type ProxyProtocol string
-
-// UnmarshalJSON handles deserializing of both the deprecated boolean value and the current string value
-// for the `proxy_protocol` field.
-func (p *ProxyProtocol) UnmarshalJSON(data []byte) error {
-	var raw interface{}
-	if err := json.Unmarshal(data, &raw); err != nil {
-		return err
-	}
-
-	switch pp := raw.(type) {
-	case string:
-		*p = ProxyProtocol(pp)
-	case bool:
-		if pp {
-			*p = "v1"
-		} else {
-			*p = "off"
-		}
-	default:
-		return fmt.Errorf("invalid type for proxy_protocol field: %T", pp)
-	}
-	return nil
-}
-
-// SpectrumApplicationOriginPort defines a union of a single port or range of ports.
-type SpectrumApplicationOriginPort struct {
-	Port, Start, End uint16
-}
-
-// ErrOriginPortInvalid is a common error for failing to parse a single port or port range.
-var ErrOriginPortInvalid = errors.New("invalid origin port")
-
-func (p *SpectrumApplicationOriginPort) parse(s string) error {
-	switch split := strings.Split(s, "-"); len(split) {
-	case 1:
-		i, err := strconv.ParseUint(split[0], 10, 16)
-		if err != nil {
-			return err
-		}
-		p.Port = uint16(i)
-	case 2:
-		start, err := strconv.ParseUint(split[0], 10, 16)
-		if err != nil {
-			return err
-		}
-		end, err := strconv.ParseUint(split[1], 10, 16)
-		if err != nil {
-			return err
-		}
-		if start >= end {
-			return ErrOriginPortInvalid
-		}
-		p.Start = uint16(start)
-		p.End = uint16(end)
-	default:
-		return ErrOriginPortInvalid
-	}
-	return nil
-}
-
-// UnmarshalJSON converts a byte slice into a single port or port range.
-func (p *SpectrumApplicationOriginPort) UnmarshalJSON(b []byte) error {
-	var port interface{}
-	if err := json.Unmarshal(b, &port); err != nil {
-		return err
-	}
-
-	switch i := port.(type) {
-	case float64:
-		p.Port = uint16(i)
-	case string:
-		if err := p.parse(i); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-// MarshalJSON converts a single port or port range to a suitable byte slice.
-func (p *SpectrumApplicationOriginPort) MarshalJSON() ([]byte, error) {
-	if p.End > 0 {
-		return json.Marshal(fmt.Sprintf("%d-%d", p.Start, p.End))
-	}
-	return json.Marshal(p.Port)
-}
-
-// SpectrumApplication defines a single Spectrum Application.
-type SpectrumApplication struct {
-	DNS              SpectrumApplicationDNS         `json:"dns,omitempty"`
-	OriginDirect     []string                       `json:"origin_direct,omitempty"`
-	ID               string                         `json:"id,omitempty"`
-	Protocol         string                         `json:"protocol,omitempty"`
-	TrafficType      string                         `json:"traffic_type,omitempty"`
-	TLS              string                         `json:"tls,omitempty"`
-	ProxyProtocol    ProxyProtocol                  `json:"proxy_protocol,omitempty"`
-	ModifiedOn       *time.Time                     `json:"modified_on,omitempty"`
-	OriginDNS        *SpectrumApplicationOriginDNS  `json:"origin_dns,omitempty"`
-	OriginPort       *SpectrumApplicationOriginPort `json:"origin_port,omitempty"`
-	CreatedOn        *time.Time                     `json:"created_on,omitempty"`
-	EdgeIPs          *SpectrumApplicationEdgeIPs    `json:"edge_ips,omitempty"`
-	ArgoSmartRouting bool                           `json:"argo_smart_routing,omitempty"`
-	IPv4             bool                           `json:"ipv4,omitempty"`
-	IPFirewall       bool                           `json:"ip_firewall,omitempty"`
-}
-
-// UnmarshalJSON handles setting the `ProxyProtocol` field based on the value of the deprecated `spp` field.
-func (a *SpectrumApplication) UnmarshalJSON(data []byte) error {
-	var body map[string]interface{}
-	if err := json.Unmarshal(data, &body); err != nil {
-		return err
-	}
-
-	var app spectrumApplicationRaw
-	if err := json.Unmarshal(data, &app); err != nil {
-		return err
-	}
-
-	if spp, ok := body["spp"]; ok && spp.(bool) {
-		app.ProxyProtocol = "simple"
-	}
-
-	*a = SpectrumApplication(app)
-	return nil
-}
-
-// spectrumApplicationRaw is used to inspect an application body to support the deprecated boolean value for `spp`.
-type spectrumApplicationRaw SpectrumApplication
-
-// SpectrumApplicationDNS holds the external DNS configuration for a Spectrum
-// Application.
-type SpectrumApplicationDNS struct {
-	Type string `json:"type"`
-	Name string `json:"name"`
-}
-
-// SpectrumApplicationOriginDNS holds the origin DNS configuration for a Spectrum
-// Application.
-type SpectrumApplicationOriginDNS struct {
-	Name string `json:"name"`
-}
-
-// SpectrumApplicationDetailResponse is the structure of the detailed response
-// from the API.
-type SpectrumApplicationDetailResponse struct {
-	Response
-	Result SpectrumApplication `json:"result"`
-}
-
-// SpectrumApplicationsDetailResponse is the structure of the detailed response
-// from the API.
-type SpectrumApplicationsDetailResponse struct {
-	Response
-	Result []SpectrumApplication `json:"result"`
-}
-
-// SpectrumApplicationEdgeIPs represents configuration for Bring-Your-Own-IP
-// https://developers.cloudflare.com/spectrum/getting-started/byoip/
-type SpectrumApplicationEdgeIPs struct {
-	Type         SpectrumApplicationEdgeType      `json:"type"`
-	Connectivity *SpectrumApplicationConnectivity `json:"connectivity,omitempty"`
-	IPs          []net.IP                         `json:"ips,omitempty"`
-}
-
-// SpectrumApplicationEdgeType for possible Edge configurations.
-type SpectrumApplicationEdgeType string
-
-const (
-	// SpectrumEdgeTypeDynamic IP config.
-	SpectrumEdgeTypeDynamic SpectrumApplicationEdgeType = "dynamic"
-	// SpectrumEdgeTypeStatic IP config.
-	SpectrumEdgeTypeStatic SpectrumApplicationEdgeType = "static"
-)
-
-// UnmarshalJSON function for SpectrumApplicationEdgeType enum.
-func (t *SpectrumApplicationEdgeType) UnmarshalJSON(b []byte) error {
-	var s string
-	err := json.Unmarshal(b, &s)
-	if err != nil {
-		return err
-	}
-
-	newEdgeType := SpectrumApplicationEdgeType(strings.ToLower(s))
-	switch newEdgeType {
-	case SpectrumEdgeTypeDynamic, SpectrumEdgeTypeStatic:
-		*t = newEdgeType
-		return nil
-	}
-
-	return errors.New(errUnmarshalError)
-}
-
-func (t SpectrumApplicationEdgeType) String() string {
-	return string(t)
-}
-
-// SpectrumApplicationConnectivity specifies IP address type on the edge configuration.
-type SpectrumApplicationConnectivity string
-
-const (
-	// SpectrumConnectivityAll specifies IPv4/6 edge IP.
-	SpectrumConnectivityAll SpectrumApplicationConnectivity = "all"
-	// SpectrumConnectivityIPv4 specifies IPv4 edge IP.
-	SpectrumConnectivityIPv4 SpectrumApplicationConnectivity = "ipv4"
-	// SpectrumConnectivityIPv6 specifies IPv6 edge IP.
-	SpectrumConnectivityIPv6 SpectrumApplicationConnectivity = "ipv6"
-	// SpectrumConnectivityStatic specifies static edge IP configuration.
-	SpectrumConnectivityStatic SpectrumApplicationConnectivity = "static"
-)
-
-func (c SpectrumApplicationConnectivity) String() string {
-	return string(c)
-}
-
-// UnmarshalJSON function for SpectrumApplicationConnectivity enum.
-func (c *SpectrumApplicationConnectivity) UnmarshalJSON(b []byte) error {
-	var s string
-	err := json.Unmarshal(b, &s)
-	if err != nil {
-		return err
-	}
-
-	newConnectivity := SpectrumApplicationConnectivity(strings.ToLower(s))
-	if newConnectivity.Dynamic() {
-		*c = newConnectivity
-		return nil
-	}
-
-	return errors.New(errUnmarshalError)
-}
-
-// Dynamic checks if address family is specified as dynamic config.
-func (c SpectrumApplicationConnectivity) Dynamic() bool {
-	switch c {
-	case SpectrumConnectivityAll, SpectrumConnectivityIPv4, SpectrumConnectivityIPv6:
-		return true
-	}
-	return false
-}
-
-// Static checks if address family is specified as static config.
-func (c SpectrumApplicationConnectivity) Static() bool {
-	return c == SpectrumConnectivityStatic
-}
-
-// SpectrumApplications fetches all of the Spectrum applications for a zone.
-//
-// API reference: https://developers.cloudflare.com/spectrum/api-reference/#list-spectrum-applications
-func (api *API) SpectrumApplications(ctx context.Context, zoneID string) ([]SpectrumApplication, error) {
-	uri := fmt.Sprintf("/zones/%s/spectrum/apps", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []SpectrumApplication{}, err
-	}
-
-	var spectrumApplications SpectrumApplicationsDetailResponse
-	err = json.Unmarshal(res, &spectrumApplications)
-	if err != nil {
-		return []SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return spectrumApplications.Result, nil
-}
-
-// SpectrumApplication fetches a single Spectrum application based on the ID.
-//
-// API reference: https://developers.cloudflare.com/spectrum/api-reference/#list-spectrum-applications
-func (api *API) SpectrumApplication(ctx context.Context, zoneID string, applicationID string) (SpectrumApplication, error) {
-	uri := fmt.Sprintf(
-		"/zones/%s/spectrum/apps/%s",
-		zoneID,
-		applicationID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return SpectrumApplication{}, err
-	}
-
-	var spectrumApplication SpectrumApplicationDetailResponse
-	err = json.Unmarshal(res, &spectrumApplication)
-	if err != nil {
-		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return spectrumApplication.Result, nil
-}
-
-// CreateSpectrumApplication creates a new Spectrum application.
-//
-// API reference: https://developers.cloudflare.com/spectrum/api-reference/#create-a-spectrum-application
-func (api *API) CreateSpectrumApplication(ctx context.Context, zoneID string, appDetails SpectrumApplication) (SpectrumApplication, error) {
-	uri := fmt.Sprintf("/zones/%s/spectrum/apps", zoneID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, appDetails)
-	if err != nil {
-		return SpectrumApplication{}, err
-	}
-
-	var spectrumApplication SpectrumApplicationDetailResponse
-	err = json.Unmarshal(res, &spectrumApplication)
-	if err != nil {
-		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return spectrumApplication.Result, nil
-}
-
-// UpdateSpectrumApplication updates an existing Spectrum application.
-//
-// API reference: https://developers.cloudflare.com/spectrum/api-reference/#update-a-spectrum-application
-func (api *API) UpdateSpectrumApplication(ctx context.Context, zoneID, appID string, appDetails SpectrumApplication) (SpectrumApplication, error) {
-	uri := fmt.Sprintf(
-		"/zones/%s/spectrum/apps/%s",
-		zoneID,
-		appID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, appDetails)
-	if err != nil {
-		return SpectrumApplication{}, err
-	}
-
-	var spectrumApplication SpectrumApplicationDetailResponse
-	err = json.Unmarshal(res, &spectrumApplication)
-	if err != nil {
-		return SpectrumApplication{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return spectrumApplication.Result, nil
-}
-
-// DeleteSpectrumApplication removes a Spectrum application based on the ID.
-//
-// API reference: https://developers.cloudflare.com/spectrum/api-reference/#delete-a-spectrum-application
-func (api *API) DeleteSpectrumApplication(ctx context.Context, zoneID string, applicationID string) error {
-	uri := fmt.Sprintf(
-		"/zones/%s/spectrum/apps/%s",
-		zoneID,
-		applicationID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/spectrum_test.go b/pkg/cloudflare-go/spectrum_test.go
deleted file mode 100644
index 85fa20cb6d..0000000000
--- a/pkg/cloudflare-go/spectrum_test.go
+++ /dev/null
@@ -1,549 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestSpectrumApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/22",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_direct": [
-					"tcp://192.0.2.1:22"
-				],
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "off",
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:         "f68579455bd947efb65ffa1bcf33b52c",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-		Protocol:   "tcp/22",
-		IPv4:       true,
-		DNS: SpectrumApplicationDNS{
-			Name: "spectrum.example.com",
-			Type: "CNAME",
-		},
-		OriginDirect:  []string{"tcp://192.0.2.1:22"},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "off",
-	}
-
-	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSpectrumApplications(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-					{
-					"id": "f68579455bd947efb65ffa1bcf33b52c",
-					"protocol": "tcp/22",
-					"ipv4": true,
-					"dns": {
-						"type": "CNAME",
-						"name": "spectrum.example.com"
-					},
-					"origin_direct": [
-						"tcp://192.0.2.1:22"
-					],
-					"ip_firewall": true,
-					"proxy_protocol": "off",
-					"tls": "off",
-					"created_on": "2018-03-28T21:25:55.643771Z",
-					"modified_on": "2018-03-28T21:25:55.643771Z"
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := []SpectrumApplication{
-		{
-			ID:         "f68579455bd947efb65ffa1bcf33b52c",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-			Protocol:   "tcp/22",
-			IPv4:       true,
-			DNS: SpectrumApplicationDNS{
-				Name: "spectrum.example.com",
-				Type: "CNAME",
-			},
-			OriginDirect:  []string{"tcp://192.0.2.1:22"},
-			IPFirewall:    true,
-			ProxyProtocol: "off",
-			TLS:           "off",
-		},
-	}
-
-	actual, err := client.SpectrumApplications(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSpectrumApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/23",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum1.example.com"
-				},
-				"origin_direct": [
-					"tcp://192.0.2.1:23"
-				],
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "full",
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:       "f68579455bd947efb65ffa1bcf33b52c",
-		Protocol: "tcp/23",
-		IPv4:     true,
-		DNS: SpectrumApplicationDNS{
-			Type: "CNAME",
-			Name: "spectrum1.example.com",
-		},
-		OriginDirect:  []string{"tcp://192.0.2.1:23"},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "full",
-		CreatedOn:     &createdOn,
-		ModifiedOn:    &modifiedOn,
-	}
-
-	actual, err := client.UpdateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSpectrumApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/22",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_direct": [
-					"tcp://192.0.2.1:22"
-				],
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "full",
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:       "f68579455bd947efb65ffa1bcf33b52c",
-		Protocol: "tcp/22",
-		IPv4:     true,
-		DNS: SpectrumApplicationDNS{
-			Type: "CNAME",
-			Name: "spectrum.example.com",
-		},
-		OriginDirect:  []string{"tcp://192.0.2.1:22"},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "full",
-		CreatedOn:     &createdOn,
-		ModifiedOn:    &modifiedOn,
-	}
-
-	actual, err := client.CreateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateSpectrumApplication_OriginDNS(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "5683dc9a12ba4dc6bceaca011bcafcf5",
-				"protocol": "tcp/22",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_dns": {
-					"name" : "spectrum.origin.example.com"
-				},
-				"origin_port": 2022,
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "full",
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps", handler)
-
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:       "5683dc9a12ba4dc6bceaca011bcafcf5",
-		Protocol: "tcp/22",
-		IPv4:     true,
-		DNS: SpectrumApplicationDNS{
-			Type: "CNAME",
-			Name: "spectrum.example.com",
-		},
-		OriginDNS: &SpectrumApplicationOriginDNS{
-			Name: "spectrum.origin.example.com",
-		},
-		OriginPort: &SpectrumApplicationOriginPort{
-			Port: 2022,
-		},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "full",
-		CreatedOn:     &createdOn,
-		ModifiedOn:    &modifiedOn,
-	}
-
-	actual, err := client.CreateSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSpectrumApplication(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "40d67c87c6cd4b889a4fd57805225e85"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-
-	err := client.DeleteSpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
-	assert.NoError(t, err)
-}
-
-func TestSpectrumApplicationProxyProtocolDeprecations(t *testing.T) {
-	for _, testCase := range []struct {
-		actualProxyProtocol   bool
-		actualSPP             bool
-		expectedProxyProtocol ProxyProtocol
-	}{
-		{
-			actualProxyProtocol:   false,
-			actualSPP:             false,
-			expectedProxyProtocol: "off",
-		},
-		{
-			actualProxyProtocol:   true,
-			actualSPP:             false,
-			expectedProxyProtocol: "v1",
-		},
-		{
-			actualProxyProtocol:   false,
-			actualSPP:             true,
-			expectedProxyProtocol: "simple",
-		},
-	} {
-		setup()
-
-		handler := func(w http.ResponseWriter, r *http.Request) {
-			assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-			w.Header().Set("content-type", "application/json")
-			fmt.Fprintf(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/22",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_direct": [
-					"tcp://192.0.2.1:22"
-				],
-				"ip_firewall": true,
-				"proxy_protocol": %v,
-				"spp": %v,
-				"tls": "off",
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`, testCase.actualProxyProtocol, testCase.actualSPP)
-		}
-
-		mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-		createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-		modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-		want := SpectrumApplication{
-			ID:         "f68579455bd947efb65ffa1bcf33b52c",
-			CreatedOn:  &createdOn,
-			ModifiedOn: &modifiedOn,
-			Protocol:   "tcp/22",
-			IPv4:       true,
-			DNS: SpectrumApplicationDNS{
-				Name: "spectrum.example.com",
-				Type: "CNAME",
-			},
-			OriginDirect:  []string{"tcp://192.0.2.1:22"},
-			IPFirewall:    true,
-			ProxyProtocol: testCase.expectedProxyProtocol,
-			TLS:           "off",
-		}
-
-		actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
-		if assert.NoError(t, err) {
-			assert.Equal(t, want, actual)
-		}
-
-		teardown()
-	}
-}
-
-func TestSpectrumApplicationEdgeIPs(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/22",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_direct": [
-					"tcp://192.0.2.1:22"
-				],
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "off",
-				"edge_ips": {
-					"type": "static",
-					"ips": [
-						"192.0.2.1",
-						"2001:db8::1"
-					]
-				},
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:         "f68579455bd947efb65ffa1bcf33b52c",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-		Protocol:   "tcp/22",
-		IPv4:       true,
-		DNS: SpectrumApplicationDNS{
-			Name: "spectrum.example.com",
-			Type: "CNAME",
-		},
-		OriginDirect:  []string{"tcp://192.0.2.1:22"},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "off",
-		EdgeIPs: &SpectrumApplicationEdgeIPs{
-			Type: SpectrumEdgeTypeStatic,
-			IPs:  []net.IP{net.ParseIP("192.0.2.1"), net.ParseIP("2001:db8::1")},
-		},
-	}
-
-	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSpectrumApplicationPortRange(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "f68579455bd947efb65ffa1bcf33b52c",
-				"protocol": "tcp/22-23",
-				"ipv4": true,
-				"dns": {
-					"type": "CNAME",
-					"name": "spectrum.example.com"
-				},
-				"origin_dns": {
-				  "name": "cloudflare.com"
-				},
-				"origin_port": "2022-2023",
-				"ip_firewall": true,
-				"proxy_protocol": "off",
-				"tls": "off",
-				"edge_ips": {
-					"type": "static",
-					"ips": [
-						"192.0.2.1",
-						"2001:db8::1"
-					]
-				},
-				"created_on": "2018-03-28T21:25:55.643771Z",
-				"modified_on": "2018-03-28T21:25:55.643771Z"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/spectrum/apps/f68579455bd947efb65ffa1bcf33b52c", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2018-03-28T21:25:55.643771Z")
-	want := SpectrumApplication{
-		ID:         "f68579455bd947efb65ffa1bcf33b52c",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-		Protocol:   "tcp/22-23",
-		IPv4:       true,
-		DNS: SpectrumApplicationDNS{
-			Name: "spectrum.example.com",
-			Type: "CNAME",
-		},
-		OriginDNS: &SpectrumApplicationOriginDNS{
-			Name: "cloudflare.com",
-		},
-		OriginPort: &SpectrumApplicationOriginPort{
-			Start: 2022,
-			End:   2023,
-		},
-		IPFirewall:    true,
-		ProxyProtocol: "off",
-		TLS:           "off",
-		EdgeIPs: &SpectrumApplicationEdgeIPs{
-			Type: SpectrumEdgeTypeStatic,
-			IPs:  []net.IP{net.ParseIP("192.0.2.1"), net.ParseIP("2001:db8::1")},
-		},
-	}
-
-	actual, err := client.SpectrumApplication(context.Background(), "01a7362d577a6c3019a474fd6f485823", "f68579455bd947efb65ffa1bcf33b52c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/split_tunnel.go b/pkg/cloudflare-go/split_tunnel.go
deleted file mode 100644
index 3124aa74cf..0000000000
--- a/pkg/cloudflare-go/split_tunnel.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// SplitTunnelResponse represents the response from the get split
-// tunnel endpoints.
-type SplitTunnelResponse struct {
-	Response
-	Result []SplitTunnel `json:"result"`
-}
-
-// SplitTunnel represents the individual tunnel struct.
-type SplitTunnel struct {
-	Address     string `json:"address,omitempty"`
-	Host        string `json:"host,omitempty"`
-	Description string `json:"description,omitempty"`
-}
-
-// ListSplitTunnel returns all include or exclude split tunnel  within an account.
-//
-// API reference for include: https://api.cloudflare.com/#device-policy-get-split-tunnel-include-list
-// API reference for exclude: https://api.cloudflare.com/#device-policy-get-split-tunnel-exclude-list
-func (api *API) ListSplitTunnels(ctx context.Context, accountID string, mode string) ([]SplitTunnel, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, mode)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []SplitTunnel{}, err
-	}
-
-	var splitTunnelResponse SplitTunnelResponse
-	err = json.Unmarshal(res, &splitTunnelResponse)
-	if err != nil {
-		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return splitTunnelResponse.Result, nil
-}
-
-// UpdateSplitTunnel updates the existing split tunnel policy.
-//
-// API reference for include: https://api.cloudflare.com/#device-policy-set-split-tunnel-include-list
-// API reference for exclude: https://api.cloudflare.com/#device-policy-set-split-tunnel-exclude-list
-func (api *API) UpdateSplitTunnel(ctx context.Context, accountID string, mode string, tunnels []SplitTunnel) ([]SplitTunnel, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s", AccountRouteRoot, accountID, mode)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnels)
-	if err != nil {
-		return []SplitTunnel{}, err
-	}
-
-	var splitTunnelResponse SplitTunnelResponse
-	err = json.Unmarshal(res, &splitTunnelResponse)
-	if err != nil {
-		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return splitTunnelResponse.Result, nil
-}
-
-// ListSplitTunnelDeviceSettingsPolicy returns all include or exclude split tunnel within a device settings policy
-//
-// API reference for include: https://api.cloudflare.com/#device-policy-get-split-tunnel-include-list
-// API reference for exclude: https://api.cloudflare.com/#device-policy-get-split-tunnel-exclude-list
-func (api *API) ListSplitTunnelsDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, mode string) ([]SplitTunnel, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/%s", AccountRouteRoot, accountID, policyID, mode)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []SplitTunnel{}, err
-	}
-
-	var splitTunnelResponse SplitTunnelResponse
-	err = json.Unmarshal(res, &splitTunnelResponse)
-	if err != nil {
-		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return splitTunnelResponse.Result, nil
-}
-
-// UpdateSplitTunnelDeviceSettingsPolicy updates the existing split tunnel policy within a device settings policy
-//
-// API reference for include: https://api.cloudflare.com/#device-policy-set-split-tunnel-include-list
-// API reference for exclude: https://api.cloudflare.com/#device-policy-set-split-tunnel-exclude-list
-func (api *API) UpdateSplitTunnelDeviceSettingsPolicy(ctx context.Context, accountID, policyID string, mode string, tunnels []SplitTunnel) ([]SplitTunnel, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/policy/%s/%s", AccountRouteRoot, accountID, policyID, mode)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, tunnels)
-	if err != nil {
-		return []SplitTunnel{}, err
-	}
-
-	var splitTunnelResponse SplitTunnelResponse
-	err = json.Unmarshal(res, &splitTunnelResponse)
-	if err != nil {
-		return []SplitTunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return splitTunnelResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/split_tunnel_test.go b/pkg/cloudflare-go/split_tunnel_test.go
deleted file mode 100644
index 63c6448fb3..0000000000
--- a/pkg/cloudflare-go/split_tunnel_test.go
+++ /dev/null
@@ -1,300 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestSplitTunnelIncludeHost(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "host": "*.example.com",
-          "description": "default"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []SplitTunnel{{
-		Host:        "*.example.com",
-		Description: "default",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
-
-	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "include")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSplitTunnelIncludeAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "address": "192.0.2.0/24",
-          "description": "TEST-NET-1"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []SplitTunnel{{
-		Address:     "192.0.2.0/24",
-		Description: "TEST-NET-1",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
-
-	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "include")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSplitTunnelInclude(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "address": "192.0.2.0/24",
-          "description": "TEST-NET-1"
-       },
-       {
-          "address": "198.51.100.0/24",
-          "description": "TEST-NET-2"
-       },
-       {
-          "host": "*.example.com",
-          "description": "example host name"
-       }
-      ]
-    }
-    `)
-	}
-
-	tunnels := []SplitTunnel{
-		{
-			Address:     "192.0.2.0/24",
-			Description: "TEST-NET-1",
-		},
-		{
-			Address:     "198.51.100.0/24",
-			Description: "TEST-NET-2",
-		},
-		{
-			Host:        "*.example.com",
-			Description: "example host name",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/include", handler)
-
-	actual, err := client.UpdateSplitTunnel(context.Background(), testAccountID, "include", tunnels)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, tunnels, actual)
-	}
-}
-
-func TestSplitTunnelExcludeHost(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "host": "*.example.com",
-          "description": "default"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []SplitTunnel{{
-		Host:        "*.example.com",
-		Description: "default",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
-
-	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "exclude")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestSplitTunnelExcludeAddress(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "address": "192.0.2.0/24",
-          "description": "TEST-NET-1"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []SplitTunnel{{
-		Address:     "192.0.2.0/24",
-		Description: "TEST-NET-1",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
-
-	actual, err := client.ListSplitTunnels(context.Background(), testAccountID, "exclude")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateSplitTunnelExclude(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "address": "192.0.2.0/24",
-          "description": "TEST-NET-1"
-       },
-       {
-          "address": "198.51.100.0/24",
-          "description": "TEST-NET-2"
-       },
-       {
-          "host": "*.example.com",
-          "description": "example host name"
-       }
-      ]
-    }
-    `)
-	}
-
-	tunnels := []SplitTunnel{
-		{
-			Address:     "192.0.2.0/24",
-			Description: "TEST-NET-1",
-		},
-		{
-			Address:     "198.51.100.0/24",
-			Description: "TEST-NET-2",
-		},
-		{
-			Host:        "*.example.com",
-			Description: "example host name",
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/exclude", handler)
-
-	actual, err := client.UpdateSplitTunnel(context.Background(), testAccountID, "exclude", tunnels)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, tunnels, actual)
-	}
-}
-
-func TestSplitTunnelsDeviceSettingsPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-    {
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": [
-        {
-          "host": "*.example.com",
-          "description": "default"
-       }
-      ]
-    }
-    `)
-	}
-
-	want := []SplitTunnel{{
-		Host:        "*.example.com",
-		Description: "default",
-	}}
-
-	policyID := "a842fa8a-a583-482e-9cd9-eb43362949fd"
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/policy/"+policyID+"/include", handler)
-
-	actual, err := client.ListSplitTunnelsDeviceSettingsPolicy(context.Background(), testAccountID, policyID, "include")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/ssl.go b/pkg/cloudflare-go/ssl.go
deleted file mode 100644
index 3d1b5cfdb7..0000000000
--- a/pkg/cloudflare-go/ssl.go
+++ /dev/null
@@ -1,173 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// ZoneCustomSSL represents custom SSL certificate metadata.
-type ZoneCustomSSL struct {
-	ID              string                        `json:"id"`
-	Hosts           []string                      `json:"hosts"`
-	Issuer          string                        `json:"issuer"`
-	Signature       string                        `json:"signature"`
-	Status          string                        `json:"status"`
-	BundleMethod    string                        `json:"bundle_method"`
-	GeoRestrictions *ZoneCustomSSLGeoRestrictions `json:"geo_restrictions,omitempty"`
-	ZoneID          string                        `json:"zone_id"`
-	UploadedOn      time.Time                     `json:"uploaded_on"`
-	ModifiedOn      time.Time                     `json:"modified_on"`
-	ExpiresOn       time.Time                     `json:"expires_on"`
-	Priority        int                           `json:"priority"`
-	KeylessServer   KeylessSSL                    `json:"keyless_server"`
-}
-
-// ZoneCustomSSLGeoRestrictions represents the parameter to create or update
-// geographic restrictions on a custom ssl certificate.
-type ZoneCustomSSLGeoRestrictions struct {
-	Label string `json:"label"`
-}
-
-// zoneCustomSSLResponse represents the response from the zone SSL details endpoint.
-type zoneCustomSSLResponse struct {
-	Response
-	Result ZoneCustomSSL `json:"result"`
-}
-
-// zoneCustomSSLsResponse represents the response from the zone SSL list endpoint.
-type zoneCustomSSLsResponse struct {
-	Response
-	Result []ZoneCustomSSL `json:"result"`
-}
-
-// ZoneCustomSSLOptions represents the parameters to create or update an existing
-// custom SSL configuration.
-type ZoneCustomSSLOptions struct {
-	Certificate     string                        `json:"certificate"`
-	PrivateKey      string                        `json:"private_key"`
-	BundleMethod    string                        `json:"bundle_method,omitempty"`
-	GeoRestrictions *ZoneCustomSSLGeoRestrictions `json:"geo_restrictions,omitempty"`
-	Type            string                        `json:"type,omitempty"`
-}
-
-// ZoneCustomSSLPriority represents a certificate's ID and priority. It is a
-// subset of ZoneCustomSSL used for patch requests.
-type ZoneCustomSSLPriority struct {
-	ID       string `json:"ID"`
-	Priority int    `json:"priority"`
-}
-
-// CreateSSL allows you to add a custom SSL certificate to the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-create-ssl-configuration
-func (api *API) CreateSSL(ctx context.Context, zoneID string, options ZoneCustomSSLOptions) (ZoneCustomSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, options)
-	if err != nil {
-		return ZoneCustomSSL{}, err
-	}
-	var r zoneCustomSSLResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListSSL lists the custom certificates for the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-list-ssl-configurations
-func (api *API) ListSSL(ctx context.Context, zoneID string) ([]ZoneCustomSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r zoneCustomSSLsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// SSLDetails returns the configuration details for a custom SSL certificate.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-ssl-configuration-details
-func (api *API) SSLDetails(ctx context.Context, zoneID, certificateID string) (ZoneCustomSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneCustomSSL{}, err
-	}
-	var r zoneCustomSSLResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateSSL updates (replaces) a custom SSL certificate.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-update-ssl-configuration
-func (api *API) UpdateSSL(ctx context.Context, zoneID, certificateID string, options ZoneCustomSSLOptions) (ZoneCustomSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, options)
-	if err != nil {
-		return ZoneCustomSSL{}, err
-	}
-	var r zoneCustomSSLResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return ZoneCustomSSL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ReprioritizeSSL allows you to change the priority (which is served for a given
-// request) of custom SSL certificates associated with the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-re-prioritize-ssl-certificates
-func (api *API) ReprioritizeSSL(ctx context.Context, zoneID string, p []ZoneCustomSSLPriority) ([]ZoneCustomSSL, error) {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates/prioritize", zoneID)
-	params := struct {
-		Certificates []ZoneCustomSSLPriority `json:"certificates"`
-	}{
-		Certificates: p,
-	}
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return nil, err
-	}
-	var r zoneCustomSSLsResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteSSL deletes a custom SSL certificate from the given zone.
-//
-// API reference: https://api.cloudflare.com/#custom-ssl-for-a-zone-delete-an-ssl-certificate
-func (api *API) DeleteSSL(ctx context.Context, zoneID, certificateID string) error {
-	uri := fmt.Sprintf("/zones/%s/custom_certificates/%s", zoneID, certificateID)
-	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
-		return err
-	}
-	return nil
-}
-
-// SSLValidationRecord displays Domain Control Validation tokens.
-type SSLValidationRecord struct {
-	CnameTarget string `json:"cname_target,omitempty"`
-	CnameName   string `json:"cname,omitempty"`
-
-	TxtName  string `json:"txt_name,omitempty"`
-	TxtValue string `json:"txt_value,omitempty"`
-
-	HTTPUrl  string `json:"http_url,omitempty"`
-	HTTPBody string `json:"http_body,omitempty"`
-
-	Emails []string `json:"emails,omitempty"`
-}
diff --git a/pkg/cloudflare-go/ssl_test.go b/pkg/cloudflare-go/ssl_test.go
deleted file mode 100644
index e7fb3798a3..0000000000
--- a/pkg/cloudflare-go/ssl_test.go
+++ /dev/null
@@ -1,390 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCreateSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{"certificate":"-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----","geo_restrictions":{"label":"us"},"private_key":"-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----","bundle_method":"ubiquitous"}`, string(b))
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "id": "7e7b8deba8538af625850b7b2530034c",
-            "hosts": [
-              "example.com"
-            ],
-            "issuer": "GlobalSign",
-            "signature": "SHA256WithRSA",
-            "status": "active",
-            "bundle_method": "ubiquitous",
-            "geo_restrictions": {
-               "label": "us"
-            },
-            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-            "uploaded_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "expires_on": "2016-01-01T05:20:00Z",
-            "priority": 1
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates", handler)
-
-	hosts := make([]string, 1, 4)
-	hosts[0] = "example.com"
-	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-	want := ZoneCustomSSL{
-		ID:              "7e7b8deba8538af625850b7b2530034c",
-		Hosts:           hosts,
-		Issuer:          "GlobalSign",
-		Signature:       "SHA256WithRSA",
-		Status:          "active",
-		BundleMethod:    "ubiquitous",
-		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
-		ZoneID:          "023e105f4ecef8ad9ca31a8372d0c353",
-		UploadedOn:      uploadedOn,
-		ModifiedOn:      modifiedOn,
-		ExpiresOn:       expiresOn,
-		Priority:        1,
-	}
-
-	actual, err := client.CreateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", ZoneCustomSSLOptions{
-		Certificate:     "-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----",
-		PrivateKey:      "-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----",
-		BundleMethod:    "ubiquitous",
-		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.CreateSSL(context.Background(), "bar", ZoneCustomSSLOptions{})
-	assert.Error(t, err)
-}
-
-func TestListSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": [
-            {
-              "id": "7e7b8deba8538af625850b7b2530034c",
-              "hosts": [
-                "example.com"
-              ],
-              "issuer": "GlobalSign",
-              "signature": "SHA256WithRSA",
-              "status": "active",
-              "bundle_method": "ubiquitous",
-              "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-              "uploaded_on": "2014-01-01T05:20:00Z",
-              "modified_on": "2014-01-01T05:20:00Z",
-              "expires_on": "2016-01-01T05:20:00Z",
-              "priority": 1
-            }
-          ],
-          "result_info": {
-            "page": 1,
-            "per_page": 20,
-            "count": 1,
-            "total_count": 1
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates", handler)
-
-	hosts := make([]string, 1, 4)
-	hosts[0] = "example.com"
-	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-
-	want := make([]ZoneCustomSSL, 1, 4)
-	want[0] = ZoneCustomSSL{
-		ID:           "7e7b8deba8538af625850b7b2530034c",
-		Hosts:        hosts,
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		Status:       "active",
-		BundleMethod: "ubiquitous",
-		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
-		UploadedOn:   uploadedOn,
-		ModifiedOn:   modifiedOn,
-		ExpiresOn:    expiresOn,
-		Priority:     1,
-	}
-
-	actual, err := client.ListSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.ListSSL(context.Background(), "bar")
-	assert.Error(t, err)
-}
-
-func TestSSLDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "id": "7e7b8deba8538af625850b7b2530034c",
-            "hosts": [
-              "example.com"
-            ],
-            "issuer": "GlobalSign",
-            "signature": "SHA256WithRSA",
-            "status": "active",
-            "bundle_method": "ubiquitous",
-            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-            "uploaded_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "expires_on": "2016-01-01T05:20:00Z",
-            "priority": 1
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
-
-	hosts := make([]string, 1, 4)
-	hosts[0] = "example.com"
-	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-	want := ZoneCustomSSL{
-		ID:           "7e7b8deba8538af625850b7b2530034c",
-		Hosts:        hosts,
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		Status:       "active",
-		BundleMethod: "ubiquitous",
-		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
-		UploadedOn:   uploadedOn,
-		ModifiedOn:   modifiedOn,
-		ExpiresOn:    expiresOn,
-		Priority:     1,
-	}
-
-	actual, err := client.SSLDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.SSLDetails(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar")
-	assert.Error(t, err)
-}
-
-func TestUpdateSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{"certificate":"-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----","geo_restrictions":{"label":"us"},"private_key":"-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----","bundle_method":"ubiquitous"}`, string(b))
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "id": "7e7b8deba8538af625850b7b2530034c",
-            "hosts": [
-              "example.com"
-            ],
-            "issuer": "GlobalSign",
-            "signature": "SHA256WithRSA",
-            "status": "active",
-            "bundle_method": "ubiquitous",
-			"geo_restrictions": {
-               "label": "us"
-            },
-            "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-            "uploaded_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "expires_on": "2016-01-01T05:20:00Z",
-            "priority": 1
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
-
-	hosts := make([]string, 1, 4)
-	hosts[0] = "example.com"
-	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-	want := ZoneCustomSSL{
-		ID:              "7e7b8deba8538af625850b7b2530034c",
-		Hosts:           hosts,
-		Issuer:          "GlobalSign",
-		Signature:       "SHA256WithRSA",
-		Status:          "active",
-		BundleMethod:    "ubiquitous",
-		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
-		ZoneID:          "023e105f4ecef8ad9ca31a8372d0c353",
-		UploadedOn:      uploadedOn,
-		ModifiedOn:      modifiedOn,
-		ExpiresOn:       expiresOn,
-		Priority:        1,
-	}
-
-	actual, err := client.UpdateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c", ZoneCustomSSLOptions{
-		Certificate:     "-----BEGIN CERTIFICATE----- MIIDtTCCAp2gAwIBAgIJAM15n7fdxhRtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTQwMzExMTkyMTU5WhcNMTQwNDEwMTkyMTU5WjBF MQswCQYDVQQGEwJVUzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAvq3sKsHpeduJHimOK+fvQdKsI8z8A05MZyyLp2/R/GE8FjNv+hkVY1WQ LIyTNNQH7CJecE1nbTfo8Y56S7x/rhxC6/DJ8MIulapFPnorq46KU6yRxiM0MQ3N nTJHlHA2ozZta6YBBfVfhHWl1F0IfNbXCLKvGwWWMbCx43OfW6KTkbRnE6gFWKuO fSO5h2u5TaWVuSIzBvYs7Vza6m+gtYAvKAJV2nSZ+eSEFPDo29corOy8+huEOUL8 5FAw4BFPsr1TlrlGPFitduQUHGrSL7skk1ESGza0to3bOtrodKei2s9bk5MXm7lZ qI+WZJX4Zu9+mzZhc9pCVi8r/qlXuQIDAQABo4GnMIGkMB0GA1UdDgQWBBRvavf+ sWM4IwKiH9X9w1vl6nUVRDB1BgNVHSMEbjBsgBRvavf+sWM4IwKiH9X9w1vl6nUV RKFJpEcwRTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNV BAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAM15n7fdxhRtMAwGA1UdEwQF MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABY2ZzBaW0dMsAAT7tPJzrVWVzQx6KU4 UEBLudIlWPlkAwTnINCWR/8eNjCCmGA4heUdHmazdpPa8RzwOmc0NT1NQqzSyktt vTqb4iHD7+8f9MqJ9/FssCfTtqr/Qst/hGH4Wmdf1EJ/6FqYAAb5iRlPgshFZxU8 uXtA8hWn6fK6eISD9HBdcAFToUvKNZ1BIDPvh9f95Ine8ar6yGd56TUNrHR8eHBs ESxz5ddVR/oWRysNJ+aGAyYqHS8S/ttmC7r4XCAHqXptkHPCGRqkAhsterYhd4I8 /cBzejUobNCjjHFbtkAL/SjxZOLW+pNkZwfeYdM8iPkD54Uua1v2tdw= -----END CERTIFICATE-----",
-		PrivateKey:      "-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAl 1cSc0vfcJLI4ZdWjiZZqy86Eof4czCwilyjXdvHqbdgDjz9H6K/0FX78EzVdfyExESptPCDl5YYjvcZyAWlgNfYEpFpGeoh/pTFW3hlyKImh4EgBXbDrR251J Ew2Nf56X3duibI6X20gKZA6cvdmWeKh MOOXuh1bSPU3dkb4YOF/fng5iGrx0q3txdMQXTPMZ1uXHFcBH7idgViYesXUBhdll3GP1N Y8laq0yrqh 8HMsZK m27MebqonbNmjOqE218lVEvjCdRO6xvNXrO6vNJBoGn2eGwZ8BVd0mTA3Tj43/2cmxQFY9FLq56cCXqYI1fbRRib ZLrjSNkwIDAQABAoIBABfAjjsjjxc0NxcYvKOMUb9Rpj8Sx6U/o/tDC5u XmsGX37aaJmC5yw9BQiAxgvXtQryEl5uoNoqOdsxzKV6yM0vPcwKEJVBd4G6yx6AjVJZnc2qf72erR7BbA2CQh scMDRBKE041HhgTBRNP6roim0SOgYP5JZIrGAQXNIkyE0fZc5gZNUt388ne/mjWM6Xi08BDGurLC68nsdt7Nd UYqeBVxo2EqChp5vKYZYEcG8h9XBj4u4NIwg1Mty2JqX30uBjoHvF5w/pMs8lG uvj6JR9I 19wtCuccbAJl 4cUq03UQoIDmwejea oC8A8WJr3vVpODDWrvAsjllGPBECgYEAyQRa6edYO6bsSvgbM13qXW9OQTn9YmgzfN24Ux1D66TQU6sBSLdfSHshDhTCi Ax 698aJNRWujAakA2DDgspSx98aRnHbF zvY7i7iWGesN6uN0zL 6/MK5uWoieGZRjgk230fLk00l4/FK1mJIp0apr0Lis9xmDjP5AaUPTUUCgYEAwXuhTHZWPT6v8YwOksjbuK UDkIIvyMux53kb73vrkgMboS4DB1zMLNyG 9EghS414CFROUwGl4ZUKboH1Jo5G34y8VgDuHjirTqL2H6 zNpML iMrWCXjpFKkxwPbeQnEAZ 5Rud4d PTyXAt71blZHE9tZ4KHy8cU1iKc9APcCgYAIqKZd4vg7AZK2G//X85iv06aUSrIudfyZyVcyRVVyphPPNtOEVVnGXn9rAtvqeIrOo52BR68 cj4vlXp hkDuEH QVBuY/NdQhOzFtPrKPQTJdGjIlQ2x65Vidj7r3sRukNkLPyV2v D885zcpTkp83JFuWTYiIrg275DIuAI3QKBgAglM0IrzS g3vlVQxvM1ussgRgkkYeybHq82 wUW 3DXLqeXb0s1DedplUkuoabZriz0Wh4GZFSmtA5ZpZC uV697lkYsndmp2xRhaekllW7bu pY5q88URwO2p8CO5AZ6CWFWuBwSDML5VOapGRqDRgwaD oGpb7fb7IgHOls7AoGBAJnL6Q8t35uYJ8J8hY7wso88IE04z6VaT8WganxcndesWER9eFQDHDDy//ZYeyt6M41uIY CL Vkm9Kwl/bHLJKdnOE1a9NdE6mtfah0Bk2u/YOuzyu5mmcgZiX X/OZuEbGmmbZOR1FCuIyrNYfwYohhcZP7/r0Ia/1GpkHc3Bi-----END RSA PRIVATE KEY-----",
-		BundleMethod:    "ubiquitous",
-		GeoRestrictions: &ZoneCustomSSLGeoRestrictions{Label: "us"},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-
-	_, err = client.UpdateSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar", ZoneCustomSSLOptions{})
-	assert.Error(t, err)
-}
-
-func TestReprioritizeSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{"certificates":[{"ID":"5a7805061c76ada191ed06f989cc3dac","priority":2},{"ID":"9a7806061c88ada191ed06f989cc3dac","priority":1}]}`, string(b))
-		}
-
-		w.Header().Set("content-type", "application/json")
-		// XXX: Test response flow properly.
-		// Current response assertion uses generic example from the documentation,
-		// rather than responding to the actual PUT request.
-		// https://api.cloudflare.com/#custom-ssl-for-a-zone-re-prioritize-ssl-certificates
-		fmt.Fprint(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": [
-            {
-              "id": "7e7b8deba8538af625850b7b2530034c",
-              "hosts": [
-                "example.com"
-              ],
-              "issuer": "GlobalSign",
-              "signature": "SHA256WithRSA",
-              "status": "active",
-              "bundle_method": "ubiquitous",
-              "zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-              "uploaded_on": "2014-01-01T05:20:00Z",
-              "modified_on": "2014-01-01T05:20:00Z",
-              "expires_on": "2016-01-01T05:20:00Z",
-              "priority": 1
-            }
-          ],
-          "result_info": {
-            "page": 1,
-            "per_page": 20,
-            "count": 1,
-            "total_count": 1
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/prioritize", handler)
-
-	hosts := make([]string, 1, 4)
-	hosts[0] = "example.com"
-	uploadedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	expiresOn, _ := time.Parse(time.RFC3339, "2016-01-01T05:20:00Z")
-
-	want := make([]ZoneCustomSSL, 1, 4)
-	want[0] = ZoneCustomSSL{
-		ID:           "7e7b8deba8538af625850b7b2530034c",
-		Hosts:        hosts,
-		Issuer:       "GlobalSign",
-		Signature:    "SHA256WithRSA",
-		Status:       "active",
-		BundleMethod: "ubiquitous",
-		ZoneID:       "023e105f4ecef8ad9ca31a8372d0c353",
-		UploadedOn:   uploadedOn,
-		ModifiedOn:   modifiedOn,
-		ExpiresOn:    expiresOn,
-		Priority:     1,
-	}
-
-	actual, err := client.ReprioritizeSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", []ZoneCustomSSLPriority{
-		{ID: "5a7805061c76ada191ed06f989cc3dac", Priority: 2},
-		{ID: "9a7806061c88ada191ed06f989cc3dac", Priority: 1},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteSSL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-          "id": "7e7b8deba8538af625850b7b2530034c"
-        }`)
-	}
-
-	mux.HandleFunc("/zones/023e105f4ecef8ad9ca31a8372d0c353/custom_certificates/7e7b8deba8538af625850b7b2530034c", handler)
-
-	err := client.DeleteSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "7e7b8deba8538af625850b7b2530034c")
-	assert.NoError(t, err, "Expected to successfully delete certificate ID '7e7b8deba8538af625850b7b2530034c', received error instead")
-
-	err = client.DeleteSSL(context.Background(), "023e105f4ecef8ad9ca31a8372d0c353", "bar")
-	assert.Error(t, err, "Expected to error when attempting to delete certificate ID 'bar', did not receive error instead")
-}
diff --git a/pkg/cloudflare-go/stack_rulesest.go b/pkg/cloudflare-go/stack_rulesest.go
deleted file mode 100644
index cf91e15fd8..0000000000
--- a/pkg/cloudflare-go/stack_rulesest.go
+++ /dev/null
@@ -1,29 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-)
-
-// DeleteRulesetRule removes a ruleset rule based on the ruleset ID +
-// ruleset rule ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/deleteZoneRulesetRule
-func (api *API) DeleteRulesetRule(ctx context.Context, rc *ResourceContainer, rulesetID, rulesetRuleID string) error {
-	uri := fmt.Sprintf("/%s/%s/rulesets/%s/rules/%s", rc.Level, rc.Identifier, rulesetID, rulesetRuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	// The API is not implementing the standard response blob but returns an
-	// empty response (204) in case of a success. So we are checking for the
-	// response body size here.
-	if len(res) > 0 {
-		return fmt.Errorf(errMakeRequestError+": %w", errors.New(string(res)))
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/stream.go b/pkg/cloudflare-go/stream.go
deleted file mode 100644
index 3880649962..0000000000
--- a/pkg/cloudflare-go/stream.go
+++ /dev/null
@@ -1,574 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"os"
-	"strconv"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	// ErrMissingUploadURL is for when a URL is required but missing.
-	ErrMissingUploadURL = errors.New("required url missing")
-	// ErrMissingMaxDuration is for when MaxDuration is required but missing.
-	ErrMissingMaxDuration = errors.New("required max duration missing")
-	// ErrMissingVideoID is for when VideoID is required but missing.
-	ErrMissingVideoID = errors.New("required video id missing")
-	// ErrMissingFilePath is for when FilePath is required but missing.
-	ErrMissingFilePath = errors.New("required file path missing")
-	// ErrMissingTusResumable is for when TusResumable is required but missing.
-	ErrMissingTusResumable = errors.New("required tus resumable missing")
-	// ErrInvalidTusResumable is for when TusResumable is invalid.
-	ErrInvalidTusResumable = errors.New("invalid tus resumable")
-	// ErrMarshallingTUSMetadata is for when TUS metadata cannot be marshalled.
-	ErrMarshallingTUSMetadata = errors.New("error marshalling TUS metadata")
-	// ErrMissingUploadLength is for when UploadLength is required but missing.
-	ErrMissingUploadLength = errors.New("required upload length missing")
-	// ErrInvalidStatusCode is for when the status code is invalid.
-	ErrInvalidStatusCode = errors.New("invalid status code")
-)
-
-type TusProtocolVersion string
-
-const (
-	TusProtocolVersion1_0_0 TusProtocolVersion = "1.0.0"
-)
-
-// StreamVideo represents a stream video.
-type StreamVideo struct {
-	AllowedOrigins        []string                 `json:"allowedOrigins,omitempty"`
-	Created               *time.Time               `json:"created,omitempty"`
-	Duration              float64                  `json:"duration,omitempty"`
-	Input                 StreamVideoInput         `json:"input,omitempty"`
-	MaxDurationSeconds    int                      `json:"maxDurationSeconds,omitempty"`
-	Meta                  map[string]interface{}   `json:"meta,omitempty"`
-	Modified              *time.Time               `json:"modified,omitempty"`
-	UploadExpiry          *time.Time               `json:"uploadExpiry,omitempty"`
-	Playback              StreamVideoPlayback      `json:"playback,omitempty"`
-	Preview               string                   `json:"preview,omitempty"`
-	ReadyToStream         bool                     `json:"readyToStream,omitempty"`
-	RequireSignedURLs     bool                     `json:"requireSignedURLs,omitempty"`
-	Size                  int                      `json:"size,omitempty"`
-	Status                StreamVideoStatus        `json:"status,omitempty"`
-	Thumbnail             string                   `json:"thumbnail,omitempty"`
-	ThumbnailTimestampPct float64                  `json:"thumbnailTimestampPct,omitempty"`
-	UID                   string                   `json:"uid,omitempty"`
-	Creator               string                   `json:"creator,omitempty"`
-	LiveInput             string                   `json:"liveInput,omitempty"`
-	Uploaded              *time.Time               `json:"uploaded,omitempty"`
-	ScheduledDeletion     *time.Time               `json:"scheduledDeletion,omitempty"`
-	Watermark             StreamVideoWatermark     `json:"watermark,omitempty"`
-	NFT                   StreamVideoNFTParameters `json:"nft,omitempty"`
-}
-
-// StreamVideoInput represents the video input values of a stream video.
-type StreamVideoInput struct {
-	Height int `json:"height,omitempty"`
-	Width  int `json:"width,omitempty"`
-}
-
-// StreamVideoPlayback represents the playback URLs for a video.
-type StreamVideoPlayback struct {
-	HLS  string `json:"hls,omitempty"`
-	Dash string `json:"dash,omitempty"`
-}
-
-// StreamVideoStatus represents the status of a stream video.
-type StreamVideoStatus struct {
-	State           string `json:"state,omitempty"`
-	PctComplete     string `json:"pctComplete,omitempty"`
-	ErrorReasonCode string `json:"errorReasonCode,omitempty"`
-	ErrorReasonText string `json:"errorReasonText,omitempty"`
-}
-
-// StreamVideoWatermark represents a watermark for a stream video.
-type StreamVideoWatermark struct {
-	UID            string     `json:"uid,omitempty"`
-	Size           int        `json:"size,omitempty"`
-	Height         int        `json:"height,omitempty"`
-	Width          int        `json:"width,omitempty"`
-	Created        *time.Time `json:"created,omitempty"`
-	DownloadedFrom string     `json:"downloadedFrom,omitempty"`
-	Name           string     `json:"name,omitempty"`
-	Opacity        float64    `json:"opacity,omitempty"`
-	Padding        float64    `json:"padding,omitempty"`
-	Scale          float64    `json:"scale,omitempty"`
-	Position       string     `json:"position,omitempty"`
-}
-
-// StreamVideoNFTParameters represents a NFT for a stream video.
-type StreamVideoNFTParameters struct {
-	AccountID string
-	VideoID   string
-	Contract  string `json:"contract,omitempty"`
-	Token     int    `json:"token,omitempty"`
-}
-
-// StreamUploadFromURLParameters are the parameters used when uploading a video from URL.
-type StreamUploadFromURLParameters struct {
-	AccountID             string
-	VideoID               string
-	URL                   string                  `json:"url"`
-	Creator               string                  `json:"creator,omitempty"`
-	ThumbnailTimestampPct float64                 `json:"thumbnailTimestampPct,omitempty"`
-	AllowedOrigins        []string                `json:"allowedOrigins,omitempty"`
-	RequireSignedURLs     bool                    `json:"requireSignedURLs,omitempty"`
-	Watermark             UploadVideoURLWatermark `json:"watermark,omitempty"`
-	Meta                  map[string]interface{}  `json:"meta,omitempty"`
-	ScheduledDeletion     *time.Time              `json:"scheduledDeletion,omitempty"`
-}
-
-// StreamCreateVideoParameters are parameters used when creating a video.
-type StreamCreateVideoParameters struct {
-	AccountID             string
-	MaxDurationSeconds    int                     `json:"maxDurationSeconds,omitempty"`
-	Expiry                *time.Time              `json:"expiry,omitempty"`
-	Creator               string                  `json:"creator,omitempty"`
-	ThumbnailTimestampPct float64                 `json:"thumbnailTimestampPct,omitempty"`
-	AllowedOrigins        []string                `json:"allowedOrigins,omitempty"`
-	RequireSignedURLs     bool                    `json:"requireSignedURLs,omitempty"`
-	Watermark             UploadVideoURLWatermark `json:"watermark,omitempty"`
-	Meta                  map[string]interface{}  `json:"meta,omitempty"`
-	ScheduledDeletion     *time.Time              `json:"scheduledDeletion,omitempty"`
-}
-
-// UploadVideoURLWatermark represents UID of an existing watermark.
-type UploadVideoURLWatermark struct {
-	UID string `json:"uid,omitempty"`
-}
-
-// StreamVideoCreate represents parameters returned after creating a video.
-type StreamVideoCreate struct {
-	UploadURL         string               `json:"uploadURL,omitempty"`
-	UID               string               `json:"uid,omitempty"`
-	Watermark         StreamVideoWatermark `json:"watermark,omitempty"`
-	ScheduledDeletion *time.Time           `json:"scheduledDeletion,omitempty"`
-}
-
-// StreamParameters are the basic parameters needed.
-type StreamParameters struct {
-	AccountID string
-	VideoID   string
-}
-
-// StreamUploadFileParameters are parameters needed for file upload of a video.
-type StreamUploadFileParameters struct {
-	AccountID         string
-	VideoID           string
-	FilePath          string
-	ScheduledDeletion *time.Time
-}
-
-// StreamListParameters represents parameters used when listing stream videos.
-type StreamListParameters struct {
-	AccountID     string
-	VideoID       string
-	After         *time.Time `url:"after,omitempty"`
-	Before        *time.Time `url:"before,omitempty"`
-	Creator       string     `url:"creator,omitempty"`
-	IncludeCounts bool       `url:"include_counts,omitempty"`
-	Search        string     `url:"search,omitempty"`
-	Limit         int        `url:"limit,omitempty"`
-	Asc           bool       `url:"asc,omitempty"`
-	Status        string     `url:"status,omitempty"`
-}
-
-// StreamSignedURLParameters represent parameters used when creating a signed URL.
-type StreamSignedURLParameters struct {
-	AccountID    string
-	VideoID      string
-	ID           string             `json:"id,omitempty"`
-	PEM          string             `json:"pem,omitempty"`
-	EXP          int                `json:"exp,omitempty"`
-	NBF          int                `json:"nbf,omitempty"`
-	Downloadable bool               `json:"downloadable,omitempty"`
-	AccessRules  []StreamAccessRule `json:"accessRules,omitempty"`
-}
-
-type StreamInitiateTUSUploadParameters struct {
-	DirectUserUpload bool               `url:"direct_user,omitempty"`
-	TusResumable     TusProtocolVersion `url:"-"`
-	UploadLength     int64              `url:"-"`
-	UploadCreator    string             `url:"-"`
-	Metadata         TUSUploadMetadata  `url:"-"`
-}
-
-type StreamInitiateTUSUploadResponse struct {
-	ResponseHeaders http.Header
-}
-
-type TUSUploadMetadata struct {
-	Name                  string     `json:"name,omitempty"`
-	MaxDurationSeconds    int        `json:"maxDurationSeconds,omitempty"`
-	RequireSignedURLs     bool       `json:"requiresignedurls,omitempty"`
-	AllowedOrigins        string     `json:"allowedorigins,omitempty"`
-	ThumbnailTimestampPct float64    `json:"thumbnailtimestamppct,omitempty"`
-	ScheduledDeletion     *time.Time `json:"scheduledDeletion,omitempty"`
-	Expiry                *time.Time `json:"expiry,omitempty"`
-	Watermark             string     `json:"watermark,omitempty"`
-}
-
-func (t TUSUploadMetadata) ToTUSCsv() (string, error) {
-	var metadataValues []string
-	if t.Name != "" {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "name", base64.StdEncoding.EncodeToString([]byte(t.Name))))
-	}
-	if t.MaxDurationSeconds != 0 {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "maxDurationSeconds", base64.StdEncoding.EncodeToString([]byte(strconv.Itoa(t.MaxDurationSeconds)))))
-	}
-	if t.RequireSignedURLs {
-		metadataValues = append(metadataValues, "requiresignedurls")
-	}
-	if t.AllowedOrigins != "" {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "allowedorigins", base64.StdEncoding.EncodeToString([]byte(t.AllowedOrigins))))
-	}
-	if t.ThumbnailTimestampPct != 0 {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "thumbnailtimestamppct", base64.StdEncoding.EncodeToString([]byte(strconv.FormatFloat(t.ThumbnailTimestampPct, 'f', -1, 64)))))
-	}
-	if t.ScheduledDeletion != nil {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "scheduledDeletion", base64.StdEncoding.EncodeToString([]byte(t.ScheduledDeletion.Format(time.RFC3339)))))
-	}
-	if t.Expiry != nil {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "expiry", base64.StdEncoding.EncodeToString([]byte(t.Expiry.Format(time.RFC3339)))))
-	}
-	if t.Watermark != "" {
-		metadataValues = append(metadataValues, fmt.Sprintf("%s %s", "watermark", base64.StdEncoding.EncodeToString([]byte(t.Watermark))))
-	}
-
-	if len(metadataValues) > 0 {
-		return strings.Join(metadataValues, ","), nil
-	}
-
-	return "", nil
-}
-
-// StreamVideoResponse represents an API response of a stream video.
-type StreamVideoResponse struct {
-	Response
-	Result StreamVideo `json:"result,omitempty"`
-}
-
-// StreamVideoCreateResponse represents an API response of creating a stream video.
-type StreamVideoCreateResponse struct {
-	Response
-	Result StreamVideoCreate `json:"result,omitempty"`
-}
-
-// StreamListResponse represents the API response from a StreamListRequest.
-type StreamListResponse struct {
-	Response
-	Result []StreamVideo `json:"result,omitempty"`
-	Total  string        `json:"total,omitempty"`
-	Range  string        `json:"range,omitempty"`
-}
-
-// StreamSignedURLResponse represents an API response for a signed URL.
-type StreamSignedURLResponse struct {
-	Response
-	Result struct {
-		Token string `json:"token,omitempty"`
-	}
-}
-
-// StreamAccessRule represents the accessRules when creating a signed URL.
-type StreamAccessRule struct {
-	Type    string   `json:"type"`
-	Country []string `json:"country,omitempty"`
-	Action  string   `json:"action"`
-	IP      []string `json:"ip,omitempty"`
-}
-
-// StreamUploadFromURL send a video URL to it will be downloaded and made available on Stream.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-upload-a-video-from-a-url
-func (api *API) StreamUploadFromURL(ctx context.Context, params StreamUploadFromURLParameters) (StreamVideo, error) {
-	if params.AccountID == "" {
-		return StreamVideo{}, ErrMissingAccountID
-	}
-
-	if params.URL == "" {
-		return StreamVideo{}, ErrMissingUploadURL
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/copy", params.AccountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return StreamVideo{}, err
-	}
-
-	var streamVideoResponse StreamVideoResponse
-	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
-		return StreamVideo{}, err
-	}
-	return streamVideoResponse.Result, nil
-}
-
-// StreamUploadVideoFile uploads a video from a path to the file.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-upload-a-video-using-a-single-http-request
-func (api *API) StreamUploadVideoFile(ctx context.Context, params StreamUploadFileParameters) (StreamVideo, error) {
-	if params.AccountID == "" {
-		return StreamVideo{}, ErrMissingAccountID
-	}
-
-	if params.FilePath == "" {
-		return StreamVideo{}, ErrMissingFilePath
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream", params.AccountID)
-
-	// Create new multipart writer
-	body := &bytes.Buffer{}
-	writer := multipart.NewWriter(body)
-	formFile, err := writer.CreateFormFile("file", params.FilePath)
-	if err != nil {
-		return StreamVideo{}, err
-	}
-	file, err := os.Open(params.FilePath)
-	if err != nil {
-		return StreamVideo{}, err
-	}
-	if _, err := io.Copy(formFile, file); err != nil {
-		return StreamVideo{}, err
-	}
-	if err := writer.Close(); err != nil {
-		return StreamVideo{}, err
-	}
-
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPost, uri, body, http.Header{
-		"Accept":       []string{"application/json"},
-		"Content-Type": []string{writer.FormDataContentType()},
-	})
-	if err != nil {
-		return StreamVideo{}, err
-	}
-
-	var streamVideoResponse StreamVideoResponse
-	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
-		return StreamVideo{}, err
-	}
-	return streamVideoResponse.Result, nil
-}
-
-// StreamCreateVideoDirectURL creates a video and returns an authenticated URL.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-create-a-video-and-get-authenticated-direct-upload-url
-func (api *API) StreamCreateVideoDirectURL(ctx context.Context, params StreamCreateVideoParameters) (StreamVideoCreate, error) {
-	if params.AccountID == "" {
-		return StreamVideoCreate{}, ErrMissingAccountID
-	}
-
-	if params.MaxDurationSeconds == 0 {
-		return StreamVideoCreate{}, ErrMissingMaxDuration
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/direct_upload", params.AccountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return StreamVideoCreate{}, err
-	}
-
-	var streamVideoCreateResponse StreamVideoCreateResponse
-	if err := json.Unmarshal(res, &streamVideoCreateResponse); err != nil {
-		return StreamVideoCreate{}, err
-	}
-	return streamVideoCreateResponse.Result, nil
-}
-
-// StreamListVideos list videos currently in stream.
-//
-// API reference: https://api.cloudflare.com/#stream-videos-list-videos
-func (api *API) StreamListVideos(ctx context.Context, params StreamListParameters) ([]StreamVideo, error) {
-	if params.AccountID == "" {
-		return []StreamVideo{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/stream", params.AccountID), params)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []StreamVideo{}, err
-	}
-
-	var streamListResponse StreamListResponse
-	if err := json.Unmarshal(res, &streamListResponse); err != nil {
-		return []StreamVideo{}, err
-	}
-	return streamListResponse.Result, nil
-}
-
-// StreamInitiateTUSVideoUpload generates a direct upload TUS url for a video.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/stream-videos-initiate-video-uploads-using-tus
-func (api *API) StreamInitiateTUSVideoUpload(ctx context.Context, rc *ResourceContainer, params StreamInitiateTUSUploadParameters) (StreamInitiateTUSUploadResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return StreamInitiateTUSUploadResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	headers := http.Header{}
-	if params.TusResumable == "" {
-		return StreamInitiateTUSUploadResponse{}, ErrMissingTusResumable
-	} else if params.TusResumable != TusProtocolVersion1_0_0 {
-		return StreamInitiateTUSUploadResponse{}, ErrInvalidTusResumable
-	} else {
-		headers.Set("Tus-Resumable", string(params.TusResumable))
-	}
-
-	if params.UploadLength == 0 {
-		return StreamInitiateTUSUploadResponse{}, ErrMissingUploadLength
-	} else {
-		headers.Set("Upload-Length", strconv.FormatInt(params.UploadLength, 10))
-	}
-
-	if params.UploadCreator != "" {
-		headers.Set("Upload-Creator", params.UploadCreator)
-	}
-
-	metadataTusCsv, err := params.Metadata.ToTUSCsv()
-	if err != nil {
-		return StreamInitiateTUSUploadResponse{}, ErrMarshallingTUSMetadata
-	}
-	if metadataTusCsv != "" {
-		headers.Set("Upload-Metadata", metadataTusCsv)
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/stream", rc.Identifier), params)
-	res, err := api.makeRequestWithAuthTypeAndHeadersComplete(ctx, http.MethodPost, uri, nil, api.authType, headers)
-	if err != nil {
-		return StreamInitiateTUSUploadResponse{}, err
-	}
-
-	if res.StatusCode != http.StatusCreated {
-		return StreamInitiateTUSUploadResponse{}, ErrInvalidStatusCode
-	}
-
-	return StreamInitiateTUSUploadResponse{ResponseHeaders: res.Headers}, nil
-}
-
-// StreamGetVideo gets the details for a specific video.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-video-details
-func (api *API) StreamGetVideo(ctx context.Context, options StreamParameters) (StreamVideo, error) {
-	if options.AccountID == "" {
-		return StreamVideo{}, ErrMissingAccountID
-	}
-
-	if options.VideoID == "" {
-		return StreamVideo{}, ErrMissingVideoID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return StreamVideo{}, err
-	}
-	var streamVideoResponse StreamVideoResponse
-	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
-		return StreamVideo{}, err
-	}
-	return streamVideoResponse.Result, nil
-}
-
-// StreamEmbedHTML gets an HTML fragment to embed on a web page.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-embed-code-html
-func (api *API) StreamEmbedHTML(ctx context.Context, options StreamParameters) (string, error) {
-	if options.AccountID == "" {
-		return "", ErrMissingAccountID
-	}
-
-	if options.VideoID == "" {
-		return "", ErrMissingVideoID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/%s/embed", options.AccountID, options.VideoID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	if err != nil {
-		return "", err
-	}
-	return string(res), nil
-}
-
-// StreamDeleteVideo deletes a video.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-delete-video
-func (api *API) StreamDeleteVideo(ctx context.Context, options StreamParameters) error {
-	if options.AccountID == "" {
-		return ErrMissingAccountID
-	}
-
-	if options.VideoID == "" {
-		return ErrMissingVideoID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
-	if _, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil); err != nil {
-		return err
-	}
-	return nil
-}
-
-// StreamAssociateNFT associates a video to a token and contract address.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-associate-video-to-an-nft
-func (api *API) StreamAssociateNFT(ctx context.Context, options StreamVideoNFTParameters) (StreamVideo, error) {
-	if options.AccountID == "" {
-		return StreamVideo{}, ErrMissingAccountID
-	}
-
-	if options.VideoID == "" {
-		return StreamVideo{}, ErrMissingVideoID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/%s", options.AccountID, options.VideoID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, options)
-	if err != nil {
-		return StreamVideo{}, err
-	}
-	var streamVideoResponse StreamVideoResponse
-	if err := json.Unmarshal(res, &streamVideoResponse); err != nil {
-		return StreamVideo{}, err
-	}
-	return streamVideoResponse.Result, nil
-}
-
-// StreamCreateSignedURL creates a signed URL token for a video.
-//
-// API Reference: https://api.cloudflare.com/#stream-videos-associate-video-to-an-nft
-func (api *API) StreamCreateSignedURL(ctx context.Context, params StreamSignedURLParameters) (string, error) {
-	if params.AccountID == "" {
-		return "", ErrMissingAccountID
-	}
-	if params.VideoID == "" {
-		return "", ErrMissingVideoID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/stream/%s/token", params.AccountID, params.VideoID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-
-	if err != nil {
-		return "", err
-	}
-	var streamSignedResponse StreamSignedURLResponse
-	if err := json.Unmarshal(res, &streamSignedResponse); err != nil {
-		return "", err
-	}
-	return streamSignedResponse.Result.Token, nil
-}
diff --git a/pkg/cloudflare-go/stream_test.go b/pkg/cloudflare-go/stream_test.go
deleted file mode 100644
index 510e2bb5a7..0000000000
--- a/pkg/cloudflare-go/stream_test.go
+++ /dev/null
@@ -1,659 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const (
-	singleStreamResponse = `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "allowedOrigins": [
-      "example.com"
-    ],
-    "created": "2014-01-02T02:20:00Z",
-    "duration": 300.5,
-    "input": {
-      "height": 1080,
-      "width": 1920
-    },
-    "maxDurationSeconds": 300,
-    "meta": {
-	  "name": "My First Stream Video"
-	},
-    "modified": "2014-01-02T02:20:00Z",
-    "uploadExpiry": "2014-01-02T02:20:00Z",
-    "playback": {
-      "hls": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8",
-      "dash": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd"
-    },
-    "preview": "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
-    "readyToStream": true,
-    "requireSignedURLs": true,
-    "size": 4190963,
-    "status": {
-      "state": "inprogress",
-      "pctComplete": "51",
-      "errorReasonCode": "ERR_NON_VIDEO",
-      "errorReasonText": "The file was not recognized as a valid video file."
-    },
-    "thumbnail": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
-    "thumbnailTimestampPct": 0.529241,
-    "uid": "ea95132c15732412d22c1476fa83f27a",
-    "creator": "creator-id_abcde12345",
-    "liveInput": "fc0a8dc887b16759bfd9ad922230a014",
-    "uploaded": "2014-01-02T02:20:00Z",
-    "watermark": {
-      "uid": "ea95132c15732412d22c1476fa83f27a",
-      "size": 29472,
-      "height": 600,
-      "width": 400,
-      "created": "2014-01-02T02:20:00Z",
-      "downloadedFrom": "https://company.com/logo.png",
-      "name": "Marketing Videos",
-      "opacity": 0.75,
-      "padding": 0.1,
-      "scale": 0.1,
-      "position": "center"
-    },
-    "nft": {
-      "contract": "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
-      "token": 5
-    },
-	"scheduledDeletion": "2014-01-02T02:20:00Z"
-  }
-}
-`
-	testVideoID = "ea95132c15732412d22c1476fa83f27a"
-)
-
-var (
-	TestVideoStruct = createTestVideo()
-)
-
-func createTestVideo() StreamVideo {
-	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	modified, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	uploadexpiry, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	uploaded, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-
-	return StreamVideo{
-		AllowedOrigins:     []string{"example.com"},
-		Created:            &created,
-		Duration:           300.5,
-		Input:              StreamVideoInput{Height: 1080, Width: 1920},
-		MaxDurationSeconds: 300,
-		Modified:           &modified,
-		UploadExpiry:       &uploadexpiry,
-		Playback:           StreamVideoPlayback{Dash: "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd", HLS: "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8"},
-		Preview:            "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
-		ReadyToStream:      true,
-		RequireSignedURLs:  true,
-		Size:               4190963,
-		Status: StreamVideoStatus{
-			State:           "inprogress",
-			PctComplete:     "51",
-			ErrorReasonCode: "ERR_NON_VIDEO",
-			ErrorReasonText: "The file was not recognized as a valid video file.",
-		},
-		Thumbnail:             "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
-		ThumbnailTimestampPct: 0.529241,
-		UID:                   "ea95132c15732412d22c1476fa83f27a",
-		Creator:               "creator-id_abcde12345",
-		LiveInput:             "fc0a8dc887b16759bfd9ad922230a014",
-		Uploaded:              &uploaded,
-		Watermark: StreamVideoWatermark{
-			UID:            "ea95132c15732412d22c1476fa83f27a",
-			Size:           29472,
-			Height:         600,
-			Width:          400,
-			Created:        &created,
-			DownloadedFrom: "https://company.com/logo.png",
-			Name:           "Marketing Videos",
-			Opacity:        0.75,
-			Padding:        0.1,
-			Scale:          0.1,
-			Position:       "center",
-		},
-		Meta: map[string]interface{}{
-			"name": "My First Stream Video",
-		},
-		NFT: StreamVideoNFTParameters{
-			Token:    5,
-			Contract: "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
-		},
-		ScheduledDeletion: &scheduledDuration,
-	}
-}
-
-func TestStream_StreamUploadFromURL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/copy", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, singleStreamResponse)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.StreamUploadFromURL(context.Background(), StreamUploadFromURLParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing upload URL is thrown
-	_, err = client.StreamUploadFromURL(context.Background(), StreamUploadFromURLParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingUploadURL, err)
-	}
-
-	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-
-	want := TestVideoStruct
-	input := StreamUploadFromURLParameters{
-		AccountID: testAccountID,
-		URL:       "https://example.com/myvideo.mp4",
-		Meta: map[string]interface{}{
-			"name": "My First Stream Video",
-		},
-		ScheduledDeletion: &scheduledDuration,
-	}
-
-	out, err := client.StreamUploadFromURL(context.Background(), input)
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
-
-func TestStream_UploadVideoFile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, singleStreamResponse)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.StreamUploadVideoFile(context.Background(), StreamUploadFileParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure missing file path is thrown
-	_, err = client.StreamUploadVideoFile(context.Background(), StreamUploadFileParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingFilePath, err)
-	}
-
-	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-
-	input := StreamUploadFileParameters{
-		AccountID:         testAccountID,
-		VideoID:           testVideoID,
-		FilePath:          "stream_test.go",
-		ScheduledDeletion: &scheduledDuration,
-	}
-
-	out, err := client.StreamUploadVideoFile(context.Background(), input)
-
-	want := TestVideoStruct
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
-
-func TestStream_CreateVideoDirectURL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/direct_upload", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "uploadURL": "www.example.com/samplepath",
-    "uid": "ea95132c15732412d22c1476fa83f27a",
-    "watermark": {
-      "uid": "ea95132c15732412d22c1476fa83f27a",
-      "size": 29472,
-      "height": 600,
-      "width": 400,
-      "created": "2014-01-02T02:20:00Z",
-      "downloadedFrom": "https://company.com/logo.png",
-      "name": "Marketing Videos",
-      "opacity": 0.75,
-      "padding": 0.1,
-      "scale": 0.1,
-      "position": "center"
-    },
-	"scheduledDeletion": "2014-01-02T02:20:00Z"
-  }
-}
-`)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamCreateVideoDirectURL(context.Background(), StreamCreateVideoParameters{})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure MaxDuration is required
-	_, err = client.StreamCreateVideoDirectURL(context.Background(), StreamCreateVideoParameters{AccountID: testAccountID})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingMaxDuration, err)
-	}
-
-	scheduledDuration, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-
-	input := StreamCreateVideoParameters{
-		AccountID:          testAccountID,
-		MaxDurationSeconds: 300,
-		Meta: map[string]interface{}{
-			"name": "My First Stream Video",
-		},
-		ScheduledDeletion: &scheduledDuration,
-	}
-
-	out, err := client.StreamCreateVideoDirectURL(context.Background(), input)
-
-	created, _ := time.Parse(time.RFC3339, "2014-01-02T02:20:00Z")
-
-	want := StreamVideoCreate{
-		UploadURL: "www.example.com/samplepath",
-		UID:       "ea95132c15732412d22c1476fa83f27a",
-		Watermark: StreamVideoWatermark{
-			UID:            "ea95132c15732412d22c1476fa83f27a",
-			Size:           29472,
-			Height:         600,
-			Width:          400,
-			Created:        &created,
-			DownloadedFrom: "https://company.com/logo.png",
-			Name:           "Marketing Videos",
-			Opacity:        0.75,
-			Padding:        0.1,
-			Scale:          0.1,
-			Position:       "center",
-		},
-		ScheduledDeletion: &scheduledDuration,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, out, want, "structs not equal")
-	}
-}
-
-func TestStream_ListVideos(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [{
-    "allowedOrigins": [
-      "example.com"
-    ],
-    "created": "2014-01-02T02:20:00Z",
-    "duration": 300.5,
-    "input": {
-      "height": 1080,
-      "width": 1920
-    },
-    "maxDurationSeconds": 300,
-    "meta": {
-	  "name": "My First Stream Video"
-	},
-    "modified": "2014-01-02T02:20:00Z",
-    "uploadExpiry": "2014-01-02T02:20:00Z",
-    "playback": {
-      "hls": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.m3u8",
-      "dash": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/manifest/video.mpd"
-    },
-    "preview": "https://watch.cloudflarestream.com/ea95132c15732412d22c1476fa83f27a",
-    "readyToStream": true,
-    "requireSignedURLs": true,
-    "size": 4190963,
-    "status": {
-      "state": "inprogress",
-      "pctComplete": "51",
-      "errorReasonCode": "ERR_NON_VIDEO",
-      "errorReasonText": "The file was not recognized as a valid video file."
-    },
-    "thumbnail": "https://videodelivery.net/ea95132c15732412d22c1476fa83f27a/thumbnails/thumbnail.jpg",
-    "thumbnailTimestampPct": 0.529241,
-    "uid": "ea95132c15732412d22c1476fa83f27a",
-    "creator": "creator-id_abcde12345",
-    "liveInput": "fc0a8dc887b16759bfd9ad922230a014",
-    "uploaded": "2014-01-02T02:20:00Z",
-    "watermark": {
-      "uid": "ea95132c15732412d22c1476fa83f27a",
-      "size": 29472,
-      "height": 600,
-      "width": 400,
-      "created": "2014-01-02T02:20:00Z",
-      "downloadedFrom": "https://company.com/logo.png",
-      "name": "Marketing Videos",
-      "opacity": 0.75,
-      "padding": 0.1,
-      "scale": 0.1,
-      "position": "center"
-    },
-    "nft": {
-      "contract": "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85",
-      "token": 5
-    },
- 	"scheduledDeletion": "2014-01-02T02:20:00Z"
-  }]
-}
-`)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamListVideos(context.Background(), StreamListParameters{})
-
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	out, err := client.StreamListVideos(context.Background(), StreamListParameters{AccountID: testAccountID})
-	want := TestVideoStruct
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, len(out), 1, "length of videos is not one")
-		assert.Equal(t, out[0], want, "structs not equal")
-	}
-}
-
-func TestStream_GetVideo(t *testing.T) {
-	setup()
-	defer teardown()
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, singleStreamResponse)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamGetVideo(context.Background(), StreamParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure VideoID is required
-	_, err = client.StreamGetVideo(context.Background(), StreamParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingVideoID, err)
-	}
-
-	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
-	out, err := client.StreamGetVideo(context.Background(), input)
-
-	want := TestVideoStruct
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestStream_DeleteVideo(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {}
-		}`)
-	})
-
-	// Make sure AccountID is required
-	err := client.StreamDeleteVideo(context.Background(), StreamParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure VideoID is required
-	err = client.StreamDeleteVideo(context.Background(), StreamParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingVideoID, err)
-	}
-
-	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
-	err = client.StreamDeleteVideo(context.Background(), input)
-	require.NoError(t, err)
-}
-
-func TestStream_EmbedHTML(t *testing.T) {
-	setup()
-	defer teardown()
-
-	streamHTML := `<stream id="ea95132c15732412d22c1476fa83f27a"></stream><script data-cfasync="false" defer type="text/javascript" src="https://embed.cloudflarestream.com/embed/we4g.fla9.latest.js"></script>`
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID+"/embed", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "text/html")
-		fmt.Fprint(w, streamHTML)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamEmbedHTML(context.Background(), StreamParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure VideoID is required
-	_, err = client.StreamEmbedHTML(context.Background(), StreamParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingVideoID, err)
-	}
-
-	input := StreamParameters{AccountID: testAccountID, VideoID: testVideoID}
-	out, err := client.StreamEmbedHTML(context.Background(), input)
-	if assert.NoError(t, err) {
-		assert.Equal(t, streamHTML, out, "bad html output")
-	}
-}
-
-func TestStream_AssociateNFT(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		fmt.Fprint(w, singleStreamResponse)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamAssociateNFT(context.Background(), StreamVideoNFTParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure VideoID is required
-	_, err = client.StreamAssociateNFT(context.Background(), StreamVideoNFTParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingVideoID, err)
-	}
-
-	input := StreamVideoNFTParameters{AccountID: testAccountID, VideoID: testVideoID, Token: 5, Contract: "0x57f1887a8bf19b14fc0d912b9b2acc9af147ea85"}
-	out, err := client.StreamAssociateNFT(context.Background(), input)
-
-	want := TestVideoStruct
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestStream_CreateSignedURL(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream/"+testVideoID+"/token", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		fmt.Fprint(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIn0.eyJzdWIiOiJlYTk1MTMyYzE1NzMyNDEyZDIyYzE0NzZmYTgzZjI3YSIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIiwiZXhwIjoiMTUzNzQ2MDM2NSIsIm5iZiI6IjE1Mzc0NTMxNjUifQ.OZhqOARADn1iubK6GKcn25hN3nU-hCFF5q9w2C4yup0C4diG7aMIowiRpP-eDod8dbAJubsiFuTKrqPcmyCKWYsiv0TQueukqbQlF7HCO1TV-oF6El5-7ldJ46eD-ZQ0XgcIYEKrQOYFF8iDQbqPm3REWd6BnjKZdeVrLzuRaiSnZ9qqFpGu5dfxIY9-nZKDubJHqCr3Imtb211VIG_b9MdtO92JjvkDS-rxT_pkEfTZSafl1OU-98A7KBGtPSJHz2dHORIrUiTA6on4eIXTj9aFhGiir4rSn-rn0OjPRTtJMWIDMoQyE_fwrSYzB7MPuzL2t82BWaEbHZTfixBm5A"
-  }
-}`)
-	})
-
-	// Make sure AccountID is required
-	_, err := client.StreamCreateSignedURL(context.Background(), StreamSignedURLParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	// Make sure VideoID is required
-	_, err = client.StreamCreateSignedURL(context.Background(), StreamSignedURLParameters{AccountID: testAccountID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingVideoID, err)
-	}
-
-	input := StreamSignedURLParameters{AccountID: testAccountID, VideoID: testVideoID}
-	out, err := client.StreamCreateSignedURL(context.Background(), input)
-
-	want := "eyJhbGciOiJSUzI1NiIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIn0.eyJzdWIiOiJlYTk1MTMyYzE1NzMyNDEyZDIyYzE0NzZmYTgzZjI3YSIsImtpZCI6ImU5ZGI5OTBhODI2NjZkZDU3MWM3N2Y5NDRhNWM1YzhkIiwiZXhwIjoiMTUzNzQ2MDM2NSIsIm5iZiI6IjE1Mzc0NTMxNjUifQ.OZhqOARADn1iubK6GKcn25hN3nU-hCFF5q9w2C4yup0C4diG7aMIowiRpP-eDod8dbAJubsiFuTKrqPcmyCKWYsiv0TQueukqbQlF7HCO1TV-oF6El5-7ldJ46eD-ZQ0XgcIYEKrQOYFF8iDQbqPm3REWd6BnjKZdeVrLzuRaiSnZ9qqFpGu5dfxIY9-nZKDubJHqCr3Imtb211VIG_b9MdtO92JjvkDS-rxT_pkEfTZSafl1OU-98A7KBGtPSJHz2dHORIrUiTA6on4eIXTj9aFhGiir4rSn-rn0OjPRTtJMWIDMoQyE_fwrSYzB7MPuzL2t82BWaEbHZTfixBm5A"
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestStream_TUSUploadMetadataToTUSCsv(t *testing.T) {
-	md := TUSUploadMetadata{
-		Name: "test.mp4",
-	}
-	csv, err := md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=", csv)
-
-	md.RequireSignedURLs = true
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls", csv)
-
-	md.AllowedOrigins = "example.com"
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=", csv)
-
-	md.ThumbnailTimestampPct = 0.5
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41", csv)
-
-	scheduleDeletion, _ := time.Parse(time.RFC3339, "2023-10-01T02:20:00Z")
-	md.ScheduledDeletion = &scheduleDeletion
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=", csv)
-
-	expiry, _ := time.Parse(time.RFC3339, "2023-09-25T02:45:00Z")
-	md.Expiry = &expiry
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=", csv)
-
-	md.Watermark = "watermark-profile-uid"
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=,watermark d2F0ZXJtYXJrLXByb2ZpbGUtdWlk", csv)
-
-	md.MaxDurationSeconds = 300
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "name dGVzdC5tcDQ=,maxDurationSeconds MzAw,requiresignedurls,allowedorigins ZXhhbXBsZS5jb20=,thumbnailtimestamppct MC41,scheduledDeletion MjAyMy0xMC0wMVQwMjoyMDowMFo=,expiry MjAyMy0wOS0yNVQwMjo0NTowMFo=,watermark d2F0ZXJtYXJrLXByb2ZpbGUtdWlk", csv)
-
-	// empty metadata should return empty string
-	md = TUSUploadMetadata{}
-	csv, err = md.ToTUSCsv()
-	assert.NoError(t, err)
-	assert.Equal(t, "", csv)
-}
-
-func TestStream_StreamInitiateTUSVideoUpload(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/stream", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		// Make sure Tus-Resumable header is set
-		assert.Equal(t, "1.0.0", r.Header.Get("Tus-Resumable"))
-		// Make sure Upload-Length header is set
-		assert.Equal(t, "123", r.Header.Get("Upload-Length"))
-		// set the response headers
-		// if query param direct_user=true, then return the direct url in the header
-		if r.URL.Query().Get("direct_user") == "true" {
-			w.Header().Set("Location", "https://upload.videodelivery.net/tus/90c68cb5cd4fd5350b1962279c90bec0?tusv2=true")
-		} else {
-			w.Header().Set("Location", "https://api.cloudflare.com/client/v4/accounts/"+testAccountID+"/media/278f2a7e763c73dedc064b965d2cfbed?tusv2=true")
-		}
-
-		w.Header().Set("stream-media-id", "278f2a7e763c73dedc064b965d2cfbed")
-		w.Header().Set("Tus-Resumable", "1.0.0")
-		w.WriteHeader(http.StatusCreated)
-	})
-
-	// Make sure Tus-Resumable header is set
-	params := StreamInitiateTUSUploadParameters{}
-	_, err := client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingTusResumable, err)
-	}
-	params.TusResumable = TusProtocolVersion1_0_0
-
-	// Make sure Upload-Length header is set
-	_, err = client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingUploadLength, err)
-	}
-	params.UploadLength = 123
-
-	out, err := client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, "https://api.cloudflare.com/client/v4/accounts/"+testAccountID+"/media/278f2a7e763c73dedc064b965d2cfbed?tusv2=true", out.ResponseHeaders.Get("Location"))
-		assert.Equal(t, "278f2a7e763c73dedc064b965d2cfbed", out.ResponseHeaders.Get("stream-media-id"))
-		assert.Equal(t, "1.0.0", out.ResponseHeaders.Get("Tus-Resumable"))
-	}
-
-	params.DirectUserUpload = true
-	out, err = client.StreamInitiateTUSVideoUpload(context.Background(), AccountIdentifier(testAccountID), params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, "https://upload.videodelivery.net/tus/90c68cb5cd4fd5350b1962279c90bec0?tusv2=true", out.ResponseHeaders.Get("Location"))
-		assert.Equal(t, "278f2a7e763c73dedc064b965d2cfbed", out.ResponseHeaders.Get("stream-media-id"))
-		assert.Equal(t, "1.0.0", out.ResponseHeaders.Get("Tus-Resumable"))
-	}
-}
diff --git a/pkg/cloudflare-go/sts.go b/pkg/cloudflare-go/sts.go
deleted file mode 100644
index 350e5cb085..0000000000
--- a/pkg/cloudflare-go/sts.go
+++ /dev/null
@@ -1,101 +0,0 @@
-package cloudflare
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-
-	"github.com/goccy/go-json"
-
-	"github.com/hashicorp/go-retryablehttp"
-)
-
-var (
-	ErrSTSFailure               = errors.New("failed to fetch security token")
-	ErrSTSHTTPFailure           = errors.New("failed making securtiy token issuer call")
-	ErrSTSHTTPResponseError     = errors.New("security token request returned a failure")
-	ErrSTSMissingServiceSecret  = errors.New("service secret missing but is required")
-	ErrSTSMissingServiceTag     = errors.New("service tag missing but is required")
-	ErrSTSMissingIssuerHostname = errors.New("issuer hostname missing but is required")
-	ErrSTSMissingServicePath    = errors.New("issuer path missing but is required")
-)
-
-// IssuerConfiguration allows the configuration of the issuance provider.
-type IssuerConfiguration struct {
-	Hostname string
-	Path     string
-}
-
-// SecurityTokenConfiguration holds the configuration for requesting a security
-// token from the service.
-type SecurityTokenConfiguration struct {
-	Issuer     *IssuerConfiguration
-	ServiceTag string
-	Secret     string
-}
-
-type securityToken struct {
-	Token string `json:"json_web_token"`
-}
-
-type securityTokenResponse struct {
-	Result securityToken `json:"result"`
-	Response
-}
-
-// fetchSTSCredentials provides a way to authenticate with the security token
-// service and issue a usable token for the system.
-func fetchSTSCredentials(stsConfig *SecurityTokenConfiguration) (string, error) {
-	if stsConfig.Secret == "" {
-		return "", ErrSTSMissingServiceSecret
-	}
-
-	if stsConfig.ServiceTag == "" {
-		return "", ErrSTSMissingServiceTag
-	}
-
-	if stsConfig.Issuer.Hostname == "" {
-		return "", ErrSTSMissingIssuerHostname
-	}
-
-	if stsConfig.Issuer.Path == "" {
-		return "", ErrSTSMissingServicePath
-	}
-
-	retryableClient := retryablehttp.NewClient()
-	retryableClient.RetryMax = 3
-	stsClient := retryableClient.StandardClient()
-
-	uri := fmt.Sprintf("https://%s%s", stsConfig.Issuer.Hostname, stsConfig.Issuer.Path)
-	req, err := http.NewRequest(http.MethodGet, uri, nil)
-	if err != nil {
-		return "", fmt.Errorf("HTTP request creation failed: %w", err)
-	}
-
-	req.Header.Set("Authorization", "Bearer "+stsConfig.ServiceTag+stsConfig.Secret)
-
-	resp, err := stsClient.Do(req)
-	if err != nil {
-		return "", ErrSTSHTTPFailure
-	}
-
-	var respBody []byte
-	respBody, err = io.ReadAll(resp.Body)
-	if err != nil {
-		return "", fmt.Errorf("failed to read response body: %w", err)
-	}
-	resp.Body.Close()
-
-	var stsTokenResponse *securityTokenResponse
-	err = json.Unmarshal(respBody, &stsTokenResponse)
-	if err != nil {
-		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !stsTokenResponse.Success {
-		return "", ErrSTSHTTPResponseError
-	}
-
-	return stsTokenResponse.Result.Token, nil
-}
diff --git a/pkg/cloudflare-go/teams_accounts.go b/pkg/cloudflare-go/teams_accounts.go
deleted file mode 100644
index 3472fa4874..0000000000
--- a/pkg/cloudflare-go/teams_accounts.go
+++ /dev/null
@@ -1,338 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type TeamsAccount struct {
-	GatewayTag   string `json:"gateway_tag"`   // Internal teams ID
-	ProviderName string `json:"provider_name"` // Auth provider
-	ID           string `json:"id"`            // cloudflare account ID
-}
-
-// TeamsAccountResponse is the API response, containing information on teams
-// account.
-type TeamsAccountResponse struct {
-	Response
-	Result TeamsAccount `json:"result"`
-}
-
-// TeamsConfigResponse is the API response, containing information on teams
-// account config.
-type TeamsConfigResponse struct {
-	Response
-	Result TeamsConfiguration `json:"result"`
-}
-
-// TeamsConfiguration data model.
-type TeamsConfiguration struct {
-	Settings  TeamsAccountSettings `json:"settings"`
-	CreatedAt time.Time            `json:"created_at,omitempty"`
-	UpdatedAt time.Time            `json:"updated_at,omitempty"`
-}
-
-type TeamsAccountSettings struct {
-	Antivirus             *TeamsAntivirus             `json:"antivirus,omitempty"`
-	TLSDecrypt            *TeamsTLSDecrypt            `json:"tls_decrypt,omitempty"`
-	ActivityLog           *TeamsActivityLog           `json:"activity_log,omitempty"`
-	BlockPage             *TeamsBlockPage             `json:"block_page,omitempty"`
-	BrowserIsolation      *BrowserIsolation           `json:"browser_isolation,omitempty"`
-	FIPS                  *TeamsFIPS                  `json:"fips,omitempty"`
-	ProtocolDetection     *TeamsProtocolDetection     `json:"protocol_detection,omitempty"`
-	BodyScanning          *TeamsBodyScanning          `json:"body_scanning,omitempty"`
-	ExtendedEmailMatching *TeamsExtendedEmailMatching `json:"extended_email_matching,omitempty"`
-	CustomCertificate     *TeamsCustomCertificate     `json:"custom_certificate,omitempty"`
-}
-
-type BrowserIsolation struct {
-	UrlBrowserIsolationEnabled *bool `json:"url_browser_isolation_enabled,omitempty"`
-	NonIdentityEnabled         *bool `json:"non_identity_enabled,omitempty"`
-}
-
-type TeamsAntivirus struct {
-	EnabledDownloadPhase bool                       `json:"enabled_download_phase"`
-	EnabledUploadPhase   bool                       `json:"enabled_upload_phase"`
-	FailClosed           bool                       `json:"fail_closed"`
-	NotificationSettings *TeamsNotificationSettings `json:"notification_settings"`
-}
-
-type TeamsFIPS struct {
-	TLS bool `json:"tls"`
-}
-
-type TeamsTLSDecrypt struct {
-	Enabled bool `json:"enabled"`
-}
-
-type TeamsProtocolDetection struct {
-	Enabled bool `json:"enabled"`
-}
-
-type TeamsActivityLog struct {
-	Enabled bool `json:"enabled"`
-}
-
-type TeamsBlockPage struct {
-	Enabled         *bool  `json:"enabled,omitempty"`
-	FooterText      string `json:"footer_text,omitempty"`
-	HeaderText      string `json:"header_text,omitempty"`
-	LogoPath        string `json:"logo_path,omitempty"`
-	BackgroundColor string `json:"background_color,omitempty"`
-	Name            string `json:"name,omitempty"`
-	MailtoAddress   string `json:"mailto_address,omitempty"`
-	MailtoSubject   string `json:"mailto_subject,omitempty"`
-	SuppressFooter  *bool  `json:"suppress_footer,omitempty"`
-}
-
-type TeamsInspectionMode = string
-
-const (
-	TeamsShallowInspectionMode TeamsInspectionMode = "shallow"
-	TeamsDeepInspectionMode    TeamsInspectionMode = "deep"
-)
-
-type TeamsBodyScanning struct {
-	InspectionMode TeamsInspectionMode `json:"inspection_mode,omitempty"`
-}
-
-type TeamsExtendedEmailMatching struct {
-	Enabled *bool `json:"enabled,omitempty"`
-}
-
-type TeamsCustomCertificate struct {
-	Enabled       *bool      `json:"enabled,omitempty"`
-	ID            string     `json:"id,omitempty"`
-	BindingStatus string     `json:"binding_status,omitempty"`
-	QsPackId      string     `json:"qs_pack_id,omitempty"`
-	UpdatedAt     *time.Time `json:"updated_at,omitempty"`
-}
-
-type TeamsRuleType = string
-
-const (
-	TeamsHttpRuleType TeamsRuleType = "http"
-	TeamsDnsRuleType  TeamsRuleType = "dns"
-	TeamsL4RuleType   TeamsRuleType = "l4"
-)
-
-type TeamsAccountLoggingConfiguration struct {
-	LogAll    bool `json:"log_all"`
-	LogBlocks bool `json:"log_blocks"`
-}
-
-type TeamsLoggingSettings struct {
-	LoggingSettingsByRuleType map[TeamsRuleType]TeamsAccountLoggingConfiguration `json:"settings_by_rule_type"`
-	RedactPii                 bool                                               `json:"redact_pii,omitempty"`
-}
-
-type TeamsDeviceSettings struct {
-	GatewayProxyEnabled                bool  `json:"gateway_proxy_enabled"`
-	GatewayProxyUDPEnabled             bool  `json:"gateway_udp_proxy_enabled"`
-	RootCertificateInstallationEnabled bool  `json:"root_certificate_installation_enabled"`
-	UseZTVirtualIP                     *bool `json:"use_zt_virtual_ip"`
-}
-
-type TeamsDeviceSettingsResponse struct {
-	Response
-	Result TeamsDeviceSettings `json:"result"`
-}
-
-type TeamsLoggingSettingsResponse struct {
-	Response
-	Result TeamsLoggingSettings `json:"result"`
-}
-
-type TeamsConnectivitySettings struct {
-	ICMPProxyEnabled   *bool `json:"icmp_proxy_enabled"`
-	OfframpWARPEnabled *bool `json:"offramp_warp_enabled"`
-}
-
-type TeamsAccountConnectivitySettingsResponse struct {
-	Response
-	Result TeamsConnectivitySettings `json:"result"`
-}
-
-// TeamsAccount returns teams account information with internal and external ID.
-//
-// API reference: TBA.
-func (api *API) TeamsAccount(ctx context.Context, accountID string) (TeamsAccount, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsAccount{}, err
-	}
-
-	var teamsAccountResponse TeamsAccountResponse
-	err = json.Unmarshal(res, &teamsAccountResponse)
-	if err != nil {
-		return TeamsAccount{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsAccountResponse.Result, nil
-}
-
-// TeamsAccountConfiguration returns teams account configuration.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountConfiguration(ctx context.Context, accountID string) (TeamsConfiguration, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/configuration", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsConfiguration{}, err
-	}
-
-	var teamsConfigResponse TeamsConfigResponse
-	err = json.Unmarshal(res, &teamsConfigResponse)
-	if err != nil {
-		return TeamsConfiguration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConfigResponse.Result, nil
-}
-
-// TeamsAccountDeviceConfiguration returns teams account device configuration with udp status.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountDeviceConfiguration(ctx context.Context, accountID string) (TeamsDeviceSettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/devices/settings", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsDeviceSettings{}, err
-	}
-
-	var teamsDeviceResponse TeamsDeviceSettingsResponse
-	err = json.Unmarshal(res, &teamsDeviceResponse)
-	if err != nil {
-		return TeamsDeviceSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsDeviceResponse.Result, nil
-}
-
-// TeamsAccountLoggingConfiguration returns teams account logging configuration.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountLoggingConfiguration(ctx context.Context, accountID string) (TeamsLoggingSettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/logging", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsLoggingSettings{}, err
-	}
-
-	var teamsConfigResponse TeamsLoggingSettingsResponse
-	err = json.Unmarshal(res, &teamsConfigResponse)
-	if err != nil {
-		return TeamsLoggingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConfigResponse.Result, nil
-}
-
-// TeamsAccountConnectivityConfiguration returns zero trust account connectivity settings.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-get-connectivity-settings
-func (api *API) TeamsAccountConnectivityConfiguration(ctx context.Context, accountID string) (TeamsConnectivitySettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsConnectivitySettings{}, err
-	}
-
-	var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse
-	err = json.Unmarshal(res, &teamsConnectivityResponse)
-	if err != nil {
-		return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConnectivityResponse.Result, nil
-}
-
-// TeamsAccountUpdateConfiguration updates a teams account configuration.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountUpdateConfiguration(ctx context.Context, accountID string, config TeamsConfiguration) (TeamsConfiguration, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/configuration", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, config)
-	if err != nil {
-		return TeamsConfiguration{}, err
-	}
-
-	var teamsConfigResponse TeamsConfigResponse
-	err = json.Unmarshal(res, &teamsConfigResponse)
-	if err != nil {
-		return TeamsConfiguration{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConfigResponse.Result, nil
-}
-
-// TeamsAccountUpdateLoggingConfiguration updates the log settings and returns new teams account logging configuration.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountUpdateLoggingConfiguration(ctx context.Context, accountID string, config TeamsLoggingSettings) (TeamsLoggingSettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/logging", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, config)
-	if err != nil {
-		return TeamsLoggingSettings{}, err
-	}
-
-	var teamsConfigResponse TeamsLoggingSettingsResponse
-	err = json.Unmarshal(res, &teamsConfigResponse)
-	if err != nil {
-		return TeamsLoggingSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConfigResponse.Result, nil
-}
-
-// TeamsAccountDeviceUpdateConfiguration updates teams account device configuration including udp filtering status.
-//
-// API reference: TBA.
-func (api *API) TeamsAccountDeviceUpdateConfiguration(ctx context.Context, accountID string, settings TeamsDeviceSettings) (TeamsDeviceSettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/devices/settings", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
-	if err != nil {
-		return TeamsDeviceSettings{}, err
-	}
-
-	var teamsDeviceResponse TeamsDeviceSettingsResponse
-	err = json.Unmarshal(res, &teamsDeviceResponse)
-	if err != nil {
-		return TeamsDeviceSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsDeviceResponse.Result, nil
-}
-
-// TeamsAccountConnectivityUpdateConfiguration updates zero trust account connectivity settings.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zero-trust-accounts-patch-connectivity-settings
-func (api *API) TeamsAccountConnectivityUpdateConfiguration(ctx context.Context, accountID string, settings TeamsConnectivitySettings) (TeamsConnectivitySettings, error) {
-	uri := fmt.Sprintf("/accounts/%s/zerotrust/connectivity_settings", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, settings)
-	if err != nil {
-		return TeamsConnectivitySettings{}, err
-	}
-
-	var teamsConnectivityResponse TeamsAccountConnectivitySettingsResponse
-	err = json.Unmarshal(res, &teamsConnectivityResponse)
-	if err != nil {
-		return TeamsConnectivitySettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsConnectivityResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/teams_accounts_test.go b/pkg/cloudflare-go/teams_accounts_test.go
deleted file mode 100644
index 5fd3686ac6..0000000000
--- a/pkg/cloudflare-go/teams_accounts_test.go
+++ /dev/null
@@ -1,399 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestTeamsAccount(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"provider_name": "cf",
-				"gateway_tag": "1234"
-			}
-		}
-		`, testAccountID)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway", handler)
-
-	actual, err := client.TeamsAccount(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual.ProviderName, "cf")
-		assert.Equal(t, actual.GatewayTag, "1234")
-		assert.Equal(t, actual.ID, testAccountID)
-	}
-}
-
-func TestTeamsAccountConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"settings": {
-					"antivirus": {
-					"enabled_download_phase": true,
-						"notification_settings": {
-					  		"enabled":true,
-					   		"msg":"msg",
-					   		"support_url":"https://hi.com"
-						}
-				 	},
-					"tls_decrypt": {
-						"enabled": true
-					},
-					"protocol_detection": {
-						"enabled": true
-					},
-					"fips": {
-						"tls": true
-					},
-					"activity_log": {
-						"enabled": true
-					},
-					"block_page": {
-						"enabled": true,
-						"name": "Cloudflare",
-						"footer_text": "--footer--",
-						"header_text": "--header--",
-						"mailto_address": "admin@example.com",
-						"mailto_subject": "Blocked User Inquiry",
-						"logo_path": "https://logos.com/a.png",
-						"background_color": "#ff0000",
-						"suppress_footer": true
-					},
-					"browser_isolation": {
-						"url_browser_isolation_enabled": true,
-						"non_identity_enabled": true
-					},
-					"body_scanning": {
-						"inspection_mode": "deep"
-					},
-					"extended_email_matching": {
-						"enabled": true
-					}
-				}
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/configuration", handler)
-
-	actual, err := client.TeamsAccountConfiguration(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual.Settings, TeamsAccountSettings{
-			Antivirus: &TeamsAntivirus{
-				EnabledDownloadPhase: true,
-				NotificationSettings: &TeamsNotificationSettings{
-					Enabled:    &trueValue,
-					Message:    "msg",
-					SupportURL: "https://hi.com",
-				},
-			},
-			ActivityLog:       &TeamsActivityLog{Enabled: true},
-			TLSDecrypt:        &TeamsTLSDecrypt{Enabled: true},
-			ProtocolDetection: &TeamsProtocolDetection{Enabled: true},
-			FIPS:              &TeamsFIPS{TLS: true},
-			BodyScanning:      &TeamsBodyScanning{InspectionMode: "deep"},
-
-			BlockPage: &TeamsBlockPage{
-				Enabled:         BoolPtr(true),
-				FooterText:      "--footer--",
-				HeaderText:      "--header--",
-				LogoPath:        "https://logos.com/a.png",
-				BackgroundColor: "#ff0000",
-				Name:            "Cloudflare",
-				MailtoAddress:   "admin@example.com",
-				MailtoSubject:   "Blocked User Inquiry",
-				SuppressFooter:  BoolPtr(true),
-			},
-			BrowserIsolation: &BrowserIsolation{
-				UrlBrowserIsolationEnabled: BoolPtr(true),
-				NonIdentityEnabled:         BoolPtr(true),
-			},
-			ExtendedEmailMatching: &TeamsExtendedEmailMatching{
-				Enabled: BoolPtr(true),
-			},
-		})
-	}
-}
-
-func TestTeamsAccountUpdateConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'put', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"settings": {
-					"antivirus": {
-						"enabled_download_phase": false
-					},
-					"tls_decrypt": {
-						"enabled": true
-					},
-					"activity_log": {
-						"enabled": true
-					},
-					"protocol_detection": {
-						"enabled": true
-					},
-					"extended_email_matching": {
-						"enabled": true
-					},
-					"custom_certificate": {
-						"enabled": true
-					}
-				}
-			}
-		}
-		`)
-	}
-
-	settings := TeamsAccountSettings{
-		Antivirus:         &TeamsAntivirus{EnabledDownloadPhase: false},
-		ActivityLog:       &TeamsActivityLog{Enabled: true},
-		TLSDecrypt:        &TeamsTLSDecrypt{Enabled: true},
-		ProtocolDetection: &TeamsProtocolDetection{Enabled: true},
-		ExtendedEmailMatching: &TeamsExtendedEmailMatching{
-			Enabled: BoolPtr(true),
-		},
-		CustomCertificate: &TeamsCustomCertificate{
-			Enabled: BoolPtr(true),
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/configuration", handler)
-
-	configuration := TeamsConfiguration{
-		Settings: settings,
-	}
-	actual, err := client.TeamsAccountUpdateConfiguration(context.Background(), testAccountID, configuration)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, configuration)
-	}
-}
-
-func TestTeamsAccountGetLoggingConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"settings_by_rule_type":{"dns":{"log_all":false,"log_blocks":true}},"redact_pii":true}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler)
-
-	actual, err := client.TeamsAccountLoggingConfiguration(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsLoggingSettings{
-			RedactPii: true,
-			LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
-				TeamsDnsRuleType: {LogAll: false, LogBlocks: true},
-			},
-		})
-	}
-}
-
-func TestTeamsAccountUpdateLoggingConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"settings_by_rule_type":{"dns":{"log_all":false,"log_blocks":true}, "http":{"log_all":true,"log_blocks":false}, "l4": {"log_all": false, "log_blocks": true}},"redact_pii":true}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/logging", handler)
-
-	actual, err := client.TeamsAccountUpdateLoggingConfiguration(context.Background(), testAccountID, TeamsLoggingSettings{
-		RedactPii: true,
-		LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
-			TeamsDnsRuleType: {
-				LogAll:    false,
-				LogBlocks: true,
-			},
-			TeamsHttpRuleType: {
-				LogAll: true,
-			},
-			TeamsL4RuleType: {
-				LogBlocks: true,
-			},
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsLoggingSettings{
-			RedactPii: true,
-			LoggingSettingsByRuleType: map[TeamsRuleType]TeamsAccountLoggingConfiguration{
-				TeamsDnsRuleType:  {LogAll: false, LogBlocks: true},
-				TeamsHttpRuleType: {LogAll: true, LogBlocks: false},
-				TeamsL4RuleType:   {LogAll: false, LogBlocks: true},
-			},
-		})
-	}
-}
-
-func TestTeamsAccountGetDeviceConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"gateway_proxy_enabled": true,"gateway_udp_proxy_enabled":false, "root_certificate_installation_enabled":true, "use_zt_virtual_ip":false}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/settings", handler)
-
-	actual, err := client.TeamsAccountDeviceConfiguration(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsDeviceSettings{
-			GatewayProxyEnabled:                true,
-			GatewayProxyUDPEnabled:             false,
-			RootCertificateInstallationEnabled: true,
-			UseZTVirtualIP:                     BoolPtr(false),
-		})
-	}
-}
-
-func TestTeamsAccountUpdateDeviceConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"gateway_proxy_enabled": true,"gateway_udp_proxy_enabled":true, "root_certificate_installation_enabled":true, "use_zt_virtual_ip":true}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/settings", handler)
-
-	actual, err := client.TeamsAccountDeviceUpdateConfiguration(context.Background(), testAccountID, TeamsDeviceSettings{
-		GatewayProxyUDPEnabled:             true,
-		GatewayProxyEnabled:                true,
-		RootCertificateInstallationEnabled: true,
-		UseZTVirtualIP:                     BoolPtr(true),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsDeviceSettings{
-			GatewayProxyEnabled:                true,
-			GatewayProxyUDPEnabled:             true,
-			RootCertificateInstallationEnabled: true,
-			UseZTVirtualIP:                     BoolPtr(true),
-		})
-	}
-}
-
-func TestTeamsAccountGetConnectivityConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"icmp_proxy_enabled": false,"offramp_warp_enabled":false}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/zerotrust/connectivity_settings", handler)
-
-	actual, err := client.TeamsAccountConnectivityConfiguration(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsConnectivitySettings{
-			ICMPProxyEnabled:   BoolPtr(false),
-			OfframpWARPEnabled: BoolPtr(false),
-		})
-	}
-}
-
-func TestTeamsAccountUpdateConnectivityConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {"icmp_proxy_enabled": true,"offramp_warp_enabled":true}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/zerotrust/connectivity_settings", handler)
-
-	actual, err := client.TeamsAccountConnectivityUpdateConfiguration(context.Background(), testAccountID, TeamsConnectivitySettings{
-		ICMPProxyEnabled:   BoolPtr(true),
-		OfframpWARPEnabled: BoolPtr(true),
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual, TeamsConnectivitySettings{
-			ICMPProxyEnabled:   BoolPtr(true),
-			OfframpWARPEnabled: BoolPtr(true),
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/teams_audit_ssh_settings.go b/pkg/cloudflare-go/teams_audit_ssh_settings.go
deleted file mode 100644
index a4ec1e320b..0000000000
--- a/pkg/cloudflare-go/teams_audit_ssh_settings.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// TeamsList represents a Teams List.
-type AuditSSHSettings struct {
-	PublicKey string     `json:"public_key"`
-	SeedUUID  string     `json:"seed_id"`
-	CreatedAt *time.Time `json:"created_at"`
-	UpdatedAt *time.Time `json:"updated_at"`
-}
-
-type AuditSSHSettingsResponse struct {
-	Result AuditSSHSettings `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type GetAuditSSHSettingsParams struct{}
-
-type UpdateAuditSSHSettingsParams struct {
-	PublicKey string `json:"public_key"`
-}
-
-// GetAuditSSHSettings returns the accounts zt audit ssh settings.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-get-audit-ssh-settings
-func (api *API) GetAuditSSHSettings(ctx context.Context, rc *ResourceContainer, params GetAuditSSHSettingsParams) (AuditSSHSettings, ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return AuditSSHSettings{}, ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/%s/%s/gateway/audit_ssh_settings", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return AuditSSHSettings{}, ResultInfo{}, err
-	}
-
-	var auditSSHSettingsResponse AuditSSHSettingsResponse
-	err = json.Unmarshal(res, &auditSSHSettingsResponse)
-	if err != nil {
-		return AuditSSHSettings{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return auditSSHSettingsResponse.Result, auditSSHSettingsResponse.ResultInfo, nil
-}
-
-// UpdateAuditSSHSettings updates an existing zt audit ssh setting.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-update-audit-ssh-settings
-func (api *API) UpdateAuditSSHSettings(ctx context.Context, rc *ResourceContainer, params UpdateAuditSSHSettingsParams) (AuditSSHSettings, error) {
-	if rc.Level != AccountRouteLevel {
-		return AuditSSHSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return AuditSSHSettings{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/audit_ssh_settings",
-		rc.Level,
-		rc.Identifier,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return AuditSSHSettings{}, err
-	}
-
-	var auditSSHSettingsResponse AuditSSHSettingsResponse
-	err = json.Unmarshal(res, &auditSSHSettingsResponse)
-	if err != nil {
-		return AuditSSHSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return auditSSHSettingsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/teams_audit_ssh_settings_test.go b/pkg/cloudflare-go/teams_audit_ssh_settings_test.go
deleted file mode 100644
index 934f980998..0000000000
--- a/pkg/cloudflare-go/teams_audit_ssh_settings_test.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetAuditSSHSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"public_key": "1pyl6I1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
-				"seed_id": "f1f968a9-83e7-401a-8abc-e0efe128425c",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AuditSSHSettings{
-		PublicKey: "1pyl6I1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
-		SeedUUID:  "f1f968a9-83e7-401a-8abc-e0efe128425c",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/audit_ssh_settings", handler)
-
-	actual, _, err := client.GetAuditSSHSettings(context.Background(), AccountIdentifier(testAccountID), GetAuditSSHSettingsParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateAuditSSHSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"public_key": "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
-				"seed_id": "f1f968a9-83e7-401a-8abc-e0efe128425c",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := AuditSSHSettings{
-		PublicKey: "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA=",
-		SeedUUID:  "f1f968a9-83e7-401a-8abc-e0efe128425c",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/audit_ssh_settings", handler)
-
-	actual, err := client.UpdateAuditSSHSettings(context.Background(), AccountIdentifier(testAccountID), UpdateAuditSSHSettingsParams{PublicKey: "updated1tL7xfJuFYVzXlUW8uXXlpxegHXBzGCBKaSFA="})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/teams_devices.go b/pkg/cloudflare-go/teams_devices.go
deleted file mode 100644
index 96ec4d08bb..0000000000
--- a/pkg/cloudflare-go/teams_devices.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type TeamsDevicesList struct {
-	Response
-	Result []TeamsDeviceListItem `json:"result"`
-}
-
-type TeamsDeviceDetail struct {
-	Response
-	Result TeamsDeviceListItem `json:"result"`
-}
-
-type TeamsDeviceListItem struct {
-	User             UserItem `json:"user,omitempty"`
-	ID               string   `json:"id,omitempty"`
-	Key              string   `json:"key,omitempty"`
-	DeviceType       string   `json:"device_type,omitempty"`
-	Name             string   `json:"name,omitempty"`
-	Model            string   `json:"model,omitempty"`
-	Manufacturer     string   `json:"manufacturer,omitempty"`
-	Deleted          bool     `json:"deleted,omitempty"`
-	Version          string   `json:"version,omitempty"`
-	SerialNumber     string   `json:"serial_number,omitempty"`
-	OSVersion        string   `json:"os_version,omitempty"`
-	OSDistroName     string   `json:"os_distro_name,omitempty"`
-	OsDistroRevision string   `json:"os_distro_revision,omitempty"`
-	OSVersionExtra   string   `json:"os_version_extra,omitempty"`
-	MacAddress       string   `json:"mac_address,omitempty"`
-	IP               string   `json:"ip,omitempty"`
-	Created          string   `json:"created,omitempty"`
-	Updated          string   `json:"updated,omitempty"`
-	LastSeen         string   `json:"last_seen,omitempty"`
-	RevokedAt        string   `json:"revoked_at,omitempty"`
-}
-
-type UserItem struct {
-	ID    string `json:"id,omitempty"`
-	Name  string `json:"name,omitempty"`
-	Email string `json:"email,omitempty"`
-}
-
-// ListTeamsDevice returns all devices for a given account.
-//
-// API reference : https://api.cloudflare.com/#devices-list-devices
-func (api *API) ListTeamsDevices(ctx context.Context, accountID string) ([]TeamsDeviceListItem, error) {
-	uri := fmt.Sprintf("/%s/%s/devices", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TeamsDeviceListItem{}, err
-	}
-
-	var response TeamsDevicesList
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return []TeamsDeviceListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// RevokeTeamsDevice revokes device with given identifiers.
-//
-// API reference : https://api.cloudflare.com/#devices-revoke-devices
-func (api *API) RevokeTeamsDevices(ctx context.Context, accountID string, deviceIds []string) (Response, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/revoke", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, deviceIds)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// GetTeamsDeviceDetails gets device details.
-//
-// API reference : https://api.cloudflare.com/#devices-device-details
-func (api *API) GetTeamsDeviceDetails(ctx context.Context, accountID string, deviceID string) (TeamsDeviceListItem, error) {
-	uri := fmt.Sprintf("/%s/%s/devices/%s", AccountRouteRoot, accountID, deviceID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsDeviceListItem{}, err
-	}
-
-	var response TeamsDeviceDetail
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TeamsDeviceListItem{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/teams_devices_test.go b/pkg/cloudflare-go/teams_devices_test.go
deleted file mode 100644
index 3c78bb38d6..0000000000
--- a/pkg/cloudflare-go/teams_devices_test.go
+++ /dev/null
@@ -1,190 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestTeamsDevicesList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-        {
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": [
-            {
-              "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-              "user": {
-                "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-                "name": "John Appleseed",
-                "email": "user@example.com"
-              },
-              "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
-              "device_type": "windows",
-              "name": "My mobile device",
-              "model": "MyPhone(pro-X)",
-              "manufacturer": "My phone corp",
-              "deleted": true,
-              "version": "1.0.0",
-              "serial_number": "EXAMPLEHMD6R",
-              "os_version": "10.0.0",
-              "os_distro_name": "ubuntu",
-              "os_distro_revision": "1.0.0",
-			  "os_version_extra": "(a)",
-              "mac_address": "00-00-5E-00-53-00",
-              "ip": "192.0.2.1",
-              "created": "2017-06-14T00:00:00Z",
-              "updated": "2017-06-14T00:00:00Z",
-              "last_seen": "2017-06-14T00:00:00Z",
-              "revoked_at": "2017-06-14T00:00:00Z"
-            }
-          ]
-        }
-    `)
-	}
-
-	want := []TeamsDeviceListItem{{
-		ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		User: UserItem{
-			ID:    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			Name:  "John Appleseed",
-			Email: "user@example.com",
-		},
-		Key:              "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
-		DeviceType:       "windows",
-		Name:             "My mobile device",
-		Model:            "MyPhone(pro-X)",
-		Manufacturer:     "My phone corp",
-		Deleted:          true,
-		Version:          "1.0.0",
-		SerialNumber:     "EXAMPLEHMD6R",
-		OSVersion:        "10.0.0",
-		OSDistroName:     "ubuntu",
-		OsDistroRevision: "1.0.0",
-		OSVersionExtra:   "(a)",
-		MacAddress:       "00-00-5E-00-53-00",
-		IP:               "192.0.2.1",
-		Created:          "2017-06-14T00:00:00Z",
-		Updated:          "2017-06-14T00:00:00Z",
-		LastSeen:         "2017-06-14T00:00:00Z",
-		RevokedAt:        "2017-06-14T00:00:00Z",
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices", handler)
-
-	actual, err := client.ListTeamsDevices(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestRevokeTeamsDevices(t *testing.T) {
-	setup()
-	defer teardown()
-
-	deviceIds := []string{"f174e90a-fafe-4643-bbbc-4a0ed4fc8415", "g174e90a-fafe-4643-bbbc-4a0ed4fc8415"}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "result": null,
-      "success": true,
-      "errors": [],
-      "messages": []
-    }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/revoke", handler)
-
-	want := Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
-
-	actual, err := client.RevokeTeamsDevices(context.Background(), testAccountID, deviceIds)
-	require.NoError(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestGetTeamsDeviceDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-        "user": {
-          "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-          "name": "John Appleseed",
-          "email": "user@example.com"
-        },
-        "key": "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
-        "device_type": "windows",
-        "name": "My mobile device",
-        "model": "MyPhone(pro-X)",
-        "manufacturer": "My phone corp",
-        "deleted": true,
-        "version": "1.0.0",
-        "serial_number": "EXAMPLEHMD6R",
-        "os_version": "10.0.0",
-        "mac_address": "00-00-5E-00-53-00",
-        "ip": "192.0.2.1",
-        "created": "2017-06-14T00:00:00Z",
-        "updated": "2017-06-14T00:00:00Z",
-        "last_seen": "2017-06-14T00:00:00Z",
-        "revoked_at": "2017-06-14T00:00:00Z"
-      }
-    }
-    `)
-	}
-
-	want := TeamsDeviceListItem{
-		ID: "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-		User: UserItem{
-			ID:    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-			Name:  "John Appleseed",
-			Email: "user@example.com",
-		},
-		Key:          "yek0SUYoOQ10vMGsIYAevozXUQpQtNFJFfFGqER/BGc=",
-		DeviceType:   "windows",
-		Name:         "My mobile device",
-		Model:        "MyPhone(pro-X)",
-		Manufacturer: "My phone corp",
-		Deleted:      true,
-		Version:      "1.0.0",
-		SerialNumber: "EXAMPLEHMD6R",
-		OSVersion:    "10.0.0",
-		MacAddress:   "00-00-5E-00-53-00",
-		IP:           "192.0.2.1",
-		Created:      "2017-06-14T00:00:00Z",
-		Updated:      "2017-06-14T00:00:00Z",
-		LastSeen:     "2017-06-14T00:00:00Z",
-		RevokedAt:    "2017-06-14T00:00:00Z",
-	}
-
-	deviceID := "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/devices/"+deviceID, handler)
-
-	actual, err := client.GetTeamsDeviceDetails(context.Background(), testAccountID, deviceID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/teams_list.go b/pkg/cloudflare-go/teams_list.go
deleted file mode 100644
index 066d7afffe..0000000000
--- a/pkg/cloudflare-go/teams_list.go
+++ /dev/null
@@ -1,330 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingListID = errors.New("required missing list ID")
-
-// TeamsList represents a Teams List.
-type TeamsList struct {
-	ID          string          `json:"id,omitempty"`
-	Name        string          `json:"name"`
-	Type        string          `json:"type"`
-	Description string          `json:"description,omitempty"`
-	Items       []TeamsListItem `json:"items,omitempty"`
-	Count       uint64          `json:"count,omitempty"`
-	CreatedAt   *time.Time      `json:"created_at,omitempty"`
-	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
-}
-
-// TeamsListItem represents a single list item.
-type TeamsListItem struct {
-	Value     string     `json:"value"`
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-}
-
-// PatchTeamsList represents a patch request for appending/removing list items.
-type PatchTeamsList struct {
-	ID     string          `json:"id"`
-	Append []TeamsListItem `json:"append"`
-	Remove []string        `json:"remove"`
-}
-
-// TeamsListListResponse represents the response from the list
-// teams lists endpoint.
-type TeamsListListResponse struct {
-	Result []TeamsList `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// TeamsListItemsListResponse represents the response from the list
-// teams list items endpoint.
-type TeamsListItemsListResponse struct {
-	Result []TeamsListItem `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// TeamsListDetailResponse is the API response, containing a single
-// teams list.
-type TeamsListDetailResponse struct {
-	Response
-	Result TeamsList `json:"result"`
-}
-
-type ListTeamsListItemsParams struct {
-	ListID string `url:"-"`
-
-	ResultInfo
-}
-
-type ListTeamListsParams struct{}
-
-type CreateTeamsListParams struct {
-	ID          string          `json:"id,omitempty"`
-	Name        string          `json:"name"`
-	Type        string          `json:"type"`
-	Description string          `json:"description,omitempty"`
-	Items       []TeamsListItem `json:"items,omitempty"`
-	Count       uint64          `json:"count,omitempty"`
-	CreatedAt   *time.Time      `json:"created_at,omitempty"`
-	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
-}
-
-type UpdateTeamsListParams struct {
-	ID          string          `json:"id,omitempty"`
-	Name        string          `json:"name"`
-	Type        string          `json:"type"`
-	Description string          `json:"description,omitempty"`
-	Items       []TeamsListItem `json:"items,omitempty"`
-	Count       uint64          `json:"count,omitempty"`
-	CreatedAt   *time.Time      `json:"created_at,omitempty"`
-	UpdatedAt   *time.Time      `json:"updated_at,omitempty"`
-}
-
-type PatchTeamsListParams struct {
-	ID     string          `json:"id"`
-	Append []TeamsListItem `json:"append"`
-	Remove []string        `json:"remove"`
-}
-
-// ListTeamsLists returns all lists within an account.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-list-teams-lists
-func (api *API) ListTeamsLists(ctx context.Context, rc *ResourceContainer, params ListTeamListsParams) ([]TeamsList, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/lists", AccountRouteRoot, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TeamsList{}, ResultInfo{}, err
-	}
-
-	var teamsListListResponse TeamsListListResponse
-	err = json.Unmarshal(res, &teamsListListResponse)
-	if err != nil {
-		return []TeamsList{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsListListResponse.Result, teamsListListResponse.ResultInfo, nil
-}
-
-// GetTeamsList returns a single list based on the list ID.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-teams-list-details
-func (api *API) GetTeamsList(ctx context.Context, rc *ResourceContainer, listID string) (TeamsList, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/lists/%s",
-		rc.Level,
-		rc.Identifier,
-		listID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsList{}, err
-	}
-
-	var teamsListDetailResponse TeamsListDetailResponse
-	err = json.Unmarshal(res, &teamsListDetailResponse)
-	if err != nil {
-		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsListDetailResponse.Result, nil
-}
-
-// ListTeamsListItems returns all list items for a list.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-teams-list-items
-func (api *API) ListTeamsListItems(ctx context.Context, rc *ResourceContainer, params ListTeamsListItemsParams) ([]TeamsListItem, ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return []TeamsListItem{}, ResultInfo{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return []TeamsListItem{}, ResultInfo{}, ErrMissingAccountID
-	}
-
-	if params.ListID == "" {
-		return []TeamsListItem{}, ResultInfo{}, ErrMissingListID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var teamListItems []TeamsListItem
-	var lResponse TeamsListItemsListResponse
-	for {
-		lResponse = TeamsListItemsListResponse{}
-		uri := buildURI(
-			fmt.Sprintf("/%s/%s/gateway/lists/%s/items", rc.Level, rc.Identifier, params.ListID),
-			params,
-		)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []TeamsListItem{}, ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &lResponse)
-		if err != nil {
-			return []TeamsListItem{}, ResultInfo{}, fmt.Errorf("failed to unmarshal teams list JSON data: %w", err)
-		}
-
-		teamListItems = append(teamListItems, lResponse.Result...)
-		params.ResultInfo = lResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return teamListItems, lResponse.ResultInfo, nil
-}
-
-// CreateTeamsList creates a new teams list.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-create-teams-list
-func (api *API) CreateTeamsList(ctx context.Context, rc *ResourceContainer, params CreateTeamsListParams) (TeamsList, error) {
-	if rc.Level != AccountRouteLevel {
-		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return TeamsList{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/gateway/lists", rc.Level, rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return TeamsList{}, err
-	}
-
-	var teamsListDetailResponse TeamsListDetailResponse
-	err = json.Unmarshal(res, &teamsListDetailResponse)
-	if err != nil {
-		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsListDetailResponse.Result, nil
-}
-
-// UpdateTeamsList updates an existing teams list.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-update-teams-list
-func (api *API) UpdateTeamsList(ctx context.Context, rc *ResourceContainer, params UpdateTeamsListParams) (TeamsList, error) {
-	if rc.Level != AccountRouteLevel {
-		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return TeamsList{}, ErrMissingAccountID
-	}
-
-	if params.ID == "" {
-		return TeamsList{}, fmt.Errorf("teams list ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/lists/%s",
-		rc.Level,
-		rc.Identifier,
-		params.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return TeamsList{}, err
-	}
-
-	var teamsListDetailResponse TeamsListDetailResponse
-	err = json.Unmarshal(res, &teamsListDetailResponse)
-	if err != nil {
-		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsListDetailResponse.Result, nil
-}
-
-// PatchTeamsList updates the items in an existing teams list.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-patch-teams-list
-func (api *API) PatchTeamsList(ctx context.Context, rc *ResourceContainer, listPatch PatchTeamsListParams) (TeamsList, error) {
-	if rc.Level != AccountRouteLevel {
-		return TeamsList{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return TeamsList{}, ErrMissingAccountID
-	}
-
-	if listPatch.ID == "" {
-		return TeamsList{}, fmt.Errorf("teams list ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/lists/%s",
-		AccountRouteRoot,
-		rc.Identifier,
-		listPatch.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, listPatch)
-	if err != nil {
-		return TeamsList{}, err
-	}
-
-	var teamsListDetailResponse TeamsListDetailResponse
-	err = json.Unmarshal(res, &teamsListDetailResponse)
-	if err != nil {
-		return TeamsList{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsListDetailResponse.Result, nil
-}
-
-// DeleteTeamsList deletes a teams list.
-//
-// API reference: https://api.cloudflare.com/#teams-lists-delete-teams-list
-func (api *API) DeleteTeamsList(ctx context.Context, rc *ResourceContainer, teamsListID string) error {
-	if rc.Level != AccountRouteLevel {
-		return fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/lists/%s",
-		AccountRouteRoot,
-		rc.Identifier,
-		teamsListID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/teams_list_test.go b/pkg/cloudflare-go/teams_list_test.go
deleted file mode 100644
index 6dbf384f17..0000000000
--- a/pkg/cloudflare-go/teams_list_test.go
+++ /dev/null
@@ -1,356 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestTeamsLists(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-					"name": "My Serial List",
-					"description": "My Description",
-					"type": "SERIAL",
-					"count": 1,
-					"created_at": "2014-01-01T05:20:00.12345Z",
-					"updated_at": "2014-01-01T05:20:00.12345Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []TeamsList{{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists", handler)
-
-	actual, _, err := client.ListTeamsLists(context.Background(), AccountIdentifier(testAccountID), ListTeamListsParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "My Serial List",
-				"description": "My Description",
-				"type": "SERIAL",
-				"count": 1,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			},
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := TeamsList{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.GetTeamsList(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsListItems(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, r.Method, http.MethodGet, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"value": "val1",
-					"created_at": "2014-01-01T05:20:00.12345Z"
-				},
-				{
-					"value": "val2",
-					"created_at": "2014-01-01T05:20:00.12345Z"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []TeamsListItem{
-		{
-			Value:     "val1",
-			CreatedAt: &createdAt,
-		},
-		{
-			Value:     "val2",
-			CreatedAt: &createdAt,
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db/items", handler)
-
-	actual, _, err := client.ListTeamsListItems(context.Background(), AccountIdentifier(testAccountID), ListTeamsListItemsParams{ListID: "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateTeamsList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "My Serial List",
-				"description": "My Description",
-				"type": "SERIAL",
-				"count": 1,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	teamsList := TeamsList{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists", handler)
-
-	actual, err := client.CreateTeamsList(context.Background(), AccountIdentifier(testAccountID), CreateTeamsListParams{
-		Name:        "My Serial List",
-		Description: "My Description",
-		Type:        "SERIAL",
-		Count:       1,
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, teamsList, actual)
-	}
-}
-
-func TestUpdateTeamsList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "My Serial List",
-				"description": "My Updated Description",
-				"type": "SERIAL",
-				"count": 1,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	teamsList := TeamsList{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Updated Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.UpdateTeamsList(context.Background(), AccountIdentifier(testAccountID), UpdateTeamsListParams{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Updated Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, teamsList, actual)
-	}
-}
-
-func TestUpdateTeamsListWithMissingID(t *testing.T) {
-	setup()
-	defer teardown()
-
-	_, err := client.UpdateTeamsList(context.Background(), AccountIdentifier(testAccountID), UpdateTeamsListParams{})
-	assert.EqualError(t, err, "teams list ID cannot be empty")
-}
-
-func TestPatchTeamsList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-				"name": "My Serial List",
-				"description": "My Updated Description",
-				"type": "SERIAL",
-				"count": 1,
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z"
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	teamsList := TeamsList{
-		ID:          "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Name:        "My Serial List",
-		Description: "My Updated Description",
-		Type:        "SERIAL",
-		Count:       1,
-		CreatedAt:   &createdAt,
-		UpdatedAt:   &updatedAt,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-
-	actual, err := client.PatchTeamsList(context.Background(), AccountIdentifier(testAccountID), PatchTeamsListParams{
-		ID:     "480f4f69-1a28-4fdd-9240-1ed29f0ac1db",
-		Append: []TeamsListItem{{Value: "abcd-1234"}},
-		Remove: []string{"def-5678"},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, teamsList, actual)
-	}
-}
-
-func TestDeleteTeamsList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-      "success": true,
-      "errors": [],
-      "messages": [],
-      "result": {
-        "id": "480f4f69-1a28-4fdd-9240-1ed29f0ac1db"
-      }
-    }
-    `)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/lists/480f4f69-1a28-4fdd-9240-1ed29f0ac1db", handler)
-	err := client.DeleteTeamsList(context.Background(), AccountIdentifier(testAccountID), "480f4f69-1a28-4fdd-9240-1ed29f0ac1db")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/teams_locations.go b/pkg/cloudflare-go/teams_locations.go
deleted file mode 100644
index b6c58304e6..0000000000
--- a/pkg/cloudflare-go/teams_locations.go
+++ /dev/null
@@ -1,155 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type TeamsLocationsListResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []TeamsLocation `json:"result"`
-}
-
-type TeamsLocationDetailResponse struct {
-	Response
-	Result TeamsLocation `json:"result"`
-}
-
-type TeamsLocationNetwork struct {
-	ID      string `json:"id"`
-	Network string `json:"network"`
-}
-
-type TeamsLocation struct {
-	ID                    string                 `json:"id"`
-	Name                  string                 `json:"name"`
-	Networks              []TeamsLocationNetwork `json:"networks"`
-	PolicyIDs             []string               `json:"policy_ids"`
-	Ip                    string                 `json:"ip,omitempty"`
-	Subdomain             string                 `json:"doh_subdomain"`
-	AnonymizedLogsEnabled bool                   `json:"anonymized_logs_enabled"`
-	IPv4Destination       string                 `json:"ipv4_destination"`
-	ClientDefault         bool                   `json:"client_default"`
-	ECSSupport            *bool                  `json:"ecs_support,omitempty"`
-
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
-}
-
-// TeamsLocations returns all locations within an account.
-//
-// API reference: https://api.cloudflare.com/#teams-locations-list-teams-locations
-func (api *API) TeamsLocations(ctx context.Context, accountID string) ([]TeamsLocation, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/locations", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TeamsLocation{}, ResultInfo{}, err
-	}
-
-	var teamsLocationsListResponse TeamsLocationsListResponse
-	err = json.Unmarshal(res, &teamsLocationsListResponse)
-	if err != nil {
-		return []TeamsLocation{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsLocationsListResponse.Result, teamsLocationsListResponse.ResultInfo, nil
-}
-
-// TeamsLocation returns a single location based on the ID.
-//
-// API reference: https://api.cloudflare.com/#teams-locations-teams-location-details
-func (api *API) TeamsLocation(ctx context.Context, accountID, locationID string) (TeamsLocation, error) {
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/locations/%s",
-		AccountRouteRoot,
-		accountID,
-		locationID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsLocation{}, err
-	}
-
-	var teamsLocationDetailResponse TeamsLocationDetailResponse
-	err = json.Unmarshal(res, &teamsLocationDetailResponse)
-	if err != nil {
-		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsLocationDetailResponse.Result, nil
-}
-
-// CreateTeamsLocation creates a new teams location.
-//
-// API reference: https://api.cloudflare.com/#teams-locations-create-teams-location
-func (api *API) CreateTeamsLocation(ctx context.Context, accountID string, teamsLocation TeamsLocation) (TeamsLocation, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/locations", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, teamsLocation)
-	if err != nil {
-		return TeamsLocation{}, err
-	}
-
-	var teamsLocationDetailResponse TeamsLocationDetailResponse
-	err = json.Unmarshal(res, &teamsLocationDetailResponse)
-	if err != nil {
-		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsLocationDetailResponse.Result, nil
-}
-
-// UpdateTeamsLocation updates an existing teams location.
-//
-// API reference: https://api.cloudflare.com/#teams-locations-update-teams-location
-func (api *API) UpdateTeamsLocation(ctx context.Context, accountID string, teamsLocation TeamsLocation) (TeamsLocation, error) {
-	if teamsLocation.ID == "" {
-		return TeamsLocation{}, fmt.Errorf("teams location ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/locations/%s",
-		AccountRouteRoot,
-		accountID,
-		teamsLocation.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, teamsLocation)
-	if err != nil {
-		return TeamsLocation{}, err
-	}
-
-	var teamsLocationDetailResponse TeamsLocationDetailResponse
-	err = json.Unmarshal(res, &teamsLocationDetailResponse)
-	if err != nil {
-		return TeamsLocation{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsLocationDetailResponse.Result, nil
-}
-
-// DeleteTeamsLocation deletes a teams location.
-//
-// API reference: https://api.cloudflare.com/#teams-locations-delete-teams-location
-func (api *API) DeleteTeamsLocation(ctx context.Context, accountID, teamsLocationID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/locations/%s",
-		AccountRouteRoot,
-		accountID,
-		teamsLocationID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/teams_locations_test.go b/pkg/cloudflare-go/teams_locations_test.go
deleted file mode 100644
index 4eb615b1bc..0000000000
--- a/pkg/cloudflare-go/teams_locations_test.go
+++ /dev/null
@@ -1,278 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestTeamsLocations(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "0f8185414dec4a5e9034f3d917c17890",
-					"name": "home",
-					"networks": [
-						{
-							"network": "198.51.100.1/32",
-							"id": "8e4c7835436345f0ab395429b187a076"
-						}
-					],
-					"policy_ids": [],
-					"ip": "2a06:98c1:54::2419",
-					"doh_subdomain": "q15l7x2lbw",
-					"anonymized_logs_enabled": false,
-					"ipv4_destination": null,
-					"client_default": false,
-					"ecs_support": false,
-					"created_at": "2020-05-18T22:07:03Z",
-					"updated_at": "2020-05-18T22:07:05Z"
-				}
-			]
-		}
-		`)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := []TeamsLocation{{
-		ID:                    "0f8185414dec4a5e9034f3d917c17890",
-		Name:                  "home",
-		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
-		PolicyIDs:             []string{},
-		Ip:                    "2a06:98c1:54::2419",
-		Subdomain:             "q15l7x2lbw",
-		AnonymizedLogsEnabled: false,
-		IPv4Destination:       "",
-		ClientDefault:         false,
-		ECSSupport:            BoolPtr(false),
-		CreatedAt:             &createdAt,
-		UpdatedAt:             &updatedAt,
-	}}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations", testAccountID), handler)
-
-	actual, _, err := client.TeamsLocations(context.Background(), testAccountID)
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestTeamsLocation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"name": "home",
-				"networks": [
-					{
-						"network": "198.51.100.1/32",
-						"id": "8e4c7835436345f0ab395429b187a076"
-					}
-				],
-				"policy_ids": [],
-				"ip": "2a06:98c1:54::2419",
-				"doh_subdomain": "q15l7x2lbw",
-				"anonymized_logs_enabled": false,
-				"ipv4_destination": null,
-				"client_default": false,
-				"ecs_support": false,
-				"created_at": "2020-05-18T22:07:03Z",
-				"updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`, id)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsLocation{
-		ID:                    id,
-		Name:                  "home",
-		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
-		PolicyIDs:             []string{},
-		Ip:                    "2a06:98c1:54::2419",
-		Subdomain:             "q15l7x2lbw",
-		AnonymizedLogsEnabled: false,
-		IPv4Destination:       "",
-		ClientDefault:         false,
-		ECSSupport:            BoolPtr(false),
-		CreatedAt:             &createdAt,
-		UpdatedAt:             &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
-
-	actual, err := client.TeamsLocation(context.Background(), testAccountID, id)
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestCreateTeamsLocation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"name": "test",
-				"networks": [
-					{
-						"network": "198.51.100.1/32",
-						"id": "8e4c7835436345f0ab395429b187a076"
-					}
-				],
-				"policy_ids": [],
-				"ip": "2a06:98c1:54::2419",
-				"doh_subdomain": "q15l7x2lbw",
-				"anonymized_logs_enabled": false,
-				"ipv4_destination": null,
-				"client_default": false,
-				"ecs_support": false,
-				"created_at": "2020-05-18T22:07:03Z",
-				"updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`, id)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsLocation{
-		ID:                    id,
-		Name:                  "test",
-		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
-		PolicyIDs:             []string{},
-		Ip:                    "2a06:98c1:54::2419",
-		Subdomain:             "q15l7x2lbw",
-		AnonymizedLogsEnabled: false,
-		IPv4Destination:       "",
-		ClientDefault:         false,
-		ECSSupport:            BoolPtr(false),
-		CreatedAt:             &createdAt,
-		UpdatedAt:             &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations", testAccountID), handler)
-
-	actual, err := client.CreateTeamsLocation(context.Background(), testAccountID, TeamsLocation{
-		Name:          "test",
-		ClientDefault: true,
-		Networks:      []TeamsLocationNetwork{},
-	})
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateTeamsLocation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"name": "new",
-				"networks": [
-					{
-						"network": "198.51.100.1/32",
-						"id": "8e4c7835436345f0ab395429b187a076"
-					}
-				],
-				"policy_ids": [],
-				"ip": "2a06:98c1:54::2419",
-				"doh_subdomain": "q15l7x2lbw",
-				"anonymized_logs_enabled": false,
-				"ipv4_destination": null,
-				"client_default": false,
-				"ecs_support": false,
-				"created_at": "2020-05-18T22:07:03Z",
-				"updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`, id)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsLocation{
-		ID:                    id,
-		Name:                  "new",
-		Networks:              []TeamsLocationNetwork{{ID: "8e4c7835436345f0ab395429b187a076", Network: "198.51.100.1/32"}},
-		PolicyIDs:             []string{},
-		Ip:                    "2a06:98c1:54::2419",
-		Subdomain:             "q15l7x2lbw",
-		AnonymizedLogsEnabled: false,
-		IPv4Destination:       "",
-		ClientDefault:         false,
-		ECSSupport:            BoolPtr(false),
-		CreatedAt:             &createdAt,
-		UpdatedAt:             &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
-
-	actual, err := client.UpdateTeamsLocation(context.Background(), testAccountID, TeamsLocation{
-		ID:            id,
-		Name:          "new",
-		ClientDefault: false,
-		Networks:      []TeamsLocationNetwork{{ID: "", Network: "1.2.3.4"}},
-	})
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestDeleteTeamsLocation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/locations/%s", testAccountID, id), handler)
-	err := client.DeleteTeamsLocation(context.Background(), testAccountID, id)
-	require.Nil(t, err)
-}
diff --git a/pkg/cloudflare-go/teams_proxy_endpoints.go b/pkg/cloudflare-go/teams_proxy_endpoints.go
deleted file mode 100644
index 8a658e20eb..0000000000
--- a/pkg/cloudflare-go/teams_proxy_endpoints.go
+++ /dev/null
@@ -1,137 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type TeamsProxyEndpointListResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []TeamsProxyEndpoint `json:"result"`
-}
-type TeamsProxyEndpointDetailResponse struct {
-	Response
-	Result TeamsProxyEndpoint `json:"result"`
-}
-
-type TeamsProxyEndpoint struct {
-	ID        string     `json:"id"`
-	Name      string     `json:"name"`
-	IPs       []string   `json:"ips"`
-	Subdomain string     `json:"subdomain"`
-	CreatedAt *time.Time `json:"created_at,omitempty"`
-	UpdatedAt *time.Time `json:"updated_at,omitempty"`
-}
-
-// TeamsProxyEndpoint returns a single proxy endpoints within an account.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-proxy-endpoint-details
-func (api *API) TeamsProxyEndpoint(ctx context.Context, accountID, proxyEndpointID string) (TeamsProxyEndpoint, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints/%s", AccountRouteRoot, accountID, proxyEndpointID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsProxyEndpoint{}, err
-	}
-
-	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
-	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
-	if err != nil {
-		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsProxyEndpointDetailResponse.Result, nil
-}
-
-// TeamsProxyEndpoints returns all proxy endpoints within an account.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-list-proxy-endpoints
-func (api *API) TeamsProxyEndpoints(ctx context.Context, accountID string) ([]TeamsProxyEndpoint, ResultInfo, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TeamsProxyEndpoint{}, ResultInfo{}, err
-	}
-
-	var teamsProxyEndpointListResponse TeamsProxyEndpointListResponse
-	err = json.Unmarshal(res, &teamsProxyEndpointListResponse)
-	if err != nil {
-		return []TeamsProxyEndpoint{}, ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsProxyEndpointListResponse.Result, teamsProxyEndpointListResponse.ResultInfo, nil
-}
-
-// CreateTeamsProxyEndpoint creates a new proxy endpoint.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-create-proxy-endpoint
-func (api *API) CreateTeamsProxyEndpoint(ctx context.Context, accountID string, proxyEndpoint TeamsProxyEndpoint) (TeamsProxyEndpoint, error) {
-	uri := fmt.Sprintf("/%s/%s/gateway/proxy_endpoints", AccountRouteRoot, accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, proxyEndpoint)
-	if err != nil {
-		return TeamsProxyEndpoint{}, err
-	}
-
-	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
-	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
-	if err != nil {
-		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsProxyEndpointDetailResponse.Result, nil
-}
-
-// UpdateTeamsProxyEndpoint updates an existing teams Proxy Endpoint.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-update-proxy-endpoint
-func (api *API) UpdateTeamsProxyEndpoint(ctx context.Context, accountID string, proxyEndpoint TeamsProxyEndpoint) (TeamsProxyEndpoint, error) {
-	if proxyEndpoint.ID == "" {
-		return TeamsProxyEndpoint{}, fmt.Errorf("Proxy Endpoint ID cannot be empty")
-	}
-
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/proxy_endpoints/%s",
-		AccountRouteRoot,
-		accountID,
-		proxyEndpoint.ID,
-	)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, proxyEndpoint)
-	if err != nil {
-		return TeamsProxyEndpoint{}, err
-	}
-
-	var teamsProxyEndpointDetailResponse TeamsProxyEndpointDetailResponse
-	err = json.Unmarshal(res, &teamsProxyEndpointDetailResponse)
-	if err != nil {
-		return TeamsProxyEndpoint{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsProxyEndpointDetailResponse.Result, nil
-}
-
-// DeleteTeamsProxyEndpoint deletes a teams Proxy Endpoint.
-//
-// API reference: https://api.cloudflare.com/#zero-trust-gateway-proxy-endpoints-delete-proxy-endpoint
-func (api *API) DeleteTeamsProxyEndpoint(ctx context.Context, accountID, proxyEndpointID string) error {
-	uri := fmt.Sprintf(
-		"/%s/%s/gateway/proxy_endpoints/%s",
-		AccountRouteRoot,
-		accountID,
-		proxyEndpointID,
-	)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/teams_proxy_endpoints_test.go b/pkg/cloudflare-go/teams_proxy_endpoints_test.go
deleted file mode 100644
index e4bc158a1d..0000000000
--- a/pkg/cloudflare-go/teams_proxy_endpoints_test.go
+++ /dev/null
@@ -1,203 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestProxyEndpoint(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				 "id": "0f8185414dec4a5e9034f3d917c17890",
-				 "name": "home",
-				 "ips": ["192.0.2.1/32"],
-				 "subdomain": "q15l7x2lbw",
-				 "created_at": "2020-05-18T22:07:03Z",
-				 "updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsProxyEndpoint{
-		ID:        "0f8185414dec4a5e9034f3d917c17890",
-		Name:      "home",
-		IPs:       []string{"192.0.2.1/32"},
-		Subdomain: "q15l7x2lbw",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
-
-	actual, err := client.TeamsProxyEndpoint(context.Background(), testAccountID, id)
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestProxyEndpoints(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "0f8185414dec4a5e9034f3d917c17890",
-					"name": "home",
-					"ips": ["192.0.2.1/32"],
-					"subdomain": "q15l7x2lbw",
-					"created_at": "2020-05-18T22:07:03Z",
-					"updated_at": "2020-05-18T22:07:05Z"
-				}
-			]
-		}
-		`)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := []TeamsProxyEndpoint{{
-		ID:        "0f8185414dec4a5e9034f3d917c17890",
-		Name:      "home",
-		IPs:       []string{"192.0.2.1/32"},
-		Subdomain: "q15l7x2lbw",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints", testAccountID), handler)
-
-	actual, _, err := client.TeamsProxyEndpoints(context.Background(), testAccountID)
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestCreateProxyEndpoint(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"name": "test",
-				"ips": ["192.0.2.1/32"],
-				"subdomain": "q15l7x2lbw",
-				"created_at": "2020-05-18T22:07:03Z",
-				"updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`, id)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsProxyEndpoint{
-		ID:        id,
-		Name:      "test",
-		IPs:       []string{"192.0.2.1/32"},
-		Subdomain: "q15l7x2lbw",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints", testAccountID), handler)
-
-	actual, err := client.CreateTeamsProxyEndpoint(context.Background(), testAccountID, TeamsProxyEndpoint{})
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateProxyEndpoint(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, err := fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "%s",
-				"name": "new",
-				"ips": ["192.0.2.1/32"],
-				"subdomain": "q15l7x2lbw",
-				"created_at": "2020-05-18T22:07:03Z",
-				"updated_at": "2020-05-18T22:07:05Z"
-			}
-		}`, id)
-		require.Nil(t, err)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:03Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2020-05-18T22:07:05Z")
-
-	want := TeamsProxyEndpoint{
-		ID:        id,
-		Name:      "new",
-		IPs:       []string{"192.0.2.1/32"},
-		Subdomain: "q15l7x2lbw",
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
-
-	actual, err := client.UpdateTeamsProxyEndpoint(context.Background(), testAccountID, TeamsProxyEndpoint{
-		ID: id,
-	})
-	require.Nil(t, err)
-	assert.Equal(t, want, actual)
-}
-
-func TestDeleteProxyEndpoint(t *testing.T) {
-	setup()
-	defer teardown()
-
-	id := "0f8185414dec4a5e9034f3d917c17890"
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/gateway/proxy_endpoints/%s", testAccountID, id), handler)
-	err := client.DeleteTeamsProxyEndpoint(context.Background(), testAccountID, id)
-	require.Nil(t, err)
-}
diff --git a/pkg/cloudflare-go/teams_rules.go b/pkg/cloudflare-go/teams_rules.go
deleted file mode 100644
index b03c012157..0000000000
--- a/pkg/cloudflare-go/teams_rules.go
+++ /dev/null
@@ -1,356 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type TeamsRuleSettings struct {
-	// list of ipv4 or ipv6 ips to override with, when action is set to dns override
-	OverrideIPs []string `json:"override_ips"`
-
-	// show this string at block page caused by this rule
-	BlockReason string `json:"block_reason"`
-
-	// host name to override with when action is set to dns override. Can not be used with OverrideIPs
-	OverrideHost string `json:"override_host"`
-
-	// settings for browser isolation actions
-	BISOAdminControls *TeamsBISOAdminControlSettings `json:"biso_admin_controls"`
-
-	// settings for l4(network) level overrides
-	L4Override *TeamsL4OverrideSettings `json:"l4override"`
-
-	// settings for adding headers to http requests
-	AddHeaders http.Header `json:"add_headers"`
-
-	// settings for session check in allow action
-	CheckSession *TeamsCheckSessionSettings `json:"check_session"`
-
-	// Enable block page on rules with action block
-	BlockPageEnabled bool `json:"block_page_enabled"`
-
-	// whether to disable dnssec validation for allow action
-	InsecureDisableDNSSECValidation bool `json:"insecure_disable_dnssec_validation"`
-
-	// settings for rules with egress action
-	EgressSettings *EgressSettings `json:"egress"`
-
-	// DLP payload logging configuration
-	PayloadLog *TeamsDlpPayloadLogSettings `json:"payload_log"`
-
-	//AuditSsh Settings
-	AuditSSH *AuditSSHRuleSettings `json:"audit_ssh"`
-
-	// Turns on ip category based filter on dns if the rule contains dns category checks
-	IPCategories bool `json:"ip_categories"`
-
-	// Allow parent MSP accounts to enable bypass their children's rules. Do not set them for non MSP accounts.
-	AllowChildBypass *bool `json:"allow_child_bypass,omitempty"`
-
-	// Allow child MSP accounts to bypass their parent's rules. Do not set them for non MSP accounts.
-	BypassParentRule *bool `json:"bypass_parent_rule,omitempty"`
-
-	// Action taken when an untrusted origin certificate error occurs in a http allow rule
-	UntrustedCertSettings *UntrustedCertSettings `json:"untrusted_cert"`
-
-	// Specifies that a resolver policy should use Cloudflare's DNS Resolver.
-	ResolveDnsThroughCloudflare *bool `json:"resolve_dns_through_cloudflare,omitempty"`
-
-	// Resolver policy settings.
-	DnsResolverSettings *TeamsDnsResolverSettings `json:"dns_resolvers,omitempty"`
-
-	NotificationSettings *TeamsNotificationSettings `json:"notification_settings"`
-}
-
-type TeamsGatewayUntrustedCertAction string
-
-const (
-	UntrustedCertPassthrough TeamsGatewayUntrustedCertAction = "pass_through"
-	UntrustedCertBlock       TeamsGatewayUntrustedCertAction = "block"
-	UntrustedCertError       TeamsGatewayUntrustedCertAction = "error"
-)
-
-type UntrustedCertSettings struct {
-	Action TeamsGatewayUntrustedCertAction `json:"action"`
-}
-
-type TeamsNotificationSettings struct {
-	Enabled    *bool  `json:"enabled,omitempty"`
-	Message    string `json:"msg"`
-	SupportURL string `json:"support_url"`
-}
-
-type AuditSSHRuleSettings struct {
-	CommandLogging bool `json:"command_logging"`
-}
-
-type EgressSettings struct {
-	Ipv6Range    string `json:"ipv6"`
-	Ipv4         string `json:"ipv4"`
-	Ipv4Fallback string `json:"ipv4_fallback"`
-}
-
-// TeamsL4OverrideSettings used in l4 filter type rule with action set to override.
-type TeamsL4OverrideSettings struct {
-	IP   string `json:"ip,omitempty"`
-	Port int    `json:"port,omitempty"`
-}
-
-type TeamsBISOAdminControlSettings struct {
-	DisablePrinting             bool `json:"dp"`
-	DisableCopyPaste            bool `json:"dcp"`
-	DisableDownload             bool `json:"dd"`
-	DisableUpload               bool `json:"du"`
-	DisableKeyboard             bool `json:"dk"`
-	DisableClipboardRedirection bool `json:"dcr"`
-}
-
-type TeamsCheckSessionSettings struct {
-	Enforce  bool     `json:"enforce"`
-	Duration Duration `json:"duration"`
-}
-
-type (
-	TeamsDnsResolverSettings struct {
-		V4Resolvers []TeamsDnsResolverAddressV4 `json:"ipv4,omitempty"`
-		V6Resolvers []TeamsDnsResolverAddressV6 `json:"ipv6,omitempty"`
-	}
-
-	TeamsDnsResolverAddressV4 struct {
-		TeamsDnsResolverAddress
-	}
-
-	TeamsDnsResolverAddressV6 struct {
-		TeamsDnsResolverAddress
-	}
-
-	TeamsDnsResolverAddress struct {
-		IP                         string `json:"ip"`
-		Port                       *int   `json:"port,omitempty"`
-		VnetID                     string `json:"vnet_id,omitempty"`
-		RouteThroughPrivateNetwork *bool  `json:"route_through_private_network,omitempty"`
-	}
-)
-
-type TeamsDlpPayloadLogSettings struct {
-	Enabled bool `json:"enabled"`
-}
-
-type TeamsFilterType string
-
-type TeamsGatewayAction string
-
-const (
-	HttpFilter        TeamsFilterType = "http"
-	DnsFilter         TeamsFilterType = "dns"
-	L4Filter          TeamsFilterType = "l4"
-	EgressFilter      TeamsFilterType = "egress"
-	DnsResolverFilter TeamsFilterType = "dns_resolver"
-)
-
-const (
-	Allow        TeamsGatewayAction = "allow"        // dns|http|l4
-	Block        TeamsGatewayAction = "block"        // dns|http|l4
-	SafeSearch   TeamsGatewayAction = "safesearch"   // dns
-	YTRestricted TeamsGatewayAction = "ytrestricted" // dns
-	On           TeamsGatewayAction = "on"           // http
-	Off          TeamsGatewayAction = "off"          // http
-	Scan         TeamsGatewayAction = "scan"         // http
-	NoScan       TeamsGatewayAction = "noscan"       // http
-	Isolate      TeamsGatewayAction = "isolate"      // http
-	NoIsolate    TeamsGatewayAction = "noisolate"    // http
-	Override     TeamsGatewayAction = "override"     // http
-	L4Override   TeamsGatewayAction = "l4_override"  // l4
-	Egress       TeamsGatewayAction = "egress"       // egress
-	AuditSSH     TeamsGatewayAction = "audit_ssh"    // l4
-	Resolve      TeamsGatewayAction = "resolve"      // resolve
-)
-
-func TeamsRulesActionValues() []string {
-	return []string{
-		string(Allow),
-		string(Block),
-		string(SafeSearch),
-		string(YTRestricted),
-		string(On),
-		string(Off),
-		string(Scan),
-		string(NoScan),
-		string(Isolate),
-		string(NoIsolate),
-		string(Override),
-		string(L4Override),
-		string(Egress),
-		string(AuditSSH),
-		string(Resolve),
-	}
-}
-
-func TeamsRulesUntrustedCertActionValues() []string {
-	return []string{
-		string(UntrustedCertPassthrough),
-		string(UntrustedCertBlock),
-		string(UntrustedCertError),
-	}
-}
-
-// TeamsRule represents an Teams wirefilter rule.
-type TeamsRule struct {
-	ID            string             `json:"id,omitempty"`
-	CreatedAt     *time.Time         `json:"created_at,omitempty"`
-	UpdatedAt     *time.Time         `json:"updated_at,omitempty"`
-	DeletedAt     *time.Time         `json:"deleted_at,omitempty"`
-	Name          string             `json:"name"`
-	Description   string             `json:"description"`
-	Precedence    uint64             `json:"precedence"`
-	Enabled       bool               `json:"enabled"`
-	Action        TeamsGatewayAction `json:"action"`
-	Filters       []TeamsFilterType  `json:"filters"`
-	Traffic       string             `json:"traffic"`
-	Identity      string             `json:"identity"`
-	DevicePosture string             `json:"device_posture"`
-	Version       uint64             `json:"version"`
-	RuleSettings  TeamsRuleSettings  `json:"rule_settings,omitempty"`
-}
-
-// TeamsRuleResponse is the API response, containing a single rule.
-type TeamsRuleResponse struct {
-	Response
-	Result TeamsRule `json:"result"`
-}
-
-// TeamsRuleResponse is the API response, containing an array of rules.
-type TeamsRulesResponse struct {
-	Response
-	Result []TeamsRule `json:"result"`
-}
-
-// TeamsRulePatchRequest is used to patch an existing rule.
-type TeamsRulePatchRequest struct {
-	ID           string             `json:"id"`
-	Name         string             `json:"name"`
-	Description  string             `json:"description"`
-	Precedence   uint64             `json:"precedence"`
-	Enabled      bool               `json:"enabled"`
-	Action       TeamsGatewayAction `json:"action"`
-	RuleSettings TeamsRuleSettings  `json:"rule_settings,omitempty"`
-}
-
-// TeamsRules returns all rules within an account.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsRules(ctx context.Context, accountID string) ([]TeamsRule, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TeamsRule{}, err
-	}
-
-	var teamsRulesResponse TeamsRulesResponse
-	err = json.Unmarshal(res, &teamsRulesResponse)
-	if err != nil {
-		return []TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsRulesResponse.Result, nil
-}
-
-// TeamsRule returns the rule with rule ID in the URL.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsRule(ctx context.Context, accountID string, ruleId string) (TeamsRule, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TeamsRule{}, err
-	}
-
-	var teamsRuleResponse TeamsRuleResponse
-	err = json.Unmarshal(res, &teamsRuleResponse)
-	if err != nil {
-		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsRuleResponse.Result, nil
-}
-
-// TeamsCreateRule creates a rule with wirefilter expression.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsCreateRule(ctx context.Context, accountID string, rule TeamsRule) (TeamsRule, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, rule)
-	if err != nil {
-		return TeamsRule{}, err
-	}
-
-	var teamsRuleResponse TeamsRuleResponse
-	err = json.Unmarshal(res, &teamsRuleResponse)
-	if err != nil {
-		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsRuleResponse.Result, nil
-}
-
-// TeamsUpdateRule updates a rule with wirefilter expression.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsUpdateRule(ctx context.Context, accountID string, ruleId string, rule TeamsRule) (TeamsRule, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, rule)
-	if err != nil {
-		return TeamsRule{}, err
-	}
-
-	var teamsRuleResponse TeamsRuleResponse
-	err = json.Unmarshal(res, &teamsRuleResponse)
-	if err != nil {
-		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsRuleResponse.Result, nil
-}
-
-// TeamsPatchRule patches a rule associated values.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsPatchRule(ctx context.Context, accountID string, ruleId string, rule TeamsRulePatchRequest) (TeamsRule, error) {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, rule)
-	if err != nil {
-		return TeamsRule{}, err
-	}
-
-	var teamsRuleResponse TeamsRuleResponse
-	err = json.Unmarshal(res, &teamsRuleResponse)
-	if err != nil {
-		return TeamsRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return teamsRuleResponse.Result, nil
-}
-
-// TeamsDeleteRule deletes a rule.
-//
-// API reference: https://api.cloudflare.com/#teams-rules-properties
-func (api *API) TeamsDeleteRule(ctx context.Context, accountID string, ruleId string) error {
-	uri := fmt.Sprintf("/accounts/%s/gateway/rules/%s", accountID, ruleId)
-
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/teams_rules_test.go b/pkg/cloudflare-go/teams_rules_test.go
deleted file mode 100644
index 226ce50bb2..0000000000
--- a/pkg/cloudflare-go/teams_rules_test.go
+++ /dev/null
@@ -1,770 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestTeamsRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-				  "id": "7559a944-3dd7-41bf-b183-360a814a8c36",
-				  "name": "rule1",
-				  "description": "rule description",
-				  "precedence": 1000,
-				  "enabled": false,
-				  "action": "isolate",
-				  "filters": [
-					"http"
-				  ],
-				  "created_at": "2014-01-01T05:20:00.12345Z",
-				  "updated_at": "2014-01-01T05:20:00.12345Z",
-				  "deleted_at": null,
-				  "traffic": "http.host == \"example.com\"",
-				  "identity": "",
-				  "version": 1,
-				  "rule_settings": {
-					"block_page_enabled": false,
-					"block_reason": "",
-					"override_ips": null,
-					"override_host": "",
-					"l4override": null,
-					"biso_admin_controls": null,
-					"add_headers": null,
-					"check_session": {
-						"enforce": true,
-						"duration": "15m0s"
-					},
-                    "insecure_disable_dnssec_validation": false,
-					"untrusted_cert": {
-						"action": "error"
-					},
-					"dns_resolvers": {
-						"ipv4": [
-							{"ip": "10.0.0.2", "port": 5053},
-							{
-								"ip": "192.168.0.2",
-								"vnet_id": "16fd7a32-11f0-4687-a0bb-7031d241e184",
-								"route_through_private_network": true
-							}
-						],
-						"ipv6": [
-							{"ip": "2460::1"}
-						]
-					},
-					"notification_settings": {
-						"enabled": true,
-						"msg": "message",
-						"support_url": "https://hello.com"
-					}
-				  }
-				},
-				{
-				  "id": "9ae57318-f32e-46b3-b889-48dd6dcc49af",
-				  "name": "rule2",
-				  "description": "rule description 2",
-				  "precedence": 2000,
-				  "enabled": true,
-				  "action": "block",
-				  "filters": [
-					"http"
-				  ],
-				  "created_at": "2014-01-01T05:20:00.12345Z",
-				  "updated_at": "2014-01-01T05:20:00.12345Z",
-				  "deleted_at": null,
-				  "traffic": "http.host == \"abcd.com\"",
-				  "identity": "",
-				  "version": 1,
-				  "rule_settings": {
-					"block_page_enabled": true,
-					"block_reason": "",
-					"override_ips": null,
-					"override_host": "",
-					"l4override": null,
-					"biso_admin_controls": null,
-					"add_headers": null,
-					"check_session": null,
-                    "insecure_disable_dnssec_validation": true,
-					"untrusted_cert": {
-						"action": "pass_through"
-					},
-					"resolve_dns_through_cloudflare": true
-				  }
-				}
-			]
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := []TeamsRule{{
-		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
-		Name:          "rule1",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       false,
-		Action:        Isolate,
-		Filters:       []TeamsFilterType{HttpFilter},
-		Traffic:       `http.host == "example.com"`,
-		DevicePosture: "",
-		Identity:      "",
-		Version:       1,
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:  false,
-			BlockReason:       "",
-			OverrideIPs:       nil,
-			OverrideHost:      "",
-			L4Override:        nil,
-			AddHeaders:        nil,
-			BISOAdminControls: nil,
-			CheckSession: &TeamsCheckSessionSettings{
-				Enforce:  true,
-				Duration: Duration{900 * time.Second},
-			},
-			InsecureDisableDNSSECValidation: false,
-			UntrustedCertSettings: &UntrustedCertSettings{
-				Action: UntrustedCertError,
-			},
-			DnsResolverSettings: &TeamsDnsResolverSettings{
-				V4Resolvers: []TeamsDnsResolverAddressV4{
-					{
-						TeamsDnsResolverAddress{
-							IP:   "10.0.0.2",
-							Port: IntPtr(5053),
-						},
-					},
-					{
-						TeamsDnsResolverAddress{
-							IP:                         "192.168.0.2",
-							VnetID:                     "16fd7a32-11f0-4687-a0bb-7031d241e184",
-							RouteThroughPrivateNetwork: BoolPtr(true),
-						},
-					},
-				},
-				V6Resolvers: []TeamsDnsResolverAddressV6{
-					{
-						TeamsDnsResolverAddress{
-							IP: "2460::1",
-						},
-					},
-				},
-			},
-			NotificationSettings: &TeamsNotificationSettings{
-				Enabled:    BoolPtr(true),
-				Message:    "message",
-				SupportURL: "https://hello.com",
-			},
-		},
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		DeletedAt: nil,
-	},
-		{
-			ID:            "9ae57318-f32e-46b3-b889-48dd6dcc49af",
-			Name:          "rule2",
-			Description:   "rule description 2",
-			Precedence:    2000,
-			Enabled:       true,
-			Action:        Block,
-			Filters:       []TeamsFilterType{HttpFilter},
-			Traffic:       `http.host == "abcd.com"`,
-			Identity:      "",
-			DevicePosture: "",
-			Version:       1,
-			RuleSettings: TeamsRuleSettings{
-				BlockPageEnabled:  true,
-				BlockReason:       "",
-				OverrideIPs:       nil,
-				OverrideHost:      "",
-				L4Override:        nil,
-				AddHeaders:        nil,
-				BISOAdminControls: nil,
-				CheckSession:      nil,
-				// setting is invalid for block rules, just testing serialization here
-				InsecureDisableDNSSECValidation: true,
-				UntrustedCertSettings: &UntrustedCertSettings{
-					Action: UntrustedCertPassthrough,
-				},
-				ResolveDnsThroughCloudflare: BoolPtr(true),
-			},
-			CreatedAt: &createdAt,
-			UpdatedAt: &updatedAt,
-			DeletedAt: nil,
-		}}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
-
-	actual, err := client.TeamsRules(context.Background(), testAccountID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "7559a944-3dd7-41bf-b183-360a814a8c36",
-				"name": "rule1",
-				"description": "rule description",
-				"precedence": 1000,
-				"enabled": false,
-				"action": "isolate",
-				"filters": [
-					"http"
-				],
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-01-01T05:20:00.12345Z",
-				"deleted_at": null,
-				"traffic": "http.host == \"abcd.com\"",
-				"identity": "",
-				"version": 1,
-				"rule_settings": {
-					"block_page_enabled": false,
-					"block_reason": "",
-					"override_ips": null,
-					"override_host": "",
-					"l4override": null,
-					"biso_admin_controls": null,
-					"add_headers": null,
-					"check_session": {
-						"enforce": true,
-						"duration": "15m0s"
-					},
-                    "insecure_disable_dnssec_validation": false,
-					"untrusted_cert": {
-						"action": "block"
-					}
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := TeamsRule{
-		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
-		Name:          "rule1",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       false,
-		Action:        Isolate,
-		Filters:       []TeamsFilterType{HttpFilter},
-		Traffic:       `http.host == "abcd.com"`,
-		Identity:      "",
-		DevicePosture: "",
-		Version:       1,
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:  false,
-			BlockReason:       "",
-			OverrideIPs:       nil,
-			OverrideHost:      "",
-			L4Override:        nil,
-			AddHeaders:        nil,
-			BISOAdminControls: nil,
-			CheckSession: &TeamsCheckSessionSettings{
-				Enforce:  true,
-				Duration: Duration{900 * time.Second},
-			},
-			InsecureDisableDNSSECValidation: false,
-			UntrustedCertSettings: &UntrustedCertSettings{
-				Action: UntrustedCertBlock,
-			},
-		},
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
-
-	actual, err := client.TeamsRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsCreateHTTPRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "rule1",
-				"description": "rule description",
-				"precedence": 1000,
-				"enabled": false,
-				"action": "isolate",
-				"filters": [
-					"http"
-				],
-				"traffic": "http.host == \"abcd.com\"",
-				"identity": "",
-				"rule_settings": {
-					"block_page_enabled": false,
-					"biso_admin_controls": {"dp": true, "du": true, "dk": true},
-					"add_headers": {
-						"X-Test": ["abcd"]
-					},
-					"check_session": {
-						"enforce": true,
-						"duration": "5m0s"
-					},
-                    "insecure_disable_dnssec_validation": false
-				}
-			}
-		}
-		`)
-	}
-
-	want := TeamsRule{
-		Name:          "rule1",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       false,
-		Action:        Isolate,
-		Filters:       []TeamsFilterType{HttpFilter},
-		Traffic:       `http.host == "abcd.com"`,
-		Identity:      "",
-		DevicePosture: "",
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled: false,
-			BlockReason:      "",
-			OverrideIPs:      nil,
-			OverrideHost:     "",
-			L4Override:       nil,
-			AddHeaders:       http.Header{"X-Test": []string{"abcd"}},
-			BISOAdminControls: &TeamsBISOAdminControlSettings{
-				DisablePrinting: true,
-				DisableKeyboard: true,
-				DisableUpload:   true,
-			},
-			CheckSession: &TeamsCheckSessionSettings{
-				Enforce:  true,
-				Duration: Duration{300 * time.Second},
-			},
-			InsecureDisableDNSSECValidation: false,
-			EgressSettings:                  nil,
-		},
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
-
-	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsCreateEgressRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "egress via chicago",
-				"description": "rule description",
-				"precedence": 1000,
-				"enabled": false,
-				"action": "egress",
-				"filters": [
-					"egress"
-				],
-				"traffic": "net.src.geo.country == \"US\"",
-				"identity": "",
-				"rule_settings": {
-					"egress": {
-						"ipv6": "2a06:98c1:54::c61/64",
-						"ipv4": "2.2.2.2",
-						"ipv4_fallback": "1.1.1.1"
-					}
-				}
-			}
-		}
-		`)
-	}
-
-	want := TeamsRule{
-		Name:          "egress via chicago",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       false,
-		Action:        Egress,
-		Filters:       []TeamsFilterType{EgressFilter},
-		Traffic:       `net.src.geo.country == "US"`,
-		Identity:      "",
-		DevicePosture: "",
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:                false,
-			BlockReason:                     "",
-			OverrideIPs:                     nil,
-			OverrideHost:                    "",
-			L4Override:                      nil,
-			AddHeaders:                      nil,
-			BISOAdminControls:               nil,
-			CheckSession:                    nil,
-			InsecureDisableDNSSECValidation: false,
-			EgressSettings: &EgressSettings{
-				Ipv6Range:    "2a06:98c1:54::c61/64",
-				Ipv4:         "2.2.2.2",
-				Ipv4Fallback: "1.1.1.1",
-			},
-		},
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
-
-	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsCreateL4Rule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "block 4.4.4.4",
-				"description": "rule description",
-				"precedence": 1000,
-				"enabled": true,
-				"action": "audit_ssh",
-				"filters": [
-					"l4"
-				],
-				"traffic": "net.src.geo.country == \"US\"",
-				"identity": "",
-				"rule_settings": {
-					"audit_ssh": { "command_logging": true }
-				}
-			}
-		}
-		`)
-	}
-
-	want := TeamsRule{
-		Name:          "block 4.4.4.4",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       true,
-		Action:        AuditSSH,
-		Filters:       []TeamsFilterType{L4Filter},
-		Traffic:       `net.src.geo.country == "US"`,
-		Identity:      "",
-		DevicePosture: "",
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:                false,
-			BlockReason:                     "",
-			OverrideIPs:                     nil,
-			OverrideHost:                    "",
-			L4Override:                      nil,
-			AddHeaders:                      nil,
-			BISOAdminControls:               nil,
-			CheckSession:                    nil,
-			InsecureDisableDNSSECValidation: false,
-			EgressSettings:                  nil,
-			AuditSSH: &AuditSSHRuleSettings{
-				CommandLogging: true,
-			},
-		},
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
-
-	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsCreateResolverPolicy(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "resolve 4.4.4.4",
-				"description": "rule description",
-				"precedence": 1000,
-				"enabled": true,
-				"action": "resolve",
-				"filters": [
-					"dns_resolver"
-				],
-				"traffic": "any(dns.domains[*] == \"scottstots.com\")",
-				"identity": "",
-				"rule_settings": {
-					"audit_ssh": { "command_logging": true },
-					"resolve_dns_through_cloudflare": true
-				}
-			}
-		}
-		`)
-	}
-
-	want := TeamsRule{
-		Name:          "resolve 4.4.4.4",
-		Description:   "rule description",
-		Precedence:    1000,
-		Enabled:       true,
-		Action:        Resolve,
-		Filters:       []TeamsFilterType{DnsResolverFilter},
-		Traffic:       `any(dns.domains[*] == "scottstots.com")`,
-		Identity:      "",
-		DevicePosture: "",
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:                false,
-			BlockReason:                     "",
-			OverrideIPs:                     nil,
-			OverrideHost:                    "",
-			L4Override:                      nil,
-			AddHeaders:                      nil,
-			BISOAdminControls:               nil,
-			CheckSession:                    nil,
-			InsecureDisableDNSSECValidation: false,
-			EgressSettings:                  nil,
-			AuditSSH: &AuditSSHRuleSettings{
-				CommandLogging: true,
-			},
-			ResolveDnsThroughCloudflare: BoolPtr(true),
-		},
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules", handler)
-
-	actual, err := client.TeamsCreateRule(context.Background(), testAccountID, want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsUpdateRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "7559a944-3dd7-41bf-b183-360a814a8c36",
-				"name": "rule_name_change",
-				"description": "rule new description",
-				"precedence": 3000,
-				"enabled": true,
-				"action": "block",
-				"filters": [
-					"http"
-				],
-				"traffic": "",
-				"identity": "",
-				"created_at": "2014-01-01T05:20:00.12345Z",
-				"updated_at": "2014-02-01T05:20:00.12345Z",
-				"rule_settings": {
-					"block_page_enabled": false,
-					"block_reason": "",
-					"override_ips": null,
-					"override_host": "",
-					"l4override": null,
-					"biso_admin_controls": null,
-					"add_headers": null,
-					"check_session": null,
-                    "insecure_disable_dnssec_validation": false
-				}
-			}
-		}
-		`)
-	}
-
-	createdAt, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2014-02-01T05:20:00.12345Z")
-
-	want := TeamsRule{
-		ID:            "7559a944-3dd7-41bf-b183-360a814a8c36",
-		Name:          "rule_name_change",
-		Description:   "rule new description",
-		Precedence:    3000,
-		Enabled:       true,
-		Action:        Block,
-		Filters:       []TeamsFilterType{HttpFilter},
-		Traffic:       "",
-		Identity:      "",
-		DevicePosture: "",
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:                false,
-			BlockReason:                     "",
-			OverrideIPs:                     nil,
-			OverrideHost:                    "",
-			L4Override:                      nil,
-			AddHeaders:                      nil,
-			BISOAdminControls:               nil,
-			CheckSession:                    nil,
-			InsecureDisableDNSSECValidation: false,
-		},
-		CreatedAt: &createdAt,
-		UpdatedAt: &updatedAt,
-		DeletedAt: nil,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
-
-	actual, err := client.TeamsUpdateRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36", want)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTeamsPatchRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'Patch', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"name": "rule_name_change",
-				"description": "rule new description",
-				"precedence": 3000,
-				"enabled": true,
-				"action": "block",
-				"rule_settings": {
-					"block_page_enabled": false,
-					"block_reason": "",
-					"override_ips": null,
-					"override_host": "",
-					"l4override": null,
-					"biso_admin_controls": null,
-					"add_headers": null,
-					"check_session": null,
-                    "insecure_disable_dnssec_validation": false
-				}
-			}
-		}
-		`)
-	}
-
-	reqBody := TeamsRulePatchRequest{
-		Name:        "rule_name_change",
-		Description: "rule new description",
-		Precedence:  3000,
-		Enabled:     true,
-		Action:      Block,
-		RuleSettings: TeamsRuleSettings{
-			BlockPageEnabled:                false,
-			BlockReason:                     "",
-			OverrideIPs:                     nil,
-			OverrideHost:                    "",
-			L4Override:                      nil,
-			AddHeaders:                      nil,
-			BISOAdminControls:               nil,
-			CheckSession:                    nil,
-			InsecureDisableDNSSECValidation: false,
-		},
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
-
-	actual, err := client.TeamsPatchRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36", reqBody)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, actual.Name, "rule_name_change")
-		assert.Equal(t, actual.Description, "rule new description")
-		assert.Equal(t, actual.Precedence, uint64(3000))
-		assert.Equal(t, actual.Action, Block)
-		assert.Equal(t, actual.Enabled, true)
-	}
-}
-
-func TestTeamsDeleteRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'Delete', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": nil
-		}
-		`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/gateway/rules/7559a9443dd741bfb183360a814a8c36", handler)
-
-	err := client.TeamsDeleteRule(context.Background(), testAccountID, "7559a9443dd741bfb183360a814a8c36")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
deleted file mode 100644
index 5ff33aac68..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_1.json
+++ /dev/null
@@ -1,80 +0,0 @@
-{
-    "success": true,
-    "errors": [],
-    "messages": [],
-    "result": [
-        {
-            "id": "372e67954025e0ba6aaa6d586b9e0b59",
-            "type": "A",
-            "name": "example.com",
-            "content": "198.51.100.4",
-            "proxiable": true,
-            "proxied": true,
-            "ttl": 120,
-            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
-            "zone_name": "example.com",
-            "created_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "data": {},
-            "meta": {
-                "auto_added": true,
-                "source": "primary"
-            },
-            "tags": [
-                "tag1",
-                "tag2extended"
-            ]
-        },
-        {
-            "id": "7eb0a9821aec4b1395bd8cc03d88c17d",
-            "type": "A",
-            "name": "sub1.example.com",
-            "content": "198.51.100.5",
-            "proxiable": true,
-            "proxied": false,
-            "ttl": 120,
-            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
-            "zone_name": "example.com",
-            "created_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "data": {},
-            "meta": {
-                "auto_added": true,
-                "source": "primary"
-            },
-            "tags": [
-                "tag1",
-                "tag2extended"
-            ]
-        },
-        {
-            "id": "4c2c40857e334a2d903dd28f65a99682",
-            "type": "A",
-            "name": "sub2.example.com",
-            "content": "198.51.100.6",
-            "proxiable": true,
-            "proxied": true,
-            "ttl": 120,
-            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
-            "zone_name": "example.com",
-            "created_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "data": {},
-            "meta": {
-                "auto_added": true,
-                "source": "primary"
-            },
-            "tags": [
-                "tag1",
-                "tag2extended"
-            ]
-        }
-    ],
-    "result_info": {
-        "count": 3,
-        "page": 1,
-        "per_page": 3,
-        "total_count": 5,
-        "total_pages": 2
-    }
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json b/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
deleted file mode 100644
index f783aa4497..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/dns/list_page_2.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-    "success": true,
-    "errors": [],
-    "messages": [],
-    "result": [
-        {
-            "id": "97e1dc2d19204b448b6ee04724f005ba",
-            "type": "A",
-            "name": "sub3.example.com",
-            "content": "198.51.100.7",
-            "proxiable": true,
-            "proxied": false,
-            "ttl": 120,
-            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
-            "zone_name": "example.com",
-            "created_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "data": {},
-            "meta": {
-                "auto_added": true,
-                "source": "primary"
-            },
-            "tags": [
-                "tag1",
-                "tag2extended"
-            ]
-        },
-        {
-            "id": "5bafaa7059d3480da9f6e2ecd8468c33",
-            "type": "A",
-            "name": "sub4.example.com",
-            "content": "198.51.100.8",
-            "proxiable": true,
-            "proxied": false,
-            "ttl": 120,
-            "zone_id": "d56084adb405e0b7e32c52321bf07be6",
-            "zone_name": "example.com",
-            "created_on": "2014-01-01T05:20:00Z",
-            "modified_on": "2014-01-01T05:20:00Z",
-            "data": {},
-            "meta": {
-                "auto_added": true,
-                "source": "primary"
-            },
-            "tags": [
-                "tag1",
-                "tag2extended"
-            ]
-        }
-    ],
-    "result_info": {
-        "count": 2,
-        "page": 2,
-        "per_page": 3,
-        "total_count": 5,
-        "total_pages": 2
-    }
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
deleted file mode 100644
index f8bc039b5c..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_full.json
+++ /dev/null
@@ -1,17 +0,0 @@
-{
-  "errors": [],
-  "messages": [],
-  "result": {
-    "variant": {
-      "id": "hero",
-      "neverRequireSignedURLs": true,
-      "options": {
-        "fit": "scale-down",
-        "height": 768,
-        "metadata": "none",
-        "width": 1366
-      }
-    }
-  },
-  "success": true
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json b/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
deleted file mode 100644
index 1838aa6ce3..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/images_variants/single_list.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-  "errors": [],
-  "messages": [],
-  "result": {
-    "variants": {
-      "hero": {
-        "id": "hero",
-        "neverRequireSignedURLs": true,
-        "options": {
-          "fit": "scale-down",
-          "height": 768,
-          "metadata": "none",
-          "width": 1366
-        }
-      }
-    }
-  },
-  "success": true
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
deleted file mode 100644
index 41e642cb40..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/tunnel/configuration.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "config": {
-      "warp-routing": { "enabled": true },
-      "originRequest": { "connectTimeout": 10 },
-      "ingress": [
-        { "hostname": "test.example.com", "service": "https://localhost:8000", "originRequest": { "noTLSVerify": true } },
-        { "service": "http_status:404" }
-      ]
-    },
-    "tunnel_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-    "version": 5,
-    "created_at": "2021-01-25T18:22:34.317854Z"
-  }
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
deleted file mode 100644
index ca0f4176fc..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/tunnel/empty.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "success": true,
-  "errors": [],
-  "messages": []
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
deleted file mode 100644
index 586dd9003a..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/tunnel/multiple_full.json
+++ /dev/null
@@ -1,30 +0,0 @@
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-      "name": "blog",
-      "created_at": "2009-11-10T23:00:00Z",
-      "deleted_at": "2009-11-10T23:00:00Z",
-      "connections": [
-        {
-          "colo_name": "DFW",
-          "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-          "is_pending_reconnect": false,
-          "client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-          "client_version": "2022.2.0",
-          "opened_at": "2021-01-25T18:22:34.317854Z",
-          "origin_ip": "198.51.100.1"
-        }
-      ]
-    }
-  ],
-  "result_info": {
-    "count": 1,
-    "page": 1,
-    "per_page": 20,
-    "total_count": 1
-  }
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
deleted file mode 100644
index 6eb38f30cc..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/tunnel/single_full.json
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-    "name": "blog",
-    "created_at": "2009-11-10T23:00:00Z",
-    "deleted_at": "2009-11-10T23:00:00Z",
-    "connections": [
-      {
-        "colo_name": "DFW",
-        "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-        "is_pending_reconnect": false,
-        "client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-        "client_version": "2022.2.0",
-        "opened_at": "2021-01-25T18:22:34.317854Z",
-        "origin_ip": "198.51.100.1"
-      }
-    ],
-    "status": "healthy",
-    "tun_type": "cfd_tunnel",
-    "remote_config": true
-  }
-}
diff --git a/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json b/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
deleted file mode 100644
index 9e1a53407c..0000000000
--- a/pkg/cloudflare-go/testdata/fixtures/tunnel/token.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": "ZHNraGdhc2RraGFza2hqZGFza2poZGFza2poYXNrZGpoYWtzamRoa2FzZGpoa2FzamRoa2Rhc2po\na2FzamRoa2FqCg=="
-}
diff --git a/pkg/cloudflare-go/tiered_cache.go b/pkg/cloudflare-go/tiered_cache.go
deleted file mode 100644
index a6e845084b..0000000000
--- a/pkg/cloudflare-go/tiered_cache.go
+++ /dev/null
@@ -1,317 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type TieredCacheType int
-
-const (
-	TieredCacheOff     TieredCacheType = 0
-	TieredCacheGeneric TieredCacheType = 1
-	TieredCacheSmart   TieredCacheType = 2
-)
-
-func (e TieredCacheType) String() string {
-	switch e {
-	case TieredCacheGeneric:
-		return "generic"
-	case TieredCacheSmart:
-		return "smart"
-	case TieredCacheOff:
-		return "off"
-	default:
-		return fmt.Sprintf("%d", int(e))
-	}
-}
-
-type TieredCache struct {
-	Type         TieredCacheType
-	LastModified time.Time
-}
-
-// GetTieredCache allows you to retrieve the current Tiered Cache Settings for a Zone.
-// This function does not support custom topologies, only Generic and Smart Tiered Caching.
-//
-// API Reference: https://api.cloudflare.com/#smart-tiered-cache-get-smart-tiered-cache-setting
-// API Reference: https://api.cloudflare.com/#tiered-cache-get-tiered-cache-setting
-func (api *API) GetTieredCache(ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	var lastModified time.Time
-
-	generic, err := getGenericTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-	lastModified = generic.LastModified
-
-	smart, err := getSmartTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-
-	if smart.LastModified.After(lastModified) {
-		lastModified = smart.LastModified
-	}
-
-	if generic.Type == TieredCacheOff {
-		return TieredCache{Type: TieredCacheOff, LastModified: lastModified}, nil
-	}
-
-	if smart.Type == TieredCacheOff {
-		return TieredCache{Type: TieredCacheGeneric, LastModified: lastModified}, nil
-	}
-
-	return TieredCache{Type: TieredCacheSmart, LastModified: lastModified}, nil
-}
-
-// SetTieredCache allows you to set a zone's tiered cache topology between the available types.
-// Using the value of TieredCacheOff will disable Tiered Cache entirely.
-//
-// API Reference: https://api.cloudflare.com/#smart-tiered-cache-patch-smart-tiered-cache-setting
-// API Reference: https://api.cloudflare.com/#tiered-cache-patch-tiered-cache-setting
-func (api *API) SetTieredCache(ctx context.Context, rc *ResourceContainer, value TieredCacheType) (TieredCache, error) {
-	if value == TieredCacheOff {
-		return api.DeleteTieredCache(ctx, rc)
-	}
-
-	var lastModified time.Time
-
-	if value == TieredCacheGeneric {
-		result, err := deleteSmartTieredCache(api, ctx, rc)
-		if err != nil {
-			return TieredCache{}, err
-		}
-		lastModified = result.LastModified
-
-		result, err = enableGenericTieredCache(api, ctx, rc)
-		if err != nil {
-			return TieredCache{}, err
-		}
-
-		if result.LastModified.After(lastModified) {
-			lastModified = result.LastModified
-		}
-		return TieredCache{Type: TieredCacheGeneric, LastModified: lastModified}, nil
-	}
-
-	result, err := enableGenericTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-	lastModified = result.LastModified
-
-	result, err = enableSmartTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-
-	if result.LastModified.After(lastModified) {
-		lastModified = result.LastModified
-	}
-	return TieredCache{Type: TieredCacheSmart, LastModified: lastModified}, nil
-}
-
-// DeleteTieredCache allows you to delete the tiered cache settings for a zone.
-// This is equivalent to using SetTieredCache with the value of TieredCacheOff.
-//
-// API Reference: https://api.cloudflare.com/#smart-tiered-cache-delete-smart-tiered-cache-setting
-// API Reference: https://api.cloudflare.com/#tiered-cache-patch-tiered-cache-setting
-func (api *API) DeleteTieredCache(ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	var lastModified time.Time
-
-	result, err := deleteSmartTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-	lastModified = result.LastModified
-
-	result, err = disableGenericTieredCache(api, ctx, rc)
-	if err != nil {
-		return TieredCache{}, err
-	}
-
-	if result.LastModified.After(lastModified) {
-		lastModified = result.LastModified
-	}
-	return TieredCache{Type: TieredCacheOff, LastModified: lastModified}, nil
-}
-
-type tieredCacheResult struct {
-	ID           string    `json:"id"`
-	Value        string    `json:"value,omitempty"`
-	LastModified time.Time `json:"modified_on"`
-}
-
-type tieredCacheResponse struct {
-	Result tieredCacheResult `json:"result"`
-	Response
-}
-
-type tieredCacheSetting struct {
-	Value string `json:"value"`
-}
-
-func getGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to retrieve generic tiered cache failed")
-	}
-
-	if response.Result.Value == "off" {
-		return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
-	}
-
-	return TieredCache{Type: TieredCacheGeneric, LastModified: response.Result.LastModified}, nil
-}
-
-func getSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		var notFoundError *NotFoundError
-		if errors.As(err, &notFoundError) {
-			return TieredCache{Type: TieredCacheOff}, nil
-		}
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to retrieve smart tiered cache failed")
-	}
-
-	if response.Result.Value == "off" {
-		return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
-	}
-	return TieredCache{Type: TieredCacheSmart, LastModified: response.Result.LastModified}, nil
-}
-
-func enableGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
-	setting := tieredCacheSetting{
-		Value: "on",
-	}
-	body, err := json.Marshal(setting)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to enable generic tiered cache failed")
-	}
-
-	return TieredCache{Type: TieredCacheGeneric, LastModified: response.Result.LastModified}, nil
-}
-
-func enableSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
-	setting := tieredCacheSetting{
-		Value: "on",
-	}
-	body, err := json.Marshal(setting)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to enable smart tiered cache failed")
-	}
-
-	return TieredCache{Type: TieredCacheSmart, LastModified: response.Result.LastModified}, nil
-}
-
-func disableGenericTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/argo/tiered_caching", rc.Identifier)
-	setting := tieredCacheSetting{
-		Value: "off",
-	}
-	body, err := json.Marshal(setting)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, body)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to disable generic tiered cache failed")
-	}
-
-	return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
-}
-
-func deleteSmartTieredCache(api *API, ctx context.Context, rc *ResourceContainer) (TieredCache, error) {
-	uri := fmt.Sprintf("/zones/%s/cache/tiered_cache_smart_topology_enable", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		var notFoundError *NotFoundError
-		if errors.As(err, &notFoundError) {
-			return TieredCache{Type: TieredCacheOff}, nil
-		}
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	var response tieredCacheResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return TieredCache{Type: TieredCacheOff}, err
-	}
-
-	if !response.Success {
-		return TieredCache{Type: TieredCacheOff}, errors.New("request to disable smart tiered cache failed")
-	}
-
-	return TieredCache{Type: TieredCacheOff, LastModified: response.Result.LastModified}, nil
-}
diff --git a/pkg/cloudflare-go/tiered_cache_test.go b/pkg/cloudflare-go/tiered_cache_test.go
deleted file mode 100644
index c30ada6404..0000000000
--- a/pkg/cloudflare-go/tiered_cache_test.go
+++ /dev/null
@@ -1,321 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func createSmartTieredCacheHandler(val string, lastModified string) func(http.ResponseWriter, *http.Request) {
-	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"editable": true,
-				"id": "tiered_cache_smart_topology_enable",
-				"modified_on": "%s",
-				"value": "%s"
-            }
-          }`, lastModified, val)
-	}
-}
-
-func nonexistentSmartTieredCacheHandler() func(http.ResponseWriter, *http.Request) {
-	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(404)
-		fmt.Fprintf(w, `{
-			"result": null,
-			"success": false,
-			"errors": [
-				{
-					"code": 1142,
-					"message": "Unable to retrieve tiered_cache_smart_topology_enable setting value. The zone setting does not exist."
-				}
-			],
-			"messages": []
-		}`)
-	}
-}
-
-func createGenericTieredCacheHandler(val string, lastModified string) func(http.ResponseWriter, *http.Request) {
-	return func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "tiered_caching",
-				"value": "%s",
-				"modified_on": "%s",
-				"editable": false
-            }
-          }`, val, lastModified)
-	}
-}
-
-func TestGetTieredCache(t *testing.T) {
-	t.Run("can identify when Smart Tiered Cache", func(t *testing.T) {
-		t.Run("is disabled", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("off", lastModified))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheGeneric,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("is enabled", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheSmart,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("zone setting does not exist", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheGeneric,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-	})
-
-	t.Run("can identify when generic tiered cache", func(t *testing.T) {
-		t.Run("is disabled", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("off", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheOff,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("is enabled", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheGeneric,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-	})
-
-	t.Run("determines the latest last modified when", func(t *testing.T) {
-		t.Run("smart tiered cache zone setting does not exist", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheGeneric,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("generic tiered cache was modified more recently", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			earlier := time.Now().Add(time.Minute * -5).Format(time.RFC3339)
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", earlier))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheSmart,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("smart tiered cache was modified more recently", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			earlier := time.Now().Add(time.Minute * -5).Format(time.RFC3339)
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", earlier))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheSmart,
-				LastModified: wanted,
-			}
-
-			got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-	})
-}
-
-func TestSetTieredCache(t *testing.T) {
-	t.Run("can enable tiered caching", func(t *testing.T) {
-		t.Run("using smart caching", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", createSmartTieredCacheHandler("on", lastModified))
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheSmart,
-				LastModified: wanted,
-			}
-
-			got, err := client.SetTieredCache(context.Background(), ZoneIdentifier(testZoneID), TieredCacheSmart)
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-
-		t.Run("use generic caching", func(t *testing.T) {
-			setup()
-			defer teardown()
-
-			lastModified := time.Now().Format(time.RFC3339)
-
-			mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("on", lastModified))
-			mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
-
-			wanted, _ := time.Parse(time.RFC3339, lastModified)
-			want := TieredCache{
-				Type:         TieredCacheGeneric,
-				LastModified: wanted,
-			}
-
-			got, err := client.SetTieredCache(context.Background(), ZoneIdentifier(testZoneID), TieredCacheGeneric)
-
-			if assert.NoError(t, err) {
-				assert.Equal(t, want, got)
-			}
-		})
-	})
-}
-
-func TestDeleteTieredCache(t *testing.T) {
-	t.Run("can disable tiered caching", func(t *testing.T) {
-		setup()
-		defer teardown()
-
-		lastModified := time.Now().Format(time.RFC3339)
-
-		mux.HandleFunc("/zones/"+testZoneID+"/argo/tiered_caching", createGenericTieredCacheHandler("off", lastModified))
-		mux.HandleFunc("/zones/"+testZoneID+"/cache/tiered_cache_smart_topology_enable", nonexistentSmartTieredCacheHandler())
-
-		wanted, _ := time.Parse(time.RFC3339, lastModified)
-		want := TieredCache{
-			Type:         TieredCacheOff,
-			LastModified: wanted,
-		}
-
-		got, err := client.GetTieredCache(context.Background(), ZoneIdentifier(testZoneID))
-
-		if assert.NoError(t, err) {
-			assert.Equal(t, want, got)
-		}
-	})
-}
diff --git a/pkg/cloudflare-go/total_tls.go b/pkg/cloudflare-go/total_tls.go
deleted file mode 100644
index 5ea0bdb3b7..0000000000
--- a/pkg/cloudflare-go/total_tls.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type TotalTLS struct {
-	Enabled              *bool  `json:"enabled,omitempty"`
-	CertificateAuthority string `json:"certificate_authority,omitempty"`
-	ValidityDays         int    `json:"validity_days,omitempty"`
-}
-
-type TotalTLSResponse struct {
-	Response
-	Result TotalTLS `json:"result"`
-}
-
-// GetTotalTLS Get Total TLS Settings for a Zone.
-//
-// API Reference: https://api.cloudflare.com/#total-tls-total-tls-settings-details
-func (api *API) GetTotalTLS(ctx context.Context, rc *ResourceContainer) (TotalTLS, error) {
-	if rc.Identifier == "" {
-		return TotalTLS{}, ErrMissingZoneID
-	}
-	uri := fmt.Sprintf("/zones/%s/acm/total_tls", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TotalTLS{}, err
-	}
-
-	var r TotalTLSResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TotalTLS{}, err
-	}
-
-	return r.Result, nil
-}
-
-// SetTotalTLS Set Total TLS Settings or disable the feature for a Zone.
-//
-// API Reference: https://api.cloudflare.com/#total-tls-enable-or-disable-total-tls
-func (api *API) SetTotalTLS(ctx context.Context, rc *ResourceContainer, params TotalTLS) (TotalTLS, error) {
-	if rc.Identifier == "" {
-		return TotalTLS{}, ErrMissingZoneID
-	}
-	uri := fmt.Sprintf("/zones/%s/acm/total_tls", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return TotalTLS{}, err
-	}
-
-	var r TotalTLSResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TotalTLS{}, err
-	}
-
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/total_tls_test.go b/pkg/cloudflare-go/total_tls_test.go
deleted file mode 100644
index 3b5e239630..0000000000
--- a/pkg/cloudflare-go/total_tls_test.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestTotalTLS_GetSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/acm/total_tls", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"enabled": true,
-		"certificate_authority": "google",
-		"validity_days": 90
-	  }
-	}`)
-	})
-
-	_, err := client.GetTotalTLS(context.Background(), ZoneIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	result, err := client.GetTotalTLS(context.Background(), ZoneIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, BoolPtr(true), result.Enabled)
-		assert.Equal(t, "google", result.CertificateAuthority)
-		assert.Equal(t, 90, result.ValidityDays)
-	}
-}
-
-func TestTotalTLS_SetSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/acm/total_tls", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "enabled": true,
-    "certificate_authority": "google",
-    "validity_days": 90
-  }
-}`)
-	})
-
-	_, err := client.SetTotalTLS(context.Background(), ZoneIdentifier(""), TotalTLS{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	result, err := client.SetTotalTLS(context.Background(), ZoneIdentifier(testZoneID), TotalTLS{CertificateAuthority: "google", Enabled: BoolPtr(true)})
-	if assert.NoError(t, err) {
-		assert.Equal(t, BoolPtr(true), result.Enabled)
-		assert.Equal(t, "google", result.CertificateAuthority)
-		assert.Equal(t, 90, result.ValidityDays)
-	}
-}
diff --git a/pkg/cloudflare-go/tunnel.go b/pkg/cloudflare-go/tunnel.go
deleted file mode 100644
index 2f3f6d7c90..0000000000
--- a/pkg/cloudflare-go/tunnel.go
+++ /dev/null
@@ -1,536 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"strconv"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// A TunnelDuration is a Duration that has custom serialization for JSON.
-// JSON in Javascript assumes that int fields are 32 bits and Duration fields
-// are deserialized assuming that numbers are in nanoseconds, which in 32bit
-// integers limits to just 2 seconds. This type assumes that when
-// serializing/deserializing from JSON, that the number is in seconds, while it
-// maintains the YAML serde assumptions.
-type TunnelDuration struct {
-	time.Duration
-}
-
-func (s TunnelDuration) MarshalJSON() ([]byte, error) {
-	return json.Marshal(s.Duration.Seconds())
-}
-
-func (s *TunnelDuration) UnmarshalJSON(data []byte) error {
-	seconds, err := strconv.ParseInt(string(data), 10, 64)
-	if err != nil {
-		return err
-	}
-
-	s.Duration = time.Duration(seconds * int64(time.Second))
-	return nil
-}
-
-// ErrMissingTunnelID is for when a required tunnel ID is missing from the
-// parameters.
-var ErrMissingTunnelID = errors.New("required missing tunnel ID")
-
-// Tunnel is the struct definition of a tunnel.
-type Tunnel struct {
-	ID             string             `json:"id,omitempty"`
-	Name           string             `json:"name,omitempty"`
-	Secret         string             `json:"tunnel_secret,omitempty"`
-	CreatedAt      *time.Time         `json:"created_at,omitempty"`
-	DeletedAt      *time.Time         `json:"deleted_at,omitempty"`
-	Connections    []TunnelConnection `json:"connections,omitempty"`
-	ConnsActiveAt  *time.Time         `json:"conns_active_at,omitempty"`
-	ConnInactiveAt *time.Time         `json:"conns_inactive_at,omitempty"`
-	TunnelType     string             `json:"tun_type,omitempty"`
-	Status         string             `json:"status,omitempty"`
-	RemoteConfig   bool               `json:"remote_config,omitempty"`
-}
-
-// Connection is the struct definition of a connection.
-type Connection struct {
-	ID            string             `json:"id,omitempty"`
-	Features      []string           `json:"features,omitempty"`
-	Version       string             `json:"version,omitempty"`
-	Arch          string             `json:"arch,omitempty"`
-	Connections   []TunnelConnection `json:"conns,omitempty"`
-	RunAt         *time.Time         `json:"run_at,omitempty"`
-	ConfigVersion int                `json:"config_version,omitempty"`
-}
-
-// TunnelConnection represents the connections associated with a tunnel.
-type TunnelConnection struct {
-	ColoName           string `json:"colo_name"`
-	ID                 string `json:"id"`
-	IsPendingReconnect bool   `json:"is_pending_reconnect"`
-	ClientID           string `json:"client_id"`
-	ClientVersion      string `json:"client_version"`
-	OpenedAt           string `json:"opened_at"`
-	OriginIP           string `json:"origin_ip"`
-}
-
-// TunnelsDetailResponse is used for representing the API response payload for
-// multiple tunnels.
-type TunnelsDetailResponse struct {
-	Result []Tunnel `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// listTunnelsDefaultPageSize represents the default per_page size of the API.
-var listTunnelsDefaultPageSize int = 100
-
-// TunnelDetailResponse is used for representing the API response payload for
-// a single tunnel.
-type TunnelDetailResponse struct {
-	Result Tunnel `json:"result"`
-	Response
-}
-
-// TunnelConnectionResponse is used for representing the API response payload for
-// connections of a single tunnel.
-type TunnelConnectionResponse struct {
-	Result []Connection `json:"result"`
-	Response
-}
-
-type TunnelConfigurationResult struct {
-	TunnelID string              `json:"tunnel_id,omitempty"`
-	Config   TunnelConfiguration `json:"config,omitempty"`
-	Version  int                 `json:"version,omitempty"`
-}
-
-// TunnelConfigurationResponse is used for representing the API response payload
-// for a single tunnel.
-type TunnelConfigurationResponse struct {
-	Result TunnelConfigurationResult `json:"result"`
-	Response
-}
-
-// TunnelTokenResponse is  the API response for a tunnel token.
-type TunnelTokenResponse struct {
-	Result string `json:"result"`
-	Response
-}
-
-type TunnelCreateParams struct {
-	Name      string `json:"name,omitempty"`
-	Secret    string `json:"tunnel_secret,omitempty"`
-	ConfigSrc string `json:"config_src,omitempty"`
-}
-
-type TunnelUpdateParams struct {
-	Name   string `json:"name,omitempty"`
-	Secret string `json:"tunnel_secret,omitempty"`
-}
-
-type UnvalidatedIngressRule struct {
-	Hostname      string               `json:"hostname,omitempty"`
-	Path          string               `json:"path,omitempty"`
-	Service       string               `json:"service,omitempty"`
-	OriginRequest *OriginRequestConfig `json:"originRequest,omitempty"`
-}
-
-// OriginRequestConfig is a set of optional fields that users may set to
-// customize how cloudflared sends requests to origin services. It is used to set
-// up general config that apply to all rules, and also, specific per-rule
-// config.
-type OriginRequestConfig struct {
-	// HTTP proxy timeout for establishing a new connection
-	ConnectTimeout *TunnelDuration `json:"connectTimeout,omitempty"`
-	// HTTP proxy timeout for completing a TLS handshake
-	TLSTimeout *TunnelDuration `json:"tlsTimeout,omitempty"`
-	// HTTP proxy TCP keepalive duration
-	TCPKeepAlive *TunnelDuration `json:"tcpKeepAlive,omitempty"`
-	// HTTP proxy should disable "happy eyeballs" for IPv4/v6 fallback
-	NoHappyEyeballs *bool `json:"noHappyEyeballs,omitempty"`
-	// HTTP proxy maximum keepalive connection pool size
-	KeepAliveConnections *int `json:"keepAliveConnections,omitempty"`
-	// HTTP proxy timeout for closing an idle connection
-	KeepAliveTimeout *TunnelDuration `json:"keepAliveTimeout,omitempty"`
-	// Sets the HTTP Host header for the local webserver.
-	HTTPHostHeader *string `json:"httpHostHeader,omitempty"`
-	// Hostname on the origin server certificate.
-	OriginServerName *string `json:"originServerName,omitempty"`
-	// Path to the CA for the certificate of your origin.
-	// This option should be used only if your certificate is not signed by Cloudflare.
-	CAPool *string `json:"caPool,omitempty"`
-	// Disables TLS verification of the certificate presented by your origin.
-	// Will allow any certificate from the origin to be accepted.
-	// Note: The connection from your machine to Cloudflare's Edge is still encrypted.
-	NoTLSVerify *bool `json:"noTLSVerify,omitempty"`
-	// Disables chunked transfer encoding.
-	// Useful if you are running a WSGI server.
-	DisableChunkedEncoding *bool `json:"disableChunkedEncoding,omitempty"`
-	// Runs as jump host
-	BastionMode *bool `json:"bastionMode,omitempty"`
-	// Listen address for the proxy.
-	ProxyAddress *string `json:"proxyAddress,omitempty"`
-	// Listen port for the proxy.
-	ProxyPort *uint `json:"proxyPort,omitempty"`
-	// Valid options are 'socks' or empty.
-	ProxyType *string `json:"proxyType,omitempty"`
-	// IP rules for the proxy service
-	IPRules []IngressIPRule `json:"ipRules,omitempty"`
-	// Attempt to connect to origin with HTTP/2
-	Http2Origin *bool `json:"http2Origin,omitempty"`
-	// Access holds all access related configs
-	Access *AccessConfig `json:"access,omitempty"`
-}
-
-type AccessConfig struct {
-	// Required when set to true will fail every request that does not arrive
-	// through an access authenticated endpoint.
-	Required bool `yaml:"required" json:"required,omitempty"`
-	// TeamName is the organization team name to get the public key certificates for.
-	TeamName string `yaml:"teamName" json:"teamName"`
-	// AudTag is the AudTag to verify access JWT against.
-	AudTag []string `yaml:"audTag" json:"audTag"`
-}
-
-type IngressIPRule struct {
-	Prefix *string `json:"prefix,omitempty"`
-	Ports  []int   `json:"ports,omitempty"`
-	Allow  bool    `json:"allow,omitempty"`
-}
-
-type TunnelConfiguration struct {
-	Ingress       []UnvalidatedIngressRule `json:"ingress,omitempty"`
-	WarpRouting   *WarpRoutingConfig       `json:"warp-routing,omitempty"`
-	OriginRequest OriginRequestConfig      `json:"originRequest,omitempty"`
-}
-
-type WarpRoutingConfig struct {
-	Enabled bool `json:"enabled,omitempty"`
-}
-
-type TunnelConfigurationParams struct {
-	TunnelID string              `json:"-"`
-	Config   TunnelConfiguration `json:"config,omitempty"`
-}
-
-type TunnelListParams struct {
-	Name          string     `url:"name,omitempty"`
-	UUID          string     `url:"uuid,omitempty"` // the tunnel ID
-	IsDeleted     *bool      `url:"is_deleted,omitempty"`
-	ExistedAt     *time.Time `url:"existed_at,omitempty"`
-	IncludePrefix string     `url:"include_prefix,omitempty"`
-	ExcludePrefix string     `url:"exclude_prefix,omitempty"`
-
-	ResultInfo
-}
-
-// ListTunnels lists all tunnels.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-list-cloudflare-tunnels
-func (api *API) ListTunnels(ctx context.Context, rc *ResourceContainer, params TunnelListParams) ([]Tunnel, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []Tunnel{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = listTunnelsDefaultPageSize
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var records []Tunnel
-	var listResponse TunnelsDetailResponse
-
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []Tunnel{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &listResponse)
-		if err != nil {
-			return []Tunnel{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		records = append(records, listResponse.Result...)
-		params.ResultInfo = listResponse.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return records, &listResponse.ResultInfo, nil
-}
-
-// GetTunnel returns a single Argo tunnel.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-get-cloudflare-tunnel
-func (api *API) GetTunnel(ctx context.Context, rc *ResourceContainer, tunnelID string) (Tunnel, error) {
-	if rc.Identifier == "" {
-		return Tunnel{}, ErrMissingAccountID
-	}
-
-	if tunnelID == "" {
-		return Tunnel{}, errors.New("missing tunnel ID")
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", rc.Identifier, tunnelID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Tunnel{}, err
-	}
-
-	var argoDetailsResponse TunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// CreateTunnel creates a new tunnel for the account.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-create-cloudflare-tunnel
-func (api *API) CreateTunnel(ctx context.Context, rc *ResourceContainer, params TunnelCreateParams) (Tunnel, error) {
-	if rc.Identifier == "" {
-		return Tunnel{}, ErrMissingAccountID
-	}
-
-	if params.Name == "" {
-		return Tunnel{}, errors.New("missing tunnel name")
-	}
-
-	if params.Secret == "" {
-		return Tunnel{}, errors.New("missing tunnel secret")
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return Tunnel{}, err
-	}
-
-	var argoDetailsResponse TunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return argoDetailsResponse.Result, nil
-}
-
-// UpdateTunnel updates an existing tunnel for the account.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-update-cloudflare-tunnel
-func (api *API) UpdateTunnel(ctx context.Context, rc *ResourceContainer, params TunnelUpdateParams) (Tunnel, error) {
-	if rc.Identifier == "" {
-		return Tunnel{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel", rc.Identifier)
-
-	var tunnel Tunnel
-
-	if params.Name != "" {
-		tunnel.Name = params.Name
-	}
-
-	if params.Secret != "" {
-		tunnel.Secret = params.Secret
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, tunnel)
-	if err != nil {
-		return Tunnel{}, err
-	}
-
-	var argoDetailsResponse TunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return Tunnel{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return argoDetailsResponse.Result, nil
-}
-
-// UpdateTunnelConfiguration updates an existing tunnel for the account.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-configuration-properties
-func (api *API) UpdateTunnelConfiguration(ctx context.Context, rc *ResourceContainer, params TunnelConfigurationParams) (TunnelConfigurationResult, error) {
-	if rc.Identifier == "" {
-		return TunnelConfigurationResult{}, ErrMissingAccountID
-	}
-
-	if params.TunnelID == "" {
-		return TunnelConfigurationResult{}, ErrMissingTunnelID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", rc.Identifier, params.TunnelID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return TunnelConfigurationResult{}, err
-	}
-
-	var tunnelDetailsResponse TunnelConfigurationResponse
-	err = json.Unmarshal(res, &tunnelDetailsResponse)
-	if err != nil {
-		return TunnelConfigurationResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	var tunnelDetails TunnelConfigurationResult
-
-	tunnelDetails.Config = tunnelDetailsResponse.Result.Config
-	tunnelDetails.TunnelID = tunnelDetailsResponse.Result.TunnelID
-	tunnelDetails.Version = tunnelDetailsResponse.Result.Version
-
-	return tunnelDetails, nil
-}
-
-// GetTunnelConfiguration updates an existing tunnel for the account.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-configuration-properties
-func (api *API) GetTunnelConfiguration(ctx context.Context, rc *ResourceContainer, tunnelID string) (TunnelConfigurationResult, error) {
-	if rc.Identifier == "" {
-		return TunnelConfigurationResult{}, ErrMissingAccountID
-	}
-
-	if tunnelID == "" {
-		return TunnelConfigurationResult{}, ErrMissingTunnelID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", rc.Identifier, tunnelID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TunnelConfigurationResult{}, err
-	}
-
-	var tunnelDetailsResponse TunnelConfigurationResponse
-	err = json.Unmarshal(res, &tunnelDetailsResponse)
-	if err != nil {
-		return TunnelConfigurationResult{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	var tunnelDetails TunnelConfigurationResult
-
-	tunnelDetails.Config = tunnelDetailsResponse.Result.Config
-	tunnelDetails.TunnelID = tunnelDetailsResponse.Result.TunnelID
-	tunnelDetails.Version = tunnelDetailsResponse.Result.Version
-
-	return tunnelDetails, nil
-}
-
-// ListTunnelConnections gets all connections on a tunnel.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-list-cloudflare-tunnel-connections
-func (api *API) ListTunnelConnections(ctx context.Context, rc *ResourceContainer, tunnelID string) ([]Connection, error) {
-	if rc.Identifier == "" {
-		return []Connection{}, ErrMissingAccountID
-	}
-
-	if tunnelID == "" {
-		return []Connection{}, ErrMissingTunnelID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", rc.Identifier, tunnelID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Connection{}, err
-	}
-
-	var argoDetailsResponse TunnelConnectionResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return []Connection{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return argoDetailsResponse.Result, nil
-}
-
-// DeleteTunnel removes a single Argo tunnel.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-delete-cloudflare-tunnel
-func (api *API) DeleteTunnel(ctx context.Context, rc *ResourceContainer, tunnelID string) error {
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", rc.Identifier, tunnelID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var argoDetailsResponse TunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// CleanupTunnelConnections deletes any inactive connections on a tunnel.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-clean-up-cloudflare-tunnel-connections
-func (api *API) CleanupTunnelConnections(ctx context.Context, rc *ResourceContainer, tunnelID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if tunnelID == "" {
-		return errors.New("missing tunnel ID")
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", rc.Identifier, tunnelID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var argoDetailsResponse TunnelDetailResponse
-	err = json.Unmarshal(res, &argoDetailsResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// GetTunnelToken that allows to run a tunnel.
-//
-// API reference: https://api.cloudflare.com/#cloudflare-tunnel-get-cloudflare-tunnel-token
-func (api *API) GetTunnelToken(ctx context.Context, rc *ResourceContainer, tunnelID string) (string, error) {
-	if rc.Identifier == "" {
-		return "", ErrMissingAccountID
-	}
-
-	if tunnelID == "" {
-		return "", errors.New("missing tunnel ID")
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/token", rc.Identifier, tunnelID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return "", err
-	}
-
-	var tunnelTokenResponse TunnelTokenResponse
-	err = json.Unmarshal(res, &tunnelTokenResponse)
-	if err != nil {
-		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return tunnelTokenResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/tunnel_routes.go b/pkg/cloudflare-go/tunnel_routes.go
deleted file mode 100644
index c67925eba9..0000000000
--- a/pkg/cloudflare-go/tunnel_routes.go
+++ /dev/null
@@ -1,214 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingNetwork      = errors.New("missing required network parameter")
-	ErrInvalidNetworkValue = errors.New("invalid IP parameter. Cannot use CIDR ranges for this endpoint.")
-)
-
-// TunnelRoute is the full record for a route.
-type TunnelRoute struct {
-	Network          string     `json:"network"`
-	TunnelID         string     `json:"tunnel_id"`
-	TunnelName       string     `json:"tunnel_name"`
-	Comment          string     `json:"comment"`
-	CreatedAt        *time.Time `json:"created_at"`
-	DeletedAt        *time.Time `json:"deleted_at"`
-	VirtualNetworkID string     `json:"virtual_network_id"`
-}
-
-type TunnelRoutesListParams struct {
-	TunnelID         string     `url:"tunnel_id,omitempty"`
-	Comment          string     `url:"comment,omitempty"`
-	IsDeleted        *bool      `url:"is_deleted,omitempty"`
-	NetworkSubset    string     `url:"network_subset,omitempty"`
-	NetworkSuperset  string     `url:"network_superset,omitempty"`
-	ExistedAt        *time.Time `url:"existed_at,omitempty"`
-	VirtualNetworkID string     `url:"virtual_network_id,omitempty"`
-	PaginationOptions
-}
-
-type TunnelRoutesCreateParams struct {
-	Network          string `json:"-"`
-	TunnelID         string `json:"tunnel_id"`
-	Comment          string `json:"comment,omitempty"`
-	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
-}
-
-type TunnelRoutesUpdateParams struct {
-	Network          string `json:"network"`
-	TunnelID         string `json:"tunnel_id"`
-	Comment          string `json:"comment,omitempty"`
-	VirtualNetworkID string `json:"virtual_network_id,omitempty"`
-}
-
-type TunnelRoutesForIPParams struct {
-	Network          string `url:"-"`
-	VirtualNetworkID string `url:"virtual_network_id,omitempty"`
-}
-
-type TunnelRoutesDeleteParams struct {
-	Network          string `url:"-"`
-	VirtualNetworkID string `url:"virtual_network_id,omitempty"`
-}
-
-// tunnelRouteListResponse is the API response for listing tunnel routes.
-type tunnelRouteListResponse struct {
-	Response
-	Result []TunnelRoute `json:"result"`
-}
-
-type tunnelRouteResponse struct {
-	Response
-	Result TunnelRoute `json:"result"`
-}
-
-// ListTunnelRoutes lists all defined routes for tunnels in the account.
-//
-// See: https://api.cloudflare.com/#tunnel-route-list-tunnel-routes
-func (api *API) ListTunnelRoutes(ctx context.Context, rc *ResourceContainer, params TunnelRoutesListParams) ([]TunnelRoute, error) {
-	if rc.Identifier == "" {
-		return []TunnelRoute{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/routes", AccountRouteRoot, rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []TunnelRoute{}, err
-	}
-
-	var resp tunnelRouteListResponse
-	err = json.Unmarshal(res, &resp)
-	if err != nil {
-		return []TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return resp.Result, nil
-}
-
-// GetTunnelRouteForIP finds the Tunnel Route that encompasses the given IP.
-//
-// See: https://api.cloudflare.com/#tunnel-route-get-tunnel-route-by-ip
-func (api *API) GetTunnelRouteForIP(ctx context.Context, rc *ResourceContainer, params TunnelRoutesForIPParams) (TunnelRoute, error) {
-	if rc.Identifier == "" {
-		return TunnelRoute{}, ErrMissingAccountID
-	}
-
-	if params.Network == "" {
-		return TunnelRoute{}, ErrMissingNetwork
-	}
-
-	if strings.Contains(params.Network, "/") {
-		return TunnelRoute{}, ErrInvalidNetworkValue
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/routes/ip/%s", AccountRouteRoot, rc.Identifier, params.Network), params)
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TunnelRoute{}, err
-	}
-
-	var routeResponse tunnelRouteResponse
-	err = json.Unmarshal(responseBody, &routeResponse)
-	if err != nil {
-		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return routeResponse.Result, nil
-}
-
-// CreateTunnelRoute add a new route to the account routing table for the given
-// tunnel.
-//
-// See: https://api.cloudflare.com/#tunnel-route-create-route
-func (api *API) CreateTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesCreateParams) (TunnelRoute, error) {
-	if rc.Identifier == "" {
-		return TunnelRoute{}, ErrMissingAccountID
-	}
-
-	if params.Network == "" {
-		return TunnelRoute{}, ErrMissingNetwork
-	}
-
-	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network))
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return TunnelRoute{}, err
-	}
-
-	var routeResponse tunnelRouteResponse
-	err = json.Unmarshal(responseBody, &routeResponse)
-	if err != nil {
-		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return routeResponse.Result, nil
-}
-
-// DeleteTunnelRoute delete an existing route from the account routing table.
-//
-// See: https://api.cloudflare.com/#tunnel-route-delete-route
-func (api *API) DeleteTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesDeleteParams) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if params.Network == "" {
-		return ErrMissingNetwork
-	}
-
-	// Cannot fully utilize buildURI here because it tries to escape "%" sign
-	// from the already escaped "/" sign from Network field.
-	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network), buildURI("", params))
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var routeResponse tunnelRouteResponse
-	err = json.Unmarshal(responseBody, &routeResponse)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// UpdateTunnelRoute updates an existing route in the account routing table for
-// the given tunnel.
-//
-// See: https://api.cloudflare.com/#tunnel-route-update-route
-func (api *API) UpdateTunnelRoute(ctx context.Context, rc *ResourceContainer, params TunnelRoutesUpdateParams) (TunnelRoute, error) {
-	if rc.Identifier == "" {
-		return TunnelRoute{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/teamnet/routes/network/%s", AccountRouteRoot, rc.Identifier, url.PathEscape(params.Network))
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return TunnelRoute{}, err
-	}
-
-	var routeResponse tunnelRouteResponse
-	err = json.Unmarshal(responseBody, &routeResponse)
-	if err != nil {
-		return TunnelRoute{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return routeResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/tunnel_routes_test.go b/pkg/cloudflare-go/tunnel_routes_test.go
deleted file mode 100644
index b9583bd115..0000000000
--- a/pkg/cloudflare-go/tunnel_routes_test.go
+++ /dev/null
@@ -1,222 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListTunnelRoutes(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-			    "network": "ff01::/32",
-				"tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-				"tunnel_name": "blog",
-				"comment": "Example comment for this route",
-				"created_at": "2021-01-25T18:22:34.317854Z",
-				"deleted_at": "2021-01-25T18:22:34.317854Z",
-				"virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
-              }
-            ]
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes", handler)
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := []TunnelRoute{
-		{
-			"ff01::/32",
-			"f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			"blog",
-			"Example comment for this route",
-			&ts,
-			&ts,
-			"9f322de4-5988-4945-b770-f1d6ac200f86",
-		},
-	}
-
-	params := TunnelRoutesListParams{}
-	got, err := client.ListTunnelRoutes(context.Background(), AccountIdentifier(testAccountID), params)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestTunnelRouteForIP(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "network": "ff01::/32",
-			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "tunnel_name": "blog",
-			  "comment": "Example comment for this route",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z",
-			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
-            }
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/ip/10.1.0.137", handler)
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := TunnelRoute{
-		Network:          "ff01::/32",
-		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		TunnelName:       "blog",
-		Comment:          "Example comment for this route",
-		CreatedAt:        &ts,
-		DeletedAt:        &ts,
-		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
-	}
-
-	got, err := client.GetTunnelRouteForIP(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesForIPParams{Network: "10.1.0.137"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestCreateTunnelRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "network": "10.0.0.0/16",
-			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "tunnel_name": "blog",
-			  "comment": "Example comment for this route",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z",
-			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
-            }
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := TunnelRoute{
-		Network:          "10.0.0.0/16",
-		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		TunnelName:       "blog",
-		Comment:          "Example comment for this route",
-		CreatedAt:        &ts,
-		DeletedAt:        &ts,
-		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
-	}
-
-	tunnel, err := client.CreateTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesCreateParams{TunnelID: testTunnelID, Network: "10.0.0.0/16", Comment: "foo", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, tunnel)
-	}
-}
-
-func TestUpdateTunnelRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		_, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "network": "10.0.0.0/16",
-			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "tunnel_name": "blog",
-			  "comment": "Example comment for this route",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z",
-			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
-            }
-          }`)
-	}
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := TunnelRoute{
-		Network:          "10.0.0.0/16",
-		TunnelID:         "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		TunnelName:       "blog",
-		Comment:          "Example comment for this route",
-		CreatedAt:        &ts,
-		DeletedAt:        &ts,
-		VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86",
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
-	tunnel, err := client.UpdateTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesUpdateParams{TunnelID: testTunnelID, Network: "10.0.0.0/16", Comment: "foo", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, tunnel)
-	}
-}
-
-func TestDeleteTunnelRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "network": "ff01::/32",
-			  "tunnel_id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "tunnel_name": "blog",
-			  "comment": "Example comment for this route",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z",
-			  "virtual_network_id": "9f322de4-5988-4945-b770-f1d6ac200f86"
-            }
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/routes/network/10.0.0.0/16", handler)
-	err := client.DeleteTunnelRoute(context.Background(), AccountIdentifier(testAccountID), TunnelRoutesDeleteParams{Network: "10.0.0.0/16", VirtualNetworkID: "9f322de4-5988-4945-b770-f1d6ac200f86"})
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/tunnel_test.go b/pkg/cloudflare-go/tunnel_test.go
deleted file mode 100644
index da912ccf4b..0000000000
--- a/pkg/cloudflare-go/tunnel_test.go
+++ /dev/null
@@ -1,410 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListTunnels(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "multiple_full"))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := []Tunnel{{
-		ID:        testTunnelID,
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []TunnelConnection{{
-			ColoName:           "DFW",
-			ID:                 testTunnelID,
-			IsPendingReconnect: false,
-			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-			ClientVersion:      "2022.2.0",
-			OpenedAt:           "2021-01-25T18:22:34.317854Z",
-			OriginIP:           "198.51.100.1",
-		}},
-	}}
-
-	actual, _, err := client.ListTunnels(context.Background(), AccountIdentifier(testAccountID), TunnelListParams{UUID: testTunnelID})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListTunnelsPagination(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		qry, _ := url.Parse(r.RequestURI)
-		assert.Equal(t, "blog", qry.Query().Get("name"))
-		assert.Equal(t, "2", qry.Query().Get("page"))
-		assert.Equal(t, "1", qry.Query().Get("per_page"))
-		fmt.Fprint(w, loadFixture("tunnel", "multiple_full"))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := []Tunnel{
-		{
-			ID:        testTunnelID,
-			Name:      "blog",
-			CreatedAt: &createdAt,
-			DeletedAt: &deletedAt,
-			Connections: []TunnelConnection{{
-				ColoName:           "DFW",
-				ID:                 testTunnelID,
-				IsPendingReconnect: false,
-				ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-				ClientVersion:      "2022.2.0",
-				OpenedAt:           "2021-01-25T18:22:34.317854Z",
-				OriginIP:           "198.51.100.1",
-			}},
-		},
-	}
-
-	actual, _, err := client.ListTunnels(context.Background(), AccountIdentifier(testAccountID),
-		TunnelListParams{
-			Name: "blog",
-			ResultInfo: ResultInfo{
-				Page:    2,
-				PerPage: 1,
-			},
-		})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel/"+testTunnelID, handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := Tunnel{
-		ID:        testTunnelID,
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []TunnelConnection{{
-			ColoName:           "DFW",
-			ID:                 testTunnelID,
-			IsPendingReconnect: false,
-			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-			ClientVersion:      "2022.2.0",
-			OpenedAt:           "2021-01-25T18:22:34.317854Z",
-			OriginIP:           "198.51.100.1",
-		}},
-		TunnelType:   "cfd_tunnel",
-		Status:       "healthy",
-		RemoteConfig: true,
-	}
-
-	actual, err := client.GetTunnel(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/cfd_tunnel", handler)
-
-	createdAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	deletedAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := Tunnel{
-		ID:        testTunnelID,
-		Name:      "blog",
-		CreatedAt: &createdAt,
-		DeletedAt: &deletedAt,
-		Connections: []TunnelConnection{{
-			ColoName:           "DFW",
-			ID:                 testTunnelID,
-			IsPendingReconnect: false,
-			ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-			ClientVersion:      "2022.2.0",
-			OpenedAt:           "2021-01-25T18:22:34.317854Z",
-			OriginIP:           "198.51.100.1",
-		}},
-		TunnelType:   "cfd_tunnel",
-		Status:       "healthy",
-		RemoteConfig: true,
-	}
-
-	actual, err := client.CreateTunnel(context.Background(), AccountIdentifier(testAccountID), TunnelCreateParams{Name: "blog", Secret: "notarealsecret", ConfigSrc: "cloudflare"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateTunnelConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method '%s', got %s", http.MethodPut, r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "configuration"))
-	}
-
-	timeout, _ := time.ParseDuration("10s")
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", testAccountID, testTunnelID), handler)
-	want := TunnelConfigurationResult{
-		TunnelID: testTunnelID,
-		Version:  5,
-		Config: TunnelConfiguration{
-			Ingress: []UnvalidatedIngressRule{
-				{
-					Hostname: "test.example.com",
-					Service:  "https://localhost:8000",
-					OriginRequest: &OriginRequestConfig{
-						NoTLSVerify: BoolPtr(true),
-					},
-				},
-				{
-					Service: "http_status:404",
-				},
-			},
-			WarpRouting: &WarpRoutingConfig{
-				Enabled: true,
-			},
-			OriginRequest: OriginRequestConfig{
-				ConnectTimeout: &TunnelDuration{timeout},
-			},
-		}}
-
-	actual, err := client.UpdateTunnelConfiguration(context.Background(), AccountIdentifier(testAccountID), TunnelConfigurationParams{
-		TunnelID: testTunnelID,
-		Config: TunnelConfiguration{
-			Ingress: []UnvalidatedIngressRule{
-				{
-					Hostname: "test.example.com",
-					Service:  "https://localhost:8000",
-					OriginRequest: &OriginRequestConfig{
-						NoTLSVerify: BoolPtr(true),
-					},
-				},
-				{
-					Service: "http_status:404",
-				},
-			},
-			WarpRouting: &WarpRoutingConfig{
-				Enabled: true,
-			},
-			OriginRequest: OriginRequestConfig{
-				ConnectTimeout: &TunnelDuration{10},
-			},
-		},
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestGetTunnelConfiguration(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method '%s', got %s", http.MethodGet, r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "configuration"))
-	}
-
-	timeout, _ := time.ParseDuration("10s")
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/configurations", testAccountID, testTunnelID), handler)
-	want := TunnelConfigurationResult{
-		TunnelID: testTunnelID,
-		Version:  5,
-		Config: TunnelConfiguration{
-			Ingress: []UnvalidatedIngressRule{
-				{
-					Hostname: "test.example.com",
-					Service:  "https://localhost:8000",
-					OriginRequest: &OriginRequestConfig{
-						NoTLSVerify: BoolPtr(true),
-					},
-				},
-				{
-					Service: "http_status:404",
-				},
-			},
-			WarpRouting: &WarpRoutingConfig{
-				Enabled: true,
-			},
-			OriginRequest: OriginRequestConfig{
-				ConnectTimeout: &TunnelDuration{timeout},
-			},
-		}}
-
-	actual, err := client.GetTunnelConfiguration(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestTunnelConnections(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success":true,
-			"errors":[],
-			"messages":[],
-			"result":[{
-				"id":"dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-				"features": [
-					"allow_remote_config",
-					"serialized_headers",
-					"ha-origin"
-				],
-				"version": "2022.2.0",
-            	"arch": "linux_amd64",
-				"config_version": 15,
-				"run_at":"2009-11-10T23:00:00Z",
-				"conns": [
-					{
-						"colo_name": "DFW",
-						"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
-						"is_pending_reconnect": false,
-						"client_id": "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-						"client_version": "2022.2.0",
-						"opened_at": "2021-01-25T18:22:34.317854Z",
-						"origin_ip": "198.51.100.1"
-					}
-				]
-			}]
-		}
-		`)
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", testAccountID, testTunnelID), handler)
-
-	runAt, _ := time.Parse(time.RFC3339, "2009-11-10T23:00:00Z")
-	want := []Connection{
-		{
-			ID: "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-			Features: []string{
-				"allow_remote_config",
-				"serialized_headers",
-				"ha-origin",
-			},
-			Version: "2022.2.0",
-			Arch:    "linux_amd64",
-			RunAt:   &runAt,
-			Connections: []TunnelConnection{{
-				ColoName:           "DFW",
-				ID:                 testTunnelID,
-				IsPendingReconnect: false,
-				ClientID:           "dc6472cc-f1ae-44a0-b795-6b8a0ce29f90",
-				ClientVersion:      "2022.2.0",
-				OpenedAt:           "2021-01-25T18:22:34.317854Z",
-				OriginIP:           "198.51.100.1",
-			}},
-			ConfigVersion: 15,
-		},
-	}
-
-	actual, err := client.ListTunnelConnections(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteTunnel(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "single_full"))
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s", testAccountID, testTunnelID), handler)
-
-	err := client.DeleteTunnel(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-	assert.NoError(t, err)
-}
-
-func TestCleanupTunnelConnections(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "empty"))
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/connections", testAccountID, testTunnelID), handler)
-
-	err := client.CleanupTunnelConnections(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-	assert.NoError(t, err)
-}
-
-func TestTunnelToken(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, loadFixture("tunnel", "token"))
-	}
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/cfd_tunnel/%s/token", testAccountID, testTunnelID), handler)
-
-	token, err := client.GetTunnelToken(context.Background(), AccountIdentifier(testAccountID), testTunnelID)
-	assert.NoError(t, err)
-	assert.Equal(t, "ZHNraGdhc2RraGFza2hqZGFza2poZGFza2poYXNrZGpoYWtzamRoa2FzZGpoa2FzamRoa2Rhc2po\na2FzamRoa2FqCg==", token)
-}
diff --git a/pkg/cloudflare-go/tunnel_virtual_networks.go b/pkg/cloudflare-go/tunnel_virtual_networks.go
deleted file mode 100644
index 26a6875ac1..0000000000
--- a/pkg/cloudflare-go/tunnel_virtual_networks.go
+++ /dev/null
@@ -1,159 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingVnetName = errors.New("required missing virtual network name")
-
-// TunnelVirtualNetwork is segregation of Tunnel IP Routes via Virtualized
-// Networks to handle overlapping private IPs in your origins.
-type TunnelVirtualNetwork struct {
-	ID               string     `json:"id"`
-	Name             string     `json:"name"`
-	IsDefaultNetwork bool       `json:"is_default_network"`
-	Comment          string     `json:"comment"`
-	CreatedAt        *time.Time `json:"created_at"`
-	DeletedAt        *time.Time `json:"deleted_at"`
-}
-
-type TunnelVirtualNetworksListParams struct {
-	ID        string `url:"id,omitempty"`
-	Name      string `url:"name,omitempty"`
-	IsDefault *bool  `url:"is_default,omitempty"`
-	IsDeleted *bool  `url:"is_deleted,omitempty"`
-
-	PaginationOptions
-}
-
-type TunnelVirtualNetworkCreateParams struct {
-	Name      string `json:"name"`
-	Comment   string `json:"comment"`
-	IsDefault bool   `json:"is_default"`
-}
-
-type TunnelVirtualNetworkUpdateParams struct {
-	VnetID           string `json:"-"`
-	Name             string `json:"name,omitempty"`
-	Comment          string `json:"comment,omitempty"`
-	IsDefaultNetwork *bool  `json:"is_default_network,omitempty"`
-}
-
-// tunnelRouteListResponse is the API response for listing tunnel virtual
-// networks.
-type tunnelVirtualNetworkListResponse struct {
-	Response
-	Result []TunnelVirtualNetwork `json:"result"`
-}
-
-type tunnelVirtualNetworkResponse struct {
-	Response
-	Result TunnelVirtualNetwork `json:"result"`
-}
-
-// ListTunnelVirtualNetworks lists all defined virtual networks for tunnels in
-// the account.
-//
-// API reference: https://api.cloudflare.com/#tunnel-virtual-network-list-virtual-networks
-func (api *API) ListTunnelVirtualNetworks(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworksListParams) ([]TunnelVirtualNetwork, error) {
-	if rc.Identifier == "" {
-		return []TunnelVirtualNetwork{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/%s/%s/teamnet/virtual_networks", AccountRouteRoot, rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
-	if err != nil {
-		return []TunnelVirtualNetwork{}, err
-	}
-
-	var resp tunnelVirtualNetworkListResponse
-	err = json.Unmarshal(res, &resp)
-	if err != nil {
-		return []TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return resp.Result, nil
-}
-
-// CreateTunnelVirtualNetwork adds a new virtual network to the account.
-//
-// API reference: https://api.cloudflare.com/#tunnel-virtual-network-create-virtual-network
-func (api *API) CreateTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworkCreateParams) (TunnelVirtualNetwork, error) {
-	if rc.Identifier == "" {
-		return TunnelVirtualNetwork{}, ErrMissingAccountID
-	}
-
-	if params.Name == "" {
-		return TunnelVirtualNetwork{}, ErrMissingVnetName
-	}
-
-	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks", AccountRouteRoot, rc.Identifier)
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return TunnelVirtualNetwork{}, err
-	}
-
-	var resp tunnelVirtualNetworkResponse
-	err = json.Unmarshal(responseBody, &resp)
-	if err != nil {
-		return TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return resp.Result, nil
-}
-
-// DeleteTunnelVirtualNetwork deletes an existing virtual network from the
-// account.
-//
-// API reference: https://api.cloudflare.com/#tunnel-virtual-network-delete-virtual-network
-func (api *API) DeleteTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, vnetID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks/%s", AccountRouteRoot, rc.Identifier, vnetID)
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var resp tunnelVirtualNetworkResponse
-	err = json.Unmarshal(responseBody, &resp)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// UpdateTunnelRoute updates an existing virtual network in the account.
-//
-// API reference: https://api.cloudflare.com/#tunnel-virtual-network-update-virtual-network
-func (api *API) UpdateTunnelVirtualNetwork(ctx context.Context, rc *ResourceContainer, params TunnelVirtualNetworkUpdateParams) (TunnelVirtualNetwork, error) {
-	if rc.Identifier == "" {
-		return TunnelVirtualNetwork{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/%s/%s/teamnet/virtual_networks/%s", AccountRouteRoot, rc.Identifier, params.VnetID)
-
-	responseBody, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return TunnelVirtualNetwork{}, err
-	}
-
-	var resp tunnelVirtualNetworkResponse
-	err = json.Unmarshal(responseBody, &resp)
-	if err != nil {
-		return TunnelVirtualNetwork{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return resp.Result, nil
-}
diff --git a/pkg/cloudflare-go/tunnel_virtual_networks_test.go b/pkg/cloudflare-go/tunnel_virtual_networks_test.go
deleted file mode 100644
index 2e6affdd23..0000000000
--- a/pkg/cloudflare-go/tunnel_virtual_networks_test.go
+++ /dev/null
@@ -1,185 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestTunnelVirtualNetworks(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-			  {
-			    "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-				"name": "us-east-1-vpc",
-				"is_default_network": true,
-				"comment": "Staging VPC for data science",
-				"created_at": "2021-01-25T18:22:34.317854Z",
-				"deleted_at": "2021-01-25T18:22:34.317854Z"
-              }
-            ]
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks", handler)
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-
-	want := []TunnelVirtualNetwork{
-		{
-			ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			Name:             "us-east-1-vpc",
-			IsDefaultNetwork: true,
-			Comment:          "Staging VPC for data science",
-			CreatedAt:        &ts,
-			DeletedAt:        &ts,
-		},
-	}
-
-	got, err := client.ListTunnelVirtualNetworks(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworksListParams{})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestCreateTunnelVirtualNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "name": "us-east-1-vpc",
-			  "is_default_network": true,
-			  "comment": "Staging VPC for data science",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z"
-            }
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks", handler)
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := TunnelVirtualNetwork{
-		ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		Name:             "us-east-1-vpc",
-		IsDefaultNetwork: true,
-		Comment:          "Staging VPC for data science",
-		CreatedAt:        &ts,
-		DeletedAt:        &ts,
-	}
-
-	tunnel, err := client.CreateTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworkCreateParams{
-		Name:      "us-east-1-vpc",
-		IsDefault: true,
-		Comment:   "Staging VPC for data science",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, tunnel)
-	}
-}
-
-func TestUpdateTunnelVirtualNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		_, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "name": "us-east-1-vpc",
-			  "is_default_network": true,
-			  "comment": "Staging VPC for data science",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z"
-            }
-          }`)
-	}
-
-	ts, _ := time.Parse(time.RFC3339Nano, "2021-01-25T18:22:34.317854Z")
-	want := TunnelVirtualNetwork{
-		ID:               "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		Name:             "us-east-1-vpc",
-		IsDefaultNetwork: true,
-		Comment:          "Staging VPC for data science",
-		CreatedAt:        &ts,
-		DeletedAt:        &ts,
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks/f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", handler)
-
-	tunnel, err := client.UpdateTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), TunnelVirtualNetworkUpdateParams{
-		VnetID:           "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-		Name:             "us-east-1-vpc",
-		IsDefaultNetwork: BoolPtr(true),
-		Comment:          "Staging VPC for data science",
-	})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, tunnel)
-	}
-}
-
-func TestDeleteTunnelVirtualNetwork(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-			  "name": "us-east-1-vpc",
-			  "is_default_network": true,
-			  "comment": "Staging VPC for data science",
-			  "created_at": "2021-01-25T18:22:34.317854Z",
-			  "deleted_at": "2021-01-25T18:22:34.317854Z"
-            }
-          }`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/teamnet/virtual_networks/f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", handler)
-
-	err := client.DeleteTunnelVirtualNetwork(context.Background(), AccountIdentifier(testAccountID), "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/turnstile.go b/pkg/cloudflare-go/turnstile.go
deleted file mode 100644
index 5bc9273cd9..0000000000
--- a/pkg/cloudflare-go/turnstile.go
+++ /dev/null
@@ -1,245 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingSiteKey = errors.New("required site key missing")
-
-type TurnstileWidget struct {
-	SiteKey      string     `json:"sitekey,omitempty"`
-	Secret       string     `json:"secret,omitempty"`
-	CreatedOn    *time.Time `json:"created_on,omitempty"`
-	ModifiedOn   *time.Time `json:"modified_on,omitempty"`
-	Name         string     `json:"name,omitempty"`
-	Domains      []string   `json:"domains,omitempty"`
-	Mode         string     `json:"mode,omitempty"`
-	BotFightMode bool       `json:"bot_fight_mode,omitempty"`
-	Region       string     `json:"region,omitempty"`
-	OffLabel     bool       `json:"offlabel,omitempty"`
-}
-
-type CreateTurnstileWidgetParams struct {
-	Name         string   `json:"name,omitempty"`
-	Domains      []string `json:"domains,omitempty"`
-	Mode         string   `json:"mode,omitempty"`
-	BotFightMode bool     `json:"bot_fight_mode,omitempty"`
-	Region       string   `json:"region,omitempty"`
-	OffLabel     bool     `json:"offlabel,omitempty"`
-}
-
-type UpdateTurnstileWidgetParams struct {
-	SiteKey      string   `json:"-"`
-	Name         string   `json:"name,omitempty"`
-	Domains      []string `json:"domains,omitempty"`
-	Mode         string   `json:"mode,omitempty"`
-	BotFightMode bool     `json:"bot_fight_mode,omitempty"`
-	Region       string   `json:"region,omitempty"`
-	OffLabel     bool     `json:"offlabel,omitempty"`
-}
-
-type TurnstileWidgetResponse struct {
-	Response
-	Result TurnstileWidget `json:"result"`
-}
-
-type ListTurnstileWidgetParams struct {
-	ResultInfo
-	Direction string         `url:"direction,omitempty"`
-	Order     OrderDirection `url:"order,omitempty"`
-}
-
-type ListTurnstileWidgetResponse struct {
-	Response
-	ResultInfo `json:"result_info"`
-	Result     []TurnstileWidget `json:"result"`
-}
-
-type RotateTurnstileWidgetParams struct {
-	SiteKey               string `json:"-"`
-	InvalidateImmediately bool   `json:"invalidate_immediately,omitempty"`
-}
-
-// CreateTurnstileWidget creates a new challenge widgets.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-properties
-func (api *API) CreateTurnstileWidget(ctx context.Context, rc *ResourceContainer, params CreateTurnstileWidgetParams) (TurnstileWidget, error) {
-	if rc.Identifier == "" {
-		return TurnstileWidget{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/challenges/widgets", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, "POST", uri, params)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r TurnstileWidgetResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// ListTurnstileWidgets lists challenge widgets.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-list-challenge-widgets
-func (api *API) ListTurnstileWidgets(ctx context.Context, rc *ResourceContainer, params ListTurnstileWidgetParams) ([]TurnstileWidget, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return []TurnstileWidget{}, &ResultInfo{}, ErrMissingAccountID
-	}
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = 25
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var widgets []TurnstileWidget
-	var r ListTurnstileWidgetResponse
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/challenges/widgets", rc.Identifier), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-		if err != nil {
-			return []TurnstileWidget{}, &ResultInfo{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-		}
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []TurnstileWidget{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		widgets = append(widgets, r.Result...)
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return widgets, &r.ResultInfo, nil
-}
-
-// GetTurnstileWidget shows a single challenge widget configuration.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-challenge-widget-details
-func (api *API) GetTurnstileWidget(ctx context.Context, rc *ResourceContainer, siteKey string) (TurnstileWidget, error) {
-	if rc.Identifier == "" {
-		return TurnstileWidget{}, ErrMissingAccountID
-	}
-
-	if siteKey == "" {
-		return TurnstileWidget{}, ErrMissingSiteKey
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, siteKey)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r TurnstileWidgetResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateTurnstileWidget update the configuration of a widget.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-update-a-challenge-widget
-func (api *API) UpdateTurnstileWidget(ctx context.Context, rc *ResourceContainer, params UpdateTurnstileWidgetParams) (TurnstileWidget, error) {
-	if rc.Identifier == "" {
-		return TurnstileWidget{}, ErrMissingAccountID
-	}
-
-	if params.SiteKey == "" {
-		return TurnstileWidget{}, ErrMissingSiteKey
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, params.SiteKey)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r TurnstileWidgetResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// RotateTurnstileWidget generates a new secret key for this widget. If
-// invalidate_immediately is set to false, the previous secret remains valid for
-// 2 hours.
-//
-// Note that secrets cannot be rotated again during the grace period.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-rotate-secret-for-a-challenge-widget
-func (api *API) RotateTurnstileWidget(ctx context.Context, rc *ResourceContainer, param RotateTurnstileWidgetParams) (TurnstileWidget, error) {
-	if rc.Identifier == "" {
-		return TurnstileWidget{}, ErrMissingAccountID
-	}
-	if param.SiteKey == "" {
-		return TurnstileWidget{}, ErrMissingSiteKey
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s/rotate_secret", rc.Identifier, param.SiteKey)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, param)
-
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r TurnstileWidgetResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return TurnstileWidget{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteTurnstileWidget delete a challenge widget.
-//
-// API reference: https://api.cloudflare.com/#challenge-widgets-delete-a-challenge-widget
-func (api *API) DeleteTurnstileWidget(ctx context.Context, rc *ResourceContainer, siteKey string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if siteKey == "" {
-		return ErrMissingSiteKey
-	}
-	uri := fmt.Sprintf("/accounts/%s/challenges/widgets/%s", rc.Identifier, siteKey)
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r TurnstileWidgetResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/turnstile_test.go b/pkg/cloudflare-go/turnstile_test.go
deleted file mode 100644
index 38e835514f..0000000000
--- a/pkg/cloudflare-go/turnstile_test.go
+++ /dev/null
@@ -1,334 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testTurnstileWidgetSiteKey = "0x4AAF00AAAABn0R22HWm-YUc"
-
-var (
-	turnstileWidgetCreatedOn, _  = time.Parse(time.RFC3339, "2014-01-01T05:20:00.123123Z")
-	turnstileWidgetModifiedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.123123Z")
-	expectedTurnstileWidget      = TurnstileWidget{
-		SiteKey:    "0x4AAF00AAAABn0R22HWm-YUc",
-		Secret:     "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-		CreatedOn:  &turnstileWidgetCreatedOn,
-		ModifiedOn: &turnstileWidgetModifiedOn,
-		Name:       "blog.cloudflare.com login form",
-		Domains: []string{
-			"203.0.113.1",
-			"cloudflare.com",
-			"blog.example.com",
-		},
-		Mode:         "invisible",
-		BotFightMode: true,
-		Region:       "world",
-		OffLabel:     false,
-	}
-)
-
-func TestTurnstileWidget_Create(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-			{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-				"sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-				"secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-				"created_on": "2014-01-01T05:20:00.123123Z",
-				"modified_on": "2014-01-01T05:20:00.123123Z",
-				"name": "blog.cloudflare.com login form",
-				"domains": [
-				  "203.0.113.1",
-				  "cloudflare.com",
-				  "blog.example.com"
-				],
-				"mode": "invisible",
-				"bot_fight_mode": true,
-				"region": "world",
-				"offlabel": false
-			  }
-			}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.CreateTurnstileWidget(context.Background(), AccountIdentifier(""), CreateTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	out, err := client.CreateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), CreateTurnstileWidgetParams{
-		Name:         "blog.cloudflare.com login form",
-		Mode:         "invisible",
-		BotFightMode: true,
-		Domains: []string{
-			"203.0.113.1",
-			"cloudflare.com",
-			"blog.example.com",
-		},
-		Region:   "world",
-		OffLabel: false,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedTurnstileWidget, out, "create challenge_widgets structs not equal")
-	}
-}
-
-func TestTurnstileWidget_List(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "asc", r.URL.Query().Get("order"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-      "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-      "created_on": "2014-01-01T05:20:00.123123Z",
-      "modified_on": "2014-01-01T05:20:00.123123Z",
-      "name": "blog.cloudflare.com login form",
-      "domains": [
-        "203.0.113.1",
-        "cloudflare.com",
-        "blog.example.com"
-      ],
-      "mode": "invisible",
-      "bot_fight_mode": true,
-	  "region": "world",
-	  "offlabel": false
-    }
-  ],
-  "result_info": {
-    "page": 1,
-    "per_page": 20,
-    "count": 1,
-    "total_count": 1
-  }
-}`)
-	})
-
-	_, _, err := client.ListTurnstileWidgets(context.Background(), AccountIdentifier(""), ListTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	out, results, err := client.ListTurnstileWidgets(context.Background(), AccountIdentifier(testAccountID), ListTurnstileWidgetParams{
-		Order: OrderDirectionAsc,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(out), "expected 1 challenge_widgets")
-		assert.Equal(t, 20, results.PerPage, "expected 20 per page")
-		assert.Equal(t, expectedTurnstileWidget, out[0], "list challenge_widgets structs not equal")
-	}
-}
-
-func TestTurnstileWidget_Get(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-    "created_on": "2014-01-01T05:20:00.123123Z",
-    "modified_on": "2014-01-01T05:20:00.123123Z",
-    "name": "blog.cloudflare.com login form",
-    "domains": [
-      "203.0.113.1",
-      "cloudflare.com",
-      "blog.example.com"
-    ],
-    "mode": "invisible",
-	"bot_fight_mode": true,
-	"region": "world",
-	"offlabel": false
-  }
-}`)
-	})
-
-	_, err := client.GetTurnstileWidget(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.GetTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingSiteKey, err)
-	}
-
-	out, err := client.GetTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), testTurnstileWidgetSiteKey)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedTurnstileWidget, out, "get challenge_widgets structs not equal")
-	}
-}
-
-func TestTurnstileWidgets_Update(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-    "created_on": "2014-01-01T05:20:00.123123Z",
-    "modified_on": "2014-01-01T05:20:00.123123Z",
-    "name": "blog.cloudflare.com login form",
-    "domains": [
-      "203.0.113.1",
-      "cloudflare.com",
-      "blog.example.com"
-    ],
-    "mode": "invisible",
-	"bot_fight_mode": true,
-	"region": "world",
-	"offlabel": false
-  }
-}`)
-	})
-
-	_, err := client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(""), UpdateTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), UpdateTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingSiteKey, err)
-	}
-
-	out, err := client.UpdateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), UpdateTurnstileWidgetParams{
-		SiteKey: testTurnstileWidgetSiteKey,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedTurnstileWidget, out, "update challenge_widgets structs not equal")
-	}
-}
-
-func TestTurnstileWidgets_RotateSecret(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey+"/rotate_secret", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-    "created_on": "2014-01-01T05:20:00.123123Z",
-    "modified_on": "2014-01-01T05:20:00.123123Z",
-    "name": "blog.cloudflare.com login form",
-    "domains": [
-      "203.0.113.1",
-      "cloudflare.com",
-      "blog.example.com"
-    ],
-    "mode": "invisible",
-	"bot_fight_mode": true,
-	"region": "world",
-	"offlabel": false
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	_, err := client.RotateTurnstileWidget(context.Background(), AccountIdentifier(""), RotateTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.RotateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), RotateTurnstileWidgetParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingSiteKey, err)
-	}
-
-	out, err := client.RotateTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), RotateTurnstileWidgetParams{SiteKey: testTurnstileWidgetSiteKey})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedTurnstileWidget, out, "rotate challenge_widgets structs not equal")
-	}
-}
-
-func TestTurnstileWidgets_Delete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/challenges/widgets/"+testTurnstileWidgetSiteKey, func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "sitekey": "0x4AAF00AAAABn0R22HWm-YUc",
-    "secret": "0x4AAF00AAAABn0R22HWm098HVBjhdsYUc",
-    "created_on": "2014-01-01T05:20:00.123123Z",
-    "modified_on": "2014-01-01T05:20:00.123123Z",
-    "name": "blog.cloudflare.com login form",
-    "domains": [
-      "203.0.113.1",
-      "cloudflare.com",
-      "blog.example.com"
-    ],
-    "mode": "invisible",
-	"bot_fight_mode": true,
-	"region": "world",
-	"offlabel": false
-  }
-}`)
-	})
-
-	// Make sure missing account ID is thrown
-	err := client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	err = client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingSiteKey, err)
-	}
-
-	err = client.DeleteTurnstileWidget(context.Background(), AccountIdentifier(testAccountID), testTurnstileWidgetSiteKey)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/universal_ssl.go b/pkg/cloudflare-go/universal_ssl.go
deleted file mode 100644
index a0b7a1bb94..0000000000
--- a/pkg/cloudflare-go/universal_ssl.go
+++ /dev/null
@@ -1,108 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// UniversalSSLSetting represents a universal ssl setting's properties.
-type UniversalSSLSetting struct {
-	Enabled bool `json:"enabled"`
-}
-
-type universalSSLSettingResponse struct {
-	Response
-	Result UniversalSSLSetting `json:"result"`
-}
-
-// UniversalSSLVerificationDetails represents a universal ssl verification's properties.
-type UniversalSSLVerificationDetails struct {
-	CertificateStatus  string                `json:"certificate_status"`
-	VerificationType   string                `json:"verification_type"`
-	ValidationMethod   string                `json:"validation_method"`
-	CertPackUUID       string                `json:"cert_pack_uuid"`
-	VerificationStatus bool                  `json:"verification_status"`
-	BrandCheck         bool                  `json:"brand_check"`
-	VerificationInfo   []SSLValidationRecord `json:"verification_info"`
-}
-
-type universalSSLVerificationResponse struct {
-	Response
-	Result []UniversalSSLVerificationDetails `json:"result"`
-}
-
-type UniversalSSLCertificatePackValidationMethodSetting struct {
-	ValidationMethod string `json:"validation_method"`
-}
-
-type universalSSLCertificatePackValidationMethodSettingResponse struct {
-	Response
-	Result UniversalSSLCertificatePackValidationMethodSetting `json:"result"`
-}
-
-// UniversalSSLSettingDetails returns the details for a universal ssl setting
-//
-// API reference: https://api.cloudflare.com/#universal-ssl-settings-for-a-zone-universal-ssl-settings-details
-func (api *API) UniversalSSLSettingDetails(ctx context.Context, zoneID string) (UniversalSSLSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/universal/settings", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return UniversalSSLSetting{}, err
-	}
-	var r universalSSLSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return UniversalSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// EditUniversalSSLSetting edits the universal ssl setting for a zone
-//
-// API reference: https://api.cloudflare.com/#universal-ssl-settings-for-a-zone-edit-universal-ssl-settings
-func (api *API) EditUniversalSSLSetting(ctx context.Context, zoneID string, setting UniversalSSLSetting) (UniversalSSLSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/universal/settings", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, setting)
-	if err != nil {
-		return UniversalSSLSetting{}, err
-	}
-	var r universalSSLSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return UniversalSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UniversalSSLVerificationDetails returns the details for a universal ssl verification
-//
-// API reference: https://api.cloudflare.com/#ssl-verification-ssl-verification-details
-func (api *API) UniversalSSLVerificationDetails(ctx context.Context, zoneID string) ([]UniversalSSLVerificationDetails, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/verification", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []UniversalSSLVerificationDetails{}, err
-	}
-	var r universalSSLVerificationResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []UniversalSSLVerificationDetails{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateUniversalSSLCertificatePackValidationMethod changes the validation method for a certificate pack
-//
-// API reference: https://api.cloudflare.com/#ssl-verification-ssl-verification-details
-func (api *API) UpdateUniversalSSLCertificatePackValidationMethod(ctx context.Context, zoneID string, certPackUUID string, setting UniversalSSLCertificatePackValidationMethodSetting) (UniversalSSLCertificatePackValidationMethodSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/ssl/verification/%s", zoneID, certPackUUID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, setting)
-	if err != nil {
-		return UniversalSSLCertificatePackValidationMethodSetting{}, err
-	}
-	var r universalSSLCertificatePackValidationMethodSettingResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return UniversalSSLCertificatePackValidationMethodSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/universal_ssl_test.go b/pkg/cloudflare-go/universal_ssl_test.go
deleted file mode 100644
index 3b2e16922c..0000000000
--- a/pkg/cloudflare-go/universal_ssl_test.go
+++ /dev/null
@@ -1,164 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestUniversalSSLSettingDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "enabled": true
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/universal/settings", handler)
-
-	want := UniversalSSLSetting{
-		Enabled: true,
-	}
-
-	got, err := client.UniversalSSLSettingDetails(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestEditUniversalSSLSetting(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"enabled":true}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-			  "enabled": true
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/universal/settings", handler)
-
-	want := UniversalSSLSetting{
-		Enabled: true,
-	}
-
-	got, err := client.EditUniversalSSLSetting(context.Background(), testZoneID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestUniversalSSLVerificationDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": [{
-				"certificate_status": "active",
-				"verification_type": "cname",
-				"verification_status": true,
-				"verification_info": [
-				{
-					"status": "pending",
-					"http_url": "http://example.com/.well-known/acme-challenge/Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA",
-					"http_body": "Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA.Jckzm7Z9uOFls_MXPYibNRz6koY5a8qpI_BeHtDtf-g"
-				}
-			],
-				"brand_check": false,
-				"validation_method": "txt",
-				"cert_pack_uuid": "a77f8bd7-3b47-46b4-a6f1-75cf98109948"
-			}]
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/verification", handler)
-
-	want := []UniversalSSLVerificationDetails{
-		{
-			CertificateStatus:  "active",
-			VerificationType:   "cname",
-			ValidationMethod:   "txt",
-			CertPackUUID:       "a77f8bd7-3b47-46b4-a6f1-75cf98109948",
-			VerificationStatus: true,
-			BrandCheck:         false,
-			VerificationInfo: []SSLValidationRecord{{
-				HTTPUrl:  "http://example.com/.well-known/acme-challenge/Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA",
-				HTTPBody: "Km-ycWoOVh10cLfL4pRPppGt6jU_mGz8xgvNOxudMiA.Jckzm7Z9uOFls_MXPYibNRz6koY5a8qpI_BeHtDtf-g",
-			}},
-		},
-	}
-
-	got, err := client.UniversalSSLVerificationDetails(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestUpdateSSLCertificatePackValidationMethod(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"validation_method":"txt"}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"validation_method": "txt",
-				"status": "pending_validation"
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/ssl/verification/"+testCertPackUUID, handler)
-
-	want := UniversalSSLCertificatePackValidationMethodSetting{
-		ValidationMethod: "txt",
-	}
-
-	got, err := client.UpdateUniversalSSLCertificatePackValidationMethod(context.Background(), testZoneID, testCertPackUUID, want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
diff --git a/pkg/cloudflare-go/url_normalization_settings.go b/pkg/cloudflare-go/url_normalization_settings.go
deleted file mode 100644
index c919100fa4..0000000000
--- a/pkg/cloudflare-go/url_normalization_settings.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type URLNormalizationSettings struct {
-	Type  string `json:"type"`
-	Scope string `json:"scope"`
-}
-
-type URLNormalizationSettingsResponse struct {
-	Result URLNormalizationSettings `json:"result"`
-	Response
-}
-
-type URLNormalizationSettingsUpdateParams struct {
-	Type  string `json:"type"`
-	Scope string `json:"scope"`
-}
-
-// URLNormalizationSettings API reference: https://api.cloudflare.com/#url-normalization-get-url-normalization-settings
-func (api *API) URLNormalizationSettings(ctx context.Context, rc *ResourceContainer) (URLNormalizationSettings, error) {
-	uri := fmt.Sprintf("/zones/%s/url_normalization", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return URLNormalizationSettings{}, err
-	}
-
-	var urlNormalizationSettingsResponse URLNormalizationSettingsResponse
-	err = json.Unmarshal(res, &urlNormalizationSettingsResponse)
-	if err != nil {
-		return URLNormalizationSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return urlNormalizationSettingsResponse.Result, nil
-}
-
-// UpdateURLNormalizationSettings https://api.cloudflare.com/#url-normalization-update-url-normalization-settings
-func (api *API) UpdateURLNormalizationSettings(ctx context.Context, rc *ResourceContainer, params URLNormalizationSettingsUpdateParams) (URLNormalizationSettings, error) {
-	uri := fmt.Sprintf("/zones/%s/url_normalization", rc.Identifier)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return URLNormalizationSettings{}, err
-	}
-
-	var urlNormalizationSettingsResponse URLNormalizationSettingsResponse
-	err = json.Unmarshal(res, &urlNormalizationSettingsResponse)
-	if err != nil {
-		return URLNormalizationSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return urlNormalizationSettingsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/url_normalization_settings_test.go b/pkg/cloudflare-go/url_normalization_settings_test.go
deleted file mode 100644
index 6a6ac11167..0000000000
--- a/pkg/cloudflare-go/url_normalization_settings_test.go
+++ /dev/null
@@ -1,86 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestURLNormalizationSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"type": "cloudflare",
-				"scope": "incoming"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/url_normalization", handler)
-
-	want := URLNormalizationSettings{
-		Type:  "cloudflare",
-		Scope: "incoming",
-	}
-
-	got, err := client.URLNormalizationSettings(context.Background(), ZoneIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
-
-func TestUpdateURLNormalizationSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"type":"cloudflare","scope":"incoming"}`, string(body))
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"type": "cloudflare",
-				"scope": "incoming"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/url_normalization", handler)
-
-	params := URLNormalizationSettingsUpdateParams{
-		Type:  "cloudflare",
-		Scope: "incoming",
-	}
-
-	want := URLNormalizationSettings{
-		Type:  "cloudflare",
-		Scope: "incoming",
-	}
-
-	got, err := client.UpdateURLNormalizationSettings(context.Background(), ZoneIdentifier(testZoneID), params)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, got)
-	}
-}
diff --git a/pkg/cloudflare-go/user.go b/pkg/cloudflare-go/user.go
deleted file mode 100644
index 90feb89904..0000000000
--- a/pkg/cloudflare-go/user.go
+++ /dev/null
@@ -1,161 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// User describes a user account.
-type User struct {
-	ID         string     `json:"id,omitempty"`
-	Email      string     `json:"email,omitempty"`
-	FirstName  string     `json:"first_name,omitempty"`
-	LastName   string     `json:"last_name,omitempty"`
-	Username   string     `json:"username,omitempty"`
-	Telephone  string     `json:"telephone,omitempty"`
-	Country    string     `json:"country,omitempty"`
-	Zipcode    string     `json:"zipcode,omitempty"`
-	CreatedOn  *time.Time `json:"created_on,omitempty"`
-	ModifiedOn *time.Time `json:"modified_on,omitempty"`
-	APIKey     string     `json:"api_key,omitempty"`
-	TwoFA      bool       `json:"two_factor_authentication_enabled,omitempty"`
-	Betas      []string   `json:"betas,omitempty"`
-	Accounts   []Account  `json:"organizations,omitempty"`
-}
-
-// UserResponse wraps a response containing User accounts.
-type UserResponse struct {
-	Response
-	Result User `json:"result"`
-}
-
-// userBillingProfileResponse wraps a response containing Billing Profile information.
-type userBillingProfileResponse struct {
-	Response
-	Result UserBillingProfile
-}
-
-// UserBillingProfile contains Billing Profile information.
-type UserBillingProfile struct {
-	ID              string     `json:"id,omitempty"`
-	FirstName       string     `json:"first_name,omitempty"`
-	LastName        string     `json:"last_name,omitempty"`
-	Address         string     `json:"address,omitempty"`
-	Address2        string     `json:"address2,omitempty"`
-	Company         string     `json:"company,omitempty"`
-	City            string     `json:"city,omitempty"`
-	State           string     `json:"state,omitempty"`
-	ZipCode         string     `json:"zipcode,omitempty"`
-	Country         string     `json:"country,omitempty"`
-	Telephone       string     `json:"telephone,omitempty"`
-	CardNumber      string     `json:"card_number,omitempty"`
-	CardExpiryYear  int        `json:"card_expiry_year,omitempty"`
-	CardExpiryMonth int        `json:"card_expiry_month,omitempty"`
-	VAT             string     `json:"vat,omitempty"`
-	CreatedOn       *time.Time `json:"created_on,omitempty"`
-	EditedOn        *time.Time `json:"edited_on,omitempty"`
-}
-
-type UserBillingHistoryResponse struct {
-	Response
-	Result     []UserBillingHistory `json:"result"`
-	ResultInfo ResultInfo           `json:"result_info"`
-}
-
-type UserBillingHistory struct {
-	ID          string                 `json:"id,omitempty"`
-	Type        string                 `json:"type,omitempty"`
-	Action      string                 `json:"action,omitempty"`
-	Description string                 `json:"description,omitempty"`
-	OccurredAt  *time.Time             `json:"occurred_at,omitempty"`
-	Amount      float32                `json:"amount,omitempty"`
-	Currency    string                 `json:"currency,omitempty"`
-	Zone        userBillingHistoryZone `json:"zone"`
-}
-
-type userBillingHistoryZone struct {
-	Name string `json:"name,omitempty"`
-}
-
-type UserBillingOptions struct {
-	PaginationOptions
-	Order      string     `url:"order,omitempty"`
-	Type       string     `url:"type,omitempty"`
-	OccurredAt *time.Time `url:"occurred_at,omitempty"`
-	Action     string     `url:"action,omitempty"`
-}
-
-// UserDetails provides information about the logged-in user.
-//
-// API reference: https://api.cloudflare.com/#user-user-details
-func (api *API) UserDetails(ctx context.Context) (User, error) {
-	var r UserResponse
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user", nil)
-	if err != nil {
-		return User{}, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return User{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateUser updates the properties of the given user.
-//
-// API reference: https://api.cloudflare.com/#user-update-user
-func (api *API) UpdateUser(ctx context.Context, user *User) (User, error) {
-	var r UserResponse
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/user", user)
-	if err != nil {
-		return User{}, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return User{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UserBillingProfile returns the billing profile of the user.
-//
-// API reference: https://api.cloudflare.com/#user-billing-profile
-func (api *API) UserBillingProfile(ctx context.Context) (UserBillingProfile, error) {
-	var r userBillingProfileResponse
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/user/billing/profile", nil)
-	if err != nil {
-		return UserBillingProfile{}, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return UserBillingProfile{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UserBillingHistory return the billing history of the user
-//
-// API reference: https://api.cloudflare.com/#user-billing-history-billing-history-details
-func (api *API) UserBillingHistory(ctx context.Context, pageOpts UserBillingOptions) ([]UserBillingHistory, error) {
-	uri := buildURI("/user/billing/history", pageOpts)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []UserBillingHistory{}, err
-	}
-	var r UserBillingHistoryResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []UserBillingHistory{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/user_agent.go b/pkg/cloudflare-go/user_agent.go
deleted file mode 100644
index 10449bbc06..0000000000
--- a/pkg/cloudflare-go/user_agent.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-
-	"github.com/goccy/go-json"
-)
-
-// UserAgentRule represents a User-Agent Block. These rules can be used to
-// challenge, block or whitelist specific User-Agents for a given zone.
-type UserAgentRule struct {
-	ID            string              `json:"id"`
-	Description   string              `json:"description"`
-	Mode          string              `json:"mode"`
-	Configuration UserAgentRuleConfig `json:"configuration"`
-	Paused        bool                `json:"paused"`
-}
-
-// UserAgentRuleConfig represents a Zone Lockdown config, which comprises
-// a Target ("ip" or "ip_range") and a Value (an IP address or IP+mask,
-// respectively.)
-type UserAgentRuleConfig ZoneLockdownConfig
-
-// UserAgentRuleResponse represents a response from the Zone Lockdown endpoint.
-type UserAgentRuleResponse struct {
-	Result UserAgentRule `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// UserAgentRuleListResponse represents a response from the List Zone Lockdown endpoint.
-type UserAgentRuleListResponse struct {
-	Result []UserAgentRule `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// CreateUserAgentRule creates a User-Agent Block rule for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-create-a-useragent-rule
-func (api *API) CreateUserAgentRule(ctx context.Context, zoneID string, ld UserAgentRule) (*UserAgentRuleResponse, error) {
-	switch ld.Mode {
-	case "block", "challenge", "js_challenge", "managed_challenge":
-		break
-	default:
-		return nil, errors.New(`the User-Agent Block rule mode must be one of "block", "challenge", "js_challenge", "managed_challenge"`)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, ld)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &UserAgentRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// UpdateUserAgentRule updates a User-Agent Block rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-update-useragent-rule
-func (api *API) UpdateUserAgentRule(ctx context.Context, zoneID string, id string, ld UserAgentRule) (*UserAgentRuleResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, ld)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &UserAgentRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// DeleteUserAgentRule deletes a User-Agent Block rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-delete-useragent-rule
-func (api *API) DeleteUserAgentRule(ctx context.Context, zoneID string, id string) (*UserAgentRuleResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &UserAgentRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// UserAgentRule retrieves a User-Agent Block rule (based on the ID) for the given zone ID.
-//
-// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-useragent-rule-details
-func (api *API) UserAgentRule(ctx context.Context, zoneID string, id string) (*UserAgentRuleResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules/%s", zoneID, id)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &UserAgentRuleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// ListUserAgentRules retrieves a list of User-Agent Block rules for a given zone ID by page number.
-//
-// API reference: https://api.cloudflare.com/#user-agent-blocking-rules-list-useragent-rules
-func (api *API) ListUserAgentRules(ctx context.Context, zoneID string, page int) (*UserAgentRuleListResponse, error) {
-	v := url.Values{}
-	if page <= 0 {
-		page = 1
-	}
-
-	v.Set("page", strconv.Itoa(page))
-	v.Set("per_page", strconv.Itoa(100))
-
-	uri := fmt.Sprintf("/zones/%s/firewall/ua_rules?%s", zoneID, v.Encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &UserAgentRuleListResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
diff --git a/pkg/cloudflare-go/user_agent_example_test.go b/pkg/cloudflare-go/user_agent_example_test.go
deleted file mode 100644
index 26db115a47..0000000000
--- a/pkg/cloudflare-go/user_agent_example_test.go
+++ /dev/null
@@ -1,31 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListUserAgentRules_all() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	zoneID, err := api.ZoneIDByName("example.com")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch all Zone Lockdown rules for a zone, by page.
-	rules, err := api.ListUserAgentRules(context.Background(), zoneID, 1)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, r := range rules.Result {
-		fmt.Printf("%s: %s\n", r.Configuration.Target, r.Configuration.Value)
-	}
-}
diff --git a/pkg/cloudflare-go/user_test.go b/pkg/cloudflare-go/user_test.go
deleted file mode 100644
index d3d70903d8..0000000000
--- a/pkg/cloudflare-go/user_test.go
+++ /dev/null
@@ -1,244 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestUser_UserDetails(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-"success": true,
-"errors": [],
-"messages": [],
-"result": {
-    "id": "1",
-    "email": "cloudflare@example.com",
-    "first_name": "Jane",
-    "last_name": "Smith",
-    "username": "cloudflare12345",
-    "telephone": "+1 (650) 319 8930",
-    "country": "US",
-    "zipcode": "94107",
-    "created_on": "2009-07-01T00:00:00Z",
-    "modified_on": "2016-05-06T20:32:00Z",
-    "two_factor_authentication_enabled": true,
-    "betas": ["mirage_forever"]
-  }
-}`)
-	})
-
-	user, err := client.UserDetails(context.Background())
-
-	createdOn, _ := time.Parse(time.RFC3339, "2009-07-01T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2016-05-06T20:32:00Z")
-
-	want := User{
-		ID:         "1",
-		Email:      "cloudflare@example.com",
-		FirstName:  "Jane",
-		LastName:   "Smith",
-		Username:   "cloudflare12345",
-		Telephone:  "+1 (650) 319 8930",
-		Country:    "US",
-		Zipcode:    "94107",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-		TwoFA:      true,
-		Betas:      []string{"mirage_forever"},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, user, want)
-	}
-}
-
-func TestUser_UpdateUser(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{"country":"US","first_name":"John","username":"cfuser12345","email":"user@example.com",
-                       "last_name": "Appleseed","telephone": "+1 123-123-1234","zipcode": "12345"}`, string(b), "JSON not equal")
-		}
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "7c5dae5552338874e5053f2534d2767a",
-    "email": "user@example.com",
-    "first_name": "John",
-    "last_name": "Appleseed",
-    "username": "cfuser12345",
-    "telephone": "+1 123-123-1234",
-    "country": "US",
-    "zipcode": "12345",
-    "created_on": "2014-01-01T05:20:00Z",
-    "modified_on": "2014-01-01T05:20:00Z",
-    "two_factor_authentication_enabled": false
-  }
-}`)
-	})
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00Z")
-
-	userIn := User{
-		Email:     "user@example.com",
-		FirstName: "John",
-		LastName:  "Appleseed",
-		Username:  "cfuser12345",
-		Telephone: "+1 123-123-1234",
-		Country:   "US",
-		Zipcode:   "12345",
-		TwoFA:     false,
-	}
-
-	userOut, err := client.UpdateUser(context.Background(), &userIn)
-
-	want := User{
-		ID:         "7c5dae5552338874e5053f2534d2767a",
-		Email:      "user@example.com",
-		FirstName:  "John",
-		LastName:   "Appleseed",
-		Username:   "cfuser12345",
-		Telephone:  "+1 123-123-1234",
-		Country:    "US",
-		Zipcode:    "12345",
-		CreatedOn:  &createdOn,
-		ModifiedOn: &modifiedOn,
-		TwoFA:      false,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, userOut, want, "structs not equal")
-	}
-}
-
-func TestUser_UserBillingProfile(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/user/billing/profile", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "0020c268dbf54e975e7fe8563df49d52",
-    "first_name": "Bob",
-    "last_name": "Smith",
-    "address": "123 3rd St.",
-    "address2": "Apt 123",
-    "company": "Cloudflare",
-    "city": "San Francisco",
-    "state": "CA",
-    "zipcode": "12345",
-    "country": "US",
-    "telephone": "+1 111-867-5309",
-    "card_number": "xxxx-xxxx-xxxx-1234",
-    "card_expiry_year": 2015,
-    "card_expiry_month": 4,
-    "vat": "aaa-123-987",
-    "edited_on": "2014-04-01T12:21:02.0000Z",
-    "created_on": "2014-03-01T12:21:02.0000Z"
-  }
-}`)
-	})
-
-	createdOn, _ := time.Parse(time.RFC3339, "2014-03-01T12:21:02.0000Z")
-	editedOn, _ := time.Parse(time.RFC3339, "2014-04-01T12:21:02.0000Z")
-
-	userBillingProfile, err := client.UserBillingProfile(context.Background())
-
-	want := UserBillingProfile{
-		ID:              "0020c268dbf54e975e7fe8563df49d52",
-		FirstName:       "Bob",
-		LastName:        "Smith",
-		Address:         "123 3rd St.",
-		Address2:        "Apt 123",
-		Company:         "Cloudflare",
-		City:            "San Francisco",
-		State:           "CA",
-		ZipCode:         "12345",
-		Country:         "US",
-		Telephone:       "+1 111-867-5309",
-		CardNumber:      "xxxx-xxxx-xxxx-1234",
-		CardExpiryYear:  2015,
-		CardExpiryMonth: 4,
-		VAT:             "aaa-123-987",
-		CreatedOn:       &createdOn,
-		EditedOn:        &editedOn,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, userBillingProfile, want, "structs not equal")
-	}
-}
-
-func TestUser_UserBillingHistory(t *testing.T) {
-	setup()
-	defer teardown()
-	mux.HandleFunc("/user/billing/history", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": [
-    {
-      "id": "b69a9f3492637782896352daae219e7d",
-      "type": "charge",
-      "action": "subscription",
-      "description": "The billing item description",
-      "occurred_at": "2014-03-01T12:21:59.3456Z",
-      "amount": 20.99,
-      "currency": "USD",
-      "zone": {
-        "name": "example.com"
-      }
-    }
-  ]
-}`)
-	})
-
-	userBillingProfile, err := client.UserBillingHistory(context.Background(), UserBillingOptions{})
-
-	OccurredAt, _ := time.Parse(time.RFC3339, "2014-03-01T12:21:59.3456Z")
-
-	want := []UserBillingHistory{{
-		ID:          "b69a9f3492637782896352daae219e7d",
-		Type:        "charge",
-		Action:      "subscription",
-		Description: "The billing item description",
-		OccurredAt:  &OccurredAt,
-		Amount:      20.99,
-		Currency:    "USD",
-		Zone:        userBillingHistoryZone{Name: "example.com"},
-	}}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, userBillingProfile, want, "structs not equal")
-	}
-}
diff --git a/pkg/cloudflare-go/utils.go b/pkg/cloudflare-go/utils.go
deleted file mode 100644
index bc2dc56338..0000000000
--- a/pkg/cloudflare-go/utils.go
+++ /dev/null
@@ -1,28 +0,0 @@
-package cloudflare
-
-import (
-	"fmt"
-	"net/url"
-	"os"
-	"path/filepath"
-
-	"github.com/google/go-querystring/query"
-)
-
-// buildURI assembles the base path and queries.
-func buildURI(path string, options interface{}) string {
-	v, _ := query.Values(options)
-	return (&url.URL{Path: path, RawQuery: v.Encode()}).String()
-}
-
-// loadFixture takes a series of path components and returns the JSON fixture at
-// that location associated.
-func loadFixture(parts ...string) string {
-	paths := []string{"testdata", "fixtures"}
-	paths = append(paths, parts...)
-	b, err := os.ReadFile(filepath.Join(paths...) + ".json")
-	if err != nil {
-		fmt.Print(err)
-	}
-	return string(b)
-}
diff --git a/pkg/cloudflare-go/utils_test.go b/pkg/cloudflare-go/utils_test.go
deleted file mode 100644
index 5973d8c720..0000000000
--- a/pkg/cloudflare-go/utils_test.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package cloudflare
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-type testExample struct {
-	A string `url:"a,omitempty"`
-	C string `url:"c,omitempty"`
-
-	PaginationOptions
-}
-
-func Test_buildURI(t *testing.T) {
-	tests := map[string]struct {
-		path   string
-		params interface{}
-		want   string
-	}{
-		"multi level path without params":        {path: "/accounts/foo", params: testExample{}, want: "/accounts/foo"},
-		"multi level path with params":           {path: "/zones/foo", params: testExample{A: "b"}, want: "/zones/foo?a=b"},
-		"multi level path with multiple params":  {path: "/zones/foo", params: testExample{A: "b", C: "d"}, want: "/zones/foo?a=b&c=d"},
-		"multi level path with nested fields":    {path: "/zones/foo", params: testExample{A: "b", C: "d", PaginationOptions: PaginationOptions{PerPage: 10}}, want: "/zones/foo?a=b&c=d&per_page=10"},
-		"single level path without params":       {path: "/foo", params: testExample{}, want: "/foo"},
-		"single level path with params":          {path: "/bar", params: testExample{C: "d"}, want: "/bar?c=d"},
-		"single level path with multiple params": {path: "/foo", params: testExample{A: "b", C: "d"}, want: "/foo?a=b&c=d"},
-		"single level path with nested fields":   {path: "/foo", params: testExample{A: "b", C: "d", PaginationOptions: PaginationOptions{PerPage: 10}}, want: "/foo?a=b&c=d&per_page=10"},
-	}
-
-	for name, tc := range tests {
-		t.Run(name, func(t *testing.T) {
-			got := buildURI(tc.path, tc.params)
-			assert.Equal(t, tc.want, got)
-		})
-	}
-}
diff --git a/pkg/cloudflare-go/waf.go b/pkg/cloudflare-go/waf.go
deleted file mode 100644
index c7a458a0ce..0000000000
--- a/pkg/cloudflare-go/waf.go
+++ /dev/null
@@ -1,352 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-
-	"github.com/goccy/go-json"
-)
-
-// WAFPackage represents a WAF package configuration.
-type WAFPackage struct {
-	ID            string `json:"id"`
-	Name          string `json:"name"`
-	Description   string `json:"description"`
-	ZoneID        string `json:"zone_id"`
-	DetectionMode string `json:"detection_mode"`
-	Sensitivity   string `json:"sensitivity"`
-	ActionMode    string `json:"action_mode"`
-}
-
-// WAFPackagesResponse represents the response from the WAF packages endpoint.
-type WAFPackagesResponse struct {
-	Response
-	Result     []WAFPackage `json:"result"`
-	ResultInfo ResultInfo   `json:"result_info"`
-}
-
-// WAFPackageResponse represents the response from the WAF package endpoint.
-type WAFPackageResponse struct {
-	Response
-	Result     WAFPackage `json:"result"`
-	ResultInfo ResultInfo `json:"result_info"`
-}
-
-// WAFPackageOptions represents options to edit a WAF package.
-type WAFPackageOptions struct {
-	Sensitivity string `json:"sensitivity,omitempty"`
-	ActionMode  string `json:"action_mode,omitempty"`
-}
-
-// WAFGroup represents a WAF rule group.
-type WAFGroup struct {
-	ID                 string   `json:"id"`
-	Name               string   `json:"name"`
-	Description        string   `json:"description"`
-	RulesCount         int      `json:"rules_count"`
-	ModifiedRulesCount int      `json:"modified_rules_count"`
-	PackageID          string   `json:"package_id"`
-	Mode               string   `json:"mode"`
-	AllowedModes       []string `json:"allowed_modes"`
-}
-
-// WAFGroupsResponse represents the response from the WAF groups endpoint.
-type WAFGroupsResponse struct {
-	Response
-	Result     []WAFGroup `json:"result"`
-	ResultInfo ResultInfo `json:"result_info"`
-}
-
-// WAFGroupResponse represents the response from the WAF group endpoint.
-type WAFGroupResponse struct {
-	Response
-	Result     WAFGroup   `json:"result"`
-	ResultInfo ResultInfo `json:"result_info"`
-}
-
-// WAFRule represents a WAF rule.
-type WAFRule struct {
-	ID          string `json:"id"`
-	Description string `json:"description"`
-	Priority    string `json:"priority"`
-	PackageID   string `json:"package_id"`
-	Group       struct {
-		ID   string `json:"id"`
-		Name string `json:"name"`
-	} `json:"group"`
-	Mode         string   `json:"mode"`
-	DefaultMode  string   `json:"default_mode"`
-	AllowedModes []string `json:"allowed_modes"`
-}
-
-// WAFRulesResponse represents the response from the WAF rules endpoint.
-type WAFRulesResponse struct {
-	Response
-	Result     []WAFRule  `json:"result"`
-	ResultInfo ResultInfo `json:"result_info"`
-}
-
-// WAFRuleResponse represents the response from the WAF rule endpoint.
-type WAFRuleResponse struct {
-	Response
-	Result     WAFRule    `json:"result"`
-	ResultInfo ResultInfo `json:"result_info"`
-}
-
-// WAFRuleOptions is a subset of WAFRule, for editable options.
-type WAFRuleOptions struct {
-	Mode string `json:"mode"`
-}
-
-// ListWAFPackages returns a slice of the WAF packages for the given zone.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-packages-list-firewall-packages
-func (api *API) ListWAFPackages(ctx context.Context, zoneID string) ([]WAFPackage, error) {
-	// Construct a query string
-	v := url.Values{}
-	// Request as many WAF packages as possible per page - API max is 100
-	v.Set("per_page", "100")
-
-	var packages []WAFPackage
-	var res []byte
-	var err error
-	page := 1
-
-	// Loop over makeRequest until what we've fetched all records
-	for {
-		v.Set("page", strconv.Itoa(page))
-		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages?%s", zoneID, v.Encode())
-		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []WAFPackage{}, err
-		}
-
-		var p WAFPackagesResponse
-		err = json.Unmarshal(res, &p)
-		if err != nil {
-			return []WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		if !p.Success {
-			// TODO: Provide an actual error message instead of always returning nil
-			return []WAFPackage{}, err
-		}
-
-		packages = append(packages, p.Result...)
-		if p.ResultInfo.Page >= p.ResultInfo.TotalPages {
-			break
-		}
-
-		// Loop around and fetch the next page
-		page++
-	}
-
-	return packages, nil
-}
-
-// WAFPackage returns a WAF package for the given zone.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-packages-firewall-package-details
-func (api *API) WAFPackage(ctx context.Context, zoneID, packageID string) (WAFPackage, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s", zoneID, packageID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WAFPackage{}, err
-	}
-
-	var r WAFPackageResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateWAFPackage lets you update the a WAF Package.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-packages-edit-firewall-package
-func (api *API) UpdateWAFPackage(ctx context.Context, zoneID, packageID string, opts WAFPackageOptions) (WAFPackage, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s", zoneID, packageID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
-	if err != nil {
-		return WAFPackage{}, err
-	}
-
-	var r WAFPackageResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFPackage{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListWAFGroups returns a slice of the WAF groups for the given WAF package.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-groups-list-rule-groups
-func (api *API) ListWAFGroups(ctx context.Context, zoneID, packageID string) ([]WAFGroup, error) {
-	// Construct a query string
-	v := url.Values{}
-	// Request as many WAF groups as possible per page - API max is 100
-	v.Set("per_page", "100")
-
-	var groups []WAFGroup
-	var res []byte
-	var err error
-	page := 1
-
-	// Loop over makeRequest until what we've fetched all records
-	for {
-		v.Set("page", strconv.Itoa(page))
-		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups?%s", zoneID, packageID, v.Encode())
-		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []WAFGroup{}, err
-		}
-
-		var r WAFGroupsResponse
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		if !r.Success {
-			// TODO: Provide an actual error message instead of always returning nil
-			return []WAFGroup{}, err
-		}
-
-		groups = append(groups, r.Result...)
-		if r.ResultInfo.Page >= r.ResultInfo.TotalPages {
-			break
-		}
-
-		// Loop around and fetch the next page
-		page++
-	}
-	return groups, nil
-}
-
-// WAFGroup returns a WAF rule group from the given WAF package.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-groups-rule-group-details
-func (api *API) WAFGroup(ctx context.Context, zoneID, packageID, groupID string) (WAFGroup, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups/%s", zoneID, packageID, groupID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WAFGroup{}, err
-	}
-
-	var r WAFGroupResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateWAFGroup lets you update the mode of a WAF Group.
-//
-// API Reference: https://api.cloudflare.com/#waf-rule-groups-edit-rule-group
-func (api *API) UpdateWAFGroup(ctx context.Context, zoneID, packageID, groupID, mode string) (WAFGroup, error) {
-	opts := WAFRuleOptions{Mode: mode}
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/groups/%s", zoneID, packageID, groupID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
-	if err != nil {
-		return WAFGroup{}, err
-	}
-
-	var r WAFGroupResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFGroup{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ListWAFRules returns a slice of the WAF rules for the given WAF package.
-//
-// API Reference: https://api.cloudflare.com/#waf-rules-list-rules
-func (api *API) ListWAFRules(ctx context.Context, zoneID, packageID string) ([]WAFRule, error) {
-	// Construct a query string
-	v := url.Values{}
-	// Request as many WAF rules as possible per page - API max is 100
-	v.Set("per_page", "100")
-
-	var rules []WAFRule
-	var res []byte
-	var err error
-	page := 1
-
-	// Loop over makeRequest until what we've fetched all records
-	for {
-		v.Set("page", strconv.Itoa(page))
-		uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules?%s", zoneID, packageID, v.Encode())
-		res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []WAFRule{}, err
-		}
-
-		var r WAFRulesResponse
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return []WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-
-		if !r.Success {
-			// TODO: Provide an actual error message instead of always returning nil
-			return []WAFRule{}, err
-		}
-
-		rules = append(rules, r.Result...)
-		if r.ResultInfo.Page >= r.ResultInfo.TotalPages {
-			break
-		}
-
-		// Loop around and fetch the next page
-		page++
-	}
-
-	return rules, nil
-}
-
-// WAFRule returns a WAF rule from the given WAF package.
-//
-// API Reference: https://api.cloudflare.com/#waf-rules-rule-details
-func (api *API) WAFRule(ctx context.Context, zoneID, packageID, ruleID string) (WAFRule, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules/%s", zoneID, packageID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WAFRule{}, err
-	}
-
-	var r WAFRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateWAFRule lets you update the mode of a WAF Rule.
-//
-// API Reference: https://api.cloudflare.com/#waf-rules-edit-rule
-func (api *API) UpdateWAFRule(ctx context.Context, zoneID, packageID, ruleID, mode string) (WAFRule, error) {
-	opts := WAFRuleOptions{Mode: mode}
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/packages/%s/rules/%s", zoneID, packageID, ruleID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, opts)
-	if err != nil {
-		return WAFRule{}, err
-	}
-
-	var r WAFRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFRule{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/waf_overrides.go b/pkg/cloudflare-go/waf_overrides.go
deleted file mode 100644
index 665cb61682..0000000000
--- a/pkg/cloudflare-go/waf_overrides.go
+++ /dev/null
@@ -1,138 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// WAFOverridesResponse represents the response form the WAF overrides endpoint.
-type WAFOverridesResponse struct {
-	Response
-	Result     []WAFOverride `json:"result"`
-	ResultInfo ResultInfo    `json:"result_info"`
-}
-
-// WAFOverrideResponse represents the response form the WAF override endpoint.
-type WAFOverrideResponse struct {
-	Response
-	Result     WAFOverride `json:"result"`
-	ResultInfo ResultInfo  `json:"result_info"`
-}
-
-// WAFOverride represents a WAF override.
-type WAFOverride struct {
-	ID            string            `json:"id,omitempty"`
-	Description   string            `json:"description"`
-	URLs          []string          `json:"urls"`
-	Priority      int               `json:"priority"`
-	Groups        map[string]string `json:"groups"`
-	RewriteAction map[string]string `json:"rewrite_action"`
-	Rules         map[string]string `json:"rules"`
-	Paused        bool              `json:"paused"`
-}
-
-// ListWAFOverrides returns a slice of the WAF overrides.
-//
-// API Reference: https://api.cloudflare.com/#waf-overrides-list-uri-controlled-waf-configurations
-func (api *API) ListWAFOverrides(ctx context.Context, zoneID string) ([]WAFOverride, error) {
-	var overrides []WAFOverride
-	var res []byte
-	var err error
-
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides", zoneID)
-	res, err = api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []WAFOverride{}, err
-	}
-
-	var r WAFOverridesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	if !r.Success {
-		// TODO: Provide an actual error message instead of always returning nil
-		return []WAFOverride{}, err
-	}
-
-	for ri := range r.Result {
-		overrides = append(overrides, r.Result[ri])
-	}
-	return overrides, nil
-}
-
-// WAFOverride returns a WAF override from the given override ID.
-//
-// API Reference: https://api.cloudflare.com/#waf-overrides-uri-controlled-waf-configuration-details
-func (api *API) WAFOverride(ctx context.Context, zoneID, overrideID string) (WAFOverride, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WAFOverride{}, err
-	}
-
-	var r WAFOverrideResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// CreateWAFOverride creates a new WAF override.
-//
-// API reference: https://api.cloudflare.com/#waf-overrides-create-a-uri-controlled-waf-configuration
-func (api *API) CreateWAFOverride(ctx context.Context, zoneID string, override WAFOverride) (WAFOverride, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, override)
-	if err != nil {
-		return WAFOverride{}, err
-	}
-	var r WAFOverrideResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateWAFOverride updates an existing WAF override.
-//
-// API reference: https://api.cloudflare.com/#waf-overrides-update-uri-controlled-waf-configuration
-func (api *API) UpdateWAFOverride(ctx context.Context, zoneID, overrideID string, override WAFOverride) (WAFOverride, error) {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, override)
-	if err != nil {
-		return WAFOverride{}, err
-	}
-
-	var r WAFOverrideResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WAFOverride{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteWAFOverride deletes a WAF override for a zone.
-//
-// API reference: https://api.cloudflare.com/#waf-overrides-delete-lockdown-rule
-func (api *API) DeleteWAFOverride(ctx context.Context, zoneID, overrideID string) error {
-	uri := fmt.Sprintf("/zones/%s/firewall/waf/overrides/%s", zoneID, overrideID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r WAFOverrideResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
diff --git a/pkg/cloudflare-go/waf_overrides_test.go b/pkg/cloudflare-go/waf_overrides_test.go
deleted file mode 100644
index 01d886490f..0000000000
--- a/pkg/cloudflare-go/waf_overrides_test.go
+++ /dev/null
@@ -1,238 +0,0 @@
-package cloudflare
-
-import (
-	context "context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWAFOverride(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "a27cece9ec0e4af39ae9c58e3326e2b6",
-				"paused": false,
-				"urls": [
-					"foo.bar.com"
-				],
-				"priority": 0,
-				"groups": {
-					"ea8687e59929c1fd05ba97574ad43f77": "default"
-				},
-				"rules": {
-					"100015": "disable"
-				},
-				"rewrite_action": {
-					"default": "simulate"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/a27cece9ec0e4af39ae9c58e3326e2b6", handler)
-	want := WAFOverride{
-		ID:            "a27cece9ec0e4af39ae9c58e3326e2b6",
-		Paused:        false,
-		URLs:          []string{"foo.bar.com"},
-		Priority:      0,
-		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
-		Rules:         map[string]string{"100015": "disable"},
-		RewriteAction: map[string]string{"default": "simulate"},
-	}
-
-	actual, err := client.WAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "a27cece9ec0e4af39ae9c58e3326e2b6")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListWAFOverrides(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-overrides-list-uri-controlled-waf-configurations
-		fmt.Fprintf(w, `{
-			"result": [
-				{
-					"id": "a27cece9ec0e4af39ae9c58e3326e2b6",
-					"paused": false,
-					"urls": [
-						"foo.bar.com"
-					],
-					"priority": 0,
-					"groups": {
-						"ea8687e59929c1fd05ba97574ad43f77": "default"
-					},
-					"rules": {
-						"100015": "disable"
-					},
-					"rewrite_action": {
-						"default": "simulate"
-					}
-				}
-			],
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result_info": {
-				"page": 1,
-				"per_page": 25,
-				"count": 1,
-				"total_count": 1,
-				"total_pages": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/overrides", handler)
-
-	want := []WAFOverride{
-		{
-			ID:            "a27cece9ec0e4af39ae9c58e3326e2b6",
-			Paused:        false,
-			URLs:          []string{"foo.bar.com"},
-			Priority:      0,
-			Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
-			Rules:         map[string]string{"100015": "disable"},
-			RewriteAction: map[string]string{"default": "simulate"},
-		},
-	}
-
-	d, err := client.ListWAFOverrides(context.Background(), testZoneID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-}
-
-func TestCreateWAFOverride(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "cf5b1db4ac454d7bad98ebec4533db57",
-				"paused": false,
-				"urls": [
-					"foo.bar.com"
-				],
-				"priority": 0,
-				"groups": {
-					"ea8687e59929c1fd05ba97574ad43f77": "default"
-				},
-				"rules": {
-					"100015": "disable"
-				},
-				"rewrite_action": {
-					"default": "simulate"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides", handler)
-
-	want := WAFOverride{
-		ID:            "cf5b1db4ac454d7bad98ebec4533db57",
-		URLs:          []string{"foo.bar.com"},
-		Rules:         map[string]string{"100015": "disable"},
-		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "default"},
-		RewriteAction: map[string]string{"default": "simulate"},
-	}
-
-	actual, err := client.CreateWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteWAFOverride(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "18a9b91a93364593a8f41bd53bb2c02d"
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/18a9b91a93364593a8f41bd53bb2c02d", handler)
-
-	err := client.DeleteWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "18a9b91a93364593a8f41bd53bb2c02d")
-	assert.NoError(t, err)
-}
-
-func TestUpdateWAFOverride(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": {
-				"id": "e160a4fca2b346a7a418f49da049c566",
-				"paused": false,
-				"urls": [
-					"foo.bar.com"
-				],
-				"priority": 0,
-				"groups": {
-					"ea8687e59929c1fd05ba97574ad43f77": "block"
-				},
-				"rules": {
-					"100015": "disable"
-				},
-				"rewrite_action": {
-					"default": "block"
-				}
-			},
-			"success": true,
-			"errors": [],
-			"messages": []
-		}`)
-	}
-
-	mux.HandleFunc("/zones/01a7362d577a6c3019a474fd6f485823/firewall/waf/overrides/e160a4fca2b346a7a418f49da049c566", handler)
-
-	want := WAFOverride{
-		ID:            "e160a4fca2b346a7a418f49da049c566",
-		URLs:          []string{"foo.bar.com"},
-		Rules:         map[string]string{"100015": "disable"},
-		Groups:        map[string]string{"ea8687e59929c1fd05ba97574ad43f77": "block"},
-		RewriteAction: map[string]string{"default": "block"},
-	}
-
-	actual, err := client.UpdateWAFOverride(context.Background(), "01a7362d577a6c3019a474fd6f485823", "e160a4fca2b346a7a418f49da049c566", want)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/waf_test.go b/pkg/cloudflare-go/waf_test.go
deleted file mode 100644
index 31e19bef01..0000000000
--- a/pkg/cloudflare-go/waf_test.go
+++ /dev/null
@@ -1,794 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-	"strconv"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListWAFPackages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rule-packages-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"name": "WordPress rules",
-				"description": "Common WordPress exploit protections",
-				"detection_mode": "traditional",
-				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-				"status": "active"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages", handler)
-
-	want := []WAFPackage{
-		{
-			ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
-			Name:          "WordPress rules",
-			Description:   "Common WordPress exploit protections",
-			ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
-			DetectionMode: "traditional",
-			Sensitivity:   "",
-			ActionMode:    "",
-		},
-	}
-
-	d, err := client.ListWAFPackages(context.Background(), testZoneID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestListWAFPackagesMultiplePages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	page := 1
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		reqURI, err := url.ParseRequestURI(r.RequestURI)
-		assert.NoError(t, err)
-
-		query, err := url.ParseQuery(reqURI.RawQuery)
-		assert.NoError(t, err)
-
-		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-				"id": "fake_id_number_%[1]d",
-				"name": "Fake rule name %[1]d",
-				"description": "Fake rule description %[1]d",
-				"detection_mode": "traditional",
-				"zone_id": "%[2]s",
-				"status": "active"
-				}
-			],
-			"result_info": {
-				"page": %[1]d,
-				"per_page": 1,
-				"total_pages": 2,
-				"count": 1,
-				"total_count": 2
-			}
-		}`, page, testZoneID)
-
-		page++
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages", handler)
-
-	want := []WAFPackage{
-		{
-			ID:            "fake_id_number_1",
-			Name:          "Fake rule name 1",
-			Description:   "Fake rule description 1",
-			ZoneID:        testZoneID,
-			DetectionMode: "traditional",
-			Sensitivity:   "",
-			ActionMode:    "",
-		},
-		{
-			ID:            "fake_id_number_2",
-			Name:          "Fake rule name 2",
-			Description:   "Fake rule description 2",
-			ZoneID:        testZoneID,
-			DetectionMode: "traditional",
-			Sensitivity:   "",
-			ActionMode:    "",
-		},
-	}
-
-	d, err := client.ListWAFPackages(context.Background(), testZoneID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestWAFPackage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rule-packages-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result":
-			{
-				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"name": "WordPress rules",
-				"description": "Common WordPress exploit protections",
-				"detection_mode": "traditional",
-				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-				"status": "active"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b", handler)
-
-	want := WAFPackage{
-		ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
-		Name:          "WordPress rules",
-		Description:   "Common WordPress exploit protections",
-		ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
-		DetectionMode: "traditional",
-		Sensitivity:   "",
-		ActionMode:    "",
-	}
-
-	d, err := client.WAFPackage(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.WAFPackage(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestUpdateWAFPackage(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"sensitivity":"high","action_mode":"challenge"}`, string(body), "Expected body '{\"sensitivity\":\"high\",\"action_mode\":\"challenge\"}', got %s", string(body))
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"name": "OWASP ModSecurity Core Rule Set",
-				"description": "Covers OWASP Top 10 vulnerabilities, and more.",
-				"detection_mode": "anomaly",
-				"zone_id": "023e105f4ecef8ad9ca31a8372d0c353",
-				"status": "active",
-				"sensitivity": "high",
-				"action_mode": "challenge"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b", handler)
-
-	want := WAFPackage{
-		ID:            "a25a9a7e9c00afc1fb2e0245519d725b",
-		Name:          "OWASP ModSecurity Core Rule Set",
-		Description:   "Covers OWASP Top 10 vulnerabilities, and more.",
-		ZoneID:        "023e105f4ecef8ad9ca31a8372d0c353",
-		DetectionMode: "anomaly",
-		Sensitivity:   "high",
-		ActionMode:    "challenge",
-	}
-
-	d, err := client.UpdateWAFPackage(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", WAFPackageOptions{Sensitivity: "high", ActionMode: "challenge"})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-}
-
-func TestListWAFGroups(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-
-		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "de677e5818985db1285d0e80225f06e5",
-					"name": "Project Honey Pot",
-					"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-					"rules_count": 10,
-					"modified_rules_count": 2,
-					"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-					"mode": "on",
-					"allowed_modes": [
-						"on",
-						"off"
-					]
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-			}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups", handler)
-
-	want := []WAFGroup{
-		{
-			ID:                 "de677e5818985db1285d0e80225f06e5",
-			Name:               "Project Honey Pot",
-			Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-			RulesCount:         10,
-			ModifiedRulesCount: 2,
-			PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
-			Mode:               "on",
-			AllowedModes:       []string{"on", "off"},
-		},
-	}
-
-	d, err := client.ListWAFGroups(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFGroups(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestListWAFGroupsMultiplePages(t *testing.T) {
-	setup()
-	defer teardown()
-	packageID := "efgh456"
-
-	page := 1
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		reqURI, err := url.ParseRequestURI(r.RequestURI)
-		assert.NoError(t, err)
-
-		query, err := url.ParseQuery(reqURI.RawQuery)
-		assert.NoError(t, err)
-
-		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-					"id": "fake_group_id_%[1]d",
-					"name": "Fake Group Name %[1]d",
-					"description": "Fake Group Description %[1]d",
-					"rules_count": 1%[1]d,
-					"modified_rules_count": %[1]d,
-					"package_id": "%[2]s",
-					"mode": "on",
-					"allowed_modes": [
-						"on",
-						"off"
-					]
-				}
-			],
-			"result_info": {
-				"page": %[1]d,
-				"per_page": 1,
-				"total_pages": 2,
-				"count": 1,
-				"total_count": 2
-			}
-		}`, page, packageID)
-
-		page++
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/"+packageID+"/groups", handler)
-
-	want := []WAFGroup{
-		{
-			ID:                 "fake_group_id_1",
-			Name:               "Fake Group Name 1",
-			Description:        "Fake Group Description 1",
-			RulesCount:         11,
-			ModifiedRulesCount: 1,
-			PackageID:          packageID,
-			Mode:               "on",
-			AllowedModes:       []string{"on", "off"},
-		},
-		{
-			ID:                 "fake_group_id_2",
-			Name:               "Fake Group Name 2",
-			Description:        "Fake Group Description 2",
-			RulesCount:         12,
-			ModifiedRulesCount: 2,
-			PackageID:          packageID,
-			Mode:               "on",
-			AllowedModes:       []string{"on", "off"},
-		},
-	}
-
-	d, err := client.ListWAFGroups(context.Background(), testZoneID, packageID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFGroups(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestWAFGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-rule-group-details
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "de677e5818985db1285d0e80225f06e5",
-				"name": "Project Honey Pot",
-				"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-				"rules_count": 10,
-				"modified_rules_count": 2,
-				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"mode": "on",
-				"allowed_modes": [
-					"on",
-					"off"
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups/de677e5818985db1285d0e80225f06e5", handler)
-
-	want := WAFGroup{
-		ID:                 "de677e5818985db1285d0e80225f06e5",
-		Name:               "Project Honey Pot",
-		Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-		RulesCount:         10,
-		ModifiedRulesCount: 2,
-		PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
-		Mode:               "on",
-		AllowedModes:       []string{"on", "off"},
-	}
-
-	d, err := client.WAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "de677e5818985db1285d0e80225f06e5")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.WAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "123")
-	assert.Error(t, err)
-}
-
-func TestUpdateWAFGroup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"mode":"on"}`, string(body), "Expected body '{\"mode\":\"on\"}', got %s", string(body))
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rule-groups-edit-rule-group
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "de677e5818985db1285d0e80225f06e5",
-				"name": "Project Honey Pot",
-				"description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-				"rules_count": 10,
-				"modified_rules_count": 2,
-				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"mode": "on",
-				"allowed_modes": [
-					"on",
-					"off"
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/groups/de677e5818985db1285d0e80225f06e5", handler)
-
-	want := WAFGroup{
-		ID:                 "de677e5818985db1285d0e80225f06e5",
-		Name:               "Project Honey Pot",
-		Description:        "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks",
-		RulesCount:         10,
-		ModifiedRulesCount: 2,
-		PackageID:          "a25a9a7e9c00afc1fb2e0245519d725b",
-		Mode:               "on",
-		AllowedModes:       []string{"on", "off"},
-	}
-
-	d, err := client.UpdateWAFGroup(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "de677e5818985db1285d0e80225f06e5", "on")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-}
-
-func TestListWAFRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-				"id": "f939de3be84e66e757adcdcb87908023",
-				"description": "SQL injection prevention for SELECT statements",
-				"priority": "5",
-				"group": {
-					"id": "de677e5818985db1285d0e80225f06e5",
-					"name": "Project Honey Pot"
-				},
-				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"allowed_modes": [
-					"on",
-					"off"
-				],
-				"mode": "on"
-				}
-			],
-			"result_info": {
-				"page": 1,
-				"per_page": 20,
-				"count": 1,
-				"total_count": 1
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules", handler)
-
-	want := []WAFRule{
-		{
-			ID:          "f939de3be84e66e757adcdcb87908023",
-			Description: "SQL injection prevention for SELECT statements",
-			Priority:    "5",
-			PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
-			Group: struct {
-				ID   string `json:"id"`
-				Name string `json:"name"`
-			}{
-				ID:   "de677e5818985db1285d0e80225f06e5",
-				Name: "Project Honey Pot",
-			},
-			Mode:         "on",
-			DefaultMode:  "",
-			AllowedModes: []string{"on", "off"},
-		},
-	}
-
-	d, err := client.ListWAFRules(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestListWAFRulesMultiplePages(t *testing.T) {
-	setup()
-	defer teardown()
-	packageID := "efgh456"
-
-	page := 1
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		reqURI, err := url.ParseRequestURI(r.RequestURI)
-		assert.NoError(t, err)
-
-		query, err := url.ParseQuery(reqURI.RawQuery)
-		assert.NoError(t, err)
-
-		assert.Equal(t, query, url.Values{"page": []string{strconv.Itoa(page)}, "per_page": []string{"100"}})
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": [
-				{
-				"id": "fake_rule_id_%[1]d",
-				"description": "Fake Rule Description %[1]d",
-				"priority": "%[1]d",
-				"group": {
-					"id": "fake_group_id_%[1]d",
-					"name": "Fake Group Name %[1]d"
-				},
-				"package_id": "%[2]s",
-				"allowed_modes": [
-					"on",
-					"off"
-				],
-				"mode": "on"
-				}
-			],
-			"result_info": {
-				"page": %[1]d,
-				"per_page": 1,
-				"total_pages": 2,
-				"count": 1,
-				"total_count": 2
-			}
-		}`, page, packageID)
-
-		page++
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/"+packageID+"/rules", handler)
-
-	want := []WAFRule{
-		{
-			ID:          "fake_rule_id_1",
-			Description: "Fake Rule Description 1",
-			Priority:    "1",
-			PackageID:   packageID,
-			Group: struct {
-				ID   string `json:"id"`
-				Name string `json:"name"`
-			}{
-				ID:   "fake_group_id_1",
-				Name: "Fake Group Name 1",
-			},
-			Mode:         "on",
-			DefaultMode:  "",
-			AllowedModes: []string{"on", "off"},
-		},
-		{
-			ID:          "fake_rule_id_2",
-			Description: "Fake Rule Description 2",
-			Priority:    "2",
-			PackageID:   packageID,
-			Group: struct {
-				ID   string `json:"id"`
-				Name string `json:"name"`
-			}{
-				ID:   "fake_group_id_2",
-				Name: "Fake Group Name 2",
-			},
-			Mode:         "on",
-			DefaultMode:  "",
-			AllowedModes: []string{"on", "off"},
-		},
-	}
-
-	d, err := client.ListWAFRules(context.Background(), testZoneID, packageID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestWAFRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f939de3be84e66e757adcdcb87908023",
-				"description": "SQL injection prevention for SELECT statements",
-				"priority": "5",
-				"group": {
-					"id": "de677e5818985db1285d0e80225f06e5",
-					"name": "Project Honey Pot"
-				},
-				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"allowed_modes": [
-					"on",
-					"off"
-				],
-				"mode": "on"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules/f939de3be84e66e757adcdcb87908023", handler)
-
-	want := WAFRule{
-		ID:          "f939de3be84e66e757adcdcb87908023",
-		Description: "SQL injection prevention for SELECT statements",
-		Priority:    "5",
-		PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
-		Group: struct {
-			ID   string `json:"id"`
-			Name string `json:"name"`
-		}{
-			ID:   "de677e5818985db1285d0e80225f06e5",
-			Name: "Project Honey Pot",
-		},
-		Mode:         "on",
-		DefaultMode:  "",
-		AllowedModes: []string{"on", "off"},
-	}
-
-	d, err := client.WAFRule(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "f939de3be84e66e757adcdcb87908023")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
-
-func TestUpdateWAFRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		if err != nil {
-			panic(err)
-		}
-		defer r.Body.Close()
-
-		assert.Equal(t, `{"mode":"on"}`, string(body), "Expected method '{\"mode\":\"on\"}', got %s", string(body))
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#waf-rules-properties
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "f939de3be84e66e757adcdcb87908023",
-				"description": "SQL injection prevention for SELECT statements",
-				"priority": "5",
-				"group": {
-					"id": "de677e5818985db1285d0e80225f06e5",
-					"name": "Project Honey Pot"
-				},
-				"package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
-				"allowed_modes": [
-					"on",
-					"off"
-				],
-				"mode": "on"
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/firewall/waf/packages/a25a9a7e9c00afc1fb2e0245519d725b/rules/f939de3be84e66e757adcdcb87908023", handler)
-
-	want := WAFRule{
-		ID:          "f939de3be84e66e757adcdcb87908023",
-		Description: "SQL injection prevention for SELECT statements",
-		Priority:    "5",
-		PackageID:   "a25a9a7e9c00afc1fb2e0245519d725b",
-		Group: struct {
-			ID   string `json:"id"`
-			Name string `json:"name"`
-		}{
-			ID:   "de677e5818985db1285d0e80225f06e5",
-			Name: "Project Honey Pot",
-		},
-		Mode:         "on",
-		DefaultMode:  "",
-		AllowedModes: []string{"on", "off"},
-	}
-
-	d, err := client.UpdateWAFRule(context.Background(), testZoneID, "a25a9a7e9c00afc1fb2e0245519d725b", "f939de3be84e66e757adcdcb87908023", "on")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ListWAFRules(context.Background(), testZoneID, "123")
-	assert.Error(t, err)
-}
diff --git a/pkg/cloudflare-go/waiting_room.go b/pkg/cloudflare-go/waiting_room.go
deleted file mode 100644
index 7bd98d9a33..0000000000
--- a/pkg/cloudflare-go/waiting_room.go
+++ /dev/null
@@ -1,629 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingWaitingRoomID     = errors.New("missing required waiting room ID")
-	ErrMissingWaitingRoomRuleID = errors.New("missing required waiting room rule ID")
-)
-
-// WaitingRoom describes a WaitingRoom object.
-type WaitingRoom struct {
-	CreatedOn                  time.Time           `json:"created_on,omitempty"`
-	ModifiedOn                 time.Time           `json:"modified_on,omitempty"`
-	Path                       string              `json:"path"`
-	Name                       string              `json:"name"`
-	Description                string              `json:"description,omitempty"`
-	QueueingMethod             string              `json:"queueing_method,omitempty"`
-	CustomPageHTML             string              `json:"custom_page_html,omitempty"`
-	DefaultTemplateLanguage    string              `json:"default_template_language,omitempty"`
-	Host                       string              `json:"host"`
-	ID                         string              `json:"id,omitempty"`
-	NewUsersPerMinute          int                 `json:"new_users_per_minute"`
-	TotalActiveUsers           int                 `json:"total_active_users"`
-	SessionDuration            int                 `json:"session_duration"`
-	QueueAll                   bool                `json:"queue_all"`
-	DisableSessionRenewal      bool                `json:"disable_session_renewal"`
-	Suspended                  bool                `json:"suspended"`
-	JsonResponseEnabled        bool                `json:"json_response_enabled"`
-	NextEventPrequeueStartTime *time.Time          `json:"next_event_prequeue_start_time,omitempty"`
-	NextEventStartTime         *time.Time          `json:"next_event_start_time,omitempty"`
-	CookieSuffix               string              `json:"cookie_suffix"`
-	AdditionalRoutes           []*WaitingRoomRoute `json:"additional_routes,omitempty"`
-	QueueingStatusCode         int                 `json:"queueing_status_code"`
-}
-
-// WaitingRoomStatus describes the status of a waiting room.
-type WaitingRoomStatus struct {
-	Status                    string `json:"status"`
-	EventID                   string `json:"event_id"`
-	EstimatedQueuedUsers      int    `json:"estimated_queued_users"`
-	EstimatedTotalActiveUsers int    `json:"estimated_total_active_users"`
-	MaxEstimatedTimeMinutes   int    `json:"max_estimated_time_minutes"`
-}
-
-// WaitingRoomEvent describes a WaitingRoomEvent object.
-type WaitingRoomEvent struct {
-	EventEndTime          time.Time  `json:"event_end_time"`
-	CreatedOn             time.Time  `json:"created_on,omitempty"`
-	ModifiedOn            time.Time  `json:"modified_on,omitempty"`
-	PrequeueStartTime     *time.Time `json:"prequeue_start_time,omitempty"`
-	EventStartTime        time.Time  `json:"event_start_time"`
-	Name                  string     `json:"name"`
-	Description           string     `json:"description,omitempty"`
-	QueueingMethod        string     `json:"queueing_method,omitempty"`
-	ID                    string     `json:"id,omitempty"`
-	CustomPageHTML        string     `json:"custom_page_html,omitempty"`
-	NewUsersPerMinute     int        `json:"new_users_per_minute,omitempty"`
-	TotalActiveUsers      int        `json:"total_active_users,omitempty"`
-	SessionDuration       int        `json:"session_duration,omitempty"`
-	DisableSessionRenewal *bool      `json:"disable_session_renewal,omitempty"`
-	Suspended             bool       `json:"suspended"`
-	ShuffleAtEventStart   bool       `json:"shuffle_at_event_start"`
-}
-
-type WaitingRoomRule struct {
-	ID          string     `json:"id,omitempty"`
-	Version     string     `json:"version,omitempty"`
-	Action      string     `json:"action"`
-	Expression  string     `json:"expression"`
-	Description string     `json:"description"`
-	LastUpdated *time.Time `json:"last_updated,omitempty"`
-	Enabled     *bool      `json:"enabled"`
-}
-
-// WaitingRoomSettings describes zone-level waiting room settings.
-type WaitingRoomSettings struct {
-	// Whether to allow verified search engine crawlers to bypass all waiting rooms on this zone
-	SearchEngineCrawlerBypass bool `json:"search_engine_crawler_bypass"`
-}
-
-// WaitingRoomPagePreviewURL describes a WaitingRoomPagePreviewURL object.
-type WaitingRoomPagePreviewURL struct {
-	PreviewURL string `json:"preview_url"`
-}
-
-// WaitingRoomPagePreviewCustomHTML describes a WaitingRoomPagePreviewCustomHTML object.
-type WaitingRoomPagePreviewCustomHTML struct {
-	CustomHTML string `json:"custom_html"`
-}
-
-// WaitingRoomRoute describes a WaitingRoomRoute object.
-type WaitingRoomRoute struct {
-	Host string `json:"host"`
-	Path string `json:"path"`
-}
-
-// WaitingRoomDetailResponse is the API response, containing a single WaitingRoom.
-type WaitingRoomDetailResponse struct {
-	Response
-	Result WaitingRoom `json:"result"`
-}
-
-// WaitingRoomsResponse is the API response, containing an array of WaitingRooms.
-type WaitingRoomsResponse struct {
-	Response
-	Result []WaitingRoom `json:"result"`
-}
-
-// WaitingRoomSettingsResponse is the API response, containing zone-level Waiting Room settings.
-type WaitingRoomSettingsResponse struct {
-	Response
-	Result WaitingRoomSettings `json:"result"`
-}
-
-// WaitingRoomStatusResponse is the API response, containing the status of a waiting room.
-type WaitingRoomStatusResponse struct {
-	Response
-	Result WaitingRoomStatus `json:"result"`
-}
-
-// WaitingRoomPagePreviewResponse is the API response, containing the URL to a custom waiting room preview.
-type WaitingRoomPagePreviewResponse struct {
-	Response
-	Result WaitingRoomPagePreviewURL `json:"result"`
-}
-
-// WaitingRoomEventDetailResponse is the API response, containing a single WaitingRoomEvent.
-type WaitingRoomEventDetailResponse struct {
-	Response
-	Result WaitingRoomEvent `json:"result"`
-}
-
-// WaitingRoomEventsResponse is the API response, containing an array of WaitingRoomEvents.
-type WaitingRoomEventsResponse struct {
-	Response
-	Result []WaitingRoomEvent `json:"result"`
-}
-
-// WaitingRoomRulesResponse is the API response, containing an array of WaitingRoomRule.
-type WaitingRoomRulesResponse struct {
-	Response
-	Result []WaitingRoomRule `json:"result"`
-}
-
-// CreateWaitingRoom creates a new Waiting Room for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-create-waiting-room
-func (api *API) CreateWaitingRoom(ctx context.Context, zoneID string, waitingRoom WaitingRoom) (*WaitingRoom, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, waitingRoom)
-	if err != nil {
-		return nil, err
-	}
-	var r WaitingRoomDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-// ListWaitingRooms returns all Waiting Room for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-list-waiting-rooms
-func (api *API) ListWaitingRooms(ctx context.Context, zoneID string) ([]WaitingRoom, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []WaitingRoom{}, err
-	}
-	var r WaitingRoomsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// WaitingRoom fetches detail about one Waiting room for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-waiting-room-details
-func (api *API) WaitingRoom(ctx context.Context, zoneID, waitingRoomID string) (WaitingRoom, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WaitingRoom{}, err
-	}
-	var r WaitingRoomDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ChangeWaitingRoom lets you change individual settings for a Waiting room. This is
-// in contrast to UpdateWaitingRoom which replaces the entire Waiting room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-update-waiting-room
-func (api *API) ChangeWaitingRoom(ctx context.Context, zoneID, waitingRoomID string, waitingRoom WaitingRoom) (WaitingRoom, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, waitingRoom)
-	if err != nil {
-		return WaitingRoom{}, err
-	}
-	var r WaitingRoomDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateWaitingRoom lets you replace a Waiting Room. This is in contrast to
-// ChangeWaitingRoom which lets you change individual settings.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-update-waiting-room
-func (api *API) UpdateWaitingRoom(ctx context.Context, zoneID string, waitingRoom WaitingRoom) (WaitingRoom, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoom.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, waitingRoom)
-	if err != nil {
-		return WaitingRoom{}, err
-	}
-	var r WaitingRoomDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoom{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteWaitingRoom deletes a Waiting Room for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-delete-waiting-room
-func (api *API) DeleteWaitingRoom(ctx context.Context, zoneID, waitingRoomID string) error {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r WaitingRoomDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-// WaitingRoomStatus returns the status of one Waiting Room for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-get-waiting-room-status
-func (api *API) WaitingRoomStatus(ctx context.Context, zoneID, waitingRoomID string) (WaitingRoomStatus, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/status", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WaitingRoomStatus{}, err
-	}
-	var r WaitingRoomStatusResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomStatus{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// WaitingRoomPagePreview uploads a custom waiting room page for preview and
-// returns a preview URL.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-create-a-custom-waiting-room-page-preview
-func (api *API) WaitingRoomPagePreview(ctx context.Context, zoneID, customHTML string) (WaitingRoomPagePreviewURL, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/preview", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, WaitingRoomPagePreviewCustomHTML{CustomHTML: customHTML})
-
-	if err != nil {
-		return WaitingRoomPagePreviewURL{}, err
-	}
-	var r WaitingRoomPagePreviewResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomPagePreviewURL{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// CreateWaitingRoomEvent creates a new event for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-create-event
-func (api *API) CreateWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (*WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, waitingRoomEvent)
-	if err != nil {
-		return nil, err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-// ListWaitingRoomEvents returns all Waiting Room Events for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-list-events
-func (api *API) ListWaitingRoomEvents(ctx context.Context, zoneID string, waitingRoomID string) ([]WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events", zoneID, waitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []WaitingRoomEvent{}, err
-	}
-	var r WaitingRoomEventsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// WaitingRoomEvent fetches detail about one Waiting Room Event for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-event-details
-func (api *API) WaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, eventID string) (WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, eventID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WaitingRoomEvent{}, err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// WaitingRoomEventPreview returns an event's configuration as if it was active.
-// Inherited fields from the waiting room will be displayed with their current values.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-preview-active-event-details
-func (api *API) WaitingRoomEventPreview(ctx context.Context, zoneID string, waitingRoomID string, eventID string) (WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s/details", zoneID, waitingRoomID, eventID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WaitingRoomEvent{}, err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ChangeWaitingRoomEvent lets you change individual settings for a Waiting Room Event. This is
-// in contrast to UpdateWaitingRoomEvent which replaces the entire Waiting Room Event.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-patch-event
-func (api *API) ChangeWaitingRoomEvent(ctx context.Context, zoneID, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, waitingRoomEvent.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, waitingRoomEvent)
-	if err != nil {
-		return WaitingRoomEvent{}, err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateWaitingRoomEvent lets you replace a Waiting Room Event. This is in contrast to
-// ChangeWaitingRoomEvent which lets you change individual settings.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-update-event
-func (api *API) UpdateWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, waitingRoomEvent WaitingRoomEvent) (WaitingRoomEvent, error) {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, waitingRoomEvent.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, waitingRoomEvent)
-	if err != nil {
-		return WaitingRoomEvent{}, err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomEvent{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// DeleteWaitingRoomEvent deletes an event for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-delete-event
-func (api *API) DeleteWaitingRoomEvent(ctx context.Context, zoneID string, waitingRoomID string, eventID string) error {
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/events/%s", zoneID, waitingRoomID, eventID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-	var r WaitingRoomEventDetailResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return nil
-}
-
-type ListWaitingRoomRuleParams struct {
-	WaitingRoomID string
-}
-
-type CreateWaitingRoomRuleParams struct {
-	WaitingRoomID string
-	Rule          WaitingRoomRule
-}
-
-type ReplaceWaitingRoomRuleParams struct {
-	WaitingRoomID string
-	Rules         []WaitingRoomRule
-}
-
-type UpdateWaitingRoomRuleParams struct {
-	WaitingRoomID string
-	Rule          WaitingRoomRule
-}
-
-type DeleteWaitingRoomRuleParams struct {
-	WaitingRoomID string
-	RuleID        string
-}
-
-// ListWaitingRoomRules lists all rules for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-list-waiting-room-rules
-func (api *API) ListWaitingRoomRules(ctx context.Context, rc *ResourceContainer, params ListWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
-	if params.WaitingRoomID == "" {
-		return nil, ErrMissingWaitingRoomID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var r WaitingRoomRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// CreateWaitingRoomRule creates a new rule for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-create-waiting-room-rule
-func (api *API) CreateWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params CreateWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
-	if params.WaitingRoomID == "" {
-		return nil, ErrMissingWaitingRoomID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Rule)
-	if err != nil {
-		return nil, err
-	}
-
-	var r WaitingRoomRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// ReplaceWaitingRoomRules replaces all rules for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-replace-waiting-room-rules
-func (api *API) ReplaceWaitingRoomRules(ctx context.Context, rc *ResourceContainer, params ReplaceWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
-	if params.WaitingRoomID == "" {
-		return nil, ErrMissingWaitingRoomID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules", rc.Identifier, params.WaitingRoomID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Rules)
-	if err != nil {
-		return nil, err
-	}
-
-	var r WaitingRoomRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateWaitingRoomRule updates a rule for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-patch-waiting-room-rule
-func (api *API) UpdateWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params UpdateWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
-	if params.WaitingRoomID == "" {
-		return nil, ErrMissingWaitingRoomID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules/%s", rc.Identifier, params.WaitingRoomID, params.Rule.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params.Rule)
-	if err != nil {
-		return nil, err
-	}
-
-	var r WaitingRoomRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DeleteWaitingRoomRule deletes a rule for a Waiting Room.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-delete-waiting-room-rule
-func (api *API) DeleteWaitingRoomRule(ctx context.Context, rc *ResourceContainer, params DeleteWaitingRoomRuleParams) ([]WaitingRoomRule, error) {
-	if params.WaitingRoomID == "" {
-		return nil, ErrMissingWaitingRoomID
-	}
-
-	if params.RuleID == "" {
-		return nil, ErrMissingWaitingRoomRuleID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/%s/rules/%s", rc.Identifier, params.WaitingRoomID, params.RuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	var r WaitingRoomRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// GetWaitingRoomSettings fetches the Waiting Room zone-level settings for a zone.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-get-zone-settings
-func (api *API) GetWaitingRoomSettings(ctx context.Context, rc *ResourceContainer) (WaitingRoomSettings, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WaitingRoomSettings{}, err
-	}
-	var r WaitingRoomSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-type PatchWaitingRoomSettingsParams struct {
-	SearchEngineCrawlerBypass *bool `json:"search_engine_crawler_bypass,omitempty"`
-}
-
-// PatchWaitingRoomSettings lets you change individual zone-level Waiting Room settings. This is
-// in contrast to UpdateWaitingRoomSettings which replaces all settings.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-patch-zone-settings
-func (api *API) PatchWaitingRoomSettings(ctx context.Context, rc *ResourceContainer, params PatchWaitingRoomSettingsParams) (WaitingRoomSettings, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return WaitingRoomSettings{}, err
-	}
-	var r WaitingRoomSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-type UpdateWaitingRoomSettingsParams struct {
-	SearchEngineCrawlerBypass *bool `json:"search_engine_crawler_bypass,omitempty"`
-}
-
-// UpdateWaitingRoomSettings lets you replace all zone-level Waiting Room settings. This is in contrast to
-// PatchWaitingRoomSettings which lets you change individual settings.
-//
-// API reference: https://api.cloudflare.com/#waiting-room-update-zone-settings
-func (api *API) UpdateWaitingRoomSettings(ctx context.Context, rc *ResourceContainer, params UpdateWaitingRoomSettingsParams) (WaitingRoomSettings, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WaitingRoomSettings{}, fmt.Errorf(errInvalidResourceContainerAccess, rc.Level)
-	}
-
-	uri := fmt.Sprintf("/zones/%s/waiting_rooms/settings", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return WaitingRoomSettings{}, err
-	}
-	var r WaitingRoomSettingsResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WaitingRoomSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/waiting_room_test.go b/pkg/cloudflare-go/waiting_room_test.go
deleted file mode 100644
index 4d5ccf00e0..0000000000
--- a/pkg/cloudflare-go/waiting_room_test.go
+++ /dev/null
@@ -1,886 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var waitingRoomID = "699d98642c564d2e855e9661899b7252"
-var waitingRoomEventID = "25756b2dfe6e378a06b033b670413757"
-var waitingRoomRuleID = "25756b2dfe6e378a06b033b670413757"
-var testTimestampWaitingRoom = time.Now().UTC()
-var testTimestampWaitingRoomEvent = time.Now().UTC()
-var testTimestampWaitingRoomEventPrequeue = time.Now().UTC()
-var testTimestampWaitingRoomEventStart = testTimestampWaitingRoomEventPrequeue.Add(5 * time.Minute)
-var testTimestampWaitingRoomEventEnd = testTimestampWaitingRoomEventStart.Add(1 * time.Minute)
-var waitingRoomJSON = fmt.Sprintf(`
-    {
-      "id": "%s",
-      "created_on": "%s",
-      "modified_on": "%s",
-      "name": "production_webinar",
-      "description": "Production - DO NOT MODIFY",
-      "queueing_method": "random",
-      "suspended": false,
-      "host": "shop.example.com",
-      "path": "/shop/checkout",
-      "queue_all": true,
-      "new_users_per_minute": 600,
-      "total_active_users": 1000,
-      "session_duration": 10,
-      "disable_session_renewal": false,
-      "json_response_enabled": true,
-      "custom_page_html": "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}",
-      "default_template_language": "en-US",
-      "next_event_prequeue_start_time": null,
-      "next_event_start_time": "%s",
-	  "cookie_suffix": "example_shop",
-	  "additional_routes": [{"host": "shop2.example.com", "path": "/shop/checkout"}],
-	  "queueing_status_code": 200
-    }
-   `, waitingRoomID, testTimestampWaitingRoom.Format(time.RFC3339Nano), testTimestampWaitingRoom.Format(time.RFC3339Nano),
-	testTimestampWaitingRoomEventStart.Format(time.RFC3339Nano))
-
-var waitingRoomEventJSON = fmt.Sprintf(`
-    {
-      "id": "%s",
-      "created_on": "%s",
-      "modified_on": "%s",
-      "name": "production_webinar_event",
-      "description": "Production event - DO NOT MODIFY",
-      "suspended": false,
-      "prequeue_start_time": "%s",
-      "event_start_time": "%s",
-      "event_end_time": "%s",
-      "shuffle_at_event_start": false,
-      "new_users_per_minute": 2000,
-      "total_active_users": 2500,
-      "session_duration": null,
-      "disable_session_renewal": null,
-      "queueing_method": "random",
-      "custom_page_html": "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Event is prequeueing / Queue all enabled {{/waitTimeKnown}}"
-    }
-   `, waitingRoomEventID, testTimestampWaitingRoomEvent.Format(time.RFC3339Nano),
-	testTimestampWaitingRoomEvent.Format(time.RFC3339Nano),
-	testTimestampWaitingRoomEventPrequeue.Format(time.RFC3339Nano),
-	testTimestampWaitingRoomEventStart.Format(time.RFC3339Nano),
-	testTimestampWaitingRoomEventEnd.Format(time.RFC3339Nano))
-
-var waitingRoomStatusJSON = fmt.Sprintf(`
-    {
-      "status": "queueing",
-      "event_id": "%s",
-      "estimated_queued_users": 10,
-      "estimated_total_active_users": 9,
-      "max_estimated_time_minutes": 5
-    }
-   `, waitingRoomEventID)
-
-var waitingRoomRuleJSON = fmt.Sprintf(`
-{
-  "id": "%s",
-  "version": "1",
-  "description": "bypass ip",
-  "action": "bypass_waiting_room",
-  "expression": "ip.src in {1.2.3.4 5.6.7.8}",
-  "enabled": true,
-  "last_updated": "%s"
-}
-`, waitingRoomRuleID, testTimestampWaitingRoom.Format(time.RFC3339Nano))
-
-var waitingRoomPagePreviewJSON = `
-    {
-      "preview_url": "http://waitingrooms.dev/preview/35af8c12-6d68-4608-babb-b53435a5ddfb"
-    }
-    `
-
-var waitingRoomSettingsJSON = `
-    {
-      "search_engine_crawler_bypass": true
-    }
-   `
-
-var waitingRoom = WaitingRoom{
-	ID:                         waitingRoomID,
-	CreatedOn:                  testTimestampWaitingRoom,
-	ModifiedOn:                 testTimestampWaitingRoom,
-	Name:                       "production_webinar",
-	Description:                "Production - DO NOT MODIFY",
-	QueueingMethod:             "random",
-	Suspended:                  false,
-	Host:                       "shop.example.com",
-	Path:                       "/shop/checkout",
-	QueueAll:                   true,
-	NewUsersPerMinute:          600,
-	TotalActiveUsers:           1000,
-	SessionDuration:            10,
-	DisableSessionRenewal:      false,
-	JsonResponseEnabled:        true,
-	CustomPageHTML:             "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}",
-	DefaultTemplateLanguage:    "en-US",
-	NextEventStartTime:         &testTimestampWaitingRoomEventStart,
-	NextEventPrequeueStartTime: nil,
-	CookieSuffix:               "example_shop",
-	AdditionalRoutes:           []*WaitingRoomRoute{{Host: "shop2.example.com", Path: "/shop/checkout"}},
-	QueueingStatusCode:         200,
-}
-
-var waitingRoomEvent = WaitingRoomEvent{
-	ID:                    waitingRoomEventID,
-	CreatedOn:             testTimestampWaitingRoomEvent,
-	ModifiedOn:            testTimestampWaitingRoomEvent,
-	Name:                  "production_webinar_event",
-	Description:           "Production event - DO NOT MODIFY",
-	Suspended:             false,
-	PrequeueStartTime:     &testTimestampWaitingRoomEventPrequeue,
-	EventStartTime:        testTimestampWaitingRoomEventStart,
-	EventEndTime:          testTimestampWaitingRoomEventEnd,
-	ShuffleAtEventStart:   false,
-	NewUsersPerMinute:     2000,
-	TotalActiveUsers:      2500,
-	SessionDuration:       0,
-	DisableSessionRenewal: nil,
-	QueueingMethod:        "random",
-	CustomPageHTML:        "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Event is prequeueing / Queue all enabled {{/waitTimeKnown}}",
-}
-
-var waitingRoomStatus = WaitingRoomStatus{
-	Status:                    "queueing",
-	EventID:                   waitingRoomEventID,
-	EstimatedQueuedUsers:      10,
-	EstimatedTotalActiveUsers: 9,
-	MaxEstimatedTimeMinutes:   5,
-}
-
-var waitingRoomPagePreview = WaitingRoomPagePreviewURL{
-	PreviewURL: "http://waitingrooms.dev/preview/35af8c12-6d68-4608-babb-b53435a5ddfb",
-}
-
-var waitingRoomRule = WaitingRoomRule{
-	ID:          waitingRoomRuleID,
-	Version:     "1",
-	Action:      "bypass_waiting_room",
-	Expression:  "ip.src in {1.2.3.4 5.6.7.8}",
-	Description: "bypass ip",
-	Enabled:     BoolPtr(true),
-	LastUpdated: &testTimestampWaitingRoom,
-}
-
-var waitingRoomSettings = WaitingRoomSettings{
-	SearchEngineCrawlerBypass: true,
-}
-
-var waitingRoomSettingsUpdate = UpdateWaitingRoomSettingsParams{
-	SearchEngineCrawlerBypass: BoolPtr(true),
-}
-
-var waitingRoomSettingsPatch = PatchWaitingRoomSettingsParams{
-	SearchEngineCrawlerBypass: BoolPtr(true),
-}
-
-func TestListWaitingRooms(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
-	want := []WaitingRoom{waitingRoom}
-
-	actual, err := client.ListWaitingRooms(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListWaitingRoomsNoResult(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": []
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
-	want := []WaitingRoom{}
-
-	actual, err := client.ListWaitingRooms(context.Background(), testZoneID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoom(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
-	want := waitingRoom
-
-	actual, err := client.WaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoomNotFound(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.WriteHeader(http.StatusNotFound)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": null,
-			  "errors": [
-			  	{
-      			"code": 1001,
-      			"message": "Object not found."
-    			}
-    		],
-			  "messages": []
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
-
-	_, err := client.WaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	assert.NotNil(t, err)
-}
-
-func TestCreateWaitingRoom(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
-	want := &waitingRoom
-
-	actual, err := client.CreateWaitingRoom(context.Background(), testZoneID, waitingRoom)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateWaitingRoomError(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.WriteHeader(http.StatusBadRequest)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			 "success": false,
-			 "errors": [
-			  	{
-      			"code": 1002,
-      			"message": "new_users_per_minute must be in range [200, total_active_users]: invalid data"
-    			}
-    		],
-			  "messages": []
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms", handler)
-
-	_, err := client.CreateWaitingRoom(context.Background(), testZoneID, waitingRoom)
-	assert.NotNil(t, err)
-}
-
-func TestUpdateWaitingRoom(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
-	want := waitingRoom
-
-	actual, err := client.UpdateWaitingRoom(context.Background(), testZoneID, waitingRoom)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestChangeWaitingRoom(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
-	want := waitingRoom
-
-	actual, err := client.ChangeWaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", WaitingRoom{TotalActiveUsers: 400})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteWaitingRoom(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-			    "id": "699d98642c564d2e855e9661899b7252"
-			  }
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252", handler)
-
-	err := client.DeleteWaitingRoom(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	assert.NoError(t, err)
-}
-
-func TestWaitingRoomStatus(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomStatusJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/status", handler)
-	want := waitingRoomStatus
-
-	actual, err := client.WaitingRoomStatus(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoomPagePreview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomPagePreviewJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/preview", handler)
-	want := waitingRoomPagePreview
-
-	actual, err := client.WaitingRoomPagePreview(context.Background(), testZoneID, "{{#waitTimeKnown}} {{waitTime}} mins {{/waitTimeKnown}} {{^waitTimeKnown}} Queue all enabled {{/waitTimeKnown}}")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateWaitingRoomEvent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
-	want := &waitingRoomEvent
-
-	actual, err := client.CreateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListWaitingRoomEvents(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
-	want := []WaitingRoomEvent{waitingRoomEvent}
-
-	actual, err := client.ListWaitingRoomEvents(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestListWaitingRoomEventsNoResult(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": []
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events", handler)
-	want := []WaitingRoomEvent{}
-
-	actual, err := client.ListWaitingRoomEvents(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoomEvent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
-	want := waitingRoomEvent
-
-	actual, err := client.WaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoomEventPreview(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757/details", handler)
-	want := waitingRoomEvent
-
-	actual, err := client.WaitingRoomEventPreview(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateWaitingRoomEvent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
-	want := waitingRoomEvent
-
-	actual, err := client.UpdateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestChangeWaitingRoomEvent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomEventJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
-	want := waitingRoomEvent
-
-	actual, err := client.UpdateWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", waitingRoomEvent)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteWaitingRoomEvent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-			    "id": "25756b2dfe6e378a06b033b670413757"
-			  }
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/events/25756b2dfe6e378a06b033b670413757", handler)
-
-	err := client.DeleteWaitingRoomEvent(context.Background(), testZoneID, "699d98642c564d2e855e9661899b7252", "25756b2dfe6e378a06b033b670413757")
-	assert.NoError(t, err)
-}
-
-func TestListWaitingRoomRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomRuleJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
-	want := []WaitingRoomRule{waitingRoomRule}
-
-	actual, err := client.ListWaitingRoomRules(context.Background(), ZoneIdentifier(testZoneID), ListWaitingRoomRuleParams{WaitingRoomID: "699d98642c564d2e855e9661899b7252"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestCreateWaitingRoomRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomRuleJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
-	want := []WaitingRoomRule{waitingRoomRule}
-
-	actual, err := client.CreateWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), CreateWaitingRoomRuleParams{
-		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
-		Rule:          waitingRoomRule,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateWaitingRoomRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomRuleJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules/"+waitingRoomRuleID, handler)
-	want := []WaitingRoomRule{waitingRoomRule}
-
-	actual, err := client.UpdateWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), UpdateWaitingRoomRuleParams{
-		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
-		Rule:          waitingRoomRule,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestDeleteWaitingRoomRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": []
-			}
-		`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules/"+waitingRoomRuleID, handler)
-	want := []WaitingRoomRule{}
-
-	actual, err := client.DeleteWaitingRoomRule(context.Background(), ZoneIdentifier(testZoneID), DeleteWaitingRoomRuleParams{
-		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
-		RuleID:        waitingRoomRuleID,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestReplaceWaitingRoomRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ]
-			}
-		`, waitingRoomRuleJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/699d98642c564d2e855e9661899b7252/rules", handler)
-	want := []WaitingRoomRule{waitingRoomRule}
-
-	actual, err := client.ReplaceWaitingRoomRules(context.Background(), ZoneIdentifier(testZoneID), ReplaceWaitingRoomRuleParams{
-		WaitingRoomID: "699d98642c564d2e855e9661899b7252",
-		Rules:         want,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestWaitingRoomSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomSettingsJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
-	want := waitingRoomSettings
-
-	actual, err := client.GetWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID))
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateWaitingRoomSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomSettingsJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
-	want := waitingRoomSettings
-
-	actual, err := client.UpdateWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID), waitingRoomSettingsUpdate)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestChangeWaitingRoomSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, waitingRoomSettingsJSON)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/waiting_rooms/settings", handler)
-	want := waitingRoomSettings
-
-	actual, err := client.PatchWaitingRoomSettings(context.Background(), ZoneIdentifier(testZoneID), waitingRoomSettingsPatch)
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/web3.go b/pkg/cloudflare-go/web3.go
deleted file mode 100644
index 481a5332b7..0000000000
--- a/pkg/cloudflare-go/web3.go
+++ /dev/null
@@ -1,198 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	// ErrMissingIdentifier is for when identifier is required but missing.
-	ErrMissingIdentifier = errors.New("identifier required but missing")
-	// ErrMissingName is for when name is required but missing.
-	ErrMissingName = errors.New("name required but missing")
-	// ErrMissingTarget is for when target is required but missing.
-	ErrMissingTarget = errors.New("target required but missing")
-)
-
-// Web3Hostname represents a web3 hostname.
-type Web3Hostname struct {
-	ID          string     `json:"id,omitempty"`
-	Name        string     `json:"name,omitempty"`
-	Description string     `json:"description,omitempty"`
-	Status      string     `json:"status,omitempty"`
-	Target      string     `json:"target,omitempty"`
-	Dnslink     string     `json:"dnslink,omitempty"`
-	CreatedOn   *time.Time `json:"created_on,omitempty"`
-	ModifiedOn  *time.Time `json:"modified_on,omitempty"`
-}
-
-// Web3HostnameListParameters represents the parameters for listing web3 hostnames.
-type Web3HostnameListParameters struct {
-	ZoneID string
-}
-
-// Web3HostnameListResponse represents the API response body for listing web3 hostnames.
-type Web3HostnameListResponse struct {
-	Response
-	Result []Web3Hostname `json:"result"`
-}
-
-// Web3HostnameCreateParameters represents the parameters for creating a web3 hostname.
-type Web3HostnameCreateParameters struct {
-	ZoneID      string
-	Name        string `json:"name,omitempty"`
-	Target      string `json:"target,omitempty"`
-	Description string `json:"description,omitempty"`
-	DNSLink     string `json:"dnslink,omitempty"`
-}
-
-// Web3HostnameResponse represents an API response body for a web3 hostname.
-type Web3HostnameResponse struct {
-	Response
-	Result Web3Hostname `json:"result,omitempty"`
-}
-
-// Web3HostnameDetailsParameters represents the parameters for getting a single web3 hostname.
-type Web3HostnameDetailsParameters struct {
-	ZoneID     string
-	Identifier string
-}
-
-// Web3HostnameUpdateParameters represents the parameters for editing a web3 hostname.
-type Web3HostnameUpdateParameters struct {
-	ZoneID      string
-	Identifier  string
-	Description string `json:"description,omitempty"`
-	DNSLink     string `json:"dnslink,omitempty"`
-}
-
-// Web3HostnameDeleteResult represents the result of deleting a web3 hostname.
-type Web3HostnameDeleteResult struct {
-	ID string `json:"id,omitempty"`
-}
-
-// Web3HostnameDeleteResponse represents the API response body for deleting a web3 hostname.
-type Web3HostnameDeleteResponse struct {
-	Response
-	Result Web3HostnameDeleteResult `json:"result,omitempty"`
-}
-
-// ListWeb3Hostnames lists all web3 hostnames.
-//
-// API Reference: https://api.cloudflare.com/#web3-hostname-list-web3-hostnames
-func (api *API) ListWeb3Hostnames(ctx context.Context, params Web3HostnameListParameters) ([]Web3Hostname, error) {
-	if params.ZoneID == "" {
-		return []Web3Hostname{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/web3/hostnames", params.ZoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []Web3Hostname{}, err
-	}
-	var web3ListResponse Web3HostnameListResponse
-	if err := json.Unmarshal(res, &web3ListResponse); err != nil {
-		return []Web3Hostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return web3ListResponse.Result, nil
-}
-
-// CreateWeb3Hostname creates a web3 hostname.
-//
-// API Reference: https://api.cloudflare.com/#web3-hostname-create-web3-hostname
-func (api *API) CreateWeb3Hostname(ctx context.Context, params Web3HostnameCreateParameters) (Web3Hostname, error) {
-	if params.ZoneID == "" {
-		return Web3Hostname{}, ErrMissingZoneID
-	}
-	if params.Name == "" {
-		return Web3Hostname{}, ErrMissingName
-	}
-	if params.Target == "" {
-		return Web3Hostname{}, ErrMissingTarget
-	}
-
-	uri := fmt.Sprintf("/zones/%s/web3/hostnames", params.ZoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return Web3Hostname{}, err
-	}
-	var web3Response Web3HostnameResponse
-	if err := json.Unmarshal(res, &web3Response); err != nil {
-		return Web3Hostname{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return web3Response.Result, nil
-}
-
-// GetWeb3Hostname gets a single web3 hostname by identifier.
-//
-// API Reference: https://api.cloudflare.com/#web3-hostname-web3-hostname-details
-func (api *API) GetWeb3Hostname(ctx context.Context, params Web3HostnameDetailsParameters) (Web3Hostname, error) {
-	if params.ZoneID == "" {
-		return Web3Hostname{}, ErrMissingZoneID
-	}
-	if params.Identifier == "" {
-		return Web3Hostname{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Web3Hostname{}, err
-	}
-	var web3Response Web3HostnameResponse
-	if err := json.Unmarshal(res, &web3Response); err != nil {
-		return Web3Hostname{}, err
-	}
-	return web3Response.Result, nil
-}
-
-// UpdateWeb3Hostname edits a web3 hostname.
-//
-// API Reference: https://api.cloudflare.com/#web3-hostname-edit-web3-hostname
-func (api *API) UpdateWeb3Hostname(ctx context.Context, params Web3HostnameUpdateParameters) (Web3Hostname, error) {
-	if params.ZoneID == "" {
-		return Web3Hostname{}, ErrMissingZoneID
-	}
-	if params.Identifier == "" {
-		return Web3Hostname{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return Web3Hostname{}, err
-	}
-	var web3Response Web3HostnameResponse
-	if err := json.Unmarshal(res, &web3Response); err != nil {
-		return Web3Hostname{}, err
-	}
-	return web3Response.Result, nil
-}
-
-// DeleteWeb3Hostname deletes a web3 hostname.
-//
-// API Reference: https://api.cloudflare.com/#web3-hostname-delete-web3-hostname
-func (api *API) DeleteWeb3Hostname(ctx context.Context, params Web3HostnameDetailsParameters) (Web3HostnameDeleteResult, error) {
-	if params.ZoneID == "" {
-		return Web3HostnameDeleteResult{}, ErrMissingZoneID
-	}
-	if params.Identifier == "" {
-		return Web3HostnameDeleteResult{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/web3/hostnames/%s", params.ZoneID, params.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return Web3HostnameDeleteResult{}, err
-	}
-	var web3Response Web3HostnameDeleteResponse
-	if err := json.Unmarshal(res, &web3Response); err != nil {
-		return Web3HostnameDeleteResult{}, err
-	}
-	return web3Response.Result, nil
-}
diff --git a/pkg/cloudflare-go/web3_test.go b/pkg/cloudflare-go/web3_test.go
deleted file mode 100644
index 690cbccc15..0000000000
--- a/pkg/cloudflare-go/web3_test.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testWeb3HostnameID = "9a7806061c88ada191ed06f989cc3dac"
-
-func createTestWeb3Hostname() Web3Hostname {
-	createdOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	return Web3Hostname{
-		ID:          testWeb3HostnameID,
-		Name:        "gateway.example.com",
-		Description: "This is my IPFS gateway.",
-		Status:      "active",
-		Target:      "ipfs",
-		Dnslink:     "/ipns/onboarding.ipfs.cloudflare.com",
-		CreatedOn:   &createdOn,
-		ModifiedOn:  &modifiedOn,
-	}
-}
-
-func TestListWeb3Hostnames(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": [
-		{
-		  "id": "9a7806061c88ada191ed06f989cc3dac",
-		  "name": "gateway.example.com",
-		  "description": "This is my IPFS gateway.",
-		  "status": "active",
-		  "target": "ipfs",
-		  "dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
-		  "created_on": "2014-01-01T05:20:00.12345Z",
-		  "modified_on": "2014-01-01T05:20:00.12345Z"
-		}
-	  ]
-	}`)
-	})
-
-	_, err := client.ListWeb3Hostnames(context.Background(), Web3HostnameListParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-	out, err := client.ListWeb3Hostnames(context.Background(), Web3HostnameListParameters{ZoneID: testZoneID})
-	assert.NoError(t, err, "Got error listing web3 hostnames")
-	want := createTestWeb3Hostname()
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(out), "length of web3hosts is wrong")
-		assert.Equal(t, want, out[0], "structs not equal")
-	}
-}
-
-func TestCreateWeb3Hostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result":
-		{
-		  "id": "9a7806061c88ada191ed06f989cc3dac",
-		  "name": "gateway.example.com",
-		  "description": "This is my IPFS gateway.",
-		  "status": "active",
-		  "target": "ipfs",
-		  "dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
-		  "created_on": "2014-01-01T05:20:00.12345Z",
-		  "modified_on": "2014-01-01T05:20:00.12345Z"
-		}
-	}`)
-	})
-
-	_, err := client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	_, err = client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingName, err)
-	}
-
-	_, err = client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID, Name: "gateway.example.com"})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingTarget, err)
-	}
-
-	out, err := client.CreateWeb3Hostname(context.Background(), Web3HostnameCreateParameters{ZoneID: testZoneID, Name: "gateway.example.com", Target: "ipfs"})
-	assert.NoError(t, err, "Got error creating web3 hostname")
-	want := createTestWeb3Hostname()
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestGetWeb3Hostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"id": "9a7806061c88ada191ed06f989cc3dac",
-		"name": "gateway.example.com",
-		"description": "This is my IPFS gateway.",
-		"status": "active",
-		"target": "ipfs",
-		"dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
-		"created_on": "2014-01-01T05:20:00.12345Z",
-		"modified_on": "2014-01-01T05:20:00.12345Z"
-	  }
-	}`)
-	})
-	_, err := client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-	_, err = client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingIdentifier, err)
-	}
-
-	out, err := client.GetWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
-	assert.NoError(t, err, "Got error getting web3 hostname")
-	want := createTestWeb3Hostname()
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestUpdateWeb3Hostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"id": "9a7806061c88ada191ed06f989cc3dac",
-		"name": "gateway.example.com",
-		"description": "This is my IPFS gateway.",
-		"status": "active",
-		"target": "ipfs",
-		"dnslink": "/ipns/onboarding.ipfs.cloudflare.com",
-		"created_on": "2014-01-01T05:20:00.12345Z",
-		"modified_on": "2014-01-01T05:20:00.12345Z"
-	  }
-	}`)
-	})
-	_, err := client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-	_, err = client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{ZoneID: testZoneID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingIdentifier, err)
-	}
-
-	out, err := client.UpdateWeb3Hostname(context.Background(), Web3HostnameUpdateParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
-	assert.NoError(t, err, "Got error getting web3 hostname")
-	want := createTestWeb3Hostname()
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out, "structs not equal")
-	}
-}
-
-func TestDeleteWeb3Hostname(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/web3/hostnames/%s", testZoneID, testWeb3HostnameID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"id": "9a7806061c88ada191ed06f989cc3dac"
-	  }
-	}
-	`)
-	})
-	_, err := client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-	_, err = client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingIdentifier, err)
-	}
-
-	out, err := client.DeleteWeb3Hostname(context.Background(), Web3HostnameDetailsParameters{ZoneID: testZoneID, Identifier: testWeb3HostnameID})
-	assert.NoError(t, err, "Got error deleting web3 hostname")
-	if assert.NoError(t, err) {
-		assert.Equal(t, testWeb3HostnameID, out.ID, "delete web3 response incorrect")
-	}
-}
diff --git a/pkg/cloudflare-go/web_analytics.go b/pkg/cloudflare-go/web_analytics.go
deleted file mode 100644
index 9f3041f1a3..0000000000
--- a/pkg/cloudflare-go/web_analytics.go
+++ /dev/null
@@ -1,411 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingWebAnalyticsSiteTag     = errors.New("missing required web analytics site ID")
-	ErrMissingWebAnalyticsRulesetID   = errors.New("missing required web analytics ruleset ID")
-	ErrMissingWebAnalyticsRuleID      = errors.New("missing required web analytics rule ID")
-	ErrMissingWebAnalyticsSiteHost    = errors.New("missing required web analytics host or zone_tag")
-	ErrConflictingWebAnalyticSiteHost = errors.New("conflicting web analytics host and zone_tag, only one must be specified")
-)
-
-// listWebAnalyticsSitesDefaultPageSize represents the default per_pagesize of the API.
-var listWebAnalyticsSitesDefaultPageSize = 10
-
-// WebAnalyticsSite describes a Web Analytics Site object.
-type WebAnalyticsSite struct {
-	SiteTag   string     `json:"site_tag"`
-	SiteToken string     `json:"site_token"`
-	Created   *time.Time `json:"created,omitempty"`
-	// Snippet is an encoded JS script to insert into your site HTML.
-	Snippet string `json:"snippet"`
-	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
-	AutoInstall bool                `json:"auto_install"`
-	Ruleset     WebAnalyticsRuleset `json:"ruleset"`
-	Rules       []WebAnalyticsRule  `json:"rules"`
-}
-
-// WebAnalyticsRule describes a Web Analytics Rule object.
-type WebAnalyticsRule struct {
-	ID    string   `json:"id,omitempty"`
-	Host  string   `json:"host"`
-	Paths []string `json:"paths"`
-	// Inclusive defines whether the rule includes or excludes the matched traffic from being measured in web analytics.
-	Inclusive bool       `json:"inclusive"`
-	Created   *time.Time `json:"created,omitempty"`
-	// IsPaused defines whether the rule is paused (inactive) or not.
-	IsPaused bool `json:"is_paused"`
-	Priority int  `json:"priority,omitempty"`
-}
-
-// CreateWebAnalyticsRule describes the properties required to create or update a Web Analytics Rule object.
-type CreateWebAnalyticsRule struct {
-	ID    string   `json:"id,omitempty"`
-	Host  string   `json:"host"`
-	Paths []string `json:"paths"`
-	// Inclusive defines whether the rule includes or excludes the matched traffic from being measured in web analytics.
-	Inclusive bool `json:"inclusive"`
-	IsPaused  bool `json:"is_paused"`
-}
-
-// WebAnalyticsRuleset describes a Web Analytics Ruleset object.
-type WebAnalyticsRuleset struct {
-	ID       string `json:"id"`
-	ZoneTag  string `json:"zone_tag"`
-	ZoneName string `json:"zone_name"`
-	Enabled  bool   `json:"enabled"`
-}
-
-// WebAnalyticsSiteResponse is the API response, containing a single WebAnalyticsSite.
-type WebAnalyticsSiteResponse struct {
-	Response
-	Result WebAnalyticsSite `json:"result"`
-}
-
-// WebAnalyticsSitesResponse is the API response, containing an array of WebAnalyticsSite.
-type WebAnalyticsSitesResponse struct {
-	Response
-	ResultInfo ResultInfo         `json:"result_info"`
-	Result     []WebAnalyticsSite `json:"result"`
-}
-
-// WebAnalyticsRuleResponse is the API response, containing a single WebAnalyticsRule.
-type WebAnalyticsRuleResponse struct {
-	Response
-	Result WebAnalyticsRule `json:"result"`
-}
-
-type WebAnalyticsRulesetRules struct {
-	Ruleset WebAnalyticsRuleset `json:"ruleset"`
-	Rules   []WebAnalyticsRule  `json:"rules"`
-}
-
-// WebAnalyticsRulesResponse is the API response, containing a WebAnalyticsRuleset and array of WebAnalyticsRule.
-type WebAnalyticsRulesResponse struct {
-	Response
-	Result WebAnalyticsRulesetRules `json:"result"`
-}
-
-// WebAnalyticsIDResponse is the API response, containing a single ID.
-type WebAnalyticsIDResponse struct {
-	Response
-	Result struct {
-		ID string `json:"id"`
-	} `json:"result"`
-}
-
-// WebAnalyticsSiteTagResponse is the API response, containing a single ID.
-type WebAnalyticsSiteTagResponse struct {
-	Response
-	Result struct {
-		SiteTag string `json:"site_tag"`
-	} `json:"result"`
-}
-
-type CreateWebAnalyticsSiteParams struct {
-	// Host is the host to measure traffic for.
-	Host string `json:"host,omitempty"`
-	// ZoneTag is the zone tag to measure traffic for.
-	ZoneTag string `json:"zone_tag,omitempty"`
-	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
-	AutoInstall *bool `json:"auto_install"`
-}
-
-// CreateWebAnalyticsSite creates a new Web Analytics Site for an Account.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-create-site
-func (api *API) CreateWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params CreateWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.Host == "" && params.ZoneTag == "" {
-		return nil, ErrMissingWebAnalyticsSiteHost
-	}
-	if params.Host != "" && params.ZoneTag != "" {
-		return nil, ErrConflictingWebAnalyticSiteHost
-	}
-	if params.AutoInstall == nil {
-		// default auto_install to true for orange-clouded zones (zone_tag is specified)
-		params.AutoInstall = BoolPtr(params.ZoneTag != "")
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/site_info", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsSiteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type ListWebAnalyticsSitesParams struct {
-	ResultInfo
-	// Property to order Sites by, "host" or "created".
-	OrderBy string `url:"order_by,omitempty"`
-}
-
-// ListWebAnalyticsSites returns all Web Analytics Sites of an Account.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-list-sites
-func (api *API) ListWebAnalyticsSites(ctx context.Context, rc *ResourceContainer, params ListWebAnalyticsSitesParams) ([]WebAnalyticsSite, *ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, nil, ErrRequiredAccountLevelResourceContainer
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = listWebAnalyticsSitesDefaultPageSize
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var sites []WebAnalyticsSite
-	var lastResultInfo ResultInfo
-
-	for {
-		uri := buildURI(fmt.Sprintf("/accounts/%s/rum/site_info/list", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return nil, nil, err
-		}
-		var r WebAnalyticsSitesResponse
-		err = json.Unmarshal(res, &r)
-		if err != nil {
-			return nil, nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		sites = append(sites, r.Result...)
-		lastResultInfo = r.ResultInfo
-		params.ResultInfo = r.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return sites, &lastResultInfo, nil
-}
-
-type GetWebAnalyticsSiteParams struct {
-	SiteTag string
-}
-
-// GetWebAnalyticsSite fetches detail about one Web Analytics Site for an Account.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-get-site
-func (api *API) GetWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params GetWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.SiteTag == "" {
-		return nil, ErrMissingWebAnalyticsSiteTag
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsSiteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type UpdateWebAnalyticsSiteParams struct {
-	SiteTag string `json:"-"`
-	// Host is the host to measure traffic for.
-	Host string `json:"host,omitempty"`
-	// ZoneTag is the zone tag to measure traffic for.
-	ZoneTag string `json:"zone_tag,omitempty"`
-	// AutoInstall defines whether Cloudflare will inject the JS snippet automatically for orange-clouded sites.
-	AutoInstall *bool `json:"auto_install"`
-}
-
-// UpdateWebAnalyticsSite updates an existing Web Analytics Site for an Account.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-update-site
-func (api *API) UpdateWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params UpdateWebAnalyticsSiteParams) (*WebAnalyticsSite, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.SiteTag == "" {
-		return nil, ErrMissingWebAnalyticsSiteTag
-	}
-	if params.AutoInstall == nil {
-		// default auto_install to true for orange-clouded zones (zone_tag is specified)
-		params.AutoInstall = BoolPtr(params.ZoneTag != "")
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsSiteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type DeleteWebAnalyticsSiteParams struct {
-	SiteTag string
-}
-
-// DeleteWebAnalyticsSite deletes an existing Web Analytics Site for an Account.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-delete-site
-func (api *API) DeleteWebAnalyticsSite(ctx context.Context, rc *ResourceContainer, params DeleteWebAnalyticsSiteParams) (*string, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.SiteTag == "" {
-		return nil, ErrMissingWebAnalyticsSiteTag
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/site_info/%s", rc.Identifier, params.SiteTag)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsSiteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result.SiteTag, nil
-}
-
-type CreateWebAnalyticsRuleParams struct {
-	RulesetID string
-	Rule      CreateWebAnalyticsRule
-}
-
-// CreateWebAnalyticsRule creates a new Web Analytics Rule in a Web Analytics ruleset.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-create-rule
-func (api *API) CreateWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params CreateWebAnalyticsRuleParams) (*WebAnalyticsRule, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.RulesetID == "" {
-		return nil, ErrMissingWebAnalyticsRulesetID
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule", rc.Identifier, params.RulesetID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Rule)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type ListWebAnalyticsRulesParams struct {
-	RulesetID string
-}
-
-// ListWebAnalyticsRules fetches all Web Analytics Rules in a Web Analytics ruleset.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-list-rules
-func (api *API) ListWebAnalyticsRules(ctx context.Context, rc *ResourceContainer, params ListWebAnalyticsRulesParams) (*WebAnalyticsRulesetRules, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.RulesetID == "" {
-		return nil, ErrMissingWebAnalyticsRulesetID
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rules", rc.Identifier, params.RulesetID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsRulesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
-
-type DeleteWebAnalyticsRuleParams struct {
-	RulesetID string
-	RuleID    string
-}
-
-// DeleteWebAnalyticsRule deletes an existing Web Analytics Rule from a Web Analytics ruleset.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-delete-rule
-func (api *API) DeleteWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params DeleteWebAnalyticsRuleParams) (*string, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.RulesetID == "" {
-		return nil, ErrMissingWebAnalyticsRulesetID
-	}
-	if params.RuleID == "" {
-		return nil, ErrMissingWebAnalyticsRuleID
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule/%s", rc.Identifier, params.RulesetID, params.RuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsIDResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result.ID, nil
-}
-
-type UpdateWebAnalyticsRuleParams struct {
-	RulesetID string
-	RuleID    string
-	Rule      CreateWebAnalyticsRule
-}
-
-// UpdateWebAnalyticsRule updates a Web Analytics Rule in a Web Analytics ruleset.
-//
-// API reference: https://api.cloudflare.com/#web-analytics-update-rule
-func (api *API) UpdateWebAnalyticsRule(ctx context.Context, rc *ResourceContainer, params UpdateWebAnalyticsRuleParams) (*WebAnalyticsRule, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-	if params.RulesetID == "" {
-		return nil, ErrMissingWebAnalyticsRulesetID
-	}
-	if params.RuleID == "" {
-		return nil, ErrMissingWebAnalyticsRuleID
-	}
-	uri := fmt.Sprintf("/accounts/%s/rum/v2/%s/rule/%s", rc.Identifier, params.RulesetID, params.RuleID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Rule)
-	if err != nil {
-		return nil, err
-	}
-	var r WebAnalyticsRuleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return &r.Result, nil
-}
diff --git a/pkg/cloudflare-go/web_analytics_test.go b/pkg/cloudflare-go/web_analytics_test.go
deleted file mode 100644
index cbacbb2ded..0000000000
--- a/pkg/cloudflare-go/web_analytics_test.go
+++ /dev/null
@@ -1,385 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var siteTag = "46c32e0ea0e85e90aa1a6df4596b831e"
-var siteToken = "75300e6c2c5648d983fcef2a6c03d14e"
-var rulesetID = "2e8804e9-674f-4652-94a4-1c664d0d6764"
-var ruleID = "3caf59c9-eda3-4f99-a4a3-ee5fc2358a78"
-
-// var snippetFormat = `\u003c!-- Cloudflare Web Analytics --\u003e\u003cscript defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{\"token\": \"%s\"}'\u003e\u003c/script\u003e\u003c!-- End Cloudflare Web Analytics --\u003e`.
-var snippetFormat = `%s`
-var createdTimestamp = time.Now().UTC()
-var siteJSON = fmt.Sprintf(`
-{
-  "site_tag": "%s",
-  "site_token": "%s",
-  "created": "%s",
-  "snippet": "%s",
-  "auto_install": true,
-  "ruleset": {
-    "zone_tag": "%s",
-    "zone_name": "example.com",
-    "enabled": true,
-    "id": "%s"
-  },
-  "rules": [
-    {
-      "host": "example.com",
-      "paths": [
-        "*"
-      ],
-      "inclusive": true,
-      "created": "%s",
-      "is_paused": false,
-      "priority": 1000,
-      "id": "%s"
-    }
-  ]
-}
-`, siteTag, siteToken, createdTimestamp.Format(time.RFC3339Nano), fmt.Sprintf(snippetFormat, siteToken), testZoneID, rulesetID, createdTimestamp.Format(time.RFC3339Nano), ruleID)
-
-var rulesetJSON = fmt.Sprintf(`
-{
-  "id": "%s",
-  "zone_tag": "%s",
-  "zone_name": "%s",
-  "enabled": true
-}
-`, rulesetID, testZoneID, "example.com")
-
-var ruleJSON = fmt.Sprintf(`
-{
-  "id": "%s",
-  "host": "example.com",
-  "paths": [
-    "*"
-  ],
-  "inclusive": true,
-  "created": "%s",
-  "is_paused": false,
-  "priority": 1000
-}
-`, ruleID, createdTimestamp.Format(time.RFC3339Nano))
-
-var site = WebAnalyticsSite{
-	SiteTag:     siteTag,
-	SiteToken:   siteToken,
-	AutoInstall: true,
-	Snippet:     fmt.Sprintf(snippetFormat, siteToken),
-	Ruleset:     ruleset,
-	Rules: []WebAnalyticsRule{
-		rule,
-	},
-	Created: TimePtr(createdTimestamp.UTC()),
-}
-
-var ruleset = WebAnalyticsRuleset{
-	ID:       rulesetID,
-	ZoneTag:  testZoneID,
-	ZoneName: "example.com",
-	Enabled:  true,
-}
-
-var rule = WebAnalyticsRule{
-	ID:   ruleID,
-	Host: "example.com",
-	Paths: []string{
-		"*",
-	},
-	Inclusive: true,
-	Created:   TimePtr(createdTimestamp.UTC()),
-	IsPaused:  false,
-	Priority:  1000,
-}
-
-func TestListWebAnalyticsSites(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "1", r.URL.Query().Get("page"))
-		assert.Equal(t, "10", r.URL.Query().Get("per_page"))
-		assert.Equal(t, "host", r.URL.Query().Get("order_by"))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": [
-			    %s
-			  ],
-              "result_info": {
-                "page": 1,
-                "per_page": 10,
-                "count": 1,
-                "total_count": 1,
-                "total_pages": 1
-              }
-			}
-		`, siteJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/list", handler)
-	want := []WebAnalyticsSite{site}
-	actual, resultInfo, err := client.ListWebAnalyticsSites(context.Background(), AccountIdentifier(testAccountID), ListWebAnalyticsSitesParams{
-		ResultInfo: ResultInfo{
-			Page:    0,
-			PerPage: 0,
-		},
-		OrderBy: "host",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-		assert.Equal(t, &ResultInfo{
-			Page:       1,
-			PerPage:    10,
-			TotalPages: 1,
-			Count:      1,
-			Total:      1,
-		}, resultInfo)
-		assert.Len(t, actual, 1)
-	}
-}
-
-func TestGetWebAnalyticsSite(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, siteJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
-	want := site
-	actual, err := client.GetWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), GetWebAnalyticsSiteParams{
-		SiteTag: siteTag,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestCreateWebAnalyticsSite(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		body, err := io.ReadAll(r.Body)
-		assert.NoError(t, err)
-		assert.True(t, strings.Contains(string(body), `"auto_install":true`))
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, siteJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info", handler)
-	want := site
-	actual, err := client.CreateWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), CreateWebAnalyticsSiteParams{
-		ZoneTag: testZoneID,
-		//AutoInstall: BoolPtr(true),  // should default to true
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestUpdateWebAnalyticsSite(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, siteJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
-	want := site
-	actual, err := client.UpdateWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), UpdateWebAnalyticsSiteParams{
-		SiteTag:     site.SiteTag,
-		Host:        "example.com",
-		AutoInstall: BoolPtr(true),
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestDeleteWebAnalyticsSite(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-                "site_tag": "%s"
-              }
-			}
-		`, siteTag)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/site_info/"+siteTag, handler)
-	want := siteTag
-	actual, err := client.DeleteWebAnalyticsSite(context.Background(), AccountIdentifier(testAccountID), DeleteWebAnalyticsSiteParams{
-		SiteTag: siteTag,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestListWebAnalyticsRules(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-                "ruleset": %s,
-                "rules": [
-                  %s
-                ]
-              }
-			}
-		`, rulesetJSON, ruleJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rules", handler)
-	want := WebAnalyticsRulesetRules{
-		Ruleset: ruleset,
-		Rules:   []WebAnalyticsRule{rule},
-	}
-	actual, err := client.ListWebAnalyticsRules(context.Background(), AccountIdentifier(testAccountID), ListWebAnalyticsRulesParams{
-		RulesetID: rulesetID,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestCreateWebAnalyticsRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, ruleJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule", handler)
-	want := rule
-	actual, err := client.CreateWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), CreateWebAnalyticsRuleParams{
-		RulesetID: rulesetID,
-		Rule: CreateWebAnalyticsRule{
-			Host:      "example.com",
-			Paths:     []string{"*"},
-			Inclusive: true,
-			IsPaused:  false,
-		},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestUpdateWebAnalyticsRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": %s
-			}
-		`, ruleJSON)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule/"+ruleID, handler)
-	want := rule
-	actual, err := client.UpdateWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), UpdateWebAnalyticsRuleParams{
-		RulesetID: rulesetID,
-		RuleID:    ruleID,
-		Rule: CreateWebAnalyticsRule{
-			Host:      "example.com",
-			Paths:     []string{"*"},
-			Inclusive: true,
-			IsPaused:  false,
-		},
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
-
-func TestDeleteWebAnalyticsRule(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			  "success": true,
-			  "errors": [],
-			  "messages": [],
-			  "result": {
-                "id": "%s"
-              }
-			}
-		`, ruleID)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/rum/v2/"+rulesetID+"/rule/"+ruleID, handler)
-	want := ruleID
-	actual, err := client.DeleteWebAnalyticsRule(context.Background(), AccountIdentifier(testAccountID), DeleteWebAnalyticsRuleParams{
-		RulesetID: rulesetID,
-		RuleID:    ruleID,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, &want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/workers.go b/pkg/cloudflare-go/workers.go
deleted file mode 100644
index 2ffc492dde..0000000000
--- a/pkg/cloudflare-go/workers.go
+++ /dev/null
@@ -1,631 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"mime"
-	"mime/multipart"
-	"net/http"
-	"net/textproto"
-	"strings"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// WorkerRequestParams provides parameters for worker requests for both enterprise and standard requests.
-type WorkerRequestParams struct {
-	ZoneID     string
-	ScriptName string
-}
-
-type CreateWorkerParams struct {
-	ScriptName string
-	Script     string
-
-	// DispatchNamespaceName uploads the worker to a WFP dispatch namespace if provided
-	DispatchNamespaceName *string
-
-	// Module changes the Content-Type header to specify the script is an
-	// ES Module syntax script.
-	Module bool
-
-	// Logpush opts the worker into Workers Logpush logging. A nil value leaves
-	// the current setting unchanged.
-	//
-	// Documentation: https://developers.cloudflare.com/workers/platform/logpush/
-	Logpush *bool
-
-	// TailConsumers specifies a list of Workers that will consume the logs of
-	// the attached Worker.
-	// Documentation: https://developers.cloudflare.com/workers/platform/tail-workers/
-	TailConsumers *[]WorkersTailConsumer
-
-	// Bindings should be a map where the keys are the binding name, and the
-	// values are the binding content
-	Bindings map[string]WorkerBinding
-
-	// CompatibilityDate is a date in the form yyyy-mm-dd,
-	// which will be used to determine which version of the Workers runtime is used.
-	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/
-	CompatibilityDate string
-
-	// CompatibilityFlags are the names of features of the Workers runtime to be enabled or disabled,
-	// usually used together with CompatibilityDate.
-	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/#compatibility-flags
-	CompatibilityFlags []string
-
-	Placement *Placement
-
-	// Tags are used to better manage CRUD operations at scale.
-	//  https://developers.cloudflare.com/cloudflare-for-platforms/workers-for-platforms/platform/tags/
-	Tags []string
-}
-
-func (p CreateWorkerParams) RequiresMultipart() bool {
-	switch {
-	case p.Module:
-		return true
-	case p.Logpush != nil:
-		return true
-	case p.Placement != nil:
-		return true
-	case len(p.Bindings) > 0:
-		return true
-	case p.CompatibilityDate != "":
-		return true
-	case len(p.CompatibilityFlags) > 0:
-		return true
-	case p.TailConsumers != nil:
-		return true
-	case len(p.Tags) > 0:
-		return true
-	}
-
-	return false
-}
-
-type UpdateWorkersScriptContentParams struct {
-	ScriptName string
-	Script     string
-
-	// DispatchNamespaceName uploads the worker to a WFP dispatch namespace if provided
-	DispatchNamespaceName *string
-
-	// Module changes the Content-Type header to specify the script is an
-	// ES Module syntax script.
-	Module bool
-}
-
-type UpdateWorkersScriptSettingsParams struct {
-	ScriptName string
-
-	// Logpush opts the worker into Workers Logpush logging. A nil value leaves
-	// the current setting unchanged.
-	//
-	// Documentation: https://developers.cloudflare.com/workers/platform/logpush/
-	Logpush *bool
-
-	// TailConsumers specifies a list of Workers that will consume the logs of
-	// the attached Worker.
-	// Documentation: https://developers.cloudflare.com/workers/platform/tail-workers/
-	TailConsumers *[]WorkersTailConsumer
-
-	// Bindings should be a map where the keys are the binding name, and the
-	// values are the binding content
-	Bindings map[string]WorkerBinding
-
-	// CompatibilityDate is a date in the form yyyy-mm-dd,
-	// which will be used to determine which version of the Workers runtime is used.
-	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/
-	CompatibilityDate string
-
-	// CompatibilityFlags are the names of features of the Workers runtime to be enabled or disabled,
-	// usually used together with CompatibilityDate.
-	//  https://developers.cloudflare.com/workers/platform/compatibility-dates/#compatibility-flags
-	CompatibilityFlags []string
-
-	Placement *Placement
-}
-
-// WorkerScriptParams provides a worker script and the associated bindings.
-type WorkerScriptParams struct {
-	ScriptName string
-
-	// Module changes the Content-Type header to specify the script is an
-	// ES Module syntax script.
-	Module bool
-
-	// Bindings should be a map where the keys are the binding name, and the
-	// values are the binding content
-	Bindings map[string]WorkerBinding
-}
-
-// WorkerRoute is used to map traffic matching a URL pattern to a workers
-//
-// API reference: https://api.cloudflare.com/#worker-routes-properties
-type WorkerRoute struct {
-	ID         string `json:"id,omitempty"`
-	Pattern    string `json:"pattern"`
-	ScriptName string `json:"script,omitempty"`
-}
-
-// WorkerRoutesResponse embeds Response struct and slice of WorkerRoutes.
-type WorkerRoutesResponse struct {
-	Response
-	Routes []WorkerRoute `json:"result"`
-}
-
-// WorkerRouteResponse embeds Response struct and a single WorkerRoute.
-type WorkerRouteResponse struct {
-	Response
-	WorkerRoute `json:"result"`
-}
-
-// WorkerScript Cloudflare Worker struct with metadata.
-type WorkerScript struct {
-	WorkerMetaData
-	Script     string `json:"script"`
-	UsageModel string `json:"usage_model,omitempty"`
-}
-
-type WorkersTailConsumer struct {
-	Service     string  `json:"service"`
-	Environment *string `json:"environment,omitempty"`
-	Namespace   *string `json:"namespace,omitempty"`
-}
-
-// WorkerMetaData contains worker script information such as size, creation & modification dates.
-type WorkerMetaData struct {
-	ID               string                 `json:"id,omitempty"`
-	ETAG             string                 `json:"etag,omitempty"`
-	Size             int                    `json:"size,omitempty"`
-	CreatedOn        time.Time              `json:"created_on,omitempty"`
-	ModifiedOn       time.Time              `json:"modified_on,omitempty"`
-	Logpush          *bool                  `json:"logpush,omitempty"`
-	TailConsumers    *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
-	LastDeployedFrom *string                `json:"last_deployed_from,omitempty"`
-	DeploymentId     *string                `json:"deployment_id,omitempty"`
-	PlacementMode    *PlacementMode         `json:"placement_mode,omitempty"`
-	PipelineHash     *string                `json:"pipeline_hash,omitempty"`
-}
-
-// WorkerListResponse wrapper struct for API response to worker script list API call.
-type WorkerListResponse struct {
-	Response
-	ResultInfo
-	WorkerList []WorkerMetaData `json:"result"`
-}
-
-// WorkerScriptResponse wrapper struct for API response to worker script calls.
-type WorkerScriptResponse struct {
-	Response
-	Module       bool
-	WorkerScript `json:"result"`
-}
-
-// WorkerScriptSettingsResponse wrapper struct for API response to worker script settings calls.
-type WorkerScriptSettingsResponse struct {
-	Response
-	WorkerMetaData
-}
-
-type ListWorkersParams struct{}
-
-type DeleteWorkerParams struct {
-	ScriptName string
-
-	// DispatchNamespaceName is the dispatch namespace the Worker is uploaded to.
-	DispatchNamespace *string
-}
-
-type PlacementMode string
-
-const (
-	PlacementModeOff   PlacementMode = ""
-	PlacementModeSmart PlacementMode = "smart"
-)
-
-type Placement struct {
-	Mode PlacementMode `json:"mode"`
-}
-
-// DeleteWorker deletes a single Worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-delete-worker
-func (api *API) DeleteWorker(ctx context.Context, rc *ResourceContainer, params DeleteWorkerParams) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, params.ScriptName)
-	if params.DispatchNamespace != nil && *params.DispatchNamespace != "" {
-		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s", rc.Identifier, *params.DispatchNamespace, params.ScriptName)
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	var r WorkerScriptResponse
-	if err != nil {
-		return err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
-
-// GetWorker fetch raw script content for your worker returns string containing
-// worker code js.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-download-worker
-func (api *API) GetWorker(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkerScriptResponse, error) {
-	return api.GetWorkerWithDispatchNamespace(ctx, rc, scriptName, "")
-}
-
-// GetWorker fetch raw script content for your worker returns string containing
-// worker code js.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-download-worker
-func (api *API) GetWorkerWithDispatchNamespace(ctx context.Context, rc *ResourceContainer, scriptName string, dispatchNamespace string) (WorkerScriptResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerScriptResponse{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, scriptName)
-	if dispatchNamespace != "" {
-		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s/content", rc.Identifier, dispatchNamespace, scriptName)
-	}
-	res, err := api.makeRequestContextWithHeadersComplete(ctx, http.MethodGet, uri, nil, nil)
-	var r WorkerScriptResponse
-	if err != nil {
-		return r, err
-	}
-
-	// Check if the response type is multipart, in which case this was a module worker
-	mediaType, mediaParams, _ := mime.ParseMediaType(res.Headers.Get("content-type"))
-	if strings.HasPrefix(mediaType, "multipart/") {
-		bytesReader := bytes.NewReader(res.Body)
-		mimeReader := multipart.NewReader(bytesReader, mediaParams["boundary"])
-		mimePart, err := mimeReader.NextPart()
-		if err != nil {
-			return r, fmt.Errorf("could not get multipart response body: %w", err)
-		}
-		mimePartBody, err := io.ReadAll(mimePart)
-		if err != nil {
-			return r, fmt.Errorf("could not read multipart response body: %w", err)
-		}
-		r.Script = string(mimePartBody)
-		r.Module = true
-	} else {
-		r.Script = string(res.Body)
-		r.Module = false
-	}
-
-	r.Success = true
-	return r, nil
-}
-
-// ListWorkers returns list of Workers for given account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-list-workers
-func (api *API) ListWorkers(ctx context.Context, rc *ResourceContainer, params ListWorkersParams) (WorkerListResponse, *ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerListResponse{}, &ResultInfo{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerListResponse{}, &ResultInfo{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkerListResponse{}, &ResultInfo{}, err
-	}
-
-	var r WorkerListResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerListResponse{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r, &r.ResultInfo, nil
-}
-
-// UploadWorker pushes raw script content for your Worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-upload-worker-module
-func (api *API) UploadWorker(ctx context.Context, rc *ResourceContainer, params CreateWorkerParams) (WorkerScriptResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerScriptResponse{}, ErrMissingAccountID
-	}
-
-	body := []byte(params.Script)
-	var (
-		contentType = "application/javascript"
-		err         error
-	)
-
-	if params.RequiresMultipart() {
-		contentType, body, err = formatMultipartBody(params)
-		if err != nil {
-			return WorkerScriptResponse{}, err
-		}
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s", rc.Identifier, params.ScriptName)
-	if params.DispatchNamespaceName != nil && *params.DispatchNamespaceName != "" {
-		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s", rc.Identifier, *params.DispatchNamespaceName, params.ScriptName)
-	}
-
-	headers := make(http.Header)
-	headers.Set("Content-Type", contentType)
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, body, headers)
-
-	var r WorkerScriptResponse
-	if err != nil {
-		return r, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r, nil
-}
-
-// GetWorkersScriptContent returns the pure script content of a worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-get-content
-func (api *API) GetWorkersScriptContent(ctx context.Context, rc *ResourceContainer, scriptName string) (string, error) {
-	if rc.Level != AccountRouteLevel {
-		return "", ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return "", ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/content/v2", rc.Identifier, scriptName)
-	res, err := api.makeRequestContextWithHeadersComplete(ctx, http.MethodGet, uri, nil, nil)
-	if err != nil {
-		return "", err
-	}
-
-	return string(res.Body), nil
-}
-
-// UpdateWorkersScriptContent pushes only script content, no metadata.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-put-content
-func (api *API) UpdateWorkersScriptContent(ctx context.Context, rc *ResourceContainer, params UpdateWorkersScriptContentParams) (WorkerScriptResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerScriptResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerScriptResponse{}, ErrMissingAccountID
-	}
-
-	body := []byte(params.Script)
-	var (
-		contentType = "application/javascript"
-		err         error
-	)
-
-	if params.Module {
-		var formattedParams CreateWorkerParams
-		formattedParams.Script = params.Script
-		formattedParams.ScriptName = params.ScriptName
-		formattedParams.Module = params.Module
-		formattedParams.DispatchNamespaceName = params.DispatchNamespaceName
-		contentType, body, err = formatMultipartBody(formattedParams)
-		if err != nil {
-			return WorkerScriptResponse{}, err
-		}
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/content", rc.Identifier, params.ScriptName)
-	if params.DispatchNamespaceName != nil {
-		uri = fmt.Sprintf("/accounts/%s/workers/dispatch_namespaces/%s/scripts/%s/content", rc.Identifier, *params.DispatchNamespaceName, params.ScriptName)
-	}
-
-	headers := make(http.Header)
-	headers.Set("Content-Type", contentType)
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPut, uri, body, headers)
-
-	var r WorkerScriptResponse
-	if err != nil {
-		return r, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r, nil
-}
-
-// GetWorkersScriptSettings returns the metadata of a worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-get-settings
-func (api *API) GetWorkersScriptSettings(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkerScriptSettingsResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerScriptSettingsResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerScriptSettingsResponse{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/settings", rc.Identifier, scriptName)
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodGet, uri, nil, nil)
-	var r WorkerScriptSettingsResponse
-	if err != nil {
-		return r, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	r.Success = true
-
-	return r, nil
-}
-
-// UpdateWorkersScriptSettings pushes only script metadata.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-script-patch-settings
-func (api *API) UpdateWorkersScriptSettings(ctx context.Context, rc *ResourceContainer, params UpdateWorkersScriptSettingsParams) (WorkerScriptSettingsResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkerScriptSettingsResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerScriptSettingsResponse{}, ErrMissingAccountID
-	}
-
-	body, err := json.Marshal(params)
-	if err != nil {
-		return WorkerScriptSettingsResponse{}, err
-	}
-	headers := make(http.Header)
-	headers.Set("Content-Type", "application/json")
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/settings", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContextWithHeaders(ctx, http.MethodPatch, uri, body, headers)
-	var r WorkerScriptSettingsResponse
-	if err != nil {
-		return r, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	r.Success = true
-
-	return r, nil
-}
-
-// Returns content-type, body, error.
-func formatMultipartBody(params CreateWorkerParams) (string, []byte, error) {
-	var buf = &bytes.Buffer{}
-	var mpw = multipart.NewWriter(buf)
-	defer mpw.Close()
-
-	// Write metadata part
-	var scriptPartName string
-	meta := struct {
-		BodyPart           string                 `json:"body_part,omitempty"`
-		MainModule         string                 `json:"main_module,omitempty"`
-		Bindings           []workerBindingMeta    `json:"bindings"`
-		Logpush            *bool                  `json:"logpush,omitempty"`
-		TailConsumers      *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
-		CompatibilityDate  string                 `json:"compatibility_date,omitempty"`
-		CompatibilityFlags []string               `json:"compatibility_flags,omitempty"`
-		Placement          *Placement             `json:"placement,omitempty"`
-		Tags               []string               `json:"tags"`
-	}{
-		Bindings:           make([]workerBindingMeta, 0, len(params.Bindings)),
-		Logpush:            params.Logpush,
-		TailConsumers:      params.TailConsumers,
-		CompatibilityDate:  params.CompatibilityDate,
-		CompatibilityFlags: params.CompatibilityFlags,
-		Placement:          params.Placement,
-		Tags:               params.Tags,
-	}
-
-	if params.Module {
-		scriptPartName = "worker.mjs"
-		meta.MainModule = scriptPartName
-	} else {
-		scriptPartName = "script"
-		meta.BodyPart = scriptPartName
-	}
-
-	bodyWriters := make([]workerBindingBodyWriter, 0, len(params.Bindings))
-	for name, b := range params.Bindings {
-		bindingMeta, bodyWriter, err := b.serialize(name)
-		if err != nil {
-			return "", nil, err
-		}
-
-		meta.Bindings = append(meta.Bindings, bindingMeta)
-		bodyWriters = append(bodyWriters, bodyWriter)
-	}
-
-	var hdr = textproto.MIMEHeader{}
-	hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, "metadata"))
-	hdr.Set("content-type", "application/json")
-	pw, err := mpw.CreatePart(hdr)
-	if err != nil {
-		return "", nil, err
-	}
-	metaJSON, err := json.Marshal(meta)
-	if err != nil {
-		return "", nil, err
-	}
-	_, err = pw.Write(metaJSON)
-	if err != nil {
-		return "", nil, err
-	}
-
-	// Write script part
-	hdr = textproto.MIMEHeader{}
-
-	contentType := "application/javascript"
-	if params.Module {
-		contentType = "application/javascript+module"
-		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"; filename="%[1]s"`, scriptPartName))
-	} else {
-		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, scriptPartName))
-	}
-	hdr.Set("content-type", contentType)
-
-	pw, err = mpw.CreatePart(hdr)
-	if err != nil {
-		return "", nil, err
-	}
-	_, err = pw.Write([]byte(params.Script))
-	if err != nil {
-		return "", nil, err
-	}
-
-	// Write other bindings with parts
-	for _, w := range bodyWriters {
-		if w != nil {
-			err = w(mpw)
-			if err != nil {
-				return "", nil, err
-			}
-		}
-	}
-
-	mpw.Close()
-
-	return mpw.FormDataContentType(), buf.Bytes(), nil
-}
diff --git a/pkg/cloudflare-go/workers_account_settings.go b/pkg/cloudflare-go/workers_account_settings.go
deleted file mode 100644
index 55e0d30e70..0000000000
--- a/pkg/cloudflare-go/workers_account_settings.go
+++ /dev/null
@@ -1,83 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type WorkersAccountSettings struct {
-	DefaultUsageModel string `json:"default_usage_model,omitempty"`
-	GreenCompute      bool   `json:"green_compute,omitempty"`
-}
-
-type CreateWorkersAccountSettingsParameters struct {
-	DefaultUsageModel string `json:"default_usage_model,omitempty"`
-	GreenCompute      bool   `json:"green_compute,omitempty"`
-}
-
-type CreateWorkersAccountSettingsResponse struct {
-	Response
-	Result WorkersAccountSettings
-}
-
-type WorkersAccountSettingsParameters struct{}
-
-type WorkersAccountSettingsResponse struct {
-	Response
-	Result WorkersAccountSettings
-}
-
-// CreateWorkersAccountSettings sets the account settings for Workers.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-account-settings-create-worker-account-settings
-func (api *API) CreateWorkersAccountSettings(ctx context.Context, rc *ResourceContainer, params CreateWorkersAccountSettingsParameters) (WorkersAccountSettings, error) {
-	if rc.Identifier == "" {
-		return WorkersAccountSettings{}, ErrMissingAccountID
-	}
-
-	if rc.Level != AccountRouteLevel {
-		return WorkersAccountSettings{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/account-settings", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return WorkersAccountSettings{}, err
-	}
-
-	var workersAccountSettingsResponse CreateWorkersAccountSettingsResponse
-	if err := json.Unmarshal(res, &workersAccountSettingsResponse); err != nil {
-		return WorkersAccountSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return workersAccountSettingsResponse.Result, nil
-}
-
-// WorkersAccountSettings returns the current account settings for Workers.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-account-settings-fetch-worker-account-settings
-func (api *API) WorkersAccountSettings(ctx context.Context, rc *ResourceContainer, params WorkersAccountSettingsParameters) (WorkersAccountSettings, error) {
-	if rc.Identifier == "" {
-		return WorkersAccountSettings{}, ErrMissingAccountID
-	}
-
-	if rc.Level != AccountRouteLevel {
-		return WorkersAccountSettings{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/account-settings", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, params)
-	if err != nil {
-		return WorkersAccountSettings{}, err
-	}
-
-	var workersAccountSettingsResponse CreateWorkersAccountSettingsResponse
-	if err := json.Unmarshal(res, &workersAccountSettingsResponse); err != nil {
-		return WorkersAccountSettings{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return workersAccountSettingsResponse.Result, nil
-}
diff --git a/pkg/cloudflare-go/workers_account_settings_test.go b/pkg/cloudflare-go/workers_account_settings_test.go
deleted file mode 100644
index 0bdd35fd33..0000000000
--- a/pkg/cloudflare-go/workers_account_settings_test.go
+++ /dev/null
@@ -1,67 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWorkersAccountSettings_CreateAccountSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/account-settings", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "default_usage_model": "unbound",
-	"green_compute": false
-  }
-}`)
-	})
-	res, err := client.CreateWorkersAccountSettings(context.Background(), AccountIdentifier(testAccountID), CreateWorkersAccountSettingsParameters{DefaultUsageModel: "unbound", GreenCompute: false})
-	want := WorkersAccountSettings{
-		DefaultUsageModel: "unbound",
-		GreenCompute:      false,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersAccountSettings_GetAccountSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/account-settings", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "default_usage_model": "unbound",
-	"green_compute": true
-  }
-}`)
-	})
-
-	res, err := client.WorkersAccountSettings(context.Background(), AccountIdentifier(testAccountID), WorkersAccountSettingsParameters{})
-	want := WorkersAccountSettings{
-		DefaultUsageModel: "unbound",
-		GreenCompute:      true,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_bindings.go b/pkg/cloudflare-go/workers_bindings.go
deleted file mode 100644
index 0516c5b3f7..0000000000
--- a/pkg/cloudflare-go/workers_bindings.go
+++ /dev/null
@@ -1,617 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	rand "crypto/rand"
-	"encoding/hex"
-	"errors"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"net/textproto"
-
-	"github.com/goccy/go-json"
-)
-
-// WorkerBindingType represents a particular type of binding.
-type WorkerBindingType string
-
-func (b WorkerBindingType) String() string {
-	return string(b)
-}
-
-const (
-	// WorkerDurableObjectBindingType is the type for Durable Object bindings.
-	WorkerDurableObjectBindingType WorkerBindingType = "durable_object_namespace"
-	// WorkerInheritBindingType is the type for inherited bindings.
-	WorkerInheritBindingType WorkerBindingType = "inherit"
-	// WorkerKvNamespaceBindingType is the type for KV Namespace bindings.
-	WorkerKvNamespaceBindingType WorkerBindingType = "kv_namespace"
-	// WorkerWebAssemblyBindingType is the type for Web Assembly module bindings.
-	WorkerWebAssemblyBindingType WorkerBindingType = "wasm_module"
-	// WorkerSecretTextBindingType is the type for secret text bindings.
-	WorkerSecretTextBindingType WorkerBindingType = "secret_text"
-	// WorkerPlainTextBindingType is the type for plain text bindings.
-	WorkerPlainTextBindingType WorkerBindingType = "plain_text"
-	// WorkerServiceBindingType is the type for service bindings.
-	WorkerServiceBindingType WorkerBindingType = "service"
-	// WorkerR2BucketBindingType is the type for R2 bucket bindings.
-	WorkerR2BucketBindingType WorkerBindingType = "r2_bucket"
-	// WorkerAnalyticsEngineBindingType is the type for Analytics Engine dataset bindings.
-	WorkerAnalyticsEngineBindingType WorkerBindingType = "analytics_engine"
-	// WorkerQueueBindingType is the type for queue bindings.
-	WorkerQueueBindingType WorkerBindingType = "queue"
-	// DispatchNamespaceBindingType is the type for WFP namespace bindings.
-	DispatchNamespaceBindingType WorkerBindingType = "dispatch_namespace"
-	// WorkerD1DataseBindingType is for D1 databases.
-	WorkerD1DataseBindingType WorkerBindingType = "d1"
-)
-
-type ListWorkerBindingsParams struct {
-	ScriptName        string
-	DispatchNamespace *string
-}
-
-// WorkerBindingListItem a struct representing an individual binding in a list of bindings.
-type WorkerBindingListItem struct {
-	Name    string `json:"name"`
-	Binding WorkerBinding
-}
-
-// WorkerBindingListResponse wrapper struct for API response to worker binding list API call.
-type WorkerBindingListResponse struct {
-	Response
-	BindingList []WorkerBindingListItem
-}
-
-// Workers supports multiple types of bindings, e.g. KV namespaces or WebAssembly modules, and each type
-// of binding will be represented differently in the upload request body. At a high-level, every binding
-// will specify metadata, which is a JSON object with the properties "name" and "type". Some types of bindings
-// will also have additional metadata properties. For example, KV bindings also specify the KV namespace.
-// In addition to the metadata, some binding types may need to include additional data as part of the
-// multipart form. For example, WebAssembly bindings will include the contents of the WebAssembly module.
-
-// WorkerBinding is the generic interface implemented by all of
-// the various binding types.
-type WorkerBinding interface {
-	Type() WorkerBindingType
-
-	// serialize is responsible for returning the binding metadata as well as an optionally
-	// returning a function that can modify the multipart form body. For example, this is used
-	// by WebAssembly bindings to add a new part containing the WebAssembly module contents.
-	serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error)
-}
-
-// workerBindingMeta is the metadata portion of the binding.
-type workerBindingMeta = map[string]interface{}
-
-// workerBindingBodyWriter allows for a binding to add additional parts to the multipart body.
-type workerBindingBodyWriter func(*multipart.Writer) error
-
-// WorkerInheritBinding will just persist whatever binding content was previously uploaded.
-type WorkerInheritBinding struct {
-	// Optional parameter that allows for renaming a binding without changing
-	// its contents. If `OldName` is empty, the binding name will not be changed.
-	OldName string
-}
-
-// Type returns the type of the binding.
-func (b WorkerInheritBinding) Type() WorkerBindingType {
-	return WorkerInheritBindingType
-}
-
-func (b WorkerInheritBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	meta := workerBindingMeta{
-		"name": bindingName,
-		"type": b.Type(),
-	}
-
-	if b.OldName != "" {
-		meta["old_name"] = b.OldName
-	}
-
-	return meta, nil, nil
-}
-
-// WorkerKvNamespaceBinding is a binding to a Workers KV Namespace.
-//
-// https://developers.cloudflare.com/workers/archive/api/resource-bindings/kv-namespaces/
-type WorkerKvNamespaceBinding struct {
-	NamespaceID string
-}
-
-// Type returns the type of the binding.
-func (b WorkerKvNamespaceBinding) Type() WorkerBindingType {
-	return WorkerKvNamespaceBindingType
-}
-
-func (b WorkerKvNamespaceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.NamespaceID == "" {
-		return nil, nil, fmt.Errorf(`namespace ID for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name":         bindingName,
-		"type":         b.Type(),
-		"namespace_id": b.NamespaceID,
-	}, nil, nil
-}
-
-// WorkerDurableObjectBinding is a binding to a Workers Durable Object.
-//
-// https://api.cloudflare.com/#durable-objects-namespace-properties
-type WorkerDurableObjectBinding struct {
-	ClassName  string
-	ScriptName string
-}
-
-// Type returns the type of the binding.
-func (b WorkerDurableObjectBinding) Type() WorkerBindingType {
-	return WorkerDurableObjectBindingType
-}
-
-func (b WorkerDurableObjectBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.ClassName == "" {
-		return nil, nil, fmt.Errorf(`ClassName for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name":        bindingName,
-		"type":        b.Type(),
-		"class_name":  b.ClassName,
-		"script_name": b.ScriptName,
-	}, nil, nil
-}
-
-// WorkerWebAssemblyBinding is a binding to a WebAssembly module.
-//
-// https://developers.cloudflare.com/workers/archive/api/resource-bindings/webassembly-modules/
-type WorkerWebAssemblyBinding struct {
-	Module io.Reader
-}
-
-// Type returns the type of the binding.
-func (b WorkerWebAssemblyBinding) Type() WorkerBindingType {
-	return WorkerWebAssemblyBindingType
-}
-
-func (b WorkerWebAssemblyBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	partName := getRandomPartName()
-
-	bodyWriter := func(mpw *multipart.Writer) error {
-		var hdr = textproto.MIMEHeader{}
-		hdr.Set("content-disposition", fmt.Sprintf(`form-data; name="%s"`, partName))
-		hdr.Set("content-type", "application/wasm")
-		pw, err := mpw.CreatePart(hdr)
-		if err != nil {
-			return err
-		}
-		_, err = io.Copy(pw, b.Module)
-		return err
-	}
-
-	return workerBindingMeta{
-		"name": bindingName,
-		"type": b.Type(),
-		"part": partName,
-	}, bodyWriter, nil
-}
-
-// WorkerPlainTextBinding is a binding to plain text.
-//
-// https://developers.cloudflare.com/workers/tooling/api/scripts/#add-a-plain-text-binding
-type WorkerPlainTextBinding struct {
-	Text string
-}
-
-// Type returns the type of the binding.
-func (b WorkerPlainTextBinding) Type() WorkerBindingType {
-	return WorkerPlainTextBindingType
-}
-
-func (b WorkerPlainTextBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Text == "" {
-		return nil, nil, fmt.Errorf(`text for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name": bindingName,
-		"type": b.Type(),
-		"text": b.Text,
-	}, nil, nil
-}
-
-// WorkerSecretTextBinding is a binding to secret text.
-//
-// https://developers.cloudflare.com/workers/tooling/api/scripts/#add-a-secret-text-binding
-type WorkerSecretTextBinding struct {
-	Text string
-}
-
-// Type returns the type of the binding.
-func (b WorkerSecretTextBinding) Type() WorkerBindingType {
-	return WorkerSecretTextBindingType
-}
-
-func (b WorkerSecretTextBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Text == "" {
-		return nil, nil, fmt.Errorf(`text for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name": bindingName,
-		"type": b.Type(),
-		"text": b.Text,
-	}, nil, nil
-}
-
-type WorkerServiceBinding struct {
-	Service     string
-	Environment *string
-}
-
-func (b WorkerServiceBinding) Type() WorkerBindingType {
-	return WorkerServiceBindingType
-}
-
-func (b WorkerServiceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Service == "" {
-		return nil, nil, fmt.Errorf(`service for binding "%s" cannot be empty`, bindingName)
-	}
-
-	meta := workerBindingMeta{
-		"name":    bindingName,
-		"type":    b.Type(),
-		"service": b.Service,
-	}
-
-	if b.Environment != nil {
-		meta["environment"] = *b.Environment
-	}
-
-	return meta, nil, nil
-}
-
-// WorkerR2BucketBinding is a binding to an R2 bucket.
-type WorkerR2BucketBinding struct {
-	BucketName string
-}
-
-// Type returns the type of the binding.
-func (b WorkerR2BucketBinding) Type() WorkerBindingType {
-	return WorkerR2BucketBindingType
-}
-
-func (b WorkerR2BucketBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.BucketName == "" {
-		return nil, nil, fmt.Errorf(`BucketName for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name":        bindingName,
-		"type":        b.Type(),
-		"bucket_name": b.BucketName,
-	}, nil, nil
-}
-
-// WorkerAnalyticsEngineBinding is a binding to an Analytics Engine dataset.
-type WorkerAnalyticsEngineBinding struct {
-	Dataset string
-}
-
-// Type returns the type of the binding.
-func (b WorkerAnalyticsEngineBinding) Type() WorkerBindingType {
-	return WorkerAnalyticsEngineBindingType
-}
-
-func (b WorkerAnalyticsEngineBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Dataset == "" {
-		return nil, nil, fmt.Errorf(`dataset for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name":    bindingName,
-		"type":    b.Type(),
-		"dataset": b.Dataset,
-	}, nil, nil
-}
-
-// WorkerQueueBinding is a binding to a Workers Queue.
-//
-// https://developers.cloudflare.com/workers/platform/bindings/#queue-bindings
-type WorkerQueueBinding struct {
-	Binding string
-	Queue   string
-}
-
-// Type returns the type of the binding.
-func (b WorkerQueueBinding) Type() WorkerBindingType {
-	return WorkerQueueBindingType
-}
-
-func (b WorkerQueueBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Binding == "" {
-		return nil, nil, fmt.Errorf(`binding name for binding "%s" cannot be empty`, bindingName)
-	}
-	if b.Queue == "" {
-		return nil, nil, fmt.Errorf(`queue name for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"type":       b.Type(),
-		"name":       b.Binding,
-		"queue_name": b.Queue,
-	}, nil, nil
-}
-
-// DispatchNamespaceBinding is a binding to a Workers for Platforms namespace
-//
-// https://developers.cloudflare.com/workers/platform/bindings/#dispatch-namespace-bindings-workers-for-platforms
-type DispatchNamespaceBinding struct {
-	Binding   string
-	Namespace string
-	Outbound  *NamespaceOutboundOptions
-}
-
-type NamespaceOutboundOptions struct {
-	Worker WorkerReference
-	Params []OutboundParamSchema
-}
-
-type WorkerReference struct {
-	Service     string
-	Environment *string
-}
-
-type OutboundParamSchema struct {
-	Name string
-}
-
-// Type returns the type of the binding.
-func (b DispatchNamespaceBinding) Type() WorkerBindingType {
-	return DispatchNamespaceBindingType
-}
-
-func (b DispatchNamespaceBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.Binding == "" {
-		return nil, nil, fmt.Errorf(`binding name for binding "%s" cannot be empty`, bindingName)
-	}
-	if b.Namespace == "" {
-		return nil, nil, fmt.Errorf(`namespace name for binding "%s" cannot be empty`, bindingName)
-	}
-
-	meta := workerBindingMeta{
-		"type":      b.Type(),
-		"name":      b.Binding,
-		"namespace": b.Namespace,
-	}
-
-	if b.Outbound != nil {
-		if b.Outbound.Worker.Service == "" {
-			return nil, nil, fmt.Errorf(`outbound options for binding "%s" must have a service name`, bindingName)
-		}
-
-		var params []map[string]interface{}
-		for _, param := range b.Outbound.Params {
-			params = append(params, map[string]interface{}{
-				"name": param.Name,
-			})
-		}
-
-		meta["outbound"] = map[string]interface{}{
-			"worker": map[string]interface{}{
-				"service":     b.Outbound.Worker.Service,
-				"environment": b.Outbound.Worker.Environment,
-			},
-			"params": params,
-		}
-	}
-
-	return meta, nil, nil
-}
-
-// WorkerD1DatabaseBinding is a binding to a D1 instance.
-type WorkerD1DatabaseBinding struct {
-	DatabaseID string
-}
-
-// Type returns the type of the binding.
-func (b WorkerD1DatabaseBinding) Type() WorkerBindingType {
-	return WorkerD1DataseBindingType
-}
-
-func (b WorkerD1DatabaseBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	if b.DatabaseID == "" {
-		return nil, nil, fmt.Errorf(`database ID for binding "%s" cannot be empty`, bindingName)
-	}
-
-	return workerBindingMeta{
-		"name": bindingName,
-		"type": b.Type(),
-		"id":   b.DatabaseID,
-	}, nil, nil
-}
-
-// UnsafeBinding is for experimental or deprecated bindings, and allows specifying any binding type or property.
-type UnsafeBinding map[string]interface{}
-
-// Type returns the type of the binding.
-func (b UnsafeBinding) Type() WorkerBindingType {
-	return ""
-}
-
-func (b UnsafeBinding) serialize(bindingName string) (workerBindingMeta, workerBindingBodyWriter, error) {
-	b["name"] = bindingName
-	return b, nil, nil
-}
-
-// Each binding that adds a part to the multipart form body will need
-// a unique part name so we just generate a random 128bit hex string.
-func getRandomPartName() string {
-	randBytes := make([]byte, 16)
-	rand.Read(randBytes) //nolint:errcheck
-	return hex.EncodeToString(randBytes)
-}
-
-// ListWorkerBindings returns all the bindings for a particular worker.
-func (api *API) ListWorkerBindings(ctx context.Context, rc *ResourceContainer, params ListWorkerBindingsParams) (WorkerBindingListResponse, error) {
-	if params.ScriptName == "" {
-		return WorkerBindingListResponse{}, errors.New("script name is required")
-	}
-
-	if rc.Level != AccountRouteLevel {
-		return WorkerBindingListResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkerBindingListResponse{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/bindings", rc.Identifier, params.ScriptName)
-	if params.DispatchNamespace != nil && *params.DispatchNamespace != "" {
-		uri = fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s/scripts/%s/bindings", rc.Identifier, *params.DispatchNamespace, params.ScriptName)
-	}
-
-	var jsonRes struct {
-		Response
-		Bindings []workerBindingMeta `json:"result"`
-	}
-	var r WorkerBindingListResponse
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return r, err
-	}
-	err = json.Unmarshal(res, &jsonRes)
-	if err != nil {
-		return r, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	r = WorkerBindingListResponse{
-		Response:    jsonRes.Response,
-		BindingList: make([]WorkerBindingListItem, 0, len(jsonRes.Bindings)),
-	}
-	for _, jsonBinding := range jsonRes.Bindings {
-		name, ok := jsonBinding["name"].(string)
-		if !ok {
-			return r, fmt.Errorf("binding missing name %v", jsonBinding)
-		}
-		bType, ok := jsonBinding["type"].(string)
-		if !ok {
-			return r, fmt.Errorf("binding missing type %v", jsonBinding)
-		}
-		bindingListItem := WorkerBindingListItem{
-			Name: name,
-		}
-
-		switch WorkerBindingType(bType) {
-		case WorkerDurableObjectBindingType:
-			class_name := jsonBinding["class_name"].(string)
-			script_name := jsonBinding["script_name"].(string)
-			bindingListItem.Binding = WorkerDurableObjectBinding{
-				ClassName:  class_name,
-				ScriptName: script_name,
-			}
-		case WorkerKvNamespaceBindingType:
-			namespaceID := jsonBinding["namespace_id"].(string)
-			bindingListItem.Binding = WorkerKvNamespaceBinding{
-				NamespaceID: namespaceID,
-			}
-		case WorkerQueueBindingType:
-			queueName := jsonBinding["queue_name"].(string)
-			bindingListItem.Binding = WorkerQueueBinding{
-				Binding: name,
-				Queue:   queueName,
-			}
-		case WorkerWebAssemblyBindingType:
-			bindingListItem.Binding = WorkerWebAssemblyBinding{
-				Module: &bindingContentReader{
-					api:         api,
-					ctx:         ctx,
-					accountID:   rc.Identifier,
-					params:      &params,
-					bindingName: name,
-				},
-			}
-		case WorkerPlainTextBindingType:
-			text := jsonBinding["text"].(string)
-			bindingListItem.Binding = WorkerPlainTextBinding{
-				Text: text,
-			}
-		case WorkerServiceBindingType:
-			service := jsonBinding["service"].(string)
-			environment := jsonBinding["environment"].(string)
-			bindingListItem.Binding = WorkerServiceBinding{
-				Service:     service,
-				Environment: &environment,
-			}
-		case WorkerSecretTextBindingType:
-			bindingListItem.Binding = WorkerSecretTextBinding{}
-		case WorkerR2BucketBindingType:
-			bucketName := jsonBinding["bucket_name"].(string)
-			bindingListItem.Binding = WorkerR2BucketBinding{
-				BucketName: bucketName,
-			}
-		case WorkerAnalyticsEngineBindingType:
-			dataset := jsonBinding["dataset"].(string)
-			bindingListItem.Binding = WorkerAnalyticsEngineBinding{
-				Dataset: dataset,
-			}
-		case WorkerD1DataseBindingType:
-			database_id := jsonBinding["database_id"].(string)
-			bindingListItem.Binding = WorkerD1DatabaseBinding{
-				DatabaseID: database_id,
-			}
-		default:
-			bindingListItem.Binding = WorkerInheritBinding{}
-		}
-		r.BindingList = append(r.BindingList, bindingListItem)
-	}
-
-	return r, nil
-}
-
-// bindingContentReader is an io.Reader that will lazily load the
-// raw bytes for a binding from the API when the Read() method
-// is first called. This is only useful for binding types
-// that store raw bytes, like WebAssembly modules.
-type bindingContentReader struct {
-	api         *API
-	accountID   string
-	params      *ListWorkerBindingsParams
-	ctx         context.Context
-	bindingName string
-	content     []byte
-	position    int
-}
-
-func (b *bindingContentReader) Read(p []byte) (n int, err error) {
-	// Lazily load the content when Read() is first called
-	if b.content == nil {
-		uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/bindings/%s/content", b.accountID, b.params.ScriptName, b.bindingName)
-		res, err := b.api.makeRequestContext(b.ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return 0, err
-		}
-		b.content = res
-	}
-
-	if b.position >= len(b.content) {
-		return 0, io.EOF
-	}
-
-	bytesRemaining := len(b.content) - b.position
-	bytesToProcess := 0
-	if len(p) < bytesRemaining {
-		bytesToProcess = len(p)
-	} else {
-		bytesToProcess = bytesRemaining
-	}
-
-	for i := 0; i < bytesToProcess; i++ {
-		p[i] = b.content[b.position]
-		b.position = b.position + 1
-	}
-
-	return bytesToProcess, nil
-}
diff --git a/pkg/cloudflare-go/workers_bindings_test.go b/pkg/cloudflare-go/workers_bindings_test.go
deleted file mode 100644
index bb7f141fa8..0000000000
--- a/pkg/cloudflare-go/workers_bindings_test.go
+++ /dev/null
@@ -1,237 +0,0 @@
-package cloudflare
-
-import (
-	"bytes"
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListWorkerBindings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/my-script/bindings", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, listBindingsResponseData)
-	})
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/my-script/bindings/MY_WASM/content", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/wasm")
-		_, _ = w.Write([]byte("mock multi-script wasm"))
-	})
-
-	res, err := client.ListWorkerBindings(context.Background(), AccountIdentifier(testAccountID), ListWorkerBindingsParams{
-		ScriptName: "my-script",
-	})
-	assert.NoError(t, err)
-
-	assert.Equal(t, successResponse, res.Response)
-	assert.Equal(t, 9, len(res.BindingList))
-
-	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
-		Name: "MY_KV",
-		Binding: WorkerKvNamespaceBinding{
-			NamespaceID: "89f5f8fd93f94cb98473f6f421aa3b65",
-		},
-	})
-	assert.Equal(t, WorkerKvNamespaceBindingType, res.BindingList[0].Binding.Type())
-
-	assert.Equal(t, "MY_WASM", res.BindingList[1].Name)
-	wasmBinding := res.BindingList[1].Binding.(WorkerWebAssemblyBinding)
-	wasmModuleContent, err := io.ReadAll(wasmBinding.Module)
-	assert.NoError(t, err)
-	assert.Equal(t, []byte("mock multi-script wasm"), wasmModuleContent)
-	assert.Equal(t, WorkerWebAssemblyBindingType, res.BindingList[1].Binding.Type())
-
-	assert.Equal(t, res.BindingList[2], WorkerBindingListItem{
-		Name: "MY_PLAIN_TEXT",
-		Binding: WorkerPlainTextBinding{
-			Text: "text",
-		},
-	})
-	assert.Equal(t, WorkerPlainTextBindingType, res.BindingList[2].Binding.Type())
-
-	assert.Equal(t, res.BindingList[3], WorkerBindingListItem{
-		Name:    "MY_SECRET_TEXT",
-		Binding: WorkerSecretTextBinding{},
-	})
-	assert.Equal(t, WorkerSecretTextBindingType, res.BindingList[3].Binding.Type())
-
-	environment := "MY_ENVIRONMENT"
-	assert.Equal(t, res.BindingList[4], WorkerBindingListItem{
-		Name: "MY_SERVICE_BINDING",
-		Binding: WorkerServiceBinding{
-			Service:     "MY_SERVICE",
-			Environment: &environment,
-		},
-	})
-	assert.Equal(t, WorkerServiceBindingType, res.BindingList[4].Binding.Type())
-
-	assert.Equal(t, res.BindingList[5], WorkerBindingListItem{
-		Name:    "MY_NEW_BINDING",
-		Binding: WorkerInheritBinding{},
-	})
-	assert.Equal(t, WorkerInheritBindingType, res.BindingList[5].Binding.Type())
-
-	assert.Equal(t, res.BindingList[6], WorkerBindingListItem{
-		Name: "MY_BUCKET",
-		Binding: WorkerR2BucketBinding{
-			BucketName: "bucket",
-		},
-	})
-	assert.Equal(t, WorkerR2BucketBindingType, res.BindingList[6].Binding.Type())
-
-	assert.Equal(t, res.BindingList[7], WorkerBindingListItem{
-		Name: "MY_DATASET",
-		Binding: WorkerAnalyticsEngineBinding{
-			Dataset: "my_dataset",
-		},
-	})
-
-	assert.Equal(t, WorkerAnalyticsEngineBindingType, res.BindingList[7].Binding.Type())
-
-	assert.Equal(t, res.BindingList[8], WorkerBindingListItem{
-		Name: "MY_DATABASE",
-		Binding: WorkerD1DatabaseBinding{
-			DatabaseID: "cef5331f-e5c7-4c8a-a415-7908ae45f92a",
-		},
-	})
-	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
-}
-
-func TestListWorkerBindings_Wfp(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/my-namespace/scripts/my-script/bindings", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, listBindingsResponseData)
-	})
-
-	res, err := client.ListWorkerBindings(context.Background(), AccountIdentifier(testAccountID), ListWorkerBindingsParams{
-		ScriptName:        "my-script",
-		DispatchNamespace: &[]string{"my-namespace"}[0],
-	})
-	assert.NoError(t, err)
-
-	assert.Equal(t, successResponse, res.Response)
-	assert.Equal(t, 9, len(res.BindingList))
-
-	assert.Equal(t, res.BindingList[0], WorkerBindingListItem{
-		Name: "MY_KV",
-		Binding: WorkerKvNamespaceBinding{
-			NamespaceID: "89f5f8fd93f94cb98473f6f421aa3b65",
-		},
-	})
-	assert.Equal(t, WorkerKvNamespaceBindingType, res.BindingList[0].Binding.Type())
-
-	// WASM binding - No binding content endpoint exists for WfP
-
-	assert.Equal(t, res.BindingList[2], WorkerBindingListItem{
-		Name: "MY_PLAIN_TEXT",
-		Binding: WorkerPlainTextBinding{
-			Text: "text",
-		},
-	})
-	assert.Equal(t, WorkerPlainTextBindingType, res.BindingList[2].Binding.Type())
-
-	assert.Equal(t, res.BindingList[3], WorkerBindingListItem{
-		Name:    "MY_SECRET_TEXT",
-		Binding: WorkerSecretTextBinding{},
-	})
-	assert.Equal(t, WorkerSecretTextBindingType, res.BindingList[3].Binding.Type())
-
-	environment := "MY_ENVIRONMENT"
-	assert.Equal(t, res.BindingList[4], WorkerBindingListItem{
-		Name: "MY_SERVICE_BINDING",
-		Binding: WorkerServiceBinding{
-			Service:     "MY_SERVICE",
-			Environment: &environment,
-		},
-	})
-	assert.Equal(t, WorkerServiceBindingType, res.BindingList[4].Binding.Type())
-
-	assert.Equal(t, res.BindingList[5], WorkerBindingListItem{
-		Name:    "MY_NEW_BINDING",
-		Binding: WorkerInheritBinding{},
-	})
-	assert.Equal(t, WorkerInheritBindingType, res.BindingList[5].Binding.Type())
-
-	assert.Equal(t, res.BindingList[6], WorkerBindingListItem{
-		Name: "MY_BUCKET",
-		Binding: WorkerR2BucketBinding{
-			BucketName: "bucket",
-		},
-	})
-	assert.Equal(t, WorkerR2BucketBindingType, res.BindingList[6].Binding.Type())
-
-	assert.Equal(t, res.BindingList[7], WorkerBindingListItem{
-		Name: "MY_DATASET",
-		Binding: WorkerAnalyticsEngineBinding{
-			Dataset: "my_dataset",
-		},
-	})
-
-	assert.Equal(t, WorkerAnalyticsEngineBindingType, res.BindingList[7].Binding.Type())
-
-	assert.Equal(t, res.BindingList[8], WorkerBindingListItem{
-		Name: "MY_DATABASE",
-		Binding: WorkerD1DatabaseBinding{
-			DatabaseID: "cef5331f-e5c7-4c8a-a415-7908ae45f92a",
-		},
-	})
-	assert.Equal(t, WorkerD1DataseBindingType, res.BindingList[8].Binding.Type())
-}
-
-func ExampleUnsafeBinding() {
-	pretty := func(meta workerBindingMeta) string {
-		buf := bytes.NewBufferString("")
-		encoder := json.NewEncoder(buf)
-		encoder.SetIndent("", "  ")
-		if err := encoder.Encode(meta); err != nil {
-			fmt.Println("error:", err)
-		}
-		return buf.String()
-	}
-
-	binding_a := WorkerServiceBinding{
-		Service: "foo",
-	}
-	meta_a, _, _ := binding_a.serialize("my_binding")
-	meta_a_json := pretty(meta_a)
-	fmt.Println(meta_a_json)
-
-	binding_b := UnsafeBinding{
-		"type":    "service",
-		"service": "foo",
-	}
-	meta_b, _, _ := binding_b.serialize("my_binding")
-	meta_b_json := pretty(meta_b)
-	fmt.Println(meta_b_json)
-
-	fmt.Println(meta_a_json == meta_b_json)
-	// Output:
-	// {
-	//   "name": "my_binding",
-	//   "service": "foo",
-	//   "type": "service"
-	// }
-	//
-	// {
-	//   "name": "my_binding",
-	//   "service": "foo",
-	//   "type": "service"
-	// }
-	//
-	// true
-}
diff --git a/pkg/cloudflare-go/workers_cron_triggers.go b/pkg/cloudflare-go/workers_cron_triggers.go
deleted file mode 100644
index c231c994c9..0000000000
--- a/pkg/cloudflare-go/workers_cron_triggers.go
+++ /dev/null
@@ -1,91 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// WorkerCronTriggerResponse represents the response from the Worker cron trigger
-// API endpoint.
-type WorkerCronTriggerResponse struct {
-	Response
-	Result WorkerCronTriggerSchedules `json:"result"`
-}
-
-// WorkerCronTriggerSchedules contains the schedule of Worker cron triggers.
-type WorkerCronTriggerSchedules struct {
-	Schedules []WorkerCronTrigger `json:"schedules"`
-}
-
-// WorkerCronTrigger holds an individual cron schedule for a worker.
-type WorkerCronTrigger struct {
-	Cron       string     `json:"cron"`
-	CreatedOn  *time.Time `json:"created_on,omitempty"`
-	ModifiedOn *time.Time `json:"modified_on,omitempty"`
-}
-
-type ListWorkerCronTriggersParams struct {
-	ScriptName string
-}
-
-type UpdateWorkerCronTriggersParams struct {
-	ScriptName string
-	Crons      []WorkerCronTrigger
-}
-
-// ListWorkerCronTriggers fetches all available cron triggers for a single Worker
-// script.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-cron-trigger-get-cron-triggers
-func (api *API) ListWorkerCronTriggers(ctx context.Context, rc *ResourceContainer, params ListWorkerCronTriggersParams) ([]WorkerCronTrigger, error) {
-	if rc.Level != AccountRouteLevel {
-		return []WorkerCronTrigger{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []WorkerCronTrigger{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/schedules", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []WorkerCronTrigger{}, err
-	}
-
-	result := WorkerCronTriggerResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []WorkerCronTrigger{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Schedules, err
-}
-
-// UpdateWorkerCronTriggers updates a single schedule for a Worker cron trigger.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-cron-trigger-update-cron-triggers
-func (api *API) UpdateWorkerCronTriggers(ctx context.Context, rc *ResourceContainer, params UpdateWorkerCronTriggersParams) ([]WorkerCronTrigger, error) {
-	if rc.Level != AccountRouteLevel {
-		return []WorkerCronTrigger{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []WorkerCronTrigger{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/schedules", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Crons)
-	if err != nil {
-		return []WorkerCronTrigger{}, err
-	}
-
-	result := WorkerCronTriggerResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return []WorkerCronTrigger{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result.Result.Schedules, err
-}
diff --git a/pkg/cloudflare-go/workers_cron_triggers_test.go b/pkg/cloudflare-go/workers_cron_triggers_test.go
deleted file mode 100644
index 0194d75ef3..0000000000
--- a/pkg/cloudflare-go/workers_cron_triggers_test.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestListWorkerCronTriggers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"schedules": [
-					{
-						"cron": "*/30 * * * *",
-						"created_on": "2017-01-01T00:00:00Z",
-						"modified_on": "2017-01-01T00:00:00Z"
-					}
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/example-script/schedules", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
-	want := []WorkerCronTrigger{{
-		Cron:       "*/30 * * * *",
-		ModifiedOn: &modifiedOn,
-		CreatedOn:  &createdOn,
-	}}
-
-	actual, err := client.ListWorkerCronTriggers(context.Background(), AccountIdentifier(testAccountID), ListWorkerCronTriggersParams{ScriptName: "example-script"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateWorkerCronTriggers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"schedules": [
-					{
-						"cron": "*/30 * * * *",
-						"created_on": "2017-01-01T00:00:00Z",
-						"modified_on": "2017-01-01T00:00:00Z"
-					}
-				]
-			}
-		}`)
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/example-script/schedules", handler)
-	createdOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
-	modifiedOn, _ := time.Parse(time.RFC3339, "2017-01-01T00:00:00Z")
-	want := []WorkerCronTrigger{{
-		Cron:       "*/30 * * * *",
-		ModifiedOn: &modifiedOn,
-		CreatedOn:  &createdOn,
-	}}
-
-	actual, err := client.UpdateWorkerCronTriggers(context.Background(), AccountIdentifier(testAccountID), UpdateWorkerCronTriggersParams{ScriptName: "example-script", Crons: want})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_domain.go b/pkg/cloudflare-go/workers_domain.go
deleted file mode 100644
index a70954284f..0000000000
--- a/pkg/cloudflare-go/workers_domain.go
+++ /dev/null
@@ -1,151 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingHostname    = errors.New("required hostname missing")
-	ErrMissingService     = errors.New("required service missing")
-	ErrMissingEnvironment = errors.New("required environment missing")
-)
-
-type AttachWorkersDomainParams struct {
-	ID          string `json:"id,omitempty"`
-	ZoneID      string `json:"zone_id,omitempty"`
-	ZoneName    string `json:"zone_name,omitempty"`
-	Hostname    string `json:"hostname,omitempty"`
-	Service     string `json:"service,omitempty"`
-	Environment string `json:"environment,omitempty"`
-}
-
-type WorkersDomain struct {
-	ID          string `json:"id,omitempty"`
-	ZoneID      string `json:"zone_id,omitempty"`
-	ZoneName    string `json:"zone_name,omitempty"`
-	Hostname    string `json:"hostname,omitempty"`
-	Service     string `json:"service,omitempty"`
-	Environment string `json:"environment,omitempty"`
-}
-
-type WorkersDomainResponse struct {
-	Response
-	Result WorkersDomain `json:"result"`
-}
-
-type ListWorkersDomainParams struct {
-	ZoneID      string `url:"zone_id,omitempty"`
-	ZoneName    string `url:"zone_name,omitempty"`
-	Hostname    string `url:"hostname,omitempty"`
-	Service     string `url:"service,omitempty"`
-	Environment string `url:"environment,omitempty"`
-}
-
-type WorkersDomainListResponse struct {
-	Response
-	Result []WorkersDomain `json:"result"`
-}
-
-// ListWorkersDomains lists all Worker Domains.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-domain-list-domains
-func (api *API) ListWorkersDomains(ctx context.Context, rc *ResourceContainer, params ListWorkersDomainParams) ([]WorkersDomain, error) {
-	if rc.Identifier == "" {
-		return []WorkersDomain{}, ErrMissingAccountID
-	}
-
-	uri := buildURI(fmt.Sprintf("/accounts/%s/workers/domains", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r WorkersDomainListResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return []WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// AttachWorkersDomain attaches a worker to a zone and hostname.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-domain-attach-to-domain
-func (api *API) AttachWorkersDomain(ctx context.Context, rc *ResourceContainer, domain AttachWorkersDomainParams) (WorkersDomain, error) {
-	if rc.Identifier == "" {
-		return WorkersDomain{}, ErrMissingAccountID
-	}
-
-	if domain.ZoneID == "" {
-		return WorkersDomain{}, ErrMissingZoneID
-	}
-
-	if domain.Hostname == "" {
-		return WorkersDomain{}, ErrMissingHostname
-	}
-
-	if domain.Service == "" {
-		return WorkersDomain{}, ErrMissingService
-	}
-
-	if domain.Environment == "" {
-		return WorkersDomain{}, ErrMissingEnvironment
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/domains", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, domain)
-	if err != nil {
-		return WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r WorkersDomainResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// GetWorkersDomain gets a single Worker Domain.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-domain-get-a-domain
-func (api *API) GetWorkersDomain(ctx context.Context, rc *ResourceContainer, domainID string) (WorkersDomain, error) {
-	if rc.Identifier == "" {
-		return WorkersDomain{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/domains/%s", rc.Identifier, domainID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkersDomain{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	var r WorkersDomainResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return WorkersDomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// DetachWorkersDomain detaches a worker from a zone and hostname.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-domain-detach-from-domain
-func (api *API) DetachWorkersDomain(ctx context.Context, rc *ResourceContainer, domainID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/domains/%s", rc.Identifier, domainID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errMakeRequestError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/workers_domain_test.go b/pkg/cloudflare-go/workers_domain_test.go
deleted file mode 100644
index 443929f28d..0000000000
--- a/pkg/cloudflare-go/workers_domain_test.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const testWorkerDomainID = "dbe10b4bc17c295377eabd600e1787fd"
-
-var expectedWorkerDomain = WorkersDomain{
-	ID:          testWorkerDomainID,
-	ZoneID:      "593c9c94de529bbbfaac7c53ced0447d",
-	ZoneName:    "example.com",
-	Hostname:    "foo.example.com",
-	Service:     "foo",
-	Environment: "production",
-}
-
-func TestWorkersDomain_GetDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains/%s", testAccountID, testWorkerDomainID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"id": "dbe10b4bc17c295377eabd600e1787fd",
-			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
-			"zone_name": "example.com",
-			"hostname": "foo.example.com",
-			"service": "foo",
-			"environment": "production"
-		  }
-		}`)
-	})
-	_, err := client.GetWorkersDomain(context.Background(), AccountIdentifier(""), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	res, err := client.GetWorkersDomain(context.Background(), AccountIdentifier(testAccountID), testWorkerDomainID)
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedWorkerDomain, res)
-	}
-}
-
-func TestWorkersDomain_ListDomains(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": [
-			{
-			  "id": "dbe10b4bc17c295377eabd600e1787fd",
-			  "zone_id": "593c9c94de529bbbfaac7c53ced0447d",
-			  "zone_name": "example.com",
-			  "hostname": "foo.example.com",
-			  "service": "foo",
-			  "environment": "production"
-			}
-		  ]
-		}`)
-	})
-	_, err := client.ListWorkersDomains(context.Background(), AccountIdentifier(""), ListWorkersDomainParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	res, err := client.ListWorkersDomains(context.Background(), AccountIdentifier(testAccountID), ListWorkersDomainParams{})
-	if assert.NoError(t, err) {
-		assert.Equal(t, 1, len(res))
-		assert.Equal(t, expectedWorkerDomain, res[0])
-	}
-}
-
-func TestWorkersDomain_AttachDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"id": "dbe10b4bc17c295377eabd600e1787fd",
-			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
-			"zone_name": "example.com",
-			"hostname": "foo.example.com",
-			"service": "foo",
-			"environment": "production"
-		  }
-		}`)
-	})
-	_, err := client.AttachWorkersDomain(context.Background(), AccountIdentifier(""), AttachWorkersDomainParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingZoneID, err)
-	}
-
-	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
-		ZoneID: testZoneID,
-	})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingHostname, err)
-	}
-
-	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
-		ZoneID:   testZoneID,
-		Hostname: "foo.example.com",
-	})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingService, err)
-	}
-
-	_, err = client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
-		ZoneID:   testZoneID,
-		Hostname: "foo.example.com",
-		Service:  "foo",
-	})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingEnvironment, err)
-	}
-
-	res, err := client.AttachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), AttachWorkersDomainParams{
-		ZoneID:      testZoneID,
-		Hostname:    "foo.example.com",
-		Service:     "foo",
-		Environment: "production",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedWorkerDomain, res)
-	}
-}
-
-func TestWorkersDomain_DetachDomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/domains/%s", testAccountID, testWorkerDomainID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-		  "success": true,
-		  "errors": [],
-		  "messages": [],
-		  "result": {
-			"id": "dbe10b4bc17c295377eabd600e1787fd",
-			"zone_id": "593c9c94de529bbbfaac7c53ced0447d",
-			"zone_name": "example.com",
-			"hostname": "foo.example.com",
-			"service": "foo",
-			"environment": "production"
-		  }
-		}`)
-	})
-	err := client.DetachWorkersDomain(context.Background(), AccountIdentifier(""), testWorkerDomainID)
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-	err = client.DetachWorkersDomain(context.Background(), AccountIdentifier(testAccountID), testWorkerDomainID)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/workers_for_platforms.go b/pkg/cloudflare-go/workers_for_platforms.go
deleted file mode 100644
index eda77eaee2..0000000000
--- a/pkg/cloudflare-go/workers_for_platforms.go
+++ /dev/null
@@ -1,139 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type WorkersForPlatformsDispatchNamespace struct {
-	NamespaceId   string     `json:"namespace_id"`
-	NamespaceName string     `json:"namespace_name"`
-	CreatedOn     *time.Time `json:"created_on,omitempty"`
-	CreatedBy     string     `json:"created_by"`
-	ModifiedOn    *time.Time `json:"modified_on,omitempty"`
-	ModifiedBy    string     `json:"modified_by"`
-}
-
-type ListWorkersForPlatformsDispatchNamespaceResponse struct {
-	Response
-	Result []WorkersForPlatformsDispatchNamespace `json:"result"`
-}
-
-type GetWorkersForPlatformsDispatchNamespaceResponse struct {
-	Response
-	Result WorkersForPlatformsDispatchNamespace `json:"result"`
-}
-
-type CreateWorkersForPlatformsDispatchNamespaceParams struct {
-	Name string `json:"name"`
-}
-
-// ListWorkersForPlatformsDispatchNamespaces lists the dispatch namespaces.
-//
-// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-list
-func (api *API) ListWorkersForPlatformsDispatchNamespaces(ctx context.Context, rc *ResourceContainer) (*ListWorkersForPlatformsDispatchNamespaceResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return nil, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	var r ListWorkersForPlatformsDispatchNamespaceResponse
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &r, nil
-}
-
-// GetWorkersForPlatformsDispatchNamespace gets a specific dispatch namespace.
-//
-// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-get-namespace
-func (api *API) GetWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, name string) (*GetWorkersForPlatformsDispatchNamespaceResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return nil, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s", rc.Identifier, name)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-
-	var r GetWorkersForPlatformsDispatchNamespaceResponse
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &r, nil
-}
-
-// CreateWorkersForPlatformsDispatchNamespace creates a new dispatch namespace.
-//
-// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-create
-func (api *API) CreateWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, params CreateWorkersForPlatformsDispatchNamespaceParams) (*GetWorkersForPlatformsDispatchNamespaceResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return nil, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return nil, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-
-	var r GetWorkersForPlatformsDispatchNamespaceResponse
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return &r, nil
-}
-
-// DeleteWorkersForPlatformsDispatchNamespace deletes a dispatch namespace.
-//
-// API reference: https://developers.cloudflare.com/api/operations/namespace-worker-delete-namespace
-func (api *API) DeleteWorkersForPlatformsDispatchNamespace(ctx context.Context, rc *ResourceContainer, name string) error {
-	if rc.Level != AccountRouteLevel {
-		return ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/dispatch/namespaces/%s", rc.Identifier, name)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/workers_for_platforms_test.go b/pkg/cloudflare-go/workers_for_platforms_test.go
deleted file mode 100644
index 720fcc0b95..0000000000
--- a/pkg/cloudflare-go/workers_for_platforms_test.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	listDispatchNamespaces = `{
-    "result": [
-		{
-            "namespace_id": "6446f71d-13b3-4bbc-a8a4-9e18760499c8",
-            "namespace_name": "test",
-            "created_on": "2024-02-20T17:26:15.4134Z",
-            "created_by": "4e599df4216133509abaac54b109a647",
-            "modified_on": "2024-02-20T17:26:15.4134Z",
-            "modified_by": "4e599df4216133509abaac54b109a647"
-        },
-        {
-            "namespace_id": "d6851dad-d412-4509-ae13-a364bc5f125a",
-            "namespace_name": "test-2",
-            "created_on": "2024-02-20T20:28:36.560575Z",
-            "created_by": "4e599df4216133509abaac54b109a647",
-            "modified_on": "2024-02-20T20:28:36.560575Z",
-            "modified_by": "4e599df4216133509abaac54b109a647"
-        }
-	],
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-
-	getDispatchNamespace = `{
-	"result": {
-		"namespace_id": "6446f71d-13b3-4bbc-a8a4-9e18760499c8",
-		"namespace_name": "test",
-		"created_on": "2024-02-20T17:26:15.4134Z",
-		"created_by": "4e599df4216133509abaac54b109a647",
-		"modified_on": "2024-02-20T17:26:15.4134Z",
-		"modified_by": "4e599df4216133509abaac54b109a647"
-	},
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-
-	deleteDispatchNamespace = `{
-    "result": null,
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-)
-
-func TestListWorkersForPlatformsDispatchNamespaces(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, listDispatchNamespaces)
-	})
-
-	res, err := client.ListWorkersForPlatformsDispatchNamespaces(context.Background(), AccountIdentifier(testAccountID))
-
-	assert.NoError(t, err)
-	assert.Len(t, res.Result, 2)
-
-	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result[0].NamespaceId)
-	assert.Equal(t, "test", res.Result[0].NamespaceName)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[0].CreatedBy)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[0].ModifiedBy)
-
-	assert.Equal(t, "d6851dad-d412-4509-ae13-a364bc5f125a", res.Result[1].NamespaceId)
-	assert.Equal(t, "test-2", res.Result[1].NamespaceName)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[1].CreatedBy)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result[1].ModifiedBy)
-}
-
-func TestGetWorkersForPlatformsDispatchNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/test", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, getDispatchNamespace)
-	})
-
-	res, err := client.GetWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "test")
-
-	assert.NoError(t, err)
-
-	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result.NamespaceId)
-	assert.Equal(t, "test", res.Result.NamespaceName)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.CreatedBy)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.ModifiedBy)
-}
-
-func TestCreateWorkersForPlatformsDispatchNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, getDispatchNamespace)
-	})
-
-	res, err := client.CreateWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), CreateWorkersForPlatformsDispatchNamespaceParams{
-		Name: "test",
-	})
-
-	assert.NoError(t, err)
-
-	assert.Equal(t, "6446f71d-13b3-4bbc-a8a4-9e18760499c8", res.Result.NamespaceId)
-	assert.Equal(t, "test", res.Result.NamespaceName)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.CreatedBy)
-	assert.Equal(t, "4e599df4216133509abaac54b109a647", res.Result.ModifiedBy)
-}
-
-func TestDeleteWorkersForPlatformsDispatchNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/test", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, deleteDispatchNamespace)
-	})
-
-	err := client.DeleteWorkersForPlatformsDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "test")
-
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/workers_kv.go b/pkg/cloudflare-go/workers_kv.go
deleted file mode 100644
index d7e1f04010..0000000000
--- a/pkg/cloudflare-go/workers_kv.go
+++ /dev/null
@@ -1,378 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"net/url"
-
-	"github.com/goccy/go-json"
-)
-
-// CreateWorkersKVNamespaceParams provides parameters for creating and updating storage namespaces.
-type CreateWorkersKVNamespaceParams struct {
-	Title string `json:"title"`
-}
-
-type UpdateWorkersKVNamespaceParams struct {
-	NamespaceID string `json:"-"`
-	Title       string `json:"title"`
-}
-
-// WorkersKVPair is used in an array in the request to the bulk KV api.
-type WorkersKVPair struct {
-	Key           string      `json:"key"`
-	Value         string      `json:"value"`
-	Expiration    int         `json:"expiration,omitempty"`
-	ExpirationTTL int         `json:"expiration_ttl,omitempty"`
-	Metadata      interface{} `json:"metadata,omitempty"`
-	Base64        bool        `json:"base64,omitempty"`
-}
-
-// WorkersKVNamespaceResponse is the response received when creating storage namespaces.
-type WorkersKVNamespaceResponse struct {
-	Response
-	Result WorkersKVNamespace `json:"result"`
-}
-
-// WorkersKVNamespace contains the unique identifier and title of a storage namespace.
-type WorkersKVNamespace struct {
-	ID    string `json:"id"`
-	Title string `json:"title"`
-}
-
-// ListWorkersKVNamespacesResponse contains a slice of storage namespaces associated with an
-// account, pagination information, and an embedded response struct.
-type ListWorkersKVNamespacesResponse struct {
-	Response
-	Result     []WorkersKVNamespace `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// StorageKey is a key name used to identify a storage value.
-type StorageKey struct {
-	Name       string      `json:"name"`
-	Expiration int         `json:"expiration"`
-	Metadata   interface{} `json:"metadata"`
-}
-
-// ListStorageKeysResponse contains a slice of keys belonging to a storage namespace,
-// pagination information, and an embedded response struct.
-type ListStorageKeysResponse struct {
-	Response
-	Result     []StorageKey `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-type ListWorkersKVNamespacesParams struct {
-	ResultInfo
-}
-
-type WriteWorkersKVEntryParams struct {
-	NamespaceID string
-	Key         string
-	Value       []byte
-}
-
-type WriteWorkersKVEntriesParams struct {
-	NamespaceID string
-	KVs         []*WorkersKVPair
-}
-
-type GetWorkersKVParams struct {
-	NamespaceID string
-	Key         string
-}
-
-type DeleteWorkersKVEntryParams struct {
-	NamespaceID string
-	Key         string
-}
-
-type DeleteWorkersKVEntriesParams struct {
-	NamespaceID string
-	Keys        []string
-}
-
-type ListWorkersKVsParams struct {
-	NamespaceID string `url:"-"`
-	Limit       int    `url:"limit,omitempty"`
-	Cursor      string `url:"cursor,omitempty"`
-	Prefix      string `url:"prefix,omitempty"`
-}
-
-// CreateWorkersKVNamespace creates a namespace under the given title.
-// A 400 is returned if the account already owns a namespace with this title.
-// A namespace must be explicitly deleted to be replaced.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-create-a-namespace
-func (api *API) CreateWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, params CreateWorkersKVNamespaceParams) (WorkersKVNamespaceResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkersKVNamespaceResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkersKVNamespaceResponse{}, ErrMissingIdentifier
-	}
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return WorkersKVNamespaceResponse{}, err
-	}
-
-	result := WorkersKVNamespaceResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// ListWorkersKVNamespaces lists storage namespaces.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-list-namespaces
-func (api *API) ListWorkersKVNamespaces(ctx context.Context, rc *ResourceContainer, params ListWorkersKVNamespacesParams) ([]WorkersKVNamespace, *ResultInfo, error) {
-	if rc.Level != AccountRouteLevel {
-		return []WorkersKVNamespace{}, &ResultInfo{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []WorkersKVNamespace{}, &ResultInfo{}, ErrMissingIdentifier
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-	if params.PerPage < 1 {
-		params.PerPage = 50
-	}
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var namespaces []WorkersKVNamespace
-	var nsResponse ListWorkersKVNamespacesResponse
-	for {
-		nsResponse = ListWorkersKVNamespacesResponse{}
-		uri := buildURI(fmt.Sprintf("/accounts/%s/storage/kv/namespaces", rc.Identifier), params)
-
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []WorkersKVNamespace{}, &ResultInfo{}, err
-		}
-
-		err = json.Unmarshal(res, &nsResponse)
-		if err != nil {
-			return []WorkersKVNamespace{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal workers KV namespaces JSON data: %w", err)
-		}
-
-		namespaces = append(namespaces, nsResponse.Result...)
-		params.ResultInfo = nsResponse.ResultInfo.Next()
-
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-
-	return namespaces, &nsResponse.ResultInfo, nil
-}
-
-// DeleteWorkersKVNamespace deletes the namespace corresponding to the given ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-remove-a-namespace
-func (api *API) DeleteWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, namespaceID string) (Response, error) {
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s", rc.Identifier, namespaceID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// UpdateWorkersKVNamespace modifies a KV namespace based on the ID.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-rename-a-namespace
-func (api *API) UpdateWorkersKVNamespace(ctx context.Context, rc *ResourceContainer, params UpdateWorkersKVNamespaceParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s", rc.Identifier, params.NamespaceID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// WriteWorkersKVEntry writes a single KV value based on the key.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-write-key-value-pair-with-metadata
-func (api *API) WriteWorkersKVEntry(ctx context.Context, rc *ResourceContainer, params WriteWorkersKVEntryParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
-	res, err := api.makeRequestContextWithHeaders(
-		ctx, http.MethodPut, uri, params.Value, http.Header{"Content-Type": []string{"application/octet-stream"}},
-	)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// WriteWorkersKVEntries writes multiple KVs at once.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-write-multiple-key-value-pairs
-func (api *API) WriteWorkersKVEntries(ctx context.Context, rc *ResourceContainer, params WriteWorkersKVEntriesParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/bulk", rc.Identifier, params.NamespaceID)
-	res, err := api.makeRequestContextWithHeaders(
-		ctx, http.MethodPut, uri, params.KVs, http.Header{"Content-Type": []string{"application/json"}},
-	)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// GetWorkersKV returns the value associated with the given key in the
-// given namespace.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-read-key-value-pair
-func (api API) GetWorkersKV(ctx context.Context, rc *ResourceContainer, params GetWorkersKVParams) ([]byte, error) {
-	if rc.Level != AccountRouteLevel {
-		return []byte(``), ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return []byte(``), ErrMissingIdentifier
-	}
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	return res, nil
-}
-
-// DeleteWorkersKVEntry deletes a key and value for a provided storage namespace.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-delete-key-value-pair
-func (api API) DeleteWorkersKVEntry(ctx context.Context, rc *ResourceContainer, params DeleteWorkersKVEntryParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingIdentifier
-	}
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/values/%s", rc.Identifier, params.NamespaceID, url.PathEscape(params.Key))
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result, err
-}
-
-// DeleteWorkersKVEntries deletes multiple KVs at once.
-//
-// API reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-delete-multiple-key-value-pairs
-func (api *API) DeleteWorkersKVEntries(ctx context.Context, rc *ResourceContainer, params DeleteWorkersKVEntriesParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingIdentifier
-	}
-	uri := fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/bulk", rc.Identifier, params.NamespaceID)
-	res, err := api.makeRequestContextWithHeaders(
-		ctx, http.MethodDelete, uri, params.Keys, http.Header{"Content-Type": []string{"application/json"}},
-	)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// ListWorkersKVKeys lists a namespace's keys.
-//
-// API Reference: https://developers.cloudflare.com/api/operations/workers-kv-namespace-list-a-namespace'-s-keys
-func (api API) ListWorkersKVKeys(ctx context.Context, rc *ResourceContainer, params ListWorkersKVsParams) (ListStorageKeysResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return ListStorageKeysResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ListStorageKeysResponse{}, ErrMissingIdentifier
-	}
-
-	uri := buildURI(
-		fmt.Sprintf("/accounts/%s/storage/kv/namespaces/%s/keys", rc.Identifier, params.NamespaceID),
-		params,
-	)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ListStorageKeysResponse{}, err
-	}
-
-	result := ListStorageKeysResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return result, err
-}
diff --git a/pkg/cloudflare-go/workers_kv_example_test.go b/pkg/cloudflare-go/workers_kv_example_test.go
deleted file mode 100644
index 233adbc661..0000000000
--- a/pkg/cloudflare-go/workers_kv_example_test.go
+++ /dev/null
@@ -1,210 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"encoding/base64"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-const (
-	namespace = "xxxxxx96ee002e8xxxxxx665354c0449"
-	accountID = "xxxxxx10ee002e8xxxxxx665354c0410"
-)
-
-func ExampleAPI_CreateWorkersKVNamespace() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	req := cloudflare.CreateWorkersKVNamespaceParams{Title: "test_namespace2"}
-	response, err := api.CreateWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), req)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(response)
-}
-
-func ExampleAPI_ListWorkersKVNamespaces() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	lsr, _, err := api.ListWorkersKVNamespaces(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVNamespacesParams{})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(lsr)
-
-	resp, _, err := api.ListWorkersKVNamespaces(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVNamespacesParams{ResultInfo: cloudflare.ResultInfo{
-		PerPage: 10,
-	}})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
-
-func ExampleAPI_DeleteWorkersKVNamespace() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	response, err := api.DeleteWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), namespace)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(response)
-}
-
-func ExampleAPI_UpdateWorkersKVNamespace() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	resp, err := api.UpdateWorkersKVNamespace(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.UpdateWorkersKVNamespaceParams{
-		NamespaceID: namespace,
-		Title:       "test_title",
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
-
-func ExampleAPI_WriteWorkersKVEntry() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	payload := []byte("test payload")
-	key := "test_key"
-
-	resp, err := api.WriteWorkersKVEntry(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.WriteWorkersKVEntryParams{
-		NamespaceID: namespace,
-		Key:         key,
-		Value:       payload,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
-
-func ExampleAPI_WriteWorkersKVEntries() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	payload := []*cloudflare.WorkersKVPair{
-		{
-			Key:   "key1",
-			Value: "value1",
-		},
-		{
-			Key:      "key2",
-			Value:    base64.StdEncoding.EncodeToString([]byte("value2")),
-			Base64:   true,
-			Metadata: "key2's value will be decoded in base64 before it is stored",
-		},
-	}
-
-	resp, err := api.WriteWorkersKVEntries(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.WriteWorkersKVEntriesParams{
-		NamespaceID: namespace,
-		KVs:         payload,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
-
-func ExampleAPI_GetWorkersKV() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	key := "test_key"
-	resp, err := api.GetWorkersKV(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.GetWorkersKVParams{NamespaceID: namespace, Key: key})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%s\n", resp)
-}
-
-func ExampleAPI_DeleteWorkersKVEntry() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	key := "test_key"
-	resp, err := api.DeleteWorkersKVEntry(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.DeleteWorkersKVEntryParams{
-		NamespaceID: namespace,
-		Key:         key,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Printf("%+v\n", resp)
-}
-
-func ExampleAPI_DeleteWorkersKVEntries() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	keys := []string{"key1", "key2", "key3"}
-
-	resp, err := api.DeleteWorkersKVEntries(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.DeleteWorkersKVEntriesParams{
-		NamespaceID: namespace,
-		Keys:        keys,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
-
-func ExampleAPI_ListWorkersKVKeys() {
-	api, err := cloudflare.New(apiKey, user)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	limit := 50
-	prefix := "my-prefix"
-	cursor := "AArAbNSOuYcr4HmzGH02-cfDN8Ck9ejOwkn_Ai5rsn7S9NEqVJBenU9-gYRlrsziyjKLx48hNDLvtYzBAmkPsLGdye8ECr5PqFYcIOfUITdhkyTc1x6bV8nmyjz5DO-XaZH4kYY1KfqT8NRBIe5sic6yYt3FUDttGjafy0ivi-Up-TkVdRB0OxCf3O3OB-svG6DXheV5XTdDNrNx1o_CVqy2l2j0F4iKV1qFe_KhdkjC7Y6QjhUZ1MOb3J_uznNYVCoxZ-bVAAsJmXA"
-
-	resp, err := api.ListWorkersKVKeys(context.Background(), cloudflare.AccountIdentifier(accountID), cloudflare.ListWorkersKVsParams{
-		NamespaceID: namespace,
-		Prefix:      prefix,
-		Limit:       limit,
-		Cursor:      cursor,
-	})
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	fmt.Println(resp)
-}
diff --git a/pkg/cloudflare-go/workers_kv_test.go b/pkg/cloudflare-go/workers_kv_test.go
deleted file mode 100644
index 80d7b140b9..0000000000
--- a/pkg/cloudflare-go/workers_kv_test.go
+++ /dev/null
@@ -1,506 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"sort"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestWorkersKV_CreateWorkersKVNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := `{
-		"result": {
-			"id" : "3aeaxxxxee014exxxx4cf66xxxxc0448",
-			"title": "test_namespace"
-		},
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.CreateWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), CreateWorkersKVNamespaceParams{Title: "Namespace"})
-	want := WorkersKVNamespaceResponse{
-		successResponse,
-		WorkersKVNamespace{
-			ID:    "3aeaxxxxee014exxxx4cf66xxxxc0448",
-			Title: "test_namespace",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Response, res.Response)
-	}
-}
-
-func TestWorkersKV_DeleteWorkersKVNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	namespace := "3aeaxxxxee014exxxx4cf66xxxxc0448"
-	response := `{
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.DeleteWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), namespace)
-	want := successResponse
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersKV_ListWorkersKVNamespaces(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := `{
-		"result": [
-			{"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-			"title": "test_namespace_1"
-			},
-			{"id": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
-			"title": "test_namespace_2"
-			}
-		],
-		"success": true,
-		"errors": [],
-		"messages": [],
-		"result_info": {
-			"page": 1,
-			"per_page": 100,
-			"count": 2,
-			"total_count": 2,
-			"total_pages": 1
-		}
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, _, err := client.ListWorkersKVNamespaces(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVNamespacesParams{})
-	want := []WorkersKVNamespace{
-		{
-			ID:    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-			Title: "test_namespace_1",
-		},
-		{
-			ID:    "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
-			Title: "test_namespace_2",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		sort.Slice(res, func(i, j int) bool {
-			return res[i].ID < res[j].ID
-		})
-		sort.Slice(want, func(i, j int) bool {
-			return want[i].ID < want[j].ID
-		})
-		assert.Equal(t, res, want)
-	}
-}
-
-func TestWorkersKV_ListWorkersKVNamespaceMultiplePages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response1 := `{
-		"result": [
-			{"id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-			"title": "test_namespace_1"
-			}
-		],
-		"success": true,
-		"errors": [],
-		"messages": [],
-		"result_info": {
-			"page": 1,
-			"per_page": 100,
-			"count": 1,
-			"total_count": 2,
-			"total_pages": 2
-		}
-	}`
-
-	response2 := `{
-		"result": [
-			{"id": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
-			"title": "test_namespace_2"
-			}
-		],
-		"success": true,
-		"errors": [],
-		"messages": [],
-		"result_info": {
-			"page": 2,
-			"per_page": 100,
-			"count": 1,
-			"total_count": 2,
-			"total_pages": 2
-		}
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/storage/kv/namespaces", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-
-		if r.URL.Query().Get("page") == "1" {
-			fmt.Fprint(w, response1)
-			return
-		} else if r.URL.Query().Get("page") == "2" {
-			fmt.Fprint(w, response2)
-			return
-		} else {
-			panic(errors.New("Got a request for an unexpected page"))
-		}
-	})
-
-	res, _, err := client.ListWorkersKVNamespaces(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVNamespacesParams{})
-	want := []WorkersKVNamespace{
-		{
-			ID:    "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
-			Title: "test_namespace_1",
-		},
-		{
-			ID:    "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy",
-			Title: "test_namespace_2",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		sort.Slice(res, func(i, j int) bool {
-			return res[i].ID < res[j].ID
-		})
-		sort.Slice(want, func(i, j int) bool {
-			return want[i].ID < want[j].ID
-		})
-		assert.Equal(t, res, want)
-	}
-}
-
-func TestWorkersKV_UpdateWorkersKVNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": null,
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.UpdateWorkersKVNamespace(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersKVNamespaceParams{Title: "Namespace", NamespaceID: namespace})
-	want := successResponse
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersKV_WriteWorkersKVEntry(t *testing.T) {
-	setup()
-	defer teardown()
-
-	key := "test_key"
-	value := []byte("test_value")
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": null,
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/octet-stream")
-		fmt.Fprint(w, response)
-	})
-
-	want := successResponse
-	res, err := client.WriteWorkersKVEntry(context.Background(), AccountIdentifier(testAccountID), WriteWorkersKVEntryParams{NamespaceID: namespace, Key: key, Value: value})
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersKV_WriteWorkersKVEntries(t *testing.T) {
-	setup()
-	defer teardown()
-
-	kvs := []*WorkersKVPair{
-		{Key: "key1", Value: "value1"},
-		{Key: "key2", Value: "value2"},
-		{Key: "key3", Value: "value3", Metadata: "meta3", Base64: true},
-	}
-
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": null,
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/bulk", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	})
-
-	want := successResponse
-	res, err := client.WriteWorkersKVEntries(context.Background(), AccountIdentifier(testAccountID), WriteWorkersKVEntriesParams{NamespaceID: namespace, KVs: kvs})
-	require.NoError(t, err)
-	assert.Equal(t, want, res)
-}
-
-func TestWorkersKV_ReadWorkersKV(t *testing.T) {
-	setup()
-	defer teardown()
-
-	key := "test_key"
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "text/plain")
-		fmt.Fprint(w, "test_value")
-	})
-
-	res, err := client.GetWorkersKV(context.Background(), AccountIdentifier(testAccountID), GetWorkersKVParams{NamespaceID: namespace, Key: key})
-	want := []byte("test_value")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersKV_DeleteWorkersKVEntry(t *testing.T) {
-	setup()
-	defer teardown()
-
-	key := "test_key"
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": null,
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/values/%s", namespace, key), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.DeleteWorkersKVEntry(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersKVEntryParams{NamespaceID: namespace, Key: key})
-	want := successResponse
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersKV_DeleteWorkersKVBulk(t *testing.T) {
-	setup()
-	defer teardown()
-
-	keys := []string{"key1", "key2", "key3"}
-
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": null,
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/bulk", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	})
-
-	want := successResponse
-	res, err := client.DeleteWorkersKVEntries(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersKVEntriesParams{NamespaceID: namespace, Keys: keys})
-	require.NoError(t, err)
-	assert.Equal(t, want, res)
-}
-
-func TestWorkersKV_ListKeys(t *testing.T) {
-	setup()
-	defer teardown()
-
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": [
-			{"name": "test_key_1"},
-			{"name": "test_key_2"}
-		],
-		"success": true,
-		"errors": [],
-		"messages": [],
-		"result_info": {
-			"page": 1,
-			"per_page": 20,
-			"count": 2,
-			"total_count": 2,
-			"total_pages": 1
-		}
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/keys", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.ListWorkersKVKeys(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVsParams{NamespaceID: namespace})
-
-	want := ListStorageKeysResponse{
-		successResponse,
-		[]StorageKey{
-			{Name: "test_key_1"},
-			{Name: "test_key_2"},
-		},
-		ResultInfo{
-			Page:       1,
-			PerPage:    20,
-			Count:      2,
-			TotalPages: 1,
-			Total:      2,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Response, res.Response)
-		assert.Equal(t, want.ResultInfo, res.ResultInfo)
-
-		sort.Slice(res.Result, func(i, j int) bool {
-			return res.Result[i].Name < res.Result[j].Name
-		})
-
-		sort.Slice(want.Result, func(i, j int) bool {
-			return want.Result[i].Name < want.Result[j].Name
-		})
-		assert.Equal(t, want.Result, res.Result)
-	}
-}
-
-func TestWorkersKV_ListKeysWithParameters(t *testing.T) {
-	setup()
-	defer teardown()
-
-	cursor := "AArAbNSOuYcr4HmzGH02-cfDN8Ck9ejOwkn_Ai5rsn7S9NEqVJBenU9-gYRlrsziyjKLx48hNDLvtYzBAmkPsLGdye8ECr5PqFYcIOfUITdhkyTc1x6bV8nmyjz5DO-XaZH4kYY1KfqT8NRBIe5sic6yYt3FUDttGjafy0ivi-Up-TkVdRB0OxCf3O3OB-svG6DXheV5XTdDNrNx1o_CVqy2l2j0F4iKV1qFe_KhdkjC7Y6QjhUZ1MOb3J_uznNYVCoxZ-bVAAsJmXA"
-	namespace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-	response := `{
-		"result": [
-			{
-				"name": "test_key_1",
-				"metadata": "test_key_1_meta"
-			},
-			{
-				"name": "test_key_2",
-				"metadata": {
-					"test2_meta_key": "test2_meta_value"
-				}
-			}
-		],
-		"success": true,
-		"errors": [],
-		"messages": [],
-		"result_info": {
-			"page": 1,
-			"per_page": 20,
-			"count": 2,
-			"total_count": 2,
-			"total_pages": 1,
-			"cursor": "` + cursor + `"
-		}
-	}`
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/"+testAccountID+"/storage/kv/namespaces/%s/keys", namespace), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	limit, prefix := 25, "test-prefix"
-	res, err := client.ListWorkersKVKeys(context.Background(), AccountIdentifier(testAccountID), ListWorkersKVsParams{
-		NamespaceID: namespace,
-		Limit:       limit,
-		Prefix:      prefix,
-	})
-
-	want := ListStorageKeysResponse{
-		successResponse,
-		[]StorageKey{
-			{
-				Name:     "test_key_1",
-				Metadata: "test_key_1_meta",
-			},
-			{
-				Name: "test_key_2",
-				Metadata: map[string]interface{}{
-					"test2_meta_key": "test2_meta_value",
-				},
-			},
-		},
-		ResultInfo{
-			Page:       1,
-			PerPage:    20,
-			Count:      2,
-			TotalPages: 1,
-			Total:      2,
-			Cursor:     cursor,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Response, res.Response)
-		assert.Equal(t, want.ResultInfo, res.ResultInfo)
-
-		sort.Slice(res.Result, func(i, j int) bool {
-			return res.Result[i].Name < res.Result[j].Name
-		})
-
-		sort.Slice(want.Result, func(i, j int) bool {
-			return want.Result[i].Name < want.Result[j].Name
-		})
-		assert.Equal(t, want.Result, res.Result)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_routes.go b/pkg/cloudflare-go/workers_routes.go
deleted file mode 100644
index 9fc7f7a894..0000000000
--- a/pkg/cloudflare-go/workers_routes.go
+++ /dev/null
@@ -1,162 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-var ErrMissingWorkerRouteID = errors.New("missing required route ID")
-
-type ListWorkerRoutes struct{}
-
-type CreateWorkerRouteParams struct {
-	Pattern string `json:"pattern"`
-	Script  string `json:"script,omitempty"`
-}
-
-type ListWorkerRoutesParams struct{}
-
-type UpdateWorkerRouteParams struct {
-	ID      string `json:"id,omitempty"`
-	Pattern string `json:"pattern"`
-	Script  string `json:"script,omitempty"`
-}
-
-// CreateWorkerRoute creates worker route for a script.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-routes-create-route
-func (api *API) CreateWorkerRoute(ctx context.Context, rc *ResourceContainer, params CreateWorkerRouteParams) (WorkerRouteResponse, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if rc.Identifier == "" {
-		return WorkerRouteResponse{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/workers/routes", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params)
-	if err != nil {
-		return WorkerRouteResponse{}, err
-	}
-
-	var r WorkerRouteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// DeleteWorkerRoute deletes worker route for a script.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-routes-delete-route
-func (api *API) DeleteWorkerRoute(ctx context.Context, rc *ResourceContainer, routeID string) (WorkerRouteResponse, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if rc.Identifier == "" {
-		return WorkerRouteResponse{}, ErrMissingIdentifier
-	}
-
-	if routeID == "" {
-		return WorkerRouteResponse{}, errors.New("missing required route ID")
-	}
-
-	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, routeID)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return WorkerRouteResponse{}, err
-	}
-	var r WorkerRouteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// ListWorkerRoutes returns list of Worker routes.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-routes-list-routes
-func (api *API) ListWorkerRoutes(ctx context.Context, rc *ResourceContainer, params ListWorkerRoutesParams) (WorkerRoutesResponse, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WorkerRoutesResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if rc.Identifier == "" {
-		return WorkerRoutesResponse{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/workers/routes", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkerRoutesResponse{}, err
-	}
-	var r WorkerRoutesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerRoutesResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r, nil
-}
-
-// GetWorkerRoute returns a Workers route.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-routes-get-route
-func (api *API) GetWorkerRoute(ctx context.Context, rc *ResourceContainer, routeID string) (WorkerRouteResponse, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if rc.Identifier == "" {
-		return WorkerRouteResponse{}, ErrMissingIdentifier
-	}
-
-	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, routeID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkerRouteResponse{}, err
-	}
-	var r WorkerRouteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// UpdateWorkerRoute updates worker route for a script.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-routes-update-route
-func (api *API) UpdateWorkerRoute(ctx context.Context, rc *ResourceContainer, params UpdateWorkerRouteParams) (WorkerRouteResponse, error) {
-	if rc.Level != ZoneRouteLevel {
-		return WorkerRouteResponse{}, fmt.Errorf(errInvalidResourceContainerAccess, ZoneRouteLevel)
-	}
-
-	if rc.Identifier == "" {
-		return WorkerRouteResponse{}, ErrMissingIdentifier
-	}
-
-	if params.ID == "" {
-		return WorkerRouteResponse{}, ErrMissingWorkerRouteID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/workers/routes/%s", rc.Identifier, params.ID)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return WorkerRouteResponse{}, err
-	}
-	var r WorkerRouteResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return WorkerRouteResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
diff --git a/pkg/cloudflare-go/workers_routes_test.go b/pkg/cloudflare-go/workers_routes_test.go
deleted file mode 100644
index 8d36fdc9d4..0000000000
--- a/pkg/cloudflare-go/workers_routes_test.go
+++ /dev/null
@@ -1,121 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCreateWorkersRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, createWorkerRouteResponse)
-	})
-
-	res, err := client.CreateWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), CreateWorkerRouteParams{
-		Pattern: "app1.example.com/*",
-		Script:  "example",
-	})
-
-	want := WorkerRouteResponse{successResponse, WorkerRoute{ID: "e7a57d8746e74ae49c25994dadb421b1"}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestDeleteWorkersRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/e7a57d8746e74ae49c25994dadb421b1", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, deleteWorkerRouteResponseData)
-	})
-	res, err := client.DeleteWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), "e7a57d8746e74ae49c25994dadb421b1")
-	want := WorkerRouteResponse{successResponse,
-		WorkerRoute{
-			ID: "e7a57d8746e74ae49c25994dadb421b1",
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestListWorkersRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, listWorkerRouteResponse)
-	})
-
-	res, err := client.ListWorkerRoutes(context.Background(), ZoneIdentifier(testZoneID), ListWorkerRoutesParams{})
-	want := WorkerRoutesResponse{successResponse,
-		[]WorkerRoute{
-			{ID: "e7a57d8746e74ae49c25994dadb421b1", Pattern: "app1.example.com/*", ScriptName: "test_script_1"},
-			{ID: "f8b68e9857f85bf59c25994dadb421b1", Pattern: "app2.example.com/*", ScriptName: "test_script_2"},
-			{ID: "2b5bf4240cd34c77852fac70b1bf745a", Pattern: "app3.example.com/*", ScriptName: "test_script_3"},
-		},
-	}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestGetWorkersRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/1234", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, getRouteResponseData)
-	})
-
-	res, err := client.GetWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), "1234")
-	want := WorkerRouteResponse{successResponse,
-		WorkerRoute{
-			ID:         "e7a57d8746e74ae49c25994dadb421b1",
-			Pattern:    "app1.example.com/*",
-			ScriptName: "script-name"},
-	}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUpdateWorkersRoute(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/"+testZoneID+"/workers/routes/e7a57d8746e74ae49c25994dadb421b1", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, updateWorkerRouteEntResponse)
-	})
-
-	res, err := client.UpdateWorkerRoute(context.Background(), ZoneIdentifier(testZoneID), UpdateWorkerRouteParams{
-		ID:      "e7a57d8746e74ae49c25994dadb421b1",
-		Pattern: "app3.example.com/*",
-		Script:  "test_script_1",
-	})
-	want := WorkerRouteResponse{successResponse,
-		WorkerRoute{
-			ID:         "e7a57d8746e74ae49c25994dadb421b1",
-			Pattern:    "app3.example.com/*",
-			ScriptName: "test_script_1",
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_secrets.go b/pkg/cloudflare-go/workers_secrets.go
deleted file mode 100644
index cfcd597fd4..0000000000
--- a/pkg/cloudflare-go/workers_secrets.go
+++ /dev/null
@@ -1,125 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-// WorkersPutSecretRequest provides parameters for creating and updating secrets.
-type WorkersPutSecretRequest struct {
-	Name string            `json:"name"`
-	Text string            `json:"text"`
-	Type WorkerBindingType `json:"type"`
-}
-
-// WorkersSecret contains the name and type of the secret.
-type WorkersSecret struct {
-	Name string `json:"name"`
-	Type string `json:"secret_text"`
-}
-
-// WorkersPutSecretResponse is the response received when creating or updating a secret.
-type WorkersPutSecretResponse struct {
-	Response
-	Result WorkersSecret `json:"result"`
-}
-
-// WorkersListSecretsResponse is the response received when listing secrets.
-type WorkersListSecretsResponse struct {
-	Response
-	Result []WorkersSecret `json:"result"`
-}
-
-type SetWorkersSecretParams struct {
-	ScriptName string
-	Secret     *WorkersPutSecretRequest
-}
-
-type DeleteWorkersSecretParams struct {
-	ScriptName string
-	SecretName string
-}
-
-type ListWorkersSecretsParams struct {
-	ScriptName string
-}
-
-// SetWorkersSecret creates or updates a secret.
-//
-// API reference: https://api.cloudflare.com/
-func (api *API) SetWorkersSecret(ctx context.Context, rc *ResourceContainer, params SetWorkersSecretParams) (WorkersPutSecretResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkersPutSecretResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkersPutSecretResponse{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Secret)
-	if err != nil {
-		return WorkersPutSecretResponse{}, err
-	}
-
-	result := WorkersPutSecretResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// DeleteWorkersSecret deletes a secret.
-//
-// API reference: https://api.cloudflare.com/
-func (api *API) DeleteWorkersSecret(ctx context.Context, rc *ResourceContainer, params DeleteWorkersSecretParams) (Response, error) {
-	if rc.Level != AccountRouteLevel {
-		return Response{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return Response{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets/%s", rc.Identifier, params.ScriptName, params.SecretName)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return Response{}, err
-	}
-
-	result := Response{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
-
-// ListWorkersSecrets lists secrets for a given worker
-// API reference: https://api.cloudflare.com/
-func (api *API) ListWorkersSecrets(ctx context.Context, rc *ResourceContainer, params ListWorkersSecretsParams) (WorkersListSecretsResponse, error) {
-	if rc.Level != AccountRouteLevel {
-		return WorkersListSecretsResponse{}, ErrRequiredAccountLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return WorkersListSecretsResponse{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/secrets", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkersListSecretsResponse{}, err
-	}
-
-	result := WorkersListSecretsResponse{}
-	if err := json.Unmarshal(res, &result); err != nil {
-		return result, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return result, err
-}
diff --git a/pkg/cloudflare-go/workers_secrets_test.go b/pkg/cloudflare-go/workers_secrets_test.go
deleted file mode 100644
index dc3ac99faa..0000000000
--- a/pkg/cloudflare-go/workers_secrets_test.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestSetWorkersSecret(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := `{
-		"result": {
-			"name" : "my-secret",
-			"type": "secret_text"
-		},
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-	req := &WorkersPutSecretRequest{
-		Name: "my-secret",
-		Text: "super-secret",
-	}
-	res, err := client.SetWorkersSecret(context.Background(), AccountIdentifier(testAccountID), SetWorkersSecretParams{ScriptName: "test-script", Secret: req})
-	want := WorkersPutSecretResponse{
-		successResponse,
-		WorkersSecret{
-			Name: "test",
-			Type: "secret_text",
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Response, res.Response)
-	}
-}
-
-func TestDeleteWorkersSecret(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := `{
-		"result": {
-			"name" : "test",
-			"type": "secret_text"
-		},
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets/my-secret", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.DeleteWorkersSecret(context.Background(), AccountIdentifier(testAccountID), DeleteWorkersSecretParams{ScriptName: "test-script", SecretName: "my-secret"})
-	want := successResponse
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestListWorkersSecret(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := `{
-		"result": [{
-			"name" : "my-secret",
-			"type": "secret_text"
-		}],
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/test-script/secrets", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, response)
-	})
-
-	res, err := client.ListWorkersSecrets(context.Background(), AccountIdentifier(testAccountID), ListWorkersSecretsParams{ScriptName: "test-script"})
-	want := WorkersListSecretsResponse{
-		successResponse,
-		[]WorkersSecret{
-			{
-				Name: "my-secret",
-				Type: "secret_text",
-			},
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Response, res.Response)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_subdomain.go b/pkg/cloudflare-go/workers_subdomain.go
deleted file mode 100644
index 4fc2e7c4db..0000000000
--- a/pkg/cloudflare-go/workers_subdomain.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-
-	"github.com/goccy/go-json"
-)
-
-type WorkersSubdomain struct {
-	Name string `json:"name,omitempty"`
-}
-
-type WorkersSubdomainResponse struct {
-	Response
-	Result WorkersSubdomain
-}
-
-// WorkersCreateSubdomain Creates a Workers subdomain for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-subdomain-create-subdomain
-func (api *API) WorkersCreateSubdomain(ctx context.Context, rc *ResourceContainer, params WorkersSubdomain) (WorkersSubdomain, error) {
-	if rc.Identifier == "" {
-		return WorkersSubdomain{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/subdomain", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return WorkersSubdomain{}, err
-	}
-	var r WorkersSubdomainResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return WorkersSubdomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// WorkersGetSubdomain Creates a Workers subdomain for an account.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-subdomain-get-subdomain
-func (api *API) WorkersGetSubdomain(ctx context.Context, rc *ResourceContainer) (WorkersSubdomain, error) {
-	if rc.Identifier == "" {
-		return WorkersSubdomain{}, ErrMissingAccountID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/subdomain", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkersSubdomain{}, err
-	}
-	var r WorkersSubdomainResponse
-	if err := json.Unmarshal(res, &r); err != nil {
-		return WorkersSubdomain{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
diff --git a/pkg/cloudflare-go/workers_subdomain_test.go b/pkg/cloudflare-go/workers_subdomain_test.go
deleted file mode 100644
index d460cce028..0000000000
--- a/pkg/cloudflare-go/workers_subdomain_test.go
+++ /dev/null
@@ -1,72 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestWorkersSubdomain_CreateSubdomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/subdomain", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "name": "example-subdomain"
-  }
-}`)
-	})
-
-	_, err := client.WorkersCreateSubdomain(context.Background(), AccountIdentifier(""), WorkersSubdomain{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	res, err := client.WorkersCreateSubdomain(context.Background(), AccountIdentifier(testAccountID), WorkersSubdomain{Name: "example-subdomain"})
-
-	want := WorkersSubdomain{Name: "example-subdomain"}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersSubdomain_GetSubdomain(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/subdomain", testAccountID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "name": "example-subdomain"
-  }
-}`)
-	})
-
-	_, err := client.WorkersGetSubdomain(context.Background(), AccountIdentifier(""))
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingAccountID, err)
-	}
-
-	res, err := client.WorkersGetSubdomain(context.Background(), AccountIdentifier(testAccountID))
-
-	want := WorkersSubdomain{Name: "example-subdomain"}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
diff --git a/pkg/cloudflare-go/workers_tail.go b/pkg/cloudflare-go/workers_tail.go
deleted file mode 100644
index 733bc98dcd..0000000000
--- a/pkg/cloudflare-go/workers_tail.go
+++ /dev/null
@@ -1,114 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-var (
-	ErrMissingScriptName = errors.New("required script name missing")
-	ErrMissingTailID     = errors.New("required tail id missing")
-)
-
-type WorkersTail struct {
-	ID        string     `json:"id"`
-	URL       string     `json:"url"`
-	ExpiresAt *time.Time `json:"expires_at"`
-}
-
-type StartWorkersTailResponse struct {
-	Response
-	Result WorkersTail
-}
-
-type ListWorkersTailParameters struct {
-	AccountID  string
-	ScriptName string
-}
-
-type ListWorkersTailResponse struct {
-	Response
-	Result WorkersTail
-}
-
-// StartWorkersTail Starts a tail that receives logs and exception from a Worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-start-tail
-func (api *API) StartWorkersTail(ctx context.Context, rc *ResourceContainer, scriptName string) (WorkersTail, error) {
-	if rc.Identifier == "" {
-		return WorkersTail{}, ErrMissingAccountID
-	}
-
-	if scriptName == "" {
-		return WorkersTail{}, ErrMissingScriptName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", rc.Identifier, scriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return WorkersTail{}, err
-	}
-
-	var workerstailResponse StartWorkersTailResponse
-	if err := json.Unmarshal(res, &workerstailResponse); err != nil {
-		return WorkersTail{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return workerstailResponse.Result, nil
-}
-
-// ListWorkersTail Get list of tails currently deployed on a Worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-list-tails
-func (api *API) ListWorkersTail(ctx context.Context, rc *ResourceContainer, params ListWorkersTailParameters) (WorkersTail, error) {
-	if rc.Identifier == "" {
-		return WorkersTail{}, ErrMissingAccountID
-	}
-
-	if params.ScriptName == "" {
-		return WorkersTail{}, ErrMissingScriptName
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", rc.Identifier, params.ScriptName)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return WorkersTail{}, err
-	}
-
-	var workerstailResponse ListWorkersTailResponse
-	if err := json.Unmarshal(res, &workerstailResponse); err != nil {
-		return WorkersTail{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return workerstailResponse.Result, nil
-}
-
-// DeleteWorkersTail Deletes a tail from a Worker.
-//
-// API reference: https://developers.cloudflare.com/api/operations/worker-tail-logs-delete-tail
-func (api *API) DeleteWorkersTail(ctx context.Context, rc *ResourceContainer, scriptName, tailID string) error {
-	if rc.Identifier == "" {
-		return ErrMissingAccountID
-	}
-
-	if scriptName == "" {
-		return ErrMissingScriptName
-	}
-
-	if tailID == "" {
-		return ErrMissingTailID
-	}
-
-	uri := fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails/%s", rc.Identifier, scriptName, tailID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/workers_tail_test.go b/pkg/cloudflare-go/workers_tail_test.go
deleted file mode 100644
index ed57b4d80c..0000000000
--- a/pkg/cloudflare-go/workers_tail_test.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-const (
-	testScriptName = "this-is_my_script-01"
-	testTailID     = "03dc9f77817b488fb26c5861ec18f791"
-)
-
-func TestWorkersTail_StartWorkersTail(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", testAccountID, testScriptName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "03dc9f77817b488fb26c5861ec18f791",
-    "url": "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
-    "expires_at": "2021-08-20T19:15:51Z"
-  }
-}`)
-	})
-
-	_, err := client.StartWorkersTail(context.Background(), AccountIdentifier(testAccountID), "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingScriptName, err)
-	}
-
-	res, err := client.StartWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName)
-	expiresAt, _ := time.Parse(time.RFC3339, "2021-08-20T19:15:51Z")
-	want := WorkersTail{
-		ID:        "03dc9f77817b488fb26c5861ec18f791",
-		URL:       "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
-		ExpiresAt: &expiresAt,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersTail_ListWorkersTail(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails", testAccountID, testScriptName), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "03dc9f77817b488fb26c5861ec18f791",
-    "url": "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
-    "expires_at": "2021-08-20T19:15:51Z"
-  }
-}`)
-	})
-
-	_, err := client.ListWorkersTail(context.Background(), AccountIdentifier(testAccountID), ListWorkersTailParameters{ScriptName: ""})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingScriptName, err)
-	}
-
-	res, err := client.ListWorkersTail(context.Background(), AccountIdentifier(testAccountID), ListWorkersTailParameters{ScriptName: testScriptName})
-	expiresAt, _ := time.Parse(time.RFC3339, "2021-08-20T19:15:51Z")
-	want := WorkersTail{
-		ID:        "03dc9f77817b488fb26c5861ec18f791",
-		URL:       "wss://tail.developers.workers.dev/03dc9f77817b488fb26c5861ec18f791",
-		ExpiresAt: &expiresAt,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestWorkersTail_DeleteWorkersTail(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/accounts/%s/workers/scripts/%s/tails/%s", testAccountID, testScriptName, testTailID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-  "success": true,
-  "errors": [],
-  "messages": [],
-}`)
-	})
-
-	err := client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), "", "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingScriptName, err)
-	}
-
-	err = client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName, "")
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrMissingTailID, err)
-	}
-
-	err = client.DeleteWorkersTail(context.Background(), AccountIdentifier(testAccountID), testScriptName, testTailID)
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/workers_test.go b/pkg/cloudflare-go/workers_test.go
deleted file mode 100644
index 6175440a13..0000000000
--- a/pkg/cloudflare-go/workers_test.go
+++ /dev/null
@@ -1,1451 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-const (
-	deleteWorkerResponseData = `{
-    "result": null,
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-
-	updateWorkerRouteResponse = `{
-    "result": {
-        "id": "e7a57d8746e74ae49c25994dadb421b1",
-        "pattern": "app3.example.com/*",
-        "enabled": true
-    },
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	updateWorkerRouteEntResponse = `{
-    "result": {
-        "id": "e7a57d8746e74ae49c25994dadb421b1",
-        "pattern": "app3.example.com/*",
-        "script": "test_script_1"
-    },
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	createWorkerRouteResponse = `{
-    "result": {
-        "id": "e7a57d8746e74ae49c25994dadb421b1"
-    },
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	listRouteResponseData = `{
-    "result": [
-        {
-            "id": "e7a57d8746e74ae49c25994dadb421b1",
-            "pattern": "app1.example.com/*",
-            "enabled": true
-        },
-        {
-            "id": "f8b68e9857f85bf59c25994dadb421b1",
-            "pattern": "app2.example.com/*",
-            "enabled": false
-        }
-    ],
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	listWorkerRouteResponse = `{
-    "result": [
-        {
-            "id": "e7a57d8746e74ae49c25994dadb421b1",
-            "pattern": "app1.example.com/*",
-            "script": "test_script_1"
-        },
-        {
-            "id": "f8b68e9857f85bf59c25994dadb421b1",
-            "pattern": "app2.example.com/*",
-            "script": "test_script_2"
-        },
-        {
-            "id": "2b5bf4240cd34c77852fac70b1bf745a",
-            "pattern": "app3.example.com/*",
-			"script": "test_script_3"
-        }
-    ],
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	getRouteResponseData = `{
-    "result": {
-       "id": "e7a57d8746e74ae49c25994dadb421b1",
-       "pattern": "app1.example.com/*",
-       "script": "script-name"
-    },
-    "success": true,
-    "errors": [],
-    "messages": []
-}`
-	listBindingsResponseData = `{
-		"result": [
-			{
-				"name": "MY_KV",
-				"namespace_id": "89f5f8fd93f94cb98473f6f421aa3b65",
-				"type": "kv_namespace"
-			},
-			{
-				"name": "MY_WASM",
-				"type": "wasm_module"
-			},
-			{
-				"name": "MY_PLAIN_TEXT",
-				"type": "plain_text",
-				"text": "text"
-			},
-			{
-				"name": "MY_SECRET_TEXT",
-				"type": "secret_text"
-			},
-			{
-				"name": "MY_SERVICE_BINDING",
-				"type": "service",
-				"service": "MY_SERVICE",
-				"environment": "MY_ENVIRONMENT"
-			},
-			{
-				"name": "MY_NEW_BINDING",
-				"type": "some_imaginary_new_binding_type"
-			},
-			{
-				"name": "MY_BUCKET",
-				"type": "r2_bucket",
-				"bucket_name": "bucket"
-			},
-			{
-				"name": "MY_DATASET",
-				"type": "analytics_engine",
-				"dataset": "my_dataset"
-			},
-			{
-				"name": "MY_DATABASE",
-				"type": "d1",
-				"database_id": "cef5331f-e5c7-4c8a-a415-7908ae45f92a"
-			}
-		],
-		"success": true,
-		"errors": [],
-		"messages": []
-	}`
-	listWorkersResponseData = `{
-  "result": [
-    {
-      "id": "bar",
-      "created_on": "2018-04-22T17:10:48.938097Z",
-      "modified_on": "2018-04-22T17:10:48.938097Z",
-      "etag": "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a"
-    },
-    {
-      "id": "baz",
-      "created_on": "2018-04-22T17:10:48.938097Z",
-      "modified_on": "2018-04-22T17:10:48.938097Z",
-      "etag": "380dg51e97e80b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43088b"
-    }
-  ],
-  "success": true,
-  "errors": [],
-  "messages": []
-}`
-	workerMetadata = `{
-		"id": "e7a57d8746e74ae49c25994dadb421b1",
-		"etag": "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-		"logpush": true
-	}`
-	workerScript = `addEventListener('fetch', event => {
-  event.passThroughOnException()
-  event.respondWith(handleRequest(event.request))
-})
-
-async function handleRequest(request) {
-  return fetch(request)
-}`
-	workerModuleScript = `export default {
-  async fetch(request, env, event) {
-    event.passThroughOnException()
-    return fetch(request)
-  }
-}`
-	workerModuleScriptDownloadResponse = `
---workermodulescriptdownload
-Content-Disposition: form-data; name="worker.js"
-
-export default {
-  async fetch(request, env, event) {
-    event.passThroughOnException()
-    return fetch(request)
-  }
-}
---workermodulescriptdownload--
-`
-)
-
-var (
-	successResponse               = Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}}
-	deleteWorkerRouteResponseData = createWorkerRouteResponse
-	attachWorkerToDomainResponse  = fmt.Sprintf(`{
-    "result": {
-        "id": "e7a57d8746e74ae49c25994dadb421b1",
-	"zone_id": "%s",
-	"service":"test_script_1",
-	"hostname":"api4.example.com",
-	"environment":"production"
-    },
-    "success": true,
-    "errors": [],
-    "messages": []
-}`, testZoneID)
-)
-
-type (
-	WorkersTestScriptResponse struct {
-		Script            string                 `json:"script"`
-		UsageModel        string                 `json:"usage_model,omitempty"`
-		Handlers          []string               `json:"handlers"`
-		ID                string                 `json:"id,omitempty"`
-		ETAG              string                 `json:"etag,omitempty"`
-		Size              uint                   `json:"size,omitempty"`
-		CreatedOn         string                 `json:"created_on,omitempty"`
-		ModifiedOn        string                 `json:"modified_on,omitempty"`
-		LastDeployedFrom  *string                `json:"last_deployed_from,omitempty"`
-		DeploymentId      *string                `json:"deployment_id,omitempty"`
-		CompatibilityDate *string                `json:"compatibility_date,omitempty"`
-		Logpush           *bool                  `json:"logpush,omitempty"`
-		TailConsumers     *[]WorkersTailConsumer `json:"tail_consumers,omitempty"`
-		PlacementMode     *string                `json:"placement_mode,omitempty"`
-	}
-	workersTestResponseOpt func(r *WorkersTestScriptResponse)
-)
-
-var (
-	expectedWorkersServiceWorkerScript = "addEventListener('fetch', event => {\n  event.passThroughOnException()\n  event.respondWith(handleRequest(event.request))\n})\n\nasync function handleRequest(request) {\n  return fetch(request)\n}"
-	expectedWorkersModuleWorkerScript  = "export default {\n  async fetch(request, env, event) {\n    event.passThroughOnException()\n    return fetch(request)\n  }\n}"
-	WorkersDefaultTestResponse         = WorkersTestScriptResponse{
-		Script:            expectedWorkersServiceWorkerScript,
-		Handlers:          []string{"fetch"},
-		UsageModel:        "unbound",
-		ID:                "e7a57d8746e74ae49c25994dadb421b1",
-		ETAG:              "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-		Size:              191,
-		LastDeployedFrom:  StringPtr("dash"),
-		Logpush:           BoolPtr(false),
-		CompatibilityDate: StringPtr("2022-07-12"),
-	}
-)
-
-//nolint:unused
-func withWorkerScript(content string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.Script = content }
-}
-
-//nolint:unused
-func withWorkerUsageModel(um string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.UsageModel = um }
-}
-
-//nolint:unused
-func withWorkerHandlers(h []string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.Handlers = h }
-}
-
-//nolint:unused
-func withWorkerID(id string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.ID = id }
-}
-
-//nolint:unused
-func withWorkerEtag(etag string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.ETAG = etag }
-}
-
-//nolint:unused
-func withWorkerSize(size uint) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.Size = size }
-}
-
-//nolint:unused
-func withWorkerCreatedOn(co time.Time) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.CreatedOn = co.Format(time.RFC3339Nano) }
-}
-
-//nolint:unused
-func withWorkerModifiedOn(mo time.Time) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.ModifiedOn = mo.Format(time.RFC3339Nano) }
-}
-
-//nolint:unused
-func withWorkerLogpush(logpush *bool) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.Logpush = logpush }
-}
-
-//nolint:unused
-func withWorkerPlacementMode(mode *string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.PlacementMode = mode }
-}
-
-//nolint:unused
-func withWorkerTailConsumers(consumers ...WorkersTailConsumer) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.TailConsumers = &consumers }
-}
-
-//nolint:unused
-func withWorkerLastDeployedFrom(from *string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.LastDeployedFrom = from }
-}
-
-//nolint:unused
-func withWorkerDeploymentId(dID *string) workersTestResponseOpt {
-	return func(r *WorkersTestScriptResponse) { r.DeploymentId = dID }
-}
-
-func workersScriptResponse(t testing.TB, opts ...workersTestResponseOpt) string {
-	var responseConfig = WorkersDefaultTestResponse
-	for _, opt := range opts {
-		opt(&responseConfig)
-	}
-
-	bytes, err := json.Marshal(struct {
-		Response
-		Result WorkersTestScriptResponse `json:"result"`
-	}{
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-		Result:   responseConfig,
-	})
-	require.NoError(t, err)
-
-	return string(bytes)
-}
-
-func getFormValue(r *http.Request, key string) ([]byte, error) {
-	err := r.ParseMultipartForm(1024 * 1024)
-	if err != nil {
-		return nil, err
-	}
-
-	// In Go 1.10 there was a bug where field values with a content-type
-	// but without a filename would end up in Form.File but in versions
-	// before and after 1.10 they would be in form.Value. Here we check
-	// both in order to handle both scenarios
-	// https://golang.org/doc/go1.11#mime/multipart
-
-	// pre/post v1.10
-	if values, ok := r.MultipartForm.Value[key]; ok {
-		return []byte(values[0]), nil
-	}
-
-	// v1.10
-	if fileHeaders, ok := r.MultipartForm.File[key]; ok {
-		file, err := fileHeaders[0].Open()
-		if err != nil {
-			return nil, err
-		}
-		return io.ReadAll(file)
-	}
-
-	return nil, fmt.Errorf("no value found for key %v", key)
-}
-
-func getFileDetails(r *http.Request, key string) (*multipart.FileHeader, error) {
-	err := r.ParseMultipartForm(1024 * 1024)
-	if err != nil {
-		return nil, err
-	}
-
-	fileHeaders := r.MultipartForm.File[key]
-
-	if len(fileHeaders) > 0 {
-		return fileHeaders[0], nil
-	}
-
-	return nil, fmt.Errorf("no value found for key %v", key)
-}
-
-type multipartUpload struct {
-	Script             string
-	BindingMeta        map[string]workerBindingMeta
-	Logpush            *bool
-	CompatibilityDate  string
-	CompatibilityFlags []string
-	Placement          *Placement
-	Tags               []string
-}
-
-func parseMultipartUpload(r *http.Request) (multipartUpload, error) {
-	// Parse the metadata
-	mdBytes, err := getFormValue(r, "metadata")
-	if err != nil {
-		return multipartUpload{}, err
-	}
-
-	var metadata struct {
-		BodyPart           string              `json:"body_part,omitempty"`
-		MainModule         string              `json:"main_module,omitempty"`
-		Bindings           []workerBindingMeta `json:"bindings"`
-		Logpush            *bool               `json:"logpush,omitempty"`
-		CompatibilityDate  string              `json:"compatibility_date,omitempty"`
-		CompatibilityFlags []string            `json:"compatibility_flags,omitempty"`
-		Placement          *Placement          `json:"placement,omitempty"`
-		Tags               []string            `json:"tags"`
-	}
-	err = json.Unmarshal(mdBytes, &metadata)
-	if err != nil {
-		return multipartUpload{}, err
-	}
-
-	// Get the script
-	script, err := getFormValue(r, metadata.BodyPart)
-	if err != nil {
-		script, err = getFormValue(r, metadata.MainModule)
-
-		if err != nil {
-			return multipartUpload{}, err
-		}
-	}
-
-	// Since bindings are specified in the Go API as a map but are uploaded as a
-	// JSON array, the ordering of uploaded bindings is non-deterministic. To make
-	// it easier to compare for equality without running into ordering issues, we
-	// convert it back to a map
-	bindingMeta := make(map[string]workerBindingMeta)
-	for _, binding := range metadata.Bindings {
-		bindingMeta[binding["name"].(string)] = binding
-	}
-
-	return multipartUpload{
-		Script:             string(script),
-		BindingMeta:        bindingMeta,
-		Logpush:            metadata.Logpush,
-		CompatibilityDate:  metadata.CompatibilityDate,
-		CompatibilityFlags: metadata.CompatibilityFlags,
-		Placement:          metadata.Placement,
-		Tags:               metadata.Tags,
-	}, nil
-}
-
-func TestDeleteWorker(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, deleteWorkerResponseData)
-	})
-
-	err := client.DeleteWorker(context.Background(), AccountIdentifier(testAccountID), DeleteWorkerParams{ScriptName: "bar"})
-	assert.NoError(t, err)
-}
-
-func TestDeleteNamespacedWorker(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/foo/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, deleteWorkerResponseData)
-	})
-
-	err := client.DeleteWorker(context.Background(), AccountIdentifier(testAccountID), DeleteWorkerParams{
-		ScriptName:        "bar",
-		DispatchNamespace: &[]string{"foo"}[0],
-	})
-	assert.NoError(t, err)
-}
-
-func TestGetWorker(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, workerScript)
-	})
-	res, err := client.GetWorker(context.Background(), AccountIdentifier(testAccountID), "foo")
-	want := WorkerScriptResponse{
-		successResponse,
-		false,
-		WorkerScript{
-			Script: workerScript,
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Script, res.Script)
-	}
-}
-
-func TestGetWorker_Module(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "multipart/form-data; boundary=workermodulescriptdownload")
-		fmt.Fprint(w, workerModuleScriptDownloadResponse)
-	})
-
-	res, err := client.GetWorker(context.Background(), AccountIdentifier(testAccountID), "foo")
-	want := WorkerScriptResponse{
-		successResponse,
-		true,
-		WorkerScript{
-			Script: workerModuleScript,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Script, res.Script)
-	}
-}
-
-func TestGetWorkerWithDispatchNamespace_Module(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/dispatch/namespaces/bar/scripts/foo/content", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "multipart/form-data; boundary=workermodulescriptdownload")
-		fmt.Fprint(w, workerModuleScriptDownloadResponse)
-	})
-
-	res, err := client.GetWorkerWithDispatchNamespace(context.Background(), AccountIdentifier(testAccountID), "foo", "bar")
-	want := WorkerScriptResponse{
-		successResponse,
-		true,
-		WorkerScript{
-			Script: workerModuleScript,
-		},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Script, res.Script)
-	}
-}
-
-func TestGetWorkersScriptContent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/content/v2", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, workerScript)
-	})
-
-	res, err := client.GetWorkersScriptContent(context.Background(), AccountIdentifier(testAccountID), "foo")
-	want := workerScript
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUpdateWorkersScriptContent(t *testing.T) {
-	setup()
-	defer teardown()
-
-	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/content", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		contentTypeHeader := r.Header.Get("content-type")
-		assert.Equal(t, "application/javascript", contentTypeHeader, "Expected content-type request header to be 'application/javascript', got %s", contentTypeHeader)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
-	})
-
-	res, err := client.UpdateWorkersScriptContent(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersScriptContentParams{ScriptName: "foo", Script: workerScript})
-	want := WorkerScriptResponse{
-		successResponse,
-		false,
-		WorkerScript{
-			Script: workerScript,
-		},
-	}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.Script, res.Script)
-	}
-}
-
-func TestGetWorkersScriptSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/settings", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, workerMetadata)
-	})
-
-	res, err := client.GetWorkersScriptSettings(context.Background(), AccountIdentifier(testAccountID), "foo")
-	logpush := true
-	want := WorkerScriptSettingsResponse{
-		successResponse,
-		WorkerMetaData{
-			ID:      "e7a57d8746e74ae49c25994dadb421b1",
-			ETAG:    "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-			Logpush: &logpush,
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.WorkerMetaData, res.WorkerMetaData)
-	}
-}
-
-func TestUpdateWorkersScriptSettings(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo/settings", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/javascript")
-		fmt.Fprint(w, workerMetadata)
-	})
-
-	res, err := client.UpdateWorkersScriptSettings(context.Background(), AccountIdentifier(testAccountID), UpdateWorkersScriptSettingsParams{ScriptName: "foo"})
-	logpush := true
-	want := WorkerScriptSettingsResponse{
-		successResponse,
-		WorkerMetaData{
-			ID:      "e7a57d8746e74ae49c25994dadb421b1",
-			ETAG:    "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-			Logpush: &logpush,
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want.WorkerMetaData, res.WorkerMetaData)
-	}
-}
-
-func TestListWorkers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, listWorkersResponseData)
-	})
-
-	res, _, err := client.ListWorkers(context.Background(), AccountIdentifier(testAccountID), ListWorkersParams{})
-	sampleDate, _ := time.Parse(time.RFC3339Nano, "2018-04-22T17:10:48.938097Z")
-	want := []WorkerMetaData{
-		{
-			ID:         "bar",
-			ETAG:       "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-			CreatedOn:  sampleDate,
-			ModifiedOn: sampleDate,
-		},
-		{
-			ID:         "baz",
-			ETAG:       "380dg51e97e80b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43088b",
-			CreatedOn:  sampleDate,
-			ModifiedOn: sampleDate,
-		},
-	}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res.WorkerList)
-	}
-}
-
-func TestUploadWorker_Basic(t *testing.T) {
-	setup()
-	defer teardown()
-
-	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		contentTypeHeader := r.Header.Get("content-type")
-		assert.Equal(t, "application/javascript", contentTypeHeader, "Expected content-type request header to be 'application/javascript', got %s", contentTypeHeader)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
-	})
-	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerScript})
-	want := WorkerScriptResponse{
-		successResponse,
-		false,
-		WorkerScript{
-			Script:     workerScript,
-			UsageModel: "unbound",
-			WorkerMetaData: WorkerMetaData{
-				ID:               "e7a57d8746e74ae49c25994dadb421b1",
-				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-				Size:             191,
-				ModifiedOn:       formattedTime,
-				Logpush:          BoolPtr(false),
-				LastDeployedFrom: StringPtr("dash"),
-			},
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUploadWorker_Module(t *testing.T) {
-	setup()
-	defer teardown()
-
-	formattedCreatedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		assert.Equal(t, workerModuleScript, mpUpload.Script)
-
-		workerFileDetails, err := getFileDetails(r, "worker.mjs")
-		if !assert.NoError(t, err) {
-			assert.FailNow(t, "worker file not found in multipart form body")
-		}
-		contentTypeHeader := workerFileDetails.Header.Get("content-type")
-		expectedContentType := "application/javascript+module"
-		assert.Equal(t, expectedContentType, contentTypeHeader, "Expected content-type request header to be %s, got %s", expectedContentType, contentTypeHeader)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerCreatedOn(formattedCreatedTime)))
-	})
-	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerModuleScript, Module: true})
-	want := WorkerScriptResponse{
-		Response: successResponse,
-		Module:   false,
-		WorkerScript: WorkerScript{
-			Script:     workerModuleScript,
-			UsageModel: "unbound",
-			WorkerMetaData: WorkerMetaData{
-				ID:               "e7a57d8746e74ae49c25994dadb421b1",
-				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-				Size:             191,
-				CreatedOn:        formattedCreatedTime,
-				Logpush:          BoolPtr(false),
-				LastDeployedFrom: StringPtr("dash"),
-			},
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUploadWorker_WithDurableObjectBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name":        "b1",
-				"type":        "durable_object_namespace",
-				"class_name":  "TheClass",
-				"script_name": "the_script",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerDurableObjectBinding{
-				ClassName:  "TheClass",
-				ScriptName: "the_script",
-			},
-		},
-	})
-
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithInheritBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	formattedTime, _ := time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
-	// Setup route handler for both single-script and multi-script
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name": "b1",
-				"type": "inherit",
-			},
-			"b2": {
-				"name":     "b2",
-				"type":     "inherit",
-				"old_name": "old_binding_name",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerModifiedOn(formattedTime)))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	want := WorkerScriptResponse{
-		Response: successResponse,
-		Module:   false,
-		WorkerScript: WorkerScript{
-			Script:     workerScript,
-			UsageModel: "unbound",
-			WorkerMetaData: WorkerMetaData{
-				ID:               "e7a57d8746e74ae49c25994dadb421b1",
-				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-				Size:             191,
-				ModifiedOn:       formattedTime,
-				Logpush:          BoolPtr(false),
-				LastDeployedFrom: StringPtr("dash"),
-			},
-		}}
-
-	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerInheritBinding{},
-			"b2": WorkerInheritBinding{
-				OldName: "old_binding_name",
-			},
-		}})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUploadWorker_WithKVBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name":         "b1",
-				"type":         "kv_namespace",
-				"namespace_id": "test-namespace",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerKvNamespaceBinding{
-				NamespaceID: "test-namespace",
-			},
-		}})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithWasmBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		partName := mpUpload.BindingMeta["b1"]["part"].(string)
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name": "b1",
-				"type": "wasm_module",
-				"part": partName,
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		wasmContent, err := getFormValue(r, partName)
-		assert.NoError(t, err)
-		assert.Equal(t, []byte("fake-wasm"), wasmContent)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerWebAssemblyBinding{
-				Module: strings.NewReader("fake-wasm"),
-			},
-		},
-	})
-
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithPlainTextBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name": "b1",
-				"type": "plain_text",
-				"text": "plain text value",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerPlainTextBinding{
-				Text: "plain text value",
-			},
-		},
-	})
-
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_ModuleWithPlainTextBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name": "b1",
-				"type": "plain_text",
-				"text": "plain text value",
-			},
-		}
-		assert.Equal(t, workerModuleScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		workerFileDetails, err := getFileDetails(r, "worker.mjs")
-		if !assert.NoError(t, err) {
-			assert.FailNow(t, "worker file not found in multipart form body")
-		}
-		contentDispositonHeader := workerFileDetails.Header.Get("content-disposition")
-		expectedContentDisposition := fmt.Sprintf(`form-data; name="%s"; filename="%[1]s"`, "worker.mjs")
-		assert.Equal(t, expectedContentDisposition, contentDispositonHeader, "Expected content-disposition request header to be %s, got %s", expectedContentDisposition, contentDispositonHeader)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript)))
-	})
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerModuleScript,
-		Module:     true,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerPlainTextBinding{
-				Text: "plain text value",
-			},
-		},
-	})
-
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithSecretTextBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name": "b1",
-				"type": "secret_text",
-				"text": "secret text value",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerSecretTextBinding{
-				Text: "secret text value",
-			},
-		},
-	})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithServiceBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name":    "b1",
-				"type":    "service",
-				"service": "the_service",
-			},
-			"b2": {
-				"name":        "b2",
-				"type":        "service",
-				"service":     "the_service",
-				"environment": "the_environment",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerServiceBinding{
-				Service: "the_service",
-			},
-			"b2": WorkerServiceBinding{
-				Service:     "the_service",
-				Environment: StringPtr("the_environment"),
-			},
-		},
-	})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithLogpush(t *testing.T) {
-	setup()
-	defer teardown()
-
-	var (
-		formattedTime, _ = time.Parse(time.RFC3339Nano, "2018-06-09T15:17:01.989141Z")
-		logpush          = BoolPtr(true)
-	)
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/foo", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expected := true
-		assert.Equal(t, &expected, mpUpload.Logpush)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerLogpush(logpush), withWorkerModifiedOn(formattedTime)))
-	})
-	res, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{ScriptName: "foo", Script: workerScript, Logpush: logpush})
-	want := WorkerScriptResponse{
-		Response: successResponse,
-		Module:   false,
-		WorkerScript: WorkerScript{
-			Script:     expectedWorkersModuleWorkerScript,
-			UsageModel: "unbound",
-			WorkerMetaData: WorkerMetaData{
-				ID:               "e7a57d8746e74ae49c25994dadb421b1",
-				ETAG:             "279cf40d86d70b82f6cd3ba90a646b3ad995912da446836d7371c21c6a43977a",
-				Size:             191,
-				ModifiedOn:       formattedTime,
-				Logpush:          logpush,
-				LastDeployedFrom: StringPtr("dash"),
-			},
-		}}
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, res)
-	}
-}
-
-func TestUploadWorker_WithCompatibilityFlags(t *testing.T) {
-	setup()
-	defer teardown()
-
-	compatibilityDate := time.Now().Format("2006-01-02")
-	compatibilityFlags := []string{"formdata_parser_supports_files"}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, compatibilityDate, mpUpload.CompatibilityDate)
-		assert.Equal(t, compatibilityFlags, mpUpload.CompatibilityFlags)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName:         "bar",
-		Script:             workerScript,
-		CompatibilityDate:  compatibilityDate,
-		CompatibilityFlags: compatibilityFlags,
-	})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithQueueBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name":       "b1",
-				"type":       "queue",
-				"queue_name": "test-queue",
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerQueueBinding{
-				Binding: "b1",
-				Queue:   "test-queue",
-			},
-		}})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithDispatchNamespaceBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		expectedBindings := map[string]workerBindingMeta{
-			"b1": {
-				"name":      "b1",
-				"type":      "dispatch_namespace",
-				"namespace": "n1",
-				"outbound": map[string]interface{}{
-					"worker": map[string]interface{}{
-						"service":     "w1",
-						"environment": "e1",
-					},
-					"params": []interface{}{
-						map[string]interface{}{"name": "param1"},
-					},
-				},
-			},
-		}
-		assert.Equal(t, workerScript, mpUpload.Script)
-		assert.Equal(t, expectedBindings, mpUpload.BindingMeta)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	environmentName := "e1"
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": DispatchNamespaceBinding{
-				Binding:   "b1",
-				Namespace: "n1",
-				Outbound: &NamespaceOutboundOptions{
-					Worker: WorkerReference{
-						Service:     "w1",
-						Environment: &environmentName,
-					},
-					Params: []OutboundParamSchema{
-						{
-							Name: "param1",
-						},
-					},
-				},
-			},
-		}})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_WithSmartPlacementEnabled(t *testing.T) {
-	setup()
-	defer teardown()
-
-	placementMode := PlacementModeSmart
-	response := workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript), withWorkerPlacementMode(StringPtr("smart")))
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	t.Run("Test enabling Smart Placement", func(t *testing.T) {
-		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-			ScriptName: "bar",
-			Script:     workerScript,
-			Placement: &Placement{
-				Mode: placementMode,
-			},
-		})
-		assert.NoError(t, err)
-		assert.Equal(t, placementMode, *worker.PlacementMode)
-	})
-
-	t.Run("Test disabling placement", func(t *testing.T) {
-		placementMode = PlacementModeOff
-		response = workersScriptResponse(t, withWorkerScript(expectedWorkersModuleWorkerScript))
-
-		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-			ScriptName: "bar",
-			Script:     workerScript,
-			Placement: &Placement{
-				Mode: placementMode,
-			},
-		})
-		assert.NoError(t, err)
-		assert.Nil(t, worker.PlacementMode)
-	})
-}
-
-func TestUploadWorker_WithTailConsumers(t *testing.T) {
-	setup()
-	defer teardown()
-
-	response := workersScriptResponse(t,
-		withWorkerScript(expectedWorkersModuleWorkerScript))
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		assert.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, response)
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	t.Run("adds tail consumers", func(t *testing.T) {
-		tailConsumers := []WorkersTailConsumer{
-			{Service: "my-service-a"},
-			{Service: "my-service-b", Environment: StringPtr("production")},
-			{Service: "a-namespaced-service", Namespace: StringPtr("a-dispatch-namespace")},
-		}
-		response = workersScriptResponse(t,
-			withWorkerScript(expectedWorkersModuleWorkerScript),
-			withWorkerTailConsumers(tailConsumers...))
-
-		worker, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-			ScriptName:    "bar",
-			Script:        workerScript,
-			TailConsumers: &tailConsumers,
-		})
-		assert.NoError(t, err)
-		require.NotNil(t, worker.TailConsumers)
-		assert.Len(t, *worker.TailConsumers, 3)
-	})
-}
-
-func TestUploadWorker_ToDispatchNamespace(t *testing.T) {
-	setup()
-	defer teardown()
-
-	namespaceName := "n1"
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		require.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc(
-		fmt.Sprintf("/accounts/"+testAccountID+"/workers/dispatch/namespaces/%s/scripts/bar", namespaceName),
-		handler,
-	)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName:            "bar",
-		Script:                workerScript,
-		DispatchNamespaceName: &namespaceName,
-		Bindings: map[string]WorkerBinding{
-			"b1": WorkerPlainTextBinding{
-				Text: "hello",
-			},
-		},
-	})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_ToDispatchNamespace_Tags(t *testing.T) {
-	setup()
-	defer teardown()
-
-	namespaceName := "n1"
-	tags := []string{"hello=there", "another-tag"}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		require.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-
-		assert.EqualValues(t, tags, mpUpload.Tags)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc(
-		fmt.Sprintf("/accounts/"+testAccountID+"/workers/dispatch/namespaces/%s/scripts/bar", namespaceName),
-		handler,
-	)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName:            "bar",
-		Script:                workerScript,
-		DispatchNamespaceName: &namespaceName,
-		Tags:                  tags,
-	})
-	assert.NoError(t, err)
-}
-
-func TestUploadWorker_UnsafeBinding(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		mpUpload, err := parseMultipartUpload(r)
-		require.NoError(t, err)
-
-		assert.Equal(t, workerScript, mpUpload.Script)
-
-		require.Contains(t, mpUpload.BindingMeta, "b1")
-		assert.Contains(t, mpUpload.BindingMeta["b1"], "name")
-		assert.Equal(t, "b1", mpUpload.BindingMeta["b1"]["name"])
-		assert.Contains(t, mpUpload.BindingMeta["b1"], "type")
-		assert.Equal(t, "dynamic_dispatch", mpUpload.BindingMeta["b1"]["type"])
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, workersScriptResponse(t))
-	}
-	mux.HandleFunc("/accounts/"+testAccountID+"/workers/scripts/bar", handler)
-
-	_, err := client.UploadWorker(context.Background(), AccountIdentifier(testAccountID), CreateWorkerParams{
-		ScriptName: "bar",
-		Script:     workerScript,
-		Bindings: map[string]WorkerBinding{
-			"b1": UnsafeBinding{
-				"type": "dynamic_dispatch",
-			},
-		},
-	})
-	assert.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/zaraz.go b/pkg/cloudflare-go/zaraz.go
deleted file mode 100644
index 3ffc4f5ede..0000000000
--- a/pkg/cloudflare-go/zaraz.go
+++ /dev/null
@@ -1,430 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type ZarazConfig struct {
-	DebugKey      string                   `json:"debugKey"`
-	Tools         map[string]ZarazTool     `json:"tools"`
-	Triggers      map[string]ZarazTrigger  `json:"triggers"`
-	ZarazVersion  int64                    `json:"zarazVersion"`
-	Consent       ZarazConsent             `json:"consent,omitempty"`
-	DataLayer     *bool                    `json:"dataLayer,omitempty"`
-	Dlp           []any                    `json:"dlp,omitempty"`
-	HistoryChange *bool                    `json:"historyChange,omitempty"`
-	Settings      ZarazConfigSettings      `json:"settings,omitempty"`
-	Variables     map[string]ZarazVariable `json:"variables,omitempty"`
-}
-
-type ZarazWorker struct {
-	EscapedWorkerName string `json:"escapedWorkerName"`
-	WorkerTag         string `json:"workerTag"`
-	MutableId         string `json:"mutableId,omitempty"`
-}
-type ZarazConfigSettings struct {
-	AutoInjectScript    *bool       `json:"autoInjectScript"`
-	InjectIframes       *bool       `json:"injectIframes,omitempty"`
-	Ecommerce           *bool       `json:"ecommerce,omitempty"`
-	HideQueryParams     *bool       `json:"hideQueryParams,omitempty"`
-	HideIpAddress       *bool       `json:"hideIPAddress,omitempty"`
-	HideUserAgent       *bool       `json:"hideUserAgent,omitempty"`
-	HideExternalReferer *bool       `json:"hideExternalReferer,omitempty"`
-	CookieDomain        string      `json:"cookieDomain,omitempty"`
-	InitPath            string      `json:"initPath,omitempty"`
-	ScriptPath          string      `json:"scriptPath,omitempty"`
-	TrackPath           string      `json:"trackPath,omitempty"`
-	EventsApiPath       string      `json:"eventsApiPath,omitempty"`
-	McRootPath          string      `json:"mcRootPath,omitempty"`
-	ContextEnricher     ZarazWorker `json:"contextEnricher,omitempty"`
-}
-
-// Deprecated: To be removed pending migration of existing configs.
-type ZarazNeoEvent struct {
-	BlockingTriggers []string       `json:"blockingTriggers"`
-	FiringTriggers   []string       `json:"firingTriggers"`
-	Data             map[string]any `json:"data"`
-	ActionType       string         `json:"actionType,omitempty"`
-}
-
-type ZarazAction struct {
-	BlockingTriggers []string       `json:"blockingTriggers"`
-	FiringTriggers   []string       `json:"firingTriggers"`
-	Data             map[string]any `json:"data"`
-	ActionType       string         `json:"actionType,omitempty"`
-}
-
-type ZarazToolType string
-
-const (
-	ZarazToolLibrary   ZarazToolType = "library"
-	ZarazToolComponent ZarazToolType = "component"
-	ZarazToolCustomMc  ZarazToolType = "custom-mc"
-)
-
-type ZarazTool struct {
-	BlockingTriggers []string               `json:"blockingTriggers"`
-	Enabled          *bool                  `json:"enabled"`
-	DefaultFields    map[string]any         `json:"defaultFields"`
-	Name             string                 `json:"name"`
-	NeoEvents        []ZarazNeoEvent        `json:"neoEvents"`
-	Actions          map[string]ZarazAction `json:"actions"`
-	Type             ZarazToolType          `json:"type"`
-	DefaultPurpose   string                 `json:"defaultPurpose,omitempty"`
-	Library          string                 `json:"library,omitempty"`
-	Component        string                 `json:"component,omitempty"`
-	Permissions      []string               `json:"permissions"`
-	Settings         map[string]any         `json:"settings"`
-	Worker           ZarazWorker            `json:"worker,omitempty"`
-}
-
-type ZarazTriggerSystem string
-
-const ZarazPageload ZarazTriggerSystem = "pageload"
-
-type ZarazLoadRuleOp string
-
-type ZarazRuleType string
-
-const (
-	ZarazClickListener     ZarazRuleType = "clickListener"
-	ZarazTimer             ZarazRuleType = "timer"
-	ZarazFormSubmission    ZarazRuleType = "formSubmission"
-	ZarazVariableMatch     ZarazRuleType = "variableMatch"
-	ZarazScrollDepth       ZarazRuleType = "scrollDepth"
-	ZarazElementVisibility ZarazRuleType = "elementVisibility"
-	ZarazClientEval        ZarazRuleType = "clientEval"
-)
-
-type ZarazSelectorType string
-
-const (
-	ZarazXPath ZarazSelectorType = "xpath"
-	ZarazCSS   ZarazSelectorType = "css"
-)
-
-type ZarazRuleSettings struct {
-	Type        ZarazSelectorType `json:"type,omitempty"`
-	Selector    string            `json:"selector,omitempty"`
-	WaitForTags int               `json:"waitForTags,omitempty"`
-	Interval    int               `json:"interval,omitempty"`
-	Limit       int               `json:"limit,omitempty"`
-	Validate    *bool             `json:"validate,omitempty"`
-	Variable    string            `json:"variable,omitempty"`
-	Match       string            `json:"match,omitempty"`
-	Positions   string            `json:"positions,omitempty"`
-	Op          ZarazLoadRuleOp   `json:"op,omitempty"`
-	Value       string            `json:"value,omitempty"`
-}
-
-type ZarazTriggerRule struct {
-	Id       string            `json:"id"`
-	Match    string            `json:"match,omitempty"`
-	Op       ZarazLoadRuleOp   `json:"op,omitempty"`
-	Value    string            `json:"value,omitempty"`
-	Action   ZarazRuleType     `json:"action"`
-	Settings ZarazRuleSettings `json:"settings"`
-}
-
-type ZarazTrigger struct {
-	Name         string             `json:"name"`
-	Description  string             `json:"description,omitempty"`
-	LoadRules    []ZarazTriggerRule `json:"loadRules"`
-	ExcludeRules []ZarazTriggerRule `json:"excludeRules"`
-	ClientRules  []any              `json:"clientRules,omitempty"` // what is this?
-	System       ZarazTriggerSystem `json:"system,omitempty"`
-}
-
-type ZarazVariableType string
-
-const (
-	ZarazVarString ZarazVariableType = "string"
-	ZarazVarSecret ZarazVariableType = "secret"
-	ZarazVarWorker ZarazVariableType = "worker"
-)
-
-type ZarazVariable struct {
-	Name  string            `json:"name"`
-	Type  ZarazVariableType `json:"type"`
-	Value interface{}       `json:"value"`
-}
-
-type ZarazButtonTextTranslations struct {
-	AcceptAll        map[string]string `json:"accept_all"`
-	RejectAll        map[string]string `json:"reject_all"`
-	ConfirmMyChoices map[string]string `json:"confirm_my_choices"`
-}
-
-type ZarazPurpose struct {
-	Name        string `json:"name"`
-	Description string `json:"description"`
-}
-
-type ZarazPurposeWithTranslations struct {
-	Name        map[string]string `json:"name"`
-	Description map[string]string `json:"description"`
-	Order       int               `json:"order"`
-}
-
-type ZarazConsent struct {
-	Enabled                               *bool                                   `json:"enabled"`
-	ButtonTextTranslations                ZarazButtonTextTranslations             `json:"buttonTextTranslations,omitempty"`
-	CompanyEmail                          string                                  `json:"companyEmail,omitempty"`
-	CompanyName                           string                                  `json:"companyName,omitempty"`
-	CompanyStreetAddress                  string                                  `json:"companyStreetAddress,omitempty"`
-	ConsentModalIntroHTML                 string                                  `json:"consentModalIntroHTML,omitempty"`
-	ConsentModalIntroHTMLWithTranslations map[string]string                       `json:"consentModalIntroHTMLWithTranslations,omitempty"`
-	CookieName                            string                                  `json:"cookieName,omitempty"`
-	CustomCSS                             string                                  `json:"customCSS,omitempty"`
-	CustomIntroDisclaimerDismissed        *bool                                   `json:"customIntroDisclaimerDismissed,omitempty"`
-	DefaultLanguage                       string                                  `json:"defaultLanguage,omitempty"`
-	HideModal                             *bool                                   `json:"hideModal,omitempty"`
-	Purposes                              map[string]ZarazPurpose                 `json:"purposes,omitempty"`
-	PurposesWithTranslations              map[string]ZarazPurposeWithTranslations `json:"purposesWithTranslations,omitempty"`
-}
-
-type ZarazConfigResponse struct {
-	Result ZarazConfig `json:"result"`
-	Response
-}
-
-type ZarazWorkflowResponse struct {
-	Result string `json:"result"`
-	Response
-}
-
-type ZarazPublishResponse struct {
-	Result string `json:"result"`
-	Response
-}
-
-type UpdateZarazConfigParams struct {
-	DebugKey      string                   `json:"debugKey"`
-	Tools         map[string]ZarazTool     `json:"tools"`
-	Triggers      map[string]ZarazTrigger  `json:"triggers"`
-	ZarazVersion  int64                    `json:"zarazVersion"`
-	Consent       ZarazConsent             `json:"consent,omitempty"`
-	DataLayer     *bool                    `json:"dataLayer,omitempty"`
-	Dlp           []any                    `json:"dlp,omitempty"`
-	HistoryChange *bool                    `json:"historyChange,omitempty"`
-	Settings      ZarazConfigSettings      `json:"settings,omitempty"`
-	Variables     map[string]ZarazVariable `json:"variables,omitempty"`
-}
-
-type UpdateZarazWorkflowParams struct {
-	Workflow string `json:"workflow"`
-}
-
-type PublishZarazConfigParams struct {
-	Description string `json:"description"`
-}
-
-type ZarazHistoryRecord struct {
-	ID          int64      `json:"id,omitempty"`
-	UserID      string     `json:"userId,omitempty"`
-	Description string     `json:"description,omitempty"`
-	CreatedAt   *time.Time `json:"createdAt,omitempty"`
-	UpdatedAt   *time.Time `json:"updatedAt,omitempty"`
-}
-
-type ZarazConfigHistoryListResponse struct {
-	Result []ZarazHistoryRecord `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-type ListZarazConfigHistoryParams struct {
-	ResultInfo
-}
-
-type GetZarazConfigsByIdResponse = map[string]interface{}
-
-// listZarazConfigHistoryDefaultPageSize represents the default per_page size of the API.
-var listZarazConfigHistoryDefaultPageSize int = 100
-
-func (api *API) GetZarazConfig(ctx context.Context, rc *ResourceContainer) (ZarazConfigResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazConfigResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/config", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZarazConfigResponse{}, err
-	}
-
-	var recordResp ZarazConfigResponse
-	err = json.Unmarshal(res, &recordResp)
-	if err != nil {
-		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return recordResp, nil
-}
-
-func (api *API) UpdateZarazConfig(ctx context.Context, rc *ResourceContainer, params UpdateZarazConfigParams) (ZarazConfigResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazConfigResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/config", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
-	if err != nil {
-		return ZarazConfigResponse{}, err
-	}
-
-	var updateResp ZarazConfigResponse
-	err = json.Unmarshal(res, &updateResp)
-	if err != nil {
-		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return updateResp, nil
-}
-
-func (api *API) GetZarazWorkflow(ctx context.Context, rc *ResourceContainer) (ZarazWorkflowResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazWorkflowResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/workflow", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZarazWorkflowResponse{}, err
-	}
-
-	var response ZarazWorkflowResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZarazWorkflowResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-func (api *API) UpdateZarazWorkflow(ctx context.Context, rc *ResourceContainer, params UpdateZarazWorkflowParams) (ZarazWorkflowResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazWorkflowResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/workflow", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params.Workflow)
-	if err != nil {
-		return ZarazWorkflowResponse{}, err
-	}
-
-	var response ZarazWorkflowResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZarazWorkflowResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-func (api *API) PublishZarazConfig(ctx context.Context, rc *ResourceContainer, params PublishZarazConfigParams) (ZarazPublishResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazPublishResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/publish", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, params.Description)
-	if err != nil {
-		return ZarazPublishResponse{}, err
-	}
-
-	var response ZarazPublishResponse
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZarazPublishResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-func (api *API) ListZarazConfigHistory(ctx context.Context, rc *ResourceContainer, params ListZarazConfigHistoryParams) ([]ZarazHistoryRecord, *ResultInfo, error) {
-	if rc.Identifier == "" {
-		return nil, nil, ErrMissingZoneID
-	}
-
-	autoPaginate := true
-	if params.PerPage >= 1 || params.Page >= 1 {
-		autoPaginate = false
-	}
-
-	if params.PerPage < 1 {
-		params.PerPage = listZarazConfigHistoryDefaultPageSize
-	}
-
-	if params.Page < 1 {
-		params.Page = 1
-	}
-
-	var records []ZarazHistoryRecord
-	var lastResultInfo ResultInfo
-
-	for {
-		uri := buildURI(fmt.Sprintf("/zones/%s/settings/zaraz/v2/history", rc.Identifier), params)
-		res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-		if err != nil {
-			return []ZarazHistoryRecord{}, &ResultInfo{}, err
-		}
-		var listResponse ZarazConfigHistoryListResponse
-		err = json.Unmarshal(res, &listResponse)
-		if err != nil {
-			return []ZarazHistoryRecord{}, &ResultInfo{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-		}
-		records = append(records, listResponse.Result...)
-		lastResultInfo = listResponse.ResultInfo
-		params.ResultInfo = listResponse.ResultInfo.Next()
-		if params.ResultInfo.Done() || !autoPaginate {
-			break
-		}
-	}
-	return records, &lastResultInfo, nil
-}
-
-func (api *API) GetDefaultZarazConfig(ctx context.Context, rc *ResourceContainer) (ZarazConfigResponse, error) {
-	if rc.Identifier == "" {
-		return ZarazConfigResponse{}, ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/default", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZarazConfigResponse{}, err
-	}
-
-	var recordResp ZarazConfigResponse
-	err = json.Unmarshal(res, &recordResp)
-	if err != nil {
-		return ZarazConfigResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return recordResp, nil
-}
-
-func (api *API) ExportZarazConfig(ctx context.Context, rc *ResourceContainer) error {
-	if rc.Identifier == "" {
-		return ErrMissingZoneID
-	}
-
-	uri := fmt.Sprintf("/zones/%s/settings/zaraz/v2/export", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	var recordResp ZarazConfig
-	err = json.Unmarshal(res, &recordResp)
-	if err != nil {
-		return fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/zaraz_test.go b/pkg/cloudflare-go/zaraz_test.go
deleted file mode 100644
index 0087c9334a..0000000000
--- a/pkg/cloudflare-go/zaraz_test.go
+++ /dev/null
@@ -1,996 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-var trueValue bool = true
-var falseValue bool = false
-
-var expectedConfig ZarazConfig = ZarazConfig{
-	DebugKey:      "cheese",
-	ZarazVersion:  44,
-	DataLayer:     &trueValue,
-	Dlp:           []any{},
-	HistoryChange: &trueValue,
-	Settings: ZarazConfigSettings{
-		AutoInjectScript: &trueValue,
-	},
-	Tools: map[string]ZarazTool{
-		"PBQr": {
-			BlockingTriggers: []string{},
-			Enabled:          &trueValue,
-			DefaultFields:    map[string]any{},
-			Name:             "Custom HTML",
-			Actions: map[string]ZarazAction{
-				"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-					ActionType:       "event",
-					BlockingTriggers: []string{},
-					Data: map[string]any{
-						"__zaraz_setting_name": "pageview1",
-						"htmlCode":             "<script>console.log('pageview')</script>",
-					},
-					FiringTriggers: []string{"Pageview"},
-				},
-			},
-			Type:           ZarazToolComponent,
-			DefaultPurpose: "rJJC",
-			Component:      "html",
-			Permissions:    []string{"execute_unsafe_scripts"},
-			Settings:       map[string]any{},
-		},
-	},
-	Triggers: map[string]ZarazTrigger{
-		"Pageview": {
-			Name:         "Pageview",
-			Description:  "All page loads",
-			LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
-			ExcludeRules: []ZarazTriggerRule{},
-			ClientRules:  []any{},
-			System:       ZarazPageload,
-		},
-		"TFOl": {
-			Name:         "test",
-			Description:  "",
-			LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
-			ExcludeRules: []ZarazTriggerRule{},
-		},
-	},
-	Variables: map[string]ZarazVariable{
-		"jwIx": {
-			Name:  "test",
-			Type:  ZarazVarString,
-			Value: "sss",
-		},
-		"pAuL": {
-			Name: "test-worker-var",
-			Type: ZarazVarWorker,
-			Value: map[string]interface{}{
-				"escapedWorkerName": "worker-var-example",
-				"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-				"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
-			},
-		},
-	},
-	Consent: ZarazConsent{
-		Enabled: &trueValue,
-		ButtonTextTranslations: ZarazButtonTextTranslations{
-			AcceptAll:        map[string]string{"en": "Accept ALL"},
-			ConfirmMyChoices: map[string]string{"en": "YES!"},
-			RejectAll:        map[string]string{"en": "Reject ALL"},
-		},
-		CompanyEmail:                          "email@example.com",
-		ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
-		CookieName:                            "zaraz-consent",
-		CustomCSS:                             ".test {\n    color: red;\n}",
-		CustomIntroDisclaimerDismissed:        &trueValue,
-		DefaultLanguage:                       "en",
-		HideModal:                             &falseValue,
-		PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
-			"rJJC": {
-				Description: map[string]string{"en": "Blah blah"},
-				Name:        map[string]string{"en": "Analytics"},
-				Order:       0,
-			},
-		},
-	},
-}
-
-func TestGetZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": {
-				"consent": {
-				  "buttonTextTranslations": {
-					"accept_all": {
-					  "en": "Accept ALL"
-					},
-					"confirm_my_choices": {
-					  "en": "YES!"
-					},
-					"reject_all": {
-					  "en": "Reject ALL"
-					}
-				  },
-				  "companyEmail": "email@example.com",
-				  "consentModalIntroHTMLWithTranslations": {
-					"en": "Lorem ipsum dolar set Amet?"
-				  },
-				  "cookieName": "zaraz-consent",
-				  "customCSS": ".test {\n    color: red;\n}",
-				  "customIntroDisclaimerDismissed": true,
-				  "defaultLanguage": "en",
-				  "enabled": true,
-				  "hideModal": false,
-				  "purposesWithTranslations": {
-					"rJJC": {
-					  "description": {
-						"en": "Blah blah"
-					  },
-					  "name": {
-						"en": "Analytics"
-					  },
-					  "order": 0
-					}
-				  }
-				},
-				"dataLayer": true,
-				"debugKey": "cheese",
-				"dlp": [],
-				"historyChange": true,
-				"invalidKey": "cheese",
-				"settings": {
-				  "autoInjectScript": true
-				},
-				"tools": {
-				  "PBQr": {
-					"blockingTriggers": [],
-					"component": "html",
-					"defaultFields": {},
-					"defaultPurpose": "rJJC",
-					"enabled": true,
-					"mode": {
-					  "cloud": false,
-					  "ignoreSPA": true,
-					  "light": false,
-					  "sample": false,
-					  "segment": {
-						"end": 100,
-						"start": 0
-					  },
-					  "trigger": "pageload"
-					},
-					"name": "Custom HTML",
-					"actions": {
-					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-							"actionType": "event",
-							"blockingTriggers": [],
-							"data": {
-								"__zaraz_setting_name": "pageview1",
-								"htmlCode": "<script>console.log('pageview')</script>"
-							},
-							"firingTriggers": [
-								"Pageview"
-							]
-					  }
-					},
-					"permissions": [
-					  "execute_unsafe_scripts"
-					],
-					"settings": {},
-					"type": "component"
-				  }
-				},
-				"triggers": {
-				  "Pageview": {
-					"clientRules": [],
-					"description": "All page loads",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"match": "{{ client.__zarazTrack }}",
-						"op": "EQUALS",
-						"value": "Pageview"
-					  }
-					],
-					"name": "Pageview",
-					"system": "pageload"
-				  },
-				  "TFOl": {
-					"description": "",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"id": "Kqsc",
-						"match": "test",
-						"op": "CONTAINS",
-						"value": "test"
-					  },
-					  {
-						"action": "clickListener",
-						"id": "EDnV",
-						"settings": {
-						  "selector": "test",
-						  "type": "css",
-						  "waitForTags": 0
-						}
-					  }
-					],
-					"name": "test"
-				  }
-				},
-				"variables": {
-				  "jwIx": {
-					"name": "test",
-					"type": "string",
-					"value": "sss"
-				  },
-				  "pAuL": {
-					"name": "test-worker-var",
-					"type": "worker",
-					"value": {
-					  "escapedWorkerName": "worker-var-example",
-					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
-					}
-				  }
-				},
-				"zarazVersion": 44
-			  }
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
-
-	actual, err := client.GetZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
-	require.NoError(t, err)
-
-	assert.Equal(t, expectedConfig, actual.Result)
-}
-
-func TestUpdateZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": {
-				"consent": {
-				  "buttonTextTranslations": {
-					"accept_all": {
-					  "en": "Accept ALL"
-					},
-					"confirm_my_choices": {
-					  "en": "YES!"
-					},
-					"reject_all": {
-					  "en": "Reject ALL"
-					}
-				  },
-				  "companyEmail": "email@example.com",
-				  "consentModalIntroHTMLWithTranslations": {
-					"en": "Lorem ipsum dolar set Amet?"
-				  },
-				  "cookieName": "zaraz-consent",
-				  "customCSS": ".test {\n    color: red;\n}",
-				  "customIntroDisclaimerDismissed": true,
-				  "defaultLanguage": "en",
-				  "enabled": true,
-				  "hideModal": false,
-				  "purposesWithTranslations": {
-					"rJJC": {
-					  "description": {
-						"en": "Blah blah"
-					  },
-					  "name": {
-						"en": "Analytics"
-					  },
-					  "order": 0
-					}
-				  }
-				},
-				"dataLayer": true,
-				"debugKey": "butter",
-				"dlp": [],
-				"historyChange": true,
-				"invalidKey": "cheese",
-				"settings": {
-				  "autoInjectScript": true
-				},
-				"tools": {
-				  "PBQr": {
-					"blockingTriggers": [],
-					"component": "html",
-					"defaultFields": {},
-					"defaultPurpose": "rJJC",
-					"enabled": true,
-					"mode": {
-					  "cloud": false,
-					  "ignoreSPA": true,
-					  "light": false,
-					  "sample": false,
-					  "segment": {
-						"end": 100,
-						"start": 0
-					  },
-					  "trigger": "pageload"
-					},
-					"name": "Custom HTML",
-					"actions": {
-					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-							"actionType": "event",
-							"blockingTriggers": [],
-							"data": {
-								"__zaraz_setting_name": "pageview1",
-								"htmlCode": "<script>console.log('pageview')</script>"
-							},
-							"firingTriggers": [
-								"Pageview"
-							]
-					  }
-					},
-					"permissions": [
-					  "execute_unsafe_scripts"
-					],
-					"settings": {},
-					"type": "component"
-				  }
-				},
-				"triggers": {
-				  "Pageview": {
-					"clientRules": [],
-					"description": "All page loads",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"match": "{{ client.__zarazTrack }}",
-						"op": "EQUALS",
-						"value": "Pageview"
-					  }
-					],
-					"name": "Pageview",
-					"system": "pageload"
-				  },
-				  "TFOl": {
-					"description": "",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"id": "Kqsc",
-						"match": "test",
-						"op": "CONTAINS",
-						"value": "test"
-					  },
-					  {
-						"action": "clickListener",
-						"id": "EDnV",
-						"settings": {
-						  "selector": "test",
-						  "type": "css",
-						  "waitForTags": 0
-						}
-					  }
-					],
-					"name": "test"
-				  }
-				},
-				"variables": {
-				  "jwIx": {
-					"name": "test",
-					"type": "string",
-					"value": "sss"
-				  },
-				  "pAuL": {
-					"name": "test-worker-var",
-					"type": "worker",
-					"value": {
-					  "escapedWorkerName": "worker-var-example",
-					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
-					}
-				  }
-				},
-				"zarazVersion": 44
-			  }
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
-	payload := UpdateZarazConfigParams{
-		DebugKey:      "cheese",
-		ZarazVersion:  44,
-		DataLayer:     &trueValue,
-		Dlp:           []any{},
-		HistoryChange: &trueValue,
-		Settings: ZarazConfigSettings{
-			AutoInjectScript: &trueValue,
-		},
-		Tools: map[string]ZarazTool{
-			"PBQr": {
-				BlockingTriggers: []string{},
-				Enabled:          &trueValue,
-				DefaultFields:    map[string]any{},
-				Name:             "Custom HTML",
-				Actions: map[string]ZarazAction{
-					"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-						ActionType:       "event",
-						BlockingTriggers: []string{},
-						Data: map[string]any{
-							"__zaraz_setting_name": "pageview1",
-							"htmlCode":             "<script>console.log('pageview')</script>",
-						},
-						FiringTriggers: []string{"Pageview"},
-					},
-				},
-				Type:           ZarazToolComponent,
-				DefaultPurpose: "rJJC",
-				Component:      "html",
-				Permissions:    []string{"execute_unsafe_scripts"},
-				Settings:       map[string]any{},
-			},
-		},
-		Triggers: map[string]ZarazTrigger{
-			"Pageview": {
-				Name:         "Pageview",
-				Description:  "All page loads",
-				LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
-				ExcludeRules: []ZarazTriggerRule{},
-				ClientRules:  []any{},
-				System:       ZarazPageload,
-			},
-			"TFOl": {
-				Name:         "test",
-				Description:  "",
-				LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
-				ExcludeRules: []ZarazTriggerRule{},
-			},
-		},
-		Variables: map[string]ZarazVariable{
-			"jwIx": {
-				Name:  "test",
-				Type:  ZarazVarString,
-				Value: "sss",
-			},
-			"pAuL": {
-				Name: "test-worker-var",
-				Type: ZarazVarWorker,
-				Value: map[string]interface{}{
-					"escapedWorkerName": "worker-var-example",
-					"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-					"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
-				},
-			},
-		},
-		Consent: ZarazConsent{
-			Enabled: &trueValue,
-			ButtonTextTranslations: ZarazButtonTextTranslations{
-				AcceptAll:        map[string]string{"en": "Accept ALL"},
-				ConfirmMyChoices: map[string]string{"en": "YES!"},
-				RejectAll:        map[string]string{"en": "Reject ALL"},
-			},
-			CompanyEmail:                          "email@example.com",
-			ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
-			CookieName:                            "zaraz-consent",
-			CustomCSS:                             ".test {\n    color: red;\n}",
-			CustomIntroDisclaimerDismissed:        &trueValue,
-			DefaultLanguage:                       "en",
-			HideModal:                             &falseValue,
-			PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
-				"rJJC": {
-					Description: map[string]string{"en": "Blah blah"},
-					Name:        map[string]string{"en": "Analytics"},
-					Order:       0,
-				},
-			},
-		},
-	}
-	payload.DebugKey = "butter" // Updating config
-	modifiedConfig := expectedConfig
-	modifiedConfig.DebugKey = "butter" // Updating config
-	expected := ZarazConfigResponse{
-		Result: modifiedConfig,
-	}
-
-	actual, err := client.UpdateZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
-	require.NoError(t, err)
-
-	assert.Equal(t, expected.Result, actual.Result)
-}
-
-func TestUpdateDeprecatedZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": {
-				"consent": {
-				  "buttonTextTranslations": {
-					"accept_all": {
-					  "en": "Accept ALL"
-					},
-					"confirm_my_choices": {
-					  "en": "YES!"
-					},
-					"reject_all": {
-					  "en": "Reject ALL"
-					}
-				  },
-				  "companyEmail": "email@example.com",
-				  "consentModalIntroHTMLWithTranslations": {
-					"en": "Lorem ipsum dolar set Amet?"
-				  },
-				  "cookieName": "zaraz-consent",
-				  "customCSS": ".test {\n    color: red;\n}",
-				  "customIntroDisclaimerDismissed": true,
-				  "defaultLanguage": "en",
-				  "enabled": true,
-				  "hideModal": false,
-				  "purposesWithTranslations": {
-					"rJJC": {
-					  "description": {
-						"en": "Blah blah"
-					  },
-					  "name": {
-						"en": "Analytics"
-					  },
-					  "order": 0
-					}
-				  }
-				},
-				"dataLayer": true,
-				"debugKey": "butter",
-				"dlp": [],
-				"historyChange": true,
-				"invalidKey": "cheese",
-				"settings": {
-				  "autoInjectScript": true
-				},
-				"tools": {
-				  "PBQr": {
-					"blockingTriggers": [],
-					"component": "html",
-					"defaultFields": {},
-					"defaultPurpose": "rJJC",
-					"enabled": true,
-					"mode": {
-					  "cloud": false,
-					  "ignoreSPA": true,
-					  "light": false,
-					  "sample": false,
-					  "segment": {
-						"end": 100,
-						"start": 0
-					  },
-					  "trigger": "pageload"
-					},
-					"name": "Custom HTML",
-					"actions": {
-					  "7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-							"actionType": "event",
-							"blockingTriggers": [],
-							"data": {
-								"__zaraz_setting_name": "pageview1",
-								"htmlCode": "<script>console.log('pageview')</script>"
-							},
-							"firingTriggers": [
-								"Pageview"
-							]
-					  }
-					},
-					"permissions": [
-					  "execute_unsafe_scripts"
-					],
-					"settings": {},
-					"type": "component"
-				  }
-				},
-				"triggers": {
-				  "Pageview": {
-					"clientRules": [],
-					"description": "All page loads",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"match": "{{ client.__zarazTrack }}",
-						"op": "EQUALS",
-						"value": "Pageview"
-					  }
-					],
-					"name": "Pageview",
-					"system": "pageload"
-				  },
-				  "TFOl": {
-					"description": "",
-					"excludeRules": [],
-					"loadRules": [
-					  {
-						"id": "Kqsc",
-						"match": "test",
-						"op": "CONTAINS",
-						"value": "test"
-					  },
-					  {
-						"action": "clickListener",
-						"id": "EDnV",
-						"settings": {
-						  "selector": "test",
-						  "type": "css",
-						  "waitForTags": 0
-						}
-					  }
-					],
-					"name": "test"
-				  }
-				},
-				"variables": {
-				  "jwIx": {
-					"name": "test",
-					"type": "string",
-					"value": "sss"
-				  },
-				  "pAuL": {
-					"name": "test-worker-var",
-					"type": "worker",
-					"value": {
-					  "escapedWorkerName": "worker-var-example",
-					  "mutableId": "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-					  "workerTag": "68aba570db9d4ec5b159624e2f7ad8bf"
-					}
-				  }
-				},
-				"zarazVersion": 44
-			  }
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/config", handler)
-	payload := UpdateZarazConfigParams{
-		DebugKey:      "cheese",
-		ZarazVersion:  44,
-		DataLayer:     &trueValue,
-		Dlp:           []any{},
-		HistoryChange: &trueValue,
-		Settings: ZarazConfigSettings{
-			AutoInjectScript: &trueValue,
-		},
-		Tools: map[string]ZarazTool{
-			"PBQr": {
-				BlockingTriggers: []string{},
-				Enabled:          &trueValue,
-				DefaultFields:    map[string]any{},
-				Name:             "Custom HTML",
-				Actions: map[string]ZarazAction{
-					"7ccae28d-5e00-4f0b-a491-519ecde998c8": {
-						ActionType:       "event",
-						BlockingTriggers: []string{},
-						Data: map[string]any{
-							"__zaraz_setting_name": "pageview1",
-							"htmlCode":             "<script>console.log('pageview')</script>",
-						},
-						FiringTriggers: []string{"Pageview"},
-					},
-				},
-				Type:           ZarazToolComponent,
-				DefaultPurpose: "rJJC",
-				Component:      "html",
-				Permissions:    []string{"execute_unsafe_scripts"},
-				Settings:       map[string]any{},
-			},
-		},
-		Triggers: map[string]ZarazTrigger{
-			"Pageview": {
-				Name:         "Pageview",
-				Description:  "All page loads",
-				LoadRules:    []ZarazTriggerRule{{Match: "{{ client.__zarazTrack }}", Op: "EQUALS", Value: "Pageview"}},
-				ExcludeRules: []ZarazTriggerRule{},
-				ClientRules:  []any{},
-				System:       ZarazPageload,
-			},
-			"TFOl": {
-				Name:         "test",
-				Description:  "",
-				LoadRules:    []ZarazTriggerRule{{Id: "Kqsc", Match: "test", Op: "CONTAINS", Value: "test"}, {Id: "EDnV", Action: ZarazClickListener, Settings: ZarazRuleSettings{Selector: "test", Type: ZarazCSS}}},
-				ExcludeRules: []ZarazTriggerRule{},
-			},
-		},
-		Variables: map[string]ZarazVariable{
-			"jwIx": {
-				Name:  "test",
-				Type:  ZarazVarString,
-				Value: "sss",
-			},
-			"pAuL": {
-				Name: "test-worker-var",
-				Type: ZarazVarWorker,
-				Value: map[string]interface{}{
-					"escapedWorkerName": "worker-var-example",
-					"mutableId":         "m.zpt3q__WyW-61WM2qwgGoBl4Nxg-sfBsaMhu9NayjwU",
-					"workerTag":         "68aba570db9d4ec5b159624e2f7ad8bf",
-				},
-			},
-		},
-		Consent: ZarazConsent{
-			Enabled: &trueValue,
-			ButtonTextTranslations: ZarazButtonTextTranslations{
-				AcceptAll:        map[string]string{"en": "Accept ALL"},
-				ConfirmMyChoices: map[string]string{"en": "YES!"},
-				RejectAll:        map[string]string{"en": "Reject ALL"},
-			},
-			CompanyEmail:                          "email@example.com",
-			ConsentModalIntroHTMLWithTranslations: map[string]string{"en": "Lorem ipsum dolar set Amet?"},
-			CookieName:                            "zaraz-consent",
-			CustomCSS:                             ".test {\n    color: red;\n}",
-			CustomIntroDisclaimerDismissed:        &trueValue,
-			DefaultLanguage:                       "en",
-			HideModal:                             &falseValue,
-			PurposesWithTranslations: map[string]ZarazPurposeWithTranslations{
-				"rJJC": {
-					Description: map[string]string{"en": "Blah blah"},
-					Name:        map[string]string{"en": "Analytics"},
-					Order:       0,
-				},
-			},
-		},
-	}
-	payload.DebugKey = "butter" // Updating config
-	modifiedConfig := expectedConfig
-	modifiedConfig.DebugKey = "butter" // Updating config
-	expected := ZarazConfigResponse{
-		Result: modifiedConfig,
-	}
-
-	actual, err := client.UpdateZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
-	require.NoError(t, err)
-
-	assert.Equal(t, expected.Result, actual.Result)
-}
-
-func TestGetZarazWorkflow(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": "realtime"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/workflow", handler)
-	want := ZarazWorkflowResponse{
-		Result: "realtime",
-		Response: Response{
-			Success:  true,
-			Messages: []ResponseInfo{},
-			Errors:   []ResponseInfo{},
-		},
-	}
-
-	actual, err := client.GetZarazWorkflow(context.Background(), ZoneIdentifier(testZoneID))
-
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestUpdateZarazWorkflow(t *testing.T) {
-	setup()
-	defer teardown()
-
-	payload := UpdateZarazWorkflowParams{
-		Workflow: "realtime",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		body, _ := io.ReadAll(r.Body)
-		bodyString := string(body)
-		assert.Equal(t, fmt.Sprintf("\"%s\"", payload.Workflow), bodyString)
-
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": "realtime"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/workflow", handler)
-	want := ZarazWorkflowResponse{
-		Result: "realtime",
-		Response: Response{
-			Success:  true,
-			Messages: []ResponseInfo{},
-			Errors:   []ResponseInfo{},
-		},
-	}
-
-	actual, err := client.UpdateZarazWorkflow(context.Background(), ZoneIdentifier(testZoneID), payload)
-
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestPublishZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	payload := PublishZarazConfigParams{
-		Description: "test description",
-	}
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		body, _ := io.ReadAll(r.Body)
-		bodyString := string(body)
-		assert.Equal(t, fmt.Sprintf("\"%s\"", payload.Description), bodyString)
-
-		w.Header().Set("Content-Type", "application/json")
-		fmt.Fprint(w, `{
-			"errors": [],
-			"messages": [],
-			"success": true,
-			"result": "Config has been published successfully"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/publish", handler)
-	want := ZarazPublishResponse{
-		Result: "Config has been published successfully",
-		Response: Response{
-			Success:  true,
-			Messages: []ResponseInfo{},
-			Errors:   []ResponseInfo{},
-		},
-	}
-
-	actual, err := client.PublishZarazConfig(context.Background(), ZoneIdentifier(testZoneID), payload)
-
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestGetZarazConfigHistoryList(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprint(w, `{
-			"result": [
-			  {
-				"createdAt": "2023-01-01T05:20:00Z",
-				"description": "test 1",
-				"id": 1005736,
-				"updatedAt": "2023-01-01T05:20:00Z",
-				"userId": "9ceddf6f117afe04c64716c83468d3a4"
-			  },
-			  {
-				"createdAt": "2023-01-01T05:20:00Z",
-				"description": "test 2",
-				"id": 1005735,
-				"updatedAt": "2023-01-01T05:20:00Z",
-				"userId": "9ceddf6f117afe04c64716c83468d3a4"
-			  }
-			],
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result_info": {
-			  "page": 1,
-			  "per_page": 2,
-			  "count": 2,
-			  "total_count": 8
-			}
-		  }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/history", handler)
-	createdAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00Z")
-	updatedAt, _ := time.Parse(time.RFC3339, "2023-01-01T05:20:00Z")
-	want := []ZarazHistoryRecord{
-		{
-			CreatedAt:   &createdAt,
-			Description: "test 1",
-			ID:          1005736,
-			UpdatedAt:   &updatedAt,
-			UserID:      "9ceddf6f117afe04c64716c83468d3a4",
-		},
-		{
-			CreatedAt:   &createdAt,
-			Description: "test 2",
-			ID:          1005735,
-			UpdatedAt:   &updatedAt,
-			UserID:      "9ceddf6f117afe04c64716c83468d3a4",
-		},
-	}
-
-	actual, _, err := client.ListZarazConfigHistory(context.Background(), ZoneIdentifier(testZoneID), ListZarazConfigHistoryParams{
-		ResultInfo: ResultInfo{
-			PerPage: 2,
-		},
-	})
-
-	require.NoError(t, err)
-
-	assert.Equal(t, want, actual)
-}
-
-func TestGetDefaultZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "text/plain")
-		fmt.Fprint(w, `{
-			"someTestKeyThatRepsTheConfig": "test"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/default", handler)
-
-	_, err := client.GetDefaultZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
-	require.NoError(t, err)
-}
-
-func TestExportZarazConfig(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "text/plain")
-		fmt.Fprint(w, `{
-			"someTestKeyThatRepsTheConfig": "test"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/settings/zaraz/v2/export", handler)
-
-	err := client.ExportZarazConfig(context.Background(), ZoneIdentifier(testZoneID))
-	require.NoError(t, err)
-}
diff --git a/pkg/cloudflare-go/zone.go b/pkg/cloudflare-go/zone.go
deleted file mode 100644
index de92880a15..0000000000
--- a/pkg/cloudflare-go/zone.go
+++ /dev/null
@@ -1,1077 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"sync"
-	"time"
-
-	"github.com/goccy/go-json"
-
-	"golang.org/x/net/idna"
-)
-
-var (
-	// ErrMissingSettingName is for when setting name is required but missing.
-	ErrMissingSettingName = errors.New("zone setting name required but missing")
-)
-
-// Owner describes the resource owner.
-type Owner struct {
-	ID        string `json:"id"`
-	Email     string `json:"email"`
-	Name      string `json:"name"`
-	OwnerType string `json:"type"`
-}
-
-// Zone describes a Cloudflare zone.
-type Zone struct {
-	ID   string `json:"id"`
-	Name string `json:"name"`
-	// DevMode contains the time in seconds until development expires (if
-	// positive) or since it expired (if negative). It will be 0 if never used.
-	DevMode           int       `json:"development_mode"`
-	OriginalNS        []string  `json:"original_name_servers"`
-	OriginalRegistrar string    `json:"original_registrar"`
-	OriginalDNSHost   string    `json:"original_dnshost"`
-	CreatedOn         time.Time `json:"created_on"`
-	ModifiedOn        time.Time `json:"modified_on"`
-	NameServers       []string  `json:"name_servers"`
-	Owner             Owner     `json:"owner"`
-	Permissions       []string  `json:"permissions"`
-	Plan              ZonePlan  `json:"plan"`
-	PlanPending       ZonePlan  `json:"plan_pending,omitempty"`
-	Status            string    `json:"status"`
-	Paused            bool      `json:"paused"`
-	Type              string    `json:"type"`
-	Host              struct {
-		Name    string
-		Website string
-	} `json:"host"`
-	VanityNS        []string `json:"vanity_name_servers"`
-	Betas           []string `json:"betas"`
-	DeactReason     string   `json:"deactivation_reason"`
-	Meta            ZoneMeta `json:"meta"`
-	Account         Account  `json:"account"`
-	VerificationKey string   `json:"verification_key"`
-}
-
-// ZoneMeta describes metadata about a zone.
-type ZoneMeta struct {
-	// custom_certificate_quota is broken - sometimes it's a string, sometimes a number!
-	// CustCertQuota     int    `json:"custom_certificate_quota"`
-	PageRuleQuota     int  `json:"page_rule_quota"`
-	WildcardProxiable bool `json:"wildcard_proxiable"`
-	PhishingDetected  bool `json:"phishing_detected"`
-}
-
-// ZonePlan contains the plan information for a zone.
-type ZonePlan struct {
-	ZonePlanCommon
-	LegacyID          string `json:"legacy_id"`
-	IsSubscribed      bool   `json:"is_subscribed"`
-	CanSubscribe      bool   `json:"can_subscribe"`
-	LegacyDiscount    bool   `json:"legacy_discount"`
-	ExternallyManaged bool   `json:"externally_managed"`
-}
-
-// ZoneRatePlan contains the plan information for a zone.
-type ZoneRatePlan struct {
-	ZonePlanCommon
-	Components []zoneRatePlanComponents `json:"components,omitempty"`
-}
-
-// ZonePlanCommon contains fields used by various Plan endpoints.
-type ZonePlanCommon struct {
-	ID        string `json:"id"`
-	Name      string `json:"name,omitempty"`
-	Price     int    `json:"price,omitempty"`
-	Currency  string `json:"currency,omitempty"`
-	Frequency string `json:"frequency,omitempty"`
-}
-
-type zoneRatePlanComponents struct {
-	Name      string `json:"name"`
-	Default   int    `json:"Default"`
-	UnitPrice int    `json:"unit_price"`
-}
-
-// ZoneID contains only the zone ID.
-type ZoneID struct {
-	ID string `json:"id"`
-}
-
-// ZoneResponse represents the response from the Zone endpoint containing a single zone.
-type ZoneResponse struct {
-	Response
-	Result Zone `json:"result"`
-}
-
-// ZonesResponse represents the response from the Zone endpoint containing an array of zones.
-type ZonesResponse struct {
-	Response
-	Result     []Zone `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// ZoneIDResponse represents the response from the Zone endpoint, containing only a zone ID.
-type ZoneIDResponse struct {
-	Response
-	Result ZoneID `json:"result"`
-}
-
-// AvailableZoneRatePlansResponse represents the response from the Available Rate Plans endpoint.
-type AvailableZoneRatePlansResponse struct {
-	Response
-	Result     []ZoneRatePlan `json:"result"`
-	ResultInfo `json:"result_info"`
-}
-
-// AvailableZonePlansResponse represents the response from the Available Plans endpoint.
-type AvailableZonePlansResponse struct {
-	Response
-	Result []ZonePlan `json:"result"`
-	ResultInfo
-}
-
-// ZoneRatePlanResponse represents the response from the Plan Details endpoint.
-type ZoneRatePlanResponse struct {
-	Response
-	Result ZoneRatePlan `json:"result"`
-}
-
-// ZoneSetting contains settings for a zone.
-type ZoneSetting struct {
-	ID            string      `json:"id"`
-	Editable      bool        `json:"editable"`
-	ModifiedOn    string      `json:"modified_on,omitempty"`
-	Value         interface{} `json:"value"`
-	TimeRemaining int         `json:"time_remaining"`
-}
-
-// ZoneSettingResponse represents the response from the Zone Setting endpoint.
-type ZoneSettingResponse struct {
-	Response
-	Result []ZoneSetting `json:"result"`
-}
-
-// ZoneSettingSingleResponse represents the response from the Zone Setting endpoint for the specified setting.
-type ZoneSettingSingleResponse struct {
-	Response
-	Result ZoneSetting `json:"result"`
-}
-
-// ZoneSSLSetting contains ssl setting for a zone.
-type ZoneSSLSetting struct {
-	ID                string `json:"id"`
-	Editable          bool   `json:"editable"`
-	ModifiedOn        string `json:"modified_on"`
-	Value             string `json:"value"`
-	CertificateStatus string `json:"certificate_status"`
-}
-
-// ZoneSSLSettingResponse represents the response from the Zone SSL Setting
-// endpoint.
-type ZoneSSLSettingResponse struct {
-	Response
-	Result ZoneSSLSetting `json:"result"`
-}
-
-// ZoneAnalyticsData contains totals and timeseries analytics data for a zone.
-type ZoneAnalyticsData struct {
-	Totals     ZoneAnalytics   `json:"totals"`
-	Timeseries []ZoneAnalytics `json:"timeseries"`
-}
-
-// zoneAnalyticsDataResponse represents the response from the Zone Analytics Dashboard endpoint.
-type zoneAnalyticsDataResponse struct {
-	Response
-	Result ZoneAnalyticsData `json:"result"`
-}
-
-// ZoneAnalyticsColocation contains analytics data by datacenter.
-type ZoneAnalyticsColocation struct {
-	ColocationID string          `json:"colo_id"`
-	Timeseries   []ZoneAnalytics `json:"timeseries"`
-}
-
-// zoneAnalyticsColocationResponse represents the response from the Zone Analytics By Co-location endpoint.
-type zoneAnalyticsColocationResponse struct {
-	Response
-	Result []ZoneAnalyticsColocation `json:"result"`
-}
-
-// ZoneAnalytics contains analytics data for a zone.
-type ZoneAnalytics struct {
-	Since    time.Time `json:"since"`
-	Until    time.Time `json:"until"`
-	Requests struct {
-		All         int            `json:"all"`
-		Cached      int            `json:"cached"`
-		Uncached    int            `json:"uncached"`
-		ContentType map[string]int `json:"content_type"`
-		Country     map[string]int `json:"country"`
-		SSL         struct {
-			Encrypted   int `json:"encrypted"`
-			Unencrypted int `json:"unencrypted"`
-		} `json:"ssl"`
-		HTTPStatus map[string]int `json:"http_status"`
-	} `json:"requests"`
-	Bandwidth struct {
-		All         int            `json:"all"`
-		Cached      int            `json:"cached"`
-		Uncached    int            `json:"uncached"`
-		ContentType map[string]int `json:"content_type"`
-		Country     map[string]int `json:"country"`
-		SSL         struct {
-			Encrypted   int `json:"encrypted"`
-			Unencrypted int `json:"unencrypted"`
-		} `json:"ssl"`
-	} `json:"bandwidth"`
-	Threats struct {
-		All     int            `json:"all"`
-		Country map[string]int `json:"country"`
-		Type    map[string]int `json:"type"`
-	} `json:"threats"`
-	Pageviews struct {
-		All           int            `json:"all"`
-		SearchEngines map[string]int `json:"search_engines"`
-	} `json:"pageviews"`
-	Uniques struct {
-		All int `json:"all"`
-	}
-}
-
-// ZoneAnalyticsOptions represents the optional parameters in Zone Analytics
-// endpoint requests.
-type ZoneAnalyticsOptions struct {
-	Since      *time.Time
-	Until      *time.Time
-	Continuous *bool
-}
-
-// PurgeCacheRequest represents the request format made to the purge endpoint.
-type PurgeCacheRequest struct {
-	Everything bool `json:"purge_everything,omitempty"`
-	// Purge by filepath (exact match). Limit of 30
-	Files []string `json:"files,omitempty"`
-	// Purge by Tag (Enterprise only):
-	// https://support.cloudflare.com/hc/en-us/articles/206596608-How-to-Purge-Cache-Using-Cache-Tags-Enterprise-only-
-	Tags []string `json:"tags,omitempty"`
-	// Purge by hostname - e.g. "assets.example.com"
-	Hosts []string `json:"hosts,omitempty"`
-	// Purge by prefix - e.g. "example.com/css"
-	Prefixes []string `json:"prefixes,omitempty"`
-}
-
-// PurgeCacheResponse represents the response from the purge endpoint.
-type PurgeCacheResponse struct {
-	Response
-	Result struct {
-		ID string `json:"id"`
-	} `json:"result"`
-}
-
-// newZone describes a new zone.
-type newZone struct {
-	Name      string `json:"name"`
-	JumpStart bool   `json:"jump_start"`
-	Type      string `json:"type"`
-	// We use a pointer to get a nil type when the field is empty.
-	// This allows us to completely omit this with json.Marshal().
-	Account *Account `json:"organization,omitempty"`
-}
-
-// FallbackOrigin describes a fallback origin.
-type FallbackOrigin struct {
-	Value string `json:"value"`
-	ID    string `json:"id,omitempty"`
-}
-
-// FallbackOriginResponse represents the response from the fallback_origin endpoint.
-type FallbackOriginResponse struct {
-	Response
-	Result FallbackOrigin `json:"result"`
-}
-
-// zoneSubscriptionRatePlanPayload is used to build the JSON payload for
-// setting a particular rate plan on an existing zone.
-type zoneSubscriptionRatePlanPayload struct {
-	RatePlan struct {
-		ID string `json:"id"`
-	} `json:"rate_plan"`
-}
-
-type GetZoneSettingParams struct {
-	Name       string `json:"-"`
-	PathPrefix string `json:"-"`
-}
-
-type UpdateZoneSettingParams struct {
-	Name       string      `json:"-"`
-	PathPrefix string      `json:"-"`
-	Value      interface{} `json:"value"`
-}
-
-// CreateZone creates a zone on an account.
-//
-// Setting jumpstart to true will attempt to automatically scan for existing
-// DNS records. Setting this to false will create the zone with no DNS records.
-//
-// If account is non-empty, it must have at least the ID field populated.
-// This will add the new zone to the specified multi-user account.
-//
-// API reference: https://api.cloudflare.com/#zone-create-a-zone
-func (api *API) CreateZone(ctx context.Context, name string, jumpstart bool, account Account, zoneType string) (Zone, error) {
-	var newzone newZone
-	newzone.Name = name
-	newzone.JumpStart = jumpstart
-	if account.ID != "" {
-		newzone.Account = &account
-	}
-
-	if zoneType == "partial" {
-		newzone.Type = "partial"
-	} else {
-		newzone.Type = "full"
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodPost, "/zones", newzone)
-	if err != nil {
-		return Zone{}, err
-	}
-
-	var r ZoneResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ZoneActivationCheck initiates another zone activation check for newly-created zones.
-//
-// API reference: https://api.cloudflare.com/#zone-initiate-another-zone-activation-check
-func (api *API) ZoneActivationCheck(ctx context.Context, zoneID string) (Response, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPut, "/zones/"+zoneID+"/activation_check", nil)
-	if err != nil {
-		return Response{}, err
-	}
-	var r Response
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Response{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// ListZones lists zones on an account. Optionally takes a list of zone names
-// to filter against.
-//
-// API reference: https://api.cloudflare.com/#zone-list-zones
-func (api *API) ListZones(ctx context.Context, z ...string) ([]Zone, error) {
-	var zones []Zone
-	if len(z) > 0 {
-		var (
-			v = url.Values{}
-			r ZonesResponse
-		)
-		for _, zone := range z {
-			v.Set("name", normalizeZoneName(zone))
-			res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones?"+v.Encode(), nil)
-			if err != nil {
-				return []Zone{}, err
-			}
-			err = json.Unmarshal(res, &r)
-			if err != nil {
-				return []Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-			}
-			if !r.Success {
-				// TODO: Provide an actual error message instead of always returning nil
-				return []Zone{}, err
-			}
-			zones = append(zones, r.Result...)
-		}
-	} else {
-		res, err := api.ListZonesContext(ctx)
-		if err != nil {
-			return nil, err
-		}
-
-		zones = res.Result
-	}
-
-	return zones, nil
-}
-
-const listZonesPerPage = 50
-
-// listZonesFetch fetches one page of zones.
-// This is placed as a separate function to prevent any possibility of unintended capturing.
-func (api *API) listZonesFetch(ctx context.Context, wg *sync.WaitGroup, errc chan error,
-	path string, pageSize int, buf []Zone) {
-	defer wg.Done()
-
-	// recordError sends the error to errc in a non-blocking manner
-	recordError := func(err error) {
-		select {
-		case errc <- err:
-		default:
-		}
-	}
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, path, nil)
-	if err != nil {
-		recordError(err)
-		return
-	}
-
-	var r ZonesResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		recordError(err)
-		return
-	}
-
-	if len(r.Result) != pageSize {
-		recordError(errors.New(errResultInfo))
-		return
-	}
-
-	copy(buf, r.Result)
-}
-
-// ListZonesContext lists all zones on an account automatically handling the
-// pagination. Optionally takes a list of ReqOptions.
-func (api *API) ListZonesContext(ctx context.Context, opts ...ReqOption) (r ZonesResponse, err error) {
-	opt := reqOption{
-		params: url.Values{},
-	}
-	for _, of := range opts {
-		of(&opt)
-	}
-
-	if opt.params.Get("page") != "" || opt.params.Get("per_page") != "" {
-		return ZonesResponse{}, errors.New(errManualPagination)
-	}
-
-	opt.params.Add("per_page", strconv.Itoa(listZonesPerPage))
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones?"+opt.params.Encode(), nil)
-	if err != nil {
-		return ZonesResponse{}, err
-	}
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZonesResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	// avoid overhead in most common cases where the total #zones <= 50
-	if r.TotalPages < 2 {
-		return r, nil
-	}
-
-	// parameters of pagination
-	var (
-		totalPageCount = r.TotalPages
-		totalCount     = r.Total
-
-		// zones is a large slice to prevent resizing during concurrent writes.
-		zones = make([]Zone, totalCount)
-	)
-
-	// Copy the first page into zones.
-	copy(zones, r.Result)
-
-	var wg sync.WaitGroup
-	wg.Add(totalPageCount - 1)  // all pages except the first one.
-	errc := make(chan error, 1) // getting the first error
-
-	// Creating all the workers.
-	for pageNum := 2; pageNum <= totalPageCount; pageNum++ {
-		// Note: URL.Values is just a map[string], so this would override the existing 'page'
-		opt.params.Set("page", strconv.Itoa(pageNum))
-
-		// start is the first index in the zone buffer
-		start := listZonesPerPage * (pageNum - 1)
-
-		pageSize := listZonesPerPage
-		if pageNum == totalPageCount {
-			// The size of the last page (which would be <= 50).
-			pageSize = totalCount - start
-		}
-
-		go api.listZonesFetch(ctx, &wg, errc, "/zones?"+opt.params.Encode(), pageSize, zones[start:])
-	}
-
-	wg.Wait()
-
-	select {
-	case err := <-errc: // if there were any errors
-		return ZonesResponse{}, err
-	default: // if there were no errors, the receive statement should block
-		r.Result = zones
-		return r, nil
-	}
-}
-
-// ZoneDetails fetches information about a zone.
-//
-// API reference: https://api.cloudflare.com/#zone-zone-details
-func (api *API) ZoneDetails(ctx context.Context, zoneID string) (Zone, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID, nil)
-	if err != nil {
-		return Zone{}, err
-	}
-	var r ZoneResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ZoneOptions is a subset of Zone, for editable options.
-type ZoneOptions struct {
-	Paused   *bool     `json:"paused,omitempty"`
-	VanityNS []string  `json:"vanity_name_servers,omitempty"`
-	Plan     *ZonePlan `json:"plan,omitempty"`
-	Type     string    `json:"type,omitempty"`
-}
-
-// ZoneSetPaused pauses Cloudflare service for the entire zone, sending all
-// traffic direct to the origin.
-func (api *API) ZoneSetPaused(ctx context.Context, zoneID string, paused bool) (Zone, error) {
-	zoneopts := ZoneOptions{Paused: &paused}
-	zone, err := api.EditZone(ctx, zoneID, zoneopts)
-	if err != nil {
-		return Zone{}, err
-	}
-
-	return zone, nil
-}
-
-// ZoneSetType toggles the type for an existing zone.
-//
-// Valid values for `type` are "full" and "partial"
-//
-// API reference: https://api.cloudflare.com/#zone-edit-zone
-func (api *API) ZoneSetType(ctx context.Context, zoneID string, zoneType string) (Zone, error) {
-	zoneopts := ZoneOptions{Type: zoneType}
-	zone, err := api.EditZone(ctx, zoneID, zoneopts)
-	if err != nil {
-		return Zone{}, err
-	}
-
-	return zone, nil
-}
-
-// ZoneSetVanityNS sets custom nameservers for the zone.
-// These names must be within the same zone.
-func (api *API) ZoneSetVanityNS(ctx context.Context, zoneID string, ns []string) (Zone, error) {
-	zoneopts := ZoneOptions{VanityNS: ns}
-	zone, err := api.EditZone(ctx, zoneID, zoneopts)
-	if err != nil {
-		return Zone{}, err
-	}
-
-	return zone, nil
-}
-
-// ZoneSetPlan sets the rate plan of an existing zone.
-//
-// Valid values for `planType` are "CF_FREE", "CF_PRO", "CF_BIZ" and
-// "CF_ENT".
-//
-// API reference: https://api.cloudflare.com/#zone-subscription-create-zone-subscription
-func (api *API) ZoneSetPlan(ctx context.Context, zoneID string, planType string) error {
-	zonePayload := zoneSubscriptionRatePlanPayload{}
-	zonePayload.RatePlan.ID = planType
-
-	uri := fmt.Sprintf("/zones/%s/subscription", zoneID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodPost, uri, zonePayload)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// ZoneUpdatePlan updates the rate plan of an existing zone.
-//
-// Valid values for `planType` are "CF_FREE", "CF_PRO", "CF_BIZ" and
-// "CF_ENT".
-//
-// API reference: https://api.cloudflare.com/#zone-subscription-update-zone-subscription
-func (api *API) ZoneUpdatePlan(ctx context.Context, zoneID string, planType string) error {
-	zonePayload := zoneSubscriptionRatePlanPayload{}
-	zonePayload.RatePlan.ID = planType
-
-	uri := fmt.Sprintf("/zones/%s/subscription", zoneID)
-
-	_, err := api.makeRequestContext(ctx, http.MethodPut, uri, zonePayload)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// EditZone edits the given zone.
-//
-// This is usually called by ZoneSetPaused, ZoneSetType, or ZoneSetVanityNS.
-//
-// API reference: https://api.cloudflare.com/#zone-edit-zone-properties
-func (api *API) EditZone(ctx context.Context, zoneID string, zoneOpts ZoneOptions) (Zone, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/zones/"+zoneID, zoneOpts)
-	if err != nil {
-		return Zone{}, err
-	}
-	var r ZoneResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Zone{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// PurgeEverything purges the cache for the given zone.
-//
-// Note: this will substantially increase load on the origin server for that
-// zone if there is a high cached vs. uncached request ratio.
-//
-// API reference: https://api.cloudflare.com/#zone-purge-all-files
-func (api *API) PurgeEverything(ctx context.Context, zoneID string) (PurgeCacheResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/purge_cache", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, PurgeCacheRequest{true, nil, nil, nil, nil})
-	if err != nil {
-		return PurgeCacheResponse{}, err
-	}
-	var r PurgeCacheResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PurgeCacheResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// PurgeCache purges the cache using the given PurgeCacheRequest (zone/url/tag).
-//
-// API reference: https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags
-func (api *API) PurgeCache(ctx context.Context, zoneID string, pcr PurgeCacheRequest) (PurgeCacheResponse, error) {
-	return api.PurgeCacheContext(ctx, zoneID, pcr)
-}
-
-// PurgeCacheContext purges the cache using the given PurgeCacheRequest (zone/url/tag).
-//
-// API reference: https://api.cloudflare.com/#zone-purge-individual-files-by-url-and-cache-tags
-func (api *API) PurgeCacheContext(ctx context.Context, zoneID string, pcr PurgeCacheRequest) (PurgeCacheResponse, error) {
-	// manually build the payload to ensure we don't escape HTML entities to
-	// match their keys for purging.
-	payload, err := json.MarshalWithOption(pcr, json.DisableHTMLEscape())
-	if err != nil {
-		return PurgeCacheResponse{}, err
-	}
-
-	uri := fmt.Sprintf("/zones/%s/purge_cache", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, payload)
-	if err != nil {
-		return PurgeCacheResponse{}, err
-	}
-	var r PurgeCacheResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return PurgeCacheResponse{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r, nil
-}
-
-// DeleteZone deletes the given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-delete-a-zone
-func (api *API) DeleteZone(ctx context.Context, zoneID string) (ZoneID, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, "/zones/"+zoneID, nil)
-	if err != nil {
-		return ZoneID{}, err
-	}
-	var r ZoneIDResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneID{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// AvailableZoneRatePlans returns information about all plans available to the specified zone.
-//
-// API reference: https://api.cloudflare.com/#zone-plan-available-plans
-func (api *API) AvailableZoneRatePlans(ctx context.Context, zoneID string) ([]ZoneRatePlan, error) {
-	uri := fmt.Sprintf("/zones/%s/available_rate_plans", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []ZoneRatePlan{}, err
-	}
-	var r AvailableZoneRatePlansResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []ZoneRatePlan{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// AvailableZonePlans returns information about all plans available to the specified zone.
-//
-// API reference: https://api.cloudflare.com/#zone-rate-plan-list-available-plans
-func (api *API) AvailableZonePlans(ctx context.Context, zoneID string) ([]ZonePlan, error) {
-	uri := fmt.Sprintf("/zones/%s/available_plans", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return []ZonePlan{}, err
-	}
-	var r AvailableZonePlansResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return []ZonePlan{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// encode encodes non-nil fields into URL encoded form.
-func (o ZoneAnalyticsOptions) encode() string {
-	v := url.Values{}
-	if o.Since != nil {
-		v.Set("since", o.Since.Format(time.RFC3339))
-	}
-	if o.Until != nil {
-		v.Set("until", o.Until.Format(time.RFC3339))
-	}
-	if o.Continuous != nil {
-		v.Set("continuous", fmt.Sprintf("%t", *o.Continuous))
-	}
-	return v.Encode()
-}
-
-// ZoneAnalyticsDashboard returns zone analytics information.
-//
-// API reference: https://api.cloudflare.com/#zone-analytics-dashboard
-func (api *API) ZoneAnalyticsDashboard(ctx context.Context, zoneID string, options ZoneAnalyticsOptions) (ZoneAnalyticsData, error) {
-	uri := fmt.Sprintf("/zones/%s/analytics/dashboard?%s", zoneID, options.encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneAnalyticsData{}, err
-	}
-	var r zoneAnalyticsDataResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneAnalyticsData{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ZoneAnalyticsByColocation returns zone analytics information by datacenter.
-//
-// API reference: https://api.cloudflare.com/#zone-analytics-analytics-by-co-locations
-func (api *API) ZoneAnalyticsByColocation(ctx context.Context, zoneID string, options ZoneAnalyticsOptions) ([]ZoneAnalyticsColocation, error) {
-	uri := fmt.Sprintf("/zones/%s/analytics/colos?%s", zoneID, options.encode())
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-	var r zoneAnalyticsColocationResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// ZoneSettings returns all of the settings for a given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-get-all-zone-settings
-func (api *API) ZoneSettings(ctx context.Context, zoneID string) (*ZoneSettingResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/settings", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &ZoneSettingResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// UpdateZoneSettings updates the settings for a given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-edit-zone-settings-info
-func (api *API) UpdateZoneSettings(ctx context.Context, zoneID string, settings []ZoneSetting) (*ZoneSettingResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/settings", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, struct {
-		Items []ZoneSetting `json:"items"`
-	}{settings})
-	if err != nil {
-		return nil, err
-	}
-
-	response := &ZoneSettingResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// ZoneSSLSettings returns information about SSL setting to the specified zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-get-ssl-setting
-func (api *API) ZoneSSLSettings(ctx context.Context, zoneID string) (ZoneSSLSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/settings/ssl", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneSSLSetting{}, err
-	}
-	var r ZoneSSLSettingResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateZoneSSLSettings update information about SSL setting to the specified zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-change-ssl-setting
-func (api *API) UpdateZoneSSLSettings(ctx context.Context, zoneID string, sslValue string) (ZoneSSLSetting, error) {
-	uri := fmt.Sprintf("/zones/%s/settings/ssl", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, ZoneSSLSetting{Value: sslValue})
-	if err != nil {
-		return ZoneSSLSetting{}, err
-	}
-	var r ZoneSSLSettingResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneSSLSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// FallbackOrigin returns information about the fallback origin for the specified zone.
-//
-// API reference: https://developers.cloudflare.com/ssl/ssl-for-saas/api-calls/#fallback-origin-configuration
-func (api *API) FallbackOrigin(ctx context.Context, zoneID string) (FallbackOrigin, error) {
-	uri := fmt.Sprintf("/zones/%s/fallback_origin", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return FallbackOrigin{}, err
-	}
-
-	var r FallbackOriginResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return FallbackOrigin{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-// UpdateFallbackOrigin updates the fallback origin for a given zone.
-//
-// API reference: https://developers.cloudflare.com/ssl/ssl-for-saas/api-calls/#4-example-patch-to-change-fallback-origin
-func (api *API) UpdateFallbackOrigin(ctx context.Context, zoneID string, fbo FallbackOrigin) (*FallbackOriginResponse, error) {
-	uri := fmt.Sprintf("/zones/%s/fallback_origin", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, fbo)
-	if err != nil {
-		return nil, err
-	}
-
-	response := &FallbackOriginResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return nil, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response, nil
-}
-
-// normalizeZoneName tries to convert IDNs (international domain names)
-// from Punycode to Unicode form. If the given zone name is not represented
-// as Punycode, or converting fails (for invalid representations), it
-// is returned unchanged.
-//
-// Because all the zone name comparison is currently done using the API service
-// (except for comparison with the empty string), theoretically, we could
-// remove this function from the Go library. However, there should be no harm
-// calling this function other than gelable performance penalty.
-//
-// Note: conversion errors are silently discarded.
-func normalizeZoneName(name string) string {
-	if n, err := idna.ToUnicode(name); err == nil {
-		return n
-	}
-	return name
-}
-
-// GetZoneSetting returns information about specified setting to the specified
-// zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-get-all-zone-settings
-func (api *API) GetZoneSetting(ctx context.Context, rc *ResourceContainer, params GetZoneSettingParams) (ZoneSetting, error) {
-	if rc.Level != ZoneRouteLevel {
-		return ZoneSetting{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ZoneSetting{}, ErrMissingName
-	}
-
-	pathPrefix := "settings"
-	if params.PathPrefix != "" {
-		pathPrefix = params.PathPrefix
-	}
-
-	uri := fmt.Sprintf("/zones/%s/%s/%s", rc.Identifier, pathPrefix, params.Name)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneSetting{}, err
-	}
-	var r ZoneSettingSingleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateZoneSetting updates the specified setting for a given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-settings-edit-zone-settings-info
-func (api *API) UpdateZoneSetting(ctx context.Context, rc *ResourceContainer, params UpdateZoneSettingParams) (ZoneSetting, error) {
-	if rc.Level != ZoneRouteLevel {
-		return ZoneSetting{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	if rc.Identifier == "" {
-		return ZoneSetting{}, ErrMissingName
-	}
-
-	pathPrefix := "settings"
-	if params.PathPrefix != "" {
-		pathPrefix = params.PathPrefix
-	}
-
-	uri := fmt.Sprintf("/zones/%s/%s/%s", rc.Identifier, pathPrefix, params.Name)
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, params)
-	if err != nil {
-		return ZoneSetting{}, err
-	}
-
-	response := &ZoneSettingSingleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneSetting{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// ZoneExport returns the text BIND config for the given zone
-//
-// API reference: https://api.cloudflare.com/#dns-records-for-a-zone-export-dns-records
-func (api *API) ZoneExport(ctx context.Context, zoneID string) (string, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID+"/dns_records/export", nil)
-	if err != nil {
-		return "", err
-	}
-	return string(res), nil
-}
-
-// ZoneDNSSECResponse represents the response from the Zone DNSSEC Setting.
-type ZoneDNSSECResponse struct {
-	Response
-	Result ZoneDNSSEC `json:"result"`
-}
-
-// ZoneDNSSEC represents the response from the Zone DNSSEC Setting result.
-type ZoneDNSSEC struct {
-	Status          string    `json:"status"`
-	Flags           int       `json:"flags"`
-	Algorithm       string    `json:"algorithm"`
-	KeyType         string    `json:"key_type"`
-	DigestType      string    `json:"digest_type"`
-	DigestAlgorithm string    `json:"digest_algorithm"`
-	Digest          string    `json:"digest"`
-	DS              string    `json:"ds"`
-	KeyTag          int       `json:"key_tag"`
-	PublicKey       string    `json:"public_key"`
-	ModifiedOn      time.Time `json:"modified_on"`
-}
-
-// ZoneDNSSECSetting returns the DNSSEC details of a zone
-//
-// API reference: https://api.cloudflare.com/#dnssec-dnssec-details
-func (api *API) ZoneDNSSECSetting(ctx context.Context, zoneID string) (ZoneDNSSEC, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodGet, "/zones/"+zoneID+"/dnssec", nil)
-	if err != nil {
-		return ZoneDNSSEC{}, err
-	}
-	response := ZoneDNSSECResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneDNSSEC{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// ZoneDNSSECDeleteResponse represents the response from the Zone DNSSEC Delete request.
-type ZoneDNSSECDeleteResponse struct {
-	Response
-	Result string `json:"result"`
-}
-
-// DeleteZoneDNSSEC deletes DNSSEC for zone
-//
-// API reference: https://api.cloudflare.com/#dnssec-delete-dnssec-records
-func (api *API) DeleteZoneDNSSEC(ctx context.Context, zoneID string) (string, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, "/zones/"+zoneID+"/dnssec", nil)
-	if err != nil {
-		return "", err
-	}
-	response := ZoneDNSSECDeleteResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return "", fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response.Result, nil
-}
-
-// ZoneDNSSECUpdateOptions represents the options for DNSSEC update.
-type ZoneDNSSECUpdateOptions struct {
-	Status string `json:"status"`
-}
-
-// UpdateZoneDNSSEC updates DNSSEC for a zone
-//
-// API reference: https://api.cloudflare.com/#dnssec-edit-dnssec-status
-func (api *API) UpdateZoneDNSSEC(ctx context.Context, zoneID string, options ZoneDNSSECUpdateOptions) (ZoneDNSSEC, error) {
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, "/zones/"+zoneID+"/dnssec", options)
-	if err != nil {
-		return ZoneDNSSEC{}, err
-	}
-	response := ZoneDNSSECResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneDNSSEC{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/zone_cache_variants.go b/pkg/cloudflare-go/zone_cache_variants.go
deleted file mode 100644
index 101f388d55..0000000000
--- a/pkg/cloudflare-go/zone_cache_variants.go
+++ /dev/null
@@ -1,89 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-type ZoneCacheVariantsValues struct {
-	Avif []string `json:"avif,omitempty"`
-	Bmp  []string `json:"bmp,omitempty"`
-	Gif  []string `json:"gif,omitempty"`
-	Jpeg []string `json:"jpeg,omitempty"`
-	Jpg  []string `json:"jpg,omitempty"`
-	Jpg2 []string `json:"jpg2,omitempty"`
-	Jp2  []string `json:"jp2,omitempty"`
-	Png  []string `json:"png,omitempty"`
-	Tiff []string `json:"tiff,omitempty"`
-	Tif  []string `json:"tif,omitempty"`
-	Webp []string `json:"webp,omitempty"`
-}
-
-type ZoneCacheVariants struct {
-	ModifiedOn time.Time               `json:"modified_on"`
-	Value      ZoneCacheVariantsValues `json:"value"`
-}
-
-type updateZoneCacheVariantsRequest struct {
-	Value ZoneCacheVariantsValues `json:"value"`
-}
-
-type zoneCacheVariantsSingleResponse struct {
-	Response
-	Result ZoneCacheVariants `json:"result"`
-}
-
-// ZoneCacheVariants returns information about the current cache variants
-//
-// API reference: https://api.cloudflare.com/#zone-cache-settings-get-variants-setting
-func (api *API) ZoneCacheVariants(ctx context.Context, zoneID string) (ZoneCacheVariants, error) {
-	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneCacheVariants{}, err
-	}
-	var r zoneCacheVariantsSingleResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return ZoneCacheVariants{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateZoneCacheVariants updates the cache variants for a given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-cache-settings-change-variants-setting
-func (api *API) UpdateZoneCacheVariants(ctx context.Context, zoneID string, variants ZoneCacheVariantsValues) (ZoneCacheVariants, error) {
-	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
-
-	updateReq := updateZoneCacheVariantsRequest{Value: variants}
-	res, err := api.makeRequestContext(ctx, http.MethodPatch, uri, updateReq)
-	if err != nil {
-		return ZoneCacheVariants{}, err
-	}
-
-	response := &zoneCacheVariantsSingleResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneCacheVariants{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// DeleteZoneCacheVariants deletes cache variants for a given zone.
-//
-// API reference: https://api.cloudflare.com/#zone-cache-settings-delete-variants-setting
-func (api *API) DeleteZoneCacheVariants(ctx context.Context, zoneID string) error {
-	uri := fmt.Sprintf("/zones/%s/cache/variants", zoneID)
-	_, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/zone_cache_variants_test.go b/pkg/cloudflare-go/zone_cache_variants_test.go
deleted file mode 100644
index 315d2d9221..0000000000
--- a/pkg/cloudflare-go/zone_cache_variants_test.go
+++ /dev/null
@@ -1,168 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestZoneCacheVariants(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-        {
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "id": "variants",
-            "modified_on": "2014-01-01T05:20:00.12345Z",
-            "value": {
-              "avif": [
-                "image/webp",
-                "image/jpeg"
-              ],
-              "bmp": [
-                "image/webp",
-                "image/jpeg"
-              ]
-            }
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
-
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-	want := ZoneCacheVariants{
-		ModifiedOn: modifiedOn,
-		Value: ZoneCacheVariantsValues{
-			Avif: []string{
-				"image/webp",
-				"image/jpeg",
-			},
-			Bmp: []string{
-				"image/webp",
-				"image/jpeg",
-			},
-		},
-	}
-
-	actual, err := client.ZoneCacheVariants(context.Background(), testZoneID)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestZoneCacheVariantsUpdate(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{"value":{"avif":["image/webp","image/jpeg"],"bmp":["image/webp","image/jpeg"]}}`, string(b))
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-        {
-		  "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-		    "id": "variants",
-            "modified_on": "2014-01-01T05:20:00.12345Z",
-            "value": {
-			  "avif": [
-			    "image/webp",
-                "image/jpeg"
-              ],
-			  "bmp": [
-				"image/webp",
-				"image/jpeg"
-			  ]
-            }
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
-
-	modifiedOn, _ := time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-
-	want := ZoneCacheVariants{
-		ModifiedOn: modifiedOn,
-		Value: ZoneCacheVariantsValues{
-			Avif: []string{
-				"image/webp",
-				"image/jpeg",
-			},
-			Bmp: []string{
-				"image/webp",
-				"image/jpeg",
-			},
-		},
-	}
-
-	zoneCacheVariants := ZoneCacheVariantsValues{
-		Avif: []string{
-			"image/webp",
-			"image/jpeg",
-		},
-		Bmp: []string{
-			"image/webp",
-			"image/jpeg",
-		}}
-
-	actual, err := client.UpdateZoneCacheVariants(context.Background(), testZoneID, zoneCacheVariants)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestZoneCacheVariantsDelete(t *testing.T) {
-	setup()
-	defer teardown()
-
-	apiCalled := false
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		apiCalled = true
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `
-        {
-		  "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "id": "variants",
-            "modified_on": "2014-01-01T05:20:00.12345Z"
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/"+testZoneID+"/cache/variants", handler)
-
-	err := client.DeleteZoneCacheVariants(context.Background(), testZoneID)
-
-	assert.NoError(t, err)
-	assert.True(t, apiCalled)
-}
diff --git a/pkg/cloudflare-go/zone_example_test.go b/pkg/cloudflare-go/zone_example_test.go
deleted file mode 100644
index cbcb50413b..0000000000
--- a/pkg/cloudflare-go/zone_example_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package cloudflare_test
-
-import (
-	"context"
-	"fmt"
-	"log"
-
-	cloudflare "github.com/cloudflare/cloudflare-go"
-)
-
-func ExampleAPI_ListZones_all() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch all zones available to this user.
-	zones, err := api.ListZones(context.Background())
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, z := range zones {
-		fmt.Println(z.Name)
-	}
-}
-
-func ExampleAPI_ListZones_filter() {
-	api, err := cloudflare.New("deadbeef", "test@example.org")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// Fetch a slice of zones example.org and example.net.
-	zones, err := api.ListZones(context.Background(), "example.org", "example.net")
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	for _, z := range zones {
-		fmt.Println(z.Name)
-	}
-}
diff --git a/pkg/cloudflare-go/zone_hold.go b/pkg/cloudflare-go/zone_hold.go
deleted file mode 100644
index c7f30ccc42..0000000000
--- a/pkg/cloudflare-go/zone_hold.go
+++ /dev/null
@@ -1,111 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"time"
-
-	"github.com/goccy/go-json"
-)
-
-// Retrieve whether the zone is subject to a zone hold, and metadata about the
-// hold.
-type ZoneHold struct {
-	Hold              *bool      `json:"hold,omitempty"`
-	IncludeSubdomains *bool      `json:"include_subdomains,omitempty"`
-	HoldAfter         *time.Time `json:"hold_after,omitempty"`
-}
-
-// ZoneHoldResponse represents a response from the Zone Hold endpoint.
-type ZoneHoldResponse struct {
-	Result ZoneHold `json:"result"`
-	Response
-	ResultInfo `json:"result_info"`
-}
-
-// CreateZoneHoldParams represents params for the Create Zone Hold
-// endpoint.
-type CreateZoneHoldParams struct {
-	IncludeSubdomains *bool `url:"include_subdomains,omitempty"`
-}
-
-// DeleteZoneHoldParams represents params for the Delete Zone Hold
-// endpoint.
-type DeleteZoneHoldParams struct {
-	HoldAfter *time.Time `url:"hold_after,omitempty"`
-}
-
-type GetZoneHoldParams struct{}
-
-// CreateZoneHold enforces a zone hold on the zone, blocking the creation and
-// activation of zone.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zones-0-hold-post
-func (api *API) CreateZoneHold(ctx context.Context, rc *ResourceContainer, params CreateZoneHoldParams) (ZoneHold, error) {
-	if rc.Level != ZoneRouteLevel {
-		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/hold", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil)
-	if err != nil {
-		return ZoneHold{}, err
-	}
-
-	response := &ZoneHoldResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// DeleteZoneHold removes enforcement of a zone hold on the zone, permanently or
-// temporarily, allowing the creation and activation of zones with this hostname.
-//
-// API reference:https://developers.cloudflare.com/api/operations/zones-0-hold-delete
-func (api *API) DeleteZoneHold(ctx context.Context, rc *ResourceContainer, params DeleteZoneHoldParams) (ZoneHold, error) {
-	if rc.Level != ZoneRouteLevel {
-		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := buildURI(fmt.Sprintf("/zones/%s/hold", rc.Identifier), params)
-	res, err := api.makeRequestContext(ctx, http.MethodDelete, uri, nil)
-	if err != nil {
-		return ZoneHold{}, err
-	}
-
-	response := &ZoneHoldResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
-
-// GetZoneHold retrieves whether the zone is subject to a zone hold, and the
-// metadata about the hold.
-//
-// API reference: https://developers.cloudflare.com/api/operations/zones-0-hold-get
-func (api *API) GetZoneHold(ctx context.Context, rc *ResourceContainer, params GetZoneHoldParams) (ZoneHold, error) {
-	if rc.Level != ZoneRouteLevel {
-		return ZoneHold{}, ErrRequiredZoneLevelResourceContainer
-	}
-
-	uri := fmt.Sprintf("/zones/%s/hold", rc.Identifier)
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return ZoneHold{}, err
-	}
-
-	response := &ZoneHoldResponse{}
-	err = json.Unmarshal(res, &response)
-	if err != nil {
-		return ZoneHold{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return response.Result, nil
-}
diff --git a/pkg/cloudflare-go/zone_hold_test.go b/pkg/cloudflare-go/zone_hold_test.go
deleted file mode 100644
index 6911e80609..0000000000
--- a/pkg/cloudflare-go/zone_hold_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestCreateZoneHold(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, "true", r.URL.Query().Get("include_subdomains"))
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"hold": true,
-		"hold_after": "2023-03-20T15:12:32Z",
-		"include_subdomains": true
-	  }
-	}`)
-	})
-
-	_, err := client.CreateZoneHold(context.Background(), AccountIdentifier(""), CreateZoneHoldParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
-	}
-
-	out, err := client.CreateZoneHold(context.Background(), ZoneIdentifier(testZoneID), CreateZoneHoldParams{IncludeSubdomains: BoolPtr(true)})
-	holdAfter, _ := time.Parse(time.RFC3339Nano, "2023-03-20T15:12:32Z")
-	want := ZoneHold{
-		IncludeSubdomains: BoolPtr(true),
-		Hold:              BoolPtr(true),
-		HoldAfter:         &holdAfter,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out)
-	}
-}
-
-func TestDeleteZoneHold(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, "2023-03-20T15:12:32Z", r.URL.Query().Get("hold_after"))
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"hold": false,
-		"hold_after": "2023-03-20T15:12:32.025799Z",
-		"include_subdomains": false
-	  }
-	}`)
-	})
-
-	_, err := client.DeleteZoneHold(context.Background(), AccountIdentifier(""), DeleteZoneHoldParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
-	}
-
-	holdAfter, _ := time.Parse(time.RFC3339, "2023-03-20T15:12:32.025799Z")
-	out, err := client.DeleteZoneHold(context.Background(), ZoneIdentifier(testZoneID), DeleteZoneHoldParams{HoldAfter: &holdAfter})
-	want := ZoneHold{
-		IncludeSubdomains: BoolPtr(false),
-		Hold:              BoolPtr(false),
-		HoldAfter:         &holdAfter,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out)
-	}
-}
-
-func TestGetZoneHold(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc(fmt.Sprintf("/zones/%s/hold", testZoneID), func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		fmt.Fprint(w, `
-	{
-	  "success": true,
-	  "errors": [],
-	  "messages": [],
-	  "result": {
-		"hold": false,
-		"hold_after": "2023-03-20T15:12:32Z",
-		"include_subdomains": false
-	  }
-	}`)
-	})
-
-	_, err := client.GetZoneHold(context.Background(), AccountIdentifier(""), GetZoneHoldParams{})
-	if assert.Error(t, err) {
-		assert.Equal(t, ErrRequiredZoneLevelResourceContainer, err)
-	}
-
-	out, err := client.GetZoneHold(context.Background(), ZoneIdentifier(testZoneID), GetZoneHoldParams{})
-	holdAfter, _ := time.Parse(time.RFC3339Nano, "2023-03-20T15:12:32Z")
-	want := ZoneHold{
-		IncludeSubdomains: BoolPtr(false),
-		Hold:              BoolPtr(false),
-		HoldAfter:         &holdAfter,
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, out)
-	}
-}
diff --git a/pkg/cloudflare-go/zone_test.go b/pkg/cloudflare-go/zone_test.go
deleted file mode 100644
index d8b94cd1c6..0000000000
--- a/pkg/cloudflare-go/zone_test.go
+++ /dev/null
@@ -1,1612 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"crypto/md5"   //nolint:gosec
-	"encoding/hex" // for generating IDs
-	"fmt"
-	"net/http"
-	"net/url"
-	"strconv"
-	"testing"
-	"time"
-
-	"github.com/goccy/go-json"
-	"github.com/stretchr/testify/assert"
-)
-
-// mockID returns a hex string of length 32, suitable for all kinds of IDs
-// used in the Cloudflare API.
-func mockID(seed string) string {
-	arr := md5.Sum([]byte(seed)) //nolint:gosec
-	return hex.EncodeToString(arr[:])
-}
-
-func mustParseTime(s string) time.Time {
-	t, err := time.Parse(time.RFC3339Nano, s)
-	if err != nil {
-		panic(err)
-	}
-	return t
-}
-
-func mockZone(i int) *Zone {
-	zoneName := fmt.Sprintf("%d.example.com", i)
-	ownerName := "Test Account"
-
-	return &Zone{
-		ID:      mockID(zoneName),
-		Name:    zoneName,
-		DevMode: 0,
-		OriginalNS: []string{
-			"linda.ns.cloudflare.com",
-			"merlin.ns.cloudflare.com",
-		},
-		OriginalRegistrar: "cloudflare, inc. (id: 1910)",
-		OriginalDNSHost:   "",
-		CreatedOn:         mustParseTime("2021-07-28T05:06:20.736244Z"),
-		ModifiedOn:        mustParseTime("2021-07-28T05:06:20.736244Z"),
-		NameServers: []string{
-			"abby.ns.cloudflare.com",
-			"noel.ns.cloudflare.com",
-		},
-		Owner: Owner{
-			ID:        mockID(ownerName),
-			Email:     "",
-			Name:      ownerName,
-			OwnerType: "organization",
-		},
-		Permissions: []string{
-			"#access:read",
-			"#analytics:read",
-			"#auditlogs:read",
-			"#billing:read",
-			"#dns_records:read",
-			"#lb:read",
-			"#legal:read",
-			"#logs:read",
-			"#member:read",
-			"#organization:read",
-			"#ssl:read",
-			"#stream:read",
-			"#subscription:read",
-			"#waf:read",
-			"#webhooks:read",
-			"#worker:read",
-			"#zone:read",
-			"#zone_settings:read",
-		},
-		Plan: ZonePlan{
-			ZonePlanCommon: ZonePlanCommon{
-				ID:       "0feeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
-				Name:     "Free Website",
-				Currency: "USD",
-			},
-			IsSubscribed:      false,
-			CanSubscribe:      false,
-			LegacyID:          "free",
-			LegacyDiscount:    false,
-			ExternallyManaged: false,
-		},
-		PlanPending: ZonePlan{
-			ZonePlanCommon: ZonePlanCommon{
-				ID: "",
-			},
-			IsSubscribed:      false,
-			CanSubscribe:      false,
-			LegacyID:          "",
-			LegacyDiscount:    false,
-			ExternallyManaged: false,
-		},
-		Status: "active",
-		Paused: false,
-		Type:   "full",
-		Host: struct {
-			Name    string
-			Website string
-		}{
-			Name:    "",
-			Website: "",
-		},
-		VanityNS:    nil,
-		Betas:       nil,
-		DeactReason: "",
-		Meta: ZoneMeta{
-			PageRuleQuota:     3,
-			WildcardProxiable: false,
-			PhishingDetected:  false,
-		},
-		Account: Account{
-			ID:   mockID(ownerName),
-			Name: ownerName,
-		},
-		VerificationKey: "",
-	}
-}
-
-func mockZonesResponse(total, page, start, count int) *ZonesResponse {
-	zones := make([]Zone, count)
-	for i := range zones {
-		zones[i] = *mockZone(start + i)
-	}
-
-	return &ZonesResponse{
-		Result: zones,
-		ResultInfo: ResultInfo{
-			Page:       page,
-			PerPage:    50,
-			TotalPages: (total + 49) / 50,
-			Count:      count,
-			Total:      total,
-		},
-		Response: Response{
-			Success:  true,
-			Errors:   []ResponseInfo{},
-			Messages: []ResponseInfo{},
-		},
-	}
-}
-
-func TestZoneAnalyticsDashboard(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "2015-01-01T12:23:00Z", r.URL.Query().Get("since"))
-		assert.Equal(t, "2015-01-02T12:23:00Z", r.URL.Query().Get("until"))
-		assert.Equal(t, "true", r.URL.Query().Get("continuous"))
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#zone-analytics-properties
-		fmt.Fprintf(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": {
-            "totals": {
-              "since": "2015-01-01T12:23:00Z",
-              "until": "2015-01-02T12:23:00Z",
-              "requests": {
-                "all": 1234085328,
-                "cached": 1234085328,
-                "uncached": 13876154,
-                "content_type": {
-                  "css": 15343,
-                  "html": 1234213,
-                  "javascript": 318236,
-                  "gif": 23178,
-                  "jpeg": 1982048
-                },
-                "country": {
-                  "US": 4181364,
-                  "AG": 37298,
-                  "GI": 293846
-                },
-                "ssl": {
-                  "encrypted": 12978361,
-                  "unencrypted": 781263
-                },
-                "http_status": {
-                  "200": 13496983,
-                  "301": 283,
-                  "400": 187936,
-                  "402": 1828,
-                  "404": 1293
-                }
-              },
-              "bandwidth": {
-                "all": 213867451,
-                "cached": 113205063,
-                "uncached": 113205063,
-                "content_type": {
-                  "css": 237421,
-                  "html": 1231290,
-                  "javascript": 123245,
-                  "gif": 1234242,
-                  "jpeg": 784278
-                },
-                "country": {
-                  "US": 123145433,
-                  "AG": 2342483,
-                  "GI": 984753
-                },
-                "ssl": {
-                  "encrypted": 37592942,
-                  "unencrypted": 237654192
-                }
-              },
-              "threats": {
-                "all": 23423873,
-                "country": {
-                  "US": 123,
-                  "CN": 523423,
-                  "AU": 91
-                },
-                "type": {
-                  "user.ban.ip": 123,
-                  "hot.ban.unknown": 5324,
-                  "macro.chl.captchaErr": 1341,
-                  "macro.chl.jschlErr": 5323
-                }
-              },
-              "pageviews": {
-                "all": 5724723,
-                "search_engines": {
-                  "googlebot": 35272,
-                  "pingdom": 13435,
-                  "bingbot": 5372,
-                  "baidubot": 1345
-                }
-              },
-              "uniques": {
-                "all": 12343
-              }
-            },
-            "timeseries": [
-              {
-                "since": "2015-01-01T12:23:00Z",
-                "until": "2015-01-02T12:23:00Z",
-                "requests": {
-                  "all": 1234085328,
-                  "cached": 1234085328,
-                  "uncached": 13876154,
-                  "content_type": {
-                    "css": 15343,
-                    "html": 1234213,
-                    "javascript": 318236,
-                    "gif": 23178,
-                    "jpeg": 1982048
-                  },
-                  "country": {
-                    "US": 4181364,
-                    "AG": 37298,
-                    "GI": 293846
-                  },
-                  "ssl": {
-                    "encrypted": 12978361,
-                    "unencrypted": 781263
-                  },
-                  "http_status": {
-                    "200": 13496983,
-                    "301": 283,
-                    "400": 187936,
-                    "402": 1828,
-                    "404": 1293
-                  }
-                },
-                "bandwidth": {
-                  "all": 213867451,
-                  "cached": 113205063,
-                  "uncached": 113205063,
-                  "content_type": {
-                    "css": 237421,
-                    "html": 1231290,
-                    "javascript": 123245,
-                    "gif": 1234242,
-                    "jpeg": 784278
-                  },
-                  "country": {
-                    "US": 123145433,
-                    "AG": 2342483,
-                    "GI": 984753
-                  },
-                  "ssl": {
-                    "encrypted": 37592942,
-                    "unencrypted": 237654192
-                  }
-                },
-                "threats": {
-                  "all": 23423873,
-                  "country": {
-                    "US": 123,
-                    "CN": 523423,
-                    "AU": 91
-                  },
-                  "type": {
-                    "user.ban.ip": 123,
-                    "hot.ban.unknown": 5324,
-                    "macro.chl.captchaErr": 1341,
-                    "macro.chl.jschlErr": 5323
-                  }
-                },
-                "pageviews": {
-                  "all": 5724723,
-                  "search_engines": {
-                    "googlebot": 35272,
-                    "pingdom": 13435,
-                    "bingbot": 5372,
-                    "baidubot": 1345
-                  }
-                },
-                "uniques": {
-                  "all": 12343
-                }
-              }
-            ]
-          },
-          "query": {
-            "since": "2015-01-01T12:23:00Z",
-            "until": "2015-01-02T12:23:00Z",
-            "time_delta": 60
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/foo/analytics/dashboard", handler)
-
-	since, _ := time.Parse(time.RFC3339, "2015-01-01T12:23:00Z")
-	until, _ := time.Parse(time.RFC3339, "2015-01-02T12:23:00Z")
-	data := ZoneAnalytics{
-		Since: since,
-		Until: until,
-		Requests: struct {
-			All         int            `json:"all"`
-			Cached      int            `json:"cached"`
-			Uncached    int            `json:"uncached"`
-			ContentType map[string]int `json:"content_type"`
-			Country     map[string]int `json:"country"`
-			SSL         struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			} `json:"ssl"`
-			HTTPStatus map[string]int `json:"http_status"`
-		}{
-			All:      1234085328,
-			Cached:   1234085328,
-			Uncached: 13876154,
-			ContentType: map[string]int{
-				"css":        15343,
-				"html":       1234213,
-				"javascript": 318236,
-				"gif":        23178,
-				"jpeg":       1982048,
-			},
-			Country: map[string]int{
-				"US": 4181364,
-				"AG": 37298,
-				"GI": 293846,
-			},
-			SSL: struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			}{
-				Encrypted:   12978361,
-				Unencrypted: 781263,
-			},
-			HTTPStatus: map[string]int{
-				"200": 13496983,
-				"301": 283,
-				"400": 187936,
-				"402": 1828,
-				"404": 1293,
-			},
-		},
-		Bandwidth: struct {
-			All         int            `json:"all"`
-			Cached      int            `json:"cached"`
-			Uncached    int            `json:"uncached"`
-			ContentType map[string]int `json:"content_type"`
-			Country     map[string]int `json:"country"`
-			SSL         struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			} `json:"ssl"`
-		}{
-			All:      213867451,
-			Cached:   113205063,
-			Uncached: 113205063,
-			ContentType: map[string]int{
-				"css":        237421,
-				"html":       1231290,
-				"javascript": 123245,
-				"gif":        1234242,
-				"jpeg":       784278,
-			},
-			Country: map[string]int{
-				"US": 123145433,
-				"AG": 2342483,
-				"GI": 984753,
-			},
-			SSL: struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			}{
-				Encrypted:   37592942,
-				Unencrypted: 237654192,
-			},
-		},
-		Threats: struct {
-			All     int            `json:"all"`
-			Country map[string]int `json:"country"`
-			Type    map[string]int `json:"type"`
-		}{
-			All: 23423873,
-			Country: map[string]int{
-				"US": 123,
-				"CN": 523423,
-				"AU": 91,
-			},
-			Type: map[string]int{
-				"user.ban.ip":          123,
-				"hot.ban.unknown":      5324,
-				"macro.chl.captchaErr": 1341,
-				"macro.chl.jschlErr":   5323,
-			},
-		},
-		Pageviews: struct {
-			All           int            `json:"all"`
-			SearchEngines map[string]int `json:"search_engines"`
-		}{
-			All: 5724723,
-			SearchEngines: map[string]int{
-				"googlebot": 35272,
-				"pingdom":   13435,
-				"bingbot":   5372,
-				"baidubot":  1345,
-			},
-		},
-		Uniques: struct {
-			All int `json:"all"`
-		}{
-			All: 12343,
-		},
-	}
-	want := ZoneAnalyticsData{
-		Totals:     data,
-		Timeseries: []ZoneAnalytics{data},
-	}
-
-	continuous := true
-	d, err := client.ZoneAnalyticsDashboard(context.Background(), "foo", ZoneAnalyticsOptions{
-		Since:      &since,
-		Until:      &until,
-		Continuous: &continuous,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ZoneAnalyticsDashboard(context.Background(), "bar", ZoneAnalyticsOptions{})
-	assert.Error(t, err)
-}
-
-func TestZoneAnalyticsByColocation(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		assert.Equal(t, "2015-01-01T12:23:00Z", r.URL.Query().Get("since"))
-		assert.Equal(t, "2015-01-02T12:23:00Z", r.URL.Query().Get("until"))
-		assert.Equal(t, "true", r.URL.Query().Get("continuous"))
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#zone-analytics-analytics-by-co-locations
-		fmt.Fprintf(w, `{
-          "success": true,
-          "errors": [],
-          "messages": [],
-          "result": [
-            {
-              "colo_id": "SFO",
-              "timeseries": [
-                {
-                  "since": "2015-01-01T12:23:00Z",
-                  "until": "2015-01-02T12:23:00Z",
-                  "requests": {
-                    "all": 1234085328,
-                    "cached": 1234085328,
-                    "uncached": 13876154,
-                    "content_type": {
-                      "css": 15343,
-                      "html": 1234213,
-                      "javascript": 318236,
-                      "gif": 23178,
-                      "jpeg": 1982048
-                    },
-                    "country": {
-                      "US": 4181364,
-                      "AG": 37298,
-                      "GI": 293846
-                    },
-                    "ssl": {
-                      "encrypted": 12978361,
-                      "unencrypted": 781263
-                    },
-                    "http_status": {
-                      "200": 13496983,
-                      "301": 283,
-                      "400": 187936,
-                      "402": 1828,
-                      "404": 1293
-                    }
-                  },
-                  "bandwidth": {
-                    "all": 213867451,
-                    "cached": 113205063,
-                    "uncached": 113205063,
-                    "content_type": {
-                      "css": 237421,
-                      "html": 1231290,
-                      "javascript": 123245,
-                      "gif": 1234242,
-                      "jpeg": 784278
-                    },
-                    "country": {
-                      "US": 123145433,
-                      "AG": 2342483,
-                      "GI": 984753
-                    },
-                    "ssl": {
-                      "encrypted": 37592942,
-                      "unencrypted": 237654192
-                    }
-                  },
-                  "threats": {
-                    "all": 23423873,
-                    "country": {
-                      "US": 123,
-                      "CN": 523423,
-                      "AU": 91
-                    },
-                    "type": {
-                      "user.ban.ip": 123,
-                      "hot.ban.unknown": 5324,
-                      "macro.chl.captchaErr": 1341,
-                      "macro.chl.jschlErr": 5323
-                    }
-                  },
-                  "pageviews": {
-                    "all": 5724723,
-                    "search_engines": {
-                      "googlebot": 35272,
-                      "pingdom": 13435,
-                      "bingbot": 5372,
-                      "baidubot": 1345
-                    }
-                  },
-                  "uniques": {
-                    "all": 12343
-                  }
-                }
-              ]
-            }
-          ],
-          "query": {
-            "since": "2015-01-01T12:23:00Z",
-            "until": "2015-01-02T12:23:00Z",
-            "time_delta": 60
-          }
-        }`)
-	}
-
-	mux.HandleFunc("/zones/foo/analytics/colos", handler)
-
-	since, _ := time.Parse(time.RFC3339, "2015-01-01T12:23:00Z")
-	until, _ := time.Parse(time.RFC3339, "2015-01-02T12:23:00Z")
-	data := ZoneAnalytics{
-		Since: since,
-		Until: until,
-		Requests: struct {
-			All         int            `json:"all"`
-			Cached      int            `json:"cached"`
-			Uncached    int            `json:"uncached"`
-			ContentType map[string]int `json:"content_type"`
-			Country     map[string]int `json:"country"`
-			SSL         struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			} `json:"ssl"`
-			HTTPStatus map[string]int `json:"http_status"`
-		}{
-			All:      1234085328,
-			Cached:   1234085328,
-			Uncached: 13876154,
-			ContentType: map[string]int{
-				"css":        15343,
-				"html":       1234213,
-				"javascript": 318236,
-				"gif":        23178,
-				"jpeg":       1982048,
-			},
-			Country: map[string]int{
-				"US": 4181364,
-				"AG": 37298,
-				"GI": 293846,
-			},
-			SSL: struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			}{
-				Encrypted:   12978361,
-				Unencrypted: 781263,
-			},
-			HTTPStatus: map[string]int{
-				"200": 13496983,
-				"301": 283,
-				"400": 187936,
-				"402": 1828,
-				"404": 1293,
-			},
-		},
-		Bandwidth: struct {
-			All         int            `json:"all"`
-			Cached      int            `json:"cached"`
-			Uncached    int            `json:"uncached"`
-			ContentType map[string]int `json:"content_type"`
-			Country     map[string]int `json:"country"`
-			SSL         struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			} `json:"ssl"`
-		}{
-			All:      213867451,
-			Cached:   113205063,
-			Uncached: 113205063,
-			ContentType: map[string]int{
-				"css":        237421,
-				"html":       1231290,
-				"javascript": 123245,
-				"gif":        1234242,
-				"jpeg":       784278,
-			},
-			Country: map[string]int{
-				"US": 123145433,
-				"AG": 2342483,
-				"GI": 984753,
-			},
-			SSL: struct {
-				Encrypted   int `json:"encrypted"`
-				Unencrypted int `json:"unencrypted"`
-			}{
-				Encrypted:   37592942,
-				Unencrypted: 237654192,
-			},
-		},
-		Threats: struct {
-			All     int            `json:"all"`
-			Country map[string]int `json:"country"`
-			Type    map[string]int `json:"type"`
-		}{
-			All: 23423873,
-			Country: map[string]int{
-				"US": 123,
-				"CN": 523423,
-				"AU": 91,
-			},
-			Type: map[string]int{
-				"user.ban.ip":          123,
-				"hot.ban.unknown":      5324,
-				"macro.chl.captchaErr": 1341,
-				"macro.chl.jschlErr":   5323,
-			},
-		},
-		Pageviews: struct {
-			All           int            `json:"all"`
-			SearchEngines map[string]int `json:"search_engines"`
-		}{
-			All: 5724723,
-			SearchEngines: map[string]int{
-				"googlebot": 35272,
-				"pingdom":   13435,
-				"bingbot":   5372,
-				"baidubot":  1345,
-			},
-		},
-		Uniques: struct {
-			All int `json:"all"`
-		}{
-			All: 12343,
-		},
-	}
-	want := []ZoneAnalyticsColocation{
-		{
-			ColocationID: "SFO",
-			Timeseries:   []ZoneAnalytics{data},
-		},
-	}
-
-	continuous := true
-	d, err := client.ZoneAnalyticsByColocation(context.Background(), "foo", ZoneAnalyticsOptions{
-		Since:      &since,
-		Until:      &until,
-		Continuous: &continuous,
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, d)
-	}
-
-	_, err = client.ZoneAnalyticsDashboard(context.Background(), "bar", ZoneAnalyticsOptions{})
-	assert.Error(t, err)
-}
-
-func TestWithPagination(t *testing.T) {
-	opt := reqOption{
-		params: url.Values{},
-	}
-	popts := PaginationOptions{
-		Page:    45,
-		PerPage: 500,
-	}
-	of := WithPagination(popts)
-	of(&opt)
-
-	tests := []struct {
-		name     string
-		expected string
-	}{
-		{"page", "45"},
-		{"per_page", "500"},
-	}
-
-	for _, tt := range tests {
-		if got := opt.params.Get(tt.name); got != tt.expected {
-			t.Errorf("expected param %s to be %s, got %s", tt.name, tt.expected, got)
-		}
-	}
-}
-
-func TestZoneFilters(t *testing.T) {
-	opt := reqOption{
-		params: url.Values{},
-	}
-	of := WithZoneFilters("example.org", "", "")
-	of(&opt)
-
-	if got := opt.params.Get("name"); got != "example.org" {
-		t.Errorf("expected param %s to be %s, got %s", "name", "example.org", got)
-	}
-}
-
-var createdAndModifiedOn, _ = time.Parse(time.RFC3339, "2014-01-01T05:20:00.12345Z")
-var expectedFullZoneSetup = Zone{
-	ID:      "023e105f4ecef8ad9ca31a8372d0c353",
-	Name:    "example.com",
-	DevMode: 7200,
-	OriginalNS: []string{
-		"ns1.originaldnshost.com",
-		"ns2.originaldnshost.com",
-	},
-	OriginalRegistrar: "GoDaddy",
-	OriginalDNSHost:   "NameCheap",
-	CreatedOn:         createdAndModifiedOn,
-	ModifiedOn:        createdAndModifiedOn,
-	Owner: Owner{
-		ID:        "7c5dae5552338874e5053f2534d2767a",
-		Email:     "user@example.com",
-		OwnerType: "user",
-	},
-	Account: Account{
-		ID:   "01a7362d577a6c3019a474fd6f485823",
-		Name: "Demo Account",
-	},
-	Permissions: []string{"#zone:read", "#zone:edit"},
-	Plan: ZonePlan{
-		ZonePlanCommon: ZonePlanCommon{
-			ID:        "e592fd9519420ba7405e1307bff33214",
-			Name:      "Pro Plan",
-			Price:     20,
-			Currency:  "USD",
-			Frequency: "monthly",
-		},
-		LegacyID:     "pro",
-		IsSubscribed: true,
-		CanSubscribe: true,
-	},
-	PlanPending: ZonePlan{
-		ZonePlanCommon: ZonePlanCommon{
-			ID:        "e592fd9519420ba7405e1307bff33214",
-			Name:      "Pro Plan",
-			Price:     20,
-			Currency:  "USD",
-			Frequency: "monthly",
-		},
-		LegacyID:     "pro",
-		IsSubscribed: true,
-		CanSubscribe: true,
-	},
-	Status:      "active",
-	Paused:      false,
-	Type:        "full",
-	NameServers: []string{"tony.ns.cloudflare.com", "woz.ns.cloudflare.com"},
-}
-var expectedPartialZoneSetup = Zone{
-	ID:      "023e105f4ecef8ad9ca31a8372d0c353",
-	Name:    "example.com",
-	DevMode: 7200,
-	OriginalNS: []string{
-		"ns1.originaldnshost.com",
-		"ns2.originaldnshost.com",
-	},
-	OriginalRegistrar: "GoDaddy",
-	OriginalDNSHost:   "NameCheap",
-	CreatedOn:         createdAndModifiedOn,
-	ModifiedOn:        createdAndModifiedOn,
-	Owner: Owner{
-		ID:        "7c5dae5552338874e5053f2534d2767a",
-		Email:     "user@example.com",
-		OwnerType: "user",
-	},
-	Account: Account{
-		ID:   "01a7362d577a6c3019a474fd6f485823",
-		Name: "Demo Account",
-	},
-	Permissions: []string{"#zone:read", "#zone:edit"},
-	Plan: ZonePlan{
-		ZonePlanCommon: ZonePlanCommon{
-			ID:        "e592fd9519420ba7405e1307bff33214",
-			Name:      "Pro Plan",
-			Price:     20,
-			Currency:  "USD",
-			Frequency: "monthly",
-		},
-		LegacyID:     "pro",
-		IsSubscribed: true,
-		CanSubscribe: true,
-	},
-	PlanPending: ZonePlan{
-		ZonePlanCommon: ZonePlanCommon{
-			ID:        "e592fd9519420ba7405e1307bff33214",
-			Name:      "Pro Plan",
-			Price:     20,
-			Currency:  "USD",
-			Frequency: "monthly",
-		},
-		LegacyID:     "pro",
-		IsSubscribed: true,
-		CanSubscribe: true,
-	},
-	Status:      "active",
-	Paused:      false,
-	Type:        "partial",
-	NameServers: []string{"tony.ns.cloudflare.com", "woz.ns.cloudflare.com"},
-}
-
-func TestCreateZoneFullSetup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "023e105f4ecef8ad9ca31a8372d0c353",
-				"name": "example.com",
-				"development_mode": 7200,
-				"original_name_servers": [
-					"ns1.originaldnshost.com",
-					"ns2.originaldnshost.com"
-				],
-				"original_registrar": "GoDaddy",
-				"original_dnshost": "NameCheap",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"activated_on": "2014-01-02T00:01:00.12345Z",
-				"owner": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"email": "user@example.com",
-					"type": "user"
-				},
-				"account": {
-					"id": "01a7362d577a6c3019a474fd6f485823",
-					"name": "Demo Account"
-				},
-				"permissions": [
-					"#zone:read",
-					"#zone:edit"
-				],
-				"plan": {
-					"id": "e592fd9519420ba7405e1307bff33214",
-					"name": "Pro Plan",
-					"price": 20,
-					"currency": "USD",
-					"frequency": "monthly",
-					"legacy_id": "pro",
-					"is_subscribed": true,
-					"can_subscribe": true
-				},
-				"plan_pending": {
-					"id": "e592fd9519420ba7405e1307bff33214",
-					"name": "Pro Plan",
-					"price": 20,
-					"currency": "USD",
-					"frequency": "monthly",
-					"legacy_id": "pro",
-					"is_subscribed": true,
-					"can_subscribe": true
-				},
-				"status": "active",
-				"paused": false,
-				"type": "full",
-				"name_servers": [
-					"tony.ns.cloudflare.com",
-					"woz.ns.cloudflare.com"
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones", handler)
-
-	actual, err := client.CreateZone(context.Background(), "example.com", false, Account{ID: "01a7362d577a6c3019a474fd6f485823"}, "full")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedFullZoneSetup, actual)
-	}
-}
-
-func TestCreateZonePartialSetup(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"success": true,
-			"errors": [],
-			"messages": [],
-			"result": {
-				"id": "023e105f4ecef8ad9ca31a8372d0c353",
-				"name": "example.com",
-				"development_mode": 7200,
-				"original_name_servers": [
-					"ns1.originaldnshost.com",
-					"ns2.originaldnshost.com"
-				],
-				"original_registrar": "GoDaddy",
-				"original_dnshost": "NameCheap",
-				"created_on": "2014-01-01T05:20:00.12345Z",
-				"modified_on": "2014-01-01T05:20:00.12345Z",
-				"activated_on": "2014-01-02T00:01:00.12345Z",
-				"owner": {
-					"id": "7c5dae5552338874e5053f2534d2767a",
-					"email": "user@example.com",
-					"type": "user"
-				},
-				"account": {
-					"id": "01a7362d577a6c3019a474fd6f485823",
-					"name": "Demo Account"
-				},
-				"permissions": [
-					"#zone:read",
-					"#zone:edit"
-				],
-				"plan": {
-					"id": "e592fd9519420ba7405e1307bff33214",
-					"name": "Pro Plan",
-					"price": 20,
-					"currency": "USD",
-					"frequency": "monthly",
-					"legacy_id": "pro",
-					"is_subscribed": true,
-					"can_subscribe": true
-				},
-				"plan_pending": {
-					"id": "e592fd9519420ba7405e1307bff33214",
-					"name": "Pro Plan",
-					"price": 20,
-					"currency": "USD",
-					"frequency": "monthly",
-					"legacy_id": "pro",
-					"is_subscribed": true,
-					"can_subscribe": true
-				},
-				"status": "active",
-				"paused": false,
-				"type": "partial",
-				"name_servers": [
-					"tony.ns.cloudflare.com",
-					"woz.ns.cloudflare.com"
-				]
-			}
-		}
-		`)
-	}
-
-	mux.HandleFunc("/zones", handler)
-
-	actual, err := client.CreateZone(context.Background(), "example.com", false, Account{ID: "01a7362d577a6c3019a474fd6f485823"}, "partial")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, expectedPartialZoneSetup, actual)
-	}
-}
-
-func TestFallbackOrigin_FallbackOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-"success": true,
-"errors": [],
-"messages": [],
-"result": {
-    "id": "fallback_origin",
-    "value": "app.example.com",
-    "editable": true
-  }
-}`)
-	})
-
-	fallbackOrigin, err := client.FallbackOrigin(context.Background(), "foo")
-
-	want := FallbackOrigin{
-		ID:    "fallback_origin",
-		Value: "app.example.com",
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, fallbackOrigin)
-	}
-}
-
-func TestFallbackOrigin_UpdateFallbackOrigin(t *testing.T) {
-	setup()
-	defer teardown()
-
-	mux.HandleFunc("/zones/foo/fallback_origin", func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		w.WriteHeader(http.StatusCreated)
-		fmt.Fprintf(w, `
-{
-  "success": true,
-  "errors": [],
-  "messages": [],
-  "result": {
-    "id": "fallback_origin",
-    "value": "app.example.com",
-		"editable": true
-  }
-}`)
-	})
-
-	response, err := client.UpdateFallbackOrigin(context.Background(), "foo", FallbackOrigin{Value: "app.example.com"})
-
-	want := &FallbackOriginResponse{
-		Result: FallbackOrigin{
-			ID:    "fallback_origin",
-			Value: "app.example.com",
-		},
-		Response: Response{Success: true, Errors: []ResponseInfo{}, Messages: []ResponseInfo{}},
-	}
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, response)
-	}
-}
-
-func Test_normalizeZoneName(t *testing.T) {
-	tests := []struct {
-		name     string
-		zone     string
-		expected string
-	}{
-		{
-			name:     "unicode stays unicode",
-			zone:     "ünì¢øðe.tld",
-			expected: "ünì¢øðe.tld",
-		}, {
-			name:     "valid punycode is normalized to unicode",
-			zone:     "xn--ne-7ca90ava1cya.tld",
-			expected: "ünì¢øðe.tld",
-		}, {
-			name:     "valid punycode in second label",
-			zone:     "example.xn--j6w193g",
-			expected: "example.香港",
-		}, {
-			name:     "invalid punycode is returned without change",
-			zone:     "xn-invalid.xn-invalid-tld",
-			expected: "xn-invalid.xn-invalid-tld",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			actual := normalizeZoneName(tt.zone)
-			assert.Equal(t, tt.expected, actual)
-		})
-	}
-}
-
-func TestZonePartialHasVerificationKey(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#zone-zone-details (plus an undocumented field verification_key from curl to API)
-		fmt.Fprintf(w, `{
-  "result": {
-    "id": "foo",
-    "name": "bar",
-    "status": "active",
-    "paused": false,
-    "type": "partial",
-    "development_mode": 0,
-    "verification_key": "foo-bar",
-    "original_name_servers": ["a","b","c","d"],
-    "original_registrar": null,
-    "original_dnshost": null,
-    "modified_on": "2019-09-04T15:11:43.409805Z",
-    "created_on": "2018-12-06T14:33:38.410126Z",
-    "activated_on": "2018-12-06T14:34:39.274528Z",
-    "meta": {
-      "step": 4,
-      "wildcard_proxiable": true,
-      "custom_certificate_quota": 1,
-      "page_rule_quota": 100,
-      "phishing_detected": false,
-      "multiple_railguns_allowed": false
-    },
-    "owner": {
-      "id": "bbbbbbbbbbbbbbbbbbbbbbbb",
-      "type": "organization",
-      "name": "OrgName"
-    },
-    "account": {
-      "id": "aaaaaaaaaaaaaaaaaaaaaaaa",
-      "name": "AccountName"
-    },
-    "permissions": [
-      "#access:edit",
-      "#access:read",
-      "#analytics:read",
-      "#app:edit",
-      "#auditlogs:read",
-      "#billing:read",
-      "#cache_purge:edit",
-      "#dns_records:edit",
-      "#dns_records:read",
-      "#lb:edit",
-      "#lb:read",
-      "#legal:read",
-      "#logs:edit",
-      "#logs:read",
-      "#member:read",
-      "#organization:edit",
-      "#organization:read",
-      "#ssl:edit",
-      "#ssl:read",
-      "#stream:edit",
-      "#stream:read",
-      "#subscription:edit",
-      "#subscription:read",
-      "#waf:edit",
-      "#waf:read",
-      "#webhooks:edit",
-      "#webhooks:read",
-      "#worker:edit",
-      "#worker:read",
-      "#zone:edit",
-      "#zone:read",
-      "#zone_settings:edit",
-      "#zone_settings:read"
-    ],
-    "plan": {
-      "id": "94f3b7b768b0458b56d2cac4fe5ec0f9",
-      "name": "Enterprise Website",
-      "price": 0,
-      "currency": "USD",
-      "frequency": "monthly",
-      "is_subscribed": true,
-      "can_subscribe": true,
-      "legacy_id": "enterprise",
-      "legacy_discount": false,
-      "externally_managed": true
-    }
-  },
-  "success": true,
-  "errors": [],
-  "messages": []
-}`)
-	}
-
-	mux.HandleFunc("/zones/foo", handler)
-
-	z, err := client.ZoneDetails(context.Background(), "foo")
-	if assert.NoError(t, err) {
-		assert.NotEmpty(t, z.VerificationKey)
-		assert.Equal(t, z.VerificationKey, "foo-bar")
-	}
-}
-
-func TestZoneDNSSECSetting(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#dnssec-properties
-		fmt.Fprintf(w, `{
-			"result": {
-				"status": "active",
-				"flags": 257,
-				"algorithm": "13",
-				"key_type": "ECDSAP256SHA256",
-				"digest_type": "2",
-				"digest_algorithm": "SHA256",
-				"digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
-				"ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
-				"key_tag": 42,
-				"public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
-				"modified_on": "2014-01-01T05:20:00Z"
-  			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/foo/dnssec", handler)
-
-	z, err := client.ZoneDNSSECSetting(context.Background(), "foo")
-	if assert.NoError(t, err) {
-		assert.Equal(t, z.Status, "active")
-		assert.Equal(t, z.Flags, 257)
-		assert.Equal(t, z.Algorithm, "13")
-		assert.Equal(t, z.KeyType, "ECDSAP256SHA256")
-		assert.Equal(t, z.DigestType, "2")
-		assert.Equal(t, z.DigestAlgorithm, "SHA256")
-		assert.Equal(t, z.Digest, "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
-		assert.Equal(t, z.DS, "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
-		assert.Equal(t, z.KeyTag, 42)
-		assert.Equal(t, z.PublicKey, "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==")
-		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
-		assert.Equal(t, z.ModifiedOn, time)
-	}
-}
-
-func TestDeleteZoneDNSSEC(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodDelete, r.Method, "Expected method 'DELETE', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#dnssec-properties
-		fmt.Fprintf(w, `{
-			"result": "foo"
-		}`)
-	}
-
-	mux.HandleFunc("/zones/foo/dnssec", handler)
-
-	z, err := client.DeleteZoneDNSSEC(context.Background(), "foo")
-	if assert.NoError(t, err) {
-		assert.Equal(t, z, "foo")
-	}
-}
-
-func TestUpdateZoneDNSSEC(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#dnssec-properties
-		fmt.Fprintf(w, `{
-			"result": {
-				"status": "active",
-				"flags": 257,
-				"algorithm": "13",
-				"key_type": "ECDSAP256SHA256",
-				"digest_type": "2",
-				"digest_algorithm": "SHA256",
-				"digest": "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
-				"ds": "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45",
-				"key_tag": 42,
-				"public_key": "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==",
-				"modified_on": "2014-01-01T05:20:00Z"
-  			}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/foo/dnssec", handler)
-
-	z, err := client.UpdateZoneDNSSEC(context.Background(), "foo", ZoneDNSSECUpdateOptions{
-		Status: "active",
-	})
-	if assert.NoError(t, err) {
-		assert.Equal(t, z.Status, "active")
-		assert.Equal(t, z.Flags, 257)
-		assert.Equal(t, z.Algorithm, "13")
-		assert.Equal(t, z.KeyType, "ECDSAP256SHA256")
-		assert.Equal(t, z.DigestType, "2")
-		assert.Equal(t, z.DigestAlgorithm, "SHA256")
-		assert.Equal(t, z.Digest, "48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
-		assert.Equal(t, z.DS, "example.com. 3600 IN DS 16953 13 2 48E939042E82C22542CB377B580DFDC52A361CEFDC72E7F9107E2B6BD9306A45")
-		assert.Equal(t, z.KeyTag, 42)
-		assert.Equal(t, z.PublicKey, "oXiGYrSTO+LSCJ3mohc8EP+CzF9KxBj8/ydXJ22pKuZP3VAC3/Md/k7xZfz470CoRyZJ6gV6vml07IC3d8xqhA==")
-		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
-		assert.Equal(t, z.ModifiedOn, time)
-	}
-}
-
-func TestZoneSetType(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-			"result": {
-				"type": "partial",
-				"verification_key": "000000000-000000000",
-				"modified_on": "2014-01-01T05:20:00Z"
-				}
-		}`)
-	}
-
-	mux.HandleFunc("/zones/foo", handler)
-
-	z, err := client.ZoneSetType(context.Background(), "foo", "partial")
-	if assert.NoError(t, err) {
-		assert.Equal(t, z.Type, "partial")
-		assert.Equal(t, z.VerificationKey, "000000000-000000000")
-		time, _ := time.Parse("2006-01-02T15:04:05Z", "2014-01-01T05:20:00Z")
-		assert.Equal(t, z.ModifiedOn, time)
-	}
-}
-
-func parsePage(t *testing.T, total int, s string) (int, bool) {
-	if s == "" {
-		return 1, true
-	}
-
-	page, err := strconv.Atoi(s)
-	if !assert.NoError(t, err) {
-		return 0, false
-	}
-
-	if !assert.LessOrEqual(t, page, total) || !assert.GreaterOrEqual(t, page, 1) {
-		return 0, false
-	}
-
-	return page, true
-}
-
-func TestListZones(t *testing.T) {
-	setup()
-	defer teardown()
-
-	const (
-		total     = 392
-		totalPage = (total + 49) / 50
-	)
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		switch {
-		case !assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method):
-			return
-		case !assert.Equal(t, "50", r.URL.Query().Get("per_page")):
-			return
-		}
-
-		page, ok := parsePage(t, totalPage, r.URL.Query().Get("page"))
-		if !ok {
-			return
-		}
-
-		start := (page - 1) * 50
-
-		count := 50
-		if page == totalPage {
-			count = total - start
-		}
-
-		w.Header().Set("content-type", "application/json")
-		err := json.NewEncoder(w).Encode(mockZonesResponse(total, page, start, count))
-		assert.NoError(t, err)
-	}
-
-	mux.HandleFunc("/zones", handler)
-
-	zones, err := client.ListZones(context.Background())
-	if !assert.NoError(t, err) || !assert.Equal(t, total, len(zones)) {
-		return
-	}
-
-	for i, zone := range zones {
-		assert.Equal(t, *mockZone(i), zone)
-	}
-}
-
-func TestListZonesFailingPages(t *testing.T) {
-	setup()
-	defer teardown()
-
-	const (
-		total     = 1489
-		totalPage = (total + 49) / 50
-	)
-
-	// the pages to reject
-	isReject := func(i int) bool { return i == 4 || i == 7 }
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		switch {
-		case !assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method):
-			return
-		case !assert.Equal(t, "50", r.URL.Query().Get("per_page")):
-			return
-		}
-
-		page, ok := parsePage(t, totalPage, r.URL.Query().Get("page"))
-		switch {
-		case !ok:
-			return
-		case isReject(page):
-			return
-		}
-
-		start := (page - 1) * 50
-
-		count := 50
-		if page == totalPage {
-			count = total - start
-		}
-
-		w.Header().Set("content-type", "application/json")
-		err := json.NewEncoder(w).Encode(mockZonesResponse(total, page, start, count))
-		assert.NoError(t, err)
-	}
-
-	mux.HandleFunc("/zones", handler)
-
-	_, err := client.ListZones(context.Background())
-	assert.Error(t, err)
-}
-
-func TestListZonesContextManualPagination1(t *testing.T) {
-	_, err := client.ListZonesContext(context.Background(), WithPagination(PaginationOptions{Page: 2}))
-	assert.EqualError(t, err, errManualPagination)
-}
-
-func TestListZonesContextManualPagination2(t *testing.T) {
-	_, err := client.ListZonesContext(context.Background(), WithPagination(PaginationOptions{PerPage: 30}))
-	assert.EqualError(t, err, errManualPagination)
-}
-
-func TestUpdateZoneSSLSettings(t *testing.T) {
-	setup()
-	defer teardown()
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		// JSON data from: https://api.cloudflare.com/#zone-settings-properties
-		_, _ = fmt.Fprintf(w, `{
-			"result": {
-				"id": "ssl",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/foo/settings/ssl", handler)
-	s, err := client.UpdateZoneSSLSettings(context.Background(), "foo", "off")
-	if assert.NoError(t, err) {
-		assert.Equal(t, s.ID, "ssl")
-		assert.Equal(t, s.Value, "off")
-		assert.Equal(t, s.Editable, true)
-		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
-	}
-}
-
-func TestGetZoneSetting(t *testing.T) {
-	setup()
-	defer teardown()
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, _ = fmt.Fprintf(w, `{
-			"result": {
-				"id": "ssl",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/foo/settings/ssl", handler)
-	s, err := client.GetZoneSetting(context.Background(), ZoneIdentifier("foo"), GetZoneSettingParams{Name: "ssl"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, s.ID, "ssl")
-		assert.Equal(t, s.Value, "off")
-		assert.Equal(t, s.Editable, true)
-		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
-	}
-}
-
-func TestGetZoneSettingWithCustomPathPrefix(t *testing.T) {
-	setup()
-	defer teardown()
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, _ = fmt.Fprintf(w, `{
-			"result": {
-				"id": "ssl",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/foo/my_custom_path/ssl", handler)
-	s, err := client.GetZoneSetting(context.Background(), ZoneIdentifier("foo"), GetZoneSettingParams{Name: "ssl", PathPrefix: "my_custom_path"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, s.ID, "ssl")
-		assert.Equal(t, s.Value, "off")
-		assert.Equal(t, s.Editable, true)
-		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
-	}
-}
-
-func TestUpdateZoneSetting(t *testing.T) {
-	setup()
-	defer teardown()
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, _ = fmt.Fprintf(w, `{
-			"result": {
-				"id": "ssl",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/foo/settings/ssl", handler)
-	s, err := client.UpdateZoneSetting(context.Background(), ZoneIdentifier("foo"), UpdateZoneSettingParams{Name: "ssl", Value: "off"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, s.ID, "ssl")
-		assert.Equal(t, s.Value, "off")
-		assert.Equal(t, s.Editable, true)
-		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
-	}
-}
-
-func TestUpdateZoneSettingWithCustomPathPrefix(t *testing.T) {
-	setup()
-	defer teardown()
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPatch, r.Method, "Expected method 'PATCH', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		_, _ = fmt.Fprintf(w, `{
-			"result": {
-				"id": "ssl",
-				"value": "off",
-				"editable": true,
-				"modified_on": "2014-01-01T05:20:00.12345Z"
-			}
-		}`)
-	}
-	mux.HandleFunc("/zones/foo/my_custom_path/ssl", handler)
-	s, err := client.UpdateZoneSetting(context.Background(), ZoneIdentifier("foo"), UpdateZoneSettingParams{Name: "ssl", PathPrefix: "my_custom_path", Value: "off"})
-	if assert.NoError(t, err) {
-		assert.Equal(t, s.ID, "ssl")
-		assert.Equal(t, s.Value, "off")
-		assert.Equal(t, s.Editable, true)
-		assert.Equal(t, s.ModifiedOn, "2014-01-01T05:20:00.12345Z")
-	}
-}
diff --git a/pkg/cloudflare-go/zones.go b/pkg/cloudflare-go/zones.go
deleted file mode 100644
index 82ddd6c253..0000000000
--- a/pkg/cloudflare-go/zones.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/goccy/go-json"
-)
-
-const defaultZonesPerPage = 100
-
-type ZonesService service
-
-type ZoneCreateParams struct {
-	Name      string   `json:"name"`
-	JumpStart bool     `json:"jump_start"`
-	Type      string   `json:"type"`
-	Account   *Account `json:"organization,omitempty"`
-}
-
-type ZoneListParams struct {
-	Match       string `url:"match,omitempty"`
-	Name        string `url:"name,omitempty"`
-	AccountName string `url:"account.name,omitempty"`
-	Status      string `url:"status,omitempty"`
-	AccountID   string `url:"account.id,omitempty"`
-	Direction   string `url:"direction,omitempty"`
-
-	ResultInfo // Rename `ResultInfo` in the next major version.
-}
-
-type ZoneUpdateParams struct {
-	ID                string
-	Paused            *bool    `json:"paused"`
-	VanityNameServers []string `json:"vanity_name_servers,omitempty"`
-	Plan              ZonePlan `json:"plan,omitempty"`
-	Type              string   `json:"type,omitempty"`
-}
-
-// New creates a new zone.
-//
-// API reference: https://api.cloudflare.com/#zone-zone-details
-func (s *ZonesService) New(ctx context.Context, zone *ZoneCreateParams) (Zone, error) {
-	res, err := s.client.post(ctx, "/zones", zone)
-	if err != nil {
-		return Zone{}, err
-	}
-
-	var r ZoneResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-	}
-
-	return r.Result, nil
-}
-
-// Get fetches a single zone.
-//
-// API reference: https://api.cloudflare.com/#zone-zone-details
-func (s *ZonesService) Get(ctx context.Context, rc *ResourceContainer) (Zone, error) {
-	uri := fmt.Sprintf("/zones/%s", rc.Identifier)
-	res, err := s.client.get(ctx, uri, nil)
-	if err != nil {
-		return Zone{}, fmt.Errorf("failed to fetch zones: %w", err)
-	}
-
-	var r ZoneResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-	}
-
-	return r.Result, nil
-}
-
-// List returns all zones that match the provided `ZoneParams` struct.
-//
-// Pagination is automatically handled unless `params.Page` is supplied.
-//
-// API reference: https://api.cloudflare.com/#zone-list-zones
-func (s *ZonesService) List(ctx context.Context, params *ZoneListParams) ([]Zone, *ResultInfo, error) {
-	res, _ := s.client.get(ctx, buildURI("/zones", params), nil)
-
-	var r ZonesResponse
-	err := json.Unmarshal(res, &r)
-	if err != nil {
-		return []Zone{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-	}
-
-	if params.Page < 1 && params.PerPage < 1 {
-		var zones []Zone
-		params.PerPage = defaultZonesPerPage
-		params.Page = 1
-		for !params.ResultInfo.Done() {
-			res, _ := s.client.get(ctx, buildURI("/zones", params), nil)
-
-			var zResponse ZonesResponse
-			err := json.Unmarshal(res, &zResponse)
-			if err != nil {
-				return []Zone{}, &ResultInfo{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-			}
-
-			zones = append(zones, zResponse.Result...)
-
-			params.ResultInfo = zResponse.ResultInfo.Next()
-		}
-		r.Result = zones
-	}
-
-	return r.Result, &r.ResultInfo, nil
-}
-
-// Update modifies an existing zone.
-//
-// API reference: https://api.cloudflare.com/#zone-edit-zone
-func (s *ZonesService) Update(ctx context.Context, params *ZoneUpdateParams) ([]Zone, error) {
-	uri := fmt.Sprintf("/zones/%s", params.ID)
-	res, _ := s.client.patch(ctx, uri, params)
-
-	var r ZonesResponse
-	err := json.Unmarshal(res, &r)
-	if err != nil {
-		return []Zone{}, fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-	}
-
-	return r.Result, nil
-}
-
-// Delete deletes a zone based on ID.
-//
-// API reference: https://api.cloudflare.com/#zone-delete-zone
-func (s *ZonesService) Delete(ctx context.Context, rc *ResourceContainer) error {
-	uri := fmt.Sprintf("/zones/%s", rc.Identifier)
-	res, _ := s.client.delete(ctx, uri, nil)
-
-	var r ZoneResponse
-	err := json.Unmarshal(res, &r)
-	if err != nil {
-		return fmt.Errorf("failed to unmarshal zone JSON data: %w", err)
-	}
-
-	return nil
-}
diff --git a/pkg/cloudflare-go/zt_risk_behaviors.go b/pkg/cloudflare-go/zt_risk_behaviors.go
deleted file mode 100644
index 370e3c3ed6..0000000000
--- a/pkg/cloudflare-go/zt_risk_behaviors.go
+++ /dev/null
@@ -1,126 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"strings"
-
-	"github.com/goccy/go-json"
-)
-
-// Behavior represents a single zt risk behavior config.
-type Behavior struct {
-	Name        string    `json:"name,omitempty"`
-	Description string    `json:"description,omitempty"`
-	RiskLevel   RiskLevel `json:"risk_level"`
-	Enabled     *bool     `json:"enabled"`
-}
-
-// Wrapper used to have full-fidelity repro of json structure.
-type Behaviors struct {
-	Behaviors map[string]Behavior `json:"behaviors"`
-}
-
-// BehaviorResponse represents the response from the zt risk scoring endpoint
-// and contains risk behaviors for an account.
-type BehaviorResponse struct {
-	Success  bool      `json:"success"`
-	Result   Behaviors `json:"result"`
-	Errors   []string  `json:"errors"`
-	Messages []string  `json:"messages"`
-}
-
-// Behaviors returns all zero trust risk scoring behaviors for the provided account
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-get-behaviors
-func (api *API) Behaviors(ctx context.Context, accountID string) (Behaviors, error) {
-	uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodGet, uri, nil)
-	if err != nil {
-		return Behaviors{}, err
-	}
-
-	var r BehaviorResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-	return r.Result, nil
-}
-
-// UpdateBehaviors returns all zero trust risk scoring behaviors for the provided account
-// NOTE: description/name updates are no-ops, risk_level [low medium high] and enabled [true/false] results in modifications
-//
-// API reference: https://developers.cloudflare.com/api/operations/dlp-zt-risk-score-put-behaviors
-func (api *API) UpdateBehaviors(ctx context.Context, accountID string, behaviors Behaviors) (Behaviors, error) {
-	uri := fmt.Sprintf("/accounts/%s/zt_risk_scoring/behaviors", accountID)
-
-	res, err := api.makeRequestContext(ctx, http.MethodPut, uri, behaviors)
-	if err != nil {
-		return Behaviors{}, err
-	}
-
-	var r BehaviorResponse
-	err = json.Unmarshal(res, &r)
-	if err != nil {
-		return Behaviors{}, fmt.Errorf("%s: %w", errUnmarshalError, err)
-	}
-
-	return r.Result, nil
-}
-
-type RiskLevel int
-
-const (
-	_ RiskLevel = iota
-	Low
-	Medium
-	High
-)
-
-func (p RiskLevel) MarshalJSON() ([]byte, error) {
-	return json.Marshal(p.String())
-}
-
-func (p RiskLevel) String() string {
-	return [...]string{"low", "medium", "high"}[p-1]
-}
-
-func (p *RiskLevel) UnmarshalJSON(data []byte) error {
-	var (
-		s   string
-		err error
-	)
-	err = json.Unmarshal(data, &s)
-	if err != nil {
-		return err
-	}
-	v, err := RiskLevelFromString(s)
-	if err != nil {
-		return err
-	}
-	*p = *v
-	return nil
-}
-
-func RiskLevelFromString(s string) (*RiskLevel, error) {
-	s = strings.ToLower(s)
-	var v RiskLevel
-	switch s {
-	case "low":
-		v = Low
-	case "medium":
-		v = Medium
-	case "high":
-		v = High
-	default:
-		return nil, fmt.Errorf("unknown variant for risk level: %s", s)
-	}
-	return &v, nil
-}
-
-func (p RiskLevel) IntoRef() *RiskLevel {
-	return &p
-}
diff --git a/pkg/cloudflare-go/zt_risk_behaviors_test.go b/pkg/cloudflare-go/zt_risk_behaviors_test.go
deleted file mode 100644
index 2ed6cfa26f..0000000000
--- a/pkg/cloudflare-go/zt_risk_behaviors_test.go
+++ /dev/null
@@ -1,159 +0,0 @@
-package cloudflare
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-var (
-	expectedBehaviors = Behaviors{
-		Behaviors: map[string]Behavior{
-			"high_dlp": {
-				Name:        "High Number of DLP Policies Triggered",
-				Description: "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
-				RiskLevel:   Low,
-				Enabled:     BoolPtr(true),
-			},
-			"imp_travel": {
-				Name:        "Impossible Travel",
-				Description: "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
-				RiskLevel:   High,
-				Enabled:     BoolPtr(false),
-			},
-		},
-	}
-
-	updateBehaviors = Behaviors{
-		Behaviors: map[string]Behavior{
-			"high_dlp": {
-				RiskLevel: Low,
-				Enabled:   BoolPtr(true),
-			},
-			"imp_travel": {
-				RiskLevel: High,
-				Enabled:   BoolPtr(false),
-			},
-		},
-	}
-)
-
-func TestBehaviors(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodGet, r.Method, "Expected method 'GET', got %s", r.Method)
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-				"result": {
-					"behaviors": {
-						"high_dlp": {
-							"name": "High Number of DLP Policies Triggered",
-							"description": "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
-							"risk_level": "low",
-							"enabled":true
-						},
-						"imp_travel": {
-							"name": "Impossible Travel",
-							"description": "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
-							"risk_level": "high",
-							"enabled": false
-						}
-					}
-				},
-				"success": true,
-				"errors": [],
-				"messages": []
-			}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/zt_risk_scoring/behaviors", handler)
-	want := expectedBehaviors
-
-	actual, err := client.Behaviors(context.Background(), "01a7362d577a6c3019a474fd6f485823")
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestUpdateBehaviors(t *testing.T) {
-	setup()
-	defer teardown()
-
-	handler := func(w http.ResponseWriter, r *http.Request) {
-		assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
-		b, err := io.ReadAll(r.Body)
-		defer r.Body.Close()
-
-		if assert.NoError(t, err) {
-			assert.JSONEq(t, `{
-					"behaviors": {
-						"high_dlp": {
-							"risk_level": "low",
-							"enabled":true
-						},
-						"imp_travel": {
-							"risk_level": "high",
-							"enabled": false
-						}
-					}
-				}`, string(b), "JSON payload not equal")
-		}
-
-		w.Header().Set("content-type", "application/json")
-		fmt.Fprintf(w, `{
-				"result": {
-					"behaviors": {
-						"high_dlp": {
-							"name": "High Number of DLP Policies Triggered",
-							"description": "User has triggered an active DLP profile in a Gateway policy fifteen times or more within one minute.",
-							"risk_level": "low",
-							"enabled":true
-						},
-						"imp_travel": {
-							"name": "Impossible Travel",
-							"description": "A user had a successful Access application log in from two locations that they could not have traveled to in that period of time.",
-							"risk_level": "high",
-							"enabled": false
-						}
-					}
-				},
-				"success": true,
-				"errors": [],
-				"messages": []
-			}`)
-	}
-
-	mux.HandleFunc("/accounts/01a7362d577a6c3019a474fd6f485823/zt_risk_scoring/behaviors", handler)
-
-	want := expectedBehaviors
-	actual, err := client.UpdateBehaviors(context.Background(), "01a7362d577a6c3019a474fd6f485823", updateBehaviors)
-
-	if assert.NoError(t, err) {
-		assert.Equal(t, want, actual)
-	}
-}
-
-func TestRiskLevelFromString(t *testing.T) {
-	got, _ := RiskLevelFromString("high")
-	want := High
-
-	if *got != want {
-		t.Errorf("got %#v, wanted %#v", *got, want)
-	}
-}
-
-func TestStringFromRiskLevel(t *testing.T) {
-	got := fmt.Sprint(High)
-	want := "high"
-
-	if got != want {
-		t.Errorf("got %#v, wanted %#v", got, want)
-	}
-}
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 6280c2393b..4a81ca8805 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -388,7 +388,10 @@ func (c *cloudflareProvider) deleteSingleRedirects(domainID string, cfr models.C
 	// }
 	//printer.Printf("DEBUG: CALLING API DeleteRulesetRule: SRRRulesetID=%v, cfr.SRRRulesetRuleID=%v\n", cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
 
-	err := c.cfClient.DeleteRulesetRule(context.Background(), cloudflare.ZoneIdentifier(domainID), cfr.SRRRulesetID, cfr.SRRRulesetRuleID)
+	err := c.cfClient.DeleteRulesetRule(context.Background(), cloudflare.ZoneIdentifier(domainID), cloudflare.DeleteRulesetRuleParams{
+		RulesetID:     cfr.SRRRulesetID,
+		RulesetRuleID: cfr.SRRRulesetRuleID},
+	)
 	// NB(tlim): Yuck. This returns an error even when it is successful. Dig into the JSON for the real status.
 	if strings.Contains(err.Error(), `"success": true,`) {
 		return nil

From e8eca6a31e2c641d5d39bbf32f7ff642c4c317e2 Mon Sep 17 00:00:00 2001
From: Hui Hui <github@huihui.contact>
Date: Thu, 15 Aug 2024 20:53:45 +0800
Subject: [PATCH 332/438] HUAWEICLOUD: Document DNSSEC capability and improve
 docs, reliability (#3084)

---
 documentation/provider/huaweicloud.md        | 4 ++--
 documentation/providers.md                   | 2 +-
 providers/huaweicloud/convert.go             | 1 +
 providers/huaweicloud/huaweicloudProvider.go | 6 +++---
 providers/huaweicloud/records.go             | 3 ---
 5 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/documentation/provider/huaweicloud.md b/documentation/provider/huaweicloud.md
index f351a2e8fd..a67346f420 100644
--- a/documentation/provider/huaweicloud.md
+++ b/documentation/provider/huaweicloud.md
@@ -42,7 +42,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_HWCLOUD),
     A("test", "223.5.5.5", {hw_line: "CN"}), // GEODNS
     A("test", "223.6.6.6", {hw_line: "CN", hw_weight: "10"}), // GEODNS with weight
 
-    // this example will create 3 rrsets with the same name "lb"
+    // this example will create 3 rrsets with the same name "rr-lb"
     A("rr-lb", "10.0.0.1", {hw_weight: "10", hw_rrset_key: "lb-zone-a"}),
     A("rr-lb", "10.0.0.2", {hw_weight: "10", hw_rrset_key: "lb-zone-a"}),
     A("rr-lb", "10.0.1.1", {hw_weight: "10", hw_rrset_key: "lb-zone-b"}),
@@ -95,7 +95,7 @@ The minimum permissions required are as follows:
 }
 ```
 
-To determine the `Region` parameter, refer to the [endpoint page of huaweicloud](https://developer.huaweicloud.com/intl/en-us/endpoint?DNS). For example, on the international site, the `Region` name `ap-southeast-1` is known to work.
+To determine the `Region` parameter, refer to the [endpoint page of huaweicloud](https://console-intl.huaweicloud.com/apiexplorer/#/endpoint/DNS). For example, on the international site, the `Region` name `ap-southeast-1` is known to work.
 
 If that doesn't work, log into Huaweicloud's website and open the [API Explorer](https://console-intl.huaweicloud.com/apiexplorer/#/openapi/DNS/debug?api=ListPublicZones), find the `ListPublicZones` API, select a different Region and click Debug to try and find your Region.
 
diff --git a/documentation/providers.md b/documentation/providers.md
index d0c569911a..7cb5550f9b 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -40,7 +40,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
 | [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HUAWEICLOUD`](provider/huaweicloud.md) | ❌ | ✅ | ❌ | ❔ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HUAWEICLOUD`](provider/huaweicloud.md) | ❌ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`INTERNETBS`](provider/internetbs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`INWX`](provider/inwx.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`LINODE`](provider/linode.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
diff --git a/providers/huaweicloud/convert.go b/providers/huaweicloud/convert.go
index 11f2926ea5..e577b0ce59 100644
--- a/providers/huaweicloud/convert.go
+++ b/providers/huaweicloud/convert.go
@@ -22,6 +22,7 @@ func getRRSetIDFromRecords(rcs models.Records) []string {
 		}
 		ids = append(ids, *r.Original.(*model.ShowRecordSetByZoneResp).Id)
 	}
+	slices.Sort(ids)
 	return slices.Compact(ids)
 }
 
diff --git a/providers/huaweicloud/huaweicloudProvider.go b/providers/huaweicloud/huaweicloudProvider.go
index 11c3eba82f..42f0d7b16a 100644
--- a/providers/huaweicloud/huaweicloudProvider.go
+++ b/providers/huaweicloud/huaweicloudProvider.go
@@ -28,9 +28,9 @@ Info required in `creds.json`:
 
 Record level metadata available:
    - hw_line (refer below Huawei Cloud DNS API documentation for available lines, default "default_view")
-	 					 (https://support.huaweicloud.com/intl/en-us/api-dns/en-us_topic_0085546214.html)
+             (https://support.huaweicloud.com/intl/en-us/api-dns/en-us_topic_0085546214.html)
    - hw_weight (0-1000, default "1")
-	 - hw_rrset_key (default "")
+   - hw_rrset_key (default "")
 
 */
 
@@ -82,7 +82,7 @@ func newHuaweicloud(m map[string]string, metadata json.RawMessage) (providers.DN
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
-	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanAutoDNSSEC:          providers.Unimplemented("No public api provided, but can be turned on manually in the console."),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
diff --git a/providers/huaweicloud/records.go b/providers/huaweicloud/records.go
index 354c3de7e0..5b1a6f3279 100644
--- a/providers/huaweicloud/records.go
+++ b/providers/huaweicloud/records.go
@@ -143,9 +143,6 @@ func collectRecordsByLineAndWeightAndKey(records models.Records) map[string]mode
 		weight := rec.Metadata[metaWeight]
 		rrsetKey := rec.Metadata[metaKey]
 		key := weight + "," + line + "," + rrsetKey
-		if _, ok := recordsByLineAndWeight[key]; !ok {
-			recordsByLineAndWeight[key] = models.Records{}
-		}
 		recordsByLineAndWeight[key] = append(recordsByLineAndWeight[key], rec)
 	}
 	return recordsByLineAndWeight

From 864d45290fea4958449e5520d182d91bf23088ad Mon Sep 17 00:00:00 2001
From: Takashi Takizawa <taki@cyber.email.ne.jp>
Date: Wed, 21 Aug 2024 22:14:56 +0900
Subject: [PATCH 333/438] NEW PROVIDER: Sakura Cloud (SAKURACLOUD) (#3086)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .goreleaser.yml                              |   2 +-
 OWNERS                                       |   1 +
 README.md                                    |   1 +
 documentation/SUMMARY.md                     |   1 +
 documentation/provider/sakuracloud.md        |  95 ++++
 documentation/providers.md                   |   2 +
 integrationTest/providers.json               |   6 +
 providers/_all/all.go                        |   1 +
 providers/sakuracloud/api.go                 | 486 +++++++++++++++++++
 providers/sakuracloud/auditrecords.go        |  93 ++++
 providers/sakuracloud/convert.go             |  47 ++
 providers/sakuracloud/listzones.go           |  32 ++
 providers/sakuracloud/records.go             |  91 ++++
 providers/sakuracloud/sakuracloudProvider.go | 108 +++++
 14 files changed, 965 insertions(+), 1 deletion(-)
 create mode 100644 documentation/provider/sakuracloud.md
 create mode 100644 providers/sakuracloud/api.go
 create mode 100644 providers/sakuracloud/auditrecords.go
 create mode 100644 providers/sakuracloud/convert.go
 create mode 100644 providers/sakuracloud/listzones.go
 create mode 100644 providers/sakuracloud/records.go
 create mode 100644 providers/sakuracloud/sakuracloudProvider.go

diff --git a/.goreleaser.yml b/.goreleaser.yml
index c24e4b9a92..2a78882318 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -39,7 +39,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|huaweicloud|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|huaweicloud|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|sakuracloud|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/OWNERS b/OWNERS
index 3a2c3403a4..214b2a48f9 100644
--- a/OWNERS
+++ b/OWNERS
@@ -46,6 +46,7 @@ providers/powerdns @jpbede
 providers/realtimeregister @PJEilers
 providers/route53 @tresni
 providers/rwth @mistererwin
+providers/sakuracloud @ttkzw
 # providers/softlayer NEEDS VOLUNTEER
 providers/transip @blackshadev
 providers/vultr @pgaskin
diff --git a/README.md b/README.md
index 0a1bc05893..b1e962ac2b 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,7 @@ Currently supported DNS providers:
 - PowerDNS
 - Realtime Register
 - RWTH DNS-Admin
+- Sakura Cloud
 - SoftLayer
 - TransIP
 - Vultr
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index f96c362273..efa9cdd8bc 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -150,6 +150,7 @@
 * [PowerDNS](provider/powerdns.md)
 * [Realtime Register](provider/realtimeregister.md)
 * [RWTH DNS-Admin](provider/rwth.md)
+* [Sakura Cloud](provider/sakuracloud.md)
 * [SoftLayer DNS](provider/softlayer.md)
 * [TransIP](provider/transip.md)
 * [Vultr](provider/vultr.md)
diff --git a/documentation/provider/sakuracloud.md b/documentation/provider/sakuracloud.md
new file mode 100644
index 0000000000..275649a9a7
--- /dev/null
+++ b/documentation/provider/sakuracloud.md
@@ -0,0 +1,95 @@
+This is the provider for [Sakura Cloud](https://cloud.sakura.ad.jp/).
+
+## Configuration
+To use this provider, add an entry to `creds.json` with `TYPE` set to `SAKURACLOUD`
+along with API credentials.
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "sakuracloud": {
+    "TYPE": "SAKURACLOUD",
+    "access_token": "your-access-token",
+    "access_token_secret": "your-access-token-secret"
+  }
+}
+```
+{% endcode %}
+
+The `endpoint` is optional. If omitted, the default endpoint is assumed.
+
+Endpoints are as follows:
+
+* `https://secure.sakura.ad.jp/cloud/zone/is1a/api/cloud/1.1` (Ishikari first Zone)
+* `https://secure.sakura.ad.jp/cloud/zone/is1b/api/cloud/1.1` (Ishikari second Zone)
+* `https://secure.sakura.ad.jp/cloud/zone/tk1a/api/cloud/1.1` (Tokyo first Zone)
+* `https://secure.sakura.ad.jp/cloud/zone/tk1b/api/cloud/1.1` (Tokyo second Zone)
+
+DNS service is independent of zones, so you can use any of these endpoints.
+The default is the Ishikari first Zone.
+
+Alternatively you can also use environment variables.
+
+```shell
+export SAKURACLOUD_ACCESS_TOKEN="your-access-token"
+export SAKURACLOUD_ACCESS_TOKEN_SECRET="your-access-token-secret"
+```
+
+{% code title="creds.json" %}
+```json
+{
+  "sakuracloud": {
+    "TYPE": "SAKURACLOUD",
+    "access_token": "$SAKURACLOUD_ACCESS_TOKEN",
+    "access_token_secret": "$SAKURACLOUD_ACCESS_TOKEN_SECRET"
+  }
+}
+```
+{% endcode %}
+
+## Metadata
+This provider does not recognize any special metadata fields unique to
+Sakura Cloud.
+
+## Usage
+An example configuration:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_SAKURACLOUD = NewDnsProvider("sakuracloud");
+
+D("example.com", REG_NONE, DnsProvider(DSP_SAKURACLOUD),
+  A("test", "192.0.2.1"),
+END);
+```
+{% endcode %}
+
+`NAMESERVER` does not need to be set as the name servers for the
+Sakura Cloud provider cannot be changed.
+
+`SOA` cannot be set as SOA record of Sakura Cloud provider cannot be changed.
+
+## Activation
+Sakura Cloud depends on an [API Key](https://manual.sakura.ad.jp/cloud/api/apikey.html).
+
+When creating an API key, select "can modify settings" as "Access level".
+if you plan to create zones, select "can create and delete resources" as
+"Access level".
+None of the options in the "Allow access to other services" field need
+to be checked.
+
+## Caveats
+The limitations of the Sakura Cloud DNS service are described in [the DNS manual](https://manual.sakura.ad.jp/cloud/appliance/dns/index.html), which is written in Japanese.
+
+The limitations not described in that manual are:
+
+* "Null MX", RFC 7505, is not supported.
+* SRV records with a Target of "." are not supported.
+* SRV records with Port "0" are not supported.
+* CAA records with a property value longer than 64 bytes are not allowed.
+* Owner names and RDATA targets containing the following labels are not allowed:
+    * example
+    * exampleN, where N is a numerical character
diff --git a/documentation/providers.md b/documentation/providers.md
index 7cb5550f9b..91358cda28 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -62,6 +62,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`RWTH`](provider/rwth.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`SAKURACLOUD`](provider/sakuracloud.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
 | [`SOFTLAYER`](provider/softlayer.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`TRANSIP`](provider/transip.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ |
 | [`VULTR`](provider/vultr.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
@@ -149,6 +150,7 @@ Providers in this category and their maintainers are:
 |[`REALTIMEREGISTER`](provider/realtimeregister.md)|@PJEilers|
 |[`ROUTE53`](provider/route53.md)|@tresni|
 |[`RWTH`](provider/rwth.md)|@MisterErwin|
+|[`SAKURACLOUD`](provider/sakuracloud.md)|@ttkzw|
 |[`SOFTLAYER`](provider/softlayer.md)|@jamielennox|
 |[`TRANSIP`](provider/transip.md)|@blackshadev|
 |[`VULTR`](provider/vultr.md)|@pgaskin|
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index cf2550512f..f4e50ce549 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -279,6 +279,12 @@
     "TYPE": "ROUTE53",
     "domain": "$ROUTE53_DOMAIN"
   },
+  "SAKURACLOUD": {
+    "TYPE": "SAKURACLOUD",
+    "access_token": "$SAKURACLOUD_ACCESS_TOKEN",
+    "access_token_secret": "$SAKURACLOUD_ACCESS_TOKEN_SECRET",
+    "domain": "$SAKURACLOUD_DOMAIN"
+  },
   "SOFTLAYER": {
     "TYPE": "SOFTLAYER",
     "api_key": "$SL_API_KEY",
diff --git a/providers/_all/all.go b/providers/_all/all.go
index 9b99d6ed51..e8a8775b0c 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -51,6 +51,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/realtimeregister"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/route53"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/rwth"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/sakuracloud"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/softlayer"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/transip"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/vultr"
diff --git a/providers/sakuracloud/api.go b/providers/sakuracloud/api.go
new file mode 100644
index 0000000000..4fe0aa806a
--- /dev/null
+++ b/providers/sakuracloud/api.go
@@ -0,0 +1,486 @@
+// NOTE: As the API documentation of Sakura Cloud is written in Japanese
+// and lacks further explanation, we have described the API data structures
+// in English in the structure comments.
+//
+// - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/index.html
+
+package sakuracloud
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"html"
+	"io"
+	"net/http"
+	"net/url"
+	"time"
+)
+
+// requestCommonServiceItem is the body structure of the request to create a zone or update zone data.
+//
+// Zone creation:
+//
+//	POST /commonserviceitem
+//
+//	{
+//	  "CommonServiceItem": {
+//	    "Name": "example.com",
+//	    "Status": {
+//	      "Zone": "example.com"
+//	    },
+//	    "Settings": {
+//	      "DNS": {
+//	        "ResourceRecordSets": []
+//	      }
+//	    },
+//	    "Provider": {
+//	      "Class": "dns"
+//	    },
+//	  }
+//	}
+//
+// Zone update:
+//
+//	PUT /commonserviceitem/:commonserviceitemid
+//
+//	{
+//	  "CommonServiceItem": {
+//	    "Settings": {
+//	      "DNS": {
+//	        "ResourceRecordSets": [
+//	          {
+//	            "Name": "a",
+//	            "Type": "A",
+//	            "RData": "192.0.2.1",
+//	            "TTL": 600
+//	          },
+//	          ...
+//	        ]
+//	      }
+//	    }
+//	  }
+//	}
+//
+// Reference:
+//
+//   - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/#post_commonserviceitem
+//   - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/#put_commonserviceitem_commonserviceitemid
+type requestCommonServiceItem struct {
+	CommonServiceItem commonServiceItem `json:"CommonServiceItem"`
+}
+
+// responseCommonServiceItems is the body structure of the success response to get a list of zones.
+//
+// Request:
+//
+//	GET /commonserviceitem
+//
+// Response body structure:
+//
+//	{
+//	  "From": 0,
+//	  "Count": 1,
+//	  "Total": 1,
+//	  "CommonServiceItems": [
+//	    {
+//	      "Index": 0,
+//	      "ID": "999999999999",
+//	      "Name": "example.com",
+//	      "Description": "",
+//	      "Settings": {
+//	        "DNS": {
+//	          "ResourceRecordSets": [
+//	            {
+//	              "Name": "a",
+//	              "Type": "A",
+//	              "RData": "192.0.2.1",
+//	              "TTL": 600
+//	            },
+//	            ...
+//	          ]
+//	        }
+//	      },
+//	      "SettingsHash": "ffffffffffffffffffffffffffffffff",
+//	      "Status": {
+//	        "Zone": "example.com",
+//	        "NS": [
+//	          "ns1.gslbN.sakura.ne.jp",
+//	          "ns2.gslbN.sakura.ne.jp"
+//	        ]
+//	      },
+//	      "ServiceClass": "cloud/dns",
+//	      "Availability": "available",
+//	      "CreatedAt": "2006-01-02T15:04:05+07:00",
+//	      "ModifiedAt": "2006-01-02T15:04:05+07:00",
+//	      "Provider": {
+//	        "ID": 9999999,
+//	        "Class": "dns",
+//	        "Name": "gslbN.sakura.ne.jp",
+//	        "ServiceClass": "cloud/dns"
+//	      },
+//	      "Icon": null,
+//	      "Tags": []
+//	    }
+//	  ],
+//	  "is_ok": true
+//	}
+//
+// References:
+//
+//   - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/#get_commonserviceitem
+type responseCommonServiceItems struct {
+	From               int                 `json:"From"`
+	Count              int                 `json:"Count"`
+	Total              int                 `json:"Total"`
+	CommonServiceItems []commonServiceItem `json:"CommonServiceItems"`
+	IsOk               bool                `json:"is_ok"`
+}
+
+// responseCommonServiceItem is the body structure of the success response to get a zone or update zone data.
+//
+// Request:
+//
+//	GET /commonserviceitem/:commonserviceitemid
+//	PUT /commonserviceitem/:commonserviceitemid
+//
+// Response body structure:
+//
+//	{
+//	  "CommonServiceItem": {
+//	    "ID": "999999999999",
+//	    "Name": "example.com",
+//	    "Description": "",
+//	    "Settings": {
+//	      "DNS": {
+//	        "ResourceRecordSets": [
+//	          {
+//	            "Name": "a",
+//	            "Type": "A",
+//	            "RData": "192.0.2.1",
+//	            "TTL": 600
+//	          },
+//	          ...
+//	        ]
+//	      }
+//	    },
+//	    "SettingsHash": "ffffffffffffffffffffffffffffffff",
+//	    "Status": {
+//	      "Zone": "example.com",
+//	      "NS": [
+//	        "ns1.gslbN.sakura.ne.jp",
+//	        "ns2.gslbN.sakura.ne.jp"
+//	      ]
+//	    },
+//	    "ServiceClass": "cloud/dns",
+//	    "Availability": "available",
+//	    "CreatedAt": "2006-01-02T15:04:05+07:00",
+//	    "ModifiedAt": "2006-01-02T15:04:05+07:00",
+//	    "Provider": {
+//	      "ID": 9999999,
+//	      "Class": "dns",
+//	      "Name": "gslbN.sakura.ne.jp",
+//	      "ServiceClass": "cloud/dns"
+//	    },
+//	    "Icon": null,
+//	    "Tags": []
+//	  },
+//	  "Success": true,
+//	  "is_ok": true
+//	}
+//
+// References:
+//
+//   - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/#get_commonserviceitem_commonserviceitemid
+//   - https://manual.sakura.ad.jp/cloud-api/1.1/appliance/#put_commonserviceitem_commonserviceitemid
+type responseCommonServiceItem struct {
+	CommonServiceItem commonServiceItem `json:"CommonServiceItem"`
+	Success           bool              `json:"Success"`
+	IsOk              bool              `json:"is_ok"`
+}
+
+// errorResponse is the body structure of an error response.
+//
+// Response body structure:
+//
+//	{
+//	  "is_fatal": true,
+//	  "serial": "ffffffffffffffffffffffffffffffff",
+//	  "status": "401 Unauthorized",
+//	  "error_code": "unauthorized",
+//	  "error_msg": "error-unauthorized"
+//	}
+type errorResponse struct {
+	IsFatal   bool   `json:"is_fatal"`
+	Serial    string `json:"serial"`
+	Status    string `json:"status"`
+	ErrorCode string `json:"error_code"`
+	ErrorMsg  string `json:"error_msg"`
+}
+
+// commonServiceItem is a resource structure.
+type commonServiceItem struct {
+	ID           string   `json:"ID,omitempty"`
+	Name         string   `json:"Name,omitempty"`
+	Settings     settings `json:"Settings"`
+	Status       status   `json:"Status,omitempty"`
+	ServiceClass string   `json:"ServiceClass,omitempty"`
+	Provider     provider `json:"Provider,omitempty"`
+}
+
+// settings is a resource setting.
+type settings struct {
+	DNS dNS `json:"DNS"`
+}
+
+// dNS is a set of dNS resources.
+type dNS struct {
+	ResourceRecordSets []domainRecord `json:"ResourceRecordSets"`
+}
+
+// domainRecord is a resource record.
+type domainRecord struct {
+	Name  string `json:"Name"`
+	Type  string `json:"Type"`
+	RData string `json:"RData"`
+	TTL   uint32 `json:"TTL,omitempty"`
+}
+
+// status is the metadata of a zone.
+type status struct {
+	Zone string   `json:"Zone,omitempty"`
+	NS   []string `json:"NS,omitempty"`
+}
+
+// provider is the metadata of a service.
+type provider struct {
+	ID           int    `json:"ID,omitempty"`
+	Class        string `json:"Class"`
+	Name         string `json:"Name,omitempty"`
+	ServiceClass string `json:"ServiceClass,omitempty"`
+}
+
+// sakuracloudAPI has information about the API of the Sakura Cloud.
+type sakuracloudAPI struct {
+	accessToken          string
+	accessTokenSecret    string
+	baseURL              url.URL
+	httpClient           *http.Client
+	commonServiceItemMap map[string]*commonServiceItem
+}
+
+func NewSakuracloudAPI(accessToken, accessTokenSecret, endpoint string) (*sakuracloudAPI, error) {
+	baseURL, err := url.Parse(endpoint)
+	if err != nil {
+		return nil, fmt.Errorf("endpoint_url parse error: %w", err)
+	}
+
+	return &sakuracloudAPI{
+		accessToken:       accessToken,
+		accessTokenSecret: accessTokenSecret,
+		baseURL:           *baseURL,
+		httpClient: &http.Client{
+			Timeout: time.Minute,
+		},
+	}, nil
+}
+
+func (api *sakuracloudAPI) request(method, path string, data []byte) ([]byte, error) {
+	req, err := http.NewRequest(method, path, bytes.NewReader(data))
+	if err != nil {
+		return nil, err
+	}
+
+	req.SetBasicAuth(api.accessToken, api.accessTokenSecret)
+	req.Header.Add("Content-Type", "applicaiton/json; charset=UTF-8")
+	resp, err := api.httpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode >= 400 {
+		var errResp errorResponse
+		err := json.Unmarshal(respBody, &errResp)
+		if err != nil {
+			return nil, err
+		}
+		// Since an error_msg uses HTML entities, unescape it.
+		return nil, fmt.Errorf("request failed: status: %s, serial: %s, error_code: %s, error_msg: %s", errResp.Status, errResp.Serial, errResp.ErrorCode, html.UnescapeString(errResp.ErrorMsg))
+	}
+
+	return respBody, nil
+}
+
+// getCommonServiceItems return all the zones in the account
+func (api *sakuracloudAPI) getCommonServiceItems() ([]*commonServiceItem, error) {
+	var items []*commonServiceItem
+
+	nextFrom := 0
+	count := 100
+	for {
+		u := api.baseURL.JoinPath("/commonserviceitem")
+
+		if nextFrom > 0 {
+			// The query string is similar to the flow-style YAML.
+			//	{From: 0, Count: 10}
+			query := fmt.Sprintf("{From: %d, Count: %d}", nextFrom, count)
+			u.RawQuery = url.QueryEscape(query)
+		}
+
+		respBody, err := api.request(http.MethodGet, u.String(), nil)
+		if err != nil {
+			return nil, err
+		}
+
+		var respData responseCommonServiceItems
+		err = json.Unmarshal(respBody, &respData)
+		if err != nil {
+			return nil, err
+		}
+
+		if items == nil {
+			items = make([]*commonServiceItem, 0, respData.Total)
+		}
+
+		for _, item := range respData.CommonServiceItems {
+			items = append(items, &item)
+		}
+
+		count = respData.Count
+		nextFrom = respData.From + respData.Count
+		if nextFrom == respData.Total {
+			break
+		}
+	}
+
+	return items, nil
+}
+
+// GetCommonServiceItemMap return all the zones in the account
+func (api *sakuracloudAPI) GetCommonServiceItemMap() (map[string]*commonServiceItem, error) {
+	if api.commonServiceItemMap != nil {
+		return api.commonServiceItemMap, nil
+	}
+
+	items, err := api.getCommonServiceItems()
+	if err != nil {
+		return nil, err
+	}
+
+	api.commonServiceItemMap = make(map[string]*commonServiceItem, len(items))
+	for _, item := range items {
+		if item.ServiceClass != "cloud/dns" {
+			continue
+		}
+		api.commonServiceItemMap[item.Status.Zone] = item
+	}
+
+	return api.commonServiceItemMap, nil
+}
+
+// postCommonServiceItem submits a CommonServiceItem to the API and create the zone.
+func (api *sakuracloudAPI) postCommonServiceItem(reqItem requestCommonServiceItem) (*commonServiceItem, error) {
+	reqBody, err := json.Marshal(reqItem)
+	if err != nil {
+		return nil, err
+	}
+
+	u := api.baseURL.JoinPath("/commonserviceitem")
+	respBody, err := api.request(http.MethodPost, u.String(), reqBody)
+	if err != nil {
+		return nil, err
+	}
+
+	var respData responseCommonServiceItem
+	err = json.Unmarshal(respBody, &respData)
+	if err != nil {
+		return nil, err
+	}
+
+	return &respData.CommonServiceItem, nil
+}
+
+// CreateZone submits a CommonServiceItem to the API and create the zone.
+func (api *sakuracloudAPI) CreateZone(domain string) error {
+	reqItem := requestCommonServiceItem{
+		CommonServiceItem: commonServiceItem{
+			Name: domain,
+			Status: status{
+				Zone: domain,
+			},
+			Settings: settings{
+				DNS: dNS{
+					ResourceRecordSets: []domainRecord{},
+				},
+			},
+			Provider: provider{
+				Class: "dns",
+			},
+		},
+	}
+
+	item, err := api.postCommonServiceItem(reqItem)
+	if err != nil {
+		return err
+	}
+
+	api.commonServiceItemMap[domain] = item
+	return nil
+}
+
+// putCommonServiceItem submits a CommonServiceItem to the API and updates the zone data.
+func (api *sakuracloudAPI) putCommonServiceItem(id string, reqItem requestCommonServiceItem) (*commonServiceItem, error) {
+	reqBody, err := json.Marshal(reqItem)
+	if err != nil {
+		return nil, err
+	}
+
+	u := api.baseURL.JoinPath("/commonserviceitem/").JoinPath(id)
+	respBody, err := api.request(http.MethodPut, u.String(), reqBody)
+	if err != nil {
+		return nil, err
+	}
+
+	var respData responseCommonServiceItem
+	err = json.Unmarshal(respBody, &respData)
+	if err != nil {
+		return nil, err
+	}
+
+	return &respData.CommonServiceItem, nil
+}
+
+// UpdateZone submits a CommonServiceItem to the API and updates the zone data.
+func (api *sakuracloudAPI) UpdateZone(domain string, domainRecords []domainRecord) error {
+	drs := make([]domainRecord, 0, len(domainRecords)-2) // Removes 2 NS records.
+	for _, r := range domainRecords {
+		if r.Type == "NS" && r.Name == "@" {
+			continue
+		}
+		drs = append(drs, r)
+	}
+
+	reqItem := requestCommonServiceItem{
+		CommonServiceItem: commonServiceItem{
+			Settings: settings{
+				DNS: dNS{
+					ResourceRecordSets: drs,
+				},
+			},
+		},
+	}
+
+	item, err := api.putCommonServiceItem(api.commonServiceItemMap[domain].ID, reqItem)
+	if err != nil {
+		return err
+	}
+
+	api.commonServiceItemMap[domain] = item
+	return nil
+}
diff --git a/providers/sakuracloud/auditrecords.go b/providers/sakuracloud/auditrecords.go
new file mode 100644
index 0000000000..47ad061449
--- /dev/null
+++ b/providers/sakuracloud/auditrecords.go
@@ -0,0 +1,93 @@
+package sakuracloud
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+	"github.com/miekg/dns"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+
+	a.Add("MX", rejectif.MxNull) // Last verified 2024-08-09
+
+	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2024-08-09
+
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2024-08-09
+
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2024-08-09
+
+	a.Add("TXT", rejectif.TxtHasUnpairedDoubleQuotes) // Last verified 2024-08-09
+
+	a.Add("TXT", rejectif.TxtLongerThan(500)) // Last verified 2024-08-09
+
+	a.Add("CAA", rejectifCaaLongerThan(64)) // Last verified 2024-08-09
+
+	a.Add("NS", rejectifNsPointsToOrigin) // Last verified 2024-08-09
+
+	for _, t := range []string{"ALIAS", "CNAME", "HTTPS", "MX", "NS", "PTR", "SRV", "SVCB"} {
+		a.Add(t, rejectifTargetHasExample) // Last verified 2024-08-09
+	}
+
+	for _, t := range []string{"A", "AAAA", "ALIAS", "CAA", "CNAME", "HTTPS", "MX", "NS", "PTR", "SRV", "SVCB", "TXT"} {
+		a.Add(t, rejectifLabelHasExample) // Last verified 2024-08-09
+	}
+	return a.Audit(records)
+}
+
+// rejectifCaaLongerThan returns a function that audits CAA records
+// where the length of the property value is greater than maxLength.
+func rejectifCaaLongerThan(maxLength int) func(rc *models.RecordConfig) error {
+	return func(rc *models.RecordConfig) error {
+		m := maxLength
+		if len(rc.GetTargetField()) > m {
+			return fmt.Errorf("CAA record longer than %d octets (chars)", m)
+		}
+		return nil
+	}
+}
+
+// rejectifNsPointsToOrigin audits NS records that point to the origin.
+func rejectifNsPointsToOrigin(rc *models.RecordConfig) error {
+	originFQDN := strings.TrimPrefix(rc.GetLabelFQDN(), rc.GetLabel()+".") + "."
+	if originFQDN == rc.GetTargetField() {
+		return fmt.Errorf("NS record points to the origin: %s", rc.GetTargetField())
+	}
+	return nil
+}
+
+var labelExampleRe = regexp.MustCompile(`^example[0-9]?$`)
+
+func hasLabelExample(domain string) error {
+	for _, l := range dns.SplitDomainName(domain) {
+		if labelExampleRe.MatchString(l) {
+			return fmt.Errorf("label contains `example`: %s", domain)
+		}
+	}
+	return nil
+}
+
+// rejectifTargetHasExample returns a function that audits RDATA targets
+// containing the following labels:
+//
+//   - example
+//   - exampleN, where N is a numerical character
+func rejectifTargetHasExample(rc *models.RecordConfig) error {
+	return hasLabelExample(rc.GetTargetField())
+}
+
+// rejectifLabelHasExample returns a function that audits owner names
+// containing the following labels:
+//
+//   - example
+//   - exampleN, where N is a numerical character
+func rejectifLabelHasExample(rc *models.RecordConfig) error {
+	return hasLabelExample(rc.GetLabel())
+}
diff --git a/providers/sakuracloud/convert.go b/providers/sakuracloud/convert.go
new file mode 100644
index 0000000000..20f7677ff9
--- /dev/null
+++ b/providers/sakuracloud/convert.go
@@ -0,0 +1,47 @@
+package sakuracloud
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+)
+
+const defaultTTL = uint32(3600)
+
+func toRc(domain string, r domainRecord) *models.RecordConfig {
+	rc := &models.RecordConfig{
+		Type:     r.Type,
+		TTL:      r.TTL,
+		Original: r,
+	}
+	if r.TTL == 0 {
+		rc.TTL = defaultTTL
+	}
+
+	rc.SetLabel(r.Name, domain)
+
+	switch r.Type {
+	case "TXT":
+		// TXT records are stored verbatim; no quoting/escaping to parse.
+		rc.SetTargetTXT(r.RData)
+	default:
+		rc.PopulateFromString(r.Type, r.RData, domain)
+	}
+
+	return rc
+}
+
+func toNative(rc *models.RecordConfig) domainRecord {
+	rr := domainRecord{
+		Name:  rc.GetLabel(),
+		Type:  rc.Type,
+		RData: rc.String(),
+	}
+	if rc.TTL != defaultTTL {
+		rr.TTL = rc.TTL
+	}
+
+	switch rc.Type {
+	case "TXT":
+		rr.RData = rc.GetTargetTXTJoined()
+	}
+	return rr
+}
diff --git a/providers/sakuracloud/listzones.go b/providers/sakuracloud/listzones.go
new file mode 100644
index 0000000000..e408c4f673
--- /dev/null
+++ b/providers/sakuracloud/listzones.go
@@ -0,0 +1,32 @@
+package sakuracloud
+
+import "github.com/StackExchange/dnscontrol/v4/pkg/printer"
+
+// ListZones return all the zones in the account
+func (s *sakuracloudProvider) ListZones() ([]string, error) {
+	itemMap, err := s.api.GetCommonServiceItemMap()
+	if err != nil {
+		return nil, err
+	}
+
+	var zones []string
+	for _, item := range itemMap {
+		zones = append(zones, item.Status.Zone)
+	}
+	return zones, nil
+}
+
+// EnsureZoneExists creates a zone if it does not exist
+func (s *sakuracloudProvider) EnsureZoneExists(domain string) error {
+	itemMap, err := s.api.GetCommonServiceItemMap()
+	if err != nil {
+		return err
+	}
+
+	if _, ok := itemMap[domain]; ok {
+		return nil
+	}
+
+	printer.Printf("Adding zone for %s to Sakura Cloud account\n", domain)
+	return s.api.CreateZone(domain)
+}
diff --git a/providers/sakuracloud/records.go b/providers/sakuracloud/records.go
new file mode 100644
index 0000000000..6dd434fe03
--- /dev/null
+++ b/providers/sakuracloud/records.go
@@ -0,0 +1,91 @@
+package sakuracloud
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+)
+
+// GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
+func (s *sakuracloudProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	itemMap, err := s.api.GetCommonServiceItemMap()
+	if err != nil {
+		return nil, err
+	}
+
+	item, ok := itemMap[domain]
+	if !ok {
+		return nil, errNoExist{domain}
+	}
+
+	existingRecords := make([]*models.RecordConfig, 0, len(item.Status.NS)+len(item.Settings.DNS.ResourceRecordSets))
+
+	for _, ns := range item.Status.NS {
+		// CommonServiceItem.Status.NS fields do not end with a dot.
+		// Therefore, a dot is added at the end to make it an absolute domain name.
+		//
+		//      "Status": {
+		//        "Zone": "example.com",
+		//        "NS": [
+		//          "ns1.gslbN.sakura.ne.jp",
+		//          "ns2.gslbN.sakura.ne.jp"
+		//        ]
+		//      },
+		rc := &models.RecordConfig{
+			Type:     "NS",
+			TTL:      defaultTTL,
+			Original: ns,
+		}
+		rc.SetLabel("@", domain)
+		if err := rc.PopulateFromString("NS", ns+".", domain); err != nil {
+			return nil, fmt.Errorf("unparsable record received: %w", err)
+		}
+		existingRecords = append(existingRecords, rc)
+	}
+
+	for _, dr := range item.Settings.DNS.ResourceRecordSets {
+		rc := toRc(domain, dr)
+		existingRecords = append(existingRecords, rc)
+	}
+	return existingRecords, nil
+}
+
+// GetZoneRecordsCorrections gets the records of a zone and returns them in RecordConfig format.
+func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+	var corrections []*models.Correction
+
+	// The name servers for the Sakura cloud provider cannot be changed.
+	// These default TTL is 3600 and the default TTL of DNSControl is 300, so NS corrections can be found.
+	// To prevent this, match TTL of DNSControl to one of Sakura Cloud provider.
+	for _, rc := range dc.Records {
+		if rc.Type == "NS" && rc.Name == "@" {
+			rc.TTL = defaultTTL
+		}
+	}
+
+	msgs, changes, err := diff2.ByZone(existing, dc, nil)
+	if err != nil {
+		return nil, err
+	}
+	if !changes {
+		return nil, nil
+	}
+	msg := strings.Join(msgs, "\n")
+
+	corrections = append(corrections,
+		&models.Correction{
+			Msg: msg,
+			F: func() error {
+				drs := make([]domainRecord, 0, len(dc.Records))
+				for _, rc := range dc.Records {
+					drs = append(drs, toNative(rc))
+				}
+				return s.api.UpdateZone(dc.Name, drs)
+			},
+		},
+	)
+
+	return corrections, nil
+}
diff --git a/providers/sakuracloud/sakuracloudProvider.go b/providers/sakuracloud/sakuracloudProvider.go
new file mode 100644
index 0000000000..bdf29a24b0
--- /dev/null
+++ b/providers/sakuracloud/sakuracloudProvider.go
@@ -0,0 +1,108 @@
+package sakuracloud
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/providers"
+)
+
+const defaultEndpoint = "https://secure.sakura.ad.jp/cloud/zone/is1a/api/cloud/1.1"
+
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanAutoDNSSEC:          providers.Cannot(),
+	providers.CanConcur:              providers.Cannot(),
+	providers.CanGetZones:            providers.Can(),
+	providers.CanUseAlias:            providers.Can(),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseDHCID:            providers.Cannot(),
+	providers.CanUseDNAME:            providers.Cannot(),
+	providers.CanUseDS:               providers.Cannot(),
+	providers.CanUseDSForChildren:    providers.Cannot(),
+	providers.CanUseHTTPS:            providers.Can(),
+	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseNAPTR:            providers.Cannot(),
+	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSOA:              providers.Cannot(),
+	providers.CanUseSRV:              providers.Can(),
+	providers.CanUseSSHFP:            providers.Cannot(),
+	providers.CanUseSVCB:             providers.Can(),
+	providers.CanUseTLSA:             providers.Cannot(),
+	providers.CanUseDNSKEY:           providers.Cannot(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Cannot(),
+	providers.DocOfficiallySupported: providers.Cannot(),
+}
+
+func init() {
+	const providerName = "SAKURACLOUD"
+	const providerMaintainer = "@ttkzw"
+	fns := providers.DspFuncs{
+		Initializer:   newSakuracloudDsp,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
+}
+
+type sakuracloudProvider struct {
+	api *sakuracloudAPI
+}
+
+func newSakuracloudDsp(conf map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
+	return newSakuracloud(conf, metadata)
+}
+
+// newDSP initializes a Sakura Cloud DNSServiceProvider.
+func newSakuracloud(config map[string]string, _ json.RawMessage) (*sakuracloudProvider, error) {
+	// config -- the key/values from creds.json
+	accessToken := config["access_token"]
+	if accessToken == "" {
+		return nil, fmt.Errorf("access_token is required")
+	}
+
+	accessTokenSecret := config["access_token_secret"]
+	if accessTokenSecret == "" {
+		return nil, fmt.Errorf("access_token_secret is required")
+	}
+
+	endpoint := config["endpoint"]
+	if endpoint == "" {
+		endpoint = defaultEndpoint
+	}
+
+	api, err := NewSakuracloudAPI(accessToken, accessTokenSecret, endpoint)
+	if err != nil {
+		return nil, err
+	}
+	dsp := &sakuracloudProvider{
+		api: api,
+	}
+	return dsp, nil
+}
+
+type errNoExist struct {
+	domain string
+}
+
+func (e errNoExist) Error() string {
+	return fmt.Sprintf("Zone %s not found in your Sakura Cloud account", e.domain)
+}
+
+// GetNameservers returns the current nameservers for a domain.
+func (s *sakuracloudProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	itemMap, err := s.api.GetCommonServiceItemMap()
+	if err != nil {
+		return nil, err
+	}
+
+	item, ok := itemMap[domain]
+	if !ok {
+		return nil, errNoExist{domain}
+	}
+
+	return models.ToNameservers(item.Status.NS)
+}

From 94a0cfcba3350403d94af0e3ee3748ee0ec8ace1 Mon Sep 17 00:00:00 2001
From: fuero <108815+fuero@users.noreply.github.com>
Date: Wed, 21 Aug 2024 15:21:39 +0200
Subject: [PATCH 334/438] New Feature: HASH() adds hashing functions to
 dnsconfig.js language (#3085)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts                | 29 +++++++++++++
 documentation/SUMMARY.md                      |  1 +
 .../top-level-functions/HASH.md               | 36 ++++++++++++++++
 pkg/js/hash.go                                | 41 +++++++++++++++++++
 pkg/js/js.go                                  |  1 +
 pkg/js/js_test.go                             |  1 +
 pkg/js/parse_tests/051-HASH.js                |  1 +
 pkg/js/parse_tests/051-HASH.json              | 12 ++++++
 8 files changed, 122 insertions(+)
 create mode 100644 documentation/language-reference/top-level-functions/HASH.md
 create mode 100644 pkg/js/hash.go
 create mode 100644 pkg/js/parse_tests/051-HASH.js
 create mode 100644 pkg/js/parse_tests/051-HASH.json

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index c38198d226..ade2786c3a 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1136,6 +1136,35 @@ declare function DnsProvider(name: string, nsCount?: number): DomainModifier;
  */
 declare function FRAME(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
+/**
+ * `HASH` hashes `value` using the hashing algorithm given in `algorithm`
+ * (accepted values `SHA1`, `SHA256`, and `SHA512`) and returns the hex encoded
+ * hash value.
+ *
+ * example `HASH("SHA1", "abc")` returns `a9993e364706816aba3e25717850c26c9cd0d89d`.
+ *
+ * `HASH()`'s primary use case is for managing [catalog zones](https://datatracker.ietf.org/doc/html/rfc9432):
+ *
+ * > a method for automatic DNS zone provisioning among DNS primary and secondary name
+ * > servers by storing and transferring the catalog of zones to be provisioned as one
+ * > or more regular DNS zones.
+ *
+ * Here's an example of a catalog zone:
+ *
+ * ```javascript
+ * foo_name_suffix = HASH("SHA1", "foo.name") + ".zones"
+ * D("catalog.example"
+ *     [...]
+ *     , TXT("version", "2")
+ *     , PTR(foo_name_suffix, "foo.name.")
+ *     , A("primaries.ext." + foo_name_suffix, "192.168.1.1")
+ * )
+ * ```
+ *
+ * @see https://docs.dnscontrol.org/language-reference/top-level-functions/hash
+ */
+declare function HASH(algorithm: "SHA1" | "SHA256" | "SHA512", value: string): string;
+
 /**
  * HTTPS adds an HTTPS record to a domain. The name should be the relative label for the record. Use `@` for the domain apex. The HTTPS record is a special form of the SVCB resource record.
  *
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index efa9cdd8bc..6e5e0cbcda 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -20,6 +20,7 @@
   * [DOMAIN_ELSEWHERE_AUTO](language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md)
   * [D_EXTEND](language-reference/top-level-functions/D_EXTEND.md)
   * [FETCH](language-reference/top-level-functions/FETCH.md)
+  * [HASH](language-reference/top-level-functions/HASH.md)
   * [IP](language-reference/top-level-functions/IP.md)
   * [NewDnsProvider](language-reference/top-level-functions/NewDnsProvider.md)
   * [NewRegistrar](language-reference/top-level-functions/NewRegistrar.md)
diff --git a/documentation/language-reference/top-level-functions/HASH.md b/documentation/language-reference/top-level-functions/HASH.md
new file mode 100644
index 0000000000..61d1fd91a1
--- /dev/null
+++ b/documentation/language-reference/top-level-functions/HASH.md
@@ -0,0 +1,36 @@
+---
+name: HASH
+parameters:
+  - algorithm
+  - value
+parameter_types:
+  algorithm: '"SHA1" | "SHA256" | "SHA512"'
+  value: string
+ts_return: string
+---
+
+`HASH` hashes `value` using the hashing algorithm given in `algorithm`
+(accepted values `SHA1`, `SHA256`, and `SHA512`) and returns the hex encoded
+hash value.
+
+example `HASH("SHA1", "abc")` returns `a9993e364706816aba3e25717850c26c9cd0d89d`.
+
+`HASH()`'s primary use case is for managing [catalog zones](https://datatracker.ietf.org/doc/html/rfc9432):
+
+> a method for automatic DNS zone provisioning among DNS primary and secondary name
+> servers by storing and transferring the catalog of zones to be provisioned as one
+> or more regular DNS zones.
+
+Here's an example of a catalog zone:
+
+{% code title="dnsconfig.js" %}
+```javascript
+foo_name_suffix = HASH("SHA1", "foo.name") + ".zones"
+D("catalog.example"
+    [...]
+    , TXT("version", "2")
+    , PTR(foo_name_suffix, "foo.name.")
+    , A("primaries.ext." + foo_name_suffix, "192.168.1.1")
+)
+```
+{% endcode %}
diff --git a/pkg/js/hash.go b/pkg/js/hash.go
new file mode 100644
index 0000000000..620cc424cd
--- /dev/null
+++ b/pkg/js/hash.go
@@ -0,0 +1,41 @@
+package js
+
+import (
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/hex"
+	"fmt"
+
+	"github.com/robertkrimen/otto"
+)
+
+// Exposes sha1, sha256, and sha512 hashing functions to Javascript
+func hashFunc(call otto.FunctionCall) otto.Value {
+	if len(call.ArgumentList) != 2 {
+		throw(call.Otto, "require takes exactly two arguments")
+	}
+	algorithm := call.Argument(0).String() // The algorithm to use for hashing
+	value := call.Argument(1).String()     // The value to hash
+	result := otto.Value{}
+	fmt.Printf("%s\n", value)
+
+	switch algorithm {
+	case "SHA1", "sha1":
+		tmp := sha1.New()
+		tmp.Write([]byte(value))
+		fmt.Printf("%s\n", hex.EncodeToString(tmp.Sum(nil)))
+		result, _ = otto.ToValue(hex.EncodeToString(tmp.Sum(nil)))
+	case "SHA256", "sha256":
+		tmp := sha256.New()
+		tmp.Write([]byte(value))
+		result, _ = otto.ToValue(hex.EncodeToString(tmp.Sum(nil)))
+	case "SHA512", "sha512":
+		tmp := sha512.New()
+		tmp.Write([]byte(value))
+		result, _ = otto.ToValue(hex.EncodeToString(tmp.Sum(nil)))
+	default:
+		throw(call.Otto, fmt.Sprintf("invalid algorithm %s given", algorithm))
+	}
+	return result
+}
diff --git a/pkg/js/js.go b/pkg/js/js.go
index 7112e48f26..06d9a7d300 100644
--- a/pkg/js/js.go
+++ b/pkg/js/js.go
@@ -74,6 +74,7 @@ func ExecuteJavascriptString(script []byte, devMode bool, variables map[string]s
 	vm.Set("REVCOMPAT", reverseCompat)
 	vm.Set("glob", listFiles) // used for require_glob()
 	vm.Set("PANIC", jsPanic)
+	vm.Set("HASH", hashFunc)
 
 	// add cli variables to otto
 	for key, value := range variables {
diff --git a/pkg/js/js_test.go b/pkg/js/js_test.go
index ae09ba00b4..0bd35a11be 100644
--- a/pkg/js/js_test.go
+++ b/pkg/js/js_test.go
@@ -141,6 +141,7 @@ func TestErrors(t *testing.T) {
 		{"Bad cidr", `D(reverse("foo.com"), "reg")`},
 		{"Dup domains", `D("example.org", "reg"); D("example.org", "reg")`},
 		{"Bad NAMESERVER", `D("example.com","reg", NAMESERVER("@","ns1.foo.com."))`},
+		{"Bad Hash function", `D(HASH("123", "abc"),"reg")`},
 	}
 	for _, tst := range tests {
 		t.Run(tst.desc, func(t *testing.T) {
diff --git a/pkg/js/parse_tests/051-HASH.js b/pkg/js/parse_tests/051-HASH.js
new file mode 100644
index 0000000000..cb75995a58
--- /dev/null
+++ b/pkg/js/parse_tests/051-HASH.js
@@ -0,0 +1 @@
+D(HASH("SHA1", "abc"), "reg")
diff --git a/pkg/js/parse_tests/051-HASH.json b/pkg/js/parse_tests/051-HASH.json
new file mode 100644
index 0000000000..5d11fa116a
--- /dev/null
+++ b/pkg/js/parse_tests/051-HASH.json
@@ -0,0 +1,12 @@
+{
+  "registrars": [],
+  "dns_providers": [],
+  "domains": [
+    {
+      "name": "a9993e364706816aba3e25717850c26c9cd0d89d",
+      "registrar": "reg",
+      "dnsProviders": {},
+      "records": []
+    }
+  ]
+}

From 8bb5df96bce443cc8b0d49ade2d733d4856d5749 Mon Sep 17 00:00:00 2001
From: Nikita Karamov <me@kytta.dev>
Date: Wed, 21 Aug 2024 20:13:56 +0200
Subject: [PATCH 335/438] POWERDNS: Use canonical domain in calls to PowerDNS
 (#3080)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/powerdns/diff.go | 4 ++--
 providers/powerdns/dns.go  | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/providers/powerdns/diff.go b/providers/powerdns/diff.go
index a48ef55deb..9bc0bad1c4 100644
--- a/providers/powerdns/diff.go
+++ b/providers/powerdns/diff.go
@@ -31,7 +31,7 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 			corrections = append(corrections, &models.Correction{
 				Msg: change.MsgsJoined,
 				F: func() error {
-					return dsp.client.Zones().AddRecordSetToZone(context.Background(), dsp.ServerName, dc.Name, zones.ResourceRecordSet{
+					return dsp.client.Zones().AddRecordSetToZone(context.Background(), dsp.ServerName, canonical(dc.Name), zones.ResourceRecordSet{
 						Name:       labelName,
 						Type:       labelType,
 						TTL:        labelTTL,
@@ -44,7 +44,7 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 			corrections = append(corrections, &models.Correction{
 				Msg: change.MsgsJoined,
 				F: func() error {
-					return dsp.client.Zones().RemoveRecordSetFromZone(context.Background(), dsp.ServerName, dc.Name, labelName, labelType)
+					return dsp.client.Zones().RemoveRecordSetFromZone(context.Background(), dsp.ServerName, canonical(dc.Name), labelName, labelType)
 				},
 			})
 		default:
diff --git a/providers/powerdns/dns.go b/providers/powerdns/dns.go
index aeca212848..391018d06a 100644
--- a/providers/powerdns/dns.go
+++ b/providers/powerdns/dns.go
@@ -20,7 +20,7 @@ func (dsp *powerdnsProvider) GetNameservers(string) ([]*models.Nameserver, error
 
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (dsp *powerdnsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
-	zone, err := dsp.client.Zones().GetZone(context.Background(), dsp.ServerName, domain)
+	zone, err := dsp.client.Zones().GetZone(context.Background(), dsp.ServerName, canonical(domain))
 	if err != nil {
 		return nil, err
 	}

From 0de789f3812b78109934855762f50b1bd42551da Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Fri, 23 Aug 2024 14:18:42 +0100
Subject: [PATCH 336/438] ORACLE: Abide by 429-style rate limits, fix
 Nameserver update bug (#3090)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/provider/oracle.md   | 12 +++++
 providers/oracle/auditrecords.go   | 13 +++++-
 providers/oracle/oracleProvider.go | 71 +++++++++++++++++++++++++++---
 3 files changed, 88 insertions(+), 8 deletions(-)

diff --git a/documentation/provider/oracle.md b/documentation/provider/oracle.md
index 62ea7782dd..d9fc992293 100644
--- a/documentation/provider/oracle.md
+++ b/documentation/provider/oracle.md
@@ -25,9 +25,11 @@ Example:
 {% endcode %}
 
 ## Metadata
+
 This provider does not recognize any special metadata fields unique to Oracle Cloud.
 
 ## Usage
+
 An example configuration:
 
 {% code title="dnsconfig.js" %}
@@ -42,3 +44,13 @@ D("example.com", REG_NONE, DnsProvider(DSP_ORACLE),
 END);
 ```
 {% endcode %}
+
+## Notes for developers
+
+Integration does not have the capability to set the TTL set differently when Oracle is the provider being tested.
+You will see an error message behind displayed, such as below, but it can be safely ignored.
+
+```Text
+=== RUN   TestDNSProviders/example.co.uk/Clean_Slate:Empty
+WARNING: Oracle Cloud forces TTL=86400 for NS records. Ignoring configured TTL of 300 for ns1.p201.dns.oraclecloud.net.
+```
diff --git a/providers/oracle/auditrecords.go b/providers/oracle/auditrecords.go
index 629ff55e43..1f24276af8 100644
--- a/providers/oracle/auditrecords.go
+++ b/providers/oracle/auditrecords.go
@@ -1,10 +1,19 @@
 package oracle
 
-import "github.com/StackExchange/dnscontrol/v4/models"
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
 
 // AuditRecords returns a list of errors corresponding to the records
 // that aren't supported by this provider.  If all records are
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
-	return nil
+	a := rejectif.Auditor{}
+
+	a.Add("TXT", rejectif.TxtIsEmpty)         // Last verified 2024-08-21
+	a.Add("TXT", rejectif.TxtHasBackslash)    // Last verified 2024-08-21
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2024-08-21
+
+	return a.Audit(records)
 }
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 1bcca0e5e5..4e303c3be7 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -3,6 +3,7 @@ package oracle
 import (
 	"context"
 	"encoding/json"
+	"net/http"
 	"strings"
 	"time"
 
@@ -75,10 +76,15 @@ func (o *oracleProvider) ListZones() ([]string, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
+	waitTime = 1
+retry:
 	listResp, err := o.client.ListZones(ctx, dns.ListZonesRequest{
 		CompartmentId: &o.compartment,
 	})
 	if err != nil {
+		if pauseAndRetry(listResp.HTTPResponse()) {
+			goto retry
+		}
 		return nil, err
 	}
 
@@ -94,6 +100,8 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
+	waitTime = 1
+retryFirstGetZone:
 	getResp, err := o.client.GetZone(ctx, dns.GetZoneRequest{
 		ZoneNameOrId:  &domain,
 		CompartmentId: &o.compartment,
@@ -101,11 +109,18 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 	if err == nil {
 		return nil
 	}
-	if getResp.RawResponse.StatusCode != 404 {
-		return err
+	if err != nil {
+		if pauseAndRetry(getResp.HTTPResponse()) {
+			goto retryFirstGetZone
+		}
+		if getResp.RawResponse.StatusCode != 404 {
+			return err
+		}
 	}
 
-	_, err = o.client.CreateZone(ctx, dns.CreateZoneRequest{
+	waitTime = 1
+retryCreate:
+	createResp, err := o.client.CreateZone(ctx, dns.CreateZoneRequest{
 		CreateZoneDetails: dns.CreateZoneDetails{
 			CompartmentId: &o.compartment,
 			Name:          &domain,
@@ -113,9 +128,14 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 		},
 	})
 	if err != nil {
+		if pauseAndRetry(createResp.HTTPResponse()) {
+			goto retryCreate
+		}
 		return err
 	}
 
+	waitTime = 1
+retrySecondGetZone:
 	// poll until the zone is ready
 	pollUntilAvailable := func(r common.OCIOperationResponse) bool {
 		if converted, ok := r.Response.(dns.GetZoneResponse); ok {
@@ -123,11 +143,16 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 		}
 		return true
 	}
-	_, err = o.client.GetZone(ctx, dns.GetZoneRequest{
+	getResp, err = o.client.GetZone(ctx, dns.GetZoneRequest{
 		ZoneNameOrId:    &domain,
 		CompartmentId:   &o.compartment,
 		RequestMetadata: helpers.GetRequestMetadataWithCustomizedRetryPolicy(pollUntilAvailable),
 	})
+	if err != nil {
+		if pauseAndRetry(createResp.HTTPResponse()) {
+			goto retrySecondGetZone
+		}
+	}
 
 	return err
 }
@@ -136,11 +161,16 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
+	waitTime = 1
+retry:
 	getResp, err := o.client.GetZone(ctx, dns.GetZoneRequest{
 		ZoneNameOrId:  &domain,
 		CompartmentId: &o.compartment,
 	})
 	if err != nil {
+		if pauseAndRetry(getResp.HTTPResponse()) {
+			goto retry
+		}
 		return nil, err
 	}
 
@@ -149,7 +179,7 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 		nss[i] = *ns.Hostname
 	}
 
-	return models.ToNameservers(nss)
+	return models.ToNameserversStripTD(nss)
 }
 
 func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (models.Records, error) {
@@ -164,8 +194,13 @@ func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (mo
 	}
 
 	for {
+		waitTime = 1
+	retry:
 		getResp, err := o.client.GetZoneRecords(ctx, request)
 		if err != nil {
+			if pauseAndRetry(getResp.HTTPResponse()) {
+				goto retry
+			}
 			return nil, err
 		}
 
@@ -309,8 +344,14 @@ func (o *oracleProvider) patch(createRecords, deleteRecords models.Records, doma
 			batchEnd = len(ops)
 		}
 		patchReq.Items = ops[batchStart:batchEnd]
-		_, err := o.client.PatchZoneRecords(ctx, patchReq)
+
+		waitTime = 1
+	retry:
+		response, err := o.client.PatchZoneRecords(ctx, patchReq)
 		if err != nil {
+			if pauseAndRetry(response.HTTPResponse()) {
+				goto retry
+			}
 			return err
 		}
 	}
@@ -339,3 +380,21 @@ func convertToRecordOperation(rec *models.RecordConfig, op dns.RecordOperationOp
 		Operation: op,
 	}
 }
+
+// waitTime is the amount of time to sleep if a 429 is received.
+// Must be reset before every query
+var waitTime = 1
+
+func pauseAndRetry(resp *http.Response) bool {
+	if resp.StatusCode == 429 {
+		waitTime = waitTime * 2
+		if waitTime > 300 {
+			printer.Printf("Oracle: max wait for rate-limit reached.\n")
+			return false
+		}
+		printer.Printf("Oracle: API rate-limit hit, pause for %v seconds.\n", waitTime)
+		time.Sleep(time.Duration(waitTime+1) * time.Second)
+		return true
+	}
+	return false
+}

From a3b194fd92933c5808266eb4c9ca23d29ccabeb1 Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Fri, 23 Aug 2024 17:02:15 +0100
Subject: [PATCH 337/438] Oracle: Use SDK v65 and default retry policy (#3094)

---
 go.mod                             |  4 +-
 go.sum                             |  8 ++-
 providers/oracle/oracleProvider.go | 78 +++++-------------------------
 3 files changed, 22 insertions(+), 68 deletions(-)

diff --git a/go.mod b/go.mod
index e35fefb20f..88d99302a2 100644
--- a/go.mod
+++ b/go.mod
@@ -39,7 +39,6 @@ require (
 	github.com/mittwald/go-powerdns v0.6.4
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
-	github.com/oracle/oci-go-sdk/v32 v32.0.0
 	github.com/ovh/go-ovh v1.4.3
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
 	github.com/pkg/errors v0.9.1
@@ -69,6 +68,7 @@ require (
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
+	github.com/oracle/oci-go-sdk/v65 v65.72.0
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/text v0.17.0
@@ -106,6 +106,7 @@ require (
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
+	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gofrs/uuid v4.0.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -143,6 +144,7 @@ require (
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
+	github.com/sony/gobreaker v0.5.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
diff --git a/go.sum b/go.sum
index 53f2bee059..567b7613d5 100644
--- a/go.sum
+++ b/go.sum
@@ -158,6 +158,8 @@ github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe/go.mod h1:d3Ez4x06l9
 github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
+github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
@@ -329,8 +331,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v32 v32.0.0 h1:SSbzrQO3WRcPJEZ8+b3SFPYsPtkFM96clqrp03lrwbU=
-github.com/oracle/oci-go-sdk/v32 v32.0.0/go.mod h1:aZc4jC59IuNP3cr5y1nj555QvwojMX2nMJaBiozuuEs=
+github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg=
+github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
 github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -381,6 +383,8 @@ github.com/softlayer/softlayer-go v1.1.5 h1:UFFtgKxiw0yIuUw93XBCFIiIMYR5eLgmm4a5
 github.com/softlayer/softlayer-go v1.1.5/go.mod h1:WeJrBLoTJcaT8nO1azeyHyNpo/fDLtbpbvh+pzts+Qw=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
+github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg=
+github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 4e303c3be7..debf276148 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -3,7 +3,6 @@ package oracle
 import (
 	"context"
 	"encoding/json"
-	"net/http"
 	"strings"
 	"time"
 
@@ -11,9 +10,9 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/providers"
-	"github.com/oracle/oci-go-sdk/v32/common"
-	"github.com/oracle/oci-go-sdk/v32/dns"
-	"github.com/oracle/oci-go-sdk/v32/example/helpers"
+	"github.com/oracle/oci-go-sdk/v65/common"
+	"github.com/oracle/oci-go-sdk/v65/dns"
+	"github.com/oracle/oci-go-sdk/v65/example/helpers"
 )
 
 var features = providers.DocumentationNotes{
@@ -65,6 +64,12 @@ func New(settings map[string]string, _ json.RawMessage) (providers.DNSServicePro
 		return nil, err
 	}
 
+	// Set default retry policy to handle 429 automatically
+	defaultRetryPolicy := common.DefaultRetryPolicy()
+	client.SetCustomClientConfiguration(common.CustomClientConfiguration{
+		RetryPolicy: &defaultRetryPolicy,
+	})
+
 	return &oracleProvider{
 		client:      client,
 		compartment: settings["compartment"],
@@ -76,15 +81,10 @@ func (o *oracleProvider) ListZones() ([]string, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
-	waitTime = 1
-retry:
 	listResp, err := o.client.ListZones(ctx, dns.ListZonesRequest{
 		CompartmentId: &o.compartment,
 	})
 	if err != nil {
-		if pauseAndRetry(listResp.HTTPResponse()) {
-			goto retry
-		}
 		return nil, err
 	}
 
@@ -100,8 +100,6 @@ func (o *oracleProvider) EnsureZoneExists(domain string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
-	waitTime = 1
-retryFirstGetZone:
 	getResp, err := o.client.GetZone(ctx, dns.GetZoneRequest{
 		ZoneNameOrId:  &domain,
 		CompartmentId: &o.compartment,
@@ -109,18 +107,11 @@ retryFirstGetZone:
 	if err == nil {
 		return nil
 	}
-	if err != nil {
-		if pauseAndRetry(getResp.HTTPResponse()) {
-			goto retryFirstGetZone
-		}
-		if getResp.RawResponse.StatusCode != 404 {
-			return err
-		}
+	if getResp.RawResponse.StatusCode != 404 {
+		return err
 	}
 
-	waitTime = 1
-retryCreate:
-	createResp, err := o.client.CreateZone(ctx, dns.CreateZoneRequest{
+	_, err = o.client.CreateZone(ctx, dns.CreateZoneRequest{
 		CreateZoneDetails: dns.CreateZoneDetails{
 			CompartmentId: &o.compartment,
 			Name:          &domain,
@@ -128,14 +119,9 @@ retryCreate:
 		},
 	})
 	if err != nil {
-		if pauseAndRetry(createResp.HTTPResponse()) {
-			goto retryCreate
-		}
 		return err
 	}
 
-	waitTime = 1
-retrySecondGetZone:
 	// poll until the zone is ready
 	pollUntilAvailable := func(r common.OCIOperationResponse) bool {
 		if converted, ok := r.Response.(dns.GetZoneResponse); ok {
@@ -148,11 +134,6 @@ retrySecondGetZone:
 		CompartmentId:   &o.compartment,
 		RequestMetadata: helpers.GetRequestMetadataWithCustomizedRetryPolicy(pollUntilAvailable),
 	})
-	if err != nil {
-		if pauseAndRetry(createResp.HTTPResponse()) {
-			goto retrySecondGetZone
-		}
-	}
 
 	return err
 }
@@ -161,16 +142,11 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 	ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 	defer cancel()
 
-	waitTime = 1
-retry:
 	getResp, err := o.client.GetZone(ctx, dns.GetZoneRequest{
 		ZoneNameOrId:  &domain,
 		CompartmentId: &o.compartment,
 	})
 	if err != nil {
-		if pauseAndRetry(getResp.HTTPResponse()) {
-			goto retry
-		}
 		return nil, err
 	}
 
@@ -194,13 +170,8 @@ func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (mo
 	}
 
 	for {
-		waitTime = 1
-	retry:
 		getResp, err := o.client.GetZoneRecords(ctx, request)
 		if err != nil {
-			if pauseAndRetry(getResp.HTTPResponse()) {
-				goto retry
-			}
 			return nil, err
 		}
 
@@ -345,13 +316,8 @@ func (o *oracleProvider) patch(createRecords, deleteRecords models.Records, doma
 		}
 		patchReq.Items = ops[batchStart:batchEnd]
 
-		waitTime = 1
-	retry:
-		response, err := o.client.PatchZoneRecords(ctx, patchReq)
+		_, err := o.client.PatchZoneRecords(ctx, patchReq)
 		if err != nil {
-			if pauseAndRetry(response.HTTPResponse()) {
-				goto retry
-			}
 			return err
 		}
 	}
@@ -380,21 +346,3 @@ func convertToRecordOperation(rec *models.RecordConfig, op dns.RecordOperationOp
 		Operation: op,
 	}
 }
-
-// waitTime is the amount of time to sleep if a 429 is received.
-// Must be reset before every query
-var waitTime = 1
-
-func pauseAndRetry(resp *http.Response) bool {
-	if resp.StatusCode == 429 {
-		waitTime = waitTime * 2
-		if waitTime > 300 {
-			printer.Printf("Oracle: max wait for rate-limit reached.\n")
-			return false
-		}
-		printer.Printf("Oracle: API rate-limit hit, pause for %v seconds.\n", waitTime)
-		time.Sleep(time.Duration(waitTime+1) * time.Second)
-		return true
-	}
-	return false
-}

From 3b904d2eaefa8bdb2687af6e6e674e7d4c004317 Mon Sep 17 00:00:00 2001
From: Takashi Takizawa <taki@cyber.email.ne.jp>
Date: Tue, 27 Aug 2024 02:13:39 +0900
Subject: [PATCH 338/438] SAKURACLOUD: Add SAKURACLOUD to automated tests
 (#3095)

---
 .github/workflows/pr_test.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index f0798e7e5a..367fa6c340 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -88,7 +88,7 @@ jobs:
         Write-Host "Integration test providers: $Providers"
         echo "integration_test_providers=$(ConvertTo-Json -InputObject $Providers -Compress)" >> $env:GITHUB_OUTPUT
       env:
-        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
@@ -122,6 +122,7 @@ jobs:
       NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
       POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
       ROUTE53_DOMAIN: ${{ vars.ROUTE53_DOMAIN }}
+      SAKURACLOUD_DOMAIN: ${{ vars.SAKURACLOUD_DOMAIN }}
       TRANSIP_DOMAIN: ${{ vars.TRANSIP_DOMAIN }}
 
       # PROVIDER SECRET LIST
@@ -179,6 +180,9 @@ jobs:
       ROUTE53_KEY: ${{ secrets.ROUTE53_KEY }}
       ROUTE53_KEY_ID: ${{ secrets.ROUTE53_KEY_ID }}
 
+      SAKURACLOUD_ACCESS_TOKEN: ${{ secrets.SAKURACLOUD_ACCESS_TOKEN }}
+      SAKURACLOUD_ACCESS_TOKEN_SECRET: ${{ secrets.SAKURACLOUD_ACCESS_TOKEN_SECRET }}
+
       TRANSIP_ACCOUNT_NAME: ${{ secrets.TRANSIP_ACCOUNT_NAME }}
       TRANSIP_PRIVATE_KEY: ${{ secrets.TRANSIP_PRIVATE_KEY }}
 

From dd2030e2cb0e7a72247b6c70a4302c8257244131 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 26 Aug 2024 14:18:08 -0400
Subject: [PATCH 339/438] CHORE: update deps (#3097)

---
 go.mod |  66 +++++++++++++--------------
 go.sum | 139 +++++++++++++++++++++++++++++----------------------------
 2 files changed, 103 insertions(+), 102 deletions(-)

diff --git a/go.mod b/go.mod
index 88d99302a2..31d04a42e5 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.30.3
-	github.com/aws/aws-sdk-go-v2/config v1.27.27
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.27
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3
+	github.com/aws/aws-sdk-go-v2 v1.30.4
+	github.com/aws/aws-sdk-go-v2/config v1.27.30
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.29
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
 	github.com/cloudflare/cloudflare-go v0.102.0
-	github.com/digitalocean/godo v1.119.0
+	github.com/digitalocean/godo v1.120.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -35,7 +35,7 @@ require (
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
-	github.com/miekg/dns v1.1.61
+	github.com/miekg/dns v1.1.62
 	github.com/mittwald/go-powerdns v0.6.4
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
@@ -47,52 +47,52 @@ require (
 	github.com/robertkrimen/otto v0.4.0
 	github.com/softlayer/softlayer-go v1.1.5
 	github.com/stretchr/testify v1.9.0
-	github.com/transip/gotransip/v6 v6.25.0
-	github.com/urfave/cli/v2 v2.27.3
+	github.com/transip/gotransip/v6 v6.26.0
+	github.com/urfave/cli/v2 v2.27.4
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.22.0
-	google.golang.org/api v0.190.0
+	google.golang.org/api v0.194.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.0
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.72.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+	golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
 	golang.org/x/text v0.17.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.7.3 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect
+	cloud.google.com/go/auth v0.9.1 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect
-	github.com/aws/smithy-go v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.5 // indirect
+	github.com/aws/smithy-go v1.20.4 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
@@ -154,14 +154,14 @@ require (
 	go.opentelemetry.io/otel v1.24.0 // indirect
 	go.opentelemetry.io/otel/metric v1.24.0 // indirect
 	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.23.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.23.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect
-	google.golang.org/grpc v1.64.1 // indirect
+	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/tools v0.24.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/grpc v1.65.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 567b7613d5..faf876cd73 100644
--- a/go.sum
+++ b/go.sum
@@ -1,12 +1,12 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY=
-cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA=
-cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI=
-cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I=
+cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w=
+cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk=
+cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
+cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
 cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
 cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
@@ -41,36 +41,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY=
-github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc=
-github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90=
-github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
-github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3 h1:MmLCRqP4U4Cw9gJ4bNrCG0mWqEtBlmAVleyelcHARMU=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.42.3/go.mod h1:AMPjK2YnRh0YgOID3PqhJA1BRNfXDfGOnSsKHtAe8yA=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3 h1:VGLIgiClxmwxBpGzHERgNgwJMukHZpLcQZqJuQYjAiM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.3/go.mod h1:Kgq5O7ZaDk0mTZmX6YCL+ZtZ1YcJHtGsVubp0OT77MA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ=
-github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE=
-github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
+github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
+github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
+github.com/aws/aws-sdk-go-v2/config v1.27.30 h1:AQF3/+rOgeJBQP3iI4vojlPib5X6eeOYoa/af7OxAYg=
+github.com/aws/aws-sdk-go-v2/config v1.27.30/go.mod h1:yxqvuubha9Vw8stEgNiStO+yZpP68Wm9hLmcm+R/Qk4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.29 h1:CwGsupsXIlAFYuDVHv1nnK0wnxO0wZ/g1L8DSK/xiIw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.29/go.mod h1:BPJ/yXV92ZVq6G8uYvbU0gSl8q94UB63nMT5ctNO38g=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 h1:yjwoSyDZF8Jth+mUk5lSPJCkMC0lMy6FaCD51jm6ayE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12/go.mod h1:fuR57fAgMk7ot3WcNQfb6rSEn+SUffl7ri+aa8uKysI=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 h1:TNyt/+X43KJ9IJJMjKfa3bNTiZbUP7DeCxfbTROESwY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16/go.mod h1:2DwJF39FlNAUiX5pAc0UNeiz16lK2t7IaFcm0LFHEgc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 h1:jYfy8UPmd+6kJW5YhY0L1/KftReOGxI/4NtVSTh9O/I=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16/go.mod h1:7ZfEPZxkW42Afq4uQB8H2E2e6ebh6mXTueEpYzjCzcs=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 h1:tJ5RnkHCiSH0jyd6gROjlJtNwov0eGYNz8s8nFcR0jQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18/go.mod h1:++NHzT+nAF7ZPrHPsA+ENvsXkOO8wEu+C6RXltAG4/c=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0 h1:xtp7jye7KhWu4ptBs5yh1Vep0vLAGSNGmArOUp997DU=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0/go.mod h1:QN7tFo/W8QjLCR6aPZqMZKaVQJiAp95r/g78x1LWtkA=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4 h1:YCHWMRbaIyNUzhsFXSxW2aJ00WV6FUGzt2OtyE7RMyw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4/go.mod h1:WUxTIZlbeHcwisUsauu2ra7O2+s11PM8xRLffHzc1q4=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 h1:zCsFCKvbj25i7p1u94imVoO447I/sFv8qq+lGJhRN0c=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.5/go.mod h1:ZeDX1SnKsVlejeuz41GiajjZpRSWR7/42q/EyA/QEiM=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 h1:SKvPgvdvmiTWoi0GAJ7AsJfOz3ngVkD/ERbs5pUnHNI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5/go.mod h1:20sz31hv/WsPa3HhU3hfrIet2kxM4Pe0r20eBZ20Tac=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.5 h1:OMsEmCyz2i89XwRwPouAJvhj81wINh+4UK+k/0Yo/q8=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.5/go.mod h1:vmSqFK+BVIwVpDAGZB3CoCXHzurt4qBE8lf+I/kRTh0=
+github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
+github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -84,8 +84,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
 github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6 h1:Y/ysEHH/jbcxiH23ho8+lqWolf8PJEvMfwBlFZkbY3E=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.6/go.mod h1:VEvVb1+MamCz0hZrwOCDNK3L6RArOazyKF4ZjWVA2Y0=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7 h1:Jk7uhY5q11fE5PlEupX2Lo12w82UhGC6bE1CI5jwFbc=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod h1:FnQtD0+Q/1NZxi0eEWN+3ZRyMsE9vzSB3YjyunkbKD0=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.119.0 h1:dmFNQwSIAcH3z+FVovHLkazKDC2uA8oOlGvg5+H4vRw=
-github.com/digitalocean/godo v1.119.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
+github.com/digitalocean/godo v1.120.0 h1:t2DpzIitSnCDNQM7svSW4+cZd8E4Lv6+r8y33Kym0Xw=
+github.com/digitalocean/godo v1.120.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -246,8 +246,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
 github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103 h1:xuWRET87TRmBHTxIsKjv0xerTx0iptyXU9XVF5AWOMc=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.103/go.mod h1:lhdEO9Bbb3hZ0wG+JeK9/GqMOp/sgc92mFmVk5tNSCk=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111 h1:15NgjfBu7rpWS1viywUA4zFia51YQkOpvD6sbT3ZG4M=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -304,8 +304,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/maxatome/go-testdeep v1.12.0 h1:Ql7Go8Tg0C1D/uMMX59LAoYK7LffeJQ6X2T04nTH68g=
 github.com/maxatome/go-testdeep v1.12.0/go.mod h1:lPZc/HAcJMP92l7yI6TRz1aZN5URwUBUAfUNvrclaNM=
-github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
-github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
+github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ=
+github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
@@ -405,14 +405,14 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
-github.com/transip/gotransip/v6 v6.25.0 h1:/H+SjMq/9HNZ0/maE1OLhJpxLaCGHsxq0PWaMPJHxK4=
-github.com/transip/gotransip/v6 v6.25.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
+github.com/transip/gotransip/v6 v6.26.0 h1:Aejfvh8rSp8Mj2GX/RpdBjMCv+Iy/DmgfNgczPDP550=
+github.com/transip/gotransip/v6 v6.26.0/go.mod h1:x0/RWGRK/zob817O3tfO2xhFoP1vu8YOHORx6Jpk80s=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.27.3 h1:/POWahRmdh7uztQ3CYnaDddk0Rm90PyOgIxgW2rr41M=
-github.com/urfave/cli/v2 v2.27.3/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ=
+github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8=
+github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -452,12 +452,12 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
 golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA=
+golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -465,8 +465,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -525,9 +525,9 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM=
-golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
+golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -535,7 +535,7 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -545,12 +545,13 @@ golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
-golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
+golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -562,31 +563,31 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
+golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q=
-google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo=
+google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s=
+google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk=
-google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE=
+google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
-google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From 04f34cf2e370c02feea6ba21ecc105add9b0533f Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Tue, 27 Aug 2024 02:50:25 +0800
Subject: [PATCH 340/438] PORKBUN: support URL Forward (#3064)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .../domain-modifiers/PORKBUN_URLFWD.md        |  31 ++++++
 integrationTest/integration_test.go           |  18 +++
 models/domain.go                              |   2 +-
 models/record.go                              |   1 +
 pkg/js/helpers.js                             |   1 +
 providers/porkbun/api.go                      |  53 ++++++++-
 providers/porkbun/porkbunProvider.go          | 105 +++++++++++++++++-
 7 files changed, 206 insertions(+), 5 deletions(-)
 create mode 100644 documentation/language-reference/domain-modifiers/PORKBUN_URLFWD.md

diff --git a/documentation/language-reference/domain-modifiers/PORKBUN_URLFWD.md b/documentation/language-reference/domain-modifiers/PORKBUN_URLFWD.md
new file mode 100644
index 0000000000..85ab491d6b
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/PORKBUN_URLFWD.md
@@ -0,0 +1,31 @@
+---
+name: PORKBUN_URLFWD
+parameters:
+  - name
+  - target
+  - modifiers...
+provider: PORKBUN
+parameter_types:
+  name: string
+  target: string
+  "modifiers...": RecordModifier[]
+---
+
+`PORKBUN_URLFWD` is a Porkbun-specific feature that maps to Porkbun's URL forwarding feature, which creates HTTP 301 (permanent) or 302 (temporary) redirects.
+
+
+{% code title="dnsconfig.js" %}
+```javascript
+D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+    PORKBUN_URLFWD("urlfwd1", "http://example.com"),
+    PORKBUN_URLFWD("urlfwd2", "http://example.org", {type: "permanent", includePath: "yes", wildcard: "no"})
+);
+```
+{% endcode %}
+
+The fields are:
+* name: the record name
+* target: where you'd like to forward the domain to
+* type: valid types are: `temporary` (302 / 307) or `permanent` (301), default to `temporary`
+* includePath: whether to include the URI path in the redirection. Valid options are `yes` or `no`, default to `no`
+* wildcard: forward all subdomains of the domain. Valid options are `yes` or `no`, default to `yes`
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 36d3cacadb..4911376a88 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -764,6 +764,15 @@ func ns1Urlfwd(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "NS1_URLFWD")
 }
 
+func porkbunUrlfwd(name, target, t, includePath, wildcard string) *models.RecordConfig {
+	r := makeRec(name, target, "PORKBUN_URLFWD")
+	r.Metadata = make(map[string]string)
+	r.Metadata["type"] = t
+	r.Metadata["includePath"] = includePath
+	r.Metadata["wildcard"] = wildcard
+	return r
+}
+
 func clear() *TestCase {
 	return tc("Empty")
 }
@@ -2280,6 +2289,15 @@ func makeTests() []*TestGroup {
 				ovhdmarc("_dmarc", "v=DMARC1; p=none; rua=mailto:dmarc@example.com")),
 		),
 
+		// PORKBUN features
+
+		testgroup("PORKBUN_URLFWD tests",
+			only("PORKBUN"),
+			tc("Add a urlfwd", porkbunUrlfwd("urlfwd1", "http://example.com", "", "", "")),
+			tc("Update a urlfwd", porkbunUrlfwd("urlfwd1", "http://example.org", "", "", "")),
+			tc("Update a urlfwd with metadata", porkbunUrlfwd("urlfwd1", "http://example.org", "permanent", "no", "no")),
+		),
+
 		// This MUST be the last test.
 		testgroup("final",
 			tc("final", txt("final", `TestDNSProviders was successful!`)),
diff --git a/models/domain.go b/models/domain.go
index 5102cf5a69..5b58d0cabc 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -123,7 +123,7 @@ func (dc *DomainConfig) Punycode() error {
 
 		// Set the target:
 		switch rec.Type { // #rtype_variations
-		case "ALIAS", "MX", "NS", "CNAME", "DNAME", "PTR", "SRV", "URL", "URL301", "FRAME", "R53_ALIAS", "NS1_URLFWD", "AKAMAICDN", "CLOUDNS_WR":
+		case "ALIAS", "MX", "NS", "CNAME", "DNAME", "PTR", "SRV", "URL", "URL301", "FRAME", "R53_ALIAS", "NS1_URLFWD", "AKAMAICDN", "CLOUDNS_WR", "PORKBUN_URLFWD":
 			// These rtypes are hostnames, therefore need to be converted (unlike, for example, an AAAA record)
 			t, err := idna.ToASCII(rec.GetTargetField())
 			if err != nil {
diff --git a/models/record.go b/models/record.go
index a00c92654a..d83a11d7d7 100644
--- a/models/record.go
+++ b/models/record.go
@@ -47,6 +47,7 @@ import (
 //	  NO_PURGE
 //	  NS1_URLFWD
 //	  PAGE_RULE
+//	  PORKBUN_URLFWD
 //	  PURGE
 //	  URL
 //	  URL301
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index a85a3b46c4..495a96c71a 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1260,6 +1260,7 @@ var URL301 = recordBuilder('URL301');
 var FRAME = recordBuilder('FRAME');
 var NS1_URLFWD = recordBuilder('NS1_URLFWD');
 var CLOUDNS_WR = recordBuilder('CLOUDNS_WR');
+var PORKBUN_URLFWD = recordBuilder('PORKBUN_URLFWD');
 
 // LOC_BUILDER_DD takes an object:
 // label: The DNS label for the LOC record. (default: '@')
diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index d101a27c79..23f0f3fb4d 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -36,10 +36,16 @@ type domainRecord struct {
 	Content string `json:"content"`
 	TTL     string `json:"ttl"`
 	Prio    string `json:"prio"`
+	// Forwarding
+	Subdomain   string `json:"subdomain"`
+	Location    string `json:"location"`
+	IncludePath string `json:"includePath"`
+	Wildcard    string `json:"wildcard"`
 }
 
 type recordResponse struct {
-	Records []domainRecord `json:"records"`
+	Records  []domainRecord `json:"records"`
+	Forwards []domainRecord `json:"forwards"`
 }
 
 type domainListRecord struct {
@@ -146,6 +152,51 @@ func (c *porkbunProvider) getRecords(domain string) ([]domainRecord, error) {
 	return records, nil
 }
 
+func (c *porkbunProvider) createUrlForwardingRecord(domain string, rec requestParams) error {
+	if _, err := c.post("/domain/addUrlForward/"+domain, rec); err != nil {
+		return fmt.Errorf("failed create url forwarding record (porkbun): %w", err)
+	}
+	return nil
+}
+
+func (c *porkbunProvider) deleteUrlForwardingRecord(domain string, recordID string) error {
+	params := requestParams{}
+	if _, err := c.post(fmt.Sprintf("/domain/deleteUrlForward/%s/%s", domain, recordID), params); err != nil {
+		return fmt.Errorf("failed delete url forwarding record (porkbun): %w", err)
+	}
+	return nil
+}
+
+func (c *porkbunProvider) modifyUrlForwardingRecord(domain string, recordID string, rec requestParams) error {
+	if err := c.deleteUrlForwardingRecord(domain, recordID); err != nil {
+		return err
+	}
+	if err := c.createUrlForwardingRecord(domain, rec); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *porkbunProvider) getUrlForwardingRecords(domain string) ([]domainRecord, error) {
+	params := requestParams{}
+	var bodyString, err = c.post("/domain/getUrlForwarding/"+domain, params)
+	if err != nil {
+		return nil, fmt.Errorf("failed fetching url forwarding record list from porkbun: %w", err)
+	}
+
+	var dr recordResponse
+	err = json.Unmarshal(bodyString, &dr)
+	if err != nil {
+		return nil, fmt.Errorf("failed parsing url forwarding record list from porkbun: %w", err)
+	}
+
+	var records []domainRecord
+	for _, rec := range dr.Forwards {
+		records = append(records, rec)
+	}
+	return records, nil
+}
+
 func (c *porkbunProvider) getNameservers(domain string) ([]string, error) {
 	params := requestParams{}
 	var bodyString, err = c.post(fmt.Sprintf("/domain/getNs/%s", domain), params)
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 7b21c602c4..394fddafd8 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -11,12 +11,20 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/providers"
+
+	"github.com/miekg/dns/dnsutil"
 )
 
 const (
 	minimumTTL = 600
 )
 
+const (
+	metaType        = "type"
+	metaIncludePath = "includePath"
+	metaWildcard    = "wildcard"
+)
+
 // https://kb.porkbun.com/article/63-how-to-switch-to-porkbuns-nameservers
 var defaultNS = []string{
 	"curitiba.ns.porkbun.com",
@@ -78,6 +86,7 @@ func init() {
 	}
 	providers.RegisterDomainServiceProviderType(providerName, fns, features)
 	providers.RegisterMaintainer(providerName, providerMaintainer)
+	providers.RegisterCustomRecordType("PORKBUN_URLFWD", providerName, "")
 }
 
 // GetNameservers returns the nameservers for a domain.
@@ -85,6 +94,13 @@ func (c *porkbunProvider) GetNameservers(domain string) ([]*models.Nameserver, e
 	return models.ToNameservers(defaultNS)
 }
 
+func genComparable(rec *models.RecordConfig) string {
+	if rec.Type == "PORKBUN_URLFWD" {
+		return fmt.Sprintf("type=%s includePath=%s wildcard=%s", rec.Metadata[metaType], rec.Metadata[metaIncludePath], rec.Metadata[metaWildcard])
+	}
+	return ""
+}
+
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
 	var corrections []*models.Correction
@@ -95,9 +111,24 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 	// Make sure TTL larger than the minimum TTL
 	for _, record := range dc.Records {
 		record.TTL = fixTTL(record.TTL)
+		if record.Type == "PORKBUN_URLFWD" {
+			record.TTL = 0
+			if record.Metadata == nil {
+				record.Metadata = make(map[string]string)
+			}
+			if record.Metadata[metaType] == "" {
+				record.Metadata[metaType] = "temporary"
+			}
+			if record.Metadata[metaIncludePath] == "" {
+				record.Metadata[metaIncludePath] = "no"
+			}
+			if record.Metadata[metaWildcard] == "" {
+				record.Metadata[metaWildcard] = "yes"
+			}
+		}
 	}
 
-	changes, err := diff2.ByRecord(existingRecords, dc, nil)
+	changes, err := diff2.ByRecord(existingRecords, dc, genComparable)
 	if err != nil {
 		return nil, err
 	}
@@ -114,6 +145,9 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 			corr = &models.Correction{
 				Msg: change.Msgs[0],
 				F: func() error {
+					if change.New[0].Type == "PORKBUN_URLFWD" {
+						return c.createUrlForwardingRecord(dc.Name, req)
+					}
 					return c.createRecord(dc.Name, req)
 				},
 			}
@@ -126,6 +160,9 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 			corr = &models.Correction{
 				Msg: fmt.Sprintf("%s, porkbun ID: %s", change.Msgs[0], id),
 				F: func() error {
+					if change.New[0].Type == "PORKBUN_URLFWD" {
+						return c.modifyUrlForwardingRecord(dc.Name, id, req)
+					}
 					return c.modifyRecord(dc.Name, id, req)
 				},
 			}
@@ -134,6 +171,9 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 			corr = &models.Correction{
 				Msg: fmt.Sprintf("%s, porkbun ID: %s", change.Msgs[0], id),
 				F: func() error {
+					if change.Old[0].Type == "PORKBUN_URLFWD" {
+						return c.deleteUrlForwardingRecord(dc.Name, id)
+					}
 					return c.deleteRecord(dc.Name, id)
 				},
 			}
@@ -152,9 +192,54 @@ func (c *porkbunProvider) GetZoneRecords(domain string, meta map[string]string)
 	if err != nil {
 		return nil, err
 	}
-	existingRecords := make([]*models.RecordConfig, len(records))
+	forwards, err := c.getUrlForwardingRecords(domain)
+	if err != nil {
+		return nil, err
+	}
+	existingRecords := make([]*models.RecordConfig, 0)
 	for i := range records {
-		existingRecords[i] = toRc(domain, &records[i])
+		shouldSkip := false
+		if strings.HasSuffix(records[i].Content, ".porkbun.com") {
+			name := dnsutil.TrimDomainName(records[i].Name, domain)
+			if name == "@" {
+				name = ""
+			}
+			if records[i].Type == "ALIAS" {
+				for _, forward := range forwards {
+					if name == forward.Subdomain {
+						shouldSkip = true
+						break
+					}
+				}
+			}
+			if records[i].Type == "CNAME" {
+				for _, forward := range forwards {
+					if name == "*."+forward.Subdomain {
+						shouldSkip = true
+						break
+					}
+				}
+			}
+		}
+		if shouldSkip {
+			continue
+		}
+		existingRecords = append(existingRecords, toRc(domain, &records[i]))
+	}
+	for i := range forwards {
+		r := &forwards[i]
+		rc := &models.RecordConfig{
+			Type:     "PORKBUN_URLFWD",
+			Original: r,
+			Metadata: map[string]string{
+				metaType:        r.Type,
+				metaIncludePath: r.IncludePath,
+				metaWildcard:    r.Wildcard,
+			},
+		}
+		rc.SetLabel(r.Subdomain, domain)
+		rc.SetTarget(r.Location)
+		existingRecords = append(existingRecords, rc)
 	}
 	return existingRecords, nil
 }
@@ -219,6 +304,20 @@ func toRc(domain string, r *domainRecord) *models.RecordConfig {
 
 // toReq takes a RecordConfig and turns it into the native format used by the API.
 func toReq(rc *models.RecordConfig) (requestParams, error) {
+	if rc.Type == "PORKBUN_URLFWD" {
+		subdomain := rc.GetLabel()
+		if subdomain == "@" {
+			subdomain = ""
+		}
+		return requestParams{
+			"subdomain":   subdomain,
+			"location":    rc.GetTargetField(),
+			"type":        rc.Metadata[metaType],
+			"includePath": rc.Metadata[metaIncludePath],
+			"wildcard":    rc.Metadata[metaWildcard],
+		}, nil
+	}
+
 	req := requestParams{
 		"type":    rc.Type,
 		"name":    rc.GetLabel(),

From f2be1a6f649afe867ff0178d8c00716466156e1d Mon Sep 17 00:00:00 2001
From: Christian Burmeister <christianbur@users.noreply.github.com>
Date: Wed, 28 Aug 2024 15:58:55 +0200
Subject: [PATCH 341/438] AUTODNS:  Enable CanUsePTR (#3098)

---
 documentation/providers.md           | 2 +-
 providers/autodns/autoDnsProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 91358cda28..6ad2b0c5db 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -15,7 +15,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | Provider name | Official Support | DNS Provider | Registrar | Concurrency Verified | [`ALIAS`](language-reference/domain-modifiers/ALIAS.md) | [`CAA`](language-reference/domain-modifiers/CAA.md) | [`AUTODNSSEC`](language-reference/domain-modifiers/AUTODNSSEC_ON.md) | [`HTTPS`](language-reference/domain-modifiers/HTTPS.md) | [`LOC`](language-reference/domain-modifiers/LOC.md) | [`NAPTR`](language-reference/domain-modifiers/NAPTR.md) | [`PTR`](language-reference/domain-modifiers/PTR.md) | [`SOA`](language-reference/domain-modifiers/SOA.md) | [`SRV`](language-reference/domain-modifiers/SRV.md) | [`SSHFP`](language-reference/domain-modifiers/SSHFP.md) | [`SVCB`](language-reference/domain-modifiers/SVCB.md) | [`TLSA`](language-reference/domain-modifiers/TLSA.md) | [`DS`](language-reference/domain-modifiers/DS.md) | [`DHCID`](language-reference/domain-modifiers/DHCID.md) | [`DNAME`](language-reference/domain-modifiers/DNAME.md) | [`DNSKEY`](language-reference/domain-modifiers/DNSKEY.md) | dual host | create-domains | get-zones |
 | ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------- | --------- | -------------- | --------- |
 | [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 38a7184c74..af7ec81ec6 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -22,7 +22,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
-	providers.CanUsePTR:              providers.Cannot(),
+	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Cannot(),
 	providers.CanUseTLSA:             providers.Cannot(),

From 74826d343055e39151880f78243657bc3b05ec87 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 3 Sep 2024 14:25:34 -0400
Subject: [PATCH 342/438] update deps; go generate (#3106)

---
 commands/types/dnscontrol.d.ts | 21 ++++++++++++++++++
 go.mod                         | 20 ++++++++---------
 go.sum                         | 40 +++++++++++++++++-----------------
 3 files changed, 51 insertions(+), 30 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index ade2786c3a..a4ae60f37b 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -2402,6 +2402,27 @@ declare function NewRegistrar(name: string, type?: string, meta?: object): strin
  */
 declare function PANIC(message: string): never;
 
+/**
+ * `PORKBUN_URLFWD` is a Porkbun-specific feature that maps to Porkbun's URL forwarding feature, which creates HTTP 301 (permanent) or 302 (temporary) redirects.
+ *
+ * ```javascript
+ * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ *     PORKBUN_URLFWD("urlfwd1", "http://example.com"),
+ *     PORKBUN_URLFWD("urlfwd2", "http://example.org", {type: "permanent", includePath: "yes", wildcard: "no"})
+ * );
+ * ```
+ *
+ * The fields are:
+ * * name: the record name
+ * * target: where you'd like to forward the domain to
+ * * type: valid types are: `temporary` (302 / 307) or `permanent` (301), default to `temporary`
+ * * includePath: whether to include the URI path in the redirection. Valid options are `yes` or `no`, default to `no`
+ * * wildcard: forward all subdomains of the domain. Valid options are `yes` or `no`, default to `yes`
+ *
+ * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific//porkbun_urlfwd
+ */
+declare function PORKBUN_URLFWD(name: string, target: string, ...modifiers: RecordModifier[]): DomainModifier;
+
 /**
  * PTR adds a PTR record to the domain.
  *
diff --git a/go.mod b/go.mod
index 31d04a42e5..fb233d39c7 100644
--- a/go.mod
+++ b/go.mod
@@ -17,15 +17,15 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.30.4
-	github.com/aws/aws-sdk-go-v2/config v1.27.30
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.29
+	github.com/aws/aws-sdk-go-v2/config v1.27.31
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.30
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0
 	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.102.0
-	github.com/digitalocean/godo v1.120.0
+	github.com/cloudflare/cloudflare-go v0.103.0
+	github.com/digitalocean/godo v1.121.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -36,7 +36,7 @@ require (
 	github.com/hashicorp/vault/api v1.14.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.62
-	github.com/mittwald/go-powerdns v0.6.4
+	github.com/mittwald/go-powerdns v0.6.6
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
 	github.com/ovh/go-ovh v1.4.3
@@ -53,7 +53,7 @@ require (
 	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/net v0.28.0
 	golang.org/x/oauth2 v0.22.0
-	google.golang.org/api v0.194.0
+	google.golang.org/api v0.195.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.0
 )
 
@@ -64,11 +64,11 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.72.0
+	github.com/oracle/oci-go-sdk/v65 v65.73.0
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
 	golang.org/x/text v0.17.0
@@ -159,8 +159,8 @@ require (
 	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	golang.org/x/tools v0.24.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect
 	google.golang.org/grpc v1.65.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index faf876cd73..4e8b3be07c 100644
--- a/go.sum
+++ b/go.sum
@@ -43,10 +43,10 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
 github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
-github.com/aws/aws-sdk-go-v2/config v1.27.30 h1:AQF3/+rOgeJBQP3iI4vojlPib5X6eeOYoa/af7OxAYg=
-github.com/aws/aws-sdk-go-v2/config v1.27.30/go.mod h1:yxqvuubha9Vw8stEgNiStO+yZpP68Wm9hLmcm+R/Qk4=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.29 h1:CwGsupsXIlAFYuDVHv1nnK0wnxO0wZ/g1L8DSK/xiIw=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.29/go.mod h1:BPJ/yXV92ZVq6G8uYvbU0gSl8q94UB63nMT5ctNO38g=
+github.com/aws/aws-sdk-go-v2/config v1.27.31 h1:kxBoRsjhT3pq0cKthgj6RU6bXTm/2SgdoUMyrVw0rAI=
+github.com/aws/aws-sdk-go-v2/config v1.27.31/go.mod h1:z04nZdSWFPaDwK3DdJOG2r+scLQzMYuJeW0CujEm9FM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.30 h1:aau/oYFtibVovr2rDt8FHlU17BTicFEMAi29V1U+L5Q=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.30/go.mod h1:BPJ/yXV92ZVq6G8uYvbU0gSl8q94UB63nMT5ctNO38g=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 h1:yjwoSyDZF8Jth+mUk5lSPJCkMC0lMy6FaCD51jm6ayE=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12/go.mod h1:fuR57fAgMk7ot3WcNQfb6rSEn+SUffl7ri+aa8uKysI=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 h1:TNyt/+X43KJ9IJJMjKfa3bNTiZbUP7DeCxfbTROESwY=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.102.0 h1:+0MGbkirM/yzVLOYpWMgW7CDdKzesSbdwA2Y+rABrWI=
-github.com/cloudflare/cloudflare-go v0.102.0/go.mod h1:BOB41tXf31ti/qtBO9paYhyapotQbGRDbQoLOAF7pSg=
+github.com/cloudflare/cloudflare-go v0.103.0 h1:XXKzgXeUbAo7UTtM4T5wuD2bJPBtNZv7TlZAEy5QI4k=
+github.com/cloudflare/cloudflare-go v0.103.0/go.mod h1:0DrjT4g8wgYFYIxhlqR8xi8dNWfyHFGilUkU3+XV8h0=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.120.0 h1:t2DpzIitSnCDNQM7svSW4+cZd8E4Lv6+r8y33Kym0Xw=
-github.com/digitalocean/godo v1.120.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
+github.com/digitalocean/godo v1.121.0 h1:ilXiHuEnhbJs2fmFEPX0r/QQ6KfiOIMAhJN3f8NiCfI=
+github.com/digitalocean/godo v1.121.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -246,8 +246,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
 github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111 h1:15NgjfBu7rpWS1viywUA4zFia51YQkOpvD6sbT3ZG4M=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.111/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112 h1:kIZQl+PjLn/AZLzqMaHnD1C3HdCCum0mMrlMFaOmB5U=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -313,8 +313,8 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mittwald/go-powerdns v0.6.4 h1:cVDp+5HtL21YZ1XasbMHWa2eZyCzbvQO8NPZrguVx9Y=
-github.com/mittwald/go-powerdns v0.6.4/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
+github.com/mittwald/go-powerdns v0.6.6 h1:yQcuszhl98+jJgELjD5ecfxCQWoshhnArexpwrwQxLY=
+github.com/mittwald/go-powerdns v0.6.6/go.mod h1:adWJ860laOgm14afg+7V0nCa5NQT37oEYe2HRhoS/CA=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -331,8 +331,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg=
-github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg=
+github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
 github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -569,17 +569,17 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s=
-google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0=
+google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU=
+google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
+google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From 9178a837de6cdfd4ae658169144f8130bbcb34a7 Mon Sep 17 00:00:00 2001
From: Kevin Zander <veratil@gmail.com>
Date: Sun, 8 Sep 2024 13:02:41 -0500
Subject: [PATCH 343/438] POWERDNS: Improve preformance by using new batched
 add/remove functions in 0.6.6 API (#3105)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/powerdns/diff.go | 55 +++++++++++++++++++++++++++-----------
 1 file changed, 39 insertions(+), 16 deletions(-)

diff --git a/providers/powerdns/diff.go b/providers/powerdns/diff.go
index 9bc0bad1c4..92a3354b37 100644
--- a/providers/powerdns/diff.go
+++ b/providers/powerdns/diff.go
@@ -3,9 +3,11 @@ package powerdns
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/fatih/color"
 	"github.com/mittwald/go-powerdns/apis/zones"
 )
 
@@ -16,6 +18,14 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 	}
 
 	var corrections []*models.Correction
+	var changeMsgs []string
+	var rrChangeSets []zones.ResourceRecordSet
+	var deleteMsgs []string
+	var rrDeleteSets []zones.ResourceRecordSet
+
+	// for pretty alignment, add an empty string
+	changeMsgs = append(changeMsgs, color.YellowString("± BATCHED CHANGE/CREATEs for %s", dc.Name))
+	deleteMsgs = append(deleteMsgs, color.RedString("- BATCHED DELETEs for %s", dc.Name))
 
 	for _, change := range changes {
 		labelName := canonical(change.Key.NameFQDN)
@@ -28,30 +38,43 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 			labelTTL := int(change.New[0].TTL)
 			records := buildRecordList(change)
 
-			corrections = append(corrections, &models.Correction{
-				Msg: change.MsgsJoined,
-				F: func() error {
-					return dsp.client.Zones().AddRecordSetToZone(context.Background(), dsp.ServerName, canonical(dc.Name), zones.ResourceRecordSet{
-						Name:       labelName,
-						Type:       labelType,
-						TTL:        labelTTL,
-						Records:    records,
-						ChangeType: zones.ChangeTypeReplace,
-					})
-				},
+			rrChangeSets = append(rrChangeSets, zones.ResourceRecordSet{
+				Name:    labelName,
+				Type:    labelType,
+				TTL:     labelTTL,
+				Records: records,
+				// ChangeType is not needed since zone API sets it when calling Add
 			})
+			changeMsgs = append(changeMsgs, change.MsgsJoined)
 		case diff2.DELETE:
-			corrections = append(corrections, &models.Correction{
-				Msg: change.MsgsJoined,
-				F: func() error {
-					return dsp.client.Zones().RemoveRecordSetFromZone(context.Background(), dsp.ServerName, canonical(dc.Name), labelName, labelType)
-				},
+			rrDeleteSets = append(rrDeleteSets, zones.ResourceRecordSet{
+				Name: labelName,
+				Type: labelType,
+				// ChangeType is not needed since zone API sets it when calling Remove
 			})
+			deleteMsgs = append(deleteMsgs, change.MsgsJoined)
 		default:
 			panic(fmt.Sprintf("unhandled change.Type %s", change.Type))
 		}
 	}
 
+	// only append a Correction if there are any, otherwise causes an error when sending an empty rrset
+	if len(rrDeleteSets) > 0 {
+		corrections = append(corrections, &models.Correction{
+			Msg: strings.Join(deleteMsgs, "\n"),
+			F: func() error {
+				return dsp.client.Zones().RemoveRecordSetsFromZone(context.Background(), dsp.ServerName, canonical(dc.Name), rrDeleteSets)
+			},
+		})
+	}
+	if len(rrChangeSets) > 0 {
+		corrections = append(corrections, &models.Correction{
+			Msg: strings.Join(changeMsgs, "\n"),
+			F: func() error {
+				return dsp.client.Zones().AddRecordSetsToZone(context.Background(), dsp.ServerName, canonical(dc.Name), rrChangeSets)
+			},
+		})
+	}
 	return corrections, nil
 }
 

From 040384f2331c6e2fb153ef1006e1e11c99db25f2 Mon Sep 17 00:00:00 2001
From: Christopher Hicks <chicks.net@gmail.com>
Date: Mon, 9 Sep 2024 17:03:23 -0400
Subject: [PATCH 344/438] BIND: DOCS: clarify meta config instructions (#3111)

---
 documentation/provider/bind.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/documentation/provider/bind.md b/documentation/provider/bind.md
index c21c18377b..dd40598cbd 100644
--- a/documentation/provider/bind.md
+++ b/documentation/provider/bind.md
@@ -30,10 +30,10 @@ Example:
 
 ## Meta configuration
 
-This provider accepts some optional metadata in the NewDnsProvider() call.
+This provider accepts some optional metadata in the `NewDnsProvider()` call.
 
-* `default_soa`: If no SOA record exists in a zone file, one will be created. The values of the new SOA are specified here.
-* `default_ns`: Inject these NS records into the zone.
+* `default_soa`: If no SOA record exists in a zone file, one will be created based on the values specified here. Use `SOA()` to update existing zone files.
+* `default_ns`: Inject these NS records into the zone.  Use this when `NS()` is insufficient.
 
 In this example we set the default SOA settings and NS records.
 

From 6e2cfb5d3b9749331212ddbbd83a42ba15c55406 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 13 Sep 2024 13:08:29 -0400
Subject: [PATCH 345/438] Build(deps): Bump actions/upload-artifact from 4.3.6
 to 4.4.0 (#3104)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 367fa6c340..efc2012ed3 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.3.6
+    - uses: actions/upload-artifact@v4.4.0
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -210,7 +210,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.3.6
+    - uses: actions/upload-artifact@v4.4.0
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From 06ba3cce775477779bb7b0fe021168f9c89ba07c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 16 Sep 2024 12:20:30 -0400
Subject: [PATCH 346/438] Bugfix: Providers with batched updates might not
 report the correct number of changes (#3108)

---
 .github/workflows/pr_test.yml                 |  2 +-
 .github/workflows/release_draft.yml           |  2 +-
 commands/ppreviewPush.go                      | 46 ++++++++++---------
 commands/previewPush.go                       |  8 ++--
 go.mod                                        |  2 +-
 integrationTest/integration_test.go           | 20 ++++----
 models/domain.go                              | 27 +++++++++--
 models/provider.go                            |  2 +-
 pkg/acme/acme.go                              |  2 +-
 pkg/diff/diff.go                              |  4 +-
 pkg/diff/diff2compat.go                       | 14 +++---
 pkg/diff2/analyze.go                          | 28 ++++++-----
 pkg/diff2/analyze_test.go                     | 26 +++++++++--
 pkg/diff2/diff2.go                            | 27 ++++-------
 pkg/zonerecs/zonerecords.go                   | 10 ++--
 .../akamaiedgedns/akamaiEdgeDnsProvider.go    | 10 ++--
 providers/autodns/autoDnsProvider.go          |  8 ++--
 providers/axfrddns/axfrddnsProvider.go        | 14 +++---
 providers/azuredns/azureDnsProvider.go        |  8 ++--
 .../azurePrivateDnsProvider.go                |  8 ++--
 providers/bind/bindProvider.go                | 11 +++--
 providers/bunnydns/records.go                 | 11 +++--
 providers/cloudflare/cloudflareProvider.go    | 12 ++---
 providers/cloudns/cloudnsProvider.go          | 16 +++----
 providers/cscglobal/dns.go                    |  8 ++--
 providers/desec/desecProvider.go              | 12 ++---
 .../digitalocean/digitaloceanProvider.go      |  8 ++--
 providers/dnsimple/dnsimpleProvider.go        | 10 ++--
 providers/dnsmadeeasy/dnsMadeEasyProvider.go  | 10 ++--
 providers/domainnameshop/dns.go               | 12 ++---
 providers/exoscale/exoscaleProvider.go        | 10 ++--
 providers/gandiv5/gandi_v5Provider.go         |  8 ++--
 providers/gcloud/gcloudProvider.go            | 12 ++---
 providers/gcore/gcoreProvider.go              | 10 ++--
 providers/hedns/hednsProvider.go              | 10 ++--
 providers/hetzner/hetznerProvider.go          | 10 ++--
 providers/hexonet/records.go                  | 12 ++---
 providers/hostingde/hostingdeProvider.go      | 18 ++++----
 providers/huaweicloud/records.go              | 12 ++---
 providers/inwx/inwxProvider.go                | 10 ++--
 providers/linode/linodeProvider.go            | 20 ++++----
 providers/loopia/loopiaProvider.go            | 12 ++---
 providers/luadns/luadnsProvider.go            | 10 ++--
 providers/msdns/corrections.go                |  8 ++--
 .../mythicbeasts/mythicbeastsProvider.go      |  8 ++--
 providers/namecheap/namecheapProvider.go      | 10 ++--
 providers/namedotcom/records.go               |  8 ++--
 providers/netcup/netcupProvider.go            |  8 ++--
 providers/netlify/netlifyProvider.go          | 10 ++--
 providers/ns1/ns1Provider.go                  |  8 ++--
 providers/oracle/oracleProvider.go            | 11 ++---
 providers/ovh/ovhProvider.go                  | 16 +++----
 providers/packetframe/packetframeProvider.go  | 12 ++---
 providers/porkbun/porkbunProvider.go          | 12 ++---
 providers/powerdns/diff.go                    |  8 ++--
 providers/powerdns/dns.go                     | 11 +++--
 providers/providers.go                        |  4 +-
 .../realtimeregisterProvider.go               | 12 +++--
 providers/route53/route53Provider.go          | 12 ++---
 providers/rwth/dns.go                         |  8 ++--
 providers/sakuracloud/records.go              | 10 ++--
 providers/softlayer/softlayerProvider.go      | 10 ++--
 providers/transip/transipProvider.go          | 20 ++++----
 providers/vultr/vultrProvider.go              | 11 ++---
 64 files changed, 393 insertions(+), 356 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index efc2012ed3..a5b42cc5ee 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -96,7 +96,7 @@ jobs:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
     container:
-      image: golang:1.22
+      image: golang:1.23
     needs:
     - integration-test-providers
     env:
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index 55460a4293..225015d885 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -42,7 +42,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: ^1.22
+        go-version: ^1.23
 
 # Stringer is needed because .goreleaser includes "go generate ./..."
     - name: Install stringer
diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 1256d55a67..68e846b4eb 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -240,7 +240,7 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 			out.StartDNSProvider(provider.Name, skip)
 			if !skip {
 				corrections := zone.GetCorrections(provider.Name)
-				numActions := countActions(corrections)
+				numActions := zone.GetChangeCount(provider.Name)
 				totalCorrections += numActions
 				out.EndProvider2(provider.Name, numActions)
 				reportItems = append(reportItems, genReportItem(zone.Name, corrections, provider.Name))
@@ -253,7 +253,7 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 		out.StartRegistrar(zone.RegistrarName, !skip)
 		if skip {
 			corrections := zone.GetCorrections(zone.RegistrarInstance.Name)
-			numActions := countActions(corrections)
+			numActions := zone.GetChangeCount(zone.RegistrarInstance.Name)
 			out.EndProvider2(zone.RegistrarName, numActions)
 			totalCorrections += numActions
 			reportItems = append(reportItems, genReportItem(zone.Name, corrections, zone.RegistrarName))
@@ -281,15 +281,15 @@ func prun(args PPreviewArgs, push bool, interactive bool, out printer.CLI, repor
 	return nil
 }
 
-func countActions(corrections []*models.Correction) int {
-	r := 0
-	for _, c := range corrections {
-		if c.F != nil {
-			r++
-		}
-	}
-	return r
-}
+//func countActions(corrections []*models.Correction) int {
+//	r := 0
+//	for _, c := range corrections {
+//		if c.F != nil {
+//			r++
+//		}
+//	}
+//	return r
+//}
 
 func whichZonesToProcess(domains []*models.DomainConfig, filter string) []*models.DomainConfig {
 	if filter == "" || filter == "all" {
@@ -364,7 +364,7 @@ func optimizeOrder(zones []*models.DomainConfig) []*models.DomainConfig {
 func oneZone(zone *models.DomainConfig, args PPreviewArgs, zc *zoneCache) {
 	// Fix the parent zone's delegation: (if able/needed)
 	//zone.NameserversMutex.Lock()
-	delegationCorrections := generateDelegationCorrections(zone, zone.DNSProviderInstances, zone.RegistrarInstance)
+	delegationCorrections, dcCount := generateDelegationCorrections(zone, zone.DNSProviderInstances, zone.RegistrarInstance)
 	//zone.NameserversMutex.Unlock()
 
 	// Loop over the (selected) providers configured for that zone:
@@ -378,13 +378,15 @@ func oneZone(zone *models.DomainConfig, args PPreviewArgs, zc *zoneCache) {
 		}
 
 		// Update the zone's records at the provider:
-		zoneCor, rep := generateZoneCorrections(zone, provider)
+		zoneCor, rep, actualChangeCount := generateZoneCorrections(zone, provider)
 		zone.StoreCorrections(provider.Name, rep)
 		zone.StoreCorrections(provider.Name, zoneCor)
+		zone.IncrementChangeCount(provider.Name, actualChangeCount)
 	}
 
 	// Do the delegation corrections after the zones are updated.
 	zone.StoreCorrections(zone.RegistrarInstance.Name, delegationCorrections)
+	zone.IncrementChangeCount(zone.RegistrarInstance.Name, dcCount)
 }
 
 func whichProvidersToProcess(providers []*models.DNSProviderInstance, filter string) []*models.DNSProviderInstance {
@@ -533,32 +535,32 @@ func generatePopulateCorrections(provider *models.DNSProviderInstance, zoneName
 	}}
 }
 
-func generateZoneCorrections(zone *models.DomainConfig, provider *models.DNSProviderInstance) ([]*models.Correction, []*models.Correction) {
-	reports, zoneCorrections, err := zonerecs.CorrectZoneRecords(provider.Driver, zone)
+func generateZoneCorrections(zone *models.DomainConfig, provider *models.DNSProviderInstance) ([]*models.Correction, []*models.Correction, int) {
+	reports, zoneCorrections, actualChangeCount, err := zonerecs.CorrectZoneRecords(provider.Driver, zone)
 	if err != nil {
-		return []*models.Correction{{Msg: fmt.Sprintf("Domain %q provider %s Error: %s", zone.Name, provider.Name, err)}}, nil
+		return []*models.Correction{{Msg: fmt.Sprintf("Domain %q provider %s Error: %s", zone.Name, provider.Name, err)}}, nil, 0
 	}
-	return zoneCorrections, reports
+	return zoneCorrections, reports, actualChangeCount
 }
 
-func generateDelegationCorrections(zone *models.DomainConfig, providers []*models.DNSProviderInstance, _ *models.RegistrarInstance) []*models.Correction {
+func generateDelegationCorrections(zone *models.DomainConfig, providers []*models.DNSProviderInstance, _ *models.RegistrarInstance) ([]*models.Correction, int) {
 	//fmt.Printf("DEBUG: generateDelegationCorrections start zone=%q nsList = %v\n", zone.Name, zone.Nameservers)
 	nsList, err := nameservers.DetermineNameserversForProviders(zone, providers, true)
 	if err != nil {
-		return msg(fmt.Sprintf("DtermineNS: zone %q; Error: %s", zone.Name, err))
+		return msg(fmt.Sprintf("DetermineNS: zone %q; Error: %s", zone.Name, err)), 0
 	}
 	zone.Nameservers = nsList
 	nameservers.AddNSRecords(zone)
 
 	if len(zone.Nameservers) == 0 && zone.Metadata["no_ns"] != "true" {
-		return []*models.Correction{{Msg: fmt.Sprintf("No nameservers declared for domain %q; skipping registrar. Add {no_ns:'true'} to force", zone.Name)}}
+		return []*models.Correction{{Msg: fmt.Sprintf("No nameservers declared for domain %q; skipping registrar. Add {no_ns:'true'} to force", zone.Name)}}, 0
 	}
 
 	corrections, err := zone.RegistrarInstance.Driver.GetRegistrarCorrections(zone)
 	if err != nil {
-		return msg(fmt.Sprintf("zone %q; Rprovider %q; Error: %s", zone.Name, zone.RegistrarInstance.Name, err))
+		return msg(fmt.Sprintf("zone %q; Rprovider %q; Error: %s", zone.Name, zone.RegistrarInstance.Name, err)), 0
 	}
-	return corrections
+	return corrections, len(corrections)
 }
 
 func msg(s string) []*models.Correction {
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 528fe4307a..8220f5bee0 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -247,17 +247,17 @@ func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report
 					continue
 				}
 
-				reports, corrections, err := zonerecs.CorrectZoneRecords(provider.Driver, domain)
-				out.EndProvider(provider.Name, len(corrections), err)
+				reports, corrections, actualChangeCount, err := zonerecs.CorrectZoneRecords(provider.Driver, domain)
+				out.EndProvider(provider.Name, actualChangeCount, err)
 				if err != nil {
 					anyErrors = true
 					return
 				}
-				totalCorrections += len(corrections)
+				totalCorrections += actualChangeCount
 				printReports(domain.Name, provider.Name, reports, out, push, notifier)
 				reportItems = append(reportItems, ReportItem{
 					Domain:      domain.Name,
-					Corrections: len(corrections),
+					Corrections: actualChangeCount,
 					Provider:    provider.Name,
 				})
 				anyErrors = printOrRunCorrections(domain.Name, provider.Name, corrections, out, push, interactive, notifier) || anyErrors
diff --git a/go.mod b/go.mod
index fb233d39c7..cd5f4943dc 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/StackExchange/dnscontrol/v4
 
-go 1.22.1
+go 1.23.0
 
 retract v4.8.0
 
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 4911376a88..ae0551f1c9 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -228,13 +228,13 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 		}
 
 		// get and run corrections for first time
-		_, corrections, err := zonerecs.CorrectZoneRecords(prv, dom)
+		_, corrections, actualChangeCount, err := zonerecs.CorrectZoneRecords(prv, dom)
 		if err != nil {
 			t.Fatal(fmt.Errorf("runTests: %w", err))
 		}
 		if tst.Changeless {
-			if count := len(corrections); count != 0 {
-				t.Logf("Expected 0 corrections on FIRST run, but found %d.", count)
+			if actualChangeCount != 0 {
+				t.Logf("Expected 0 corrections on FIRST run, but found %d.", actualChangeCount)
 				for i, c := range corrections {
 					t.Logf("UNEXPECTED #%d: %s", i, c.Msg)
 				}
@@ -261,12 +261,12 @@ func makeChanges(t *testing.T, prv providers.DNSServiceProvider, dc *models.Doma
 		}
 
 		// run a second time and expect zero corrections
-		_, corrections, err = zonerecs.CorrectZoneRecords(prv, dom2)
+		_, corrections, actualChangeCount, err = zonerecs.CorrectZoneRecords(prv, dom2)
 		if err != nil {
 			t.Fatal(err)
 		}
-		if count := len(corrections); count != 0 {
-			t.Logf("Expected 0 corrections on second run, but found %d.", count)
+		if actualChangeCount != 0 {
+			t.Logf("Expected 0 corrections on second run, but found %d.", actualChangeCount)
 			for i, c := range corrections {
 				t.Logf("UNEXPECTED #%d: %s", i, c.Msg)
 			}
@@ -353,7 +353,7 @@ func TestDualProviders(t *testing.T) {
 	run := func() {
 		dom, _ := dc.Copy()
 
-		rs, cs, err := zonerecs.CorrectZoneRecords(p, dom)
+		rs, cs, _, err := zonerecs.CorrectZoneRecords(p, dom)
 		if err != nil {
 			t.Fatal(err)
 		}
@@ -378,12 +378,12 @@ func TestDualProviders(t *testing.T) {
 	run()
 	// run again to make sure no corrections
 	t.Log("Running again to ensure stability")
-	rs, cs, err := zonerecs.CorrectZoneRecords(p, dc)
+	rs, cs, actualChangeCount, err := zonerecs.CorrectZoneRecords(p, dc)
 	if err != nil {
 		t.Fatal(err)
 	}
-	if count := len(cs); count != 0 {
-		t.Logf("Expect no corrections on second run, but found %d.", count)
+	if actualChangeCount != 0 {
+		t.Logf("Expect no corrections on second run, but found %d.", actualChangeCount)
 		for i, c := range rs {
 			t.Logf("INFO#%d:\n%s", i+1, c.Msg)
 		}
diff --git a/models/domain.go b/models/domain.go
index 5b58d0cabc..3054a443d1 100644
--- a/models/domain.go
+++ b/models/domain.go
@@ -49,9 +49,10 @@ type DomainConfig struct {
 	RawRecords []RawRecordConfig `json:"rawrecords,omitempty"`
 
 	// Pending work to do for each provider.  Provider may be a registrar or DSP.
-	pendingCorrectionsMutex sync.Mutex                 // Protect pendingCorrections*
-	pendingCorrections      map[string]([]*Correction) // Work to be done for each provider
-	pendingCorrectionsOrder []string                   // Call the providers in this order
+	pendingCorrectionsMutex  sync.Mutex                 // Protect pendingCorrections*
+	pendingCorrections       map[string]([]*Correction) // Work to be done for each provider
+	pendingCorrectionsOrder  []string                   // Call the providers in this order
+	pendingActualChangeCount map[string](int)           // Number of changes to report (cumulative)
 }
 
 // GetSplitHorizonNames returns the domain's name, uniquename, and tag.
@@ -176,3 +177,23 @@ func (dc *DomainConfig) GetCorrections(providerName string) []*Correction {
 	}
 	return nil
 }
+
+// IncrementChangeCount accumulates change count in a thread-safe way.
+func (dc *DomainConfig) IncrementChangeCount(providerName string, delta int) {
+	dc.pendingCorrectionsMutex.Lock()
+	defer dc.pendingCorrectionsMutex.Unlock()
+
+	if dc.pendingActualChangeCount == nil {
+		// First time storing anything.
+		dc.pendingActualChangeCount = make(map[string](int))
+	}
+	dc.pendingActualChangeCount[providerName] += delta
+}
+
+// GetChangeCount accumulates change count in a thread-safe way.
+func (dc *DomainConfig) GetChangeCount(providerName string) int {
+	dc.pendingCorrectionsMutex.Lock()
+	defer dc.pendingCorrectionsMutex.Unlock()
+
+	return dc.pendingActualChangeCount[providerName]
+}
diff --git a/models/provider.go b/models/provider.go
index 11c7453bd7..e98e83259a 100644
--- a/models/provider.go
+++ b/models/provider.go
@@ -4,7 +4,7 @@ package models
 type DNSProvider interface {
 	GetNameservers(domain string) ([]*Nameserver, error)
 	GetZoneRecords(domain string, meta map[string]string) (Records, error)
-	GetZoneRecordsCorrections(dc *DomainConfig, existing Records) ([]*Correction, error)
+	GetZoneRecordsCorrections(dc *DomainConfig, existing Records) ([]*Correction, int, error)
 }
 
 // Registrar is an interface for Registrar plug-ins.
diff --git a/pkg/acme/acme.go b/pkg/acme/acme.go
index 2c0823e906..8d9457aac6 100644
--- a/pkg/acme/acme.go
+++ b/pkg/acme/acme.go
@@ -276,7 +276,7 @@ func (c *certManager) getCorrections(d *models.DomainConfig) ([]*models.Correcti
 		if err != nil {
 			return nil, err
 		}
-		reports, corrections, err := zonerecs.CorrectZoneRecords(p.Driver, dc)
+		reports, corrections, _, err := zonerecs.CorrectZoneRecords(p.Driver, dc)
 		if err != nil {
 			return nil, err
 		}
diff --git a/pkg/diff/diff.go b/pkg/diff/diff.go
index f2b18b8b1e..d572afcd35 100644
--- a/pkg/diff/diff.go
+++ b/pkg/diff/diff.go
@@ -20,10 +20,10 @@ type Changeset []Correlation
 // Differ is an interface for computing the difference between two zones.
 type Differ interface {
 	// IncrementalDiff performs a diff on a record-by-record basis, and returns a sets for which records need to be created, deleted, or modified.
-	IncrementalDiff(existing []*models.RecordConfig) (reportMsgs []string, create, toDelete, modify Changeset, err error)
+	IncrementalDiff(existing []*models.RecordConfig) (reportMsgs []string, create, toDelete, modify Changeset, actualChangeCount int, err error)
 	// ChangedGroups performs a diff more appropriate for providers with a "RecordSet" model, where all records with the same name and type are grouped.
 	// Individual record changes are often not useful in such scenarios. Instead we return a map of record keys to a list of change descriptions within that group.
-	ChangedGroups(existing []*models.RecordConfig) (map[models.RecordKey][]string, []string, error)
+	ChangedGroups(existing []*models.RecordConfig) (map[models.RecordKey][]string, []string, int, error)
 }
 
 type differ struct {
diff --git a/pkg/diff/diff2compat.go b/pkg/diff/diff2compat.go
index 02ccae5dfb..43bab69a7f 100644
--- a/pkg/diff/diff2compat.go
+++ b/pkg/diff/diff2compat.go
@@ -32,10 +32,10 @@ type differCompat struct {
 
 // IncrementalDiff usees pkg/diff2 to generate output compatible with systems
 // still using NewCompat().
-func (d *differCompat) IncrementalDiff(existing []*models.RecordConfig) (reportMsgs []string, toCreate, toDelete, toModify Changeset, err error) {
-	instructions, err := diff2.ByRecord(existing, d.dc, nil)
+func (d *differCompat) IncrementalDiff(existing []*models.RecordConfig) (reportMsgs []string, toCreate, toDelete, toModify Changeset, actualChangeCount int, err error) {
+	instructions, actualChangeCount, err := diff2.ByRecord(existing, d.dc, nil)
 	if err != nil {
-		return nil, nil, nil, nil, err
+		return nil, nil, nil, nil, 0, err
 	}
 
 	for _, inst := range instructions {
@@ -71,11 +71,11 @@ func GenerateMessageCorrections(msgs []string) (corrections []*models.Correction
 }
 
 // ChangedGroups provides the same results as IncrementalDiff but grouped by key.
-func (d *differCompat) ChangedGroups(existing []*models.RecordConfig) (map[models.RecordKey][]string, []string, error) {
+func (d *differCompat) ChangedGroups(existing []*models.RecordConfig) (map[models.RecordKey][]string, []string, int, error) {
 	changedKeys := map[models.RecordKey][]string{}
-	toReport, toCreate, toDelete, toModify, err := d.IncrementalDiff(existing)
+	toReport, toCreate, toDelete, toModify, actualChangeCount, err := d.IncrementalDiff(existing)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, 0, err
 	}
 	for _, c := range toCreate {
 		changedKeys[c.Desired.Key()] = append(changedKeys[c.Desired.Key()], c.String())
@@ -86,5 +86,5 @@ func (d *differCompat) ChangedGroups(existing []*models.RecordConfig) (map[model
 	for _, m := range toModify {
 		changedKeys[m.Desired.Key()] = append(changedKeys[m.Desired.Key()], m.String())
 	}
-	return changedKeys, toReport, nil
+	return changedKeys, toReport, actualChangeCount, nil
 }
diff --git a/pkg/diff2/analyze.go b/pkg/diff2/analyze.go
index 3f8d3ffdf7..6201db7c43 100644
--- a/pkg/diff2/analyze.go
+++ b/pkg/diff2/analyze.go
@@ -9,8 +9,9 @@ import (
 	"github.com/fatih/color"
 )
 
-func analyzeByRecordSet(cc *CompareConfig) ChangeList {
+func analyzeByRecordSet(cc *CompareConfig) (ChangeList, int) {
 	var instructions ChangeList
+	var actualChangeCount int
 	// For each label...
 	for _, lc := range cc.ldata {
 		// for each type at that label...
@@ -18,7 +19,9 @@ func analyzeByRecordSet(cc *CompareConfig) ChangeList {
 			// ...if there are changes generate an instruction.
 			ets := rt.existingTargets
 			dts := rt.desiredTargets
-			msgs := genmsgs(ets, dts)
+			cs := diffTargets(ets, dts)
+			actualChangeCount += len(cs)
+			msgs := justMsgs(cs)
 			if len(msgs) == 0 { // No differences?
 				// The records at this rset are the same. No work to be done.
 				continue
@@ -35,11 +38,12 @@ func analyzeByRecordSet(cc *CompareConfig) ChangeList {
 
 	instructions = orderByDependencies(instructions)
 
-	return instructions
+	return instructions, actualChangeCount
 }
 
-func analyzeByLabel(cc *CompareConfig) ChangeList {
+func analyzeByLabel(cc *CompareConfig) (ChangeList, int) {
 	var instructions ChangeList
+	var actualChangeCount int
 	// Accumulate any changes and collect the info needed to generate instructions.
 	for _, lc := range cc.ldata {
 		// for each type at that label...
@@ -52,7 +56,9 @@ func analyzeByLabel(cc *CompareConfig) ChangeList {
 			// for each type at that label...
 			ets := rt.existingTargets
 			dts := rt.desiredTargets
-			msgs := genmsgs(ets, dts)
+			cs := diffTargets(ets, dts)
+			actualChangeCount += len(cs)
+			msgs := justMsgs(cs)
 			k := models.RecordKey{NameFQDN: label, Type: rt.rType}
 			msgsByKey[k] = msgs
 			accMsgs = append(accMsgs, msgs...)                    // Accumulate the messages
@@ -79,25 +85,27 @@ func analyzeByLabel(cc *CompareConfig) ChangeList {
 
 	instructions = orderByDependencies(instructions)
 
-	return instructions
+	return instructions, actualChangeCount
 }
 
-func analyzeByRecord(cc *CompareConfig) ChangeList {
+func analyzeByRecord(cc *CompareConfig) (ChangeList, int) {
 
 	var instructions ChangeList
+	var actualChangeCount int
 	// For each label, for each type at that label, see if there are any changes.
 	for _, lc := range cc.ldata {
 		for _, rt := range lc.tdata {
 			ets := rt.existingTargets
 			dts := rt.desiredTargets
 			cs := diffTargets(ets, dts)
+			actualChangeCount += len(cs)
 			instructions = append(instructions, cs...)
 		}
 	}
 
 	instructions = orderByDependencies(instructions)
 
-	return instructions
+	return instructions, actualChangeCount
 }
 
 // FYI: there is no analyzeByZone.  diff2.ByZone() calls analyzeByRecords().
@@ -303,10 +311,6 @@ func diffTargets(existing, desired []targetConfig) ChangeList {
 	return instructions
 }
 
-func genmsgs(existing, desired []targetConfig) []string {
-	return justMsgs(diffTargets(existing, desired))
-}
-
 func justMsgs(cl ChangeList) []string {
 	var msgs []string
 	for _, c := range cl {
diff --git a/pkg/diff2/analyze_test.go b/pkg/diff2/analyze_test.go
index a220ffac55..a4bc83b2cd 100644
--- a/pkg/diff2/analyze_test.go
+++ b/pkg/diff2/analyze_test.go
@@ -127,7 +127,13 @@ func compareCL(t *testing.T, fnname, testname, testpart string, gotcl ChangeList
 	if d != "" {
 		t.Errorf("%s()/%s (wantChange%s):\n===got===\n%s\n===want===\n%s\n===diff===\n%s\n===", fnname, testname, testpart, gs, ws, d)
 	}
+}
 
+func compareACC(t *testing.T, fnname, testname, testpart string, gotacc int, wantacc int) {
+	t.Helper()
+	if gotacc != wantacc {
+		t.Errorf("%s()/%s (wantChange%s):\n===got===\n%v\n===want===\n%v\n", fnname, testname, testpart, gotacc, wantacc)
+	}
 }
 
 func Test_analyzeByRecordSet(t *testing.T) {
@@ -150,6 +156,7 @@ func Test_analyzeByRecordSet(t *testing.T) {
 		wantChangeRec   string
 		wantMsgsRec     string
 		wantChangeZone  string
+		wantChangeCount int
 	}{
 
 		{
@@ -159,6 +166,7 @@ func Test_analyzeByRecordSet(t *testing.T) {
 				existing: models.Records{testDataAA1234},
 				desired:  models.Records{testDataAA1234clone},
 			},
+			wantChangeCount: 0,
 			wantMsgs:        "", // Empty
 			wantChangeRSet:  "ChangeList: len=0",
 			wantChangeLabel: "ChangeList: len=0",
@@ -172,7 +180,8 @@ func Test_analyzeByRecordSet(t *testing.T) {
 				existing: models.Records{testDataAA1234, testDataAMX10a},
 				desired:  models.Records{testDataAA1234clone, testDataAMX20b},
 			},
-			wantMsgs: "± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)",
+			wantChangeCount: 1,
+			wantMsgs:        "± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)",
 			wantChangeRSet: `
 ChangeList: len=1
 00: Change: verb=CHANGE
@@ -206,7 +215,8 @@ ChangeList: len=1
 				existing: models.Records{testDataAA1234, testDataApexMX1aaa},
 				desired:  models.Records{testDataAA1234clone, testDataApexMX22bbb},
 			},
-			wantMsgs: "± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)",
+			wantChangeCount: 1,
+			wantMsgs:        "± MODIFY f.com MX (1 aaa.f.com. ttl=300) -> (22 bbb.f.com. ttl=300)",
 			wantChangeRSet: `
 ChangeList: len=1
 00: Change: verb=CHANGE
@@ -240,6 +250,7 @@ ChangeList: len=1
 				existing: models.Records{testDataAA1234, testDataAMX10a},
 				desired:  models.Records{testDataAA1234clone, testDataAA12345, testDataAMX20b},
 			},
+			wantChangeCount: 2,
 			wantMsgs: `
 ± MODIFY laba.f.com MX (10 laba.f.com. ttl=300) -> (20 labb.f.com. ttl=300)
 + CREATE laba.f.com A 1.2.3.5 ttl=300
@@ -290,6 +301,7 @@ ChangeList: len=2
 				existing: models.Records{testDataAA1234, testDataCCa},
 				desired:  models.Records{d13, d3},
 			},
+			wantChangeCount: 3,
 			wantMsgs: `
 + CREATE labe.f.com A 10.10.10.95 ttl=300
 ± MODIFY labc.f.com CNAME (laba.f.com. ttl=300) -> (labe.f.com. ttl=300)
@@ -352,6 +364,7 @@ ChangeList: len=3
 				existing: models.Records{testDataAA1234, testDataAMX10a, testDataCCa, testDataEA15, e4, e5, e6, e7, e8, e9, e10, e11},
 				desired:  models.Records{testDataAA1234clone, testDataAA12345, testDataAMX20b, d3, d4, d5, d6, d7, d8, d9, d10, d11, d12},
 			},
+			wantChangeCount: 11,
 			wantMsgs: `
 + CREATE labf.f.com TXT "foo" ttl=300
 ± MODIFY labg.f.com NS (labc.f.com. ttl=300) -> (labf.f.com. ttl=300)
@@ -525,21 +538,24 @@ ChangeList: len=11
 		// Therefore we have to run NewCompareConfig() each time.
 
 		t.Run(tt.name, func(t *testing.T) {
-			cl := analyzeByRecordSet(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
+			cl, actualChangeCount := analyzeByRecordSet(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
 			compareMsgs(t, "analyzeByRecordSet", tt.name, "RSet", cl, tt.wantMsgsRSet, tt.wantMsgs)
 			compareCL(t, "analyzeByRecordSet", tt.name, "RSet", cl, tt.wantChangeRSet)
+			compareACC(t, "analyzeByRecordSet", tt.name, "ACC", actualChangeCount, tt.wantChangeCount)
 		})
 
 		t.Run(tt.name, func(t *testing.T) {
-			cl := analyzeByLabel(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
+			cl, actualChangeCount := analyzeByLabel(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
 			compareMsgs(t, "analyzeByLabel", tt.name, "Label", cl, tt.wantMsgsLabel, tt.wantMsgs)
 			compareCL(t, "analyzeByLabel", tt.name, "Label", cl, tt.wantChangeLabel)
+			compareACC(t, "analyzeByLabel", tt.name, "ACC", actualChangeCount, tt.wantChangeCount)
 		})
 
 		t.Run(tt.name, func(t *testing.T) {
-			cl := analyzeByRecord(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
+			cl, actualChangeCount := analyzeByRecord(NewCompareConfig(tt.args.origin, tt.args.existing, tt.args.desired, tt.args.compFn))
 			compareMsgs(t, "analyzeByRecord", tt.name, "Rec", cl, tt.wantMsgsRec, tt.wantMsgs)
 			compareCL(t, "analyzeByRecord", tt.name, "Rec", cl, tt.wantChangeRec)
+			compareACC(t, "analyzeByRecord", tt.name, "ACC", actualChangeCount, tt.wantChangeCount)
 		})
 
 		// NB(tlim): There is no analyzeByZone().  diff2.ByZone() uses analyzeByRecord().
diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index f8f27f7e7a..ddfb7b6500 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -151,7 +151,7 @@ func (c *Change) CreateCorrectionWithMessage(msg string, correctionFunction func
 // www.example.com, A, and a list of all the desired IP addresses.
 //
 // Examples include: AZURE_DNS, GCORE, NS1, ROUTE53
-func ByRecordSet(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, error) {
+func ByRecordSet(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, int, error) {
 	return byHelper(analyzeByRecordSet, existing, dc, compFunc)
 }
 
@@ -163,7 +163,7 @@ func ByRecordSet(existing models.Records, dc *models.DomainConfig, compFunc Comp
 // to be served at a particular label, or the label itself is deleted.
 //
 // Examples include: GANDI_V5
-func ByLabel(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, error) {
+func ByLabel(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, int, error) {
 	return byHelper(analyzeByLabel, existing, dc, compFunc)
 }
 
@@ -179,7 +179,7 @@ func ByLabel(existing models.Records, dc *models.DomainConfig, compFunc Comparab
 // A delete always has exactly 1 old: .Old[0]
 //
 // Examples include: CLOUDFLAREAPI, HEDNS, INWX, MSDNS, OVH, PORKBUN, VULTR
-func ByRecord(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, error) {
+func ByRecord(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, int, error) {
 	return byHelper(analyzeByRecord, existing, dc, compFunc)
 }
 
@@ -205,23 +205,16 @@ func ByRecord(existing models.Records, dc *models.DomainConfig, compFunc Compara
 //	}
 //
 // Example providers include: BIND, AUTODNS
-func ByZone(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) ([]string, bool, error) {
+func ByZone(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) ([]string, bool, int, error) {
 	// Only return the messages.  The caller has the list of records needed to build the new zone.
-	instructions, err := byHelper(analyzeByRecord, existing, dc, compFunc)
-	changes := false
-	for i := range instructions {
-		//fmt.Printf("DEBUG: ByZone #%d: %v\n", i, ii)
-		if instructions[i].Type != REPORT {
-			changes = true
-		}
-	}
-	return justMsgs(instructions), changes, err
+	instructions, actualChangeCount, err := byHelper(analyzeByRecord, existing, dc, compFunc)
+	return justMsgs(instructions), actualChangeCount > 0, actualChangeCount, err
 }
 
 //
 
 // byHelper does 90% of the work for the By*() calls.
-func byHelper(fn func(cc *CompareConfig) ChangeList, existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, error) {
+func byHelper(fn func(cc *CompareConfig) (ChangeList, int), existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, int, error) {
 
 	// Process NO_PURGE/ENSURE_ABSENT and IGNORE*().
 	desired, msgs, err := handsoff(
@@ -232,14 +225,14 @@ func byHelper(fn func(cc *CompareConfig) ChangeList, existing models.Records, dc
 		dc.KeepUnknown,
 	)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	// Regroup existing/desiredd for easy comparison:
 	cc := NewCompareConfig(dc.Name, existing, desired, compFunc)
 
 	// Analyze and generate the instructions:
-	instructions := fn(cc)
+	instructions, actualChangeCount := fn(cc)
 
 	// If we have msgs, create a change to output them:
 	if len(msgs) != 0 {
@@ -252,5 +245,5 @@ func byHelper(fn func(cc *CompareConfig) ChangeList, existing models.Records, dc
 		instructions = append([]Change{chg}, instructions...)
 	}
 
-	return instructions, nil
+	return instructions, actualChangeCount, nil
 }
diff --git a/pkg/zonerecs/zonerecords.go b/pkg/zonerecs/zonerecords.go
index be8c882ae7..b43f06b8a5 100644
--- a/pkg/zonerecs/zonerecords.go
+++ b/pkg/zonerecs/zonerecords.go
@@ -7,11 +7,11 @@ import (
 // CorrectZoneRecords calls both GetZoneRecords, does any
 // post-processing, and then calls GetZoneRecordsCorrections.  The
 // name sucks because all the good names were taken.
-func CorrectZoneRecords(driver models.DNSProvider, dc *models.DomainConfig) ([]*models.Correction, []*models.Correction, error) {
+func CorrectZoneRecords(driver models.DNSProvider, dc *models.DomainConfig) ([]*models.Correction, []*models.Correction, int, error) {
 
 	existingRecords, err := driver.GetZoneRecords(dc.Name, dc.Metadata)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, 0, err
 	}
 
 	// downcase
@@ -26,7 +26,7 @@ func CorrectZoneRecords(driver models.DNSProvider, dc *models.DomainConfig) ([]*
 	// dc.Records.
 	dc, err = dc.Copy()
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, 0, err
 	}
 
 	// punycode
@@ -34,9 +34,9 @@ func CorrectZoneRecords(driver models.DNSProvider, dc *models.DomainConfig) ([]*
 	// FIXME(tlim) It is a waste to PunyCode every iteration.
 	// This should be moved to where the JavaScript is processed.
 
-	everything, err := driver.GetZoneRecordsCorrections(dc, existingRecords)
+	everything, actualChangeCount, err := driver.GetZoneRecordsCorrections(dc, existingRecords)
 	reports, corrections := splitReportsAndCorrections(everything)
-	return reports, corrections, err
+	return reports, corrections, actualChangeCount, err
 }
 
 func splitReportsAndCorrections(everything []*models.Correction) (reports, corrections []*models.Correction) {
diff --git a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
index dbe6fb5f76..64c5a673a4 100644
--- a/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
+++ b/providers/akamaiedgedns/akamaiEdgeDnsProvider.go
@@ -107,10 +107,10 @@ func (a *edgeDNSProvider) EnsureZoneExists(domain string) error {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (a *edgeDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
-	keysToUpdate, toReport, err := diff.NewCompat(dc).ChangedGroups(existingRecords)
+func (a *edgeDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
+	keysToUpdate, toReport, actualChangeCount, err := diff.NewCompat(dc).ChangedGroups(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -180,7 +180,7 @@ func (a *edgeDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 	// AutoDnsSec correction
 	existingAutoDNSSecEnabled, err := isAutoDNSSecEnabled(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
@@ -205,7 +205,7 @@ func (a *edgeDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		printer.Debugf("autoDNSSecEnable: Disable AutoDnsSec for zone %s\n", dc.Name)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index af7ec81ec6..afc507c21f 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -71,14 +71,14 @@ func New(settings map[string]string, _ json.RawMessage) (providers.DNSServicePro
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	domain := dc.Name
 
 	var corrections []*models.Correction
 
-	msgs, changed, err := diff2.ByZone(existingRecords, dc, nil)
+	msgs, changed, actualChangeCount, err := diff2.ByZone(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if changed {
 
@@ -107,7 +107,7 @@ func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func recordsToNative(recs models.Records) ([]*models.Nameserver, uint32, []*ResourceRecord) {
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 3033df4bef..5943963458 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -426,7 +426,7 @@ func hasNSDeletion(changes diff2.ChangeList) bool {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *axfrddnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
+func (c *axfrddnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 	// Ignoring the SOA, others providers don't manage it either.
 	if len(foundRecords) >= 1 && foundRecords[0].Type == "SOA" {
 		foundRecords = foundRecords[1:]
@@ -466,19 +466,19 @@ func (c *axfrddnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, fo
 
 	dummyNs1, err := dns.NewRR(dc.Name + ". IN NS 255.255.255.255")
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	dummyNs2, err := dns.NewRR(dc.Name + ". IN NS 255.255.255.255")
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	changes, err := diff2.ByRecord(foundRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecord(foundRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if changes == nil {
-		return nil, nil
+		return nil, 0, nil
 	}
 
 	// A DNS server should silently ignore a DDNS update that removes
@@ -547,5 +547,5 @@ func (c *axfrddnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, fo
 	if len(reports) > 0 {
 		returnValue = append(returnValue, c.BuildCorrection(dc, reports, nil))
 	}
-	return returnValue, nil
+	return returnValue, actualChangeCount, nil
 }
diff --git a/providers/azuredns/azureDnsProvider.go b/providers/azuredns/azureDnsProvider.go
index 0ab74a72a6..856077ba7b 100644
--- a/providers/azuredns/azureDnsProvider.go
+++ b/providers/azuredns/azureDnsProvider.go
@@ -190,14 +190,14 @@ func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	// Azure is a "ByRecordSet" API.
 
-	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -230,7 +230,7 @@ func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		}
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (a *azurednsProvider) recordCreate(zoneName string, reckey models.RecordKey, recs models.Records) error {
diff --git a/providers/azureprivatedns/azurePrivateDnsProvider.go b/providers/azureprivatedns/azurePrivateDnsProvider.go
index 5a901380e8..2e2b05fe63 100644
--- a/providers/azureprivatedns/azurePrivateDnsProvider.go
+++ b/providers/azureprivatedns/azurePrivateDnsProvider.go
@@ -187,12 +187,12 @@ func (a *azurednsProvider) getExistingRecords(domain string) (models.Records, []
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
-	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -225,7 +225,7 @@ func (a *azurednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		}
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (a *azurednsProvider) recordCreate(zoneName string, reckey models.RecordKey, recs models.Records) error {
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index a8509542d6..583693141a 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -217,7 +217,7 @@ func ParseZoneContents(content string, zoneName string, zonefileName string) (mo
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
+func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	changes := false
@@ -248,12 +248,13 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 
 	var msgs []string
 	var err error
-	msgs, changes, err = diff2.ByZone(foundRecords, dc, nil)
+	var actualChangeCount int
+	msgs, changes, actualChangeCount, err = diff2.ByZone(foundRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if !changes {
-		return nil, nil
+		return nil, 0, nil
 	}
 	msg = strings.Join(msgs, "\n")
 
@@ -311,7 +312,7 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 			},
 		})
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // preprocessFilename pre-processes a filename we're about to os.Create()
diff --git a/providers/bunnydns/records.go b/providers/bunnydns/records.go
index 00ff817fc1..34e247bc0b 100644
--- a/providers/bunnydns/records.go
+++ b/providers/bunnydns/records.go
@@ -2,6 +2,7 @@ package bunnydns
 
 import (
 	"fmt"
+
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
@@ -53,7 +54,7 @@ func (b *bunnydnsProvider) GetZoneRecords(domain string, meta map[string]string)
 	return recs, nil
 }
 
-func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 	// Bunny DNS never returns NS records for the apex domain, so these are artificially added when retrieving records.
 	// As no TTL can be configured or retrieved for these NS records, we set it to 0 to avoid unnecessary updates.
 	for _, rc := range dc.Records {
@@ -68,12 +69,12 @@ func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 
 	zone, err := b.findZoneByDomain(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	instructions, err := diff2.ByRecord(existing, dc, nil)
+	instructions, actualChangeCount, err := diff2.ByRecord(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrections []*models.Correction
@@ -100,7 +101,7 @@ func (b *bunnydnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		}
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (b *bunnydnsProvider) mkCreateCorrection(zoneID int64, newRec *models.RecordConfig, msg string) *models.Correction {
diff --git a/providers/cloudflare/cloudflareProvider.go b/providers/cloudflare/cloudflareProvider.go
index 0188aa36c4..89b090b0cb 100644
--- a/providers/cloudflare/cloudflareProvider.go
+++ b/providers/cloudflare/cloudflareProvider.go
@@ -204,7 +204,7 @@ func (c *cloudflareProvider) getDomainID(name string) (string, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
+func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
 
 	for _, rec := range dc.Records {
 		if rec.Type == "ALIAS" {
@@ -213,14 +213,14 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	}
 
 	if err := c.preprocessConfig(dc); err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	checkNSModifications(dc)
 
 	domainID, err := c.getDomainID(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, rec := range dc.Records {
@@ -237,9 +237,9 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	var corrections []*models.Correction
 
 	// Cloudflare is a "ByRecord" API.
-	instructions, err := diff2.ByRecord(records, dc, genComparable)
+	instructions, actualChangeCount, err := diff2.ByRecord(records, dc, genComparable)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, inst := range instructions {
@@ -291,7 +291,7 @@ func (c *cloudflareProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func genComparable(rec *models.RecordConfig) string {
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index d3f7952e53..36076fccb4 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -114,16 +114,16 @@ func (c *cloudnsProvider) GetNameservers(domain string) ([]*models.Nameserver, e
 // }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 
 	if c.domainIndex == nil {
 		if err := c.fetchDomainList(); err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 	}
 	domainID, ok := c.domainIndex[dc.Name]
 	if !ok {
-		return nil, fmt.Errorf("'%s' not a zone in ClouDNS account", dc.Name)
+		return nil, 0, fmt.Errorf("'%s' not a zone in ClouDNS account", dc.Name)
 	}
 
 	// Get a list of available TTL values.
@@ -134,9 +134,9 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		record.TTL = fixTTL(record.TTL)
 	}
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -168,7 +168,7 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 	for _, m := range create {
 		req, err := toReq(m.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 
 		// ClouDNS does not require the trailing period to be specified when creating an NS record where the A or AAAA record exists in the zone.
@@ -203,7 +203,7 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		id := m.Existing.Original.(*domainRecord).ID
 		req, err := toReq(m.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 
 		// ClouDNS does not require the trailing period to be specified when updating an NS record where the A or AAAA record exists in the zone.
@@ -221,7 +221,7 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 
 }
 
diff --git a/providers/cscglobal/dns.go b/providers/cscglobal/dns.go
index 41063a8532..840dc81bd2 100644
--- a/providers/cscglobal/dns.go
+++ b/providers/cscglobal/dns.go
@@ -75,11 +75,11 @@ func (client *providerClient) GetNameservers(domain string) ([]*models.Nameserve
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
+func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 
-	toReport, creates, dels, modifications, err := diff.NewCompat(dc).IncrementalDiff(foundRecords)
+	toReport, creates, dels, modifications, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(foundRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -123,7 +123,7 @@ func (client *providerClient) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		corrections = append(corrections, c)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func makePurge(cor diff.Correlation) zoneResourceRecordEdit {
diff --git a/providers/desec/desecProvider.go b/providers/desec/desecProvider.go
index 1e08d6c29c..4c425f7ca2 100644
--- a/providers/desec/desecProvider.go
+++ b/providers/desec/desecProvider.go
@@ -154,10 +154,10 @@ func PrepDesiredRecords(dc *models.DomainConfig, minTTL uint32) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 	minTTL, ok, err := c.searchDomainIndex(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if !ok {
 		minTTL = 3600
@@ -165,15 +165,15 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 
 	PrepDesiredRecords(dc, minTTL)
 
-	keysToUpdate, toReport, err := diff.NewCompat(dc).ChangedGroups(existing)
+	keysToUpdate, toReport, actualChangeCount, err := diff.NewCompat(dc).ChangedGroups(existing)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
 
 	if len(corrections) == 0 && len(keysToUpdate) == 0 {
-		return nil, nil
+		return nil, 0, nil
 	}
 
 	desiredRecords := dc.Records.GroupedByKey()
@@ -245,7 +245,7 @@ func (c *desecProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 	// be to just remove the sort.
 	//sort.Slice(corrections, func(i, j int) bool { return diff.CorrectionLess(corrections, i, j) })
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // ListZones return all the zones in the account
diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 1d4d4c2ddb..81fe4be312 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -172,12 +172,12 @@ func (api *digitaloceanProvider) GetZoneRecords(domain string, meta map[string]s
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	ctx := context.Background()
 
-	toReport, toCreate, toDelete, toModify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, toCreate, toDelete, toModify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -236,7 +236,7 @@ func (api *digitaloceanProvider) GetZoneRecordsCorrections(dc *models.DomainConf
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func getRecords(api *digitaloceanProvider, name string) ([]godo.DomainRecord, error) {
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index 68ef7a0055..d9455f0ee9 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -160,17 +160,17 @@ func (c *dnsimpleProvider) GetZoneRecords(domain string, meta map[string]string)
 	return cleanedRecords, nil
 }
 
-func (c *dnsimpleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (c *dnsimpleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 	removeOtherApexNS(dc)
 
 	dnssecFixes, err := c.getDNSSECCorrections(dc)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(actual)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -202,7 +202,7 @@ func (c *dnsimpleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ac
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func removeApexNS(records models.Records) models.Records {
diff --git a/providers/dnsmadeeasy/dnsMadeEasyProvider.go b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
index 4364ab5eef..08f5655aae 100644
--- a/providers/dnsmadeeasy/dnsMadeEasyProvider.go
+++ b/providers/dnsmadeeasy/dnsMadeEasyProvider.go
@@ -103,11 +103,11 @@ func New(settings map[string]string, _ json.RawMessage) (providers.DNSServicePro
 // 	return api.GetZoneRecordsCorrections(dc, existingRecords)
 // }
 
-func (api *dnsMadeEasyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *dnsMadeEasyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	domainName := dc.Name
 	domain, err := api.findDomain(domainName)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, rec := range dc.Records {
@@ -120,9 +120,9 @@ func (api *dnsMadeEasyProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 		}
 	}
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -186,7 +186,7 @@ func (api *dnsMadeEasyProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // EnsureZoneExists creates a zone if it does not exist
diff --git a/providers/domainnameshop/dns.go b/providers/domainnameshop/dns.go
index 320506b6f6..6915b65f14 100644
--- a/providers/domainnameshop/dns.go
+++ b/providers/domainnameshop/dns.go
@@ -25,7 +25,7 @@ func (api *domainNameShopProvider) GetZoneRecords(domain string, meta map[string
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 
 	// Merge TXT strings to one string
 	for _, rc := range dc.Records {
@@ -39,9 +39,9 @@ func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainCo
 		record.TTL = fixTTL(record.TTL)
 	}
 
-	toReport, create, delete, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, delete, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -65,7 +65,7 @@ func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainCo
 
 		dnsR, err := api.fromRecordConfig(domainName, r.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 
 		corr := &models.Correction{
@@ -81,7 +81,7 @@ func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainCo
 
 		dnsR, err := api.fromRecordConfig(domainName, r.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 
 		dnsR.ID = r.Existing.Original.(*domainNameShopRecord).ID
@@ -94,7 +94,7 @@ func (api *domainNameShopProvider) GetZoneRecordsCorrections(dc *models.DomainCo
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (api *domainNameShopProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
diff --git a/providers/exoscale/exoscaleProvider.go b/providers/exoscale/exoscaleProvider.go
index 7d77a1daf1..999fe25992 100644
--- a/providers/exoscale/exoscaleProvider.go
+++ b/providers/exoscale/exoscaleProvider.go
@@ -187,18 +187,18 @@ func (c *exoscaleProvider) GetZoneRecords(domainName string, meta map[string]str
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *exoscaleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (c *exoscaleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 
 	removeOtherNS(dc)
 	domain, err := c.findDomainByName(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	domainID := *domain.ID
 
-	toReport, create, toDelete, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, toDelete, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -228,7 +228,7 @@ func (c *exoscaleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // Returns a function that can be invoked to create a record in a zone.
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 06e0ca92a0..6d030cc8e6 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -202,7 +202,7 @@ func PrepDesiredRecords(dc *models.DomainConfig) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 	if client.debug {
 		debugRecords("GenDC input", existing)
@@ -214,9 +214,9 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 
 	// Gandi is a "ByLabel" API with the odd exception that changes must be
 	// done one label:rtype at a time.
-	instructions, err := diff2.ByLabel(existing, dc, nil)
+	instructions, actualChangeCount, err := diff2.ByLabel(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	for _, inst := range instructions {
 		switch inst.Type {
@@ -292,7 +292,7 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // debugRecords prints a list of RecordConfig.
diff --git a/providers/gcloud/gcloudProvider.go b/providers/gcloud/gcloudProvider.go
index 026103f44d..ae976139f2 100644
--- a/providers/gcloud/gcloudProvider.go
+++ b/providers/gcloud/gcloudProvider.go
@@ -241,14 +241,14 @@ func (g *gcloudProvider) getZoneSets(domain string) (models.Records, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 
-	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if len(changes) == 0 {
-		return nil, nil
+		return nil, 0, nil
 	}
 
 	var corrections []*models.Correction
@@ -280,7 +280,7 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			newAdds = nil
 			newDels = change.Old[0].Original.(*gdns.ResourceRecordSet)
 		default:
-			return nil, fmt.Errorf("GCLOUD unhandled change.TYPE %s", change.Type)
+			return nil, 0, fmt.Errorf("GCLOUD unhandled change.TYPE %s", change.Type)
 		}
 
 		// If the work would overflow the current batch, process what we have so far and start a new batch.
@@ -308,7 +308,7 @@ func (g *gcloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 
 	// Process the remaining work.
 	corrections = g.mkCorrection(corrections, accumlatedMsgs, batch, dc.Name)
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // mkRRSs returns a gdns.ResourceRecordSet using the name, rType, and recs
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index 14123c94d1..91f930c2e9 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -137,7 +137,7 @@ func generateChangeMsg(updates []string) string {
 // a list of functions to call to actually make the desired
 // correction, and a message to output to the user when the change is
 // made.
-func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 
 	// Make delete happen earlier than creates & updates.
 	var corrections []*models.Correction
@@ -151,9 +151,9 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 		}
 	}
 
-	changes, err := diff2.ByRecordSet(existing, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -196,7 +196,7 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 
 	dnssecEnabled, err := c.dnssdkGetDNSSEC(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	if !dnssecEnabled && dc.AutoDNSSEC == "on" {
@@ -221,5 +221,5 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 
 	result := append(reports, deletions...)
 	result = append(result, corrections...)
-	return result, nil
+	return result, actualChangeCount, nil
 }
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index d5e3f72765..1da1992a6f 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -186,7 +186,7 @@ func (c *hednsProvider) GetNameservers(_ string) ([]*models.Nameserver, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *hednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
+func (c *hednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
 
 	// Get the SOA record to get the ZoneID, then remove it from the list.
 	zoneID := uint64(0)
@@ -202,10 +202,10 @@ func (c *hednsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, recor
 	return c.getDiff2DomainCorrections(dc, zoneID, prunedRecords)
 }
 
-func (c *hednsProvider) getDiff2DomainCorrections(dc *models.DomainConfig, zoneID uint64, records models.Records) ([]*models.Correction, error) {
-	changes, err := diff2.ByRecord(records, dc, nil)
+func (c *hednsProvider) getDiff2DomainCorrections(dc *models.DomainConfig, zoneID uint64, records models.Records) ([]*models.Correction, int, error) {
+	changes, actualChangeCount, err := diff2.ByRecord(records, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrections []*models.Correction
@@ -243,7 +243,7 @@ func (c *hednsProvider) getDiff2DomainCorrections(dc *models.DomainConfig, zoneI
 		}
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetZoneRecords returns all the records for the given domain
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index 242c826f33..8f911919d8 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -74,19 +74,19 @@ func (api *hetznerProvider) EnsureZoneExists(domain string) error {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *hetznerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *hetznerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	domain := dc.Name
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
 
 	z, err := api.getZone(domain)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, m := range del {
@@ -136,7 +136,7 @@ func (api *hetznerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/hexonet/records.go b/providers/hexonet/records.go
index 43dd6d2c0a..7d164548ec 100644
--- a/providers/hexonet/records.go
+++ b/providers/hexonet/records.go
@@ -56,10 +56,10 @@ func (n *HXClient) GetZoneRecords(domain string, meta map[string]string) (models
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
-	toReport, create, del, mod, err := diff.NewCompat(dc).IncrementalDiff(actual)
+func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
+	toReport, create, del, mod, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -76,7 +76,7 @@ func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual mod
 		rec := cre.Desired
 		recordString, err := n.createRecordString(rec, dc.Name)
 		if err != nil {
-			return corrections, err
+			return corrections, 0, err
 		}
 		params[fmt.Sprintf("ADDRR%d", addrridx)] = recordString
 		addrridx++
@@ -96,7 +96,7 @@ func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual mod
 		params[fmt.Sprintf("DELRR%d", delrridx)] = n.deleteRecordString(old)
 		newRecordString, err := n.createRecordString(new, dc.Name)
 		if err != nil {
-			return corrections, err
+			return corrections, 0, err
 		}
 		params[fmt.Sprintf("ADDRR%d", addrridx)] = newRecordString
 		addrridx++
@@ -113,7 +113,7 @@ func (n *HXClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual mod
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func toRecord(r *HXRecord, origin string) *models.RecordConfig {
diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index 80a0fabed2..aa109007d0 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -123,7 +123,7 @@ func soaToString(s soaValues) string {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
+func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
 	var err error
 
 	// TTL must be between (inclusive) 1m and 1y (in fact, a little bit more)
@@ -140,12 +140,12 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 
 	zone, err := hp.getZone(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	toReport, create, del, mod, err := diff.NewCompat(dc).IncrementalDiff(records)
+	toReport, create, del, mod, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(records)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -225,7 +225,7 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
 		currentDNSSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		if !currentDNSSecOptions.PublishKSK {
 			msg = append(msg, "Enabling publishKsk for AutoDNSSec")
@@ -246,7 +246,7 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
 		currentDNSSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		msg = append(msg, "Disable AutoDNSSEC")
 		zone.ZoneConfig.DNSSECMode = "off"
@@ -254,7 +254,7 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		// Remove auto dnssec keys from domain
 		DomainConfig, err := hp.getDomainConfig(dc.Name)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		for _, entry := range DomainConfig.DNSSecEntries {
 			for _, autoDNSKey := range currentDNSSecOptions.Keys {
@@ -267,7 +267,7 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	}
 
 	if !zoneChanged {
-		return nil, nil
+		return nil, 0, nil
 	}
 
 	corrections = append(corrections, &models.Correction{
@@ -306,7 +306,7 @@ func (hp *hostingdeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		corrections = append(corrections, correction)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func firstNonZero(items ...uint32) uint32 {
diff --git a/providers/huaweicloud/records.go b/providers/huaweicloud/records.go
index 5b1a6f3279..8efb9da921 100644
--- a/providers/huaweicloud/records.go
+++ b/providers/huaweicloud/records.go
@@ -45,13 +45,13 @@ func (c *huaweicloudProvider) GetZoneRecords(domain string, meta map[string]stri
 // a list of functions to call to actually make the desired
 // correction, and a message to output to the user when the change is
 // made.
-func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 	if err := c.getZones(); err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	zoneID, ok := c.zoneIDByDomain[dc.Name]
 	if !ok {
-		return nil, fmt.Errorf("zone %s not found", dc.Name)
+		return nil, 0, fmt.Errorf("zone %s not found", dc.Name)
 	}
 
 	addDefaultMeta(dc.Records)
@@ -61,9 +61,9 @@ func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 	var deletions []*models.Correction
 	var reports []*models.Correction
 
-	changes, err := diff2.ByRecordSet(existing, dc, genComparable)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existing, dc, genComparable)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -133,7 +133,7 @@ func (c *huaweicloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 
 	result := append(reports, deletions...)
 	result = append(result, corrections...)
-	return result, nil
+	return result, actualChangeCount, nil
 }
 
 func collectRecordsByLineAndWeightAndKey(records models.Records) map[string]models.Records {
diff --git a/providers/inwx/inwxProvider.go b/providers/inwx/inwxProvider.go
index 020460814e..3c5ca53f06 100644
--- a/providers/inwx/inwxProvider.go
+++ b/providers/inwx/inwxProvider.go
@@ -236,15 +236,15 @@ func checkRecords(records models.Records) error {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *inwxAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
+func (api *inwxAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 	err := checkRecords(dc.Records)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	toReport, create, del, mod, err := diff.NewCompat(dc).IncrementalDiff(foundRecords)
+	toReport, create, del, mod, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(foundRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -272,7 +272,7 @@ func (api *inwxAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, foundReco
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // getDefaultNameservers returns string map with default nameservers based on e.g. sandbox mode.
diff --git a/providers/linode/linodeProvider.go b/providers/linode/linodeProvider.go
index efa45980ca..24bbaa1e82 100644
--- a/providers/linode/linodeProvider.go
+++ b/providers/linode/linodeProvider.go
@@ -131,7 +131,7 @@ func (api *linodeProvider) GetZoneRecords(domain string, meta map[string]string)
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	// Linode doesn't allow selecting an arbitrary TTL, only a set of predefined values
 	// We need to make sure we don't change it every time if it is as close as it's going to get
 	// The documentation says that it will always round up to the next highest value: 300 -> 300, 301 -> 3600.
@@ -142,17 +142,17 @@ func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 
 	if api.domainIndex == nil {
 		if err := api.fetchDomainList(); err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 	}
 	domainID, ok := api.domainIndex[dc.Name]
 	if !ok {
-		return nil, fmt.Errorf("'%s' not a zone in Linode account", dc.Name)
+		return nil, 0, fmt.Errorf("'%s' not a zone in Linode account", dc.Name)
 	}
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -174,11 +174,11 @@ func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 	for _, m := range create {
 		req, err := toReq(dc, m.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		j, err := json.Marshal(req)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		corr := &models.Correction{
 			Msg: fmt.Sprintf("%s: %s", m.String(), string(j)),
@@ -200,11 +200,11 @@ func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		}
 		req, err := toReq(dc, m.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		j, err := json.Marshal(req)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		corr := &models.Correction{
 			Msg: fmt.Sprintf("%s, Linode ID: %d: %s", m.String(), id, string(j)),
@@ -215,7 +215,7 @@ func (api *linodeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (api *linodeProvider) getRecordsForDomain(domainID int, domain string) (models.Records, error) {
diff --git a/providers/loopia/loopiaProvider.go b/providers/loopia/loopiaProvider.go
index 8e6d1dc2ff..1d4908c330 100644
--- a/providers/loopia/loopiaProvider.go
+++ b/providers/loopia/loopiaProvider.go
@@ -270,7 +270,7 @@ func gatherAffectedLabels(groups map[models.RecordKey][]string) (labels map[stri
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *APIClient) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (c *APIClient) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 
 	if c.Debug {
 		debugRecords("GenerateZoneRecordsCorrections input:\n", existingRecords)
@@ -280,16 +280,16 @@ func (c *APIClient) GetZoneRecordsCorrections(dc *models.DomainConfig, existingR
 
 	var keysToUpdate map[models.RecordKey][]string
 	differ := diff.NewCompat(dc)
-	toReport, create, del, modify, err := differ.IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := differ.IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
 
-	keysToUpdate, _, err = differ.ChangedGroups(existingRecords)
+	keysToUpdate, _, _, err = differ.ChangedGroups(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, d := range create {
@@ -365,7 +365,7 @@ func (c *APIClient) GetZoneRecordsCorrections(dc *models.DomainConfig, existingR
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // debugRecords prints a list of RecordConfig.
diff --git a/providers/luadns/luadnsProvider.go b/providers/luadns/luadnsProvider.go
index ac301c14eb..aa240ab804 100644
--- a/providers/luadns/luadnsProvider.go
+++ b/providers/luadns/luadnsProvider.go
@@ -100,21 +100,21 @@ func (l *luadnsProvider) GetZoneRecords(domain string, meta map[string]string) (
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (l *luadnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
+func (l *luadnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	checkNS(dc)
 
 	domainID, err := l.getDomainID(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrs []*models.Correction
 
-	changes, err := diff2.ByRecord(records, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecord(records, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -133,7 +133,7 @@ func (l *luadnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, reco
 		}
 		corrections = append(corrections, corrs...)
 	}
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (l *luadnsProvider) makeCreateCorrection(newrec *models.RecordConfig, domainID uint32, msg string) []*models.Correction {
diff --git a/providers/msdns/corrections.go b/providers/msdns/corrections.go
index 32cd6197aa..57ad783b7a 100644
--- a/providers/msdns/corrections.go
+++ b/providers/msdns/corrections.go
@@ -8,14 +8,14 @@ import (
 )
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (client *msdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, error) {
+func (client *msdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	models.PostProcessRecords(foundRecords)
 
-	changes, err := diff2.ByRecord(foundRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecord(foundRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corr *models.Correction
@@ -66,7 +66,7 @@ func (client *msdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (client *msdnsProvider) deleteOneRecord(dnsserver, zonename string, oldrec *models.RecordConfig) error {
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index 9bef9de878..517a8ceb01 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -114,10 +114,10 @@ func zoneFileToRecords(r io.Reader, origin string) (models.Records, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
-	msgs, changes, err := diff2.ByZone(actual, dc, nil)
+func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
+	msgs, changes, actualChangeCount, err := diff2.ByZone(actual, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrections []*models.Correction
@@ -151,7 +151,7 @@ func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig
 			})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetNameservers returns the nameservers for a domain.
diff --git a/providers/namecheap/namecheapProvider.go b/providers/namecheap/namecheapProvider.go
index a69dfe6f97..cad13c80c0 100644
--- a/providers/namecheap/namecheapProvider.go
+++ b/providers/namecheap/namecheapProvider.go
@@ -64,7 +64,7 @@ func newReg(conf map[string]string) (providers.Registrar, error) {
 	return newProvider(conf, nil)
 }
 
-func newProvider(m map[string]string, metadata json.RawMessage) (*namecheapProvider, error) {
+func newProvider(m map[string]string, _ json.RawMessage) (*namecheapProvider, error) {
 	api := &namecheapProvider{}
 	api.APIUser, api.APIKEY = m["apiuser"], m["apikey"]
 	if api.APIKEY == "" || api.APIUser == "" {
@@ -236,7 +236,7 @@ func (n *namecheapProvider) GetZoneRecords(domain string, meta map[string]string
 // }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *namecheapProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (n *namecheapProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 
 	// namecheap does not allow setting @ NS with basic DNS
 	dc.Filter(func(r *models.RecordConfig) bool {
@@ -249,9 +249,9 @@ func (n *namecheapProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, a
 		return true
 	})
 
-	toReport, create, delete, modify, err := diff.NewCompat(dc).IncrementalDiff(actual)
+	toReport, create, delete, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -283,7 +283,7 @@ func (n *namecheapProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, a
 			})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func toRecords(result *nc.DomainDNSGetHostsResult, origin string) ([]*models.RecordConfig, error) {
diff --git a/providers/namedotcom/records.go b/providers/namedotcom/records.go
index 241d023b6f..b457ba3793 100644
--- a/providers/namedotcom/records.go
+++ b/providers/namedotcom/records.go
@@ -28,7 +28,7 @@ func (n *namedotcomProvider) GetZoneRecords(domain string, meta map[string]strin
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *namedotcomProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (n *namedotcomProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 	checkNSModifications(dc)
 
 	for _, rec := range dc.Records {
@@ -37,9 +37,9 @@ func (n *namedotcomProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		}
 	}
 
-	toReport, create, del, mod, err := diff.NewCompat(dc).IncrementalDiff(actual)
+	toReport, create, del, mod, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -67,7 +67,7 @@ func (n *namedotcomProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		corrections = append(corrections, c)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func checkNSModifications(dc *models.DomainConfig) {
diff --git a/providers/netcup/netcupProvider.go b/providers/netcup/netcupProvider.go
index 3483b387b3..e3d336b7ed 100644
--- a/providers/netcup/netcupProvider.go
+++ b/providers/netcup/netcupProvider.go
@@ -74,7 +74,7 @@ func (api *netcupProvider) GetNameservers(domain string) ([]*models.Nameserver,
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *netcupProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *netcupProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	domain := dc.Name
 
 	// Setting the TTL is not supported for netcup
@@ -91,9 +91,9 @@ func (api *netcupProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 	}
 	dc.Records = newRecords
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -133,5 +133,5 @@ func (api *netcupProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, ex
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index ad90aac5b7..82c234dac9 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -160,17 +160,17 @@ func (n *netlifyProvider) ListZones() ([]string, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *netlifyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(records)
+func (n *netlifyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(records)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
 
 	zone, err := n.getZone(dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	// Deletes first so changing type works etc.
@@ -214,7 +214,7 @@ func (n *netlifyProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, rec
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func toReq(rc *models.RecordConfig) *dnsRecordCreate {
diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index d62b244b88..4d88b7287e 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -198,7 +198,7 @@ func (n *nsone) getDomainCorrectionsDNSSEC(domain, toggleDNSSEC string) *models.
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 	domain := dc.Name
 
@@ -207,9 +207,9 @@ func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecor
 		corrections = append(corrections, dnssecCorrections)
 	}
 
-	changes, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -240,7 +240,7 @@ func (n *nsone) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecor
 		}
 
 	}
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (n *nsone) add(recs models.Records, domain string) error {
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index debf276148..58a3a3c55a 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -213,7 +213,7 @@ func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (mo
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	var err error
 
 	// Ensure we don't emit changes for attempted modification of built-in apex NSs
@@ -234,9 +234,9 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		}
 	}
 
-	toReport, create, dels, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, dels, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -258,7 +258,6 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			createRecords = append(createRecords, rec.Desired)
 			desc += rec.String() + "\n"
 		}
-		desc = desc[:len(desc)-1]
 	}
 
 	if len(dels) > 0 {
@@ -266,7 +265,6 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			deleteRecords = append(deleteRecords, rec.Existing)
 			desc += rec.String() + "\n"
 		}
-		desc = desc[:len(desc)-1]
 	}
 
 	if len(modify) > 0 {
@@ -275,7 +273,6 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			deleteRecords = append(deleteRecords, rec.Existing)
 			desc += rec.String() + "\n"
 		}
-		desc = desc[:len(desc)-1]
 	}
 
 	// There were corrections. Send them as one big batch:
@@ -288,7 +285,7 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (o *oracleProvider) patch(createRecords, deleteRecords models.Records, domain string) error {
diff --git a/providers/ovh/ovhProvider.go b/providers/ovh/ovhProvider.go
index c78a5e3e15..006dae3cab 100644
--- a/providers/ovh/ovhProvider.go
+++ b/providers/ovh/ovhProvider.go
@@ -141,11 +141,11 @@ func (c *ovhProvider) GetZoneRecords(domain string, meta map[string]string) (mod
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *ovhProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (c *ovhProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 
-	corrections, err := c.getDiff2DomainCorrections(dc, actual)
+	corrections, actualChangeCount, err := c.getDiff2DomainCorrections(dc, actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	// Only refresh zone if there's a real modification
@@ -166,14 +166,14 @@ func (c *ovhProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
-func (c *ovhProvider) getDiff2DomainCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (c *ovhProvider) getDiff2DomainCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
-	instructions, err := diff2.ByRecord(actual, dc, nil)
+	instructions, actualChangeCount, err := diff2.ByRecord(actual, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, inst := range instructions {
@@ -200,7 +200,7 @@ func (c *ovhProvider) getDiff2DomainCorrections(dc *models.DomainConfig, actual
 			panic(fmt.Sprintf("unhandled inst.Type %s", inst.Type))
 		}
 	}
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func nativeToRecord(r *Record, origin string) (*models.RecordConfig, error) {
diff --git a/providers/packetframe/packetframeProvider.go b/providers/packetframe/packetframeProvider.go
index 7a9342a018..2d012e978c 100644
--- a/providers/packetframe/packetframeProvider.go
+++ b/providers/packetframe/packetframeProvider.go
@@ -106,15 +106,15 @@ func (api *packetframeProvider) GetZoneRecords(domain string, meta map[string]st
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	zone, err := api.getZone(dc.Name)
 	if err != nil {
-		return nil, fmt.Errorf("no such zone %q in Packetframe account", dc.Name)
+		return nil, 0, fmt.Errorf("no such zone %q in Packetframe account", dc.Name)
 	}
 
-	toReport, create, dels, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, dels, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -122,7 +122,7 @@ func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 	for _, m := range create {
 		req, err := toReq(zone.ID, m.Desired)
 		if err != nil {
-			return nil, err
+			return nil, 0, err
 		}
 		corr := &models.Correction{
 			Msg: m.String(),
@@ -168,7 +168,7 @@ func (api *packetframeProvider) GetZoneRecordsCorrections(dc *models.DomainConfi
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func toReq(zoneID string, rc *models.RecordConfig) (*domainRecord, error) {
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index 394fddafd8..defa5b7cb2 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -102,7 +102,7 @@ func genComparable(rec *models.RecordConfig) string {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	// Block changes to NS records for base domain
@@ -128,9 +128,9 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		}
 	}
 
-	changes, err := diff2.ByRecord(existingRecords, dc, genComparable)
+	changes, actualChangeCount, err := diff2.ByRecord(existingRecords, dc, genComparable)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	for _, change := range changes {
 		var corr *models.Correction
@@ -140,7 +140,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		case diff2.CREATE:
 			req, err := toReq(change.New[0])
 			if err != nil {
-				return nil, err
+				return nil, 0, err
 			}
 			corr = &models.Correction{
 				Msg: change.Msgs[0],
@@ -155,7 +155,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 			id := change.Old[0].Original.(*domainRecord).ID
 			req, err := toReq(change.New[0])
 			if err != nil {
-				return nil, err
+				return nil, 0, err
 			}
 			corr = &models.Correction{
 				Msg: fmt.Sprintf("%s, porkbun ID: %s", change.Msgs[0], id),
@@ -183,7 +183,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		corrections = append(corrections, corr)
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
diff --git a/providers/powerdns/diff.go b/providers/powerdns/diff.go
index 92a3354b37..fdd2ee201d 100644
--- a/providers/powerdns/diff.go
+++ b/providers/powerdns/diff.go
@@ -11,10 +11,10 @@ import (
 	"github.com/mittwald/go-powerdns/apis/zones"
 )
 
-func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
-	changes, err := diff2.ByRecordSet(existing, dc, nil)
+func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
+	changes, actualChangeCount, err := diff2.ByRecordSet(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrections []*models.Correction
@@ -75,7 +75,7 @@ func (dsp *powerdnsProvider) getDiff2DomainCorrections(dc *models.DomainConfig,
 			},
 		})
 	}
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // buildRecordList returns a list of records for the PowerDNS resource record set from a change
diff --git a/providers/powerdns/dns.go b/providers/powerdns/dns.go
index 391018d06a..a57fd0db2a 100644
--- a/providers/powerdns/dns.go
+++ b/providers/powerdns/dns.go
@@ -45,20 +45,21 @@ func (dsp *powerdnsProvider) GetZoneRecords(domain string, meta map[string]strin
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (dsp *powerdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (dsp *powerdnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 
-	corrections, err := dsp.getDiff2DomainCorrections(dc, existing)
+	corrections, actualChangeCount, err := dsp.getDiff2DomainCorrections(dc, existing)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	// DNSSec corrections
 	dnssecCorrections, err := dsp.getDNSSECCorrections(dc)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
+	actualChangeCount += len(dnssecCorrections)
 
-	return append(corrections, dnssecCorrections...), nil
+	return append(corrections, dnssecCorrections...), actualChangeCount, nil
 }
 
 // EnsureZoneExists creates a zone if it does not exist
diff --git a/providers/providers.go b/providers/providers.go
index fd36c2d8df..86ab34a573 100644
--- a/providers/providers.go
+++ b/providers/providers.go
@@ -171,8 +171,8 @@ func (n None) GetZoneRecords(domain string, meta map[string]string) (models.Reco
 }
 
 // GetZoneRecordsCorrections gets the records of a zone and returns them in RecordConfig format.
-func (n None) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
-	return nil, nil
+func (n None) GetZoneRecordsCorrections(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
+	return nil, 0, nil
 }
 
 // GetDomainCorrections returns corrections to update a domain.
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index 807b2d98d7..fb433fa313 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -106,16 +106,16 @@ func (api *realtimeregisterAPI) GetZoneRecords(domain string, meta map[string]st
 	return recordConfigs, nil
 }
 
-func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
-	msgs, changes, err := diff2.ByZone(existing, dc, nil)
+func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
+	msgs, changes, actualChangeCount, err := diff2.ByZone(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	var corrections []*models.Correction
 
 	if !changes {
-		return corrections, nil
+		return corrections, 0, nil
 	}
 
 	dnssec := api.Zones[dc.Name].Dnssec
@@ -129,6 +129,7 @@ func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfi
 					return nil
 				},
 			})
+		actualChangeCount++
 	}
 
 	if !api.Zones[dc.Name].Dnssec && dc.AutoDNSSEC == "on" {
@@ -140,6 +141,7 @@ func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfi
 					return nil
 				},
 			})
+		actualChangeCount++
 	}
 
 	if changes {
@@ -162,7 +164,7 @@ func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfi
 			})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (api *realtimeregisterAPI) ListZones() ([]string, error) {
diff --git a/providers/route53/route53Provider.go b/providers/route53/route53Provider.go
index ad2c1c598c..05d3fdcb13 100644
--- a/providers/route53/route53Provider.go
+++ b/providers/route53/route53Provider.go
@@ -282,10 +282,10 @@ func (r *route53Provider) getZoneRecords(zone r53Types.HostedZone) (models.Recor
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	zone, err := r.getZone(dc)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	// update zone_id to current zone.id if not specified by the user
@@ -301,9 +301,9 @@ func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 
 	// Amazon Route53 is a "ByRecordSet" API.
 	// At each label:rtype pair, we either delete all records or UPSERT the desired records.
-	instructions, err := diff2.ByRecordSet(existingRecords, dc, nil)
+	instructions, actualChangeCount, err := diff2.ByRecordSet(existingRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	instructions = reorderInstructions(instructions)
 	var reports []*models.Correction
@@ -403,10 +403,10 @@ func (r *route53Provider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		addCorrection(descBatchStr, req)
 	}
 	if err := batcher.Err(); err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	return append(reports, corrections...), nil
+	return append(reports, corrections...), actualChangeCount, nil
 
 }
 
diff --git a/providers/rwth/dns.go b/providers/rwth/dns.go
index cec9189b00..b1433b05d6 100644
--- a/providers/rwth/dns.go
+++ b/providers/rwth/dns.go
@@ -29,12 +29,12 @@ func (api *rwthProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *rwthProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, error) {
+func (api *rwthProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
 	domain := dc.Name
 
-	toReport, create, del, modify, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
+	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -70,5 +70,5 @@ func (api *rwthProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
diff --git a/providers/sakuracloud/records.go b/providers/sakuracloud/records.go
index 6dd434fe03..126fb34e32 100644
--- a/providers/sakuracloud/records.go
+++ b/providers/sakuracloud/records.go
@@ -53,7 +53,7 @@ func (s *sakuracloudProvider) GetZoneRecords(domain string, meta map[string]stri
 }
 
 // GetZoneRecordsCorrections gets the records of a zone and returns them in RecordConfig format.
-func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, error) {
+func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	// The name servers for the Sakura cloud provider cannot be changed.
@@ -65,12 +65,12 @@ func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		}
 	}
 
-	msgs, changes, err := diff2.ByZone(existing, dc, nil)
+	msgs, changes, actualChangeCount, err := diff2.ByZone(existing, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	if !changes {
-		return nil, nil
+		return nil, actualChangeCount, nil
 	}
 	msg := strings.Join(msgs, "\n")
 
@@ -87,5 +87,5 @@ func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		},
 	)
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
diff --git a/providers/softlayer/softlayerProvider.go b/providers/softlayer/softlayerProvider.go
index 81e4446f3a..32f339d385 100644
--- a/providers/softlayer/softlayerProvider.go
+++ b/providers/softlayer/softlayerProvider.go
@@ -81,15 +81,15 @@ func (s *softlayerProvider) GetZoneRecords(domainName string, meta map[string]st
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (s *softlayerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, error) {
+func (s *softlayerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
 	domain, err := s.getDomain(&dc.Name)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	toReport, create, deletes, modify, err := diff.NewCompat(dc).IncrementalDiff(actual)
+	toReport, create, deletes, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
@@ -117,7 +117,7 @@ func (s *softlayerProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, a
 		})
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (s *softlayerProvider) getDomain(name *string) (*datatypes.Dns_Domain, error) {
diff --git a/providers/transip/transipProvider.go b/providers/transip/transipProvider.go
index a2e7154734..a83acc397f 100644
--- a/providers/transip/transipProvider.go
+++ b/providers/transip/transipProvider.go
@@ -114,20 +114,20 @@ func (n *transipProvider) ListZones() ([]string, error) {
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (n *transipProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, curRecords models.Records) ([]*models.Correction, error) {
+func (n *transipProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, curRecords models.Records) ([]*models.Correction, int, error) {
 
 	removeOtherNS(dc)
 
-	corrections, err := n.getCorrectionsUsingDiff2(dc, curRecords)
-	return corrections, err
+	corrections, actualChangeCount, err := n.getCorrectionsUsingDiff2(dc, curRecords)
+	return corrections, actualChangeCount, err
 }
 
-func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, records models.Records) ([]*models.Correction, error) {
+func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, records models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
-	instructions, err := diff2.ByRecordSet(records, dc, nil)
+	instructions, actualChangeCount, err := diff2.ByRecordSet(records, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range instructions {
@@ -136,7 +136,7 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 		case diff2.DELETE:
 			oldEntries, err := recordsToNative(change.Old, true)
 			if err != nil {
-				return corrections, err
+				return corrections, 0, err
 			}
 			correction := change.CreateCorrection(
 				wrapChangeFunction(
@@ -149,7 +149,7 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 		case diff2.CREATE:
 			newEntries, err := recordsToNative(change.New, false)
 			if err != nil {
-				return corrections, err
+				return corrections, 0, err
 			}
 			correction := change.CreateCorrection(
 				wrapChangeFunction(
@@ -163,7 +163,7 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 			if canDirectApplyDNSEntries(change) {
 				newEntries, err := recordsToNative(change.New, false)
 				if err != nil {
-					return corrections, err
+					return corrections, 0, err
 				}
 				correction := change.CreateCorrection(
 					wrapChangeFunction(
@@ -184,7 +184,7 @@ func (n *transipProvider) getCorrectionsUsingDiff2(dc *models.DomainConfig, reco
 
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 func (n *transipProvider) recreateRecordSet(dc *models.DomainConfig, change diff2.Change) []*models.Correction {
diff --git a/providers/vultr/vultrProvider.go b/providers/vultr/vultrProvider.go
index 0c6151945a..25aa9143d3 100644
--- a/providers/vultr/vultrProvider.go
+++ b/providers/vultr/vultrProvider.go
@@ -115,7 +115,7 @@ func (api *vultrProvider) GetZoneRecords(domain string, meta map[string]string)
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
-func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, curRecords models.Records) ([]*models.Correction, error) {
+func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, curRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
 
 	for _, rec := range dc.Records {
@@ -124,7 +124,7 @@ func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, cur
 			// These rtypes are hostnames, therefore need to be converted (unlike, for example, an AAAA record)
 			t, err := idna.ToUnicode(rec.GetTargetField())
 			if err != nil {
-				return nil, err
+				return nil, 0, err
 			}
 			rec.SetTarget(t)
 		default:
@@ -132,10 +132,9 @@ func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, cur
 		}
 	}
 
-	changes, err := diff2.ByRecord(curRecords, dc, nil)
-
+	changes, actualChangeCount, err := diff2.ByRecord(curRecords, dc, nil)
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
 	for _, change := range changes {
@@ -172,7 +171,7 @@ func (api *vultrProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, cur
 		}
 	}
 
-	return corrections, nil
+	return corrections, actualChangeCount, nil
 }
 
 // GetNameservers gets the Vultr nameservers for a domain

From 12a72cb72923f9dec040f0d270d1ab1b432f85f8 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 16 Sep 2024 20:21:59 -0400
Subject: [PATCH 347/438] DOCS: Minor clarifications on NAMESERVER() (#3113)

---
 .gitignore                                               | 2 +-
 commands/types/dnscontrol.d.ts                           | 9 +++++----
 .../language-reference/domain-modifiers/NAMESERVER.md    | 9 +++++----
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 88410ef519..aaa4741e0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,7 +23,7 @@ stack.sh
 .idea/
 *.nupkg
 .DS_Store
-.vscode/launch.json
+.vscode
 .jekyll-cache
 types-dnscontrol.d.ts
 
diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index a4ae60f37b..b540c3f5f6 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1909,20 +1909,21 @@ declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover
 declare function MX(name: string, priority: number, target: string, ...modifiers: RecordModifier[]): DomainModifier;
 
 /**
- * `NAMESERVER()` instructs DNSControl to inform the domain"s registrar where to find this zone.
+ * `NAMESERVER()` instructs DNSControl to inform the domain's registrar where to find this zone.
  * For some registrars this will also add NS records to the zone itself.
  *
  * This takes exactly one argument: the name of the nameserver. It must end with
  * a "." if it is a FQDN, just like all targets.
  *
  * This is different than the [`NS()`](NS.md) function, which inserts NS records
- * in the current zone and accepts a label. [`NS()`](NS.md) is useful for downward
+ * in the current zone and accepts a label. [`NS()`](NS.md) is for downward
  * delegations. `NAMESERVER()` is for informing upstream delegations.
  *
  * For more information, refer to [this page](../../nameservers.md).
  *
  * ```javascript
- * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+ * D("example.com", REG_MY_PROVIDER,
+ *   DnsProvider(DSP_MY_PROVIDER),
  *   DnsProvider(route53, 0),
  *   // Replace the nameservers:
  *   NAMESERVER("ns1.myserver.com."),
@@ -1941,7 +1942,7 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  * Nameservers are one of the least
  * understood parts of DNS, so a little extra explanation is required.
  *
- * * [`NS()`](NS.md) lets you add an NS record to a zone, just like [`A()`](A.md) adds an A
+ * * [`NS()`](NS.md) adds an NS record to a zone, just like [`A()`](A.md) adds an A
  *   record to the zone. This is generally used to delegate a subzone.
  *
  * * The `NAMESERVER()` directive speaks to the Registrar about how the parent should delegate the zone.
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER.md b/documentation/language-reference/domain-modifiers/NAMESERVER.md
index 24c4ee824f..354273e94e 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER.md
@@ -8,21 +8,22 @@ parameter_types:
   "modifiers...": RecordModifier[]
 ---
 
-`NAMESERVER()` instructs DNSControl to inform the domain"s registrar where to find this zone.
+`NAMESERVER()` instructs DNSControl to inform the domain's registrar where to find this zone.
 For some registrars this will also add NS records to the zone itself.
 
 This takes exactly one argument: the name of the nameserver. It must end with
 a "." if it is a FQDN, just like all targets.
 
 This is different than the [`NS()`](NS.md) function, which inserts NS records
-in the current zone and accepts a label. [`NS()`](NS.md) is useful for downward
+in the current zone and accepts a label. [`NS()`](NS.md) is for downward
 delegations. `NAMESERVER()` is for informing upstream delegations.
 
 For more information, refer to [this page](../../nameservers.md).
 
 {% code title="dnsconfig.js" %}
 ```javascript
-D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+D("example.com", REG_MY_PROVIDER,
+  DnsProvider(DSP_MY_PROVIDER),
   DnsProvider(route53, 0),
   // Replace the nameservers:
   NAMESERVER("ns1.myserver.com."),
@@ -43,7 +44,7 @@ END);
 Nameservers are one of the least
 understood parts of DNS, so a little extra explanation is required.
 
-* [`NS()`](NS.md) lets you add an NS record to a zone, just like [`A()`](A.md) adds an A
+* [`NS()`](NS.md) adds an NS record to a zone, just like [`A()`](A.md) adds an A
   record to the zone. This is generally used to delegate a subzone.
 
 * The `NAMESERVER()` directive speaks to the Registrar about how the parent should delegate the zone.

From 269542c5cfdd4928bcdd6065f6012cd9418f609a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 16 Sep 2024 20:54:51 -0400
Subject: [PATCH 348/438] RELEASE: Move some BYOS steps to be standard (#3107)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 .github/workflows/pr_test.yml      | 34 ++++++++--------
 documentation/byo-secrets.md       | 10 ++++-
 documentation/writing-providers.md | 64 +++++++++++++++++++++++++++---
 3 files changed, 83 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index a5b42cc5ee..5b73d63a30 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -128,61 +128,61 @@ jobs:
       # PROVIDER SECRET LIST
       # The above providers have additional env variables they
       # need for credentials and such.
-
+      #
       AZURE_DNS_CLIENT_ID: ${{ secrets.AZURE_DNS_CLIENT_ID }}
       AZURE_DNS_CLIENT_SECRET: ${{ secrets.AZURE_DNS_CLIENT_SECRET }}
       AZURE_DNS_RESOURCE_GROUP: ${{ secrets.AZURE_DNS_RESOURCE_GROUP }}
       AZURE_DNS_SUBSCRIPTION_ID: ${{ secrets.AZURE_DNS_SUBSCRIPTION_ID }}
       AZURE_DNS_TENANT_ID: ${{ secrets.AZURE_DNS_TENANT_ID }}
-
+      #
       BUNNY_DNS_API_KEY: ${{ secrets.BUNNY_DNS_API_KEY }}
-
+      #
       CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
       CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
-
+      #
       CLOUDNS_AUTH_ID: ${{ secrets.CLOUDNS_AUTH_ID }}
       CLOUDNS_AUTH_PASSWORD: ${{ secrets.CLOUDNS_AUTH_PASSWORD }}
-
+      #
       CSCGLOBAL_APIKEY: ${{ secrets.CSCGLOBAL_APIKEY }}
       CSCGLOBAL_USERTOKEN: ${{ secrets.CSCGLOBAL_USERTOKEN }}
-
+      #
       DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
-
+      #
       GANDI_V5_APIKEY: ${{ secrets.GANDI_V5_APIKEY }}
-
+      #
       GCLOUD_EMAIL: ${{ secrets.GCLOUD_EMAIL }}
       GCLOUD_PRIVATEKEY: ${{ secrets.GCLOUD_PRIVATEKEY }}
       GCLOUD_PROJECT: ${{ secrets.GCLOUD_PROJECT }}
       GCLOUD_TYPE: ${{ secrets.GCLOUD_TYPE }}
-
+      #
       HEDNS_PASSWORD: ${{ secrets.HEDNS_PASSWORD }}
       HEDNS_TOTP_SECRET: ${{ secrets.HEDNS_TOTP_SECRET }}
       HEDNS_USERNAME: ${{ secrets.HEDNS_USERNAME }}
-
+      #
       HEXONET_ENTITY: ${{ secrets.HEXONET_ENTITY }}
       HEXONET_PW: ${{ secrets.HEXONET_PW }}
       HEXONET_UID: ${{ secrets.HEXONET_UID }}
-
+      #
       HUAWEICLOUD_REGION: ${{ secrets.HUAWEICLOUD_REGION }}
       HUAWEICLOUD_KEY_ID: ${{ secrets.HUAWEICLOUD_KEY_ID }}
       HUAWEICLOUD_KEY: ${{ secrets.HUAWEICLOUD_KEY }}
-
+      #
       NAMEDOTCOM_KEY: ${{ secrets.NAMEDOTCOM_KEY }}
       NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
       NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
-
+      #
       NS1_TOKEN: ${{ secrets.NS1_TOKEN }}
-
+      #
       POWERDNS_APIKEY: ${{ secrets.POWERDNS_APIKEY }}
       POWERDNS_APIURL: ${{ secrets.POWERDNS_APIURL }}
       POWERDNS_SERVERNAME: ${{ secrets.POWERDNS_SERVERNAME }}
-
+      #
       ROUTE53_KEY: ${{ secrets.ROUTE53_KEY }}
       ROUTE53_KEY_ID: ${{ secrets.ROUTE53_KEY_ID }}
-
+      #
       SAKURACLOUD_ACCESS_TOKEN: ${{ secrets.SAKURACLOUD_ACCESS_TOKEN }}
       SAKURACLOUD_ACCESS_TOKEN_SECRET: ${{ secrets.SAKURACLOUD_ACCESS_TOKEN_SECRET }}
-
+      #
       TRANSIP_ACCOUNT_NAME: ${{ secrets.TRANSIP_ACCOUNT_NAME }}
       TRANSIP_PRIVATE_KEY: ${{ secrets.TRANSIP_PRIVATE_KEY }}
 
diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
index ce7b9fae66..76c3becd23 100644
--- a/documentation/byo-secrets.md
+++ b/documentation/byo-secrets.md
@@ -58,6 +58,10 @@ Create a branch as you normally would to submit a PR to the project.
 
 Step 2: Update `pr_test.yml`
 
+{% hint style="info" %}
+Edits to `pr_test.yml` may have already been done for you.
+{% endhint %}
+
 Edit `.github/workflows/pr_test.yml`
 
 1. Add the provider to the `PROVIDERS` list.
@@ -68,8 +72,10 @@ Edit `.github/workflows/pr_test.yml`
 The line looks something like:
 
 {% code title=".github/workflows/pr_test.yml" %}
-```
-        PROVIDERS: "['AZURE_DNS','BIND','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','TRANSIP']"
+```yaml
+      env:
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
+        ENV_CONTEXT: ${{ toJson(env) }}
 ```
 {% endcode %}
 
diff --git a/documentation/writing-providers.md b/documentation/writing-providers.md
index 663f79e889..129aa48537 100644
--- a/documentation/writing-providers.md
+++ b/documentation/writing-providers.md
@@ -297,7 +297,58 @@ dependencies.
 
 In the repo root, open `.goreleaser.yml` and add the provider to `Provider-specific changes` regexp.
 
-## Step 14: Check your work
+## Step 14: Update `pr_test.yml`
+
+This assures that in the future it will be easy to test this provider using GitHub Actions.
+
+Edit `.github/workflows/pr_test.yml`
+
+* Add the name of the provider to the PROVIDERS list.
+* Please keep this list sorted alphabetically.
+
+The entry looks something like:
+
+{% code title=".github/workflows/pr_test.yml" %}
+```yaml
+      env:
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
+        ENV_CONTEXT: ${{ toJson(env) }}
+```
+{% endcode %}
+
+2. Add your providers `_DOMAIN` env variable:
+
+* Add it to the `env` section of `integration-tests`.
+* Please keep this list sorted alphabetically.
+
+To find this section, search for `PROVIDER SECRET LIST`.
+
+For example, the entry for BIND looks like:
+
+{% code title=".github/workflows/pr_test.yml" %}
+```
+        BIND_DOMAIN: ${{ vars.BIND_DOMAIN }}
+```
+{% endcode %}
+
+3. Add your providers other ENV variables:
+
+Every provider requires different variables set to perform the integration tests.  The list of such variables is in `integrationTest/providers.json`.
+
+You've already added `*_DOMAIN` to `pr_test.yml`. Now we're going to add the remaining ones.
+
+To find this section, search for `PROVIDER SECRET LIST`.
+
+For example, the entry for CLOUDFLAREAPI looks like this:
+
+{% code title=".github/workflows/pr_test.yml" %}
+```
+        CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
+        CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
+```
+{% endcode %}
+
+## Step 15: Check your work
 
 These are the things we'll be checking when you submit the PR.  Please try to complete all or as many of these as possible.
 
@@ -311,7 +362,7 @@ These are the things we'll be checking when you submit the PR.  Please try to co
   * `documentation/providers.md` (the autogenerated table + the second one; make sure it is removed from the `requested` list)
   * `documentation/provider/`PROVIDERNAME`.md`
   * `integrationTest/providers.json`
-    * `providers/_all/all.go`
+  * `providers/_all/all.go`
 3. Review the code for style issues, remove debug statements, make sure all exported functions have a comment, and generally tighten up the code.
 4. Verify you're using the most recent version of anything you import.  (See [Step 12](#step-12-dependencies))
 5. Re-run the [integration test](#step-7-integration-test) one last time.
@@ -322,12 +373,13 @@ These are the things we'll be checking when you submit the PR.  Please try to co
 
 At this point you can submit a PR.
 
-Actually you can submit the PR even earlier if you just want feedback,
-input, or have questions.  This is just a good stopping place to
-submit a PR if you haven't already.
+The PR should include the sentence: "Please create the GitHub label 'provider-PROVIDERNAME'" (change `PROVIDERNAME` to the name of your provider.)  This is
+
+Actually you can submit the PR earlier if you just want feedback,
+or have questions.  However if you haven't submitted a PR by now, this is the time to do it.
+
 
 ## Step 16: After the PR is merged
 
 1. Close any related GitHub issues.
-2. [Create an issue (feature request)](https://github.com/StackExchange/dnscontrol/issues/new?title=Add%20label%20for%20PROVIDERNAME) with the text "Please create the GitHub label 'provider-PROVIDERNAME'".
 3. Would you like your provider to be tested automatically as part of every PR?  Sure you would!  Follow the instructions in [Bring-Your-Own-Secrets for automated testing](byo-secrets.md)

From dcba570bf1e4f80555b499b8361f716a5d577375 Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Wed, 18 Sep 2024 15:48:08 +0000
Subject: [PATCH 349/438] CLOUDNS: implement AutoDNSSEC (#747) (#3114)

---
 documentation/providers.md           |  2 +-
 providers/cloudns/api.go             | 37 ++++++++++++++++++++++++++++
 providers/cloudns/cloudnsProvider.go | 35 ++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 6ad2b0c5db..c2700b20cc 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -22,7 +22,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
diff --git a/providers/cloudns/api.go b/providers/cloudns/api.go
index f5f5ac35a0..f4b4a7e2ea 100644
--- a/providers/cloudns/api.go
+++ b/providers/cloudns/api.go
@@ -196,6 +196,43 @@ func (c *cloudnsProvider) getRecords(id string) ([]domainRecord, error) {
 	return records, nil
 }
 
+func (c *cloudnsProvider) isDnssecEnabled(id string) (bool, error) {
+	params := requestParams{"domain-name": id}
+
+	var bodyString, err = c.get("/dns/get-dnssec-ds-records.json", params)
+	if err != nil {
+		// DNSSEC disabled is indicated by an error fetching the DS records.
+		var errResp errorResponse
+		err = json.Unmarshal(bodyString, &errResp)
+		if err == nil {
+			if errResp.Description == "The DNSSEC is not active." {
+				return false, nil
+			}
+			return false, fmt.Errorf("failed fetching DS records from ClouDNS: %s", err)
+		}
+	}
+
+	return true, nil
+}
+
+func (c *cloudnsProvider) setDnssec(id string, enabled bool) error {
+	params := requestParams{"domain-name": id}
+
+	var endpoint string
+	if enabled {
+		endpoint = "/dns/activate-dnssec.json"
+	} else {
+		endpoint = "/dns/deactivate-dnssec.json"
+	}
+
+	var _, err = c.get(endpoint, params)
+	if err != nil {
+		return fmt.Errorf("failed setting DNSSEC at ClouDNS: %s", err)
+	}
+
+	return nil
+}
+
 func (c *cloudnsProvider) get(endpoint string, params requestParams) ([]byte, error) {
 	client := &http.Client{}
 	req, _ := http.NewRequest("GET", "https://api.cloudns.net"+endpoint, nil)
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 36076fccb4..b5fab1f7fd 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -40,6 +40,7 @@ func NewCloudns(m map[string]string, metadata json.RawMessage) (providers.DNSSer
 var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
@@ -134,12 +135,18 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 		record.TTL = fixTTL(record.TTL)
 	}
 
+	dnssecFixes, err := c.getDNSSECCorrections(dc)
+	if err != nil {
+		return nil, 0, err
+	}
+
 	toReport, create, del, modify, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(existingRecords)
 	if err != nil {
 		return nil, 0, err
 	}
 	// Start corrections with the reports
 	corrections := diff.GenerateMessageCorrections(toReport)
+	corrections = append(corrections, dnssecFixes...)
 
 	// Deletes first so changing type works etc.
 	for _, m := range del {
@@ -225,6 +232,34 @@ func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 
 }
 
+// getDNSSECCorrections returns corrections that update a domain's DNSSEC state.
+func (c *cloudnsProvider) getDNSSECCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
+	enabled, err := c.isDnssecEnabled(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	if enabled && dc.AutoDNSSEC == "off" {
+		return []*models.Correction{
+			{
+				Msg: "Disable DNSSEC",
+				F:   func() error { err := c.setDnssec(dc.Name, false); return err },
+			},
+		}, nil
+	}
+
+	if !enabled && dc.AutoDNSSEC == "on" {
+		return []*models.Correction{
+			{
+				Msg: "Enable DNSSEC",
+				F:   func() error { err := c.setDnssec(dc.Name, true); return err },
+			},
+		}, nil
+	}
+
+	return []*models.Correction{}, nil
+}
+
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (c *cloudnsProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
 	records, err := c.getRecords(domain)

From b22078e78b426cac9c39f74f49c2eb79216d12c6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 18 Sep 2024 14:33:07 -0400
Subject: [PATCH 350/438] DEV: Update dependabot.yml (#3115)

---
 .github/dependabot.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3749f99e53..8fb2e90dc8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -22,7 +22,6 @@ updates:
       - dependency-name: "github.com/exoscale/egoscale"
       - dependency-name: "github.com/ovh/go-ovh"
       - dependency-name: "github.com/vultr/govultr"
-      - dependency-name: "gopkg.in/ns1/ns1-go.v2"
 
   # Maintain dependencies for Docker
   - package-ecosystem: "docker"

From 3553459598ba0898ad41f942387bd2431dfb02d8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Sep 2024 08:58:20 -0400
Subject: [PATCH 351/438] Build(deps): Bump alpine from 3.20.2 to 3.20.3
 (#3116)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index b78f175eb3..54365893ef 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 as RUN
+FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From 2a424f5672a9b01fe2adbb6c25fe3bec36f8a53e Mon Sep 17 00:00:00 2001
From: Kevin Ji <1146876+kevinji@users.noreply.github.com>
Date: Mon, 23 Sep 2024 05:59:17 -0700
Subject: [PATCH 352/438] DOCS: Update Cloudflare permission to "Single
 Redirect" (#3122)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/provider/cloudflareapi.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index f9bd347a31..009df860e5 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -64,7 +64,7 @@ DNSControl requires the token to have the following permissions:
 * Editing Page Rules?
   * Add: Edit Page Rules (`Zone → Page Rules → Edit`)
 * Creating Redirects?
-  * Add: Edit Dynamic Redirect (`Zone → Dynamic Redirect → Edit`)
+  * Add: Edit Single Redirect (`Zone → Single Redirect → Edit`)
 * Managing Cloudflare Workers? (if `manage_workers`: set to `true` or `CF_WORKER_ROUTE()` is in use.)
   * Add: Edit Worker Scripts (`Account → Workers Scripts → Edit`)
   * Add: Edit Worker Scripts (`Zone → Workers Routes → Edit`)

From c1abd5d9faba038bc8c59b0962f7c97bd9d59cab Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Tue, 24 Sep 2024 14:02:55 +0000
Subject: [PATCH 353/438] CLOUDNS: don't print full URL on error (#3124)
 (#3126)

---
 providers/cloudns/api.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/providers/cloudns/api.go b/providers/cloudns/api.go
index f4b4a7e2ea..cbaa6556a8 100644
--- a/providers/cloudns/api.go
+++ b/providers/cloudns/api.go
@@ -265,7 +265,9 @@ func (c *cloudnsProvider) get(endpoint string, params requestParams) ([]byte, er
 	err = json.Unmarshal(bodyString, &errResp)
 	if err == nil {
 		if errResp.Status == "Failed" {
-			return bodyString, fmt.Errorf("ClouDNS API error: %s URL:%s%s ", errResp.Description, req.Host, req.URL.RequestURI())
+			// For debug only - req.URL.RequestURI() contains the authentication params:
+			// return bodyString, fmt.Errorf("ClouDNS API error: %s URL:%s%s ", errResp.Description, req.Host, req.URL.RequestURI())
+			return bodyString, fmt.Errorf("ClouDNS API error: %s", errResp.Description)
 		}
 	}
 

From 62da39c1f63fd80ba4988105b1c1effb28825ca1 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 24 Sep 2024 11:31:24 -0400
Subject: [PATCH 354/438] CHORE: update deps (#3128)

---
 go.mod |  80 ++++++++++++++---------------
 go.sum | 160 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 120 insertions(+), 120 deletions(-)

diff --git a/go.mod b/go.mod
index cd5f4943dc..e4bca2b558 100644
--- a/go.mod
+++ b/go.mod
@@ -12,20 +12,20 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
-	github.com/PuerkitoBio/goquery v1.9.2
+	github.com/PuerkitoBio/goquery v1.10.0
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.30.4
-	github.com/aws/aws-sdk-go-v2/config v1.27.31
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.30
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4
+	github.com/aws/aws-sdk-go-v2 v1.31.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.37
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.35
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.103.0
-	github.com/digitalocean/godo v1.121.0
+	github.com/cloudflare/cloudflare-go v0.104.0
+	github.com/digitalocean/godo v1.125.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -33,7 +33,7 @@ require (
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
-	github.com/hashicorp/vault/api v1.14.0
+	github.com/hashicorp/vault/api v1.15.0
 	github.com/jinzhu/copier v0.4.0
 	github.com/miekg/dns v1.1.62
 	github.com/mittwald/go-powerdns v0.6.6
@@ -50,11 +50,11 @@ require (
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.4
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.26.0 // indirect
-	golang.org/x/net v0.28.0
-	golang.org/x/oauth2 v0.22.0
-	google.golang.org/api v0.195.0
-	gopkg.in/ns1/ns1-go.v2 v2.12.0
+	golang.org/x/crypto v0.27.0 // indirect
+	golang.org/x/net v0.29.0
+	golang.org/x/oauth2 v0.23.0
+	google.golang.org/api v0.198.0
+	gopkg.in/ns1/ns1-go.v2 v2.12.1
 )
 
 require (
@@ -64,38 +64,38 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.73.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
-	golang.org/x/text v0.17.0
+	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
+	golang.org/x/text v0.18.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.9.1 // indirect
+	cloud.google.com/go/auth v0.9.4 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
-	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cloud.google.com/go/compute/metadata v0.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.30.5 // indirect
-	github.com/aws/smithy-go v1.20.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect
+	github.com/aws/smithy-go v1.21.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
-	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
+	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
@@ -113,7 +113,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -150,18 +150,18 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	go.mongodb.org/mongo-driver v1.12.0 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/mod v0.20.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.24.0 // indirect
+	golang.org/x/sys v0.25.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
-	golang.org/x/tools v0.24.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect
-	google.golang.org/grpc v1.65.0 // indirect
+	golang.org/x/tools v0.25.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
+	google.golang.org/grpc v1.66.2 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 4e8b3be07c..e05c43fd7a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,10 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w=
-cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk=
+cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI=
+cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA=
 cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
 cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
-cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
-cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
+cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs=
+cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
@@ -30,8 +30,8 @@ github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7 h1:AJK
 github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7/go.mod h1:GCzqZQHydohgVLSIqRKZeTt8IGb1Y4NaFfim3H40uUI=
 github.com/G-Core/gcore-dns-sdk-go v0.2.9 h1:LMMZIRX8y3aJJuAviNSpFmLbovZUw+6Om+8VElp1F90=
 github.com/G-Core/gcore-dns-sdk-go v0.2.9/go.mod h1:35t795gOfzfVanhzkFyUXEzaBuMXwETmJldPpP28MN4=
-github.com/PuerkitoBio/goquery v1.9.2 h1:4/wZksC3KgkQw7SQgkKotmKljk0M6V8TUvA8Wb4yPeE=
-github.com/PuerkitoBio/goquery v1.9.2/go.mod h1:GHPCaP0ODyyxqcNoFGYlAprUFH81NuRPd0GX3Zu2Mvk=
+github.com/PuerkitoBio/goquery v1.10.0 h1:6fiXdLuUvYs2OJSvNRqlNPoBm6YABE226xrbavY5Wv4=
+github.com/PuerkitoBio/goquery v1.10.0/go.mod h1:TjZZl68Q3eGHNBA8CWaxAN7rOU1EbDz3CWuolcO5Yu4=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36 h1:vfVc5pSCq58ljNpXXwUcLnHATYi/x+YUdqFc9uBhLbM=
 github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36/go.mod h1:MwE/QxFCN65F0hKGWFHUh2U2o1p2tMPNR1zHkX6vEh8=
 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY=
@@ -41,36 +41,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
-github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
-github.com/aws/aws-sdk-go-v2/config v1.27.31 h1:kxBoRsjhT3pq0cKthgj6RU6bXTm/2SgdoUMyrVw0rAI=
-github.com/aws/aws-sdk-go-v2/config v1.27.31/go.mod h1:z04nZdSWFPaDwK3DdJOG2r+scLQzMYuJeW0CujEm9FM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.30 h1:aau/oYFtibVovr2rDt8FHlU17BTicFEMAi29V1U+L5Q=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.30/go.mod h1:BPJ/yXV92ZVq6G8uYvbU0gSl8q94UB63nMT5ctNO38g=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 h1:yjwoSyDZF8Jth+mUk5lSPJCkMC0lMy6FaCD51jm6ayE=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12/go.mod h1:fuR57fAgMk7ot3WcNQfb6rSEn+SUffl7ri+aa8uKysI=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16 h1:TNyt/+X43KJ9IJJMjKfa3bNTiZbUP7DeCxfbTROESwY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.16/go.mod h1:2DwJF39FlNAUiX5pAc0UNeiz16lK2t7IaFcm0LFHEgc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16 h1:jYfy8UPmd+6kJW5YhY0L1/KftReOGxI/4NtVSTh9O/I=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.16/go.mod h1:7ZfEPZxkW42Afq4uQB8H2E2e6ebh6mXTueEpYzjCzcs=
+github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
+github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
+github.com/aws/aws-sdk-go-v2/config v1.27.37 h1:xaoIwzHVuRWRHFI0jhgEdEGc8xE1l91KaeRDsWEIncU=
+github.com/aws/aws-sdk-go-v2/config v1.27.37/go.mod h1:S2e3ax9/8KnMSyRVNd3sWTKs+1clJ2f1U6nE0lpvQRg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.35 h1:7QknrZhYySEB1lEXJxGAmuD5sWwys5ZXNr4m5oEz0IE=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.35/go.mod h1:8Vy4kk7at4aPSmibr7K+nLTzG6qUQAUO4tW49fzUV4E=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 h1:tJ5RnkHCiSH0jyd6gROjlJtNwov0eGYNz8s8nFcR0jQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18/go.mod h1:++NHzT+nAF7ZPrHPsA+ENvsXkOO8wEu+C6RXltAG4/c=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0 h1:xtp7jye7KhWu4ptBs5yh1Vep0vLAGSNGmArOUp997DU=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.43.0/go.mod h1:QN7tFo/W8QjLCR6aPZqMZKaVQJiAp95r/g78x1LWtkA=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4 h1:YCHWMRbaIyNUzhsFXSxW2aJ00WV6FUGzt2OtyE7RMyw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.25.4/go.mod h1:WUxTIZlbeHcwisUsauu2ra7O2+s11PM8xRLffHzc1q4=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 h1:zCsFCKvbj25i7p1u94imVoO447I/sFv8qq+lGJhRN0c=
-github.com/aws/aws-sdk-go-v2/service/sso v1.22.5/go.mod h1:ZeDX1SnKsVlejeuz41GiajjZpRSWR7/42q/EyA/QEiM=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 h1:SKvPgvdvmiTWoi0GAJ7AsJfOz3ngVkD/ERbs5pUnHNI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5/go.mod h1:20sz31hv/WsPa3HhU3hfrIet2kxM4Pe0r20eBZ20Tac=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.5 h1:OMsEmCyz2i89XwRwPouAJvhj81wINh+4UK+k/0Yo/q8=
-github.com/aws/aws-sdk-go-v2/service/sts v1.30.5/go.mod h1:vmSqFK+BVIwVpDAGZB3CoCXHzurt4qBE8lf+I/kRTh0=
-github.com/aws/smithy-go v1.20.4 h1:2HK1zBdPgRbjFOHlfeQZfpC4r72MOb9bZkiFwggKO+4=
-github.com/aws/smithy-go v1.20.4/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1 h1:ABCgel4gEOxTkhYlQ7E7tN3LFjQHGNNBSnprqC4KDGY=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1/go.mod h1:l2ABSKg3AibEJeR/l60cfeGU54UqF3VTgd51pq+vYhU=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1 h1:8vcPjkdKCefo12hkyE817Tl5R1MrtF0LORiWa2CMEa8=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1/go.mod h1:uFNgoaUIINLeJmEQmq4WqDvg4iVUPgpGyHGvuJKESxM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 h1:2jrVsMHqdLD1+PA4BA6Nh1eZp0Gsy3mFSB5MxDvcJtU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.1/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 h1:0L7yGCg3Hb3YQqnSgBTZM5wepougtL1aEccdcdYhHME=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 h1:8K0UNOkZiK9Uh3HIF6Bx0rcNCftqGCeKmOaR7Gp5BSo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.1/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
+github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
+github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -81,16 +81,16 @@ github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyX
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
-github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=
-github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7 h1:Jk7uhY5q11fE5PlEupX2Lo12w82UhGC6bE1CI5jwFbc=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod h1:FnQtD0+Q/1NZxi0eEWN+3ZRyMsE9vzSB3YjyunkbKD0=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.103.0 h1:XXKzgXeUbAo7UTtM4T5wuD2bJPBtNZv7TlZAEy5QI4k=
-github.com/cloudflare/cloudflare-go v0.103.0/go.mod h1:0DrjT4g8wgYFYIxhlqR8xi8dNWfyHFGilUkU3+XV8h0=
+github.com/cloudflare/cloudflare-go v0.104.0 h1:R/lB0dZupaZbOgibAH/BRrkFbZ6Acn/WsKg2iX2xXuY=
+github.com/cloudflare/cloudflare-go v0.104.0/go.mod h1:pfUQ4PIG4ISI0/Mmc21Bp86UnFU0ktmPf3iTgbSL+cM=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.121.0 h1:ilXiHuEnhbJs2fmFEPX0r/QQ6KfiOIMAhJN3f8NiCfI=
-github.com/digitalocean/godo v1.121.0/go.mod h1:WQVH83OHUy6gC4gXpEVQKtxTd4L5oCp+5OialidkPLY=
+github.com/digitalocean/godo v1.125.0 h1:wGPBQRX9Wjo0qCF0o8d25mT3A84Iw8rfHnZOPyvHcMQ=
+github.com/digitalocean/godo v1.125.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -209,8 +209,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
-github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
 github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
 github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -244,10 +244,10 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S
 github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU=
-github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112 h1:kIZQl+PjLn/AZLzqMaHnD1C3HdCCum0mMrlMFaOmB5U=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.112/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
+github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115 h1:0i/6REsHzn1KCW7hF0H1XxXibzmY9CuGUkOX71yRNwY=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -434,14 +434,14 @@ go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0P
 go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
-go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
-go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
-go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -453,11 +453,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw=
-golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54=
+golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
+golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA=
-golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -465,8 +465,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
-golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
+golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -485,11 +485,11 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
+golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -526,8 +526,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
-golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -546,8 +546,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc=
-golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
+golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
@@ -563,31 +563,31 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
-golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
+golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE=
+golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU=
-google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc=
+google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks=
+google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8=
-google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
-google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
+google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -614,8 +614,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.12.0 h1:cqdqQoTx17JmTusfxh5m3e2b36jfUzFAZedv89pFX18=
-gopkg.in/ns1/ns1-go.v2 v2.12.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.12.1 h1:GiiZPB8JusUF/ruyUDzddd70b3HZGa5A3njtKUe84jA=
+gopkg.in/ns1/ns1-go.v2 v2.12.1/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From f18ef35b0d16c08374790c56d353506495b3c70b Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 26 Sep 2024 15:21:15 +0200
Subject: [PATCH 355/438] CICD: GoReleaser snapshot property deprecation
 (#3131)

---
 .goreleaser.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index 2a78882318..bd06019bbc 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -150,7 +150,7 @@ docker_manifests:
 checksum:
   name_template: 'checksums.txt'
 snapshot:
-  name_template: "{{ incpatch .Version }}-next"
+  version_template: "{{ incpatch .Version }}-next"
 
 release:
   draft: true

From 0f08087978462f52b1051dd961af5200380ad329 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 26 Sep 2024 13:09:13 -0400
Subject: [PATCH 356/438] FEATURE: parallel preview/push is now default (#3132)

---
 commands/ppreviewPush.go | 10 ++++++----
 commands/previewPush.go  |  4 ++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 68e846b4eb..08d7a557f7 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -31,8 +31,9 @@ type zoneCache struct {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPreviewArgs
 	return &cli.Command{
-		Name:  "ppreview",
-		Usage: "read live configuration and identify changes to be made, without applying them",
+		Name:    "preview",
+		Aliases: []string{"ppreview"},
+		Usage:   "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
 			return exit(PPreview(args))
 		},
@@ -122,8 +123,9 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPushArgs
 	return &cli.Command{
-		Name:  "ppush",
-		Usage: "identify changes to be made, and perform them",
+		Name:    "push",
+		Aliases: []string{"ppush"},
+		Usage:   "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
 			return exit(PPush(args))
 		},
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 8220f5bee0..38038a37ea 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -26,7 +26,7 @@ import (
 var _ = cmd(catMain, func() *cli.Command {
 	var args PreviewArgs
 	return &cli.Command{
-		Name:  "preview",
+		Name:  "oldpreview",
 		Usage: "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
 			return exit(Preview(args))
@@ -98,7 +98,7 @@ func (args *PreviewArgs) flags() []cli.Flag {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PushArgs
 	return &cli.Command{
-		Name:  "push",
+		Name:  "oldpush",
 		Usage: "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
 			return exit(Push(args))

From d6d50fc8625f893454872668a37bf26cdbedbd3c Mon Sep 17 00:00:00 2001
From: Paul Donald <newtwen+github@gmail.com>
Date: Fri, 27 Sep 2024 18:06:19 +0200
Subject: [PATCH 357/438] LOC: fix float altitude value ingestion, gate size
 and precision values (#3130)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/types/dnscontrol.d.ts                |  14 +-
 .../domain-modifiers/LOC.md                   |  13 +-
 integrationTest/integration_test.go           |  10 +-
 models/t_loc.go                               |  73 ++++++----
 pkg/js/helpers.js                             | 133 +++++++++++++++---
 pkg/js/parse_tests/045-loc.js                 |  17 ++-
 pkg/js/parse_tests/045-loc.json               | 126 ++++++++++++++++-
 pkg/js/parse_tests/045-loc/foo.com.zone       |  17 ++-
 8 files changed, 340 insertions(+), 63 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index b540c3f5f6..2315a8424b 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -1559,7 +1559,7 @@ declare function INCLUDE(domain: string): DomainModifier;
 declare function IP(ip: string): number;
 
 /**
- * The parameter number types are as follows:
+ * The parameter number types ingested are as follows:
  *
  * ```
  * name: string
@@ -1570,7 +1570,7 @@ declare function IP(ip: string): number;
  * deg2: uint32
  * min2: uint32
  * sec2: float32
- * altitude: uint32
+ * altitude: float32
  * size: float32
  * horizontal_precision: float32
  * vertical_precision: float32
@@ -1627,15 +1627,21 @@ declare function IP(ip: string): number;
  *
  * `degrees,minutes,seconds,[NnSs],deg,min,sec,[EeWw],altitude,size,horizontal_precision,vertical_precision`
  *
+ * where:
+ *  altitude: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)
+ *  size, horizontal_precision, vertical_precision: [0 .. 90000000.00] (size/precision in meters)
+ *
+ * values outside of the above ranges are gated to within the ranges.
+ *
  * ## Examples ##
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
  *   //42 21 54     N  71 06  18     W -24m 30m
- *   LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0),
+ *   LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24.01,   30,    0,  0),
  *   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
- *   LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10),
+ *   LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24.33,    1,  200, 10),
  *   //52 14 05     N  00 08  50     E 10m
  *   LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0),
  *   //32  7 19     S 116  2  25     E 10m
diff --git a/documentation/language-reference/domain-modifiers/LOC.md b/documentation/language-reference/domain-modifiers/LOC.md
index f41696fb30..ae4f127d26 100644
--- a/documentation/language-reference/domain-modifiers/LOC.md
+++ b/documentation/language-reference/domain-modifiers/LOC.md
@@ -26,7 +26,7 @@ parameter_types:
   vertical_precision: number
 ---
 
-The parameter number types are as follows:
+The parameter number types ingested are as follows:
 
 ```
 name: string
@@ -37,7 +37,7 @@ sec1: float32
 deg2: uint32
 min2: uint32
 sec2: float32
-altitude: uint32
+altitude: float32
 size: float32
 horizontal_precision: float32
 vertical_precision: float32
@@ -97,6 +97,11 @@ The coordinate format for `LOC()` is:
 
 `degrees,minutes,seconds,[NnSs],deg,min,sec,[EeWw],altitude,size,horizontal_precision,vertical_precision`
 
+where:
+ altitude: [-100000.00 .. 42849672.95] BY .01 (altitude in meters)
+ size, horizontal_precision, vertical_precision: [0 .. 90000000.00] (size/precision in meters)
+
+values outside of the above ranges are gated to within the ranges.
 
 ## Examples ##
 
@@ -105,9 +110,9 @@ The coordinate format for `LOC()` is:
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
   //42 21 54     N  71 06  18     W -24m 30m
-  LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0),
+  LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24.01,   30,    0,  0),
   //42 21 43.952 N  71 5   6.344  W -24m 1m 200m 10m
-  LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10),
+  LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24.33,    1,  200, 10),
   //52 14 05     N  00 08  50     E 10m
   LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0),
   //32  7 19     S 116  2  25     E 10m
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index ae0551f1c9..a2ee6ecf95 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -581,7 +581,7 @@ func ignore(labelSpec string, typeSpec string, targetSpec string) *models.Record
 }
 
 func loc(name string, d1 uint8, m1 uint8, s1 float32, ns string,
-	d2 uint8, m2 uint8, s2 float32, ew string, al int32, sz float32, hp float32, vp float32) *models.RecordConfig {
+	d2 uint8, m2 uint8, s2 float32, ew string, al float32, sz float32, hp float32, vp float32) *models.RecordConfig {
 	r := makeRec(name, "", "LOC")
 	r.SetLOCParams(d1, m1, s1, ns, d2, m2, s2, ew, al, sz, hp, vp)
 	return r
@@ -1483,16 +1483,16 @@ func makeTests() []*TestGroup {
 		testgroup("LOC",
 			requires(providers.CanUseLOC),
 			//42 21 54     N  71 06  18     W -24m 30m
-			tc("Single LOC record", loc("@", 42, 21, 54, "N", 71, 6, 18, "W", -24, 30, 0, 0)),
+			tc("Single LOC record", loc("@", 42, 21, 54, "N", 71, 6, 18, "W", -24.05, 30, 0, 0)),
 			//42 21 54     N  71 06  18     W -24m 30m
-			tc("Update single LOC record", loc("@", 42, 21, 54, "N", 71, 6, 18, "W", -24, 30, 10, 0)),
+			tc("Update single LOC record", loc("@", 42, 21, 54, "N", 71, 6, 18, "W", -24.06, 30, 10, 0)),
 			tc("Multiple LOC records-create a-d modify apex", //create a-d, modify @
 				//42 21 54     N  71 06  18     W -24m 30m
 				loc("@", 42, 21, 54, "N", 71, 6, 18, "W", -24, 30, 0, 0),
 				//42 21 43.952 N  71 5   6.344  W -24m 1m 200m
-				loc("a", 42, 21, 43.952, "N", 71, 5, 6.344, "W", -24, 1, 200, 10),
+				loc("a", 42, 21, 43.952, "N", 71, 5, 6.344, "W", -24.33, 1, 200, 10),
 				//52 14 05     N  00 08  50     E 10m
-				loc("b", 52, 14, 5, "N", 0, 8, 50, "E", 10, 0, 0, 0),
+				loc("b", 52, 14, 5, "N", 0, 8, 50, "E", 10.22, 0, 0, 0),
 				//32  7 19     S 116  2  25     E 10m
 				loc("c", 32, 7, 19, "S", 116, 2, 25, "E", 10, 0, 0, 0),
 				//42 21 28.764 N  71 00  51.617 W -44m 2000m
diff --git a/models/t_loc.go b/models/t_loc.go
index f4c641f588..4a4ad639ae 100644
--- a/models/t_loc.go
+++ b/models/t_loc.go
@@ -2,7 +2,7 @@ package models
 
 import (
 	"fmt"
-	"strconv"
+	"math"
 	"strings"
 
 	"github.com/miekg/dns"
@@ -31,7 +31,7 @@ func (rc *RecordConfig) SetTargetLOC(ver uint8, lat uint32, lon uint32, alt uint
 // for further processing to the LOC native 7 input binary format:
 // LocVersion (0), LocLatitude, LocLongitude, LocAltitude, LocSize, LocVertPre, LocHorizPre
 func (rc *RecordConfig) SetLOCParams(d1 uint8, m1 uint8, s1 float32, ns string,
-	d2 uint8, m2 uint8, s2 float32, ew string, al int32, sz float32, hp float32, vp float32) error {
+	d2 uint8, m2 uint8, s2 float32, ew string, al float32, sz float32, hp float32, vp float32) error {
 
 	err := rc.calculateLOCFields(d1, m1, s1, ns, d2, m2, s2, ew, al, sz, hp, vp)
 
@@ -78,18 +78,17 @@ func (rc *RecordConfig) SetTargetLOCString(origin string, contents string) error
 // the 12 variable inputs of integers and strings.
 func (rc *RecordConfig) extractLOCFieldsFromStringInput(input string) error {
 	var d1, m1, d2, m2 uint8
-	var al int32
+	var al float32
 	var s1, s2 float32
 	var ns, ew string
 	var sz, hp, vp float32
 
-	var err error
-	_, err = fmt.Sscanf(input+"~", "%d %d %f %s %d %d %f %s %dm %fm %fm %fm~",
+	_, err := fmt.Sscanf(input+"~", "%d %d %f %s %d %d %f %s %fm %fm %fm %fm~",
 		&d1, &m1, &s1, &ns, &d2, &m2, &s2, &ew, &al, &sz, &hp, &vp)
 	if err != nil {
-		return fmt.Errorf("extractLOCFieldsFromStringInput: can't unpack LOC tex input data: %w", err)
+		return fmt.Errorf("extractLOCFieldsFromStringInput: can't unpack LOC text input data: %w", err)
 	}
-	// fmt.Printf("\ngot: %d %d %g %s %d %d %g %s %dm %0.2fm %0.2fm %0.2fm \n", d1, m1, s1, ns, d2, m2, s2, ew, al, sz, hp, vp)
+	// fmt.Printf("\ngot: %d %d %g %s %d %d %g %s %0.2fm %0.2fm %0.2fm %0.2fm \n", d1, m1, s1, ns, d2, m2, s2, ew, al, sz, hp, vp)
 
 	rc.calculateLOCFields(d1, m1, s1, ns, d2, m2, s2, ew, al, sz, hp, vp)
 
@@ -98,7 +97,7 @@ func (rc *RecordConfig) extractLOCFieldsFromStringInput(input string) error {
 
 // calculateLOCFields converts from 12 user inputs to the LOC 7 binary fields
 func (rc *RecordConfig) calculateLOCFields(d1 uint8, m1 uint8, s1 float32, ns string,
-	d2 uint8, m2 uint8, s2 float32, ew string, al int32, sz float32, hp float32, vp float32) error {
+	d2 uint8, m2 uint8, s2 float32, ew string, al float32, sz float32, hp float32, vp float32) error {
 	// Crazy hairy shit happens here.
 	// We already got the useful "string" version earlier. ¯\_(ツ)_/¯ code golf...
 	const LOCEquator uint64 = 0x80000000       // 1 << 31 // RFC 1876, Section 2.
@@ -120,7 +119,10 @@ func (rc *RecordConfig) calculateLOCFields(d1 uint8, m1 uint8, s1 float32, ns st
 		rc.LocLongitude = uint32(LOCPrimeMeridian - lon)
 	}
 	// Altitude
-	rc.LocAltitude = uint32(al+LOCAltitudeBase) * 100
+	altitude := (float64(al) + float64(LOCAltitudeBase)) * 100
+	clampedAltitude := math.Min(math.Max(0, altitude), float64(math.MaxUint32))
+	rc.LocAltitude = uint32(clampedAltitude)
+
 	var err error
 	// Size
 	rc.LocSize, err = getENotationInt(sz)
@@ -167,21 +169,40 @@ func getENotationInt(x float32) (uint8, error) {
 	   1cm = 1e0 == 16 (1^4 + 0) or 0<<4 + 0
 	   0cm = 0e0 == 0
 	*/
-	// get int from cm value:
-	num := strconv.Itoa(int(x * 100))
-	// fmt.Printf("num: %s\n", num)
-	// split string on zeroes to count zeroes:
-	arr := strings.Split(num, "0")
-	// fmt.Printf("arr: %s\n", arr)
-	// get the leading digit:
-	prefix, err := strconv.Atoi(arr[0])
-	if err != nil {
-		return 0, fmt.Errorf("can't unpack LOC base/mantissa: %w", err)
-	}
-	// fmt.Printf("prefix: %d\n", prefix)
-	// fmt.Printf("lenArr-1: %d\n", len(arr)-1)
-	// construct our x^e uint8
-	value := uint8((prefix << 4) | (len(arr) - 1))
-	// fmt.Printf("m_e: %d\n", value)
-	return value, err
+	if x == 0 {
+		return 0, nil // both mantissa and exponent will be zero
+	}
+
+	// get cm value
+	num := float64(x) * 100
+
+	// Get exponent (base 10)
+	exp := int(math.Floor(math.Log10(num)))
+
+	// Normalize the mantissa
+	mantissa := num / math.Pow(10, float64(exp))
+
+	// Adjust mantissa and exponent to fit into 4-bit ranges (0-15)
+	for mantissa < 1 && exp > 0 {
+		mantissa *= 10
+		exp--
+	}
+
+	// Truncate the mantissa (integer value) and ensure it's within 4 bits
+	mantissaInt := int(math.Floor(mantissa))
+	if mantissaInt > 9 {
+		mantissaInt = 9 // Cap mantissa at 9
+	}
+
+	// Ensure exponent is within 4 bits
+	if exp < 0 {
+		exp = 0 // Cap negative exponents at 0
+	} else if exp > 9 {
+		exp = 9 // Cap exponent at 9
+	}
+
+	// Pack mantissa and exponent into a single uint8
+	packedValue := uint8((mantissaInt << 4) | (exp & 0x0F))
+
+	return packedValue, nil
 }
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 495a96c71a..3029cecb4e 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -683,10 +683,33 @@ function getENotationInt(x) {
        0cm = 0e0 == 0
     */
     size = x * 100; // get cm value
-    // get the m^e version of size
-    array = size.toExponential(0).split('e+').map(Number);
+
+    // Convert the number to scientific notation
+    var exp = Math.floor(Math.log10(size)); // Get the exponent (base 10)
+    var mantissa = size / Math.pow(10, exp); // Normalize mantissa
+
+    // Normalize the mantissa to fit into 4 bits (between 0 and 15)
+    while (mantissa < 1 && exp > 0) {
+        mantissa *= 10;
+        exp -= 1;
+    }
+
+    /* Four-bit values greater than 9 are undefined, as are values with a base
+    of zero and a non-zero exponent.
+    */
+
+    // Ensure mantissa and exponent are within 4-bit range (0-15) but no greater than 9
+    mantissa = Math.floor(mantissa); // We truncate decimals
+    if (mantissa > 9) {
+        mantissa = 9; // Cap mantissa at 9
+    }
+    if (exp < 0) {
+        exp = 0; // We cap negative exponents at 0
+    } else if (exp > 9) {
+        exp = 9; // Cap exponent at 9
+    }
     // convert it to 4bit:4bit uint8
-    m_e = (array[0] << 4) | array[1];
+    m_e = (mantissa << 4) | (exp & 0xf);
     return m_e;
 }
 
@@ -735,10 +758,30 @@ function locStringBuilder(record, args) {
     }
 
     // handle altitude, size, horizontal precision, vertical precision
-    precisionbuffer = args.alt.toString() + 'm';
-    precisionbuffer += ' ' + args.siz.toString() + 'm';
-    precisionbuffer += ' ' + args.hp.toString() + 'm';
-    precisionbuffer += ' ' + args.vp.toString() + 'm';
+    // alt -100000.00 .. 42849672.95m
+    // size, horizontal precision, vertical precision 0 .. 90000000.00m
+    precisionbuffer =
+        (args.alt < -100000
+            ? -100000
+            : args.alt > 42849672.95
+              ? 42849672.95
+              : args.alt.toString()) + 'm';
+    precisionbuffer +=
+        ' ' +
+        (args.siz > 90000000
+            ? 90000000
+            : args.siz < 0
+              ? 0
+              : args.siz.toString()) +
+        'm';
+    precisionbuffer +=
+        ' ' +
+        (args.hp > 90000000 ? 90000000 : args.hp < 0 ? 0 : args.hp.toString()) +
+        'm';
+    precisionbuffer +=
+        ' ' +
+        (args.vp > 90000000 ? 90000000 : args.vp < 0 ? 0 : args.vp.toString()) +
+        'm';
 
     record.target = nsstring + ewstring + precisionbuffer;
 
@@ -763,23 +806,23 @@ function locDMSBuilder(record, args) {
     // W
     else record.loclongitude = LOCPrimeMeridian - lon;
     // Altitude
-    record.localtitude = (args.alt + LOCAltitudeBase) * 100;
+    record.localtitude = parseInt((args.alt + LOCAltitudeBase) * 100);
+    // 'cast' altitude to fit 'uint32'
+    record.localtitude =
+        record.localtitude > 4294967295
+            ? 4294967295
+            : record.localtitude < 0
+              ? 0
+              : record.localtitude;
     // Size
     record.locsize = getENotationInt(args.siz);
     // Horizontal Precision
     m_e = args.hp;
     record.lochorizpre = getENotationInt(args.hp);
-    // if (m_e != 0) {
-    // } else {
-    //     record.lochorizpre = 22; // 10,000m default
-    // }
+
     // Vertical Precision
     m_e = args.vp;
     record.locvertpre = getENotationInt(args.vp);
-    // if (m_e != 0) {
-    // } else {
-    //     record.lochorizpre = 19; // 10m default
-    // }
 }
 
 // LOC(name,d1,m1,s1,ns,d2,m2,s2,ew,alt,siz,hp,vp, recordModifiers...)
@@ -800,11 +843,69 @@ var LOC = recordBuilder('LOC', {
         ['vp', _.isNumber], // vertical precision
     ],
     transform: function (record, args, modifiers) {
+        validateIntegers(args);
+
         record = locStringBuilder(record, args);
         record = locDMSBuilder(record, args);
     },
 });
 
+// Post-validation function for LOC that checks if degrees and minutes are integers
+function validateIntegers(args) {
+    if (args.d1 % 1 !== 0) {
+        throw (
+            "Degrees N/S shall be an integer: record '" +
+            args.name +
+            "': *" +
+            args.d1 +
+            '*, ' +
+            args.m1 +
+            ', ' +
+            args.s1 +
+            ', ...'
+        );
+    }
+    if (args.m1 % 1 !== 0) {
+        throw (
+            "Minutes N/S shall be an integer: record '" +
+            args.name +
+            "': " +
+            args.d1 +
+            ', *' +
+            args.m1 +
+            '*, ' +
+            args.s1 +
+            ', ...'
+        );
+    }
+    if (args.d2 % 1 !== 0) {
+        throw (
+            "Degrees E/W shall be an integer: record '" +
+            args.name +
+            "': *" +
+            args.d2 +
+            '*, ' +
+            args.m2 +
+            ', ' +
+            args.s2 +
+            ', ...'
+        );
+    }
+    if (args.m2 % 1 !== 0) {
+        throw (
+            "Minutes E/W shall be an integer: record '" +
+            args.name +
+            "': " +
+            args.d2 +
+            ', *' +
+            args.m2 +
+            '*, ' +
+            args.s2 +
+            ', ...'
+        );
+    }
+}
+
 function ConvertDDToDMS(D, longitude) {
     //stackoverflow, baby. do not re-order the rows.
     return {
diff --git a/pkg/js/parse_tests/045-loc.js b/pkg/js/parse_tests/045-loc.js
index 65103dce0a..579ef1416f 100644
--- a/pkg/js/parse_tests/045-loc.js
+++ b/pkg/js/parse_tests/045-loc.js
@@ -1,10 +1,23 @@
 D("foo.com","none"
   // LOC "subdomain", d1, m1, s1, "[NnSs]", d2, m2, s2, "[EeWw]", alt, siz, hp, vp)
   , LOC("@", 42, 21, 54,     "N", 71,  6, 18,     "W", -24,   30,    0,  0) //42 21 54     N  71 06  18     W -24m 30m
-  , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24,    1,  200, 10) //42 21 43.952 N  71 5   6.344  W -24m 1m 200m
-  , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10,    0,    0,  0) //52 14 05     N  00 08  50     E 10m
+  , LOC("a", 42, 21, 43.952, "N", 71,  5,  6.344, "W", -24.01,    1,  200, 10) //42 21 43.952 N  71 5   6.344  W -24.01m 1m 200m
+  , LOC("b", 52, 14,  5,     "N",  0,  8, 50,     "E",  10.33,    0,    0,  0) //52 14 05     N  00 08  50     E 10.33m
   , LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0) //32  7 19     S 116  2  25     E 10m
   , LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0) //42 21 28.764 N  71 00  51.617 W -44m 2000m
+  , LOC("d-alt-highest", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 42849672.95, 2000,    0,  0) //42 21 28.764 N  71 00  51.617 W 42849672.95m 2000m
+  , LOC("d-alt-lowest", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -100000.00, 2000,    0,  0) //42 21 28.764 N  71 00  51.617 W -100000.00m 2000m
+  , LOC("d-alt-toohigh", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 42849672.96, 2000,    0,  0) //42 21 28.764 N  71 00  51.617 W 42849672.95m 2000m
+  , LOC("d-alt-toolow", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -100000.01, 2000,    0,  0) //42 21 28.764 N  71 00  51.617 W -100000m 2000m
+  , LOC("d-horizprecision-hi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    90000000,  0) //42 21 28.764 N 71 00 51.617 W 0m 1m 90000000m 0.00m
+  , LOC("d-horizprecision-toohi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    98765432,  0) //42 21 28.764 N 71 00 51.617 W 0m 1m 90000000m 0.00m
+  , LOC("d-horizprecision-toolow", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    -1,  0) //42 21 28.764 N 71 00 51.617 W 0m 1m 0m 0.00m
+  , LOC("d-size-toohi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 98765432,    0,  0) //42 21 28.764 N  71 00  51.617 W -44m 2000m
+  , LOC("d-size-toolow", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, -1,    0,  0) //42 21 28.764 N  71 00  51.617 W -44m 0m
+  , LOC("d-size-hi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 90000000,    0,  0) //42 21 28.764 N  71 00  51.617 W -44m 90000000m
+  , LOC("d-vertprecision-hi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    0,  90000000) //42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 90000000m
+  , LOC("d-vertprecision-toohi", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    0,  98765432) //42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 90000000m
+  , LOC("d-vertprecision-toolow", 42, 21, 28.764, "N", 71,  0, 51.617, "W", 0, 1,    0,  -1) //42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 0m
 
   // via the Decimal degrees to LOC builder.
   , LOC_BUILDER_DD({
diff --git a/pkg/js/parse_tests/045-loc.json b/pkg/js/parse_tests/045-loc.json
index 68db2435de..70f1519bf5 100644
--- a/pkg/js/parse_tests/045-loc.json
+++ b/pkg/js/parse_tests/045-loc.json
@@ -25,16 +25,16 @@
           "locvertpre": 19,
           "loclatitude": 2299987600,
           "loclongitude": 1891577304,
-          "localtitude": 9997600,
-          "target": "42 21 43.952 N 71 5 6.344 W -24m 1m 200m 10m"
+          "localtitude": 9997599,
+          "target": "42 21 43.952 N 71 5 6.344 W -24.01m 1m 200m 10m"
         },
         {
           "type": "LOC",
           "name": "b",
           "loclatitude": 2335528648,
           "loclongitude": 2148013648,
-          "localtitude": 10001000,
-          "target": "52 14 5 N 0 8 50 E 10m 0m 0m 0m"
+          "localtitude": 10001033,
+          "target": "52 14 5 N 0 8 50 E 10.33m 0m 0m 0m"
         },
         {
           "type": "LOC",
@@ -53,6 +53,124 @@
           "localtitude": 9995600,
           "target": "42 21 28.764 N 71 0 51.617 W -44m 2000m 0m 0m"
         },
+        {
+          "type": "LOC",
+          "name": "d-alt-highest",
+          "locsize": 37,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 4294967295,
+          "target": "42 21 28.764 N 71 0 51.617 W 42849672.95m 2000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-alt-lowest",
+          "locsize": 37,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "target": "42 21 28.764 N 71 0 51.617 W -100000m 2000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-alt-toohigh",
+          "locsize": 37,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 4294967295,
+          "target": "42 21 28.764 N 71 0 51.617 W 42849672.95m 2000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-alt-toolow",
+          "locsize": 37,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "target": "42 21 28.764 N 71 0 51.617 W -100000m 2000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-horizprecision-hi",
+          "locsize": 18,
+          "lochorizpre": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 90000000m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-horizprecision-toohi",
+          "locsize": 18,
+          "lochorizpre": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 90000000m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-horizprecision-toolow",
+          "locsize": 18,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-size-toohi",
+          "locsize": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 90000000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-size-toolow",
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 0m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-size-hi",
+          "locsize": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 90000000m 0m 0m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-vertprecision-hi",
+          "locsize": 18,
+          "locvertpre": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 0m 90000000m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-vertprecision-toohi",
+          "locsize": 18,
+          "locvertpre": 153,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 0m 90000000m"
+        },
+        {
+          "type": "LOC",
+          "name": "d-vertprecision-toolow",
+          "locsize": 18,
+          "loclatitude": 2299972412,
+          "loclongitude": 1891832031,
+          "localtitude": 10000000,
+          "target": "42 21 28.764 N 71 0 51.617 W 0m 1m 0m 0m"
+        },
         {
           "type": "LOC",
           "name": "big-ben",
diff --git a/pkg/js/parse_tests/045-loc/foo.com.zone b/pkg/js/parse_tests/045-loc/foo.com.zone
index 1e0c3ac97d..1000171ba4 100644
--- a/pkg/js/parse_tests/045-loc/foo.com.zone
+++ b/pkg/js/parse_tests/045-loc/foo.com.zone
@@ -1,10 +1,23 @@
 $TTL 300
 @                IN LOC   42 21 54.000 N 71 06 18.000 W -24m 30m 0.00m 0.00m
-a                IN LOC   42 21 43.952 N 71 05 6.344 W -24m 1m 200m 10m
-b                IN LOC   52 14 5.000 N 00 08 50.000 E 10m 0.00m 0.00m 0.00m
+a                IN LOC   42 21 43.952 N 71 05 6.344 W -24.01m 1m 200m 10m
+b                IN LOC   52 14 5.000 N 00 08 50.000 E 10.33m 0.00m 0.00m 0.00m
 big-ben          IN LOC   51 30 3.033 N 00 07 28.651 W 6m 0.00m 0.00m 0.00m
 c                IN LOC   32 07 19.000 S 116 02 25.000 E 10m 0.00m 0.00m 0.00m
 d                IN LOC   42 21 28.764 N 71 00 51.617 W -44m 2000m 0.00m 0.00m
+d-alt-highest    IN LOC   42 21 28.764 N 71 00 51.617 W 42849672.95m 2000m 0.00m 0.00m
+d-alt-lowest     IN LOC   42 21 28.764 N 71 00 51.617 W -100000m 2000m 0.00m 0.00m
+d-alt-toohigh    IN LOC   42 21 28.764 N 71 00 51.617 W 42849672.95m 2000m 0.00m 0.00m
+d-alt-toolow     IN LOC   42 21 28.764 N 71 00 51.617 W -100000m 2000m 0.00m 0.00m
+d-horizprecision-hi IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 90000000m 0.00m
+d-horizprecision-toohi IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 90000000m 0.00m
+d-horizprecision-toolow IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 0.00m
+d-size-hi        IN LOC   42 21 28.764 N 71 00 51.617 W 0m 90000000m 0.00m 0.00m
+d-size-toohi     IN LOC   42 21 28.764 N 71 00 51.617 W 0m 90000000m 0.00m 0.00m
+d-size-toolow    IN LOC   42 21 28.764 N 71 00 51.617 W 0m 0.00m 0.00m 0.00m
+d-vertprecision-hi IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 90000000m
+d-vertprecision-toohi IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 90000000m
+d-vertprecision-toolow IN LOC 42 21 28.764 N 71 00 51.617 W 0m 1m 0.00m 0.00m
 fraser-island    IN LOC   25 14 24.000 S 153 09 0.000 E 3m 0.00m 0.00m 0.00m
 guinness-brewery IN LOC   53 20 40.000 N 06 17 20.000 W 300m 0.00m 0.00m 0.00m
 hawaii           IN LOC   21 30 0.000 N 158 00 0.000 W 920m 0.00m 0.00m 0.00m

From aca618a90bbbd3c67a7017b438137eb5d775c37a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 4 Oct 2024 14:34:26 -0400
Subject: [PATCH 358/438] CHORE: update deps (#3141)

---
 go.mod | 36 +++++++++++++-------------
 go.sum | 80 +++++++++++++++++++++++++++++-----------------------------
 2 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/go.mod b/go.mod
index e4bca2b558..2e2ca5a476 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require google.golang.org/protobuf v1.34.2 // indirect
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0
+	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/DisposaBoy/JsonConfigReader v0.0.0-20201129172854-99cf318d67e7
 	github.com/PuerkitoBio/goquery v1.10.0
@@ -17,15 +17,15 @@ require (
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
 	github.com/aws/aws-sdk-go-v2 v1.31.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.37
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.35
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1
+	github.com/aws/aws-sdk-go-v2/config v1.27.40
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.38
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.104.0
-	github.com/digitalocean/godo v1.125.0
+	github.com/cloudflare/cloudflare-go v0.106.0
+	github.com/digitalocean/godo v1.126.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
 	github.com/exoscale/egoscale v0.90.2
@@ -50,10 +50,10 @@ require (
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.4
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.27.0 // indirect
-	golang.org/x/net v0.29.0
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0
 	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.198.0
+	google.golang.org/api v0.199.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.1
 )
 
@@ -71,14 +71,14 @@ require (
 	github.com/oracle/oci-go-sdk/v65 v65.73.0
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
-	golang.org/x/text v0.18.0
+	golang.org/x/text v0.19.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.9.4 // indirect
+	cloud.google.com/go/auth v0.9.5 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
-	cloud.google.com/go/compute/metadata v0.5.1 // indirect
+	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
@@ -89,9 +89,9 @@ require (
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.23.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.31.4 // indirect
 	github.com/aws/smithy-go v1.21.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
@@ -156,12 +156,12 @@ require (
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/time v0.6.0 // indirect
 	golang.org/x/tools v0.25.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/grpc v1.66.2 // indirect
+	google.golang.org/grpc v1.67.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index e05c43fd7a..1812371fbe 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,10 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI=
-cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA=
+cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw=
+cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM=
 cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
 cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
-cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs=
-cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
+cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
@@ -13,12 +13,12 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xP
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0 h1:9Eih8XcEeQnFD0ntMlUDleKMzfeCeUfa+VbnDCI4AZs=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.2.0/go.mod h1:wGPyTi+aURdqPAGMZDQqnNs9IrShADF8w2WZb6bKeq0=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU=
-github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1/go.mod h1:c/wcGeGx5FUPbM/JltUYHZcKmigwyVLJlDq+4HdtXaw=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0 h1:yzrctSl9GMIQ5lHu7jc8olOsGjWDCsBpJhWqfGa/YIM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0/go.mod h1:GE4m0rnnfwLGX0Y9A9A25Zx5N/90jneT5ABevqzhuFQ=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
@@ -43,10 +43,10 @@ github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
 github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
-github.com/aws/aws-sdk-go-v2/config v1.27.37 h1:xaoIwzHVuRWRHFI0jhgEdEGc8xE1l91KaeRDsWEIncU=
-github.com/aws/aws-sdk-go-v2/config v1.27.37/go.mod h1:S2e3ax9/8KnMSyRVNd3sWTKs+1clJ2f1U6nE0lpvQRg=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.35 h1:7QknrZhYySEB1lEXJxGAmuD5sWwys5ZXNr4m5oEz0IE=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.35/go.mod h1:8Vy4kk7at4aPSmibr7K+nLTzG6qUQAUO4tW49fzUV4E=
+github.com/aws/aws-sdk-go-v2/config v1.27.40 h1:sie4mPBGFOO+Z27+yHzvyN31G20h/bf2xb5mCbpLv2Q=
+github.com/aws/aws-sdk-go-v2/config v1.27.40/go.mod h1:4KW7Aa5tNo+0VHnuLnnE1vPHtwMurlNZNS65IdcewHA=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.38 h1:iM90eRhCeZtlkzCNCG1JysOzJXGYf5rx80aD1lUgNDU=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.38/go.mod h1:TCVYPZeQuLaYNEkf/TVn6k5k/zdVZZ7xH9po548VNNg=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
@@ -59,16 +59,16 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGf
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1 h1:ABCgel4gEOxTkhYlQ7E7tN3LFjQHGNNBSnprqC4KDGY=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.44.1/go.mod h1:l2ABSKg3AibEJeR/l60cfeGU54UqF3VTgd51pq+vYhU=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1 h1:8vcPjkdKCefo12hkyE817Tl5R1MrtF0LORiWa2CMEa8=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.1/go.mod h1:uFNgoaUIINLeJmEQmq4WqDvg4iVUPgpGyHGvuJKESxM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.1 h1:2jrVsMHqdLD1+PA4BA6Nh1eZp0Gsy3mFSB5MxDvcJtU=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.1/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1 h1:0L7yGCg3Hb3YQqnSgBTZM5wepougtL1aEccdcdYhHME=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.1/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.1 h1:8K0UNOkZiK9Uh3HIF6Bx0rcNCftqGCeKmOaR7Gp5BSo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.1/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4 h1:WAoAaFKosxHHDrSagXcowPTU+BWQGXFPENVko8KWyh0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4/go.mod h1:l2ABSKg3AibEJeR/l60cfeGU54UqF3VTgd51pq+vYhU=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4 h1:fVpRIfHwVxlkOTkcn0llBr7OKBJZS5+5167F18cQUAg=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4/go.mod h1:uFNgoaUIINLeJmEQmq4WqDvg4iVUPgpGyHGvuJKESxM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.4 h1:ck/Y8XWNR1gHa4BFkwE3oSu7XDJGwl+8TI7E/RB2EcQ=
+github.com/aws/aws-sdk-go-v2/service/sso v1.23.4/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4 h1:4f2/JKYZHAZbQ7koBpZ012bKi32NHPY0m7TDuJgsbug=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.4 h1:uK6dUUdJtqutK1XO/tmNaQMJiPLCJY/eAeOOmqQ6ygY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.31.4/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
 github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
 github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -89,8 +89,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.104.0 h1:R/lB0dZupaZbOgibAH/BRrkFbZ6Acn/WsKg2iX2xXuY=
-github.com/cloudflare/cloudflare-go v0.104.0/go.mod h1:pfUQ4PIG4ISI0/Mmc21Bp86UnFU0ktmPf3iTgbSL+cM=
+github.com/cloudflare/cloudflare-go v0.106.0 h1:q41gC5Wc1nfi0D1ZhSHokWcd9mGMbqC7RE7qiP+qE00=
+github.com/cloudflare/cloudflare-go v0.106.0/go.mod h1:pfUQ4PIG4ISI0/Mmc21Bp86UnFU0ktmPf3iTgbSL+cM=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
 github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -103,8 +103,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
-github.com/digitalocean/godo v1.125.0 h1:wGPBQRX9Wjo0qCF0o8d25mT3A84Iw8rfHnZOPyvHcMQ=
-github.com/digitalocean/godo v1.125.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.126.0 h1:+Znh7VMQj/E8ArbjWnc7OKGjWfzC+I8OCSRp7r1MdD8=
+github.com/digitalocean/godo v1.126.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
@@ -453,8 +453,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
 golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
@@ -485,8 +485,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo=
-golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0=
+golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
 golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -526,8 +526,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -546,8 +546,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
@@ -569,8 +569,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks=
-google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc=
+google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs=
+google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -586,8 +586,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo=
-google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y=
+google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
+google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

From c6e956aa430f86dd32a50872aa0d5b5e1803273f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 4 Oct 2024 15:45:10 -0400
Subject: [PATCH 359/438] Revert "FEATURE: parallel preview/push is now default
 (#3132)" (#3144)

---
 commands/ppreviewPush.go | 10 ++++------
 commands/previewPush.go  |  4 ++--
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 08d7a557f7..68e846b4eb 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -31,9 +31,8 @@ type zoneCache struct {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPreviewArgs
 	return &cli.Command{
-		Name:    "preview",
-		Aliases: []string{"ppreview"},
-		Usage:   "read live configuration and identify changes to be made, without applying them",
+		Name:  "ppreview",
+		Usage: "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
 			return exit(PPreview(args))
 		},
@@ -123,9 +122,8 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPushArgs
 	return &cli.Command{
-		Name:    "push",
-		Aliases: []string{"ppush"},
-		Usage:   "identify changes to be made, and perform them",
+		Name:  "ppush",
+		Usage: "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
 			return exit(PPush(args))
 		},
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 38038a37ea..8220f5bee0 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -26,7 +26,7 @@ import (
 var _ = cmd(catMain, func() *cli.Command {
 	var args PreviewArgs
 	return &cli.Command{
-		Name:  "oldpreview",
+		Name:  "preview",
 		Usage: "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
 			return exit(Preview(args))
@@ -98,7 +98,7 @@ func (args *PreviewArgs) flags() []cli.Flag {
 var _ = cmd(catMain, func() *cli.Command {
 	var args PushArgs
 	return &cli.Command{
-		Name:  "oldpush",
+		Name:  "push",
 		Usage: "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
 			return exit(Push(args))

From d7f4d0e3e17dd80ac1ea6134648fd58cfa6548fc Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Sat, 5 Oct 2024 12:31:44 +0000
Subject: [PATCH 360/438] CLOUDNS: add support for LOC records (#3127)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           |  2 +-
 providers/cloudns/api.go             | 12 +++++++++++
 providers/cloudns/cloudnsProvider.go | 31 +++++++++++++++++++++++++++-
 3 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index c2700b20cc..6c37a88170 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -22,7 +22,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
diff --git a/providers/cloudns/api.go b/providers/cloudns/api.go
index cbaa6556a8..b189f060c2 100644
--- a/providers/cloudns/api.go
+++ b/providers/cloudns/api.go
@@ -67,6 +67,18 @@ type domainRecord struct {
 	DsAlgorithm      string `json:"dsalgorithm,omitempty"`
 	DsDigestType     string `json:"digest_type,omitempty"`
 	DsDigest         string `json:"dsdigest,omitempty"`
+	LocLatDeg        string `json:"lat_deg,omitempty"`
+	LocLatMin        string `json:"lat_min,omitempty"`
+	LocLatSec        string `json:"lat_sec,omitempty"`
+	LocLatDir        string `json:"lat_dir,omitempty"`
+	LocLongDeg       string `json:"long_deg,omitempty"`
+	LocLongMin       string `json:"long_min,omitempty"`
+	LocLongSec       string `json:"long_sec,omitempty"`
+	LocLongDir       string `json:"long_dir,omitempty"`
+	LocAltitude      string `json:"altitude,omitempty"`
+	LocSize          string `json:"size,omitempty"`
+	LocHPrecision    string `json:"h_precision,omitempty"`
+	LocVPrecision    string `json:"v_precision,omitempty"`
 }
 
 type recordResponse map[string]domainRecord
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index b5fab1f7fd..6bbb07992c 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -47,7 +47,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDNAME:            providers.Can(),
 	providers.CanUseDSForChildren:    providers.Can(),
-	providers.CanUseLOC:              providers.Cannot(),
+	providers.CanUseLOC:              providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),
 	providers.CanUseSSHFP:            providers.Can(),
@@ -340,6 +340,12 @@ func toRc(domain string, r *domainRecord) *models.RecordConfig {
 	case "CLOUD_WR":
 		rc.Type = "WR"
 		rc.SetTarget(r.Target)
+	case "LOC":
+		loc := fmt.Sprintf("%s %s %s %s %s %s %s %s %s %s %s %s",
+			r.LocLatDeg, r.LocLatMin, r.LocLatSec, r.LocLatDir,
+			r.LocLongDeg, r.LocLongMin, r.LocLongSec, r.LocLongDir,
+			r.LocAltitude, r.LocSize, r.LocHPrecision, r.LocVPrecision)
+		rc.SetTargetLOCString(r.Target, loc)
 	default:
 		rc.SetTarget(r.Target)
 	}
@@ -347,6 +353,15 @@ func toRc(domain string, r *domainRecord) *models.RecordConfig {
 	return rc
 }
 
+func formatLocParam(param string) string {
+	param = strings.Split(param, "m")[0]
+	// API misbehaves with a parameter of "0.00" and treats it as the default, so convert to "0" for this case only
+	if param == "0.00" {
+		param = "0"
+	}
+	return param
+}
+
 // toReq takes a RecordConfig and turns it into the native format used by the API.
 func toReq(rc *models.RecordConfig) (requestParams, error) {
 	req := requestParams{
@@ -388,6 +403,20 @@ func toReq(rc *models.RecordConfig) (requestParams, error) {
 		req["algorithm"] = strconv.Itoa(int(rc.DsAlgorithm))
 		req["digest-type"] = strconv.Itoa(int(rc.DsDigestType))
 		req["record"] = rc.DsDigest
+	case "LOC":
+		parts := strings.Fields(rc.GetTargetCombined())
+		req["lat-deg"] = parts[0]
+		req["lat-min"] = parts[1]
+		req["lat-sec"] = parts[2]
+		req["lat-dir"] = parts[3]
+		req["long-deg"] = parts[4]
+		req["long-min"] = parts[5]
+		req["long-sec"] = parts[6]
+		req["long-dir"] = parts[7]
+		req["altitude"] = formatLocParam(parts[8])
+		req["size"] = formatLocParam(parts[9])
+		req["h-precision"] = formatLocParam(parts[10])
+		req["v-precision"] = formatLocParam(parts[11])
 	default:
 		return nil, fmt.Errorf("ClouDNS.toReq rtype %q unimplemented", rc.Type)
 	}

From bf2b6cb56e319d2274811edcb907e77d736c1f8b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 13:53:10 -0400
Subject: [PATCH 361/438] Build(deps): Bump actions/cache from 4.0.1 to 4.1.0
 (#3147)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 5b73d63a30..b72fd5ef72 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v4.0.1
+      uses: actions/cache@v4.1.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -196,7 +196,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v4.0.1
+      uses: actions/cache@v4.1.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From 94e6b48335310873ca6c3f822a18f7b9c32cbb8a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 7 Oct 2024 13:53:31 -0400
Subject: [PATCH 362/438] Build(deps): Bump actions/upload-artifact from 4.4.0
 to 4.4.1 (#3146)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index b72fd5ef72..b0f6387027 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.4.0
+    - uses: actions/upload-artifact@v4.4.1
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -210,7 +210,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.4.0
+    - uses: actions/upload-artifact@v4.4.1
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From ee610bfc08aabde80ac7e7f83a8c1d0096c5d2c7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 9 Oct 2024 09:46:59 -0400
Subject: [PATCH 363/438] Build(deps): Bump
 github.com/huaweicloud/huaweicloud-sdk-go-v3 from 0.1.115 to 0.1.116 (#3140)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2e2ca5a476..e168ab86fb 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 1812371fbe..05e64083fa 100644
--- a/go.sum
+++ b/go.sum
@@ -246,8 +246,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115 h1:0i/6REsHzn1KCW7hF0H1XxXibzmY9CuGUkOX71yRNwY=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.115/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116 h1:2xdw38EHrdkciWjRdwd75p6a+cXe4PxWSgHMNYMbQnI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=

From bbc68921010c542a6859cbf22f4c30221aa29dd2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 10 Oct 2024 09:55:37 -0400
Subject: [PATCH 364/438] FEATURE: enable --report for preview (not just push)
 (#3149)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 commands/ppreviewPush.go      | 14 +++++++-------
 commands/previewPush.go       | 14 +++++++-------
 documentation/json-reports.md | 17 ++++++++++++++---
 documentation/preview-push.md |  8 ++++----
 4 files changed, 32 insertions(+), 21 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 68e846b4eb..a1ea2da393 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -50,6 +50,7 @@ type PPreviewArgs struct {
 	ConcurMode  string
 	NoPopulate  bool
 	DePopulate  bool
+	Report      string
 	Full        bool
 }
 
@@ -116,6 +117,11 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 		Destination: &bindserial.ForcedValue,
 		Usage:       `Force BIND serial numbers to this value (for reproducibility)`,
 	})
+	flags = append(flags, &cli.StringFlag{
+		Name:        "report",
+		Destination: &args.Report,
+		Usage:       `Generate a machine-parseable report of corrections.`,
+	})
 	return flags
 }
 
@@ -135,7 +141,6 @@ var _ = cmd(catMain, func() *cli.Command {
 type PPushArgs struct {
 	PPreviewArgs
 	Interactive bool
-	Report      string
 }
 
 func (args *PPushArgs) flags() []cli.Flag {
@@ -145,17 +150,12 @@ func (args *PPushArgs) flags() []cli.Flag {
 		Destination: &args.Interactive,
 		Usage:       "Interactive. Confirm or Exclude each correction before they run",
 	})
-	flags = append(flags, &cli.StringFlag{
-		Name:        "report",
-		Destination: &args.Report,
-		Usage:       `Generate a machine-parseable report of performed corrections.`,
-	})
 	return flags
 }
 
 // PPreview implements the preview subcommand.
 func PPreview(args PPreviewArgs) error {
-	return prun(args, false, false, printer.DefaultPrinter, "")
+	return prun(args, false, false, printer.DefaultPrinter, args.Report)
 }
 
 // PPush implements the push subcommand.
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 8220f5bee0..847d96b4b6 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -44,6 +44,7 @@ type PreviewArgs struct {
 	WarnChanges bool
 	NoPopulate  bool
 	Full        bool
+	Report      string
 }
 
 // ReportItem is a record of corrections for a particular domain/provider/registrar.
@@ -92,6 +93,11 @@ func (args *PreviewArgs) flags() []cli.Flag {
 		Destination: &bindserial.ForcedValue,
 		Usage:       `Force BIND serial numbers to this value (for reproducibility)`,
 	})
+	flags = append(flags, &cli.StringFlag{
+		Name:        "report",
+		Destination: &args.Report,
+		Usage:       `Generate a machine-parseable report of corrections counts.`,
+	})
 	return flags
 }
 
@@ -111,7 +117,6 @@ var _ = cmd(catMain, func() *cli.Command {
 type PushArgs struct {
 	PreviewArgs
 	Interactive bool
-	Report      string
 }
 
 func (args *PushArgs) flags() []cli.Flag {
@@ -121,17 +126,12 @@ func (args *PushArgs) flags() []cli.Flag {
 		Destination: &args.Interactive,
 		Usage:       "Interactive. Confirm or Exclude each correction before they run",
 	})
-	flags = append(flags, &cli.StringFlag{
-		Name:        "report",
-		Destination: &args.Report,
-		Usage:       `Generate a machine-parseable report of performed corrections.`,
-	})
 	return flags
 }
 
 // Preview implements the preview subcommand.
 func Preview(args PreviewArgs) error {
-	return run(args, false, false, printer.DefaultPrinter, nil)
+	return run(args, false, false, printer.DefaultPrinter, &args.Report)
 }
 
 // Push implements the push subcommand.
diff --git a/documentation/json-reports.md b/documentation/json-reports.md
index e6efa79288..64224606ac 100644
--- a/documentation/json-reports.md
+++ b/documentation/json-reports.md
@@ -1,10 +1,21 @@
 # JSON Reports
 
-DNSControl has build in functionality to generate a machine-parseable report after pushing changes. This report is JSON formated and contains the zonename, the provider or registrar name and the amount of performed changes.
+DNSControl can generate a machine-parseable report of changes.
 
-## Usage
+The report is JSON formated and contains the zonename, the provider or
+registrar name, and the number of changes.
 
-To enable the report option you must use the `push` operation in combination with the `--report <filename>` option. This generates the json file.
+To generate the report, add the `--report <filename>` option to a preview or
+push command (this includes `preview`, `ppreview`, `push`,
+`ppush`).
+
+
+The report lists the changes that would be (preview) or are (push) attempted,
+whether they are successful or not.
+
+If a fatal error happens during the run, no report is generated.
+
+## Sample output
 
 {% code title="report.json" %}
 ```json
diff --git a/documentation/preview-push.md b/documentation/preview-push.md
index 84968a0fd4..8c0f61c0a8 100644
--- a/documentation/preview-push.md
+++ b/documentation/preview-push.md
@@ -26,7 +26,7 @@ OPTIONS:
    --no-populate                                              Use this flag to not auto-create non-existing zones at the provider (default: false)
    --full                                                     Add headings, providers names, notifications of no changes, etc (default: false)
    --bindserial value                                         Force BIND serial numbers to this value (for reproducibility) (default: 0)
-   --report value                                             (push) Generate a JSON-formatted report of the number of changes made.
+   --report value                                             Generate a JSON-formatted report of the number of changes.
    --help, -h                                                 show help
 ```
 
@@ -92,9 +92,9 @@ OPTIONS:
     generally used for reproducibility in testing pipelines.
 
 * `--report name`
-  * (`push` only!)  Generate a machine-parseable report of
-    performed corrections in the file named `name`. If no name is specified, no
-    report is generated.
+  * Write a machine-parseable report of
+    corrections to the file named `name`. If no name is specified, no
+    report is generated. See [JSON Reports](json-reports.md)
 
 ## ppreview/ppush
 

From 795dbea3b8ee1e6ec16611db2375381dec6aea66 Mon Sep 17 00:00:00 2001
From: Nick Gregory <computerfreak97@gmail.com>
Date: Thu, 10 Oct 2024 09:55:52 -0400
Subject: [PATCH 365/438] ORACLE: fix nameserver trailing dot error (#3151)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod                             | 2 +-
 go.sum                             | 4 ++--
 providers/oracle/oracleProvider.go | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index e168ab86fb..b9eb72796a 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.73.0
+	github.com/oracle/oci-go-sdk/v65 v65.75.1
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
 	golang.org/x/text v0.19.0
diff --git a/go.sum b/go.sum
index 05e64083fa..9517def937 100644
--- a/go.sum
+++ b/go.sum
@@ -331,8 +331,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg=
-github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw=
+github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
 github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 58a3a3c55a..7f86b142ac 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -155,7 +155,7 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 		nss[i] = *ns.Hostname
 	}
 
-	return models.ToNameserversStripTD(nss)
+	return models.ToNameservers(nss)
 }
 
 func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (models.Records, error) {

From b29c65af2d97ff6a3c98a15c2b2493cdc768e379 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 10 Oct 2024 10:13:05 -0400
Subject: [PATCH 366/438] Build(deps): Bump github.com/oracle/oci-go-sdk/v65
 from 65.75.1 to 65.75.2 (#3152)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b9eb72796a..d4c1b2ae85 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.75.1
+	github.com/oracle/oci-go-sdk/v65 v65.75.2
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
 	golang.org/x/text v0.19.0
diff --git a/go.sum b/go.sum
index 9517def937..40dcad1be7 100644
--- a/go.sum
+++ b/go.sum
@@ -331,8 +331,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw=
-github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.75.2 h1:Qw3Eotrq7SJ5LquOc//Iq6xzcBJSi8AD3cXps9IBN7g=
+github.com/oracle/oci-go-sdk/v65 v65.75.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
 github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=

From 864325e293c6a524e5ecf78ed80c6733df1d6754 Mon Sep 17 00:00:00 2001
From: Jack Platten <jack@platten.me>
Date: Sat, 12 Oct 2024 06:20:26 -0700
Subject: [PATCH 367/438] PORKBUN: Update porkbun API endpoint per
 documentation / email (#3153)

---
 providers/porkbun/api.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index 23f0f3fb4d..d94c248d1d 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -14,7 +14,7 @@ import (
 )
 
 const (
-	baseURL = "https://porkbun.com/api/json/v3"
+	baseURL = "https://api.porkbun.com/api/json/v3"
 )
 
 type porkbunProvider struct {

From 967b37dbc37b31a645bbc1a28a1490fbbcb16188 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 07:57:25 -0400
Subject: [PATCH 368/438] Build(deps): Bump actions/cache from 4.1.0 to 4.1.1
 (#3157)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index b0f6387027..fc74b28e6f 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v4.1.0
+      uses: actions/cache@v4.1.1
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -196,7 +196,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v4.1.0
+      uses: actions/cache@v4.1.1
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From db91c71d107491b8ffcfcb4253b94509ce00dbd8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 15 Oct 2024 07:57:41 -0400
Subject: [PATCH 369/438] Build(deps): Bump actions/upload-artifact from 4.4.1
 to 4.4.3 (#3156)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index fc74b28e6f..308a03aa70 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -40,7 +40,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
     - name: Enforce Go Formatted Code
       run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.4.1
+    - uses: actions/upload-artifact@v4.4.3
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
@@ -210,7 +210,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.4.1
+    - uses: actions/upload-artifact@v4.4.3
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From 57f15c15cb0594f4be1bf4b27e2b38a913112e68 Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Tue, 15 Oct 2024 21:33:51 +0800
Subject: [PATCH 370/438] PORKBUN: fix staticcheck warnings (#3159)

---
 providers/porkbun/api.go             | 18 +++++++-----------
 providers/porkbun/porkbunProvider.go |  8 ++++----
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index d94c248d1d..a90a275231 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -152,14 +152,14 @@ func (c *porkbunProvider) getRecords(domain string) ([]domainRecord, error) {
 	return records, nil
 }
 
-func (c *porkbunProvider) createUrlForwardingRecord(domain string, rec requestParams) error {
+func (c *porkbunProvider) createURLForwardingRecord(domain string, rec requestParams) error {
 	if _, err := c.post("/domain/addUrlForward/"+domain, rec); err != nil {
 		return fmt.Errorf("failed create url forwarding record (porkbun): %w", err)
 	}
 	return nil
 }
 
-func (c *porkbunProvider) deleteUrlForwardingRecord(domain string, recordID string) error {
+func (c *porkbunProvider) deleteURLForwardingRecord(domain string, recordID string) error {
 	params := requestParams{}
 	if _, err := c.post(fmt.Sprintf("/domain/deleteUrlForward/%s/%s", domain, recordID), params); err != nil {
 		return fmt.Errorf("failed delete url forwarding record (porkbun): %w", err)
@@ -167,17 +167,17 @@ func (c *porkbunProvider) deleteUrlForwardingRecord(domain string, recordID stri
 	return nil
 }
 
-func (c *porkbunProvider) modifyUrlForwardingRecord(domain string, recordID string, rec requestParams) error {
-	if err := c.deleteUrlForwardingRecord(domain, recordID); err != nil {
+func (c *porkbunProvider) modifyURLForwardingRecord(domain string, recordID string, rec requestParams) error {
+	if err := c.deleteURLForwardingRecord(domain, recordID); err != nil {
 		return err
 	}
-	if err := c.createUrlForwardingRecord(domain, rec); err != nil {
+	if err := c.createURLForwardingRecord(domain, rec); err != nil {
 		return err
 	}
 	return nil
 }
 
-func (c *porkbunProvider) getUrlForwardingRecords(domain string) ([]domainRecord, error) {
+func (c *porkbunProvider) getURLForwardingRecords(domain string) ([]domainRecord, error) {
 	params := requestParams{}
 	var bodyString, err = c.post("/domain/getUrlForwarding/"+domain, params)
 	if err != nil {
@@ -190,11 +190,7 @@ func (c *porkbunProvider) getUrlForwardingRecords(domain string) ([]domainRecord
 		return nil, fmt.Errorf("failed parsing url forwarding record list from porkbun: %w", err)
 	}
 
-	var records []domainRecord
-	for _, rec := range dr.Forwards {
-		records = append(records, rec)
-	}
-	return records, nil
+	return dr.Forwards, nil
 }
 
 func (c *porkbunProvider) getNameservers(domain string) ([]string, error) {
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index defa5b7cb2..af30ebd88c 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -146,7 +146,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 				Msg: change.Msgs[0],
 				F: func() error {
 					if change.New[0].Type == "PORKBUN_URLFWD" {
-						return c.createUrlForwardingRecord(dc.Name, req)
+						return c.createURLForwardingRecord(dc.Name, req)
 					}
 					return c.createRecord(dc.Name, req)
 				},
@@ -161,7 +161,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 				Msg: fmt.Sprintf("%s, porkbun ID: %s", change.Msgs[0], id),
 				F: func() error {
 					if change.New[0].Type == "PORKBUN_URLFWD" {
-						return c.modifyUrlForwardingRecord(dc.Name, id, req)
+						return c.modifyURLForwardingRecord(dc.Name, id, req)
 					}
 					return c.modifyRecord(dc.Name, id, req)
 				},
@@ -172,7 +172,7 @@ func (c *porkbunProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exi
 				Msg: fmt.Sprintf("%s, porkbun ID: %s", change.Msgs[0], id),
 				F: func() error {
 					if change.Old[0].Type == "PORKBUN_URLFWD" {
-						return c.deleteUrlForwardingRecord(dc.Name, id)
+						return c.deleteURLForwardingRecord(dc.Name, id)
 					}
 					return c.deleteRecord(dc.Name, id)
 				},
@@ -192,7 +192,7 @@ func (c *porkbunProvider) GetZoneRecords(domain string, meta map[string]string)
 	if err != nil {
 		return nil, err
 	}
-	forwards, err := c.getUrlForwardingRecords(domain)
+	forwards, err := c.getURLForwardingRecords(domain)
 	if err != nil {
 		return nil, err
 	}

From 16a99a1ddbe956c5f4254edaacae53ab6f039cdd Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 16 Oct 2024 10:21:18 -0400
Subject: [PATCH 371/438] CHORE: Add deprecation messages to
 preview/push/ppreview/ppush commands (#3155)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 commands/ppreviewPush.go      |  68 ++++++++++++++++++---
 commands/previewPush.go       | 108 ++--------------------------------
 documentation/preview-push.md |  34 ++++++++---
 3 files changed, 89 insertions(+), 121 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index a1ea2da393..367da6e620 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -28,12 +28,46 @@ type zoneCache struct {
 	sync.Mutex
 }
 
+const cmodewarn = `WARN: In v4.15 --cmode will default to "concurrent".` +
+	` Please test and report any bugs ASAP.` +
+	` In v4.16 or later, "legacy" will go away.` +
+	` See https://docs.dnscontrol.org/commands/preview-push` +
+	"\n"
+
+const ppreviewwarn = `WARN: ppreview is going away in v4.16 or later.` +
+	` Use "preview --cmode=concurrent" instead.` +
+	"\n"
+
+const ppushwarn = `WARN: ppush is going away in v4.16 or later.` +
+	` Use "push --cmode=concurrent" instead.` +
+	"\n"
+
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPreviewArgs
 	return &cli.Command{
-		Name:  "ppreview",
+		Name:  "preview",
 		Usage: "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
+			if args.ConcurMode == "legacy" {
+				fmt.Fprint(os.Stderr, cmodewarn)
+				return exit(Preview(args))
+			}
+			return exit(PPreview(args))
+		},
+		Flags: args.flags(),
+	}
+}())
+
+var _ = cmd(catMain, func() *cli.Command {
+	var args PPreviewArgs
+	return &cli.Command{
+		Name:  "ppreview",
+		Usage: "Deprecated. Same as: preview --cmode=concurrent",
+		Action: func(ctx *cli.Context) error {
+			fmt.Fprint(os.Stderr, ppreviewwarn)
+			if args.ConcurMode == "legacy" {
+				return exit(Preview(args))
+			}
 			return exit(PPreview(args))
 		},
 		Flags: args.flags(),
@@ -79,11 +113,11 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 	flags = append(flags, &cli.StringFlag{
 		Name:        "cmode",
 		Destination: &args.ConcurMode,
-		Value:       "default",
-		Usage:       `Which providers to run concurrently: all, default, none`,
+		Value:       "legacy",
+		Usage:       `Which providers to run concurrently: legacy, concurrent, none, all`,
 		Action: func(c *cli.Context, s string) error {
-			if !slices.Contains([]string{"all", "default", "none"}, s) {
-				fmt.Printf("%q is not a valid option for --cmode.  Valie are: all, default, none", s)
+			if !slices.Contains([]string{"legacy", "concurrent", "none", "all"}, s) {
+				fmt.Printf("%q is not a valid option for --cmode.  Values are: legacy, concurrent, none, all\n", s)
 			}
 			return nil
 		},
@@ -125,12 +159,32 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 	return flags
 }
 
+var _ = cmd(catMain, func() *cli.Command {
+	var args PPushArgs
+	return &cli.Command{
+		Name:  "push",
+		Usage: "identify changes to be made, and perform them",
+		Action: func(ctx *cli.Context) error {
+			if args.ConcurMode == "legacy" {
+				fmt.Fprint(os.Stderr, cmodewarn)
+				return exit(Push(args))
+			}
+			return exit(PPush(args))
+		},
+		Flags: args.flags(),
+	}
+}())
+
 var _ = cmd(catMain, func() *cli.Command {
 	var args PPushArgs
 	return &cli.Command{
 		Name:  "ppush",
 		Usage: "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
+			fmt.Fprint(os.Stderr, ppushwarn)
+			if args.ConcurMode == "legacy" {
+				return exit(Push(args))
+			}
 			return exit(PPush(args))
 		},
 		Flags: args.flags(),
@@ -160,7 +214,7 @@ func PPreview(args PPreviewArgs) error {
 
 // PPush implements the push subcommand.
 func PPush(args PPushArgs) error {
-	return prun(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, args.Report)
+	return run(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
 }
 
 var pobsoleteDiff2FlagUsed = false
@@ -363,9 +417,7 @@ func optimizeOrder(zones []*models.DomainConfig) []*models.DomainConfig {
 
 func oneZone(zone *models.DomainConfig, args PPreviewArgs, zc *zoneCache) {
 	// Fix the parent zone's delegation: (if able/needed)
-	//zone.NameserversMutex.Lock()
 	delegationCorrections, dcCount := generateDelegationCorrections(zone, zone.DNSProviderInstances, zone.RegistrarInstance)
-	//zone.NameserversMutex.Unlock()
 
 	// Loop over the (selected) providers configured for that zone:
 	providersToProcess := whichProvidersToProcess(zone.DNSProviderInstances, args.Providers)
diff --git a/commands/previewPush.go b/commands/previewPush.go
index 847d96b4b6..56c181c88a 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -10,7 +10,6 @@ import (
 	"golang.org/x/net/idna"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
-	"github.com/StackExchange/dnscontrol/v4/pkg/bindserial"
 	"github.com/StackExchange/dnscontrol/v4/pkg/credsfile"
 	"github.com/StackExchange/dnscontrol/v4/pkg/nameservers"
 	"github.com/StackExchange/dnscontrol/v4/pkg/normalize"
@@ -19,34 +18,9 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/rfc4183"
 	"github.com/StackExchange/dnscontrol/v4/pkg/zonerecs"
 	"github.com/StackExchange/dnscontrol/v4/providers"
-	"github.com/urfave/cli/v2"
 	"golang.org/x/exp/slices"
 )
 
-var _ = cmd(catMain, func() *cli.Command {
-	var args PreviewArgs
-	return &cli.Command{
-		Name:  "preview",
-		Usage: "read live configuration and identify changes to be made, without applying them",
-		Action: func(ctx *cli.Context) error {
-			return exit(Preview(args))
-		},
-		Flags: args.flags(),
-	}
-}())
-
-// PreviewArgs contains all data/flags needed to run preview, independently of CLI
-type PreviewArgs struct {
-	GetDNSConfigArgs
-	GetCredentialsArgs
-	FilterArgs
-	Notify      bool
-	WarnChanges bool
-	NoPopulate  bool
-	Full        bool
-	Report      string
-}
-
 // ReportItem is a record of corrections for a particular domain/provider/registrar.
 type ReportItem struct {
 	Domain      string `json:"domain"`
@@ -55,94 +29,20 @@ type ReportItem struct {
 	Registrar   string `json:"registrar,omitempty"`
 }
 
-func (args *PreviewArgs) flags() []cli.Flag {
-	flags := args.GetDNSConfigArgs.flags()
-	flags = append(flags, args.GetCredentialsArgs.flags()...)
-	flags = append(flags, args.FilterArgs.flags()...)
-	flags = append(flags, &cli.BoolFlag{
-		Name:        "notify",
-		Destination: &args.Notify,
-		Usage:       `set to true to send notifications to configured destinations`,
-	})
-	flags = append(flags, &cli.BoolFlag{
-		Name:        "expect-no-changes",
-		Destination: &args.WarnChanges,
-		Usage:       `set to true for non-zero return code if there are changes`,
-	})
-	flags = append(flags, &cli.BoolFlag{
-		Name:        "no-populate",
-		Destination: &args.NoPopulate,
-		Usage:       `Use this flag to not auto-create non-existing zones at the provider`,
-	})
-	flags = append(flags, &cli.BoolFlag{
-		Name:        "full",
-		Destination: &args.Full,
-		Usage:       `Add headings, providers names, notifications of no changes, etc`,
-	})
-	flags = append(flags, &cli.IntFlag{
-		Name:   "reportmax",
-		Hidden: true,
-		Usage:  `Limit the IGNORE/NO_PURGE report to this many lines (Expermental. Will change in the future.)`,
-		Action: func(ctx *cli.Context, max int) error {
-			printer.MaxReport = max
-			return nil
-		},
-	})
-	flags = append(flags, &cli.Int64Flag{
-		Name:        "bindserial",
-		Destination: &bindserial.ForcedValue,
-		Usage:       `Force BIND serial numbers to this value (for reproducibility)`,
-	})
-	flags = append(flags, &cli.StringFlag{
-		Name:        "report",
-		Destination: &args.Report,
-		Usage:       `Generate a machine-parseable report of corrections counts.`,
-	})
-	return flags
-}
-
-var _ = cmd(catMain, func() *cli.Command {
-	var args PushArgs
-	return &cli.Command{
-		Name:  "push",
-		Usage: "identify changes to be made, and perform them",
-		Action: func(ctx *cli.Context) error {
-			return exit(Push(args))
-		},
-		Flags: args.flags(),
-	}
-}())
-
-// PushArgs contains all data/flags needed to run push, independently of CLI
-type PushArgs struct {
-	PreviewArgs
-	Interactive bool
-}
-
-func (args *PushArgs) flags() []cli.Flag {
-	flags := args.PreviewArgs.flags()
-	flags = append(flags, &cli.BoolFlag{
-		Name:        "i",
-		Destination: &args.Interactive,
-		Usage:       "Interactive. Confirm or Exclude each correction before they run",
-	})
-	return flags
-}
-
 // Preview implements the preview subcommand.
-func Preview(args PreviewArgs) error {
+func Preview(args PPreviewArgs) error {
 	return run(args, false, false, printer.DefaultPrinter, &args.Report)
 }
 
 // Push implements the push subcommand.
-func Push(args PushArgs) error {
-	return run(args.PreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
+func Push(args PPushArgs) error {
+	return run(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
 }
 
 var obsoleteDiff2FlagUsed = false
 
 // run is the main routine common to preview/push
-func run(args PreviewArgs, push bool, interactive bool, out printer.CLI, report *string) error {
+func run(args PPreviewArgs, push bool, interactive bool, out printer.CLI, report *string) error {
 	// TODO: make truly CLI independent. Perhaps return results on a channel as they occur
 
 	// This is a hack until we have the new printer replacement.
diff --git a/documentation/preview-push.md b/documentation/preview-push.md
index 8c0f61c0a8..ff0697baed 100644
--- a/documentation/preview-push.md
+++ b/documentation/preview-push.md
@@ -91,23 +91,39 @@ OPTIONS:
     serial number generator to output the value specified for all domains. This is
     generally used for reproducibility in testing pipelines.
 
+* `--cmode value`
+  * Concurrency mode. See below.
+
 * `--report name`
   * Write a machine-parseable report of
     corrections to the file named `name`. If no name is specified, no
     report is generated. See [JSON Reports](json-reports.md)
 
+## cmode
+
+The `preview`/`push` commands begin with a data-gathering phase that collects current configuration
+from providers and zones.  This collection can be done sequentially or concurrently.  Concurrently is significantly faster.  However since concurrent mode is newer, not all providers have been tested and certified as being compatible with this mode.  Therefore the `--cmode` flag can be used to control concurrency.
+
+The `--cmode` value may be one of the following:
+
+* `legacy` -- Use the older, sequential code.  All data is gathered sequentially. This option and the related code will removed in release v4.16 (or later).  Please test `--cmode concurrent` and [report any bugs](https://github.com/StackExchange/dnscontrol/issues) ASAP.
+* `concurrent` -- Gathering is done either sequentially or concurrently depending on whether the provider is marked as having been tested to run concurrently.
+* `none` -- All providers are run sequentially. This is the safest mode. It can be used if a concurrency bug is discovered.  While this is logically the same as `legacy`, it is implemented using the newer concurrent code, with concurrency disabled.
+* `all` -- This is unsafe. It runs all providers concurrently, even the ones that have not be validated to run concurrently. It is generally only used for demonstrating bugs.
+
+The default value of `--cmode` will change over time:
+
+* v4.14: `--cmode legacy`
+* v4.15: `--cmode concurrent`
+* v4.16 or later (target 1-Jan-2025): The `--cmode legacy` option will be removed, along with the old serial code.
+
 ## ppreview/ppush
 
-{% hint style="info" %}
-Starting in v4.9
+{% hint style="warning" %}
+These commands will go away in v4.16 or later.  Starting in v4.14, please use
+`preview`/`push` with `--cmode concurrent` instead.
 {% endhint %}
 
 The `ppreview`/`ppush` subcommands are a preview of a future feature where zone
 data is gathered concurrently. The commands will go away when
-they replace the existing `preview`/`push` commands.
-
-* `--cmode value`
-  * Concurrency mode. Specifies what kind of providers should be run concurrently.
-    * `default` -- Providers are run sequentially or concurrently depending on whether the provider is marked as having been tested to run concurrently.
-    * `none` -- All providers are run sequentially. This is the safest mode. It can be used if a concurrency bug is discovered.
-    * `all` -- This is unsafe. It runs all providers concurrently, even the ones that have not be validated to run concurrently. It is generally only used for demonstrating bugs.
+they replace the existing `preview`/`push` commands.
\ No newline at end of file

From 2bb0d873c85a8b4259780ad6282e1f1ab0e974f0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 16 Oct 2024 11:35:49 -0400
Subject: [PATCH 372/438] CHORE: Update deps (#3160)

---
 go.mod |  58 +++++++++++++-------------
 go.sum | 128 +++++++++++++++++++++++++++++++--------------------------
 2 files changed, 99 insertions(+), 87 deletions(-)

diff --git a/go.mod b/go.mod
index d4c1b2ae85..2f88d5b739 100644
--- a/go.mod
+++ b/go.mod
@@ -4,10 +4,10 @@ go 1.23.0
 
 retract v4.8.0
 
-require google.golang.org/protobuf v1.34.2 // indirect
+require google.golang.org/protobuf v1.35.1 // indirect
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/privatedns/armprivatedns v1.3.0
 	github.com/Azure/go-autorest/autorest/to v0.4.0
@@ -16,15 +16,15 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.31.0
-	github.com/aws/aws-sdk-go-v2/config v1.27.40
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.38
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4
+	github.com/aws/aws-sdk-go-v2 v1.32.2
+	github.com/aws/aws-sdk-go-v2/config v1.27.43
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.41
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.106.0
+	github.com/cloudflare/cloudflare-go v0.107.0
 	github.com/digitalocean/godo v1.126.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.5.1
@@ -48,55 +48,55 @@ require (
 	github.com/softlayer/softlayer-go v1.1.5
 	github.com/stretchr/testify v1.9.0
 	github.com/transip/gotransip/v6 v6.26.0
-	github.com/urfave/cli/v2 v2.27.4
+	github.com/urfave/cli/v2 v2.27.5
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/net v0.30.0
 	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.199.0
+	google.golang.org/api v0.201.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.1
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.75.2
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0
+	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
 	golang.org/x/text v0.19.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.9.5 // indirect
+	cloud.google.com/go/auth v0.9.8 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.23.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.31.4 // indirect
-	github.com/aws/smithy-go v1.21.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
-	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
@@ -157,11 +157,11 @@ require (
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
-	golang.org/x/tools v0.25.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/grpc v1.67.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/tools v0.26.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
+	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
diff --git a/go.sum b/go.sum
index 40dcad1be7..51ddd91817 100644
--- a/go.sum
+++ b/go.sum
@@ -1,14 +1,16 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw=
-cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM=
+cloud.google.com/go/auth v0.9.8 h1:+CSJ0Gw9iVeSENVCKJoLHhdUykDgXSc4Qn+gu2BRtR8=
+cloud.google.com/go/auth v0.9.8/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
 cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
 cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
 cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0 h1:eXzkOEXbSTOa7cJ7EqeCVi/OFi/ppDrUtQuttCWy74c=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c=
@@ -23,6 +25,8 @@ github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK
 github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
 github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
 github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
+github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM=
+github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -41,36 +45,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U=
-github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA=
-github.com/aws/aws-sdk-go-v2/config v1.27.40 h1:sie4mPBGFOO+Z27+yHzvyN31G20h/bf2xb5mCbpLv2Q=
-github.com/aws/aws-sdk-go-v2/config v1.27.40/go.mod h1:4KW7Aa5tNo+0VHnuLnnE1vPHtwMurlNZNS65IdcewHA=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.38 h1:iM90eRhCeZtlkzCNCG1JysOzJXGYf5rx80aD1lUgNDU=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.38/go.mod h1:TCVYPZeQuLaYNEkf/TVn6k5k/zdVZZ7xH9po548VNNg=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 h1:kYQ3H1u0ANr9KEKlGs/jTLrBFPo8P8NaH/w7A01NeeM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18/go.mod h1:r506HmK5JDUh9+Mw4CfGJGSSoqIiLCndAuqXuhbv67Y=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 h1:Z7IdFUONvTcvS7YuhtVxN99v2cCoHRXOS4mTr0B/pUc=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18/go.mod h1:DkKMmksZVVyat+Y+r1dEOgJEfUeA7UngIHWeKsi0yNc=
+github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI=
+github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
+github.com/aws/aws-sdk-go-v2/config v1.27.43 h1:p33fDDihFC390dhhuv8nOmX419wjOSDQRb+USt20RrU=
+github.com/aws/aws-sdk-go-v2/config v1.27.43/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17/go.mod h1:1ZRXLdTpzdJb9fwTMXiLipENRxkGMTn1sfKexGllQCw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4 h1:WAoAaFKosxHHDrSagXcowPTU+BWQGXFPENVko8KWyh0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.44.4/go.mod h1:l2ABSKg3AibEJeR/l60cfeGU54UqF3VTgd51pq+vYhU=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4 h1:fVpRIfHwVxlkOTkcn0llBr7OKBJZS5+5167F18cQUAg=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.26.4/go.mod h1:uFNgoaUIINLeJmEQmq4WqDvg4iVUPgpGyHGvuJKESxM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.4 h1:ck/Y8XWNR1gHa4BFkwE3oSu7XDJGwl+8TI7E/RB2EcQ=
-github.com/aws/aws-sdk-go-v2/service/sso v1.23.4/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4 h1:4f2/JKYZHAZbQ7koBpZ012bKi32NHPY0m7TDuJgsbug=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.4/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.4 h1:uK6dUUdJtqutK1XO/tmNaQMJiPLCJY/eAeOOmqQ6ygY=
-github.com/aws/aws-sdk-go-v2/service/sts v1.31.4/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI=
-github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA=
-github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2 h1:P4ElvGTPph12a87YpxPDIqCvVICeYJFV32UMMS/TIPc=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2/go.mod h1:zLKE53MjadFH0VYrDerAx25brxLYiSg4Vk3C+qPY4BQ=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2 h1:xbG9L1Qhakvz/IIRduTKwZonOqIsfxCDZtAoRpnWYkM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2/go.mod h1:KlanrIRl1x15X9ZduBDMntAsNRg0a0qDVTmcajLTXj0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2/go.mod h1:o8aQygT2+MVP0NaV6kbdE1YnnIM8RRVQzoeUH45GOdI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo=
+github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
+github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -86,14 +90,16 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7 h1:Jk7uhY5q11fE5PlEupX2Lo12w82UhGC6bE1CI5jwFbc=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod h1:FnQtD0+Q/1NZxi0eEWN+3ZRyMsE9vzSB3YjyunkbKD0=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.106.0 h1:q41gC5Wc1nfi0D1ZhSHokWcd9mGMbqC7RE7qiP+qE00=
-github.com/cloudflare/cloudflare-go v0.106.0/go.mod h1:pfUQ4PIG4ISI0/Mmc21Bp86UnFU0ktmPf3iTgbSL+cM=
+github.com/cloudflare/cloudflare-go v0.107.0 h1:cMDIw2tzt6TXCJyMFVyP+BPOVkIfMvcKjhMNSNvuEPc=
+github.com/cloudflare/cloudflare-go v0.107.0/go.mod h1:5cYGzVBqNTLxMYSLdVjuSs5LJL517wJDSvMPWUrzHzc=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
-github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
+github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -103,6 +109,8 @@ github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
+github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/digitalocean/godo v1.126.0 h1:+Znh7VMQj/E8ArbjWnc7OKGjWfzC+I8OCSRp7r1MdD8=
 github.com/digitalocean/godo v1.126.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
@@ -246,8 +254,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116 h1:2xdw38EHrdkciWjRdwd75p6a+cXe4PxWSgHMNYMbQnI=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.116/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117 h1:TUiy5+4+Q7AWNfvKjQQL6lXOylnp7HL47JyYJ+HgN+I=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -263,6 +271,8 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/errors v1.0.0 h1:yiq7kjCLll1BiaRuNY53MGI0+EQ3rF6GB+wvboZDefM=
 github.com/juju/errors v1.0.0/go.mod h1:B5x9thDqx0wIMH3+aLIMP9HjItInYWObRovoCFM5Qe8=
+github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
+github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b h1:udzkj9S/zlT5X367kqJis0QP7YMxobob6zhzq6Yre00=
 github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b/go.mod h1:pcaDhQK0/NJZEvtCO0qQPPropqV0sJOJ6YW7X+9kRwM=
@@ -354,6 +364,8 @@ github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494 h1:wSmWgpuccqS2IOfmYrbRiUgv+g37W5suLLLxwwniTSc=
 github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08eQ6XwDm1fEwKPdF/xdbkiHtrU+1Hg+vc4=
+github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
+github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
 github.com/robertkrimen/otto v0.4.0 h1:/c0GRrK1XDPcgIasAsnlpBT5DelIeB9U/Z/JCQsgr7E=
 github.com/robertkrimen/otto v0.4.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
@@ -411,8 +423,8 @@ github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVM
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8=
-github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ=
+github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
+github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vultr/govultr/v2 v2.17.2 h1:gej/rwr91Puc/tgh+j33p/BLR16UrIPnSr+AIwYWZQs=
@@ -456,8 +468,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
 golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
 golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
-golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
+golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -550,8 +562,8 @@ golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -563,31 +575,31 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE=
-golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs=
-google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28=
+google.golang.org/api v0.201.0 h1:+7AD9JNM3tREtawRMu8sOjSbb8VYcYXJG/2eEOmfDu0=
+google.golang.org/api v0.201.0/go.mod h1:HVY0FCHVs89xIW9fzf/pBvOEm+OolHa86G/txFezyq4=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA=
+google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw=
-google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -600,8 +612,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From ee65e4610ae8f75203d2a0c885cc5a450dde05c5 Mon Sep 17 00:00:00 2001
From: Alexander Kabenin <28066869+kabenin@users.noreply.github.com>
Date: Wed, 23 Oct 2024 07:02:11 -0700
Subject: [PATCH 373/438] NS1: Ignore RRSets of type REDIRECT (#3167)

---
 providers/ns1/ns1Provider.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/providers/ns1/ns1Provider.go b/providers/ns1/ns1Provider.go
index 4d88b7287e..c6dd83661d 100644
--- a/providers/ns1/ns1Provider.go
+++ b/providers/ns1/ns1Provider.go
@@ -390,6 +390,14 @@ func convert(zr *dns.ZoneRecord, domain string) ([]*models.RecordConfig, error)
 			if err := rec.SetTargetCAAStrings(xAns[0], xAns[1], xAns[2]); err != nil {
 				return nil, fmt.Errorf("unparsable %s record received from ns1: %w", rtype, err)
 			}
+		case "REDIRECT":
+			// NS1 returns REDIRECTs as records, but there is only one and dummy answer:
+			// "NS1 MANAGED RECORD"
+			// Redirects are managed via a different API endpoint https://api.nsone.net/v1/redirect
+			// It also involves cert management
+			// We may simpply ignore REDIRECTs for now until we support it
+			printer.Warnf("NS1_REDIRECT is NOT supported by dnscontrol and all existing redirects are ignored.\n")
+			continue
 		default:
 			if err := rec.PopulateFromString(rtype, ans, domain); err != nil {
 				return nil, fmt.Errorf("unparsable record received from ns1: %w", err)

From 635eb314d2c636d42dfc88245ddd7ebb2ad8061c Mon Sep 17 00:00:00 2001
From: Cameron <CJFelto@users.noreply.github.com>
Date: Thu, 24 Oct 2024 03:11:16 +1300
Subject: [PATCH 374/438] M365_BUILDER: Support second level domains, fix
 domainGUID Generation (#3165)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 pkg/js/helpers.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 3029cecb4e..4989b8ef91 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1850,7 +1850,7 @@ function M365_BUILDER(name, value) {
             );
         }
 
-        value.domainGUID = name.replace('.', '-');
+        value.domainGUID = name.replace(/\./g, '-');
     }
 
     if (value.dkim && !value.initialDomain) {

From 1edde6274ad2bd4ec3212d57f3938fc927aefe89 Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Mon, 28 Oct 2024 15:32:20 +0000
Subject: [PATCH 375/438] Clean-up records after TestDualProviders (#3171)

---
 integrationTest/integration_test.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index a2ee6ecf95..93430c848c 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -374,7 +374,7 @@ func TestDualProviders(t *testing.T) {
 	nslist, _ := models.ToNameservers([]string{"ns1.example.com", "ns2.example.com"})
 	dc.Nameservers = append(dc.Nameservers, nslist...)
 	nameservers.AddNSRecords(dc)
-	t.Log("Adding nameservers from another provider")
+	t.Log("Adding test nameservers")
 	run()
 	// run again to make sure no corrections
 	t.Log("Running again to ensure stability")
@@ -392,6 +392,20 @@ func TestDualProviders(t *testing.T) {
 		}
 		t.FailNow()
 	}
+
+	t.Log("Removing test nameservers")
+	dc.Records = []*models.RecordConfig{}
+	n := 0
+	for _, ns := range dc.Nameservers {
+		if ns.Name == "ns1.example.com" || ns.Name == "ns2.example.com" {
+			continue
+		}
+		dc.Nameservers[n] = ns
+		n++
+	}
+	dc.Nameservers = dc.Nameservers[:n]
+	nameservers.AddNSRecords(dc)
+	run()
 }
 
 func TestNameserverDots(t *testing.T) {

From e0ef3cbde59fc3ea699489766dd8a5e5b11517a2 Mon Sep 17 00:00:00 2001
From: Jauder Ho <jauderho@users.noreply.github.com>
Date: Mon, 28 Oct 2024 08:38:12 -0700
Subject: [PATCH 376/438] GET-CERTS:  Bump github.com/go-acme/lego to v4 to
 resolve security issues with go-jose (#3169)

Signed-off-by: Jauder Ho <jauderho@users.noreply.github.com>
---
 go.mod                       | 22 +++++++++----------
 go.sum                       | 42 ++++++++++++++++++------------------
 pkg/acme/acme.go             | 14 ++++++------
 pkg/acme/checkDns.go         |  2 +-
 pkg/acme/directoryStorage.go |  2 +-
 pkg/acme/registration.go     |  6 +++---
 pkg/acme/storage.go          |  2 +-
 pkg/acme/vaultStorage.go     |  2 +-
 8 files changed, 45 insertions(+), 47 deletions(-)

diff --git a/go.mod b/go.mod
index 2f88d5b739..8a904d18e9 100644
--- a/go.mod
+++ b/go.mod
@@ -27,9 +27,8 @@ require (
 	github.com/cloudflare/cloudflare-go v0.107.0
 	github.com/digitalocean/godo v1.126.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
-	github.com/dnsimple/dnsimple-go v1.5.1
-	github.com/exoscale/egoscale v0.90.2
-	github.com/go-acme/lego v2.7.2+incompatible
+	github.com/dnsimple/dnsimple-go v1.7.0
+	github.com/exoscale/egoscale v0.102.4
 	github.com/go-gandi/go-gandi v0.7.0
 	github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe
 	github.com/gopherjs/jquery v0.0.0-20191017083323-73f4c7416038
@@ -39,7 +38,7 @@ require (
 	github.com/mittwald/go-powerdns v0.6.6
 	github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04
 	github.com/nrdcg/goinwx v0.10.0
-	github.com/ovh/go-ovh v1.4.3
+	github.com/ovh/go-ovh v1.6.0
 	github.com/philhug/opensrs-go v0.0.0-20171126225031-9dfa7433020d
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
@@ -62,6 +61,7 @@ require (
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.17.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
+	github.com/go-acme/lego/v4 v4.19.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
 	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117
@@ -94,20 +94,19 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
-	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/deepmap/oapi-codegen v1.9.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.4 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-test/deep v1.0.3 // indirect
 	github.com/goccy/go-json v0.10.3 // indirect
-	github.com/gofrs/flock v0.8.1 // indirect
-	github.com/gofrs/uuid v4.0.0+incompatible // indirect
+	github.com/gofrs/flock v0.12.1 // indirect
+	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
@@ -136,12 +135,12 @@ require (
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/peterhellberg/link v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.2.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/smartystreets/assertions v1.2.0 // indirect
 	github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
 	github.com/sony/gobreaker v0.5.0 // indirect
@@ -164,6 +163,5 @@ require (
 	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
-	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
 	moul.io/http2curl v1.0.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 51ddd91817..f5951ee991 100644
--- a/go.sum
+++ b/go.sum
@@ -5,6 +5,7 @@ cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy
 cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
 cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0 h1:eXzkOEXbSTOa7cJ7EqeCVi/OFi/ppDrUtQuttCWy74c=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
@@ -83,8 +84,6 @@ github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9/go.mod h1:b
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
 github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
-github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -103,8 +102,9 @@ github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIxr1vtI=
@@ -115,14 +115,14 @@ github.com/digitalocean/godo v1.126.0 h1:+Znh7VMQj/E8ArbjWnc7OKGjWfzC+I8OCSRp7r1
 github.com/digitalocean/godo v1.126.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
-github.com/dnsimple/dnsimple-go v1.5.1 h1:zr7OJgQBfS8kJJGMRpcXC6DEeKErR71aNogCMnWGawU=
-github.com/dnsimple/dnsimple-go v1.5.1/go.mod h1:QWFwNXg2hV2PrGQE9b69Ig6UwHyIOxQRrECmVvaugss=
+github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
+github.com/dnsimple/dnsimple-go v1.7.0/go.mod h1:EKpuihlWizqYafSnQHGCd/gyvy3HkEQJ7ODB4KdV8T8=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/exoscale/egoscale v0.90.2 h1:oGSJy5Dxbcn5m5F0/DcnU4WXJg+2j3g+UgEu4yyKG9M=
-github.com/exoscale/egoscale v0.90.2/go.mod h1:NDhQbdGNKwnLVC2YGTB6ds9WIPw+V5ckvEEV8ho7pFE=
+github.com/exoscale/egoscale v0.102.4 h1:GBKsZMIOzwBfSu+4ZmWka3Ejf2JLiaBDHp4CQUgvp2E=
+github.com/exoscale/egoscale v0.102.4/go.mod h1:ROSmPtle0wvf91iLZb09++N/9BH2Jo9XxIpAEumvocA=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
 github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
@@ -136,13 +136,13 @@ github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSy
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
-github.com/go-acme/lego v2.7.2+incompatible h1:ThhpPBgf6oa9X/vRd0kEmWOsX7+vmYdckmGZSb+FEp0=
-github.com/go-acme/lego v2.7.2+incompatible/go.mod h1:yzMNe9CasVUhkquNvti5nAtPmG94USbYxYrZfTkIn0M=
+github.com/go-acme/lego/v4 v4.19.2 h1:Y8hrmMvWETdqzzkRly7m98xtPJJivWFsgWi8fcvZo+Y=
+github.com/go-acme/lego/v4 v4.19.2/go.mod h1:wtDe3dDkmV4/oI2nydpNXSJpvV10J9RCyZ6MbYxNtlQ=
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
-github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U=
-github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
+github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
+github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -166,10 +166,11 @@ github.com/gobwas/glob v0.2.4-0.20181002190808-e7a84e9525fe/go.mod h1:d3Ez4x06l9
 github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
 github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E=
+github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0=
+github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
+github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
@@ -343,8 +344,8 @@ github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
 github.com/oracle/oci-go-sdk/v65 v65.75.2 h1:Qw3Eotrq7SJ5LquOc//Iq6xzcBJSi8AD3cXps9IBN7g=
 github.com/oracle/oci-go-sdk/v65 v65.75.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
-github.com/ovh/go-ovh v1.4.3 h1:Gs3V823zwTFpzgGLZNI6ILS4rmxZgJwJCz54Er9LwD0=
-github.com/ovh/go-ovh v1.4.3/go.mod h1:AkPXVtgwB6xlKblMjRKJJmjRp+ogrE7fz2lVgcQY8SY=
+github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
+github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/peterhellberg/link v1.1.0 h1:s2+RH8EGuI/mI4QwrWGSYQCRz7uNgip9BaM04HKu5kc=
@@ -356,8 +357,9 @@ github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjL
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
 github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
@@ -383,8 +385,8 @@ github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNX
 github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
 github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.2.0 h1:42S6lae5dvLc7BrLu/0ugRtcFVjoJNMC/N3yZFZkDFs=
 github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
@@ -631,8 +633,6 @@ gopkg.in/ns1/ns1-go.v2 v2.12.1/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzw
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
-gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
-gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/pkg/acme/acme.go b/pkg/acme/acme.go
index 8d9457aac6..c2c4e6f76b 100644
--- a/pkg/acme/acme.go
+++ b/pkg/acme/acme.go
@@ -16,12 +16,12 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/nameservers"
 	"github.com/StackExchange/dnscontrol/v4/pkg/notifications"
 	"github.com/StackExchange/dnscontrol/v4/pkg/zonerecs"
-	"github.com/go-acme/lego/certcrypto"
-	"github.com/go-acme/lego/certificate"
-	"github.com/go-acme/lego/challenge"
-	"github.com/go-acme/lego/challenge/dns01"
-	"github.com/go-acme/lego/lego"
-	acmelog "github.com/go-acme/lego/log"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/certificate"
+	"github.com/go-acme/lego/v4/challenge"
+	"github.com/go-acme/lego/v4/challenge/dns01"
+	"github.com/go-acme/lego/v4/lego"
+	acmelog "github.com/go-acme/lego/v4/log"
 )
 
 // CertConfig describes a certificate's configuration.
@@ -141,7 +141,7 @@ func (c *certManager) IssueOrRenewCert(cfg *CertConfig, renewUnder int, verbose
 		} else {
 			log.Println("Renewing cert")
 			action = func() (*certificate.Resource, error) {
-				return client.Certificate.Renew(*existing, true, cfg.MustStaple)
+				return client.Certificate.Renew(*existing, true, cfg.MustStaple, "")
 			}
 		}
 	}
diff --git a/pkg/acme/checkDns.go b/pkg/acme/checkDns.go
index 410723d6ca..b853271e36 100644
--- a/pkg/acme/checkDns.go
+++ b/pkg/acme/checkDns.go
@@ -4,7 +4,7 @@ import (
 	"log"
 	"time"
 
-	"github.com/go-acme/lego/challenge/dns01"
+	"github.com/go-acme/lego/v4/challenge/dns01"
 )
 
 func (c *certManager) preCheckDNS(domain, fqdn, value string, native dns01.PreCheckFunc) (bool, error) {
diff --git a/pkg/acme/directoryStorage.go b/pkg/acme/directoryStorage.go
index bf187d7292..ef64718202 100644
--- a/pkg/acme/directoryStorage.go
+++ b/pkg/acme/directoryStorage.go
@@ -8,7 +8,7 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/go-acme/lego/certificate"
+	"github.com/go-acme/lego/v4/certificate"
 )
 
 // directoryStorage implements storage in a local file directory
diff --git a/pkg/acme/registration.go b/pkg/acme/registration.go
index a6d052a440..5e7214339a 100644
--- a/pkg/acme/registration.go
+++ b/pkg/acme/registration.go
@@ -6,9 +6,9 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 
-	"github.com/go-acme/lego/certcrypto"
-	"github.com/go-acme/lego/lego"
-	"github.com/go-acme/lego/registration"
+	"github.com/go-acme/lego/v4/certcrypto"
+	"github.com/go-acme/lego/v4/lego"
+	"github.com/go-acme/lego/v4/registration"
 )
 
 func (c *certManager) getOrCreateAccount() (*Account, error) {
diff --git a/pkg/acme/storage.go b/pkg/acme/storage.go
index cce68e1015..29e751bce7 100644
--- a/pkg/acme/storage.go
+++ b/pkg/acme/storage.go
@@ -1,6 +1,6 @@
 package acme
 
-import "github.com/go-acme/lego/certificate"
+import "github.com/go-acme/lego/v4/certificate"
 
 // Storage is an abstracrion around how certificates, keys, and account info are stored on disk or elsewhere.
 type Storage interface {
diff --git a/pkg/acme/vaultStorage.go b/pkg/acme/vaultStorage.go
index 3a86c57be1..aa01b5d9b6 100644
--- a/pkg/acme/vaultStorage.go
+++ b/pkg/acme/vaultStorage.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/go-acme/lego/certificate"
+	"github.com/go-acme/lego/v4/certificate"
 	"github.com/hashicorp/vault/api"
 )
 

From 16fa123cfa95bfbcc655e9387117aee880b9b801 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 13:43:19 -0400
Subject: [PATCH 377/438] Build(deps): Bump actions/cache from 4.1.1 to 4.1.2
 (#3175)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 308a03aa70..dc4a075bc4 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v4.1.1
+      uses: actions/cache@v4.1.2
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -196,7 +196,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v4.1.1
+      uses: actions/cache@v4.1.2
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From be25228cc84f54511d627447db9c09c592529431 Mon Sep 17 00:00:00 2001
From: Yuhui Xu <xuyh0120@outlook.com>
Date: Tue, 29 Oct 2024 06:23:02 -0700
Subject: [PATCH 378/438] GCORE: Add support for GeoDNS/Failover (#3161)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/provider/gcore.md     | 118 +++++++-
 integrationTest/integration_test.go |  43 +++
 providers/gcore/convert.go          |  53 +++-
 providers/gcore/convertMetadata.go  | 402 ++++++++++++++++++++++++++++
 providers/gcore/gcoreExtend.go      |   1 +
 providers/gcore/gcoreProvider.go    |  24 +-
 providers/gcore/metaConstants.go    |  31 +++
 7 files changed, 662 insertions(+), 10 deletions(-)
 create mode 100644 providers/gcore/convertMetadata.go
 create mode 100644 providers/gcore/metaConstants.go

diff --git a/documentation/provider/gcore.md b/documentation/provider/gcore.md
index 9a7b89fa50..8fec085672 100644
--- a/documentation/provider/gcore.md
+++ b/documentation/provider/gcore.md
@@ -17,7 +17,69 @@ Example:
 {% endcode %}
 
 ## Metadata
-This provider does not recognize any special metadata fields unique to Gcore.
+This provider supports the following metadata fields specific to Gcore, to support Gcore's GeoDNS and failover features.
+
+All metadata values are a string, instead of a number/int or a boolean value. If you want to set a number or a boolean value, you must specify them in their string forms.
+
+### Record level metadata
+These metadata fields can be set on each individual record:
+
+- `gcore_asn`: Comma separated string of ASNs the record should be served to.
+- `gcore_continents`: Comma separated string of continents the record should be served to. Valid values are: `as,na,an,sa,oc,eu,af`.
+- `gcore_countries`: Comma separated string of countries and regions the record should be served to. Countries and regions are represented by their two-letter code ([ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)).
+- `gcore_latitude` and `gcore_longitude`: Coordinate of the server's location the record is pointing to. Used for GeoDistance feature.
+- `gcore_notes`: Arbitrary notes for the record.
+- `gcore_weight`: Weight of the record, used in load balancing.
+- `gcore_ip`: Comma separated string of IPs/CIDRs the record should be served to.
+
+### Failover (Healthcheck) metadata
+These metadata fields are shared within the same RRSet (record name and type combo). The failover metadata MUST be set on all the records within the RRSet, and MUST be exactly the same across all records.
+
+- `gcore_failover_protocol`: Protocol to perform healthcheck on the server the record is pointing to. Valid values: `HTTP, TCP, UDP, ICMP`
+- `gcore_failover_port`: The port (as a string) to connect to the server.
+- `gcore_failover_frequency`: How often healthcheck should be performed, in seconds as a string. Valid values: 10-3600
+- `gcore_failover_timeout`: How long healthcheck should wait for server's response, in seconds as a string. Valid values: 1-10
+- `gcore_failover_method`: HTTP method used in the healthcheck. Only applies if `gcore_failover_protocol` is set to `HTTP`.
+- `gcore_failover_command`: Bytes to be sent to the server in the healthcheck. Only applies if `gcore_failover_protocol` is set to `TCP` or `UDP`.
+- `gcore_failover_url`: Relative URL to be requested, e.g. `/`. Only applies if `gcore_failover_protocol` is set to `HTTP`.
+- `gcore_failover_tls`: If SSL/TLS should be used when connecting to origin server. Can be either `true` or `false` as a string.
+- `gcore_failover_regexp`: Regular expression of expected contents in the response.
+- `gcore_failover_http_status_code`: Expected HTTP status code as a string. Only applies if `gcore_failover_protocol` is set to `HTTP`.
+- `gcore_failover_host`: Host field in the HTTP request header. Only applies if `gcore_failover_protocol` is set to `HTTP`.
+
+### Filters
+
+The `gcore_filters` metadata is a semicolon delimited string of several "filter" values.
+
+Each filter is a comma separated string of 2 or 3 fields:
+
+- 2 fields: `type,strict`.
+- 3 fields: `type,strict,limit`.
+
+As for the meaning of the fields:
+
+- `type` is the type of the filter, e.g. `healthcheck`, `geodistance`.
+- `strict` specifies what happens if the filter returns no records. If `strict` is `false`, then all records will be returned. If `strict` is `true`, then no records will be returned.
+- `limit` specifies the maximum number of records to be returned. This is an optional field.
+
+Let's take an example `gcore_filters` value: `healthcheck,false;geodistance,false;first_n,false,2`
+
+This example filter specifies 3 filters: `healthcheck`, `geodistance`, `first_n`. For all three filters, the `strict` field is set to `false`. For `first_n` filter, the max number of records to return is 2.
+
+### But this is too complicated for me! (Generating metadata with GCore itself)
+
+GCore provider will also display the record metadata in the corrections list. If you're overwhelmed by the instructions above, you can do the following instead:
+
+1. Add your records manually on Gcore's DNS control panel, and set all the metadata/filters you need.
+2. Run `dnscontrol preview`. You will see DNSControl wants to delete your records:
+
+   ```
+   - DELETE test.example.com A 1.1.1.1 {"gcore_asn":"1234,2345","gcore_continents":"af,an,as,eu,na,oc,sa","gcore_countries":"cn,us","gcore_filters":"geodistance,false;first_n,false,2","gcore_ip":"1.2.3.4","gcore_latitude":"34.567","gcore_longitude":"12.89","gcore_notes":"test","gcore_weight":"12"} ttl=60
+   ```
+
+   Here DNSControl has generated all the metadata above based on your existing records.
+
+3. Copy the metadata into your `dnsconfig.js` file.
 
 ## Usage
 An example configuration:
@@ -33,6 +95,60 @@ END);
 ```
 {% endcode %}
 
+### Example with metadata
+
+An example configuration with metadata set:
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_NONE = NewRegistrar("none");
+var DSP_GCORE = NewDnsProvider("gcore");
+
+D("example.com", REG_NONE, DnsProvider(DSP_GCORE),
+    A('@', '1.1.1.1', TTL('1m'), {
+        gcore_filters: 'geodistance,false;first_n,false,2',
+        gcore_failover_protocol: 'HTTP',
+        gcore_failover_port: '443',
+        gcore_failover_frequency: '30',
+        gcore_failover_timeout: '10',
+        gcore_failover_method: 'GET',
+        gcore_failover_url: '/',
+        gcore_failover_tls: 'true',
+        gcore_failover_regexp: '',
+        gcore_failover_host: 'example.com',
+        gcore_asn: '1234,2345',
+        gcore_continents: 'as,na,an,sa,oc,eu,af',
+        gcore_countries: 'cn,us',
+        gcore_latitude: '12.345',
+        gcore_longitude: '67.890',
+        gcore_notes: 'test',
+        gcore_weight: '12',
+        gcore_ip: '1.2.3.4',
+    }),
+    A('@', '1.1.1.2', TTL('1m'), {
+        gcore_filters: 'geodistance,false;first_n,false,2',
+        gcore_failover_protocol: 'HTTP',
+        gcore_failover_port: '443',
+        gcore_failover_frequency: '30',
+        gcore_failover_timeout: '10',
+        gcore_failover_method: 'GET',
+        gcore_failover_url: '/',
+        gcore_failover_tls: 'true',
+        gcore_failover_regexp: '',
+        gcore_failover_host: 'example.com',
+        gcore_asn: '1234,2345',
+        gcore_continents: 'as,na,an,sa,oc,eu,af',
+        gcore_countries: 'cn,us',
+        gcore_latitude: '12.890',
+        gcore_longitude: '34.567',
+        gcore_notes: 'test',
+        gcore_weight: '34',
+        gcore_ip: '1.2.3.5',
+    }),
+END);
+```
+{% endcode %}
+
 ## Activation
 
 DNSControl depends on a Gcore account API token.
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 93430c848c..3ae4c56287 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -472,6 +472,11 @@ func SetLabel(r *models.RecordConfig, label, domain string) {
 	r.NameFQDN = dnsutil.AddOrigin(label, "**current-domain**")
 }
 
+func withMeta(record *models.RecordConfig, metadata map[string]string) *models.RecordConfig {
+	record.Metadata = metadata
+	return record
+}
+
 func a(name, target string) *models.RecordConfig {
 	return makeRec(name, target, "A")
 }
@@ -2312,6 +2317,44 @@ func makeTests() []*TestGroup {
 			tc("Update a urlfwd with metadata", porkbunUrlfwd("urlfwd1", "http://example.org", "permanent", "no", "no")),
 		),
 
+		// GCORE features
+
+		testgroup("GCORE metadata tests",
+			only("GCORE"),
+			tc("Add record with metadata", withMeta(a("@", "1.2.3.4"), map[string]string{
+				"gcore_filters":            "geodistance,false;first_n,false,2",
+				"gcore_asn":                "1234,2345",
+				"gcore_continents":         "as,na,an,sa,oc,eu,af",
+				"gcore_countries":          "cn,us",
+				"gcore_latitude":           "12.34",
+				"gcore_longitude":          "67.89",
+				"gcore_notes":              "test",
+				"gcore_weight":             "12",
+				"gcore_ip":                 "1.2.3.4",
+			})),
+			tc("Update record with metadata", withMeta(a("@", "1.2.3.4"), map[string]string{
+				"gcore_filters":            "healthcheck,false;geodns,false;first_n,false,3",
+				"gcore_failover_protocol":  "HTTP",
+				"gcore_failover_port":      "443",
+				"gcore_failover_frequency": "30",
+				"gcore_failover_timeout":   "10",
+				"gcore_failover_method":    "POST",
+				"gcore_failover_url":       "/test",
+				"gcore_failover_tls":       "false",
+				"gcore_failover_regexp":    "",
+				"gcore_failover_host":      "example.com",
+				"gcore_asn":                "2345,3456",
+				"gcore_continents":         "as,na",
+				"gcore_countries":          "gb,fr",
+				"gcore_latitude":           "12.89",
+				"gcore_longitude":          "34.56",
+				"gcore_notes":              "test2",
+				"gcore_weight":             "34",
+				"gcore_ip":                 "4.3.2.1",
+			})),
+			tc("Delete metadata from record", a("@", "1.2.3.4")),
+		),
+
 		// This MUST be the last test.
 		testgroup("final",
 			tc("final", txt("final", `TestDNSProviders was successful!`)),
diff --git a/providers/gcore/convert.go b/providers/gcore/convert.go
index b8578d70af..d4b3731b6d 100644
--- a/providers/gcore/convert.go
+++ b/providers/gcore/convert.go
@@ -19,9 +19,14 @@ func nativeToRecords(n gcoreRRSetExtended, zoneName string) ([]*models.RecordCon
 
 	// Split G-Core's RRset into individual records
 	for _, value := range n.Records {
+		metadata, err := nativeMetadataToRecords(&n, &value)
+		if err != nil {
+			return nil, fmt.Errorf("unparsable record received from G-Core: %w", err)
+		}
 		rc := &models.RecordConfig{
 			TTL:      uint32(n.TTL),
 			Original: n,
+			Metadata: metadata,
 		}
 		rc.SetLabelFromFQDN(recName, zoneName)
 		switch recType {
@@ -61,10 +66,13 @@ func nativeToRecords(n gcoreRRSetExtended, zoneName string) ([]*models.RecordCon
 	return rcs, nil
 }
 
-func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *dnssdk.RRSet {
+func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) (*dnssdk.RRSet, error) {
 	// Merge DNSControl records into G-Core RRsets
 
 	var result *dnssdk.RRSet
+	var resultRRSetFilters []dnssdk.RecordFilter = nil
+	var resultRRSetMeta map[string]any = nil
+	var resultRRSetMetaSourceRecord *models.RecordConfig = nil
 
 	for _, r := range rcs {
 		label := r.GetLabel()
@@ -77,6 +85,33 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 			continue
 		}
 
+		rrsetFilters, rrsetMeta, recordMeta, err := recordsMetadataToNative(r.Metadata)
+		if err != nil {
+			return nil, err
+		}
+
+		if resultRRSetMeta == nil {
+			resultRRSetFilters = rrsetFilters
+			resultRRSetMeta = rrsetMeta
+			resultRRSetMetaSourceRecord = r
+		} else {
+			isRRSetFilterEqual, err := isListStructEqual(resultRRSetFilters, rrsetFilters)
+			if err != nil {
+				return nil, err
+			}
+			if !isRRSetFilterEqual {
+				return nil, fmt.Errorf("filter is not consistent between %s and %s in RRSet %s", resultRRSetMetaSourceRecord, r, expectedKey)
+			}
+
+			isRRSetMetaEqual, err := isStructEqual(resultRRSetMeta, rrsetMeta)
+			if err != nil {
+				return nil, err
+			}
+			if !isRRSetMetaEqual {
+				return nil, fmt.Errorf("metadata is not consistent between %s and %s in RRSet %s", resultRRSetMetaSourceRecord, r, expectedKey)
+			}
+		}
+
 		var rr dnssdk.ResourceRecord
 		switch key.Type {
 		case "CAA": // G-Core API don't need quotes around CAA with whitespace
@@ -86,26 +121,26 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 					r.CaaTag,
 					r.GetTargetField(),
 				},
-				Meta:    nil,
+				Meta:    recordMeta,
 				Enabled: true,
 			}
 		case "TXT": // Avoid double quoting for TXT records
 			rr = dnssdk.ResourceRecord{
 				Content: convertTxtSliceToSdkAnySlice(r.GetTargetTXTJoined()),
-				Meta:    nil,
+				Meta:    recordMeta,
 				Enabled: true,
 			}
 		case "SVCB":
 			// GCore mistypes "SVCB" as "SCVB"
 			rr = dnssdk.ResourceRecord{
 				Content: dnssdk.ContentFromValue("SCVB", r.GetTargetCombined()),
-				Meta:    nil,
+				Meta:    recordMeta,
 				Enabled: true,
 			}
 		default:
 			rr = dnssdk.ResourceRecord{
 				Content: dnssdk.ContentFromValue(key.Type, r.GetTargetCombined()),
-				Meta:    nil,
+				Meta:    recordMeta,
 				Enabled: true,
 			}
 		}
@@ -113,7 +148,6 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 		if result == nil {
 			result = &dnssdk.RRSet{
 				TTL:     int(r.TTL),
-				Filters: nil,
 				Records: []dnssdk.ResourceRecord{rr},
 			}
 		} else {
@@ -128,7 +162,12 @@ func recordsToNative(rcs []*models.RecordConfig, expectedKey models.RecordKey) *
 		}
 	}
 
-	return result
+	if result != nil {
+		result.Filters = resultRRSetFilters
+		result.Meta = resultRRSetMeta
+	}
+
+	return result, nil
 }
 
 func convertTxtSliceToSdkAnySlice(record string) []any {
diff --git a/providers/gcore/convertMetadata.go b/providers/gcore/convertMetadata.go
new file mode 100644
index 0000000000..1b940e2675
--- /dev/null
+++ b/providers/gcore/convertMetadata.go
@@ -0,0 +1,402 @@
+package gcore
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+
+	dnssdk "github.com/G-Core/gcore-dns-sdk-go"
+)
+
+type gcoreFailoverMetadata struct {
+	Protocol       *string `json:"protocol,omitempty"`
+	Port           *int    `json:"port,omitempty"`
+	Frequency      *int    `json:"frequency,omitempty"`
+	Timeout        *int    `json:"timeout,omitempty"`
+	Method         *string `json:"method,omitempty"`
+	Command        *string `json:"command,omitempty"`
+	URL            *string `json:"url,omitempty"`
+	TLS            *bool   `json:"tls,omitempty"`
+	RegExp         *string `json:"regexp,omitempty"`
+	HTTPStatusCode *int    `json:"http_status_code,omitempty"`
+	Host           *string `json:"host,omitempty"`
+}
+
+type gcoreMetadata struct {
+	// These fields only apply to record metadata
+	ASN        []int       `json:"asn,omitempty"`
+	Continents []string    `json:"continents,omitempty"`
+	Countries  []string    `json:"countries,omitempty"`
+	LatLong    *[2]float64 `json:"latlong,omitempty"`
+	Fallback   *bool       `json:"fallback,omitempty"`
+	Backup     *bool       `json:"backup,omitempty"`
+	Notes      *string     `json:"notes,omitempty"`
+	Weight     *float64    `json:"weight,omitempty"`
+	IP         []string    `json:"ip,omitempty"`
+	// Failover only applies to RRSet metadata
+	Failover *gcoreFailoverMetadata `json:"failover,omitempty"`
+}
+
+func nativeMetadataToRecords(rrset *gcoreRRSetExtended, rec *dnssdk.ResourceRecord) (map[string]string, error) {
+	result := map[string]string{}
+
+	if len(rrset.Filters) > 0 {
+		result[metaFilters] = serializeRecordFilter(rrset.Filters)
+	}
+
+	// RRSet only supports failover field
+	if rrset.Meta != nil && rrset.Meta.Failover != nil {
+		failover := *rrset.Meta.Failover
+		if failover.Protocol != nil {
+			result[metaFailoverProtocol] = *failover.Protocol
+		}
+		if failover.Port != nil {
+			result[metaFailoverPort] = strconv.Itoa(*failover.Port)
+		}
+		if failover.Frequency != nil {
+			result[metaFailoverFrequency] = strconv.Itoa(*failover.Frequency)
+		}
+		if failover.Timeout != nil {
+			result[metaFailoverTimeout] = strconv.Itoa(*failover.Timeout)
+		}
+		if failover.Method != nil {
+			result[metaFailoverMethod] = *failover.Method
+		}
+		if failover.Command != nil {
+			result[metaFailoverCommand] = *failover.Command
+		}
+		if failover.URL != nil {
+			result[metaFailoverURL] = *failover.URL
+		}
+		if failover.TLS != nil {
+			result[metaFailoverTLS] = strconv.FormatBool(*failover.TLS)
+		}
+		if failover.RegExp != nil {
+			result[metaFailoverRegexp] = *failover.RegExp
+		}
+		if failover.HTTPStatusCode != nil {
+			result[metaFailoverHTTPStatusCode] = strconv.Itoa(*failover.HTTPStatusCode)
+		}
+		if failover.Host != nil {
+			result[metaFailoverHost] = *failover.Host
+		}
+	}
+
+	// ResourceRecord supports all fields except failover
+	if rec.Meta != nil {
+		// Convert GCore SDK's type to our metadata type
+		metaJSON, err := json.Marshal(rec.Meta)
+		if err != nil {
+			return nil, err
+		}
+
+		meta := gcoreMetadata{}
+		err = json.Unmarshal(metaJSON, &meta)
+		if err != nil {
+			return nil, err
+		}
+
+		if meta.ASN != nil {
+			// This is probably a ton of memory copies, but I cannot think of a better solution for now
+			asnArray := []string{}
+			for _, asn := range meta.ASN {
+				asnArray = append(asnArray, strconv.Itoa(asn))
+			}
+			result[metaASN] = strings.Join(asnArray, ",")
+		}
+		if meta.Continents != nil {
+			result[metaContinents] = strings.Join(meta.Continents, ",")
+		}
+		if meta.Countries != nil {
+			result[metaCountries] = strings.Join(meta.Countries, ",")
+		}
+		if meta.LatLong != nil {
+			result[metaLatitude] = strconv.FormatFloat(meta.LatLong[0], 'f', -1, 64)
+			result[metaLongitude] = strconv.FormatFloat(meta.LatLong[1], 'f', -1, 64)
+		}
+		if meta.Fallback != nil {
+			result[metaFallback] = strconv.FormatBool(*meta.Fallback)
+		}
+		if meta.Backup != nil {
+			result[metaBackup] = strconv.FormatBool(*meta.Backup)
+		}
+		if meta.Notes != nil {
+			result[metaNotes] = *meta.Notes
+		}
+		if meta.Weight != nil {
+			result[metaWeight] = strconv.FormatFloat(*meta.Weight, 'f', -1, 64)
+		}
+		if meta.IP != nil {
+			result[metaIP] = strings.Join(meta.IP, ",")
+		}
+	}
+
+	return result, nil
+}
+
+func recordsMetadataToNative(meta map[string]string) ([]dnssdk.RecordFilter, map[string]any, map[string]any, error) {
+	var rrsetFilters []dnssdk.RecordFilter = nil
+	rrsetMeta := gcoreMetadata{}
+	recordMeta := gcoreMetadata{}
+
+	for k, v := range meta {
+		// Copy string to avoid it later changed by other logic
+		vCopy := strings.Clone(v)
+		switch k {
+		case metaFilters:
+			var err error
+			rrsetFilters, err = parseRecordFilter(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+		case metaFailoverProtocol:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.Protocol = &vCopy
+		case metaFailoverPort:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			value, err := strconv.Atoi(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			rrsetMeta.Failover.Port = &value
+		case metaFailoverFrequency:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			value, err := strconv.Atoi(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			rrsetMeta.Failover.Frequency = &value
+		case metaFailoverTimeout:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			value, err := strconv.Atoi(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			rrsetMeta.Failover.Timeout = &value
+		case metaFailoverMethod:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.Method = &vCopy
+		case metaFailoverCommand:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.Command = &vCopy
+		case metaFailoverURL:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.URL = &vCopy
+		case metaFailoverTLS:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			value, err := strconv.ParseBool(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			rrsetMeta.Failover.TLS = &value
+		case metaFailoverRegexp:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.RegExp = &vCopy
+		case metaFailoverHTTPStatusCode:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			value, err := strconv.Atoi(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			rrsetMeta.Failover.HTTPStatusCode = &value
+		case metaFailoverHost:
+			if rrsetMeta.Failover == nil {
+				rrsetMeta.Failover = &gcoreFailoverMetadata{}
+			}
+			rrsetMeta.Failover.Host = &vCopy
+		case metaASN:
+			// This is probably a ton of memory copies, but I cannot think of a better solution for now
+			asnArray := []int{}
+			for _, asn := range strings.Split(v, ",") {
+				if len(asn) > 0 {
+					value, err := strconv.Atoi(asn)
+					if err != nil {
+						return nil, nil, nil, err
+					}
+					asnArray = append(asnArray, value)
+				}
+			}
+			recordMeta.ASN = asnArray
+		case metaContinents:
+			continents := strings.Split(v, ",")
+			recordMeta.Continents = continents
+		case metaCountries:
+			countries := strings.Split(v, ",")
+			recordMeta.Countries = countries
+		case metaLatitude:
+			value, err := strconv.ParseFloat(v, 64)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			if recordMeta.LatLong == nil {
+				recordMeta.LatLong = &[2]float64{0, 0}
+			}
+			recordMeta.LatLong[0] = value
+		case metaLongitude:
+			value, err := strconv.ParseFloat(v, 64)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			if recordMeta.LatLong == nil {
+				recordMeta.LatLong = &[2]float64{0, 0}
+			}
+			recordMeta.LatLong[1] = value
+		case metaFallback:
+			value, err := strconv.ParseBool(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			recordMeta.Fallback = &value
+		case metaBackup:
+			value, err := strconv.ParseBool(v)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			recordMeta.Backup = &value
+		case metaNotes:
+			recordMeta.Notes = &vCopy
+		case metaWeight:
+			value, err := strconv.ParseFloat(v, 64)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+			recordMeta.Weight = &value
+		case metaIP:
+			ips := strings.Split(v, ",")
+			recordMeta.IP = ips
+		}
+	}
+
+	// Convert metadata to the map[string]any type SDK wants
+	rrsetMetaSDK, err := convertToDnssdkMeta(rrsetMeta)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	recordMetaSDK, err := convertToDnssdkMeta(recordMeta)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	return rrsetFilters, rrsetMetaSDK, recordMetaSDK, nil
+}
+
+func serializeRecordFilter(f []dnssdk.RecordFilter) string {
+	result := []string{}
+
+	for _, v := range f {
+		filterString := v.Type
+
+		if v.Strict {
+			filterString += ",true"
+		} else {
+			filterString += ",false"
+		}
+
+		if v.Limit != 0 {
+			filterString += "," + strconv.Itoa(int(v.Limit))
+		}
+
+		result = append(result, filterString)
+	}
+
+	return strings.Join(result, ";")
+}
+
+func parseRecordFilter(filterString string) ([]dnssdk.RecordFilter, error) {
+	result := []dnssdk.RecordFilter{}
+
+	for _, s := range strings.Split(filterString, ";") {
+		var err error
+
+		fields := strings.Split(s, ",")
+		if len(fields) < 2 || len(fields) > 3 {
+			return nil, fmt.Errorf("filter %s has invalid format, correct format is \"type,strict[,limit]\"", s)
+		}
+
+		record := dnssdk.RecordFilter{}
+		record.Type = fields[0]
+
+		record.Strict, err = strconv.ParseBool(fields[1])
+		if err != nil {
+			return nil, err
+		}
+
+		if len(fields) == 3 {
+			limit, err := strconv.Atoi(fields[2])
+			if err != nil {
+				return nil, err
+			}
+			record.Limit = uint(limit)
+		}
+
+		result = append(result, record)
+	}
+
+	return result, nil
+}
+
+func isStructEqual[T any](a T, b T) (bool, error) {
+	aJSON, err := json.Marshal(a)
+	if err != nil {
+		return false, err
+	}
+	bJSON, err := json.Marshal(b)
+	if err != nil {
+		return false, err
+	}
+	return bytes.Equal(aJSON, bJSON), nil
+}
+
+func isListStructEqual[T any](a []T, b []T) (bool, error) {
+	if len(a) != len(b) {
+		return true, nil
+	}
+
+	for i := 0; i < len(a); i++ {
+		result, err := isStructEqual(a[i], b[i])
+		if err != nil {
+			return false, err
+		}
+
+		if !result {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+func convertToDnssdkMeta(v any) (map[string]any, error) {
+	marshaled, err := json.Marshal(v)
+	if err != nil {
+		return nil, err
+	}
+	result := map[string]any{}
+	err = json.Unmarshal(marshaled, &result)
+	if err != nil {
+		return nil, err
+	}
+	return result, nil
+}
diff --git a/providers/gcore/gcoreExtend.go b/providers/gcore/gcoreExtend.go
index 1cd4a4e3ee..18a1fc7cb7 100644
--- a/providers/gcore/gcoreExtend.go
+++ b/providers/gcore/gcoreExtend.go
@@ -34,6 +34,7 @@ type gcoreRRSetExtended struct {
 	TTL     int                     `json:"ttl"`
 	Records []dnssdk.ResourceRecord `json:"resource_records"`
 	Filters []dnssdk.RecordFilter   `json:"filters"`
+	Meta    *gcoreMetadata          `json:"meta"`
 }
 
 func dnssdkDo(ctx context.Context, c *dnssdk.Client, apiKey string, method, uri string, bodyParams interface{}, dest interface{}) error {
diff --git a/providers/gcore/gcoreProvider.go b/providers/gcore/gcoreProvider.go
index 91f930c2e9..3548635f11 100644
--- a/providers/gcore/gcoreProvider.go
+++ b/providers/gcore/gcoreProvider.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff2"
+	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 
 	dnssdk "github.com/G-Core/gcore-dns-sdk-go"
@@ -151,13 +152,16 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 		}
 	}
 
-	changes, actualChangeCount, err := diff2.ByRecordSet(existing, dc, nil)
+	changes, actualChangeCount, err := diff2.ByRecordSet(existing, dc, comparableFunc)
 	if err != nil {
 		return nil, 0, err
 	}
 
 	for _, change := range changes {
-		record := recordsToNative(change.New, change.Key)
+		record, err := recordsToNative(change.New, change.Key)
+		if err != nil {
+			return nil, 0, err
+		}
 
 		// Copy all params to avoid overwrites
 		zone := dc.Name
@@ -223,3 +227,19 @@ func (c *gcoreProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exist
 	result = append(result, corrections...)
 	return result, actualChangeCount, nil
 }
+
+func comparableFunc(rec *models.RecordConfig) string {
+	if len(rec.Metadata) == 0 {
+		return ""
+	}
+
+	// json.Marshal always serialize all fields in alphabetical order,
+	// so the metadata string will be consistent between runs
+	result, err := json.Marshal(rec.Metadata)
+	if err != nil {
+		printer.Warnf("Cannot serialize metadata of record %s", rec)
+		return ""
+	}
+
+	return string(result)
+}
diff --git a/providers/gcore/metaConstants.go b/providers/gcore/metaConstants.go
new file mode 100644
index 0000000000..0da384d647
--- /dev/null
+++ b/providers/gcore/metaConstants.go
@@ -0,0 +1,31 @@
+package gcore
+
+const (
+	// Applies to RRSet
+	metaFilters = "gcore_filters"
+
+	// Only applies to RRSet metadata
+	metaFailoverProtocol       = "gcore_failover_protocol"
+	metaFailoverPort           = "gcore_failover_port"
+	metaFailoverFrequency      = "gcore_failover_frequency"
+	metaFailoverTimeout        = "gcore_failover_timeout"
+	metaFailoverMethod         = "gcore_failover_method"
+	metaFailoverCommand        = "gcore_failover_command"
+	metaFailoverURL            = "gcore_failover_url"
+	metaFailoverTLS            = "gcore_failover_tls"
+	metaFailoverRegexp         = "gcore_failover_regexp"
+	metaFailoverHTTPStatusCode = "gcore_failover_http_status_code"
+	metaFailoverHost           = "gcore_failover_host"
+
+	// Only applies to record metadata
+	metaASN        = "gcore_asn"
+	metaContinents = "gcore_continents"
+	metaCountries  = "gcore_countries"
+	metaLatitude   = "gcore_latitude"
+	metaLongitude  = "gcore_longitude"
+	metaFallback   = "gcore_fallback"
+	metaBackup     = "gcore_backup"
+	metaNotes      = "gcore_notes"
+	metaWeight     = "gcore_weight"
+	metaIP         = "gcore_ip"
+)

From 5fbbad14b68b316770658872f2c7d77d77d0c0b4 Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Tue, 29 Oct 2024 13:25:17 +0000
Subject: [PATCH 379/438] ORACLE: BUGFIX: Support accounts with > 50 zones
 (#3179)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/oracle/oracleProvider.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 7f86b142ac..e1c32c16d4 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -92,6 +92,22 @@ func (o *oracleProvider) ListZones() ([]string, error) {
 	for i, zone := range listResp.Items {
 		zones[i] = *zone.Name
 	}
+
+	for listResp.OpcNextPage != nil {
+		listResp, err = o.client.ListZones(ctx, dns.ListZonesRequest{
+			CompartmentId: &o.compartment,
+			Page:         listResp.OpcNextPage,
+		})
+
+		if err != nil {
+			return nil, err
+		}
+
+		for _, zone := range listResp.Items {
+			zones = append(zones, *zone.Name)
+		}
+	}
+
 	return zones, nil
 }
 

From a6fe3fc48f050444a38bfacd9e7d37bbf8028aad Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Tue, 29 Oct 2024 13:28:50 +0000
Subject: [PATCH 380/438] ORACLE: Do not warn about TTL for sub domain NS
 records (#3178)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/oracle/oracleProvider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index e1c32c16d4..3bbcd5e2e7 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -244,7 +244,7 @@ func (o *oracleProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, exis
 			continue
 		}
 
-		if rec.TTL != 86400 {
+		if rec.GetLabel() == "@" && rec.TTL != 86400 {
 			printer.Warnf("Oracle Cloud forces TTL=86400 for NS records. Ignoring configured TTL of %d for %s\n", rec.TTL, recNS)
 			rec.TTL = 86400
 		}

From 4190659152eab207a776cffc45f6adef8d5f5313 Mon Sep 17 00:00:00 2001
From: fabienmazieres <31537139+fabienmazieres@users.noreply.github.com>
Date: Tue, 29 Oct 2024 17:26:38 +0000
Subject: [PATCH 381/438] ORACLE: Handle the API's inconsistent NS "trailing
 dot" issue (#3170)

---
 providers/oracle/oracleProvider.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 3bbcd5e2e7..a1e9cab70c 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -3,6 +3,7 @@ package oracle
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"strings"
 	"time"
 
@@ -171,7 +172,18 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 		nss[i] = *ns.Hostname
 	}
 
-	return models.ToNameservers(nss)
+	nssNoStrip, err := models.ToNameservers(nss)
+
+	if err != nil {
+		nssStrip, err := models.ToNameserversStripTD(nss)
+		if err != nil {
+			return nil, fmt.Errorf("Could not determine if trailing dots should be stripped or not...")
+		}
+
+		return nssStrip, nil
+	}
+
+	return nssNoStrip, nil
 }
 
 func (o *oracleProvider) GetZoneRecords(zone string, meta map[string]string) (models.Records, error) {

From 2abbab0c841c6f2b6ef67f421ec445198d3d5c03 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 30 Oct 2024 18:59:19 +0000
Subject: [PATCH 382/438] CHORE: go generate (#3182)

---
 integrationTest/integration_test.go | 18 +++++++++---------
 providers/oracle/oracleProvider.go  |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 3ae4c56287..791fd7c9fa 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -2322,15 +2322,15 @@ func makeTests() []*TestGroup {
 		testgroup("GCORE metadata tests",
 			only("GCORE"),
 			tc("Add record with metadata", withMeta(a("@", "1.2.3.4"), map[string]string{
-				"gcore_filters":            "geodistance,false;first_n,false,2",
-				"gcore_asn":                "1234,2345",
-				"gcore_continents":         "as,na,an,sa,oc,eu,af",
-				"gcore_countries":          "cn,us",
-				"gcore_latitude":           "12.34",
-				"gcore_longitude":          "67.89",
-				"gcore_notes":              "test",
-				"gcore_weight":             "12",
-				"gcore_ip":                 "1.2.3.4",
+				"gcore_filters":    "geodistance,false;first_n,false,2",
+				"gcore_asn":        "1234,2345",
+				"gcore_continents": "as,na,an,sa,oc,eu,af",
+				"gcore_countries":  "cn,us",
+				"gcore_latitude":   "12.34",
+				"gcore_longitude":  "67.89",
+				"gcore_notes":      "test",
+				"gcore_weight":     "12",
+				"gcore_ip":         "1.2.3.4",
 			})),
 			tc("Update record with metadata", withMeta(a("@", "1.2.3.4"), map[string]string{
 				"gcore_filters":            "healthcheck,false;geodns,false;first_n,false,3",
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index a1e9cab70c..7ac0fcb859 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -97,7 +97,7 @@ func (o *oracleProvider) ListZones() ([]string, error) {
 	for listResp.OpcNextPage != nil {
 		listResp, err = o.client.ListZones(ctx, dns.ListZonesRequest{
 			CompartmentId: &o.compartment,
-			Page:         listResp.OpcNextPage,
+			Page:          listResp.OpcNextPage,
 		})
 
 		if err != nil {

From 1872b121160f4b69aaa3bd9052b310772a148775 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 31 Oct 2024 15:05:56 +0000
Subject: [PATCH 383/438] NEW FEATURE: IMPORT_TRANSFORM_STRIP (#3181)

---
 documentation/SUMMARY.md                      |  1 +
 .../domain-modifiers/IMPORT_TRANSFORM.md      |  1 +
 .../IMPORT_TRANSFORM_STRIP.md                 | 25 ++++++++++
 pkg/js/helpers.js                             | 14 +++++-
 pkg/js/parse_tests/007-importTransformTTL.js  | 30 ++++++++++--
 .../parse_tests/007-importTransformTTL.json   | 43 +++++++++++-----
 pkg/normalize/validate.go                     | 49 +++++++++++++------
 7 files changed, 130 insertions(+), 33 deletions(-)
 create mode 100644 documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
 mode change 100644 => 100755 pkg/js/parse_tests/007-importTransformTTL.js

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 6e5e0cbcda..ca0a31a2f4 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -53,6 +53,7 @@
     * [IGNORE_NAME](language-reference/domain-modifiers/IGNORE_NAME.md)
     * [IGNORE_TARGET](language-reference/domain-modifiers/IGNORE_TARGET.md)
     * [IMPORT_TRANSFORM](language-reference/domain-modifiers/IMPORT_TRANSFORM.md)
+    * [IMPORT_TRANSFORM_STRIP](language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md)
     * [INCLUDE](language-reference/domain-modifiers/INCLUDE.md)
     * [LOC](language-reference/domain-modifiers/LOC.md)
     * [LOC_BUILDER_DD](language-reference/domain-modifiers/LOC_BUILDER_DD.md)
diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
index 8bdff9ab0b..b11075db65 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
@@ -3,6 +3,7 @@ name: IMPORT_TRANSFORM
 parameters:
   - transform table
   - domain
+  - ttl
   - modifiers...
 ts_ignore: true
 ---
diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
new file mode 100644
index 0000000000..9cf61d9bbf
--- /dev/null
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
@@ -0,0 +1,25 @@
+---
+name: IMPORT_TRANSFORM_STRIP
+parameters:
+  - transform table
+  - domain
+  - ttl
+  - suffixstrip
+  - modifiers...
+ts_ignore: true
+---
+
+{% hint style="warning" %}
+Don't use this feature. It was added for a very specific situation at Stack Overflow.
+{% endhint %}
+
+`IMPORT_TRANSFORM_STRIP` is the same as `IMPORT_TRANSFORM` with an additional parameter: `suffixstrip`.
+
+When `IMPORT_TRANSFORM_STRIP` is generating the label for new records, it
+checks the label.  If the label ends with `suffixstrip`, that suffix is removed.
+If the label does not end with `suffixstrip`, an error is returned.
+
+For example, if the domain is `com.extra` and the label is `foo.com`,
+`IMPORT_TRANSFORM` would generate a label `foo.com.com.extra`.
+`IMPORT_TRANSFORM_STRIP(... , '.com')` would generate
+the label `foo.com.extra` instead.
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 4989b8ef91..5d2d367e27 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1031,7 +1031,7 @@ function IGNORE_TARGET(target, rType) {
     return IGNORE('*', rType, target);
 }
 
-// IMPORT_TRANSFORM(translation_table, domain)
+// IMPORT_TRANSFORM(translation_table, domain, ttl)
 var IMPORT_TRANSFORM = recordBuilder('IMPORT_TRANSFORM', {
     args: [['translation_table'], ['domain'], ['ttl', _.isNumber]],
     transform: function (record, args, modifiers) {
@@ -1042,6 +1042,18 @@ var IMPORT_TRANSFORM = recordBuilder('IMPORT_TRANSFORM', {
     },
 });
 
+// IMPORT_TRANSFORM_STRIP(translation_table, domain, ttl, suffixstrip)
+var IMPORT_TRANSFORM_STRIP = recordBuilder('IMPORT_TRANSFORM', {
+    args: [['translation_table'], ['domain'], ['ttl', _.isNumber], ['suffixstrip']],
+    transform: function (record, args, modifiers) {
+        record.name = '@';
+        record.target = args.domain;
+        record.meta['transform_table'] = format_tt(args.translation_table);
+        record.ttl = args.ttl;
+        record.meta['transform_suffixstrip'] = args.suffixstrip;
+    },
+});
+
 // PURGE()
 function PURGE(d) {
     d.KeepUnknown = false;
diff --git a/pkg/js/parse_tests/007-importTransformTTL.js b/pkg/js/parse_tests/007-importTransformTTL.js
old mode 100644
new mode 100755
index 33e8bec76b..0919db1595
--- a/pkg/js/parse_tests/007-importTransformTTL.js
+++ b/pkg/js/parse_tests/007-importTransformTTL.js
@@ -1,5 +1,25 @@
-var TRANSFORM_INT = [
-    {low: "0.0.0.0", high: "1.1.1.1", newBase: "2.2.2.2" }
-]
-D("foo2.com","reg");
-D("foo.com","reg",IMPORT_TRANSFORM(TRANSFORM_INT,"foo2.com",60))
+var TRANSFORM_NEWIP = [{
+    low: "0.0.0.0",
+    high: "1.1.1.1",
+    newIP: "2.2.2.2"
+}];
+var TRANSFORM_BASE = [{
+    low: "0.0.0.0",
+    high: "1.1.1.1",
+    newBase: "4.4.4.4"
+}, {
+    low: "7.7.7.7",
+    high: "8.8.8.8",
+    newBase: "9.9.9.9"
+},
+];
+
+D("foo1.com", "reg");
+
+D("foo2.com", "reg",
+    IMPORT_TRANSFORM(TRANSFORM_BASE, "foo1.com", 60)
+);
+
+D("foo3.com", "reg",
+    IMPORT_TRANSFORM_STRIP(TRANSFORM_NEWIP, "foo1.com", 99, ".com")
+);
diff --git a/pkg/js/parse_tests/007-importTransformTTL.json b/pkg/js/parse_tests/007-importTransformTTL.json
index 6ae0a67fec..cef9e0c349 100644
--- a/pkg/js/parse_tests/007-importTransformTTL.json
+++ b/pkg/js/parse_tests/007-importTransformTTL.json
@@ -1,28 +1,45 @@
 {
+  "registrars": [],
   "dns_providers": [],
   "domains": [
     {
+      "name": "foo1.com",
+      "registrar": "reg",
       "dnsProviders": {},
-      "name": "foo2.com",
-      "records": [],
-      "registrar": "reg"
+      "records": []
     },
     {
+      "name": "foo2.com",
+      "registrar": "reg",
       "dnsProviders": {},
-      "name": "foo.com",
       "records": [
         {
+          "type": "IMPORT_TRANSFORM",
+          "name": "@",
+          "ttl": 60,
           "meta": {
-            "transform_table": "0.0.0.0 ~ 1.1.1.1 ~ 2.2.2.2 ~ "
+            "transform_table": "0.0.0.0 ~ 1.1.1.1 ~ 4.4.4.4 ~  ; 7.7.7.7 ~ 8.8.8.8 ~ 9.9.9.9 ~ "
           },
+          "target": "foo1.com"
+        }
+      ]
+    },
+    {
+      "name": "foo3.com",
+      "registrar": "reg",
+      "dnsProviders": {},
+      "records": [
+        {
+          "type": "IMPORT_TRANSFORM",
           "name": "@",
-          "target": "foo2.com",
-          "ttl": 60,
-          "type": "IMPORT_TRANSFORM"
+          "ttl": 99,
+          "meta": {
+            "transform_suffixstrip": ".com",
+            "transform_table": "0.0.0.0 ~ 1.1.1.1 ~  ~ 2.2.2.2"
+          },
+          "target": "foo1.com"
         }
-      ],
-      "registrar": "reg"
+      ]
     }
-  ],
-  "registrars": []
-}
+  ]
+}
\ No newline at end of file
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index acff2857f8..ab5458890c 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -119,7 +119,7 @@ func checkLabel(label string, rType string, domain string, meta map[string]strin
 	}
 	if label == domain || strings.HasSuffix(label, "."+domain) {
 		if m := meta["skip_fqdn_check"]; m != "true" {
-			return fmt.Errorf(errorRepeat(label, domain))
+			return fmt.Errorf("%s", errorRepeat(label, domain))
 		}
 	}
 
@@ -247,8 +247,27 @@ func transformCNAME(target, oldDomain, newDomain string) string {
 	return dnsutil.AddOrigin(result, newDomain) + "."
 }
 
+func newRec(rec *models.RecordConfig, ttl uint32) *models.RecordConfig {
+	rec2, _ := rec.Copy()
+	if ttl != 0 {
+		rec2.TTL = ttl
+	}
+	return rec2
+}
+
+func transformLabel(label, suffixstrip string) (string, error) {
+	if suffixstrip == "" {
+		return label, nil
+	}
+	if !strings.HasSuffix(label, suffixstrip) {
+		return "", fmt.Errorf("label %q does not end with %q", label, suffixstrip)
+	}
+	return label[:len(label)-len(suffixstrip)], nil
+}
+
 // import_transform imports the records of one zone into another, modifying records along the way.
-func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []transform.IPConversion, ttl uint32) error {
+func importTransform(srcDomain, dstDomain *models.DomainConfig,
+	transforms []transform.IPConversion, ttl uint32, suffixstrip string) error {
 	// Read srcDomain.Records, transform, and append to dstDomain.Records:
 	// 1. Skip any that aren't A or CNAMEs.
 	// 2. Append destDomainname to the end of the label.
@@ -259,15 +278,6 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []tra
 		if dstDomain.Records.HasRecordTypeName(rec.Type, rec.GetLabelFQDN()) {
 			continue
 		}
-		newRec := func() *models.RecordConfig {
-			rec2, _ := rec.Copy()
-			newlabel := rec2.GetLabelFQDN()
-			rec2.SetLabel(newlabel, dstDomain.Name)
-			if ttl != 0 {
-				rec2.TTL = ttl
-			}
-			return rec2
-		}
 		switch rec.Type {
 		case "A":
 			trs, err := transform.IPToList(net.ParseIP(rec.GetTargetField()), transforms)
@@ -275,12 +285,22 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig, transforms []tra
 				return fmt.Errorf("import_transform: TransformIP(%v, %v) returned err=%s", rec.GetTargetField(), transforms, err)
 			}
 			for _, tr := range trs {
-				r := newRec()
+				r := newRec(rec, ttl)
+				l, err := transformLabel(r.GetLabelFQDN(), suffixstrip)
+				if err != nil {
+					return err
+				}
+				r.SetLabel(l, dstDomain.Name)
 				r.SetTarget(tr.String())
 				dstDomain.Records = append(dstDomain.Records, r)
 			}
 		case "CNAME":
-			r := newRec()
+			r := newRec(rec, ttl)
+			l, err := transformLabel(r.GetLabelFQDN(), suffixstrip)
+			if err != nil {
+				return err
+			}
+			r.SetLabel(l, dstDomain.Name)
 			r.SetTarget(transformCNAME(r.GetTargetField(), srcDomain.Name, dstDomain.Name))
 			dstDomain.Records = append(dstDomain.Records, r)
 		default:
@@ -445,6 +465,7 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 	for _, domain := range config.Domains {
 		for _, rec := range domain.Records {
 			if rec.Type == "IMPORT_TRANSFORM" {
+				suffixstrip := rec.Metadata["transform_suffixstrip"]
 				table, err := transform.DecodeTransformTable(rec.Metadata["transform_table"])
 				if err != nil {
 					errs = append(errs, err)
@@ -455,7 +476,7 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 					err = fmt.Errorf("IMPORT_TRANSFORM mentions non-existant domain %q", rec.GetTargetField())
 					errs = append(errs, err)
 				}
-				err = importTransform(c, domain, table, rec.TTL)
+				err = importTransform(c, domain, table, rec.TTL, suffixstrip)
 				if err != nil {
 					errs = append(errs, err)
 				}

From a0f7123a14f309f0eb6c9e505765b40e81d1f06e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 1 Nov 2024 13:23:01 +0000
Subject: [PATCH 384/438] CHORE: Update deps and fmt (#3184)

---
 go.mod            | 44 ++++++++++++------------
 go.sum            | 88 +++++++++++++++++++++++------------------------
 pkg/js/helpers.js |  7 +++-
 3 files changed, 72 insertions(+), 67 deletions(-)

diff --git a/go.mod b/go.mod
index 8a904d18e9..e786befe47 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.32.2
-	github.com/aws/aws-sdk-go-v2/config v1.27.43
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.41
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2
+	github.com/aws/aws-sdk-go-v2 v1.32.3
+	github.com/aws/aws-sdk-go-v2/config v1.28.1
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.42
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.107.0
-	github.com/digitalocean/godo v1.126.0
+	github.com/cloudflare/cloudflare-go v0.108.0
+	github.com/digitalocean/godo v1.128.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.7.0
 	github.com/exoscale/egoscale v0.102.4
@@ -52,14 +52,14 @@ require (
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/net v0.30.0
 	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.201.0
-	gopkg.in/ns1/ns1-go.v2 v2.12.1
+	google.golang.org/api v0.204.0
+	gopkg.in/ns1/ns1-go.v2 v2.12.2
 )
 
 require (
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
-	github.com/fatih/color v1.17.0
+	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/go-acme/lego/v4 v4.19.2
 	github.com/google/go-cmp v0.6.0
@@ -76,22 +76,22 @@ require (
 )
 
 require (
-	cloud.google.com/go/auth v0.9.8 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/auth v0.10.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -158,8 +158,8 @@ require (
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index f5951ee991..e0b0d48910 100644
--- a/go.sum
+++ b/go.sum
@@ -1,13 +1,13 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.9.8 h1:+CSJ0Gw9iVeSENVCKJoLHhdUykDgXSc4Qn+gu2BRtR8=
-cloud.google.com/go/auth v0.9.8/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
-cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY=
-cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc=
+cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo=
+cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
+cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
 cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0 h1:eXzkOEXbSTOa7cJ7EqeCVi/OFi/ppDrUtQuttCWy74c=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw=
@@ -46,34 +46,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI=
-github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
-github.com/aws/aws-sdk-go-v2/config v1.27.43 h1:p33fDDihFC390dhhuv8nOmX419wjOSDQRb+USt20RrU=
-github.com/aws/aws-sdk-go-v2/config v1.27.43/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17/go.mod h1:1ZRXLdTpzdJb9fwTMXiLipENRxkGMTn1sfKexGllQCw=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60=
+github.com/aws/aws-sdk-go-v2 v1.32.3 h1:T0dRlFBKcdaUPGNtkBSwHZxrtis8CQU17UpNBZYd0wk=
+github.com/aws/aws-sdk-go-v2 v1.32.3/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
+github.com/aws/aws-sdk-go-v2/config v1.28.1 h1:oxIvOUXy8x0U3fR//0eq+RdCKimWI900+SV+10xsCBw=
+github.com/aws/aws-sdk-go-v2/config v1.28.1/go.mod h1:bRQcttQJiARbd5JZxw6wG0yIK3eLeSCPdg6uqmmlIiI=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.42 h1:sBP0RPjBU4neGpIYyx8mkU2QqLPl5u9cmdTWVzIpHkM=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.42/go.mod h1:FwZBfU530dJ26rv9saAbxa9Ej3eF/AK0OAY86k13n4M=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 h1:68jFVtt3NulEzojFesM/WVarlFpCaXLKaBxDpzkQ9OQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18/go.mod h1:Fjnn5jQVIo6VyedMc0/EhPpfNlPl7dHV916O6B+49aE=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 h1:Jw50LwEkVjuVzE1NzkhNKkBf9cRN7MtE1F/b2cOKTUM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22/go.mod h1:Y/SmAyPcOTmpeVaWSzSKiILfXTVJwrGmYZhcRbhWuEY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 h1:981MHwBaRZM7+9QSR6XamDzF/o7ouUGxFzr+nVSIhrs=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22/go.mod h1:1RA1+aBEfn+CAB/Mh0MB6LsdCYCnjZm7tKXtnk499ZQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2 h1:P4ElvGTPph12a87YpxPDIqCvVICeYJFV32UMMS/TIPc=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.45.2/go.mod h1:zLKE53MjadFH0VYrDerAx25brxLYiSg4Vk3C+qPY4BQ=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2 h1:xbG9L1Qhakvz/IIRduTKwZonOqIsfxCDZtAoRpnWYkM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.2/go.mod h1:KlanrIRl1x15X9ZduBDMntAsNRg0a0qDVTmcajLTXj0=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2/go.mod h1:o8aQygT2+MVP0NaV6kbdE1YnnIM8RRVQzoeUH45GOdI=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 h1:qcxX0JYlgWH3hpPUnd6U0ikcl6LLA9sLkXE2w1fpMvY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3/go.mod h1:cLSNEmI45soc+Ef8K/L+8sEA3A3pYFEYf5B5UI+6bH4=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0 h1:AaOWmXBSDSIEsTzx8Y2nYAxckgmBPNiRU5mjn/a9ynI=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0/go.mod h1:IN9bx4yLAa3a3J7A41skQefcYObNv6ARAd2i5WxvGKg=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3 h1:f+TDV3MJHUP7evBRzICpdP8i2mkA/pd0KX0O9pUctVM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3/go.mod h1:wQEpBg4jUcKWM28pL1KpaIQuQytmruDW53LWyXYWcmU=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 h1:UTpsIf0loCIWEbrqdLb+0RxnTXfWh2vhw4nQmFi4nPc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.3/go.mod h1:FZ9j3PFHHAR+w0BSEjK955w5YD2UwB/l/H0yAK3MJvI=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 h1:2YCmIXv3tmiItw0LlYf6v7gEHebLY45kBEnPezbUKyU=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3/go.mod h1:u19stRyNPxGhj6dRm+Cdgu6N75qnbW7+QN0q0dsAk58=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 h1:wVnQ6tigGsRqSWDEEyH6lSAJ9OyFUsSnbaUWChuSGzs=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.3/go.mod h1:VZa9yTFyj4o10YGsmDO4gbQJUvvhY72fhumT8W4LqsE=
 github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
 github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -94,8 +94,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.107.0 h1:cMDIw2tzt6TXCJyMFVyP+BPOVkIfMvcKjhMNSNvuEPc=
-github.com/cloudflare/cloudflare-go v0.107.0/go.mod h1:5cYGzVBqNTLxMYSLdVjuSs5LJL517wJDSvMPWUrzHzc=
+github.com/cloudflare/cloudflare-go v0.108.0 h1:C4Skfjd8I8X3uEOGmQUT4/iGyZcWdkIU7HwvMoLkEE0=
+github.com/cloudflare/cloudflare-go v0.108.0/go.mod h1:m492eNahT/9MsN7Ppnoge8AaI7QhVFtEgVm3I9HJFeU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -111,8 +111,8 @@ github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIx
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/digitalocean/godo v1.126.0 h1:+Znh7VMQj/E8ArbjWnc7OKGjWfzC+I8OCSRp7r1MdD8=
-github.com/digitalocean/godo v1.126.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.128.0 h1:cGn/ibMSRZ9+8etbzMv2MnnCEPTTGlEnx3HHTPwdk1U=
+github.com/digitalocean/godo v1.128.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
@@ -124,8 +124,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/exoscale/egoscale v0.102.4 h1:GBKsZMIOzwBfSu+4ZmWka3Ejf2JLiaBDHp4CQUgvp2E=
 github.com/exoscale/egoscale v0.102.4/go.mod h1:ROSmPtle0wvf91iLZb09++N/9BH2Jo9XxIpAEumvocA=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
-github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/fbiville/markdown-table-formatter v0.3.0 h1:PIm1UNgJrFs8q1htGTw+wnnNYvwXQMMMIKNZop2SSho=
@@ -583,17 +583,17 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.201.0 h1:+7AD9JNM3tREtawRMu8sOjSbb8VYcYXJG/2eEOmfDu0=
-google.golang.org/api v0.201.0/go.mod h1:HVY0FCHVs89xIW9fzf/pBvOEm+OolHa86G/txFezyq4=
+google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4=
+google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U=
+google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -628,8 +628,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.12.1 h1:GiiZPB8JusUF/ruyUDzddd70b3HZGa5A3njtKUe84jA=
-gopkg.in/ns1/ns1-go.v2 v2.12.1/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.12.2 h1:SPM5BTTMJ1zVBhMMiiPFdF7l6Y3fq5o7bKM7jDqsUfM=
+gopkg.in/ns1/ns1-go.v2 v2.12.2/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
diff --git a/pkg/js/helpers.js b/pkg/js/helpers.js
index 5d2d367e27..88f52c0fe5 100644
--- a/pkg/js/helpers.js
+++ b/pkg/js/helpers.js
@@ -1044,7 +1044,12 @@ var IMPORT_TRANSFORM = recordBuilder('IMPORT_TRANSFORM', {
 
 // IMPORT_TRANSFORM_STRIP(translation_table, domain, ttl, suffixstrip)
 var IMPORT_TRANSFORM_STRIP = recordBuilder('IMPORT_TRANSFORM', {
-    args: [['translation_table'], ['domain'], ['ttl', _.isNumber], ['suffixstrip']],
+    args: [
+        ['translation_table'],
+        ['domain'],
+        ['ttl', _.isNumber],
+        ['suffixstrip'],
+    ],
     transform: function (record, args, modifiers) {
         record.name = '@';
         record.target = args.domain;

From f14de794af4a5da8cf2370d4b31fbc3ab8f5932a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 1 Nov 2024 13:05:17 -0400
Subject: [PATCH 385/438] Build(deps): Bump github.com/softlayer/softlayer-go
 from 1.1.5 to 1.1.7 (#3188)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e786befe47..e5d8176adb 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
 	github.com/robertkrimen/otto v0.4.0
-	github.com/softlayer/softlayer-go v1.1.5
+	github.com/softlayer/softlayer-go v1.1.7
 	github.com/stretchr/testify v1.9.0
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.5
diff --git a/go.sum b/go.sum
index e0b0d48910..4e3e0369b7 100644
--- a/go.sum
+++ b/go.sum
@@ -393,8 +393,8 @@ github.com/smartystreets/assertions v1.2.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYl
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.7.2 h1:9RBaZCeXEQ3UselpuwUQHltGVXvdwm6cv1hgR6gDIPg=
 github.com/smartystreets/goconvey v1.7.2/go.mod h1:Vw0tHAZW6lzCRk3xgdin6fKYcG+G3Pg9vgXWeJpQFMM=
-github.com/softlayer/softlayer-go v1.1.5 h1:UFFtgKxiw0yIuUw93XBCFIiIMYR5eLgmm4a5DqMHXGg=
-github.com/softlayer/softlayer-go v1.1.5/go.mod h1:WeJrBLoTJcaT8nO1azeyHyNpo/fDLtbpbvh+pzts+Qw=
+github.com/softlayer/softlayer-go v1.1.7 h1:SgTL+pQZt1h+5QkAhVmHORM/7N9c1X0sljJhuOIHxWE=
+github.com/softlayer/softlayer-go v1.1.7/go.mod h1:WeJrBLoTJcaT8nO1azeyHyNpo/fDLtbpbvh+pzts+Qw=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e h1:3OgWYFw7jxCZPcvAg+4R8A50GZ+CCkARF10lxu2qDsQ=
 github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e/go.mod h1:fKZCUVdirrxrBpwd9wb+lSoVixvpwAu8eHzbQB2tums=
 github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg=

From 74582e14e718cf0f8097176181d7e54f01599718 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 1 Nov 2024 18:30:37 +0000
Subject: [PATCH 386/438] BUG: IMPORT_TRANSFORM_STRIP not stripping CNAME
 targets (#3189)

---
 pkg/normalize/validate.go      |  5 ++--
 pkg/normalize/validate_test.go | 48 +++++++++++++++++++++++++++++++++-
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index ab5458890c..02c1a4d5d8 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -238,12 +238,13 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 	return
 }
 
-func transformCNAME(target, oldDomain, newDomain string) string {
+func transformCNAME(target, oldDomain, newDomain, suffixstrip string) string {
 	// Canonicalize. If it isn't a FQDN, add the newDomain.
 	result := dnsutil.AddOrigin(target, oldDomain)
 	if dns.IsFqdn(result) {
 		result = result[:len(result)-1]
 	}
+	result = strings.TrimSuffix(result, suffixstrip)
 	return dnsutil.AddOrigin(result, newDomain) + "."
 }
 
@@ -301,7 +302,7 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig,
 				return err
 			}
 			r.SetLabel(l, dstDomain.Name)
-			r.SetTarget(transformCNAME(r.GetTargetField(), srcDomain.Name, dstDomain.Name))
+			r.SetTarget(transformCNAME(r.GetTargetField(), srcDomain.Name, dstDomain.Name, suffixstrip))
 			dstDomain.Records = append(dstDomain.Records, r)
 		default:
 			// Anything else is ignored.
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index 2de0f773e0..7657e75e7a 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -174,13 +174,59 @@ func Test_transform_cname(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		actual := transformCNAME(test.experiment, "old.com", "new.com")
+		actual := transformCNAME(test.experiment, "old.com", "new.com", "")
 		if test.expected != actual {
 			t.Errorf("%v: expected (%v) got (%v)\n", test.experiment, test.expected, actual)
 		}
 	}
 }
 
+func Test_transform_cname_strip(t *testing.T) {
+	var tests = []struct {
+		p        []string
+		expected string
+	}{
+		{[]string{"ai.meta.stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+			"ai.meta.stackexchange.com.internal."},
+		{[]string{"askubuntu.com.", "askubuntu.com", "com.internal", ".com"},
+			"askubuntu.com.internal."},
+		{[]string{"blogoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+			"blogoverflow.com.internal."},
+		{[]string{"careers.stackoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+			"careers.stackoverflow.com.internal."},
+		{[]string{"chat.stackexchange.com.", "askubuntu.com", "com.internal", ".com"},
+			"chat.stackexchange.com.internal."},
+		{[]string{"chat.stackexchange.com.", "stackoverflow.com", "com.internal", ".com"},
+			"chat.stackexchange.com.internal."},
+		{[]string{"chat.stackexchange.com.", "superuser.com", "com.internal", ".com"},
+			"chat.stackexchange.com.internal."},
+		{[]string{"sstatic.net.", "sstatic.net", "net.internal", ".net"},
+			"sstatic.net.internal."},
+		{[]string{"stackapps.com.", "stackapps.com", "com.internal", ".com"},
+			"stackapps.com.internal."},
+		{[]string{"stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+			"stackexchange.com.internal."},
+		{[]string{"stackoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+			"stackoverflow.com.internal."},
+		{[]string{"superuser.com.", "superuser.com", "com.internal", ".com"},
+			"superuser.com.internal."},
+		{[]string{"teststackoverflow.com.", "teststackoverflow.com", "com.internal", ".com"},
+			"teststackoverflow.com.internal."},
+		{[]string{"webapps.stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+			"webapps.stackexchange.com.internal."},
+		//
+		{[]string{"sstatic.net.", "sstatic.net", "com.internal", ".com"},
+			"sstatic.net.com.internal."},
+	}
+
+	for _, test := range tests {
+		actual := transformCNAME(test.p[0], test.p[1], test.p[2], test.p[3])
+		if test.expected != actual {
+			t.Errorf("%v: expected (%v) got (%v)\n", test.p, test.expected, actual)
+		}
+	}
+}
+
 func TestNSAtRoot(t *testing.T) {
 	// do not allow ns records for @
 	rec := &models.RecordConfig{Type: "NS"}

From 1fde1332c14500846f327bcab94cce7bcc28379f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 15:11:38 -0500
Subject: [PATCH 387/438] Build(deps): Bump
 github.com/huaweicloud/huaweicloud-sdk-go-v3 from 0.1.117 to 0.1.120 (#3186)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e5d8176adb..fd828672f4 100644
--- a/go.mod
+++ b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/go-acme/lego/v4 v4.19.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 4e3e0369b7..82c8889eda 100644
--- a/go.sum
+++ b/go.sum
@@ -255,8 +255,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117 h1:TUiy5+4+Q7AWNfvKjQQL6lXOylnp7HL47JyYJ+HgN+I=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.117/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120 h1:i+rlH2xzkEMGbol86Fq/ioxgAaOnX2vkH4i/bLptc5s=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=

From 583cba3855fc6bfed312ef9bfa8b491005f08faa Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 4 Nov 2024 22:00:08 +0000
Subject: [PATCH 388/438] IMPORT_TRANSFORM_SUFFIX: Fix for CNAMEs (#3192)

---
 .../IMPORT_TRANSFORM_STRIP.md                 |  5 ++-
 pkg/normalize/validate.go                     | 17 +++++-----
 pkg/normalize/validate_test.go                | 32 +++++++++----------
 3 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
index 9cf61d9bbf..4b8416f3c1 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
@@ -16,10 +16,13 @@ Don't use this feature. It was added for a very specific situation at Stack Over
 `IMPORT_TRANSFORM_STRIP` is the same as `IMPORT_TRANSFORM` with an additional parameter: `suffixstrip`.
 
 When `IMPORT_TRANSFORM_STRIP` is generating the label for new records, it
-checks the label.  If the label ends with `suffixstrip`, that suffix is removed.
+checks the label.  If the label ends with `.` + `suffixstrip`, that suffix is removed.
 If the label does not end with `suffixstrip`, an error is returned.
 
+For CNAMEs, the `suffixstrip` is stripped from the beginning (prefix) of the target domain.
+
 For example, if the domain is `com.extra` and the label is `foo.com`,
 `IMPORT_TRANSFORM` would generate a label `foo.com.com.extra`.
 `IMPORT_TRANSFORM_STRIP(... , '.com')` would generate
 the label `foo.com.extra` instead.
+A CNAME's target would be `foo.com.extra`.
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 02c1a4d5d8..23de5ffadc 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -9,7 +9,6 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/transform"
 	"github.com/StackExchange/dnscontrol/v4/providers"
-	"github.com/miekg/dns"
 	"github.com/miekg/dns/dnsutil"
 )
 
@@ -239,13 +238,14 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 }
 
 func transformCNAME(target, oldDomain, newDomain, suffixstrip string) string {
-	// Canonicalize. If it isn't a FQDN, add the newDomain.
-	result := dnsutil.AddOrigin(target, oldDomain)
-	if dns.IsFqdn(result) {
-		result = result[:len(result)-1]
-	}
-	result = strings.TrimSuffix(result, suffixstrip)
-	return dnsutil.AddOrigin(result, newDomain) + "."
+	// Canonicalize the target.  Add the newDomain minus the suffixstrip.
+	//  foo -> foo.oldDomain.newDomain
+	//  foo. -> foo.newDomain
+	nd := strings.TrimPrefix(newDomain, suffixstrip+".")
+	if strings.HasSuffix(target, ".") {
+		return target + nd + "."
+	}
+	return dnsutil.AddOrigin(target, oldDomain) + "." + nd + "."
 }
 
 func newRec(rec *models.RecordConfig, ttl uint32) *models.RecordConfig {
@@ -260,6 +260,7 @@ func transformLabel(label, suffixstrip string) (string, error) {
 	if suffixstrip == "" {
 		return label, nil
 	}
+	suffixstrip = "." + suffixstrip
 	if !strings.HasSuffix(label, suffixstrip) {
 		return "", fmt.Errorf("label %q does not end with %q", label, suffixstrip)
 	}
diff --git a/pkg/normalize/validate_test.go b/pkg/normalize/validate_test.go
index 7657e75e7a..68076822a7 100644
--- a/pkg/normalize/validate_test.go
+++ b/pkg/normalize/validate_test.go
@@ -186,37 +186,37 @@ func Test_transform_cname_strip(t *testing.T) {
 		p        []string
 		expected string
 	}{
-		{[]string{"ai.meta.stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+		{[]string{"ai.meta.stackexchange.com.", "stackexchange.com", "com.internal", "com"},
 			"ai.meta.stackexchange.com.internal."},
-		{[]string{"askubuntu.com.", "askubuntu.com", "com.internal", ".com"},
+		{[]string{"askubuntu.com.", "askubuntu.com", "com.internal", "com"},
 			"askubuntu.com.internal."},
-		{[]string{"blogoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+		{[]string{"blogoverflow.com.", "stackoverflow.com", "com.internal", "com"},
 			"blogoverflow.com.internal."},
-		{[]string{"careers.stackoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+		{[]string{"careers.stackoverflow.com.", "stackoverflow.com", "com.internal", "com"},
 			"careers.stackoverflow.com.internal."},
-		{[]string{"chat.stackexchange.com.", "askubuntu.com", "com.internal", ".com"},
+		{[]string{"chat.stackexchange.com.", "askubuntu.com", "com.internal", "com"},
 			"chat.stackexchange.com.internal."},
-		{[]string{"chat.stackexchange.com.", "stackoverflow.com", "com.internal", ".com"},
+		{[]string{"chat.stackexchange.com.", "stackoverflow.com", "com.internal", "com"},
 			"chat.stackexchange.com.internal."},
-		{[]string{"chat.stackexchange.com.", "superuser.com", "com.internal", ".com"},
+		{[]string{"chat.stackexchange.com.", "superuser.com", "com.internal", "com"},
 			"chat.stackexchange.com.internal."},
-		{[]string{"sstatic.net.", "sstatic.net", "net.internal", ".net"},
+		{[]string{"sstatic.net.", "sstatic.net", "net.internal", "net"},
 			"sstatic.net.internal."},
-		{[]string{"stackapps.com.", "stackapps.com", "com.internal", ".com"},
+		{[]string{"stackapps.com.", "stackapps.com", "com.internal", "com"},
 			"stackapps.com.internal."},
-		{[]string{"stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+		{[]string{"stackexchange.com.", "stackexchange.com", "com.internal", "com"},
 			"stackexchange.com.internal."},
-		{[]string{"stackoverflow.com.", "stackoverflow.com", "com.internal", ".com"},
+		{[]string{"stackoverflow.com.", "stackoverflow.com", "com.internal", "com"},
 			"stackoverflow.com.internal."},
-		{[]string{"superuser.com.", "superuser.com", "com.internal", ".com"},
+		{[]string{"superuser.com.", "superuser.com", "com.internal", "com"},
 			"superuser.com.internal."},
-		{[]string{"teststackoverflow.com.", "teststackoverflow.com", "com.internal", ".com"},
+		{[]string{"teststackoverflow.com.", "teststackoverflow.com", "com.internal", "com"},
 			"teststackoverflow.com.internal."},
-		{[]string{"webapps.stackexchange.com.", "stackexchange.com", "com.internal", ".com"},
+		{[]string{"webapps.stackexchange.com.", "stackexchange.com", "com.internal", "com"},
 			"webapps.stackexchange.com.internal."},
 		//
-		{[]string{"sstatic.net.", "sstatic.net", "com.internal", ".com"},
-			"sstatic.net.com.internal."},
+		{[]string{"sstatic.net.", "sstatic.net", "com.internal", "com"},
+			"sstatic.net.internal."},
 	}
 
 	for _, test := range tests {

From 8a6912b7629de11e995cbba786f8815f58b6b614 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 5 Nov 2024 06:12:02 -0500
Subject: [PATCH 389/438] Build(deps): Bump github.com/oracle/oci-go-sdk/v65
 from 65.75.2 to 65.77.1 (#3187)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fd828672f4..26b5c69580 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.75.2
+	github.com/oracle/oci-go-sdk/v65 v65.77.1
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
 	golang.org/x/text v0.19.0
diff --git a/go.sum b/go.sum
index 82c8889eda..766900054a 100644
--- a/go.sum
+++ b/go.sum
@@ -342,8 +342,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.75.2 h1:Qw3Eotrq7SJ5LquOc//Iq6xzcBJSi8AD3cXps9IBN7g=
-github.com/oracle/oci-go-sdk/v65 v65.75.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU=
+github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
 github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=

From de0f346ca24b08c455fe40ce42c7e4bd3c61b700 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 7 Nov 2024 21:26:42 +0000
Subject: [PATCH 390/438] NS1: Remove tests for NS1_URLFWD (#3195)

---
 integrationTest/integration_test.go | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 791fd7c9fa..59d35c9627 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -779,10 +779,6 @@ func tlsa(name string, usage, selector, matchingtype uint8, target string) *mode
 	return r
 }
 
-func ns1Urlfwd(name, target string) *models.RecordConfig {
-	return makeRec(name, target, "NS1_URLFWD")
-}
-
 func porkbunUrlfwd(name, target, t, includePath, wildcard string) *models.RecordConfig {
 	r := makeRec(name, target, "PORKBUN_URLFWD")
 	r.Metadata = make(map[string]string)
@@ -2080,14 +2076,6 @@ func makeTests() []*TestGroup {
 			),
 		),
 
-		// NS1 features
-
-		testgroup("NS1_URLFWD tests",
-			only("NS1"),
-			tc("Add a urlfwd", ns1Urlfwd("urlfwd1", "/ http://example.com 302 2 0")),
-			tc("Update a urlfwd", ns1Urlfwd("urlfwd1", "/ http://example.org 301 2 0")),
-		),
-
 		//// IGNORE* features
 
 		// Narrative: You're basically done now. These remaining tests

From df8f8a642624c7e1aa4d5ef1b2b8c7968ec6d482 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 7 Nov 2024 17:21:35 -0500
Subject: [PATCH 391/438] feat(import_transform): skip records with
 import_transform_skip set (#3193)

---
 .../domain-modifiers/IMPORT_TRANSFORM.md      | 36 ++++++++++++++++---
 .../IMPORT_TRANSFORM_STRIP.md                 |  5 +--
 pkg/normalize/validate.go                     |  5 +++
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
index b11075db65..c143b13f74 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
@@ -12,9 +12,14 @@ ts_ignore: true
 Don't use this feature. It was added for a very specific situation at Stack Overflow.
 {% endhint %}
 
-`IMPORT_TRANSFORM` adds to the domain all the records from another
+`IMPORT_TRANSFORM` adds to the domain the records from another
 domain, after making certain transformations and resetting the TTL.
 
+Not all records are copied and transformed:
+* The record must be type A or CNAME.
+* Records are skipped if a record of the same label+type already exist in the destination domain.
+* Records are skipped if they have a metadata key `import_transform_skip` (any non-null value).
+
 Example:
 
 Suppose foo.com is a regular domain.  bar.com is a regular domain,
@@ -46,11 +51,18 @@ Here's how you'd implement this in DNSControl:
 
 {% code title="dnsconfig.js" %}
 ```javascript
-var TRANSFORM_INT = [
+// Transforms that use newBase:
+var TRANSFORM_CF = [
     // RANGE_START, RANGE_END, NEW_BASE
     { low: "1.2.3.10", high: "1.2.3.20", newBase: "123.123.123.100" },  //   .10 to .20 rewritten as 123.123.123.100+IP
     { low: "2.4.6.80", high: "2.4.6.90", newBase: "123.123.123.200" },  //   Another rule, just to show that you can have many.
 ]
+// Transforms that use newIP
+var TRANSFORM_FSTLY = [
+    // RANGE_START, RANGE_END, NEW_BASE
+    { low: "1.2.3.10", high: "1.2.3.10", newIP: "123.123.123.100" },  //   .10 is rewritten as 123.123.123.100
+    { low: "2.4.6.20", high: "2.4.6.20", newIP: "123.123.123.200" },  //   .20 is rewritten as 123.123.123.200
+]
 
 D("foo.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("one","1.2.3.1"),
@@ -61,12 +73,28 @@ END);
 
 D("bar.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("www","123.123.123.123"),
-  IMPORT_TRANSFORM(TRANSFORM_INT, "foo.com", 300),
+  IMPORT_TRANSFORM(TRANSFORM_CF, "foo.com", 300),
+END);
+
+D("baz.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
+  A("www","123.123.123.123"),
+  IMPORT_TRANSFORM(TRANSFORM_FSTLY, "foo.com", 300),
 END);
 ```
 {% endcode %}
 
-Transform rules are: RANGE_START, RANGE_END, NEW_BASE.  NEW_BASE may be:
+Transform rules are: `RANGE_START`, `RANGE_END`, `NEW_BASE` or `NEW_IP`.
+
+Only one of `newBase` and `newBase` may be specified. If both are non-null the behavior is undefined.
+
+`NEW_BASE` works as follows:
 
 * An IP address.  Rebase the IP address on this IP address. Extract the host part of the /24 and add it to the "new base" address.
 * A list of IP addresses. For each A record, inject an A record for each item in the list: `newBase: ["1.2.3.100", "2.4.6.8.100"]` would produce 2 records for each A record.
+* For CNAMEs, the `.internal` is appended to the end of the target.
+
+`NEW_IP` works as follows:
+
+* An IP address.  Change the IP address of the A record to this IP address. If there are multiple A records at this label, only one A record is generated.
+* A list of IP addresses. Not supported.
+* For CNAMEs, the `.internal` is appended to the end of the target. (same as `NEW_BASE`)
diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
index 4b8416f3c1..68572f2952 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM_STRIP.md
@@ -23,6 +23,7 @@ For CNAMEs, the `suffixstrip` is stripped from the beginning (prefix) of the tar
 
 For example, if the domain is `com.extra` and the label is `foo.com`,
 `IMPORT_TRANSFORM` would generate a label `foo.com.com.extra`.
-`IMPORT_TRANSFORM_STRIP(... , '.com')` would generate
+`IMPORT_TRANSFORM_STRIP(... , 'com')` would generate
 the label `foo.com.extra` instead.
-A CNAME's target would be `foo.com.extra`.
+
+In the case of a CNAME, if the target is `foo.com.`, the new target would be `foo.com.extra`.
diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index 23de5ffadc..ea9c38dffd 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -277,6 +277,11 @@ func importTransform(srcDomain, dstDomain *models.DomainConfig,
 	// 4. For As, change the target as described the transforms.
 
 	for _, rec := range srcDomain.Records {
+		// If this record is marked to be skipped, skip it.
+		if rec.Metadata["import_transform_skip"] != "" {
+			continue
+		}
+		// If the dstDomain already has a record with this type+label, skip it.
 		if dstDomain.Records.HasRecordTypeName(rec.Type, rec.GetLabelFQDN()) {
 			continue
 		}

From 5c68ccb135edb68c4b07ecd21e6a39142b721568 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 7 Nov 2024 18:24:32 -0500
Subject: [PATCH 392/438] CHORE: update deps (#3197)

---
 .../domain-modifiers/IMPORT_TRANSFORM.md      |  4 +-
 go.mod                                        | 42 +++++-----
 go.sum                                        | 84 +++++++++----------
 3 files changed, 65 insertions(+), 65 deletions(-)

diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
index c143b13f74..b5a3e0627f 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
@@ -16,9 +16,9 @@ Don't use this feature. It was added for a very specific situation at Stack Over
 domain, after making certain transformations and resetting the TTL.
 
 Not all records are copied and transformed:
-* The record must be type A or CNAME.
-* Records are skipped if a record of the same label+type already exist in the destination domain.
+* The record must be record type A or CNAME.
 * Records are skipped if they have a metadata key `import_transform_skip` (any non-null value).
+* Records are skipped if a record of the same label+type already exist in the destination domain.
 
 Example:
 
diff --git a/go.mod b/go.mod
index 26b5c69580..5422382898 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.32.3
-	github.com/aws/aws-sdk-go-v2/config v1.28.1
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.42
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3
+	github.com/aws/aws-sdk-go-v2 v1.32.4
+	github.com/aws/aws-sdk-go-v2/config v1.28.3
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.44
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.108.0
-	github.com/digitalocean/godo v1.128.0
+	github.com/cloudflare/cloudflare-go v0.109.0
+	github.com/digitalocean/godo v1.129.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.7.0
 	github.com/exoscale/egoscale v0.102.4
@@ -51,8 +51,8 @@ require (
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.28.0 // indirect
 	golang.org/x/net v0.30.0
-	golang.org/x/oauth2 v0.23.0
-	google.golang.org/api v0.204.0
+	golang.org/x/oauth2 v0.24.0
+	google.golang.org/api v0.205.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.2
 )
 
@@ -64,34 +64,34 @@ require (
 	github.com/go-acme/lego/v4 v4.19.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.77.1
+	github.com/oracle/oci-go-sdk/v65 v65.78.0
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
-	golang.org/x/text v0.19.0
+	golang.org/x/text v0.20.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.10.0 // indirect
+	cloud.google.com/go/auth v0.10.1 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 // indirect
 	github.com/aws/smithy-go v1.22.0 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -154,7 +154,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sync v0.9.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
diff --git a/go.sum b/go.sum
index 766900054a..65c8041a47 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo=
-cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI=
+cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
 cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
 cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
@@ -46,34 +46,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.32.3 h1:T0dRlFBKcdaUPGNtkBSwHZxrtis8CQU17UpNBZYd0wk=
-github.com/aws/aws-sdk-go-v2 v1.32.3/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
-github.com/aws/aws-sdk-go-v2/config v1.28.1 h1:oxIvOUXy8x0U3fR//0eq+RdCKimWI900+SV+10xsCBw=
-github.com/aws/aws-sdk-go-v2/config v1.28.1/go.mod h1:bRQcttQJiARbd5JZxw6wG0yIK3eLeSCPdg6uqmmlIiI=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.42 h1:sBP0RPjBU4neGpIYyx8mkU2QqLPl5u9cmdTWVzIpHkM=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.42/go.mod h1:FwZBfU530dJ26rv9saAbxa9Ej3eF/AK0OAY86k13n4M=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18 h1:68jFVtt3NulEzojFesM/WVarlFpCaXLKaBxDpzkQ9OQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.18/go.mod h1:Fjnn5jQVIo6VyedMc0/EhPpfNlPl7dHV916O6B+49aE=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22 h1:Jw50LwEkVjuVzE1NzkhNKkBf9cRN7MtE1F/b2cOKTUM=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.22/go.mod h1:Y/SmAyPcOTmpeVaWSzSKiILfXTVJwrGmYZhcRbhWuEY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22 h1:981MHwBaRZM7+9QSR6XamDzF/o7ouUGxFzr+nVSIhrs=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.22/go.mod h1:1RA1+aBEfn+CAB/Mh0MB6LsdCYCnjZm7tKXtnk499ZQ=
+github.com/aws/aws-sdk-go-v2 v1.32.4 h1:S13INUiTxgrPueTmrm5DZ+MiAo99zYzHEFh1UNkOxNE=
+github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
+github.com/aws/aws-sdk-go-v2/config v1.28.3 h1:kL5uAptPcPKaJ4q0sDUjUIdueO18Q7JDzl64GpVwdOM=
+github.com/aws/aws-sdk-go-v2/config v1.28.3/go.mod h1:SPEn1KA8YbgQnwiJ/OISU4fz7+F6Fe309Jf0QTsRCl4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.44 h1:qqfs5kulLUHUEXlHEZXLJkgGoF3kkUeFUTVA585cFpU=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.44/go.mod h1:0Lm2YJ8etJdEdw23s+q/9wTpOeo2HhNE97XcRa7T8MA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 h1:A2w6m6Tmr+BNXjDsr7M90zkWjsu4JXHwrzPg235STs4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23/go.mod h1:35EVp9wyeANdujZruvHiQUAo9E3vbhnIO1mTCAxMlY0=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 h1:pgYW9FCabt2M25MoHYCfMrVY2ghiiBKYWUVXfwZs+sU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23/go.mod h1:c48kLgzO19wAu3CPkDWC28JbaJ+hfQlsdl7I2+oqIbk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3 h1:qcxX0JYlgWH3hpPUnd6U0ikcl6LLA9sLkXE2w1fpMvY=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.3/go.mod h1:cLSNEmI45soc+Ef8K/L+8sEA3A3pYFEYf5B5UI+6bH4=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0 h1:AaOWmXBSDSIEsTzx8Y2nYAxckgmBPNiRU5mjn/a9ynI=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.0/go.mod h1:IN9bx4yLAa3a3J7A41skQefcYObNv6ARAd2i5WxvGKg=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3 h1:f+TDV3MJHUP7evBRzICpdP8i2mkA/pd0KX0O9pUctVM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.3/go.mod h1:wQEpBg4jUcKWM28pL1KpaIQuQytmruDW53LWyXYWcmU=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.3 h1:UTpsIf0loCIWEbrqdLb+0RxnTXfWh2vhw4nQmFi4nPc=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.3/go.mod h1:FZ9j3PFHHAR+w0BSEjK955w5YD2UwB/l/H0yAK3MJvI=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3 h1:2YCmIXv3tmiItw0LlYf6v7gEHebLY45kBEnPezbUKyU=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.3/go.mod h1:u19stRyNPxGhj6dRm+Cdgu6N75qnbW7+QN0q0dsAk58=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.3 h1:wVnQ6tigGsRqSWDEEyH6lSAJ9OyFUsSnbaUWChuSGzs=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.3/go.mod h1:VZa9yTFyj4o10YGsmDO4gbQJUvvhY72fhumT8W4LqsE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1 h1:T6rRCg/YW4MMSZhMvLM/l0gDqlfOZu7AHDfRg3o47k0=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1/go.mod h1:RGuFM2MNdAErqWm15RJh9g99GNYllh7g2WV7LaBXSKM=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5 h1:in9VUqNiPnx5lBCG35hVILn+7qL5CyyFY0tJwwEyhRw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5/go.mod h1:N4TyUdo7iGrsjptiLCB41BnMaSTC9VxjRjI9OQRa40s=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 h1:HJwZwRt2Z2Tdec+m+fPjvdmkq2s9Ra+VR0hjF7V2o40=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.5/go.mod h1:wrMCEwjFPms+V86TCQQeOxQF/If4vT44FGIOFiMC2ck=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6mUdeyC36Ia/QEiIvYdg=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 h1:yDxvkz3/uOKfxnv8YhzOi9m+2OGIxF+on3KOISbK5IU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.32.4/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8=
 github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
 github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -94,8 +94,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.108.0 h1:C4Skfjd8I8X3uEOGmQUT4/iGyZcWdkIU7HwvMoLkEE0=
-github.com/cloudflare/cloudflare-go v0.108.0/go.mod h1:m492eNahT/9MsN7Ppnoge8AaI7QhVFtEgVm3I9HJFeU=
+github.com/cloudflare/cloudflare-go v0.109.0 h1:Wjp+RfJD1lidIFUlrTBqUQnCBrUnmVsLxgzWYiURueg=
+github.com/cloudflare/cloudflare-go v0.109.0/go.mod h1:m492eNahT/9MsN7Ppnoge8AaI7QhVFtEgVm3I9HJFeU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -111,8 +111,8 @@ github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIx
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/digitalocean/godo v1.128.0 h1:cGn/ibMSRZ9+8etbzMv2MnnCEPTTGlEnx3HHTPwdk1U=
-github.com/digitalocean/godo v1.128.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.129.0 h1:ov6v/O1N3cSuODgXBeTrwx9iYw44F4ZOHh/m9WsBp0I=
+github.com/digitalocean/godo v1.129.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
@@ -255,8 +255,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120 h1:i+rlH2xzkEMGbol86Fq/ioxgAaOnX2vkH4i/bLptc5s=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.120/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121 h1:y0raNKq1X/4N1CKUJMu17V60+O142bLNATMTU6NBLRo=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -342,8 +342,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU=
-github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA=
+github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
 github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -502,8 +502,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
+golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -511,8 +511,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -560,8 +560,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
@@ -583,8 +583,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4=
-google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag=
+google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg=
+google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=

From 5d8e711a532ee8f26caf2405f99d10505d8cf2cb Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Tue, 12 Nov 2024 23:24:59 +0800
Subject: [PATCH 393/438] PORKBUN: support CAA (#3200)

---
 documentation/providers.md           | 2 +-
 providers/porkbun/auditrecords.go    | 2 ++
 providers/porkbun/porkbunProvider.go | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 6c37a88170..3725b32029 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -57,7 +57,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`OVH`](provider/ovh.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`PACKETFRAME`](provider/packetframe.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`PORKBUN`](provider/porkbun.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`POWERDNS`](provider/powerdns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`REALTIMEREGISTER`](provider/realtimeregister.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`ROUTE53`](provider/route53.md) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/porkbun/auditrecords.go b/providers/porkbun/auditrecords.go
index 6b575d67f8..af13ba4fb2 100644
--- a/providers/porkbun/auditrecords.go
+++ b/providers/porkbun/auditrecords.go
@@ -15,5 +15,7 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2022-11-19
 
+	a.Add("CAA", rejectif.CaaTargetContainsWhitespace) // Last verified 2024-11-11
+
 	return a.Audit(records)
 }
diff --git a/providers/porkbun/porkbunProvider.go b/providers/porkbun/porkbunProvider.go
index af30ebd88c..b5e1ea1400 100644
--- a/providers/porkbun/porkbunProvider.go
+++ b/providers/porkbun/porkbunProvider.go
@@ -61,7 +61,7 @@ var features = providers.DocumentationNotes{
 	providers.CanGetZones:            providers.Can(),
 	providers.CanConcur:              providers.Cannot(),
 	providers.CanUseAlias:            providers.Can(),
-	providers.CanUseCAA:              providers.Unimplemented(), // CAA record for base domain is pinning to a fixed set once configure
+	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),
 	providers.CanUseDSForChildren:    providers.Cannot(),
 	providers.CanUseLOC:              providers.Cannot(),

From 52c9bad62e34ca4d060803e7e1cbc18df17a9c54 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 12 Nov 2024 12:29:25 -0500
Subject: [PATCH 394/438] GANDI: Enable cmode concurrent (#3201)

---
 documentation/providers.md            | 2 +-
 providers/gandiv5/gandi_v5Provider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 3725b32029..d59354d3bd 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -33,7 +33,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`DYNADOT`](provider/dynadot.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`EASYNAME`](provider/easyname.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`EXOSCALE`](provider/exoscale.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❔ |
-| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
+| [`GANDI_V5`](provider/gandi_v5.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 6d030cc8e6..8baa5a96a4 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -51,7 +51,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can("Only on the bare domain. Otherwise CNAME will be substituted"),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot("Only supports DS records at the apex"),

From 87fcb273c8318a715daa3591d4ad417179cf6fc5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 19 Nov 2024 13:33:19 -0500
Subject: [PATCH 395/438] NAMECHEAP: Enable cmode concurrent (#3202)

---
 documentation/providers.md               | 2 +-
 providers/namecheap/namecheapProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index d59354d3bd..c8fb2dedeb 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -48,7 +48,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`LUADNS`](provider/luadns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`MSDNS`](provider/msdns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`MYTHICBEASTS`](provider/mythicbeasts.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
-| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
diff --git a/providers/namecheap/namecheapProvider.go b/providers/namecheap/namecheapProvider.go
index cad13c80c0..057f95b3c8 100644
--- a/providers/namecheap/namecheapProvider.go
+++ b/providers/namecheap/namecheapProvider.go
@@ -29,7 +29,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),

From 2eeeb7651222c6bdf2a80c832c8ae7fd1326a28e Mon Sep 17 00:00:00 2001
From: Will Power <1619102+willpower232@users.noreply.github.com>
Date: Tue, 19 Nov 2024 19:31:07 +0000
Subject: [PATCH 396/438] DIGITALOCEAN: Enable cmode concurrent (#3207)

---
 providers/digitalocean/digitaloceanProvider.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/digitalocean/digitaloceanProvider.go b/providers/digitalocean/digitaloceanProvider.go
index 81fe4be312..5f5ad3657a 100644
--- a/providers/digitalocean/digitaloceanProvider.go
+++ b/providers/digitalocean/digitaloceanProvider.go
@@ -73,7 +73,7 @@ var features = providers.DocumentationNotes{
 	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseLOC:              providers.Cannot(),
 	providers.CanUseSRV:              providers.Can(),

From cc0058b3a2617af2169e629f0dca0532fb1dc210 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 14:37:01 -0500
Subject: [PATCH 397/438] Build(deps): Bump alpine from `beefdbd` to `1e42bbe`
 (#3208)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 54365893ef..da55c2b356 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # syntax = docker/dockerfile:1.4
 
-FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d as RUN
+FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a as RUN
 
 # Add runtime dependencies
 # - tzdata: Go time required external dependency eg: TRANSIP and possibly others

From bbaf08342eecc93a479091873e1b17b6537a508f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 19 Nov 2024 16:00:19 -0500
Subject: [PATCH 398/438] update deps (#3214)

---
 documentation/providers.md |   2 +-
 go.mod                     |  59 +++++++++---------
 go.sum                     | 121 +++++++++++++++++++------------------
 3 files changed, 91 insertions(+), 91 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index c8fb2dedeb..dd3413d5db 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -25,7 +25,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
-| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
+| [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
 | [`DNSIMPLE`](provider/dnsimple.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`DNSMADEEASY`](provider/dnsmadeeasy.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`DNSOVERHTTPS`](provider/dnsoverhttps.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
diff --git a/go.mod b/go.mod
index 5422382898..fac65c9949 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.23.0
 
 retract v4.8.0
 
-require google.golang.org/protobuf v1.35.1 // indirect
+require google.golang.org/protobuf v1.35.2 // indirect
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.32.4
-	github.com/aws/aws-sdk-go-v2/config v1.28.3
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.44
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5
+	github.com/aws/aws-sdk-go-v2 v1.32.5
+	github.com/aws/aws-sdk-go-v2/config v1.28.5
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.46
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
 	github.com/cloudflare/cloudflare-go v0.109.0
-	github.com/digitalocean/godo v1.129.0
+	github.com/digitalocean/godo v1.130.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.7.0
 	github.com/exoscale/egoscale v0.102.4
@@ -49,10 +49,10 @@ require (
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.28.0 // indirect
-	golang.org/x/net v0.30.0
+	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/net v0.31.0
 	golang.org/x/oauth2 v0.24.0
-	google.golang.org/api v0.205.0
+	google.golang.org/api v0.207.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.2
 )
 
@@ -61,38 +61,38 @@ require (
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
 	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
-	github.com/go-acme/lego/v4 v4.19.2
+	github.com/go-acme/lego/v4 v4.20.2
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.78.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 	golang.org/x/text v0.20.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.10.1 // indirect
+	cloud.google.com/go/auth v0.10.2 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 // indirect
-	github.com/aws/smithy-go v1.22.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect
+	github.com/aws/smithy-go v1.22.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
@@ -113,7 +113,7 @@ require (
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
 	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
@@ -153,13 +153,12 @@ require (
 	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
-	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/sync v0.9.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
-	golang.org/x/tools v0.26.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
+	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/time v0.8.0 // indirect
+	golang.org/x/tools v0.27.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 65c8041a47..28c2210bd4 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI=
-cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo=
+cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
 cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
 cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
@@ -46,36 +46,36 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.32.4 h1:S13INUiTxgrPueTmrm5DZ+MiAo99zYzHEFh1UNkOxNE=
-github.com/aws/aws-sdk-go-v2 v1.32.4/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo=
-github.com/aws/aws-sdk-go-v2/config v1.28.3 h1:kL5uAptPcPKaJ4q0sDUjUIdueO18Q7JDzl64GpVwdOM=
-github.com/aws/aws-sdk-go-v2/config v1.28.3/go.mod h1:SPEn1KA8YbgQnwiJ/OISU4fz7+F6Fe309Jf0QTsRCl4=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.44 h1:qqfs5kulLUHUEXlHEZXLJkgGoF3kkUeFUTVA585cFpU=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.44/go.mod h1:0Lm2YJ8etJdEdw23s+q/9wTpOeo2HhNE97XcRa7T8MA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19 h1:woXadbf0c7enQ2UGCi8gW/WuKmE0xIzxBF/eD94jMKQ=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.19/go.mod h1:zminj5ucw7w0r65bP6nhyOd3xL6veAUMc3ElGMoLVb4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23 h1:A2w6m6Tmr+BNXjDsr7M90zkWjsu4JXHwrzPg235STs4=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.23/go.mod h1:35EVp9wyeANdujZruvHiQUAo9E3vbhnIO1mTCAxMlY0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23 h1:pgYW9FCabt2M25MoHYCfMrVY2ghiiBKYWUVXfwZs+sU=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.23/go.mod h1:c48kLgzO19wAu3CPkDWC28JbaJ+hfQlsdl7I2+oqIbk=
+github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo=
+github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0=
+github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4 h1:tHxQi/XHPK0ctd/wdOw0t7Xrc2OxcRCnVzv8lwWPu0c=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.4/go.mod h1:4GQbF1vJzG60poZqWatZlhP31y8PGCCVTvIGPdaaYJ0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1 h1:T6rRCg/YW4MMSZhMvLM/l0gDqlfOZu7AHDfRg3o47k0=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.1/go.mod h1:RGuFM2MNdAErqWm15RJh9g99GNYllh7g2WV7LaBXSKM=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5 h1:in9VUqNiPnx5lBCG35hVILn+7qL5CyyFY0tJwwEyhRw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.5/go.mod h1:N4TyUdo7iGrsjptiLCB41BnMaSTC9VxjRjI9OQRa40s=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.5 h1:HJwZwRt2Z2Tdec+m+fPjvdmkq2s9Ra+VR0hjF7V2o40=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.5/go.mod h1:wrMCEwjFPms+V86TCQQeOxQF/If4vT44FGIOFiMC2ck=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4 h1:zcx9LiGWZ6i6pjdcoE9oXAB6mUdeyC36Ia/QEiIvYdg=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.4/go.mod h1:Tp/ly1cTjRLGBBmNccFumbZ8oqpZlpdhFf80SrRh4is=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.4 h1:yDxvkz3/uOKfxnv8YhzOi9m+2OGIxF+on3KOISbK5IU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.32.4/go.mod h1:9XEUty5v5UAsMiFOBJrNibZgwCeOma73jgGwwhgffa8=
-github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM=
-github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2 h1:wmt05tPp/CaRZpPV5B4SaJ5TwkHKom07/BzHoLdkY1o=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2/go.mod h1:d+K9HESMpGb1EU9/UmmpInbGIUcAkwmcY6ZO/A3zZsw=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6 h1:V05BVZkF8PlS+7mv/mZbg+RTosgot+/vbC/GjD/O6+I=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6/go.mod h1:qi5Gro08MCfHLMycebAQWfHotdcpDzzPE3lwYSdQDHA=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg=
+github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
+github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6/go.mod h1:J29hk+f9lJrblVIfiJOtTFk+OblBawmib4uz/VdKzlg=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
@@ -111,8 +111,8 @@ github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIx
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/digitalocean/godo v1.129.0 h1:ov6v/O1N3cSuODgXBeTrwx9iYw44F4ZOHh/m9WsBp0I=
-github.com/digitalocean/godo v1.129.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.130.0 h1:DbJg0wvBxTkYjY5Q9S1mwzAZLd5Wht3r57yFH4yeMCk=
+github.com/digitalocean/godo v1.130.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
@@ -136,8 +136,8 @@ github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSy
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
-github.com/go-acme/lego/v4 v4.19.2 h1:Y8hrmMvWETdqzzkRly7m98xtPJJivWFsgWi8fcvZo+Y=
-github.com/go-acme/lego/v4 v4.19.2/go.mod h1:wtDe3dDkmV4/oI2nydpNXSJpvV10J9RCyZ6MbYxNtlQ=
+github.com/go-acme/lego/v4 v4.20.2 h1:ZwO3oLZb8fL6up1OZVJP3yHuvqhozzlEmyqKmhrPchQ=
+github.com/go-acme/lego/v4 v4.20.2/go.mod h1:foauPlhnhoq8WUphaWx5U04uDc+JGhk4ZZtPz/Vqsjg=
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
@@ -220,8 +220,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
-github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s=
-github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A=
+github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
+github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v1.17.2 h1:fQnZVsXk8uxXIStYb0N4bGk7jeyTalG/wsZjQ25dO0g=
 github.com/gopherjs/gopherjs v1.17.2/go.mod h1:pRRIvn/QzFLrKfvEz3qUuEhtE/zLCWfreZ6J5gM2i+k=
@@ -255,8 +255,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121 h1:y0raNKq1X/4N1CKUJMu17V60+O142bLNATMTU6NBLRo=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.121/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122 h1:E2EHnsSPKrGKMUc/mOAXkK3f1vwxUH3DApHcYBQKKJg=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -467,11 +467,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -479,8 +479,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -499,8 +499,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -540,8 +540,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -564,8 +564,8 @@ golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
 golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
-golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
+golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
@@ -577,23 +577,24 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg=
-google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc=
+google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM=
+google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U=
-google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
@@ -614,8 +615,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

From d29c1cf5cd494ea3752136b624d088927e0cf073 Mon Sep 17 00:00:00 2001
From: Will Power <1619102+willpower232@users.noreply.github.com>
Date: Wed, 20 Nov 2024 17:40:07 +0000
Subject: [PATCH 399/438] NETLIFY: Enable cmode concurrent (#3205)

---
 documentation/providers.md           | 2 +-
 providers/netlify/netlifyProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index dd3413d5db..f1e7e9b005 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -51,7 +51,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`NAMECHEAP`](provider/namecheap.md) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ❌ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`NAMEDOTCOM`](provider/namedotcom.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❌ | ✅ |
 | [`NETCUP`](provider/netcup.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❌ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❌ | ❌ |
-| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
+| [`NETLIFY`](provider/netlify.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
 | [`NS1`](provider/ns1.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ |
 | [`OPENSRS`](provider/opensrs.md) | ❌ | ❌ | ✅ | ❌ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ❔ |
 | [`ORACLE`](provider/oracle.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/netlify/netlifyProvider.go b/providers/netlify/netlifyProvider.go
index 82c234dac9..65b106e5f5 100644
--- a/providers/netlify/netlifyProvider.go
+++ b/providers/netlify/netlifyProvider.go
@@ -16,7 +16,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Cannot(),

From be48b6e72f962d158a1ebba00984c6432a3ad6e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 08:08:24 -0500
Subject: [PATCH 400/438] Build(deps): Bump github.com/oracle/oci-go-sdk/v65
 from 65.78.0 to 65.79.0 (#3210)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fac65c9949..a9f00ede3d 100644
--- a/go.mod
+++ b/go.mod
@@ -68,7 +68,7 @@ require (
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.78.0
+	github.com/oracle/oci-go-sdk/v65 v65.79.0
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
 	golang.org/x/text v0.20.0
diff --git a/go.sum b/go.sum
index 28c2210bd4..ba492636bc 100644
--- a/go.sum
+++ b/go.sum
@@ -342,8 +342,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA=
-github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU=
+github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
 github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=

From b2ee265578dad749297d960839c5861f10cfda01 Mon Sep 17 00:00:00 2001
From: Asif Nawaz <107853964+AsifNawaz-cnic@users.noreply.github.com>
Date: Fri, 6 Dec 2024 22:01:42 +0000
Subject: [PATCH 401/438] NEW PROVIDER: CentralNic Reseller (CNR) - formerly
 RRPProxy (#3203)

---
 .github/workflows/pr_test.yml  |   7 +-
 OWNERS                         |   1 +
 README.md                      |   2 +
 documentation/provider/cnr.md  | 112 ++++++++++
 documentation/providers.md     |   1 +
 go.mod                         |   1 +
 go.sum                         |   2 +
 integrationTest/providers.json |   8 +
 providers/_all/all.go          |   1 +
 providers/cnr/auditrecords.go  |  21 ++
 providers/cnr/cnrProvider.go   |  83 ++++++++
 providers/cnr/domains.go       |  55 +++++
 providers/cnr/error.go         |  12 ++
 providers/cnr/nameservers.go   | 106 ++++++++++
 providers/cnr/records.go       | 367 +++++++++++++++++++++++++++++++++
 15 files changed, 778 insertions(+), 1 deletion(-)
 create mode 100644 documentation/provider/cnr.md
 create mode 100644 providers/cnr/auditrecords.go
 create mode 100644 providers/cnr/cnrProvider.go
 create mode 100644 providers/cnr/domains.go
 create mode 100644 providers/cnr/error.go
 create mode 100644 providers/cnr/nameservers.go
 create mode 100644 providers/cnr/records.go

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index dc4a075bc4..9ed01a17ae 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -88,7 +88,7 @@ jobs:
         Write-Host "Integration test providers: $Providers"
         echo "integration_test_providers=$(ConvertTo-Json -InputObject $Providers -Compress)" >> $env:GITHUB_OUTPUT
       env:
-        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','CNR','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
@@ -111,6 +111,7 @@ jobs:
       BUNNY_DNS_DOMAIN: ${{ vars.BUNNY_DNS_DOMAIN }}
       CLOUDFLAREAPI_DOMAIN: ${{ vars.CLOUDFLAREAPI_DOMAIN }}
       CLOUDNS_DOMAIN: ${{ vars.CLOUDNS_DOMAIN }}
+      CNR_DOMAIN: ${{ vars.CNR_DOMAIN }}
       CSCGLOBAL_DOMAIN: ${{ vars.CSCGLOBAL_DOMAIN }}
       DIGITALOCEAN_DOMAIN: ${{ vars.DIGITALOCEAN_DOMAIN }}
       GANDI_V5_DOMAIN: ${{ vars.GANDI_V5_DOMAIN }}
@@ -146,6 +147,10 @@ jobs:
       CSCGLOBAL_APIKEY: ${{ secrets.CSCGLOBAL_APIKEY }}
       CSCGLOBAL_USERTOKEN: ${{ secrets.CSCGLOBAL_USERTOKEN }}
       #
+      CNR_UID: ${{ secrets.CNR_UID }}
+      CNR_PW: ${{ secrets.CNR_PW }}
+      CNR_ENTITY: ${{ secrets.CNR_ENTITY }}
+      #      
       DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
       #
       GANDI_V5_APIKEY: ${{ secrets.GANDI_V5_APIKEY }}
diff --git a/OWNERS b/OWNERS
index 214b2a48f9..ff50183b7b 100644
--- a/OWNERS
+++ b/OWNERS
@@ -7,6 +7,7 @@ providers/bind @tlimoncelli
 providers/bunnydns @ppmathis
 providers/cloudflare @tresni
 providers/cloudns @pragmaton
+providers/cnr @KaiSchwarz-cnic
 providers/cscglobal @mikenz
 providers/desec @D3luxee
 providers/digitalocean @Deraen
diff --git a/README.md b/README.md
index b1e962ac2b..93427631ac 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ Currently supported DNS providers:
 - Bunny DNS
 - Cloudflare
 - ClouDNS
+- CentralNic Reseller (CNR) - formerly RRPProxy
 - deSEC
 - DigitalOcean
 - DNS Made Easy
@@ -66,6 +67,7 @@ Currently supported Domain Registrars:
 
 - AWS Route 53
 - CSC Global
+- CentralNic Reseller (formerly RRPProxy)
 - DNSOVERHTTPS
 - Dynadot
 - easyname
diff --git a/documentation/provider/cnr.md b/documentation/provider/cnr.md
new file mode 100644
index 0000000000..b7583726dc
--- /dev/null
+++ b/documentation/provider/cnr.md
@@ -0,0 +1,112 @@
+CentralNic Reseller (CNR), formerly known as RRPProxy, is a prominent provider of domain registration and DNS solutions. Trusted by individuals, service providers, and registrars around the world, CNR is recognized for its cutting-edge technology, exceptional performance, and reliable uptime.
+
+Our advanced DNS expertise is integral to our offering. With CentralNic Reseller, you benefit from a leading DNS platform that features robust DNS automation, DNSSEC for enhanced security, and PremiumDNS via our Anycast Network. Additionally, our platform supports a comprehensive set of features, as detailed by DNSControl.
+
+This is based on API documents found at [https://kb.centralnicreseller.com/api/api-commands/api-command-reference#cat-dynamicdns](https://kb.centralnicreseller.com/api/api-commands/api-command-reference#cat-dynamicdns)
+
+## Configuration
+
+To use this provider, add an entry to `creds.json` with `TYPE` set to `CNR`
+along with your CentralNic Reseller login data.
+
+Example:
+
+{% code title="creds.json" %}
+```json
+{
+  "CNR": {
+    "TYPE": "CNR",
+    "apilogin": "your-cnr-account-id",
+    "apipassword": "your-cnr-account-password",
+    "apientity": "LIVE", // for the LIVE system; use "OTE" for the OT&E system
+    "debugmode": "0", // set it to "1" to get debug output of the communication with our Backend System API
+  }
+}
+```
+{% endcode %}
+
+Here a working example for our OT&E System:
+
+{% code title="creds.json" %}
+```json
+{
+  "CNR": {
+    "TYPE": "CNR",
+    "apilogin": "YourUserName",
+    "apipassword": "YourPassword",
+    "apientity": "OTE",
+    "debugmode": "0"
+  }
+}
+```
+{% endcode %}
+
+{% hint style="info" %}
+**NOTE**: The above credentials are known to the public.
+{% endhint %}
+
+With the above CentralNic Reseller entry in `creds.json`, you can run the
+integration tests as follows:
+
+```shell
+dnscontrol get-zones --format=nameonly cnr CNR all
+```
+```shell
+# Review the output.  Pick one domain and set CNR_DOMAIN.
+export CNR_DOMAIN=yodream.com            # Pick a domain name.
+export CNR_ENTITY=OTE
+export CNR_UID=test.user
+export CNR_PW=test.passw0rd
+cd integrationTest              # NOTE: Not needed if already in that subdirectory
+go test -v -verbose -provider CNR
+```
+
+## Usage
+
+Here's an example DNS Configuration `dnsconfig.js` using our provider module.
+Even though it shows how you use us as Domain Registrar AND DNS Provider, we don't force you to do that.
+You are free to decide if you want to use both of our provider technology or just one of them.
+
+{% code title="dnsconfig.js" %}
+```javascript
+var REG_CNR = NewRegistrar("CNR");
+var DSP_CNR = NewDnsProvider("CNR");
+
+// Set Default TTL for all RR to reflect our Backend API Default
+// If you use additional DNS Providers, configure a default TTL
+// per domain using the domain modifier DefaultTTL instead.
+// also check this issue for [NAMESERVER TTL](https://github.com/StackExchange/dnscontrol/issues/176).
+DEFAULTS(
+    {"ns_ttl":"3600"},
+    DefaultTTL(3600)
+);
+
+D("example.com", REG_CNR, DnsProvider(DSP_CNR),
+    NAMESERVER("ns1.rrpproxy.net"),
+    NAMESERVER("ns2.rrpproxy.net"),
+    NAMESERVER("ns3.rrpproxy.net"),
+    NAMESERVER("ns4.rrpproxy.net"),
+    A("elk1", "10.190.234.178"),
+    A("test", "56.123.54.12"),
+END);
+```
+{% endcode %}
+
+## Metadata
+
+This provider does not recognize any special metadata fields unique to CentralNic Reseller (CNR).
+
+## get-zones
+
+`dnscontrol get-zones` is implemented for this provider. The list
+includes both basic and premier zones.
+
+## New domains
+
+If a dnszone does not exist in your CNR account, DNSControl will *not* automatically add it with the `dnscontrol push` or `dnscontrol preview` command. You'll need to do that via the control panel manually or using the command `dnscontrol create-domains`.
+This is because it could lead to unwanted costs on customer-side that we want to avoid.
+
+## Debug Mode
+
+As shown in the configuration examples above, this can be activated on demand and it can be used to check the API commands send to our system.
+In general this is thought for our purpose to have an easy way to dive into issues. But if you're interested what's going on, feel free to activate it.
diff --git a/documentation/providers.md b/documentation/providers.md
index f1e7e9b005..111d55f0c7 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -23,6 +23,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CNR`](provider/cnr.md) | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
diff --git a/go.mod b/go.mod
index a9f00ede3d..cd4b510727 100644
--- a/go.mod
+++ b/go.mod
@@ -59,6 +59,7 @@ require (
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0
 	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/go-acme/lego/v4 v4.20.2
diff --git a/go.sum b/go.sum
index ba492636bc..294d6da62b 100644
--- a/go.sum
+++ b/go.sum
@@ -91,6 +91,8 @@ github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7 h1:Jk7u
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod h1:FnQtD0+Q/1NZxi0eEWN+3ZRyMsE9vzSB3YjyunkbKD0=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0 h1:45FDlPw2mCKrP3C3i0mACQpnG14k3z6ZhDX853idMHw=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0/go.mod h1:gDHPM5Nia+C/Q4Uw5rn9i+OIP3S06WUe7RdCpNP2C+E=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
diff --git a/integrationTest/providers.json b/integrationTest/providers.json
index f4e50ce549..5b1f538706 100644
--- a/integrationTest/providers.json
+++ b/integrationTest/providers.json
@@ -72,6 +72,14 @@
     "notification_emails": "$CSCGLOBAL_NOTIFICATION",
     "user-token": "$CSCGLOBAL_USERTOKEN"
   },
+  "CNR": {
+    "TYPE": "CNR",
+    "apientity": "$CNR_ENTITY",
+    "apilogin": "$CNR_UID",
+    "apipassword": "$CNR_PW",
+    "debugmode": "$CNR_DEBUGMODE",
+    "domain": "$CNR_DOMAIN"
+  },
   "DESEC": {
     "TYPE": "DESEC",
     "auth-token": "$DESEC_TOKEN",
diff --git a/providers/_all/all.go b/providers/_all/all.go
index e8a8775b0c..617697fa18 100644
--- a/providers/_all/all.go
+++ b/providers/_all/all.go
@@ -10,6 +10,7 @@ import (
 	_ "github.com/StackExchange/dnscontrol/v4/providers/azureprivatedns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/bind"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/bunnydns"
+	_ "github.com/StackExchange/dnscontrol/v4/providers/cnr"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudflare"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cloudns"
 	_ "github.com/StackExchange/dnscontrol/v4/providers/cscglobal"
diff --git a/providers/cnr/auditrecords.go b/providers/cnr/auditrecords.go
new file mode 100644
index 0000000000..2712559a61
--- /dev/null
+++ b/providers/cnr/auditrecords.go
@@ -0,0 +1,21 @@
+package cnr
+
+import (
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/rejectif"
+)
+
+// AuditRecords returns a list of errors corresponding to the records
+// that aren't supported by this provider.  If all records are
+// supported, an empty list is returned.
+func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2021-10-01
+
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2023-11-30
+
+	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2020-12-28
+
+	return a.Audit(records)
+}
diff --git a/providers/cnr/cnrProvider.go b/providers/cnr/cnrProvider.go
new file mode 100644
index 0000000000..3ff2166c85
--- /dev/null
+++ b/providers/cnr/cnrProvider.go
@@ -0,0 +1,83 @@
+// Package CNR implements a registrar that uses the CNR api to set name servers. It will self register it's providers when imported.
+package cnr
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v4/providers"
+	cnrcl "github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5/apiclient"
+)
+
+// GoReleaser: version
+var (
+	version = "dev"
+)
+
+// CNRClient describes a connection to the CNR API.
+type CNRClient struct {
+	conf        map[string]string
+	APILogin    string
+	APIPassword string
+	APIEntity   string
+	client      *cnrcl.APIClient
+}
+
+var features = providers.DocumentationNotes{
+	// The default for unlisted capabilities is 'Cannot'.
+	// See providers/capabilities.go for the entire list of capabilities.
+	providers.CanGetZones:            providers.Can(),
+	providers.CanConcur:              providers.Can(),
+	providers.CanUseAlias:            providers.Cannot("Not supported. You may use CNAME records instead. An Alternative solution is planned."),
+	providers.CanUseCAA:              providers.Can(),
+	providers.CanUseLOC:              providers.Unimplemented(),
+	providers.CanUsePTR:              providers.Can(),
+	providers.CanUseSRV:              providers.Can("SRV records with empty targets are not supported"),
+	providers.CanUseTLSA:             providers.Can(),
+	providers.DocCreateDomains:       providers.Can(),
+	providers.DocDualHost:            providers.Can(),
+	providers.DocOfficiallySupported: providers.Cannot("Actively maintained provider module."),
+}
+
+func newProvider(conf map[string]string) (*CNRClient, error) {
+	api := &CNRClient{
+		conf:   conf,
+		client: cnrcl.NewAPIClient(),
+	}
+	api.client.SetUserAgent("DNSControl", version)
+	api.APILogin, api.APIPassword, api.APIEntity = conf["apilogin"], conf["apipassword"], conf["apientity"]
+	if conf["debugmode"] == "1" {
+		api.client.EnableDebugMode()
+	}
+	if api.APIEntity != "OTE" && api.APIEntity != "LIVE" {
+		return nil, fmt.Errorf("wrong api system entity used. use \"OTE\" for OT&E system or \"LIVE\" for Live system")
+	}
+	if api.APIEntity == "OTE" {
+		api.client.UseOTESystem()
+	}
+	if api.APILogin == "" || api.APIPassword == "" {
+		return nil, fmt.Errorf("missing login credentials apilogin or apipassword")
+	}
+	api.client.SetCredentials(api.APILogin, api.APIPassword)
+	return api, nil
+}
+
+func newReg(conf map[string]string) (providers.Registrar, error) {
+	return newProvider(conf)
+}
+
+func newDsp(conf map[string]string, meta json.RawMessage) (providers.DNSServiceProvider, error) {
+	return newProvider(conf)
+}
+
+func init() {
+	const providerName = "CNR"
+	const providerMaintainer = "@KaiSchwarz-cnic"
+	fns := providers.DspFuncs{
+		Initializer:   newDsp,
+		RecordAuditor: AuditRecords,
+	}
+	providers.RegisterRegistrarType(providerName, newReg)
+	providers.RegisterDomainServiceProviderType(providerName, fns, features)
+	providers.RegisterMaintainer(providerName, providerMaintainer)
+}
diff --git a/providers/cnr/domains.go b/providers/cnr/domains.go
new file mode 100644
index 0000000000..fed530407b
--- /dev/null
+++ b/providers/cnr/domains.go
@@ -0,0 +1,55 @@
+package cnr
+
+// EnsureZoneExists returns an error
+// * if access to dnszone is not allowed (not authorized) or
+// * if it doesn't exist and creating it fails
+func (n *CNRClient) EnsureZoneExists(domain string) error {
+	r := n.client.Request(map[string]interface{}{
+		"COMMAND": "StatusDNSZone",
+		"DNSZONE": domain,
+	})
+	code := r.GetCode()
+	if code == 545 {
+		command := map[string]interface{}{
+			"COMMAND": "AddDNSZone",
+			"DNSZONE": domain,
+		}
+		if n.APIEntity == "OTE" {
+			command["SOATTL"] = "33200"
+			command["SOASERIAL"] = "0000000000"
+		}
+		// Create the zone
+		r = n.client.Request(command)
+		if !r.IsSuccess() {
+			return n.GetCNRApiError("Failed to create not existing zone ", domain, r)
+		}
+	} else if code == 531 {
+		return n.GetCNRApiError("Not authorized to manage dnszone", domain, r)
+	} else if r.IsError() || r.IsTmpError() {
+		return n.GetCNRApiError("Error while checking status of dnszone", domain, r)
+	}
+	return nil
+}
+
+// ListZones lists all the
+func (n *CNRClient) ListZones() ([]string, error) {
+	var zones []string
+
+	// Basic
+
+	rs := n.client.RequestAllResponsePages(map[string]string{
+		"COMMAND": "QueryDNSZoneList",
+	})
+	for _, r := range rs {
+		if r.IsError() {
+			return nil, n.GetCNRApiError("Error while QueryDNSZoneList", "Basic", &r)
+		}
+		zoneColumn := r.GetColumn("DNSZONE")
+		if zoneColumn != nil {
+			//return nil, fmt.Errorf("failed getting DNSZONE BASIC column")
+			zones = append(zones, zoneColumn.GetData()...)
+		}
+	}
+
+	return zones, nil
+}
diff --git a/providers/cnr/error.go b/providers/cnr/error.go
new file mode 100644
index 0000000000..a51c6b0045
--- /dev/null
+++ b/providers/cnr/error.go
@@ -0,0 +1,12 @@
+package cnr
+
+import (
+	"fmt"
+
+	"github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5/response"
+)
+
+// GetCNRApiError returns an error including API error code and error description.
+func (n *CNRClient) GetCNRApiError(format string, objectid string, r *response.Response) error {
+	return fmt.Errorf(format+" %q. [%v %s]", objectid, r.GetCode(), r.GetDescription())
+}
diff --git a/providers/cnr/nameservers.go b/providers/cnr/nameservers.go
new file mode 100644
index 0000000000..d2f7e000ba
--- /dev/null
+++ b/providers/cnr/nameservers.go
@@ -0,0 +1,106 @@
+package cnr
+
+import (
+	"fmt"
+	"regexp"
+	"sort"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+)
+
+var defaultNameservers = []*models.Nameserver{
+	{Name: "ns1.rrpproxy.net"},
+	{Name: "ns2.rrpproxy.net"},
+	{Name: "ns3.rrpproxy.net"},
+}
+
+var nsRegex = regexp.MustCompile(`ns([1-3]{1})[0-9]+\.rrpproxy\.net`)
+
+// GetNameservers gets the nameservers set on a domain.
+func (n *CNRClient) GetNameservers(domain string) ([]*models.Nameserver, error) {
+	// NOTE: This information is taken over from HX and adapted to CNR... might be wrong...
+	// This is an interesting edge case. CNR expects you to SET the nameservers to ns[1-3].rrpproxy.net,
+	// but it will internally set it to (ns1xyz|ns2uvw|ns3asd).rrpproxy.net, where xyz/uvw/asd is a uniqueish number.
+	// In order to avoid endless loops, we will use the unique nameservers if present, or else the generic ones if not.
+	nss, err := n.getNameserversRaw(domain)
+	if err != nil {
+		return nil, err
+	}
+	toUse := []string{
+		defaultNameservers[0].Name,
+		defaultNameservers[1].Name,
+		defaultNameservers[2].Name,
+	}
+	for _, ns := range nss {
+		if matches := nsRegex.FindStringSubmatch(ns); len(matches) == 2 && len(matches[1]) == 1 {
+			idx := matches[1][0] - '1' // regex ensures proper range
+			toUse[idx] = matches[0]
+		}
+	}
+	return models.ToNameservers(toUse)
+}
+
+func (n *CNRClient) getNameserversRaw(domain string) ([]string, error) {
+	r := n.client.Request(map[string]interface{}{
+		"COMMAND": "StatusDomain",
+		"DOMAIN":  domain,
+	})
+	code := r.GetCode()
+	if code != 200 {
+		return nil, n.GetCNRApiError("Could not get status for domain", domain, r)
+	}
+	nsColumn := r.GetColumn("NAMESERVER")
+	if nsColumn == nil {
+		fmt.Println("No nameservers found")
+		return []string{}, nil // No nameserver assigned
+	}
+	ns := nsColumn.GetData()
+	sort.Strings(ns)
+	return ns, nil
+}
+
+// GetRegistrarCorrections gathers corrections that would being n to match dc.
+func (n *CNRClient) GetRegistrarCorrections(dc *models.DomainConfig) ([]*models.Correction, error) {
+	nss, err := n.getNameserversRaw(dc.Name)
+	if err != nil {
+		return nil, err
+	}
+	foundNameservers := strings.Join(nss, ",")
+
+	expected := []string{}
+	for _, ns := range dc.Nameservers {
+		name := strings.TrimRight(ns.Name, ".")
+		expected = append(expected, name)
+	}
+	sort.Strings(expected)
+	expectedNameservers := strings.Join(expected, ",")
+
+	if foundNameservers != expectedNameservers {
+		return []*models.Correction{
+			{
+				Msg: fmt.Sprintf("Update nameservers %s -> %s", foundNameservers, expectedNameservers),
+				F:   n.updateNameservers(expected, dc.Name),
+			},
+		}, nil
+	}
+	return nil, nil
+}
+
+func (n *CNRClient) updateNameservers(ns []string, domain string) func() error {
+	return func() error {
+		cmd := map[string]interface{}{
+			"COMMAND": "ModifyDomain",
+			"DOMAIN":  domain,
+		}
+		for idx, ns := range ns {
+			cmd[fmt.Sprintf("NAMESERVER%d", idx)] = ns
+		}
+		response := n.client.Request(cmd)
+		code := response.GetCode()
+		if code != 200 {
+			return fmt.Errorf("%d %s", code, response.GetDescription())
+		}
+		return nil
+	}
+}
diff --git a/providers/cnr/records.go b/providers/cnr/records.go
new file mode 100644
index 0000000000..bfe5d8fcd4
--- /dev/null
+++ b/providers/cnr/records.go
@@ -0,0 +1,367 @@
+package cnr
+
+import (
+	"bytes"
+	"fmt"
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"github.com/StackExchange/dnscontrol/v4/models"
+	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
+	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
+)
+
+// CNRRecord covers an individual DNS resource record.
+type CNRRecord struct {
+	// DomainName is the zone that the record belongs to.
+	DomainName string
+	// Host is the hostname relative to the zone: e.g. for a record for blog.example.org, domain would be "example.org" and host would be "blog".
+	// An apex record would be specified by either an empty host "" or "@".
+	// A SRV record would be specified by "_{service}._{protocol}.{host}": e.g. "_sip._tcp.phone" for _sip._tcp.phone.example.org.
+	Host string
+	// FQDN is the Fully Qualified Domain Name. It is the combination of the host and the domain name. It always ends in a ".". FQDN is ignored in CreateRecord, specify via the Host field instead.
+	Fqdn string
+	// Type is one of the following: A, AAAA, ANAME, CNAME, MX, NS, SRV, or TXT.
+	Type string
+	// Answer is either the IP address for A or AAAA records; the target for ANAME, CNAME, MX, or NS records; the text for TXT records.
+	// For SRV records, answer has the following format: "{weight} {port} {target}" e.g. "1 5061 sip.example.org".
+	Answer string
+	// TTL is the time this record can be cached for in seconds.
+	TTL uint32
+	// Priority is only required for MX and SRV records, it is ignored for all others.
+	Priority uint32
+}
+
+// GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
+func (n *CNRClient) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	records, err := n.getRecords(domain)
+	if err != nil {
+		return nil, err
+	}
+	actual := make([]*models.RecordConfig, len(records))
+	for i, r := range records {
+		actual[i] = toRecord(r, domain)
+	}
+
+	return actual, nil
+
+}
+
+// GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
+func (n *CNRClient) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
+	toReport, create, del, mod, actualChangeCount, err := diff.NewCompat(dc).IncrementalDiff(actual)
+	if err != nil {
+		return nil, 0, err
+	}
+	// Start corrections with the reports
+	corrections := diff.GenerateMessageCorrections(toReport)
+
+	buf := &bytes.Buffer{}
+	// Print a list of changes. Generate an actual change that is the zone
+	changes := false
+	var builder strings.Builder
+	params := map[string]interface{}{}
+	delrridx := 0
+	addrridx := 0
+
+	for _, cre := range create {
+		changes = true
+		fmt.Fprintln(buf, cre)
+		newRecordString, err := n.createRecordString(cre.Desired, dc.Name)
+		if err != nil {
+			return corrections, 0, err
+		}
+		key := fmt.Sprintf("ADDRR%d", addrridx)
+		params[key] = newRecordString
+		fmt.Fprintf(&builder, "\033[32m+ %s = %s\033[0m\n", key, newRecordString)
+		addrridx++
+	}
+	for _, d := range del {
+		changes = true
+		fmt.Fprintln(buf, d)
+		key := fmt.Sprintf("DELRR%d", delrridx)
+		oldRecordString := n.deleteRecordString(d.Existing.Original.(*CNRRecord))
+		params[key] = oldRecordString
+		fmt.Fprintf(&builder, "\033[31m- %s = %s\033[0m\n", key, oldRecordString)
+		delrridx++
+	}
+	for _, chng := range mod {
+		changes = true
+		fmt.Fprintln(buf, chng)
+		// old record deletion
+		key := fmt.Sprintf("DELRR%d", delrridx)
+		oldRecordString := n.deleteRecordString(chng.Existing.Original.(*CNRRecord))
+		params[key] = oldRecordString
+		fmt.Fprintf(&builder, "\033[31m- %s = %s\033[0m\n", key, oldRecordString)
+		delrridx++
+		// new record creation
+		newRecordString, err := n.createRecordString(chng.Desired, dc.Name)
+		if err != nil {
+			return corrections, 0, err
+		}
+		key = fmt.Sprintf("ADDRR%d", addrridx)
+		params[key] = newRecordString
+		fmt.Fprintf(&builder, "\033[32m+ %s = %s\033[0m\n", key, newRecordString)
+		addrridx++
+	}
+
+	if changes {
+		msg := fmt.Sprintf("GENERATE_ZONE: %s\n%s", dc.Name, buf.String())
+		if n.isDebugOn() {
+			msg = fmt.Sprintf("GENERATE_ZONE: %s\n%sPROVIDER CNR, API COMMAND PARAMETERS:\n%s", dc.Name, buf.String(), builder.String())
+		}
+		corrections = append(corrections, &models.Correction{
+			Msg: msg,
+			F: func() error {
+				return n.updateZoneBy(params, dc.Name)
+			},
+		})
+	}
+
+	return corrections, actualChangeCount, nil
+}
+
+func toRecord(r *CNRRecord, origin string) *models.RecordConfig {
+	rc := &models.RecordConfig{
+		Type:     r.Type,
+		TTL:      r.TTL,
+		Original: r,
+	}
+	fqdn := r.Fqdn[:len(r.Fqdn)-1]
+	rc.SetLabelFromFQDN(fqdn, origin)
+
+	switch r.Type {
+	case "MX", "SRV":
+		if r.Priority > 65535 {
+			panic(fmt.Errorf("priority value out of range for %s record: %d", r.Type, r.Priority))
+		}
+		if r.Type == "MX" {
+			if err := rc.SetTargetMX(uint16(r.Priority), r.Answer); err != nil {
+				panic(fmt.Errorf("unparsable MX record received from centralnic reseller API: %w", err))
+			}
+		} else {
+			// _service._proto.name. TTL Type Priority Weight Port Target.
+			// e.g. _sip._tcp.phone.example.org. 86400 IN SRV 5 6 7 sip.example.org.
+			// r.Anser covers the format "Priority Weight Port Target" and we've to remove the priority from the string
+			r.Answer = strings.TrimPrefix(r.Answer, fmt.Sprintf("%d ", r.Priority))
+			if err := rc.SetTargetSRVPriorityString(uint16(r.Priority), r.Answer); err != nil {
+				panic(fmt.Errorf("unparsable SRV record received from centralnic reseller API: %w", err))
+			}
+		}
+	default: // "A", "AAAA", "ANAME", "CNAME", "NS", "TXT", "CAA", "TLSA", "PTR"
+		if err := rc.PopulateFromStringFunc(r.Type, r.Answer, r.Fqdn, txtutil.ParseQuoted); err != nil {
+			panic(fmt.Errorf("unparsable record received from centralnic reseller API: %w", err))
+		}
+	}
+	return rc
+}
+
+// updateZoneBy updates the zone with the provided changes.
+func (n *CNRClient) updateZoneBy(params map[string]interface{}, domain string) error {
+	zone := domain
+	cmd := map[string]interface{}{
+		"COMMAND": "ModifyDNSZone",
+		"DNSZONE": zone,
+	}
+	for key, val := range params {
+		cmd[key] = val
+	}
+	r := n.client.Request(cmd)
+	if !r.IsSuccess() {
+		return n.GetCNRApiError("Error while updating zone", zone, r)
+	}
+	return nil
+}
+
+// deleteRecordString constructs the record string based on the provided CNRRecord.
+func (n *CNRClient) getRecords(domain string) ([]*CNRRecord, error) {
+	var records []*CNRRecord
+
+	// Command to find out the total numbers of resource records for the zone
+	// so that the follow-up query can be done with the correct limit
+	cmd := map[string]interface{}{
+		"COMMAND": "QueryDNSZoneRRList",
+		"DNSZONE": domain,
+		"ORDERBY": "type",
+		"FIRST":   "0",
+		"LIMIT":   "1",
+	}
+	r := n.client.Request(cmd)
+
+	// Check if the request was successful
+	if !r.IsSuccess() {
+		if r.GetCode() == 545 {
+			// If dns zone does not exist create a new one automatically
+			if !isNoPopulate() {
+				n.EnsureZoneExists(domain)
+			} else {
+				// Return specific error if the zone does not exist
+				return nil, n.GetCNRApiError("Use `dnscontrol create-domains` to create not-existing zone", domain, r)
+			}
+		}
+		// Return general error for any other issues
+		return nil, n.GetCNRApiError("Failed loading resource records for zone", domain, r)
+	}
+	totalRecords := r.GetRecordsTotalCount()
+	if totalRecords <= 0 {
+		return nil, nil
+	}
+	limitation := 100
+	totalRecords += limitation
+
+	// finally request all resource records available for the zone
+	cmd["LIMIT"] = fmt.Sprintf("%d", totalRecords)
+	cmd["WIDE"] = "1"
+	r = n.client.Request(cmd)
+
+	// Check if the request was successful
+	if !r.IsSuccess() {
+		// Return general error for any other issues
+		return nil, n.GetCNRApiError("Failed loading resource records for zone", domain, r)
+	}
+
+	// loop over the records array
+	rrs := r.GetRecords()
+	for i := 0; i < len(rrs); i++ {
+		data := rrs[i].GetData()
+		// fmt.Printf("Data: %+v\n", data)
+		if _, exists := data["NAME"]; !exists {
+			continue
+		}
+
+		if data["TYPE"] == "MX" {
+			tmp := strings.Split(data["CONTENT"], " ")
+			data["PRIO"] = tmp[0]
+			data["CONTENT"] = tmp[1]
+		}
+
+		// Parse the TTL string to an unsigned integer
+		ttl, err := strconv.ParseUint(data["TTL"], 10, 32)
+		if err != nil {
+			return nil, fmt.Errorf("invalid TTL value for domain %s: %s", domain, data["TTL"])
+		}
+
+		// Parse the TTL string to an unsigned integer
+		priority, _ := strconv.ParseUint(data["PRIO"], 10, 32)
+
+		// Add dot to Answer if supported by the record type
+		pattern := `^CNAME|MX|NS|SRV|PTR$`
+		re, err := regexp.Compile(pattern)
+		if err != nil {
+			return nil, fmt.Errorf("error compiling regex in getRecords: %s", err)
+		}
+		if re.MatchString(data["TYPE"]) && !strings.HasSuffix(data["CONTENT"], ".") {
+			data["CONTENT"] = fmt.Sprintf("%s.", data["CONTENT"])
+		}
+
+		// Only append domain if it's not already a fully qualified domain name
+		fqdn := fmt.Sprintf("%s.", domain)
+		if data["NAME"] != "@" && !strings.HasSuffix(data["NAME"], domain+".") {
+			fqdn = fmt.Sprintf("%s.%s.", data["NAME"], domain)
+		}
+
+		// Initialize a new CNRRecord
+		record := &CNRRecord{
+			DomainName: domain,
+			Host:       data["NAME"],
+			Fqdn:       fqdn,
+			Type:       data["TYPE"],
+			Answer:     data["CONTENT"],
+			TTL:        uint32(ttl),
+			Priority:   uint32(priority),
+		}
+		// fmt.Printf("Record: %+v\n", record)
+
+		// Append the record to the records slice
+		records = append(records, record)
+	}
+
+	// Return the slice of records
+	return records, nil
+}
+
+// Function to create record string from given RecordConfig for the ADDRR# API parameter
+func (n *CNRClient) createRecordString(rc *models.RecordConfig, domain string) (string, error) {
+	host := rc.GetLabel()
+	answer := ""
+
+	switch rc.Type { // #rtype_variations
+	case "A", "AAAA", "ANAME", "CNAME", "MX", "NS", "PTR":
+		answer = rc.GetTargetField()
+		if domain == host {
+			host = fmt.Sprintf(`%s.`, host)
+		}
+	case "TLSA":
+		answer = fmt.Sprintf(`%v %v %v %s`, rc.TlsaUsage, rc.TlsaSelector, rc.TlsaMatchingType, rc.GetTargetField())
+	case "CAA":
+		answer = fmt.Sprintf(`%v %s "%s"`, rc.CaaFlag, rc.CaaTag, rc.GetTargetField())
+	case "TXT":
+		answer = txtutil.EncodeQuoted(rc.GetTargetTXTJoined())
+	case "SRV":
+		if rc.GetTargetField() == "." {
+			return "", fmt.Errorf("SRV records with empty targets are not supported")
+		}
+		// _service._proto.name. TTL Type Priority Weight Port Target.
+		// e.g. _sip._tcp.phone.example.org. 86400 IN SRV 5 6 7 sip.example.org.
+		answer = fmt.Sprintf("%d %d %d %v", uint32(rc.SrvPriority), rc.SrvWeight, rc.SrvPort, rc.GetTargetField())
+	default:
+		panic(fmt.Sprintf("createRecordString rtype %v unimplemented", rc.Type))
+		// We panic so that we quickly find any switch statements
+		// that have not been updated for a new RR type.
+	}
+
+	str := host + " " + fmt.Sprint(rc.TTL) + " "
+
+	if rc.Type != "NS" { // TODO
+		str += "IN "
+	}
+	str += rc.Type + " "
+	// Handle MX records which have priority
+	if rc.Type == "MX" {
+		str += fmt.Sprint(uint32(rc.MxPreference)) + " "
+	}
+	str += answer
+	return str, nil
+}
+
+// deleteRecordString constructs the record string based on the provided CNRRecord.
+func (n *CNRClient) deleteRecordString(record *CNRRecord) string {
+	// Initialize values slice
+	values := []string{
+		record.Host,
+		fmt.Sprintf("%v", record.TTL),
+		"IN",
+		record.Type,
+	}
+	if record.Type == "SRV" {
+		values = append(values, fmt.Sprintf("%d", record.Priority))
+	}
+	values = append(values, record.Answer)
+
+	// fmt.Printf("Values: %+v\n", values)
+
+	// Remove IN if the record type is "NS" TODO
+	if record.Type == "NS" {
+		values = append(values[:2], values[3:]...) // Skip over the "IN"
+	}
+
+	// Return the final string by joining the elements with spaces
+	return strings.Join(values, " ")
+}
+
+// Function to check the no-populate argument
+func isNoPopulate() bool {
+	for _, arg := range os.Args {
+		if arg == "--no-populate" {
+			return true
+		}
+	}
+	return false
+}
+
+// Function to check if debug mode is enabled
+func (n *CNRClient) isDebugOn() bool {
+	return n.conf["debugmode"] == "1"
+}

From 9bb9f16e7f5bd7e046027e5d377289284495a4a8 Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Sat, 7 Dec 2024 09:04:40 +1100
Subject: [PATCH 402/438] BUG: Errors while listing zones do not propagate
 through the system (#2474) (#3216)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 commands/previewPush.go              |  1 +
 providers/cloudflare/rest.go         |  5 +++--
 providers/cloudns/api.go             | 10 +++++++---
 providers/cloudns/cloudnsProvider.go |  5 -----
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/commands/previewPush.go b/commands/previewPush.go
index 56c181c88a..2a2e176cd0 100644
--- a/commands/previewPush.go
+++ b/commands/previewPush.go
@@ -106,6 +106,7 @@ func run(args PPreviewArgs, push bool, interactive bool, out printer.CLI, report
 						zones, err := lister.ListZones()
 						if err != nil {
 							out.Errorf("ERROR: %s\n", err.Error())
+							anyErrors = true
 							return
 						}
 						aceZoneName, _ := idna.ToASCII(domain.Name)
diff --git a/providers/cloudflare/rest.go b/providers/cloudflare/rest.go
index 4a81ca8805..860d8cc5c9 100644
--- a/providers/cloudflare/rest.go
+++ b/providers/cloudflare/rest.go
@@ -20,14 +20,15 @@ func (c *cloudflareProvider) cacheDomainList() error {
 		return nil
 	}
 
-	c.domainIndex = map[string]string{}
-	c.nameservers = map[string][]string{}
 	//fmt.Printf("DEBUG: CLOUDFLARE POPULATING CACHE\n")
 	zones, err := c.cfClient.ListZones(context.Background())
 	if err != nil {
 		return fmt.Errorf("failed fetching domain list from cloudflare(%q): %s", c.cfClient.APIEmail, err)
 	}
 
+	c.domainIndex = map[string]string{}
+	c.nameservers = map[string][]string{}
+
 	for _, zone := range zones {
 		if encoded, err := idna.ToASCII(zone.Name); err == nil && encoded != zone.Name {
 			if _, ok := c.domainIndex[encoded]; ok {
diff --git a/providers/cloudns/api.go b/providers/cloudns/api.go
index b189f060c2..48a8245f08 100644
--- a/providers/cloudns/api.go
+++ b/providers/cloudns/api.go
@@ -121,10 +121,10 @@ func (c *cloudnsProvider) fetchAvailableTTLValues(domain string) error {
 }
 
 func (c *cloudnsProvider) fetchDomainList() error {
-	// FIXME(tlim): This should return nil if c.domainIndex != nil.  Then all
-	// the callers won't have to check if c.domainIndex == nil before calling.
+	if c.domainIndex != nil {
+		return nil
+	}
 
-	c.domainIndex = map[string]string{}
 	rowsPerPage := 100
 	page := 1
 	for {
@@ -140,6 +140,10 @@ func (c *cloudnsProvider) fetchDomainList() error {
 		}
 		json.Unmarshal(bodyString, &dr)
 
+		if c.domainIndex == nil {
+			c.domainIndex = map[string]string{}
+		}
+
 		for _, domain := range dr {
 			c.domainIndex[domain.Name] = domain.Name
 		}
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 6bbb07992c..83aed2eda1 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -29,11 +29,6 @@ func NewCloudns(m map[string]string, metadata json.RawMessage) (providers.DNSSer
 		return nil, fmt.Errorf("missing ClouDNS auth-id or sub-auth-id and auth-password")
 	}
 
-	// Get a domain to validate authentication
-	if err := c.fetchDomainList(); err != nil {
-		return nil, err
-	}
-
 	return c, nil
 }
 

From 006a434fc6801823d61b07e2566987455f442a7f Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 9 Dec 2024 15:22:00 -0500
Subject: [PATCH 403/438] CNR: Disable pager101 integration test (#3226)

---
 integrationTest/integration_test.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 59d35c9627..327061f5d0 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1415,6 +1415,7 @@ func makeTests() []*TestGroup {
 				"NS1",        // Free acct only allows 50 records, therefore we skip
 				//"ROUTE53",       // Batches up changes in pages.
 				"TRANSIP", // Doesn't page. Works fine.  Due to the slow API we skip.
+				"CNR",     // Test beaks limits.
 			),
 			tc("99 records", manyA("rec%04d", "1.2.3.4", 99)...),
 			tc("100 records", manyA("rec%04d", "1.2.3.4", 100)...),

From 52f62421c589a5ec470ce18be533d3366096d66c Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 9 Dec 2024 16:42:24 -0500
Subject: [PATCH 404/438] CHORE: Update deps (#3230)

---
 go.mod |  61 ++++++++++++++--------------
 go.sum | 125 ++++++++++++++++++++++++++++-----------------------------
 2 files changed, 93 insertions(+), 93 deletions(-)

diff --git a/go.mod b/go.mod
index cd4b510727..9ba59fb183 100644
--- a/go.mod
+++ b/go.mod
@@ -16,16 +16,16 @@ require (
 	github.com/TomOnTime/utfutil v0.0.0-20230223141146-125e65197b36
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883
-	github.com/aws/aws-sdk-go-v2 v1.32.5
-	github.com/aws/aws-sdk-go-v2/config v1.28.5
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.46
-	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6
+	github.com/aws/aws-sdk-go-v2 v1.32.6
+	github.com/aws/aws-sdk-go-v2/config v1.28.6
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
+	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
-	github.com/cloudflare/cloudflare-go v0.109.0
-	github.com/digitalocean/godo v1.130.0
+	github.com/cloudflare/cloudflare-go v0.111.0
+	github.com/digitalocean/godo v1.131.0
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.7.0
 	github.com/exoscale/egoscale v0.102.4
@@ -43,56 +43,56 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494
-	github.com/robertkrimen/otto v0.4.0
+	github.com/robertkrimen/otto v0.5.1
 	github.com/softlayer/softlayer-go v1.1.7
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.29.0 // indirect
-	golang.org/x/net v0.31.0
+	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
-	google.golang.org/api v0.207.0
+	google.golang.org/api v0.210.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.2
 )
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
-	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0
+	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.3
 	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
-	github.com/go-acme/lego/v4 v4.20.2
+	github.com/go-acme/lego/v4 v4.20.4
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.79.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
-	golang.org/x/text v0.20.0
+	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d
+	golang.org/x/text v0.21.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.10.2 // indirect
-	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
+	cloud.google.com/go/auth v0.11.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/andybalholm/cascadia v1.3.2 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 // indirect
 	github.com/aws/smithy-go v1.22.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
@@ -155,11 +155,12 @@ require (
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
 	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/sync v0.9.0 // indirect
-	golang.org/x/sys v0.27.0 // indirect
+	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/time v0.8.0 // indirect
-	golang.org/x/tools v0.27.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect
+	golang.org/x/tools v0.28.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index 294d6da62b..0e7d043e54 100644
--- a/go.sum
+++ b/go.sum
@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo=
-cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
-cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
-cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
+cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA=
+cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
+cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
 cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
@@ -46,34 +46,34 @@ github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo
 github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss=
 github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aws/aws-sdk-go-v2 v1.32.5 h1:U8vdWJuY7ruAkzaOdD7guwJjD06YSKmnKCJs7s3IkIo=
-github.com/aws/aws-sdk-go-v2 v1.32.5/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
-github.com/aws/aws-sdk-go-v2/config v1.28.5 h1:Za41twdCXbuyyWv9LndXxZZv3QhTG1DinqlFsSuvtI0=
-github.com/aws/aws-sdk-go-v2/config v1.28.5/go.mod h1:4VsPbHP8JdcdUDmbTVgNL/8w9SqOkM5jyY8ljIxLO3o=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.46 h1:AU7RcriIo2lXjUfHFnFKYsLCwgbz1E7Mm95ieIRDNUg=
-github.com/aws/aws-sdk-go-v2/credentials v1.17.46/go.mod h1:1FmYyLGL08KQXQ6mcTlifyFXfJVCNJTVGuQP4m0d/UA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20 h1:sDSXIrlsFSFJtWKLQS4PUWRvrT580rrnuLydJrCQ/yA=
-github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.20/go.mod h1:WZ/c+w0ofps+/OUqMwWgnfrgzZH1DZO1RIkktICsqnY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24 h1:4usbeaes3yJnCFC7kfeyhkdkPtoRYPa/hTmCqMpKpLI=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.24/go.mod h1:5CI1JemjVwde8m2WG3cz23qHKPOxbpkq0HaoreEgLIY=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24 h1:N1zsICrQglfzaBnrfM0Ys00860C+QFwu6u/5+LomP+o=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.24/go.mod h1:dCn9HbJ8+K31i8IQ8EWmWj0EiIk0+vKiHNMxTTYveAg=
+github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4=
+github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U=
+github.com/aws/aws-sdk-go-v2/config v1.28.6 h1:D89IKtGrs/I3QXOLNTH93NJYtDhm8SYa9Q5CsPShmyo=
+github.com/aws/aws-sdk-go-v2/config v1.28.6/go.mod h1:GDzxJ5wyyFSCoLkS+UhGB0dArhb9mI+Co4dHtoTxbko=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47 h1:48bA+3/fCdi2yAwVt+3COvmatZ6jUDNkDTIsqDiMUdw=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.47/go.mod h1:+KdckOejLW3Ks3b0E3b5rHsr2f9yuORBum0WPnE5o5w=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21 h1:AmoU1pziydclFT/xRV+xXE/Vb8fttJCLRPv8oAkprc0=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.21/go.mod h1:AjUdLYe4Tgs6kpH4Bv7uMZo7pottoyHMn4eTcIcneaY=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1 h1:iXtILhvDxB6kPvEXgsDhGaZCSC6LQET5ZHSdJozeI0Y=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.1/go.mod h1:9nu0fVANtYiAePIBh2/pFUSwtJ402hLnp854CNoDOeE=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5 h1:wtpJ4zcwrSbwhECWQoI/g6WM9zqCcSpHDJIWSbMLOu4=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.5/go.mod h1:qu/W9HXQbbQ4+1+JcZp0ZNPV31ym537ZJN+fiS7Ti8E=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2 h1:wmt05tPp/CaRZpPV5B4SaJ5TwkHKom07/BzHoLdkY1o=
-github.com/aws/aws-sdk-go-v2/service/route53 v1.46.2/go.mod h1:d+K9HESMpGb1EU9/UmmpInbGIUcAkwmcY6ZO/A3zZsw=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6 h1:V05BVZkF8PlS+7mv/mZbg+RTosgot+/vbC/GjD/O6+I=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.6/go.mod h1:qi5Gro08MCfHLMycebAQWfHotdcpDzzPE3lwYSdQDHA=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.6 h1:3zu537oLmsPfDMyjnUS2g+F2vITgy5pB74tHI+JBNoM=
-github.com/aws/aws-sdk-go-v2/service/sso v1.24.6/go.mod h1:WJSZH2ZvepM6t6jwu4w/Z45Eoi75lPN7DcydSRtJg6Y=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5 h1:K0OQAsDywb0ltlFrZm0JHPY3yZp/S9OaoLU33S7vPS8=
-github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.5/go.mod h1:ORITg+fyuMoeiQFiVGoqB3OydVTLkClw/ljbblMq6Cc=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.1 h1:6SZUVRQNvExYlMLbHdlKB48x0fLbc2iVROyaNEwBHbU=
-github.com/aws/aws-sdk-go-v2/service/sts v1.33.1/go.mod h1:GqWyYCwLXnlUB1lOAXQyNSPqPLQJvmo8J0DWBzp9mtg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70RS7dwJ2CkVNXzj7U2L1HKP8nqTd3XWEXBN4=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3 h1:pDBrvz7CMK381q5U+nPqtSQZZid5z1XH8lsI6kHNcSY=
+github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3/go.mod h1:rDMeB13C/RS0/zw68RQD4LLiWChf5tZBKjEQmjtHa/c=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7 h1:cUSak+oDWuKhl3doMhJkm8adfJcP6wRz9Alh9HxDQJI=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7/go.mod h1:c4Zcr9bz35UJ07RC3cR/zBdpFn7ZjZqy/ow+oN0+NEo=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
+github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6/go.mod h1:URronUEGfXZN1VpdktPSD1EkAL9mfrV+2F4sjH38qOY=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2 h1:s4074ZO1Hk8qv65GqNXqDjmkf4HSQqJukaLuuW0TpDA=
+github.com/aws/aws-sdk-go-v2/service/sts v1.33.2/go.mod h1:mVggCnIWoM09jP71Wh+ea7+5gAp53q+49wDFs1SW5z8=
 github.com/aws/smithy-go v1.22.1 h1:/HPHZQ0g7f4eUeK6HKglFz8uwVfZKgoI25rb/J+dnro=
 github.com/aws/smithy-go v1.22.1/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6 h1:4NNbNM2Iq/k57qEu7WfL67UrbPq1uFWxW4qODCohi+0=
@@ -89,15 +89,15 @@ github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyY
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7 h1:Jk7uhY5q11fE5PlEupX2Lo12w82UhGC6bE1CI5jwFbc=
 github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7/go.mod h1:FnQtD0+Q/1NZxi0eEWN+3ZRyMsE9vzSB3YjyunkbKD0=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.3 h1:SNG47Lpt7bVp6p479hU4OK/3yiwuOTmBOQ0reC/VR+Q=
+github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.3/go.mod h1:OpHRysfX3AwVJdry9iiFq+zCp25cLl9juonwxssfn6U=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0 h1:45FDlPw2mCKrP3C3i0mACQpnG14k3z6ZhDX853idMHw=
-github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.0/go.mod h1:gDHPM5Nia+C/Q4Uw5rn9i+OIP3S06WUe7RdCpNP2C+E=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/cloudflare-go v0.109.0 h1:Wjp+RfJD1lidIFUlrTBqUQnCBrUnmVsLxgzWYiURueg=
-github.com/cloudflare/cloudflare-go v0.109.0/go.mod h1:m492eNahT/9MsN7Ppnoge8AaI7QhVFtEgVm3I9HJFeU=
+github.com/cloudflare/cloudflare-go v0.111.0 h1:bFgl5OyR7iaV9DkTaoI2jU8X4rXDzEaFDaPfMTp+Ewo=
+github.com/cloudflare/cloudflare-go v0.111.0/go.mod h1:w5c4Vm00JjZM+W0mPi6QOC+eWLncGQPURtgDck3z5xU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -113,8 +113,8 @@ github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIx
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/digitalocean/godo v1.130.0 h1:DbJg0wvBxTkYjY5Q9S1mwzAZLd5Wht3r57yFH4yeMCk=
-github.com/digitalocean/godo v1.130.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.131.0 h1:0WHymufAV5avpodT0h5/pucUVfO4v7biquOIqhLeROY=
+github.com/digitalocean/godo v1.131.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
@@ -138,8 +138,8 @@ github.com/getkin/kin-openapi v0.87.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSy
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.7.4/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
-github.com/go-acme/lego/v4 v4.20.2 h1:ZwO3oLZb8fL6up1OZVJP3yHuvqhozzlEmyqKmhrPchQ=
-github.com/go-acme/lego/v4 v4.20.2/go.mod h1:foauPlhnhoq8WUphaWx5U04uDc+JGhk4ZZtPz/Vqsjg=
+github.com/go-acme/lego/v4 v4.20.4 h1:yCQGBX9jOfMbriEQUocdYm7EBapdTp8nLXYG8k6SqSU=
+github.com/go-acme/lego/v4 v4.20.4/go.mod h1:foauPlhnhoq8WUphaWx5U04uDc+JGhk4ZZtPz/Vqsjg=
 github.com/go-chi/chi/v5 v5.0.0/go.mod h1:BBug9lr0cqtdAhsu6R4AAdvufI0/XBzAQSsUqJpoZOs=
 github.com/go-gandi/go-gandi v0.7.0 h1:gsP33dUspsN1M+ZW9HEgHchK9HiaSkYnltO73RHhSZA=
 github.com/go-gandi/go-gandi v0.7.0/go.mod h1:9NoYyfWCjFosClPiWjkbbRK5UViaZ4ctpT8/pKSSFlw=
@@ -257,8 +257,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122 h1:E2EHnsSPKrGKMUc/mOAXkK3f1vwxUH3DApHcYBQKKJg=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.122/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125 h1:Y7q1cdSK+5ARW3WCxegy2X4extJ7nbrXF+yfXjpsfGM=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -371,8 +371,8 @@ github.com/qdm12/reprint v0.0.0-20200326205758-722754a53494/go.mod h1:yipyliwI08
 github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
 github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
 github.com/robertkrimen/otto v0.0.0-20200922221731-ef014fd054ac/go.mod h1:xvqspoSXJTIpemEonrMDFq6XzwHYYgToXWj5eRX1OtY=
-github.com/robertkrimen/otto v0.4.0 h1:/c0GRrK1XDPcgIasAsnlpBT5DelIeB9U/Z/JCQsgr7E=
-github.com/robertkrimen/otto v0.4.0/go.mod h1:uW9yN1CYflmUQYvAMS0m+ZiNo3dMzRUDQJX0jWbzgxw=
+github.com/robertkrimen/otto v0.5.1 h1:avDI4ToRk8k1hppLdYFTuuzND41n37vPGJU7547dGf0=
+github.com/robertkrimen/otto v0.5.1/go.mod h1:bS433I4Q9p+E5pZLu7r17vP6FkE6/wLxBdmKjoqJXF8=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
@@ -417,8 +417,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho=
 github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE=
 github.com/transip/gotransip/v6 v6.26.0 h1:Aejfvh8rSp8Mj2GX/RpdBjMCv+Iy/DmgfNgczPDP550=
@@ -469,11 +469,11 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
-golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
+golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
+golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
-golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
+golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0=
+golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -501,8 +501,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
-golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
+golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
+golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
@@ -513,8 +513,8 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
-golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
+golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -542,8 +542,8 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
-golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -562,8 +562,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
-golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg=
@@ -579,24 +579,23 @@ golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
-golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
+golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
+golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.207.0 h1:Fvt6IGCYjf7YLcQ+GCegeAI2QSQCfIWhRkmrMPj3JRM=
-google.golang.org/api v0.207.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM=
+google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk=
+google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw=
-google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
-google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU=
+google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=

From 9357743ee926872f4607f9a63e3dea2c25c2beb5 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 9 Dec 2024 17:07:43 -0500
Subject: [PATCH 405/438] CHORE: Remediate staticcheck warnings (#3231)

---
 pkg/js/hash.go                         | 1 +
 providers/autodns/autoDnsProvider.go   | 2 +-
 providers/dnsimple/dnsimpleProvider.go | 2 +-
 providers/hedns/hednsProvider.go       | 2 +-
 providers/oracle/oracleProvider.go     | 2 +-
 5 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/js/hash.go b/pkg/js/hash.go
index 620cc424cd..1bf8ba317b 100644
--- a/pkg/js/hash.go
+++ b/pkg/js/hash.go
@@ -17,6 +17,7 @@ func hashFunc(call otto.FunctionCall) otto.Value {
 	}
 	algorithm := call.Argument(0).String() // The algorithm to use for hashing
 	value := call.Argument(1).String()     // The value to hash
+	//lint:ignore SA4006 work around bug in staticcheck. This value is needed if the switch statement follows the default path.
 	result := otto.Value{}
 	fmt.Printf("%s\n", value)
 
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index afc507c21f..79586f0a53 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -98,7 +98,7 @@ func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 
 					err := api.updateZone(domain, resourceRecords, nameServers, zoneTTL)
 					if err != nil {
-						return fmt.Errorf(err.Error())
+						return fmt.Errorf("%s", err.Error())
 					}
 
 					return nil
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index d9455f0ee9..93d5b3c872 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -729,7 +729,7 @@ func compileAttributeErrors(err *dnsimpleapi.ErrorResponse) error {
 		e := strings.Join(errors, "& ")
 		message += fmt.Sprintf(": %s %s", field, e)
 	}
-	return fmt.Errorf(message)
+	return fmt.Errorf("%s", message)
 }
 
 // Return true if the string ends in one of DNSimple's name server domains
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index 1da1992a6f..495d4874bf 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -690,7 +690,7 @@ func (c *hednsProvider) parseResponseForDocumentAndErrors(response *http.Respons
 				return true
 			}
 		}
-		err = fmt.Errorf(element.Text())
+		err = fmt.Errorf("%s", element.Text())
 		return false
 	})
 
diff --git a/providers/oracle/oracleProvider.go b/providers/oracle/oracleProvider.go
index 7ac0fcb859..4f5b37dbb9 100644
--- a/providers/oracle/oracleProvider.go
+++ b/providers/oracle/oracleProvider.go
@@ -177,7 +177,7 @@ func (o *oracleProvider) GetNameservers(domain string) ([]*models.Nameserver, er
 	if err != nil {
 		nssStrip, err := models.ToNameserversStripTD(nss)
 		if err != nil {
-			return nil, fmt.Errorf("Could not determine if trailing dots should be stripped or not...")
+			return nil, fmt.Errorf("could not determine if trailing dots should be stripped or not")
 		}
 
 		return nssStrip, nil

From 25652e0cb012e49ac9685bf91233b7a8100e311e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Dec 2024 17:10:02 -0500
Subject: [PATCH 406/438] Build(deps): Bump actions/cache from 4.1.2 to 4.2.0
 (#3229)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_test.yml
index 9ed01a17ae..e82e794ead 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_test.yml
@@ -28,7 +28,7 @@ jobs:
       with:
         go-version: stable
     - name: restore_cache
-      uses: actions/cache@v4.1.2
+      uses: actions/cache@v4.2.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
@@ -201,7 +201,7 @@ jobs:
     - uses: actions/checkout@v4
     - run: mkdir -p "$TEST_RESULTS"
     - name: restore_cache
-      uses: actions/cache@v4.1.2
+      uses: actions/cache@v4.2.0
       with:
         key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
         restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}

From e774e2d08de7c05eeeb315281e6fca219263d4a7 Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Mon, 9 Dec 2024 22:17:42 +0000
Subject: [PATCH 407/438] Add notifications with Shoutrr (#3215)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/notifications.md |  9 ++++++++-
 go.mod                         |  1 +
 go.sum                         |  4 ++++
 pkg/notifications/shoutrrr.go  | 32 ++++++++++++++++++++++++++++++++
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 pkg/notifications/shoutrrr.go

diff --git a/documentation/notifications.md b/documentation/notifications.md
index ddbec9a5d2..894eab4c91 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -19,7 +19,8 @@ Notifications are set up in your credentials JSON file. They will use the `notif
   } ,
   "notifications": {
       "slack_url": "https://api.slack.com/apps/0XXX0X0XX0/incoming-webhooks",
-      "teams_url": "https://outlook.office.com/webhook/00000000-0000-0000-0000-000000000000@00000000-0000-0000-0000-000000000000/IncomingWebhook/00000000000000000000000000000000/00000000-0000-0000-0000-000000000000"
+      "teams_url": "https://outlook.office.com/webhook/00000000-0000-0000-0000-000000000000@00000000-0000-0000-0000-000000000000/IncomingWebhook/00000000000000000000000000000000/00000000-0000-0000-0000-000000000000",
+      "shoutrrr_url": "discover://token@id"
   }
 ```
 {% endcode %}
@@ -94,6 +95,12 @@ This is Stack Overflow's built in chat system. This is probably not useful for m
 
 Configure `bonfire_url` to be the full url including room and api key.
 
+### Shoutrrr (email, Discord, Pushover, etc.)
+
+DNSControl can use many other notification methods via Shoutrrr, such as email (SMTP), Discord, Pushover and others. See the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/latest/services/overview/) for a list of supported methods and configuration instructions.
+
+Configure `shoutrrr_url` with the Shoutrrr URL to be notified.
+
 ## Future work
 
 Yes, this seems pretty limited right now in what it can do. We didn't want to add a bunch of notification types if nobody was going to use them. The good news is, it should
diff --git a/go.mod b/go.mod
index 9ba59fb183..7639260ce6 100644
--- a/go.mod
+++ b/go.mod
@@ -59,6 +59,7 @@ require (
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
+	github.com/containrrr/shoutrrr v0.8.0
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.3
 	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
diff --git a/go.sum b/go.sum
index 0e7d043e54..c8cc78e5bb 100644
--- a/go.sum
+++ b/go.sum
@@ -99,6 +99,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cloudflare/cloudflare-go v0.111.0 h1:bFgl5OyR7iaV9DkTaoI2jU8X4rXDzEaFDaPfMTp+Ewo=
 github.com/cloudflare/cloudflare-go v0.111.0/go.mod h1:w5c4Vm00JjZM+W0mPi6QOC+eWLncGQPURtgDck3z5xU=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/containrrr/shoutrrr v0.8.0 h1:mfG2ATzIS7NR2Ec6XL+xyoHzN97H8WPjir8aYzJUSec=
+github.com/containrrr/shoutrrr v0.8.0/go.mod h1:ioyQAyu1LJY6sILuNyKaQaw+9Ttik5QePU8atnAdO2o=
 github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -194,6 +196,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
diff --git a/pkg/notifications/shoutrrr.go b/pkg/notifications/shoutrrr.go
new file mode 100644
index 0000000000..a8c362bbe9
--- /dev/null
+++ b/pkg/notifications/shoutrrr.go
@@ -0,0 +1,32 @@
+package notifications
+
+import (
+	"fmt"
+
+	"github.com/containrrr/shoutrrr"
+)
+
+func init() {
+	initers = append(initers, func(cfg map[string]string) Notifier {
+		if url, ok := cfg["shoutrrr_url"]; ok {
+			return shoutrrrNotifier(url)
+		}
+		return nil
+	})
+}
+
+type shoutrrrNotifier string
+
+func (b shoutrrrNotifier) Notify(domain, provider, msg string, err error, preview bool) {
+	var payload string
+	if preview {
+		payload = fmt.Sprintf("DNSControl preview: %s[%s]:\n%s", domain, provider, msg)
+	} else if err != nil {
+		payload = fmt.Sprintf("DNSControl ERROR running correction on %s[%s]:\n%s\nError: %s", domain, provider, msg, err)
+	} else {
+		payload = fmt.Sprintf("DNSControl successfully ran correction for %s[%s]:\n%s", domain, provider, msg)
+	}
+	shoutrrr.Send(string(b), payload)
+}
+
+func (b shoutrrrNotifier) Done() {}

From de6afe2506ca93f0fc251fb9321221214897112f Mon Sep 17 00:00:00 2001
From: imlonghao <git@imlonghao.com>
Date: Tue, 10 Dec 2024 23:09:55 +0800
Subject: [PATCH 408/438] PORKBUN: increase req interval and retry on 503
 (#3228)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 providers/porkbun/api.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index a90a275231..f1ade191eb 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -77,7 +77,7 @@ func (c *porkbunProvider) post(endpoint string, params requestParams) ([]byte, e
 	// If request sending too fast, the server will fail with the following error:
 	// porkbun API error: Create error: We were unable to create the DNS record.
 retry:
-	time.Sleep(500 * time.Millisecond)
+	time.Sleep(time.Second)
 	resp, err := client.Do(req)
 	if err != nil {
 		return []byte{}, err
@@ -85,13 +85,13 @@ retry:
 
 	bodyString, _ := io.ReadAll(resp.Body)
 
-	if resp.StatusCode == 202 {
+	if resp.StatusCode == 202 || resp.StatusCode == 503 {
 		retrycnt += 1
 		if retrycnt == 5 {
 			return bodyString, fmt.Errorf("rate limiting exceeded")
 		}
-		printer.Warnf("Rate limiting.. waiting for %d minute(s)\n", retrycnt)
-		time.Sleep(time.Minute * time.Duration(retrycnt))
+		printer.Warnf("Rate limiting.. waiting for %d second(s)\n", retrycnt*10)
+		time.Sleep(time.Second * time.Duration(retrycnt*10))
 		goto retry
 	}
 

From a6308edd52f3d6b0699fabb6c40a397bc42c76a1 Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Thu, 12 Dec 2024 15:28:56 +0000
Subject: [PATCH 409/438] DOCS: Add instructions for increasing the timeout on
 integration tests (#3233)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/integration-tests.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/documentation/integration-tests.md b/documentation/integration-tests.md
index a0c7baee98..9de0291345 100644
--- a/documentation/integration-tests.md
+++ b/documentation/integration-tests.md
@@ -47,6 +47,14 @@ go test -v -verbose -provider ROUTE53 -end 5
 go test -v -verbose -provider ROUTE53 -start 16 -end 20
 ```
 
+For some providers it may be necessary to increase the test timeout using `-test`. The default is 10 minutes.  `0` is "no limit".  Typical Go durations work too (`1h` for 1 hour, etc).
+
+```shell
+go test -timeout 0 -v -verbose -provider CLOUDNS 
+```
+
+FYI: The order of the flags matters.  Flags native to the Go testing suite (`-timeout` and `-v`) must come before flags that are part of the DNSControl integration tests (`-verbose`, `-provider`). Yeah, that sucks and is confusing.
+
 The actual tests are in the file `integrationTest/integration_test.go`.  The
 tests are in a little language which can be used to describe just about any
 interaction with the API.  Look for the comment `START HERE` or the line

From 5d625e81ea097c5fc15ac244514127e83da2aa28 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <das7pad@outlook.com>
Date: Thu, 12 Dec 2024 18:07:49 +0100
Subject: [PATCH 410/438] HETZNER: enable concurrency capability (#3234)

Signed-off-by: Jakob Ackermann <das7pad@outlook.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           |  2 +-
 providers/hetzner/api.go             | 46 ++++++++++++++++++++--------
 providers/hetzner/hetznerProvider.go | 21 +++++++------
 3 files changed, 47 insertions(+), 22 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 111d55f0c7..378d3c7790 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -38,7 +38,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`GCLOUD`](provider/gcloud.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`GCORE`](provider/gcore.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEDNS`](provider/hedns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`HETZNER`](provider/hetzner.md) | ❌ | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HEXONET`](provider/hexonet.md) | ❌ | ✅ | ✅ | ❌ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ❔ |
 | [`HOSTINGDE`](provider/hostingde.md) | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`HUAWEICLOUD`](provider/huaweicloud.md) | ❌ | ✅ | ❌ | ❔ | ❌ | ✅ | ❔ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
diff --git a/providers/hetzner/api.go b/providers/hetzner/api.go
index 52e3dc7f4a..8efcd449e2 100644
--- a/providers/hetzner/api.go
+++ b/providers/hetzner/api.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"net/http"
 	"strconv"
+	"sync"
 	"time"
 
 	"github.com/StackExchange/dnscontrol/v4/pkg/printer"
@@ -18,7 +19,8 @@ const (
 
 type hetznerProvider struct {
 	apiKey             string
-	zones              map[string]zone
+	mu                 sync.Mutex
+	cachedZones        map[string]zone
 	requestRateLimiter requestRateLimiter
 }
 
@@ -103,9 +105,17 @@ func (api *hetznerProvider) getAllRecords(domain string) ([]record, error) {
 	return records, nil
 }
 
-func (api *hetznerProvider) getAllZones() error {
-	if api.zones != nil {
-		return nil
+func (api *hetznerProvider) resetZoneCache() {
+	api.mu.Lock()
+	defer api.mu.Unlock()
+	api.cachedZones = nil
+}
+
+func (api *hetznerProvider) getAllZones() (map[string]zone, error) {
+	api.mu.Lock()
+	defer api.mu.Unlock()
+	if api.cachedZones != nil {
+		return api.cachedZones, nil
 	}
 	var zones map[string]zone
 	page := 1
@@ -124,7 +134,7 @@ func (api *hetznerProvider) getAllZones() error {
 		response := getAllZonesResponse{}
 		url := fmt.Sprintf("/zones?per_page=100&page=%d", page)
 		if err := api.request(url, "GET", nil, &response, statusOK); err != nil {
-			return fmt.Errorf("failed fetching zones: %w", err)
+			return nil, fmt.Errorf("failed fetching zones: %w", err)
 		}
 		if zones == nil {
 			zones = make(map[string]zone, response.Meta.Pagination.TotalEntries)
@@ -138,15 +148,16 @@ func (api *hetznerProvider) getAllZones() error {
 		}
 		page++
 	}
-	api.zones = zones
-	return nil
+	api.cachedZones = zones
+	return zones, nil
 }
 
 func (api *hetznerProvider) getZone(name string) (*zone, error) {
-	if err := api.getAllZones(); err != nil {
+	zones, err := api.getAllZones()
+	if err != nil {
 		return nil, err
 	}
-	z, ok := api.zones[name]
+	z, ok := zones[name]
 	if !ok {
 		return nil, fmt.Errorf("%q is not a zone in this HETZNER account", name)
 	}
@@ -213,18 +224,28 @@ func (api *hetznerProvider) request(endpoint string, method string, request inte
 }
 
 type requestRateLimiter struct {
+	mu          sync.Mutex
 	delay       time.Duration
 	lastRequest time.Time
+	resetAt     time.Time
 }
 
 func (rrl *requestRateLimiter) delayRequest() {
-	time.Sleep(time.Until(rrl.lastRequest.Add(rrl.delay)))
-
+	rrl.mu.Lock()
 	// When not rate-limited, include network/server latency in delay.
-	rrl.lastRequest = time.Now()
+	next := rrl.lastRequest.Add(rrl.delay)
+	if next.After(rrl.resetAt) {
+		// Do not stack delays past the reset point.
+		next = rrl.resetAt
+	}
+	rrl.lastRequest = next
+	rrl.mu.Unlock()
+	time.Sleep(time.Until(next))
 }
 
 func (rrl *requestRateLimiter) handleResponse(resp *http.Response) (bool, error) {
+	rrl.mu.Lock()
+	defer rrl.mu.Unlock()
 	if resp.StatusCode == http.StatusTooManyRequests {
 		printer.Printf("Rate-Limited. Consider contacting the Hetzner Support for raising your quota. URL: %q, Headers: %q\n", resp.Request.URL, resp.Header)
 
@@ -264,5 +285,6 @@ func (rrl *requestRateLimiter) handleResponse(resp *http.Response) (bool, error)
 		// ... then spread requests evenly throughout the window.
 		rrl.delay = reset / time.Duration(remaining+1)
 	}
+	rrl.resetAt = time.Now().Add(reset)
 	return false, nil
 }
diff --git a/providers/hetzner/hetznerProvider.go b/providers/hetzner/hetznerProvider.go
index 8f911919d8..414b2ecfc6 100644
--- a/providers/hetzner/hetznerProvider.go
+++ b/providers/hetzner/hetznerProvider.go
@@ -15,7 +15,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Cannot(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Cannot(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDS:               providers.Can(),
@@ -68,9 +68,11 @@ func (api *hetznerProvider) EnsureZoneExists(domain string) error {
 		}
 	}
 
-	// reset zone cache
-	api.zones = nil
-	return api.createZone(domain)
+	if err = api.createZone(domain); err != nil {
+		return err
+	}
+	api.resetZoneCache()
+	return nil
 }
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
@@ -167,12 +169,13 @@ func (api *hetznerProvider) GetZoneRecords(domain string, meta map[string]string
 
 // ListZones lists the zones on this account.
 func (api *hetznerProvider) ListZones() ([]string, error) {
-	if err := api.getAllZones(); err != nil {
+	zones, err := api.getAllZones()
+	if err != nil {
 		return nil, err
 	}
-	zones := make([]string, 0, len(api.zones))
-	for domain := range api.zones {
-		zones = append(zones, domain)
+	domains := make([]string, 0, len(zones))
+	for domain := range zones {
+		domains = append(domains, domain)
 	}
-	return zones, nil
+	return domains, nil
 }

From 9d42930120aad369a0559e32eeb8bba4035a3815 Mon Sep 17 00:00:00 2001
From: Hamish Moffatt <7577172+hmoffatt@users.noreply.github.com>
Date: Thu, 12 Dec 2024 17:10:38 +0000
Subject: [PATCH 411/438] CLOUDNS: enable concurrent access (#3232)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md           |   2 +-
 go.mod                               |   4 +-
 providers/cloudns/api.go             | 120 +++++++++++++++------------
 providers/cloudns/cloudnsProvider.go |  38 +++++----
 4 files changed, 89 insertions(+), 75 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index 378d3c7790..5d386c8b31 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -22,7 +22,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
-| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
+| [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
 | [`CNR`](provider/cnr.md) | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
diff --git a/go.mod b/go.mod
index 7639260ce6..caa03c146c 100644
--- a/go.mod
+++ b/go.mod
@@ -59,8 +59,8 @@ require (
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0
 	github.com/G-Core/gcore-dns-sdk-go v0.2.9
-	github.com/containrrr/shoutrrr v0.8.0
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v5 v5.0.3
+	github.com/containrrr/shoutrrr v0.8.0
 	github.com/fatih/color v1.18.0
 	github.com/fbiville/markdown-table-formatter v0.3.0
 	github.com/go-acme/lego/v4 v4.20.4
@@ -74,6 +74,7 @@ require (
 	github.com/vultr/govultr/v2 v2.17.2
 	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d
 	golang.org/x/text v0.21.0
+	golang.org/x/time v0.8.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
@@ -158,7 +159,6 @@ require (
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/time v0.8.0 // indirect
 	golang.org/x/tools v0.28.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
diff --git a/providers/cloudns/api.go b/providers/cloudns/api.go
index 48a8245f08..00d4e51536 100644
--- a/providers/cloudns/api.go
+++ b/providers/cloudns/api.go
@@ -1,23 +1,30 @@
 package cloudns
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 	"strconv"
-	"time"
+	"sync"
+
+	"golang.org/x/time/rate"
 )
 
 // Api layer for ClouDNS
 type cloudnsProvider struct {
-	domainIndex      map[string]string
-	nameserversNames []string
-	creds            struct {
+	creds struct {
 		id       string
 		password string
 		subid    string
 	}
+
+	requestLimit *rate.Limiter
+
+	sync.Mutex       // Protects all access to the following fields:
+	domainIndex      map[string]string
+	nameserversNames []string
 }
 
 type requestParams map[string]string
@@ -83,76 +90,81 @@ type domainRecord struct {
 
 type recordResponse map[string]domainRecord
 
-var allowedTTLValues = []uint32{}
+func (c *cloudnsProvider) fetchAvailableNameservers() ([]string, error) {
+	c.Lock()
+	defer c.Unlock()
 
-func (c *cloudnsProvider) fetchAvailableNameservers() error {
-	c.nameserversNames = nil
+	if c.nameserversNames == nil {
 
-	var bodyString, err = c.get("/dns/available-name-servers.json", requestParams{})
-	if err != nil {
-		return fmt.Errorf("failed fetching available nameservers list from ClouDNS: %s", err)
-	}
+		var bodyString, err = c.get("/dns/available-name-servers.json", requestParams{})
+		if err != nil {
+			return nil, fmt.Errorf("failed fetching available nameservers list from ClouDNS: %s", err)
+		}
 
-	var nr nameserverResponse
-	json.Unmarshal(bodyString, &nr)
+		var nr nameserverResponse
+		json.Unmarshal(bodyString, &nr)
 
-	for _, nameserver := range nr {
-		if nameserver.Type == "premium" {
-			c.nameserversNames = append(c.nameserversNames, nameserver.Name)
-		}
+		for _, nameserver := range nr {
+			if nameserver.Type == "premium" {
+				c.nameserversNames = append(c.nameserversNames, nameserver.Name)
+			}
 
+		}
 	}
-	return nil
+	return c.nameserversNames, nil
 }
 
-func (c *cloudnsProvider) fetchAvailableTTLValues(domain string) error {
-	allowedTTLValues = nil
+func (c *cloudnsProvider) fetchAvailableTTLValues(domain string) ([]uint32, error) {
+	allowedTTLValues := make([]uint32, 0)
 	params := requestParams{
 		"domain-name": domain,
 	}
 
 	var bodyString, err = c.get("/dns/get-available-ttl.json", params)
 	if err != nil {
-		return fmt.Errorf("failed fetching available TTL values list from ClouDNS: %s", err)
+		return nil, fmt.Errorf("failed fetching available TTL values list from ClouDNS: %s", err)
 	}
 
 	json.Unmarshal(bodyString, &allowedTTLValues)
-	return nil
+	return allowedTTLValues, nil
 }
 
-func (c *cloudnsProvider) fetchDomainList() error {
-	if c.domainIndex != nil {
-		return nil
-	}
-
-	rowsPerPage := 100
-	page := 1
-	for {
-		var dr zoneResponse
-		params := requestParams{
-			"page":          strconv.Itoa(page),
-			"rows-per-page": strconv.Itoa(rowsPerPage),
-		}
-		endpoint := "/dns/list-zones.json"
-		var bodyString, err = c.get(endpoint, params)
-		if err != nil {
-			return fmt.Errorf("failed fetching domain list from ClouDNS: %s", err)
-		}
-		json.Unmarshal(bodyString, &dr)
+func (c *cloudnsProvider) fetchDomainIndex(name string) (string, bool, error) {
+	c.Lock()
+	defer c.Unlock()
+
+	if c.domainIndex == nil {
+		rowsPerPage := 100
+		page := 1
+		for {
+			var dr zoneResponse
+			params := requestParams{
+				"page":          strconv.Itoa(page),
+				"rows-per-page": strconv.Itoa(rowsPerPage),
+			}
+			endpoint := "/dns/list-zones.json"
+			var bodyString, err = c.get(endpoint, params)
+			if err != nil {
+				return "", false, fmt.Errorf("failed fetching domain list from ClouDNS: %s", err)
+			}
+			json.Unmarshal(bodyString, &dr)
 
-		if c.domainIndex == nil {
-			c.domainIndex = map[string]string{}
-		}
+			if c.domainIndex == nil {
+				c.domainIndex = map[string]string{}
+			}
 
-		for _, domain := range dr {
-			c.domainIndex[domain.Name] = domain.Name
-		}
-		if len(dr) < rowsPerPage {
-			break
+			for _, domain := range dr {
+				c.domainIndex[domain.Name] = domain.Name
+			}
+			if len(dr) < rowsPerPage {
+				break
+			}
+			page++
 		}
-		page++
 	}
-	return nil
+
+	index, ok := c.domainIndex[name]
+	return index, ok, nil
 }
 
 func (c *cloudnsProvider) createDomain(domain string) error {
@@ -267,9 +279,9 @@ func (c *cloudnsProvider) get(endpoint string, params requestParams) ([]byte, er
 	req.URL.RawQuery = q.Encode()
 
 	// ClouDNS has a rate limit (not documented) of 10 request/second
-	// so we do a very primitive rate-limiting here - delay every request for 100ms - so max. 10 requests/second ...
-	time.Sleep(100 * time.Millisecond)
+	c.requestLimit.Wait(context.Background())
 	resp, err := client.Do(req)
+
 	if err != nil {
 		return []byte{}, err
 	}
@@ -290,7 +302,7 @@ func (c *cloudnsProvider) get(endpoint string, params requestParams) ([]byte, er
 	return bodyString, nil
 }
 
-func fixTTL(ttl uint32) uint32 {
+func fixTTL(allowedTTLValues []uint32, ttl uint32) uint32 {
 	// if the TTL is larger than the largest allowed value, return the largest allowed value
 	if ttl > allowedTTLValues[len(allowedTTLValues)-1] {
 		return allowedTTLValues[len(allowedTTLValues)-1]
diff --git a/providers/cloudns/cloudnsProvider.go b/providers/cloudns/cloudnsProvider.go
index 83aed2eda1..16af5263ae 100644
--- a/providers/cloudns/cloudnsProvider.go
+++ b/providers/cloudns/cloudnsProvider.go
@@ -10,6 +10,7 @@ import (
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
 	"github.com/StackExchange/dnscontrol/v4/providers"
 	"github.com/miekg/dns/dnsutil"
+	"golang.org/x/time/rate"
 )
 
 /*
@@ -22,6 +23,7 @@ Info required in `creds.json`:
 // NewCloudns creates the provider.
 func NewCloudns(m map[string]string, metadata json.RawMessage) (providers.DNSServiceProvider, error) {
 	c := &cloudnsProvider{}
+	c.requestLimit = rate.NewLimiter(10, 10)
 
 	c.creds.id, c.creds.password, c.creds.subid = m["auth-id"], m["auth-password"], m["sub-auth-id"]
 
@@ -37,7 +39,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can(),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseAlias:            providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDNAME:            providers.Can(),
@@ -66,10 +68,12 @@ func init() {
 
 // GetNameservers returns the nameservers for a domain.
 func (c *cloudnsProvider) GetNameservers(domain string) ([]*models.Nameserver, error) {
-	if len(c.nameserversNames) == 0 {
-		c.fetchAvailableNameservers()
+	names, err := c.fetchAvailableNameservers()
+	if err != nil {
+		return nil, err
 	}
-	return models.ToNameservers(c.nameserversNames)
+
+	return models.ToNameservers(names)
 }
 
 // // GetDomainCorrections returns the corrections for a domain.
@@ -111,23 +115,23 @@ func (c *cloudnsProvider) GetNameservers(domain string) ([]*models.Nameserver, e
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *cloudnsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, existingRecords models.Records) ([]*models.Correction, int, error) {
-
-	if c.domainIndex == nil {
-		if err := c.fetchDomainList(); err != nil {
-			return nil, 0, err
-		}
-	}
-	domainID, ok := c.domainIndex[dc.Name]
-	if !ok {
+	domainID, ok, err := c.fetchDomainIndex(dc.Name)
+	if err != nil {
+		return nil, 0, err
+	} else if !ok {
 		return nil, 0, fmt.Errorf("'%s' not a zone in ClouDNS account", dc.Name)
 	}
 
 	// Get a list of available TTL values.
 	// The TTL list needs to be obtained for each domain, so get it first here.
-	c.fetchAvailableTTLValues(dc.Name)
+	allowedTTLValues, err := c.fetchAvailableTTLValues(dc.Name)
+	if err != nil {
+		return nil, 0, err
+	}
+
 	// ClouDNS can only be specified from a specific TTL list, so change the TTL in advance.
 	for _, record := range dc.Records {
-		record.TTL = fixTTL(record.TTL)
+		record.TTL = fixTTL(allowedTTLValues, record.TTL)
 	}
 
 	dnssecFixes, err := c.getDNSSECCorrections(dc)
@@ -270,11 +274,9 @@ func (c *cloudnsProvider) GetZoneRecords(domain string, meta map[string]string)
 
 // EnsureZoneExists creates a zone if it does not exist
 func (c *cloudnsProvider) EnsureZoneExists(domain string) error {
-	if err := c.fetchDomainList(); err != nil {
+	if _, ok, err := c.fetchDomainIndex(domain); err != nil {
 		return err
-	}
-	// zone already exists
-	if _, ok := c.domainIndex[domain]; ok {
+	} else if ok { // zone already exists
 		return nil
 	}
 	return c.createDomain(domain)

From 9588a9162a61a664cd537011fbe1124f85a19cc6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 12 Dec 2024 12:11:36 -0500
Subject: [PATCH 412/438] CHORE: Update deps (#3237)

---
 go.mod | 17 +++++++----------
 go.sum | 52 +++++++++++++++++-----------------------------------
 2 files changed, 24 insertions(+), 45 deletions(-)

diff --git a/go.mod b/go.mod
index caa03c146c..dcea55ffa8 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
 	github.com/cloudflare/cloudflare-go v0.111.0
-	github.com/digitalocean/godo v1.131.0
+	github.com/digitalocean/godo v1.131.1
 	github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c
 	github.com/dnsimple/dnsimple-go v1.7.0
 	github.com/exoscale/egoscale v0.102.4
@@ -52,7 +52,7 @@ require (
 	golang.org/x/crypto v0.30.0 // indirect
 	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
-	google.golang.org/api v0.210.0
+	google.golang.org/api v0.211.0
 	gopkg.in/ns1/ns1-go.v2 v2.12.2
 )
 
@@ -66,20 +66,20 @@ require (
 	github.com/go-acme/lego/v4 v4.20.4
 	github.com/google/go-cmp v0.6.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125
+	github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.127
 	github.com/juju/errors v1.0.0
 	github.com/kylelemons/godebug v1.1.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/oracle/oci-go-sdk/v65 v65.79.0
+	github.com/oracle/oci-go-sdk/v65 v65.80.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d
+	golang.org/x/exp v0.0.0-20241210194714-1829a127f884
 	golang.org/x/text v0.21.0
 	golang.org/x/time v0.8.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.11.0 // indirect
+	cloud.google.com/go/auth v0.12.1 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
@@ -111,7 +111,6 @@ require (
 	github.com/gofrs/flock v0.12.1 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/s2a-go v0.1.8 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -151,7 +150,6 @@ require (
 	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	go.mongodb.org/mongo-driver v1.12.0 // indirect
-	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
 	go.opentelemetry.io/otel v1.29.0 // indirect
 	go.opentelemetry.io/otel/metric v1.29.0 // indirect
@@ -160,8 +158,7 @@ require (
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/tools v0.28.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect
 	google.golang.org/grpc v1.67.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/sourcemap.v1 v1.0.5 // indirect
diff --git a/go.sum b/go.sum
index c8cc78e5bb..2d30f335f4 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA=
-cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4=
+cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4=
 cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
 cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
@@ -115,14 +115,13 @@ github.com/deepmap/oapi-codegen v1.9.1 h1:yHmEnA7jSTUMQgV+uN02WpZtwHnz2CBW3mZRIx
 github.com/deepmap/oapi-codegen v1.9.1/go.mod h1:PLqNAhdedP8ttRpBBkzLKU3bp+Fpy+tTgeAMlztR2cw=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/digitalocean/godo v1.131.0 h1:0WHymufAV5avpodT0h5/pucUVfO4v7biquOIqhLeROY=
-github.com/digitalocean/godo v1.131.0/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
+github.com/digitalocean/godo v1.131.1 h1:2QsRwjNukKgOQbflMxOsTDoC05o5UKBpqQMFKXegYKE=
+github.com/digitalocean/godo v1.131.1/go.mod h1:PU8JB6I1XYkQIdHFop8lLAY9ojp6M0XcU0TWaQSxbrc=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354=
 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE=
 github.com/dnsimple/dnsimple-go v1.7.0 h1:JKu9xJtZ3SqOC+BuYgAWeab7+EEx0sz422vu8j611ZY=
 github.com/dnsimple/dnsimple-go v1.7.0/go.mod h1:EKpuihlWizqYafSnQHGCd/gyvy3HkEQJ7ODB4KdV8T8=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/exoscale/egoscale v0.102.4 h1:GBKsZMIOzwBfSu+4ZmWka3Ejf2JLiaBDHp4CQUgvp2E=
@@ -179,9 +178,6 @@ github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -191,9 +187,7 @@ github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:x
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
@@ -204,9 +198,7 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -221,7 +213,6 @@ github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
@@ -261,8 +252,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA=
 github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125 h1:Y7q1cdSK+5ARW3WCxegy2X4extJ7nbrXF+yfXjpsfGM=
-github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.125/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.127 h1:TOGDOGmY7YOzTSkFDIx0nxEF7fxpqiFNYvSxuSPGaC4=
+github.com/huaweicloud/huaweicloud-sdk-go-v3 v0.1.127/go.mod h1:JWz2ujO9X3oU5wb6kXp+DpR2UuDj2SldDbX8T0FSuhI=
 github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
 github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
@@ -348,8 +339,8 @@ github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY
 github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
 github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
 github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0=
-github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU=
-github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
+github.com/oracle/oci-go-sdk/v65 v65.80.0 h1:Rr7QLMozd2DfDBKo6AB3DzLYQxAwuOG118+K5AAD5E8=
+github.com/oracle/oci-go-sdk/v65 v65.80.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0=
 github.com/ovh/go-ovh v1.6.0 h1:ixLOwxQdzYDx296sXcgS35TOPEahJkpjMGtzPadCjQI=
 github.com/ovh/go-ovh v1.6.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC7c=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
@@ -419,7 +410,6 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
@@ -452,8 +442,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
 go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
-go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
-go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
 go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
@@ -476,8 +464,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0=
-golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
+golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
+golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -496,7 +484,6 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210913180222-943fd674d43e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -589,23 +576,21 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk=
-google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs=
+google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg=
+google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU=
-google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
+google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU=
+google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
+google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
 google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -613,10 +598,7 @@ google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=

From 9df5a25715bba98381b9e5442d5d6b5765f2ccef Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 12 Dec 2024 14:07:11 -0500
Subject: [PATCH 413/438] CHORE: Linting corrections (#3236)

---
 pkg/normalize/validate.go              | 27 ++++++++++++------------
 providers/autodns/autoDnsProvider.go   |  3 ++-
 providers/cnr/cnrProvider.go           |  3 ++-
 providers/desec/protocol.go            | 29 +++++++++++++-------------
 providers/dnsimple/dnsimpleProvider.go |  2 +-
 providers/hedns/hednsProvider.go       | 23 ++++++++++----------
 providers/porkbun/api.go               |  2 +-
 7 files changed, 47 insertions(+), 42 deletions(-)

diff --git a/pkg/normalize/validate.go b/pkg/normalize/validate.go
index ea9c38dffd..1094f1127a 100644
--- a/pkg/normalize/validate.go
+++ b/pkg/normalize/validate.go
@@ -1,6 +1,7 @@
 package normalize
 
 import (
+	"errors"
 	"fmt"
 	"net"
 	"sort"
@@ -118,7 +119,7 @@ func checkLabel(label string, rType string, domain string, meta map[string]strin
 	}
 	if label == domain || strings.HasSuffix(label, "."+domain) {
 		if m := meta["skip_fqdn_check"]; m != "true" {
-			return fmt.Errorf("%s", errorRepeat(label, domain))
+			return errors.New(errorRepeat(label, domain))
 		}
 	}
 
@@ -147,22 +148,22 @@ func checkLabel(label string, rType string, domain string, meta map[string]strin
 
 func checkSoa(expire uint32, minttl uint32, refresh uint32, retry uint32, mbox string) error {
 	if expire <= 0 {
-		return fmt.Errorf("SOA Expire must be > 0")
+		return errors.New("SOA Expire must be > 0")
 	}
 	if minttl <= 0 {
-		return fmt.Errorf("SOA Minimum TTL must be > 0")
+		return errors.New("SOA Minimum TTL must be > 0")
 	}
 	if refresh <= 0 {
-		return fmt.Errorf("SOA Refresh must be > 0")
+		return errors.New("SOA Refresh must be > 0")
 	}
 	if retry <= 0 {
-		return fmt.Errorf("SOA Retry must be > 0")
+		return errors.New("SOA Retry must be > 0")
 	}
 	if mbox == "" {
-		return fmt.Errorf("SOA MBox must be specified")
+		return errors.New("SOA MBox must be specified")
 	}
 	if strings.ContainsRune(mbox, '@') {
-		return fmt.Errorf("SOA MBox must have '.' instead of '@'")
+		return errors.New("SOA MBox must have '.' instead of '@'")
 	}
 	return nil
 }
@@ -190,12 +191,12 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 	case "CNAME":
 		check(checkTarget(target))
 		if label == "@" {
-			check(fmt.Errorf("cannot create CNAME record for bare domain"))
+			check(errors.New("cannot create CNAME record for bare domain"))
 		}
 		labelFQDN := dnsutil.AddOrigin(label, domain)
 		targetFQDN := dnsutil.AddOrigin(target, domain)
 		if labelFQDN == targetFQDN {
-			check(fmt.Errorf("CNAME loop (target points at itself)"))
+			check(errors.New("CNAME loop (target points at itself)"))
 		}
 	case "DNAME":
 		check(checkTarget(target))
@@ -209,11 +210,11 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 	case "NS":
 		check(checkTarget(target))
 		if label == "@" {
-			check(fmt.Errorf("cannot create NS record for bare domain. Use NAMESERVER instead"))
+			check(errors.New("cannot create NS record for bare domain. Use NAMESERVER instead"))
 		}
 	case "NS1_URLFWD":
 		if len(strings.Fields(target)) != 5 {
-			check(fmt.Errorf("record should follow format: \"from to redirectType pathForwardingMode queryForwarding\""))
+			check(errors.New("record should follow format: \"from to redirectType pathForwardingMode queryForwarding\""))
 		}
 	case "PTR":
 		check(checkTarget(target))
@@ -221,7 +222,7 @@ func checkTargets(rec *models.RecordConfig, domain string) (errs []error) {
 		check(checkSoa(rec.SoaExpire, rec.SoaMinttl, rec.SoaRefresh, rec.SoaRetry, rec.SoaMbox))
 		check(checkTarget(target))
 		if label != "@" {
-			check(fmt.Errorf("SOA record is only valid for bare domain"))
+			check(errors.New("SOA record is only valid for bare domain"))
 		}
 	case "SRV":
 		check(checkTarget(target))
@@ -457,7 +458,7 @@ func ValidateAndNormalizeConfig(config *models.DNSConfig) (errs []error) {
 			rec.SetLabel(rec.GetLabel(), domain.Name)
 
 			if _, ok := rec.Metadata["ignore_name_disable_safety_check"]; ok {
-				errs = append(errs, fmt.Errorf("IGNORE_NAME_DISABLE_SAFETY_CHECK no longer supported. Please use DISABLE_IGNORE_SAFETY_CHECK for the entire domain"))
+				errs = append(errs, errors.New("IGNORE_NAME_DISABLE_SAFETY_CHECK no longer supported. Please use DISABLE_IGNORE_SAFETY_CHECK for the entire domain"))
 			}
 
 		}
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index 79586f0a53..e0fc8a30c1 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -2,6 +2,7 @@ package autodns
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -98,7 +99,7 @@ func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 
 					err := api.updateZone(domain, resourceRecords, nameServers, zoneTTL)
 					if err != nil {
-						return fmt.Errorf("%s", err.Error())
+						return errors.New(err.Error())
 					}
 
 					return nil
diff --git a/providers/cnr/cnrProvider.go b/providers/cnr/cnrProvider.go
index 3ff2166c85..8318d40dbf 100644
--- a/providers/cnr/cnrProvider.go
+++ b/providers/cnr/cnrProvider.go
@@ -1,6 +1,7 @@
-// Package CNR implements a registrar that uses the CNR api to set name servers. It will self register it's providers when imported.
 package cnr
 
+// Package CNR implements a registrar that uses the CNR api to set name servers. It will self register it's providers when imported.
+
 import (
 	"encoding/json"
 	"fmt"
diff --git a/providers/desec/protocol.go b/providers/desec/protocol.go
index af5b3980df..f36e3bcf5d 100644
--- a/providers/desec/protocol.go
+++ b/providers/desec/protocol.go
@@ -3,6 +3,7 @@ package desec
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -114,11 +115,11 @@ func (c *desecProvider) fetchDomainIndex() (map[string]uint32, error) {
 		for endpoint != "" {
 			bodyString, resp, err = c.get(endpoint, "GET")
 			if err != nil {
-				return nil, fmt.Errorf("failed fetching domains: %s", err)
+				return nil, fmt.Errorf("failed fetching domains: %w", err)
 			}
 			domainIndex, err = appendDomainIndexFromResponse(domainIndex, bodyString)
 			if err != nil {
-				return nil, fmt.Errorf("failed fetching domains: %s", err)
+				return nil, fmt.Errorf("failed fetching domains: %w", err)
 			}
 			links = convertLinks(resp.Header.Get("Link"))
 			endpoint = links["next"]
@@ -130,7 +131,7 @@ func (c *desecProvider) fetchDomainIndex() (map[string]uint32, error) {
 
 	//no pagination required
 	if err != nil && resp.StatusCode != 400 {
-		return nil, fmt.Errorf("failed fetching domains: %s", err)
+		return nil, fmt.Errorf("failed fetching domains: %w", err)
 	}
 	domainIndex, err = appendDomainIndexFromResponse(domainIndex, bodyString)
 	if err != nil {
@@ -196,11 +197,11 @@ func (c *desecProvider) getRecords(domain string) ([]resourceRecord, error) {
 				if resp.StatusCode == 404 {
 					return rrsNew, nil
 				}
-				return rrsNew, fmt.Errorf("getRecords: failed fetching rrsets: %s", err)
+				return rrsNew, fmt.Errorf("getRecords: failed fetching rrsets: %w", err)
 			}
 			tmp, err := generateRRSETfromResponse(bodyString)
 			if err != nil {
-				return rrsNew, fmt.Errorf("failed fetching records for domain %s (deSEC): %s", domain, err)
+				return rrsNew, fmt.Errorf("failed fetching records for domain %s (deSEC): %w", domain, err)
 			}
 			rrsNew = append(rrsNew, tmp...)
 			links = convertLinks(resp.Header.Get("Link"))
@@ -212,7 +213,7 @@ func (c *desecProvider) getRecords(domain string) ([]resourceRecord, error) {
 	}
 	//no pagination
 	if err != nil {
-		return rrsNew, fmt.Errorf("failed fetching records for domain %s (deSEC): %s", domain, err)
+		return rrsNew, fmt.Errorf("failed fetching records for domain %s (deSEC): %w", domain, err)
 	}
 	tmp, err := generateRRSETfromResponse(bodyString)
 	if err != nil {
@@ -252,7 +253,7 @@ func (c *desecProvider) createDomain(domain string) error {
 	var resp []byte
 	var err error
 	if resp, err = c.post(endpoint, "POST", byt); err != nil {
-		return fmt.Errorf("failed domain create (deSEC): %v", err)
+		return fmt.Errorf("failed domain create (deSEC): %w", err)
 	}
 	dm := domainObject{}
 	err = json.Unmarshal(resp, &dm)
@@ -269,7 +270,7 @@ func (c *desecProvider) upsertRR(rr []resourceRecord, domain string) error {
 	endpoint := fmt.Sprintf("/domains/%s/rrsets/", domain)
 	byt, _ := json.Marshal(rr)
 	if _, err := c.post(endpoint, "PUT", byt); err != nil {
-		return fmt.Errorf("failed create RRset (deSEC): %v", err)
+		return fmt.Errorf("failed create RRset (deSEC): %w", err)
 	}
 	return nil
 }
@@ -279,7 +280,7 @@ func (c *desecProvider) upsertRR(rr []resourceRecord, domain string) error {
 //func (c *desecProvider) deleteRR(domain, shortname, t string) error {
 //	endpoint := fmt.Sprintf("/domains/%s/rrsets/%s/%s/", domain, shortname, t)
 //	if _, _, err := c.get(endpoint, "DELETE"); err != nil {
-//		return fmt.Errorf("failed delete RRset (deSEC): %v", err)
+//		return fmt.Errorf("failed delete RRset (deSEC): %w", err)
 //	}
 //	return nil
 //}
@@ -316,7 +317,7 @@ retry:
 				wait, err := strconv.ParseInt(waitfor, 10, 64)
 				if err == nil {
 					if wait > 180 {
-						return []byte{}, resp, fmt.Errorf("rate limiting exceeded")
+						return []byte{}, resp, errors.New("rate limiting exceeded")
 					}
 					printer.Warnf("Rate limiting.. waiting for %s seconds\n", waitfor)
 					time.Sleep(time.Duration(wait+1) * time.Second)
@@ -331,12 +332,12 @@ retry:
 		var nfieldErrors []nonFieldError
 		err = json.Unmarshal(bodyString, &errResp)
 		if err == nil {
-			return bodyString, resp, fmt.Errorf("%s", errResp.Detail)
+			return bodyString, resp, errors.New(errResp.Detail)
 		}
 		err = json.Unmarshal(bodyString, &nfieldErrors)
 		if err == nil && len(nfieldErrors) > 0 {
 			if len(nfieldErrors[0].Errors) > 0 {
-				return bodyString, resp, fmt.Errorf("%s", nfieldErrors[0].Errors[0])
+				return bodyString, resp, errors.New(nfieldErrors[0].Errors[0])
 			}
 		}
 		return bodyString, resp, fmt.Errorf("HTTP status %s Body: %s, the API does not provide more information", resp.Status, bodyString)
@@ -383,7 +384,7 @@ retry:
 				wait, err := strconv.ParseInt(waitfor, 10, 64)
 				if err == nil {
 					if wait > 180 {
-						return []byte{}, fmt.Errorf("rate limiting exceeded")
+						return []byte{}, errors.New("rate limiting exceeded")
 					}
 					printer.Warnf("Rate limiting.. waiting for %s seconds\n", waitfor)
 					time.Sleep(time.Duration(wait+1) * time.Second)
@@ -403,7 +404,7 @@ retry:
 		err = json.Unmarshal(bodyString, &nfieldErrors)
 		if err == nil && len(nfieldErrors) > 0 {
 			if len(nfieldErrors[0].Errors) > 0 {
-				return bodyString, fmt.Errorf("%s", nfieldErrors[0].Errors[0])
+				return bodyString, errors.New(nfieldErrors[0].Errors[0])
 			}
 		}
 		return bodyString, fmt.Errorf("HTTP status %s Body: %s, the API does not provide more information", resp.Status, bodyString)
diff --git a/providers/dnsimple/dnsimpleProvider.go b/providers/dnsimple/dnsimpleProvider.go
index 93d5b3c872..860220cc6c 100644
--- a/providers/dnsimple/dnsimpleProvider.go
+++ b/providers/dnsimple/dnsimpleProvider.go
@@ -729,7 +729,7 @@ func compileAttributeErrors(err *dnsimpleapi.ErrorResponse) error {
 		e := strings.Join(errors, "& ")
 		message += fmt.Sprintf(": %s %s", field, e)
 	}
-	return fmt.Errorf("%s", message)
+	return errors.New(message)
 }
 
 // Return true if the string ends in one of DNSimple's name server domains
diff --git a/providers/hedns/hednsProvider.go b/providers/hedns/hednsProvider.go
index 495d4874bf..5db74bc1e6 100644
--- a/providers/hedns/hednsProvider.go
+++ b/providers/hedns/hednsProvider.go
@@ -3,6 +3,7 @@ package hedns
 import (
 	"crypto/sha1"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/http/cookiejar"
@@ -120,13 +121,13 @@ func newHEDNSProvider(cfg map[string]string, _ json.RawMessage) (providers.DNSSe
 	sessionFilePath := cfg["session-file-path"]
 
 	if username == "" {
-		return nil, fmt.Errorf("username must be provided")
+		return nil, errors.New("username must be provided")
 	}
 	if password == "" {
-		return nil, fmt.Errorf("password must be provided")
+		return nil, errors.New("password must be provided")
 	}
 	if totpSecret != "" && totpValue != "" {
-		return nil, fmt.Errorf("totp and totp-key must not be specified at the same time")
+		return nil, errors.New("totp and totp-key must not be specified at the same time")
 	}
 
 	// Perform the initial login
@@ -282,7 +283,7 @@ func (c *hednsProvider) GetZoneRecords(domain string, meta map[string]string) (m
 
 	// Check we can find the zone records
 	if document.Find("#dns_main_content").Size() == 0 {
-		return nil, fmt.Errorf("zone records listing failed")
+		return nil, errors.New("zone records listing failed")
 	}
 
 	// Load all the domain records
@@ -383,7 +384,7 @@ func (c *hednsProvider) authUsernameAndPassword() (authenticated bool, requiresT
 	document, err := c.parseResponseForDocumentAndErrors(response)
 	if err != nil {
 		if err.Error() == errorInvalidCredentials {
-			err = fmt.Errorf("authentication failed with incorrect username or password")
+			err = errors.New("authentication failed with incorrect username or password")
 		}
 		if err.Error() == errorTotpTokenRequired {
 			return false, true, nil
@@ -401,7 +402,7 @@ func (c *hednsProvider) authUsernameAndPassword() (authenticated bool, requiresT
 func (c *hednsProvider) auth2FA() (authenticated bool, err error) {
 
 	if c.TfaValue == "" && c.TfaSecret == "" {
-		return false, fmt.Errorf("account requires two-factor authentication but neither totp or totp-key were provided")
+		return false, errors.New("account requires two-factor authentication but neither totp or totp-key were provided")
 	}
 
 	if c.TfaValue == "" && c.TfaSecret != "" {
@@ -425,9 +426,9 @@ func (c *hednsProvider) auth2FA() (authenticated bool, err error) {
 	if err != nil {
 		switch err.Error() {
 		case errorInvalidTotpToken:
-			err = fmt.Errorf("invalid TOTP token value")
+			err = errors.New("invalid TOTP token value")
 		case errorTotpTokenReused:
-			err = fmt.Errorf("TOTP token was reused within its period (30 seconds)")
+			err = errors.New("TOTP token was reused within its period (30 seconds)")
 		}
 		return false, err
 	}
@@ -466,7 +467,7 @@ func (c *hednsProvider) authenticate() error {
 	}
 
 	if !authenticated {
-		err = fmt.Errorf("unknown authentication failure")
+		err = errors.New("unknown authentication failure")
 	} else {
 		if c.SessionFilePath != "" {
 			err = c.saveSessionFile()
@@ -655,7 +656,7 @@ func (c *hednsProvider) loadSessionFile() error {
 	for i, entry := range strings.Split(string(bytes), "\n") {
 		if i == 0 {
 			if entry != c.generateCredentialHash() {
-				return fmt.Errorf("invalid credential hash in session file")
+				return errors.New("invalid credential hash in session file")
 			}
 		} else {
 			kv := strings.Split(entry, "=")
@@ -690,7 +691,7 @@ func (c *hednsProvider) parseResponseForDocumentAndErrors(response *http.Respons
 				return true
 			}
 		}
-		err = fmt.Errorf("%s", element.Text())
+		err = errors.New(element.Text())
 		return false
 	})
 
diff --git a/providers/porkbun/api.go b/providers/porkbun/api.go
index f1ade191eb..e16e649dbf 100644
--- a/providers/porkbun/api.go
+++ b/providers/porkbun/api.go
@@ -86,7 +86,7 @@ retry:
 	bodyString, _ := io.ReadAll(resp.Body)
 
 	if resp.StatusCode == 202 || resp.StatusCode == 503 {
-		retrycnt += 1
+		retrycnt++
 		if retrycnt == 5 {
 			return bodyString, fmt.Errorf("rate limiting exceeded")
 		}

From 701cc691dac5680444a3ba4174b22335937795a7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 12 Dec 2024 14:36:55 -0500
Subject: [PATCH 414/438] Build(deps): Bump golang.org/x/crypto from 0.30.0 to
 0.31.0 (#3240)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index dcea55ffa8..0bbbe6e6d8 100644
--- a/go.mod
+++ b/go.mod
@@ -49,7 +49,7 @@ require (
 	github.com/transip/gotransip/v6 v6.26.0
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
-	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
 	google.golang.org/api v0.211.0
diff --git a/go.sum b/go.sum
index 2d30f335f4..803fe831bb 100644
--- a/go.sum
+++ b/go.sum
@@ -461,8 +461,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
-golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
 golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=

From e2cf8863262312c26f01c1d679ace267fb428d63 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 12 Dec 2024 14:37:12 -0500
Subject: [PATCH 415/438] DEFAULT CHANGE: --cmode now defaults to concurrent
 (#3238)

---
 commands/ppreviewPush.go | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 367da6e620..16ad5c4c46 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -28,18 +28,17 @@ type zoneCache struct {
 	sync.Mutex
 }
 
-const cmodewarn = `WARN: In v4.15 --cmode will default to "concurrent".` +
-	` Please test and report any bugs ASAP.` +
-	` In v4.16 or later, "legacy" will go away.` +
-	` See https://docs.dnscontrol.org/commands/preview-push` +
+const legacywarn = `WARNING: --cmode=legacy will go away in v4.16 or later.` +
+	` Please test --cmode=concurrent and report any bugs ASAP.` +
+	` See https://docs.dnscontrol.org/commands/preview-push#cmode` +
 	"\n"
 
-const ppreviewwarn = `WARN: ppreview is going away in v4.16 or later.` +
-	` Use "preview --cmode=concurrent" instead.` +
+const ppreviewwarn = `WARNING: ppreview is going away in v4.16 or later.` +
+	` Use "preview" instead.` +
 	"\n"
 
-const ppushwarn = `WARN: ppush is going away in v4.16 or later.` +
-	` Use "push --cmode=concurrent" instead.` +
+const ppushwarn = `WARNING: ppush is going away in v4.16 or later.` +
+	` Use "push" instead.` +
 	"\n"
 
 var _ = cmd(catMain, func() *cli.Command {
@@ -49,7 +48,7 @@ var _ = cmd(catMain, func() *cli.Command {
 		Usage: "read live configuration and identify changes to be made, without applying them",
 		Action: func(ctx *cli.Context) error {
 			if args.ConcurMode == "legacy" {
-				fmt.Fprint(os.Stderr, cmodewarn)
+				fmt.Fprint(os.Stderr, legacywarn)
 				return exit(Preview(args))
 			}
 			return exit(PPreview(args))
@@ -113,7 +112,7 @@ func (args *PPreviewArgs) flags() []cli.Flag {
 	flags = append(flags, &cli.StringFlag{
 		Name:        "cmode",
 		Destination: &args.ConcurMode,
-		Value:       "legacy",
+		Value:       "concurrent",
 		Usage:       `Which providers to run concurrently: legacy, concurrent, none, all`,
 		Action: func(c *cli.Context, s string) error {
 			if !slices.Contains([]string{"legacy", "concurrent", "none", "all"}, s) {
@@ -166,7 +165,7 @@ var _ = cmd(catMain, func() *cli.Command {
 		Usage: "identify changes to be made, and perform them",
 		Action: func(ctx *cli.Context) error {
 			if args.ConcurMode == "legacy" {
-				fmt.Fprint(os.Stderr, cmodewarn)
+				fmt.Fprint(os.Stderr, legacywarn)
 				return exit(Push(args))
 			}
 			return exit(PPush(args))

From 0b85cf2fe2d1bc8e1982bd93bedb59c54d85d341 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 12 Dec 2024 19:43:17 -0500
Subject: [PATCH 416/438] CNR Provider: Review CI / Docs / Capabilities (add
 NAPTR, SSHFP) (#3241)

Co-authored-by: Kai Schwarz <kai.schwarz@centralnic.com>
Co-authored-by: AsifNawaz-cnic <asif.nawaz@centralnic.com>
---
 .goreleaser.yml              |  2 +-
 documentation/SUMMARY.md     |  1 +
 documentation/providers.md   |  4 ++--
 providers/cnr/cnrProvider.go | 34 +++++++++++++++++++++++++---------
 providers/cnr/records.go     | 17 +++++++++++++++--
 5 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index bd06019bbc..4cfbbcd0ba 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -39,7 +39,7 @@ changelog:
       regexp: "(?i)^.*(major|new provider|feature)[(\\w)]*:+.*$"
       order: 1
     - title: 'Provider-specific changes:'
-      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|huaweicloud|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|sakuracloud|softlayer|transip|vultr).*:)+.*"
+      regexp: "(?i)((akamaiedge|autodns|axfrd|azure|azure_private_dns|bind|bunnydns|cloudflare|cloudflareapi_old|cloudns|cnr|cscglobal|desec|digitalocean|dnsimple|dnsmadeeasy|doh|domainnameshop|dynadot|easyname|exoscale|gandi|gcloud|gcore|hedns|hetzner|hexonet|hostingde|huaweicloud|inwx|linode|loopia|luadns|msdns|mythicbeasts|namecheap|namedotcom|netcup|netlify|ns1|opensrs|oracle|ovh|packetframe|porkbun|powerdns|realtimeregister|route53|rwth|sakuracloud|softlayer|transip|vultr).*:)+.*"
       order: 2
     - title: 'Documentation:'
       regexp: "(?i)^.*(docs)[(\\w)]*:+.*$"
diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index ca0a31a2f4..55c8babf4f 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -112,6 +112,7 @@
 * [Azure Private DNS](provider/azure_private_dns.md)
 * [BIND](provider/bind.md)
 * [Bunny DNS](provider/bunny\_dns.md)
+* [CentralNic Reseller (fka RRPproxy)](provider/cnr.md)
 * [Cloudflare](provider/cloudflareapi.md)
 * [ClouDNS](provider/cloudns.md)
 * [CSC Global](provider/cscglobal.md)
diff --git a/documentation/providers.md b/documentation/providers.md
index 5d386c8b31..cdae731e92 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -23,7 +23,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
-| [`CNR`](provider/cnr.md) | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
+| [`CNR`](provider/cnr.md) | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ | ❌ | ✅ | ❔ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ |
 | [`CSCGLOBAL`](provider/cscglobal.md) | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❌ | ✅ |
 | [`DESEC`](provider/desec.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ✅ | ❔ | ✅ | ✅ |
 | [`DIGITALOCEAN`](provider/digitalocean.md) | ❌ | ✅ | ❌ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❔ | ❔ | ❔ | ✅ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ |
@@ -118,6 +118,7 @@ Providers in this category and their maintainers are:
 |[`BUNNY_DNS`](provider/bunny_dns.md)|@ppmathis|
 |[`CLOUDFLAREAPI`](provider/cloudflareapi.md)|@tresni|
 |[`CLOUDNS`](provider/cloudns.md)|@pragmaton|
+|[`CNR`](provider/cnr.md)|@KaiSchwarz-cnic|
 |[`CSCGLOBAL`](provider/cscglobal.md)|@Air-New-Zealand|
 |[`DESEC`](provider/desec.md)|@D3luxee|
 |[`DIGITALOCEAN`](provider/digitalocean.md)|@Deraen|
@@ -172,7 +173,6 @@ code to support this provider, we'd be glad to help in any way.
 * [Infoblox DNS](https://github.com/StackExchange/dnscontrol/issues/1077) (#1077)
 * [Joker.com](https://github.com/StackExchange/dnscontrol/issues/854) (#854)
 * [Plesk](https://github.com/StackExchange/dnscontrol/issues/2261) (#2261)
-* [RRPPRoxy](https://github.com/StackExchange/dnscontrol/issues/1656) (#1656)
 * [RcodeZero](https://github.com/StackExchange/dnscontrol/issues/884) (#884)
 * [SynergyWholesale](https://github.com/StackExchange/dnscontrol/issues/1605) (#1605)
 * [UltraDNS by Neustar / CSCGlobal](https://github.com/StackExchange/dnscontrol/issues/1533) (#1533)
diff --git a/providers/cnr/cnrProvider.go b/providers/cnr/cnrProvider.go
index 8318d40dbf..5debd3f088 100644
--- a/providers/cnr/cnrProvider.go
+++ b/providers/cnr/cnrProvider.go
@@ -25,19 +25,35 @@ type CNRClient struct {
 }
 
 var features = providers.DocumentationNotes{
-	// The default for unlisted capabilities is 'Cannot'.
 	// See providers/capabilities.go for the entire list of capabilities.
-	providers.CanGetZones:            providers.Can(),
+	// The default for unlisted capabilities is 'Cannot'.
+	// --- Supported Features ---
+	providers.CanAutoDNSSEC:          providers.Unimplemented("Ask for this feature."),
 	providers.CanConcur:              providers.Can(),
-	providers.CanUseAlias:            providers.Cannot("Not supported. You may use CNAME records instead. An Alternative solution is planned."),
-	providers.CanUseCAA:              providers.Can(),
-	providers.CanUseLOC:              providers.Unimplemented(),
-	providers.CanUsePTR:              providers.Can(),
-	providers.CanUseSRV:              providers.Can("SRV records with empty targets are not supported"),
-	providers.CanUseTLSA:             providers.Can(),
+	providers.CanGetZones:            providers.Can(),
 	providers.DocCreateDomains:       providers.Can(),
 	providers.DocDualHost:            providers.Can(),
 	providers.DocOfficiallySupported: providers.Cannot("Actively maintained provider module."),
+	// --- Supported record types ---
+	// providers.CanUseAKAMAICDN: 	      providers.Cannot(), // can only be supported by Akamai EdgeDns provider
+	providers.CanUseAlias: providers.Cannot("Not supported. You may use CNAME records instead. An Alternative solution is planned."),
+	// providers.CanUseAzureAlias:		  providers.Cannot(), // can only be supported by Azure provider
+	providers.CanUseCAA:           providers.Can(),
+	providers.CanUseDHCID:         providers.Cannot("Ask for this feature."),
+	providers.CanUseDNAME:         providers.Cannot("Ask for this feature."),
+	providers.CanUseDNSKEY:        providers.Unimplemented("Ask for this feature."),
+	providers.CanUseDS:            providers.Unimplemented("Ask for this feature."),
+	providers.CanUseDSForChildren: providers.Unimplemented("Ask for this feature."), // CanUseDS implies CanUseDSForChildren
+	providers.CanUseHTTPS:         providers.Cannot("Managed via (Query|Add|Modify|Delete)WebFwd API call. Data not accessible via the resource records list. Hard to integrate this into DNSControl by that."),
+	providers.CanUseLOC:           providers.Cannot("Ask for this feature."),
+	providers.CanUseNAPTR:         providers.Can(),
+	providers.CanUsePTR:           providers.Can(),
+	// providers.CanUseRoute53Alias:	  providers.Cannot(), // can only be supported by AWS Route53 provider
+	providers.CanUseSOA:   providers.Cannot("The SOA record is managed on the DNSZone directly. Data only accessible via StatusDNSZone Request, not via the resource records list. Hard to integrate this into DNSControl by that."), // supported by bind, honstingde
+	providers.CanUseSRV:   providers.Can("SRV records with empty targets are not supported"),
+	providers.CanUseSSHFP: providers.Can(),
+	providers.CanUseSVCB:  providers.Cannot("Ask for this feature."),
+	providers.CanUseTLSA:  providers.Can(),
 }
 
 func newProvider(conf map[string]string) (*CNRClient, error) {
@@ -47,7 +63,7 @@ func newProvider(conf map[string]string) (*CNRClient, error) {
 	}
 	api.client.SetUserAgent("DNSControl", version)
 	api.APILogin, api.APIPassword, api.APIEntity = conf["apilogin"], conf["apipassword"], conf["apientity"]
-	if conf["debugmode"] == "1" {
+	if conf["debugmode"] == "2" {
 		api.client.EnableDebugMode()
 	}
 	if api.APIEntity != "OTE" && api.APIEntity != "LIVE" {
diff --git a/providers/cnr/records.go b/providers/cnr/records.go
index bfe5d8fcd4..5a931b5f1c 100644
--- a/providers/cnr/records.go
+++ b/providers/cnr/records.go
@@ -195,7 +195,10 @@ func (n *CNRClient) getRecords(domain string) ([]*CNRRecord, error) {
 		if r.GetCode() == 545 {
 			// If dns zone does not exist create a new one automatically
 			if !isNoPopulate() {
-				n.EnsureZoneExists(domain)
+				err := n.EnsureZoneExists(domain)
+				if err != nil {
+					return nil, err
+				}
 			} else {
 				// Return specific error if the zone does not exist
 				return nil, n.GetCNRApiError("Use `dnscontrol create-domains` to create not-existing zone", domain, r)
@@ -293,6 +296,16 @@ func (n *CNRClient) createRecordString(rc *models.RecordConfig, domain string) (
 		if domain == host {
 			host = fmt.Sprintf(`%s.`, host)
 		}
+	case "SSHFP":
+		answer = fmt.Sprintf(`%v %v %s`, rc.SshfpAlgorithm, rc.SshfpFingerprint, rc.GetTargetField())
+		if domain == host {
+			host = fmt.Sprintf(`%s.`, host)
+		}
+	case "NAPTR":
+		answer = fmt.Sprintf(`%v %v "%v" "%v" "%v" %v`, rc.NaptrOrder, rc.NaptrPreference, rc.NaptrFlags, rc.NaptrService, rc.NaptrRegexp, rc.GetTargetField())
+		if domain == host {
+			host = fmt.Sprintf(`%s.`, host)
+		}
 	case "TLSA":
 		answer = fmt.Sprintf(`%v %v %v %s`, rc.TlsaUsage, rc.TlsaSelector, rc.TlsaMatchingType, rc.GetTargetField())
 	case "CAA":
@@ -363,5 +376,5 @@ func isNoPopulate() bool {
 
 // Function to check if debug mode is enabled
 func (n *CNRClient) isDebugOn() bool {
-	return n.conf["debugmode"] == "1"
+	return n.conf["debugmode"] == "1" || n.conf["debugmode"] == "2"
 }

From 29283f7fe508bf21460c095ce2efedc225ca39d5 Mon Sep 17 00:00:00 2001
From: Will Power <1619102+willpower232@users.noreply.github.com>
Date: Fri, 13 Dec 2024 13:34:02 +0000
Subject: [PATCH 417/438] DOCS: Update Mattermost docs link (#3247)

---
 documentation/notifications.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/documentation/notifications.md b/documentation/notifications.md
index 894eab4c91..5f730edd62 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -72,7 +72,7 @@ Successfully ran correction for **example.com[my_provider]** - CREATE foo.exampl
 ### Slack/Mattermost
 
 If you want to use the Slack integration, you need to create a webhook in Slack.
-Please see the [Slack documentation](https://api.slack.com/messaging/webhooks) or the [Mattermost documentation](https://docs.mattermost.com/developer/webhooks-incoming.html)
+Please see the [Slack documentation](https://api.slack.com/messaging/webhooks) or the [Mattermost documentation](https://developers.mattermost.com/integrate/webhooks/incoming/)
 
 Configure `slack_url` to this webhook. Mattermost works as well, as they share the same api,
 

From 43579505fff36fa7d42cfab7ba788bc16fa38384 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 13 Dec 2024 08:35:12 -0500
Subject: [PATCH 418/438] BUGFIX: push not running concurrently (#3249)

---
 commands/ppreviewPush.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index 16ad5c4c46..b71dfe529f 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -213,7 +213,7 @@ func PPreview(args PPreviewArgs) error {
 
 // PPush implements the push subcommand.
 func PPush(args PPushArgs) error {
-	return run(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, &args.Report)
+	return prun(args.PPreviewArgs, true, args.Interactive, printer.DefaultPrinter, args.Report)
 }
 
 var pobsoleteDiff2FlagUsed = false

From c1206a8d4cc3520b3c593d378206d515c456249e Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Mon, 16 Dec 2024 17:59:35 -0500
Subject: [PATCH 419/438] ENHANCEMENT: get-zones: No longer generate END tokens
 (#3253)

---
 commands/getZones.go                   | 2 +-
 commands/test_data/apex.com.zone.js    | 2 +-
 commands/test_data/ds.com.zone.js      | 2 +-
 commands/test_data/example.org.zone.js | 2 +-
 commands/test_data/simple.com.zone.js  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/commands/getZones.go b/commands/getZones.go
index 1adbb08376..4ae28443b5 100644
--- a/commands/getZones.go
+++ b/commands/getZones.go
@@ -276,7 +276,7 @@ func GetZone(args GetZoneArgs) error {
 					"// NOTE: CNAME at apex may require manual editing.",
 				)
 				fmt.Fprint(w, out)
-				fmt.Fprint(w, "\nEND);\n\n")
+				fmt.Fprint(w, "\n);\n\n")
 			}
 
 		case "tsv":
diff --git a/commands/test_data/apex.com.zone.js b/commands/test_data/apex.com.zone.js
index 30e3604784..cf4404be4e 100644
--- a/commands/test_data/apex.com.zone.js
+++ b/commands/test_data/apex.com.zone.js
@@ -11,5 +11,5 @@ D("apex.com", REG_CHANGEME,
 	// NOTE: CNAME at apex may require manual editing.
 	CNAME("@", "cnametest1.example.com."),
 	CNAME("www", "cnametest2.example.com."),
-END);
+);
 
diff --git a/commands/test_data/ds.com.zone.js b/commands/test_data/ds.com.zone.js
index 91a93a22c1..365f8fdd92 100644
--- a/commands/test_data/ds.com.zone.js
+++ b/commands/test_data/ds.com.zone.js
@@ -5,5 +5,5 @@ D("ds.com", REG_CHANGEME,
 	DnsProvider(DSP_BIND),
 	//SOA("@", "ns3.serverfault.com.", "sysadmin.stackoverflow.com.", 2020022300, 3600, 600, 604800, 1440),
 	DS("geo", 14480, 13, 2, "BB1C4B615CDED2B34347CF23710471934D972F1E34F53B54ED8D5F786202C73B"),
-END);
+);
 
diff --git a/commands/test_data/example.org.zone.js b/commands/test_data/example.org.zone.js
index 6972c95bb5..52ad747f14 100644
--- a/commands/test_data/example.org.zone.js
+++ b/commands/test_data/example.org.zone.js
@@ -353,5 +353,5 @@ D("example.org", REG_CHANGEME,
 	CNAME("opqrstuvwxyz", "gv-abcdefghijklmn.dv.googlehosted.com."),
 	CNAME("zyxwvutsrqpo", "gv-nmlkjihgfedcba.dv.googlehosted.com."),
 	CNAME("0123456789abcdef0123456789abcdef", "verify.bing.com."),
-END);
+);
 
diff --git a/commands/test_data/simple.com.zone.js b/commands/test_data/simple.com.zone.js
index 51d3d23d11..e32e83de13 100644
--- a/commands/test_data/simple.com.zone.js
+++ b/commands/test_data/simple.com.zone.js
@@ -22,5 +22,5 @@ D("simple.com", REG_CHANGEME,
 	CNAME("email", "mkto-sj280138.com."),
 	CNAME("info", "stackoverflow.mktoweb.com."),
 	SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
-END);
+);
 

From a7e83de93de1e17ee594c615f0f42c881863a397 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 17 Dec 2024 07:42:04 -0500
Subject: [PATCH 420/438] BIND: Allow use in cmode=concurrent (#3254)

---
 commands/ppreviewPush.go       |  7 +++++--
 documentation/providers.md     |  2 +-
 providers/bind/bindProvider.go | 32 ++++++++++++++++----------------
 3 files changed, 22 insertions(+), 19 deletions(-)

diff --git a/commands/ppreviewPush.go b/commands/ppreviewPush.go
index b71dfe529f..e8a16dca9a 100644
--- a/commands/ppreviewPush.go
+++ b/commands/ppreviewPush.go
@@ -581,7 +581,7 @@ func generatePopulateCorrections(provider *models.DNSProviderInstance, zoneName
 	}
 
 	return []*models.Correction{{
-		Msg: fmt.Sprintf("Create zone '%s' in the '%s' profile", aceZoneName, provider.Name),
+		Msg: fmt.Sprintf("Ensuring zone %q exists in %q", aceZoneName, provider.Name),
 		F:   func() error { return creator.EnsureZoneExists(aceZoneName) },
 	}}
 }
@@ -604,7 +604,10 @@ func generateDelegationCorrections(zone *models.DomainConfig, providers []*model
 	nameservers.AddNSRecords(zone)
 
 	if len(zone.Nameservers) == 0 && zone.Metadata["no_ns"] != "true" {
-		return []*models.Correction{{Msg: fmt.Sprintf("No nameservers declared for domain %q; skipping registrar. Add {no_ns:'true'} to force", zone.Name)}}, 0
+		return []*models.Correction{{Msg: fmt.Sprintf("Skipping registrar %q: No nameservers declared for domain %q. Add {no_ns:'true'} to force",
+			zone.RegistrarName,
+			zone.Name,
+		)}}, 0
 	}
 
 	corrections, err := zone.RegistrarInstance.Driver.GetRegistrarCorrections(zone)
diff --git a/documentation/providers.md b/documentation/providers.md
index cdae731e92..d0d52d9204 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -19,7 +19,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
-| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
 | [`BUNNY_DNS`](provider/bunny_dns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❌ | ❔ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | ❔ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ✅ | ✅ |
 | [`CLOUDFLAREAPI`](provider/cloudflareapi.md) | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ | ❔ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ | ✅ |
 | [`CLOUDNS`](provider/cloudns.md) | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ✅ | ❔ | ❔ | ✅ | ✅ |
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 583693141a..68b83b4265 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -35,7 +35,7 @@ var features = providers.DocumentationNotes{
 	// See providers/capabilities.go for the entire list of capabilities.
 	providers.CanAutoDNSSEC:          providers.Can("Just writes out a comment indicating DNSSEC was requested"),
 	providers.CanGetZones:            providers.Can(),
-	providers.CanConcur:              providers.Cannot(),
+	providers.CanConcur:              providers.Can(),
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseDNAME:            providers.Can(),
@@ -126,8 +126,6 @@ type bindProvider struct {
 	nameservers    []*models.Nameserver
 	directory      string
 	filenameformat string
-	zonefile       string // Where the zone data is e texpected
-	zoneFileFound  bool   // Did the zonefile exist?
 }
 
 // GetNameservers returns the nameservers for a domain.
@@ -162,6 +160,7 @@ func (c *bindProvider) ListZones() ([]string, error) {
 
 // GetZoneRecords gets the records of a zone and returns them in RecordConfig format.
 func (c *bindProvider) GetZoneRecords(domain string, meta map[string]string) (models.Records, error) {
+	var zonefile string
 
 	if _, err := os.Stat(c.directory); os.IsNotExist(err) {
 		printer.Printf("\nWARNING: BIND directory %q does not exist! (will create)\n", c.directory)
@@ -172,29 +171,25 @@ func (c *bindProvider) GetZoneRecords(domain string, meta map[string]string) (mo
 		// This layering violation is needed for tests only.
 		// Otherwise, this is set already.
 		// Note: In this situation there is no "uniquename" or "tag".
-		c.zonefile = filepath.Join(c.directory,
+		zonefile = filepath.Join(c.directory,
 			makeFileName(c.filenameformat, domain, domain, ""))
 	} else {
-		c.zonefile = filepath.Join(c.directory,
+		zonefile = filepath.Join(c.directory,
 			makeFileName(c.filenameformat,
 				meta[models.DomainUniqueName], domain, meta[models.DomainTag]),
 		)
 	}
-	content, err := os.ReadFile(c.zonefile)
+	content, err := os.ReadFile(zonefile)
 	if os.IsNotExist(err) {
 		// If the file doesn't exist, that's not an error. Just informational.
-		c.zoneFileFound = false
-		fmt.Fprintf(os.Stderr, "File does not yet exist: %q (will create)\n", c.zonefile)
+		fmt.Fprintf(os.Stderr, "File does not yet exist: %q (will create)\n", zonefile)
 		return nil, nil
 	}
 	if err != nil {
-		return nil, fmt.Errorf("can't open %s: %w", c.zonefile, err)
+		return nil, fmt.Errorf("can't open %s: %w", zonefile, err)
 	}
-	c.zoneFileFound = true
 
-	zonefileName := c.zonefile
-
-	return ParseZoneContents(string(content), domain, zonefileName)
+	return ParseZoneContents(string(content), domain, zonefile)
 }
 
 // ParseZoneContents parses a string as a BIND zone and returns the records.
@@ -216,9 +211,14 @@ func ParseZoneContents(content string, zoneName string, zonefileName string) (mo
 	return foundRecords, nil
 }
 
+func (n *bindProvider) EnsureZoneExists(_ string) error {
+	return nil
+}
+
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundRecords models.Records) ([]*models.Correction, int, error) {
 	var corrections []*models.Correction
+	var zonefile string
 
 	changes := false
 	var msg string
@@ -270,7 +270,7 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 		comments = append(comments, "Automatic DNSSEC signing requested")
 	}
 
-	c.zonefile = filepath.Join(c.directory,
+	zonefile = filepath.Join(c.directory,
 		makeFileName(c.filenameformat,
 			dc.Metadata[models.DomainUniqueName], dc.Name, dc.Metadata[models.DomainTag]),
 	)
@@ -287,8 +287,8 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 		&models.Correction{
 			Msg: msg,
 			F: func() error {
-				printer.Printf("WRITING ZONEFILE: %v\n", c.zonefile)
-				fname, err := preprocessFilename(c.zonefile)
+				printer.Printf("WRITING ZONEFILE: %v\n", zonefile)
+				fname, err := preprocessFilename(zonefile)
 				if err != nil {
 					return fmt.Errorf("could not create zonefile: %w", err)
 				}

From 3d25d3e3bd1d41e6c120fd33aa303837448b8b13 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 17 Dec 2024 07:44:52 -0500
Subject: [PATCH 421/438] TEST: Improve IGNORE() integration tests (#3255)

---
 integrationTest/integration_test.go | 313 ++++++++++++++++++----------
 1 file changed, 200 insertions(+), 113 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 327061f5d0..5bb42e15c7 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -2087,158 +2087,225 @@ func makeTests() []*TestGroup {
 
 		testgroup("IGNORE main",
 			tc("Create some records",
-				txt("foo", "simple"),
 				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
 				a("bar", "5.5.5.5"),
-			),
-			tc("ignore label=foo",
+				cname("mail", "ghs.googlehosted.com."),
+			),
+			tc("ignore label",
+				// NB(tlim): This ignores 1 record of a recordSet. This should
+				// fail for diff2.ByRecordSet() providers if diff2 is not
+				// implemented correctly.
+				//a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
+				//txt("foo", "simple"),
 				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
 				ignore("foo", "", ""),
 			).ExpectNoChanges(),
-			tc("ignore type=txt",
+			tc("ignore label,type",
+				//a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("foo", "A", ""),
+			).ExpectNoChanges(),
+			tc("ignore label,type,target",
+				//a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("foo", "A", "1.2.3.4"),
+			).ExpectNoChanges(),
+			tc("ignore type",
+				//a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				//a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "A", ""),
+			).ExpectNoChanges(),
+			tc("ignore type,target",
 				a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
 				a("bar", "5.5.5.5"),
-				ignore("", "TXT", ""),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "A", "2.3.4.5"),
 			).ExpectNoChanges(),
-			tc("ignore target=1.2.3.4",
+			tc("ignore target",
+				a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
 				txt("foo", "simple"),
 				a("bar", "5.5.5.5"),
-				ignore("", "", "1.2.3.4"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "", "2.3.4.5"),
 			).ExpectNoChanges(),
+			//
+			// Many types:
 			tc("ignore manytypes",
+				//a("foo", "1.2.3.4"),
+				//a("foo", "2.3.4.5"),
+				//txt("foo", "simple"),
+				//a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A,TXT", ""),
 			).ExpectNoChanges(),
+			//
+			// Target with wildcard:
+			tc("ignore label,type,target=*",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				//cname("mail", "ghs.googlehosted.com."),
+				ignore("", "CNAME", "*.googlehosted.com."),
+			).ExpectNoChanges(),
 		),
 
+		// Same as "main" but with an apex ("@") record.
 		testgroup("IGNORE apex",
 			tc("Create some records",
-				txt("@", "simple"),
 				a("@", "1.2.3.4"),
-			).UnsafeIgnore(),
-			tc("ignore label=apex",
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			),
+			tc("ignore label",
+				// NB(tlim): This ignores 1 record of a recordSet. This should
+				// fail for diff2.ByRecordSet() providers if diff2 is not
+				// implemented correctly.
+				//a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
+				//txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
 				ignore("@", "", ""),
+				//ignore("", "NS", ""),
+				// NB(tlim): .UnsafeIgnore is needed because the NS records
+				// that providers injects into zones are treated like input
+				// from dnsconfig.js.
 			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignore type=txt",
-				a("@", "1.2.3.4"),
-				ignore("", "TXT", ""),
-			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignore target=1.2.3.4",
+			tc("ignore label,type",
+				//a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
 				txt("@", "simple"),
-				ignore("", "", "1.2.3.4"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("@", "A", ""),
+			).ExpectNoChanges(),
+			tc("ignore label,type,target",
+				//a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("@", "A", "1.2.3.4"),
+				// NB(tlim): .UnsafeIgnore is needed because the NS records
+				// that providers injects into zones are treated like input
+				// from dnsconfig.js.
 			).ExpectNoChanges().UnsafeIgnore(),
+			tc("ignore type",
+				//a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				//a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "A", ""),
+			).ExpectNoChanges(),
+			tc("ignore type,target",
+				a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "A", "2.3.4.5"),
+			).ExpectNoChanges(),
+			tc("ignore target",
+				a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+				ignore("", "", "2.3.4.5"),
+			).ExpectNoChanges(),
+			// Many types:
 			tc("ignore manytypes",
+				//a("@", "1.2.3.4"),
+				//a("@", "2.3.4.5"),
+				//txt("@", "simple"),
+				//a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A,TXT", ""),
-			).ExpectNoChanges().UnsafeIgnore(),
+			).ExpectNoChanges(),
 		),
 
-		// Legacy IGNORE_NAME and IGNORE_TARGET tests.
+		// IGNORE with unsafe notation
 
-		testgroup("IGNORE_NAME function",
+		testgroup("IGNORE cross",
 			tc("Create some records",
 				txt("foo", "simple"),
 				a("foo", "1.2.3.4"),
-				a("bar", "1.2.3.4"),
+				txt("@", "asimple"),
+				a("@", "2.2.2.2"),
 			),
-			tc("ignore foo",
-				ignoreName("foo"),
-				a("bar", "1.2.3.4"),
-			).ExpectNoChanges(),
-			clear(),
-			tc("Create some records",
-				txt("bar.foo", "simple"),
-				a("bar.foo", "1.2.3.4"),
-				a("bar", "1.2.3.4"),
-			),
-			tc("ignore *.foo",
-				ignoreName("*.foo"),
-				a("bar", "1.2.3.4"),
-			).ExpectNoChanges(),
-			clear(),
-			tc("Create some records",
-				txt("bar.foo", "simple"),
-				a("bar.foo", "1.2.3.4"),
-			),
-			tc("ignore *.foo while we add 1",
-				ignoreName("*.foo"),
-				a("bar", "1.2.3.4"),
-			),
-		),
-
-		testgroup("IGNORE_NAME apex",
-			tc("Create some records",
-				txt("@", "simple"),
-				a("@", "1.2.3.4"),
-				txt("bar", "stringbar"),
-				a("bar", "2.4.6.8"),
-			).UnsafeIgnore(),
-			tc("ignore apex",
-				ignoreName("@"),
-				txt("bar", "stringbar"),
-				a("bar", "2.4.6.8"),
+			tc("ignore label=apex",
+				txt("foo", "simple"),
+				a("foo", "1.2.3.4"),
+				txt("@", "asimple"),
+				a("@", "2.2.2.2"),
+				ignore("foo", "TXT", ""),
+			).ExpectNoChanges().UnsafeIgnore(),
+			tc("ignore label=apex",
+				txt("foo", "simple"),
+				a("foo", "1.2.3.4"),
+				txt("@", "asimple"),
+				a("@", "2.2.2.2"),
+				ignore("@", "TXT", ""),
 			).ExpectNoChanges().UnsafeIgnore(),
-			clear(),
-			tc("Add a new record - ignoring apex",
-				ignoreName("@"),
-				txt("bar", "stringbar"),
-				a("bar", "2.4.6.8"),
-				a("added", "4.6.8.9"),
-			).UnsafeIgnore(),
 		),
 
-		testgroup("IGNORE_TARGET function CNAME",
-			tc("Create some records",
-				cname("foo", "test.foo.com."),
-				cname("keep", "keeper.example.com."),
-			),
-			tc("ignoring CNAME=test.foo.com.",
-				ignoreTarget("test.foo.com.", "CNAME"),
-				cname("keep", "keeper.example.com."),
-			).ExpectNoChanges(),
-			tc("ignoring CNAME=test.foo.com. and add",
-				ignoreTarget("test.foo.com.", "CNAME"),
-				cname("keep", "keeper.example.com."),
-				a("adding", "1.2.3.4"),
-				cname("another", "www.example.com."),
-			),
-		),
+		// IGNORE with wildcards
 
-		testgroup("IGNORE_TARGET function CNAME*",
+		testgroup("IGNORE wilds",
 			tc("Create some records",
-				cname("foo1", "test.foo.com."),
-				cname("foo2", "my.test.foo.com."),
-				cname("bar", "test.example.com."),
-			).UnsafeIgnore(),
-			tc("ignoring CNAME=test.foo.com.",
-				ignoreTarget("*.foo.com.", "CNAME"),
-				cname("foo2", "my.test.foo.com."),
-				cname("bar", "test.example.com."),
-			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignoring CNAME=test.foo.com. and add",
-				ignoreTarget("*.foo.com.", "CNAME"),
-				cname("foo2", "my.test.foo.com."),
-				cname("bar", "test.example.com."),
-				a("adding", "1.2.3.4"),
-				cname("another", "www.example.com."),
-			).UnsafeIgnore(),
+				a("foo.bat", "1.2.3.4"),
+				a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+			),
+			tc("ignore label=foo.*",
+				//a("foo.bat", "1.2.3.4"),
+				//a("foo.bat", "2.3.4.5"),
+				//txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+				ignore("foo.*", "", ""),
+			).ExpectNoChanges(),
+			tc("ignore label=foo.bat,type",
+				//a("foo.bat", "1.2.3.4"),
+				//a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				//a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+				ignore("*.bat", "A", ""),
+			).ExpectNoChanges(),
+			tc("ignore target=*.domain",
+				a("foo.bat", "1.2.3.4"),
+				a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				//cname("mail.bat", "ghs.googlehosted.com."),
+				ignore("", "", "*.googlehosted.com."),
+			).ExpectNoChanges(),
 		),
 
-		testgroup("IGNORE_TARGET function CNAME**",
-			tc("Create some records",
-				cname("foo1", "test.foo.com."),
-				cname("foo2", "my.test.foo.com."),
-				cname("bar", "test.example.com."),
-			).UnsafeIgnore(),
-			tc("ignoring CNAME=test.foo.com.",
-				ignoreTarget("**.foo.com.", "CNAME"),
-				cname("bar", "test.example.com."),
-			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignoring CNAME=test.foo.com. and add",
-				ignoreTarget("**.foo.com.", "CNAME"),
-				cname("bar", "test.example.com."),
-				a("adding", "1.2.3.4"),
-				cname("another", "www.example.com."),
-			).UnsafeIgnore(),
-		),
+		// IGNORE repro bug reports
 
 		// https://github.com/StackExchange/dnscontrol/issues/2285
 		testgroup("IGNORE_TARGET b2285",
@@ -2273,6 +2340,26 @@ func makeTests() []*TestGroup {
 			).ExpectNoChanges().UnsafeIgnore(),
 		),
 
+		// https://github.com/StackExchange/dnscontrol/issues/3227
+		testgroup("IGNORE w/change b3227",
+			tc("Create some records",
+				a("testignore", "8.8.8.8"),
+				a("testdefined", "9.9.9.9"),
+			),
+			tc("ignore",
+				//a("testignore", "8.8.8.8"),
+				a("testdefined", "9.9.9.9"),
+				ignore("testignore", "", ""),
+			).ExpectNoChanges(),
+			tc("ignore with change",
+				//a("testignore", "8.8.8.8"),
+				a("testdefined", "2.2.2.2"),
+				ignore("testignore", "", ""),
+			),
+		),
+
+		// OVH features
+
 		testgroup("structured TXT",
 			only("OVH"),
 			tc("Create TXT",

From ee4970471b02336eb6cab8221eed73c6eafc4e6b Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Tue, 17 Dec 2024 13:46:37 +0100
Subject: [PATCH 422/438] DOCS: Trailing commas are no longer an issue (#3248)

---
 commands/types/dnscontrol.d.ts                | 214 +++++++++---------
 documentation/ci-cd-gitlab.md                 |   2 +-
 documentation/cli-variables.md                |   8 +-
 documentation/code-tricks.md                  |  61 +----
 documentation/examples.md                     |  22 +-
 documentation/getting-started.md              |   2 +-
 .../language-reference/domain-modifiers/A.md  |   2 +-
 .../domain-modifiers/AAAA.md                  |   2 +-
 .../domain-modifiers/ALIAS.md                 |   2 +-
 .../domain-modifiers/AUTODNSSEC_ON.md         |   4 +-
 .../domain-modifiers/AZURE_ALIAS.md           |   2 +-
 .../domain-modifiers/CAA.md                   |   2 +-
 .../domain-modifiers/CAA_BUILDER.md           |   8 +-
 .../domain-modifiers/CF_REDIRECT.md           |   2 +-
 .../domain-modifiers/CF_SINGLE_REDIRECT.md    |   2 +-
 .../domain-modifiers/CF_TEMP_REDIRECT.md      |   2 +-
 .../domain-modifiers/CF_WORKER_ROUTE.md       |   2 +-
 .../domain-modifiers/CNAME.md                 |   2 +-
 .../domain-modifiers/DHCID.md                 |   2 +-
 .../domain-modifiers/DMARC_BUILDER.md         |   6 +-
 .../domain-modifiers/DNAME.md                 |   2 +-
 .../domain-modifiers/DNSKEY.md                |   2 +-
 .../language-reference/domain-modifiers/DS.md |   2 +-
 .../domain-modifiers/DefaultTTL.md            |   2 +-
 .../domain-modifiers/HTTPS.md                 |   2 +-
 .../domain-modifiers/IGNORE.md                |  38 ++--
 .../domain-modifiers/IMPORT_TRANSFORM.md      |   6 +-
 .../domain-modifiers/INCLUDE.md               |   4 +-
 .../domain-modifiers/LOC.md                   |   2 +-
 .../domain-modifiers/LOC_BUILDER_DD.md        |   2 +-
 .../domain-modifiers/LOC_BUILDER_DMM_STR.md   |   2 +-
 .../domain-modifiers/LOC_BUILDER_DMS_STR.md   |   2 +-
 .../domain-modifiers/LOC_BUILDER_STR.md       |   2 +-
 .../domain-modifiers/M365_BUILDER.md          |   4 +-
 .../language-reference/domain-modifiers/MX.md |   2 +-
 .../domain-modifiers/NAMESERVER.md            |   6 +-
 .../domain-modifiers/NAMESERVER_TTL.md        |   4 +-
 .../domain-modifiers/NAPTR.md                 |   8 +-
 .../domain-modifiers/NO_PURGE.md              |   2 +-
 .../language-reference/domain-modifiers/NS.md |   2 +-
 .../domain-modifiers/PTR.md                   |  12 +-
 .../domain-modifiers/PURGE.md                 |   4 +-
 .../domain-modifiers/R53_ALIAS.md             |   2 +-
 .../domain-modifiers/SOA.md                   |   2 +-
 .../domain-modifiers/SPF_BUILDER.md           |  10 +-
 .../domain-modifiers/SRV.md                   |   2 +-
 .../domain-modifiers/SSHFP.md                 |   2 +-
 .../domain-modifiers/SVCB.md                  |   2 +-
 .../domain-modifiers/TLSA.md                  |   2 +-
 .../domain-modifiers/TXT.md                   |   2 +-
 .../record-modifiers/TTL.md                   |   2 +-
 .../top-level-functions/D.md                  |  10 +-
 .../top-level-functions/DEFAULTS.md           |   6 +-
 .../top-level-functions/DOMAIN_ELSEWHERE.md   |   2 +-
 .../DOMAIN_ELSEWHERE_AUTO.md                  |   2 +-
 .../top-level-functions/D_EXTEND.md           |  10 +-
 .../top-level-functions/FETCH.md              |   2 +-
 .../top-level-functions/NewDnsProvider.md     |   4 +-
 .../top-level-functions/NewRegistrar.md       |   4 +-
 .../top-level-functions/REV.md                |   4 +-
 .../top-level-functions/require.md            |   2 +-
 .../dnsconfig-code-example-with-filename.md   |   2 +-
 documentation/nameservers.md                  |  20 +-
 documentation/notifications.md                |   2 +-
 documentation/provider/akamaiedgedns.md       |   2 +-
 documentation/provider/autodns.md             |   2 +-
 documentation/provider/azure_dns.md           |   2 +-
 documentation/provider/azure_private_dns.md   |   4 +-
 documentation/provider/bunny_dns.md           |   2 +-
 documentation/provider/cloudflareapi.md       |  10 +-
 documentation/provider/cloudns.md             |   4 +-
 documentation/provider/cnr.md                 |   2 +-
 documentation/provider/cscglobal.md           |   2 +-
 documentation/provider/desec.md               |   4 +-
 documentation/provider/digitalocean.md        |   2 +-
 documentation/provider/dnsimple.md            |   2 +-
 documentation/provider/dnsmadeeasy.md         |   2 +-
 documentation/provider/dnsoverhttps.md        |   2 +-
 documentation/provider/domainnameshop.md      |   2 +-
 documentation/provider/easyname.md            |   2 +-
 documentation/provider/exoscale.md            |   2 +-
 documentation/provider/gandi_v5.md            |   2 +-
 documentation/provider/gcloud.md              |   4 +-
 documentation/provider/gcore.md               |   4 +-
 documentation/provider/hedns.md               |   2 +-
 documentation/provider/hetzner.md             |   2 +-
 documentation/provider/hexonet.md             |   2 +-
 documentation/provider/hostingde.md           |   2 +-
 documentation/provider/huaweicloud.md         |   4 +-
 documentation/provider/internetbs.md          |   2 +-
 documentation/provider/inwx.md                |   2 +-
 documentation/provider/linode.md              |   2 +-
 documentation/provider/loopia.md              |  18 +-
 documentation/provider/luadns.md              |   2 +-
 documentation/provider/msdns.md               |   2 +-
 documentation/provider/mythicbeasts.md        |   2 +-
 documentation/provider/namecheap.md           |   4 +-
 documentation/provider/namedotcom.md          |   4 +-
 documentation/provider/netcup.md              |   2 +-
 documentation/provider/netlify.md             |   2 +-
 documentation/provider/ns1.md                 |   2 +-
 documentation/provider/opensrs.md             |   2 +-
 documentation/provider/oracle.md              |   2 +-
 documentation/provider/ovh.md                 |   4 +-
 documentation/provider/packetframe.md         |   2 +-
 documentation/provider/porkbun.md             |   2 +-
 documentation/provider/powerdns.md            |   2 +-
 documentation/provider/realtimeregister.md    |   2 +-
 documentation/provider/route53.md             |   6 +-
 documentation/provider/rwth.md                |   2 +-
 documentation/provider/sakuracloud.md         |   2 +-
 documentation/provider/softlayer.md           |   4 +-
 documentation/provider/transip.md             |   2 +-
 documentation/provider/vultr.md               |   2 +-
 documentation/styleguide-doc.md               |   2 +-
 115 files changed, 329 insertions(+), 378 deletions(-)

diff --git a/commands/types/dnscontrol.d.ts b/commands/types/dnscontrol.d.ts
index 2315a8424b..fdb6a9dd50 100644
--- a/commands/types/dnscontrol.d.ts
+++ b/commands/types/dnscontrol.d.ts
@@ -51,7 +51,7 @@ type Duration =
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@", "1.2.3.4"),
- * END);
+ * );
  *
  * FETCH("https://example.com", {
  *   // All three options below are optional
@@ -191,7 +191,7 @@ declare const DISABLE_REPEATED_DOMAIN_CHECK: RecordModifier;
  *   A("foo", "2.3.4.5"),
  *   A("test.foo", IP("1.2.3.4"), TTL(5000)),
  *   A("*", "1.2.3.4", {foo: 42}),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/a
@@ -213,7 +213,7 @@ declare function A(name: string, address: string | number, ...modifiers: RecordM
  *   AAAA("foo", addrV6),
  *   AAAA("test.foo", addrV6, TTL(5000)),
  *   AAAA("*", addrV6, {foo: 42}),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/aaaa
@@ -240,7 +240,7 @@ declare function AKAMAICDN(name: string, target: string, ...modifiers: RecordMod
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   ALIAS("@", "google.com."), // example.com -> google.com
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/alias
@@ -277,12 +277,12 @@ declare const AUTODNSSEC_OFF: DomainModifier;
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
  *   A("@", "10.1.1.1"),
- * END);
+ * );
  *
  * D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
  *   A("@", "10.2.2.2"),
- * END);
+ * );
  * ```
  *
  * If neither `AUTODNSSEC_ON` or `AUTODNSSEC_OFF` is specified for a
@@ -332,7 +332,7 @@ declare const AUTODNSSEC_ON: DomainModifier;
  * D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
  *   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
  *   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/azure-dns/azure_alias
@@ -361,7 +361,7 @@ declare function AZURE_ALIAS(name: string, type: "A" | "AAAA" | "CNAME", target:
  *   // Report all violation to test@example.com. If CA does not support
  *   // this record then refuse to issue any certificate
  *   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
- * END);
+ * );
  * ```
  *
  * DNSControl contains a [`CAA_BUILDER`](CAA_BUILDER.md) which can be used to simply create `CAA()` records for your domains. Instead of creating each CAA record individually, you can simply configure your report mail address, the authorized certificate authorities and the builder cares about the rest.
@@ -392,7 +392,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *     ],
  *     issuewild: "none",
  *   }),
- * END);
+ * );
  * ```
  *
  * `CAA_BUILDER()` builds multiple records:
@@ -403,7 +403,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *   CAA("@", "issue", "letsencrypt.org"),
  *   CAA("@", "issue", "comodoca.com"),
  *   CAA("@", "issuewild", ";"),
- * END);
+ * );
  * ```
  *
  * which in turns yield the following records:
@@ -433,7 +433,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *     issuewild: "none",
  *     issuewild_critical: true,
  *   }),
- * END);
+ * );
  * ```
  *
  * `CAA_BUILDER()` then builds (the same) multiple records - all with CAA_CRITICAL flag set:
@@ -444,7 +444,7 @@ declare function CAA(name: string, tag: "issue" | "issuewild" | "iodef", value:
  *   CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
  *   CAA("@", "issue", "comodoca.com", CAA_CRITICAL),
  *   CAA("@", "issuewild", ";", CAA_CRITICAL),
- * END);
+ * );
  * ```
  *
  * which in turns yield the following records:
@@ -500,7 +500,7 @@ declare function CAA_BUILDER(opts: { label?: string; iodef: string; iodef_critic
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_redirect
@@ -521,7 +521,7 @@ declare function CF_REDIRECT(source: string, destination: string, ...modifiers:
  *   CF_SINGLE_REDIRECT("name", 301, "when", "then"),
  *   CF_SINGLE_REDIRECT('redirect www.example.com', 301, 'http.host eq "www.example.com"', 'concat("https://otherplace.com", http.request.uri.path)'),
  *   CF_SINGLE_REDIRECT('redirect yyy.example.com', 301, 'http.host eq "yyy.example.com"', 'concat("https://survey.stackoverflow.co", "")'),
- * END);
+ * );
  * ```
  *
  * The fields are:
@@ -559,7 +559,7 @@ declare function CF_SINGLE_REDIRECT(name: string, code: number, when: string, th
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_temp_redirect
@@ -585,7 +585,7 @@ declare function CF_TEMP_REDIRECT(source: string, destination: string, ...modifi
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
  *     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/cloudflare-dns/cf_worker_route
@@ -610,7 +610,7 @@ declare function CLOUDNS_WR(name: string, target: string, ...modifiers: RecordMo
  *   CNAME("foo", "google.com."), // foo.example.com -> google.com
  *   CNAME("abc", "@"), // abc.example.com -> example.com
  *   CNAME("def", "test"), // def.example.com -> test.example.com
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/cname
@@ -634,7 +634,7 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@","1.2.3.4"),
  *   CNAME("test", "foo.example2.com."),
- * END);
+ * );
  *
  * // "macro" for records that can be mixed into any zone
  * var GOOGLE_APPS_DOMAIN_MX = [
@@ -649,7 +649,7 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  *   A("@","1.2.3.4"),
  *   CNAME("test", "foo.example2.com."),
  *   GOOGLE_APPS_DOMAIN_MX,
- * END);
+ * );
  * ```
  *
  * # Split Horizon DNS
@@ -669,15 +669,15 @@ declare function CNAME(name: string, target: string, ...modifiers: RecordModifie
  *
  * D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
  *   A("www", "10.10.10.10"),
- * END);
+ * );
  *
  * D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
  *   A("www", "20.20.20.20"),
- * END);
+ * );
  *
  * D_EXTEND("example.com!inside",
  *   A("internal", "10.99.99.99"),
- * END);
+ * );
  * ```
  *
  * A domain name without a `!` is assigned a tag that is the empty
@@ -718,11 +718,11 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  * DEFAULTS(
  *   DnsProvider(COMMON, 0),
  *   DefaultTTL("1d"),
- * END);
+ * );
  *
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * If you want to clear the defaults, you can do the following.
@@ -733,7 +733,7 @@ declare function D(name: string, registrar: string, ...modifiers: DomainModifier
  *
  * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/defaults
@@ -748,7 +748,7 @@ declare function DEFAULTS(...modifiers: DomainModifier[]): void;
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   DHCID("example.com", "ABCDEFG"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dhcid
@@ -796,7 +796,7 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  *       "mailto:mailauth-reports@example.com",
  *     ],
  *   }),
- * END);
+ * );
  * ```
  *
  * This yield the following record:
@@ -825,7 +825,7 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  *     failureOptions: "1",
  *     reportInterval: "1h",
  *   }),
- * END);
+ * );
  * ```
  *
  * ```javascript
@@ -841,7 +841,7 @@ declare const DISABLE_IGNORE_SAFETY_CHECK: DomainModifier;
  *         DKIM: true,
  *     },
  *   }),
- * END);
+ * );
  * ```
  *
  * This yields the following records:
@@ -884,7 +884,7 @@ declare function DMARC_BUILDER(opts: { label?: string; version?: string; policy:
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   DNAME("sub", "example.net."),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dname
@@ -905,7 +905,7 @@ declare function DNAME(name: string, target: string, ...modifiers: RecordModifie
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   DNSKEY("@", 257, 3, 13, "AABBCCDD"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/dnskey
@@ -935,7 +935,7 @@ declare function DNSKEY(name: string, flags: number, protocol: number, algorithm
  *     NO_PURGE,
  *     NAMESERVER("ns1.foo.com"),
  *     NAMESERVER("ns2.foo.com"),
- * END);
+ * );
  * ```
  *
  * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used out of abundance of caution but since no
@@ -970,7 +970,7 @@ declare function DOMAIN_ELSEWHERE(name: string, registrar: string, nameserver_na
  * D("example.com", REG_NAMEDOTCOM,
  *     NO_PURGE,
  *     DnsProvider(DSP_AZURE),
- * END);
+ * );
  * ```
  *
  * NOTE: The [`NO_PURGE`](../domain-modifiers/NO_PURGE.md) is used to prevent DNSControl from changing the records.
@@ -993,7 +993,7 @@ declare function DOMAIN_ELSEWHERE_AUTO(name: string, domain: string, registrar:
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   DS("example.com", 2371, 13, 2, "ABCDEF"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ds
@@ -1031,24 +1031,24 @@ declare function DS(name: string, keytag: number, algorithm: number, digesttype:
  *   A("@", "127.0.0.1"), // domain.tld
  *   A("www", "127.0.0.2"), // www.domain.tld
  *   CNAME("a", "b"), // a.domain.tld -> b.domain.tld
- * END);
+ * );
  * D_EXTEND("domain.tld",
  *   A("aaa", "127.0.0.3"), // aaa.domain.tld
  *   CNAME("c", "d"), // c.domain.tld -> d.domain.tld
- * END);
+ * );
  * D_EXTEND("sub.domain.tld",
  *   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
  *   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
  *   CNAME("e", "f"), // e.sub.domain.tld -> f.sub.domain.tld
- * END);
+ * );
  * D_EXTEND("sub.sub.domain.tld",
  *   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
  *   CNAME("g", "h"), // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
- * END);
+ * );
  * D_EXTEND("sub.domain.tld",
  *   A("@", "127.0.0.7"), // sub.domain.tld
  *   CNAME("i", "j"), // i.sub.domain.tld -> j.sub.domain.tld
- * END);
+ * );
  * ```
  *
  * This will end up in the following modifications: (This output assumes the `--full` flag)
@@ -1095,7 +1095,7 @@ declare function D_EXTEND(name: string, ...modifiers: DomainModifier[]): void;
  *   DefaultTTL("4h"),
  *   A("@","1.2.3.4"), // uses default
  *   A("foo", "2.3.4.5", TTL(600)), // overrides default
- * END);
+ * );
  * ```
  *
  * The DefaultTTL duration is the same format as [`TTL`](../record-modifiers/TTL.md), an integer number of seconds
@@ -1178,7 +1178,7 @@ declare function HASH(algorithm: "SHA1" | "SHA256" | "SHA512", value: string): s
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
  *   HTTPS("@", 1, "test.com", ""),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/https
@@ -1217,7 +1217,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  *   IGNORE(labelSpec, typeSpec, targetSpec),
  *   IGNORE(labelSpec, typeSpec),
  *   IGNORE(labelSpec),
- * END);
+ * );
  * ```
  *
  * * `labelSpec` is a glob that matches the DNS label. For example `"foo"` or `"foo*"`.  `"*"` matches all labels, as does the empty string (`""`).
@@ -1253,7 +1253,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  *   IGNORE("bar", "A,MX"), // ignore only A and MX records for name bar
  *   IGNORE("*", "*", "dev-*"), // Ignore targets with a `dev-` prefix
  *   IGNORE("*", "A", "1\.2\.3\."), // Ignore targets in the 1.2.3.0/24 CIDR block
- * END);
+ * );
  * ```
  *
  * Ignore Let's Encrypt (ACME) validation records:
@@ -1262,7 +1262,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   IGNORE("_acme-challenge", "TXT"),
  *   IGNORE("_acme-challenge.**", "TXT"),
- * END);
+ * );
  * ```
  *
  * Ignore DNS records typically inserted by Microsoft ActiveDirectory:
@@ -1285,7 +1285,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  *   IGNORE("domaindnszones.**", "A"),
  *   IGNORE("forestdnszones", "A"),
  *   IGNORE("forestdnszones.**", "A"),
- * END);
+ * );
  * ```
  *
  * ## Detailed examples
@@ -1306,7 +1306,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  *     CNAME("cfull", "www.plts.org."),
  *     CNAME("cfull2", "www.bar.plts.org."),
  *     CNAME("cfull3", "bar.www.plts.org."),
- * END);
+ * );
  *
  * D_EXTEND("more.example.com",
  *     A("foo", "1.1.1.1"),
@@ -1315,13 +1315,13 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  *     CNAME("mfull", "www.plts.org."),
  *     CNAME("mfull2", "www.bar.plts.org."),
  *     CNAME("mfull3", "bar.www.plts.org."),
- * END);
+ * );
  * ```
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("@", "", ""),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1332,7 +1332,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("example.com.", "", ""),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1342,7 +1342,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("foo", "", ""),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1352,7 +1352,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("foo.**", "", ""),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1362,14 +1362,14 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www", "", ""),
- * END);
+ * );
  *     //    www.example.com. A 174.136.107.196
  * ```
  *
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.*", "", ""),
- * END);
+ * );
  *     //    nothing
  * ```
  *
@@ -1380,7 +1380,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.example.com", "", ""),
- * END);
+ * );
  *     //    nothing
  * ```
  *
@@ -1391,7 +1391,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("www.example.com.", "", ""),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1401,7 +1401,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     //IGNORE("", "", "1.1.1.*"),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1412,7 +1412,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     //IGNORE("", "", "www"),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1422,7 +1422,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("", "", "*bar*"),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1435,7 +1435,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     IGNORE("", "", "bar.**"),
- * END);
+ * );
  * ```
  *
  * **Would match**:
@@ -1481,7 +1481,7 @@ declare function HTTPS(name: string, priority: number, target: string, params: s
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
  *     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
- * END);
+ * );
  * ```
  *
  * ## Caveats
@@ -1522,12 +1522,12 @@ declare function IGNORE_TARGET(pattern: string, rType: string): DomainModifier;
  * ```javascript
  * D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   A("test", "8.8.8.8"),
- * END);
+ * );
  *
  * D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   INCLUDE("example.com!external"),
  *   A("home", "127.0.0.1"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/include
@@ -1648,7 +1648,7 @@ declare function IP(ip: string): number;
  *   LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0),
  *   //42 21 28.764 N  71 00  51.617 W -44m 2000m
  *   LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/loc
@@ -1699,7 +1699,7 @@ declare function LOC(deg1: number, min1: number, sec1: number, deg2: number, min
  *     alt: 19,
  *     ttl: "5m",
  *   }),
- * END);
+ * );
  * ```
  *
  * Part of the series:
@@ -1740,7 +1740,7 @@ declare function LOC_BUILDER_DD(opts: { label?: string; x: number; y: number; al
  *     str: "42°S 147°E",
  *     alt: 3,
  *   }),
- * END);
+ * );
  * ```
  *
  * Part of the series:
@@ -1782,7 +1782,7 @@ declare function LOC_BUILDER_DMM_STR(opts: { label?: string; str: string; alt?:
  *     alt: 4,
  *     ttl: "5m",
  *   }),
- * END);
+ * );
  * ```
  *
  * Part of the series:
@@ -1829,7 +1829,7 @@ declare function LOC_BUILDER_DMS_STR(opts: { label?: string; str: string; alt?:
  *     str: "53°20′40″N 6°17′20″W",
  *     alt: 300,
  *   }),
- * END);
+ * );
  * ```
  *
  * Part of the series:
@@ -1858,7 +1858,7 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  *   M365_BUILDER("example.com", {
  *       initialDomain: "example.onmicrosoft.com",
  *   }),
- * END);
+ * );
  * ```
  *
  * This sets up `MX` records, Autodiscover, and DKIM.
@@ -1876,7 +1876,7 @@ declare function LOC_BUILDER_STR(opts: { label?: string; str: string; alt?: numb
  *       domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
  *       initialDomain: "example.onmicrosoft.com",
  *   }),
- * END);
+ * );
  * ```
  *
  * This sets up Mobile Device Management only.
@@ -1907,7 +1907,7 @@ declare function M365_BUILDER(opts: { label?: string; mx?: boolean; autodiscover
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   MX("@", 5, "mail"), // mx example.com -> mail.example.com
  *   MX("sub", 10, "mail.foo.com."),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/mx
@@ -1934,13 +1934,13 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  *   // Replace the nameservers:
  *   NAMESERVER("ns1.myserver.com."),
  *   NAMESERVER("ns2.myserver.com."),
- * END);
+ * );
  *
  * D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // Add these two additional nameservers to the existing list of nameservers.
  *   NAMESERVER("ns1.myserver.com."),
  *   NAMESERVER("ns2.myserver.com."),
- * END);
+ * );
  * ```
  *
  * # The difference between NS() and NAMESERVER()
@@ -1989,7 +1989,7 @@ declare function MX(name: string, priority: number, target: string, ...modifiers
  * var REG_THIRDPARTY = NewRegistrar("ThirdParty");
  * D("example.com", REG_THIRDPARTY,
  *   ...
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/nameserver
@@ -2005,7 +2005,7 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   NAMESERVER_TTL("2d"),
  *   NAMESERVER("ns"),
- * END);
+ * );
  * ```
  *
  * Use `NAMESERVER_TTL("3600"),` or `NAMESERVER_TTL("1h"),` for a 1h default TTL for all subsequent `NS` entries:
@@ -2018,7 +2018,7 @@ declare function NAMESERVER(name: string, ...modifiers: RecordModifier[]): Domai
  *   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
  *   A("@","1.2.3.4"), // inherits DefaultTTL
  *   A("foo", "2.3.4.5", TTL(600)), // overrides DefaultTTL for this record only
- * END);
+ * );
  * ```
  *
  * To apply a default TTL to all other record types, see [`DefaultTTL`](../domain-modifiers/DefaultTTL.md)
@@ -2170,7 +2170,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
  *   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
  *   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", "."),
- * END);
+ * );
  * ```
  *
  * Single e164 zone
@@ -2179,7 +2179,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
  *   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
  *   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", "."),
- * END);
+ * );
  * ```
  *
  * ### Examples for SIP:
@@ -2197,7 +2197,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   A("sip", "192.0.2.2"),
  *   AAAA("sip", "2001:db8::85a3"),
  *   // and so on
- * END);
+ * );
  * ```
  *
  * ### Other RFC based examples:
@@ -2212,7 +2212,7 @@ declare function NAMESERVER_TTL(ttl: Duration): DomainModifier;
  *   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
  *   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
  *   // and so on
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/naptr
@@ -2246,7 +2246,7 @@ declare function NAPTR(subdomain: string, order: number, preference: number, ter
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
  *   A("foo","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * The main caveat of `NO_PURGE` is that intentionally deleting records becomes
@@ -2287,7 +2287,7 @@ declare const NO_PURGE: DomainModifier;
  *   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
  *   A("ns1.example2.com", "10.10.10.10"), // Glue records
  *   A("ns2.example2.com", "10.10.10.20"), // Glue records
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/ns
@@ -2341,7 +2341,7 @@ declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordMo
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * In [v3.16](../../v316.md) and later:
@@ -2352,7 +2352,7 @@ declare function NS1_URLFWD(name: string, target: string, ...modifiers: RecordMo
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newdnsprovider
@@ -2380,7 +2380,7 @@ declare function NewDnsProvider(name: string, type?: string, meta?: object): str
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * In [v3.16](../../v316.md) and later:
@@ -2391,7 +2391,7 @@ declare function NewDnsProvider(name: string, type?: string, meta?: object): str
  *
  * D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
  *   A("@","1.2.3.4"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/top-level-functions/newregistrar
@@ -2488,13 +2488,13 @@ declare function PORKBUN_URLFWD(name: string, target: string, ...modifiers: Reco
  *   PTR("3", "baz.example.com."),
  *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
  *   PTR("1.2.3.10", "ten.example.com."),    // "10"
- * END);
+ * );
  * ```
  *
  * ```javascript
  * D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
  *   PTR("9.9.9.129", "first.example.com."),
- * END);
+ * );
  * ```
  *
  * ```javascript
@@ -2503,7 +2503,7 @@ declare function PORKBUN_URLFWD(name: string, target: string, ...modifiers: Reco
  *   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
  *   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
  *   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
- * END);
+ * );
  * ```
  *
  * # Automatic forward and reverse lookups
@@ -2525,10 +2525,10 @@ declare function PORKBUN_URLFWD(name: string, target: string, ...modifiers: Reco
  *
  * D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
  *     ...,
- * END);
+ * );
  * D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
  *     ...,
- * END);
+ * );
  *
  * FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
  * FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
@@ -2559,7 +2559,7 @@ declare function PTR(name: string, target: string, ...modifiers: RecordModifier[
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   PURGE,
- * END);
+ * );
  * ```
  *
  * Since the "last command wins", this is the same as `PURGE`:
@@ -2571,7 +2571,7 @@ declare function PTR(name: string, target: string, ...modifiers: RecordModifier[
  *   PURGE,
  *   NO_PURGE,
  *   PURGE,
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/purge
@@ -2614,7 +2614,7 @@ declare const PURGE: DomainModifier;
  *   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
  *   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
  *   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/service-provider-specific/amazon-route-53/r53_alias
@@ -2690,14 +2690,14 @@ declare function R53_ZONE(zone_id: string): DomainModifier & RecordModifier;
  *   PTR("3", "baz.example.com."),
  *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("1.2.3.10", "ten.example.com."),
- * END);
+ * );
  *
  * D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
  *   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
  *   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
  *   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
  *   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
- * END);
+ * );
  * ```
  *
  * # Automatic forward and reverse record generation
@@ -2758,7 +2758,7 @@ declare function REVCOMPAT(rfc: string): string;
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
- * END);
+ * );
  * ```
  *
  * If you accidentally include an `@` in the email field DNSControl will quietly
@@ -2793,7 +2793,7 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all"),
- * END)
+ * );
  * ```
  *
  * This has a few problems:
@@ -2831,7 +2831,7 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
  *     ]
  *   }),
- * END);
+ * );
  * ```
  *
  * By using the `SPF_BUILDER()` we gain many benefits:
@@ -2866,7 +2866,7 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *   }),
  *   ...
  *   ...
- * END);
+ * );
  * ```
  *
  * The parameters are:
@@ -3050,11 +3050,11 @@ declare function SOA(name: string, ns: string, mbox: string, refresh: number, re
  *
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *     SPF_MYSETTINGS,
- * END);
+ * );
  *
  * D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *      SPF_MYSETTINGS,
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/spf_builder
@@ -3072,7 +3072,7 @@ declare function SPF_BUILDER(opts: { label?: string; overflow?: string; overhead
  *   //               pr  w   port, target
  *   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
  *   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/srv
@@ -3105,7 +3105,7 @@ declare function SRV(name: string, priority: number, weight: number, port: numbe
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/sshfp
@@ -3124,7 +3124,7 @@ declare function SSHFP(name: string, algorithm: 0 | 1 | 2 | 3 | 4, type: 0 | 1 |
  * ```javascript
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/svcb
@@ -3142,7 +3142,7 @@ declare function SVCB(name: string, priority: number, target: string, params: st
  * D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
  *   // Create TLSA record for certificate used on TCP port 443
  *   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/domain-modifiers/tlsa
@@ -3175,7 +3175,7 @@ declare function TLSA(name: string, usage: number, selector: number, type: numbe
  *   A("foo", "2.3.4.5", TTL(500)), // overrides default
  *   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
  *   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
- * END);
+ * );
  * ```
  *
  * @see https://docs.dnscontrol.org/language-reference/record-modifiers/ttl
@@ -3203,7 +3203,7 @@ declare function TTL(ttl: Duration): RecordModifier;
  *       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
  *       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
  *       TXT("long", "X".repeat(300)), // Long strings are split automatically.
- *     END);
+ *     );
  * ```
  *
  * NOTE: In the past, long strings had to be annotated with the keyword
diff --git a/documentation/ci-cd-gitlab.md b/documentation/ci-cd-gitlab.md
index 676f68cbf9..e42d822d6a 100644
--- a/documentation/ci-cd-gitlab.md
+++ b/documentation/ci-cd-gitlab.md
@@ -26,7 +26,7 @@ D("cafferata.dev",
         "v=spf1",
         "-all"
     ].join(" ")),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/cli-variables.md b/documentation/cli-variables.md
index 8086de59c4..2b4324bce0 100644
--- a/documentation/cli-variables.md
+++ b/documentation/cli-variables.md
@@ -61,7 +61,7 @@ D("example.com", REG_NAMECOM, DnsProvider(DNS_NAMECOM), DnsProvider(DNS_BIND),
     A("siteb", host01, TTL(1800)),
     A("sitec", host02, TTL(1800)),
     A("sited", host02, TTL(1800)),
-END);
+);
 ```
 {% endcode %}
 
@@ -87,7 +87,7 @@ CLI_DEFAULTS({
 
 D("example.com", REG_EXAMPLE, DnsProvider(DNS_EXAMPLE),
     A("www", "10.10.10.10"),
-END);
+);
 
 if (emergency) {
     // Emergency mode: Configure A/B/C using CNAMEs to our alternate site.
@@ -96,7 +96,7 @@ if (emergency) {
         CNAME("a", "a.othersite"),
         CNAME("b", "b.othersite"),
         CNAME("c", "c.othersite"),
-    END);
+    );
 
 } else {
     // Normal operation: Configure A/B/C using A records.
@@ -105,7 +105,7 @@ if (emergency) {
         A("a", "10.10.10.10"),
         A("b", "10.10.10.11"),
         A("c", "10.10.10.12"),
-    END);
+    );
 
 }
 ```
diff --git a/documentation/code-tricks.md b/documentation/code-tricks.md
index 8bb18fb671..30ed409c1b 100644
--- a/documentation/code-tricks.md
+++ b/documentation/code-tricks.md
@@ -11,67 +11,18 @@ Solution: Use a "builder" to construct it for you.
 
 # Trailing commas
 
-**Trailing commas** (sometimes called "final commas") can be useful when adding new Domain Modifiers to your DNSControl code. If you want to add a Domain Modifier, you can add a new line without modifying the previously last line if that line already uses a trailing comma. This makes version-control diffs cleaner and editing code might be less troublesome.
-
-Because the DNSControl JavaScript DSL has no trailing commas, you can use the `END` constant within `D()`.
-
-## Version-control diffs example
-
-{% hint style="info" %}
-**NOTE**: `END` is just an alias for `{}`, which is ignored by DNSControl.
-{% endhint %}
-
-Let's take an example with domain: `example.com`. We have recorded the [A-record](language-reference/domain-modifiers/A.md) 'foo' configured.
-
-{% code title="dnsconfig.js" %}
-```javascript
-D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("foo", "1.2.3.4")
-);
-```
-{% endcode %}
-
-Let's say we want to add an [A record](language-reference/domain-modifiers/A.md) 'bar' to this domain.
+You might encounter `D()` statements in code examples that include `END` at the end, such as:
 
 {% code title="dnsconfig.js" %}
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("foo", "1.2.3.4"),
-  A("bar", "4.3.2.1")
-);
-```
-{% endcode %}
-
-This will generate the version-control diff below:
-
-{% code title="dnsconfig.js" %}
-```diff
--  A("foo", "1.2.3.4"),
-+  A("foo", "1.2.3.4"),
-+  A("bar", "4.3.2.1")
-);
-```
-{% endcode %}
-
-Let's apply the same A-record 'foo' to the domain using the `END` constant.
-
-{% code title="dnsconfig.js" %}
-```javascript
-D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
-  A("foo", "1.2.3.4"),
+  A("test", "1.2.3.4"),
 END);
 ```
 {% endcode %}
 
-This will generate the cleaner version-control diff below:
-
-{% code title="dnsconfig.js" %}
-```diff
-   A("foo", "1.2.3.4"),
-+  A("bar", "4.3.2.1"),
-END);
-```
-{% endcode %}
+As of [DNSControl v4.15.0](https://github.com/StackExchange/dnscontrol/releases/tag/v4.15.0), the `END` statements are no longer necessary.
+These were originally included for historical reasons that are now irrelevant. You can safely remove them from your configurations.
 
 # Repeat records in many domains (macros)
 
@@ -133,7 +84,7 @@ function PARKED_R53(name) {
        A("@", "10.2.3.4"),
        CNAME("www", "@"),
         SPF_NONE, //deters spammers from using the domain in From: lines.
-        END);
+        );
 }
 
 PARKED_R53("example1.tld");
@@ -156,7 +107,7 @@ _.each(
     D(d, REG_NAMECOM, DnsProvider(DSP_MY_PROVIDER),
        A("@", "10.2.3.4"),
        CNAME("www", "@"),
-    END);
+    );
   }
 );
 ```
diff --git a/documentation/examples.md b/documentation/examples.md
index 8e5847fa2a..b8f440108c 100644
--- a/documentation/examples.md
+++ b/documentation/examples.md
@@ -13,7 +13,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     TXT("the", "message"),
     NS("department2", "ns1.dnsexample.com."), // use different nameservers
     NS("department2", "ns2.dnsexample.com."), // for department2.example.com
-END);
+);
 ```
 {% endcode %}
 
@@ -32,7 +32,7 @@ D("example.com", REG_MY_PROVIDER,
 
     A("@", "1.2.3.4", TTL("10m")), // individual record
     CNAME("mail", "mx01"), // TTL of 5m, as defined per DefaultTTL()
-END);
+);
 ```
 {% endcode %}
 
@@ -46,7 +46,7 @@ var DSP_R53 = NewDnsProvider("route53_user1");
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
     A("@", addrA), // 1.2.3.4
     A("www", addrA + 1), // 1.2.3.5
-END);
+);
 ```
 {% endcode %}
 
@@ -72,7 +72,7 @@ var activeDC = dcA;
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
     A("@", activeDC + 5), // fixed address based on activeDC
-END);
+);
 ```
 {% endcode %}
 
@@ -100,7 +100,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53),
    GOOGLE_APPS_MX_RECORDS,
    GOOGLE_APPS_CNAME_RECORDS,
    A("@", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -123,7 +123,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       "~all"
     ]
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -134,7 +134,7 @@ DEFAULTS(
     NAMESERVER_TTL("24h"),
     DefaultTTL("12h"),
     CF_PROXY_DEFAULT_OFF,
-END);
+);
 ```
 {% endcode %}
 
@@ -149,19 +149,19 @@ var DSP_GCLOUD = NewDnsProvider("gcloud_admin");
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_R53), DnsProvider(DSP_GCLOUD),
    A("@", "1.2.3.4"),
-END);
+);
 
 // above zone uses 8 NS records total (4 from each provider dynamically gathered)
 // below zone will only take 2 from each for a total of 4. May be better for performance reasons.
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_R53, 2), DnsProvider(DSP_GCLOUD ,2),
    A("@", "1.2.3.4"),
-END);
+);
 
 // or set a Provider as a non-authoritative backup (don"t register its nameservers)
 D("example3.com", REG_MY_PROVIDER, DnsProvider(DSP_R53), DnsProvider(DSP_GCLOUD, 0),
    A("@", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -204,7 +204,7 @@ var DSP_R53_MAIN = NewDnsProvider("r53_main");
 D("example.com", REG_NONE, DnsProvider(DSP_R53_MAIN),
     FASTMAIL_MX,
     FASTMAIL_DKIM("example.com"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index 1d04a160bb..675a3f52b9 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -98,7 +98,7 @@ var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
     A("@", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/A.md b/documentation/language-reference/domain-modifiers/A.md
index 14a4dda92d..fdc8b266f2 100644
--- a/documentation/language-reference/domain-modifiers/A.md
+++ b/documentation/language-reference/domain-modifiers/A.md
@@ -23,6 +23,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("foo", "2.3.4.5"),
   A("test.foo", IP("1.2.3.4"), TTL(5000)),
   A("*", "1.2.3.4", {foo: 42}),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/AAAA.md b/documentation/language-reference/domain-modifiers/AAAA.md
index 6f83c1716d..361290956f 100644
--- a/documentation/language-reference/domain-modifiers/AAAA.md
+++ b/documentation/language-reference/domain-modifiers/AAAA.md
@@ -25,6 +25,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AAAA("foo", addrV6),
   AAAA("test.foo", addrV6, TTL(5000)),
   AAAA("*", addrV6, {foo: 42}),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/ALIAS.md b/documentation/language-reference/domain-modifiers/ALIAS.md
index 502db74217..f7ef804ebf 100644
--- a/documentation/language-reference/domain-modifiers/ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/ALIAS.md
@@ -22,6 +22,6 @@ Target should be a string representing the target. If it is a single label we wi
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   ALIAS("@", "google.com."), // example.com -> google.com
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
index 907954e288..df04516ab9 100644
--- a/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
+++ b/documentation/language-reference/domain-modifiers/AUTODNSSEC_ON.md
@@ -24,12 +24,12 @@ correct syntax is `AUTODNSSEC_ON` not `AUTODNSSEC_ON()`
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AUTODNSSEC_ON,  // Enable AutoDNSSEC.
   A("@", "10.1.1.1"),
-END);
+);
 
 D("insecure.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   AUTODNSSEC_OFF,  // Disable AutoDNSSEC.
   A("@", "10.2.2.2"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md b/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
index 330f648492..3e11030fa4 100644
--- a/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/AZURE_ALIAS.md
@@ -53,6 +53,6 @@ This arrangement is useful if you want some record sets to be aliases and some n
 D("example.com", REG_MY_PROVIDER, DnsProvider("AZURE_DNS"),
   AZURE_ALIAS("foo", "A", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/trafficManagerProfiles/testpp2"), // record for traffic manager
   AZURE_ALIAS("foo", "CNAME", "/subscriptions/726f8cd6-6459-4db4-8e6d-2cd2716904e2/resourceGroups/test/providers/Microsoft.Network/dnszones/example.com/A/quux."), // record in the same zone
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CAA.md b/documentation/language-reference/domain-modifiers/CAA.md
index c4718a536c..22428afb1d 100644
--- a/documentation/language-reference/domain-modifiers/CAA.md
+++ b/documentation/language-reference/domain-modifiers/CAA.md
@@ -34,7 +34,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Report all violation to test@example.com. If CA does not support
   // this record then refuse to issue any certificate
   CAA("@", "iodef", "mailto:test@example.com", CAA_CRITICAL),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
index cddca306db..a7d4b5b780 100644
--- a/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/CAA_BUILDER.md
@@ -43,7 +43,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     ],
     issuewild: "none",
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -56,7 +56,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CAA("@", "issue", "letsencrypt.org"),
   CAA("@", "issue", "comodoca.com"),
   CAA("@", "issuewild", ";"),
-END);
+);
 ```
 {% endcode %}
 
@@ -88,7 +88,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     issuewild: "none",
     issuewild_critical: true,
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -101,7 +101,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CAA("@", "issue", "letsencrypt.org", CAA_CRITICAL),
   CAA("@", "issue", "comodoca.com", CAA_CRITICAL),
   CAA("@", "issuewild", ";", CAA_CRITICAL),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
index 95aacf5e35..dedf9c37e5 100644
--- a/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_REDIRECT.md
@@ -44,6 +44,6 @@ This example redirects the bare (aka apex, or naked) domain to www:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CF_REDIRECT("example.com/*", "https://www.example.com/$1"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
index 47e296edd5..718cac8b75 100644
--- a/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_SINGLE_REDIRECT.md
@@ -29,7 +29,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CF_SINGLE_REDIRECT("name", 301, "when", "then"),
   CF_SINGLE_REDIRECT('redirect www.example.com', 301, 'http.host eq "www.example.com"', 'concat("https://otherplace.com", http.request.uri.path)'),
   CF_SINGLE_REDIRECT('redirect yyy.example.com', 301, 'http.host eq "yyy.example.com"', 'concat("https://survey.stackoverflow.co", "")'),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
index 6b97fc454f..fca2a8a146 100644
--- a/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
+++ b/documentation/language-reference/domain-modifiers/CF_TEMP_REDIRECT.md
@@ -37,6 +37,6 @@ managed by DNSControl and those that aren't.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CF_TEMP_REDIRECT("example.example.com/*", "https://otherplace.yourdomain.com/$1"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md b/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
index a448dc0a97..7515742745 100644
--- a/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
+++ b/documentation/language-reference/domain-modifiers/CF_WORKER_ROUTE.md
@@ -30,6 +30,6 @@ This example assigns the patterns `api.example.com/*` and `example.com/api/*` to
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     CF_WORKER_ROUTE("api.example.com/*", "my-worker"),
     CF_WORKER_ROUTE("example.com/api/*", "my-worker"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/CNAME.md b/documentation/language-reference/domain-modifiers/CNAME.md
index 946f34a833..739ca5ab05 100644
--- a/documentation/language-reference/domain-modifiers/CNAME.md
+++ b/documentation/language-reference/domain-modifiers/CNAME.md
@@ -21,6 +21,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   CNAME("foo", "google.com."), // foo.example.com -> google.com
   CNAME("abc", "@"), // abc.example.com -> example.com
   CNAME("def", "test"), // def.example.com -> test.example.com
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DHCID.md b/documentation/language-reference/domain-modifiers/DHCID.md
index 45139ec725..0c6eefbb95 100644
--- a/documentation/language-reference/domain-modifiers/DHCID.md
+++ b/documentation/language-reference/domain-modifiers/DHCID.md
@@ -18,6 +18,6 @@ Digest should be a string.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DHCID("example.com", "ABCDEFG"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md b/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
index e4c6faf0df..50f085c5e8 100644
--- a/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/DMARC_BUILDER.md
@@ -48,7 +48,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       "mailto:mailauth-reports@example.com",
     ],
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -79,7 +79,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     failureOptions: "1",
     reportInterval: "1h",
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -97,7 +97,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
         DKIM: true,
     },
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/DNAME.md b/documentation/language-reference/domain-modifiers/DNAME.md
index 989cb8e781..85cc14dde2 100644
--- a/documentation/language-reference/domain-modifiers/DNAME.md
+++ b/documentation/language-reference/domain-modifiers/DNAME.md
@@ -18,6 +18,6 @@ Target should be a string.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DNAME("sub", "example.net."),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DNSKEY.md b/documentation/language-reference/domain-modifiers/DNSKEY.md
index e61dc92cfc..7c2f305366 100644
--- a/documentation/language-reference/domain-modifiers/DNSKEY.md
+++ b/documentation/language-reference/domain-modifiers/DNSKEY.md
@@ -30,6 +30,6 @@ Public key must be a string.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DNSKEY("@", 257, 3, 13, "AABBCCDD"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DS.md b/documentation/language-reference/domain-modifiers/DS.md
index 0eb9941f30..529888c959 100644
--- a/documentation/language-reference/domain-modifiers/DS.md
+++ b/documentation/language-reference/domain-modifiers/DS.md
@@ -30,6 +30,6 @@ Digest must be a string.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DS("example.com", 2371, 13, 2, "ABCDEF"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/DefaultTTL.md b/documentation/language-reference/domain-modifiers/DefaultTTL.md
index 6a9d740794..e5db9f2ae9 100644
--- a/documentation/language-reference/domain-modifiers/DefaultTTL.md
+++ b/documentation/language-reference/domain-modifiers/DefaultTTL.md
@@ -18,7 +18,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   DefaultTTL("4h"),
   A("@","1.2.3.4"), // uses default
   A("foo", "2.3.4.5", TTL(600)), // overrides default
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/HTTPS.md b/documentation/language-reference/domain-modifiers/HTTPS.md
index 486d881b95..12d98ec95d 100644
--- a/documentation/language-reference/domain-modifiers/HTTPS.md
+++ b/documentation/language-reference/domain-modifiers/HTTPS.md
@@ -27,6 +27,6 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   HTTPS("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
   HTTPS("@", 1, "test.com", ""),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/IGNORE.md b/documentation/language-reference/domain-modifiers/IGNORE.md
index 6a5d310ee5..8be59e5148 100644
--- a/documentation/language-reference/domain-modifiers/IGNORE.md
+++ b/documentation/language-reference/domain-modifiers/IGNORE.md
@@ -42,7 +42,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   IGNORE(labelSpec, typeSpec, targetSpec),
   IGNORE(labelSpec, typeSpec),
   IGNORE(labelSpec),
-END);
+);
 ```
 {% endcode %}
 
@@ -80,7 +80,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   IGNORE("bar", "A,MX"), // ignore only A and MX records for name bar
   IGNORE("*", "*", "dev-*"), // Ignore targets with a `dev-` prefix
   IGNORE("*", "A", "1\.2\.3\."), // Ignore targets in the 1.2.3.0/24 CIDR block
-END);
+);
 ```
 {% endcode %}
 
@@ -91,7 +91,7 @@ Ignore Let's Encrypt (ACME) validation records:
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   IGNORE("_acme-challenge", "TXT"),
   IGNORE("_acme-challenge.**", "TXT"),
-END);
+);
 ```
 {% endcode %}
 
@@ -116,7 +116,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   IGNORE("domaindnszones.**", "A"),
   IGNORE("forestdnszones", "A"),
   IGNORE("forestdnszones.**", "A"),
-END);
+);
 ```
 {% endcode %}
 
@@ -139,7 +139,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     CNAME("cfull", "www.plts.org."),
     CNAME("cfull2", "www.bar.plts.org."),
     CNAME("cfull3", "bar.www.plts.org."),
-END);
+);
 
 D_EXTEND("more.example.com",
     A("foo", "1.1.1.1"),
@@ -148,7 +148,7 @@ D_EXTEND("more.example.com",
     CNAME("mfull", "www.plts.org."),
     CNAME("mfull2", "www.bar.plts.org."),
     CNAME("mfull3", "bar.www.plts.org."),
-END);
+);
 ```
 {% endcode %}
 
@@ -156,7 +156,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("@", "", ""),
-END);
+);
 ```
 {% endcode %}
 
@@ -169,7 +169,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("example.com.", "", ""),
-END);
+);
 ```
 {% endcode %}
 
@@ -181,7 +181,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("foo", "", ""),
-END);
+);
 ```
 {% endcode %}
 
@@ -193,7 +193,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("foo.**", "", ""),
-END);
+);
 ```
 {% endcode %}
 
@@ -205,7 +205,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www", "", ""),
-END);
+);
     //    www.example.com. A 174.136.107.196
 ```
 {% endcode %}
@@ -214,7 +214,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.*", "", ""),
-END);
+);
     //    nothing
 ```
 {% endcode %}
@@ -227,7 +227,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.example.com", "", ""),
-END);
+);
     //    nothing
 ```
 {% endcode %}
@@ -240,7 +240,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("www.example.com.", "", ""),
-END);
+);
 ```
 {% endcode %}
 
@@ -252,7 +252,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     //IGNORE("", "", "1.1.1.*"),
-END);
+);
 ```
 {% endcode %}
 
@@ -265,7 +265,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     //IGNORE("", "", "www"),
-END);
+);
 ```
 {% endcode %}
 
@@ -277,7 +277,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("", "", "*bar*"),
-END);
+);
 ```
 {% endcode %}
 
@@ -292,7 +292,7 @@ END);
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IGNORE("", "", "bar.**"),
-END);
+);
 ```
 {% endcode %}
 
@@ -346,7 +346,7 @@ instead.
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     // THIS NO LONGER WORKS! Use DISABLE_IGNORE_SAFETY_CHECK instead. See above.
     TXT("myhost", "mytext", IGNORE_NAME_DISABLE_SAFETY_CHECK),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
index b5a3e0627f..0c137ccd82 100644
--- a/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
+++ b/documentation/language-reference/domain-modifiers/IMPORT_TRANSFORM.md
@@ -69,17 +69,17 @@ D("foo.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("two","1.2.3.2"),
   A("three","1.2.3.13"),
   A("four","1.2.3.14"),
-END);
+);
 
 D("bar.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("www","123.123.123.123"),
   IMPORT_TRANSFORM(TRANSFORM_CF, "foo.com", 300),
-END);
+);
 
 D("baz.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("www","123.123.123.123"),
   IMPORT_TRANSFORM(TRANSFORM_FSTLY, "foo.com", 300),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/INCLUDE.md b/documentation/language-reference/domain-modifiers/INCLUDE.md
index 26bcfce8fa..1449adf3e1 100644
--- a/documentation/language-reference/domain-modifiers/INCLUDE.md
+++ b/documentation/language-reference/domain-modifiers/INCLUDE.md
@@ -13,11 +13,11 @@ Includes all records from a given domain
 ```javascript
 D("example.com!external", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("test", "8.8.8.8"),
-END);
+);
 
 D("example.com!internal", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   INCLUDE("example.com!external"),
   A("home", "127.0.0.1"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/LOC.md b/documentation/language-reference/domain-modifiers/LOC.md
index ae4f127d26..ecdf4ade9d 100644
--- a/documentation/language-reference/domain-modifiers/LOC.md
+++ b/documentation/language-reference/domain-modifiers/LOC.md
@@ -119,6 +119,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   LOC("c", 32,  7, 19,     "S",116,  2, 25,     "E",  10,    0,    0,  0),
   //42 21 28.764 N  71 00  51.617 W -44m 2000m
   LOC("d", 42, 21, 28.764, "N", 71,  0, 51.617, "W", -44, 2000,    0,  0),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
index 18be0315b2..513c09c6ff 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DD.md
@@ -61,7 +61,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     alt: 19,
     ttl: "5m",
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
index 07a80577af..3be208bc53 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMM_STR.md
@@ -41,7 +41,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     str: "42°S 147°E",
     alt: 3,
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
index af9b16f352..208242c64d 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_DMS_STR.md
@@ -42,7 +42,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     alt: 4,
     ttl: "5m",
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
index 5db404ed5b..c7058c74e7 100644
--- a/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
+++ b/documentation/language-reference/domain-modifiers/LOC_BUILDER_STR.md
@@ -48,7 +48,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     str: "53°20′40″N 6°17′20″W",
     alt: 300,
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/M365_BUILDER.md b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
index 13ef4d1b37..bddf611843 100644
--- a/documentation/language-reference/domain-modifiers/M365_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/M365_BUILDER.md
@@ -36,7 +36,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   M365_BUILDER("example.com", {
       initialDomain: "example.onmicrosoft.com",
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -56,7 +56,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       domainGUID: "test-example-com", // Can be automatically derived in this case, if example.com is the context.
       initialDomain: "example.onmicrosoft.com",
   }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/MX.md b/documentation/language-reference/domain-modifiers/MX.md
index 2ec837a51d..67adcada40 100644
--- a/documentation/language-reference/domain-modifiers/MX.md
+++ b/documentation/language-reference/domain-modifiers/MX.md
@@ -23,6 +23,6 @@ Target should be a string representing the MX target. If it is a single label we
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   MX("@", 5, "mail"), // mx example.com -> mail.example.com
   MX("sub", 10, "mail.foo.com."),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER.md b/documentation/language-reference/domain-modifiers/NAMESERVER.md
index 354273e94e..5538766db0 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER.md
@@ -28,13 +28,13 @@ D("example.com", REG_MY_PROVIDER,
   // Replace the nameservers:
   NAMESERVER("ns1.myserver.com."),
   NAMESERVER("ns2.myserver.com."),
-END);
+);
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Add these two additional nameservers to the existing list of nameservers.
   NAMESERVER("ns1.myserver.com."),
   NAMESERVER("ns2.myserver.com."),
-END);
+);
 ```
 {% endcode %}
 
@@ -86,6 +86,6 @@ It looks like this:
 var REG_THIRDPARTY = NewRegistrar("ThirdParty");
 D("example.com", REG_THIRDPARTY,
   ...
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
index f952ac9f8b..54a3094472 100644
--- a/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
+++ b/documentation/language-reference/domain-modifiers/NAMESERVER_TTL.md
@@ -17,7 +17,7 @@ The value can be an integer or a string. See [`TTL`](../record-modifiers/TTL.md)
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NAMESERVER_TTL("2d"),
   NAMESERVER("ns"),
-END);
+);
 ```
 {% endcode %}
 
@@ -32,7 +32,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NAMESERVER("ns2.provider.com."), //inherits NAMESERVER_TTL
   A("@","1.2.3.4"), // inherits DefaultTTL
   A("foo", "2.3.4.5", TTL(600)), // overrides DefaultTTL for this record only
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NAPTR.md b/documentation/language-reference/domain-modifiers/NAPTR.md
index 5a6a147b71..739c86e1a9 100644
--- a/documentation/language-reference/domain-modifiers/NAPTR.md
+++ b/documentation/language-reference/domain-modifiers/NAPTR.md
@@ -167,7 +167,7 @@ D("3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
   NAPTR("8",  10, 10, "u", "E2U+SIP", "!^.*$!sip:mike@example.com!", "."),
   NAPTR("9",  10, 10, "u", "E2U+SIP", "!^.*$!sip:linda@example.com!", "."),
   NAPTR("0",  10, 10, "u", "E2U+SIP", "!^.*$!sip:fax@example.com!", "."),
-END);
+);
 ```
 {% endcode %}
 
@@ -178,7 +178,7 @@ D("4.3.2.1.5.5.5.0.0.8.1.e164.arpa.", REG_MY_PROVIDER, DnsProvider(R53),
   NAPTR("@", 100, 50, "u", "E2U+SIP", "!^.*$!sip:customer-service@example.com!", "."),
   NAPTR("@", 101, 50, "u", "E2U+email", "!^.*$!mailto:information@example.com!", "."),
   NAPTR("@", 101, 50, "u", "smtp+E2U", "!^.*$!mailto:information@example.com!", "."),
-END);
+);
 ```
 {% endcode %}
 
@@ -199,7 +199,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("sip", "192.0.2.2"),
   AAAA("sip", "2001:db8::85a3"),
   // and so on
-END);
+);
 ```
 {% endcode %}
 
@@ -217,7 +217,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SRV("_z3950._tcp", 0, 0, 1000, "z3950.beast.example.com."),
   SRV("_http._tcp", 10, 0, 80, "foo.example.com."),
   // and so on
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NO_PURGE.md b/documentation/language-reference/domain-modifiers/NO_PURGE.md
index 229cda3b90..664a29da3b 100644
--- a/documentation/language-reference/domain-modifiers/NO_PURGE.md
+++ b/documentation/language-reference/domain-modifiers/NO_PURGE.md
@@ -29,7 +29,7 @@ in place.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER), NO_PURGE,
   A("foo","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/NS.md b/documentation/language-reference/domain-modifiers/NS.md
index d26d5936df..2d9bb3f3a0 100644
--- a/documentation/language-reference/domain-modifiers/NS.md
+++ b/documentation/language-reference/domain-modifiers/NS.md
@@ -25,6 +25,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   NS("foo", "ns2.example2.com."), // Delegate ".foo.example.com" zone to another server.
   A("ns1.example2.com", "10.10.10.10"), // Glue records
   A("ns2.example2.com", "10.10.10.20"), // Glue records
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/PTR.md b/documentation/language-reference/domain-modifiers/PTR.md
index 2853880280..ec51a43a5c 100644
--- a/documentation/language-reference/domain-modifiers/PTR.md
+++ b/documentation/language-reference/domain-modifiers/PTR.md
@@ -68,7 +68,7 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
   PTR("3", "baz.example.com."),
   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
   PTR("1.2.3.10", "ten.example.com."),    // "10"
-END);
+);
 ```
 {% endcode %}
 
@@ -76,7 +76,7 @@ END);
 ```javascript
 D(REV("9.9.9.128/25"), REGISTRAR, DnsProvider(BIND),
   PTR("9.9.9.129", "first.example.com."),
-END);
+);
 ```
 {% endcode %}
 
@@ -87,14 +87,14 @@ D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
   // If the first parameter is a valid IP address, DNSControl will generate the correct name:
   PTR("2001:db8:302::2", "two.example.com."),                          // "2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
   PTR("2001:db8:302::3", "three.example.com."),                        // "3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0"
-END);
+);
 ```
 {% endcode %}
 
 # Automatic forward and reverse lookups
 
 DNSControl does not automatically generate forward and reverse lookups. However
-it is possible to write a macro that does this by using the 
+it is possible to write a macro that does this by using the
 [`D_EXTEND()`](../global/D_EXTEND.md)
 function to insert `A` and `PTR` records into previously-defined domains.
 
@@ -111,10 +111,10 @@ function FORWARD_AND_REVERSE(ipaddr, fqdn) {
 
 D("example.com", REGISTRAR, DnsProvider(DSP_NONE),
     ...,
-END);
+);
 D(REV("10.20.30.0/24"), REGISTRAR, DnsProvider(DSP_NONE),
     ...,
-END);
+);
 
 FORWARD_AND_REVERSE("10.20.30.77", "foo.example.com.");
 FORWARD_AND_REVERSE("10.20.30.99", "bar.example.com.");
diff --git a/documentation/language-reference/domain-modifiers/PURGE.md b/documentation/language-reference/domain-modifiers/PURGE.md
index 7cc27651e2..7b7593d005 100644
--- a/documentation/language-reference/domain-modifiers/PURGE.md
+++ b/documentation/language-reference/domain-modifiers/PURGE.md
@@ -25,7 +25,7 @@ Purge is the default, but we set it anyway:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   PURGE,
-END);
+);
 ```
 {% endcode %}
 
@@ -39,6 +39,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   PURGE,
   NO_PURGE,
   PURGE,
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/R53_ALIAS.md b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
index 807a23f9cf..c7f4b0d0c0 100644
--- a/documentation/language-reference/domain-modifiers/R53_ALIAS.md
+++ b/documentation/language-reference/domain-modifiers/R53_ALIAS.md
@@ -49,6 +49,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider("ROUTE53"),
   R53_ALIAS("foo", "A", "blahblah.elasticloadbalancing.us-west-1.amazonaws.com.", R53_ZONE("Z368ELLRRE2KJ0"), R53_EVALUATE_TARGET_HEALTH(true)),     // a classic ELB in us-west-1 with target health evaluation enabled
   R53_ALIAS("foo", "A", "blahblah.elasticbeanstalk.us-west-2.amazonaws.com.", R53_ZONE("Z38NKT9BP95V3O")),     // an Elastic Beanstalk environment in us-west-2
   R53_ALIAS("foo", "A", "blahblah-bucket.s3-website-us-west-1.amazonaws.com.", R53_ZONE("Z2F56UZL2M1ACD")),     // a website S3 Bucket in us-west-1
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SOA.md b/documentation/language-reference/domain-modifiers/SOA.md
index 078c41b378..649bbdf324 100644
--- a/documentation/language-reference/domain-modifiers/SOA.md
+++ b/documentation/language-reference/domain-modifiers/SOA.md
@@ -26,7 +26,7 @@ parameter_types:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SOA("@", "ns3.example.com.", "hostmaster@example.com", 3600, 600, 604800, 1440),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/domain-modifiers/SPF_BUILDER.md b/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
index 71660b217b..daea3a41dd 100644
--- a/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
+++ b/documentation/language-reference/domain-modifiers/SPF_BUILDER.md
@@ -41,7 +41,7 @@ Here is an example of how SPF settings are normally done:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   TXT("v=spf1 ip4:198.252.206.0/24 ip4:192.111.0.0/24 include:_spf.google.com include:mailgun.org include:spf-basic.fogcreek.com include:mail.zendesk.com include:servers.mcsv.net include:sendgrid.net include:450622.spf05.hubspotemail.net ~all"),
-END)
+);
 ```
 {% endcode %}
 
@@ -81,7 +81,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
       "450622.spf05.hubspotemail.net" // Rationale: Unlikely to change without warning.
     ]
   }),
-END);
+);
 ```
 {% endcode %}
 
@@ -118,7 +118,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   }),
   ...
   ...
-END);
+);
 ```
 {% endcode %}
 
@@ -307,10 +307,10 @@ var SPF_MYSETTINGS = SPF_BUILDER({
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     SPF_MYSETTINGS,
-END);
+);
 
 D("example2.tld", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
      SPF_MYSETTINGS,
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SRV.md b/documentation/language-reference/domain-modifiers/SRV.md
index e52e1101d0..b0c4c71b0b 100644
--- a/documentation/language-reference/domain-modifiers/SRV.md
+++ b/documentation/language-reference/domain-modifiers/SRV.md
@@ -27,6 +27,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   //               pr  w   port, target
   SRV("_sip._tcp", 10, 60, 5060, "bigbox.example.com."),
   SRV("_sip._tcp", 10, 20, 5060, "smallbox1.example.com."),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SSHFP.md b/documentation/language-reference/domain-modifiers/SSHFP.md
index 6598b82149..6d10226290 100644
--- a/documentation/language-reference/domain-modifiers/SSHFP.md
+++ b/documentation/language-reference/domain-modifiers/SSHFP.md
@@ -40,6 +40,6 @@ parameter_types:
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SSHFP("@", 1, 1, "00yourAmazingFingerprint00"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/SVCB.md b/documentation/language-reference/domain-modifiers/SVCB.md
index 8972603683..1aef189ba9 100644
--- a/documentation/language-reference/domain-modifiers/SVCB.md
+++ b/documentation/language-reference/domain-modifiers/SVCB.md
@@ -26,6 +26,6 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   SVCB("@", 1, ".", "ipv4hint=123.123.123.123 alpn=h3,h2 port=443"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/TLSA.md b/documentation/language-reference/domain-modifiers/TLSA.md
index 6a626acfad..8299cbd9fa 100644
--- a/documentation/language-reference/domain-modifiers/TLSA.md
+++ b/documentation/language-reference/domain-modifiers/TLSA.md
@@ -27,6 +27,6 @@ Certificate is a hex string.
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   // Create TLSA record for certificate used on TCP port 443
   TLSA("_443._tcp", 3, 1, 1, "abcdef0"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/domain-modifiers/TXT.md b/documentation/language-reference/domain-modifiers/TXT.md
index 04f3eb9ef2..0b2edb70bd 100644
--- a/documentation/language-reference/domain-modifiers/TXT.md
+++ b/documentation/language-reference/domain-modifiers/TXT.md
@@ -31,7 +31,7 @@ Modifiers can be any number of [record modifiers](https://docs.dnscontrol.org/la
       TXT("quoted", "any "quotes" and escapes? ugh; no worries!"),
       TXT("_domainkey", "t=y; o=-;"), // Escapes are done for you automatically.
       TXT("long", "X".repeat(300)), // Long strings are split automatically.
-    END);
+    );
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/record-modifiers/TTL.md b/documentation/language-reference/record-modifiers/TTL.md
index e967638092..a76806e0be 100644
--- a/documentation/language-reference/record-modifiers/TTL.md
+++ b/documentation/language-reference/record-modifiers/TTL.md
@@ -32,6 +32,6 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("foo", "2.3.4.5", TTL(500)), // overrides default
   A("demo1", "3.4.5.11", TTL("5d")),  // 5 days
   A("demo2", "3.4.5.12", TTL("5w")),  // 5 weeks
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/D.md b/documentation/language-reference/top-level-functions/D.md
index 393170ac33..de6c0ccf80 100644
--- a/documentation/language-reference/top-level-functions/D.md
+++ b/documentation/language-reference/top-level-functions/D.md
@@ -27,7 +27,7 @@ Modifier arguments are processed according to type as follows:
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
   CNAME("test", "foo.example2.com."),
-END);
+);
 
 // "macro" for records that can be mixed into any zone
 var GOOGLE_APPS_DOMAIN_MX = [
@@ -42,7 +42,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
   CNAME("test", "foo.example2.com."),
   GOOGLE_APPS_DOMAIN_MX,
-END);
+);
 ```
 {% endcode %}
 
@@ -64,15 +64,15 @@ var DNS_OUTSIDE = NewDnsProvider("bind");
 
 D("example.com!inside", REG_THIRDPARTY, DnsProvider(DNS_INSIDE),
   A("www", "10.10.10.10"),
-END);
+);
 
 D("example.com!outside", REG_THIRDPARTY, DnsProvider(DNS_OUTSIDE),
   A("www", "20.20.20.20"),
-END);
+);
 
 D_EXTEND("example.com!inside",
   A("internal", "10.99.99.99"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/DEFAULTS.md b/documentation/language-reference/top-level-functions/DEFAULTS.md
index 17b54939e4..fb0eae9028 100644
--- a/documentation/language-reference/top-level-functions/DEFAULTS.md
+++ b/documentation/language-reference/top-level-functions/DEFAULTS.md
@@ -20,11 +20,11 @@ var COMMON = NewDnsProvider("foo");
 DEFAULTS(
   DnsProvider(COMMON, 0),
   DefaultTTL("1d"),
-END);
+);
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -37,6 +37,6 @@ DEFAULTS();
 
 D("example2.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
index b41aa374ee..5dca9adaff 100644
--- a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE.md
@@ -35,7 +35,7 @@ D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     NO_PURGE,
     NAMESERVER("ns1.foo.com"),
     NAMESERVER("ns2.foo.com"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
index be25be0836..49e4a2ccf4 100644
--- a/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
+++ b/documentation/language-reference/top-level-functions/DOMAIN_ELSEWHERE_AUTO.md
@@ -39,7 +39,7 @@ DOMAIN_ELSEWHERE_AUTO("example.com", REG_NAMEDOTCOM, DSP_AZURE);
 D("example.com", REG_NAMEDOTCOM,
     NO_PURGE,
     DnsProvider(DSP_AZURE),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/D_EXTEND.md b/documentation/language-reference/top-level-functions/D_EXTEND.md
index 55be8d0822..86c2998a27 100644
--- a/documentation/language-reference/top-level-functions/D_EXTEND.md
+++ b/documentation/language-reference/top-level-functions/D_EXTEND.md
@@ -39,24 +39,24 @@ D("domain.tld", REG_MY_PROVIDER, DnsProvider(DNS),
   A("@", "127.0.0.1"), // domain.tld
   A("www", "127.0.0.2"), // www.domain.tld
   CNAME("a", "b"), // a.domain.tld -> b.domain.tld
-END);
+);
 D_EXTEND("domain.tld",
   A("aaa", "127.0.0.3"), // aaa.domain.tld
   CNAME("c", "d"), // c.domain.tld -> d.domain.tld
-END);
+);
 D_EXTEND("sub.domain.tld",
   A("bbb", "127.0.0.4"), // bbb.sub.domain.tld
   A("ccc", "127.0.0.5"), // ccc.sub.domain.tld
   CNAME("e", "f"), // e.sub.domain.tld -> f.sub.domain.tld
-END);
+);
 D_EXTEND("sub.sub.domain.tld",
   A("ddd", "127.0.0.6"), // ddd.sub.sub.domain.tld
   CNAME("g", "h"), // g.sub.sub.domain.tld -> h.sub.sub.domain.tld
-END);
+);
 D_EXTEND("sub.domain.tld",
   A("@", "127.0.0.7"), // sub.domain.tld
   CNAME("i", "j"), // i.sub.domain.tld -> j.sub.domain.tld
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/FETCH.md b/documentation/language-reference/top-level-functions/FETCH.md
index 99b083001c..bebd11ef5f 100644
--- a/documentation/language-reference/top-level-functions/FETCH.md
+++ b/documentation/language-reference/top-level-functions/FETCH.md
@@ -24,7 +24,7 @@ Otherwise the syntax of `FETCH` is the same as `fetch`.
 ```javascript
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
   A("@", "1.2.3.4"),
-END);
+);
 
 FETCH("https://example.com", {
   // All three options below are optional
diff --git a/documentation/language-reference/top-level-functions/NewDnsProvider.md b/documentation/language-reference/top-level-functions/NewDnsProvider.md
index c44855cda4..fe333b767b 100644
--- a/documentation/language-reference/top-level-functions/NewDnsProvider.md
+++ b/documentation/language-reference/top-level-functions/NewDnsProvider.md
@@ -32,7 +32,7 @@ var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -45,6 +45,6 @@ var DNS_MYAWS = NewDnsProvider("myaws");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/NewRegistrar.md b/documentation/language-reference/top-level-functions/NewRegistrar.md
index 1eb3b69cb6..ce3d6566f4 100644
--- a/documentation/language-reference/top-level-functions/NewRegistrar.md
+++ b/documentation/language-reference/top-level-functions/NewRegistrar.md
@@ -32,7 +32,7 @@ var DNS_MYAWS = NewDnsProvider("myaws", "ROUTE53");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -45,6 +45,6 @@ var DNS_MYAWS = NewDnsProvider("myaws");
 
 D("example.com", REG_MYNDC, DnsProvider(DNS_MYAWS),
   A("@","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/language-reference/top-level-functions/REV.md b/documentation/language-reference/top-level-functions/REV.md
index 582ef57d28..a8a77dd44a 100644
--- a/documentation/language-reference/top-level-functions/REV.md
+++ b/documentation/language-reference/top-level-functions/REV.md
@@ -63,14 +63,14 @@ D(REV("1.2.3.0/24"), REGISTRAR, DnsProvider(BIND),
   PTR("3", "baz.example.com."),
   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("1.2.3.10", "ten.example.com."),
-END);
+);
 
 D(REV("2001:db8:302::/48"), REGISTRAR, DnsProvider(BIND),
   PTR("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0", "foo.example.com."),  // 2001:db8:302::1
   // If the first parameter is an IP address, DNSControl automatically calls REV() for you.
   PTR("2001:db8:302::2", "two.example.com."),                          // 2.0.0...
   PTR("2001:db8:302::3", "three.example.com."),                        // 3.0.0...
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/language-reference/top-level-functions/require.md b/documentation/language-reference/top-level-functions/require.md
index 6226e5c465..c6919e68a2 100644
--- a/documentation/language-reference/top-level-functions/require.md
+++ b/documentation/language-reference/top-level-functions/require.md
@@ -46,7 +46,7 @@ require("kubernetes/clusters.js");
 
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
     IncludeKubernetes(),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md b/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
index 9746454494..3875b1897b 100644
--- a/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
+++ b/documentation/markdown-examples/code/dnsconfig-code-example-with-filename.md
@@ -5,6 +5,6 @@ var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
     A("@", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/nameservers.md b/documentation/nameservers.md
index 7f62d8b3b1..13cc627f0a 100644
--- a/documentation/nameservers.md
+++ b/documentation/nameservers.md
@@ -46,7 +46,7 @@ Simplicity.
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -65,7 +65,7 @@ you want to use a high-performance DNS server.
 D("example.com", REG_NAMECOM,
   DnsProvider(DNS_AWS),
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -86,7 +86,7 @@ updating the zone's records (most likely at a different provider).
 D("example.com", REG_THIRDPARTY,
   DnsProvider(DNS_NAMECOM),
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -108,7 +108,7 @@ D("example.com", REG_NAMECOM,
   NAMESERVER("dns2.p03.nsone.net."),
   NAMESERVER("dns3.p03.nsone.net."),
   NAMESERVER("dns4.p03.nsone.net."),
-END);
+);
 ```
 {% endcode %}
 
@@ -131,7 +131,7 @@ D("example.com", REG_NAMECOM,
   NAMESERVER("kim.ns.cloudflare.com."),
   NAMESERVER("walt.ns.cloudflare.com."),
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -150,7 +150,7 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
   NAMESERVER("ns1.myexample.com"),
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -174,7 +174,7 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_CLOUDFLARE, 0), // Quietly send a copy of the zone here.
   DnsProvider(DNS_BIND, 0), // And here too!
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -204,7 +204,7 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_AWS, 2),  // Take 2 nameservers from AWS
   DnsProvider(DNS_GOOGLE, 2),  // Take 2 nameservers from GCP
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -233,7 +233,7 @@ D("example.com", REG_NAMECOM,
   DnsProvider(DNS_NAMECOM),
   DnsProvider(DNS_BIND, 0), // Don't activate any nameservers related to BIND.
   A("@", "10.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -257,7 +257,7 @@ var REG_MONITOR = NewRegistrar("DNS-over-HTTPS");
 D("example.com", REG_MONITOR,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/notifications.md b/documentation/notifications.md
index 5f730edd62..3d49959182 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -35,7 +35,7 @@ Below is an example where we add [the A record](language-reference/domain-modifi
 ```diff
 D("example.com", REG_MY_PROVIDER, DnsProvider(DSP_MY_PROVIDER),
 + A("foo", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/akamaiedgedns.md b/documentation/provider/akamaiedgedns.md
index 1877ab91b7..c611e04bf7 100644
--- a/documentation/provider/akamaiedgedns.md
+++ b/documentation/provider/akamaiedgedns.md
@@ -72,7 +72,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_AKAMAIEDGEDNS),
   AUTODNSSEC_ON,
   AKAMAICDN("@", "www.preconfigured.edgesuite.net", TTL(20)),
   A("foo", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/autodns.md b/documentation/provider/autodns.md
index cebc550b87..0b3de21b67 100644
--- a/documentation/provider/autodns.md
+++ b/documentation/provider/autodns.md
@@ -29,6 +29,6 @@ var DSP_AUTODNS = NewDnsProvider("autodns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AUTODNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/azure_dns.md b/documentation/provider/azure_dns.md
index 32157e342e..cde9e9c89b 100644
--- a/documentation/provider/azure_dns.md
+++ b/documentation/provider/azure_dns.md
@@ -60,7 +60,7 @@ var DSP_AZURE_MAIN = NewDnsProvider("azuredns_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AZURE_MAIN),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/azure_private_dns.md b/documentation/provider/azure_private_dns.md
index 85911429b2..4b0e130d9d 100644
--- a/documentation/provider/azure_private_dns.md
+++ b/documentation/provider/azure_private_dns.md
@@ -58,12 +58,12 @@ var DSP_AZURE_PRIVATE_MAIN = NewDnsProvider("azure_private_dns_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_AZURE_PRIVATE_MAIN),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
 ## Activation
-DNSControl depends on a standard [Client credentials Authentication](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) with permission to list, create and update private zones.  
+DNSControl depends on a standard [Client credentials Authentication](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest) with permission to list, create and update private zones.
 
 ## New domains
 
diff --git a/documentation/provider/bunny_dns.md b/documentation/provider/bunny_dns.md
index 6afe663980..a8c9d5ef2d 100644
--- a/documentation/provider/bunny_dns.md
+++ b/documentation/provider/bunny_dns.md
@@ -48,7 +48,7 @@ var DSP_BUNNY_DNS = NewDnsProvider("bunny_dns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_BUNNY_DNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cloudflareapi.md b/documentation/provider/cloudflareapi.md
index 009df860e5..48d47a1162 100644
--- a/documentation/provider/cloudflareapi.md
+++ b/documentation/provider/cloudflareapi.md
@@ -164,7 +164,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("www1","1.2.3.11", CF_PROXY_ON),        // turn proxy ON.
     A("www2","1.2.3.12", CF_PROXY_OFF),       // default is OFF, this is a no-op.
     A("www3","1.2.3.13", {"cloudflare_proxy": "on"}), // Old format.
-END);
+);
 ```
 {% endcode %}
 
@@ -183,7 +183,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("another", "1.2.3.6", CF_PROXY_ON),
     ALIAS("@", "www.example.com.", CF_PROXY_ON),
     CNAME("myalias", "www.example.com.", CF_PROXY_ON),
-END);
+);
 
 // Example domain where the CF proxy default is set to "on":
 D("example2.tld", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
@@ -193,7 +193,7 @@ D("example2.tld", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("another", "1.2.3.6"),
     ALIAS("@", "www.example2.tld."),
     CNAME("myalias", "www.example2.tld."),
-END);
+);
 ```
 {% endcode %}
 
@@ -351,7 +351,7 @@ D("chiphacker.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     A("meta", "1.2.3.4", CF_PROXY_ON),
 
     // ...
-END);
+);
 ```
 {% endcode %}
 
@@ -374,7 +374,7 @@ D("foo.com", REG_NONE, DnsProvider(DSP_CLOUDFLARE),
     // Assign the patterns `api.foo.com/*` and `foo.com/api/*` to `my-worker` script.
     CF_WORKER_ROUTE("api.foo.com/*", "my-worker"),
     CF_WORKER_ROUTE("foo.com/api/*", "my-worker"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cloudns.md b/documentation/provider/cloudns.md
index a2f19d38e2..727acea495 100644
--- a/documentation/provider/cloudns.md
+++ b/documentation/provider/cloudns.md
@@ -43,7 +43,7 @@ var DSP_CLOUDNS = NewDnsProvider("cloudns");
 D("example.com", REG_NONE, DnsProvider(DSP_CLOUDNS),
   CLOUDNS_WR("@", "http://example.com/"),
   CLOUDNS_WR("www", "http://example.com/"),
-END)
+);
 ```
 {% endcode %}
 
@@ -57,7 +57,7 @@ var DSP_CLOUDNS = NewDnsProvider("cloudns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_CLOUDNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cnr.md b/documentation/provider/cnr.md
index b7583726dc..a439fd04b1 100644
--- a/documentation/provider/cnr.md
+++ b/documentation/provider/cnr.md
@@ -88,7 +88,7 @@ D("example.com", REG_CNR, DnsProvider(DSP_CNR),
     NAMESERVER("ns4.rrpproxy.net"),
     A("elk1", "10.190.234.178"),
     A("test", "56.123.54.12"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/cscglobal.md b/documentation/provider/cscglobal.md
index b0542615ac..922861f971 100644
--- a/documentation/provider/cscglobal.md
+++ b/documentation/provider/cscglobal.md
@@ -38,7 +38,7 @@ var DSP_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_CSCGLOBAL, DnsProvider(DSP_BIND),
   A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/desec.md b/documentation/provider/desec.md
index 397912804c..fb70afee90 100644
--- a/documentation/provider/desec.md
+++ b/documentation/provider/desec.md
@@ -29,7 +29,7 @@ var DSP_DESEC = NewDnsProvider("desec");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DESEC),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -42,5 +42,5 @@ deSEC enforces a daily limit of 300 RRset creation/deletion/modification per
 domain. Large changes may have to be done over the course of a few days.  The
 integration test suite can not be run in a single session. See
 [https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling](https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling)
-{% endhint %} 
+{% endhint %}
 
diff --git a/documentation/provider/digitalocean.md b/documentation/provider/digitalocean.md
index e9e3311d08..bb83d34f79 100644
--- a/documentation/provider/digitalocean.md
+++ b/documentation/provider/digitalocean.md
@@ -29,7 +29,7 @@ var DSP_DIGITALOCEAN = NewDnsProvider("mydigitalocean");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DIGITALOCEAN),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsimple.md b/documentation/provider/dnsimple.md
index a27a3ed353..0560b404fb 100644
--- a/documentation/provider/dnsimple.md
+++ b/documentation/provider/dnsimple.md
@@ -38,7 +38,7 @@ var DSP_DNSIMPLE = NewDnsProvider("dnsimple");
 
 D("example.com", REG_DNSIMPLE, DnsProvider(DSP_DNSIMPLE),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsmadeeasy.md b/documentation/provider/dnsmadeeasy.md
index 388315564b..027b58e156 100644
--- a/documentation/provider/dnsmadeeasy.md
+++ b/documentation/provider/dnsmadeeasy.md
@@ -38,7 +38,7 @@ var DSP_DNSMADEEASY = NewDnsProvider("dnsmadeeasy");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DNSMADEEASY),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/dnsoverhttps.md b/documentation/provider/dnsoverhttps.md
index 399eb0260a..002a88c315 100644
--- a/documentation/provider/dnsoverhttps.md
+++ b/documentation/provider/dnsoverhttps.md
@@ -48,7 +48,7 @@ var REG_MONITOR = NewRegistrar("dohcloudflare");
 D("example.com", REG_MONITOR,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/domainnameshop.md b/documentation/provider/domainnameshop.md
index 9b6a9cc88a..49a589eff0 100644
--- a/documentation/provider/domainnameshop.md
+++ b/documentation/provider/domainnameshop.md
@@ -30,7 +30,7 @@ var DSP_DOMAINNAMESHOP = NewDnsProvider("mydomainnameshop");
 
 D("example.com", REG_NONE, DnsProvider(DSP_DOMAINNAMESHOP),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/easyname.md b/documentation/provider/easyname.md
index fd93d999aa..748d771f70 100644
--- a/documentation/provider/easyname.md
+++ b/documentation/provider/easyname.md
@@ -35,7 +35,7 @@ var REG_EASYNAME = NewRegistrar("easyname");
 D("example.com", REG_EASYNAME,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/exoscale.md b/documentation/provider/exoscale.md
index e57ba347ed..2f3d2dd5f6 100644
--- a/documentation/provider/exoscale.md
+++ b/documentation/provider/exoscale.md
@@ -14,6 +14,6 @@ var DSP_EXOSCALE = NewDnsProvider("exoscale");
 
 D("example.com", REG_NONE, DnsProvider(DSP_EXOSCALE),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/gandi_v5.md b/documentation/provider/gandi_v5.md
index 4f1942d000..9253f3a32f 100644
--- a/documentation/provider/gandi_v5.md
+++ b/documentation/provider/gandi_v5.md
@@ -91,7 +91,7 @@ var DSP_GANDI = NewDnsProvider("gandi");
 
 D("example.com", REG_GANDI, DnsProvider(DSP_GANDI),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/gcloud.md b/documentation/provider/gcloud.md
index 66e6defb61..b53093ebcb 100644
--- a/documentation/provider/gcloud.md
+++ b/documentation/provider/gcloud.md
@@ -66,7 +66,7 @@ var DSP_GCLOUD = NewDnsProvider("gcloud");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_GCLOUD),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -109,7 +109,7 @@ var DSP_GCLOUD = NewDnsProvider("gcloud", {
 
 D("example.tld", REG_NAMECOM, DnsProvider(DSP_GCLOUD),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/gcore.md b/documentation/provider/gcore.md
index 8fec085672..a034b163bd 100644
--- a/documentation/provider/gcore.md
+++ b/documentation/provider/gcore.md
@@ -91,7 +91,7 @@ var DSP_GCORE = NewDnsProvider("gcore");
 
 D("example.com", REG_NONE, DnsProvider(DSP_GCORE),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -145,7 +145,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_GCORE),
         gcore_weight: '34',
         gcore_ip: '1.2.3.5',
     }),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hedns.md b/documentation/provider/hedns.md
index a5aa66aaf0..3cf294264f 100644
--- a/documentation/provider/hedns.md
+++ b/documentation/provider/hedns.md
@@ -112,6 +112,6 @@ var DSP_HEDNS = NewDnsProvider("hedns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_HEDNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/hetzner.md b/documentation/provider/hetzner.md
index b6c3cf3e91..0616f878fe 100644
--- a/documentation/provider/hetzner.md
+++ b/documentation/provider/hetzner.md
@@ -32,7 +32,7 @@ var DSP_HETZNER = NewDnsProvider("hetzner");
 
 D("example.com", REG_NONE, DnsProvider(DSP_HETZNER),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hexonet.md b/documentation/provider/hexonet.md
index 83b5ba5f63..fe04a57a56 100644
--- a/documentation/provider/hexonet.md
+++ b/documentation/provider/hexonet.md
@@ -92,7 +92,7 @@ D("example.com", REG_HEXONET, DnsProvider(DSP_HEXONET),
     NAMESERVER("ns4.ispapi.net"),
     A("elk1", "10.190.234.178"),
     A("test", "56.123.54.12"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/hostingde.md b/documentation/provider/hostingde.md
index 56f1abceca..3d96731bba 100644
--- a/documentation/provider/hostingde.md
+++ b/documentation/provider/hostingde.md
@@ -27,7 +27,7 @@ var DSP_HOSTINGDE = NewDnsProvider("hosting.de");
 
 D("example.com", REG_HOSTINGDE, DnsProvider(DSP_HOSTINGDE),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/huaweicloud.md b/documentation/provider/huaweicloud.md
index a67346f420..6804e3329f 100644
--- a/documentation/provider/huaweicloud.md
+++ b/documentation/provider/huaweicloud.md
@@ -48,7 +48,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_HWCLOUD),
     A("rr-lb", "10.0.1.1", {hw_weight: "10", hw_rrset_key: "lb-zone-b"}),
     A("rr-lb", "10.0.1.2", {hw_weight: "10", hw_rrset_key: "lb-zone-b"}),
     A("rr-lb", "10.0.2.2", {hw_weight: "0",  hw_rrset_key: "lb-zone-c"}),
-END);
+);
 ```
 {% endcode %}
 
@@ -62,7 +62,7 @@ var DSP_HWCLOUD = NewDnsProvider("huaweicloud");
 
 D("example.com", REG_NONE, DnsProvider(DSP_HWCLOUD),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/internetbs.md b/documentation/provider/internetbs.md
index 02f982c341..3727da2809 100644
--- a/documentation/provider/internetbs.md
+++ b/documentation/provider/internetbs.md
@@ -32,7 +32,7 @@ var REG_INTERNETBS = NewRegistrar("internetbs");
 D("example.com", REG_INTERNETBS,
   NAMESERVER("ns1.example.com."),
   NAMESERVER("ns2.example.com."),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/inwx.md b/documentation/provider/inwx.md
index 2470fba5ed..dcd1279acd 100644
--- a/documentation/provider/inwx.md
+++ b/documentation/provider/inwx.md
@@ -106,6 +106,6 @@ var DSP_CF = NewDnsProvider("cloudflare");
 
 D("example.com", REG_INWX, DnsProvider(DSP_CF),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/linode.md b/documentation/provider/linode.md
index 76834e46b4..090e41f3ae 100644
--- a/documentation/provider/linode.md
+++ b/documentation/provider/linode.md
@@ -29,7 +29,7 @@ var DSP_LINODE = NewDnsProvider("linode");
 
 D("example.com", REG_NONE, DnsProvider(DSP_LINODE),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/loopia.md b/documentation/provider/loopia.md
index 9b0ce5ae96..b1616ccea0 100644
--- a/documentation/provider/loopia.md
+++ b/documentation/provider/loopia.md
@@ -1,10 +1,10 @@
 Loopia is a 💩 provider of DNS. Using DNSControl hides some of the 💩.
 If you are stuck with Loopia, hopefully this will reduce the pain.
 
-They provide DNS services, both as a registrar, and a provider. 
+They provide DNS services, both as a registrar, and a provider.
 They provide support in English and other regional variants (Norwegian, Serbian, Swedish).
 
-This plugin is based on API documents found at 
+This plugin is based on API documents found at
 [https://www.loopia.com/api/](https://www.loopia.com/api/)
 and by observing API responses. Hat tip to GitHub @hazzeh whose code for the
 LEGO Loopia implementation was helpful.
@@ -50,7 +50,7 @@ Example:
     "TYPE": "LOOPIA",
     "username": "your-loopia-api-account-id@loopiaapi",
     "password": "your-loopia-api-account-password",
-    "debug": "true" // Set to true for extra debug output. Remove or set to false to prevent extra debug output. 
+    "debug": "true" // Set to true for extra debug output. Remove or set to false to prevent extra debug output.
   }
 }
 ```
@@ -60,7 +60,7 @@ Example:
 
 * `username` - string - your @loopiaapi created username
 * `password` - string - your loopia API password
-* `debug` - string - Set to true for extra debug output. Remove or set to false to prevent extra debug output. 
+* `debug` - string - Set to true for extra debug output. Remove or set to false to prevent extra debug output.
 * `rate_limit_per` - string - See [Rate Limiting](#rate-limiting) below.
 * `region` - string - See [Regions](#regions) below.
 * `modify_name_servers` - string - See [Modify Name Servers](#modify-name-servers) below.
@@ -69,7 +69,7 @@ Example:
 There is no test endpoint. Fly free, grasshopper.
 
 Turning on debug will show the XML requests and responses, and include the
-username and password from your `creds.json` file. If you want to share these, 
+username and password from your `creds.json` file. If you want to share these,
 like for a GitHub issue, be sure to redact those from the XML.
 
 ### Fetch Apex NS Entries
@@ -114,7 +114,7 @@ This setting defaults to "false" (off).
 `creds.json` setting: `region`
 
 
-Loopia operate in a few regions. Norway (`no`), Serbia (`rs`), Sweden (`se`). 
+Loopia operate in a few regions. Norway (`no`), Serbia (`rs`), Sweden (`se`).
 
 For the parameter `region`, specify one of `no`, `rs`, `se`, or omit, or leave empty for the default `se` Sweden.
 
@@ -167,7 +167,7 @@ In your `creds.json` for all `LOOPIA` provider entries:
     "TYPE": "LOOPIA",
     "username": "your-loopia-api-account-id@loopiaapi",
     "password": "your-loopia-api-account-password",
-    "debug": "true", // Set to true for extra debug output. Remove or set to false to prevent extra debug output. 
+    "debug": "true", // Set to true for extra debug output. Remove or set to false to prevent extra debug output.
     "rate_limit_per": "Minute"
   }
 }
@@ -199,7 +199,7 @@ D("example.com", REG_LOOPIA, DnsProvider(DSP_LOOPIA),
     //NAMESERVER("ns2.loopia.se."), //default
     A("elk1", "192.0.2.1"),
     A("test", "192.0.2.2"),
-END);
+);
 ```
 {% endcode %}
 
@@ -217,7 +217,7 @@ This provider does not recognize any special metadata fields unique to LOOPIA.
 
 ## get-zones
 
-`dnscontrol get-zones` is implemented for this provider. 
+`dnscontrol get-zones` is implemented for this provider.
 
 
 ## New domains
diff --git a/documentation/provider/luadns.md b/documentation/provider/luadns.md
index 46e0f3418d..8dd8af63f7 100644
--- a/documentation/provider/luadns.md
+++ b/documentation/provider/luadns.md
@@ -30,7 +30,7 @@ var DSP_LUADNS = NewDnsProvider("luadns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_LUADNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/msdns.md b/documentation/provider/msdns.md
index a80b8d1925..c7566fcaa1 100644
--- a/documentation/provider/msdns.md
+++ b/documentation/provider/msdns.md
@@ -55,6 +55,6 @@ var DSP_MSDNS = NewDnsProvider("msdns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_MSDNS),
       A("test", "1.2.3.4"),
-END)
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/mythicbeasts.md b/documentation/provider/mythicbeasts.md
index bf663c705d..40c65b7fea 100644
--- a/documentation/provider/mythicbeasts.md
+++ b/documentation/provider/mythicbeasts.md
@@ -34,6 +34,6 @@ var DSP_MYTHIC = NewDnsProvider("mythicbeasts");
 
 D("example.com", REG_NONE, DnsProvider(DSP_MYTHIC),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/namecheap.md b/documentation/provider/namecheap.md
index 1ea060b877..b3c2e1f427 100644
--- a/documentation/provider/namecheap.md
+++ b/documentation/provider/namecheap.md
@@ -52,7 +52,7 @@ var DSP_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NAMECHEAP, DnsProvider(DSP_BIND),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -68,7 +68,7 @@ D("example.com", REG_NAMECHEAP, DnsProvider(DSP_NAMECHEAP),
   URL("@", "http://example.com/"),
   URL("www", "http://example.com/"),
   URL301("backup", "http://backup.example.com/"),
-END)
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/namedotcom.md b/documentation/provider/namedotcom.md
index 1735d748dc..949be1bc61 100644
--- a/documentation/provider/namedotcom.md
+++ b/documentation/provider/namedotcom.md
@@ -45,7 +45,7 @@ var DSP_NAMECOM = NewDnsProvider("name.com");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_NAMECOM),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -59,7 +59,7 @@ var DSP_R53 = NewDnsProvider("r53");
 
 D("example.com", REG_NAMECOM, DnsProvider(DSP_R53),
     A("test","1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/netcup.md b/documentation/provider/netcup.md
index 2891a07bd0..1e86606679 100644
--- a/documentation/provider/netcup.md
+++ b/documentation/provider/netcup.md
@@ -28,7 +28,7 @@ var DSP_NETCUP = NewDnsProvider("netcup");
 
 D("example.com", REG_NONE, DnsProvider(DSP_NETCUP),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/netlify.md b/documentation/provider/netlify.md
index 59bf361a98..cf0b5c818c 100644
--- a/documentation/provider/netlify.md
+++ b/documentation/provider/netlify.md
@@ -31,7 +31,7 @@ var DSP_NETLIFY = NewDnsProvider("netlify");
 
 D("example.com", REG_NETLIFY, DnsProvider(DSP_NETLIFY),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/ns1.md b/documentation/provider/ns1.md
index 391aded8cf..7c588a44e5 100644
--- a/documentation/provider/ns1.md
+++ b/documentation/provider/ns1.md
@@ -29,6 +29,6 @@ var DSP_NS1 = NewDnsProvider("ns1");
 
 D("example.com", REG_NONE, DnsProvider(DSP_NS1),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/opensrs.md b/documentation/provider/opensrs.md
index 82c068da5c..21278b6bdd 100644
--- a/documentation/provider/opensrs.md
+++ b/documentation/provider/opensrs.md
@@ -14,6 +14,6 @@ var DSP_OPENSRS = NewDnsProvider("opensrs");
 
 D("example.com", REG_NONE, DnsProvider(DSP_OPENSRS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/oracle.md b/documentation/provider/oracle.md
index d9fc992293..abe88dde52 100644
--- a/documentation/provider/oracle.md
+++ b/documentation/provider/oracle.md
@@ -41,7 +41,7 @@ D("example.com", REG_NONE, DnsProvider(DSP_ORACLE),
     NAMESERVER_TTL(86400),
 
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/ovh.md b/documentation/provider/ovh.md
index 0e95ab79bc..33d9b7a47c 100644
--- a/documentation/provider/ovh.md
+++ b/documentation/provider/ovh.md
@@ -43,7 +43,7 @@ var DSP_OVH = NewDnsProvider("ovh");
 
 D("example.com", REG_OVH, DnsProvider(DSP_OVH),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -56,7 +56,7 @@ var DSP_R53 = NewDnsProvider("r53");
 
 D("example.com", REG_OVH, DnsProvider(DSP_R53),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/packetframe.md b/documentation/provider/packetframe.md
index 8f7d8e6b96..a67e490c20 100644
--- a/documentation/provider/packetframe.md
+++ b/documentation/provider/packetframe.md
@@ -29,6 +29,6 @@ var DSP_PACKETFRAME = NewDnsProvider("packetframe");
 
 D("example.com", REG_NONE, DnsProvider(DSP_PACKETFRAME),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/porkbun.md b/documentation/provider/porkbun.md
index 976579c616..e162842291 100644
--- a/documentation/provider/porkbun.md
+++ b/documentation/provider/porkbun.md
@@ -32,6 +32,6 @@ var DSP_PORKBUN = NewDnsProvider("porkbun");
 
 D("example.com", REG_NONE, DnsProvider(DSP_PORKBUN),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/powerdns.md b/documentation/provider/powerdns.md
index f0aafd72f7..f451e9ff94 100644
--- a/documentation/provider/powerdns.md
+++ b/documentation/provider/powerdns.md
@@ -56,7 +56,7 @@ var DSP_POWERDNS = NewDnsProvider("powerdns");
 
 D("example.com", REG_NONE, DnsProvider(DSP_POWERDNS),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/realtimeregister.md b/documentation/provider/realtimeregister.md
index cbddfb90eb..ab41b216e8 100644
--- a/documentation/provider/realtimeregister.md
+++ b/documentation/provider/realtimeregister.md
@@ -43,6 +43,6 @@ var DSP_RTR = NewDnsProvider("realtimeregister");
 
 D("example.com", REG_RTR, DnsProvider(DSP_RTR),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/route53.md b/documentation/provider/route53.md
index 9b071a6bf8..2d0f1925ad 100644
--- a/documentation/provider/route53.md
+++ b/documentation/provider/route53.md
@@ -74,7 +74,7 @@ var DSP_R53 = NewDnsProvider("r53_main");
 
 D("example.com", REG_NONE, DnsProvider(DSP_R53),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -94,13 +94,13 @@ D("testzone.net!private", REG_NONE,
     DnsProvider(DSP_R53),
     R53_ZONE("Z111111111JCCCP1V7UW"),
     TXT("me", "private testzone.net"),
-END);
+);
 
 D("testzone.net!public", REG_NONE,
     DnsProvider(DSP_R53),
     R53_ZONE("Z222222222INNG98SHJQ2"),
     TXT("me", "public testzone.net"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/rwth.md b/documentation/provider/rwth.md
index 1bae309e7a..06ea021695 100644
--- a/documentation/provider/rwth.md
+++ b/documentation/provider/rwth.md
@@ -29,7 +29,7 @@ var DSP_RWTH = NewDnsProvider("rwth");
 
 D("example.rwth-aachen.de", REG_NONE, DnsProvider(DSP_RWTH),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/sakuracloud.md b/documentation/provider/sakuracloud.md
index 275649a9a7..f7fb2bf1d6 100644
--- a/documentation/provider/sakuracloud.md
+++ b/documentation/provider/sakuracloud.md
@@ -63,7 +63,7 @@ var DSP_SAKURACLOUD = NewDnsProvider("sakuracloud");
 
 D("example.com", REG_NONE, DnsProvider(DSP_SAKURACLOUD),
   A("test", "192.0.2.1"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/softlayer.md b/documentation/provider/softlayer.md
index ce6643afb5..9f0cd58c09 100644
--- a/documentation/provider/softlayer.md
+++ b/documentation/provider/softlayer.md
@@ -37,7 +37,7 @@ var DSP_SOFTLAYER = NewDnsProvider("softlayer");
 
 D("example.com", REG_NONE, DnsProvider(DSP_SOFTLAYER),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
@@ -54,6 +54,6 @@ D("example.com", REG_NONE, DnsProvider(SOFTLAYER),
     NAMESERVER_TTL(86400),
 
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
diff --git a/documentation/provider/transip.md b/documentation/provider/transip.md
index a7017cdf6f..624ace0bc4 100644
--- a/documentation/provider/transip.md
+++ b/documentation/provider/transip.md
@@ -52,7 +52,7 @@ var DSP_TRANSIP = NewDnsProvider("transip");
 
 D("example.com", REG_NONE, DnsProvider(DSP_TRANSIP),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/provider/vultr.md b/documentation/provider/vultr.md
index 8b34a8d865..42a91b0991 100644
--- a/documentation/provider/vultr.md
+++ b/documentation/provider/vultr.md
@@ -30,7 +30,7 @@ var DSP_VULTR = NewDnsProvider("vultr");
 
 D("example.com", REG_DNSIMPLE, DnsProvider(DSP_VULTR),
     A("test", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 
diff --git a/documentation/styleguide-doc.md b/documentation/styleguide-doc.md
index af260fb039..dbbff9ead1 100644
--- a/documentation/styleguide-doc.md
+++ b/documentation/styleguide-doc.md
@@ -122,7 +122,7 @@ var DNS_BIND = NewDnsProvider("bind");
 
 D("example.com", REG_NONE, DnsProvider(DNS_BIND),
     A("@", "1.2.3.4"),
-END);
+);
 ```
 {% endcode %}
 

From c74fbd519519dc2fa6b5c177c52743f8de21cd5d Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 17 Dec 2024 08:59:19 -0500
Subject: [PATCH 423/438] CHORE: update deps (#3256)

---
 go.mod | 12 ++++++------
 go.sum | 28 ++++++++++++++--------------
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/go.mod b/go.mod
index 0bbbe6e6d8..cb3f53f88f 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.28.6
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.47
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3
-	github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7
+	github.com/aws/aws-sdk-go-v2/service/route53domains v1.28.0
 	github.com/babolivier/go-doh-client v0.0.0-20201028162107-a76cff4cb8b6
 	github.com/billputer/go-namecheap v0.0.0-20210108011502-994a912fb7f9
 	github.com/centralnicgroup-opensource/rtldev-middleware-go-sdk/v4 v4.0.7
@@ -52,8 +52,8 @@ require (
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
-	google.golang.org/api v0.211.0
-	gopkg.in/ns1/ns1-go.v2 v2.12.2
+	google.golang.org/api v0.212.0
+	gopkg.in/ns1/ns1-go.v2 v2.13.0
 )
 
 require (
@@ -72,16 +72,16 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/oracle/oci-go-sdk/v65 v65.80.0
 	github.com/vultr/govultr/v2 v2.17.2
-	golang.org/x/exp v0.0.0-20241210194714-1829a127f884
+	golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e
 	golang.org/x/text v0.21.0
 	golang.org/x/time v0.8.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
-	cloud.google.com/go/auth v0.12.1 // indirect
+	cloud.google.com/go/auth v0.13.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect
-	cloud.google.com/go/compute/metadata v0.5.2 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
diff --git a/go.sum b/go.sum
index 803fe831bb..dfe4fd814f 100644
--- a/go.sum
+++ b/go.sum
@@ -1,10 +1,10 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4=
-cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4=
+cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs=
+cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q=
 cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU=
 cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
-cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
-cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
+cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
@@ -66,8 +66,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6 h1:50+XsN70R
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.6/go.mod h1:WqgLmwY7so32kG01zD8CPTJWVWM+TzJoOVHwTg4aPug=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3 h1:pDBrvz7CMK381q5U+nPqtSQZZid5z1XH8lsI6kHNcSY=
 github.com/aws/aws-sdk-go-v2/service/route53 v1.46.3/go.mod h1:rDMeB13C/RS0/zw68RQD4LLiWChf5tZBKjEQmjtHa/c=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7 h1:cUSak+oDWuKhl3doMhJkm8adfJcP6wRz9Alh9HxDQJI=
-github.com/aws/aws-sdk-go-v2/service/route53domains v1.27.7/go.mod h1:c4Zcr9bz35UJ07RC3cR/zBdpFn7ZjZqy/ow+oN0+NEo=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.28.0 h1:D7xRgsQnKiC/BQOVfG9DrsdRo2PIPwCwgHb6EpKLjFQ=
+github.com/aws/aws-sdk-go-v2/service/route53domains v1.28.0/go.mod h1:c4Zcr9bz35UJ07RC3cR/zBdpFn7ZjZqy/ow+oN0+NEo=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7 h1:rLnYAfXQ3YAccocshIH5mzNNwZBkBo+bP6EhIxak6Hw=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.7/go.mod h1:ZHtuQJ6t9A/+YDuxOLnbryAmITtr8UysSny3qcyvJTc=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.6 h1:JnhTZR3PiYDNKlXy50/pNeix9aGMo6lLpXwJ1mw8MD4=
@@ -464,8 +464,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
 golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU=
-golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
+golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4=
+golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
@@ -576,15 +576,15 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg=
-google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0=
+google.golang.org/api v0.212.0 h1:BcRj3MJfHF3FYD29rk7u9kuu1SyfGqfHcA0hSwKqkHg=
+google.golang.org/api v0.212.0/go.mod h1:gICpLlpp12/E8mycRMzgy3SQ9cFh2XnVJ6vJi/kQbvI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU=
-google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -616,8 +616,8 @@ gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaD
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ns1/ns1-go.v2 v2.12.2 h1:SPM5BTTMJ1zVBhMMiiPFdF7l6Y3fq5o7bKM7jDqsUfM=
-gopkg.in/ns1/ns1-go.v2 v2.12.2/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
+gopkg.in/ns1/ns1-go.v2 v2.13.0 h1:I5NNqI9Bi1SGK92TVkOvLTwux5LNrix/99H2datVh48=
+gopkg.in/ns1/ns1-go.v2 v2.13.0/go.mod h1:pfaU0vECVP7DIOr453z03HXS6dFJpXdNRwOyRzwmPSc=
 gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
 gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
 gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=

From 7f477d8023ce53b59bacc0598f7e89f1e3e0313a Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Tue, 17 Dec 2024 10:35:19 -0500
Subject: [PATCH 424/438] CI/CD: Run integration tests and GoReleaser
 concurrently (#3258)

---
 .github/workflows/pr_build.yml                | 83 ++++++++++++++++++
 .../{pr_test.yml => pr_integration_tests.yml} | 85 ++++++-------------
 .github/workflows/release_draft.yml           |  4 +-
 3 files changed, 112 insertions(+), 60 deletions(-)
 create mode 100644 .github/workflows/pr_build.yml
 rename .github/workflows/{pr_test.yml => pr_integration_tests.yml} (78%)

diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
new file mode 100644
index 0000000000..6257fca58f
--- /dev/null
+++ b/.github/workflows/pr_build.yml
@@ -0,0 +1,83 @@
+name: "PR: Run Unit tests and Build artifacts for all platforms"
+
+# When will this pipeline be activated?
+# 1. On any pull-request, or if someone pushes to a branch called
+# "tlim_testpr".
+on:
+  pull_request:
+  workflow_dispatch:
+  # Want to trigger all the tests without making a PR?
+  # Run: git push origin main:tlim_testpr --force
+  # This will trigger a full PR test on the main branch.
+  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
+  push:
+    branches:
+      - 'tlim_testpr'
+
+# Environment Variables
+env:
+  # cache-key: Change to force cache reset `pwsh > Get-Date -UFormat %s`
+  cache-key: 1639697695
+  # go-mod-path: Where go-mod writes temp files
+  go-mod-path: /go/pkg/mod
+  # BIND_DOMAIN: BIND is the one providers that we always test. By
+  # defining this here, we know it will always be set.
+  BIND_DOMAIN: example.com
+
+jobs:
+
+# Run unit tests:
+
+  build:
+    runs-on: ubuntu-latest
+    env:
+      TEST_RESULTS: "/tmp/test-results"
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version: stable
+    - name: restore_cache
+      uses: actions/cache@v4.2.0
+      with:
+        key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
+        restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
+        path: ${{ env.go-mod-path }}
+    - run: mkdir -p "$TEST_RESULTS"
+    - name: Run unit tests
+      run: |
+        go install gotest.tools/gotestsum@latest
+        gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
+#    - name: Enforce Go Formatted Code
+#      run: "[ `go fmt ./... | wc -l` -eq 0 ]"
+    - uses: actions/upload-artifact@v4.4.3
+      with:
+        name: unit-tests
+        path: ${{ env.TEST_RESULTS }}
+
+# build: Use GoReleaser to build binaries for all platforms.
+
+    # Stringer is needed because .goreleaser includes "go generate ./..."
+    - name: Install stringer
+      run: |
+        go install golang.org/x/tools/cmd/stringer@latest
+
+    -
+      id: build_binaries_tagged
+      name: Build binaries (if tagged)
+      if: github.ref_type == 'tag'
+      uses: goreleaser/goreleaser-action@v6
+      with:
+        distribution: goreleaser
+        version: latest
+        args: build
+    -
+      id: build_binaries_not_tagged
+      name: Build binaries (not tagged)
+      if: github.ref_type != 'tag'
+      uses: goreleaser/goreleaser-action@v6
+      with:
+        args: build --snapshot
diff --git a/.github/workflows/pr_test.yml b/.github/workflows/pr_integration_tests.yml
similarity index 78%
rename from .github/workflows/pr_test.yml
rename to .github/workflows/pr_integration_tests.yml
index e82e794ead..46842cc241 100644
--- a/.github/workflows/pr_test.yml
+++ b/.github/workflows/pr_integration_tests.yml
@@ -1,73 +1,37 @@
-name: "PR: Run all tests"
+name: "PR: Run integration tests"
+
+# When will this pipeline be activated?
+# 1. On any pull-request, or if someone pushes to a branch called
+# "tlim_testpr".
 on:
-  # git push origin main:tlim_testpr --force
-  # will trigger a full PR test on the main branch:
-  # https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
+  pull_request:
+  workflow_dispatch:
+  # Want to trigger all the tests without making a PR?
+  # Run: git push origin main:tlim_testpr --force
+  # This will trigger a full PR test on the main branch.
+  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
   push:
     branches:
       - 'tlim_testpr'
-  pull_request:
-  workflow_dispatch:
 
+# Environment Variables
 env:
-  cache-key: 1639697695 #Change to force cache reset `pwsh > Get-Date -UFormat %s`
+  # cache-key: Change to force cache reset `pwsh > Get-Date -UFormat %s`
+  cache-key: 1639697695
+  # go-mod-path: Where go-mod writes temp files
   go-mod-path: /go/pkg/mod
+  # BIND_DOMAIN: BIND is the one providers that we always test. By
+  # defining this here, we know it will always be set.
   BIND_DOMAIN: example.com
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    env:
-      TEST_RESULTS: "/tmp/test-results"
-    steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: stable
-    - name: restore_cache
-      uses: actions/cache@v4.2.0
-      with:
-        key: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-        restore-keys: linux-go-${{ hashFiles('go.sum') }}-${{ env.cache-key }}
-        path: ${{ env.go-mod-path }}
-    - run: mkdir -p "$TEST_RESULTS"
-    - name: Run unit tests
-      run: |
-        go install gotest.tools/gotestsum@latest
-        gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
-    - name: Enforce Go Formatted Code
-      run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.4.3
-      with:
-        name: unit-tests
-        path: ${{ env.TEST_RESULTS }}
-
-# Stringer is needed because .goreleaser includes "go generate ./..."
-    - name: Install stringer
-      run: |
-        go install golang.org/x/tools/cmd/stringer@latest
 
-    -
-      id: build_binaries_tagged
-      name: Build binaries (if tagged)
-      if: github.ref_type == 'tag'
-      uses: goreleaser/goreleaser-action@v6
-      with:
-        distribution: goreleaser
-        version: latest
-        args: build
-    -
-      id: build_binaries_not_tagged
-      name: Build binaries (not tagged)
-      if: github.ref_type != 'tag'
-      uses: goreleaser/goreleaser-action@v6
-      with:
-        args: build --snapshot
+# integration-test-providers: Determine which providers have a _DOMAIN variable set.
+# That variable enables testing for the provider.  The results are
+# stored in a JSON blob stashed in # needs.integration-test-providers.outputs.integration_test_providers
+# where integration-tests can pick it up.
   integration-test-providers:
-    needs: build
+    #needs: build
     runs-on: ubuntu-latest
     outputs:
       integration_test_providers: ${{ steps.get_integration_test_providers.outputs.integration_test_providers }}
@@ -92,6 +56,9 @@ jobs:
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
+
+# integration-tests: Run the integration tests on any provider listed
+# in needs.integration-test-providers.outputs.integration_test_providers.
   integration-tests:
     if: github.ref != 'refs/heads/master' && github.ref != 'refs/heads/main'
     runs-on: ubuntu-latest
@@ -150,7 +117,7 @@ jobs:
       CNR_UID: ${{ secrets.CNR_UID }}
       CNR_PW: ${{ secrets.CNR_PW }}
       CNR_ENTITY: ${{ secrets.CNR_ENTITY }}
-      #      
+      #
       DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
       #
       GANDI_V5_APIKEY: ${{ secrets.GANDI_V5_APIKEY }}
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index 225015d885..548d3d9cc6 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -1,10 +1,11 @@
+name: "Release: Make release candidate"
+
 on:
   push:
     tags:
     - v[0-9]+.[0-9]+.[0-9]+
     - v[0-9]+.[0-9]+.[0-9]+-*
 
-name: "Release: Make release candidate"
 jobs:
   draft_release:
     name: draft release
@@ -49,6 +50,7 @@ jobs:
       run: |
         go install golang.org/x/tools/cmd/stringer@latest
 
+# use GoReleaser to build for all platforms.
     -
       id: release
       name: Goreleaser release

From a34102206879fc06cf0d85add6c30246048a554b Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 18 Dec 2024 20:34:52 -0500
Subject: [PATCH 425/438] BUGFIX: IGNORE() deletes ignored records on ByZone()
 platforms (#3263)

---
 integrationTest/integration_test.go           | 318 +++++++++++++++++-
 pkg/diff2/diff2.go                            |  47 ++-
 providers/autodns/autoDnsProvider.go          |   6 +-
 providers/bind/bindProvider.go                |   8 +-
 .../mythicbeasts/mythicbeastsProvider.go      |   5 +-
 .../realtimeregisterProvider.go               |   7 +-
 providers/sakuracloud/records.go              |   7 +-
 7 files changed, 358 insertions(+), 40 deletions(-)

diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 5bb42e15c7..8272b95f3e 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -2093,6 +2093,7 @@ func makeTests() []*TestGroup {
 				a("bar", "5.5.5.5"),
 				cname("mail", "ghs.googlehosted.com."),
 			),
+
 			tc("ignore label",
 				// NB(tlim): This ignores 1 record of a recordSet. This should
 				// fail for diff2.ByRecordSet() providers if diff2 is not
@@ -2104,6 +2105,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("foo", "", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore label,type",
 				//a("foo", "1.2.3.4"),
 				//a("foo", "2.3.4.5"),
@@ -2112,6 +2121,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("foo", "A", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore label,type,target",
 				//a("foo", "1.2.3.4"),
 				a("foo", "2.3.4.5"),
@@ -2120,6 +2137,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("foo", "A", "1.2.3.4"),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore type",
 				//a("foo", "1.2.3.4"),
 				//a("foo", "2.3.4.5"),
@@ -2128,6 +2153,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore type,target",
 				a("foo", "1.2.3.4"),
 				//a("foo", "2.3.4.5"),
@@ -2136,6 +2169,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A", "2.3.4.5"),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore target",
 				a("foo", "1.2.3.4"),
 				//a("foo", "2.3.4.5"),
@@ -2144,7 +2185,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "", "2.3.4.5"),
 			).ExpectNoChanges(),
-			//
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			// Many types:
 			tc("ignore manytypes",
 				//a("foo", "1.2.3.4"),
@@ -2154,7 +2202,14 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A,TXT", ""),
 			).ExpectNoChanges(),
-			//
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			// Target with wildcard:
 			tc("ignore label,type,target=*",
 				a("foo", "1.2.3.4"),
@@ -2164,6 +2219,13 @@ func makeTests() []*TestGroup {
 				//cname("mail", "ghs.googlehosted.com."),
 				ignore("", "CNAME", "*.googlehosted.com."),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.2.3.4"),
+				a("foo", "2.3.4.5"),
+				txt("foo", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
 		),
 
 		// Same as "main" but with an apex ("@") record.
@@ -2175,7 +2237,8 @@ func makeTests() []*TestGroup {
 				a("bar", "5.5.5.5"),
 				cname("mail", "ghs.googlehosted.com."),
 			),
-			tc("ignore label",
+
+			tc("apex label",
 				// NB(tlim): This ignores 1 record of a recordSet. This should
 				// fail for diff2.ByRecordSet() providers if diff2 is not
 				// implemented correctly.
@@ -2190,7 +2253,15 @@ func makeTests() []*TestGroup {
 				// that providers injects into zones are treated like input
 				// from dnsconfig.js.
 			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignore label,type",
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
+			tc("apex label,type",
 				//a("@", "1.2.3.4"),
 				//a("@", "2.3.4.5"),
 				txt("@", "simple"),
@@ -2198,7 +2269,15 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("@", "A", ""),
 			).ExpectNoChanges(),
-			tc("ignore label,type,target",
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
+			tc("apex label,type,target",
 				//a("@", "1.2.3.4"),
 				a("@", "2.3.4.5"),
 				txt("@", "simple"),
@@ -2209,7 +2288,15 @@ func makeTests() []*TestGroup {
 				// that providers injects into zones are treated like input
 				// from dnsconfig.js.
 			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignore type",
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
+			tc("apex type",
 				//a("@", "1.2.3.4"),
 				//a("@", "2.3.4.5"),
 				txt("@", "simple"),
@@ -2217,7 +2304,15 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A", ""),
 			).ExpectNoChanges(),
-			tc("ignore type,target",
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
+			tc("apex type,target",
 				a("@", "1.2.3.4"),
 				//a("@", "2.3.4.5"),
 				txt("@", "simple"),
@@ -2225,7 +2320,15 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A", "2.3.4.5"),
 			).ExpectNoChanges(),
-			tc("ignore target",
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
+			tc("apex target",
 				a("@", "1.2.3.4"),
 				//a("@", "2.3.4.5"),
 				txt("@", "simple"),
@@ -2233,8 +2336,16 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "", "2.3.4.5"),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			// Many types:
-			tc("ignore manytypes",
+			tc("apex manytypes",
 				//a("@", "1.2.3.4"),
 				//a("@", "2.3.4.5"),
 				//txt("@", "simple"),
@@ -2242,31 +2353,52 @@ func makeTests() []*TestGroup {
 				cname("mail", "ghs.googlehosted.com."),
 				ignore("", "A,TXT", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("@", "1.2.3.4"),
+				a("@", "2.3.4.5"),
+				txt("@", "simple"),
+				a("bar", "5.5.5.5"),
+				cname("mail", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
 		),
 
 		// IGNORE with unsafe notation
 
-		testgroup("IGNORE cross",
+		testgroup("IGNORE unsafe",
 			tc("Create some records",
 				txt("foo", "simple"),
 				a("foo", "1.2.3.4"),
 				txt("@", "asimple"),
 				a("@", "2.2.2.2"),
 			),
-			tc("ignore label=apex",
+
+			tc("ignore unsafe apex",
 				txt("foo", "simple"),
 				a("foo", "1.2.3.4"),
 				txt("@", "asimple"),
 				a("@", "2.2.2.2"),
-				ignore("foo", "TXT", ""),
+				ignore("@", "", ""),
 			).ExpectNoChanges().UnsafeIgnore(),
-			tc("ignore label=apex",
+			tc("VERIFY PREVIOUS",
 				txt("foo", "simple"),
 				a("foo", "1.2.3.4"),
 				txt("@", "asimple"),
 				a("@", "2.2.2.2"),
-				ignore("@", "TXT", ""),
+			).ExpectNoChanges(),
+
+			tc("ignore unsafe label",
+				txt("foo", "simple"),
+				a("foo", "1.2.3.4"),
+				txt("@", "asimple"),
+				a("@", "2.2.2.2"),
+				ignore("foo", "", ""),
 			).ExpectNoChanges().UnsafeIgnore(),
+			tc("VERIFY PREVIOUS",
+				txt("foo", "simple"),
+				a("foo", "1.2.3.4"),
+				txt("@", "asimple"),
+				a("@", "2.2.2.2"),
+			).ExpectNoChanges(),
 		),
 
 		// IGNORE with wildcards
@@ -2279,6 +2411,7 @@ func makeTests() []*TestGroup {
 				a("bar.bat", "5.5.5.5"),
 				cname("mail.bat", "ghs.googlehosted.com."),
 			),
+
 			tc("ignore label=foo.*",
 				//a("foo.bat", "1.2.3.4"),
 				//a("foo.bat", "2.3.4.5"),
@@ -2287,6 +2420,14 @@ func makeTests() []*TestGroup {
 				cname("mail.bat", "ghs.googlehosted.com."),
 				ignore("foo.*", "", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo.bat", "1.2.3.4"),
+				a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore label=foo.bat,type",
 				//a("foo.bat", "1.2.3.4"),
 				//a("foo.bat", "2.3.4.5"),
@@ -2295,6 +2436,14 @@ func makeTests() []*TestGroup {
 				cname("mail.bat", "ghs.googlehosted.com."),
 				ignore("*.bat", "A", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo.bat", "1.2.3.4"),
+				a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+
 			tc("ignore target=*.domain",
 				a("foo.bat", "1.2.3.4"),
 				a("foo.bat", "2.3.4.5"),
@@ -2303,6 +2452,119 @@ func makeTests() []*TestGroup {
 				//cname("mail.bat", "ghs.googlehosted.com."),
 				ignore("", "", "*.googlehosted.com."),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("foo.bat", "1.2.3.4"),
+				a("foo.bat", "2.3.4.5"),
+				txt("foo.bat", "simple"),
+				a("bar.bat", "5.5.5.5"),
+				cname("mail.bat", "ghs.googlehosted.com."),
+			).ExpectNoChanges(),
+		),
+
+		// IGNORE with changes
+		testgroup("IGNORE with modify",
+			tc("Create some records",
+				a("foo", "1.1.1.1"),
+				a("foo", "10.10.10.10"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			),
+
+			// ByZone: Change (anywhere)
+			tc("IGNORE change ByZone",
+				ignore("zzz", "A", ""),
+				a("foo", "1.1.1.1"),
+				a("foo", "11.11.11.11"), // CHANGE
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				//a("zzz", "3.3.3.3"),
+				//a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.1.1.1"),
+				a("foo", "11.11.11.11"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			).ExpectNoChanges(),
+
+			// ByLabel: Change within a (name) while we ignore the rest
+			tc("IGNORE change ByLabel",
+				ignore("foo", "MX", ""),
+				a("foo", "1.1.1.1"),
+				a("foo", "12.12.12.12"), // CHANGE
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				//mx("foo", 10, "aspmx.l.google.com."),
+				//mx("foo", 20, "alt1.aspmx.l.google.com"),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.1.1.1"),
+				a("foo", "12.12.12.12"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			).ExpectNoChanges(),
+
+			// ByRecordSet: Change within a (name+type) while we ignore the rest
+			tc("IGNORE change ByRecordSet",
+				ignore("foo", "MX,AAAA", ""),
+				a("foo", "1.1.1.1"),
+				a("foo", "13.13.13.13"), // CHANGE
+				//aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				//mx("foo", 10, "aspmx.l.google.com."),
+				//mx("foo", 20, "alt1.aspmx.l.google.com"),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.1.1.1"),
+				a("foo", "13.13.13.13"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			).ExpectNoChanges(),
+
+			// Change within a (name+type+data) ("ByRecord")
+			tc("IGNORE change ByRecord",
+				ignore("foo", "A", "1.1.1.1"),
+				//a("foo", "1.1.1.1"),
+				a("foo", "14.14.14.14"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			),
+			tc("VERIFY PREVIOUS",
+				a("foo", "1.1.1.1"),
+				a("foo", "14.14.14.14"),
+				aaaa("foo", "2003:dd:d7ff::fe71:aaaa"),
+				mx("foo", 10, "aspmx.l.google.com."),
+				mx("foo", 20, "alt1.aspmx.l.google.com."),
+				a("zzz", "3.3.3.3"),
+				a("zzz", "4.4.4.4"),
+				aaaa("zzz", "2003:dd:d7ff::fe71:cccc"),
+			).ExpectNoChanges(),
 		),
 
 		// IGNORE repro bug reports
@@ -2316,6 +2578,10 @@ func makeTests() []*TestGroup {
 			tc("Add a new record - ignoring test.foo.com.",
 				ignoreTarget("**.acm-validations.aws.", "CNAME"),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				cname("foo", "redact1.acm-validations.aws."),
+				cname("bar", "redact2.acm-validations.aws."),
+			).ExpectNoChanges(),
 		),
 
 		// https://github.com/StackExchange/dnscontrol/issues/2822
@@ -2338,6 +2604,12 @@ func makeTests() []*TestGroup {
 				ignore("dyndns-city1", "A,AAAA", ""),
 				ignore("dyndns-city2", "A,AAAA", ""),
 			).ExpectNoChanges().UnsafeIgnore(),
+			tc("VERIFY PREVIOUS",
+				a("dyndns-city1", "91.42.1.1"),
+				a("dyndns-city2", "91.42.1.2"),
+				aaaa("dyndns-city1", "2003:dd:d7ff::fe71:ce77"),
+				aaaa("dyndns-city2", "2003:dd:d7ff::fe71:ce78"),
+			).ExpectNoChanges(),
 		),
 
 		// https://github.com/StackExchange/dnscontrol/issues/3227
@@ -2351,11 +2623,29 @@ func makeTests() []*TestGroup {
 				a("testdefined", "9.9.9.9"),
 				ignore("testignore", "", ""),
 			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("testignore", "8.8.8.8"),
+				a("testdefined", "9.9.9.9"),
+			).ExpectNoChanges(),
+
+			tc("Verify nothing changed",
+				a("testignore", "8.8.8.8"),
+				a("testdefined", "9.9.9.9"),
+			).ExpectNoChanges(),
+			tc("VERIFY PREVIOUS",
+				a("testignore", "8.8.8.8"),
+				a("testdefined", "9.9.9.9"),
+			).ExpectNoChanges(),
+
 			tc("ignore with change",
 				//a("testignore", "8.8.8.8"),
 				a("testdefined", "2.2.2.2"),
 				ignore("testignore", "", ""),
 			),
+			tc("VERIFY PREVIOUS",
+				a("testignore", "8.8.8.8"),
+				a("testdefined", "2.2.2.2"),
+			).ExpectNoChanges(),
 		),
 
 		// OVH features
diff --git a/pkg/diff2/diff2.go b/pkg/diff2/diff2.go
index ddfb7b6500..4c94adddaa 100644
--- a/pkg/diff2/diff2.go
+++ b/pkg/diff2/diff2.go
@@ -195,29 +195,47 @@ func ByRecord(existing models.Records, dc *models.DomainConfig, compFunc Compara
 //
 // Example usage:
 //
-//	msgs, changes, err := diff2.ByZone(foundRecords, dc, nil)
+//	result, err := diff2.ByZone(foundRecords, dc, nil)
 //	if err != nil {
 //	  return nil, err
 //	}
 //	if changes {
 //		// Generate a "correction" that uploads the entire zone.
-//		// (dc.Records are the new records for the zone).
+//		// (result.DesiredPlus are the new records for the zone).
 //	}
 //
 // Example providers include: BIND, AUTODNS
-func ByZone(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) ([]string, bool, int, error) {
-	// Only return the messages.  The caller has the list of records needed to build the new zone.
-	instructions, actualChangeCount, err := byHelper(analyzeByRecord, existing, dc, compFunc)
-	return justMsgs(instructions), actualChangeCount > 0, actualChangeCount, err
+func ByZone(existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ByResults, error) {
+	// Only return the messages and a list of records needed to build the new zone.
+	result, err := byHelperStruct(analyzeByRecord, existing, dc, compFunc)
+	result.Msgs = justMsgs(result.Instructions)
+	return result, err
 }
 
-//
+// ByResults is the results of ByZone() and perhaps someday all the By*() functions.
+// It is partially populated by // byHelperStruct() and partially by the By*()
+// functions that use it.
+type ByResults struct {
+	// Fields filled in by byHelperStruct():
+	Instructions      ChangeList     // Instructions to turn existing into desired.
+	ActualChangeCount int            // Number of actual changes, not including REPORTs.
+	HasChanges        bool           // True if there are any changes.
+	DesiredPlus       models.Records // Desired + foreign + ignored
+	// Fields filled in by ByZone():
+	Msgs []string // Just the messages from the instructions.
+}
 
-// byHelper does 90% of the work for the By*() calls.
+// byHelper is like byHelperStruct but has a signature that is compatible with legacy code.
+// Deprecated: Use byHelperStruct instead.
 func byHelper(fn func(cc *CompareConfig) (ChangeList, int), existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ChangeList, int, error) {
+	result, err := byHelperStruct(fn, existing, dc, compFunc)
+	return result.Instructions, result.ActualChangeCount, err
+}
 
+// byHelperStruct does 90% of the work for the By*() calls.
+func byHelperStruct(fn func(cc *CompareConfig) (ChangeList, int), existing models.Records, dc *models.DomainConfig, compFunc ComparableFunc) (ByResults, error) {
 	// Process NO_PURGE/ENSURE_ABSENT and IGNORE*().
-	desired, msgs, err := handsoff(
+	desiredPlus, msgs, err := handsoff(
 		dc.Name,
 		existing, dc.Records, dc.EnsureAbsent,
 		dc.Unmanaged,
@@ -225,11 +243,11 @@ func byHelper(fn func(cc *CompareConfig) (ChangeList, int), existing models.Reco
 		dc.KeepUnknown,
 	)
 	if err != nil {
-		return nil, 0, err
+		return ByResults{}, err
 	}
 
 	// Regroup existing/desiredd for easy comparison:
-	cc := NewCompareConfig(dc.Name, existing, desired, compFunc)
+	cc := NewCompareConfig(dc.Name, existing, desiredPlus, compFunc)
 
 	// Analyze and generate the instructions:
 	instructions, actualChangeCount := fn(cc)
@@ -245,5 +263,10 @@ func byHelper(fn func(cc *CompareConfig) (ChangeList, int), existing models.Reco
 		instructions = append([]Change{chg}, instructions...)
 	}
 
-	return instructions, actualChangeCount, nil
+	return ByResults{
+		Instructions:      instructions,
+		ActualChangeCount: actualChangeCount,
+		HasChanges:        actualChangeCount > 0,
+		DesiredPlus:       desiredPlus,
+	}, nil
 }
diff --git a/providers/autodns/autoDnsProvider.go b/providers/autodns/autoDnsProvider.go
index e0fc8a30c1..87795e0915 100644
--- a/providers/autodns/autoDnsProvider.go
+++ b/providers/autodns/autoDnsProvider.go
@@ -77,16 +77,18 @@ func (api *autoDNSProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, e
 
 	var corrections []*models.Correction
 
-	msgs, changed, actualChangeCount, err := diff2.ByZone(existingRecords, dc, nil)
+	result, err := diff2.ByZone(existingRecords, dc, nil)
 	if err != nil {
 		return nil, 0, err
 	}
+	msgs, changed, actualChangeCount := result.Msgs, result.HasChanges, result.ActualChangeCount
+
 	if changed {
 
 		msgs = append(msgs, "Zone update for "+domain)
 		msg := strings.Join(msgs, "\n")
 
-		nameServers, zoneTTL, resourceRecords := recordsToNative(dc.Records)
+		nameServers, zoneTTL, resourceRecords := recordsToNative(result.DesiredPlus)
 
 		corrections = append(corrections,
 			&models.Correction{
diff --git a/providers/bind/bindProvider.go b/providers/bind/bindProvider.go
index 68b83b4265..0c853f95bd 100644
--- a/providers/bind/bindProvider.go
+++ b/providers/bind/bindProvider.go
@@ -211,7 +211,7 @@ func ParseZoneContents(content string, zoneName string, zonefileName string) (mo
 	return foundRecords, nil
 }
 
-func (n *bindProvider) EnsureZoneExists(_ string) error {
+func (c *bindProvider) EnsureZoneExists(_ string) error {
 	return nil
 }
 
@@ -247,12 +247,12 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 	}
 
 	var msgs []string
-	var err error
 	var actualChangeCount int
-	msgs, changes, actualChangeCount, err = diff2.ByZone(foundRecords, dc, nil)
+	result, err := diff2.ByZone(foundRecords, dc, nil)
 	if err != nil {
 		return nil, 0, err
 	}
+	msgs, changes, actualChangeCount = result.Msgs, result.HasChanges, result.ActualChangeCount
 	if !changes {
 		return nil, 0, nil
 	}
@@ -299,7 +299,7 @@ func (c *bindProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, foundR
 				// Beware that if there are any fake types, then they will
 				// be commented out on write, but we don't reverse that when
 				// reading, so there will be a diff on every invocation.
-				err = prettyzone.WriteZoneFileRC(zf, dc.Records, dc.Name, 0, comments)
+				err = prettyzone.WriteZoneFileRC(zf, result.DesiredPlus, dc.Name, 0, comments)
 
 				if err != nil {
 					return fmt.Errorf("failed WriteZoneFile: %w", err)
diff --git a/providers/mythicbeasts/mythicbeastsProvider.go b/providers/mythicbeasts/mythicbeastsProvider.go
index 517a8ceb01..a386f24500 100644
--- a/providers/mythicbeasts/mythicbeastsProvider.go
+++ b/providers/mythicbeasts/mythicbeastsProvider.go
@@ -115,10 +115,11 @@ func zoneFileToRecords(r io.Reader, origin string) (models.Records, error) {
 
 // GetZoneRecordsCorrections returns a list of corrections that will turn existing records into dc.Records.
 func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig, actual models.Records) ([]*models.Correction, int, error) {
-	msgs, changes, actualChangeCount, err := diff2.ByZone(actual, dc, nil)
+	result, err := diff2.ByZone(actual, dc, nil)
 	if err != nil {
 		return nil, 0, err
 	}
+	msgs, changes, actualChangeCount := result.Msgs, result.HasChanges, result.ActualChangeCount
 
 	var corrections []*models.Correction
 	if changes {
@@ -127,7 +128,7 @@ func (n *mythicBeastsProvider) GetZoneRecordsCorrections(dc *models.DomainConfig
 				Msg: strings.Join(msgs, "\n"),
 				F: func() error {
 					var b strings.Builder
-					for _, record := range dc.Records {
+					for _, record := range result.DesiredPlus {
 						switch rr := record.ToRR().(type) {
 						case *dns.SSHFP:
 							// "Hex strings [for SSHFP] must be in lower-case", per Mythic Beasts API docs.
diff --git a/providers/realtimeregister/realtimeregisterProvider.go b/providers/realtimeregister/realtimeregisterProvider.go
index fb433fa313..47d9a4c4d4 100644
--- a/providers/realtimeregister/realtimeregisterProvider.go
+++ b/providers/realtimeregister/realtimeregisterProvider.go
@@ -107,10 +107,11 @@ func (api *realtimeregisterAPI) GetZoneRecords(domain string, meta map[string]st
 }
 
 func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfig, existing models.Records) ([]*models.Correction, int, error) {
-	msgs, changes, actualChangeCount, err := diff2.ByZone(existing, dc, nil)
+	result, err := diff2.ByZone(existing, dc, nil)
 	if err != nil {
 		return nil, 0, err
 	}
+	msgs, changes, actualChangeCount := result.Msgs, result.HasChanges, result.ActualChangeCount
 
 	var corrections []*models.Correction
 
@@ -149,8 +150,8 @@ func (api *realtimeregisterAPI) GetZoneRecordsCorrections(dc *models.DomainConfi
 			&models.Correction{
 				Msg: strings.Join(msgs, "\n"),
 				F: func() error {
-					records := make([]Record, len(dc.Records))
-					for i, r := range dc.Records {
+					records := make([]Record, len(result.DesiredPlus))
+					for i, r := range result.DesiredPlus {
 						records[i] = toRecord(r)
 					}
 					zone := &Zone{Records: records, Dnssec: dnssec}
diff --git a/providers/sakuracloud/records.go b/providers/sakuracloud/records.go
index 126fb34e32..d29c642b75 100644
--- a/providers/sakuracloud/records.go
+++ b/providers/sakuracloud/records.go
@@ -65,10 +65,11 @@ func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		}
 	}
 
-	msgs, changes, actualChangeCount, err := diff2.ByZone(existing, dc, nil)
+	result, err := diff2.ByZone(existing, dc, nil)
 	if err != nil {
 		return nil, 0, err
 	}
+	msgs, changes, actualChangeCount := result.Msgs, result.HasChanges, result.ActualChangeCount
 	if !changes {
 		return nil, actualChangeCount, nil
 	}
@@ -78,8 +79,8 @@ func (s *sakuracloudProvider) GetZoneRecordsCorrections(dc *models.DomainConfig,
 		&models.Correction{
 			Msg: msg,
 			F: func() error {
-				drs := make([]domainRecord, 0, len(dc.Records))
-				for _, rc := range dc.Records {
+				drs := make([]domainRecord, 0, len(result.DesiredPlus))
+				for _, rc := range result.DesiredPlus {
 					drs = append(drs, toNative(rc))
 				}
 				return s.api.UpdateZone(dc.Name, drs)

From 35ac9a964e1606fce03ce583cbd22ba7ab7d5f01 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 19 Dec 2024 10:29:50 -0500
Subject: [PATCH 426/438] DOCS: Add dep updates steps to rel-eng (#3265)

---
 documentation/release-engineering.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/documentation/release-engineering.md b/documentation/release-engineering.md
index e021fce1d7..c06bbd8dd2 100644
--- a/documentation/release-engineering.md
+++ b/documentation/release-engineering.md
@@ -7,10 +7,19 @@ GitHub Actions (GHA) will do most of the work for you. You will need to edit the
 Please change the version number as appropriate.  Substitute (for example)
 `v4.2.0` any place you see `$VERSION` in this doc.
 
+## Step 0. Update dependencies
+
+```shell
+git checkout -b update_deps
+go install github.com/oligot/go-mod-upgrade@latest
+go-mod-upgrade
+go mod tidy
+git commit -a -m "CHORE: Update dependencies"
+```
+
 ## Step 1. Rebuild generated files
 
 ```shell
-export VERSION=v4.x.0
 git checkout main
 git pull
 go fmt ./...

From 1ffd38face05d39d448269e10b7875146cc7dc15 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 19 Dec 2024 11:06:08 -0500
Subject: [PATCH 427/438] CHORE: Update dependencies (#3266)

---
 go.mod | 3 ++-
 go.sum | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index cb3f53f88f..48e97bd3de 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,8 @@ retract v4.8.0
 
 require google.golang.org/protobuf v1.35.2 // indirect
 
+require golang.org/x/net v0.33.0
+
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0
@@ -50,7 +52,6 @@ require (
 	github.com/urfave/cli/v2 v2.27.5
 	github.com/xddxdd/ottoext v0.0.0-20221109171055-210517fa4419
 	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/net v0.32.0
 	golang.org/x/oauth2 v0.24.0
 	google.golang.org/api v0.212.0
 	gopkg.in/ns1/ns1-go.v2 v2.13.0
diff --git a/go.sum b/go.sum
index dfe4fd814f..baeed00588 100644
--- a/go.sum
+++ b/go.sum
@@ -492,8 +492,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
-golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=

From 71539d40cf135874c84439269c259d6f2ed4736d Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 19 Dec 2024 17:09:59 +0100
Subject: [PATCH 428/438] DOCS: Shoutrrr added list of notification services
 (#3242)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/notifications.md | 86 ++++++++++++++++++++--------------
 1 file changed, 51 insertions(+), 35 deletions(-)

diff --git a/documentation/notifications.md b/documentation/notifications.md
index 3d49959182..cef59b33bb 100644
--- a/documentation/notifications.md
+++ b/documentation/notifications.md
@@ -1,27 +1,22 @@
 # Notifications
 
-DNSControl has build in support for notifications when changes are made. This allows you to post messages in team chat, or send emails when dns changes are made.
-
-Notifications are written in the [notifications package](https://github.com/StackExchange/dnscontrol/tree/main/pkg/notifications), and is a really simple interface to implement if you want to add
-new types or destinations.
+DNSControl's "notifications" feature will log `push` changes to other services in real time. Typically this is used to automatically announce DNS changes in a team chatroom.  The functionality is implemented using the open source [Shoutrrr](https://github.com/containrrr/shoutrrr) library, which knows how to communicate to many different systems.  Some additional services are provided natively, see the [notifications package](https://github.com/StackExchange/dnscontrol/tree/main/pkg/notifications).
 
 ## Configuration
 
-Notifications are set up in your credentials JSON file. They will use the `notifications` key to look for keys or configuration needed for various notification types.
+Notifications are configured in the `creds.json` file, since they often contain API keys or other secrets. The `notifications` key lists the notification service and options.
 
 {% code title="creds.json" %}
 ```json
-  "r53": {
-      ...
-    },
-  "gcloud": {
-        ...
-  } ,
+{
+  "r53": {},
+  "gcloud": {},
   "notifications": {
-      "slack_url": "https://api.slack.com/apps/0XXX0X0XX0/incoming-webhooks",
-      "teams_url": "https://outlook.office.com/webhook/00000000-0000-0000-0000-000000000000@00000000-0000-0000-0000-000000000000/IncomingWebhook/00000000000000000000000000000000/00000000-0000-0000-0000-000000000000",
-      "shoutrrr_url": "discover://token@id"
+    "slack_url": "https://api.slack.com/apps/0XXX0X0XX0/incoming-webhooks",
+    "teams_url": "https://outlook.office.com/webhook/00000000-0000-0000-0000-000000000000@00000000-0000-0000-0000-000000000000/IncomingWebhook/00000000000000000000000000000000/00000000-0000-0000-0000-000000000000",
+    "shoutrrr_url": "discover://token@id"
   }
+}
 ```
 {% endcode %}
 
@@ -67,25 +62,62 @@ dnscontrol push --notify
 Successfully ran correction for **example.com[my_provider]** - CREATE foo.example.com A 1.2.3.4 ttl=86400
 ```
 
-## Notification types
+## Notification services
+
+### Shoutrrr
+
+DNSControl supports various notification methods via Shoutrrr, including email (SMTP), Discord, Pushover, and many others. For detailed setup instructions, click on the desired service:
+
+* [Bark](https://containrrr.dev/shoutrrr/latest/services/bark/)
+* [Discord](https://containrrr.dev/shoutrrr/latest/services/discord/)
+* [Email](https://containrrr.dev/shoutrrr/latest/services/email/)
+* [Google Chat](https://containrrr.dev/shoutrrr/latest/services/googlechat/)
+* [Gotify](https://containrrr.dev/shoutrrr/latest/services/gotify/)
+* [IFTTT](https://containrrr.dev/shoutrrr/latest/services/ifttt/)
+* [Join](https://containrrr.dev/shoutrrr/latest/services/join/)
+* [Matrix](https://containrrr.dev/shoutrrr/latest/services/matrix/)
+* [Mattermost](https://containrrr.dev/shoutrrr/latest/services/mattermost/)
+* [Ntfy](https://containrrr.dev/shoutrrr/latest/services/ntfy/)
+* [OpsGenie](https://containrrr.dev/shoutrrr/latest/services/opsgenie/)
+* [Pushbullet](https://containrrr.dev/shoutrrr/latest/services/pushbullet/)
+* [Pushover](https://containrrr.dev/shoutrrr/latest/services/pushover/)
+* [Rocketchat](https://containrrr.dev/shoutrrr/latest/services/rocketchat/)
+* [Slack](https://containrrr.dev/shoutrrr/latest/services/slack/)
+* [Teams](https://containrrr.dev/shoutrrr/latest/services/teams/)
+* [Telegram](https://containrrr.dev/shoutrrr/latest/services/telegram/)
+* [Zulip Chat](https://containrrr.dev/shoutrrr/latest/services/zulip/)
+
+The above list is accurate as of 2024-Dec. The compete list and all configuration details are in the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/latest/services/overview/).
+
+Configure `shoutrrr_url` with the Shoutrrr URL to be notified.
+
+{% code title="creds.json" %}
+```json
+{
+  "notifications": {
+    "shoutrrr_url": "discover://token@id"
+  }
+}
+```
+{% endcode %}
 
 ### Slack/Mattermost
 
-If you want to use the Slack integration, you need to create a webhook in Slack.
-Please see the [Slack documentation](https://api.slack.com/messaging/webhooks) or the [Mattermost documentation](https://developers.mattermost.com/integrate/webhooks/incoming/)
+To use the Slack integration, you need to create a webhook in Slack.
+Please see the [Slack documentation](https://api.slack.com/messaging/webhooks) or the [Mattermost documentation](https://docs.mattermost.com/developer/webhooks-incoming.html)
 
 Configure `slack_url` to this webhook. Mattermost works as well, as they share the same api,
 
 ### Microsoft Teams
 
-If you want to use the Teams integration, you need to create a webhook in Teams.
+To use the Teams integration, you need to create a webhook in Teams.
 Please see the [Teams documentation](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook#add-an-incoming-webhook-to-a-teams-channel)
 
 Configure `teams_url` to this webhook.
 
 ### Telegram
 
-If you want to use the [Telegram](https://telegram.org/) integration, you need to create a Telegram bot and obtain a Bot Token, as well as a Chat ID. Get a Bot Token by contacting [@BotFather](https://telegram.me/botfather), and a Chat ID by contacting [@myidbot](https://telegram.me/myidbot).
+To use the [Telegram](https://telegram.org/) integration, you need to create a Telegram bot and obtain a Bot Token, as well as a Chat ID. Get a Bot Token by contacting [@BotFather](https://telegram.me/botfather), and a Chat ID by contacting [@myidbot](https://telegram.me/myidbot).
 
 Configure `telegram_bot_token` and `telegram_chat_id` to these values.
 
@@ -94,19 +126,3 @@ Configure `telegram_bot_token` and `telegram_chat_id` to these values.
 This is Stack Overflow's built in chat system. This is probably not useful for most people.
 
 Configure `bonfire_url` to be the full url including room and api key.
-
-### Shoutrrr (email, Discord, Pushover, etc.)
-
-DNSControl can use many other notification methods via Shoutrrr, such as email (SMTP), Discord, Pushover and others. See the [Shoutrrr documentation](https://containrrr.dev/shoutrrr/latest/services/overview/) for a list of supported methods and configuration instructions.
-
-Configure `shoutrrr_url` with the Shoutrrr URL to be notified.
-
-## Future work
-
-Yes, this seems pretty limited right now in what it can do. We didn't want to add a bunch of notification types if nobody was going to use them. The good news is, it should
-be really simple to add more. We gladly welcome any PRs with new notification destinations. Some easy possibilities:
-
-- Email
-- Generic Webhooks
-
-Please update this documentation if you add anything.

From 876451b3468c9fb22b8933fbe32e3fff9c7ec201 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Wed, 18 Dec 2024 16:04:40 -0500
Subject: [PATCH 429/438] empty


From 76bbdc191a058724735a429818dcf7f5a656edb0 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 19 Dec 2024 11:37:09 -0500
Subject: [PATCH 430/438] GANDI_V5: Increase error verbosity (#3267)

---
 providers/gandiv5/gandi_v5Provider.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/providers/gandiv5/gandi_v5Provider.go b/providers/gandiv5/gandi_v5Provider.go
index 8baa5a96a4..4220e6f5cb 100644
--- a/providers/gandiv5/gandi_v5Provider.go
+++ b/providers/gandiv5/gandi_v5Provider.go
@@ -244,7 +244,7 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 						F: func() error {
 							res, err := g.CreateDomainRecord(domain, shortname, rtype, ttl, values)
 							if err != nil {
-								return fmt.Errorf("%+v: %w", res, err)
+								return fmt.Errorf("%+v ret=%03d: %w", res, res.Code, err)
 							}
 							return nil
 						},
@@ -263,7 +263,7 @@ func (client *gandiv5Provider) GetZoneRecordsCorrections(dc *models.DomainConfig
 					F: func() error {
 						res, err := g.UpdateDomainRecordsByName(domain, shortname, ns)
 						if err != nil {
-							return fmt.Errorf("%+v: %w", res, err)
+							return fmt.Errorf("%+v ret=%03d: %w", res, res.Code, err)
 						}
 						return nil
 					},

From 1a1e592a5d6c289cbe96f0c78f7cf11e9d6a3003 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Thu, 19 Dec 2024 13:18:58 -0500
Subject: [PATCH 431/438] DOC: NEW: How to test a branch (#3264)

Co-authored-by: Jeffrey Cafferata <jeffrey@jcid.nl>
---
 documentation/SUMMARY.md       |  1 +
 documentation/test-a-branch.md | 65 ++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 documentation/test-a-branch.md

diff --git a/documentation/SUMMARY.md b/documentation/SUMMARY.md
index 55c8babf4f..a65e5b34eb 100644
--- a/documentation/SUMMARY.md
+++ b/documentation/SUMMARY.md
@@ -186,6 +186,7 @@
 * [Writing new DNS providers](writing-providers.md)
 * [Creating new DNS Resource Types (rtypes)](adding-new-rtypes.md)
 * [Integration Tests](integration-tests.md)
+* [Test a branch](test-a-branch.md)
 * [Unit Testing DNS Data](unittests.md)
 * [Bug Triage Process](bug-triage.md)
 * [Bring-Your-Own-Secrets for automated testing](byo-secrets.md)
diff --git a/documentation/test-a-branch.md b/documentation/test-a-branch.md
new file mode 100644
index 0000000000..b14c8d8489
--- /dev/null
+++ b/documentation/test-a-branch.md
@@ -0,0 +1,65 @@
+### Test A Branch
+
+Instructions for testing DNSControl at a particular PR or branch.
+
+## Using Docker
+
+Using Docker assures you're using the latest version of Go and doesn't require you to install anything on your machine, other than Docker!
+
+Assumptions:
+* `/THE/PATH` -- Change this to the full path to where your dnsconfig.js and other files are located.
+* `INSERT_BRANCH_HERE` -- The branch you want to test.  The branch associated with a PR is listed on [https://github.com/StackExchange/dnscontrol/branches](https://github.com/StackExchange/dnscontrol/branches).
+
+```
+docker run -it -v /THE/PATH:/dns golang
+git clone https://github.com/StackExchange/dnscontrol.git
+cd dnscontrol
+git checkout INSERT_BRANCH_HERE
+go install
+
+cd /dns
+dnscontrol preview
+```
+
+If you want to run the integration tests, follow the
+[Integration Tests](https://docs.dnscontrol.org/developer-info/integration-tests) document
+as usual. The directory to be in is `/go/dnscontrol/integrationTest`.
+
+```
+cd /go/dnscontrol/integrationTest
+go test -v -verbose -provider INSERT_PROVIDER_NAME -start 1 -end 3
+```
+
+Change `INSERT_PROVIDER_NAME` to the name of your provider (BIND, ROUTE53, GCLOUD, etc.)
+
+
+## Not using Docker
+
+Assumptions:
+* `/THE/PATH` -- Change this to the full path to where your dnsconfig.js and other files are located.
+* `INSERT_BRANCH_HERE` -- The branch you want to test.  The branch associated with a PR is listed on [https://github.com/StackExchange/dnscontrol/branches](https://github.com/StackExchange/dnscontrol/branches).
+
+Step 1: Install Go
+
+[https://go.dev/dl/](https://go.dev/dl/)
+
+Step 2: Check out the software
+
+```
+git clone https://github.com/StackExchange/dnscontrol.git
+cd dnscontrol
+git checkout INSERT_BRANCH_HERE
+go install
+
+cd /THE/PATH
+dnscontrol preview
+```
+
+Step 3: Clean up
+
+`go install` put the `dnscontrol` program in your `$HOME/bin` directory. You probably want to remove it.
+
+```
+$ rm -i $HOME/bin/dnscontrol
+```
+

From 2f55b6c89d597da6dcc5819f525d10678cc31340 Mon Sep 17 00:00:00 2001
From: Jeffrey Cafferata <jeffrey@jcid.nl>
Date: Thu, 19 Dec 2024 20:12:56 +0100
Subject: [PATCH 432/438] DOCS: How to test a branch (feedback) (#3268)

---
 documentation/test-a-branch.md | 37 ++++++++++++++++------------------
 1 file changed, 17 insertions(+), 20 deletions(-)

diff --git a/documentation/test-a-branch.md b/documentation/test-a-branch.md
index b14c8d8489..cd3f342d7e 100644
--- a/documentation/test-a-branch.md
+++ b/documentation/test-a-branch.md
@@ -2,55 +2,52 @@
 
 Instructions for testing DNSControl at a particular PR or branch.
 
-## Using Docker
-
-Using Docker assures you're using the latest version of Go and doesn't require you to install anything on your machine, other than Docker!
-
 Assumptions:
 * `/THE/PATH` -- Change this to the full path to where your dnsconfig.js and other files are located.
 * `INSERT_BRANCH_HERE` -- The branch you want to test.  The branch associated with a PR is listed on [https://github.com/StackExchange/dnscontrol/branches](https://github.com/StackExchange/dnscontrol/branches).
 
-```
+## Using Docker
+
+Using Docker assures you're using the latest version of Go and doesn't require you to install anything on your machine, other than Docker!
+
+```shell
 docker run -it -v /THE/PATH:/dns golang
-git clone https://github.com/StackExchange/dnscontrol.git
+git clone -b INSERT_BRANCH_HERE --single-branch https://github.com/StackExchange/dnscontrol.git
 cd dnscontrol
-git checkout INSERT_BRANCH_HERE
 go install
+```
 
+```shell
 cd /dns
 dnscontrol preview
 ```
 
 If you want to run the integration tests, follow the
-[Integration Tests](https://docs.dnscontrol.org/developer-info/integration-tests) document
+[Integration Tests](integration-tests.md) document
 as usual. The directory to be in is `/go/dnscontrol/integrationTest`.
 
-```
+```shell
 cd /go/dnscontrol/integrationTest
 go test -v -verbose -provider INSERT_PROVIDER_NAME -start 1 -end 3
 ```
 
-Change `INSERT_PROVIDER_NAME` to the name of your provider (BIND, ROUTE53, GCLOUD, etc.)
-
+Change `INSERT_PROVIDER_NAME` to the name of your provider (`BIND`, `ROUTE53`, `GCLOUD`, etc.)
 
 ## Not using Docker
 
-Assumptions:
-* `/THE/PATH` -- Change this to the full path to where your dnsconfig.js and other files are located.
-* `INSERT_BRANCH_HERE` -- The branch you want to test.  The branch associated with a PR is listed on [https://github.com/StackExchange/dnscontrol/branches](https://github.com/StackExchange/dnscontrol/branches).
-
 Step 1: Install Go
 
 [https://go.dev/dl/](https://go.dev/dl/)
 
 Step 2: Check out the software
 
-```
-git clone https://github.com/StackExchange/dnscontrol.git
+```shell
+git clone -b INSERT_BRANCH_HERE --single-branch https://github.com/StackExchange/dnscontrol.git
 cd dnscontrol
-git checkout INSERT_BRANCH_HERE
 go install
+```
 
+```shell
 cd /THE/PATH
 dnscontrol preview
 ```
@@ -59,7 +56,7 @@ Step 3: Clean up
 
 `go install` put the `dnscontrol` program in your `$HOME/bin` directory. You probably want to remove it.
 
-```
-$ rm -i $HOME/bin/dnscontrol
+```shell
+rm -i $HOME/bin/dnscontrol
 ```
 

From a8990ae1e1e5811ffe1ee12ee90095b69e7f9991 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 27 Dec 2024 14:02:29 -0500
Subject: [PATCH 433/438] NAMEDOTCOM: BUGFIX: TXT records add unneeded quotes
 (#3260)

---
 providers/namedotcom/auditrecords.go | 10 +++----
 providers/namedotcom/records.go      | 25 ++--------------
 providers/namedotcom/records_test.go | 43 ----------------------------
 3 files changed, 7 insertions(+), 71 deletions(-)
 delete mode 100644 providers/namedotcom/records_test.go

diff --git a/providers/namedotcom/auditrecords.go b/providers/namedotcom/auditrecords.go
index 8e7d0f329d..94d8442d25 100644
--- a/providers/namedotcom/auditrecords.go
+++ b/providers/namedotcom/auditrecords.go
@@ -18,13 +18,13 @@ func AuditRecords(records []*models.RecordConfig) []error {
 
 	a.Add("SRV", rejectif.SrvHasNullTarget) // Last verified 2020-12-28
 
-	a.Add("TXT", MaxLengthNDC) // Last verified 2021-03-01
+	a.Add("TXT", MaxLengthNDC) // Last verified 2024-12-17
 
-	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2023-11-18
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2024-12-17
 
-	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2023-11-18
-	// Backslashes may be allowed in the API but the current
-	// encodeTxt/decodeTxt functions don't support backslashes.
+	a.Add("TXT", rejectif.TxtHasTrailingSpace) // Last verified 2024-12-17
+
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2024-12-17
 
 	return a.Audit(records)
 }
diff --git a/providers/namedotcom/records.go b/providers/namedotcom/records.go
index b457ba3793..944f68d272 100644
--- a/providers/namedotcom/records.go
+++ b/providers/namedotcom/records.go
@@ -3,12 +3,10 @@ package namedotcom
 import (
 	"errors"
 	"fmt"
-	"regexp"
 	"strings"
 
 	"github.com/StackExchange/dnscontrol/v4/models"
 	"github.com/StackExchange/dnscontrol/v4/pkg/diff"
-	"github.com/StackExchange/dnscontrol/v4/pkg/txtutil"
 	"github.com/namedotcom/go/namecom"
 )
 
@@ -95,7 +93,7 @@ func toRecord(r *namecom.Record, origin string) *models.RecordConfig {
 	rc.SetLabelFromFQDN(fqdn, origin)
 	switch rtype := r.Type; rtype { // #rtype_variations
 	case "TXT":
-		rc.SetTargetTXTs(decodeTxt(r.Answer))
+		rc.SetTargetTXT(r.Answer)
 	case "MX":
 		if err := rc.SetTargetMX(uint16(r.Priority), r.Answer); err != nil {
 			panic(fmt.Errorf("unparsable MX record received from ndc: %w", err))
@@ -155,7 +153,7 @@ func (n *namedotcomProvider) createRecord(rc *models.RecordConfig, domain string
 	case "A", "AAAA", "ANAME", "CNAME", "MX", "NS":
 	// nothing
 	case "TXT":
-		record.Answer = txtutil.EncodeQuoted(rc.GetTargetTXTJoined())
+		record.Answer = rc.GetTargetTXTJoined()
 	case "SRV":
 		if rc.GetTargetField() == "." {
 			return errors.New("SRV records with empty targets are not supported (as of 2019-11-05, the API returns 'Parameter Value Error - Invalid Srv Format')")
@@ -171,25 +169,6 @@ func (n *namedotcomProvider) createRecord(rc *models.RecordConfig, domain string
 	return err
 }
 
-// finds a string surrounded by quotes that might contain an escaped quote character.
-var quotedStringRegexp = regexp.MustCompile(`"((?:[^"\\]|\\.)*)"`)
-
-// decodeTxt decodes the TXT record as received from name.com and
-// returns the list of strings.
-// NB(tlim): This is very similar to txtutil.ParseQuoted. Maybe replace it some day?
-func decodeTxt(s string) []string {
-
-	if len(s) >= 2 && s[0] == '"' && s[len(s)-1] == '"' {
-		txtStrings := []string{}
-		for _, t := range quotedStringRegexp.FindAllStringSubmatch(s, -1) {
-			txtString := strings.Replace(t[1], `\"`, `"`, -1)
-			txtStrings = append(txtStrings, txtString)
-		}
-		return txtStrings
-	}
-	return []string{s}
-}
-
 func (n *namedotcomProvider) deleteRecord(id int32, domain string) error {
 	request := &namecom.DeleteRecordRequest{
 		DomainName: domain,
diff --git a/providers/namedotcom/records_test.go b/providers/namedotcom/records_test.go
deleted file mode 100644
index 033d1f5435..0000000000
--- a/providers/namedotcom/records_test.go
+++ /dev/null
@@ -1,43 +0,0 @@
-package namedotcom
-
-import (
-	"strings"
-	"testing"
-)
-
-var txtData = []struct {
-	decoded []string
-	encoded string
-}{
-	{[]string{`simple`}, `simple`},
-	{[]string{`changed`}, `changed`},
-	{[]string{`with spaces`}, `with spaces`},
-	{[]string{`with whitespace`}, `with whitespace`},
-	{[]string{"one", "two"}, `"one""two"`},
-	{[]string{"eh", "bee", "cee"}, `"eh""bee""cee"`},
-	{[]string{"o\"ne", "tw\"o"}, `"o\"ne""tw\"o"`},
-	{[]string{"dimple"}, `dimple`},
-	//{[]string{`back\slash`}, `"back\\slash"`}, // Not yet supported
-	//{[]string{`back\\slash`}, `"back\\\\slash"`}, // Not yet supported
-	//{[]string{`back\\\slash`}, `"back\\\\\\slash"`}, // Not yet supported
-	{[]string{"fun", "two"}, `"fun""two"`},
-	{[]string{"eh", "bzz", "cee"}, `"eh""bzz""cee"`},
-}
-
-func TestDecodeTxt(t *testing.T) {
-	// Test decoded a string into the list of strings:
-	for i, test := range txtData {
-		data := test.encoded
-		got := decodeTxt(data)
-		wanted := test.decoded
-		if len(got) != len(wanted) {
-			t.Errorf("%v: txt\n  decode: %v\nexpected: `%v`\n     got: `%v`\n", i, data, strings.Join(wanted, "`, `"), strings.Join(got, "`, `"))
-		} else {
-			for j := range got {
-				if got[j] != wanted[j] {
-					t.Errorf("%v: txt\n  decode: %v\nexpected: `%v`\n     got: `%v`\n", i, data, strings.Join(wanted, "`, `"), strings.Join(got, "`, `"))
-				}
-			}
-		}
-	}
-}

From d0d99267e15f9f07b10d903c2ab256edb16dd0ba Mon Sep 17 00:00:00 2001
From: Max Chernoff <git@maxchernoff.ca>
Date: Fri, 27 Dec 2024 12:59:59 -0700
Subject: [PATCH 434/438] AXFRDDNS: Add support for LOC records (#3269)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 documentation/providers.md             | 2 +-
 providers/axfrddns/axfrddnsProvider.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/documentation/providers.md b/documentation/providers.md
index d0d52d9204..23d9862c18 100644
--- a/documentation/providers.md
+++ b/documentation/providers.md
@@ -16,7 +16,7 @@ If a feature is definitively not supported for whatever reason, we would also li
 | ------------- | ---------------- | ------------ | --------- | -------------------- | ------------------------------------------------------- | --------------------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | --------------------------------------------------- | ------------------------------------------------------- | ----------------------------------------------------- | ----------------------------------------------------- | ------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | --------------------------------------------------------- | --------- | -------------- | --------- |
 | [`AKAMAIEDGEDNS`](provider/akamaiedgedns.md) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | ✅ | ❌ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AUTODNS`](provider/autodns.md) | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ | ❔ | ❔ | ❔ | ❔ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❌ | ❔ | ❔ | ❔ | ❌ | ❌ | ✅ |
-| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
+| [`AXFRDDNS`](provider/axfrddns.md) | ❌ | ✅ | ❌ | ❌ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ❔ | ✅ | ❔ | ❔ | ❌ | ❌ | ❌ |
 | [`AZURE_DNS`](provider/azure_dns.md) | ✅ | ✅ | ❌ | ✅ | ❌ | ✅ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`AZURE_PRIVATE_DNS`](provider/azure_private_dns.md) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❔ | ❔ | ❌ | ❌ | ✅ | ❔ | ✅ | ❌ | ❔ | ❌ | ❔ | ❔ | ❔ | ❔ | ✅ | ✅ | ✅ |
 | [`BIND`](provider/bind.md) | ✅ | ✅ | ❌ | ✅ | ❔ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
diff --git a/providers/axfrddns/axfrddnsProvider.go b/providers/axfrddns/axfrddnsProvider.go
index 5943963458..942b4355fc 100644
--- a/providers/axfrddns/axfrddnsProvider.go
+++ b/providers/axfrddns/axfrddnsProvider.go
@@ -45,7 +45,7 @@ var features = providers.DocumentationNotes{
 	providers.CanUseCAA:              providers.Can(),
 	providers.CanUseDHCID:            providers.Can(),
 	providers.CanUseHTTPS:            providers.Can(),
-	providers.CanUseLOC:              providers.Unimplemented(),
+	providers.CanUseLOC:              providers.Can(),
 	providers.CanUseNAPTR:            providers.Can(),
 	providers.CanUsePTR:              providers.Can(),
 	providers.CanUseSRV:              providers.Can(),

From 6d5bfe952041979bd915830df18c317c25368e72 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Dec 2024 15:00:41 -0500
Subject: [PATCH 435/438] Build(deps): Bump actions/upload-artifact from 4.4.3
 to 4.5.0 (#3270)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_build.yml             | 2 +-
 .github/workflows/pr_integration_tests.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index 6257fca58f..9c5bf2466d 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -53,7 +53,7 @@ jobs:
         gotestsum --junitfile ${TEST_RESULTS}/gotestsum-report.xml -- $PACKAGE_NAMES
 #    - name: Enforce Go Formatted Code
 #      run: "[ `go fmt ./... | wc -l` -eq 0 ]"
-    - uses: actions/upload-artifact@v4.4.3
+    - uses: actions/upload-artifact@v4.5.0
       with:
         name: unit-tests
         path: ${{ env.TEST_RESULTS }}
diff --git a/.github/workflows/pr_integration_tests.yml b/.github/workflows/pr_integration_tests.yml
index 46842cc241..e9889b5dc5 100644
--- a/.github/workflows/pr_integration_tests.yml
+++ b/.github/workflows/pr_integration_tests.yml
@@ -182,7 +182,7 @@ jobs:
           echo "Skip test for ${{ matrix.provider }} provider"
         fi
       working-directory: integrationTest
-    - uses: actions/upload-artifact@v4.4.3
+    - uses: actions/upload-artifact@v4.5.0
       with:
         name: integration-tests-${{ matrix.provider }}
         path: ${{ env.TEST_RESULTS }}

From af9e214175088f52a47d21f87f414a74bbdcecb6 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Sun, 29 Dec 2024 12:53:11 -0500
Subject: [PATCH 436/438] CI/CD: Make titles easier to read (#3274)

---
 .github/workflows/pr_build.yml             | 2 +-
 .github/workflows/pr_integration_tests.yml | 2 +-
 .github/workflows/release_draft.yml        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index 9c5bf2466d..a73bc520b3 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -1,4 +1,4 @@
-name: "PR: Run Unit tests and Build artifacts for all platforms"
+name: "PR: Run UNIT tests and Build artifacts for all platforms"
 
 # When will this pipeline be activated?
 # 1. On any pull-request, or if someone pushes to a branch called
diff --git a/.github/workflows/pr_integration_tests.yml b/.github/workflows/pr_integration_tests.yml
index e9889b5dc5..15bec03e10 100644
--- a/.github/workflows/pr_integration_tests.yml
+++ b/.github/workflows/pr_integration_tests.yml
@@ -1,4 +1,4 @@
-name: "PR: Run integration tests"
+name: "PR: Run INTEGRATION tests"
 
 # When will this pipeline be activated?
 # 1. On any pull-request, or if someone pushes to a branch called
diff --git a/.github/workflows/release_draft.yml b/.github/workflows/release_draft.yml
index 548d3d9cc6..c9a7e94476 100644
--- a/.github/workflows/release_draft.yml
+++ b/.github/workflows/release_draft.yml
@@ -1,4 +1,4 @@
-name: "Release: Make release candidate"
+name: "RELEASE: Make release candidate"
 
 on:
   push:

From fb3adf96de8f934d1bc7995ba4be8230f9d4bed3 Mon Sep 17 00:00:00 2001
From: tomf <tom@tom-fitzhenry.me.uk>
Date: Wed, 1 Jan 2025 03:22:12 +1100
Subject: [PATCH 437/438] MYTHICBEASTS: Add MYTHICBEASTS to automated tests
 (#3277)

---
 .github/workflows/pr_integration_tests.yml | 6 +++++-
 providers/mythicbeasts/auditrecords.go     | 6 ++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr_integration_tests.yml b/.github/workflows/pr_integration_tests.yml
index 15bec03e10..5b67542e5a 100644
--- a/.github/workflows/pr_integration_tests.yml
+++ b/.github/workflows/pr_integration_tests.yml
@@ -52,7 +52,7 @@ jobs:
         Write-Host "Integration test providers: $Providers"
         echo "integration_test_providers=$(ConvertTo-Json -InputObject $Providers -Compress)" >> $env:GITHUB_OUTPUT
       env:
-        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','CNR','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
+        PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','CNR','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','MYTHICBEASTS', 'NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
         ENV_CONTEXT: ${{ toJson(env) }}
         VARS_CONTEXT: ${{ toJson(vars) }}
         SECRETS_CONTEXT: ${{ toJson(secrets) }}
@@ -86,6 +86,7 @@ jobs:
       HEDNS_DOMAIN: ${{ vars.HEDNS_DOMAIN }}
       HEXONET_DOMAIN: ${{ vars.HEXONET_DOMAIN }}
       HUAWEICLOUD_DOMAIN: ${{ vars.HUAWEICLOUD_DOMAIN }}
+      MYTHICBEASTS_DOMAIN: ${{ vars.MYTHICBEASTS_DOMAIN }}
       NAMEDOTCOM_DOMAIN: ${{ vars.NAMEDOTCOM_DOMAIN }}
       NS1_DOMAIN: ${{ vars.NS1_DOMAIN }}
       POWERDNS_DOMAIN: ${{ vars.POWERDNS_DOMAIN }}
@@ -139,6 +140,9 @@ jobs:
       HUAWEICLOUD_KEY_ID: ${{ secrets.HUAWEICLOUD_KEY_ID }}
       HUAWEICLOUD_KEY: ${{ secrets.HUAWEICLOUD_KEY }}
       #
+      MYTHICBEASTS_KEYID: ${{ secrets.MYTHICBEASTS_KEYID }}
+      MYTHICBEASTS_SECRET: ${{ secrets.MYTHICBEASTS_SECRET }}
+      #
       NAMEDOTCOM_KEY: ${{ secrets.NAMEDOTCOM_KEY }}
       NAMEDOTCOM_URL: ${{ secrets.NAMEDOTCOM_URL }}
       NAMEDOTCOM_USER: ${{ secrets.NAMEDOTCOM_USER }}
diff --git a/providers/mythicbeasts/auditrecords.go b/providers/mythicbeasts/auditrecords.go
index 7f7d242cb4..e778b6a5eb 100644
--- a/providers/mythicbeasts/auditrecords.go
+++ b/providers/mythicbeasts/auditrecords.go
@@ -10,6 +10,8 @@ import (
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
 	a := rejectif.Auditor{}
-	a.Add("TXT", rejectif.TxtHasDoubleQuotes)
-	return nil
+	a.Add("TXT", rejectif.TxtHasBackslash) // Last verified 2024-12-29
+	a.Add("TXT", rejectif.TxtHasDoubleQuotes) // Last verified 2024-12-29
+	a.Add("TXT", rejectif.TxtIsEmpty) // Last verified 2024-12-29
+	return a.Audit(records)
 }

From ea5e571bcf298c725841e2a75cb243d9d139bec0 Mon Sep 17 00:00:00 2001
From: tomf <tom@tom-fitzhenry.me.uk>
Date: Thu, 2 Jan 2025 01:25:56 +1100
Subject: [PATCH 438/438] CICD: Update docs/comments after file renames (#3278)

Co-authored-by: Tom Limoncelli <tlimoncelli@stackoverflow.com>
---
 .github/workflows/pr_build.yml             |  2 +-
 .github/workflows/pr_integration_tests.yml |  2 +-
 documentation/byo-secrets.md               | 14 +++++++-------
 documentation/integration-tests.md         |  2 ++
 integrationTest/integration_test.go        |  6 ------
 5 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index a73bc520b3..f6dd863b9c 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -9,7 +9,7 @@ on:
   # Want to trigger all the tests without making a PR?
   # Run: git push origin main:tlim_testpr --force
   # This will trigger a full PR test on the main branch.
-  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
+  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_build.yml?query=branch%3Atlim_testpr
   push:
     branches:
       - 'tlim_testpr'
diff --git a/.github/workflows/pr_integration_tests.yml b/.github/workflows/pr_integration_tests.yml
index 5b67542e5a..733f731ded 100644
--- a/.github/workflows/pr_integration_tests.yml
+++ b/.github/workflows/pr_integration_tests.yml
@@ -9,7 +9,7 @@ on:
   # Want to trigger all the tests without making a PR?
   # Run: git push origin main:tlim_testpr --force
   # This will trigger a full PR test on the main branch.
-  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_test.yml?query=branch%3Atlim_testpr
+  # See https://github.com/StackExchange/dnscontrol/actions/workflows/pr_integration_tests.yml?query=branch%3Atlim_testpr
   push:
     branches:
       - 'tlim_testpr'
diff --git a/documentation/byo-secrets.md b/documentation/byo-secrets.md
index 76c3becd23..add16af3e8 100644
--- a/documentation/byo-secrets.md
+++ b/documentation/byo-secrets.md
@@ -56,13 +56,13 @@ Step 1: Create a branch
 
 Create a branch as you normally would to submit a PR to the project.
 
-Step 2: Update `pr_test.yml`
+Step 2: Update `pr_integration_tests.yml`
 
 {% hint style="info" %}
-Edits to `pr_test.yml` may have already been done for you.
+Edits to `pr_integration_tests.yml` may have already been done for you.
 {% endhint %}
 
-Edit `.github/workflows/pr_test.yml`
+Edit `.github/workflows/pr_integration_tests.yml`
 
 1. Add the provider to the `PROVIDERS` list.
 
@@ -71,7 +71,7 @@ Edit `.github/workflows/pr_test.yml`
 
 The line looks something like:
 
-{% code title=".github/workflows/pr_test.yml" %}
+{% code title=".github/workflows/pr_integration_tests.yml" %}
 ```yaml
       env:
         PROVIDERS: "['AZURE_DNS','BIND','BUNNY_DNS','CLOUDFLAREAPI','CLOUDNS','DIGITALOCEAN','GANDI_V5','GCLOUD','HEDNS','HEXONET','HUAWEICLOUD','INWX','NAMEDOTCOM','NS1','POWERDNS','ROUTE53','SAKURACLOUD','TRANSIP']"
@@ -88,7 +88,7 @@ To find this section, search for `PROVIDER SECRET LIST`.
 
 For example, the entry for BIND looks like:
 
-{% code title=".github/workflows/pr_test.yml" %}
+{% code title=".github/workflows/pr_integration_tests.yml" %}
 ```
         BIND_DOMAIN: ${{ vars.BIND_DOMAIN }}
 ```
@@ -98,13 +98,13 @@ For example, the entry for BIND looks like:
 
 Every provider requires different variables set to perform the integration tests.  The list of such variables is in `integrationTest/providers.json`.
 
-You've already added `*_DOMAIN` to `pr_test.yml`. Now we're going to add the remaining ones.
+You've already added `*_DOMAIN` to `pr_integration_tests.yml`. Now we're going to add the remaining ones.
 
 To find this section, search for `PROVIDER SECRET LIST`.
 
 For example, the entry for CLOUDFLAREAPI looks like this:
 
-{% code title=".github/workflows/pr_test.yml" %}
+{% code title=".github/workflows/pr_integration_tests.yml" %}
 ```
         CLOUDFLAREAPI_ACCOUNTID: ${{ secrets.CLOUDFLAREAPI_ACCOUNTID }}
         CLOUDFLAREAPI_TOKEN: ${{ secrets.CLOUDFLAREAPI_TOKEN }}
diff --git a/documentation/integration-tests.md b/documentation/integration-tests.md
index 9de0291345..14cd604b7e 100644
--- a/documentation/integration-tests.md
+++ b/documentation/integration-tests.md
@@ -47,6 +47,8 @@ go test -v -verbose -provider ROUTE53 -end 5
 go test -v -verbose -provider ROUTE53 -start 16 -end 20
 ```
 
+The `start` and `end` flags are both inclusive (i.e. `-start 16 -end 20` will run `[16, 17, 18, 19, 20]`).
+
 For some providers it may be necessary to increase the test timeout using `-test`. The default is 10 minutes.  `0` is "no limit".  Typical Go durations work too (`1h` for 1 hour, etc).
 
 ```shell
diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index 8272b95f3e..4b7039c999 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1263,12 +1263,6 @@ func makeTests() []*TestGroup {
 			// Vultr syntax-checks TXT records with SPF contents.
 			tc("Create a TXT/SPF", txt("foo", "v=spf1 ip4:99.99.99.99 -all")),
 
-			// Nobody needs this and many APIs don't allow it.
-			tc("TXT with 1 backslash", txt("fooosbs1", `1back\slash`)),
-			tc("TXT with 2 backslash", txt("fooosbs2", `2back\\slash`)),
-			tc("TXT with 3 backslash", txt("fooosbs3", `3back\\\slash`)),
-			tc("TXT with 4 backslash", txt("fooosbs4", `4back\\\\slash`)),
-
 			// Nobody needs this and many APIs don't allow it.
 			//tc("Create TXT with frequently difficult characters", txt("fooex", `!^.*$@#%^&()([][{}{<></:;-_=+\`)),
 		),